Friday, 7 June 2013

What is OpenVZ - page one

OpenVZ is a virtualization technology based on Linux. It allows a physical server to run multiple isolated Linux operating system instances, or Virtual Private Servers (VPSs).

OpenVZ is not true virtualization but really containerization like FreeBSD Jails.

OpenVZ Web Panel is a GUI web-based frontend for controlling of the hardware and virtual servers with the OpenVZ virtualization technology.

This blog describes setting up OpenVZ, OpenVZ Web Panels, and webmin on a Debian minimalistic host.

To jump to a particular topic or page;
What is OpenVZ                                       - page one
Installing Debian Host                               - page two
Installing OpenVZ                                     - page three
Some configuring & template installation - page four
IP layout                                                    - page five
Creating a VPS                                          - page six
installing OpenVZ Web Panel                   - page seven
Webmin; installation and configuration    - page eight
references                                                  - page nine

Installing Debian Host - page two

We start by installing a basic Debian install on the host machine.  Because we won't be installing a lot of extras for the host, and I have an active network connection, I use the net install version of Debian. I prefer to use a 64 bit machine and 64 bit Debian for the host machine.

Download "debian-6.0.6-amd64-netinst.iso ". You can burn it to a regular cd, a credit card cd, or load it to and run it from a usb drive. I normally run it from a usb drive.

To run  Debian 6.0.6 netinstall from a usb, go to http://www.pendrivelinux.com/ and download the Universal USB Installer  or unebootin. Pendrive has a good howto for universal usb installer and unebootin. The good thing about unebootin is there is a windows and linux version.

Using Universal USB Installer
http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

Using Unebootin
http://www.pendrivelinux.com/using-unetbootin-to-create-a-linux-usb-from-linux/.
The unebootin home page is at; http://unetbootin.sourceforge.net/.

Once you have your usb pendrive ready with the debian net install boot your machine up from the usb drive.


Installing Debian is not that hard so I am assuming you can do it without detailed instructions. There is only one point where you need to watch and that is partitioning the hard drive.

OpenVZ recommends using a separate partition for container directories so you can use OpenVZ per-container disk quota. If you are doing this so others can have their own virtual private server, absolutely, you should create separate partitions. 

However I'm doing this just for myself, so it doesn't matter. For disk partitioning I use guided - use the entire disk and put all files into one partition.

For the rest of the Debian install select the defaults. When asked what to install you really only need to select 'standard system utilities'. To make your host remotely accessible and a little more user friendly  also select ' ssh server' and ' graphical desktop environment'.

Once done, we are ready to start configuration for and installation of OpenVZ.

Installing OpenVZ - page three

Most of this section is taken directly from;
http://www.howtoforge.com/installing-and-using-openvz-on-debian-squeeze-amd64

Comments and instructions are in this font; commands you enter are in bold, and settings in config files you enter or verify are in italic bold .

1] To install the openvz kernel and a few utilities, open a root terminal and enter the following:
apt-get install linux-image-openvz-amd64 vzctl vzquota vzdump

2] Create a symlink from /var/lib/vz to /vz to provide backward compatibility:
ln -s /var/lib/vz /vz

3] Open /etc/sysctl.conf and make sure that you have the following settings.
nano /etc/sysctl.conf

 3a] The settings;
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1


     Note: If later you need to modify /etc/sysctl.conf, you can run sysctl -p.

4] Edit  /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:

nano /etc/vz/vz.conf

4a] The settings;
NEIGHBOUR_DEVS=all

The above step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If they are and you don't do this, networking will not work in the virtual machines.

5] Reboot the system;
reboot

Select the openvz kernel on reboot. If your system starts without problems, then everything is ok.

Some configuring and template installation - page four

Once your system reboots open another root terminal and verify your running the openvz kernel.
uname -r

You should see the following displayed;
2.6.32-5-openvz-amd64

Now, to create a virtual machine with OpenVZ, we need a template for the particular distribution we want to use in the virtual machine. You can find a list of pre-created templates at;
http://wiki.openvz.org/Download/template/precreated.

 We will start by downloading a minimal Debian Squeeze amd64  template to the /var/lib/vz/template/cache directory, since this is where templates are stored.
cd /var/lib/vz/template/cache

wget http://download.openvz.org/template/precreated/contrib/debian-6.0-amd64-minimal.tar.gz


     Note; If your host is an i386 system, you cannot use an amd64 template - you must use i386 templates.

IP layout - page five

It is best to use static IP addressess for both your host server and any VPS's you create. So, to prevent collisions between static IP's and dynamic IP's I map out what range of IP's are used for what devices.

To start with, on my router's DHCP server I've reduced the range of possible leases to a hundred. I get a fair number of visitors with wireless devices, and have a fair number of devices myself, but a hundred possible leases is more than enough. I have set the DHCP lease range to 192.168.1.100   -   192.168.1.200. If I need more I can bump the upper range to 192.168.1.255.

I now reserve the first 100 possible IP addresses as static IP addresses. To keep things organized and easier for myself I have divided these 100 up as follows:

192.168.1.xxx
where xxx equals  1 - 20     -     network devices [routers, switches, etc]
where xxx equals 21 - 40     -     shared devices [printers, NAS, etc]
where xxx equals 41 - 60     -     real computers, servers, etc]
where xxx equals 61 - 80     -     virtual devices [VPS, etc]
where xxx equals 81 - 99     -     future use


Devices on my network are as follows;
192.168.1.1      -     default router   [DHCP server on]
192.168.1.10    -     wireless router [DHCP server off]
192.168.1.21    -     my printer
192.168.1.22    -     common use printer
192.168.1.30    -     NAS
192.168.1.31    -     NAS for backups
192.168.1.41    -     my computer
192.168.1.50    -     VPS host server
192.168.1.61    -     VPS 1

To set a static IP on the host VPS server we need to edit /etc/network/interfaces. From a root terminal make the following changes.
nano /etc/network/interfaces

rem out [or delete]
allow-hotplug eth0
iface eth0 inet dhcp


and add
iface eth0 inet static
address 192.168.1.50
netmask 255.255.255.0
gateway 192.168.1.1

Of course you need to restart eth0 to get the new static IP settings assigned. You can do this by stopping and restarting eth0 or by rebooting the machine.
ifconfig eth0 down
ifconfig eth0 up

or
reboot

Next, creating a VPS.

Creating a VPS - page six

To set up a VPS from the debian-6.0-amd64-minimal template, located in /var/lib/vz/template/cache, from a root terminal run:
vzctl create 61 --ostemplate debian-6.0-amd64-minimal --config basic

The number 61 must be a unique ID. Each virtual machine must have its own unique ID, or name. I use the last part of the virtual machine's IP address, to make easy to figure out its IP address.

To set a hostname and IP address for the vps, run;
vzctl set 61 --hostname myvps.com --save
 vzctl set 61 --ipadd 192.168.1.61 --save


If you want the vps started on boot up of your host server, run;
vzctl set 61 --onboot yes --save

To set the number of sockets to say 120 run;
vzctl set 61 --numothersock 120 --save

 To assign nameservers to the vps run:
vzctl set 61 --nameserver 8.8.8.8 --nameserver 8.8.4.4 --save

[8.8.8.8 and 8.8.4.4 are Google Public DNS servers]
[208.67.222.222 and 208.67.220.220 are OpenDNS DNS servers]

To set a root password for the vps, run;
vzctl exec 61 passwd

If you don't want to use the vzctl set commands, you can also edit the vps's configuration file directly. It is stored in the /etc/vz/conf directory. The configuration file of the vps is same as the vps id. In this instance it's; /etc/vz/conf/61.conf.

