Wednesday, April 30, 2008

Gentoo on a 1&1 vServer

Last update: 2008/04/30

Companies like 1and1 and Strato offer virtual servers based on the Virtuozzo virtualization technology. While these machines are quite cheap and provide a full linux work environment they run SUSE by default. Not my favorite linux distribution...

I was pretty certain that I could also switch the server to Gentoo. But when I asked the customer support they told me that they have no one running Gentoo on any of these machines. And that they would have no clue if that could work.

So I tried and it is definitely possible. Just in case there are others who would like to have a Gentoo vserver on a Virtuozzo system this HowTo will provide some instructions on how to achieve that.

Do I need to give the usual warnings? You'll completely wipe the old system and if something does not work, you will have to reinitialize the server. If you don't want to take that risk, do not continue.

Cleaning up

First you will have to log into your "Virtuozzo Power Panel" in order to switch the system into repair mode. The original system now resides in /repair and you work in a safety mode.

Now log into your system via ssh and make a backup copy the old /etc/mtab (this helps to have a working df command at a later time point, reported by Gian):

     
cp /repair/etc/mtab /root/mtab.old                                                                                                                                                 

Now remove the old suse system:

                                                                                                                                                              
cd /repair                                                                                                                                                                         
rm -rf *                                                                                                                                                                           

In case this results in a failure your repair directory might be mounted as read-only (reported by Ulrich):

                                                                                                                                                              
mount -o remount,rw /repair                                                                                                                                                        

Install the basic Gentoo system

Now (still in /repair) start to download the stage and a portage snapshot from your nearest mirror:

                                                                                                                                                              
wget ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/experimental/x86/vserver/stage3-i686-20060317.tar.bz2
wget ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/snapshots/portage-latest.tar.bz2
tar xvjpf stage3-*.tar.bz2                                                                                                                                                         
tar xvjf portage-*.tar.bz2 -C /repair/usr                                                                                                                                          
rm stage3-*.tar.bz2 portage-*.tar.bz2                                                                                                                                              

The basic tools are now in place. Next we need the original network information:

                                                                                                                                                              
cp /etc/resolv.conf /repair/etc/                                                                                                                                                   

In addition copy the original mtab back into place:

                                                                                                                                                              
cp /root/mtab.old /repair/etc/mtab

And now we can chroot into the new Gentoo environment:

                                                                                                                                                              
mount -t proc proc /repair/proc/
mount -o bind /dev /repair/dev
chroot /repair                                                                                                                                                                     

Time to fix the timezone information and sync the portage tree:

                                                                                                                                                              
env-update                                                                                                                                                                         
source /etc/profile                                                                                                                                                                
export PS1="(chroot) $PS1"                                                                                                                                               
cp /usr/share/zoneinfo/Europe/Berlin /etc/localtime                                                                                                                                
emerge --sync                                                                                                                                                                      

Set a root password:

                                                                                                                                                              
passwd                                                                                                                                                                             

Please note that this password becomes your new master password for the server!

Optional: Configure a build host

The vServers are not the most powerful machines and they definitely benefit from pulling packages from a central build host. If you have such a machine you should complete your /etc/make.conf with the following variables:

PORTAGE_BINHOST="http://buildhost.example.com/packages/i686/All"
SYNC="rsync://buildhost.example.com/portage"
EMERGE_DEFAULT_OPTS=" --usepkg --getbinpkg --getbinpkgonly"

Move to baselayout2

The old baselayout-vserver probably still works but the newer baselayout2 also copes for vServers and I recommend to use it.

First we should ensure that we link to the current Gentoo profile:

                                                                                                                                                              
rm /etc/make.profile
ln -s ../usr/portage/profiles/default-linux/x86/2007.0 /etc/make.profile

Now we unmask the newer baselayout and the OpenRC package:

                                                                                                                                                              
echo "sys-apps/baselayout ~x86" >> /etc/portage/package.keywords
echo "sys-apps/openrc ~x86" >> /etc/portage/package.keywords

In case the kernel of the system underlying your virtual server is somewhat older, you should also ensure that you do not use the newer glibc-2.4 and that nptl is disabled:

                                                                                                                                                              
echo ">sys-libs/glibc-2.5-r4" >> /etc/portage/package.mask
echo "sys-libs/glibc -nptl -nptlonly" >> /etc/portage/package.use
Time to update the system:
emerge -uND world

Configure Gentoo as a virtual server

Now you can configure the network:

                                                                                                                                                              
emerge iproute2                                                                                                                                                                    
cd /etc/init.d                                                                                                                                                                     
rm net.eth0                                                                                                                                                                        
ln -s net.lo net.venet0                                                                                                                                                            
rc-update add net.venet0 default                                                                                                                                                   
rc-update add net.lo default                                                                                                                                                       

You will need to provide a static definition of your network parameters in /etc/conf.d/net. In order to determine the necessary parameters, follow the steps below:

                                                                                                                                                              
# ip addr                                                                                                                                                                          
326: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue                                                                                                                               
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00                                                                                                                          
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo                                                                                                                             
327: venet0: <BROADCAST,POINTOPOINT,NOARP,UP> mtu 1500 qdisc noqueue                                                                                                         
    link/void                                                                                                                                                                      
    inet 127.0.0.1/32 scope host venet0                                                                                                                                            
    inet 87.123.45.123/32 scope global venet0:0                                                                                                                                    

From the output note the ip of the venet0 adapter. Here it is 87.123.45.123.

Now you need the routing information:

                                                                                                                                                              
# ip route                                                                                                                                                                         
191.255.255.0/24 dev venet0  scope link                                                                                                                                            
127.0.0.0/8 dev lo  scope link                                                                                                                                                     
default via 191.255.255.1 dev venet0                                                                                                                                               

The necessary parameters are the first netmask and the default gateway (191.255.255.0/24 and 191.255.255.1).

Adapt the following settings to your specific parameters and echo it into your network configuration file:

                                                                                                                                                              
echo '                                                                                                                                                                             
modules="iproute2"
modules="!ifconfig"

config_venet0="87.123.45.123 netmask 255.255.255.0 broadcast 0.0.0.0"

routes_venet0="191.255.255.0/24 scope link
               default via 191.255.255.1"

' >> /etc/conf.d/net                                                                                                                                                         

I am not an expert on the network settings and the proper routing on a vserver but these settings did work for me. Please send me a mail if you have suggestions on how to improve the configuration.

Another comment by Ulrich:

I did put spaces between the config_venet0, routes_venet0 and the equal sign. It's not allowed to do so. Adding this as a don't to your explanation might save an hour or two to some guys out there.

Finally you need to add the ssh server to the default services so that you will be able to log into the system:

                                                                                                                                                              
rc-update add sshd default                                                                                                                                                         

Reboot into Gentoo

Now you should be able to end the repair mode. Log into your Virtuozzo Power Panel, select "Finish repair" and try to log into your vserver via ssh a short while later.

ChangeLog

  • 2008/04/30: Included moving to baselayout2

Tuesday, April 29, 2008

Moving to baselayout2

I finally took the time to move my configuration to baselayout2 and openrc. It was about time since I was still using the old baselayout-vserver packages on my vservers. I admit I was afraid the move would hurt so I waited for a while.

But it was really, really smooth.

I made only one mistake and did not notice that my link to net.lo vanished in the upgrade process. So I was subsequently wondering why ping responded with connect: invalid argument when pinging my own machine. Easy enough to fix.

Excellent work from the baselayout and OpenRC devs. Nice.

Friday, April 25, 2008

The OpenSourceSchool opens its doors

My publisher started with his next endeavor in bringing knowledge to the masses: The OpenSourceSchool. This time it is about spoken words - or courses - rather than written pages bound as books. Many OpenSourcePress authors are offering seminars there.

I would definitely have liked to offer a course about Gentoo there. But I had to agree with them that this would probably not raise enough interest from paying customers. Or am I wrong about that?

But of course there was room for the second topic dear to my heart: Kolab. The course will take five days and touch all major topics of the Kolab Server. Central components such as postfix, openldap, cyrus imap will provide the core components but I'll certainly also include a chapter about getting the Horde web client successfully installed. So we will hopefully have a new batch of Kolab experts in October.

And hopefully the preparations for the course will also help in laying the groundwork for a book about Kolab. This is the only book I still want to write after going through the pain of writing the Gentoo book.

Thursday, April 24, 2008

Another round of Horde bugs...

I'm back to Horde bug fixes and while their CVS server vanished in some kind of limbo I took the time to create a Horde/Kolab project page. Maybe it is a useful overview to the people interested in Horde. I definitely have to update the Kolab wiki, too. But that might still take a while.