Difference between revisions of "Installation on Debian/old"
(disable CONFIG_SECURITY) |
(up'ed the title, since it's common to all installations + new way for Debian network options) |
||
| Line 277: | Line 277: | ||
| − | + | = modify needed settings = | |
| − | + | If you want network access for the virtual server then you need to enable IP forwarding. | |
| − | + | An old (before Etch) Debian Way: set "ip_forward" to yes in /etc/network/option. | |
# editor /etc/network/options | # editor /etc/network/options | ||
| + | The new (from Etch) standard way is to use sysctl for this (see below). | ||
| Line 311: | Line 312: | ||
<pre> | <pre> | ||
INFO: # man 5 interfaces (to read more about debian's network interface configuration for ifup and ifdown) | INFO: # man 5 interfaces (to read more about debian's network interface configuration for ifup and ifdown) | ||
| − | INFO: | + | INFO: It is recommanded to add the magic-sysrq key, to your /etc/sysctl.conf |
</pre> | </pre> | ||
Revision as of 06:59, 2 May 2007
Sarge-Dapper (OldStable)
The OpenVZ packages at http://debian.systs.org/ aimed to install OpenVZ in a easy way, some task are done on install process!
edit apt source settings
Add to your "/etc/apt/sources.list"
deb http://debian.systs.org/ sarge openvz
and get the new package lists
# apt-get update
precompiled kernel images at debian.systs.org (dso)
The kernel-images on debian.systs.org (dso) use the same kernel-config taken from OpenVZ. (most kernel-modules are built-in!)
If there is more than one CPU available (or a CPU with hyperthreading), use the kernel-smp deb. If there is more than 4 Gb of RAM available, use the kernel-enterprise deb. Otherwise, use the plain kernel deb (kernel).
| Kernel type | Description | Hardware | Use case |
|---|---|---|---|
| - | uniprocessor | up to 4GB of RAM | |
| -smp | symmetric multiprocessor | up to 4 GB of RAM | 10-20 VPSs |
| -entnosplit | SMP + PAE support | up to 64 GB of RAM | 10-30 VPSs |
| -enterprise | SMP + PAE support + 4/4GB split | up to 64 GB of RAM | >20-30 VPSs |
kernel-image: i368 and amd64
ovzkernel-2.6.9 ovzkernel-2.6.9-enterprise ovzkernel-2.6.9-entnosplit ovzkernel-2.6.9-smp ovzkernel-2.6.18 ovzkernel-2.6.18-enterprise ovzkernel-2.6.18-smp
i386 only:
ovzkernel-2.6.18-enterprise
OpenVZ tool(s) for i386 and amd64
vzctl vzquota vzprocps vzdump
template(s) for i368 and amd64 : Debian 3.1 Minimal
vzctl-ostmpl-debian
installing the kernel-images, toolset and debian-os-template
Example: install the stable OpenVZ kernel, tools and Debian OS Template
# aptitude install ovzkernel-2.6.9 vzctl vzquota vzdump vzctl-ostmpl-debian
Maybe you need to update your "linux-loader" (can be configured at /etc/kernel-img.conf)
for the "GRUB":
# /sbin/grub-update
Reboot in your new Debian Stable OpenVZ System
# reboot
That's all :-)
Now it's time to setup your VE's with the minimal Debian-3.1 Template, create new one or download another precreated OS-Template.
Etch (Stable)
OpenVZ is now a part of Debian Etch repository.
install the kernel-image
precompiled kernel images at download.openvz.org
Can be found at http://download.openvz.org/kernel/debian/etch/
List of precompiled kernel-images linux-image-2.6.18-openvz-486_02_i386.deb linux-image-2.6.18-openvz-686_02_i386.deb linux-image-2.6.18-openvz-amd64_01_amd64.deb linux-image-2.6.18-openvz-ia64_01_ia64.deb linux-image-2.6.18-openvz-k7_02_i386.deb linux-image-2.6.18-openvz-sparc64-smp_01_sparc.deb linux-image-2.6.18-openvz-sparc64_01_sparc.deb
Example: Installing an OpenVZ precompiled Debian Kernel-Image for an i686:
# wget http://download.openvz.org/kernel/debian/etch/linux-image-2.6.18-openvz-686_02_i386.deb # dpkg -i linux-image-2.6.18-openvz-686_02_i386.deb
precompiled kernel images at debian.systs.org
Add to your "/etc/apt/sources.list"
deb http://debian.systs.org/ etch openvz
Add the signing key of debian.systs.org (dso) apt-keyring, (need root permissions)
# wget http://debian.systs.org/dso_archiv_signing_key.asc -q -O - | apt-key add -
and get the new package lists
# apt-get update
linux-image (version 028stab023.1):
ovzkernel-2.6.18 (i386 and amd64) ovzkernel-2.6.18-smp (i386 and amd64) ovzkernel-2.6.18-enterprise only (i386)
# apt-get install <linux-image>
or build your own kernel-image (debian way)
To install the kernel-source and the OpenVZ kernel patch, run:
# apt-get install kernel-package linux-source-2.6.18 kernel-patch-openvz libncurses5-dev
Unpack the kernel-source:
# cd /usr/src # tar xjf linux-source-2.6.18.tar.bz2 # cd linux-source-2.6.18
You need a kernel config.
