OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow container #101 to use the TUN/TAP device the following should be done:
Make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use the following command to load tun module: .
# modprobe tun
To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/CTID.mount. (echo 'modprobe tun' >> /etc/sysconfig/vz-scripts/CTID.mount)
Granting container an access to TUN/TAP
Allow your container to use the tun/tap device by running the following commands on the host node:
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
And create the character device file inside the container (execute the following on the host node):
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun
Configuring VPN inside container
After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside container just like on a usual standalone linux box.
The following software can be used for VPN with TUN/TAP:
* Virtual TUNnel (http://vtun.sourceforge.net)
* OpenVPN (http://openvpn.net)
If NAT is needed within the VE, this error will occur on attempts to use NAT:
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
ABHIONLINUX
Site useful for linux administration and web hosting
2010/02/26
2010/01/26
How to add a new hdd to linux server.
Issue the command fdisk -l, you can see the new hard disk connected to the server.
For example:
----------------------------------------------------
Disk /dev/sda: 1500.3 GB, 1500301910016 bytes
255 heads, 63 sectors/track, 182401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 182401 1465031610 8e Linux LVM
Disk /dev/sdb: 1500.3 GB, 1500301910016 bytes
255 heads, 63 sectors/track, 182401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk /dev/sdb doesn't contain a valid partition table
-------------------------------------------------------
Then you need to create a partition in the new server. Using the command 'n', you can create a new partition. Select the partition number and issue the command "w" to write write the partition.
------------------------------------------------------
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.
The number of cylinders for this disk is set to 182401.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4):
Value out of range.
Partition number (1-4): 1
First cylinder (1-182401, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-182401, default 182401):
Using default value 182401
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
----------------------------------
Then you have to create a file system in the new hard disk.
mkfs -t ext3 /dev/sdb1 or mkfs.ext3 /dev/sdb1
------------------------------------------
[root@localhost ~]# mkfs.ext3 /dev/sdb1
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
183091200 inodes, 366181585 blocks
18309079 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=0
11175 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information:
done
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
---------------------------------------------
Then you have to mount the hard disk to the directory /home1
mount /dev/sdb1 /home1
For example:
----------------------------------------------------
Disk /dev/sda: 1500.3 GB, 1500301910016 bytes
255 heads, 63 sectors/track, 182401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 182401 1465031610 8e Linux LVM
Disk /dev/sdb: 1500.3 GB, 1500301910016 bytes
255 heads, 63 sectors/track, 182401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk /dev/sdb doesn't contain a valid partition table
-------------------------------------------------------
Then you need to create a partition in the new server. Using the command 'n', you can create a new partition. Select the partition number and issue the command "w" to write write the partition.
------------------------------------------------------
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.
The number of cylinders for this disk is set to 182401.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help): n
Command action
e extended
p primary partition (1-4)
e
Partition number (1-4):
Value out of range.
Partition number (1-4): 1
First cylinder (1-182401, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-182401, default 182401):
Using default value 182401
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
----------------------------------
Then you have to create a file system in the new hard disk.
mkfs -t ext3 /dev/sdb1 or mkfs.ext3 /dev/sdb1
------------------------------------------
[root@localhost ~]# mkfs.ext3 /dev/sdb1
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
183091200 inodes, 366181585 blocks
18309079 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=0
11175 block groups
32768 blocks per group, 32768 fragments per group
16384 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information:
done
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
---------------------------------------------
Then you have to mount the hard disk to the directory /home1
mount /dev/sdb1 /home1
Subscribe to:
Posts (Atom)