To start the vps, run;
vzctl start 61

You can connect to the vps via SSH (e.g. with PuTTY), or by running;
vzctl enter 61

To leave the vps's console, enter;
exit

To stop the vps run;
vzctl stop 61

To restart the vps run;
vzctl restart 61

To delete a vps from the host server's hard drive (the vps must be stopped first), run;
vzctl destroy 61

To get a list of your vps's and their statuses run;
vzlist -a

To find out about the resources allocated to a vps run;
vzctl exec 61 cat /proc/user_beancountersexit


In the resulting output the failcnt column is very important. It should contain only zeros. If it doesn't, this means that the vps needs more resources than are currently allocated to it. To raise allocated resources, open the vps's configuration file in /etc/vz/conf, raise the appropriate resource, then restart the vps.

installing OpenVZ Web Panel - page seven

On the host machine open a root terminal and run;
wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh


After installation the control panel will be available through your browser at the following URL:
http://192.168.1.50:3000
or
http://<your-host-name>:3000 


By default the administrator's credentials are: admin/admin.
Important   *****Don't forget to change default password.*****

Webmin; installation and configuration - page eight

Webmin is a web-based interface for system administration for Unix like systems. Using any browser that supports tables and forms (and Java for the File Manager module), you can setup user accounts, Apache, DNS, file sharing and so on.

To get and install the latest Debian package, open a root terminal and;
navigate to the tmp directory
cd /tmp

download webmin;
wget http://www.webmin.com/download/deb/webmin-current.deb

 Installing it will fail, but we can easily fix that afterwards.
dpkg -i  webmin-current.deb


To download required dependencies and fix the failed install run; apt-get install -f

You can access webmin through a web browser from your host server at;
https://localhost:10000

or through a web browser on any machine within your network at;
https://<your-host-name>:10000 
or
https://192.168.1.50:10000

To begin with, you will only be able to log in to webmin with your root account. Log in to webmin and navigate to;
webmin | webmin users | create webmin group

Create a group webminusers, then select the 'convert unix users to webmin users' and convert your initial user account to a webmin account.

While still on the Webmin users page, click on the newly created webmin user group. Click on 'available webmin modules' select all and the click the save button.

You can now log into webmin with either the root account or the initial account you created and have full root privledges through webmin.

Now! Do all the Webmin install again onto the VPS you created.

When finished, you can manage your host;
through webmin at     https://localhost:10000
your hosts VPS'S at    http://localhost:3000 

and your VPS through webmin at     https://192.168.1.61:10000

references - page nine

references:

Debian
http://www.debian.org/
http://www.debian.org/distrib/netinst
http://wiki.debian.org/NetworkConfiguration

Using Universal USB Installer
http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/

Using Unebootin
http://www.pendrivelinux.com/using-unetbootin-to-create-a-linux-usb-from-linux/.
Unebootin home page; http://unetbootin.sourceforge.net/.

OpenVZ
http://en.wikipedia.org/wiki/OpenVZ
http://openvz.org/Main_Page
http://wiki.debian.org/OpenVz
http://www.howtoforge.com/installing-and-using-openvz-on-debian-squeeze-amd64

OVZ Web Panel
http://code.google.com/p/ovz-web-panel/

Webmin
http://www.webmin.com/index.html
http://doxfer.webmin.com/Webmin/Modules



My other blogs:
OpenVZ on Debian                -  http://openvzondeb.blogspot.ca/
Linux Server Hardening        -  http://linuxserverhardening.blogspot.ca/
Icecast on Debian                  -  http://icecastondebian.blogspot.ca/2013/10/page-one_31.html
SSHFS with rcync                 -  http://usingsshfs.blogspot.ca/
SOCKS Tunneling                 -  http://sockstunneling.blogspot.ca/ 
Kobo Arc 7", 64GB               -  http://koboarc.blogspot.ca/ [*new*]
and, a few works in progress:
Short Stories                          -  http://louisebridgewrites.blogspot.ca/
Android TV Sticks                -  http://tvsticks.blogspot.ca/


My Streams:
Ices information panel          -  http://www.eclectica.mx:8000/

One of my streams is an all Neil Young stream.To see its listing on the Icecast Directory [at:  http://dir.xiph.org/ ] search for Neil.
The search results will be: Neil Young [x listeners] " All Neil Young, and only Neil Young."

[all links in this article worked as of 2014/03/25 ]