You can use the config of the debian-kernel:
# cp /boot/config-2.6.18-3-686 .config
Or get a 2.6.18 kernel config from http://download.openvz.org/kernel/devel/current/configs/
# wget http://download.openvz.org/kernel/devel/current/configs/kernel-2.6.18-028test010-i686.config.ovz -O .config
Now you can apply openvz kernel patch and modify your kernel-config:
# ../kernel-patches/all/apply/openvz # make menuconfig
You need following OpenVZ kernel config settings:
(taken from a OpenVZ Kernel 2.6.18-028test010.1 on 686) Filesystem \_ [*] Second extended fs support (CONFIG_EXT2_FS) \_ [*] Ext3 journalling file system support (CONFIG_EXT3_FS) \_ [*] Quota Support (CONFIG_QUOTA) \_ [*] Compatibility with older quotactl interface (CONFIG_QUOTA_COMPAT) \_ [*]Quota format v2 support (CONFIG_QFMT_V2) \_ [*] VPS filesystem (CONFIG_SIM_FS) \_ [*] Virtuozzo Disk Quota support (CONFIG_VZ_QUOTA) \-> [*] Per-user and per-group quota in Virtuozzo quota partitions (VZ_QUOTA_UGID) Security \->[ ] Enable different security models OpenVZ ... (what else :-) \_[*] Virtual Environment support (CONFIG_VE) \_ <M> VE calls interface (CONFIG_VE_CALLS) \_ <M> VE networking (CONFIG_VE_NETDEV) \_ <M> Virtual ethernet device (CONFIG_VE_ETHDEV) \_ <M> VE device (CONFIG_VZ_DEV) \_ [*] VE netfiltering (CONFIG_VE_IPTABLES) \_ <M> VE watchdog module (CONFIG_VZ_WDOG) \_ <M> Checkpointing & restoring Virtual Environments (CONFIG_VZ_CHECKPOINT) User resources ... (User Beancounters) \_ [*] Enable user resource accounting (CONFIG_USER_RESOURCE) \_ [*] Account physical memory usage ( CONFIG_USER_RSS_ACCOUNTING) \_ [*] Account disk IO (CONFIG_UBC_IO_ACCT) \_ [*] Account swap usage (CONFIG_USER_SWAP_ACCOUNTING) \_ [*] Report resource usage in /proc (CONFIG_USER_RESOURCE_PROC) \_ [*] User resources debug features (CONFIG_UBC_DEBUG) \_ [*] Debug kmemsize with cache counters (CONFIG_UBC_DEBUG_KMEM)
INFO: Better to build the kernel-headers as well, so afterward other kernel-modules can
built without whole kernel tree (e.g. drbd -> drbd0.7-module-source)
See also :
# make-kpkg --targets
Compile your Kernel (as user root, or you need the --rootcmd!)
# make-kpkg --append_to_version=-1-openvz --added_patches=openvz --revision=1 --initrd binary-arch or all above with one step # make-kpkg --append_to_version=-1-openvz --added_patches=openvz --revision=1 --initrd --config menuconfig binary-arch
Install the kernel and update initramfs:
# dpkg -i ../linux-image-2.6.18-1-openvz_1_i386.deb # update-initramfs -c -k 2.6.18-1-openvz
INFO: update-initramfs is done, when make-kpkg is use with --initrd option INFO: update-grub can be configured by /etc/kernel-img.conf
Update the bootloader (when not done above)
GRUB :
# /usr/sbin/update-grub
INFO: since the Debian ETCH-release the location of update-grub is moved from /sbin/update-grub to /usr/sbin/update-grub !
install the toolset
You need the toolset for manage-ing OpenVZ Virtual Enviromennt (VE)
# apt-get install vzctl vzquota
modify needed settings
If you want network access for the virtual server then you need to enable IP forwarding.
An old (before Etch) Debian Way: set "ip_forward" to yes in /etc/network/option.
# editor /etc/network/options
The new (from Etch) standard way is to use sysctl for this (see below).
In some cases you may need to enable proxy_arp for the network devices that you want your virtual hosts to be accessible on.
You can add this to a specific interface in the network configuration (/etc/network/interfaces) by the following lines, replace %DEV% with your device name (ie. eth0).
Example:
[...]
# device: %DEV%
iface %DEV% inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
up sysctl -w net.ipv4.conf.%DEV%.proxy_arp=0
pre-down sysctl -w net.ipv4.conf.%DEV%.proxy_arp=1
[...]
or use the /etc/network/if-up/ and /etc/network/if-down.d/ directories.
INFO: # man 5 interfaces (to read more about debian's network interface configuration for ifup and ifdown) INFO: It is recommanded to add the magic-sysrq key, to your /etc/sysctl.conf
a (plain) OpenVZ Linux Way:
Add settings to "/etc/sysctl.conf"
# On Hardware Node we generally need # packet forwarding enabled and proxy arp disabled net.ipv4.ip_forward = 1 net.ipv4.conf.default.proxy_arp = 0 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # Enables the magic-sysrq key kernel.sysrq = 1 # TCP Explict Congestion Notification # net.ipv4.tcp_ecn = 0 # we do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0
INFO: Suggestion: Please make a symlink from /var/lib/vz to /vz as backward compability to Main OpenVZ (Debian vz root directory is installed FHS-like to /var/lib/vz) # ln -s /var/lib/vz /vz
Before you restart your Server, keep in mind, that your system has all needed modules enabled; booting from your harddisk (e.g. hardware modules, raid system(s), lvm2 etc). May you need a INITRD (initramdisk) or compile needed kernel modules statically in.
# reboot
That's all!
Now it's time to create a OS Template or download another precreated OS-Template.
INFO: Suggestions: Setup your default OS Template in /etc/vz/vz.conf
