amuck-landowner

Install OpenVZ on CentOS 6

jarland

The ocean is digital
I shared this on 96forum but might as well share here as well. This is a script I put together from a combination of a script on github and from Tim's (Hostigation) cent6.sh script. This script will take you from a fresh CentOS 6 install to an OpenVZ node in one move. Keep in mind that securing it is your next goal, not a feature ;)

I think this is safe from summer hosts, since SolusVM is still easier.

Code:
#!/bin/bash
yum update -y
yum install -y wget
cd /etc/yum.repos.d
wget http://download.openvz.org/openvz.repo
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
yum install -y vzkernel.x86_64
yum install -y vzctl vzquota
sed -i 's/kernel.sysrq = 0/kernel.sysrq = 1/g' /etc/sysctl.conf
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
echo 'net.ipv4.conf.default.proxy_arp = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.send_redirects = 1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_broadcasts=1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.forwarding=1' >> /etc/sysctl.conf
sysctl -p
sed -i 's/NEIGHBOUR_DEVS=detect/NEIGHBOUR_DEVS=all/g' /etc/vz/vz.conf
sed -i 's/SELINUX=enabled/SELINUX=disabled/g' /etc/sysconfig/selinux
cd /vz/template/cache
wget http://download.openvz.org/template/precreated/centos-6-x86_64.tar.gz
yum install -y ntp
ntpdate -u us.pool.ntp.org
chkconfig ntpd on
service iptables stop
service ip6tables stop
chkconfig iptables off
chkconfig ip6tables off
reboot
 
Last edited by a moderator:

rds100

New Member
Verified Provider
Last edited by a moderator:

jarland

The ocean is digital
I would recommend not doing this.
Idea being that what firewall to use is up to the user at that point, but certainly worth noting. An alternative would be to replace it with this line:


iptables -D FORWARD 1

As the default CentOS 6 installation has a block in the forward chain.
 
Last edited by a moderator:

Nick_A

Provider of the year (2014)
Yep, I developed a nice one based on Tim's script a while back. Love that thing.
 

wlanboy

Content Contributer
I would like to add some text around the different commands and add some Debian/Ubuntu flavor too.

So let's start:

  1. Install a OpenVZ enabled kernel and some OpenVZ tools

    sudo apt-get install linux-image-openvz-amd64 vzctl vzquota vzdump

  2. Create a symlink to ease the path typing
    Code:
    ln -s /var/lib/vz /vz
  3. Edit the sysctl config
    Code:
    nano /etc/sysctl.conf
    or just use sed/echo:


    sed -i 's/kernel.sysrq = 0/kernel.sysrq = 1/g' /etc/sysctl.conf
    sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
    echo 'net.ipv4.conf.default.proxy_arp = 0' >> /etc/sysctl.conf
    echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.conf
    echo 'net.ipv4.conf.default.send_redirects = 1' >> /etc/sysctl.conf
    echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf
    echo 'net.ipv4.icmp_echo_ignore_broadcasts=1' >> /etc/sysctl.conf
    echo 'net.ipv4.conf.default.forwarding=1' >> /etc/sysctl.conf
  4. Update sysctl and reboot
    Code:
    sysctl -p && reboot
  5. Download your prefered pre configured container image:
    Your will find a list of containers here: http://wiki.openvz.org/Download/template/precreated
    Code:
    cd /vz/template/cache (without symlink: /var/lib/vz/template/cache)
    wget http://download.openvz.org/template/precreated/ubuntu-12.04-x86.tar.gz
  6. Install the OpenVZ web panel
    For a demo/screenshots etc go to this page: http://code.google.com/p/ovz-web-panel/

    promo.png


    And install it:


    wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh

  7. Open http://<ipofvps>:3000/ in your browser
  8. Do following steps:
     

    Code:
    A) Login using admin/admin
    B) Change the default password
    C) Click on Physical Servers->localhost
    D) Click Create virtual server
    E) Input a server ID
    F) Take a number greater than 100, for example 101. IDs from 1 to 100 are reserved and you
 
Last edited by a moderator:

wilbo

New Member
OpenVZ web panel is great.  I just wish it did KVM or XEN also.  Proxmox can do Openvz and KVM,  plus it has a bare metal installer iso that is very easy to install with KVM o IP. 
 

wlanboy

Content Contributer
Some additional monitoring commands:

  • vzcpucheck
    OpenVZ generates a number of the so-called CPU units to illustrate how much of your host cpus are used
  • vzmemcheck -v
    Displays memory consumption of all nodes
  • vzctl exec 108 cat /proc/user_beancounters
    Displays the beancounters of the vps with number 108
And some basic commands:

  • vzctl set 108 --userpasswd root:superpassword
    Sets the root password for vps with number 108
  • vzctl start 108
    Starts the vps with number 108
  • vzctl stop 108
    Stops the vps with number 108
  • vzctl restart 108
    Restars the vps with number 108
  • vzctl status 108
    Displays the current status of the vps with number 108
  • vzlist 108
    Displays id, status, ip and hostname of vps with number 108
  • vzlist -a
    Displays all vps
  • vzctl set 108 --name debian7test --save
    Sets name of vps with number 108 to "debian7test". This name can be used instead of the vps number.
  • vzmigrate second.host.com 108
    Migrate vps with number 108 to new host "second.host.com"


    Starting migration of container 108 on second.host.com
    Preparing remote node
    Initializing remote quota
    Syncing private
    Syncing 2nd level quota
    Turning quota off
    Cleanup

    SSH connection needed. If you add "--online" the migration should be without any downtime (live migration).
 
Last edited by a moderator:

WebSearchingPro

VPS Peddler
Verified Provider
Idea being that what firewall to use is up to the user at that point, but certainly worth noting.
 

You know some kids searching Google will stumble upon this page; copy, paste, then summer host their way into being hacked ;) .

I wonder what percentage of people read the comments to see the possible dangers?
 

jarland

The ocean is digital
You know some kids searching Google will stumble upon this page; copy, paste, then summer host their way into being hacked ;) .

I wonder what percentage of people read the comments to see the possible dangers?
Meh, SolusVM is way easier for summer hosts ;)
 

HalfEatenPie

The Irrational One
Retired Staff
Of course though, Summer Hosts do want to minimize their initial payments...  which means.... Egad! 
 

Ash

New Member
This would have come in great use a few weeks back :/

Very good little script though. I had something similar but it didn't edit the sysctl file etc. I like to install Webmin on top as well as its much quicker than logging in via SSH everytime you need to perform a few things, can also disable SSH etc that way if you don't have IPMI.
 

Reece-DM

New Member
Verified Provider
Some nice information in here!

How about blocking SSH connections to port 22... I kid I kid :p
 
Last edited by a moderator:

shovenose

New Member
Verified Provider
Awesome information. I never need to do this setup myself due to SolusVM, but I've got a dedicated server client who I need to set up with OpenVZ and this will be helpful!
 

fisle

Active Member
Very nice tutorial(s), thank you both jarland and wlanboy. Maybe it's time for me to tinker with OpenVZ too, having managed Xen and KVM before. :p
 
Top
amuck-landowner