Ubuntu 10.10 OpenVZ Templates

OpenVZ Logo

OpenVZ is used for Virtualization and is both light weight (minimal software on the host, guests have small footprints on the hard drive, and minimal use of RAM) and fast (native speed).

I know there are some fans of Openvz out there who wish to use Ubuntu templates (you know who you are).

Cautionary note: The init (upstart) scripts in Ubuntu 10.10 may be problematic and there may problems starting services.

The most common “fix” is to edit the upstart (init) scripts and change the start line to read simply start on runlevels 2-5:

start on runlevel [2345]

The init scripts are located in /etc/init

I had difficulty starting the mysql server. I was able to get mysql started by disabling the innodb (which I normally do anyways).

Edit /etc/mysql/my.cnf and add this line:

# * InnoDB
skip-innodb

In this post I will walk you through how I create Ubuntu Maverick (10.10) Templates using debootstrap.

I would again like to thank Stéphane Graber for the Openvz init script.

This walk through is loosely based on OpenVZ Debian Template and assumes you have OpenVZ set up and that you know the basics of chroot, debootstrap, and openvz commands.

For further information on debootstrap see: Debootstrap.

For this how-to the chroot (location to build the template) is /vz/private/777.

Note: On Debian / Ubuntu hosts I mount /var/lib/vz at /vz by adding this line in /etc/fstab :

/var/lib/vz /vz bind bind 0 0

To create a template, follow the Ubuntu wiki Debootstrap page.

Debootstrap

I assume you were able to create what will be a chroot at /vz/private/777 via deboostrtap.

sudo mkdir -p /vz/private/777
sudo debootstrap --variant=minbase --arch i386 maverick /vz/private/777 http://archive.ubuntu.com/ubuntu/

Change --arch i386 to --arch amd64 for a 64 bit template.

Template Configuration

Fix openvz – we need an init script for openvz to start

sudo nano /vz/private/777/etc/init/openvz.conf

Add these lines:

# OpenVZ - Fix init sequence to have OpenVZ working with upstart

description "Fix OpenVZ"

start on startup

task
pre-start script
mount -t devpts devpts /dev/pts
mount -t tmpfs varrun /var/run
mount -t tmpfs varlock /var/lock
mkdir -p /var/run/network
if [ ! -e /etc/mtab ]; then
cat /proc/mounts > /etc/mtab
fi
touch /var/run/utmp
chmod 664 /var/run/utmp
chown root.utmp /var/run/utmp
if [ "$(find /etc/network/ -name upstart -type f)" ]; then
chmod -x /etc/network/*/upstart || true
fi
end script

script
start networking
initctl emit filesystem --no-wait
initctl emit local-filesystems --no-wait
initctl emit virtual-filesystems --no-wait
init 2
end script

Init script from Stéphane Graber modified by bodhi.zazen to work with Proxmox

Fix /etc/init/rc.conf In the guest, not the host !. This fix was submitted by Jean-Michel Dault and Tomoiaga on my Ubuntu 10.04 page.

Open /vz/private/777/etc/init/rc.conf and comment out the line “console output”

#console output
#env INIT_VERBOSE

Now remove init scripts we do not need (these scripts are not relevant to openvz guests).

cd /vz/private/777/etc/init/
sudo rm -f control* hwclock* module* mount* network-interface* plymouth* procps* tty* udev* upstart*

Note: The final init scripts I have (on a template with ssh-server, mysql, and apache) are :

hostname.conf
mysql.conf
networking.conf
openvz.conf
rc-sysinit.conf
rcS.conf
rc.conf
ssh.conf

You can likely remove rcS.conf and rc-sysinit.conf if you wish. cron.conf will fill your logs, so if you do not run cron scripts / jobs you can remove this script as well.

Configure the template (openvz configuration)

sudo vzctl set 777 --applyconfig vps.basic --save
sudo sh -c 'echo "OSTEMPLATE=ubuntu-10.10-minimal_10.10_i386" >> /etc/vz/conf/777.conf'

# Set an ipaddress on the guest (adjust for your network)
sudo vzctl set 777 --ipadd 192.168.0.77 --nameserver 192.168.0.1 --save

Start the template and perform additional configuration

Start the template

sudo vzctl start 777

The next series of steps will configure your template. DO NOT RUN THESE COMMANDS ON THE HOST !!!

Enter into the template

sudo vzctl enter 777

Install some additional packages (you need quota, vim/nano are optional).

apt-get install --force-yes -y gpgv
apt-get update

apt-get install -y adduser apt-utils console-setup iproute netbase nano openssh-blacklist openssh-blacklist-extra openssh-server quota ping sudo vim

If you get an error message “E: Package ‘ping’ has no installation candidate”, install iputils-ping in place of ping.

Put upstart and mountall on hold (these packages will not be upgraded with apt-get upgrade).

echo "mountall hold"|dpkg --set-selections
echo "upstart hold"|dpkg --set-selections

Replace rsyslog with syslog-ng.

rsyslog is the default in Ubuntu, but, IMO, rsyslog does not work well in an OpenVZ VPS, so I suggest you replace it with syslog-ng (you may not need to remove rsyslog).

apt-get purge rsyslog
apt-get -y install syslog-ng

Remove a few more init scripts

cd /etc/init
rm -f console* cron*

“Fix” Modprobe –

modprobe does not work inside openvz templates, and any script/binary which call modprobe will fail. As a potential fix you can remove modprobe and link to /bin/true

rm /sbin/modprobe
ln -s /bin/true /sbin/modprobe

Depending on the script this may or may not help. For example it helps with ufw, but does not fix all the problems with ufw :

See this discussion on the openVZ forums .

Lock down the root account. If you lock the root account, and wish to access the guest via ssh, you will need to create additional user accounts and configure sudo (in the template). I do this after bringing up a guest and so it is not part of template configuration.

chmod 700 /root
usermod -p '!' root

Edit /etc/apt/sources.list, add these repositories (if you so desire).

deb http://us.archive.ubuntu.com/ubuntu/ maverick main universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ maverick-security main universe multiverse

Set a few aliases. This is optional, but I set these in /root/.bashrc .

alias ll="ls -l"
alias la="ls -A"
alias nano="nano -w"
alias cp="cp -i"
alias mv="mv -i"
alias rm="rm -i"

Set locale (adjust your language accordingly).

apt-get update
apt-get -y install language-pack-en
locale-gen en_US.UTF-8
/usr/sbin/update-locale LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8" LC_ALL="en_US.UTF-8" LC_CTYPE="C"

Next edit /etc/environment and define your environmental variables:

LANG="en_US.UTF-8"
LANGUAGE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LC_CTYPE="C"

Package the template

I strongly suggest you use the “S15ssh_gen_host_keys” script to automatically generate a unique set of ssh host keys for each openvz template.

Run these commands in the TEMPLATE , not the host.

# clean your packages
apt-get clean
apt-get autoremove

#Generate a unique set of ssh (host) keys.
rm -f /etc/ssh/ssh_host_*

cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/sh
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''
rm -f \$0
EOF

chmod a+x /etc/rc2.d/S15ssh_gen_host_keys

# disable some unnecessary boot scripts
update-rc.d -f ondemand remove

# Clear log files
> /etc/resolv.conf \
echo localhost > /etc/hostname \
> /var/log/messages; > /var/log/auth.log; > /var/log/kern.log; > /var/log/bootstrap.log; \
> /var/log/dpkg.log; > /var/log/syslog; > /var/log/daemon.log; > /var/log/apt/term.log; rm -f /var/log/*.0 /var/log/*.1

Exit the template.

exit

On the HOST stop the template and package.

vzctl set 777 --ipdel all --nameserver ' ' --save
vzctl stop 777

Package with tar

cd /vz/private/777
tar --numeric-owner -vzcf /vz/template/cache/ubuntu-10.10-minimal_10.10_i386.tar.gz .

64 bit would be ubuntu-10.10-minimal_10.10_amd64.tar.gz

This naming convention is for Proxmox. See this thread for a discussion.

Test the template

sudo vzctl create 888 --ostemplate ubuntu-10.10-i386-minimal
sudo vzctl set 888 --ipadd 192.168.0.88 --nameserver 192.168.0.1 --hostname ubuntu-minimal --save
sudo vzctl start 888

If all went well you should have a working Maverick Ubuntu 10.10 template.

I am always looking for comments or feedback on my templates.

This entry was posted in Linux and tagged , . Bookmark the permalink.

15 Responses to Ubuntu 10.10 OpenVZ Templates

  1. Pingback: Webmaster Crap » Blog Archive » Shadows of epiphany » Blog Archive » Ubuntu 10.10 OpenVZ Templates

  2. Pingback: Ubuntu 10.10 OpenVZ Templates | Ubuntu-News - Your one stop for news about Ubuntu

  3. nyquist says:

    “rsyslog is the default in Ubuntu, but, IMO, rsyslog does not work well in an OpenVZ VPS, so I suggest you replace it with syslog-ng (you may not need to remove rsyslog).”

