Ubuntu 10.04 OpenVZ Templates

OpenVZ Logo

OpenVZ is used for Virtualization and is both light weight (minimal software on the host, guests have small footprints on the hard drive, and minimal use of RAM) and fast (native speed).

I know there are some fans of Openvz out there who wish to use Ubuntu templates (you know who you are).

Cautionary note: The init scripts in Ubuntu 10.04 are problematic and you may have problems starting servers. For example , mysql will not start on boot unless you edit /etc/init/mysql.conf . Updates (to upstart and or the boot scripts [ mountall ] ) may break any fixes you add.

Because of these issues, I would hold off on using Ubuntu 10.04 on a “Production” server.

In this post I will walk you through how I create Ubuntu Lucid (10.04) Templates. There have been a few glitches along the way, and I would like to especially thank Stéphane Graber for the Openvz init scripts.

This walk through is loosely based on OpenVZ Debian Template and assumes you have OpenVZ set up and that you know the basics of chroot, debootstrap, and openvz commands.

To make a template, use Debootstrap. for this how-to the chroot (location to build the template) is /vz/private/777.

Note: On Debian / Ubuntu hosts I mount /var/lib/vz at /vz by adding this line in /etc/fstab :

/var/lib/vz /vz bind bind 0 0

To create a template, follow the Ubuntu wiki Debootstrap page.

Debootstrap

I assume you were able to create what will be a chroot at /vz/private/777 via deboostrtap.

sudo mkdir -p /vz/private/777
sudo debootstrap --variant=minbase --arch i386 lucid /vz/private/777 http://archive.ubuntu.com/ubuntu/

Change --arch i386 to --arch amd64 for a 64 bit template.

Template Configuration

Fix openvz – we need an init script for openvz to start

sudo nano /vz/private/777/etc/init/openvz.conf

Add these lines:

# OpenVZ - Fix init sequence to have OpenVZ working with upstart

description "Fix OpenVZ"

start on startup

task
pre-start script
mount -t devpts devpts /dev/pts
mount -t tmpfs varrun /var/run
mount -t tmpfs varlock /var/lock
mkdir -p /var/run/network
if [ ! -e /etc/mtab ]; then
cat /proc/mounts > /etc/mtab
fi
touch /var/run/utmp
chmod 664 /var/run/utmp
chown root.utmp /var/run/utmp
if [ "$(find /etc/network/ -name upstart -type f)" ]; then
chmod -x /etc/network/*/upstart || true
fi
end script

script
start networking
initctl emit filesystem --no-wait
initctl emit local-filesystems --no-wait
initctl emit virtual-filesystems --no-wait
init 2
end script

Init script from Stéphane Graber modified by bodhi.zazen to work with Proxmox

Fix /etc/init/rc.conf . This fix was submitted by Jean-Michel Dault and Tomoiaga (see the comments below).

Open etc/init/rc.conf and comment out the line “console output”

#console output
#env INIT_VERBOSE

Now remove init scripts we do not need (these scripts are not relevant to openvz guests).

cd /vz/private/777/etc/init/
sudo rm -f console* control* hwclock* module* mount* network-interface* plymouth* procps* tty* udev* upstart*

Note: The final init scripts I have (on a template with ssh-server, mysql, and apache) are :

cron.conf
hostname.conf
mysql.conf
networking.conf
openvz.conf
rc-sysinit.conf
rcS.conf
rc.conf
ssh.conf

You can likely remove rcS.conf and rc-sysinit.conf if you wish. cron.conf will fill your logs, so if you do not run cron scripts / jobs you can remove this script as well.

Configure the template (openvz configuration)

sudo vzctl set 777 --applyconfig vps.basic --save
sudo sh -c 'echo "OSTEMPLATE=ubuntu-10.04-i386-minimal" >> /etc/vz/conf/777.conf'

# Set an ipaddress on the guest (adjust for your network)
sudo vzctl set 777 --ipadd 192.168.0.77 --nameserver 192.168.0.1 --save

Start the template and perform additional configuration

Start the template

sudo vzctl start 777

The next series of steps will configure your template. DO NOT RUN THESE COMMANDS ON THE HOST !!!

