5 This text describes the quick way to install a Linux container
6 using vzgot. Hopefully this step by step guide should help you
7 to setup a working example you can use to as a starting point
8 to install your other containers.
11 This procedure was performed and checked on a vanilla
12 Fedora 12 (without update), using kernel 2.6.31.5-127.fc12.x86_64.
13 Those step are done on the HOST system of your containers.
15 All given command are 'command line' as such you will
16 have better feedback in case of trouble
18 This procedure describes 5 easy steps to have your first container
22 #===========================================================
23 1 - Step one: Bridging, Forwarding, ARPing.
25 Define a BRIDGE interface. Bridge interface is needed
26 to have the container connected to a network.
28 Install needed bridge package using the yum command:
29 -> yum install bridge-utils
31 Within the directory /etc/sysconfig/network-scripts create
32 a file named ifcfg-br0, and insert the following lines inside:
34 #-----------------------------------------------------------
38 IPADDR=your.own.ip.number
39 NETMASK=255.255.255.255
44 #-----------------------------------------------------------
45 once the file is saved, type:
48 -> service network restart
50 Everything should be fine, doing command
52 You should have a result such as:
54 br0 Link encap:Ethernet HWaddr M:A:C:A:D:R
55 inet addr:Y.O.I.N Bcast:Y.O.I.N Mask:255.255.255.255
56 inet6 addr: xxxx::xxxx:xxxx:xxxx:xxxx/64 Scope:Link
57 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
58 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
59 TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
60 collisions:0 txqueuelen:0
61 RX bytes:0 (0.0 b) TX bytes:3822 (3.7 KiB)
64 Edit file /etc/sysctl.conf and change the line
65 net.ipv4.ip_forward = 0
67 net.ipv4.ip_forward = 1
70 #to allow Bridge to answer ARP request
71 net.ipv4.conf.br0.proxy_arp = 1
73 to the sysctl.conf file end.
75 Then input the command
77 This allow the host to route packet from/to container.
79 Using ping or other tools, make sure you are able to
80 reach Y.O.I.N from your internal network.
82 #===========================================================
83 2 - Step Two: LVM (OPTIONAL)
85 We advise you to use LVM (Logical Volume Management).
86 This will allow you to define specific disk space to
87 your containers and increase size on the fly if
90 For details, see Linux documentation about LVM.
92 Critical command are: (Example)
93 pvcreate PhysicalVolume [[PhysicalVolume...]
94 vgcreate vzvol PhysicalVolume [[PhysicalVolume...]
95 lvcreate -l 100%PVS -nconvol vzvol PhysicalVolume [[PhysicalVolume...]
97 NOTE: in our example the logical volume name is 'vzvol'.
99 #===========================================================
100 3 - Step Three Cgroup
102 'cgroup' are kernel functionalities to reduce
103 priviledges when working from inside containers.
104 (cpu usage, mknod allowing, etc..)
106 You should have 'cgroup' available on the host kernel.
109 cgroup /cgroup cgroup defaults 0 0
110 in your HOST /etc/fstab file.
