Re: [Vserver] vserver guest sharing the eth0 of host
ADNET Ghislain schrieb: Hi, I am testing vserver and all works well for me but one thing. I have a server with one public IP. I use vserver to have 2 vserver, one is the prod one and the other is a test one. I start one after stopping the other (they never runs at the same time). I have a problem in the fact that i use the eth0 of the host for both of them. My issue is that when i shut down one of the vserver it shutdown completly the eth0 interface of the Host... I really find the documentation troubling. This patchwork of different how-to, faq and articles is really hard to grasp for a new user of vserver. to come back on my problem: /usr/src/util-vserver-0.30.210# vserver mailservertest stop Stopping periodic command scheduler: cron. Stopping ClamAV daemon: clamd Stopping ClamAV virus database updater: freshclam Stopping MTA: exim4. Stopping internet superserver: inetd. Stopping SpamAssassin Mail Filter Daemon: spamd. Saving the System Clock time to the Hardware Clock... hwclock is unable to get I/O port access: the iopl(3) call failed. Hardware Clock updated to Tue May 9 19:52:31 UTC 2006. Stopping deferred execution scheduler: atd. Stopping kernel log daemon: klogd. Stopping system log daemon: syslogd. Sending all processes the TERM signal...done. Sending all processes the KILL signal...done. Saving random seed...done. Unmounting remote and non-toplevel virtual filesystems...done. Deconfiguring network interfaces...done. Cleaning up ifupdown...done. Deactivating swap...umount: none: not found umount: /tmp: must be superuser to umount Not superuser. done. Unmounting local filesystems...umount: none: not found umount: /tmp: must be superuser to umount umount: /dev/hdv1: not found umount: /: not mounted done. mount: permission denied Rebooting... ifdown: shutdown eth0: Permission denied :/usr/src/util-vserver-0.30.210# at this point the server loose the network. i have not the Enable different security models setup as the FAQ says. I do not see anything special, any hints ? -- Cordialement, Ghislain ADNET. # vserver-info Versions: Kernel: 2.6.16.11-vs2.0.2-rc18 VS-API: 0x00020001 util-vserver: 0.30.210; May 9 2006, 21:43:40 Features: CC: gcc, gcc (GCC) 3.3.5 (Debian 1:3.3.5-13) CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: no (you have been warned) Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: fast vserver(2) syscall#: 273/glibc Paths: prefix: /usr/local sysconf-Directory: ${prefix}/etc cfg-Directory: ${prefix}/etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: ${prefix}/var/run/vservers vserver-Rootdir: /vservers Your trouble might get solved when you touch a file with the name nodev in the interface dir of the corresponding interface. Example: touch /etc/vservers/guestname/interfaces/0/nodev That will avoid ifconfig for the defined interface. hth Markus ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VPS time differ from HOST time ??? why
On 2006.05.09 14:32:51 +0200, Sébastien CRAMATTE wrote: VPS time differ from HOST time ??? why I've changed my host server time but my VPS keep running with the old one. Did you change the time or the timezone? The former will affect everything running on the box, the latter will only affect the host or the guest for which it was changed. Björn ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] LinuxTag 2006
Matt Ayres wrote: Mike Schneider wrote: as most of you will know, we had a booth a Linuxtag 2006 which took place in Wiesbaden from May 3rd to 6th. Kudos go to DerJohn who organized the whole thing. At the booth we had some servers running VServer in a 19'' rack and a multi-seat workstation which had the individual seats running inside it's own VServer each. I'm glad to hear things went over well. How was the response to Linux VServer versus the other virtualisation technologies out there? This seems to be the first large demonstration of this project to the general public and I am curious (as I'm sure some others are too). A question that was asked a lot was 'what is the difference to [Xen|UML|VMware|...]' I need not answer this question on this list. We were able to distinguish ourselves and got a lot of people interested enough to say they'll try it out. A point that we could almost always drive home is that VServer distiguishes itself from other solutions in being so simplicistic and always on top of new kernel development that it can easily be combined with other applications: - combination with drbd to gain failover - combination with multi-seat technology to gain hardened multi-seat servers Also, this web interface... any details? Website? Sorry, can't say none about that. I met the guy who's writing it and I hope he'll read this and come forward. Regards, Mike Schneider -- -- Dipl. Inform. Mike Schneider IT Systems Management Associate IT-Systems Management Division Fraunhofer IPSI Dolivostrasse 15, 64293 Darmstadt, Germany Phone: +49 6151 869-845, Fax: +49 6151 869-819 E-mail: [EMAIL PROTECTED] http://www.ipsi.fraunhofer.de/~mikeschneider -- smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
