Re: [Vserver] Re: quota problem
Hi, question is, on what filesystem, and with what options IIRC, ext3 is kind of hairy, as it supports two different kinds of quote, a journaled one and the 'normal' ext2 quota stuff ... ext3 with mount options: rw,noatime,usrquota,grpquota i checked also ext2, strace output after quotaon command shows: quotactl(Q_QUOTAON|USRQUOTA, /dev/hdv1, 2, {7022360269181497135, 491328337198, 210453397504, 701898877744431, 7809632559044715890, 3408187388784029541, 4707197592648237900, 7161402270843880775}) = -1 ENODEV (No such device) I think my issue was that /etc/mtab and /etc/fstab have to be correct. To get that i put them in /etc/vserver/name/apps/init/ (As far as i remember, only mail access ehre now). yes, it _is_ essential to get proper values at mount (real mount time) and mtab (for the guest) my configuration: host fstab: /dev/hdc6 /vservers ext3noatime,usrquota,grpquota 0 2 host mtab: /dev/hdc6 /vservers ext3 rw,noatime,usrquota,grpquota 0 0 host /proc/mounts: /dev/hdc6 /vservers ext3 rw,noatime,usrquota,grpquota 0 0 guest apps/init/mtab: /dev/hdv1 / ufsnoatime,usrquota,grpquota 0 2 guest /proc/monts: /dev/root / ext3 rw,noatime,usrquota,grpquota 0 0 guest fstab: /dev/hdv1 / ext3defaults,usrquota,grpquota1 1 guest mtab: /dev/hdv1 / ufsnoatime,usrquota,grpquota 0 2 Jarek Dylag ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Another bug?
I have scripts that run from the host and restart daemons inside vservers, using suexec. Eg: /usr/sbin/vserver {name} suexec {user} {cmd} These worked fine with 30.309 tools and 2.6.14 kernel. Now, with 2.6.19.2 kernel, 2.2.0-rc10 patch and 30.212 tools, the suexec no longer works and stays as root resulting in failed commands. I see nothing in the changelog or docs about a change. Is this another bug? - Lyn ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] routing between host and guest
From what i got it seems that the traffic from host to guest goes by the lo interface. The logs indicate that it does not DNAT from lo : Feb 9 12:30:30 server kernel: OUTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: POSTROUTEIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=60 TOS=0x10 PREC=0x00 TTL=64 ID=14753 DF PROTO=TCP SPT=42145 DPT=80 SEQ=3647414246 ACK=0 WINDOW=32792 RES=0x00 SYN URGP=0 Feb 9 12:30:30 server kernel: OUTPUTIN= OUT=lo SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0 Feb 9 12:30:30 server kernel: INPUTIN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=my.pub.lic.ip DST=my.pub.lic.ip LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=42145 SEQ=0 ACK=3647414247 WINDOW=0 RES=0x00 ACK RST URGP=0 my log rule in postroute is triggered bu not he one i put in prerouting is it normal that traffic on lo bypass PREROUTING or do i made a mistake here ? Chain PREROUTING (policy ACCEPT 4601 packets, 239K bytes) pkts bytes target prot opt in out source destination 0 0 pre10.11.1.1 all -- lo * 0.0.0.0/0 my.pub.lic.ip 1389 79355 pre10.11.1.1 all -- * * 0.0.0.0/0 my.pub.lic.ip regards, Ghislain. server:/usr/local/.aqadmin/home%(aqadmin) ifconfig eth0 Lien encap:Ethernet HWaddr 00:30:48:80:35:98 inet adr:my.pub.lic.ip Bcast:my.public.net.255 Masque:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:50547354 errors:0 dropped:0 overruns:0 frame:0 TX packets:46120605 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:100 RX bytes:967618327 (922.7 MiB) TX bytes:208844340 (199.1 MiB) Adresse de base:0xb000 Mémoire:f000-f002 eth0: Lien encap:Ethernet HWaddr 00:30:48:80:35:98 inet adr:10.11.1.1 Bcast:0.0.0.0 Masque:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Adresse de base:0xb000 Mémoire:f000-f002 loLien encap:Boucle locale inet adr:127.0.0.1 Masque:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:188383 errors:0 dropped:0 overruns:0 frame:0 TX packets:188383 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 lg file transmission:0 RX bytes:24591743 (23.4 MiB) TX bytes:24591743 (23.4 MiB) server:/usr/local/.aqadmin/home%(aqadmin) sudo iptables -L -vn Chain INPUT (policy ACCEPT 51M packets, 30G bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 46M packets, 3496M bytes) pkts bytes target prot opt in out source destination server:/usr/local/.aqadmin/home%(aqadmin) sudo iptables -L -vn -t nat Chain PREROUTING (policy ACCEPT 4601 packets, 239K bytes) pkts bytes target prot opt in out source destination 666 34304 pre10.11.1.1 all -- * * 0.0.0.0/0 my.pub.lic.ip Chain POSTROUTING (policy ACCEPT 9432 packets, 644K bytes) pkts bytes target prot opt in out source destination 8 518 post10.11.1.1 all -- * * 10.11.1.1 !10.11.1.1 Chain OUTPUT (policy ACCEPT 34439 packets, 2175K bytes) pkts bytes target prot opt in out source destination Chain post10.11.1.1 (1 references) pkts bytes target prot opt in out source destination 74 4562 SNAT all -- * * 0.0.0.0/00.0.0.0/0 to:my.pub.lic.ip Chain pre10.11.1.1 (1 references) pkts bytes target prot opt in out source destination 666 34304 DNAT all -- * * 0.0.0.0/00.0.0.0/0 to:10.11.1.1 server:/usr/local/.aqadmin/home%(aqadmin) telnet my.pub.lic.ip 80 Trying my.pub.lic.ip... telnet: Unable to connect to remote host: Connection refused server:/usr/local/.aqadmin/home%(aqadmin) telnet 10.11.1.1 80 Trying 10.11.1.1... Connected to
[Vserver] apt-proxy on vserver host
Hi, i am trying to set-up apt-proxy on the root server of my virtual network. Do i need to tweak the iptables? In general, i think that i have to change the iptables settings only when vserver guests need to communicate with each other. Thanks ___ Copy addresses and emails from any email account to Yahoo! Mail - quick, easy and free. http://uk.docs.yahoo.com/trueswitch2.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Another bug?
Lyn St George wrote: I have scripts that run from the host and restart daemons inside vservers, using suexec. Eg: /usr/sbin/vserver {name} suexec {user} {cmd} Is user a username or a uid? These worked fine with 30.309 tools and 2.6.14 kernel. Now, with 2.6.19.2 kernel, 2.2.0-rc10 patch and 30.212 tools, the suexec no longer works and stays as root resulting in failed commands. I think it's the other way around. If you answered username above, your old utils would've run the command as root, while 0.30.211 fixes this to understand usernames and bail out if it's not a number nor a valid username. I see nothing in the changelog or docs about a change. Is this another bug? Seems to work fine here, and this hasn't changed since 0.30.211: [EMAIL PROTECTED] ~]# vserver --version vserver 0.30.213-rc1 -- manages the state of vservers This program is part of util-vserver 0.30.213-rc1 Copyright (C) 2003,2004,2005 Enrico Scholz This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. [EMAIL PROTECTED] ~]# vserver fc6 suexec apache id uid=48(apache) gid=48(apache) groups=48(apache) [EMAIL PROTECTED] ~]# vserver fc6 suexec pdns id uid=100(pdns) gid=101(pdns) groups=101(pdns) [EMAIL PROTECTED] ~]# grep pdns /etc/passwd [EMAIL PROTECTED] ~]# grep pdns /vservers/fc6/etc/passwd pdns:!!:100:101:PowerDNS user:/:/sbin/nologin -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] apt-proxy on vserver host
On Fri, 9 Feb 2007 12:52:37 + (GMT) Konstantinos Pachopoulos [EMAIL PROTECTED] wrote: Hi, i am trying to set-up apt-proxy on the root server of my virtual network. Do i need to tweak the iptables? In general, i think that i have to change the iptables settings only when vserver guests need to communicate with each other. i don't know what your exact requirements are, but here's my apt-proxy setup: - debian sarge guest called apt-proxy (both vserver name, host name, and dns name) with non-internet-routable ip address (same as local network) - apt-proxy, and only apt-proxy, installed in apt-proxy guest - all other guests retrieve updates by way of apt-proxy in apt-proxy guest - apt-proxy installation currently only used by guests on same host, not because of technical limitations, but i only use that apt-proxy for sarge and all my sarge installations are guests on that same host you shouldn't have to use iptables unless maybe the host has the only externally accessible ip address (either accessible by the local network or internet) and you'll have to route connections received by the host to the guest. i've never had to do any unique routing with my vserver installation (except port-forwarding from the firewall to the ip address of the guests as my local network is behind a NAT). maybe i'm missing something unique about your setup and you need to share your network configuration (ie guest, host, network). corey -- [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] routing between host and guest
ok found, dnat for lo goes by -t nat -A OUTPUT and not -t nat -A prostrouting :) -- Cordialement, Ghislain smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] apt-proxy on vserver host
On Fri, Feb 09, 2007 at 12:52:37PM +, Konstantinos Pachopoulos wrote: Hi, i am trying to set-up apt-proxy on the root server of my virtual network. good idea ... Do i need to tweak the iptables? unless your current iptable setup doesn't permit this, no In general, i think that i have to change the iptables settings only when vserver guests need to communicate with each other. more the other way round, you have to use iptables to stop the guests from communicating with eachother (like normal hosts on a network would do) HTC, Herbert Thanks ___ Copy addresses and emails from any email account to Yahoo! Mail - quick, easy and free. http://uk.docs.yahoo.com/trueswitch2.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC6 hangs while creating a vserver
Hi Daniel, thanx for the reply (sorry daniel, i sent this one through you just you - i'll send it to the list as well in case someone else can help or suggest something, instead of monopolising your time). I've just pushed 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.1 which (as the name suggests) contains an update to 2.2.0-rc12 which fixes numerous bugs. If it still happens with that kernel, the trace removed below would be needed to track down the bug. Same thing happened with the new kernel RPM, same place, seems to be same everything, I'll have a go at typing out that trace for you.. -8 EIP: [7842b3ed] do_exit+0x568/0x8f0 SS:ESP 0068:817eaf6c 3BUG: sleeping function called from invalid context at kernel/rwsem.c:20 in_atomic():0, irqs_disabled():1 [78405020] dump_trace+0x69/0x1b6 [78405185] show_trace_log_lv+0x18/0x2c [78405789] show_trace+0xf/0x11 [78405886] dump_stack+0x15/0x17 [7843dd9e] down_read+0x12/0x28 [7843523e] blocking_notifier_call_chain+0xe/0x29 [7842aea0] do_exit+0x1b/0x8f0 [7840572a] die+0x2c3/0x2e8 [78405c6b] do_invalid_op+0xa2/0xab [7863cfa1] error_code+0x39/0x40 [7842b3ed] do_exit+0x568/0x8f0 [7842b81c] complete_and_exit+0x0/0x13 [78404053] syscall_call+0x7/0xb [6ff5e402] 0x6ff5e402 === Fixing recursive fault but reboot is needed! --8- I hope that helps track down something, i just love typing in lots of hex ;) If you need me to try anything else let me know - i would be keen to help in any way I can. In the mean time I might try and install FC6 on another machine, I think i have another one here free. See if I can reproduce on that one. At the moment the error is happening on a Sony VAIO PCG (older model, 3-5 years old at least). Not sure if its relevent but more information the better :) Thankyou once again. Matt. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver