Creating an OpenVZ OS Template for Fedora 9 Preview

I decide to create an OpenVZ OS Template for Fedora 9 Preview. I hope to use it at the Linuxfest Northwest 2008. Creating an OS Template wasn't too hard. Actually, I created two OS Templates. One was a "minimal" and the other was a "withGUI". The "withGUI" includes KDE, GNOME, XFCE, all of the desktop apps like OpenOffice.org, GIMP, Inkscape, etc. Creating an OS Template that includes one or more desktop environments can be tricky. Admittedly, not very many people would want to use the Fedora 9 Preview after the official release comes out but these instructions should also apply to the final release if you replace the Preview DVD .iso image with the final release .iso. Read the full article for all of the details.

Create and upgrade from a Fedora 8 container

1) Mount Fedora 9 Preview DVD .iso image somewhere under webspace so it can be gotten to via http.

2) Create a container from the fedora-8-i386-minimal.tar.gz available in the OpenVZ Contributed OS Templates download page. I'm the person who created that contributed OS Template.

3) Upgrade your Fedora 8 container to Fedora 9 Preview - Examine the .repo files in /etc/yum.repos.d. Usually I create a directory named factory and move all of the .repo files into it just to get them out of the way... and then I create a new local.repo file and point it to the top level directory of the DVD.

4) Do a yum clean all ; yum update in your container. Using the minimal Fedora 8 OS Template means that you have very few packages installed to begin with and the upgrade to Fedora 9 Preview will actually go well. After the upgrade is complete I always do a yum clean all just to ensure that there aren't any lingering files left over from the upgrade process.

5) Now verify that your container still works. Log out of your container and as root on the hardware node, do a vzctl restart {CTID} where CTID is the name or container ID of the Fedora container you created. It restarted fine for me. I wanted to use that as a base so I created a new OS Template out of it.

Creating a new OS Template

1) Stop the container with vzctl stop {CTID}

2) As root on the host node, cd to /vz/private/{CTID} and tar.gz up that directory with a command like:

tar -cvzf /vz/template/cache/fedora-9-i386-minimal.tar.gz .

That will create the desired .tar.gz file in the directory vzctl looks for OS Templates in.

3) Destroy your container and create a new one with your new OS Template:

vzctl destroy {CTID}

vzctl create {CTID} \
--ostemplate fedora-9-i386-minimal \
--conf {desired-config-file}

vzctl set {CTID} \
--name {desired-name} \
--hostname {fqdn-hostname} \
--ipadd {nn.nn.nn.nn} \
--nameserver "nn.nn.nn.nn nn.nn.nn.nn" \
--diskspace {nG:nG} \
--save

Turn the minimal OS Template into a GUI

yum has an option that can do a lot of the work for you. That option is groupinstall. Before you can do a groupinstall you need to know the names of the groups that are available. To find out just do a:

yum grouplist > groups.txt

I've explained how to use yum groupinstall in a previous blog posting. While that posting did refer to CentOS 5, since both use yum it works fine on Fedora. Just make sure to use do your grouplist on Fedora and use the proper Fedora group names for the groupinstall. For my withGUI OS Template I installed everything related to desktops and software development and did not install any of the server related stuff.

There are a few details you have to pay attention to or else you could break your container. OpenVZ uses a couple of dummy packages and given the vast amount of software you are going to install in one fell swoop, a small handful of packages will conflict with the OpenVZ dummy packages. To avoid the conflict and potentially breaking my container I do the following:

rpm -ivh --justdb --nodeps --force \
http://{URL-to-mirror}/hal-{version}.fc9.i386.rpm \
http://{URL-to-mirror}/hal-libs-{version}.fc9.i386.rpm \
http://{URL-to-mirror}/kernel-{version}.fc9.i686.rpm \
http://{URL-to-mirror}/udev-{version}.fc9.i386.rpm \
http://{URL-to-mirror}/module-init-tools-{version}.i386.rpm

As you can tell, the dangerous packages are hal, hal-libs, kernel, udev, and module-init-tools. Actually you could get away with actually installing the kernel package but it would never be used (as with OpenVZ the only kernel is on the host node) and is a big waste of disk space. Please note that you should replace {URL-to-mirror} with the full host/path that will get you to the packages in question... and {version} with whatever the current/available package versions are.

Now that those steps have been taken you can do the huge yum groupinstall {groupname groupname ...} and install all of the GUI stuff. In my case there were over 1,200 packages that got installed. When done, don't forget to do a yum clean all.

Now you can logout of your container, and restart it just to make sure you didn't break anything. If it starts, stop it again and make another OS Template out of it. I usually replace "minimal" with "withGUI" in the OS Template name.

How to access a desktop environment

This isn't going to be a comprehensive guide to using vncserver but it's how I prefer to do it.

Start up your container, login, create a user account. Install vnc-server (yum install vnc-server). Well, you might want to do that before you create your OS Template so it'll always be there... you decide. Login as the new user you created. Run vncpasswd, create a ~/.vnc/xstartup to your liking and make sure to set it to be executable. Mine looks like this:

#!/bin/sh
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
/usr/bin/startkde &

You can replace startkde with gnome-session if you'd prefer to run GNOME. Hmmm, I'm not sure what it is for XFCE but it can be done.

Then startup the vncserver inside of the container. Here's how I usually start it:

vncserver -geometry 1024x768 -depth 16

Now connect to your new desktop via vnceviewer and you can try out your new GUI desktop.

Some additional notes on OS Template cleanup

Some things you might want to do while your container is stopped before you create the .tar.gz for your OS Template include:

• Clean out /etc/hosts, /etc/resolv.conf
• Restore /etc/yum.repos.d/ to normal if you modified it
• Remove the key files from /etc/ssh/ so when a new container is created it'll generate it's own unique openssh keys
• Delete everything in /tmp
• Zero out any text log files under /var/log/
• Delete anything in /root you don't need... like .bash_history if it is there

Doing the above steps will make for a clean OS Template. Oh, you can also remove the password field in /etc/shadow for the root account if you set one... as well as delete any additional user accounts you might have made if the container has been in use for a while.