Difference between revisions of "Installation on Debian 9"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
(Created page with "This document briefly describes the steps needed to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" machine. {{Out|Current commercial version of OpenVZ (Virtuozzo 7)...")
 
(Download OS templates: ctcreate to ctctl)
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
This document briefly describes the steps needed to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" machine.
+
This is a guide to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" (amd64 or i386) machine.
  
{{Out|Current commercial version of OpenVZ ([[Virtuozzo]] 7) is not installable on Debian GNU/Linux because is developed as an independent GNU/Linux distribution}}
+
{{Note|The best and latest Debian version for OpenVZ 6 is [[Installation on Debian 8|Devuan 1.0]], but Debian 9 makes really easy the coexistence of OVZ and unprivileged LXC containers.}}
 +
{{Out|Current commercial version of OpenVZ ([[Virtuozzo]] 7) is not installable on Devuan or Debian because is developed as an independent GNU/Linux distribution}}
  
== Requirements ==
+
= '''Volumes and file systems''' =
  
Debian GNU/Linux without "64bit" feature at Ext4 filesystem.
+
It is recommended to use a separate partition for containers (by default '''/var/lib/vz''') and format it to '''compatible ext4'''.
  
== Filesystem and defaults ==
+
== Ext4 ==
 +
Debian 9 installer (and tools by default) formats Ext4 with new features, and concrete "metadata_csum" is incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with "metadata_csum". Ordered alternatives:
 +
# After a fresh Debian 9 install, remove metadata_csum feature from filesystems.
 +
# Upgrade from Debian 8 to Debian 9 (metadata_csum not inherited)
 +
# Root volume (/ and others) as Ext3 and deploy /var/lib/vz in a later created Ext4 volume, without metadata_csum.
 +
# Use Ext3
  
Debian 9 installer formats Ext4 with new features (64bit metadata_csum) and this is incompatible with OpenVZ6 kernel (initrd cannot mount root). Then it's necessary to boot without requiring the mount of this advanced format. Options:
+
=== How to remove metadata_csum from a mounted partition ===
* Root volume (/) as Ext3 and /var/lib/vz separated in an Ext4
+
If your host altready mounts r/w volumes on boot and you can't tune2fs+e2fsck because volumes are in use, this is the solution (example for /dev/sda1):
* Install Debian 8 (will format without "64bit") and upgrade to Debian 9
+
* First check if the partition is affected.
* Install Debian 9 to a previously formatted Ext4 without "64bit".
+
Volume=/dev/sda1
 +
sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
 +
* If last command didn't return a line with metadata_csum, nothing to do. Otherwise, continue:
 +
echo copy_exec /sbin/e2fsck | sudo tee -a /usr/share/initramfs-tools/hooks/fsck
 +
echo copy_exec /sbin/tune2fs | sudo tee -a /usr/share/initramfs-tools/hooks/fsck
 +
Script=/etc/initramfs-tools/scripts/local-premount/tune
 +
echo '#!/bin/sh' | sudo tee $Script
 +
echo 'if [ "$1" = "prereqs" ] ; then exit 0 ; fi' | sudo tee -a $Script
 +
echo e2fsck -f $Volume | sudo tee -a $Script
 +
echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script
 +
echo e2fsck -f $Volume | sudo tee -a $Script
 +
sudo chmod a+x $Script
 +
sudo update-initramfs -u -k all
 +
* Reboot and check that metadata_csum disappeared:
 +
sudo reboot
 +
(...)
 +
Volume=/dev/sda1
 +
sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
 +
* Restore initrd behaviour
 +
sudo rm /etc/initramfs-tools/scripts/local-premount/tune
 +
sudo apt --reinstall install initramfs-tools-core
 +
sudo update-initramfs -u -k all
 +
This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.
 +
 
 +
=== How to remove metadata_csum from a not mounted partition ===
 +
This procedure can be applied when partition can be mounted readonly
 +
* Example for /dev/sda9
 +
sudo e2fsck -f /dev/sda9
 +
sudo tune2fs -O -metadata_csum /dev/sda9
 +
sudo e2fsck -f /dev/sda9
 +
 
 +
=== How to format a volume to be a compatible Ext4 ===
 +
* Example for /dev/sda9
 +
sudo mkfs -t ext4 -O -metadata_csum /dev/sda9
  
== Partitions and /vz file system ==
+
== btrfs ==
 +
You might want btrfs to use per-directory (subvolume) quotas for other simfs/dir containers, such as LXC. Only vzquota doesn't work on a btrfs volume; for OVZ containers it's better to mount /var/lib/vz to an Ext4 volume.
  
