How to create a Redhat Enterprise Linux OpenVZ Template

Sections: 

This guide is a reference on how to create a RedHat Enterprise Linux v6 template for OpenVZ.  

There are other ways and variations on how one can go about this.  The method I will present here is the way I do it. In this case I used the recompiled from source distribution known as Scientific Linux.  This guide should work equally well for any distribution including Redhat, CentOS etc.  It also works for v5 with a few minor changes or omissions which should be obvious. This guide was used with the 32bit distribution.  

I see no reason why it would not work with the 64bit version.  Your mileage may vary.

 Let's get started

The basic idea is to install the physical server then transfer it to an OpenVZ virtual server.  In OpenVZ terminology a virtual server is a functioning 'container' with operating system installed.  Container basically refers to the virtual shell of the virtual server.  I will use the 2 terms interchangeably. There are 3 major steps:

  1. Install the Linux OS on a physical server (or VMware).
  2. Transfer the installed OS to an OpenVZ virtual server (container) on an OpenVZ physical server (node) we have root access to.
  3. Modify the transferred install to work on OpenVZ.

Step 1, install Linux

For the first step you simply download the operating system ISO and install the OS on to a physical server.  Ideally you will want to make the install as minimal as possible to keep things small and simple.  In the case of RHEL that usually means not selecting any options to install.  Not even "base".  All an OpenVZ template requires is for networking, SSH server, and yum to be working.  Once you have that up and running at a command line on a physical server you are done.  

Disable SElinux which is not compatible with OpenVZ.  You do that by editing /etc/selinux/config and set SELINUX=disabled.  If the file does not exist you have to create it.  Lastly, you need to install rsync for the transfer to work (yum install rsync). If you are planning to transfer an existing server running Linux + some application then all you need to do is disable selinux and install rsync.

Step 2, transfer to OpenVZ

For the second step we need to set up a Physical OpenVZ server.  You will require a second physical server or VMware.  Physical server is better since OpenVZ will run slower on VMware.  A couple GUI OpenVZ options are HyperVM and OVZ Web Panel.  Do not use Proxmox or any other Debian based one.  The version of Makedev they use is quite a bit different and does not work for this procedure.  One can also just install barebones OpenVZ on top of Linux and use command lines which is a bit more involved.  For RHEL 6 based nodes I typically use OpenVZ web panel.  

Ideally the Linux server and OpenVZ server should be on the same private subnet so you don't have to deal with any NAT, router, and firewall issues.  Once the VPS is created I shut it down then I log into the OpenVZ server node as root and work directly on the VPS files from there. Create a variable for the OpenVZ container which in this example is 110.

CTID=110

NOTE: Make sure to substitute 110 for the container ID number (CTID) of the OpenVZ container you will be using to create a template in.  After you do this the container directory on the node will be accessed by using $CTID. Check that the path variable is now set to the desired container.  This will persist until we close the console window (shell).

echo $CTID

It should respond with the proper CTID number. Now delete the container and its contents. Then recreate the directory.  Be careful to cut and paste the entire line.  There is no second chance once the command is entered and "rm -rf /" will wipe out the entire server.

rm -rf /vz/private/$CTID
mkdir /vz/private/$CTID 

Make sure the container directory has default group/owner set to root and default permissions set to 0755.  This should be the defaults set for all directories created in this procedure. You can also create a container manually from a command line using this procedure but I prefer my method for simplicity. For the transfer we run the following rsync command on the OpenVZ node we are transferring the server to:

rsync -arvpz --exclude=/dev --exclude=/mnt --exclude=/proc --exclude=/sys --exclude=/tmp -e ssh [email protected]:/ /vz/private/$CTID/

Where xx.xx.xx.xx is the IP of the physical server or VMware virtual machine etc. we want to transfer from.

Step 3, Modify the transferred files

Once the files are transferred we need to do several things in order for the transferred server to work on OpenVZ.

A container does not have real ttys, so you have to disable getty.
sed -i -e 's/^[0-9].*getty.*tty/#&/g'  /vz/private/$CTID/etc/inittab

Disk partitions are not needed in a container so delete everything in vz/private/$CTID/etc/fstab and replace it with:

none /dev/pts devpts rw 0 0

Create /dev /mnt /proc /sys /tmp which we excluded in the rsync transfer above.

mkdir /vz/private/$CTID/dev
mkdir /vz/private/$CTID/mnt
mkdir /vz/private/$CTID/proc
mkdir /vz/private/$CTID/sys
mkdir /vz/private/$CTID/tmp

Verify that default group/owner is root and default permissions are 0755 for all the above directories as well as all other directories created in this procedure. Create /dev/pts

mkdir /vz/private/$CTID/dev/pts

Create /etc/udev/devices

mkdir /vz/private/$CTID/etc/udev/devices

Create device nodes

/sbin/MAKEDEV -d /vz/private/$CTID/dev -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0
/sbin/MAKEDEV -d /vz/private/$CTID/etc/udev/devices -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0

Make sure /tmp and /var/tmp have proper permissions

chmod 1777 /vz/private/$CTID/tmp
chmod 1777 /vz/private/$CTID/var/tmp

Edit /vz/private/$CTID/etc/sysconfig/network-scripts/ifcfg-ethx. Where x is 0, 1, 2 etc. Make the following look like this:

ONBOOT=no

For RHEL 6 and clone distributions, you must comment out "console" in /vz/private/$CTID/etc/init/rc.conf and /vz/private/$CTID/etc/init/rcS.conf.  You must also delete or rename tty.conf and start-ttys.conf.  If you do not the container will not boot up. Create yum repository for OpenVZ rpm's

nano /vz/private/$CTID/etc/yum.repos.d/vz.repo

Add the following text

[vz-base]
name=vz-base
mirrorlist=http://vzdownload.swsoft.com/download/mirrors/redhat-el6
gpgcheck=0 

[vz-updates]
name=vz-updates
mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-rhel6
gpgcheck=0

Now boot or reboot the newly created OpenVZ virtual private server.  Open a terminal window via SSH to the IP address of the newly created VPS and log in as root with the password you assigned to the VPS.  If it is not working for some reason go back and verify you correctly completed all of the above steps. Now that you are logged in to your newly created VPS with a command line check that networking and yum work by doing "yum update" from the command prompt.  If it finds and asks to update any packages then type (Y)es. Finally:

yum install vzdev vzdummy-apache vzdummy-jre-el5 vzdummy-glibc vzdummy-init-fc13

None of the above packages are absolutely critical and some may not be found depending on which repositories you have configured. You may have some problems with some things if you do not install them but chances are you won't.  You should now have a fully functioning OpenVZ container ported over from a physical server.

Miscellaneous clean up and removal

OpenVZ containers do not need a kernel or boot section since they run off the host kernel.  So remove the kernel and all files in the boot directory of the container. NOTE: Remember, we are doing this from a command line inside an OpenVZ container.  Not on the OpenVZ node (physical host server) itself which would render it inoperable.

rm -rf /boot/*.*
rpm -e --nodeps kernel

Depending on what you are doing, sometimes you will have things on the transferred server that are are dependent on the kernel and will not run if you remove it even though they cannot use it on an OpenVZ virtual server.  In that case you are better off just leaving the kernel alone.  It should not cause any problems by leaving it on. Now you can go through and remove all un-necessary packages.  The list is too long and varied to lay out in a step by step.  One way to go about it is list all rpm packages.

rpm -qa

Then go through the list one by one and remove anything to do with hardware such as hardware monitoring, BIOS functions, hard drives and partitions etc.  If in doubt you can list the details of a package by doing the following.

rpm -qi package_name

Create Template File

After testing your running VPS you can create the template file.  In HyperVM GUI you simply press the "Create Template" button.  If you are using ProxMox or running without a GUI you can do the following.

From command line on the actual node. Stop the container by typing vzctl stop $CTID.
Make sure you are in the /vz/private/$CTID folder.
cd /vz/private/$CTID
Finally, package up the new template. 
tar -czvf /vz/template/cache/centos-5-x86_64-custom.tar.gz ./
"centos-5" can also be "centos-6" or "scientificlinux-6" or ?  OpenVZ expects the format "OS + "-" + "version".
 
"x86_64"  is also mandatory and MUST be one of the following: i386, x86, x86_64
 
The "custom" part can be whatever you want
 
The template is ready for use.

 

References

Physical to Container. Creating a CentOS 5 Container