/[gentoo]/xml/htdocs/proj/en/vps/vserver-howto.xml
Gentoo

Contents of /xml/htdocs/proj/en/vps/vserver-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.14 - (show annotations) (download) (as text)
Sun Oct 28 15:21:17 2012 UTC (17 months, 2 weeks ago) by swift
Branch: MAIN
Changes since 1.13: +2 -2 lines
File MIME type: application/xml
Removing link attribute from guides

1 <?xml version='1.0' encoding="UTF-8"?>
2 <!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/vps/vserver-howto.xml,v 1.13 2010/02/22 20:54:50 hollow Exp $ -->
3 <!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4
5 <guide>
6 <title>Gentoo Linux-VServer Howto</title>
7
8 <author title="Author">
9 <mail link="hollow@gentoo.org">Benedikt Boehm</mail>
10 </author>
11 <author title="Editor">
12 <mail link="fox2mike@gentoo.org">Shyam Mani</mail>
13 </author>
14
15 <abstract>
16 In this Howto you will learn to setup a basic virtual server using the
17 Linux-VServer Technology
18 </abstract>
19
20 <!-- The content of this document is licensed under the CC-BY-SA license -->
21 <!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
22 <license/>
23
24 <version>1.11</version>
25 <date>2008-03-03</date>
26
27 <chapter>
28 <title>Introduction</title>
29 <section>
30 <title>The Linux-VServer Concept</title>
31 <body>
32
33 <p>
34 The basic concept of the Linux-VServer solution is to separate the user-space
35 environment into distinct units (sometimes called Virtual Private Servers) in
36 such a way that each VPS looks and feels like a real server to the processes
37 contained within.
38 </p>
39
40 </body>
41 </section>
42 <section>
43 <title>Terms used in this Howto</title>
44 <body>
45
46 <table>
47 <tr>
48 <th>Term</th>
49 <th>Description</th>
50 </tr>
51 <tr>
52 <th>Linux-VServer, VServer</th>
53 <ti>
54 Linux-VServer is the official name of the project and used in this Howto
55 the same way
56 </ti>
57 </tr>
58 <tr>
59 <th>virtual server, vserver, guest system</th>
60 <ti>
61 All these are interchangable and refer to one instance of a server (i.e.
62 one virtual server)
63 </ti>
64 </tr>
65 <tr>
66 <th>host system, host</th>
67 <ti>
68 The physical machine running your Gentoo Linux will host all virtual
69 servers
70 </ti>
71 </tr>
72 <tr>
73 <th>util-vserver</th>
74 <ti>
75 The <c>util-vserver</c> package contains all programs necessary for
76 maintaining your virtual servers
77 </ti>
78 </tr>
79 </table>
80
81 </body>
82 </section>
83 </chapter>
84
85 <chapter>
86 <title>Host configuration</title>
87 <section>
88 <title>Install a VServer kernel</title>
89 <body>
90
91 <pre caption="Install vserver-sources">
92 # <i>emerge vserver-sources</i>
93 </pre>
94
95 <p>
96 After the vserver-sources are installed it's time to configure them using
97 <c>make menuconfig</c>.. Below is a common configuration for 2.1.1 and above. If
98 you are using 2.0.x some configuration options may not be present.
99 </p>
100
101 <pre caption="Configure vserver-sources">
102 # <i>cd /usr/src/linux-&lt;KERNELVERSION&gt;-vserver-&lt;VSERVERVERSION&gt;</i>
103 # <i>make menuconfig</i>
104
105 Linux VServer ---&gt;
106 <comment>(Do not enable the legacy options)</comment>
107 [ ] Enable Legacy Kernel API
108 [ ] Enable Legacy Networking Kernel API
109 <comment>(Read help text)</comment>
110 [ ] Remap Source IP Address
111 [*] Enable COW Immutable Link Breaking
112 [ ] Enable Virtualized Guest Time
113 [*] Enable Proc Security
114 [*] Enable Hard CPU Limits
115 [*] Avoid idle CPUs by skipping Time
116 [*] Limit the IDLE task
117 Persistent Inode Tagging (UID24/GID24) ---&gt;
118 [ ] Tag NFSD User Auth and Files
119 [*] Enable Inode Tag Propagation
120 [*] Honor Privacy Aspects of Guests
121 [ ] VServer Debugging Code
122 </pre>
123
124 <note>
125 If you are using reiserfs as filesystem on the partition where guest images are
126 stored, you will need to enable extended attributes for reiserfs in your
127 kernel config and additionally add the <c>attrs</c> option in
128 <path>/etc/fstab</path>.
