[Vserver] Basic resource limits for a vserver
Hi List! Anyone care to share their thoughts on how to limit the reources for a virtual server in the best way. My requirements basically are the following: - No single vserver should be allowed to bring the other vservers and the host down. (Given that the other vservers are behaving properly.) - Each vserver should be allowed to use at much as available of the system resources as long as the other vservers and the host do not suffer noticeably from this. - The host should hopefully never be brought down, and should always reply easily to ssh administration logins and commands. - Disk resources are not important in this setup. (Have lotsa disk space now, and vservers on separate partitions.) Any suggestions of limits settings for the vservers to achieve this? Best regards, Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo Vserver: PHP5 - udev - baselayout problem
Hilco Wijbenga wrote: equery depends udev That command didn't work as expected, but by turning on debug info on emerge I could pinpoint the problem to alsa-lib. Adding -also to the use flags fixed it. This is probably a bug in alsa-lib ebuilt, or what? OK, anyway, thanks all for the help! :-) Best regards Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo Vserver: PHP5 - udev - baselayout problem
Christian Heim wrote:
On Friday 11 November 2005 11:46, Tor Rune Skoglund wrote:
I am trying to emerge dev-lang/php to get php5. package.keywords have been
set accordingly. Emerge wants to install udev for some reason. (Why would
I want udev in a vserver? I probably don't...)
Rune, could you please copypaste the tree output of your emerge (-t) ?!
Anyway, when trying to emerge udev, udev want a baselayout other than
the vserver baselayout, and there my knowledge stops.
Yes, here we go:
emerge -t dev-lang/php
--tree implies --pretend... adding --pretend to options.
These are the packages that I would merge, in reverse order:
Calculating dependencies
!!! All ebuilds that could satisfy =sys-apps/baselayout-1.8.6.12-r3
have been masked.
!!! One of the following masked packages is required to complete your
request:
- sys-apps/baselayout-1.12.0_pre10-r1 (masked by: package.mask, ~x86
keyword)
- sys-apps/baselayout-1.12.0_pre10 (masked by: package.mask, ~x86 keyword)
- sys-apps/baselayout-1.12.0_pre9-r1 (masked by: package.mask, ~x86 keyword)
- sys-apps/baselayout-1.11.13-r2 (masked by: package.mask, ~x86 keyword)
- sys-apps/baselayout-1.11.13-r1 (masked by: package.mask)
- sys-apps/baselayout-1.12.0_pre9-r2 (masked by: package.mask, ~x86 keyword)
For more information, see MASKED PACKAGES section in the emerge man page or
section 2.2 Software Availability in the Gentoo Handbook.
!!!(dependency required by sys-fs/udev-073 [ebuild])
emerge -t udev says the same.
This is my make.conf in the vserver:
# These settings were set by the catalyst build script that
automatically built this stage
# Please consult /etc/make.conf.example for a more detailed example
CFLAGS=-O2 -march=pentium4 -fomit-frame-pointer
CHOST=i686-pc-linux-gnu
CXXFLAGS=${CFLAGS}
USE=acl apache2 bash-completion bcmath bzip2 cli cpdflib crypt ctype
curl curlwrappers dba emacs exif expat ffmpeg ffftw flatfile fortran ftp
gd -gdbm geoip ggi gif imagemagick imap imlib innodb java javascript
jpeg ldap libwww mhash mime mmx mp3 mpeg mysql ncurses pam pcre pdflib
perl php png python readline sasl session simplexml slp soap sockets spl
sqlite sse sse2 ssl tcltk tidy tiff tokenizer truetype vhosts xml xml2
xmlrpc xsl zip zlib x86
LINGUAS=nb
Here is /etc/portage/package.keywords:
# Pakker for å få mysql 5
=dev-db/mysql-5.0.15* ~x86
=dev-perl/DBD-mysql-2.9007* ~x86
# Pakker for å få PHP5
=dev-lang/php-5.0.5* ~x86
=app-text/aspell-0.60.2* ~x86
=app-admin/eselect-php-0.96* ~x86
=app-admin/eselect-0.9.6* ~x86
=dev-php5/pecl-zip-1.0* ~x86
=sys-fs/udev-0.71* ~x86
# Vserver baselayout
=sys-apps/baselayout-vserver-1.12.0_pre8* ~x86
(That udev line was added since php wanted udev and I
added to check if it might help with a newer version. It didn't.)
Finally, on the host, this is vserver-info:
Versions:
Kernel: 2.6.13.3-vs2.1.0-rc3-gentoo
VS-API: 0x00020001
util-vserver: 0.30.208; Oct 29 2005, 15:58:22
Features:
CC: i686-pc-linux-gnu-gcc, i686-pc-linux-gnu-gcc (GCC)
3.3.6
(Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8)
CXX: i686-pc-linux-gnu-g++, i686-pc-linux-gnu-g++
(GCC) 3.3.6 (Gentoo 3.3.6, ssp-3.3.6-1.0, pie-8.7.8)
CPPFLAGS: ''
CFLAGS: '-O2 -march=pentium4 -fomit-frame-pointer
-std=c99 -Wall -pedantic -W'
CXXFLAGS: '-O2 -march=pentium4 -fomit-frame-pointer
-ansi -Wall -pedantic -W -fmessage-length=0'
build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
ext2fs Source: e2fsprogs
syscall(2) invocation: alternative
vserver(2) syscall#: 273/glibc
Paths:
prefix: /usr
sysconf-Directory: /etc
cfg-Directory: /etc/vservers
initrd-Directory: /etc/init.d
pkgstate-Directory: /var/run/vservers
Kernelheaders:
/lib/modules/2.6.13.3-vs2.1.0-rc3-gentoo/build/include
vserver-Rootdir: /vservers
Any clues?
Best regards
Tor Rune Skoglund
[EMAIL PROTECTED]
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo Vserver: PHP5 - udev - baselayout problem
Lørdag 12 november 2005 21:32, skrev Benedikt Boehm: On Saturday 12 November 2005 19:33, Tor Rune Skoglund wrote: Christian Heim wrote: On Friday 11 November 2005 11:46, Tor Rune Skoglund wrote: I am trying to emerge dev-lang/php to get php5. package.keywords have been set accordingly. Emerge wants to install udev for some reason. (Why would I want udev in a vserver? I probably don't...) please read http://bugs.gentoo.org/show_bug.cgi?id=105616 and try to find out which package depends on udev, no package should depend on udev in a vserver OK, so I'm not alone at least... ;) Is there an easy way to find which package depend on udev? As -t apparently don't tell it, is there another way? Best regards Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Gentoo Vserver: PHP5 - udev - baselayout problem
Hi List! This is probably a Gentoo specific Vserver problem: I am trying to emerge dev-lang/php to get php5. package.keywords have been set accordingly. Emerge wants to install udev for some reason. (Why would I want udev in a vserver? I probably don't...) Anyway, when trying to emerge udev, udev want a baselayout other than the vserver baselayout, and there my knowledge stops. Might be something with my USE flags? But I can't see which. Strange thing is that in another installation on another host, I do not have this udev requirement when installing php5. Any help or pointers appreciated. You guys probably want to see some config files. Just tell me which. Best regards Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver-new reports a guest exists when it does not
Mandag 31 oktober 2005 19:08, skrev Chuck: this is on a gentoo system. i am trying to create a guest called support. i created the mount point in /vservers, it is mounted and a clear, empty volume. i run this command and get this result: phoenix vservers # vserver-new support --hostname support --context 3920 --interface eth3:64.113.39.20/24 template /work/guest-stuff/template.tar.bz2 * Existing vserver installation found. Try --destroy support does not exist in /etc/vservers or in /vservers as a configured guest, the context 3920 does not exist either and the ip address is not in use. i have tried changing the name of the guest, the context number, even the ethernet device still the same... its almost behaving like it has run out of resources or something but there are only 8 guests in operation.. this would be the 9th. what could be happening? H, might be a similar problem that I had with vserver-new... I created the /vserver/newvserverdir as a symbolic link to a fresh and empty volume, and vserver-new complained. I found that it seems to just check if the directory exists, and if it does, it will not make a new server. So I tried --destroy, and it did remove the link, and created a new directory on the root partition. OK. Well, anyway I did a manual mv of all the files to a symlinked dir and it seems to be OK. Possibly I bug in vserver-new this I don't know. Best regards Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver-new reports a guest exists when it does not
Mandag 31 oktober 2005 22:40, skrev Benedikt Boehm: On Monday 31 October 2005 19:08, Chuck wrote: this is on a gentoo system. i am trying to create a guest called support. i created the mount point in /vservers, it is mounted and a clear, empty volume. i run this command and get this result: phoenix vservers # vserver-new support --hostname support --context 3920 --interface eth3:64.113.39.20/24 template /work/guest-stuff/template.tar.bz2 * Existing vserver installation found. Try --destroy vserver-new can handle mount points, just add --destroy and it will umount/mount the defice automagically... (you have to specify destroy here, because vserver-new can't decide if the mount point is fresh or already used.. AFAICT then the problem is existing symlinked vserver directories rather than mount points... Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer forum
