Re: [Users] Dstat plugin for OpenVZ CPU statistics
Dag, Thank you! I actually use dstat on my Gentoo note. Speaking of counters, /proc/user_beancounters is of interest to any OpenVZ user. Format is described at http://wiki.openvz.org/proc/user_beancounters. held and failcnt columns are most dynamic. You can use the values either directly, or make some consolidated figures based of formulae in wiki. Other thing that might be of interest is /proc/fairsched{,2}. These files are from OpenVZ Fair CPU scheduler. The only problem is looks like the format is not documented (well, not counting the source code). Also, Kirill Korotaev will give us some suggestions... Dag Wieers wrote: Hi, I've just written a small dstat plugin to monitor CPU usage per VE. You can find the plugin in the dstat subversion repository linked from: http://dag.wieers.com/home-made/dstat/ Dstat is much like vmstat, but modular and versatile. So you can extend it with whatever counters you want to visualize, next to other counters. This helps to relate counters and find/troubleshoot bottlenecks. This plugin can help to find the most consuming VE, or visualize how VE's are matching up to each other (and the system CPU usage). I don't know whether the nice-value in /proc/vz/vestat is ever used (maybe I shouldn't add it in the list of counters). I also don't know what other information in /proc/vz would be interesting to vizualise (over a timeframe). I'm willing to add more plugins in dstat for openvz if I know how to make more sense of the current counters (and their usefulness). Feedback from developers welcome :) Visually it looks like this (without colors though): [EMAIL PROTECTED] dstat]# ./dstat -M cpu,vz -f 5 Module dstat_vz is still experimental. ---cpu0-usage--cpu1-usage-- --ve-301-usageve-302-usage- usr sys idl wai hiq siq:usr sys idl wai hiq siq|usr sys idl nic:usr sys idl nic 0 0 99 0 0 0: 0 0 99 1 0 0| 0 0 100 0: 0 0 100 0 25 15 50 10 0 0: 1 1 76 22 0 1| 26 15 60 0: 0 0 100 0 31 18 12 40 0 0: 2 2 70 25 0 1| 33 19 49 0: 0 0 100 0 16 14 35 35 0 0: 0 1 53 46 0 0| 16 14 70 0: 0 0 100 0 5 5 59 30 0 0: 16 28 30 26 0 0| 20 32 47 0: 0 0 100 0 0 0 100 0 0 0: 3 5 88 5 0 0| 2 5 93 0: 0 0 100 0 0 0 98 1 0 0: 0 0 99 1 0 0| 0 0 100 0: 0 0 100 0 0 0 100 0 0 0: 0 0 98 1 0 0| 0 0 100 0: 0 0 100 0 0 0 96 4 0 0: 0 3 97 0 0 0| 0 0 100 0: 0 0 100 0 [EMAIL PROTECTED] dstat]# ./dstat -M cpu,vz -C total -f 5 Module dstat_vz is still experimental. total-cpu-usage --ve-301-usageve-302-usage- usr sys idl wai hiq siq|usr sys idl nic:usr sys idl nic 0 0 99 1 0 0| 0 0 100 0: 0 0 100 0 0 0 97 2 0 0| 0 0 100 0: 0 0 100 0 19 12 61 8 0 0| 37 23 40 0: 0 0 100 0 12 8 41 38 0 0| 25 15 61 0: 0 0 100 0 14 14 35 37 0 0| 28 26 46 0: 0 0 100 0 4 10 84 3 0 0| 7 20 73 0: 0 0 100 0 0 0 99 1 0 0| 0 0 100 0: 0 0 100 0 0 0 99 1 0 0| 0 0 100 0: 0 0 100 0 0 0 99 1 0 0| 0 0 100 0: 0 0 100 0 0 0 100 0 0 0| 0 0 100 0: 0 0 100 0 All feedback welcomed. Kind regards, -- dag wieers, [EMAIL PROTECTED], http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power] ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Installing BIND on VE's
Jan Tomasek wrote: Hello Al, Al Sparks wrote: I'm trying to set up a test environment of name servers. I downloaded the BIND tarball to one of the Virtual Environment, and tried to compile it. That didn't work, because there's no gcc installed. why you do not install gcc into VE? I'm handling VE almost as ordinary system running on physical HW. Template which come with OpenVZ (at least for Debian which I'm using) is very basic instalation of Linux, I have to install there numerous packages to be able use it for my work. That's why it is called minimal -- it's a boilerplate, so you should use apt-get/aptitude/any-other-tool to install whatever you need on top of that. By the way you can tar the result and use it as a template to create other VEs. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] vzctl start id VE start in progress, vzctl statusVEID exist mounted down, vzctl enter VE is not running
Oh I see. There is an open bug about it already in our bugzilla. http://bugzilla.openvz.org/show_bug.cgi?id=436 Still, I want to resolve this by adding -z argument handling to upstart. I have already asked about it (see http://bugzilla.openvz.org/show_bug.cgi?id=436#c6), but got no reply so far. Perhaps you could ask, too. Stephen Fletcher wrote: Issue was due to running Ubuntu 6.10 Edgy as the guest. I tried re-symlinking mountdir/bin/sh to bash instead of dash but this did not help. Perhaps is due to Edgy using upstart daemon instead on regular init. Soon as I tried Debian sarge as guest it worked fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kirill Korotaev Sent: Tuesday, 23 January 2007 11:19 PM To: users@openvz.org Subject: Re: [Users] vzctl start id VE start in progress, vzctl statusVEID exist mounted down, vzctl enter VE is not running Stephen, Is there anything in dmesg? Thanks, Kirill vzctl version 3.0.14 [EMAIL PROTECTED]:~# uname -a Linux stephens 2.6.18-028test010 #2 PREEMPT Thu Jan 11 18:20:08 EST 2007 i686 GNU/Linux [EMAIL PROTECTED]:~# cat /proc/vz/* Version: 2.7 0 b 016 *:* 0 c 006 *:* 0 077 Version: 2.5 Version: 2.2 VEID user nice system uptime idle strv uptime used maxlat totlat numsched Version: 1.0 cat: /proc/vz/vzaquota: Is a directory qid: pathusage softlimit hardlimit time expire 777: /vz/private/777 1k-blocks 1910485761153434 0 0 inodes 11473 20 22 0 0 [EMAIL PROTECTED]:~# lsmod | grep vz vznetdev 16928 1 vzethdev 10764 0 vzdquota 41748 1 [permanent] vzmon 41988 2 vznetdev,vzethdev vzdev 3972 4 vznetdev,vzethdev,vzdquota,vzmon ipv6 279776 15 vzmon [EMAIL PROTECTED]:~# vzctl start 777 Starting VE ... VE is mounted Adding IP address(es): 192.168.99.2 Setting CPU units: 1000 VE start in progress... [EMAIL PROTECTED]:~# vzctl status VE id is not given [EMAIL PROTECTED]:~# vzctl status 777 VEID 777 exist mounted down [EMAIL PROTECTED]:~# vzctl enter 777 VE is not running [EMAIL PROTECTED]:~# vzctl restore 777 Restoring VE ... Error: No checkpointing support, unable to open /proc/rst: No such file or directory [EMAIL PROTECTED]:~# ifconfig venet0 venet0Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [EMAIL PROTECTED]:~# ip route ethernet0ip/27 dev eth0 proto kernel scope link src ethernet0ip default via localgwip dev eth0 Help? :) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Locales
This forum thread should be helpful. http://forum.openvz.org/index.php?t=msggoto=3166 When you will solve your problem, I suggest you to go to wiki.openvz.org and create an article with the solution. José David Bravo Álvarez wrote: I have a fresh install of OpenVZ and I need to enable ES locales in my VPSs, what I need to do? I need to install the templates first? Thanks for your help ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] error on login
You have to have either /dev/ttyp* /dev/ptyp* devices in your VE, or /dev/ptmx and /dev/pts filesystem mounted, or both. For more info, see http://wiki.openvz.org/Physical_to_VE#.2Fdev_TTY_devices http://wiki.openvz.org/Physical_to_VE#Can.27t_enter_VE Perhaps the separate wiki article is needed for this case... Mantelle Johan wrote: I have the same error : [EMAIL PROTECTED] ~]# vzctl enter 133 entered into VE 133 mesg: error: tty device is not owned by group `tty' [EMAIL PROTECTED] [/]# ls -lrt /dev/tty crw-rw-rw-1 root tty5, 0 Feb 6 09:45 /dev/tty -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of José David Bravo Álvarez Sent: lundi 12 février 2007 13:43 To: users@openvz.org Subject: [Users] error on login [EMAIL PROTECTED] cpbackup]# vzctl enter 101 entered into VE 101 mesg: error: tty device is not owned by group `tty' [EMAIL PROTECTED] [/]# [EMAIL PROTECTED] [/]# ls -l /dev/tty crw-rw-rw- 1 root tty 5, 0 Dec 15 2005 /dev/tty Any idea? thanks for your help. -- José David Bravo Álvarez Gerente General Colombia Hosting Tel. (2) 6832660 ext. 120 Cel. (300) 6174073 Av. 4 # 48n43 Of. 301 http://www.colombiahosting.com.co ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] error on login
This does not looks like something specific to OpenVZ. Still, let me guess. tty device here is not /dev/tty, but either /dev/ttyp* and /dev/ptyp*, or some entry under /dev/pts. mesg is a program to enable/disable receiving messages from other users. It is probably called from one of user's login scripts (/etc/bashrc, /etc/bash_login, /etc/profile or something like that, or their ~/. analogs). This programs is _possibly_ SGID to group tty (run 'ls -l $(which mesg)' to check that), and tries to change the mode of one or several above mentioned files. Since files doesn't belong to group tty, mesg complains. This problem is most probably the problem of a given distribution. Regards, Kir. José David Bravo Álvarez wrote: [EMAIL PROTECTED] cpbackup]# vzctl enter 101 entered into VE 101 mesg: error: tty device is not owned by group `tty' [EMAIL PROTECTED] [/]# [EMAIL PROTECTED] [/]# ls -l /dev/tty crw-rw-rw- 1 root tty 5, 0 Dec 15 2005 /dev/tty Any idea? thanks for your help. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Using NAT for VE with private IPs
Lloyd R. Prentice wrote: Hi, I'm closing in on my first successful install of a VE on openVZ but, having trouble with network configuration. My hardware NODE is behind a firewall connected to a dsl modem. DNSmasq on the firewall supplies a static IP to the hardware NODE. Let's call it hardwareNODE. Following the instructions in: http://wiki.openvz.org/Using_NAT_for_VE_with_private_IPs ...I issued the following command to the hardware NODE: iptables -t nat -A POSTROUTING -s 172.16.0.0/255/255/255/0 -o eth0 -j SNAT --to hardwareNODE Then I entered: iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to hardwareNODE Finally, since my system didn't hve the file /etc/modprobe.conf, I issued the following at the commandline: modprobe ip_conntrack ip_conntrack_enable_ve0=1 Then I rebooted Oops. Why a reboot? All the iptables commands, and modprobe as well, are not taking effect after the reboot. In order to make them persistent, you have to put those in some startup script. , entered a VE and tested by issuing: apt-get update. The system failed resolve the addresses in sources.list. I double checked that I had entered: vzctl set 777 --ipadd 172.16.0.1 --save ...which I had. Any ideas, please, of what I'm doing wrong, or need to do to diagnose and solve the problem? Many thanks, Lloyd R. Prentice ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Patch for openSUSE 10.2 kernels?
Carl-Daniel Hailfinger wrote: Hi, some time ago there was an OpenVZ kernel rpm for openSUSE 10.1 / SLES 10 but I have read in the mail archives that this kernel is no longer recommended and one should use a 2.6.18-based kernel instead. That's fine for me (especially because openSUSE 10.2 also uses 2.6.18), but I can't find an OpenVZ kernel patch which would apply to the openSUSE 10.2 kernel. There are always conflicts and I'm not sure whether it will work even if I fix up these conflicts. Running the RHEL/FC OpenVZ kernel is not really an option because I depend on some of the patches in the openSUSE kernel. Can you please specify exactly what is missing in our stable/devel kernels and is available in openSUSE kernels? Will there be a patch which works on top of the openSUSE 10.2 kernel or a matching kernel rpm? There will be, but I can not give you any timeframe yet. Besides that, I'd like to test OpenVZ on some machines running a vanilla 2.6.20 kernel. Are there plans to support that one or merge more stuff into mainline? Definitely. We will start porting to 2.6.20 in a few weeks. I'm mostly using the network virtualization features and hope the current discussions will lead to a merge in the near future. Regards, Carl-Daniel ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: 2.6.18-ovz028test015 and 2.6.18-ovz028test018 break IPv6
Wolfgang Schnerring wrote: * Michael H. Warfield [EMAIL PROTECTED]: This may not be an OpenVZ problem, per se, though. Some time in the very later part of the 2.6.18 kernel.org release updates, a problem was introduced that broke IPv6. Some patch or another caused nodes to fail to join the all nodes multicast (ff02::1) address. This is critical to IPv6 router discovery and advertisement, neighbor discovery, and autoconfiguration. All fall down go boom. I've raised that same issue here: http://bugzilla.openvz.org/show_bug.cgi?id=476 But even though Den Lunev found and backported the upstream patch (I think from 2.6.20) that fixes the problem, I don't think this ever got into the OpenVZ repository... any update on this? As Kirill said in comment #4 to the bug, this patch goes to 028test019 -- which is not yet released. So you either have to wait till we release 019 (or later) kernel, or use the patch from the bugreport. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] bash segfaulting on 2.6.18
Enrico Weigelt wrote: * Vasily Tarasov [EMAIL PROTECTED] wrote: This is known problem, you've compiled OVZ kernel with CONFIG_PREEMPT. The bug is already fixed, look at: http://bugzilla.openvz.org/show_bug.cgi?id=465 Ok, that fixed the problem. I've added this to the wiki. To me that makes little sense because we have already released a fixed kernel (028test018). ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
Darryl Ross wrote: I've not been able to get migrations working in openvz at all. Care to file a bug report (or two) to bugzilla.openvz.org? I just end up using the same process I use under linux-vserver to migrate guests between machines: rsync once, rsync a second time (to reduce the time stopped), stop the guest, resync a third time, start guest on new host. This is basically what vzmigrate script does (well, there's no intermediate rsync, but it can be added quite easily. I also have some other issues with openvz as well. One is related to the resource limits -- every guest I've built I've had to play with the limits to get the software I need to run. The defaults just don't seem usable. Perhaps those defaults are better suited for a lot of tiny/lightweight VEs. If your VEs are relatively large, I suggest you to either use vzsplit utility to generate an initial config, OR use something like example C from http://wiki.openvz.org/UBC_configuration_examples_table On the other side, the problem with linux-vserver is by default a guest (a VE) is NOT limited, which means you can not give it to an untrusted party without doing some additional work. The OpenVZ idea is like the one for your firewall -- deny all by default, then allow what you need. Here, as well, you start with a limited set of resources, and then tailor those to your environment. Of course it can be changed server-wide by having a different config set as default. One other thing, which isn't really a major issue, just an annoyance, is that if I run netstat or ps on the host it shows me all of the sockets open and programs running, even those inside the guests, whereas under linux-vserver the host machine is a context in it's own right, so they are hidden. There is a two-liner patch available to switch to hide VE processes from VE0 behavior: http://download.openvz.org/contrib/kernel-patches/diff-ve0-proc-own-processes-only My only issue with linux-vserver is the lack of network interface virtualisation, but I've been working around that for so long it's not really that much of an issue for me. My recommendation at this point is still towards linux-vserver. I'm planning on migrating work away from openvz back to linux-vserver as well. What are the reasons (if other than specified above)? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
As per my experience porting to powerpc platform, OpenVZ is easily portable, i.e. it is 95% platform-independent code (not counting the checkpointing functionality, which IS very platform-specific). So, if somebody needs OpenVZ for some currently unsupported platform (say, ARM), they can either do a port themselves, or provide us with a couple of boxes and we will do the port. Mike Holloway wrote: The type of embedded platform you are developing for may steer your decision. I went looking for which cpu architectures are supported by openvz and vserver patches and found this wiki entry. Someone may care to update that entry. http://en.wikipedia.org/wiki/Comparison_of_virtual_machines -mike On Mar 22, 2007, at 4:36 PM, Ian P. Christian wrote: Enrico Weigelt wrote: Hi folks, does anyone known an good compasiron between OVZ + vserver ? I need an virtualization within embedded systems (small devices). I'm not sure this will help - but when I was looking at various visualizations systems, I decided vserver wasn't an option very quickly when I noticed it didn't do migrations. --Ian P. Christian ~ http://pookey.co.uk ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] linux-2.6.20-openvz tree
Carl-Daniel Hailfinger wrote: On 23.03.2007 10:01, Kirill Korotaev wrote: This was possible for years in OpenVZ: man vzctl http://openvz.org/documentation/mans/vzctl.8 Network devices control parameters --netdev_add name move network device from VE0 to a specified VE --netdev_del name delete network device from a specified VE this is exactly the thing you are talking about: you can move eth0 and eth1 to one VE, eth2 and eth3 to another VE and keep eth4 to HN. Great! The OpenVZ wiki seemed to suggest that this was not possible. Can you fix this wiki page? Or at least point me to it, so I can fix? Next time I'll read the man pages and not only the wiki before asking questions. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
Enrico Weigelt wrote: * Darryl Ross [EMAIL PROTECTED] wrote: Hi, One other thing, which isn't really a major issue, just an annoyance, is that if I run netstat or ps on the host it shows me all of the sockets open and programs running, even those inside the guests, whereas under linux-vserver the host machine is a context in it's own right, so they are hidden. I personally prefer that way, so I can easily see what's going on in the VPS. But there should be some additional info from which VPS the stuff is coming from. Maybe the VPS' process names could contain some prefix ie. [${VPSID}]. You can use vzps/vztop utils from vzprocps (http://download.openvz.org/contrib/utils/), whey show VEID. OR, alternatively, you can look up VEID manually from the 'envId' field of /proc/$PID/status file. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ vs. vserver
Enrico Weigelt wrote: * Kir Kolyshkin [EMAIL PROTECTED] wrote: Hi, As per my experience porting to powerpc platform, OpenVZ is easily portable, i.e. it is 95% platform-independent code (not counting the checkpointing functionality, which IS very platform-specific). we probably won't need checkpointing, so I hope it will run on mips ... So, if somebody needs OpenVZ for some currently unsupported platform (say, ARM), they can either do a port themselves, or provide us with a couple of boxes and we will do the port. maybe I'll have a look at it in a few weeks. See http://wiki.openvz.org/Porting_the_kernel Also, you can look up http://git.openvz.org/?p=linux-2.6.18-openvz for patches with PPC prefix in commit subject -- those enable OpenVZ for powerpc arch. Same for sparc -- check for commits from OpenVZ team members with [SPARC] prefix. There are less than ten patches for each arch. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] How to specify my own init program ?
