Editing Installation on Debian/old

OpenVZ consists of a kernel, user-level tools, and container templates.

This guide tells how to install the kernel and the tools on [http://www.debian.org Debian] Etch and Lenny. 

For Etch users, this document explain how to partialy upgrade to Debian Lenny and install from lenny repositories ('''use this options at your risk''').

== Kernel installation ==

===  Lenny ===

<pre>
aptitude install linux-image-openvz-686
</pre>
this command will install latest kernel and all required packages and will arrange grub bootloader accordingly.
mmm

=== Etch ===

==== 2 Using Debian lenny repositories ====

If you upgrade to lenny, you can search openvz kernel and can install with:
<pre>
apt-get install linux-image-openvz-686
</pre>
this command will install latest kernel and all required packages like:
<pre>
 iproute libatm1 linux-image-2.6.26-1-openvz-686 linux-image-openvz-686 rsync vzctl vzquota
</pre>
and will arrange grub bootloader propertly.

=== Rebooting into OpenVZ kernel ===

{{Warning|Before you restart your Server, verify that your system has all needed modules enabled in order to boot your harddisk (e.g. hardware modules, raid system(s), lvm2 etc). You may need an INITRD (initramdisk) or to compile needed kernel modules statically.}}

Now reboot the machine and choose the OpenVZ Linux Kernel on the boot loader menu. If the OpenVZ kernel has been booted successfully, proceed to installing the user-level tools for OpenVZ.

=== Confirm proper installation ===

1. Kernel:
<pre>
 # uname -r
 2.6.26-1-openvz-686
 #
</pre>

2. Openvz kernel facility:
<pre>
 # ps ax | grep vz
 2349 ?        S      0:00 [vzmond]
</pre>

3. A network interface for containers:
<pre>
 # ifconfig
 venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
           UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
</pre>

== Configuring ==

=== sysctl ===

There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in <tt>/etc/sysctl.conf</tt> file. Here is the relevant part of the file; please edit it accordingly.

{{Note|vzctl version from debian-systs, automate changing sysctl options for openvz}}

<pre>
[...]

# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0

# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

[...]
</pre>

  # [sudo] sysctl -p

{{Note|You can make a symlink from /var/lib/vz to /vz as backward
compatibility to OpenVZ as installed in other distributions
(Debian vz root directory is /var/lib/vz to be FHS-compliant.}}

  # [sudo] ln -s /var/lib/vz /vz 

=== OS templates ===

To install a container, you need OS template(s).

Precreated templates can be found [http://download.openvz.org/contrib/template/precreated/ here].

You can create your own templates, see 
[[Debian template creation]], [[Ubuntu Gutsy template creation]] and [[:Category: Templates]].

{{Note|Setup your prefered standard OS Template : edit the /etc/vz/vz.conf}}

  # [sudo] apt-get install vzctl-ostmpl-debian

== Additional User Tools ==

; vzprocps
:    A set of utilities to provide system information (vzps and vztop)

; [[vzdump]]
:    A utility to backup and restore container. 

  # [sudo] apt-get install vzprocps vzdump

== Secure it ==

If you want to secure your container with individual firewall rules (instead or additionally to securing the host node) then you must run iptables inside the container. This works slightly different than on a physical server. So make sure that you check that iptables rules are indeed applied as expected inside the container.

Iptables modules required by the container must be specified in the general vz.conf file or the vzXXX.conf file of the container.

Add the following line into vz.conf to activate the respective iptables modules for all containers.

 IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"

[[http://wiki.debian.org/DebianFirewall][Configure]] your iptable rules inside the container.

{{Warning|Note that iptables rules inside the container are not applied automatically as on a physical server by starting the iptables module! Follow the instructions below}}

To make sure the iptables rules are applied on a startup/reboot we'll create a new file:

 nano /etc/network/if-pre-up.d/iptables

Add these lines to it:

 #!/bin/bash
 /sbin/iptables-restore < /etc/iptables.up.rules

The file needs to be executable so change the permissions:

 chmod +x /etc/network/if-pre-up.d/iptables

Start iptables

 /etc/init.d/iptables start

If the startup shows errors then you have probably not activated the needed iptables modules. See above.

Check inside the container that your iptables rules are indeed applied:

 iptables -L

If the rules do not show up as you would expect on a physical server then you might not have activated the needed iptables modules.
@@ Line 1: / Line 1: @@
-{{Warning|The majority of the content on this page only applies to older, unsupported Debian versions and is archived on this page for historical reasons only. '''The page you need is [[Installation on Debian]].'''}}
 OpenVZ consists of a kernel, user-level tools, and container templates.
-This guide tells how to install the kernel and the tools on [http://www.debian.org Debian] Etch or Lenny/Squeeze.
+This guide tells how to install the kernel and the tools on [http://www.debian.org Debian] Etch and Lenny.
-For Squeeze, use the Lenny directions.
+For Etch users, this document explain how to partialy upgrade to Debian Lenny and install from lenny repositories ('''use this options at your risk''').
-For Wheezy (7.0), use the vzctl package included in wheezy, together with the Wheezy OpenVZ kernels from [http://download.openvz.org/debian/ http://download.openvz.org/debian/].  Alternatively reduced functionality may be possible using the stock Debian Wheezy kernel (based on kernel.org version 3.2) and [[Vzctl_for_upstream_kernel]].
+== Kernel installation ==
-You may also wish to check the information on [http://wiki.debian.org/OpenVz the Debian wiki].
+===  Lenny ===
-For Etch users, this document explains how to partially upgrade to Debian Lenny and install from lenny repositories ('''use this options at your risk''').
-== Requirements ==
-=== Filesystems ===
-It's recommended that you use a separate partition for container private
-directories (by default <code>/var/lib/vz/private/<CTID></code>). The reason for this is that if you wish to use the OpenVZ per-container disk quota, you won't be able to use usual Linux disk quotas on the same partition. Bear in mind that "per-container quota" in this context includes not only pure per-container quota but also the usual Linux disk quota used in container, not on the [[HN]].
-At the very least try to avoid using the root partition for containers, because the root user of a container will be able to overcome the 5% disk space barrier in some situations. If the HN root partition is completely filled, it will break the system.
-OpenVZ per-container disk quota is supported only for ext2/ext3 filesystems; therefore it makes sense to use one of these filesystems (ext3 is recommended) if you need per-container disk quota.
-=== Repository setup (Etch only) ===
-'''If you are using Debian Lenny, this step in no longer required. Openvz kernel packages and tools are available on main repository.'''
-==== 1. Using openvz.org repositories ====
-At the moment two different repositories are online at http://download.openvz.org:
-; by Ola Lundqvist <opal@debian.org>
-: (OpenVZ kernels only)
-: apt-uri http://download.openvz.org/debian
-; by Thorsten Schifferdecker <tsd@debian.systs.org>
-: apt-uri http://download.openvz.org/debian-systs
-: (Mirror of OpenVZ Repository from http://debian.systs.org/)
-{{Note|The next steps use the repository at http://download.openvz.org/debian-systs; the actual OpenVZ Tools for Debian exist only as unstable builds, see http://packages.debian.org/vzctl}}
-{{Note|By default, on Ubuntu systems root tasks are executed with [https://help.ubuntu.com/community/RootSudo sudo]}}
-This can be done via the following commands, as root or as privileged "sudo" user
 <pre>
-# echo -e "\ndeb http://download.openvz.org/debian-systs etch openvz" >> /etc/apt/sources.list