Evert wrote: Well, my main reasoning was that there is no VServer Forum yet... There is a mailing list, but with mailing lists it's much more difficult to reply nicely to postings when you don't have the original message anymore. The forum does not have this problem. Here all messages postings can be replied to indefinitely. But I agree with you, and we leave it up to the community whether a VServer forum will be endorsed. A _well-organized_, active forum would be nice. IMHO, one of the main problems (_the_ main problem?) with linux-vserver is the lack of good documentation and support. No offense... I mean, Herbert is doing a great job, but for the average user, searching messages from old mailing list postings, IRC logs and poorly styled/incomplete web pages (the flower page being one example) is not the way to have it in the long run. Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer forum
Dariush Pietrzak,,, wrote: postings, IRC logs and poorly styled/incomplete web pages (the flower page being one example) is not the way to have it in the long run. flower page rocks. Well, thats a matter of opinion... For the average user I would think the view would be different... :) Everyone and their brother creating their own forum is not the answer, there already is a vserver wiki, if you want to work on documentation - go update wiki. Problem with the wiki is that there is no forum there. If one could incorporate some kind of forum there, it would be nice --- like e.g. the forum.gentoo.org, which I find extremely valueable. And btw, not _anyone_ has the required knowledge about vserver to write good documentation on the wiki anyway. Nothing is worse than wrong and outdated documentation... Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer forum
Dariush Pietrzak,,, wrote: Well, thats a matter of opinion... For the average user I would think the view would be different... :) I have never seen this mythical average user you keep on talking about. I always thought that I'm him, but you seem to be implying that he's got different views then me. I bet I'm more average than you - and to me, the flower page, is not particarly nice... :) Well, that's just my opinion thought. To my best memory I cannot remember any product I have used some much time on to get up and running correctly the latest years. Better documentation and an active forum surely would have helped _me_ a lot anyway. Problem with the wiki is that there is no forum there. If one could incorporate some kind AFAIK most wikis has 'discusion' panels for every page Then it's sad it isn't installed on linux-vserver's wiki...(?) And btw, not _anyone_ has the required knowledge about vserver to write good documentation on the wiki anyway. Nothing is worse than wrong and outdated documentation... well, fragmented and non-accessible documentation is worse. linux-vserver has it all! :-) Just a final word from me; I would like to say that I am _very_ impressed with Herbert's and Enrico's and all those I cannot name and their work and support efforts on the mailing list, wiki and IRC, and linux-vserver generally. But if Linux-vserver is going to be big hit someone with the right knowledge has to write consistent and updated project documentation. Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] update on gentoo guest shutdown
Chuck wrote: On Tuesday 20 September 2005 10:05 am, Chuck wrote: correction. within the guest i typed init 0 anyway i tried from the host: vserver guestname exec init 0 and it shut down within seconds perfectly with no errors when i try vserver guestname stop it returns that the server is not running startup delivers no errors after stopping it in that fashion is this a clue or am i bypassing some important steps the 'stop' command does? I don't comprehend the verver.stop script :( however I can tell you the fail/timeout is external to the gentoo guests by this test I enter the guest via vserver guest enter. i type halt 0 within seconds i am tossed back into the host and looking at processes the vserver lock process kills itself in about 5 seconds.. then if i run vserver guest stop it says the guest is not running. I am sure there are numerous reasons for not doing this, but why not just execute init 0 within the guest from the vserver script while it does the rest of its cleanup? Just an observation here Do you actually _know_ that the init-scripts are being run? Stopping the vserver should first run those to stop the services (apache, databases, etc) in a nice way, and thereafter stop the whole vserver. Is it possible for you to check? If it actually works, one could easily edit the vserver script to change the way 'stop' works, at least until a bugfix is available officially... :-) Best regards Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
Chuck wrote:
btw this is a gentoo system and the vserver host and template install were
according to the hollow how-to, and i manually cloned the guests from the
template by first using hollow's instructions to create a skeleton then doing
cp -al template/* guest
then running
find guest -type f -exec setattr --iunlink {} ';'
then i go in and edit configs. the lnkage breaking works fine it seems.
so then back to the problem, in the 2 i want autostarted, i placed a mark file
in there with the contents of a single line that said
default
then i put a mark file into my template with a single line
nostart
now it starts them properly
however, shutdown by /etc/init.d/vservers stop
has an instant return and the guests are still running and continue to do so.
i have to shut them down with vserver guest stop then it times out as it has
been and stops the guest. so for the heck of it i removed the mark files
completely and the init script starts all and shuts down all properly but it
includes my template.
confused... im about to put the veserver guest start commands into my local
startup file and the stop command into the local stop file
any clues why the init would return immediately and basically do nothing on
stop? after i stop them with vserver util, i run the iniot with vstatus and
it still shows that servers are running of type default.
I experienced the same. Might be this bug:
http://savannah.nongnu.org/bugs/?func=detailitemitem_id=14525
Editing the init-script to stop vservers of just type default might help
for you too.
Best regards,
Tor Rune Skoglund
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
Chuck wrote:
On Monday 19 September 2005 02:51 am, Tor Rune Skoglund wrote:
very interesting. thanks for that link! i think you are right. i didn't want
to play with scripts that were supplied just to be sure I didn't create some
error of my own witthout consulting someone first.
No problem, but still it for me it doesn't stop correctly. It is just
being killed after a
timeout. Do you have the same problem? I presume this might be something
to do
with the Gentoo 'version' of vserver, as I have not seem anyone else
report that.
Tor Rune Skoglund
Chuck wrote:
btw this is a gentoo system and the vserver host and template install were
according to the hollow how-to, and i manually cloned the guests from the
template by first using hollow's instructions to create a skeleton then
doing
cp -al template/* guest
then running
find guest -type f -exec setattr --iunlink {} ';'
then i go in and edit configs. the lnkage breaking works fine it seems.
so then back to the problem, in the 2 i want autostarted, i placed a mark
file
in there with the contents of a single line that said
default
then i put a mark file into my template with a single line
nostart
now it starts them properly
however, shutdown by /etc/init.d/vservers stop
has an instant return and the guests are still running and continue to do
so.
i have to shut them down with vserver guest stop then it times out as it
has
been and stops the guest. so for the heck of it i removed the mark files
completely and the init script starts all and shuts down all properly but
it
includes my template.
confused... im about to put the veserver guest start commands into my local
startup file and the stop command into the local stop file
any clues why the init would return immediately and basically do nothing on
stop? after i stop them with vserver util, i run the iniot with vstatus
and
it still shows that servers are running of type default.
I experienced the same. Might be this bug:
http://savannah.nongnu.org/bugs/?func=detailitemitem_id=14525
Editing the init-script to stop vservers of just type default might help
for you too.
