原作者: Falko Timme
翻译者: Topkey
最后编辑时间:02/04/2009
使用说明:蓝色字体为链接、红色字体为shell中的命令、棕色字体为文件中的内容或者是屏幕中显示的字符、灰色字体为正文
在这篇教程中我将会为大家讲解如何在Debian Lenny服务器上安装OpenVZ。使用OpenVZ你可以在同一个硬件环境中创建多个虚拟化专用服务器(VPS),其作用类似于Xen和Linux Vserver项目.OpenVZ是Virtuozzo旗下的一款开源品牌,提供一个商业的虚拟化解决方案.已经被许多提供虚拟化服务器的提供商使用。OpenVZ内核是遵循GPL授权许可,并且其用户化工具遵循QPL许可。
这篇教程是一篇实用教程,它不包括相关的理论背景,如需了解相关理论背景请查询网络其他的文档。
这篇文档不附带任何形式的保证,我想要说的是这不仅仅是设置此类系统的唯一方法,还有很多达到这个目的的方法,但是我使用的是教程中的方法,我使用此方法,没有任何问题。
1前言
我在这里使用的是一个X86_64(amd64平台下)的系统,如果你是在i386平台,在一些命令的使用上或许有些不同,我将会在不同点特别注别。
2.安装OpenVZ
OpenVZ的内核、vzctl和vzquota包在Debian Lenny库中,我们要使用下列命令安装他们:
apt-get install linux-image-openvz-amd64 vzctl vzquota
(如果你是用的是i386的系统,内核包的名字是linux-image-openvz-686)
创建一个提供后台兼容的符号链接从/var/lib/vz 到 /vz。
ln -s /var/lib/vz /vz
打开/etc/sysctl.conf文件并且确保使用下面的设置:
vi /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1
如果你要修改/etc/sysctl.conf文件运行下列命令:
sysctl ?p
然后,
Ps:如果你的虚拟机的ip地址是一个不同子网的主机ip地址的话下一步就显得很重要了。如果你不这样做的话,虚拟机的网络可能不会正常工作。
打开/etc/vz/vz.conf文件并设置NEIGHBOUR_DEVS 参数值为 all:
vi /etc/vz/vz.conf
# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=all
在这个环境中,我同时也想安装vzdump和vzprocps包,这两个包并不存在Debian lenny库中。但是我们可以从http://download.openvz.org/debian-systs的网站里的Etch库中下载.(他们曾经也提供Lenny库,但是最近已经被删除了)因此打开/etc/apt/sources.list文件…
vi /etc/apt/sources.list
在这个文件中添加下面的语句:
deb http://download.openvz.org/debian-systs etch openvz当然我们想从Etch 库中安装文件时不把我们的系统搞糟。我们设置系统只有在在Lenny库中没有适当的软件时,我们才使用Etch库。如果在一个包同时存在在Lenny和Etch版本中时,系统优先在Lenny中安装它。要做到这一点,我们可以在/etc/apt/preferences中可以设置给Lenny更高的权限:
vi /etc/apt/preferences
Package: *
Pin: release a=lenny
Pin-Priority: 700
Package: *
Pin: release a=etch
Pin-Priority: 650
然后我们打开/etc/apt/apt.conf文件…
vi /etc/apt/apt.conf
在这个文件中添加下面两行:
APT::Default-Release “stable”;
APT::Cache-Limit “100000000″;
运行下列命令
wget -q http://download.openvz.org/debian-systs/dso_archiv_signing_key.asc -O- | apt-key add ? && apt-get update
然后下载库中的关键部分和更新软件包数据库.
然后运行
apt-get install vzdump vzprocps
来安装vzdump和vzprocps.
最后,重启系统:
Reboot
如果系统重启正常,说明安装顺利!
运行命令
uname ?r
现在系统将会显示新的OpenVZ的内核:
server1:~# uname -r
2.6.26-1-openvz-amd64
server1:~#
3使用 OpenVZ
在我们使用OpenVZ创建虚拟机之前,我们需要在/var/lib/vz/template/cache文件夹下注意模板的范围,在即将使用的虚拟机里。我们可以通过模板来创建虚拟机。
运行命令
apt-cache search openvz
在输出的结果中你会看到一些Debian的模板。例如:
vzctl-ostmpl-debian-4.0-amd64-minimal ? OpenVZ ? OS Template
debian-4.0-amd64-minimal
vzctl-ostmpl-debian-4.0-i386-minimal ? OpenVZ ? OS Template
debian-4.0-i386-minimal
vzctl-ostmpl-debian-5.0-amd64-minimal ? OpenVZ ? OS Template
debian-5.0-amd64-minimal
vzctl-ostmpl-debian-5.0-i386-minimal ? OpenVZ ? OS Template
debian-5.0-i386-minimal
可以使用下面命令来安装你需要安装系统的模板(ps:amd64平台下的模板不可以在i386主机上使用):
apt-get install vzctl-ostmpl-debian-5.0-amd64-minimal vzctl-ostmpl-debian-4.0-amd64-minimal
你可以使用这些模板的其中一个,你同时也可以在http://wiki.openvz.org/Download/template/precreated找到一个模板的列表.例如,我们不通过apt命令安装vzctl-ostmpl-debian-5.0-amd64-minimal模板。而是使用下列命令下载:
cd /var/lib/vz/template/cache
wget
http://download.openvz.org/template/precreated/contrib/debian-5.0-amd64-minimal.tar.gz
(ps:如果你的主机是i386系统,你不能使用amd64的模板-你必须使用i386的模板)
下面,我将会为大家来展示使用OpenVZ的最基本的命令.
