This is a real pain to get working, but with some help from the IRC channel #vserver and help from Bertl, AlexanderS, and Guy I managed to get some guest system(s) up.
I'm testing this on a dual core HP Compaq dc7800. It's not very fancy, and I'm using a normal SATA drive for the base buster install, with Grub as a bootloader. No RAID or other fancy stuff.
Base system install.
Download the iso image for debian buster, amd64. I used 10.11. It's worth to know the Debian versions:
- Debian 11 ("Bullseye") - current stable.
- Debian 10 ("Buster") - old stable.
- Debian 9 ("Stretch") – oldoldstable, under LTS
- Debian 8 ("Jessie") – achived, under prolonged LTS
- Debian 7 ("Wheezy") – old stable
- Debian 6.0 ("Squeeze") – old stable
Buster seem to be the latest (as of writing this) with the Vserver packages available, so I started with this. You can check what version you have by
#cat /etc/debian_version
6.0.2
(shows Squeeze). After downloading the CD image, I used graphical installation, and the whole drive for / and swap (1GB swap). I did NOT install a debian desktop environment or print server (uncheck those options), but rather just set it up as a plain ssh server (check "SSH server" and "standard system utilities").
WARNING: A warning on selection of file system for the /vservers directory or partition: do not use XFS if you plan to use 32-bit guest systems, or specify "defaults,inode32" as parameters in fstab. See "Errors when starting a guest vserver".
After booting the server and logging in as root I did the following:
apt-get install mc
mcedit /etc/ssh/sshd_conf
(I kind of grew up with nc so I like to use mc/mcedit as well). Change (to your satisfaction):
PermitRootLogin yes
PubkeyAuthentication yes
(this is because I use putty to ssh to the host later on, and usually I log in as root or the admin user account). You have to restart the service with /etc/init.d/ssh restart.
To use an admin account you could do e.g
su
apt-get install sudo
echo "MyAdminAccount ALL = NOPASSWD: ALL">>/etc/sudoers
Then all you have to do, after logging in as "MyAdminAccount" is to do "sudo -s" to get a root shell.
We need some packages to get started:
apt-get update
apt-get upgrade
apt-get install -y gnupg2
apt-get install curl
apt-get install debootstrap
The new kernel image
Now to install the Benjamin Green' s stuff:
wget -q -O - http://repo.psand.net/pubkey.txt | apt-key add -
echo "deb http://repo.psand.net/ buster main" | tee /etc/apt/sources.list.d/kernel-psand.list
apt-get update
apt-get install linux-image-vserver-4.9-beng linux-headers-vserver-4.9-beng
apt-get install util-vserver util-vserver-build
Possibly the last line is not needed (see below). To edit/change what kernel to boot with:
mcedit /etc/default/grub
#GRUB_DEFAULT=0
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true
update-grub
Now reboot the system. When grub bootloader shows up, go in to the submenu "Advanced options for Debian GNU/Linux" and choose the "Debian GNU/Linux, with Linux 4.9.227-vs2.3.9.12-beng" kernel with Vserver support. The above grub config changes will cause your selection to be saved, so next time you reboot it will automatically use your last selection and boot this kernel again.
When at the prompt again, you should be able to check the kernel with uname:
# uname -a
Linux j2dc7800 4.9.227-vs2.3.9.12-beng #1 SMP Thu Sep 3 11:55:45 BST 2020 x86_64 GNU/Linux
Fixing what doesn't work out of the box
The default installation did not work for me. After building and starting a guest, the host's /proc (and /sys and /dev) would get unmounted which of course caused all kind of trouble. If this happen to you, you can always get /proc back (until you have permanently fixed the problem) by "mount -t proc none /proc".
After much fiddling and testing I used AlexanderS' solution to "downgrade" util-vserver (it's not really downgraded but replaced). Alternatively, you can remove systemd from the host, see http://linux-vserver.org/Installation_on_Debian#Jessie : "Systemd must also be removed from hosts. With it present the host will lose it's /proc /sys and /dev on host starts or stops.". The link is broken but more information can be found here and here. It might mess up grub so I did not do this.
To "downgrade" (not really) util-vserver:
cd /root
mkdir AlexS
cd AlexS/
wget http://repo.psand.net/util-vserver_AlexanderS/libvserver0_0.30.216-pre3126-1_amd64.deb
wget http://repo.psand.net/util-vserver_AlexanderS/util-vserver-core_0.30.216-pre3126-1_amd64.deb
wget http://repo.psand.net/util-vserver_AlexanderS/util-vserver-build_0.30.216-pre3126-1_amd64.deb
wget http://repo.psand.net/util-vserver_AlexanderS/util-vserver_0.30.216-pre3126-1_amd64.deb
dpkg --install *.deb
You also have to patch /usr/share/util-vserver/vserver.functions. Change the for loop (around line 327):
#for i in /etc/init.d/rc /etc/rc.d/rc; do
for i in /etc/init.d/rc /etc/rc.d/rc /lib/init/rc /usr/lib/init/rc; do
SSHd
You probably have sshd running at the host. You will need to edit the configuration so that sshd, for the host, only listen to port 22 (or whatever) on its own ip.
Edit /etc/ssh/sshd_config of the host and change:
Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress ::
...to something like:
Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to ListenAddress your.hosts.ip.here # not the guests IP!
Otherwise, if you install sshd on a guest system, you'll end up at the host even if you ssh to the guest from an external computer. This could be very confusing.
Like calling your wife and your mother-in-law answers.
See Linux Vserver FAq "8.2 When I try to ssh to the guest, I log into the host, even if I installed sshd on the guest. What's wrong here?".
Versions
To see what versions (and other things of interest) you have, you can issue the command vserver-info. With the installation above, I get
Kernel: 4.9.227-vs2.3.9.12-beng
util-vserver: 0.30.216-pre3126; Feb 24 2016, 18:09:28
The util-vserver shipped with Buster is (as of writing this, 2021-11-02):
util-vserver: 0.30.216-pre3120-1.4+b11
so it doesn't look like we're behind the distribution, though if we look at the github repo it was last updated on 14 Jan 2018. If you want a later util-vserver you'll have to recompile it from the repo, but I don't know what state the systemd support is in so I'm not going to do that. I couldn't find a really good date on Benjamin Green's kernel, but the repository packages file has a date from 18-Aug 2021 so it feels quite recent.
To avoid possible difficulties with apt-get upgrade of util-vserver, you could put relevant packages on hold. Otherwise they might be upgraded and you'll end up with the broken system (possibly with /proc unmounted, see Errors when starting a guest vserver).
To set util-vservers on hold:
apt-mark hold libvserver0
apt-mark hold util-vserver
apt-mark hold util-vserver-build
apt-mark hold util-vserver-core
To see what's on hold:
root@somewhere:/#
apt-mark showhold
libvserver0
util-vserver
util-vserver-build
util-vserver-core
Creating a guest
Now we should be able to build a guest. I used the following (edit e.g the ip and name "buildbuster642" as you se fit):
vserver buildbuster642 build -n buildbuster642 -m debootstrap --i-know-its-there --context 2000\
--hostname buildbuster642.my.domain --interface enp0s25:192.168.10.9/24 -- -d buster --\
--arch=amd64 --exclude=systemd-sysv,systemd,libsystemd0 --include=cron,sysvinit-core,sysvinit-utils
Beware: the network interface on this machine is called "enp0s25:" and not "eth0:". I used the name "buildbuster642" here.
Starting the guest system on the host
Before starting the guest we need to start a service:
/etc/init.d/vprocunhide restart
Then, finally:
# vserver buildbuster642 start
Using makefile-style concurrent boot in runlevel 3.
Starting enhanced syslogd: rsyslogd.
Starting periodic command scheduler: cron.
# vserver-stat
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
2000 5 225.9M 0 0m00s00 0m00s00 4m37s97 buildbuster642
Warning: If you forgot to change vserver-util to AlexanderS version, you will see some error(s) that will need some recovery fixing. See Errors when starting a guest vserver.
If you didn't see this error you can continue, and we can now enter the guest with:
# vserver buildbuster642 enter
root@buildbuster642:/# ps
PID TTY TIME CMD
13554 pts/0 00:00:00 vcontext
13590 pts/0 00:00:00 bash
13593 pts/0 00:00:00 ps
Adjusting the start-up scripts on the guest
Stopping the guest is a different matter (and sometimes starting). It will try to do all kind of poking around on the hardware, which it can't and thus complain a lot. To reduce the amount of complaining/weird messages, you can edit/remove things from /etc/rc0.d, /etc/rc1.d ... etc. What I got was:
[FAIL] udev requires a mounted sysfs, not started ... failed!
failed!
[info] Saving the system clock.
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --verbose option to see the details of our search for an access method.
[....] Unmounting temporary filesystems...umount: /tmp: must be superuser to unmount.
failed.
[....] Deactivating swap...swapoff: Not superuser.
failed.
mount: /: permission denied.
[info] Will now restart.
ifdown: shutdown enp0s25: Operation not permitted
[FAIL] startpar: service(s) returned failure: udev .../usr/share/util-vserver/vserver.stop: line 100: 13112 Killed "${IONICE_CMD[@]}" "${NICE_CMD[@]}" "${NETNS_CMD[@]}" "${CHBIND_CMD[@]}" "$_VSPACE" --enter "$S_CONTEXT" "${OPTS_VSPACE[@]}" "${OPTS_VSPACE_SHARED[@]}" -- "$_VTAG" --migrate "${OPTS_VTAG_ENTER[@]}" --silent -- $_VCONTEXT $SILENT_OPT --migrate $OPT_VCONTEXT_CHROOT --xid "$S_CONTEXT" -- "${INITCMD_STOP[@]}"
What I did was to remove the following on the guest:
from /etc/rc0.d:
K01brightness K01udev K03hwclock.sh K03umountnfs.sh K04networking K05umountfs K06umountroot K07halt
from /etc/rc6.d:
K01brightness K01udev K03hwclock.sh K03umountnfs.sh K04networking K05umountfs K06umountroot K07reboot
from /etc/rcS:
S01mountkernfs.sh S03mountdevsubfs.sh S05checkroot.sh S07checkroot-bootclean.sh S08mountall.sh
S10brightness S11networking S13mountnfs-bootclean.sh S02udev S04hwclock.sh S06checkfs.sh
S07kmod S09mountall-bootclean.sh S10procps S12mountnfs.sh S14bootmisc.sh
Start up and shut down of the guest then worked as expected.
Starting a guest server at boot
If the host server is rebooted we normally want the guest(s) to also start up. To do so, we first need to verify that vprocunhide and util-vserver is in the host's start up scripts:
ls /etc/rc*.d/ | grep util
ls /etc/rc*.d/ | grep vproc
Then mark the server you want to start at boot (e.g "buildbuster642"):
echo "default" > /etc/vservers/buildbuster642/apps/init/mark
Too small /tmp
On a Buster guest, the /tmp is (as it should) mounted as tmpfs which is a ram disk. Boot persistent tmp files should be in /var/tmp. Anyway, the /tmp is by default restricted to 16M. If you want to remove the limit, do e.g this before starting the guest:
# Remove restriction on tmp
sed -i "s/size=16m,//g" /etc/vservers/$XNAME/fstab
$XNAME is here the name of the guest (e.g "buildbuster642").
See also
http://linux-vserver.org/Installation_on_Debian#Buster
Errors when starting a guest vserver