Installing And Using OpenVZ On Ubuntu 8.10

Version 1.0
Author: Falko Timme

In this HowTo I will describe how to prepare an Ubuntu 8.10 server for OpenVZ. With OpenVZ you can create multiple Virtual Private Servers (VPS) on the same hardware, similar to Xen and the Linux Vserver project. OpenVZ is the open-source branch of Virtuozzo, a commercial virtualization solution used by many providers that offer virtual servers. The OpenVZ kernel patch is licensed under the GPL license, and the user-level tools are under the QPL license.

This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.

This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I'm using an x86_64 (amd64) system here. If you are on an i386 system, a few commands will be slightly different - I have added annotations to that parts.

 

2 Become root

Type

sudo su

to become root (or prepend all commands in this tutorial with the string sudo).

 

3 Change The Default Shell

/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:

ln -sf /bin/bash /bin/sh

 

4 Disable AppArmor

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it.

We can disable it like this:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
apt-get remove apparmor apparmor-utils

 

5 Installing OpenVZ

In order to install OpenVZ, we need to add the OpenVZ repository to our /etc/apt/sources.list:

vi /etc/apt/sources.list
[...]
deb http://download.openvz.org/debian-systs lenny openvz
[...]

Run

wget -q http://download.openvz.org/debian-systs/dso_archiv_signing_key.asc -O- | apt-key add - && apt-get update

afterwards to download the key of that repository and update the package database.

To find the available OpenVZ packages (especially the OpenVZ kernel that we need to install), run

apt-cache search openvz
root@server1:~# apt-cache search openvz
vzctl - server virtualization solution - control tools
vzquota - server virtualization solution - quota tools
fzakernel-2.6.24-amd64 - OpenVZ - Meta kernel 2.6.246-fza-amd64 (2.6.24+ovz004.1dso6) on amd64
linux-patch-openvz - OpenVZ - server virtualization solution - Linux kernel patch
vzctl-ostmpl-debian-4.0-amd64-minimal - OpenVZ - OS Template debian-4.0-amd64-minimal
vzctl-ostmpl-debian-4.0-i386-minimal - OpenVZ - OS Template debian-4.0-i386-minimal
vzctl-ostmpl-debian-5.0-amd64-minimal - OpenVZ - OS Template debian-5.0-amd64-minimal
vzctl-ostmpl-debian-5.0-i386-minimal - OpenVZ - OS Template debian-5.0-i386-minimal
root@server1:~#

As you see, in my case the kernel is named fzakernel-2.6.24-amd64 (I'm on a 64bit Ubuntu 8.10), so I install it as follows:

apt-get install fzakernel-2.6.24-amd64

If you are on a i386 system, the package is named slightly different (probably fzakernel-2.6.24-i386).

Now open /boot/grub/menu.lst...

vi /boot/grub/menu.lst

... and make the OpenVZ kernel the default kernel. In my /boot/grub/menu.lst I have the following kernels...

[...]
## ## End Default Options ##

title           Ubuntu 8.10, kernel 2.6.27-7-server
uuid            a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel          /boot/vmlinuz-2.6.27-7-server root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro quiet splash
initrd          /boot/initrd.img-2.6.27-7-server
quiet

title           Ubuntu 8.10, kernel 2.6.27-7-server (recovery mode)
uuid            a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel          /boot/vmlinuz-2.6.27-7-server root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro  single
initrd          /boot/initrd.img-2.6.27-7-server

title           Ubuntu 8.10, kernel 2.6.24-6-fza-amd64
uuid            a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel          /boot/vmlinuz-2.6.24-6-fza-amd64 root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro quiet splash
initrd          /boot/initrd.img-2.6.24-6-fza-amd64
quiet

title           Ubuntu 8.10, kernel 2.6.24-6-fza-amd64 (recovery mode)
uuid            a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel          /boot/vmlinuz-2.6.24-6-fza-amd64 root=UUID=a384f789-7b8b-4464-8340-f5fcc73ecc5b ro  single
initrd          /boot/initrd.img-2.6.24-6-fza-amd64

title           Ubuntu 8.10, memtest86+
uuid            a384f789-7b8b-4464-8340-f5fcc73ecc5b
kernel          /boot/memtest86+.bin
quiet

### END DEBIAN AUTOMAGIC KERNELS LIST

... which means the OpenVZ kernel is the third kernel. Because counting starts with 0, I change the value of default to 2:

[...]
default         2
[...]

Now we install some OpenVZ user tools:

apt-get install vzctl vzquota

Open /etc/sysctl.conf and make sure that you have the following settings in it:

vi /etc/sysctl.conf
[...]
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
[...]

If you need to modify /etc/sysctl.conf, run

sysctl -p

afterwards.

The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!

Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:

vi /etc/vz/vz.conf
[...]
NEIGHBOUR_DEVS=all
[...]

Finally, reboot the system:

reboot

If your system reboots without problems, then everything is fine!