假使我们想试用vzctl-ostmpl-debian-5.0-amd64-minimal模板来设置一个虚拟机(ps:你可以在/var/lib/vz/template/cache文件里找到它),运行下列命令:
vzctl create 101 ?ostemplate debian-5.0-amd64-minimal ?config vps.basic
在这里101必须是一个唯一的ID-每一个虚拟机虚拟拥有独一无二的ID。你可以使用虚拟机ip地址的最后一部分,例如,如果虚拟机ip地址是192.168.0.101,你可以使用101作为虚拟机的ID.
如果你想在系统启动时打开vm,运行下列命令
vzctl set 101 ?onboot yes ?save
使用下列命令可以设置为虚拟机设置主机名和ip地址:
vzctl set 101 ?hostname test.example.com ?save
vzctl set 101 ?ipadd 192.168.0.101 ?save
下面,我们设置接口的数量为120,然后为虚拟机委派几个域名服务器:
vzctl set 101 ?numothersock 120 ?save
vzctl set 101 ?nameserver 145.253.2.75 ?nameserver 213.191.92.86
?save
(ps:如果想不是用vzctl命令,你也可以在/etc/vz/conf文件家里直接编辑虚拟机的配置文件)。如果虚拟机的ID是101,其配置文件的位置在etc/vz/conf/101.conf.)
使用下列命令可以启动虚拟机
vzctl start 101
使用下列命令可以为虚拟机设置一个root密码
vzctl exec 101 passwd
使用下列命令可以通过ssh连接到虚拟机(类似于PUTTY):
vzctl enter 101
想要离开虚拟机的终端,直接输入
Exit
停止虚拟机,运行
vzctl stop 101
启动虚拟机,运行
vzctl restart 101
从硬盘里删除虚拟机(ps:在删除之前需要停止虚拟机),运行
vzctl destroy 101
可以通过下列命令查看所有虚拟机的列表和其当前的状态
vzlist ?a
server1:~# vzlist -a
VEID NPROC
STATUS IP_ADDR
HOSTNAME
101 8
running 192.168.0.101 test.example.com
server1:~#
使用下列命令查看分配给虚拟机的资源
vzctl exec 101 cat /proc/user_beancounters
server1:~# vzctl exec 101 cat /proc/user_beancounters
Version: 2.5
uid resource
held maxheld barrier limit failcnt
101: kmemsize
500737 517142
11055923
11377049 0
lockedpages
0 0 256 256 0
privvmpages 2315
2337 65536 69632 0
shmpages 640 640 21504 21504 0
dummy
0 0 0 0 0
numproc
7 7 240 240 0
physpages 1258
1289 0
2147483647 0
vmguarpages
0 0 33792
2147483647 0
oomguarpages
1258
1289 26112
2147483647 0
numtcpsock 2 2 360 360 0
numflock 1 1 188 206 0
numpty 1 1
16
16 0
numsiginfo 0 1 256 256 0
tcpsndbuf
17856 17856 1720320 2703360 0
tcprcvbuf
32768 32768 1720320 2703360 0
othersockbuf
2232
2928 1126080 2097152 0
dgramrcvbuf
0 0
262144
262144 0
numothersock 1 3 120 120 0
dcachesize 0 0 3409920 3624960 0
numfile
189 189
9312
9312 0
dummy
0 0 0 0 0
dummy
0 0 0 0 0
dummy
0 0 0 0 0
numiptent 10
10 128 128 0
server1:~#
failcnt这一列非常重要,它通常是显示为0。如果不是0的话,这就意味着,当前的虚拟机需要更多的系统资源。打开位于/etc/vz/conf目录下的配置文件,然后适当的增加资源,最后重启虚拟机。
查询更多关于vzctl命令,运行
man vzctl
4.相关链接
OpenVZ: http://openvz.org
Debian: http://www.debian.org
分类: Debian, Virtualization 标签: Debian Lenny, OpenVZ, 虚拟化
使用vzdump克隆/备份/恢复OpenVZ虚拟机
2009年10月15日 尚可乐 2 条评论
版本 1.0
源地址:http://www.howtoforge.com/clone-back-up-restore-openvz-vms-with-vzdump
原作者: Falko Timme
翻译者:Topkey
最后编辑日期: 11/20/2008
使用说明:蓝色字体为链接、红色字体为shell中的命令、棕色字体为文件中的内容、灰色字体为正文
Vzdump是一款OpenVZ虚拟机的备份和恢复工具,这篇教程将会教会你怎样使用Vzdump克隆/备份/恢复虚拟机。
这篇文章我已经测试成功!
