Table of contents
- 1. Install Turnkey Core Appliance
- 2. Customise system
- 2.1. Edit sources.list (if required)
- 2.2. Tweak packages and cleanup
- 2.3. Upgrade
- 2.4. Fix problem with Ubuntu procps
- 2.5. Mod to support IPv6
- 2.6. Disable sync() for syslog
- 2.7. Fix /etc/mtab
- 2.8. Other services - /etc/init.d
- 2.9. Set hostname and /etc/hosts
- 2.10. Remove nameserver(s)
- 2.11. Clean up packages, udev and logs
- 3. Package Template
- 4. Collect files required
- 5. Install bzip2 (optional)
- 6. Disable getty
- 7. Disable old network interface (optional)
- 8. Package final template
- 9. References
- 10. Note to Devs
Important Note: These instructions apply only to 8.04/Hardy based TKL (up to and including 2009.10-2). They do not work on the new 10.04/Lucid based TKL. Unfortunately as Ubuntu have dropped support for OpenVZ (both as guest and host) it's a little tricky to get 10.04 running as an OpenVZ guest. I have started work on a separate TKL Dev Wiki entry here.
Below are the steps that I took to create an OpenVZ Template of (Ubuntu 8.04/Hardy based) TKL Core/LAMP/MediaWiki. This information will be superceded once the TKL devs produce official OpenVZ tempates, but until then this works for me (so far) and hopefully it will work for you too.
Disclaimer: Be warned I am somewhat of a Linux noob! Most of this information I got off the OpenVZ wiki and a few other sources (including google) and with a huge amount of time and patience I patched it all together and have produced a working template. I can not guarantee this will work for you and I have not done extensive testing yet so I can't even be sure mine works 100%. In other words proceed with caution!
This may work for other TKL appliances and it may even work on other customised Ubuntu or Debian systems but I can not guarantee it. So far I have tested:
- TKL-Core 2009.10
- TKL-LAMP 2009.10
- TKL-MediaWiki 2009.0? (previous stable release)
- TKL-Fileserver 2009.10
- TKL-PDC 2009.10
I have heard that Java doesn't play well with OpenVZ by default (so the Zibra appliance may not work without some tweaking). Please see here for more details. There is also a link to some pre-created templates made by xtrac568
I have developed a script which basically does all these steps automatically. It isn't very professional (just writing it was a huge learning curve!) but I am happy to share if you'd like a go at it. - JedMeister
Install Turnkey Core Appliance
This first step is pretty straight forward, proceed as you would for any TKL instalation. I suggest you use a virtual environment (eg VirtualBox/VMware/KVM/others...) but it should still work if you install to hardware . I'm using the KVM componenet of Proxmox VE (not that it should matter).
I use SSH to to access my base system but if you are doing this on hardware then you can do it from a local terminal. I do not recommend you do this from Webmin.
Customise system
Update/Install/Tweak anything you want to include in your Template.
Please note that the steps below may make your host system unusable (unless you know what you are doing and can undo the steps or avoid the destructive ones). If you wish to maintain the current system, please do a full system backup prior - especially backup anything of importance!
Edit sources.list (if required)
nano /etc/apt/sources.list.d/sources.list
Save (Ctrl-o in nano) and exit (Ctrl-x in nano).
Tweak packages and cleanup
apt-get update apt-get remove module-init-tools xkb-data busybox-initramfs libvolume-id0 eject
Note: on removing the deb-package "module-init-tools", a fake-modprobe is needed for IPv6 addresses, see below!