114 -> ls /cgroup; command should return something like
116 cpuacct.stat devices.deny
117 cpuacct.usage devices.list
118 cpuacct.usage_percpu memory.failcnt
119 cpu.rt_period_us memory.force_empty
120 cpu.rt_runtime_us memory.limit_in_bytes
121 cpuset.cpu_exclusive memory.max_usage_in_bytes
122 cpuset.cpus memory.memsw.failcnt
123 cpuset.mem_exclusive memory.memsw.limit_in_bytes
124 cpuset.mem_hardwall memory.memsw.max_usage_in_bytes
125 cpuset.memory_migrate memory.memsw.usage_in_bytes
126 cpuset.memory_pressure memory.stat
127 cpuset.memory_pressure_enabled memory.swappiness
128 cpuset.memory_spread_page memory.usage_in_bytes
129 cpuset.memory_spread_slab memory.use_hierarchy
130 cpuset.mems net_cls.classid
131 cpuset.sched_load_balance notify_on_release
132 cpuset.sched_relax_domain_level release_agent
136 This means 'cgroup' is now operational on your system.
138 #===========================================================
141 Download vzgot (wget) and install it (rpm -Uhv)
143 - you may need to adjust file in /etc/vzgot/vzgot_config
146 IF you have LVM device on the HOST, edit file
147 /etc/vzgot/vzgot_config and comment out the
150 'vzvol' is the name used when you created your
151 logical volume, if you used another name, set
152 LVM value accordingly.
153 If you do not have LVM, keep LVM commented in.
154 LVM_SIZE is the size used to create container
155 (2Gig was sufficient during our test).
158 in file /etc/vzgot/vzgot_config, you have a variable
159 CGROUP. Set it to a proper value if you had to set the
160 /cgroup directory somewhere else (ie: /dev/cgroup).
162 If you do NOT use LVM and cgroup is mounted on
163 /cgroup you have nothing to change in /etc/vzgot/vzgot_config.
166 #===========================================================
167 5 - Step Five: choosing the distribution you want to install
169 Download (wget) one of the distribution you want
170 to try from the http://download.openvz.org/template/precreated/
171 or from the vzgot site.
173 As a demo, the file /etc/vzgot/vzgot_list, give you the choice
174 of 3 distributions, centos-5, Fedora-12, Ubuntu9.04.
175 choose one of them and download the needed tar.gz file within
176 the director /var/lib/vzgot/vztemplate directory.
178 Configuration file /etc/vzgot/vzgot_list give you 3 containers
179 name related to each distribution (dflt-ctos-5,dflt-fc12,
180 dflt-ubu9.4), If for example, you choosed dflt-ctos-5, you need
181 to have file centos-5-x86.tar.gz available in the vztemplate
184 Before you proceed, you MUST assign an IP to your container
185 name, change your DNS and define dflt-ctos-5.ydomain.name
186 with an IP. Once this is done, make sure
187 hostname dflt-ctos-5.ydomain.name is resolved to an IP AND that IP
188 is being routed to the host application
190 Be sure command 'dnsdomainname' is returning your
191 domainname on your (physical) Host.
193 Then proceed to create, firstboot and boot the container,
196 -> vzgot.mksrvz dflt-ctos-5
198 If successful, input the command:
199 -> ps axww | grep vzgot
201 should display something like:
202 0:00 vzgot: container dflt-ctos-5 (el5.3/i386) up
204 This means your first container is up and running.
206 Lets prove this. From a station within your network
211 64 bytes from dflt-ctos-5.your.domain (Y.O.I.N): icmp_seq=22 ttl=63 time=0.xx ms
213 This prove your container is connected to your network
215 Next but not the least
217 -> ssh -Y -t -l root dflt-ctos-5.your.domain
218 the requested root password is the same as one you are using on your HOST.
220 Once the container, commad
222 will display something like
224 PID TTY STAT TIME COMMAND
226 276 ? Ss 0:00 syslogd -m 0
227 300 ? Ss 0:00 /usr/sbin/sshd
228 322 ? Ss 0:00 sendmail: accepting connections
229 331 ? Ss 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
230 341 ? Ss 0:00 /usr/sbin/httpd
231 343 ? S 0:00 /usr/sbin/httpd
233 358 ? Ss 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
234 359 ? S 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
235 367 ? Ss 0:00 sshd: root@pts/3
236 369 pts/3 Ss 0:00 -bash
237 388 pts/3 R+ 0:00 ps ax
241 Your Container is ALL SET.
245 Caution: dflt-ubu9.4 Note.
247 If you choosed dflt-ubu9.4 to test your first container, you may
248 have trouble to connect to container via SSH if your HOST is in
249 "SELINUX=enforcing" mode.
251 To bypass the problem, set /etc/selinux/config file
252 with SELINUX=disable and reboot the HOST.