Re: [Vserver] Re: quota problem

2007-02-09 Thread Jarek Dylag 

Hi,


question is, on what filesystem, and with what options

IIRC, ext3 is kind of hairy, as it supports two different
kinds of quote, a journaled one and the 'normal' ext2
quota stuff ...


ext3 with mount options: rw,noatime,usrquota,grpquota

i checked also ext2,

strace output after quotaon command shows:
quotactl(Q_QUOTAON|USRQUOTA, /dev/hdv1, 2, {7022360269181497135,
491328337198, 210453397504, 701898877744431, 7809632559044715890,
3408187388784029541, 4707197592648237900, 7161402270843880775}) = -1
ENODEV (No such device)


 I think my issue was that /etc/mtab and /etc/fstab have to be correct.
 To get that i put them in /etc/vserver/name/apps/init/ (As far as i
 remember, only mail access ehre now).

yes, it _is_ essential to get proper values at mount
(real mount time) and mtab (for the guest)


my configuration:

host fstab:
/dev/hdc6   /vservers   ext3noatime,usrquota,grpquota 0   2

host mtab:
/dev/hdc6 /vservers ext3 rw,noatime,usrquota,grpquota 0 0

host /proc/mounts:
/dev/hdc6 /vservers ext3 rw,noatime,usrquota,grpquota 0 0

guest apps/init/mtab:
/dev/hdv1   /   ufsnoatime,usrquota,grpquota 0   2

guest /proc/monts:
/dev/root / ext3 rw,noatime,usrquota,grpquota 0 0

guest fstab:
/dev/hdv1   /   ext3defaults,usrquota,grpquota1 1

guest mtab:
/dev/hdv1   /   ufsnoatime,usrquota,grpquota 0   2

Jarek Dylag
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Another bug?

2007-02-09 Thread Lyn St George 
I have scripts that run from the host and restart daemons 
inside vservers, using suexec. Eg:
/usr/sbin/vserver {name} suexec {user} {cmd}

These worked fine with 30.309 tools and 2.6.14 kernel.
Now, with 2.6.19.2 kernel, 2.2.0-rc10 patch and 
30.212 tools, the suexec no longer works and stays as root
resulting in failed commands.

I see nothing in the changelog or docs about a change.

Is this another bug?



-
Lyn

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] routing between host and guest

2007-02-09 Thread ADNET Ghislain 
From what i got it seems that the  traffic from host to guest goes by the lo interface. The logs indicate that it does 
not DNAT from lo :



Feb  9 12:30:30 server kernel: OUTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 
ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0
Feb  9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 
ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0
Feb  9 12:30:30 server kernel: POSTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 
ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0
Feb  9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip 
DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 
WINDOW=32792 RES=0x00 SYN URGP=0
Feb  9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 
ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0
Feb  9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip 
DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 
RES=0x00 ACK RST URGP=0




 my log rule in postroute is triggered bu not he one i put in prerouting is it normal that traffic on lo bypass 
PREROUTING or do i made a mistake here ?



Chain PREROUTING (policy ACCEPT 4601 packets, 239K bytes)
 pkts bytes target prot opt in out source   destination
0 0 pre10.11.1.1  all  --  lo *   0.0.0.0/0
my.pub.lic.ip
 1389 79355 pre10.11.1.1  all  --  *  *   0.0.0.0/0
my.pub.lic.ip



regards,
Ghislain.



server:/usr/local/.aqadmin/home%(aqadmin) ifconfig
eth0  Lien encap:Ethernet  HWaddr 00:30:48:80:35:98
  inet adr:my.pub.lic.ip  Bcast:my.public.net.255  
Masque:255.255.255.240
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:50547354 errors:0 dropped:0 overruns:0 frame:0
  TX packets:46120605 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:100
  RX bytes:967618327 (922.7 MiB)  TX bytes:208844340 (199.1 MiB)
  Adresse de base:0xb000 Mémoire:f000-f002

eth0: Lien encap:Ethernet  HWaddr 00:30:48:80:35:98
  inet adr:10.11.1.1  Bcast:0.0.0.0  Masque:255.255.255.255
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  Adresse de base:0xb000 Mémoire:f000-f002

loLien encap:Boucle locale
  inet adr:127.0.0.1  Masque:255.0.0.0
  UP LOOPBACK RUNNING  MTU:16436  Metric:1
  RX packets:188383 errors:0 dropped:0 overruns:0 frame:0
  TX packets:188383 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 lg file transmission:0
  RX bytes:24591743 (23.4 MiB)  TX bytes:24591743 (23.4 MiB)



server:/usr/local/.aqadmin/home%(aqadmin) sudo iptables -L -vn
Chain INPUT (policy ACCEPT 51M packets, 30G bytes)
 pkts bytes target prot opt in out source   destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in out source   destination

Chain OUTPUT (policy ACCEPT 46M packets, 3496M bytes)
 pkts bytes target prot opt in out source   destination


server:/usr/local/.aqadmin/home%(aqadmin) sudo iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 4601 packets, 239K bytes)
 pkts bytes target prot opt in out source   destination
  666 34304 pre10.11.1.1  all  --  *  *   0.0.0.0/0
my.pub.lic.ip

Chain POSTROUTING (policy ACCEPT 9432 packets, 644K bytes)
 pkts bytes target prot opt in out source   destination
8   518 post10.11.1.1  all  --  *  *   10.11.1.1   
!10.11.1.1

Chain OUTPUT (policy ACCEPT 34439 packets, 2175K bytes)
 pkts bytes target prot opt in out source   destination

Chain post10.11.1.1 (1 references)
 pkts bytes target prot opt in out source   destination
   74  4562 SNAT   all  --  *  *   0.0.0.0/00.0.0.0/0   
to:my.pub.lic.ip

Chain pre10.11.1.1 (1 references)
 pkts bytes target prot opt in out source   destination
  666 34304 DNAT   all  --  *  *   0.0.0.0/00.0.0.0/0   
to:10.11.1.1


server:/usr/local/.aqadmin/home%(aqadmin) telnet my.pub.lic.ip 80
Trying my.pub.lic.ip...
telnet: Unable to connect to remote host: Connection refused



server:/usr/local/.aqadmin/home%(aqadmin) telnet 10.11.1.1 80
Trying 10.11.1.1...
Connected to

[Vserver] apt-proxy on vserver host

2007-02-09 Thread Konstantinos Pachopoulos 
Hi,
i am trying to set-up apt-proxy on the root server
of my virtual network. Do i need to tweak the
iptables? In general, i think that i have to change
the iptables settings only when vserver guests need to
communicate with each other.

Thanks



___ 
Copy addresses and emails from any email account to Yahoo! Mail - quick, easy 
and free. http://uk.docs.yahoo.com/trueswitch2.html
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Another bug?

2007-02-09 Thread Daniel Hokka Zakrisson 
Lyn St George wrote:
 I have scripts that run from the host and restart daemons
 inside vservers, using suexec. Eg:
 /usr/sbin/vserver {name} suexec {user} {cmd}

Is user a username or a uid?

 These worked fine with 30.309 tools and 2.6.14 kernel.
 Now, with 2.6.19.2 kernel, 2.2.0-rc10 patch and
 30.212 tools, the suexec no longer works and stays as root
 resulting in failed commands.

I think it's the other way around. If you answered username above, your
old utils would've run the command as root, while 0.30.211 fixes this to
understand usernames and bail out if it's not a number nor a valid
username.

 I see nothing in the changelog or docs about a change.

 Is this another bug?

Seems to work fine here, and this hasn't changed since 0.30.211:
[EMAIL PROTECTED] ~]# vserver --version
vserver 0.30.213-rc1 -- manages the state of vservers
This program is part of util-vserver 0.30.213-rc1

Copyright (C) 2003,2004,2005 Enrico Scholz
This program is free software; you may redistribute it under the terms of
the GNU General Public License.  This program has absolutely no warranty.
[EMAIL PROTECTED] ~]# vserver fc6 suexec apache id
uid=48(apache) gid=48(apache) groups=48(apache)
[EMAIL PROTECTED] ~]# vserver fc6 suexec pdns id
uid=100(pdns) gid=101(pdns) groups=101(pdns)
[EMAIL PROTECTED] ~]# grep pdns /etc/passwd
[EMAIL PROTECTED] ~]# grep pdns /vservers/fc6/etc/passwd
pdns:!!:100:101:PowerDNS user:/:/sbin/nologin

-- 
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] apt-proxy on vserver host

2007-02-09 Thread Corey Wright 
On Fri, 9 Feb 2007 12:52:37 + (GMT)
Konstantinos Pachopoulos [EMAIL PROTECTED] wrote:

