[Vserver] Error when making skeleton
I am running a Gentoo system and am installing vserver for the first time in an already running machine. I installed the kernel, util-vserver versions of which are below, and ran the testme script which passed. when i run this command to create the skeleton as instructed in hollow's guide I get the result under it. Any clues? davin ~ # vserver gentoo build -m skeleton --hostname gentoo --initstyle plain --context 84 --interface gentoo=eth0:64.113.38.84/255.255.255.240 chattr: Inappropriate ioctl for device while reading flags on /etc/vservers/.defaults/vdirbase/gentoo the kernel version is 2.6.13-vs2.1.0-pre5-gentoo the util-vserver version is util-vserver-0.30.208-r2 the host ip is 64.113.38.83 on eth0. when i saw the above error I tried adding the .84 ip to the host as eth0:1 but it didn't make a difference -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error when making skeleton
On Tuesday 13 September 2005 11:20 pm, Herbert Poetzl wrote: On Tue, Sep 13, 2005 at 11:01:55PM -0400, Chuck wrote: I am running a Gentoo system and am installing vserver for the first time in an already running machine. I installed the kernel, util-vserver versions of which are below, and ran the testme script which passed. could you paste the output of this script please? davin ~ # ./testme.sh Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl chcontext is working. chbind is working. Linux 2.6.13-vs2.1.0-pre5-gentoo i686/0.30.208/0.30.208 [Ea] (0) VCI: 0002:0001 273 03000116 --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. when i run this command to create the skeleton as instructed in hollow's guide I get the result under it. Any clues? davin ~ # vserver gentoo build -m skeleton --hostname gentoo --initstyle plain --context 84 --interface gentoo=eth0:64.113.38.84/255.255.255.240 chattr: Inappropriate ioctl for device while reading flags on /etc/vservers/.defaults/vdirbase/gentoo where does /etc/vservers/.defaults/vdirbase/gentoo point to and what filesystem is used there? vdirbase is a symlink pointing to /vservers which then contains the gentoo directory. i intended this /vservers as a mount point to another drive. i tried the skeleton creation with /vservers unmounted as well so it lived on the same hdd... same error. using reiserfs v3 the kernel version is 2.6.13-vs2.1.0-pre5-gentoo the util-vserver version is util-vserver-0.30.208-r2 the host ip is 64.113.38.83 on eth0. when i saw the above error I the tried adding .84 ip to the host as eth0:1 but it didn't make a the difference TIA, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error when making skeleton
On Tuesday 13 September 2005 11:45 pm, Herbert Poetzl wrote: using reiserfs v3 ah, yes, reiser v3 requires the 'attrs' mount option to support xattrs (those you can set with chattr), and some of those flags are used for the barrier and the unification, so you have to add that to the mount options do i add that only to the fstab entryt for the /vservers mount point or do I add that to the system / as well? also the kernel has some extended reiserfs options which are unchecked at this time as I have never known a need for them. Should they be enabled as well? Chuck best, Herbert the kernel version is 2.6.13-vs2.1.0-pre5-gentoo the util-vserver version is util-vserver-0.30.208-r2 the host ip is 64.113.38.83 on eth0. when i saw the above error I the tried adding .84 ip to the host as eth0:1 but it didn't make a the difference TIA, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error when making skeleton
On Tuesday 13 September 2005 11:58 pm, Herbert Poetzl wrote: On Tue, Sep 13, 2005 at 11:49:56PM -0400, Chuck wrote: On Tuesday 13 September 2005 11:45 pm, Herbert Poetzl wrote: using reiserfs v3 ah, yes, reiser v3 requires the 'attrs' mount option to support xattrs (those you can set with chattr), and some of those flags are used for the barrier and the unification, so you have to add that to the mount options do i add that only to the fstab entryt for the /vservers mount point or do I add that to the system / as well? should be sufficient for the /vservers partition I added it to the /vservers mount statement in fstab and it worked perfectly! also the kernel has some extended reiserfs options which are unchecked at this time as I have never known a need for them. Should they be enabled as well? you probably want CONFIG_REISERFS_FS_XATTR=y but I'm not sure if this is required ... Guess it cannot hurt to enable it anyway for safety. Thank you! now i just hope vservers live up to my expectations.. I have been given the task of finding a way to consolidate which means looking at virtualizing/partitioning to cut the number of servers down. What I am hoping for is enough performance to be able to reduce 39 servers to just 8 or 9 hosts.. we are a fairly busy isp so some of the servers are hit pretty hard.. the only other problem I fear I will run into is in one host there will hve to be at least 4 nics since the servers are on various vlans and each subnet has its assigned switch port. to complicate matters even more, several of the vservers will have to support a few hundred ip addresses each (email and web for domains with dedicated ip addresses). I only hope this can do it as i have found nothing else suitable other than the ibm partitioned minis or blades.($$$).. I believe UML has entirely too much overhead for our needs. best, Herbert Chuck best, Herbert the kernel version is 2.6.13-vs2.1.0-pre5-gentoo the util-vserver version is util-vserver-0.30.208-r2 the host ip is 64.113.38.83 on eth0. when i saw the above error I the tried adding .84 ip to the host as eth0:1 but it didn't make a the difference TIA, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error when making skeleton
On Wednesday 14 September 2005 12:29 am, Herbert Poetzl wrote: I added it to the /vservers mount statement in fstab and it worked perfectly! good to hear! also the kernel has some extended reiserfs options which are unchecked at this time as I have never known a need for them. Should they be enabled as well? you probably want CONFIG_REISERFS_FS_XATTR=y but I'm not sure if this is required ... Guess it cannot hurt to enable it anyway for safety. Thank you! you're welcome! now i just hope vservers live up to my expectations.. I have been given the task of finding a way to consolidate which means looking at virtualizing/partitioning to cut the number of servers down. What I am hoping for is enough performance to be able to reduce 39 servers to just 8 or 9 hosts.. we are a fairly busy isp so some of the servers are hit pretty hard.. well, up to 200 guest for a dual CPU Xeon system were reported working, although I would not suggest to go that hight, especially if you expect higher load ... the only other problem I fear I will run into is in one host there will hve to be at least 4 nics since the servers are on various vlans and each subnet has its assigned switch port. well, 4 nics with GB can be rarely satisfied with PC (and especially 32bit) arch ... if you think about several 100Mbit interfaces, consider using vlans instead even if all the vservers on a single host were in the same network segment, there would still have to be 2 nics due to eth1 being the private admin network and also the one that the servers use to communicate to each other privately for nfs or remote logging. to complicate matters even more, several of the vservers will have to support a few hundred ip addresses each (email and web for domains with dedicated ip addresses). the current limit is at 16 IPs for each guest, but it can be raised (easily) but this comes with a drawback to the overall performance ... you might want to check if it isn't possible to break the hosted IPs down into smaller chunks, and take e.g. 10 guests for 16 IPs each (or maybe 5 with 32) hmmm... wonder how much of a hit in performance. it is impossible to separate them as the large chunks reside on machines with commercially licensed and paid for software which means we cannot duplicate these hosts to spread the load. it is all or nothing. I was anticipating future growth with those numbers. In real numbers today, the email machine has i think around 97 ip addresses and the web machine has in the neighborhood of 124 addresses with the rest of the sites using name space off the main machine ip. all the mail ips are on the same network segment and all the web are also on their own segment.. each network segment is its own vlan within the switching system and each machine has its own assigned switch port. since the vlans are physical separations, it would not be possible to combine them onto one nic.. this is why there would have to be a single nic for each vserver guest. we have several quad-nic cards that we could use. we had 2 of those for 8 nics on our news server once. not only that but the load would be horrendous using a single nic for multiple vservers.. we are already beyond the limits of 100mbit bandwidth on the web server and the email server is pushing about 50mbit continuous at this time. our entire network is gigabit even into the border routers. if i can't do this, then my only other choice is to leave those 2 as dedicated servers which i really don't want to do. the rest of the machines have less than 10 ip addresses in each of their nics. many of these smaller servers are sharing the same net segment so packing those into the same host would allow them to share a single nic or two without trouble. its just the 2 big servers that has my ulcers churning. the boss wants them all consolidated. I only hope this can do it as i have found nothing else suitable other than the ibm partitioned minis or blades.($$$).. I believe UML has entirely too much overhead for our needs. I'm pretty sure it will ... but keep us updated best, Herbert best, Herbert Chuck best, Herbert the kernel version is 2.6.13-vs2.1.0-pre5-gentoo the util-vserver version is util-vserver-0.30.208-r2 the host ip is 64.113.38.83 on eth0. when i saw the above error I the tried adding .84 ip to the host as eth0:1 but it didn't make a the difference TIA, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me
Re: [Vserver] Error when making skeleton
On Wednesday 14 September 2005 01:14 am, Herbert Poetzl wrote: On Wed, Sep 14, 2005 at 12:59:53AM -0400, Chuck wrote: On Wednesday 14 September 2005 12:29 am, Herbert Poetzl wrote: I added it to the /vservers mount statement in fstab and it worked perfectly! good to hear! also the kernel has some extended reiserfs options which are unchecked at this time as I have never known a need for them. Should they be enabled as well? you probably want CONFIG_REISERFS_FS_XATTR=y but I'm not sure if this is required ... Guess it cannot hurt to enable it anyway for safety. Thank you! you're welcome! now i just hope vservers live up to my expectations.. I have been given the task of finding a way to consolidate which means looking at virtualizing/partitioning to cut the number of servers down. What I am hoping for is enough performance to be able to reduce 39 servers to just 8 or 9 hosts.. we are a fairly busy isp so some of the servers are hit pretty hard.. well, up to 200 guest for a dual CPU Xeon system were reported working, although I would not suggest to go that hight, especially if you expect higher load ... the only other problem I fear I will run into is in one host there will hve to be at least 4 nics since the servers are on various vlans and each subnet has its assigned switch port. well, 4 nics with GB can be rarely satisfied with PC (and especially 32bit) arch ... if you think about several 100Mbit interfaces, consider using vlans instead even if all the vservers on a single host were in the same network segment, there would still have to be 2 nics due to eth1 being the private admin network and also the one that the servers use to communicate to each other privately for nfs or remote logging. well, this could also be done via vlans, but 2 NICs are fine, no? after getting my head more around virtual server concepts, the private network only needs to be addressed in each host. the necessary communications can be done host to host easily enough since it has physical access to all vservers for backup. then i sat down and listed every server we run by network segment and discovered that a majority of them can use a single nic.. for example there are 10 severs now on the same segment. those could be put into one or two hosts since most of them are low usage machines. to complicate matters even more, several of the vservers will have to support a few hundred ip addresses each (email and web for domains with dedicated ip addresses). the current limit is at 16 IPs for each guest, but it can be raised (easily) but this comes with a drawback to the overall performance ... you might want to check if it isn't possible to break the hosted IPs down into smaller chunks, and take e.g. 10 guests for 16 IPs each (or maybe 5 with 32) hmmm... wonder how much of a hit in performance. it is impossible to separate them as the large chunks reside on machines with commercially licensed and paid for software which means we cannot duplicate these hosts to spread the load. it is all or nothing. the performance hit is basically a linear O(N) search for each connection/request which is not terribly expensive with 4 or 8 IPs but might have some impact with 128 or 256 IPs ... we want to get rid of the webserver management software we use as it is hard to impossible to set up without their support people doing it, is very expensive, and has some ludicrous requirements that have driven me insane trying to maintain security (plesk).. and of course we had no clue about these things until we bought into it. however we have not found a suitable substitute yet. if we can get around the licensing issue if there is one we would more than like to separate the quantity of hosted sites per box into smaller chunks :) the requirement for multiple nics comes in in only a few instances where we have name servers on the same vlan.. one is on 32 net and one is on 33 net which is one /23 vlan. to get around the multiple nics in this situatio all of those machines would have to be in one host to be able to use a single nic. having 2 public name servers one one physical machine can lead to trouble if there is a hardware failure i personally am for killing the vlan concept completely as it has caused nothing but headaches for me due to restrictions and I don't believe an isp has any need for such things except one or two network segments to isolate customer colo machines from the rest of our network. but... the boss paid some contracted etwork engineer mucho $$$ to set this up and he would not want us ripping it out. he did it in a typical vlan construct between the routers and switches so that from the server side they would be physically separated networks. and since we are dealing with a /19
[Vserver] barrier question
This may mean nothing and only reflect my own ignorance but I am curious if the differences between a B and b returned with showattr means anything? Or if these entries below are proper as they are? When I used showattr -d on some directories here were the results the paths are: /vservers is the parent directory and gentoo is /vservers/gentoo as my first vserver install which is incomplete yet and will wind up being my 'template' for others. ---Bui- vservers ---bui- genoo -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] barrier question
On Wednesday 14 September 2005 01:20 pm, Herbert Poetzl wrote: cool thank you. makes sense now. there must have been route problems along the way because for the past 2 hours i could not get into linux-vserver.org, but now i can. now that the site is active to me again i need to search for the doc i noticed a while ago about using i think its bind to 'mount' a directory within a vserver to an outside directory.. i have a community distfiles directory for gentoo's portage which contains several gigs of the latest things. by sharing this among my machines, i limit downloads to an absolute minimum and use no extra disk space since the file winds up available to every machine. i think i remember reading this can work within a vserver environment. On Wed, Sep 14, 2005 at 12:33:31PM -0400, Chuck wrote: This may mean nothing and only reflect my own ignorance but I am curious if the differences between a B and b returned with showattr means anything? yes the 'B' means that a barrier is set, while 'b' means that barrier flag is available but not set right now ... Or if these entries below are proper as they are? yep, they are proper, as you want the barrier to reside right _above_ the guest's root dir ... When I used showattr -d on some directories here were the results the paths are: /vservers is the parent directory and gentoo is /vservers/gentoo as my first vserver install which is incomplete yet and will wind up being my 'template' for others. ---Bui- vservers ---bui- genoo http://linux-vserver.org/Linux-VServer-Paper-04 (04.2) HTH, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] stop error
I just started my first vserver and it appears to work well however when I issue the stop command I get a timeout error. I can enter the vserver just fine and it appears to be working and I can ping the outside world and the outside world can ping it ok. I have no services set up in it yet so I have nothing to enter it directly from the outside yet. I exit the vserver by using the halt command. Then I issue this command and get this result: davin / # vserver gentoo stop A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. It does stop the verserver anyway. I checked that path and the only entry in apps was vunify. Did I miss a step somewhere? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] stop error
On Wednesday 14 September 2005 10:09 pm, Herbert Poetzl wrote: On Wed, Sep 14, 2005 at 03:00:55PM -0400, Chuck wrote: I just started my first vserver and it appears to work well however when I issue the stop command I get a timeout error. I can enter the vserver just fine and it appears to be working and I can ping the outside world and the outside world can ping it ok. I have no services set up in it yet so I have nothing to enter it directly from the outside yet. I exit the vserver by using the halt command. Then I issue this command and get this result: hmm, I assume you entered it with 'vserver name enter' if so, try to exit it with 'exit' or CTRL-D yes i did and i discovered exit by habit of typing exit out of my shells. that worked well. better than halt. davin / # vserver gentoo stop A timeout occured while waiting for the vserver to finish and it was killed by sending a SIGKILL signal. Please investigate the reasons and/or increase the timeout in apps/vshelper/sync-timeout. we are currently investigating this, basically the following happens ... - the guest is instructed to shut itself down - the guest executes some shutdown scripts, but leaves somethin running - a timeout occurs, and kills off whatever is still running inside - the guest is properly terminated ... the odd thing is, when i use the init script to start/stop the vservers i do not get any errors at all but i imagine it is still there just not shown since it takes timeout time to stop.. It does stop the verserver anyway. I checked that path and the only entry in apps was vunify. Did I miss a step somewhere? probably not, it seems that this happens with certain guest setups (shutdown scripts) and we will work around that pretty soon, I hope :) ok i will also report this to hollow since his setup suggestions are the ones I followed and I used his vserver modified stage3/base layout for gentoo. I will also mention the need for the attrs mount option in the host fstab for reiserfs so he can add that as a note in his how-to. best, Herbert -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] incredible
On Wednesday 14 September 2005 10:00 pm, Herbert Poetzl wrote: On Wed, Sep 14, 2005 at 09:54:09PM -0400, Chuck wrote: I set up 4 vservers on my secondary workstation which is the machine I am using to experiment with. Absolutely incredible! The performance is staggering. How did you do it? I hit these with all kinds of intense scripting to emulate high usage on ftp file xfers, a setiathome computational machine with nice turned off, a ton of randomly selected web hits and a video being served streaming, and a mysql 'thumb through' a large test database displaying each record for 2 seconds all the while i used the remote gui workstation from my other machine. with all this going on I could hardly notice any performance degradation at all on a single processor 933mhz machine !! I am MORE than impressed!! glad that you like it ... you might consider adding yourself to the Happy Users page (if not already done so) at http://linux-vserver.org/VServer+Users I definitely will. I will just wait till I have some more to add than just initial testing. I don't think I will ever build another machine, even for my personal use that is not 'vserver' ready. It just doesn't make sense not to. If I never use it, it is a normal machine. If I want to use it, a few configs and it is up and running. my next step is to move the remote kde workstation code into a vserver and get it off the host and see how that works :D keep us posted ... I am thinking maybe the simplest way since this is just a test is to tar the entire host up and install it into a vserver then make proper config/init mods by overlaying a new baselayout and lots of editing. there is so much to compile and configure otherwise.. a fresh install would be different but I don;'t want to take 3 or 4 days of compiling and instlaling to see if it even works.. if it does, then I can uninstall from the host and the next incarnation of this machine will be fresh proper installs. once I figure that out then my next step is to figure out how to clone the template vserver without physically copying everything into a new directory. :) if you need help with that, just pay a visit to the irc channel #vserver @ irc.oftc.net ... ok. i have an irc plugin in kopete, just never tried it out. thanks for the positive feedback, I appreciate it! no problem at all. this is one incredible package that deserves all the praise it can get. (still trying to get my brain around most of the concepts however.. once i do that im sure i can create better more efficient servers) best, Herbert -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] I think I goofed
i just copied my template into 3 other vservers using hard link cloning along with copying real files into the etc and var. they run ok however I now get an error on start I never got before. I hope I didn't goof using the setattr command. error listed next davin etc # /etc/init.d/vservers start * Starting all vservers ... chroot-shopen(/etc/mtab): Permission denied secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file i just tried setting the attrs mount option on my host / to see if that cures it. didn't have this until I made the 3 other vservers. finished reboot and that didn't cure anything :( I will say this though in converting my 3 vservers into hard linked clones all 4 servers including the template now take up 1/3 the amount of space they did before this :) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] I think I goofed [solved]
On Friday 16 September 2005 10:52 am, Herbert Poetzl wrote: note: the --iunlink sets the 'immutable' flag as well as the 'immutable unlink' flag, basically making those files immutable against changes, which not even the CoW link breaking will break, as they are not hardlinked anymore the --~iunlink removes both flags and makes them normal files again ... ok now i am totally confused. i thought running --iunlink made the links breakable/copyable under the 2.1 setups? so then if --iunlink creates permanent links to files that cannot be touched, what do i run to take advantage of the 2.1 CoW ? thanks for the followup! best, Herbert i just copied my template into 3 other vservers using hard link cloning along with copying real files into the etc and var. they run ok however I now get an error on start I never got before. I hope I didn't goof using the setattr command. error listed next davin etc # /etc/init.d/vservers start * Starting all vservers ... chroot-shopen(/etc/mtab): Permission denied secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file i just tried setting the attrs mount option on my host / to see if ithat cures t. didn't have this until I made the 3 other vservers. finished reboot and that didn't cure anything :( I will say this though in converting my 3 vservers into hard linked clones all 4 servers including the template now take up 1/3 the amount of space they did before this :) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] I think I goofed [solved]
On Friday 16 September 2005 11:08 am, Herbert Poetzl wrote: On Fri, Sep 16, 2005 at 10:56:49AM -0400, Chuck wrote: On Friday 16 September 2005 10:52 am, Herbert Poetzl wrote: note: the --iunlink sets the 'immutable' flag as well as the 'immutable unlink' flag, basically making those files immutable against changes, which not even the CoW link breaking will break, as they are not hardlinked anymore the --~iunlink removes both flags and makes them normal files again ... ok now i am totally confused. i thought running --iunlink made the links breakable/copyable under the 2.1 setups? yes, it does ... so then if --iunlink creates permanent links to files that cannot be touched, what do i run to take advantage of the 2.1 CoW ? not _links_ that is the important detail here ... touch /tmp/x setattr --iunlink /tmp/x and you get an immutable file, you can remove, but not alter ... touch /tmp/a ln /tmp/a /tmp/b setattr --iunlink /tmp/a and you have two files (a,b) which are unified (i.e. a hardlink to the same inode) which will be CoW breakable on devel versions (2.1.x) oh my. i think i did it all wrong then. if i was supposed to run the setattr cmd on the files themselves.. i ran it on the links in the clones.. according to above i should have run it on the template files. hope that clarifies, Herbert thanks for the followup! best, Herbert i just copied my template into 3 other vservers using hard link cloning along with copying real files into the etc and var. they run ok however I now get an error on start I never got before. I hope I didn't goof using the setattr command. error listed next davin etc # /etc/init.d/vservers start * Starting all vservers ... chroot-shopen(/etc/mtab): Permission denied secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file i just tried setting the attrs mount option on my host / to see if ithat cures t. didn't have this until I made the 3 other vservers. finished reboot and that didn't cure anything :( I will say this though in converting my 3 vservers into hard linked clones all 4 servers including the template now take up 1/3 the amount of space they did before this :) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] I think I goofed [solved]
On Friday 16 September 2005 11:16 am, Herbert Poetzl wrote: On Fri, Sep 16, 2005 at 11:12:24AM -0400, Chuck wrote: On Friday 16 September 2005 11:08 am, Herbert Poetzl wrote: On Fri, Sep 16, 2005 at 10:56:49AM -0400, Chuck wrote: On Friday 16 September 2005 10:52 am, Herbert Poetzl wrote: note: the --iunlink sets the 'immutable' flag as well as the 'immutable unlink' flag, basically making those files immutable against changes, which not even the CoW link breaking will break, as they are not hardlinked anymore the --~iunlink removes both flags and makes them normal files again ... ok now i am totally confused. i thought running --iunlink made the links breakable/copyable under the 2.1 setups? yes, it does ... so then if --iunlink creates permanent links to files that cannot be touched, what do i run to take advantage of the 2.1 CoW ? not _links_ that is the important detail here ... touch /tmp/x setattr --iunlink /tmp/x and you get an immutable file, you can remove, but not alter ... touch /tmp/a ln /tmp/a /tmp/b setattr --iunlink /tmp/a and you have two files (a,b) which are unified (i.e. a hardlink to the same inode) which will be CoW breakable on devel versions (2.1.x) oh my. i think i did it all wrong then. if i was supposed to run the setattr cmd on the files themselves.. i ran it on the links in the clones.. according to above i should have run it on the template files. both 'file' and 'link' are identical and indistinguishable (this is a property of hard links) so the choice is yours (i.e. both will have the flags set afterwards :) whew .. ok HTH, Herbert hope that clarifies, Herbert thanks for the followup! best, Herbert i just copied my template into 3 other vservers using hard link cloning along with copying real files into the etc and var. they run ok however I now get an error on start I never got before. I hope I didn't goof using the setattr command. error listed next davin etc # /etc/init.d/vservers start * Starting all vservers ... chroot-shopen(/etc/mtab): Permission denied secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file secure-mount: open(mtab): Permission denied Failed to update mtab-file i just tried setting the attrs mount option on my host / to see if ithat cures t. didn't have this until I made the 3 other vservers. finished reboot and that didn't cure anything :( I will say this though in converting my 3 vservers into hard linked clones all 4 servers including the template now take up 1/3 the amount of space they did before this :) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system
[Vserver] this doc needs checking for accuracy
and possible additions proper editing will be done after the information within is accurate. - set up host as per gentoo how-to and create template as it specifies. add desired common services. start and test the template. create new-guest using skeleton method. cd into it and remove all entries then copy with cp -la gentoo/* new-guest to create hard links to the gentoo template. cd into new-guest and remove completely, etc, root, home and var i have setups for most internet services on the gentoo template and a regular user defined therefore home gets moved too. (should /usr/portage be moved and later recopied as 'real' files?) if i want to remove the ability to run certain services in this vserver, now is the time to remove the links to them so they are no longer a part of this guest. this is only necessary when allowing others shell access. most people would create a very minimal template server so this normally would not be necessary, but with my setups, i want all services available to every server even if i do not run them. then run setattr --iunlink * ONLY in the following directories inside new-guest bin sbin lib usr/bin usr/sbin usr/lib (should there be others?) setattr --~iunlink undoes any damage done to files that should not have that attribute. then cp -Rp /vservers/gentoo/etc and var and root and home this will give real files to edit and use in the new-guest config. configure new-guest as necessary start new-guest and enter to verify its operation. --- -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 12:59 pm, Herbert Poetzl wrote:
Thanks for the comments. will make the changes..
on a further note since I see there is a meeting starting, after doing things
the way Aiken does them, using the following:
Aiken cp -al master/* avon
Aiken find avon -type f -exec setattr --iunlink {} ';'
i then went into the new guest and into the etc/conf.d directory to edit the
hostname file. when I tried to save it I got
Error saving file: Too many links
methinks I screwed things up over time. I have 4 clones linked to the template
On Fri, Sep 16, 2005 at 11:34:44AM -0400, Chuck wrote:
and possible additions
proper editing will be done after the information within is accurate.
-
-- gentoo specific
set up host as per gentoo how-to
and create template as it specifies.
-- generic ... after creating a 'template' guest
add desired common services.
start and test the template.
create new-guest using skeleton method.
will only create a skeleton not a full featured guest :)
cd into it and remove all entries
not required, there are none, except for /etc /proc
both empty dirs, and /dev which contains proper devices
for a new guest/template ...
so actually you'd want to _save_ those /dev entries
somewhere, to _replace_ the installed/created ones
with this limited (known clean) set ...
then copy with
-- gentoo specific
cp -la gentoo/* new-guest
to create hard links to the gentoo template.
will not copy the .[a-zA-Z]* files you might want
to copy too ...
cd into new-guest and
remove completely, etc, root, home and var
i have setups for most internet services on
the gentoo template and a regular user defined
-- gentoo specific
therefore home gets moved too. (should /usr/portage
be moved and later recopied as 'real' files?)
if i want to remove the ability to run certain
services in this vserver, now is the time to
remove the links to them so they are no longer a part
of this guest.
this is only necessary when allowing others
shell access. most people would create a very
minimal template server so this normally would not
be necessary, but with my setups, i want all
services available to every server even if i do
not run them.
then run setattr --iunlink * ONLY in the following
directories inside new-guest
bin
sbin
lib
usr/bin
usr/sbin
usr/lib
(should there be others?)
setattr --~iunlink undoes any damage done to files that should not
have that attribute.
be careful, unifying most of the files will work
on stable (vs2.0.x and vs1.2.x) too, but this
actually assumes CoW link breaking, which is only
present in 2.1.x (and then only if enabled)
then cp -Rp /vservers/gentoo/etc and var and root and home
this will give real files to edit and use in the new-guest config.
configure new-guest as necessary
start new-guest and enter to verify its operation.
best,
Herbert
---
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 02:37 pm, Chuck wrote:
update on this.. it seems i can rename the link or even delete it from the
shell, but nano cannot save to it. i can copy it to a temp name, delete it
and rename the temp and it becomes a regular file locally..
seems only when nano tries to edit directly does it give that error.
On Friday 16 September 2005 12:59 pm, Herbert Poetzl wrote:
Thanks for the comments. will make the changes..
on a further note since I see there is a meeting starting, after doing
things
the way Aiken does them, using the following:
Aiken cp -al master/* avon
Aiken find avon -type f -exec setattr --iunlink {} ';'
i then went into the new guest and into the etc/conf.d directory to edit the
hostname file. when I tried to save it I got
Error saving file: Too many links
methinks I screwed things up over time. I have 4 clones linked to the
template
On Fri, Sep 16, 2005 at 11:34:44AM -0400, Chuck wrote:
and possible additions
proper editing will be done after the information within is accurate.
-
-- gentoo specific
set up host as per gentoo how-to
and create template as it specifies.
-- generic ... after creating a 'template' guest
add desired common services.
start and test the template.
create new-guest using skeleton method.
will only create a skeleton not a full featured guest :)
cd into it and remove all entries
not required, there are none, except for /etc /proc
both empty dirs, and /dev which contains proper devices
for a new guest/template ...
so actually you'd want to _save_ those /dev entries
somewhere, to _replace_ the installed/created ones
with this limited (known clean) set ...
then copy with
-- gentoo specific
cp -la gentoo/* new-guest
to create hard links to the gentoo template.
will not copy the .[a-zA-Z]* files you might want
to copy too ...
cd into new-guest and
remove completely, etc, root, home and var
i have setups for most internet services on
the gentoo template and a regular user defined
-- gentoo specific
therefore home gets moved too. (should /usr/portage
be moved and later recopied as 'real' files?)
if i want to remove the ability to run certain
services in this vserver, now is the time to
remove the links to them so they are no longer a part
of this guest.
this is only necessary when allowing others
shell access. most people would create a very
minimal template server so this normally would not
be necessary, but with my setups, i want all
services available to every server even if i do
not run them.
then run setattr --iunlink * ONLY in the following
directories inside new-guest
bin
sbin
lib
usr/bin
usr/sbin
usr/lib
(should there be others?)
setattr --~iunlink undoes any damage done to files that should not
have that attribute.
be careful, unifying most of the files will work
on stable (vs2.0.x and vs1.2.x) too, but this
actually assumes CoW link breaking, which is only
present in 2.1.x (and then only if enabled)
then cp -Rp /vservers/gentoo/etc and var and root and home
this will give real files to edit and use in the new-guest config.
configure new-guest as necessary
start new-guest and enter to verify its operation.
best,
Herbert
---
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 02:48 pm, Chuck wrote:
one more update... i just tried to start the guest and got this
davin vservers # vserver vsdavin5 start
chroot-shopen(/etc/mtab): Too many links
secure-mount: open(mtab): Too many links
Failed to update mtab-file
secure-mount: open(mtab): Too many links
Failed to update mtab-file
secure-mount: open(mtab): Too many links
Failed to update mtab-file
all other guests are off only tried to start this one.
i would say i still have to remove etc var home and root then copy them
manually to get regular files in there
On Friday 16 September 2005 02:37 pm, Chuck wrote:
update on this.. it seems i can rename the link or even delete it from the
shell, but nano cannot save to it. i can copy it to a temp name, delete it
and rename the temp and it becomes a regular file locally..
seems only when nano tries to edit directly does it give that error.
On Friday 16 September 2005 12:59 pm, Herbert Poetzl wrote:
Thanks for the comments. will make the changes..
on a further note since I see there is a meeting starting, after doing
things
the way Aiken does them, using the following:
Aiken cp -al master/* avon
Aiken find avon -type f -exec setattr --iunlink {} ';'
i then went into the new guest and into the etc/conf.d directory to edit
the
hostname file. when I tried to save it I got
Error saving file: Too many links
methinks I screwed things up over time. I have 4 clones linked to the
template
On Fri, Sep 16, 2005 at 11:34:44AM -0400, Chuck wrote:
and possible additions
proper editing will be done after the information within is accurate.
-
-- gentoo specific
set up host as per gentoo how-to
and create template as it specifies.
-- generic ... after creating a 'template' guest
add desired common services.
start and test the template.
create new-guest using skeleton method.
will only create a skeleton not a full featured guest :)
cd into it and remove all entries
not required, there are none, except for /etc /proc
both empty dirs, and /dev which contains proper devices
for a new guest/template ...
so actually you'd want to _save_ those /dev entries
somewhere, to _replace_ the installed/created ones
with this limited (known clean) set ...
then copy with
-- gentoo specific
cp -la gentoo/* new-guest
to create hard links to the gentoo template.
will not copy the .[a-zA-Z]* files you might want
to copy too ...
cd into new-guest and
remove completely, etc, root, home and var
i have setups for most internet services on
the gentoo template and a regular user defined
-- gentoo specific
therefore home gets moved too. (should /usr/portage
be moved and later recopied as 'real' files?)
if i want to remove the ability to run certain
services in this vserver, now is the time to
remove the links to them so they are no longer a part
of this guest.
this is only necessary when allowing others
shell access. most people would create a very
minimal template server so this normally would not
be necessary, but with my setups, i want all
services available to every server even if i do
not run them.
then run setattr --iunlink * ONLY in the following
directories inside new-guest
bin
sbin
lib
usr/bin
usr/sbin
usr/lib
(should there be others?)
setattr --~iunlink undoes any damage done to files that should not
have that attribute.
be careful, unifying most of the files will work
on stable (vs2.0.x and vs1.2.x) too, but this
actually assumes CoW link breaking, which is only
present in 2.1.x (and then only if enabled)
then cp -Rp /vservers/gentoo/etc and var and root and home
this will give real files to edit and use in the new-guest config.
configure new-guest as necessary
start new-guest and enter to verify its operation.
best,
Herbert
---
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 03:03 pm, James Boddington wrote: A simple test to make sure the cow is working mkdir a echo hello a/test ln a/test setattr --iunlink test echo bye test cat a/test test ([EMAIL PROTECTED]) cat a/test test hello bye hmm didnt work davin vservers # mkdir a davin vservers # echo helloa/test davin vservers # ln a/test davin vservers # ll total 131320 drwxr-xr-x 2 root root72 Sep 16 15:07 a drwxr-xr-x 2 root root80 Sep 15 17:05 changes drwxr-xr-x 15 root root 360 Sep 14 09:56 gentoo -rw-r--r-- 1 root root 134335809 Sep 15 16:25 template.tgz -rw-r--r-- 2 root root 6 Sep 16 15:07 test drwxr-xr-x 15 root root 360 Sep 15 22:52 vsdavin2 drwxr-xr-x 15 root root 360 Sep 15 23:10 vsdavin3 drwxr-xr-x 15 root root 360 Sep 15 20:51 vsdavin4 drwxr-xr-x 15 root root 360 Sep 16 14:53 vsdavin5 davin vservers # cat test hello davin vservers # setattr --iunlink test davin vservers # echo byetest -bash: test: Too many links davin vservers # -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 03:10 pm, Chuck wrote: On Friday 16 September 2005 03:03 pm, James Boddington wrote: A simple test to make sure the cow is working mkdir a echo hello a/test ln a/test setattr --iunlink test echo bye test cat a/test test ([EMAIL PROTECTED]) cat a/test test hello bye hmm didnt work davin vservers # mkdir a davin vservers # echo helloa/test davin vservers # ln a/test davin vservers # ll total 131320 drwxr-xr-x 2 root root72 Sep 16 15:07 a drwxr-xr-x 2 root root80 Sep 15 17:05 changes drwxr-xr-x 15 root root 360 Sep 14 09:56 gentoo -rw-r--r-- 1 root root 134335809 Sep 15 16:25 template.tgz -rw-r--r-- 2 root root 6 Sep 16 15:07 test drwxr-xr-x 15 root root 360 Sep 15 22:52 vsdavin2 drwxr-xr-x 15 root root 360 Sep 15 23:10 vsdavin3 drwxr-xr-x 15 root root 360 Sep 15 20:51 vsdavin4 drwxr-xr-x 15 root root 360 Sep 16 14:53 vsdavin5 davin vservers # cat test hello davin vservers # setattr --iunlink test davin vservers # echo byetest -bash: test: Too many links davin vservers # i just double checked and i have CoW enabled in the kernel.. # Linux VServer # CONFIG_VSERVER_LEGACY=y # CONFIG_VSERVER_LEGACY_VERSION is not set # CONFIG_VSERVER_NGNET is not set CONFIG_VSERVER_COWBL=y CONFIG_VSERVER_PROC_SECURE=y # CONFIG_VSERVER_HARDCPU is not set # CONFIG_INOXID_NONE is not set # CONFIG_INOXID_UID16 is not set # CONFIG_INOXID_GID16 is not set CONFIG_INOXID_UGID24=y # CONFIG_INOXID_INTERN is not set # CONFIG_INOXID_RUNTIME is not set # CONFIG_XID_TAG_NFSD is not set # CONFIG_VSERVER_DEBUG is not set -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 04:45 pm, James Boddington wrote: ok i will have to try this a bit later.. maybe tomrorow. just got something to do handed down by the boss that will take me a large part of this evening to do. echo 255 /proc/sys/vserver/debug_misc -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 04:39 pm, Herbert Poetzl wrote: davin vservers # setattr --iunlink test davin vservers # echo byetest -bash: test: Too many links davin vservers # i just double checked and i have CoW enabled in the kernel.. you might try with http://vserver.13thfloor.at/Experimental/patch-2.6.13.1-vs2.1.0-pre11.diff just verified that CoW breaking works there make sure to use an FS with attributes (chattr) support (reiserfs requires attrs option) and that you actually use 'links' there (i.e. link count 1) not just 'files' hmm ok will that patch work on this kernel since its pre5 or do i need to add each patch until i reach this pre11 ? im not sure they will work on this anyway since it has gentoo patches in it too. i may have to add manually. 2.6.13-vs2.1.0-pre5-gentoo will tackle this tomorow. got a job to do tonight that will take a bit of time. HTH, Herbert # Linux VServer # CONFIG_VSERVER_LEGACY=y # CONFIG_VSERVER_LEGACY_VERSION is not set # CONFIG_VSERVER_NGNET is not set CONFIG_VSERVER_COWBL=y CONFIG_VSERVER_PROC_SECURE=y # CONFIG_VSERVER_HARDCPU is not set # CONFIG_INOXID_NONE is not set # CONFIG_INOXID_UID16 is not set # CONFIG_INOXID_GID16 is not set CONFIG_INOXID_UGID24=y # CONFIG_INOXID_INTERN is not set # CONFIG_INOXID_RUNTIME is not set # CONFIG_XID_TAG_NFSD is not set # CONFIG_VSERVER_DEBUG is not set -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 05:21 pm, Chuck wrote: i double checked before i start on this other thing i have to do and i was right i dont have reiserfs extended attributes enabled in the kernel.. just resiserfs support... im enabling the extended attributes and recompiling. should i have either of these 2 enabled as well? CONFIG_REISERFS_FS_POSIX_ACL CONFIG_REISERFS_FS_SECURITY: also what are the ideal options to enable in the vserver section? may as well set them while im doing the kernel. this is what is currently configured # Linux VServer # CONFIG_VSERVER_LEGACY=y # CONFIG_VSERVER_LEGACY_VERSION is not set # CONFIG_VSERVER_NGNET is not set CONFIG_VSERVER_COWBL=y CONFIG_VSERVER_PROC_SECURE=y # CONFIG_VSERVER_HARDCPU is not set # CONFIG_INOXID_NONE is not set # CONFIG_INOXID_UID16 is not set # CONFIG_INOXID_GID16 is not set CONFIG_INOXID_UGID24=y # CONFIG_INOXID_INTERN is not set # CONFIG_INOXID_RUNTIME is not set # CONFIG_XID_TAG_NFSD is not set # CONFIG_VSERVER_DEBUG is not set On Friday 16 September 2005 04:39 pm, Herbert Poetzl wrote: davin vservers # setattr --iunlink test davin vservers # echo byetest -bash: test: Too many links davin vservers # i just double checked and i have CoW enabled in the kernel.. you might try with http://vserver.13thfloor.at/Experimental/patch-2.6.13.1-vs2.1.0-pre11.diff just verified that CoW breaking works there make sure to use an FS with attributes (chattr) support (reiserfs requires attrs option) and that you actually use 'links' there (i.e. link count 1) not just 'files' hmm ok will that patch work on this kernel since its pre5 or do i need to add each patch until i reach this pre11 ? im not sure they will work on this anyway since it has gentoo patches in it too. i may have to add manually. 2.6.13-vs2.1.0-pre5-gentoo will tackle this tomorow. got a job to do tonight that will take a bit of time. HTH, Herbert # Linux VServer # CONFIG_VSERVER_LEGACY=y # CONFIG_VSERVER_LEGACY_VERSION is not set # CONFIG_VSERVER_NGNET is not set CONFIG_VSERVER_COWBL=y CONFIG_VSERVER_PROC_SECURE=y # CONFIG_VSERVER_HARDCPU is not set # CONFIG_INOXID_NONE is not set # CONFIG_INOXID_UID16 is not set # CONFIG_INOXID_GID16 is not set CONFIG_INOXID_UGID24=y # CONFIG_INOXID_INTERN is not set # CONFIG_INOXID_RUNTIME is not set # CONFIG_XID_TAG_NFSD is not set # CONFIG_VSERVER_DEBUG is not set -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 08:48 pm, James Boddington wrote: Chuck wrote: On Friday 16 September 2005 05:21 pm, Chuck wrote: should i have either of these 2 enabled as well? CONFIG_REISERFS_FS_POSIX_ACL CONFIG_REISERFS_FS_SECURITY: These are my config options for reiserfs CONFIG_REISERFS_FS=m # CONFIG_REISERFS_CHECK is not set # CONFIG_REISERFS_PROC_INFO is not set CONFIG_REISERFS_FS_XATTR=y # CONFIG_REISERFS_FS_POSIX_ACL is not set # CONFIG_REISERFS_FS_SECURITY is not set ok i enabled proc_info, xattr, posix and security figuring if i didnt need them they wouldnt come into play. There was a problem with reiserfs and the cow link breaking. A solution has been found and will be in the next release. Mount with the attrs option. My mount cmd is mount /dev/etherd/e9.1 /vservers/p -o attrs ihave mine in my fstab /dev/hdb1 /vservers reiserfsnoatime,attrs 0 0 then i also put the attrs in my mount for my / partition just to be sure. Until the next release this is a patch I am using against fs/reiserfs/file.c. I am currently using 2.1.0-pre11 im using pre5. i have a diff for pre11 but i fear it wont work automatically since this is a gentoo product which also has some of their patches in it. i would have to patch pre11 manually i suspect. however below small patch looks good. ill try that thanks --- file.c-orig Sat Sep 17 09:58:57 2005 +++ file.c Sat Sep 17 10:41:54 2005 @@ -1554,6 +1554,7 @@ .release = reiserfs_file_release, .fsync = reiserfs_sync_file, .sendfile = generic_file_sendfile, + .sendpage = generic_file_sendpage, .aio_read = generic_file_aio_read, .aio_write = reiserfs_aio_write, }; -- James ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 08:48 pm, James Boddington wrote: it worked!! thank you! i had to add the additional line by hand as the patch failed, but it compiled fine and now it appears to work perfectly. see this test and tell me if i am wrong: davin vservers # mkdir a davin vservers # echo helloa/test davin vservers # ln a/test test davin vservers # cat test hello davin vservers # setattr --iunlink test davin vservers # cat test hello davin vservers # echo byetest davin vservers # cat test hello bye davin vservers # cat a/test hello davin vservers # Until the next release this is a patch I am using against fs/reiserfs/file.c. I am currently using 2.1.0-pre11 --- file.c-orig Sat Sep 17 09:58:57 2005 +++ file.c    Sat Sep 17 10:41:54 2005 @@ -1554,6 +1554,7 @@      .release = reiserfs_file_release,      .fsync = reiserfs_sync_file,      .sendfile = generic_file_sendfile, +    .sendpage = generic_file_sendpage,      .aio_read = generic_file_aio_read,      .aio_write = reiserfs_aio_write,  }; -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] this doc needs checking for accuracy
On Friday 16 September 2005 09:49 pm, Herbert Poetzl wrote: On Fri, Sep 16, 2005 at 09:23:40PM -0400, Chuck wrote: On Friday 16 September 2005 08:48 pm, James Boddington wrote: it worked!! thank you! i had to add the additional line by hand as the patch failed, but it compiled fine and now it appears to work perfectly. see this test and tell me if i am wrong: davin vservers # mkdir a davin vservers # echo helloa/test davin vservers # ln a/test test davin vservers # cat test hello davin vservers # setattr --iunlink test davin vservers # cat test hello davin vservers # echo byetest davin vservers # cat test hello bye davin vservers # cat a/test hello davin vservers # congratulations! btw, next devel release will contain fixes for jfs and xfs too (which have similar issues) so stay tuned :) cool! does this fix mean i should re-do the linked servers? or does that fix things automagically? best, Herbert Until the next release this is a patch I am using against fs/reiserfs/file.c. I am currently using 2.1.0-pre11 --- file.c-orig Sat Sep 17 09:58:57 2005 +++ file.c    Sat Sep 17 10:41:54 2005 @@ -1554,6 +1554,7 @@      .release = reiserfs_file_release,      .fsync = reiserfs_sync_file,      .sendfile = generic_file_sendfile, +    .sendpage = generic_file_sendpage,      .aio_read = generic_file_aio_read,      .aio_write = reiserfs_aio_write,  }; -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Are vservers happy with NPTL?
I put this question on the irc also but it seems everyone is doing a saturday thing :) I have a friend who wants to use vservers but one of his servers will be making extensive use of the New Posix Threading Library.. the replacement for Linuxthreads.. will they live with this ok? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Are vservers happy with NPTL?
On Saturday 17 September 2005 04:16 pm, Herbert Poetzl wrote: On Sat, Sep 17, 2005 at 03:01:47PM -0400, Chuck wrote: I put this question on the irc also but it seems everyone is doing a saturday thing :) yeah, real life, can you imagine? :) heh yeah. usually when people mention developers you imagine the typical no-life 'nerd' sitting at his computer 24 hrs a day... hehe funny part is im close to that.. my job keeps me here most of the time from 7am to 11pm.. however unless there is something really important like nursing a server, i can take time as i want/need... but yeah.. most of the guys ive talked to in this project appear to have things in perspective and actually DO have lives :D I have a friend who wants to use vservers but one of his servers will be making extensive use of the New Posix Threading Library.. the replacement for Linuxthreads.. IIRC, NPTL is in 2.6, so as long as you use a 2.6 kernel (vs2.x kernel patch) you should have NPTL support inside a guest too ... will they live with this ok? I guess so, if not, please let me know, as I'd consider it a bug ... i think it will be ok. hollow said eventually that everything he has is nptl enabled and uses it a lot. best, Herbert -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problem with netfilter and vservers
that some have real IPs and/or communicate on private IPs where others have to use the host IP for outgoing traffic ... best, Herbert There are 4 NICs on the root server called leonardo-root. eth0 - 192.168.3.2 [connecting to our internal network / outside world] eth1 - 10.69.69.1 [connecting to the outside world (ADSL connection)] eth2 - 172.28.10.254 [connecting to some IP cameras] eth3 - not used...[until i added support for the 3com card off course :o)] Also, as you stated, after i added support to the 3com card, all the other NICs switched names... Well, a little comment on this :o) 1º of all, im no idiot and i obviously know that and changed all the cables 2º why did you assume that? 3º ever thought i could be using modules in my kernel and aliasing the NICs? ;o) Either way...by default, the packets to unknown networks go throw eth1 [gw: 10.69.69.254]. There is also another static route declared so the machine sends packets to 192.168.0.0/16 via eth0 [gw 192.168.3.1]. The thing is, our REALLY DEFAULT gateway [for the entire organization (192.168.3.1)] also connects to the outside world AND to some addresses on the internet which belong to US (the addresses you pointed as belonging to KPNQwest). Since we can get there by static routing, why the HELL should you use our ADSL connection to get to some external machines on the same building? Tipically we would SNAT the vservers address to 10.69.69.1 so that the packets would route TO the internet by our ADSL connection but we wanted that all the vservers connections (which got 192.168.3.0/24 addresses) route the packets to our local external network by our eth0 gateway: $IPTABLES -A POSTROUTING -t nat -s 192.168.3.0/24 -d 193.126.109.240/255.255.255.248 -j ACCEPT Dont worry about KPNQwest getting packets from a private network, they all get MASQUERADED on the next node :o) $IPTABLES -A POSTROUTING -t nat -s 192.168.3.0/24 -d 193.126.229.32/255.255.255.248 -j ACCEPT hmm, seems they definitely want private traffic :) $IPTABLES -A POSTROUTING -t nat -s 192.168.3.0/24 -d ! 192.168.0.0/16 -j SNAT --to 192.168.3.2 everything not destinated at 192.168 will appear as private IP 192.168.3.2 (strange, why would we want that?) Thats just one of the things i was COMPLAINING about on the email i sent. Some vservers CANT route packets unless i SNAT them onto the root-servers address. $IPTABLES -A POSTROUTING -t nat -s 172.28.10.0/24 -d ! 172.28.10.0/24 -j SNAT --to-source 172.28.10.254 and similar for 172.28.10, which had no role yet, but seem to be valid IPs for output, and we SNAT them all to 172.28.10.254 ... This is for the IP cameras network, same exact reason! :o| so this setup assumes that both 192.168.3.2 and 172.28.10.254 can reach the outside (whatever that might mean) and that there are either two routes or the router can handle both IPs ... More or less... EXACTLY! Now, do you have the FULL picture Herbert? :o) As i mentioned above, i must say i got pretty sad reading your response to my email. I just asked for help because you are allways so helpfull to all of us and, instead, you mocked me and questioned my configurations... Either way, i hope that was just a miss understanding! ;o) Thanks in advance, + | LuÃs Miguel Ferreira da Silva | Network Administrator @ISPGaya | Instituto Superior Politécnico Gaya | Rua António Rodrigues da Rocha, 291/341 | Sto. OvÃdio • 4400-025 V. N. de Gaia | Tel: +351 223745730/3/5 | GSM: +351 912671471 +351 936371253 + Este email foi enviado via o webmail do ISPGaya Instituto Superior Politécnico Gaya -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] guest log error i've never seen before from cron
I just started our first production guest as a name server, and got this error in the log. it does not appear to affect cron's ability to run.. Sep 18 20:27:51 ns1 cron[19848]: (*system*) BAD LINK COUNT (/etc/crontab) any ideas what this is? the guest is cloned from the template but i made sure to edit crontab and save it so it broke the link and became a real file. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] guest log error i've never seen before from cron
odd. i still dont know what caused it but i cured it by moving /etc/crontab to /etc/crontab.backup and then cp crontab.backup crontab On Sunday 18 September 2005 08:44 pm, Chuck wrote: I just started our first production guest as a name server, and got this error in the log. it does not appear to affect cron's ability to run.. Sep 18 20:27:51 ns1 cron[19848]: (*system*) BAD LINK COUNT (/etc/crontab) any ideas what this is? the guest is cloned from the template but i made sure to edit crontab and save it so it broke the link and became a real file. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] a more serious problem with autostarting/stopping
when using the /etc/init.d/vservers start command, it started all servers
including the template which i dont want to autostart.. Aiken told me about
mark files. I didn't have any in my /etc/vservers/guestname/apps/init
directory.. only thing in there was style
btw this is a gentoo system and the vserver host and template install were
according to the hollow how-to, and i manually cloned the guests from the
template by first using hollow's instructions to create a skeleton then doing
cp -al template/* guest
then running
find guest -type f -exec setattr --iunlink {} ';'
then i go in and edit configs. the lnkage breaking works fine it seems.
so then back to the problem, in the 2 i want autostarted, i placed a mark file
in there with the contents of a single line that said
default
then i put a mark file into my template with a single line
nostart
now it starts them properly
however, shutdown by /etc/init.d/vservers stop
has an instant return and the guests are still running and continue to do so.
i have to shut them down with vserver guest stop then it times out as it has
been and stops the guest. so for the heck of it i removed the mark files
completely and the init script starts all and shuts down all properly but it
includes my template.
confused... im about to put the veserver guest start commands into my local
startup file and the stop command into the local stop file
any clues why the init would return immediately and basically do nothing on
stop? after i stop them with vserver util, i run the iniot with vstatus and
it still shows that servers are running of type default.
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] guest log error i've never seen before from cron
On Monday 19 September 2005 03:34 am, Herbert Poetzl wrote: On Sun, Sep 18, 2005 at 11:23:24PM -0400, Chuck wrote: odd. i still dont know what caused it but i cured it by moving /etc/crontab to /etc/crontab.backup and then cp crontab.backup crontab do you still have the /etc/crontab.backup? if so, I'd be interested in an 'ls -la /etc/crontab.backup' and the output of testme.sh ... done from the host then done from within the guest phoenix etc # ls -la crontab.backup -rw-r--r-- 1 420 root 614 Sep 18 20:29 crontab.backup ns1 etc # ls -la crontab.backup -rw-r--r-- 1 420 root 614 Sep 18 20:29 crontab.backup odd... i never noticed the owner number before this. i bet that may have caused it. i checked the other guest and the crontab.backup i did on that just as a matter of procedure after the experience with the first one and the ownership is still root root. phoenix ~ # ./testme.sh Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl chcontext is working. chbind is working. Linux 2.6.13-vs2.1.0-pre5-gentoo i686/0.30.208/0.30.208 [Ea] (0) VCI: 0002:0001 273 03000116 --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. On Sunday 18 September 2005 08:44 pm, Chuck wrote: I just started our first production guest as a name server, and got this error in the log. it does not appear to affect cron's ability to run.. Sep 18 20:27:51 ns1 cron[19848]: (*system*) BAD LINK COUNT (/etc/crontab) any ideas what this is? the guest is cloned from the template but i made sure to edit crontab and save it so it broke the link and became a real file. maybe some leftover from the CoW link breaking, maybe a non broken unified file ... heh not sure. vservers is my first experience with hard links. btw the first production server is up and running quite well with 2 guests so far. its only a single proc 850 with 1gb ram but it looks like it can hold quite a bit more. im very impressed! hehe the name server running in guest 1 is noticably faster than when it was running on the host! TIA, Herbert -- Chuck -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
On Monday 19 September 2005 02:51 am, Tor Rune Skoglund wrote:
very interesting. thanks for that link! i think you are right. i didn't want
to play with scripts that were supplied just to be sure I didn't create some
error of my own witthout consulting someone first.
Chuck
Chuck wrote:
btw this is a gentoo system and the vserver host and template install were
according to the hollow how-to, and i manually cloned the guests from the
template by first using hollow's instructions to create a skeleton then
doing
cp -al template/* guest
then running
find guest -type f -exec setattr --iunlink {} ';'
then i go in and edit configs. the lnkage breaking works fine it seems.
so then back to the problem, in the 2 i want autostarted, i placed a mark
file
in there with the contents of a single line that said
default
then i put a mark file into my template with a single line
nostart
now it starts them properly
however, shutdown by /etc/init.d/vservers stop
has an instant return and the guests are still running and continue to do
so.
i have to shut them down with vserver guest stop then it times out as it
has
been and stops the guest. so for the heck of it i removed the mark files
completely and the init script starts all and shuts down all properly but
it
includes my template.
confused... im about to put the veserver guest start commands into my local
startup file and the stop command into the local stop file
any clues why the init would return immediately and basically do nothing on
stop? after i stop them with vserver util, i run the iniot with vstatus
and
it still shows that servers are running of type default.
I experienced the same. Might be this bug:
http://savannah.nongnu.org/bugs/?func=detailitemitem_id=14525
Editing the init-script to stop vservers of just type default might help
for you too.
Best regards,
Tor Rune Skoglund
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
On Monday 19 September 2005 06:42 am, Tor Rune Skoglund wrote:
Chuck wrote:
On Monday 19 September 2005 02:51 am, Tor Rune Skoglund wrote:
very interesting. thanks for that link! i think you are right. i didn't
want
to play with scripts that were supplied just to be sure I didn't create
some
error of my own witthout consulting someone first.
No problem, but still it for me it doesn't stop correctly. It is just
being killed after a
timeout. Do you have the same problem? I presume this might be something
to do
with the Gentoo 'version' of vserver, as I have not seem anyone else
report that.
yes I do. They are aware of this problem so I suspect a fix will be along at
some point. :)
although it can be annoying with the long wait, at least they stop so I am
content enough for now.
Tor Rune Skoglund
Chuck wrote:
btw this is a gentoo system and the vserver host and template install
were
according to the hollow how-to, and i manually cloned the guests from the
template by first using hollow's instructions to create a skeleton then
doing
cp -al template/* guest
then running
find guest -type f -exec setattr --iunlink {} ';'
then i go in and edit configs. the lnkage breaking works fine it seems.
so then back to the problem, in the 2 i want autostarted, i placed a mark
file
in there with the contents of a single line that said
default
then i put a mark file into my template with a single line
nostart
now it starts them properly
however, shutdown by /etc/init.d/vservers stop
has an instant return and the guests are still running and continue to do
so.
i have to shut them down with vserver guest stop then it times out as it
has
been and stops the guest. so for the heck of it i removed the mark files
completely and the init script starts all and shuts down all properly but
it
includes my template.
confused... im about to put the veserver guest start commands into my
local
startup file and the stop command into the local stop file
any clues why the init would return immediately and basically do nothing
on
stop? after i stop them with vserver util, i run the iniot with vstatus
and
it still shows that servers are running of type default.
I experienced the same. Might be this bug:
http://savannah.nongnu.org/bugs/?func=detailitemitem_id=14525
Editing the init-script to stop vservers of just type default might help
for you too.
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
On Monday 19 September 2005 06:53 am, Herbert Poetzl wrote: Count me in. Not sure how much help I can be other than trying things, but my test setup is going to remain active so I have things I can 'trash' without consequence :) On Mon, Sep 19, 2005 at 12:42:45PM +0200, Tor Rune Skoglund wrote: Chuck wrote: On Monday 19 September 2005 02:51 am, Tor Rune Skoglund wrote: very interesting. thanks for that link! i think you are right. i didn't want to play with scripts that were supplied just to be sure I didn't create some error of my own witthout consulting someone first. No problem, but still it for me it doesn't stop correctly. It is just being killed after a timeout. Do you have the same problem? I presume this might be something to do with the Gentoo 'version' of vserver, as I have not seem anyone else report that. yes, was reported a few times on gentoo only, but I doubt that it is a kernel/tool issue on gentoo, I assume it is caused by the way gentoo initscripts work ... if you are interested in hunting this down, we can have a session on the irc channel ... (for all who are interested to improve that) best, Herbert Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] a more serious problem with autostarting/stopping
On Monday 19 September 2005 07:27 am, Tor Rune Skoglund wrote: Herbert Poetzl wrote: On Mon, Sep 19, 2005 at 12:42:45PM +0200, Tor Rune Skoglund wrote: Also, I can give you root access to a server with this problem if you like to check it out. same here Best regards Tor Rune Skoglund ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] gentoo shutdown test
the test failed unless I didn't do something right.. I got the vanilla kernel and patched it without error to create 2.6.13.1-vs2.1.0-rc2 I included the kernel hacking because there were 2 vserver settings under it.. my settings are below. I tried it both with and without CONFIG_VSERVER_LEGACY my vserver settings are # Kernel hacking # # CONFIG_PRINTK_TIME is not set # CONFIG_DEBUG_KERNEL is not set CONFIG_LOG_BUF_SHIFT=14 CONFIG_DEBUG_BUGVERBOSE=y CONFIG_EARLY_PRINTK=y CONFIG_X86_FIND_SMP_CONFIG=y CONFIG_X86_MPPARSE=y CONFIG_VSERVER=y CONFIG_VSERVER_LEGACYNET=y # # Linux VServer # # CONFIG_VSERVER_LEGACY is not set # CONFIG_VSERVER_NGNET is not set CONFIG_VSERVER_COWBL=y CONFIG_VSERVER_PROC_SECURE=y # CONFIG_VSERVER_HARDCPU is not set # CONFIG_INOXID_NONE is not set # CONFIG_INOXID_UID16 is not set # CONFIG_INOXID_GID16 is not set CONFIG_INOXID_UGID24=y # CONFIG_INOXID_INTERN is not set # CONFIG_INOXID_RUNTIME is not set # CONFIG_XID_TAG_NFSD is not set # CONFIG_VSERVER_DEBUG is not set # After I rebooted into this kernel and verifying it ran properly, I started a guest and looked into /var/run/vservers.rev to get the number which turned out to be the context id i gave that particular server 85. I immediately ran vattribute --xid 85 --flag ^37 it returned with no visible output I then entered the vserver using vserver guestname enter and made sure it was well, then typed exit and ran vserver guestname stop and with and without legacy, it timed out. if I set the kernel incorrectly let me know what should be set and I will repeat this otherwise I am going to start looking through the guest shutdown code. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] update on gentoo guest shutdown
I don't comprehend the verver.stop script :( however I can tell you the fail/timeout is external to the gentoo guests by this test I enter the guest via vserver guest enter. i type halt 0 within seconds i am tossed back into the host and looking at processes the vserver lock process kills itself in about 5 seconds.. then if i run vserver guest stop it says the guest is not running. I am sure there are numerous reasons for not doing this, but why not just execute init 0 within the guest from the vserver script while it does the rest of its cleanup? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] update on gentoo guest shutdown
On Tuesday 20 September 2005 10:05 am, Chuck wrote: correction. within the guest i typed init 0 anyway i tried from the host: vserver guestname exec init 0 and it shut down within seconds perfectly with no errors when i try vserver guestname stop it returns that the server is not running startup delivers no errors after stopping it in that fashion is this a clue or am i bypassing some important steps the 'stop' command does? I don't comprehend the verver.stop script :( however I can tell you the fail/timeout is external to the gentoo guests by this test I enter the guest via vserver guest enter. i type halt 0 within seconds i am tossed back into the host and looking at processes the vserver lock process kills itself in about 5 seconds.. then if i run vserver guest stop it says the guest is not running. I am sure there are numerous reasons for not doing this, but why not just execute init 0 within the guest from the vserver script while it does the rest of its cleanup? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [RESOLVED] gentoo guest shutdown error
For those Gentoo installations that used the pre-prepared baselayout or stage3 for vserver guests, add this line to every guest/etc/inittab including the template if you use one. # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -r now if this is added to a running guest, then do telinit q within the guest. Even if you used a different method, check inittab anyway to be sure this is there. This addition will cure the stop time outs happening when attempting to shut down via the vservers init script or using vserver guest stop. Chuck On Tuesday 20 September 2005 10:43 am, Chuck wrote: On Tuesday 20 September 2005 10:05 am, Chuck wrote: correction. within the guest i typed init 0 anyway i tried from the host: vserver guestname exec init 0 and it shut down within seconds perfectly with no errors when i try vserver guestname stop it returns that the server is not running startup delivers no errors after stopping it in that fashion is this a clue or am i bypassing some important steps the 'stop' command does? I don't comprehend the verver.stop script :( however I can tell you the fail/timeout is external to the gentoo guests by this test I enter the guest via vserver guest enter. i type halt 0 within seconds i am tossed back into the host and looking at processes the vserver lock process kills itself in about 5 seconds.. then if i run vserver guest stop it says the guest is not running. I am sure there are numerous reasons for not doing this, but why not just execute init 0 within the guest from the vserver script while it does the rest of its cleanup? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [RESOLVED] gentoo guest shutdown error
On Wednesday 21 September 2005 01:29 am, Benedikt Boehm wrote: On Wednesday 21 September 2005 07:22, Benedikt Boehm wrote: On Wednesday 21 September 2005 00:30, Herbert Poetzl wrote: On Tue, Sep 20, 2005 at 11:41:52AM -0400, Chuck wrote: For those Gentoo installations that used the pre-prepared baselayout or stage3 for vserver guests, add this line to every guest/etc/inittab including the template if you use one. # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -r now if this is added to a running guest, then do telinit q within the guest. Even if you used a different method, check inittab anyway to be sure this is there. This addition will cure the stop time outs happening when attempting to shut down via the vservers init script or using vserver guest stop. you could also just upgrade baselayout-vserver to 1.12.0_pre8-r1, it solved this and some other bugs as well.. wrong.. my guests have this line, my working copy of baselayout too, but it's not in the tar.. damn.. i'll update it when back from school.. ahh ok. i assume this baselayout version you're speaking of is for the 2.x series vservers.. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [RESOLVED] gentoo guest shutdown error
On Wednesday 21 September 2005 08:45 am, Benedikt Boehm wrote: is this the version with the fixes? sys-apps/baselayout-1.12.0_pre8-r2 On Wednesday 21 September 2005 12:52, Chuck wrote: On Wednesday 21 September 2005 01:29 am, Benedikt Boehm wrote: On Wednesday 21 September 2005 07:22, Benedikt Boehm wrote: On Wednesday 21 September 2005 00:30, Herbert Poetzl wrote: On Tue, Sep 20, 2005 at 11:41:52AM -0400, Chuck wrote: For those Gentoo installations that used the pre-prepared baselayout or stage3 for vserver guests, add this line to every guest/etc/inittab including the template if you use one. # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -r now if this is added to a running guest, then do telinit q within the guest. Even if you used a different method, check inittab anyway to be sure this is there. This addition will cure the stop time outs happening when attempting to shut down via the vservers init script or using vserver guest stop. you could also just upgrade baselayout-vserver to 1.12.0_pre8-r1, it solved this and some other bugs as well.. wrong.. my guests have this line, my working copy of baselayout too, but it's not in the tar.. damn.. i'll update it when back from school.. ahh ok. i assume this baselayout version you're speaking of is for the 2.x series vservers.. no, doesn't matter, you can use it with 1.9, 2.0 and 2.1 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [RESOLVED] gentoo guest shutdown error
On Wednesday 21 September 2005 12:27 pm, Chuck wrote: never mind. wrong version anyway. thats not vserver baselayout:) On Wednesday 21 September 2005 08:45 am, Benedikt Boehm wrote: is this the version with the fixes? sys-apps/baselayout-1.12.0_pre8-r2 On Wednesday 21 September 2005 12:52, Chuck wrote: On Wednesday 21 September 2005 01:29 am, Benedikt Boehm wrote: On Wednesday 21 September 2005 07:22, Benedikt Boehm wrote: On Wednesday 21 September 2005 00:30, Herbert Poetzl wrote: On Tue, Sep 20, 2005 at 11:41:52AM -0400, Chuck wrote: For those Gentoo installations that used the pre-prepared baselayout or stage3 for vserver guests, add this line to every guest/etc/inittab including the template if you use one. # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -r now if this is added to a running guest, then do telinit q within the guest. Even if you used a different method, check inittab anyway to be sure this is there. This addition will cure the stop time outs happening when attempting to shut down via the vservers init script or using vserver guest stop. you could also just upgrade baselayout-vserver to 1.12.0_pre8-r1, it solved this and some other bugs as well.. wrong.. my guests have this line, my working copy of baselayout too, but it's not in the tar.. damn.. i'll update it when back from school.. ahh ok. i assume this baselayout version you're speaking of is for the 2.x series vservers.. no, doesn't matter, you can use it with 1.9, 2.0 and 2.1 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] suse vserver on debian host will not start
On Wednesday 21 September 2005 05:12 pm, Torsten Becker wrote: Hello List! After dealing with the hints of Herbert I was able to build a suse93 vserver on my debian host. I choosed the package-list of a suse installation dvd with the definition of a minimal system installation. My host system is a Debain Sarge with kernel 2.6.12-6 with vs patch 2.6.12-4-vs20 and I have util-vserver-0.30.208 with fc2 installed. If I do a vserver suse93 start there is no output. normal. The link /etc/vservers/suse93/run points to the right file named like the context value. But if I want to enter the vserver I get: vserver ... suexec' is supported for running vservers only; aborting... Does anyone have some hints for me? you must be root to enter a vserver from the host. Greets, Torsten ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] suse vserver on debian host will not start
On Wednesday 21 September 2005 05:12 pm, Torsten Becker wrote: i had that same error before and discovered i had not su to root first :) Hello List! After dealing with the hints of Herbert I was able to build a suse93 vserver on my debian host. I choosed the package-list of a suse installation dvd with the definition of a minimal system installation. My host system is a Debain Sarge with kernel 2.6.12-6 with vs patch 2.6.12-4-vs20 and I have util-vserver-0.30.208 with fc2 installed. If I do a vserver suse93 start there is no output. The link /etc/vservers/suse93/run points to the right file named like the context value. But if I want to enter the vserver I get: vserver ... suexec' is supported for running vservers only; aborting... Does anyone have some hints for me? Greets, Torsten ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] multiple networks/nics
i will have a need for 4 nics on 4 unique networks physically separated so no chance of combining them on one nic. will the guests work fine on this? i know i had trouble in the past running a dedicated machine on multiple networks. any given guest will be a member of a single network therefore will access only a single nic. my concern is the host routing. previously when i did this only members of the networks that were not assigned to eth0 could reach them. the outside could not. each network of course has its own unique gateway and netmask example.. the 4 nics will be required to access 64.113.32.0/23 gw 32.1 64.113.34.0/24 gw 34.1 64.113.39.0/24 gw 39.1 172.30.x.x/24 pvt network gw 0.1 the first 3 must be reachable via the outside.. can this be accomplished properly? i personally cannot comprehend why the network/gateway limitations are there. if each nic is on a separate network it should be able to have its own default gateway for that network regardless of other nics. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] multiple networks/nics
On Wednesday 21 September 2005 08:18 pm, Herbert Poetzl wrote: On Wed, Sep 21, 2005 at 08:09:19PM -0400, Chuck wrote: i will have a need for 4 nics on 4 unique networks physically separated so no chance of combining them on one nic. will the guests work fine on this? i know i had trouble in the past running a dedicated machine on multiple networks. any given guest will be a member of a single network therefore will access only a single nic. my concern is the host routing. previously when i did this only members of the networks that were not assigned to eth0 could reach them. the outside could not. each network of course has its own unique gateway and netmask example.. the 4 nics will be required to access 64.113.32.0/23 gw 32.1 64.113.34.0/24 gw 34.1 64.113.39.0/24 gw 39.1 172.30.x.x/24 pvt network gw 0.1 the first 3 must be reachable via the outside.. can this be accomplished properly? sure, but it's probably not the every day network setup, so it might not be obvious for you ... no its not. i had this same problem with our news server when it was a member of 4 networks. here is an example how to do source based routing (that's what you want here) with two different gateways (you just have to extend it to four :) http://archives.linux-vserver.org/200311/0470.html will study it it is listed on the 'More Documentation' wiki page under (Archived) Knowledge, and you might want to take a look at the Networking stuff there too ... will study that too :) i personally cannot comprehend why the network/gateway limitations are there. there are no real networking/gateway limitation, just routing tables and priorities ... you can have a dozent different gateways and switch them every second if you like :) if each nic is on a separate network it should be able to have its own default gateway for that network regardless of other nics. default gateway means: if no other rule applies, then send it there, of course, this does not make too much sense with more than one defaults on a single routing table ... here is my current network config config_eth0=(64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255) routes_eth0=(default gw 64.113.34.1) config_eth1=( 172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255 ) routes_eth1=( -net 172.30.0.0/24 gw 172.30.0.1 ) config_eth2=( 64.113.33.7 netmask 255.255.254.0 broadcast 64.113.33.255) routes_eth2=( -net 64.113.32.0/23 gw 64.113.32.1 ) and my routing table prometheus conf.d # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 64.113.34.0 0.0.0.0 255.255.255.0 U 0 00 eth0 172.30.0.0 172.30.0.1 255.255.255.0 UG0 00 eth1 172.30.0.0 0.0.0.0 255.255.255.0 U 0 00 eth1 64.113.32.0 64.113.32.1 255.255.254.0 UG0 00 eth2 64.113.32.0 0.0.0.0 255.255.254.0 U 0 00 eth2 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 64.113.34.1 0.0.0.0 UG0 00 eth0 with every update to this year's gentoo latest i lose access to the pvt network on eth1 directly from my machines... im not too worried about that but it signalled the start of a problem with updating to this year's code.. the way above behaves is if eth2 is down, then any machine can ping eth0 and ouside can ping it.. all members of pvtnet eth1 work fine. with eth2 up, eth1 still works ok, but now, members of eth2 32 network cannot ping 34.5 on eth0 but they can ping eth2 at 33.7 outside can ping 34.5 still but it cannot ping 33.7 at all. only members of the 32-33 net can ping that ip addy. i need to make it so all interfaces regardless of network are available to every machine internally and outside except eth1 pvtnet. hopefully these docs you pointed me to will make this clear. HTH, Herbert -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux
Re: [Vserver] multiple networks/nics
On Wednesday 21 September 2005 08:55 pm, Chuck wrote: On Wednesday 21 September 2005 08:18 pm, Herbert Poetzl wrote: On Wed, Sep 21, 2005 at 08:09:19PM -0400, Chuck wrote: i will have a need for 4 nics on 4 unique networks physically separated so no chance of combining them on one nic. will the guests work fine on this? i know i had trouble in the past running a dedicated machine on multiple networks. any given guest will be a member of a single network therefore will access only a single nic. my concern is the host routing. previously when i did this only members of the networks that were not assigned to eth0 could reach them. the outside could not. each network of course has its own unique gateway and netmask example.. the 4 nics will be required to access 64.113.32.0/23 gw 32.1 64.113.34.0/24 gw 34.1 64.113.39.0/24 gw 39.1 172.30.x.x/24 pvt network gw 0.1 the first 3 must be reachable via the outside.. can this be accomplished properly? sure, but it's probably not the every day network setup, so it might not be obvious for you ... no its not. i had this same problem with our news server when it was a member of 4 networks. here is an example how to do source based routing (that's what you want here) with two different gateways (you just have to extend it to four :) http://archives.linux-vserver.org/200311/0470.html will study it it is listed on the 'More Documentation' wiki page under (Archived) Knowledge, and you might want to take a look at the Networking stuff there too ... will study that too :) i personally cannot comprehend why the network/gateway limitations are there. there are no real networking/gateway limitation, just routing tables and priorities ... you can have a dozent different gateways and switch them every second if you like :) if each nic is on a separate network it should be able to have its own default gateway for that network regardless of other nics. default gateway means: if no other rule applies, then send it there, of course, this does not make too much sense with more than one defaults on a single routing table ... here is my current network config config_eth0=(64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255) routes_eth0=(default gw 64.113.34.1) config_eth1=( 172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255 ) routes_eth1=( -net 172.30.0.0/24 gw 172.30.0.1 ) config_eth2=( 64.113.33.7 netmask 255.255.254.0 broadcast 64.113.33.255) routes_eth2=( -net 64.113.32.0/23 gw 64.113.32.1 ) and my routing table prometheus conf.d # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 64.113.34.0 0.0.0.0 255.255.255.0 U 0 00 eth0 172.30.0.0 172.30.0.1 255.255.255.0 UG0 00 eth1 172.30.0.0 0.0.0.0 255.255.255.0 U 0 00 eth1 64.113.32.0 64.113.32.1 255.255.254.0 UG0 00 eth2 64.113.32.0 0.0.0.0 255.255.254.0 U 0 00 eth2 127.0.0.0 0.0.0.0 255.0.0.0 U 0 00 lo 0.0.0.0 64.113.34.1 0.0.0.0 UG0 00 eth0 with every update to this year's gentoo latest i lose access to the pvt network on eth1 directly from my machines... im not too worried about that but it signalled the start of a problem with updating to this year's code.. the way above behaves is if eth2 is down, then any machine can ping eth0 and ouside can ping it.. all members of pvtnet eth1 work fine. with eth2 up, eth1 still works ok, but now, members of eth2 32 network cannot ping 34.5 on eth0 but they can ping eth2 at 33.7 outside can ping 34.5 still but it cannot ping 33.7 at all. only members of the 32-33 net can ping that ip addy. i need to make it so all interfaces regardless of network are available to every machine internally and outside except eth1 pvtnet. hopefully these docs you pointed me to will make this clear. oh one more thing... each interface must be plugged into certain switch ports. different groups of ports are configured for different networks.. so switch ports 1-6 may be for 32 net, 7-12 for 34 net, customer owned machines on 36 net ports 13-20 ... etc from there back to the routers they are configured as vlans designed to be transparent to the servers as long as they are plugged into the correct port group.. this was done so if there is an errant server in say a customer owned machine, it would only affect its own network and none of our others mostly concerning excessive network traffic. the border routers take care of internally routing between networks for properly formed requests and all requests from outside from the internet. HTH
[Vserver] perl CPAN in guests
I am trying to pre-configure CPAN in a template for a number of guests. It exited with this error. Should I just turn off history in the config or is there a reasonably simple 'fix' that isn't a security problem? I entered the running guest from the host with vserver template enter. Sshd is not installed yet. Would it be better to install that then ssh into the template to do this? commit: wrote /usr/lib/perl5/5.8.5/CPAN/Config.pm Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support available (try 'install Bundle::CPAN') readline() on closed filehandle FIN at /usr/lib/perl5/5.8.5/Term/ReadLine.pm line 396. Terminal does not support GetHistory. Lockfile removed. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] perl CPAN in guests
On Friday 23 September 2005 12:06 am, Chuck wrote: update: i ssh'd directly into the template so a terminal was created and deleted the config file and re-ran the cpan configuration and it still bomed at not supporting add/get history. I am trying to pre-configure CPAN in a template for a number of guests. It exited with this error. Should I just turn off history in the config or is there a reasonably simple 'fix' that isn't a security problem? I entered the running guest from the host with vserver template enter. Sshd is not installed yet. Would it be better to install that then ssh into the template to do this? commit: wrote /usr/lib/perl5/5.8.5/CPAN/Config.pm Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support available (try 'install Bundle::CPAN') readline() on closed filehandle FIN at /usr/lib/perl5/5.8.5/Term/ReadLine.pm line 396. Terminal does not support GetHistory. Lockfile removed. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] perl CPAN in guests
On Friday 23 September 2005 10:56 am, Herbert Poetzl wrote: On Fri, Sep 23, 2005 at 10:52:35AM -0400, Chuck wrote: On Friday 23 September 2005 12:06 am, Chuck wrote: update: i ssh'd directly into the template so a terminal was created and deleted the config file and re-ran the cpan configuration and it still bomed at not supporting add/get history. could you verify that it works fine without linux-vserver? could you check with strace what it tries to do? TIA, Herbert will try. i can verify that cpan works perfectly on the host computer outside of the guest using the host's installation of perl. the guest has its own installation of perl. same versions. it appears to have something to do with terminal definitions or some such which I don't fully understand. :) Chuck I am trying to pre-configure CPAN in a template for a number of guests. It exited with this error. Should I just turn off history in the config or is there a reasonably simple 'fix' that isn't a security problem? I entered the running guest from the host with vserver template enter. Sshd is not installed yet. Would it be better to install that then ssh into the template to do this? commit: wrote /usr/lib/perl5/5.8.5/CPAN/Config.pm Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support available (try 'install Bundle::CPAN') readline() on closed filehandle FIN at /usr/lib/perl5/5.8.5/Term/ReadLine.pm line 396. Terminal does not support GetHistory. Lockfile removed. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] perl CPAN in guests
On Friday 23 September 2005 11:06 am, Chuck wrote: hmnmm.. i use the stage 3 install (binary) for vserver guests supplied by Hollow.. I wonder if he has something special set up. I just tried to do a pretend emerge of perl to see what it would do and got a result back I have never seen before or even heard of: Calculating dependencies QA Notice: USE Flag 'userland_Darwin' not in IUSE for dev-lang/perl-5.8.7 QA Notice: USE Flag 'userland_Darwin' not in IUSE for dev-lang/perl-5.8.7-r1 -QA Notice: USE Flag 'elibc_uclibc' not in IUSE for sys-devel/libperl-5.8.5-r1 QA Notice: USE Flag 'elibc_uclibc' not in IUSE for sys-devel/libperl-5.8.5 QA Notice: USE Flag 'userland_Darwin' not in IUSE for sys-devel/libperl-5.8.7 I would never have such things defined as I have no clue what they are even.. Wonder if this has anything to do with it. i think i may reinstall perl and see what happens. maybe it will get rid of that msg. chuck On Friday 23 September 2005 10:56 am, Herbert Poetzl wrote: On Fri, Sep 23, 2005 at 10:52:35AM -0400, Chuck wrote: On Friday 23 September 2005 12:06 am, Chuck wrote: update: i ssh'd directly into the template so a terminal was created and deleted the config file and re-ran the cpan configuration and it still bomed at not supporting add/get history. could you verify that it works fine without linux-vserver? could you check with strace what it tries to do? TIA, Herbert will try. i can verify that cpan works perfectly on the host computer outside of the guest using the host's installation of perl. the guest has its own installation of perl. same versions. it appears to have something to do with terminal definitions or some such which I don't fully understand. :) Chuck I am trying to pre-configure CPAN in a template for a number of guests. It exited with this error. Should I just turn off history in the config or is there a reasonably simple 'fix' that isn't a security problem? I entered the running guest from the host with vserver template enter. Sshd is not installed yet. Would it be better to install that then ssh into the template to do this? commit: wrote /usr/lib/perl5/5.8.5/CPAN/Config.pm Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support available (try 'install Bundle::CPAN') readline() on closed filehandle FIN at /usr/lib/perl5/5.8.5/Term/ReadLine.pm line 396. Terminal does not support GetHistory. Lockfile removed. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] perl CPAN in guests
On Friday 23 September 2005 11:23 am, Hilco Wijbenga wrote: ahh ok. i have the template portage and distfiles mounted to the host directories... thanks ill try that Hi Chuck, You need to run emerge metadata eupdatedb I do not entirely understand what's going on but the index for portage is out of whack. I have the same problem whenever I esync my portage (I have the portage tree on a separate partition and share it on several vservers). After the esync runs on the vserver where I want it to run the others need to run the command above. Bye, Hilco On 9/23/05, Chuck [EMAIL PROTECTED] wrote: On Friday 23 September 2005 11:06 am, Chuck wrote: hmnmm.. i use the stage 3 install (binary) for vserver guests supplied by Hollow.. I wonder if he has something special set up. I just tried to do a pretend emerge of perl to see what it would do and got a result back I have never seen before or even heard of: Calculating dependencies QA Notice: USE Flag 'userland_Darwin' not in IUSE for dev-lang/perl-5.8.7 QA Notice: USE Flag 'userland_Darwin' not in IUSE for dev-lang/perl-5.8.7-r1 -QA Notice: USE Flag 'elibc_uclibc' not in IUSE for sys-devel/libperl-5.8.5-r1 QA Notice: USE Flag 'elibc_uclibc' not in IUSE for sys-devel/libperl-5.8.5 QA Notice: USE Flag 'userland_Darwin' not in IUSE for sys-devel/libperl-5.8.7 I would never have such things defined as I have no clue what they are even.. Wonder if this has anything to do with it. i think i may reinstall perl and see what happens. maybe it will get rid of that msg. chuck On Friday 23 September 2005 10:56 am, Herbert Poetzl wrote: On Fri, Sep 23, 2005 at 10:52:35AM -0400, Chuck wrote: On Friday 23 September 2005 12:06 am, Chuck wrote: update: i ssh'd directly into the template so a terminal was created and deleted the config file and re-ran the cpan configuration and it still bomed at not supporting add/get history. could you verify that it works fine without linux-vserver? could you check with strace what it tries to do? TIA, Herbert will try. i can verify that cpan works perfectly on the host computer outside of the guest using the host's installation of perl. the guest has its own installation of perl. same versions. it appears to have something to do with terminal definitions or some such which I don't fully understand. :) Chuck I am trying to pre-configure CPAN in a template for a number of guests. It exited with this error. Should I just turn off history in the config or is there a reasonably simple 'fix' that isn't a security problem? I entered the running guest from the host with vserver template enter. Sshd is not installed yet. Would it be better to install that then ssh into the template to do this? commit: wrote /usr/lib/perl5/5.8.5/CPAN/Config.pm Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support available (try 'install Bundle::CPAN') readline() on closed filehandle FIN at /usr/lib/perl5/5.8.5/Term/ReadLine.pm line 396. Terminal does not support GetHistory. Lockfile removed. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1
Re: [Vserver] perl CPAN in guests
On Friday 23 September 2005 11:26 am, Chuck wrote: did that emerge metadata (esearch isnt installed). cured that crazy emerge notice. trying to configure cpan after deleting the Config file to start over still gives the same error. terminal does not support gethistory or addhistory. On Friday 23 September 2005 11:23 am, Hilco Wijbenga wrote: ahh ok. i have the template portage and distfiles mounted to the host directories... thanks ill try that Hi Chuck, You need to run emerge metadata eupdatedb I do not entirely understand what's going on but the index for portage is out of whack. I have the same problem whenever I esync my portage (I have the portage tree on a separate partition and share it on several vservers). After the esync runs on the vserver where I want it to run the others need to run the command above. Bye, Hilco On 9/23/05, Chuck [EMAIL PROTECTED] wrote: On Friday 23 September 2005 11:06 am, Chuck wrote: hmnmm.. i use the stage 3 install (binary) for vserver guests supplied by Hollow.. I wonder if he has something special set up. I just tried to do a pretend emerge of perl to see what it would do and got a result back I have never seen before or even heard of: Calculating dependencies QA Notice: USE Flag 'userland_Darwin' not in IUSE for dev-lang/perl-5.8.7 QA Notice: USE Flag 'userland_Darwin' not in IUSE for dev-lang/perl-5.8.7-r1 -QA Notice: USE Flag 'elibc_uclibc' not in IUSE for sys-devel/libperl-5.8.5-r1 QA Notice: USE Flag 'elibc_uclibc' not in IUSE for sys-devel/libperl-5.8.5 QA Notice: USE Flag 'userland_Darwin' not in IUSE for sys-devel/libperl-5.8.7 I would never have such things defined as I have no clue what they are even.. Wonder if this has anything to do with it. i think i may reinstall perl and see what happens. maybe it will get rid of that msg. chuck On Friday 23 September 2005 10:56 am, Herbert Poetzl wrote: On Fri, Sep 23, 2005 at 10:52:35AM -0400, Chuck wrote: On Friday 23 September 2005 12:06 am, Chuck wrote: update: i ssh'd directly into the template so a terminal was created and deleted the config file and re-ran the cpan configuration and it still bomed at not supporting add/get history. could you verify that it works fine without linux-vserver? could you check with strace what it tries to do? TIA, Herbert will try. i can verify that cpan works perfectly on the host computer outside of the guest using the host's installation of perl. the guest has its own installation of perl. same versions. it appears to have something to do with terminal definitions or some such which I don't fully understand. :) Chuck I am trying to pre-configure CPAN in a template for a number of guests. It exited with this error. Should I just turn off history in the config or is there a reasonably simple 'fix' that isn't a security problem? I entered the running guest from the host with vserver template enter. Sshd is not installed yet. Would it be better to install that then ssh into the template to do this? commit: wrote /usr/lib/perl5/5.8.5/CPAN/Config.pm Terminal does not support AddHistory. cpan shell -- CPAN exploration and modules installation (v1.7601) ReadLine support available (try 'install Bundle::CPAN') readline() on closed filehandle FIN at /usr/lib/perl5/5.8.5/Term/ReadLine.pm line 396. Terminal does not support GetHistory. Lockfile removed. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book
[Vserver] majorly messed
I thnk there is something majorly messed up here.. this template was the first one i tried configuring cpan for since it was the first machine that would support guests that need it... i reinstalled perl (first template for that too) and the package system updated it from 5.8.5 to 5.8.6.. same error... ok so i exited off the template and did vserver template stop i have the ctrl alt del fix in the inittab yet it timed out. checking vps ax it was not running. vserver template start said it was running so i went into /var/run and deleted the context pointer in vserver.rev.. when i tried to start it it sits there and the server never starts... this is the oddest problem.. ive never had a problem with the last 3 machines i did.. at least not fatal like this.. maybe i should have just left cpan alone:) hate to trash the template... took me all day installing packages in it that i want available to the guests.. maybe ill just try installing a new stage 3 system and base layout.. just looked and im rambling.. :( -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] majorly messed
On Friday 23 September 2005 05:42 pm, Chuck wrote: another thing.. i just went into the template system directories to look around from the host and everywhere I did an ls -l I see this entry sys$command as part of the directory listing sent back. it shows as a regular file. I do not get this on any other machines in guests or hosts nor do i get it on this host.. think im just gonna rm -Rf * it all and start over I thnk there is something majorly messed up here.. this template was the first one i tried configuring cpan for since it was the first machine that would support guests that need it... i reinstalled perl (first template for that too) and the package system updated it from 5.8.5 to 5.8.6.. same error... ok so i exited off the template and did vserver template stop i have the ctrl alt del fix in the inittab yet it timed out. checking vps ax it was not running. vserver template start said it was running so i went into /var/run and deleted the context pointer in vserver.rev.. when i tried to start it it sits there and the server never starts... this is the oddest problem.. ive never had a problem with the last 3 machines i did.. at least not fatal like this.. maybe i should have just left cpan alone:) hate to trash the template... took me all day installing packages in it that i want available to the guests.. maybe ill just try installing a new stage 3 system and base layout.. just looked and im rambling.. :( -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] CPAN and sys$command (gentoo specific prob???)
ok i am firmly convinced never to touch cpan in guests. ever. it not only blows up every time as mentioned in earlier messages but it then proceeds to leave a file in the root directory of the guest that is unremovably linked to /sys. i spent hours searching google and the gentoo support forums on the cpan error about terminal not supporting addhistory.. tons of entries and not one solution. so the heck with it. any additions to cpan will be done manually via packages. when i try to remove the file cpan leaves when it exits with the no history support, it says it is a directory.. here is the ls on it -rw-r--r-- 2 root root 23 Sep 23 20:40 sys$command looks like a normal file to me.. so since this is experimental, i used rmdir on it. /sys vanished and it stayed in the directory listing. dang thing is permanent. operations on this file give no unexpected error messages but everything i do to that file affects only /sys since im the only one to ever see the guests in this machine, im leaving it alone unless it will present some kind of problem later on. i dont need it for this machine, but i must solve this cpan problem for the next machine as there will be guests run by other admins that are cpan and perl crazy. i think their breakfast bowls have perl /cpan logos on them! before i tackle cpan though i must study iproute2 and get the 3rd nic to work on a 3rd network in this machine (tomorrow i hope). Bertl hinted possibly something wrong in the paths configurations so when i go to cpan debugging readline is the first place im looking for that line number and go from there. Hollow if you are reading this, with the stage3-latest on your site, do you have any perl cpan problems? remember i only use remote terminals via ssh into the machines. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CPAN and sys$command (gentoo specific prob???)
On Saturday 24 September 2005 03:32 am, Tom Laermans wrote: Hi, On Fri, 2005-09-23 at 23:25 -0400, Chuck wrote: when i try to remove the file cpan leaves when it exits with the no history support, it says it is a directory.. here is the ls on it -rw-r--r-- 2 root root 23 Sep 23 20:40 sys$command looks like a normal file to me.. so since this is experimental, i used rmdir on it. /sys vanished and it stayed in the directory listing. Maybe a silly question, but you _are_ escaping the $, right? rmdir won't work on a file anyway - rm sys\$command is what you ran? yeah.. heh took me 2 tries before i remembered about the esacpe.. thing is it says the file is a directory when i try rm.. im just going to make another template since this was a minimal insall. this time when i ran perl cpan config i was smart enough not to do it after spending hours installing packages :) Tom ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CPAN and sys$command (gentoo specific prob???)
On Saturday 24 September 2005 07:59 am, Tom Laermans wrote: On Sat, 2005-09-24 at 05:02 -0400, Chuck wrote: yeah.. heh took me 2 tries before i remembered about the esacpe.. thing is it says the file is a directory when i try rm.. If you don't escape, you're trying to rm sys cause I assume the command variable would be empty.. which would lead to that problem if you are in / while doing it... im just going to make another template since this was a minimal insall. this time when i ran perl cpan config i was smart enough not to do it after spending hours installing packages :) I have run perl cpan shell many times inside a vserver host without any problems.. i figured it should run... there has to be something inherently wrong somewhere in the base install package then. something to do with terminal definitions or paths im not sure which as i have not looked at the line of the error in readline.. once i figure out rproute2 so i can put mutiple public internet connections from different providers on one box with multiple nics and multiple networks, then i can go back to this cpan problem. Tom ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [SOLVED]need a point in the right direction in certain kernel networking settings
On Saturday 24 September 2005 03:39 pm, Chuck wrote:
Finally, with the help of the docs Bert pointed me to, and the help of someone
in the Gentoo network forum, it all works properly. The contents of the
things I had to do is listed below in case anyone else runs into the same
problem. I could not find any way to add the rules to the /etc/conf.d/net
config file, so i created a run script to do it.
I added the 3 values below to /etc/iproute2/rt_tables
34 34net
39 39net
172 pvtnet
---
prometheus ~ # cat /etc/conf.d/net
modules=( iproute2 )
config_eth0=( 64.113.34.5 netmask 255.255.255.0 broadcast 64.113.34.255 )
routes_eth0=( 64.113.34.0/24 src 64.113.34.5 table 34net )
routes_eth0=( default via 64.113.34.1 table 34net )
config_eth1=( 172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255 )
routes_eth1=( 172.30.0.0/24 src 172.30.0.50 table pvtnet )
routes_eth1=( default via 172.30.0.1 table pvtnet )
config_eth2=( 64.113.39.254 netmask 255.255.255.0 broadcast 64.113.39.255 )
routes_eth2=( 64.113.39.0/24 src 64.113.39.254 table 39net )
routes_eth2=( default via 64.113.39.1 table 39net )
--
script iprules
placed in /etc/init.d and added to default runlevel
#!/sbin/runscript
depend() {
need net
before svscan
}
start() {
ebegin Setting iproute2 rules.
#set up system default gateway
/sbin/ip route add default via 64.113.34.1
# set up rules
/sbin/ip rule add from 64.113.34.5 table 34net
/sbin/ip rule add from 172.30.0.50 table pvtnet
/sbin/ip rule add from 64.113.39.254 table 39net
eend 0
}
Chuck
I am running the following kernel compiled from vanilla sources and the
vs2.1.0-rc2 patch. No other patches have been applied.
The base system is Gentoo 2005.1 except with above kernel.
prometheus linux # uname -a
Linux prometheus 2.6.13.1-vs2.1.0-rc2 #2 SMP Sat Sep 24 13:36:00 EDT 2005
i686
Pentium III (Katmai) GenuineIntel GNU/Linux
Ok here is my network setup so you see what I am up against. Need to be sure
I
have the proper options set in the kernel for this to work.
For this machine we have 3 different internet providers tying to 3 routers
and
3 switches and an internal private network on another switch not connected
to
the outside..
totally unique networks and ip blocks. The machine has a 4 port ethernet
card
in it. I have only dealt with 3 networks so far and won't add the
complication of a 4th until the first 3 work properly. the 4th should just
be
a clone of the other public setting methods.
I do not plan to have a guest a member of more than one public network. Most
of the time it will not even be a member of the private network except in
special cases. The private net is for communication between hosts (nfs,
backup etc).
eth0 public 1
eth1 privatenet
eth2 public 2
eth3 down but will be public 3
i need to be positive that the problems i am experiencing are strictly in
the
setups of the nics and my lack of routing skills and not by some missing
element in the kernel config.
set up alone with the others down, each public nic works perfectly to the
outside.
symptoms:
eth0 up, eth1 up both work fine.
bring eth2 up and eth0 stops responding to the outside and other machines in
our network and eth2 responds instead. eth1 privatenet keeps working.
bring eth2 down and eth0 works again to the outside.
below is all of my kernel network code except device driver for the nic, and
i
am also including my vserver kernel setup.
if anyone would be so kind as to review this to see if i have something set
incorrectly for the above setups it would be much appreciated.
must i have ngnet in the kernel set on with iproute2? do i even need
iproute2?
Gentoo network scripts give the option of selecting ifconfig or iproute2 to
use in static ip setups along with others that I won't be using such as
wireless or dhcp.
I also have the following in an init script which runs before the ethernets
are started. vprocunhide runs later.
start() {
ebegin Setting /proc options.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/bin/echo 0 /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo 0 /proc/sys/net/ipv4/conf/all/accept_redirects
/bin/echo 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
/bin/echo 1 /proc/sys/net/ipv4/tcp_syncookies
eend 0
}
I had read an article somewhere that suggested the above settings were good
to
do, and comments on the article agreed, so i did them.
#
# Networking options
#
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
CONFIG_UNIX=y
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_ASK_IP_FIB_HASH=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
[Vserver] stop timeout on a guest kills another one
I sometimes have a problem with a stop timeout when using
vserver guest stop
it appears randomly.. the only thing I can think of is i try to run it too
soon after exiting the guest. I find if I wait a bit before stopping the
guest i do not get this error.
here is the error
prometheus colossus # vserver colossus stop
A timeout occured while waiting for the vserver to finish and it was
killed by sending a SIGKILL signal. Please investigate the reasons
and/or increase the timeout in apps/vshelper/sync-timeout.
an unfortunate result of this is it also kills my single running production
guest and I have to remove the /var/run/vservers entry for it then i can
restart it.
is this killing a guest I do not want stopped a normal byproduct of this
timeout error? I'm not sure where the problem is.. I have the gentoo inittab
fix installed so it is not that.
i dont get this on the other host i have guests on at all. the only thing that
is different, is this is an smp machine and it has a running qmail
installation in the host temporarily until i get time to move it to a guest.
the guest was installed using link copy from the template as all the others
have been.
I create the basic guest skeleton then remove the existing directories within
the guestname and then do
cp -al template/* new-guest
then do
find new-guest -type f -exec setattr --iunlink {} ';'
then i go into the guest /etc directory and configure it and then start it and
enter it.
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [SOLVED]need a point in the right direction in certain kernel networking settings
On Tuesday 27 September 2005 03:31 am, Dennis Roos wrote:
On Sun, 2005-09-25 at 14:47 -0400, Chuck wrote:
On Saturday 24 September 2005 03:39 pm, Chuck wrote:
Finally, with the help of the docs Bert pointed me to, and the help of
someone
in the Gentoo network forum, it all works properly. The contents of the
things I had to do is listed below in case anyone else runs into the same
problem. I could not find any way to add the rules to the /etc/conf.d/net
config file, so i created a run script to do it.
