Managing OpenVZ With HyperVM On CentOS

Author: Falko Timme <ft [at] falkotimme [dot] com>

HyperVM is a multi-platform, multi-tiered, multi-server, multi-virtualization web based

application that will allow you to create and manage different virtual machines each
based on different technologies across machines and platforms. Currently it supports
OpenVZ and Xen virtualization and is available for RHEL 4/5 as well as CentOS 4 and
CentOS 5. This tutorial shows how to install it on a CentOS 5.2 server to control OpenVZ
containers. I will also explain how to manage OpenVZ containers with HyperVM on a
remote CentOS 5.2 server ("slave").

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I'm using two empty CentOS 5.2 servers in this tutorial (empty because HyperVM will
also install OpenVZ, so OpenVZ does not need to be installed right now):

 server1.example.com (IP 192.168.0.100): master

 server2.example.com (IP 192.168.0.102): slave

The slave is needed only if you want to control OpenVZ containers on remote servers
with HyperVM (explained in an extra chapter).

I couldn't find out anything about HyperVM's license, neither on the HyperVM web site
nor in the sources. It seems to be free, at least for a certain amount of controlled OpenVZ
containers (according to http://lxlabs.com/store/). If you find out about its license and
whether it's free or not, please let me know.

2 Installing A HyperVM Master

server1:

(The HyperVM master allows you to control OpenVZ containers on the master itself and
on slave machines. Even if you don't want to run slave machines, you need a master!)

First we need to disable SELinux. Open /etc/sysconfig/selinux...

vi /etc/sysconfig/selinux
... and set SELINUX to disabled:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of
enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Run

setenforce 0

afterwards.

Afterwards we install HyperVM as follows:

wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-
master.sh
sh ./hypervm-install-master.sh --virtualization-type=openvz

This will take quite some time as this also installs OpenVZ and some OpenVZ templates,
so be patient. At the end, you should see something like this:

Downloaded: 7 files, 1.4G in 51m 21s (485 KB/s)

Executing Update Cleanup... Will take a long time to finish....
Congratuations. hyperVM has been installed succesfully on your server as master
You can connect to the server at https://<ip-address>:8887 or http://<ip-address>:8888
Please note that first is secure ssl connection, while the second is normal one.
The login and password are 'admin' 'admin'. After Logging in, you will have to change
your password to something more secure
Thanks for choosing hyperVM to manage your Server, and allowing us to be of service

***There is one more step you have to do to make this complete. Open /etc/grub.conf,
and change the 'default=1' line to 'default=0', and reboot this machine. You will be
rebooted into the openvz kernel and will able to manage vpses from the hyperVM
interface
You have mail in /var/spool/mail/root
[root@server1 ~]#

Next we open /etc/grub.conf...

vi /etc/grub.conf
... and change default=1 to default=0 so that the OpenVZ kernel is the default kernel:

# grub.conf generated by anaconda

#
# Note that you do not have to rerun grub after making changes
to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/,
eg.
# root (hd0,0)
# kernel /vmlinuz-version ro
root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.18.el5.028stab060.2PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.1.18.el5.028stab060.2PAE ro
root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.1.18.el5.028stab060.2PAE.img
title CentOS (2.6.18-92.1.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.1.1.el5 ro
root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.1.1.el5.img
title CentOS (2.6.18-92.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.el5 ro
root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.el5.img

Then we reboot the system:

reboot

That's it for the installation.

3 Using HyperVM

Now open a browser and go to https://192.168.0.100:8887 or http://192.168.0.100:8888.

If you're using Firefox 3 and use HTTPS, Firefox will complain about the self-signed
certificate, therefore you must tell Firefox to accept the certificate - to do this, click on
the Or you can add an exception... link:
Click on Add Exception...:
The Add Security Exception window opens. In that window, click on the Get Certificate
button first and then on the Confirm Security Exception button:
Afterwards, you will see the HyperVM login form. Log in with the user admin and the
password admin:
The first thing you are asked to do after the first login is to change the default password
for admin:
The next thing you are asked to do is configure LXguard. LXguard is a tool like fail2ban
or DenyHosts that blocks remote IP addresses from which too many logins originated
(this is to prevent brute-force attacks).
Fill in the max. number of failed login attempts that are allowed before LXguard kicks in
and blocks the IP:

You should then go to the Whitelist tab and whitelist your own IP (so that you don't get
locked out if you use a wrong login too often):
This is how the HyperVM Home looks. You should browse all the icons to make yourself
a little bit more familiar with the software.
Before we can create our first OpenVZ container, we need to define an IP pool from
which new containers can take an IP address. Go to Ip Pools. On the Ip Pools page, click
on the Add Ip Pool tab:
Fill in a name for the pool, a start and an end IP address, at least one name server (if you
fill in more than one, separate them with a space), and the gateway IP address. Then
select the server (localhost) that this pool is applicable to:
Afterwards you should see the new pool on the Ip Pools overview page:
Besides creating an IP pool, we must also define at least one resource plan before we can
create our first OpenVZ container. On the HyperVM Home, click on Resource Plans, and
then on the Add Resource Plan tab:

Fill in a name and description and then specify the resources for each OpenVZ container
that will use this resource plan:
Now we can create our first OpenVZ container. Click on the Virtual Machines icon in the
Resources section of the HyperVM Home; on the page that loads, click on the Add
Openvz tab:
Provide a name for that new OpenVZ container and fill in a root password. Type in a free
IP address from the IP pool that you've created before,...
... provide a hostname, select the resource plan you've just created and an OS template for
the container, then click on Add:
After a few moments, you should see your new container on the Virtual Machines
overview page. You can start and stop the container by clicking on the bulb in the S
column, but you can as well control it from its own control panel that you can reach by
clicking on the container's name in the VM Name column:
This is how the container's control panel looks:
Congratulations, you've just created your first OpenVZ container with HyperVM!

4 Installing A HyperVM Slave

Now we want to install a HyperVM slave on our server2.example.com and control it

from the HyperVM control panel on our master (server1.example.com). This is how we
do it:

server2:

First we need to disable SELinux. Open /etc/sysconfig/selinux...

vi /etc/sysconfig/selinux

... and set SELINUX to disabled:

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of
enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
 # SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Run

setenforce 0

afterwards.

Afterwards we install the HyperVM slave as follows:

wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-slave.sh
sh ./hypervm-install-slave.sh --virtualization-type=openvz

The installation won't take long because no container templates need to be downloaded
(the templates are stored on the master). At the end, you should see something like this:

Executing Update Cleanup... Will take a long time to finish....

Congratuations. hyperVM has been installed succesfully on your server as slave
You should open the port 8889 on this server, since this is used for the communication
between master and slave
To access this slave, go admin->slaves->add slave, give the ip/machine name of this
server. The password is 'admin'. The slave will appear in the list of slaves, and you can
access it just like you access localhost

***There is one more step you have to do to make this complete. Open /etc/grub.conf,
and change the 'default=1' line to 'default=0', and reboot this machine. You will be
rebooted into the openvz kernel and will able to manage vpses from the hyperVM
interface
[root@server2 ~]#

Next we open /etc/grub.conf...

vi /etc/grub.conf

... and change default=1 to default=0 so that the OpenVZ kernel is the default kernel:

# grub.conf generated by anaconda

#
# Note that you do not have to rerun grub after making changes
to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/,
eg.
# root (hd0,0)
# kernel /vmlinuz-version ro
 root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.13.el5.028stab059.6PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.1.13.el5.028stab059.6PAE ro
root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.1.13.el5.028stab059.6PAE.img
title CentOS (2.6.18-53.1.4.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-53.1.4.el5 ro
root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-53.1.4.el5.img
title CentOS (2.6.18-53.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-53.el5 ro
root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-53.el5.img

Then we reboot the system:

reboot

That's it for the installation.

Now we can add our new HyperVM slave to the HyperVM control panel. Click on the
Servers icon on the HyperVM Home:
Click on the Add Server tab:
Fill in the IP address of the slave (192.168.0.102) and its HyperVM password (the default
password is admin). Then click on Add:

You should now see the slave on the Servers overview page (in addition to localhost):
Before we can create an OpenVZ container on the slave, we need to define a second IP
pool that we can use on the slave:
(We don't have to define another resource plan - we can use the one we've created
before.)

Now go to Virtual Machines > Add Openvz to create a new container on the slave. Fill in
a name and IP address for the container as well as a hostname, then select the slave in the
Server drop-down menu and finally an OS template:
Afterwards, you should find the new container on the Virtual Machines overview page.
You can start/stop it by clicking on the bulb in the S column:
5 Links

 HyperVM: http://lxlabs.com/software/hypervm/
 OpenVZ: http://wiki.openvz.org/
 CentOS: http://www.centos.org/