Post Tagged with: "virtualization"

Setup lxc on Debian

Setup lxc on Debian

Using low-overhead virtualization methods like chroots, containers, etc. is a great way to gain most of the benefits of virtualization without the overhead of traditional hypervisor-based virtualization. Since 2011, lxc has become the standard, kernel-integrated lightweight virtualization method.

Setting Linux containers, or lxc, up on Debian is very straightforward:

Install lxc and bridge-utils

apt-get install lxc bridge-utils

Setup cgroup mount point

mkdir -p /cgroup
echo "cgroup /cgroup cgroup defaults 0 0" >> /etc/fstab
mount /cgroup

Make sure you have IP forwarding enabled

echo 1 > /proc/sys/net/ipv4/ip_forward

Modify your networking configuration

We'll setup an internal 10.0.0.1 network using dummy0 as the bridged device by adding the following to your /etc/network/interfaces:

auto dummy0
iface dummy0 inet static
  address 10.0.0.1
  netmask 255.255.255.0
 
auto br0
iface br0 inet static
  max_wait 0
  bridge_ports dummy0
  address 10.0.0.1
  netmask 255.255.255.0

Run the container setup script

Usage: lxc-debian.sh <distribution> <container-name> <container-number>

wget https://gist.github.com/raw/3008518/e3b87deb423ace3c67628fe501af79d46d9de04c/lxc-debian.sh
chmod +x lxc-debian.sh
./lxc-debian.sh wheezy test 2

Start the container and enter the console
(user and password are both root)

lxc-start -n test -d
lxc-console -n test

Optional: On the host, setup iptables rules to route to and from the container

This will route all traffic from the container out through the host's eth0, and route incoming traffic on port 10080/10443 on the host to port 80/443 on the container for a web server.

HOSTIP=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
DESTIP=$(grep address /var/lib/lxc/test/rootfs/etc/network/interfaces | awk '{print $2}')
iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -j SNAT --to-source $HOSTIP
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 10022 -j DNAT -i eth0 --to-destination $DESTIP:80
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 10443 -j DNAT -i eth0 --to-destination $DESTIP:443
June 27, 2012 0 comments Read More
Lower memory usage on OpenVZ VPS

Lower memory usage on OpenVZ VPS

I recently migrated CompleteFusion to a new hosting provider, which meant switching from a Xen-based VPS to OpenVZ. Although OpenVZ VPS hosting is generally much less expensive, it often lacks swap space and requires special consideration of memory usage. Running OpenSSH, MySQL, and Apache2 with mod_php5 caused out of memory problems, even with 512MB RAM.

First, I replaced OpenSSH with Dropbear, which uses about 50% less memory while providing very similar SSH2 server capabilities. On Debian, installing dropbear was simple:

apt-get install dropbear
sed -i 's/NO_START=0/NO_START=1/g' /etc/default/dropbear
/etc/init.d/ssh stop && /etc/init.d/dropbear start

Although I could have made various configuration changes to tune Apache2 to use less memory, switching to a stock lighttpd configuration with fastcgi was enough to reduce memory usage to acceptable levels. I installed lighttpd on Debian as follows:

apt-get install lighttpd
apt-get install php5-cgi
echo "cgi.fix_pathinfo = 1" >> /etc/php5/cgi/php.ini
lighttpd-enable-mod fastcgil
/etc/init.d/lighttpd force-reload

On my OpenVZ VPS, I ran into a problem with starting lighttpd, where it reported that port 80 was in use, even though it wasn't. As it turns out, it was apparently because my container lacked IPv6 support. I resolved it by commenting out the following line in /etc/lighttpd/lighttpd.conf:

#include_shell "/usr/share/lighttpd/use-ipv6.pl"
These changes should lower your memory usage enough to run well inside of 512MB RAM, but additional configuration will probably be needed if you only have 256MB or less.

June 17, 2010 0 comments Read More