New vzctl and dab, updated appliances

Discussion in 'Debian Appliance Builder' started by martin, May 10, 2011.

  1. martin

    martin Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    625
    Likes Received:
    294
    We just released a new vzctl package, supporting the immediate reboot of a container using vzeventd. (you need a current 2.6.18 or 2.6.32 kernel, 2.6.24 will NOT work).

    Additionally, we fixed some issue in dab (supports now dependency based init) and updated a lot of appliances based on latest Debian Squeeze. If you build your own appliances with dab, you should take a look on the example appliances.

    Release notes:

    - vzctl (3.0.26-1pve3)
    • vzeventd support
    • update to vzctl-3.0.26.3 release
    • remove stale cron scripts
    • fix /etc/init.d/vzeventd - do not fail on non-openvz kernels
    • change openvz startup priority from 20 to 21
    - pve-manager (1.8-17)
    • update appliance infos
    • disable chrooted environment (remove pvebash). That feature is not really used and is considered dangerous.
    - dab (1.1-14) - updates for dependency based init
    • include SUITE-updates for squeeze
    • use insserv instead of update-rc.d (for newer versions)
    - new and updated OS appliances
    • Debian 6 (i386 and amd64)
    • Ubuntu 10.04 and 11.04 (i386 and amd64)
    • Fedora 14 (i386 and amd64)
    • Centos 4 and 5 (i386 and amd64)
    - updated application templates
    • Request Tracker (with RTFM)
    • Joomla
    • SugarCRM
    • Drupal
    • Wordpress
    More info: http://pve.proxmox.com/wiki/Get_Virtual_Appliances
    Download: http://download.proxmox.com/appliances/
    __________________
    Best regards,
    Martin
     
  2. apmuthu

    apmuthu Member

    Joined:
    Feb 26, 2009
    Messages:
    744
    Likes Received:
    3
    View attachment pve-manager-restore-pvebash-1.8.17.zip
    Those who wish to retain chroot capability of /usr/bin/pvebash after upgrading to pve-manager v1.8.17 can do the following:

    In case the file /usr/bin/pvebash is missing, it can be created with the following contents:
    Code:
    #!/bin/sh
    
    export PS1="VM$1 $2:\\w\\\$ ";
    umask 022
    
    exec /usr/sbin/chroot /var/lib/vz/$2/$1 /bin/bash --norc
    exec /usr/sbin/chroot /var/lib/vz/$2/$1 /bin/sh --norc
    
    
    Line 1102 in s/usr/share/perl5/PVE/ConfigServer.pm
    Code:
    [FONT=Courier New][SIZE=2][COLOR=#0000ff]     $vzcmd = [  '/usr/sbin/vzctl', 'enter', $veid ];
    [/COLOR][/SIZE][/FONT]
    
    should be replaced with
    Code:
    [FONT=Courier New][SIZE=2][COLOR=#0000ff]     if ($status eq  'running') {
      $vzcmd = [ '/usr/sbin/vzctl', 'enter', $veid ];
         }  elsif ($status eq 'mounted') {
      $vzcmd = [ "/usr/bin/pvebash", $veid,  'root'];
         } else {
      $vzcmd = [ "/usr/bin/pvebash", $veid,  'private'];
         }
    [/COLOR][/SIZE][/FONT]
    
    This is a nice feature and in my opinion not a security risk - if anyone has control of the Proxmox Host they can pretty much do as they will with the OpenVZ containers anyway.

    This command has not been very well publicised and it can be used to chroot into a stopped or mounted container with:
    Code:
    /usr/bin/pvebash #VEID private
    and
    Code:
    /usr/bin/pvebash #VEID root
    respectively.

    No rc startup scripts will be run in these cases.
     
    #2 apmuthu, May 20, 2011
    Last edited: May 20, 2011
  3. apmuthu

    apmuthu Member

    Joined:
    Feb 26, 2009
    Messages:
    744
    Likes Received:
    3
    A new article in the Wiki shows off the working method for post OpenVZ VM creation script execution for first boot. insserv is the preferred method now although the file-rc method works as well rather than the old broken copying of files into the rc*.d folders method that Lenny containers revelled in earlier. This is especially applicable for Squeeze based containers.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice