/[gentoo]/xml/htdocs/proj/en/vps/vserver-howto.xml
Gentoo

Diff of /xml/htdocs/proj/en/vps/vserver-howto.xml

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.4 Revision 1.13
1<?xml version='1.0' encoding="UTF-8"?> 1<?xml version='1.0' encoding="UTF-8"?>
2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/vps/vserver-howto.xml,v 1.4 2007/01/10 17:21:36 phreak Exp $ --> 2<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/vps/vserver-howto.xml,v 1.13 2010/02/22 20:54:50 hollow Exp $ -->
3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> 3<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
4 4
5<guide link="/proj/en/vps/vserver-howto.xml"> 5<guide link="/proj/en/vps/vserver-howto.xml">
6<title>Gentoo Linux-VServer Howto</title> 6<title>Gentoo Linux-VServer Howto</title>
7 7
19 19
20<!-- The content of this document is licensed under the CC-BY-SA license --> 20<!-- The content of this document is licensed under the CC-BY-SA license -->
21<!-- See http://creativecommons.org/licenses/by-sa/2.5 --> 21<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
22<license/> 22<license/>
23 23
24<version>1.6</version> 24<version>1.11</version>
25<date>2006-06-19</date> 25<date>2008-03-03</date>
26 26
27<chapter> 27<chapter>
28<title>Introduction</title> 28<title>Introduction</title>
29<section> 29<section>
30<title>The Linux-VServer Concept</title> 30<title>The Linux-VServer Concept</title>
92# <i>emerge vserver-sources</i> 92# <i>emerge vserver-sources</i>
93</pre> 93</pre>
94 94
95<p> 95<p>
96After the vserver-sources are installed it's time to configure them using 96After the vserver-sources are installed it's time to configure them using
97<c>make menuconfig</c>. 97<c>make menuconfig</c>.. Below is a common configuration for 2.1.1 and above. If
98you are using 2.0.x some configuration options may not be present.
98</p> 99</p>
99 100
100<pre caption="Configure vserver-sources"> 101<pre caption="Configure vserver-sources">
101# <i>cd /usr/src/linux-&lt;KERNELVERSION&gt;-vserver-&lt;VSERVERVERSION&gt;</i> 102# <i>cd /usr/src/linux-&lt;KERNELVERSION&gt;-vserver-&lt;VSERVERVERSION&gt;</i>
102# <i>make menuconfig</i> 103# <i>make menuconfig</i>
103 104
104Linux VServer ---&gt; 105Linux VServer ---&gt;
106<comment>(Do not enable the legacy options)</comment>
105 [ ] Enable Legacy Kernel API 107 [ ] Enable Legacy Kernel API
106 [*] Disable Legacy Networking Kernel API 108 [ ] Enable Legacy Networking Kernel API
107<comment>(Highly recommended)</comment> 109<comment>(Read help text)</comment>
110 [ ] Remap Source IP Address
111 [*] Enable COW Immutable Link Breaking
112 [ ] Enable Virtualized Guest Time
108 [*] Enable Proc Security 113 [*] Enable Proc Security
109 [*] Enable Hard CPU Limits 114 [*] Enable Hard CPU Limits
115 [*] Avoid idle CPUs by skipping Time
116 [*] Limit the IDLE task
110 Persistent Inode Context Tagging (UID24/GID24) ---&gt; 117 Persistent Inode Tagging (UID24/GID24) ---&gt;
111 [ ] Tag NFSD User Auth and Files 118 [ ] Tag NFSD User Auth and Files
119 [*] Enable Inode Tag Propagation
120 [*] Honor Privacy Aspects of Guests
112 [ ] Compile Debugging Code 121 [ ] VServer Debugging Code
113</pre> 122</pre>
114 123
115<note> 124<note>
116If you are using reiserfs as filesystem on the partition where guest images are 125If you are using reiserfs as filesystem on the partition where guest images are
117stored, you will need to enable extended attributes for reiserfs in your 126stored, you will need to enable extended attributes for reiserfs in your
150<title>Setup host environment</title> 159<title>Setup host environment</title>
151<body> 160<body>
152 161
153<p> 162<p>
154To maintain your virtual servers you need the util-vserver package which 163To maintain your virtual servers you need the util-vserver package which
155contains all necessary programs and many useful features. Be aware that there 164contains all necessary programs and many useful features.
