This guide is related to an i386 architecture.
Starting with a fresh installation of an Ubuntu 8.04 LTS (Hardy Heron), downloading from here:
Download “ubuntu-8.04.4-server-i386.iso” and burn it to a rewritable CD. Start installation, set your locale, keyboard, location, etc… Set the hostname:
server.dw.lan
Set the new user:
manager
Choose the software to install:
[x] OpenSSH Server
After the first reboot you can login with your previously created username (e.g. manager). Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we can as well enable the root login by running:
sudo passwd root
Then digit a password for root 2 times and remember it. To deactivate (lock) the root login, type:
sudo passwd -l root
To unlock a previously locked root login, type:
sudo passwd -u root
Because the installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100; please note that I replace allow-hotplug eth0 with auto eth0; otherwise restarting the network doesn't work, and we'd have to reboot the whole system):
nano /etc/network/interfaces
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.22
Edit /etc/hosts and add lines similar but appropriate:
nano /etc/hosts
127.0.0.1 localhost 192.168.0.100 server.dw.lan server [...]
Check that we have Fully Qualified Domain Name in /etc/hostname
nano /etc/hostname
server.dw.lan
Then reboot:
reboot
Afterwards, run
hostname hostname -f
It is important that both show server.dw.lan now!
We need /bin/bash, not /bin/dash. Therefore we do this:
dpkg-reconfigure dash
Tell it “no” to the question. This will also retain the change for sure through future updates
AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it:
/etc/init.d/apparmor stop update-rc.d -f apparmor remove aptitude remove apparmor apparmor-utils aptitude purge apparmor
In /etc/apt/sources.list, comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled, then type
aptitude update
to update the apt package database and
aptitude safe-upgrade
to install the latest updates (if there are any).
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run
aptitude install ntp ntpdate
and your system time will always be in sync.
OpenVZ is available in the Ubuntu repositories OpenVZ#8.04 Hardy
Important! Please, make sure that you are using at least the linux-image-2.6.24-19-openvz kernel which is the first really stable kernel without basic usability issues.
To install the OpenVZ kernel and tools, type:
aptitude install linux-openvz vzctl vzquota
Now reboot the server, then check that has boot into the openvz kernel
uname -a
It must output something like this
root@server:~# uname -a Linux server.dw.lan 2.6.24-28-openvz #1 SMP Wed Aug 25 19:14:57 UTC 2010 i686 GNU/Linux root@server:~#
Now remove the -server kernel, or the -generic if you are on a desktop machine
apt-get remove --purge --auto-remove linux-image-.*server
Cleanup the installation packages
apt-get clean
Add these sysctl variables in /etc/sysctl.conf
This step might not be necessary once the vzctl package is going to be updated
[...] # by kokkez # https://help.ubuntu.com/community/OpenVZ#8.04%20Hardy ################################################################### # On Hardware Node we generally need # packet forwarding enabled and proxy arp disabled net.ipv4.conf.default.forwarding=1 net.ipv4.conf.default.proxy_arp=1 net.ipv4.ip_forward=1 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # Enables the magic-sysrq key kernel.sysrq = 1 # TCP Explict Congestion Notification #net.ipv4.tcp_ecn = 0 # we do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0
Also comment out the line:
[...] #vm.mmap_min_addr = 65536 [...]
Apply the sysctl changes
sysctl -p
Create a symlink to /vz because most of the vz tools expects the OpenVZ folders to reside there. This step is not necessary, but can eliminate further problems when other vz related components are installed.
ln -s /var/lib/vz /vz
The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!
Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:
nano /etc/vz/vz.conf
[...] NEIGHBOUR_DEVS=all [...]
Finally, reboot the system:
reboot
exit
If your system reboots without problems, then everything is fine!