On Sun, Apr 30, 2006 at 10:22:22PM +0300, Nikolay Kichukov wrote: hello, what i DID try to temporarily fix the problem and that did not work was: vattribute --set --xid id --ccap raw_icmp --bcap -1 something else i wanted to ask was: Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Within the guest /etc/fstab is now empty. What caused that file to be erased? somehow I lost the overview about the changes and/or the effects you observed, I'd suggest to pay a visit to the IRC channel (#vserver @ irc.oftc.net) where we should be able to track down whatever causes your issues ... HTH, Herbert Regards, -nik - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Sunday, April 30, 2006 9:21 PM Subject: Re: [Vserver] vserver traceroute On Sun, Apr 30, 2006 at 10:54:26PM +0300, Nikolay Kichukov wrote: Hello, Just upgraded to the latest development util-vserver release. However, when I try to vattribute, I am getting exactly the same behaviour. sshd is again not accepting connections. When I try to temporary fix the problem with --bcap -1, there is no update. hmm, maybe you got that wrong, what I meant was: whenever you want to set the ccaps, also add the --bcaps -1 to that command line .. to work around the bug, btw, it works quite fine here with 0.30.210 + patches HTH, Herbert /usr/local/sbin/vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.210; Apr 30 2006, 20:31:56 Features: CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1) CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr/local sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Regards, -nik On Sun, 2006-04-30 at 17:03 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 02:53:20PM +0300, Nikolay Kichukov wrote: Hello Herbert, I see now. So traceroute cannot be used within a guest environment. I will try tracepath instead. One more thing I'd like to comment on is that, every time I issue: vattribute --set --xid id --ccap raw_icmp on the host, I am getting the following error on the guest when I try to ssh to it: fatal: chroot(/var/run/sshd): Operation not permitted The only way I go around that is to reboot the guest. What am I doing wrong when I am setting the --ccap ? Do I reset some default ccaps or bcaps ? I only have the ccapabilities file and it only contain raw_icmp. So is the default startup of a vserver initializing some extra flags/capabilities that are not necessarily predefined withing flags/ccapabilities/bcapabilities? there was a tool bug regarding vattribute, where you ahd to specify the bcaps when you want to change the ccaps, so you might try the following instead vattribute --set --xid id --bcaps -1 --ccap raw_icmp or update to a
Re: [Vserver] Re: Basic Question
On Tue, May 09, 2006 at 02:02:51PM -0400, Fareha Shafique wrote: Fareha Shafique wrote: Corey Wright wrote: storage space is conserved because files only exist in one place, but are referenced within multiple vservers though special hard links. memory space is conserved because binaries and shared libraries (and any item in the file cache, i suppose) only exist in memory once, though many vservers may be executing/using the file. the idea is to extend the concept of shared libraries to vservers, so that just as a shared library may be referenced by multiple applications and it only exists in memory once, the same is true for a shared library referenced by multiple vservers (by way of vhashify). all the examples i have seen enable vhashify for vserver guests, not the host. i presume it is possible, but it is never applicable in my case because hard links are only shared on a single filesystem (where i mount my host's executables/libraries on /usr and my vservers on /home). hth. corey Thanks, that explaination helps :) Now, is it only libraries and binaries that can be shared or can a vserver be an exact replica of the host. Oh sorry, that was already answered. I guess anything on the filesystem can be shared. How about if I want the filesystem of vserver vs1 to be an exact replica of the host, and only when I write/modify any file a local copy should be created for vs1 (using COW)? Is this possible? Let me explain this better. Say I want to upgrade some software or install new software on my host machine. Before doing this, I would like to test the upgrade in an environment that is an exact replica of the host machine. Is it possible to create a vserver identical to the host so that it can be used as the test environment? yes, but I would suggest to make a copy first and not to unify it with the host system, just to make sure that nothing goes wrong ... later, you can unify the guest with the host, given that both use the same filesystem HTH, Herbert Thanks, -FS ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Basic Question
On Tue, 09 May 2006 14:02:51 -0400 Fareha Shafique [EMAIL PROTECTED] wrote: Fareha Shafique wrote: Corey Wright wrote: storage space is conserved because files only exist in one place, but are referenced within multiple vservers though special hard links. memory space is conserved because binaries and shared libraries (and any item in the file cache, i suppose) only exist in memory once, though many vservers may be executing/using the file. the idea is to extend the concept of shared libraries to vservers, so that just as a shared library may be referenced by multiple applications and it only exists in memory once, the same is true for a shared library referenced by multiple vservers (by way of vhashify). all the examples i have seen enable vhashify for vserver guests, not the host. i presume it is possible, but it is never applicable in my case because hard links are only shared on a single filesystem (where i mount my host's executables/libraries on /usr and my vservers on /home). hth. corey Thanks, that explaination helps :) Now, is it only libraries and binaries that can be shared or can a vserver be an exact replica of the host. Oh sorry, that was already answered. I guess anything on the filesystem can be shared. let me again emphasize: i have never seen vhashify used to unify the host with guests. i don't know if the vhashify application allows for