OpenVZ 7 / Virtuozzo 7 Minimal templates
I made a complete set a few days ago, thought I would share them as I don't see them anywhere else.
These are fully functional and VERY minimal templates for OpenVZ 7/ Virtuozzo 7, all tested.
They range from 5mb to 9mb ram used on initial deployment:
http://185.164.137.206/vz7/
For SolusVM you will need to be on at least the latest mainline release (probably better off on beta - upcp 3) which enables the EZ templates option when adding an OpenVZ templates in solusvm
I have spend a fair bit of time working with the EZ template system now, its very different to OpenVZ 6 or "legacy templates" as they are now known so if anyone needs any help just shout up, not enough info public at this stage.
If your host does not have them available yet point them here
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
Comments
how did you add debian10 template? I though it needed real 4.x kernel.
just for you
Virtuozzo 7 does not bind the kernel version of the host to the container like OpenVZ 6 did.
I mean it is just a psudo kernel version anyway it just tracks the distro current version and displays it in the container you still use the host nodes kernel but now at least software does not complain about expecting a different version.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
tried debian 10 image, firewalls (nftable/ufw/iptables trans) failed to start with error for bunch of nft related kernel modules and unknown option "--dport"
ERROR: problem running ufw-init
modprobe: ERROR: ../libkmod/libkmod.c:514 lookup_builtin_file() could not open builtin file '/lib/modules/4.19.0/modules.builtin.bin'
modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/4.19.0
modprobe: ERROR: ../libkmod/libkmod.c:514 lookup_builtin_file() could not open builtin file '/lib/modules/4.19.0/modules.builtin.bin'
modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/4.19.0
modprobe: ERROR: ../libkmod/libkmod.c:514 lookup_builtin_file() could not open builtin file '/lib/modules/4.19.0/modules.builtin.bin'
modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.19.0
From the host node: vzctl set CTID --netfilter=full --save
I only made the templates the templates cant enable or give access to kernel modules on the host node for you
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
well it was your NL OVZ7 node, so... write a ticket?
https://www.lowendtalk.com/discussion/158922/virtuozzo-7-docker-ready-50-off-double-disk-up-to-6gb-ram-from-21-p-year-netherlands/p1
ah ok: https://clients.inceptionhosting.com/index.php?rp=/knowledgebase/36/Iptables-csf-ufw-firewalld-or-vpn-software-problems.html
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
I found the root cause.
you need to change firefall framework to iptables in debian 10 image, because debian 10 changed to nftable and need different kernal modules. witch you and most provider doesn't enabled.
https://wiki.debian.org/nftables >
Cool good fix, I will look in to it now I know for the host nodes and add that to the KB I linked, much appreciated!
edit: enabled on all my nodes now.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
sorry, but it nftables still looks broken. it ask for nf_nat_ftp,nf_conntrack_ftp and nf_conntrack_netbios_ns
maybe it's just best to edit image to use legacy iptables.>
Update : enableing nftable related kernel modules touched upsteam bug, and tring to using it will cause kernel panic and make host(not single container) to reboot. Looks like use legacy iptable is best for now
Just want to thank you Ant, you probably recall me and you having a silly set-to on the old forum as my Debian 9 instance was running out of RAM for apt commands. I switched to your new Ubuntu 18.04 template and used the PPA to get wireguard-tools, which seems to use less resources than pinning the unstable repo on Debian to get that package and its dependencies.
(If anyone is interested, I'm following this guide to get wireguard-go working on my LES box:
https://d.sb/2019/07/wireguard-on-openvz-lxc
Obviously, switching out the section about pinning the Debian unstable repo and using the Wireguard PPA instead, still issuing "apt-get install wireguard-tools --no-install-recommends". The rest of the guide works really well (I compile wireguard-go on my local machine and push it onto my instance) and with wireguard-go and an OpenVPN server setup, as well as fail2ban, I'm still only using about 39M RAM on idle and all apt commands seem to be working without any issues.)