156is also a package called <c>vserver-utils</c>. It is a new incarnation of the
157user-space implementation of the VServer kernel API, but not yet usable for
158production use.
159</p> 165</p>
160
161<note>
162This version of the howto requires features only available in
163<c>&gt;=sys-apps/util-vserver-0.30.210-r6</c>. You may have to keyword/upgrade
164it first.
165</note>
166 166
167<pre caption="Install util-vserver"> 167<pre caption="Install util-vserver">
168# <i>emerge util-vserver</i> 168# <i>emerge >=sys-cluster/util-vserver-0.30.212</i>
169</pre> 169</pre>
170 170
171<p> 171<p>
172You have to run the <c>vprocunhide</c> command after every reboot in order to 172You have to run the <c>vprocunhide</c> command after every reboot in order to
173setup <path>/proc</path> permissions correctly for vserver use. An init script 173setup <path>/proc</path> permissions correctly for vserver guests. Two init
174has been installed by util-vserver. To use it you should add it to a runlevel: 174scripts have been installed by util-vserver which run the <c>vprocunhide</c>
175command for you and take care of virtual servers during shutdown of the host.
175</p> 176</p>
176 177
177<pre caption="vserver init script"> 178<pre caption="util-vserver init scripts">
179# <i>rc-update add vprocunhide default</i>
180# <i>/etc/init.d/vprocunhide start</i>
178# <i>rc-update add vservers default</i> 181# <i>rc-update add util-vserver default</i>
179# <i>/etc/init.d/vservers start</i> 182# <i>/etc/init.d/util-vserver start</i>
180</pre>
181
182<note>
183This init script will also start your default vservers. Read below for more
184information.
185</note>
186
187<p>
188The vshelper script is used to restart virtual servers correctly. You
189have to tell the kernel where the vshelper script is located:
190</p>
191
192<pre caption="vshelper setup">
193# <i>echo 'kernel.vshelper = /usr/lib/util-vserver/vshelper' &gt;&gt; /etc/sysctl.conf</i>
194# <i>sysctl -p</i>
195</pre> 183</pre>
196 184
197</body> 185</body>
198</section> 186</section>
199</chapter> 187</chapter>
200 188
201<chapter> 189<chapter>
202<title>Creating a guest template</title> 190<title>Guest creation</title>
203<section> 191<section>
204<title>Install a vserver stage3</title> 192<title>Download a precompiled stage3</title>
205<body> 193<body>
206 194
207<p>
208You have to download a vserver prepared stage3 from one of
209<uri link="/main/en/mirrors.xml">our mirrors</uri>. Those stages are located
210under the <path>experimental/&lt;arch&gt;/vserver/</path> directory.
211Then use the <c>vserver-new</c> script to create the initial guest.
212</p> 195<p>
196Since many hardware related commands are not available inside a virtual server,
197there has been a patched version of baselayout known as baselayout-vserver.
198However, since baselayout-2/openrc, all required changes have been integrated,
199eliminating the need for seperate vserver stages, profiles and baselayout. The
200only (temporary) drawback is that baselayout-2/openrc is still in testing
201(~arch) and there are no stages with baselayout-2/openrc available on the
202mirrors yet.
203</p>
213 204
214<note>Please note that starting with util-vserver-0.30.212 the vserver-new script 205<p>
215stopped existing, as the functionality got merged into UPSTREAM's release and is 206As soon as baselayout-2/openrc is stable you can use a precompiled stage3 from
216now integrated into util-vserver's swiss army knive <c>vserver</c>. It's now called 207one of <uri link="/main/en/mirrors.xml">our mirrors</uri>. In the meantime
217via <c>vserver &lt;name&gt; build</c>.</note> 208please download a stage3/4 or gentoo-vserver stage from
209<uri link="http://bb.xnull.de/projects/gentoo/">here</uri>. Since a
210stage3 contains a complete root filesystem you can use the template build
211method of util-vserver. However, this method only works reliable since
212util-vserver-0.30.213_rc5, so make sure you have the right version installed.
