Instalasi Openvpn on Ubuntu and Debian

ubuntu adalah keluarga dari distro debian maka saya gabung saja untuk instalasinya. kita cari cara yang paling mudah saja berlanjut anti ke  advance.

Kebutuhan system:

Vps/Dedicated server dengan dev tun/tap sudah enable, iptables ready, internet access ready and root access.

kita cek dev tun  nya

$ ls -al /dev/net/tun

crw-rw—- 1 root root 10, 200 2010-02-28 01:54 /dev/net/tun

selanjutnya install paket yang di perlukan karena di debian dan ubuntu ada apt-get maka cara paling mudah menggunakan apt-get

$ apt-get install gcc pam-devel openssl-devel make openvpn liblzo2-dev

untuk keluarga redhat seperti centos,rhell,fedora bisa gunakan

$ yum install gcc pam-devel openssl-devel make openvpn liblzo2-dev

di sini kita memakai cara paling gampang saja. ikuti panduan di atas dan ketik Y untuk instalasinya. setelah selesai maka kita bisa mendapati openvpn sudah masuk system. bisa di cek di /usr/sbin/

langkah selanjutnya adalah

membuat configurasi dan generate certificate.

$ cd /etc/openvpn/

# kita cari dimana easy-rsa berada dan lalu kita pake versi 2.0

$ find / -name "easy-rsa"
/usr/share/doc/openvpn/examples/easy-rsa

$ cp –r /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn/

$ cd /etc/openvpn/easy-rsa/2.0

$ source ./vars

$ ./vars
$ ./clean-all
$ ./build-ca

Generating a 1024 bit RSA private key
…..++++++
………………………………………………………………………………………………++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [WJ]:
Locality Name (eg, city) [BANDUNG]:
Organization Name (eg, company) [ardantus.NET]:
Organizational Unit Name (eg, section) []:VPN
Common Name (eg, your name or your server’s hostname) []:ardantus.com
Email Address [ardantus@vpnindo.com]:

$ ./build-key-server server

Generating a 1024 bit RSA private key
……….++++++
……….++++++
writing new private key to ‘server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [ID]:
State or Province Name (full name) [WJ]:
Locality Name (eg, city) [BANDUNG]:
Organization Name (eg, company) [ardantus.NET]:
Organizational Unit Name (eg, section) []:VPN
Common Name (eg, your name or your server’s hostname) []:ardantus.com
Email Address [ardantus@vpnindo.com]:

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:piyungan83
An optional company name []:ardantus.NET
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           : PRINTABLE:’ID’
stateOrProvinceName   : PRINTABLE:’WJ’
localityName          : PRINTABLE:’BANDUNG’
organizationName      : PRINTABLE:’ardantus.NET’
organizationalUnitName: PRINTABLE:’VPN’
commonName            : PRINTABLE:’ardantus.com’
emailAddress          :IA5STRING:’ardantus@vpnindo.com’
Certificate is to be certified until Apr 12 01:36:33 2020 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

$ ./build-dh

Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time

……………………+…………………………………..+.

……………………+…………………………………..+.

$ cp /etc/openvpn/easy-rsa/2.0/keys /etc/openvpn/keys –R

# salin ke directory /etc/openvpn/keys

Selanjutnya kita buat .conf nya

buat file server.conf

isi dengan “dev tun” tanpa tanda petik

selanjutnya buat conf lain nya seperti contoh berikut:

—————————

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
plugin /usr/lib/openvpn/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.1.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 4.2.2.1"
push "dhcp-option DNS 4.2.2.2"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

————————-

dimanakah menemukan openvpn-auth-pam.so ? itu bisa di cari dengan perintah

$ find / – name “openvpn-auth-pam.so”

dan akan ketemu

/usr/lib/openvpn/openvpn-auth-pam.so

untuk centos ada di /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so

Setelah semua sudah di save. sekarang kita coba jalankan

$ /etc/init.d/openvpn start

* Starting virtual private network daemon.                                      * 1194 (OK)
* server (OK)
                                                                        [ OK ]

$ ifconfig

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.1.0.1  P-t-P:10.1.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

sudah jalan :

untuk centos

$ /etc
/init.d/openvpn start

/etc/init.d/openvpn restart
Starting openvpn:                                          [  OK  ]

selanjutnya bisa di cek dengan ifconfig

sampai disini openvpn sudah berhasil terinstal, tetapi belum bisa di gunakan, di client. selanjutnya adalah menyalin file keys dan menseting iptables.

$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ /sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT –to 117.103.58.45
$ /sbin/iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o venet0 -j SNAT –to 117.103.58.45

117.103.58.45 adalah ip vpn saya, bisa di kondisikan dengan ip vpn anda sendiri. itu adalah real ip yang kita gunakan sebagai host tujuan ssh kita.

bisa di masukin script tersebut di /etc/rc.local

kemudian tinggal di jalankan dengan

$ sh /etc/rc.local

untuk centos tidak beda jauh dan bisa juga di masukan ke file /etc/rc.local

contoh di centos sebagai berikut

/sbin/iptables -F
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT –to 173.236.63.177
/sbin/iptables -t nat -A POSTROUTING -s 10.9.0.0/24 -o venet0 -j SNAT –to 173.236.63.177
/sbin/iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j SNAT –to 173.236.63.177
/sbin/iptables-save

 

ketik di /etc/rc.local simpan kemudian jalankan

$ sh /etc/rc.local

atau bisa di ketik langsung, hanya saja jika suatu waktu nanti vps di restart maka tidak usakh ketik ulang sehingga praktis di masukan ke rc.local

# lankah selanjutnya membuat user yang bisa login di vpn

$ useradd –m -s /bin/false ardan

$ passwd ardan
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

# bisa di kondisikan dengan vpn anda. untuk centos caranya add user sama, kita set nologin supaya user tidak punya akses login ssh ke server vpn.

# lankah selanjutnya salin file ca.crt yang ada di directory /etc/openvpn/keys/

memakai winscp

selanjutnya kita buat file semisal client194.ovpn

client openvpn dan kita taruh di

c:\program files\openvpn\config\

isinya sebagai berikut

—————————————-

client
dev tun
proto udp
remote 173.236.63.177 1194
resolv-retry infinite
route-method exe
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

————————————————

selanjutnya bisa di jalankan openvpn client nya

login dan jika sudah hijau dan complete maka vpn sudah bisa di gunakan bisa di cek di www.whatismyip.com apakah ip ita sudah berubah.

pastikan lihat status untuk mengetahui statusnya benar2 sudah komplit, dikarenakan openvpn sudah hijau tetapi gagal, di os win7,winvista. hal tersebut dikarenakanasalah permision, bisa di jalankan as administrator untuk mengatasinya.

untuk openvpn client bisa memakai openvpn yang sudah siap pakai

downlaod di:

http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe

Referensi:

http://www.google.com/

http://openvpn.net/index.php/open-source/documentation.html

http://www.kaskus.us

Thanks to:

God “ALLAH”

friends:

rhega for vps and dedicated server

Sky/williamsfor donate server

erwin: sales promotion vpn

semua teman2. yang telah membantu penyelesaian instalasi opevpn sehingga saya bisa instalasi vpn, menjual accountnya dan menulis pengalaman nya untuk sharing di blog ini.

Membuat Template Openvz Ubuntu 10.04

Pada catatan saya terdahulu saya pernah menulis tentang instalasi virtualisasi menggunakan openvz, saat itu saya memakai Hostnode dengan system operasi Fedora 7 dan alhamdulilah sampe saat ini masih normal bekerja meski beberapa kali perbaikan kernel. untuk yang kesekian kalinya saya coba aplikasikan virtualisasi ini di system lain seperti yang sudah  berproduksi sekarang Centos5.4, Ubuntu 8.04 LTS, Debian 4. Untuk Kali ini saya coba menuliskan pengalaman saya mengenai apembuatan Template Openvz untuk OS Ubuntu 10.04 yang baelum lama ini release.

System Hostnode:

Ubuntu 8.04 LTS dengan Openvz yang sudah terinstall dan sudah berjalan dengan baik, hardisk untuk hostnode ini saya memakai 40gb untuk system dan 500gb untuk datanya. Ram terinstall 4gb lancard single 1Gbps. Koneksi memakai speedy 3mbps system bridge dan pppoe ada di mesin terpisah.

tanya kenapa dibuat, ini vps dimaksudkan untuk user didalam system saja bukan untuk produksi sebenernya dan testing2 beberapa aplikasi serta digunakan untuk percobaan.

================================================

Disini saya memakai contoh VEID 107 sehingga directorynya:

/vz/private/107

Untuk Membuat templates ini kita butuhkan debootstrap

$ apt-get  install debootstrap

Setelah selelsai kita bisa membuat sebuah directory untuk menempatkan file dari debootstrap

$ sudo mkdir -p /vz/private/107

lalu kita akan buat templatenya disini saya memakai minimal base. dan arch i386 bisa anda buat x86 atau 64 itu kebebasan. dan caranya sama

$ debootstrap –variant=minbase –arch i386 lucid /vz/private/107 http://archive.ubuntu.com/ubuntu/

"Saya memakai minimal base untuk mesin i386 lucid lynx atau cukup disingkat lucid saja yang di  tempatkan pada directory kerja di 107 sebagai veid nya”

Dikarenakan Saat saya membuat template ini saya memakai ubuntu 8.04 maka akan tampak error bahwa script debootstrap tidak di temukan yaitu “lucid”

Pesan error yang akan muncul:

E: No such script: /usr/share/debootstrap/scripts/lucid

langsung saja  kita buat links scriptnya caranya:

$ cd /usr/share/debootstrap/scripts/

$ ln –s gutsy lucid

Kenapa memakai gutsy karena keluarga debian terbaru saat ini memakay itu, dan kenapa hanya di linkkan. cara paling simple di jawab adalah perbandingan debootstrap di ubuntu10.04 sendiri bahwa lucid ngelink ke gutsy. bisa di cek di directory diatas.

root@vps:~# ls -l /usr/share/debootstrap/scripts/
total 128
-rw-r–r– 1 root root 5568 2008-01-15 19:48 breezy
-rw-r–r– 1 root root 5604 2008-01-15 19:48 dapper
-rw-r–r– 1 root root 6269 2008-01-15 19:48 edgy
lrwxrwxrwx 1 root root    3 2010-05-04 21:24 etch -> sid
lrwxrwxrwx 1 root root    3 2010-05-04 21:24 etch-m68k -> sid
-rw-r–r– 1 root root 6389 2008-01-15 19:48 feisty
-rw-r–r– 1 root root 5839 2008-01-15 19:48 gutsy
lrwxrwxrwx 1 root root    5 2010-05-04 21:24 hardy -> gutsy
-rw-r–r– 1 root root 7948 2008-01-15 19:48 hoary
-rw-r–r– 1 root root 5845 2008-01-15 19:48 hoary.buildd
lrwxrwxrwx 1 root root    3 2010-05-04 21:24 lenny -> sid
lrwxrwxrwx 1 root root    5 2010-05-06 02:54 lucid -> gutsy
-rw-r–r– 1 root root 3424 2008-01-15 19:48 potato
-rw-r–r– 1 root root 8405 2008-01-15 19:48 sarge
-rw-r–r– 1 root root 5690 2008-01-15 19:48 sarge.buildd
-rw-r–r– 1 root root 5920 2008-01-15 19:48 sarge.fakechroot
-rw-r–r– 1 root root 5825 2008-01-15 19:48 sid
-rw-r–r– 1 root root 7461 2008-01-15 19:48 warty
-rw-r–r– 1 root root 5727 2008-01-15 19:48 warty.buildd
-rw-r–r– 1 root root 7740 2008-01-15 19:48 woody
-rw-r–r– 1 root root 5727 2008-01-15 19:48 woody.buildd
root@vps:~#

Kita coba lagi

$ debootstrap –variant=minbase –arch i386 lucid /vz/private/107 http://archive.ubuntu.com/ubuntu/

dan akan muncul:

I: Retrieving Release
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages…
I: Resolving dependencies of base packages…
I: Checking component main on http://archive.ubuntu.com/ubuntu…

******many line—

I: Configuring initramfs-tools…
I: Unpacking the base system…
I: Unpacking apt…
I: Configuring the base system…
I: Configuring apt…
I: Configuring libc-bin…
I: Base system installed successfully.

———saya potong karena terlalu panjang——

setelah selesai saatnya edit openvz template

$ nano /vz/private/107/etc/init/openvz.conf

masukkan baris berikut:

——————————————

# OpenVZ – Fix init sequence to have OpenVZ working with upstart
description "Fix OpenVZ"
start on startup
task
pre-start script
mount -t devpts devpts /dev/pts
mount -t tmpfs varrun /var/run
mount -t tmpfs varlock /var/lock
mkdir -p /var/run/network
if [ ! -e /etc/mtab ]; then
cat /proc/mounts > /etc/mtab
fi
touch /var/run/utmp
chmod 664 /var/run/utmp
chown root.utmp /var/run/utmp
if [ "$(find /etc/network/ -name upstart -type f)" ]; then
chmod -x /etc/network/*/upstart || true
fi
end script
script
start networking
initctl emit filesystem –no-wait
initctl emit local-filesystems –no-wait
initctl emit virtual-filesystems –no-wait
init 2
end script

 

—————————————

lalu edit yang ini:

$ nano /vz/private/107/etc/init/rc.conf

beri tanda pagar, seperti contoh berikut

———————–

#console output
#env INIT_VERBOSE

 

————————

lalu kita hapus script conf yang tidak kita perlukan

$ cd /vz/private/107/etc/init/

$ rm -f console* control* hwclock* module* mount* network-interface* plymouth* procps* tty* udev* upstart*

konfigurasikan openvz template:

$ vzctl set 107 –applyconfig vps.basic –save

$ sudo sh -c ‘echo "OSTEMPLATE=ubuntu-10.04-i386-minimal" >> /etc/vz/conf/107.conf’

#Setting ip address pada container atau template yang akan di buat

$ vzctl set 107 –ipadd 192.168.0.107 –nameserver 192.168.0.1 –save

Selanjutnya kita test hasilnya 🙂

$ vzctl start 107

Starting VE …
Initializing quota …
vzquota : (error) Quota on syscall for 107: Device or resource busy
vzquota on failed [3]

 

# O o kok ada yang error, Coba cari2 letak kesalahan di atas adalah ada pada vzquota, kita cari vzquota letaknya dimana?

$ find / –name “vzquota”

/usr/sbin/vzquota
/usr/share/doc/vzquota
/var/lib/vzquota
/proc/vz/vzquota

 

————————

Sudah dapat vzquotanya. selanjutnya kita cari dimana setingan vzquota untuk VEID 107 nya.

$ ls -l /var/lib/vzquota

-rw——- 1 root root 139 2010-05-06 01:11 quota.100
-rw——- 1 root root 139 2010-05-06 01:11 quota.101
-rw——- 1 root root 139 2010-05-06 01:11 quota.102
-rw——- 1 root root 139 2010-05-06 01:11 quota.103
-rw
——- 1 root root 139 2010-05-06 01:11 quota.104
-rw——- 1 root root 139 2010-05-06 01:12 quota.105
-rw——- 1 root root 139 2010-05-06 01:12 quota.106
-rw——- 1 root root 139 2010-05-06 03:22 quota.107
-rw——- 1 root root 139 2010-05-06 02:47 quota.108

 

nampak di atas quota.107 kita remove saja langsung.

$ rm -rf quota.107

# coba kita check lagi

$ vzquota off 107

vzquota : (error) Can’t open quota file for id 107, maybe you need to reinitialize quota: No such file or directory

# oke selanjutnya kita akan test lagi jalanin

$ vzctl start 107

Starting VE …
Initializing quota …
VE is mounted
Adding IP address(es): 192.168.0.107
Setting CPU units: 1000
Configure meminfo: 65536
Set hostname: ubuntu10.04
File resolv.conf was modified
VE start in progress…

————————–

Sampe disini kita sudah bisa tersenyum, karena template yang kita buat sudah jadi tinggal saatnya masukin beberapa aplikasi dan memperbaiki beberapa script  serta configurasi ulang untuk nantinya akan kita compres menjadi template yang siap digunakan.

