[Users] Official Debian OpenVZ Kernels available
I just wanted to say, starting with 2.6.26, Debian is now providing precompiled kernels (as well as user-space tools vzquota and vzctl) from its official mirrors: , | [EMAIL PROTECTED]:~$ lsb_release -ric | Distributor ID: Debian | Release:unstable | Codename: sid | [EMAIL PROTECTED]:~$ type acsn | acsn is aliased to `apt-cache search --names-only' | [EMAIL PROTECTED]:~$ acsn linux-image-openvz | linux-image-openvz-amd64 - Linux image on AMD64 | [EMAIL PROTECTED]:~$ acsn linux-image | grep openvz | grep 2.6.26 | linux-image-2.6.26-1-openvz-amd64 - Linux 2.6.26 image on AMD64, OpenVZ support | [EMAIL PROTECTED]:~$ uname -a | Linux sub 2.6.26-1-openvz-amd64 #1 SMP Wed Aug 20 13:06:07 UTC 2008 x86_64 GNU/Linux | [EMAIL PROTECTED]:~$ ` http://packages.qa.debian.org/l/linux-2.6.html For now, precreated OS templates for lenny also known as Debian 5.0 can be found here http://forzza.systs.org/ostemplates/ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: setmode option with vzctl
oops, sorry, hit `f' instead of `a' with Emacs i.e. send a follow-up instead of a new article ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: setmode option with vzctl
Does anyone use --setmode at all? If so where are its parameters e.g. `ignore' stored on the file system i.e. which file? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: openvz official templates
jimbob Hello, Where can I find information on how the official openvz jimbob templates are created? http://wiki.openvz.org/Debian_template_creation ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Debian Versions of pkg-cacher and vzpkg
Robert I finished the packages of pkg-cacher and vzpkg for Debian HNs. terrific! Any idea if/how those are going to make it into official Debian repositories? by the way, starting with 2.6.26, and thanks to maks also known as Maximilian Attems (= Debian package maintainer) Debian now provides official OpenVZ kernels as well (just check with apt-cache search ...). ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Some questions about veth devices in OpenVZ
Santi I need to setup a veth device inside a CT to install a DHCP Santi server.. check the URL (Uniform Resource Locator), there is some wikipage about setting up such DHCP (Dynamic Host Configuration Protocol) setup http://wiki.openvz.org/w/index.php?title=Category:Networkingoldid=1521 Santi - I want to set up a veth for a CT, I need a dedicated NIC for Santi each CT? no, one NIC (Network Interface Card) might do as well if you configure a bridge Santi # Vzctl set 3001 --netif_add eth0 --save what you specified below (inside the VE) can be specified with the above line already (check out the man page i.e. vzctl -- --netif_add) Santi # Ifconfig eth0 a.b.c.d netmask 255.255.255.0 up route add Santi # default gw a.b.c.1 eth0 ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: HN VEs in multi-subnet VLAN
Tim Our processes allow for fail-over from a failing server onto a Tim good server. We do this by using OpenVZ. So, if Server5 should Tim fail (let's assume its CPU died), we would fail-over the Server5 Tim virtual environment (which includes its IP Address) onto Server1 Tim and clients will still be able to connect to their normal IP Tim Address. Server1 would then have 2 virtual environments, one on Tim 192.168.1.11/27 and the other on 192.168.2.21/27, and it's Tim hardware node configured as 192.168.1.10/27. sounds to be as if you were up to create a bridge on the HN and add the VEs interfaces to that bridge Tim A fail-over is not an automated process, but a restore from the Tim last backup of the VE onto another hardware node. with the link below and some modification that should be no problem Tim Will OpenVZ support this type of setup without additional Tim configuration? yes, I would opt for http://wiki.openvz.org/HA_cluster_with_DRBD_and_Heartbeat Whatever you finally come up with, please put your notes etc. onto the wiki -- maybe write a howto about it ... ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: problems creating vz cache
Samuel Hey guys, I am just new to openvz and can't figure out how to Samuel create a debian vz template. did you take a look at http://wiki.openvz.org/Debian_template_creation ? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] vzpkg2 replacing vzpkg
Do we know already what is the agenda for vzpkg2 i.e. will vzpkg2 replace the now official vzpkg any time soon? What task may be pending so this switch could happen any time soon? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] vzpkg2 OS templates in .deb format
This page http://wiki.openvz.org/Install_vzpkg2_and_pkg-cacher mentions, vzpkg2 OS templates are only available in .rpm format. Has anyone made them available as .deb already? ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: vzpkg2 replacing vzpkg
Scott The answer on this is that no one knows yet. I don't think it is Scott going to happy real soon... But in a month or two maybe... It is probably going to take a bit longer ... time runs fast these days :-) Scott I myself would really like to see vzpkg2 and pkg-cacher replace Scott the existing vzpkg... I totally agree, this has to happen. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Signing OS templates for trust issues
Hi Scott and others, I see our talk in #openvz yesterday was fruitful -- you have started signing your OS templates in [0] and I would like to thank you for that and all your other efforts. I run a quick test http://pastebin.com/f3c59094f All went fine as can be seen -- thank you Scott! I as many others need that insurance/trust of getting OS templates where I can be sure no malicious actions took place on the way from you creating and uploading the stuff somewhere until it is downloaded and installed by somebody ... [0] http://download.openvz.org/template/precreated/contrib/ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: networking
Mihamina I want them to be reached from the outside (of the laptop, Mihamina via SSH, HTTP, FTP,...) yes, no problem Mihamina I will put the containers on the same subnet (the laptop Mihamina alone: 192.168.1.1, the containers: 192.168.1.0/24) yes, if you put them into the same /24 subnet that you do not even need SNAT (Source Network Address Translation) ... assuming your HN IP never changes because you hit another net where the dhcpd assigns you a 10/8 IP for example. Mihamina Is interface aliasing OK? (Eth0:N) I set up as many eth0 Mihamina alias as I like) and then use --ipadd on theses IP addresses? as Sergej mentioned already, no need for that. Take a look at how to do it i.e. assign static, private IPv4 addresses. Note, you also want to take care of the sysctl settings ;-] - http://sunoano.name/ws/public_xhtml/openvz.html#ve_with_static_ipv4_address - http://sunoano.name/ws/public_xhtml/openvz.html#sysctl_openvz If you later need firewalling and SNAT, be my guest as well - http://github.com/sunoano/bash/tree/master see - packet_filter, which imports generic.sh ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] vzbulk - new feature shows if failcounter was triggered
Hi folks, I added a new feature to vzbulk[0] which shows if some VE (Virtual Environment) has hit any of its beancounter barrer/limit. [1] shows an example output where the VE with veid 3003 has hit its barrier with privvmpages and tcpsndbuf. This script (vzbulk) is an effort that goes hand in hand with writing documentation for OpenVZ[2], which is an ongoing effort and not finished yet. I hope somebody will provide feedback for vzbulk -- note, one also needs to include generic.sh; see comments at the top of vzbulk. [0] http://github.com/sunoano/bash [1] http://sunoano.pastebin.com/m70daa95f [2] http://sunoano.name/ws/public_xhtml/openvz.html pgpeW6MtRbtKH.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: GlusterFS with OpenVZ
Jure ways, but at the end we concluded that there are too many Jure unknowns still and that the technology is not yet mature enough Jure to run in production. I think both technologies can be considered prime time ready for any kind of commercial service with any kind of SLA (Service Level Agreement) attached. I agree however, that using both together is quite uncharted territory -- I am very interested in this kind of setup, both, from a technical point of view and because we are looking for some setup that combines the ability to store huge amounts of data and makes use of OpenVZ for all kinds of services around this data. So far, however, we do not have a combined setup of GlusterFS and OpenVZ in place. pgp7EoWGJrgnI.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: VPS with diferent subnets
