Welcome to UltratechHost Forum, Guest. Please take the time to register if you haven't, or click

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
how to install openvz virtualization software on centos

OpenVZ How to Install OpenVZ Virtualization Software on CentOS
#1
Here in this tutorial we will show you how to install OpenVZ Virtualization Software without any external application such as SolusVM, vePortal, VirtPanel, Virtualizor, Virtuozzo etc.


How To Setup OpenVZ under RHEL / CentOS Linux

Ineed to run more than instance of Linux operating system and different Linux distributions under CentOS. How do I use OpenVZ virtualization to optimize the usage of my Dell servers, and create test Linux VPS running Debian, Ubuntu, and CentOS Linux? How do I deploy OpenVZ under CentOS / RHEL Linux?

OpenVZ virtualization uses the concept of containers to run Linux only instances on the same hadware. OpenVZ is an operating system-level virtualization technology. It allows a physical server to run multiple isolated different Linux distributions operating system instances, known as containers or Virtual Private Servers (VPSs), or Virtual Environments (VEs). It's similar to FreeBSD Jails and Solaris Zones.

OpenVZ doesn't have the overhead of a true hypervisor (e.g. XEN or VMware), so it is very fast and an efficient to run Linux only VPS. All virtual servers will use same Linux kernel version.

OpenVZ Virtualization and Isolation

It offers strong isolation. This is perfect for running named, mysqld, apache and other services in each container. Each VPS is a separate entity, and behaves just like a physical server. Each VPS has:

System files (such as /bin, /sbin, /lib etc);
Own root users, as well as other users and groups;
Process tree;
Network (private or public IP;
Shared memory, semaphores, messages.
Our Sample Setup (HostNode)

Code:
Server: Dual Core CPU with Software RAID1 and 2GB RAM
eth0: Public IP 123.1.2.3
venet0: venet used by OpenVZ to talk with rest of the LAN or Internet.
Hostname: hostnode01.urdomain.in.
vps.urdomain.in: 123.1.2.5 - can run any supported Linux distribution.

Host node
The controlling system of container (VPS) environment. The host system has access to all the hardware resources available, and can control processes both outside of and inside a VPS environment. One of the important differences of the host system from a VPS is that the limitations which apply to superuser processes inside a VPS are not enforced for processes of the host system. Above server is host node.

CT0 or VE0
Another name for host node. In other words, CT0 or VE0 means the server itself. From CT0 / VE0, you can use vzctl and other tools to manage containers.

VPS or VE (Virtual Environment) or Virtual Machine
A process, user or other software, whose access to resources is restricted by OpenVZ software. VPS is nothing but an isolated program execution environment, which looks and feels like a separate physical server. Each VPS has file system, root user, other users, file system, firewall settings, routing tables and much more. You can setup multiple VPSs within a single physical server. Different VPSs can run different Linux distributions such as Gentoo, Debian, CentoS, Fedora Linux etc., but all VPSs operate under the same Linux kernel.

CTID
Each VPS has a unique number called CTID (a ConTainer's IDentifer). CTID is defined by server admin and it is used to create, start, stop, restart, delete VPS and other administrative jobs related to your VEs.

VPS Disk Quota
You can restrict VPS disk usage using standard Linux quota tools. For e.g. set vps.nixcraft.net disk usage to 10Gb only. You can also setup quota using number of inodes.

Fair CPU Scheduler
Each VPS gets the time slice from the kernel by taking into account the VPS's CPU priority and limit settings which can be set by server administrator on host node. This can not be modified by VPS users include vps root user. The standard Linux scheduler decides which process in the VPS to give the time slice to, using standard process priorities.

Beancounters - UBC Parameter Units
Each VPS follows set of user beancounters. It is nothing but set of limits and guarantees for each VPS. Beancounters make sure that no single VPS can abuse any resource which is limited for the whole host node and thus cause harm to other VPSs. The resources accounted and controlled are mainly memory and various in-kernel objects such as IPC shared memory segments, network buffers etc.

VPS Templates
VPS templates are nothing but images which are used to create a new VPS. A template is a set of packages, and a template cache is an archive (tarball) of a chrooted
environment with those packages installed. Each Linux distribution comes as template.

Default Locations
Code:
/vz - Main directory for OpenVZ.
    /vz/private - Each VPS is stored here i.e. container's private directories
    /vz/template/cache - You must download and store each Linux distribution template here.
    /etc/vz/ - OpenVZ configuration directory.
    /etc/vz/vz.conf - Main OpenVZ configuration file.
    /etc/vz/conf - Softlinked directory for each VPS configuration.
    Network port - No network ports are opened by OpenVZ kernel.

Virtualization With OpenVZ

Now, you are aware of basic terminology used by OpenVZ, it is time to get your hands dirty with OpenVZ. You can run OpenVZ on both CentOS / Red Hat and Debian Linux based server systems.


CentOS Linux Install OpenVZ Virtualization Software

For installation you must have to be command based master.

OpenVZ can be installed using yum command itself. All you have to do is setup correct repo.

Step # 1: Setup Yum Repo
Type the following commands. cd to /etc/yum.repos.d
Code:
# cd /etc/yum.repos.d
Download repo file:
Code:
# wget http://download.openvz.org/openvz.repo
Finally, import GPG key:
Code:
# rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ

Additional you can install yum dependency if not present at your server for more visit

Code:
http://wiki.openvz.org/Install_yum

Step # 2: Update Kernel Configuration

Type the following command to install OpenVZ Linux kernel to install 64 bit smp kernel (up to 64 GB of RAM support):
Code:
# yum install ovzkernel

Or

Depending on which kernel arch you want

Code:
yum install ovzkernel.i386

or
Code:
yum install ovzkernel.x86_64


Alternatively, type the following command to install SMP + PAE support + 4/4GB split (up to 64 GB of RAM support) kernel:

Code:
# yum install ovzkernel-ent

PHP Code:
You can install the following kernels:

    
ovzkernel Virtuozzo Linux kernel (the core of the Linux operating system)
    
ovzkernel-PAE The Linux kernel compiled for PAE capable machines.
    
ovzkernel-PAE-devel Development package for building kernel modules to match the PAE kernel.
    
ovzkernel-devel Development package for building kernel modules to match the kernel.
    
ovzkernel-ent The Linux kernel compiled for huge mem capable machines.
    
ovzkernel-ent-devel Development package for building kernel modules to match the ent kernel.
    
ovzkernel-xenThe Linux kernel compiled for Xen VM operations
    ovzkernel
-xen-devel Development package for building kernel modules to match the kernel

Update /etc/sysctl.conf

The OpenVZ kernel is installed and updated your GRUB configuration i.e. after a reboot, the OpenVZ kernel starts automatically. However, you need to make some changes to kernel config. Edit /etc/sysctl.conf:

Code:
nano /etc/sysctl.conf

Setup parameters as follows:

PHP Code:
# Enable packet forwarding enabled
net.ipv4.ip_forward 1
net
.ipv6.conf.default.forwarding 1
net
.ipv6.conf.all.forwarding 1
# Disable proxy arp
net.ipv4.conf.default.proxy_arp 0
# Enables source route verification
net.ipv4.conf.all.rp_filter 1
# Enables the magic-sysrq key
kernel.sysrq 1
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects 1
net
.ipv4.conf.all.send_redirects 

Save and close by running ctrl+x and press y then hit enter in keyboard and save it

Disable SELinux

You must disable SELinux by editing /etc/sysconfig/selinux:
Code:
# nano /etc/sysconfig/selinux
Place the following directive:

Code:
SELINUX=disabled

Save and close the file.

Installing The VZ Utilities

Type the following command:
Code:
# yum install vzctl vzquota

Reboot The Server

Finally, reboot your box and boot into new OpenVZ kernel:
Code:
# reboot

Step3: Adding an OS

OpenVZ comes with a template for each VPS or virtual machine. OpenVZ provides templates for all leading Linux distributions. You need to download those templates in order to create a VPS. Visit this page to grab templates for vps.

