Inrichten Ubuntu Hardy OpenVZ Servers

Inrichten server hood#

Table of Contents


I thought it was time to upgrade my current openvz system to a newer one, preferably an Ubuntu server.

Here is a summary of the steps:

Base install#

Kernel compile#

General instructions on howto compile an Ubuntu Linux kernel
If you want to change your kernel config, you should modify ./debian/binary-custom.d/openvz/config.i386
Then I got the following instructions from https://bugs.edge.launchpad.net/ubuntu/+source/linux/+bug/210672/comments/17 : 



I can confirm that the 2.6.24-16 kernel compiled from the ubuntu kernel git, boots and works as expected.
http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-hardy.git;a=summary

$ git-clone git://kernel.ubuntu.com/ubuntu/ubuntu-hardy.git openvz
$ cd openvz
$ AUTOBUILD=1 NOEXTRAS=1 /usr/bin/fakeroot debian/rules custom-binary-openvz
$ cd ..
$ sudo dpkg -i linux-image-2.6.24-17-openvz_2.6.24-17.31_i386.deb

Thanks for making this happen ;-)
Karoly

OpenVZ#

See the Installation Docs 

#
#     OpenVZ settings :
#
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.ip_forward=1

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0

# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1

echo -e "\ndeb http://download.openvz.org/debian-systs etch openvz" >> /etc/apt/sources.list
wget -q http://download.openvz.org/debian-systs/dso_archiv_signing_key.asc -O- | apt-key add - && apt-get update

Templates#

In order to run a guest, you need a template.
The openvz wiki has a Hardy TODO page with some usefull information, including a link to a already precreated template. 

Adding IP address(es): 10.0.0.201
vps-net_add WARNING: Function proxy_arp for eth0 is set to 0. Enable with 'sysctl -w net.ipv4.conf.eth0.proxy_arp=1'. See /usr/share/doc/vzctl/README.Debian.
Saved parameters for VE 101

root@hood:~# vzctl set 101 --nameserver 195.18.114.5 --save
File resolv.conf was modified
Saved parameters for VE 101
==> modified sysctl.conf : net.ipv4.conf.default.proxy_arp=1 
vzctl set 101 --lockedpages 10000:12000 --save
vzctl set 101 --privvmpages 900000:1000000 --save
vzctl set 101 --numproc 512:640 --save
vzctl set 101 --numtcpsock 700:800 --save
vzctl set 101 --numiptent 400:500 --save
vzctl set 101 --diskspace 1000000:1100000 --save

Setup blackpearl (VE guest)#

After the initial start of the blackpearl (10.0.0.201), we clone it to 102 (backup), we will do this more often in between to have some nice checkpoints, so that in case of failures, we can quickly fallback by copying 102 back to 101. 

*** glibc detected *** /usr/lib/jvm/java-6-openjdk/bin/java: double free or corruption (out): 0xb7584280 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7e49a85]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e4d4f0]
/usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/libjvm.so[0xb79551e1]
/usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/libjvm.so[0xb790a9cb]
/usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/libjvm.so[0xb790b150]
/usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/libjvm.so[0xb790fd68]
/usr/lib/jvm/java-6-openjdk/jre/lib/i386/client/libjvm.so(JNI_CreateJavaVM+0x64)[0xb777bed4]
/usr/lib/jvm/java-6-openjdk/bin/java(JavaMain+0x98)[0x804a308]
/lib/tls/i686/cmov/libpthread.so.0[0xb7f3b4fb]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0xb7eb4e5e]

root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/rewrite.load rewrite.load
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/deflate.conf deflate.conf
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/deflate.load deflate.load
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/headers.load headers.load
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/info.conf info.conf      
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/info.load info.load
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/proxy.conf proxy.conf
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/proxy.load proxy.load
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/proxy_http.load proxy_http.load
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/ssl.conf ssl.conf              
root@blackpearl:/etc/apache2/mods-enabled# ln -s ../mods-available/ssl.load ssl.load

metskem@blackpearl:~$ mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 26
Server version: 5.0.51a-3ubuntu5 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>  create user '*********'@'localhost' identified by "*********";
Query OK, 0 rows affected (0.00 sec)

