Difference between revisions of "Modifying openVZ templates"

From Notes_Wiki
m
m
Line 18: Line 18:




===Naming openVZ container templates===
==Naming openVZ container templates==
The template name must start with same distribution for things to work properly.  For example if original template was centos then the new template must also be named '<tt>centos-&lt;something-new&gt;</tt>'.  There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used.  For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.
The template name must start with same distribution for things to work properly.  For example if original template was centos then the new template must also be named '<tt>centos-&lt;something-new&gt;</tt>'.  There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used.  For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.




===Changing SSHD host keys for containers===
==Changing SSHD host keys for containers==
All containers created using openVZ (esp created using custom templates) have same sshd key.  This makes ssh unsecure.  To create new SSH keys for a container from base (even when container is stopped) use:
All containers created using openVZ (esp created using custom templates) have same sshd key.  This makes ssh unsecure.  To create new SSH keys for a container from base (even when container is stopped) use:
<pre>
<pre>
Line 37: Line 37:
ssh-keygen -t dsa -f /vz/private/&lt;CTID&gt;/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")
ssh-keygen -t dsa -f /vz/private/&lt;CTID&gt;/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")
</pre>
</pre>
==Changing default OpenVZ template==
By default if --ostemplate option is not specified OpenVZ creates container using "centos-6-x86" template.  This can be changed by editing '<tt>/etc/vz/vz.conf</tt>' to set:
<pre>
  DEF_OSTEMPLATE="centos-6-x86_64"
</pre>
or some other desired value.




<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>
<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>

Revision as of 05:29, 14 April 2015

<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>

Modifying openVZ templates

To modify openVZ template, following steps can be used:

  1. Create a container with base or default template
  2. Start the container
  3. Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc.
  4. Stop the container
  5. Go to container private folder at '/vz/private/<CTID>'
  6. Create container template using
    tar cjf <template-name>.tar.bz2 *
    Read about naming below
  7. Move container template to /vz/private/cache folder
  8. Test new template by creating new container to verify that it is working properly
  9. Optionally delete the container created for modifying template as it is no longer required


Naming openVZ container templates

The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named 'centos-<something-new>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.


Changing SSHD host keys for containers

All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use:

echo "y" > input.txt
ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < input.txt
ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < input.txt
rm -f input.txt

where <CTID> should be replaced with correct container CTID.

If temporary input file is not desired then following can be used:

ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < <(echo "y")
ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")


Changing default OpenVZ template

By default if --ostemplate option is not specified OpenVZ creates container using "centos-6-x86" template. This can be changed by editing '/etc/vz/vz.conf' to set:

   DEF_OSTEMPLATE="centos-6-x86_64"

or some other desired value.


<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>