How To Create A Debian Wheezy (Testing) OpenVZ Template

Version 1.0
Author: Falko Timme
Follow me on Twitter
Last edited 09/01/2011

This tutorial explains how to create an OpenVZ template for Debian Wheezy (Debian Testing) that you can use to create virtual Debian Wheezy machines under OpenVZ. I searched for a Debian Wheezy OpenVZ template, but couldn't find one, that's why I decided to create it myself. This guide can also be used for creating Debian Lenny templates and templates for recent Ubuntu versions.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

This guide is based on Debian template creation, but was adjusted to Debian Wheezy. I assume you are using a Debian-based OpenVZ host, for example as shown in this guide: Installing And Using OpenVZ On Debian Squeeze (AMD64)

 

2 Preparing The Host System

Host System:

These steps have to be carried out on the host system!

We need deboostrap to install the Wheezy guest, so make sure it is installed:

apt-get install debootstrap

Next make sure that /vz is a symlink to /var/lib/vz:

ln -s /var/lib/vz /vz

Now we install the 64bit version of Debian Wheezy in the /vz/private/777 directory (I will use 777 as the container ID of the Wheezy guest; you are free to use any other unused ID; for example, if you use the ID 123, change the directory to /vz/private/123).

debootstrap --arch amd64 wheezy /vz/private/777 ftp://ftp.de.debian.org/debian/

If you want to create a template for i386, the command must look as follows:

debootstrap --arch i386 wheezy /vz/private/777 ftp://ftp.de.debian.org/debian/

Make sure you use a Debian mirror that is close to you. I use the German mirror ftp://ftp.de.debian.org/debian/; you can replace de with your country code, for example ftp://ftp.fr.debian.org/debian/ for France or ftp://ftp.us.debian.org/debian/ for the USA.

Afterwards, open /etc/sysctl.conf...

vi /etc/sysctl.conf

... and append the following settings:

[...]
### OpenVZ settings

# On Hardware Node we generally need packet
# forwarding enabled and proxy arp disabled

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# TCP Explict Congestion Notification
net.ipv4.tcp_ecn = 0

# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Run

sysctl -p

for the changes to take effect.

Next we apply a basic OpenVZ configuration to our container:

vzctl set 777 --applyconfig basic --save

You will see the following warning which you can ignore:

root@server1:~# vzctl set 777 --applyconfig basic --save
WARNING: /etc/vz/conf/777.conf not found: No such file or directory
Saved parameters for CT 777
root@server1:~#

The last command has created a new /etc/vz/conf/777.conf for our container. We need to add the OSTEMPLATE variable to it which we can do as follows:

sh -c 'echo OSTEMPLATE=\"debian-7.0\"' >> /etc/vz/conf/777.conf

Replace debian-7.0 with the appropriate value for the distribution you use for your new template, like debian-6.0 for Debian Squeeze or ubuntu-11.04 for Ubuntu 11.04.

Next we add a free IP from our subnet to the new container and set at least one nameserver so that the container has access to the Internet. I'm in the 192.168.0.x net, so I assign the IP 192.168.0.110 to the container, and I make it use Google's nameservers (8.8.8.8 and 8.8.4.4):

vzctl set 777 --ipadd 192.168.0.110 --save
vzctl set 777 --nameserver 8.8.8.8 --nameserver 8.8.4.4 --save

Next check if /var/lib/vz/private/777/dev/ptmx exists:

ls -l /var/lib/vz/private/777/dev/ptmx

Output should be as follows:

root@server1:~# ls -l /var/lib/vz/private/777/dev/ptmx
crw-rw-rw- 1 root tty 5, 2 Mar  4 12:53 /var/lib/vz/private/777/dev/ptmx
root@server1:~#

If it does not exist, create it as follows:

mknod --mode 666 /var/lib/vz/private/777/dev/ptmx c 5 2

Now we start the container...

vzctl start 777

... and enter it:

vzctl enter 777

 

3 Preparing The Container

Container:

These stepd have to be carried out in the container!

Set the PATH variable as follows:

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Open /etc/apt/sources.list...

vi /etc/apt/sources.list

... and make it look as follows (again, make sure you use a Debian mirror close to you):

deb http://ftp.de.debian.org/debian wheezy main contrib
deb http://security.debian.org wheezy/updates main contrib

Update the package database...

apt-get update

... and install the latest updates:

apt-get upgrade

Now you can install all packages that you'd like to provide with your OpenVZ template. A minimal set of packages could be as follows:

apt-get install ssh quota less vim-nox

Assign the correct permissions to the /root directory:

chmod 700 /root

If you want to disable the root login, run

usermod -L root

Personally, I prefer to have a root login, so I omit this command.

Next, we disable getty, sync() for syslog, and fix /etc/mtab:

sed -i -e '/getty/d' /etc/inittab

sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf

rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab

Now it's time to remove all packages that you don't want to provide with your template, for example as follows:

dpkg --purge modutils ppp pppoeconf pppoe pppconfig module-init-tools

Next we remove the system startup links for a few services:

update-rc.d-insserv -f klogd remove
update-rc.d-insserv -f quotarpc remove
update-rc.d-insserv -f exim4 remove
update-rc.d-insserv -f inetd remove

Each container created from this template should have its own pair of SSH keys, therefore we delete the SSH keys of this container...

rm -f /etc/ssh/ssh_host_*

... and create a script that automatically creates a new pair of SSH keys on first boot:

vi /etc/init.d/ssh_gen_host_keys

#!/bin/sh
### BEGIN INIT INFO
# Provides:          Generates new ssh host keys on first boot
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Generates new ssh host keys on first boot
# Description:       Generates new ssh host keys on first boot
### END INIT INFO
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""
insserv -r /etc/init.d/ssh_gen_host_keys
rm -f \$0

Make the script executable and add system startup links:

chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys

Next adjust your timezone:

dpkg-reconfigure tzdata

Clean up your package cache:

apt-get --purge clean

Then exit the container:

exit

 

4 Cleaning Up, Creating The Template, And Testing

Host System:

These steps have to be carried out on the host system!

Now we remove the IP address, nameservers, and hostname from the container:

vzctl set 777 --ipdel all --save

cat /dev/null > /vz/private/777/etc/resolv.conf

rm -f /vz/private/777/etc/hostname

Stop the container...

vzctl stop 777

... and go to the container directory:

cd /vz/private/777

Now we create our template as follows:

tar --numeric-owner -zcf /vz/template/cache/debian-7.0-amd64-minimal.tar.gz .

(Don't forget the dot at the end!)

Take a look at the /vz/template/cache directory, you should find your new template there (beside any other templates):

ls -lh /vz/template/cache

root@server1:/vz/private/777# ls -lh /vz/template/cache
total 194M
-rw-r--r-- 1 root root  80M Feb  7  2011 debian-6.0-amd64-minimal.tar.gz
-rw-r--r-- 1 root root 114M Sep  1 22:55 debian-7.0-amd64-minimal.tar.gz
root@server1:/vz/private/777#

Congratulations, you have just created your first OpenVZ template!

Now let's create a container from this template for testing purposes - I use the container ID 888 here:

vzctl create 888 --ostemplate debian-7.0-amd64-minimal

Start it...

vzctl start 888

... and check if it's running successfully by checking its process list - if it did not start you should get no process list.

vzctl exec 888 ps ax

root@server1:/vz/private/777# vzctl exec 888 ps ax
  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
  316 ?        Sl     0:00 /usr/sbin/rsyslogd -c5
  326 ?        Ss     0:00 /usr/sbin/cron
  335 ?        Ss     0:00 /usr/bin/dbus-daemon --system
  344 ?        Ss     0:00 /usr/sbin/sshd
  358 ?        Rs     0:00 ps ax
root@server1:/vz/private/777#

Ok, it's working as expected, so we can stop and remove this test container:

vzctl stop 888
vzctl destroy 888
rm /etc/vz/conf/888.conf.destroyed

We also don't need the container anymore from which we created our template, so we can remove it as well:

cd
vzctl destroy 777
rm /etc/vz/conf/777.conf.destroyed

If you want to use your new template as the default template when you create new containers (so that you don't have to specify --ostemplate debian-7.0-amd64-minimal in the vzctl create command), modify the DEF_OSTEMPLATE variable in /etc/vz/vz.conf as follows:

vi /etc/vz/vz.conf

[...]
DEF_OSTEMPLATE="debian-7.0-amd64-minimal"
[...]

 

Share this page:

1 Comment(s)

Add comment

Comments

From: Vyacheslav at: 2014-04-09 09:37:56

Thanks a lot!