Modifying openVZ templates

From Notes_Wiki
Revision as of 04:33, 8 April 2014 by Saurabh (talk | contribs)

<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>

Modifying openVZ templates

To modify openVZ template, following steps can be used:

  1. Create a container with base or default template
  2. Start the container
  3. Make necessary modifications such as installing package, configure service to run on start-up, modify configuration files, create users, etc.
  4. Stop the container
  5. Go to container private folder at '/vz/private/<CTID>'
  6. Create container template using 
    tar cjf <template-name>.tar.bz2 *
    Read about naming below
  7. Move container template to /vz/private/cache folder
  8. Test new template by creating new container to verify that it is working properly
  9. Optionally delete the container created for modifying template as it is no longer required


Naming openVZ container templates

The template name must start with same distribution for things to work properly. For example if original template was centos then the new template must also be named 'centos-<something-new>'. There are various distribution specific configuration files in /etc/vz/dists and only if template name starts with same filename as specified here then various post-create, pre-create scripts are used. For example in case of centos the scripts ensure that various cron tab times are randomized so that all containers do not run their cron jobs at same time.


Changing SSHD host keys for containers

All containers created using openVZ (esp created using custom templates) have same sshd key. This makes ssh unsecure. To create new SSH keys for a container from base (even when container is stopped) use: 

echo "y" > input.txt
ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < input.txt
ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < input.txt
rm -f input.txt

where <CTID> should be replaced with correct container CTID.

If temporary input file is not desired then following can be used: 

ssh-keygen -t rsa -f /vz/private/<CTID>/etc/ssh/ssh_host_rsa_key -N '' < <(echo "y")
ssh-keygen -t dsa -f /vz/private/<CTID>/etc/ssh/ssh_host_dsa_key -N '' < <(echo "y")


<yambe:breadcrumb>OpenvZ|OpenvZ</yambe:breadcrumb>

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Modifying_openVZ_templates&oldid=1631"