OpenVZ is container-based virtualization for Linux in the likes of LXC. OpenVZ creates multiple secure, isolated Linux containers on a single physical server. [1]
It consists of an optional custom Linux kernel and command-line tools (mainly vzctl).
In this post I'll demonstrate how to install, configure and run an OpenVZ container, bridged to the outside world.
First, lets install it:
File: gistfile1.sh ------------------ [root@ovz:~]# cd /etc/yum.repos.d [root@ovz:~]# wget http://download.openvz.org/openvz.repo [root@ovz:~]# rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ [root@ovz:~]# yum install vzkernel
This should automatically update the GRUB bootloader. Now let's install the OpenVZ userspace tools:
File: gistfile1.sh ------------------ [root@ovz:~]# yum install vzctl vzquota
To enable communication between the container and the OS add the following kernel tunables:
File: gistfile1.sh ------------------ [root@ovz:~]# echo "net.ipv4.ip_forward = 1 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.all.rp_filter = 1 kernel.sysrq = 1 net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.icmp_echo_ignore_broadcasts=1 net.ipv4.conf.default.forwarding=1" >> /etc/sysctl.conf [root@ovz:~]# sysctl -p
Reboot into the new OpenVZ aware kernel:
File: gistfile1.sh ------------------ [root@ovz:~]# reboot
Before we can create virtual machines with OpenVZ, we need to have a template for the distribution that we want to use in the virtual machines in the /vz/template/cache directory.
You can download one from http://wiki.openvz.org/Download/template/precreated.
Let's download a CentOS 6 template:
File: gistfile1.sh ------------------ [root@ovz:~]# cd /vz/template/cache [root@ovz:~]# wget http://download.openvz.org/template/precreated/centos-6-x86_64.tar.gz
Setup the container and make it start on boot:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl create 10 --ostemplate centos-6-x86_64 --config basic [root@ovz:~]# vzctl set 10 --onboot yes --save
Note that each container must have an unique Id, in this case 10.Now let's setup a hostname and IP address:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl set 10 --hostname haproxyvz.example.com --save [root@ovz:~]# vzctl set 10 --ipadd 10.24.6.230 --save
Next lets set the maximum number of non-TCP sockets (local sockets, UDP and other types of sockets) and use Google DNS inside the container:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl set 10 --numothersock 100 --save [root@ovz:~]# vzctl set 10 --nameserver 8.8.8.8 --nameserver 8.8.4.4 --save
Let's start the container:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl start 10
This will create a virtual interface with a name similar to this:
File: gistfile1.sh ------------------ [root@ovz:~]# ifconfig --snip-- veth101.2 Link encap:Ethernet HWaddr 00:18:51:11:2D:6E inet6 addr: fe80::218:51ff:fe11:2d6e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:185139 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) --snip--
Now lets create a bridge and add our external interface p2p1 and the interface of the container to the bridge br0, so that we can access it from outside:
File: gistfile1.sh ------------------ [root@ovz:~]# cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 BOOTPROTO=static IPADDR=10.24.6.211 NETMASK=255.255.240.0 GATEWAY=10.24.0.1 ONBOOT=yes TYPE="Bridge" [root@ovz:~]# cat /etc/sysconfig/network-scripts/ifcfg-p2p1 DEVICE=p2p1 HWADDR=00:26:6C:FE:F2:80 TYPE=Ethernet UUID=cfe0d3f2-8bc9-45c9-91a5-c0cdb9a5644f ONBOOT=yes BRIDGE=br0 [root@ovz:~]# /etc/init.d/network restart [root@ovz:~]# brctl addif br0 veth101.2 [root@ovz:~]# vzctl set 10 --netif_add ethp2p1,,,,br0 --save
Time to change the root password:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl exec 10 passwd
To enter the container use:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl enter 10
To stop, restart or destroy the container run:
File: gistfile1.sh ------------------ [root@ovz:~]# vzctl stop 10 [root@ovz:~]# vzctl restart 10 [root@ovz:~]# vzctl destroy 10
To get a list of all containers execute:
File: gistfile1.ps1 ------------------- [root@ovz:~]# vzlist -a CTID NPROC STATUS IP_ADDR HOSTNAME 10 16 running 10.24.6.230 haproxyvz.example.com
All the configuration commands that we executed in the previous steps got saved in the following file:
File: gistfile1.sh ------------------ [root@ovz:~]# cat /etc/vz/conf/10.conf KMEMSIZE="14372700:14790164" LOCKEDPAGES="2048:2048" PRIVVMPAGES="65536:69632" SHMPAGES="21504:21504" NUMPROC="240:240" PHYSPAGES="0:unlimited" VMGUARPAGES="33792:unlimited" OOMGUARPAGES="26112:unlimited" NUMTCPSOCK="360:360" NUMFLOCK="188:206" NUMPTY="16:16" NUMSIGINFO="256:256" TCPSNDBUF="1720320:2703360" TCPRCVBUF="1720320:2703360" OTHERSOCKBUF="1126080:2097152" DGRAMRCVBUF="262144:262144" NUMOTHERSOCK="120" DCACHESIZE="3409920:3624960" NUMFILE="9312:9312" AVNUMPROC="180:180" NUMIPTENT="128:128" # Disk quota parameters (in form of softlimit:hardlimit) DISKSPACE="2G:2.2G" DISKINODES="200000:220000" QUOTATIME="0" # CPU fair scheduler parameter CPUUNITS="1000" VE_ROOT="/vz/root/$VEID" VE_PRIVATE="/vz/private/$VEID" OSTEMPLATE="centos-6-x86_64" ORIGIN_SAMPLE="basic" ONBOOT="yes" HOSTNAME="haproxyvz.example.com" IP_ADDRESS="10.24.6.230" NAMESERVER="8.8.8.8 8.8.4.4" NETIF="ifname=ethp2p1,bridge=br0,mac=00:18:51:13:AF:9F,host_ifname=veth101.2,host_mac=00:18:51:11:2D:6E"
You can create this configuration file manually instead of using the OpenVZ userspace tools as well.
Experimenting with Ploop:
File: gistfile1.txt ------------------- # Upgraded /var/lib/vz from ext3 to ext4 with extents, as this is a requirement for ploop to work. root@db-566424-1:~# /etc/init.d/vz stop root@db-566424-1:~# umount /dev/sdb1 root@db-566424-1:~# tune2fs -O extents,uninit_bg,dir_index /dev/sdb1 root@db-566424-1:~# e2fsck -fDC0 /dev/sdb1 root@db-566424-1:~# /etc/init.d/vz start root@db-566424-1:~# vzctl create 9999 --layout ploop --diskspace 5G --ostemplate f7382996-c96f-476e-b153-3935e84e6232 root@db-566424-1:~# vzctl start 9999 root@db-566424-1:~# ssh dbaas@172.16.255.100 -p16022 "createVolume clusterName=584027-cl volumeName=ploop_volume thinProvision=0 output=XML size=1GB" root@db-566424-1:~# ssh dbaas@172.16.255.100 -p16022 "assignVolumeToServer volumeName=ploop_volume serverName=db-566424-1 output=XML" root@db-566424-1:~# iscsiadm -m discovery -t sendtargets -p 172.16.255.100 root@db-566424-1:~# iscsiadm -m node -T iqn.2003-10.com.lefthandnetworks:ords03:49813:ploop-volume -p 172.16.255.100:3260 --login root@db-566424-1:~# vzctl exec 9999 "mknod /dev/vdb b 8 176" root@db-566424-1:~# vzctl set 9999 --save --devices b:8:176:rw root@db-566424-1:~# ls -lah /var/lib/vz/private/9999/root.hdd/ total 562M drwx------ 2 root root 4.0K Jan 26 16:26 . drwxr-xr-x 3 root root 4.0K Jan 26 15:59 .. rw-rr- 1 root root 790 Jan 26 15:59 DiskDescriptor.xml rw------ 1 root root 0 Jan 26 15:59 DiskDescriptor.xml.lck rw------ 1 root root 434M Jan 26 16:26 root.hdd root@db-566424-1:~# # Ploop Snapshots root@db-566424-1:~# vzctl snapshot 9999 --name snapshot_1 --description "First snapshot" root@db-566424-1:~# vzctl snapshot-list 9999 root@db-566424-1:~# vzctl snapshot-switch 9999 --id 79affde2-eb31-4f93-9511-168b12ea62fa root@db-566424-1:~# vzctl snapshot-mount 9999 --id 79affde2-eb31-4f93-9511-168b12ea62fa --target /mnt/ root@db-566424-1:~# vzctl snapshot-umount 9999 --id 79affde2-eb31-4f93-9511-168b12ea62fa root@db-566424-1:~# vzctl snapshot-delete 9999 --id 79affde2-eb31-4f93-9511-168b12ea62fa
Resources: [1]. http://openvz.org/