Guncelleme
ubuntu 10.04 32 bit minimal install icin yeniden duzenledim

1- ubuntu 10.04 vpsimizi hazir edelim -iki adet ip adresi var
2- apt-get install squid3
3- kendi confum hazir o yuzden var olani yedekle lazim olursa
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.yedek
4- nano /etc/squid3/squid.conf

#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320

auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth

forwarded_for off

acl ip1 myip 178.63.148.7
tcp_outgoing_address 178.63.148.7 ip1

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
save et bitti
5- touch /etc/squid3/squid_passwd
6- htpasswd /etc/squid3/squid_passwd proxykullaniciadi1
7- service squid3 restart

oldu bitti masallah

port 3128 iplerimiz yukaridaki ornekde oldugu gibi 178.63.148.7 bla bla
tabi serverdaki gercek ipleri yaz yerine

————————————-

————————————-

CENTOS 5.x ICIN

yum -y install rpm-build openjade linuxdoc-tools openldap-devel pam-devel openssl-devel httpd rpm-devel

wget http://archives.fedoraproject.org/pub/archive/fedora/linux/releases/10/Fedora/source/SRPMS/squid-3.0.STABLE10-1.fc10.src.rpm

mkdir /usr/src/redhat/

rpm -ivh squid-3.0.STABLE10-1.fc10.src.rpm

cd /usr/src/redhat/SPECS
rpmbuild -bb squid.spec

hata vericek

nano squid.spec diyip

iconv satirini asagidaki sekilde degistir

iconv -f ISO-8859-1 -t UTF-8 ChangeLog > ChangeLog.tmp

sonra yeniden

rpmbuild -bb squid.spec

rpm build olduktan sonra kur

rpm -Uvh /usr/src/redhat/RPMS/x86_64/squid-3.0.STABLE10-1.x86_64.rpm

cd /etc/squid/
mv squid.conf squid.conf.orig
nano squid.conf

YAPISTIR

#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320

auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth

forwarded_for off

acl ip1 myip 178.63.148.7
tcp_outgoing_address 178.63.148.7 ip1

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all

save et

sonra user pass olusturucaz

5- touch /etc/squid/squid_passwd
6- htpasswd /etc/squid/squid_passwd proxykullaniciadi1
7- service squid restart

oldu bitti masallah

port 3128 iplerimiz yukaridaki ornekde oldugu gibi 178.63.148.7 bla bla
tabi serverdaki gercek ipleri yaz yerine

————————————-

sorun: proxmox ustundeki windows 2003 lerde ki inanilmaz kotu disk performansi
cozum: redhatin en son cikardigi virtio HDD driverlarini windows 2003 guestimize kurmak ve sonra disklerimizi ide degil virtio olarak baglamak
nasil:
1- sifirdan windows 2003 kuruyorsak eger
I have the driver available at http://aye.comp.nus.edu.sg/~trunglt/virtio-setup.iso. The steps you can follow to use the drivers are:

1. Create a virtual machine with hard disk and nic’s drivers set to “virtio”
2. The virtual machine should have a CDROM that points to the file virtio-setup.iso
3. When you run the windows installation, you would not be able to see the hard disk. At this moment, you need to load the driver. You should browse to the specific folder in the CDROM drive (ie amd64…). Then you would see a list of drivers to load.
4. After you load the drivers probably, you can now see the hard disk.
5. Finish the installation

2- eger zaten calisan windowsumuz var ise

I just did the following to move an existing win2003 from IDE to VIRTIO storage driver:

* Poweroff the VM and add a new harddisk with virtio using the hardware tab on the web interface
* Poweron and follow the new hardware wizard using the virtio storage drivers from the ISO – Now windows got the drivers and is ready for the switch
* Poweroff again and remove the IDE boot harddrive and add the unused disk again but now using virtio
* Go to the option tab and configure this virtio disk as the first boot device and start again, done.

