Saturday, March 7, 2009

Linux-Vserver on Debian Etch, the "Debian way"

I have recently begun playing with Linux-Vserver, which is yet another virtualization method, which can be compared to UML, Xen, and OpenVZ (this list isn’t meant to be exhaustive). All these methods obviously differ much in their approach to virtualization, and have different levels of performance and security, but all might be worth giving a try to.

I have already covered UML in a previous article.

In this article, I will explain how to perform a basic set up of a Vserver on an up-to-date Etch system using the Debian specific method. Guests will also run Etch.

Configure the host

Linux-Vserver requires the kernel to be patched. Pre-build kernel images are available in the official Debian repositories, which avoids manual configuration and compilation:

host:~# aptitude install linux-image-vserver-686

You will surely want to chose whatever image suits to your architecture.

To install the verser utilities and the tools needed to set up and run vservers, you just need to install the following packages:

host:~# aptitude install util-vserver vserver-debiantools

Reboot on the newly installed kernel.

Create a vserver

Using the Debian specific tools to create a vserver allows you to install/remove packages on install (or just after), and remove the links to unneeded RC scripts automatically. It will also run basic configuration after set up (root password, time zone, creation of a standard user etc.) - all these steps have to be done manually with the standard method.

Default configuration

First, we need to configure the default options for all newly created vservers:

# cat /etc/vservers/newvserver-vars | grep -e '^$' -e '^#' -v
REMOVE_LINKS="klogd setserial urandom networking umountfs halt reboot"

You surely want to adapt these options to suit your needs (see newvserver(1) for complete list of options).

Build the guest

host:~# newvserver --hostname vps1 --domain \
--fakeinit --ip --context 10

Again, the options should be changed.

Run the guest

Once the basic tools are installed on the guest, you can start the vserver:

host:~# vserver vps1 start

and immediately use it:

host:~# vserver vps1 enter

Limit the disk space of the guests

Save the following script as /etc/vservers/vps1/scripts/post-start (you will have to create the scripts/directory):

/usr/sbin/vdlimit --xid 10 \
--set space_total=2000000 \
--set space_used=`du -s /var/lib/vservers/vps1/ | awk '{print $1}'` \
--set inodes_total=2000000 \
--set inodes_used=`ls -1aRi /var/lib/vservers/vps1/ | awk '/^[0-9]+ / { print $1 }' | sort -u | wc -l` \
--set reserved=5 /var/lib/vservers/vps1/

Rebooting/halting the guest from the guest

vreboot used to be necessary to reboot/halt your vserver (from within the guest). the reboot now works with a kernel helper, so it is sufficient to change nothing at all, just call into the kernel (from the
guest) and request a reboot (with reboot -f) or a halt (with halt -f.

You can set aliases n your ~/.bashrc:
alias reboot='reboot -f'
alias halt='halt -f'

Note that the default runlevel for vserver guests is 3.

Run the guests when host boots

host:~ # echo "default" > /etc/vservers/vps1/apps/init/mark

Check in /etc/default/util-vserver that the $MARK variable is set to default for this to work.


Networking in a Vserver environment is not virtualized, this can pose a problem when default configurations specify to listen on all interfaces. Each service should be configured to listen to the specified IP address, both on the host and on the guests.

Here are some examples for some current services:

  • SSH
  • OpenLDAP

External resources

No comments: