Linux VServer/en

From JonDonym Wiki
Jump to: navigation, search

En2.png De2.png  Main Page | Debian Setup for Mixes

Contents

Linux VServer Setup

We recommend to isolate and virtualize all the processes necessary for deploying a mix server. In order to virtualize processes there are several options. VMware or XEN aim at starting a complete second operating system running in parallel to the first one. These virtual systems behave like independent computers. It is necessary to allocate physical resources statically.

It is a bit easier to set up a Linux Vserver (that's why we describe this procedure in the following). Instead of starting several kernels this virtualization is implemented at the operating system level, similar to Jails in FreeBSD.

All data of your virtual server may stored in an encrypted container. For data encryption please read the DM-Crypt turorial.

Prepare your IP addresses

You need one IP address for the host system and at least one additional IP address for every vserver. Please contact your ISP. The ISP can provide IP addresses for your server.

At the host system all daemons have to listen only at the IP address of the host. Otherwise the vserver daemons will not be reachable. By default all daemons use the joker address 0.0.0.0. Please change this value for all daemons running on the host system.

You can configure the SSH daemon in /etc/ssh/sshd.conf. Replace the value for ListenAddress 0.0.0.0 with your IP address. For the example the IP address 123.123.123.123 is used.

ListenAddress 127.0.0.1
ListenAddress 123.123.123.123

bind9 you can configure in /etc/bind/named.conf.options.

options {
  ....
  listen-on { 127.0.0.1; 123.123.123.123; };
  ....
}; 

Prepare your host system

For using vservers you need a special Linux kernel. It is normally called linux-image-vserver-686-arch. All Linux distributions offer script collections and utils for installing and managing vservers. You can install all the stuff with the package manager of your distribution.

Debian i386: aptitude install linux-image-vserver-686 util-vserver vserver-debiantools
Debian amd64: aptitude install linux-image-vserver-amd64 util-vserver vserver-debiantools

After installation you have to reboot your host.

Create a VServer

Creation of a vserver can be done by a single command:

newvserver --vsroot /vserver 
           --hostname sample
           --domain sample.server.tld 
           --ip 124.124.124.124/32 
           --dist squeeze
           --mirror http://ftp2.de.debian.org/debian 
           --interface eth0
  • --vsroot directory for all vserver data.
  • --hostname name of the new vserver.
  • --domain FQDN of the new vserver.
  • --ip IP address for the vserver.
  • --dist use the same distribution like the host system.
  • --mirror mirror of the Linux distribution for packages.
  • --interface network interface for the IP address.

After installation the vserver is stopped.

If the new vserver has problems with DNS resolving, please edit /vserver/<name>/etc/resolv.conf bevor you start the vserver again.

Manage your VServers

The tool vserver offers the possibility to start, stop and enter a vserver.

Start a vserver:

vserver <name> start

Stop a vserver:

vserver <name> stop

Check the status of a vserver:

vserver <name> status

Enter a vserver as root:

vserver <name> enter

Run a command in a vserver with root privilegs:

vserver <name> exec command

Additional there are some commands for maintance. vapt-get can only work on running VServers. Please check first, if all VServer were running.

vapt-get --all upgrade
vapt-get --all dist-upgrade

Delete a VServers

If you did not need a vserver any more, you can delete it.

vserver <name> delete
Personal tools