Menu Close

Creating OpenVZ in a Centos 6

This tutorial is running under a vps with the following :

  • Memory 2 GB
  • Disk Space 20 GB
  • 4 Cpu core
  • Virtualization KVM
  • Operating System CentOS 6 64bit
  • 1 IPv4
  • /64 IPv6 tunneled from HE

The basic idea is to be able to create an OpenVZ VM inside a KVM VPS.
VM connection to the internet is using NAT trough the eth0 of the KVM VPS, so the OpenVZ VM have direct access to the internet.
Connection from the internet to the OpenVZ VM using port forwarding, which set by IPTABLES.
This tutorial is based from :

  • http://dony-ramansyah.blogspot.com/2011/10/install-openvz-untuk-layanan-vps-di.html
  • http://wiki.openvz.org/Using_NAT_for_container_with_private_IPs

Installing basic webserver

# yum install httpd php

 
Preparing OpenVZ Repository
Add the following repository from OpenVZ to Centos 6

# cd /etc/yum.repos.d
# wget http://download.openvz.org/openvz.repo
# rpm import http://download.openvz.org/RPM-GPG-Key-OpenVZ

 
Installing OpenVZ Kernel

# yum install vzkernel
# yum install vzctl vzquota

 
Modifying sysctl.conf

# nano /etc/sysctl.conf

Add the following line :

net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1

Activate the modification

# sysctl -p

 
Modifying the vz.conf

# nano /etc/vz/vz.conf

Find the following line, and change the value to “all”

NEIGHBOUR_DEVS=all

 
Disable SELINUX in Centos

# nano /etc/sysconfig/selinux

Find SELINUX line, and change the value to “disabled”

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing  SELinux security policy is enforced.
# permissive  SELinux prints warnings instead of enforcing.
# disabled  No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted  Targeted processes are protected,
# mls  Multi Level Security protection.
SELINUXTYPE=targeted

 
Installing OpenVZ Web Panel for managing the OpenVZ

# wget http://ovz-web-panel.googlecode.com/svn/installer/ai.sh
# sh ai.sh

Wait until installation complete, and you will see something like http://ip.address.of.vps:3000.
 
Setting iptables
Next, we make some modification to permit acl for port 3000 in the iptables

# nano /etc/sysconfig/iptables

Add the following lines :

-A INPUT -m state state NEW -m tcp -p tcp dport 3000 -j ACCEPT

Restart the iptables :

# /etc/init.d/iptables restart

 
Installing OS template for the OpenVZ

# cd /vz/template/cache

Download all the OS you need here

http://download.openvz.org/template/precreated/

Example :

# wget http://download.openvz.org/template/precreated/ubuntu-11.04-x86.tar.gz

 
Restart your Centos server

# reboot

Verify that the KVM VPS is using the new OpenVZ kernel

# uname -arm

 
 
Managing trough OpenVZ Web Panel

http://your.vps.ip.address:3000

Default username is admin, default password is admin.  By using OpenVZ Web Panel, we can add manage the VM, such creation, editing setting, deletion, etc.
Adding IP Pools to the VM
From the OpenVZ Web Panel, click on the left side, and add the IP Pools, since we only have 1 IPv4, we need to add the private IP to the VM, for example 192.168.1.1 – 192.168.1.255 or 10.10.10.1 – 10.10.10.255
Next, click on the left side, on the localhost, create your first VM, with the veid for example 101, choose the OS template, assign the private IP to the VM, set the disk space, memory, etc.
 
How to provide access for container to the internet
To give internet access for container to the internet, we need to set IPTABLES with SNAT to the VM. Here, our KVM VPS is using eth0 with the IP address for example 194.68.40.216.
We can set SNAT for each VM, but for the fastest way, lets set SNAT for each IP :

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to ip_address

ip_address is the vps IP address, so it would be :

# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 194.68.40.216

 
 

4 Comments

  1. Kurnia Ramadhan

    Kang, saya ada trouble untuk forwarding. Saya baru sukses untuk forwarding SSH ke IP lokal menggunakan port tertentu atau forwarding port 80 ke IP lokal untuk web akses. Saya menggunakan HAproxy.
    Masalahnya, sampai saat ini saya belum menemukan cara untuk gabungin keduanya (SSH dan Web forward) di HAProxy nya seperti yang dilakukan Anthony di LES. Punya solusinya gak kang hehehe

    • Erawan Arif Nugroho

      Maaf telat balasnya mas, hehe baru mudik lebaran siang ini, jadi baru ada sinyal.
      Jadi maunya kayak gini mas?

      SSH ke 123.123.123.123:1022 diforward ke IP.lokal.vps:22
      Web port 123.123.123.123:1080 diforward ke IP.lokal.vps:80

      Setingannya jadi bikin dua rules di IPTABLES untuk masing-masing port forwardnya.
      Contoh iptables saya :

      Port forward untuk website :
      # iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 10080 -j DNAT --to-destination 192.168.1.100:80
      Port forward untuk ssh :
      # iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 10022 -j DNAT --to-destination 192.168.1.100:22

      Tapi semua port tadi sebenarnya bebas mau dipakai untuk apa saja 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *