|
|
| Line 1: |
Line 1: |
| − | '''This is just a working area to make sure I've got my facts straight.''' It works great on a Debian hardware node, but not so great on RedHat. We might really have to create a temporary VE instead of using the chroot. Pitty.
| |
| | | | |
| − | ---
| |
| − |
| |
| − | These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ [[VE]]s based on Debian Etch (4.0).
| |
| − |
| |
| − | '''Notes:'''
| |
| − | * You shouldn't be running as root, but as a user that is permitted to use sudo instead. It's a dangerous idea, run as root at your peril.
| |
| − | * Anywhere you see <tt>/vz</tt>, you might really need to use <tt>/var/lib/vz</tt> instead, especially on a Debian Etch host.
| |
| − | * Anywhere you see <tt>http://debian.osuosl.org/debian/</tt>, you can substitute your favorite Debian mirror. ([http://www.debian.org/mirror/list List of official Debian Mirrors])
| |
| − |
| |
| − |
| |
| − | == Prerequisites ==
| |
| − | You need to have a working copy of <tt>debootstrap</tt> running on your hardware node.
| |
| − |
| |
| − | For Debian:
| |
| − | sudo apt-get install debootstrap
| |
| − |
| |
| − | For Gentoo:
| |
| − | sudo emerge debootstrap
| |
| − |
| |
| − | For other distros you might need to install it from sources, or search for an appropriate package for your distribution. An RPM is available on the [http://forum.openvz.org/index.php?t=tree&th=142&mid=584 OpenVZ Forum].
| |
| − |
| |
| − | == Bootstrapping Debian ==
| |
| − | Change to a directory where you'll have about 200MB of usable space and the ability to run executables. Depending on your configuration, <tt>/tmp</tt> might be set <tt>noexec</tt> which would mean you'd have to use some other location. I'm going to use <tt>/vz/private</tt> for this.
| |
| − |
| |
| − | cd /vz/private
| |
| − |
| |
| − | Download Debian Etch to a directory called "etch-temp". Specify your architecture instead of <tt>i386</tt> if you're using something other than i386/x86. For example, for AMD64/x86_64, use <tt>amd64</tt> or for ia64, use <tt>ia64</tt>.
| |
| − | sudo debootstrap --arch i386 etch etch-temp http://debian.osuosl.org/debian/
| |
| − |
| |
| − | == Inside the template ==
| |
| − | The following actions are all performed inside the template. To get inside, run this:
| |
| − | sudo chroot etch-temp
| |
| − |
| |
| − | === Set Debian repositories ===
| |
| − | cat <<EOF > /etc/apt/sources.list
| |
| − | deb http://debian.osuosl.org/debian/ etch main contrib
| |
| − | deb http://security.debian.org etch/updates main contrib
| |
| − | EOF
| |
| − |
| |
| − | === Update and upgrade packages ===
| |
| − | This will update the available packages list, upgrade installed packages with security updates, and install the new packages that are listed below. Feel free to add your own.
| |
| − | apt-get update
| |
| − | apt-get upgrade
| |
| − |
| |
| − | === Install more packages ===
| |
| − | Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example:
| |
| − | apt-get install ssh quota
| |
| − |
| |
| − | === Set sane permissions for <tt>/root</tt> directory ===
| |
| − | chmod 700 /root
| |
| − |
| |
| − | === Disable root login===
| |
| − | This will disable root login by default.
| |
| − | usermod -L root
| |
| − |
| |
| − | === Disable getty ===
| |
| − | Disable running <tt>getty</tt>s on terminals as a VE does not have any:
| |
| − | sed -i -e '/getty/d' /etc/inittab
| |
| − |
| |
| − | === Disable <tt>sync()</tt> for syslog ===
| |
| − | Turn off doing <tt>sync()</tt> on every write for <tt>syslog</tt>'s log files, to improve I/O performance:
| |
| − | sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
| |
| − |
| |
| − | === Fix <tt>/etc/mtab</tt> ===
| |
| − | Link <tt>/etc/mtab</tt> to <tt>/proc/mounts</tt>, so <tt>df</tt> and friends will work:
| |
| − | rm -f /etc/mtab
| |
| − | ln -s /proc/mounts /etc/mtab
| |
| − |
| |
| − | === Remove some unneeded packages ===
| |
| − | If you have any packages you'd like to remove, now's the time for it. Here's an example:
| |
| − | dpkg --purge fortune-mod fortunes-min
| |
| − |
| |
| − | === Disable services ===
| |
| − | If there are any services you'd like to disable, do that now. Here's an example:
| |
| − | update-rc.d -f klogd remove
| |
| − |
| |
| − | === Fix SSH host keys ===
| |
| − | This is only useful if you installed SSH. Each individual [[VE]] should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created [[VE]] to create new SSH keys on first boot.
| |
| − | rm -f /etc/ssh/ssh_host_*
| |
| − | cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
| |
| − | #!/bin/bash
| |
| − | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
| |
| − | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
| |
| − | rm -f \$0
| |
| − | EOF
| |
| − | chmod a+x /etc/rc2.d/S15ssh_gen_host_keys
| |
| − |
| |
| − | === Clean packages cache ===
| |
| − | After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out.
| |
| − | apt-get clean
| |
| − |
| |
| − | === Get out of the template ===
| |
| − | Now everything is done. Exit from the template and go back to the hardware node.
| |
| − | exit
| |
| − |
| |
| − | == Preparing for and packing template cache ==
| |
| − | Now create a cached OS tarball. In the command below, you'll want to replace <tt>i386</tt> with your architecture (i386, amd64, ia64, etc).
| |
| − |
| |
| − | cd etch-temp
| |
| − | sudo tar -zcf /vz/template/cache/debian-4.0-i386-basic.tar.gz .
| |
| − | cd ..
| |
| − |
| |
| − | Check to make sure the filesize of the resulting tarball is sane:
| |
| − | # ls -lh /vz/template/cache
| |
| − | -rw-r--r-- 1 root root 51M Apr 10 03:16 debian-4.0-i386-basic.tar.gz
| |
| − |
| |
| − | == Dispose of the temporary template directory ==
| |
| − | You're done with the template directory. Remove it.
| |
| − | sudo rm -Rf etch-temp
| |
| − |
| |
| − | == Use your new template ==
| |
| − | We can now create a VE based on the just-created template cache. Be sure to change <tt>i386</tt> to your architecture just like you did when you named the tarball above.
| |
| − |
| |
| − | sudo vzctl create 123456 --ostemplate debian-4.0-i386-basic
| |
| − |
| |
| − | Now make sure that it works:
| |
| − | sudo vzctl start 123456
| |
| − | sudo vzctl exec 123456 ps ax
| |
| − |
| |
| − | You should see that a few processes are running as expected.
| |
| − |
| |
| − | == Final cleanup ==
| |
| − | Stop and remove the test VE you just created:
| |
| − | sudo vzctl stop 123456
| |
| − | sudo vzctl destroy 123456
| |
| − | sudo rm /etc/vz/conf/123456.conf.destroyed
| |