Linkler:
1- proxmox forum

2- linux-kvm sayfasindaki resimli aciklamalar

en basit isler icin kafa kalmiyor
nedir nasil diye
iyiki shukko.com var
utanmadan bunu bile yaziyorum.
——–
olay: debian 5 yedek sistemine ntfs formatli 1 TB usb diskimi takmam lazim

cozum:
1- diski taktiktan sonra dmesg diyip yeni disin nerede oldugunu bul


[ 1504.632862] usb 2-3: new high speed USB device using ehci_hcd and address 2
[ 1504.765986] usb 2-3: configuration #1 chosen from 1 choice
[ 1504.766700] usb 2-3: New USB device found, idVendor=1058, idProduct=1003
[ 1504.766703] usb 2-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1504.766706] usb 2-3: Product: External HDD
[ 1504.766708] usb 2-3: Manufacturer: Western Digital
[ 1504.766710] usb 2-3: SerialNumber: 57442D574341553434313536343634
[ 1504.884993] Initializing USB Mass Storage driver...
[ 1504.886073] scsi4 : SCSI emulation for USB Mass Storage devices
[ 1504.886170] usbcore: registered new interface driver usb-storage
[ 1504.886174] USB Mass Storage support registered.
[ 1504.888348] usb-storage: device found at 2
[ 1504.888352] usb-storage: waiting for device to settle before scanning
[ 1509.888205] usb-storage: device scan complete
[ 1509.890431] scsi 4:0:0:0: Direct-Access WD 10EAVS External 1.75 PQ: 0 ANSI: 4
[ 1509.894437] sd 4:0:0:0: [sde] 1953525168 512-byte hardware sectors (1000205 MB)
[ 1509.897298] sd 4:0:0:0: [sde] Write Protect is off
[ 1509.897301] sd 4:0:0:0: [sde] Mode Sense: 23 00 00 00
[ 1509.897304] sd 4:0:0:0: [sde] Assuming drive cache: write through
[ 1509.901424] sd 4:0:0:0: [sde] 1953525168 512-byte hardware sectors (1000205 MB)
[ 1509.904304] sd 4:0:0:0: [sde] Write Protect is off
[ 1509.904308] sd 4:0:0:0: [sde] Mode Sense: 23 00 00 00
[ 1509.904311] sd 4:0:0:0: [sde] Assuming drive cache: write through
[ 1509.904354] sde: sde1
[ 1509.914939] sd 4:0:0:0: [sde] Attached SCSI disk
[ 1863.015542] FAT: bogus number of reserved sectors
[ 1863.015563] VFS: Can't find a valid FAT filesystem on dev sde1.
[ 1869.948234] FAT: invalid media value (0xb9)
[ 1869.948234] VFS: Can't find a valid FAT filesystem on dev sde.
[ 1960.708501] fuse init (API version 7.9)



Disk /dev/sde: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0xe8900690

2- diskin sde oldugunu ogrendik debian icin ntfs okuyup yazmak icin paketlerimizi kuralim

apt-get install libfuse2
apt-get install ntfs-3g

3- diskimizi mount edelim

mkdir /usbdisk
mount –t ntfs-3g /dev/sde1 /usbdisk


oldu bitti masallah

When dealing with mem-leaks in my mod_perl-apps I ran into a curious apache-problem. After a while apache could not be started but failed with strange errors like: [emerg] (28)No space left on device: Couldn’t create accept lock or [crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration Failed or [Wed Dec 07 00:00:09 2005] [error] (28)No space left on device: Cannot create SSLMutex There was definitely enough space on the device where the locks are stored (default /usr/local/apache2/logs/). I tried to explicetely different Lockfiles using the LockFile-directive but this did not help. I also tried a non-default AcceptMutex (flock) which then solved the acceptlock-issue and ended in the rewrite_log_lock-issue. Only reboot of the system helped out of my crisis.

Solution: There were myriads of semaphore-arrays left, owned by my apache-user.

## ipcs -s | grep apache

Removing this semaphores immediately solved the problem.


ipcs -s | grep apache | perl -e 'while () { @a=split(/\s+/); print `ipcrm sem $a[1]`}'


directadmin kurulu sunucuda. daha once default spamassassin kurulumu yapilmis. yukselticez.. su sekilde:

not: toptan kopy paste yapma. satirlari tek tek yapistir. aksi takdirde sicma egilimi gosteriyor 😀

ISLEM BITINCE

sa-update komutunu calistir !!! calistirmazsan baslamiyor yeni spamassassin

NOT: centos 5.4 64 bit de sa-update can’t find LWP vs hata verirse:

yum install perl-libwww-perl

sonra sa-update

ty ty..

Abstract

The following is a Quick n’ Dirty method at implementing a very simple firewall. This HOWTO is a general compilation of suggested tips for a firewall.

