Posted by Tres
Sun, 16 Dec 2007 19:21:00 GMT
If you’ve built or recently updated an OpenVZ hosted virtual environment, you might run into the “vzctl lockout:”
[root@calliope root]# sudo vzctl enter 12345
enter failed
You’ll need to create the pty and tty devices within the environement to get shell access. Luckily vzctl exec gives you the ability to do this:
[root@calliope root]# sudo vzctl exec 12345 "/sbin/MAKEDEV pty"
[root@calliope root]# sudo vzctl exec 12345 "/sbin/MAKEDEV tty"
Once you’ve got the device files set up, you should be able to get into the virtual environment normally:
[root@calliope root]# sudo vzctl enter 12345
entered into VPS 12345
Posted in OpenVZ, Sysadmin | Tags OpenVZ, Virtuozzo, vzctl
Posted by Tres
Tue, 24 Apr 2007 01:18:00 GMT
So you’ve got a Virtuozzo Fedora Core 2 VPS and need to install Yum? Well, just like we did with installing Yum into a CentOS 4 OpenVZ VPS you can just copy and paste the following lines into your terminal window to get yum running:
rpm -ivh http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.updates/libxml-1.8.17-10.1.2.i386.rpm
rpm -ivh http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.updates/libxml2-python-2.6.16-2.i386.rpm
rpm -ivh http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.updates/rpm-python-4.3.1-0.4.1.i386.rpm
rpm -ivh http://mirrors.kernel.org/fedora.us/fedora/fedora/2/i386/RPMS.os/yum-2.0.7-1.1.noarch.rpm
That’s it. Once those RPMs are installed, you should be able to
yum update
and
yum install whatever
Posted in OpenVZ, Sysadmin | Tags Virtuozzo, vps, yum
Posted by Tres
Mon, 15 Jan 2007 11:33:00 GMT
This class was written as a means to allow a “management node” to automatically change the state of a “hardware node” on which client virtual private servers are running. It’s referenced in the earlier article on using CFEngine to build an OpenVZ node. There are some unfinished methods for monitoring, but does provide all standard vzctl functionality. By design, the management node would be running some kind of billing software. By monitoring state changes in the billing software’s database, you can automatically provision new accounts, disable for late payments, delete accounts, add services, add resources, and do it all while you’re asleep.
By using SSH public keys and sudo, you can have the management node make any changes required to the state of a VPS on a hardware node. Why not just use vzctl via SSH? The problem with vzctl is that you’re implicitly granting privileges for the management node to do anything that vzctl can do. Second, it’s easier and more reliable to extend a class to do other things required things like firewall rules, bandwidth monitoring, rate limiting, etc. than it is to create a server-side (i.e. management node) script that will try to do all these things.
This class allows you to write scripts that only have the ability to do one thing. I’ll try to upload my scripts in a separate article later (they’re very small–if you know some Ruby, it should be easy to write them yourself). This means that you can add these scripts to your sudoers file, and reliably limit the kind of changes that can be made from the hardware node. Remember, the ultimate goal here is to automate all of this stuff; we not only have to make sure that the automated system won’t screw up, we have to make sure that we can also hook into the billing system’s database.
class Vps
attr_accessor :veid, :hostname, :nameservers, :ostemplate, :addresses, :plan_id, :password, :net_status, :cpu_usage, :disk_status, :disk_usage, :mem_usage, :sys_status, :net_usage, :batch_mode
require ("/usr/local/lib/vpsadmin/firewall.rb")
require ("optparse")
def initialize( )
@vzDir = "/vz"
@scriptsDir = "#{@vzDir}/scripts/"
@backupDir = "#{@scriptsDir}/backups/"
@disabledDir = "#{@scriptsDir}/disabled/"
@batch_mode = false
end
def create()
addressstring = String.new
addresses = @addresses.to_s
address_list = addresses.split(/\s*\,\s*/)
address_list.each { |address| addressstring.concat(" --ipadd #{address} ") }
system("vzctl create #{@veid} --ostemplate #{@ostemplate} --hostname #{@hostname} #{addressstring} --config #{@plan_id}")
self.set_nameserver()
self.set_password()
self.start()
sleep(60)
self.create_tun_dev()
end
def create_tun_dev()
system("vzctl exec #{@veid} mkdir -p /dev/net")
system("vzctl exec #{@veid} mknod /dev/net/tun c 10 200")
system("vzctl exec #{@veid} chmod 600 /dev/net/tun")
end
def set_nameserver()
nameserverstring = String.new
nameservers = @nameservers.to_s
nameservers.each(',') {|address| nameserverstring.concat(" --nameserver #{address} ")}
system("vzctl set #{@veid} #{nameserverstring} --save")
end
def set_password()
system("vzctl set #{@veid} --userpasswd root:#{@password} --save")
end
def set_hostname()
system("vzctl set #{@veid} --hostname #{@hostname} --save")
end
def destroy()
system("vzctl destroy #{@veid}")
firewall = new Firewall()
firewall.veid = @veid
firewall.plan = @plan_id
firewall.addresses = @addresses
firewall.delete()
end
def add_ip()
@addresses.each {|address| system("vzctl set #{@veid} --ipadd #{address} --save") }
firewall = new Firewall()
firewall.veid = @veid
firewall.plan = @plan_id
firewall.addresses = @addresses
firewall.setup()
end
def remove_ip()
system("vzctl set #{@veid} --ipdel all --save")
@addresses.each {|address| system("vzctl set #{@veid} --ipadd #{address} --save") }
end
def disable()
old_location = "#{@scriptsDir}/#{@veid}.conf"
new_location = "#{@backupDir}/#{@veid}.conf"
self.stop()
FileUtils.move( old_location, new_location )
end
def enable()
new_location = "#{@scriptsDir}/#{@veid}.conf"
old_location = "#{@backupDir}/#{@veid}.conf"
FileUtils.move( old_location, new_location )
self.start()
end
def upgrade_plan()
system("vzctl set #{@veid} --applyconfig @plan_id --save")
firewall = new Firewall()
firewall.veid = @veid
firewall.plan_id = @plan_id
firewall.addresses = @addresses
firewall.setup()
end
def downgrade_plan()
system("vzctl set #{@veid} --applyconfig @plan_id --save")
firewall = new Firewall()
firewall.veid = @veid
firewall.plan_id = @plan_id
firewall.addresses = @addresses
firewall.setup()
end
def start()
system("vzctl start #{@veid}")
end
def stop()
system("vzctl stop #{@veid}")
end
def migrate()
system("vzmigrate #{@hardwareNode} #{@veid}")
end
def check_sys_status()
self.sys_status = `vzlist | grep
end
def check_net_status()
end
def check_net_usage()
end
def check_disk_usage()
output = `vzquota -b show
output_array = output.scan(/\w+/)
usage = output_array[0]
softlimit = output_array[1]
hardlimit = output_array[2]
self.disk_usage = ( (usage.to_f / softlimit.to_f ) * 100 )
end
def check_cpu_usage()
end
def check_mem_usage()
usage = `vzmemcheck -A
self.mem_usage = usage[2]
end
def add(args)
usage = <<-"EOF"
usage: #{@MYNAME} [-h] [-v VEID] [-H hostname] [-n "comma,separated,nameservers"] [-o ostemplate]
[[-a "comma,separated,ip_addresses"] [-p plan_id] [-P password] ]
EOF
banner = <<-"EOF"
#{@MYNAME} #{@Version} (#{@MYDATE})
#{usage}
EOF
opts = OptionParser.new
opts.on("-h", "--help", "Show this message") {
print opts
exit 0
}
opts.on("-v", "--veid veid", String, "Virtual Environment Identifiation Number") { |veid| self.veid = veid }
opts.on("-a", "--addresses addresses", String, "Comma Separated List of IP Addresses") { |addresses| self.addresses = addresses }
opts.on("-H", "--hostname hostname", String, "Hostname of server") { |hostname| self.hostname = hostname }
opts.on("-n", "--nameservers nameservers", String, "Comma Separated List of Name Servers") { |nameservers| self.nameservers = nameservers }
opts.on("-o", "--ostemplate ostemplate", String, "Operating System Template") { |ostemplate| self.ostemplate = ostemplate }
opts.on("-p", "--plan_id plan_id", String, "Plan Level") { |plan_id| self.plan_id = plan_id }
opts.on("-P", "--password password", String, "root User Password") { |password| self.password = password }
host = opts.parse(args)
error_string = String.new
if (self.veid == nil)
error_string.concat(" ERROR: VEID required (-v)\n" )
end
if (self.addresses == nil)
error_string.concat( " ERROR: IP Addresses required in a comma separated list (-a)\n" )
end
if (self.hostname == nil)
error_string.concat( " ERROR: fully qualified domain name required (-H)\n" )
end
if (self.nameservers == nil)
error_string.concat( " ERROR: comma separated list of name server IP addresses required (-n)\n" )
end
if (self.ostemplate == nil)
error_string.concat( " ERROR: OS template required (-o)\n" )
end
if (self.plan_id == nil)
error_string.concat( " ERROR: VPS plan ID required (-p)\n" )
end
if (self.password == nil)
error_string.concat( " ERROR: VPS root password required (-P)\n" )
end
if (error_string == "")
self.create
else
puts usage
puts error_string
end
end
def check(args)
usage = <<-"EOF"
usage: #{@MYNAME} [-bhmsnudc] [-v VEID]
EOF
banner = <<-"EOF"
#{@MYNAME} #{@Version} (#{@MYDATE})
#{usage}
EOF
opts = OptionParser.new
opts.on("-h", "--help", "Show this message") {
print opts
exit 0
}
opts.on("-v", "--veid veid", String, "Virtual Environment Identifiation Number") { |veid| self.veid = veid }
opts.on("-m", "--memory", "Check Memory Usage") { |memory| self.check_mem_usage }
opts.on("-s", "--status", "Current Status of Server") { |status| self.check_sys_status }
opts.on("-n", "--netstat", "Check Network Status of Server") { |net_stat| self.check_net_status }
opts.on("-u", "--netuse", "Check Network Bandwidth Usage") { |net_use| self.check_net_usage }
opts.on("-d", "--diskuse", "Check Disk Usage") { |disk_use| self.check_disk_usage }
opts.on("-c", "--cpuuse", "Check CPU Usage") { |cpu_use| self.check_cpu_usage }
opts.on("-b", "--batch", "Batch Mode") { self.batch_mode = true }
host = opts.parse(args)
error_string = String.new
output_string = String.new
if (self.veid == nil)
error_string.concat(" ERROR: VEID required (-v)\n" )
end
if ( self.batch_mode != true )
if (self..mem_usage != nil)
output_string.concat( " Current Memory Usage: #{self.mem_usage} MB\n" )
end
if (self.sys_status != nil)
output_string.concat( " Current Virtual System Status: #{self.sys_status} \n" )
end
if (self.net_status != nil)
output_string.concat( " Current Virtual System Network Status: #{self.net_status} \n" )
end
if (self.net_usage != nil)
output_string.concat( " Current Virtual System Network Usage: #{self.net_usage} \n" )
end
if (self.disk_usage != nil)
output_string.concat( " Current Virtual System Disk Usage: #{self.disk_usage} \n" )
end
if (self.cpu_usage != nil)
output_string.concat( " Current CPU Usage: #{self.cpu_usage} \n" )
end
puts output_string
else
if (self.mem_usage != nil)
puts( "#{self.mem_usage}" )
end
if (self.sys_status != nil)
puts( "#{self.sys_status}" )
end
if (self.net_status != nil)
puts( "#{self.net_status}" )
end
if (self.net_usage != nil)
puts( "#{self.net_usage}" )
end
if (self.disk_usage != nil)
puts( "#{self.disk_usage}" )
end
if (self.cpu_usage != nil)
puts( "#{self.cpu_usage}" )
end
end
if (error_string != "")
puts usage
puts error_string
end
end
end
Posted in OpenVZ, Ruby, Sysadmin | Tags Automation, management, OpenVZ
Posted by Tres
Sun, 14 Jan 2007 11:28:00 GMT
This vz.conf file is the one referenced in this article.
It allows you to do things like use APF for your iptables firewall. It will also make sure that any defined VE’s are started relatively quickly. (Without FASTBOOT enabled, Virtuozzo startup waits for each VE to complete startup before moving to the next… get 60 VEs on a box & you and your customers will be waiting up to an hour for all the servers on a box to start.)
## Global parameters
VIRTUOZZO=yes
LOCKDIR=/vz/lock
DUMPDIR=/vz/dump
VE0CPUUNITS=1000
## Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log
LOG_LEVEL=0
## Disk quota parameters
DISK_QUOTA=yes
VZFASTBOOT=yes
# The name of the device whose ip address will be used as source ip for VE.
# By default automatically assigned.
#VE_ROUTE_SRC_DEV="eth0"
## Template parameters
TEMPLATE=/vz/template
## Defaults for VEs
VE_ROOT=/vz/root/$VEID
VE_PRIVATE=/vz/private/$VEID
CONFIGFILE="vps.basic"
DEF_OSTEMPLATE="fedora-core-4"
## Load vzwdog module
VZWDOG="no"
IPTABLES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc ipt_REDIRECT xt_mac"
Posted in OpenVZ | Tags APF, firewall, quick, start, Virtuozzo
Posted by Tres
Sat, 13 Jan 2007 04:18:00 GMT
Don’t ask me why, but yum isn’t enabled by default on the OpenVZ distributed centos-4 template. Luckily, getting it running is just a matter of installing a few RPMS. Paste the next few lines into a console in your CentOS 4 VE
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/rpm-python-4.3.3-18_nonptl.i386.rpm
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/libxml2-python-2.6.16-6.i386.rpm
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/python-elementtree-1.2.6-4.2.1.i386.rpm
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/sqlite-3.3.3-1.2.i386.rpm
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.i386.rpm
rpm -ivh http://mirrors.kernel.org/centos/4.4/os/i386/CentOS/RPMS/yum-2.4.3-1.c4.noarch.rpm
Posted in OpenVZ, Red Hat Enterprise Linux | Tags install, OpenVZ, yum
Posted by Tres
Fri, 12 Jan 2007 09:23:00 GMT
The following CFEngine configuration file will take all the necessary steps required to set up OpenVirtuozzo on a system. It’s a good idea to have a separate, and fairly large partition set aside for the virtual environments. Mount it as /vz. The file contains some stuff that’s internal; mostly file copy stuff. You can easily remove the stuff you don’t need–CFEngine will still build you a working OpenVZ server as fast as you can type cfagent -qv
If you don’t want to screen scrape the file, you can download it from here.
##################################################
#
# System Specific Configuration
#
##################################################
classes:
linux::
has_vz_yum = ( FileExists(/etc/yum.repos.d/openvz.repo) )
has_vz_kernel = ( ReturnsZero(/bin/rpm -q --quiet ovzkernel-enterprise) )
has_vzctl = ( ReturnsZero(/bin/rpm -q --quiet vzctl) )
has_vzquota = ( ReturnsZero(/bin/rpm -q --quiet vzquota) )
has_vzpkg = ( ReturnsZero(/bin/rpm -q --quiet vzpkg) )
has_vzyum = ( ReturnsZero(/bin/rpm -q --quiet vzyum) )
has_vzprocps = ( ReturnsZero(/bin/rpm -q --quiet vzprocps))
has_vzrpm43_python = ( ReturnsZero(/bin/rpm -q --quiet vzrpm43-python) )
has_vzrpm44_python = ( ReturnsZero(/bin/rpm -q --quiet vzrpm44-python) )
has_vztmpl_fedora_core_3 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-fedora-core-3 ) )
has_vztmpl_fedora_core_4 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-fedora-core-4 ) )
has_vztmpl_fedora_core_5 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-fedora-core-5 ) )
has_vztmpl_centos_4 = ( ReturnsZero(/bin/rpm -q --quiet vztmpl-centos-4 ) )
has_vztmpl_debian_31 = ( FileExists(/vz/template/cache/debian-3.1-i386-minimal.tar.gz) )
has_vztmpl_gentoo_63 = ( FileExists(/vz/template/cache/gentoo-20060317-i686-stage3.tar.gz) )
has_sysstat = ( ReturnsZero(/bin/rpm -q --quiet sysstat))
init_vzpkgcache = ( FileExists(/vz/.vzpkgcache_init) )
has_ruby = ( ReturnsZero(/bin/rpm -q --quiet ruby) )
has_screen = ( ReturnsZero(/bin/rpm -q --quiet screen) )
has_prm = ( FileExists(/usr/local/prm/prm) )
control:
iptables_status = ( ExecResult(/sbin/chkconfig --list iptables) )
shaper_status = ( ExecResult(/sbin/chkconfig --list shaper) )
VpsAdminLib = ( /usr/local/lib/vpsadmin )
groups:
iptables_enabled = ( RegCmp(".*3:on.*","${iptables_status}") )
shaper_enabled = ( RegCmp(".*3:on.*","${shaper_status}") )
##################################################
directories:
##################################################
links:
linux::
/usr/local/sbin/prm -> /usr/local/prm/prm
/vz/scripts -> /etc/sysconfig/vz-scripts
##################################################
copy:
linux::
${FileSource}/node/installers/prm/prm
dest=/usr/local/prm/prm
ignore=.svn
recurse=5
mode=751
owner=root
group=root
${FileSource}/node/etc/prm.cron
dest=/etc/cron.d/prm
mode=644
owner=root
group=root
${FileSource}/node/etc/sysconfig/iptables
dest=/etc/sysconfig/iptables
mode=644
owner=root
group=root
${FileSource}/node/etc/init.d/shaper
dest=/etc/init.d/shaper
mode=755
owner=root
group=root
${FileSource}/node/etc/sysconfig/tc
dest=/etc/sysconfig/tc
mode=644
owner=root
group=root
${FileSource}/node/lib/vpsadmin
dest=${VpsAdminLib}
ignore=.svn
recurse=2
mode=751
owner=root
group=root
${FileSource}/node/bin
dest=/usr/local/bin
recurse=1
mode=751
owner=root
group=root
${FileSource}/node/etc/sysconfig/vz-scripts
dest=/etc/sysconfig/vz-scripts
mode=644
recurse=1
owner=root
group=root
##################################################
editfiles:
linux.serviceadd::
{
/etc/sysctl.conf
EmptyEntireFilePlease
InsertFile "${FileSource}/node/etc/sysctl.conf"
AppendIfNoSuchLine "kernel.core_uses_pid = 1"
AppendIfNoSuchLine "net.ipv4.ip_forward = 1"
AppendIfNoSuchLine "net.ipv4.conf.default.proxy_arp = 0"
AppendIfNoSuchLine "net.ipv4.conf.all.rp_filter = 1"
AppendIfNoSuchLine "kernel.sysrq = 1"
AppendIfNoSuchLine "net.ipv4.conf.default.send_redirects = 1"
AppendIfNoSuchLine "net.ipv4.conf.all.send_redirects = 0"
}
{
/etc/sysconfig/selinux
EmptyEntireFilePlease
AppendIfNoSuchLine "SELINUX=disabled"
}
{
/etc/grub.conf
ReplaceAll "default=1" With "default=0"
}
{
/etc/fstab
LocateLineMatching ".*\/vz.*"
ReplaceAll "defaults " With "defaults,noatime"
}
{
/etc/vz/vz.conf
EmptyEntireFilePlease
InsertFile "${FileSource}/node/etc/vz/vz.conf"
}
{
/root/.bash_profile
AppendIfNoSuchLine "screen -D -R"
}
##################################################
files:
/etc/sysconfig/vz-scripts/disabled/
mode=755
action=create
owner=root
group=wheel
action=touch
/etc/sysconfig/vz-scripts/backups/
mode=755
action=create
owner=root
group=wheel
action=touch
##################################################
shellcommands:
!has_vz_yum::
"/bin/rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ"
"/usr/bin/wget -P/etc/yum.repos.d/ http://download.openvz.org/openvz.repo"
!has_vz_kernel::
"/usr/bin/yum -y install ovzkernel-enterprise"
"/bin/cp /boot/grub/grub.conf /tmp/grub.conf"
"/bin/cat /tmp/grub.conf | /bin/sed 's/default=1/default=0/g' > /boot/grub/grub.conf"
"/sbin/reboot"
!has_vzquota::
"/usr/bin/yum -y install vzquota"
!has_vzctl::
"/usr/bin/yum -y install vzctl"
"/sbin/chkconfig vz on"
!has_vzpkg::
"/usr/bin/yum -y install vzpkg"
!has_vzyum::
"/usr/bin/yum -y install vzyum"
!has_vzprocps::
"/bin/rpm -ivh ${FileSource}/node/installers/vzprocps/vzprocps.rpm"
!has_vzrpm43_python::
"/usr/bin/yum -y install vzrpm43-python"
!has_vzrpm44_python::
"/usr/bin/yum -y install vzrpm44-python"
!has_vztmpl_fedora_core_3::
"/usr/bin/yum -y install vztmpl-fedora-core-3"
!has_vztmpl_fedora_core_4::
"/usr/bin/yum -y install vztmpl-fedora-core-4"
!has_vztmpl_fedora_core_5::
"/usr/bin/yum -y install vztmpl-fedora-core-5"
!has_vztmpl_centos_4::
"/usr/bin/yum -y install vztmpl-centos-4"
!has_vztmpl_debian_31::
"/usr/bin/wget -P/vz/template/cache/ http://download.openvz.org/template/precreated/debian-3.1-i386-minimal.tar.gz"
!has_vztmpl_gentoo_63::
"/usr/bin/wget -P/vz/template/cache/ http://download.openvz.org/template/precreated/gentoo-20060317-i686-stage3.tar.gz"
!init_vzpkgcache::
"/etc/init.d/vz start"
"/usr/bin/vzpkgcache"
"/bin/touch /vz/.vzpkgcache_init"
!has_ruby::
"/usr/bin/yum -y install ruby"
!has_screen::
"/usr/bin/yum -y install screen"
!has_sysstat::
"/usr/bin/yum -y install sysstat"
!iptables_enabled::
"/sbin/chkconfig iptables on"
"/sbin/service iptables start"
!shaper_enabled::
"/sbin/chkconfig shaper on"
"/sbin/service shaper start"
##################################################
processes:
##################################################
tidy:
##################################################
Posted in Cfengine, OpenVZ, Sysadmin | Tags OpenVirtuozzo, OpenVZ