Virtual Servers on Debian

Table of Contents

Documents

Overview

Virtual servers are provided by a linux kernel patch and vserver tools. Lots of information can be found at the Linux Vserver Homepage.

See requirements for initial system setup instructions to support virtual servers.

Creating Virtual Servers

Now that your vserver enabled kernel is running you can create some virtual servers. By default virtual servers go in /var/lib/vservers and the configuration for the servers go in /etc/vservers.

You use the vserver command to create and manipulate your virtual servers. The vserver build process will create all of the necessary directories and configuration files for you. You can build a new vserver like this: 

vserver samba build --hostname samba --interface eth0:192.168.0.7 -m debootstrap -- -d sarge -m ftp://mirrors/debian

This will download all of the required packages from the mirror specified by the -m switch and build a virtual server in the directory /var/lib/vservers/samba with the hostname samba and IP address 192.168.0.7 on interface eth0. You may need to add --force if you are overwriting an existing vserver. This will move the existing vserver away by renaming it and create a fresh new copy.

To erase the samba vserver config and start again use 

rm -rf /var/lib/vservers/samba /etc/vservers/samba

You can create vservers without the hostname or IP and specify the default mirror once in /etc/vservers/.defaults/apps/debootstrap/mirror as 

server:~# cat /etc/vservers/.defaults/apps/debootstrap/mirror
ftp://mirrors/debian

then you can create new vservers with 

vserver bind build -m debootstrap -- -d sarge

Note:

FIXME: This doesn't seem to work anymore

If you want your vserver in a separate mounted partition you need to create and mount the partition first in your vserver root system before running the vserver <name> build command to create the server.

FIXME: The workaround for now is to create the vserver then move the files to a new partition to host the vserver which is a bit of a pain but it works. 

server:~# mv /var/lib/vservers/samba /var/lib/vservers/samba.new
server:~# mount /samba # from the /etc/fstab entry where the samba partition really lives
server:~# cd /var/lib/vservers/samba.new && cp -av - ../samba
server:~# cd && rm -rf /var/lib/vservers/samba.new

The --force option on the build command will fail for vservers mounted on partitions since renaming the mount point is not possible. See editing the configuration of a vserver below so that you won't need to use --force just to fix things like device, IP, or hostname for a vserver.

Now you can manually configure the hostname, ip, and device by creating the appropriate configuration files: 

server# cd /etc/vservers/bind/interfaces         # Directory for device configuration for the 'bind' server
server# mkdir 0                                  # First device (next is '1', then '2', etc)
server# echo eth0 > 0/dev                        # set the device interface to eth0
server# echo 192.168.1.100 > 0/ip                # set the IP to 192.168.1.100
server# echo ns >/etc/vservers/bind/uts/nodename # set the nodename to 'ns'

The vserver IPs are dynamically created and removed when the vservers start and stop.

Controlling Your Virtual Servers

Starting A Server

You use the vserver <name> start command to start a server. 

server# vserver bind start
Starting system log daemon: syslogd.
Starting kernel log daemon: klogd.
Starting domain name service: named.
Starting internet superserver: inetd.
Starting OpenBSD Secure Shell server: sshd.
Starting deferred execution scheduler: atd.
Starting periodic command scheduler: cron.

Stopping A Server

Use the vserver <name> stop command to stop a server. 

server# vserver bind stop
Stopping periodic command scheduler: cron.
Stopping internet superserver: inetd.
Stopping OpenBSD Secure Shell server: sshd.
Saving the System Clock time to the Hardware Clock...
hwclock is unable to get I/O port access:  the iopl(3) call failed.
Hardware Clock updated to Wed Jun 22 11:55:01 UTC 2005.
Stopping domain name service: namedrndc: connect failed: connection refused
.
Stopping deferred execution scheduler: atd.
Stopping kernel log daemon: klogd.
Stopping system log daemon: syslogd.
Sending all processes the TERM signal...done.
Sending all processes the KILL signal...done.
Saving random seed...done.
Unmounting remote and non-toplevel virtual filesystems...done.
Deconfiguring network interfaces...ifdown: failed to open statefile /etc/network/run/ifstate: No such file or directory
done.
Cleaning up ifupdown...done.
Deactivating swap...umount: none: not found
umount: /tmp: must be superuser to umount
done.
Unmounting local filesystems...umount: none: not found
umount: /tmp: must be superuser to umount
umount: /dev/hdv1: not found
umount: /: must be superuser to umount
done.
mount: permission denied
Rebooting... ifdown: shutdown eth0: Permission denied
ifdown: shutdown eth0: Permission denied

Determine What Is Running

You can determine which virtual servers are running using the vserver-stat command. 

server# vserver-stat
CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
0       49  58.1M   5.6K   4m43s13   2m44s80  11h01m14 root server
49159    5  10.7M   0.9K   0m00s00   0m00s00   0m03s22 bind
server#

Virtual Server processes are hidden from each other and the root server. There is a special context (1) used to see all processes on the system. The top and ps commands will only show you processes for the current server context. New commands vtop and vps will display processes from all contexts on the system.

Entering A Virtual Server Context

You enter a virtual server using the vserver <name> enter command as follows: 

server# vserver bind enter
ns:/# ps axf
  PID TTY      STAT   TIME COMMAND
 4743 pts/0    S      0:00 /bin/bash -login
 4758 pts/0    R+     0:00  \_ ps axf
 4723 ?        Ss     0:00 /usr/sbin/cron
 4720 ?        Ss     0:00 /usr/sbin/atd
 4716 ?        Ss     0:00 /usr/sbin/inetd
 4710 ?        Ss     0:00 /usr/sbin/exim4 -bd -q30m
 4675 ?        Ss     0:00 /sbin/syslogd
ns:/# logout
server#

This gives you a root shell in the specified virtual server.

Installing New Packages

Next copy your /etc/apt/sources.list file to your vserver with 

server# cp /etc/apt/sources.list /var/lib/vservers/bind/etc/apt

Enter your vserver and run aptitude to install the appropriate packages 

server# vserver bind enter
ns:/# aptitude

I recommend you install at least the following packages on your new vserver:

  • ssh
  • locales
  • ssmtp

Add any other packages you need for your vserver.

Vserver Configuration: /etc/vservers

You configure a virtual server in the /etc/vservers/<name> directory.

Setting Capabilities

Edit (or create) the file bcapabilities and add the appropriate capabilities to be enabled for the vserver. For bind9 the following capabilities are set: 

server:/etc/vservers/bind# cat bcapabilities
SYS_CHROOT
SYS_RESOURCE
server:/etc/vservers/bind#

Starting Servers At Boot Time

The standard vserver startup script in /etc/init.d/vserver-default affects any virtual servers that are marked as default servers. To mark a specific server as a default server you create the following file in the vserver directory: 

server# echo default > /etc/vservers/bind/apps/init/mark

This sets the bind server as a default server and it will be started and stopped by the vserver-default startup script.

Default servers are started fairly late in the boot process and that may not be appropriate for things like name servers. You can copy this script to a new name (such as /etc/init.d/vserver-first) and modify the mark name to something like 'first'. Create a link to the new /etc/init.d/vserver-first script with a higher priority in the /etc/rc*.d directories to start certain servers before the default servers. Any virtual servers you mark as 'first' servers with server# echo first > /etc/vservers/bind/apps/init/mark will be managed by the /etc/init.d/vservers-first script.

Resources

Other possibly useful links:

Author: Bernt Hansen