Installing And Using OpenVZ On Ubuntu 8.04 LTS Server

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2008-08-10 18:52. :: OpenVZ | Ubuntu | Virtualization

Installing And Using OpenVZ On Ubuntu 8.04 LTS Server

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Last edited 07/16/2008

In this HowTo I will describe how to prepare an Ubuntu 8.04 LTS server for OpenVZ. With OpenVZ you can create multiple Virtual Private Servers (VPS) on the same hardware, similar to Xen and the Linux Vserver project. OpenVZ is the open-source branch of Virtuozzo, a commercial virtualization solution used by many providers that offer virtual servers. The OpenVZ kernel patch is licensed under the GPL license, and the user-level tools are under the QPL license.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

ln -sf /bin/bash /bin/sh

 

2 Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it.

We can disable it like this:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

 

3 Installing OpenVZ

OpenVZ is available in the Ubuntu repositories. To install the OpenVZ kernel, run:

apt-get install linux-openvz

Now we install some OpenVZ user tools:

apt-get install vzctl vzquota

Open /etc/sysctl.conf and make sure that you have the following settings in it:

vi /etc/sysctl.conf

[...]
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
[...]

If you need to modify /etc/sysctl.conf, run

sysctl -p

afterwards.

The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!

Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:

vi /etc/vz/vz.conf

[...]
NEIGHBOUR_DEVS=all
[...]

Finally, reboot the system:

reboot

If your system reboots without problems, then everything is fine!

Run

uname -r

and your new OpenVZ kernel should show up:

root@server1:~# uname -r
2.6.24-19-openvz
root@server1:~#


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Jamie Strandboge (not registered) on Mon, 2009-12-28 16:59.
I noticed that this tutorial recommends to disable all of AppArmor. Unless you have a very specific need to do so, this is not recommended. The apparmor profiles shipped in Ubuntu are designed to work with the default installation. If a particular profile is causing you trouble, please disable the profile or put it in complain mode, and leave the other profiles that are not causing problems to do their jobs. Better yet, file a bug. :) See my blog entry athttp://penguindroppings.wordpress.com/2009/07/07/should-i-disable-apparmor/ for details.
Submitted by Benjamin (not registered) on Fri, 2009-02-13 17:08.
I prefer
aptitude purge apparmor
for removing apparmor or any unwanted application.

The advantage of this is that the service is automatically stopped and removed from the runlevels. And as a bonus aptitude logs its actions under /var/log/aptitude — I like this very much! Why not avoid fine grained administration steps? Let's delegate it to the package management!

Anyhow, keep up your good work. Much appreciated!
Submitted by stanman (not registered) on Fri, 2008-10-03 07:24.
Great howto. Maybe a little thing i ran into when doing this. I couldn't boot into the openvz kernel (using ssh). So after some searching i found out that:
 sudo apt-get remove --purge --auto-remove linux-image-.*server

Would let me boot into the openvz kernel. I found this at:

https://help.ubuntu.com/community/OpenVZ#8.04%20Hardy
Submitted by Johan Svensson (not registered) on Mon, 2009-06-22 19:51.

Or, as said in the similar article but for Ubuntu 8.10, you can change the default kernel in grub:

[...]

Now open /boot/grub/menu.lst...

vi /boot/grub/menu.lst

... and make the OpenVZ kernel the default kernel. In my /boot/grub/menu.lst I have the following kernels...

[...]
## ## End Default Options ##

title Ubuntu 8.10, kernel 2.6.27-7-server
uuid a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel /boot/vmlinuz-2.6.27-7-server root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro quiet splash
initrd /boot/initrd.img-2.6.27-7-server
quiet

title Ubuntu 8.10, kernel 2.6.27-7-server (recovery mode)
uuid a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel /boot/vmlinuz-2.6.27-7-server root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro single
initrd /boot/initrd.img-2.6.27-7-server

title Ubuntu 8.10, kernel 2.6.24-6-fza-amd64
uuid a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel /boot/vmlinuz-2.6.24-6-fza-amd64 root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro quiet splash
initrd /boot/initrd.img-2.6.24-6-fza-amd64
quiet

title Ubuntu 8.10, kernel 2.6.24-6-fza-amd64 (recovery mode)
uuid a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel /boot/vmlinuz-2.6.24-6-fza-amd64 root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro single
initrd /boot/initrd.img-2.6.24-6-fza-amd64

title Ubuntu 8.10, memtest86+
uuid a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel /boot/memtest86+.bin
quiet

### END DEBIAN AUTOMAGIC KERNELS LIST

... which means the OpenVZ kernel is the third kernel. Because counting starts with 0, I change the value of default to 2:

[...]
default 2
[...]