6,534
edits
Changes
add a big fat warning
{{Warning|The majority of the content on this page only applies to older, unsupported Debian versions and is archived on this page for historical reasons only. '''The page you need is [[Installation on Debian]].'''}}
OpenVZ consists of a kernel, user-level tools, and container templates.
This guide tells how to install the kernel and the tools on [http://www.debian.org Debian] Etch and or Lenny/Squeeze.
For Squeeze, use the Lenny directions. For Wheezy (7.0), use the vzctl package included in wheezy, together with the Wheezy OpenVZ kernels from [http://download.openvz.org/debian/ http://download.openvz.org/debian/]. Alternatively reduced functionality may be possible using the stock Debian Wheezy kernel (based on kernel.org version 3.2) and [[Vzctl_for_upstream_kernel]]. You may also wish to check the information on [http://wiki.debian.org/OpenVz the Debian wiki]. For Etch users, this document explain explains how to partialy partially upgrade to Debian Lenny and install from lenny repositories ('''use this options at your risk'''). == Requirements == === Filesystems ===It's recommended that you use a separate partition for container privatedirectories (by default <code>/var/lib/vz/private/<CTID></code>). The reason for this is that if you wish to use the OpenVZ per-container disk quota, you won't be able to use usual Linux disk quotas on the same partition. Bear in mind that "per-container quota" in this context includes not only pure per-container quota but also the usual Linux disk quota used in container, not on the [[HN]]. At the very least try to avoid using the root partition for containers, because the root user of a container will be able to overcome the 5% disk space barrier in some situations. If the HN root partition is completely filled, it will break the system. OpenVZ per-container disk quota is supported only for ext2/ext3 filesystems; therefore it makes sense to use one of these filesystems (ext3 is recommended) if you need per-container disk quota. === Repository setup (Etch only) === '''If you are using Debian Lenny, this step in no longer required. Openvz kernel packages and tools are available on main repository.''' ==== 1. Using openvz.org repositories ==== At the moment two different repositories are online at http://download.openvz.org: ; by Ola Lundqvist <opal@debian.org>: (OpenVZ kernels only): apt-uri http://download.openvz.org/debian ; by Thorsten Schifferdecker <tsd@debian.systs.org>: apt-uri http://download.openvz.org/debian-systs: (Mirror of OpenVZ Repository from http://debian.systs.org/) {{Note|The next steps use the repository at http://download.openvz.org/debian-systs; the actual OpenVZ Tools for Debian exist only as unstable builds, see http://packages.debian.org/vzctl}} {{Note|By default, on Ubuntu systems root tasks are executed with [https://help.ubuntu.com/community/RootSudo sudo]}} This can be done via the following commands, as root or as privileged "sudo" user<pre># echo -e "\ndeb http://download.openvz.org/debian-systs etch openvz" >> /etc/apt/sources.list# wget -q http://download.openvz.org/debian-systs/dso_archiv_signing_key.asc -O- | apt-key add - && apt-get update</pre> ==== 2. Using Debian repositories (upgrade to lenny) ==== There is even a '''lenny''' repository with kernel 2.6.28. '''Use it at your own risk!''' Add lenny repositories to your '''/etc/apt/sources.list'''<pre>deb http://DEBIAN-MIRROR/debian/ testing maindeb http://DEBIAN-MIRROR/debian-security/ testing/updates main</pre> Enlarge apt-cache adding to '''/etc/apt/apt.conf''' this line:<pre>APT::Cache-Limit "100000000";</pre> Give etch package priority over lenny packages. Edit '''/etc/apt/preferences''' and set like this:<pre>Package: *Pin: release a=etchPin-Priority: 700 Package: *Pin: release a=lennyPin-Priority: 650</pre> Then '''apt-get update && apt-get dist-upgrade''' to upgrade to lenny.
== Kernel installation ==
=== Wheezy and Lenny === {{Note|The best kernel to use is [[Download/kernel/rhel6|RHEL6-based]]. Please see [[Install_kernel_from_RPM_on_Debian_6.0]]}} === Etch === ==== 1. Using openvz kernel repositories ==== {{Note|In case you want to recompile the OpenVZ kernel yourself on Debian, see [[Compiling the OpenVZ kernel (the Debian way)]].}} First, you need to choose what kernel you want to install. {| class="wikitable"|+'''OpenVZ Kernel list built with kernel config from http://download.openvz.org'''! Kernel !! Description !! Hardware !! Debian Architecture|-! ovzkernel-2.6.18| uniprocessor| up to 4GB of RAM| i386 and amd64|-! ovzkernel-2.6.18-smp| symmetric multiprocessor| up to 4 GB of RAM| i386 and amd64|-! ovzkernel-2.6.18-enterprise| SMP + PAE support + 4/4GB split| up to 64 GB of RAM| i386 only|} {| class="wikitable"|+'''OpenVZ Kernel list built with official Debian kernel config and OpenVZ Settings'''! Kernel !! Description !! Hardware !! Debian Architecture|-! fzakernel-2.6.18-686| uni- and multiprocessor| up to 4GB of RAM| i386|-! fzakernel-2.6.18-686-bigmem| symmetric multiprocessor| up to 64 GB of RAM| i386|-! fzakernel-2.6.18-amd64| uni- and multiprocessor| | amd64|-|} <pre> Lenny # apt-get install <kernel></pre> ===== Configuring the bootloader ===== In case GRUB is used as the boot loader, it will be configured automatically, or execute update-grub; lines similar to these will be added to the <tt>/boot/grub/menu.lst</tt> file:
<pre>
</pre>
{{Note|per default on debian/ubuntu, a 2.6.22 kernel will boot before a 2.6.18, please check manually the grub boot order. See man update-grub for more details}} === Etch ==Installing the user-level tools ===== OpenVZ needs some user-level tools installed. Those are: ; vzctl: A utility to control OpenVZ containers (create, destroy, start, stop, set parameters etc.); vzquota: A utility to manage quotas for containers. Mostly used indirectly (by vzctl). <pre> # [sudo] apt-get install vzctl vzquota</pre>
==== 2 Using Debian lenny repositories ====
this command will install latest kernel and all required packages like:
<pre>
</pre>
and will arrange grub bootloader propertlyproperly.
=== Rebooting into OpenVZ kernel ===
There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in <tt>/etc/sysctl.conf</tt> file. Here is the relevant part of the file; please edit it accordingly.
{{Note|vzctl version from debian-systs, automate changing automatically inserts these options at the last of <tt>/etc/sysctl options .conf</tt>, except for openvznet.ipv4.ip_forward}}
<pre>
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1net.ipv4.conf.all.send_redirects = 0
[...]
(Debian vz root directory is /var/lib/vz to be FHS-compliant.}}
# [sudo] ln -s /var/lib/vz /vz
=== OS templates ===
{{Note|Support of OS templates on 64 bit hosts is somewhat limited for the time being, so that not all tools or features are available - please see [[Making template tools to work on x86_64]] and [[Install OpenVZ on a x86 64 system Centos-Fedora]] for additional details and information on possible workarounds}}
To install a container, you need OS template(s).
Precreated templates can be found [http://wiki.openvz.org/Download/template/precreated here] and [http://download.openvz.org/contrib/template/precreated/ here].
You can create your own templates, see
{{Note|Setup your prefered standard OS Template : edit the /etc/vz/vz.conf}}
# [sudo] apt-get install vzctl-ostmpl-debian-5.0-i386-minimal
== Additional User Tools ==
# [sudo] apt-get install vzprocps vzdump
On Debian squeeze, vzdump seems packaged in standard aptline. For lenny, See [[Backup_of_a_running_container_with_vzdump]]
== Secure it ==
Add the following line into vz.conf to activate the respective iptables modules for all containers.
IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"
[[http://wiki.debian.org/DebianFirewall][Configure]] your iptable rules inside the container.
If the rules do not show up as you would expect on a physical server then you might not have activated the needed iptables modules.
== Start it! ==
# [sudo] /etc/init.d/vz start
This does not make the vz system automatically start at boot time. For automatic start:
# [sudo] update-rc.d vz defaults 98
== Use it! ==
After installing the OpenVZ kernel, user tools and a minimal OS template
to create a first container and do some [[basic operations in OpenVZ environment]]. Read the [[download:doc/OpenVZ-Users-Guide.pdf]], browse this wiki.
[[Category: HOWTO]]
[[Category: Debian]]
[[Category: Installation]]