Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

Hello

as long as this: 
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/learning-basics/vhs-vs-openvz.html


/OpenVZ <https://openvz.org/> is a free, open-source virtualization 
solution available under GNU GPL. OpenVZ is the base for Virtuozzo 
Hybrid Server, the commercial solution that builds on OpenVZ and offers 
additional benefits to customers./


is still true, if Virtuozzo Hybrid Server is based on the openSource 
OpenVZ, I don't see any fears regarding its future .


Anyway, it's  disturbing not to see someone from virtuozzo reply to this 
concern !?


I agree, I largely prefer openVZ/virtuozzo CTs rather than LXC/LCD , 
it-s a pity that virtuozzo doesn't profit from the mass of peaple 
migrating from VmWare , rather to proxmox ... which do had openVZ CTs in 
the past !



On 23/04/2024 02:36, tranxene50 wrote:


Hello!


I hope the openvz project is revived before it's too late.


From my point of view, next OpenVZ releases won't be "free" (ie. 
targeted to medium/large companies).


OpenVZ 7 is rock solid but I feel this is the last version I will be 
able to run "freely".


Switching to LXC/LXD will be a "hassle" but, without no choice left, I 
will bave to do it.


Maybe I am wrong (and I hope so).

Have a great night! :)

Le 12/04/2024 à 18:27, jjs - mainphrame a écrit :

I've been asking the same question.

As much as I like openvz (using it since 2010) my last openvz server 
is now running in a VM under proxmox.


In my experience openvz containers are more reliable than proxmox, 
but proxmox does have a very nice web interface.


I hope the openvz project is revived before it's too late.

J

On Fri, Apr 12, 2024 at 8:35 AM jehan Procaccia 
 wrote:


Hi

a year later ... I give a try to OVZ 9 from the latest ISO I
could find in  repo factory9 (right place ?) :


https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-667.iso


but, still in dates from september 2023 ...

*25-Sep-2023 20:02 **2.8G*  

hopefully we'll get at least a Beta available before RHEL7 gets
EOL, June 2024 .

the ISO install well,/prlctl /package is still not there by
default, I had to install it manually (!?)

is it still unclear why we get a /deprecated /message when using
/prlctl (vz7) /command

/WARNING: You are using a deprecated CLI component that won't be
installed by default in the next major release. Please use virsh
instead/

does /virsh /will replace /prlctl /in VZ9 ? I understand it for
VMs, but for CTs !?

but, still /prlctl/ package (/prlctl-9.0.2-1.vz9.x86_64)/ now
installs correctly (no more rpm pgp signature failure), but fails
to run :

/# prlctl list
/

/prlctl: symbol lookup error:*prlctl: undefined symbol:
PrlVmCfg_SetNetfilterMode*/


It would be very helpfull for acadmic as us to get a up2date ,
even Alpha release of OpenVZ9 , if you want the community to stay
with OpenVZ/Virtuozzo.

I know dozen of sysadmins around me that quit VMware to Proxmox
... We have a short opportunity to let them give it a try to
OpenVZ, but as 7 will EOM very soon and VZ9 is not testable,
that's not very handy .

Lets us know what is the roadmap regarding OVZ9 .

Thanks .

    jehan



On 13/02/2023 09:09, jehan Procaccia wrote:


good, let us know .

I did opened a bug report regarding this issue

https://bugs.openvz.org/browse/OVZ-7419

it was marked as resolved last week, but I still fail to install
prlctl (just did dnf clean all) , so I reoponed the issue.

maybe the fix is in that new iso ? or I should uninstall /
reinstall openvz-release-9.0.1-383.vz9.x86_64 package ? didn't
tried that because it also needs to remove 75 packages (qemu*
...) as dependances .

Jehan

PS: anyway, if prlctl finally get installed, is this the way to
go , the "deprecated" message is not reassuring .

On 13/02/2023 06:11, jjs - mainphrame wrote:

I see there's a new pre-release iso, downloading it now -


https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-412.iso


Jake

On Thu, Dec 8, 2022 at 4:16 PM jjs - mainphrame
 wrote:

I've been running openvz 7 for some years, and I
periodically check on the status of openvz 8 and 9.

While openvz 7 has been getting updates, it seems openvz 8
is fairly static, and openvz 9 seems not ready for use.

Is there an intent to continue support of openvz beyond
version 7?

Since openvz is a great advertisement for virtuozzo, it
would be a shame if it faded away.

Jake


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
h

Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

Hi

a year later ... I give a try to OVZ 9 from the latest ISO I could find 
in  repo factory9 (right place ?) :


https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-667.iso 



but, still in dates from september 2023 ...

*25-Sep-2023 20:02 **2.8G*  

hopefully we'll get at least a Beta available before RHEL7 gets EOL, 
June 2024 .


the ISO install well,/prlctl /package is still not there by default, I 
had to install it manually (!?)


is it still unclear why we get a /deprecated /message when using /prlctl 
(vz7) /command


/WARNING: You are using a deprecated CLI component that won't be 
installed by default in the next major release. Please use virsh instead/


does /virsh /will replace /prlctl /in VZ9 ? I understand it for VMs, but 
for CTs !?


but, still /prlctl/ package (/prlctl-9.0.2-1.vz9.x86_64)/ now installs 
correctly (no more rpm pgp signature failure), but fails to run :


/# prlctl list
/

/prlctl: symbol lookup error:*prlctl: undefined symbol: 
PrlVmCfg_SetNetfilterMode*/



It would be very helpfull for acadmic as us to get a up2date , even 
Alpha release of OpenVZ9 , if you want the community to stay with 
OpenVZ/Virtuozzo.


I know dozen of sysadmins around me that quit VMware to Proxmox ... We 
have a short opportunity to let them give it a try to OpenVZ, but as 7 
will EOM very soon and VZ9 is not testable, that's not very handy .


Lets us know what is the roadmap regarding OVZ9 .

Thanks .

jehan



On 13/02/2023 09:09, jehan Procaccia wrote:


good, let us know .

I did opened a bug report regarding this issue

https://bugs.openvz.org/browse/OVZ-7419

it was marked as resolved last week, but I still fail to install 
prlctl (just did dnf clean all) , so I reoponed the issue.


maybe the fix is in that new iso ? or I should uninstall / reinstall 
openvz-release-9.0.1-383.vz9.x86_64 package ? didn't tried that 
because it also needs to remove 75 packages (qemu* ...) as dependances .


Jehan

PS: anyway, if prlctl finally get installed, is this the way to go , 
the "deprecated" message is not reassuring .


On 13/02/2023 06:11, jjs - mainphrame wrote:

I see there's a new pre-release iso, downloading it now -

https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-412.iso 



Jake

On Thu, Dec 8, 2022 at 4:16 PM jjs - mainphrame  
wrote:


I've been running openvz 7 for some years, and I periodically
check on the status of openvz 8 and 9.

While openvz 7 has been getting updates, it seems openvz 8 is
fairly static, and openvz 9 seems not ready for use.

Is there an intent to continue support of openvz beyond version 7?

Since openvz is a great advertisement for virtuozzo, it would be
a shame if it faded away.

Jake


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] vcmmd broken after last update, CT/VM cannot start

[Jehan PROCACCIA]

Hi, 

I did an update tonight

[root@thebes ~]# yum update vcmmd
--> Running transaction check
---> Package vcmmd.noarch 0:8.0.88-1.vz7 will be updated
---> Package vcmmd.noarch 0:8.0.93-1.vz7 will be an update
--> Finished Dependency Resolution

[root@thebes ~]# prlctl start vpnf1
WARNING: You are using a deprecated CLI component that won't be installed by 
default in the next major release. Please use virsh instead
Starting the CT...
The CT has been successfully started.

it seems to have been corrected , cf changelog of that package [1] 

by the way , is this warning real, will prlctl deseapper in Virtuozzo 9 ? I 
understant how to use virsh for VMs, but is it sutable for CTs as well ? is 
there a Documentation about that ? 

regards .  

jehan

[root@thebes ~]# rpm -q --changelog vcmmd.noarch 

* Wed Jan 31 2024 VZ Auto Builder  8.0.93
- Track active_vm number in the base KSMPolicy class #OVZ-7488 (Andrey
Drobyshev )
 - Update targets.list (Andrey Drobyshev )
 - Fallback on failed asynchronous config setting #VSTOR-59718 (Andrey Drobyshev
)

* Wed Jan 31 2024 VZ Auto Builder  8.0.92
- Track active_vm number in the base KSMPolicy class #OVZ-7488 (Andrey
Drobyshev )
 - Update targets.list (Andrey Drobyshev )
 - Fallback on failed asynchronous config setting #VSTOR-59718 (Andrey Drobyshev
)

* Wed Jan 31 2024 VZ Auto Builder  8.0.91
- Track active_vm number in the base KSMPolicy class #OVZ-7488 (Andrey
Drobyshev )
 - Update targets.list (Andrey Drobyshev )
 - Fallback on failed asynchronous config setting #VSTOR-59718 (Andrey Drobyshev
)



- Mail original -
De: "Dmitry Konstantinov" 
À: "OpenVZ users" 
Envoyé: Lundi 5 Février 2024 20:44:16
Objet: Re: [Users] vcmmd broken after last update, CT/VM cannot start

Don't have this problem using both prlctl and vzctl. Centos-7 based 
container. Please note that it was on a fresh openvz installation.


===

# prlctl stop e410c4d0-91e2-4aef-afe4-14204f19316e
WARNING: You are using a deprecated CLI component that won't be 
installed by default in the next major release. Please use virsh instead
Stopping the CT...
The CT has been successfully stopped.
# prlctl start e410c4d0-91e2-4aef-afe4-14204f19316e
WARNING: You are using a deprecated CLI component that won't be 
installed by default in the next major release. Please use virsh instead
Starting the CT...
The CT has been successfully started.
# vzctl status e410c4d0-91e2-4aef-afe4-14204f19316e
VEID e410c4d0-91e2-4aef-afe4-14204f19316e exist mounted running
# cat /etc/virtuozzo-release
OpenVZ release 7.0.20 (147)
[root@ssd33-ga ~]# rpm -qi vcmmd
Name: vcmmd
Version : 8.0.77
Release : 1.vz7
Architecture: noarch
Install Date: Thu 21 Dec 2023 01:27:53 PM CST
Group   : System Environment/Base
Size: 466446
License : GPLv2 with exceptions
Signature   : RSA/SHA256, Fri 28 Apr 2023 12:34:29 PM CDT, Key ID 
ca0b7d1944cdad2a
Source RPM  : vcmmd-8.0.77-1.vz7.src.rpm
Build Date  : Fri 28 Apr 2023 12:33:44 PM CDT
Build Host  : builder9.eng.sw.ru
Relocations : (not relocatable)
Packager: Virtuozzo (http://www.virtuozzo.com/support/)
Vendor  : Virtuozzo
Summary : Virtuozzo memory management daemon
Description :
vcmmd is a daemon that watches Virtuozzo containers and tunes their memory
configuration parameters according to the current memory demand.
#

On 1/30/24 04:26, Aurélien GUERSON wrote:
> The problem seems to be inside the python dir here :
> 
> /usr/lib/python3.6/site-packages/
> 
> 
> For the moment, to bypass
> 
> yum update --exclude=vcmmd,libvcmmd --skip-broken
> 
> 
> Waiting for a update
> 
> 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] vcmmd broken after last update, CT/VM cannot start

[jehan Procaccia]

Hello

since last update [1]  , CTs / VMs cannot start anymore /
/

/# prlctl start vpn1
WARNING: You are using a deprecated CLI component that won't be 
installed by default in the next major release. Please use virsh instead

Starting the CT...
Failed to start the CT: PRL_ERR_VZCTL_OPERATION_FAILED (Details: vcmmd: 
failed to register Container: Failed to get VCMMD D-Bus name

vcmmd: failed to unregister Container: Failed to get VCMMD D-Bus name
vcmmd: failed to unregister Container: Failed to get VCMMD D-Bus name
Failed to start the Container/

it may be related to :

/https://bugs.openvz.org/browse/OVZ-7274/

/https://www.mail-archive.com/users@openvz.org/msg07741.html/

[1] Before update I had :

/vcmmd.noarch 8.0.77-1.vz7   @openvz-os/

/libvcmmd-8.0.9-1.vz7.x86_64/

/kernel : 3.10.0-1160.90.1.vz7.200.7 #1 SMP Wed Jul 12 12:00:44 MSK 2023 
x86_64 x86_64 x86_64 GNU/Linu/x


after

/vcmmd-8.0.88-1.vz7.noarch
/

/libvcmmd-8.0.10-1.vz7.x86_64
/

/kernel: 3.10.0-1160.105.1.vz7.214.3 #1 SMP Tue Jan 9 19:45:01 MSK 2024 
x86_64 x86_64 x86_64 GNU/Linux/


some related logs if it can help

/# tail /var/log/vcmmd.log -f
2024-01-29 12:23:27 CRITICAL vcmmd: run_original(*args2, **kwargs2)
2024-01-29 12:23:27 CRITICAL vcmmd:   File 
"/usr/lib64/python3.6/threading.py", line 864, in run
2024-01-29 12:23:27 CRITICAL vcmmd: self._target(*self._args, 
**self._kwargs)
2024-01-29 12:23:27 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/ldmgr/policy.py", line 82, in 
wrapper
2024-01-29 12:23:27 CRITICAL vcmmd: sleep_timeout = f(self, *args, 
**kwargs)
2024-01-29 12:23:27 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/ldmgr/policy.py", line 323, in 
ksm_controller

2024-01-29 12:23:27 CRITICAL vcmmd: params = self.get_ksm_params()
2024-01-29 12:23:27 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/ldmgr/policies/NoOpPolicy.py", 
line 54, in get_ksm_params
2024-01-29 12:23:27 CRITICAL vcmmd: if self.active_vm < 
ksm_vms_active_threshold or \
2024-01-29 12:23:27 CRITICAL vcmmd: AttributeError: 'NoOpPolicy' object 
has no attribute 'active_vm'

2024-01-29 12:23:33 INFO vcmmd: Started
2024-01-29 12:23:33 INFO vcmmd.config: Loading config from file 
'/etc/vz/vcmmd.conf'
2024-01-29 12:23:33 INFO vcmmd.host: ts.int.fr: 8194502656 bytes 
available for VEs
2024-01-29 12:23:33 ERROR vcmmd.host: ts.int.fr: Memory cgroup 
vstorage.slice does not exist
2024-01-29 12:23:33 ERROR vcmmd.ldmgr: Failed to load policy "density": 
Policy not found

2024-01-29 12:23:33 INFO vcmmd.ldmgr: Switch to fallback policy
2024-01-29 12:23:33 INFO vcmmd.ldmgr: Loaded policy "NoOpPolicy"
2024-01-29 12:23:33 CRITICAL vcmmd: Terminating program due to unhandled 
exception:

2024-01-29 12:23:33 CRITICAL vcmmd: Traceback (most recent call last):
2024-01-29 12:23:33 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/util/threading.py", line 43, in 
run_with_except_hook

2024-01-29 12:23:33 CRITICAL vcmmd: run_original(*args2, **kwargs2)
2024-01-29 12:23:33 CRITICAL vcmmd:   File 
"/usr/lib64/python3.6/threading.py", line 864, in run
2024-01-29 12:23:33 CRITICAL vcmmd: self._target(*self._args, 
**self._kwargs)
2024-01-29 12:23:33 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/ldmgr/policy.py", line 82, in 
wrapper
2024-01-29 12:23:33 CRITICAL vcmmd: sleep_timeout = f(self, *args, 
**kwargs)
2024-01-29 12:23:33 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/ldmgr/policy.py", line 323, in 
ksm_controller

2024-01-29 12:23:33 CRITICAL vcmmd: params = self.get_ksm_params()
2024-01-29 12:23:33 CRITICAL vcmmd:   File 
"/usr/lib/python3.6/site-packages/vcmmd/ldmgr/policies/NoOpPolicy.py", 
line 54, in get_ksm_params
2024-01-29 12:23:33 CRITICAL vcmmd: if self.active_vm < 
ksm_vms_active_threshold or \
2024-01-29 12:23:33 CRITICAL vcmmd: AttributeError: 'NoOpPolicy' object 
has no attribute 'active_vm'/


help will be greatly appreciated

regards .
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] New OVZ9 iso pre-release

[Jehan PROCACCIA]

Hello 

it's a pity that some basic feature as installing prctl should be that 
difficult , it's indeed discouraging Alpha testers ... 

I hope we'll get a more basicaly operational release candidate for openvz 9 
soon ? 

Moreover, the recent annoucement of limiting RHEL source to Centos Stream will 
probably affect openvz9 source as well ... 
[ https://www.redhat.com/en/blog/furthering-evolution-centos-stream | 
https://www.redhat.com/en/blog/furthering-evolution-centos-stream ] 

As virtuozzo client I did received a message regarding this event, it says that 
it will not affect current Virtuozzo Hybrid Server and other product as well, 
but that they are investigation the impact for the futur versions of Virtuozzo 
products ... I don't know if subscribing to RHEL allows for rebuilding one's 
own distribution (openvz9 !) ? 

Jehan . 



De: "jjs - mainphrame"  
À: "OpenVZ users"  
Envoyé: Mercredi 12 Juillet 2023 00:21:41 
Objet: Re: [Users] New OVZ9 iso pre-release 

I've tried each new openvz 9 pre-release and found it to be broken in the same 
ways. 

For now, I'm going to put openvz 9 testing on the back burner. I'm still 
stubbornly running core services on my openvz 7 machines, as their reliability 
is well proven, but as for the openvz 9 test hardware, I've wiped it, and 
installed proxmox 8. 

I'll continue to monitor the list, and hopefully at some point there will be a 
release candidate for openvz 9. 

Jake 

On Sat, May 27, 2023 at 1:32 PM jjs - mainphrame < [ mailto:j...@mainphrame.com 
| j...@mainphrame.com ] > wrote: 



It was worth a shot. 

Still quite problematic, not usable. Interestingly, the VMs running OVZ9 
pre-release are still running host routed containers but the OVZ9 install on a 
physical machine is quite broken in many ways. 

I installed from openvz-iso-9.0.1-550.iso, and was able to create a container, 
which seemed to work perfectly well. Then, I installed prlctl, which, when 
invoked, yields this output: 

"prlctl: symbol lookup error: prlsrvctl: undefined symbol: 
PrlVmCfg_SetNetfilterMode" 

I installed prl-disp-service, which changed the prlctl error to one about being 
unable to contact vz. 

So, I installed vcmmd, which pulled in numerous dependencies, and apparently 
downgraded ovz 9.0.1-550 to ovz 9.0.0-264 

# cat /etc/virtuozzo-release 
OpenVZ release 9.0.0 (264) 

The container created previously has disappeared, and the network is broken: 

# prlsrvctl net list 
WARNING: You are using a deprecated CLI component that will be dropped in the 
next major release. Please use virsh instead 
Failed to retrieve the list of Virtual Networks: Unexpected error. An 
unexpected error occurred. 

Oh, well, there's always the next pre-release to look forward to. 

Jake 

On Fri, May 26, 2023 at 9:54 AM jjs - mainphrame < [ mailto:j...@mainphrame.com 
| j...@mainphrame.com ] > wrote: 

BQ_BEGIN

Downloading now from [ 
https://download.openvz.org/virtuozzo/factory9/x86_64/iso/ | 
https://download.openvz.org/virtuozzo/factory9/x86_64/iso/ ] 

Will test and comment back here - hoping for some improvement in functionality. 

Jake 




BQ_END


___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Another reason I use openvz

[Jehan PROCACCIA]

I agree, my CTs (OVZ 7) run also very well and the full feature and fine tune 
of ressources permitted by openvz compared to lxc seems very good to me , 
still I am suprised how openvz/virtuozzo looks like an old technology in our 
sysadmins community 
most of them took the curve to lxc when proxmox decided to replace its CT from 
openvz to lxc, so people are refereing to openvz (6) as beeing an old technolgy 
back in the days ... 
when I talk about virtuozzo and tell people that it is based on modern openvz 
(7 and hopefully soon 9) , no one knows of it , 
is it a lake of communication ? or I am confusing the status of virtuozzo? I 
take this for granted from my own experience runing several virtuozzo 
(unlicenced) servers/hypervisors, 
and for the sake of supporting the compagny I keep buy very few licenced 
servers (although we are not host provider, just a public academic school) 
regarding communication I think I am not mistaking by refring to : 



[ 
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/learning-basics/vhs-vs-openvz.html
 | 
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/learning-basics/vhs-vs-openvz.html
 ] 





extract : 


[ https://openvz.org/ | OpenVZ ] is a free, open-source virtualization solution 
available under GNU GPL. OpenVZ is the base for Virtuozzo Hybrid Server , the 
commercial solution that builds on OpenVZ and offers additional benefits to 
customers. 





so if openVZ is the base of VHS , I guess that it is still up2date and the 
opensource community be able to continue to test and use it ! 


[ https://www.virtuozzo.com/company/open-source/ | 
https://www.virtuozzo.com/company/open-source/ ] 





I think this great product deserve more consideration in our OSS community , 
and probabably that having OVZ9 running and validated by the OSS community 
might help this projet to overcome . 





Jehan . 

De: "jjs - mainphrame"  
À: "OpenVZ users"  
Envoyé: Jeudi 20 Avril 2023 22:04:44 
Objet: [Users] Another reason I use openvz 

While I've seen lxc containers mysteriously hang, suffer bit rot, or self 
destruct, the openvz containers have been solid. 

One of my OVZ-7 servers had an old centos 7 container that I used for testing 
haproxy, that I'd turned off in 2019. 

I vgmigrated it to a new OVZ-9 test machine, started it, and it worked just 
like it hadn't been turned off for 4 years. 

Anyway, I'm looking forward to the production release of OVZ 9 

jake 

___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] virtuozzo 7.9 , CT fail to start since update libvzctl-7.0.730

[jehan Procaccia]

Hello

we recently updated some of our openvz (Virtuozzo Linux release 7.9) 
hypervisors


but after rebooting, all CTs are suspended. without a reboot we cannot 
stop/start CT


we've identified libvzctl-7.0.730-1.vz7.x86_64 which contains a 
scripts/set_dns.sh as the culprit


changing the script as described in the bug report I created  :

https://bugs.openvz.org/browse/OVZ-7446

allows us to restart our CTs .

I hope this is a temporary pb and that devs will come up with a patch ?

thanks .

jehan

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

good, let us know .

I did opened a bug report regarding this issue

https://bugs.openvz.org/browse/OVZ-7419

it was marked as resolved last week, but I still fail to install prlctl 
(just did dnf clean all) , so I reoponed the issue.


maybe the fix is in that new iso ? or I should uninstall / reinstall 
openvz-release-9.0.1-383.vz9.x86_64 package ? didn't tried that because 
it also needs to remove 75 packages (qemu* ...) as dependances .


Jehan

PS: anyway, if prlctl finally get installed, is this the way to go , the 
"deprecated" message is not reassuring .


On 13/02/2023 06:11, jjs - mainphrame wrote:

I see there's a new pre-release iso, downloading it now -

https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-412.iso 



Jake

On Thu, Dec 8, 2022 at 4:16 PM jjs - mainphrame  
wrote:


I've been running openvz 7 for some years, and I periodically
check on the status of openvz 8 and 9.

While openvz 7 has been getting updates, it seems openvz 8 is
fairly static, and openvz 9 seems not ready for use.

Is there an intent to continue support of openvz beyond version 7?

Since openvz is a great advertisement for virtuozzo, it would be a
shame if it faded away.

Jake


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

Yes , we must wait for a fix from the developers. The purpose of 
Alpha/Beta releases is for the community to report pb


I created a bug report => https://bugs.openvz.org/browse/OVZ-7419

let's hope for a rapid patch as is might be a very simple thing to fix

regards.

jehan

On 06/02/2023 05:25, jjs - mainphrame wrote:

Thanks for sharing this work, it allowed me to make some progress.

There seem to be other issues though. Hopefully the fixes will come.

Jake



On Sun, Feb 5, 2023 at 2:12 PM Aurélien GUERSON 
 wrote:


Hi guys,

I tried something and it seems ok.

If you want update

1) disable gpg check

2) disable factory ( never use factory ! )

3) install python3-devel rpmdevtools rpmlint

4) remove vz-release

rpm -e --nodeps vzlinux-release

5) download the src

cd /usr/src/

wget

http://repo.virtuozzo.com/vzlinux/9.0/source/SRPMS/v/vzlinux-release-9.0-39.vl9.src.rpm



6) install it

rpm -ivh vzlinux-release-9.0-39.vl9.src.rpm

7) modify the SPEC file

cd /root/rpmbuild/SPECS/

vim xx.spec

delete source13 and SOURCE13 from spec file

change 39 to 40 in the version

8) recreate .rpm file

rpmbuild -ba ~/rpmbuild/SPECS/xx.spec

9) install it

yum install /root/rpmbuild/RPMS/x86_64/xx.rpm

10) update all

yum clean all

yum update

11) install prlctl

yum install prlctl


=> it still have the warning message with the deprecated version.


now you can try.


Regards,


-- 
Aurélien GUERSON



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

Hi,

I also want to give a try to OVZ9 , I installed it from 
https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-383.iso


although everything went fine , now that I want to configure networking 
vlans/bridges , I don't know how to proceed if prlctl package is not 
available !? I am also confronted to the GPG key pb [1]


is prlctl and prlsrvctl still the way to go [2], or deprecated in OVZ9 ? 
in that case, how should we configure networking ? following RHEL9 docs ?


/https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/configuring_and_managing_networking/index#doc-wrapper/

please let us know if you want the community to contribute and testing 
OVZ9 .


thanks

jehan .

[1]

/root@tovz ~]# dnf install prlctl
Installing:
 prlctl   x86_64   9.0.2-1.vz9  openvz-os 583 k
/

/GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Virtuozzo-9 (0x463278F2) 
is already installed
The GPG keys listed for the "OpenVZ" repository are already installed 
but they are not correct for this package.
Check that the correct key URLs are configured for this repository.. 
Failing package is: prlctl-9.0.2-1.vz9.x86_64
 GPG Keys are configured as: 
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Virtuozzo-9
The downloaded packages were saved in cache until the next successful 
transaction.

You can remove cached packages by executing 'dnf clean packages'.
Error: GPG check FAILED/

[2]

https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/managing-network/configuring-virtual-machines-and-containers-in-bridged-mode.html

On 02/02/2023 19:12, jjs - mainphrame wrote:
Agreed Paulo, virsh always seemed to me a sort of least common 
denominator, a dumbed down and reduced capability replacement for the 
virtuozzo tools we all know and love.


Jake

On Wed, Feb 1, 2023 at 6:58 PM Paulo Coghi - Coghi IT 
 wrote:


Hello Jake,

Thank you for your valuable feedback! Let's see what the Virtuozzo
dev team has to say about this issue with the GPG key for the
"prlctl" tools.

By the way, last time I tried virsh with OpenVZ (version 8, at the
time of test), the experience was not good nor well documented as
prlctl. But we are already receiving the warning about prlctl
being deprecated.

There are some niche cases in which virsh doesn't seem capable,
like setting "cpulimit".


Paulo Coghi

On Wed, Feb 1, 2023 at 9:24 PM jjs - mainphrame
 wrote:

Everything was looking good, and I was considering installing
ovz 9 on a physical server, but I ran into a weird issue with
the GPG keys when I tried to install prlctl:

GPG key at file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Virtuozzo-9
(0x463278F2) is already installed
The GPG keys listed for the "OpenVZ" repository are already
installed but they are not correct for this package.
Check that the correct key URLs are configured for this
repository.. Failing package is: prlctl-9.0.2-1.vz9.x86_64
 GPG Keys are configured as:
file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Virtuozzo-9
The downloaded packages were saved in cache until the next
successful transaction.
You can remove cached packages by executing 'yum clean packages'.
Error: GPG check FAILED

Jake

On Wed, Feb 1, 2023 at 9:21 AM jjs - mainphrame
 wrote:

The iso is indeed a new image.

I've installed it in a VM and have been poking around,
looks promising so far, creating a few containers and
taking them for a spin.

Jake

On Tue, Jan 31, 2023 at 7:21 PM jjs - mainphrame
 wrote:

Downloading, will investigate.

Jake

On Tue, Jan 31, 2023 at 4:11 PM Paulo Coghi - Coghi IT
 wrote:

What about this one, dated 27-Jan-2023?


https://download.openvz.org/virtuozzo/factory9/x86_64/iso/openvz-iso-9.0.1-383.iso

Paulo Coghi

On Tue, Jan 31, 2023 at 10:07 PM jjs - mainphrame
 wrote:

I downloaded the vz9.iso and mounted it, and
all the files are dated Feb 2 2022.

So, no joy, despite the deceptive Dec 2022
date on the iso.

Jake

    On Tue, Jan 31, 2023 at 7:38 AM jehan
Procaccia  wrote:

Hi,

actually I wonder if openvz-iso-9:


/https://download.openvz.org/virtuozzo/releases/9.0/x86_64/iso//

/openvz-iso-9.0.0.iso 24-Feb-2022 04:41
    2.9G/

which is supposed to be the base reference
   

Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

Hi,

actually I wonder if openvz-iso-9:

/https://download.openvz.org/virtuozzo/releases/9.0/x86_64/iso//

/openvz-iso-9.0.0.iso    24-Feb-2022 04:41 2.9G/

which is supposed to be the base reference for virtuozzo 9 ,

is the same as

http://repo.virtuozzo.com/vz/releases/

/vz9.iso *20-Dec-2022 12:31*  2G/

please let us know which .iso we should start with to test vz9 (open 
version) /

/

why haven't they the same date (Feb 2022 vs Dec 2022) /
/

Thanks . /
/

On 28/01/2023 11:21, jehan Procaccia wrote:


I hope I am not wrong to disagree regarding your skepticism for future 
of openVZ (7,8,9 ...)


check in that same thread discussion :

https://marc.info/?l=openvz-users=167080032829556=2

I confirm that running openVZ 7 is rock solid, and we do use lots of 
CTs, for me the best featured containers  solution


we are expecting a  continuation with VZ 9 (as 8 might be skipped). as 
a public accademic school we appreciate free and openSource software


but we keep purchase few virtuozzo commercial licences as much as we 
can to contribute to the project .


as long as this: 
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/learning-basics/vhs-vs-openvz.html


/OpenVZ <https://openvz.org/> is a free, open-source virtualization 
solution available under GNU GPL. OpenVZ is the base for Virtuozzo 
Hybrid Server, the commercial solution that builds on OpenVZ and 
offers additional benefits to customers./


is still true, if Virtuozzo Hybrid Server is based on the openSource 
OpenVZ, I don't see any fears regarding its future .


https://docs.virtuozzo.com/virtuozzo_product_lifecycle_policy/index.html

but indeed, we are waiting for a VZ 9 which maybe lacks of a clearer 
raodmap, for exemple, is it still as much an Ahpha release (not to use 
in production) as mentioned here (Feb 2022)


https://www.virtuozzo.com/company/blog/product-updates/virtuozzo-hybrid-server-9-alpha-2/

or http://repo.virtuozzo.com/vz/releases/

/vz9.iso *20-Dec-2022 12:31*  2G/ 
http://repo.virtuozzo.com/vz/releases/


/vz9.iso *20-Dec-2022 12:31*  2G/

which seems quite recent, is in a far better state now .

Thanks .

jehan .


On 27/01/2023 21:16, Gena Makhomed wrote:

OpenVZ 6 is last fully functional version, running on top of CentOS.

OpenVZ 7, 8, 9 ...

May be better to use just virtual machines using QEMU-KVM and libvirt ?

This solution is very stable, very feature rich and very useful.

If you need to use very cheap virtual machines - try to use 
https://firecracker-microvm.github.io/


Or you can combine Firecracker MicroVMs with Docker / OCI images to 
unify containers and VMs: https://github.com/weaveworks/ignite


Stop to use OpenVZ, because OpenVZ 6 is End Of Life and now it is 
dead project.


OpenVZ 6 is just last true and fully functional OpenVZ version.

Something named OpenVZ 7, OpenVZ 8, OpenVZ 9 ... is just agony of 
OpenVZ project.


On 09.12.2022 2:16, jjs - mainphrame wrote:
I've been running openvz 7 for some years, and I periodically check 
on the

status of openvz 8 and 9.

While openvz 7 has been getting updates, it seems openvz 8 is fairly
static, and openvz 9 seems not ready for use.

Is there an intent to continue support of openvz beyond version 7?

Since openvz is a great advertisement for virtuozzo, it would be a 
shame if

it faded away.
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Status of OVZ 8 & 9

[jehan Procaccia]

I hope I am not wrong to disagree regarding your skepticism for future 
of openVZ (7,8,9 ...)


check in that same thread discussion :

https://marc.info/?l=openvz-users=167080032829556=2

I confirm that running openVZ 7 is rock solid, and we do use lots of 
CTs, for me the best featured containers  solution


we are expecting a  continuation with VZ 9 (as 8 might be skipped). as a 
public accademic school we appreciate free and openSource software


but we keep purchase few virtuozzo commercial licences as much as we can 
to contribute to the project .


as long as this: 
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/learning-basics/vhs-vs-openvz.html


/OpenVZ  is a free, open-source virtualization 
solution available under GNU GPL. OpenVZ is the base for Virtuozzo 
Hybrid Server, the commercial solution that builds on OpenVZ and offers 
additional benefits to customers./


is still true, if Virtuozzo Hybrid Server is based on the openSource 
OpenVZ, I don't see any fears regarding its future .


https://docs.virtuozzo.com/virtuozzo_product_lifecycle_policy/index.html

but indeed, we are waiting for a VZ 9 which maybe lacks of a clearer 
raodmap, for exemple, is it still as much an Ahpha release (not to use 
in production) as mentioned here (Feb 2022)


https://www.virtuozzo.com/company/blog/product-updates/virtuozzo-hybrid-server-9-alpha-2/

or http://repo.virtuozzo.com/vz/releases/

/vz9.iso *20-Dec-2022 12:31*  2G/

which seems quite recent, is in a far better state now .

Thanks .

jehan .


On 27/01/2023 21:16, Gena Makhomed wrote:

OpenVZ 6 is last fully functional version, running on top of CentOS.

OpenVZ 7, 8, 9 ...

May be better to use just virtual machines using QEMU-KVM and libvirt ?

This solution is very stable, very feature rich and very useful.

If you need to use very cheap virtual machines - try to use 
https://firecracker-microvm.github.io/


Or you can combine Firecracker MicroVMs with Docker / OCI images to 
unify containers and VMs: https://github.com/weaveworks/ignite


Stop to use OpenVZ, because OpenVZ 6 is End Of Life and now it is dead 
project.


OpenVZ 6 is just last true and fully functional OpenVZ version.

Something named OpenVZ 7, OpenVZ 8, OpenVZ 9 ... is just agony of 
OpenVZ project.


On 09.12.2022 2:16, jjs - mainphrame wrote:
I've been running openvz 7 for some years, and I periodically check 
on the

status of openvz 8 and 9.

While openvz 7 has been getting updates, it seems openvz 8 is fairly
static, and openvz 9 seems not ready for use.

Is there an intent to continue support of openvz beyond version 7?

Since openvz is a great advertisement for virtuozzo, it would be a 
shame if

it faded away.
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Status of OVZ 8 & 9

[Jehan PROCACCIA]

Hello 

indeed , we also use openvz7 (free virtuozzo) and are wondering what is best to 
install new servers hypervisors with , openvz8 or 9 ? 
is it not because we use free openvz that we don't support the virtuozzo 
businness, although we are a public school we do purchase a few virtuozzy 
hybrid server licences in order to participate to the maintenance and 
developpement of these great products . 
please let us know if we did the right choice ? 

Regards . 

Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Directeur Technique réseau REVE : 
Réseau d’Évry Val d'Essonne 
Équipe THD (TSP/RST) 
01 60 76 44 36 




De: "jjs - mainphrame"  
À: "OpenVZ users"  
Envoyé: Dimanche 11 Décembre 2022 19:34:58 
Objet: Re: [Users] Status of OVZ 8 & 9 

Hello all, 
Is it safe to say that openvz 7 is essentially the end of the line in terms of 
an effective, free openvz solution? I've been looking at openvz 8 & 9, and much 
as I want them to work, they don't seem to be viable. 

Thanks for any insight you can share. 

Jake 

On Thu, Dec 8, 2022 at 4:16 PM jjs - mainphrame < [ mailto:j...@mainphrame.com 
| j...@mainphrame.com ] > wrote: 



I've been running openvz 7 for some years, and I periodically check on the 
status of openvz 8 and 9. 

While openvz 7 has been getting updates, it seems openvz 8 is fairly static, 
and openvz 9 seems not ready for use. 

Is there an intent to continue support of openvz beyond version 7? 

Since openvz is a great advertisement for virtuozzo, it would be a shame if it 
faded away. 

Jake 




___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] vzlinux 8 breaks dep on redhat-release 8.6

[jehan Procaccia]

Hi,

I moved several of my CT from centos 8 et vzlinux8, now when I try to 
update vz8 I get


/Error:
 Problem: cannot install the best update candidate for package 
remi-release-8.5-3.el8.remi.noarch
  - nothing provides redhat-release >= 8.6 needed by 
remi-release-8.6-1.el8.remi.noarch/


I guess that remi's repo (php 7.x) depends on RHEL 8.6 ... ? How can I 
correct that ? is vzlinux 8 about to provide a vzlinux-release 8.6 to 
cope with REHL 8.6 !?


thanks


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Equivalent "virsh" commands to set container parameters like "prlctl set"

[jehan Procaccia]

Hello,

I have the same remark/question regarding prlctl depreciation

what should we use to clone a CT ?

I used to

/prlctl clone ct-templvz8 --name myvz8server/

/
/

nor vzctl nor virsh seems to do the job for cloning a CT, it still works 
with prlctl , but what should we use now and when prlctl will be really 
deprecated .


all these change are just a question of terminology or it is because of 
a breakthrough towards new API/libvirt etc ...?



Thanks


Le 22/04/2022 à 12:42, Pavel Vokhmyanin a écrit :

Hello Paulo,

Virsh itself doesn't really have a "create" command. It can define 
domain based on xml.
You either compose this xml yourself, or use virt-install to compose 
it for you. You can also use vzctl or install prl-disp-service and use 
prlctl.


If we're talking about OpenVZ9, you can use these commands for 
virt-install:


I.e. To create a container do the following:

1.

Create a disk image with|vzpkg|. For example:

# mkdir -p /vz/mylinuxct
# vzpkg create image centos-7-x86_64 /vz/mylinuxct/mylinuxct.hdd
Creating Container root image at /vz/mylinuxct/mylinuxct.hdd 
(centos-7-x86_64)
<...>
Image was succesfully created at /vz/mylinuxct/mylinuxct.hdd
2.

Create the container based on the disk image. For example:

# virt-install \
--connect vzct:///system \
--name mylinuxct \
--memory 2048 \
--disk 'path=/vz/mylinuxct/mylinuxct.hdd,boot_order=1,size=64' \
--graphics vnc,port=5903,listen=0.0.0.0
<...>
Starting install...
Domain creation completed.
You can restart your domain by running:
   virsh --connect vzct:///system start mylinuxct

Note, that is "vzct" driver, not "vz" or "openvz". It's a new driver 
implementation that uses libvzctl and vzevent instead of 
prl-disp-service integration.


Speaking of configuration you mentioned, they are not well documented 
at the moment. Easiest way for you to figure out how it translates 
into domain.xml is to use vzctl for configuration, and see how it 
reflects in the configuration file. Settings were designed to reuse VM 
(QEMU) configuration schema where possible.



Best Regards,
--
Pavel Vokhmyanin
Management and Integrations
Virtuozzo

*От:* users-boun...@openvz.org  от имени 
Paulo Coghi - Coghi IT 

*Отправлено:* 1 апреля 2022 г. 8:41
*Кому:* OpenVZ users 
*Тема:* [Users] Equivalent "virsh" commands to set container 
parameters like "prlctl set"

Hello OpenVZ community,

Now that new OpenVZ versions have officially migrated to virsh as the 
main management tool, I would like to ask which are the equivalent 
commands in vitsh to set parameters provided by "prlctl set", like 
--cpulimit, --cpuunits, --nodemask, --ioprio, --ioprio, --iolimit, 
--rate, --ratebound.


Also, is there any important step on virsh to ensure the creation of a 
container instead of a vm, like prlctl create --vmtype ct?



Cordially,
Paulo Coghi

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] vztop for virtuozzo7 and check ressources

[jehan Procaccia]

Excellent, vzstat is what I need !

it gives everything , network, io, cpu, mem + sorted by CTID + 
hostname,  I didn't know about it


thanks

PS: still want to know if available about compared features/services  
between free and licenced virtuozzo/vzlinux



Le 14/04/2022 à 23:00, jjs - mainphrame a écrit :

There's always vzstat - it still works

Jake

On Thu, Apr 14, 2022 at 1:57 PM jehan Procaccia 
 wrote:


Thanks for your answer, but I don't see "CTID" with htop

there's only :

/PID USER  PR  NI    VIRT    RES SHR S  %CPU %MEM TIME+
COMMAND/

/# cat /etc/redhat-release
Virtuozzo Linux release 7.9
# rpm -q htop
htop-2.2.0-3.el7.x86_64/

then, there's no related/added value of htop regarding the
sorting  of CTID processes, did I misses something ?

ok for user_beancounters, i'll keep checking them to see if some
are over limits , I guess that if it changes in vz 9 you'll let us
know .

Regarding these features (counters, vztop) , do you confirm that
they should be avalaible regardless of using a server with
licenced virtuozzo hybrid server or a free vzlinux server ?

this still not clear to me what are the different features between
the two , is there an online page that compares them ?

To my knowledge licenced virtuzzo adds; Support, readyKernel,
Storage, Backups . Are there other features/services  ?  perhaps
ressource monitoring / vztop !?

thanks .

jehan .



https://www.virtuozzo.com/company/blog/product-updates/virtuozzos-mature-linux-distribution-vzlinux-now-available-to-public/

Le 08/04/2022 à 07:45, Vasily Averin a écrit :

Dear Jehan,

Sorry for the long response.

On 4/1/22 00:27,jehan.procac...@tem-tsp.eu  wrote:

Hello

in older openvz, there was vztop from hypervizor to check which CT/VM usages

I cannot find which package provides vztop in virtuozzo 7 , is it still 
available ?

On my test node vztop is an alias

[root@tom ~]# which vztop
alias vztop='htop -s CTID'
/usr/bin/htop

[root@tom ~]# rpm -qf /usr/bin/htop
htop-2.2.0-1.vl7.1.x86_64
[root@tom ~]# rpm -ql htop-2.2.0-1.vl7.1.x86_64
/etc/profile.d/vztop.sh   <<<<<<< VvS: interesting
/usr/bin/htop
/usr/share/applications/htop.desktop
/usr/share/doc/htop-2.2.0
/usr/share/doc/htop-2.2.0/AUTHORS
/usr/share/doc/htop-2.2.0/ChangeLog
/usr/share/doc/htop-2.2.0/README
/usr/share/licenses/htop-2.2.0
/usr/share/licenses/htop-2.2.0/COPYING
/usr/share/man/man1/htop.1.gz
/usr/share/pixmaps/htop.png

[root@tom ~]# cat /etc/profile.d/vztop.sh
# only if no alias is already set
alias vztop >/dev/null 2>&1 || alias vztop='htop -s CTID'


is# cat /proc/user_beancounters  still the correct and recommended way to 
check inside a CT the different ressources counters ?

Yes, it still works correctly on vz7.
howevrer I'm not sure about upcoming vz9.

Also I would advise you to look at  Virtuozzo Hybrid Server 7.5 
documentation
https://docs.virtuozzo.com/master/index.html

https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_upgrade_guide/index.html

https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/managing-virtual-machines-and-containers/index.html

I hope it helps you.

Thank you for the questions,
Vasily Averin
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] vztop for virtuozzo7 and check ressources

[jehan Procaccia]

Thanks for your answer, but I don't see "CTID" with htop

there's only :

/PID USER  PR  NI    VIRT    RES    SHR S %CPU %MEM TIME+ COMMAND/

/# cat /etc/redhat-release
Virtuozzo Linux release 7.9
# rpm -q htop
htop-2.2.0-3.el7.x86_64/

then, there's no related/added value of htop regarding the sorting  of 
CTID processes, did I misses something ?


ok for user_beancounters, i'll keep checking them to see if some are 
over limits , I guess that if it changes in vz 9 you'll let us know .


Regarding these features (counters, vztop) , do you confirm that they 
should be avalaible regardless of using a server with licenced virtuozzo 
hybrid server or a free vzlinux server ?


this still not clear to me what are the different features between the 
two , is there an online page that compares them ?


To my knowledge licenced virtuzzo adds; Support, readyKernel, Storage, 
Backups . Are there other features/services  ?  perhaps ressource 
monitoring / vztop !?


thanks .

jehan .


https://www.virtuozzo.com/company/blog/product-updates/virtuozzos-mature-linux-distribution-vzlinux-now-available-to-public/

Le 08/04/2022 à 07:45, Vasily Averin a écrit :

Dear Jehan,

Sorry for the long response.

On 4/1/22 00:27,jehan.procac...@tem-tsp.eu  wrote:

Hello

in older openvz, there was vztop from hypervizor to check which CT/VM usages

I cannot find which package provides vztop in virtuozzo 7 , is it still 
available ?

On my test node vztop is an alias

[root@tom ~]# which vztop
alias vztop='htop -s CTID'
/usr/bin/htop

[root@tom ~]# rpm -qf /usr/bin/htop
htop-2.2.0-1.vl7.1.x86_64
[root@tom ~]# rpm -ql htop-2.2.0-1.vl7.1.x86_64
/etc/profile.d/vztop.sh   <<< VvS: interesting
/usr/bin/htop
/usr/share/applications/htop.desktop
/usr/share/doc/htop-2.2.0
/usr/share/doc/htop-2.2.0/AUTHORS
/usr/share/doc/htop-2.2.0/ChangeLog
/usr/share/doc/htop-2.2.0/README
/usr/share/licenses/htop-2.2.0
/usr/share/licenses/htop-2.2.0/COPYING
/usr/share/man/man1/htop.1.gz
/usr/share/pixmaps/htop.png

[root@tom ~]# cat /etc/profile.d/vztop.sh
# only if no alias is already set
alias vztop >/dev/null 2>&1 || alias vztop='htop -s CTID'


is# cat /proc/user_beancounters  still the correct and recommended way to check 
inside a CT the different ressources counters ?

Yes, it still works correctly on vz7.
howevrer I'm not sure about upcoming vz9.

Also I would advise you to look at  Virtuozzo Hybrid Server 7.5 documentation
https://docs.virtuozzo.com/master/index.html
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_upgrade_guide/index.html
https://docs.virtuozzo.com/virtuozzo_hybrid_server_7_users_guide/managing-virtual-machines-and-containers/index.html

I hope it helps you.

Thank you for the questions,
Vasily Averin
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] vzlinux 8 pb update package python2

[Jehan PROCACCIA]

well, that was the '--nobest' option that allowed me to sucessfully update all 
other packages : 

$dnf update --nobest 
... 
Skipped: 
python2-for-tests-2.7.17-1.vl8.2.x86_64 
python2-libs-2.7.18-4.module_vl8+478+7570e00c.x86_64 
Complete! 

next I removed python2-for-test, and here there was no more dependence on 
mongodb, so I could proceed . 

# dnf remove python2-for-tests 
removed: 
python2-2.7.17-1.vl8.1.x86_64 python2-for-tests-2.7.17-1.vl8.1.x86_64 
python2-libs-2.7.17-1.vl8.1.x86_64 
complete ! 

My system is up2date now , thanks . 


De: "Denis Silakov"  
À: "Jehan PROCACCIA" , "OpenVZ users" 
 
Envoyé: Vendredi 30 Juillet 2021 12:00:05 
Objet: Re: [Users] vzlinux 8 pb update package python2 

Yes, looks like the '--best' option works fine here. It is ok to leave 
python2-for-tests with broken dependencies. Once you update python2 itself to a 
modular package, you should be able to remove python2-for-tests without any 
problems. 

From: jehan Procaccia tem-tsp  
Sent: Friday, July 30, 2021 12:33 PM 
To: OpenVZ users ; Denis Silakov  
Subject: Re: [Users] vzlinux 8 pb update package python2 
Ok I try to remove it , but it wants to remove mongo-db packages which a 
dependent . 

# dnf remove python2-for-tests 
Failed to set locale, defaulting to C.UTF-8 
Dependencies resolved. 
==
 
Package Architecture Version Repository Size 
==
 
Removing: 
python2-for-tests x86_64 2.7.17-1.vl8.1 @virtuozzolinux-base 21 k 
Removing dependent packages: 
mongodb-org x86_64 4.2.12-1.el8 @mongodb-org-4.2 0 
Removing unused dependencies: 
mongodb-org-mongos x86_64 4.2.12-1.el8 @mongodb-org-4.2 39 M 
mongodb-org-server x86_64 4.2.12-1.el8 @mongodb-org-4.2 71 M 
mongodb-org-shell x86_64 4.2.12-1.el8 @mongodb-org-4.2 46 M 
mongodb-org-tools x86_64 4.2.12-1.el8 @mongodb-org-4.2 128 M 
python2 x86_64 2.7.17-1.vl8.1 @virtuozzolinux-base 80 k 
python2-libs x86_64 2.7.17-1.vl8.1 @virtuozzolinux-base 25 M 

Transaction Summary 
==
 
Remove 8 Packages 

this CT serve a rocketchat service that needs mongodb, I don't want to break 
the databse service . 

as suggested by DNF , there's the "--nobest" option which seems to go further , 
but with this warning 

Enabling module streams: 
httpd 2.4 
mariadb 10.3 
Skipping packages with conflicts: 
(add '--best --allowerasing' to command line to force their upgrade): 
python2-libs x86_64 2.7.18-4.module_vl8+478+7570e00c virtuozzolinux-base 6.0 M 
Skipping packages with broken dependencies: 
python2-for-tests x86_64 2.7.17-1.vl8.2 virtuozzolinux-base 79 k 

is this the "best" option ? 
thanks . 


Le 30/07/2021 à 11:16, Denis Silakov a écrit : 



Hi, 

this looks like a subsequence of python2 installed from the main repo and not 
from module. I remember that for some time we indeed didn't have python2 in 
module so this could happen easily. 

I'd suggest to simply remove python2-for-tests package. 

And in general this is how new modules/streams work - you can have multiple 
versions of the same package in repos in different streams (python2-libs in our 
case), but you still can't install them simultaneously. And modular package 
always has s higher priority unless you configure a special option in the repo 
file. 

From: [ mailto:users-boun...@openvz.org | 
users-boun...@openvz.org ] [ mailto:users-boun...@openvz.org | 
 ] on behalf of jehan Procaccia tem-tsp [ 
mailto:jehan.procac...@tem-tsp.eu | 
 ] 
Sent: Friday, July 30, 2021 11:55 AM 
To: OpenVZ users [ mailto:users@openvz.org | 
 ] 
Subject: [Users] vzlinux 8 pb update package python2 


Hello 

I've moved some CTs to vl8 , but now at least with this one , I have dependancy 
problemes 


# yum update 
Failed to set locale, defaulting to C.UTF-8 
Last metadata expiration check: 0:29:59 ago on Fri Jul 30 10:16:54 2021. 
Error: 
Problem 1: package python2-for-tests-2.7.17-1.vl8.2.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.2, but none of the providers can be 
installed 
- cannot install the best update candidate for package 
python2-for-tests-2.7.17-1.vl8.1.x86_64 
- package python2-libs-2.7.17-1.vl8.2.x86_64 is filtered out by modular 
filtering 
Problem 2: package python2-for-tests-2.7.17-1.vl8.1.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.1, but none of the providers can be 
installed 
- problem with installed package python2-for-tests-2.7.17-1.vl8.1.x86_64 
- cannot install both python2-libs-2.7.18-4.module_vl8+478+7570e00c.x86_64 and 
pyt

Re: [Users] vzlinux 8 pb update package python2

[jehan Procaccia tem-tsp]

Ok I try to remove it , but it wants to remove mongo-db packages which a 
dependent .


/# dnf remove python2-for-tests
Failed to set locale, defaulting to C.UTF-8
Dependencies resolved.
==
 Package Architecture Version 
Repository   Size

==
Removing:
 python2-for-tests x86_64 2.7.17-1.vl8.1 
@virtuozzolinux-base 21 k

Removing dependent packages:
 mongodb-org x86_64 4.2.12-1.el8 
@mongodb-org-4.2  0

Removing unused dependencies:
 mongodb-org-mongos x86_64 4.2.12-1.el8 
@mongodb-org-4.2 39 M
 mongodb-org-server x86_64 4.2.12-1.el8 
@mongodb-org-4.2 71 M
 mongodb-org-shell x86_64 4.2.12-1.el8 
@mongodb-org-4.2 46 M
 mongodb-org-tools x86_64 4.2.12-1.el8 
@mongodb-org-4.2    128 M
 python2 x86_64 2.7.17-1.vl8.1 
@virtuozzolinux-base 80 k
 python2-libs x86_64 2.7.17-1.vl8.1 
@virtuozzolinux-base 25 M


Transaction Summary
==
Remove  8 Packages/

this CT serve a rocketchat service that needs mongodb, I don't want to 
break the databse service .


as suggested by DNF , there's the "--nobest" option which seems to go 
further , but with this warning


/Enabling module streams:
 httpd 2.4
 mariadb 10.3
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
 python2-libs x86_64 2.7.18-4.module_vl8+478+7570e00c 
virtuozzolinux-base 6.0 M

Skipping packages with broken dependencies:
 python2-for-tests x86_64 2.7.17-1.vl8.2 
virtuozzolinux-base  79 k/


is this the "best" option ?
thanks .


Le 30/07/2021 à 11:16, Denis Silakov a écrit :

Hi,

this looks like a subsequence of python2 installed from the main repo 
and not from module. I remember that for some time we indeed didn't 
have python2 in module so this could happen easily.


I'd suggest to simply remove python2-for-tests package.

And in general this is how new modules/streams work - you can have 
multiple versions of the same package in repos in different streams 
(python2-libs in our case), but you still can't install them 
simultaneously.  And modular package always has s higher priority 
unless you configure a special option in the repo file.


*From:* users-boun...@openvz.org  on behalf 
of jehan Procaccia tem-tsp 

*Sent:* Friday, July 30, 2021 11:55 AM
*To:* OpenVZ users 
*Subject:* [Users] vzlinux 8 pb update package python2

Hello

I've moved some CTs to vl8 , but now at least with this one , I have 
dependancy problemes


/# yum update
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:29:59 ago on Fri Jul 30 10:16:54 2021.
Error:
 Problem 1: *package python2-for-tests-2.7.17-1.vl8.2.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.2, but none of the providers can 
be installed*
  - cannot install the best update candidate for package 
python2-for-tests-2.7.17-1.vl8.1.x86_64
  - package python2-libs-2.7.17-1.vl8.2.x86_64 is filtered out by 
modular filtering
 Problem 2: package python2-for-tests-2.7.17-1.vl8.1.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.1, but none of the providers can 
be installed

  - problem with installed package python2-for-tests-2.7.17-1.vl8.1.x86_64
  - cannot install both 
python2-libs-2.7.18-4.module_vl8+478+7570e00c.x86_64 and 
python2-libs-2.7.17-1.vl8.1.x86_64
  - package python2-for-tests-2.7.17-1.vl8.2.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.2, but none of the providers can 
be installed
  - cannot install the best update candidate for package 
python2-libs-2.7.17-1.vl8.1.x86_64
  - package python2-libs-2.7.17-1.vl8.2.x86_64 is filtered out by 
modular filtering
(try to add '--allowerasing' to command line to replace conflicting 
packages or '--skip-broken' to skip uninstallable packages or 
'--nobest' to use not only best candidate packages)

/

is there a repository inconsistancy ?

/# dnf repolist
Failed to set locale, defaulting to C.UTF-8
repo id repo name
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
mongodb-org-4.2 MongoDB Repository
nodesource Node.js Packages for Enterprise Linux 8 - x86_64
virtuozzolinux-base

[Users] vzlinux 8 pb update package python2

[jehan Procaccia tem-tsp]

Hello

I've moved some CTs to vl8 , but now at least with this one , I have 
dependancy problemes


/# yum update
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:29:59 ago on Fri Jul 30 10:16:54 2021.
Error:
 Problem 1: *package python2-for-tests-2.7.17-1.vl8.2.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.2, but none of the providers can be 
installed*
  - cannot install the best update candidate for package 
python2-for-tests-2.7.17-1.vl8.1.x86_64
  - package python2-libs-2.7.17-1.vl8.2.x86_64 is filtered out by 
modular filtering
 Problem 2: package python2-for-tests-2.7.17-1.vl8.1.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.1, but none of the providers can be 
installed

  - problem with installed package python2-for-tests-2.7.17-1.vl8.1.x86_64
  - cannot install both 
python2-libs-2.7.18-4.module_vl8+478+7570e00c.x86_64 and 
python2-libs-2.7.17-1.vl8.1.x86_64
  - package python2-for-tests-2.7.17-1.vl8.2.x86_64 requires 
python2-libs(x86-64) = 2.7.17-1.vl8.2, but none of the providers can be 
installed
  - cannot install the best update candidate for package 
python2-libs-2.7.17-1.vl8.1.x86_64
  - package python2-libs-2.7.17-1.vl8.2.x86_64 is filtered out by 
modular filtering
(try to add '--allowerasing' to command line to replace conflicting 
packages or '--skip-broken' to skip uninstallable packages or '--nobest' 
to use not only best candidate packages)

/

is there a repository inconsistancy ?

/# dnf repolist
Failed to set locale, defaulting to C.UTF-8
repo id repo name
epel Extra Packages for Enterprise Linux 8 - x86_64
epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64
mongodb-org-4.2 MongoDB Repository
nodesource Node.js Packages for Enterprise Linux 8 - x86_64
virtuozzolinux-base VirtuozzoLinux Base
virtuozzolinux-updates VirtuozzoLinux Updates
/

thanks .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] OpenVZ Bind mounts

[jehan Procaccia tem-tsp]

Hello

I recently had the same objectives to mount cifs on a CT

1) mount it on the Host node (hypervisor)
2) attache it to the CT

1) is what you already did
2) I did that :
# vzctl set CTname --bindmount_add /mnt/hostdisk:/mnt/ctdisk --save

so the host node FS mounted at /mnt/hostdisk will be presented on 
/mnt/ctdisk in the CT


that works fine, exept that you cannot migrate your CT to an other host 
node without pepraring the host mount on the destination .
beware also if you use cifs mount options like uid=1000,gid=1000, those 
ids are should match ids on the CT .


regards .

jehan .

Le 28/05/2021 à 05:07, m...@infinilan.com a écrit :


Hello list,

Hoping someone can help, (forum registration is closed) I'm trying to 
bind a samba share from the host to the OpenVZ container, but when I 
do the directory on the container is empty. I've tried to follow 
https://wiki.openvz.org/Bind_mounts however I think it's out of date 
as it refers to simfs which I don't have. I made the directory 
permissions open and selinux is disabled.


- Here's the layout:
NAS ---(CIFS)---> Virtuozzo-Server (BIND Mount)---> OpenVZ-Container
Virtuozzo, OpenVZ release 7.0.16

Here's what I've done:

1. Mount CIFS share on the host:
[root@openvz conf]# mount -t cifs //server/directory /mnt/disk -o 
username=user,vers=3.0,file_mode=0775,dir_mode=0775


2. Run the bind mount (I've tried a few variations of this):
[root@openvz conf]# mount -v --bind /mnt/disk/ /vz/root/101/mnt/disk/
mount: /mnt/disk bound on /vz/root/101/mnt/disk.

- Here's what it looks like on the host:
[root@openvz conf]# ls -l /mnt/disk/ | wc -l
234
[root@openvz conf]# ls -l /vz/root/101/mnt/disk/ |wc -l
234

- ...On the container (101):
[root@computer1 ~]# ls -l /mnt/disk/
total 0


Anyone have any ideas what's going on? It's causing real dramas here.

Kind regards,
Mike.
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] virtuozzo base OS and new centos 8 orientations

[Jehan PROCACCIA]

ok I increased to 10240 and it completed successfully now , thanks : 

on the Hyoervisor: 
# grep NUMFILE /etc/vz/conf/7ed1de35-75bc-4137-977a-b4055067fb0a.conf 
NUMFILE="10240" 
# ulimit -n 10240 

this second command may not be needed, I wondered if the 10240 numfile ulimit 
needs to be set inside the container or on the hypervisor ? 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
... 
rdma-core x86_64 32.0-3.vl8 
zstd x86_64 1.4.4-1.vl8 
7ed1de35-75bc-4137-977a-b4055067fb0a: Warning! 
The following packages were added compared to CentOS 8:['nss.x86_64', 
'nspr.x86_64', 'binutils.x86_64', 'nss-softokn-freebl.x86_64', 
'nss-sysinit.x86_64', 'nss-util.x86_64', 'nss-softokn.x86_64'] 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 11:19:29.385333 

inside the CT 
# cat /etc/redhat-release 
Virtuozzo Linux release 8 




De: "Denis Silakov"  
À: "jehan procaccia"  
Cc: "OpenVZ users"  
Envoyé: Samedi 24 Avril 2021 07:16:00 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Yes. 'ulimit -n 10240' before the conversion could help. 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 10:37 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
OK, I revert to a previous snapshot, not sure I took the correct one though 
(anyway, tah CT is a test, I don't care to loose it ..) 

# prlctl snapshot-list idp4mt 
PARENT_SNAPSHOT_ID SNAPSHOT_ID 
{6a5c1dcf-776e-4011-a935-06b186c38541} 
{6a5c1dcf-776e-4011-a935-06b186c38541} *{6703557b-e46c-4437-877a-ca3d8f917d79} 
# prlctl snapshot-list idpmt4 
PARENT_SNAPSHOT_ID SNAPSHOT_ID 
[root@olympos ~]# prlctl snapshot-switch idp4mt --id 
6a5c1dcf-776e-4011-a935-06b186c38541 

so I set NUMFILE in CT this way : 

# grep NUMFILE /etc/vz/conf/7ed1de35-75bc-4137-977a-b4055067fb0a.conf 
NUMFILE="4096" 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {e4d44103-1aa8-4040-bc1b-4161e234e0c4} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 21:33:22.250234 
... 
Transaction Summary 

 
Install 31 Packages 
Upgrade 582 Packages 

Total size: 381 M 
Downloading Packages: 
[SKIPPED] libmodulemd1-1.8.16-0.2.9.4.2.x86_64.rpm: Already downloaded 
[SKIPPED] annobin-9.35-1.vl8.x86_64.rpm: Already downloaded 
.. 
Running scriptlet: filesystem-3.8-3.vl8.x86_64 1/1 

Preparing : 1/1 
Running scriptlet: libgcc-8.4.1-1.vl8.x86_64 1/1Error: Cannot open file 
/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/python3-six-1.15.0-8.vl8.2.noarch.rpm:
 [Errno 24] Too many open files: 
'/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/python3-six-1.15.0-8.vl8.2.noarch.rpm'
 
FATAL ERROR: python callback ??? failed, aborting! 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 21:33:41.692332 

Did I miss to increase ulimit ? 

thanks . 



De: "Denis Silakov"  
À: "jehan procaccia"  
Cc: "OpenVZ users"  
Envoyé: Vendredi 23 Avril 2021 21:09:47 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Agrh, "Too many open files" is the reason, you should increase your ulimit 
values. We have already discussed this in the list and likely we should change 
ulimits directly from script for the time of its work. 

And yes, I would recommend to revert container to pre-convert state. vzconvert 
automatically creates snapshot every time it is launch, you can simply use 
"prlctl snapshot-switch" (and btw, if you performed several conversion 
attempts, you can already have multiple snapshots) 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 10:03 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
OK, indeed there was 

OSTEMPLATE=".vzlinux-8-x86_64" 
TECHNOLOGIES="x86_64 nptl " 
DISTRIBUTION="centos" 
OSRELEASE="4.18.0" 

I changed OSTEMPLATE back to : 
OSTEMPLATE=".centos-8-x86_64" 

now it goes on : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6703557b-e46c-4437-877a-ca3d8f917d79} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 20:31:03.13 
base0 3.0 kB/s | 4.6 kB 00:01 
base0 30 MB/s | 13 MB 00:00 
base1 20 kB/s | 2.9 kB 00:00 
Dependencies resolved. 

 
Package Arch Version Repository 
Size 

 
Installing: 
vzlinux-logos-httpd noarch 80.5.1-2

Re: [Users] virtuozzo base OS and new centos 8 orientations

[Jehan PROCACCIA]

ok I increased to 10240 and it completed successfully now , thanks : 

on the Hyoervisor: 
# grep NUMFILE /etc/vz/conf/7ed1de35-75bc-4137-977a-b4055067fb0a.conf 
NUMFILE="10240" 
# ulimit -n 10240 

this second command may not be needed, I wondered if the 10240 numfile ulimit 
needs to be set inside the container or on the hypervisor ? 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
... 
rdma-core x86_64 32.0-3.vl8 
zstd x86_64 1.4.4-1.vl8 
7ed1de35-75bc-4137-977a-b4055067fb0a: Warning! 
The following packages were added compared to CentOS 8:['nss.x86_64', 
'nspr.x86_64', 'binutils.x86_64', 'nss-softokn-freebl.x86_64', 
'nss-sysinit.x86_64', 'nss-util.x86_64', 'nss-softokn.x86_64'] 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 11:19:29.385333 

inside the CT 
# cat /etc/redhat-release 
Virtuozzo Linux release 8 




De: "Denis Silakov"  
À: "jehan procaccia"  
Cc: "OpenVZ users"  
Envoyé: Samedi 24 Avril 2021 07:16:00 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Yes. 'ulimit -n 10240' before the conversion could help. 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 10:37 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
OK, I revert to a previous snapshot, not sure I took the correct one though 
(anyway, tah CT is a test, I don't care to loose it ..) 

# prlctl snapshot-list idp4mt 
PARENT_SNAPSHOT_ID SNAPSHOT_ID 
{6a5c1dcf-776e-4011-a935-06b186c38541} 
{6a5c1dcf-776e-4011-a935-06b186c38541} *{6703557b-e46c-4437-877a-ca3d8f917d79} 
# prlctl snapshot-list idpmt4 
PARENT_SNAPSHOT_ID SNAPSHOT_ID 
[root@olympos ~]# prlctl snapshot-switch idp4mt --id 
6a5c1dcf-776e-4011-a935-06b186c38541 

so I set NUMFILE in CT this way : 

# grep NUMFILE /etc/vz/conf/7ed1de35-75bc-4137-977a-b4055067fb0a.conf 
NUMFILE="4096" 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {e4d44103-1aa8-4040-bc1b-4161e234e0c4} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 21:33:22.250234 
... 
Transaction Summary 

 
Install 31 Packages 
Upgrade 582 Packages 

Total size: 381 M 
Downloading Packages: 
[SKIPPED] libmodulemd1-1.8.16-0.2.9.4.2.x86_64.rpm: Already downloaded 
[SKIPPED] annobin-9.35-1.vl8.x86_64.rpm: Already downloaded 
.. 
Running scriptlet: filesystem-3.8-3.vl8.x86_64 1/1 

Preparing : 1/1 
Running scriptlet: libgcc-8.4.1-1.vl8.x86_64 1/1Error: Cannot open file 
/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/python3-six-1.15.0-8.vl8.2.noarch.rpm:
 [Errno 24] Too many open files: 
'/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/python3-six-1.15.0-8.vl8.2.noarch.rpm'
 
FATAL ERROR: python callback ??? failed, aborting! 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 21:33:41.692332 

Did I miss to increase ulimit ? 

thanks . 



De: "Denis Silakov"  
À: "jehan procaccia"  
Cc: "OpenVZ users"  
Envoyé: Vendredi 23 Avril 2021 21:09:47 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Agrh, "Too many open files" is the reason, you should increase your ulimit 
values. We have already discussed this in the list and likely we should change 
ulimits directly from script for the time of its work. 

And yes, I would recommend to revert container to pre-convert state. vzconvert 
automatically creates snapshot every time it is launch, you can simply use 
"prlctl snapshot-switch" (and btw, if you performed several conversion 
attempts, you can already have multiple snapshots) 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 10:03 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
OK, indeed there was 

OSTEMPLATE=".vzlinux-8-x86_64" 
TECHNOLOGIES="x86_64 nptl " 
DISTRIBUTION="centos" 
OSRELEASE="4.18.0" 

I changed OSTEMPLATE back to : 
OSTEMPLATE=".centos-8-x86_64" 

now it goes on : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6703557b-e46c-4437-877a-ca3d8f917d79} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 20:31:03.13 
base0 3.0 kB/s | 4.6 kB 00:01 
base0 30 MB/s | 13 MB 00:00 
base1 20 kB/s | 2.9 kB 00:00 
Dependencies resolved. 

 
Package Arch Version Repository 
Size 

 
Installing: 
vzlinux-logos-httpd noarch 80.5.1-2

Re: [Users] virtuozzo base OS and new centos 8 orientations

[Jehan PROCACCIA]

OK, I revert to a previous snapshot, not sure I took the correct one though 
(anyway, tah CT is a test, I don't care to loose it ..) 

# prlctl snapshot-list idp4mt 
PARENT_SNAPSHOT_ID SNAPSHOT_ID 
{6a5c1dcf-776e-4011-a935-06b186c38541} 
{6a5c1dcf-776e-4011-a935-06b186c38541} *{6703557b-e46c-4437-877a-ca3d8f917d79} 
# prlctl snapshot-list idpmt4 
PARENT_SNAPSHOT_ID SNAPSHOT_ID 
[root@olympos ~]# prlctl snapshot-switch idp4mt --id 
6a5c1dcf-776e-4011-a935-06b186c38541 

so I set NUMFILE in CT this way : 

# grep NUMFILE /etc/vz/conf/7ed1de35-75bc-4137-977a-b4055067fb0a.conf 
NUMFILE="4096" 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {e4d44103-1aa8-4040-bc1b-4161e234e0c4} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 21:33:22.250234 
... 
Transaction Summary 

 
Install 31 Packages 
Upgrade 582 Packages 

Total size: 381 M 
Downloading Packages: 
[SKIPPED] libmodulemd1-1.8.16-0.2.9.4.2.x86_64.rpm: Already downloaded 
[SKIPPED] annobin-9.35-1.vl8.x86_64.rpm: Already downloaded 
.. 
Running scriptlet: filesystem-3.8-3.vl8.x86_64 1/1 

Preparing : 1/1 
Running scriptlet: libgcc-8.4.1-1.vl8.x86_64 1/1Error: Cannot open file 
/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/python3-six-1.15.0-8.vl8.2.noarch.rpm:
 [Errno 24] Too many open files: 
'/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/python3-six-1.15.0-8.vl8.2.noarch.rpm'
 
FATAL ERROR: python callback ??? failed, aborting! 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 21:33:41.692332 

Did I miss to increase ulimit ? 

thanks . 



De: "Denis Silakov"  
À: "jehan procaccia"  
Cc: "OpenVZ users"  
Envoyé: Vendredi 23 Avril 2021 21:09:47 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Agrh, "Too many open files" is the reason, you should increase your ulimit 
values. We have already discussed this in the list and likely we should change 
ulimits directly from script for the time of its work. 

And yes, I would recommend to revert container to pre-convert state. vzconvert 
automatically creates snapshot every time it is launch, you can simply use 
"prlctl snapshot-switch" (and btw, if you performed several conversion 
attempts, you can already have multiple snapshots) 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 10:03 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
OK, indeed there was 

OSTEMPLATE=".vzlinux-8-x86_64" 
TECHNOLOGIES="x86_64 nptl " 
DISTRIBUTION="centos" 
OSRELEASE="4.18.0" 

I changed OSTEMPLATE back to : 
OSTEMPLATE=".centos-8-x86_64" 

now it goes on : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6703557b-e46c-4437-877a-ca3d8f917d79} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 20:31:03.13 
base0 3.0 kB/s | 4.6 kB 00:01 
base0 30 MB/s | 13 MB 00:00 
base1 20 kB/s | 2.9 kB 00:00 
Dependencies resolved. 

 
Package Arch Version Repository 
Size 

 
Installing: 
vzlinux-logos-httpd noarch 80.5.1-2.vl8 base0 24 k 
replacing centos-logos-httpd.noarch 80.5-2.el8 
vzlinux-release x86_64 3:8.3-11.vl8 base0 35 k 
replacing centos-linux-release.noarch 8.3-1.2011.el8 
replacing centos-linux-repos.noarch 8-2.el8 
Upgrading: 
abattis-cantarell-fonts noarch 0.0.25-6.vl8.1 base0 155 k 
acl x86_64 2.2.53-1.vl8.1 base0 80 k 
... 
(613/614): zip-3.0-23.vl8.x86_64.rpm 458 kB/s | 270 kB 00:00 
(614/614): zlib-1.2.11-17.vl8.x86_64.rpm 160 kB/s | 102 kB 00:00 

 
Total 376 kB/s | 381 MB 17:17 
Running transaction check 
Transaction check succeeded. 
Running transaction test 
Transaction test succeeded. 
Running transaction 
Running scriptlet: filesystem-3.8-3.vl8.x86_64 1/1 

but fails here: 

Preparing : 1/1 
Running scriptlet: libgcc-8.4.1-1.vl8.x86_64 1/1Error: Cannot open file 
/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/libgcc-8.4.1-1.vl8.x86_64.rpm:
 [Errno 24] Too many open files: 
'/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/libgcc-8.4.1-1.vl8.x86_64.rpm'
 
FATAL ERROR: python callback ??? failed, aborting! 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 20:48:44.232772 

the CT seems still beeing a centos8 

Re: [Users] virtuozzo base OS and new centos 8 orientations

[Jehan PROCACCIA]

OK, indeed there was 

OSTEMPLATE=".vzlinux-8-x86_64" 
TECHNOLOGIES="x86_64 nptl " 
DISTRIBUTION="centos" 
OSRELEASE="4.18.0" 

I changed OSTEMPLATE back to : 
OSTEMPLATE=".centos-8-x86_64" 

now it goes on : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6703557b-e46c-4437-877a-ca3d8f917d79} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 20:31:03.13 
base0 3.0 kB/s | 4.6 kB 00:01 
base0 30 MB/s | 13 MB 00:00 
base1 20 kB/s | 2.9 kB 00:00 
Dependencies resolved. 

 
Package Arch Version Repository 
Size 

 
Installing: 
vzlinux-logos-httpd noarch 80.5.1-2.vl8 base0 24 k 
replacing centos-logos-httpd.noarch 80.5-2.el8 
vzlinux-release x86_64 3:8.3-11.vl8 base0 35 k 
replacing centos-linux-release.noarch 8.3-1.2011.el8 
replacing centos-linux-repos.noarch 8-2.el8 
Upgrading: 
abattis-cantarell-fonts noarch 0.0.25-6.vl8.1 base0 155 k 
acl x86_64 2.2.53-1.vl8.1 base0 80 k 
... 
(613/614): zip-3.0-23.vl8.x86_64.rpm 458 kB/s | 270 kB 00:00 
(614/614): zlib-1.2.11-17.vl8.x86_64.rpm 160 kB/s | 102 kB 00:00 

 
Total 376 kB/s | 381 MB 17:17 
Running transaction check 
Transaction check succeeded. 
Running transaction test 
Transaction test succeeded. 
Running transaction 
Running scriptlet: filesystem-3.8-3.vl8.x86_64 1/1 

but fails here: 

Preparing : 1/1 
Running scriptlet: libgcc-8.4.1-1.vl8.x86_64 1/1Error: Cannot open file 
/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/libgcc-8.4.1-1.vl8.x86_64.rpm:
 [Errno 24] Too many open files: 
'/vz/template/vzlinux/8/x86_64/pm/base0-b1ad5fe4dfeb5b55/packages/libgcc-8.4.1-1.vl8.x86_64.rpm'
 
FATAL ERROR: python callback ??? failed, aborting! 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 20:48:44.232772 

the CT seems still beeing a centos8 !? 

[root@idp4mt ~]# cat /etc/redhat-release 
CentOS Linux release 8.3.2011 

is it broken now ? I did before a backup of the root.hds , I can revert it to 
it's original centos 8 packages states, maybe I should set back that root.HDD 
and allow more open files to reply the process 
Kevin Drysdale said on that thread : 
Yes, it was just the stock ulimit default value of 1024 for open files before I 
changed it. I increased that by a factor of 10 to 10240, and that did the 
trick. 
But where/how can I change the ulimit of open files ? 

thanks . 


De: "Denis Silakov"  
À: "Jehan PROCACCIA"  
Cc: "OpenVZ users"  
Envoyé: Vendredi 23 Avril 2021 20:04:58 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Yes, need to look into CT config (/vz/private/ 
7ed1de35-75bc-4137-977a-b4055067fb0a /ve.conf) and turn back 'centos' as 
template. 



From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 8:19 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
well, it looks like I'am in the middle of the process, now it doesn't want to 
convert anymore 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion aborted: Container's OS 
template is not supported 

althought the CT seems to be keept in centos 8 : 

[root@idp4mt ~]# cat /etc/redhat-release 
CentOS Linux release 8.3.2011 

maybe I need to revert/remove something that the conversion has started ? 

thanks . 



De: "Denis Silakov"  
À: "Jehan PROCACCIA"  
Cc: "OpenVZ users"  
Envoyé: Vendredi 23 Avril 2021 16:28:45 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Probably the issue with gcc is caused by gcc update in VzLinux 8 which is 
happening right now. 
Could you check again, the repos are refreshed now? 

And the script considered the problem to be serious enough not to proceed with 
conversion. 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 5:01 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
yes it's better with --log option , but still no convertion and errors/warnings 
!? : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6a5c1dcf-776e-4011-a935-06b186c38541} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 15:58:13.564369 
Cache was expired 
0 files removed 
base0 23 MB/s | 11 MB 00:00 
base1 1.7 kB/s | 257 B 00:00 
Metadata cache created. 
Last metadata expiration check: 0:00:01 ago on Fri Apr 23 13:58:18 2021. 

