Openvzdevice

OpenVZ Device

OpenVZ Devices use the OpenVZ virtualization technology.

Features

OpenVZ offers complete usermode access to the virtual machines and a limited kernel-mode access. The kernel mode access allows to:

• Manage networking hardware
• Use raw sockets

Common problems with OpenVZ stem from these limitations:

• No kernel modules
• No kernel changes
• No NFS mounting
• No graphical hardware, and thus no desktop environent possible

Virtual Hardware

OpenVZ does not emulate hardware at all. The only hardware that is available to virtual machine is the following:

• 512 MB Ram (256 MB Ram and 256 MB swap)
• 1 GB storage on root file-system
• Virtual network devices that can be fully configured by the virtual machine

Console

The console access is realized as a shell inside the virtual machine. The access is comparable to an ssh session. Multiple concurrent windows will show the same console but when all windows showing the console are closed the console will be terminated and the next window will show a new clean console. This has several implications:

• The console does not require any login. This does not mean that the system is insecure, the ssh server will prompt for a login as normal.
• The console is text-based, so no graphical programs can be executed.
• When the last window showing the console is closed the console and all programs are terminated. (Use the program "screen" to keep applications running)
• The meaning of pressed keys depends on the keyboard layout of the real keyboard of the user.

Images

The root file-system is stored in a folder on the host machine. The file-system can be download and uploaded as a tar archive compressed with gzip (.tgz). When extracting such an image keep in mind that file ownership can only be set properly if the user has root permissions and all the users and groups in the image exist. When this is not done properly the resulting compressed archive will not be bootable.

Scripting

OpenVZ devices can be controlled with scripts using the execute API command. In the command-line client the following command will execute a command on an OpenVZ device.

top_action(TOPID, "execute", "device", "openvz1", attrs={"cmd": "echo Hello World"})

Looping over all OpenVZ Devices in a topology

for (name, dev) in top_info(TOPID)["devices"].iteritems():
  if dev["attrs"]["type"] == "openvz" and dev["attrs"]["state"] == "started":
    res = top_action(TOPID, "execute", "device", name, {"cmd": "echo Hello World"})
    print "%s: %s" % (name, res)

Enabling ssh daemon on a device

top_action(TOPID, "execute", "device", DEVNAME, {"cmd": "for daemon in ssh sshd; do [ -f /etc/init.d/$daemon ] && /etc/init.d/$daemon start; done; true"})

Retrieving the IP address of a device

top_action(TOPID, "execute", "device", DEVNAME, {"cmd": "ip addr | fgrep 'scope global'"})

Templates

The templates for OpenVZ devices are located at https://fileserver.german-lab.de/files/glabnetman/templates/openvz Other templates can be found at http://wiki.openvz.org/Download/template/precreated

The following rules apply for all OpenVZ templates:

• Templates must not run any external services on startup to minimize the security threat.
• Templates must allow simple upgrades using standard methods
• Templates must allow to set passwords using passwd and to configure networking using ifconfig, route or one of dhclient3 and dhcpcd
• Uninstall unneeded packages and disable unneeded services

see OpenVzTemplateInstructions for detailed instructions

debian-5.0_glab_x86

• Template basis: debian 5 "lenny" x86
• Last update: 2010-10-28
• Modifications:
  • Installed ssh, iperf, tcpdump, screen
  • Disabled gettys
  • Disabled sync() for syslog
  • Linked /etc/mtab to /proc/mounts
  • Disabled sshd startup
  • Set time zone to Europe/Berlin
  • Set locale to en_US.UTF-8
• Remarks:
  • SSH-Key will be generated on first start

debian-5.0_glab_x86_64

• Template basis: debian 5 "lenny" x86_64
• Last update: 2010-10-28
• Modifications:
  • Installed ssh, iperf, tcpdump, screen
  • Disabled gettys
  • Disabled sync() for syslog
  • Linked /etc/mtab to /proc/mounts
  • Disabled sshd startup
  • Set time zone to Europe/Berlin
  • Set locale to en_US.UTF-8
• Remarks:
  • SSH-Key will be generated on first start

debian-6.0_glab_x86

• Template basis: debian 6 "squeeze" x86
• Last update: 2010-10-28
• Modifications:
  • Installed ssh, iperf, tcpdump, screen
  • Disabled gettys
  • Disabled sync() for syslog
  • Linked /etc/mtab to /proc/mounts
  • Disabled sshd startup
  • Set time zone to Europe/Berlin
  • Set locale to en_US.UTF-8
• Remarks:
  • SSH-Key must be generated by hand

debian-6.0_glab_x86_64

• Template basis: debian 6 "squeeze" x86_64
• Last update: 2010-10-28
• Modifications:
  • Installed ssh, iperf, tcpdump, screen
  • Disabled gettys
  • Disabled sync() for syslog
  • Linked /etc/mtab to /proc/mounts
  • Disabled sshd startup
  • Set time zone to Europe/Berlin
  • Set locale to en_US.UTF-8
• Remarks:
  • SSH-Key must be generated by hand

ubuntu-10.04_glab_x86

• Template basis: http://download.openvz.org/template/precreated/ubuntu-10.04-x86.tar.gz
• Last update: 2011-02-04
• Modifications:
  • Installed dialog, ssh, iperf, tcpdump, screen
  • Disabled sshd startup
  • Set time zone to Europe/Berlin
• Remarks:
  • SSH-Key will be generated on first start