$ vzctl enter 107

$ apt-get install –force-yes -y gpgv

Reading package lists… 0%

Reading package lists… 0%

Reading package lists… 1%

Reading package lists… 74%

Reading package lists… 99%

Reading package lists… 99%

Reading package lists… Done

Building dependency tree… 0%

Building dependency tree… 0%

Building dependency tree… 50%

Building dependency tree… 50%

Building dependency tree… 99%

Building dependency tree… Done

The following extra packages will be installed:
  libbz2-1.0 libreadline6 readline-common
Suggested packages:
  gnupg
The following NEW packages will be installed:
  gpgv libbz2-1.0 libreadline6 readline-common
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 448kB of archives.
After this operation, 1044kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  libbz2-1.0 readline-common libreadline6 gpgv

0% [Working]
0% [Connecting to archive.ubuntu.com]
0% [Waiting for headers]
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libbz2-1.0 1.0.5-4 [45.3kB]

0% [1 libbz2-1.0 2493B/45.3kB 5%]
2% [1 libbz2-1.0 9493B/45.3kB 20%]
9% [1 libbz2-1.0 41.7kB/45.3kB 91%]
10% [Waiting for headers]
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main readline-common 6.1-1 [54.0kB]

10% [2 readline-common 1094B/54.0kB 2%]
15% [2 readline-common 23.5kB/54.0kB 43%]
22% [Working]
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libreadline6 6.1-1 [143kB]

22% [3 libreadline6 0B/143kB 0%]
23% [3 libreadline6 6692B/143kB 4%]
28% [3 libreadline6 27.7kB/143kB 19%]
34% [3 libreadline6 55.7kB/143kB 38%]
40% [3 libreadline6 83.7kB/143kB 58%]
48% [3 libreadline6 117kB/143kB 82%]                                                                              35.9kB/s 6s
54% [Working]                                                                                                     35.9kB/s 5s
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gpgv 1.4.10-2ubuntu1 [206kB]

54% [4 gpgv 0B/206kB 0%]                                                                                          35.9kB/s 5s
63% [4 gpgv 41.7kB/206kB 20%]                                                                                     35.9kB/s 4s
68% [4 gpgv 64.1kB/206kB 31%]                                                                                     35.9kB/s 3s
78% [4 gpgv 110kB/206kB 53%]                                                                                      35.9kB/s 2s
86% [4 gpgv 145kB/206kB 70%]                                                                                      35.9kB/s 1s
96% [4 gpgv 190kB/206kB 92%]                                                                                      35.9kB/s 0s
100% [Working]                                      &#16
0;                                                             35.9kB/s 0s
Fetched 448kB in 9s (47.2kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously deselected package libbz2-1.0.
(Reading database …
(Reading database … 5%
(Reading database … 10%
(Reading database … 15%
(Reading database … 20%
(Reading database … 25%
(Reading database … 30%
(Reading database … 35%
(Reading database … 40%
(Reading database … 45%
(Reading database … 50%
(Reading database … 55%
(Reading database … 60%
(Reading database … 65%
(Reading database … 70%
(Reading database … 75%
(Reading database … 80%
(Reading database … 85%
(Reading database … 90%
(Reading database … 95%
(Reading database … 100%
(Reading database … 6930 files and directories currently installed.)
Unpacking libbz2-1.0 (from …/libbz2-1.0_1.0.5-4_i386.deb) …
Selecting previously deselected package readline-common.
Unpacking readline-common (from …/readline-common_6.1-1_all.deb) …
Selecting previously deselected package libreadline6.
Unpacking libreadline6 (from …/libreadline6_6.1-1_i386.deb) …
Selecting previously deselected package gpgv.
Unpacking gpgv (from …/gpgv_1.4.10-2ubuntu1_i386.deb) …
Setting up libbz2-1.0 (1.0.5-4) …

Setting up readline-common (6.1-1) …

Setting up libreadline6 (6.1-1) …

Setting up gpgv (1.4.10-2ubuntu1) …
Processing triggers for libc-bin …
ldconfig deferred processing now taking place

Reading package lists… 0%

Reading package lists… 0%

Reading package lists… 1%

Reading package lists… 74%

Reading package lists… 99%

Reading package lists… 99%

Reading package lists… Done

Building dependency tree… 0%

Building dependency tree… 0%

Building dependency tree… 50%

Building dependency tree… 50%

Building dependency tree… 99%

Building dependency tree… Done

The following extra packages will be installed:
  libbz2-1.0 libreadline6 readline-common
Suggested packages:
  gnupg
The following NEW packages will be installed:
  gpgv libbz2-1.0 libreadline6 readline-common
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 448kB of archives.
After this operation, 1044kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  libbz2-1.0 readline-common libreadline6 gpgv

0% [Working]
0% [Connecting to archive.ubuntu.com]
0% [Waiting for headers]
Get:1 http://archive.ubuntu.com/ubuntu/ lucid/main libbz2-1.0 1.0.5-4 [45.3kB]

0% [1 libbz2-1.0 2493B/45.3kB 5%]
2% [1 libbz2-1.0 9493B/45.3kB 20%]
9% [1 libbz2-1.0 41.7kB/45.3kB 91%]
10% [Waiting for headers]
Get:2 http://archive.ubuntu.com/ubuntu/ lucid/main readline-common 6.1-1 [54.0kB]

10% [2 readline-common 1094B/54.0kB 2%]
15% [2 readline-common 23.5kB/54.0kB 43%]
22% [Working]
Get:3 http://archive.ubuntu.com/ubuntu/ lucid/main libreadline6 6.1-1 [143kB]

22% [3 libreadline6 0B/143kB 0%]
23% [3 libreadline6 6692B/143kB 4%]
28% [3 libreadline6 27.7kB/143kB 19%]
34% [3 libreadline6 55.7kB/143kB 38%]
40% [3 libreadline6 83.7kB/143kB 58%]
48% [3 libreadline6 117kB/143kB 82%]                                                                              35.9kB/s 6s
54% [Working]                                                                                                     35.9kB/s 5s
Get:4 http://archive.ubuntu.com/ubuntu/ lucid/main gpgv 1.4.10-2ubuntu1 [206kB]

54% [4 gpgv 0B/206kB 0%]                                                                                          35.9kB/s 5s
63% [4 gpgv 41.7kB/206kB 20%]                                                                                     35.9kB/s 4s
68% [4 gpgv 64.1kB/206kB 31%]                                                                                     35.9kB/s 3s
78% [4 gpgv 110kB/206kB 53%]                                                                                      35.9kB/s 2s
86% [4 gpgv 145kB/206kB 70%]                                                                                      35.9kB/s 1s
96% [4
gpgv 190kB/206kB 92%]                                                                                      35.9kB/s 0s
100% [Working]                                                                                                    35.9kB/s 0s
Fetched 448kB in 9s (47.2kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously deselected package libbz2-1.0.
(Reading database …
(Reading database … 5%
(Reading database … 10%
(Reading database … 15%
(Reading database … 20%
(Reading database … 25%
(Reading database … 30%
(Reading database … 35%
(Reading database … 40%
(Reading database … 45%
(Reading database … 50%
(Reading database … 55%
(Reading database … 60%
(Reading database … 65%
(Reading database … 70%
(Reading database … 75%
(Reading database … 80%
(Reading database … 85%
(Reading database … 90%
(Reading database … 95%
(Reading database … 100%
(Reading database … 6930 files and directories currently installed.)
Unpacking libbz2-1.0 (from …/libbz2-1.0_1.0.5-4_i386.deb) …
Selecting previously deselected package readline-common.
Unpacking readline-common (from …/readline-common_6.1-1_all.deb) …
Selecting previously deselected package libreadline6.
Unpacking libreadline6 (from …/libreadline6_6.1-1_i386.deb) …
Selecting previously deselected package gpgv.
Unpacking gpgv (from …/gpgv_1.4.10-2ubuntu1_i386.deb) …
Setting up libbz2-1.0 (1.0.5-4) …

Setting up readline-common (6.1-1) …

Setting up libreadline6 (6.1-1) …

Setting up gpgv (1.4.10-2ubuntu1) …
Processing triggers for libc-bin …
ldconfig deferred processing now taking place

$ cat /etc/issue

Ubuntu 10.04 LTS \n \l

$ apt-get update

0% [Working]
0% [Waiting for headers]
Get:1 http://archive.ubuntu.com lucid Release.gpg [189B]

99% [Working]
Hit http://archive.ubuntu.com lucid Release

99% [Working]
99% [Release gpgv 57.2kB]
99% [Working]
Ign http://archive.ubuntu.com lucid/main Packages

99% [Working]
Hit http://archive.ubuntu.com lucid/main Packages

100% [Working]
Fetched 189B in 1s (115B/s)

Reading package lists… 0%

Reading package lists… 0%

Reading package lists… Done

 

$ apt-get install -y adduser apt-utils console-setup iproute netbase nano openssh-blacklist openssh-blacklist-e
xtra openssh-server quota ping sudo vim

#hasilnya tidak di tampilkan aterlalu panjang.

untuk nanti pilihan keyboard disini saya pilih. sebagai berikut

86. United Kingdom

Origin of the keyboard: 86

6. United Kingdom – International (with dead keys)

Keyboard layout: 6

15. ISO-8859-16

Encoding to use on the console: 15

19. . Combined – Latin; Slavic and non-Slavic Cyrillic

Character set to support: 19

kemudian kita buat agar upstart dan mountall dalam posisi hold supaya tidak akan di upgrade saat memakai apt-get upgrade

$ echo "mountall hold"|dpkg –set-selections
$ echo "upstart hold"|dpkg –set-selections

Mengunci login root:

$ chmod 700 /root
$ usermod -p ‘!’ root

Memperbaiki SSH

$ sed -i -e ‘s_oom never_#oom never_g’ /etc/init/ssh.conf

# edit apt-get source list di  /etc/apt/sources.list dan tambahkan baris berikut

deb http://us.archive.ubuntu.com/ubuntu/ lucid main universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security main universe multiverse

# tambahkan alias di /root/.bashrc

alias ll="ls -l"
alias la="ls -A"
alias nano="nano -w"
alias cp="cp -i"
alias mv="mv -i"
alias rm="rm -i"

 

# Set locale bahasa

$ apt-get update
$ apt-get -y install language-pack-en
$ locale-gen en_US.UTF-8
$ /usr/sbin/update-locale LANG="en_US.UTF-8" LANGUAGE="en_US.UTF-8" LC_ALL="en_US.UTF-8" LC_CTYPE="C"

# lalu edit /etc/environment

LANG="en_US.UTF-8"
LANGUAGE="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LC_CTYPE="C"

 

# Semua sudah selesai saatnya bersih2 untuk finishing, ini masih di jalankan di container bukan di hostnode.

$ apt-get clean
$ apt-get autoremove

#Generate a unique set of ssh (host) keys.

$ rm -f /etc/ssh/ssh_host_*

$ cat << EOF > /etc/rc2.d/S15ssh_gen_host_keys
> ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ”
> ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ”
> rm -f \$0
> EOF

$ chmod a+x /etc/rc2.d/S15ssh_gen_host_keys

$ update-rc.d -f ondemand remove

Removing any system startup links for /etc/init.d/ondemand …
  /etc/rc2.d/S99ondemand
  /etc/rc3.d/S99ondemand
  /etc/rc4.d/S99ondemand
  /etc/rc5.d/S99ondemand

#hapus logs files

$ etc/resolv.conf \
echo localhost > /etc/hostname \
> /var/log/messages; > /var/log/auth.log; > /var/log/kern.log; > /var/log/bootstrap.log; \
> /var/log/dpkg.log; > /var/log/syslog; > /var/log/daemon.log; > /var/log/apt/term.log; rm -f /var/log/*.0 /var/log/*.1

$ ls -l /var/log/

total 132
drwxr-xr-x 2 root root   4096 May  6 00:21 mapt
-rw-r–r– 1 root root      0 May  6 00:51 auth.log
-rw-r—– 1 root adm      31 May  5 20:12 boot
-rw-r–r– 1 root root      0 May  6 00:51 bootstrap.log
-rw-rw-r– 1 root utmp      0 May  5 20:11 btmp
-rw-r–r– 1 root root      0 May  6 00:51 daemon.log
-rw-r—– 1 root adm      31 May  5 20:12 dmesg
-rw-r–r– 1 root root 101463 May  6 00:42 dpkg.log
-rw-r–r– 1 root root   2448 May  6 00:26 faillog
drwxr-xr-x 2 root root   4096 May  5 20:12 mfsck
-rw-r–r– 1 root root      0 May  6 00:51 kern.log
-rw-rw-r– 1 root utmp  29784 May  6 00:26 lastlog
-rw-r–r– 1 root root      0 May  6 00:51 syslog
-rw-rw-r– 1 root utmp    768 May  6 00:05 wtmp

bersihkan jejak

$ history –c

#keluar

$ exit

logout
exited from VE 107

kita sudah kembali l
agi ke HOSTNODE dan template yang sudah kita buat sudah jadi. saatnya menjadikan file tar.tgz

Dari Hostnode del ip dan name server kemudian stop VEID 107

$ vzctl set 107 –ipdel all –nameserver ‘ ‘ –save

Deleting IP address(es): 192.168.0.107
Adding IP address(es):
Saved parameters for VE 107

$ vzctl stop 107

Stopping VE …
VE was stopped
VE is unmounted

 

membuat file tar.gz tetapi kulihat di contoh nya kok gagal yach

$ tar –numeric-owner -vzcf /vz/template/cache/ubuntu-10.04-i386-minimal.tar.gz

tar: Cowardly refusing to create an empty archive
Try `tar –help’ or `tar –usage’ for more information.

 

# tah kenapa tuh ada yang bisa menjelaskan

akhirnya aku pake

$ tar  -vzcf /vz/template/cache/ubuntu-10.04-i386-minimal.tar.gz *

bin/
bin/mkdir
bin/uncompress
bin/zfgrep
bin/zegrep
bin/bash
bin/znew
bin/rm
bin/dash
bin/dumpkeys

 

*************** dipotong terlalu panjang

$ ls –l

-rw-r–r– 1 root root  89095064 2010-05-06 08:30 ubuntu-10.04-i386-minimal.tar.gz

akhirnya jadi juga, selanjutnya bisa di coba di test ulang install. hasilnya bisa di download di

http://rapidshare.com/files/384033365/ubuntu-10.04-i386-minimal.tar.gz

karena saya tidak mempunyai space webhosting yang besar jadi saya upload disana saja. mungkin ada yang mau coba pakai silahkan.

Referensi:

http://www.Google.com

https://help.ubuntu.com/community/OpenVZ
http://wiki.openvz.org/Ubuntu_template#How_do_I_create_a_container_that_uses_this_template.3F
http://wiki.openvz.org/Ubuntu_Gutsy_template_creation
http://wiki.openvz.org/Debian_template_creation

http://blog.bodhizazen.net/linux/ubuntu-10-04-openvz-templates/
http://download.openvz.org/template/precreated/contrib/

Thanks also for :

My Only One GOD “ALLAH”

Dowdle in Freenode at #openvz also #ubuntu team

everyone in MILDNet #ardan

* catatan ini sebagai pengingat saya semoga diwaktu mendatang jika saya lupa akan bisa untuk mengingatkan kembali, jika pembaca lain ingin mengaplikasikan sendiri silahkan. saya sebatas manusia biasa yang tidak luput dari salah. jika ada  tulisan saya yang salah mohon masukannya. thanks