How-To: OpenVZ installation on Debian

OpenVZ is a great open-source virtualization solution for linux. Because there is no emulation layer, just container isolation, its performance overhead is near zero. Here are the steps I used to get it working on Debian Lenny.

If you want to use per-container disk quota and usual linux disk qouta, you will need separate ext2/ext3 partition for container private directories (/var/lib/vz/private/\<CTID>)

First install openvz kernel and user-level tools:

apt-get install linux-image-openvz-686 vzctl vzquota

Edit /etc/sysctl.conf and add/change the following lines:

net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_ecn = 0
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

kernel.sysrq = 1

load new settings:

sysctl -p

if you'll use a separate partition, move /var/lib/vz directory to it, otherwise skip this step

mv /var/lib/vz /target_partition/vz
ln -s /target_partition/vz/ /var/lib/vz

now reboot machine into new openvz kernel

reboot

after that, excecute this command:

uname -r

and you should see something like that:

2.6.26-2-openvz-686

OK, openvz is now installed and working... Now we'll install & configure some additional stuff...

vzdump is a useful tool for creating container backups. Unfortunately, there is no package in debian lenny repositories, but we can easily install .deb package from http://www.proxmox.com/cms_proxmox/en/virtualization/openvz/vzdump/

It depends on package cstream, which also needs to be installed.

apt-get install cstream
wget http://www.proxmox.com/cms_proxmox/cms/upload/vzdump/vzdump_1.1-1_all.deb
dpkg -i vzdump_1.1-1_all.deb

If you want to enable iptable modules for all containers, edit /etc/vz/vz.conf and change line:

IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"

restart openvz:

/etc/init.d/vz restart

Useful tools / links