Modifying openVZ templates

From Notes_Wiki

Home > CentOS > CentOS 6.x > Virtualization tools > OpenvZ > Modifying openVZ templates

To modify openVZ template, following steps can be used:

  1. Create a container with base or default template. Note that container should be created with --netif_add and not with --ipadd. In case of --ipadd, many of the container configuration files are changed (eg /etc/sysconfig/network) which makes is harder to convert the container to a fresh template.
  2. Start the container.
  3. Configure networking for the container, if required using /etc/sysconfig/network-scripts/ifcfg-eth0 etc. configuration files.
  4. Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc.
  5. Stop the container
  6. Go to container private folder at '/vz/private/<CTID>'
  7. Delete container network configuration file at 'etc/sysconfing/network-scripts/ifcfg-etho' relative path. If proxy etc. were configured but are not desired to be part of template then unconfigure such settings. This can also be done from within container when container is running.
  8. Create container template using 
    tar cjf <template-name>.tar.bz2 *
    Read about naming below
  9. Move container template to /vz/private/cache folder
  10. Test new template by creating new container to verify that it is working properly
  11. Optionally delete the container created for modifying template as it is no longer required


Naming openVZ container templates

The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named 'centos-<something-new>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.


Changing SSHD host keys for containers

All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use: 

echo "y" > input.txt
ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < input.txt
ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < input.txt
rm -f input.txt

where <CTID> should be replaced with correct container CTID.

If temporary input file is not desired then following can be used: 

ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < <(echo "y")
ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")


Changing default OpenVZ template

By default if --ostemplate option is not specified OpenVZ creates container using "centos-6-x86" template. This can be changed by editing '/etc/vz/vz.conf' to set: 

   DEF_OSTEMPLATE="centos-6-x86_64"

or some other desired value.


Home > CentOS > CentOS 6.x > Virtualization tools > OpenvZ > Modifying openVZ templates

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Modifying_openVZ_templates&oldid=6874"