|
Message-ID: <20070108203215.GA1365@openwall.com> Date: Mon, 8 Jan 2007 23:32:16 +0300 From: "(GalaxyMaster)" <galaxy@....openwall.com> To: garbytrash@...il.com Cc: owl-users@...ts.openwall.com Subject: Re: Openwall and openvz? Zenny, I'm CC'ing owl-users@ list since it's where Owl is usually discussed. On Mon, Jan 08, 2007 at 07:29:22AM -0500, garbytrash@...il.com wrote: > I came to learn about openwall stuff from your posting. Thanks for > sharing. OpenVZ works with 2.6 kernels whereas openwall2.0 only supports > 2.4 kernels alone. Good to know that my posting has attracted more people to our project :). Although Owl currently supports only 2.4 it isn't hard to rebuild it against 2.6 headers -- at least me (from Openwall team) is doing these builds for our current branch. However, it's known to work under OpenVZ even without the recompilation process. > Could you share how you accomplished the task and how did you create > a openwall ostemplate for VEs? If you want to start with a Owl-enabled VEs right away, you can prepare a custom template yourself. This is quite easy. The rough plan is: 1. Download Owl and install in somewhere, say, /owl. a. download from ftp.ru.openwall.com/pub/Owl/2.0-stable (or from the any nearest mirror) the following files/directories: native.tar.gz - this file contains the build/install environment i386/RPMS - this directory contains the precompiled packages (you need to place the RPMS directory at the same level as native.tar.gz) b. extract files from native.tar.gz by executing tar xzf native.tar.gz c. prepare you build/install environment by executing make symlinks d. edit installworld.conf (you need to adjust HOME and ROOT) e. install Owl by running 'make installworld' as root. 2. Create a new VE using any already available template by executing vzctl create <VEID> ... 3. Replace the content of /vz/private/<VEID> with the content of /owl (I'm assuming that you installed Owl into /owl). 4. Remove /vz/private/<VEID>/etc/ssh/ssh_*_key* (these will be regenerated on the first startup). 5. Adjust /etc/inittab (you need to comment out all mingetty). 6. Adjust /etc/rc.d/init.d/syslog (you need to comment out the execution of klogd). 7. Add the following lines to /etc/rc.d/rc.local: #!/bin/sh /sbin/route add default venet0 8. Save the new template (note that the last full stop is included in the command line too): tar czSf /vz/template/cache/owl-2.0-stable.tar.gz --one-file-system -C /vz/private/<VEID> . >From now on, you have your own Owl template. However, there are some issues with this template: * The klogd process isn't running so you won't get any kernel messages logging inside VEs (to solve this - a custom OpenVZ kernel is needed). * There is a hack in /etc/rc.d/rc.local which adds the default route (to solve this you need to create a custom set of template scripts in /etc/vz/dist/scripts). This is a minor issue and can be ignored. All in all, I'll upload my templates to openvz.org eventually so you might want to wait for a ready-to-use solution. However, I'm quite busy right now so I can't guarantee that I'll upload my templates in the nearest time. Hope this message will help you to configure your system the way you want it. :) -- (GM)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.