Editing User:Dusty/Debian template creation
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 1: | Line 1: | ||
| + | '''This is just a working area to make sure I've got my facts straight.''' It works great on a Debian hardware node, but not so great on RedHat. We might really have to create a temporary VE instead of using the chroot. Pitty. | ||
| + | --- | ||
| + | |||
| + | These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0). | ||
| + | |||
| + | '''Notes:''' | ||
| + | * You shouldn't be running as root, but as a user that is permitted to use sudo instead. It's a dangerous idea, run as root at your peril. | ||
| + | * Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host. | ||
| + | * Anywhere you see <tt>http://debian.osuosl.org/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors]) | ||
| + | |||
| + | |||
| + | == Prerequisites == | ||
| + | You need to have a working copy of <tt>debootstrap</tt> running on your hardware node. | ||
| + | |||
| + | For Debian: | ||
| + | sudo apt-get install debootstrap | ||
| + | |||
| + | For Gentoo: | ||
| + | sudo emerge debootstrap | ||
| + | |||
| + | For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the [http://forum.openvz.org/index.php?t=tree&th=142&mid=584 OpenVZ Forum]. | ||
| + | |||
| + | == Bootstrapping Debian == | ||
| + | Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location. I'm going to use <tt>/vz/private</tt> for this. | ||
| + | |||
| + | cd /vz/private | ||
| + | |||
| + | Download Debian Etch to a directory called "etch-temp". Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64</tt>. | ||
| + | sudo debootstrap --arch i386 etch etch-temp http://debian.osuosl.org/debian/ | ||
| + | |||
| + | == Inside the template == | ||
| + | The following actions are all performed inside the template. To get inside, run this: | ||
| + | sudo chroot etch-temp | ||
| + | |||
| + | === Set Debian repositories === | ||
| + | cat <<EOF > /etc/apt/sources.list | ||
| + | deb http://debian.osuosl.org/debian/ etch main contrib | ||
| + | deb http://security.debian.org etch/updates main contrib | ||
| + | EOF | ||
| + | |||
| + | === Update and upgrade packages === | ||
| + | This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below. Feel free to add your own. | ||
| + | apt-get update | ||
| + | apt-get upgrade | ||
| + | |||
| + | === Install more packages === | ||
| + | Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example: | ||
| + | apt-get install ssh quota | ||
| + | |||
| + | === Set sane permissions for <tt>/root</tt> directory === | ||
| + | chmod 700 /root | ||
| + | |||
| + | === Disable root login=== | ||
| + | This will disable root login by default. | ||
| + | usermod -L root | ||
| + | |||
| + | === Disable getty === | ||
| + | Disable running <tt>getty</tt>s on terminals as a VE does not have any: | ||
| + | sed -i -e '/getty/d' /etc/inittab | ||
| + | |||
| + | === Disable <tt>sync()</tt> for syslog === | ||
| + | Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance: | ||
| + | sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf | ||
| + | |||
| + | === Fix <tt>/etc/mtab</tt> === | ||
| + | Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and friends will work: | ||
| + | rm -f /etc/mtab | ||
| + | ln -s /proc/mounts /etc/mtab | ||
| + | |||
| + | === Remove some unneeded packages === | ||
| + | If you have any packages you'd like to remove, now's the time for it. Here's an example: | ||
| + | dpkg --purge fortune-mod fortunes-min | ||
| + | |||
| + | === Disable services === | ||
| + | If there are any services you'd like to disable, do that now. Here's an example: | ||
| + | update-rc.d -f klogd remove | ||
| + | |||
| + | === Fix SSH host keys === | ||
| + | This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot. | ||
| + | rm -f /etc/ssh/ssh_host_* | ||
| + | cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys | ||
| + | #!/bin/bash | ||
| + | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N '' | ||
| + | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N '' | ||
| + | rm -f \$0 | ||
| + | EOF | ||
| + | chmod a+x /etc/rc2.d/S15ssh_gen_host_keys | ||
| + | |||
| + | === Clean packages cache === | ||
| + | After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out. | ||
| + | apt-get clean | ||
| + | |||
| + | === Get out of the template === | ||
| + | Now everything is done. Exit from the template and go back to the hardware node. | ||
| + | exit | ||
| + | |||
| + | == Preparing for and packing template cache == | ||
| + | Now create a cached OS tarball. In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, ia64, etc). | ||
| + | |||
| + | cd etch-temp | ||
| + | sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz . | ||
| + | cd .. | ||
| + | |||
| + | Check to make sure the filesize of the resulting tarball is sane: | ||
| + | # ls -lh /vz/template/cache | ||
| + | -rw-r--r-- 1 root root 51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz | ||
| + | |||
| + | == Dispose of the temporary template directory == | ||
| + | You're done with the template directory. Remove it. | ||
| + | sudo rm -Rf etch-temp | ||
| + | |||
| + | == Use your new template == | ||
| + | We can now create a VE based on the just-created template cache. Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above. | ||
| + | |||
| + | sudo vzctl create 123456 --ostemplate debian-4.0-i386-basic | ||
| + | |||
| + | Now make sure that it works: | ||
| + | sudo vzctl start 123456 | ||
| + | sudo vzctl exec 123456 ps ax | ||
| + | |||
| + | You should see that a few processes are running as expected. | ||
| + | |||
| + | == Final cleanup == | ||
| + | Stop and remove the test VE you just created: | ||
| + | sudo vzctl stop 123456 | ||
| + | sudo vzctl destroy 123456 | ||
| + | sudo rm /etc/vz/conf/123456.conf.destroyed | ||