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
Herbert Poetzl wrote: On Mon, Sep 19, 2005 at 12:42:45PM +0200, Tor Rune Skoglund wrote: No problem, but still it for me it doesn't stop correctly. It is just being killed after a timeout. Do you have the same problem? I presume this might be something to do with the Gentoo 'version' of vserver, as I have not seem anyone else report that. yes, was reported a few times on gentoo only, but I doubt that it is a kernel/tool issue on gentoo, I assume it is caused by the way gentoo initscripts work ... Yes, I agree. At least is shouldn't be the kernel, as I always have used the vanilla kernel + we tried that pre8 patch directly on the kernel sources (and not the vserver-sources ebuild...) if you are interested in hunting this down, we can have a session on the irc channel ... (for all who are interested to improve that) I might be available for that later this evening - but if there are any suggestion, please mail me also... Also, I can give you root access to a server with this problem if you like to check it out. Best regards Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Proc Security in V2.0
Onsdag 14 september 2005 16:22, skrev Herbert Poetzl: On Wed, Sep 14, 2005 at 09:52:58AM +0200, Tor Rune Skoglund wrote: linuxserver ~ # ./vserver-oppsett/testme.sh Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl chcontext is working. chbind is working. Linux 2.6.13-vs2.1.0-pre5-gentoo i686/0.30.208/0.30.208 [Ea] (0) VCI: 0002:0001 273 03110036 --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. hmm ... not conclusive yet, if you are interested in tracking down this issue, you might pay a visit to the irc channel #vserver @ irc.oftc.net Hello Herbert, OK, I can confirm that the problem is still there on a pre8 kernel. (uname btw says pre7...) No change, it might be some Gentoo specially somewhere, but finding this is beyond my capabilities... If you like, Herbert, I can give you ssh access to a server with a testinstalled server with the problem. Let me know by mail if you like to check it out. Best regards Tor Rune Onsdag 14 september 2005 00:56, skrev Herbert Poetzl: On Tue, Sep 13, 2005 at 11:39:10PM +0200, Tor Rune Skoglund wrote: Søndag 11 september 2005 04:08, skrev Herbert Poetzl: A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. on vserver xxx stop. I'm not sure how to debug this. well, for some reason the guest has still programs running after a shutdown, best check with 'vps auxwww' and look for processes inside your guest (while waiting for the timeout to occur) OK, you experts have a look at this: First, minimizing the processes in the vserver to: templategentoo / # ps ax PID TTY STAT TIME COMMAND 1 ?S 0:00 init [3] 17335 pts/1S 0:00 /bin/bash -login 17429 pts/1R+ 0:00 ps ax templategentoo / # Then checking vps on the host: linuxserver ~ # vps auxwww | grep 100 root 1008 0 MAIN 0.0 0.0 1444 468 ?Ss Sep11 0:00 udevd root 16616 100 templategentoo 0.0 0.0 1464 496 ?Ss 23:17 0:00 init [3] root 17335 100 templategentoo 0.0 0.1 2328 1368 pts/1S+ 23:17 0:00 /bin/bash -login root 17460 0 MAIN 0.0 0.0 1484 452 pts/8S+ 23:20 0:00 grep 100 Stopping the vserver from the host: linuxserver ~ # vserver templategentoo stop A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. Before that timeout arrives, checking vps repeatedly from the host: linuxserver ~ # vps auxwww | grep 100 root 1008 0 MAIN 0.0 0.0 1444 468 ?Ss Sep11 0:00 udevd root 16616 100 templategentoo 0.0 0.0 1464 496 ?Ss 23:17 0:00 init [3] root 17335 100 templategentoo 0.0 0.1 2328 1368 pts/1S+ 23:17 0:00 /bin/bash -login root 17556 0 MAIN 0.0 0.010828 pts/6S+ 23:20 0:00 /usr/sbin/vwait --timeout 20 --terminate --status-fd 3 100 root 17612 0 MAIN 0.0 0.0 1484 448 pts/8S+ 23:20 0:00 grep 100 vwait just waits 20 seconds, and then the vserver is killed. So I checked to see if it stops the services gracefully first: It doesn't. It just goes into that timeout directly without the stopping the init.d scripts: linuxserver ~ # vps auxwww | grep 100 root 1008 0 MAIN 0.0 0.0 1444 468 ?Ss Sep11 0:00 udevd root 17832 100 templategentoo 0.0 0.0 1468 500 ?Ss 23:29 0:00 init [3] root 18403 100 templategentoo 0.0 0.0 1712 664 ?Ss 23:29 0:00 /usr/sbin/syslog-ng root 18499 100 templategentoo 0.0 0.1 3944 1644 ?Ss 23:29 0:00 /usr/sbin/sshd root 18522 100 templategentoo 0.0 0.3 7652 3296 ?Ss 23:29 0:00 /usr/sbin/apache2 -k start apache 18558 100 templategentoo 0.0 0.3 7596 3252 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18559 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18560 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18561 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin
Re: [Vserver] Proc Security in V2.0
linuxserver ~ # ./vserver-oppsett/testme.sh Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl chcontext is working. chbind is working. Linux 2.6.13-vs2.1.0-pre5-gentoo i686/0.30.208/0.30.208 [Ea] (0) VCI: 0002:0001 273 03110036 --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. Onsdag 14 september 2005 00:56, skrev Herbert Poetzl: On Tue, Sep 13, 2005 at 11:39:10PM +0200, Tor Rune Skoglund wrote: Søndag 11 september 2005 04:08, skrev Herbert Poetzl: A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. on vserver xxx stop. I'm not sure how to debug this. well, for some reason the guest has still programs running after a shutdown, best check with 'vps auxwww' and look for processes inside your guest (while waiting for the timeout to occur) OK, you experts have a look at this: First, minimizing the processes in the vserver to: templategentoo / # ps ax PID TTY STAT TIME COMMAND 1 ?S 0:00 init [3] 17335 pts/1S 0:00 /bin/bash -login 17429 pts/1R+ 0:00 ps ax templategentoo / # Then checking vps on the host: linuxserver ~ # vps auxwww | grep 100 root 1008 0 MAIN 0.0 0.0 1444 468 ?Ss Sep11 0:00 udevd root 16616 100 templategentoo 0.0 0.0 1464 496 ?Ss 23:17 0:00 init [3] root 17335 100 templategentoo 0.0 0.1 2328 1368 pts/1S+ 23:17 0:00 /bin/bash -login root 17460 0 MAIN 0.0 0.0 1484 452 pts/8S+ 23:20 0:00 grep 100 Stopping the vserver from the host: linuxserver ~ # vserver templategentoo stop A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. Before that timeout arrives, checking vps repeatedly from the host: linuxserver ~ # vps auxwww | grep 100 root 1008 0 MAIN 0.0 0.0 1444 468 ?Ss Sep11 0:00 udevd root 16616 100 templategentoo 0.0 0.0 1464 496 ?Ss 23:17 0:00 init [3] root 17335 100 templategentoo 0.0 0.1 2328 1368 pts/1S+ 23:17 0:00 /bin/bash -login root 17556 0 MAIN 0.0 0.010828 pts/6S+ 23:20 0:00 /usr/sbin/vwait --timeout 20 --terminate --status-fd 3 100 root 17612 0 MAIN 0.0 0.0 1484 448 pts/8S+ 23:20 0:00 grep 100 vwait just waits 20 seconds, and then the vserver is killed. So I checked to see if it stops the services gracefully first: It doesn't. It just goes into that timeout directly without the stopping the init.d scripts: linuxserver ~ # vps auxwww | grep 100 root 1008 0 MAIN 0.0 0.0 1444 468 ?Ss Sep11 0:00 udevd root 17832 100 templategentoo 0.0 0.0 1468 500 ?Ss 23:29 0:00 init [3] root 18403 100 templategentoo 0.0 0.0 1712 664 ?Ss 23:29 0:00 /usr/sbin/syslog-ng root 18499 100 templategentoo 0.0 0.1 3944 1644 ?Ss 23:29 0:00 /usr/sbin/sshd root 18522 100 templategentoo 0.0 0.3 7652 3296 ?Ss 23:29 0:00 /usr/sbin/apache2 -k start apache 18558 100 templategentoo 0.0 0.3 7596 3252 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18559 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18560 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18561 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18562 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start apache 18563 100 templategentoo 0.0 0.3 7788 3336 ?S 23:29 0:00 /usr/sbin/apache2 -k start root 18608 0 MAIN 0.0 0.010424 pts/6S+ 23:29 0:00 /usr/sbin/vwait --timeout 20 --terminate --status-fd 3 100 root 18706 0 MAIN 0.0 0.0 1488 452 pts/8S+ 23:29 0:00 grep 100 Sorry, I have no clue here... This might be a gentoo problem or something with the init-style (which is 'plain') --- I don't know. could you also add the output of testme.sh (http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh) to this information? TIA, Herbert More info: linuxserver ~ # uname -a Linux linuxserver 2.6.13-vs2.1.0-pre5-gentoo #1 Sat Sep 10 16:25:41
Re: [Vserver] Proc Security in V2.0