Let’s Get Dirty

Locate IPTables

Depending on your VPS, first locate iptables:

[root@vps /]# which iptables

Create IP Based Accept/Deny

Create a whitelist (IP passes through firewall) or blacklist (packets from IP always dropped) if you wish:

[root@vps /]# vi /usr/local/etc/whitelist.txt

And/Or…

[root@vps /]# vi /usr/local/etc/blacklist.txt

In each file, add each IP per line, for instance:

4.2.2.2
66.35.15.20

firewall.sh Script

Then put the following in /etc/init.d/firewall.sh, and edit to fit your needs:

#!/bin/sh
#
## Quick n Dirty Firewall
#
## List Locations
#

WHITELIST=/usr/local/etc/whitelist.txt
BLACKLIST=/usr/local/etc/blacklist.txt

#
## Specify ports you wish to use.
#

ALLOWED="22 25 53 80 443 465 587 993"

#
## Specify where IP Tables is located
#

IPTABLES=/sbin/iptables

#
## Clear current rules
#

$IPTABLES -F
echo 'Clearing Tables F'
$IPTABLES -X
echo 'Clearing Tables X'
$IPTABLES -Z
echo 'Clearing Tables Z'

echo 'Allowing Localhost'
#Allow localhost.
$IPTABLES -A INPUT -t filter -s 127.0.0.1 -j ACCEPT

#
## Whitelist
#

for x in `grep -v ^# $WHITELIST | awk '{print $1}'`; do
        echo "Permitting $x..."
        $IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done

#
## Blacklist
#

for x in `grep -v ^# $BLACKLIST | awk '{print $1}'`; do
        echo "Denying $x..."
        $IPTABLES -A INPUT -t filter -s $x -j DROP
done

#
## Permitted Ports
#

for port in $ALLOWED; do
        echo "Accepting port TCP $port..."
        $IPTABLES -A INPUT -t filter -p tcp --dport $port -j ACCEPT
done

for port in $ALLOWED; do
        echo "Accepting port UDP $port..."
        $IPTABLES -A INPUT -t filter -p udp --dport $port -j ACCEPT
done

$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p udp -j DROP
$IPTABLES -A INPUT -p tcp --syn -j DROP

Start Firewall

[root@vps /]# chmod 700 /etc/init.d/firewall.sh
[root@vps /]# /etc/init.d/firewall.sh

olay: acil olarak server , lokasyon ve ip degistirmek gerekti.

durum: eski serverda calisan pek cok domain, web , mail var – aktarim kolay – ancak kisa surede yeni serverda yeni ipde devam etmek istiyoruz

normal prosedur : eski serverdaki servisleri durdur. Yedek al – Yedekleri yeni servera aktar – yukle – calistigindan emin olunca nameserver iplerini degistir yeni server ipleri ile – bekle – 24 saat icinde hersey yoluna girer

sorun: vakit dar – tum islemin 2 3 saat icinde olmasi gerek – ancak yedekleme tek basina 10 saat suruyor –

10 saat yedekle – yedekleri aktar – 50GB 🙂 – yukle – calistir et – 12 saat oldu . bizim 2 – 3 saatimiz var

dnsler degisti ancak guncellenene kadar hersey eski iplerde resolve ediyor. basa bela durumu…

cozum: rinetd !

rinetd redirects TCP connections from one IP address and port to another, with basic IP-based access control.rinetd is a single-process server which handles any number of connections to the address/port pairs specified in the file /etc/rinetd.conf. Since rinetd runs as a single process using nonblocking I/O, it is able to redirect a large number of connections without a severe impact on the machine. This makes it practical to run services on machines inside an IP masquerading firewall.

install rinetd in ubuntu

apt-get install rinetd

install rinetd in centos

http://www.boutell.com/rinetd/

wget http://www.boutell.com/rinetd/http/rinetd.tar.gz

tar zxvf rinetd.tar.gz , cd rinetd  , make install

config dosyasi yapisi cok kolay

nano /etc/rinetd.conf


#
# forwarding rules come here
#
# you may specify allow and deny rules after a specific forwarding rule
# to apply to only that forwarding rule
#
# bindadress bindport connectaddress connectport

# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
# logcommon

rinetd example
Assume that you have a machine with the IP address 192.168.2.1 which has been running Apache, and that you’d like to move that to the IP address 192.168.2.3

You’ve already updated DNS to point visitors to the new IP address, but you want to ensure that people connecting to the old IP still continue to receive service.

