Setting Up Linux VServer Virtualization

Kernel Installation

Linux VServers require kernel support in the host system that can only be provided by a kernel patch. Unfortunately this does not appear to be included in any of the kernels available from mainstream distribution vendors. However, a pre-compiled kernel package for Fedora Core 5 is available, and can be installed by following the steps below :

  1. Disable SELinux by editing /etc/selinux/config and changing the SELINUX line to :
    SELINUX=disabled
  2. Make sure all packages are up to date by running
    yum upgrade
  3. To prevent the custom kernel we are going to install from being replaced, edit the file /etc/yum.repos.d/fedora-updates.repo and in the updates-released section add the line exclude=kernel kernel-smp yum . The section should end up looking something like :
    [updates-released]
    name=Fedora Core $releasever - $basearch - Released Updates
    #baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/updates/$releasever/$basearch/
    mirrorlist=http://fedora.redhat.com/download/mirrors/updates-released-fc$releasever
    enabled=1
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora
    exclude=kernel kernel-smp yum
  4. Create the file /etc/yum.repos.d/dhozac.repo containing :
    [dhozac-vserver]
    name=Daniel Hokka Zakrisson's packages for Fedora $releasever - $basearch - vserver
    baseurl=http://rpm.hozac.com/dhozac/fedora/$releasever/vserver/$basearch
      http://muh.at/dhozac/fedora/$releasever/vserver/$basearch
    gpgkey=http://rpm.hozac.com/fedora/conf/keys/RPM-DHOZAC-GPG-KEY
    enabled=1
  5. Install the kernel with VServers support with the command yum install kernel , or if you are using an SMP system yum install kernel-smp . The reboot with the reboot command.
  6. To validate that the VServers kernel is now running, make sure the file /proc/virtual/info exists. It should contain something like
    VCIVersion:     0002:0001
    VCISyscall:     273
    VCIKernel:      03000016
  7. Install the VServers support programs with the command :
    yum install util-vserver util-vserver-core util-vserver-lib util-vserver-sysv util-vserver-build

Mandriva Install

Use URPMI

urpmi kernel-vserver-latest kernel-vserver-source-latest util-vserver util-vserver-build util-vserver-core util-vserver-sysv util-vserver-lib

For other distributions, you will almost certainly need to compile a patched kernel manually. The official VServers website at http://linux-vserver.org/Documentation has more details.

Binding Ports to Primary IP Address

One limitation of VServers network is that a server listening on some port on all interfaces on the host will prevent that port from being used within VServer instances. For example, if Apache is using port 80 on all interfaces (as it does by default), then no systems running within VServers will be able to run Apache!

The suggested solution to this problem is to run only a minimal set of services on the host system, such as SSH and Webmin. All others like Apache, Sendmail, Postfix, BIND and ProFTPd should be shut down or un-installed.

To use Webmin to configure itself and SSH to listen only on the host system's primary interface, follow these steps :

  1. Login to Webmin on the VServers host system.
  2. Go to the Network Configuration module in the Networking category, click on Network Interfaces and note the IP address of the primary interface, typically eth0. For the sake of these instructions, let's say it is 192.168.10.10.
  3. Open the Webmin category and click on Webmin Configuration, then on the Ports and Addresses icon.
  4. Under Bind to IP address select Only address.. from the menu, and enter the IP (192.168.10.10) into the text box next to it.
  5. Click the Save button.
  6. Open the Servers category and click on SSH Server, then on the Networking icon.
  7. In the Listen on addresses table select Entered below .., and in the Address field enter 192.168.10.10. Then click Save.
  8. Back on the main page of the SSH server module, click the Apply Changes button.

To use Webmin to shut down other services that may use ports needed by Virtualmin in VServers, do the following :

  1. Login to Webmin, open the System category and click on Bootup and Shutdown Actions.
  2. Check the boxes next to actions with names like apache , httpd , sendmail , postfix , named , proftpd , vsftpd , dovecot and mysql .
  3. At the bottom of the page, click the Disable Now and On Boot button.