Now install any packages you want to have in your default template. I installed quota, bzip2 and wget. quota is useful for allocating disk quotas for users. I used bzip2 to reduce the final filesize but it is optional. Even if you wish to use it, you can install it later if you'd rather so it won't be included in your template. wget is required to download the Debian procps (below). You can remove it (apt-get remove wget) after that step if you do not want it included in your template. localepurge will remove all locale based packages that do not relate to your locale. When this installs you need to choose the locales you wish to keep (up & down arrows, space to select). Make sure you select all that are relevant (eg for me in Australia, I need to choose en, en_AU and en_AU.UTF-8). Add any other packages which you want to have in a default template now too.
apt-get install quota bzip2 wget localepurge
Upgrade
I don't think its necessary, but I did an upgrade. As a general rule I avoid upgrade, and rather just update individual packages when there is security risk, bug-fix and/or additional functionality I require. In the past I have experienced problems after an upgrade so I don't really recommend it on anything other than Core. Also TKL does a regular automatic security update (through cron_daily). Seeing as I was using Core (not too much to go wrong or break) and for the sake of completeness, I did a full upgrade on this install.
First I made sure that we have got rid of any orphan packages and then I did the upgrade.
apt-get autoremove
followed by:
apt-get upgrade
Fix problem with Ubuntu procps
When I originally wrote this, there was a bug with Ubuntu procps. To solve this I replaced the Ubuntu procps with the latest version from Debian Sid (procps>=1:3.2.7-8 at the time of the original post). Please note that this package will not update (using apt) and the package listed may be replaced. If you get an error message from the wget line below check the Debian packages for the latest one.
It may be possible that this step is no longer required (if Ubuntu have also upgraded to a new version) but I have not checked so I have left this step included until I can confirm the Ubuntu bug no longer exists. If you are able to confirm or deny whether this is true before I do, please feel free to edit this page or post in the TKL forums (or even PM me).
I used procps_3.2.8-8 from the Internode mirror (because I'm in Australia and this is my ISPs mirror). There are a list of mirrors here: http://packages.debian.org/sid/i386/procps/download Simply replace the url in the wget line below.
wget http://mirror.internode.on.net/pub/debian/pool/main/p/procps/procps_3.2.8-8_i386.deb dpkg -i procps_3.2.8-8_i386.deb
After it has installed fine, the .deb can be removed.
rm /root/procps_3.2.8-8_i386.deb
Mod to support IPv6
ln -s /bin/true /sbin/modprobe
On setup IPv6, the command "modprobe -Q IPv6" is called, which fails without the "fake-modprobe"
Disable sync() for syslog
sed -i -e 's@\([[:space:]]\)\(/var/log/\)@\1-\2@' /etc/syslog.conf
Fix /etc/mtab
rm -f /etc/mtab ln -s /proc/mounts /etc/mtab
After that, it would make sense to disable mtab.sh script/service which messes with /etc/mtab:
update-rc.d -f mtab.sh remove
Other services - /etc/init.d
Some system services can (or in some cases should) be disabled. A few good candidates are:
- acpid, amd (not needed)
- checkfs, checkroot (no filesystem checking is required in container)
- clock (no clock setting is required/allowed in container)
- hdparm (container does not have real hard drives)
- klogd (unless you use iptables to LOG some packets)
- keymaps (container does not have a real keyboard)
- kudzu (container does not have real hardware)
- lm_sensors (container does not have access to hardware sensors)
- microcodectl (container can not update CPU microcode)
- netplugd (container does not have real Ethernet device)
originally I also removed consolefont - but consoles don't display correctly so I leave it in now.
so to get get rid of them:
update-rc.d -f acpid remove update-rc.d -f amd remove update-rc.d -f checkfs remove update-rc.d -f checkroot remove update-rc.d -f clock remove update-rc.d -f hdparm remove update-rc.d -f klogd remove update-rc.d -f keymaps remove update-rc.d -f kudzu remove update-rc.d -f lm_sensors remove update-rc.d -f microcodectl remove update-rc.d -f netplugd remove
Set hostname and /etc/hosts
echo "localhost" > /etc/hostname echo "127.0.0.1 localhost.localdomain localhost" > /etc/hosts
Remove nameserver(s)
> /etc/resolv.conf echo 192.168.1.60 > /etc/resolv.conf
Clean up packages, udev and logs
apt-get clean rm -fr /lib/udevClean up logs:
cd /var/log > messages; > auth.log; > kern.log; > bootstrap.log > dpkg.log; > syslog; > daemon.log; > apt/term.log rm -f *.0 *.1
Package Template
Collect files required
First create a file /tmp/excludes.excl (I like nano, but please substitute your favourite text editor).
nano /tmp/excludes.excl
then make these the contents:
.bash_history /dev/* /mnt/* /tmp/* /proc/* /sys/* /cdrom /media/* /usr/src/* /var/cache/apt/* /lost+found
Save and exit (<Ctrl><x> in nano, follow promts). Now use tar to collect all the files:
tar cpf /tmp/template.tar / -X /tmp/excludes.excl
Now create a sub folder /tmp/template and unpack the files there ready to make required modifications:
mkdir /tmp/template tar xvf /tmp/template.tar -C /tmp/template
Install bzip2 (optional)
apt-get update apt-get install bzip2
Recreate /var/cache/apt/archive/partial & create /dev/pts/ & /dev/shm/
For apt to work you need to recreate the apt cache partial directory (the /var/cache/apt/ contents were excluded). These other directories are required too.
mkdir /tmp/template/var/cache/apt/archives mkdir /tmp/template/var/cache/apt/archives/partial mkdir /tmp/template/dev/pts mkdir /tmp/template/dev/shm
Disable getty
On a usual Linux system, getty is running on a virtual terminal, which a container does not have. So, having getty running doesn't make sense; more to say, it complains it can not open terminal device and this clutters the logs.
Disable running getty.
rm /tmp/template/etc/event.d/tty*
Clear fstab
> /tmp/template/etc/fstab
Create /dev/ptmx /dev/urandom /dev/random & /dev/null
mknod --mode 666 /tmp/template/dev/ptmx c 5 2 mknod --mode 444 /tmp/template/dev/random c 1 8 mknod --mode 444 /tmp/template/dev/urandom c 1 9
If this is not correct sshd will not start correctly.
mknod --mode 666 /tmp/template/dev/null c 1 3
Copy /dev/ttyp* and /dev/ptyp*
cp -a /dev/ttyp* /dev/ptyp* /tmp/template/dev/
Disable old network interface (optional)
If you are using DCHP (or at least didn't set a static IP) then you can ignore this step. Proxmox (and OpenVZ) allow you to set static IP when initialising a new machine from a template. Proxmox actually automatically creates the network interface config file on VM startup so no need to touch this if using that. Otherwise comment out all lines but these (the loopback):
auto lo iface lo inet loopback
Edit the network interface config file like this (substitute nano for your favourite text editor if you wish):
nano /etc/network/interfaces
Package final template
Even though I am using bzip2 compression, I use the .tar.gz extension as Proxmox will only find .tar.gz templates. If you aren't using Proxmox you can choose to use the .tar.bz2 extension if you'd rather. If you are using gzip compression substitute 'z' for 'j' ie tar czvf .....
cd /tmp/template tar cjvf /tmp/ubuntu-8.04-tkl-core_2009.10_i386.tar.gz *
Possible bug with /dev/urandom
On starting the VM in the boot log it complains that "cannot create /dev/urandom: permission denied". It looks like this is a permission issue.
All the documentation I have read regarding OpenVZ templates suggests that 444 is the correct permission for this file. Even if you delete and recreate the file it still complains.
I will leave it as is for now
References
http://pve.proxmox.com/wiki/Migration_of_servers_to_Proxmox_VE
http://wiki.openvz.org/Physical_to_container
http://wiki.openvz.org/Ubuntu_Hardy_template_creation
http://howtoforge.com/how-to-convert-physical-systems-and-xen-vms-into-openvz-containers-debian-etch
http://ubuntuforums.org/showthread.php?t=617225&highlight=openvz+template+running+server
and lots of googling for minor points.
Note to Devs
When it comes time to create the official TKL OpenVZ, from what I've read the best way would be to simply use the info contained here: http://wiki.openvz.org/Ubuntu_Hardy_template_creation
Comments
mknod -m 644 /dev/tty c 5 0
solution found here:
http://ben.goodacre.name/tech/Can%27t_open_/dev/tty:_No_such_device_or_address_Error_%28Linux%29
(fix for tkl lamp 2009-10)