+aptitude install linux-image-openvz-686
-# wget -q http://download.openvz.org/debian-systs/dso_archiv_signing_key.asc -O- | apt-key add - && apt-get update
 </pre>
+this command will install latest kernel and all required packages and will arrange grub bootloader accordingly.
-==== 2. Using Debian repositories (upgrade to lenny) ====
+mmm
-There is even a '''lenny''' repository with kernel 2.6.28. '''Use it at your own risk!'''
-Add lenny repositories to your '''/etc/apt/sources.list'''
-<pre>
-deb http://DEBIAN-MIRROR/debian/ testing main
-deb http://DEBIAN-MIRROR/debian-security/ testing/updates main
-</pre>
-Enlarge apt-cache adding to '''/etc/apt/apt.conf''' this line:
-<pre>
-APT::Cache-Limit "100000000";
-</pre>
-Give etch package priority over lenny packages. Edit '''/etc/apt/preferences''' and set like this:
-<pre>
-Package: *
-Pin: release a=etch
-Pin-Priority: 700
-Package: *
-Pin: release a=lenny
-Pin-Priority: 650
-</pre>
-Then '''apt-get update && apt-get dist-upgrade''' to upgrade to lenny.
-== Kernel installation ==
-=== Wheezy and Lenny ===
-{{Note|The best kernel to use is [[Download/kernel/rhel6|RHEL6-based]]. Please see [[Install_kernel_from_RPM_on_Debian_6.0]]}}
 === Etch ===
-==== 1. Using openvz kernel repositories ====
-{{Note|In case you want to recompile the OpenVZ kernel yourself on Debian, see [[Compiling the OpenVZ kernel (the Debian way)]].}}
-First, you need to choose what kernel you want to install.
-{| class="wikitable"
-|+'''OpenVZ Kernel list built with kernel config from http://download.openvz.org'''
-! Kernel !! Description !! Hardware !! Debian Architecture
-|-
-! ovzkernel-2.6.18
-| uniprocessor
-| up to 4GB of RAM
-| i386 and amd64
-|-
-! ovzkernel-2.6.18-smp
-| symmetric multiprocessor
-| up to 4 GB of RAM
-| i386 and amd64
-|-
-! ovzkernel-2.6.18-enterprise
-| SMP + PAE support + 4/4GB split
-| up to 64 GB of RAM
-| i386 only
-|}
-{| class="wikitable"
-|+'''OpenVZ Kernel list built with official Debian kernel config and OpenVZ Settings'''
-! Kernel !! Description !! Hardware !! Debian Architecture
-|-
-! fzakernel-2.6.18-686
-| uni- and multiprocessor
-| up to 4GB of RAM
-| i386
-|-
-! fzakernel-2.6.18-686-bigmem
-| symmetric multiprocessor
-| up to 64 GB of RAM
-| i386
-|-
-! fzakernel-2.6.18-amd64
-| uni- and multiprocessor
-|
-| amd64
-|-
-|}
-<pre>
- # apt-get install <kernel>
-</pre>
-===== Configuring the bootloader =====
-In case GRUB is used as the boot loader, it will be configured automatically, or execute update-grub; lines similar to these will be added to the <tt>/boot/grub/menu.lst</tt> file:
-<pre>
-[...]
-  title           Debian GNU/Linux, kernel 2.6.18-ovz-028stab051.1-686
-  root            (hd0,1)
-  kernel          /vmlinuz-2.6.18-ovz-028stab051.1-686 root=/dev/sda5 ro vga=791
-  initrd          /initrd.img-2.6.18-ovz-028stab051.1-686
-  savedefault
-[...]
-</pre>
-{{Note|per default on debian/ubuntu, a 2.6.22 kernel will boot before a 2.6.18, please check manually the grub boot order. See man update-grub for more details}}
-===== Installing the user-level tools =====
-OpenVZ needs some user-level tools installed. Those are:
-; vzctl
-: A utility to control OpenVZ containers (create, destroy, start, stop, set parameters etc.)
-; vzquota
-: A utility to manage quotas for containers. Mostly used indirectly (by vzctl).
-<pre>
- # [sudo] apt-get install vzctl vzquota
-</pre>
 ==== 2 Using Debian lenny repositories ====
@@ Line 173: / Line 25: @@
 this command will install latest kernel and all required packages like:
 <pre>
-apt-get install iproute libatm1 linux-image-2.6.26-1-openvz-686 linux-image-openvz-686 rsync vzctl vzquota libcgroup-dev