Enrico Weigelt wrote: Hi folks, I'd like to speciy my own init program for an VPS, so I can run my own setup stuff (before the actual init is called) without touching /sbin/init. How can I change the init command per VPS ? Just move /sbin/init to /sbin/init.real, and put your own prog as /sbin/init :) Later you can restore it back. Other way is to modify vzctl :) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Problems w/ busybox's init in VPS
Let's move the discussion to devel@ list. I'm now posting to both, but please remove users@ when replying. Enrico Weigelt wrote: * Enrico Weigelt [EMAIL PROTECTED] wrote: Hi, I've got problems with booting an busybox-based VPS: init does not seem to do anything (at least it does not run the boot scripts) ? I strace'd a little bit, and there are some strange things going on: * init tries to write to fd -1 ! (maybe it didn't get some valid stdio passed on startup) Perhaps it tried to open /dev/console and failed (open() returned -1). * it tries to do some tty specific ioctl()'s on fd 0, which doesn't seem to be an tty (at least it gets ENOTTY) Again that should probably be /dev/console (in case no fds are open the first successful open() _usually_ returns 0). * when reading /etc/inittab, it gets fd 0, so it seems no other fd's (ie. stdin, stdout, stderr) are open ! This (the absense of stdin/out/err) is probably perfectly valid -- since init does not have a parent process, nobody would read/write those fds. * when trying to open /dev/console, it gets permission denied. Ah-ha, probably that is the root of the problem. What if you will create an empty text file named /dev/console? Any suggest what could be wrong here ? cu ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Wrong links for downloads
Jan, Thanks for reporting! I have now finished (hopefully) the restructure of the /download/kernel site area, everything should be OK now. Feel free to check and report any b0rked links though. Jan Tomasek wrote: Hello, on page: http://openvz.org/download/kernel/devel/archives/2.6.18-ovz028stab023.1 are links pointing to: http://download.openvz.org/kernel/devel/028stab023.1/patches/patch-ovz028stab023.1-combined.gz but they should point to: http://download.openvz.org/kernel/branches/2.6.18/stable/patches/patch-ovz028stab023.1-combined.gz Also older releases have same problem. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] IPv6 support in VE
Jan, With venet, you use the same ipadd command, for example: vzctl set VEID --ipadd fc00::01 --save Before that, make sure that * your kernel is compiled with IPv6 * ipv6 module is loaded (if IPv6 is compiled as a module) * IPV6 set to yes in /etc/vz/vz.conf Kirill Korotaev wrote: Jan, venet supports IPv6 addresses as well. it's just an article concerning veth only :) Thanks, Kirill Jan Tomasek wrote: Hello, what is state of IPv6 support inside VE? I found: http://wiki.openvz.org/Virtual_Ethernet_device#Virtual_ethernet_device_with_IPv6 but that looks quite complicated comparing to IPv4 where I just need to use `vzctl --ipadd 1.2.3.4` and that is all. Do I have to go with veth or is there chance how to configure IPv6 on venet? Thanks for sugestions ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Join Our Team at LinuxWorld San Francisco
We're very excited that this year OpenVZ will have exhibit space in the dot-org pavillion of LinuxWorld in San Francisco, August 6-9. We will be showing and demoing OpenVZ server virtualization, answering questions and so on. Here is the best news of all. We can have up to 7 people at our exhibit. While a few OpenVZ developers will come, it will definitely be less than 7. We do not want to stall OpenVZ development. :) We would like the community to participate with us in the event. If you live in California (or can come to this LinuxWorld), are an OpenVZ user and would like to be a part of our team at the OpenVZ exhibit -- you are very welcome to join us! Please email me ([EMAIL PROTECTED]) your details and we'll discuss arrangements. Regards, Kir Kolyshkin on behalf of OpenVZ team. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Failed to compile with enabled Checkpointing restoring Virtual Environments
If you want to try checkpointing in 2.6.20 you can try using ovz008 kernel from git: http://git.openvz.org/?p=linux-2.6.20-openvz;a=summary Thorsten Schifferdecker wrote: Hi Jan, Am Mi, 4.07.2007, 09:38, schrieb Jan Tomasek: [...] I failed to compile linux-2.6.20-ovz007 with enabled Checkpointing restoring Virtual Environments. Compiler says: in version 2.6.20-ovz007 Checkpointing is disabled, see offical kernel config for 2.6.20 at http://download.openvz.org/kernel/branches/2.6.20/current/configs/ but now in git (2.6.20-ovz008) (- http://git.openvz.org/?p=linux-2.6.20-openvz;a=commit;h=1a0f402ff521b49d4fbb297119239db8f6f2e5779 is turned on. Hope this helps. Regards, Thorsten Schifferdecker ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Scripting ve creation
It might be a stupid question, but is that problem caused by the simple fact that there's no terminal created during vzctl exec -- so everything that requires a terminal (for example, any ncurses/slang-based application like top) fails. Possible solution would be to implement execterm command or the like, which is the same as exec but with a terminal. Kirill Korotaev wrote: Steve, Good to know. Anyway I've created a bug http://bugzilla.openvz.org/show_bug.cgi?id=658 so we'll try to reproduce and resolve your issue. Thanks, Kirill Steve Hodges wrote: We have a suitable workaround now. Instead of the creation script running all the installs etc, it writes to an install script in the VE. We then log in to the skeleton VE and run the script. Steve hm... something went differently and there is no such a message in strace :/ can you give me an access to the node to check it? Thanks, Kirill Steve Hodges wrote: The file is on my web server http://steve-is-mucking-about.sexypenguins.com/out.gz I noticed that the command did not terminate and had to be killed (I tried it a number of times with the same result) the command I used was vzctl exec 101 strace -f -o /tmp/out apt-get install exim4 -y thanks Steve On 27/07/2007 9:56 PM, Kirill Korotaev wrote: Can you please run the following command: # vzclt exec 110 strace -f -o /tmp/out apt-get install exim4 and send me /tmp/out file (it will be created inside VE)? Thanks, Kirill P.S. it may require installing strace package first. Steve Hodges wrote: I'm trying to script the creation of a number of VEs. The template is a minimal Debian Etch. part of what I'm trying to do is thinks like: vzctl exec 110 apt-get install exim4 exim is one of those packages that wants to run dpkg-configure as part of the install (actually I think it's dpkg-preconfigure, but it's the same sort of thing) When it gets to that stage it complains that it can't re-open stdin and generally fails to complete the install. Is there any way of executing a whole series of commands like this without having to run them all manually. Some things have to be done from outside the VE too, so just running a script in the VE is problematic :-( Steve ___ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] openvz and 2.6.20
DULMANDAKH Sukhbaatar wrote: Hello all. I'm new to openvz, and trying to install openvz on ubuntu 7.04. But I'm having some problems that I cannot describe here. Is openvz for 2.6.20 kernel is stable? Here http://openvz.org/news/announcements/kernel-2.6.20-20070328 I see that it's already stable, and usable. It is usable, but _probably_ not quite stable, and the text doesn't say that it is stable. What it says is that software [is] for the most recent stable Linux kernel 2.6.20, meaning the mainstream kernel 2.6.20 is stable, but not the OpenVZ kernel based on it. But http://wiki.openvz.org/Download_kernel_2.6.20 and http://openvz.org/download/kernel/ says that it's not stable yet. That's right. Which one is the true information? If it is stable, can I install it on Ubuntu feisty? Is anyone had success running openvz on ubuntu? You definitely can install this on Ububtu, some info is available from http://wiki.openvz.org/Installation_on_Debian (I guess it will work fine for Ubuntu). Still, I recommend to use our stable branch, 2.6.18-based, unless you really want to be on the bleeding edge. Kir. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Odd errors from the kernel
Steve Hodges wrote: On 1/08/2007 1:42 PM, Steve Hodges wrote: I get this during the running of a script that creates a VE. I probably should add that I don't see it very often. This may be the third time. And I've used that same script to create hundreds of VEs (mostly to test the script). What kernel version is it? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] openvz naming conventions; numeric vs symbolic
See vzctl set --name Steve Wray wrote: Hi there, I'm a long time user of Xen virtualisation and have been evaluating OpenVZ as a replacement for certain applications. OpenVZ appears to be technically superior under certain conditions and I hope to iron out the issues that I have come across. The main issue confronting me at this time is scalability of management; OpenVZ may scale well with respect to performance and resource usage but at this time I don't see it scaling well when it comes to management of virtual machines. I am sure that I must be missing something obvious since its a pretty basic issue. I've searched extensively for some info on this but found nothing. The problem? Numeric rather than symbolic identification of virtual machines. When I start a domU (a Xen virtual machine) in Xen I direct 'xm create' at the config file the name of which corresponds to the name of that domU. When I list currently running machines in Xen I see a listing of the names of the Xen domUs and their corresponding numeric IDs. When I create a logical volume for a Xen domU I create that volume based on the name of the corresponding Xen instance. In each case I try to ensure consistency by making the names of the Xen domUs correspond to the hostnames of the servers which those domUs are running. Host foo is on the domU named foo and is in a logical volume named foo. To start domU foo I run 'xm create /etc/xen/domains/foo.conf'. This scales well and makes things very nice and obvious. OpenVZ seems to do away with symbolic names referring in all instances to numeric ids, a bit like not using DNS but putting an IP address into a URL. I have an awful feeling that when the pager goes off at 2am the person on call, bleary-eyed and tired, will make some horrible mistake when trying to mentally map numeric identifiers to server hostnames. This is what I mean by 'not scaling well'. Use of numeric identifiers may work ok when there is only one or two, but when there may be a dozen things will get out of hand. I am sure that there must be a way to use symbolic names instead of numbers in OpenVZ but I can't for the life of me find out how. Thanks! ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] openvz naming conventions; numeric vs symbolic
Steve Wray wrote: Kir Kolyshkin wrote: See vzctl set --name Well thats a nice start. Now, to follow on from that great progress, how do I get it so that the directory where the root filesystem lives corresponds to the name I set instead of the numeric VEID? No standard way. I guess you can create a symlink; something like this: vzctl set $VEID --name $VENAME --save (cd /vz/root ln -s $VEID $VENAME) Same for /vz/private if you need it. Thanks! Steve Wray wrote: Hi there, I'm a long time user of Xen virtualisation and have been evaluating OpenVZ as a replacement for certain applications. OpenVZ appears to be technically superior under certain conditions and I hope to iron out the issues that I have come across. The main issue confronting me at this time is scalability of management; OpenVZ may scale well with respect to performance and resource usage but at this time I don't see it scaling well when it comes to management of virtual machines. I am sure that I must be missing something obvious since its a pretty basic issue. I've searched extensively for some info on this but found nothing. The problem? Numeric rather than symbolic identification of virtual machines. When I start a domU (a Xen virtual machine) in Xen I direct 'xm create' at the config file the name of which corresponds to the name of that domU. When I list currently running machines in Xen I see a listing of the names of the Xen domUs and their corresponding numeric IDs. When I create a logical volume for a Xen domU I create that volume based on the name of the corresponding Xen instance. In each case I try to ensure consistency by making the names of the Xen domUs correspond to the hostnames of the servers which those domUs are running. Host foo is on the domU named foo and is in a logical volume named foo. To start domU foo I run 'xm create /etc/xen/domains/foo.conf'. This scales well and makes things very nice and obvious. OpenVZ seems to do away with symbolic names referring in all instances to numeric ids, a bit like not using DNS but putting an IP address into a URL. I have an awful feeling that when the pager goes off at 2am the person on call, bleary-eyed and tired, will make some horrible mistake when trying to mentally map numeric identifiers to server hostnames. This is what I mean by 'not scaling well'. Use of numeric identifiers may work ok when there is only one or two, but when there may be a dozen things will get out of hand. I am sure that there must be a way to use symbolic names instead of numbers in OpenVZ but I can't for the life of me find out how. Thanks! ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] openvz naming conventions; numeric vs symbolic
Steve Wray wrote: Kir Kolyshkin wrote: Steve Wray wrote: Kir Kolyshkin wrote: See vzctl set --name Well thats a nice start. Now, to follow on from that great progress, how do I get it so that the directory where the root filesystem lives corresponds to the name I set instead of the numeric VEID? No standard way. I guess you can create a symlink; something like this: vzctl set $VEID --name $VENAME --save (cd /vz/root ln -s $VEID $VENAME) Same for /vz/private if you need it. I did find that after one has created a virtual machine configuration one can edit its config file and add: VE_ROOT=/var/lib/vz/root/vz1 VE_PRIVATE=/var/lib/vz/private/vz1 for example. Both VE_ROOT and VE_PRIVATE can be set in vzctl create (--root and --private options). If you want to change those values later (either by using vzctl set or by editing a configuration file) you also have to move the existing directories (otherwise it won't make sense) -- something like this: vzctl stop $VE vzctl umount $VE mv /vz/private/$VE $NEW_VE_PRIVATE rmdir /vz/root/$VEID mkdir $NEW_VE_ROOT vzctl set $VE --root $NEW_VE_ROOT --private $NEW_VE_PRIVATE Now, if you need those symlinks, move them as well. vzlist -oname $VEID should tell you the name of your VE if you want to script this operation. I have yet to figure out the 'vzctl create' commands though; they appear to require an OS template tarball. Yep. There are a lot of such tarballs available from http://download.openvz.org/template/precreated/ http://download.openvz.org/template/precreated/contrib/ While I dropped a root filesystem tarball into the required place, vzctl create didn't like it. Well, it should be a normal root filesystem tar.gz file, better having Linux distro at the beginning of a filename (this is how vzctl guesses which distro is it -- for distro-dependent operations like IP configuration). So you'd better name your tarball like debian-4-${whatever}.tar.gz Other problems that may be with your tarball are: - it's tar.bz2 tarball - it's missing some really required stuff like system libs or /sbin/init - it's not a root filesystem, for example all the filenames are prefixed with /root or smth. Finally, in some cases you need to do some modifications; those should be described in http://wiki.openvz.org/Physical_to_VE. I'll keep plugging away. OpenVZ looks pretty good for performance scaleability but what I'd love to see is better management scaleability. If there are any tools which abstract away some of the detail for management of multiple virtual machines I'd like to know. I did try easyvz (http://sourceforge.net/projects/easyvz) but there were problems with the python dependencies. I run Debian Etch; when I tried to run the gui there were issues with strange characters in the python script. OpenVZ is more of a virtualization technology with good CLI. If you are looking for a high-level GUI, you'll have to develop one, or join some other team developing GUI for OpenVZ (those should be listed at http://wiki.openvz.org/Control_panels), or use Virtuozzo which comes with a few GUIs. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] openvz naming conventions; numeric vs symbolic
Gregor Mosheh wrote: Steve Wray wrote: Steve Wray wrote: There seems to be a slight inconsistency across the tool set here. vzctl does respect the given 'name' however vzquota does not appear to and seems to require the numeric id. Quite true. Did you check the bugtracker for the project, or log that as a bug? I'd love to see that fixed! Can you tell me the use case for that? I mean, I never use vzquota directly; it's vzctl that calls it whenever needed. I guess you use vzquota show or vzquota stat and want to use VE name instead of ID, is that right? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] openvz naming conventions; numeric vs symbolic
Steve Wray wrote: Kir Kolyshkin wrote: Gregor Mosheh wrote: Steve Wray wrote: Steve Wray wrote: There seems to be a slight inconsistency across the tool set here. vzctl does respect the given 'name' however vzquota does not appear to and seems to require the numeric id. Quite true. Did you check the bugtracker for the project, or log that as a bug? I'd love to see that fixed! Can you tell me the use case for that? I mean, I never use vzquota directly; it's vzctl that calls it whenever needed. I guess you use vzquota show or vzquota stat and want to use VE name instead of ID, is that right? Well, on the basis that consistency is a Good Thing, yes. I'm only just getting started with OpenVZ so am unsure of the real use case for this. But I am busily finding the things that confuse, confound or seem inconsistent :) OK, I filed a bug for vzquota with minor severity, it will eventually be fixed: http://bugzilla.openvz.org/show_bug.cgi?id=668 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] swap space?
E Frank Ball III wrote: On Wed, Aug 22, 2007 at 11:18:53AM +1200, Steve Wray wrote: Hi there, I'm noticing that 'free' shows no swap space in a VE. Is this something thats abstracted away (ie the VE gets to use the hosts swap as needed) or is there a way to configure swap availability for each VE? kernel 2.6.18-ovz028stab039.1-smp: no swap, RAM = PRIVVMPAGES*256 kernel 2.6.18-8.el5.028stab031.1: swap = host swap, RAM = host RAM This does not seem right. This is not the kernel, this is just meminfo virtualization plus newer vzctl which has --meminfo privvmages:1 by default. I haven't done much with the el5 kernel yet, my server is still using 2.6.18-ovz028stab039.1-smp. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Can not allocate memory
1. See http://wiki.openvz.org/Resource_shortage 2. Network traffic can be limited by standard Linux tools, i.e. tc. See http://wiki.openvz.org/Traffic_shaping_with_tc Leoman wrote: Hi all, I installing a new openvz on debian etch via this document [1]. I create a new virtual machine this [1] configrations. Ok, my vps running normally because i'm try to installing VHCS CP. I have got any error when installation time but i can see not running bind dns server. I try to starting manually (/etc/init.d/bind9 start) but i get Starting domain name service...: bind/etc/init.d/bind9: line 24: /bin/mkdir: Cannot allocate memory /etc/init.d/bind9: line 25: /bin/chmod: Cannot allocate memory /etc/init.d/bind9: line 26: /dev/null: Too many open files in system /etc/init.d/bind9: fork: Cannot allocate memory errors. /bin/mkdir is running normally. (mkdir /root/test, ok) Same problem for proftpd, /etc/init.d/proftpd: line 13: /bin/grep: Cannot allocate memory /etc/init.d/proftpd: fork: Cannot allocate memory Starting ftp server: proftpd/etc/init.d/proftpd: line 94: /sbin/start-stop-daemon: Cannot allocate memory failed! Why i get this erros. And How can I limited inbound and outbound network traffic per vps? Thanks all. uname -a : Linux vps01 2.6.18-openvz-12-1etch1-686 #1 SMP Sat May 5 00:26:59 CEST 2007 i686 GNU/Linux Links : [1] http://wiki.openvz.org/Installation_on_Debian Configs: [1] /etc/vz/conf/1.conf ONBOOT=yes # UBC parameters (in form of barrier:limit) # Primary parameters AVNUMPROC=40:40 NUMPROC=65:65 NUMTCPSOCK=80:80 NUMOTHERSOCK=80:80 VMGUARPAGES=131072:153600 # Secondary parameters KMEMSIZE=2752512:2936012 TCPSNDBUF=319488:524288 TCPRCVBUF=319488:524288 OTHERSOCKBUF=132096:336896 DGRAMRCVBUF=132096:132096 OOMGUARPAGES=6144:2147483647 # Auxiliary parameters LOCKEDPAGES=32:32 SHMPAGES=8192:8192 PRIVVMPAGES=49152:53575 NUMFILE=2048:2048 NUMFLOCK=100:110 NUMPTY=16:16 NUMSIGINFO=256:256 DCACHESIZE=1048576:1097728 DCACHESIZE=1048576:1097728 PHYSPAGES=0:2147483647 NUMIPTENT=128:128 # Disk quota parameters (in form of softlimit:hardlimit) DISKSPACE=10485760:10485760 DISKINODES=20:22 QUOTATIME=0 # CPU fair sheduler parameter CPUUNITS=1000 VE_ROOT=/var/lib/vz/root/$VEID VE_PRIVATE=/var/lib/vz/private/$VEID OSTEMPLATE=debian-4.0-i386-minimal ORIGIN_SAMPLE=vps.basic IP_ADDRESS=x.x.x.x CPULIMIT=100 HOSTNAME=mirror.test.net NAMESERVER=4.2.2.1 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] error using vi in VE but no beans?
Steve Hodges wrote: On 27/08/2007 9:16 AM, Gregor Mosheh wrote: Steve Hodges wrote: E297: Write error in swap file E303: Unable to open swap file for rc.local, recovery impossible rc.local 17 lines, 387 characters That's vi saying that it can't save a backup of the file (yeah, swap file really intuitive) That's probably just a permissions issue. Are you able to manually create and then delete a fake swap file named .rc.local.swp ? It turned out to be a disk quota issue. GOOD: the VE didn't chew up all the available disk space (as it would have in a couple of hours) BAD: the violation of the disk quota doesn't show up in user_beancounters It shows in df (or df -i) -- standard UNIX/Linux tool; it is all described in http://wiki.openvz.org/Resource_shortage (which I guess I should add to must read category. See, ff there is a standard way of seeing something, why invent something new and unique? For disk space there is such a tool, for beancounters there was no, since beancounters only appeared in OpenVZ. From the host system though there is a way to see all per-VE disk quotas and their usage -- cat /proc/vz/vzquota ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Kernel 2.6.22-6 and patch-ovz002.1-combined.gz
2.6.22 ovz kernel is in early alpha, and chechpointing functionality is not yet fully ported. For now, you have to deselect it if you want to try compiling that kernel. Also note the latest 2.6.22 patches can be found in git.openvz.org. Albert Czarnecki wrote: Hi I trying compiling kernel 2.6.22-6 and patch patch-ovz002.1-combined.gz http://download.openvz.org/kernel/branches/2.6.22/2.6.22-ovz002.1/patches//patch-ovz002.1-combined.gz but I having some error CC [M] kernel/cpt/cpt_dump.o kernel/cpt/cpt_dump.c: In function 'check_process_external': kernel/cpt/cpt_dump.c:129: error: 'struct pid' has no member named 'ns' kernel/cpt/cpt_dump.c:131: error: 'struct pid' has no member named 'ns' kernel/cpt/cpt_dump.c:133: error: 'struct pid' has no member named 'ns' kernel/cpt/cpt_dump.c:171:31: error: macro find_task_by_pid_ns requires 2 arguments, but only 1 given kernel/cpt/cpt_dump.c: In function 'vps_stop_tasks': kernel/cpt/cpt_dump.c:171: error: 'find_task_by_pid_ns' undeclared (first use in this function) kernel/cpt/cpt_dump.c:171: error: (Each undeclared identifier is reported only once kernel/cpt/cpt_dump.c:171: error: for each function it appears in.) kernel/cpt/cpt_dump.c:184: warning: implicit declaration of function 'virt_pid' kernel/cpt/cpt_dump.c:199: warning: implicit declaration of function 'process_vgroup' kernel/cpt/cpt_dump.c:205: warning: implicit declaration of function 'process_vsession' kernel/cpt/cpt_dump.c:592:30: error: macro find_task_by_pid_ns requires 2 arguments, but only 1 given kernel/cpt/cpt_dump.c: In function 'vps_collect_tasks': kernel/cpt/cpt_dump.c:592: error: 'find_task_by_pid_ns' undeclared (first use in this function) kernel/cpt/cpt_dump.c:1129:30: error: macro find_task_by_pid_ns requires 2 arguments, but only 1 given kernel/cpt/cpt_dump.c: In function 'cpt_vps_caps': kernel/cpt/cpt_dump.c:1129: error: 'find_task_by_pid_ns' undeclared (first use in this function) make[3]: *** [kernel/cpt/cpt_dump.o] Błąd 1 make[2]: *** [kernel/cpt] Błąd 2 make[1]: *** [kernel] Błąd 2 make[1]: Opuszczenie katalogu `/usr/src/linux-2.6.22.6' make: *** [debian/stamp-build-kernel] Błąd 2 gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) System is a debian etch 4.0 / Albert ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] linux-2.6.22 from git.openvz.org
Plz file a bug for that (to bugzilla.openvz.org), and attach your .config. Albert Czarnecki wrote: Hi Now I trying compiling kernel from git.openvz.org but I have some error Building modules, stage 2. MODPOST 933 modules WARNING: wrmsr_on_cpu [arch/i386/kernel/cpu/cpufreq/speedstep-centrino.ko] undefined! WARNING: rdmsr_on_cpu [arch/i386/kernel/cpu/cpufreq/speedstep-centrino.ko] undefined! WARNING: wrmsr_on_cpu [arch/i386/kernel/cpu/cpufreq/p4-clockmod.ko] undefined! WARNING: rdmsr_on_cpu [arch/i386/kernel/cpu/cpufreq/p4-clockmod.ko] undefined! make[2]: *** [__modpost] Błąd 1 make[1]: *** [modules] Błąd 2 make[1]: Opuszczenie katalogu `/usr/src/linux-2.6.20-openvz' make: *** [debian/stamp-build-kernel] Błąd 2 Any ideas? Albert ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Debian - Odd, hopefully minor, machine name / prompt issue
Jim, Can you run hostname on the host system and inside a couple of VEs? Do they show the same or different hostnames? Jim Archer wrote: Hi All... I just upgraded the kernel on my machine from: actual:/home/jim/openvz/kernels# uname -a Linux actual.registrationtek.com 2.6.18-openvz-12-1etch1-amd64 #1 SMP Fri May 4 23:37:24 MSD 2007 x86_64 GNU/Linux To: vps5000:~# uname -a Linux vps5000.regtek.com 2.6.18-openvz-13-39.1d1-amd64 #1 SMP Mon Sep 3 10:11:00 MSD 2007 x86_64 GNU/Linux I did this because I have been having a memory consumption problem with Exim4 I was hoping to resolve. I had been told that the Exim4 memory issue was a known issue and was fixed in later kernels. Anyhow, I installed the new kernel using dpkg -i and it seems to install fine, with no warnings or errors. It boots and runs fine, even iSCSI. But, the odd issue is that the machine name in the prompt is wrong. As you can see from above, it went from: actual# To: vps5000# The name of the machine in /etc/hostname is actual and vps5000 is the highest number vps I have. Is this a serious issue or can I safely ignore it? Thanks... Jim ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Physical server to OpenVZ
P2V migration is described in http://wiki.openvz.org/Physical_to_VE, that involves some manual tuning. V2P is also possible but don't make much sense to me -- it's way better to use VE than a real server. Stefan Kok wrote: Hi List I am brand new to OpenVZ. I will get straight to the point. I want to backup physical servers on remote sites with tar/dump and restore them at our central office to virtual machine. Once disaster strikes move the virtual server to a new physical server and transport it to the remote office. My question: 1) Is this possible (backup physical server and restore to virtual) ? 2) If so is there any documentation / HOWTO's or pointers that you could give please ? Thanks in advance. Regards Stefan. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] linux-2.6.22-ovz004
Michael H. Warfield wrote: Looking at the GIT tree it looks like 2.6.22-ovz004 was released 4 days ago. That should have the fixes for netfilter, correct? Should be clear from GIT log. Well, I don't see any. Do you mean some known bugs? Any bug ##s? Any idea when it's going to appear on the site? We release kernels only after QA is done, more to say, we do not release every kernel we tag in GIT. For ovz004 it's still in progress, we're aiming for next week. I need 2.6.22 for the TCP_MD5SUM option (for bgp route advertising) and I need ovz004 to get netfilter going. I've also noticed that CONFIG_IPV6_SIT is not set in the 2.6.22 (or other development) builds. Anyone know if there is some problem there? Just file a bug asking to enable this option, telling why you need it and which kernels have it enabled. Yes, I need that too and will probably end up recompiling the kernel just for that - it'ss default enabled in the EL kernels and Fedora kernels. Mike ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] any openvz-on-xen users?
As you might know already, since 028stab045 kernel from RHEL5 branch we support Xen architecture. That basically means one can run OpenVZ kernel on top of Xen hypervisor, in both DomU and Dom0. My quick question/request is: if you are using it (or want to), please let me know. Regards, Kir. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] boot error - unable to mount root fs on unknown-block(0, 0)
Ian jonhson wrote: You probably configured your kernel incorrectly (missing initrd, device of filesystem drivers?). Try installing a pre-built kernel image instead, it's more likely to be bootable without problems. Where can I get the pre-built kernel image? http://debian.systs.org I suppose. The wiki page you referred gives info about how to configure this. After install the kernel-patch, the system compiled the kernel and created the optional item in /boot/grub/menu.lst. What I had done is under the instructions of openvz wiki. Is there something wrong? These instructions are OpenVZ-specific, i.e. they only recommend openvz-specific options in kernel config. Any other kernel config options (there are a lot of) are on your own. One simple example of what could be done wrong -- if you haven't enabled support for SATA disks, and your HDD is SATA you are in trouble. So, if you are not experienced in kernel recompilation, you'd be better of with precompiled kernel. Thanks in advance. Hope that helps, Kir. Best Regards, Ian ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: AW: [Users] any openvz-on-xen users?
Dietmar Maurer wrote: As you might know already, since 028stab045 kernel from RHEL5 branch we support Xen architecture. That basically means one can run OpenVZ kernel on top of Xen hypervisor, in both DomU and Dom0. My quick question/request is: if you are using it (or want to), please let me know. That sounds interesting - the question is if I can still control all recources (cpuunits, memory)? It's still the same, it's just you have Xen and OpenVZ at the same time, so you can have Xen domains as well as OpenVZ VEs (with OpenVZ itself being in one of Xen domains). Hope you get the picture I am also interested in a KVM/OpenVZ combination - is that feasable? To my mind, KVM is still not mature enough for that. Having said that, in theory I see nothing against that -- OpenVZ can definitely coexist with KVM as well as it does now with Xen. - Dietmar ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: Fwd: [Users] boot error - unable to mount root fs on unknown-block(0, 0)
Have you enabled IP forwarding (as per http://wiki.openvz.org/Quick_installation#sysctl)? Are you using real IP for your VE? Ian jonhson wrote: Thank you very much~~ But it seems that I can not connect internet in VE. It is OK when ping to its host system, however when ping external IP address, it dumps. I google the internet to find how to set the netwrok in VE, but I can not find any hint to do it. Could anybody give some advices how to configure network? Thanks again, Ian On 10/18/07, Kirill Korotaev [EMAIL PROTECTED] wrote: Ian, just like to any other usual machine using ssh from your workstation. 1. assign IP address to some VE using ve0# vzctl set VEID --ipadd VEIP --save 2. just in case, check that VE is pingable from your workstation: ws# ping VEIP 3. just in case, check that VE is running sshd service: ve0# vzctl exec VEID ps axf | grep sshd if it is not running sshd then enter to VE using vzctl enter command and install/start sshd service. 4. don't forget to set root user password ve0: vzctl set VEID --userpasswd root:mypassword 5. now you can login to VE as to usual machine using it's IP Kirill Ian jonhson wrote: -- Forwarded message -- From: Ian jonhson [EMAIL PROTECTED] Date: Oct 18, 2007 2:17 PM Subject: Re: [Users] boot error - unable to mount root fs on unknown-block(0, 0) To: [EMAIL PROTECTED] Thank you very much! I have created my own VE, however how can I login VE by ssh? I used the IP setting described in http://wiki.openvz.org/Installation_on_Debian. Thanks again, Ian On 10/17/07, E Frank Ball III [EMAIL PROTECTED] wrote: On Wed, Oct 17, 2007 at 12:20:01PM +0800, Ian jonhson wrote: Where can I get the pre-built kernel image? http://download.openvz.org/debian/dists/etch/main/binary-i386/base/ In your sources list add: deb http://download.openvz.org/debian etch main I added the line in source.list, but apt-cache search said it can not open the website. apt-cache search linux-image-2.6.18-openvz shows the openvz kernels for me. I'm using linux-image-2.6.18-openvz-13-39.1d2-686_028.39.1d2_i386.deb I opened the link given above and found the image file, but I don't know how to use it after download the image file. Could you give me some advices? If you manually downloaded it then install it with dpkg -i linux-image-2.6.18-openvz-13-39.1d2-686_028.39.1d2_i386.deb -- E Frank Ball[EMAIL PROTECTED] ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: installation on sles10sp1/x86_64
Sebastian Reitenbach wrote: In case I do not need them, I installed vzyum --nodeps and I downloaded the opensuse-10-x86_64-default.tar.gz from http://download.openvz.org/template/precreated/, and put it into /vz/templates/cache. Well, it is in /vz/template/cache, above is a typo. but vzpkgls just shows me one empty line, the same with vzpkgls -c This is still the same, vzpkgls --cached still only produces an empty line on as its output. vzpkgls is for those templates which have metadata installed. vzpkgls -c is listing those with both metadata and cache existing. If you need to list template caches only, ls /vz/template/cache should be sufficient, no special tool is required :) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] PATCH for small cron prob. in /etc/init.d/vz
I see that as a workaround. We'd better find a reason why it happens that way. Can you demonstrate that mtime of /etc/cron.d is not changed? PS please consider subscribing for users@ Gerald Villemure wrote: The init script in vzctl-3.0.18 installs the file: /etc/cron.d/vz as part of its startup, what is strange as that on CentOS5 at least the last mod of the folder /etc/cron.d is NOT updated! What this means its that CRON does not know about the new file as as such does not run it. Hope this info helps, Gérald Here is a quick patch to fix the prob: --- /etc/init.d/vz_orig 2007-07-31 16:54:05.0 -0400 +++ /etc/init.d/vz 2007-11-17 01:56:30.0 -0500 @@ -131,6 +131,7 @@ [ -d $SRC_CRONSCRIPT_DIR ] || return cat $SRC_CRONSCRIPT_DIR/vz* $DST_CRONSCRIPT_DIR/vz \ chmod 644 $DST_CRONSCRIPT_DIR/vz + touch -m $DST_CRONSCRIPT_DIR } remove_cron() ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Talking to a SCSI tape device from VPS
Jim Archer wrote: Is there any reason that software running in a VPS would be unable to drive a tape device, so a backup server could run in a VPS? Never tried that, but looks like this is possible by giving a VE an access to the device you want using --devnodes option of vzctl set. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Venet's ips disappearing...
Kirill Korotaev wrote: Dariush Pietrzak wrote: BTW... does your host system uses DHCP or static IP assigned? aaah, now that you mention it, this is the only dhcp-configured machine with openvz I've got around... and today I disabled DHCP server and few hours later noticed the problem with openvz. This might be it, and it would explaing non-immediate connection with networking problems. Thanks. Yep. DHCP client tries to be too smart :/ I've added this KB: http://wiki.openvz.org/Networking:_disappering_routes_in_HN The proper URL now is http://wiki.openvz.org/Disappearing_routes_in_HN ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE fails to stop
This is probably a problem with VE start, not stop. VE started badly and can not stop. This is known issue (a bad interaction of Ubuntu's upstart (init replacement) and vzctl) which is fixed in upcoming vzctl release, see http://bugzilla.openvz.org/662 Now you have three options: 1. Wait for next vzctl release (should happen real soon now). 2. Replace upstart with init (sysvinit) inside a VE 3. Rebuild vzctl either from GIT or just adding the patch from git linked from bug #622. Cliff Wells wrote: Hardware: dual Opteron 242 Kernel: linux-2.6.18-openvz-028.049 Host OS: Gentoo Guest OS: ubuntu-7.10-i386-minimal Both host and VE are fresh installs. I noticed that vzctl stop 101 would fail with Stopping VPS ... Unable to stop VPS, operation timed out This of course also prevented me from properly shutting down the system (power off required). I found a post [1] that seemed related, which led to investigating halt commands: vps1 ~ # vzctl enter 101 [EMAIL PROTECTED]:/# halt -p shutdown: Unable to send message: Connection refused [EMAIL PROTECTED]:/# halt shutdown: Unable to send message: Connection refused [EMAIL PROTECTED]:/dev# halt -fp got signal 9 exited from VE 101 vps1 ~ # Does this appear to be a problem with OVZ or with the guest template? [1] http://forum.openvz.org/index.php?t=msggoto=6354; ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE fails to stop
Cliff Wells wrote: On Tue, 2007-12-11 at 19:35 +0300, Kir Kolyshkin wrote: This is probably a problem with VE start, not stop. VE started badly and can not stop. This is known issue (a bad interaction of Ubuntu's upstart (init replacement) and vzctl) which is fixed in upcoming vzctl release, see http://bugzilla.openvz.org/662 Now you have three options: 1. Wait for next vzctl release (should happen real soon now). 2. Replace upstart with init (sysvinit) inside a VE 3. Rebuild vzctl either from GIT or just adding the patch from git linked from bug #622. I installed vzctl from git. This seems to solve the problem with the VE starting and stopping. However, after the VE is run once, the network refuses to come up unless I delete the VE's IP address and add it again: vps1 ~ # vzctl start 106 Starting VE ... VE is mounted Adding IP address(es): 10.10.10.106 Setting CPU units: 1584 Configure meminfo: 72498 Set hostname: vz106 File resolv.conf was modified VE start in progress... vps1 ~ # vzctl enter 106 entered into VE 106 id: cannot find name for group ID 11 [EMAIL PROTECTED]:/# ip addr 1: lo: LOOPBACK,UP,1 mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 3: venet0: BROADCAST,POINTOPOINT,NOARP,UP,1 mtu 1500 qdisc noqueue link/void inet 127.0.0.1/32 scope host venet0 inet 10.10.10.106/32 scope global venet0:0 [EMAIL PROTECTED]:/# ping google.com PING google.com (72.14.207.99) 56(84) bytes of data. 64 bytes from eh-in-f99.google.com (72.14.207.99): icmp_seq=1 ttl=238 time=98.8 ms 64 bytes from eh-in-f99.google.com (72.14.207.99): icmp_seq=2 ttl=238 time=99.1 ms 64 bytes from eh-in-f99.google.com (72.14.207.99): icmp_seq=3 ttl=238 time=98.1 ms --- google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 98.106/98.696/99.138/0.504 ms [EMAIL PROTECTED]:/# logout exited from VE 106 vps1 ~ # vzctl stop 106 Stopping VE ... VE was stopped VE is unmounted vps1 ~ # vzctl start 106 Starting VE ... VE is mounted Adding IP address(es): 10.10.10.106 Setting CPU units: 1584 Configure meminfo: 72498 Set hostname: vz106 File resolv.conf was modified VE start in progress... vps1 ~ # vzctl enter 106 entered into VE 106 id: cannot find name for group ID 11 [EMAIL PROTECTED]:/# ping google.com ping: unknown host google.com [EMAIL PROTECTED]:/# ip addr 1: lo: LOOPBACK mtu 16436 qdisc noop link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3: venet0: BROADCAST,POINTOPOINT,NOARP mtu 1500 qdisc noop link/void [EMAIL PROTECTED]:/# If I exit the VE and delete/re-add the IP address it starts working again: vps1 ~ # vzctl set 106 --ipdel all --save Deleting IP address(es): Adding IP address(es): Saved parameters for VE 106 vps1 ~ # vzctl set 106 --ipadd 10.10.10.106 --save Adding IP address(es): 10.10.10.106 Saved parameters for VE 106 vps1 ~ # vzctl enter 106 entered into VE 106 id: cannot find name for group ID 11 [EMAIL PROTECTED]:/# ping google.com PING google.com (64.233.187.99) 56(84) bytes of data. 64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=1 ttl=237 time=76.8 ms Could this be another problem with upstart? I am investigating the problem right now, will keep you updated. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE fails to stop
Cliff Wells wrote: On Thu, 2007-12-13 at 19:02 +0300, Kir Kolyshkin wrote: OK, here's what I found concerning ubuntu-7.10 VE vs. OpenVZ. Seems to work fine. Minor nit would be the unknown group 11. I did a 'find -gid 11' and it turned up a bunch of /dev/fd* stuff with that GID, but chowning them to root didn't get rid of the message. This message (id: cannot find name for group ID 11) comes from id binary which is executed from /etc/profile during user login (or vzctl enter). Since root belongs to group 11, id tries to get the name of the group. The line about group with ID of 11 is absent from /etc/group. I'm not sure why. Since you found out some /dev/fd* files belong to the group, I guess group name should be something like 'floppy'. I guess that adding something like floppy:x:11: to /etc/group should fix the issue. I will file a bug to ubuntu about that, but generally it should be harmless as it is. Networking now seems to work fine. I was a bit curious about the results of 'mount': vps1 ~ # vzctl enter 108 entered into VE 108 id: cannot find name for group ID 11 [EMAIL PROTECTED]:/# mount simfs on / type simfs (rw,noatime) proc on /proc type proc (rw,nosuid,nodev,noexec) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec) tmpfs on /var/run type tmpfs (rw,nosuid,nodev,noexec) tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,noexec) tmpfs on /dev/shm type tmpfs (rw) devpts on /dev/pts type devpts (rw) tmpfs on /var/run type tmpfs (rw,nosuid,nodev,noexec) tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,noexec) [EMAIL PROTECTED]:/# It looks as if perhaps the tmpfs's are being mounted twice now? Yep, first time they do it in /etc/init.d/mountkernfs.sh, then in /etc/init.d/mountall.sh (calling pre_mountall function from sourced /lib/init/mount-functions.sh) they bind-mount both /var/run and /var/lock to under /dev/shm. That is why we see what we see. I am not touching that stuff now because I already learned they assume a lot of things (like /var/run is clean after reboot) and one can open a can of worms breaking their assumptions. Still I don't understand why they mount twice and I will file a bug about it. Overall this is much better than it was before. Hope so :) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE fails to stop
Kir Kolyshkin wrote: Cliff Wells wrote: On Thu, 2007-12-13 at 19:02 +0300, Kir Kolyshkin wrote: OK, here's what I found concerning ubuntu-7.10 VE vs. OpenVZ. Seems to work fine. Minor nit would be the unknown group 11. I did a 'find -gid 11' and it turned up a bunch of /dev/fd* stuff with that GID, but chowning them to root didn't get rid of the message. This message (id: cannot find name for group ID 11) comes from id binary which is executed from /etc/profile during user login (or vzctl enter). Since root belongs to group 11, id tries to get the name of the group. The line about group with ID of 11 is absent from /etc/group. I'm not sure why. Since you found out some /dev/fd* files belong to the group, I guess group name should be something like 'floppy'. I guess that adding something like floppy:x:11: to /etc/group should fix the issue. I will file a bug to ubuntu about that, but generally it should be harmless as it is. Well, apparently the problem is way different. They do have floppy group, but with a different GID. The problem is it looks like MAKEDEV script used by debootstrap to create devices is using host system's /etc/groups, thus /dev/fd* has a group ID of 11, which is 'floppy' on my host Gentoo system I use to bootstrap this template. So, this looks like a bug in debootstrap. It looks as if perhaps the tmpfs's are being mounted twice now? Yep, first time they do it in /etc/init.d/mountkernfs.sh, then in /etc/init.d/mountall.sh (calling pre_mountall function from sourced /lib/init/mount-functions.sh) they bind-mount both /var/run and /var/lock to under /dev/shm. That is why we see what we see. I am not touching that stuff now because I already learned they assume a lot of things (like /var/run is clean after reboot) and one can open a can of worms breaking their assumptions. Still I don't understand why they mount twice and I will file a bug about it. Apparently they do want it that way https://bugs.launchpad.net/ubuntu/+source/sysvinit/+bug/163956 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Virtual Ethernet device
Dietmar Maurer wrote: Hi all, i am trying to setup a veth as described in: http://wiki.openvz.org/Virtual_Ethernet_device but vznetcfg script alwasy returns: According to /etc/vz/conf/.conf VE has no veth IPs configured. Seems vznetcfg script has some errors, because it simply calls EXTERNAL_SCRIPT without parsing parameters, i.e. VEID is not set. Or do I miss something? From what I see, VEID is passed to vznetcfg via environment variable, and vznetcfg script itself exports VEID before calling EXTERNAL_SCRIPT -- so it should work at least in theory :) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Apache and MySQL together in VE not runnig reliable?
Any lines with failcnt0 in /proc/user_beancounters for the problematic VE? stepken wrote: Hi! We discovered, that apache and mysql running together in a VE will hang (sometimes apache, sometimes mysql), when coming close to reserved memory limit. What could have caused this phenomenon? We are working with stable gentoo distribution, uptodate. tnx in advance, Guido Stepken ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] vzctl --cpus causes strange load in top
stepken wrote: vzctl –cpus causes strange load metering: ...skipped... System: Gentoo + stable openvz kernel - runs fine so far As Vasily points out, this bug is fixed in 051 kernel. On a Gentoo system if you want to upgrade to 051, you have to do the following (as root): # To enable ebuilds not marked as unstable echo sys-kernel/openvz-sources /etc/portage/package.keywords # To emerge this kernel (they have changed numbering) emerge --oneshot =sys-kernel/openvz-sources-2.6.18.028.051 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] no internet inside ve
dny wrote: hi all. just start trying openvz. i follow everything from the openvz wiki. everything installed ok on latest updated centos 5.1 i can start and ping and enter and ssh into ve. but, once inside ve, i dont have internet. cant ping anywhere except the host. Do you try to ping using IPs or hostnames? Is name resolving working? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] How to reset the failcnt?
Jorge Fuertes wrote: After modify the kmemsize we want to know if we get more fails at /proc/user_beamcounters. Can we reset the failcnt to see the new errors? Please see http://wiki.openvz.org/UBC_failcnt_reset ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Shell job control in VEs
Tim Hudson wrote: Kir Kolyshkin wrote: I have just checked and it works for me (using kernel 2.6.18-028stab051). Could you try using 2.6.18 (i.e. stable) kernels, or 2.6.24? Note that 2.6.20 (as well as 2.6.22) is frozen and unsupported. Thanks for the quick response! As you suspected it works fine in 2.6.18-ovz-028stab051.1-smp - but I had problems with building that release from source Can you elaborate here? which is why I moved to the same kernel release as the base Ubuntu 7.04 was using as I had no particular kernel version preference. I do have other modules I need to compile up ...and here? - hence the issue with compiling which lead me to a newer kernel release. How 'stable' is the 2.6.24 release in terms of usage and known issues? It hasn't been tested much yet, and still in very active development. We have an intention to make it stable though. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] IPv6 ??
Can you give us the the output of /sbin/ip a l and fgrep ADDRESS /etc/vz/conf/*.conf command run on your hardware node? Perhaps the problem is that the network interface(s) that is/are present on the hardware node do not belong to the same IP subnets as your VEs. Dmitry, Maybe it makes sense to add a warning if vz_get_neighbour_devs() returns an empty list, with the URL to a wiki page with long explanation? Jan Tomasek wrote: Hi, problem was caused by setting: # Controls which interfaces to send ARP requests and modify APR tables # on. NEIGHBOUR_DEVS=detect this option arived with vzctl version 3.0.22 when I was upgrading from 3.0.18-1dso1. After I removed that option and restarted HW node all IPv6 hosts get imediately online. Ufff! :) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Shell job control in VEs
I have just checked and it works for me (using kernel 2.6.18-028stab051). Could you try using 2.6.18 (i.e. stable) kernels, or 2.6.24? Note that 2.6.20 (as well as 2.6.22) is frozen and unsupported. Tim Hudson wrote: I've got openvz setup and operating nicely with three VEs (ubuntu7.10, centos4, redhat9) - but shell job control does not work in any of them. ^Z should suspend the current command inside the VE when in a shell where you've ssh'd into the VE - but instead it remains inside the current process. I've checked stty settings and they appear equivalent in both the VE and host. Have I missed enabling something which is mentioned in the documentation or is this a known issue? I'm using 2.6.20-ovz008-openvz1 (built from source) following instructions for how to build when using Ubuntu as the host OS. Any pointers to how to resolve this would be appreciated. Thanks, Tim. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] 2.6.22/2.6.18 security fixes
The fix for this issue was included into 2.6.18 kernels .spec file (to release the fix faster). Now we pushed that to git, too, it is available. 2.6.24 kernel (not yet released) was just synced to latest 2.6.24.2 update, which covers the security issue as well. 2.6.20 and 2.6.22 are frozen, means they are obsoleted and unmaintained. Regards, Kir. Josip Rodin wrote: Hi, It would be useful if the linux-2.6.22-openvz tree included the security fixes added in the later versions of the 2.6.22 kernel. Notably: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=af395d8632d0524be27d8774a1607e68bdb4dd7f http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff;h=53d06121542c36ec0f0e5504c8358a768e25cb9a Does the 'frozen' tag preclude including these things? The 2.6.22 kernel is still described as maintained on the main web site, so it would make sense to add those fixes. At the same time, the linux-2.6.18-openvz tree is missing the fs/splice.c fix for get_iovec_page_array(), WRT the latest local root exploit. There is no upstream git reference for that, because stable/linux-2.6.18.y.git appears to be long abandoned, so here's the patch: --- linux-2.6.18/fs/splice.c~ 2008-02-12 00:34:49.0 +0100 +++ linux-2.6.18/fs/splice.c2008-02-12 00:34:49.0 +0100 @@ -1122,6 +1122,11 @@ size_t len; int i; + if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) { + error = -EFAULT; + break; + } + /* * Get user address base and length for this iovec. */ @@ -1141,6 +1146,11 @@ if (unlikely(!base)) break; + if (!access_ok(VERIFY_READ, base, len)) { + error = -EFAULT; + break; + } + /* * Get this base offset and number of pages, then map * in the user pages. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] OpenVZ oops in shrink_dcache_for_umount
Please file a bug to http://bugzilla.openvz.org/ Frederik Himpe wrote: I am using Debian GNU/Linux Lenny with kernel 2.6.18-8.1.14.el5.028stab045.1 (x86_64). The VEs are on an XFS file system. When stopping a VE with vzctl stop, the kernel oopsed in shrink_dcache_for_umount and the box completely hung with this backtrace. http://artipc10.vub.ac.be/files/openvz-oops.jpeg Is this is a known problem? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] New kernel release?
Rus Foster wrote: HI I know there is a bug report open for the new kernel release for the vmsplice exploit but wondered if there was a date as it apparently should already of been released but nothing yet 2.6.9 kernel is not vulnerable. For 2.6.18 kernels, see last messages on the announce@ list: http://openvz.org/pipermail/announce/2008-February/thread.html 2.6.20 and 2.6.22 kernels are not maintained anymore, we recommend you to switch to rhel5-2.6.18 (for production environments) or maybe to 2.6.24 (for bleeding edge). 2.6.24 git tree is now synced with latest 2.6.24.2 which contains the needed fix. Regards, Kir. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] /dev/mem: Permission denied
I have debugged this case a bit and found out that (1) The /dev/mem: Permission denied message comes from /usr/sbin/laptop-detect script which is being executed a few times during packages installation. Well, in fact the message comes from dmidecode which laptop-detect calls... Anyway, laptop-detect decides that we are not on a laptop (which is correct for a container I think) and exits with the code of 1 (correct in non-laptop case). So it's all fine, except for the scary error message which you should ignore (and please do NOT give a container an access to /dev/mem -- BAD BAD idea). If you want the message to disappear, do this (as root): rm /usr/sbin/laptop-detect ln -s /bin/false /usr/sbin/laptop-detect That way laptop-detect is linked to false and will always exit with 1 (meaning we are not on a laptop). (2) The warning: /usr/lib/X11/fonts/misc does not exist or is not a directory message comes from xfonts-base post-installation script (/var/lib/dpkg/info/xfonts-base.postinst) which (aside from tons of other things) calls these two scripts: update-fonts-dir --x11r7-layout misc;update-fonts-alias misc Each script tries to check if a directory named /usr/lib/X11/fonts/misc -- it does not, and it prints a warning. I am not sure why there is no /usr/lib/X11/fonts/misc directory but xfonts-base assumes it's here -- for that, you'd better ask Debian people. I have also tried to find which packages create the above directory (or have files in it) and found out nobody's using it. Instead, a number of packages put some files to /usr/share/fonts/X11/misc. Executive summary: 1. /dev/mem can and should be ignored. 2. warning about directory is not an OpenVZ issue. Hope that helps. Kir. Dean Gostisa wrote: Hi, I have problem, i have created openvz Gentoo Server, and create Debian VM on it, but when installing some packages like this i get: apt-get --reinstall install xfonts-base Reading package lists... Done Building dependency tree... Done 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded. Need to get 0B/6131kB of archives. After unpacking 0B of additional disk space will be used. Do you want to continue [Y/n]? y (Reading database ... 20054 files and directories currently installed.) Preparing to replace xfonts-base 1:1.0.0-4 (using .../xfonts-base_1%3a1.0.0-4_all.deb) ... /dev/mem: Permission denied Unpacking replacement xfonts-base ... /dev/mem: Permission denied warning: /usr/lib/X11/fonts/misc does not exist or is not a directory warning: /usr/lib/X11/fonts/misc does not exist or is not a directory Setting up xfonts-base (1.0.0-4) ... /dev/mem: Permission denied warning: /usr/lib/X11/fonts/misc does not exist or is not a directory warning: /usr/lib/X11/fonts/misc does not exist or is not a directory Do you have any idea why? Thank you for your help, Dean -- Everybody have fun!!! ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] usage of swap on host server
Markus Hardiyanto wrote: does openvz can use the swap partition on the host server for the VE inside it? because i have 2GB RAM and 2GB swap on the host server, then setup 2 VE with 1GB guaranteed RAM and 1.5GB burstable RAM for each VE. it seems that if the 2 VE burst the RAM usage more than 2GB in total, the host didn't use its swap partition to accommodate the burst need as I check the swap partition is always show 0 is it true that i can't use the host swap as RAM for VE? in other word 2GB RAM + 2GB swap != 4GB memory can be allocated for VEs? Host system swap is definitely used then needed. PS in OpenVZ we do not understand terms such as burstable RAM. Where have you got it from? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: AW: [Users] problems with vzctl init logging patch
This looks good. Can you (1) make it optional, i.e. retain the old behavior by default and provide a way to turn init logging on (command-line switch, or VE config parameter) (2) make init-logger so it would not depend on perl being available inside the container; i guess it can be rewritten in shell as /bin/sh should be there (3) add the comment to init-logger saying that this file was copied from the host system to this container and so any changes made to it inside a container will be lost during the next container start (4) document it all (5) add init-logger to the vzctl.spec file Dietmar Maurer wrote: Ok, exec solves the problem. Attached is the new patch. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: AW: AW: [Users] problems with vzctl init logging patch
Dietmar Maurer wrote: This looks good. Can you (1) make it optional, i.e. retain the old behavior by default and provide a way to turn init logging on (command-line switch, or VE config parameter) Ok (2) make init-logger so it would not depend on perl being available inside the container; i guess it can be rewritten in shell as /bin/sh should be there Will try. But cant we depend on perl? Perl should be available on most platforms. I can even add a test if perl is available, and do not start the logger if there is no perl? Adding a check makes sense. But first -- why do you need perl at all? Is there something that can't be done in shell? (3) add the comment to init-logger saying that this file was copied from the host system to this container and so any changes made to it inside a container will be lost during the next container start (4) document it all (5) add init-logger to the vzctl.spec file Ok, will send a new patch when ready. - Dietmar ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Mainstream progress?
Pavel, Please correct/enlarge me if there's anything missing/incorrect. Carl-Daniel Hailfinger wrote: Hi, the ongoing merge of OpenVZ-based lightweight virtualization into mainline Linux seems to be progressing nicely and I have a few questions about it: - How usable will net namespaces be in 2.6.25? I'm especially interested in assigning a real hardware ethernet device to a VE. I guess some network namespace stuff is NOT completed in upcoming 2.6.25 (a lot of stuff done, but not finished) For 2.6.26, it will be more-or-less working, with just a few exceptions such as conntracks and IPv6 -- maybe. - Will there be an OpenVZ patch or against 2.6.25? As of now we do not plan to have one. Porting to each mainstream version is too much work to do -- instead we concentrate on (1) merging stuff to mainstream (2) supporting our stable kernels (3) stabilizing 2.6.24 (for now) - Do you expect net namespace/virtualization work to be completely merged in 2.6.26? As said before, we guess that network namespaces will be more or less useable in 2.6.26. - Which OpenVZ features will not make it to mainline in the 2.6.26 timeframe? A lot. Network namespaces is just one piece of a pie. To paint in big strokes: resource management and live migration are still on our todo list. Resource management: some stuff is in -mm kernel, need to add much more. Will work on that after finishing with net namespaces. Live migration: this is much more far perspective, we haven't even started to discuss that seriously on containers@ list. Some of the questions above probably can't be answered without guessing, but a good guess is better than no information and I'd appreciate any status update newer than the OpenVZ blog entry from 2008-01-26. Thanks, Carl-Daniel ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: vzquota 3.0.12
Do you have CONFIG_VZ_QUOTA enabled in kernel .config? Do you have vzquota kernel module loaded? I guess the problem is in that. PS please do not use personal developers' emails -- we have users@ mailing list for such inquiries. See http://wiki.openvz.org/Mailing_lists for more info Zhaohui Wang wrote: Hi Kir and Alexandr, I am a student at GMU and doing a project need to use openvz. I found that vzquota seems not functioning well on x64 platform. Now it is 3.0.11. But I checked git tree at openvz.org and found that 3.0.12 is there. Can you tell me how to checkout this new version so that I may have a try? BTW,the error showing on my system while creating a ve is: # vzctl create 3 --ostemplate ubuntu-7.10-amd64-minimal Creating VE private area (ubuntu-7.10-amd64-minimal) vzquota : (error) Quota getstat syscall for id 3: Inappropriate ioctl for device vzquota init failed [3] vzquota : (error) Can't open quota file for id 3, maybe you need to reinitialize quota: No such file or directory vzquota : (error) Quota getstat syscall for id 3: Inappropriate ioctl for device vzquota init failed [3] vzquota on failed [61] vzquota : (error) Can't open quota file for id 3, maybe you need to reinitialize quota: No such file or directory vzquota off failed [11] vzquota : (error) Can't open quota file for id 3, maybe you need to reinitialize quota: No such file or directory vzquota setlimit failed [11] Performing postcreate actions VE private area was created # vzctl start 3 Starting VE ... Initializing quota ... vzquota : (error) Quota getstat syscall for id 3: Inappropriate ioctl for device vzquota init failed [3] It’s a x86_64 system,while fc8 is the host.The kernel is compiled by myself .I checked /var/vzquota and nothing is there. It seems that it can not create it by ioctl?? Any hints or suggestions would be greatly appreciated, Thank you. Best Regards Zhaohui Wang ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: OpenVZ template confusion
Sean Whitney wrote: I don't. When I use vzctl create VEID and it untar's the template file, it is changing the UID/GID of the home directories in the tar file from the original UID/GID, to the UID/GID that the same individuals have on the HN. If I peek inside the template file my UID is 1001. On the HN my uid is 501. When I create the VE, my UID inside the VE is now 501, screwing up all kinds of permissions. Can you check your tarball is correct? Maybe you have to use --numeric-owner option to tar when packing it. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Skipping quota at start and doing it later?
Gregor Mosheh wrote: Matt Ayres wrote: VZFASTBOOT is the option. /etc/vz/vz.conf is the main Virtuozzo config, not a VPS/Container config file Ah; my mistake. I misread you and the script. This sets a flag that this VPS needs to be restarted normally later on in the script. The normal restart will cause the quota to be fully checked. I assure you this is the option you want enabled. Hm, I'll take your word for it, though it doesn't sound right. I don't want them to be restarted with a full quota recalculation - I don't want quota recalculation at all. These fellas have 250 GB quotas and are using most of it, so the recalculation takes 60+ minutes per VPS. I guess that if you can live w/o disk quotas you can disable this entirely and forget about the problem you have. Option to set is DISK_QUOTA=no (in /etc/vz/vz.conf) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: [Announce] New kernel release: rhel5 2.6.18-53.1.19.el5 028stab053.14
Dmitry V. Levin wrote: On Mon, May 26, 2008 at 04:50:04PM +0400, Kir Kolyshkin wrote: OpenVZ project has released an updated RHEL5 based kernel. Read below for more information. Everybody who is using this kernel branch is advised to upgrade. Is there any progress with non-rhel5 linux-2.6.18-openvz kernel? We will do a release next week. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Set kernel name (uname) for VE
See /proc/sys/kernel/virt_osrelease -- there you can see/set kernel version as visible from inside containers. MailingListe wrote: Hello is it possible to set the kernel name a VE get for the uname call? There seams to be a bug in the oracle installer with long kernel names and we try to test if this is still the case for our oracle 11g client setup dying with segmentation fault inside the VE Link to (possible) Oracle Bug : http://kevinclosson.wordpress.com/2007/04/18/dont-install-oracle-on-linux-servers-with-long-kernel-names/ Thanks Andreas ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: AW: [Users] Kernel panic with latest 2.6.24 from git
Dietmar Maurer wrote: Dietmar Maurer wrote: Hi all, Just compiled latest 2.6.24 from git. I consistently get a kernel Panic when i stop a CT (ipv6 related) - someone else observing that? We do. Fill a bug in bugzilla, we'll look whether this is already fixed. I just update to latest git (commit da8a02e8fc4f14f976d38c844b6e5d98badea9eb), and it works again. But, please, provide some more details on the problem, rather than I see some crashes in ipv6 code. Well, just tell me how i extract that kernel log from the console (no digicam here, and log is too long for the screen, so ist only partially displayed - and no entries in syslog)? See http://wiki.openvz.org/Remote_console_setup -- maybe you can arrange serial link or netconsole. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] memory leak in 2.6.18 ovz kernels
First, I hope you know the difference between memory shortage and memory used for buffer/cache. In short: Linux tries to use all unused memory for cache -- and if more memory is needed cache is shrunk. This behavior is sometimes a source of confusion for some Linux users. Second, can you give us more details regarding Athlon died after exhausting memory? If it was an oops -- we need its text. Third, are you using x86_64 kernel? What is your exact kernel version? Cliff Wells wrote: Hi, I've been running 2.6.18 releases on two servers and both of them have suffered a slow but steady memory leak. The first server is a dual Athlon MP with 3GB of RAM, the second a quad Opteron 275 with 8GB of RAM. I first noticed the issue on the Opteron a few days ago when I realized it was using 7.6GB of RAM and had started using swap (it's only got about 2GB allocated to VE's). Today the Athlon died after exhausting memory. Both had been up for around 70 days. When investigating the situation on the Opteron, I stopped all the VE's but no memory was reclaimed. Nothing in top showed any significant memory consumption. I wasn't able to investigate on the Athlon system as it was in an unusable state. My immediate solution was to upgrade the Opteron system to 2.6.24 and boot the Athlon system into a stock kernel (I'm not currently using OpenVZ on it). Anyway, my concern is that I've seen no mention of similar issues from anyone else (and in fact, until the Athlon server failed today, I was inclined to believe it was a configuration issue on the Opteron), so I have a fear that if there is a leak, it might still exist in newer kernels. I'm going to babysit these machines to see if the problem reappears, but has anyone else noticed similar patterns of memory consumption and is there anything I can do to track this down? Regards, Cliff ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Problem with new os template (pld)
I can't really help with --ipadd failure since it's *your* script (pld-add_ip.sh) which should perform it. Try to debug it. As for the container entering problem, see http://wiki.openvz.org/Container_enter_failed. Check that those device files exist and correct. Check that you can enter other (non-PLD) containers fine. Łukasz Chrustek wrote: Hello, I am trying to make os template for polish linux distribution (www.pld-linux.org). Here it is: http://www.chrustek.net/pld-ac-image.tar.gz Here is the /etc/vz/dists/pld-ac.conf: ADD_IP=pld-add_ip.sh (http://www.chrustek.net/pld-add_ip.sh) DEL_IP=pld-del_ip.sh (http://www.chrustek.net/pld-del_ip.sh) SET_HOSTNAME=pld-set_hostname.sh (http://www.chrustek.net/pld-set_hostname.sh) SET_DNS=set_dns.sh SET_USERPASS=set_userpass.sh SET_UGID_QUOTA=set_ugid_quota.sh POST_CREATE=postcreate.sh First three files I have changed. I started playing around with openvz 4 days ago, so this changes may not be accurate (and they seem to be so, because vzctl set 111 --ipadd 192.168.1.40 dosn't work). 111.conf looks like this: ONBOOT=no KMEMSIZE=11055923:11377049 LOCKEDPAGES=256:256 PRIVVMPAGES=65536:69632 SHMPAGES=21504:21504 NUMPROC=240:240 PHYSPAGES=0:2147483647 VMGUARPAGES=33792:2147483647 OOMGUARPAGES=26112:2147483647 NUMTCPSOCK=360:360 NUMFLOCK=188:206 NUMPTY=16:16 NUMSIGINFO=256:256 TCPSNDBUF=1720320:2703360 TCPRCVBUF=1720320:2703360 OTHERSOCKBUF=1126080:2097152 DGRAMRCVBUF=262144:262144 NUMOTHERSOCK=360:360 DCACHESIZE=3409920:3624960 NUMFILE=9312:9312 AVNUMPROC=180:180 NUMIPTENT=128:128 DISKSPACE=1048576:1153024 DISKINODES=20:22 QUOTATIME=0 CPUUNITS=1000 VE_ROOT=/vz/root/$VEID VE_PRIVATE=/vz/private/$VEID OSTEMPLATE=pld-ac-i686-image ORIGIN_SAMPLE=vps.basic IP_ADDRESS=192.168.1.40 The system seems to work well (I can do vzctl exec 111 ps a x and others commands), but I have two problems: 1. I can't assign ip address to it: vzctl set 111 --ipadd 192.168.1.40 doesn't show any errors. vzlist shows this ip address, but: [EMAIL PROTECTED] /vz/private/111]# vzctl exec 111 ip a l 1: lo: LOOPBACK mtu 16436 qdisc noop link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: venet0: BROADCAST,POINTOPOINT,NOARP mtu 1500 qdisc noop link/void 3: sit0: NOARP mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 2. I can't enter into the VE: vzctl enter 111 [hangs here... nothing happen] end of strace of this command looks like this: open(/etc/passwd, O_RDONLY|0x8 /* O_??? */) = 12 fcntl64(12, F_GETFD)= 0x1 (flags FD_CLOEXEC) fstat64(12, {st_mode=S_IFREG|0644, st_size=856, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe2000 read(12, root:x:0:0:root:/root:/bin/zsh\nb..., 4096) = 856 close(12) = 0 munmap(0xb7fe2000, 4096)= 0 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl64(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path=/var/run/nscd/socket}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl64(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path=/var/run/nscd/socket}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 open(/etc/group, O_RDONLY|0x8 /* O_??? */) = 12 fstat64(12, {st_mode=S_IFREG|0644, st_size=608, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fe2000 read(12, root::0:root\nbin::1:root,bin,dae..., 4096) = 608 close(12) = 0 munmap(0xb7fe2000, 4096)= 0 rt_sigaction(SIGCHLD, {0x8049c70, [], SA_RESTORER|SA_NOCLDSTOP, 0xb7ea34d8}, NULL, 8) = 0 rt_sigaction(SIGPIPE, {SIG_IGN}, NULL, 8) = 0 rt_sigaction(SIGWINCH, {0x8049c7f, [], SA_RESTORER, 0xb7ea34d8}, NULL, 8) = 0 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7e77708) = 8946 close(3)= 0 close(7)= 0 close(9)= 0 close(10) = 0 read(8, Can You try to use template which I made and say what is wrong ? In return I can make (try to make) three templates for pld-ac, pld-th, pld-ti. I need right now some indications, clues to solve this problems. Kernel: uname -a Linux pld-machine 2.6.24vs #3 SMP Sat Jun 28 21:11:20 UTC 2008 i686 Intel(R)_Xeon(R)[EMAIL PROTECTED] PLD Linux mounts: cat /proc/mounts /dev/root / ext3 rw,data=ordered 0 0 /proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 usbfs /proc/bus/usb usbfs rw 0 0 /dev/sda1 /boot ext3 rw,user_xattr,acl,data=ordered 0 0 /dev/sda3 /obrazy ext3 rw,data=ordered 0 0 /dev/sda5 /obrazy2 ext3 rw,data=ordered 0 0 /dev/sda6 /vservers ext3 rw,data=ordered 0 0 /dev/sda7 /vz ext3 rw,data=ordered 0 0 none /dev/pts devpts rw 0 0 /vz/private/111
Re: AW: [Users] Multiple bridge support
Dietmar, I have committed both the patch and the script to git, see [1] and [2]. I have modified the script a bit, hope I haven't break anything. It would be just great if you can provide a patch to vzctl man page describing the new parameter, and the according wiki modifications/additions. [1] http://git.openvz.org/?p=vzctl;a=commit;h=a16e0ecf72d4f2c7bd08aadbaa8272cbdc9e25a5 [2] http://git.openvz.org/?p=vzctl;a=commit;h=41fb6973bc205c00e25ba73431110ac8e821d6c9 Dietmar Maurer wrote: And here is the vznetaddbr we use (attached). I wonder if we can include that into the vzctl release - I will post the patch if soembody is interested. Dietmar, it will be useful indeed, please, provide patch to devel@ mailing list. Please do so. I've written my own solution for this, but yours looks much better. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: AW: AW: [Users] Multiple bridge support
I don't quite get it. Is it supposed to be a replacement for vznetaddbr, an addition to it, or is it orthogonal to it? Who and when calls vznetaddbr? Dietmar Maurer wrote: Hi Kir, Von: Kir Kolyshkin [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 03. Juli 2008 13:35 An: users@openvz.org; Dietmar Maurer Betreff: Re: AW: [Users] Multiple bridge support How do you invoke it? Using EXTERNAL_SCRIPT? Would be good to have a patch adding (conditional?) invocation of vznetaddbr to vznetcfg. One idea was to add a new global option in vz.conf: DEF_BRIDGE= If set, we automatically setup the bridge (we need to pass an additional parameter to vznetcfg, but i guess thats no problem at all). That also avoid a hardcoded default bridge name (vmbr0). Here is the totally untested code. If you like the idea I will test it ;-) --- #!/bin/sh CONFIGFILE='@PKGCONFDIR@/vz.conf' [ -f $CONFIGFILE ] . $CONFIGFILE VZNETCFG='@PKGCONFDIR@/vznet.conf' [ -f $VZNETCFG ] . $VZNETCFG usage() { echo 2 vznetcfg init veth dev [bridge] } init_veth() { local dev=$1 local bridge=$2 if [ -n $DEV_BRIDGE ]; then if [ ! -n $bridge ]; then bridge=$DEV_BRIDGE fi echo Adding interface $dev to bridge $bridge on CT0 for CT$VEID /sbin/ifconfig $dev 0 echo 1 /proc/sys/net/ipv4/conf/$dev/proxy_arp echo 1 /proc/sys/net/ipv4/conf/$dev/forwarding /usr/sbin/brctl addif $bridge $dev else ip link set $dev up fi } # Call the external script if defined if [ -n $EXTERNAL_SCRIPT -a -x $EXTERNAL_SCRIPT ]; then export VEID exec $EXTERNAL_SCRIPT $@ fi if test $# -le 2; then usage exit 0 fi CMD=$1 case $CMD$2 in initveth) if test $# -le 3; then usage exit 1 fi init_veth $3 $4 ;; *) echo invalid action exit 1 ;; esac exit 0 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Debian-style init scripts considered harmful?
Steve Wray wrote: Hi there, Debian uses start-stop-daemon in the init scripts to, for one thing, stop services. From the man page: Note: unless --pidfile is specified, start-stop-daemon behaves similar to killall(1). start-stop-daemon will scan the process table looking for any processes which match the process name, uid, and/or gid (if specified). Any matching process will prevent --start from starting the daemon. All matching processes will be sent the KILL signal if --stop is specified. For daemons which have long-lived children which need to live through a --stop you must specify a pidfile. For example, nfs-kernel-server does not use --pidfile. It looks for nfsd processes to kill. Suppose that the Openvz host and one of its guests were running NFS and, on the host, one were to run /etc/init.d/nfs-kernel-server stop As I understand it this would have the side-effect of killing off the nfsd processes on the guest. That is right, and this is just one of the reasons why we don't recommend to run anything (but the needed bare minimum like sshd) on the host system. There is a solution and a workaround for the problem. The solution is, right, to fix bad initscripts. I mean, it's not OpenVZ-specific -- relying on process names is wrong, any user can run a process named nfsd and it should not be killed. The workaround is to introduce a feature to hide guests' processes from the host system. This is implemented in OpenVZ kernels = 2.6.24 as per bug #511 (http://bugzilla.openvz.org/511). ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Another 2.6.24 problem
Dietmar, The best course of action in such cases is to file bugs directly into bugzilla.openvz.org. Dietmar Maurer wrote: Hi all, With latest 2.6.24 from git we get errors inside 'futex_wake' Not always in same program. It only happens from time to time. Any idea what can cause that? v2.6.24-ovz004 works without problems. - Dietmar Unable to handle kernel paging request at 8fcc289b RIP: [8025cbf2] futex_wake+0x58/0xd4 PGD 203067 PUD 207063 PMD 0 Oops: [1] PREEMPT SMP CPU: 2 Modules linked in: e1000 thermal e1000e button processor evdev floppy sg pcspkr sermouse psmouse dm_mod usbhid hid usb_storage sd_mod sr_mod ide_disk ide_generic ide_cd cdrom ide_core shpchp pci_hotplug uhci_hcd ehci_hcd iTCO_wdt ahci libata scsi_mod i2c_i801 i2c_core isofs zlib_inflate msdos fat Pid: 4927, comm: pycentral Not tainted 2.6.24 #1 ovz005 RIP: 0010:[8025cbf2] [8025cbf2] futex_wake+0x58/0xd4 RSP: 0018:810205287dd8 EFLAGS: 00010282 RAX: 0001fec2 RBX: 2ad4fac5d0e4 RCX: a1dc RDX: a3a5f0f6 RSI: 97c3d800 RDI: 8fcc2883 RBP: R08: 2ad4fab5a2b4 R09: R10: 2ad4fac5d0e0 R11: 0202 R12: 80637f80 R13: 81011451c520 R14: 80637f88 R15: 7fff FS: 2ad4fb121f60() GS:810215d19b40() knlGS: CS: 0010 DS: ES: CR0: 8005003b CR2: 8fcc289b CR3: 000175d6e000 CR4: 06e0 DR0: DR1: DR2: DR3: DR6: 0ff0 DR7: 0400 Process pycentral (pid: 4927, veid=0, threadinfo 810205286000, task 810215f6e120) Stack: 2ad4fac5d000 81011451c4c0 00e6 802b0e9a 810205287ea8 2ad4fab5a2b4 2ad4fac5d0e0 2ad4fab5c000 0001 fab5c320 7fff 8025d8c4 Call Trace: [802b0e9a] may_open+0xc2/0x21f [8025d8c4] do_futex+0x84/0xa66 [8025e3a0] sys_futex+0xfa/0x118 [8020c03e] system_call+0x7e/0x83 Code: 48 8b 5f 18 eb 43 48 8b 14 24 48 39 57 48 48 8d 47 48 75 2e RIP [8025cbf2] futex_wake+0x58/0xd4 RSP 810205287dd8 CR2: 8fcc289b ---[ end trace 542031ea75a6aeb3 ]--- note: pycentral[4927] exited with preempt_count 1 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] figuring out why openvz kills processes
Geoffrey D. Bennett wrote: Hi there, I'm having an issue with a process dying (being killed by OpenVZ limits, presumably), and I can't figure out exactly why it's getting killed. Background info: - kernel 2.6.18-53.1.19.el5.028stab053.14 - CentOS5 host, 2 CentOS5 guests - The host has 2GB memory, 0.5GB swap - One guest is only running BIND (plus the usual, sshd, syslogd, sendmail, crond services). Am having no issues with this guest. privvmpages is set to provide it up to 256MB memory, and it's using about half that. - The other guest is running postgresql, java, apache, and freeradius. The problem is that freeradius keeps dying. Whenever it dies, failcnt on privvmpages goes up and indeed the maxheld privvmpages value is above the limit value, so I guess the issue is that OpenVZ thinks that something is taking too much memory and is killing radiusd (no other failcnt numbers go up -- only privvmpages). There doesn't appear to be anything logged in the dmesg output on the host or the guest to indicate that anything was killed due to a limit being exceeded (should there be?). A few strange things: - Although the maxheld privvmpages value is above the limit, I've never seen the held privvmpages value get anywhere near the limit, even checking the value only seconds before radiusd gets killed, the held privvmpages value is under half the limit, eg. just before radiusd is killed: 2008-07-11 06:39:24: uid resource heldmaxheldbarrier limit failcnt privvmpages 224497 581366 506368 557056 486 Then 10 seconds later (radiusd was killed and possibly restarted sometime in this interval): 2008-07-11 06:39:34: uid resource heldmaxheldbarrier limit failcnt privvmpages 182445 581366 506368 557056 487 (is there any way to reset the maxheld values without restarting the guest?) - Similarly, the output of free doesn't indicate anything wrong: 2008-07-11 06:39:24: total used free sharedbuffers cached Mem: 2071924 8980921173832 0 0 0 -/+ buffers/cache: 8980921173832 2008-07-11 06:39:34: total used free sharedbuffers cached Mem: 2071924 7298841342040 0 0 0 -/+ buffers/cache: 7298841342040 - I've found that I can reproduce the issue on demand by sending many RADIUS requests to radiusd at once, but watching what radiusd does with ltrace -f doesn't show anything out of the ordinary. I summed up all the malloc() requests and saw only 22MB requested. - Finally, using strace -f to see what radiusd was doing -- there were only about 22MB worth of calls to brk() (matching malloc(), as you'd expect). And summing the mmap() length parameters (not counting munmap() calls) I only came up with 300MB, well within the free memory. Any ideas on debugging this? OpenVZ doesn't kill anything in this case. It employs killing processes only if there is no any other way to enforce the UBC limits, and there are other ways in this case -- just return ENOMEM from malloc/setbrk. I guess most probably it's just radiusd calls malloc() which fails (because of privvmpages shortage) and then either radiusd dies explicitly, or it fails to check the error code from malloc and uses the pointer returned by malloc (NULL) and dies with segfault. free in either VE or on the host system will not help you ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] sysctl to hide VE processes from HN ps?
Gregor Mosheh wrote: I was glad to hear about bug 511. I am running 2.6.24-ovz005 and was surprised to see that I had this great new feature. But it doesn't seem to be working. Maybe I'm doing it wrong? # sysctl kernel.pid_ns_hide_child=1 A 'ps ax' or 'ls /proc' shows the same thing regardless of this setting: VPSs' PostgreSQL and httpd and so on. Processes are hidden for all containers started _after_ you have changed the setting. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Netatalk in kernel?
Paul wrote: Who would I ask about getting the AppleTalk module built in the normal openvz kernel? I know I can build a whole new kernel but it would be great to just be able to update with normal openvz community kernel. Does anyone know how I can just build that module for the current one? I have everything needed but get an error when I load it about an unknown swmbol. You can recompile the kernel using these instructions: http://wiki.openvz.org/Kernel_build#Rebuilding_kernel_from_SRPM ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] No source code in download.openvz.org/debian/
Ola, Can you please help Aleksandr? Aleksandr Levchuk wrote: Dear download.openvz.org Maintainer, For this Debain package http://download.openvz.org/debian/dists/etch/main/binary-amd 64/base/linux-image-2.6.24-openvz-24-004.1d1-amd64_004.1d1_a md64.deb would it be possible to publish the source? Only Kernel of 2.6.18 and higher support the 34 Infiniband cards (mlx4_core) that I have and I need it to compile a module that is not included in the above DEB package (igb2xxx). The expected location to find the sources is http://download.openvz.org/debian/dists/etch/main/source/, but there is nothing there. Alex ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: SOLVED: Re: [Users] How to kill dead container (init is dead)
Pongracz Istvan wrote: Hi, Andrey helped me a lot about this issue and it seems, it was a human error: I cancelled a backup process and this container left in suspended state. I used the vzdump script to make backups and I cancelled it while it started to create an rsync. I think that vzdump can be guarded with traps to restore container state in case backup is interrupted. In bash there's a 'trap' command which should help. So, be careful :) Cheers, IStván 2008. 07. 30, szerda keltezéssel 22.16-kor Pongracz Istvan ezt írta: Hi, I use openvz kernel 2.6.18-028stab051 for long months on my gentoo system. The uptime now is 105 days. It seems, one of my containers completely dead: all processes are dead, including the init process. I tried to kill them by issuing kill -9, but it is not working. vzctl also cannot stop the container. I tried to send other signal to these processes and the cron started. The only process, which is run, but not really useful: it is eating cpu. The last message to the system log happened before the daily vzdump started. Since then, there is nothing in the syslog of the container. So, my 1st priority question, is there any other trick to restart a container or I have to reboot? Cheers, István ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] resource limits don't apply immediately on 2.6.24
Jan Kokoska wrote: Hi, I'm used to having resource limits apply immediately on 2.6.18 kernel releases of OpenVZ. I run vzctl set VEID --privvmpages soft:hard --save and free in the virtual machine reports the new figure right away. This is not the case on 2.6.24-19-openvz Ubuntu kernel, where user_beancounters report the newer figure and the virtual machine would report the newer figure if I restarted it, however the change doesn't apply online. Is this a feature or a bug? First, the thing you need to check is not what free shows -- look at the appropriate line in /proc/user_beancounters. What free shows is some kind of approximation, and if it doesn't work right away first check that vzctl version you use in both cases is the same. Then check for 'meminfo' setting in VE config. Then report a bug to bugzilla.openvz.org ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] ovzkernel-xen for rhel5?
Aleksandar Ivanisevic wrote: Hi, Whats the status of ovzkernel-xen for rhel5? I see in the repo that it was last built for 028stab053.10 which was in April. Are there any issues with it or is it just that noone is recompiling regularly? Xen compilation was broken in the last kernel, so it went out without -xen-. It is now fixed and xen kernels will be available with the next kernel release. If you want it earlier (for whatever reason), we can provide an unofficial build. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: ovzkernel-xen for rhel5?
Aleksandar Ivanisevic wrote: Kir Kolyshkin [EMAIL PROTECTED] writes: Xen compilation was broken in the last kernel, so it went out without -xen-. It is now fixed and xen kernels will be available with the next kernel release. If you want it earlier (for whatever reason), we can provide an unofficial build. No worries, I can build it myself if I decide I want it, just wanted to know if this is a SNAFU or not ;) We will be maintaining it for a while, it's just we didn't want to delay a kernel release only because of Xen. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] ovzkernel-xen for rhel5?
