Open Source

Install OpenVZ on CentOS to create a virtual container

Vincent Danen shows you how to install OpenVZ on CentOS. OpenVZ is an OS-level virtualization product that allows you to completely isolate processes from each other, increase security by keeping bits separate, and tightly control resource utilization.

A number of virtualization products exist for Linux. They range from free to commercial, basic to industrial-strength. Most will allow you to virtualize any operating system on a Linux host.

One virtualization product that is different from the others is OpenVZ. It will only do Linux-on-Linux virtualization as it is an OS-level virtualization product, where others are machine or hardware virtualization products. Essentially, OpenVZ is a glorified Linux chroot or BSD jail system that allows you to completely isolate processes from each other, increase security by keeping bits separate, and tightly control resource utilization. OpenVZ refers to these "virtual machines" as containers, virtual private servers (VPS), or virtual environments (VE).

As a result, OpenVZ is much lighter on system resources than full virtualization products like VMware or Xen.

Installing OpenVZ is quite simple. It requires a special kernel to provide the virtualization support it needs, and this can be obtained easily via the OpenVZ project itself. While the kernels are meant for RHEL4 and RHEL5, they will work on CentOS and track the upstream kernels quite closely.

To begin, you must download the OpenVZ repository control file in order for yum to become aware of the repository, and import the repository's GPG signing key.

This can be done by executing:

# cd /etc/yum.repos.d/
# curl -OL http://download.openvz.org/openvz.repo
# rpm —import http://download.openvz.org/RPM-GPG-Key-OpenVZ
# yum update

The final command downloads the repository metadata for the OpenVZ repositories. By default, only the RHEL5 and utils repositories are enabled; you can enable other repositories if you are interested in trying newer kernels. For CentOS 5, be sure to use the RHEL5 repository.

To install the OpenVZ kernel, execute:

# yum install ovzkernel.x86_64

Substitute "x86_64" above for "i386" if you are running a 32-bit system. Once the kernel is installed, edit /boot/grub/grub.conf to make sure that the entry for the OpenVZ kernel is the default (if it is the first entry in the file, make sure that default=0 is set; if it is the third entry, use default=2; it should be the first entry, however).

Next, edit /etc/sysctl.conf and add:

net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

This will enable IPv4 forwarding, disable the proxy arp, enable source route verification, and disable all of the interfaces from sending redirects. It also enables the magic sysrq key. Some of these options may already be defined; if so, simply comment any you find earlier in the file.

You will also need to disable SELinux by setting SELINUX=disabled in /etc/sysconfig/selinux.

Now reboot the system. When it comes back up, install the OpenVZ utilities:

# yum install vzctl.x86_64 vzquota.x86_64

You do not need to specify the architecture on a 32-bit system; specifying it on the x86_64 platform is desirable; otherwise, it will want to install both the i386 and x86_64 packages.

Once this is done, execute:

# service vz start

Installation is complete and you are ready to set up your first OpenVZ virtual machine. I'll look at creating an OpenVZ container in the future; in the meantime you can look at the OpenVZ wiki to read about how to create OS templates. Let me know if you have any specific questions about OpenVZ.

Get the PDF version of this tip here.

Delivered each Tuesday, TechRepublic's free Linux and Open Source newsletter provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks