6,534
edits
Changes
add a big fat warning
{{Warning|The majority of the content on this page only applies to older, unsupported Debian versions and is archived on this page for historical reasons only. '''The page you need is [[Installation on Debian]].'''}}
OpenVZ consists of a kernel, user-level tools, and container templates.
This guide tells how to install the kernel and the tools on [http://www.debian.org Debian] Etch and or Lenny/Squeeze.
For Squeeze, use the Lenny directions. For Wheezy (7.0), use the vzctl package included in wheezy, together with the Wheezy OpenVZ kernels from [http://download.openvz.org/debian/ http://download.openvz.org/debian/]. Alternatively reduced functionality may be possible using the stock Debian Wheezy kernel (based on kernel.org version 3.2) and [[Vzctl_for_upstream_kernel]]. You may also wish to check the information on [http://wiki.debian.org/OpenVz the Debian wiki]. For Etch users, this document explain explains how to partialy partially upgrade to Debian Lenny and install from lenny repositories ('''use this options at your risk''').
== Requirements ==
=== Filesystems ===
It is 's recommended to that you use a separate partition for container privatedirectories (by default <code>/var/lib/vz/private/<CTID></code>). The reason why you should do so for this is that if you wish to use the OpenVZ per-container disk quota, you won't be able to use usual Linux disk quotas on the same partition. Bear in mind that "per-container quota " in this context includes not only pure per-container quota but also the usual Linux disk quota used in container, not on the [[HN]].
At the very least try to avoid using the root partition for containers , because the root user of a container will be able to overcome the 5% disk space barrier in some situations. If the HN root partition is completely filled, it will break the system.
OpenVZ per-container disk quota is supported only for ext2/ext3 filesystems so ; therefore it makes sense to use one of these filesystems (ext3 is recommended) if you need per-container disk quota.
=== Repository setup (Etch only) ===
{{Note|By default, on Ubuntu systems root tasks are executed with [https://help.ubuntu.com/community/RootSudo sudo]}}
This can be achieved by done via the following commands, as root or as privileged "sudo" user
<pre>
# echo -e "\ndeb http://download.openvz.org/debian-systs etch openvz" >> /etc/apt/sources.list
==== 2. Using Debian repositories (upgrade to lenny) ====
There is even an a '''lenny''' repository with kernel 2.6.28. '''Use it at your own risk!'''
Add lenny repositories to your '''/etc/apt/sources.list'''
== Kernel installation ==
=== Wheezy and Lenny ===
=== Etch ===
this command will install latest kernel and all required packages like:
<pre>
</pre>
and will arrange grub bootloader propertlyproperly.
=== Rebooting into OpenVZ kernel ===
There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in <tt>/etc/sysctl.conf</tt> file. Here is the relevant part of the file; please edit it accordingly.
{{Note|vzctl version from debian-systs, automate changing automatically inserts these options at the last of <tt>/etc/sysctl options .conf</tt>, except for openvznet.ipv4.ip_forward}}
<pre>
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1net.ipv4.conf.all.send_redirects = 0
[...]
(Debian vz root directory is /var/lib/vz to be FHS-compliant.}}
# [sudo] ln -s /var/lib/vz /vz
=== OS templates ===
{{Note|Support of OS templates on 64 bit hosts is somewhat limited for the time being, so that not all tools or features are available - please see [[Making template tools to work on x86_64]] and [[Install OpenVZ on a x86 64 system Centos-Fedora]] for additional details and information on possible workarounds}}
To install a container, you need OS template(s).
Precreated templates can be found [http://wiki.openvz.org/Download/template/precreated here] and [http://download.openvz.org/contrib/template/precreated/ here].
You can create your own templates, see
{{Note|Setup your prefered standard OS Template : edit the /etc/vz/vz.conf}}
# [sudo] apt-get install vzctl-ostmpl-debian-5.0-i386-minimal
== Additional User Tools ==
# [sudo] apt-get install vzprocps vzdump
On Debian squeeze, vzdump seems packaged in standard aptline. For lenny, See [[Backup_of_a_running_container_with_vzdump]]
== Secure it ==
Add the following line into vz.conf to activate the respective iptables modules for all containers.
IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"
[[http://wiki.debian.org/DebianFirewall][Configure]] your iptable rules inside the container.
After installing the OpenVZ kernel, user tools and a minimal OS template
to create a first container and do some[[basic operations in OpenVZ environment]]. Read the [[download:doc/OpenVZ-Users-Guide.pdf]], browse this wiki.
[[Category: HOWTO]]
[[Category: Debian]]
[[Category: Installation]]