VPS are linux containers, i.e. there is only one kernel running on every node, which is shared between all VPS. In case you need your own kernel or if you'd like to use a different operating system, you can create your own virtual machines inside the VPS using QEMU/KVM.
Go to the details of your VPS in vpsAdmin and turn on the following features:
Virtual machines can be managed using libvirt with virt-manager.
If you want to use a connected dataset export from a NAS server in to QEMU/KVM, for example to mount an ISO image of a CD for system boot, and you get this error message “Failed to lock byte 100: No locks available”, the given export must be mounted on the host system with the flag “ nolock”.
For example, if you use fstab to mount to the system:
562.586.65.25:/nas/4562 /mnt/export4562 nfs vers=3,nofail 0 0
You will now use the mount command as follows:
562.586.65.25:/nas/4562 /mnt/export4562 nfs vers=3,nofail,nolock 0 0
(562.586.65.25 > Address of your NFS server; 4562 > number of your dataset on NFS server)
Install the required packages (ip6tables is optional):
apk update apk add qemu-system-x86_64 qemu-openrc qemu-img bridge iptables ip6tables
Configure the bridge for Qemu/KVM virtual machines – create the /etc/network/interfaces.tail file (of course, you can choose any IP address from your private range):
auto br0
iface br0 inet static
pre-up brctl addbr br0
address 172.17.1.1
netmask 255.255.255.0
post-down brctl delbr br0
Since OpenVZ rewrites the /etc/network/interfaces file rather clumsily (this is also why we add the configuration of the bridge to interfaces.tail), it is safest to restart the container at this point.
Give the user in the qemu group permissions to manage the newly-created bridge:
echo "allow br0" > /etc/qemu/bridge.conf chown root:qemu /etc/qemu/bridge.conf chmod 0640 /etc/qemu/bridge.conf
Configure the IP masquerade so that the Qemu/KVM virtual machines have access to the public Internet.
If you have configured iptables, all you need to add is this rule:
iptables -t nat -A POSTROUTING -s 172.17.1.0/24 ! -o br0 -j MASQUERADE
If not, you can follow our paragraph on configuring iptables.
This manual presupposes that you will be using qemu-openrc – an OpenRC init script used to start Qemu/KVM. Of course, if you’re on Alpine, you can use libvirt as well, but do you really want and need its clumsy XML configuration files and/or the click interface above it…? ;) Qemu-openrc is a much simpler and more transparent solution. Each virtual machine is represented by an init script. Just like with other programs, you can declare dependencies between virtual machines, etc.
Creating a new virtual machine consists only of preparing an image disk, creating a symlink for the init script and modifying a simple configuration script. Let’s say that the new virtual machine is called “myvirt.”
Prepare a raw image for myvirt with the required size:
mkdir -p /var/lib/qemu/myvirt/ qemu-img create -f raw /var/lib/qemu/myvirt/disk0.img 5G chown qemu:qemu /var/lib/qemu/myvirt/disk0.img chmod 0600 /var/lib/qemu/myvirt/disk0.img
Copy the default configuration file /etc/conf.d/qemu to /etc/conf.d/qemu.myvirt and modify it as needed:
cd /etc/conf.d cp qemu qemu.jarvis vi qemu.jarvis # read comments and edit
Most importantly, add the prepared image:
disk1_file="/var/lib/qemu/myvirt/disk0.raw" disk1_format="raw"
You will probably also need to add the installation CD of a distribution that you have already downloaded:
cdrom0_file="/var/lib/qemu/alpine-virt-3.4.1-x86_64.iso"
Create a symlink for the init script and run myvirt.
cd /etc/init.d ln -s qemu qemu.myvirt rc-service qemu.myvirt start
If you aren’t using any tool to generate iptables rules (like e.g. ferm), I recommend basing them on [https://gist.github.com/jirutka/3742890|existing rule templates]]. These are already in the iptables format, which can be loaded using iptables-restore.
Download the modified rule template with the added masquerade for our bridge to /etc/iptables:
rmdir /etc/iptables wget -O /etc/iptables http://haste.fit.cvut.cz/raw/iwuqoso
Modify the /etc/conf.d/iptables configuration file (IPv4):
# /etc/conf.d/iptables IPTABLES_SAVE="/etc/iptables" #SAVE_RESTORE_OPTIONS="-c" SAVE_ON_STOP="no" IPFORWARD="yes"
…and the /etc/conf.d/ip6tables configuration file (IPv6):
# /etc/conf.d/ip6tables IP6TABLES_SAVE="/etc/iptables" SAVE_RESTORE_OPTIONS="-T filter" SAVE_ON_STOP="no" IPFORWARD="yes"
Run iptables and ip6tables and add them to the runlevel boot:
rc-service iptables start rc-service ip6tables start rc-update add iptables boot rc-update add ip6tables boot