129 </note>
130
131 <pre caption="Configure reiserfs options">
132 File systems --->
133 &lt;*&gt; Reiserfs support
134 [*] ReiserFS extended attributes
135 </pre>
136
137 <pre caption="Example fstab with extended attributes">
138 /dev/hdb1 /vservers reiserfs noatime,attrs 0 0
139 </pre>
140
141 <p>
142 After you've built and installed the kernel, update your boot loader and
143 finally reboot to see if the kernel boots correctly.
144 </p>
145
146 <pre caption="Install the kernel">
147 <comment>(Building the kernel)</comment>
148 # <i>make</i>
149 <comment>(Installing)</comment>
150 # <i>make modules_install</i>
151 # <i>cp arch/&lt;arch&gt;/boot/bzImage /boot/kernel-&lt;KERNELVERSION&gt;-vserver-&lt;VSERVERVERSION&gt;</i>
152 <comment>(Edit bootloader config file as required and)</comment>
153 # <i>reboot</i>
154 </pre>
155
156 </body>
157 </section>
158 <section>
159 <title>Setup host environment</title>
160 <body>
161
162 <p>
163 To maintain your virtual servers you need the util-vserver package which
164 contains all necessary programs and many useful features.
165 </p>
166
167 <pre caption="Install util-vserver">
168 # <i>emerge >=sys-cluster/util-vserver-0.30.212</i>
169 </pre>
170
171 <p>
172 You have to run the <c>vprocunhide</c> command after every reboot in order to
173 setup <path>/proc</path> permissions correctly for vserver guests. Two init
174 scripts have been installed by util-vserver which run the <c>vprocunhide</c>
175 command for you and take care of virtual servers during shutdown of the host.
176 </p>
177
178 <pre caption="util-vserver init scripts">
179 # <i>rc-update add vprocunhide default</i>
180 # <i>/etc/init.d/vprocunhide start</i>
181 # <i>rc-update add util-vserver default</i>
182 # <i>/etc/init.d/util-vserver start</i>
183 </pre>
184
185 </body>
186 </section>
187 </chapter>
188
189 <chapter>
190 <title>Guest creation</title>
191 <section>
192 <title>Download a precompiled stage3</title>
193 <body>
194
195 <p>
196 Since many hardware related commands are not available inside a virtual server,
197 there has been a patched version of baselayout known as baselayout-vserver.
198 However, since baselayout-2/openrc, all required changes have been integrated,
199 eliminating the need for seperate vserver stages, profiles and baselayout. The
200 only (temporary) drawback is that baselayout-2/openrc is still in testing
201 (~arch) and there are no stages with baselayout-2/openrc available on the
202 mirrors yet.
203 </p>
204
205 <p>
206 As soon as baselayout-2/openrc is stable you can use a precompiled stage3 from
207 one of <uri link="/main/en/mirrors.xml">our mirrors</uri>. In the meantime
208 please download a stage3/4 or gentoo-vserver stage from
209 <uri link="http://bb.xnull.de/projects/gentoo/">here</uri>. Since a
210 stage3 contains a complete root filesystem you can use the template build
211 method of util-vserver. However, this method only works reliable since
212 util-vserver-0.30.213_rc5, so make sure you have the right version installed.
213 </p>
214
215 <p>
216 You have to choose a context ID for your vserver (dynamic context IDs are
217 discouraged) as well as the necessary network device information (In this
218 example eth0 is configured with 192.168.1.253/24 and the context ID is
219 equivalent to the last two parts of the virtual servers IP).