 Hi,
 i am trying to set-up apt-proxy on the root server
 of my virtual network. Do i need to tweak the
 iptables? In general, i think that i have to change
 the iptables settings only when vserver guests need to
 communicate with each other.

i don't know what your exact requirements are, but here's my apt-proxy
setup:
- debian sarge guest called apt-proxy (both vserver name, host name, and
dns name) with non-internet-routable ip address (same as local network)
- apt-proxy, and only apt-proxy, installed in apt-proxy guest
- all other guests retrieve updates by way of apt-proxy in apt-proxy guest
- apt-proxy installation currently only used by guests on same host, not
because of technical limitations, but i only use that apt-proxy for sarge
and all my sarge installations are guests on that same host

you shouldn't have to use iptables unless maybe the host has the only
externally accessible ip address (either accessible by the local network or
internet) and you'll have to route connections received by the host to the
guest.

i've never had to do any unique routing with my vserver installation (except
port-forwarding from the firewall to the ip address of the guests as my
local network is behind a NAT).

maybe i'm missing something unique about your setup and you need to share
your network configuration (ie guest, host, network).

corey
-- 
[EMAIL PROTECTED]
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] routing between host and guest

2007-02-09 Thread ADNET Ghislain 

ok found,

dnat for lo goes by -t nat -A OUTPUT and not -t nat -A prostrouting :)

--
Cordialement,
Ghislain


smime.p7s
Description: S/MIME Cryptographic Signature
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] apt-proxy on vserver host

2007-02-09 Thread Herbert Poetzl 
On Fri, Feb 09, 2007 at 12:52:37PM +, Konstantinos Pachopoulos wrote:
 Hi,
 i am trying to set-up apt-proxy on the root server
 of my virtual network. 

good idea ...

 Do i need to tweak the iptables?

unless your current iptable setup doesn't permit
this, no

 In general, i think that i have to change the iptables
 settings only when vserver guests need to communicate
  with each other.

more the other way round, you have to use iptables
to stop the guests from communicating with eachother
(like normal hosts on a network would do)

HTC,
Herbert

 Thanks
   
 ___ 
 Copy addresses and emails from any email account to Yahoo! Mail - quick, easy 
 and free. http://uk.docs.yahoo.com/trueswitch2.html
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] FC6 hangs while creating a vserver

2007-02-09 Thread Matt Paine 

Hi Daniel, thanx for the reply

(sorry daniel, i sent this one through you just you - i'll send it to 
the list as well in case someone else can help or suggest something, 
instead of monopolising your time).




I've just pushed 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.1 which (as the name
suggests) contains an update to 2.2.0-rc12 which fixes numerous bugs. If
it still happens with that kernel, the trace removed below would be needed
to track down the bug.


Same thing happened with the new kernel RPM, same place, seems to be
same everything, I'll have a go at typing out that trace for you..





-8
EIP: [7842b3ed] do_exit+0x568/0x8f0 SS:ESP 0068:817eaf6c
3BUG: sleeping function called from invalid context at kernel/rwsem.c:20
in_atomic():0, irqs_disabled():1
[78405020] dump_trace+0x69/0x1b6
[78405185] show_trace_log_lv+0x18/0x2c
[78405789] show_trace+0xf/0x11
[78405886] dump_stack+0x15/0x17
[7843dd9e] down_read+0x12/0x28
[7843523e] blocking_notifier_call_chain+0xe/0x29
[7842aea0] do_exit+0x1b/0x8f0
[7840572a] die+0x2c3/0x2e8
[78405c6b] do_invalid_op+0xa2/0xab
[7863cfa1] error_code+0x39/0x40
[7842b3ed] do_exit+0x568/0x8f0
[7842b81c] complete_and_exit+0x0/0x13
[78404053] syscall_call+0x7/0xb
[6ff5e402] 0x6ff5e402
===
Fixing recursive fault but reboot is needed!

--8-


I hope that helps track down something, i just love typing in lots of hex ;)

If you need me to try anything else let me know - i would be keen to
help in any way I can.


In the mean time I might try and install FC6 on another machine, I think
i have another one here free. See if I can reproduce on that one. At the
moment the error is happening on a Sony VAIO PCG (older model, 3-5 years
old at least). Not sure if its relevent but more information the better :)


Thankyou once again.

Matt.




___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver