From: Gregory (Grisha) Trubetskoy (grisha_at_ispol.com)
Date: Sun 24 Oct 2004 - 19:59:09 BST
Here is what we do in OpenVPS. This is Fedora biased.
I think the utils strategy is copy-everything-then-unify, whereas we stuck
to hardlink-as-you-copy-then-leave-it-alone. Either strategy is fine, it
probably more depends on what you're doing. In our case the vserver is
intended to passed to a client/customer/etc, so it's best not to touch
those files once they're released, which why we've been avoiding vuinify.
We pretty much follow these steps:
1. Build a reference server like any other server (there is more than one
way to do it, we just use rpm and then manually adjust little things, the
vserver utils use the magic of apt to do it).
2. There is a "fixflags" script. It walks the tree and sets certain things
immutable (iunlink to be exact). The strategy is similar to what vunify
does - we rely on RPM package information, if a file is marked as "config"
it is not flagged with iunlink.
3. To make a vserver you have a "clone" script. The clone script makes
hard links to files that are iunlink, and copies most everything else.
Some files are not copied, but just created (touched). The specific "clone
rules" we use look like this (these rules make an assumption that the
reference server is in a pristine state, otherwise you'd need a more
elaborate set of rules):
CLONE_RULES = {
'copy' : ['/etc', '/var', '/root', '^/dev'],
'touch' : ['/var/log', '/var/run', '\.bash_history'],
'skip' : ['ssh_host_', '.pem$', '/proc/', '/var/tmp/',
'/var/cache/.*/.+']
}
(this is in python, btw)
This means /etc is always copied, everything in /var/log is always
"touched", .pem files are skipped, etc.
4. If you update the reference server, just go ahead and do it, and
remember to run the fixflags afterwards, or the clone step will not
hardlink the new files because they're not iunlink.
Haven't tried vserver-copy, it probably does something similar.
Grisha
On Sun, 24 Oct 2004, Tor Rune Skoglund wrote:
> Hi List,
>
> when trying to make a good template server, one obviously has
> to start and enter the virtual server and test the installation
> of it, add some programs, make config changes in it and so on.
>
> But when using it as a template, some files must be removed
> or altered before it is made "production ready". AFAICS at
> least these have to be changed/deleted:
>
> * ssh keys
> * shell history file
> * root password setting
> * any standard users password settings
>
> I am sure there are more, so if any of you experts out there
> has additions to the list, please mail me or the list.
> I'll make a summary on the wiki afterwards.
>
> Also, I do not know how well vserver-copy or other copy tools
> handle such files, as the documentation seems to be a bit
> sparse on the tools. Any enlightment on these matters will
> be highly appreciated.
>
> Best regards
> Tor Rune Skoglund
> trs_at_datakompaniet.no
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver