OpenVZ instalaltion on AMD64 Debian4 with RAID1 and Plesk in VPS

The server is AMD64 Bit, 1 CPU with 2 cores, 1 GB RAM, RAID1 software RAID (2x160 GB) with Debian4 in 1und1 (largest German webhosting provider) data center. Please OpenVZ experts only! 1. General conditions: * Please make small notes of the basic steps, where apropriate (where I need to know what you did) and enable loging of your ssh client. At the end of the session, I'd like to have the ssh logfile and these notes (and the logfiles of the system, pls. don't delete them) as documentation. * should you think that one of my steps below or other whishes or remarks mentioned is problematic (e.g. from a maintainability or security aspect) or is too dificult to implement or you have a better idea (e.g. use of better software), please dont hesitate to say so (*you* are the experts after all!), best of course in advance. * you can ask questions all the time, may be I can help. * in case you see any problems in reaching the goals below in time (=with 24 hors), e.g. because you need to do further research or testing or because more urgent events need your time, that is OK, but pleeease let me know when it happens *latest*, so that I can inform my customers. * Please give me status reports every 12 hours minimum, consisting of a mail where you mention where you are in the plan, what problems you face at the moment and what you plan to achieve within 12 month * allow ssh login for me (readonly) every 24 hours minimum, so that I can look at the status of your work. * payment via paypal 1st server (hardware node): 2. Log into the server (root pw and ip address will be given), The work will first mean to correct the paritioning of the RAID1 hard disks, as the current partitioning contains some 90% of the space to /home, what is certainly not the optimum for OpenVZ. Mainly, a virtuozzo server needs a lot of space for vz, and it is recomended to have an own partition for /vz/private (but that may not be that important for XFS). You may also want to look for the other partitions, if they are ok (/ seems way too small for me). As the partitioning is undone every time when the server is reinitialised, I need also a documentation how to redo the partitioning myself in case it is needed to reformat the server later. 3. Check the setup of the server as done by 1und1 if it is OK. Where you see room for imptovement, especialy in security, please do so, but: - the server has been preconfigured with 1und for their network (dhcp, time server, ftp etc). Especialy their routing has ben charachterised as "special". You should not touch their routing etc, except when you know very good what you are doing. - compatibility with openvz is more important and a must (so no installation of grsecurity, no SELinux <- SELinux probably has to be disabled). - the implemented security must be so hat it doesn't hinder me or that I can change it myself. Example is firehol firewall: such a firewall is easy to understand and configure when one needs to make changes. 3a. While you work on the changes, you need tp backup the server to ftp space regularly, especialy after you have hardened it, before the next steps of installing openvz (and especialy before installing the Webpanels, especialy HyperVM, which may turn out to be insecure and or instable) to the provided internal FTP server (do not backup the server to your own FTP space/system). That way, when something goes wrong, you always have a valid point from which you can recover, without doing all the work again and again (I can tell from very bad experiences myself). The 1und1 internal FTP has 160 GB storage (same as server hdd), of which some 100 GB are still free (and I could probably free up some more 20-30 GB, if you want me to. Don't delete the old FTP files (=those that have been saved by me) on your own, pls. When you make backups on the FTP server, use self speaking names for the directory names and make little [login to view URL] notes in that directory to explain what it contains (at least for that storage you keep at the end of the day). 4. prepare server for OpenVZ (what ever may otherwise be needed). 5. Install OpenVZ for Linux 64bit (see also 6!), this is probably the most important and dificult part of the work. The installation of OpenVZ means especialy to select or compile the correct OpenVZ kernel for AMD64 with Raid1. I already experienced one well reputed provider who failed to provide this. So you should have a good experience and know how with OpenVZ, AMD64, RAID1 and Debian4, best with this combination. 6. If you have experience with OpenVZ and HyperVM, install HyperVM for OpenVZ,m but only if you know you can get it to run. Both myself and the previous sevrer provider were not able to install HyperVM on the server. (Also, if you know a better alternative that is in the low budget are of <= 10 us$/monh or <= 100 us$ once, you can also install that instead). Please note that the installer for HyperVM seems also installs OpenVZ kernel. So if this works, you could in this case have this step instead of step5 (but the kernel chosen was unbootable for me, when I tried it). (As this step seems to be error prone, when you decide to do it, make sure you made a backup before). 7. Install Template from openvz website for Debian4 64bit (they may also come with HyperVM installer) 8. Make final adjustments in the system as needed. 9. Save the complete system as [login to view URL] or similar to the ftp drive (so that when the server is broken and I need to resort to the precreated installation image of 1und1, I can boot from recovery console and install your setup from FTP backup). ---------- 2nd server (VPS): 10. From the downloaded minimal Debian4 Template, create a VPS (If you have a better, precreated one, you can of course take that one). All my basic hosting will go here. 10a. Make sure that the settings of the VPS are appropriate for Plesk hosting. Here is the official documentation to install Plesk in openVZ: [login to view URL] (Plesk sample install output; [login to view URL] ) As you can see, the installation itself is just the normal one, the point that differs is the way how to setup the CPS to make sure it has enough ressources for plesk. However, as we do not need to save resources to an extreme, this should be OK. 11. Use the debian source list which I will sent you (especialy for php etc). 12. Make the necessary changes so that the VPS is secure and all other changes you find advisable for better management (similar to 3, but this time for the client VPS). 13. Before you are going to install plesk, make a copy of this VPS (see [login to view URL];goto=3134& as a sample for how to do this). This will also allow to have a fallback option: everytime, something goes wrong in the plesk installation, you can revert to this. Also, it is a good starting position for me, should I decide in future to dump plesk and replace it by seomthing else (or live again without it). So keep this first copy! 14. Now install Plesk 8.4. My understanding is, that in order to have php5 support (mandantory!) you need to first install aptitude install psa-php5-configurator (and that you can install this only before plesk 8.2.1, not later). When downloading plesk, my understanding is that you need to download and start it with this: wget [login to view URL] chmod +x ./psa_installer_v3.2.1_build070914.16_os_Debian_4.0_x86_64 ./psa_installer_v3.2.1_build070914.16_os_Debian_4.0_x86_64 As for the modules, I use a conservative/minimal approch as it is easy to instal modules later, but it is dificult to impossible to get rid of modules once installed. However. we will need the german language pack (and no other language except the english default). I especialy do *NOT* want the antivirus and firewall module sinstalled, as they only provide problems. AppVault I do not want because it makes the size of the vps too big. Coldfusion and TomCat I have not licenced. I found it more or less easy to install 8.2.1 but nearly impossible to update to 8.3 and from there to 8.4 without errors. So please make a backup of the VPS before upgrading to 8.3 and to 8.4. If upgrading to 8.3 or 8.4 doesn't work, I will be satisfied enough with 8.21 or 8.3. 15. If you find post plesk installation issues that you need to address, especialy security aspects, please handle them. 16. Now make again a (security) copy of the VPS. 17. Create a Debian template from the VPS (see [login to view URL] ad especialy [login to view URL] ) and install it in the repository. Test if it works. 18. Now make bakups to the FTP filespace of the new VPS (empty and with Plesk) and of the Plesk VPS.