1 前言
我在这篇教程中使用两个OpenVZ服务器:
Server1.example.com:IP 192.168.0,100
Server2.example.com:IP 192.168.0.101
(两台都使用的是Debian Etch的系统,设置的过程大家可以参考这篇教程Installing And Using OpenVZ On Debian Etch-但是vzdump同时也支持其他版本的linux)
我在server1.example.com服务器上运行着一个主机名为test.example.com的虚拟机,它的ip地址是192.168.1.102且他的VEID是102.我想备份这个虚拟机,并把它恢复在server2.example.com这台服务器上。
我们可以原封不动的把虚拟机恢复在server2.example.com的服务器上(例如相同的ip地址和主机名),但是运行克隆在server2的虚拟机时,我们必须停止在server1.example.com服务器上的虚拟机。否则的话,ip地址和主机名将会冲突;第二种方法我们在恢复虚拟机之前,使用vzctl set命令改变一些参数例如ip地址和主机名。这样的话,我们可以同时运行两个虚拟机(原本运行在server1.example.com上的虚拟机和克隆在server2.example.com)第二种方法是克隆虚拟机的最好的方法。
2.准备OpenVz服务器
首先我们必须安装Vzdump和它所依赖的rsync,在debian系统中,命令如下:
server1/server2:
apt-get install vzdump rsync
3创建一个虚拟机的备份
这一章仅需要在server1服务器上操作就可以了
在server1.example.com上,想创建一个VEID为102的虚拟机的备份,先看一下vzdump的帮助
man vzdump
来学习下如何使用vzdump.
要备份你服务器上所有的虚拟机,你可以使用下列命令
vzdump ?compress ?dumpdir /home/backup ?stop ?all
?compress 意思是: 压缩备份的文件 (压缩为一个.tgz文件).
?dumpdir确定你想存储备份的文件夹,如果你不定义一个dumpdir,默认为/vz/dump或者/var/lib/vz/dump(依赖你的版本)。
?stop 停止虚拟机,常见备份,然后启动虚拟机。如果你使用—stop你的虚拟机将会停掉几分钟.一个更快的方案是你使用…
?suspend:挂起虚拟机,虚拟机备份这时会拷贝via rsync到一个临时文件.虚拟机将会在定调几秒后立刻得以恢复,然后这个dump被创建使用的是临时文件夹下的拷贝。我推荐使用这种方法如果你不想等太久的话。
你也可以省去?stop 和 ?suspend直接备份一个正在运行的虚拟机,大多数情况下这是没有问题的,但是可能会使备份不同意,因此请慎用!
