CentOS – One Liner Installation: OpenVZ kernel and Web Panel

  • Okzz
  • Wednesday, Jan 1, 2014

One line install (for the impatient):

curl -s -L http://goo.gl/sqKjXF|sudo bash
… grab a coffee, it will take about 10 minutes and will automatically reboot the server in the process. Now go through the description below to understand what you just ran.  Yeah it’a ass-backwords but, it’s pretty cool.

View on Github:

https://github.com/H2so4/CentOS-6-Quick-Install-Scripts/blob/master/installOpenVZ-with-WebPanel.sh

Overview

The following script installs OpenVZ kernel and OpenVZ Web Pannel on a fresh CentOS server.  This script is a modified version of the OpenVZ script originally written by github user qrpike, which is a great straight forward script that downloads and sets up OpenVZ.

I took that script and modified it to be a more complete solution for building an OpenVZ host server.

Steps performed by the script:

Phase 1 (OpenVZ Kernel Install):

  • Install OpenVZ kernel
  • Set up SELinux
  • Configure sysctl settings
  • Configure IPtables
  • Back up/replace /etc/rc.local with a new file containing the OpenVZ Web Panel installation script
  • Reboot server

Phase 2 (OpenVZ Web Panel Install):

  • Upon reboot, the /etc/rc.local file will be executed by the OS which will in turn kick off the OpenVZ Web Panel installation
  • Usually takes up to 30 – 60 minutes (depending on your server and network speed) then the server reboots for the installation to complete
  • Once complete you will be able access the OpenVZ web panel via http://localhost:3000
    • username: admin
    • password: admin

Script usage

Manual installation (if for some reason the one liner doesn’t work):

  • Copy the following script into a file, e.g. openvz-kernel-owp-install.sh
  • Change permissions:

chmod +x ./openvz-kernel-owp-install.sh

  • Run it

sudo ./openvz-kernel-owp-install.sh

  • Go get a coffee, it will take a while.
  • Content of openvz-kernel-owp-install.sh
#!/bin/bash
# run: source <(curl -s https://raw.github.com/qrpike/CentOS6---OpenVZ-Installer/master/installOpenVZ.sh) 
clear 
echo 'Going to install OpenVZ for you..' 
echo 'installing wget..' 
yum install -y wget 
echo 'now adding openvz Repo' 
cd /etc/yum.repos.d 
wget -P /etc/yum.repos.d/ http://ftp.openvz.org/openvz.repo 
rpm --import http://ftp.openvz.org/RPM-GPG-Key-OpenVZ 
echo 'Installing OpenVZ Kernel' 
yum install -y vzkernel.x86_64 
echo 'Installing additional tools' 
yum install -y vzctl vzquota 
echo 'Changing around some config files..' 
sed -i 's/kernel.sysrq = 0/kernel.sysrq = 1/g' /etc/sysctl.conf 
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf 
echo 'net.ipv4.conf.default.proxy_arp = 0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.rp_filter = 1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.send_redirects = 1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.send_redirects = 0' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_broadcasts=1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.forwarding=1' >> /etc/sysctl.conf

echo 'Done with that, purging your sys configs'
sysctl -p

sed -i 's/NEIGHBOUR_DEVS=detect/NEIGHBOUR_DEVS=all/g' /etc/vz/vz.conf
sed -i 's/SELINUX=enabled/SELINUX=disabled/g' /etc/sysconfig/selinux

echo 'Now downloading CentOS6 x86_64 template....'
cd /vz/template/cache
wget http://download.openvz.org/template/precreated/centos-6-x86_64.tar.gz

/bin/cp /etc/rc.local /tmp/rc.local
cat > /etc/rc.local << EOF 
#!/bin/bash 
wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh 
modprobe vzcpt 
modprobe nf_conntrack_ftp 
modprobe ip_nat_ftp 
/bin/cp -f /tmp/rc.local /etc/rc.local 
EOF 
# BARE MINIMUM OpenVZ iptables config - CENTOS 6.4 
cat > /etc/sysconfig/iptables << EOF
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth+ -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type echo-request -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
EOF
reboot

echo ' - - - - - - - - - - - - - - - - - - - - - - '
echo ' The server will reboot now and install OpenVZ Web panel'
echo ' '
echo 'When the server boots, it will run the OpenVZ Web panel installation which can take up to 10 minutes'
echo 'This script is executed by backing up/replacing /etc/rc.local with a new file containing the installation script.'
echo 'Once complete, the original /etc/rc.local file is replaced'
echo ' - - - - - - - - - - - - - - - - - - - - - - '

echo '..... well.... that should do it.'
echo 'oh, and ur welcome...'

Related info:

Background on OpenVZ: http://en.wikipedia.org/wiki/OpenVZ

comments powered by Disqus

Latest Posts

DevOps: Lab environment for continuous learning

If you are a DevOps engineer, systems engineer or SRE, it’s invaluable to have a lab environment that gives you free space to explore, build, break, fix, break, refactor, rebuild… and rebuild any part of the infrastructure you wish to work on.

Read more
View All Posts