You have to have a <code>debootstrap </code> working for Gutsy, i.e. you should have* <code>debootstrap </code> and its dependencies* <code>/usr/lib/debootstrap/scripts/gutsy </code> file

The simplest way to have it all is to work on an Ubunty Ubuntu Gutsy system (be it on a real machine or inside a VEcontainer). If you don't have <code>debootstrap </code> installed, this is the command to install it:

You need vzctl-3.0.19 22 or later to work with Ubuntu Gutsy Gibbon. If vzctl-3.0.18 or earlier is used, you will not be able to run your VEUbuntu Gutsy container. See {{bug|662}} for details. Note: Older versions of vzctl are working if you install <code>sysvinit</code> (which will remove <code>upstart</code>). The only problem I had was the network did not start, so I added "/etc/init.d/networking restart" to /etc/re.local.

Create some a working directory:

[HW]# mkdir gutsy-chroot

[HW]# debootstrap [--arch ''ARCH''] gutsy gutsy-chroot  If ARCH of CT0 is equal to container, you can skip the --arch option, but if you need to build an OS template for another ''ARCH'', specify it explicitly:* for AMD64/x86_64, use <code>amd64</code>* for IA64, use <code>ia64</code>* for i386 <code>i386</code> === Preparing/starting a container ===

If ARCH of VE0 is equal to VENow then you have an installation created by <code>debootstrap</code>, than you can skip run it as a container. In the arch option, but if example below CT ID of 777 is used; of course you need to build a VZ OS Template with another ARCH arch can be:use any other non-allocated ID.

Substitute your architecture {{Note|an alternative way is using chroot instead of ''ARCH'':running a container. This is not recommended because of security concerns.}}

Without createing a running VE for building a VE OS Template it's another way : # mv gutsy-chroot/vz/private/777

==== Setting container config ====An initial config for the [[VE0container]]is needed: # cd gutsyvzctl set 777 -chroot; chroot -applyconfig vps./basic --save

==== Setting container OSTEMPLATE ====Also, we need <code>OSTEMPLATE</code> to be set in container configuration file, for the [[VEvzctl]]# mount -t proc none /procto work properly.

=== Remove unneeded packages =Setting container IP address ====For the [[container]] to be able to download updates from the Internet, we need a valid IP address for it: # vzctl set 777 --ipadd x.x.x.x --save

Some packages does not make sense {{Note|if you use private IP for the container, you have to set up NAT as described in a VE[[Using NAT for container with private IPs]]. Remove those:}}

==== Setting DNS server for the container ====For the [[container]] to be able to download updates from the Internet, we also need to specify a DNS for it: # vzctl set 777 --nameserver x.x.x.x --save Instead of <code>x.x.x.x</code>, specify the same IP that you have in your <code>/etc/resolv.conf</code>. ==== Starting container ====Now start the container: # vzctl start 777 === Modify the installation === You have to do some things in order to modify the installation to better suit the environment it will be run in (i.e. a container). First, enter a container: # vzctl enter 777 {{Warning|Do not run the commands below on the hardware node, they are only to be run within the container!}}==== Remove unneeded packages ==== Some packages does not make sense in a container, or are really optional. Remove those:  [VEcontainer]# dpkg -P ubuntu-minimal wpasupplicant wireless-tools \

ntpdateeject libasound2 pciutils tasksel tasksel-data \ laptop-detect {{Note|On removing the deb-package "module-init-tools", a fake-modprobe is needed for IPv6 addresses, see below!}} Note that the above list of packages may be too extensive. Say, if you want to use <code>tasksel</code> tool, do not remove it — but then you have to let laptop-detect stay.

[VEcontainer]# rm -fr /lib/udev

==== Disable getty ====On a usual Linux system, <code>getty </code> is running on a virtual terminals, which a VE container does not have. So, having <code>getty</code> running doesn't make sense; more to say, it complains it can not open terminal device and this clutters the logs.

There are So, first of all we stop all <code>getty</code> processes:  [container]# initctl stop tty{1,2,3,4,5,6} Next, we disable running <code>getty</code>. This can be done in two ways to disable it:

[VEcontainer]# rm /etc/event.d/tty*

[VEcontainer]# dpkg -P system-services Second way can be dangerous for future versions of <code>system-services</code>, but it's OK for now since the only service they carry is running <code>getty</code>s. ==== Set sane permissions for /root directory ====

=== Set sane permissions for /= Disable root directory login ====

[VEcontainer]# chmod 700 /usermod -L root

=== Disable root login = "fake-modprobe" needed for IPv6 addresses ====

[VEcontainer]# usermod ln -L roots /bin/true /sbin/modprobe

==== Get new security updates ====  [VEcontainer]# apt-get update && apt-get upgrade

==== Install some more packages ====

[VEcontainer]# apt-get install ssh quota

==== Fix SSH host keys ====This is only useful if you installed SSH above. Each individual [[VEcontainer]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VEcontainer]] to create new SSH keys on first boot.

 ==== Disable <code>sync()</code> for syslog ====

<pre>[VEcontainer]# sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf</pre>

==== Fix <code>/etc/mtab</code> ====

[VEcontainer]# rm -f /etc/mtab [VEcontainer]# ln -s /proc/mounts /etc/mtab

[VEcontainer]# update-rc.d -f mtab.sh remove ==== Disable some services ==== In most of the cases you don't want klogd to run -- the only exception is if you configure iptables to log some events -- so you can disable it:  [container]# update-rc.d -f klogd remove ==== Hostname ====Set proper hostname: [container]# echo "localhost" > /etc/hostname ==== Set /etc/hosts ====

[VE]# sed -ie '==== Add ptys to /tmpfs/d' /etc/init.d/mountkernfs.shdev ====

Remove DNS entries: [container]# > /etc/resolv.conf ==== Clean packages ====

[VEcontainer]# apt-get clean

[VEcontainer]# echo "localhost" > cd /etcvar/hostnamelog [VEcontainer]# echo "127> messages; > auth.0log; > kern.log; > bootstrap.0log [container]# > dpkg.1 localhostlog; > syslog; > daemon.localdomain localhost" log; > apt/etc/hoststerm.log [container]# rm -f *.0 *.1

Remove DNS entries:==== Anything else? ==== [VE]# > /etc/resolvThink of what else could be done to better suit your needs.conf

[VEcontainer]# umount exit == Preparing for and packing template cache == The following commands are to be run in the host system (i.e. not inside a container). We don't need an IP for the container anymore, and we definitely do not need it in template cache, so remove it: [HW]# vzctl set 777 --ipdel all --save Stop the container: [HW]# vzctl stop 777 Change dir to the container private: [HW]# cd /vz/private/777 Now create a cached OS tarball. In the command below, you'll want to replace <arch> with your architecture (i386, amd64, ia64, etc). '''Note the space and the dot at the end of the command'''. [HW]# tar --numeric-owner -czf /vz/template/cache/ubuntu-7.10-<arch>-minimal.tar.gz . Look at the resulting tarball to see its size is sane: # ls -lh /vz/template/cache -rw-r--r-- 1 root root 53M Nov 15 12:40 ubuntu-7.10-i386-minimal.tar.gz == Testing template cache ==We can now create a container based on the just-created template cache. Be sure to change <tt>i386</proctt> to your architecture just like you did when you named the tarball above. [VEHW]# exitvzctl create 123456 --ostemplate ubuntu-7.10-<arch>-minimal Now make sure that your new container it works: [HW]# vzctl start 123456 [HW]# vzctl exec 123456 ps axf

== Build precreated VZ OS Template == [VE0]# tar -xzf /var/lib/vz/template/cache/ubuntu-7You should see that a few processes are running.10-<arch>-minimal.tar.gz ./

== Update a VE OS Template Final cleanup ==Stop and remove the test container you just created: [HW]# vzctl stop 123456 Chroot to your debstrapped system[HW]# vzctl destroy 123456 [VE0HW]# cd <dir>; chroot rm -f /etc/vz/conf/123456./conf.destroyed

Finally, let's remove the container we used for OS template cache creation: Update and Install updates[HW]# vzctl destroy 777 [VEHW] # apt-get update && aptrm -get upgradef /etc/vz/conf/777.conf.destroyed

Clean unused log files, .bash_history etc. See [VE[Updating Ubuntu template] # exit Build your updated VE OS Template [VE0]# tar -xzf /var/lib/vz/template/cache/ubuntu-7.10-<arch>-minimal.tar.gz ./