OpenVZ on Funtoo Linux

From Funtoo Linux
Revision as of 06:40, 10 November 2010 by Drobbins (Talk)

Jump to: navigation, search

Contents

Recommended Versions

Make sure you have at least the following versions of these ebuilds installed: 

sys-cluster/vzctl-3.0.24.2-r3
sys-apps/openrc-0.6.4-r1
sys-kernel/openvz-sources (any)

This will ensure that you have the latest bridging fixes and vzctl command fixes. If you are using the RHEL5-based openvz-sources-2.6.18* kernel, be sure to see RHEL5 Kernel HOWTO for detailed build steps - it requires gcc-4.1.2 to build.

Configuration

After booting into an OpenVZ-enabled kernel, OpenVZ can be enabled by doing this: 

# rc-update add vz default
# rc

Funtoo OpenVZ Templates

The Funtoo Linux stage directory also contains Funtoo Linux OpenVZ templates in the openvz/ directory. These can be used as follows: 

ninja1 private # cp /home/mirror/linux/~funtoo/core2/~funtoo-core2-2010.11.06/openvz/gentoo-openvz-core2-2010.11.06.tar.xz /vz/template/cache/
ninja1 private # vzctl create 100 --ostemplate gentoo-openvz-core2-2010.11.06
Creating container private area (gentoo-openvz-core2-2010.11.06)
Performing postcreate actions
Container private area was created

If you are not using Funtoo Linux, you will need to convert the .xz template to a .gz template for this to work.

Resource Limits

If you do not need to have any resource limits in place for the VE, then on a Funtoo Linux host, they can be enabled as follows: 

ninja1 ~ # vzctl set 100 --applyconfig unlimited --save

Networking

veth networking

OpenVZ has two types of networking. The first is called "veth", which provides the VE with a virtual ethernet interface. This allows the VE to do things like broadcasting and multicasting, which means that DHCP can be used. The best way to set up veth networking is to use a bridge. For the purposes of this example, we'll assume your server has a wired eth0 interface with a static IP address configured. To configure a bridge, we will create a network interface called "br0", a bridge device, and assign your static ip to br0 rather than eth0. Then, we will configure eth0 to come up, but without an IP, and add it as a "slave" of bridge br0. Once br0 is configured, we can add other network interfaces (each configured to use a unique static IP address) as slaves of bridge br0, and these devices will be able to communicate out over your Ethernet link.

Let's see how this works.

Network - Before

Before the bridge is configured, we have an /etc/conf.d/netif.eth0 that looks like this: 

template="interface"
ipaddr="10.0.1.200/24"
gateway="10.0.1.1"
nameservers="10.0.1.1"
domain="funtoo.org"

Network - After

To get the bridge-based network configured, first connect to a physical terminal or management console, as eth0 will be going down for a bit as we make these changes:

We will mv netif.eth0 netif.br0, and then edit the file so it looks like this (added or modified lines in bold): 

<b>template="bridge"</b>
ipaddr="10.0.1.200/24"
gateway="10.0.1.1"
nameservers="10.0.1.1"
domain="funtoo.org"
<b>slaves="netif.eth0"</b>

Now, time to create a new /etc/conf.d/netif.eth0, but this time we won't associate an IP address with it. Config file looks like this: 

template="interface"

Now, we need to create a few things in /etc/init.d and get our bridge added to the default runlevel: 

# cd /etc/init.d
# ln -s netif.tmpl netif.br0

Let's ensure br0 starts when the system boots, and enable our new network interfaces: 

# rc-update add netif.br0 default
# /etc/init.d/netif.eth0 stop
# rc

The result of these changes is that you now have initscripts to create a "br0" interface (with IP), with "eth0" as its slave (with no IP). Networking should still work as before, but now you are ready to provide bridged connectivity to your virtual containers.

Using The Bridge

To add a veth "eth0" interface to your VE, type the following: 

ninja1 ~ # vzctl set 100 --netif_add eth0,,,,br0 --save

Once the VE is started, the network interface inside the VE will be called "eth0", and the network interface on the host system will be named "veth100.0". Because we specified "br0" after the 4 commas, vzctl will automatically add our new "veth100.0" interface to bridge br0 for us. We can see this by typing "brctl show": 

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.0026b92c72f5       no              eth0
                                                        veth100.0

VE Configuration

You will also need to manually configure the VE to acquire/use a valid IP address - DHCP or static assignment will both work; typically, this is done by starting the VE with "vzctl start 100" and then typing "vzctl enter 100", which will give you a root shell inside the VE. Then, once you have configured the network, you can ensure that the VE is accessible remotely via SSH. Note that once inside the VE (with "vzctl enter 100"), you configure the VE's network interface as you would on a regular Linux distribution - the VE will be bridged into your LAN, so it can talk to your DHCP server, and should use an IP address from your LAN network address pool.

venet networking

NOTE: venet networking is currently difficult to configure under Funtoo Linux. Work is underway to fix this. For now, please use veth networking until these docs have been updated.

"venet" is OpenVZ's other form of host networking. It can be easier to configure than veth, but does not allow the use of broadcast or multicast data, so DHCP is not possible on the VE side. For this reason, an IP address must be statically assigned to the VE, as follows: 

ninja1 ~ # vzctl set 100 --ipadd 10.0.1.201 --save

When using venet, OpenVZ will handle the process of ensuring the VE has its network properly configured at boot. This may not work properly on Funtoo Linux systems at this time due to having different network configuration than Gentoo Linux, but OpenVZ treating the funtoo templates as normal Gentoo Linux templates in terms of network configuration.

With venet, there is no need to add any interfaces to a bridge - OpenVZ treats venet interfaces as virtual point-to-point interfaces so that traffic is automatically routed properly from the VE to the host system, out the default route of the host system if necessary.

Bugs

A number of bugs exist in the current implementation of OpenVZ for Funtoo Linux. This is a list of these bugs for tracking purposes (will be updated as these bugs are addressed.):

  • Funtoo network script bridging broken in openrc-0.6.4 (fixes in git, but not in tree)
  • vzethdev needs to be added to NET_MODULES in /etc/init.d/vz for veth to be enabled by default
  • "funtoo" templates currently not recognized by vzctl as a valid distro (fixes in GitHub - work in progress)
  • missing bridging examples in wiki docs (working on it)
  • missing global network config setup docs (working on it)
Retrieved from "http://www.funtoo.org/index.php?title=OpenVZ_on_Funtoo_Linux&oldid=2445"
Personal tools
Namespaces

Variants
Actions
Categories
Toolbox
Stuff