VPS Hosting Stuff

Open source version of Virtuozzo is called OpenVZ created by Paralles.

OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files.

OpenVZ is free open source software, available under GNU GPL.

OpenVZ project is supported by Parallels

Looking for vps hosting solutions ?? go to http://www.ehostpros.com

Virtuozzo Power Panels (VZPP) is a powerful web-based recovery and administration tool, intended for use by VPS Hosting owners. VZPP can be used on a standalone basis or within the Plesk interface. With VZPP, a user with administrative access to a VPS can easily perform many critical management tasks:

VPS Start/Stop/Reboot
Start, stop, fast stop and restart the VPS

VPS Services Management.
Manage VPS services and processes such as stopping an offending task or restarting a service

VPS Resource Monitoring
Monitor VPS resource utilization for CPU, system, disk space and disk inodes

VPS Backup/Restore.
Back up and restore the VPS from the backup including all system and user files

VPS Repair.
Start the VPS in repair mode when a VPS is broken and does not boot

Embedded SSH Client
Connect via integrated SSH client to the VPS

VPS Re-install
Reinstall the VPS from scratch, either saving or discarding existing files.

VPS Actions Log
View the VPS actions log to monitor resource shortage alerts and various VPS events.

VZPP accessible via 4643 port. Example:
If your main VPS server IP 64.202.123.197, VZPP would be accessible as: http://64.202.123.197:4643

Creating Container

After the Container ID and the installed OS EZ template have been chosen, you can create the Container private area with the vzctl create command. The private area is the directory containing the VZFS symlinks, copy-on-write area, and private files of the given Container. The private area is mounted to the /vz/root/CT_ID directory on the Hardware Node and provides Container users with a complete Linux file system tree.

The vzctl create command requires only the Container ID and the name of the OS template as arguments; however, in order to avoid setting all the Container resource control parameters after creating the private area, you can specify a sample configuration to be used for your new Container. The sample configuration files are residing in the /etc/vz/conf directory and have names with the following mask: ve-<configname>.conf-sample. The most commonly used sample is the ve-basic.conf-sample file; this sample file has resource control parameters suitable for most Containers.

Thus, for example, you can create a new Container by typing the following string:

# vzctl create 101 –ostemplate redhat-el5-x86 -–config basic

Creating Container private area (redhat-el5-x86)

Container is mounted

Postcreate action done

Container is unmounted

Container private area was created

Delete port redirection

Adding port redirection to Container(1): 4643 8443

In this case, the Virtuozzo Containers software will create a Container with ID 101, the private area based on the redhat-el5-x86 OS EZ template, and configuration parameters taken from the ve-basic.conf-sample sample configuration file.

If you specify neither an OS template nor a sample configuration, vzctl will try to take the corresponding values from the global Virtuozzo configuration file (/etc/vz/vz.conf). So you can set the default values in this file using your favorite text file editor, for example:

DEF_OSTEMPLATE=”.redhat-el5-x86″

CONFIGFILE=”basic”

and do without specifying these parameters each time you create a new Container. Please keep in mind that the . symbol before the template name in the DEF_OSTEMPLATE parameter is used to indicate that the Container being created is to be based on an OS EZ template; otherwise, it will denote an OS standard template Now you can create a Container with ID 101 with the following command:

# vzctl create 101

Creating Container private area (redhat-el5-x86)

Container is mounted

Postcreate action done

Container is unmounted

Container private area was created

Delete port redirection

Adding port redirection to Container(1): 4643 8443

Source : parallels

===========================

Advantages of using lite speed compared to apache:
===========================

1. Lite speed is 6 times faster than Apache.
2. When it comes to dynamic content, LiteSpeed is more than 50% faster in PHP content delivery than Apache with mod_php

3. Increases PHP performance and security while doubling server capacity.

4. Efficient CGI daemon

5. High performance Perl daemon

6. SECURE

* Strictest HTTP request validation
* Deny any buffer-overrun attempts
* Anti-DDoS: Throttling & Connection Accounting
* System overloading prevention
* Chroot web server process
* CGI/FCGI/LSAPI/PHP suEXEC
7.RELIABLE

* Watch Dog monitoring
* Recover from service failure instantly
* Zero down time graceful restart
8.SCALABLE

* Small memory footprint
* Thousands of concurrent connections
* Increase scalability of external web applications

9.LiteSpeed support a wide set of server API and scripting languages.

* CGI/1.1
* FastCGI
* LSAPI (LiteSpeed SAPI)
* JSP/Servlet via AJP 1.3
* Transparent Reverse Proxy (interface to any web server, application server support HTTP)
* PHP with 3rd party PHP Accelerators compatibilities (APC, eAccelerator, XCache).
* Perl/Python (CGI, FastCGI)
* Ruby/Roby on Rails
* C/C++ (CGI, FastCGI, LSAPI)
So, for shared hosting environment better to go for lite speed web server.

Resource Parameters Description

The CPU-related resource management is based on the following parameters:

Parameter

Description

cpuunits

This is a positive integer number that determines the minimal guaranteed share of the CPU time your Container will receive.

cpulimit

This is a positive number indicating the CPU time in percent the corresponding Container is not allowed to exceed.

Linux burst_cpulimit

The CPU power limit, in percent, the Container cannot exceed. The limitations set in this parameter are applied to the Container when it exceeds the limit specified in the burst_cpu_avg_usage parameter.

Linux burst_cpu_avg_usage

The CPU usage limit, in percent, set for the Container. This limit is calculated as the ratio of the current Container CPU usage to the CPU limit (i.e to the value of the CPULIMIT parameter) set for the Container. If the limit is not specified, the full CPU power of the Hardware Node is considered as the CPU limit. Upon exceeding the burst_cpu_avg_usage limit, the burst_cpulimit limit is applied to the Container.

Windows cpuguarantee

This is a positive integer number indicating the CPU time, in percent, the corresponding Container is guaranteed to receive. If both the cpuguarantee and cpuunits parameters are set, the cpuguarantee parameter is first taken into account when distributing processor(s) time among the Containers existing on the Node; the remaining CPU time, if any, is given to the Containers in accordance with the value of the cpuunits parameter.

cpus

The number of CPUs set to handle all the processes inside the given Container. By default, any Container is allowed to consume the CPU time of all processors on the Node.

The disk-related resource management is based on the following parameters:

Parameter

Description

diskspace

Total size of disk space consumed by the Container.

Linux When the space used by the Container hits the soft limit, the Container can allocate additional disk space up to the hard limit during the grace period indicated by the quotatime parameter value.

Linux diskinodes

Total number of disk inodes (files, directories, and symbolic links) allocated by the Container. When the number of inodes used by the Container hits the soft limit, the Container can create additional inodes up to the hard limit during the grace period indicated by the quotatime parameter value.

Linux quotaugidlimit

Number of user/group IDs allowed for the Container internal disk quota. If set to 0, UID/GID quota will not be enabled.

Linux quotatime

The grace period for the disk quota overusage defined in seconds. The Container is allowed to temporarily exceed its quota soft limits for no more than the QUOTATIME period.

Linux ioprio

The Container priority for disk I/O operations. The allowed range of values is 0-7. The greater the priority, the more time the Container has for writing to and reading from the disk. The default Container priority is 4.

The memory-related resource management parameters are divided into 4 groups: memory parameters, primary system parameters, secondary system parameters, and auxiliary system parameters.

Windows Windows-based Containers use only the primary system parameters.

Linux For Linux-based Containers, this screen displays the memory-based, or the system-based, or both memory- and system-based Container resources data, depending on your settings:

* If the memory management mode is enabled for the Container, it can be allocated memory in much the same way as a certain amount of physical memory is installed on a physical computer. This is the recommended mode for managing Containers for most administrators.
* If the system management mode is enabled, the Container’s performance depends on the values of quite a number of fine-grained parameters. The primary parameters are the starting point for defining the relative power of a Container. The secondary parameters are dependent on the primary ones and are calculated from them according to a set of constraints. The auxiliary parameters help improve fault isolation among applications in a Container and the way applications handle errors and consume resources.
* If both resource management modes are used, the more restrictive value is taken into account each time the system makes the decision whether to allocate this or that resource to the Container.

Linux Memory parameters

Parameter

Description

slmmemorylimit

An approximation of the size of the physical memory allocated to the Container. In other words, the Container performance is similar to the performance of a physical computer with as much physical memory installed as is indicated in this parameter.

Primary system parameters

Parameter

Description

numproc

The maximal number of processes the Container may create.

Windows numsessions

The number of simultaneous terminal sessions that can be opened to the Container.

Windows vprvmem

The size of private (or potentially private) memory allocated by the Container. The memory that is always shared among different applications is not included in this resource parameter.

Linux numtcpsock

The number of TCP sockets (PF_INET family, SOCK_STREAM type). This parameter limits the number of TCP connections and, thus, the number of clients the server application can handle in parallel.

Linux numothersock

The number of sockets other than TCP ones. Local (UNIX-domain) sockets are used for communications inside the system. UDP sockets are used, for example, for Domain Name Service (DNS) queries. UDP and other sockets may also be used in some very specialized applications (SNMP agents and others).

Linux vmguarpages

The memory allocation guarantee, in pages. Container applications are guaranteed to be able to allocate additional memory so long as the amount of memory accounted as privvmpages (see the auxiliary parameters) does not exceed the configured barrier of the vmguarpages parameter. Above the barrier, additional memory allocation is not guaranteed and may fail in case of overall memory shortage.

Linux avnumproc

The average number of processes and threads.

Linux Secondary system parameters

Parameter

Description

kmemsize

The size of unswappable kernel memory allocated for the internal kernel structures for the processes of a particular Container.

Note: For the Virtuozzo Containers 64-bit version for IA-64 processors, it takes 4 (four) times more the size of the kernel memory than that for the Virtuozzo Containers 32-bit version to handle one and the same process.

tcpsndbuf

The total size of send buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data sent from an application to a TCP socket, but not acknowledged by the remote side yet.

tcprcvbuf

The total size of receive buffers for TCP sockets, i.e. the amount of kernel memory allocated for the data received from the remote side, but not read by the local application yet.

othersockbuf

The total size of UNIX-domain socket buffers, UDP, and other datagram protocol send buffers.

dgramrcvbuf

The total size of receive buffers of UDP and other datagram protocols.

oomguarpages

The out-of-memory guarantee, in pages. Any Container process will not be killed even in case of heavy memory shortage if the current memory consumption (including both physical memory and swap) does not reach the oomguarpages barrier.

privvmpages

The size of private (or potentially private) memory allocated by an application. The memory that is always shared among different applications is not included in this resource parameter.

Linux Auxiliary system parameters

Parameter

Description

lockedpages

The memory not allowed to be swapped out (locked with the mlock() system call), in pages.

shmpages

The total size of shared memory (including IPC, shared anonymous mappings and tmpfs objects) allocated by the processes of a particular Container, in pages.

numfile

The number of files opened by all Container processes.

numflock

The number of file locks created by all Container processes.

numpty

The number of pseudo-terminals, such as an ssh session, screen or xterm applications, etc.

numsiginfo

The number of siginfo structures (essentially, this parameter limits the size of the signal delivery queue).

dcachesize

The total size of dentry and inode structures locked in the memory.

numiptent

The number of IP packet filtering entries.

Source : PIM DOCS

Introduction:

In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.

Sometimes you may get an error as follow after the csf installation in vps

————–

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 196

—————

So how to resolve this issue. Let us do it as follows,

There are two steps to configure the csf in vps

i)Main vps server ( The host server ,in which the vps nodes are running) configuration

ii) Vps node configuration.

