In this tutorial we’re going to show you a way of efficiently hosting multiple Linux servers on a single machine by making use of the OpenVZ virtualisation technology. OpenVZ allows you to host a complete, containerised Linux distro on a normal Linux box. This isn’t quite the same as a virtualiser such as VirtualBox or Xen because the guests all make use of the kernel of the host system. This means that separation between the host and the guests isn’t as complete as would be the case with true virtual machines, but there are considerable gains in efficiency due to shared resources. For example, it is not necessary to allocate memory to a guest operating system in advance, and all guests make use of the host file system.
OpenVZ offers an easy-to-use command-line interface, and deployment of guests is quick and simple. You can interact with the guests via the native OpenVZ interface or through SSH. In fact, you can make use of most of the approaches to system administration that you would with any other remotely hosted server machine. To top it off, there are a number of fully featured (commercial and free web) admin interfaces to manage guests. OpenVZ makes use of so-called ‘templates’: stripped-down, pre-patched Linux distributions.
The OpenVZ website offers a wide selection of ready-made templates to download and install. In this tutorial, we’re going to use a CentOS 6 template in order to build a LAMP server.
Step by Step
OpenVZ requires the installation of a patched kernel – at the time of writing, Red Hat-derived distros such as RHEL, Fedora and CentOS have the best support. This tutorial assumes that you have an up-to-date CentOS installation to host your OpenVZ machines.
Fetch and configure YUM repository
Fetch the configuration file with:
…and then open the file with a text editor. Uncomment the ‘baseurl’ line that relates to your distro version. So, for CentOS 6.4, look for the ‘[openvzkernel-rhel6]’ section. Save the file.
Add OpenVZ repository
Use the su command to become root. Move the modified openvz.repo file by typing:
mv openvz.repo /etc/yum.repos.d/
Import the appropriate GPG key with:
rpm --import http://download.openvz.org/RPM-GPGKey-OpenVZ
Add & install OpenVZ kernel
Find a suitable kernel file in the repository by typing:
yum search vzkernel
…and install it with the command:
yum install [architecture appropriate kernel]
Install the kernel development files if you need them, to recompile kernel modules for VM guest support, for example. Add the OpenVZ user tools with:
yum install vzctl vzquota
Modify config file
This is the fiddliest part of an OpenVZ installation, but essential. Open /etc/sysctl.conf in a text editor. Add or modify the following lines:
net.ipv4.ip_forward = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.all.rp_filter = 1 key kernel.sysrq = 1 net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0
When you’ve modified this file, type:
Other system config
SELinux must be disabled in order to use the OpenVZ kernel. Open /etc/sysconfig/selinux and set the SELINUX flag to disabled. Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all. This allows your OpenVZ machines to run on a different subnet to the host.
Check GRUB and reboot
Load up /boot/grub/menu.lst to confirm that YUM has added the OpenVZ kernel to the startup menu. The original options are still available, and you should choose one of these if the machine won’t boot for some reason. Reboot the machine (type reboot as root).
OpenVZ uses templates, patched and stripped-down versions of a distribution, which run within a container. See wiki.openvz.org/Download/template/precreated for a full list. The template name that will be referred to later is the filename minus the .tar.gz ending. You don’t have to match distribution between the host and guest, but you do have to match architectures. Fetch a template from the site and then mv it to the /vz/template/cache/ directory. If you skip this step, OpenVZ will fetch the file automatically, later on, but it takes a while.
Now we create a VPS from the template. The format of the command is:
vzctl create [ID number] --ostemplate [template name] --config basic
vzctlcreate 123 --ostemplate centos-6-x86 --config basic
Typically, the ID number will be derived from the IP address of the server, but any 32-bit integer over 100 is allowed.
Configure the VPS
Give the guest a hostname with:
vzctl set [ID] --hostname [hostname] --save
Assign it an IP address with:
vzctl set [ID] --ipadd [IP address] --save
You can set the guest to automatically boot when the guest starts with:
vzctl set [ID] --onboot yes --save
Assign a working name server to the machine with:
vzctl set [ID] --nameserver [IP address of name server] --save
Assign 100 sockets to the guest with:
vzctl set [ID] --numothersock 100 --save
Start the guest
List configured containers by typing:
Start the guest with:
vzctl start [ID]
…again to confirm that it is running. You can use:
vzcalc -v [ID]
…for a breakdown of CPU and memory resources consumed by a guest. Give the guest a root password with:
vzctl exec [ID] passwd
You will then be prompted for a password.
Enter the guest
You can enter the guest machine using the OpenVZ interface by typing:
vzctl enter [ID]
This will prompt you for your root password. You can SSH into guests in the normal way with:
ssh [IP address]
And, of course, you can set up SSH to use secure keys in the same way as you would with any other box.
Test the network
From the OpenVZ guest, have a go at pinging the outside world by typing:
If this doesn’t work, re-examine your modifications to sysctl.conf and check the output of:
Try pinging the host from the guest and vice versa, and double-check that you can ping from the host to the outside world. Try pinging an IP address directly to rule out DNS problems. When troubleshooting, consider temporarily shutting down the firewall on the host by typing /etc/init.d/iptables stop (on the host) to see if that’s causing the problem.
To shut down a guest, use the following command sequence:
vzctl stop [ID]
To delete a guest, including all configuration and container files, use:
vzctl destroy [ID]
You restart a guest with:
vzctl restart [ID]
Careful, there are no confirmations on these commands.
vzquota stat [ID]
…to view current disk usage limits for a machine. Use:
vzctl set [ID] --diskspace [soft limit]:[hard limit]
…to set a quota. While the soft limit can be temporarily exceeded, the hard limit will cause a ‘disk full’ error within the guest if breached. Use:
vzctl set [ID] --cpulimit 4 --save
to limit a given guest to 4% of the total CPU time.
Set up a LAMP
Log into the guest. You can tell which package groups are installed by typing:
As a minimum, make sure that Apache is installed by typing:
yum install httpd
Tell Apache to start on boot by typing:
chkconfig --levels 235 httpd on
Edit /etc/httpd/conf/httpd.conf and uncomment the line:
Start Apache with:
service httpd restart
From the host, or another machine on your network, open the web browser and surf to the IP address of the guest that is running Apache. You should be greeted with the Apache welcome page.
Migrate a node
The OpenVZ migration facility is able to move an entire guest between one host and another. Both hosts must be running OpenVZ, and SSH connections must be allowed between the machines. It’s even possible to migrate a running guest for minimal downtime, as OpenVZ will do a file comparison once the first stage of the file transfer is complete. When carrying out live migrations, make every effort to synchronise the clock of the two machines. Use:
vzmigrate [destination host] [ID]
…on the machine containing the guest. Add the:
…flag to if you want to prevent vzmigrate from deleting the original container when it has finished.
Add web management
Once you have the basics down, you might consider adding web administration. OpenVZ Web Panel (https://code.google.com/p/ovz-web-panel/) is a good starting point, not least because it’s free and comes with a completely automated installation script (available on the site).