To handle this example you should update the /etc/rinetd.conf file to read:

# bindadress bindport connectaddress connectport
192.168.2.1 80 192.168.2.3 80
192.168.2.1 443 192.168.2.3 443

Once you restart rinetd all incoming connections on port 80 and 443 will be seamlessly redirected from the old IP to the new one – although you will need to restart rinetd after making the change to your configuration file.

sonre restart et inetd yi oldu bitti..

sitesi burada

http://www.boutell.com/rinetd/

yeni bir seedbox kurmam gerekiyordu. Dokumanlari okudum vs vs hic birisi isime gelmedi. Bende kendi yolum ile kurdum seedboxumu.

Ubuntu 9.10 server karmic +Xfce4 + vnc + utorrent.

Basitce soyle yaptim:

1- Box config:

e7500 core2duo cpu + 2gb ram + 2x500gb sata II HDD

Ubuntu karmic server kurulur. /boot icin 200 mb ayrilir, swap icin 4Gb ayrilir kalan disk alani / altina software raid1 yapilir. 864Gb NET kullanilabilir hizli disk alanina kavusulur.

2- ubuntu da gerekenler kurulur.

apt-get install tightvncserver wine xterm fluxbox vsftpd firefox vnstat xfce4-goodies xfce4 htop mc flashplugin-nonfree

baska bisi kaldiysa sonra kurarim lazim diil 🙂 – vnstat – munin vs vs ..

3- bi tane user acalim

useradd -m shukko

4- user olarak login edelim ( su – shukko ) vncserver icin islemleri yapalim

$ mkdir .vnc

$ nano .vnc/xstartup

icine sunu yaz : startxfce4             – kaydet cik

5- vncserveri baslat

$vncserver :1

6- uzaktan baglan vncclient ile oldu bitti masallah 🙂

ahada screenshot 🙂

Not: utorrent icin guzel ayarlar var

onlarida yazim sirayla buraya

– Use Speed Guide and set your connection to “xx/100Mbps” or “xx/10Mbps” depending on what you have
– Choose any port above 45,000
– Enable Encryption
– Disable DHT, Local Peer Discovery, Peer Exchange
– No randomize ports, disable UPnP port mapping & NAT-PMP port mapping
– Enable WebUI Interface, insert WebUI’s un & pw
– In Advanced Options, set gui.delete_to_trash to FALSE
– Un-check Minimize to tray & Close to tray

160gb onemli kullanici datasi iceren bir /home dizinini yeni bir diske kopyalamam gerekti.

ilk komut su idi:

$cp -Rp /home/* /home2/

yani

cp -R – dizinleri recursive olarak kopyala-  p – same as –preserve=mode,ownership,timestamps

———-

/home altina o an icin okuma yazma islemleri devam ettiginden ve disklerde oldukca yavas oldugundan 7 8 saat sonra islem tamamlaninca 7 8 saat icinde /home altina yazilan yeni verileri cabucacik yeni yerine kopyalamaliydim.

bunun icin su komutu kullandim

$cp -Rpuv  — yani

R= recursive , p=preserve u=update v=verbose

iste tam bu noktada bir sorun cikti 🙂

sorun su ki bu komut ile update edilmesi gereken her dosya icin benden onay bekliyordu. yani sanki ben girmedigim halde cp komutu -i –interactive switchini almis gibi davraniyordu.

ufak bir arastirma redhat tabanli sistemlerde konsoldan direk yazilan cp nin aslinda cp olmadigini ve cp -i nin aliasi oldugu meydana cikardi.

bu sorunu 2 sekilde cozebilirdim – ya unalias cp -i gibi birsey yazacaktim yada cp yi direk /bin/cp diye calistiracaktim.

sonuc olarak bu komut isimi gordu…

$/bin/cp -Rpuv /home/* /home2/

…

2 adet link verelim:

1- http://howtoforge.com/how-to-convert-physical-systems-and-xen-vms-into-openvz-containers-debian-etch

2- http://www.montanalinux.org/physical-to-virtual.html

2nin iceriginide basalim..

OpenVZ and KVM are Linux based virtualization programs, both are part of the Proxmox VE distribution. The goal of this article is to provide some knowledge on moving physical machines to virtual containers (OpenVZ) or fully virtualized machines (KVM). This article is not specific to Proxmox VE and the principles outlined and scripts provided should work on “stock” KVM or OpenVZ machines with a few minor changes to path settings.

Physical Microsoft Windows Machine to KVM

First we will look at the process of moving a physical box to a KVM virtual machine. I am going to focus on moving a Windows 2003 Server machine. The reason for focusing on Windows is because it does not make much sense to run a Linux server in KVM given the advantages that OpenVZ provides.

The first thing that needs to happen is you need to prepare the physical machine that you are moving. This involves making notes of what hardware is currently being used paying special attention to the hard drive driver. If you are using a SCSI driver or SATA driver your virtual machine may not boot as KVM uses an IDE virtual disk. There is a fix for this outlined in a Microsoft knowledge base article Q314082 (Link).

Next you will need to have access to a couple of tools which are free but not open source. The first tool you need is VMware Converter. Download VMware Convert to the physical box that you are converting and run it. It will guide you step by step on creating an image. The only thing that is required for this tool is a place to put the resulting image. You can use network storage or a USB flash drive, anything but the disk of the machine being converted.

Once the image is made you need to convert the image to a single growable file. To do this I used the vwmare-vdiskmanager.exe program that comes as part of the free VMware Server program. The syntax for this program is easy:

vmware-vdiskmanager -r win2003.vmdk -t 0 win2003-pve.vmdk

I then used WinSCP to copy the resulting file to my Proxmox VE machine. To use it in Proxmox VE you need to copy it to /var/lib/vz/images. You then need to preform one more conversion of the image to make it usable on Proxmox VE. You need to convert the file to qcow2 format:

qemu-img convert -f vmdk win2003-pve.vmdk -O qcow2 win2003-pve.qcow2

I then used Proxmox VE to create a blank KVM virtual machine as a template. Edit the configuration file and replace the line that starts with hda: to point to the new qcow2 file that you created. For example:

hda: /var/lib/vz/images/win2003-pve.qcow2

You are now able to start the KVM virtual machine. You may want to install paravirtualized Network Drivers for increased performance of the network. This same basic procedure will work with Windows XP and Windows Server 2008.

Physical Linux Machine to OpenVZ Container

The scripts that are shown are very much a work-in-progress and if you have suggestions on improving them please leave a comment with improvements. This is not quite as straight forward as the KVM machine migration, I will do my best to guide you.

First the script:

#!/bin/sh
#
# Bash Script used to move a physical host to a virtual on
# This script must be run as root from host node that the container
# will be on.
#
# Version 2.0
# 6/10/2008 Andrew Niemantsverdriet
#

echo -n "Enter the host to move: "
read host

echo -n "Enter the OpenVZ container ID: "
read ctid
echo

echo "Rsyncing $host to CTID: $ctid"

rsync -arvpz --numeric-ids --exclude-from '/root/.excludes' $host:/ /var/lib/vz/private/$ctid/

#Clean Ups
echo "Cleaning Up..."
sed -i -e '/getty/d' /var/lib/vz/private/$ctid/etc/inittab

rm -f /var/lib/vz/private/$ctid/etc/mtab
ln -s /proc/mounts /var/lib/vz/private/$ctid/etc/mtab

cp /var/lib/vz/private/$ctid/etc/fstab /var/lib/vz/private/$ctid/etc/fstab.old
grep devpts /var/lib/vz/private/$ctid/etc/fstab.old > /var/lib/vz/private/$ctid/etc/fstab

echo -n "Do you want to start CTID: $ctid now? (y/n): "
read ok

if [ "$ok" = "n" ]; then
  echo
  echo "Process Complete"
  exit 1
else
  vzctl start $ctid
  echo "You can now enter container and disable un-needed services"
fi

And the .exclude file place in /root/.excludes:

.bash_history
/boot
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*
/etc/sysconfig/network-scripts/ifcfg-eth*

Running the script is pretty straight forward. First it asks for the host name to migrate and next it asks for the container to put it in. This should be an already created container, and it should not be running. Next the script uses rsync to grab the data from the physical box. It ignores files listed in the .exclude file. The script then goes and does some basic cleanups to enable the container to boot and to remove parts that OpenVZ does not use. Lastly the script asks if you want to start the container.

Once you get the container running there are few manual cleanups left to do. The biggest is to disable udev, which is very distribution specific. In CentOS 5 you edit the /etc/rc.sysinit file and comment out the line that looks like this: /sbin/start_udev

Lastly you need to turn off un-needed services in CentOS 5. These are things like acpid, kudzu, lm-sensors, microcode_ctl and netpluged.

In Closing

Hopefully I have provided enough information for you to successfully migrate a physical box to a virtual one. If you have questions please leave them in the comment section and I will do my best to help you out.