Thursday, March 1, 2012

Create a Virtual Training Server Create a Virtual Training Server


The purpose of a Training Server is to provide you with a learning device that will allow you to practice skills that you must master for  Server Administration.   A virtual server using VMWare Player and using a config file to create your own uniquely designed Training Server is a great way to learn skills.  This is a fast an Free option that you can use on Linux and Windows hosts.  This tutorial will show you how to perform a VMWare installation so that you may learn these skills on a practice server before you are working on a production server.
Download the  Server CD of the Distro You Want
You will use the CD to create a virtual machine that you can use for practice. Place the burned .iso into your CDROM.  You also have the option to just use the .iso file that you downloaded.
Download the VMWare Player: Either Linux or Windows
The VMWare player is free and will allow you to create virtual machines to work on.
http://www.vmware.com/products/player/
You may choose to install the player on a Linux box or on a Windows box.  Follow the site instructions for the installation.
Create a VMX File to Create Your Virtual Machine
The site, easyvmx.com provides a way for you to configure a file that you can use to build your server.  The most important key is that you create two virtual drives so that you have options to create partitions that you may place RAID and LVM on.
Here is a quote from the site:
” EasyVMX! is the simple and failsafe way to create complete virtual machines for VMware Player on the web.You can install any Windows, Linux, BSD or Solaris, and test LiveCDs in a safe environment.”
Choose the Option for EasyVMX, the first option as it will allow you to create multiple virtual drives which will be valuable for training. The first option allows you to create a name for your virtual machine. For the GuestOS select the Generic Linux 2.6.x and use with with any Linux distro and all works fine. Be sure to select multiple CPUs only if you have them as it will not work except with your real number of CPUs.   Be generous with RAM if you have it, here the example is 512 which will work fine.
vmx11
vmx0
Enter a description of your virtual machine. The Network options allow you to use multiple network cards as well if you are going to use NAT, Network Address Translation, bridged or just one host. NAT provides a way of hiding the network of your connection and works easily. If you used bridged you will have to ensure that you have an IP Address for the network the host is on. Use the Intel network card as it has worked flawlessly.
vmx3
If you have a floppy you can have it detect the floppy. You certainly want to set up the CDROM as you will need it to install the OS. Auto Detect works great but you may find that it will work best with selecting the actual CD/DVD that you will boot from. Also select the .iso, that way you do not need to burn the CD for it to work.
vmx4
Select two hard drives so that you have the option to create drive space like you want. There are many different sizes which provide larger images. Make them SCSI drives by selecting that option.
If you enable the USB you will be able to transfer files to the virtual machine using a usb flash drive.
vmx5
Click Create Virtual Machine and you will be able to download a small text file. The text file is a zipped file and you will have to right click and unzip it. Extract it in a location that you want the virtual machine to be in. Extract and select view all files.  You of course can also build this on a Linux host with VMWare Player.
vmx6
When it is done you can dig into the directory created and you will see a number of files available. Once you have VMWare Player installed you can double click on the *.vmx file and it will start.
vmx7
Please note: When it starts it will look for either an .iso burned into a CD/DVD or a .iso file so that you can create your own training server.
Build Your Virtual Server
Once you have your virtual machine starting the install follow the process just like a normal install until you get to the drives. You must leave one drive unpartitioned and unused. This will be the drive you can use to practice on while not doing damage to the main installation. When you get to hard drive partitioning choose Manual.

