Editing Getting started with OpenVZ live CD
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ. | + | This article is basicaly written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ. |
− | + | So, as you probably know, OpenVZ allows the user to create '''VE'''s - Virtual Environments, which seems very much | |
− | |||
− | So, as you probably know, OpenVZ allows the user to create | ||
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc. | like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc. | ||
− | In the same way | + | In the same way VE can be based on various OS (Operating System) '''templates'''. On the LiveCD only Debian minimal |
− | + | template is installed and it is used by default. Each VE is indentified by its identification number '''veid'''. | |
− | + | So, how to create a VE with veid 1 based on Debian template? Very easy. Just type the following commands in your | |
− | So, how to create a VE with | ||
terminal (you must be root): | terminal (you must be root): | ||
<pre> | <pre> | ||
− | # vzctl create | + | root@Knoppix:~# vzctl create 1 |
Creating VE private area (debian-3.1-i386-minimal) | Creating VE private area (debian-3.1-i386-minimal) | ||
Performing postcreate actions | Performing postcreate actions | ||
Line 16: | Line 13: | ||
</pre> | </pre> | ||
− | '''vzctl''' is the tool that manages VEs. | + | '''vzctl''' - is the tool that manages VEs. You can get the list of all created VEs on '''HN''' (Hardware Node) by '''vzlist''' command: |
− | |||
<pre> | <pre> | ||
− | + | root@Knoppix:~# vzlist -a | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | # vzlist -a | ||
VEID NPROC STATUS IP_ADDR HOSTNAME | VEID NPROC STATUS IP_ADDR HOSTNAME | ||
− | + | 1 - stopped - - | |
</pre> | </pre> | ||
− | As you see, VE | + | As you see, VE #1 is in stopped state now. Let's start it: |
− | |||
− | |||
− | Let's start it: | ||
<pre> | <pre> | ||
− | # vzctl start | + | root@Knoppix:~# vzctl start 1 |
Starting VE ... | Starting VE ... | ||
VE is mounted | VE is mounted | ||
Setting CPU units: 1000 | Setting CPU units: 1000 | ||
VE start in progress... | VE start in progress... | ||
− | # vzlist -a | + | root@Knoppix:~# vzlist -a |
VEID NPROC STATUS IP_ADDR HOSTNAME | VEID NPROC STATUS IP_ADDR HOSTNAME | ||
− | + | 1 5 running - | |
</pre> | </pre> | ||
− | + | Five processes are running in VE, but who are they? Beeing on usual hardware node you can use ps command to identify them, | |
− | + | and the same command can be used here. The only difference is that this command should be called inside VE. | |
− | |||
In order to perform any command inside VE `vzctl exec` is used: | In order to perform any command inside VE `vzctl exec` is used: | ||
<pre> | <pre> | ||
− | # vzctl exec | + | root@Knoppix:~# vzctl exec 1 ps |
PID TTY TIME CMD | PID TTY TIME CMD | ||
1 ? 00:00:00 init | 1 ? 00:00:00 init | ||
Line 63: | Line 46: | ||
</pre> | </pre> | ||
− | |||
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell: | Any self-respected OS provides a shell for the user. This is how you can get the VE's shell: | ||
<pre> | <pre> | ||
− | # vzctl enter | + | root@Knoppix:~# vzctl enter 1 |
− | entered into VE | + | entered into VE 1 |
− | # | + | Knoppix:/# |
</pre> | </pre> | ||
In this shell you can do almost all you can do on the real HN. For example create a new user: | In this shell you can do almost all you can do on the real HN. For example create a new user: | ||
<pre> | <pre> | ||
− | # useradd new-user | + | Knoppix:/# useradd new-user |
− | # passwd new-user | + | Knoppix:/# passwd new-user |
Enter new UNIX password: | Enter new UNIX password: | ||
Retype new UNIX password: | Retype new UNIX password: | ||
passwd: password updated successfully | passwd: password updated successfully | ||
− | # mkdir /home/new-user | + | Knoppix:/# mkdir /home/new-user |
− | # chown new-user /home/new-user/ | + | Knoppix:/# chown new-user /home/new-user/ |
− | # su new-user | + | Knoppix:/# su new-user |
− | $ cd ~ | + | Knoppix:/$ cd ~ |
− | $ pwd | + | Knoppix:~$ pwd |
/home/new-user | /home/new-user | ||
exit | exit | ||
− | # | + | Knoppix:/# |
</pre> | </pre> | ||
In order to exit from VEs shell, just type exit: | In order to exit from VEs shell, just type exit: | ||
<pre> | <pre> | ||
− | # exit | + | Knoppix:/# exit |
logout | logout | ||
− | exited from VE | + | exited from VE 1 |
− | # | + | root@Knoppix:~# |
</pre> | </pre> | ||
− | + | I guess you've noted that there is not much soft in VE. It is because minimal template was used. | |
− | + | But of course, you can install any soft in VE by yourself. For example in Debian usual apt-get tool can be used. | |
− | + | The only small problem is that all the packages should be downloaded from Internet so let's set up network in VE. | |
<pre> | <pre> | ||
− | # echo 1 > /proc/sys/net/ipv4/ip_forward | + | root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward |
− | # ifconfig venet0 up | + | root@Knoppix:~# ifconfig venet0 up |
− | # vzctl set | + | root@Knoppix:~# vzctl set 1 --ipadd 10.1.1.1 --save |
Adding IP address(es): 10.1.1.1 | Adding IP address(es): 10.1.1.1 | ||
Saved parameters for VE 1 | Saved parameters for VE 1 | ||
− | # vzlist -a | + | root@Knoppix:~# vzlist -a |
VEID NPROC STATUS IP_ADDR HOSTNAME | VEID NPROC STATUS IP_ADDR HOSTNAME | ||
− | + | 1 4 running 10.1.1.1 - | |
</pre> | </pre> | ||
− | Now your | + | Now your '''HN''' (Hardware Node) can ping VE and VE can ping HN: |
<pre> | <pre> | ||
− | # ping 10.1.1.1 | + | root@Knoppix:~# ping 10.1.1.1 |
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. | PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. | ||
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms | 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms | ||
Line 119: | Line 101: | ||
1 packets transmitted, 1 received, 0% packet loss, time 0ms | 1 packets transmitted, 1 received, 0% packet loss, time 0ms | ||
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms | rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms | ||
− | # | + | root@Knoppix:~# |
− | # vzctl exec | + | root@Knoppix:~# vzctl exec 1 ping 192.168.0.244 |
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data. | PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data. | ||
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms | 64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms | ||
− | # | + | root@Knoppix:~# |
</pre> | </pre> | ||
− | However, it | + | However, it isn't possible to ping other computers in the network: for it we need to |
− | set up NAT (Network Address Translation) and | + | set up NAT (Network Address Translation) and nameserver. |
− | |||
Assume that you've set up network on HN (for example via DHCP) and the IP address | Assume that you've set up network on HN (for example via DHCP) and the IP address | ||
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1. | of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1. | ||
<pre> | <pre> | ||
− | # iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244 | + | root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244 |
− | # vzctl set | + | root@Knoppix:~# vzctl set 1 --nameserver 192.168.1.1 --save |
File resolv.conf was modified | File resolv.conf was modified | ||
− | Saved parameters for VE | + | Saved parameters for VE 1 |
− | # vzctl exec | + | root@Knoppix:~# vzctl exec 1 ping google.com |
PING google.com (64.233.167.99) 56(84) bytes of data. | PING google.com (64.233.167.99) 56(84) bytes of data. | ||
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms | 64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms | ||
</pre> | </pre> | ||
− | + | Now, for example, we can install gcc inside VE #1 for developing purposes: | |
− | |||
− | |||
− | |||
− | Now, for example, we can install gcc inside VE | ||
<pre> | <pre> | ||
− | # vzctl enter | + | root@Knoppix:~# vzctl enter 1 |
− | entered into VE | + | entered into VE 1 |
− | # | + | Knoppix:/# |
− | # apt-get install gcc | + | Knoppix:/# apt-get install gcc |
Reading Package Lists... Done | Reading Package Lists... Done | ||
Building Dependency Tree... Done | Building Dependency Tree... Done | ||
Line 190: | Line 167: | ||
Setting up gcc (3.3.5-3) ... | Setting up gcc (3.3.5-3) ... | ||
− | # exit | + | Knoppix:/# exit |
logout | logout | ||
− | exited from VE | + | exited from VE 1 |
− | # | + | root@Knoppix:~# |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | |||
− | + | The very important feature of VEs is that you can limit them by resources: cpu, memory, disk space. | |
− | + | It's done by vzctl also. Crelayurrent usage/limits of memory related resources can be veiwed through | |
+ | '''/proc/user_beancounters''' file: | ||
<pre> | <pre> | ||
− | # cat | + | root@Knoppix:~# cat /proc/user_beancounters |
− | + | Version: 2.5 | |
+ | uid resource held maxheld barrier limit failcnt | ||
+ | 1: kmemsize 628209 976969 2752512 2936012 0 | ||
lockedpages 0 0 32 32 0 | lockedpages 0 0 32 32 0 | ||
privvmpages 5238 6885 49152 53575 0 | privvmpages 5238 6885 49152 53575 0 | ||
shmpages 5012 5014 8192 8192 0 | shmpages 5012 5014 8192 8192 0 | ||
+ | dummy 0 0 0 0 0 | ||
numproc 3 11 65 65 0 | numproc 3 11 65 65 0 | ||
physpages 5084 6020 0 2147483647 0 | physpages 5084 6020 0 2147483647 0 | ||
Line 230: | Line 200: | ||
dcachesize 0 0 1048576 1097728 0 | dcachesize 0 0 1048576 1097728 0 | ||
numfile 106 339 2048 2048 0 | numfile 106 339 2048 2048 0 | ||
+ | dummy 0 0 0 0 0 | ||
+ | dummy 0 0 0 0 0 | ||
+ | dummy 0 0 0 0 0 | ||
numiptent 10 10 128 128 0 | numiptent 10 10 128 128 0 | ||
− | # | + | 0: kmemsize 7843131 9967098 2147483647 2147483647 0 |
+ | lockedpages 0 0 2147483647 2147483647 0 | ||
+ | privvmpages 89600 127711 2147483647 2147483647 0 | ||
+ | shmpages 63290 90159 2147483647 2147483647 0 | ||
+ | dummy 0 0 2147483647 2147483647 0 | ||
+ | numproc 73 78 2147483647 2147483647 0 | ||
+ | physpages 85729 112341 2147483647 2147483647 0 | ||
+ | vmguarpages 0 0 2147483647 2147483647 0 | ||
+ | oomguarpages 85729 112341 2147483647 2147483647 1 | ||
+ | numtcpsock 5 6 2147483647 2147483647 0 | ||
+ | numflock 0 1 2147483647 2147483647 0 | ||
+ | numpty 3 3 2147483647 2147483647 0 | ||
+ | numsiginfo 0 3 2147483647 2147483647 0 | ||
+ | tcpsndbuf 46620 48840 2147483647 2147483647 0 | ||
+ | tcprcvbuf 81920 125476 2147483647 2147483647 0 | ||
+ | othersockbuf 228660 339664 2147483647 2147483647 0 | ||
+ | dgramrcvbuf 0 267484 2147483647 2147483647 0 | ||
+ | numothersock 120 136 2147483647 2147483647 0 | ||
+ | dcachesize 0 0 2147483647 2147483647 0 | ||
+ | numfile 3111 3145 2147483647 2147483647 0 | ||
+ | dummy 0 0 2147483647 2147483647 0 | ||
+ | dummy 0 0 2147483647 2147483647 0 | ||
+ | dummy 0 0 2147483647 2147483647 0 | ||
+ | numiptent 15 15 2147483647 2147483647 0 | ||
+ | root@Knoppix:~# | ||
</pre> | </pre> | ||
− | |||
− | Note that if you have | + | Note, that if you have failcounters in the last column, it means, that appropriate VE |
− | + | expirienced resource shortage. This is very common reason, why some applications fail to | |
− | + | run in VE. In this case you should increase limits/barriers. | |
− | |||
− | |||
Well, let's stop VE and destroy it: | Well, let's stop VE and destroy it: | ||
<pre> | <pre> | ||
− | # vzctl stop | + | root@Knoppix:~# vzctl stop 1 |
Stopping VE ... | Stopping VE ... | ||
VE was stopped | VE was stopped | ||
VE is unmounted | VE is unmounted | ||
− | # vzctl destroy | + | root@Knoppix:~# rm -rf /var/lib/vz/private/1 # THIS STEP IS TEMPORARY: http://bugzilla.openvz.org/show_bug.cgi?id=455 |
− | Destroying VE private area: /var/lib/vz/private/ | + | root@Knoppix:~# vzctl destroy 1 |
+ | Destroying VE private area: /var/lib/vz/private/1 | ||
VE private area was destroyed | VE private area was destroyed | ||
− | # | + | root@Knoppix:~# |
</pre> | </pre> | ||
− | + | That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org. | |
− | That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org | + | If you expirience some difficulties contact us via http://forum.openvz.org. Templates and other tools at http://download.openvz.org. |
− | |||
− | If you | ||
− | |||
− |