Difference between revisions of "Getting started with OpenVZ live CD"
m (Basic actions in OpenVZ moved to Basic operations in OpenVZ: better name) |
(a lot of fixes here and there; do not use VEID<=100) |
||
| Line 1: | Line 1: | ||
| − | This article is | + | This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ. |
| − | So, as you probably know, OpenVZ allows the user to create | + | |
| + | == Introduction == | ||
| + | So, as you probably know, OpenVZ allows the user to create [[VE]]s, or Virtual Environments, which seems very much | ||
like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc. | like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc. | ||
| − | In the same way VE can be based on various OS (Operating System) | + | In the same way, a VE can be based on various [[OS (Operating System) templates|OS template]]. On the LiveCD only Debian minimal template is installed and it is used by default. Each VE is indentified by its number -- a '''VEID'''. |
| − | template is installed and it is used by default. Each VE is indentified by its | + | |
| − | So, how to create a VE with | + | == VE creation == |
| + | So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your | ||
terminal (you must be root): | terminal (you must be root): | ||
<pre> | <pre> | ||
| − | root@Knoppix:~# vzctl create | + | root@Knoppix:~# vzctl create 101 |
Creating VE private area (debian-3.1-i386-minimal) | Creating VE private area (debian-3.1-i386-minimal) | ||
Performing postcreate actions | Performing postcreate actions | ||
| Line 13: | Line 16: | ||
</pre> | </pre> | ||
| − | '''vzctl''' | + | '''vzctl''' is the tool that manages VEs. |
| + | |||
| + | == List of VEs == | ||
| + | You can get the list of all created VEs on '''HN''' (Hardware Node) using '''vzlist''' command: | ||
<pre> | <pre> | ||
root@Knoppix:~# vzlist -a | root@Knoppix:~# vzlist -a | ||
VEID NPROC STATUS IP_ADDR HOSTNAME | VEID NPROC STATUS IP_ADDR HOSTNAME | ||
| − | + | 101 - stopped - - | |
</pre> | </pre> | ||
| − | As you see, VE | + | As you see, VE 101 is in stopped state now. |
| + | |||
| + | == Starting VE == | ||
| + | Let's start it: | ||
<pre> | <pre> | ||
| − | root@Knoppix:~# vzctl start | + | root@Knoppix:~# vzctl start 101 |
Starting VE ... | Starting VE ... | ||
VE is mounted | VE is mounted | ||
| Line 29: | Line 38: | ||
root@Knoppix:~# vzlist -a | root@Knoppix:~# vzlist -a | ||
VEID NPROC STATUS IP_ADDR HOSTNAME | VEID NPROC STATUS IP_ADDR HOSTNAME | ||
| − | + | 101 5 running - | |
</pre> | </pre> | ||
| − | + | == Executing commands in VE == | |
| − | and the same command can be used here. The only difference is that this command should be called inside VE. | + | From the previous command you see that 5 processes are running inside VE 101. Being on usual [[hardware node]] you can use <code>ps</code> command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE. |
| + | |||
In order to perform any command inside VE `vzctl exec` is used: | In order to perform any command inside VE `vzctl exec` is used: | ||
<pre> | <pre> | ||
| − | root@Knoppix:~# vzctl exec | + | root@Knoppix:~# vzctl exec 101 ps |
PID TTY TIME CMD | PID TTY TIME CMD | ||
1 ? 00:00:00 init | 1 ? 00:00:00 init | ||
| Line 46: | Line 56: | ||
</pre> | </pre> | ||
| + | == Entering VE == | ||
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell: | Any self-respected OS provides a shell for the user. This is how you can get the VE's shell: | ||
<pre> | <pre> | ||
| − | root@Knoppix:~# vzctl enter | + | root@Knoppix:~# vzctl enter 101 |
| − | entered into VE | + | entered into VE 101 |
Knoppix:/# | Knoppix:/# | ||
</pre> | </pre> | ||
| Line 74: | Line 85: | ||
Knoppix:/# exit | Knoppix:/# exit | ||
logout | logout | ||
| − | exited from VE | + | exited from VE 101 |
root@Knoppix:~# | root@Knoppix:~# | ||
