首頁 » lxc » 建立 Template 與 P2V

LXC - Centos 5.5 Template

由 datahunter 在 三, 22/03/2023 - 15:37 發表

 

 

Centos 5.5 Template

 

chroot rootfs

export PATH=/bin:/sbin:/usr/bin:/usr/sbin

touch /lxc /root/lxc             # 防止去錯地方

清了不要的 file

> /etc/fstab

rm /etc/hostname

Disable udev

vi /etc/rc.d/rc.sysinit

#/sbin/start_udev

No IPV6

/etc/modprobe.conf

# 其他並加入 module

blacklist ipv6

/etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=mail

iptables:

/etc/sysconfig/iptables-config

IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="no"

/etc/sysconfig/iptables

# Allow ssh
-A INPUT -m state --state NEW -m tcp -p tcp -s 192.168.200.0/24 --dport 22 -j ACCEPT

設定 Network

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="static"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"

GATEWAY=192.168.200.254
NETMASK=255.255.255.0
IPADDR=192.168.200.31

關掉不用的 Service:

查看現在在行的 Service

chkconfig --list | grep "3:on"

停用:

chkconfig --levels 2345 <service> off

一般而言, 以下 Service 是不用在 vps 上運行的

chkconfig irqbalance off
chkconfig acpid off
chkconfig microcode_ctl off
chkconfig ntpd off
chkconfig smartd off
chkconfig xfs off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig kudzu off
chkconfig autofs off
chkconfig hidd off
chkconfig auditd off
chkconfig cups off
chkconfig cpuspeed off
chkconfig portmap off
chkconfig nfslock off
chkconfig gpm off
chkconfig acpid off
chkconfig haldaemon off
chkconfig avahi-daemon off
#
chkconfig zabbix-agent off
chkconfig sysstat off
#
chkconfig netfs off
chkconfig lvm2-monitor off
#
chkconfig iptables off
chkconfig ip6tables off
#
chkconfig vmware-tools off

cpuspeed

user-space cpu frequency scaling program

kudzu

detects and configures new and/or changed hardware on a system

irqbalance

distribute hardware interrupts across processors on a multiprocessor system

haldaemon

hald is a daemon that maintains a database of the devices connected to the system system in real-time.

The daemon connects to the D-Bus system message bus to provide an API that applications can use to discover,

monitor and invoke operations on devices.

暫停 Service:

# Mail Service
chkconfig postfix off
chkconfig dovecot off
chkconfig amavisd off
chkconfig spamassassin off
# Web
chkconfig httpd off
chkconfig mysqld off
chkconfig vsftpd off
# Other
chkconfig crond off
chkconfig webmin off
chkconfig xinetd off
chkconfig ntpd off
chkconfig rsyslog off
chkconfig iptables off
chkconfig sysstat off

建立 /dev:

# 在新版 lxc 未必要

執行 mkdev.sh

Device 的設定

config

# Network configuration
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.veth.pair = mail

# 
lxc.kmsg = 0
lxc.autodev = 1

# tty
lxc.tty = 4
lxc.pts = 1024

## Devices
lxc.cgroup.devices.deny                 = a
# /dev/null
lxc.cgroup.devices.allow                = c 1:3 rwm
# /dev/zero
lxc.cgroup.devices.allow                = c 1:5 rwm
# /dev/full
lxc.cgroup.devices.allow                = c 1:7 rwm
#  consoles
lxc.cgroup.devices.allow                = c 5:1 rwm
# /dev/tty[0-3]
lxc.cgroup.devices.allow                = c 5:0 rwm
lxc.cgroup.devices.allow                = c 4:0 rwm
lxc.cgroup.devices.allow                = c 4:1 rwm
lxc.cgroup.devices.allow                = c 4:2 rwm
lxc.cgroup.devices.allow                = c 4:3 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow                = c 1:9 rwm
lxc.cgroup.devices.allow                = c 1:8 rwm
# /dev/pts/n
lxc.cgroup.devices.allow                = c 136:* rwm
# /dev/ptmx
lxc.cgroup.devices.allow                = c 5:2 rwm
# /dev/rtc
lxc.cgroup.devices.allow                = c 254:0 rm

Setup Console

boot log

...
INIT: Id "5" respawning too fast: disabled for 5 minutes
INIT: Id "6" respawning too fast: disabled for 5 minutes

/etc/inittab

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty console
#2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6

/etc/securetty

# 加入
lxc/console
lxc/tty1
lxc/tty2
lxc/tty3

/etc/rc.d/rc.sysinit

Loading default keymap (us): /etc/rc.d/rc.sysinit: line 396: /dev/tty0: No such file or directory

因為 LXC 內係沒有 tty0 的

#  $LOADKEYS $KEYMAP < /dev/tty0 > /dev/tty0 2>/dev/null && \
#     success $"Loading default keymap" || failure $"Loading default keymap"

Disable sync clock

# [ -x /sbin/hwclock ] && /sbin/hwclock $CLOCKFLAGS

Setting up Logical Volume Management: File descriptor 21 (anon_inode:[signalfd]) leaked on lvm.static invocation. Parent PID 5: /bin/bash

#if [ -f /etc/mdadm.conf ]; then
#    /sbin/mdadm -A -s
#fi

#       if [ -x /sbin/lvm.static ]; then
#               action $"Setting up Logical Volume Management:" /sbin/lvm.static vgchange -a y --ignorelockingfailure
#       fi

/etc/sysconfig/init

# Set to anything other than 'no' to allow hotkey interactive startup...
PROMPT=no

OS start 到後的 Debug

lxc-attach -n mail /bin/bash

export PATH=/bin:/sbin:/usr/bin:/usr/sbin

 

»
  • 瀏覽次數: 161

Creative Commons license icon Creative Commons license icon