?all创建所有可用虚拟机的备份,如果你想备份一个特定虚拟机的备份,使用虚拟机的VEID来替换。
要想把创建VEID为102的虚拟机备份在/home/backup,并且想在备份的时候停止虚拟机,使用下列命令
vzdump ?compress ?dumpdir /home/backup ?stop 102
要想创建一个dump到默认文件夹(/vz/dump or /var/lib/vz/dump),使用命令
vzdump ?compress ?stop 102
输出结果将会如下所示
server1:/vz/dump# vzdump ?compress ?stop 102
INFO: starting backup for VPS 102 (/var/lib/vz/private/102)
INFO: starting first sync /var/lib/vz/private/102 to
/var/lib/vz/dump/tmp9009
INFO: stopping vps
Stopping container …
Container was stopped
Container is unmounted
INFO: final sync /var/lib/vz/private/102 to
/var/lib/vz/dump/tmp9009
INFO: restarting vps
Starting container …
Container is mounted
Adding IP address(es): 192.168.0.102
Setting CPU units: 1000
Configure meminfo: 65536
Set hostname: test.example.com
File resolv.conf was modified
Container start in progress…
INFO: vps is online again after 15 seconds
INFO: Creating archive ‘/var/lib/vz/dump/vzdump-102.tgz’
(/var/lib/vz/dump/tmp9009/102)
Total bytes written: 340428800 (325MiB, 11MiB/s)
INFO: backup for VPS 102 finished successful (1.37 minutes)
server1:/vz/dump#
不像停止,仅仅挂起虚拟机,使用命令
vzdump ?compress ?suspend 102
输出结果如下所示
server1:~# vzdump ?compress ?suspend 102
INFO: starting backup for VPS 102 (/var/lib/vz/private/102)
INFO: starting first sync /var/lib/vz/private/102 to
/var/lib/vz/dump/tmp10842
INFO: suspend vps
Setting up checkpoint…
suspend…
get context…
Checkpointing completed succesfully
INFO: final sync /var/lib/vz/private/102 to
/var/lib/vz/dump/tmp10842
INFO: resume vps
Resuming…
INFO: vps is online again after 4 seconds
INFO: Creating archive ’/var/lib/vz/dump/vzdump-102.tgz’
(/var/lib/vz/dump/tmp10842/102)
Total bytes written: 340428800 (325MiB, 24MiB/s)
INFO: backup for VPS 102 finished successful (1.57
minutes)
server1:~#
在备份之后,我们看一下dump的目录…
ls -l /vz/dump/
你将会看到一个以.tgz为后缀的文件:
server1:~# ls -l /vz/dump/
total 147864
-rw-r?r? 1 root root 1170
2008-11-20 17:40 vzdump-102.log
-rw-r?r? 1 root root 151249685 2008-11-20 17:40 vzdump-102.tgz
server1:~#
你现在就可以拷贝这个dump到其他的OpenVZ服务器上了,使用scp把/vz/dump/vzdump-102.tgz这个备份拷贝到server2.example.com的/home文件夹下);
scp /vz/dump/vzdump-102.tgz root@192.168.0.101:/home
4.恢复一个虚拟机
(这一章仅仅是针对server2的!)
在server2.example.com,你现在就可以恢复这个虚拟机了,使用下列命令….
vzdump ?restore /home/vzdump-102.tgz 250
在这里250是恢复虚拟机新的VEID-你也可以使用任何在server2.example.com上没有被使用的VEID-你甚至可以再次使用102,如果server2.example.com上没有使用的话。
如果你不想修改虚拟机的设置(例如。Ip地址,主机名),你现在就可以启动它了,但是请确认在server1.example.com上的原始的虚拟机已经停止,否则会导致ip冲突。
vzctl start 250
如果你想同时运行两个虚拟机(原始的和克隆的),你必须克隆虚拟机启动前改变其ip地址和主机名.
要设置一个新的主机名,运行下列命令:
vzctl set 250 ?hostname test2.example.com ?save
要设置一个新的ip地址,我们必须先删除原来的。
vzctl set 250 ?ipdel 192.168.0.102 ?save
然后我们设置一个新的
vzctl set 250 ?ipadd 192.168.0.250 ?save
最后我们就可以启动克隆的虚拟机了。
vzctl start 250
5 相关链接
OpenVZ: http://wiki.openvz.org/
分类: Debian, Virtualization 标签: Debian, OpenVZ
在CentOS5.2上使用Vtonf 控制面板管理OpenVZ
2009年10月14日 尚可乐 没有评论
版本 1.0
源地址:http://www.howtoforge.com/managing-openvz-with-vtonf-control-panel-on-centos-5.2
原作者: Falko Timme
译者:Topkey
最后一次编辑日期 11/11/2008
使用说明:蓝色字体为链接、红色字体为shell中的命令、棕色字体为文件中的内容、黑色字体为正文
Vtonf是一款免费的基于web界面的控制面板(符合GPL),它可以管理OpenVz上虚拟专用服务器(VPS)。使用她甚至是那些有很少专业只是的用户也可以很简单地创建和管理OpenVZ上的虚拟机。到目前为止,Vtonf仅仅支持RedHat, Fedora, 和 CentOS(支持Debian正在计划中)。因此,我将在一个CentOS5.2服务器上讲解Vtonf的安装和使用。
我并不能保证这个教程完全适合你!
1前言
确信你已经在你的CentOS5.2服务器上安装好了OpenVZ。可以参考这篇教程Installing And Using OpenVZ
On CentOS 5.2
我将在一个i386平台的系统上做试验,我不知道Vtonf是否工作在x86_64位的系统上-Vtonf附带的INSTALL文件上说不可以,但是Vtonf wiki确没有关于这方面的介绍。
2.安装Vtonf
在我们安装Vtonf之前,我们必须安装一些相关的软件包
yum install vzpkg expect
然后去http://www.vtonf.com/downloads.html网站下载并安装最新的Vtonf包,如下所示:
cd /tmp
wget
http://mesh.dl.sourceforge.net/sourceforge/vtonf/vtonfinstaller.1.0-beta1.tar.gz
tar xvfz vtonfinstaller.1.0-beta1.tar.gz
cd vtonfinstaller.1.0-beta1
./install
你将会被问到几个问题:
Do you wish to start the installation procedure (y/n)? : y
选择yes继续
接受Vtonf的协议
接着Vtonf就开始安装了
输入一个用户名
输入一个你想在登陆Vtonf控制面板时所使用的密码
然后,Vtonf的安装就结束了:
Vtonf control panel installation completed. Please login to the control panel from the following information
http://192.168.0.100:8001/
Login Name : admin
Password : howtoforge
Visit our forum : http://www.vtonf.com/forum/index.php
Get support : http://www.vtonf.com/support.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
正如你所见,安装程序告诉你了Vtonf控制面板的url地址(在我的例子中是http://192.168.0.100:8001/)
3使用Vtonf
打开浏览器并且进入Vtonf管理界面
这个就是管理界面的样子了,我将会讲述最重要的功能创建一个虚拟机,点击Create Node(尽管Vtonf非常简单,你可以完全弄清楚了)
Vtonf里出现了一个OS templates,centos-4-i386-minimal,选择这一个,选择一个配置文件(例如vps.basic),并且填入主机名和ip地址(在下一个章节,我将讲解怎样添加更多的OS templates),点击Create Node 按钮:
几分钟后你就能看到有关虚拟机已经安装创建的信息了
在Node Listing下,你就能看到你的新虚拟机了
你可以为你的虚拟机创建plans(plans定义一些包含内存,磁盘空间等信息)然后使用这个plan创建虚拟机(创建出来的虚拟机就会具有和这个plan上设定的相同的属性),这可以省去了你手工的输入设置,并且可以快速的创建虚拟机。
等你创建好一个虚拟机后,你进入NODE MANAGEMENT并且点击Node Start来启动虚拟机,从下拉菜单中选择虚拟机,并点击Start按钮
在你第一次启动虚拟机时,你需要设置为它设置一个root密码(这一步必须在虚拟机运行的时候进行),点击Go to SERVICES > Change Node Root Password,选择虚拟机,并且两次输入你想要的管理密码。
在NODE NANAGEMENT > Set Nameservers之下,你也可以为你的虚拟机定义一些域名服务器(这一步也必须在虚拟机运行的时候进行)除非你在一个plan中定义了域名服务器,并且虚拟机也是从这个plan中创建的。
Vtonf相当易操作,你可以玩下其他的设置,来看看他们能做些什么.
4.添加OS Templates
由于Vtonf仅仅附带一个OS Templates(centos-4-i386-minimal),你可能想添加更多的OS
Templates。你可以在http://wiki.openvz.org/Download/template/precreated找到一个OS
Templates列表。这些OS Templates必须存储在/vz/template/cache文件夹下,我们来下载两个OS
templates (CentOS 5 and Debian Etch):
cd /vz/template/cache
wget
http://download.openvz.org/template/precreated/contrib/centos-5-i386-default.tar.gz
wget
http://download.openvz.org/template/precreated/debian-4.0-i386-minimal.tar.gz
然后我们必须使得Vtonf重新读取/vz/template/cache,来发现这两个新的OS templates,点开VTONF > Update Settings.
并且点击Update按钮
然后,当你打开SERVER > Create Node你就会在Operating System下拉菜单中发现新的OS templates。
5.相关链接
Vtonf: http://www.vtonf.com
OpenVZ: http://wiki.openvz.org
CentOS: http://www.centos.org
http://wiki.centos.org/HowTos/Virtualization/OpenVZ
CentOS
* Login
* FrontPage
* Help
* Tips and Tricks
* How To
* FAQs
* Events
* Contribute
* Newsletter
* Changelog
* OpenVZ
Search:
* HowTos
* Virtualization
* OpenVZ
Installing and using OpenVZ on CentOS 5
[attachment:ArtWork/WikiDesign/icon-admonition-info.png]
Please note that the OpenVZ kernel is a product of the OpenVZ Project and is NOT supported by CentOS.
The OpenVZ Project follows the RHEL kernels closely and provides updates in a somewhat timely fashion after updated Red Hat (and CentOS) kernels are released. As a result the RHEL-based OpenVZ kernels are well suited for use on RHEL and CentOS hosts with support for (almost) all of the same hardware. Please note though that the OpenVZ kernel is less modular than the stock Red Hat / CentOS kernels with some hardware support being compiled in.
It is recommended you read this HOWTO in its entirety before attempting any of the operations shown in it.
What is OpenVZ?
