OpenVZ installation
The OpenVZ Project provides an openvz.repo for use with yum, which makes installation on CentOS very easy. The installation described here was performed on CentOS 5, with all steps performed as root.
1: Install OpenVZ kernel and utilities
Download the openvz.repo file and move it to the /etc/yum.repos.d/ directory. The openvz.repo file defines several repositories, with the two defaults being the RHEL5-based kernel and the OpenVZ utilities. These should suit most CentOS users, but edit this file now if you need to.
Next, import the OpenVZ GPG key into the RPM database:
# rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
Now, install the OpenVZ kernel using yum. Take care to specify the appropriate architecture, otherwise due to a yum bug both kernels may be installed but neither may work:
# yum install ovzkernel.x86_64 or # yum install ovzkernel.i386
The grub configuration file /etc/grub/grub.conf should now be edited to set the OpenVZ kernel as the default.
Finally, install the OpenVZ utility programs (vzctl and vzquota). These also require the correct architecture to be specified:
# yum install vzctl.x86_64 vzquota.x86_64 or # yum install vzctl.i386 vzquota.i386
2: Edit /etc/sysctl.conf
The OpenVZ host (also known as the hardware node) requires the following settings in /etc/sysctl.conf:
# On Hardware Node we generally need # packet forwarding enabled and proxy arp disabled net.ipv4.ip_forward = 1 net.ipv4.conf.default.proxy_arp = 0 # Enables source route verification net.ipv4.conf.all.rp_filter = 1 # Enables the magic-sysrq key kernel.sysrq = 1 # TCP Explict Congestion Notification # net.ipv4.tcp_ecn = 0 # we do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0
Backup the original sysctl.conf file to sysctl.conf.original, then recreate sysctl.conf as above.
3: SELinux
SELinux is not compatible with OpenVZ and is not included in the OpenVZ kernel. So, while SELinux will be automatically disabled after booting the OpenVZ kernel anyway, it is best to explicitly disable it by editing the /etc/sysconfig/selinux file as follows:
SELINUX=disabled
4: Reboot and start OpenVZ
OK, time to reboot using the OpenVZ kernel. Once rebooted, the OpenVZ service can be started as follows:
# service vz start
The vz service should be configured to start up automatically. This can be checked and configured using the chkconfig program as for any other service. OpenVZ is now fully installed, but to be useful it is necessary add an OS template and create a container.
5: OS templates
Unlike Xen or KVM, OpenVZ does not use CD/DVD install media or .iso disk images for installation of new guests. Instead, OpenVZ uses an OS Template to populate a container with a given Linux distribution. Pre-created OS Templates for both 64 and 32-bit versions of CentOS 5 can be downloaded from the OpenVZ website. They are packaged as .tar.gz tarballs and weigh in at around 170MB each. Pre-created templates are a convenient way to get started with OpenVZ. Custom OS Templates can be created using a variety of procedures described in the OpenVZ wiki.
Pre-created OS Templates provided by the OpenVZ Project are available at http://download.openvz.org/template/precreated/. Community contributed OS Templates are available at http://download.openvz.org/contrib/template/precreated/.
The vzctl RPM package creates a /vz directory at the top level of the root filesystem on the host node. OS Template tarballs are installed into the /vz/template/cache directory.
6: Create and configure a container
OpenVZ containers are created and configured using the vzctl utility.
A container is created using the create option. Necessary parameters are a container ID number (CTID), an OS Template name, a container configuration file, and an IP address and hostname:
# vzctl create {CTID} \
--ostemplate {template name} \
--conf {config name} \
--ipadd {nnn.nnn.nnn.nnn} \
--hostname {FQDN} \
For example:
# vzctl create 101 \ --ostemplate centos-5-x386 \ --conf vps.basic \ --ipadd 192.168.1.101 \ --hostname server.centos.com
The --ostemplate parameter specifies the name of an OS Template in /vz/template/cache minus the .tar.gz extension. The --conf parameter specifies initial container resources. The vps.basic configuration defines a simple and conservative resource allocation for the container. Other sample configuration files are located in the /etc/vz/conf directory. Custom configuration samples can be created using the vzsplit utility (see man vzsplit) or by copying and manually editing existing config files.
The vzctl create command creates a directory named /vz/private/{CTID}, extracts the specified OS Template into it, and copies the specified container configuration file to /etc/vz/conf/{CTID}.conf.
Once created, vzctl set cab be used to set a additional parameters such as nameservers and diskspace:
# vzctl set 101 \ --nameserver "205.171.2.65 205.171.3.65" \ --diskspace 10G:10G \ --save
The --save is required in order to save configuration changes to the config file (in this example /etc/vz/conf/101.conf). Without this option, changes will be applied dynamically to the current session but will not persist across an OpenVZ restart or reboot.
7: Running the container
OpenVZ containers are started using the vzctl start command:
# vzctl start {CTID}
Following the example above, the command would be:
# vzctl start 101
Other vzctl keywords such as stop and restart work as expected. Once a container is stopped, vzctl destroy removes its configuration file and deletes its directory structure in /vz/private/{CTID} on the host node.
8: Entering the container
A running container should be accessible via the network in the same manner as a physical server. But using a feature unique to OpenVZ (and possibly other OS virtualisation implementations), the root user on the host node can enter containers directly without authentication using vzctl:
# vzctl enter {CTID}
Again following the example above, the command would be:
# vzctl enter 101
This command should produce a new command prompt inside the container entered. Once inside a new container, it is probably a good idea to set a root password by using the normal passwd command. Alternatively, passwords can be set from the host node using vzctl as follows:
# vzctl set {CTID} --userpasswd {user}:{password} --save
At this point, the container instance should look and behave almost identically to a physical machine, and can be administered as such. Information about the resources allocated to a container is available within the container in the /proc/user_beancounters file. Information about all resources allocated to all containers is available in /proc/user_beancounters on the host node.
Note that the pre-created OS Templates provided by the OpenVZ Project do not have yum installed, although contrib OS Templates are more likely to do so. This is because some OpenVZ system administrators prefer to use the vzyum tool which enables yum type operations on containers from the host node. This avoids the need to replicate yum databases and file caches in each container, which can consume a significant amount of diskspace and bandwidth. Using vzyum on the host node, only a single yum database and cache is required and RPM packages only need to be downloaded once. Unfortunately, technical issues with vzyum on CentOS 5 x86_64 host nodes are known to cause problems. Yum RPMs can be installed in containers like any other RPM package.