Find Your Templates at:
Code:
http://wiki.openvz.org/Download/template/precreated

Download Ubuntu Linux VPS

Type the following commands to download precreated Ubuntu Linux template:
Code:
# cd /vz/template/cache
# wget http://download.openvz.org/template/precreated/ubuntu-11.04-x86_64.tar.gz

Create VPS

Now you've download the template for your virtual machine. You can just start a VPS based on the template you have just downloaded, by typing the following commands:

Code:
# vzctl create 101 --ostemplate ubuntu-11.04-x86_64
vzctl set 101 --onboot yes --save
### Set IP for VPS ###
vzctl set 101 --ipadd 192.168.1.5 --save
### Set Nameservers IP for VPS ###
vzctl set 101 --nameserver 192.168.1.111 --save
vzctl set 101--nameserver 192.168.1.111 --save
### Set Hostname IP for VPS ###
vzctl set 101 --hostname server.yourdomain.xom --save
### Set Disk quota for VPS (10G min [soft] and 11G max hard limit) ###
vzctl set 101 --diskspace 10G:11G --save
### Okat let start it ###
vzctl start 101
### Set root user password for VPS ###
vzctl exec 101 passwd

vzctl is used to create and set various vps properties such as memory, disk usage and much more. Where,

create 101 : Your VPS ID.
--ostemplate ubuntu-11.04-x86_64 : VPS template.
--config vps.ubuntu: Save configuration.
set 101 : Set various option for VPS ID # 101.
--onboot yes : Make sure VPS boots automatically after a reboot.
--save : Save changes to config file.

Common OpenVZ Admin Tasks

vzctl act as a master tool for various tasks:

How to Set VPS Name to vps.yourdomain.com ?
Code:
# vzctl set 101 --hostname vps.yourdomain.com --save

How to Set VPS IP Address?
Code:
# vzctl set 101 --ipadd 74.86.48.99 --save

How to Set VPS DNS Name Servers?
Code:
# vzctl set 101 --nameserver 10.0.1.11 --save

How to Set Disk Quota?
Code:
# vzctl set 101 --diskspace SoftLimitG:HardLimitG --save
# vzctl set 101 --diskspace 10G:12G --save

How to Stop / Start / Restart VPS Servers?
Code:
# vzctl start 101
# vzctl restart 101
# vzctl stop 101

How to Run a Command For VPS?
You can run command as follows
Code:
# vzctl exec 101 w
# vzctl exec 101 df
# vzctl exec 101 date
# vzctl exec 101 ps aux

How to Login Into VPS Server (container) from main node?
Type the following command
Code:
# vzctl enter 101

To exit from container to main node, simply type:
Code:
# exit

You can remotely login to your VPS using a ssh client itself or using putty:
Code:
$ ssh user@your-vps.example.com

How Do I Destroy VPS?
Type the following command to delete VPS:
Code:
# vzctl destroy 101

Another Example: Creating a CentOS Linux VPS


Download CentOS 32 bit template:
Code:
# cd /vz/template/cache
# wget http://download.openvz.org/template/precreated/centos-6-x86.tar.gz

Create a VPS and set various limits (see vzctl man page):
Code:
# vzctl create 111 --ostemplate centos-6-x86
Code:
# vzctl set 111 --quotaugidlimit 150 --numproc 400:400 \
--kmemsize 16384000:18022400 --privvmpages 262144:292912 \
--hostname=forums.nixcraft.com --diskspace 2000000:2000000 \
--shmpages 16384:16384 --ipadd 75.126.168.152 \
--nameserver 10.0.1.11 --nameserver 10.0.1.12 --save
Code:
# vzctl set 111 --onboot yes --save
Set the password for vps root user:
Code:
# vzctl set 111 --userpasswd root:pass
Start VPS:
Code:
# vzctl start 111
Enter into VPS:
Code:
# vzctl enter 111
Now you can install additional software and configure your vps:
Code:
[vps #] yum update
[vps #] yum install httpd

OpenVZ Iptables: Allow Traffic To Pass Via venet0 To All VPS

venet0 is recommend networking for security and performance under OpenVZ Virtualization. Protecting hardware node is important from unauthorized access. venet0 is used to communicate between VPS and the LAN / Internet.

Concept behind it

Code:
Router
   \\
     \\
Hardware Node - eth0
            //
           //
        venet0
+----------+------------+
|           |           |
vps1      vps2           vps3

Allow All Traffic To VPS

Following iptables rules allows to pass all traffic between hardware node and all vps / containers. Services running on hardware node such as ssh, http, webmin can only accessed within our LAN and not over the Internet.

Code:
nano /root/firewall

and add bellow codes

PHP Code:
#!/bin/bash
# Explains how to setup iptables on the hardware node to allow selective access,
# but allow all traffic into the containers (VPS) so they may define their own iptables rules and
# therefore manage their own firewall.
# Author: Vivek Gite < http://www.cyberciti.biz/ >
# See tutorial : http://www.cyberciti.biz/faq/series/rhel-centos-openvz-virtualization/
# This script is under GPL v2.0 or above.
# --------------------------------------------------------------------------------------------------
IPT="/sbin/iptables"
MOP="/sbin/modprobe"
SYST="/sbin/sysctl"
 
### ******************************************************************************* ###
### Part 1 - Protect Hardware Node                            ###
### ******************************************************************************* ###
 
### HW Node Main IP ranges ###
SRVIP="123.xx.xx.yy"
ADMIN_RANGES="192.168.1.0/24"
SPOOFIP="127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 169.254.0.0/16 0.0.0.0/8 240.0.0.0/4 255.255.255.255/32 168.254.0.0/16 224.0.0.0/4 240.0.0.0/5 248.0.0.0/5 192.0.2.0/24"
 
### Path to other scripts ###
[ -/root/fw/blocked.ip.txt ] && BADIPS=$(egrep --"^#|^$" /root/fw/blocked.ip.txt)
 
### Interfaces ###
PUB_IF="eth0"   # public interface
LO_IF="lo"      # loopback
VE_IF="venet0"
 
### start firewall ###
echo "Starting Firewall..."
$IPT -F
$IPT 
-X
$IPT 
-t nat -F
$IPT 
-t nat -X
$IPT 
-t mangle -F
$IPT 
-t mangle -X
$IPT 
-P INPUT ACCEPT
$IPT 
-P OUTPUT ACCEPT
$IPT 
-P FORWARD ACCEPT
 
# Enable ip_conntrack
$MOP ip_conntrack
 
# DROP and close everything all incomming traffic
$IPT -P INPUT DROP
$IPT 
-P OUTPUT DROP
$IPT 
-P FORWARD DROP
 
# Unlimited lo access
$IPT -A INPUT -${LO_IF} -j ACCEPT
$IPT 
-A OUTPUT -${LO_IF} -j ACCEPT
 
# Allow Full Outgoing connection but no incomming stuff by default
$IPT -A OUTPUT -${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT 
-A INPUT -${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# Drop bad stuff
# get all bad spam / scrap ips
if [ -/root/fw/blocked.ip.txt ];
then
    $IPT 
-N spamlist
    
for ipblock in $BADIPS
    
do
         
$IPT -A spamlist -${PUB_IF} -s $ipblock -j LOG --log-prefix "SPAM List Block"
         
$IPT -A spamlist -${PUB_IF} -s $ipblock -j DROP
    done
    $IPT 
-I INPUT -j spamlist
    $IPT 
-I OUTPUT -j spamlist
    $IPT 
-I FORWARD -j spamlist
done
 
$IPT 
-N spooflist
for ipblock in $SPOOFIP
do
 
$IPT -A spooflist -${PUB_IF} -s $ipblock -j LOG --log-prefix "SPOOF List Block"
 
$IPT -A spooflist -${PUB_IF} -s $ipblock -j DROP
done
$IPT 
-I INPUT -j spooflist
$IPT 
-I OUTPUT -j spooflist
$IPT 
-I FORWARD -j spooflist
 
# Stop sync
$IPT -A INPUT -${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP
 
# Stop Fragments
$IPT -A INPUT -${PUB_IF} --j DROP
 
$IPT  
-A INPUT -${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT  
-A INPUT -${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP
 
# Stop NULL packets
$IPT  -A INPUT -${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/--limit-burst 7 -j LOG --log-prefix "NULL Packets"
$IPT  -A INPUT -${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP
 
$IPT  
-A INPUT -${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
 
# Stop XMAS
$IPT  -A INPUT -${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/--limit-burst 7 -j LOG --log-prefix "XMAS Packets"
$IPT  -A INPUT -${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
 
# Stop FIN packet scans
$IPT  -A INPUT -${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/--limit-burst 7 -j LOG --log-prefix "Fin Packets Scan"
$IPT  -A INPUT -${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP
 
$IPT  
-A INPUT -${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 
# Get rid of broadcast
$IPT  -A INPUT -${PUB_IF} -m pkttype --pkt-type broadcast -j DROP
$IPT  
-A INPUT -${PUB_IF} -m pkttype --pkt-type multicast -j DROP
$IPT  
-A INPUT -${PUB_IF} -m state --state INVALID -j DROP
 
# allow SSH, HTTP, HTTPD and webmin ONlY from $ADMIN_RANGES
$IPT -A INPUT -${PUB_IF} -${ADMIN_RANGES} -${SRVIP} -p tcp --destination-port 22 -j ACCEPT
$IPT 
-A INPUT -${PUB_IF} -${ADMIN_RANGES} -${SRVIP} -p tcp --destination-port 10000 -j ACCEPT
$IPT 
-A INPUT -${PUB_IF} -${ADMIN_RANGES} -${SRVIP} -p tcp --destination-port 80 -j ACCEPT
$IPT 
-A INPUT -${PUB_IF} -${ADMIN_RANGES} -${SRVIP} -p tcp --destination-port 443 -j ACCEPT
 
# Allow incomming ICMP ping pong stuff
$IPT -A INPUT -${PUB_IF} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -m limit --limit 30/sec  -j ACCEPT
$IPT 
-A INPUT -${PUB_IF}  -p icmp -m icmp --icmp-type 3 -m limit --limit 30/sec -j ACCEPT
$IPT 
-A INPUT -${PUB_IF}  -p icmp -m icmp --icmp-type 5 -m limit --limit 30/sec -j ACCEPT
$IPT 
-A INPUT -${PUB_IF}  -p icmp -m icmp --icmp-type 11 -m limit --limit 30/sec -j ACCEPT
 
### ******************************************************************************* ###
### Part 1 - Protect Hardware Node END                            ###
### ******************************************************************************* ###
 
### ******************************************************************************* ###
### Part 2 - ALL VPS Specifc Config                            ###
### ******************************************************************************* ###
 
# Allow all ports for all VPS i.e. full access
# user can set their own firewall inside vps
$IPT -P FORWARD ACCEPT
$IPT 
-F FORWARD
 
### ******************************************************************************* ###
### Part 2 - ALL VPS Specifc Config END                            ###
### ******************************************************************************* ###
 
# drop and log everything else
$IPT -A INPUT -m limit --limit 5/--limit-burst 7 -j LOG
$IPT 
-A INPUT -j REJECT --reject-with icmp-port-unreachable
 
exit 

Now save it

Install this script

Code:
chmod +x /root/firewall

Call it from /etc/rc.local

Code:
echo '/root/firewall' >> /etc/rc.local

OpenVZ Virtual Machine (VPS) Management

Now, my VPS is up and running. How do I manage my hardware node and VPS? How do I see a list of all running VPSes? How do I see memory usage and other stuff?

This FAQ covers various containers utilities which may be used to solve many problems and tune overall hardware as per your setup.

How Do I List All Running VPSs?

The command vzlist is used for listing containers and their parameters. The -a option list all containers:
Code:
# vzlist -a

Outputs:
Code:
CTID      NPROC STATUS  IP_ADDR         HOSTNAME
        10         12 running 123.xx.yyy.zz   vps.yourdomain.in

The -o option can display only parameters specified by names, for e.g. just display hostname, disk and memory info:
Code:
# vzlist -o ctid,hostname,kmemsize,kmemsize.l,diskspace

See vzlist man page for more information.

How Do I Calculate The Container's Resources Usage?

The vzcalc utility displays the share of the host system resources a particular container is using. If the container is running, the current usage is displayed. High utilization values (>100%) mean the system is overloaded (or the container has an invalid configuration).
Code:
# vzcalc -v 101

How Do I Shows Information About The CPU Power and Utilization?

Use vzcpucheck command:
Code:
# vzcpucheck -v

References:

1. How To Setup OpenVZ under RHEL / CentOS Linux

2. Installing and using OpenVZ on CentOS 5

3. Install yum

4. List of OpenVZ OS Templates


Regards
Dinesh Mohanty
Ultra Web Solutions Pvt Ltd



Dinesh Kumar Mohanty
Ultra Web Solutions®
Bhubaneswar, Odisha, India.

UltratechHost - Your One Stop Offshore & Onshore Hosting Provider
Server Locations : Netherlands, Germany, Russia, Singapore & USA
Service Offers: Shared hosting | Reseller hosting | Cloud server | Dedicated server | VPS Hosting



Forum Jump:


Users browsing this thread: 1 Guest(s)