OpenVZ is operating system-level virtualization based on a modified Linux kernel that allows a physical server to run multiple isolated instances known as containers, virtual private servers (VPS), or virtual environments (VE). The preferred term these days is container. Containers are sometimes compared to chroot or jail type environments but containers are really much better in terms of isolation, security, functionality, and resource management.
OpenVZ consists of a custom Linux kernel (available from the OpenVZ Project) and some user-level tools. OpenVZ is very portable, does not rely on VT support in the CPU, and as a result it is available for a number of CPU families including x86, x86-64, IA-64, PowerPC and SPARC.
OS-level virtualization is quite different from machine / hardware virtualization products such as VMware Server, Parallels Workstation, VirtualBox, QEMU, KVM, and Xen in that with OpenVZ you can only do Linux on Linux virtualization.
OpenVZ modifies the Linux kernel to add advanced containerization features which allow for isolated groups of processes under a parent init along with about twenty dynamic resource management parameters for controlling container resource usage. The OpenVZ Project maintains three stable kernel branches:
1. RHEL4 / CentOS4 2.6.9 based
2. RHEL5 / CentOS 5 2.6.18 based
3. Vanilla 2.6.18 based
There are a number of unstable branches based on newer versions of the Linux kernel that may eventually reach stable status.
Why use OpenVZ?
Since it is relatively light weight, OS virtualization offers a number of benefits over machine / hardware virtualization:
1. It is much more efficient
2. It scales better
3. It offers much greater machine density
4. It offers a larger number of resource management
parameters
5. Resource management is dynamic so no container
restart is needed
OpenVZ is able to achieve better performance (so close to native it is hard to measure a difference), scalability and density because there is a single Linux kernel running on the physical host with each container only taking up the resources necessary for running the processes / services you want inside them without all of the overhead of a full operating system. A basic container might be between 8-14 additional processes on the host node. OpenVZ can also handle more advanced applications such as huge multi-threaded Java applications with hundreds of threads / processes given the appropriate amount of container resource management configuration.
Another advantage of OpenVZ is that it offers a wide range of dynamic resource management parameters including several for memory usage, number of processes, CPU usage, disk space usage, etc... all of which may be changed while the container is running. OpenVZ also supports container disk quotas as well as (optional) user and group disk quotas within the containers.
OpenVZ offers a number of advanced features including checkpointing and container migration from one physical host to another. Migration comes in two forms:
1. Live migration minimizes downtime (only a few
seconds) and maintains machine uptime and network connections
2. Offline migration where the machine is stopped,
migrated, and then started back up again.
The migration features of OpenVZ do NOT require a shared storage solution and utilizes rsync to flawlessly copy container directory structures from one physical host to another.
When NOT to use OS Virtualization
While there are a large number of usage scenarios where you would want to use OS Virtualization, there remain a few scenarios where OS Virtualization is NOT suited and machine / hardware virtualization would be preferred:
1. When you need to run non-Linux OSes
2. When you want to run multiple kernel versions
3. When you need a highly customized kernel
OpenVZ History
SWsoft (now known as Parallels) initially released a product for Linux named Virtuozzo back in 2001. Their current product is named Parallels Virtuozzo Containers. In 2005 a version of Virtuozzo was released for Microsoft Windows. Also in 2005, SWsoft created the OpenVZ Project to release under a GPL 2 license the underlying technology upon which Virtuozzo builds.
While OS Virtualization does not seem to have garnered the press attention and excitement some of the machine / hardware virtualization products have gotten in recent years, having initially been released in 2001 (Virtuozzo) and 2005 (OpenVZ), they have both proven themselves to be efficient, stable, and secure workhorses on tens of thousands of servers around the world. Linux OS Virtualization (which includes Linux-VServer) is arguably the oldest and most widely deployed Linux virtualization platform to date.
OS Virtualization and OpenVZ Future
In a few presentations in 2007 and 2008 on the future of the Linux kernel, Andrew Morton identified containers as being the only thing he was certain of that was coming to the Linux kernel because there were a number of strong stake holders working on it including IBM, Google and the OpenVZ Project.
Container features started appearing in the mainline kernel starting with the 2.6.24 kernel and more have been added in subsequent releases. The joint effort is more commonly referred to as control groups (or cgroups for short) and a number of kernel subsystems have been modified (scheduler, memory management, etc) to be cgroup aware. It is not known how long it will take before the cgroup implementation in the mainline Linux kernel will be feature complete, stable, and in wide use... so it appears that OpenVZ will be around for some time to come.
