Most virtualization systems are hypervisor-based. Container-based virtualization offers another approach, in which multiple isolated containers are created on a physical server. All of these containers are used on top of the same base operating system installation. In these containers, the administrator can create the virtual machine (VM). Every virtual machine runs completely isolated from the VMs in other containers and is therefore secure. OpenVZ is an open source product using this technology.
OpenVZ's approach to virtualization is completely different from other open source products such as Xen and KVM. However, compared with other virtualization techniques, OpenVZ has a limitation: The host as well as all the virtual guest operating systems must run Linux. Different Linux distributions can run as virtual guests. OpenVZ is also the basis of Parallels Virtuozzo Containers, a commercial virtualization product that offers container-based virtualization.
The major benefit of this approach is performance. In OpenVZ, it's just Linux talking to Linux, so no complex translation needs to be done. At the same time, the setup is secure because the containers really act like environments that are isolated from one another.
OpenVZ can run both on major Linux distributions such as Red Hat and Debian. Currently, installation on Ubuntu is not supported. The following procedure covers an installation of OpenVZ on Red Hat-based systems. This procedure supports installation using Yum, as well as installation with RPM packages, on a 64-bit operating system.
1. Download the repository file for OpenVZ. Before starting the installation, download the repository file and put it in the "/etc/yum.repos.d" directory. You can download the repository file using the following wget command:
Following this command, you should also import the GPG key that belongs to the repository, as follows:
rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
2. Install the OpenVZ kernel. Different kernels are available, and the type of kernel that you select depends on the hardware you are using and the number of containers you are going to create. First, there is the SMP kernel, which you would use in a symmetric multiprocessor environment. It supports up to 4 GB of RAM and a maximum of 10 to 20 containers. Next is the "entnosplit" kernel, which uses the Physical Address Extension (PAE) and supports a maximum of up to 64 GB of RAM and 10 to 30 containers. Then there is the enterprise kernel, which also supports SMP and PAE and which is the best choice to handle lots of containers, over 20 to 30 at the same time. When using OpenVZ on a 32-bit operating system, it is important that you choose the right kernel.
If you are using a 64-bit operating system, the SMP kernel fits all needs, since in 64-bit there no longer is a 4GB RAM limitation that you need to overcome using PAE. Assuming that you are using 64-bit, use the following command to install this kernel:
yum install ovzkernel-smp
At this point, the OpenVZ kernel is installed and automatically added to your GRUB configuration. After a reboot, the OpenVZ kernel starts automatically.
3. Before restarting, you need to tune a couple of sysctl parameters. Make sure that all the parameters shown in Listing 1 are in the "/etc/sysctl.conf" file.
Listing1 :. Required Optimization Parameters in /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
4. Make sure that SELinux is off. You can do that by putting the following value in the "/etc/sysconfig/selinux" file:
5. Install the OpenVZ tools. To do this, use the following command:
yum install vzctl vzquota
6. Edit the "/etc/vz.conf" file. if you are planning to use IP addresses in the virtual machines that are from a different IP address range than the IP address of the host machine. Also, make sure that it contains the following:
7. Restart your computer, which will activate the OpenVZ kernel.
The next part of this series will describe how to create a template for a virtual operating system in OpenVZ.
About the expert
Sander van Vugt is an independent trainer and consultant based in the Netherlands. Van Vugt is an expert in Linux high availability, virtualization and performance and has completed several projects that implement all three. He is also the writer of various Linux-related books, such as Beginning the Linux Command Line, Beginning Ubuntu Server Administration and Pro Ubuntu Server Administration.