Linux-Vserver on Debian Sarge

Want to support HowtoForge? Become a subscriber!
 
Submitted by themachine (Contact Author) (Forums) on Fri, 2005-11-11 17:17. :: Virtualization

Summary


You can find an easier to read version of this howto at 5dollarwhitebox.org.


Quoted from 13thfloor.at/vserver/project:

Linux-VServer allows you to create virtual private servers and security contexts which operate like a normal Linux server, but allow many independent servers to be run simultaneously in one box at full speed. All services, such as ssh, mail, Web, and databases, can be started on such a VPS, without modification, just like on any real server. Each virtual server has its own user account database and root password and doesn't interfere with other virtual servers.


You can find a presentation on Linux-vserver at http://www.linux-vserver.org.


The two main terms to know are:

  • Host System: This is the physical server that "hosts" the Guest OSs (virtual servers).
  • Guest System: These are the virtual servers that run on top of the Host OS.


Preparation

Start out with a fresh install of Debian Sarge 3.1. It is recommended to keep the host system as minimal as possible (I rarely see any reason to run any more than SSH and iptables).


Packages to install

Always update your apt database before installing software, and upgrade current packages:

# apt-get update && apt-get upgrade


Then we need to install a few basic packages:

  • util-vserver: Userland utilities to control virtual servers
  • ssh: This should probably have been installed already
  • ncurses-base, and libncurses5-dev: Needed for "make menuconfig" when compiling kernel.

# apt-get install util-vserver ssh ncurses-base libncurses5-dev


The Files

/var/lib/vservers Home directory for the vservers files
/etc/vservers.conf basic config file (not much to see there)
/etc/vservers Hold the config directories for each virtual server
/usr/sbin/vserver Utility to interact, build, start, stop, enter, etc the vservers
/bin/vshelper Another utility to control how vservers function
/usr/lib/util-vserver Main scripts/functions/etc


The Kernel

Please that I have not done this section "The Debian Way". Everything was done using a Vanilla kernel from kernel.org. You can find good links in the user comments below for other resources. Get the latest Kernel, currently linux-vserver latest stable release is for the 2.6.12.4 kernel.. which is what we get:

# cd /usr/src

# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.12.4.tar.gz



Get the latest kernel patch from linux-vserver.org or 13thfloor.at/vserver:

# wget http://www.13thfloor.at/vserver/s_rel26/v2.0/patch-2.6.12.4-vs2.0.diff.gz
# tar -zxvf linux-2.6.12.4.tar.gz
# gunzip patch-2.6.12.4-vs2.0.diff.gz
# mv patch-2.6.12.4-vs2.0.diff /usr/src/linux-2.6.12.4
# Patch the kernel sources:
# cd /usr/src/linux-2.6.12.4
# cat patch-2.6.12.4-vs2.0.diff | patch -p1


If you're already running a similar 2.6.x kernel you can copy your current config before building. It should be somewhere like "/boot/config-2.6.x"

# cp /boot/config-2.6.X /usr/src/linux-2.6.12.4/.config

That last command is only if you want to use an existing config... please don't attempt to use a 2.4.X config file... pretty please. ;)


Ok, lets make this happen. There are a few things that you want to include when we compile. First things first though, you need to have a working compile for your system... and that I can not help you with. Please reference link if you need help compiling a kernel.

# make menuconfig

For future use, you should probably include LVM (and dev-mapper support)... as this is handy for virtual servers.


You see a category for "Linux Vserver". The default selections should be groovy, however you should have something like the following selected:

Enable Legacy kernel API
Enable Proc Security
Enable Hard CPU Limits


Cool... now we have our config.... lets make the kernel:

# make
# make modules_install
# cp .config /boot/config-2.6.12.4-vs2.0
# cp System.map /boot/System.map-2.6.12.4-vs2.0
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.12.4-vs2.0
# mkinitrd -o /boot/initrd.img-2.6.12.4-vs2.0 2.6.12.4-vs2.0


Then we will want to update our grub config:

Using the 'vi' command edit /boot/grub/menu.lst and add the following lines *BEFORE* the other entries already there... and make sure that the line "default" is set to "0":title Vanilla 2.6.12.4-vs2.0
root (hd0,0)
kernel /vmlinuz-2.6.12.4-vs2.0 root=/dev/hda2 ro
initrd /initrd.img-2.6.12.4-vs2.0
savedefault
boot



And there you have it. Now, we should be able to reboot and have our new kernel ready for some virtual servers.

# reboot


Check that kernel after we boot up to make sure we're running on the new one:

# uname -r
2.6.12.4-vs2.0


Nice!


Setting Up The Virtual Servers

Creating virtual Debian Servers on a Debian host is next to ridiculously simple. The following lays it out for you:

# vserver <VSERVER_NAME> build \
-n <VSERVER_NAME> \
--hostname <FQDN> \
--interface <NET_DEVICE>:<IP>/<CIDR> \
-m debootstrap -- -d <DEBIAN_DISTRO>



So, our first virtual server will have the following information:

VSERVER_NAME vserver1
FQDN vserver1.mydomain.com
NET_DEVICE eth0
IP 192.168.1.10
CIDR 24 (255.255.255.0)
DEBIAN_DISTRO sarge


Therefore, the following command will create it:

# vserver vserver1 build \
-n vserver1 \
--hostname vserver1.mydomain.com \
--interface eth0:192.168.1.10/24 \
-m debootstrap -- -d sarge

The backslashes '\' signify a new line... however you can execute this all as one command without the use of backslashes.


And there you go... the installation begins a debian net install of the selected distro. This should take no more than a few minutes. On my system, the base install only takes up 144MB. Now lets see what we have:


# ls -lah /var/lib/vservers/vserver1


total 80K
drwxr-xr-x 20 root root 4.0K Nov 10 08:17 .
drwxr-xr-x 4 root root 4.0K Nov 10 08:13 ..
drwxr-xr-x 2 root root 4.0K Nov 10 08:17 bin
drwxr-xr-x 2 root root 4.0K Dec 15 2004 boot
drwxr-xr-x 3 root root 4.0K Nov 10 08:13 dev
drwxr-xr-x 37 root root 4.0K Nov 10 08:17 etc
drwxrwsr-x 2 root staff 4.0K Dec 15 2004 home
drwxr-xr-x 2 root root 4.0K Nov 10 08:16 initrd
drwxr-xr-x 7 root root 4.0K Nov 10 08:17 lib
drwxr-xr-x 2 root root 4.0K Nov 10 08:16 media
drwxr-xr-x 2 root root 4.0K Dec 15 2004 mnt
drwxr-xr-x 2 root root 4.0K Nov 10 08:16 opt
drwxr-xr-x 2 root root 4.0K Dec 15 2004 proc
drwxr-xr-x 2 root root 4.0K Nov 10 08:16 root
drwxr-xr-x 2 root root 4.0K Nov 10 08:17 sbin
drwxr-xr-x 2 root root 4.0K Nov 10 08:16 srv
drwxr-xr-x 2 root root 4.0K May 10 2005 sys
drwxrwxrwt 2 root root 4.0K Nov 10 08:17 tmp
drwxr-xr-x 11 root root 4.0K Nov 10 08:16 usr
drwxr-xr-x 13 root root 4.0K Nov 10 08:16 var
# ls -lah /etc/vservers/vserver1

total 28K
drwxr-xr-x 5 root root 4.0K Nov 10 08:13 .
drwxr-xr-x 6 root root 4.0K Nov 10 08:13 ..
drwxr-xr-x 4 root root 4.0K Nov 10 08:13 apps
-rw-r--r-- 1 root root 112 Nov 10 08:13 fstab
drwxr-xr-x 3 root root 4.0K Nov 10 08:13 interfaces
-rw-r--r-- 1 root root 5 Nov 10 08:13 name
lrwxrwxrwx 1 root root 22 Nov 10 08:13 run -> /var/run/vservers/vserver1
drwxr-xr-x 2 root root 4.0K Nov 10 08:13 uts
lrwxrwxrwx 1 root root 37 Nov 10 08:13 vdir -> /etc/vservers/.defaults/vdirbase/vserver1



Now that we have our vserver installed, lets start it up. The syntax for the 'vserver' command is:

# vserver <VSERVER_NAME> [ start | stop | restart | enter ]


And for our vserver1:

# vserver vserver1 startStarting system log daemon: syslogd.
Starting kernel log daemon: klogd.
Starting MTA: exim4.
Starting internet superserver: inetd.
Starting deferred execution scheduler: atd.
Starting periodic command scheduler: cron.
...
# vserver-stat
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
0 35 73.4M 5.4K 0m05s21 0m02s33 1m13s00 root server
49152 5 11M 967 0m00s00 0m00s00 0m30s52 vserver1



# vserver vserver1 enter
vserver1:/#



And you're now in the context of the virtual server. To get out and back to the host system, just type "exit".


Notes on Configuration

You'll first need to run "apt-setup" and configure apt same as any other debian system. The debian bootstrap install is a very minimal base installation. You will need to install everything that you want.

It should be mentioned that each virtual server has its own IP address. However, since these IPs are configured as Aliases to you actually net device (i.e. eth0) they are all listening on the same physical device. This can pose a problem when default configurations specify to "Listen" on all interfaces. Every service within the vserver must specify a Listen Address.


For example:

SSH:

# apt-get install sshd

# vi /etc/ssh/sshd_config


Change the line:

#ListenAddress 0.0.0.0


To

ListenAddress 192.168.1.10


And...

# /etc/init.d/ssh restart



The rest is really up to your imagination and figuring out the wonders of undocumented open source... have fun!




BJ Dierkes, RHCE-LPIC1
wdierkes [at] 5dollarwhitebox [dot] org
Texas, USA


Resources


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Tue, 2005-12-13 20:08.
Building and installing a kernel the "Debian way" does not mean you have to use the Debian patched kernel. It works equally as well with a stock kernel.
Submitted by Anonymous (not registered) on Tue, 2005-12-13 13:13.
kernel          /vmlinuz-2.6.12.4-vs2.0 root=/dev/hda2 ro
initrd /initrd.img-2.6.12.4-vs2.0

These rows should be, or else it fails to boot

kernel /boot/vmlinuz-2.6.12.4-vs2.0 root=/dev/hda2 ro
initrd /boot/initrd.img-2.6.12.4-vs2.0
Submitted by Anonymous (not registered) on Tue, 2005-12-13 18:25.

Sorry, but you are not correct on this statement. Grub works from what it conciders it's "ROOT" specified by the line "root (hd0,0)". "root(hd0,0)" is the /boot partition.

Many variations work in this file... I have used anything from "/kernel-x.x.x" to "(hd0,0)/kernel-x.x.x" to "/boot/kernel-x.x.x". Thanks for your input though!

Submitted by admin (registered user) on Tue, 2005-12-13 17:56.

It depends on your partitions. If you have a /boot partition, then

kernel /vmlinuz-2.6.12.4-vs2.0 root=/dev/hda2 ro

initrd /initrd.img-2.6.12.4-vs2.0

is correct. If you have not, then

kernel /boot/vmlinuz-2.6.12.4-vs2.0 root=/dev/hda2 ro

initrd /boot/initrd.img-2.6.12.4-vs2.0

should do.

Submitted by Anonymous (not registered) on Thu, 2005-12-08 20:04.
this didn't work for me, and I can't find any documentation about using vserver on a debian-amd64 box. Linux ruby 2.6.12.6 #1 Thu Dec 8 12:30:08 GMT 2005 x86_64 GNU/Linux error: I: Retrieving debootstrap.invalid_dists_sarge_Release I: Validating debootstrap.invalid_dists_sarge_Release E: Invalid Release file, no entry for main/binary-amd64/Packages
Submitted by Anonymous (not registered) on Sat, 2006-03-18 19:22.
apt-get install vserver-debiantools
newvserver --mirror <url_from_list_http://amd64.debian.net/README.mirrors.html> --hostname x --domain y.z --ip 1.2.3.4
and have fun ;)
Submitted by Anonymous (not registered) on Mon, 2005-12-12 15:10.

if you are trying to get the amd64 sarge release from debian.org that would explain your problem. debian only officially provides amd64 security support for sarge. see http://amd64.debian.net/ for more information (specifically http://amd64.debian.net/README.mirrors.html for installation mirrors and http://amd64.debian.net/docs/ for documentation).

as part of my vserver setup i use apt-proxy, so that the updating/upgrading of one vserver caches the packages locally for the other vservers to use when i update/upgrade them seconds later. and creating new vservers in really quick as i've pre-cached both sarge amd64 installation dvds (see apt-proxy documentation on "importing").

