VPS Hosting Stuff

Open source version of Virtuozzo is called OpenVZ created by Paralles.

OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files.

OpenVZ is free open source software, available under GNU GPL.

OpenVZ project is supported by Parallels

Looking for vps hosting solutions ?? go to http://www.ehostpros.com

Introduction:

In general csf is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is something different.

Sometimes you may get an error as follow after the csf installation in vps

————–

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 196

—————

So how to resolve this issue. Let us do it as follows,

There are two steps to configure the csf in vps

i)Main vps server ( The host server ,in which the vps nodes are running) configuration

ii) Vps node configuration.

Main vps serverconfiguration

Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel

———
ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp
———

You can check it as follows

—————
# lsmod |grep -i <module-name>
—————

If not please insert these modules into the kernel.

————
#modprob <module-name>
eg: modprob ipt_conntrack
————-

Now add these modules to iptable configuration as follows.

———–
# vi /etc/sysconfig/iptables-config
Add the following in this file
IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”
———–

Now edit the vps configuration file from /etc/sysconfig/vz-scripts/ Let 101 is the VEID, add the above inserted modules in to the IPTABLE section in this configuration file.

———-
# vi /etc/sysconfig/vz-scripts/101.conf
IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”
————-

Here we completed the main vps server configuration . So now reboot the child node (not main server) as follows

—————

# vzctl restart <veid>

eg: vzctl restart 101

——————-

ii) Vps node configuration.

Now ssh /enter your child vps node

Now download and install the csf . You can download the csf fromhere

Before restarting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables

——–
ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start
———
Now start the csf and lfd .

———–

/etc/init.d/csf start

/etc/init.d/lfd start

———–

Note: If it is cpanel server go to whm and configure the firewall settings

Enjoy it

1.Install a system (virtual or physical) with the default CentOS installation that you wish to package. This could be a minimal distro or the default distro or even something custom.

1. It’s generally quicker to bootstrap a CentOS system on another yum/rpm-based, or Debian based system by following the instructions in [1]

2. Once the OS has been installed, you need to tar the contents of the OS.

1. First, create a file called /tmp/exclude and add the following lines to it:

.bash_history
lost+found
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*

1.  Now, tar the OS file up by typing: tar –czvf /tmp/centos-5.0-<ARCH>-<DISTRO>-image.tar.gz –X /tmp/exclude / where <ARCH> represents the system architecture (i386 or

x86_64) and <DISTRO> represents the distribution (default, minimal, etc.).

1. Now transfer the file over to the OpenVZ server into /vz/template/cache folder.

3.On the OpenVZ server create a “dummy” container by creating a folder called /vz/private/50

and copying the /etc/vz/conf/ve-vps.basic.conf-sample to /etc/vz/conf/50.conf.
NOTE: 50 is the CTID for the container. You can choose any unused CTID on the OpenVZ server.

4.Now create a new folder called /vz/template/centos/5/<ARCH>/config again where

<ARCH> represents the system architecture.

5.Create a file in the folder called rpm and add the following line:

43
6. Create a file called yum.conf in the folder and add the following lines:

[main]
cachedir=/vz/template/centos/5/<ARCH>/yum-cache/
reposdir=/dev/null
installonlypkgs=
[centos5-base]
name=CentOS 5 - <ARCH> - Base
baseurl=http://mirror.centos.org/centos/5/os/<ARCH>/
enabled=1
gpgcheck=1
[centos5-updates-released]
name=CentOS 5 - <ARCH> - Released Updates
baseurl=http://mirror.centos.org/centos/5/updates/<ARCH>/
enabled=1
gpgcheck=1
7 Copy /etc/vz/dists/centos-4.conf to /etc/vz/dists/centos-5.conf.
8 Copy /vz/template/centos/4/i386/config/minimal.list to /vz/template/centos/5/i386/config/minimal.list.

9.Change to the /vz/private/50 folder and then run the command gunzip –dc /vz/template/cache/centos-5-<ARCH>-<DISTRO>-image.tar.gz | tar –xvf – to unpack the base image to the folder.

10.  Make sure you are in the /vz/private/50 folder.
11. Edit etc/shadow and remove the replace the root password with !! instead of the hashed value.
12. Edit the etc/inittab file and comment out the lines that respawn /sbin/mingetty on tty1 through tty6. Just put a # at the beginning of the line.

13.Remove the etc/mtab file and then create a symbolic link by typing ln -s /proc/mounts etc/mtab.

14. Remove all of the lines from etc/fstab except for the line that mounts /dev/pts.

15  Edit etc/rc.d/rc.sysinit and comment out the line that starts /sbin/start_udev by placing a # at the beginning of the line.

16 Now create device nodes by typing:

mknod dev/ptmx c 5 2
mkdir dev/pts
/sbin/MAKEDEV –d /vz/private/50/dev ttyp ptyp
mknod dev/null c 1 3
mknod -m 644 /dev/random c 1 8
mknod dev/urandom c 1 9

17 Create the var/lock/rpm folder.
18 If you wish to disable IPv6, do the following:

1. Edit etc/sysconfig/network and set NETWORKING_IPV6 to no.
2. Add the following lines to etc/modprobe.d/blacklist:

blacklist ipv6
blacklist net-pf-10

19 Disable any physical NICs by modifying the etc/sysconfig/network-scripts/ifcfg-ethX files (where X is the interface number starting from 0) and setting ONBOOT to no.

20 Now you’re ready to start the template. Type vzctl start 50 and wait for it to start.

21 You can install additional packages into the container by typing vzyum 50 install <package> at the prompt where <package> represents the name of the software package you wish to install.

22 Finally, you should turn off unnecessary services.

1. Enter the container by typing vzctl enter 50.
2. View the services that are set to run at startup by typing chkconfig –list | grep 5:on.
3. Disable any unwanted service by typing chkconfig –levels 2345 <service> off where <service> represents the service to disable.

Services that you can (and should) turn off without harm are acpid, apmd, kudzu, and microcode_ctl.

23  Exit the container by typing exit at the prompt.

24 Stop the container by typing vzctl stop 50.

25 Make sure you are in the /vz/private/50 folder.

26 Finally, package up the new template by typing tar –czvf /vz/template/cache/centos-5-<ARCH>-<DISTRO>.tar.gz ./.

27. The template is ready for use.

Source : openvz wiki

To set disk space, run the following commands:

  vzctl set CTID --diskspace $SoftLimit$:$HardLimit$ --save

vzctl set 101 –diskspace 6G:7G –save

You could verify the space available with this command (ie : CTID =101)

[host-node]# vzctl exec 101 df -h

If you want remove disk quota:

DISK_QUOTA=no

Source : Openvz forums

To create and start a container, run the following commands:

vzctl create CTID –ostemplate osname
vzctl set CTID –ipadd <ipaddress>  –save
vzctl set CTID –nameserver <ipaddress> –save
Vzctl start CTID

Here CTID is the numeric ID for the container; osname is the name of the OS template for the container.

Example:

vzctl create 101 –ostemplate fedora-core-5-minimal
vzctl set 101 –ipadd 192.11.0.3 –save
vzctl set 101 –nameserver 192.11.0.3 –save
vzctl start 101

Your freshly-created container should be up and running now; you can see its processes:

vzctl exec CTID ps ax

Enter to and exit from the container

To enter container give the following command:

vzctl enter CTID
entered into container CTID
[container]#

To exit from container, just type exit and press Enter:

[container]# exit
exited from container VEID

Stop and destroy the container

To stop container:

vzctl stop CTID
Stopping container …
Container was stopped
Container is unmounted

And to destroy container:

vzctl destroy CTID
Destroying container private area: /vz/private/CTID
Container private area was destroyed

Source - openvz forums

OpenVZ:
Advantages: allows overselling. Very light weight. Can accommodate more Virtual Machines in a server.

Disadvantage: There is no per vps swap.

Why this is important:

OpenVZ will KILL your application if it goes beyond the limit, and this can cause some trouble. There are people out there who want to host oracle on a 64MB vps, and with such customers, using openVZ will lead to constant application crashes, which ultimately will be blamed on the provider. (This is actually something that is common with openvz/virtuozzo hosting in general; you can check some threads at wht).

With Xen, each vps has its own swap, and thus you get an EXACT dedicated server like environment, but with lesser resources. So here, the customers applications will NOT crash, but rather it will become slower. Also, majority of the applications, like apache, spamassassin expects a lot of memory, and openVZ makes memory a very valuable commodity.

So generally my recommendation is that: For friendly customers use openVZ, and use a lot of burst memory. For not-so-friendly customers, use Xen. And that is why we are providing transparent migration. You can start a customer on openVZ, and see how it works out, and if he is getting too many application crashes, you can move him to the SAME configuration on Xen, and he should be able to do fine, though his application would be slower.