====== OpenVZ Virtualization ======

http://wiki.openvz.org

http://wiki.centos.org/HowTos/Virtualization/OpenVZ

OpenVZ is a form of OS virtualization based on 'containers'.

Other common forms of operating system virtualization:

  * Fully virtualized
    * Often called HVM (hardware virtual machine)
    * VMware, KVM, etc.
  * Para-Virtualized
    * Xen

OpenVZ containers offer a very high performance virtualization platform.  This is primarily due to its low overhead.  Containers share the common host kernel and is primarily for Linux VMs.

===== Host Servers =====

See [[virtualization:proxmox|Proxmox]].

See [[http://code.google.com/p/ovz-web-panel/|OpenVZ Web Panel]].

===== PBX =====

http://tutorialsbay.com/how-to-isntall-asterisk-freepbx-on-a-vps/

See [[voice:pbx:piaf_virtual|PiaF]].

http://pve.proxmox.com/wiki/PBX_in_a_Flash

http://www.pbxinaflash.com/community/index.php?threads/best-timing-source.9084/

http://www.cadvision.com/blanchas/Asterisk/ZaptelPerformanceTesting.html

==== Firewall ====

We run the firewall on the Host Node (HN).

Stop all running VMs.

<file>
sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf

/etc/init.d/vz restart
</file>

==== DAHDI ====

Sangoma USB hardware timing source (internal UT50 and external UT51): 

http://sangoma.com/products/accessories/tools.html

:!: Note that DAHDI will only work if the Host Node and the VE are the same $ARCH (32/32 or 64/64).

:!: HPET or hardware timing source is important.

Is HN kernel compiled with HPET and am I using it?

<file>
grep HPET /boot/config-2.6.32-11-pve

cat /sys/devices/system/clocksource/clocksource0/available_clocksource

cat /sys/devices/system/clocksource/clocksource0/current_clocksource
</file>

Change the current clock source, test then add to ''rc.local'':

<file>
echo hpet > /sys/devices/system/clocksource/clocksource0/current_clocksource
</file>


See also 'res_timing_timerfd'.

<file>
dmesg | grep dahdi

dahdi_test
</file>

Acceptable score: >99.975

=== Make DAHDI Timing Available to CTs ===

This assumes Asterisk is running as the user 'asterisk'.

<file>
CTID=100
vzctl stop $CTID
vzctl set $CTID --devnodes dahdi/pseudo:rw --save
vzctl start $CTID
vzctl exec $CTID chown -R asterisk.asterisk /dev/dahdi /lib/udev/devices/dahdi
</file>

=== Alternate Method? ===

You can export devices from the Hardware Node (HN) to the container (CT) by using the devnodes flag.

You may need a line like this in the /etc/vz/conf/VEID.conf for the Asterisk VE:

<file>
DEVNODES="dahdi/pseudo:rw dahdi/ctl:rw dahdi/channel:rw dahdi/timer:rw "
</file>

===== Templates =====

OpenVZ containers are created from templates.  Since containers are not fully virtualized environments.  There is no booting to CD/DVD drives or ISO images.

==== Creating Templates ====

http://wiki.openvz.org/Physical_to_container

http://www.powerpbx.org/content/are-you-sure-you-want-revert-revision-sat-12102011-1203

http://wiki.openvz.org/Creating_a_CentOS_5.0_Template

==== Create a FreePBX (Centos 5) Template on Proxmox ====

  - Install your Centos server and application to a physical machine.
  - Create a Centos 5 container using an existing Centos template and shut it down.

=== Physical Machine (Source) ===

Clean out the YUM database and stop running applications:

<file>
yum clean all

amportal stop
service dnsmasq stop
service httpd stop
service mysqld stop
</file>

=== Proxmox Host ===

<file>
CTID=100

rm -rf /var/lib/vz/private/$CTID

mkdir /var/lib/vz/private/$CTID

rsync -arvpz --exclude=/dev --exclude=/mnt --exclude=/proc --exclude=/sys --exclude=/tmp \
-e ssh root@xx.xx.xx.xx:/ /var/lib/vz/private/$CTID/

sed -i -e 's/^[0-9].*getty.*tty/#&/g' /var/lib/vz/private/$CTID/etc/inittab

grep devpts /var/lib/vz/private/$CTID/etc/fstab > /var/lib/vz/private/$CTID/etc/fstab.new

mv -f /var/lib/vz/private/$CTID/etc/fstab.new /var/lib/vz/private/$CTID/etc/fstab

mkdir /var/lib/vz/private/$CTID/dev
mkdir /var/lib/vz/private/$CTID/mnt
mkdir /var/lib/vz/private/$CTID/proc
mkdir /var/lib/vz/private/$CTID/sys
mkdir /var/lib/vz/private/$CTID/tmp

mkdir /var/lib/vz/private/$CTID/dev/pts

mkdir /var/lib/vz/private/$CTID/etc/udev/devices

cd /var/lib/vz/private/$CTID

chroot .

MAKEDEV -d /dev -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null \
port ptmx random urandom zero ram0

MAKEDEV -d /etc/udev/devices -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem \
kmsg mem null port ptmx random urandom zero ram0

chmod 1777 /tmp
chmod 1777 /var/tmp

# Disable any physical NICs by modifying the etc/sysconfig/network-scripts/ifcfg-ethX files
# (where X is the interface number starting from 0) and setting ONBOOT to no.

vi /etc/sysconfig/network-scripts/ifcfg-eth0

ONBOOT=no

vi /etc/sysconfig/network

NETWORKING_IPV6="no"

vim /etc/rc.d/rc.sysinit

#/sbin/start_udev

vi /etc/sysconfig/init

PROMPT=no

vi /etc/sysconfig/selinux

SELINUX=disabled

# For RHEL 6 and clone distributions, you must comment out "console" in /vz/private/$CTID/etc/init/rc.conf
# and /vz/private/$CTID/etc/init/rcS.conf.
#
# You must also delete or rename tty.conf and start-ttys.conf.
#
# If you do not the container will not boot up.

cat << EOF >> /etc/yum.repos.d/vz.repo
[vz-base]
name=vz-base
mirrorlist=http://vzdownload.swsoft.com/download/mirrors/redhat-el5
#mirrorlist=http://vzdownload.swsoft.com/download/mirrors/redhat-el6
gpgcheck=0 

[vz-updates]
name=vz-updates
mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-rhel5
#mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-rhel6
gpgcheck=0
EOF

cat >> ~/.bash_profile << EOF

alias ll='ls -l'
alias la='ls -A'
alias l='ls -CF'
alias ls="BLOCK_SIZE=\'1 ls --color=auto"
alias free="free -m"
export GREP_OPTIONS='--color=auto'
PS1='\[\033[00;36m\]\u\[\033[00m\]@\h:\[\033[05;33m\]\w\[\033[00m\] \$ '
export HISTCONTROL=ignoredups
EOF

mkdir /var/lock/rpm

echo "
# IPv6
blacklist ipv6
blacklist net-pf-10" >> /etc/modprobe.d/blacklist.conf


exit # from chroot


vzctl start $CTID
vzctl enter $CTID

# For services info, see http://wiki.openvz.org/Physical_to_container

chkconfig --list | grep :on

for i in acpid apmd auditd bluetooth clock cupsd consolefont cpuspeed dnsmasq gpm hdparm iptables ip6tables isdn \
irqbalance kudzu lm_sensors lvm2-monitor mcstrans mdmonitor microcode_ctl netfs netplugd smartd netfs nfslock ntpd \
openibd pcmcia portmap postfix restorecond rpcidmapd rpcgssd sendmail wanrouter xfs; do chkconfig $i off; done



</file>


Using ''tar'' instead of ''rsync'':

<file>
vim /etc/exclude

.bash_history 
lost+found 
/dev/* 
/mnt/* 
/tmp/* 
/proc/* 
/sys/* 
/usr/src/*
</file>

<file>
tar --numeric-owner -czvf /tmp/centos-5.0-x86_64-FreePBX-image.tar.gz -X /tmp/exclude /

scp /tmp/centos-5.0-x86_64-FreePBX-image.tar.gz root@192.168.1.30:/var/lib/vz/template/cache/
</file>