    I use debian with OpenVZ (in host and VPS). Can you tell me why you prefer syslog-ng for vps ? (or give me a link )
    as far as i can tell rsyslog work just fine (but i don’t really use log for now)

  4. bodhi.zazen says:

    @nyquist: See my previous reply.

    There is nothing wrong with rsyslog if it works for you. If you do not log, then I suppose it does not matter.

  5. Dan says:

    I’m getting multiple mtab entries, and it seems to increase after each reboot !

    /dev/simfs 1048576 709868 338708 68% /
    varrun 511080 1020 510060 1% /var/run
    varlock 511080 0 511080 0% /var/lock
    varrun 511080 1020 510060 1% /var/run
    varlock 511080 0 511080 0% /var/lock
    varrun 511080 1020 510060 1% /var/run
    varlock 511080 0 511080 0% /var/lock

  6. baris says:

    start: Unknown job: procps
    dpkg: error processing procps (–configure):
    subprocess installed post-installation script returned error exit status 1
    dpkg: dependency problems prevent configuration of openssh-server:
    openssh-server depends on procps; however:
    Package procps is not configured yet.
    dpkg: error processing openssh-server (–configure):
    dependency problems – leaving unconfigured
    No apport report written because the error message indicates its a followup error from a previous failure.
    Errors were encountered while processing:
    procps
    openssh-server
    E: Sub-process /usr/bin/dpkg returned an error code (1)

  7. Simon Smith says:

    cool tutorial, will try and follow abit later on,

    do you have a ubuntu 10.10 openvz template ready that we may use?

    i386 and amd64 verions?

  8. bodhi.zazen says:

    @Simon Smith : I did not make any 10.10 templates publicly available as , IMO, they need a bit of work, depending on what services you wish to run.

  9. Un says:

    It’s time to prepare v11.04 templates; I suppose that this time it will be easier than Lucid & Maverick.

  10. bodhi.zazen says:

    @Un – almost time. Would be nice if openvz templates were easier in 11.04.

    LXC is supposed to be easier as well.

  11. John Moore says:

    Given that you evidently have a lot of experience with OpenVZ and Ubuntu, I wonder whether I might ask what you make of a weird problem I’m getting with an Ubuntu 10.04 guest running under OpenVZ. I’m working with the hosting provider to try and find the solution but it’s proving frustrating. Basically, within the Ubuntu guest, the clock is fluctuating madly from one minute to the next. I wrote a cron job which simply logs the current date/time to a file every minute, and we’re getting stuff like this:

    Sun Jun 12 15:41:01 UTC 2011
    Sun Jun 12 15:47:01 UTC 2011
    Sun Jun 12 15:48:01 UTC 2011
    Sun Jun 12 15:44:01 UTC 2011
    Sun Jun 12 15:45:02 UTC 2011
    Sun Jun 12 15:46:01 UTC 2011
    Sun Jun 12 15:52:01 UTC 2011
    Sun Jun 12 15:53:01 UTC 2011

    As you can see, we’re skipping backwards and forwards in time! Any suggestions as to what to consider? Thanks.

  12. bodhi.zazen says:

    @John Moore – I’ve not seen that before. Where did you get the template ?

    You might look at this link:

    http://www.lamolabs.org/blog/1739/howto-stop-clock-drift-issuescentos5-openvz-host-node/

  13. John Moore says:

    I’m just the customer, unfortunately, and don’t know how this was set up. I’m working with a guy from the hosting provider to solve this if we can (although it will probably be him who has to solve it, as I’m sure it’s an OpenVZ hosting issue). I’m just trying to give him as much help as I can, so we can get our system working satisfactorily. Thanks for the link – I’ll forward it to the guy. This does seem rather more than a clock drift issue, though – the clock seems to have gone mad. One interesting thing I have discovered is that this clock issue doesn’t seem to be system wide, which I find a puzzle. The log above was created by this little cron job:

    * * * * * echo `date` >> /root/clock.log

    But at the same time I had another cron job running, calling a Python script every minute and writing a timed entry to the log, using Python’s ‘time.asctime()’, and the time entries in this log were perfectly correct. Can’t understand how Python could be using a different clock from bash, but it may explain something about the problem.

  14. cepal says:

    John: have you been able to find out the source of your time issues in openVZ?

  15. bodhi.zazen says:

    @cepal – no , I migrated to Debian

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>