2
A sample procedure for Linux-VServer and aufs on plain Debian Etch.
5
# $Id: linux-vserver.txt,v 1.6 2007/11/19 01:09:25 sfjro Exp $
8
Linux-Vserver (http://linux-vserver.org) is another solution for
10
It doesn't provide hardware emulation, bios emulation nor individual
11
kernel for virtual machines, but it provides Virtual Private
12
Server(VPS) aka Security Context.
13
VPS shares the hardware among the host and othere VPS, and runs on a
14
host kernel, and finally it provides an inidividual virtual server.
15
A root filesystem for VPS is a normal directory or mount-point, unlike
17
If you can admit sharing everything under OS among VPSs and the host,
18
it is recommended to use aufs in order to reduce the disk usage for
21
./patch/vserver.patch in aufs is originally written and posted to ML
22
by Wilhelm Meier. Additionally, he gave a comment on this document.
27
Services: public HTTP only
28
IP Address: 192.168.1.101
30
Services: public FTP only
31
IP Address: 192.168.1.102
33
Services: only SSH for internal administration
34
IP Address: 192.168.1.9
35
misc: build /srv/plain for both of vs1 and vs2, as an aufs
37
/srv/plain is the common base dir for vs1 and vs2,
38
including package management.
39
build /srv/vs[12].rw as an aufs readwrite branch.
40
mount /var/lib/vservers/vs[12] as aufs.
41
+ /var/lib/vservers/vs1 = /srv/vs1.rw + /srv/plain
42
+ /var/lib/vservers/vs2 = /srv/vs2.rw + /srv/plain
46
- install plain Debian Etch.
47
- install the necessary packages.
48
# aptitude install linux-image-2.6.18-5-vserver-686 \
49
linux-headers-2.6.18-5-vserver-686 util-vserver debootstrap \
50
ssh cvs patch gcc sudo bzip2
51
- set sudo by visudo, if necessary.
52
- make SSH to accept on host only, by editing /etc/ssh/sshd_config.
53
ListenAddress 192.168.1.9
54
- configure your boot loader for vmlinuz-2.6.18-5-vserver-686.
55
- reboot with the kernel vmlinuz-2.6.18-5-vserver-686.
58
o Install aufs to host
59
- download aufs source files.
61
- build and install aufs module.
62
$ patch -p0 < ./patch/vserver.patch
63
patching file fs/aufs/vfsub.h
65
Building modules, stage 2.
67
- install aufs module.
70
o Build the common directory, /srv/plain
71
- install plain Debian Etch to /srv/plain
73
$ sudo mkdir plain vs1.rw vs2.rw
74
$ sudo debootstrap etch ./plain http://ftp.debian.org/debian
76
I: Retrieving Packages
78
I: Base system installed successfully.
80
- setup the common issues
81
+ vs1 and vs2 must be described in /etc/hosts.
82
+ disable some init scripts around the management for a hardware, as
83
vserver-debiantools package does.
84
+ /srv/plain/etc/hostname is dummy. it will be overrided by
85
/srv/vs[12].rw/etc/hostname later.
86
+ in this sample, the packages are handled or centralized on host.
87
+ disable IPv6 in proftpd, if necessary (on unnecessary).
89
$ sudo cp -p --parents /etc/apt/sources.list /etc/hosts .
92
# echo plain > /etc/hostname
95
# for link in klogd hwclock.sh setserial urandom networking umountfs halt reboot mountvirtfs mountall.sh mountnfs.sh ifupdown
96
> do update-rc.d -f $link remove
100
# aptitude install apache2 proftpd
102
# /etc/init.d/proftpd stop
103
# echo UseIPv6 off >> /etc/proftpd/proftpd.conf
106
- customize apache2 and proftpd sevices anyway you like here. but
107
remember, you need to specify IP address to every service in
108
linux-vserver, instead of wildcard (0.0.0.0).
111
o Build VPS root directory, /var/lib/vservsers/vs[12]
113
$ sudo vserver vs1 build -m skeleton --hostname vs1 --interface eth0:192.168.1.101/24
114
$ sudo vserver vs2 build -m skeleton --hostname vs2 --interface eth0:192.168.1.102/24
116
- append these lines to /etc/fstab on host, in order to mount the root
117
direcotry for VPSs automatically at boot time.
118
none /var/lib/vservers/vs1 aufs defaults,br:/srv/vs1.rw:/srv/plain 0 0
119
/home /var/lib/vservers/vs1/home ext3 defaults,bind,ro 0 0
120
none /var/lib/vservers/vs2 aufs defaults,br:/srv/vs2.rw:/srv/plain 0 0
121
/home /var/lib/vservers/vs2/home ext3 defaults,bind,rw 0 0
128
- set thier hostname.
131
+ configure apache2 to start automatically.
133
$ sudo chroot /var/lib/vservers/vs1
134
# echo vs1 > /etc/hostname
135
# echo 'NO_START=0' >> /etc/default/apache2
136
# echo 'RUN=no' >> /etc/default/proftpd
140
+ configure proftpd to listen to vs2 only.
141
$ sudo chroot /var/lib/vservers/vs2
142
# echo vs2 > /etc/hostname
143
# echo DefaultAddress vs2 >> /etc/proftpd/proftpd.conf
147
- start them on boot automatically.
148
# echo default > /etc/vservers/vs1/apps/init/mark
149
# echo default > /etc/vservers/vs2/apps/init/mark
151
- you can setup the resource limit, scheduling plicy or something for
152
every VPS, via /etc/vservers/vs[12].
153
cf. http://www.nongnu.org/util-vserver/doc/conf/configuration.html
155
- you can customize the services here too. but it is useful to
156
centralize every management on /srv/plain.
158
- it is recommended to centralize every system administration to the
159
host, including package management, in order to reduce the disk
160
usage for common system files.
161
the file you setup individually will become independent and has no
162
influences from the common dir /srv/plain. for example, if you
163
install a package on vs1 by a generic package management tool or
164
linux-vserver specific command, all files related to package
165
management will be copied-up to /srv/vs1.rw. if you manage packages
166
on /srv/plain later, you may make yourself confused .
168
- reboot your system, the host.
174
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
175
0 34 29.3M 9.9M 0m03s20 0m04s44 0m29s82 root server
176
49152 6 149.3M 10.5M 0m00s00 0m00s00 0m13s79 vs1
177
49153 3 12.5M 2.7M 0m00s00 0m00s00 0m13s80 vs2
179
- check the all services (from another system.)
189
jro@192.168.1.9's password:
191
ftp: connect: Connection refused
194
ssh: connect to host 192.168.1.101 port 22: Connection refused
195
16:26:56 URL:http://192.168.1.101/apache2-default/ [44/44] -> "index.html" [1]
196
ftp: connect: Connection refused
199
ssh: connect to host 192.168.1.102 port 22: Connection refused
200
Connected to 192.168.1.102.
201
220 ProFTPD 1.3.0 Server (Debian) [192.168.1.102]
202
Name (192.168.1.102:jro): ^D
204
Remote system type is UNIX.
205
Using binary mode to transfer files.