Submitted by Anonymous (not registered) on Wed, 2005-11-30 23:21.

for further resources:

  • http://deb.riseup.net/vserver/ (already mentioned by another commenter, but seconded here)
  • http://www.section6.net/wiki/index.php/Running_Vservers_on_Debian

i think every howto should show how to test a vserver after installation, if only to give the new vserver user a warm fuzzy feeling.

  • http://vserver.13thfloor.at/Stuff/SCRIPT/
  • http://linux-vserver.org/TestScripts

i've backported the util-vserver package from etch to sarge to gain hashify support, a really easy way to conserve space in your vserver chroots with hardlinks.

i'm kind of appalled that a "debian" how-to doesn't support the debian way of building kernels (ie kernel-package, kernel-source, & kernel-patch-vserver) considering that's nearly half the document.

i don't mess with the stock kernels because i rather debian manage security updates. actually, i'm using ubuntu's 2.6.10 kernel from hoary as i need the ata pass-through support for smart on sata drives, but ubuntu also supports its packages for 18 months (which is hopefully longer than debian post-woody). kernel-patch-vserver in sarge includes a patch for 2.6.10 that applies to ubuntu's kernel source rather cleanly, but not perfectly. i've already tested ubuntu breezy's 2.6.12 with the kernel patch for 2.6.12 in etch's kernel-patch-vserver and that works too (with fewer patch rejects).

besides the kernel documentation, this how-to is a good start.
Submitted by IaMMai (registered user) on Sun, 2005-12-04 20:00.

I do agree... I should have done the kernel section the "debian way"... but I honestly have always delt with vanilla kernels... I didn't really feel that the kernel section was anything to be picky about, rather building vserver's after the re-compile and such... I will one day soon update this to utilize Debian's way.

Thanks for the comment!

Submitted by Anonymous (not registered) on Mon, 2005-12-12 14:53.

i wouldn't have been picky about the kernel section except that it's almost half of your document. if it would have been a sentence or two ("make sure your kernel is compiled with the linux-vserver patch") it would have been overlooked, but it's hard to understand why a "linux-vserver for debian" document is half about compiling a non-debian kernel.

my recommendation: don't have a kernel section at all besides referencing a good "building kernels the debian way" document (see other comments for urls) and a note to include the kernel-patch-vserver package (or an upstream patch if necessary).

just curious: as you track upstream kernels, how do you address kernel security? do you always upgrade to the latest kernel (as upstream kernels only receive security support from lkml for the current version; or has this changed?) or do you provide your own security updates (backporting security fixes from the latest upstream kernel to whatever kernel you decided to standardize on)?
Submitted by Anonymous (not registered) on Wed, 2005-11-30 08:54.
Another good tutorial for Debian+vserver here: http://deb.riseup.net/vserver/
Submitted by Anonymous (not registered) on Tue, 2005-11-29 17:40.

It seems that in this setup the Debian patch-set for the kernel was not applied. This may or may not cause problems for some setups. Unfortunately, I don't know if the vserver patch will aply anywhere near 'cleanly' to a Debian-patched kernel (since I've never tried this with Debian.)

YMMV

Gaby

Submitted by Anonymous (not registered) on Tue, 2005-11-29 11:23.
Thanks for this neat little ref.

I would like to mention debian's kernel package system as described here[1], which is the debian way to compile custom kernels and create packages of it.

[1] http://newbiedoc.sourceforge.net/sy..

polarizers 2cent
Submitted by Anonymous (not registered) on Mon, 2005-11-28 16:25.
Check out this article about how to use vserver on a VLAN. Powerful stuff! http://this.is/promazin/?p=page&ID=1