Create a new VM from a non-Proxmox appliance template

Posted by cbrunsch on May 8, 2012

I love Proxmox Virtual Environment when it comes to manage my own “Cloud”. However, the version I run (v1.9) has some issues with non-compliant appliance templates. So if I just copy or wget templates to the cache folder then the Proxmox web GUI marks these as “– unknown –” and they seem not to be usable to create new virtual machines.

Don’t bother… switch to good old bash and execute the following command with the template of your choice. Note, you should also substitute the rootpasswd string with some meaningful salt/hash combination.

/usr/bin/pvectl vzcreate 600 --disk 20 --ostemplate local:vztmpl/ubuntu-12.04-x86.tar.gz --rootpasswd $1$gs0UfL2E$ZQaAAAAAAAAAAAAAAA84/G1 --hostname ve600.example.com --nameserver 123.123.123.123 --nameserver 124.124.124.124 --searchdomain example.com --onboot yes --ipset 10.11.12.13 --swap 256 --mem 256 --cpus 1

Switch back to your web console and enjoy your newly created playground.

Forward mails to specific servers (Postfix transport)

Posted by cbrunsch on May 21, 2011

I was struggling to efficiently forward the OpenVZ hosts local e-mails to an private VE (MTA) since that system is bound to an IP address from a private range (192.168.x.x). Basically, I just wanted to have all mail for example.com to be routed to that “internal” mail server. In the end, postfix manuals led me to a simple solution. Thus, add the following lines to the postfix configuration files.

/etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport

example.com smtp:192.168.1.1

To make sure your changes are being applied, run the following commands

# postmap /etc/postfix/transport # postfix reload

The above lines cause postfix to forward mail targeting example.com to the MTA with IP 192.168.1.1. Make sure, the recipient mail server does accept incoming connections (I had to adjust the postgrey whitelist)

Backup VE in OpenVZ on CentOS

Posted by cbrunsch on September 6, 2010

Unfortunately, the CentOS 5.5 final release and repositories do not support vzdump out of the box. However, some research and hints in other blogs finally led me to a running solutions.

wget http://download.openvz.org/contrib/utils/vzdump/vzdump-1.2-4.noarch.rpm wget http://dag.wieers.com/rpm/packages/cstream/cstream-2.7.4-3.el4.rf.x8664.rpm wget http://dag.wieers.com/rpm/packages/perl-LockFile-Simple/perl-LockFile-Simple-0.206-1.el5.rf.noarch.rpm

rpm -i cstream-2.7.4-3.el4.rf.x8664.rpm rpm -i perl-LockFile-Simple-0.206-1.el5.rf.noarch.rpm rpm -i vzdump-1.2-4.noarch.rpm

export PERL5LIB=/usr/share/perl5/
That’s it.

vzdump --suspend --compress --all --mailto cybr@haite.ch

INFO: Starting Backup of VM 103 (openvz) INFO: CTID 103 exist mounted running INFO: status = CTID 103 exist mounted running INFO: backup mode: suspend INFO: bandwidth limit: 10240 KB/s INFO: starting first sync /vz/private/103/ to /vz/dump/vzdump-openvz-103-20100906-211257.tmp ...

Clone an OpenVZ VE

Posted by cbrunsch on May 22, 2009

Upgrade system to clone
hn# vzctl start veid-to-clone hn# vzctl enter veid-to-clone ve# yum update ve# exit hn# vzctl stop veid-to-clone
Run clone script with required attributes
hn# ./clone.sh Usage ./clone.sh old_id new_id new_ip

hn# ./clone.sh 1 123 192.168.1.123 Stopping ve1... Unable to stop: container is not running Copying configuration... Cloneing ve1... Updateing ve123 configuration... Starting clone... Starting container ... Initializing quota ... Container is mounted Adding IP address(es): 192.168.1.123 Setting CPU units: 1000 Configure meminfo: 65536 Set hostname: ve123.example.com File resolv.conf was modified Container start in progress... Starting origin ve... Starting container ... Container is mounted Adding IP address(es): 192.168.1.1 Setting CPU units: 1000 Configure meminfo: 65536 Set hostname: ve1.example.com File resolv.conf was modified Container start in progress... Done.
Be aware that the script automatically stops and starts the origin VE as well as the cloned VE. Clone bash script below

#! /bin/bash


if [ $# != 3 ]; then 
 echo "Usage $0 old_id new_id new_ip"
 exit 0
fi
OLDVE=$1
NEWVE=$2
IP=$3

echo "Stopping ve$OLDVE..." vzctl stop $OLDVE echo "Copying configuration..." mkdir /vz/root/$NEWVE cp /etc/vz/conf/$OLDVE.conf /etc/vz/conf/$NEWVE.conf mkdir /vz/private/$NEWVE echo "Cloneing ve$OLDVE..." pushd /vz/private/$OLDVE; tar c --numeric-owner * | tar x --numeric-owner -C /vz/private/$NEWVE; popd echo "Updateing ve$NEWVE configuration..." cat /etc/vz/conf/$OLDVE.conf | grep -v "IP_ADDRESS" | grep -v "HOSTNAME" > /etc/vz/conf/clone.conf echo "IP_ADDRESS="$IP"" >> /etc/vz/conf/clone.conf echo "HOSTNAME="ve$NEWVE.haite.ch"" >> /etc/vz/conf/clone.conf mv /etc/vz/conf/clone.conf /etc/vz/conf/$NEWVE.conf echo "Starting clone..." vzctl start $NEWVE echo "Starting origin ve..." vzctl start $OLDVE echo "Done."

Allow an OpenVZ VE to Act as NTP Server

Posted by cbrunsch on May 22, 2009

Common VEs are not allowed to update the system time
ve# ntpdate time.example.com 22 May 02:39:11 ntpdate[1895]: step-systime: Operation not permitted
Add the required privilege to a dedicated NTP VE
hn# vzctl stop 123 Stopping container ... Container was stopped Container is unmounted


hn# vzctl set 123 --capability sys_time:on --save
Saved parameters for CT 123

hn# vzctl start 123 Starting container ... Container is mounted Adding IP address(es): 192.168.1.123 Setting CPU units: 1000 Configure meminfo: 65536 Set hostname: ve123.example.com File resolv.conf was modified Container start in progress...
Try again…
hn# vzctl enter 123 entered into CT 123

ve# ntpdate time.example.com 22 May 02:43:04 ntpdate[3743]: step time server 12.12.12.12 offset -1.458977 sec

Forward Ports to Private VEs (DNAT)

Posted by cbrunsch on May 22, 2009

Use network address translation (DNAT) to forward ports to virtual machines which are connected in a private subnet (e.g. 192.168.1.0/24). The following statement will forward all packets received at the HN eth0 interface on port 443 to the virtual interface with address 192.168.1.123, port 443.

hn# iptables -A PREROUTING -t nat -i eth0 -p tcp -d 12.12.12.12 --dport 443 -j DNAT --to-dest 192.168.1.123:443

Make sure you specified the HN interface address (-d) otherwise request of all VEs will be sent to the specified destination host as well. Use the following command to list iptables NAT rules

hn# iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- 0.0.0.0/0 12.12.12.12 tcp dpt:80 to:192.168.1.123:443 ...

CYBR's Blog

Digital deep sea diving

Tag Archives: openvz

Create a new VM from a non-Proxmox appliance template

Forward mails to specific servers (Postfix transport)

Backup VE in OpenVZ on CentOS

Clone an OpenVZ VE

Allow an OpenVZ VE to Act as NTP Server

Forward Ports to Private VEs (DNAT)