在CentOS 4.4上安装配置OpenVZ

Change Cent OS to OpenVZ (just for clarity reasons, so the OpenVZ kernels will not be mixed up with non OpenVZ ones). Remove extra arguments from the kernel line, leaving only the root=... parameter. The modifed portion of /etc/grub.conf should look like this:

title OpenVZ (2.6.8-022stab029.1)
        root (hd0,0)
        kernel /vmlinuz-2.6.8-022stab029.1 ro root=/dev/sda5
        initrd /initrd-2.6.8-022stab029.1.img

Step #9 - Configuring sysctl

There is a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in /etc/sysctl.conf file. Here is the relevant part of the file; please edit it accordingly.

# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

Step #10 - Configuring SELinux

SELinux should be disabled. To that effect, put the following line to /etc/sysconfig/selinux:

SELINUX=disabled

Step #11 - Conntracks

In the stable OpenVZ kernels (those that are 2.6.8-based) netfilter connection tracking for VE0 is disabled by default. If you have a stateful firewall enabled on the host node (it is there by default) you should either disable it, or enable connection tracking for VE0.

To enable conntracks for VE0, add the following line to /etc/modprobe.conf file:

options ip_conntrack ip_conntrack_enable_ve0=1

Note: in kernels later than 2.6.8, connection tracking is enabled by default

Step #12 - Rebooting into OpenVZ kernel

Now reboot the machine and choose "OpenVZ" on the boot loader menu. If the OpenVZ kernel has been booted successfully, proceed to installing the user-level tools for OpenVZ.

Step #13 - Installing the utilities

OpenVZ needs some user-level tools installed. Those are:

vzctl - A utility to control OpenVZ VPSs (create, destroy, start, stop, set parameters etc.)

vzquota - A utility to manage quotas for VPSs. Mostly used indirectly (by vzctl).

# yum install vzctl vzquota

Step #14 - Starting OpenVZ

# /sbin/service vz start

Note: OpenVZ is now set up on your machine. To load OpenVZ kernel by default, edit the default line in the /boot/grub/grub.conf file to point to the OpenVZ kernel. For example, if the OpenVZ kernel is the first kernel mentioned in the file, put it as default 0. See man grub.conf for more details.

3. OS template cache preparation

Step #15 - Installing template utilities

# yum install vzpkg vzyum vzrpm43-python vzrpm44-python

Step #16 - Installing OS template metadata

# yum search vztmpl

# yum install vztmpl-XXX [...]

Eg:

yum install vztmpl-centos-4.i386

Step #17 - Installing repository cache (optional)

vzpkgcache

Step #18 - Alternative: use precreated template cache

cd /vz/template/cache

Download Precreated Templates from: http://download.openvz.org/template/precreated/

4. VE Creation and other oprations with VEs

Step #19 – Creating VE

[host-node]# vzctl create 112 --ostemplate centos-4-i386-default

Step #20 – Adding IP(s) to VE

[host-node]# vzctl set 112 --ipadd 192.168.6.112 --save

Step #21 – Starting VE

[host-node]# vzctl start 112

Step #22 – Running ps command from Hardware Node

Your freshly-created VE should be up and running now; you can see its processes:

[host-node]# vzctl exec VEID ps ax

Step #23 - To enter VE give the following command:

[host-node]# vzctl enter VEID

entered into VPS VEID
[ve]#

Step #24 - To exit from VE, just type exit and press enter:

 如果您对本文有任何疑问或者建议，请到讨论区发表您的意见: >> 论坛入口 <<

上一页 1 2 34 下一页

上一篇：使用Bastille完美加固CentOS Linux系统   下一篇：入侵监测系统的构建（chkrootkit ）

【文章评论】 【收藏本文】 【推荐好友】 【打印本文】 【我要投稿】 【论坛讨论】