Difference between pages "GUID Booting Guide" and "Funtoo:User Services/Containers"

From Funtoo
(Difference between pages)
Jump to navigation Jump to search
 
 
Line 1: Line 1:
== Introduction ==
== Funtoo Linux Hosting ==
__NOTOC__
__NOTITLE__
If you support Funtoo Linux, we also want to support ''you'' in your Funtoo Linux adventure. Supporters of Funtoo Linux of at least $15/mo can request a Funtoo Linux virtual container. Here are the configurations currently being offered:


GPT, which stands for GUID Partition Table, is a disk partitioning scheme that was introduced by Intel for Itanium architecture systems, as part of EFI, the Extensible Firmware Interface. While you are probably not using an Itanium architecture computer, and you are likely using a BIOS-based rather than an EFI-based system, you still may want to use GPT partitioning. Why? Because the standard MBR-based partitioning scheme only supports system disks that are less than 2TiB in size. On modern systems, especially systems with hardware RAID logical volumes, it is very easy to go beyond the 2TiB limit. GUID partition tables support disks that are larger than 2TiB in size.
{{TableStart}}
<tr class="danger"><th>Price</th><th>RAM</th><th>CPU Threads</th><th>Disk Space</th></tr>
<tr><td>'''$15/mo'''</td><td>4GB</td><td>6 CPU Threads</td><td>50GB</td></tr>
<tr><td>'''$30/mo'''</td><td>12GB</td><td>12 CPU Threads</td><td>100GB</td></tr>
<tr><td>'''$45/mo'''</td><td>48GB</td><td>24 CPU Threads</td><td>200GB</td></tr>
{{TableEnd}}


=== GPT Technology Overview ===
As you can see, this pricing is well below market rates, and includes fast SSD (solid state disk) storage, one IPv4 address, and lots of bandwidth. We believe that by enabling you to do great things with Funtoo Linux, our community and technology will benefit. So we see this as a win for everyone.


This section contains a technical overview of GPT technology.
== Container FAQ ==


GUID partition tables support up to 512 partitions. GPT data structures are stored in the first sectors of the drive with a secondary copy stored at the end of the drive. This allows the partitioning scheme of your disk to be recovered in situations where the primary partition table has been corrupted.
;How do I sign up?: Set up a monthly support subscription via PayPal or credit card on our [[Support Funtoo]] page. Then see the [[#Getting Started|Getting Started]] section below.


For compatibility with legacy partitioning tools, GPT partitioning tools typically rewrite the MBR partition table (generally located in the first sector of the disk) in a way those tools will interpret it like ''"This disk has only one partition (of an unknown type) covering the whole disk".''
;Do I get root access?: Yes, you get full root access to your container.


It is possible to convert an existing MBR-partitioned disk to GPT format using the <tt>gdisk</tt> command. Please carefully read the <tt>gdisk</tt> man page before using this capability, as it is potentially dangerous, particularly if you are performing it on your boot disk.
;Can I reboot my container?: Yes, reboot normally and it will come back up.


{{ fancyimportant|Funtoo Linux fully supports GPT on x86-32bit and x86-64-bit systems. GPT is supported on SPARC systems, but currently only for non-boot disks.
;How much bandwidth is ''really'' included?: For most typical uses of your container, this is not something you need to worry about. Our server is on a 100Mbps physical link, which is shared among all containers. Our bandwidth plan is set up so that everyone should have lots of burstable bandwidth, assuming light use at other times. If you have continuous high bandwidth needs, please email me to discuss first.
}}


=== Booting GPT ===
;Why is my Portage tree read-only?: A read-only Portage tree is mapped into <code>/var/src/portage</code> and is used by default by all containers. It is automatically updated, so there is no need to run <code>emerge --sync</code>. This saves disk space. There is generally no need to have your own local Portage tree, but if you want to have one, you can remove the <code>PORTDIR</code> setting in <code>/etc/make.conf</code> and run <code>emerge --sync</code>.


