[Users] OpenVZ/Virtozzo 7 packages distro packages? (was: Re: New setup - deploy OpenVZ or wait for VZ7?)

2016-06-03 Thread Corrado Fiore
Hello! Great points Scott. If I may add my very personal view, I would say that I see even more reasons for going RedHat-only on the host node. It seems to me that RedHat made a remarkable work of bringing lower-level features to Linux (think of KSM, KVM, the merging of the FUSE enhancements

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread Corrado Fiore
Wow. Thanks to everyone for sharing their suggestions and thanks to Sergey and Vladimir for chiming in and bringing insiders' knowledge to this thread ;-) In our particular use case, we've decided to go like this: • deploy the beta versions for the new setup • make sure that they work in

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread Scott Dowdle
Greetings, The sub-subject of this should be: OpenVZ/Virtozzo 7 packages distro packages? - Original Message - > Is it possible to build kernel packages/userspace utilities for > debian jessie as well ? > > Right now there is only kernel/userspaces utilities for debian wheezy > and

Re: [Users] CentOS 7 image, ModSecurity and Fail2Ban?

2016-06-03 Thread Jeffrey Walton
> In brief: > * OpenVZ 6 (2.6.32-x kernels) does not allow to use ipset inside Containers > (it's just not virtualized) > * OpenVZ 7 (3.10.0-x kernels) does have ipset virtualized => it works inside > Containers. > > If you try fail2ban in OpenVZ 7, please post here the results. :) > > Hope that

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread Volker Janzen
Hi, > We are going to release Virtuozzo 7 and OpenVZ 7 not later than this July. > Thank you for your interest and stay tuned! when I setup VZ 7 beta now, is it possible to upgrade this to the stable release when it's released? It also seems to lack some documentation for my use cases, but I

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread spameden
2016-06-03 19:17 GMT+03:00 vladimir.porok...@gmail.com < vladimir.porok...@gmail.com>: > Hi Guys! > > We are going to release Virtuozzo 7 and OpenVZ 7 not later than this July. > Thank you for your interest and stay tuned! > -- > Best regards, > Vladimir Porokhov > Is it possible to build kernel

Re: [Users] CentOS 7 image, ModSecurity and Fail2Ban?

2016-06-03 Thread Scott Dowdle
Greetings, - Original Message - > Are there any recommendations for fail2ban-like functionality in the > down-level kernel? Perhaps another package I am not aware of? Well, I'm ignorant about parsing web logs and taking action so your particular question / use case I'm not familiar

Re: [Users] CentOS 7 image, ModSecurity and Fail2Ban?

2016-06-03 Thread Narcis Garcia
I use some fail2ban for brute force ssh attacks in OpenVZ/6 with no problem, but running only one instance on HardwareNode and parsing containers' logs. El 03/06/16 a les 20:46, Jeffrey Walton ha escrit: >> In brief: >> * OpenVZ 6 (2.6.32-x kernels) does not allow to use ipset inside Containers

Re: [Users] CentOS 7 image, ModSecurity and Fail2Ban?

2016-06-03 Thread Konstantin Khorenko
Hi Jeff, Scott, we did not check if fail2ban works, but if fail2ban uses ipset, following info can be useful for you: https://bugs.openvz.org/browse/OVZ-5736 In brief: * OpenVZ 6 (2.6.32-x kernels) does not allow to use ipset inside Containers (it's just not virtualized) * OpenVZ 7 (3.10.0-x

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread jjs - mainphrame
Greetings - Based on our experience with OVZ 7 over the past several months, it's already good enough for our needs, where OVZ 7 CTs have been handling smtp, pop3/imap, spam/virus scanning for several domains, database, dns and build host duties with very few issues, and those issues that have

[Users] Idea: adding online memory testing (RAMpage) to the VZ kernel

2016-06-03 Thread Corrado Fiore
Dear All, as it is customary in any datacenter environment, we use ECC RAM on all of our machines. Therefore, in the rare occasions where we had data corruption issues or sudden crashes, I used to think that RAM couldn't be the culprit (we've got ECC, right?), until I discovered this article:

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread vladimir.porok...@gmail.com
Hi Guys! We are going to release Virtuozzo 7 and OpenVZ 7 not later than this July. Thank you for your interest and stay tuned! -- Best regards, Vladimir Porokhov On 03.06.16, 18:04, "Scott Dowdle" wrote: >Greetings, > >-

Re: [Users] vzctl compact works only, if there are no snapshots

2016-06-03 Thread Dmitry Mishin
Hi, On 03/06/16 11:52, "users-boun...@openvz.org on behalf of Roman Haefeli" wrote: >Dear All, > >We're considering creating regular snapshots of our containers. The >setup would include deleting the oldest snapshots. While playing

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread Scott Dowdle
Greetings, - Original Message - > we need to prepare a new setup composed of a few nodes (probably 5) > for August this year. > > If I interpreted the wii page correctly, the next VZ7 release will be > a stable one. As you can imagine, we're very tempted to wait for it > instead of

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread spameden
2016-06-03 17:14 GMT+03:00 Narcis Garcia : > We still deploy OpenVZ/6 because we use Debian repositories. > Our needings are covered with "oldstable" at all. > I have no information about OpenVZ/7 binary repositories for Debian. > > > El 03/06/16 a les 09:40, Corrado Fiore

Re: [Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread Sergey Bronnikov
Hi, Corrado! On 15:40 Fri 03 Jun , Corrado Fiore wrote: > Dear All, > > we need to prepare a new setup composed of a few nodes (probably 5) for August > this year. Good news :) > If I interpreted the wii page correctly, the next VZ7 release will be a stable > one. As you can imagine, we're

[Users] limit cpu per user

2016-06-03 Thread Nick Knutov
Hello, is it possible now to limit CPU per user inside CT? I assume it should be possible with cgroups but I don't know what exactly keywords should I google. kernel - latest openvz6 -- Best Regards, Nick Knutov http://knutov.com ICQ: 272873706 Voice: +7-904-84-23-130

[Users] New setup - deploy OpenVZ or wait for VZ7?

2016-06-03 Thread Corrado Fiore
Dear All, we need to prepare a new setup composed of a few nodes (probably 5) for August this year. If I interpreted the wii page correctly, the next VZ7 release will be a stable one. As you can imagine, we're very tempted to wait for it instead of deploying on OpenVZ and then migrating

[Users] vzctl compact works only, if there are no snapshots

2016-06-03 Thread Roman Haefeli
Dear All, We're considering creating regular snapshots of our containers. The setup would include deleting the oldest snapshots. While playing around with creating and deleting snapshots, I noticed that the root.hdd file keeps growing. It seems there is no point at all in deleting old snapshots