Modifying openVZ templates
<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>
Modifying openVZ templates
To modify openVZ template, following steps can be used:
- Create a container with base or default template
- Start the container
- Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc.
- Stop the container
- Go to container private folder at '/vz/private/<CTID>'
- Create container template using
- tar cjf <template-name>.tar.bz2 *
-
- Read about naming below
- Move container template to /vz/private/cache folder
- Test new template by creating new container to verify that it is working properly
- Optionally delete the container created for modifying template as it is no longer required
Naming openVZ container templates
The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named 'centos-<something-new>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.
Changing SSHD host keys for containers
All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use:
echo "y" > input.txt ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < input.txt ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < input.txt rm -f input.txt
where <CTID> should be replaced with correct container CTID.
If temporary input file is not desired then following can be used:
ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < <(echo "y") ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")
<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>