If you decide to use a GPT-based partitioning scheme for your system disk, either out of necessity due to a 2TiB+ disk, or because you want to try GPT out, then the question arises -- how do you get the darn thing to boot? This is where the new <tt>GRUB</tt> boot loader comes in. The new <tt>GRUB</tt> (version 1.9x, found at <tt>sys-boot/grub</tt>) is a redesign of the original <tt>GRUB</tt> (version 0.9x, now called <tt>sys-boot/grub-legacy</tt> in Funtoo) boot-loader that includes very mature support for booting from GPT-based disks.
;How do I upgrade the kernel in my VPS?: A virtual container shares a kernel with the host, so you do not have the ability to change the kernel from "inside" the container.


Now, let's take a look at how to get GPT-based booting working under Funtoo Linux.
;Can I run Docker inside my container?: The OpenVZ development team is the largest code contributor to the Linux Containers kernel code (which is part of Docker,) and we use OpenVZ, but right now it is not possible to run LXC inside an OpenVZ container. This may change with the release of newer OpenVZ kernels based on 3.x.


== Getting Started ==
{{fancyimportant|This next bit of information is important. A number of people have temporarily locked themselves out of their containers by setting up a firewall incorrectly. I plan to develop a firewall management UI that configures a firewall for you to make this step easier. For the time being, please avoid setting up a firewall unless you ''really'' need one.}}
 
;Can I set up my own firewall?: Before you do, please contact me (Daniel) and let me know. I need to flip a few switches in your container to make iptables work properly. Otherwise it will silently fail on stateful firewalls and you may end up locking yourself out of your container.
 
;Can I set up OpenVPN in my container?: Yes, quite a few people do this, but contact me first so I can enable tun/tap devices for you.
 
;Is it okay to host a game server?: Yes, many people do.
 
;Is it okay to run Folding@Home, Hentai@Home, or other services that donate CPU power or bandwidth to other services?: No, this is not okay. The CPU and network resources provided to you are for your own use only and are not to be donated to other projects.


The first thing you'll need to do is to use a LiveCD. I recommend [http://www.sysresccd.org/Main_Page System Rescue CD] for this task as it is Gentoo-based and includes all the proper tools. Go ahead and boot the LiveCD, and then get to the point where you are ready to partition your system disk.
;Is it okay to use my container to be a compute-focused server for another Open Source project?: Check with me first. Most of the time, this will be okay, unless CPU and/or IO utilization will be very high and continuous, and thus unsuitable for shared computing resources.


At this point, you have two choices as to what partitioning tool to use. You can use either <tt>gdisk</tt> or <tt>parted</tt>. <tt>gdisk</tt> is a very nice <tt>fdisk</tt>-like partitioning tool that supports GPT partitioning. It is rather new software but seems to work quite well. The other tool you can use, GNU <tt>parted</tt>, has been around for a while and is more mature, but is harder to use.
;Is it okay to host commercial efforts on my container?: Yes, this is fine, as long as you assume full responsibility for the quality of service. Funtoo containers are provided with no service level agreements or warranty.


We'll take a look at how to create partitions using <tt>gdisk</tt>. Alternatively, <code>cgdisk</code>, curses-based gdisk for users familiar with cfdisk or <code>sgdisk</code>, command-line tool can be used for creating and managing GPT partitions.
== Getting Started ==


== Partitioning Using Gdisk ==
Once you have [[Support Funtoo|signed up for Funtoo Monthly support]], contact me (drobbins@funtoo.org) via email and request a virtual container. You'll need to send me two things:


OK, the first step is using <tt>gdisk</tt> is to start it up, specifying the disk you want to modify:
# The hostname you'd like for your container. It will be ''something''.host.funtoo.org.
# Attach your SSH public key. I will use this to grant you root access to your container.


<pre># gdisk /dev/sda</pre>
{{Note|I will generally have the container set up within 24 hours of sending email, often much sooner. If you do not hear from me after a day, please re-send email as it may have not made it, or been accidentally marked as spam by Gmail.}}
You should find <tt>gdisk</tt> very familiar to <tt>fdisk</tt>. Here is the partition table we want to end up with:


<pre>Command (? for help): p
== Generating SSH Keys ==
Disk /dev/sda: 312581808 sectors, 149.1 GiB
To generate an SSH key pair, do this as the user that you'll be using to log in to your container:  
Disk identifier (GUID): 17
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 312581774
Total free space is 0 sectors (0 bytes)


Number  Start (sector)    End (sector)  Size      Code  Name
<console>
  1              34          204833  100.0 MiB  0700  Linux/Windows data
$ ##i##ssh-keygen -t rsa
  2          204834          270369  512.0 kiB  EF02  BIOS boot partition
</console>
  3          270370        1318945  512.0 MiB  8200  Linux swap
  4        1318946      312581774  148.4 GiB  0700  Linux/Windows data


Command (? for help): </pre>
If you specify a passphrase when prompted, your local private key (<code>~/.ssh/id_rsa</code>) will be encrypted, and ssh will prompt you for this passphrase prior to connecting. If you don't specify a passphrase, then you won't need to enter anything to connect but it you need to be extra careful that you don't allow others to access your private key as it will be immediately useable by them to access any of your accounts.  
Above, you'll see that we have a 100 MiB boot partition, a 512 kiB &quot;BIOS boot partition&quot;, 512 MiB of swap, and the remaining disk used by a 148.4 GiB root partition.


The one new thing here is the &quot;BIOS boot partition.&quot; What is it? In GRUB-speak, this BIOS boot partition is basically the location of the meat of GRUB's boot loading code - the quivalent of the <tt>stage1_5</tt> and <tt>stage2</tt> files in legacy GRUB. Since GPT-based partition tables have less &quot;bonus&quot; space than their MBR equivalents, and explicit partition of code <tt>EF02</tt> is required to hold the guts of the boot loader.
The file you will need to send me is <code>~/.ssh/id_rsa.pub</code> or <code>~/.ssh/id_dsa.pub</code> (if you used the <code>-t dsa</code> option with <code>ssh-keygen</code>. This is the ''public'' key... it's safe to send over email since all I or anyone else can use it for is to grant you access to a system via your private key. Just don't send your private key to me. :)


In all other respects, the partition table is similar to that of an MBR-based disk. We have a boot and root partition with code <tt>0700</tt>, and a Linux swap partition with code <tt>8200</tt>. One this partition table has been written to disk and appropriate <tt>mkfs</tt> and <tt>mkswap</tt> commands are issued, <tt>/dev/sda1</tt> will be used to hold <tt>/boot</tt>, <tt>/dev/sda2</tt> will be used by the new GRUB directly, <tt>/dev/sda3</tt> will house our swap and <tt>/dev/sda4</tt> will hold our root filesystem.
== Policies ==


Go ahead and create filesystems on these partitions, and then mount the root and boot filesystems to <tt>/mnt/gentoo</tt> and <tt>/mnt/gentoo/boot</tt> respectively. Now go ahead and unpack a stage3 tarball to <tt>/mnt/gentoo</tt> and chroot in as you normally do.
{{Policies}}


== Configuring The Kernel ==
=== VPS Usage Rules ===


Your kernel will need a couple of extra GPT-related options enabled in order for it to make sense of your GPT partitions and find your filesystems. These options can be found under <tt>Enable the block layer ---&gt; Partition Types</tt>:
{{fancyimportant|Please read these policies and make sure you understand them. This is not an exhaustive list.}}


<pre>[*] Advanced Partition Selection (PARTITION_ADVANCED)
The VPS is for '''your personal use'''. No reselling.  
[*] EFI GUID Partition Support (EFI_PARTITION)</pre>
If you are using a non-Funtoo distribution then you may need to append a proper <tt>rootfstype=</tt> option to your kernel boot options to allow Linux to properly mount the root filesystem when <tt>Advanced Partition Selection</tt> is enabled. [[Boot-Update]] does this for you automatically.


Now just go ahead and compile and install your kernel, and copy it to <tt>/boot/bzImage</tt>.
There is currently no Web panel - these servers will be set up using my own automated tool and you will be provided with ssh access. I can periodically reload VPS images as needed.  


== Booting The System ==
This service is offered as a thank-you gift to Funtoo Linux supporters as long as sufficient capacity is available, with no warranty for uptime or anything else.


To get the system booted, you will want to first edit <tt>/etc/fstab</tt> inside the chroot so that it reflects the partitions and filesystems you just created. Then, emerge <tt>boot-update</tt> version 1.4_beta2 or later:
There are no refunds.  


<pre># emerge boot-update</pre>
While I host several production sites on this infrastructure, you assume all risk for hosting your production services on your VPS.  
[[Boot-Update]] is a front-end for the GRUB 1.9x boot loader and provides a necessary simplified configuration interface. <tt>boot-update</tt> is used to generate boot loader configuration files. But before we get to <tt>boot-update</tt>, we first need to install GRUB to your hard disk. This is done as follows:


<pre># grub-install /dev/sda</pre>
I will make a best-effort-only attempt to provide support via IRC and email, and do not offer 24/7 support for your VPS.  
<tt>grub-install</tt> will detect and use <tt>/dev/sda2</tt> and use it to store its boot loader logic.


Now it's time to create an <tt>/etc/boot.conf</tt> file. For more information on all available options, consult the [[Boot-Update]] guide -- I'll show you a sample configuration for the sample GPT partition scheme above:
'''US-Legal activities only. No spam will be tolerated.'''


<pre>boot {
These VPS systems are intended for funtoo enthusiasts only. I am providing (particularly in the higher-level plans) generous default resource limits with the understanding that the VPS will be used for general Funtoo use and server stuff.
        generate grub
        default bzImage
}


&quot;Funtoo Linux&quot; {
Compiling with -j(NUM-CPUS+1) is encouraged (this is Funtoo, after all -- I want you to enjoy fast compiles :), but it's not okay to continually max CPU, IO, or network utilization. '''So, no folding@home, massive file sharing, etc. '''
        kernel bzImage
}</pre>
Once <tt>/etc/boot.conf</tt> has been created, then type:


<pre># boot-update</pre>
I am currently not supporting IPv6 but will look into adding such support if there is enough interest.  
This will auto-generate a <tt>/boot/grub/grub.cfg</tt> file for you, and you will now be able to reboot into Funtoo Linux using a GPT partitioning scheme.


For more information on all the options available for <tt>/etc/boot.conf</tt>, please consult the [[Boot-Update]] guide.
'''You are responsible for backups. '''


[[Category:Article]]
I reserve the right to change plans and pricing in the future.

Revision as of 21:07, January 15, 2015

Funtoo Linux Hosting

If you support Funtoo Linux, we also want to support you in your Funtoo Linux adventure. Supporters of Funtoo Linux of at least $15/mo can request a Funtoo Linux virtual container. Here are the configurations currently being offered:

PriceRAMCPU ThreadsDisk Space
$15/mo4GB6 CPU Threads50GB
$30/mo12GB12 CPU Threads100GB
$45/mo48GB24 CPU Threads200GB

As you can see, this pricing is well below market rates, and includes fast SSD (solid state disk) storage, one IPv4 address, and lots of bandwidth. We believe that by enabling you to do great things with Funtoo Linux, our community and technology will benefit. So we see this as a win for everyone.

Container FAQ

How do I sign up?
Set up a monthly support subscription via PayPal or credit card on our Support Funtoo page. Then see the Getting Started section below.
Do I get root access?
Yes, you get full root access to your container.
Can I reboot my container?
Yes, reboot normally and it will come back up.
How much bandwidth is really included?
For most typical uses of your container, this is not something you need to worry about. Our server is on a 100Mbps physical link, which is shared among all containers. Our bandwidth plan is set up so that everyone should have lots of burstable bandwidth, assuming light use at other times. If you have continuous high bandwidth needs, please email me to discuss first.
Why is my Portage tree read-only?
A read-only Portage tree is mapped into /var/src/portage and is used by default by all containers. It is automatically updated, so there is no need to run emerge --sync. This saves disk space. There is generally no need to have your own local Portage tree, but if you want to have one, you can remove the PORTDIR setting in /etc/make.conf and run emerge --sync.
How do I upgrade the kernel in my VPS?
A virtual container shares a kernel with the host, so you do not have the ability to change the kernel from "inside" the container.
Can I run Docker inside my container?
The OpenVZ development team is the largest code contributor to the Linux Containers kernel code (which is part of Docker,) and we use OpenVZ, but right now it is not possible to run LXC inside an OpenVZ container. This may change with the release of newer OpenVZ kernels based on 3.x.
   Important

This next bit of information is important. A number of people have temporarily locked themselves out of their containers by setting up a firewall incorrectly. I plan to develop a firewall management UI that configures a firewall for you to make this step easier. For the time being, please avoid setting up a firewall unless you really need one.

Can I set up my own firewall?
Before you do, please contact me (Daniel) and let me know. I need to flip a few switches in your container to make iptables work properly. Otherwise it will silently fail on stateful firewalls and you may end up locking yourself out of your container.
Can I set up OpenVPN in my container?
Yes, quite a few people do this, but contact me first so I can enable tun/tap devices for you.
Is it okay to host a game server?
Yes, many people do.
Is it okay to run Folding@Home, Hentai@Home, or other services that donate CPU power or bandwidth to other services?
No, this is not okay. The CPU and network resources provided to you are for your own use only and are not to be donated to other projects.
Is it okay to use my container to be a compute-focused server for another Open Source project?
Check with me first. Most of the time, this will be okay, unless CPU and/or IO utilization will be very high and continuous, and thus unsuitable for shared computing resources.
Is it okay to host commercial efforts on my container?
Yes, this is fine, as long as you assume full responsibility for the quality of service. Funtoo containers are provided with no service level agreements or warranty.

Getting Started

Once you have signed up for Funtoo Monthly support, contact me (drobbins@funtoo.org) via email and request a virtual container. You'll need to send me two things:

  1. The hostname you'd like for your container. It will be something.host.funtoo.org.
  2. Attach your SSH public key. I will use this to grant you root access to your container.
   Note

I will generally have the container set up within 24 hours of sending email, often much sooner. If you do not hear from me after a day, please re-send email as it may have not made it, or been accidentally marked as spam by Gmail.

Generating SSH Keys

To generate an SSH key pair, do this as the user that you'll be using to log in to your container: 

user $ ssh-keygen -t rsa

If you specify a passphrase when prompted, your local private key (~/.ssh/id_rsa) will be encrypted, and ssh will prompt you for this passphrase prior to connecting. If you don't specify a passphrase, then you won't need to enter anything to connect but it you need to be extra careful that you don't allow others to access your private key as it will be immediately useable by them to access any of your accounts.

The file you will need to send me is ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub (if you used the -t dsa option with ssh-keygen. This is the public key... it's safe to send over email since all I or anyone else can use it for is to grant you access to a system via your private key. Just don't send your private key to me. :)

Policies

Privacy

We will not, under any circumstances whatsoever, give out or sell your information to anyone.

We use only companies which practice secure processing of online funds so that you, as a client or supporter, can be assured that your private information will be safe and secure.

Refunds

For Funtoo Monthly Support, if you wish to change your support level or cancel your support, simply contact us and we will apply the changes to take effect before the next billing cycle. Monthly Support is non-refundable.

Contact

To change your subscription, or if you have any questions regarding your subscription, please contact container support at support@funtoo.org.

VPS Usage Rules

   Important

Please read these policies and make sure you understand them. This is not an exhaustive list.

The VPS is for your personal use. No reselling.

There is currently no Web panel - these servers will be set up using my own automated tool and you will be provided with ssh access. I can periodically reload VPS images as needed.

This service is offered as a thank-you gift to Funtoo Linux supporters as long as sufficient capacity is available, with no warranty for uptime or anything else.

There are no refunds.

While I host several production sites on this infrastructure, you assume all risk for hosting your production services on your VPS.

I will make a best-effort-only attempt to provide support via IRC and email, and do not offer 24/7 support for your VPS.

US-Legal activities only. No spam will be tolerated.

These VPS systems are intended for funtoo enthusiasts only. I am providing (particularly in the higher-level plans) generous default resource limits with the understanding that the VPS will be used for general Funtoo use and server stuff.

Compiling with -j(NUM-CPUS+1) is encouraged (this is Funtoo, after all -- I want you to enjoy fast compiles :), but it's not okay to continually max CPU, IO, or network utilization. So, no folding@home, massive file sharing, etc.

I am currently not supporting IPv6 but will look into adding such support if there is enough interest.

You are responsible for backups.

I reserve the right to change plans and pricing in the future.

Retrieved from "https://www.funtoo.org/index.php?title=GUID_Booting_Guide&oldid=8659"