Installing OpenVZ + Management Of VMs Through ISPConfig 3 (Debian 6.0)

Version 1.0
Author: Till Brehm <t [dot] brehm [at] projektfarm [dot] com>, Falko Timme <falko [dot] timme [at] projektfarm [dot] com>

This tutorial describes the installation of an OpenVZ host server to manage virtual machines from within the ISPConfig 3 hosting control panel. OpenVZ is a lightweight virtualization technology for Linux servers, similar to jails on *BSD systems. See http://www.openvz.org for details. ISPConfig 3 contains a module to manage OpenVZ virtual machines on the local server and on remote servers that run ISPConfig.

Installation

First install the OpenVZ kernel and utilities right from the Debian Squeeze repository.

On 64Bit Linux (x86_64), use this command:

apt-get -y install linux-image-openvz-amd64 vzctl vzquota vzdump

On 32Bit Linux (x86), use this command instead:

apt-get -y install linux-image-openvz-686 vzctl vzquota vzdump

Create a symlink from /var/lib/vz to /vz so that ISPConfig finds the OpenVZ installation later.

ln -s /var/lib/vz /vz

Edit the file /etc/sysctl.conf and ensure that it contains the following lines:

vi /etc/sysctl.conf

net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.ip_forward=1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.eth0.proxy_arp=1

If you need to modify /etc/sysctl.conf, run

sysctl -p

to apply the changes.

The following step is important if the IP addresses of your virtual machines are from a different subnet than the host system's IP address. If you don't do this, networking will not work in the virtual machines!

Open /etc/vz/vz.conf and set NEIGHBOUR_DEVS to all:

vi /etc/vz/vz.conf

[...]
# Controls which interfaces to send ARP requests and modify APR tables on.
NEIGHBOUR_DEVS=all
[...]

Now reboot the server so that the openVZ Kernel gets loaded:

reboot

Now we download a precreated Debain OpenVZ image. Enter the template cache directory...

cd /var/lib/vz/template/cache

... and download the 32Bit Debian image.

wget http://download.openvz.org/template/precreated/contrib/debian-6.0-i386-minimal.tar.gz

On 64Bit systems, download the 64Bit image instead:

wget http://download.openvz.org/template/precreated/contrib/debian-6.0-amd64-minimal.tar.gz

More precreated OpenVZ images can be downloaded here:

http://download.openvz.org/template/precreated/contrib/

In the next steps the prerequisites for ISPConfig 3 controlpanel interface will be installed.

Install the MySQL database server...

apt-get -y install mysql-client mysql-server

... and enter the new password for MySQL when requested by the installer.

Install Apache and PHP...

apt-get -y install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt sudo libtimedate-perl

... and enable some apache modules:

a2enmod suexec rewrite ssl actions include

Install fail2ban: This is optional but recommended, because the ISPConfig monitor tries to show the log:

apt-get install fail2ban

cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/

Then start the install script:

php -q install.php

>> Initial configuration

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]: <-- hit enter

Installation mode (standard,expert) [standard]: <-- expert

Full qualified hostname (FQDN) of the server, eg server1.domain.tld  [ispconfig.local]: <-- hit enter

MySQL server hostname [localhost]: <-- hit enter

MySQL root username [root]: <-- hit enter

MySQL root password []: <-- enter the mysql root password here

MySQL database to create [dbispconfig]: <-- hit enter

MySQL charset [utf8]: <-- hit enter

Shall this server join an existing ISPConfig multiserver setup (y,n) [n]: <-- hit enter

Adding ISPConfig server record to database.

Configure Mail (y,n) [y]: <-- n

Configure Jailkit (y,n) [y]: <-- n

Configure FTP Server (y,n) [y]: <-- n

Configure DNS Server (y,n) [y]: <-- n

Hint: If this server shall run the ISPConfig interface, select 'y' in the 'Configure Apache Server' option.

Configure Apache Server (y,n) [y]: <-- y

Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configure Firewall Server (y,n) [y]: <-- y

Configuring Bastille Firewall
Install ISPConfig Web Interface (y,n) [y]: <-- y

Installing ISPConfig
ISPConfig Port [8080]: <-- hit enter

Enable SSL for the ISPConfig web interface (y,n) [y]: <-- hit enter

Generating RSA private key, 4096 bit long modulus
.............................................++
.........................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- Enter your country code, e.g. DE
State or Province Name (full name) [Some-State]: <-- Enter the state
Locality Name (eg, city) []: <-- enter the name of the city
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your company name
Organizational Unit Name (eg, section) []: <-- hit enter
Common Name (eg, YOUR name) []: <-- hit enter
Email Address []: <-- hit enter

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- hit enter
An optional company name []: <-- hit enter
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
Restarting web server: apache2 ... waiting .
Installation completed.

Remove the downloaded ispconfig files in the /tmp directory:

rm -rf /tmp/ispconfig3_install/install
rm -f /tmp/ISPConfig-3-stable.tar.gz