Re: [Vserver] vserver distribution? (was CentOS 4(.2) utils RPM/YUM repository)
On 15 Feb 2006 at 16:35, Matthew Sayler wrote: SNIP I've been thinking for some time that it would be great to tailor a distribution especially for Linux-Vserver -- that is, an installable ISO-imagable Linux distribution configured to lay down a very minimal system by default. Mostly I want nothing except for ssh and a few monitoring apps running on my host vserver. Anyone tried this or thought about this? I am thinking about (and working on) this, however I am working on a tailor made 'distro' using busybox/uclibc/dropbear and some shell scripts, nothing ready for mainstream quite yet. There is AFAIK at least one more project like mine available. check the ml archives on this project. I don't know what the status is though. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On 27 Dec 2005 at 8:55, Michael S. Zick wrote: On Mon December 26 2005 09:15, Joel Soete wrote: Hello Mike, just one thought (just because it seems to be a std de facto), may some sshd to be able login the vps, tough? Joel, group; I have been looking at that, it seems I have two choices: www.matrixssl.org : : Because it is small. www.openssl.org : : Because it is what most people expect. Did you look at the dropbear sshd ? From the Gentoo ebuild: DESCRIPTION=small SSH 2 client/server designed for small memory environments HOMEPAGE=http://matt.ucc.asn.au/dropbear/dropbear.html; -- Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [OT][Vserver] VServer vs OpenVZ
On Wednesday 07 December 2005 16:57, Alex Lyashkov wrote: В Срд, 07.12.2005, в 16:34, Herbert Poetzl пишет: On Wed, Dec 07, 2005 at 06:44:43AM +0200, Alex Lyashkov wrote: (will use Z for OpenVZ and S for Linux-VServer) Factors of interest are - stability, Z: the announcement reads first stable OVZ version S: we are at version 2.0.1 ( two years stable releases) And all this time VServer need a hack for allow bind socket to INADDR_ANY at VPS ;-) hmm, well, it works reasonably fine .. no? The thing that I find unreasonable is that you cannot bind to INADDR_ANY on the host server, without affecting all the VPSes. This basically means that if you have default bind (or ssh) installed on the HOST system, no VPSes will be able to bring up those services. The guests bring up the services just fine... You can't do anything usefull with them, I'll grant you that. It just shows that security and server administration of servers should not be taken lightly. What I find unreasonable in a lot of applications is that some don't even allow you to bind to a specific interface and/or address, but this is the wrong ML to discuss that topic ;) One more thing I would like to add to this discussion is that life is about choice... Some decide to use Linux-VServer, some decide to use OpenVZ while managers tend to go for a Virtuozzo license. Some prefer vi, some prefer joe while others can not live without emacs; a different subject, same discussion ;) Everyone has a different need and there are always many solutions to problem, some solutions are to be preferred, which does not necessarily mean that the others are bad. Just my $.02 -- Regards, Dennis Roos ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: OT: something like VServer, but for Windows platform?
On 7 Dec 2005 at 22:08, Gerhard Hofmann wrote: Xavier Montagutelli wrote: VMware or MS Virtual Server are not identical to Linux VServer, as they virtualize a full machine and not only an execution environment for the applications. But perhaps it is a solution for Gerhard ? Sorry, I should have been more precise in my original posting. I already have used VMware and wondered if there was a VServer-like (only execution environment, not full-blown hardware emulation) alternative on Windows. It's not really vserver like, but definately an only execution environment: www.sandboxie.com -- Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: [PATCH] race condition in procfs
On Tue, 2005-11-29 at 15:39 +0100, Grzegorz Nosek wrote: 2005/11/29, Steven Rostedt [EMAIL PROTECTED]: Have you seen this crash the vanilla kernel? What exactly are you doing to see the crash? If you have a script or something, could you post it. I could spend some time helping you debug it too on one of my SMP boxes. I'm not really using vanilla 2.6 kernels and my setup would be quite hard to run on a vanilla kernel. The reproduceability of this bug varies. Sometimes it'll go for a few days without happening, sometimes it's a matter of a few minutes. I'm beginning to feel it's a vserver issue after all, somehow related to pid virtualisation (it maps some vxi-vx_initpid to 1). Thus I cannot provide a simple script to trigger the bug (I wish I could) but often doing a -j8 kernel compile in a vserver is enough. As I said earlier in this thread, I would like to be of assistance in tracking this down. I am not that familiar with debugging this stuff, but have a box at home (that has apparently just crashed as I cannot reach it atm.) on which I can reproduce the hang quite easily ( tar -C /opt/data/templates/ -xf TEMPLATE.tgz | tar -C /vservers/ -xf - ;# crashes my box time..and..time..again). So if anyone can give me a bit more debugging clue, I am willing to spend some time in tracking this down. The machine itself is an abit bp6 dual celeron running gentoo linux and the gentoo vserver kernel from a month orso ago, which is vs2.1.0pre5 afaik - all prior functions crashed at the same rate as well. -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: [PATCH] race condition in procfs
On Tue, 2005-11-29 at 15:59 +0100, Grzegorz Nosek wrote: As I said earlier in this thread, I would like to be of assistance in tracking this down. Can you set up another box as a netconsole receiver? Just have syslog listening on some udp port and configure netconsole on your vserver box accordingly (say modinfo netconsole for a brief help) I am familiar with netconsole and have a spare box to run the syslog host on... I'll get that up-and-running as soon as I'm home. I am not that familiar with debugging this stuff, but have a box at home (that has apparently just crashed as I cannot reach it atm.) on which I can reproduce the hang quite easily ( tar -C /opt/data/templates/ -xf TEMPLATE.tgz | tar -C /vservers/ -xf - ;# crashes my box time..and..time..again). So if anyone can give me a bit more debugging clue, I am willing to spend some time in tracking this down. The machine itself is an abit bp6 dual celeron running gentoo linux and the gentoo vserver kernel from a month orso ago, which is vs2.1.0pre5 afaik - all prior functions crashed at the same rate as well. I'm experimenting with vservers flags now with a gut feeling that fakeinit might be to blame (it's messing with pids slightly, after all). We'll see. On a side note, I can reproduce the bug without running any vservers just running the below tar commands will take the box down. On another side note ;) I remember that when running 2.4 based hosts I experienced the same type of crashes, though less frequent, but mostly on heavily loaded machines (lots of java threads and lots of open files) -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Chasing kernel crashes on SMP
On Mon, 2005-11-28 at 12:02 +0100, Grzegorz Nosek wrote: 2005/11/28, Grzegorz Nosek [EMAIL PROTECTED]: Hello I'd like to report on my findings in my continuing crusade to find the cause of AMD64 kernel crashes. First, it still crashes. Is this the come-to-a-grinding-halt kinda crash ? As I am experiencing that same kind of problem here and at home, both on uni and multi processor machines. Second, but now I have an oops trace :) I have not been able to get anything from our machines except for a black screen. Third, it's not AMD64-specific after all (though it seems much more frequent there) I have been guessing the cause of this bug varying from hardware related (ide controller/sata controller), cpu/ram, cooling and my latest:I/O We're running Intel only and some machines have this problem and some don't, does not matter if it's uni- (HT disabled) or multiprocessor hardware, hence we never really suspected a kernel issue, as all machines run the same kernel. Fourth, since the last-but-one build (internal rev17) the oopses seem more frequent. As I've booted my test box (dual Xeon) with rev17, it found two extra CPUs (I enabled ACPI in rev14 and it was running rev13 before) and started crashing quite frequently (sometimes reaching uptime of only a few minutes). I'm running the box with rev13 now (no ACPI, sees 2 CPUs only) and it's at least usable (though it probably *will* crash sooner or later :)) Could you generate lots of I/O on the vserver partition and check if it speeds up the crash, this is what triggers the problem on my test machine wether I'm running vservers or not and there is no difference in local or nfs mounted storage, although when mounted locally the crashes tend to occur more often. The crash occurs in fs/proc/array.c:do_task_stat(), triggered by pidof. It is clearly a NULL pointer dereference. I have attached an oops from the amd64smp.17 kernel and a dump of do_task_stat assembly code from amd64smp.18 (these two builds only differ in Fusion MPT SCSI support so this file should be identical) with the oopsing instruction marked. The p4 kernel crashes in the very same assembly instruction. I'm off to relate the assembly to the kernel source. I'll report as soon as I find something but I wanted to share this with vserver-gurus (it'll probably be easier to spot the mistake for you). If I can be of assistance in tracking this down, I am on irc (bware), although I am asleep/out-of-office when the guru's are awake ;) -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] BIND (named) and lo interface inside vserver
On Tue, 2005-11-15 at 17:00 +0300, Dmitry Koterov wrote: Hello. Shortly: when I use BIND (or PowerDNS) inside vserver listening ALL addresses (0.0.0.0), nslookup to server 127.0.0.1 shows error message reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53 Which is true, as your nameserver (powerdns or bind) is assigned your vserver interface as primary interface and answers are sent with that source. Long description. I have installed linux-vserver (named zulu) on kernel 2.6.12.5 and set up one real IP for it - 213.248.62.106: [EMAIL PROTECTED] /]# ifconfig eth0 Link encap:Ethernet HWaddr 00:30:48:75:13:D2 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:39623139 errors:0 dropped:0 overruns:0 frame:0 TX packets:18575687 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:50148146621 (46.7 GiB) TX bytes:1249870165 (1.1 GiB) Base address:0x3000 Memory:dd30-dd32 eth0:zulu Link encap:Ethernet HWaddr 00:30:48:75:13:D2 inet addr:213.248.62.106 Bcast:213.248.62.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Base address:0x3000 Memory:dd30-dd32 First question: why doesn't ifconfig show lo interface? ~ lo is not assigned to your context and therefor not shown. Then,Iinstallednamed (BIND), compiled it with --disable-linux-caps before. BIND listens on all IP addresses inside vserver: [EMAIL PROTECTED] /]# netstat -na Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 213.248.62.106:53 0.0.0.0:* LISTEN udp0 0 213.248.62.106:53 0.0.0.0:* ... This shows only listening on your vserver ip address. And answering to the world ;) Then I try nslookup: [EMAIL PROTECTED] /]# nslookup server 127.0.0.1 Default server: 127.0.0.1 Address: 127.0.0.1#53 hostmag.ru. ;; reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53 ;; reply from unexpected source: 213.248.62.106#53, expected 127.0.0.1#53 FWIR: The first interface brought up in the context is 'assigned' the functionality of lo0. For a more detailed explaination you have to rely on the developers/experts answer(s)... I'm just a simple end user ;) Second question: what's wrong? Why BIND tries to answer from vserver IP address, but NOT from localhost which I used? localhost is just a name, so I guess you're refering to the loopback ip address which defaults to 127.0.0.1 As I explained above, 127.0.0.1 is not assigned to your guest context and so is not used as reply address by your nameserver I have also tried PowerDNS instead of BIND - absolutely same effect. As to be expected. I do not want to write 213.248.62.106 in my resolv.conf, because this IP may be changed one fine day, or vserver will be moved to another machine. It always needs an ip address, so why not rewrite /etc/resolv.conf from pre-start or post-start and use the ip address assigned at time as nameserver. Seems networking stack isolation in linux-vserver is not finished yet? I don't know the answer to this one, but it seems that it is doing its job quite nicely ;) -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Nagios 2.x on a vserver. Anyone?
On Fri, 2005-11-11 at 09:04 +0100, Evert Meulie wrote: Warning for all! Even though Nagios 2.x eventually compiled on my system, I ended up with a defective check_ping. And since check_ping is used by Nagios to check whether a host is up or not, this causes MAJOR problems... For ping you need to enable a specific capability. I have nagios 2.0 running fine within a vserver ;) What I did to get it to work was: * Add CAP_NET_RAW to the capabilities of the vserver (in /etc/vservers) * start the vserver * modify configure to check for a hostname instead of 127.0.0.1 * compile nagios * configure nagios * run nagios :) -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
RE: [Vserver] Re: Nagios 2.x on a vserver. Anyone?