After the reboot, become root again:

sudo su

Run

uname -r

and your new OpenVZ kernel should show up:

root@server1:~# uname -r
2.6.24-6-fza-amd64
root@server1:~#

 

6 Using OpenVZ

Before we can create virtual machines with OpenVZ, we need to have a template for the distribution that we want to use in the virtual machines in the /var/lib/vz/template/cache directory. The virtual machines will be created from that template.

In the

apt-cache search openvz

output (see the previous chapter) we had four Debian templates that we can install as follows (the amd64 templates are probably not available on an i386 host):

apt-get install vzctl-ostmpl-debian-4.0-amd64-minimal vzctl-ostmpl-debian-4.0-i386-minimal vzctl-ostmpl-debian-5.0-amd64-minimal vzctl-ostmpl-debian-5.0-i386-minimal

You can use one of these templates, but you can also find a list of precreated templates on http://wiki.openvz.org/Download/template/precreated.

I want to use Ubuntu 8.04 in my virtual machines, so I download an Ubuntu 8.04 template (a minimal Ubuntu 8.04 template in this case):

cd /var/lib/vz/template/cache
wget http://download.openvz.org/template/precreated/ubuntu-8.04-amd64-minimal.tar.gz

(If your host is an i386 system, you cannot use an amd64 template - you must use i386 templates then!)

I will now show you the basic commands for using OpenVZ.

To set up a VPS from the minimal Ubuntu 8.04 template, run:

vzctl create 101 --ostemplate ubuntu-8.04-amd64-minimal --config vps.basic

(To create a VPS from the vzctl-ostmpl-debian-4.0-i386-minimal template package, the command would be

vzctl create 101 --ostemplate debian-4.0-i386-minimal --config vps.basic

)

The 101 must be a uniqe ID - each virtual machine must have its own unique ID. You can use the last part of the virtual machine's IP address for it. For example, if the virtual machine's IP address is 192.168.0.101, you use 101 as the ID.

If you want to have the vm started at boot, run

vzctl set 101 --onboot yes --save

To set a hostname and IP address for the vm, run:

vzctl set 101 --hostname test.example.com --save
vzctl set 101 --ipadd 192.168.0.101 --save

Next we set the number of sockets to 120 and assign a few nameservers to the vm:

vzctl set 101 --numothersock 120 --save
vzctl set 101 --nameserver 145.253.2.75 --nameserver 213.191.92.86 --save

(Instead of using the vzctl set commands, you can as well directly edit the vm's configuration file which is stored in the /etc/vz/conf directory. If the ID of the vm is 101, then the configuration file is /etc/vz/conf/101.conf.)

To start the vm, run

vzctl start 101

To set a root password for the vm, execute

vzctl exec 101 passwd

You can now either connect to the vm via SSH (e.g. with PuTTY), or you enter it as follows:

vzctl enter 101

To leave the vm's console, type

exit

To stop a vm, run

vzctl stop 101

To restart a vm, run

vzctl restart 101

To delete a vm from the hard drive (it must be stopped before you can do this), run

vzctl destroy 101

To get a list of your vms and their statuses, run

vzlist -a
root@server1:~# vzlist -a
      VEID      NPROC STATUS  IP_ADDR         HOSTNAME
       101          5 running 192.168.0.101   test.example.com
root@server1:~#

To find out about the resources allocated to a vm, run

vzctl exec 101 cat /proc/user_beancounters
root@server1:~# vzctl exec 101 cat /proc/user_beancounters
Version: 2.5
       uid  resource           held    maxheld    barrier      limit    failcnt
      101:  kmemsize         593615    1721162   11055923   11377049          0
            lockedpages           0          0        256        256          0
            privvmpages        2111       2491      65536      69632          0
            shmpages            645        661      21504      21504          0
            dummy                 0          0          0          0          0
            numproc               6         11        240        240          0
            physpages          1124       1427          0 2147483647          0
            vmguarpages           0          0      33792 2147483647          0
            oomguarpages       1124       1427      26112 2147483647          0
            numtcpsock            2          2        360        360          0
            numflock              0          1        188        206          0
            numpty                1          2         16         16          0
            numsiginfo            0          2        256        256          0
            tcpsndbuf         24640      24640    1720320    2703360          0
            tcprcvbuf         32768          0    1720320    2703360          0
            othersockbuf       4480      21760    1126080    2097152          0
            dgramrcvbuf           0       8384     262144     262144          0
            numothersock          3          7        120        120          0
            dcachesize        53848      57912    3409920    3624960          0
            numfile             184        254       9312       9312          0
            dummy                 0          0          0          0          0
            dummy                 0          0          0          0          0
            dummy                 0          0          0          0          0
            numiptent            10         10        128        128          0
root@server1:~#

The failcnt column is very important, it should contain only zeros; if it doesn't, this means that the vm needs more resources than are currently allocated to the vm. Open the vm's configuration file in /etc/vz/conf and raise the appropriate resource, then restart the vm.

To find out more about the vzctl command, run

man vzctl

 

Share this page:

7 Comment(s)