[owl-users] Re: Openwall and openvz?

From: GalaxyMaster (galaxy@private)
Date: Mon Jan 08 2007 - 12:32:16 PST


Zenny,

I'm CC'ing owl-users@ list since it's where Owl is usually discussed.

On Mon, Jan 08, 2007 at 07:29:22AM -0500, garbytrash@private wrote:

> I came to learn about openwall stuff from your posting. Thanks for
> sharing. OpenVZ works with 2.6 kernels whereas openwall2.0 only supports
> 2.4 kernels alone.

Good to know that my posting has attracted more people to our project :).

Although Owl currently supports only 2.4 it isn't hard to rebuild it
against 2.6 headers -- at least me (from Openwall team) is doing these
builds for our current branch.  However, it's known to work under OpenVZ
even without the recompilation process.

> Could you share how you accomplished the task and how did you create
> a openwall ostemplate for VEs?

If you want to start with a Owl-enabled VEs right away, you can prepare
a custom template yourself.  This is quite easy.  The rough plan is:

1. Download Owl and install in somewhere, say, /owl.

   a. download from ftp.ru.openwall.com/pub/Owl/2.0-stable (or from the
      any nearest mirror) the following files/directories:

        native.tar.gz - this file contains the build/install environment
        i386/RPMS - this directory contains the precompiled packages
                    (you need to place the RPMS directory at the same
                     level as native.tar.gz)

   b. extract files from native.tar.gz by executing

        tar xzf native.tar.gz

   c. prepare you build/install environment by executing

        make symlinks

   d. edit installworld.conf (you need to adjust HOME and ROOT)

   e. install Owl by running 'make installworld' as root.

2. Create a new VE using any already available template by executing

   vzctl create <VEID> ...

3. Replace the content of /vz/private/<VEID> with the content of /owl
   (I'm assuming that you installed Owl into /owl).

4. Remove /vz/private/<VEID>/etc/ssh/ssh_*_key* (these will be
   regenerated on the first startup).

5. Adjust /etc/inittab (you need to comment out all mingetty).

6. Adjust /etc/rc.d/init.d/syslog (you need to comment out the
   execution of klogd).

7. Add the following lines to /etc/rc.d/rc.local:

   #!/bin/sh
   /sbin/route add default venet0

8. Save the new template (note that the last full stop is included in
   the command line too):

   tar czSf /vz/template/cache/owl-2.0-stable.tar.gz --one-file-system -C /vz/private/<VEID> .

From now on, you have your own Owl template.  However, there are some issues
with this template:

* The klogd process isn't running so you won't get any kernel messages
  logging inside VEs (to solve this - a custom OpenVZ kernel is needed).

* There is a hack in /etc/rc.d/rc.local which adds the default route
  (to solve this you need to create a custom set of template scripts in
  /etc/vz/dist/scripts).  This is a minor issue and can be ignored.

All in all, I'll upload my templates to openvz.org eventually so you
might want to wait for a ready-to-use solution.  However, I'm quite busy
right now so I can't guarantee that I'll upload my templates in the
nearest time.

Hope this message will help you to configure your system the way you
want it. :)

-- 
(GM)



This archive was generated by hypermail 2.1.3 : Mon Jan 08 2007 - 12:32:53 PST