openvz

vzdump of CentOS

Submitted by sandip on Sun, 08/29/2010 - 15:01.

Current versions of vzdump has dependency for cstream and perl-LockFile-Simple, both available via rpmforge. Below is how I got it to install and run on CentOS-5.5 x86_64 architecture.

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm
yum --enablerepo=rpmforge install cstream perl-LockFile-Simple
rpm -ivh http://download.openvz.org/contrib/utils/vzdump/vzdump-1.2-4.noarch.rpm

It's necessary to export the location of the PVE libraries that vzdump requires. This can be added to ".bash_profile":

export PERL5LIB=/usr/share/perl5/

Upgrade CentOS 5.4 to 5.5 for OpenVZ containers

Submitted by sandip on Fri, 07/02/2010 - 23:38.

Edit "/vz/template/centos/5/{ARCH}/config/yum.conf", and change the base and updates repositories as below:

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates 
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Do a `vzyum {VEID} clean all`.

List updates:

vzyum {VEID} list updates

Update:

vzyum {VEID} update

Confirm that all VEs' have been updated to 5.5 with:

cat /vz/root/{VEID}/etc/redhat-release

You should see "CentOS release 5.5 (Final)".

Unable to open pty: No such file or directory

Submitted by sandip on Sat, 09/26/2009 - 01:09.

Udev is a dependency of xorg and other development packages that breaks OpenVZ containers if installed or upgraded.

Re-create the missing devices after an upgrade via:

vzctl exec {VEID} /sbin/MAKEDEV tty
vzctl exec {VEID} /sbin/MAKEDEV pty

For a permanent fix, edit /etc/rc.sysinit to disable udev and auto-repair the devices:

#/sbin/start_udev
/sbin/MAKEDEV tty
/sbin/MAKEDEV pty

vzdump LVM snapshots kernel errors

Submitted by sandip on Tue, 03/31/2009 - 09:49.

On running daily lvm snapshot backups via vzdump on OpenVZ servers, I noticed the below Kernel errors in logwatch reports.

 
WARNING:  Kernel Errors Present
    Buffer I/O error on device dm-4,  ...:  22 Time(s)
    EXT3-fs error (device dm-4): e ...:  60 Time(s)
    lost page write due to I/O error on dm-4 ...:  22 Time(s)

This would show up on busy servers only, probably caused due to lvm snapshot running out of space.

I edited "/usr/bin/vzdump" and increased the size from 500m to 1000m which seems to have resolved the issue for now.

 
run_command (\*LOG, "$lvcreate --size 1000m --snapshot --name vzsnap /dev/$lvmvg/$lvmlv");

Loss in network connectivity on OpenVZ host

Submitted by sandip on Thu, 01/29/2009 - 16:30.

openvz

I was seeing loss in network connectivity when an OpenVZ container is stopped and noticed that the bridge mac address was taking the mac address of an existing containers virtual network interface instead of the physical interface.

The solution was to set the bridge mac address to the physical interface:

/sbin/ifconfig br0 hw ether $(ifconfig eth0 | awk '{print $5; exit}')

Here is what my "/etc/sysconfig/vz-scripts/vps.umount" looks like which is used to remove routes to container with veth-bridge from bridge.

Weekly backups of all OpenVZ container

Submitted by sandip on Thu, 01/08/2009 - 17:56.

Here's is a simple shell script to run a weekly lvm snapshot dump of all OpenVZ containers using the vzdump utility:

#!/bin/bash
# ve_dumps.sh
# Dump all VEs

# Todays' date
DATE=$(date +%d)

# Paths
BAK_PATH=/opt/bak/vz_dumps
# Week of month
BAK_DIR=$(cal | awk -v date="${DATE}" '{ for( i=1; i <= NF ; i++ ) if ($i==date) { print FNR-2 } }')

# Function to check and remove previously failed snapshot.
check_vzsnap() {
  OUTPUT=`/usr/sbin/lvdisplay | grep vzsnap`
  [ -n "$OUTPUT" ] && lvremove -f /dev/vg0/vzsnap
}

# Function to perform backup.
backup() {
  # Check and create the required backup directory
  [ -d "${BAK_PATH}/${BAK_DIR}" ] || mkdir -p ${BAK_PATH}/${BAK_DIR}
  # do dumps
  echo "Starting dump at `date`"
  /usr/bin/vzdump --exclude-path '.+/log/.+' --exclude-path '.+/bak/.+' --exclude-path '/tmp/.+' --exclude-path '/var/tmp/.+' --exclude-path '/var/run/.+pid' --snapshot --dumpdir=${BAK_PATH}/${BAK_DIR} --compress --all
  echo "Completed dump at `date`"
}

# Main ############################

# Remove previously failed snapshot
check_vzsnap

# Run backups
backup

exit 0

Bridge Networking On OpenVZ Containers Using VETH Devices

Submitted by sandip on Wed, 08/13/2008 - 23:52.

1. Host will be open on LAN and guests on WAN. Additionally, there is a bridged LAN for guests.
2. We will be using bridge networking for protecting the Host Network and saving IP addresses, also giving flexibility with the guest network setup.
3. Configure LAN Eth1 port to 192.168.1.2
4. WAN Eth0 port is not assigned any IP address.
6. Install the required bridge-utils package via:

yum install bridge-utils

* Network:

# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=<host.domain.tld>
GATEWAY=192.168.1.1
GATEWAYDEV="eth1"

* WAN Bridge device br0:

# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
BROADCAST=xxx.xxx.xxx.xxx
NETMASK=255.255.255.24
NETWORK=xxx.xxx.xxx.xxx
ONBOOT=yes
GATEWAY=xxx.xxx.xxx.xxx
TYPE=Bridge

* WAN eth0 device:

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:30:48:65:12:b4
ONBOOT=yes
TYPE=Ethernet
BRIDGE=br0

* LAN Bridge device br1:

# cat /etc/sysconfig/network-scripts/ifcfg-br1
DEVICE=br1
ONBOOT=yes
TYPE=Bridge
IPADDR=192.168.1.2
NETMASK=255.255.255.0
GATEWAY=192.168.1.1

* LAN eth1 device:

# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:30:48:65:12:b5
ONBOOT=yes
TYPE=Ethernet
BRIDGE=br1

Create users in OpenVZ Containers

Submitted by sandip on Fri, 07/11/2008 - 00:35.

openvz

Helper script to create users on all OpenVZ VEs simultaneously:

#!/bin/bash
# create_ve_users.sh
# Usage: ./create_ve_users.sh <username> <password> <uid> <group1,group2>

USERNAME=$1
PASSWORD=$2
USERID=$3
GROUP=$4
EXPECTED_ARGS=4

OUT_FILE=.create_users_$$

if [ $# -ne $EXPECTED_ARGS ]
then
  echo "Usage: `basename $0` <username> <password> <uid> <group1,group2>"
  exit 65
fi

VE_LIST=$(/usr/sbin/vzlist -H -o veid)

for VE in ${VE_LIST}
do
        vzctl exec $VE \
                "echo useradd -u $USERID -G $GROUP -p \''`openssl passwd -1 $PASSWORD`'\' $USERNAME > /tmp/${OUT_FILE} ; \
                sh /tmp/${OUT_FILE} ; \
                rm -f /tmp/${OUT_FILE}"
done

exit 0

Update OpenVZ containers

Submitted by sandip on Wed, 07/09/2008 - 16:51.

openvz
vzyum

If you manage several OpenVZ containers, here is a simple bash script to keep the OpenVZ containers upto date.

#!/bin/bash
# vzyum_updates.sh
# updates VEs

VE_LIST=$(/usr/sbin/vzlist -H -o veid | grep -v Warning)

for VE in ${VE_LIST}
do
  /usr/bin/vzyum $VE update
done

exit 0

OpenVZ CentOS template cache creation with vzpkgcache

Submitted by sandip on Mon, 07/07/2008 - 23:44.

openvz

Following the instruction over at OpenVZ Wiki, I've had no problems with the installation and creation of templates prior to CentOS-5.2 on x86_64 systems. However, with the latest set of updates to CentOS-5.2, the vzpkgcache seems to have been broken as sysklogd is no longer being installed by default. Below is how I got it to work:

Note: edit /vz/template/centos/5/x86_64/config/minimal.list and append .x86_64 to all except for the addons packages. Then run:

# vzpkgcache -f centos-5-x86_64-minimal

which gives the below error at the end:

sed: can't read /etc/init.d/syslog: No such file or directory
ERROR: Script install-post failed

The solution was to edit "/vz/template/centos/5/x86_64/config/install-post" and set syslog and syslog.conf sed replacements with exit status of "0".

# Disable klogd
$VZCTL exec2 $VEID \
        "sed -i -e 's/daemon\\ klogd/passed\\ klogd\\ skipped/' \
                -e 's/killproc\\ klogd/passed\\ klogd\\ skipped/' \
                        /etc/init.d/syslog; exit 0"
...
# Disable fsync() in syslog
$VZCTL exec2 $VEID \
        "sed -i -e 's@\\\([[:space:]]\\\)\\\(/var/log/\\\)@\\\1-\\\2@' \
                /etc/syslog.conf; exit 0"