Lørdag 10 september 2005 19:18, skrev Herbert Poetzl: On Fri, Sep 09, 2005 at 11:29:32PM +0200, Tor Rune Skoglund wrote: Default flagging As of now stable defaults to all proc entries visible everywhere, development and experimental versions default to all proc entries only visible in context 0. config VSERVER_PROC_SECURE so we now default to enable the proc security, hiding most entries by default ... Yes, that might have been it. I emerged the 2.6.13 vs2.0 kernel sources, recompiled the kernel, and now it works as expected. Silly me, I didn't save the old .config and cannot tell whether PROC_SECURE was the missing link or not. It's a bit strange though - I _thing_ did check that before the kernel compile, but we'll never know for sure... Other pecularities are: - I always get A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. on vserver xxx stop. I'm not sure how to debug this. Increasing the timeout didn't help, and I didn't expect it to either - There seems to be problem with the gentoo init.d and/or util-vserver's start-vservers script: (I have edited the init script to see what actually was executed) linuxserver ~ # /etc/init.d/vservers start * Starting vservers of type 'default' ... /usr/lib/util-vserver/start-vservers -m default -j 1 --all --start [ ok ] linuxserver ~ # vserver-stat CTX PROCVSZRSS userTIME sysTIMEUPTIME NAME 0 100 1.9G 0.9G 17m11s21 4m12s17 3h24m27 root server 100 3 6.9M 2.7M 0m01s46 0m01s56 0m50s72 templategentoo linuxserver ~ # /etc/init.d/vservers stop * Stopping all vservers ... /usr/lib/util-vserver/start-vservers -j 1 --all --stop [ ok ] linuxserver ~ # vserver-stat CTX PROCVSZRSS userTIME sysTIMEUPTIME NAME 0 100 1.9G 0.9G 17m11s49 4m12s37 3h24m48 root server 100 3 6.9M 2.7M 0m01s46 0m01s56 1m11s72 templategentoo linuxserver ~ # Vserver still running after start-vserver --all --stop. Removing STOP_ALL in /etc/conf.d/vservers so that it just stops all vserver with mark 'default' did help, but anyway I think --all --stop should work on marked vservers also. Anyway, thanks for the help. Best regards, Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Proc Security in V2.0
Hi there, Quote http://linux-vserver.org/Proc-Security: Default flagging As of now stable defaults to all proc entries visible everywhere, development and experimental versions default to all proc entries only visible in context 0. It seems like this is still valid for vs2.0 stable, although I would expect it to change to all proc entries hidden. At least that would be the logic of having the vprocunhide utility and the default limiting settings in vprocunhide-files (?) At least all proc entries are visible by default on my first vs2.0 Might I be missing something here? This is a Gentoo host and vserver, using the portage ebuilds for sources and the vserver-new command to make the first vserver. Util-vserver is 208. Best regards, Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Vserver log file?
Hello List, after installing my first 2.6 based vserver system, I have some weirdnesses in a couple of places Before bothering the list about these, is there a vserver log file somewhere (which possible must be enabled) that could show what is going on ? I've googled a little and done FM reading without luck so far. Vserver Debugging Code might have to be enabled in the kernel, or what? Best regards Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] RedHat ES4 and Vserver with vanilla kernel.
On Wed, Feb 16, 2005 at 09:33:12PM +, Andy Fletcher wrote: I'm trying to get vserver working with the 2.9.10 and the development patches but just getting lots of segfaults all the time, randomly. no wonder, 2.9.10 will not be released anytime soon, you should not use patches from the future ... ;) The guides available on the vserver website have been followed and the system will sometimes boot, but sometimes not. interesting ... In my experience, random crashes are often the result of hardware problems. I would run an updated memtest program overnight first to at least rule out that possibility. Best Regards, Tor Rune Skoglund -- DataKompaniet as Teknobyen Innovasjonssenter, Abelsgt. 5 Tel: +47 73 51 51 51 N-7030 Trondheim, NorwayFax: +47 73 94 38 61 WWW:http://www.datakompaniet.no E-mail: [EMAIL PROTECTED] Ved svar på email, fjern all overflødig tekst, men inkluder alltid nok av gammel email slik at det går klart frem hva saken gjelder. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Template server files
Hi List, when trying to make a good template server, one obviously has to start and enter the virtual server and test the installation of it, add some programs, make config changes in it and so on. But when using it as a template, some files must be removed or altered before it is made production ready. AFAICS at least these have to be changed/deleted: * ssh keys * shell history file * root password setting * any standard users password settings I am sure there are more, so if any of you experts out there has additions to the list, please mail me or the list. I'll make a summary on the wiki afterwards. Also, I do not know how well vserver-copy or other copy tools handle such files, as the documentation seems to be a bit sparse on the tools. Any enlightment on these matters will be highly appreciated. Best regards Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Guest template images
Hi List, anyone having a well-configured vserver guest template image to offer? I saw that the link for the possible images on linux-vserver.org has been removed - well, not the link but the page to which it points. Security would be priority no 1, also Apache2 2.0.52, PHP 5.0.2 and MySQL 4.0.21 would be nice Maybe I am asking for to much now? :-) OK, if anyone has something to offer, or any pointers, please let me know. Heck, I would even be glad to pay a few bucks if the template is good and error free. :) The host systems is Gentoo, kernel is 2.4.27, util-vserver is 30.190. Best regards Tor Rune Skoglund -- E-mail: [EMAIL PROTECTED] ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] netstat -nap --inet kills vserver kernel
On Thu, 16 Sep 2004 13:48:19 -0300, James MacLean [EMAIL PROTECTED] if this fixes your issues: http://vserver.13thfloor.at/Experimental/patch-2.6.9-rc2-vs1.9.2.28.diff Did not blow it up. So far much better :). I will be pushing it more over the next while so if it goes I'll be back :). You guys rock. Bertl, that linux-vserver company must be paying you some serious money for you to be giving support like this. ;-) Just wanting you to know your work is appreciated. Big applause from here up also. It has been interesting to follow the thread and see how well such a matter was handled. :) Btw, anyone know the status of this problem on 2.4.27-rc2 ? which, btw2, is _still_ just rc2? :) Keep up the good work, Tor Rune Skoglund -- DataKompaniet as Teknobyen Innovasjonssenter, Abelsgt. 5 Tel: +47 73 51 51 51 N-7030 Trondheim, NorwayFax: +47 73 94 38 61 WWW:http://www.datakompaniet.no E-mail: [EMAIL PROTECTED] Ved svar på email, fjern all overflødig tekst, men inkluder alltid nok av gammel email slik at det går klart frem hva saken gjelder. ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FreeVPS Release 1.2 is available now
tirsdag 30. mars 2004, 15:43, skrev Alexander Suvorov: New features in version 1.2: 1. FreeVPS ported to RedHat Enterprise Linux AS 3.0 (kernel 2.4.21-x). Now we support both RedHat 7.3 and RedHat EL AS 3.0. FreeVPS kernel can work on other systems, but it's not tested and probably other systems need to update glibc. 2. New VPS memory accounting. 3. Virtual Network Device Driver with internal configurable Traffic Shaper. 4. 2-level full-separated routing. 5. full-separated BSD process accouting. 3. is the one thing I miss most i linux-vserver... You FreeVPS guys - could you consider making your project distribution independant and using a vanilla kernel instead? Best regards Tor Rune Skoglund [EMAIL PROTECTED] ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Advisory] chroot exploit ...
fredag 6. februar 2004, 00:10, skrev Herbert Poetzl: Markus Müller from GeNUA (Germany) reported an up to now unknown way to escape from the vserver chroot jail, which is based on the fact the chmod did not verify the 000 barrier correctly ... Where can one find documentation for this exploit? Best regards Tor Rune Skoglund -- DataKompaniet as Teknobyen, Abels gt. 5 Tel: +47 73 51 51 51 N-7030 Trondheim, NorwayFax: +47 73 94 38 61 E-mail: [EMAIL PROTECTED] ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext - network
Hi List, tirsdag 3. februar 2004, 01:06, skrev Nuno Silva: I have various IP's assigned to various vservers, and I have a mysql database running on one of them. The access rights for mysql are determined by the IP someone connects from. Some vservers also need database access and they are granted rights determined by the IP of that particular vserver. I noticed that when starting a command like this in the root server: chcontext --ctx 110 mysql -u username -p -h myhost The IP address is not changed. Access to the mysql database is not To change the IP you must run chbind ;) Errr...? If you run a command in an already running vserver, should that command run in the environment of that vserver, which also includes that context's IP? Please enlighten silly me ... :) Regards, Tor Rune Skoglund -- DataKompaniet as Teknobyen, Abels gt. 5 Tel: +47 73 51 51 51 N-7030 Trondheim, NorwayFax: +47 73 94 38 61 E-mail: [EMAIL PROTECTED] ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
