How To Create A Debian Wheezy (Testing) OpenVZ Template
Version 1.0
Author: Falko Timme
This tutorial explains how to create an OpenVZ template for Debian Wheezy (Debian Testing) that you can use to create virtual Debian Wheezy machines under OpenVZ. I searched for a Debian Wheezy OpenVZ template, but couldn't find one, that's why I decided to create it myself. This guide can also be used for creating Debian Lenny templates and templates for recent Ubuntu versions.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
This guide is based on Debian template creation, but was adjusted to Debian Wheezy. I assume you are using a Debian-based OpenVZ host, for example as shown in this guide: Installing And Using OpenVZ On Debian Squeeze (AMD64)
2 Preparing The Host System
Host System:
These steps have to be carried out on the host system!
We need deboostrap to install the Wheezy guest, so make sure it is installed:
apt-get install debootstrap
Next make sure that /vz is a symlink to /var/lib/vz:
ln -s /var/lib/vz /vz
Now we install the 64bit version of Debian Wheezy in the /vz/private/777 directory (I will use 777 as the container ID of the Wheezy guest; you are free to use any other unused ID; for example, if you use the ID 123, change the directory to /vz/private/123).
debootstrap --arch amd64 wheezy /vz/private/777 ftp://ftp.de.debian.org/debian/
If you want to create a template for i386, the command must look as follows:
debootstrap --arch i386 wheezy /vz/private/777 ftp://ftp.de.debian.org/debian/
Make sure you use a Debian mirror that is close to you. I use the German mirror ftp://ftp.de.debian.org/debian/; you can replace de with your country code, for example ftp://ftp.fr.debian.org/debian/ for France or ftp://ftp.us.debian.org/debian/ for the USA.
Afterwards, open /etc/sysctl.conf...
vi /etc/sysctl.conf
... and append the following settings:
[...] ### OpenVZ settings # On Hardware Node we generally need packet # forwarding enabled and proxy arp disabled net.ipv4.conf.default.forwarding=1 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.ip_forward=1 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # Enables the magic-sysrq key kernel.sysrq = 1 # TCP Explict Congestion Notification net.ipv4.tcp_ecn = 0 # we do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0 |
Run
sysctl -p
for the changes to take effect.
Next we apply a basic OpenVZ configuration to our container:
vzctl set 777 --applyconfig basic --save
You will see the following warning which you can ignore:
root@server1:~# vzctl set 777 --applyconfig basic --save
WARNING: /etc/vz/conf/777.conf not found: No such file or directory
Saved parameters for CT 777
root@server1:~#
The last command has created a new /etc/vz/conf/777.conf for our container. We need to add the OSTEMPLATE variable to it which we can do as follows:
sh -c 'echo OSTEMPLATE=\"debian-7.0\"' >> /etc/vz/conf/777.conf
Replace debian-7.0 with the appropriate value for the distribution you use for your new template, like debian-6.0 for Debian Squeeze or ubuntu-11.04 for Ubuntu 11.04.
Next we add a free IP from our subnet to the new container and set at least one nameserver so that the container has access to the Internet. I'm in the 192.168.0.x net, so I assign the IP 192.168.0.110 to the container, and I make it use Google's nameservers (8.8.8.8 and 8.8.4.4):
vzctl set 777 --ipadd 192.168.0.110 --save
vzctl set 777 --nameserver 8.8.8.8 --nameserver 8.8.4.4 --save
Next check if /var/lib/vz/private/777/dev/ptmx exists:
ls -l /var/lib/vz/private/777/dev/ptmx
Output should be as follows:
root@server1:~# ls -l /var/lib/vz/private/777/dev/ptmx
crw-rw-rw- 1 root tty 5, 2 Mar 4 12:53 /var/lib/vz/private/777/dev/ptmx
root@server1:~#
If it does not exist, create it as follows:
mknod --mode 666 /var/lib/vz/private/777/dev/ptmx c 5 2
Now we start the container...
vzctl start 777
... and enter it:
vzctl enter 777
3 Preparing The Container
Container:
These stepd have to be carried out in the container!
Set the PATH variable as follows:
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Open /etc/apt/sources.list...
vi /etc/apt/sources.list
... and make it look as follows (again, make sure you use a Debian mirror close to you):
deb http://ftp.de.debian.org/debian wheezy main contrib deb http://security.debian.org wheezy/updates main contrib |
Update the package database...
apt-get update
... and install the latest updates:
apt-get upgrade
Now you can install all packages that you'd like to provide with your OpenVZ template. A minimal set of packages could be as follows:
apt-get install ssh quota less vim-nox
Assign the correct permissions to the /root directory:
chmod 700 /root
If you want to disable the root login, run
usermod -L root
Personally, I prefer to have a root login, so I omit this command.
Next, we disable getty, sync() for syslog, and fix /etc/mtab:
sed -i -e '/getty/d' /etc/inittab
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/*syslog.conf
rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab
Now it's time to remove all packages that you don't want to provide with your template, for example as follows:
dpkg --purge modutils ppp pppoeconf pppoe pppconfig module-init-tools
Next we remove the system startup links for a few services:
update-rc.d-insserv -f klogd remove
update-rc.d-insserv -f quotarpc remove
update-rc.d-insserv -f exim4 remove
update-rc.d-insserv -f inetd remove
Each container created from this template should have its own pair of SSH keys, therefore we delete the SSH keys of this container...
rm -f /etc/ssh/ssh_host_*
... and create a script that automatically creates a new pair of SSH keys on first boot:
vi /etc/init.d/ssh_gen_host_keys
#!/bin/sh ### BEGIN INIT INFO # Provides: Generates new ssh host keys on first boot # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Generates new ssh host keys on first boot # Description: Generates new ssh host keys on first boot ### END INIT INFO ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N "" ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N "" insserv -r /etc/init.d/ssh_gen_host_keys rm -f \$0 |
Make the script executable and add system startup links:
chmod a+x /etc/init.d/ssh_gen_host_keys
insserv /etc/init.d/ssh_gen_host_keys
Next adjust your timezone:
dpkg-reconfigure tzdata
Clean up your package cache:
apt-get --purge clean
Then exit the container:
exit
4 Cleaning Up, Creating The Template, And Testing
Host System:
These steps have to be carried out on the host system!
Now we remove the IP address, nameservers, and hostname from the container:
vzctl set 777 --ipdel all --save
cat /dev/null > /vz/private/777/etc/resolv.conf
rm -f /vz/private/777/etc/hostname
Stop the container...
vzctl stop 777
... and go to the container directory:
cd /vz/private/777
Now we create our template as follows:
tar --numeric-owner -zcf /vz/template/cache/debian-7.0-amd64-minimal.tar.gz .
(Don't forget the dot at the end!)
Take a look at the /vz/template/cache directory, you should find your new template there (beside any other templates):
ls -lh /vz/template/cache
root@server1:/vz/private/777# ls -lh /vz/template/cache
total 194M
-rw-r--r-- 1 root root 80M Feb 7 2011 debian-6.0-amd64-minimal.tar.gz
-rw-r--r-- 1 root root 114M Sep 1 22:55 debian-7.0-amd64-minimal.tar.gz
root@server1:/vz/private/777#
Congratulations, you have just created your first OpenVZ template!
Now let's create a container from this template for testing purposes - I use the container ID 888 here:
vzctl create 888 --ostemplate debian-7.0-amd64-minimal
Start it...
vzctl start 888
... and check if it's running successfully by checking its process list - if it did not start you should get no process list.
vzctl exec 888 ps ax
root@server1:/vz/private/777# vzctl exec 888 ps ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:00 init [2]
316 ? Sl 0:00 /usr/sbin/rsyslogd -c5
326 ? Ss 0:00 /usr/sbin/cron
335 ? Ss 0:00 /usr/bin/dbus-daemon --system
344 ? Ss 0:00 /usr/sbin/sshd
358 ? Rs 0:00 ps ax
root@server1:/vz/private/777#
Ok, it's working as expected, so we can stop and remove this test container:
vzctl stop 888
vzctl destroy 888
rm /etc/vz/conf/888.conf.destroyed
We also don't need the container anymore from which we created our template, so we can remove it as well:
cd
vzctl destroy 777
rm /etc/vz/conf/777.conf.destroyed
If you want to use your new template as the default template when you create new containers (so that you don't have to specify --ostemplate debian-7.0-amd64-minimal in the vzctl create command), modify the DEF_OSTEMPLATE variable in /etc/vz/vz.conf as follows:
vi /etc/vz/vz.conf
[...] DEF_OSTEMPLATE="debian-7.0-amd64-minimal" [...] |
5 Links
- OpenVZ: http://openvz.org/
- Debian: http://www.debian.org/