Difference between revisions of "OpenVZ"
From WA2IAC Wiki
(Created page with "=== Introduction === OpenVZ is an open-source virtualization system for Linux. It is kernel and container based. It is not a hypervisor-based system. The kernel is shared amon...") |
m (→The Author) |
||
| Line 1: | Line 1: | ||
| + | OpenVZ is a lightweight, secure, high-performance virtualization system for Linux. See also the [http://openvz.org OpenVZ Website]. | ||
=== Introduction === | === Introduction === | ||
| − | OpenVZ is an open-source virtualization system for Linux. It is kernel and container based. It is not a hypervisor-based system. The kernel is shared among the host and its guests. Guests may run any distribution of Linux compatible with the kernel being run on the host. | + | (Broomfield, 03/14/2013) OpenVZ is an open-source virtualization system for Linux. It is kernel and container based. It is not a hypervisor-based system. The kernel is shared among the host and its guests. Guests may run any distribution of Linux compatible with the kernel being run on the host. |
The major benefits of OpenVZ are: | The major benefits of OpenVZ are: | ||
| Line 25: | Line 26: | ||
==== Uncategorized Factoids ==== | ==== Uncategorized Factoids ==== | ||
Container numbers (CT or CTID) are mapped to the host system's UID's (User IDs). They are specified as starting with 100 and increasing. Since I have installed on clean systems, I can't say what happens if you try to create a container with an ID number that already exists for a host username. | Container numbers (CT or CTID) are mapped to the host system's UID's (User IDs). They are specified as starting with 100 and increasing. Since I have installed on clean systems, I can't say what happens if you try to create a container with an ID number that already exists for a host username. | ||
| + | |||
| + | ==== The Author ==== | ||
| + | This page was, at one point, posted on multiple wikis. | ||
| + | |||
| + | This (wa2iac.com) is now the authoritative version (2/18/2015). | ||
| + | |||
| + | The author is the award-winning super-dude known across the Galaxy and with callsign WA2IAC. | ||
| + | |||
=== Quick-Start User Guide === | === Quick-Start User Guide === | ||
| − | + | The good news is that (what should be) routine tasks like creating, starting, stopping and destroying a container... along with administering it... are all very easy and require very little typing in OpenVZ. Network setup for containers providing services to the network is automatic. This implies that you must be disciplined in allocating and documenting IPs used by containers. With power comes the requirement for responsibility! | |
==== Create a Container ==== | ==== Create a Container ==== | ||
| + | |||
| + | ===== Simple Example ===== | ||
Become root on the host machine. Once the defaults are set, creating a container is as simple as: | Become root on the host machine. Once the defaults are set, creating a container is as simple as: | ||
<pre> | <pre> | ||
| Line 47: | Line 58: | ||
logout | logout | ||
exited from CT 101 | exited from CT 101 | ||
| + | </pre> | ||
| + | Before we move on... where do the files go? ls /vz/private and you'll see a directory "101", that's where the file structure for container, or CT #101 lives on the host machine. Now, let's destroy that container, as it was just a simple example! | ||
| + | <pre> | ||
| + | # vzctl destroy 101 | ||
</pre> | </pre> | ||
Pretty simple! Now lets start flipping switches and twisting knobs... | Pretty simple! Now lets start flipping switches and twisting knobs... | ||
| + | |||
| + | ===== A More Complex Example ===== | ||
To specify the distro and config of the CT, Execute the following commands to view the templates and distros available: | To specify the distro and config of the CT, Execute the following commands to view the templates and distros available: | ||
| Line 59: | Line 76: | ||
<pre> | <pre> | ||
# vzctl create 101 --ostemplate centos-6-x86_64 --config basic | # vzctl create 101 --ostemplate centos-6-x86_64 --config basic | ||
| + | # vzctl start 101 | ||
| + | # vzctl enter 101 | ||
</pre> | </pre> | ||