On Fri, 2005-11-11 at 10:25 -0600, Matthew Nuzum wrote: on 2.x kernels, the raw_icmp capability replaces the insecure CAP_NET_RAW. raw_icmp is given by default on mainline util-vserver since (at least) 0.30.208 (and we now have 0.30.209) What I did to get it to work was: * Add CAP_NET_RAW to the capabilities of the vserver (in /etc/vservers) Well, I have 5 secs before I leave the office (weekend after all!), so here is some info on my (working) host, if anyone needs more info, I'll be back on monday ;) ): vserver-info Versions: Kernel: 2.6.11.6-grsec-vs1.9.5 VS-API: 0x00010025 util-vserver: 0.30.196; Apr 5 2005, 16:20:45 Features: CC: i686-pc-linux-gnu-gcc, i686-pc-linux-gnu-gcc (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) CXX: i686-pc-linux-gnu-g++, i686-pc-linux-gnu-g++ (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) CPPFLAGS: '' CFLAGS: '-O2 -march=i686 -fomit-frame-pointer -std=c99 -Wall -pedantic -W' CXXFLAGS: '-O2 -march=i686 -fomit-frame-pointer -ansi -Wall -pedantic -W -fmessage-length=0' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes (0.28) Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: fast vserver(2) syscall#: 273/default cat /proc/virtual/82/status (Nagios host) UseCnt: 85 Tasks: 38 Flags: 00020215 BCaps: d44c04ff CCaps: 0101 Ticks: 0 -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [SOLVED]need a point in the right direction in certain kernel networking settings
On Sun, 2005-09-25 at 14:47 -0400, Chuck wrote:
On Saturday 24 September 2005 03:39 pm, Chuck wrote:
Finally, with the help of the docs Bert pointed me to, and the help of
someone
in the Gentoo network forum, it all works properly. The contents of the
things I had to do is listed below in case anyone else runs into the same
problem. I could not find any way to add the rules to the /etc/conf.d/net
config file, so i created a run script to do it.
I added the 3 values below to /etc/iproute2/rt_tables
34 34net
39 39net
172 pvtnet
---
prometheus ~ # cat /etc/conf.d/net
modules=( iproute2 )
config_eth0=( 64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255 )
routes_eth0=( 64.113.34.0/24 src 64.113.34.5 table 34net )
routes_eth0=( default via 64.113.34.1 table 34net )
config_eth1=( 172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255 )
routes_eth1=( 172.30.0.0/24 src 172.30.0.50 table pvtnet )
routes_eth1=( default via 172.30.0.1 table pvtnet )
config_eth2=( 64.113.39.254 netmask 255.255.255.0 broadcast 64.113.39.255 )
routes_eth2=( 64.113.39.0/24 src 64.113.39.254 table 39net )
routes_eth2=( default via 64.113.39.1 table 39net )
--
script iprules
placed in /etc/init.d and added to default runlevel
#!/sbin/runscript
depend() {
need net
before svscan
}
start() {
ebegin Setting iproute2 rules.
#set up system default gateway
/sbin/ip route add default via 64.113.34.1
# set up rules
/sbin/ip rule add from 64.113.34.5 table 34net
/sbin/ip rule add from 172.30.0.50 table pvtnet
/sbin/ip rule add from 64.113.39.254 table 39net
eend 0
}
If I am not mistaking you're missing 3 default gateways ;)
The 'set up system default gateway is the main gateway (when no other
rules apply).
To choose a different default path per table one might use the following
rules:
---%-- cut here --%
# Restrict traffic from 34net to table 34net
ip rule add from 64.113.34.0/24 table 34net
# Restrict traffic from 34net to table 34net and eth0
ip route add 64.113.34.0/24 dev eth0 table 34net
# Set default route for table 34net
ip route add default via 64.113.34.1 dev eth0 table 34net
---%-- cut here --%
And repeat these rules for all tables used.
SNIP
start() {
ebegin Setting /proc options.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/bin/echo 0 /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo 0 /proc/sys/net/ipv4/conf/all/accept_redirects
/bin/echo 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
/bin/echo 1 /proc/sys/net/ipv4/tcp_syncookies
eend 0
}
You could add all these to /etc/sysctl.conf (which loads at boot time):
---%-- cut here --%
#/etc/sysctl.conf
net.ipv4.icmp_echo_ignore_broadcasts 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
# END
---%-- cut here --%
A few others I use:
---%-- cut here --%
# /etc/sysctl.conf:
# Disable packet forwarding
net.ipv4.ip_forward = 0
# Disable IP dynaddr
net.ipv4.ip_dynaddr = 0
# Disable ECN
net.ipv4.tcp_ecn = 0
# Enable source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
# Disable ICMP echo-request altogether (use only if DOS'ed):
#net.ipv4.icmp_echo_ignore_all = 1
# Enable syn-cookies (prevent syn-flood attacks):
net.ipv4.tcp_syncookies = 1
# Reduce number of possible SYN Floods:
net.ipv4.tcp_max_syn_backlog = 1024
# Disable ICMP echo-request to broadcast addresses (Smurf amplifier):
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable defrag error protection:
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Enable time-wait assassination hazards in tcp (RFC 1337):
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_timestamps = 0
# Disable ICMP Redirect accept/send:
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
# Log spoofed, source routed and redirect packets:
net.ipv4.conf.all.log_martians = 1
# Disables the magic-sysrq key
#kernel.sysrq = 0
kernel.vshelper = /usr/lib/util-vserver/vshelper
---%-- cut here --%
Just my $0.02
--
Regards,
Dennis Roos
Network Engineer @ InTouch N.V.
Middenweg 76
1097 BS Amsterdam
Tel: +31 (0)20 6752060
Fax: +31 (0)20 6758429
-=[Assumption is the mother of all f*ckups]=-
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gameserver
On Thu, 2005-09-01 at 02:56 +0200, Herbert Poetzl wrote: On Thu, Sep 01, 2005 at 12:46:53AM +0200, Andreas John wrote: Hello! before I start experimenting with gameservers (namely Countersrike/HL), I wanted to ask here if anyone can report bad sideeffects when running them in a vserver guest? One of our customers run some gameservers within vservers, I am not into gaming, so I wouldn't know which ;) But beware of memory leaks due to sloppy coding ;) so prepare to limit the vservers. -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver+vlan=127.0.0.1
On Wed, 2005-07-13 at 12:46 +0200, Alberto Cammozzo wrote: Hello, I am setting up a vserver with vlans: each vserver one or more dot1q vlans. So do I ;) Seems to work fine, except that the vserver start insists on giving the interface a fake 127.0.0.1 address, even if it has an interface configuration in /etc/vservers/XX/interfaces/0/ip and /etc/vservers/XX/interfaces/dev has eth0.2 in it. I recall having to set at least /etc/vservers/XX/interfaces/name as well, however I am unsure if it is really necessary though. It creates named aliases on the 802.1Q interfaces. To have it working properly I have to deconfigure and reconfigure by hand the interface from the host server after the vserver is started. Try upgrading to a more recent version of the tools first. I have had issues with 802.1Q vlans in older versions as well, upgrading to a more recent version solved the problems I had. Seems like this is a known and correct (?) behavior since 2003: http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt SNIP ip addr list gives me: 7: eth1.1096: BROADCAST,MULTICAST,UP mtu 1500 qdisc noqueue link/ether 00:80:3f:04:1b:59 brd ff:ff:ff:ff:ff:ff inet 127.0.0.1/8 brd 127.255.255.255 scope host eth1.1096 inet xxx.xxx.xxx.21/28 brd 212.19.219.31 scope global eth1.1096:0VS1 inet xxx.xxx.xxx.22/28 brd 212.19.219.31 scope global secondary eth1.1096:0VS1 What do I have to do to give eth0.2 a different IP address? Thanks! Alberto # vserver-info Versions: Kernel: 2.6.11.11+dm-1.00.21+evms-2.5.2+vs1.9.5 VS-API: 0x00010025 util-vserver: 0.30.204; May 24 2005, 22:22:03 I am using: root # vserver-info Versions: Kernel: 2.6.11.6-grsec-vs1.9.5 VS-API: 0x00010025 util-vserver: 0.30.205; May 11 2005, 10:54:16 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Migration from legacy utils to the new version
On Mon, 2005-06-06 at 09:00 -0400, Benoit des Ligneris wrote: Hello, We have to migrate several vservers (40) using the legacy tools (jacques ones) to the new tools. Has someone done a script that kind of automate the whole process ? Well ... sort of... see if you can use the attached file to do it for you, it's kind of legacy for my own environment, but shouldn't be too hard to adapt. vscfg-convert.sh Description: application/shellscript ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Confused by routing
On Sun, 2005-05-22 at 11:25 +0200, Gilles wrote:
Hi.
Is it OK to have several default routes.
yes, it _is_ okay, as long as they are bound to a source address,
otherwise they do not make too much sense ...
1. How do the users of the gateway know their source address?
AFAIK it is the first interface that was created when starting the
vserver.
2. Does the output of route show an indication of what is the source?
Not necessarily ;)
3. How to set the source for a default route?
Using iproute2 you can use:
ip rule add from ${MYNET}/${SVRPFX} table ${VLAN}
see http://archives.linux-vserver.org/200311/0470.html
(solution a) was implemented and b) is still? planned but might
be superceeded by ngnet ...)
First I removed the network and gateway entries in the interfaces file.
Then I put a routing.sh script in /etc/vservers/phony/scripts/pre-start.d
containing the following lines:
ip route add 192.168.83.0/24 dev eth0.2
ip route add default via 192.168.83.2 dev eth0.2
ip rule add from 192.168.83.0/24
First of all, I have had issues when doing routing changes in the pre-start
fase,
so I made a habbit of doing those changes in the post start fase and that solved
a lot of my problems.
Then:
# vserver phony start
ERROR: trying to add VLAN #2 to IF -:eth0:- error: Invalid argument
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: Invalid argument
Failed to start vserver 'phony'
What version of util-vserver are you using ? I've had vlan issues with
0.30.195
SNIP
might be interesting to add an /etc/vservers/*/interfaces/*/gateway
to the config and set up table based routing if compiled into
the kernel, etc ... (any volunteers?)
I sent a script not too long ago to the list that I am currently using.
It is a workaround for the limitations I found. However the script is
pretty much focused on my own environment, but shouldn't be too hard to
adapt to make generic.
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo Build fails
On Wed, 2005-04-27 at 08:19 +0200, Oliver Welter wrote: Hi Bene Could you please post the output of `emerge info`? SNIP virtual/os-headers: 2.4.22-r1 /SNIP Try updating your kernel headers ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Conversion script for legacy config files to new config directory
Heyaz, After half an hour of scripting I came up with a somewhat working conversion script for Linux-VServer configs to the new directory configuration layout. It has been created for my specific environment, but I hope it helps someone ;) vscfg-convert.sh Description: application/shellscript ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] VServer utils vlan interface problem
Heyaz,
I am trying to migrate to the new configuration method of util-vserver
(0.30.196) and have come across the following problem:
* vlan support is either broken, or changed in a way I am unable to
understand (very probable as this is my first go at the new
configuration method); an example:
I create /etc/vservers/${SVRNAME}/interfaces/0/dev containing
'eth1.4000'.
When I start ${SVRNAME} using vserver ${SVRNAME} start; it gives me the
following output:
ERROR: trying to add VLAN #0 to IF -:eth1 4000:- error: Invalid
argument
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
On a side note (no pun intended); why moving from a single file
configuration to a configuration tree ? In my opinion this will make
things more complicated than needed:
A config file with comments containing examples say a thousand words and
give the user a head start with his first install. The configuration
tree (without examples) will cause for a steep learning curve; it takes
time to find your way around the tree.
If the idea is to put the configuration tree into a database I'm all for
it, but ATM I can't see how the move will simplify things for the
average vserver admin.
Regards,
Dennis
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] VServer utils vlan interface problem
On Thu, 2005-02-24 at 12:01 +0100, [EMAIL PROTECTED] wrote:
Change content of file 'dev' to 'eth1' and add another file in same directory
called 'name' with '4000'.
Thanks for the quick response; but that creates an named alias eth1:4000
It should become eth1.4000:${SVRNAME}
eg: interface eth1.802.1Q tag 4000:NAMED ALIAS
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 24. Februar 2005 11:56
An: vserver@list.linux-vserver.org
Betreff: [Vserver] VServer utils vlan interface problem
Heyaz,
I am trying to migrate to the new configuration method of util-vserver
(0.30.196) and have come across the following problem:
* vlan support is either broken, or changed in a way I am unable to
understand (very probable as this is my first go at the new configuration
method); an example: I create /etc/vservers/${SVRNAME}/interfaces/0/dev
containing 'eth1.4000'.
When I start ${SVRNAME} using vserver ${SVRNAME} start; it gives me the
following output:
ERROR: trying to add VLAN #0 to IF -:eth1 4000:- error: Invalid argument
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
On a side note (no pun intended); why moving from a single file configuration
to a configuration tree ? In my opinion this will make things more
complicated than needed: A config file with comments containing examples say
a thousand words and give the user a head start with his first install. The
configuration tree (without examples) will cause for a steep learning curve;
it takes time to find your way around the tree.
If the idea is to put the configuration tree into a database I'm all for it,
but ATM I can't see how the move will simplify things for the average vserver
admin.
Regards,
Dennis
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer utils vlan interface problem
On Thu, 2005-02-24 at 14:38 +0100, Oliver Heinz wrote:
Herbert Poetzl schrieb:
On Thu, Feb 24, 2005 at 11:55:51AM +0100, Dennis Roos wrote:
Heyaz,
I am trying to migrate to the new configuration method of util-vserver
(0.30.196) and have come across the following problem:
* vlan support is either broken, or changed in a way I am unable to
understand (very probable as this is my first go at the new
configuration method); an example:
I create /etc/vservers/${SVRNAME}/interfaces/0/dev containing
'eth1.4000'.
When I start ${SVRNAME} using vserver ${SVRNAME} start; it gives me the
following output:
ERROR: trying to add VLAN #0 to IF -:eth1 4000:- error: Invalid
argument
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
For me it works with rather new kernel/util versions:
spacelord:/etc/vservers# cat /etc/vservers/mail/interfaces/0/dev
eth0.400
spacelord:/etc/vservers# vserver mail start
Added VLAN with VID == 400 to IF -:eth0:-
Versions:
Kernel: 2.6.11-rc3-vs1.9.4-1-686-smp
VS-API: 0x00010025
util-vserver: 0.30.203; Feb 12 2005, 15:00:17
Does adding the vlan interface by hand succeed? (Just make sure to
remove it before starting the vserver...)
vconfig add eth1 4000 works without problems, as does adding vlans with
the old style config.
mw118 1 # vconfig add eth1 4000
Added VLAN with VID == 4000 to IF -:eth1:-
mw118 1 # uname -a
Linux mw118.intouch.net 2.6.10-vs1.9.3.17 #5 SMP Mon May 3 18:46:00 CEST
2010 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux
mw118 1 # vserver --version
vserver 0.30.196 -- manages the state of vservers
This program is part of util-vserver 0.30.196
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer utils vlan interface problem
On Thu, 2005-02-24 at 14:00 +0100, Herbert Poetzl wrote:
On Thu, Feb 24, 2005 at 11:55:51AM +0100, Dennis Roos wrote:
Heyaz,
I am trying to migrate to the new configuration method of util-vserver
(0.30.196) and have come across the following problem:
* vlan support is either broken, or changed in a way I am unable to
understand (very probable as this is my first go at the new
configuration method); an example:
I create /etc/vservers/${SVRNAME}/interfaces/0/dev containing
'eth1.4000'.
When I start ${SVRNAME} using vserver ${SVRNAME} start; it gives me the
following output:
ERROR: trying to add VLAN #0 to IF -:eth1 4000:- error: Invalid
argument
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
Cannot find device eth1.4000
SIOCGIFFLAGS: No such device
which tools did you use? 0.30.196? or 0.30.204?
mw118 1 # vserver --version
vserver 0.30.196 -- manages the state of vservers
Guess I'm running an old version for a change ;)
On a side note (no pun intended); why moving from a single file
configuration to a configuration tree ? In my opinion this will make
things more complicated than needed:
A config file with comments containing examples say a thousand words and
give the user a head start with his first install. The configuration
tree (without examples) will cause for a steep learning curve; it takes
time to find your way around the tree.
I guess it is simple a matter of preference, and it
was Enrico's preference to do it this way ... but
if you think about it, this config 'tree' can be easily
mapped to a property list, which could be stored in
a single file ...
I was more thinking about a database (LDAP) to contain the tree.
actually I did wonder many times now why nobody did
create a tool to map one to the other (or even to
'convert' an existing legacy config file to the new
config layout)
I'm trying to do this right now ;) The problem with it is that the old
style (config file) does not support all the new flags AFAICT.
Regards,
Dennis
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problems with mount on bootup
On Wed, 2004-12-08 at 09:59, Oliver Welter wrote: Hi List, I have a Gentoo-System with latest alpha-tools runningm setup with the Guide here http://home.xnull.de/work/gentoo/vserver/guide/ Everything works but I get anoiing errors when fireing up my vserver regarding the mount process... Kill fstab/mtab (make them empty) mount won't work anyway in vserver :) The Guest trys to mount root-fs and fails and some other small errors, below is my output, how can I get rid of them, I dont find anything to uncomment in the runlevel scripts :( There are several places in init.d scripts where you have to add exit 0 before calling the scripts. -- Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] hostname in the vserver and vserver name
On Wed, 2004-07-07 at 14:17, loic d'Anterroches wrote: Dear All, My little question is: Is there a link between the hostname of the vserver and the vserver name? Yes and no, it totally depends on the way you configure it the vserver_name is set by /etc/vservers/VSVRNAME.conf and the vserver_hostname is set in this file by specifying a value for S_HOSTNAME= -- Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] PRoblems entering vserver an ps
On 1 Jul 2004 at 17:04, nospam wrote: 3. No ping in vserver is possible. ping: icmp open socket: Operation not permitted Following Capabilities are set in vserver3.conf : S_CAPS=CAP_SETPCAP CAP_SYS_ADMIN CAP_NET_BROADCAST CAP_SYS_PACCT CAP_SYS_RAWIO CAP_NET_BROADCAST Add CAP_NET_RAW to the S_CAPS... You might have to add a source interface to ping/traceroute commands eg: traceroute -i eth0:vserver3 192.168.0.1 Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer management
On 4 Jun 2004 at 18:39, Lucas Albers wrote: Dariush Pietrzak said: Hmm, there is another issue here - if you already use app like HP Open View to do your other management, then putting it in control of vservers might be the wisest choice. -- What would be some useful cluster commands? A couple of examples might be: * VServer replication * load-balancing applications What are some common vserver operations? Status checking IP management (depending on the underlying management) Disk usage checks Package updates Services checks Server creation/removal Password resets for users ... Move vserver from one machine to another. Determine if any vservers are stopped. Stop,start,create vservers. The most useful imo is the replication. Steps: rsync vserver from one machine to another. copy over conf files. stop the old vserver. replicate the data. start the new vserver. Currently I do this by hand, if it was scripted I would have less chance of screwing it up, and shorter downtime on the move. I'm looking into ways of automating these steps, hence the question on SNMP or alternate ways to do remote management. I prefer a trigger-reply mechanism to accomplish these tasks. However, there is an easier way to better the uptime, using the lvs way. The only issue here is keeping 2 vservers online and in-sync the latter is probably the hardest part ;) Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] VServer management
Heyaz, I've been working on a webbased vserver administration application and I've been thinking about a way to run certain tasks on the host machine. The tasks involve: stopping/starting the vserver, deploying (in my case using rsync) new vservers and configs. I started on an implementation with a php based daemon, but that would mean I'd have to handle authentication, implement a protocol, calling various sub-applications from the daemon, etc. This gave me a lot of headaches :) At the moment I am monitoring our vserver installations using SNMP and started thinking of the idea of using the SNMP daemon I have already running as a full management daemon. This would simplify a lot from my end, but the end user (people running vserver environments) would have to install snmp on their servers, which, I can imagine, causes security risks not everyone is willing to take. To make a long story short, I am wondering if someone else considers using SNMP is a worthwile approach, or perhaps people have different ideas ? Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Documentation
On 26 May 2004 at 17:46, Herbert Poetzl wrote: On Wed, May 26, 2004 at 04:56:58PM +0200, Mike Fischer wrote: Hi! I've already got some vservers up and running nicely. (Kernel 2.4.22, vserver 1.00, utils 0.25) But now I need more. Much has changed since I last set up a vserver. But the documentation obviously hasn't. hmm, did you add to it last time? I wrote some Gentoo specific howto's, not on the installation, but on the administration of vservers. It can be obtained from: http://vserveradmin.intouch.nl/ I'm writing these documents as I go (running/installing/administer vservers), so the number of documents is likely to grow. Even though the notes are not on the page yet, the documents are released under the Attribution-ShareAlike 2.0 license - http://creativecommons.org/licenses/by-sa/2.0/ Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] traceroute issues
Hi, I installed a few gentoo based vservers on gentoo linux based hosts... Works flawlessly, after editing a sh*tload of files, but that's another issue ;) The kernel in use is: 2.4.24-vs1.26 (gentoo package). Here's the problem: Users inside the vserver are unable to traceroute (ping works fine, due to the CAP_NET_RAW)... traceroute complains about the (source) interface, like so: root # traceroute -n www.google.nl traceroute: findsaddr: Can't find interface eth1 If I specify the source interface (using the vserver's alias), the trace completes, eg: traceroute -n www.google.nl -i eth1:VSERVER01 The config looks like this: ONBOOT=yes S_CONTEXT=4 S_CAPS=CAP_NET_RAW IPROOT=eth1:192.168.3.4/255.255.255.0 S_START=/sbin/rc vserver S_STOP=/sbin/rc shutdown S_HOSTNAME=hostname.domain.tld On a side note, we are working on a php/ldap based vserver configuration management tool, as the only tool I am aware of is still unavailable... If anyone is interested, I'd be willing to put it online somewhere... Contact me off-list about this. -- Regards, Dennis Roos Network Engineer InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
