====== Preparation of an hardware node for installing OpenVZ ======
This guide is related to an i386 architecture.
===== Download & install =====
Starting with a fresh installation of an Ubuntu 8.04 LTS (Hardy Heron), downloading from here:
[[http://releases.ubuntu.com/8.04.4/ubuntu-8.04.4-server-i386.iso|ubuntu-8.04.4-server-i386]]
Download "ubuntu-8.04.4-server-i386.iso" and burn it to a rewritable CD. Start installation, set your locale, keyboard, location, etc...
Set the hostname:
server.dw.lan
Set the new user:
manager
Choose the software to install:
[x] OpenSSH Server
===== Activate the "root" user =====
After the first reboot you can login with your previously created username (e.g. manager). Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we can as well enable the root login by running:
sudo passwd root
Then digit a password for root 2 times and remember it.
To deactivate (lock) the root login, type:
sudo passwd -l root
To unlock a previously locked root login, type:
sudo passwd -u root
===== Configure The Network =====
Because the installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit **/etc/network/interfaces** and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100; please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):
nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.22
Edit /etc/hosts and add lines similar but appropriate:
nano /etc/hosts
127.0.0.1 localhost
192.168.0.100 server.dw.lan server
[...]
Check that we have Fully Qualified Domain Name in /etc/hostname
nano /etc/hostname
server.dw.lan
Then reboot:
reboot
Afterwards, run
hostname
hostname -f
It is important that both show **server.dw.lan** now!
===== Change The Default Shell =====
We need /bin/bash, not /bin/dash. Therefore we do this:
dpkg-reconfigure dash
Tell it "no" to the question. This will also retain the change for sure through future updates
===== Disable AppArmor =====
AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it:
/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils
aptitude purge apparmor
===== Update the Linux Installation =====
In **/etc/apt/sources.list**, comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled, then type
aptitude update
to update the apt package database and
aptitude safe-upgrade
to install the latest updates (if there are any).
===== Synchronize the System Clock =====
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run
aptitude install ntp ntpdate
and your system time will always be in sync.
===== Installing OpenVZ =====
OpenVZ is available in the Ubuntu repositories
[[https://help.ubuntu.com/community/OpenVZ#8.04%20Hardy|OpenVZ#8.04 Hardy]]
Important! Please, make sure that you are using at least the **linux-image-2.6.24-19-openvz** kernel which is the first really stable kernel without basic usability issues.
To install the OpenVZ kernel and tools, type:
aptitude install linux-openvz vzctl vzquota
Now reboot the server, then check that has boot into the **openvz** kernel
uname -a
It must output something like this
root@server:~# uname -a
Linux server.dw.lan 2.6.24-28-openvz #1 SMP Wed Aug 25 19:14:57 UTC 2010 i686 GNU/Linux
root@server:~#
Now remove the **-server** kernel, or the **-generic** if you are on a desktop machine
apt-get remove --purge --auto-remove linux-image-.*server
Cleanup the installation packages
apt-get clean
===== Configuring OpenVZ =====
Add these sysctl variables in **/etc/sysctl.conf**\\
This step might not be necessary once the vzctl package is going to be updated
[...]
# by kokkez
# https://help.ubuntu.com/community/OpenVZ#8.04%20Hardy
###################################################################
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp=1
net.ipv4.ip_forward=1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Also comment out the line:
[...]
#vm.mmap_min_addr = 65536
[...]
Apply the sysctl changes
sysctl -p
Create a symlink to /vz because most of the vz tools expects the OpenVZ folders to reside there. This step is not necessary, but can eliminate further problems when other vz related components are installed.
ln -s /var/lib/vz /vz
The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!
Open **/etc/vz/vz.conf** and set NEIGHBOUR_DEVS to all:
nano /etc/vz/vz.conf
[...]
NEIGHBOUR_DEVS=all
[...]
Finally, reboot the system:
reboot
exit
If your system reboots without problems, then everything is fine!
[[openvz:using-openvz|Using OpenVZ]]\\
[[openvz:backing-up-containers|Backing up containers]]\\
[[openvz:restoring-containers|Restoring containers]]