</pre> | </pre> | ||
| − | + | == Setting up VE networking == | |
| − | + | Let's set up networking in VE. | |
| − | + | ||
<pre> | <pre> | ||
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward | root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward | ||
root@Knoppix:~# ifconfig venet0 up | root@Knoppix:~# ifconfig venet0 up | ||
| − | root@Knoppix:~# vzctl set | + | root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save |
Adding IP address(es): 10.1.1.1 | Adding IP address(es): 10.1.1.1 | ||
Saved parameters for VE 1 | Saved parameters for VE 1 | ||
root@Knoppix:~# vzlist -a | root@Knoppix:~# vzlist -a | ||
VEID NPROC STATUS IP_ADDR HOSTNAME | VEID NPROC STATUS IP_ADDR HOSTNAME | ||
| − | + | 101 4 running 10.1.1.1 - | |
</pre> | </pre> | ||
| − | Now your | + | Now your [[Hardware Node]] can ping VE and VE can ping HN: |
<pre> | <pre> | ||
root@Knoppix:~# ping 10.1.1.1 | root@Knoppix:~# ping 10.1.1.1 | ||
| Line 102: | Line 113: | ||
rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms | rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms | ||
root@Knoppix:~# | root@Knoppix:~# | ||
| − | root@Knoppix:~# vzctl exec | + | root@Knoppix:~# vzctl exec 101 ping 192.168.0.244 |
PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data. | PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data. | ||
64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms | 64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms | ||
| Line 109: | Line 120: | ||
</pre> | </pre> | ||
| − | However, it | + | However, it is not possible to ping other computers in the network: for it we need to |
| − | set up NAT (Network Address Translation) and nameserver. | + | set up NAT (Network Address Translation) and set the nameserver. |
| + | |||
Assume that you've set up network on HN (for example via DHCP) and the IP address | Assume that you've set up network on HN (for example via DHCP) and the IP address | ||
of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1. | of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1. | ||
<pre> | <pre> | ||
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244 | root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244 | ||
| − | root@Knoppix:~# vzctl set | + | root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save |
File resolv.conf was modified | File resolv.conf was modified | ||
| − | Saved parameters for VE | + | Saved parameters for VE 101 |
| − | root@Knoppix:~# vzctl exec | + | root@Knoppix:~# vzctl exec 101 ping google.com |
PING google.com (64.233.167.99) 56(84) bytes of data. | PING google.com (64.233.167.99) 56(84) bytes of data. | ||
64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms | 64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms | ||
</pre> | </pre> | ||
| − | Now, for example, we can install gcc inside VE | + | == Installing software inside VE == |
| + | I guess you've noted that there is not so many packages in VE. It is because minimal template was used. | ||
| + | But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used. | ||
| + | |||
| + | Now, for example, we can install gcc inside VE 101 for developing purposes: | ||
<pre> | <pre> | ||
| − | root@Knoppix:~# vzctl enter | + | root@Knoppix:~# vzctl enter 101 |
| − | entered into VE | + | entered into VE 101 |
Knoppix:/# | Knoppix:/# | ||
Knoppix:/# apt-get install gcc | Knoppix:/# apt-get install gcc | ||
| Line 169: | Line 185: | ||
Knoppix:/# exit | Knoppix:/# exit | ||
logout | logout | ||
| − | exited from VE | + | exited from VE 101 |
root@Knoppix:~# | root@Knoppix:~# | ||
</pre> | </pre> | ||
| − | The very important feature of | + | == Resource limiting == |
| − | It | + | The very important feature of VE is that you can limit it by resources: CPU, memory, disk space. |
| − | + | It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through | |
| + | [[/proc/user_beancounters]] file: | ||
<pre> | <pre> | ||
root@Knoppix:~# cat /proc/user_beancounters | root@Knoppix:~# cat /proc/user_beancounters | ||
Version: 2.5 | Version: 2.5 | ||
uid resource held maxheld barrier limit failcnt | uid resource held maxheld barrier limit failcnt | ||
| − | + | 101: kmemsize 628209 976969 2752512 2936012 0 | |
lockedpages 0 0 32 32 0 | lockedpages 0 0 32 32 0 | ||
privvmpages 5238 6885 49152 53575 0 | privvmpages 5238 6885 49152 53575 0 | ||
| Line 231: | Line 248: | ||
</pre> | </pre> | ||
| − | Note | + | Note that if you have failcounters in the last column, it means that the appropriate VE |
| − | + | experienced resource shortage. This is very common reason why some application fail to | |
| − | run in VE. In this case you should increase limits/barriers. | + | run in a VE. In this case you should increase limits/barriers accordingly; see |
| + | [[resource shortage]] for more info. | ||
| + | == Stopping/removing VE == | ||
Well, let's stop VE and destroy it: | Well, let's stop VE and destroy it: | ||
<pre> | <pre> | ||
| − | root@Knoppix:~# vzctl stop | + | root@Knoppix:~# vzctl stop 101 |
Stopping VE ... | Stopping VE ... | ||
VE was stopped | VE was stopped | ||
VE is unmounted | VE is unmounted | ||
| − | root@Knoppix:~# rm -rf /var/lib/vz/private/ | + | root@Knoppix:~# rm -rf /var/lib/vz/private/101 # THIS STEP IS TEMPORARY: http://bugzilla.openvz.org/show_bug.cgi?id=455 |
| − | root@Knoppix:~# vzctl destroy | + | root@Knoppix:~# vzctl destroy 101 |
| − | Destroying VE private area: /var/lib/vz/private/ | + | Destroying VE private area: /var/lib/vz/private/101 |
VE private area was destroyed | VE private area was destroyed | ||
root@Knoppix:~# | root@Knoppix:~# | ||
</pre> | </pre> | ||
| − | That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org. | + | == Links == |
| − | If you expirience some difficulties contact us via http://forum.openvz.org. Templates and other tools | + | That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/. |
| + | |||
| + | If you expirience some difficulties, contact us via http://forum.openvz.org/. Templates and other tools are available from http://download.openvz.org/. | ||
Revision as of 05:00, 23 April 2007
This article is written for OpenVZ LiveCD and assumes that the reader only starts using OpenVZ.
Contents
Introduction
So, as you probably know, OpenVZ allows the user to create VEs, or Virtual Environments, which seems very much like real computers. Real computer can run various distributions: Debian, Gentoo, Red Hat and Novell products, etc. In the same way, a VE can be based on various OS template. On the LiveCD only Debian minimal template is installed and it is used by default. Each VE is indentified by its number -- a VEID.
VE creation
So, how to create a VE with VEID of 101 based on Debian template? Very easy. Just type the following commands in your terminal (you must be root):
root@Knoppix:~# vzctl create 101 Creating VE private area (debian-3.1-i386-minimal) Performing postcreate actions VE private area was created
vzctl is the tool that manages VEs.
List of VEs
You can get the list of all created VEs on HN (Hardware Node) using vzlist command:
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 - stopped - -
As you see, VE 101 is in stopped state now.
Starting VE
Let's start it:
root@Knoppix:~# vzctl start 101
Starting VE ...
VE is mounted
Setting CPU units: 1000
VE start in progress...
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 5 running -
Executing commands in VE
From the previous command you see that 5 processes are running inside VE 101. Being on usual hardware node you can use ps command to identify those, and the same command can be used here. The only difference is that this command should be called inside VE.
In order to perform any command inside VE `vzctl exec` is used:
root@Knoppix:~# vzctl exec 101 ps
PID TTY TIME CMD
1 ? 00:00:00 init
7672 ? 00:00:00 rc
7674 ? 00:00:00 S10sysklogd
7677 ? 00:00:00 syslogd
7678 ? 00:00:00 syslogd
7683 ? 00:00:00 ps
Entering VE
Any self-respected OS provides a shell for the user. This is how you can get the VE's shell:
root@Knoppix:~# vzctl enter 101 entered into VE 101 Knoppix:/#
In this shell you can do almost all you can do on the real HN. For example create a new user:
Knoppix:/# useradd new-user Knoppix:/# passwd new-user Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Knoppix:/# mkdir /home/new-user Knoppix:/# chown new-user /home/new-user/ Knoppix:/# su new-user Knoppix:/$ cd ~ Knoppix:~$ pwd /home/new-user exit Knoppix:/#
In order to exit from VEs shell, just type exit:
Knoppix:/# exit logout exited from VE 101 root@Knoppix:~#
Setting up VE networking
Let's set up networking in VE.
root@Knoppix:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@Knoppix:~# ifconfig venet0 up
root@Knoppix:~# vzctl set 101 --ipadd 10.1.1.1 --save
Adding IP address(es): 10.1.1.1
Saved parameters for VE 1
root@Knoppix:~# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 4 running 10.1.1.1 -
Now your Hardware Node can ping VE and VE can ping HN:
root@Knoppix:~# ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=3.80 ms --- 10.1.1.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.804/3.804/3.804/0.000 ms root@Knoppix:~# root@Knoppix:~# vzctl exec 101 ping 192.168.0.244 PING 192.168.0.244 (192.168.0.244) 56(84) bytes of data. 64 bytes from 192.168.0.244: icmp_seq=1 ttl=64 time=0.508 ms root@Knoppix:~#
However, it is not possible to ping other computers in the network: for it we need to set up NAT (Network Address Translation) and set the nameserver.
Assume that you've set up network on HN (for example via DHCP) and the IP address of your node is 192.168.0.244 and nameserver IP address is 192.168.1.1.
root@Knoppix:~# iptables -t nat -A POSTROUTING -s 10.1.1.1 -o eth0 -j SNAT --to 192.168.0.244 root@Knoppix:~# vzctl set 101 --nameserver 192.168.1.1 --save File resolv.conf was modified Saved parameters for VE 101 root@Knoppix:~# vzctl exec 101 ping google.com PING google.com (64.233.167.99) 56(84) bytes of data. 64 bytes from py-in-f99.google.com (64.233.167.99): icmp_seq=1 ttl=241 time=23.0 ms
Installing software inside VE
I guess you've noted that there is not so many packages in VE. It is because minimal template was used. But of course, you can install any software in VE by yourself. For example, in Debian usual apt-get tool can be used.
Now, for example, we can install gcc inside VE 101 for developing purposes:
root@Knoppix:~# vzctl enter 101 entered into VE 101 Knoppix:/# Knoppix:/# apt-get install gcc Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: binutils cpp cpp-3.3 gcc-3.3 Suggested packages: binutils-doc cpp-doc make manpages-dev autoconf automake libtool flex bison gdb gcc-doc gcc-3.3-doc Recommended packages: libc-dev libc6-dev The following NEW packages will be installed: binutils cpp cpp-3.3 gcc gcc-3.3 0 upgraded, 5 newly installed, 0 to remove and 0 not upgraded. Need to get 5220kB of archives. After unpacking 13.6MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ftp.freenet.de stable/main binutils 2.15-6 [2221kB] Get:2 http://ftp.freenet.de stable/main cpp-3.3 1:3.3.5-13 [1393kB] Get:3 http://ftp.freenet.de stable/main cpp 4:3.3.5-3 [29.6kB] Get:4 http://ftp.freenet.de stable/main gcc-3.3 1:3.3.5-13 [1570kB] Get:5 http://ftp.freenet.de stable/main gcc 4:3.3.5-3 [4906B] Fetched 5220kB in 10s (507kB/s) Selecting previously deselected package binutils. (Reading database ... 7436 files and directories currently installed.) Unpacking binutils (from .../binutils_2.15-6_i386.deb) ... Selecting previously deselected package cpp-3.3. Unpacking cpp-3.3 (from .../cpp-3.3_1%3a3.3.5-13_i386.deb) ... Selecting previously deselected package cpp. Unpacking cpp (from .../cpp_4%3a3.3.5-3_i386.deb) ... Selecting previously deselected package gcc-3.3. Unpacking gcc-3.3 (from .../gcc-3.3_1%3a3.3.5-13_i386.deb) ... Selecting previously deselected package gcc. Unpacking gcc (from .../gcc_4%3a3.3.5-3_i386.deb) ... Setting up binutils (2.15-6) ... Setting up cpp-3.3 (3.3.5-13) ... Setting up cpp (3.3.5-3) ... Setting up gcc-3.3 (3.3.5-13) ... Setting up gcc (3.3.5-3) ... Knoppix:/# exit logout exited from VE 101 root@Knoppix:~#
Resource limiting
The very important feature of VE is that you can limit it by resources: CPU, memory, disk space. It is also performed via vzctl. Current usage values and limits of memory-related resources can be viewed through /proc/user_beancounters file:
root@Knoppix:~# cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
101: kmemsize 628209 976969 2752512 2936012 0
lockedpages 0 0 32 32 0
privvmpages 5238 6885 49152 53575 0
shmpages 5012 5014 8192 8192 0
dummy 0 0 0 0 0
numproc 3 11 65 65 0
physpages 5084 6020 0 2147483647 0
vmguarpages 0 0 6144 2147483647 0
oomguarpages 5084 6020 6144 2147483647 0
numtcpsock 0 2 80 80 0
numflock 1 5 100 110 0
numpty 0 1 16 16 0
numsiginfo 0 6 256 256 0
tcpsndbuf 0 4440 319488 524288 0
tcprcvbuf 0 42180 319488 524288 0
othersockbuf 2220 6660 132096 336896 0
dgramrcvbuf 0 2220 132096 132096 0
numothersock 1 6 80 80 0
dcachesize 0 0 1048576 1097728 0
numfile 106 339 2048 2048 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 10 10 128 128 0
0: kmemsize 7843131 9967098 2147483647 2147483647 0
lockedpages 0 0 2147483647 2147483647 0
privvmpages 89600 127711 2147483647 2147483647 0
shmpages 63290 90159 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
numproc 73 78 2147483647 2147483647 0
physpages 85729 112341 2147483647 2147483647 0
vmguarpages 0 0 2147483647 2147483647 0
oomguarpages 85729 112341 2147483647 2147483647 1
numtcpsock 5 6 2147483647 2147483647 0
numflock 0 1 2147483647 2147483647 0
numpty 3 3 2147483647 2147483647 0
numsiginfo 0 3 2147483647 2147483647 0
tcpsndbuf 46620 48840 2147483647 2147483647 0
tcprcvbuf 81920 125476 2147483647 2147483647 0
othersockbuf 228660 339664 2147483647 2147483647 0
dgramrcvbuf 0 267484 2147483647 2147483647 0
numothersock 120 136 2147483647 2147483647 0
dcachesize 0 0 2147483647 2147483647 0
numfile 3111 3145 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
dummy 0 0 2147483647 2147483647 0
numiptent 15 15 2147483647 2147483647 0
root@Knoppix:~#
Note that if you have failcounters in the last column, it means that the appropriate VE experienced resource shortage. This is very common reason why some application fail to run in a VE. In this case you should increase limits/barriers accordingly; see resource shortage for more info.
Stopping/removing VE
Well, let's stop VE and destroy it:
root@Knoppix:~# vzctl stop 101 Stopping VE ... VE was stopped VE is unmounted root@Knoppix:~# rm -rf /var/lib/vz/private/101 # THIS STEP IS TEMPORARY: http://bugzilla.openvz.org/show_bug.cgi?id=455 root@Knoppix:~# vzctl destroy 101 Destroying VE private area: /var/lib/vz/private/101 VE private area was destroyed root@Knoppix:~#
Links
That's all you need to start playing with OpenVZ. Additional information can be found in man page on vzctl and at http://wiki.openvz.org/.
If you expirience some difficulties, contact us via http://forum.openvz.org/. Templates and other tools are available from http://download.openvz.org/.