such. you might be able to do it by creating a skeleton configuration in /etc/vservers representing the host (ie /etc/vservers/host) with a vdir that symlinks to /. just be sure to exclude /etc/vservers or you may experience recursive problems. but that's a total hack, unsupported, and may even void the warranty. ;-) How about if I want the filesystem of vserver vs1 to be an exact replica of the host, and only when I write/modify any file a local copy should be created for vs1 (using COW)? Is this possible? Let me explain this better. Say I want to upgrade some software or install new software on my host machine. Before doing this, I would like to test the upgrade in an environment that is an exact replica of the host machine. Is it possible to create a vserver identical to the host so that it can be used as the test environment? why don't you instead have two vservers: one test one production. push all your production applications/configuration from the host into a test guest. when the test guest works how you want, just copy the test guest to the production guest and unify the two. i do something similar. i have a test guest (that's literally the name of the guest) where i test applications and when everything works like i want, i apt-get install or copy the tested application on a production guest, copy over the configuration, vhashify the production guest, and start it. the added benefit of having your production environment contained within a guest is that to relocate the production environment you simply stop the guest, tarball/cpio/rsync/scp/etc it (the guest and its configuration) to another vserver host, and start it there. i think you are trying to push a square peg into a round hole with your current design and should reconsider if possible. corey -- [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Another conceptual newbie question
On Wed, May 10, 2006 at 08:38:57AM -0500, Corey Wright wrote: mv /bin/bash /bin/bash.new mv /bin/bash.new /bin/bash Do you mean mv /bin/bash /bin/bash.old cp /bin/bash.old /bin/bash ie a cp for the second command? I'm not totally familiar with vhashify semantics, but the two commands you wrote would leave the inode number unchanged, and so it would still be a hard link to the unified file. -- rgds Stephen ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] What is the best way to connect from 1 vserver to other vserver within the same host ?
On Tue, May 09, 2006 at 12:15:01PM +0200, Sébastien CRAMATTE wrote: Herbert Poetzl a écrit : On Sat, May 06, 2006 at 08:27:10AM +0200, Peter Mann wrote: On Fri, May 05, 2006 at 10:22:13PM +0200, Sébastien CRAMATTE wrote: What is the best way to connect from 1 vserver to other vserver within the same host ? I've got an Ldap directory inside one vserver and a postfix that use ldap in another vserver. I search the best way to connect to the ldap server with the maximum of security. you can simply use the 'network' connection between them, as it will not leave the host system (it will go over the loopback lo interface, and cannot be sniffed by other guests, given that you use a secure setup which is default) But each VPS by default doesn't have lo interface ? your VPS doesn't _show_ an lo interface (yet), but the host for sure _has_ one, otherwise most things would fail in your networking What do you mean ? addresses assigned to the host (this includes all guest IPs) will be known as _local_ addresses and traffic to those addresses will _always_ go via the loopback device My VPS have each one a PUBLIC IP so ? Could you explain me a little bite more ? so all the public IPs will be known as local addresses to the host (and therefore to the other guests too) so traffic between the guests (or host and guest) via those public ips will not leave the host (i.e. happen on the loopback device) HTH, Herbert vserver technology for a minute) and use SSL connection - ldaps:// or stunnel4 the best way is IMHO using SSL connection independent on vserver technology ... that will do also, of course trading performance for flexibility when you move the guests apart ... I'm looking closer about this but I prefer the first solution HTH, Herbert -- 5o Peter.Mann at tuke.sk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Sharing directories
thread hijacking seems to be popular these days ... interesting to see that folks even hijack already hijacked threads ... for those who do not know what I am talking about, here some clues: Mike Schneider: Message-ID: [EMAIL PROTECTED] on thread topic reply from Matt Ayres: Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] now Sébastien CRAMATTE hijacks the thread: (probably because his mailer is not really thread aware or because he just does not care, taking any email and just hitting reply, then changing the topic to something else) Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] and finally, Ehab Heikal does the same on the already hijacked thread ... In-Reply-To: [EMAIL PROTECTED] why am I not surprised that both use Windows(tm) to send their emails? anyway, let me state the following here: in the future, I will not answer such off-topic posts with anything else but a note that this is very impolite behaviour ... and I guess other folks on the ML might start doing the same ... thanks, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver guest sharing the eth0 of host
this seems to do the trick ! Thanks a lot :) Cordialement, Ghislain ADNET. AQUEOS. Attention ! Pour toute demande de support ou commande de domaine utilisez désormais: http://support.aqueos.net. AQUEOS - Service Informatique 1, Rue Albert Einstein 77420 Champs sur marne Service technique : http://support.aqueos.net Service commercial : [EMAIL PROTECTED] Tel : 01.64.02.99.37, Fax: 0 1.72.70.32.66 Your trouble might get solved when you touch a file with the name nodev in the interface dir of the corresponding interface. Example: touch /etc/vservers/guestname/interfaces/0/nodev That will avoid ifconfig for the defined interface. hth Markus ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] A possible new idea
After asking various questions about unification, I don't think vhashify quite supports what I have in mind. I wanted to get some opinions/ideas from the users of this mailing list. I am thinking if vservers can somehow be used to provide MAC (Mandatory Access Control) through containers. For example, a vserver shares the same filesystem as the host server, with read and write access to the host files being defined through a set of MAC policies. In this way, different policies can be defined for different vservers. Also, writes can be contained within a vserver (so that if a file is written to, a copy is made in the vserver's space) and integrated with the host only through explicit 'commits' to allow, for example, new configurations to be tested in an environment exactly the same as the host server and then transferred to the host using a commit. Any comments please? Thanks. -FS ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] A possible new idea
On Wed, May 10, 2006 at 02:46:34PM -0400, Fareha Shafique wrote: After asking various questions about unification, I don't think vhashify quite supports what I have in mind. I wanted to get some opinions/ideas from the users of this mailing list. I am thinking if vservers can somehow be used to provide MAC (Mandatory Access Control) through containers. For example, a vserver shares the same filesystem as the host server, with read and write access to the host files being defined through a set of MAC policies. In this way, different policies can be defined for different vservers. Also, writes can be contained within a vserver (so that if a file is written to, a copy is made in the vserver's space) and integrated with the host only through explicit 'commits' to allow, for example, new configurations to be tested in an environment exactly the same as the host server and then transferred to the host using a commit. Any comments please? sounds interesting, any ideas how to realize this? Thanks. -FS ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] A possible new idea
Herbert Poetzl wrote: On Wed, May 10, 2006 at 02:46:34PM -0400, Fareha Shafique wrote: After asking various questions about unification, I don't think vhashify quite supports what I have in mind. I wanted to get some opinions/ideas from the users of this mailing list. I am thinking if vservers can somehow be used to provide MAC (Mandatory Access Control) through containers. For example, a vserver shares the same filesystem as the host server, with read and write access to the host files being defined through a set of MAC policies. In this way, different policies can be defined for different vservers. Also, writes can be contained within a vserver (so that if a file is written to, a copy is made in the vserver's space) and integrated with the host only through explicit 'commits' to allow, for example, new configurations to be tested in an environment exactly the same as the host server and then transferred to the host using a commit. Any comments please? sounds interesting, any ideas how to realize this? Well, my first impression of vservers was that it provided a kind of containment that I have mentioned. I mean after quickly going over the short introduction, I thought that a vserver has read only access to the host server's files and CoW is used whenever the vserver modifes a file. However, after installing a vserver, I realized this was not the case. And after asking a few questions on the mailing list, I learnt that there is no direct way to do this. I was hoping to find out what some of those involved in the development of linux-vserver thought about the feasibility of this idea. So basically, at the moment, I don't really have much idea how to realize this, but I am hoping those more involved with vserver will some ideas to share :) ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] A possible new idea
On Wed, May 10, 2006 at 05:17:55PM -0400, Fareha Shafique wrote: Herbert Poetzl wrote: On Wed, May 10, 2006 at 02:46:34PM -0400, Fareha Shafique wrote: After asking various questions about unification, I don't think vhashify quite supports what I have in mind. I wanted to get some opinions/ideas from the users of this mailing list. I am thinking if vservers can somehow be used to provide MAC (Mandatory Access Control) through containers. For example, a vserver shares the same filesystem as the host server, with read and write access to the host files being defined through a set of MAC policies. In this way, different policies can be defined for different vservers. Also, writes can be contained within a vserver (so that if a file is written to, a copy is made in the vserver's space) and integrated with the host only through explicit 'commits' to allow, for example, new configurations to be tested in an environment exactly the same as the host server and then transferred to the host using a commit. Any comments please? sounds interesting, any ideas how to realize this? Well, my first impression of vservers was that it provided a kind of containment that I have mentioned. I mean after quickly going over the short introduction, I thought that a vserver has read only access to the host server's files and CoW is used whenever the vserver modifes a file. However, after installing a vserver, I realized this was not the case. And after asking a few questions on the mailing list, I learnt that there is no direct way to do this. I was hoping to find out what some of those involved in the development of linux-vserver thought about the feasibility of this idea. well, yes, they did :) So basically, at the moment, I don't really have much idea how to realize this, but I am hoping those more involved with vserver will some ideas to share :) aha, good, well, what would be the advantage over the currently established way to do this, i.e. have a template (some cleaned up version of your host system) and update guests either individually or at-once with the v* tools (like vrpm, vapt, vyum ...)? why would somebody want to _share_ the host files with the guest, instead of having a separate filesystem for them? note: I'm just trying to figure the rationale behind this suggestion ... best, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: A possible new idea
On 10/05/06 14:46 -0400, Fareha Shafique wrote: After asking various questions about unification, I don't think vhashify quite supports what I have in mind. I wanted to get some opinions/ideas from the users of this mailing list. I am thinking if vservers can somehow be used to provide MAC (Mandatory Access Control) through containers. For example, a vserver shares the same filesystem as the host server, with read and write access to the host files being defined through a set of MAC policies. In this way, different policies can be defined for different vservers. Also, writes can be contained within a vserver (so that if a file is written to, a copy is made in the vserver's space) and integrated with the host only through explicit 'commits' to allow, for example, new configurations to be tested in an environment exactly the same as the host server and then transferred to the host using a commit. Any comments please? Rsync backup copy, do update, if smth fails - restore from backup. BTW if smth fails - you are likely updating developement version. Or I mistaken? -- Matvey Gladkikh ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
Hello Herbert, I already joined irc and there were people there that helped me out resolve all the pending issues. Thanks and Regards, -Nikolay Kichukov On Wed, 2006-05-10 at 14:42 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 10:22:22PM +0300, Nikolay Kichukov wrote: hello, what i DID try to temporarily fix the problem and that did not work was: vattribute --set --xid id --ccap raw_icmp --bcap -1 something else i wanted to ask was: Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Within the guest /etc/fstab is now empty. What caused that file to be erased? somehow I lost the overview about the changes and/or the effects you observed, I'd suggest to pay a visit to the IRC channel (#vserver @ irc.oftc.net) where we should be able to track down whatever causes your issues ... HTH, Herbert Regards, -nik - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Sunday, April 30, 2006 9:21 PM Subject: Re: [Vserver] vserver traceroute On Sun, Apr 30, 2006 at 10:54:26PM +0300, Nikolay Kichukov wrote: Hello, Just upgraded to the latest development util-vserver release. However, when I try to vattribute, I am getting exactly the same behaviour. sshd is again not accepting connections. When I try to temporary fix the problem with --bcap -1, there is no update. hmm, maybe you got that wrong, what I meant was: whenever you want to set the ccaps, also add the --bcaps -1 to that command line .. to work around the bug, btw, it works quite fine here with 0.30.210 + patches HTH, Herbert /usr/local/sbin/vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.210; Apr 30 2006, 20:31:56 Features: CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1) CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr/local sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Regards, -nik On Sun, 2006-04-30 at 17:03 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 02:53:20PM +0300, Nikolay Kichukov wrote: Hello Herbert, I see now. So traceroute cannot be used within a guest environment. I will try tracepath instead. One more thing I'd like to comment on is that, every time I issue: vattribute --set --xid id --ccap raw_icmp on the host, I am getting the following error on the guest when I try to ssh to it: fatal: chroot(/var/run/sshd): Operation not permitted The only way I go around that is to reboot the guest. What am I doing wrong when I am setting the --ccap ? Do I reset some default ccaps or bcaps ? I only have the ccapabilities file and it only contain raw_icmp. So is the default startup of a vserver
Re: [Vserver] A possible new idea
Hi, why would somebody want to _share_ the host files with the guest, instead of having a separate filesystem for them? This is actually how Solaris 10 zones work. In a Solaris 10 zone the filesystems /usr /bin /lib and so on are read-only loop-back mounts to the host OS. It makes the guest a lot smaller as a result. Pretty much most of the overhead of a guest (zone in Solaris terms) is the local files in writeable filesystems to ensure OS stability (eg /var/sadm for package maintenance). You could use unionfs or bind-mounts to share directories between host- and guest-filesystem. Of course this would need some manuall work... Cheers, Sebastian -- Sebastian tokkee Harl GnuPG-ID: 0x8501C7FC http://tokkee.org/ signature.asc Description: Digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver