Install OpenVZ on CentOS
When initial contact OpenVZ VPS is in the selection of,OpenVZ VPS is a lot cheaper than Xen。After getting to know the product found OpenVZ virtual operating system layer,And Xen、KVM、Huper-V and other virtualization products are two completely different levels。OpenVZ provides only a virtual environment (VE),OpenVZ container called themselves (Container),Xen、KVM to provide a virtual machine with the Hypervisor,OpenVZ for cheaper low-end VPS is indeed better,Xen and other virtualization products are generally used in the enterprise application center、Cloud computing platform。
Installation OpenVZ
surroundings:Use CentOS5.6_x86_64 operating system is installed on a single PC DELL。
Official website (http://wiki.openvz.org/) Gives a source yum to install on CentOS,We adjusted yum source,And for security issues,Support for OpenVZ kernel patch CentOS5 supported kernel version must be greater than or equal 2.6.18.308.8.2.el5,You can go here to see supported kernel versionhttp://wiki.openvz.org/Download/kernel。
[root@openvz yum.repos.d]# cd /etc/yum.repos.d [root@openvz yum.repos.d]# wget http://download.openvz.org/openvz.repo [root@openvz yum.repos.d]#uname -r 2.6.18-238.9.1.el5 [root@openvz yum.repos.d]#yum install kernel.x86_64 # upgrade the kernel to 2.6.18.308, [root@openvz yum.repos.d]#uname -r 2.6.18-308.8.2.el5[root@openvz yum.repos.d]#cat openvz.repo #修改openvz源,Ensure that the following are selected by default version 6.2
[openvz-utils] name = OpenVZ utilities # = Baseurl<a href="http://download.openvz.org/current/">http://download.openvz.org/current/</a> mirrorlist=<a href="http://download.openvz.org/mirrors-current">http://download.openvz.org/mirrors-current</a> enabled=1 gpgcheck=1 gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ [openvz-kernel-rhel5] name = OpenVZ kernel-based RHEL5 # = Http baseurl://download.openvz.org/kernel/branches/rhel5-2.6.18/current/ mirrorlist=http://download.openvz.org/kernel/mirrors-rhel5-2.6.18 enabled=1 gpgcheck=1 gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ [root@openvz ~]# yum install ovzkernel -y # kernel installed openvz [root@openvz ~]# Two common tools yum install vzctl vzquota # installation of openvzBecause we need to access the external network of VE,So here to open the packet forwarding,We will talk later。
[root@openvz ~]# grep ip_forward /etc/sysctl.conf net.ipv4.ip_forward = 1 [root@openvz ~]#See grub.conf default boot kernel settings
default=0 timeout=5 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title OpenVZ (2.6.18-308.8.2.el5.028stab101.1) root (hd0,0) kernel /vmlinuz-2.6.18-308.8.2.el5.028stab101.1 ro root = LABEL = / selinux = 0 # already closed automatically set up selinux initrd /initrd-2.6.18-308.8.2.el5.028stab101.1.img [root@openvz ~]# init 6Ensure vz service boot
[root@openvz ~]# service vz status OpenVZ is running... [root@openvz ~]# chkconfig --list vz vz 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@openvz ~]#Installation Manager VE
OpenVZ is using to manage the VE vzctl,Let's look at the detailed command。
[root@openvz ~]# vzctl vzctl version 3.3 Copyright (C) 2000-2012, Parallels, Inc. This program may be distributed under the terms of the GNU GPL License. Usage: vzctl [options] <command> <ctid> [parameters] vzctl create <ctid> [--ostemplate <name>] [--config <name>] [--layout ploop|simfs] [--hostname <name>] [--name <name>] [--ipadd <addr>] [--diskspace <kbytes>] [--private <path>] [--root <path>]#创建VE vzctl start <ctid> [--force] [--wait]#启动VE vzctl destroy | mount | umount | stop | restart | status <ctid>#关闭VE vzctl convert <ctid> [--layout ploop[:mode]] [--diskspace <kbytes>] vzctl quotaon | quotaoff | quotainit <ctid>#Setting qutoa vzctl console <ctid> [ttyno]#进入VE vzctl enter <ctid> [--exec <command> [arg ...]]#进入VE vzctl exec | exec2 <ctid> <command> [arg ...]#Do not enter under the command VE VE execution vzctl runscript <ctid> <script>#Execute the script for the VE vzctl chkpnt <ctid> [--dumpfile <name>]#Save the file to the state of VE vzctl restore <ctid> [--dumpfile <name>]#Restore from file VE state vzctl set <ctid> [--save] [--force] [--setmode restart|ignore] [--ram <bytes>[Transitional]] [--swap <bytes>[Transitional]]#Setting RAM [--ipadd <addr>] [--ipdel <addr>|all] [--hostname <name>]#Adding and deleting IP [--nameserver <addr>] [--searchdomain <name>]#指定nameserber和sercherdomain [--onboot yes|no] [--bootorder <N>]#Setting the boot [--userpasswd <user>:<passwd>]#Modify the user's password VE [--cpuunits <N>] [--cpulimit <N>] [--cpus <N>] [--cpumask <cpus>] [--diskspace <soft>[:<hard>]] [--diskinodes <soft>[:<hard>]] [--quotatime <N>] [--quotaugidlimit <N>] [--noatime yes|no] [--capability <name>:on|off ...] [--devices b|c:major:minor|all:r|w|rw] [--devnodes device:r|w|rw|none] [--netif_add <ifname[,mac,host_ifname,host_mac,bridge]]>]#Adding bridging device [--netif_del <ifname>]#Remove bridging device [--applyconfig <name>] [--applyconfig_map <name>] [--features <name:on|off>] [--name <remote>] [--ioprio <N>] [--pci_add [<domain>:]<bus>:<slot>.<func>] [--pci_del <d:b:s.f>] [--iptables <name>] [--disabled <yes|no>]#VE firewall settings [UBC parameters]Install a Guest,OpenVZ official recommended installation method,Download its optimized operating system archive,To install。OpenVZ operating system stored on the archive location is / vz / template / cache /。OS archive download addresshttp://wiki.openvz.org/Download/template/precreated 。I am here to download the CentOS5_X84_64,For installation testing。
[root@openvz ~]# ll /vz/template/cache/ total 188092 -rw-r--r-- 1 root root 192411846 Jul 19 02:08 centos-5-x86_64.tar.gz [root@openvz ~]# vzctl create 2 --ostemplate centos-5-x86_64 --hostname centos01 Creating container private area (centos-5-x86_64) Performing postcreate actions CT configuration saved to /etc/vz/conf/2.conf#配置文件保存为/etc/vz/下的2.conf Container private area was created [root@openvz ~]#Use OS template centos-5-x86_64 installation ID of the VE 2,Host name centos01,After the installation is complete, you need to modify the default configuration file,Restart VE。
Setting VE boot from the start、Setting IP、DNS settings、RAM、Set the disk size
[root@openvz ~]# vzctl set 2 --onboot yes WARNING: Settings were not saved to config (use --save flag) #Prompts to save the configuration files need --save [root@openvz ~]# vzctl set 2 --onboot yes --save CT configuration saved to /etc/vz/conf/2.conf [root@openvz ~]# vzctl set 2 --ipadd 10.20.100.146 --save#此时还不能使用 CT configuration saved to /etc/vz/conf/2.conf [root@openvz ~]# vzctl set 2 --nameserver 10.20.1.6 --save CT configuration saved to /etc/vz/conf/2.conf [root@openvz ~]# vzctl set 2 --ram 345 --save Error: kernel does not support vswap, unable to use --ram/--swap parameters Error parsing options #内核不支持 [root@openvz ~]# vzctl set 2 --diskspace 3G:3G --save CT configuration saved to /etc/vz/conf/2.conf [root@openvz ~]# vzctl start 2 # to start the ID of VE 2 Starting container ... Container is mounted Adding IP address(is): 192.168.221.2 Setting CPU units: 1000 Container start in progress... [root@openvz ~]#Use vzlist View VE
[root@openvz ~]# vzlist 2 CTID NPROC STATUS IP_ADDR HOSTNAME 2 12 running 192.168.221.2 centos01Sign VE、退出 VE、Restart the VE、Start VE、Close VE、Off VE
[root@openvz ~]# vzctl enter 2 [root@centos01 /]# exit [root@openvz ~]# vzctl restart 2 [root@openvz ~]# vzctl start 2 [root@openvz ~]# vzctl stop 2 [root@openvz ~]# vzctl destroy 2Not landing VE,Excuting an order、Execute scripts
[root@openvz ~]# vzctl exec 2 ifconfig # View card information without logging VE [root@openvz ~]# vzctl runscript 2 Scriptname # script on the serverCalculation of consumption VE
[root@openvz ~]# vzcalc -v 2VE modify the root password
[root@openvz ~]# vzctl exec 2 passwd # enter the password twice [root@openvz ~]# vzctl set 2 --userpasswd root:123456#Directly modify the password is 123456
VE Network
The method according to the direct addition of IP,VE access the Internet There are two ways to achieve。One is to open the base unit (the term used machine tools,Really better distinguish) packet forwarding function,VE and base unit using the same IP segment,In this way independent of VPS is the use of IP,VE has its own external network IP,Users can log in to manage your VPS;Another is to use the routing forwarding,Source NAT firewalls do snat,VE private IP,In this case,VE can access the Internet,However, the external network can not directly access the internal network VE。
method one:Public IP
Open packet forwarding
[root@openvz ~]# grep ip_forward /etc/sysctl.conf net.ipv4.ip_forward = 1To take effect
[root@openvz ~]# /sbin/sysctl -p net.ipv4.ip_forward = 1VE configure or modify the IP,This IP and machine tools in the same paragraph (VPS is used in public IP)。
[root@openvz ~]# ifconfig # IP machine tools eth0 Link encap:Ethernet HWaddr 00:0C:29:FD:E4:AA inet addr:10.20.100.141 Bcast:10.20.100.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:35535 errors:0 dropped:0 overruns:0 frame:0 TX packets:8399 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3534995 (3.3 MiB) TX bytes:934525 (912.6 KiB) Interrupt:59 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 Loopback UP RUNNING MAN:16436 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:784 (784.0 b) TX bytes:784 (784.0 b) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:494 errors:0 dropped:0 overruns:0 frame:0 TX packets:283 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:37807 (36.9 KiB) TX bytes:23312 (22.7 KiB) [root@openvz ~]# vzctl set 2 --ipadd 10.20.100.146 --save # modify or set of IP VE,Test VE Network
[root@openvz ~]# vzctl exec 2 ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 Loopback UP RUNNING MAN:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:224 errors:0 dropped:0 overruns:0 frame:0 TX packets:292 errors:0 dropped:53 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:18572 (18.1 KiB) TX bytes:23106 (22.5 KiB) venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.20.100.146 P-t-P:10.20.100.146 Bcast:10.20.100.146 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 [root@openvz ~]# vzctl exec 2 ping www.baidu.com PING www.a.shifen.com (220.181.111.147) 56(84) bytes of data. 64 bytes from 220.181.111.147: icmp_seq=1 ttl=54 time=35.2 ms 64 bytes from 220.181.111.147: icmp_seq=2 ttl=54 time=34.9 msSecond way:Private IP,Sanat
Open packet forwarding
[root@openvz ~]# grep ip_forward /etc/sysctl.conf net.ipv4.ip_forward = 1To take effect
[root@openvz ~]# /sbin/sysctl -p net.ipv4.ip_forward = 1VE modify the IP,This IP is private IP
[root@openvz ~]# vzctl set 2 --ipdel 10.20.100.146 --100 paragraph deleted before the IP save # [root@openvz ~]# vzctl set 2 --ipadd 10.20.102.146 --save # modify or set the IP,Machine tools and IP segments differentOpen SNAT
[root@openvz ~]# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEor
[root@openvz ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 10.20.100.141 [root@openvz ~]# iptables -t nat -L # Check NAT Policy Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- anywhere anywhere to:10.20.100.141 Chain OUTPUT (policy ACCEPT) target prot opt source destinationView VE Network
[root@openvz ~]# vzctl exec 2 ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 Loopback UP RUNNING MAN:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:330 errors:0 dropped:0 overruns:0 frame:0 TX packets:407 errors:0 dropped:53 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:26810 (26.1 KiB) TX bytes:33397 (32.6 KiB) venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.20.102.146 P-t-P:10.20.102.146 Bcast:10.20.102.146 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 [root@openvz ~]#VE Network Testing
[root@openvz ~]# vzctl exec 2 ping www.baidu.com PING www.a.shifen.com (220.181.111.147) 56(84) bytes of data. 64 bytes from 220.181.111.147: icmp_seq=1 ttl=54 time=35.0 ms 64 bytes from 220.181.111.147: icmp_seq=2 ttl=54 time=34.9 ms [root@openvz ~]#