220 </p>
221
222 <note>
223 The context ID should be 1 &lt; ID &lt; 49152.
224 </note>
225
226 </body>
227 </section>
228 <section>
229 <title>Using the template build method</title>
230 <body>
231
232 <p>
233 For a long time now, plain init style was the only init style available for
234 gentoo, i.e. a normal init process will be started inside the guest, just like
235 on any common Unix system. However this approach has some drawbacks:
236 </p>
237
238 <ul>
239 <li>No possibility to see output of init/rc scripts</li>
240 <li>Wasted resources for idle init processes in each guest</li>
241 <li>Annoying conflicts for <path>/etc/inittab</path></li>
242 </ul>
243
244 <p>
245 Therefore, many users have requested to reimplement the gentoo init style,
246 which has been abandonned since it was a very hacky implementation and more
247 or less worked by accident due to other modifications done to baselayout back
248 then. However, as of util-vserver-0.30.212 the gentoo init style has been
249 reimplemented in a concise manner and will become the default in the future.
250 </p>
251
252 <note>
253 If there is not a good reason for using an extra init process for each guest
254 or if you don't know what to do here, you should stick with gentoo init style.
255 </note>
256
257 <pre caption="Start stage3 installation">
258 # <i>vserver myguest build \</i>
259 <i>--context 1253 \</i>
260 <i>--hostname gentoo \</i>
261 <i>--interface eth0:192.168.1.253/24 \</i>
262 <i>--initstyle gentoo \</i> <comment>(replace if needed)</comment>
263 <i>-m template -- \</i>
264 <i> -d gentoo \</i>
265 <i> -t /path/to/stage3-&lt;arch&gt;-&lt;version&gt;.tar.bz2</i>
266 </pre>
267
268 <note>
269 To reflect your network settings you should change
270 <path>/etc/conf.d/hostname</path>, <path>/etc/conf.d/domainname</path> and
271 <path>/etc/hosts</path> inside the guest to your needs. See <uri
272 link="/doc/en/handbook/handbook-x86.xml?part=1&amp;chap=8#doc_chap2_sect1">chapter
273 8.b.1</uri> and <uri
274 link="/doc/en/handbook/handbook-x86.xml?part=1&amp;chap=8#doc_chap2_sect4">chapter
275 8.b.4</uri>. The rest of your virtual servers network setup will be
276 done on the host.
277 </note>
278
279 <p>
280 You should now be able to start and enter the vserver by using the commands
281 below.
282 </p>
283
284 <pre caption="Test the virtual server">
285 # <i>vserver myguest start</i>
286
287 OpenRC 0.4.3 is starting up Gentoo Linux (x86_64) [VSERVER]
288
289 Press I to enter interactive boot mode
290
291 * /proc is already mounted, skipping
292 * Setting hostname to myguest... [ ok ]
293 * Creating user login records... [ ok ]
294 * Cleaning /var/run... [ ok ]
295 * Wiping /tmp directory... [ ok ]
296 * Updating /etc/mtab... [ ok ]
297 * Initializing random number generator... [ ok ]
298 * Starting syslog-ng... [ ok ]
299 * Starting fcron... [ ok ]
300 * Starting Name Service Cache Daemon... [ ok ]
301 * Starting local... [ ok ]
302 # <i>vserver-stat</i>
303 CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
304 0 90 1.4G 153.4K 14m00s11 6m45s17 2h59m59 root server
305 1252 2 3M 286 0m00s45 0m00s42 0m02s91 myguest
306 # <i>vserver myguest enter</i>
307 # <i>ps ax</i>
308 PID TTY STAT TIME COMMAND
309 1 ? Ss 0:04 init [3]
310 27637 ? Ss 0:00 /usr/sbin/syslog-ng
311 27656 ? Ss 0:00 /usr/sbin/fcron -c /etc/fcron/fcron.conf
312 27676 ? Ssl 0:00 /usr/sbin/nscd
313 27713 ? S+ 0:00 login
314 27737 pts/15 Ss 0:00 /bin/bash
315 27832 pts/15 R+ 0:00 ps ax
316 # <i>logout</i>
317 </pre>
318
319 </body>
320 </section>
321 </chapter>
322
323 <chapter>
324 <title>Maintenance made easy</title>
325 <section>
326 <title>Start guests on boot</title>
327 <body>
328
329 <p>
330 You can start certain guests during boot. Each guest can be assigned a MARK.
331 Now everything you have to do is configure these MARKs in the guests
332 configuration and add the approriate init scripts to the default runlevel.
