Linux-VServer for Debian
From NJH-Wiki
- Languages
- english - deutsch
- Author
- Volker Grabsch
Contents |
Introduction
Linux-VServer systems provide several advantages. Even if you run only one server you'll benefit from running it as a VServer.
This guide explains how to build a VServer system in Debian and how to run one or more VServers there, emphasizing the "Debian Way".
Preconditions
- Debian/Sarge
- We own an extra IP for each VServer
Main system: step by step
First we need a main system that holds the VServers.
Network
Usually, the network is configured automatically via DHCP. In that case you can skip this chapter.
If not, we have to configure the multiple IP network interface ourselves. Suppose we were given the IPs:
- 10.0.0.1
- 10.0.0.2
- 10.0.0.3
We'd then edit /etc/network/interfaces and insert:
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
auto eth0:0
iface eth0:0 inet static
address 10.0.0.2
netmask 255.255.255.0
auto eth0:1
iface eth0:1 inet static
address 10.0.0.3
netmask 255.255.255.0
SSH
The SSH service of the main system should listen on another port (2222) to not interfere with the VServers' SSH services.
Edit /etc/ssh/sshd_config and change:
Port 2222
Kernel
We take a VServer patched Debian standard kernel from the Backports.
Edit /etc/apt/sources.list and insert:
deb http://www.backports.org/debian/ sarge-backports main contrib non-free
Update package list:
aptitude update
Install the VServer patched kernel:
aptitude -t sarge-backports install linux-image-2.6-vserver-ARCH
where ARCH is one of the architectures:
- 686
- k7
- amd64-k8
- em64t-p4
Reboot:
reboot
If this standard kernel doesn't work, you'll have to compile a kernel yourself.
VServer system
Install the VServer tools:
aptitude install util-vserver vserver-debiantools
Create a directory for the VServers:
mkdir /var/lib/vservers
Edit /etc/vservers/newvserver-vars and insert:
DEFAULT_VSERVERDIR=/var/lib/vservers
VServer: step by step
Now we create a VServer in our main system. For this example we assume:
- Domain name of the main system
- domain.net
- Domain name of the VServer
- vs1.domain.net
- IP address of the VServer
- 10.0.0.1
Installation
Create the VServer:
newvserver --hostname vs1 --domain domain.net --ip 10.0.0.1 \
--mirror http://ftp.debian.org/debian/ --dist sarge
This automatically runs base-config which asks some questions.
By default the CAP_NET_RAW capability is set. However, this is usually only necessary if you use the default bind9 Debian package. It's generally a good practice not to give unnecessary capabilities to your VServer unless it really needs them.
So edit /etc/vservers/vs1.conf and change:
S_CAPS=""
Install vreboot into the VServer:
cd /var/lib/vservers/vs1/usr/local/sbin cp /usr/lib/util-vserver/legacy/vreboot . ln -s vreboot vhalt ln -s vreboot vshutdown
Run the VServer:
vserver vs1 start
Webmin
If you use Webmin in your VServer you have to tell it about the new reboot and halt commands.
Enter the VServer:
vserver vs1 enter
Install Webmin:
aptitude install webmin
Edit /etc/webmin/init/config and change:
shutdown_command=/usr/local/sbin/vhalt reboot_command=/usr/local/sbin/vreboot
Restart Webmin:
/etc/init.d/webmin restart
Leave the VServer:
exit
SSH
Enter the VServer:
vserver vs1 enter
Install the SSH server:
aptitude install ssh
Leave the VServer:
exit
If the VServer has the same IP address as the main system, it must also show the same SSH host key. The different port number (2222 instead of 22) is not sufficient!
Copy the main system's SSH host key into the VServer:
cp -p /etc/ssh/ssh_host_* /var/lib/vservers/vs1/etc/ssh/
Restart the VServer's SSH server:
vserver vs1 exec /etc/init.d/ssh restart
