Support This Project

These are rough instructions of how to manually create basic Debian Etch (4.0) template cache, which can be used to create OpenVZ VEs based on Debian Etch (4.0).

  1. Create debootstrap for Debian
  2. Preparing and starting the VPS
    1. Setting VE config
    2. Setting VE OSTEMPLATE
    3. Setting VE IP address
    4. Setting DNS server for VE
    5. Starting VE
  3. Customizing the installation
    1. Set Debian repositories
    2. Get new security updates
    3. Install some more packages
    4. Set sane permissions for /root directory
    5. Disable root login
    6. Disable getty
    7. Disable sync() for syslog
    8. Fix /etc/mtab
    9. Remove some unneeded packages
    10. Disable services
    11. Set correct editor
    12. Fix SSH host keys
    13. Clean packages
  4. Preparing for and packing template cache
  5. Checking if template cache works
  6. Final cleanup

Create debootstrap for Debian

debootstrap --arch amd64 etch /vz/private/777 http://ftp2.fr.debian.org/debian/

777 is a unused VPS ID.

Preparing and starting the VPS

Setting VE config

First, we need a config for the VE: 

vzctl set 777 --applyconfig vps.basic --save

Setting VE OSTEMPLATE

Also, we need OSTEMPLATE to be set in VE configuration file, for the vzctl to work properly. 

echo "OSTEMPLATE=debian-4.0" >> /etc/vz/conf/777.conf

Setting VE IP address

For the VE to be able to download updates from the Internet, we need a valid IP address for it: 

vzctl set 777 --ipadd x.x.x.x --save

Setting DNS server for VE

For the VE to be able to download updates from the Internet, we also need to specify a DNS for it: 

vzctl set 777 --nameserver x.x.x.x --save

Starting VE

Now start the VE: 

vzctl start 777

Customizing the installation

A few things need to be done inside a newly created VE for it to become suitable for OpenVZ. All those things are done inside the VE, so first command is: 

vzctl enter 777
export PATH=/sbin:/usr/sbin:/bin:/usr/bin

Note: Warning! Do not run the commands below on the hardware node, they are only to be run within the VE!

Set Debian repositories

cat <<EOF > /etc/apt/sources.list
deb http://ftp2.fr.debian.org/debian/ etch main contrib
deb http://security.debian.org etch/updates main contrib
EOF

Get new security updates

apt-get update
apt-get upgrade

Install some more packages

Installing packages could be an interactive process so the system might ask some questions. You can install more packages if you'd like. For example: 

apt-get install ssh quota vim locales

Set sane permissions for /root directory

chmod 700 /root

Disable root login

This will disable root login by default. 

usermod -L root

Disable getty

Disable running gettys on terminals as a VE does not have any: 

sed -i -e '/getty/d' /etc/inittab

Disable sync() for syslog

Turn off doing sync() on every write for syslog's log files, to improve I/O performance: 

sed -i -e 's@\(space:\)\(/var/log/\)@\1-\2@' /etc/syslog.conf

Fix /etc/mtab

Link /etc/mtab to /proc/mounts, so df and friends will work: 

rm -f /etc/mtab
ln -s /proc/mounts /etc/mtab

Remove some unneeded packages

If you have any packages you'd like to remove, now's the time for it. Here's an example: 

dpkg --purge modutils ppp pppoeconf pppoe pppconfig

Disable services

Do not start some services, stick to bare minimum: 

update-rc.d -f klogd remove
update-rc.d -f quotarpc remove
update-rc.d -f exim4 remove
update-rc.d -f inetd remove

Set correct editor

update-alternatives --set editor /usr/bin/vim.basic

Fix SSH host keys

This is only useful if you installed SSH. Each individual VE should have its own pair of SSH host keys. The code below will wipe out the existing SSH keys and instruct the newly-created VE to create new SSH keys on first boot. 

rm -f /etc/ssh/ssh_host_*
cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
#!/bin/bash
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ""
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ""
rm -f \$0
EOF
chmod a+x /etc/rc2.d/S15ssh_gen_host_keys

Clean packages

After installing packages, you'll have some junk packages laying around in your cache. Since you don't want your template to have those, this command will wipe them out. 

apt-get clean

Now everything is done. Exit from the template and go back to the hardware node.

exit

Preparing for and packing template cache

We don't need an IP for the VE anymore, and we definitely do not need it in template cache, so remove it: 

vzctl set 777 --ipdel all --save

Also, remove DNS server and search domain information from /etc/resolv.conf file in VE: 

vim /vz/private/777/etc/resolv.conf

Stop the VE: 

vzctl stop 777

Go to the VE directory: 

cd /vz/private/777

Now create a cached OS tarball. In the command below, you'll want to replace amd64 with your architecture (i386, amd64, ia64, etc). 

tar -zcf /vz/template/cache/debian-4.0-x86_64-minimal.tar.gz .

Look at the resulting tarball to see its size is sane: 

# ls -lh /vz/template/cache
-rw-r--r-- 1 root root 60M 2007-04-13 14:43 debian-4.0-x86_64-minimal.tar.gz

Checking if template cache works

We can now create a VE based on the just-created template cache. Be sure to change i386 to your architecture just like you did when you named the tarball above. 

vzctl create 123456 --ostemplate debian-4.0-x86_64-minimal

Now make sure that it works: 

vzctl start 123456
vzctl exec 123456 ps ax

You should see that a few processes are running.

Final cleanup

Stop and remove the test VE you just created: 

vzctl stop 123456
vzctl destroy 123456
rm /etc/vz/conf/123456.conf.destroyed

Finally, let's remove the VE we used for OS template cache creation: 

vzctl destroy 777
rm /etc/vz/conf/777.conf.destroyed