Friday, March 19, 2010

OpenVZ set up on laptop "freedom"

I've set up OpenVZ on the "server laptop" that I call freedom.

uname -n && sudo vzlist
freedom
CTID NPROC STATUS IP_ADDR HOSTNAME
150 17 running 192.168.1.150 dns1
199 16 running -

I'll now be able to run more virtual servers with much lower overhead on IO and CPU load. Prolly better for a laptop, eh?

Note that when you've installed OpenVZ, one needs to edit /etc/sysctl.conf so that your containers, (virt machines) are ready for the network and can be unleashed to the public.

jayeola@freedom ~ ^_^ sudo sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0


Don't need to reboot when you've set the file up, just restart the service vz ;-)

service vz status
OpenVZ is running...


I like to make my logging quite verbose, until I get under the hood, configured stuff and ironed out any wrinkles and glitches that may turn up.

Note how I have specified a default template to use, which will be a CentOS 5 template.
cat /etc/vz/vz.conf

## Global parameters
VIRTUOZZO=yes
LOCKDIR=/vz/lock
DUMPDIR=/vz/dump
VE0CPUUNITS=1000

## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=9
VERBOSE=9

## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=no

# Disable module loading. If set, vz initscript do not load any modules.
#MODULES_DISABLED=yes

# The name of the device whose IP address will be used as source IP for CT.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"

# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=detect

## Template parameters
TEMPLATE=/vz/template

## Defaults for containers
VE_ROOT=/vz/root/$VEID
# Disable module loading. If set, vz initscript do not load any modules.
#MODULES_DISABLED=yes

# The name of the device whose IP address will be used as source IP for CT.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"

# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=detect

## Template parameters
TEMPLATE=/vz/template

## Defaults for containers
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
CONFIGFILE="vps.basic"
DEF_OSTEMPLATE="centos-5-i386-default"

## Load vzwdog module
VZWDOG="no"

## IPv4 iptables kernel modules
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

## Enable IPv6
IPV6="no"

## IPv6 ip6tables kernel modules
IP6TABLES="ip6_tables ip6table_filter ip6table_mangle ip6t_REJECT"
Posted by at
Labels: ,

1 comment:

  1. jayeolaMarch 19, 2010 at 2:10 PM

    Don't forget flush the firewall or let the packets to those vps go thru ;-)

    ReplyDelete

Subscribe to: Post Comments (Atom)