Open VPN


Installing OpenVPN

For the most part, the how-to documentation on the OpenVPN website it quite good, and easy to follow.  However, there are a few “gotcha’s” that the documentation doesn’t make clear.  Some of these “gotcha’s” involve errors on the part of the package maintainers or developers.  Some involve things that you need to do, but that the documentation doesn’t even mention.
In this document, we’ll endeavor to make things a bit more clear, and save you from suffering the “trial-and-error” method of  setting up a simple VPN.
Preparation
You can install OpenVPN on a variety of operating systems.  (For our demo, we’ll be using CentOS 5.)   For our present purpose, we’ll assume that all applications and data that clients need to reach are on the OpenVPN server itself, and that clients don’t need to reach any other subnets that are on the other side of the server.  We’ll also assume that all clients are to use the same OpenVPN configuration.
If you’re using Red Hat Enterprise Linux or one of its derivatives as the OpenVPN server–this would include CentOS 5, Startcom 5, and perhaps a few others—you won’t find OpenVPN in the distro’s repositories.  But, it is in a few different third-party repositories.  The best one to use is RPMForge.  To install RPMForge to your Yum repository list, run one of the following commands:
For systems running a 32-bit version of RHEL 4 or one of its derivatives:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
For systems running a 64-bit version of RHEL 4 or one of its derivatives:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.x86_64.rpm
For systems running a 32-bit version of RHEL 5 or one of its derivatives:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
For systems running a 32-bit version of RHEL 5 or one of its derivatives:
rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
Note that you can copy and paste these commands from this document to the command-line of your terminal window.  Also, you would want to install this on any RHEL-style Linux machines that you may be using as clients.
If your Linux machines are running either Debian or Ubuntu, you will find OpenVPN in the normal distro repositories.  Just use apt-get or your favorite package manager to install it, the same as you would with any other package.  Other than that, installation and configuration will be the same as what we’re about to present in the following steps.
Installation
(Note that this portion of the procedure is the same for both OpenVPN servers and OpenVPN clients that are running on Linux.)
Once the repository configuration is done, you can open Yum Extender, search for “openvpn”, and install it as you would any other package.
Alternatively, you can open a command-line window, and enter:
su – root
yum install openvpn
This is actually the recommended option, since Yum Extender is so notoriously slow.
When installation is complete, open a terminal window and enter “su – root”.  (If you used the command-line installation option, just keep the window open, and remain logged in as root.)
By default, OpenVPN installs to the “/usr/sbin” directory.  So, in order to manually start it from a command-line, the user will either have to be placed in the “sudoer” list, or will have to log into a command-line terminal as root.
After the initial installation, the “/etc/openvpn” directory will be empty.  You’ll need to copy the appropriate files to it.
Server specific
First, cd to the “/usr/share/doc/openvpn-2.0.9/sample-config-files” directory.  Copy the following files to the “/etc/openvpn” directory:
firewall.sh
openvpn-shutdown.sh
openvpn-startup.sh
server.conf
Note that the three shell script files don’t have executable permissions set.  Use the chmod utility to set the executable bit for “all”.
chmod a+x firewall.sh
chmod a+x openvpn-shutdown.sh
chmod a+x openvpn-startup.sh
You’ll also need to change the names of the two “openvpn” scripts to get rid of the “.sh” suffix.  (That’s because these two scripts are referenced incorrectly in the openvpn init script.)  Do this with the following two commands:
mv openvpn-startup.sh openvpn-startup
mv openvpn-shutdown.sh openvpn-shutdown
Next, cd to the “/usr/share/doc/openvpn-2.0.9/easy-rsa/2.0” directory.  Open the “Makefile” file for editing.  Set the “DESTDIR” parameter to the following:
DESTDIR=/etc/openvpn
Leave the “PREFIX” parameter blank.
Save the file and exit the text editor.  Now, issue the command:
make install
This will copy the files to the “etc/openvpn” directory, and set the executable permission on all but one of the shell-script files.  (We’ll fix the one that got missed in the next step.)
Next, cd to the “/etc/openvpn” directory, and open the “vars” file for editing.  At the very bottom of the file, set the appropriate values for “export KEY_COUNTRY=”, “export KEY_PROVINCE=”, “export KEY_CITY=”, “export KEY_ORG=”, and “export KEY_EMAIL=”.  Save the file and exit the text editor.  Use chmod to manually add the executable permissions to the “vars” file.
chmod a+x vars
While still within the “/etc/openvpn” directory, use the “easy-rsa” scripts to create security keys and certificates.  To prepare for building the key sets, issue the following commands:
./vars
./clean-all
./build-ca
Note:  When you attempt to run the “clean-all” script, you may receive a message about having to source the vars file, first.  If you do, just run the command:
source vars
Re-run the “clean-all” script, and continue on to the next step.
To build the appropriate key set for the OpenVPN server, issue the command:
./build-key-server server
When asked to make choices, just hit the “Enter” key to choose the default values.
For each client that will connect to this server, you’ll need to create a set of keys and certificates, each named after the client that will use them.  For example, if you have three clients, issue the commands:
./build-key client1
./build-key client2
./build-key client3
(Optionally, you can substitute the “build-key-pass” script if you desire to password-protect the client keys.)
When asked to make choices, just hit the “Enter” key to accept the default value.
Generate the Diffie-Hellman keys by entering:
./build-dh
Finally, cd to the “/etc/openvpn/keys” directory, and copy all of the files back to “/etc/openvpn”.  (You don’t want to have your working keys in the “keys” directory, because you’ll wipe them out the next time you use the “clean-all” utility.)
cp * ../
Configure the server by editing the “server.conf” file.  Find the line that says:
server 10.8.0.0 255.255.255.0
and change it to the network address and subnet mask that you desire to use.  For our example, we’ll initially have one-hundred clients connecting to the server, but we also want scalability in case we add more clients later.  So, we’ll use the “10.1.1.0” network with a 25-bit subnet mask.  For that, we’ll change this line to:
server 10.1.1.0  255.255.255.128
This will allow for 125 clients, since the server will automatically assign the “10.1.1.1” address to itself.
Scroll down to the stanza that begins with the line, “# Select a cryptographic cipher.”  Choose which cryptographic method you desire to use by uncommenting the appropriate line.  Later, when you setup the clients, you’ll make this parameter of their configuration files match what you’ve set for the server.  (Note that “Blowfish” is the default choice, so you won’t need to uncomment anything if you want to use it.)  Save this file, and open the “firewall.sh” file for editing.
Near the top of the file, you’ll see the line that reads:
PRIVATE=10.0.0.0/24
Change this line to the address of the private network that you desire to use.  (This must match what you used in the server.conf file.)  For our example, we’ll change this to:
PRIVATE=10.1.1.0/25
Important:  Even though the “firewall.sh” script makes reference to interfaces “eth0” and “eth1”, that doesn’t mean that you need two active, physical NIC’s in your server.  In this case, “eth1” refers to the virtual interface that will be created when you start the OpenVPN program.  In fact, if you have installed a second NIC, and you accidentally assign it the address that you want to use for the OpenVPN private network, then your clients won’t be able to connect properly.
Note:  If you’re using something other than eth0 as the physical NIC for the VPN, then you’ll need to edit the firewall.sh file, changing all of the “eth0”’s accordingly.  You’ll also need to change all of the “eth1”’s to “eth0”.  (Even if “eth0” is in use as another NIC, that fine, since all we’re doing here is creating a virtual NIC.
Save the file and open the “openvpn-startup” file for editing.  At the bottom of the file, find the lines:
openvpn –cd $dir –daemon –config vpn1.conf
openvpn –cd $dir –daemon –config vpn2.conf
openvpn –cd $dir –daemon –config vpn2.conf
Comment out all three of these lines:
# openvpn –cd $dir –daemon –config vpn1.conf
# openvpn –cd $dir –daemon –config vpn2.conf
# openvpn –cd $dir –daemon –config vpn2.conf
Save the file and exit the text editor.
To manually start the program, you’ll either need to use “sudo” and have the appropriate sudo privileges, or you’ll need to “su” to a root login, and enter one of the following commands:
sudo /sbin/service openvpn start
or, if logged in as root:
service openvpn start
On a Debian or Ubuntu-type system, you would enter one of the following commands:
sudo /etc/init.d/openvpn start
or, if logged in as root,
/etc/init.d/openvpn start
When you initially install OpenVPN, you’ll also install an init script into the “/etc/init.d” directory, and links to it will be installed into the appropriate run-level directories.  This will cause OpenVPN to automatically start whenever you boot the server.
Now that that’s done, you’ll want to configure the clients.

Configuring Linux Clients

First, copy the appropriate key sets from the server to the “/etc/openvpn” directory on each of the clients.  If the client machines aren’t locally available, then make the transfers via a secure means, such as SFTP.  For example, for client 1 copy the following files:
client1.crt
client1.key
ca.crt
Note:  The same “ca.crt” file gets copied to each client.  Be sure that you don’t copy the “ca.key” file to any clients, or else server security will be compromised.
On each client, copy the “client.conf” file from the “/usr/share/doc/openvpn-2.0.9/sample-config-files/” directory to the “/etc/openvpn” directory.  Open the file for editing.  Scroll down until you find the line:
remote my-server-1 1194
Change the “my-server-1” part to the actual IP address of your OpenVPN server.  For example, if the IP address of your server’s eth0 interface is 216.33.19.3, then the line will become:
remote 216.33.19.3 1194
Next, scroll down until you find the lines:
ca ca.crt
cert client.crt
key client.key
Change these lines to match the client-key files that you transferred from the server.  For client 1, these would become:
ca ca.crt
cert client1.crt
key client1.key
Uncomment the line,
;ns-cert-type server
by removing the preceding semi-colon.
Uncomment the
;cipher x
line, and change the “x” to match the cryptographic method that you set up in the server configuration.  For example, if you chose the “Blowfish” method in the server configuration, then change this line to:
cipher BF-CBC
Save the file and exit the text editor.  To test, start up OpenVPN on the server, and then start OpenVPN on the client.
Note:  Even on the clients, manually starting OpenVPN from the command-line requires root privileges.  So, for testing, you will either have to have the appropriate settings made so that you can use “sudo”, or you’ll have to have the root password for the respective client machines.
The command to start the client is:
cd /etc/openvpn
openvpn client.conf
On the client, open a second command-line terminal window, and ping the private address of the OpenVPN server.  In our example, the command would be “ping 10.1.1.1”.  If the ping is successful, you’ve achieved coolness.  If it isn’t, you may have to reconfigure the client’s firewall to allow proper connectivity.
As on the server, you’ll find that init script have been installed in the appropriate run-level directories.  So, OpenVPN will start automatically, and will automatically connect to the OpenVPN server, whenever you reboot the computer.

Configuring Windows Clients with OpenVPN

To install OpenVPN on a Windows client, you’ll need to download the program installation file from:
http://openvpn.net/download.html
When the download completes, just double-click on the file icon to begin installation.  (Accept all defaults.)
When installation completes, you should see a network connection icon with a red “x” over it in the system tray.  Don’t let that bother you.  It’ll go away when you make a connection to the server.
Transfer the appropriate key set files from the server to the “C:\Program Files\OpenVPN\bin” directory.  For example, if the Windows client is “client5”, then it will need the following files from the server:
client5.crt
client5.key
ca.crt
Note that each client will use the same “ca.crt” file.  Also, be sure not to transfer the “ca.key” file to any of the clients, or else server security will be compromised.
If you don’t have local access to the client machines, you can have the users use a Windows-type SFTP program to download the files from the server.  (For example, they can use Putty, Cygwin, or Filezilla, all of which are free downloads.)
Next, cd to the “C:\Program Files\OpenVPN\sample-config” directory, and copy the “client.ovpn” file to the “C:\Program Files\OpenVPN\bin” directory.  Open the copy in the “bin” directory for editing.  Scroll down until you find the line:
remote my-server-1 1194
Change the “my-server-1” part to the actual IP address of your OpenVPN server.  For example, if the IP address of your server’s eth0 interface is 216.33.19.3, then the line will become:
remote 216.33.19.3 1194
Of course, you may have reason to use another port besides the default port 1194, and to use TCP instead of the default UDP.  On the next page, you’ll see that we’ve chosen to resolve a problem with getting through a corporate firewall by using TCP on port 80.
Note:  If you have a choice, you’ll most always want to go with the default UDP.  TCP involves more overhead, and may slightly affect your VPN’s performance.
Next, scroll down until you find the lines:
ca ca.crt
cert client.crt
key client.key
Change these lines to match the client-key files that you transferred from the server.  For client 5, these would become:
ca ca.crt
cert client5.crt
key client5.key
Uncomment the line,
;ns-cert-type server
by removing the preceding semi-colon.
Uncomment the
;cipher x
line, and change the “x” to match the cryptographic method that you set up in the server configuration.  For example, if you chose the “Blowfish” method in the server configuration, then change this line to:
cipher BF-CBC
Save the file and exit the text editor.  To test, start up OpenVPN on the server, and then start OpenVPN on the client.
The command to start the client is:
cd C:\”Program Files”\OpenVPN\bin
openvpn client.ovpn
On the client, open a second command-line window, and ping the private address of the OpenVPN server.  In our example, the command would be “ping 10.1.1.1”.  If the ping is successful, you’ve achieved coolness.  If it isn’t, you may have to reconfigure the client’s firewall to allow proper connectivity.
For ease-of-use, open Notepad and create a batch file with the preceding two commands.  Save it on the desktop as “OpenVPN.bat”.  You’ll then be able to invoke OpenVPN by double-clicking on the icon.
In Summary
Once you’ve connected a client to the OpenVPN server, you’ll be able to securely access the server with your normal applications by using the server’s private IP address.  So, in our example, whether we’re accessing the server via Telnet, FTP, http, or perhaps even Teamspeak, we would use “10.1.1.1” as the server address.  Yeah, it seems strange to use a private IP address to access something from across the Internet, but with Virtual Private Networks, that’s just the way it works.

Virtualization Tutorials

Installing an OpenVZ Server


“OpenVZ is container-based virtualization for Linux. OpenVZ creates multiple secure, isolated containers (otherwise known as VEs or VPSs) on a single physical server enabling better server utilization and ensuring that applications do not conflict. Each container performs and executes exactly like a stand-alone server; a container can be rebooted independently and have root access, users, IP addresses, memory, processes, files, applications, system libraries and configuration files”


Download the config file for OpenVZ repo or copy and create a file called openvz.repo in the /etc/yum.repos.d directory.
http://download.openvz.org/openvz.repo
[openvz-utils]
name=OpenVZ utilities
#baseurl=http://download.openvz.org/current/
mirrorlist=http://download.openvz.org/mirrors-current
enabled=1
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
# In addition to openvz-utils repo, you have to enable one the the
# kernel repositories below. In the stock config, openvz-kernel-rhel5
# is enabled; you might want to change this.
[openvz-kernel-2.6.27]
name=OpenVZ 2.6.27 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.27/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.27
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.26]
name=OpenVZ 2.6.26 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.26/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.26
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.24]
name=OpenVZ 2.6.24 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.24/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.24
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.22]
name=OpenVZ 2.6.22 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.22/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.22
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.20]
name=OpenVZ 2.6.20 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.20/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.20
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-rhel5]
name=OpenVZ RHEL5-based kernel
#baseurl=http://download.openvz.org/kernel/branches/rhel5-2.6.18/current/
mirrorlist=http://download.openvz.org/kernel/mirrors-rhel5-2.6.18
enabled=1
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.18]
name=OpenVZ 2.6.18 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.18/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.18
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.16]
name=OpenVZ 2.6.16 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.16/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.16
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-rhel4]
name=OpenVZ RHEL4-based kernel
#baseurl=http://download.openvz.org/kernel/branches/rhel4-2.6.9/current/
mirrorlist=http://download.openvz.org/kernel/mirrors-rhel4-2.6.9
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
[openvz-kernel-2.6.8]
name=OpenVZ 2.6.8 kernel
#baseurl=http://download.openvz.org/kernel/branches/2.6.8/current
mirrorlist=http://download.openvz.org/kernel/mirrors-2.6.8
enabled=0
gpgcheck=1
gpgkey=http://download.openvz.org/RPM-GPG-Key-OpenVZ
Install OpenVZ
# yum install ovzkernel vzctl
Create a Partition Called /vz
Create a partition called /vz and enter the settings in the /etc/fstab.
Move Templates into the  /vz/template/cache/ directory.
The templates you will be using need to be moved into the template directory before you are able to build a VPS.  These pre-created templates are available from the OpenVZ site.
cp centos-5-i386-default.tar.gz /vz/template/cache/
Disable SELinux
In order to set up the hardware node it is important to either not enable SELinux at installation or disable it after installation.  You can disable SELinux after installation by editing the /etc/sysconfig/selinux file.  Here is the file contents listed below, not that SELinux has been disabled by change the work “enforcing” to “disabled”.  You must restart the machine.
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing – SELinux security policy is enforced.
#       permissive – SELinux prints warnings instead of enforcing.
#       disabled – SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted – Only targeted network daemons are protected.
#       strict – Full SELinux protection.
SELINUXTYPE=targeted
Edit /etc/sysctl.conf
In order for networking to work for the virtual servers that you create, you will need to enable packet forwarding as the hardware node must forward all packets to the virtual servers.   Edit the /etc/sysctl.conf file on the host.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
or
Another option to turn on packet forwarding is to change the active config in the /proc directory.  This will setting wold have to be repeated when you boot the hardware node.
# echo 1 > /proc/sys/net/ipv4/ip_forward
Once this is complete reboot your system and it will boot to the OpenVZ Kernel.  You can test if it installed correctly by using this command:
vzlist -a

Create a Virtual Server with OpenVZ

Create a Virtual Server 
Once you have OpenVZ installed you will be able to begin the process of installing individual containers.
Using the vzctl command you will be able to create a virtual server in less than 5 minutes.  One of the steps that must be completed before you begin is to move the template you will use into the /vz/template/cache.
The first command uses a template and sets the configuration as a vps.basic.  The 26 is a identifier for the vps.  It makes sense to use the last octet of the IP Address for this identifier.  Thus this is used for 192.168.4.26.  In the example the centos template is used.
# vzctl create 26 – -ostemplate centos-5 –config vps.basic
Creating VE private area (centos-5-i386-default)
Performing postcreate actions
VE private area was created
This setting provides for the VE to start on boot.  This is probably what you want.  However, the default is not to start a VE on boot so if you do not use this setting it will remain off.
vzctl set 26 – -onboot yes –save
vzctl set 26 – -hostname admin26–save
vzctl set 26 – -ipadd 192.168.4.26 –save
vzctl set 26 – -nameserver 12.32.34.32 –save
# vzctl start 26
Starting VE …
VE is mounted
Adding IP address(es): 192.168.4.26
Setting CPU units: 1000
Set hostname: admin26
File resolv.conf was modified
VE start in progress…
vzctl set 26 – -userpasswd root:bcrY67LD3 –save
Changing password for user root.
passwd: all authentication tokens updated successfully.
Saved parameters for VE 26
Now use vzlist to show which virtual servers are running.
vzlist -a
VEID      NPROC STATUS  IP_ADDR         HOSTNAME
26         16 running 192.168.4.26    admin26

Cloning a Virtual Server with OpenVZ

There may be many reasons for cloning a VPS.  It could be to backup a server or it could be to have a template that makes it easy to create a new server.
Cloning a VPS to Create a New Server
A common goal would be to have a server set up exactly like you want and then clone it in less than five minutes have a new one running that is the same.  The best way to do this is to create a VPS and configure it exactly like you need.  That means you must install all of the necessary programs and modify them so they are working like you want.  Set up the security and networking as well.  Once you have a running VPS, then make sure it is turned off to clone it.
In this example, a VPS 26 is cloned to create 27.  The data that you will create for a VPS is located in the /vz/private/ directory.  Be sure to use the switch -a when you use cp as it is important in getting the permissions right.  The -a options maintains all of the archival attributes which is very important.
cp -a /vz/private/26 /vz/private/27
Next you need to copy the configuration for the VPS so that all of the settings are available.  The configuration files are found in /etc/vz/conf.  Once you have copied the configuration file over you will need to edit two lines:
HOSTNAME=”admin26″
IP_ADDRESS=”192.168.4.26″
These two lines are important to set up the correct IP Address and the hostname to distinguish the virtual servers.
cp /etc/vz/conf/26.conf /etc/vz/conf/27.conf
#  Copyright (C) 2000-2007 SWsoft. All rights reserved.
#
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
ONBOOT=”yes”
# UBC parameters (in form of barrier:limit)
# Primary parameters
AVNUMPROC=”40:40″
NUMPROC=”65:65″
NUMTCPSOCK=”80:80″
NUMOTHERSOCK=”80:80″
VMGUARPAGES=”6144:2147483647″
# Secondary parameters
KMEMSIZE=”2752512:2936012″
TCPSNDBUF=”319488:524288″
TCPRCVBUF=”319488:524288″
OTHERSOCKBUF=”132096:336896″
DGRAMRCVBUF=”132096:132096″
OOMGUARPAGES=”6144:2147483647″
# Auxiliary parameters
LOCKEDPAGES=”32:32″
SHMPAGES=”8192:8192″
PRIVVMPAGES=”49152:53575″
NUMFILE=”2048:2048″
NUMFLOCK=”100:110″
NUMPTY=”16:16″
NUMSIGINFO=”256:256″
DCACHESIZE=”1048576:1097728″
PHYSPAGES=”0:2147483647″
NUMIPTENT=”128:128″
# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE=”1048576:1153434″
DISKINODES=”200000:220000″
QUOTATIME=”0″
# CPU fair sheduler parameter
CPUUNITS=”1000″
VE_ROOT=”/vz/root/$VEID”
VE_PRIVATE=”/vz/private/$VEID”
OSTEMPLATE=”centos-4-i386-default”
ORIGIN_SAMPLE=”vps.basic”
HOSTNAME=”admin26″
IP_ADDRESS=”192.168.4.26″
NAMESERVER=”12.32.34.32″
Once this is complete and you have saved it you may start the VPS.