Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th January 2011, 08:09
CSsab CSsab is offline
Senior Member
 
Join Date: Apr 2010
Posts: 174
Thanks: 19
Thanked 32 Times in 27 Posts
Default LXC containers as VM's for ISPConfig 3 - First steps & quick start.

These steps work well on a Debian Lenny 5.0 container.
After logging into the container for the first time:

1. Type passwd and enter your new UNIX password.

2. Configure locales: dpkg-reconfigure locales Select your language from the long list. NOTE: Should be in utf8 format and the default for the container.
Clear out your locales cache: apt-get install localepurge
Then run localepurge

3. Configure local time. VERY IMPORTANT if you want to avoid problems with syncing timestamped files later (yikes!). Do this: dpkg-reconfigure tzdata and select correct timezone. Then run this diff -s /etc/localtime /usr/share/zoneinfo/`cat /etc/timezone` .. these should be the same and when you "poweroff" from the console you should see local time being correctly reported.

4. apt-get install vim-nox

5. Get a decent set of sources from here: http://debgen.simplylinux.ch/ -include "main", "security" and "volatile" repos.
vi /etc/apt/sources.list
Paste your new sources in and save.
apt-get update
apt-get upgrade


6. vi /etc/network/interfaces and set up a static ip for the container as you normally would.
/etc/init.d/networking restart
check the output of ifconfig - your network should reflect your changes.

7. vi /etc/hosts - write out the hosts file as you normally would - note that this will be a new file since the default container doesn't have a hosts file.
echo hostname.example.tld > /etc/hostname
/etc/init.d/hostname.sh start

The output of hostname and hostname -f should now be hostname.example.tld

-----------------------
You should be good to go now with installing a base system for use in a multiserver setup although the master server (with quota installed) will still have to reside on the host server/physical machine unless you customize your fstab in the container.
-----------------------
Regards.
Reply With Quote
The Following 3 Users Say Thank You to CSsab For This Useful Post:
falko (15th January 2011), SamTzu (18th October 2011), till (14th January 2011)
Sponsored Links
  #2  
Old 20th January 2011, 03:14
CSsab CSsab is offline
Senior Member
 
Join Date: Apr 2010
Posts: 174
Thanks: 19
Thanked 32 Times in 27 Posts
Default Additional base packages

I have found that installing the following packages right at the start is helpful later down the track:

apt-get install vim-nox rsyslog sudo ssh

rsyslog sets up the required mail.err and mail.warn logs in /var/log directory

cron is also installed as a depend.

Last edited by CSsab; 20th January 2011 at 09:26.
Reply With Quote
  #3  
Old 23rd January 2011, 09:50
CSsab CSsab is offline
Senior Member
 
Join Date: Apr 2010
Posts: 174
Thanks: 19
Thanked 32 Times in 27 Posts
Default Manage rkhunter warnings properly: Rkhunter in a LXC.

I was getting rkhunter warnings about the absence of /lib/modules directory in a LXC running Debian 5.0 Lenny so with a bit of skulldugery I simply created the directory /lib/modules.

Later when I started running Debian Sid (testing) containers the rkhunter warning went further to complain that /lib/modules was "either missing or empty" so I put a dummy-file in there and all is good for now.

vi /lib/modules
## This is a dummy file located /lib/modules in a LXC


I have found it better to deal with rkhunter on a fresh install of ISPConfig3 or any system where it is installed) as follows:

1. Update rkhunter
root@lxchost:~# rkhunter --update
[ Rootkit Hunter version 1.3.6 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ updated ]
Checking file backdoorports.dat [ updated ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]


2. Run rkhunter to report warnings only
rkhunter -c --rwo

3. Deal with any warnings as you will.
For example:
vi /etc/rkhunter.conf
Change
ALLOW_SSH_ROOT_USER=no (line 199)
to
ALLOW_SSH_ROOT_USER=yes
:x

4. Run a check again to make sure all spurious warnings have been dealt with.

5. When you are happy that all is well (and only then!) you can run a system wide acceptance of the changes you have made.
rkhunter --propupdate

6. You will still get warnings in the future about possible compromise. For example if I reconfigure debconf and decide to go with readline instead of dialogue inside a LXC, rkhunter will log the change and this is a good thing.
Reply With Quote
The Following 2 Users Say Thank You to CSsab For This Useful Post:
falko (24th January 2011), SamTzu (18th October 2011)
  #4  
Old 27th January 2011, 15:08
CSsab CSsab is offline
Senior Member
 
Join Date: Apr 2010
Posts: 174
Thanks: 19
Thanked 32 Times in 27 Posts
Default Portable ISPConfig 3 using an lxc container??

When formatting my hard drive on the host I thought I might format a couple of USB drives I had so that they would mount when I booted the system.

I gave one a mount point of /mail2
and the other a mount point of /web2

Additionally I gave them user and group quota.

Here are the fstab entries on the host.

# /mail2 was on /dev/sdc1 during installation
UUID=e86c7cd4-cf2c-4064-8c55-c2ae06d1b1b2 /mail2 ext4 rw,nosuid,usrquota,grpquota 0 2
# /web2 was on /dev/sdb1 during installation
UUID=a3bffff2-49bf-45cb-ba4e-1c0d35adfbad /web2 ext4 rw,nosuid,usrquota,grpquota 0 2


They have to be "rw" in order for debootstrap to write to them.

root@lxchost:/web2# ls
aquota.group aquota.user lost+found


NOTE: I am using the latest templates from the lxc git which I name and copy into /usr/lib/lxc/templates (in this case I have called the template "lxc-debian-my")

chmod +x /usr/lib/lxc/templates/lxc-debian-my

/usr/lib/lxc/templates/lxc-debian-my -p /mail2

This downloads a Debian Squeeze minimal right into the flash drive.

root@lxchost:~# ls /var/lib/lxc/
db mail ns1 ns2 web

(There are my other containers already running in the multiserver setup)

To give the container an init script so not to crash the host:

ln -s /mail2 /var/lib/lxc/mail2

root@lxchost:~# ls /var/lib/lxc/
db mail mail2 ns1 ns2 web

There it is "mail2" ...

And now to start the container:

root@lxchost:~# lxc-start -n mail2 -d
root@lxchost:~# lxc-info -n mail2
'mail2' is RUNNING
root@lxchost:~# lxc-ps --name mail2 --forest
CONTAINER PID TTY TIME CMD
mail2 25493 ? 00:00:00 init
mail2 25709 ? 00:00:00 \_ dhclient3
mail2 25785 ? 00:00:00 \_ sshd
mail2 25802 pts/30 00:00:00 \_ getty
mail2 25803 pts/26 00:00:00 \_ getty
mail2 25804 pts/27 00:00:00 \_ getty
mail2 25805 pts/28 00:00:00 \_ getty
mail2 25806 pts/29 00:00:00 \_ getty




So the system is up and running and now to configure and install ISPConfig 3.

The next step might be to work out how to use quota inside the container - I can't figure it out and would appreciate help.

I'll be trying to plug this node into an ISPConfig install on a completely different system and see how that goes.
Reply With Quote
  #5  
Old 27th January 2011, 15:14
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Is there any special reason why you use lxc and not openvz? I checked lxc a few months ago and as far as I have seen, lxc has no quota support yet and no advanced vm limits. LXC seemed not be mature enough for a real deployment so I use openvz as container system on my servers and it works great.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 27th January 2011, 15:35
CSsab CSsab is offline
Senior Member
 
Join Date: Apr 2010
Posts: 174
Thanks: 19
Thanked 32 Times in 27 Posts
Default

lxc is my first experience with virtualisation and I do hear that it does have quota support - I just don't know how yet. They are very fast systems - easy to make and destroy (ultra lightweight).

As to openvz I read that it is very good and see a lot of people use it but I have not tried it.

To answer your question properly I think it is just a matter of preference for me.

This from control panel on host:

Filesystem Type Size Used Available Use% Mounted on
/dev/sda3 ext4 74G 6.3G 64G 9% /
none devtmpfs 998M 240K 997M 1% /dev
none tmpfs 1005M 0 1005M 0% /dev/shm
none tmpfs 1005M 72K 1005M 1% /var/run
none tmpfs 1005M 0 1005M 0% /var/lock
/dev/sdb1 ext4 3.7G 72M 3.5G 3% /web2
/dev/sdc1 ext4 3.7G 282M 3.3G 8% /mail2
/dev/sda1 ext4 472M 48M 400M 11% /boot


this from database node

Filesystem Type Size Used Available Use% Mounted on
tmpfs tmpfs 1005M 0 1005M 0% /lib/init/rw
tmpfs tmpfs 1005M 0 1005M 0% /dev/shm
rootfs rootfs 74G 6.3G 64G 9% /


I realise this is not the way to go for production servers yet but I think there is potential there.
Reply With Quote
  #7  
Old 7th February 2011, 16:14
letic letic is offline
HowtoForge Supporter
 
Join Date: Jul 2006
Posts: 28
Thanks: 10
Thanked 3 Times in 3 Posts
 
Default

Quote:
Originally Posted by CSsab View Post
Later when I started running Debian Sid (testing) containers the rkhunter warning went further to complain that /lib/modules was "either missing or empty" so I put a dummy-file in there and all is good for now.

vi /lib/modules
## This is a dummy file located /lib/modules in a LXC
A better solution is to disable the "os_specific" test in /etc/rkhunter.conf

See : http://www.mail-archive.com/rkhunter.../msg01719.html

On Linux os_specific runs 2 tests :
- check which modules are loaded
- check modules on the disk

As you have neither in a container you can safely disable this test.

Hope this help
LeTic
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Monit & Munin SamTzu HOWTO-Related Questions 2 23rd September 2014 22:20
monitrc configuration for Debian ISPConfig 3 server Hans Tips/Tricks/Mods 2 27th March 2011 23:22
Monitoring server Ubuntu wiss Installation/Configuration 7 20th November 2010 12:56
CPU load locks up box. Apache or MYSQL related. crypted General 61 29th October 2010 22:16
"Too many open files in system" problems Berry Installation/Configuration 3 10th November 2007 21:58


All times are GMT +2. The time now is 23:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.