LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Tutorial: Getting started with OpenVZ!

lowendtutorial

OpenVZ, who doesn’t know it? It’s been used (and abused) for many, many years in the hosting industry and it’s still out there going strong. Being a operation system-level virtualization technology, there are no hardware requirements in order to be able to run OpenVZ. OpenVZ creates virtualized environments known as containers. These containers are not completely isolated. For example, a process that runs on the guest is displayed on the host node’s ToP. This is one of the powers of OpenVZ: it’s simplicity and the fact that there’s hardly any overhead. A container has limits (like RAM or Disk), but those limits are not reserved anywhere. So, you can assign much more resources to container than you have available. That’s also one of OpenVZ’s weaknesses, it’s easily oversold.

Like it or not, OpenVZ is a nice piece of technology and it’s perfect for creating a virtualized environment with hardly any overhead. But, what would you do with it as a non-provider?

There’s many things you can do with it, actually. For example, it’s great for a development machine or a testing environment: you can create and destroy containers as often as you like or keep them around (but powered off) for when you need them. It can also be used to facilitate easy migrations: if you “wrap” your entire machine with OpenVZ, you can just tar the OpenVZ container, move it and deploy it on a new host machine. OpenVZ runs fine on dedicated servers, but also on KVM machines, making it even cheaper to get a machine to run OpenVZ on. I’ve actually tested this tutorial on a KVM machine with 2 IPs (you can do with 1 IP and use only internal networking, but it’s more work and more IPs allow more world-reachable machines).

This is what you need for this tutorial: a dedicated server or a KVM machine with a fresh install of CentOS 6 (64-bit, minimal installation preferred), at least 2 IPs in the same subnet and a bit of time.

Installing OpenVZ

Installing OpenVZ has recently gotten a lot simpler lately. No more editing /etc/sysctl.conf, it’s being done for  you! OpenVZ is currently modernizing themselves in order to support newer kernels (they currently run on a pretty old kernel, still from the 2.6.x-series while Linux is at 3.10.x), so this process will get even simpler in the future.

First thing you need to do, is install the OpenVZ kernel. This is a patched kernel using the RHEL kernel as an upstream source. In order to install the kernel, we need to add the OpenVZ YUM sources, and to do that, we need wget. So, install wget first:

yum install wget

Then fetch the repo file:

wget -P /etc/yum.repos.d/ http://ftp.openvz.org/openvz.repo

And finally add the repository’s key:

rpm --import http://ftp.openvz.org/RPM-GPG-Key-OpenVZ

You’re now ready to install the kernel. No worries, it’s really simple:

yum install vzkernel

That’s it! Now, do not reboot! We first need to install additional packages that will put everything where it’s supposed to be and get you a working installation. These packages are ‘vzctl’, used for managing containers, ‘vzquota’, to control disk quotas, and ‘ploop’, a “new” filesystem management method for OpenVZ.

Let’s install the additional OpenVZ packages:

yum install vzctl vzquota ploop

Once that’s done, reboot! It should automatically load the OpenVZ kernel. To check whether you rebooted in the right kernel, run:

uname -a

And it should output something like:

Linux hostname.example.net 2.6.32-042stab081.8 #1 SMP Mon Sep 30 16:52:24 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux

The ‘042stab81.8’ part should match the latest stable version on openvz.org, in this case: https://wiki.openvz.org/Download/kernel/rhel6/042stab081.8.

That’s it, you’ve installed OpenVZ! Now let’s create your first container!

Creating your first container

Creating a container isn’t hard, it’s actually really simple. I’m going to create a venet container, which has a virtual networking device. Another option is a veth container, which will use a bridge on the host to route traffic through and which puts network control in the hands of the guest (and gives it an actual network interface). A venet container is easier to create, though, and it’s sufficient for most purposes.

Before we can create a container, we need a template to use. OpenVZ provides official templates themselves: http://openvz.org/Download/template/cache. I’ve chosen the ubuntu template for my example. Go to /vz/template/cache/ and download the template:

wget http://download.openvz.org/template/precreated/ubuntu-12.04-x86_64.tar.gz

Now, create the container:

vzctl create 101 --ostemplate ubuntu-12.04-x86_64

What we do here, is we tell vzctl to create a container with as ID ‘101’. This ID is later used for all commands with vzctl and should be a number that equals or is over 100 (everything below 100 is used for OpenVZ internal purposes). With the –ostemplate flag, you point vzctl to the right template. The name is the full name of the template download minus the ‘.tar.gz’. When this command is finished running, let’s add an IP to the container:

vzctl set 101 --ipadd 192.0.2.1 --save

This IP address should be assigned to your server but not used on it. So if you have a KVM with 2 IPs, just configure one IP on the host node and leave the other(s) alone. The second (or any other) IP can be used in the command above and will be automatically configured. The –save makes the setting persistent in the containers configuration file.

Finally, add a nameserver (I’ve used Google’s public DNS server here):

vzctl set 101 --nameserver 8.8.8.8 --save

And start your new container:

vzctl start 101

That’s it! Your container is running. Now, to get connectivity, you need to either add IPtables rules or shut IPtables down. I highly recommend the former, so, open up /etc/sysconfig/iptables and make sure that this block:

:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

Looks like this:

:FORWARD ACCEPT [0:0]
-P FORWARD ACCEPT
-F FORWARD
:OUTPUT ACCEPT [0:0]

And that this line:

-A FORWARD -j REJECT –reject-with icmp-host-prohibited

Is commented out and looks like this:

#-A FORWARD -j REJECT –reject-with icmp-host-prohibited

Now, restart IPtables:

/etc/init.d/iptables restart

And you should be good. What we have done here, is accept all forwarded traffic through IPtables and made sure pinging was not being blocked. Your container should be reachable from the internet.

Now, to get in your container, enter:

vzctl enter 101

And you chroot into your new container. As you may have noticed, we haven’t set any limits for our new container. It used defaults, so it has 256MB RAM, 512MB vSwap and 2GB disk space. This is defined in the container’s configuration file, which can be found at /etc/vz/conf/101.conf. Each container gets a config file there, with the container ID as its name. You can both edit this file or use vzctl to modify your container’s resources. Feel free to play around with this a bit!

That’s it, you’ve just set up OpenVZ on your server and added your first container!

Final notes

Like usual, there’s a lot more to tell about OpenVZ: configuration options, adding IPv6, using VETH or configuring private networking. I’m probably going to cover some of these topics in a future tutorial. The OpenVZ website (http://openvz.org) has a lot of information, so be sure to check that out!

Up next time: Setting up nginx, PHP-FPM and MariaDB!

mpkossen

30 Comments

  1. ahmiq:

    Nice tutorial , thanks for sharing :)

    November 3, 2013 @ 4:53 pm | Reply
  2. Lucas:

    OpenVZ must going to history, its unstable old fashioned shit

    November 3, 2013 @ 6:41 pm | Reply
    • Maarten Kossen:

      You know, I used to think that. But I’m really impressed with the progress they’ve made recently in supporting a vanilla kernel and thus eventually supporting more operation systems. And give the fact that it’s still being used to widely, I doubt they’re going anywhere soon. And it’s not like LXC offers any real competition at the moment.

      November 4, 2013 @ 1:12 am | Reply
      • Is this the fault of LXC or just software supporting it though? The latest LXC on you Ubuntu has been very decent. At least during my local tests.

        November 4, 2013 @ 7:34 pm | Reply
        • jarland:

          It’s not that LXC isn’t great it’s that it isn’t as mature as OpenVZ and offers no serious benefits other than being included in a kernel that may or may not have relevant enhancements that haven’t been backported to the 2.6.32 line. I love LXC, but I can’t find justification for using it outside of personal use, which it is excellent for.

          November 4, 2013 @ 8:01 pm | Reply
        • Maarten Kossen:

          What jarland said :-) LXC is not mature enough and obviously interest in development is less, as almost every VPS provider in the world uses OpenVZ for one thing or the other.

          I’d personally love to see some competition in this area.

          November 5, 2013 @ 8:49 am | Reply
      • Frost:

        The project of integrating ovz into the vanilla kernel IS lxc…

        Kernel 3.x vzctl uses LXC

        November 8, 2013 @ 7:49 pm | Reply
    • Andrzej:

      My grandfather used to say: “The right tool for the right job”. OpenVZ is the perfect tool. For many jobs. But for many others, better use KVM or a dedicated server even…

      November 4, 2013 @ 4:39 am | Reply
      • Maarten Kossen:

        Exactly! That is just spot-on!

        November 5, 2013 @ 8:49 am | Reply
    • Joe joeson:

      As far as I know, LXC will eventually replace OpenVZ. Much of the kernel development is finished at this point, but a few things remain.

      November 4, 2013 @ 2:47 pm | Reply
    • jarland:

      OpenVZ is the open source side of Virtuozzo, which is one of the most widely used platforms to provide container based virtualization among many of the highest volume (both in clients and money) hosting companies in the world. I’d hardly call it old fashioned or “going to history.” It is an increasingly stable platform at that.

      November 4, 2013 @ 7:28 pm | Reply
    • ciortan gheorghe:

      I use vzkernel-2.6.32-042stab113.11 on industrial linux machines. It’s very stable and I’m very satisfied. The best. Keep walking ! Thank’s.

      January 6, 2016 @ 12:52 pm | Reply
  3. Andrzej:

    If memory serves (played with this a couple years ago), all “vzctl” command parameters should be preceded with 2 dashes (“–“), so:

    vzctl create 101 –-ostemplate ubuntu-12.04-x86_64
    vzctl set 101 –-ipadd 192.0.2.1 –-save

    You can also combine more stuff in one command:

    vzctl set 101 --ipadd 192.0.2.1 --nameserver 8.8.8.8 --save

    Granted that you can always enter the container from the node, still it’s a good idea to set a root password for each container:

    vzctl set 101 –userpasswd root:rootpassword

    November 3, 2013 @ 8:02 pm | Reply
    • Maarten Kossen:

      You’re right. WordPress messed that up. I copy-pasted from my notes and WP made it into one dash. Let me fix this.

      November 4, 2013 @ 1:00 am | Reply
    • Maarten Kossen:

      Fixed. Apparently this is a known “feature” in WP. I had to wrap double dashes in a < code > tag to make it work. Anyway, thanks for letting me know :-)

      November 4, 2013 @ 1:04 am | Reply
      • Andrzej:

        Very nice tutorial anyway, Maarten. Not for the first time, you’ve made the seemingly complicated – very simle :)
        I “tested” it, followed your instructions and set up an OpenVZ node under KVM in about 15 minutes flat. Everything works. Now, time to tackle OWP… may be an idea for a follow up tutorial there: “Getting started with OpenVZ, Part II: Secure OpenVZ Web Panel with SSL” ;)

        November 4, 2013 @ 4:33 am | Reply
        • Raghavendra:

          I agree. Great tutor and expecting “Getting started with OpenVZ, Part II: Secure OpenVZ Web Panel with SSL”

          November 4, 2013 @ 6:13 am | Reply
        • Maarten Kossen:

          Thank you! And thank you for the suggestion. I’ll put in on my list, but I’m not making any promised yet ;-)

          November 4, 2013 @ 9:42 am | Reply
  4. Gilles Mazoyer:

    Hello

    I have one question about OpenVZ : is it safe to install a guest operating system which is based on a Linux kernel different that the host ?
    For example you install a kernel 2.6.32 patched to run OpenVZ. Is it safe to install Debian 7.0 whose official kernel is 3.2 ?

    Thank you

    November 4, 2013 @ 4:23 am | Reply
    • Maarten Kossen:

      Well, yes and no. You can use a Debian 7 template, which has been fixed to use the 2.6.32 kernel. So, new OS versions that were built with newer kernels would work, but they would have to be fixed to work with an older kernel.

      If you’re a real Tarzan, you could try to run OpenVZ on a 3.x-series kernel. It is possible, but not everything will work like it does on a 2.6.32 kernel :-)

      November 4, 2013 @ 9:50 am | Reply
      • Frost:

        Built on kernel? wha? Afaik only architecture matters when compiling system binaries.

        Again, the “ovz for 3.x” is LXC

        November 8, 2013 @ 7:53 pm | Reply
  5. vRozenSch00n:

    As always, @Maarten Kossen with his crispy, simple and awesome tutorial. Thanks Bro.

    November 4, 2013 @ 8:50 am | Reply
  6. 11 year old kid:

    Thanks, I might start a VPS hosting company in my next school holidays thanks to this tutorial! :D

    November 4, 2013 @ 1:44 pm | Reply
  7. jarland:

    Good stuff Maarten.

    November 4, 2013 @ 8:02 pm | Reply
  8. Nice job Maarten.

    November 5, 2013 @ 5:13 pm | Reply
  9. ingus:

    Thanks, I understand that it’s possible to do openvz on kvm vps. I’d like to split a bigger kvm to openvz units for customers, has anyone done it?

    November 11, 2013 @ 10:25 pm | Reply
    • aglodek:

      Sure, many times. Simply start with CentOS on your KVM and follow Maarten’s tutorial above :) You might want to think about a VPS CP. Your key choices are: OWP (OpenVZ Web Panel, Proxmox and SolusVM, of course. FYI, there have been a number of very interesting discussions on LET these past few days about subjects related to such a setup.

      November 12, 2013 @ 12:43 am | Reply
  10. `yuda:

    What a nice tutorial! This help me a lot!

    December 12, 2013 @ 3:01 am | Reply
  11. roykem:

    Thank you, im kind a new to this stuff, your tuts just brought me into the new horizon.

    keep write you brilliant tuts bro. ;)

    kudos.

    December 15, 2013 @ 8:49 pm | Reply
  12. Thanks for the tutorial, done the same steps on a CEntOS 6.7 32bit in VMWare Esxi6 host and created further CEntOS VPSes in side…some networking problems but vmware googleing arround solved it was “Promiscuous mode” network settings has to be done…

    March 14, 2016 @ 8:00 am | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *