This guide is related to an i386 architecture.

Starting with a fresh installation of an Ubuntu 8.04 LTS (Hardy Heron), downloading from here:

ubuntu-8.04.4-server-i386

Download “ubuntu-8.04.4-server-i386.iso” and burn it to a rewritable CD. Start installation, set your locale, keyboard, location, etc… Set the hostname:

server.dw.lan

Set the new user:

manager

Choose the software to install:

[x] OpenSSH Server

After the first reboot you can login with your previously created username (e.g. manager). Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we can as well enable the root login by running:

sudo passwd root

Then digit a password for root 2 times and remember it. To deactivate (lock) the root login, type:

sudo passwd -l root

To unlock a previously locked root login, type:

sudo passwd -u root

Because the installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100; please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):

nano /etc/network/interfaces

interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
auto eth0
iface eth0 inet static
	address 192.168.0.100
	netmask 255.255.255.0
	network 192.168.0.0
	broadcast 192.168.0.255
	gateway 192.168.0.22

Edit /etc/hosts and add lines similar but appropriate:

nano /etc/hosts

hosts

127.0.0.1      localhost
192.168.0.100  server.dw.lan  server
[...]

Check that we have Fully Qualified Domain Name in /etc/hostname

nano /etc/hostname

hostname

server.dw.lan

Then reboot:

reboot

Afterwards, run

hostname
hostname -f

It is important that both show server.dw.lan now!

We need /bin/bash, not /bin/dash. Therefore we do this:

dpkg-reconfigure dash

Tell it “no” to the question. This will also retain the change for sure through future updates

AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it:

/etc/init.d/apparmor stop
update-rc.d -f apparmor remove
aptitude remove apparmor apparmor-utils
aptitude purge apparmor

In /etc/apt/sources.list, comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled, then type

aptitude update

to update the apt package database and

aptitude safe-upgrade

to install the latest updates (if there are any).

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

aptitude install ntp ntpdate

and your system time will always be in sync.

OpenVZ is available in the Ubuntu repositories OpenVZ#8.04 Hardy

To install the OpenVZ kernel and tools, type:

aptitude install linux-openvz vzctl vzquota

Now reboot the server, then check that has boot into the openvz kernel

uname -a

It must output something like this

root@server:~# uname -a
Linux server.dw.lan 2.6.24-28-openvz #1 SMP Wed Aug 25 19:14:57 UTC 2010 i686 GNU/Linux
root@server:~#

Now remove the -server kernel, or the -generic if you are on a desktop machine

apt-get remove --purge --auto-remove linux-image-.*server

Cleanup the installation packages

apt-get clean

Add these sysctl variables in /etc/sysctl.conf
This step might not be necessary once the vzctl package is going to be updated

sysctl.conf

[...]
# by kokkez
# https://help.ubuntu.com/community/OpenVZ#8.04%20Hardy
###################################################################
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
 
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp=1
net.ipv4.ip_forward=1
 
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
 
# Enables the magic-sysrq key
kernel.sysrq = 1
 
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
 
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Also comment out the line:

sysctl.conf

[...]
#vm.mmap_min_addr = 65536
[...]

Apply the sysctl changes

sysctl -p

Create a symlink to /vz because most of the vz tools expects the OpenVZ folders to reside there. This step is not necessary, but can eliminate further problems when other vz related components are installed.

ln -s /var/lib/vz /vz

The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!

Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:

nano /etc/vz/vz.conf

sysctl.conf

[...]
NEIGHBOUR_DEVS=all
[...]

Finally, reboot the system:

reboot
exit

If your system reboots without problems, then everything is fine!

Using OpenVZ
Backing up containers
Restoring containers