Hi,
I have seen many questions, discussions and instructions about
(loopback) interfaces on a guest. I have tried with different
setups with e.g. loopback and dummy interfaces, but still have
not succeeded to prevent guests accessing some interfaces of
other guests.
Is there any way to
On 7/3/06, Eugen Leitl [EMAIL PROTECTED] wrote:
On Mon, Jul 03, 2006 at 12:12:34PM +0200, Baltasar Cevc wrote:
I can't have an OpenVPN tunnel terminate in a vserver,
can I?
You can, I just did it yesterday. You need to set the following in the
file bcapabilities:
CAP_NET_ADMIN
CAP_NET_RAW
Hi Gerrit,
I'll be giving a shot at OpenVCP some time next week.
From what I've seen so far, it seems quite promising.
Keep up the good work,
Sincerely,
Youri
Gerrit Wyen wrote:
hi,
we quite recently released the first beta of OpenVCP licensed under the
GPL. OpenVCP provides a web-based
Hi,
1.1 It would be nice to run vmstat (say, vmstat 10) for the duration of
the tests, and put the vmstat output logs to the site.
Our benchmark framework allows us to use oprofile during test...
couldn't it be better than vmstat?
Basically, the detailed description of a process would be
Hi,
from the tests:
For benchs inside real 'guest' nodes (OpenVZ/VServer) you should
take into account that the FS tested is not the 'host' node one's.
at least for Linux-VServer it should not be hard to avoid the
chroot/filesystem namespace part and have it run on the host fs.
a
Hi,
Sorry, just forgot one part of your email...
1.2 Can you tell how you run the tests. I am particularly interested in
- how many iterations do you do?
- what result do you choose from those iterations?
- how reproducible are the results?
- are you rebooting the box between the
Clément Calmels wrote:
Hi,
Sorry, just forgot one part of your email...
1.2 Can you tell how you run the tests. I am particularly interested in
- how many iterations do you do?
- what result do you choose from those iterations?
- how reproducible are the results?
- are you rebooting the
Hi,
Sorry, I just forgot one part of your email... (and sorry for the mail
spamming, I probably got too big fingers or too tiny keyboard)
1.2 Can you tell how you run the tests. I am particularly interested in
- how many iterations do you do?
- what result do you choose from those iterations?
Clément,
Thanks for addressing my concerns! See comments below.
Clément Calmels wrote:
Hi,
1.1 It would be nice to run vmstat (say, vmstat 10) for the duration of
the tests, and put the vmstat output logs to the site.
Our benchmark framework allows us to use oprofile during test...
Hi,
I'm wondering why a default 'guest' creation implies some resources
restrictions? Couldn't the resources be unlimited? I understand the need
for resource management, but the default values look a little bit
tiny...
The reason is security. A guest is untrusted by default, though
from the tests:
For benchs inside real 'guest' nodes (OpenVZ/VServer) you should
take into account that the FS tested is not the 'host' node one's.
at least for Linux-VServer it should not be hard to avoid the
chroot/filesystem namespace part and have it run on the host fs.
a bind mount into
Clément Calmels wrote:
Hi,
I'm wondering why a default 'guest' creation implies some resources
restrictions? Couldn't the resources be unlimited? I understand the need
for resource management, but the default values look a little bit
tiny...
The reason is security. A guest is
Clément Calmels wrote:
Hi,
Sorry, I just forgot one part of your email... (and sorry for the mail
spamming, I probably got too big fingers or too tiny keyboard)
1.2 Can you tell how you run the tests. I am particularly interested in
- how many iterations do you do?
- what result do you
Cedric,
these informations are not explicit yet but please check the raw data, for
example :
http://lxc.sourceforge.net/bench/r3/dbenchraw
you will see that each test is run nearly 100 times. the 5% min and max
values are stripped before doing an average. min, max and std dev are
Kirill Korotaev wrote:
For OpenVZ it is also possible to test different subsytems separately
(virtualization/isolation, resource management, disk quota, CPU scheduler).
I would notice also, that in OpenVZ all these features are ON by default.
hmm, we didn't realize that. Good, it will make
Kirill Korotaev wrote:
Cedric,
these informations are not explicit yet but please check the raw data,
for
example :
http://lxc.sourceforge.net/bench/r3/dbenchraw
you will see that each test is run nearly 100 times. the 5% min and max
values are stripped before doing an average. min,
Kir Kolyshkin wrote:
In case you are testing performance (but not, say, isolation), you can
definitely set all the UBCs to unlimited values (i.e. both barrier and
limit for each parameter should be set to MAX_LONG). The only issues is
with vmguarpages parameter, because this is a guarantee
See my comments below.
In general - please don't get the impression I try to be fastidious. I'm
just trying to help you create a system in which results can be
reproducible and trusted. There are a lot of factors that influence the
performance; some of those are far from being obvious.
I'm trying to dist-upgrade a breezy guest and getting an error when
upgrading the initscripts package. The error occurs while running the
postinst script, when it tries this:
mount -n --bind / /.root
The output from that is:
mount: permission denied.
I suspect I need to enable some capability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Teemu,
Is there any way to restrict a guest from accessing some
interfaces or services of other guests?
The guest can only actively use the interfaces assigned to it (see the
great flower page, /etc/vservers/vserver-name/interfaces about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 04.07.2006, at 10:29, Daniel W. Crompton wrote:
On 7/3/06, Eugen Leitl [EMAIL PROTECTED] wrote:
On Mon, Jul 03, 2006 at 12:12:34PM +0200, Baltasar Cevc wrote:
I can't have an OpenVPN tunnel terminate in a vserver,
can I?
You can, I just
In gmane.linux.vserver, you wrote:
[trimming extra stuff to save bandwidth]
thanks for the info. I think your suggestions will actually solve the
problem i'm having.
Thing is that i'm not sure on how to do it correctly on Debian.
I have a util-vserver script in /etc/init.d
which is linked to
On 7/4/06, Baltasar Cevc [EMAIL PROTECTED] wrote:
On 04.07.2006, at 10:29, Daniel W. Crompton wrote:
You can, I just did it yesterday. You need to set the following in the
file bcapabilities:
CAP_NET_ADMIN
CAP_NET_RAW
I haven't tested it myself as I run OpenVPN in the host system only,
but
Hi list!
When I issue the command:
vserver hibernia1 restart
the output is as follows:
Couldnt get a file descriptor referring to the console
/usr/lib/util-vserver/vserver.stop: line 85: 20670 Terminado
(killed) [EMAIL PROTECTED] ${USE_VNAMESPACE:
+$_VNAMESPACE --enter $S_CONTEXT -- }
24 matches
Mail list logo