It is recommended to use a separate partition for containers (by default '''/var/lib/vz''') and format it to '''ext4'''.
+
Debian 9 installer (and tools by default) formats btrfs with modern features as: mixed-bg, extref, skinny-metadata, no-holes. All of these are incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with these attributes. Ordered alternatives:
  
== Change Systemd to SystemV ==
+
# Pre-format '''compatible btrfs''' for a fresh Debian 9 install on root volume (/ and others) and deploy /var/lib/vz in a later created Ext4 volume. Debian 9 installer must not format btrfs but "keep existing data" as allowed in manual partitioning stage.
 +
# Use '''compatible Ext4''' volumes and deploy later the secondary btrfs partitions.
  
{{Note|Warning! This operation can make some software to stop working, such as desktop environments.}}
+
=== How to format a volume to be a compatible btrfs ===
 +
* Example for /dev/sda1
 +
sudo mkfs -t btrfs -O ^mixed-bg,^extref,^skinny-metadata,^no-holes /dev/sda1
 +
You must not format btrfs with Debian installer because features cannot be disabled after.
 +
 
 +
= '''Change Systemd to SystemV''' =
 +
 
 +
{{Note|Warning! This operation can make some desktop software to stop working.}}
  
 
  sudo apt install sysvinit-core sysvinit-utils
 
  sudo apt install sysvinit-core sysvinit-utils
Line 26: Line 74:
 
  sudo reboot
 
  sudo reboot
 
  sudo apt --auto-remove remove systemd
 
  sudo apt --auto-remove remove systemd
  echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/systemd
+
  echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/avoid-systemd
  
* Other recipes at [http://without-systemd.org/wiki/index.php/Debian_Stretch without-systemd.org]
+
* More recipes at [http://without-systemd.org/wiki/index.php/Debian_Stretch without-systemd.org]
  
== Register OVZ updated repository ==
+
= '''Register OVZ updated repository''' =
  
 
  RepoFile=/etc/apt/sources.list.d/openvz.list
 
  RepoFile=/etc/apt/sources.list.d/openvz.list
Line 51: Line 99:
 
{{Note|For more info about Debian repositories, see http://download.openvz.org/debian.}}
 
{{Note|For more info about Debian repositories, see http://download.openvz.org/debian.}}
  
== Install packages ==
+
= '''Install packages''' =
  
 
  KPackage="linux-image-openvz-$(dpkg --print-architecture)"
 
  KPackage="linux-image-openvz-$(dpkg --print-architecture)"
  sudo apt --allow-unauthenticated --install-recommends install $KPackage vzdump ploop initramfs-tools
+
  sudo apt --allow-unauthenticated --install-recommends install $KPackage vzdump ploop initramfs-tools dirmngr
 
  if [ ! -d /vz ] ; then sudo ln -s /var/lib/vz/ /vz ; fi
 
  if [ ! -d /vz ] ; then sudo ln -s /var/lib/vz/ /vz ; fi
  
Line 62: Line 110:
 
  VE_STOP_MODE=stop
 
  VE_STOP_MODE=stop
  
== Reboot into OpenVZ kernel ==
+
= '''Reboot into OpenVZ kernel''' =
 +
 
 +
{{Note|At boot manager, in "Advanced options for Debian GNU/Linux", you will find kernels named "2.6.32-openvz". Select the first listed.}}
  
 
  sudo reboot
 
  sudo reboot
  
{{Note|If you don't see a boot manager entry with word "'''openvz'''", you must choose "'''Advanced options'''" to select there first ''openvz'' listed kernel.}}
+
Check the OpenVZ processes are running:
 
 
Check that the OpenVZ processes are running:
 
 
  sudo ps ax | grep -v 'grep' | grep 'vzmond'
 
  sudo ps ax | grep -v 'grep' | grep 'vzmond'
  
 
== Set OpenVZ as default to boot ==
 
== Set OpenVZ as default to boot ==
  
Because of GRUB2 default criteria, default kernel to boot can still be the one from Debian's repository (non OVZ). If you want to change this behaviour, once you've booted fine into OpenVZ kernel, you can remove other unuseful kernels:
+
Because of GRUB2 default criteria, default kernel to boot can still be the one from Debian's repository (non OVZ). Probably you don't want this behaviour; once you've booted fine into OpenVZ kernel, you can remove other unuseful kernels:
  
 
  Packages="$(apt list --installed 'linux-image-*' 2>/dev/null | grep -e '^linux-image-' | grep -ve 'openvz' | cut -f 1 -d '/')"
 
  Packages="$(apt list --installed 'linux-image-*' 2>/dev/null | grep -e '^linux-image-' | grep -ve 'openvz' | cut -f 1 -d '/')"
 
  sudo apt --autoremove remove $Packages
 
  sudo apt --autoremove remove $Packages
  
== Download OS templates ==
+
= Download OS templates =
  
 
This step is optional, vzctl is able to download templates on demand.
 