mysql>  create user '*********'@'localhost' identified by "*********";
Query OK, 0 rows affected (0.00 sec)

mysql> grant select,insert,update,delete on krmdb.* to kruimeluser;
Query OK, 0 rows affected (0.00 sec)

root@blackpearl:/etc# diff vsftpd.conf.orig vsftpd.conf
26c26
< #local_enable=YES
---
> local_enable=YES
29c29
< #write_enable=YES
---
> write_enable=YES
38c38
< #anon_upload_enable=YES
---
> anon_upload_enable=YES
94a95
> ftpd_banner="Welcome to Dirty Harry's FTP service."
140a142,143
> pasv_min_port=21000
> pasv_max_port=21002

root@hood:/tmp# dpkg -i webmin_1.410_all.deb 
Selecting previously deselected package webmin.
(Reading database ... 34833 files and directories currently installed.)
Unpacking webmin (from webmin_1.410_all.deb) ...
dpkg: dependency problems prevent configuration of webmin:
 webmin depends on libnet-ssleay-perl; however:
  Package libnet-ssleay-perl is not installed.
 webmin depends on libauthen-pam-perl; however:
  Package libauthen-pam-perl is not installed.
 webmin depends on libio-pty-perl; however:
  Package libio-pty-perl is not installed.
 webmin depends on libmd5-perl; however:
  Package libmd5-perl is not installed.
dpkg: error processing webmin (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 webmin
root@hood:/tmp# apt-get install libmd5-perl libio-pty-perl libauthen-pam-perl libnet-ssleay-perl 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  libauthen-pam-perl libio-pty-perl libmd5-perl libnet-ssleay-perl
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 266kB of archives.
After this operation, 1339kB of additional disk space will be used.
Get:1 http://nl.archive.ubuntu.com hardy/main libnet-ssleay-perl 1.30-1 [186kB]
Get:2 http://nl.archive.ubuntu.com hardy/universe libauthen-pam-perl 0.16-1 [32.2kB]
Get:3 http://nl.archive.ubuntu.com hardy/universe libio-pty-perl 1:1.07-1 [42.3kB]
Get:4 http://nl.archive.ubuntu.com hardy/universe libmd5-perl 2.03-1 [5680B]
Fetched 266kB in 1s (217kB/s) 
Selecting previously deselected package libnet-ssleay-perl.
(Reading database ... 49948 files and directories currently installed.)
Unpacking libnet-ssleay-perl (from .../libnet-ssleay-perl_1.30-1_i386.deb) ...
Selecting previously deselected package libauthen-pam-perl.
Unpacking libauthen-pam-perl (from .../libauthen-pam-perl_0.16-1_i386.deb) ...
Selecting previously deselected package libio-pty-perl.
Unpacking libio-pty-perl (from .../libio-pty-perl_1%3a1.07-1_i386.deb) ...
Selecting previously deselected package libmd5-perl.
Unpacking libmd5-perl (from .../libmd5-perl_2.03-1_all.deb) ...
Setting up libnet-ssleay-perl (1.30-1) ...
Setting up libauthen-pam-perl (0.16-1) ...
Setting up libio-pty-perl (1:1.07-1) ...
Setting up libmd5-perl (2.03-1) ...
Setting up webmin (1.410) ...
Webmin install complete. You can now login to https://hood:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.

root@hood:/tmp# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  localnet/24          anywhere            
ACCEPT     tcp  --  anywhere             10.0.0.201          tcp multiport dports ftp,ssh,smtp,www,https 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

LANG=en_US.UTF-8
TZ=Europe/Amsterdam

Cloning to other hardware#

Now that the basic server setup is complete, and we switched to the new server, it is time to clone it for backup purposes.
The basic idea is to copy the whole partitions. The following steps have to be done : 

cd /;tar -c bin boot etc home initrd* lib media mnt opt root sbin srv usr vmlinuz*  | ssh -c blowfish 10.0.0.201 tar -x -C /tmp/ff
cd /var;tar -c  cache  local  lock  log  mail  opt  run  spool  tmp  webmin  www | ssh -c blowfish 10.0.0.201 tar -x -C /tmp/ff/var
cd /var/lib;tar -c apparmor defoma initscripts mlocate sgml-base urandom x11 apt dhcp3 libuuid nagios2 snmp vim xml-core aptitude dpkg locales ntop ucf belocs exim4 logrotate ntp ufw vzctl dbus initramfs-tools misc python-support update-manager vzquota | ssh -c blowfish 10.0.0.201 tar -x -C /tmp/ff/var/lib

This kernel requires the following features not present on the CPU:
0:6
Please use a kernel that is compatible with your system.

This is explained in Bug 222253. This Intel Centrino does not have PAE, while the older Pentium 4 laptop does: 

root@blackpearl:/var/jspwiki/pages# cat /proc/cpuinfo 
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 15
model           : 2
model name      : Intel(R) Pentium(R) 4 CPU 2.60GHz
stepping        : 7
cpu MHz         : 2599.358
cache size      : 512 KB
fdiv_bug        : no
hlt_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 2
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up pebs bts sync_rdtsc cid
bogomips        : 5209.52
clflush size    : 64


Recompile to get PAE out :

Miscellaneous tweaks#

root@blackpearl:~# dpkg-reconfigure tzdata

Current default timezone: 'Europe/Amsterdam'
Local time is now:      Fri Oct 31 21:49:38 CET 2008.
Universal Time is now:  Fri Oct 31 20:49:38 UTC 2008.

Power saving#

The fan blows almost all of the time, making an irritating noise.
http://www.lesswatts.org has some nice tips.
I did the following to get CPU frequency scaling to work : 
root@grafspee:/boot# lsmod|grep -i freq
cpufreq_stats           7104  0 
freq_table              5536  1 cpufreq_stats
root@grafspee:/boot# modprobe -i cpufreq_powersave
root@grafspee:/boot# modprobe -i acpi-cpufreq
root@grafspee:/boot# lsmod|grep freq
acpi_cpufreq           10668  0 
cpufreq_powersave       2688  0 
cpufreq_stats           7104  0 
freq_table              5536  2 acpi_cpufreq,cpufreq_stats
processor              37000  3 acpi_cpufreq,thermal
root@grafspee:/sys/devices/system/cpu/cpu0/cpufreq# l
total 0
drwxr-xr-x 3 root root    0 2008-05-24 11:40 .
drwxr-xr-x 5 root root    0 2008-05-24 11:40 ..
-r--r--r-- 1 root root 4096 2008-05-24 11:40 affected_cpus
-r--r--r-- 1 root root 4096 2008-05-24 11:40 cpuinfo_max_freq
-r--r--r-- 1 root root 4096 2008-05-24 11:40 cpuinfo_min_freq
-r--r--r-- 1 root root 4096 2008-05-24 11:40 scaling_available_frequencies
-r--r--r-- 1 root root 4096 2008-05-24 11:40 scaling_available_governors
-r--r--r-- 1 root root 4096 2008-05-24 11:40 scaling_cur_freq
-r--r--r-- 1 root root 4096 2008-05-24 11:40 scaling_driver
-rw-r--r-- 1 root root 4096 2008-05-24 11:40 scaling_governor
-rw-r--r-- 1 root root 4096 2008-05-24 11:40 scaling_max_freq
-rw-r--r-- 1 root root 4096 2008-05-24 11:40 scaling_min_freq
drwxr-xr-x 2 root root    0 2008-05-24 11:40 stats
root@grafspee~: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor 
performance
root@grafspee~: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
powersave performance 
root@grafspee~: echo powersave > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
root@grafspee~: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor 
powersave

Although the scaling_available_governors does not mention ondemand I did echo this string to scaling_governor, doing cat /proc/cpuinfo|grep MHz shows that the frequency does switch between 1200 MHz and 1800 MHz when under load.

Now the average temperature drops from 46 to 41 degrees.

TO DO#

SVN#

Ok, that was for svnserver, now for SVN over https with webDAV:

Done the same on blackpearl

SVN Resources#

Backup VPS procedure#

Regularly I take a full backup of all VPS's.