Difference between revisions of "User:Dusty/Debian template creation"
(New page: (this is just a working area to make sure I've got my facts straight) These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to c...) |
m |
||
| Line 17: | Line 17: | ||
sudo emerge debootstrap | sudo emerge debootstrap | ||
| − | For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available | + | For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the [http://forum.openvz.org/index.php?t=tree&th=142&mid=584 OpenVZ Forum]. |
== Bootstrapping Debian == | == Bootstrapping Debian == | ||
Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location. I'm going to use <tt>/vz/private</tt> for this. | Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location. I'm going to use <tt>/vz/private</tt> for this. | ||
| − | + | cd /vz/private | |
Download Debian Etch to a directory called "etch-temp": | Download Debian Etch to a directory called "etch-temp": | ||
| Line 53: | Line 53: | ||
apt-get install ssh quota | apt-get install ssh quota | ||
| − | === | + | === Set sane permissions for <tt>/root</tt> directory === |
chmod 700 /root | chmod 700 /root | ||
Revision as of 04:08, 10 April 2007
(this is just a working area to make sure I've got my facts straight)
These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ VEs based on Debian Etch (4.0).
Notes:
- You shouldn't be running as root, but as a user that is permitted to use sudo instead. Even though it's a dangerous idea, run as root at your peril.
- Anywhere you see /vz, you might really need to use /var/lib/vz instead, especially on a Debian Etch host.
- Anywhere you see http://debian.oregonstate.edu/debian/, you can substitute your favorite Debian mirror. (List of official Debian Mirrors)
Contents
- 1 Prerequisites
- 2 Bootstrapping Debian
- 3 Inside the template
- 3.1 Set Debian repositories
- 3.2 Update and upgrade packages
- 3.3 Install more packages
- 3.4 Set sane permissions for /root directory
- 3.5 Disable root login
- 3.6 Disable getty
- 3.7 Disable sync() for syslog
- 3.8 Fix /etc/mtab
- 3.9 Remove some unneeded packages
- 3.10 Disable services
- 3.11 Fix SSH host keys
- 3.12 Clean packages cache
- 3.13 Get out of the template
- 4 Preparing for and packing template cache
- 5 Dispose of the temporary template directory
- 6 Use your new template
- 7 Final cleanup
Prerequisites
You need to have a working copy of debootstrap running on your hardware node.
For Debian:
sudo apt-get install debootstrap
For Gentoo:
sudo emerge debootstrap
For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the OpenVZ Forum.
Bootstrapping Debian
Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, /tmp might be set noexec which would mean you'd have to use some other location. I'm going to use /vz/private for this.
cd /vz/private
Download Debian Etch to a directory called "etch-temp":
sudo debootstrap etch etch-temp http://debian.oregonstate.edu/debian/
Or you can (but probably shouldn't need to) specify the architecture manually using one of these commands instead:
To specify i386/x86 architecture:
sudo debootstrap --arch i386 etch etch-temp http://debian.oregonstate.edu/debian/
For AMD64/x86_64, use amd64 instead of i386. For ia64, use ia64.
Inside the template
The following actions are all performed inside the template. To get inside, run this:
sudo chroot etch-temp
Set Debian repositories
cat <<EOF > /etc/apt/sources.list deb http://debian.oregonstate.edu/debian etch main contrib deb http://security.debian.org etch/updates main contrib EOF
Update and upgrade packages
This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below. Feel free to add your own.
apt-get update apt-get upgrade
Install more packages
Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:
apt-get install ssh quota
Set sane permissions for /root directory
chmod 700 /root
Disable root login
This will disable root login by default.
usermod -L root
Disable getty
Disable running gettys on terminals as a VE does not have any:
sed -i -e '/getty/d' /etc/inittab
Disable sync() for syslog
Turn off doing sync() on every write for syslog's log files, to improve I/O performance:
sed -i -e 's@\(space:\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
Fix /etc/mtab
Link /etc/mtab to /proc/mounts, so df and friends will work:
rm -f /etc/mtab ln -s /proc/mounts /etc/mtab
Remove some unneeded packages
If you have any packages you'd like to remove, now's the time for it. Here's an example:
dpkg --purge fortune-mod fortunes-min
Disable services
If there are any services you'd like to disable, do that now. Here's an example:
update-rc.d -f klogd remove
Fix SSH host keys
This is only useful if you installed SSH. Each individual VE should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot.
rm -f /etc/ssh/ssh_host_* cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys #!/bin/bash ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N rm -f \$0 EOF chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
Clean packages cache
After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
apt-get clean
Get out of the template
Now everything is done. Exit from the template and go back to the hardware node.
exit
Preparing for and packing template cache
Now create a cached OS tarball. In the command below, you'll want to replace i386 with your architecture (i386, amd64, ia64, etc).
cd etch-temp sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz .
Check to make sure the filesize of the resulting tarball is sane:
# ls -lh /vz/template/cache -rw-r--r-- 1 root root 51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz
Dispose of the temporary template directory
You're done with the template directory. Remove it.
sudo rm -Rf etch-temp
Use your new template
We can now create a VE based on the just-created template cache. Be sure to change i386 to your architecture just like you did when you named the tarball above.
sudo vzctl create 12345 --ostemplate debian-4.0-i386-basic
Now make sure that it works:
sudo vzctl start 12345 sudo vzctl exec 12345 ps ax
You should see that a few processes are running as expected.
Final cleanup
Stop and remove the test VE you just created:
sudo vzctl stop 12345 sudo vzctl destroy 12345