I added the 3 values below to /etc/iproute2/rt_tables
34 34net
39 39net
172 pvtnet
---
prometheus ~ # cat /etc/conf.d/net
modules=( iproute2 )
config_eth0=( 64.113.34.5 netmask 255.255.255.0 broadcast
64.113.34.255 )
routes_eth0=( 64.113.34.0/24 src 64.113.34.5 table 34net )
routes_eth0=( default via 64.113.34.1 table 34net )
config_eth1=( 172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255 )
routes_eth1=( 172.30.0.0/24 src 172.30.0.50 table pvtnet )
routes_eth1=( default via 172.30.0.1 table pvtnet )
config_eth2=( 64.113.39.254 netmask 255.255.255.0 broadcast
64.113.39.255 )
routes_eth2=( 64.113.39.0/24 src 64.113.39.254 table 39net )
routes_eth2=( default via 64.113.39.1 table 39net )
--
script iprules
placed in /etc/init.d and added to default runlevel
#!/sbin/runscript
depend() {
need net
before svscan
}
start() {
ebegin Setting iproute2 rules.
#set up system default gateway
/sbin/ip route add default via 64.113.34.1
# set up rules
/sbin/ip rule add from 64.113.34.5 table 34net
/sbin/ip rule add from 172.30.0.50 table pvtnet
/sbin/ip rule add from 64.113.39.254 table 39net
eend 0
}
If I am not mistaking you're missing 3 default gateways ;)
The 'set up system default gateway is the main gateway (when no other
rules apply).
hmm. i was under the impression the std routing table goes screwey with 3
default gateways... so i set them up via tables.
routes_eth1=( default via 172.30.0.1 table pvtnet )
but i had to learn the basics of iproute2 in literally a day which was only
truly enough to get this running. i will add the 2 other system default
gateways and see how it goes.. i have to dig into routing in a big way in
the next few months, so it looks like i am going to be doing LOTS of
studying :)
btw, i have a way now of putting all rules inside the /etc/conf.d/net file now
so i abandoned the iprule script. if you are interested in that i will post
it. the code to do so was given to me by one of the gentoo developers when i
filed a 'suggestion bug'. i didnt even know you could put code into the net
file:)
so i can now do something like this:
config_eth1=( 172.30.0.50 netmask 255.255.255.0 broadcast 172.30.0.255 )
routes_eth1=( 172.30.0.0/24 src 172.30.0.50 table pvtnet )
routes_eth1=( default via 172.30.0.1 table pvtnet )
rules_eth1=( from 172.30.0.0/24 table pvtnet )
To choose a different default path per table one might use the following
rules:
---%-- cut here --%
# Restrict traffic from 34net to table 34net
ip rule add from 64.113.34.0/24 table 34net
# Restrict traffic from 34net to table 34net and eth0
ip route add 64.113.34.0/24 dev eth0 table 34net
the above methods in the net file now add the dev ethx to each line in their
parsing code.
# Set default route for table 34net
ip route add default via 64.113.34.1 dev eth0 table 34net
---%-- cut here --%
And repeat these rules for all tables used.
SNIP
start() {
ebegin Setting /proc options.
/bin/echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/bin/echo 0 /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo 0 /proc/sys/net/ipv4/conf/all/accept_redirects
/bin/echo 1 /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
/bin/echo 1 /proc/sys/net/ipv4/tcp_syncookies
eend 0
}
You could add all these to /etc/sysctl.conf (which loads at boot time):
---%-- cut here --%
#/etc/sysctl.conf
net.ipv4.icmp_echo_ignore_broadcasts 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
# END
---%-- cut here --%
A few others I use:
---%-- cut here --%
# /etc/sysctl.conf:
# Disable packet forwarding
net.ipv4.ip_forward = 0
# Disable IP dynaddr
net.ipv4.ip_dynaddr = 0
# Disable ECN
net.ipv4.tcp_ecn = 0
# Enable source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
# Disable ICMP echo-request altogether (use only if DOS'ed):
#net.ipv4.icmp_echo_ignore_all = 1
# Enable syn-cookies (prevent syn-flood attacks):
net.ipv4.tcp_syncookies = 1
# Reduce number of possible SYN Floods:
net.ipv4.tcp_max_syn_backlog = 1024
# Disable ICMP echo-request
[Vserver] nagios monitoring - guest or host?
I presently have nagios set up in a guest on a temporary host. We will soon be moving everything to a single 'monster' machine with a backup machine for fail-over. The reason for this background is this: 1. Can I somehow set things up so a guest can execute a pre-defined command script on the host? This would allow nagios to do things like re-start a guest if it is not responding. 2. Alternatively I could run nagios on the host. What would be any performance impact on the guests if I were to do this? It would check approximately 100 customer routers and maybe 3 other machines. This would be the extent of any network resources used, the rest of the checks would be done to the guests ( about 70 checks to do locally) and the fail-over machine. I suspect option 2 is my best way but it would still be nice to know if option 1 could be done. :) I understand the need to keep the host as 'clean' as possible, but in real world situations, I would assume no performance impact or at least minimal if the host runs low resource services such as ntpd, private sshd etc. I am wondering where nagios would fall in the low-impact definitions? Although it has a lot of work to do, it appears to use very few resources. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] nagios monitoring - guest or host?
On Wednesday 28 September 2005 06:59 am, Oliver Welter wrote: Hi Chuck, 1. Can I somehow set things up so a guest can execute a pre-defined command script on the host? This would allow nagios to do things like re-start a guest if it is not responding. There are some ways to do so: 1) The root Server can access the filesystem of the guest, so you can use cron or similar to check for a file inside the guest from the side of the host, and than behave accordingly. For Example, you create a file reboot containing server123 by nagios in a directory inside the guest and than have a process that collects this file from outside and do the reboot. 2) There are some helper scripts like the reboot script, but I dont how these work - might be this can do the job... 3) The standard way, using SSH or RPC or similar and do a normal network connect like you do with any other remote execution Interesting. Never even thought of those options:) Thanks! Regarding performance impact: It does not matter if the process runs in or outside a guest... Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vps
I noticed something that i consider odd. When I use vps ax I see all guests running. When I use vps auw, it does not report the first guest running but reports the others. Is this normal behavior? I'm not too sure about ps options as until recently i have always just used ps ax or more recently vps ax... but vps auw gives me a much cleaner output.. but no first guest. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] gentoo stop fix? and final production guidance requested.
i am currently using the Bertl-Shep stop fix which appears to be working for the most part. Is there a permanent cure for this now? I am currently using the following versions latest as of 2 weeks ago gentoo 2005.1 install on host. kernel 2.6.13.1 vanilla sources from kernel.org with patch-2.6.13.1-vs2.1.0-rc2.diff installed. I am just upgrading now to the util-vserver-0.30.208-r3 and am using the stage3-latest as of a few weeks ago that was obtained from Hollow's site. I guess my question is more than one :) . 1. is the stop bug fixed 2. if so what are the latest versions of the above? 3. what is my best approach for least production problems in creating a template? a. find an updated stage3 that includes latest base layout b. make the template from the latest stage1 vserver build and use the latest base layout with that and just build the thing from scratch? I have moved many servers into guests on various machines temporarily to make rack space for 'big bertha' (8u machine), a 4 processor system which will be our final resting place for all the servers. Then the most powerful of the empty servers will be converted to guest colo machines and the rest retired and sold. Since this will be the final production machine I want to do it all right with all fixes the first time so I don't have to go back and baby-sit it in any way. This system will be fully automated and at times will be auto-starting and stopping certain guests which are only in service certain hours on certain days.. which means there is no room for error. It all has to work perfectly every time. Suggestions? -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 08:31 am, Christian Heim wrote: On Sunday 02 October 2005 13:59, Chuck wrote: I guess my question is more than one :) . 1. is the stop bug fixed Yes, in the latest baselayout-vserver they're fixed. That means you've currently to do the following inside your guests: # echo '=sys-apps/baselayout-vserver-1.11.13-r1 ~x86 \ /etc/portage/package.keywords' # CONFIG_PROTECT=-* emerge -u baselayout-vserver after that, your guest should now be stopping fine 2. if so what are the latest versions of the above? * latest kernel patch is at 2.1.0_rc2 (IIRC) - for Gentoo that is =vserver-sources-2.1.0_rc2 (~x86) incorporating kernel-2.6.13.2 and vs2.1.0_rc2 * util-vserver-0.30.208 (are the latest) - for Gentoo that is =util-vserver-0.30.208-r3 (~x86) * baselayout for the guests is currently at - =baselayout-vserver-1.11.13-r1 (~x86) - =baselayout-vserver-1.12.0_pre8 (~x86) Depends if you like to use the 1.12.0 stuff or the old ones thank you! will upgrade everything i can now, then when i prep 'bertha' ill just do all the existing guests from scratch again. i have no clue whether im using 1.11.13 or 1.12.0.. the base layout was included in the stage 3 i got from hollow's site several weeks ago. have no clue what the differences are. 3. what is my best approach for least production problems in creating a template? a. find an updated stage3 that includes latest base layout b. make the template from the latest stage1 vserver build and use the latest base layout with that and just build the thing from scratch? Depends on the following: * how bleeding-edge you would like to be * if you need some customizations (like 64-bit guests) The stage-tarballs will be renewed * every half year * if a new baselayout-vserver went stable If I were you, I would go for the template from scratch. i need reliability more than 'bleeding edge' however i do need things like exec inside a guest from host and abilities to flag various hosts to autostart and things like that. we have no 64 bit guests or hosts so ... -- Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer (VServer) -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 08:31 am, Christian Heim wrote: 2. if so what are the latest versions of the above? * latest kernel patch is at 2.1.0_rc2 (IIRC) - for Gentoo that is =vserver-sources-2.1.0_rc2 (~x86) incorporating kernel-2.6.13.2 and vs2.1.0_rc2 the only reason i use vanilla kernels now is i have found on my workstations and servers a noticable increase in performance using vanilla over the gentoo-sources. i believe it is due to all the extra patches that i dont use anyway :) is the verserver sources only a vanilla with the vserver patch and thats it? -- Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer (VServer) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 09:38 am, Christian Heim wrote:
On Sunday 02 October 2005 15:15, Chuck wrote:
snip
i need reliability more than 'bleeding edge' however i do need things like
exec inside a guest from host and abilities to flag various hosts to
autostart and things like that. we have no 64 bit guests or hosts so ...
exec as in vserver ${name} exec ?! Well that is simple, and is covered by
a
default installation (even the stage3-tarball covers this).
What do you mean with flag ?! Some sort of depends between different
guests ?
wrong terminology im sure :) the ability to set mark files and their contents.
where can i find the differences between the 2 base layouts? i am getting
ready to install them into the guests that are running now.. even tho these
are 'production' they are also my 'proving ground' so once i start on the
big machine i will not have these kinds of things to mess with and can just
install certain versions of everything and be done with them :)
--
Christian Heim [EMAIL PROTECTED]
Gentoo Linux Developer (VServer)
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 10:46 am, Christian Heim wrote: On Sunday 02 October 2005 15:48, Chuck wrote: wrong terminology im sure :) the ability to set mark files and their contents. You mean the context tagging of files by any chance ?! no.. i dont know how long mark files have been supported;.. they go in /etc/vservers/guestname/apps/init and usually contain 'default' so the veserver startup script will start only those services marked default. where can i find the differences between the 2 base layouts? i am getting Well, the 1.12.0_pre stuff is AFAIK a complete rework and some stuff is even modularized. I've no idea if there's anywhere a comparison between the 2 baselayouts. But you could have a look in the gentoo-dev mailinglist archives. ready to install them into the guests that are running now.. even tho these are 'production' they are also my 'proving ground' so once i start on the big machine i will not have these kinds of things to mess with and can just install certain versions of everything and be done with them :) The go for baselayout-vserver-1.11.13-r1 :) that is old-style baselayout and should be somewhat stable to use :) -- ok will do. i will install 1.12.0 in my testing guest on the production server and 1.11.13 in the production template and guests.. :) Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer (VServer) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 11:49 am, Chuck wrote: with these new versions of base layout and util-vserver, do we still need to put this into a post start script? vattribute --xid 3407 --flag ^37 or is that now not needed? On Sunday 02 October 2005 10:46 am, Christian Heim wrote: On Sunday 02 October 2005 15:48, Chuck wrote: wrong terminology im sure :) the ability to set mark files and their contents. You mean the context tagging of files by any chance ?! no.. i dont know how long mark files have been supported;.. they go in /etc/vservers/guestname/apps/init and usually contain 'default' so the veserver startup script will start only those services marked default. where can i find the differences between the 2 base layouts? i am getting Well, the 1.12.0_pre stuff is AFAIK a complete rework and some stuff is even modularized. I've no idea if there's anywhere a comparison between the 2 baselayouts. But you could have a look in the gentoo-dev mailinglist archives. ready to install them into the guests that are running now.. even tho these are 'production' they are also my 'proving ground' so once i start on the big machine i will not have these kinds of things to mess with and can just install certain versions of everything and be done with them :) The go for baselayout-vserver-1.11.13-r1 :) that is old-style baselayout and should be somewhat stable to use :) -- ok will do. i will install 1.12.0 in my testing guest on the production server and 1.11.13 in the production template and guests.. :) Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer (VServer) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 04:41 pm, Benedikt Boehm wrote:
ok cool thanks... one more quick one...
if i choose the latest 2005.1 standard p3 stage3 from the mirrors then
overlayed the guest baselayout is that sufficient or are there other changes
in the stage3 that i should stick with the older one?
On Sunday 02 October 2005 20:21, Chuck wrote:
On Sunday 02 October 2005 11:49 am, Chuck wrote:
with these new versions of base layout and util-vserver, do we still need
to put this into a post start script?
vattribute --xid 3407 --flag ^37
or is that now not needed?
it is not needed with baselayout-vserver-{1.11.13-r1,12.0_pre8}, and
0.30.208-r3 contains a patch which adds the cflags to vattribute, so you
could do
vattribute --xid 3407 --flag reboot_kill
if you still need it for some guests...
also look at http://home.xnull.de:8008/doc/en/vserver-howto.xml
i updated it to make use of new tools included in 0.30-208-r3
Cheers!
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo stop fix? and final production guidance requested.
On Sunday 02 October 2005 05:06 pm, Benedikt Boehm wrote:
i used your new methods to make the template and then make a stage3 of my own
and make a guest from that.. incredibly nice
On Sunday 02 October 2005 20:42, Chuck wrote:
On Sunday 02 October 2005 04:41 pm, Benedikt Boehm wrote:
ok cool thanks... one more quick one...
if i choose the latest 2005.1 standard p3 stage3 from the mirrors then
overlayed the guest baselayout is that sufficient or are there other
changes in the stage3 that i should stick with the older one?
proably it will work, but not sure, i think you have to unmerge baselayout
before and without it you're not able to emerge anything...
if you're familar with catalyst you could try the
http://dev.gentoo.org/~hollow/stages/build-stages script, it will build
stages for you, though we will upload new ones soon...
On Sunday 02 October 2005 20:21, Chuck wrote:
On Sunday 02 October 2005 11:49 am, Chuck wrote:
with these new versions of base layout and util-vserver, do we still
need to put this into a post start script?
vattribute --xid 3407 --flag ^37
or is that now not needed?
it is not needed with baselayout-vserver-{1.11.13-r1,12.0_pre8}, and
0.30.208-r3 contains a patch which adds the cflags to vattribute, so you
could do
vattribute --xid 3407 --flag reboot_kill
if you still need it for some guests...
also look at http://home.xnull.de:8008/doc/en/vserver-howto.xml
i updated it to make use of new tools included in 0.30-208-r3
Cheers!
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] really odd possible networking problem
i just correlated our ftp server on our web machine taking a very long time to
respond and firing off our monitor warnings with a particular guest i am
working on on another machine. when it crashes on stopping, the web server
ftp goes critical. after i bring the guest back up and it works properly, the
ftp server on the other machine works fine... that particular machine is a
RH9 machine...
could something in my iproute2 config cause this? here is my host config for
the ethernet card on that particular leg of the network.
the web machine/ftp is running on 64.113.39.8 and there are approx 140 ip
addresses upward from 39.11 in its configuration.
the particular guest that appears to be the cause of it when it crashes is at
64.113.39.5.
could a crash cause some kind of screaming to happen?
should i maybe have my rules set for each individual ip rather than the entire
block? so it would be rules_eth2=( from 64.113.39.5 table 39net )?
this config and code is in my /etc/conf.d/net on the host machine
modules=( iproute2 )
config_eth2=( 64.113.39.254 netmask 255.255.255.0 broadcast 64.113.39.255 )
routes_eth2=( 64.113.39.0/24 src 64.113.39.254 table 39net )
routes_eth2=( default via 64.113.39.1 table 39net )
rules_eth2=( from 64.113.39.0/24 table 39net )
then some rules code i received from a gentoo developer that he used:
flush_route_cache() {
ebegin Flushing route cache for ${IFACE}
ip route flush cache dev ${IFACE}
ret=$?
eend $ret
return $ret
}
ip_rule_runner() {
cmd=$1
case ${IFACE} in
eth2) rules=( [EMAIL PROTECTED] ) ;;
eth1) rules=( [EMAIL PROTECTED] ) ;;
eth0) rules=( [EMAIL PROTECTED] ) ;;
esac
max=$(([EMAIL PROTECTED] - 1))
cmd=ip rule ${cmd}
for ln in `seq 0 $max`; do
ebegin${cmd} ${rules[$ln]}
${cmd} ${rules[$ln]}
eend $?
done
}
postup() {
einfo Adding rules
ip_rule_runner add
flush_route_cache
}
predown() {
einfo Removing rules
ip_rule_runner del
flush_route_cache
}
--
Chuck
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] x with nvidia module in vserver?
On Tuesday 04 October 2005 08:08 am, Torsten Becker wrote: I have not tried this yet, but this is one of my priorities after I finish the servers. I also would be interested in a solution. One question. Do you pre-load the nvidia module at startup so X doesn't have to try to insert it into the kernel? I am going to need full functionality since I run a heavily loaded twinview desktop. Hello List, I try to run a complete workstation in a vserver including a x-server. This is no problem since I do not try to use the hardware acceleration with the nvidia kernel module. I have set several capabilities for the vserver: CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_PACCT CAP_MKNOD CAP_LEASE I copied the device files from the host to the vserver. If I use the nv driver for xfree all is well. But if I try to use nvidia xfree fails with the error unable to load kernel module. This is clear for me. Then I tried to figure out which device is used with the nv driver. I tried to copa the device file /dev/nvidia0-4 from the host to /dev/video0-4 in the vserver. But the 3d-accel does not function... Does anyone have a hint for me, how I can manage this? Or is it impossible? I use this configuration to deploy the workstations to a pool of pc's. Therefor the security between host and vserver is not first goal. Greets, Torsten ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] what am i doing wrong with vserver exec?
I am trying to execute this function from a cron off the host and it isnt working. /usr/sbin/vserver prometheus exec /bin/rm -f /var/spool/qmailscan/quarantine/new/* darn wordwrap. I am trying not to install cron in guests unless I absolutely must. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] x with nvidia module in vserver?