Main vps serverconfiguration

Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel

———
ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp
———

You can check it as follows

—————
# lsmod |grep -i <module-name>
—————

If not please insert these modules into the kernel.

————
#modprob <module-name>
eg: modprob ipt_conntrack
————-

Now add these modules to iptable configuration as follows.

———–
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
———–

Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.

———-
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
————-

Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows

—————

# vzctl restart <veid>

eg: vzctl restart 101

——————-

ii) Vps node configuration.

Now ssh /enter your child vps node

Now download and install the csf . You can download the csf fromhere

Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables

——–
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
———
Now start the csf and lfd .

———–

/etc/init.d/csf start

/etc/init.d/lfd start

———–

Note: If it is cpanel server go to whm and configure the firewall settings

Enjoy it

Hi,

Some vps command line usage commands:
Add a domain from the command line

/script/add –class=domain –name=testdomain4.com v-docroot=testdomain.com/curent/public –v-password=xyz –v-dnstemplate_name=default.dnst

Delete a client who has no domains:

/script/update –class=client –name=testclient –action=delete

Vps that uses the maximum traffic by using this:

/script/filter/vps-sort-traffic | head -1

Vpses that have gone overquota re traffic.

/script/filter/vps-overquota-traffic

To add a simple cron job, that’s executed either  ‘every-hour’ every-day  with an  cron_day_hour  also specified.

/script/add –parent-class=client –parent-name=admin –class=cron –v-ttype=simple –v-simple_cron=every-day –v-cron_day_hour=6 –v-command=”ls -al”

Create the container on the Host system

vzctl create 1001 --ostemplate centos-4-i386-default
vzctl set 1001 --userpasswd root:password --save
vzctl set 1001 --hostname ve-oracle.example.com --save
vzctl set 1001 --ipadd 192.168.0.62 --save

Reset resource limits

I decided to have max limits to avoid problems during installation. Once the installation is done and the system left running for some time, these limits should be adjusted.

Note: setting the UBC limits to “unlimited” value like below can only be done on a trusted single-container machine, and can create problems. For more info about UBC, see Resource shortage and UBC.

Warning: The above UBC values might not be consistent; see UBC consistency check.

vzctl set 1001 --kmemsize unlimited --save
vzctl set 1001 --lockedpages unlimited --save
vzctl set 1001 --privvmpages unlimited --save
vzctl set 1001 --shmpages unlimited --save
vzctl set 1001 --numproc unlimited --save
vzctl set 1001 --numtcpsock unlimited --save
vzctl set 1001 --numflock unlimited --save
vzctl set 1001 --numpty unlimited --save
vzctl set 1001 --numsiginfo unlimited --save
vzctl set 1001 --tcpsndbuf unlimited --save
vzctl set 1001 --tcprcvbuf unlimited --save
vzctl set 1001 --othersockbuf unlimited --save
vzctl set 1001 --dgramrcvbuf unlimited --save
vzctl set 1001 --numothersock unlimited --save
vzctl set 1001 --dcachesize unlimited --save
vzctl set 1001 --numfile unlimited --save
vzctl set 1001 --numiptent unlimited --save

Or you can set these limits in your /etc/vz/conf/1001.conf file:

Note : The above UBC values might not be consistent; see UBC consistency check.

# Primary parameters
AVNUMPROC="unlimited"
NUMPROC="unlimited"
NUMTCPSOCK="unlimited"
NUMOTHERSOCK="unlimited"
VMGUARPAGES="unlimited"

# Secondary parameters
KMEMSIZE="unlimited"
TCPSNDBUF="unlimited"
TCPRCVBUF="unlimited"
OTHERSOCKBUF="unlimited"
DGRAMRCVBUF="unlimited"
OOMGUARPAGES="unlimited"

# Auxiliary parameters
LOCKEDPAGES="unlimited"
SHMPAGES="unlimited"
PRIVVMPAGES="unlimited"
NUMFILE="unlimited"
NUMFLOCK="unlimited"
NUMPTY="unlimited"
NUMSIGINFO="unlimited"
DCACHESIZE="unlimited"

PHYSPAGES="unlimited"
NUMIPTENT="unlimited"

Start the container

vzctl start 1001

Update /etc/resolv.conf on the container

Put the following into your container’s /etc/resolv.conf:

search example.com
nameserver <ip address of your name server>

Install Required Packages

vzyum 1001 install binutils compat-db gcc gcc-c++ glibc \
 glibc-common libstdc++ libstdc++-devel gnome-libs make \
 pdksh sysstat libaio xscreensaver openmotif21 xorg-x11-xfs \
 usbutils urw-fonts shared-mime-info perl-libwww-perl \
 perl-XML-Parser perl-URI perl-HTML-Tagset perl-HTML-Parser \
 patch lvm2 intltool libIDL libart_lgpl libbonobo xterm \
 libcap libcroco libgnomecanvas libexif libgnomecups \
 libgnomeprint22 libsoup libwnck libxklavier

Check the following rpms are installed on the container

vzctl exec 1001 rpm -q binutils gcc gcc-c++ glibc gnome-libs \
 libstdc++ libstdc++-devel make pdksh sysstat xscreensaver libaio

Add Oracle User/Group

vzctl exec 1001 /usr/sbin/groupadd oinstall
vzctl exec 1001 /usr/sbin/groupadd dba
vzctl exec 1001 /usr/sbin/useradd -m -g oinstall -G dba oracle
vzctl exec 1001 id oracle

Set Password for the Oracle user

vzctl exec 1001 passwd oracle

Create Directories for Oracle Home/Data and the download directory

vzctl exec 1001 mkdir /home/oracle/10gR2_db
vzctl exec 1001 mkdir -p /u01/app/oracle/product/10.2.0/db_1
vzctl exec 1001 mkdir /u01/app/oracle/oradata
vzctl exec 1001 chown -R oracle:oinstall /u01/app/oracle /home/oracle/10gR2_db
vzctl exec 1001 chmod -R 775 /u01/app/oracle /home/oracle/10gR2_db
vzctl exec 1001 ln -s /usr/lib/libstdc++.so.6.0.3 /usr/lib/libstdc++.so.5

Put these values in /etc/sysctl.conf on the HN

Put these values in /etc/sysctl.conf on the HN:

kernel.shmall = 2097152
kernel.shmmax = 536870912
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
fs.file-max = 65536
net.ipv4.ip_local_port_range = 1024 65000
net.core.rmem_default=262144
net.core.wmem_default=262144
net.core.rmem_max=262144
net.core.wmem_max=262144

Then execute on the HN the following command:

/sbin/sysctl -p

At this point the container is ready for Oracle installation. We take a backup of the container at this point in case we need to rebuild the system or do a clean Oracle install.

Shutdown the container and take a backup

vzctl stop 1001
cd /u01/backups
tar czpvf ve-1001-preOracle.tar.gz /vz/private/1001/ /etc/vz/conf/1001.conf

Start the container again

vzctl start 1001

Put oracle distro into the container

Copy the downloaded Oracle zip file to the container and change its ownership to “oracle” on the container.

cp /u01/software/10201_database_linux32.zip /vz/private/1001/home/oracle/10gR2_db/
vzctl exec 1001 chown oracle:oinstall /home/oracle/10gR2_db/10201_database_linux32.zip

Start installation

Now login as oracle on the ve-1001, and run the following commands:

cd /home/oracle/10gR2_db
unzip 10201_database_linux32.zip
cd database/
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
export DISPLAY=192.168.0.149:0

Make sure you can run xterm, then:

./runInstaller

When prompted to run scripts as root. Login as root and execute

export DISPLAY=192.168.0.149:0
/u01/app/oracle/oraInventory/orainstRoot.sh
/u01/app/oracle/product/10.2.0/db_1/root.sh

Update oracle’s profile with the following

cd
vi /home/oracle/.bashrc
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATH
export PATH=$ORACLE_HOME/bin:$PATH
export ORACLE_SID=orcl

Delete installation files (optional)

cd /home/oracle/10gR2_db
rm -rf database

Time to take another backup of the container on the hardware node.

This backup will allow you to restore the container to the point where no database has yet been created.

vzctl stop 1001
cd /u01/backups
tar czpvf ve-1001-postOracleSoftware.tar.gz \
  /vz/private/1001/ /etc/vz/conf/1001.conf

Start the container

vzctl start 1001

Login as oracle and create the database

export DISPLAY=192.168.0.149:0
dbca

Create listener

netca

Now take another backup on the HN node

vzctl stop 1001
cd /u01/backups
tar czpvf ve-1001-postOracleDatabase.tar.gz \
  /vz/private/1001/ /etc/vz/conf/1001.conf

Source : wiki.openvz.org.

You can protect your HyperVM node (Master or slave) by adding the ConfigServer Security and Firewall.

Here’s howto:

wget http://www.configserver.com/free/csf.tgz
tar -zxvf csf.tgz
cd csf
ls
./install.sh

Once it has been installed, you’ll need to configure it correctly before use, or you’ll have some really weird problems.

Ok, so the configuration file is /etc/csf/csf.conf, edit with your favourite editor:

Leave ETH_DEVICE blank, CSF will work this out on it’s own.

Modify the following lines as follows: (These can be customized as per your own requirements, the 777*, 888* and 5558 ports are required for HyperVM to work)

# Allow incoming TCP ports
TCP_IN = “25,53,110,953,993,995,22,7776,7777,7778,7779,8886,8887,8888,8889,5558″
# Allow outgoing TCP ports
TCP_OUT = “25,53,80,110,113,443,953,7776,7777,7778,7779,8886,8887,8888,8889,5558″

If you want to be able to ping your HyperVM node, set:

# Allow incoming PING
ICMP_IN = “1″

Save and exit /etc/csf/csf.conf

If you’re using openvz in your node, you’ll have to add the following into /etc/csf/csfpre.sh

iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0

Note 1: The /etc/csf/csfpre.sh will probably not exist, you’ll have to create it. csfpre.sh will be executed each time before csf starts.

Note 2: I’ve added (cd /usr/local/lxlabs/hypervm/httpdocs/ ; lphp.exe ../bin/misc/openvz-iptables-traffic.php) to the top of my csfpre.sh due to the traffic calculations, yet I think something else is wrong… I’ll update this once I figured it out.

You are now ready to begin testing… run from the command line:

service csf start

Once you are happy with the configuration and everything works as you wish, disable the testing mode:

# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you’re sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
TESTING = “0″

Productionize with:

service csf restart

You are done.

Additionally you can disable disable process tracking and user process tracking by setting (in the csf.conf):

PT_USERTIME = “0″
PT_LIMIT = “0″
PT_USERPROC = “0″

Source : lxwiki

1.Install a system (virtual or physical) with the default CentOS installation that you wish to package. This could be a minimal distro or the default distro or even something custom.

1. It’s generally quicker to bootstrap a CentOS system on another yum/rpm-based, or Debian based system by following the instructions in [1]

2. Once the OS has been installed, you need to tar the contents of the OS.

1. First, create a file called /tmp/exclude and add the following lines to it:

.bash_history
lost+found
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*

1.  Now, tar the OS file up by typing: tar –czvf /tmp/centos-5.0-<ARCH>-<DISTRO>-image.tar.gz –X /tmp/exclude / where <ARCH> represents the system architecture (i386 or

x86_64) and <DISTRO> represents the distribution (default, minimal, etc.).

