Table of Contents
OpenVZ Virtualization
http://wiki.centos.org/HowTos/Virtualization/OpenVZ
OpenVZ is a form of OS virtualization based on 'containers'.
Other common forms of operating system virtualization:
- Fully virtualized
- Often called HVM (hardware virtual machine)
- VMware, KVM, etc.
- Para-Virtualized
- Xen
OpenVZ containers offer a very high performance virtualization platform. This is primarily due to its low overhead. Containers share the common host kernel and is primarily for Linux VMs.
Host Servers
See Proxmox.
See OpenVZ Web Panel.
PBX
http://tutorialsbay.com/how-to-isntall-asterisk-freepbx-on-a-vps/
See PiaF.
http://pve.proxmox.com/wiki/PBX_in_a_Flash
http://www.pbxinaflash.com/community/index.php?threads/best-timing-source.9084/
http://www.cadvision.com/blanchas/Asterisk/ZaptelPerformanceTesting.html
Firewall
We run the firewall on the Host Node (HN).
Stop all running VMs.
sed -i 's|ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length|ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp|' /etc/vz/vz.conf /etc/init.d/vz restart
DAHDI
Sangoma USB hardware timing source (internal UT50 and external UT51):
http://sangoma.com/products/accessories/tools.html
Note that DAHDI will only work if the Host Node and the VE are the same $ARCH (32/32 or 64/64).
HPET or hardware timing source is important.
Is HN kernel compiled with HPET and am I using it?
grep HPET /boot/config-2.6.32-11-pve cat /sys/devices/system/clocksource/clocksource0/available_clocksource cat /sys/devices/system/clocksource/clocksource0/current_clocksource
Change the current clock source, test then add to rc.local:
echo hpet > /sys/devices/system/clocksource/clocksource0/current_clocksource
See also 'res_timing_timerfd'.
dmesg | grep dahdi dahdi_test
Acceptable score: >99.975
Make DAHDI Timing Available to CTs
This assumes Asterisk is running as the user 'asterisk'.
CTID=100 vzctl stop $CTID vzctl set $CTID --devnodes dahdi/pseudo:rw --save vzctl start $CTID vzctl exec $CTID chown -R asterisk.asterisk /dev/dahdi /lib/udev/devices/dahdi
Alternate Method?
You can export devices from the Hardware Node (HN) to the container (CT) by using the devnodes flag.
You may need a line like this in the /etc/vz/conf/VEID.conf for the Asterisk VE:
DEVNODES="dahdi/pseudo:rw dahdi/ctl:rw dahdi/channel:rw dahdi/timer:rw "
Templates
OpenVZ containers are created from templates. Since containers are not fully virtualized environments. There is no booting to CD/DVD drives or ISO images.
Creating Templates
http://wiki.openvz.org/Physical_to_container
http://www.powerpbx.org/content/are-you-sure-you-want-revert-revision-sat-12102011-1203
Create a FreePBX (Centos 5) Template on Proxmox
- Install your Centos server and application to a physical machine.
- Create a Centos 5 container using an existing Centos template and shut it down.
Physical Machine (Source)
Clean out the YUM database and stop running applications:
yum clean all amportal stop service dnsmasq stop service httpd stop service mysqld stop
Proxmox Host
CTID=100
rm -rf /var/lib/vz/private/$CTID
mkdir /var/lib/vz/private/$CTID
rsync -arvpz --exclude=/dev --exclude=/mnt --exclude=/proc --exclude=/sys --exclude=/tmp \
-e ssh root@xx.xx.xx.xx:/ /var/lib/vz/private/$CTID/
sed -i -e 's/^[0-9].*getty.*tty/#&/g' /var/lib/vz/private/$CTID/etc/inittab
grep devpts /var/lib/vz/private/$CTID/etc/fstab > /var/lib/vz/private/$CTID/etc/fstab.new
mv -f /var/lib/vz/private/$CTID/etc/fstab.new /var/lib/vz/private/$CTID/etc/fstab
mkdir /var/lib/vz/private/$CTID/dev
mkdir /var/lib/vz/private/$CTID/mnt
mkdir /var/lib/vz/private/$CTID/proc
mkdir /var/lib/vz/private/$CTID/sys
mkdir /var/lib/vz/private/$CTID/tmp
mkdir /var/lib/vz/private/$CTID/dev/pts
mkdir /var/lib/vz/private/$CTID/etc/udev/devices
cd /var/lib/vz/private/$CTID
chroot .
MAKEDEV -d /dev -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null \
port ptmx random urandom zero ram0
MAKEDEV -d /etc/udev/devices -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem \
kmsg mem null port ptmx random urandom zero ram0
chmod 1777 /tmp
chmod 1777 /var/tmp
# Disable any physical NICs by modifying the etc/sysconfig/network-scripts/ifcfg-ethX files
# (where X is the interface number starting from 0) and setting ONBOOT to no.
vi /etc/sysconfig/network-scripts/ifcfg-eth0
ONBOOT=no
vi /etc/sysconfig/network
NETWORKING_IPV6="no"
vim /etc/rc.d/rc.sysinit
#/sbin/start_udev
vi /etc/sysconfig/init
PROMPT=no
vi /etc/sysconfig/selinux
SELINUX=disabled
# For RHEL 6 and clone distributions, you must comment out "console" in /vz/private/$CTID/etc/init/rc.conf
# and /vz/private/$CTID/etc/init/rcS.conf.
#
# You must also delete or rename tty.conf and start-ttys.conf.
#
# If you do not the container will not boot up.
cat << EOF >> /etc/yum.repos.d/vz.repo
[vz-base]
name=vz-base
mirrorlist=http://vzdownload.swsoft.com/download/mirrors/redhat-el5
#mirrorlist=http://vzdownload.swsoft.com/download/mirrors/redhat-el6
gpgcheck=0
[vz-updates]
name=vz-updates
mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-rhel5
#mirrorlist=http://vzdownload.swsoft.com/download/mirrors/updates-released-rhel6
gpgcheck=0
EOF
cat >> ~/.bash_profile << EOF
alias ll='ls -l'
alias la='ls -A'
alias l='ls -CF'
alias ls="BLOCK_SIZE=\'1 ls --color=auto"
alias free="free -m"
export GREP_OPTIONS='--color=auto'
PS1='\[\033[00;36m\]\u\[\033[00m\]@\h:\[\033[05;33m\]\w\[\033[00m\] \$ '
export HISTCONTROL=ignoredups
EOF
mkdir /var/lock/rpm
echo "
# IPv6
blacklist ipv6
blacklist net-pf-10" >> /etc/modprobe.d/blacklist.conf
exit # from chroot
vzctl start $CTID
vzctl enter $CTID
# For services info, see http://wiki.openvz.org/Physical_to_container
chkconfig --list | grep :on
for i in acpid apmd auditd bluetooth clock cupsd consolefont cpuspeed dnsmasq gpm hdparm iptables ip6tables isdn \
irqbalance kudzu lm_sensors lvm2-monitor mcstrans mdmonitor microcode_ctl netfs netplugd smartd netfs nfslock ntpd \
openibd pcmcia portmap postfix restorecond rpcidmapd rpcgssd sendmail wanrouter xfs; do chkconfig $i off; done
Using tar instead of rsync:
vim /etc/exclude .bash_history lost+found /dev/* /mnt/* /tmp/* /proc/* /sys/* /usr/src/*
tar --numeric-owner -czvf /tmp/centos-5.0-x86_64-FreePBX-image.tar.gz -X /tmp/exclude / scp /tmp/centos-5.0-x86_64-FreePBX-image.tar.gz root@192.168.1.30:/var/lib/vz/template/cache/