Note that '.tar.gz' was not included in the ostemplate specification. For the config arg, the "ve-" prefix and "-sample" were not included. Note also that 107 is the CT id, and it's above 100. All CT numbers below 100 are reserved! The defaults for these parameters can be set in /etc/sysconfig/vz so the host system administrator should set appropriate defaults there. | Note that '.tar.gz' was not included in the ostemplate specification. For the config arg, the "ve-" prefix and "-sample" were not included. Note also that 107 is the CT id, and it's above 100. All CT numbers below 100 are reserved! The defaults for these parameters can be set in /etc/sysconfig/vz so the host system administrator should set appropriate defaults there. | ||
| + | And what about that '--config' arg? Look in ''/etc/vz/conf'' to see what's available. It's a link to ''/etc/sysconfig/vz-scripts'' as mentioned above. You can start with one of those templates and create your own. | ||
| + | |||
| + | Getting on the network isn't too hard. The key commands are: | ||
| + | <pre> | ||
| + | # vzctl set 101 --ipadd 1.2.3.4 --nameserver 5.6.7.8 --save | ||
| + | </pre> | ||
| + | |||
| + | ===== Example Demonstrating Configuration Controls ===== | ||
| + | |||
| + | Here is a more practical example, demonstrating some of the controls available... If you're going to rebuild the server, make a script. To roll the same basic config over and over, use command line substitution to allow specifying the Container ID. | ||
| + | |||
| + | <pre> | ||
| + | vzctl create 103 --ostemplate centos-6-x86_64 --config basic | ||
| + | vzctl set 103 --ipadd 10.1.38.45 --nameserver 10.63.255.1 --save | ||
| + | vzctl set 103 --ram 10G --onboot yes --save | ||
| + | vzctl set 103 --cpus 4 --save | ||
| + | vzctl set 103 --diskspace 20G --save | ||
| + | vzctl start 103 | ||
| + | vzctl enter 103 | ||
| + | </pre> | ||
| + | |||
| + | ===== Networking Hints ===== | ||
| + | Remember to provide connectivity for the IP address aliases you are creating on the physical host. While experimenting, you may wish to turn off iptables to avoid frustration. Don't forget to create rules and turn it on again soon! | ||
=== Installation on CentOS 6.3 === | === Installation on CentOS 6.3 === | ||
| Line 76: | Line 118: | ||
Run the following command | Run the following command | ||
<pre> | <pre> | ||
| − | # yum install | + | # yum install vzkernel |
</pre> | </pre> | ||
| + | Before answering 'y' check that the arch is correct. If there is an issue, consider those surrounding the "yum install [o]vzkernel[-flavor]" variants. | ||
| + | |||
==== Configuring ==== | ==== Configuring ==== | ||
Please make sure the following steps are performed before rebooting into OpenVZ kernel. | Please make sure the following steps are performed before rebooting into OpenVZ kernel. | ||
| − | + | ===== /etc/sysctl.conf ===== | |
There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in /etc/sysctl.conf file. Here are the relevant portions of the file; please edit accordingly. | There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in /etc/sysctl.conf file. Here are the relevant portions of the file; please edit accordingly. | ||
| Line 103: | Line 147: | ||
</pre> | </pre> | ||
| − | ' | + | ===== CentOS 6.4 sysctl.conf Example ===== |
| + | Here is an example of a currently used CentOS 6.4 sysctl.conf file, but don't just paste this in blindly! YMMV! This is indended only as an example of a completed edit. | ||
| + | |||
| + | <pre> | ||
| + | # Kernel sysctl configuration file for Red Hat Linux | ||
| + | # | ||
| + | # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and | ||
| + | # sysctl.conf(5) for more details. | ||
| + | |||
| + | # Controls IP packet forwarding | ||
| + | net.ipv4.ip_forward = 1 | ||
| + | net.ipv6.conf.default.forwarding = 1 | ||
| + | net.ipv6.conf.all.forwarding = 1 | ||
| + | net.ipv4.conf.default.proxy_arp = 0 | ||
| + | |||
| + | # We do not want all our interfaces to send redirects | ||
| + | net.ipv4.conf.default.send_redirects = 1 | ||
| + | net.ipv4.conf.all.send_redirects = 0 | ||
| + | |||
| + | # Controls source route verification | ||
| + | net.ipv4.conf.default.rp_filter = 1 | ||
| + | |||
| + | # Do not accept source routing | ||
| + | net.ipv4.conf.default.accept_source_route = 0 | ||
| + | |||
| + | # Controls the System Request debugging functionality of the kernel | ||
| + | kernel.sysrq = 1 | ||
| + | |||
| + | # Controls whether core dumps will append the PID to the core filename. | ||
| + | # Useful for debugging multi-threaded applications. | ||
