1. prepare the host system
    1. build the kernel
    2. build the vserver-utils
    3. bind to a single ip
  2. create a vserver
  3. using vservers
  4. converting legacy vservers to the new format

A vserver is a virtual server running on top of an actual server. Because each vserver shares the same kernel, unlike User Mode Linux, there is no additional overhead to using vservers. User Mode Linux (UML) is useful when you actually need different kernels, a virtual machine which looks exactly like a real machine, or to set up virtual networks. Otherwise, vservers are much easier to set up and much faster.

This mini-tutorial is for setting up multiple vservers for the goal of doing software development. This is a very simple case of using vservers, because the vservers are just for your own use and you don't care about a reference server. Also, we don't need to be as strict about securing the vservers, because they will not be used by untrusted users.

To use vservers you must patch the kernel and have multiple IPs available to use. Without multiple IPs, networking is very difficult. With multiple IPs, it is trivial.

prepare the host system

build the kernel

here are all the steps for patching the stock debian kernel. this will give you a setup similar to the kernel package, but with the context patch needed by vserver. You can get the context patch at www.13thfloor.at/vserver/.

# cd /usr/src
# apt-get install kernel-source-2.6.8
# wget '/path/to/download/context/patch-2.6.8.tar.bz2'
# tar xvjf patch-2.6.8.tar.bz2
# tar xvjf kernel-source-2.6.8.tar.bz2
# cd kernel-source-2.6.8
# patch -p1 < ../patch-2.6.8.diff
# make
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.8
# cp System.map /boot/System.map-2.6.8
# mkinitrd -o /boot/initrd-2.6.8 2.6.8
# update-grub

build the vserver-utils

As of this writing the Debian util-vserver tools are made for the older 1.2 version of the vserver kernel patch. If you are using the vserver 1.9 kernel patches (which is highly recommended), then you are going to want to use the updated version of the vserver utilities, although it is possible to use the older utilities.

  1. Get the new utilities (look for newer versions first)
    # wget http://www.13thfloor.at/vserver/d_rel26/v1.9.5/util-vserver-0.30.204.tar.bz2
    # tar -jxvf util-vserver-0.30.204.tar.bz2
    # cd util-vserver-0.30.204
  2. Install the necessary extra programs
    # apt-get install beecrypt2 beecrypt2-dev dietlibc-dev dietlibc
  3. Configure and make the new utilities
    # ./configure --prefix=/usr --with-initrddir=/etc/init.d --with-vrootdir=/home/vservers --sysconfdir=/etc
    # make
    # make install

bind to a single ip

All processes in the host system must bind to specific ip address. Otherwise, the vservers will not be able to see any traffic over a port which has been bound by a process in the host system.

  1. Replace inetd through xinetd with "apt-get install xinetd". Put this line into /etc/xinetd.conf:
    defaults {bind = 10.0.0.55}
    (replace 10.0.0.55 with your real static IP)
  2. sshd: in file /etc/ssh/sshd_config
    ListenAddress 10.0.0.55
  3. check /etc/resolv.conf for your nameserver
Are there any ports used on the host system which are still bound to all IP addresses? Check with:
# netstat -lp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address        Foreign Address  State   PID/Program 
tcp        0      0 *:www                *:*              LISTEN  26361/apache
tcp        0      0 ibis.riseup.net:ssh  *:*              LISTEN  607/sshd

Here we see that apache has www (port 80) bound to all addresses, but that sshd has ssh (port 22) bound correctly to a single ip.

create a vserver

# REMOVE_PACKAGES="sparc-utils,dhcp-client,lilo,makedev,pcmcia-cs,ppp,pppconfig,pppoe,pppoeconf,setserial,syslinux,fdutils,libpcap0,iptables,pciutils
# vserver bluebird build -m debootstrap --context 42 --force -- -d sarge -- --exclude=$REMOVE_PACKAGES --hostname bluebird --domain riseup.net --interface eth0:69.90.134.205

If your vserver root was /var/lib/vservers (the default), this command would create /var/lib/vservers/bluebird and /etc/vservers/bluebird.conf. It takes a long time! To start the new vserver:

# vserver bluebird start
or
# vserver bluebird enter

using vservers

blah blah...

converting legacy vservers to the new format

The old configuration had /etc/vservers/.conf, the new version has a directory in /etc/vservers for the vserver name, and a number of subdirectories in there with various parameters set.

If you haven't done anything major in setting up your legacy vserver, except set your IP you can do this to convert it to the new format:

First look at the vserver.conf file to see what the IP was and any other necessary configuration items, then build a skeleton vserver configuration:

# vserver face build -m skeleton --hostname face --interface eth0:69.90.134.205 --force

This creates the /etc/vservers/ directory, it also moves your /vservers/ out of the way and creates a new, empty one. We want to move our old one back, and put the new devices in place in our new one:

# cd /vservers 
# mv face face.new
# mv face.~1231357235 face
# rm -rf face/dev/*
# cp -a face.new/dev/* face/dev/