Jose Hello! We have a OpenVz server working with a subnet we have 6 Jose VPS created, but this subnet is full and we need to add more IP Jose address, so I have another subnet available but I can't migrate Jose my actual VPS, is posible that I can have some VPS with one Jose subnet and others VPS with anothers subnets. Give us a bit more info please. Is that an internal IP range i.e. something like net_private_class_a=10.0.0.0/8 net_private_class_b=172.16.0.0/12 net_private_class_c=192.168.0.0/16 or do you have public IP addresses available? In the later, you ISP (Internet Service Provider) has to take care i.e. do the routing on his core routers. In case you use private IPs, SNAT (Source Network Address Translation) works perfectly fine. pgpwllILaUmOV.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: VPS with diferent subnets
Jose My VE Node have 255.255.255.240 its /28 network configured Jose (public IPs) but Im using all the IPs in this range, I need more Jose IPs for create new VPS. But the DataCenter dosn't have more IPs Jose availables next to this range. Ok. It does not matter if you do not have one range but several i.e. two or more. It is the ISP's responsibility to route the traffic for your public IPs to the HN (Hardware Node) that houses your VEs (Virtual Environments). So, the way I see it, all you have to do is to tell your ISP (Internet Service Provider) to do the routing and then you have to edit your VEs config file appropriately. For example, in case you would want one of your VEs (e.g. the one with VEID 299) use the IP 1.2.3.4 you go to /etc/vz/conf/299.conf and put IP_ADDRESS=1.2.3.4 in there. pgpkFZfKpKTN1.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] failcnt triggered by lockedpages
I have seen the lockedpages triggered a few times now: http://sunoano.pastebin.com/m2f7ee9e9 As can be seen, for the VE (Virtual Environment) with VEID 2002, the lockedpages failcnt got hit 8 times ... barrier and limit is 256 but maxheld only 106?! maxheld should be at least 256 too no? How can the failcnt be triggered if maxheld is way below barrier and limit? One possible explanation is that the VE tried to go from 106 right to something 256 and thus the failcnt got triggered but maxheld only shows something smaller than 256. Can somebody shed some light on this observation/incident? pgpu9oRlzHHDJ.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] filesystem-level encryption and OpenVZ
Hi folks, often we want to have encryption but then full-disk encryption (e.g. dm-crypt and LUKS) might not be an option because be already have some up and running HN and do not want to install from scratch. Another reason would be that we just have/own a VE. In both cases filesystem-level encryption can help us. I wrote http://sunoano.name/ws/public_xhtml/debian_security.html#filesystem-level_encryption which also takes an OpenVZ setup into account. Maybe someone finds it useful ... pgpRldakp3qH5.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Firewall on HN or VE?
Greg Hi, On one server setup with proxmox i intent to have 4 VE (web, Greg dns, mysql, mail). I guess i'll have 1 IP for each VE. Concerning Greg the firewall i'm thinking of configuring iptables but my concern Greg is to do it on HN or on each VE. I'm looking for best way to do Greg it so your ideas are more than welcome. if the VEs can be trusted i.e. you own/run them, then I recommend putting the filter task on the HN only because it is way easier to maintain and set up. Here is what I do http://sunoano.name/ws/public_xhtml/firewall.html#sunos_rule_set_and_how_it_is_applied As you can see, I like reusable and automatic therefore I wrote myself packet_filter, a script to feed rules to netfilter/iptables. pgpOzPHoT6rb8.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: SSL in cloned VEs
you say webservices and SSL (Secure Sockets Layer) so I guess you want to do websites i.e. https for example yes? If so, then the cloning will give you a working clone instantly. However, you need to have wildcard certs (e.g. *.example.com which would match www.example.com, mail.example.com, wiki.example.com, etc.) since otherwise, a cert usually is specific to a particular domain. pgpkqPYOYMeTJ.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Questions regarding unxsVZ
Ladies, Gents, I am a heavy OpenVZ user myself [0] and just an hour ago I got notion of http://openisp.net/openisp/unxsVZ for the first time. Looks interesting but then I got a few remaining questions/remarks: - Why did you make unxsVZ open source? What is your business idea? - What _exactly_ is http://openisp.net/openisp/unxsVZ ? Imo that page should get a 15 or so line abstract -- take a look at [0] so you see what I am referring to. - Maybe another 15 or so lines of why I (or anybody else e.g. CTO (Chief Technology Officer) of some big ISP) want to use/invest in unxsVZ rather than Virtozzo? - Are you folks going to create Debian packages yourself? unxsVZ is not going to have widespread use, testing and community development without ready to use packages by major Linux distributions i.e. RedHat and Debian (with all their offsprings like CentOS, Ubuntu, etc). - You folks should take a look at http://code.google.com/p/iredmail for all your email related efforts. - I read about support for MySQL. What about PostgreSQL? imho MySQL has become a very insecure technology to invest in, now that Oracle bought Sun; they already discontinued Virtual Iron, another open source competitor product to Oracles own virtualization platform. Here, many of our big customers (Audi, HSBC, Lufthansa, etc.) are moving towards PostgreSQL -- for their FLOSS (Free/Libre Open Source Software) DBMSs that is. - How many of your own active developers are involved in developing unxsVZ? Judging from the commit messages I counted, must be four or so. - Let us finish this email with a fun-like rant ;-] If you guys want to move your trac site away from SVN (your whole source code hosting actually), to for example GIT [1], then here is how to do so [2]. [0] http://sunoano.name/ws/public_xhtml/openvz.html [1] http://sunoano.name/ws/public_xhtml/scm.html#why_git [2] http://sunoano.name/ws/public_xhtml/scm.html#provide_a_git_repository_to_the_public [3] http://sunoano.name/ws/public_xhtml/misc.html#irc_with_pidgin ,[ This mail is CCed to three mailing lists ] | Note: I CCed to users@openvz.org, debian-u...@lists.debian.org and | iredm...@googlegroups.com. | Maybe the response should go directly there so others are informed | too. I know there are others interested into those questions stated | above as well. We just had a talk in #openvz on freenode. If you do | not know how to join use there, try [3]. ` -- --- S u n o A n o E-mail: suno.ano[at]sunoano.org Web: http://sunoano.name OpenPGP KeyID:113E5DEAAE09F1BB72264061FD6EFCB52D203D54 --- ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Tomoyo and Grsecurity questions.
albinootje I wondered whether Grsecurity and Tomoyo Linux would work albinootje with OpenVZ kernels, and came across this page : albinootje http://wiki.openvz.org/Grsecurity Grsecurity has been discontinued no? pgpT7H94TltZW.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Remote storage and migration
Gaston I've been told that remote storage with OpenVZ is not a Gaston well-known area true, but there is a rising interest I have to say. I am also interested a lot. Gaston , but I have to ask anyway, so as to leverage in previous Gaston experiences. Any information is welcome, even more the problems Gaston that were found with each approach, so that I know were to go Gaston and were not to. There was a thread here about using GlusterFS (not to be confused with GFS) and it seems, after asking around a bit, if one needs remote storage, that is the way to go. Think of GlusterFS like the new and shiny NFS ... pgpwWOGamQXYA.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Remote storage and migration
Here is a link collection I started for myself ... page is work in progress but the links I collected might help you http://sunoano.name/ws/public_xhtml/hardware.htmlr#distributed_filesystem pgpVgDMDybHBS.pgp Description: PGP signature ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
,[ Initial Thought/Message ] | God I wish we had a .32 OpenVZ kernel then this discussion wouldn't | even take place ... I appreciate all the excellent work done by all | OpenVZ folks! Kir, you rock! Well, here it is: ` Hello folks! We have evaluated the situation once again and made the decision going forward with LXC. Yes, unfortunately that means ditching OpenVZ. This is nothing personal (although I am a bit sad since I have invested a lot of time) but purely logical. We want/need investment security therefore stuff needs to be in mainline. There is no argument against that, this is 2010 and not 1995 anymore i.e. out of tree is of no interest from a business point of view anymore. The next stable releases for Debian and Ubuntu are to be scheduled for March/April. At this moment no one knows if a new OpenVZ kernel will be available by then. This, we cannot have. We were looking at KVM and LXC. Linux-VServer and OpenVZ are not in mainline so they are not considered. KVM is to fat for what we want plus as it looks like after a few tests, switching from OpenVZ to LXC is quite feasible and the few LXC test systems we created during the last few days run smoothly on .32. As with OpenVZ, our hosts as well as containers will run Debian. There is quite good support for Debian already e.g. /usr/share/doc/lxc/examples/lxc-debian.gz for example. Michael I use to use Linux-vserver years and years ago but when they Michael broke IPv6 support moving from 1.x to 2.x I was forced to Michael abandon Linux-vserver and switch a number of VM's over to Michael OpenVZ. To this day IPv6 remains an experimental patch for Michael Linux-vserver and I see that question come up on their list Michael periodically, so I couldn't migrate back there, even if I Michael wanted to. That being said, IPv6 support in the OpenVZ vnet Michael device is nothing to brag about either and I have had to Michael strictly use the veth devices. Before OpenVZ we/I used Linux-VServer too. It is excellent I think but then here is the problem: LVS is basically a one-man show by Herbert Poetzl. He's a great guy and I meet him a few times in Vienna (were I live too). What happens if Herbert is run over by a train (which of course hopefully does not happen but you get the idea)?! This is a problem, so we switched to OpenVZ. Michael However... There is a new kid on the block, depending on your Michael requirements. Linux Containers or LXC. It still has a few rough Michael edges and some differences with OpenVZ but has the big Michael advantage that it's all in the mainline kernel (2.6.29 and Michael above), so no more patches (yeah!), it is supported under Michael libvirt, and the utilities are in the major cutting edge Michael distros like Fedora and Ubuntu. Michael, you are nothing but right here. Stuff must be in mainline, I cannot get tired of saying that enough these days. The energy spend sketching possible scenarios about what we are going to do if and when will resolve immediately once we use LXC. You just know what will be the case in X months for now ... that is an irreplaceable peace of mind. That is true for any Distros out there, host or container ... Michael I found that with a couple of scripts, I could directly convert Michael OpenVZ config files to LXC config files and start my old OpenVZ Michael containers as a container under LXC with no further Michael modification inside the container. Please provide your scripts to the public. I would love to see them, help improve things and maybe others will join in so nobody needs to be alone by switching to LXC. Dietmar, since we are both interested on making this work for Debian plus, we are in Austria, maybe we should work on this together a bit? Maybe even have a sprint? My email is suno.ano[at]sunoano.org just in case ... Here is what I found so far http://sysadmin-cookbook.rot13.org/#lxc , go down to ve2lxc. I have already started a very rough/ugly collection of bits and pieces of information for my personal matters which can be found at http://sunoano.name/ws/public_xhtml/linux_containers.html Michael Other than a couple of initial test containers I was Michael experimenting with, once I got my scripts settled down and Michael tested, I migrated over 3 dozen VM's from OpenVZ to LXC in a Michael single day with none of the containers experiencing more that a Michael minute or so of down time (transfer time between hosts). Michael Because there were no changes in the containers themselves, I Michael could migrate them back, if I needed to, just as fast. I want this! Tell us more please. Details sir ;-) Michael 1) /proc/mounts shows mounts outside of the container (ugly but Michaelnot fatal). Fixed in git. Is this true for kernels = .32 ? Michael 2) Possible to break out of a container file system (related to #1 Michael above). It's possible to break out of chrooted jails. Fixed in Michael git by using pivot root. This is serious and if you have
[Users] Re: New Kernel Patch
Sorry, but so far we only tested on Debian Lenny. But I guess it works on Debian Squeeze as well. Suno, want to give that a try? Dietmar Just tested - 2.6.18 does not work with new udev (missing Dietmar signalfd support). Yes I know, tested that as well. See my last post. I tried to update a few of my hosts running on .26 yesterday which did not work because the recent udev in Debian testing is not compatible with .26 anymore. I run a few host systems on .26 which happens to be the last officially supported OpenVZ kernel on Debian. German: Auf gut Deutsch, a schena Schmarrn :-) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: LXC-Users list. Was: Re: New Kernel Patch
Excellent, I just signed up. I am going to register it with Gmane too. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Jorge Debian is the standard at GNU/Linux operating systems, Let us just say it is used by many many folks ... :-) there are other great Linux distributions out there. Jorge how it's possible? Debian just provides Linux as one of its kernel flavors. Amongst Linux kernels in Debian there were kernels with OpenVZ support. Only if the OpenVZ project provides a patch set can it be included in kernels shipped by Debian. Jorge It's not possible, I have five host machines with Debian lenny Jorge and OpenVZ. What can I do? Use some other kind of virtualization like for example KVM or LXC etc. The overall point of the matter is, look whether or not it is in mainline or not because then you can be pretty sure what is happening right now will not repeat itself with another kind of virtualization technology you pick. Please also note that the folks involved in OpenVZ contributed a lot to LXC and we shall all thank them for doing so. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Scott How much longer is the current version of Debian going to be Scott supported? If the RC bugs are down to a sane number the freeze for squeeze (next stable Debian release) is planned to happen in march. However, dates surrounding this event are still very fuzzy at this point. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Josip Er, but with that you've just begun to start calculating the Josip end-of-support date. The testing distribution goes through Josip periods of being frozen, and only then new stable gets released. Josip And then a year after *that* does the old stable release gets Josip its security updates abandoned. So if we assume that the next Josip release happens late this year, that means the current version Josip will cease to be supported late next year. All true, I should have been more detailed, true that. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: LXC-Users list. Was: Re: New Kernel Patch
I am still waiting for positive feedback from Gmane. Meanwhile I also subscribed lxc-users and lxc-devel with mail archive e.g. http://www.mail-archive.com/lxc-us...@lists.sourceforge.net ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: New Kernel Patch
Scott Ok, so now I know when squeeze might come out... But how long is Scott the current version of Debian going to be supported? Is that Scott related to the release of squeeze? See other posting in this thread. With regards to official support of OpenVZ as well as Linux-VServer on the next stable Debian release (squeeze), take a look at http://lwn.net/Articles/357623/ To summarize: - Linux-VServer will be deprecated; a migration path to LXC worked out - OpenVZ ... well, it will have continued support in/from Debian ... if it can provide an up to date patch that is :-) ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: NAT/Firewall CT-based?
Marc Is it a good idea to have a CT as NAT and Firewall or I should use Marc the HN for this purpose? Is there any doc explaining a similar Marc configuration? Any other recommendation? I would recommend you do routing and packet filtering on the HN since it is easier and makes a lot more sense semantically. I have a script you can use http://github.com/sunoano/bash/blob/master/packet_filter Also, take a look at the URLs mentioned in the script for further information. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Will I be able to use MASQUERADE in iptables?
Mike Hi everyone. I found some threads in OpenVZ's forum about Mike MASQUERADE in iptables that said it's not yet supported. Can Mike someone conform this? It works but you can use the SNAT target instead which is the preferred way to map addresses because is creates less overhead. The MASQUERADE target is mostly only used with dynamically assigned IP connections i.e. when we do not know the actual IP address upfront (read DHCP). If you have a static IP address, then you should use the SNAT target which works perfectly fine with OpenVZ. ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: net.ipv4.ip_forward = 0
You do not need to restart your network over and over again. Just setting your sysctl settings correctly should do the trick. Have a look at http://sunoano.name/ws/openvz.html#sysctl_openvz ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users