Difference between revisions of "OpenVZ"
From WA2IAC Wiki
m (→The Author) |
|||
| Line 28: | Line 28: | ||
==== The Author ==== | ==== The Author ==== | ||
| − | This page is | + | This page was, at one point, posted on multiple wikis. |
| + | |||
| + | This (wa2iac.com) is now the authoritative version (2/18/2015). | ||
| + | |||
| + | The author is the award-winning super-dude known across the Galaxy and with callsign WA2IAC. | ||
=== Quick-Start User Guide === | === Quick-Start User Guide === | ||
| Line 34: | Line 38: | ||
==== Create a Container ==== | ==== Create a Container ==== | ||
| + | |||
| + | ===== Simple Example ===== | ||
Become root on the host machine. Once the defaults are set, creating a container is as simple as: | Become root on the host machine. Once the defaults are set, creating a container is as simple as: | ||
<pre> | <pre> | ||
| Line 59: | Line 65: | ||
Pretty simple! Now lets start flipping switches and twisting knobs... | Pretty simple! Now lets start flipping switches and twisting knobs... | ||
| − | + | ===== A More Complex Example ===== | |
To specify the distro and config of the CT, Execute the following commands to view the templates and distros available: | To specify the distro and config of the CT, Execute the following commands to view the templates and distros available: | ||
| Line 81: | Line 87: | ||
# vzctl set 101 --ipadd 1.2.3.4 --nameserver 5.6.7.8 --save | # vzctl set 101 --ipadd 1.2.3.4 --nameserver 5.6.7.8 --save | ||
</pre> | </pre> | ||
| + | |||
| + | ===== Example Demonstrating Configuration Controls ===== | ||
| + | |||
| + | Here is a more practical example, demonstrating some of the controls available... If you're going to rebuild the server, make a script. To roll the same basic config over and over, use command line substitution to allow specifying the Container ID. | ||
| + | |||
| + | <pre> | ||
| + | vzctl create 103 --ostemplate centos-6-x86_64 --config basic | ||
| + | vzctl set 103 --ipadd 10.1.38.45 --nameserver 10.63.255.1 --save | ||
| + | vzctl set 103 --ram 10G --onboot yes --save | ||
| + | vzctl set 103 --cpus 4 --save | ||
| + | vzctl set 103 --diskspace 20G --save | ||
| + | vzctl start 103 | ||
| + | vzctl enter 103 | ||
| + | </pre> | ||
| + | |||
| + | ===== Networking Hints ===== | ||
| + | Remember to provide connectivity for the IP address aliases you are creating on the physical host. While experimenting, you may wish to turn off iptables to avoid frustration. Don't forget to create rules and turn it on again soon! | ||
=== Installation on CentOS 6.3 === | === Installation on CentOS 6.3 === | ||
| Line 124: | Line 147: | ||
</pre> | </pre> | ||
| − | ' | + | ===== CentOS 6.4 sysctl.conf Example ===== |
| + | Here is an example of a currently used CentOS 6.4 sysctl.conf file, but don't just paste this in blindly! YMMV! This is indended only as an example of a completed edit. | ||
| + | |||
| + | <pre> | ||
| + | # Kernel sysctl configuration file for Red Hat Linux | ||
| + | # | ||
| + | # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and | ||
| + | # sysctl.conf(5) for more details. | ||
| + | |||
| + | # Controls IP packet forwarding | ||
| + | net.ipv4.ip_forward = 1 | ||
| + | net.ipv6.conf.default.forwarding = 1 | ||
| + | net.ipv6.conf.all.forwarding = 1 | ||
| + | net.ipv4.conf.default.proxy_arp = 0 | ||
| + | |||
| + | # We do not want all our interfaces to send redirects | ||
| + | net.ipv4.conf.default.send_redirects = 1 | ||
| + | net.ipv4.conf.all.send_redirects = 0 | ||
| + | |||
| + | # Controls source route verification | ||
| + | net.ipv4.conf.default.rp_filter = 1 | ||
| + | |||
| + | # Do not accept source routing | ||
| + | net.ipv4.conf.default.accept_source_route = 0 | ||
| + | |||
| + | # Controls the System Request debugging functionality of the kernel | ||
| + | kernel.sysrq = 1 | ||
| + | |||
| + | # Controls whether core dumps will append the PID to the core filename. | ||
| + | # Useful for debugging multi-threaded applications. | ||
| + | kernel.core_uses_pid = 1 | ||
| + | |||
| + | # Controls the use of TCP syncookies | ||
| + | net.ipv4.tcp_syncookies = 1 | ||
| + | |||
| + | # Disable netfilter on bridges. | ||
| + | net.bridge.bridge-nf-call-ip6tables = 0 | ||
| + | net.bridge.bridge-nf-call-iptables = 0 | ||
| + | net.bridge.bridge-nf-call-arptables = 0 | ||
| + | |||
| + | # Controls the default maxmimum size of a mesage queue | ||
| + | kernel.msgmnb = 65536 | ||
| + | |||
| + | # Controls the maximum size of a message, in bytes | ||
| + | kernel.msgmax = 65536 | ||
| + | |||
| + | # Controls the maximum shared segment size, in bytes | ||
| + | kernel.shmmax = 68719476736 | ||
| + | |||
| + | # Controls the maximum number of shared memory segments, in pages | ||
| + | kernel.shmall = 4294967296 | ||
| + | </pre> | ||
| + | |||
| + | ===== SELinux Configuration ===== | ||
SELinux should be disabled. To that effect, put the following line to /etc/sysconfig/selinux: | SELinux should be disabled. To that effect, put the following line to /etc/sysconfig/selinux: | ||