Henrik Holmboe wrote: Kir Kolyshkin [EMAIL PROTECTED] writes: Xen compilation was broken in the last kernel, so it went out without -xen-. It is now fixed and xen kernels will be available with the next kernel release. If you want it earlier (for whatever reason), we can provide an unofficial build. Maybe I understand you wrong, but if the problem is fixed (with specifically 2.6.18-92.1.1.EL5 + OpenVZ) The kernel which is shipped as 028stab057.2 can not be compiled with Xen. There is a patch fixing the issue, but adding the patch would mean yet another different kernel (say 028stab057.3) which should go through full release cycle (see below). Neither we can release a just xen kernel, because our releasing machinery and infrastructure is just not suitable for that sort of things. then couldn't this be made an offical build? We are already working on releasing a newer version, with lots of updates from RHEL plus some from us. Please understand that a new kernel release is much more than just compile/upload/announce. Our kernels are going through an extensive internal QA before the release, and as always QA resources are limited so we can not afford two kernels in a queue. I was just about to install a Xen enabled kernel on a recently installed machine and it would be nice to have the most kernel based on the most recent RHEL kernel. Otherwise, for me it would mean installing an old one or waiting for the next one. I am really sorry, but it looks like this is what you have to do for a moment. Our new kernel is in QA and hopefully will be released next week. As I said before, we could provide an unofficial build for those users suffering from the old kernel bugs. Having said that, it's still some work to do so requests for such a kernel needs to be justified. I mean, saying my kernel is old and I want a new shiny one doesn't count. Compiling my own is not an option for now. Thanks for your time! Henrik ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] What vzctl --features nfs:on ... do?
Alexander Piavka wrote: Hi, I'd like to know exactly what does the vzctl --features nfs:on ... do? When i should be using it? If i have a VE with nfs client, while HN does not have any nfs client/server, is this nfs:on feature useful for me? http://wiki.openvz.org/NFS ps. does VE has nfs4 client support? Currently no. Maybe one day... ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] 2.6.26 kernel broken?
Zhaohui Wang wrote: Hi I pull out the kernel source from git tree at openvz.org,even not compile... CC kernel/sched.o kernel/sched.c: In function âtg_has_rt_tasksâ: kernel/sched.c:8807: error: implicit declaration of function âdo_each_threadâ kernel/sched.c:8807: error: expected â;â before â{â token kernel/sched.c: In function âtg_set_bandwidthâ: kernel/sched.c:8825: error: implicit declaration of function â__rt_schedulableâ make[1]: *** [kernel/sched.o] Error 1 make: *** [kernel] Error 2 Please file a bug to http://bugzilla.openvz.org/. Do not forget to attach your .config. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Sharing Unix Domain Sockets between VEs in devel version
Stefan, I suggest you file a bug to http://bugzilla.openvz.org/ Stefan Siegel wrote: Hello, Currently I have a Linux-VServer setup using the official Debian Etch binaries with MySQL socket sharing similar to what is described in the Shared webhosting article in the OpenVZ Wiki (it works the same with Linux-VServer). Now that there probably will be official Debian Lenny kernel images patched with OpenVZ support, I consider switching to OpenVZ. The 2.6.26 images currently in Sid are very promising. But there is a problem: When I try to setup socket sharing as described in http://wiki.openvz.org/Shared_webhosting#MySQL_socket_sharing (or just starting my Linux-VServer virtual machines in OpenVZ) I cannot connect to a socket listening in a different VE. Only when I connect from the same VE the connection succeeds. I tried: - hardlinking the socket - bind mounting the containing directory - directly connecting from/to VE0 I tried both MySQL and simply creating/connecting to the socket using Netcat (the OpenBSD version works with Unix Domain Sockets). Related strace output: [...] socket(PF_FILE, SOCK_STREAM, 0) = 3 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 connect(3, {sa_family=AF_FILE, path=testdir/testsocket...}, 20) = -1 ECONNREFUSED (Connection refused) close(3)= 0 [...] Using linux-image-2.6.24-openvz-24-004.1d1-686_004.1d1_i386.deb from download.openvz.org doesn't change anything, but when using the stable linux-image-2.6.18-openvz-18-53.5d1-k7_028.53.5d1_i386.deb, I can connect without problems. Am I missing something? Is the devel OpenVZ broken, or is it supposed to be a feature and the stable version behavior is deprecated? Is it configurable or is there a workaround? If the devel version's behavior is correct, then the Wiki article should probably be changed to mention that (and I would be forced to postpone my migration to OpenVZ). On the article's discussion page there is a user who also failed getting this to work. Greetings, Stefan Siegel ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: [Devel] vzpkg
Also see my comments below. Robert Nelson wrote: Is anyone actively working on vzpkg? I've been rewriting it to eliminate the dependence on yum and rpm, so that it also works for Debian and hopefully some day Gentoo. This also eliminates the requirement for vzyum, vzrpm, vzrpm43 and vzrpm44. vzpkgadd, vzpkgrm, vzpkgls and vzpkgcache would just do the right thing. This would also fix the incompatibilities between working with packages from the HN and from within the VE. That sounds interesting, do you have a git repo or something I can take a look at? So, how are you solving the problem of different RPMDB versions? You know, if you have used rpm-4.2 to create/manage an RPM database, the moment you use rpm-4.3 on it will become incompatible with rpm-4.2. The only way to fix that would be to use only specified RPM version. We can definitely use rpm from inside a VE only, but then another problem of duplicate downloads arises. Is this something that you would like to incorporate into the product? One of the things I noticed was that there was a lot of duplication in scripts and data files. This is because everything is stored in an OS/Version/Platform/Config directory, even though there may not be any difference between the corresponding files between platforms or even Versions. I have a change which is backwards-compatible which allows config directories anywhere in the template tree. Files lower in the tree override any specified higher in the tree. For example, instead of this directory structure: /vz/template centos 4 i386 config minimal.list yum.conf ... x86_64 config minimal.list yum.conf ... You would have: /vz/template centos config minimal.list 4 i386 config yum.conf ... This eliminates a lot of duplicate work and is less error prone. Will the minimal.conf in /vz/template/centos/5/i386/config/minimal.list be an addition to, or a replacement for /vz/template/centos/config/minimal.list? In case it's addition, say you have a package called httpd in /vz/template/centos/config/minimal.list. What if in CentOS 6 we don't want package with that name, but want something called httpd3 instead? I mean, we can definitely add more packages, but how can we remove packages? In case it's a replacement, I doubt that generic file will work -- every major version of a given distro have some changes in the minimal.list. I can provide a diff of this change against the current git if you are interested. If there is interest in any of this work please let me know the process for getting the changes reviewed and incorporated into the product. I put users@ to cc: in order to bring some more attention to the topic. I am definitely interested so let's discuss it further (for now my biggest concern is rpmdb compatibility problem described above). ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: [Devel] vzpkg
Robert Nelson wrote: Kir Kolyshkin wrote: Also see my comments below. Robert Nelson wrote: Is anyone actively working on vzpkg? I've been rewriting it to eliminate the dependence on yum and rpm, so that it also works for Debian and hopefully some day Gentoo. This also eliminates the requirement for vzyum, vzrpm, vzrpm43 and vzrpm44. vzpkgadd, vzpkgrm, vzpkgls and vzpkgcache would just do the right thing. This would also fix the incompatibilities between working with packages from the HN and from within the VE. That sounds interesting, do you have a git repo or something I can take a look at? I haven't got a repo set up but I could set one up pretty easily. So, how are you solving the problem of different RPMDB versions? You know, if you have used rpm-4.2 to create/manage an RPM database, the moment you use rpm-4.3 on it will become incompatible with rpm-4.2. The only way to fix that would be to use only specified RPM version. We can definitely use rpm from inside a VE only, but then another problem of duplicate downloads arises. This problem was pretty easy to solve once I figured out what was going on. I just remove the __db.* files before and after running commands in the HN then RPM automatically rebuilds them on the next command. Hmm... __db* files are just some temporary cache, removing those are safe (and is sometimes required) but it's not gonna help. Here's a simple test: 1. Create a container using some template cache which uses RPM of different version than one on your host system. For example, CentOS4 uses rpm-4.3, CentOS 5 -- rpm-4.4 2. Start a container: # vzctl start NNN 3. Check container's RPM is working fine (it should at this point): # vzctl exec NNN rpm -q rpm 4. Check if host RPM is working: # rpm --root /vz/root/NNN -q rpm 5. Check if container RPM is working: # vzctl exec NNN rpm -q rpm Sure you can insert removing of __db.* files in the appropriate places and see if it helps. For the yum-cache, I mount the /vz/template version of the cache into the VE. I do the same for the apt/archives on Debian. If you do it read-only, how do you handle the case yum/apt wants to write something to it? If you do it read-write, how can you make sure that an evil container root will not put some home-baked Trojaned packages into that area? Is this something that you would like to incorporate into the product? One of the things I noticed was that there was a lot of duplication in scripts and data files. This is because everything is stored in an OS/Version/Platform/Config directory, even though there may not be any difference between the corresponding files between platforms or even Versions. I have a change which is backwards-compatible which allows config directories anywhere in the template tree. Files lower in the tree override any specified higher in the tree. For example, instead of this directory structure: /vz/template centos 4 i386 config minimal.list yum.conf ... x86_64 config minimal.list yum.conf ... You would have: /vz/template centos config minimal.list 4 i386 config yum.conf ... This eliminates a lot of duplicate work and is less error prone. Will the minimal.conf in /vz/template/centos/5/i386/config/minimal.list be an addition to, or a replacement for /vz/template/centos/config/minimal.list? Currently it is a replacement, in all the templates I looked at the files were exactly the same. The *.list files just list the desired functionality which doesn't change, the big changes are the dependencies which are handled automatically. But they definitely don't differ between architectures for the same release. I handle things a little differently for Debian / Ubuntu since debootstrap files provide the initial set. Packages listed in the *.list file are added to a --include option to debootstrap, if they have a trailing - then they are added to --exclude. In case it's addition, say you have a package called httpd in /vz/template/centos/config/minimal.list. What if in CentOS 6 we don't want package with that name, but want something called httpd3 instead? I mean, we can definitely add more packages, but how can we remove packages? In case it's a replacement, I doubt that generic file will work -- every major version of a given distro have some changes in the minimal.list. I can provide a diff of this change against the current git if you are interested. If there is interest in any of this work please let me know the process for getting the changes reviewed and incorporated into the product. I put users@ to cc: in order to bring some more attention to the topic. I am definitely interested so let's
[Users] Re: [Devel] vzpkg
Robert Nelson wrote: For the yum-cache, I mount the /vz/template version of the cache into the VE. I do the same for the apt/archives on Debian. If you do it read-only, how do you handle the case yum/apt wants to write something to it? If you do it read-write, how can you make sure that an evil container root will not put some home-baked Trojaned packages into that area? Currently I mount it rw, but only while a vzpkg* command is running. If the VE manages their own packages they don't get to share the cache. There is still a window while the vzpkg command is running but I don't know how to specify different access to a directory for the HN versus the VE. Is there a way? Long term, the best solution is probably implementing something like Debian's apt-cacher for rpms and then running apt-cacher and rpm-cacher on the HN. I guess we can run a caching proxy on the host system, so the first time any VE will need a package it will be downloaded and cached on the host system; any subsequent requests will be served from cache. The only problem is yum metadata which can become inconsistent; need to test it extensively. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] New vzpkg, templates and package caching daemon
A few more questions to Robert (sorry for top-posting) 1. Can you explain how you deal with chicken-and-egg problem? I mean, to run yum/rpm inside a VE you need to have those packages (and their deps) inside the VE. In old vzpkg, we use external rpm/yum (vzrpm and vzyum) to do that. Since you are not relying on that anymore, how do you perform an initial installation of rpm/yum/their dependencies in a newly created VE? (My own solution to this is to have a list of URLs to a few packages comprising a minimal system in which rpm could work, and then download/unpack (using rpm2cpio | cpio -id) those into a newly created empty container. When we can run rpm --initdb inside and do 'yum install full list of packages. The bad thing about that is (per-distro per-version list of) hard-coded package names and inability to use packages from updates repo since they are ever-changing (but packages in base repo should be OK). 2. Is it possible to have opensuse template metadata? AFAIK opensuse lacks yum and you (YaST Online Updater) should be used instead. Robert Nelson wrote: Roberto Mello wrote: On Fri, Sep 5, 2008 at 9:27 PM, Robert Nelson [EMAIL PROTECTED] wrote: I have a preliminary version of the new vzpkg utilities ready for testing. These new tools support creating templates for 32 and 64 bit flavours of the following: Centos 4 and 5, Fedora 7, 8 and 9, Debian Sarge and Etch, Ubuntu Feisty, Gutsy and Hardy. They are extensible and will eventually support OpenSUSE and Gentoo. Fantastic! Thanks for doing this and for sharing. Will definitely be taking a look at this. In addition, I've created pkg-cacher, a transparent caching proxy daemon optimized for Debian and RPM packages. It is based on apt-cacher version 1.6.4 available with Debian. This version has been modified to understand RedHat RPM repositiories. It also adds support for the HTTP Range header and deals correctly with files which have the same name but different content on different distributions or in some cases different versions of the same distribution. In my experience I've found that just setting up Squid and telling my different machines to use the proxy (Acquire::http::Proxy http://proxy.hostname:3128/;;) has been the best pacakge caching solution. Works accross different packaging systems too. There are a few advantages of using pkg-cacher versus squid: It understands the difference between packages (static content) and metadata files (dynamic content). It only keeps a single copy of a package even if it is shared across multiple distributions. versions or accessed from multiple mirrors. Removal of stale packages can be based on whether the package is referenced by any repositories using the metadata. This means less downloads and less disk usage. Even a 250 GB disk starts looking small once you deal with multiple distros, versions and mirrors :-) In order to make installation easy I've setup repositories for 32 and 64 bit versions of CentOS 4, 5 and Fedora 7, 8 and 9. I'll be producing packages for Debian and Ubuntu as HN later. I can help with Debian packages if you need. Roberto Thanks for the offer, the only reason I didn't release it at this time is I didn't have a Debian HN set up for testing yet. Should be available in the next day or so. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] New vzpkg, templates and package caching daemon
Robert Nelson wrote: Kir Kolyshkin wrote: A few more questions to Robert (sorry for top-posting) 1. Can you explain how you deal with chicken-and-egg problem? I mean, to run yum/rpm inside a VE you need to have those packages (and their deps) inside the VE. In old vzpkg, we use external rpm/yum (vzrpm and vzyum) to do that. Since you are not relying on that anymore, how do you perform an initial installation of rpm/yum/their dependencies in a newly created VE? For creating the cache I use the standard yum/rpm on the HN. Once a CT is created the yum/rpm installed in it is used. Hmm. Here comes a problem: try to create CentOS 4 (which uses rpm-4.3) template on a host system running CentOS 5 (rpm-4.4). Not really sure how to deal with that in a less hackish manner. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] vzpkg2
Hi Robert, I'm trying to play with vzpkg2. Here are some random problems I found so far. 1. I am trying to install the beast on Fedora 7 x86_64 system. This is what I see: /usr/share/vzpkg2/cache-os: line 164: /usr/lib/vzctl/scripts/vps-create: No such file or directory The thing is vps-create is located in /usr/lib64/vzctl/scrpts on an x64 box (vzctl-lib-3.0.22-1.x86_64.rpm). This was never a problem because vzpkg didn't work on x86_64. Now this needs to be fixed, I guess the workaround is to check lib64 first and use it if available. Patch (0001-*) is attached. 2. In git commit 2fdcbfc56b4d823ff085e80ec79828f67b5de5a9 you have added %{dist} to the value of Release: field of vzpkg.spec. This is a good thing, since it makes .spec file to be more Fedora-packaging-guidelines compatible. Then in commit 0fe151bd07301c78c85a319d683c3e7fd9117f38 you are removing it. The proper way is to put %{?dist} so if it's not set then it will expand to empty string. Patch (0002-*) is attached. 3. There are a few problems with setting VZPKG_CACHE_HOST in /etc/vz/vz.conf (a) From my POV, vzpkg should work (maybe suboptimal and inefficient, but it should) without any additional settings. Now it's not so -- you have to specify VZPKG_CACHE_HOST manually. It should be optional. (b) vz.conf man page belongs to vzctl, while this parameter belongs to vzpkg. It's a bit unnatural. (c) Protocol (http://) is explicitly prepended to a value of VZPKG_CACHE_HOST. This makes it impossible to use anything other than http:// (i.e. ftp://, file://, whatever). (d) This is a global parameter, which means it's not possible to have a per-distro cache/repo in different places. This is the case for me -- there are repo mirrors of pretty much every distro in my LAN, but they are not on the same server. Not really sure what do to about that -- just started to looking and... here comes the weekend :) This is it so far; will continue next week. From 4d16e4280e2b9215997e1b8eaf0801aec22680ea Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin [EMAIL PROTECTED] Date: Fri, 12 Sep 2008 18:19:48 +0400 Subject: [PATCH] functions: find the proper VZLIB_SCRIPTDIR Fix for the following problem: /usr/share/vzpkg2/cache-os: line 164: /usr/lib/vzctl/scripts/vps-create: No such file or directory The thing is vps-create is located in /usr/lib64/vzctl/scrpts on an amd64 box (checked on vzctl-lib-3.0.22-1.x86_64.rpm). So check for this path first and use it if available. Signed-off-by: Kir Kolyshkin [EMAIL PROTECTED] --- functions |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) diff --git a/functions b/functions index 04e8261..04527f3 100644 --- a/functions +++ b/functions @@ -19,7 +19,11 @@ VECFGDIR_OLD=/etc/sysconfig/vz-scripts VZCFG_OLD=/etc/sysconfig/vz VECFGDIR=/etc/vz/conf VZCFG=/etc/vz/vz.conf -VZLIB_SCRIPTDIR=/usr/lib/vzctl/scripts +if test -d /usr/lib64/vzctl/scripts; then + VZLIB_SCRIPTDIR=/usr/lib64/vzctl/scripts +else + VZLIB_SCRIPTDIR=/usr/lib/vzctl/scripts +fi ARCHES=i386 i586 i686 amd64 x86_64 ia64 x86 # check that configs are in right place - use old values otherwise -- 1.5.5.1 From 32fc918f5a4b8c6eed09d69ecede31592ea8bd5a Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin [EMAIL PROTECTED] Date: Fri, 12 Sep 2008 19:34:06 +0400 Subject: [PATCH] vzpkg.spec: add back %{dist} to release In git commit 2fdcbfc56b4d823ff085e80ec79828f67b5de5a9 %{dist} was added to the value of Release: field of vzpkg.spec. This is a good thing, since it makes .spec file to be more Fedora-packaging-guidelines compatible. Then in commit 0fe151bd07301c78c85a319d683c3e7fd9117f38 it was removed. Returning it back in a proper way, i.e. %{?dist} -- which expands to empty if dist is not set. Signed-off-by: Kir Kolyshkin [EMAIL PROTECTED] --- vzpkg.spec |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/vzpkg.spec b/vzpkg.spec index 824cc7c..e55f58a 100644 --- a/vzpkg.spec +++ b/vzpkg.spec @@ -1,6 +1,6 @@ Name: vzpkg2 Version: 0.9.2 -Release: 1 +Release: 1%{?dist} Summary: OpenVZ template management tools Source:%{name}-%{version}.tar.bz2 License: GPL -- 1.5.5.1 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: vzpkg2
Robert Nelson wrote: Kir Kolyshkin wrote: Hi Robert, I'm trying to play with vzpkg2. Here are some random problems I found so far. 1. I am trying to install the beast on Fedora 7 x86_64 system. This is what I see: /usr/share/vzpkg2/cache-os: line 164: /usr/lib/vzctl/scripts/vps-create: No such file or directory The thing is vps-create is located in /usr/lib64/vzctl/scrpts on an x64 box (vzctl-lib-3.0.22-1.x86_64.rpm). This was never a problem because vzpkg didn't work on x86_64. Now this needs to be fixed, I guess the workaround is to check lib64 first and use it if available. Patch (0001-*) is attached. I am also testing on an x86_64 machine and vzctl/scripts is still installed in /usr/lib. This must be a change in the never released version of vzctl. I don't think this change is correct. /usr/lib should be for 32 bit and Architecture-Independent files, /usr/lib64 is for 64 bit only Architecture Dependent files. I checked with vzctl-3.0.20 and 3.0.22 -- official built RPMs from download.openvz.org. Even if it is incorrect we can fix it in future version but the problem is people are using current versions and will use it for some time. Which vzctl do you have, where you got it from? Maybe Debian build? 2. In git commit 2fdcbfc56b4d823ff085e80ec79828f67b5de5a9 you have added %{dist} to the value of Release: field of vzpkg.spec. This is a good thing, since it makes .spec file to be more Fedora-packaging-guidelines compatible. Then in commit 0fe151bd07301c78c85a319d683c3e7fd9117f38 you are removing it. The proper way is to put %{?dist} so if it's not set then it will expand to empty string. Patch (0002-*) is attached. I know about the %(?dist), in fact I use it in the add-ons spec files. However vzpkg is not distribution specific and there is no reason to build separate binary rpms for each distribution and each release of the distribution. Still all the packages in Fedora have that suffix. I do not have time at the moment to dig into Fedora Packaging Guidelines but AFAIK it is required. It does no harm since it is expanded to nothing if %dist is unset (which happened on my F9 box). UPDATE: here it is -- https://fedoraproject.org/wiki/Packaging/DistTag. Basically, setting this makes it easier to become a part of Fedora. 3. There are a few problems with setting VZPKG_CACHE_HOST in /etc/vz/vz.conf (a) From my POV, vzpkg should work (maybe suboptimal and inefficient, but it should) without any additional settings. Now it's not so -- you have to specify VZPKG_CACHE_HOST manually. It should be optional. With a bit of work I can generate default values in an install script. But it is really hard to figure out a default static IP address needed to do an template update for Debian. Is there some list of mirrors available? I mean, if I run say debootstrap I do not have to configure anything. (b) vz.conf man page belongs to vzctl, while this parameter belongs to vzpkg. It's a bit unnatural. I didn't find it unnatural since the vzctl package is really just the user-mode component of OpenVZ. The naming of the file vz.conf rather than vzctl.conf reinforces that. One thing I could do is create a vzpkg.conf in /etc/vz. It could have the global defaults, then have the template version of vzpkg.conf override it per distribution or distribution/release. (c) Protocol (http://) is explicitly prepended to a value of VZPKG_CACHE_HOST. This makes it impossible to use anything other than http:// (i.e. ftp://, file://, whatever). This is a simple change in the vzpkg.conf files. (d) This is a global parameter, which means it's not possible to have a per-distro cache/repo in different places. This is the case for me -- there are repo mirrors of pretty much every distro in my LAN, but they are not on the same server. See my response to point (b) Not really sure what do to about that -- just started to looking and... here comes the weekend :) This is it so far; will continue next week. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: vzpkg2
Robert Nelson wrote: Kir Kolyshkin wrote: Robert Nelson wrote: Kir Kolyshkin wrote: Hi Robert, I'm trying to play with vzpkg2. Here are some random problems I found so far. 1. I am trying to install the beast on Fedora 7 x86_64 system. This is what I see: /usr/share/vzpkg2/cache-os: line 164: /usr/lib/vzctl/scripts/vps-create: No such file or directory The thing is vps-create is located in /usr/lib64/vzctl/scrpts on an x64 box (vzctl-lib-3.0.22-1.x86_64.rpm). This was never a problem because vzpkg didn't work on x86_64. Now this needs to be fixed, I guess the workaround is to check lib64 first and use it if available. Patch (0001-*) is attached. I am also testing on an x86_64 machine and vzctl/scripts is still installed in /usr/lib. This must be a change in the never released version of vzctl. I don't think this change is correct. /usr/lib should be for 32 bit and Architecture-Independent files, /usr/lib64 is for 64 bit only Architecture Dependent files. I checked with vzctl-3.0.20 and 3.0.22 -- official built RPMs from download.openvz.org. Even if it is incorrect we can fix it in future version but the problem is people are using current versions and will use it for some time. Which vzctl do you have, where you got it from? Maybe Debian build? I'm using version 3.0.22 and I test on both Debian and CentOS. By default CentOS installs both the 32 and 64 bit versions. On Debian I'm using the vzctl from http://download.openvz.org/debian-syst and it doesn't use /usr/lib64. Anyways, it is a simple enough to test for /usr/lib64/vzctl/scripts first. This is what did in that patch I sent :) 2. In git commit 2fdcbfc56b4d823ff085e80ec79828f67b5de5a9 you have added %{dist} to the value of Release: field of vzpkg.spec. This is a good thing, since it makes .spec file to be more Fedora-packaging-guidelines compatible. Then in commit 0fe151bd07301c78c85a319d683c3e7fd9117f38 you are removing it. The proper way is to put %{?dist} so if it's not set then it will expand to empty string. Patch (0002-*) is attached. I know about the %(?dist), in fact I use it in the add-ons spec files. However vzpkg is not distribution specific and there is no reason to build separate binary rpms for each distribution and each release of the distribution. Still all the packages in Fedora have that suffix. I do not have time at the moment to dig into Fedora Packaging Guidelines but AFAIK it is required. It does no harm since it is expanded to nothing if %dist is unset (which happened on my F9 box). UPDATE: here it is -- https://fedoraproject.org/wiki/Packaging/DistTag. Basically, setting this makes it easier to become a part of Fedora. Purpose of the Dist Tag There are several uses for a |%{dist}| tag. The original purpose was so that a single spec file could be used for multiple distribution releases. In doing this, there are cases in which BuildRequires: and Requires: will need to be different for different distribution releases. Hence, |%{dist}| does double duty: * it differentiates multiple packages which would otherwise have the same |%{name}-%{version}-%{release}|, but very different dependencies. * it allows for a conditional check in the spec to deal with the differing dependencies. Do I Have To Use the Dist Tag? No. It is documented and standardized so that maintainers who wish to use it can do so, but it is not mandatory. Above is the actual text from the Guidelines. Since vzpkg doesn't have any dependencies it isn't version or distribution specific. So it isn't necessary, the guidelines also specify that it is optional. If it is specified then you would need to generate separate RPMs for every distribution and every version of those distributions. This isn't a problem if it is being built as part of a distribution but it is when you are building separate from a distribution. All right, agreed :) 3. There are a few problems with setting VZPKG_CACHE_HOST in /etc/vz/vz.conf (a) From my POV, vzpkg should work (maybe suboptimal and inefficient, but it should) without any additional settings. Now it's not so -- you have to specify VZPKG_CACHE_HOST manually. It should be optional. With a bit of work I can generate default values in an install script. But it is really hard to figure out a default static IP address needed to do an template update for Debian. Is there some list of mirrors available? I mean, if I run say debootstrap I do not have to configure anything. I'm not sure how that is relevant to the issue being discussed. The issue I'm talking about is an IP address for the container. Is there a documentation for VZPKG_CACHE_HOST I can take a look at? Yup I know the best documentation is the code, and I will take a look, but anyways... This is needed so that the container can access the network to run apt-get upgrade to update the template with latest versions
Re: [Users] 2.6.26-ovz.bulgakov question
Please file a bug to http://bugzilla.openvz.org/ [EMAIL PROTECTED] wrote: I have compiled and installed 2.6.26-ovz.bulgakov pulled from git after commit 777e8164ebf8a03e43511983cdec472f8691a8af It's working fine, running 2 VE, one with heavy java applications (zimbra). I have one strange message in /var/log/messages, BUG: soft lockup - CPU#0 stuck for 63s! [java:30192], I will add the whole text at the bottom of the mail. At that time I saw non-zero failcnt for this VE and increased some parameter for VE, I don't remember which one. Is it an openvz problem? Should I file it into bugzilla? Here are the whole text from /var/log/messages: --- Oct 13 11:57:08 localhost kernel: BUG: soft lockup - CPU#0 stuck for 63s! [java:30192] Oct 13 11:57:08 localhost kernel: Modules linked in: vzethdev vznetdev simfs vzrst vzcpt tun vzdquota vzmon vzdev xt_length ipt_ttl xt_tcpmss xt_TCPMSS iptable_m angle iptable_filter xt_multiport xt_limit xt_dscp ipt_REJECT ip_tables bnep rfcomm l2cap bluetooth ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr i scsi_tcp libiscsi scsi_transport_iscsi it87 hwmon_vid fuse sunrpc bridge ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tab les x_tables ipv6 cpufreq_ondemand powernow_k8 freq_table dm_multipath kvm_amd kvm snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_ device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc 8139too pata_jmicron ppdev parport_pc firewire_ohci sr_mod cdrom firewire_core crc_itu_t usb _storage i2c_piix4 i2c_core pcspkr snd_hwdep k8temp hwmon r8169 8139cp mii pata_atiixp ata_generic sg parport floppy snd soundcore pata_acpi dm_snapshot dm_ze ro dm_mirror dm_log dm_mod ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hc Oct 13 11:57:08 localhost kernel: d ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan] Oct 13 11:57:08 localhost kernel: CPU 0: Oct 13 11:57:08 localhost kernel: Modules linked in: vzethdev vznetdev simfs vzrst vzcpt tun vzdquota vzmon vzdev xt_length ipt_ttl xt_tcpmss xt_TCPMSS iptable_mangle iptable_filter xt_multiport xt_limit xt_dscp ipt_REJECT ip_tables bnep rfcomm l2cap bluetooth ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi scsi_transport_iscsi it87 hwmon_vid fuse sunrpc bridge ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables ipv6 cpufreq_ondemand powernow_k8 freq_table dm_multipath kvm_amd kvm snd_hda_intel snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_page_alloc 8139too pata_jmicron ppdev parport_pc firewire_ohci sr_mod cdrom firewire_core crc_itu_t usb_storage i2c_piix4 i2c_core pcspkr snd_hwdep k8temp hwmon r8169 8139cp mii pata_atiixp ata_generic sg parport floppy snd soundcore pata_acpi dm_snapshot dm_zero dm_mirror dm_log dm_mod ahci liba! ta! sd_mod scsi_mod ext3 jbd mbcache uhci_hc Oct 13 11:57:08 localhost kernel: d ohci_hcd ehci_hcd [last unloaded: scsi_wait_scan] Oct 13 11:57:08 localhost kernel: Pid: 30192, comm: java Not tainted 2.6.26.ovz-bul #6 bulgakov Oct 13 11:57:08 localhost kernel: RIP: 0033:[7fd4dd07b9ed] [7fd4dd07b9ed] Oct 13 11:57:08 localhost kernel: RSP: 002b:402fe250 EFLAGS: 0206 Oct 13 11:57:08 localhost kernel: RAX: 0080 RBX: 402fe290 RCX: Oct 13 11:57:08 localhost kernel: RDX: 402fe3e0 RSI: 0318 RDI: 402fe320 Oct 13 11:57:08 localhost kernel: RBP: 8100c86e R08: 7fd4bc2f8d50 R09: 04a6 Oct 13 11:57:08 localhost kernel: R10: 019c R11: 410cfa10 R12: 402fe6e0 Oct 13 11:57:08 localhost kernel: R13: R14: R15: 402fe830 Oct 13 11:57:08 localhost kernel: FS: 40300940(0063) GS:81408000() knlGS: Oct 13 11:57:08 localhost kernel: CS: 0010 DS: ES: CR0: 80050033 Oct 13 11:57:08 localhost kernel: CR2: 00365ff5d560 CR3: 00014e539000 CR4: 06e0 Oct 13 11:57:08 localhost kernel: DR0: DR1: DR2: Oct 13 11:57:08 localhost kernel: DR3: DR6: 0ff0 DR7: 0400 Oct 13 11:57:08 localhost kernel: Oct 13 11:57:08 localhost kernel: Call Trace: Oct 13 11:57:08 localhost kernel: Oct 13 11:57:18 localhost nagios: SERVICE ALERT: localhost;Processes;WARNING;SOFT;1;PROCS WARNING: 257 processes with STATE = RSZDT ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] create CT with password
The only problem is the solution is not generic. In other words, we can't know how different distros handle local users. It used to be crypt(3) and /etc/passwd (later /etc/shadow) manipulation. Now everybody uses PAM which can be configured in this or that way. For example, new passwords are checked (by pam_cracklib) for minimum length etc. (see pam_cracklib(8) for much more details). Also they could be stored in a different ways (this applies to both storage and hashes), say use (or not use) /etc/shadow, md5 or sha256 hash or even NIS (see pam_unix(8) for more details). Because of the above, the only reliable way is to run passwd --stdin inside the container (somewhat less generic (?) and more low-level way is to call pam_chauthtok(3) function from a C code -- this is what I assume passwd does). Using 'passwd' is the only way to make sure we are doing what we should, not ignoring local configuration, not circumventing any local restrictions etc. Unfortunately we need to start the VE in order to run passwd (just chroot()'ing is not enough secure). So, what if you approach the problem in a different way? Is it possible that you run 'vzctl set --userpasswd' *after* VE start? Dietmar Maurer wrote: Attached is a patch which passes the password to the postcreate script: VE_ROOTPASSWD .. plain text passwd VE_CROOTPASSWD .. crypted passwd (md5) postcreate script can then modify /etc/passwd and /etc/shadow. what do you think? - Dietmar *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Dietmar Maurer *Sent:* Donnerstag, 06. November 2008 10:51 *To:* users@openvz.org *Subject:* [Users] create CT with password Hi all, currently you need to use the following command to change the password inside a CT: vzctl set CTID --userpasswd root:XXX This starts/stop the CT if it is not already running. That is OK unless you have preconfigured appliance templates which does some initialization at first startup. Let me explain: 1.)User create the CT: vzctl creat 777 --ostemplate name … 2.)User set the password: vzctl set 777 --userpasswd root:XXX (start/stop CT) 3.)User starts the CT As you see, there is a totally unnecessary start/stop action. Even worse, the container is not fully functional at that time because HOSTNAME, DOMAIN,… in not set before the container is started with “vzctl start”. I wonder if it would be possible to add a --userpasswd parameter to the ‘create’ command? Or maybe only a --rootpasswd option (because root is always a local user). /etc/passwd and /etc/shadow should be easy to modify directly, or are there some distributions with unusual file formats? - Dietmar ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] [PATCH 0/6] Some small vztmpl improvements/tweaks
Hi Robert, Here are a few patches against your vztmpl which I developed while caching fedora-10 template. All patches are hopefully self-explanatory, and are to be applied in the listed order. Patches are against current git head (e42f6fad632b03b4eeb94fdb3e2ccc3dec82d58d aka vztmpl2-1.0.0-1). Please commit. Regards, Kir. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users