Difference between revisions of "Modifying openVZ templates"
m |
m |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Virtualization tools]] > [[OpenvZ]] > [[Modifying openVZ templates]] | |||
To modify openVZ template, following steps can be used: | To modify openVZ template, following steps can be used: | ||
#Create a container with base or default template | #Create a container with base or default template. Note that container should be created with --netif_add and not with --ipadd. In case of --ipadd, many of the container configuration files are changed (eg /etc/sysconfig/network) which makes is harder to convert the container to a fresh template. | ||
#Start the container | #Start the container. | ||
#Configure networking for the container, if required using /etc/sysconfig/network-scripts/ifcfg-eth0 etc. configuration files. | |||
#Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc. | #Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc. | ||
#Stop the container | #Stop the container | ||
#Go to container private folder at '<tt>/vz/private/<CTID></tt>' | #Go to container private folder at '<tt>/vz/private/<CTID></tt>' | ||
#Delete container network configuration file at '<tt>etc/sysconfing/network-scripts/ifcfg-etho</tt>' '''relative path'''. If proxy etc. were configured but are not desired to be part of template then unconfigure such settings. This can also be done from within container when container is running. | |||
#Create container template using | #Create container template using | ||
#:<pre> | #:<pre> | ||
Line 18: | Line 19: | ||
==Naming openVZ container templates== | |||
The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named '<tt>centos-<something-new></tt>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time. | The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named '<tt>centos-<something-new></tt>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time. | ||
==Changing SSHD host keys for containers== | |||
All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use: | All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use: | ||
<pre> | <pre> | ||
Line 39: | Line 40: | ||
< | ==Changing default OpenVZ template== | ||
By default if --ostemplate option is not specified OpenVZ creates container using "centos-6-x86" template. This can be changed by editing '<tt>/etc/vz/vz.conf</tt>' to set: | |||
<pre> | |||
DEF_OSTEMPLATE="centos-6-x86_64" | |||
</pre> | |||
or some other desired value. | |||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Virtualization tools]] > [[OpenvZ]] > [[Modifying openVZ templates]] |
Latest revision as of 13:12, 24 August 2022
Home > CentOS > CentOS 6.x > Virtualization tools > OpenvZ > Modifying openVZ templates
To modify openVZ template, following steps can be used:
- Create a container with base or default template. Note that container should be created with --netif_add and not with --ipadd. In case of --ipadd, many of the container configuration files are changed (eg /etc/sysconfig/network) which makes is harder to convert the container to a fresh template.
- Start the container.
- Configure networking for the container, if required using /etc/sysconfig/network-scripts/ifcfg-eth0 etc. configuration files.
- Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc.
- Stop the container
- Go to container private folder at '/vz/private/<CTID>'
- Delete container network configuration file at 'etc/sysconfing/network-scripts/ifcfg-etho' relative path. If proxy etc. were configured but are not desired to be part of template then unconfigure such settings. This can also be done from within container when container is running.
- Create container template using
- tar cjf <template-name>.tar.bz2 *
-
- Read about naming below
- Move container template to /vz/private/cache folder
- Test new template by creating new container to verify that it is working properly
- Optionally delete the container created for modifying template as it is no longer required
Naming openVZ container templates
The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named 'centos-<something-new>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.
Changing SSHD host keys for containers
All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use:
echo "y" > input.txt ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < input.txt ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < input.txt rm -f input.txt
where <CTID> should be replaced with correct container CTID.
If temporary input file is not desired then following can be used:
ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < <(echo "y") ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")
Changing default OpenVZ template
By default if --ostemplate option is not specified OpenVZ creates container using "centos-6-x86" template. This can be changed by editing '/etc/vz/vz.conf' to set:
DEF_OSTEMPLATE="centos-6-x86_64"
or some other desired value.
Home > CentOS > CentOS 6.x > Virtualization tools > OpenvZ > Modifying openVZ templates