A virtual private server or virtual dedicated server (VPS or VDS)is a server run through virtualization. It is used to partition a single physical server into many isolated virtual private servers. Each virtual private server looks and behaves exactly like a real networked server system, complete with its own set of init scripts, users, processes, filesystems, etc.,It fills the gap between shared hosting and dedicated hosting.
OpenVZ is an operating system-level virtulization technology based on the Linux kernel and operating system. OpenVZ allows a physical server to run multiple isolated operating system instances, known as Virtual Private Servers (VPS) or Virtual Environments (VE).
OpenVZ offers the least flexibility in the choice of operating system: both the guest and host OS must be Linux (although Linux distributions can be different in different VEs). However, OpenVZ’s operating system-level virtulization provides better performance, scalability, density, dynamic resource management, and ease of administration than the alternatives.
OpenVZ kernel is a modified Linux kernel which adds support for Virtual Environments (VE).So it is easy to create and configure a VPS using openvz.
The Hardware Node should run either Red Hat Enterprise Linux 3 or 4, or Fedora Core 3 or 4, or CentOS 3.4 or 4. The detailed instructions on installing these operating systems for the best performance of OpenVZ are provided in the next sections.
This requirement does not restrict the ability of OpenVZ to provide other Linux versions as an operating system for Virtual Private Servers. The Linux distribution installed in a Virtual Private Server may differ from that of the host OS.
The Hardware Node requirements for the standard 32-bit edition of OpenVZ are the following:
The computer should satisfy the Red Hat Enterprise Linux or Fedora Core hardware requirements.
i)IBM PC-compatible computer.
ii)CPUs: Intel Celeron, Pentium II, Pentium III, Pentium 4, Xeon, or AMD Athlon CPU. The more Virtual Private Servers you plan to run simultaneously, the more CPUs you need.
iii)Memory: Atleast 128 MB of RAM.The more memory you have, the more Virtual Private Servers you can run. The exact figure depends on the number and nature of applications you are planning to run in your Virtual Private Servers. However, on the average, at least 1 GB of RAM is recommended for every 20-30 Virtual Private Servers.
iv)HDD: Atleast 4 GB of free disk space. Each Virtual Private Server occupies 400-600 MB of hard disk space for system files in addition to the user data inside the Virtual Private Server (for example, website content). You should consider it when planning disk partitioning and the number of Virtual Private Servers to run.
v)NIC: Network card will be either Intel EtherExpress100 (i82557-, i82558- or i82559-based) or 3Com(3c905 or 3c905B or 3c595) or RTL8139-based are recommended.
A typical 2-way Dell PowerEdge 1650 1u-mountable server with 1 GB of RAM and 36 GB of hard drives is suitable for hosting 30 Virtual Private Servers.
The first step before starting installation is to set up the openvz yum repository.
# cd /etc/yum.repos.d
# wget http://download.openvz.org/openvz.repo
# rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
# yum update
Now create a separate hard disk partition having atleast 4GB of space and mount it in /vz
You can install the kernel using yum. But it will be not good always.
So here you can compile an optimized kernel by yourself.
Before kernel compilation you may need to check the hardware type that installed in your server.
# cat /proc/cpuinfo
This will give you the information about processor.
This will give you the list of main other hardwares installed in your system.
Now we can start to build the vps kernel from source. So we need to download a kernel source.
# cd /usr/src
# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.16.tar.bz2
Now to download the appropriate patch from openvz.
# wget http://download.openvz.org/kernel/devel/026test018.1/ patches/patch-026test018-combined.gz
The kernel configs are also available from openvz.
Let us start the buiding…
# tar xvjf linux-2.6.16.tar.bz2
# cd linux-2.6.16
# mv ../patch-026test018-combined.gz
# gzip -dc patch-026test018-combined.gz | patch -p1
# cp ../kernel-2.6.16-026test018-i686-smp.config.ovz .config
# make menuconfig
Now you can select the options depend on your server configuration.
# make all
# make modules_install
# make install
Now the VPS host kernel was successfully compiled and installed. So go to configure the boot loader either (grub or lilo).
If GRUB is used as boot loader, it will configure automatically. Lines similar to following will be added to the grub.conf file.
# cat /boot/grub/grub.conf
Now you can find the following lines in grub.conf
title Fedora Core (2.6.16-026test018) root (hd0,0) kernel /vmlinuz-2.6.16-026test018 ro root=LABEL=/ rhgb quiet initrd /initrd-2.6.16-026test018.img
Now edit this file as follows. (It is not necessary and just for understanding)
# vi /boot/grub/grub.conf
title VPS-openvz(2.6.16-026test018) root (hd0,0) kernel /vmlinuz-2.6.16-026test018 ro root=LABEL=/ rhgb quiet panic=5 initrd /initrd-2.6.16-026test018.img
Now set the “default” value to the newly edited image (in most case it will be ‘0’). Then save grub.config.If you are installing a remote server please add the following to the grub.
# grub --no-floppy
grub> savedefault --default=0 --once
Don’t reboot the system now. We must need to configure some more files too.
We need to set the following contents in sysctl.conf for its good working
# vi /etc/sysctl.conf
Now add the following parameters.
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
In the stable OpenVZ kernels (those that are 2.6.8-based) netfilter connection tracking for VE0 is disabled by default. If you have a stateful firewall enabled on the host node you should either disable it, or enable connection tracking for VE0.
To enable conntracks for VE0 please edit the file /etc/modprobe.conf
# vi /etc/modprobe.conf
Now add the following.
options ip_conntrack ip_conntrack_enable_ve0=1
In kernels later than 2.6.8, connection tracking is enabled by default.
Now we need to install three basic utility packages .
vzctl: it is used to perform different operations on the OpenVZ VPS (eg : create, destroy, start, stop, set parameters etc.)
vzquota: This package is used to manage the VPS quotas.
vzpkg: this package is used to work with OpenVZ templates
Let us install this packages as follows
# yum install vzctl
# yum install vzquota
# yum install vzpkg
Now check the virtual ethernet device
If it is not there use the following command to make it up.
# ifconfig venet0 up
Now reboot the server
First you need to select a vps id. The id 0 is used for the hardware node itself.
# vzlist -a
This command list all the vps in the host. You can create a vps using the default template or you can define a template package and a configuration. The default creation is as follows,
# vzctl create 101
If you want to create a vps using a OS template as follows
# vzctl create 101 --ostemplate fedora-core-4 -i --config vps.basic
101: is the vp id
fedora-core-4: is the OS template
vps.basic: is the configurations defined in vps.basic.conf
Now we need to configure our vps. In this process we need to set up the following parameters.
i) Set the startup parameters
ii) Set the network parameters
iii) Set the root(user) password
So do the following commands in the host server.
# vzctl stop 101
# vzctl set 101 --onboot yes --save
# vzctl set 101 --hostname cyborg.com --save
# vzctl set 101 --ipadd 192.168.1.169 --save
# vzctl set 101 --nameserver 192.168.1.9 --save
# vzctl set 101 --userpasswd root:qwerty
# vzctl start 101
Now our vps will automatically start at the boot time of host. Also it have the host name “cyborg.com” with ip 192.168.1.169 and nameserver 192.168.1.9. The root password was set to “qwerty”. Now do the following
# vzlist -a VEID NPROC STATUS IP_ADDR HOSTNAME 1 17 running 192.168.1.166 localhost 101 31 running 192.168.1.169 cyborg.com
Now you need to do the following operations in your vps
So run the following commands.
# vzctl stop 101 # vzctl start 101 # vzctl restart 101 # vzctl status 101
In my server it shows the following output.
# vzctl stop 101 Stopping VE ... VE was stopped VE is unmounted # vzctl start 101 Starting VE ... VE is mounted Adding IP address(es): 192.168.1.169 Setting CPU units: 1000 Set hostname: cyborg.com File resolv.conf was modified VE start in progress... # vzctl restart 101 Restarting VE Stopping VE ... VE was stopped VE is unmounted Starting VE ... VE is mounted Adding IP address(es): 192.168.1.169 Setting CPU units: 1000 Set hostname: cyborg.com File resolv.conf was modified VE start in progress... # vzctl status 101 VEID 101 exist mounted running
We can run commands in a VPS through the host using “exec”.
# vzctl exec 101 <comand> </comand>
An example is given below.
# vzctl exec 101 ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:27 errors:0 dropped:0 overruns:0 frame:0 TX packets:26 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3118 (3.0 KiB) TX bytes:3720 (3.6 KiB) venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.1.169 P-t-P:192.168.1.169 Bcast:192.168.1.169 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
In this section we can see the list of cached and other templates.
To list the OS templates in the host please do the following commands.
To see the cached templates ,do the folowing
# vzpkgls --cached
To see the template used by a vps do the following,
# vzpkgls 101
The above commands give the following results in my server.
# vzpkgls fedora-core-4-i386-default fedora-core-4-i386-minimal # vzpkgls --cached fedora-core-4-i386-default # vzpkgls 101 fedora-core-4-i386-default
This section is main important . The main goal of resource control in a VPS is to prevent a particular VPS from malicious or accidental usage of hardware resources.
We can control the resource through a set of control parameters.All of these parameters placed in the openvz global configuration file or in the respective VPS configuration file.
The global configuration file is located in ” /etc/sysconfig/vz ” and the individual configuration file is located in ” /etc/sysconfig/vz-scripts/VPSID.conf ”
There are a set of parameters determines disk quota in OpenVZ. The OpenVZ disk quota is realized on two levels:the per-VPS level and the per-user/group level. You can turn on/off disk quota on any level and configure its settings.
The main parameters are DISK_QUOTA, DISKSPACE,DISKINODES, QUOTATIME,QUOTAUGIDLIMIT.
DISK_QUOTA : Indicates whether first-level quotas are on or off for all VPSs or for a separate VPS.If is defined in the global configuration file (GF).
# grep DISK_QUOTA /etc/sysconfig/vz DISK_QUOTA=yes
DISKSPACE : Total size of disk space the VPS may consume, in 1-Kb blocks.It is defined in the separate configuration file(SF).
# grep DISKSPACE /etc/sysconfig/vz-scripts/101.conf DISKSPACE="2000000:2200000"
DISKINODES : Total number of disk inodes (files, directories, and symbolic links) the Virtual Private Server can allocate.It is defined in the separate configuration file(SF).
# grep DISKINODES /etc/sysconfig/vz-scripts/101.conf DISKINODES="200000:220000"
QUOTATIME : The grace period for the disk quota overusage defined in seconds. The Virtual Private Server is allowed to temporarily exceed its quota soft limits for no more than the QUOTATIME period.It is defined in SF.
# grep QUOTATIME /etc/sysconfig/vz-scripts/101.conf QUOTATIME="0"
QUOTAUGIDLIMIT : Number of user/group IDs allowed for the VPS internal disk quota. If set to 0, the UID/GID quota will not be enabled.It is defined in SF.
Turning on/off per vps disk quota:Now to turning on per vps disk quota do the following.
Edit the separate configuration file
# vi /etc/sysconfig/vz-scripts/101.conf
Add the following,
If you set the above value to “no”. The quota will be off.
# vzctl restart 101
# vzctl exec 101 df -h
Set up per vps disk quota:Now to set up per vps disk quota(eg : for a nod 102) we need to set up the following parameters DISKSPACE ,DISKINODES ,QUOTATIME
# vzctl set 102 --diskspace 1000000:1100000 --save
# vzctl set 102 --diskinodes 90000:91000 --save
# vzctl set 102 --quotatime 600 --save
# vzctl restart 102
# vzctl exec 102 df -h
Turning On/Off Second-Level Quotas for Virtual Private Server:The parameter that controls the second-level disk quotas is QUOTAUGIDLIMIT in the VPS configuration file. By default, the value of this parameter is zero and this corresponds to disabled per-user/group quotas. Enabling per-user/group quotas for a Virtual Private Server requires restarting the VPS. The value for it should be carefully chosen; the bigger value you set, the bigger kernel memory overhead this Virtual Private Server creates. This value must be greater than or equal to the number of entries in the VPS /etc/passwd and /etc/group files.
# cat /etc/passwd|wc -l 55 # cat /etc/group|wc -l 66 # vzctl set 102 --quotaugidlimit 100 --save # vzctl restart 102
Setting Up Second-Level Disk Quota Parameters:first to check the required packages are there in the vps.
# vzctl exec 102 rpm -q quota
Then ssh to the node 102
Now to edit the quota for the root do the following,
# edquota root
To report the quota do the folowing,
# repquota -a
This command gives the following output in my test vps.
# repquota -a *** Report for user quotas on device /dev/simfs Block grace time: 00:00; Inode grace time: 00:00 Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 455028 0 0 19878 0 0 smmsp -- 8 0 0 2 0 0 named -- 40 0 0 10 0 0 apache -- 8 0 0 2 0 0 rpm -- 9472 0 0 75 0 0 mysql -- 1332 0 0 163 0 0
To check the quota stats do the following operation in the host server.
# vzquota stat 102 -t
This document provide a minimum information to create a VPS server. There was an advanced section and it will be published soon.
First thanks to SWSoft to for designing and writing such a powerful and elegant system.
I would also like to thank the members of cyborg team in Bobcares, especially Sujith MK and Amal.
Thanks to everyone who reviewed this document
Linux kernel repository: http://www.kernel.org/pub/linux/kernel/
OpenVZ kernels,patches and configs: http://download.openvz.org/kernel/devel/
OpenVZ utilities: http://download.openvz.org/utils/
Os templates: http://download.openvz.org/template/
Other downloads: http://download.openvz.org
In addition to System Administration, his passion is KungFu. He is a certified KungFu master.