There is another OS Virtualization product for Linux named Linux-Vserver. Linux-VServer is a quality product / project too but there are a number of differences between OpenVZ and Linux-VServer. Parallels / OpenVZ are working with the mainline Linux kernel developers to get container features into the mainline Linux kernel. The Linux-VServer developers are working independently and have decided that Linux-VServer will stay an out-of-tree patch for the foreseeable future. That is not to say that OpenVZ is going directly into the mainline kernel because it is not. The cgroup effort is a consensus of all of its stakeholders. It is clear however that the OpenVZ Project has contributed a lot of code to the mainline kernel.
Installing OpenVZ
The OpenVZ Project website (www.openvz.org) has a lot of quality documentation including a Users Guide PDF, a Quick Installation Guide, and a vast wiki of howto and troubleshooting articles. This article will briefly cover the installation process. You will need to be the root user for all of the following tasks.
Adding the OpenVZ yum repository
Installing OpenVZ on a CentOS 4 or CentOS 5 host is very easy because the OpenVZ Project provides an openvz.repo for use with yum. Simply download the openvz.repo file and place it in the /etc/yum.repos.d/ directory. Examine the openvz.repo file as it contains a number of repository definitions with two being enabled by default: 1) RHEL5-based kernel and 2) the OpenVZ utilities. Edit it to meet your needs.
Import the OpenVZ key
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
Install the OpenVZ kernel
Depending on which kernel arch you want, simply do:
yum install ovzkernel.i386
or
yum install ovzkernel.x86_64
With the OpenVZ kernel installed it is almost time to reboot, but before rebooting a few additional details need to be taken care of: 1) Examine /etc/grub.conf to ensure the desired kernel is set to be the default, 2) Edit the /etc/sysctl.conf to enable some kernel features that are needed for OpenVZ and 3) Make sure SELINUX is disabled.
I will not cover how to edit /etc/grub.conf since that is a fairly common, non-OpenVZ specific task.
Editing /etc/sysctl.conf
If desired, backup your original sysctl.conf file (cp /etc/sysctl.conf /etc/sysctl.conf.original). Edit the /etc/sysctl.conf file with your preferred text editor and add the following:
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
# net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Disabling SELINUX
Unfortunately SELINUX is not compatible with nor included in the OpenVZ kernel. To disable SELINUX, edit the /etc/sysconfig/selinux config file with your preferred text editor and set it to disabled:
SELINUX=disabled
Now it is time to reboot your computer into the OpenVZ kernel.
Installing the utilities
To install the OpenVZ utility programs, simply do:
yum install vzctl vzquota
Once vzctl is installed you want to start up the OpenVZ service by doing the following:
service vz start
The vz service should be set to start up automatically but feel free to check it with:
chkconfig --list vz
Now OpenVZ is fully installed and you are ready to create your first container but first you need to get installation media for the desired Linux distribution.
Using OpenVZ
OS Templates - Linux Distribution Install Media
The vzctl command is used to create and configure OpenVZ containers. Before you can create a container, you need install media for the Linux distribution you want to install. OpenVZ can NOT use CD / DVD install media (NOR .iso disk image files). OpenVZ requires what it calls an OS Template to create a container for a given Linux distribution. You can download a number of pre-created OS Templates from the OpenVZ website. This is the recommended route for new OpenVZ users. Once you are more familiar with OpenVZ you may want to create your own OS Templates from scratch using a variety of recipes available on the OpenVZ wiki. You can find pre-created OS Templates provided by the OpenVZ Project here:
http://download.openvz.org/template/precreated/
You can also find community contributed OS Templates here:
http://download.openvz.org/contrib/template/precreated/
Download the desired OS Template file and place it in the /vz/template/cache directory on your CentOS 5 host node.
Creating Your First Container
To create a container you use the vzctl command with the create option and a few other parameters. You will need to decide on a unique container ID number (CTID). You will also need some additional information: What OS Template do you want to install from? What IP address will it have? What hostname do you want to give it? What initial resources do you want it to have (taken from a sample configuration template)? These are all set with the following parameters:
--ostemplate {template name}
--conf {config name}
--ipadd {nn.nn.nn.nn}
--hostname {FQDN}
Here is a complete example:
vzctl create 101 \
--ostemplate centos-5-i386-default \
--conf vps.basic \
--ipadd 199.199.199.199 \
--hostname mynew.container.com
That will create a directory named /vz/private/{CTID} and extract the OS Template into it. It will also copy the specified config file to /etc/vz/conf/{CTID}.conf to create a configuration for the container. Please note that the values given for --ostemplate and --conf do NOT match up to full OS Template nor the configuration filenames... and are somewhat truncated.
The vps.basic configuration is just that, very basic... with a somewhat conservative amount of resources given to the container. For a look at the various resource parameters and their values, feel free to have a look at the sample configuration files in the /etc/vz/conf directory. You can create your own configuration samples (as many as you like) using the vzsplit command (man vzsplit) or by copying existing config files to new files and editing them.