| + | kernel.core_uses_pid = 1 | ||
| + | |||
| + | # Controls the use of TCP syncookies | ||
| + | net.ipv4.tcp_syncookies = 1 | ||
| + | |||
| + | # Disable netfilter on bridges. | ||
| + | net.bridge.bridge-nf-call-ip6tables = 0 | ||
| + | net.bridge.bridge-nf-call-iptables = 0 | ||
| + | net.bridge.bridge-nf-call-arptables = 0 | ||
| + | |||
| + | # Controls the default maxmimum size of a mesage queue | ||
| + | kernel.msgmnb = 65536 | ||
| + | |||
| + | # Controls the maximum size of a message, in bytes | ||
| + | kernel.msgmax = 65536 | ||
| + | |||
| + | # Controls the maximum shared segment size, in bytes | ||
| + | kernel.shmmax = 68719476736 | ||
| + | |||
| + | # Controls the maximum number of shared memory segments, in pages | ||
| + | kernel.shmall = 4294967296 | ||
| + | </pre> | ||
| + | |||
| + | ===== SELinux Configuration ===== | ||
SELinux should be disabled. To that effect, put the following line to /etc/sysconfig/selinux: | SELinux should be disabled. To that effect, put the following line to /etc/sysconfig/selinux: | ||
| Line 109: | Line 206: | ||
SELINUX=disabled | SELINUX=disabled | ||
</pre> | </pre> | ||
| + | |||
==== Reboot into OpenVZ kernel ==== | ==== Reboot into OpenVZ kernel ==== | ||
| Line 119: | Line 217: | ||
OpenVZ needs some user-level tools installed. Those are: | OpenVZ needs some user-level tools installed. Those are: | ||
| − | vzctl | + | '''vzctl''' |
| − | + | *A utility to control OpenVZ containers (create, destroy, start, stop, set parameters etc.) | |
| − | vzquota | + | |
| − | + | '''vzquota''' | |
| + | *A utility to manage quotas for containers. Mostly used indirectly (by vzctl). | ||
<pre> | <pre> | ||
# yum install vzctl vzquota | # yum install vzctl vzquota | ||
| − | + | </pre> | |
If on the x86_64 platform you would probably want to: | If on the x86_64 platform you would probably want to: | ||
| − | + | <pre> | |
# yum install vzctl.x86_64 vzquota.x86_64 | # yum install vzctl.x86_64 vzquota.x86_64 | ||
</pre> | </pre> | ||
| Line 149: | Line 248: | ||
An OS template cache is a Linux distribution installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a matter of minutes. | An OS template cache is a Linux distribution installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a matter of minutes. | ||
| − | Download precreated template caches from Downloads » Templates » Precreated, or directly from download.openvz.org/template/precreated, or from one of the mirrors. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory (for | + | Download precreated template caches from Downloads » Templates » Precreated, or directly from download.openvz.org/template/precreated, or from one of the mirrors. Another possible source is a another OpenVZ host nearby. You probably don't need them all, so you may want to be selective. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory (for Debian, this is /var/lib/vz/template/cache/). Here's an example to get fedora templates onto OpenVZ running on CentOS: |
| − | Next | + | |
| + | <pre> | ||
| + | $ cd /vz/template/cache | ||
| + | $ wget http://download.openvz.org/template/precreated/fedora* | ||
| + | </pre> | ||
| + | |||
| + | ==== Next Steps ==== | ||
| − | OpenVZ is now set up on your machine. To load OpenVZ kernel by default, edit the default line in the /boot/grub/grub.conf file to point to the OpenVZ kernel. For example, if the OpenVZ kernel is the first kernel mentioned in the file, put it as default 0. See man grub.conf for more details. | + | OpenVZ is now set up on your machine. To load OpenVZ kernel by default, edit the default line in the /boot/grub/grub.conf file to point to the OpenVZ kernel. For example, if the OpenVZ kernel is the first kernel mentioned in the file, put it as default 0. See man grub.conf for more details. |
==== Source Reference(s) ==== | ==== Source Reference(s) ==== | ||
| Line 193: | Line 298: | ||
==== Contrib Distros ==== | ==== Contrib Distros ==== | ||
| − | There are "minimal" configuration distros that may be of use, and are available in the 'contrib' distro directory. Many of those that are in the RedHat family do not include an install of 'yum' | + | There are "minimal" configuration distros that may be of use, and are available in the 'contrib' distro directory. Many of those that are in the RedHat family do not include an install of 'yum'. |