1. Now transfer the file over to the OpenVZ server into /vz/template/cache folder.

3.On the OpenVZ server create a “dummy” container by creating a folder called /vz/private/50

and copying the /etc/vz/conf/ve-vps.basic.conf-sample to /etc/vz/conf/50.conf.
NOTE: 50 is the CTID for the container. You can choose any unused CTID on the OpenVZ server.

4.Now create a new folder called /vz/template/centos/5/<ARCH>/config again where

<ARCH> represents the system architecture.

5.Create a file in the folder called rpm and add the following line:

43
6. Create a file called yum.conf in the folder and add the following lines:

[main]
cachedir=/vz/template/centos/5/<ARCH>/yum-cache/
reposdir=/dev/null
installonlypkgs=
[centos5-base]
name=CentOS 5 - <ARCH> - Base
baseurl=http://mirror.centos.org/centos/5/os/<ARCH>/
enabled=1
gpgcheck=1
[centos5-updates-released]
name=CentOS 5 - <ARCH> - Released Updates
baseurl=http://mirror.centos.org/centos/5/updates/<ARCH>/
enabled=1
gpgcheck=1
7 Copy /etc/vz/dists/centos-4.conf to /etc/vz/dists/centos-5.conf.
8 Copy /vz/template/centos/4/i386/config/minimal.list to /vz/template/centos/5/i386/config/minimal.list.

9.Change to the /vz/private/50 folder and then run the command gunzip –dc /vz/template/cache/centos-5-<ARCH>-<DISTRO>-image.tar.gz | tar –xvf – to unpack the base image to the folder.

10.  Make sure you are in the /vz/private/50 folder.
11. Edit etc/shadow and remove the replace the root password with !! instead of the hashed value.
12. Edit the etc/inittab file and comment out the lines that respawn /sbin/mingetty on tty1 through tty6. Just put a # at the beginning of the line.

13.Remove the etc/mtab file and then create a symbolic link by typing ln -s /proc/mounts etc/mtab.

14. Remove all of the lines from etc/fstab except for the line that mounts /dev/pts.

15  Edit etc/rc.d/rc.sysinit and comment out the line that starts /sbin/start_udev by placing a # at the beginning of the line.

16 Now create device nodes by typing:

mknod dev/ptmx c 5 2
mkdir dev/pts
/sbin/MAKEDEV –d /vz/private/50/dev ttyp ptyp
mknod dev/null c 1 3
mknod -m 644 /dev/random c 1 8
mknod dev/urandom c 1 9

17 Create the var/lock/rpm folder.
18 If you wish to disable IPv6, do the following:

1. Edit etc/sysconfig/network and set NETWORKING_IPV6 to no.
2. Add the following lines to etc/modprobe.d/blacklist:

blacklist ipv6
blacklist net-pf-10

19 Disable any physical NICs by modifying the etc/sysconfig/network-scripts/ifcfg-ethX files (where X is the interface number starting from 0) and setting ONBOOT to no.

20 Now you’re ready to start the template. Type vzctl start 50 and wait for it to start.

21 You can install additional packages into the container by typing vzyum 50 install <package> at the prompt where <package> represents the name of the software package you wish to install.

22 Finally, you should turn off unnecessary services.

1. Enter the container by typing vzctl enter 50.
2. View the services that are set to run at startup by typing chkconfig –list | grep 5:on.
3. Disable any unwanted service by typing chkconfig –levels 2345 <service> off where <service> represents the service to disable.

Services that you can (and should) turn off without harm are acpid, apmd, kudzu, and microcode_ctl.

23  Exit the container by typing exit at the prompt.

24 Stop the container by typing vzctl stop 50.

25 Make sure you are in the /vz/private/50 folder.

26 Finally, package up the new template by typing tar –czvf /vz/template/cache/centos-5-<ARCH>-<DISTRO>.tar.gz ./.

27. The template is ready for use.

Source : openvz wiki