Virtuozzo Tips and Tricks
July 13th, 2007
http://netfreak.caHere are some easy tips and tricks for accomplishing more with SWsoft’s Virtuozzo virtualization software. Much of the included information should also apply to the open source OpenVZ software.
Enabling TUN Access for a VE
# vzctl set <VEID> –devices c:10:200:rw –save
# vzctl exec <VEID> mkdir -p /dev/net
# vzctl exec <VEID> mknod /dev/net/tun c 10 200
# vzctl exec <VEID> chmod 600 /dev/net/tun
Shell Script: Execute command on all VEs
for i in $(vzlist -H |awk {’print $1'}); do
if [ “$i” != “1? ]; then
vzctl exec2 $i “command; next command”
fi
done ;
Setting higher iptables rules limit (for CSF, etc)
# vzctl set <VEID> –numiptent 400 –save
VZ external mount points
# mount –bind /dev/<device> /vz/root/<VEID>/<mountpath>
Setting VE Quotas
# vzctl set <VEID> –quotaguid 2000
# vzquota on <VEID> -p /vz/private -r 0 -s 1 -u 2000 -b <soft diskspace> -B <hard diskspace> -i <soft inode> -I <hard inode>
Separating RAM and SWAP in VE
This particular issue is seen within an environment. Instead of showing separate dedicated RAM and SWAP, both numbers are added together as RAM and SWAP shows as zero. SWsoft techs report that this will not cause a performance problem, but can be fixed using this command on the hardware node:
# sysctl -w slm.task_group_priv=1000
If you're using Virtuozzo or OpenVZ to run multiple containers with the intention of connecting between them internally, you'll want to add a static route for the internal network on each container:
route add -net 10.1.1.0 netmask 255.255.255.0 dev venet0
Without this, communication internally does sometimes work but seems to often timeout or fail completely posting data to an internal only container.
Another option for communicating between VEs without using public IPs is via bridge interface. The following can be used to create a bridge:
modprobe -o dummy0 dummy
ifconfig dummy0 up
brctl addbr vmbr10
brctl addif vmbr10 dummy0
ifconfig vmbr10 up