6,534
edits
Changes
VE -> container; fixed headings level; some formatting fixes
This page is about making a template cache for OpenVZ VE container from Gentoo Linux. The method is basically the same as described in [[Slackware template creation]] article.
We will make the template from a stage3 file. An OpenVZ OS template should be an archive (.tar.gz) of the root of a working system, but without the kernel and some files. You can download stage3 from the nearest mirror here: http://www.gentoo.org/main/en/mirrors.xml.
<pre>
</pre>
<pre>
</pre>
Add the following to <code>/etc/vz/conf/777.conf</code>:
<pre>
OSTEMPLATE="gentoo"
</pre>
<pre>
rm -f /vz/private/777/etc/mtab
After replacing <code>/etc/mtab</code> with a symlink to <code>/proc/mounts</code>, you will always have up-to-date information of what is mounted in <code>/etc/mtab</code>.
<pre>
We need only <code>/proc</code> to be mounted at boot time.
Edit <code>/vz/private/777/etc/inittab</code> and put a hash mark (#) at the beginning of the lines containing:
<pre>c?:1235:respawn:/sbin/agetty 38400 tty? linux</pre>
This prevents <code>getty</code> and login from starting on ttys that do not exist in VEscontainers.
Edit <code>/vz/private/777/etc/shadow</code> and change root's password in the first line to an exclamation mark (!):
<pre>root:!:10071:0:::::</pre>
This will disable root login until the password is changed with <code>vzctl set VEID CTID --userpasswd root:password</code>.
The checkroot and consolefont init scripts should not be started inside VEscontainers:
<pre>
</pre>
Edit <code>/vz/private/777/sbin/rc</code> and put a hash mark (#) at the beginning of line 244 (your line number may be different):
<pre># try mount -n ${mntcmd:--t sysfs sysfs /sys -o noexec,nosuid,nodev}</pre>
This prevents the VE container from attempting to mount <code>/sys</code>.
To ensure that this change isn't automatically overwritten on update, add the following to <code>/vz/private/777/etc/make.conf</code>:
<pre>CONFIG_PROTECT = /sbin/rc</pre>
<div class="previewnote"><p><strong>NOTE: udev-state does not exists anymore!! ../lib/udev/state and ../lib/udev/devices are empty directories now... maybe someone knows how to handle it the right way?</strong></p></div>
Delete <code>/lib/udev-state/devices.tar.bz2</code> and create some device nodes needed to enter a VEcontainer:
<pre>
</pre>
You have to leave the directory you are in for the next step to be OK, otherwise you will get this error message : <br> vzquota : (error) Quota on syscall for 777: Device or resource busy <br> vzquota on failed [3] <br>
<pre>
</pre>
<pre>
</pre>
All services in boot and default runlevels must be started. If everything all right, stop the VEcontainer:
<pre>
</pre>
{{Warning|This step is optional and will result in shared files between VEscontainers! These steps can save space on disk but trade isolation and security... consider your options carefully!}}
To install software into a VE container with portage, you should mount <code>/usr/portage</code> into the VE container with the "bind" option. Do the following on the host after the VE container is started:
<pre>
</pre>
Now, to install a package into a VEcontainer, you just need to enter the VE container using <code>vzctl enter</code> and run
<pre>
while you have all the needed files in the <code>/usr/portage/distfiles</code> of host system.
For security reasons, you should have these directories mounted only while installing software into a VEcontainer.
{{Note|you have to <code>umount /vz/root/777/usr/portage/distfiles</code> before trying to stop your VEcontainer.}}
<pre>
</pre>
Create a new VE container from the template file:
<pre>
</pre>
If the VE container was created successfully, try to start it:
<pre>