Enter into the template

sudo vzctl enter 777

Install some additional packages (you need quota, vim/nano are optional).

apt-get install --force-yes -y gpgv
apt-get update

apt-get install -y adduser apt-utils console-setup iproute netbase nano openssh-blacklist openssh-blacklist-extra openssh-server quota ping sudo vim

Put upstart and mountall on hold (these packages will not be upgraded with apt-get upgrade).

echo "mountall hold"|dpkg --set-selections
echo "upstart hold"|dpkg --set-selections

Replace rsyslog with syslog-ng.

rsyslog is the default in Ubuntu, but, IMO, rsyslog does not work well in an OpenVZ VPS, so I suggest you replace it with syslog-ng.

apt-get purge rsyslog
apt-get -y install syslog-ng

“Fix” Modprobe –

modprobe does not work inside openvz templates, and any script/binary which call modprobe will fail. As a potential fix you can remove modprobe and link to /bin/true

rm /sbin/modprobe
ln -s /bin/true /sbin/modprobe

Depending on the script this may or may not help. For example it helps with ufw, but does not fix all the problems with ufw :

See this discussion on the openVZ forums .

Lock down the root account. If you lock the root account, and wish to access the guest via ssh, you will need to create additional user accounts and configure sudo (in the template). I do this after bringing up a guest and so it is not part of template configuration.

chmod 700 /root
usermod -p '!' root

Fix ssh

sed -i -e 's_oom never_#oom never_g' /etc/init/ssh.conf

Edit /etc/apt/sources.list, add these repositories (if you so desire).

deb http://us.archive.ubuntu.com/ubuntu/ lucid main universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security main universe multiverse

Set a few aliases. This is optional, but I set these in /root/.bashrc .

alias ll="ls -l"
alias la="ls -A"
alias nano="nano -w"
alias cp="cp -i"
alias mv="mv -i"
alias rm="rm -i"

Set locale (adjust your language accordingly).

apt-get update
apt-get -y install language-pack-en
locale-gen en_US.UTF-8
/usr/sbin/update-locale LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8" LC_ALL="en_US.UTF-8" LC_CTYPE="C"

Next edit /etc/environment and define your environmental variables:

LANG="en_US.UTF-8"
LANGUAGE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LC_CTYPE="C"

Package the template

I strongly suggest you use the “S15ssh_gen_host_keys” script to automatically generate a unique set of ssh host keys for each openvz template.

Run these commands in the TEMPLATE , not the host.

# clean your packages
apt-get clean
apt-get autoremove

#Generate a unique set of ssh (host) keys.
rm -f /etc/ssh/ssh_host_*

cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/sh
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF

chmod a+x /etc/rc2.d/S15ssh_gen_host_keys

# disable some unnecessary boot scripts
update-rc.d -f ondemand remove

# Clear log files
> /etc/resolv.conf \
echo localhost > /etc/hostname \
> /var/log/messages; > /var/log/auth.log; > /var/log/kern.log; > /var/log/bootstrap.log; \
> /var/log/dpkg.log; > /var/log/syslog; > /var/log/daemon.log; > /var/log/apt/term.log; rm -f /var/log/*.0 /var/log/*.1

Exit the template.

exit

On the HOST stop the template and package.

vzctl set 777 --ipdel all --nameserver ' ' --save
vzctl stop 777

Package with tar

cd /vz/private/777
tar --numeric-owner -vzcf /vz/template/cache/ubuntu-10.04-i386-minimal.tar.gz .

Test the template

sudo vzctl create 888 --ostemplate ubuntu-10.04-i386-minimal
sudo vzctl set 888 --ipadd 192.168.0.88 --nameserver 192.168.0.1 --hostname ubuntu-minimal --save
sudo vzctl start 888

If all went well you should have a working Ubuntu template.

I am always looking for comments or feedback on my templates.

I will post Ubuntu 10.04 templates for others to download in the near future.

This entry was posted in Linux and tagged , . Bookmark the permalink.

45 Responses to Ubuntu 10.04 OpenVZ Templates

  1. Pingback: Webmaster Crap » Blog Archive » Shadows of epiphany » Blog Archive » Ubuntu 10.04 OpenVZ Templates

  2. Thanks for the article. I copied couple of things to my script. I also noticed a typo:
    sudo rm -f /etc/private/777/etc/init/plymouth*
    should be:
    sudo rm -f /vz/private/777/etc/init/plymouth*

    And I’m thinking about the modprobe stuff, maybe it doesn’t apply on Lucid, because the module-init-tools package is not removable hence /sbin/modprobe is present and running the “ln -s /bin/true /sbin/modprobe” fails with “ln: creating symbolic link `/sbin/modprobe': File exists” Maybe it would needed to be deleted first and then the link created. I haven’t tested that, though.

    And at last I copy the language setting into /etc/default/locale instead of the /etc/environment only because I found it there on a stock install, but I guess it work both ways.

    Thanks again,
    Karoly

  3. Pingback: Bodhi.Zazen: Ubuntu 10.04 OpenVZ Templates | TuxWire

  4. Pingback: Tweets that mention Shadows of epiphany » Blog Archive » Ubuntu 10.04 OpenVZ Templates -- Topsy.com

  5. Sean Clarke says:

    Hasn’t OpenVZ been superseded by LXC? Are there any LXC templates available?

  6. bodhi.zazen says:

    Thank you very much for the feedback Karoly Molnar , it is greatly appreciated.

    I went through the post last night and made a few revisions. If you have any further suggestions feel free to send them my way =)

  7. bodhi.zazen says:

    LXC will eventually replace OpenVZ but not for some time.

    LXC falls short on several major issues:

    1. Lack of adequate documentation.

    2. Lack of migration tools.

    3. There remain what many, myself included, consider significant security issues. IMO it is far too easy to break out of a LXC guest.

    4. Many of the LXC scripts to make LXC guests are suboptimal.

    5. LXC is in rapid development, both in terms of kernel development as well as user scripts. While this is exciting, I would not advise LXC on a production machine at this time.

    As one person put it on IRC – “I do not know anyone who has tried LXC more then once”.

    There is a discussion thread on the Ubuntu forums:

    http://ubuntuforums.org/showthread.php?t=1382823

    So while there are dedicated developers working diligently on the project, and while their efforts are greatly appreciated, those outside the project have not yet had broad success.

    I have several blogs on LXC if you wish to try it out. I posted several LXC templates as well:

    http://bodhizazen.fivebean.net/LXC/

    If you are interested in LXC I highly suggest you subscribe to the mailing list as at the moment that is the best source of information of problems, bug fixes, and new developments.

    The OpenVZ project, on the other hand, just released an updated 2.6.32 kernel:

    http://wiki.openvz.org/Download/kernel/2.6.32/2.6.32-avdeyev.1

    At the moment, the kernel is .rpm (Centos host), although the kernel is in the Debian (sid) repository and will likely become available on Debian and Ubuntu (I hope).

    IMO Openzv remains a viable option.

  8. Pingback: Shadows of epiphany » Blog Archive » Download Ubuntu 10.04 OpenVZ Templates

  9. When shutting down a VZ, it takes a really long time.

    In the logs we see:
    Failed to spawn rc main process: unable to open console: Operation not permitted

    Solution: comment “console output” in etc/init/rc.conf in the template.

  10. narcisgarcia says:

    Me and a lot of people I suppose start to search these procedures in Ubuntu’s help/wiki:

    https://help.ubuntu.com/community/OpenVZ

    At least a link there could be a good help. I’ve dedicated some hours with this before finding your tutorial.

  11. narcisgarcia says:

    Please, can you look at his Ubuntu’s forum thread?

    http://ubuntuforums.org/showthread.php?p=9227854

  12. bodhi.zazen says:

    Thank you Jean-Michel Dault , I will add that tip to the main tutorial.

  13. bodhi.zazen says:

    I looked at the init scripts and logs and revised this blog / post.

    The Ubuntu template now works with Proxmox and I will upload a revised set of templates tomorrow.

    ~bodhi.zazen

  14. Daniel says:

    Thanks, much appreciated.

    I’m thinking about creating a custom .deb package, which will help me with upgrading existing Hardy containers (on a Hardy host); using a new template is not really an option when you want to upgrade.

    Additionally, it would be interesting to have updated kernel images for the host – I’m running Hardy (2.6.24) there still.

  15. bodhi.zazen says:

    @Daniel – The openvz project is working on an updated kernel, I suggest you join the openvz mailing list.

    In fact they have a 2.6.32 kernel , it works on .rpm systems and I have imported it to Debian but not Ubuntu.

    In terms of guests, how would you make a .deb to perform an update ? It would imagine it would be a script and perhaps an openvz.conf .

  16. bodhi.zazen says:

    @ narcisgarcia : Done, posted a reply on the Ubuntu Forums.

  17. bodhi.zazen says:

    @narcisgarcia : Well, Ubuntu no longer maintains OpenVZ, either as a host or a guest, and the Ubuntu wiki pages shows it’s age.

    I updated the wiki page somewhat, mainly by adding external references, including to my blog, my templates, the openvz project.

    I am sorry Ubuntu does not support OpenVZ, so looking for support on the Ubuntu forums, Ubuntu Wiki, and Launchpad may be as productive as you would hope.

    From your posts I can see you are interested in Openvz, and IMO the OpenVZ project (wiki and mailing list) is a better source of information then the Ubuntu Wiki.

    Alternates to Ubuntu (in the order I would advise to you) include Proxmox, Centos, and Debian.

  18. narcisgarcia says:

    Ok, moving atention from Ubuntu wiki to OpenVZ wiki:

    http://wiki.openvz.org/Ubuntu_Lucid_template_creation

  19. Daniel says:

    @bodhi
    > In terms of guests, how would you make a .deb to perform an update ?
    > It would imagine it would be a script and perhaps an openvz.conf .”

    Yes.
    It could also provide diversions of some scripts (e.g. changing or removing them) and conflict on packages that should get removed (e.g. upstart related things).

  20. bodhi.zazen says:

    @Daniel – I think a .deb would be inefficient. Updating is basically a script.

    Once you write the script you may package it into a .deb , but you could as easily just run the script.

    https://synthesize.us/HOWTO_make_a_deb_archive_without_dpkg

    That link will walk you through the process.

    For a more complete guide on building .deb see :

    https://wiki.ubuntu.com/PackagingGuide/Complete

    PPA:
    https://help.launchpad.net/Packaging/PPA
    https://help.launchpad.net/Packaging/PPA/Uploading

  21. Pingback: printf(" SaltwaterC "); » Blog Archive » Ubuntu 10.04 Lucid Lynx și OpenVZ

  22. Pingback: » (Solved) troubles with Ubuntu, VirtualBox, OpenVZ/Proxmox and MySQL - dominykas.com

  23. Tony says:

    hey

    if it’s possible, please, share templates archives

  24. bodhi.zazen says:

    Tony: I posted a link to Ubuntu 10.04 templates in this blog :

    http://blog.bodhizazen.net/linux/download-ubuntu-10-04-openvz-templates/

    Direct link :

    http://bodhizazen.fivebean.net/openvz/

    Is there something more you are wanting ?

  25. Miha says:

    Hi Bodhi.

    you probably noticed that firewalls are real PITA in OpenVZs.. well here is a fix for apf-firewall (as named in Ubuntu) e.g apf package firewall.

    After you add necessary iptables mmodules into /etc/vz/vz.conf IPTABLES line this needs to be added into openvz.conf startup script after the last fi

    KERNEL=`uname -r`;

    #kernel module directory?
    if [ ! -d /lib/modules/$KERNEL/ ]; then
    mkdir -p /lib/modules/$KERNEL/
    fi

    #modules.dep file?
    if [ ! -e /lib/modules/$KERNEL/modules.dep ]; then
    depmod -a
    fi

    This gets rid of FATAL: Could not load /lib/modules//modules.dep: No such file or directory when starting apf

  26. Miha says:

    @Bodhi. BTW removing procps* from /etc/init is a BAD idea as you are unable to set kernel.shmmax from sysctl.conf file because of that

  27. For fixing the MySQL startup problem, Would it be better, in the long term, to add this to openvz.conf?

    initctl emit net-device-up –no-wait

    I was considering filing a bug with Ubuntu saying that the network isn’t required for MySQL to run, but I imagine as they progress, more and more services will be use upstart and the net-device-up (like apache or other network services). Adding the line above can be done in the templates, should survive upgrades, doesn’t require Ubuntu to fix, and should continue to work in future versions.

    I just spent a few hours debugging this issues after thinking it was a problem with another software (it didn’t help that I only rebooted the ma

  28. Be careful copying my comment from above, something converted the two dashes (-) to a long dash! if you do not fix this, your script will not get to the init 2 and will probably not do very much.

    @Bodhi, could you remove the last paragraph of my last comment and possibly fix the double-dash issue. Thanks!

  29. Pingback: Install OpenVZ on Ubuntu - OpenVZ Ubuntu

  30. Pingback: Shadows of epiphany » Blog Archive » Ubuntu 10.10 OpenVZ Templates

  31. andisaputro says:

    i see no simfs for / partition at the container, how should i do to appear this.

  32. Pingback: Shadows of epiphany » Blog Archive » Ubuntu 10.10 OpenVZ Templates

  33. Narcis Garcia says:

    To allow upgrades is needed to freeze also ifupdown package:

    echo ‘ifupdown hold’ | dpkg –set-selections

  34. Narcis Garcia says:

    “ubuntu-10.04-x86″ template (2010-07-10) in:
    http://wiki.openvz.org/Download/template/precreated

    Doesn’t need the “/etc/init/openvz.conf” script. Why?

  35. bodhi.zazen says:

    @Narcis Garcia: I have not used that template, I would have to look at it.

    Does it work ?

  36. Ben says:

    Can you create a template of ubuntu server with this method ?

  37. Narcis Garcia says:

    The precreated template works only applying these commands:
    echo “mountall hold” | dpkg –set-selections
    echo “upstart hold” | dpkg –set-selections
    echo “ifupdown hold” | dpkg –set-selections

  38. Narcis Garcia says:

    Do you know how to recover the capability of cleaning /tmp on each boot?

    I don’t find the initscript responsible to read TMPTIME variable in /etc/default/rcS and work.

  39. Adrian Moya says:

    @Alexander Reece: I applied your fix for mysql startup and it works ok, but I have the same issue with apache2. Any help? apache2 doesn’t start at boot.

  40. bodhi.zazen says:

    @Adrian Moya: I have not had any problem with apache.

    Any clue in the logs or when starting apache from the command line ?

  41. Adrian Moya says:

    @ bodhi.zazen: I think I tracked down the issue to a very specific problem of the appliances I’m converting (BTW, many thanks for this post). I’m finalizing a conversion script based on you method for the turnkeylinux project, I’ll end up the tests but already confirmed that during startup, the automatic preseed scripts of the appliances was hanging waiting for user input, and this is why apache isn’t started. Thanks!

  42. wacek says:

    Dont use the proxmox modyfied version ” Init script from Stéphane Graber modified by bodhi.zazen to work with Proxmox”
    It prevent V- instance to operate.
    I have proxmox 1.5. Ubuntu 10.04 vm wont start after this modifications. Just leave conf as original post states.

  43. Pingback: OpenVZ, Ubuntu 10.04 and MySQL on system startup « Vesa's tech corner

  44. Pingback: Virtualization using Proxmox VE | Linux Admins

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>