On Tuesday 04 October 2005 08:22 am, Torsten Becker wrote: hmm...for me maybe I should leave my big workstation alone and just create a vserver for one guest workstation on it which im assuming could load nv since it is local and honestly it doesnt even need to access the video card. will research to see if i can run x without a video device:). i only use that 2nd workstation via a vnc window off my main one and 2 other people access it from remote. what im trying to do is to free up a whole computer dedicated only to running a remote desktop. did you copy the video0-4 device file or did you use mknod to create it? this will be interesting if someone who has been successful can tell us what needs to be done :) Chuck schrieb: Since the vserver can not load a module I load it in the host. The host is my also my testsystem for the nvidia-module. I have a complete x-workstation installed in the host. Greets, Torsten On Tuesday 04 October 2005 08:08 am, Torsten Becker wrote: I have not tried this yet, but this is one of my priorities after I finish the servers. I also would be interested in a solution. One question. Do you pre-load the nvidia module at startup so X doesn't have to try to insert it into the kernel? I am going to need full functionality since I run a heavily loaded twinview desktop. Hello List, I try to run a complete workstation in a vserver including a x-server. This is no problem since I do not try to use the hardware acceleration with the nvidia kernel module. I have set several capabilities for the vserver: CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_PACCT CAP_MKNOD CAP_LEASE I copied the device files from the host to the vserver. If I use the nv driver for xfree all is well. But if I try to use nvidia xfree fails with the error unable to load kernel module. This is clear for me. Then I tried to figure out which device is used with the nv driver. I tried to copa the device file /dev/nvidia0-4 from the host to /dev/video0-4 in the vserver. But the 3d-accel does not function... Does anyone have a hint for me, how I can manage this? Or is it impossible? I use this configuration to deploy the workstations to a pool of pc's. Therefor the security between host and vserver is not first goal. Greets, Torsten ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] x with nvidia module in vserver?
On Tuesday 04 October 2005 08:22 am, Torsten Becker wrote: just thought of something. I have not tried this yet, but have you tried loading X without a driver in the device configuration? or maybe a 'dummy' driver is needed.. i would think it can be made to latch onto the driver already loaded. Chuck schrieb: Since the vserver can not load a module I load it in the host. The host is my also my testsystem for the nvidia-module. I have a complete x-workstation installed in the host. Greets, Torsten On Tuesday 04 October 2005 08:08 am, Torsten Becker wrote: I have not tried this yet, but this is one of my priorities after I finish the servers. I also would be interested in a solution. One question. Do you pre-load the nvidia module at startup so X doesn't have to try to insert it into the kernel? I am going to need full functionality since I run a heavily loaded twinview desktop. Hello List, I try to run a complete workstation in a vserver including a x-server. This is no problem since I do not try to use the hardware acceleration with the nvidia kernel module. I have set several capabilities for the vserver: CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_CHROOT CAP_SYS_PTRACE CAP_SYS_PACCT CAP_MKNOD CAP_LEASE I copied the device files from the host to the vserver. If I use the nv driver for xfree all is well. But if I try to use nvidia xfree fails with the error unable to load kernel module. This is clear for me. Then I tried to figure out which device is used with the nv driver. I tried to copa the device file /dev/nvidia0-4 from the host to /dev/video0-4 in the vserver. But the 3d-accel does not function... Does anyone have a hint for me, how I can manage this? Or is it impossible? I use this configuration to deploy the workstations to a pool of pc's. Therefor the security between host and vserver is not first goal. Greets, Torsten ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] what am i doing wrong with vserver exec?
On Tuesday 04 October 2005 08:43 am, Christian Heim wrote: odd. it doesnt give any error yet the files remain. wonder if it could be permissions although as root it should not matter to a script executed as root... this is one of the files to be deleted -rw--- 1 qscand nofiles 86449 Oct 4 06:38 prometheus112842211069422533 Chuck On Tuesday 04 October 2005 14:20, Chuck wrote: I am trying to execute this function from a cron off the host and it isnt working. /usr/sbin/vserver prometheus exec /bin/rm -f /var/spool/qmailscan/quarantine/new/* Well thats how it works here :) /usr/bin/vserver ns exec rm -rf /var/tmp/portage/ or even /usr/bin/vserver mirror exec /root/bin/rsync-mirror-os.sh -- Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer (VServer) -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] fatal errors starting and stopping a guest
this:
kernel BUG at kernel/vserver/context.c:144!
invalid operand: [#10]
SMP
Modules linked in:
CPU:0
EIP:0060:[c0136cb0]Not tainted VLI
EFLAGS: 00010246 (2.6.13.1-vs2.1.0-rc2)
EIP is at free_vx_info+0x70/0x80
eax: 0001 ebx: f4a0e938 ecx: da1e0368 edx: f58e7000
esi: f58e7000 edi: c03d89a4 ebp: da1e030c esp: eeb63da4
ds: 007b es: 007b ss: 0068
Process find (pid: 3033, threadinfo=eeb62000 task=f58fe530)
Stack: c013c584 f58e7000 f4a0e938 0020 0004 c1907960 00d0
fff4 da1e030c f4af18a4 eeb63e4c c0175181 f4af18a4 da1e030c eeb63f10
eeb63f10 eeb63e44 eeb63e4c c017557a f48d2d90 eeb63e4c eeb63f10
Call Trace:
[c013c584] proc_virtual_lookup+0xd4/0x2a0
[c0175181] real_lookup+0xd1/0x100
[c017557a] do_lookup+0x13a/0x150
[c0175cf7] __link_path_walk+0x767/0xe70
[c0146ca7] filemap_nopage+0x207/0x3c0
[c0176449] link_path_walk+0x49/0xe0
[c01767a4] path_lookup+0x94/0x170
[c0176a43] __user_walk+0x33/0x60
[c0170a5c] vfs_lstat+0x1c/0x60
[c01711eb] sys_lstat64+0x1b/0x40
[c01155e0] do_page_fault+0x0/0x5db
[c0102ff9] syscall_call+0x7/0xb
Code: ce b0 3b c0 eb dc f6 42 18 01 74 cf 0f 0b 95 00 ce b0 3b c0 eb c5 0f 0b
93 00 ce b0 3b c0 eb b7 0f 0b 92 00 ce b0 3b c0 eb a6 90 0f 0b 90 00 ce b0
3b c0 eb 94 8d b6 00 00 00 00 57 56 53 83 ec
* Hiding /proc entries ...
apollo ~ #
and it sat forever at hiding proc entries
i finally got pissed at it and logged back into it on another terminal and
issued init 0 which i found out called a halt rather than a shutdown which it
has done in the past... i suppose i should have done an init 6 once again..
that may have been the shut down when i initially told it to reboot. :)
now iget something really odd and only when i am starting this one guest
prometheus it shows me the startup process!:)
apollo ~ # vserver prometheus start
* Prometheus starting
INIT: version 2.86 booting
Gentoo Linux; http://www.gentoo.org/
Copyright 1999-2005 Gentoo Foundation; Distributed under the GPLv2
* Setting hostname to prometheus ... [ ok ]
* Updating environment ... [ ok ]
* Cleaning /var/lock, /var/run ...[ ok ]
* Cleaning /tmp directory ... [ ok ]
* Setting DNS domainname to sbbsnet.net [ ok ]
INIT: Entering runlevel: 3
* Starting clamd ... [ ok ]
* Starting freshclam ... [ ok ]
[ ok ]
* Starting syslog-ng ... [ ok ]
* Starting service scan ...[ ok ]
* Starting spamd ... [ ok ]
* Starting local ... [ ok ]
INIT: no more processes left in this runlevel
at this point it does not return to the host prompt unless i press enter
and when i stop it i now see the shutdown sequences but got no error.
=
apollo ~ # vserver prometheus stop
INIT: Sending processes the TERM signal
* Stopping local ... [ ok ]
* Stopping spamd ... [ ok ]
* Stopping service scan ... [ ok ]
* Stopping services ... [ ok ]
* Stopping service logging ... [ ok ]
* Stopping syslog-ng ... [ ok ]
* Stopping clamd ...
* Failed to stop clamd [ !! ]
* Stopping freshclam ... [ ok ]
* Prometheus Stopped
apollo ~ #
==
i do not see these sequences on other guests and they only became visible
after this last super crash and reboot.
i am hoping all these problems will go away when i set everything up fresh on
the big machine...
any clues what is happening?
if its that kernel 'race bug' concerning smp , do you think the kernel.org
people will have it fixed in a few weeks? are they even aware of it? im
getting a bit apprehensive because this final machine being installed in
about 2 weeks must be absolutely perfect the first time. no room for errors
on that one.
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use
[Vserver] host reboot error
i just tried doing a reboot on the host letting it stop all vservers itself.
this is what happened:
* Remounting remaining filesystems readonly ...[ cut
here ]
kernel BUG at kernel/vserver/context.c:144!
invalid operand: [#1]
SMP
Modules linked in:
CPU:0
EIP:0060:[c0136cb0]Not tainted VLI
EFLAGS: 00010246 (2.6.13.1-vs2.1.0-rc2)
EIP is at free_vx_info+0x70/0x80
eax: 0001 ebx: f7d9b080 ecx: f6f5cec0 edx: f666e000
esi: e316b4fc edi: 0400 ebp: esp: e37d3e50
ds: 007b es: 007b ss: 0068
Process mount (pid: 31028, threadinfo=e37d2000 task=e2a5fa80)
Stack: c011ae58 f666e000 c019a550 e316b4fc c019a5cb f7d9b080 e316b4fc c019a550
c0182f33 e316b4fc c019a550 c024ada1 e316b4fc e316b4fc c01831b3 e316b4fc
c0414a94 f4d7c53c c017ff81 e316b4fc e316b4fc f4d7c53c
Call Trace:
[c011ae58] free_task+0x78/0x80
[c019a550] proc_delete_inode+0x0/0x80
[c019a5cb] proc_delete_inode+0x7b/0x80
[c019a550] proc_delete_inode+0x0/0x80
[c0182f33] generic_delete_inode+0x73/0x100
[c019a550] proc_delete_inode+0x0/0x80
[c024ada1] _atomic_dec_and_lock+0x31/0x50
[c01831b3] iput+0x63/0x90
[c017ff81] dput+0x151/0x1f0
[c018063a] shrink_dcache_sb+0x18a/0x1f0
[c016dde5] do_remount_sb+0x35/0x100
[c0185a2d] do_remount+0xad/0x120
[c01864dd] do_mount+0x21d/0x230
[c0186263] copy_mount_options+0x63/0xc0
[c01868ef] sys_mount+0x9f/0xe0
[c0102ff9] syscall_call+0x7/0xb
Code: ce b0 3b c0 eb dc f6 42 18 01 74 cf 0f 0b 95 00 ce b0 3b c0 eb c5 0f 0b
93 00 ce b0 3b c0 eb b7 0f 0b 92 00 ce b0 3b c0 eb a6 90 0f 0b 90 00 ce b0
3b c0 eb 94 8d b6 00 00 00 00 57 56 53 83 ec
/etc/init.d/halt.sh: line 196: 31028 Segmentation fault mount -n -o
remount,ro ${x} /dev/null
at this point it will hang forever until i power cycle it.
the last line usually means there was a problem in a guest
--
Chuck
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] I spoke too soon
):c011ad04 clr_vx_info f5415000[#3405,51.17] @ebefa4e8 (#afcc,*0):c011b21a clr_vx_info f5415000[#3405,53.18] @f50c24d8 (#af22,*1):c011f33f release_vx_info f5415000[#3405,51.18] @ebefa040 (#afca,*0):c011b0e0 set_vx_info f5415000[#3405,53.18] @f544bed8 (#af21,*1):c011b21a clr_vx_info f5415000[#3405,52.18] @f7108938 (#afc7,*0):c011c87d claim_vx_info f5415000[#3405,53.17] @ee90baa0 (#af20,*1):c030b8e3 clr_vx_info f5415000[#3405,53.18] @eb8b4e60 (#afc6,*0):c011b0e0 set_vx_info f5415000[#3405,52.17] @f7503758 (#af1f,*1):c030b8e3 clr_vx_info f5415000[#3405,54.18] @f5a57220 (#afc5,*0):c011bef7 init_vx_info f5415000[#3405,51.17] @ee90bf48 (#af1e,*1):c030c7f5 set_vx_info f5415000[#3405,53.18] @f5a57220 (#afc4,*0):c011c87d claim_vx_info f5415000[#3405,51.16] @f5047040 (#af1d,*1):c030c7f5 set_vx_info f5415000[#3405,52.18] @eb8b4e60 (#afc3,*0):c011b0e0 set_vx_info f5415000[#3405,50.16] @f50c24d8 (#af1c,*1):c030b8e3 clr_vx_info f5415000[#3405,53.18] @eb8b4e60 (#afc2,*0):c011bef7 init_vx_info f5415000[#3405,49.16] @f50474e8 (#af1b,*1):c030b8e3 clr_vx_info f5415000[#3405,54.18] @f5a57220 (#afc1,*0):c011c87d claim_vx_info f5415000[#3405,49.15] @ebdeda80 (#af1a,*1):c030c7f5 set_vx_info f5415000[#3405,53.18] @f5a57220 (#afc0,*0):c011b0e0 set_vx_info f5415000[#3405,48.15] @f7416e58 (#af19,*1):c030c7f5 set_vx_info f5415000[#3405,52.18] @eb8b4e60 (#afbf,*0):c011bef7 init_vx_info f5415000[#3405,47.15] @ebdedf28 (#af18,*1):c011b21a clr_vx_info f5415000[#3405,53.18] @f545b9b8 (#afbe,*0):c011ad04 clr_vx_info f5415000[#3405,48.15] @ebdedf28 (#af17,*1):c011b0e0 set_vx_info f5415000[#3405,52.18] @f7108938 (#afbd,*0):c011f33f release_vx_info f5415000[#3405,48.16] @ebdeda80 (#aef2,*1):c011b21a clr_vx_info f5415000[#3405,49.16] @f7108938 (#afb9,*0):c011ad04 clr_vx_info f5415000[#3405,51.17] @f50474e8 (#aeea,*1):c011c87d claim_vx_info f5415000[#3405,52.17] @ebefa040 (#afb8,*0):c011f33f release_vx_info f5415000[#3405,51.18] @f5047040 (#aee9,*1):c011b0e0 set_vx_info f5415000[#3405,51.17] @f545b9b8 (#afb7,*0):c011b21a clr_vx_info f5415000[#3405,52.18] @f7416e58 (#aee8,*1):c011bef7 init_vx_info f5415000[#3405,50.17] @ebefa4e8 (#afb6,*0):c011b21a clr_vx_info f5415000[#3405,53.18] @f50c24d8 (#aee7,*1):c011ad04 clr_vx_info f5415000[#3405,51.17] @ebefa4e8 (#afb5,*0):c011b0e0 set_vx_info f5415000[#3405,52.18] @f7416e58 (#aee6,*1):c011f33f release_vx_info f5415000[#3405,51.18] @ebefa040 Badness in send_IPI_mask_bitmask at arch/i386/kernel/smp.c:168 [c0110f26] send_IPI_mask_bitmask+0x86/0x90 [c011133f] smp_send_reschedule+0x1f/0x30 [c011713a] try_to_wake_up+0x39a/0x3f0 [c01167f6] activate_task+0xa6/0xc0 [c0118b81] __wake_up_common+0x41/0x70 [c0118c93] __wake_up_sync+0x53/0x80 [c012a44e] do_notify_parent+0x10e/0x1c0 [c0252e43] prio_tree_remove+0x83/0x100 [c0161151] anon_vma_unlink+0x71/0x80 [c015ca0c] remove_vm_struct+0x8c/0xb0 [c0120455] exit_notify+0x305/0x870 [c0186aba] dput+0x3a/0x210 [c0120bab] do_exit+0x1eb/0x3d0 [c010436b] die+0x19b/0x1a0 [c0104730] do_invalid_op+0x0/0xd0 [c01047e2] do_invalid_op+0xb2/0xd0 [c0138300] free_vx_info+0x70/0x80 [c014eeb8] __free_pages+0x38/0x50 [c0151eff] kmem_freepages+0x8f/0xb0 [c0151fd8] slab_destroy+0x68/0xb0 [c0255e70] memmove+0x50/0x54 [c0103b6b] error_code+0x4f/0x54 [c0138300] free_vx_info+0x70/0x80 [c011adba] free_task+0xea/0x130 [c012840d] free_uid+0x5d/0x70 [c011ae6e] __put_task_struct+0x6e/0x100 [c01a1d3b] proc_delete_inode+0x7b/0x80 [c01a1cc0] proc_delete_inode+0x0/0x80 [c0189ca3] generic_delete_inode+0x73/0x100 [c0255c71] _atomic_dec_and_lock+0x31/0x50 [c0189f23] iput+0x63/0x90 [c0186bda] dput+0x15a/0x210 [c01872aa] shrink_dcache_sb+0x18a/0x1f0 [c017376f] do_remount_sb+0x2f/0x110 [c0173e1c] get_sb_single+0x8c/0xc0 [c0173ecf] do_kern_mount+0x7f/0x170 [c01a1fa0] proc_fill_super+0x0/0xb0 [c018cc5f] do_new_mount+0x7f/0xf0 [c018d3a3] do_mount+0x1d3/0x230 [c0255fe5] strncpy_from_user+0x55/0x90 [c018d173] copy_mount_options+0x63/0xc0 [c018d81f] sys_mount+0x9f/0xe0 [c0103079] syscall_call+0x7/0xb - hope this helps -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vtop?
On Thursday 06 October 2005 06:48 am, Gaz Wilson wrote: It is included in the util-vserver-0.30.208-r3 and I believe in the r2 version as well. I know we have the vps process which can essentially show a ps output of all things running within vservers from the host, but has anyone ever looked into patching the program top, or writing a new version which will act like top on the host, showing the UIDs and run states of all processes in the vservers continuously? I ask, because we use vservers in a fairly hostile environment, and sometimes we get rogue processes which are hogging all of the CPU (for example) - top shows the machine load is up but doesn't show which vserver the rogue process is in - instead you need to use vps, or log into each vserver and run top there to find it. Having one version on top on the host to monitor all processes in the vservers would be great! Are there any plans? (Or indeed has someone already done it and I don't know?) Thanks Gary -- / Gary Wilson, aka dragon/dragonlord/dragonv480\ .'(_.--. e: [EMAIL PROTECTED] MSN: dragonv480 .--._)`. _ | Skype:dragonv480 ICQ:342070475 AIM:dragonv480 | _ `.( `--' w: http://volvo480.northernscum.org.uk `--' ).' \w: http://www.northernscum.org.uk / ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] results of the patch after 4 hours of running
I stopped the qmail guest, and it timed out. It left the pid file. The guest was not in the process list. Proc thought there were 3 vservers running however. cat /proc/virtual/status #CTotal:3 #CActive: 3 and when I tried to restart the guest it said it was already running. I deleted the pid and tried to start the guest once again and it promptly locked the kernel. power cycle returned to all is well with all guests running fine and no errors in startup. However, I found that my radius guest had a corrupted table in the database and I had to trash the live accounting table. phpmyadmin could not repair it. :( I guess I will have to do this again tonight because I forgot to use the serial box to connect to the host so I could not see any traces. it's a single user box so I can't just park in it since the router admin also uses it. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] first test of 3.4
putting it here too so you have documentation other than irc. after 3 hrs running, i shut them down in the same sequence this time trusting it enough that i didnt shut mysql down first:) perfect shut downs.. perfect reboot, perfect startups of the guests. will do another test like tomorrow am after running 12 hrs. then if that works, tomorrow night after running another 10-12 hrs, ill just reboot the machine letting the init script shut them down. -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] update on rc4
in a short phrase it took everything i could give it. after 7.5 hrs running, individual stop start restart worked fine. using init script, global stop start restart worked fine. rebooting letting init shut them down worked fine. ill try again tonight after 12-14 hrs running and if that passes then once more tomorrow night after 24 hrs running looking good so far! -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] problem with rc4 or with my settings?
this is on the dell with the rc4 patch. i have not tried the vanilla kernel yet. when i shut down i get this after the power down sequence * Remounting remaining filesystems readonly ... [ ok ] Power down. Badness in send_IPI_mask_bitmask at arch/i386/kernel/smp.c:168 [c0110a36] send_IPI_mask_bitmask+0x86/0x90 [c0110e5f] smp_send_reschedule+0x1f/0x30 [c0117852] move_tasks+0x1d2/0x260 [c0117fb8] active_load_balance+0xb8/0xd0 [c0119cfe] migration_thread+0xce/0x100 [c0119c30] migration_thread+0x0/0x100 [c01327da] kthread+0xba/0xc0 [c0132720] kthread+0x0/0xc0 [c01011e5] kernel_thread_helper+0x5/0x10 im going to make a vanilla kernel for it and see if that cures the problem -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Missing Gentoo init script?
It appears that the ebuild for util-vserver-0.30.208-r3 is missing the vprocunhide init script. On a clean system it did not install one and I could not find one. I copied one from another host. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problem with rc4 or with my settings?
On Saturday 08 October 2005 06:25 pm, Herbert Poetzl wrote: heh that was a reboot command though... hmm... acpi is shut off totally in linux.. have to tell jon to be sure its off in the bios too On Sat, Oct 08, 2005 at 02:09:57PM -0400, Chuck wrote: On Saturday 08 October 2005 01:36 pm, Chuck wrote: could this be a possible cause? is my cpu setting in error? i have the processor type set to Processor family (Pentium-III/Celeron(Coppermine)/Pentium-III Xeon) but the processors are katmai not coppermine... they are, however, xeon processors... here is just a portion of the cat /proc/cpuinfo could be, could also be the result of a broken BIOS and/or incomplete ACPI implementation ... processor : 3 vendor_id : GenuineIntel cpu family : 6 model : 7 model name : Pentium III (Katmai) stepping: 3 cpu MHz : 500.111 cache size : 1024 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 2 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse bogomips: 1000.15 this is on the dell with the rc4 patch. i have not tried the vanilla kernel yet. when i shut down i get this after the power down sequence * Remounting remaining filesystems readonly ... [ ok ] Power down. Badness in send_IPI_mask_bitmask at arch/i386/kernel/smp.c:168 [c0110a36] send_IPI_mask_bitmask+0x86/0x90 [c0110e5f] smp_send_reschedule+0x1f/0x30 [c0117852] move_tasks+0x1d2/0x260 [c0117fb8] active_load_balance+0xb8/0xd0 [c0119cfe] migration_thread+0xce/0x100 [c0119c30] migration_thread+0x0/0x100 [c01327da] kthread+0xba/0xc0 [c0132720] kthread+0x0/0xc0 [c01011e5] kernel_thread_helper+0x5/0x10 would not worry too much about that ... you could try using APM for power down via BIOS HTH, Herbert im going to make a vanilla kernel for it and see if that cures the problem -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Missing Gentoo init script?
On Saturday 08 October 2005 08:01 pm, Benedikt Boehm wrote: its a good place to put it when you use the vservers init script to auto start. but when you dont there is no option to call vservers unhide or some such to just run vprocunhide... i know i can set all the guests to some mark other than default or change the default to some other name, but when working on the systems its a pain to keep editing back and forth so vservers doesnt find anything to start.. please realize this is my own uneducated opinion, but i still vote for a separatre script. for me the way i work and use them its far more convenient. i just re-emerged util-vserver-0.30.208-r3 to see the msg that i missed... it doesnt tell me that vprocunhide is no longer a separate script. it tells me to run vprocunhide then goes on to tell me an init script was installed and how to add it with no reference that vprocunhide was added into it.. there is nothing about changes.. sorry:) * You have to run the vprocunhide command after every reboot * in order to setup /proc permissions correctly for vserver * use. An init script has been installed by this package. * To use it you should add it to a runlevel: * * rc-update add vserver default * * This init script will also help you to start/stop your vservers * on reboot. See /etc/conf.d/vserver for details On Saturday 08 October 2005 22:19, Chuck wrote: It appears that the ebuild for util-vserver-0.30.208-r3 is missing the vprocunhide init script. On a clean system it did not install one and I could not find one. I copied one from another host. you should read the messages popping up after the build of util-vserver the two init scripts (vprocunhide and vservers) have been merged into one (vservers) ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Missing Gentoo init script?
On Sunday 09 October 2005 03:11 am, Benedikt Boehm wrote: its just me being lazy not wanting to change the default name to rabbits or something in the conf.d config file:) it makes perfect sense to put it where it is... the only thing i ask is that you change the message after to indicate there are changes and that they should remove the vprocunhide from default if it is an upgrade. possibly one of those beeping timed yellow msgs. :). i have suggested this several times in bugzilla that they change the way portage operates to make it output all info msgs from every pkg emerged to a text file with a single msg at the end to check xxx.txt for changes. that way people like me who may emerge 10 things and go to bed or out on site won't miss anything important. however no one has acted on this in more than a year. On Sunday 09 October 2005 02:55, Chuck wrote: On Saturday 08 October 2005 08:01 pm, Benedikt Boehm wrote: its a good place to put it when you use the vservers init script to auto start. but when you dont there is no option to call vservers unhide or some such to just run vprocunhide... i know i can set all the guests to some mark other than default or change the default to some other name, but when working on the systems its a pain to keep editing back and forth so vservers doesnt find anything to start.. please realize this is my own uneducated opinion, but i still vote for a separatre script. for me the way i work and use them its far more convenient. the vservers init script does only start those guests you tell it to, if you don't specify any guest it will just make proc entries visible.. additionally the vservers init script ensures that on stop/reboot _all_ guests are shut down probperly so there is definitely no need to put one command (vprocunhide) in an extra ini script. i just re-emerged util-vserver-0.30.208-r3 to see the msg that i missed... it doesnt tell me that vprocunhide is no longer a separate script. it tells me to run vprocunhide then goes on to tell me an init script was installed and how to add it with no reference that vprocunhide was added into it.. there is nothing about changes.. sorry:) * You have to run the vprocunhide command after every reboot * in order to setup /proc permissions correctly for vserver * use. An init script has been installed by this package. * To use it you should add it to a runlevel: * * rc-update add vserver default * * This init script will also help you to start/stop your vservers * on reboot. See /etc/conf.d/vserver for details what nice message! it told you everything i told you :) On Saturday 08 October 2005 22:19, Chuck wrote: It appears that the ebuild for util-vserver-0.30.208-r3 is missing the vprocunhide init script. On a clean system it did not install one and I could not find one. I copied one from another host. you should read the messages popping up after the build of util-vserver the two init scripts (vprocunhide and vservers) have been merged into one (vservers) ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Missing Gentoo init script?
On Sunday 09 October 2005 07:13 am, Benedikt Boehm wrote: On Sunday 09 October 2005 12:07, Chuck wrote: On Sunday 09 October 2005 03:11 am, Benedikt Boehm wrote: its just me being lazy not wanting to change the default name to rabbits or something in the conf.d config file:) well, if you have default marks in your config, you probably want them to start at boot anyway, else you remove the mark... if you don't have any marks configured, the default mark will not start anything... on a working system when taken down to do some changes its probably easier to change the default run name than to delete marks in a bunch of servers.. it can still work i think by changing the default run name from default to drpepper or something really odd it makes perfect sense to put it where it is... the only thing i ask is that you change the message after to indicate there are changes and that they should remove the vprocunhide from default if it is an upgrade. possibly one of those beeping timed yellow msgs. :). i have suggested this several times in bugzilla that they change the way portage operates to make it output all info msgs from every pkg emerged to a text file with a single msg at the end to check xxx.txt for changes. that way people like me who may emerge 10 things and go to bed or out on site won't miss anything important. however no one has acted on this in more than a year. probably you should take a look at PORT_LOGDIR (see make.conf(5)) will have to research it when i have more time.. dont need all teh junk it logs, only need compiler error msgs and the * info messages at the end of some compiles... i recompiled util-vserver and the info messages were missing from the log. it had the entire compile history but not the messages.:( will research in a few days to see if there is a way to log only msgs and errors. if i were developing it would be a God-send to have that log, but as a user, im not interested in anything but messages about special configs, errors and changes. On Sunday 09 October 2005 02:55, Chuck wrote: On Saturday 08 October 2005 08:01 pm, Benedikt Boehm wrote: its a good place to put it when you use the vservers init script to auto start. but when you dont there is no option to call vservers unhide or some such to just run vprocunhide... i know i can set all the guests to some mark other than default or change the default to some other name, but when working on the systems its a pain to keep editing back and forth so vservers doesnt find anything to start.. please realize this is my own uneducated opinion, but i still vote for a separatre script. for me the way i work and use them its far more convenient. the vservers init script does only start those guests you tell it to, if you don't specify any guest it will just make proc entries visible.. additionally the vservers init script ensures that on stop/reboot _all_ guests are shut down probperly so there is definitely no need to put one command (vprocunhide) in an extra ini script. i just re-emerged util-vserver-0.30.208-r3 to see the msg that i missed... it doesnt tell me that vprocunhide is no longer a separate script. it tells me to run vprocunhide then goes on to tell me an init script was installed and how to add it with no reference that vprocunhide was added into it.. there is nothing about changes.. sorry:) * You have to run the vprocunhide command after every reboot * in order to setup /proc permissions correctly for vserver * use. An init script has been installed by this package. * To use it you should add it to a runlevel: * * rc-update add vserver default * * This init script will also help you to start/stop your vservers * on reboot. See /etc/conf.d/vserver for details what nice message! it told you everything i told you :) On Saturday 08 October 2005 22:19, Chuck wrote: It appears that the ebuild for util-vserver-0.30.208-r3 is missing the vprocunhide init script. On a clean system it did not install one and I could not find one. I copied one from another host. you should read the messages popping up after the build of util-vserver the two init scripts (vprocunhide and vservers) have been merged into one (vservers) ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo
Re: [Vserver] Missing Gentoo init script?
On Sunday 09 October 2005 08:00 am, Chuck wrote: my mistake! i just looked and it created 2 logs, the 2nd one had the messages :) On Sunday 09 October 2005 07:13 am, Benedikt Boehm wrote: On Sunday 09 October 2005 12:07, Chuck wrote: On Sunday 09 October 2005 03:11 am, Benedikt Boehm wrote: its just me being lazy not wanting to change the default name to rabbits or something in the conf.d config file:) well, if you have default marks in your config, you probably want them to start at boot anyway, else you remove the mark... if you don't have any marks configured, the default mark will not start anything... on a working system when taken down to do some changes its probably easier to change the default run name than to delete marks in a bunch of servers.. it can still work i think by changing the default run name from default to drpepper or something really odd it makes perfect sense to put it where it is... the only thing i ask is that you change the message after to indicate there are changes and that they should remove the vprocunhide from default if it is an upgrade. possibly one of those beeping timed yellow msgs. :). i have suggested this several times in bugzilla that they change the way portage operates to make it output all info msgs from every pkg emerged to a text file with a single msg at the end to check xxx.txt for changes. that way people like me who may emerge 10 things and go to bed or out on site won't miss anything important. however no one has acted on this in more than a year. probably you should take a look at PORT_LOGDIR (see make.conf(5)) will have to research it when i have more time.. dont need all teh junk it logs, only need compiler error msgs and the * info messages at the end of some compiles... i recompiled util-vserver and the info messages were missing from the log. it had the entire compile history but not the messages.:( will research in a few days to see if there is a way to log only msgs and errors. if i were developing it would be a God-send to have that log, but as a user, im not interested in anything but messages about special configs, errors and changes. On Sunday 09 October 2005 02:55, Chuck wrote: On Saturday 08 October 2005 08:01 pm, Benedikt Boehm wrote: its a good place to put it when you use the vservers init script to auto start. but when you dont there is no option to call vservers unhide or some such to just run vprocunhide... i know i can set all the guests to some mark other than default or change the default to some other name, but when working on the systems its a pain to keep editing back and forth so vservers doesnt find anything to start.. please realize this is my own uneducated opinion, but i still vote for a separatre script. for me the way i work and use them its far more convenient. the vservers init script does only start those guests you tell it to, if you don't specify any guest it will just make proc entries visible.. additionally the vservers init script ensures that on stop/reboot _all_ guests are shut down probperly so there is definitely no need to put one command (vprocunhide) in an extra ini script. i just re-emerged util-vserver-0.30.208-r3 to see the msg that i missed... it doesnt tell me that vprocunhide is no longer a separate script. it tells me to run vprocunhide then goes on to tell me an init script was installed and how to add it with no reference that vprocunhide was added into it.. there is nothing about changes.. sorry:) * You have to run the vprocunhide command after every reboot * in order to setup /proc permissions correctly for vserver * use. An init script has been installed by this package. * To use it you should add it to a runlevel: * * rc-update add vserver default * * This init script will also help you to start/stop your vservers * on reboot. See /etc/conf.d/vserver for details what nice message! it told you everything i told you :) On Saturday 08 October 2005 22:19, Chuck wrote: It appears that the ebuild for util-vserver-0.30.208-r3 is missing the vprocunhide init script. On a clean system it did not install one and I could not find one. I copied one from another host. you should read the messages popping up after the build of util-vserver the two init scripts (vprocunhide and vservers) have been merged into one (vservers) ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Missing Gentoo init script?
On Sunday 09 October 2005 10:49 am, Herbert Poetzl wrote: On Sun, Oct 09, 2005 at 01:13:13PM +0200, Benedikt Boehm wrote: On Sunday 09 October 2005 12:07, Chuck wrote: On Sunday 09 October 2005 03:11 am, Benedikt Boehm wrote: its just me being lazy not wanting to change the default name to rabbits or something in the conf.d config file:) well, if you have default marks in your config, you probably want them to start at boot anyway, else you remove the mark... if you don't have any marks configured, the default mark will not start anything... at least on sysv based distros, there is something called 'runlevel' and it makes perfect sense there to have vprocunhide run at startup (i.e. in any runlevel) and vserver-legacy or vserver-default (yes there are two different runlevel scripts for that) in just a few of them (e.g. 3,4 or 5) ... somewhat same with gentoo supplied runlevels are boot and default (runlevel3 in sysv) and yes with a simple needs vprocunhide in the vservers script depends section it would run it if it had not already been 'started'. we were discussing the way i like to work:) instead of naming the marks= to drpepper or something, i could just as easily remove vservers init from the default runlevel until i am done with the work on the host os.. however since i might be manually starting a guest or 2 that i would possibly use for testing or maintenance i would still need vprocunhide to run.. by renaming marks, at least the vservers script runs every boot and will run vprocunhide that way without starting anything else. also I see no advantage in combining them, as the gentoo dependancy based runlevel script could easily pull the vprocunhide script in, when vserver-default (or legacy) is started, no? just my opinion, I'm not responsible for the gentoo stuff/decisions ... best, Herbert it makes perfect sense to put it where it is... the only thing i ask is that you change the message after to indicate there are changes and that they should remove the vprocunhide from default if it is an upgrade. possibly one of those beeping timed yellow msgs. :). i have suggested this several times in bugzilla that they change the way portage operates to make it output all info msgs from every pkg emerged to a text file with a single msg at the end to check xxx.txt for changes. that way people like me who may emerge 10 things and go to bed or out on site won't miss anything important. however no one has acted on this in more than a year. probably you should take a look at PORT_LOGDIR (see make.conf(5)) On Sunday 09 October 2005 02:55, Chuck wrote: On Saturday 08 October 2005 08:01 pm, Benedikt Boehm wrote: its a good place to put it when you use the vservers init script to auto start. but when you dont there is no option to call vservers unhide or some such to just run vprocunhide... i know i can set all the guests to some mark other than default or change the default to some other name, but when working on the systems its a pain to keep editing back and forth so vservers doesnt find anything to start.. please realize this is my own uneducated opinion, but i still vote for a separatre script. for me the way i work and use them its far more convenient. the vservers init script does only start those guests you tell it to, if you don't specify any guest it will just make proc entries visible.. additionally the vservers init script ensures that on stop/reboot _all_ guests are shut down probperly so there is definitely no need to put one command (vprocunhide) in an extra ini script. i just re-emerged util-vserver-0.30.208-r3 to see the msg that i missed... it doesnt tell me that vprocunhide is no longer a separate script. it tells me to run vprocunhide then goes on to tell me an init script was installed and how to add it with no reference that vprocunhide was added into it.. there is nothing about changes.. sorry:) * You have to run the vprocunhide command after every reboot * in order to setup /proc permissions correctly for vserver * use. An init script has been installed by this package. * To use it you should add it to a runlevel: * * rc-update add vserver default * * This init script will also help you to start/stop your vservers * on reboot. See /etc/conf.d/vserver for details what nice message! it told you everything i told you :) On Saturday 08 October 2005 22:19, Chuck wrote: It appears that the ebuild for util-vserver-0.30.208-r3 is missing the vprocunhide init script. On a clean system it did not install one and I could not find one. I copied one from another host. you should read the messages
[Vserver] disk limits
are disk limits proven in 2.1.0? if i impose disk limits, say 20gb, will that mean when they do a df -h it will ony show them a total space of 20gb? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] stederr
I have a simple c program that outputs to stderr. while it works in the host it does not work in a guest which i am assuming is due to stderr being a kernel thing.. is there some other stream i can use that will log to a file via syslog-ng or sysklog but not bother me with messages on the screen when im logged into the guest via the host or ssh? -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] disk limits
On Monday 10 October 2005 02:09 pm, Herbert Poetzl wrote: cool thanks! On Mon, Oct 10, 2005 at 05:55:03AM -0400, Chuck wrote: are disk limits proven in 2.1.0? yes, they work fine with 2.0 and 2.1 ... if i impose disk limits, say 20gb, will that mean when they do a df -h it will ony show them a total space of 20gb? yep, if the limit is set, the user will see only the available space/inodes ... HTH, Herbert -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] stederr
On Monday 10 October 2005 02:11 pm, Herbert Poetzl wrote:
ok will check that
On Mon, Oct 10, 2005 at 01:51:37PM -0400, Chuck wrote:
On Monday 10 October 2005 01:32 pm, Robin Lee Powell wrote:
oh it outputs to the screen ok when i run it from a terminal, but this is
loaded as a plugin to qmail and is supposed to get logged into the qmail
smtp
log which it does when the entire qmail system is run on an individual
machine or on a host. as a guest the program does its job but reports
nothing.
On Mon, Oct 10, 2005 at 12:27:07PM -0400, Chuck wrote:
I have a simple c program that outputs to stderr. while it works
in the host it does not work in a guest which i am assuming is due
to stderr being a kernel thing..
maybe you are missing the symlinks in /dev which some
scripts seem to require (and are quite fine inside a
linux-vserver guest's dev)
$ ll /dev/std* /dev/fd
lr-xr-xr-x1 root root 13 Oct 10 11:24 /dev/fd - /proc/self/fd/
lr-xr-xr-x1 root root 4 Oct 10 11:24 /dev/stderr - fd/2
lr-xr-xr-x1 root root 4 Oct 10 11:24 /dev/stdin - fd/0
lr-xr-xr-x1 root root 4 Oct 10 11:24 /dev/stdout - fd/1
HTH,
Herbert
Erm. I think you have something very wrong. Plenty of programs in
my guest output to stderr. But let me test, just in case:
mooix:/tmp# cat test.c
#include stdio.h
#include stdlib.h
void main(void)
{
fprintf( stderr, test.\n );
}
mooix:/tmp# gcc test.c -o test
test.c: In function 'main':
test.c:5: warning: return type of 'main' is not 'int'
mooix:/tmp# ./test
test.
mooix:/tmp#
-Robin
--
http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/
Reason #237 To Learn Lojban: Homonyms: Their Grate!
Proud Supporter of the Singularity Institute - http://singinst.org/
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Chuck
...and the hordes of M$*ft users descended upon me in their anger,
and asked 'Why do you not get the viruses or the BlueScreensOfDeath
or insecure system troubles and slowness or pay through the nose
for an OS as *we* do?!!', and I answered...'I use Linux'.
The Book of John, chapter 1, page 1, and end of book
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