+ iproute libatm1 linux-image-2.6.26-1-openvz-686 linux-image-openvz-686 rsync vzctl vzquota
 </pre>
-and will arrange grub bootloader properly.
+and will arrange grub bootloader propertly.
 === Rebooting into OpenVZ kernel ===
@@ Line 215: / Line 67: @@
 There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in <tt>/etc/sysctl.conf</tt> file. Here is the relevant part of the file; please edit it accordingly.
-{{Note|vzctl version from debian-systs, automatically inserts these options at the last of <tt>/etc/sysctl.conf</tt>, except for net.ipv4.ip_forward}}
+{{Note|vzctl version from debian-systs, automate changing sysctl options for openvz}}
 <pre>
@@ Line 224: / Line 76: @@
 net.ipv4.conf.default.forwarding=1
-net.ipv4.conf.default.proxy_arp=0
+net.ipv4.conf.default.proxy_arp = 0
 net.ipv4.ip_forward=1
 # Enables source route verification
-net.ipv4.conf.all.rp_filter=1
+net.ipv4.conf.all.rp_filter = 1
 # Enables the magic-sysrq key
-kernel.sysrq=1
+kernel.sysrq = 1
 # TCP Explict Congestion Notification
-#net.ipv4.tcp_ecn=0
+#net.ipv4.tcp_ecn = 0
 # we do not want all our interfaces to send redirects
-net.ipv4.conf.default.send_redirects=1
+net.ipv4.conf.default.send_redirects = 1
-net.ipv4.conf.all.send_redirects=0
+net.ipv4.conf.all.send_redirects = 0
 [...]
@@ Line 249: / Line 101: @@
 (Debian vz root directory is /var/lib/vz to be FHS-compliant.}}
    # [sudo] ln -s /var/lib/vz /vz
 === OS templates ===
-{{Note|Support of OS templates on 64 bit hosts is somewhat limited for the time being, so that not all tools or features are available - please see [[Making template tools to work on x86_64]] and [[Install OpenVZ on a x86 64 system Centos-Fedora]] for additional details and information on possible workarounds}}
 To install a container, you need OS template(s).
-Precreated templates can be found [http://wiki.openvz.org/Download/template/precreated here] and [http://download.openvz.org/contrib/template/precreated/ here].
+Precreated templates can be found [http://download.openvz.org/contrib/template/precreated/ here].
 You can create your own templates, see
@@ Line 264: / Line 114: @@
 {{Note|Setup your prefered standard OS Template : edit the /etc/vz/vz.conf}}
-   # [sudo] apt-get install vzctl-ostmpl-debian-5.0-i386-minimal
+   # [sudo] apt-get install vzctl-ostmpl-debian
 == Additional User Tools ==
@@ Line 275: / Line 125: @@
    # [sudo] apt-get install vzprocps vzdump
-On Debian squeeze, vzdump seems packaged in standard aptline. For lenny, See [[Backup_of_a_running_container_with_vzdump]]
 == Secure it ==
@@ Line 288: / Line 134: @@
 Add the following line into vz.conf to activate the respective iptables modules for all containers.
-  IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl
+  IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"
- ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"
 [[http://wiki.debian.org/DebianFirewall][Configure]] your iptable rules inside the container.
@@ Line 319: / Line 164: @@
 If the rules do not show up as you would expect on a physical server then you might not have activated the needed iptables modules.
-== Start it! ==
- # [sudo] /etc/init.d/vz start
-This does not make the vz system automatically start at boot time.  For automatic start:
- # [sudo] update-rc.d vz defaults 98
-== Use it! ==
-After installing the OpenVZ kernel, user tools and a minimal OS template
-to create a first container and do some [[basic operations in OpenVZ environment]]. Read the [[download:doc/OpenVZ-Users-Guide.pdf]], browse this wiki.
-[[Category: HOWTO]]
-[[Category: Debian]]
-[[Category: Installation]]