333 </p>
334
335 <pre caption="Configure MARKs for each guest">
336 <comment>(Do this for every guest you want to start)</comment>
337 # <i>mkdir -p /etc/vservers/myguest/apps/init</i>
338 # <i>echo "default" > /etc/vservers/myguest/apps/init/mark</i>
339 </pre>
340
341 <pre caption="Add init script to the default runlevel">
342 # <i>rc-update add vservers.default default</i>
343 </pre>
344
345 </body>
346 </section>
347 <section>
348 <title>Keep portage in sync</title>
349 <body>
350
351 <p>
352 The script <c>vesync</c> will help you to keep the metadata cache and overlays
353 in sync. <c>vemerge</c> is a simple wrapper for <c>emerge</c> in guests.
354 </p>
355
356 <pre caption="Examples">
357 <comment>(Sync metadata for 'myguest')</comment>
358 # <i>vesync myguest</i>
359 <comment>(Sync metadata for all guests)</comment>
360 # <i>vesync --all</i>
361 <comment>(Sync 'myoverlay' for all guests)</comment>
362 # <i>vesync --all \</i>
363 <i>--overlay /usr/local/overlays/myoverlay \</i>
364 <i>--overlay-host rsync://rsync.myhost.com/myoverlay \</i>
365 <i>--overlay-only</i>
366 <comment>(emerge app-editors/vim in 'myguest')</comment>
367 # <i>vemerge myguest -- app-editors/vim -va</i>
368 </pre>
369
370 </body>
371 </section>
372 <section>
373 <title>Update guests</title>
374 <body>
375
376 <p>
377 Gentoo guests can share packages to save compilation time. In order to use
378 shared packages, you have to create a central directory for packages on the
379 host. We will use <path>/var/cache/vpackages</path> on the host and mount it
380 to <path>/usr/portage/packages</path> in every guest.
381 </p>
382
383 <pre caption="Add bind mount to guest configuration">
384 # <i>mkdir -p /var/cache/vpackages</i>
385 # <i>$EDITOR /etc/vservers/myguest/fstab</i>
386 <comment>(Add this line at the end)</comment>
387 /var/cache/vpackages /usr/portage/packages none bind,rw 0 0
388 </pre>
389
390 <p>
391 Now you can use <c>vupdateworld</c> to update every guest. The command is
392 equivalent to something like <c>emerge --deep --update --newuse world</c>
393 depending on command line options.
394 </p>
395
396 <pre caption="vupdateworld examples">
397 <comment>(Pretend update for 'myguest')</comment>
398 # <i>vupdateworld myguest -- -vp</i>
399 <comment>(Update 'myguest' using binary packages)</comment>
400 # <i>vupdateworld myguest -- -k</i>
401 <comment>(Update all guests using binary packages)</comment>
402 # <i>vupdateworld --all -- -k</i>
403 </pre>
404
405 <note>
406 In order to get binary packages you can either use PORTAGE_BINHOST (see <c>man
407 make.conf</c>) or set FEATURES="buildpkg" in one or more guests.
408 </note>
409
410 <p>
411 After a successful update you can easily update all configuration files with
412 <c>vdispatch-conf</c>. It is a simple wrapper for <c>dispatch-conf</c> and
413 behaves exactly the same.
414 </p>
415
416 <pre caption="vdispatch-conf examples">
417 <comment>(Update configuration files for 'myguest')</comment>
418 # <i>vdispatch-conf myguest</i>
419 <comment>(Update configuration files for all guests)</comment>
420 # <i>vdispatch-conf --all</i>
421 </pre>
422
423 </body>
424 </section>
425
426 <section>
427 <title>Contact</title>
428 <body>
429
430 <p>
431 Please feel free to contact the <mail link="hollow@gentoo.org">author</mail> or
432 file a bug on <uri link="http://bugs.gentoo.org">Bugzilla</uri> in case of any
433 problems.
434 </p>
435
436 </body>
437 </section>
438 </chapter>
439 </guide>

  ViewVC Help
Powered by ViewVC 1.1.20