Basic operations in OpenVZ environment

This article assumes you have already installed OpenVZ. If not, follow the link to perform the steps needed.

Create and start a container

To create and start a container, run the following commands:

[host-node]# vzctl create CTID --ostemplate osname
[host-node]# vzctl set CTID --ipadd a.b.c.d --save
[host-node]# vzctl set CTID --nameserver a.b.c.d --save
[host-node]# vzctl start CTID

Here CTID is the numeric ID for the container; osname is the name of the OS template for the container, and a.b.c.d is the IP address to be assigned to the container.


[host-node]# vzctl create 101 --ostemplate fedora-core-5-minimal
[host-node]# vzctl set 101 --ipadd --save
[host-node]# vzctl set 101 --nameserver --save
[host-node]# vzctl start 101

Your freshly-created container should be up and running now; you can see its processes:

[host-node]# vzctl exec CTID ps ax

Enter to and exit from the container

To enter container give the following command:

[host-node]# vzctl enter CTID
entered into container CTID

To exit from container, just type exit and press Enter:

[container]# exit
exited from container VEID

Stop and destroy the container

To stop container:

[host-node]# vzctl stop CTID
Stopping container ...
Container was stopped
Container is unmounted

And to destroy container:

[host-node]# vzctl destroy CTID
Destroying container private area: /vz/private/CTID
Container private area was destroyed

OpenVZ installation


This guide assumes you are running RHEL (CentOS, Scientific Linux) 6 on your system. Currently, this is a recommended platform to run OpenVZ on.

/vz file system

It is recommended to use a separate partition for containers (by default /vz) and format it to ext4.

yum pre-setup

Download openvz.repo file and put it to your /etc/yum.repos.d/ repository:

wget -P /etc/yum.repos.d/

Import OpenVZ GPG key used for signing RPM packages:

rpm --import

Kernel installation

Limited OpenVZ functionality is supported when you run a recent 3.x kernel (check vzctl for upstream kernel, so OpenVZ kernel installation is optional but still recommended.

# yum install vzkernel

System configuration

Please make sure the following steps are performed before rebooting into OpenVZ kernel.


There are a number of kernel parameters that should be set for OpenVZ to work correctly. These parameters are stored in /etc/sysctl.conf file. Here are the relevant portions of the file; please edit accordingly.

# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0

# Enables source route verification
net.ipv4.conf.all.rp_filter = 1

# Enables the magic-sysrq key
kernel.sysrq = 1

# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0


SELinux should be disabled. Put SELINUX=disabled to /etc/sysconfig/selinux:

echo "SELINUX=disabled" > /etc/sysconfig/selinux

Tools installation

Before installing tools, please read about vzstats and opt-out if you don’t want to help the project.

OpenVZ needs some user-level tools installed:

# yum install vzctl vzquota ploop

Reboot into OpenVZ

Now reboot the machine and choose “OpenVZ” on the boot loader menu (it should be default choice).

Download OS templates

An OS template is a Linux distribution installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a minute.

Download precreated template directly from, or from one of the mirrors. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory.

How To Setup and Configure an OpenVPN Server on CentOS 7


We’re going to install and configure OpenVPN on a CentOS 7 server. We’ll also discuss how to connect a client to the server on Windows, OS X, and Linux.

OpenVPN is an open-source VPN application that lets you create and join a private network securely over the public Internet.


You should complete these prerequisites:

  • CentOS 7 Server
  • root access to the server (several steps cannot be completed with just sudo access)
  • Domain or subdomain that resolves to your server that you can use for the certificates

Before we start we’ll need to install the Extra Packages for Enterprise Linux (EPEL) repository. This is because OpenVPN isn’t available in the default CentOS repositories. The EPEL repository is an additional repository managed by the Fedora Project containing non-standard but popular packages.

yum install epel-release 

Step 1 — Installing OpenVPN

First we need to install OpenVPN. We’ll also install Easy RSA for generating our SSL key pairs, which will secure our VPN connections.

yum install openvpn easy-rsa -y 

Step 2 — Configuring OpenVPN

OpenVPN has example configuration files in its documentation directory. We’re going to copy the sampleserver.conf file as a starting point for our own configuration file.

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

Let’s open the file for editing.

vi /etc/openvpn/server.conf

There are a few lines we need to change in this file. Most of the lines just need to be uncommented (remove the ;). Other changes are marked in red.

When we generate our keys later, the default Diffie-Hellman encryption length for Easy RSA will be 2048 bytes, so we need to change the dh filename to dh2048.pem.

dh dh2048.pem

We need to uncomment the push "redirect-gateway def1 bypass-dhcp" line, which tells the client to redirect all traffic through our OpenVPN.

push "redirect-gateway def1 bypass-dhcp"

Next we need to provide DNS servers to the client, as it will not be able to use the default DNS servers provided by your Internet service provider. We’re going to use Google’s public DNS servers,

Do this by uncommenting the push "dhcp-option DNS lines and updating the IP addresses.

push "dhcp-option DNS"
push "dhcp-option DNS"

We want OpenVPN to run with no privileges once it has started, so we need to tell it to run with a user and group of nobody. To enable this you’ll need to uncomment these lines:

user nobody
group nobody

Save and exit the OpenVPN server configuration file.

Step 3 — Generating Keys and Certificates

Now that the server is configured we’ll need to generate our keys and certificates. Easy RSA installs some scripts to generate these keys and certificates.

Let’s create a directory for the keys to go in.

mkdir -p /etc/openvpn/easy-rsa/keys

We also need to copy the key and certificate generation scripts into the directory.

cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

To make life easier for ourselves we’re going to edit the default values the script
uses so we don’t have to type our information in each time. This information is stored
in the vars file so let’s open this for editing.

vi /etc/openvpn/easy-rsa/vars

We’re going to be changing the values that start with KEY_. Update the following values to be accurate for your organization.

The ones that matter the most are:

  • KEY_NAME: You should enter server here; you could enter something else, but then you would also have to update the configuration files that reference server.key and server.crt
  • KEY_CN: Enter the domain or subdomain that resolves to your server

For the other values, you can enter information for your organization based on the variable name.

. . .

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_CITY="New York"
export KEY_ORG="Org"
export KEY_EMAIL=""
export KEY_OU="Community"

# X509 Subject Field
export KEY_NAME="server". . .

. . .

We’re also going to remove the chance of our OpenSSL configuration not loading due to the version being undetectable. We’re going to do this by copying the required configuration file and removing the version number.

cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

To start generating our keys and certificates we need to move into our easy-rsa directory and source in our new variables.

cd /etc/openvpn/easy-rsa
source ./vars

Then we will clean up any keys and certificates which may already be in this folder and generate our certificate authority.


When you build the certificate authority, you will be asked to enter all the information we put into thevars file, but you will see that your options are already set as the defaults. So, you can just press ENTER for each one.


The next things we need to generate will are the key and certificate for the server. Again you can just go through the questions and press ENTER for each one to use your defaults. At the end, answer Y (yes) to commit the changes.

./build-key-server server

We also need to generate a Diffie-Hellman key exchange file. This command will take a minute or two to complete:


That’s it for our server keys and certificates. Copy them all into our OpenVPN directory.

cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

All of our clients will also need certificates to be able to authenticate. These keys and certificates will be shared with your clients, and it’s best to generate separate keys and certificates for each client you intend on connecting.

Make sure that if you do this you give them descriptive names, but for now we’re going to have one client so we’ll just call it client.

cd /etc/openvpn/easy-rsa
./build-key client

That’s it for keys and certificates.

Step 4 — Routing

To keep things simple we’re going to do our routing directly with iptables rather than the new firewalld.

First, make sure the iptables service is installed and enabled.

yum install iptables-services -y
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables
iptables --flush

Next we’ll add a rule to iptables to forward our routing to our OpenVPN subnet, and save this rule.

iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables

Then we must enable IP forwarding in sysctl. Open sysctl.conf for editing.

vi /etc/sysctl.conf

Add the following line at the top of the file:

net.ipv4.ip_forward = 1

Then restart the network service so the IP forwarding will take effect.

systemctl restart network.service 

Step 5 — Starting OpenVPN

Now we’re ready to run our OpenVPN service. So lets add it to systemctl:

systemctl -f enable openvpn@server.service

Start OpenVPN:

systemctl start openvpn@server.service

Well done; that’s all the server-side configuration done for OpenVPN.

Next we’ll talk about how to connect a client to the server.

Step 6 — Configuring a Client

Regardless of your client machine’s operating system, you will definitely need a copy of the ca certificate from the server, along with the client key and certificate.

Locate the following files on the server. If you generated multiple client keys with unique descriptive names, then the key and certificate names will be different. In this article we used client.


Copy these three files to your client machine. You can use SFTP or your preferred method. You could even open the files in your text editor and copy and paste the contents into new files on your client machine.

Just make sure you make a note of where you save them.

We’re going to create a file called client.ovpn. This is a configuration file for an OpenVPN client, telling it how to connect to the server.

  • You’ll need to change the first line to reflect the name you gave the client in your key and certificate; in our case, this is just client
  • You also need to update the IP address from your_server_ip to the IP address of your server; port1194 can stay the same
  • Make sure the paths to your key and certificate files are correct
dev tun
proto udp
remote your_server_ip 1194
resolv-retry infinite
verb 3
ca /path/to/ca.crt
cert /path/to/client.crt
key /path/to/client.key

This file can now be used by any OpenVPN client to connect to your server.


On Windows, you will need the official OpenVPN Community Edition binaries which come with a GUI. Then, place your .ovpn configuration file into the proper directory, C:\Program Files\OpenVPN\config, and click Connect in the GUI. OpenVPN GUI on Windows must be executed with administrative privileges.


On Mac OS X, the open source application Tunnelblick provides an interface similar to the OpenVPN GUI on Windows, and comes with OpenVPN and the required TUN/TAP drivers. As with Windows, the only step required is to place your .ovpn configuration file into the ~/Library/Application
directory. Or, you can double-click on your .ovpn file.


On Linux, you should install OpenVPN from your distribution’s official repositories. You can then invoke OpenVPN by executing:

sudo openvpn --config ~/path/to/client.ovpn


Congratulations! You should now have a fully operational virtual private network running on your OpenVPN server.

After you establish a successful client connection, you can verify that your traffic is being routed through the VPN by checking Google to reveal your public IP.

Installing SolusVM

Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Linux KVM, Xen Paravirtualization and Xen HVM support.

Notes before Installing

You CANNOT Install a SolusVM Master on a Xen/KVM Slave Directly, you can however install your Master on a Xen VPS which is hosted on this slave, it just cant be installed directly onto the slave

This Script should NEVER be used to upgrade SolusVM to the latest version, doing so will destroy your installation of SolusVM

DO NOT use this installer on servers that contain any other control panel (cPanel, Directadmin etc..) Always use a clean install of CentOS/RHEL/Scientific!


Supported Host Operating Systems

  • CentOS 5/6
  • RHEL 5/6
  • Scientific Linux 5/6


Xen PV/HVM Host

/ 80GB+ (XEN templates & iso’s will be stored in /home/solusvm/xen)
SWAP 4GB max (Virtual servers won’t use the host swap)
Logical Volume Group (LVM) remaining space (Logical Volume Group Only, SolusVM will create the logical volumes for the virtual servers inside this group)

Please Note: The PE Size should be set to 32M not the Default of 4M

KVM Host

/ 80GB+ (KVM templates & iso’s will be stored in /home/solusvm/kvm)
SWAP 4GB+ (Virtual servers may use host swap if there is a real memory shortage)
Logical Volume Group (LVM) remaining space (Logical Volume Group Only, SolusVM will create the logical volumes for the virtual servers inside this group)

Please Note: The Volume Group Name CANNOT be KVM as /dev/kvm/ is a directory created on install
The PE Size should be set to 32M not the Default of 4M

OpenVZ Host

/ 10GB
SWAP 2 times RAM (if RAM ⇐2GB otherwise RAM + 2GB is plenty)
/vz remaining space (templates & virtual servers will be stored here)

Quick Install

If you don’t want to read the full installation guide and just want to get started, Here’s the commands you need.

chmod 755 install

Installing a Master / Slave

In SSH as root do the following:

chmod 755 install


After running the last command a screen with various options will be presented to you, choose based on your requirements. You can install a master with no virtualization option in case you want your solusvm installation to  be separate from your host nodes.