4
edits
Changes
no edit summary
===Downloading Download stage3===
We shall do will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of the a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: from http://www.gentoo.org/main/en/mirrors.xmlor directly from http://distfiles. gentoo.org/releases/x86/current-stage3/
---- == Or try to Download 64 bit stage3 == If you experience with 32bit containers you can also try to create Gentoo template with 64bits binary support. Try to download '''64bit''' stage3. For 64bit Gentoo template creation, search for nearest mirrors http://www.gentoo.org/main/en/mirrors.xml or directly from: http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3/ with 32bit binary '''multilib''' support, or http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3/hardened/ (stage3-amd64-hardened+nomultilib-20xxxxxx.tar.bz2) try the hardend profile without multilib support (only 64bit binary support for gentoo template containers!!) Don't forget that hostnode must support 64bit binary too, with or without 32bit multilib support!! Hostnodes that supports multilib can start 64bits containers with 32bits containers but with a '''''slight''''' performance degradation. Don't forget to look for:<pre>ACCEPT_KEYWORDS="amd64" in /etc/make.conf</pre> there you can accept 64bit binary packages support for your containers.<pre>cat /proc/cpuinfo</pre> for 64 bits Intel\AMD CPU instructions set support. '''WARNING''': There is no warrantied that template should work, you can bugtack the errors. But I haven't confronted with problem. ==Create directory directories for the new VPS container and unarchive stage3 there:== <pre>mkdir /vz/root/1001mkdir /vz/private/1001tar -xvjpf /root/stage3-i686-20111213.tar.bz2 -C /vz/private/1001</pre> == Create CT config ==Now you need to create the configuration file for the container, 1001.conf:
<pre>
</pre>
If you get the following error, you need to change the file /etc/vz/vz.conf to "VE_LAYOUT=simfs". Unfortunately, I couldn't find a solution for ploop.
<pre>
# vzctl set 777 1001 --applyconfig vps.basic --saveError in ploop_open_dd (di.c:288): Can't resolve /vz/private/1001/root.hdd/DiskDescriptor.xml: No such file or directoryFailed to read /vz/private/1001/root.hdd/DiskDescriptor.xmlError: failed to apply some parameters, not saving configuration file!
</pre>
== Edit CT Config ==
First, you need to let vzctl know that this CT is using Gentoo:
echo 'OSTEMPLATE="gentoo"' >> /etc/vz/conf/1001.conf
Creation of container at end of this HowTo obeys quota limits and might exceed
those limits set in <code>vps.basic</code> by default (at least encountered with Gentoo
10.1 release). Thus it might be required to increase limits now. The following
values are providing 2 GB soft limit with 2.5 GB hard limit:
DISKSPACE="2.4G:2.5G"
If you use independed Gentoo portage tree for each container, is considered correct in the use of gentoo containers, don't forget to raise inodes number
DISKINODES="400000:420000"
You should also increase the ram to a minimum of 512 MB. Otherwise, you will get errors during compilation. Since vzctl 3.0.30 you can do:
vzctl set 1001 --ram 512M --swap 1G --save
Prior to vzctl 3.0.30 you have to do, which gives you 512 MB guaranteed and 1024 MB burstable:
vzctl set 1001 --vmguarpages 512M --save
vzctl set 1001 --oomguarpages 512M --save
vzctl set 1001 --privvmpages 512M:1024M --save
vzctl set 1001 --swappages 0:1024M --save
Independed Gentoo portage tree for each container would be good idea, because newer portage can delete older ebuilds already installed in container with other dependences.
Otherwise you can't reinstall already installed packages if you bind the newer version of portage in gentoo containers.
After that you copy that configuration file turning it into a sample configuration for later use:
<pre>
</pre>
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>. You will, however, have an error on boot (in <code>/var/log/init.log</code>) that can be safely ignored: <code>* /etc/mtab is not updateable [ !! ]</code>
===Make Replace /etc/mtab a symlink to /proc/mounts.=fstab ==
<pre>
</pre>
== Edit /etc/inittab and /etc/init.d/halt.sh ==
Edit <pre>echo "proc /proc proc defaults 0 0" code> /vz/private/7771001/etc/fstabinittab</precode>We need only /proc to mounted and put a hash mark (#) at the boot time.beginning of the lines containing:
Edit <precode>c?:1235:respawn:/sbinvz/private/1001/etc/init.d/agetty 38400 tty? linuxhalt.sh</precode>and put a hash mark (#) at the beginning of the lines containing:
This prevents <code>getty</code> and login from starting on ttys that do not exist in containers. == Edit /etc/shadow == Edit <code>/vz/private/7771001/etc/shadow, </code> and change root's password in the first line to an exclamation mark (!):
<pre>root:!:10071:0:::::</pre>
This will disable the root login until the password is changed with <code>vzctl set 777 CTID --userpasswd root:password</code>. == Disable unneeded init scripts == The checkroot and consolefont init scripts should not be started inside containers:(NOT! for Gentoo 11.2)<pre>rm /vz/private/1001/etc/runlevels/boot/checkrootrm /vz/private/1001/etc/runlevels/boot/consolefont</pre> Gentoo 11.2 release have an option in '''rc.conf'''just uncoment rc_sys and type "openvz" and it disables init scripts<pre>nano /vz/private/1001/etc/rc.confrc_sys="openvz"</pre> == Edit /sbin/rc == Edit <code>/vz/private/1001/sbin/rc</code> and put a hash mark (#) at the beginning of line 244 (your line number may be different): <pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre> This prevents the container from attempting to mount <code>/sys</code>. To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/1001/etc/make.conf</code>: <pre>CONFIG_PROTECT="/sbin/rc"</pre> '''Gentoo 11.2''' <code>/vz/private/1001/sbin/rc</code> is '''binary''', i just skipped this post == Set up udev == Using udev you will have problems since some devices nodes are not created.For example sshd will fail to start since /dev/random and /dev/urandom are missing.So it's recommended to disable udev.Edit <code>/vz/private/1001/etc/conf.d/rc</code> or <code>/vz/private/1001/etc/conf.d/udev</code> if you using Gentoo 11.2 or future and change the <code>RC_DEVICES</code> line to:<pre>RC_DEVICES="static"</pre>
'''Baselayout 2 and OpenRC:''' <code>/vz/private/1001/etc/conf.d/rc</code> is obsolete (http://www.gentoo.org/doc/en/openrc-migration.xml#doc_chap2_sect2) and <code>/vz/private/1001/etc/rc.conf</code> should be used instead. But, RC_DEVICES is missing in <code>/vz/private/1001/etc/rc.conf</code>?!?
<pre>
</pre>
===Setting up udev=Edit /etc/pam.d/chpasswd ==
<pre>
</pre>
===Testing=Test ==
<pre>
vzctl start 7771001vzctl enter 7771001
</pre>
You can check running services.:
<pre>
</pre>
All services in boot and default runlevels must be started. If everything all right, stop it Enable SSH daemon if required:
<pre>
</pre>
<pre>
</pre>
== Making distfiles and portage tree of the host system available in a container == {{Warning|This step is optional and will result in shared files between containers! These steps can save space on disk but trade isolation and security... consider your options carefully!}} To install software into a container with portage, you should mount <code>/usr/portage</code> into the container with the "bind" option. Do the following on the host after the container is started: <pre>mkdir /vz/root/1001/usr/portagemount -o bind /usr/portage /vz/root/1001/usr/portage</pre> If your <code>/usr/portage/distfiles placed </code> directory resides on the other a different partition than your <code>/usr/portage</code> directory, dothe following:
<pre>
mount -n -o bind /usr/portage/distfiles /vz/root/7771001/usr/portage/distfiles
</pre>
Now, to install a package into VPS a container, you just need to enter there by chroot or the container using <code>vzctl enter </code> andrun
<pre>
</pre>
while you have all the needed files in the <code>/usr/portage/distfiles </code> of host system. For security reasons, you should have these directories mounted only while installing software into a container. {{Note|you have to <code>umount /vz/root/1001/usr/portage/distfiles</code> before trying to stop your container.}} == Dedicated installation of portage == If you decide not to share portage with host as described before, you'll still need a portage installed into your container. Get latest snapshot of portage tree from your favourite mirror (http://www.gentoo.org/main/en/mirrors.xml) and extract it into <code>/vz/private/1001/usr</code>: <pre># wget http://distfiles.gentoo.org/releases/snapshots/current/portage-latest.tar.bz2# tar xjf portage-latest.tar.bz2 -C /vz/private/1001/usr</pre> == Host system portage tree and distfiles in read-only mode == You can safely share portage tree from the host system among all Gentoo VPSs by mounting it in read-only mode and defining dedicated <code>distfiles</code> directory. All files in regular <code>distfiles</code> directory will be also available to guest containers. Create <code>/etc/vz/conf/vps.mount</code> to mount RO portage to all Gentoo guests or <code>/etc/vz/conf/<vps id>.mount</code> to mount portage tree only to particular container: <pre>#!/bin/bashsource /etc/vz/vz.confsource ${VE_CONFFILE}if [ -d /vz/root/$VEID/usr/portage ]; then mount -n --bind -o ro /vz/portage /vz/root/$VEID/usr/portagefi</pre> Make it executable: <pre>chmod u+x /etc/vz/conf/vps.mount</pre> Add the following strings to the <code>/vz/private/1001/etc/make.conf</code>: <pre>PORTAGE_RO_DISTDIRS="/usr/portage/distfiles"DISTDIR="/usr/portage_distfiles"</pre> You should update host-node portage tree on regular basis to keep it up to date because <code>emerge --sync</code> won't work inside guest container. == Create the template cache file == <pre>cd /vz/private/1001/tar --numeric-owner -czf /vz/template/cache/gentoo.tar.gz *</pre> == Test the new template cache file ==
<pre>
</pre>
<pre>
vzctl create enter 800 --ostemplate gentoo --ipadd 192.168.0.10 --hostname testvps
</pre>
<pre>
vzctl start 555set 800 --userpasswd root:secret
</pre>