After you create a machine you need to set a few additional parameters using the vzctl set command. Here's an example:
vzctl set 101 \
--name mynew \
--nameserver "205.171.2.65 205.171.3.65" \
--diskspace 10G:10G \
--save
That will update your container's config file (in this example /etc/vz/conf/101.conf). Any time you run the vzctl set command if you don't include the --save parameter it will not save the configuration changes to your config file... but if the container is running it will dynamically change the parameters in the running container for that session. You will almost always want to include the --save as the last parameter for the vzctl set command.
Starting your new Container
Just issue the following command to start your new container:
vzctl start {CTID}
or following our example
vzctl start 101
You should see a message about your container starting up. Assuming you didn't botch any of the parameters, it should start right up.
As you would expect, the keywords stop and restart also work as expected. If a container is not running you can destroy it which will remove its config file as well as delete its directory structure (/vz/private/{CTID}) from the host node filesystem.
Entering your new Container
Once your container is going, it should be accessible via the network just like a physical server would be. But since you are on the host node, you can use a vzctl shortcut to directly enter the container as root without authentication.
vzctl enter {CTID}
Following our example
vzctl enter 101
You should get a new command prompt inside of your new container. You will probably want to set a root password by using the passwd command or you could do the following from the host node:
vzctl set {CTID} --userpasswd {user}:{password} --save
It is assumed that you are a fairly good Linux system administrator who is NOT afraid of the command line. Have a look around your new system. It should look and act almost identically to a physical machine. You can install software (see section about yum below), create accounts, add new system services and modify their configurations.
You can view the resources given to a container within it by looking at the /proc/user_beancounters file. You can view all parameters given to all containers from the host node by looking at /proc/user_beancounters on the host node. Resource management is beyond the scope of this article so consult vzctl man page or the Users Guide PDF for complete information.
What if yum is missing in my container?
Prior to January of 2009, the pre-created OS Templates provided by the OpenVZ Project did not have yum installed and that seemed to have miffed a lot of users. The reason was that some OpenVZ system administrators prefered to use a tool on the host node named vzyum that allowed them to do yum type operations on containers from the host node. Why would they want to do that? Because the yum database and file caches can sometimes take up a significant amount of diskspace (and bandwidth) if each container has its own copy of yum. Using vzyum on the host node, there is a single yum database / cache and the software packages only have to be downloaded once.
In January of 2009 the OpenVZ project released updated pre-created OS Templates for CentOS that include yum so it is no longer an issue. The official OS Templates are updated approximately once a month so there should be no reason to use older OS Templates without yum installed. If you have a CentOS OS Template that does not include yum, it is either older than January 2009 or you got it from another source than the OpenVZ project.
If you still have a CentOS container without yum installed there is a wiki page on the OpenVZ wiki that explains how to install yum in a container. Basically you download all of the rpm packages needed for yum and install them with rpm. Hopefully this issue has become a thing of the past.
In Closing
This article has only covered the very basics of OpenVZ. Topics not covered include container monitoring / resource management, configuration file editing / creation (see the vzsplit man page), the container filesystem, or any additional tasks necessary to become a productive OpenVZ system administrator. Also note that OpenVZ has two types of network adaptors and only the basic / default venet was covered. The veth network adaptor has a wider range of capabilities.
The documentation provided by the OpenVZ Project is really good and there is plenty of it. Be sure and read the Users Guide PDF guide for the most comprehensive documentation. The Users Guide is a little dated though as it was written before the addition of the veth network device, checkpointing and migration. Also available are the man pages for all of the various commands. When you want to get into container migration be sure and read the vzmigrate man page.
You are encouraged to get involved and participate in the OpenVZ project by visiting the OpenVZ website, using the forums, the IRC channel (#openvz on the Freenode IRC network), as well as filing bugs if you run across any at http://bugzilla.openvz.org . Get familiar with the OpenVZ website as there is a lot of material there.
Additional Resources
OpenVZ Project website
OpenNode Bare-metal CentOS-based distro with OpenVZ and KVM
Interview with OpenVZ Project Manager
OS Virtualization vs. Hardware Virtualization video presentation
from Linuxfest Northwest 2008
Container migration demo video
Performance evaluation of Xen vs. OpenVZ by HP Labs
OpenVZ blog
Parallels Inc.
Linux-VServer website
Interview with Linux-VServer Project Leader
This is the initial release of this HOWTO and I (Scott Dowdle) plan on updating it with additional information, especially if I get any reader feedback. Suggestions and comments are encouraged. Feel free to email: dowdle at montanalinux.org.
Please do not email the CentOS mailing lists or visit the CentOS