213</p>
218 214
219<p> 215<p>
220You have to choose a context ID for your vserver (dynamic context IDs are 216You have to choose a context ID for your vserver (dynamic context IDs are
221discouraged) as well as the necessary network device information (In this 217discouraged) as well as the necessary network device information (In this
222example eth0 is configured with 192.168.1.253/24 and the context ID is 218example eth0 is configured with 192.168.1.253/24 and the context ID is
225 221
226<note> 222<note>
227The context ID should be 1 &lt; ID &lt; 49152. 223The context ID should be 1 &lt; ID &lt; 49152.
228</note> 224</note>
229 225
226</body>
227</section>
228<section>
229<title>Using the template build method</title>
230<body>
231
232<p>
233For a long time now, plain init style was the only init style available for
234gentoo, i.e. a normal init process will be started inside the guest, just like
235on any common Unix system. However this approach has some drawbacks:
236</p>
237
238<ul>
239<li>No possibility to see output of init/rc scripts</li>
240<li>Wasted resources for idle init processes in each guest</li>
241<li>Annoying conflicts for <path>/etc/inittab</path></li>
242</ul>
243
244<p>
245Therefore, many users have requested to reimplement the gentoo init style,
246which has been abandonned since it was a very hacky implementation and more
247or less worked by accident due to other modifications done to baselayout back
248then. However, as of util-vserver-0.30.212 the gentoo init style has been
249reimplemented in a concise manner and will become the default in the future.
250</p>
251
252<note>
253If there is not a good reason for using an extra init process for each guest
254or if you don't know what to do here, you should stick with gentoo init style.
255</note>
256
230<pre caption="Start stage3 installation"> 257<pre caption="Start stage3 installation">
231# <i>vserver-new gentoo-template \</i> 258# <i>vserver myguest build \</i>
259 <i>--context 1253 \</i>
232 <i>--hostname gentoo \</i> 260 <i>--hostname gentoo \</i>
233 <i>--context 1253 \</i>
234 <i>--interface eth0:192.168.1.253/24 \</i> 261 <i>--interface eth0:192.168.1.253/24 \</i>
262 <i>--initstyle gentoo \</i> <comment>(replace if needed)</comment>
263 <i>-m template -- \</i>
264 <i> -d gentoo \</i>
235 <i>stage3 /path/to/stage3-&lt;arch&gt;-&lt;date&gt;.tar.bz2 &lt;arch&gt;</i> 265 <i> -t /path/to/stage3-&lt;arch&gt;-&lt;version&gt;.tar.bz2</i>
236</pre> 266</pre>
237 267
238<note> 268<note>
239To reflect your network settings you should change 269To reflect your network settings you should change
240<path>/etc/conf.d/hostname</path>, <path>/etc/conf.d/domainname</path> and 270<path>/etc/conf.d/hostname</path>, <path>/etc/conf.d/domainname</path> and
244link="/doc/en/handbook/handbook-x86.xml?part=1&amp;chap=8#doc_chap2_sect4">chapter 274link="/doc/en/handbook/handbook-x86.xml?part=1&amp;chap=8#doc_chap2_sect4">chapter
2458.b.4</uri>. The rest of your virtual servers network setup will be 2758.b.4</uri>. The rest of your virtual servers network setup will be
246done on the host. 276done on the host.
247</note> 277</note>
248 278
249</body>
250</section>
251<section>
252<title>Create the template tarball</title>
253<body>
254
255<p>
256You don't have to build a stage3 tarball for every guest. The <c>vserver-new</c>
257script supports templates. In order to use them you have to create a tarball of
258your vserver installation:
259</p> 279<p>
260
261<pre caption="Create template tarball">
262# <i>cd /vservers/gentoo-template</i>
263# <i>tar cjvpf ../gentoo-template-&lt;arch&gt;-&lt;date&gt;.tar.bz2 ./</i>
264</pre>
265
266<p>
267To create a new guest using this tarball just use <c>vserver-new</c>:
268</p>
269
270<pre caption="Use template tarball">
271# <i>cd /vservers</i>
272# <i>vserver-new myguest \</i>
273 <i>--hostname myguest \</i>
274 <i>--context 1252 \</i>
275 <i>--interface eth0:192.168.1.252/24 \</i>
276 <i>template ./gentoo-template-&lt;arch&gt;-&lt;date&gt;.tar.bz2 &lt;arch&gt;</i>
277</pre>
278
279<note>
280You should use a shared portage tree to keep guests small in size. Edit
281<path>/etc/vservers/myguest/fstab</path> and uncomment the entries
282for <path>/usr/portage</path> and <path>/usr/portage/distfiles</path>. Guests
283will have read-only access to <path>/usr/portage</path> and read-write access
284to <path>/usr/portage/distfiles</path>.
285</note>
286
287</body>
288</section>
289<section>
290<title>Test the virtual server</title>
291<body>
292
293<p>
294You should be able to start and enter the vserver by using the commands below. 280You should now be able to start and enter the vserver by using the commands
295If you miss commands like <c>mount</c> or <c>dmesg</c> you should <c>emerge 281below.
296util-linux</c> inside your virtual server as the vserver profile doesn't ship
297this package by default.
298</p> 282</p>
299 283
300<pre caption="Test the virtual server"> 284<pre caption="Test the virtual server">
301# <i>vserver myguest start</i> 285# <i>vserver myguest start</i>
286
287 OpenRC 0.4.3 is starting up Gentoo Linux (x86_64) [VSERVER]
288
289Press I to enter interactive boot mode
290
291* /proc is already mounted, skipping
292* Setting hostname to myguest... [ ok ]
293* Creating user login records... [ ok ]
294* Cleaning /var/run... [ ok ]
295* Wiping /tmp directory... [ ok ]
296* Updating /etc/mtab... [ ok ]
297* Initializing random number generator... [ ok ]
298* Starting syslog-ng... [ ok ]
299* Starting fcron... [ ok ]
300* Starting Name Service Cache Daemon... [ ok ]
301* Starting local... [ ok ]
302# <i>vserver-stat</i> 302# <i>vserver-stat</i>
303CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME 303CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
3040 90 1.4G 153.4K 14m00s11 6m45s17 2h59m59 root server 3040 90 1.4G 153.4K 14m00s11 6m45s17 2h59m59 root server
3051252 2 3M 286 0m00s45 0m00s42 0m02s91 myguest 3051252 2 3M 286 0m00s45 0m00s42 0m02s91 myguest
306# <i>vserver myguest enter</i> 306# <i>vserver myguest enter</i>
307# <i>ps ax</i> 307# <i>ps ax</i>
308PID TTY STAT TIME COMMAND 308 PID TTY STAT TIME COMMAND
309 1 ? S 0:00 init [3] 309 1 ? Ss 0:04 init [3]
31022887 ? Ss 0:00 /usr/sbin/syslog-ng 31027637 ? Ss 0:00 /usr/sbin/syslog-ng
31120496 pts/0 S 0:00 /bin/bash -login 31127656 ? Ss 0:00 /usr/sbin/fcron -c /etc/fcron/fcron.conf
31227676 ? Ssl 0:00 /usr/sbin/nscd
31327713 ? S+ 0:00 login
31427737 pts/15 Ss 0:00 /bin/bash
31220508 pts/0 R+ 0:00 ps ax 31527832 pts/15 R+ 0:00 ps ax
313# <i>logout</i> 316# <i>logout</i>
314</pre> 317</pre>
315 318
316</body> 319</body>
317</section> 320</section>
324<body> 327<body>
325 328
326<p> 329<p>
327You can start certain guests during boot. Each guest can be assigned a MARK. 330You can start certain guests during boot. Each guest can be assigned a MARK.
328Now everything you have to do is configure these MARKs in the guests 331Now everything you have to do is configure these MARKs in the guests
329configuration and tell the init script to run all MARKed guests. 332configuration and add the approriate init scripts to the default runlevel.
330</p> 333</p>
331 334
332<pre caption="Configure MARKs for each guest"> 335<pre caption="Configure MARKs for each guest">
333<comment>(Do this for every guest you want to start)</comment> 336<comment>(Do this for every guest you want to start)</comment>
334# <i>mkdir -p /etc/vservers/myguest/apps/init</i> 337# <i>mkdir -p /etc/vservers/myguest/apps/init</i>
335# <i>echo "default" > /etc/vservers/myguest/apps/init/mark</i> 338# <i>echo "default" > /etc/vservers/myguest/apps/init/mark</i>
336</pre> 339</pre>
337 340
338<note> 341<pre caption="Add init script to the default runlevel">
339Since all guests marked with "default" are started by default, nothing more has 342# <i>rc-update add vservers.default default</i>
340to be done. If you have different marks you should also update
341<path>/etc/conf.d/vservers</path>.
342</note>
343
344</body>
345</section>
346<section>
347<title>Gentoo goodies</title>
348<body>
349
350<p>
351The util-vserver ebuild has installed some goodies for Gentoo guests. You know
352<c>vserver-new</c> from the previous chapter. In this chapter, you will learn
353how to use <c>vesync</c> and <c>vemerge</c> to keep portage in sync as well as
354<c>vupdateworld</c> and <c>vdispatch-conf</c> to update guests.
355</p> 343</pre>
356 344
357</body> 345</body>
358</section> 346</section>
359<section> 347<section>
360<title>Keep portage in sync</title> 348<title>Keep portage in sync</title>
367 355
368<pre caption="Examples"> 356<pre caption="Examples">
369<comment>(Sync metadata for 'myguest')</comment> 357<comment>(Sync metadata for 'myguest')</comment>
370# <i>vesync myguest</i> 358# <i>vesync myguest</i>
371<comment>(Sync metadata for all guests)</comment> 359<comment>(Sync metadata for all guests)</comment>
372# <i>vesync -a</i> 360# <i>vesync --all</i>
373<comment>(Sync metadata for all guests except 'myguest')</comment>
374# <i>vesync -a -e myguest</i>
375<comment>(Sync 'myoverlay' for all guests)</comment> 361<comment>(Sync 'myoverlay' for all guests)</comment>
376# <i>vesync -a \</i> 362# <i>vesync --all \</i>
377 <i>--overlay /usr/local/overlays/myoverlay \</i> 363 <i>--overlay /usr/local/overlays/myoverlay \</i>
378 <i>--overlay-host rsync://rsync.myhost.com/myoverlay \</i> 364 <i>--overlay-host rsync://rsync.myhost.com/myoverlay \</i>
379 <i>--overlay-only</i> 365 <i>--overlay-only</i>
380<comment>(emerge app-editors/vim in 'myguest')</comment> 366<comment>(emerge app-editors/vim in 'myguest')</comment>
381# <i>vemerge myguest app-editors/vim -va</i> 367# <i>vemerge myguest -- app-editors/vim -va</i>
382</pre> 368</pre>
383
384<note>
385This script requires you to have a shared portage tree.
386</note>
387 369
388</body> 370</body>
389</section> 371</section>
390<section> 372<section>
391<title>Update guests</title> 373<title>Update guests</title>
411depending on command line options. 393depending on command line options.
412</p> 394</p>
413 395
414<pre caption="vupdateworld examples"> 396<pre caption="vupdateworld examples">
415<comment>(Pretend update for 'myguest')</comment> 397<comment>(Pretend update for 'myguest')</comment>
416# <i>vupdateworld -p myguest</i> 398# <i>vupdateworld myguest -- -vp</i>
417<comment>(Update 'myguest' using binary packages)</comment> 399<comment>(Update 'myguest' using binary packages)</comment>
418# <i>vupdateworld -k myguest</i> 400# <i>vupdateworld myguest -- -k</i>
419<comment>(Update all guests using binary packages)</comment> 401<comment>(Update all guests using binary packages)</comment>
420# <i>vupdateworld -ka</i> 402# <i>vupdateworld --all -- -k</i>
421</pre> 403</pre>
422 404
423<note> 405<note>
424In order to get binary packages you can either use PORTAGE_BINHOST (see <c>man 406In order to get binary packages you can either use PORTAGE_BINHOST (see <c>man
425make.conf</c>) or set FEATURES="buildpkg" in one or more guests. 407make.conf</c>) or set FEATURES="buildpkg" in one or more guests.
433 415
434<pre caption="vdispatch-conf examples"> 416<pre caption="vdispatch-conf examples">
435<comment>(Update configuration files for 'myguest')</comment> 417<comment>(Update configuration files for 'myguest')</comment>
436# <i>vdispatch-conf myguest</i> 418# <i>vdispatch-conf myguest</i>
437<comment>(Update configuration files for all guests)</comment> 419<comment>(Update configuration files for all guests)</comment>
438# <i>vdispatch-conf -a</i> 420# <i>vdispatch-conf --all</i>
439</pre> 421</pre>
440 422
441</body> 423</body>
442</section> 424</section>
443 425

Legend:
Removed from v.1.4  
changed lines
  Added in v.1.13

  ViewVC Help
Powered by ViewVC 1.1.20