Re: [Users] virtuozzo base OS and new centos 8 orientations

[Jehan PROCACCIA]

well, it looks like I'am in the middle of the process, now it doesn't want to 
convert anymore 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion aborted: Container's OS 
template is not supported 

althought the CT seems to be keept in centos 8 : 

[root@idp4mt ~]# cat /etc/redhat-release 
CentOS Linux release 8.3.2011 

maybe I need to revert/remove something that the conversion has started ? 

thanks . 



De: "Denis Silakov"  
À: "Jehan PROCACCIA"  
Cc: "OpenVZ users"  
Envoyé: Vendredi 23 Avril 2021 16:28:45 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Probably the issue with gcc is caused by gcc update in VzLinux 8 which is 
happening right now. 
Could you check again, the repos are refreshed now? 

And the script considered the problem to be serious enough not to proceed with 
conversion. 

From: Jehan PROCACCIA  
Sent: Friday, April 23, 2021 5:01 PM 
To: Denis Silakov  
Cc: OpenVZ users  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
yes it's better with --log option , but still no convertion and errors/warnings 
!? : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6a5c1dcf-776e-4011-a935-06b186c38541} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 15:58:13.564369 
Cache was expired 
0 files removed 
base0 23 MB/s | 11 MB 00:00 
base1 1.7 kB/s | 257 B 00:00 
Metadata cache created. 
Last metadata expiration check: 0:00:01 ago on Fri Apr 23 13:58:18 2021. 
base0 31 kB/s | 4.2 kB 00:00 
base1 38 kB/s | 2.9 kB 00:00 
Error: 
Problem: package annobin-9.35-1.vl8.x86_64 requires gcc >= 8, but none of the 
providers can be installed 
- package gcc-8.3.1-5.vl8.x86_64 requires libgomp = 8.3.1-5.vl8, but none of 
the providers can be installed 
- package redhat-rpm-config-125-1.vl8.noarch requires annobin, but none of the 
providers can be installed 
- cannot install both libgomp-8.3.1-5.vl8.x86_64 and 
libgomp-8.3.1-5.1.el8.x86_64 
- cannot install the best update candidate for package 
redhat-rpm-config-123-1.el8.noarch 
- problem with installed package libgomp-8.3.1-5.1.el8.x86_64 
(try to add '--allowerasing' to command line to replace conflicting packages or 
'--skip-broken' to skip uninstallable packages or '--nobest' to use not only 
best candidate packages) 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 15:58:21.015511 

back on the CT I am still on centos 8 : 

[root@idp4mt ~]# cat /etc/redhat-release 
CentOS Linux release 8.3.2011 


De: "Denis Silakov"  
À: "Jehan PROCACCIA" , "OpenVZ users" 
 
Envoyé: Vendredi 23 Avril 2021 15:48:57 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Looks like we broke launch without --log option while improving logging. 
Will be fixed soon, as a workaround you can use --log option. 

From: jehan Procaccia tem-tsp  
Sent: Friday, April 23, 2021 4:41 PM 
To: OpenVZ users ; Denis Silakov  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
I tested vzconvert8 from fresly installed vzdeploy8 
(vzdeploy8-1.0.30-1.vl7.x86_64) 
it failed : 

# vzconvert8 convert tomcatsrv9 
712c1ecb-29e8-46e9-b81b-7856fb4ab3c9: Creating the snapshot... 
The snapshot with id {369834dc-cee0-4d87-807e-77f18b2f4c70} has been 
successfully created. 

Starting conversion: 712c1ecb-29e8-46e9-b81b-7856fb4ab3c9 at 15:36:46.492202 
Traceback (most recent call last): 
File "/usr/bin/vzconvert8", line 362, in  
args.func() 
File "/usr/bin/vzconvert8", line 198, in process_cts 
results = pool.map(process_single_ct, args.CT) 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 266, in map 
return self._map_async(func, iterable, mapstar, chunksize).get() 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 644, in get 
raise self._value 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 119, in worker 
result = (True, func(*args, **kwds)) 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 44, in mapstar 
return list(map(*args)) 
File "/usr/bin/vzconvert8", line 300, in process_single_ct 
log_info(l.strip(), ct_log) 
UnboundLocalError: local variable 'ct_log' referenced before assignment 


did I missed something ? 
thanks . 


Le 22/03/2021 à 08:09, Denis Silakov a écrit : 



Looks a bit strange indeed, vzdeploy was intended to just leave httpd from 
centos in such cases. 

But now we have one more way for converting containers which will probably be 
more reliable. It utilizes vzpkg tool and should be launched from the server 
side: 

# yum install vzdeploy8 
# vzconvert8 convert  

From: [ mailto:users-boun...@openvz.org | 
users-boun...@openvz.org ] [ mailto:users-bo

Re: [Users] virtuozzo base OS and new centos 8 orientations

[Jehan PROCACCIA]

yes it's better with --log option , but still no convertion and errors/warnings 
!? : 

# vzconvert8 convert --log /tmp/idp4mt-convovz8.logidp4mt idp4mt 
7ed1de35-75bc-4137-977a-b4055067fb0a: Creating the snapshot... 
The snapshot with id {6a5c1dcf-776e-4011-a935-06b186c38541} has been 
successfully created. 

Starting conversion: 7ed1de35-75bc-4137-977a-b4055067fb0a at 15:58:13.564369 
Cache was expired 
0 files removed 
base0 23 MB/s | 11 MB 00:00 
base1 1.7 kB/s | 257 B 00:00 
Metadata cache created. 
Last metadata expiration check: 0:00:01 ago on Fri Apr 23 13:58:18 2021. 
base0 31 kB/s | 4.2 kB 00:00 
base1 38 kB/s | 2.9 kB 00:00 
Error: 
Problem: package annobin-9.35-1.vl8.x86_64 requires gcc >= 8, but none of the 
providers can be installed 
- package gcc-8.3.1-5.vl8.x86_64 requires libgomp = 8.3.1-5.vl8, but none of 
the providers can be installed 
- package redhat-rpm-config-125-1.vl8.noarch requires annobin, but none of the 
providers can be installed 
- cannot install both libgomp-8.3.1-5.vl8.x86_64 and 
libgomp-8.3.1-5.1.el8.x86_64 
- cannot install the best update candidate for package 
redhat-rpm-config-123-1.el8.noarch 
- problem with installed package libgomp-8.3.1-5.1.el8.x86_64 
(try to add '--allowerasing' to command line to replace conflicting packages or 
'--skip-broken' to skip uninstallable packages or '--nobest' to use not only 
best candidate packages) 
Error: /usr/share/vzyum/bin/yum failed, exitcode=1 
7ed1de35-75bc-4137-977a-b4055067fb0a: Conversion successful at 15:58:21.015511 

back on the CT I am still on centos 8 : 

[root@idp4mt ~]# cat /etc/redhat-release 
CentOS Linux release 8.3.2011 


De: "Denis Silakov"  
À: "Jehan PROCACCIA" , "OpenVZ users" 
 
Envoyé: Vendredi 23 Avril 2021 15:48:57 
Objet: Re: [Users] virtuozzo base OS and new centos 8 orientations 

Looks like we broke launch without --log option while improving logging. 
Will be fixed soon, as a workaround you can use --log option. 

From: jehan Procaccia tem-tsp  
Sent: Friday, April 23, 2021 4:41 PM 
To: OpenVZ users ; Denis Silakov  
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
I tested vzconvert8 from fresly installed vzdeploy8 
(vzdeploy8-1.0.30-1.vl7.x86_64) 
it failed : 

# vzconvert8 convert tomcatsrv9 
712c1ecb-29e8-46e9-b81b-7856fb4ab3c9: Creating the snapshot... 
The snapshot with id {369834dc-cee0-4d87-807e-77f18b2f4c70} has been 
successfully created. 

Starting conversion: 712c1ecb-29e8-46e9-b81b-7856fb4ab3c9 at 15:36:46.492202 
Traceback (most recent call last): 
File "/usr/bin/vzconvert8", line 362, in  
args.func() 
File "/usr/bin/vzconvert8", line 198, in process_cts 
results = pool.map(process_single_ct, args.CT) 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 266, in map 
return self._map_async(func, iterable, mapstar, chunksize).get() 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 644, in get 
raise self._value 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 119, in worker 
result = (True, func(*args, **kwds)) 
File "/usr/lib64/python3.6/multiprocessing/pool.py", line 44, in mapstar 
return list(map(*args)) 
File "/usr/bin/vzconvert8", line 300, in process_single_ct 
log_info(l.strip(), ct_log) 
UnboundLocalError: local variable 'ct_log' referenced before assignment 


did I missed something ? 
thanks . 


Le 22/03/2021 à 08:09, Denis Silakov a écrit : 



Looks a bit strange indeed, vzdeploy was intended to just leave httpd from 
centos in such cases. 

But now we have one more way for converting containers which will probably be 
more reliable. It utilizes vzpkg tool and should be launched from the server 
side: 

# yum install vzdeploy8 
# vzconvert8 convert  

From: [ mailto:users-boun...@openvz.org | users-boun...@openvz.org ] [ 
mailto:users-boun...@openvz.org |  ] on behalf of Ian 
[ mailto:openvz_l...@fishnet.co.uk |  ] 
Sent: Thursday, March 11, 2021 6:48 PM 
To: OpenVZ users [ mailto:users@openvz.org | 
 ] 
Subject: Re: [Users] virtuozzo base OS and new centos 8 orientations 
On 03/03/2021 10:46, Denis Silakov wrote: 
> Meanwhile, issue with kernel-headers should be fixed in the latest script. 
>  

Hi, 

On a brand new centos8 container I get the following error from yum 
after running the vzdeloy8 script (with the ignore kernel env set) : 

- 

Modular dependency problems: 

Problem 1: conflicting requests 
- nothing provides module(platform:el8) needed by module 
httpd:2.4:8030020201104025655:30b713e6-0.x86_64 
Problem 2: conflicting requests 
- nothing provides module(platform:el8) needed by module 
python36:3.6:8030020201104034153:24f1489c-0.x86_64 
Dependencies resolved. 
Nothing to do. 

-- 

I tried removing and reinstalling httpd* but that didn't resolve the error. 


Any ideas ? 


I feel this is very close now ! 
Thanks f

Re: [Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

I tested vzconvert8 from fresly installed vzdeploy8 
(vzdeploy8-1.0.30-1.vl7.x86_64)

it failed :
/
/
/#  vzconvert8 convert tomcatsrv9//
//712c1ecb-29e8-46e9-b81b-7856fb4ab3c9: Creating the snapshot...//
//The snapshot with id {369834dc-cee0-4d87-807e-77f18b2f4c70} has been 
successfully created.//

//
//Starting conversion: 712c1ecb-29e8-46e9-b81b-7856fb4ab3c9 at 
15:36:46.492202//

//Traceback (most recent call last)://
//  File "/usr/bin/vzconvert8", line 362, in //
//    args.func()//
//  File "/usr/bin/vzconvert8", line 198, in process_cts//
//    results = pool.map(process_single_ct, args.CT)//
//  File "/usr/lib64/python3.6/multiprocessing/pool.py", line 266, in map//
//    return self._map_async(func, iterable, mapstar, chunksize).get()//
//  File "/usr/lib64/python3.6/multiprocessing/pool.py", line 644, in get//
//    raise self._value//
//  File "/usr/lib64/python3.6/multiprocessing/pool.py", line 119, in 
worker//

//    result = (True, func(*args, **kwds))//
//  File "/usr/lib64/python3.6/multiprocessing/pool.py", line 44, in 
mapstar//

//    return list(map(*args))//
//  File "/usr/bin/vzconvert8", line 300, in process_single_ct//
//    log_info(l.strip(), ct_log)//
//UnboundLocalError: local variable 'ct_log' referenced before assignment/


did I missed something ?
thanks .


Le 22/03/2021 à 08:09, Denis Silakov a écrit :
Looks a bit strange indeed, vzdeploy was intended to just leave httpd 
from centos in such cases.


But now we have one more way for converting containers which will 
probably be more reliable. It utilizes vzpkg tool and should be 
launched from the server side:


# yum install vzdeploy8
# vzconvert8 convert 

*From:* users-boun...@openvz.org  on behalf 
of Ian 

*Sent:* Thursday, March 11, 2021 6:48 PM
*To:* OpenVZ users 
*Subject:* Re: [Users] virtuozzo base OS and new centos 8 orientations
On 03/03/2021 10:46, Denis Silakov wrote:
> Meanwhile, issue with kernel-headers should be fixed in the latest 
script.

> 

Hi,

On a brand new centos8 container I get the following error from yum
after running the vzdeloy8 script (with the ignore kernel env set) :

-

Modular dependency problems:

  Problem 1: conflicting requests
   - nothing provides module(platform:el8) needed by module
httpd:2.4:8030020201104025655:30b713e6-0.x86_64
  Problem 2: conflicting requests
   - nothing provides module(platform:el8) needed by module
python36:3.6:8030020201104034153:24f1489c-0.x86_64
Dependencies resolved.
Nothing to do.

--

I tried removing and reinstalling httpd* but that didn't resolve the 
error.



Any ideas ?


I feel this is very close now !
Thanks for all your hard work.

Regards

Ian


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users 



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

OK,  I gave it a try to /vzdeploy8 /script on a centos 8 CT
here are the details to let you know some warning/error (?) I received :

1) get the script
/[root@c8ct~]# wget 
http://repo-backend.virtuozzo.com/vzlinux/vzdeploy/vzdeploy8/


2) /export SKIP_KERNEL=1/ to prevent messing around with kernel in a CT !

3) Launch the script
/[root@c8ct ~]# sh vzdeploy8
vzdeploy8 is already the latest version (2.0.1) - continuing
Do you want to continue with deploy (y/n) ?y/

1st serie of messages maybe unrelated on a CT , better destine for a 
hardware Node ? :


/Running transaction//
//  Preparing : 1/1 //
//  Installing   : pciutils-libs-3.7.0-1.vl8.x86_64 1/3 //
//  Running scriptlet: pciutils-libs-3.7.0-1.vl8.x86_64 1/3 //
//  Installing   : hwdata-0.314-8.7.vl8.noarch 2/3 //
//  Installing   : pciutils-3.7.0-1.vl8.x86_64 3/3 //
//  Running scriptlet: pciutils-3.7.0-1.vl8.x86_64 3/3 //
//  Verifying    : hwdata-0.314-8.7.vl8.noarch 1/3 //
//  Verifying    : pciutils-3.7.0-1.vl8.x86_64 2/3 //
//  Verifying    : pciutils-libs-3.7.0-1.vl8.x86_64 3/3 //
//
//Installed://
//  hwdata-0.314-8.7.vl8.noarch pciutils-3.7.0-1.vl8.x86_64 
pciutils-libs-3.7.0-1.vl8.x86_64 //

//
//Complete!//
//pcilib: Cannot open /proc/bus/pci//
//lspci: Cannot find any working access method./


Then comes the package /vzlinux-release/

/Last metadata expiration check: 0:00:01 ago on Tue Feb 16 19:08:35 2021.
Package vzlinux-release-3:8.3-3.vl8.x86_64 is already installed.
Dependencies resolved.

 Package   Arch    Version Repository    Size

Upgrading:
 vzlinux-release   x86_64  3:8.3-4.vl8 virtuozzolinux-base   44 k
Installing dependencies:
 dnf-plugins-core  noarch  4.0.18-2.vl8 virtuozzolinux-base   68 k
 python3-dateutil  noarch  1:2.6.1-6.vl8 virtuozzolinux-base  251 k
 python3-dnf-plugins-core  noarch  4.0.18-2.vl8 virtuozzolinux-base  227 k
 zstd  x86_64  1.4.4-1.vl8 virtuozzolinux-base  395 k

Transaction Summary

Install  4 Packages
Upgrade  1 Package
/
/Upgraded://
//vzlinux-release-3:8.3-4.vl8.x86_64 //
//
//Installed://
//dnf-plugins-core-4.0.18-2.vl8.noarch //
//python3-dateutil-1:2.6.1-6.vl8.noarch //
//python3-dnf-plugins-core-4.0.18-2.vl8.noarch //
//zstd-1.4.4-1.vl8.x86_64 //
//
//Complete!/

Then it seems to upgrade everything, but still some warning/errors ?
/
/
/Last metadata expiration check: 0:00:04 ago on Tue Feb 16 19:08:35 2021.//
//Dependencies resolved.//
//Failed to set locale, defaulting to C.UTF-8//
//
// Problem: package gcc-8.4.1-1.vl8.x86_64 requires glibc-devel >= 
2.2.90-12, but none of the providers can be installed//
//  - package annobin-9.35-1.vl8.x86_64 requires gcc >= 8, but none of 
the providers can be installed//
//  - package glibc-devel-2.28-138.vl8.x86_64 requires glibc-headers, 
but none of the providers can be installed//
//  - package glibc-devel-2.28-138.vl8.x86_64 requires glibc-headers = 
2.28-138.vl8, but none of the providers can be installed//
//  - package redhat-rpm-config-125-1.vl8.noarch requires annobin, but 
none of the providers can be installed//
//  - package glibc-headers-2.28-138.vl8.x86_64 requires kernel-headers 
>= 2.2.1, but none of the providers can be installed//
//  - package glibc-headers-2.28-138.vl8.x86_64 requires kernel-headers, 
but none of the providers can be installed//
//  - cannot install the best update candidate for package 
redhat-rpm-config-123-1.el8.noarch//
//  - package kernel-headers-4.18.0-269.vl8.x86_64 is filtered out by 
exclude filtering//

//==//
// Package    Arch Version 
Repository    Size//

//==//
//Upgrading://
// acl    x86_64 2.2.53-1.vl8.1  
virtuozzolinux-base   80 k//
// apr    x86_64 1.6.3-11.vl8    
virtuozzolinux-base  124 k//
// apr-util   x86_64 1.6.1-6.vl8 
virtuozzolinux-base  105 k//
// attr   x86_64 2.4.48-3.vl8    
virtuozzolinux-base   68 k/

...
/Transaction Summary//
//==//
//Install    8 Packages//
//Upgrade  487 Packages//
//Skip   5 Packages//
//
//Total download size: 201 M//
//Downloading Packages://
//(1/495): freetype-2.9.1-4.vl8.1.x86_64.rpm  865 kB/s | 393 kB 
00:00 /

...
/Transaction test succeeded.//
//Running transaction//
//  Running scriptlet: 
filesystem-3.8-3.vl8.x86_64   

Re: [Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

Le 29/01/2021 à 18:00, Ian a écrit :

On 21/01/2021 23:05, jehan Procaccia tem-tsp wrote:

/
/# dnf install vzlinux-release//


Hi,

I created a test Centos 8 container and attempted to change the distro 
to vzlinux8 as per your instructions but it fails at the above step.


The output is at the bottom, any suggestions ?

The error is:
"install of vzlinux-release-3:8.2-1.vl8.x86_64 conflicts with file 
from package centos-linux-release-8.3-1.2011.el8.noarch"


I have attempted to remove 
'centos-linux-release-8.3-1.2011.el8.noarch' but it is protected:


Error:
 Problem: The operation would result in removing the following 
protected packages: setup



Regards

Ian


Hi,

unfortunatly, now I have  the same pb , just did it now to check my 
steps , recalls from my prevoius post:


https://lists.openvz.org/pipermail/users/2021-January/008053.html

/
/
//
/1) replace C8 repos with VzLinux => below C8 root prompt is le C8 CT 
that is to be moved to VZ8, VZ8 prompt is a VZ8 CT created from scratch 
from a "pure" vz8 EZ template where I could get //VZLINUX_GPG_KEY and 
//RPM-GPG-KEY-Virtuozzo-8

/
/
/
//
/[root@*C8* /etc/yum.repos.d] # rm CentOS-*/
//
/
/
//
/[root@*VZ8* /etc/yum.repos.d] # scp vzlinux.repo 
root@*C8*:/etc/yum.repos.d/

/
//
/[root@*VZ8* /etc/yum.repos.d] # scp /etc/pki/rpm-gpg/VZLINUX_GPG_KEY 
root@*C8:*/etc/pki/rpm-gpg/VZLINUX_GPG_KEY/

//
/[root@*VZ8 */etc/yum.repos.d] # scp 
/etc/pki/rpm-gpg/RPM-GPG-KEY-Virtuozzo-8 
root@*C8*:/etc/pki/rpm-gpg/RPM-GPG-KEY-Virtuozzo-8

/
//
/
//2) install vzlinux-release package/
//
/
/
//
/# dnf install vzlinux-release/

At this step I also fail on

/Error: Transaction test error:
  file /etc/dnf/vars/contentdir from install of 
vzlinux-release-3:8.2-1.vl8.x86_64 conflicts with file from package 
centos-linux-repos-8-2.el8.noarch
  file /etc/issue from install of vzlinux-release-3:8.2-1.vl8.x86_64 
conflicts with file from package centos-linux-release-8.3-1.2011.el8.noarch/


Following new steps are not recommanded and maybe not clean at all (!?) 
, but I finally could proceed one step further by force remove 
centos-linux-release and centos-linux-repos


/# rpm -e --nodeps centos-linux-release//
/

/# rpm -e --nodeps centos-linux-repos /

Then also moved my epel repo files out of yum.repos.d

and now this step works

/#  dnf install vzlinux-release
.../

/Installed:
  dnf-plugins-core-4.0.18-2.vl8.noarch 
python3-dateutil-1:2.6.1-6.vl8.noarch 
python3-dnf-plugins-core-4.0.18-2.vl8.noarch 
vzlinux-release-3:8.2-1.vl8.x86_64 zstd-1.4.4-1.vl8.x86_64


Complete!/

but now the next step  (dnf distro-sync ) fails too :-( :

/# dnf distro-sync//
//Last metadata expiration check: 0:11:34 ago on Fri Jan 29 19:44:57 2021.//
//Modular dependency problems://
//
// Problem 1: conflicting requests//
//  - nothing provides module(platform:el8) needed by module 
httpd:2.4:8030020201104025655:30b713e6-0.x86_64//

// Problem 2: conflicting requests//
//  - nothing provides module(platform:el8) needed by module 
python36:3.6:8030020201104034153:24f1489c-0.x86_64//

//Error: //
// Problem: package 
crypto-policies-scripts-20200713-1.git51d1222.el8.noarch requires 
crypto-policies = 20200713-1.git51d1222.el8, but none of the providers 
can be installed//
//  - crypto-policies-20200713-1.git51d1222.el8.noarch does not belong 
to a distupgrade repository//
//  - problem with installed package 
crypto-policies-scripts-20200713-1.git51d1222.el8.noarch//
//(try to add '--skip-broken' to skip uninstallable packages or 
'--nobest' to use not only best candidate packages)/


so I removed those conflicting packages

/# dnf remove httpd python36
Removed:
httpd-2.4.37-30.module_el8.3.0+561+97fdbbcc.x86_64 
libpath_utils-0.2.1-39.el8.x86_64 
mod_http2-1.15.7-2.module_el8.3.0+477+498bb568.x86_64
mod_ssl-1:2.4.37-30.module_el8.3.0+561+97fdbbcc.x86_64 
python3-pip-9.0.3-18.el8.noarch 
python36-3.6.8-2.module_el8.3.0+562+e162826a.x86_64

sscg-2.3.3-14.el8.x86_64

Complete!/

but still it fails /
/

/# dnf distro-sync
Last metadata expiration check: 0:02:28 ago on Fri Jan 29 19:59:07 2021.
Modular dependency problems:

 Problem 1: conflicting requests
  - nothing provides module(platform:el8) needed by module 
httpd:2.4:8030020201104025655:30b713e6-0.x86_64

 Problem 2: conflicting requests
  - nothing provides module(platform:el8) needed by module 
python36:3.6:8030020201104034153:24f1489c-0.x86_64

Error:
 Problem: package 
crypto-policies-scripts-20200713-1.git51d1222.el8.noarch requires 
crypto-policies = 20200713-1.git51d1222.el8, but none of the providers 
can be installed
  - crypto-policies-20200713-1.git51d1222.el8.noarch does not belong to 
a distupgrade repository
  - problem with installed package 
crypto-policies-scripts-20200713-1.git51d1222.el8.noarch
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' 
to use not only best candidate packages)/


It's a complete mess ... I don't know what changed from my previous 
success !?


advice

Re: [Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

 
libicu-60.3-2.vl8.x86_64
  libmaxminddb-1.2.0-10.vl8.x86_64 libmpc-1.1.0-9.1.vl8.x86_64 
libssh-config-0.9.4-2.vl8.noarch libxcrypt-devel-4.1.1-4.vl8.x86_64 
lmdb-libs-0.9.24-1.vl8.x86_64
  python3-nftables-1:0.9.3-16.vl8.1.x86_64 
python3-pip-wheel-9.0.3-18.vl8.noarch 
python3-setuptools-wheel-39.2.0-6.vl8.noarch /


4) Finally

/# cat /etc/redhat-release //
//Virtuozzo Linux release 8/
/
/
/# dnf repolist//
//repo id repo name//
//epel Extra Packages for Enterprise Linux 8 - x86_64//
//epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64//
//virtuozzolinux-base VirtuozzoLinux Base//
//virtuozzolinux-updates VirtuozzoLinux Updates//
/
Thanks .


Le 18/01/2021 à 16:39, Denis Silakov a écrit :

Hi,

EZ template was indeed created a year ago:) But initially it was 
targeted for testing purposes and was not subjected to deep testing at 
our side, so yes, one can consider it to be a "beta" quality. Though 
mostly it works fine, I don't remember any serious issues with 
template itself (however, one can still meet issues with some packages 
missing in VzLinux8 repos).


As for converting C8 ct to VzLinux8 one - there is no official way 
atm. In theory, if you have internet connection inside the CT, you can 
replace C8 repos with VzLinux one (e.g., just install vzlinux-release 
package) and run distrosync. And finally, change template in CT 
config. But this is just a guess, I have never tried this myself.

----
*From:* jehan Procaccia tem-tsp 
*Sent:* Monday, January 18, 2021 6:35 PM
*To:* OpenVZ users ; Denis Silakov 


*Subject:* Re: [Users] virtuozzo base OS and new centos 8 orientations
Hello,
I received today from virtuozzo the roadmap for VZ8 which is promising 
as a centos8 replacement :
https://www.virtuozzo.com/connect/details/blog/view/do-you-have-an-alternative-to-centos-virtuozzo-has-you-covered-with-vzlinux.html 
<https://www.virtuozzo.com/connect/details/blog/view/do-you-have-an-alternative-to-centos-virtuozzo-has-you-covered-with-vzlinux.html>
while testing a new vz8 CT , I realized that there is such a EZ 
template here:
https://download.openvz.org/virtuozzo/releases/openvz-7.0.15-628/x86_64/os/Packages/v/vzlinux-8-x86_64-ez-7.0.0-3.vz7.noarch.rpm 
<https://download.openvz.org/virtuozzo/releases/openvz-7.0.15-628/x86_64/os/Packages/v/vzlinux-8-x86_64-ez-7.0.0-3.vz7.noarch.rpm> 


dating apparently from nearly 1 year now !?
18-Feb-2020 08:17   18K 


is this unrelated to the annoucement which is only related to 
bareMetal/hypervisor vzlinux-8 ?


"/VzLinux 8 OS template for OpenVZ and Virtuozzo Hybrid Server is 
available for evaluation in BETA quality and will be officially 
announced as supported later this month./"


is this template  VZ8 EZ template a beta version ?, I can run it and 
report problems if needed ...


is their already a conversion tool for a centos8 CT to a VZ8 ?


thanks .


Jehan .


Le 11/01/2021 à 16:40, Denis Silakov a écrit :
Indeed, sorry for the delay, php packages have finally landed into 
the vzlinux8 public repo


*From:* users-boun...@openvz.org <mailto:users-boun...@openvz.org> 
 <mailto:users-boun...@openvz.org> on 
behalf of Kevin Drysdale  
<mailto:kevin.drysd...@iomart.com>

*Sent:* Monday, January 11, 2021 2:35 PM
*To:* OpenVZ users  <mailto:users@openvz.org>
*Subject:* Re: [Users] virtuozzo base OS and new centos 8 orientations
Hello,

Thank you, that's great.  I just thought I'd let you know I'm still 
not seeing any PHP packages in the repos for VzLinux 8 as of this 
morning, just in case something still needs to be done for these to 
show up.  If it's just a case of needing to wait a bit longer then 
I'll try again tomorrow.


--

Kevin Drysdale
Senior Systems Administrator

iomart







___
Users mailing list
Users@openvz.org <mailto:Users@openvz.org>
https://lists.openvz.org/mailman/listinfo/users 
<https://lists.openvz.org/mailman/listinfo/users>


___
Users mailing list
Users@openvz.org  <mailto:Users@openvz.org>
https://lists.openvz.org/mailman/listinfo/users  
<https://lists.openvz.org/mailman/listinfo/users>





___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

Hello,
I received today from virtuozzo the roadmap for VZ8 which is promising 
as a centos8 replacement :

https://www.virtuozzo.com/connect/details/blog/view/do-you-have-an-alternative-to-centos-virtuozzo-has-you-covered-with-vzlinux.html
while testing a new vz8 CT , I realized that there is such a EZ template 
here:
https://download.openvz.org/virtuozzo/releases/openvz-7.0.15-628/x86_64/os/Packages/v/vzlinux-8-x86_64-ez-7.0.0-3.vz7.noarch.rpm 


dating apparently from nearly 1 year now !?
18-Feb-2020 08:17   18K 


is this unrelated to the annoucement which is only related to 
bareMetal/hypervisor vzlinux-8 ?


"/VzLinux 8 OS template for OpenVZ and Virtuozzo Hybrid Server is 
available for evaluation in BETA quality and will be officially 
announced as supported later this month./"


is this template  VZ8 EZ template a beta version ?, I can run it and 
report problems if needed ...


is their already a conversion tool for a centos8 CT to a VZ8  ?


thanks .


Jehan .


Le 11/01/2021 à 16:40, Denis Silakov a écrit :
Indeed, sorry for the delay, php packages have finally landed into the 
vzlinux8 public repo


*From:* users-boun...@openvz.org  on behalf 
of Kevin Drysdale 

*Sent:* Monday, January 11, 2021 2:35 PM
*To:* OpenVZ users 
*Subject:* Re: [Users] virtuozzo base OS and new centos 8 orientations
Hello,

Thank you, that's great.  I just thought I'd let you know I'm still 
not seeing any PHP packages in the repos for VzLinux 8 as of this 
morning, just in case something still needs to be done for these to 
show up.  If it's just a case of needing to wait a bit longer then 
I'll try again tomorrow.


--

Kevin Drysdale
Senior Systems Administrator

iomart







___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users 



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

I did not had any reply from my question regarding CT template for a 
centos 8 replacement in 2021 as a  rpm based, up to date  distrib with 
LTS support
I realize that I missed 2 other distribs in my previous post, appart 
from centos/debian/fedora/ubuntu pre-package templates

https://download.openvz.org/virtuozzo/releases/openvz-7.0.15-628/x86_64/os/Packages/s/
I can see in that URL Suse and SLES , I guess first one is openSuse and 
latter is SLes (with licenced needed ?)

but from that URL :
https://www.whatuptime.com/downloads/openvz-virtuozzo-7-templates/
there is no SLes nor (open)Suse here ... will these distrib continue to 
be available as vzlinux CT templates ?


I also realized from that latter URL that VzLinux7 itself is available 
as a CT template, if VzLinux continue to be a RHEL recompilation, then 
VzLinux8 (roadmap ?) would be a good alternative to centos 8 CT 
templates !?


Thanks .

Le 13/12/2020 à 18:36, jehan Procaccia tem-tsp a écrit :
thanks, that's a releaf , I thought you built virtuozzo from centos, 
so if it is built directory from RHEL source we are safe .


regarding CT templates, from download site: 
https://download.openvz.org/virtuozzo/releases/openvz-7.0.15-628/x86_64/os/Packages/

we can find centos/debian/fedora/ubuntu pre-package templates.
will you  add an other rhel/rpm based distrib for templates ? which 
one would you recommend to replace a rpm based distrib with LTS support ?


regards .

Le 10/12/2020 à 21:31, Denis Silakov a écrit :
That's right. We don't depend on CentOS releases in any sense. Until 
RH publishes source code to CentOS git or some other places, there 
are no obstacles in picking up and building that code for Vz.


*From:* users-boun...@openvz.org  on behalf 
of jjs - mainphrame 

*Sent:* Thursday, December 10, 2020 8:20 PM
*To:* OpenVZ users 
*Subject:* Re: [Users] virtuozzo base OS and new centos 8 orientations
From what I've heard, Red Hat will continue to make their source 
available in the same repos as before, so even if Centos ends, 
Virtuozzo can still build from the same RH source repos that Centos 
had been pulling from.


Jake


On Thu, Dec 10, 2020 at 9:12 AM jehan Procaccia tem-tsp 
mailto:jehan.procac...@tem-tsp.eu>> wrote:


Hello

virtuozzo 7 OS is based on centos 7, I guessed  from :


https://www.virtuozzo.com/connect/details/blog/view/an-overview-of-virtuozzo-linux-7.html

<https://www.virtuozzo.com/connect/details/blog/view/an-overview-of-virtuozzo-linux-7.html>

=> Virtuozzo Linux 7 is based on the CentOS7 distribution and
offers full compatibility with CentOS and the RedHat family.

Then what will be the base of virtuozzo 8 ? regarding that
annoncement:
https://blog.centos.org/2020/12/future-is-centos-stream/
<https://blog.centos.org/2020/12/future-is-centos-stream/>

the threaded comments are furious about that decision, would
virtuozzo 8 rebuild fron RHEL source directly or base on another
distrib ?

https://linux.oracle.com/switch/centos/
<https://linux.oracle.com/switch/centos/>
Gregory Kurtzer: https://rockylinux.org/ <https://rockylinux.org/>

openSUSE

etc ...

Regards .

___
Users mailing list
Users@openvz.org <mailto:Users@openvz.org>
https://lists.openvz.org/mailman/listinfo/users
<https://lists.openvz.org/mailman/listinfo/users>


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users





___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] virtuozzo base OS and new centos 8 orientations

[jehan Procaccia tem-tsp]

Hello

virtuozzo 7 OS is based on centos 7, I guessed  from :

https://www.virtuozzo.com/connect/details/blog/view/an-overview-of-virtuozzo-linux-7.html

=> Virtuozzo Linux 7 is based on the CentOS7 distribution and offers 
full compatibility with CentOS and the RedHat family.


Then what will be the base of virtuozzo 8 ? regarding that annoncement: 
https://blog.centos.org/2020/12/future-is-centos-stream/


the threaded comments are furious about that decision, would virtuozzo 8 
rebuild fron RHEL source directly or base on another distrib ?


https://linux.oracle.com/switch/centos/ 


Gregory Kurtzer: https://rockylinux.org/

openSUSE

etc ...

Regards .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Virtuozzo containers no longer a supported Virtuozzo product !?

[Jehan Procaccia IMT]

Great, sound's better this way !, thanks .
to prevent others from miss leading, maybe that note one the page 
https://www.virtuozzo.com/support/all-products/virtuozzo-containers.html
should be extended with your's "The current version of the product with 
Container technology goes under name "Virtuozzo Hybrid Server 7". and a 
link to it .


Regards .

Jehan

Le 04/12/2020 à 21:42, Konstantin Khorenko a écrit :

Hi guys,

> Please note: Virtuozzo Containers for Linux is no longer a supported 
Virtuozzo product. Users can purchase extended support until September 
2020.


please don't panic,
this sentence is about only old product "VIRTUOZZO CONTAINERS FOR 
LINUX 4.7",

this is not about the technology itself surely. :)

The current version of the product with Container technology goes 
under name "Virtuozzo Hybrid Server 7".


Here you can see the list of products and their lifecycle milestones:
https://www.virtuozzo.com/support/all-products/lifecycle-policies.html

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 12/04/2020 11:20 PM, jjs - mainphrame wrote:
I hear what you are saying about deploying lxc on any Linux distro. 
That is a strong point.


But for me it's a good tradeoff. Maybe someday lxc/lxd will reach the 
level of openvz, and if so, I'll re-evaluate, but for now I'm fine 
with setting up dedicated openvz boxes, as

I can deploy any Linux distro in a container, or any OS in a VM.

Jake



On Fri, Dec 4, 2020 at 12:09 PM Narcis Garcia <mailto:informat...@actiu.net>> wrote:


    I'm migrating servers from OpenVZ to LXC (by using ctctl) because 
I can

    deploy LXC on any GNU/Linux distro and archichecture.

    BUT: LXC still does not work as optimal as OpenVZ, and OpenVZ is far
    more mature than LXC.



    Narcis Garcia
    El 4/12/20 a les 20:15, jjs - mainphrame ha escrit:
    > I think it's just that virtuozzo is no longer supporting the 
"containers

    > only" solution. The new baseline is "containers and VMs".
    >
    > I agree they might have made that more clear, but it seems 
there's no
    > cause for worry. I've done long term testing with lxc/lxd and 
after

    > various issues, ended up moving all containers to openvz.
    >
    > The ability to do VMs is a plus, for instance if I have to hold 
my nose

    > and spin up a windows VM for testing.
    >
    > Jake
    >
    >
    >
    > On Fri, Dec 4, 2020 at 11:06 AM Jehan Procaccia IMT
    > <mailto:jehan.procac...@imtbs-tsp.eu> 
<mailto:jehan.procac...@imtbs-tsp.eu 
<mailto:jehan.procac...@imtbs-tsp.eu>>> wrote:

    >
    > then,  is this a "marketing" miss leading information ? , or
    > Containers (CT) , which are to me the most added value of 
virtuozzo

    > technology is to be terminated ?
    > that should be claryfied by virtuozzo staff.
    >
    > indeed in
    > https://www.virtuozzo.com/products/virtuozzo-hybrid-server.html ,
    > containers => https://www.virtuozzo.com/products/compute.html
    > are mentionned
    > and in
    > 
https://www.virtuozzo.com/fileadmin/user_upload/downloads/Data_Sheets/Virtuozzo7-Platform-DS-EN-Ltr.pdf

    >
    > I hardly defend virtuozzo/openVZ vs proxmox in my community 
because
    > of VZ CTs which are supposed by far better than LXC 
containers (!?)

    >
    > Thanks to prove me right .
    >
    > regards .
    >
    >
    > Le 04/12/2020 à 19:48, jjs - mainphrame a écrit :
    >> That looked strange to me, but after looking at their 
website, it
    >> seems they're just announcing the end of support for old 
product

    >> lines.
    >>
    >> It looks like "Virtuozzo Hybrid Server" is basically what 
we have

    >> in openvz 7, plus premium features.
    >>
    >> Joe
    >>
    >> On Fri, Dec 4, 2020 at 10:36 AM Jehan Procaccia IMT
    >> <mailto:jehan.procac...@imtbs-tsp.eu>
    >> <mailto:jehan.procac...@imtbs-tsp.eu 
<mailto:jehan.procac...@imtbs-tsp.eu>>> wrote:

    >>
    >> Hello
    >>
    >> defending the added value of virtuozzo containers (CT) 
, one

    >> replied me with :
    >>
    >> 
https://www.virtuozzo.com/support/all-products/virtuozzo-containers.html

    >>
    >> /*Please note*: Virtuozzo Containers for Linux is no 
longer a

    >> supported Virtuozzo product. Users can purchase extended
    >> support until September 2020./
    >>
    >> is this serious !?
    >>
    >> Please let us know .
    >>
    >> Regards .
    >>
 

Re: [Users] Virtuozzo containers no longer a supported Virtuozzo product !?

[Jehan Procaccia IMT]

then,  is this a "marketing" miss leading information ? , or Containers 
(CT) , which are to me the most added value of virtuozzo technology is 
to be terminated ?

that should be claryfied by virtuozzo staff.

indeed in 
https://www.virtuozzo.com/products/virtuozzo-hybrid-server.html , 
containers => https://www.virtuozzo.com/products/compute.html

are mentionned
and in 
https://www.virtuozzo.com/fileadmin/user_upload/downloads/Data_Sheets/Virtuozzo7-Platform-DS-EN-Ltr.pdf


I hardly defend virtuozzo/openVZ vs proxmox in my community because of 
VZ CTs which are supposed by far better than LXC containers (!?)


Thanks to prove me right .

regards .


Le 04/12/2020 à 19:48, jjs - mainphrame a écrit :
That looked strange to me, but after looking at their website, it 
seems they're just announcing the end of support for old product lines.


It looks like "Virtuozzo Hybrid Server" is basically what we have in 
openvz 7, plus premium features.


Joe

On Fri, Dec 4, 2020 at 10:36 AM Jehan Procaccia IMT 
mailto:jehan.procac...@imtbs-tsp.eu>> 
wrote:


Hello

defending the added value of virtuozzo containers (CT) , one
replied me with :

https://www.virtuozzo.com/support/all-products/virtuozzo-containers.html
<https://www.virtuozzo.com/support/all-products/virtuozzo-containers.html>

/*Please note*: Virtuozzo Containers for Linux is no longer a
supported Virtuozzo product. Users can purchase extended support
until September 2020./

is this serious !?

Please let us know .

Regards .

___
Users mailing list
Users@openvz.org <mailto:Users@openvz.org>
https://lists.openvz.org/mailman/listinfo/users
<https://lists.openvz.org/mailman/listinfo/users>


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] Virtuozzo containers no longer a supported Virtuozzo product !?

[Jehan Procaccia IMT]

Hello

defending the added value of virtuozzo containers (CT) , one replied me 
with :


https://www.virtuozzo.com/support/all-products/virtuozzo-containers.html

/*Please note*: Virtuozzo Containers for Linux is no longer a supported 
Virtuozzo product. Users can purchase extended support until 
September 2020./


is this serious !?

Please let us know .

Regards .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] routing between CT and EBtables

[Jehan Procaccia IMT]

Hello

for students labs purpose, we use openvz7 CTs that have multiple 
interface and IPs for network simulation (routing)


we notice that CT default configuration seems to drop packets ( ebtables 
?) that are emitted from a different IP that the one configured for the 
CT itself .


although it might be a crefull behaviour , how can I remove that 
"feature" for that specific purpose of inter routing in CTs .


Thanks


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Issues after updating to 7.0.14 (136)

[Jehan PROCACCIA]

Hello 
thanks for the advices, I did disable onboot=yes => no , so that at next reboot 
my CTs don't start automatically and enter a dead lock/loop 
than I could restart manually my CTs 
In fact I discuss with devs , it seems I enter a dead lock when my centos8 CTs 
(using NFT / netfilter) stop/suspended when rebooting the HWNode 
they are looking a this potential issue with netflter and latest updates . 

to be continued ... 

Thanks . 


De: "Oleksiy Tkachenko"  
À: "OpenVZ users"  
Envoyé: Mercredi 8 Juillet 2020 23:49:51 
Objet: Re: [Users] Issues after updating to 7.0.14 (136) 

>> ... 
>> Error in ploop_check (check.c:663): Dirty flag is set 
>> ... 
>> # ploop mount 
>> /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/root.hdd/DiskDescriptor.xml 
>> Error in ploop_mount_image (ploop.c:2495): Image 
>> /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/root.hdd/root.hds already 
>> used by device /dev/ploop11432 
>> ... 
>> 
>> I am lost , any help appreciated . 

I heard about 2 possible solutions: 
1. Reboot HW and stop CT. Then "ploop mount" CT's DiskDescriptor.xml for 
e2fsck. Unmount and restart CT. 
2. If won't help then create fresh new CT and move "broken" root.hds there. 

-- 
Oleksiy 

___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Issues after updating to 7.0.14 (136)

[Jehan Procaccia IMT]

Hello

If it can help, what I did so far to try to re-enable dead CTs

# prlctl stop ldap2
Stopping the CT...
Failed to stop the CT: PRL_ERR_VZCTL_OPERATION_FAILED (Details: Cannot 
lock the Container

)
# cat /vz/lock/144dc737-b4e3-4c03-852c-25a6df06cee4.lck
6227
resuming
# ps auwx | grep 6227
root    6227  0.0  0.0  92140  6984 ?    S    15:10   0:00 
/usr/sbin/vzctl resume 144dc737-b4e3-4c03-852c-25a6df06cee4

# kill -9  6227

still cannot stop the CT  (Cannot lock the Container...)


# df |grep 144dc737-b4e3-4c03-852c-25a6df06cee4
/dev/ploop11432p1  10188052   2546636    7100848  27% 
/vz/root/144dc737-b4e3-4c03-852c-25a6df06cee4
none    1048576 0    1048576   0% 
/vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/dump/Dump/.criu.cgyard.56I2ls

# umount /dev/ploop11432p1

# ploop check -F 
/vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/root.hdd/root.hds

Reopen rw /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/root.hdd/root.hds
Error in ploop_check (check.c:663): Dirty flag is set

# ploop mount 
/vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/root.hdd/DiskDescriptor.xml
Error in ploop_mount_image (ploop.c:2495): Image 
/vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/root.hdd/root.hds 
already used by device /dev/ploop11432

# df -H | grep ploop11432
=> nothing

I am lost , any help appreciated  .

Thanks .

Le 06/07/2020 à 15:37, Jehan Procaccia IMT a écrit :


Hello,

I am back to the initial pb related to that post , since I updated to 
/OpenVZ release 7.0.14 (136)  | ///Virtuozzo Linux release 7.8.0 
(609)// , I am also facing CT corrupted status .


I don't see the exact same error as mentioned by Kevin Drysdale below 
(ploop/fsck) , but I am not able to enter certain CT neither can I 
stop them


/[root@olb~]# prlctl stop trans8//
//Stopping the CT...//
//Failed to stop the CT: PRL_ERR_VZCTL_OPERATION_FAILED (Details: 
Cannot lock the Container//

//)//
/

/[root@olb ~]# prlctl enter trans8//
//Unable to get init pid//
//enter into CT failed//
//
//exited from CT 02faecdd-ddb6-42eb-8103-202508f18256/

For those CTs that fail to enter or stop, I noticed that there is a 
2nd device mounted with name ending in /dump/Dump/.criu.cgyard.4EJB8c//

/

/[root@olb ~]# df -H |grep 02faecdd-ddb6-42eb-8103-202508f18256//
///dev/ploop53152p1  11G    2,2G  7,7G  23% 
/vz/root/02faecdd-ddb6-42eb-8103-202508f18256//
//none  537M   0  537M   0% 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/dump/Dump/.criu.cgyard.4EJB8c/



//[root@olb ~]# prlctl list | grep 02faecdd-ddb6-42eb-8103-202508f18256//
//{02faecdd-ddb6-42eb-8103-202508f18256}  running 157.159.196.17  CT 
isptrans8//

//

I rebooted the whole hardware node, and since reboot here is the 
related vzctl.log


/2020-07-06T15:10:38+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Removing the stale lock file 
/vz/lock/02faecdd-ddb6-42eb-8103-202508f18256.lck//
//2020-07-06T15:10:38+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Restoring the Container ...//
//2020-07-06T15:10:38+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Mount image: 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd //
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds//
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds//
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds//
//2020-07-06T15:10:38+0200 : Adding delta dev=/dev/ploop53152 
img=/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds 
(rw)//
//2020-07-06T15:10:39+0200 : Mounted /dev/ploop53152p1 at 
/vz/root/02faecdd-ddb6-42eb-8103-202508f18256 fstype=ext4 
data=',balloon_ino=12' //
//2020-07-06T15:10:39+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Container is mounted//
//2020-07-06T15:10:40+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Setting permissions for 
image=/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd//
//2020-07-06T15:10:40+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Configure memguarantee: 0%//
//2020-07-06T15:18:12+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Unable to get init pid//
//2020-07-06T15:18:12+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : enter into CT failed//
//2020-07-06T15:19:49+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Cannot lock the Container//
//2020-07-06T15:25:33+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Unable to get init pid//
//2020-07-06T15:25:33+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : enter into CT failed/


on another CT failing to enter / stop same kind of logs  + /Error 
(criu /:


/2020-07-06T15:10:38+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Restoring the Container ...//
//2020-07-06T15:10:38+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Mo

Re: [Users] reload or refresh list of CT after move an already registered CT

[Jehan Procaccia IMT]

thanks that works fine after prl-disp.service , my "manually 
moved/restored" CT can now run on the second Hardware Node


# systemctl restart prl-disp.service
# prlctl list --all |grep 144dc737-b4e3-4c03-852c-25a6df06cee4
{144dc737-b4e3-4c03-852c-25a6df06cee4}  suspended 192.168.1.1  CT ldap2
# prlctl stop ldap2
# prlctl start ldap2

I hope I'll find a solution to 
https://lists.openvz.org/pipermail/users/2020-July/007928.html , I am 
afraid now to upgrade any other node ...



Le 06/07/2020 à 17:53, Jean Weisbuch a écrit :
You usually have to restart the "prl-disp" service when you have this 
kind of problems and/or to "prlctl unregister" and/or "vzctl unregister".



On 7/6/20 5:07 PM, Jehan Procaccia IMT wrote:

Hello

because I have a fail CT on a hardware node , cf 
https://lists.openvz.org/pipermail/users/2020-July/007928.html


I moved manually the CT files (hdds, conf, etc ...) to another 
hardware node (HW) that doesn't seem to have the pb yet ( not 
updateded to OpenVZ release 7.0.14 (136))


I did a rsync of /vz/private/CTID from HWsrc to HWdest  and created 
in /etc/vz/conf on HWdest the associated link to the conf file


ln -s /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/ve.conf 
144dc737-b4e3-4c03-852c-25a6df06cee4.conf


but still , a prctl list --all doesn't show that newly "moved" CT .

How can I tell HWdest that there is a new CT on it ? I tried a 
register command


# prlctl register /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4
Register the virtual environment...
Failed to register the virtual environment: 
PRL_ERR_VZCTL_OPERATION_FAILED (Details: Container is already 
registered with id 144dc737-b4e3-4c03-852c-25a6df06cee4
Container registration failed: Container is already registered with 
id 144dc737-b4e3-4c03-852c-25a6df06cee4

)

but it is already registered .

is there a way to "reload/refresh" something to enable the run of 
that moved CT ?


Thanks .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] reload or refresh list of CT after move an already registered CT

[Jehan Procaccia IMT]

Hello

because I have a fail CT on a hardware node , cf 
https://lists.openvz.org/pipermail/users/2020-July/007928.html


I moved manually the CT files (hdds, conf, etc ...) to another hardware 
node (HW) that doesn't seem to have the pb yet ( not updateded to OpenVZ 
release 7.0.14 (136))


I did a rsync of /vz/private/CTID from HWsrc to HWdest  and created in 
/etc/vz/conf on HWdest the associated link to the conf file


ln -s /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4/ve.conf 
144dc737-b4e3-4c03-852c-25a6df06cee4.conf


but still , a prctl list --all doesn't show that newly "moved" CT .

How can I tell HWdest that there is a new CT on it ? I tried a register 
command


# prlctl register /vz/private/144dc737-b4e3-4c03-852c-25a6df06cee4
Register the virtual environment...
Failed to register the virtual environment: 
PRL_ERR_VZCTL_OPERATION_FAILED (Details: Container is already registered 
with id 144dc737-b4e3-4c03-852c-25a6df06cee4
Container registration failed: Container is already registered with id 
144dc737-b4e3-4c03-852c-25a6df06cee4

)

but it is already registered .

is there a way to "reload/refresh" something to enable the run of that 
moved CT ?


Thanks .




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Issues after updating to 7.0.14 (136)

[Jehan Procaccia IMT]

Hello,

I am back to the initial pb related to that post , since I updated to 
/OpenVZ release 7.0.14 (136)  | ///Virtuozzo Linux release 7.8.0 (609)// 
, I am also facing CT corrupted status .


I don't see the exact same error as mentioned by Kevin Drysdale below 
(ploop/fsck) , but I am not able to enter certain CT neither can I stop 
them


/[root@olb~]# prlctl stop trans8//
//Stopping the CT...//
//Failed to stop the CT: PRL_ERR_VZCTL_OPERATION_FAILED (Details: Cannot 
lock the Container//

//)//
/

/[root@olb ~]# prlctl enter trans8//
//Unable to get init pid//
//enter into CT failed//
//
//exited from CT 02faecdd-ddb6-42eb-8103-202508f18256/

For those CTs that fail to enter or stop, I noticed that there is a 2nd 
device mounted with name ending in /dump/Dump/.criu.cgyard.4EJB8c//

/

/[root@olb ~]# df -H |grep 02faecdd-ddb6-42eb-8103-202508f18256//
///dev/ploop53152p1  11G    2,2G  7,7G  23% 
/vz/root/02faecdd-ddb6-42eb-8103-202508f18256//
//none  537M   0  537M   0% 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/dump/Dump/.criu.cgyard.4EJB8c/



//[root@olb ~]# prlctl list | grep 02faecdd-ddb6-42eb-8103-202508f18256//
//{02faecdd-ddb6-42eb-8103-202508f18256}  running 157.159.196.17  CT 
isptrans8//

//

I rebooted the whole hardware node, and since reboot here is the related 
vzctl.log


/2020-07-06T15:10:38+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Removing the stale lock file 
/vz/lock/02faecdd-ddb6-42eb-8103-202508f18256.lck//
//2020-07-06T15:10:38+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Restoring the Container ...//
//2020-07-06T15:10:38+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Mount image: 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd //
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds//
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds//
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds//
//2020-07-06T15:10:38+0200 : Adding delta dev=/dev/ploop53152 
img=/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd/root.hds 
(rw)//
//2020-07-06T15:10:39+0200 : Mounted /dev/ploop53152p1 at 
/vz/root/02faecdd-ddb6-42eb-8103-202508f18256 fstype=ext4 
data=',balloon_ino=12' //
//2020-07-06T15:10:39+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Container is mounted//
//2020-07-06T15:10:40+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Setting permissions for 
image=/vz/private/02faecdd-ddb6-42eb-8103-202508f18256/root.hdd//
//2020-07-06T15:10:40+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Configure memguarantee: 0%//
//2020-07-06T15:18:12+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Unable to get init pid//
//2020-07-06T15:18:12+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : enter into CT failed//
//2020-07-06T15:19:49+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Cannot lock the Container//
//2020-07-06T15:25:33+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : Unable to get init pid//
//2020-07-06T15:25:33+0200 vzctl : CT 
02faecdd-ddb6-42eb-8103-202508f18256 : enter into CT failed/


on another CT failing to enter / stop same kind of logs  + /Error (criu /:

/2020-07-06T15:10:38+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Restoring the Container ...//
//2020-07-06T15:10:38+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Mount image: 
/vz/private/4ae48335-5b63-475d-8629-c8d742cb0ba0/root.hdd //
//2020-07-06T15:10:38+0200 : Opening delta 
/vz/private/4ae48335-5b63-475d-8629-c8d742cb0ba0/root.hdd/root.hds//
//2020-07-06T15:10:39+0200 : Opening delta 
/vz/private/4ae48335-5b63-475d-8629-c8d742cb0ba0/root.hdd/root.hds//
//2020-07-06T15:10:39+0200 : Opening delta 
/vz/private/4ae48335-5b63-475d-8629-c8d742cb0ba0/root.hdd/root.hds//
//2020-07-06T15:10:39+0200 : Adding delta dev=/dev/ploop36049 
img=/vz/private/4ae48335-5b63-475d-8629-c8d742cb0ba0/root.hdd/root.hds 
(rw)//
//2020-07-06T15:10:41+0200 : Mounted /dev/ploop36049p1 at 
/vz/root/4ae48335-5b63-475d-8629-c8d742cb0ba0 fstype=ext4 
data=',balloon_ino=12' //
//2020-07-06T15:10:41+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Container is mounted//
//2020-07-06T15:10:41+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Setting permissions for 
image=/vz/private/4ae48335-5b63-475d-8629-c8d742cb0ba0/root.hdd//
//2020-07-06T15:10:41+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : Configure memguarantee: 0%//
//2020-07-06T15:10:57+0200 vzeventd : Run: /etc/vz/vzevent.d/ve-stop 
id=4ae48335-5b63-475d-8629-c8d742cb0ba0//
//2020-07-06T15:10:57+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : (03.038774) Error 
(criu/util.c:666): exited, status=4//
//2020-07-06T15:10:57+0200 vzctl : CT 
4ae48335-5b63-475d-8629-c8d742cb0ba0 : (14.446513)  1: Error 

Re: [Users] Issues after updating to 7.0.14 (136)

[Jehan PROCACCIA]

yes , you are right, I do get the same virtuozzo-release as mentioned in the 
initial subject, sorry for the noise . 

# cat /etc/virtuozzo-release 
OpenVZ release 7.0.14 (136) 

but anyway, I don't see any ploop / fsck error in the host /var/log/vzctl.log 
inside the CT , where did you see those errors ? 

Jehan . 


De: "jjs - mainphrame"  
À: "OpenVZ users"  
Envoyé: Jeudi 2 Juillet 2020 19:33:23 
Objet: Re: [Users] Issues after updating to 7.0.14 (136) 

Thanks for that sanity check, the conundrum is resolved. vzlinux-release and 
virtuozzo-release are indeed different things. 
Jake 

On Thu, Jul 2, 2020 at 10:27 AM Jonathan Wright < [ 
mailto:jonat...@knownhost.com | jonat...@knownhost.com ] > wrote: 





/etc/redhat-release and /etc/virtuozzo-release are two different things. 
On 7/2/20 12:16 PM, jjs - mainphrame wrote: 

BQ_BEGIN

Jehan - 

I get the same output here - 

[root@annie ~]# yum repolist |grep virt 
virtuozzolinux-base VirtuozzoLinux Base 15,415+189 
virtuozzolinux-updates VirtuozzoLinux Updates 0 

I'm baffled as to how you're on 7.8.0 while I'm at 7.0,15 even though I'm fully 
up to date. 

# uname -a 
Linux [ http://annie.ufcfan.org/ | annie.ufcfan.org ] 
3.10.0-1127.8.2.vz7.151.10 #1 SMP Mon Jun 1 19:05:52 MSK 2020 x86_64 x86_64 
x86_64 GNU/Linux 

Jake 

On Thu, Jul 2, 2020 at 10:08 AM Jehan PROCACCIA < [ 
mailto:jehan.procac...@imtbs-tsp.eu | jehan.procac...@imtbs-tsp.eu ] > wrote: 

BQ_BEGIN

no factory , just repos virtuozzolinux-base and openvz-os 

# yum repolist |grep virt 
virtuozzolinux-base VirtuozzoLinux Base 15 415+189 
virtuozzolinux-updates VirtuozzoLinux Updates 0 

Jehan . 


De: "jjs - mainphrame" < [ mailto:j...@mainphrame.com | j...@mainphrame.com ] > 
À: "OpenVZ users" < [ mailto:users@openvz.org | users@openvz.org ] > 
Cc: "Kevin Drysdale" < [ mailto:kevin.drysd...@iomart.com | 
kevin.drysd...@iomart.com ] > 
Envoyé: Jeudi 2 Juillet 2020 18:22:33 
Objet: Re: [Users] Issues after updating to 7.0.14 (136) 

Jehan, are you running factory? 

My ovz hosts are up to date, and I see: 

[root@annie ~]# cat /etc/virtuozzo-release 
OpenVZ release 7.0.15 (222) 

Jake 


On Thu, Jul 2, 2020 at 9:08 AM Jehan Procaccia IMT < [ 
mailto:jehan.procac...@imtbs-tsp.eu | jehan.procac...@imtbs-tsp.eu ] > wrote: 

BQ_BEGIN

"updating to 7.0.14 (136)" !? 

I did an update yesterday , I am far behind that version 

# cat /etc/vzlinux-release 
Virtuozzo Linux release 7.8.0 (609) 

# uname -a 
Linux localhost 3.10.0-1127.8.2.vz7.151.14 #1 SMP Tue Jun 9 12:58:54 MSK 2020 
x86_64 x86_64 x86_64 GNU/Linux 

why don't you try to update to latest version ? 


Le 29/06/2020 à 12:30, Kevin Drysdale a écrit : 

BQ_BEGIN
Hello, 

After updating one of our OpenVZ VPS hosting nodes at the end of last week, 
we've started to have issues with corruption apparently occurring inside 
containers. Issues of this nature have never affected the node previously, and 
there do not appear to be any hardware issues that could explain this. 

Specifically, a few hours after updating, we began to see containers 
experiencing errors such as this in the logs: 

[90471.678994] EXT4-fs (ploop35454p1): error count since last fsck: 25 
[90471.679022] EXT4-fs (ploop35454p1): initial error at time 1593205255: 
ext4_ext_find_extent:904: inode 136399 
[90471.679030] EXT4-fs (ploop35454p1): last error at time 1593232922: 
ext4_ext_find_extent:904: inode 136399 
[95189.954569] EXT4-fs (ploop42983p1): error count since last fsck: 67 
[95189.954582] EXT4-fs (ploop42983p1): initial error at time 1593210174: 
htree_dirblock_to_tree:918: inode 926441: block 3683060 
[95189.954589] EXT4-fs (ploop42983p1): last error at time 1593276902: 
ext4_iget:4435: inode 1849777 
[95714.207432] EXT4-fs (ploop60706p1): error count since last fsck: 42 
[95714.207447] EXT4-fs (ploop60706p1): initial error at time 1593210489: 
ext4_ext_find_extent:904: inode 136272 
[95714.207452] EXT4-fs (ploop60706p1): last error at time 1593231063: 
ext4_ext_find_extent:904: inode 136272 

Shutting the containers down and manually mounting and e2fsck'ing their 
filesystems did clear these errors, but each of the containers (which were 
mostly used for running Plesk) had widespread issues with corrupt or missing 
files after the fsck's completed, necessitating their being restored from 
backup. 

Concurrently, we also began to see messages like this appearing in 
/var/log/vzctl.log, which again have never appeared at any point prior to this 
update being installed: 

/var/log/vzctl.log:2020-06-26T21:05:19+0100 : Error in fill_hole (check.c:240): 
Warning: ploop image '/vz/private/8288448/root.hdd/root.hds' is sparse 
/var/log/vzctl.log:2020-06-26T21:09:41+0100 : Error in fill_hole (check.c:240): 
Warning: ploop image '/vz/private/8288450/root.hdd/root.hds' is sparse 
/var/log/vzctl.log:2020-06-26T21:16:22+0100 : Error in fill_hole (check.c:240): 
Warning: ploop imag

Re: [Users] Issues after updating to 7.0.14 (136)

[Jehan PROCACCIA]

no factory , just repos virtuozzolinux-base and openvz-os 

# yum repolist |grep virt 
virtuozzolinux-base VirtuozzoLinux Base 15 415+189 
virtuozzolinux-updates VirtuozzoLinux Updates 0 

Jehan . 


De: "jjs - mainphrame"  
À: "OpenVZ users"  
Cc: "Kevin Drysdale"  
Envoyé: Jeudi 2 Juillet 2020 18:22:33 
Objet: Re: [Users] Issues after updating to 7.0.14 (136) 

Jehan, are you running factory? 

My ovz hosts are up to date, and I see: 

[root@annie ~]# cat /etc/virtuozzo-release 
OpenVZ release 7.0.15 (222) 

Jake 


On Thu, Jul 2, 2020 at 9:08 AM Jehan Procaccia IMT < [ 
mailto:jehan.procac...@imtbs-tsp.eu | jehan.procac...@imtbs-tsp.eu ] > wrote: 



"updating to 7.0.14 (136)" !? 

I did an update yesterday , I am far behind that version 

# cat /etc/vzlinux-release 
Virtuozzo Linux release 7.8.0 (609) 

# uname -a 
Linux localhost 3.10.0-1127.8.2.vz7.151.14 #1 SMP Tue Jun 9 12:58:54 MSK 2020 
x86_64 x86_64 x86_64 GNU/Linux 

why don't you try to update to latest version ? 


Le 29/06/2020 à 12:30, Kevin Drysdale a écrit : 

BQ_BEGIN
Hello, 

After updating one of our OpenVZ VPS hosting nodes at the end of last week, 
we've started to have issues with corruption apparently occurring inside 
containers. Issues of this nature have never affected the node previously, and 
there do not appear to be any hardware issues that could explain this. 

Specifically, a few hours after updating, we began to see containers 
experiencing errors such as this in the logs: 

[90471.678994] EXT4-fs (ploop35454p1): error count since last fsck: 25 
[90471.679022] EXT4-fs (ploop35454p1): initial error at time 1593205255: 
ext4_ext_find_extent:904: inode 136399 
[90471.679030] EXT4-fs (ploop35454p1): last error at time 1593232922: 
ext4_ext_find_extent:904: inode 136399 
[95189.954569] EXT4-fs (ploop42983p1): error count since last fsck: 67 
[95189.954582] EXT4-fs (ploop42983p1): initial error at time 1593210174: 
htree_dirblock_to_tree:918: inode 926441: block 3683060 
[95189.954589] EXT4-fs (ploop42983p1): last error at time 1593276902: 
ext4_iget:4435: inode 1849777 
[95714.207432] EXT4-fs (ploop60706p1): error count since last fsck: 42 
[95714.207447] EXT4-fs (ploop60706p1): initial error at time 1593210489: 
ext4_ext_find_extent:904: inode 136272 
[95714.207452] EXT4-fs (ploop60706p1): last error at time 1593231063: 
ext4_ext_find_extent:904: inode 136272 

Shutting the containers down and manually mounting and e2fsck'ing their 
filesystems did clear these errors, but each of the containers (which were 
mostly used for running Plesk) had widespread issues with corrupt or missing 
files after the fsck's completed, necessitating their being restored from 
backup. 

Concurrently, we also began to see messages like this appearing in 
/var/log/vzctl.log, which again have never appeared at any point prior to this 
update being installed: 

/var/log/vzctl.log:2020-06-26T21:05:19+0100 : Error in fill_hole (check.c:240): 
Warning: ploop image '/vz/private/8288448/root.hdd/root.hds' is sparse 
/var/log/vzctl.log:2020-06-26T21:09:41+0100 : Error in fill_hole (check.c:240): 
Warning: ploop image '/vz/private/8288450/root.hdd/root.hds' is sparse 
/var/log/vzctl.log:2020-06-26T21:16:22+0100 : Error in fill_hole (check.c:240): 
Warning: ploop image '/vz/private/8288451/root.hdd/root.hds' is sparse 
/var/log/vzctl.log:2020-06-26T21:19:57+0100 : Error in fill_hole (check.c:240): 
Warning: ploop image '/vz/private/8288452/root.hdd/root.hds' is sparse 

The basic procedure we follow when updating our nodes is as follows: 

1, Update the standby node we keep spare for this process 
2. vzmigrate all containers from the live node being updated to the standby 
node 
3. Update the live node 
4. Reboot the live node 
5. vzmigrate the containers from the standby node back to the live node they 
originally came from 

So the only tool which has been used to affect these containers is 'vzmigrate' 
itself, so I'm at something of a loss as to how to explain the root.hdd images 
for these containers containing sparse gaps. This is something we have never 
done, as we have always been aware that OpenVZ does not support their use 
inside a container's hard drive image. And the fact that these images have 
suddenly become sparse at the same time they have started to exhibit filesystem 
corruption is somewhat concerning. 

We can restore all affected containers from backups, but I wanted to get in 
touch with the list to see if anyone else at any other site has experienced 
these or similar issues after applying the 7.0.14 (136) update. 

Thank you, 
Kevin Drysdale. 




___ 
Users mailing list 
[ mailto:Users@openvz.org | Users@openvz.org ] 
[ https://lists.openvz.org/mailman/listinfo/users | 
https://lists.openvz.org/mailman/listinfo/users ] 





___ 
Users mailing list 
[ mailto:Users@openvz.org | Users@openvz.org 

Re: [Users] Issues after updating to 7.0.14 (136)

[Jehan Procaccia IMT]

"updating to 7.0.14 (136)" !?

I did an update yesterday , I am far behind that version

/# cat /etc/vzlinux-release//
/
/Virtuozzo Linux release 7.8.0 (609)/
/
/
/# uname -a //
//Linux localhost 3.10.0-1127.8.2.vz7.151.14 #1 SMP Tue Jun 9 12:58:54 
MSK 2020 x86_64 x86_64 x86_64 GNU/Linux//

/
why don't you try to update to latest version ?


Le 29/06/2020 à 12:30, Kevin Drysdale a écrit :

Hello,

After updating one of our OpenVZ VPS hosting nodes at the end of last 
week, we've started to have issues with corruption apparently 
occurring inside containers.  Issues of this nature have never 
affected the node previously, and there do not appear to be any 
hardware issues that could explain this.


Specifically, a few hours after updating, we began to see containers 
experiencing errors such as this in the logs:


[90471.678994] EXT4-fs (ploop35454p1): error count since last fsck: 25
[90471.679022] EXT4-fs (ploop35454p1): initial error at time 
1593205255: ext4_ext_find_extent:904: inode 136399
[90471.679030] EXT4-fs (ploop35454p1): last error at time 1593232922: 
ext4_ext_find_extent:904: inode 136399

[95189.954569] EXT4-fs (ploop42983p1): error count since last fsck: 67
[95189.954582] EXT4-fs (ploop42983p1): initial error at time 
1593210174: htree_dirblock_to_tree:918: inode 926441: block 3683060
[95189.954589] EXT4-fs (ploop42983p1): last error at time 1593276902: 
ext4_iget:4435: inode 1849777

[95714.207432] EXT4-fs (ploop60706p1): error count since last fsck: 42
[95714.207447] EXT4-fs (ploop60706p1): initial error at time 
1593210489: ext4_ext_find_extent:904: inode 136272
[95714.207452] EXT4-fs (ploop60706p1): last error at time 1593231063: 
ext4_ext_find_extent:904: inode 136272


Shutting the containers down and manually mounting and e2fsck'ing 
their filesystems did clear these errors, but each of the containers 
(which were mostly used for running Plesk) had widespread issues with 
corrupt or missing files after the fsck's completed, necessitating 
their being restored from backup.


Concurrently, we also began to see messages like this appearing in 
/var/log/vzctl.log, which again have never appeared at any point prior 
to this update being installed:


/var/log/vzctl.log:2020-06-26T21:05:19+0100 : Error in fill_hole 
(check.c:240): Warning: ploop image 
'/vz/private/8288448/root.hdd/root.hds' is sparse
/var/log/vzctl.log:2020-06-26T21:09:41+0100 : Error in fill_hole 
(check.c:240): Warning: ploop image 
'/vz/private/8288450/root.hdd/root.hds' is sparse
/var/log/vzctl.log:2020-06-26T21:16:22+0100 : Error in fill_hole 
(check.c:240): Warning: ploop image 
'/vz/private/8288451/root.hdd/root.hds' is sparse
/var/log/vzctl.log:2020-06-26T21:19:57+0100 : Error in fill_hole 
(check.c:240): Warning: ploop image 
'/vz/private/8288452/root.hdd/root.hds' is sparse


The basic procedure we follow when updating our nodes is as follows:

1, Update the standby node we keep spare for this process
2. vzmigrate all containers from the live node being updated to the 
standby node

3. Update the live node
4. Reboot the live node
5. vzmigrate the containers from the standby node back to the live 
node they originally came from


So the only tool which has been used to affect these containers is 
'vzmigrate' itself, so I'm at something of a loss as to how to explain 
the root.hdd images for these containers containing sparse gaps.  This 
is something we have never done, as we have always been aware that 
OpenVZ does not support their use inside a container's hard drive 
image.  And the fact that these images have suddenly become sparse at 
the same time they have started to exhibit filesystem corruption is 
somewhat concerning.


We can restore all affected containers from backups, but I wanted to 
get in touch with the list to see if anyone else at any other site has 
experienced these or similar issues after applying the 7.0.14 (136) 
update.


Thank you,
Kevin Drysdale.




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Forum account registration

[Jehan PROCACCIA]

hello

while your in the process of enrolling new forum users, I'd like to be part of 
it, Thanks . 

PS: which communucation channel betwwen forum and Mailing-list do you privilege 
? 

[ https://www.imt-bs.eu/ ] [ https://www.telecom-sudparis.eu/ ] 

Jehan PROCACCIA 
Ingénieur systemes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
01 60 76 44 36 
9 rue Charles Fourier 
91011 Évry-Courcouronnes Cedex 
[ https://www.imt-bs.eu/ ] [ https://twitter.com/imt_bs/ ] [ 
https://www.facebook.com/imtbs/ ] [ 
https://www.linkedin.com/school/institut-mines-telecom-business-school/ ] [ 
https://blogrecherche.wp.imt.fr/ ] 
[ https://www.telecom-sudparis.eu/ ] [ https://twitter.com/TelecomSudParis ] [ 
https://www.facebook.com/TelecomSudParis ] [ 
https://www.linkedin.com/edu/school?id=42882=tyah=clickedVertical%3Aschool%2Cidx%3A4-1-7%2CtarId%3A1429711678204%2Ctas%3Atelecom%20sud
 ] [ https://blogrecherche.wp.imt.fr/ ] 
Des écoles de [ https://www.imt.fr/ | l'IMT ]

- Mail original -
De: "Vasily Averin" 
À: "OpenVZ users" 
Envoyé: Mardi 7 Avril 2020 10:37:30
Objet: Re: [Users] Forum account registration

done

On 4/7/20 11:13 AM, mailingl...@tikklik.nl wrote:
> Can i get a account to 
> 
>  
> 
> 
> ___
> Users mailing list
> Users@openvz.org
> https://lists.openvz.org/mailman/listinfo/users
> 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] vz 7 network capability and openVPN forward/masquerade

[Jehan Procaccia]

uestions:

2) refering to 
https://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-network/networking-modes-in-virtuozzo.html
I do use bridge mode, I have veth interfaces on server host and eth0 
counterparts on containers

2.1) it should be working with firewalld as describe in NAT section of 
https://r.je/openvpn-nat
or in step 11 of : https://tecadmin.net/install-openvpn-centos-8/
but for the sake of simplicity I revert back to iptables 
https://www.digitalocean.com/community/tutorials/how-to-migrate-from-firewalld-to-iptables-on-centos-7
other usefull link
https://wiki.archlinux.org/index.php/OpenVPN_server_in_Linux_Containers

2.3) I kept using eth0 and it work fine, I suppose that I see eth0@if*70* 
because on the server host there's a corresponding
*70*: vme001851fefa53@if3  mtu 1500 qdisc 
noqueue master br2 state UP group default qlen 1000
probably a "link" between both counterpart of host veth and CT eth0 !?

2.4) rp_filter is set to 1 , howerver it works fine now (tcp)
CT# cat /proc/sys/net/ipv4/conf/all/rp_filter
1
I can set it to 0 , but I am not sure it is interpreted as is in the CT 
context, or is the /proc/sys/net/ipv4/conf/all/rp_filter value on the server 
host prevalent ? both share the same kernel , do they share /proc ?

thanks for your detailed help .

regards .


Le 25/02/2020 à 22:11, Dmitry Konstantinov a écrit :

1) I meant you don't need any special capabilities to run openvpn.
Just the tun device should be available.

2) Sorry for the confusion, I meant the openvz networking. routed (venet
device) or bridged (veth).

2.1) I don't use firewalld and not familiar with its syntax.
2.2) it really depends on how you wish the packets to travel.
if they are supposed to go through eth0 then you need to use
eth0 in all the configurations.
2.3) I honestly don't know if a name like eth0@if248 is going to
be accepted by the tools.
2.4) I am not sure but probably in case of bridged networking
you will need to disable rp_filter. Not necessarily, depends on
your configuration. Set the sysctl variable to zero.

Example:

In my particular case openvpn is used to access private network at
remote location. I've got two addresses configured on venet0 device,
  let's say 123.124.125.126 and 192.168.192.168.
Private network is 192.168.192.0/24
openvpn uses 192.168.10.0/28 internal subnet with 192.168.10.1 being
assigned to tun0

openvpn config:
--
topologysubnet
ifconfig192.168.10.1 255.255.255.240
modeserver

server  192.168.10.0 255.255.255.240
push"route 192.168.192.0 255.255.255.0"
--

sysctl.conf:
net.ipv4.ip_forward = 1

iptables:
:POSTROUTING ACCEPT [0:0]
[0:0] -A POSTROUTING -s 192.168.10.0/28 -j SNAT --to-source
192.168.192.168
COMMIT

That's all

now let's say I know for sure 192.168.192.100 is up and running in
the private network. I have an established connection to the vpn
from my local machine and try to ping it but there's no response.
I'd probably check things in the following order:

1) ip a l; ip r l on local machine to check that I have the connectiom
established and the route active

2) tcpdump on local tun device to check that the packets do leave

3) tcpdump on vpn's tun device to check that the packets do arrive

4) tcpdump on vpn's eth/venet device to check if the packets are routed
between interfaces and have the source address changed.

5) ping from vpn container - you might have weird filtering on the
server that hosts the container.



On Tue, 25 Feb 2020 16:32:43 +0100
Jehan Procaccia  wrote:


OK for 1) , then I don't need any capability (net_admin, sys_time), I
was wondering because I read that on lots of docs as in :
https://github.com/OpenVZ/vz-docs/blob/master/virtuozzo_7_users_guide.asc
perhaps deprecated ?

for 2) I use routed openvpn (tun0)
yes I mess a lot between iptables and firewalld while debungin my pb
2.1) I would prefere to use firewalld , can you confirm me the rule
you use ?
POSTROUTING with masquerade or have you an iptable SNAT exemple ?
2.2) if I use a eth0 interface do you confirm that venet0 (that is
Down on my CT) is not concerned at all ?
2.3) my eth0 appears as eth0@if248 (ip addr) , is it important for
the firewall-cmd command arguments => "-o eth0" ? should I use -o
eth0@if248 ! 2.4) what do you mean by |rp_filter| (reverse path
filtering), should I disable it , how ?

Thanks .


Le 25/02/2020 à 14:54, Dmitry Konstantinov a écrit :

openvpn does work. dev/tun:rw and full netfilter is all the
'extras' I have in the container's config

1) not sure if it's still works but probably not useful in
this particular case, never used any capabilities for openvpn.

2) I use a single postrouting rule. Like the last one in your list.


I don't quite understand your setup. Do you use routed or bridged
networking? with firewalld you configure eth0 but I see venet0 in
iptables. I don't have much experience with eth devices inside
container, perhaps you might need to configure rp_filter for i

Re: [Users] vz 7 network capability and openVPN forward/masquerade

[Jehan Procaccia]

OK for 1) , then I don't need any capability (net_admin, sys_time), I 
was wondering because I read that on lots of docs as in :

https://github.com/OpenVZ/vz-docs/blob/master/virtuozzo_7_users_guide.asc
perhaps deprecated ?

for 2) I use routed openvpn (tun0)
yes I mess a lot between iptables and firewalld while debungin my pb
2.1) I would prefere to use firewalld , can you confirm me the rule you 
use ?

POSTROUTING with masquerade or have you an iptable SNAT exemple ?
2.2) if I use a eth0 interface do you confirm that venet0 (that is Down 
on my CT) is not concerned at all ?
2.3) my eth0 appears as eth0@if248 (ip addr) , is it important for the 
firewall-cmd command arguments => "-o eth0" ? should I use -o eth0@if248 !
2.4) what do you mean by |rp_filter| (reverse path filtering), should I 
disable it , how ?


Thanks .


Le 25/02/2020 à 14:54, Dmitry Konstantinov a écrit :

openvpn does work. dev/tun:rw and full netfilter is all the
'extras' I have in the container's config

1) not sure if it's still works but probably not useful in
this particular case, never used any capabilities for openvpn.

2) I use a single postrouting rule. Like the last one in your list.


I don't quite understand your setup. Do you use routed or bridged
networking? with firewalld you configure eth0 but I see venet0 in
iptables. I don't have much experience with eth devices inside
container, perhaps you might need to configure rp_filter for it
to work with openvpn.





On Tue, 25 Feb 2020 10:21:33 +0100
Jehan Procaccia  wrote:


Hello

I have running VPNs that works perfectly on openvz6 , now I move to
openvz7 and I cannot make it forward or masquerade between
interfaces .

I am questionning about different concepts:

1) is enabling capablities still enable/usefull ?

ie: prlctl set ctvpn --capability net_admin:on => doesn't save
anything in the CT conf ...

I did set

prlctl set ctvpn --netfilter full  => in order to have nat and mangle
chains

2) is using iptables or firewalld determinent ? masquerade or SNAT ?

neither of those works

for Masquerade I did

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A
POSTROUTING -s 10.91.10.0/22 -o eth0 -j MASQUERADE

for iptables I tried with

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o venet0 -j SNAT --to-source 157.109.2.13
-A POSTROUTING -s 10.91.10.0/22 -j SNAT --to-source 157.109.2.13

by the way is venet0 important as it appears down in the CT !?

2: venet0:  mtu 1500 qdisc noop state
DOWN group default
      link/void
3: eth0@if248:  mtu 1500 qdisc
noqueue state UP group default qlen 1000

dev/tun is working correctly

I set it with: vzctl set ctvpn --devnodes net/tun:rw --save

CT-ABC /# ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Feb 25 10:07 /dev/net/tun
CT-ABC /# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
=> message that means it is operational !

openvpn uses tun interface, connecting clients to openvpn server
works fine, but routing between interfaces (tun0 and eth0 ) doesn't
work .

of course ip_forward is enabled

CT-ABC /# cat /proc/sys/net/ipv4/ip_forward
1

Thanks for your help .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] vz 7 network capability and openVPN forward/masquerade

[Jehan Procaccia]

Hello

I have running VPNs that works perfectly on openvz6 , now I move to 
openvz7 and I cannot make it forward or masquerade between interfaces .


I am questionning about different concepts:

1) is enabling capablities still enable/usefull ?

ie: prlctl set ctvpn --capability net_admin:on => doesn't save anything 
in the CT conf ...


I did set

prlctl set ctvpn --netfilter full  => in order to have nat and mangle chains

2) is using iptables or firewalld determinent ? masquerade or SNAT ?

neither of those works

for Masquerade I did

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A 
POSTROUTING -s 10.91.10.0/22 -o eth0 -j MASQUERADE


for iptables I tried with

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o venet0 -j SNAT --to-source 157.109.2.13
-A POSTROUTING -s 10.91.10.0/22 -j SNAT --to-source 157.109.2.13

by the way is venet0 important as it appears down in the CT !?

2: venet0:  mtu 1500 qdisc noop state DOWN 
group default

    link/void
3: eth0@if248:  mtu 1500 qdisc noqueue 
state UP group default qlen 1000


dev/tun is working correctly

I set it with: vzctl set ctvpn --devnodes net/tun:rw --save

CT-ABC /# ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Feb 25 10:07 /dev/net/tun
CT-ABC /# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
=> message that means it is operational !

openvpn uses tun interface, connecting clients to openvpn server works 
fine, but routing between interfaces (tun0 and eth0 ) doesn't work .


of course ip_forward is enabled

CT-ABC /# cat /proc/sys/net/ipv4/ip_forward
1

Thanks for your help .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] openvz6

[Jehan PROCACCIA]

I can confirm, I run openVZ7 hosts , hosting dozens of KVM and Containers for 
free in an opensource environement. 
It works very fine and I am impress about all the possibilities in term of 
ressource allocation and operationnal performances . 
I did ask for specific quotation for virtuozzo (no need for storage for 
example, essentially for control panel ) , and the cost was interresting 
relative to the services and compared to other vendors (ie RHEL) . 
I am still surprise in my community about sysadmins that keeps talking about 
proxmox and dockers and considering openVZ as a solution of the past, it is 
not, it is really up2date and the association with the CRIU (criu.org) project 
shows that openVZ is deeply involved in Linux Kernel . 

PS: I am also not involved in virtuozzo , I am a simple customer/user in 
Education and Research . 


Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ] 


De: "Paulo Coghi - Coghi IT"  
À: "OpenVZ users"  
Envoyé: Mardi 7 Janvier 2020 12:37:26 
Objet: Re: [Users] openvz6 

As OpenVZ 6, OpenVZ 7 is more than freeware, it's open source . 

Virtuozzo is the paid option that provides professional support, control panel, 
distributed storage, clusterization and high availability, instant snapshot, 
etc. 

The € 1200 / month is an all-in-one offer to start with Virtuozzo, but you can 
quote more specific scenarios with them. 


PS: I do not work for Virtuozzo. I am just a customer. 

On Tue, Jan 7, 2020 at 6:50 AM < [ mailto:mailingl...@tikklik.nl | 
mailingl...@tikklik.nl ] > wrote: 





Hello, 



I have a question. 
Im running 4 openvz 6 nodes for years now. 
I noticed that openvz 6 is EOL 



I cant find if openVZ 7 is still freeware? 
If i look at Virtuozzo i see a price of 1200 euro / month 

Thats to high for me. 



Any advice? 

Greats 
Steffan 
___ 
Users mailing list 
[ mailto:Users@openvz.org | Users@openvz.org ] 
[ https://lists.openvz.org/mailman/listinfo/users | 
https://lists.openvz.org/mailman/listinfo/users ] 




___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] add centos8 container template to openvz7

[Jehan PROCACCIA]

Indeed, that worked fine , no need to download manually the 
centos-8-x86_64-ez-7.0.0-5.vz7.noarch.rpm and create the cache (vzpkg) , 
just yum install centos-8-x86_64-ez 
then at first creation of a CT referecing the fresly installed centos-8 distrib 
prlctl create cthost8 --ostemplate centos-8-x86_64 --vmtype ct 
suffices to create the cache . 
Thank you for the confirmation . 

regards . 


Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ] 


De: "Arjit Chaudhary"  
À: "OpenVZ users"  
Envoyé: Lundi 6 Janvier 2020 16:50:11 
Objet: Re: [Users] add centos8 container template to openvz7 

I think yum install centos-8-x86_64-ez should have worked in this case, as it 
is listed/available in the release repository (ie, non-factory repository) to 
install the template 

and then vzpkg create cache centos-8 to cache the template 

On Mon, Jan 6, 2020 at 4:57 PM Jehan PROCACCIA < [ 
mailto:jehan.procac...@imtbs-tsp.eu | jehan.procac...@imtbs-tsp.eu ] > wrote: 



Hello , 

I am trying to run a centos8 container on my openvz 7 : Virtuozzo Linux release 
7.7 host . 
initialy there was no centos8 template 
so I installed centos-8 ez package from [ 
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/Packages/c/ | 
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/Packages/c/ ] 
# rpm -Uvh centos-8-x86_64-ez-7.0.0-5.vz7.noarch.rpm 

and created the cache 
# vzpkg create cache centos-8 
Creating OS template cache for centos-8 template 
.. 
Complete! 
OS template centos-8 cache was created 

procedure read from [ 
https://forum.openvz.org/index.php?t=rview=52133=12945 | 
https://forum.openvz.org/index.php?t=rview=52133=12945 ] ... 

Now I do have centos-8-x86_64 listed (which was not there before) 

[root@olbia ~]# vzpkg list -O --with-summary 
centos-7-x86_64 :Centos 7 (for AMD64/Intel EM64T) Virtuozzo Template 
centos-8-x86_64 :Centos 8 (for AMD64/Intel EM64T) Virtuozzo Template 
centos-6-x86_64 :Centos 6 (for AMD64/Intel EM64T) Virtuozzo Template 
debian-8.0-x86_64 :Debian 8.0 (for AMD64/Intel EM64T) Virtuozzo Template 
debian-8.0-x86_64-minimal :Debian 8.0 minimal (for AMD64/Intel EM64T) Virtuozzo 
Template 
ubuntu-16.04-x86_64 :Ubuntu 16.04 (for AMD64/Intel EM64T) Virtuozzo Template 
ubuntu-14.04-x86_64 :Ubuntu 14.04 (for AMD64/Intel EM64T) Virtuozzo Template 
vzlinux-7-x86_64 :VzLinux 7 (for AMD64/Intel EM64T) Virtuozzo Template 

Is this the correct way (and complete) to add a new EZ template or is there a 
better/shorter way ? 

Thanks . 

    
Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ] 

___ 
Users mailing list 
[ mailto:Users@openvz.org | Users@openvz.org ] 
[ https://lists.openvz.org/mailman/listinfo/users | 
https://lists.openvz.org/mailman/listinfo/users ] 





-- 
Thanks, 
Arjit Chaudhary 

___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] add centos8 container template to openvz7

[Jehan PROCACCIA]

Hello , 

I am trying to run a centos8 container on my openvz 7 : Virtuozzo Linux release 
7.7 host . 
initialy there was no centos8 template 
so I installed centos-8 ez package from 
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/Packages/c/ 
# rpm -Uvh centos-8-x86_64-ez-7.0.0-5.vz7.noarch.rpm 

and created the cache 
# vzpkg create cache centos-8 
Creating OS template cache for centos-8 template 
.. 
Complete! 
OS template centos-8 cache was created 

procedure read from [ 
https://forum.openvz.org/index.php?t=rview=52133=12945 | 
https://forum.openvz.org/index.php?t=rview=52133=12945 ] ... 

Now I do have centos-8-x86_64 listed (which was not there before) 

[root@olbia ~]# vzpkg list -O --with-summary 
centos-7-x86_64 :Centos 7 (for AMD64/Intel EM64T) Virtuozzo Template 
centos-8-x86_64 :Centos 8 (for AMD64/Intel EM64T) Virtuozzo Template 
centos-6-x86_64 :Centos 6 (for AMD64/Intel EM64T) Virtuozzo Template 
debian-8.0-x86_64 :Debian 8.0 (for AMD64/Intel EM64T) Virtuozzo Template 
debian-8.0-x86_64-minimal :Debian 8.0 minimal (for AMD64/Intel EM64T) Virtuozzo 
Template 
ubuntu-16.04-x86_64 :Ubuntu 16.04 (for AMD64/Intel EM64T) Virtuozzo Template 
ubuntu-14.04-x86_64 :Ubuntu 14.04 (for AMD64/Intel EM64T) Virtuozzo Template 
vzlinux-7-x86_64 :VzLinux 7 (for AMD64/Intel EM64T) Virtuozzo Template 

Is this the correct way (and complete) to add a new EZ template or is there a 
better/shorter way ? 

Thanks . 


Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ] 

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] IDE disk unsupported configuration: Only scsi disk supports vendor and product

[Jehan PROCACCIA]

Hello

answering myself that pb, I create a dedicated subject/thread for it, in
continuation of my other thread about IDE / hda disk :

https://lists.openvz.org/pipermail/users/2019-August/007705.html

Indeed , I have a openvz7 VM running with a IDE/hda disk  .

migrating it to another host with
qemu-kvm-vz-2.12.0-18.6.3.vz7.21.6.x86_64 failed to start it at
destination with message :

/# prlctl start eonimte//
//Starting the VM...//
//Failed to start the VM: Operation failed. Failed to execute the
operation. (Details: unsupported configuration: Only scsi disk supports
vendor and product)//
/

with virsh edit vmname , I removed le product element from the disk
definition

 



  *  Vz HARDDISK0*

and now it works fine .

regards .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] IDE disk unsupported configuration: Only scsi disk supports vendor and product

[jehan procaccia TEM-TSP]

Hello

answering myself that pb, I create a dedicated subject/thread for it, in
continuation of my other thread about IDE / hda disk :

https://lists.openvz.org/pipermail/users/2019-August/007705.html

Indeed , I have a openvz7 VM running with a IDE/hda disk  .

migrating it to another host with
qemu-kvm-vz-2.12.0-18.6.3.vz7.21.6.x86_64 failed to start it at
destination with message :

/# prlctl start eonimte//
//Starting the VM...//
//Failed to start the VM: Operation failed. Failed to execute the
operation. (Details: unsupported configuration: Only scsi disk supports
vendor and product)//
/

with virsh edit vmname , I removed le product element from the disk
definition

 



  *  Vz HARDDISK0*

and now it works fine .

regards .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] VM migrate Failed to migrate the VM: PRL_ERR_READ_XML_CONTENT

[Jehan PROCACCIA]

Hello 

I cannot migrate a VM from one host to another, it fails with message: Failed 
to migrate the VM: PRL_ERR_READ_XML_CONTENT 
here are the details : 

[root@server2 ~]# prlctl migrate eonimtev root@server1 -v 16 
Logging in 
server uuid={e998a2d4-d719-4b26-ab7b-aa11f2c4a812} 
sessionid={2fadf244-cf8a-420c-8f31-21cdd264900a} 
The virtual machine found: eonimtev 
Migrate the VM eonimtev on server1 () 
security_level=0 
PrlCleanup::register_hook: 6386a500 
EVENT type=100030 
Migration started. 
EVENT type=11 
EVENT type=100033 
Operation progress ... 1%EVENT type=100033 
Operation progress ... 2%EVENT type=100033 
... 
Operation progress ...99%EVENT type=100033 
Operation progress 100% 
EVENT type=100031 
Migration cancelled! 
EVENT type=18 
EVENT type=11 

Failed to migrate the VM: PRL_ERR_READ_XML_CONTENT 
resultCount: 0 
PrlCleanup::unregister_hook: 6386a500 
Logging off 

I must admit that I did edit the VM definition with virsh edit in order to 
specify a different disk name (created from another KVM only machine) 
My initial concern is to convert a KVM machine to virtuozzo prlctl management 
tools, so I clone an existing virtuozzo VM and changed it's disk image name to 
the one's of the KVM only image: 
 
 
 
 
 
 
 

[root@server2 ~]# ls -al /etc/libvirt/qemu/ 
total 28 
drwx-- 3 root root 4096 6 août 23:35 . 
drwx-- 5 root root 4096 6 août 22:44 .. 
-rw--- 1 root root 4685 6 août 23:35 eonimtev.xml 

1) What is wrong with this VM: PRL_ERR_READ_XML_CONTENT ? 

2) Is there a way to "register" to virtuozzo a KVM VM by copying it's 
/etc/libvirt/qemu/vm.xml and disk image to a ' /vz/vmprivate/$uuidgen/ 
hardisk.hdd 
somthing like prlctl register $uuidgen vmname ... ? 

thanks . 

        
Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ] 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] OpenVZ/Virtuozzo 7 Repos Broken

[Jehan PROCACCIA]

yes , me too, that works now 
thanks 

# date 
dim. juin 23 19:51:34 CEST 2019 




De: "Jonathan Wright"  
À: "OpenVZ users"  
Envoyé: Dimanche 23 Juin 2019 19:11:34 
Objet: Re: [Users] OpenVZ/Virtuozzo 7 Repos Broken 



Yep I can confirm it's working here. 
On 6/23/2019 12:04 PM, jjs - mainphrame wrote: 



Seems to be fixed this morning - 

Jake 

On Sat, Jun 22, 2019 at 8:24 AM Jonathan Wright < [ 
mailto:jonat...@knownhost.com | jonat...@knownhost.com ] > wrote: 

BQ_BEGIN



The repos are still dead. It would be great if someone from VZ could weigh in 
and let us know what's going on and when to expect a fix. 
On 6/21/19 3:43 PM, Jehan Procaccia wrote: 

BQ_BEGIN

I confirm , I cannot yum update on mine 

# cat /etc/openvz-release 
OpenVZ release 7.0.10 (254) 
# uname -a 
Linux [ http://olbia.int-evry.fr/ | olbia.int-evry.fr ] 
3.10.0-957.12.2.vz7.86.2 #1 SMP Wed May 15 09:45:34 MSK 2019 x86_64 x86_64 
x86_64 GNU/Linux 


# yum update 
Modules complémentaires chargés : fastestmirror, langpacks, openvz, priorities, 
product-id, refresh-packagekit, rhsm-auto-add-pools, 
: search-disabled-repos, vzlinux 
Loading mirror speeds from cached hostfile 


One of the configured repositories failed (Inconnu), 
and yum doesn't have enough cached data to continue. At this point the only 
safe thing yum can do is fail. There are a few ways to work "fix" this: 

1. Contact the upstream for the repository and get them to fix the problem. 

2. Reconfigure the baseurl/etc. for the repository, to point to a working 
upstream. This is most often useful if you are using a newer 
distribution release than is supported by the repository (and the 
packages for the previous distribution release still work). 

3. Run the command with the repository temporarily disabled 
yum --disablerepo= ... 

4. Disable the repository permanently, so yum won't use it by default. Yum 
will then just ignore the repository until you permanently enable it 
again or use --enablerepo for temporary usage: 

yum-config-manager --disable  
or 
subscription-manager repos --disable= 

5. Configure the failing repository to be skipped, if it is unavailable. 
Note that yum will try to contact the repo. when it runs most commands, 
so will have to try and fail each time (and thus. yum will be be much 
slower). If it is a very temporary problem though, this is often a nice 
compromise: 

yum-config-manager --save --setopt=.skip_if_unavailable=true 

Cannot find a valid baseurl for repo: virtuozzolinux-base 

# yum repolist 
Modules complémentaires chargés : fastestmirror, langpacks, openvz, priorities, 
product-id, refresh-packagekit, rhsm-auto-add-pools, 
: search-disabled-repos, vzlinux 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
Loading mirror speeds from cached hostfile 
id du dépôt nom du dépôt statut 
openvz-os OpenVZ 0 
openvz-updates OpenVZ Updates 0 
virtuozzolinux-base VirtuozzoLinux Base 0 
virtuozzolinux-updates VirtuozzoLinux Updates 0 
repolist: 0 


Le 21/06/2019 à 20:07, jjs - mainphrame a écrit : 

BQ_BEGIN

Seeing the same here. I suspect it may be related to the package signing issue 
I saw yesterday. I suspect it will be cleared up before too long. 

Jake 

On Fri, Jun 21, 2019 at 9:22 AM Jonathan Wright < [ 
mailto:jonat...@knownhost.com | jonat...@knownhost.com ] > wrote: 

BQ_BEGIN
Something has broken the vz7 repos: 

# yum upgrade 
Loaded plugins: fastestmirror, langpacks, openvz, priorities, vzlinux 
Determining fastest mirrors 
* openvz-os: [ http://mirrors.evowise.com/ | mirrors.evowise.com ] 
* openvz-updates: [ http://mirrors.evowise.com/ | mirrors.evowise.com ] 
openvz-os | 3.9 kB 00:00:00 
openvz-updates | 3.1 kB 00:00:00 
virtuozzolinux-base | 785 B 00:00:00 
virtuozzolinux-updates | 2.9 kB 00:00:00 
(1/4): virtuozzolinux-updates/primary_db | 1.1 kB 00:00:00 
(2/4): openvz-os/group_gz | 18 kB 00:00:00 
(3/4): openvz-updates/primary_db | 882 kB 00:00:00 
(4/4): openvz-os/primary_db | 987 kB 00:00:00 
Error: requested datatype primary not available 

Seeing this across all of my ovz/vz7 servers. 

-- 
Jonathan Wright 
KnownHost, LLC 
[ https://www.knownhost.com/ | https://www.knownhost.com ] 

___ 
Users mailing list 
[ mailto:Users@openvz.org | Users@openvz.org ] 
[ https://lists.openvz.org/mailman/listinfo/users | 
https://lists.openvz.org/mailman/listinfo/users ] 




___
Users mailing list [ mailto:Users@openvz.org | Users@openvz.org ] [ 
https://lists.openvz.org/mailman/listinfo/users | 
https://lists.openvz.org/mailman/listinfo/users ] 

BQ_END




___
Users mailing list [ mailto:User

Re: [Users] OpenVZ/Virtuozzo 7 Repos Broken

[Jehan Procaccia]

I confirm , I cannot yum update on mine

# cat /etc/openvz-release
OpenVZ release 7.0.10 (254)
# uname -a
Linux olbia.int-evry.fr 3.10.0-957.12.2.vz7.86.2 #1 SMP Wed May 15 
09:45:34 MSK 2019 x86_64 x86_64 x86_64 GNU/Linux



# yum update
Modules complémentaires chargés : fastestmirror, langpacks, openvz, 
priorities, product-id, refresh-packagekit, rhsm-auto-add-pools,

    : search-disabled-repos, vzlinux
Loading mirror speeds from cached hostfile


 One of the configured repositories failed (Inconnu),
 and yum doesn't have enough cached data to continue. At this point the 
only

 safe thing yum can do is fail. There are a few ways to work "fix" this:

 1. Contact the upstream for the repository and get them to fix the 
problem.


 2. Reconfigure the baseurl/etc. for the repository, to point to a 
working

    upstream. This is most often useful if you are using a newer
    distribution release than is supported by the repository (and the
    packages for the previous distribution release still work).

 3. Run the command with the repository temporarily disabled
    yum --disablerepo= ...

 4. Disable the repository permanently, so yum won't use it by 
default. Yum
    will then just ignore the repository until you permanently 
enable it

    again or use --enablerepo for temporary usage:

    yum-config-manager --disable 
    or
    subscription-manager repos --disable=

 5. Configure the failing repository to be skipped, if it is 
unavailable.
    Note that yum will try to contact the repo. when it runs most 
commands,
    so will have to try and fail each time (and thus. yum will be 
be much
    slower). If it is a very temporary problem though, this is 
often a nice

    compromise:

    yum-config-manager --save 
--setopt=.skip_if_unavailable=true


Cannot find a valid baseurl for repo: virtuozzolinux-base

# yum repolist
Modules complémentaires chargés : fastestmirror, langpacks, openvz, 
priorities, product-id, refresh-packagekit, rhsm-auto-add-pools,

    : search-disabled-repos, vzlinux
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
Loading mirror speeds from cached hostfile
id du dépôt nom du dépôt statut
openvz-os OpenVZ 0
openvz-updates  OpenVZ Updates 0
virtuozzolinux-base VirtuozzoLinux 
Base   0
virtuozzolinux-updates  VirtuozzoLinux 
Updates    0

repolist: 0


Le 21/06/2019 à 20:07, jjs - mainphrame a écrit :
Seeing the same here. I suspect it may be related to the package 
signing issue I saw yesterday. I suspect it will be cleared up before 
too long.


Jake

On Fri, Jun 21, 2019 at 9:22 AM Jonathan Wright 
mailto:jonat...@knownhost.com>> wrote:


Something has broken the vz7 repos:

# yum upgrade
Loaded plugins: fastestmirror, langpacks, openvz, priorities, vzlinux
Determining fastest mirrors
  * openvz-os: mirrors.evowise.com 
  * openvz-updates: mirrors.evowise.com 
openvz-os | 3.9 kB  00:00:00
openvz-updates | 3.1 kB  00:00:00
virtuozzolinux-base |  785 B  00:00:00
virtuozzolinux-updates | 2.9 kB  00:00:00
(1/4): virtuozzolinux-updates/primary_db | 1.1 kB  00:00:00
(2/4): openvz-os/group_gz |  18 kB  00:00:00
(3/4): openvz-updates/primary_db | 882 kB  00:00:00
(4/4): openvz-os/primary_db | 987 kB  00:00:00
Error: requested datatype primary not available

Seeing this across all of my ovz/vz7 servers.

-- 
Jonathan Wright

KnownHost, LLC
https://www.knownhost.com

___
Users mailing list
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] after upgrade of vz7: Failed to get VM config: The virtual machine could not be found.

[Jehan PROCACCIA]

Hello

on my side, my last update was on may 23rd , but everything worked fine after 
reboot , prlctl ok . 

# uname -a 
Linux  3.10.0-957.12.2.vz7.86.2 #1 SMP Wed May 15 09:45:34 MSK 2019 x86_64 
x86_64 x86_64 GNU/Linux
# cat /etc/virtuozzo-release 
OpenVZ release 7.0.10 (254)
# cat /etc/redhat-release 
Virtuozzo Linux release 7.5

jehan . 

- Mail original -
De: "Arjit Chaudhary" 
À: "OpenVZ users" 
Envoyé: Mercredi 5 Juin 2019 17:42:52
Objet: Re: [Users] after upgrade of vz7: Failed to get VM config: The virtual 
machine could not be found.

I have the same problem here, but in my case, 
1. prlctl list -a has the VM listed in shutdown state while vzlist has it in 
running state 
2. I cannot boot, shutdown, migrate or do anything via prlctl 

Everything was working fine in the previous release. Currently my vzmigrate is 
broken too for some reason so I just wrote a bash script wrapper for 
migrations, 

#!/bin/bash 
VMID=$1 
NEW_HOST=$2 
SSH_PORT=$3 
vzctl stop $VMID --fast && rsync -a -e "ssh -p $SSH_PORT" /vz/private/$VMID 
root@$NEW_HOST:/vz/private/ && rsync -a -e ssh /etc/vz/conf/$VMID.conf 
root@$NEW_HOST:/etc/vz/conf/ 

Not the best looking script but it does the job for now :P 

On Wed, Jun 5, 2019 at 8:48 PM < [ mailto:jus...@albstmeijer.nl | 
jus...@albstmeijer.nl ] > wrote: 


Hi OpenVZ mailinglist, 

After the last upgrade batch (see below) and reboot to the latest 
kernel, prlctl seems to have lost access to my containers. 

Any suggestion? 

The legacy vzctl cli still works. (I can start and work with the containers) 

# vzlist -o ctid 
CTID 
1ab0f712-3bc4-45d6-b215-49247fb93934 
1b82e66d-5861-4b90-93d7-8364d57dd9d9 
a83748a6-3366-47b5-8f1a-44a4e5d38f33 

# prlctl list -a 
UUID STATUS IP_ADDR T NAME 

# prlctl list 1ab0f712-3bc4-45d6-b215-49247fb93934 
UUID STATUS IP_ADDR T NAME 
Failed to get VM config: The virtual machine could not be found. The 
virtual machine is not registered in the virtual machine directory on 
this server. Contact your Virtuozzo administrator for assistance. 

upgrade batch: 

May 28 14:24:49 Updated: libgcc-4.8.5-36.vl7.2.x86_64 
May 28 14:24:59 Updated: glibc-common-2.17-260.vl7.5.x86_64 
May 28 14:25:04 Updated: glibc-2.17-260.vl7.5.x86_64 
May 28 14:25:05 Updated: systemd-libs-219-63.vl7.7.x86_64 
May 28 14:25:06 Updated: libstdc++-4.8.5-36.vl7.2.x86_64 
May 28 14:25:08 Updated: libsss_certmap-1.16.2-13.vl7.8.x86_64 
May 28 14:25:10 Updated: libsss_idmap-1.16.2-13.vl7.8.x86_64 
May 28 14:25:11 Updated: 10:qemu-img-vz-2.12.0-18.6.3.vz7.21.6.x86_64 
May 28 14:25:12 Updated: ploop-lib-7.0.140.2-1.vz7.x86_64 
May 28 14:25:12 Updated: zstd-1.4.0-1.vl7.x86_64 
May 28 14:25:13 Updated: 3:vzlinux-release-7-1.vl7.81.x86_64 
May 28 14:25:18 Updated: systemd-219-63.vl7.7.x86_64 
May 28 14:25:19 Updated: 7:device-mapper-1.02.149-10.vl7.7.x86_64 
May 28 14:25:19 Updated: 7:device-mapper-libs-1.02.149-10.vl7.7.x86_64 
May 28 14:25:22 Updated: libvirt-libs-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:23 Updated: 7:device-mapper-event-libs-1.02.149-10.vl7.7.x86_64 
May 28 14:25:24 Updated: 7:device-mapper-event-1.02.149-10.vl7.7.x86_64 
May 28 14:25:25 Updated: 7:lvm2-libs-2.02.180-10.vl7.7.x86_64 
May 28 14:25:25 Updated: systemd-sysv-219-63.vl7.7.x86_64 
May 28 14:25:26 Updated: libvirt-daemon-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:27 Updated: 
libvirt-daemon-driver-network-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:27 Updated: 
libvirt-daemon-driver-nwfilter-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:28 Updated: 
libvirt-daemon-driver-nodedev-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:28 Updated: 
libvirt-daemon-driver-storage-core-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:29 Updated: 
libvirt-daemon-driver-storage-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:29 Updated: libvirt-daemon-driver-qemu-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:30 Updated: 
libvirt-daemon-driver-interface-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:31 Updated: 
libvirt-daemon-config-nwfilter-4.5.0-10.vz7.10.1.x86_64 
May 28 14:25:32 Updated: 10:qemu-kvm-common-vz-2.12.0-18.6.3.vz7.21.6.x86_64 
May 28 14:25:34 Updated: 10:qemu-kvm-vz-2.12.0-18.6.3.vz7.21.6.x86_64 
May 28 14:25:34 Updated: httpd-tools-2.4.6-89.vl7.x86_64 
May 28 14:25:35 Updated: libipa_hbac-1.16.2-13.vl7.8.x86_64 
May 28 14:25:36 Updated: kernel-tools-libs-3.10.0-957.12.2.vz7.86.2.x86_64 
May 28 14:25:37 Updated: libsss_sudo-1.16.2-13.vl7.8.x86_64 
May 28 14:25:37 Updated: libsss_autofs-1.16.2-13.vl7.8.x86_64 
May 28 14:25:38 Updated: libsss_nss_idmap-1.16.2-13.vl7.8.x86_64 
May 28 14:25:39 Updated: sssd-client-1.16.2-13.vl7.8.x86_64 
May 28 14:25:40 Updated: sssd-common-1.16.2-13.vl7.8.x86_64 
May 28 14:25:41 Updated: sssd-krb5-common-1.16.2-13.vl7.8.x86_64 
May 28 14:25:41 Updated: sssd-common-pac-1.16.2-13.vl7.8.x86_64 
May 28 14:25:42 Updated: sssd-ad-1.16.2-13.vl7.8.x86_64 
May 28 14:25:43 Updated: sssd-ipa-1.16.2-13.vl7.8.x86_64 
May 28 14:25:43 Updated: sssd-ldap-1.16.2-13.vl7.8.x86_64 
May 28 14:25:44 Updated: sssd-krb5-1.16.2-13.vl7.8.x86_64 
May 

[Users] openVZ 7 arguments

[Jehan Procaccia]

Hello,

we are having a long discussion on the french network operators group 
(FRnOG) regarding virtualization


it was frustrating to see dozens of posts regarding proxmox, Xen, 
openstack etc ... but none for openVZ .


so I recall the group about openvz, but for most of the audience, they 
think it's a deprecated solution based on old kernels . So I took the 
chance to update with recent echange on our mailing list by posting 
this: https://www.mail-archive.com/frnog@frnog.org/msg53322.html


it's in french , but I guess you'll be able to traduct it if necessary .

anyway I redirect to 
https://fr.slideshare.net/openvz/whats-missing-from-upstream-kernel-containers-kir-kolyshkin


regarding virtuozzo contribution to mainstream kernel and the reduction 
of patches to enable openvz CT to run out of the mainstream kernel, do 
you have more recent data ?


I also mentioned our 
https://lists.openvz.org/pipermail/users/2019-April/007590.html .


If you have anymore arguments , I'll take them .

PS: https://wiki.openvz.org/Comparison seems to be up2date (last edited 
January  2019) , but for line/feature "*Power Panel" *there's "none" in 
proxmox, is the virtuozzo 7 that much different to the proxmox web GUI ?

**

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] Usage Statistics for OpenVZ 7

[Jehan PROCACCIA]

oops, you're right , my period field was set to early April , set it on "last 
week" confirms 42 ! 
sorry .
can you tell me more about those questions :  
how can I see that information has left my server ? 
it is pull or push method ? 
how often does this happens ?

thanks .

- Mail original -
De: "Vasily Averin" 
À: "OpenVZ users" , "Jehan PROCACCIA" 

Envoyé: Lundi 27 Mai 2019 09:07:07
Objet: Re: [Users] Usage Statistics for OpenVZ 7

On 5/27/19 9:51 AM, Jehan PROCACCIA wrote:
> hi ,
> Very good job, I was searching for the vz7 stats equivalent to the legacy one 
> (6 ...) , that does the job  !
> I realized though that on one of my node the disp-helper package wasn't 
> installed, doesn't it come by default when installing virtuozzo7 distro ?
> On an other one it was there, but I had to enabled it .
> Now that I have enabled it few minutes ago ...
> if I check it's full kernel name on 
> https://stats7-web.openvz.org/index.php?page_size=all=kernel
> I don't see mine yet ... (3.10.0-957.12.2.vz7.86.2) ,  I guess there's a 
> delay between my server sends the stats and your collector to gather it and 
> show it
> how can I see that information has left my server ? it is pull or push method 
> ? how often does this happens ?

Dear jehan,
I've found 42 nodes with your kernel version:
https://stats7-web.openvz.org/index.php?search=3.10.0-957.12.2.vz7.86.2=kernel

Thank you,
Vasily Averin

> Thanks a lot for those precious information, I'll be glad to send mine and 
> see them there .
> 
> Regards .
>   
> *Jehan PROCACCIA*
> Ingénieur systèmes et réseaux
> Membre du comité de pilotage REVE :
> Réseau d’Évry Val d'Essonne et THD
> +33160764436
> 9 rue Charles Fourier - 91011 Evry Cedex
> *www.imt-bs.eu* <https://www.imt-bs.eu> - *www.telecom-sudparis.eu* 
> <https://www.telecom-sudparis.eu>
> 
> 
> --
> *De: *"jjs - mainphrame" 
> *À: *"OpenVZ users" 
> *Envoyé: *Dimanche 26 Mai 2019 23:07:36
> *Objet: *Re: [Users] Usage Statistics for OpenVZ 7
> 
> I just wanted to say this is very interesting info. Thanks for all the work.
> 
> Jake
> 
> On Fri, May 24, 2019 at 8:31 AM Denis Silakov  <mailto:dsila...@virtuozzo.com>> wrote:
> 
> Usage Statistics for OpenVZ 7
> 
> Hi all,
> 
> As most of you probably know, OpenVZ 7 sends some statistics to 
> stats7.openvz.org <http://stats7.openvz.org> to get developers know how the 
> product is used (one can turn this statistics on/off by enabling/disabling 
> disp-helper service).
> 
> For legacy OpenVZ versions, these data is visualized at 
> https://stats.openvz.org/.
> 
> It took us some time to prepare a public site where everyone can observe 
> anonimized statistics of OpenVZ 7 usage, since data collection process has 
> been merged with commercial Virtuozzo 7 which is completely different from 
> OpenVZ 6. But finally, we have launched it:
> 
> http://stats7-web.openvz.org/
> 
> Feel free to browse and provide feedback.
> 
> In particular, let us know if you think that some data is sensitive and 
> should be dropped.
> 
> For those interested in source code, data collection scripts are located 
> here:
> https://src.openvz.org/projects/OVZ/repos/disp-helper/browse
> 
> Patches are welcome. If it is not clear how disp-helper works - we are 
> ready to provide detailed description (and likely add it to the git:))
> 
> Note that not all of the data collected by disp-helper is visualized on 
> the site. We will add more info as times goes by, but if you want to get some 
> information visualized in the first place - let us know, we will consider 
> prioritizing your wishes.
> 
> --
> Regards,
>

Re: [Users] Usage Statistics for OpenVZ 7

[Jehan PROCACCIA]

hi , 
Very good job, I was searching for the vz7 stats equivalent to the legacy one 
(6 ...) , that does the job ! 
I realized though that on one of my node the disp-helper package wasn't 
installed, doesn't it come by default when installing virtuozzo7 distro ? 
On an other one it was there, but I had to enabled it . 
Now that I have enabled it few minutes ago ... 
if I check it's full kernel name on [ 
https://stats7-web.openvz.org/index.php?page_size=all=kernel | 
https://stats7-web.openvz.org/index.php?page_size=all=kernel ] 
I don't see mine yet ... (3.10.0-957.12.2.vz7.86.2) , I guess there's a delay 
between my server sends the stats and your collector to gather it and show it 
how can I see that information has left my server ? it is pull or push method ? 
how often does this happens ? 

Thanks a lot for those precious information, I'll be glad to send mine and see 
them there . 

Regards . 

Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ] 


De: "jjs - mainphrame"  
À: "OpenVZ users"  
Envoyé: Dimanche 26 Mai 2019 23:07:36 
Objet: Re: [Users] Usage Statistics for OpenVZ 7 

I just wanted to say this is very interesting info. Thanks for all the work. 

Jake 

On Fri, May 24, 2019 at 8:31 AM Denis Silakov < [ mailto:dsila...@virtuozzo.com 
| dsila...@virtuozzo.com ] > wrote: 






Usage Statistics for OpenVZ 7 

Hi all, 

As most of you probably know, OpenVZ 7 sends some statistics to [ 
http://stats7.openvz.org/ | stats7.openvz.org ] to get developers know how the 
product is used (one can turn this statistics on/off by enabling/disabling 
disp-helper service). 

For legacy OpenVZ versions, these data is visualized at [ 
https://stats.openvz.org/ | https://stats.openvz.org/ ] . 

It took us some time to prepare a public site where everyone can observe 
anonimized statistics of OpenVZ 7 usage, since data collection process has been 
merged with commercial Virtuozzo 7 which is completely different from OpenVZ 6. 
But finally, we have launched it: 

[ http://stats7-web.openvz.org/ | http://stats7-web.openvz.org/ ] 

Feel free to browse and provide feedback. 

In particular, let us know if you think that some data is sensitive and should 
be dropped. 

For those interested in source code, data collection scripts are located here: 
[ https://src.openvz.org/projects/OVZ/repos/disp-helper/browse | 
https://src.openvz.org/projects/OVZ/repos/disp-helper/browse ] 

Patches are welcome. If it is not clear how disp-helper works - we are ready to 
provide detailed description (and likely add it to the git:)) 

Note that not all of the data collected by disp-helper is visualized on the 
site. We will add more info as times goes by, but if you want to get some 
information visualized in the first place - let us know, we will consider 
prioritizing your wishes . 

-- 
Regards, 
Denis. 




___ 
Users mailing list 
[ mailto:Users@openvz.org | Users@openvz.org ] 
[ https://lists.openvz.org/mailman/listinfo/users | 
https://lists.openvz.org/mailman/listinfo/users ] 




___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users 
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] OpenVZ 7 orchestration

[Jehan Procaccia]

Thank you for the link to powerPanel, it seems indeed to do the job
I understand that we need to register a virtuozzo 7 Licence to get it, 
howerver commercial prices of virtuozzo 7 is not clear to me

from the web site
https://www.virtuozzo.com/products/vz7.html
then click on "buy it" you are redirected to a "starter kit" with 
+1K€/month for 5 nodes, 24/7 suports etc ...

it looks like a hosting service to me !?

If I want to host myself virtuozzo 7 (as I do right now with 
virtuozzo/openvz7 (don't know how to call it ?)) but with the benefit of 
those commercial features (PowerPanel, Backups, live Kernel upgrades 
...) is there a commercial catalogue (as when you buy a RedHat licence ) ?


back to free orchestration, maybe I've been miss guided buy 
https://wiki.openvz.org/Setting_up_Kubernetes_cluster
but I thought that there was a possibility to manage openvz (7) 
container with kubernetes , am I wrong ?


Thanks .

Le 16/05/2019 à 15:26, Konstantin Khorenko a écrit :

On 05/16/2019 04:10 PM, Jehan Procaccia wrote:

Hello,

we have the need to let users start/stop openvz7 containers

we could probably create local scripts that allow users (from our ldap
directory, not anyone in the world !) with sudo to do that.

but I know automation/orchestration tools exist out there (Kubernetes
for example ...)

is there community tools, or openvz/viruozzo integrated tool, that would
allow us to delegate the management of containers to our users without
giving out privilege on the Host .

For Virtuozzo 7 it's done via PowerPanel:
https://docs.virtuozzo.com/virtuozzo_powerpanel_users_guide/index.html

==
About Virtuozzo PowerPanel
Virtuozzo PowerPanel provides an easy way for you to manage all your virtual 
machines and containers from one web panel.

In Virtuozzo PowerPanel, you can:

* start, stop, and reset your virtual machines and containers,
* reinstall your containers,
* change user passwords for your virtual machines and containers,
* create, restore, and delete backups of your virtual machines and containers,
* log in to your virtual machines and containers via VNC.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users





___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] OpenVZ 7 orchestration

[Jehan Procaccia]

Hello,

we have the need to let users start/stop openvz7 containers

we could probably create local scripts that allow users (from our ldap 
directory, not anyone in the world !) with sudo to do that.


but I know automation/orchestration tools exist out there (Kubernetes 
for example ...)


is there community tools, or openvz/viruozzo integrated tool, that would 
allow us to delegate the management of containers to our users without 
giving out privilege on the Host .


Thanks .




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] distro virtuozzo vs proxmox

[Jehan PROCACCIA]

Thanks for those comparisons 
I still wonder though what is the container technology used by 
virtuozzo/openVZ7 ? 
from [ 
https://www.slideshare.net/openvz/whats-missing-from-upstream-kernel-containers-kir-kolyshkin
 | 
https://www.slideshare.net/openvz/whats-missing-from-upstream-kernel-containers-kir-kolyshkin
 ] I understand that it is patches to kernel that takes advantages of kernel 
namespaces, cgroups etc .. ? 
is that right ? 
other insteresting reading, but probably a little oriented towards lxd ... : [ 
https://containerjournal.com/2017/01/09/comparing-openvz-lxd-linux-system-container-platforms/
 | 
https://containerjournal.com/2017/01/09/comparing-openvz-lxd-linux-system-container-platforms/
 ] 
it still beleive that choice between technologies proxmox / virtuozzo is driven 
by the linux distribution a sysadmin is most familiar with . 
anyway, I 'am happy and surprised by the 1st reference above that virtuozzo is 
that much contributing to the kernel and is so close to a native kernel . 



De: "Paulo Coghi - Coghi IT"  
À: "OpenVZ users"  
Envoyé: Lundi 29 Avril 2019 12:26:35 
Objet: Re: [Users] distro virtuozzo vs proxmox 

My 2 cents. 

*OpenVZ vs LXC* 
OpenVZ requires a patched kernel, but it's finally updated with OVZ7 
OpenVZ is gradually porting its technology to mainline Linux kernel 
OpenVZ has a more battle tested OS virtualization technology 
LXC is still more insecure 
LXC has a more complex way to configure networks 

*Virtuozzo vs Proxmox* 
Virtuozzo better integrates OpenVZ with its features and capabilities, like 
live migration, distributed storage, live snapshots, etc 
Virtuozzo is made and maintained by the same company that maintains OpenVZ 
itself, and buying its licenses helps the future of OpenVZ 
Virtuozzo includes specialized tools to manage and ensure the healthy of your 
distributed storage cluster, subdivides it in different layers of performance 
and purpose, etc 
Virtuozzo has a great and responsive support team, in my experience 
Virtuozzo enhanced KVM a lot, that provides more server density and performance 
Virtuozzo is one of the main KVM contributors, and contributes to other 
projects as well, as Linux Kernel, OpenStack, etc 
Proxmox was famous when offered OpenVZ on its platform (not offering anymore, 
replacing it by LXC) 
Proxmox is made and maintained by a company not related to OpenVZ project 
itself 
Proxmox has a great and responsive support team, in my experience 

On Mon, Apr 29, 2019 at 10:48 AM Narcis Garcia < [ mailto:informat...@actiu.net 
| informat...@actiu.net ] > wrote: 


Yes, these are the right comparisons: 

OpenVZ vs LXC 
Virtuozzo distro vs Proxmox distro 
CentOS vs Debian vs Other general purpose distros 

+ Interesting to know the support to run OpenVZ 7 on CentOS. 
It should be documented at OpenVZ wiki! 


El 29/4/19 a les 4:16, Website Solution - George ha escrit: 
> 
> From my understanding, Virtuozzo 7 (or OpenVZ 7) supports user quota 
> inside guest container. 
> 
> However, for unprivileged LXC guest, it does not support quota inside 
> container natively. 
> 
> It is important if we run the guest container for multiple end-users. 
> 
> (Privileged LXC guests support user quota inside container, but they 
> share the same root UID between guest and host, which implies some kind 
> of potential security) 
> 
> 
> 
> On 29-Apr-19 3:55 AM, Jehan PROCACCIA wrote: 
>> regarding distros and virtuozzo vs proxmox (reason I modified the 
>> subject, orig: SSD trim support over a LUKS layer) 
>> I understand that it could be frustrating to rely on a dedidcated 
>> distro (virtuozzo 7), but I guess it comes with simplicity and 
>> consistency regarding set of packages and updates 
>> after all it's very similar to centos/rhel 7 as it is based on it, and 
>> if you wish , you could add openvz7 feature to native centos7 : 
>> [ 
>> https://enjoyko.blogspot.com/2018/05/how-to-install-openvz-7-to-centos-7.html
>>  | 
>> https://enjoyko.blogspot.com/2018/05/how-to-install-openvz-7-to-centos-7.html
>>  ] 
>> 
>> 
>> I guess that [ https://wiki.openvz.org/Comparison | 
>> https://wiki.openvz.org/Comparison ] is quite up to date as 
>> it dates from jan/2019 
>> but i am still wondering what technology virtuozzo 7 uses for 
>> containers if not LXC ? 
>> 
>> I'll be glad to know as I have regularly discussions between sysadmins 
>> around proxmox and virtuozzo , and finally it ends on debian vs 
>> centos/rhel ! 
>> 
>> - Mail original - 
>> De: "Narcis Garcia" < [ mailto:informat...@actiu.net | informat...@actiu.net 
>> ] > 
>> À: "OpenVZ users" < [ mailto:users@openvz.org | users@openvz.org ] > 
>> Envoyé: Samedi 27 Avril 2019 19:19:43 
>> Objet: Re: [U

[Users] distro virtuozzo vs proxmox

[Jehan PROCACCIA]

regarding distros and virtuozzo vs proxmox (reason I modified the subject, 
orig: SSD trim support over a LUKS layer) 
I understand that it could be frustrating to rely on a dedidcated distro 
(virtuozzo 7), but I guess it comes with simplicity and consistency regarding 
set of packages and updates
after all it's very similar to centos/rhel 7 as it is based on it, and if you 
wish , you could add openvz7 feature to native centos7 : 
https://enjoyko.blogspot.com/2018/05/how-to-install-openvz-7-to-centos-7.html

I guess that https://wiki.openvz.org/Comparison is quite up to date as it dates 
from jan/2019
but i am still wondering what technology virtuozzo 7 uses for containers if not 
LXC ? 

I'll be glad to know as I have regularly discussions between sysadmins around 
proxmox and virtuozzo , and finally it ends on debian vs centos/rhel !

- Mail original -
De: "Narcis Garcia" 
À: "OpenVZ users" 
Envoyé: Samedi 27 Avril 2019 19:19:43
Objet: Re: [Users] SSD trim support over a LUKS layer

The problem of Virtuozzo 7 for me is that this is a distro.
I prefer to use general purpose distros, for many reasons around
packaged software, community support, future plans and others.


El 27/4/19 a les 19:09, Paulo Coghi - Coghi IT ha escrit:
> LXC is far to be an option, IMHO.
> 
> I'm happily using Virtuozzo 7 with multiple NVMe storages with zero
> issues for more than a year.
> 
> On Sat, Apr 27, 2019 at 4:28 PM CoolCold  > wrote:
> 
> I believe to have fixes and backports like this in to legacy version
> of product will not happen, and you should consider upgrading.
> Personally, I've upgraded to lxc.. it's quite primitive comparing to
> ovz 6, but it's enough for my needs.
> 
> On Sat, Apr 27, 2019, 17:49 spameden  > wrote:
> 
> Yes, it's an issue in kernel. 
> 
> As dm-crypt/luks layer isn't passing TRIM to the underlying device.
> 
> /boot is not encrypted that's why it works for you.
> 
> сб, 27 апр. 2019 г. в 11:11, Narcis Garcia
> mailto:informat...@actiu.net>>:
> 
> See in the case that /dev/sda1 (Directly mounted as Ext4 on
> /boot) works with Trim/Discard.
> It's the sda2_crypt (layer over sda2) that is not detected
> to be trimmable. Devuan's stock kernel does.
> 
> CentOS issue #6548 may not be this same bug; I've tested now
> with CentOS 6.8 with a similar (but not same) result*:*
> 
> $ lsb_release -d
> Description:    CentOS release 6.8 (Final)
> 
> $ uname -a
> Linux localhost.localdomain 2.6.32-642.el6.x86_64 #1 SMP Tue
> May 10 17:27:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
> 
> $ lsblk --discard /dev/sda
> NAME
> DISC-ALN DISC-GRAN DISC-MAX DISC-ZERO
> sda
> 0  512B   2G 0
> ├─sda1 
> 0  512B   2G 0
> └─sda2 
> 0  512B   2G 0
>   └─luks-f691f48b-8556-487d-ac64-50daa99ed4c9 (dm-0)   
> 0  512B   2G 0
> 
> $ cat /etc/crypttab
> luks-f691f48b-8556-487d-ac64-50daa99ed4c9
> UUID=f691f48b-8556-487d-ac64-50daa99ed4c9 none luks,discard
> 
> $ mount | grep -e discard
> /dev/mapper/luks-f691f48b-8556-487d-ac64-50daa99ed4c9 on /
> type ext4 (rw,discard)
> /dev/sda1 on /boot type ext4 (rw,discard)
> 
> $ sudo fstrim /boot
> # (same result as Devuan/1 and OpenVZ/6 kernel: success)
> 
> $ sudo fstrim /
> fstrim: /: FITRIM ioctl failed: Operation not supported
> 
> 
> El 26/4/19 a les 21:36, spameden ha escrit:
>> Hi.
>>
>> I've asked this question years ago (in
>> 2013): 
>> https://lists.openvz.org/pipermail/users/2013-August/005250.html
>>
>> Let me know if it helps, but this bug should have been
>> fixed in CentOS and RHEL at
>> least: https://bugs.centos.org/view.php?id=6548
>>
>> Maybe OpenVZ maintainers didn't pick up this fix in the
>> openvz6 legacy kernel?
>>
>> Thanks.
>>
>> ср, 10 апр. 2019 г. в 10:45, Narcis Garcia
>> mailto:informat...@actiu.net>>:
>>
>> Does anybody know how can I solve this?
>>
>> $ lsb_release -d
>> Description:    Devuan GNU/Linux 1.0 (jessie)
>>
>> $ uname -a
>> Linux bell1 2.6.32-openvz-042stab134.8-amd64 #1 SMP
>> Fri Dec 7 17:18:40
>>

Re: [Users] Virtuozzo/OpenVZ 7.0 Update 10 (7.0.10-252)

[Jehan PROCACCIA]

OK, i did upgraded one of my servers, everything looks fine 

# uname -a 
Linux myhostname.domain.fr 3.10.0-957.10.1.vz7.85.17 #1 SMP Thu Apr 11 18:11:44 
MSK 2019 x86_64 x86_64 x86_64 GNU/Linux
it was on 3.10.0-862.20.2.vz7.73.29 #1 SMP Thu Feb 21 bebore .
thanks .

Jehan PROCACCIA 
Ingénieur systèmes et réseaux 
Membre du comité de pilotage REVE : 
Réseau d’Évry Val d'Essonne et THD 
+33160764436 
9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ]

- Mail original -
De: "Konstantin Bukharov" 
À: "OpenVZ users" 
Envoyé: Jeudi 25 Avril 2019 21:38:02
Objet: Re: [Users] Virtuozzo/OpenVZ 7.0 Update 10 (7.0.10-252)

Hello,

It's a rebase update.

What were updated:
Linux kernel – now based on RHEL 7.6 kernel 3.10.0-957.10.1.el7
QEMU   - 2.12 (was 2.10 in Update 9)
Libvirt – 4.5.0 (was 3.9.0)
CRIU – 3.11 (was 3.10)
QEMU-GA – 3.0.91 (was 2.90)

All linux user space packages correspond now to RHEL 7.6

Best regards,

-Original Message-
From: users-boun...@openvz.org  On Behalf Of Jehan 
PROCACCIA
Sent: Thursday, April 25, 2019 20:12
To: OpenVZ users 
Subject: Re: [Users] [Update] Virtuozzo/OpenVZ 7.0 Update 10 (7.0.10-252)

Hello,

this quite a big update, + 200 packages on my servers , i'll give it a try .

thanks .

- Mail original -
De: "Konstantin Khorenko" 
À: "OpenVZ users" 
Envoyé: Jeudi 25 Avril 2019 18:22:54
Objet: [Users] [Update] Virtuozzo/OpenVZ 7.0 Update 10 (7.0.10-252)

Hi All,

Virtuozzo 7 has got an Update 10 published:
https://virtuozzosupport.force.com/s/article/VZA-2019-028

And corresponding update has been published to OpenVZ 7 as well:
https://download.openvz.org/virtuozzo/releases/openvz-7.0.10-252/

The update contains new kernel: 3.10.0-957.10.1.vz7.85.17,
the list of bugs fixed in the update is in the link for Virtuozzo update above.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] 100.000 openVZ hosts with contaienrs

[Jehan Procaccia]

By the way , do you confirm that there is still no equivalent to 
https://stats.openvz.org/ for kernels 3.x / vz7 ?

I was told :

In OpenVZ7 and VZ7 this functionality is managed by disp-helper, 
https://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-tasks/participating-in-customer-experience-program.html

but:
# systemctl status disp-helper
Unit disp-helper.service could not be found.

although there is a /etc/vz/disp_helper.json , the files it points to 
are note existing

/var/log/collector.log
/var/log/vz-events.log

How can I participate in CEP ?
Can you give us stats regarding VZ7 usage ?

regards .


Le 26/12/2018 à 11:14, Ivan Loginovskikh a écrit :

There's no such equivalent.


-Original Message-
From: Jehan PROCACCIA 
Sent: December 26, 2018 1:10 PM
To: Ivan Loginovskikh 
Cc: OpenVZ users ; Kirill Kolyshkin (Gmail)

Subject: Re: [Users] 100.000 openVZ hosts with contaienrs

thanks , I will keep my vz7 reporting, it helps increase the stats ...
but is there a https://stats.openvz.org/ equivalent for kernels 3.x / vz7 ?

thanks .

Jehan PROCACCIA
Ingénieur Infrastructures Numériques
Membre du comité de pilotage REVE:
Réseau d’Évry Val d'Essonne
+33160764436

9 rue Charles Fourier - 91011 Evry Cedex [ https://www.imt-bs.eu/ |
www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ | www.telecom-
sudparis.eu ]

- Mail original -
De: "Ivan Loginovskikh" 
À: "OpenVZ users" , "Jehan PROCACCIA"

Cc: "Kirill Kolyshkin" 
Envoyé: Lundi 24 Décembre 2018 17:46:02
Objet: RE: [Users] 100.000 openVZ hosts with contaienrs

The previous answer is valid for VZ6. In OpenVZ7 and VZ7 this functionality is
managed by disp-helper,
https://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-
tasks/participating-in-customer-experience-program.html


-Original Message-
From: users-boun...@openvz.org  On

Behalf Of

Vasily Averin
Sent: December 24, 2018 5:41 PM
To: OpenVZ users ; Jehan PROCACCIA

Cc: Kirill Kolyshkin (Gmail) 
Subject: Re: [Users] 100.000 openVZ hosts with contaienrs

On 12/24/18 4:51 PM, Jehan PROCACCIA wrote:

hello

very interesting and complete stats !
do you have the equivalent for openvz/virtuozzo 7 ?
I do use vz6 and vz7, but I can't remember how to enable sending
stats

from the host server ? I would like to check if enable or not.

thanks.

As kernel maintainer I'm not 100% sure, however it seems you can use
prlsrvctl set --set off

https://src.openvz.org/projects/OVZ/repos/prlctl/browse/src/CmdParam.c
p
p#37


- Mail original -
De: "Vasily Averin" 
À: "OpenVZ users" , "Kirill Kolyshkin"



Envoyé: Lundi 24 Décembre 2018 13:40:49
Objet: [Users] 100.000 openVZ hosts with contaienrs

OpenVz statistic shows that number of OpenVz6 hosts with containers

reached 100.000

https://stats.openvz.org/

Hosts with CTs: 100140
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users





___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] [Update] Virtuozzo/OpenVZ 7.0 Update 10 (7.0.10-252)

[Jehan PROCACCIA]

Hello,

this quite a big update, + 200 packages on my servers , i'll give it a try .

thanks .

- Mail original -
De: "Konstantin Khorenko" 
À: "OpenVZ users" 
Envoyé: Jeudi 25 Avril 2019 18:22:54
Objet: [Users] [Update] Virtuozzo/OpenVZ 7.0 Update 10 (7.0.10-252)

Hi All,

Virtuozzo 7 has got an Update 10 published:
https://virtuozzosupport.force.com/s/article/VZA-2019-028

And corresponding update has been published to OpenVZ 7 as well:
https://download.openvz.org/virtuozzo/releases/openvz-7.0.10-252/

The update contains new kernel: 3.10.0-957.10.1.vz7.85.17,
the list of bugs fixed in the update is in the link for Virtuozzo update above.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] 100.000 openVZ hosts with contaienrs

[Jehan PROCACCIA]

thanks , I will keep my vz7 reporting, it helps increase the stats ... 
but is there a https://stats.openvz.org/ equivalent for kernels 3.x / vz7 ? 

thanks .

Jehan PROCACCIA 
Ingénieur Infrastructures Numériques 
Membre du comité de pilotage REVE: 
Réseau d’Évry Val d'Essonne 
+33160764436 

9 rue Charles Fourier - 91011 Evry Cedex 
[ https://www.imt-bs.eu/ | www.imt-bs.eu ] - [ https://www.telecom-sudparis.eu/ 
| www.telecom-sudparis.eu ]

- Mail original -
De: "Ivan Loginovskikh" 
À: "OpenVZ users" , "Jehan PROCACCIA" 

Cc: "Kirill Kolyshkin" 
Envoyé: Lundi 24 Décembre 2018 17:46:02
Objet: RE: [Users] 100.000 openVZ hosts with contaienrs

The previous answer is valid for VZ6. In OpenVZ7 and VZ7 this functionality is 
managed by disp-helper, 
https://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-tasks/participating-in-customer-experience-program.html

> -Original Message-
> From: users-boun...@openvz.org  On Behalf
> Of Vasily Averin
> Sent: December 24, 2018 5:41 PM
> To: OpenVZ users ; Jehan PROCACCIA
> 
> Cc: Kirill Kolyshkin (Gmail) 
> Subject: Re: [Users] 100.000 openVZ hosts with contaienrs
> 
> On 12/24/18 4:51 PM, Jehan PROCACCIA wrote:
> > hello
> >
> > very interesting and complete stats !
> > do you have the equivalent for openvz/virtuozzo 7 ?
> > I do use vz6 and vz7, but I can't remember how to enable sending stats
> from the host server ? I would like to check if enable or not.
> > thanks.
> 
> As kernel maintainer I'm not 100% sure,
> however it seems you can use
> prlsrvctl set --set off
> 
> https://src.openvz.org/projects/OVZ/repos/prlctl/browse/src/CmdParam.cp
> p#37
> 
> > - Mail original -
> > De: "Vasily Averin" 
> > À: "OpenVZ users" , "Kirill Kolyshkin"
> 
> > Envoyé: Lundi 24 Décembre 2018 13:40:49
> > Objet: [Users] 100.000 openVZ hosts with contaienrs
> >
> > OpenVz statistic shows that number of OpenVz6 hosts with containers
> reached 100.000
> >
> > https://stats.openvz.org/
> >
> > Hosts with CTs: 100140
> > ___
> > Users mailing list
> > Users@openvz.org
> > https://lists.openvz.org/mailman/listinfo/users
> >
> > ___
> > Users mailing list
> > Users@openvz.org
> > https://lists.openvz.org/mailman/listinfo/users
> >
> ___
> Users mailing list
> Users@openvz.org
> https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] 100.000 openVZ hosts with contaienrs

[Jehan PROCACCIA]

hello

very interesting and complete stats ! 
do you have the equivalent for openvz/virtuozzo 7 ? 
I do use vz6 and vz7, but I can't remember how to enable sending stats from the 
host server ? I would like to check if enable or not . 
thanks .

- Mail original -
De: "Vasily Averin" 
À: "OpenVZ users" , "Kirill Kolyshkin" 
Envoyé: Lundi 24 Décembre 2018 13:40:49
Objet: [Users] 100.000 openVZ hosts with contaienrs

OpenVz statistic shows that number of OpenVz6 hosts with containers reached 
100.000

https://stats.openvz.org/

Hosts with CTs: 100140
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] restore CT to a different host

[jehan procaccia TEM-TSP]

I found why registering my backup CT failed, in the /vz/private/MyUUID/*
there were some missing files (dot/hidden files) not beeing saved .

now that my backup script does takes all /vz/private/MyUUID/* and .*
file recursivly, moving MyUUID backup folder to a different host, 
allows me to register that manually moved CT :

/# prlctl register /vz/private/MyUUID --preserve-uuid //
/

/Register the virtual environment...//
//The virtual environment has been successfully registered.//
//# prlctl start idm//
//Starting the CT...//
//The CT has been successfully started./

However in the backup process it persist a confusion , the snaphot hdd
is preserved as a reference in root.hdd/DiskDescriptor.xml

indeed , in step2 (rsync) of my  backup script :

/#VARs //
/
/ID=$(uuidgen)//
//VE_PRIVATE=$(vzlist -H -o private $CTUUID)//
/
/#step1 do a snaphost  //
/
/vzctl snapshot $CTUUID --id $ID --skip_dump/
/#step2 backups /vz/private/CTUUID//
/
/cd $VE_PRIVATE/ ;  rsync -avpH . $BACKUPPATH//
/#step 3 remove snapshot merging  snapshot to root.hdd///root.hds
/
/vzctl snapshot-delete $CTUUID --id $ID//
/

in step2, the snapshot is still there, referenced in DiskDescriptor.xml 
, root.hdd directory containing
root.hdd/DiskDescriptor.xml
root.hdd/root.hds
root.hdd/root.hds.{7fb5448c-afd9-4b87-a4d8-4e5089c43ad4}

then what's the need to do a snapshot if finally  I am going to live
copy (rsync) an active snapshot file  , here root.hds.{7fb...}
isn't it breaking all the consistency of the CT to be restored later
from that live backup ?
for me it seems as if saving (rsync) live root.hdd/root.hds in the first
place whitout doing a snapshot is the same consitency pb as with live
backup of root.hds.{7fb...}

I am missunderstanding snapshots advantage for backups ?

Regards .

Le 03/12/2018 à 18:48, Jehan Procaccia a écrit :
> Hello,
>
> I did a backup of my CT by following advices from
> https://forum.openvz.org/index.php?t=msg=13160=0 =>  take a
> snaphot, copy hdd files, delete snapshot .
>
> Now I moved the backup hdd and all file under /vz/private/MyUUID/* to
> a different host .
>
> How can I restore/register that CT to the new host ?
>
> I tried
>
> # prlctl register /vz/private/MyUUID --preserve-uuid
>
> Failed to register the virtual environment:
> PRL_ERR_VZCTL_OPERATION_FAILED (Details: Invalid ctid is specified:
> )
>
> but it fails with the error message above .
>
> did I missed a step ?
>
> I also create from the /etc/vz/conf/ a link to ve.conf
>
> # ln -s /vz/private/4439d07e-4d30-496a-b141-8dfa4df77c4d/ve.conf
> 4439d07e-4d30-496a-b141-8dfa4df77c4d.conf
>
> but it still fails to register the CT .
>
> thanks for your help .
>
>
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] restore CT to a different host

[Jehan Procaccia]

Hello,

I did a backup of my CT by following advices from 
https://forum.openvz.org/index.php?t=msg=13160=0 =>  take a 
snaphot, copy hdd files, delete snapshot .


Now I moved the backup hdd and all file under /vz/private/MyUUID/* to a 
different host .


How can I restore/register that CT to the new host ?

I tried

# prlctl register /vz/private/MyUUID --preserve-uuid

Failed to register the virtual environment: 
PRL_ERR_VZCTL_OPERATION_FAILED (Details: Invalid ctid is specified:

)

but it fails with the error message above .

did I missed a step ?

I also create from the /etc/vz/conf/ a link to ve.conf

# ln -s /vz/private/4439d07e-4d30-496a-b141-8dfa4df77c4d/ve.conf 
4439d07e-4d30-496a-b141-8dfa4df77c4d.conf


but it still fails to register the CT .

thanks for your help .



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] import KVM VM to OVZ7 prlctl

[Jehan PROCACCIA]

Hi, thank  for those links 
I guess that in my case there is no need for to convert to qcow2 format 
(https://help.virtuozzo.com/s/article/17220) 
as my KVM disk image is already in qcow2 , or virtuozzo has its own qcow2 
format ? 

Thanks .

# file /vm/images/myVM.qcow2
/vm/images/myVM.qcow2: QEMU QCOW Image (v3), 64424509440 bytes


- Mail original -
De: "Konstantin Khorenko" 
À: "Jehan PROCACCIA" 
Cc: "OpenVZ users" 
Envoyé: Vendredi 19 Octobre 2018 17:32:32
Objet: Re: [Users] import KVM VM to OVZ7 prlctl

Hi Jehan,

https://help.virtuozzo.com/s/article/17220
https://help.virtuozzo.com/s/article/15955

Hope that helps.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 10/19/2018 05:47 PM, jehan procaccia TEM-TSP wrote:
> hello
>
> I have KVM VMs on a centos 7 host , I want to move it to a virtuozzo 7
> host and import it to the prlctl mangement tools .
>
> I guess I need a least those 2 steps :
>
> 1) Get config : virsh dumpxml VM > VM.xml => move that file to
> virtouzzo7 /etc/libvirt/qemu/
>
> 2) Get HDD :  virsh domblklist to list hdd file => /vm/images/VM.qcow2
> move it to VZ7 => /vz/vmprivate/xxxyyy.../harddisk.hdd
>
> But how can I tell virtuozzo 7 to register that pre-existing VM to it's
> management ,
>
> is there an import tool/command ? is there a service to be restarted next ?
>
> Thanks .
>
>
>
>
> ___
> Users mailing list
> Users@openvz.org
> https://lists.openvz.org/mailman/listinfo/users
>

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] import KVM VM to OVZ7 prlctl

[jehan procaccia TEM-TSP]

hello

I have KVM VMs on a centos 7 host , I want to move it to a virtuozzo 7
host and import it to the prlctl mangement tools .

I guess I need a least those 2 steps :

1) Get config : virsh dumpxml VM > VM.xml => move that file to
virtouzzo7 /etc/libvirt/qemu/

2) Get HDD :  virsh domblklist to list hdd file => /vm/images/VM.qcow2
move it to VZ7 => /vz/vmprivate/xxxyyy.../harddisk.hdd

But how can I tell virtuozzo 7 to register that pre-existing VM to it's
management ,

is there an import tool/command ? is there a service to be restarted next ?

Thanks .




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] VM migrate failed Host CPU does not provide required features: hle, rtm, rdseed...

[Jehan PROCACCIA]

unfortunatly I don't have cpupools command available and yum provides *cpupools 
gives nothing .
is it part of commercial virtuozzo support ? I run Virtuozzo Linux release 7.5
if that's the case, is there an other way to remove required cpu feature from 
the VM and/or host  ?
can I use virt-manager to configure feature or prlct needs to be the only tool 
to manipulate the xml representation of the VM ? 
moreover, I read from le guide that the host node needs to be free of all VM 
and CT to create a cpupools, which is not easy with my heavy loaded hosts .

thanks .

- Mail original -
De: "Vasily Averin" 
À: "OpenVZ users" , "Jehan PROCACCIA" 

Envoyé: Vendredi 7 Septembre 2018 14:57:56
Objet: Re: [Users] VM migrate failed Host CPU does not provide required 
features: hle, rtm, rdseed...

Dear Jahan, 

cpopools should help in this situation, 
it should mask extra CPU features and it enables live migration between the 
nodes. 
https://docs.virtuozzo.com/virtuozzo_7_users_guide/managing-high-availability-clusters/managing-cpu-pools.html
 


On 09/07/2018 03:45 PM, jehan procaccia TEM-TSP wrote: 


Hello 

when I tried to migrate a VM from on virtuozzo 7 host to an other one I get a 
CPU capabilities not provided by destination 

# prlctl migrate myVM root@olympos -v 16 
Logging in 
... 
security_level=2 
PrlCleanup::register_hook: 8780700 
EVENT type=100030 
Migration started. 
EVENT type=11 
EVENT type=100033 
Operation progress ...98%EVENT type=100033 
Operation progress 100% 
EVENT type=100033 
Operation progress ... 0%EVENT type=100031 
Migration cancelled! 
EVENT type=17 
EVENT type=11 

Failed to migrate the VM: Operation failed. Failed to execute the operation. 
(Details: the CPU is incompatible with host CPU: Host CPU does not provide 
*required features: hle, rtm, rdseed, adx, smap, 3dnowprefetch*) 
resultCount: 0 
PrlCleanup::unregister_hook: 8780700 
Logging off 

indeed those capabilities don't show up in the lshw on the destination host (cf 
PS below ) 

alhtough myVM doesn't seem to require those capabilities : 

# virsh edit myVM 
... 

 
hvm 
 
 
 
 
 
 
 
 
Skylake-Client-IBRS 
 
* ** 
** ** 
** ** 
** ** 
** ** 
** * 
 
 
 
 
 
 

1) Is it libvirt or virtuozzo (prlctl) that complains about that ? 

2) how can I tell it to forget about those capabilities ? 

3) should I edit myVM properties with virsh edit or prlct or virt-manager ? 

4) are they all compatible (on can read change done by the other ) ? 

Thanks . 

PS : CPU hardware capabilities on source host : 

# lshw 
description: Rack Mount Chassis 
product: PowerEdge R730 (SKU=NotProvided;ModelName=PowerEdge R730) 
vendor: Dell Inc. 
serial: 63NXMK2 
width: 64 bits 
capabilities: smbios-2.8 dmi-2.8 smp vsyscall32 
*-cpu:0 
description: CPU 
product: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz 
capabilities: lm fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep 
mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe 
syscall nx pdpe1gb rdtscp x86-64 constant_tsc arch_perfmon pebs bts rep_good 
nopl xtopology nonstop_tsc aperfmperf eagerfpu cpuid_faulting pni pclmulqdq 
dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca 
sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand 
lahf_lm abm 3dnowprefetch epb cat_l3 cdp_l3 intel_pt ssbd ibrs ibpb stibp 
tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep 
bmi2 erms invpcid rtm cqm rdt_a *rdseed *adx smap xsaveopt cqm_llc 
cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts spec_ctrl 
intel_stibp flush_l1d cpufreq 
configuration: cores=8 enabledcores=8 threads=16 

on destination (rdseed not listed) 

# lshw 
description: Rack Mount Chassis 
product: PowerEdge R430 (SKU=NotProvided;ModelName=PowerEdge R430) 
vendor: Dell Inc. 
serial: DKYSJD2 
width: 64 bits 
capabilities: smbios-2.8 dmi-2.8 smp vsyscall32 
*-cpu:0 
description: CPU 
product: Intel(R) Xeon(R) CPU E5-2609 v3 @ 1.90GHz 
vendor: Intel Corp. 

capabilities: lm fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep 
mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe 
syscall nx pdpe1gb rdtscp x86-64 constant_tsc arch_perfmon pebs bts rep_good 
nopl xtopology nonstop_tsc aperfmperf eagerfpu cpuid_faulting pni pclmulqdq 
dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca 
sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand 
lahf_lm abm epb ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid 
fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm xsaveopt cqm_llc 
cqm_occup_llc dtherm arat pln pts spec_ctrl intel_stibp flush_l1d cpufreq 
configuration: cores=6 enabledcores=6 threads=6 



___ 
Users mailing list 
Users@openvz.org 
https://lists.openvz.org/mailman/listinfo/users

___
Users

[Users] VM migrate failed Host CPU does not provide required features: hle, rtm, rdseed...

[jehan procaccia TEM-TSP]

Hello

when I tried to migrate a VM  from on virtuozzo 7 host to an other one I
get a CPU capabilities not provided by destination

# prlctl  migrate myVM root@olympos -v 16
Logging in
...
security_level=2
PrlCleanup::register_hook: 8780700
EVENT type=100030
Migration started.
EVENT type=11
EVENT type=100033
Operation progress ...98%EVENT type=100033
Operation progress    100%
EVENT type=100033
Operation progress ... 0%EVENT type=100031
Migration cancelled!
EVENT type=17
EVENT type=11

Failed to migrate the VM: Operation failed. Failed to execute the
operation. (Details: the CPU is incompatible with host CPU: Host CPU
does not provide *required features: hle, rtm, rdseed, adx, smap,
3dnowprefetch*)
resultCount: 0
PrlCleanup::unregister_hook: 8780700
Logging off

indeed those capabilities don't show up in the lshw on the destination
host (cf PS below )

alhtough myVM doesn't seem to require those capabilities :

# virsh edit myVM
...

  
    hvm
  
  
    
    
    
    
  
  
    Skylake-Client-IBRS
    
  *  **
**    **
**    **
**    **
**    **
**    *
    
    
    
    
    
  

1) Is it libvirt or virtuozzo (prlctl) that complains about that ?

2) how can I tell it to forget about those capabilities ?

3) should I edit myVM properties with virsh edit or prlct or virt-manager ?

4) are they all compatible (on can read change done by the other ) ?

Thanks .

PS : CPU hardware capabilities on source host :

# lshw 
    description: Rack Mount Chassis
    product: PowerEdge R730 (SKU=NotProvided;ModelName=PowerEdge R730)
    vendor: Dell Inc.
    serial: 63NXMK2
    width: 64 bits
    capabilities: smbios-2.8 dmi-2.8 smp vsyscall32
 *-cpu:0
  description: CPU
  product: Intel(R) Xeon(R) CPU E5-2620 v4 @ 2.10GHz
 capabilities: lm fpu fpu_exception wp vme de pse tsc msr pae mce cx8
apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2
ss ht tm pbe syscall nx pdpe1gb rdtscp x86-64 constant_tsc arch_perfmon
pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu
cpuid_faulting pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3
sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt
tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch
epb cat_l3 cdp_l3 intel_pt ssbd ibrs ibpb stibp tpr_shadow vnmi
flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms
invpcid rtm cqm rdt_a *rdseed *adx smap xsaveopt cqm_llc cqm_occup_llc
cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts spec_ctrl
intel_stibp flush_l1d cpufreq
  configuration: cores=8 enabledcores=8 threads=16

on destination (rdseed not listed)

# lshw   
    description: Rack Mount Chassis
    product: PowerEdge R430 (SKU=NotProvided;ModelName=PowerEdge R430)
    vendor: Dell Inc.
    serial: DKYSJD2
    width: 64 bits
    capabilities: smbios-2.8 dmi-2.8 smp vsyscall32
  *-cpu:0
  description: CPU
  product: Intel(R) Xeon(R) CPU E5-2609 v3 @ 1.90GHz
  vendor: Intel Corp.
  
  capabilities: lm fpu fpu_exception wp vme de pse tsc msr pae
mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr
sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp x86-64 constant_tsc
arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf
eagerfpu cpuid_faulting pni pclmulqdq dtes64 monitor ds_cpl vmx smx est
tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe
popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm epb ssbd
ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase
tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm xsaveopt cqm_llc
cqm_occup_llc dtherm arat pln pts spec_ctrl intel_stibp flush_l1d cpufreq
  configuration: cores=6 enabledcores=6 threads=6

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] ovz 7 VM bootstrap install OS and VNC

[Jehan Procaccia]

Hello

indeed , you are right, that is the IP address of the host not the one 
of the VM ! now I can remote connect to my new VM with VNC (vinagre) 
using the host IP address , thanks .


but still it boot on CD then PXE , then fails with no boot device ...

Fortunaltly the 
https://help.virtuozzo.com/customer/en/portal/articles/2518267 helped me 
to plug a virt-manager from a linux centos7 to my virtuozzo7 host (those 
packahe apparently not copatible with the virtuozzo 7 host itself)
so I could from virt-manager add a CD graphically to myVM and point it 
to and ISO boot image of the OS I want to install

then I finnaly got a OS on that VM , but I wonder
1) if the usage of virt-manager to add a CD or configure memory, cpu etc 
...would break the native prlct/virtuozzo cli equivalant commands ?
2) if there is a simpler way to install an OS on a VM without all that 
complication to run virt-manager , how to add a CD pointing to an OS ISO 
from command line ?


thanks .


Le 06/09/2018 à 15:41, Denis Silakov a écrit :


Hi, see inline.


On 09/05/2018 07:26 PM, jehan procaccia TEM-TSP wrote:

# prlctl list
UUIDSTATUS   IP_ADDR T  NAME
{aab70e2d-3e9b-49bc-b473-07c3b2f7104e}  running  192.168.1.68   VM myVM

until now everything seems fine

exept  I cannot connect to the VM via VNC nor I can ping it .



Which IP do you use when connecting by VNC? It should be IP of the 
host, not VM.



How can I install the OS on it from here ? did I missed something ?

with KVM I used to start a virt-manager on the host to do that , is 
it possible to install virt-manager or it will break virtuozzo ?





Should be possible:

https://help.virtuozzo.com/customer/en/portal/articles/2518267

--
Regards,

Denis Silakov | Sr. Software Architect, Virtuozzo Linux Team Lead
Otradnaya street 2B/9, “Otradnoye” Business Center | Moscow | Russia
Phone: +7 916-222-9437 |dsila...@virtuozzo.com
Skype: denis.silakov

Virtuozzo.com


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] ovz 7 VM bootstrap install OS and VNC

[jehan procaccia TEM-TSP]

Hello

I connot find a way to install the OS on a newly created VM on a host 
Virtuozzo Linux release 7.5

I've followed the doc on how to create VM:
https://docs.openvz.org/openvz_users_guide.webhelp/_creating_virtual_machines.html
(still not clear to me which one from docs.openvz.org docs.virtuozzo.com
to follow ...) 

prlctl create myMV
prlctl installtools myVM
prlctl set myVM --device-set net0 --ipadd 192.168.1.68/24
prlctl set myVM --nameserver 192.168.1.1
prlctl set myVM --gw 192.168.1.1

then regarding

https://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-tasks/enabling-vnc-access-to-virtual-machines-and-containers.html

i've created a VNC acces + password

prlctl set myVM --vnc-mode manual --vnc-port 5901 --vnc-passwd myVMpass

added the VM net0 interface to the correct network/vlan on my host
virtuozzo 7

prlctl set myVM --device-set net0 --network vlan1
# brctl show
br1 8000.1866dabdc8b6   yes em2.1
vme001c426ab342

then started it (prlctl start myVM)

# prlctl list
UUIDSTATUS   IP_ADDR T  NAME
{aab70e2d-3e9b-49bc-b473-07c3b2f7104e}  running  192.168.1.68   VM myVM

until now everything seems fine

exept  I cannot connect to the VM via VNC nor I can ping it .

How can I install the OS on it from here ? did I missed something ?

with KVM I used to start a virt-manager on the host to do that , is it
possible to install virt-manager or it will break virtuozzo ?

Thanks .



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] simfs support

[Jehan PROCACCIA]

Hello

virtuozzo7 based on centos7 (as I understood) is good to us
I think it is still possible to deploy openVZ7 on other distribs, probably 
painfull though ...add packages manually and patch kernel !

regarding the subject of this thread , simfs has the advandtage to have the 
filesytem of the Container as a directory tree on the host
that allows for incremental backups to be run on the hosts without over heating 
the backup server, whereas the ploop file change globally which make backup 
much more heavy .
perhaps there's a workaround, but I understood tha ploop FS has lot of 
advantages:
https://www.lowendtalk.com/discussion/37153/openvz-simfs-vs-ploop
http://openvz.org/Ploop/Why => not found anymore !? has it been moved ? 

if it's not hard for the dev team to maintain simfs stable in virtuozzo7 (at 
least without quota support) that would be a +
so I'll vote +1 
but if there's a way to optimize incremental backups with ploop , simfs will 
not be valuable to me .

regards .

- Mail original -
De: "Narcis Garcia" 
À: "OpenVZ users" 
Envoyé: Mercredi 4 Juillet 2018 07:51:55
Objet: Re: [Users] simfs support

Same here, but using Devuan for OpenVZ6.


El 03/07/18 a les 23:18, spameden ha escrit:
> We're moving away from OpenVZ7 due distribution lock-in, though still
> using OpenVZ6 on some Debian hosts.
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] openvz 7 CT and VM live backups with snapshots

[Jehan Procaccia]

hello,

I am confused about live backups in openvz 7

1) is it available without subscription/licence ? from 
https://openvz.org/Comparison Integrated Backup is mark as No


2) does prlctl backup is the way to go ? I tried it without success :

prlctl backup idm
Backing up the CT idm
Failed to backup the CT: Operation failed. Backup client is not installed

3)**if 1) and/or 2) negative,then should I use vzctl snapshot as in 
https://openvz.org/Ploop/Backup and/ or


‘vzctl snapshot $CTID –skip_dump’ cf 
https://lists.openvz.org/pipermail/users/2017-March/007249.html**

is it compatible to use vzctl in conjonction with prlctl ?

does this mean that --skip_dump is the equivalent of --skip-suspend
+ --skip-config ? it allows for a snapshot to be taken while the CT 
keeps running

(not suspended) ?

Thanks .


**

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] X86_BUG_CPU_INSECURE

[Jehan Procaccia]

you were right, waiting overnight for mirrors to get updated, now I do 
have an kernel update


# uname -a
Linux  3.10.0-693.11.6.vz7.40.4 #1 SMP Fri Jan 5 21:20:16 MSK 2018 
x86_64 x86_64 x86_64 GNU/Linux


# rpm -q --changelog  vzkernel-3.10.0-693.11.6.vz7.40.4.x86_64 | more
* sam. janv. 06 2018 Konstantin Khorenko <khore...@virtuozzo.com> 
[3.10.0-693.11.6.vz7.40.4]
- vznetstat: Convert some kmalloc()/kfree() to __vmalloc()/vfree() 
(Kirill Tkhai) [PSBM-79502]

- vznetstat: Add protection to venet_acct_set_classes() (Kirill Tkhai)
- ms/mm/mempolicy: Add cond_resched() in queue_pages_pte_range() (Andrey 
Ryabinin) [PSBM-79273]
- ms/sctp: do not peel off an assoc from one netns to another one (Xin 
Long) [PSBM-79325]

- ve: fix container stopped state check (Stanislav Kinsburskiy) [PSBM-78078]
...

no CVE mentioned , but I guess that these changes are related to 
meltdown and spectre !?


Thanks

Le 09/01/2018 à 21:51, Konstantin Bukharov a écrit :

Hello Jehan,

Looks reasonable for me.
Your FR mirrors for openvz-os & openvz-updates are just not in sync with out 
last update.

Best regards,
Konstantin

PS. You could see list of required packages by URL provided by Vasiliy below:
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/


-Original Message-----
From: Jehan Procaccia [mailto:jehan.procac...@it-sudparis.eu]
Sent: Tuesday, January 9, 2018 23:43
To: OpenVZ users <users@openvz.org>; Konstantin Bukharov <b...@virtuozzo.com>; 
Vasiliy Averin <v...@virtuozzo.com>
Subject: Re: [Users] X86_BUG_CPU_INSECURE

here is my repolist -v , let me know if I miss some repos ?

thanks

# yum repolist -v
Loading "fastestmirror" plugin
Loading "langpacks" plugin
Loading "openvz" plugin
Loading "priorities" plugin
Loading "product-id" plugin
Loading "refresh-packagekit" plugin
Loading "rhsm-auto-add-pools" plugin
Loading "search-disabled-repos" plugin
Not loading "subscription-manager" plugin, as it is disabled
Loading "vzlinux" plugin
Adding en_US.UTF-8 to language list
Config time: 0.069
Yum version: 3.4.3
Trying to discover and attach new pools
Loading mirror speeds from cached hostfile
   * openvz-os: ftp.lip6.fr
   * openvz-updates: ftp.lip6.fr
Setting up Package Sacks
   --> anaconda-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
excluded (priority)
   --> anaconda-core-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
excluded (priority)
   --> anaconda-dracut-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
excluded (priority)
   --> anaconda-gui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
excluded (priority)
   --> anaconda-tui-21.48.22.121-3.vl7.x86_64 from virtuozzolinux-base
excluded (priority)
   --> anaconda-widgets-21.48.22.121-3.vl7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> anaconda-widgets-devel-21.48.22.121-3.vl7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> crit-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority)
   --> criu-2.3-2.vl7.x86_64 from virtuozzolinux-base excluded (priority)
   --> ipxe-bootimgs-20170123-1.git4e85b27.vl7.1.noarch from
virtuozzolinux-base excluded (priority)
   --> ipxe-roms-20170123-1.git4e85b27.vl7.1.noarch from
virtuozzolinux-base excluded (priority)
   --> ipxe-roms-qemu-20170123-1.git4e85b27.vl7.1.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-1.28.1-1.55.vl7.7.x86_64 from virtuozzolinux-base
excluded (priority)
   --> 1:libguestfs-bash-completion-1.28.1-1.55.vl7.7.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-devel-1.28.1-1.55.vl7.7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-gobject-1.28.1-1.55.vl7.7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-gobject-devel-1.28.1-1.55.vl7.7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-gobject-doc-1.28.1-1.55.vl7.7.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-java-1.28.1-1.55.vl7.7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-java-devel-1.28.1-1.55.vl7.7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-javadoc-1.28.1-1.55.vl7.7.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-man-pages-ja-1.28.1-1.55.vl7.7.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-man-pages-uk-1.28.1-1.55.vl7.7.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-tools-1.28.1-1.55.vl7.7.noarch from
virtuozzolinux-base excluded (priority)
   --> 1:libguestfs-tools-c-1.28.1-1.55.vl7.7.x86_64 from
virtuozzolinux-base excluded (priority)
   --> libvirt-2.0.0-10.vl7.5.x86_64 from virtuozzolinux-base excluded
(priority)
   --> libvirt-client-2.0.0-10.vl7.5.i686 from virtuozzolinux-base
excluded (priority)
   --

Re: [Users] X86_BUG_CPU_INSECURE

[Jehan Procaccia]

Does this concern "free/not-licenced" virtuozzo 7 ?
I don't beneficiate of "ready-kernel" in that case, did you issued an 
exeptionnal out of cycle (3 mouths) updates ?


here's my situation that is not clear :

# cat /etc/redhat-release
Virtuozzo Linux release 7.4

# uname -a
Linux myserver.domain.fr 3.10.0-693.1.1.vz7.37.30 #1 SMP Wed Nov 15 
20:42:09 MSK 2017 x86_64 x86_64 x86_64 GNU/Linux


when I issued a yum update I got  kmod  packages , are these a meltdown 
& spectre patches ?

Mise à jour :
 kmod    x86_64 20-15.vl7.6   
virtuozzolinux-base   120 k
 kmod-libs   x86_64 20-15.vl7.6   
virtuozzolinux-base    50 k


not sure regarding changelogs dates :

# rpm -q --changelog kmod-20-15.vl7.6.x86_64 | more
* jeu. nov. 16 2017 Yauheni Kaliuta  - 20-15.el7_4.6
- Backport external directories support.
  Related: rhbz#1511943.
...

thanks for your precisions .

regards .


Le 09/01/2018 à 10:22, Vasily Averin a écrit :

OpenVZ7 update was released.

It includes new kenrel, criu, qemu-kvm and libvirt.

https://download.openvz.org/virtuozzo/releases/openvz-7.0.6-509/
https://download.openvz.org/virtuozzo/releases/7.0/x86_64/os/repoview/

Thank you,
Vasily Averin

On 2018-01-06 14:40, Vasily Averin wrote:

We have released fixed RHEL6-based kernel,
please update your nodes to 2.6.32-042stab127.2 kernel

Thank you,
Vasily Averin

On 2018-01-04 06:03, Alex Kobets wrote:

Hi,


Virtuozzo will release the kernel with fix asap.

We have it under testing right now


Thank you,

Alex

--
*From:* users-boun...@openvz.org  on behalf of Hristo Benev 

*Sent:* Wednesday, January 3, 2018 6:39:10 PM
*To:* zoo...@gmail.com; OpenVZ users
*Subject:* Re: [Users] X86_BUG_CPU_INSECURE
  

 Оригинално писмо 
От: Benjamin Henrion zoo...@gmail.com
Относно: [Users] X86_BUG_CPU_INSECURE
До: "OpenVZ users list. This is THE list you need." 
Изпратено на: 03.01.2018 03:02



Hi,

Just reading this:

https://amp.reddit.com/r/sysadmin/comments/7nl8r0/intel_bug_incoming/

Xen seems to have a pending patch to be release this week, but people
are speculating now that you could bypass the entire isolation process
provided by any hypervisor.

Wait and see how this will be exploited, but you can be sure there
will be exploits soon in the wild.

The patch for software mitigation seems to be big and performance impacting.

But that would probably mean that containers can be bypassed.

Wait and see,

--
Benjamin Henrion (zoobab)
Email: zoobab at gmail.com
Mobile: +32-484-566109
Web: http://www.zoobab.com
FFII.org Brussels
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


https://spectreattack.com

States that OpenVZ might be affected.
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users





___
Users mailing list
Users@openvz.org

Re: [Users] Virtuozzo 7 snapshots

[Jehan Procaccia]

Hello

back to that thread regarding snapshots, indeed option --skip_dump seems 
to work fine, but I cannot find a doc on it, is it undocumented ?


I want to backup openVZ 7 CTs and have read that Legacy vz6 method 
should work fine

so from https://openvz.org/Ploop/Backup
I presume I should replace

vzctl snapshot$CTID --id $ID --skip-suspend --skip-config

with

vzctl snapshot $CTID --skip_dump

but does this mean that --skip_dump is the equivalent of --skip-suspend  
+ --skip-config ?  it allows for a snapshot that keeps the CT running 
(no suspend) ?


One more question, based on
https://openvz.org/Ploop/Backup#File-based_backup

I understand that backing up a vzctl snapshot-mount ,

# Take a snapshot without suspending a CT and saving its config
vzctl snapshot$CTID --id $ID --skip-suspend --skip-config

# Mount the snapshot taken
vzctl snapshot-mount$CTID --id $ID --target $MNTDIR

# Perform a backup using your favorite backup tool
# (tar is just an example)
tar cf backup.tar $MNTDIR



 will only backup the files modified since the last snapshot, not the 
whole CT (latest snapshot + base root.hdd/root.hds ) , I am correct ?


If there is an up2date method to live backup  (withoud stopping the CT)  
for Vz7 please let me know .


Regards

Le 23/03/2017 12:22, Konstantin Bukharov a écrit :


Hello,

Please try ‘vzctl snapshot $CTID –skip_dump’

Best regards,

Konstantin

*From:*users-boun...@openvz.org [mailto:users-boun...@openvz.org] *On 
Behalf Of *?? ?

*Sent:* Monday, March 20, 2017 9:30
*To:* users@openvz.org
*Subject:* [Users] Virtuozzo 7 snapshots

Hello,

After upgrade to virtuozzo 7, I have found, that command `prlctl 
snapshot` now miss flag `--skip-suspend`.


So, when I try to backup my containers - they are suspended, miss 
connections, and act as unavailable for a time.


Do you know, how prevent it and backup whole ploop disk without 
down-time? OpenVZ 6 could.


--

Maxim Muzafarov

DevOps

https://*KudaGo*.com 



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] How OVZ community treats Vz7

[Jehan Procaccia]

Hello list,

are  there conclusions on this "survey" ?

we are please to move from our openVZ6 to Vz7 , but still questionning :
1) will it be possible to backup  CTs , regarding 
https://forum.openvz.org/index.php?t=msg=13160=0 it is 
challenging !?
2) as an academic institution, we cannot  move to commercial virtuozzo7 
(yet), will we loose features by moving  from vz6 to Vz7 (other than 1) 
backup !) , is https://openvz.org/Comparison up2date ?
3) what is the core of CTs in Vz7 , proxmox 4 uses LXC, others uses 
docker or whatever ... I am curious to know on what technology are based 
CTs in openvz 7 ?
4) what is the "market share" of virtuozzo7 and Vz7 , is there an 
independant study or internal stats featuring virtualization solutions 
usage over ISPs, hosting companies and other institutions ? what is the 
place of virtuozzo7 and/or community Vz7 in this world ?


Regards .


Le 12/06/2017 à 09:44, Narcis Garcia a écrit :

 From the point of view of support, comparing to LXC and Xen, I see
OpenVZ6 as the best professionally supported solution for containers in
a standard operating system.

LXC improves year to year, and supports more architectures, but OpenVZ6
has been allways more mature and better prepared for production in any
x86 scenario, thanks to its development & support team.

The commercial support is very important to recommend it to all
companies using this containers solution, to allow Odin Inc. to maintain
this level of quality and compatibility.


El 11/06/17 a les 23:02, jjs - mainphrame ha escrit:

I campaigned to bring Virtuozzo Linux containers to my company, and used
them from 2010-2013, when I left. Naturally I loved the killer features
like vzfs, live migration, the web management console, etc. The tech
support guys in Moscow were top notch, and on one occasion tracked down
a show stopper kernel bug that came from upstream RHEL.

During that time, I also continued to use openvz for side jobs, and
while not quite as nifty as the commercial version, it was still very
stable and capable.

When ovz 7 came out, I started using the beta versions for my own
internal servers - postfix, apache, mysql, bind. Originally it was
installed on top of Centos 7, then vzlinux became a distro on it's own.
I've been very happy with it, and it's been stable here, with the
exception of a few problems which have since been sorted out.

I also have lxc and lxd containers running here, and I find the ovz
containers to be better in my experience, though lxd has been making
great strides to catch up.

As far as the VMs, I haven't ever used the ovz variety. I've looked at
the docs for ovz VMs, and made a few fledgling attempts, but frankly,
Virtualbox is so quick and easy, a no brainer to set up a VM on the odd
occasion that I need to set one up, and quick and easy always wins.

I have not have an opportunity to use the commercial version of vzlinux,
but based on my experience with ovz 7, and the excellent tech support I
remember from the my time using the Virtuozzo Linux containers, I would
definitely recommend it to any employer looking to virtualize their
Linux infrastructure in future.

Jake

On Tue, May 30, 2017 at 1:46 AM, Vasily Averin > wrote:

 Dear OpenVZ users,

 could you please share your feedback on Vz7?

 How do you perceive Virtuozzo VMs vs others (Oracle or KVM VMs) ?

 How do you perceive Virtuozzo Containers vs others (Oracle
 containers, Docker containers, etc) ?
 Thank you,
 Vasily Averin
 ___
 Users mailing list
 Users@openvz.org 
 https://lists.openvz.org/mailman/listinfo/users
 




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] How OVZ community treats Vz7

[Jehan Procaccia]

Le 31/05/2017 à 11:20, Pavel Emelyanov a écrit :

On 05/30/2017 06:18 PM, Jehan Procaccia wrote:

Le 30/05/2017 à 10:46, Vasily Averin a écrit :

Dear OpenVZ users,

could you please share your feedback on Vz7?

How do you perceive Virtuozzo VMs vs others (Oracle or KVM VMs) ?

I appreciate the use of prlctl to list and manage  my VM and CT in one
single tool

BTW, how do you make a choice which on (CT or VM) to use when you create
one? Is there any automation you use?

I choose between VM or CT manually ,
when I need a service that is using deep kernel base services (VPN, 
firewall, HA-LVS, probe network ...) I choose a VM

when it's for basic services a CT



as a OpenVz7 admin, I am missing live backup/snapshot of my KVMs , I
know it is available commercialy through virtuozzo7 though ...
aside virtuozzo OS I also use KVM on traditional centos 7 distrib, but I
really appreciate the mixe of KVM and CT on a single host provided by OVz7
the 3 mounths wait for kernel updates can also be an issue, but again I
understand it is a way to drive us to the commercial version .

How do you perceive Virtuozzo Containers vs others (Oracle containers, Docker 
containers, etc) ?

I don't use/know Oracle containers, neither LXC , regarding Dockers for
me it is a different concept, not a full VM  but an application
container dedicated to a specific and temporal job

Would you like to see support for such kind of ... entities on the OpenVZ host?
Or inside CT/VM? Or at all somewhere in your server room :)
by "kind of entities", you mean "application container dedicated to a 
specific and temporal job" kind of Dockers ?
I don't need tham right now , but if it comes a day ... more probably as 
an entity on the OpenVZ host .




___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] How OVZ community treats Vz7

[Jehan Procaccia]

Le 30/05/2017 à 10:46, Vasily Averin a écrit :

Dear OpenVZ users,

could you please share your feedback on Vz7?

How do you perceive Virtuozzo VMs vs others (Oracle or KVM VMs) ?
I appreciate the use of prlctl to list and manage  my VM and CT in one 
single tool
as a OpenVz7 admin, I am missing live backup/snapshot of my KVMs , I 
know it is available commercialy through virtuozzo7 though ...
aside virtuozzo OS I also use KVM on traditional centos 7 distrib, but I 
really appreciate the mixe of KVM and CT on a single host provided by OVz7
the 3 mounths wait for kernel updates can also be an issue, but again I 
understand it is a way to drive us to the commercial version .


How do you perceive Virtuozzo Containers vs others (Oracle containers, Docker 
containers, etc) ?
I don't use/know Oracle containers, neither LXC , regarding Dockers for 
me it is a different concept, not a full VM  but an application 
container dedicated to a specific and temporal job
We use OVz7 Containers[CT] as complete servers environonement with IP, 
firewall, local account, kind of a full VM for long term services but 
with very low hardware footprint .
we were and still use OpenVZ6 CT and need them to migrate a "RHEL 7" 
base host provided by virtuozzo 7



Thank you,
Vasily Averin
___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users



___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] firewalld in vz 7 CT doesn't work anymore

[Jehan Procaccia]

Yes that the only change I can remember of  (yum update inside a centos 
7 CT)


Le 03/05/2017 à 11:05, Konstantin Khorenko a écrit :

Hi Jehan,

please clarify - what exactly did you update?

Did you perform "yum update" inside a CentOS 7 Container?

Thank you.

--
Best regards,

Konstantin Khorenko,
Virtuozzo Linux Kernel Team

On 05/03/2017 11:23 AM, Jehan Procaccia wrote:

Hello

since last update (apparently) my CT with firewalld doesn't work anymore

CT-db256406 ~# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; 
enabled; vendor preset: enabled)

   Active: active (running) since Wed 2017-05-03 08:16:42 UTC; 7s ago
 Docs: man:firewalld(1)
 Main PID: 759 (firewalld)
   CGroup: /system.slice/firewalld.service
   └─759 /usr/bin/python -Es /usr/sbin/firewalld --nofork 
--nopid --debug=8


May 03 08:16:41 smtpe systemd[1]: Starting firewalld - dynamic 
firewall daemon...
May 03 08:16:42 smtpe systemd[1]: Started firewalld - dynamic 
firewall daemon.
May 03 08:16:42 smtpe firewalld[759]: WARNING: 
'/usr/sbin/ebtables-restore --noflush' failed:

May 03 08:16:42 smtpe firewalld[759]: ERROR: COMMAND_FAILED

I did set prlctl set CTname --netfilter stateful on the host, it 
worked fine for the last 6 mounths , but now it fails


# rpm -q firewalld
firewalld-0.4.3.2-8.1.el7_3.2.noarch
# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
# uname -a
Linux smtpe 3.10.0 #1 SMP Tue Dec 20 13:52:43 MSK 2016 x86_64 x86_64 
x86_64 GNU/Linux


these are the last hundred of lines in /var/log/firewalld in debug=4 
mode


# grep debug /etc/sysconfig/firewalld
# possible values: --debug
FIREWALLD_ARGS='--debug=4'

...

2017-05-03 07:53:22 DEBUG2: 'firewall.core.ebtables.ebtables'>: /usr/sbin/ebtables-restore 
/run/firewalld/temp.aC9x_O: 411

   1: *filter
   2: -F
   3: -X
   4: -Z
   5: -N INPUT_direct -P RETURN
   6: -I INPUT 1 -j INPUT_direct
   7: -N OUTPUT_direct -P RETURN
   8: -I OUTPUT 1 -j OUTPUT_direct
   9: -N FORWARD_direct -P RETURN
  10: -I FORWARD 1 -j FORWARD_direct
  11: *broute
  12: -F
  13: -X
  14: -Z
  15: *nat
  16: -F
  17: -X
  18: -Z
  19: -N PREROUTING_direct -P RETURN
  20: -I PREROUTING 1 -j PREROUTING_direct
  21: -N POSTROUTING_direct -P RETURN
  22: -I POSTROUTING 1 -j POSTROUTING_direct
  23: -N OUTPUT_direct -P RETURN
  24: -I OUTPUT 1 -j OUTPUT_direct
2017-05-03 07:53:22 WARNING: '*/usr/sbin/ebtables-restore --noflush' 
failed: *
2017-05-03 07:53:22 DEBUG2: 'firewall.core.ipXtables.ip4tables'>: /usr/sbin/iptables-restore 
/run/firewalld/temp.MDuwzR: 1384

   1: *filter
   2: -D OUTPUT -j OUTPUT_direct
   3: -X OUTPUT_direct
   4: -D FORWARD -j REJECT --reject-with icmp-host-prohibited
   5: -D FORWARD -m conntrack --ctstate INVALID -j DROP
   6: -D FORWARD -j FORWARD_OUT_ZONES
   7: -D FORWARD -j FORWARD_OUT_ZONES_SOURCE
   8: -D FORWARD -j FORWARD_IN_ZONES
   9: -D FORWARD -j FORWARD_IN_ZONES_SOURCE
  10: -D FORWARD -j FORWARD_direct
  11: -D FORWARD -i lo -j ACCEPT
  12: -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j 
ACCEPT

  13: -X FORWARD_OUT_ZONES
  14: -X FORWARD_OUT_ZONES_SOURCE
  15: -X FORWARD_IN_ZONES
  16: -X FORWARD_IN_ZONES_SOURCE
  17: -X FORWARD_direct
  18: -D INPUT -j REJECT --reject-with icmp-host-prohibited
  19: -D INPUT -m conntrack --ctstate INVALID -j DROP
  20: -D INPUT -j INPUT_ZONES
  21: -D INPUT -j INPUT_ZONES_SOURCE
  22: -D INPUT -j INPUT_direct
  23: -D INPUT -i lo -j ACCEPT
  24: -D INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  25: -X INPUT_ZONES
  26: -X INPUT_ZONES_SOURCE
  27: -X INPUT_direct
  28: -Z
  29: -X
  30: -F
  31: COMMIT
  32: *raw
  33: -D OUTPUT -j OUTPUT_direct
  34: -X OUTPUT_direct
  35: -D PREROUTING -j PREROUTING_direct
  36: -X PREROUTING_direct
  37: -Z
  38: -X
  39: -F
  40: COMMIT
  41: *mangle
  42: -D FORWARD -j FORWARD_direct
  43: -X FORWARD_direct
  44: -D OUTPUT -j OUTPUT_direct
  45: -X OUTPUT_direct
  46: -D INPUT -j INPUT_direct
  47: -X INPUT_direct
  48: -D POSTROUTING -j POSTROUTING_direct
  49: -X POSTROUTING_direct
  50: -D PREROUTING -j PREROUTING_ZONES
  51: -D PREROUTING -j PREROUTING_ZONES_SOURCE
  52: -X PREROUTING_ZONES
  53: -X PREROUTING_ZONES_SOURCE
  54: -D PREROUTING -j PREROUTING_direct
  55: -X PREROUTING_direct
  56: -Z
  57: -X
  58: -F
  59: COMMIT

2017-05-03 07:53:22 DEBUG2: 'firewall.core.ipXtables.ip6tables'>:*/usr/sbin/ip6tables-restore 
/run/firewalld/temp.xFcRvF:* 1384

   1: *filter
   2: -D OUTPUT -j OUTPUT_direct
   3: -X OUTPUT_direct
   4: -D FORWARD -j REJECT --reject-with i

[Users] firewalld in vz 7 CT doesn't work anymore

[Jehan Procaccia]

Hello

since last update (apparently) my CT with firewalld doesn't work anymore

CT-db256406 ~# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; 
vendor preset: enabled)

   Active: active (running) since Wed 2017-05-03 08:16:42 UTC; 7s ago
 Docs: man:firewalld(1)
 Main PID: 759 (firewalld)
   CGroup: /system.slice/firewalld.service
   └─759 /usr/bin/python -Es /usr/sbin/firewalld --nofork 
--nopid --debug=8


May 03 08:16:41 smtpe systemd[1]: Starting firewalld - dynamic firewall 
daemon...
May 03 08:16:42 smtpe systemd[1]: Started firewalld - dynamic firewall 
daemon.
May 03 08:16:42 smtpe firewalld[759]: WARNING: 
'/usr/sbin/ebtables-restore --noflush' failed:

May 03 08:16:42 smtpe firewalld[759]: ERROR: COMMAND_FAILED

I did set prlctl set CTname --netfilter stateful on the host, it worked 
fine for the last 6 mounths , but now it fails


# rpm -q firewalld
firewalld-0.4.3.2-8.1.el7_3.2.noarch
# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
# uname -a
Linux smtpe 3.10.0 #1 SMP Tue Dec 20 13:52:43 MSK 2016 x86_64 x86_64 
x86_64 GNU/Linux


these are the last hundred of lines in /var/log/firewalld in debug=4 mode

# grep debug /etc/sysconfig/firewalld
# possible values: --debug
FIREWALLD_ARGS='--debug=4'

...

2017-05-03 07:53:22 DEBUG2: : 
/usr/sbin/ebtables-restore /run/firewalld/temp.aC9x_O: 411

   1: *filter
   2: -F
   3: -X
   4: -Z
   5: -N INPUT_direct -P RETURN
   6: -I INPUT 1 -j INPUT_direct
   7: -N OUTPUT_direct -P RETURN
   8: -I OUTPUT 1 -j OUTPUT_direct
   9: -N FORWARD_direct -P RETURN
  10: -I FORWARD 1 -j FORWARD_direct
  11: *broute
  12: -F
  13: -X
  14: -Z
  15: *nat
  16: -F
  17: -X
  18: -Z
  19: -N PREROUTING_direct -P RETURN
  20: -I PREROUTING 1 -j PREROUTING_direct
  21: -N POSTROUTING_direct -P RETURN
  22: -I POSTROUTING 1 -j POSTROUTING_direct
  23: -N OUTPUT_direct -P RETURN
  24: -I OUTPUT 1 -j OUTPUT_direct
2017-05-03 07:53:22 WARNING: '*/usr/sbin/ebtables-restore --noflush' 
failed: *
2017-05-03 07:53:22 DEBUG2: : 
/usr/sbin/iptables-restore /run/firewalld/temp.MDuwzR: 1384

   1: *filter
   2: -D OUTPUT -j OUTPUT_direct
   3: -X OUTPUT_direct
   4: -D FORWARD -j REJECT --reject-with icmp-host-prohibited
   5: -D FORWARD -m conntrack --ctstate INVALID -j DROP
   6: -D FORWARD -j FORWARD_OUT_ZONES
   7: -D FORWARD -j FORWARD_OUT_ZONES_SOURCE
   8: -D FORWARD -j FORWARD_IN_ZONES
   9: -D FORWARD -j FORWARD_IN_ZONES_SOURCE
  10: -D FORWARD -j FORWARD_direct
  11: -D FORWARD -i lo -j ACCEPT
  12: -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  13: -X FORWARD_OUT_ZONES
  14: -X FORWARD_OUT_ZONES_SOURCE
  15: -X FORWARD_IN_ZONES
  16: -X FORWARD_IN_ZONES_SOURCE
  17: -X FORWARD_direct
  18: -D INPUT -j REJECT --reject-with icmp-host-prohibited
  19: -D INPUT -m conntrack --ctstate INVALID -j DROP
  20: -D INPUT -j INPUT_ZONES
  21: -D INPUT -j INPUT_ZONES_SOURCE
  22: -D INPUT -j INPUT_direct
  23: -D INPUT -i lo -j ACCEPT
  24: -D INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  25: -X INPUT_ZONES
  26: -X INPUT_ZONES_SOURCE
  27: -X INPUT_direct
  28: -Z
  29: -X
  30: -F
  31: COMMIT
  32: *raw
  33: -D OUTPUT -j OUTPUT_direct
  34: -X OUTPUT_direct
  35: -D PREROUTING -j PREROUTING_direct
  36: -X PREROUTING_direct
  37: -Z
  38: -X
  39: -F
  40: COMMIT
  41: *mangle
  42: -D FORWARD -j FORWARD_direct
  43: -X FORWARD_direct
  44: -D OUTPUT -j OUTPUT_direct
  45: -X OUTPUT_direct
  46: -D INPUT -j INPUT_direct
  47: -X INPUT_direct
  48: -D POSTROUTING -j POSTROUTING_direct
  49: -X POSTROUTING_direct
  50: -D PREROUTING -j PREROUTING_ZONES
  51: -D PREROUTING -j PREROUTING_ZONES_SOURCE
  52: -X PREROUTING_ZONES
  53: -X PREROUTING_ZONES_SOURCE
  54: -D PREROUTING -j PREROUTING_direct
  55: -X PREROUTING_direct
  56: -Z
  57: -X
  58: -F
  59: COMMIT

2017-05-03 07:53:22 DEBUG2: 'firewall.core.ipXtables.ip6tables'>:*/usr/sbin/ip6tables-restore 
/run/firewalld/temp.xFcRvF:* 1384

   1: *filter
   2: -D OUTPUT -j OUTPUT_direct
   3: -X OUTPUT_direct
   4: -D FORWARD -j REJECT --reject-with icmp6-adm-prohibited
   5: -D FORWARD -m conntrack --ctstate INVALID -j DROP
   6: -D FORWARD -j FORWARD_OUT_ZONES
   7: -D FORWARD -j FORWARD_OUT_ZONES_SOURCE
   8: -D FORWARD -j FORWARD_IN_ZONES
   9: -D FORWARD -j FORWARD_IN_ZONES_SOURCE
  10: -D FORWARD -j FORWARD_direct
  11: -D FORWARD -i lo -j ACCEPT
  12: -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  13: -X FORWARD_OUT_ZONES
  14: -X 

Re: [Users] prlctl migrate on vz7 fail

[Jehan Procaccia]

Hello

I finally found a way to use prlctl  migrate
is was only a pb of firewall !
as soon as I opened the firewall on the destination hosts it worked fine .
However I would like to know which ports a necessary , for now I openned 
whole scope from 0 to 65535 on the destatition server

but I would rather open only necessary ports .

Thanks .


Le 28/02/2017 à 21:40, Jehan Procaccia a écrit :

Ok for the debug/verbose option (-v 10),
now I do have more information about the faillure :

# prlctl  migrate ct1 r...@hwnode2.domain.fr -v 10
Logging in
server uuid={8972f685-6ae8-43e3-8742-acd4b2045dc0}
sessionid={9935b880-ee75-488a-a4b5-de52b98f2dec}
The virtual machine found: ct1
Migrate the VM ct1 on hwnode2.domain.fr  ()
security_level=0
PrlCleanup::register_hook: 205fad0
*EVENT type=100031**
**Migration cancelled!*

Failed to migrate the VM: Unable to establish a connection between 
"hwnode2.domain.fr" and "hwnode1.domain.fr". The network connection 
between these servers may be broken, or one of the servers may be 
down. Contact your Parallels Server administrator for assistance.

resultCount: 0
PrlCleanup::unregister_hook: 205fad0
Logging off

what means *EVENT type=100031* ?*

*Thanks .


Le 24/02/2017 11:03, Sabine Jordan a écrit :

Hello Jehan,

you can just add -v 10 to the prlctl command to see debug information

Greetings, Sabine

Am 23.02.2017 um 13:09 schrieb Jehan Procaccia 
<jehan.procac...@tem-tsp.eu>:




same error without  the password
yes I can ssh in both direction, whitout password beacause I echange 
keys (ssh-copi-id)
Is there a way to debug ? run the migrate process in verbose or 
debug mode ?


thanks .

Le 23/02/2017 à 10:56, Nerijus Kriaučiūnas a écrit :

Try to migrate using only r...@hwnode1.fr

Are you able to ssh to both ways?

Nerijus Kriaučiūnas

Sent from BlueMail <http://www.bluemail.me/r?b=8872>
On 23 Feb 2017, at 11:50, Jehan Procaccia 
<jehan.procac...@tem-tsp.eu <mailto:jehan.procac...@tem-tsp.eu>> 
wrote:


Hello,

I run on Virtuozzo Linux release 7.2

I want to move/migrate a container (ct1) from one hardware node to an
other one .

according to :

https://docs.openvz.org/openvz_users_guide.webhelp/_migrating_virtual_machines_and_containers.html

I ran the command:

[root@hwnode1 ~]# prlctl migrate ct1root:sec...@hwnode2.domain.fr
Migrate the VM ct1 onhwnode2.domain.fr <http://hwnode2.domain.fr>   ()

Failed to migrate the VM: Unable to establish a connection between
"hwnode2.domain.fr <http://hwnode2.domain.fr>" and"hwnode1.domain.fr 
<http://hwnode1.domain.fr>". The network connection
between these servers may be broken, or one of the servers may be down.
Contact your Parallels Server administrator for assistance.

I don't know what's failling ?

I did share ssh-keys (ssh-copy-id) between the 2 servers , and they do
can ssh to each other transparently whitout pb .

please let me know what could be wrong and/or how to debug .

Regards .



Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___ Users mailing list 
Users@openvz.org <mailto:Users@openvz.org> 
https://lists.openvz.org/mailman/listinfo/users 


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] prlctl migrate on vz7 fail

[Jehan Procaccia]

same error without  the password
yes I can ssh in both direction, whitout password beacause I echange 
keys (ssh-copi-id)
Is there a way to debug ? run the migrate process in verbose or debug 
mode ?


thanks .

Le 23/02/2017 à 10:56, Nerijus Kriaučiūnas a écrit :

Try to migrate using only r...@hwnode1.fr

Are you able to ssh to both ways?

Nerijus Kriaučiūnas

Sent from BlueMail <http://www.bluemail.me/r?b=8872>
On 23 Feb 2017, at 11:50, Jehan Procaccia <jehan.procac...@tem-tsp.eu 
<mailto:jehan.procac...@tem-tsp.eu>> wrote:


Hello,

I run on Virtuozzo Linux release 7.2

I want to move/migrate a container (ct1) from one hardware node to an
other one .

according to :

https://docs.openvz.org/openvz_users_guide.webhelp/_migrating_virtual_machines_and_containers.html

I ran the command:

[root@hwnode1 ~]# prlctl migrate ct1 root:sec...@hwnode2.domain.fr
Migrate the VM ct1 onhwnode2.domain.fr <http://hwnode2.domain.fr>   ()

Failed to migrate the VM: Unable to establish a connection between
"hwnode2.domain.fr <http://hwnode2.domain.fr>" and"hwnode1.domain.fr 
<http://hwnode1.domain.fr>". The network connection
between these servers may be broken, or one of the servers may be down.
Contact your Parallels Server administrator for assistance.

I don't know what's failling ?

I did share ssh-keys (ssh-copy-id) between the 2 servers , and they do
can ssh to each other transparently whitout pb .

please let me know what could be wrong and/or how to debug .

Regards .



Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users


___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

[Users] prlctl migrate on vz7 fail

[Jehan Procaccia]

Hello,

I run on Virtuozzo Linux release 7.2

I want to move/migrate a container (ct1) from one hardware node to an 
other one .


according to :
https://docs.openvz.org/openvz_users_guide.webhelp/_migrating_virtual_machines_and_containers.html

I ran the command:

[root@hwnode1 ~]# prlctl migrate ct1 root:sec...@hwnode2.domain.fr
Migrate the VM ct1 on hwnode2.domain.fr  ()

Failed to migrate the VM: Unable to establish a connection between 
"hwnode2.domain.fr" and "hwnode1.domain.fr". The network connection 
between these servers may be broken, or one of the servers may be down. 
Contact your Parallels Server administrator for assistance.


I don't know what's failling ?

I did share ssh-keys (ssh-copy-id) between the 2 servers , and they do 
can ssh to each other transparently whitout pb .


please let me know what could be wrong and/or how to debug .

Regards .

___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7 + preventpromisc

[Jehan Procaccia]

Le 07/11/2016 07:08, Vasily Averin a écrit :

Dear Jehan,

probably you can tune bridge somehow.

yes, I found this by googling:  "bridge mirror traffic to vm linux"
http://backreference.org/2014/06/17/port-mirroring-with-linux-bridges/
which works fine by using the "traditional bridging"

# tc qdisc add dev brs0 ingress
# tc filter add dev brs0 parent : protocol all u32 match u8 0 0 
action mirred egress mirror dev vme426243fe

# tc qdisc show dev brs0
qdisc ingress : parent :fff1 

now tcpdump from host or CT does work fine on my VM test :-)
# tcpdump -i vme426243fe -n
full traffic

alternatively you can move physical device into container's network namespace.

I need to clarify is it implemented in Virtuozzo SDK or prlctl,
however even if it is not ready yet you can try to use following command on 
host after start the container.

ip set ethX netns 

this command is incomplete or I didn't type it from the correct host !?

[host]# ip set em3 netns CTprobe
Object "set" is unknown, try "ip help".

can you confirm that command ?


At the first glance this should work, however we did not tested it.
I expect the interface should be moved back to host after CT stop,
but probably some additional actions will be required here too.

Please let us know about any results of your experiments.

I would prefer your "native" method, instead of tunning bridge with tc .
adding the host mirrored interface directly to the CT without bridge is 
propably the simplest solution, but how can I do that ?


Thanks .


Thank you,
Vasily Averin

On 04.11.2016 00:07, Jehan Procaccia wrote:

ok, then how can I have VM or CT that act as a probe and receives all trafic 
from a mirror WAN router interface ?
is there a way to bypass a bridge, by pluging the physical interface
that receives all mirroed trafic directly to the VM/CT , is it
possible ?

Thanks .

Le 02/11/2016 18:33, Vasily Averin a écrit :

Dear Jehan,
as far as I understand incoming packets are filtered by bridge,
it have list of known MAC addresses and forward external packets to internal 
interface
broadcasts and packets addressed to MACs related to given interface.

brctl showmacs brX

So the settings of CT/VM interfaces do not takes into account on this stage.

THank you,
 Vasily Averin

On 02.11.2016 13:56, Jehan Procaccia wrote:

Hello

I am still lock on setting *preventpromisc=off* in my CT .
I did ask for it:

# prlctl set CTprobe --device-set net1 --preventpromisc no

no way,  preventpromisc keeps beeing set to on

   [host]# prlctl list -if CTprobe  | grep net1

  net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet'
mac=001C42BA2F45*preventpromisc=on* mac_filter=off
ip_filter=off nameservers= searchdomains=

*
*Vasily, when you said :*

*

   19/10/2016 11:29, Vasily Averin wrote :
from man prlctl  ("set" section)

 preventpromisc:  determines  if the specified network adapter 
should reject packages not addressed
 to its virtual environment. If set to "yes", the adapter will drop 
packages not addressed  to  its
 virtual environment.

*In pcs6 it was affected VMs only*, and at present I'm not sure was it fully 
intergrated into vz7 or not.


could it be that it is not integrated in vz7 ? or perhaps not in CT, but could 
work in VM ?

regards .


Le 19/10/2016 17:27, Jehan Procaccia a écrit :

I expect to see all trafic mirrored from our edge router (cisco) to the Wan, 
indeed not trafic source and dest to my CT !

That CTprobe as been transfered from an openvz6 host to that new openv7
on the vz6 there was no brigde, the host eth1 interface was directly 
monted/affected to the CT, like this

NETIF="ifname=eth0,bridge=br0.11,mac=00:18:51:1B:26:98,host_ifname=veth11030.0,host_mac=00:18:51:E6:D6:45"
*NETDEV="eth1"*

yes on the host side, either on the physical interface (em3) directly pluged to 
the mirrored port on the cisco or the associated bridge (brs0) I do see all 
in/out trafic of all users trafic
[host] # tcpdump -i em3 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350
[host]# brctl show
*brs08000.14187769840cnoem3**
** veth42ba2f55*

[host] # prlsrvctl net list
Network IDType  Bound To   Bridge Slave interfaces
Host-Only host-onlyvirbr0
*probenet bridged em3 brs0 veth42ba2f55 *
but neither on the host nor on the CT I cannot see all trafic , but only 
protocol/braodcats or xcat, it seems as if trafic is filtered ... ?*

*examples*

*[host] # tcpdump -i veth42ba2f55 -n
tcpdump: WARNING: veth42ba2f55: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth42ba2f55, link-type EN10MB (Ethernet), capture size 65535 bytes
17:17:34.279194 A

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7 + preventpromisc

[Jehan Procaccia]

ok, then how can I have VM or CT that act as a probe and receives all 
trafic from a mirror WAN router interface ?
is there a way to bypass a bridge, by pluging the physical interface 
that receives all mirroed trafic directly to the VM/CT , is it possible ?


Thanks .

Le 02/11/2016 18:33, Vasily Averin a écrit :

Dear Jehan,
as far as I understand incoming packets are filtered by bridge,
it have list of known MAC addresses and forward external packets to internal 
interface
broadcasts and packets addressed to MACs related to given interface.

brctl showmacs brX

So the settings of CT/VM interfaces do not takes into account on this stage.

THank you,
Vasily Averin

On 02.11.2016 13:56, Jehan Procaccia wrote:

Hello

I am still lock on setting *preventpromisc=off* in my CT .
I did ask for it:

# prlctl set CTprobe --device-set net1 --preventpromisc no

no way,  preventpromisc keeps beeing set to on

  [host]# prlctl list -if CTprobe  | grep net1

 net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet'
   mac=001C42BA2F45*preventpromisc=on* mac_filter=off
   ip_filter=off nameservers= searchdomains=

*
*Vasily, when you said :*

*

  19/10/2016 11:29, Vasily Averin wrote :
from man prlctl  ("set" section)

preventpromisc:  determines  if the specified network adapter 
should reject packages not addressed
to its virtual environment. If set to "yes", the adapter will drop 
packages not addressed  to  its
virtual environment.

*In pcs6 it was affected VMs only*, and at present I'm not sure was it fully 
intergrated into vz7 or not.


could it be that it is not integrated in vz7 ? or perhaps not in CT, but could 
work in VM ?

regards .


Le 19/10/2016 17:27, Jehan Procaccia a écrit :

I expect to see all trafic mirrored from our edge router (cisco) to the Wan, 
indeed not trafic source and dest to my CT !

That CTprobe as been transfered from an openvz6 host to that new openv7
on the vz6 there was no brigde, the host eth1 interface was directly 
monted/affected to the CT, like this

NETIF="ifname=eth0,bridge=br0.11,mac=00:18:51:1B:26:98,host_ifname=veth11030.0,host_mac=00:18:51:E6:D6:45"
*NETDEV="eth1"*

yes on the host side, either on the physical interface (em3) directly pluged to 
the mirrored port on the cisco or the associated bridge (brs0) I do see all 
in/out trafic of all users trafic
[host] # tcpdump -i em3 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350
[host]# brctl show
*brs08000.14187769840cnoem3**
** veth42ba2f55*

[host] # prlsrvctl net list
Network IDType  Bound To   Bridge Slave interfaces
Host-Only host-onlyvirbr0
*probenet bridged em3 brs0 veth42ba2f55 *
but neither on the host nor on the CT I cannot see all trafic , but only 
protocol/braodcats or xcat, it seems as if trafic is filtered ... ?*

*examples*

*[host] # tcpdump -i veth42ba2f55 -n
tcpdump: WARNING: veth42ba2f55: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth42ba2f55, link-type EN10MB (Ethernet), capture size 65535 bytes
17:17:34.279194 ARP, Request who-has 193.51.41.10 tell 193.51.41.1, length 46
17:17:34.343210 ARP, Request who-has 193.51.41.43 tell 193.51.41.1, length 46
17:17:34.451152 IP 193.51.41.36.hsrp > 224.0.0.102.hsrp: HSRPv1*

*CT-11030 /# tcpdump -i eth1 -n
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
17:19:00.184782 arp who-has 193.51.41.34 tell 193.51.41.1
17:19:00.296277 802.1d config 8001.00:26:99:64:c0:80.9688 root 
8001.00:21:56:1c:3f:80 pathcost 1 age 1 max 20 hello 2 fdelay 15
17:19:00.296641 00:25:84:f1:3f:9b > 01:00:0c:cc:cc:cd SNAP Unnumbered, ui, 
Flags [Command], length 50
17:19:00.370773 arp who-has 193.51.41.42 tell 193.51.41.1
*
*[host]# prlctl list -if CTprobe  | grep net1
   net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet' 
mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off nameservers= 
searchdomains=
*
*is the  preventpromisc=on my problem, how to change it to off ?
as
# prlctl set CTprobe --device-set net1 --preventpromisc no
doesn't work ?

regards .*


*Le 19/10/2016 14:33, Vasily Averin a écrit :

Dear Jehan,

could you please clarify, which kind of traffic you expect to see inside 
container ?
Are you sure it is present on host side on according vethX interface?

I think bridge on host can do not route alien traffic to this interface.
IIRC there is some setting on bridge settings that enables "promisc" mode,
but by default bridge does not route all traffic to all attached interfaces.

Thank you,
    Vasily Averin
  
On 19.10.2016 13:16, Jehan Procaccia wro

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7 + preventpromisc

[Jehan Procaccia]

Hello

I am still lock on setting *preventpromisc=off* in my CT .
I did ask for it:

# prlctl set CTprobe --device-set net1 --preventpromisc no

no way,  preventpromisc keeps beeing set to on

 [host]# prlctl list -if CTprobe  | grep net1

net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet'
  mac=001C42BA2F45*preventpromisc=on*  mac_filter=off
  ip_filter=off nameservers= searchdomains=

*
*Vasily, when you said :*

*

 19/10/2016 11:29, Vasily Averin wrote :
from man prlctl  ("set" section)

   preventpromisc:  determines  if the specified network adapter should 
reject packages not addressed
   to its virtual environment. If set to "yes", the adapter will drop 
packages not addressed  to  its
   virtual environment.

*In pcs6 it was affected VMs only*, and at present I'm not sure was it fully 
intergrated into vz7 or not.


could it be that it is not integrated in vz7 ? or perhaps not in CT, but 
could work in VM ?


regards .


Le 19/10/2016 17:27, Jehan Procaccia a écrit :


I expect to see all trafic mirrored from our edge router (cisco) to 
the Wan, indeed not trafic source and dest to my CT !


That CTprobe as been transfered from an openvz6 host to that new openv7
on the vz6 there was no brigde, the host eth1 interface was directly 
monted/affected to the CT, like this


NETIF="ifname=eth0,bridge=br0.11,mac=00:18:51:1B:26:98,host_ifname=veth11030.0,host_mac=00:18:51:E6:D6:45"
*NETDEV="eth1"*

yes on the host side, either on the physical interface (em3) directly 
pluged to the mirrored port on the cisco or the associated bridge 
(brs0) I do see all in/out trafic of all users trafic

[host] # tcpdump -i em3 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350
[host]# brctl show
*brs08000.14187769840cnoem3**
**veth42ba2f55*

[host] # prlsrvctl net list
Network IDType  Bound To   Bridge Slave interfaces
Host-Only host-onlyvirbr0
*probenet bridged em3 brs0 veth42ba2f55 *
but neither on the host nor on the CT I cannot see all trafic , but 
only protocol/braodcats or xcat, it seems as if trafic is filtered ... ?*


*examples*

*[host] # tcpdump -i veth42ba2f55 -n
tcpdump: WARNING: veth42ba2f55: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth42ba2f55, link-type EN10MB (Ethernet), capture size 
65535 bytes
17:17:34.279194 ARP, Request who-has 193.51.41.10 tell 193.51.41.1, 
length 46
17:17:34.343210 ARP, Request who-has 193.51.41.43 tell 193.51.41.1, 
length 46

17:17:34.451152 IP 193.51.41.36.hsrp > 224.0.0.102.hsrp: HSRPv1*

*CT-11030 /# tcpdump -i eth1 -n
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
17:19:00.184782 arp who-has 193.51.41.34 tell 193.51.41.1
17:19:00.296277 802.1d config 8001.00:26:99:64:c0:80.9688 root 
8001.00:21:56:1c:3f:80 pathcost 1 age 1 max 20 hello 2 fdelay 15
17:19:00.296641 00:25:84:f1:3f:9b > 01:00:0c:cc:cc:cd SNAP Unnumbered, 
ui, Flags [Command], length 50

17:19:00.370773 arp who-has 193.51.41.42 tell 193.51.41.1
*
*[host]# prlctl list -if CTprobe  | grep net1
  net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet' 
mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off 
nameservers= searchdomains=

*
*is the  preventpromisc=on my problem, how to change it to off ?
as
# prlctl set CTprobe --device-set net1 --preventpromisc no
doesn't work ?

regards .*


*Le 19/10/2016 14:33, Vasily Averin a écrit :

Dear Jehan,

could you please clarify, which kind of traffic you expect to see inside 
container ?
Are you sure it is present on host side on according vethX interface?

I think bridge on host can do not route alien traffic to this interface.
IIRC there is some setting on bridge settings that enables "promisc" mode,
but by default bridge does not route all traffic to all attached interfaces.

Thank you,
    Vasily Averin
  
On 19.10.2016 13:16, Jehan Procaccia wrote:

indeed macfilter, ipfilter and preventpromisc were set to "on"

# prlctl list -if CTprobe  | grep net
   venet0 (+) type='routed'
   net0 (+) dev='veth11030.0' ifname='eth0' network='vlan11' mac=0018511B4688 
preventpromisc=on mac_filter=on ip_filter=on nameservers= searchdomains= 
ips='192.168.11.30/255.255.255.0 '
  *net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' 
mac=001C42BA2F45 preventpromisc=on mac_filter=on ip_filter=on* nameservers= 
searchdomains=

I set them to "no"

# prlctl set CTprobe --device-set net1 --ipfilter no
# prlctl set CTprobe --device-set net1 --preventpromisc no
# prlctl set CTprobe --device-set net1 --macfilter no

now they are off , exept preventpromisc which keeps beeing set to on ?

# prlctl list -if CT

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7

[Jehan Procaccia]

I did that already , setting  "no" instead of "off" , but it seems the 
same , no success :-(


I have now doubt on *preventpromisc=on *which I cannot set to off :-( *

* [host]# prlctl list -if CTprobe  | grep net1
  net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet' 
mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off 
nameservers= searchdomains=



Le 19/10/2016 13:36, Dmitry Mishin a écrit :

Hello,

Please try after 'prlctl set CTprobe --device-set net1 --macfilter off'

Thank you,
Dmitry.

From: <users-boun...@openvz.org <mailto:users-boun...@openvz.org>> on 
behalf of Jehan Procaccia <jehan.procac...@tem-tsp.eu 
<mailto:jehan.procac...@tem-tsp.eu>>

Reply-To: OpenVZ users <users@openvz.org <mailto:users@openvz.org>>
Date: Wednesday 19 October 2016 12:05
To: OpenVZ users <users@openvz.org <mailto:users@openvz.org>>
Subject: Re: [Users] vlan and bridge network interface in 
openVZ/virtuozzo 7


Hello

I'am back to my vlan/brige/vm-interface ...
although it works fine for my containers primary interfaces (eth0)
I have a specific container that has 2 interfaces, the second
beeing for a probe on the network (tcpdump, snort etc ...)
unfortunatly only minimal trafic seems to be forwarded into the
container on that second interface , not all , I do see the wall
trafic within the physical interface and its bridge on the
physical host, but not on the veth into the CT !?.

here's the physical and config situation: on the physical host I
plug the cisco mirrored outbound/Wan interface to em3 (physical
interface on the host)

I created a virtual network for that probe attached to em3 and
associated to bridge brs0

# prlsrvctl net add probenet --type bridged --ifname em3
# prlsrvctl net list
Network IDType  Bound To Bridge Slave interfaces
Host-Only host-only virbr0
*probenet bridged   em3 brs0   veth42ba2f55 *
...

my CT 2nd interface (eth1, eth0 beeing the 1st one) is attached to
that network

# prlctl set CTprobe --netif_add eth1
# prlctl set CTprobe --ifname eth1 --network probenet

my problem is that a tcpdump -i em3 or bsr0 on the physical host
do show all traffic on my outbound cisco Wan mirrored interface
here is a very small sample (hundred of packats per secondes ...)
# tcpdump -i brs0 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757:
UDP, length 1350
10:40:58.767062 IP 193.51.224.42.https > 147.157.161.85.50813:
Flags [.], seq 2056788:2058248, ack 511, win 1650, length 1460
10:40:58.841239 IP 193.157.24.26.hsrp > 224.0.0.102.hsrp: HSRPv1
10:40:59.075644 IP 193.157.24.25.hsrp > 224.0.0.102.hsrp: HSRPv1
10:40:59.801310 ARP, Request who-has 193.157.24.30 tell
193.157.41.1, length 46

if I do the same tcpdump -i veth42ba2f55 or inside the CTprobe -i
eth1 , only protocol trafic seems to pass through
(STP,ARP,HSRP...), no users payload (https, ssh etc ...) , and
only a dozen packets per seconds (they were hundreds on the brs0
or em3)

# tcpdump -i veth42ba2f55 -n
10:45:30.918642 STP 802.1d, Config, Flags [none], bridge-id
8d52.00:20:56:1e:a6:80.8040, length 42
10:45:31.213516 ARP, Request who-has 193.157.41.45 tell
193.157.41.1, length 46
10:45:31.281744 ARP, Request who-has 193.157.41.17 tell
193.157.41.1, length 46
10:45:31.332678 IP 193.157.41.236 > 224.0.0.13: PIMv2, Hello,
length 38
10:45:31.383549 ARP, Request who-has 193.157.41.31 tell
193.157.41.1, length 46
10:45:31.456594 ARP, Request who-has 193.157.41.34 tell
193.157.41.1, length 46
10:45:31.458344 STP 802.1d, Config, Flags [none], bridge-id
89ce.00:20:56:1e:a6:80.8040, length 42
10:45:31.458898 STP 802.1d, Config, Flags [none], bridge-id
8168.00:20:56:1e:a6:80.8040, length 42
10:45:31.654835 STP 802.1d, Config, Flags [none], bridge-id
89da.00:20:56:1e:a6:80.8040, length 42
10:45:31.655039 STP 802.1d, Config, Flags [none], bridge-id
89cf.00:20:56:1e:a6:80.8040, length 42
10:45:31.709254 IP 193.157.41.35.hsrp > 224.0.0.102.hsrp: HSRPv1
10:45:31.96 STP 802.1d, Config, Flags [none], bridge-id
89d0.00:20:56:1e:a6:80.8040, length 42
10:45:31.993787 CDPv2, ttl: 180s, Device-ID 'core.ispint.fr',
length 405

Is the CT veth filtering trafic ? or cannot cope with the volume ?
it is strange though that no payload/users trafic, only protocol
(Xcast/broadcast ?) trafic pass from brs0 to veth42ba2f55 or
inside the CTprobe eth1
Am I  missing a "capability" ?

Regards .

Le 10/10/2016 21:24, Jehan Procaccia a écrit :

Indeed !
that was that last setting missing:

prlctl set MyCT11 --ifname eth0 --network vlan11

now vlans works fine
Just note that I had to add NM_CONTROL

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7

[Jehan Procaccia]

I did that already , setting  "no" instead of "off" , but it seems the 
same , no success :-(


I have now doubt on *preventpromisc=on *which I cannot set to off :-( *

* [host]# prlctl list -if CTprobe  | grep net1
  net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet' 
mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off 
nameservers= searchdomains=


Le 19/10/2016 13:36, Dmitry Mishin a écrit :

Hello,

Please try after 'prlctl set CTprobe --device-set net1 --macfilter off'

Thank you,
Dmitry.

From: <users-boun...@openvz.org <mailto:users-boun...@openvz.org>> on 
behalf of Jehan Procaccia <jehan.procac...@tem-tsp.eu 
<mailto:jehan.procac...@tem-tsp.eu>>

Reply-To: OpenVZ users <users@openvz.org <mailto:users@openvz.org>>
Date: Wednesday 19 October 2016 12:05
To: OpenVZ users <users@openvz.org <mailto:users@openvz.org>>
Subject: Re: [Users] vlan and bridge network interface in 
openVZ/virtuozzo 7


Hello

I'am back to my vlan/brige/vm-interface ...
although it works fine for my containers primary interfaces (eth0)
I have a specific container that has 2 interfaces, the second
beeing for a probe on the network (tcpdump, snort etc ...)
unfortunatly only minimal trafic seems to be forwarded into the
container on that second interface , not all , I do see the wall
trafic within the physical interface and its bridge on the
physical host, but not on the veth into the CT !?.

here's the physical and config situation: on the physical host I
plug the cisco mirrored outbound/Wan interface to em3 (physical
interface on the host)

I created a virtual network for that probe attached to em3 and
associated to bridge brs0

# prlsrvctl net add probenet --type bridged --ifname em3
# prlsrvctl net list
Network IDType  Bound To Bridge Slave interfaces
Host-Only host-only virbr0
*probenet bridged   em3 brs0   veth42ba2f55 *
...

my CT 2nd interface (eth1, eth0 beeing the 1st one) is attached to
that network

# prlctl set CTprobe --netif_add eth1
# prlctl set CTprobe --ifname eth1 --network probenet

my problem is that a tcpdump -i em3 or bsr0 on the physical host
do show all traffic on my outbound cisco Wan mirrored interface
here is a very small sample (hundred of packats per secondes ...)
# tcpdump -i brs0 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757:
UDP, length 1350
10:40:58.767062 IP 193.51.224.42.https > 147.157.161.85.50813:
Flags [.], seq 2056788:2058248, ack 511, win 1650, length 1460
10:40:58.841239 IP 193.157.24.26.hsrp > 224.0.0.102.hsrp: HSRPv1
10:40:59.075644 IP 193.157.24.25.hsrp > 224.0.0.102.hsrp: HSRPv1
10:40:59.801310 ARP, Request who-has 193.157.24.30 tell
193.157.41.1, length 46

if I do the same tcpdump -i veth42ba2f55 or inside the CTprobe -i
eth1 , only protocol trafic seems to pass through
(STP,ARP,HSRP...), no users payload (https, ssh etc ...) , and
only a dozen packets per seconds (they were hundreds on the brs0
or em3)

# tcpdump -i veth42ba2f55 -n
10:45:30.918642 STP 802.1d, Config, Flags [none], bridge-id
8d52.00:20:56:1e:a6:80.8040, length 42
10:45:31.213516 ARP, Request who-has 193.157.41.45 tell
193.157.41.1, length 46
10:45:31.281744 ARP, Request who-has 193.157.41.17 tell
193.157.41.1, length 46
10:45:31.332678 IP 193.157.41.236 > 224.0.0.13: PIMv2, Hello,
length 38
10:45:31.383549 ARP, Request who-has 193.157.41.31 tell
193.157.41.1, length 46
10:45:31.456594 ARP, Request who-has 193.157.41.34 tell
193.157.41.1, length 46
10:45:31.458344 STP 802.1d, Config, Flags [none], bridge-id
89ce.00:20:56:1e:a6:80.8040, length 42
10:45:31.458898 STP 802.1d, Config, Flags [none], bridge-id
8168.00:20:56:1e:a6:80.8040, length 42
10:45:31.654835 STP 802.1d, Config, Flags [none], bridge-id
89da.00:20:56:1e:a6:80.8040, length 42
10:45:31.655039 STP 802.1d, Config, Flags [none], bridge-id
89cf.00:20:56:1e:a6:80.8040, length 42
10:45:31.709254 IP 193.157.41.35.hsrp > 224.0.0.102.hsrp: HSRPv1
10:45:31.96 STP 802.1d, Config, Flags [none], bridge-id
89d0.00:20:56:1e:a6:80.8040, length 42
10:45:31.993787 CDPv2, ttl: 180s, Device-ID 'core.ispint.fr',
length 405

Is the CT veth filtering trafic ? or cannot cope with the volume ?
it is strange though that no payload/users trafic, only protocol
(Xcast/broadcast ?) trafic pass from brs0 to veth42ba2f55 or
inside the CTprobe eth1
Am I  missing a "capability" ?

Regards .

Le 10/10/2016 21:24, Jehan Procaccia a écrit :

Indeed !
that was that last setting missing:

prlctl set MyCT11 --ifname eth0 --network vlan11

now vlans works fine
Just note that I had to add NM_CONTROL

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7

[Jehan Procaccia]

I expect to see all trafic mirrored from our edge router (cisco) to the 
Wan, indeed not trafic source and dest to my CT !


That CTprobe as been transfered from an openvz6 host to that new openv7
on the vz6 there was no brigde, the host eth1 interface was directly 
monted/affected to the CT, like this


NETIF="ifname=eth0,bridge=br0.11,mac=00:18:51:1B:26:98,host_ifname=veth11030.0,host_mac=00:18:51:E6:D6:45"
*NETDEV="eth1"*

yes on the host side, either on the physical interface (em3) directly 
pluged to the mirrored port on the cisco or the associated bridge (brs0) 
I do see all in/out trafic of all users trafic


[host] # tcpdump -i em3 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350

[host]# brctl show
*brs08000.14187769840cnoem3**
**veth42ba2f55*

[host] # prlsrvctl net list
Network IDType  Bound To   Bridge Slave interfaces
Host-Only host-onlyvirbr0
*probenet bridged em3 brs0 veth42ba2f55 *

but neither on the host nor on the CT I cannot see all trafic , but only 
protocol/braodcats or xcat, it seems as if trafic is filtered ... ?*


*examples*

*[host] # tcpdump -i veth42ba2f55 -n
tcpdump: WARNING: veth42ba2f55: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth42ba2f55, link-type EN10MB (Ethernet), capture size 
65535 bytes
17:17:34.279194 ARP, Request who-has 193.51.41.10 tell 193.51.41.1, 
length 46
17:17:34.343210 ARP, Request who-has 193.51.41.43 tell 193.51.41.1, 
length 46

17:17:34.451152 IP 193.51.41.36.hsrp > 224.0.0.102.hsrp: HSRPv1*

*CT-11030 /# tcpdump -i eth1 -n
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
17:19:00.184782 arp who-has 193.51.41.34 tell 193.51.41.1
17:19:00.296277 802.1d config 8001.00:26:99:64:c0:80.9688 root 
8001.00:21:56:1c:3f:80 pathcost 1 age 1 max 20 hello 2 fdelay 15
17:19:00.296641 00:25:84:f1:3f:9b > 01:00:0c:cc:cc:cd SNAP Unnumbered, 
ui, Flags [Command], length 50

17:19:00.370773 arp who-has 193.51.41.42 tell 193.51.41.1
*
*[host]# prlctl list -if CTprobe  | grep net1
  net1 (+) dev='veth42ba2f55' ifname='eth1' network='probenet' 
mac=001C42BA2F45*preventpromisc=on* mac_filter=off ip_filter=off 
nameservers= searchdomains=

*
*is the  preventpromisc=on my problem, how to change it to off ?
as

# prlctl set CTprobe --device-set net1 --preventpromisc no

doesn't work ?

regards .*


*Le 19/10/2016 14:33, Vasily Averin a écrit :

Dear Jehan,

could you please clarify, which kind of traffic you expect to see inside 
container ?
Are you sure it is present on host side on according vethX interface?

I think bridge on host can do not route alien traffic to this interface.
IIRC there is some setting on bridge settings that enables "promisc" mode,
but by default bridge does not route all traffic to all attached interfaces.

Thank you,
    Vasily Averin
  
On 19.10.2016 13:16, Jehan Procaccia wrote:

indeed macfilter, ipfilter and preventpromisc were set to "on"

# prlctl list -if CTprobe  | grep net
   venet0 (+) type='routed'
   net0 (+) dev='veth11030.0' ifname='eth0' network='vlan11' mac=0018511B4688 
preventpromisc=on mac_filter=on ip_filter=on nameservers= searchdomains= 
ips='192.168.11.30/255.255.255.0 '
  *net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' 
mac=001C42BA2F45 preventpromisc=on mac_filter=on ip_filter=on* nameservers= 
searchdomains=

I set them to "no"

# prlctl set CTprobe --device-set net1 --ipfilter no
# prlctl set CTprobe --device-set net1 --preventpromisc no
# prlctl set CTprobe --device-set net1 --macfilter no

now they are off , exept preventpromisc which keeps beeing set to on ?

# prlctl list -if CTprobe  | grep net1
net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' mac=001C42BA2F45 
*preventpromisc=on* mac_filter=off ip_filter=off nameservers= searchdomains=

I cannot set it to off !?
I did edit the CTprobe /etc/vz/conf/ file explicitly adding 
mac_filter=off,ip_filter=off,*preventpromisc=off*

no way, my eth1 container interface only sees filtered trafic .

I did nothing regarding the attached bridge (em3 ->*brs0* -> veth42ba2f55) , as I don't 
see any "mac-filter" in vzctl command help (only netfilter, not mac)
# vzctl --help | grep filter
[--netfilter <disabled|stateless|stateful|full>]

is it the preventpromisc=off  "bug" that drops packets, or the mac-filter on 
the bridge which might be not set ?
indeed it seems as if the container current config drops packets that are not 
address to it , for a probe it is a problem as by definition for a probe 
packets are not addreed to him !.

regards .


Le 19/10/2016 11:29, Vasily Averin a écrit :

Dear Jehan,

1)
# prlctl list -if v

Re: [Users] vlan and bridge network interface in openVZ/virtuozzo 7

[Jehan Procaccia]

indeed macfilter, ipfilter and preventpromisc were set to "on"

# prlctl list -if CTprobe  | grep net
  venet0 (+) type='routed'
  net0 (+) dev='veth11030.0' ifname='eth0' network='vlan11' 
mac=0018511B4688 preventpromisc=on mac_filter=on ip_filter=on 
nameservers= searchdomains= ips='192.168.11.30/255.255.255.0 '
*net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' 
mac=001C42BA2F45 preventpromisc=on mac_filter=on ip_filter=on* 
nameservers= searchdomains=


I set them to "no"

# prlctl set CTprobe --device-set net1 --ipfilter no
# prlctl set CTprobe --device-set net1 --preventpromisc no
# prlctl set CTprobe --device-set net1 --macfilter no

now they are off , exept preventpromisc which keeps beeing set to on ?

# prlctl list -if CTprobe  | grep net1
net1 (+) dev='veth42ba2f55' ifname='eth1' network='sondereve' 
mac=001C42BA2F45 *preventpromisc=on* mac_filter=off ip_filter=off 
nameservers= searchdomains=


I cannot set it to off !?
I did edit the CTprobe /etc/vz/conf/ file explicitly adding 
mac_filter=off,ip_filter=off,*preventpromisc=off*


no way, my eth1 container interface only sees filtered trafic .

I did nothing regarding the attached bridge (em3 ->*brs0* -> 
veth42ba2f55) , as I don't see any "mac-filter" in vzctl command help 
(only netfilter, not mac)

# vzctl --help | grep filter
   [--netfilter <disabled|stateless|stateful|full>]

is it the preventpromisc=off  "bug" that drops packets, or the 
mac-filter on the bridge which might be not set ?
indeed it seems as if the container current config drops packets that 
are not address to it , for a probe it is a problem as by definition for 
a probe packets are not addreed to him !.


regards .


Le 19/10/2016 11:29, Vasily Averin a écrit :

Dear Jehan,

1)
# prlctl list -if vvs.vz7.kdev  | grep net0
   net0 (+) dev='veth5147a7b3' ifname='eth0' network='Bridged' mac=00185147A7B3 
preventpromisc=on mac_filter=on ip_filter=on nameservers= searchdomains= 
dhcp='yes'

from man prlctl  ("set" section)
ipfilter:  determines if the specified network adapter is 
configured to filter network packages by
IP address. If set to "yes", the adapter is allowed to send 
packages only from IPs in the  network
adapter's IP addresses list.
macfilter: determines if the specified network adapter is 
configured to filter network packages by
MAC address. If set to "yes", the adapter is allowed to  send  
packages  only  from  its  own  MAC
address.
preventpromisc:  determines  if the specified network adapter 
should reject packages not addressed
to its virtual environment. If set to "yes", the adapter will drop 
packages not addressed  to  its
virtual environment.

In pcs6 it was affected VMs only, and at present I'm not sure was it fully 
intergrated into vz7 or not.

2) vzctl also have filter setting for bridged interfaces
man vzctl:
--mac_filter  on|off  -  enable/disable  packets filtering by MAC 
address and MAC changing on veth
    device inside CT.

Thank you,
Vasily Averin


On 19.10.2016 12:05, Jehan Procaccia wrote:

Hello

I'am back to my vlan/brige/vm-interface ...
although it works fine for my containers primary interfaces (eth0)
I have a specific container that has 2 interfaces, the second beeing for a 
probe on the network (tcpdump, snort etc ...)
unfortunatly only minimal trafic seems to be forwarded into the container on 
that second interface , not all , I do see the wall trafic within the physical 
interface and its bridge on the physical host, but not on the veth into the CT 
!?.

here's the physical and config situation: on the physical host I plug the cisco 
mirrored outbound/Wan interface to em3 (physical interface on the host)

I created a virtual network for that probe attached to em3 and associated to 
bridge brs0

# prlsrvctl net add probenet --type bridged --ifname em3
# prlsrvctl net list
Network IDType  Bound To   Bridge Slave interfaces
Host-Only host-onlyvirbr0
*probenet bridged   em3brs0   veth42ba2f55   *
...

my CT 2nd interface (eth1, eth0 beeing the 1st one) is attached to that network
  
# prlctl set CTprobe --netif_add eth1

# prlctl set CTprobe --ifname eth1 --network probenet

my problem is that a tcpdump -i em3 or bsr0 on the physical host do show all 
traffic on my outbound cisco Wan mirrored interface
here is a very small sample (hundred of packats per secondes ...)
# tcpdump -i brs0 -n
10:40:58.767042 IP 193.51.224.142.https > 147.157.103.21.54757: UDP, length 1350
10:40:58.767062 IP 193.51.224.42.https > 147.157.161.85.50813: Flags [.], seq 
2056788:2058248, ack 511, win 1650, length 1460
10:40:58.841239 IP 193.157.24.26.hsrp > 224.0.0.102.hsrp: HSRPv1
10:40:59.075644 IP 193.157.24.25.hsrp > 224.0.0.1

Re: [Users] firewall capability in openVZ/virtuozzo 7

[Jehan Procaccia]

ok that worked :
#  cat /etc/modprobe.d/vz.conf
options vzevent reboot_event=1
options nf_conntrack *ip_conntrack_disable_ve0=0
*
# systemctl start firewalld.service
doesn't break my ssh session anymore

after setting *ip_conntrack_disable_ve0=0
*I restarted the full system *,* pehaps there was a way to reload vz 
services without full restart ? *

*
thanks .*
*
Le 11/10/2016 12:32, Vasily Averin a écrit :

By default we disable conntracks on host

# cat /etc/modprobe.d/vz.conf
options nf_conntrack ip_conntrack_disable_ve0=1

It protects host from in "conntrack overflow" situation:
when all conntracks on host are in use host admin is unable to connect on host 
via ssh.

Please feel free to enable it, it is quite safe for many cases.

Thank you,
Vasily Averin

On 11.10.2016 13:22, Jehan Procaccia wrote:

ok, that works fine with that:

# prlctl set MyCT11 --netfilter stateful
Set netfilter: stateful
The CT has been successfully configured.

and it is saved

# grep -i netfilter /vz/private/1d268e70-3597-4508-9e2a-903fc06b02a2/ve.conf
NETFILTER="stateful"

inside the CT now I can issue firewall-cmd

CT-1d268e70 /# firewall-cmd --get-active-zones
public
   interfaces: eth0

Great !

Now, I realized that on the host machine, if I start firewalld I am locked out 
of my ssh session :-(
although ssh service is open on all interfaces !

# firewall-cmd --zone=public --list-all
public (default, active)
   interfaces: br0 br1 br10 br11  em1 em2 p2p2 p2p2.11
   sources:
   services: dhcpv6-client ssh
   ports:
   masquerade: no
   forward-ports:
   icmp-blocks:
   rich rules:

I missed something again ?

regards .

Le 11/10/2016 11:04, Vasily Averin a écrit :

Dear Jehan,

OpenVZ container does  not require to enable additional capabilities,
default settings allows to use iptables inside container.

However by default netfilter is restricted,
most likely you need to change it by using "prlctl set --netfilter"

 --netfilter <disabled|stateless|stateful|full>
 Restrict access to iptable modules inside the Container.  The  fol-
 lowing modes are available:
 disabled  -- no modules are allowed.
 stateless  --  (default)  all modules except NAT and conntracks are
 allowed.
 stateful  -- all modules except NAT are allowed.
 full  -- all modules are allowed.


btw. prlctl works as "vzctl --save" in any cases, it saves the setting in 
configs.

Thank you,
 Vasily Averin

On 10.10.2016 22:42, Jehan Procaccia wrote:

hello

by default firewalld doesn't work on a fresh install container (centos7-x64)

docs says:
http://docs.virtuozzo.com/virtuozzo_7_users_guide/advanced-tasks/configuring-capabilities.html?highlight=firewall
I guess I need to enable net_admin
net_admin Allows the administration of IP firewalls and accounting. off
as it it by default set to off

but the command is deprecated
# vzctl set MyCT11 --capability net_admin --save
Warning: The --capability option is deprecated

So I used prlctl (not proposed in the doc above !?)

# prlctl set MyCT11 --capability net_admin:on
Set capabilities: NET_ADMIN:on
The CT has been successfully configured.

but still in the CT
/# firewall-cmd --get-active-zones
nothing
/# firewall-cmd --reload
Error: '/sbin/iptables -w2 -t filter -I INPUT 1 -m conntrack --ctstate 
RELATED,ESTABLISHED -j ACCEPT' failed: iptables: No chain/target/match by that 
name.
as if NET_ADMIN capability is not save permanently in the CT definition

what is the equivalent of vzctl --save with prlctl ?
or I mess somewhere else ?

Regards .






___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users






___
Users mailing list
Users@openvz.org
https://lists.openvz.org/mailman/listinfo/users