Installing Centos 6 with an OpenVZ kernel.

Installing OpenVZ

We start from a basic Centos 6 installation. Our objective will be to install OpenVZ and run several virtual machines. Attention OpenVZ supports virtualization only for GNU/Linux systems. In addition you can install an OpenVZ panel.

In first, update Centos and install some necessary tools :
yum update -y
yum install screen wget -y
OpenVZ uses a modified Linux kernel, we will install it and tools from the official repository.
rpm --import http://ftp.openvz.org/RPM-GPG-Key-OpenVZ
wget -P /etc/yum.repos.d/ http://ftp.openvz.org/openvz.repo

yum install vzkernel vzctl ploop
In /etc/sysconfig/selinux, SELINUX must be deactivated.
SELINUX=disabled
To allow access to Internet from virtual machines, edit /etc/sysctl.conf.
# On Hardware Node we generally need 
# packet forwarding enabled and proxy arp disabled 
net.ipv4.ip_forward = 1 
net.ipv6.conf.default.forwarding = 1 
net.ipv6.conf.all.forwarding = 1 
net.ipv4.conf.default.proxy_arp = 0  

# Enables source route verification 
net.ipv4.conf.all.rp_filter = 1  

# We do not want all our interfaces to send redirects 
net.ipv4.conf.default.send_redirects = 1 
net.ipv4.conf.all.send_redirects = 0
Check the first kernel in /boot/grub/grub.conf and reboot your server.
reboot
We no longer use the Linux kernel provided by CentOS, it is better to uninstall it.
yum remove kernel -y
In the examples, our network will be 192.168.1.0/24 and our public ip is 11.22.33.44.
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to 11.22.33.44
/sbin/service iptables save
Open /etc/vz/vz.conf and add "iptable_nat" in IPTABLES_MODULES
IPTABLES_MODULES="ipt_REJECT
Becomes
IPTABLES_MODULES="iptable_nat ipt_REJECT

The installation is now complete, you can now manage your OpenVZ server with VCA.

Templates download

We will install some templates, files must be placed in /vz/template/cache. Warning, do not unpack them.

Example with Ubuntu 14.04
cd /vz/template/cache
wget http://download.openvz.org/template/precreated/ubuntu-14.04-x86_64-minimal.tar.gz

Share port 80

If multiple sites are hosted on different virtual machines, we have two possibility:
  • Use failover IP
  • Do NAT
We will do NAT, on the host machine we install Nginx who will do reverse proxy. It is also possible to redirect port 80 to a virtual machine that will itself contain Nginx. Nginx is not activated in the default repositories, we will need to activate EPEL.
yum install epel-release -y
yum install nginx -y
chkconfig nginx on
By default, configuration files are in /etc/nginx/conf.d/. To separate proxy web sites, we create new folders.
mkdir /etc/nginx/sites-available/
mkdir /etc/nginx/sites-enabled/
In /etc/nginc/nginx.conf, replace
include /etc/nginx/conf.d/*.conf;
By
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
Create /etc/nginx/conf.d/proxy.conf
proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffer_size   16k;
proxy_buffers       32   16k;
proxy_busy_buffers_size 64k;
To redirect a web site, create a symbolic file in /etc/nginx/sites-available/, link ir to /etc/nginx/sites-enabled/ and reload Nginx.

Example with a virtual machine in 192.168.1.5
server {
        listen   80;
        server_name     mywebsite.com;
        location / {
                proxy_pass         http://192.168.1.5/;
        }
}
Open port 80 on the host machine.
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/service iptables save