This step is optional, vzctl is able to download templates on demand.
  
An OS template is a Linux distribution installed into a container
+
An OS template is a GNU distribution for Linux, installed into a container
 
and then packed into a gzipped tarball. Using such a cache, a new container
 
and then packed into a gzipped tarball. Using such a cache, a new container
 
can be created in a minute.
 
can be created in a minute.
Line 94: Line 142:
 
  sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal
 
  sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal
  
Alternatively, you can also download precreated template caches from [http://openvz.org/download/template/cache Downloads » Templates » Precreated], or from one of the [https://mirrors.openvz.org/ mirrors]. Put those tarballs '''as-is (no unpacking needed)''' to the <tt>/vz/template/cache/</tt> directory.
+
Alternatives:
 +
* Download precreated template caches from [[Download/template/precreated|Download » Template » Precreated]] or from one of the [https://mirrors.openvz.org/ mirrors]. Put those tarballs '''as-is (no unpacking needed)''' to the <tt>/vz/template/cache/</tt> directory.
 +
* '''[https://downloads.actiu.net/ctctl/ ctctl]''' helper to create Debian (or derivative) container without template (caches it as a local template). This tool manages unprivileged LXC containers too.
  
== Next steps ==
+
= Next steps =
  
 
OpenVZ is now set up on your machine. Follow on to [[basic operations in OpenVZ environment]] document.
 
OpenVZ is now set up on your machine. Follow on to [[basic operations in OpenVZ environment]] document.
  
== See also ==
+
= See also =
* [[Installation on Debian 8]] oldstable
+
* [[Installation on Debian 8]] (oldstable) or Devuan 1.0 (Jessie, stable, SystemV)
  
 
[[Category: Installation]]
 
[[Category: Installation]]
 
[[Category: HOWTO]]
 
[[Category: HOWTO]]
 
[[Category: Debian]]
 
[[Category: Debian]]

Latest revision as of 09:25, 28 January 2020

This is a guide to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" (amd64 or i386) machine.

Yellowpin.svg Note: The best and latest Debian version for OpenVZ 6 is Devuan 1.0, but Debian 9 makes really easy the coexistence of OVZ and unprivileged LXC containers.
Current commercial version of OpenVZ (Virtuozzo 7) is not installable on Devuan or Debian because is developed as an independent GNU/Linux distribution

Volumes and file systems[edit]

It is recommended to use a separate partition for containers (by default /var/lib/vz) and format it to compatible ext4.

Ext4[edit]

Debian 9 installer (and tools by default) formats Ext4 with new features, and concrete "metadata_csum" is incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with "metadata_csum". Ordered alternatives:

  1. After a fresh Debian 9 install, remove metadata_csum feature from filesystems.
  2. Upgrade from Debian 8 to Debian 9 (metadata_csum not inherited)
  3. Root volume (/ and others) as Ext3 and deploy /var/lib/vz in a later created Ext4 volume, without metadata_csum.
  4. Use Ext3

How to remove metadata_csum from a mounted partition[edit]

If your host altready mounts r/w volumes on boot and you can't tune2fs+e2fsck because volumes are in use, this is the solution (example for /dev/sda1):

  • First check if the partition is affected.
Volume=/dev/sda1
sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
  • If last command didn't return a line with metadata_csum, nothing to do. Otherwise, continue:
echo copy_exec /sbin/e2fsck | sudo tee -a /usr/share/initramfs-tools/hooks/fsck
echo copy_exec /sbin/tune2fs | sudo tee -a /usr/share/initramfs-tools/hooks/fsck
Script=/etc/initramfs-tools/scripts/local-premount/tune
echo '#!/bin/sh' | sudo tee $Script
echo 'if [ "$1" = "prereqs" ] ; then exit 0 ; fi' | sudo tee -a $Script
echo e2fsck -f $Volume | sudo tee -a $Script
echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script
echo e2fsck -f $Volume | sudo tee -a $Script
sudo chmod a+x $Script
sudo update-initramfs -u -k all
  • Reboot and check that metadata_csum disappeared:
sudo reboot
(...)
Volume=/dev/sda1
sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
  • Restore initrd behaviour
sudo rm /etc/initramfs-tools/scripts/local-premount/tune
sudo apt --reinstall install initramfs-tools-core
sudo update-initramfs -u -k all

This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.

How to remove metadata_csum from a not mounted partition[edit]

This procedure can be applied when partition can be mounted readonly

  • Example for /dev/sda9
sudo e2fsck -f /dev/sda9
sudo tune2fs -O -metadata_csum /dev/sda9
sudo e2fsck -f /dev/sda9

How to format a volume to be a compatible Ext4[edit]

  • Example for /dev/sda9
sudo mkfs -t ext4 -O -metadata_csum /dev/sda9

btrfs[edit]

You might want btrfs to use per-directory (subvolume) quotas for other simfs/dir containers, such as LXC. Only vzquota doesn't work on a btrfs volume; for OVZ containers it's better to mount /var/lib/vz to an Ext4 volume.

Debian 9 installer (and tools by default) formats btrfs with modern features as: mixed-bg, extref, skinny-metadata, no-holes. All of these are incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with these attributes. Ordered alternatives:

  1. Pre-format compatible btrfs for a fresh Debian 9 install on root volume (/ and others) and deploy /var/lib/vz in a later created Ext4 volume. Debian 9 installer must not format btrfs but "keep existing data" as allowed in manual partitioning stage.
  2. Use compatible Ext4 volumes and deploy later the secondary btrfs partitions.

How to format a volume to be a compatible btrfs[edit]

  • Example for /dev/sda1
sudo mkfs -t btrfs -O ^mixed-bg,^extref,^skinny-metadata,^no-holes /dev/sda1

You must not format btrfs with Debian installer because features cannot be disabled after.

Change Systemd to SystemV[edit]

Yellowpin.svg Note: Warning! This operation can make some desktop software to stop working.
sudo apt install sysvinit-core sysvinit-utils
# Must boot with SystemV to release Systemd
sudo reboot
sudo apt --auto-remove remove systemd
echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/avoid-systemd

Register OVZ updated repository[edit]

RepoFile=/etc/apt/sources.list.d/openvz.list
RepoUrl=http://download.openvz.org/debian
echo "deb $RepoUrl jessie main" | sudo tee "$RepoFile"
echo "deb $RepoUrl wheezy main" | sudo tee -a "$RepoFile"
wget -qO - http://ftp.openvz.org/debian/archive.key | sudo apt-key add -
sudo apt-get --allow-unauthenticated update

As of July 2017, release key at openvz.org site is invalid, and last command will complain:

W: GPG error: http://download.openvz.org/debian jessie Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC
W: The repository 'http://download.openvz.org/debian jessie Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.openvz.org/debian wheezy Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC
W: The repository 'http://download.openvz.org/debian wheezy Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

You can continue.

Yellowpin.svg Note: For more info about Debian repositories, see http://download.openvz.org/debian.

Install packages[edit]

KPackage="linux-image-openvz-$(dpkg --print-architecture)"
sudo apt --allow-unauthenticated --install-recommends install $KPackage vzdump ploop initramfs-tools dirmngr
if [ ! -d /vz ] ; then sudo ln -s /var/lib/vz/ /vz ; fi
  • Create file /etc/vz/vznet.conf with the following line:
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
  • Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf
VE_STOP_MODE=stop

Reboot into OpenVZ kernel[edit]

Yellowpin.svg Note: At boot manager, in "Advanced options for Debian GNU/Linux", you will find kernels named "2.6.32-openvz". Select the first listed.
sudo reboot

Check the OpenVZ processes are running:

sudo ps ax | grep -v 'grep' | grep 'vzmond'

Set OpenVZ as default to boot[edit]

Because of GRUB2 default criteria, default kernel to boot can still be the one from Debian's repository (non OVZ). Probably you don't want this behaviour; once you've booted fine into OpenVZ kernel, you can remove other unuseful kernels:

Packages="$(apt list --installed 'linux-image-*' 2>/dev/null | grep -e '^linux-image-' | grep -ve 'openvz' | cut -f 1 -d '/')"
sudo apt --autoremove remove $Packages

Download OS templates[edit]

This step is optional, vzctl is able to download templates on demand.

An OS template is a GNU distribution for Linux, installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a minute.

# Register official container templates:
OpenvzKey="$(echo $(sudo gpg --batch --search-keys security@openvz.org 2>&1 | grep -ie ' key.*created' | sed -e 's|key|@|g' | cut -f 2 -d '@') | cut -f 1 -d ' ' | cut -f 1 -d ',')"
sudo gpg --recv-keys $OpenvzKey
sudo vztmpl-dl --gpg-check --list-remote
# Example:
sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal

Alternatives:

  • Download precreated template caches from Download » Template » Precreated or from one of the mirrors. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory.
  • ctctl helper to create Debian (or derivative) container without template (caches it as a local template). This tool manages unprivileged LXC containers too.

Next steps[edit]

OpenVZ is now set up on your machine. Follow on to basic operations in OpenVZ environment document.

See also[edit]