An Even Easier Linux-VServer -Virtual Server - Tutorial

Linux-Vserver is a very interesting tool for setting up a quick virtual host without the pains and expense of some other system like XEN or VMWare. It's more secure and "standalone-ish" than any of the Jail packages I've tried.

I found a fairly good, easy-to-follow article, "Linux-Vserver on Debian Testing (Etch), the easy way " here: http://www.howtoforge.com/linux_vserver_debian_etch

However, that article left out a few small details that are worth jotting down in your notes.

I suggest you read the other article briefly and follow its instructions for installing the VServer kernel and utilities into the host system, then look at the following instructions for some hopefully pain-free steps to setting up a new vserver guest.


 

First, some modifications to the host system are in order:

The VServer "create" scripts will gather information from the host, including what goes into /etc/resolve.conf for nameservers. If you're running bind on the host system, temporarily comment out the  "nameserver 127.0.0.1" lines in resolv.conf before creating a new vserver - or your guest will have some DNS resolution problems at the end of the setup.

Also, sshd on the host system will bind to all addresses, including the ones belonging to the vserver guests (which will cause the guest sshd to fail), so modify the host's /etc/ssh/sshd_config so that it only binds to the host's own IP: ListenAddress 192.168.0.2 (replace 192.168.0.2 with the primary IP of the host system, which should not be shared with any of the guests).

Create your new vserver guest, using the appropriate hostname, domain, IP, netmask and Debian mirror for your situation (run the following commands as root on your host vserver system):


newvserver --vsroot /vservers/ --hostname vsrv1 \
--domain local --ip 192.168.0.140/24 \
--dist etch --mirror http://ftp.us.debian.org/debian/



cd /etc/vservers/vsrv1/interfaces
cp -a 0 1
cd 0
echo lo > dev
echo 127.0.0.1 > ip
cd ..

At this point you should be aware that by default, a new VServer guest is setup with a 16MB /tmp mounted from the hosts's tmpfs. Depending on what you are doing with your VServer guest, 16MB may be enough for you, and having it in RAM is nice. But 16MB is not much tmp space for most folks, so either make it bigger than 16MB, or remove the line from fstab so that /tmp is on-disk like most systems.

You can change this setting by editing the fstab file in the directory you are now in (/etc/vservers/vsrv1/). In my case I just commented out the line mounting the 16MB tmp.

Now:

cd
vserver vsrv1 start
vserver vsrv1 enter


Your shell prompt is now inside your new virtual server.

At this point I would run "apt-get update", and install some extra packages. The initial package selection is pretty slim!

apt-get update ; apt-get install emacs21-nox ssh less


Be aware that by default the sources.list in the guest only contains "main" repositories, if you want contrib, non-free, or others, you'll have to configure them.

Edit /etc/ssh/sshd_ config, set the ListenAddress directive to the IP you've designated for your guest.

Start sshd:
/etc/init.d/ssh start


To log out of the vserver console, hit Ctrl-D. The guest is still running.

If you want your vserver guest to start at boot time when the host system starts, run the following on the host system:

echo "default" >  /etc/vservers/vsrv1/apps/init/mark



Another helpful hint I found - I did not have this problem, but it's worth noting in case you do:


" If I shut down my vserver guest, the whole Internet interface ethX on the host is shut down. What happened?
A: When you shut down a guest (i.e. vserver foo stop), the IP is brought down on the host also. If this IP happens to be the primary IP of the host, the kernel will not only bring down the primary IP, but also all secondary IP addresses. But in very recent kernels, there is an option set table which prevents that nasty feature. It's called "alias promotion". You may set it via sysctl by adding net.ipv4.conf.all.promote_secondaries=1 in /etc/sysctl.conf or via sysctl command line."