Re: [Vserver] nfs permissions issues

2007-07-18 Thread Herbert Poetzl
On Wed, Jul 18, 2007 at 04:46:04PM +0100, Ben Brown wrote:
 Ben Brown wrote:
 Which Kernel option is that? Debian has been *really* helpful and spread 
  the vserver config about all over the place :S
 
 
 Scratch that, I found it:
 
 CONFIG_VSERVER_LEGACY=y
 # CONFIG_VSERVER_LEGACY_VERSION is not set
 CONFIG_VSERVER_LEGACYNET=y
 CONFIG_VSERVER_PROC_SECURE=y
 CONFIG_VSERVER_HARDCPU=y
 CONFIG_VSERVER_HARDCPU_IDLE=y
 # CONFIG_INOXID_NONE is not set
 # CONFIG_INOXID_UID16 is not set
 # CONFIG_INOXID_GID16 is not set
 CONFIG_INOXID_UGID24=y
 # CONFIG_INOXID_INTERN is not set
 # CONFIG_INOXID_RUNTIME is not set
 # CONFIG_XID_TAG_NFSD is not set
~~~
so, NFS tagging is disabled, and unless there
is a bug in the debian kernel, you should not
experience any issues with sharing files over
NFS (except for the usual NFS issues of course)

 # CONFIG_VSERVER_DEBUG is not set
 CONFIG_VSERVER=y
 CONFIG_VSERVER_SECURITY=y
 
 Any suggestions?

please try with a vanilla kernel if you can
reliably trigger it somehow (vs2.2.0.2) and
let me know how that goes ...

TIA,
Herbert

 
 Thanks,
 
 Ben
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Anounce: CentOS 5 guest image

2007-07-16 Thread Herbert Poetzl
On Mon, Jul 16, 2007 at 08:16:41AM -0500, Sandino Araico Sánchez wrote:
 Daniel Hokka Zakrisson wrote:
  Sandino Araico Sánchez wrote:

  Yum is marked unstable in Gentoo. It works sometimes but i got used to
  unpacking the guest image and running a script that creates the config
  directory and the config file... It takes me about 20 minutes to setup a
  new vservar and have it running
  
 
  What config file? You're also aware of vserver ... build -m template, yes?

 I am aware of build -m template but most of the parameters are the same
 for all my vservers so I hardcoded them in a script so I can use it with
 a small config file with only the values that change. It's not rocket
 science to create a config directory with all the correct values.
 
 The script is not general purpose. It's designed for the defaults I use
 in all my vservers (no more than 50 lines of code)... It's not intended
 to reinvent the build -m template; It's just a customization for my
 service.
  20 minutes does seem like a long time, especially if it doesn't include
  downloading the guest. What else is your script doing?

 20 minutes from registering the new vserver in the DNS, connecting to
 the server, to creating the new vserver, verifying everything works and
 sending notification to the customer

  Yum in Gentoo is sensitive to upgrades of dependencies; it breaks
  easily Whenever Yum breaks It's easier to unpack a guest image than
  revdep-rebuild.
  
 
  So, pin the few packages it does depend on? Seems to me like you're
  unnecessarily complicating the procedure.

 LibXML2 with USE=python (for example) ... My opinion is that the host
 server installation should be as minimal as possible and as hardened as
 possible Yum depends on ~10 packages I don't need for anything else.
 I can install yum and revdep-rebuild every time It breaks (I know it
 breaks every now and then), but I don't gain a huge beneffit over
 unpacking a host image and running a configuration script..
 
 Now, think about supporting not only CentOS but also Fedora, Ubuntu,
 Debian, Slackware, Gentoo, SuSE, an embedded system a friend jut cooked,
 I will end up with lots and lots of new dependency packages and several
 distinct installation procedures instead of a single unified procedure
 of unpacking a host image and running a configuration script.
 
 Perhaps you are underestimating the usefulness of host images... Perhaps
 a general purpose procedure could be a build -m template install
 followed by unpacking a host image of the Linux distro of your choice.
 If you have many vservers with many different distros you don't need to
 install all the distro-specific tools; you just need to unpack the host
 image and that's it.

hum, that is what the template build method usually does?

(from vserver - build --help)
template... -- (-t tarball)+ [-d distribution]
...  installs a guest using tarball(s)

best,
Herbert

 -- 
 Sandino Araico Sánchez 
 edce71952773051c884f6a49cc194445 8a3ac99fbf88d0c58677ffd9706081bb5471b756
 2bc1ad9b84e28ba8725ee0008c80a7f0 5945bcf00844d5a421f7b66e3c5c28467e48f2bc
 --
 2d188949024d886941f4dff4f500918d 510f47aeec377edb804439a0dae774b9d94269b9
 0732340cb5d7e7e456e091f11ae3dcb1 f78a9751c2b8f4af0b56f9f175f20172c2c38847
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Bug on 2.6.22

2007-07-16 Thread Herbert Poetzl
On Sat, Jul 14, 2007 at 09:53:21AM +0200, [EMAIL PROTECTED] wrote:
 Hello
 
 I was testing linux-2.6.22-vs2.2.0-rc5 and it crashes after 
 30 hours : here is the kern.log
 
 http://paste.linux-vserver.org/4555

tx for the feedback, should be fixed in vs2.2.0.2(-rc1)

please let us know if it fixes the issue for you too

TIA,
Herbert

 srvweb:/var/log# vserver-info
 Versions:
Kernel: 2.6.21.5-vs2.2.0-rc3
VS-API: 0x00020200
  util-vserver: 0.30.213; Jun 16 2007, 14:53:27
 
 Features:
CC: gcc, gcc (GCC) 4.1.2 20061115 (prerelease)
 (Debian 4.1.1-21)
   CXX: g++, g++ (GCC) 4.1.2 20061115 (prerelease)
 (Debian 4.1.1-21)
  CPPFLAGS: ''
CFLAGS:
 '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time'
  CXXFLAGS:
 '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'
build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
  Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,fscompat,v13,net,v21,oldproc,olduts
 ext2fs Source: e2fsprogs
 syscall(2) invocation: alternative
   vserver(2) syscall#: 273/glibc
 
 Paths:
prefix: /usr/local
 sysconf-Directory: ${prefix}/etc
 cfg-Directory: ${prefix}/etc/vservers
  initrd-Directory: $(sysconfdir)/init.d
pkgstate-Directory: ${prefix}/var/run/vservers
   vserver-Rootdir: /opt/vservers
 
 It crashes when  i just stop and restart a vserver.
 
 pmenier
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [VServer]: Question about iunlink attributes

2007-07-06 Thread Herbert Poetzl
On Wed, Jun 27, 2007 at 02:45:56PM -0700, Eric Deschenes wrote:
 Hi VServer Experts,
 
I have a question about iunlink attributes.
 
Problem description:
---
The issue I'm facing right now is that setting attributes using 
 setattr --iunlink link does not survive a unmount/mount operation.
 
I'd like to know if the attributes IU are stored in the file system 
 or in the memory somehow.
 
Setup:
--
I use vserver version 2.0.1 with vserver-util 0.30.210 - I'm limited 
 to this patch by my project's kernel version :(
I use reiserfs.
 
More background info:
--
I use the pre-COW links vserver image and vserver-utils. I'm using 
 setattr to actually restrict some files from the vserver instances to 
 prevent application in the vserver to modify those files (link targets).
What I'm currently seeing is that when I use setattr -iunlink 
 link on a link (inside the vserver), I can see it take effect with 
 showattr (so good so far), but those attribute go away when I unmount 
 the partition and remount it. (I tried without rebooting and I'm sure 
 this is the cause of the attribute lost)
 
I assumed that the setattr flags for iunlink (UI) where set in the 
 file system and were non-volatile (survive a unmount/mount operation).

yes, but only when you are using the 'attrs' flag for
the reiserfs mount ...

Is this the expected behavior?
Is there a workaround or documentation that could help me out with this?

in this specific case, you also want to use the
following bugfix (as we found out :)
probably not the only one left in 2.0 ...

http://vserver.13thfloor.at/Experimental/OBSOLETE/delta-2.6.14.3-reiserfs-fix01.diff

best,
Herbert

 Thanx for your time.
 
 
 /Éric
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] vpnc on vserver guest

2007-07-06 Thread Herbert Poetzl
On Fri, Jul 06, 2007 at 12:55:53PM -0500, Randall Smith wrote:
 I'm trying to give access to a Cisco vpn to a vserver guest, either 
 directly by launching vpnc or indirectly through the host running vpnc.
 
 The problem with launching vpnc on the guest is that it can't create the 
 tun interface.  I'm not sure why traffic doesn't forward between the 
 guest and host.  I'm guessing it's because the guest doesn't see the tun 
 interface that vpnc creates.
 
 Either way would be nice.  Any pointers?

create the tun interface on the host (make sure it is
the proper type -- tun vs. tap) and make it persistent,
then start the guest and let the vpnc use the persistent
tun device (after assigning the proper ip to the guest)

(works with openvpn and friends)

HTH,
Herbert

 Randall
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] df -h output incorrect when using quotas

2007-07-06 Thread Herbert Poetzl
On Mon, Jul 02, 2007 at 01:00:41AM +0200, diego torres wrote:
 Hi outthere!
 
 Has anyone got an explanation to this? Running a more-or-less updated
 system
 
 # uname -a
 Linux anthalia 2.6.21.3-vs2.2.0-rc1 #1 SMP Wed Jun 6 01:01:04 CEST 2007 i686 
 GNU/Linux
 
 And after ensuring that all the files under a particual guest are
 tagged as being property of the host with chxid, this two outputs
 differ by such a large amount of bytes:
 
 #du -sh
 3,9G/home/vservers/services/
 
 inside the guest:
 # df -h
 FilesystemSize  Used Avail Use% Mounted on
 /dev/hdv1 6.0G  407M  5.3G   8% /
 none  1.0G  4.0K  1.0G   1% /tmp

did you configure the start values correctly?

what tools do you use (util-vserver version)?

TIA,
Herbert

 Thanks in advance!
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Debian guest on a Gentoo Host?

2007-06-15 Thread Herbert Poetzl
On Wed, Jun 13, 2007 at 06:44:35PM +0200, Benedikt Boehm wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 jepa kazol wrote:
  Hi guys,
  I am trying to move all of my gentoo servers to debian and for now I am
  trying to install a debian guest vserver on a gentoo host. But I
  couldn't find out how to do that. Is there anyone on this list did the
  job? Please share your experiences with me...
 
 emerge debootstrap '=sys-cluster/util-vserver-0.30.213'

hmm, actually I think the tools should download the
debootstrap themselves, but of course, you can pre-
install it as well ...

best,
Herbert

 vserver name build -m debootstrap other stuff you want -- -d etch -m
 mirror url
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.4 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iD8DBQFGcB7zmPFBzbX68WERApUrAJkBt2BM13bE7m8i3inasJM5I79YXwCfcYKj
 2EDDVhaZzSuF5Kz+SNiMjxY=
 =OjkG
 -END PGP SIGNATURE-
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] best timer freq to use?

2007-06-15 Thread Herbert Poetzl
On Thu, Jun 14, 2007 at 03:55:31PM -0400, Chuck wrote:
 also, have the vserver systems been tuned around a certain timer frequency?
 
 100? or 1000? or in between somewhere? for best efficiency still allowing 
 remote terminal responsiveness under extremely heavy loads?

100 will give better overall resource utilization
and allow the system to get slighly more work done,
1000 OTOH, will increase responsiveness and reduce
latencies slightly, for the cost of slightly higher
overhead from the task switching ...

usually 100 is more than fine for non interactive
systems and up to 50 guests, but you might want to
raise that to 250 or even 1000 for 100 and more
guest systems ...

HTC,
Herbert

 -- 
 
 Chuck
 
 
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] disk scheduling ?

2007-06-06 Thread Herbert Poetzl
On Wed, Jun 06, 2007 at 10:36:25AM +0930, Admin wrote:
 On Wed, 6 Jun 2007 03:07:37 am Nicolas Cadou wrote:
  Le Tuesday 5 June 2007 06:52, Tony Lewis a écrit :
   Nicolas Cadou wrote:
Le Sunday 3 June 2007 02:15, Tony Lewis a écrit :
My context is this: one vserver runs a popular web site, and on
another one, occasionally I shift multi-gig files around, with cp. 
When I'm doing that, the website vserver grinds to a halt - well,
responds to requests quite slowly anyway.
   
Instead of cp I use rsync --bwlimit=7000, which throttles I/O to a bit
less than 7MB/s. Works for local disk-to-disk copying, and works quite
well.
  
   There's always a workaround, but that's the same as renice'ing processes
   on one vserver to be cognisant of the needs of another vserver.  It's
   what the CPU limiting handles, so vservers can be more autonomous.
 
  I never came to try it, but this might help:
 
  http://linux-vserver.org/Frequently_Asked_Questions#Disk_I.2FO_limiting.3F_
 Is_that_possible.3F
 
 A while back I made some patches for util-vserver and a vserver-patched 
 kernel 
 which implemented ionice support
 
 http://www.users.on.net/~anonc/.patches/vserver/
 
 the readme.txt file has details on requirements and usage
 
 it should be simple to adapt these to the latest releases.

maybe it would make sense to put guests (by default
or via option) into the idle class on a Linux-VServer
system/kernel?

best,
Herbert

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] New dedicated box for linux-vserver.org

2007-05-31 Thread Herbert Poetzl
On Tue, May 29, 2007 at 09:41:52AM +0200, Benedikt Boehm wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Benedikt Boehm wrote:
  Hi all,
  
  as some of you may already have noticed, the web services have
  experienced some outages during the last weeks, mostly because the
  machine is heavily overloaded.
  
  Fortunately my employer (www.newthinking-communications.de) has
  donated a dedicated box for the Linux-VServer project. I have just
  received the confirmation of our hoster, our new box is an Opteron
  1218 Dual Core, 4G RAM, 2x300G HDD, so it should be enough ;)

 Finally, the last guest has been moved (database), and things should
 be stable again from now on.

thanks for your commitment, time and efford!
we appreciate it!

best,
Herbert

 Sorry for the inconveniences,
 Bene
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.4 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iD8DBQFGW9lAmPFBzbX68WERAnaGAJ45lxaGlek+uM3OVZiqtC7VBbf+VwCeKLyt
 XAGw7LNcPOaw2UOFpmacqIE=
 =YH/8
 -END PGP SIGNATURE-
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] disk scheduling ?

2007-05-31 Thread Herbert Poetzl
On Wed, May 23, 2007 at 01:07:55AM +0200, Attila Csipa wrote:
 A question - is it possible to have something like the CPU token  
 mechanism, but for IO operations (f.e. hdd-s) ?   

there is, but the main problem here is that most of
the I/O is done asynchronous, i.e. it is not done
by the context itself, but by the kernel in general

 I have a problem where one of the contexts is really heavy on IO and  
 I'd try to limit that.

the question here is, _why_  .. maybe your service
really has a high I/O demand, maybe the service is
just badly configured ...

 The scheduler is CFQ, but that does not help much on itself, it's 
 not the scheduling itself that is the problem - if the HDD activity   
 is high, an another context, running apaches will slow down serving   
 files. Running out of children bc of the slowdown apache will start   
 forking new processes to fullfill the incoming demands, this however  
 triggers swapping after running out of ram which in turn makes
 everything even slower, starting a nasty IO bound load spiral.

well, IMHO the configuration needs some adjustments
here, for example, apache should not spawn more
workers than the memory can handle (note that workers
can serve more than one request)

 To make things (maybe) even harder, the IO intensive context is not   
 actually reading/writing all that much data but rather seeking among  
 small blocks of it.   

hmm, maybe it would be possible to keep th relevant
parts in memory, or at least use an index?

 Is there a recommended/usual way of solving IO bound problems among   
 vservers ?

really depends on the problem, my general advice is
to separate I/O bound guests and put them on a really
fast I/O system ...

 Putting in CPU limits or tokens does not help as the CPU-s are
 spending their time on idle or waiting even now so they are always
 full of tokens.

not unusual ... we thought about adding (or in this
case substracting) a penalty for I/O operations, maybe
that would be a viable solution for this kind of cases,
but I think that still needs some testing ...

HTC,
Herbert

 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] yum update screwed centos guest

2007-05-19 Thread Herbert Poetzl
On Sat, May 19, 2007 at 10:56:30AM -0400, Chuck wrote:
 On Saturday 19 May 2007 09:59, Daniel Hokka Zakrisson wrote:
  Chuck wrote:
 
   we run some centos4 x86_64 guests. just did a yum update today on
   my template and it screwed up the guest. i do not know all of the
   damage yet, it appears to run and the services appear to run but
   vserver guestname enter no longer works. thankfully i always use
   the template for update testing first ... whew..
  
   i get this when i try: vlogin: openpty(): No such file or
   directory
  
   any clues where to look? or should i just restore from a backup
   and never use yum update again? it appears it changes what it will
   with no regard for existing configuration files.
  
  It has nothing to do with configuration files. You just lost a
  (few?) device nodes. Recreate or restore /dev from a backup, or
  another guest.
 
 oh.. ok so then yum messes with devices as well.. maybe.. ok will do
 that... might have to put that into a script if it keeps doing this
 every restart..

you might configure a readonly bind mount for /dev
which should save you from this and similar trouble

HTH,
Herbert

  -- 
  Daniel Hokka Zakrisson
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
  
 
 -- 
 
 Chuck
 
 ...and the hordes of M$*ft users descended upon me in their anger,
 and asked 'Why do you not get the viruses or the BlueScreensOfDeath
 or insecure system troubles and slowness or pay through the nose 
 for an OS as *we* do?!!', and I answered...'I use Linux'. 
 The Book of John, chapter 1, page 1, and end of book
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] debian host wants centos guest

2007-05-14 Thread Herbert Poetzl
On Sat, May 12, 2007 at 11:16:33PM +0200, Daniel Hokka Zakrisson wrote:
 [EMAIL PROTECTED] wrote:
 thanks  ,
 
 
 i setup the beast and have yum installed but..:
 
 bash-3.00# yum update
 Setting up Update Process
 Setting up repositories
 not using ftp, http[s], or file for repos, skipping - Null is not a valid
 release or hasnt been released yet
 Cannot find a valid baseurl for repo: update
 Error: Cannot find a valid baseurl for repo: update
 
 i cannot seems to make this works :)
 using vyum on the host works (this is how i setup yum on the guest. But
 inside it it fails :(
 
   i tried to install whitebox linux but i failed also to find how to build
 the guest so i stick with centos :)
 
 hi,
 
 i have some finished centos 5 images for linux vserver:
 http://www.cryptronic.de/wiki/Vserver_en:images_for_openvcp
 
 to get yum working:
 
 edit /etc/yum.repos.d/CentOS-Base.repo
 
 and replace $releasever and $basearch with hardcoded values eg
 $relesevar: 5
 $basearch: i386
 
 after that yum works quite fine.
 
 Why would you do that? Why doesn't it have centos-release installed, and 
 why can't it figure out the architecture on its own?
 
 best regards
 
 oliver werner
 
 htpt://www.cryptronic.de
 
 What's HTPT? ;-)

a tpyo :)

have fun,
Herbert

 -- 
 Daniel Hokka Zakrisson
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] possibly dumb question

2007-05-13 Thread Herbert Poetzl
On Sat, May 12, 2007 at 10:51:49AM -0400, Chuck wrote:
 i am installing a workstation which i have no plans to use as a
 vserver host however there may be that possibility in the mid to far
 future...

if you add the Linux-VServer patches, you will find
an application for the features sooner than you think
(e.g. limit a service to certain ips, use the CoW
link breaking to save diskspace ...)

 are the kernels produced with the vserver patches 'improved' over std
 kernels and generally work better? or is it by its nature causing
 slight overhead compared to without?

if there is noticeable overhead, it is considered a
bug and should be reported :)

 i guess it boils down to use vserver patches on a normal workstation
 kernel or not? i have this undefined suspicion it is better with but
 would like a more factual answer :)

well, it should not hurt, of course, if you don't
need it, and/or already patched your kernel with
several other patches, I would not compile it in
just for the fun of doing it ...

HTH,
Herbert

 -- 
 
 Chuck
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

2007-05-13 Thread Herbert Poetzl
On Sat, May 12, 2007 at 08:20:01PM -0500, Corey Wright wrote:
 On Sat, 12 May 2007 17:36:24 +0200
 Herbert Poetzl [EMAIL PROTECTED] wrote:
 
  On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote:
   The problem is caused by running out of space on /tmp. 
   You mount that on tmpfs, specified in fstab in the 
   vserver-config dir:
   
   none   /tmptmpfs   size=16m,mode=1777  0 0
   
   If you remove or comment-out this line (or increase 
   the size), it works.
  
  nice one, tx, btw, 16MB for /tmp should be more
  than sufficient for properly written programs,
  (larger temporary files go to /var/tmp)
 
 i must respectfully disagree.  i have never heard of such 
 a rule and the FHS 
 (http://www.pathname.com/fhs/pub/fhs-2.3.html#VARTMPTEMPORARYFILESPRESERVEDBETWEE)
 doesn't include that justification either.

no, actually the FHS doesn't tell anything about large
vs. small files and /tmp vs /var/tmp, except for the
fact the /var/tmp must not be deleted on boot :)

but it is 'common practice' that /tmp is often kept
in memory and thus only provides limited space compared
to ~/tmp or /var/tmp ... YMMV

 and that is why i am on record as saying:
 
  btw, i hate that useless default 16 MB tmpfs mount within the guests
  and removing it from /etc/vservers/guest/fstab is one of the first
  things i do upon creating a new guest.
 - http://www.paul.sladen.org/vserver/archives/200702/0014.html

well, the mount is not really useless, on the contrary,
it can reduce the overall I/O bandwidth significantly,
and thus improve system performance ... but of course,
everybody is free to resize or remove it ...

 when i last cared to check which directory applications used for
 temporary files (to insure libpam-tmpdir, automatic per-user
 temporary directories, was effective) i only ever saw used /tmp
 (hard-coded unfortunately), TMP, or TMPDIR and those variables do not
 distinguish between maximum temporary file size.

you must be using very old software ...

$ mktemp 
/home/bertl/tmp/tmp.kNGjY29655

 i consider this the only wart of linux-vserver.

feel free to remove it for your installations ...

best,
Herbert

 corey
 -- 
 [EMAIL PROTECTED]
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

2007-05-12 Thread Herbert Poetzl
On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote:
 Hello,
 
  I made a package of my guest 'gis' (about 465 MB):
  /etc/vservers/gis (config of the image)
  /vservers/gis (home of the guest images)
 
  http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2
 
 ok, i've tried it.
 
 The problem is caused by running out of space on /tmp. 
 You mount that on tmpfs, specified in fstab in the 
 vserver-config dir:
 
 none   /tmptmpfs   size=16m,mode=1777  0 0
 
 If you remove or comment-out this line (or increase 
 the size), it works.

nice one, tx, btw, 16MB for /tmp should be more
than sufficient for properly written programs,
(larger temporary files go to /var/tmp)

best,
Herbert

 Jan

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Hashify 'etch' trouble?

2007-05-11 Thread Herbert Poetzl
On Thu, May 10, 2007 at 08:53:30PM +0200, Eugen Leitl wrote:
 On Thu, May 10, 2007 at 05:46:48PM +0100, Ben Green wrote:
 
  What I want to know is can vhashify be used within older vserver 
  setups, specifically Debian 'etch' with it's none COWed kernel. What
  precautions would I need to take and what things can't I do inside
  these guest servers?

 I've been attending a Sun workshop yesterday (about Solaris 10,
 zones/containers, and HA). There's a number of close similiarities
 between HA on linux, and Linux paravirtualization technologies
 with Solaris zones/containers. Instead of vhashify (and symlinks)
 they're using loopback filesystem (LOFS) to minimize space for shared
 resources. I'm not sure why they chose that way, and didn't go for
 simple symlinks.

well, first, we do not use symlinks for a good reason,
and second, with the loopback filesystem, which is more
like an overlay filesystem and/or --bind mount, the
actual saving is not as good as with hardlinks ...

best,
Herbert

 -- 
 Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
 __
 ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

2007-05-09 Thread Herbert Poetzl
On Wed, May 09, 2007 at 10:39:06AM +0200, Thomas Besser wrote:
 Asier Baranguán wrote:
 
  Thomas Besser escribió:
  
  Guest have the CAP_NET_BROADCAST and CAP_SYS_RESOURCE enabled. Perhaps
  you can try with other kernel.
  
  I tried several kernels till now.
  
  Whats about this CAP_SYS_RESOURCE and where/how to set it? In host or
  guest?
  
  You must write it in the bcapabilities file under the vserver
  configuration folder. It's as simple as:
  
  root # echo CAP_SYS_RESOURCE  /etc/vservers/vserver name/bcapabilities
  
  Or if you have the file, add it:
  
  root # echo CAP_SYS_RESOURCE  /etc/vservers/vserver name/bcapabilities
  
  And restart the vserver. You have some info about the capabilities and the
  meaning of this files in the linux-vserver page.
  
  http://linux-vserver.org/Capabilities_and_Flags
  
  http://linux-vserver.org/util-vserver:Capabilities_and_Flags
 
 Thanx, tried CAP_SYS_RESOURCE. Nothing changed.

not unexpected, giving any capabilities beyond the
default set can be considered a (sometimes severe)
reduction in guest security (i.e. you are handing
over control to host specific parts which can be
used either for DoS or in most cases direct control
over host specific entities)

CAP_NET_BROADCAST is not critical, as it is currently
unused :)

best,
Herbert
 
 Regards
 Thomas
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Re: Re: Re: Re: java crash in vserver...

2007-05-09 Thread Herbert Poetzl
On Wed, May 09, 2007 at 08:18:06AM +0200, Thomas Besser wrote:
 Hi Jan,
 
 Jan Zuchhold wrote:
  it's working fine for me:
  
 
  1512 [INFO] org.geotools.referencing.factory.epsg.HSQLDataSource -
  Creating cached EPSG database. It may take a few minutes.
  17611 [main] INFO org.springframework.web.context.ContextLoader - Using
  context class
  [org.springframework.web.context.support.XmlWebApplicationContext] for
  [root
  WebApplicationContext
  17611 [main] INFO org.springframework.web.context.ContextLoader - Root
  WebApplicationContext: initialization completed in 16212 ms
 
  
 
  vserver:~# cat /etc/issue
  Debian GNU/Linux 4.0
  
  vserver:~# java -version
  java version 1.6.0
  Java(TM) SE Runtime Environment (build 1.6.0-b105)
  Java HotSpot(TM) Server VM (build 1.6.0-b105, mixed mode)
  
  host:~# uname -r
  2.6.20.11-vs2.2.0.k7-smp-070502
 
 Thanx for testing. I have no clue, what my problem is and no idea how to
 resolve this.

maybe you could package up your guest (maybe
after some cleanups to preserve privacy and
reduce size), and upload it somewhere, and
maybe some folks who already had success with
your installation do the same, then try each-
others guests and see what happens ...

if the kernel/config is to blame, then your
guest should work fine on another system and
the other guest should fail on yours, no?

HTH,
Herbert
 
 Perhaps you could send me via pm your installed packages
 (dpkg --get-selections  packages) of your host and guest?
 
 Regards
 Thomas
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Re: java crash in vserver...

2007-05-02 Thread Herbert Poetzl
On Wed, May 02, 2007 at 08:47:09AM +0200, Thomas Besser wrote:
 Herbert Poetzl wrote:
 
  On Tue, Apr 24, 2007 at 09:00:19PM +0200, Herbert Poetzl wrote:
  On Tue, Apr 24, 2007 at 11:07:29AM +0200, Thomas Besser wrote:
   Herbert Poetzl wrote:
On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
The above mentioned log and also a strace run is here:
http://www.archIT.uni-karlsruhe.de/geoserver/error.log
http://www.archIT.uni-karlsruhe.de/geoserver/strace.log

will look into that after my vacation ...
   
   Perhaps you had little time to look into the error log?
  
  not yet, but I'm online for today (despite my vacation :)
  so if you pay a visit to the IRC channel, we can take a
  quick look at it ...
  
  back from my vacation now .. but the urls above give
  503 Service Unavailable ...
 
 Works again.

could you try that on a release kernel, e.g.
2.6.19.7-vs2.2.0 or 2.6.20.11-vs2.2.0?

also, what about the ulimits inside the guest?

TIA,
Herbert

  PS: you can find me on IRC :)
 
 I will try it in the afternoon.
 
 Regards
 Thomas
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] New dedicated box for linux-vserver.org

2007-05-02 Thread Herbert Poetzl
On Wed, May 02, 2007 at 02:06:10PM +0200, Benedikt Boehm wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi all,
 
 as some of you may already have noticed, the web services have
 experienced some outages during the last weeks, mostly because the
 machine is heavily overloaded.
 
 Fortunately my employer (www.newthinking-communications.de) has donated
 a dedicated box for the Linux-VServer project. I have just received the
 confirmation of our hoster, our new box is an Opteron 1218 Dual Core, 4G
  RAM, 2x300G HDD, so it should be enough ;)

great news!
please make sure to add your employer to our
Hall'o'Fame and mention the machine there 

 I will announce the downtime for migration later this week, but expect
 it to take place sometime next week...

okay, maybe we should consider moving the mailing
list there too (sooner or later)

TIA,
Herbert

 Bene
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.3 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iD8DBQFGOH6ymPFBzbX68WERAtEhAJkB8Al+x+l2vhmZI8Pispd1F7pmfQCeMdZy
 Z7ZL/vmM0ZGYrkQ+X/j2tng=
 =rX9N
 -END PGP SIGNATURE-
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-30 Thread Herbert Poetzl
On Sun, Apr 29, 2007 at 05:30:45PM -0400, Wenbin Zhang wrote:
 Actually I think the syscall error is because of strace on ARM, not because
 of vcmd.
 [EMAIL PROTECTED]:/work/test# ./vcmd
 wenbin print: num_cmd = 0, num_id = 0
 Illegal instruction
 
 [EMAIL PROTECTED]:/work/test# strace -fF -o vcmd.trace ./vcmd
 syscall: unknown syscall trap 0xef000139
 
 unknow syscall should be a strace bug, I think. The basic failure is
 becuase of illegal instruction during vserver(num_cmd, num_id, data)
 syscall.

well, the syscall trap looks fine, 313 is the syscall
on arm and it seems that util-vserver uses the same
implementation, so that should be fine too ...

you might get a warning at compile time, if that would
be interesting to have, otherwise something with your
toolchain could be wrong ...

best,
Herbert

 Thanks,
 Wenbin
 
 
 On 4/29/07, Wenbin Zhang [EMAIL PROTECTED] wrote:
 
 I traced the vcmd command. When the vcmd command is run and without
 arguments, the error is:
 syscall: unknown syscall trap 0xef000139
 
 This syscall error is occured while num_ret = vserver(num_cmd, num_id,
 data); is executed. I guss ARM is using a different method to register new
 syscall?
 
 Thanks,
 Wenbin
 
 
 On 4/29/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
 
  On Fri, Apr 27, 2007 at 01:02:34PM -0400, Wenbin Zhang wrote:
   Hello, guys,
  
   This time I build a new Vserver enabled kernel and GPE package, now
  solved
   the Illegal instruction on ARM.
   But I tried vcmd -i 42 -C ctx_create -- ps auxwww, it just simply
   hung (but I can interrupt the command).
   Any approach to solve this?
 
  strace -fF -o vcmd.trace vcmd
 
   Btw, I tried below command for the vserver kernel, seems OK.
   1)[EMAIL PROTECTED]:/work/vcmd-0.08# cat /proc/virtual/info
   VCIVersion: 0002:0002
   VCISyscall: 313
   VCIKernel:  0336
  
   2) [EMAIL PROTECTED]:/work/vcmd-0.08# setattr --~hide /proc/uptime
  
   3) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-stat
   CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
   0   49 165.9M  63.9M   0m55s76   0m24s19  10m14s64 root server
  
   4) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-info
   Versions:
 Kernel: 2.6.16.13-vs2.0.3-rc1
 VS-API: 0x00020002
   util-vserver: 0.30.212; Apr 17 2007, 18:47:18
  
   Features:
 CC: arm-angstrom-linux-gnueabi-gcc,
   arm-angstrom-linux-gnueabi-gcc (GCC) 4.1.1
CXX: arm-angstrom-linux-gnueabi-c++,
   arm-angstrom-linux-gnueabi-c++ (GCC) 4.1.1
   CPPFLAGS: ''
 CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
   -funit-at-a-time'
   CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
   -fmessage-length=0 -funit-at-a-time'
 build/host: i686-pc-linux-gnu/arm-unknown-none
   Use dietlibc: no (you have been warned)
  ~
 
 Build C++ programs: yes
 Build C99 programs: yes
 Available APIs: v13,net,v21
  ext2fs Source: kernel
  syscall(2) invocation: traditional
vserver(2) syscall#: 313/fallback
  
   Paths:
 prefix:
  sysconf-Directory: ${prefix}/etc
  cfg-Directory: ${prefix}/etc/vservers
   initrd-Directory: $(sysconfdir)/init.d
 pkgstate-Directory: ${prefix}/var/run/vservers
vserver-Rootdir: /vservers
  
   Assumed 'SYSINFO' as no other option given; try '--help' for more
   information.
  
   Seems everything is fine, but why vcmd cannot be run correctly?
 
  no idea, maybe a broken toolchain?
 
  best,
  Herbert
 
   (I can run vcmd correctly on my PC machine)
  
   Thanks,
   Wenbin
  
   On 4/27/07, Wenbin Zhang [EMAIL PROTECTED] wrote:
   
   
   
   On 4/26/07, Herbert Poetzl  [EMAIL PROTECTED] wrote:
   
On Wed, Apr 25, 2007 at 12:40:12AM -0400, Wenbin Zhang wrote:
 
 
  vcmd -i 42 -C ctx_create -- ps auxwww
  vserver: ret = 0x002A (42)
  USER   PID %CPU %MEMVSZ   RSS TTY  STAT START
  TIME
COMMAND
  root 11780   0.0  0.0   1944   672 pts/2R+   13:35
  0:00 ps
  auxwww
 
 I downloaded the vcmd source, and crosscompiled it, then copy to
  the
ARM
 phone, however, when I tried to run the command, it cannot create
  the
 process successfully, very strange...
 when I run vcmd -h, it can show the help, but  when I run 
  vcmd -i
42 -C
 ctx_create -- ps auxwww, it just hung.
 [EMAIL PROTECTED]:/work/vcmd- 0.08# ./vcmd -h
 This is ./vcmd V0.08
 options are:
  -hprint this help message
  -Adump data after syscall
  -Bdump data before syscall

 Btw, my ARM kernel is vserver enabled, I can find the
 /proc/virtual/info does exist but it is an empty file.
   
that sounds odd ...
   
 I guess might be the vserver kernel module has some
 problem

Re: [Vserver] behavior i have never seen before

2007-04-30 Thread Herbert Poetzl
On Sun, Apr 29, 2007 at 07:46:46PM -0400, Chuck wrote:
 
 it just started today. has been behaving before this. i have a vserver 
 configured to run cacti and nagios. oddly nagios runs, but does not show in 
 the process listing using ps ax. it once did. when i go to stop it with the 
 init scrip it says it cannot find the pid but if i run the init with stop 
 once more it stops it and it truly does.
 
 it appears to be hiding somehow and it appears to function normally.
 
 any clues? i don't know if this is an o/s problem that just developed or a 
 vserver situation or  a nagios configuration that i may have messed up 
 accidently or what.. stopping and starting the vserver does not make it 
 appear in the process listing although it is running.
 
 im running gentoo on the host amd64
 
 2.6.19-vs2.2.0-rc2

let's try the final version (vs2.2.0) with a recent
2.6.19.7 kernel first, and see if the issue remains

 util-vserver-0.30.212-r2

won't hurt to try one of the 0.30.213 release candidates
too, just to make sure ...

TIA,
Herbert

 and a gentoo amd64 guest.
 
 -- 
 
 Chuck
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: java crash in vserver...

2007-04-29 Thread Herbert Poetzl
On Tue, Apr 24, 2007 at 09:00:19PM +0200, Herbert Poetzl wrote:
 On Tue, Apr 24, 2007 at 11:07:29AM +0200, Thomas Besser wrote:
  Herbert Poetzl wrote:
   On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
   The above mentioned log and also a strace run is here:
   http://www.archIT.uni-karlsruhe.de/geoserver/error.log
   http://www.archIT.uni-karlsruhe.de/geoserver/strace.log
   
   will look into that after my vacation ...
  
  Perhaps you had little time to look into the error log?
 
 not yet, but I'm online for today (despite my vacation :)
 so if you pay a visit to the IRC channel, we can take a
 quick look at it ...

back from my vacation now .. but the urls above give
503 Service Unavailable ...

best,
Herbert
PS: you can find me on IRC :)

 best,
 Herbert
 
  Thanx for your help.
  
  Thomas
  
  
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-29 Thread Herbert Poetzl
On Fri, Apr 27, 2007 at 01:02:34PM -0400, Wenbin Zhang wrote:
 Hello, guys,
 
 This time I build a new Vserver enabled kernel and GPE package, now solved
 the Illegal instruction on ARM.
 But I tried vcmd -i 42 -C ctx_create -- ps auxwww, it just simply 
 hung (but I can interrupt the command).
 Any approach to solve this?

strace -fF -o vcmd.trace vcmd

 Btw, I tried below command for the vserver kernel, seems OK.
 1)[EMAIL PROTECTED]:/work/vcmd-0.08# cat /proc/virtual/info
 VCIVersion: 0002:0002
 VCISyscall: 313
 VCIKernel:  0336
 
 2) [EMAIL PROTECTED]:/work/vcmd-0.08# setattr --~hide /proc/uptime
 
 3) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-stat
 CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
 0   49 165.9M  63.9M   0m55s76   0m24s19  10m14s64 root server
 
 4) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-info
 Versions:
   Kernel: 2.6.16.13-vs2.0.3-rc1
   VS-API: 0x00020002
 util-vserver: 0.30.212; Apr 17 2007, 18:47:18
 
 Features:
   CC: arm-angstrom-linux-gnueabi-gcc,
 arm-angstrom-linux-gnueabi-gcc (GCC) 4.1.1
  CXX: arm-angstrom-linux-gnueabi-c++,
 arm-angstrom-linux-gnueabi-c++ (GCC) 4.1.1
 CPPFLAGS: ''
   CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
 -funit-at-a-time'
 CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
 -fmessage-length=0 -funit-at-a-time'
   build/host: i686-pc-linux-gnu/arm-unknown-none
 Use dietlibc: no (you have been warned)
~

   Build C++ programs: yes
   Build C99 programs: yes
   Available APIs: v13,net,v21
ext2fs Source: kernel
syscall(2) invocation: traditional
  vserver(2) syscall#: 313/fallback
 
 Paths:
   prefix:
sysconf-Directory: ${prefix}/etc
cfg-Directory: ${prefix}/etc/vservers
 initrd-Directory: $(sysconfdir)/init.d
   pkgstate-Directory: ${prefix}/var/run/vservers
  vserver-Rootdir: /vservers
 
 Assumed 'SYSINFO' as no other option given; try '--help' for more
 information.
 
 Seems everything is fine, but why vcmd cannot be run correctly? 

no idea, maybe a broken toolchain?

best,
Herbert

 (I can run vcmd correctly on my PC machine)
 
 Thanks,
 Wenbin
 
 On 4/27/07, Wenbin Zhang [EMAIL PROTECTED] wrote:
 
 
 
 On 4/26/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
 
  On Wed, Apr 25, 2007 at 12:40:12AM -0400, Wenbin Zhang wrote:
   
   
vcmd -i 42 -C ctx_create -- ps auxwww
vserver: ret = 0x002A (42)
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
  COMMAND
root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps
auxwww
   
   I downloaded the vcmd source, and crosscompiled it, then copy to the
  ARM
   phone, however, when I tried to run the command, it cannot create the
   process successfully, very strange...
   when I run vcmd -h, it can show the help, but  when I run  vcmd -i
  42 -C
   ctx_create -- ps auxwww, it just hung.
   [EMAIL PROTECTED]:/work/vcmd- 0.08# ./vcmd -h
   This is ./vcmd V0.08
   options are:
-hprint this help message
-Adump data after syscall
-Bdump data before syscall
  
   Btw, my ARM kernel is vserver enabled, I can find the
   /proc/virtual/info does exist but it is an empty file.
 
  that sounds odd ...
 
   I guess might be the vserver kernel module has some
   problem, but I cannot figure out what it is, which is the
   thing I am worrying about.
 
  there is no such thing as a Linux-VServer kernel module,
  so I'm pretty sure that is fine ...
 
   Can you think of any ideas?
 
  maybe you compiled the wrong kernel?
  maybe your toolchain is broken?
 
  Not really, I compiled other package with my tool chain, that's fine, no
 problem
 However seems vserver kernel has some problems.
 
 [EMAIL PROTECTED]:/# vserver-info
 Versions:
Kernel: 2.6.16.13-vs2.0.3-rc1-ezx6
VS-API: Illegal instruction
 [EMAIL PROTECTED]:/# vserver-stat
 Illegal instruction
 
 Strange, any possiblities?
 
 Thanks,
 Wenbin
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] [Release] Stable 2.2.0

2007-04-26 Thread Herbert Poetzl
On Wed, Apr 25, 2007 at 03:06:58PM +0200, ADNET Ghislain wrote:
 [EMAIL PROTECTED] a écrit :
 Herbert Poetzl a écrit :
 Greetings Community!
 
 after a longer rc stage, to get rid of all the
 minor issues, we proudly present the first release
 of the new stable 2.2 branch, which includes all
 the 'considered stable' features of the previous
 devel branch (2.1.x) which has been superceded by
 the 2.3.x devel branch ...
 
 http://www.13thfloor.at/vserver/s_rel26/v2.2.0/
 (tools supposed to work fine on Mandriva 2007.x)
 
 thanks to all who helped in development and did
 test the release candidates ...
 
 enjoy,
 Herbert
 
 
 should that be on the vserver website also ? :)

yep, it is, on the main page IIRC :)

http://linux-vserver.org/

 i am not too familiar with the wiki to add it myself
 as i tried and failed ;)

np ...
best,
Herbert

 -- 
 Cordialement,
 Ghislain
 



 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-26 Thread Herbert Poetzl
On Wed, Apr 25, 2007 at 12:40:12AM -0400, Wenbin Zhang wrote:
 
 
  vcmd -i 42 -C ctx_create -- ps auxwww
  vserver: ret = 0x002A (42)
  USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
  root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps
  auxwww
 
 I downloaded the vcmd source, and crosscompiled it, then copy to the ARM
 phone, however, when I tried to run the command, it cannot create the
 process successfully, very strange...
 when I run vcmd -h, it can show the help, but  when I run  vcmd -i 42 -C
 ctx_create -- ps auxwww, it just hung.
 [EMAIL PROTECTED]:/work/vcmd-0.08# ./vcmd -h
 This is ./vcmd V0.08
 options are:
  -hprint this help message
  -Adump data after syscall
  -Bdump data before syscall
 
 Btw, my ARM kernel is vserver enabled, I can find the
 /proc/virtual/info does exist but it is an empty file. 

that sounds odd ...

 I guess might be the vserver kernel module has some 
 problem, but I cannot figure out what it is, which is the
 thing I am worrying about. 

there is no such thing as a Linux-VServer kernel module,
so I'm pretty sure that is fine ...

 Can you think of any ideas?

maybe you compiled the wrong kernel?
maybe your toolchain is broken?

best,
Herbert

 Thanks,
 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] ideal setup

2007-04-26 Thread Herbert Poetzl
On Thu, Apr 26, 2007 at 03:21:44PM -0500, Matthew Nuzum wrote:
 Hello, I've been using linux-vserver for years and years. I'm getting
 ready to put a couple servers into use and it seems things have
 changed greatly since I last configured it. Namely, you can do lots of
 cool stuff that couldn't be done before.
 
 I'll admit, I'm using a budget colo facility. I want to keep my
 bandwidth down. To achieve this, I've connected the servers via eth1
 to each other to create a private lan. Ideally, all traffic between
 the hosts would use this lan. I first started struggling with the idea
 of setting up multihomed vhosts when I realized it was pure insanity
 to do so. It would be so much better to create all the vservers on the
 private lan segment and use the hosts as routers to the outside world.
 By using SNAT rules, I can keep all my vhost traffic quiet and I can
 even install different services on different vhosts. Smart, right? Am
 I on the right track here, or should I just use multi-homed vservers?
 Anyone here seen a scenario like this documented? I'd love to be able
 to stand on the shoulders of giants.
 
 Additionally, I would love to use both quota and have the benefits of
 unification. I understand that to use quotas you need a separate
 filesystem. Of course, this makes unification impossible. So I had a
 bright idea.
 
 Most of the user data, everything I think I need to count against
 quotas as a matter of fact, will be in /home. So what if I create a
 filesystem (loop for example) and somehow mount it so that it is /home
 in the vserver. Would this allow me to enable quotas on the /home area
 of the disk?

yep, but I'd suggest to use lvm volumes, because they
will give you better performance than loop files

 Lastly, what is the best way to share user accounts across several
 vservers? (possibly spanning two physical hosts) Best being simple,
 reliable, non resource intensive and secure.

on the same host: have the same filesystem
on different hosts: use a network based filesystem

HTH,
Herbert

 Thanks for your suggestions and help.
 
 -- 
 Matthew Nuzum
 newz2000 on freenode
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-24 Thread Herbert Poetzl
On Mon, Apr 23, 2007 at 04:14:49PM -0400, Wenbin Zhang wrote:
 well, depends on _what_ you install and _what_ you
 actually need, complete kernel and userspace to
 get the Linux-VServer isolation working should be
 doable without any libraries and external tools,
 just with something like vcmd, but if you want the
 full userspace stuff, including legacy and guest
 building (which I consider extreme for a phone)
 you'll have to provide a bunch of tools and libs
 too ...
 
 
 Hello, Thank you very much for your response.
 I just want to build the vserver guest, and can login the guest.

well, there are many different ways to 'build' a guest

 For example, I use below command to create the guest:
 #/sbin/vserver va780 build -m rpm --context 43 --hostname=va780 --interface
 va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg --
 -d fc6

this is one of them, although it has some bugs, like the
--hostname= which should be --hostname va780.some.domain

 #vserver va780 enter
 
 What's your mean get the Linux-VServer isolation working, I guess we
 definitely need build a guest, right?

no, guests are complex and specialized forms of the
modular isolation (processes, networking, filesystem) ...

 What's the vcmd doing? 

it issues all kinds of Linux-VServer syscall commands
and thus allows to utilize the complete Linux-VServer API

 I hardly can find downloadable source/binary for vcmd.

you must have been hardly looking then :)

http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2

best,
Herbert

 Thanks,
 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-24 Thread Herbert Poetzl
On Tue, Apr 24, 2007 at 09:05:28AM -0400, Wenbin Zhang wrote:
 Btw, Anybody run Vserver successfully on Arm phone? I am using a Moto
 E680i phone, with GPE or OPIE installed, and very doubt vserver can
 run on my platform...

if you send me a phone, I will gladly install the
necessary stuff to create a Linux-VServer guest
there and test that everything works :)

best,
Herbert

 Thanks,
 Wenbin
 
 On 4/24/07, Wenbin Zhang [EMAIL PROTECTED] wrote:
 
 Hi Martin,
 
 FC6 has not been ported to ARM. I tried -d fc6, that does not work. But
 what should be used for -d option on ARM? Thank you very much!
 
 Thanks,
 Wenibn
 
 On 4/24/07, Martin [EMAIL PROTECTED] wrote:
 
  On Mon, 2007-04-23 at 11:33 -0400, Wenbin Zhang wrote:
   Now I am using -d fc6 to build the guest.
  Has Fedora Core 6 been ported to ARM?  I didn't think it had been.
  Obviously I'm missing something.
 
  Cheers,
  - Martin
 
 
 
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-24 Thread Herbert Poetzl
On Tue, Apr 24, 2007 at 11:43:54AM -0400, Wenbin Zhang wrote:
 
  For example, I use below command to create the guest:
  #/sbin/vserver va780 build -m rpm --context 43 --hostname=va780
 --interface
  va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg
 --
  -d fc6
 
 this is one of them, although it has some bugs, like the
 --hostname= which should be --hostname va780.some.domain
 
 
 The other ways mean vcmd, right?
 But I reviewed the page
 http://linux-vserver.org/VCMD_HowTo
 
 Seems no way to create isolated process, right?

why do you think so? vcmd can do everything necessary
for context isolation and context setup (for both,
process and network contexts)

vcmd -i 42 -C ctx_create -- ps auxwww
vserver: ret = 0x002A (42)
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps auxwww

best,
Herbert

 #vserver va780 enter
 
  What's your mean get the Linux-VServer isolation working, I guess we
  definitely need build a guest, right?
 
 no, guests are complex and specialized forms of the
 modular isolation (processes, networking, filesystem) ...
 
  What's the vcmd doing?
 
 it issues all kinds of Linux-VServer syscall commands
 and thus allows to utilize the complete Linux-VServer API
 
 
 Thanks :-) Any detailed documents other than
 http://linux-vserver.org/VCMD_HowTo ?
 
 I hardly can find downloadable source/binary for vcmd.
 
 you must have been hardly looking then :)
 
 http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2
 
 
 Thanks ..
 
 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: java crash in vserver...

2007-04-24 Thread Herbert Poetzl
On Tue, Apr 24, 2007 at 11:07:29AM +0200, Thomas Besser wrote:
 Herbert Poetzl wrote:
  On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
  The above mentioned log and also a strace run is here:
  http://www.archIT.uni-karlsruhe.de/geoserver/error.log
  http://www.archIT.uni-karlsruhe.de/geoserver/strace.log
  
  will look into that after my vacation ...
 
 Perhaps you had little time to look into the error log?

not yet, but I'm online for today (despite my vacation :)
so if you pay a visit to the IRC channel, we can take a
quick look at it ...

best,
Herbert

 Thanx for your help.
 
 Thomas
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-24 Thread Herbert Poetzl
On Tue, Apr 24, 2007 at 02:18:57PM -0400, Wenbin Zhang wrote:
 On 4/24/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
 
 On Tue, Apr 24, 2007 at 11:43:54AM -0400, Wenbin Zhang wrote:
  
   For example, I use below command to create the guest:
   #/sbin/vserver va780 build -m rpm --context 43 --hostname=va780
  --interface
   va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase
 /vserver1/.pkg
  --
   -d fc6
  
  this is one of them, although it has some bugs, like the
  --hostname= which should be --hostname va780.some.domain
 
 
  The other ways mean vcmd, right?
  But I reviewed the page
  http://linux-vserver.org/VCMD_HowTo
 
  Seems no way to create isolated process, right?
 
 why do you think so? vcmd can do everything necessary
 for context isolation and context setup (for both,
 process and network contexts)
 
 vcmd -i 42 -C ctx_create -- ps auxwww
 vserver: ret = 0x002A (42)
 USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
 root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps auxwww
 
 Thanks! That's pretty good.

 One more question, If I create 3 vserver processes by this way, and I
 allow the 3 processes can access only certain files in my machine, for
 example, only 4 files on my systems.

 Can I group the 3 processes and 4 files together? 

yes, somewhat ...

 say, they can see each other on their vserver domain, but they will
 not be accessible by other program on my host machine?

no, as the host context is also the admin context,
it will have access to those processes and files in
some way ... but you can keep them separate from 
eachother or another group of processes ...

 Thanks,
 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] bastion host

2007-04-23 Thread Herbert Poetzl
On Mon, Apr 23, 2007 at 11:52:10AM +0200, Baltasar Cevc wrote:
 Hi Gislain,
 
 On 23.04.2007, at 09:27, ADNET Ghislain wrote:
 I run vserver to isolate webserver from the real host. From time to  
 time i have a process than run wild and block everything. I cannot  
 even connect (ssh) to the Host. Which would be the more efficient  
 way to configure the system so that vservers cannot prevent the  
 host to work even if they are at max disk/network/cpu usage.
 
 
  The host itself does only run ssh and some monitoring tool. So it  
 stay idle most of the time.
 
  The goal is to allways be able to connect to the host and manage  
 things from here to recover from issues. What best practice do  
 you use with vservers to acheive this goal ?
 
 You'll have to configure resource limits -  see the following wiki  
 pages for details:
  - http://linux-vserver.org/Resource_Limits
  - http://linux-vserver.org/Memory_Limits
 
 However, there's one thing I wasn't able to cure using these: when  
 guest and host use the same HDD, the host can become horribly slow  
 when a guest does serious IO (I had that problem on a machine with a  
 single PATA drive). This did'nt prevent a login, though, the only  
 thing was everything was painfully slow when the machine was 99%  
 waiting for IO.

enabling cfq I/O scheduler should help a lot here
as it is adjusted based on the context information

best,
Herbert

 Baltasar
 
 
 ((( Baltasar Cevc
 
 
 ) World wide web:
   # http://www.openairkino.net/ (a project for the local youth;  
 German only)
   # http://technik.juz-kirchheim.de/ (programming and admin projects)
   # http://baltasar.cevc-topp.de/ (private homepage)
 ) Phone:
   +49 176 23 22 08 22
 )
 
 



 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-23 Thread Herbert Poetzl
On Mon, Apr 23, 2007 at 11:33:12AM -0400, Wenbin Zhang wrote:
 Now I am using -d fc6 to build the guest. After this, I found
 vserver need lots of supporting program:

 bzip2, cmp, rpm, yum, python, I have to cross compile them one by
 one and install them in the phone. Now I still found it need some
 libraries supporting, like libstdc++.so.6.. etc. Maybe it still need
 more libraries, any idea? I don't know whether I can make vserver work
 on phone, it seems too complicated.

well, depends on _what_ you install and _what_ you
actually need, complete kernel and userspace to
get the Linux-VServer isolation working should be
doable without any libraries and external tools,
just with something like vcmd, but if you want the
full userspace stuff, including legacy and guest
building (which I consider extreme for a phone)
you'll have to provide a bunch of tools and libs
too ...

best,
Herbert

 Thanks,
 Wenbin
 
 On 4/20/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
 
 On Fri, Apr 20, 2007 at 12:01:26PM -0400, Wenbin Zhang wrote:
  Hi Herbert and Martin,
 
  Now I solved the getopt problem with recompiling the util-vserver
 package
  for ARM, thanks!
 
  Now The vserver script seems can run,
  [EMAIL PROTECTED]:/sbin# vserver
  Usage: /sbin/vserver vserver
 
 {start|stop|suexec|restart|condrestart|exec|enter|chkconfig|running|status|delete}
 
  However, I tried to run
  #vserver va780 build -m yum --context 43 --hostname=va780 --interface
 ~~~
  va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg
 --
  -d gpe
 
 you probably have to 'define' that distro first,
 at least I don't think it is present in the defaults
 
  to create a vserver, it told me:
  ERROR: Can not find configuration for the distribution 'a780';
   please read http://linux-vserver.org/HowToRegisterNewDistributions
   for information how to add support for your own distribution.
 
  However, if I remove the -d option, it told me:
  ERROR: Can not determine distribution; please specify it manually with
   the '-d' option.
 
  Any ideas? What distribution should be used for Arm? thanks!
 
 you could try debian?
 
 best,
 Herbert
 
  Wenbin
 
  On 4/20/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
  
  On Fri, Apr 20, 2007 at 09:35:13AM -0400, Wenbin Zhang wrote:
   Hi All,
  
   Anybody has experiences for Vserver on ARM? I have lots of problems
   for this.
  
  yep, seems to works fine here ...
  
   Firstly I compiled the kernel with Vserver, then compiled the
   util-vserver. However I haven't made the util-vserver run on my Arm
   phone. The first reason is my arm phone doesnot support Bash while
   vserver script is based on Bash. Then I installed the Arm Bash on my
   phone. The next problem is getopt. 'Getopt' is required for Vserver
   script, but I cannot find a good Getopt source and compile it on Arm.
  
  the getopt is a standalone tool which is part of
  util-linux (so it should be easy to rebuild that
  for arm) alternatively you can use the bash bult-
  in getopts ...
  
   And I also noticed duing Vserver setup phase, the program need
 connect
   with outside to download some package.
  
  not really, but it depends on the build method
  e.g. template based build methods will not need
  any network access, while network :) based ones
  will 
  
   I still haven't find an easy way to connect the Arm phone with
   internet.
  
  should be fairly trivial via bluetooth, just make
  a pairing with a laptop and configure the network
  to route over it, and masquerade the phone's ip
  (probably private) ...
  
   I am still thinking.. Anybody can share some experiences for
   this? thanks!
  
  best,
  Herbert
  
   Wenbin
  
   ___
   Vserver mailing list
   Vserver@list.linux-vserver.org
   http://list.linux-vserver.org/mailman/listinfo/vserver
  
  
 
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
 
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] vnamespace -e 666 mount changed behaviour, guest mounts no longer displayed

2007-04-22 Thread Herbert Poetzl
On Sat, Apr 21, 2007 at 12:45:13AM +0200, Oliver Welter wrote:
 Hi Folks,
 
 I used the chance to upgrade my boxes and ran into one big issue now:
 
 I use nagios to monitor my disks, the setup is done like follows:
 
 * I have one partition per vserver guest
 * the partition is mounted into the guest via the guests fstab 
 (/dev/drbd/www1  /data  ext3  defaults 0 0)
 
 I used vnamespace -e xid check_disk www1 which runs a nagios script 
 in the namespace of the guest. The nagiso script basically runs a 
 mount and greps the output.
 
 Now, ergh - what happens:
 
 Old behaviour:
Kernel: 2.6.15.4-vs2.1.1-rc6-gentoo
VS-API: 0x00020001
  util-vserver: 0.30.210; Feb 17 2006, 22:32:37
 
 
 box$ vnamespace -e www2 mount
 ...lot of mounts on the root box

that will show whatever is in /etc/mtab, not the 
actual mounts, which are in /proc/mounts

 /dev/drbd/www2 on /vservers/www2/data type ext3 (rw,nodev,data=ordered)
 tmpfs on /vservers/www2/dev type tmpfs (rw)
 none on /vservers/www2/proc type proc (rw,nodiratime,nodev)
 
 
 New behaviour:
Kernel: 2.6.20-vs2.2.0-gentoo
VS-API: 0x00020200
  util-vserver: 0.30.212; Apr  9 2007, 02:27:57
 
 box$ vnamespace -e www1 mount
 ...lot of mounts on the root box
 tmpfs on /vservers/wwwtemplate/dev type tmpfs (rw,size=100k)
 tmpfs on /vservers/netqmail/dev type tmpfs (rw,size=100k)
 
 The drbd mount is missing, though the nagios script fails.

 Any ideas ???

well, first, where is the mount done?
i.e. on the host or inside the guest?

TIA,
Herbert

 Oliver
 -- 
 Diese Nachricht wurde digital unterschrieben
 oliwel's public key: http://www.oliwel.de/oliwel.crt
 Basiszertifikat: http://www.ldv.ei.tum.de/page72
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Linux-VServer Live CD?

2007-04-20 Thread Herbert Poetzl
On Fri, Apr 20, 2007 at 01:27:42AM -0400, Daniel Clark wrote:
 Has anyone made a LiveCD for Linux-VServer?

as mentioned on IRC, Knoppix should have some support
for booting a Linux-VServer enabled kernel, although
I do not have the details and/or know what version ...

 If not, any hints/tips/warnings/recommendations for an OS base?
 
 I am looking for a way to demo a client/server application, and
 Linux-VServer with the vunify functionality at first glance looks
 like it could be ideal.
 
 The CD itself would have the minimal OS and vserver-enabled kernel,
 and vunifiy-ed filesystems of the server and clients (which wouldn't
 differ by that much), and any changes during the run would be written
 to ramdisk.
 
 Based on a previous thread it sounded like Linux-VServer has its own
 Copy-on-Write (CoW) functionality, removing the need for unionfs/aufs
 for the virtual machines themselves (although I assume you'd still
 want it enabled in a small ram disk for the rest of the CD).

yes and no, CoW Link Breaking is there, which is probably
not what you have in mind when you talk about unionfs ...

i.e. it allows you to have hard linked files on a read-write
filesystem which will be copied (on demand) by the kernel 
when written to ...

nevertheless, I can easily imagine having a tmpfs based
demo setup with a bunch of Linux-VServer guests (they can
be as small as 20MB, but usually will take 180-220MB)
utilizing unification to run a number of them (10-30)
completely from RAM ...

so keep brain storming/asking/checking ...

best,
Herbert

 -- 
 Daniel Clark # http://dclark.us # http://opensysadmin.com
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-20 Thread Herbert Poetzl
On Fri, Apr 20, 2007 at 09:35:13AM -0400, Wenbin Zhang wrote:
 Hi All,
 
 Anybody has experiences for Vserver on ARM? I have lots of problems
 for this.

yep, seems to works fine here ...

 Firstly I compiled the kernel with Vserver, then compiled the
 util-vserver. However I haven't made the util-vserver run on my Arm
 phone. The first reason is my arm phone doesnot support Bash while
 vserver script is based on Bash. Then I installed the Arm Bash on my
 phone. The next problem is getopt. 'Getopt' is required for Vserver
 script, but I cannot find a good Getopt source and compile it on Arm.

the getopt is a standalone tool which is part of
util-linux (so it should be easy to rebuild that
for arm) alternatively you can use the bash bult-
in getopts ...

 And I also noticed duing Vserver setup phase, the program need connect
 with outside to download some package. 

not really, but it depends on the build method
e.g. template based build methods will not need
any network access, while network :) based ones
will 

 I still haven't find an easy way to connect the Arm phone with
 internet. 

should be fairly trivial via bluetooth, just make
a pairing with a laptop and configure the network
to route over it, and masquerade the phone's ip
(probably private) ...

 I am still thinking.. Anybody can share some experiences for
 this? thanks!

best,
Herbert

 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] suse/fedora on a as a VPS

2007-04-20 Thread Herbert Poetzl
On Fri, Apr 20, 2007 at 04:58:56PM +0200, Daniel wrote:
 Hi all,
 
 i tryid to install fedora for a vps on my host.
 I do i like:
 
 vhost04:~# vserver test0 build -m apt-rpm --hostname test0.nowhe.re 
 --interface 10.0.1.0 --netdev eth0 --netprefix 23 --context 42 -- -d fc4
 
 then i get follwing errors:
 
 ***  rpm-fake-resolver was built with glibc;  please do  ***
 ***  not report errors before trying a dietlibc version. ***
~~

 ***  rpm-fake-resolver was built with glibc;  please do  ***
 ***  not report errors before trying a dietlibc version. ***
~~

 rpm-fake-resolver: vc_ctx_migrate(): No such process
 rpm-fake.so: failed to initialize communication with resolver
 
 
 any1 know how i can fix it?

what part of 'please do not report errors before trying a 
dietlibc version' was hard to understand?

best,
Herbert
 
 -- 
 Mit freundlichen Grüßen
 Daniel
 mailto:[EMAIL PROTECTED]
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] anybody has experience for Vserver on ARM

2007-04-20 Thread Herbert Poetzl
On Fri, Apr 20, 2007 at 12:01:26PM -0400, Wenbin Zhang wrote:
 Hi Herbert and Martin,
 
 Now I solved the getopt problem with recompiling the util-vserver package
 for ARM, thanks!
 
 Now The vserver script seems can run,
 [EMAIL PROTECTED]:/sbin# vserver
 Usage: /sbin/vserver vserver
 {start|stop|suexec|restart|condrestart|exec|enter|chkconfig|running|status|delete}
 
 However, I tried to run
 #vserver va780 build -m yum --context 43 --hostname=va780 --interface
~~~
 va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg --
 -d gpe

you probably have to 'define' that distro first,
at least I don't think it is present in the defaults

 to create a vserver, it told me:
 ERROR: Can not find configuration for the distribution 'a780';
  please read http://linux-vserver.org/HowToRegisterNewDistributions
  for information how to add support for your own distribution.
 
 However, if I remove the -d option, it told me:
 ERROR: Can not determine distribution; please specify it manually with
  the '-d' option.
 
 Any ideas? What distribution should be used for Arm? thanks!

you could try debian?

best,
Herbert

 Wenbin
 
 On 4/20/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
 
 On Fri, Apr 20, 2007 at 09:35:13AM -0400, Wenbin Zhang wrote:
  Hi All,
 
  Anybody has experiences for Vserver on ARM? I have lots of problems
  for this.
 
 yep, seems to works fine here ...
 
  Firstly I compiled the kernel with Vserver, then compiled the
  util-vserver. However I haven't made the util-vserver run on my Arm
  phone. The first reason is my arm phone doesnot support Bash while
  vserver script is based on Bash. Then I installed the Arm Bash on my
  phone. The next problem is getopt. 'Getopt' is required for Vserver
  script, but I cannot find a good Getopt source and compile it on Arm.
 
 the getopt is a standalone tool which is part of
 util-linux (so it should be easy to rebuild that
 for arm) alternatively you can use the bash bult-
 in getopts ...
 
  And I also noticed duing Vserver setup phase, the program need connect
  with outside to download some package.
 
 not really, but it depends on the build method
 e.g. template based build methods will not need
 any network access, while network :) based ones
 will 
 
  I still haven't find an easy way to connect the Arm phone with
  internet.
 
 should be fairly trivial via bluetooth, just make
 a pairing with a laptop and configure the network
 to route over it, and masquerade the phone's ip
 (probably private) ...
 
  I am still thinking.. Anybody can share some experiences for
  this? thanks!
 
 best,
 Herbert
 
  Wenbin
 
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
 
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Vserver and VRF support

2007-04-15 Thread Herbert Poetzl
On Sat, Apr 14, 2007 at 10:51:31AM +0200, Benny Amorsen wrote:
  DHZ == Daniel Hokka Zakrisson [EMAIL PROTECTED] writes:
 
 DHZ Albert Mak (almak) wrote:
  Is there any work done to make Vserver work with VRF? -Albert
 
 DHZ Meaning multiple routing tables? That's already the recommended
 DHZ way to set different default routes for the guests. Works the
 DHZ same way they do in Linux.
 
 It would be very useful to be able to say that traffic from a
 particular vserver needs to go through a particular routing table.

 Right now you have to match on IP address.

that is what IP level isolation is about, separating
networking by IPs ...

 OpenVZ is nicer for this, because each guest gets its own routing
 table which can be manipulated with the normal ip route ... commands.

and as it uses a separate network stack for each guest,
it also adds roughly twice the overhead to networking,
and consumes more than twice the amount of resources ...

 Even policy routing is supported.

not everybody wants/needs virtualized network stacks,
actually only a few, non ip based apps require it to
work properly, but mainline will provide layer 2
virtualization (in addition to the layer 3 isolation
Linux-VServer does) soon, and of course we will support
that too ...

so in the near future you can decide if you prefer to
have a virtual network stack with significant overhead
or just IP isolation with no measureable overhead ...

best,
Herbert

 /Benny
 
 
 ___
 Vserver mailing list
 [EMAIL PROTECTED]
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

2007-04-14 Thread Herbert Poetzl
On Sat, Apr 14, 2007 at 11:52:22AM +0200, Thorsten Büker wrote:
 Hi Herbert,
 
 Btw, in the meantime I noticed that netstat -pantu neither outputs 
 any listening daemons nor any connections -- independent of the version 
 of used util-vserver. With the old 2.6.17.14 kernel, this command 
 worked fine. Did anyone struggle about the same behaviour?
 inside a guest or where?
 Inside the guest, yes.

 could you try with vs2.2.0 without grsec?

 Unfortunately (well, indeed not unfortunately ;-)) the concerned 
 machines run in productive state, so I'm not eager rebooting them using 
 another kernel. Is there any other way to produce a helpful hint on the 
 netstat issue?

you can try to do strace -fF -o netstat.trace netstat -pantu
and check/upload the resulting netstat.trace file somewhere
maybe it gives some clue to the folks combining Linux-VServer
with grsec ...

 If not, I might build a kernel without grsec and test it in the late 
 evening.

if it happens with vs2.2.0 (without any other patches) then
it is considered a Linux-VServer issue/bug and will be fixed

here on a test server with vs2.2.0, I get the following:
 
# netstat -pantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address 
State   PID/Program name   
tcp0  0 10.0.0.1:10026  0.0.0.0:*   
LISTEN  32480/master
tcp0  0 10.0.0.1:80 0.0.0.0:*   
LISTEN  32467/httpd 
tcp0  0 10.0.0.1:5432   0.0.0.0:*   
LISTEN  32146/postmaster
tcp0  0 10.0.0.1:25 0.0.0.0:*   
LISTEN  32480/master
udp0  0 10.0.0.1:34300  10.0.0.1:34300  
ESTABLISHED 32146/postmaster

HTH,
Herbert

 kind regards,
   Thorsten
 ___
 Vserver mailing list
 [EMAIL PROTECTED]
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] java crash in vserver...

2007-04-13 Thread Herbert Poetzl
On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
 Hi,
 
 I'm trying to install 'geoserver' (http://geoserver.org, written in Java,
 version 1.5.0-rc4) into a linux vserver (host and guest debian etch).
 
 On a fresh installed and native etch box this installation runs without
 problems, so the problem seems to be vserver specific.
 
 Installation crashes with an java error in conjunction with libc, as far as
 I understand the error output:

first, check it on the host, maybe you have changed
certain settings in the kernel which are affecting
this specific application

 3510 [INFO] org.geotools.referencing.factory.epsg.HSQLDataSource - Creating
 cached EPSG database. It may take a few minutes.
 #
 # An unexpected error has been detected by HotSpot Virtual Machine:
 #
 #  SIGBUS (0x7) at pc=0xb7e43ccf, pid=24680, tid=3084740832
 #
 # Java VM: Java HotSpot(TM) Client VM (1.5.0_10-b03 mixed mode, sharing)
 # Problematic frame:
 # C  [libc.so.6+0x6cccf]  memcpy+0x2f
 #
 # An error report file with more information is saved as hs_err_pid27177.log

then, make sure that the gust installation is 
identical to the 'native etch box', i.e. contains
all the libraries and stuff ...

 # If you would like to submit a bug report, please visit:
 #   http://java.sun.com/webapps/bugreport/crash.jsp
 #
 
 Are there any known problems with java applications in vserver?
 http://linux-vserver.org/Problematic_Programs says nothing about java.

none we would know of ...

 I tested it also with several JDK's directly from SUN (also jdk1.6), always
 the same error. Also I tested another java application (ApacheDS) without
 problems.
 
 The above mentioned log and also a strace run is here:
 http://www.archIT.uni-karlsruhe.de/geoserver/error.log
 http://www.archIT.uni-karlsruhe.de/geoserver/strace.log

will look into that after my vacation ...

best,
Herbert

 Any hints what could be done for getting more informations for
 troubleshooting?
 
 Thanx in advance...
 Thomas
 
 ___
 Vserver mailing list
 [EMAIL PROTECTED]
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Roadmap

2007-04-12 Thread Herbert Poetzl
On Tue, Apr 03, 2007 at 07:06:39PM +0200, Jaroslav Tomecek wrote:
 Hi,

 I am looking for some roadmap and plans of future development
 of Linux-VServer. Could you give me a hand?

there are many areas we will work on in the future,
but ATM, the main focus is on mainline (kernel.org)
virtualization and isolation, and to make sure that
it doesn't add unnecessary overhead ...

best,
Herbert

PS: Linux-VServer development is mostly event driven,
and I guess that will stay so in the future ...

 Thx, Jarda
 
 ___
 Vserver mailing list
 [EMAIL PROTECTED]
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

2007-04-12 Thread Herbert Poetzl
On Wed, Apr 11, 2007 at 04:55:11PM +0200, Thorsten Büker wrote:
 
 Btw, in the meantime I noticed that netstat -pantu neither outputs any 
 listening daemons nor any connections -- independent of the version of 
 used util-vserver. With the old 2.6.17.14 kernel, this command worked 
 fine. Did anyone struggle about the same behaviour?
 
 inside a guest or where?
 
 Inside the guest, yes.

could you try with vs2.2.0 without grsec?

TIA,
Herbert

 kind regards,
   Thorsten
 ___
 Vserver mailing list
 [EMAIL PROTECTED]
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

2007-04-11 Thread Herbert Poetzl
On Tue, Apr 10, 2007 at 08:58:59PM +0200, Thorsten Büker wrote:
 Hi Daniel, hi list,
 
 And that's the only thing you changed? It's the exact same kernel, with 
 the same configuration?
 
 Yes, it's the 2.6.19.7 kernel with an unchanged configuration -- just 
 replaced the util-vserver package.
 
 Btw, in the meantime I noticed that netstat -pantu neither outputs any 
 listening daemons nor any connections -- independent of the version of 
 used util-vserver. With the old 2.6.17.14 kernel, this command worked 
 fine. Did anyone struggle about the same behaviour?

inside a guest or where?

TIA,
Herbert

 kind regards,
   Thorsten
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] How to unsubscribe? http://list.linux-vserver.org/mailman/listinfo/vserver doesn't work...

2007-04-05 Thread Herbert Poetzl
On Thu, Apr 05, 2007 at 04:19:58PM +0200, Guenther Fuchs wrote:
 Hi there,
 
 on Thursday, April 5, 2007 at 3:20:04 PM there was posted:
 
 MSZ The directions included (as a header on every mail) from the list mailer 
 is:
 
 MSZ List-Unsubscribe:
 MSZ mailto:[EMAIL PROTECTED]
 
 You're right, my post had the incorrect mailing adress as the folder
 rules changed it locally.
 
 MSZ If that header is correct then;
 MSZ Send an empty mail from the subscribed address to:
 MSZ [EMAIL PROTECTED]
 MSZ with the subject: unsubscribe
 
 The header is correct. Beside that (@bertl): list.linux-vserver.org
 should work though, it seems only, the httpd has died there for some
 reason.

it was reported to our Mailing List manager a week
ago now .. I hope he soon finds the time to take
a look now soon ...

best,
Herbert

 -- 
 regards 'n greez,
 
 Guenther Fuchs
 (aka muh and powerfox)
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


[Vserver] [Release] Stable 2.2.0

2007-04-01 Thread Herbert Poetzl

Greetings Community!

after a longer rc stage, to get rid of all the
minor issues, we proudly present the first release
of the new stable 2.2 branch, which includes all
the 'considered stable' features of the previous
devel branch (2.1.x) which has been superceded by
the 2.3.x devel branch ...

http://www.13thfloor.at/vserver/s_rel26/v2.2.0/
(tools supposed to work fine on Mandriva 2007.x)

thanks to all who helped in development and did
test the release candidates ...

enjoy,
Herbert

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] CIFS-mounts in vserver guests

2007-03-29 Thread Herbert Poetzl
On Thu, Mar 29, 2007 at 06:38:50PM +0200, Wilhelm Meier wrote:
 Hi all,
 
 I would like to reactivate an old topic, that is mounting cifs-shares
 inside a vserver guest. I tried this some time ago with no luck:
 
 http://www.paul.sladen.org/vserver/archives/200610/0032.html
 
 Was there any activity on this topic in the mean time?

not that I would know of ...

 If there is interest in this, I would like to offer some time 
 to do the testing ;-)

okay, good, first step, please try with vs2.2.0-rc21
maybe it started working in the meantime :)

then, as mentioned in the previous email, try to
catch me on the irc channel (#vserver @ irc.oftc.net)

TIA,
Herbert

 -- 
 Wilhelm Meier
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] xdmcp on host and vserver

2007-03-27 Thread Herbert Poetzl
On Tue, Mar 27, 2007 at 11:45:42AM +0200, Lars Brandi Jensen wrote:
 Hi
 
 I am having a little problem getting xdmcp working from my gentoo 
 guest. It is installed with kdm and when i try to connect i get the   
 greeter from my host. 

 I guess it is similar to #30 in the FAQ.

yep, looks like your host's X/xdmcp has already bound to
all IPs and thus the guest cannot bind his IP

 Is there any references to setting up xdmcp and kdm in a guest around.

no, but it should be quite simple, here with an older
gdm, I just go to the configuration/security setup and
change the listen ip to something more appropriate

HTH,
Herbert

 Lars Brandi Jensen
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Problems with Knoppix 5.2 (which should be Vserver-enabled...)

2007-03-21 Thread Herbert Poetzl
On Wed, Mar 21, 2007 at 03:09:48PM +0100, Gerhard Hofmann wrote:
 Hi all,
 
 I have some Vserver hosts running that were setup according to this HowTo:
 http://www.howtoforge.com/linux_vserver_debian
 
 Because these are quite a lot of steps I always thought it would be nice
 to have a Debian distro that is Vserver-enabled out-of-the-box.

debian already includes Linux-VServer to some extend,
so if you install the proper debian vserver kernel,
you will get an older but mostly working install ...

 Now, in the recenct release of German magazine c't, there was a Knoppix
 5.2 CD which claims to be Vserver-ready.
 
 Has anybody here already tried Knoppix 5.2 and can share his or her
 experiences?
 
 I booted Knoppix, tried to setup a Vserver like this:
 vserver vserver1 build \
 -n vserver1 \
 --hostname vserver1 \
 --interface eth0:192.168.1.133/24 \
 -m debootstrap -- -d sarge
 
 I get this error message:
 /etc/vservers/.defaults/vdirbase/vserver1: Function not implemented

first, unless they changed something, you want to use
the following command:

 vserver vserver1 build \
--context 666 \
--hostname vserver1.test.org \
--interface eth0:192.168.1.133/24 \
-m debootstrap -- -d sarge

 Any ideas? Or any other Vserver-ready distro out there?

IIRC, there are kernel packages for RH/Fedora, Debian and Gentoo
and userspace tool packages for most known distros ...

note: personally I'm against binary kernel packages ... YMMV

HTH,
Herbert

 TIA
 Gerhard
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Problems with Knoppix 5.2 (which should be Vserver-enabled...)

2007-03-21 Thread Herbert Poetzl
On Wed, Mar 21, 2007 at 05:03:39PM +0100, Gerhard Hofmann wrote:
 Hi all,
 
 I have some Vserver hosts running that were setup according to this HowTo:
 http://www.howtoforge.com/linux_vserver_debian
 
 Because these are quite a lot of steps I always thought it would be nice
 to have a Debian distro that is Vserver-enabled out-of-the-box.
 
 Now, in the recenct release of German magazine c't, there was a Knoppix
 5.2 CD which claims to be Vserver-ready.
 
 Has anybody here already tried Knoppix 5.2 and can share his or her
 experiences?
 
 I booted Knoppix, tried to setup a Vserver like this:
 vserver vserver1 build \
 -n vserver1 \
 --hostname vserver1 \
 --interface eth0:192.168.1.133/24 \
 -m debootstrap -- -d sarge
 
 I get this error message:
 /etc/vservers/.defaults/vdirbase/vserver1: Function not implemented
 
 Any ideas? Or any other Vserver-ready distro out there?

see previous answer ...

best,
Herbert

 TIA
 Gerhard
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] how to make default system running on the top of one vserver?

2007-03-19 Thread Herbert Poetzl
On Mon, Mar 19, 2007 at 12:45:38AM -0400, Wenbin Zhang wrote:
 Hello Guys,
 
 I have one question here, how to make default system running on the top of
 one vserver? That is:
 
 -
  vserver
 ---
  host linux
 
  hardware
 ---
 
 1) I setup one server on the default host system.
(Both the host system and the verser are linux).

hopefully, otherwise it won't work, it's not a VM or
VMM, Linux-VServer is OS-Level virtualization :)

 2) After the machine power on and boot, the whole 
thing will be taken over by the vserver, say, 
the GUI display, the input are controlled by 
vserver automatically. 

so you have to put the relevant stuff into the
context and provide that context with the necessary
capabilities (depends on the actual hw interfaces)

After boot, the user were not expected to use 
the host linux again.

 3) But the display/input control still can be 
switched to the host linux in case of need. 
After using, the control will be able to switch 
back to vserver.

that _really_ depends on the hw and the software
used for e.g. interface and input ...

you can put services into a context quite early in
the system startup, you could even put the entire
host init process into a context from initramfs

 Any good idea to achieve this?

you might want to have a look at the MoreUbuntu
solution for multi seat linux ...

best,
Herbert

 Thanks,
 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Just for info

2007-03-19 Thread Herbert Poetzl
On Mon, Mar 19, 2007 at 09:26:39AM +0100, [EMAIL PROTECTED] wrote:
 Hello
 
 I had a problem with vs2.2.0-rc16 on linux-2.6.20.2
 
 (cf paste.linux-vserver.org/1275)
 
 It seems to work fine now with vs2.2.0-rc18 and kernel-2.6.20.3.

emphasis on seems .. IMHO this is a mainline issue
with a disappearing tty-driver (either because the
tty is reused while still active or something similar)

it is currently tracked here:

 http://vserver.13thfloor.at/Stuff/BUGHUNT/bertl-0002

and I added your trace to the dir, because I think
we are observing the very same issue ...

best,
Herbert

 srvweb:/usr/local# ./testme.sh
 Linux-VServer Test [V0.16] Copyright (C) 2003-2006 H.Poetzl
 chcontext is working.
 chbind is working.
 Linux 2.6.20.3-vs2.2.0-rc18 #1 SMP PREEMPT Sun Mar 18 10:58:12 CET 2007 i686
 Ea 0.30.212 273/glibc (DSa) compat,v11,fscompat,v13,net,v21,oldproc,olduts
 VCI: 0002:0200 273 03000711 (TbP)
 ---
 [000]# succeeded.
 [001]# succeeded.
 [011]# succeeded.
 [031]# succeeded.
 [101]# succeeded.
 [102]# succeeded.
 [201]# succeeded.
 [202]# succeeded.
 
 srvweb:/usr/local# cat /proc/version
 Linux version 2.6.20.3-vs2.2.0-rc18 ([EMAIL PROTECTED]) (version gcc 3.3.5 
 (Debian 1:3.3.5-13)) #1 SMP PREEMPT Sun Mar 18 10:58:12 CET 2007
 
 srvweb:/usr/local# zgrep -i vserver /proc/config.gz
 # Linux VServer
 # CONFIG_VSERVER_LEGACY is not set
 # CONFIG_VSERVER_LEGACYNET is not set
 # CONFIG_VSERVER_REMAP_SADDR is not set
 CONFIG_VSERVER_COWBL=y
 # CONFIG_VSERVER_VTIME is not set
 CONFIG_VSERVER_PROC_SECURE=y
 # CONFIG_VSERVER_HARDCPU is not set
 CONFIG_VSERVER_PRIVACY=y
 CONFIG_VSERVER_WARN=y
 # CONFIG_VSERVER_DEBUG is not set
 CONFIG_VSERVER=y
 CONFIG_VSERVER_NGNET=y
 
 srvweb:/usr/local# vserver-stat
 CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
 0   85 596.7M 192.2M  23m08s77   7m17s52  20h46m31 root server
 20  15 397.4M 121.6M   0m43s95   0m06s76  20h44m31 vweb1
 21  15 521.4M  88.4M   0m04s61   0m01s86  20h44m17 vweb2
 22  16 105.6M  38.3M   0m30s60   0m18s23  20h44m08 vweb3
 
 
 Patrick
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Vserver CPU limit question

2007-03-19 Thread Herbert Poetzl
On Mon, Mar 19, 2007 at 01:52:42PM -0700, Albert Mak (almak) wrote:
 Hi Herbert,
 
 I repeated the same expriment with sched_hard. The result is the
 same, vserver is not able to enforce the CPU limit. I am under the
 impression that sched_prio will also make use of the priority scheme
 to limit CPU utilization per Vserver context

sounds really strange, as it is working fine here ...
(with linux-2.6.19.7-vs2.2.0-rc19)

here is a short example how you can test it, eliminating
all possible reasons for doing something wrong

 - get and compile the vcmd tool [1] and the cpuhog [2]
 - do the following incantations:

   vcmd -i 100 -BC ctx_create .flagword=^34^33^32^8 -- cpuhog

 - check the results with 'vtop' which should show something
   like this:

   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND   
 
   29 root  25   0  1312  252  200 H 24.5  0.5   0:33.81 cpuhog 
   30 root  16   0  1808  900  728 R  1.5  1.6   0:14.84 top

by default, the CPU limit will be roughly 25% without
doing any adjustments to the token buckets ...

also note that a working token bucket looks like this:

 FillRate: 1,1
 Interval: 4,8
 TokensMin:6
 TokensMax:   50
 PrioBias: 0
 cpu 0: 5296 11 17101 5288 0 R- 6 6 50 1/4 1/8 0 0
~~ hold ticks

I will check that with your ancient kernel and patch 
version shortly ...

HTH,
Herbert

[1] http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2
[2] http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog.c

 Thanks for your help.
 -Albert
 
 -bash-2.05b# cat /proc/virtual/2/status
 UseCnt: 9
 Tasks:  3
 Flags:  000202020110
 BCaps:  354c24ff
 CCaps:  0101
 Ticks:  0
 
 -bash-2.05b# cat /proc/virtual/3/status
 UseCnt: 9
 Tasks:  3
 Flags:  000202020110
 BCaps:  354c24ff
 CCaps:  0101
 Ticks:  0
 
 
 top - 14:02:25 up  2:34,  3 users,  load average: 1.91, 0.88, 0.34
 Tasks: 132 total,   3 running, 129 sleeping,   0 stopped,   0 zombie
 Cpu(s): 100.0% us,  0.0% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi,  0.0% si
 Mem:513084k total,   118572k used,   394512k free,16704k buffers
 Swap:0k total,0k used,0k free,46648k cached
 
   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
 32600 root  25   0  1336  232  184 R 49.8  0.0   1:38.31 exceed_cpu_limi
 32697 root  25   0  1336  232  184 R 49.8  0.0   1:14.18 exceed_cpu_limi
 
 
 -bash-2.05b# cat /proc/virtual/2/sched
 Token:   140
 FillRate: 80
 Interval:100
 TokensMin:50
 TokensMax:   140
 PrioBias:  0
 VaVaVoom:  0
 cpu 0: 127657 47 0
 
 -bash-2.05b# cat /proc/virtual/3/sched
 Token:   140
 FillRate: 10
 Interval:100
 TokensMin:50
 TokensMax:   140
 PrioBias:  0
 VaVaVoom:  0
 cpu 0: 113825 45 0
 
 
 
 -Original Message-
 From: Herbert Poetzl [mailto:[EMAIL PROTECTED]
 Sent: Sun 3/18/2007 7:45 AM
 To: Albert Mak (almak)
 Cc: vserver@list.linux-vserver.org
 Subject: Re: [Vserver] Vserver CPU limit question
  
 On Sat, Mar 17, 2007 at 10:17:47PM -0700, Albert Mak (almak) wrote:
  Hi Herbert
  
  Here is the output of /proc/virtual/2/status as requested Both
  context 2 and 3 have the same setting.
  
  -bash-2.05b# cat /proc/virtual/2/status 
  UseCnt: 7
  Tasks:  2
  Flags:  000202020210
   ~~
 http://linux-vserver.org/Capabilities_and_Flags
 
 0100 sched_hard
 0200 sched_prio
 
 so you haven't enabled sched_hard here, which explains
 why you do not see hard scheduling behaviour :)
 
 HTC,
 Herbert
 
  BCaps:  354c24ff
  CCaps:  0101
  Ticks:  0
  
  Thanks.
  
  -Albert
  -Original Message-
  From: Herbert Poetzl [mailto:[EMAIL PROTECTED] 
  Sent: Saturday, March 17, 2007 11:36 AM
  To: Albert Mak (almak)
  Cc: vserver@list.linux-vserver.org
  Subject: Re: [Vserver] Vserver CPU limit question
  
  On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
   Hi,
   
   I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU 
   limit capabilities. I have 2 vserver contexts both running CPU 
   intensive app capable of using up 100% CPU, I am setting up on vserver
  
   to limit 1 context to 10% CPU  and the 2nd to 80% CPU, both using
  flags sched_prio.
   I am seeing CPU usage split 50/50 between the 2 contexts. I repeated 
   the same test using sched_hard with the same result (kernel 
   VSERVER_HARDCPU config set to y). I am expecting to see at least the 
   CPU usage close to the Vserver limits.
   
   Have I got the wrong settings or some other issues. Your help is 
   really appreciated.
   
   -Albert
   
   top - 18:37:04 up 26 min,  1 user,  load average: 2.04, 1.40, 0.62
   Tasks: 127 total

Re: [Vserver] Vserver CPU limit question

2007-03-19 Thread Herbert Poetzl
On Mon, Mar 19, 2007 at 11:40:01PM +0100, Herbert Poetzl wrote:
 On Mon, Mar 19, 2007 at 01:52:42PM -0700, Albert Mak (almak) wrote:
  Hi Herbert,
  
  I repeated the same expriment with sched_hard. The result is the
  same, vserver is not able to enforce the CPU limit. I am under the
  impression that sched_prio will also make use of the priority scheme
  to limit CPU utilization per Vserver context
 
 sounds really strange, as it is working fine here ...
 (with linux-2.6.19.7-vs2.2.0-rc19)
 
 here is a short example how you can test it, eliminating
 all possible reasons for doing something wrong
 
  - get and compile the vcmd tool [1] and the cpuhog [2]
  - do the following incantations:
 
vcmd -i 100 -BC ctx_create .flagword=^34^33^32^8 -- cpuhog
 
  - check the results with 'vtop' which should show something
like this:
 
PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND 

29 root  25   0  1312  252  200 H 24.5  0.5   0:33.81 cpuhog   
   
30 root  16   0  1808  900  728 R  1.5  1.6   0:14.84 top  
   
 
 by default, the CPU limit will be roughly 25% without
 doing any adjustments to the token buckets ...
 
 also note that a working token bucket looks like this:
 
  FillRate:   1,1
  Interval:   4,8
  TokensMin:  6
  TokensMax: 50
  PrioBias:   0
  cpu 0: 5296 11 17101 5288 0 R- 6 6 50 1/4 1/8 0 0
 ~~ hold ticks
 
 I will check that with your ancient kernel and patch 
 version shortly ...

tested now with 2.6.14.3-vs2.0.1 ...

works fine here as expected:

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
   22 root  25   0  1304  252  200 R 24.1  0.4   0:09.59 cpuhog 
   23 root  17   0  1800  896  728 R  2.5  1.5   0:02.72 top

best,
Herbert

 HTH,
 Herbert
 
 [1] http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2
 [2] http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog.c
 
  Thanks for your help.
  -Albert
  
  -bash-2.05b# cat /proc/virtual/2/status
  UseCnt: 9
  Tasks:  3
  Flags:  000202020110
  BCaps:  354c24ff
  CCaps:  0101
  Ticks:  0
  
  -bash-2.05b# cat /proc/virtual/3/status
  UseCnt: 9
  Tasks:  3
  Flags:  000202020110
  BCaps:  354c24ff
  CCaps:  0101
  Ticks:  0
  
  
  top - 14:02:25 up  2:34,  3 users,  load average: 1.91, 0.88, 0.34
  Tasks: 132 total,   3 running, 129 sleeping,   0 stopped,   0 zombie
  Cpu(s): 100.0% us,  0.0% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi,  0.0% 
  si
  Mem:513084k total,   118572k used,   394512k free,16704k buffers
  Swap:0k total,0k used,0k free,46648k cached
  
PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
  32600 root  25   0  1336  232  184 R 49.8  0.0   1:38.31 exceed_cpu_limi
  32697 root  25   0  1336  232  184 R 49.8  0.0   1:14.18 exceed_cpu_limi
  
  
  -bash-2.05b# cat /proc/virtual/2/sched
  Token:   140
  FillRate: 80
  Interval:100
  TokensMin:50
  TokensMax:   140
  PrioBias:  0
  VaVaVoom:  0
  cpu 0: 127657 47 0
  
  -bash-2.05b# cat /proc/virtual/3/sched
  Token:   140
  FillRate: 10
  Interval:100
  TokensMin:50
  TokensMax:   140
  PrioBias:  0
  VaVaVoom:  0
  cpu 0: 113825 45 0
  
  
  
  -Original Message-
  From: Herbert Poetzl [mailto:[EMAIL PROTECTED]
  Sent: Sun 3/18/2007 7:45 AM
  To: Albert Mak (almak)
  Cc: vserver@list.linux-vserver.org
  Subject: Re: [Vserver] Vserver CPU limit question
   
  On Sat, Mar 17, 2007 at 10:17:47PM -0700, Albert Mak (almak) wrote:
   Hi Herbert
   
   Here is the output of /proc/virtual/2/status as requested Both
   context 2 and 3 have the same setting.
   
   -bash-2.05b# cat /proc/virtual/2/status 
   UseCnt: 7
   Tasks:  2
   Flags:  000202020210
  ~~
  http://linux-vserver.org/Capabilities_and_Flags
  
0100 sched_hard
0200 sched_prio
  
  so you haven't enabled sched_hard here, which explains
  why you do not see hard scheduling behaviour :)
  
  HTC,
  Herbert
  
   BCaps:  354c24ff
   CCaps:  0101
   Ticks:  0
   
   Thanks.
   
   -Albert
   -Original Message-
   From: Herbert Poetzl [mailto:[EMAIL PROTECTED] 
   Sent: Saturday, March 17, 2007 11:36 AM
   To: Albert Mak (almak)
   Cc: vserver@list.linux-vserver.org
   Subject: Re: [Vserver] Vserver CPU limit question
   
   On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
Hi,

I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU 
limit capabilities. I have 2 vserver contexts both running CPU 
intensive app capable of using up 100% CPU, I am setting up on vserver
   
to limit 1

Re: [Vserver] Vserver CPU limit question

2007-03-18 Thread Herbert Poetzl
On Sat, Mar 17, 2007 at 10:17:47PM -0700, Albert Mak (almak) wrote:
 Hi Herbert
 
 Here is the output of /proc/virtual/2/status as requested Both
 context 2 and 3 have the same setting.
 
 -bash-2.05b# cat /proc/virtual/2/status 
 UseCnt: 7
 Tasks:  2
 Flags:  000202020210
~~
http://linux-vserver.org/Capabilities_and_Flags

  0100 sched_hard
  0200 sched_prio

so you haven't enabled sched_hard here, which explains
why you do not see hard scheduling behaviour :)

HTC,
Herbert

 BCaps:  354c24ff
 CCaps:  0101
 Ticks:  0
 
 Thanks.
 
 -Albert
 -Original Message-
 From: Herbert Poetzl [mailto:[EMAIL PROTECTED] 
 Sent: Saturday, March 17, 2007 11:36 AM
 To: Albert Mak (almak)
 Cc: vserver@list.linux-vserver.org
 Subject: Re: [Vserver] Vserver CPU limit question
 
 On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
  Hi,
  
  I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU 
  limit capabilities. I have 2 vserver contexts both running CPU 
  intensive app capable of using up 100% CPU, I am setting up on vserver
 
  to limit 1 context to 10% CPU  and the 2nd to 80% CPU, both using
 flags sched_prio.
  I am seeing CPU usage split 50/50 between the 2 contexts. I repeated 
  the same test using sched_hard with the same result (kernel 
  VSERVER_HARDCPU config set to y). I am expecting to see at least the 
  CPU usage close to the Vserver limits.
  
  Have I got the wrong settings or some other issues. Your help is 
  really appreciated.
  
  -Albert
  
  top - 18:37:04 up 26 min,  1 user,  load average: 2.04, 1.40, 0.62
  Tasks: 127 total,   3 running, 124 sleeping,   0 stopped,   0 zombie
  Cpu(s): 98.7% us,  1.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi, 
  0.0% si
  Mem:513084k total,   115660k used,   397424k free,10200k
 buffers
  Swap:0k total,0k used,0k free,39332k
 cached
  
PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
   6616 root  20   0  1332  228  184 R 49.8  0.0   2:23.12
  exceed_cpu_limi
   6513 root  20   0  1336  232  184 R 48.1  0.0   2:43.79
  exceed_cpu_limi
  
  -bash-2.05b# vps
PID CONTEXT TTY  TIME CMD
   3672 0 MAIN  pts/000:00:00 bash
   6513 2 APP1  pts/000:03:01 exceed_cpu_limi
   6616 3 APP2  pts/000:02:40 exceed_cpu_limi
   7655 1 ALL_PROC  pts/000:00:00 vps
   7656 1 ALL_PROC  pts/000:00:00 ps
  
  -bash-2.05b# pwd
  /etc/vservers/APP1
  -bash-2.05b# cat flags
  sched_prio
 
 you want to add sched_hard here if you want hard scheduling, the prio
 scheduler will only adjust priorities according to the token buckets ...
 
 I'd also suggest to use a more recent kernel (and probably Linux-VServer
 patch) than this one as the scheduler was enhanced quite a lot in 2.2.x
 
  -bash-2.05b# cat schedule
  80
  100
  200
  50
  140
  dummy
  
  -bash-2.05b# pwd
  /etc/vservers/APP2
  -bash-2.05b# cat flags
  sched_prio
  -bash-2.05b# cat schedule
  10
  100
  200
  50
  140
  dummy
  
  -bash-2.05b# cat /proc/virtual/2/sched
  Token:   140
  FillRate:  1
  Interval:100
  TokensMin:50
  TokensMax:   140
  PrioBias:  0
  VaVaVoom: -5
  cpu 0: 229674 71 0
  
  -bash-2.05b# cat /proc/virtual/3/sched
  Token:   140
  FillRate: 10
  Interval:100
  TokensMin:50
  TokensMax:   140
  PrioBias:  0
  VaVaVoom: -5
  cpu 0: 217275 54 0
 
 looks like none of the token buckets is active here, what does the
 /proc/virtual/2/status show?
 
 TIA,
 Herbert
 
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] OCS Inventory

2007-03-17 Thread Herbert Poetzl
On Sat, Mar 17, 2007 at 02:37:39PM +, Daniel W. Crompton wrote:
 On 3/17/07, Daniel Hokka Zakrisson [EMAIL PROTECTED] wrote:
 You absolutely never ever want to do that, if you care the least about 
 the
 guest being secure... /dev/mem would give it complete access to the
 contents of your RAM.
 Seriously if you care about your guest being secure you make sure that
 the host doesn't have physical network access. If you want to be able
 to run certain programs in a guest you sometimes need rights which are
 available to only the host. That's the whole point of caps.
 Which should not be taken as lightly as you just need to create XYZ.
 It's something that essentially voids the entire virtualization/isolation
 that Linux-VServer provides...
 
 You are right that I was a little flippant in my remark that one
 should just create /dev/mem, and should have mentioned the security
 implications. My remark did contain reservation you didn't pick-up on.
 You might just need to create XYZ carries a very different message
 than you just need to create XYZ. In this case might means that it
 is possible that you would need to do XYZ, I realize that this
 reservation could be missed in a cursory reading.
 
 However that doesn't however negate the fact that to run OCS Agent as
 is in a guest you might just need to create /dev/mem.

you might want to check with the source (of OCS Agent)
what the application actually does with /dev/mem

best,
Herbert

 regards,
 
 D.
 
 
 blaze your trail
 
 --
 redhat
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Vserver CPU limit question

2007-03-17 Thread Herbert Poetzl
On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
 Hi,
 
 I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU
 limit capabilities. I have 2 vserver contexts both running CPU intensive
 app capable of using up 100% CPU, I am setting up on vserver to limit 1
 context to 10% CPU  and the 2nd to 80% CPU, both using flags sched_prio.
 I am seeing CPU usage split 50/50 between the 2 contexts. I repeated the
 same test using sched_hard with the same result (kernel VSERVER_HARDCPU
 config set to y). I am expecting to see at least the CPU usage close to
 the Vserver limits.
 
 Have I got the wrong settings or some other issues. Your help is really
 appreciated.
 
 -Albert
 
 top - 18:37:04 up 26 min,  1 user,  load average: 2.04, 1.40, 0.62
 Tasks: 127 total,   3 running, 124 sleeping,   0 stopped,   0 zombie
 Cpu(s): 98.7% us,  1.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi,
 0.0% si
 Mem:513084k total,   115660k used,   397424k free,10200k buffers
 Swap:0k total,0k used,0k free,39332k cached
 
   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
  6616 root  20   0  1332  228  184 R 49.8  0.0   2:23.12
 exceed_cpu_limi
  6513 root  20   0  1336  232  184 R 48.1  0.0   2:43.79
 exceed_cpu_limi
 
 -bash-2.05b# vps
   PID CONTEXT TTY  TIME CMD
  3672 0 MAIN  pts/000:00:00 bash
  6513 2 APP1  pts/000:03:01 exceed_cpu_limi
  6616 3 APP2  pts/000:02:40 exceed_cpu_limi
  7655 1 ALL_PROC  pts/000:00:00 vps
  7656 1 ALL_PROC  pts/000:00:00 ps
 
 -bash-2.05b# pwd
 /etc/vservers/APP1
 -bash-2.05b# cat flags
 sched_prio

you want to add sched_hard here if you want hard
scheduling, the prio scheduler will only adjust
priorities according to the token buckets ...

I'd also suggest to use a more recent kernel
(and probably Linux-VServer patch) than this one
as the scheduler was enhanced quite a lot in 2.2.x

 -bash-2.05b# cat schedule
 80
 100
 200
 50
 140
 dummy
 
 -bash-2.05b# pwd
 /etc/vservers/APP2
 -bash-2.05b# cat flags
 sched_prio
 -bash-2.05b# cat schedule
 10
 100
 200
 50
 140
 dummy
 
 -bash-2.05b# cat /proc/virtual/2/sched
 Token:   140
 FillRate:  1
 Interval:100
 TokensMin:50
 TokensMax:   140
 PrioBias:  0
 VaVaVoom: -5
 cpu 0: 229674 71 0
 
 -bash-2.05b# cat /proc/virtual/3/sched
 Token:   140
 FillRate: 10
 Interval:100
 TokensMin:50
 TokensMax:   140
 PrioBias:  0
 VaVaVoom: -5
 cpu 0: 217275 54 0

looks like none of the token buckets is active
here, what does the /proc/virtual/2/status show?

TIA,
Herbert

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Oops with rejecting routes in vservers instance

2007-03-17 Thread Herbert Poetzl
On Thu, Mar 15, 2007 at 07:38:44PM +0100, Herbert Poetzl wrote:
 On Thu, Mar 15, 2007 at 12:18:12PM +0100, Asier Baranguán wrote:
  Asier Baranguán escribió:
  
  ~~~
  quite ancient ... could you try something like 2.6.18-4 or
  even better 2.6.19.7-vs2.2.0-rc17 and tell me if you see
  the same issues?
  
  will try to recreate it here ...
  
  Oops.
  
  Kernel 2.16.38-vs2.0.3-rc1 and same problem... 

okay, was actually easy to recreate, thanks to your
information and testing ... turned out to be an
issue present in recent versions too ...

  Is there any fix for this in the 'stable' 2.6.16 kernel?

yep, we updated the 2.6.16 kernel to 2.6.16.43 and
the patch to 2.0.3-rc2, you can find it here:

http://vserver.13thfloor.at/Experimental/patch-2.6.16.43-vs2.0.3-rc2.diff

thanks for spotting,
Herbert

  Emm... I want to say any fix for the 2.0.3rc1 release 
  of the 'stable' 
  2.6.16 kernel
 
 will check that tonight or tomorrow, when I get
 around digging out that old kernel :)
 
 best,
 Herbert
 
  Thanks
 
  begin:vcard
  fn;quoted-printable:Asier Barangu=C3=A1n
  n;quoted-printable:Barangu=C3=A1n;Asier
  org;quoted-printable:ELPA Gesti=C3=B3n
  adr;quoted-printable;dom:;;c/ Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009
  email;internet:[EMAIL PROTECTED]
  title:A/P
  tel;work:944.23.01.66
  tel;fax:944.23.01.78
  x-mozilla-html:FALSE
  url:http://www.elpagestion.com
  version:2.1
  end:vcard
  
 
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] vmware-player on host

2007-03-15 Thread Herbert Poetzl
On Wed, Mar 14, 2007 at 04:11:08PM -0300, sysadmin wrote:
 Hi,
 
 I´m running a gentoo x86_64 on a amd64 box, after patch the kernel
 with Linux-VServer patch, the vmware-player doens´t work anymore.
 Vmware products will only run on a guest? 

I don't think so ... or let me rephrase, when it
runs fine on the guest, you can definitely make
it run on the host

 It´s possible to fix this?

sure, send me the source tarball for the player,
and I'll ahve a look at the issue :)

best,
Herbert

 Regards, 
 
 Marlon
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: Oops with rejecting routes in vservers instance

2007-03-15 Thread Herbert Poetzl
On Thu, Mar 15, 2007 at 12:18:12PM +0100, Asier Baranguán wrote:
 Asier Baranguán escribió:
 
 ~~~
 quite ancient ... could you try something like 2.6.18-4 or
 even better 2.6.19.7-vs2.2.0-rc17 and tell me if you see
 the same issues?
 
 will try to recreate it here ...
 
 Oops.
 
 Kernel 2.16.38-vs2.0.3-rc1 and same problem... ¿Is there any fix for 
 this in the 'stable' 2.6.16 kernel?
 
 Emm... I want to say any fix for the 2.0.3rc1 release of the 'stable' 
 2.6.16 kernel

will check that tonight or tomorrow, when I get
around digging out that old kernel :)

best,
Herbert

 Thanks

 begin:vcard
 fn;quoted-printable:Asier Barangu=C3=A1n
 n;quoted-printable:Barangu=C3=A1n;Asier
 org;quoted-printable:ELPA Gesti=C3=B3n
 adr;quoted-printable;dom:;;c/ Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009
 email;internet:[EMAIL PROTECTED]
 title:A/P
 tel;work:944.23.01.66
 tel;fax:944.23.01.78
 x-mozilla-html:FALSE
 url:http://www.elpagestion.com
 version:2.1
 end:vcard
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] DNS query-source * inside a vserver

2007-03-15 Thread Herbert Poetzl
On Wed, Mar 14, 2007 at 11:21:51PM +0100, Jean-François Leroux wrote:
 Hi,
 There is something I'm not sure I understand, so maybe you could help
 me figure out. Here it goes: we have a Debian vserver running BIND9
 (recompiled). Everything works fine, except that the line
 
 query-source * ...
 
 breaks bind9 while query-source x.x.x.x works fine.
 
 Well, my understanding of this is that query-source * uses INADDR_ANY,

that would be what one would suspect, yes, but we
_know_ that the bind folks are not very good with
things like common and sense ...

 that would map to the first available ip on an host and does not

no, that would bind to _all_ ips on the host and
the assigned subset (one or more IPs) on the guest
and more important, that probably would work

 inside a vserver. 

 Am I wrong ?

maybe bind9 does something creative, use strace to
find out and let us know ...

 Could somebody point me towards the correct explanation (a link 
 for example) ?

I would also try to trick bind9, by simply using
query-source 0.0.0.0 (which _is_ INADDR_ANY)

best,
Herbert

 Cheers

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


[Vserver] Re: Oops with rejecting routes in vservers instance

2007-03-14 Thread Herbert Poetzl
On Tue, Mar 13, 2007 at 10:09:15PM +0100, Markus Neubauer (Liste) wrote:
 Test this effect:
 
 on the host:
 $ route add -net 192.168.0.0/16 reject dev ppp0
 
 on a vserver do then:
 $ route -n
 
 result:
 
 Mar 13 21:52:26 m10 kernel: Unable to handle kernel NULL pointer
 dereference at virtual address 00a8
 Mar 13 21:52:26 m10 kernel: printing eip:
 Mar 13 21:52:26 m10 kernel: c013525e
 Mar 13 21:52:26 m10 kernel: *pde = 
 Mar 13 21:52:26 m10 kernel: Oops:  [#1]
 Mar 13 21:52:26 m10 kernel: PREEMPT SMP
 Mar 13 21:52:26 m10 kernel: Modules linked in: qozap zaptel crc_ccitt
 nfs lockd nfs_acl sunrpc ebt_log ebtable_filter ebtables ip6ta
 Mar 13 21:52:26 m10 kernel: CPU:1
 Mar 13 21:52:26 m10 kernel: EIP:0060:[c013525e]Tainted: GF VLI
 Mar 13 21:52:26 m10 kernel: EFLAGS: 00010213   (2.6.16-3-vserver-686 #1)
~~~
quite ancient ... could you try something like 2.6.18-4 or
even better 2.6.19.7-vs2.2.0-rc17 and tell me if you see
the same issues?

will try to recreate it here ...

TIA,
Herbert

 Mar 13 21:52:26 m10 kernel: EIP is at dev_in_nx_info+0x1c/0x95
 Mar 13 21:52:26 m10 kernel: eax:    ebx: f6fa9500   ecx:
 0001   edx: e53d6000
 Mar 13 21:52:26 m10 kernel: esi:    edi: f743a9c0   ebp:
    esp: e53d7e88
 Mar 13 21:52:27 m10 kernel: ds: 007b   es: 007b   ss: 0068
 Mar 13 21:52:27 m10 kernel: Process route (pid: 22958[#1557],
 threadinfo=e53d6000 task=f54f1ab0)
 Mar 13 21:52:27 m10 kernel: Stack: 0f6fa9500  0201
 a8c0 c027f1aa  f743a9c0 f54f1ab0
 Mar 13 21:52:27 m10 kernel: 31687465 30303009 41454630 30300939 30303030
 30093030 09313030 09300930
 Mar 13 21:52:27 m10 kernel: 30300930 46463030 30094646 30093009 2600
 eb370570 f54f1ab0 f54f1bdc
 Mar 13 21:52:27 m10 kernel: Call Trace:
 Mar 13 21:52:27 m10 kernel: [c027f1aa] fib_seq_show+0x89/0x129
 Mar 13 21:52:27 m10 kernel: [c01c508d] rb_insert_color+0xad/0xce
 Mar 13 21:52:27 m10 kernel: [c0151874] __vma_link+0x44/0x53
 Mar 13 21:52:27 m10 kernel: [c017bab4] seq_read+0x197/0x266
 Mar 13 21:52:27 m10 kernel: [c015ecec] vfs_read+0xa6/0x13d
 Mar 13 21:52:27 m10 kernel: [c015efee] sys_read+0x3b/0x63
 Mar 13 21:52:27 m10 kernel: [c0102d65] syscall_call+0x7/0xb
 Mar 13 21:52:27 m10 kernel: Code: 39 5c 81 2c 74 e7 40 39 d0 7c f5 31 c0
 5b c3 55 b8 01 00 00 00 31 ed 57 56 53 8b 7c 24 18 85 ff 74
 Mar 13 21:52:27 m10 kernel: 6note: route[22958] exited with
 preempt_count 2
 
 Not always, but in other cases the server crashes totally...
 
 Greets
 Markus
 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] vserver patch making its way into the kernel.org kernels...?

2007-03-13 Thread Herbert Poetzl
On Tue, Mar 13, 2007 at 12:02:28AM -0700, Technical Support wrote:
 hi folks,
 
 apologies if this is a ticklish question or one I should just know the
 answer to, but...

 I'm working for a large company that churns out lots of machines and am 
 trying to convince them to use vservers to help with several issues.

 However, the folks on our platform team are concerned - they want
 to use a stock kernel (which evidently means something downloaded
 directly from kernel.org) and don't like the idea of a patch.
 Evidently this causes a long-term maintenance issue - not necessarily
 from the technical perspective of applying the patch, but from a
 documentation, regression testing, license compliance (we distribute
 appliances, so we have to do extra work for GPL compliance), etc.

well, if the stock kernel.org kernel does what you want, 
then there is no need to add patches like Linux-VServer :)

 So the questions I've been asked to ask are these --

Is there progress on getting the vserver modifications into the 
standard kernel?

yes, OS-Level virtualization (and isolation) is getting into
the mainline (vanilla) kernel

Is that even something the project hopes to accomplish at some
point?

hmm, not really, but we are trying to make sure that whatever
gets into mainline is actually useful and performant, but I
think the actual framework will take quite a while until it
is available (and usable) in mainline

If yes, any idea when...?  :)

the first elements of Linux-VServer are already in mainline
(e.g. the various spaces introduced over time) and more stuff
is getting in every day, a fully working isolation solution
like Linux-VServer will take a few years to stabilize though

HTC,
Herbert

 Thanks in advance!
 
 - Ken ([EMAIL PROTECTED])
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] java socket connections between guests seem to have the host as a source

2007-03-12 Thread Herbert Poetzl
On Sun, Mar 11, 2007 at 09:58:06PM +, Konstantinos Pachopoulos wrote:
 Hi,
 before reinstalling the host system (the guests have
 remained exactly the same) there was no problem. Now,

reinstall from what to what? 

 if i create a java socket connection from one guest to
 another, the guests believe that the source of the
 connection is the host! Do i need to change something
 in /etc/vservers/guest-name dir? While creating each
 guest i had used the hostname parameter however...

what kernel, patch and tool versions?

 Ideas?

could be anything, but if the ip is not assigned to
the guest, it sounds strange, i.e. the guest should
not be able to use it for anything ...

TIA,
Herbert

 ___ 
 All New Yahoo! Mail – Tired of unwanted email come-ons? Let our SpamGuard 
 protect you. http://uk.docs.yahoo.com/nowyoucan.html
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] gentoo update breaks shutdowns?

2007-03-11 Thread Herbert Poetzl
On Sun, Mar 11, 2007 at 02:33:44AM -0500, Chuck wrote:
 there is something in my system that updated recently that has since broken 
 vserver's ability to report shutting down guests. I get this kind of report 
 on every type of guest. it also appears to be a random thing. other times i 
 shut guests down and i get no errors. this variable behavior was only noticed 
 yesterday because we are moving physical drives around so we have had to 
 stop/start the server otherwise we may not stop any for months. it also waits 
 the 'timeout' time before reporting.
 
 as in example below, after this message i try a vps ax|grep 3910 and i find 
 no 
 processes with that context running! an immediate restart is error free.
 
 valkyrie boinc # vserver cacti stop
 A timeout occured while waiting for the vserver to finish and it will
 be killed by sending a SIGKILL signal. The following process list
 might be useful for finding out the reason of this behavior:
 
 --
 14685  3910 cacti ?Ss 0:00 init [3]
 15181  3910 cacti ?Ss 0:00  \_ /usr/sbin/syslog-ng
 15245  3910 cacti ?Ssl0:00  \_ /usr/sbin/named -u named 
 -n 
 4 -t /var/bind
 15265  3910 cacti ?Ss 0:00  \_ /usr/sbin/apache2 -D 
 DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
 start
 15266  3910 cacti ?S  0:00  |   \_ /usr/sbin/apache2 -D 
 DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
 start
 15312  3910 cacti ?Sl 0:00  |   \_ /usr/sbin/apache2 -D 
 DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
 start
 15313  3910 cacti ?Sl 0:00  |   \_ /usr/sbin/apache2 -D 
 DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
 start
 15310  3910 cacti ?Ss 0:01  \_ /usr/sbin/clamd
 15327  3910 cacti ?Ss 0:00  \_ /usr/bin/freshclam -d
 15468  3910 cacti ?Ss 0:00  \_ /usr/sbin/cron
 15539  3910 cacti ?Ds 0:00  \_ /sbin/shutdown -r 0 w
 --
 Vserver '/etc/vservers/cacti' still running unexpectedly; please investigate 
 it manually...

maybe it takes quite long (timeout +/- something)
and thus, the timeout strikes sometimes ...

I observed similar with qmail, which is quite
strange in shutdown behaviour, especially when
combined with other services ...

(read: it can take between 1 and 10 minutes to
do a proper shutdown)

just and idea,
Herbert

 essentially when it behaves like this, every shutdown says it is still
 running does anyone in gentoo-vserver land have any clue what may be
 causing this apparently false report?
 
 my util-vserver version is 0.30.212-r2
 
 kernel version
 
 2.6.19-vs2.2.0-rc2
 
 
 
 -- 
 
 Chuck
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] a bit off topic but good to know if there is a known problem

2007-03-06 Thread Herbert Poetzl
On Tue, Mar 06, 2007 at 03:11:51AM +, Martin wrote:
 On Mon, 2007-03-05 at 20:24 +0100, Herbert Poetzl wrote:
  On Mon, Mar 05, 2007 at 07:43:51AM -0500, Chuck wrote:
   On Monday 05 March 2007 06:15, Herbert Poetzl wrote:
 snip
   
   controllers. i would rather see the boss change the case to a 2u and
   put a real hardware raid controller in on a 2 card riser but.. it
   is not my call.. (and of course we find all this out after the machine
   has been in our production environment for 5 months)
  
  in most cases the hardware raid controller is not worth
  the money, as a software raid usually gives a much better
  performance with less latency and more control for the
  operating system ...
  
  nevertheless, hw-raid can have some advantages if it is
  done properly, e.g. auto reconstruction without affecting
  the system performance and/or battery buffering in power
  failure cases ...
 
 I used to like the idea of hardware RAID but two things put me off:
 
 1. When you pull the power on a system apparently the memory goes
 first but I/O systems function for just a bit longer - often writing
 junk data. This is apparently one of the things the high end UNIX
 vendors used to spend money on trying to get right. In short, you
 *need* a battery backed hardware RAID if you are serious about
 avoiding data corruption. These are more expensive. It also makes any
 form of RAID device that requires drivers to run (i.e. the soft-RAID
 devices on many modern machines) a little questionable to my mind.
 
 2. Data corruption is serious because none of the formats the hardware
 RAID systems use are public. I am under the impression that in many
 cases even data recovery specialists do not have access to these. Thus
 you are completely at the mercy of the tools the vendor gives you. If
 they are buggy or you get into a situation (see above) that they can't
 recover from it's game over.
 
 Thus, I would *strongly* advise that unless you /need/ the performance
 a hardware RAID controller gives (and can then afford the UPS and the

note that the 'performance' in many cases is a myth,
for several reasons, mainly because:

 - hardware raid has 2-256MB cache, software has 1-4GB
 - hardware raid has a single channel to the host,
   while proper setup soft raid can burst over N channels
   simultaniously (and will do so, e.g. for separate I/O
   threads)
 - elevator in the kernel, vs limited TCQ

best,
Herbert

 high level service contract with the vendor, etc.), use the Linux
 software RAID. 

 If it all goes wrong you can always read the source and piece things
 together manually. I've had to do this. It's not fun but it is
 possible. For me it made the difference between having to tell my boss
 that the fileserver would be down for a while and having to tell my
 boss that we would have to revert to last months backup.
 
 HTH
 
 Cheers,
  - Martin
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Ethernet interfaces vanished

2007-03-06 Thread Herbert Poetzl
On Tue, Mar 06, 2007 at 07:09:28AM +0100, Cryptronic wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi all,
 
 I have problems with the virtual nics.

I doubt that, as there are no virtual nics in Linux-VServer
(but read on, it might contain some clues :)

 Sometimes a interface in a vserver suddenly vanished and 
 ifconfig in the vserver doesn't show anything.

which would suggest that the ip was removed on the host
or one of your guests has too many priviledges (e.g.
network admin caps)

first thing would be to check on the host with:

 ip addr ls

(make yourself comfortable with the output before that
happens, so that you see what actually changed)

 My interface setup contains in interfaces/0/
 bcast
 dev
 ip
 mask
 
 also ip addr list list some of the ip's of the vservers as global and
 global secondary scopes:
 inet xxx/24 brd xxx scope global eth0
 inet xxx/24 brd xxx scope global secondary eth0
 inet xxx/24 brd xxx scope global secondary eth0
 inet xxx/24 brd xxx scope global secondary eth0

here we are approaching the _real_ issue, which is
an unfortunate config ...

 xxx where real ip addresses.
 
 I'm running vserver-utils 212 and the following kernel:
 2.6.18.5-vs2.1.1.3-amd64-squash-drbd-256ip-ipv6
 
 Maybe this problem is known?

yes, it is, let me explain _what_ happens:

 - you ahve no specific ip assigned to the host on
   that network/interface therefore
 - the first started guest becomes the 'primary'
   address holder on that network/interface
 - you also have 'promote secondaries' disabled
   on this interface (sysctl), so
 - when the one guest using the primary is taken
   down, the Linux kernel will remove all the other
   secondary addresses from the interface, without
   any further notice, which will render your guests
   IP-less until the addresses are re-added ...

solutions:

 a) assign a 'primary' address to the host, so that
all guests will get secondaries ...

 b) activate 'promote secondaries' like this:
sysctl -w net.ipv4.conf.eth0.promote_secondaries=1


HTC,
Herbert

 On 2.6.20.1-vs2.2.0-amd64-squash-drbd-256ip the same things happens.
 
 best regards
 
 Oliver
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.6 (GNU/Linux)
 
 iD8DBQFF7QWXOBdlVlcPuhwRAqeqAKCP5gUa0mE6hdQ4MOSxmUKiKEcHHQCgwGny
 U1Z0rlzy2FXsWz7WyduvSWc=
 =03V0
 -END PGP SIGNATURE-
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] moving guests

2007-03-06 Thread Herbert Poetzl
On Tue, Mar 06, 2007 at 04:13:17PM +0100, [EMAIL PROTECTED] wrote:
 Hi,
 
 Was wondering if there is a possibility to move guests between hosts 
 without stopping them ?

not yet, but mainline is going into that direction
so as soon as Linux will be able to do such things,
it will also be part of Linux-VServer

a work around is to put the Linux-VServer kernel in
a Xen domU and migrate the entire domain over to
a backup machine which usually covers all the down
for maintainance cases ...

 I allready have set up shared filesystem im running my guests from,
 was just looking for a possibility so guests wouldnt need to be
 re-started when im in need to move them around.

stop/start should take less than 5 seconds if the
guests are configured properly, so I guess the
downtime is acceptable ...

best,
Herbert

 TiA
 
 Konrad Gutkowski 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] a bit off topic but good to know if there is a known problem

2007-03-05 Thread Herbert Poetzl
On Sun, Mar 04, 2007 at 05:42:01PM -0500, Chuck wrote:
 i have seen many of you have similar setups so if there is a known
 problem we should all know about it...

 has anyone heard of a problem with the sda channel in the SATA on
 board silicone image 3114 controller in general or on a tyan 2882D
 series motherboard using opteron processors? we are running a software
 raid1 and sda keeps going south even with a new hdd to the point it is
 not detectable at all.. a power down, unplug plug back in and restart
 usually cures it and the array re-syncs then gets an error and sda is
 no longer visible to anything,.. it is a tyan GX28 system.

 i am running all my vserver partitions on lvm2 under this if that has
 any bearing..

 outside of a faulty motherboard i am at a loss as to what could cause
 this.

this is what google had to say :)

http://www.linuxquestions.org/questions/showthread.php?t=351495
http://www.leenooks.com/Silicon+Image+311x+sata+controllers+and+some+Seagate+disks

in general, the Sil 311x is considered very slow
and 'crappy' but it should be supported quite fine

http://www.tyan.com/archive/products/html/gx28b2882_spec.html

looking at the specs for the GX28 I see AMD chipsets
which 'might' lack proper support, the Sil 3114 there
is also connected to the legacy 32bit bus and does
only support SATA 1.0, so I wouldn#t expect too much
from that ...

HTH,
Herbert

 -- 
 
 Chuck
 
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] a bit off topic but good to know if there is a known problem

2007-03-05 Thread Herbert Poetzl
On Mon, Mar 05, 2007 at 07:43:51AM -0500, Chuck wrote:
 On Monday 05 March 2007 06:15, Herbert Poetzl wrote:
  On Sun, Mar 04, 2007 at 05:42:01PM -0500, Chuck wrote:
   i have seen many of you have similar setups so if there is a known
   problem we should all know about it...
  
   has anyone heard of a problem with the sda channel in the SATA
   on board silicone image 3114 controller in general or on a tyan
   2882D series motherboard using opteron processors? we are running
   a software raid1 and sda keeps going south even with a new hdd to
   the point it is not detectable at all.. a power down, unplug plug
   back in and restart usually cures it and the array re-syncs then
   gets an error and sda is no longer visible to anything,.. it is a
   tyan GX28 system.
  
   i am running all my vserver partitions on lvm2 under this if that
   has any bearing..
  
   outside of a faulty motherboard i am at a loss as to what could
   cause this.
  
  this is what google had to say :)
  
  http://www.linuxquestions.org/questions/showthread.php?t=351495
  
 http://www.leenooks.com/Silicon+Image+311x+sata+controllers+and+some+Seagate+disks
  
  in general, the Sil 311x is considered very slow
  and 'crappy' but it should be supported quite fine
  
 
 we are kinda stuck with the on board controller however since this is
 a 1u case and the riser is already used for a nic. i think we may try
 replacing sda with a western digital drive. the seagates we are using
 are not on the black list in the driver but are of the same family..
 if this wd works we will replace the 2nd drive with a wd and will have
 learned the hard way never to use seagate paired with silicone image
 controllers. i would rather see the boss change the case to a 2u and
 put a real hardware raid controller in on a 2 card riser but.. it
 is not my call.. (and of course we find all this out after the machine
 has been in our production environment for 5 months)

in most cases the hardware raid controller is not worth
the money, as a software raid usually gives a much better
performance with less latency and more control for the
operating system ...

nevertheless, hw-raid can have some advantages if it is
done properly, e.g. auto reconstruction without affecting
the system performance and/or battery buffering in power
failure cases ...

best,
Herbert

  http://www.tyan.com/archive/products/html/gx28b2882_spec.html
  
  looking at the specs for the GX28 I see AMD chipsets
  which 'might' lack proper support, the Sil 3114 there
  is also connected to the legacy 32bit bus and does
  only support SATA 1.0, so I wouldn#t expect too much
  from that ...
  
  HTH,
  Herbert
  
   -- 
   
   Chuck
   
   ___
   Vserver mailing list
   Vserver@list.linux-vserver.org
   http://list.linux-vserver.org/mailman/listinfo/vserver
  
 
 -- 
 
 Chuck
 
 ...and the hordes of M$*ft users descended upon me in their anger,
 and asked 'Why do you not get the viruses or the BlueScreensOfDeath
 or insecure system troubles and slowness or pay through the nose 
 for an OS as *we* do?!!', and I answered...'I use Linux'. 
 The Book of John, chapter 1, page 1, and end of book
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] debian vserver and AMD x2 AM2 CPUs

2007-03-03 Thread Herbert Poetzl
On Sat, Mar 03, 2007 at 09:37:20AM +, Konstantinos Pachopoulos wrote:
 Hi,
 has anybody had any experience with with VServer
 (Debian) and Dual Core AM2 CPUs? Does it work OK? 

supposed to be okay, if it gives you issues, it
can be considered a bug and should be reported

 Is it posssible -would it be possible in the future
 maybe- for VServer to take advantage of the AMD CPUs
 built-in virtualization technology?

nope, and IMHO it doesn't make sense either, the
different virtualization technologies (IVT and AMD-V)
aid in virtualizing hardware to allow Virtual Machines
to get more performant (i.e. at some point to reach
native performance), while Linux-VServer is already
there, i.e. it provides native or even better 
performance, but no hardware virtualization at all
but it is limited to a single kernel, running a bunch
(10-500) of isolated guest distros side bz side ...

HTC,
Herbert

 Thanks
 ___ 
 New Yahoo! Mail is the ultimate force in competitive emailing. Find out more 
 at the Yahoo! Mail Championships. Plus: play games and win prizes. 
 http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: about Vserver for ARM

2007-03-02 Thread Herbert Poetzl
On Fri, Mar 02, 2007 at 12:26:30PM -0500, Wenbin Zhang wrote:
 Hi Herbert,
 
 Thank you very much!
 Actually I'd like to send you a phone to test it :-)

perfect ... I'll send you my postal address
in a private mail then ...

 But before I do that, let me try it firstly :-)

sure ...

 Yes I can switch to 2.6, no problems. 

in this case, I'd suggest to do so, for several 
reasons, one being the fact that the 2.0/2.2
branches are much more performant than the 1.2
branch, another being that the 2.2 patches provide
a lot more useful features ...

 However I checked the arm-ezx patch,
 http://www.openezx.org/download/,

 all the patches are for linux 2.6.16 kernel. 

yeah, folks love the 2.6.16 kernel :)

 However, for Vserver patches,
 http://ftp.linux-vserver.org/pub/kernel/vs2.0/,

 they are only 2.6.12, 2.6.14, 2.6.17 version. 
 So the two kind of patches are not for the same 
 version of 2.6 kernel.

check out this one:

http://people.linux-vserver.org/~dhozac/p/k/patch-2.6.16.37-vs2.0.3-rc1.diff

 Moreover, even they are for the same version, for
 example, 2.6.16 kernel, I guess there are still
  conflicts if we apply the two patches simutaneously. 

 We have two ways:
 1) apply openezx patch, then Vserver patch
 2) apply Vserver patch, then openexz patch
 
 But we cannot guarantee the two patch have no i
 conflicts each other, any ideas?

yes, that's called merging, and that is what you
have to do when you got more than one patch ...

of course, it helps a lot if you know one or even
better all of the involved patches :)

best,
Herbert

 Thanks,
 Wenbin
 
 On 3/1/07, Herbert Poetzl [EMAIL PROTECTED] wrote:
 
 On Thu, Mar 01, 2007 at 01:51:20PM -0500, Wenbin Zhang wrote:
  Hello Guys,
 
  I want to run the Vserver on Moto E680i cell phone, which is an ARM
  chip, specically the Intel XScale-Bulverde chip. I guess Vserver
  should be able to support this architecture. I downloaded the E680i
  kernel souce code from:
 
 https://opensource.motorola.com/sf/frs/do/downloadFile/projects.a780e680/frs.a780_e680_source.a780_e680/frs1003?dl=1
 
 sounds good!
 
  However, all the Vserver patches on
  http://ftp.linux-vserver.org/pub/kernel/vs1.2/ cannot match the
  E680i linux 2.4 source code. There are lots of conflicts.
 
 not unexpected, it's quite old and doesn't probably fit
 what you need for the E680i ...
 
 the main question is, are you sure you want to go with
 the 2.4 kernel instead of 2.6? I know, arm support is
 not the best in Linux, especially as there are many
 different hardware vendors with quite different ideas
 how the arch support should look like ...
 
  Could you let me know where to download the ARM kernel source
  code and the corresponding Vserver patch? Thank you very much!
 
 well, here are the good news, the 2.6 patches will
 work on arm quite well, so given that you can go with
 2.6 on your sub-arch, that would simplify it a lot
 
 there are also good news when you have to stick with
 2.4 for whatever reason, and it basically boils down
 to the fact that Linux-VServer is quite hardware
 agnostic, so I do not think it would be too hard to
 adapt the patches to your vendor specific tree ...
 
 so for example I could imagine to adapt the patches
 for your specific branch if you send me a phone for
 testing it :)
 
 best,
 Herbert
 
  Thanks,
  Wenbin
 
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
 
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] [PATCH] vserver, quota and vroot fix

2007-03-02 Thread Herbert Poetzl
On Fri, Mar 02, 2007 at 08:05:04PM +0100, Daniel Hokka Zakrisson wrote:
 Jan Rekorajski wrote:
  Hi,
  The following hunk got lost sometime between 2.6.16 and 2.6.18,
  as Network Failure System hit me again, I just _had_ to find out why quota
  did not work with latest vserver patches ;)
  The patch is so long because quotactl_block() has to be after
  vroot_get_real_bdev declaration, the real meat is between
  #if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE)
  #endif
 
 IMHO it got lost after 2.6.18, i.e. it's not present in 2.6.19 nor 2.6.20.

yep, I think we lost it when we were hacking on
the device mapping stuff, as it would have
replaced the the vroot completely ...

will make sure that it is re-introduced in
the next release ...

thanks,
Herbert

 -- 
 Daniel Hokka Zakrisson
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] scheduler: CPU_Scheduler paper vs CONFIG_VSERVER_HARDCPU

2007-03-01 Thread Herbert Poetzl
On Wed, Feb 28, 2007 at 09:29:49AM -0800, Alex Shultz wrote:
 Hi list.
 
 I'm a newbie in VServer. And I'm a little bit confused
 about 'HARD LIMIT'. How 'hard limit' from
 http://linux-vserver.org/CPU_Scheduler and other docs
 intersects with CONFIG_VSERVER_HARDCPU kernel option?
 
 Is it the same thing or different?

the Token Bucket Scheduler Extension is enabled by
the CONFIG_VSERVER_HARDCPU option. the TB can be
used for several things, e.g. accounting, priorization
and of course to do hard limits and fair scheduling

 For example, I'd like to know, how CPU time will be
 distributed between two VServers with 3 identical busy
 loop's ( while (1) ) tasks:
 
 VServer 1 - one taks is running;
 VServer 2 - two taks are running;

with the TB Scheduler disabled, it will balance out
at 1:2 distributed over all CPUs, with the TB sched
enabled and priorization you will get something between
1:2 and 1:1 depending on your config, with the hard
limit or fair scheduling enabled, you can basically
get any ratio between those two, with or without
idle time on the host system

 I've take a look at the VServer
 patch-2.6.18.5-vs2.0.3-rc1.diff, and can't find the
 place where a task can be really held on (deactivated)
 when CONFIG_VSERVER_HARDCPU=n

that is correct ...

 So, I guess CPU time distribution will be:
 
 VServer 1 - 33%, VServer 2 - 66%. Am I wrong? 

with CONFIG_VSERVER_HARDCPU=n, yes, as stated above

 The http://oldwiki.linux-vserver.org/vsched+explained
 paper says:
 
 For simple cases, like evenly distributing cpu time
 between vservers, you probably just want to set the
 ratio to somewhere between 1/N (where N is the number
 of servers) and 1/P (where P is the maximum expected
 peak load per CPU), and not bother with hard
 scheduling.

 So, does it really mean that without
 CONFIG_VSERVER_HARDCPU, the cpu time will be evenly
 distributed between __vservers__? Is it correct?

no, and I cannot find the place where it would state
that any TB scheduling would happen with the TB scheduler
disabled :)

 If a task can be holded without
 CONFIG_VSERVER_HARDCPU, please, can you point me to
 the kernel source file and line?

sorry, doesn't happen, so I can't :)

HTC,
Herbert

 Please CC an answer to [EMAIL PROTECTED], I'm not
 subscribed to the list yet
 
 
  
 
 Food fight? Enjoy some healthy debate 
 in the Yahoo! Answers Food  Drink QA.
 http://answers.yahoo.com/dir/?link=listsid=396545367
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] rm: operation not permitted

2007-03-01 Thread Herbert Poetzl
On Wed, Feb 28, 2007 at 11:08:42PM +0100, yanek wrote:
 Hello guys,
 
 Sorry if this has been answered before, I searched the archives but the
 only related thread I could find does not help me much
 ( http://list.linux-vserver.org/archive/vserver/msg09907.html ).
 
 Trying to remove a directory (as root) on a vserver gives me an
 operation not permitted warning:
 
 web:/usr/share/squirrelmail/plugins# rm -fr change_sqlpass/
 rm: cannot remove `change_sqlpass//README': Operation not permitted
 rm: cannot remove `change_sqlpass//COPYING': Operation not permitted
 rm: cannot remove `change_sqlpass//generate.php': Operation not
 permitted
 rm: cannot remove `change_sqlpass//md5crypt.php': Operation not
 permitted
 rm: cannot remove `change_sqlpass//config.php': Operation not permitted
 rm: cannot remove `change_sqlpass//setup.php': Operation not permitted
 rm: cannot remove `change_sqlpass//change_sqlpass.pot': Operation not
 permitted
 rm: cannot remove `change_sqlpass//functions.php': Operation not
 permitted
 rm: cannot remove `change_sqlpass//index.php': Operation not permitted
 rm: cannot remove `change_sqlpass//config.php.sample': Operation not
 permitted
 rm: cannot remove `change_sqlpass//version': Operation not permitted
 rm: cannot remove `change_sqlpass//INSTALL': Operation not permitted
 rm: cannot remove `change_sqlpass//getpot': Operation not permitted
 rm: cannot remove `change_sqlpass//make_release.sh': Operation not
 permitted
 rm: cannot remove `change_sqlpass//options.php': Operation not permitted

first, what filesystem?
second, what are the attributes of the directory
tree above those files? check with the following
tools:

 showattr -d dir/file
 lsxid -d dir/file

 Same thing if I try to remove it from the host / root-server.

interesting ...

 Here's the perms for this directory and its content:
 
 drwxr-xr-x  2 root root  4096 2007-02-27 18:06 ./
 drwxr-xr-x 21 root root  4096 2007-02-28 22:17 ../
 -rw-r--r--  2 root root  2856 2005-11-12 08:06 change_sqlpass.pot
 -rw-r-  2 root root 10705 2007-02-26 16:46 config.php
 -rw-r--r--  2 root root 10462 2005-11-12 07:04 config.php.sample
 -rw-r--r--  2 root root 15228 2005-11-12 05:17 COPYING
 -rw-r--r--  2 root root 24712 2005-11-12 07:48 functions.php
 -rw-r--r--  2 root root   555 2004-11-28 09:30 generate.php
 -rwxr--r--  2 root root   390 2005-11-12 06:29 getpot*
 -rw-r--r--  2 root root   469 2004-11-28 09:30 index.php
 -rw-r--r--  2 root root  1484 2005-11-12 05:12 INSTALL
 -rwx--  2 root root  5324 2005-11-12 03:36 make_release.sh*
 -rw-r--r--  2 root root  2787 2004-11-28 09:30 md5crypt.php
 -rw-r--r--  2 root root  1149 2005-11-12 01:59 options.php
 -rw-r--r--  2 root root  7270 2005-11-12 07:06 README
 -rw-r--r--  2 root root  2234 2005-11-12 08:06 setup.php
 -rw-r--r--  2 root root28 2005-11-12 08:06 version
 
 No xattr is set on the files:
 
 -- change_sqlpass/README
 -- change_sqlpass/COPYING
 -- change_sqlpass/generate.php
 -- change_sqlpass/md5crypt.php
 -- change_sqlpass/config.php
 -- change_sqlpass/setup.php
 -- change_sqlpass/change_sqlpass.pot
 -- change_sqlpass/functions.php
 -- change_sqlpass/index.php
 -- change_sqlpass/config.php.sample
 -- change_sqlpass/version
 -- change_sqlpass/INSTALL
 -- change_sqlpass/getpot
 -- change_sqlpass/make_release.sh
 -- change_sqlpass/options.php

 
 Nor on the directory:
 
 -- change_sqlpass

the attributes of the directory containing change_sqlpass
are the interesting ones ...
check with the commands given above besides the
normal lsattr -d 

 For some reason, lsxid does not seem to work on the host:
 
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/README
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/COPYING
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/generate.php
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/md5crypt.php
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/config.php
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/setup.php
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/change_sqlpass.pot
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/functions.php
 !!
 ERR!!   
 /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/index.php
 !!
 ERR!!   
 

Re: [Vserver] Re: about Vserver for ARM

2007-03-01 Thread Herbert Poetzl
On Thu, Mar 01, 2007 at 01:51:20PM -0500, Wenbin Zhang wrote:
 Hello Guys,
 
 I want to run the Vserver on Moto E680i cell phone, which is an ARM
 chip, specically the Intel XScale-Bulverde chip. I guess Vserver
 should be able to support this architecture. I downloaded the E680i
 kernel souce code from:
 https://opensource.motorola.com/sf/frs/do/downloadFile/projects.a780e680/frs.a780_e680_source.a780_e680/frs1003?dl=1

sounds good!

 However, all the Vserver patches on
 http://ftp.linux-vserver.org/pub/kernel/vs1.2/ cannot match the 
 E680i linux 2.4 source code. There are lots of conflicts.

not unexpected, it's quite old and doesn't probably fit
what you need for the E680i ...

the main question is, are you sure you want to go with
the 2.4 kernel instead of 2.6? I know, arm support is
not the best in Linux, especially as there are many
different hardware vendors with quite different ideas
how the arch support should look like ...

 Could you let me know where to download the ARM kernel source 
 code and the corresponding Vserver patch? Thank you very much!

well, here are the good news, the 2.6 patches will
work on arm quite well, so given that you can go with
2.6 on your sub-arch, that would simplify it a lot

there are also good news when you have to stick with
2.4 for whatever reason, and it basically boils down
to the fact that Linux-VServer is quite hardware
agnostic, so I do not think it would be too hard to
adapt the patches to your vendor specific tree ...

so for example I could imagine to adapt the patches 
for your specific branch if you send me a phone for
testing it :)

best,
Herbert

 Thanks,
 Wenbin

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] rm: operation not permitted

2007-03-01 Thread Herbert Poetzl
On Thu, Mar 01, 2007 at 08:23:10PM +0100, yanek wrote:
 Hello Herbert,
 
 Thanks for your answer.
 
 On Thu, 2007-03-01 at 19:09 +0100, Herbert Poetzl wrote:
 
 snip
  first, what filesystem?
 
 ext3
 
  second, what are the attributes of the directory
  tree above those files? check with the following
  tools:
  
   showattr -d dir/file
 
 For the dir:
 ---bui- change_sqlpass/
 
 For the files inside:
 Ui- change_sqlpass.pot
 Ui- config.php
 Ui- config.php.sample
 Ui- COPYING
 Ui- functions.php
 Ui- generate.php
 Ui- getpot
 Ui- index.php
 Ui- INSTALL
 Ui- make_release.sh
 Ui- md5crypt.php
 Ui- options.php
 Ui- README
 Ui- setup.php
 Ui- version

well, here you go, however you managed to get those
flag set here, this _is_ the cause of your issues

 U stands for the Immutable-Invert-on-Unlink

which basically inverts the meaning of the Immutable (I)
flag for all unlink (remove) operations

you can remove that flag with 

 setattr --~iunlink file/dir

and once that is removed, you will be able to remove
those files with rm 

best,
Herbert

   lsxid -d dir/file
  
 
  
  the attributes of the directory containing change_sqlpass
  are the interesting ones ...
  check with the commands given above besides the
  normal lsattr -d 
 
 # lsattr -d plugins/
 -- plugins/
 
 # showattr -d plugins/
 ---bui- plugins/
 
  
   For some reason, lsxid does not seem to work on the host:
 snip
  well, that just means that tagxid is disabled for
  this filesystem ...
 
 Thanks for the explanation.
 Then I suppose that this issue is unrelated to tagxid.
 Should I be wrong, please tell me and I'll try to make it work to
 provide the results of lsxid.
 
  
   Distro is Debian Etch, with kernel 2.6.18-4-vserver-686.
  
  might be worth a try with a mainline kernel, but
  I don't think it is debian related ...
  
  HTH,
  Herbert
 
 I always forget about the 'showattr' tool and only checked usual xattr
 with lsattr.
 Is there any page describing the flags set / shown by setattr /
 showattr? Could not find a manpage.
 
 Just in case it could be useful: I use unification (vhashify) on all
 vservers.
 
 Thanks again.
 
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Couldn't download base-config

2007-02-28 Thread Herbert Poetzl
On Wed, Feb 28, 2007 at 01:12:04PM +0100, Peter Mann wrote:
 On Mon, Feb 05, 2007 at 05:16:44PM +0100, Peter Mann wrote:
  On Mon, Feb 05, 2007 at 06:11:04AM +0100, Herbert Poetzl wrote:
- debian tends to break things, and then avoid to
  fix up the breakage for a long time (see kernel)
  
  just now it's special case, because of preparing next stable, 
  so testing is frozen
  
  http://www.debian.org/doc/FAQ/ch-ftparchives#s-testing
 
 
 now we have new vserver kernel in Etch/testing:
 
 http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-11/changelog
 
* Update vserver patch to 2.0.2.2-rc9. (closes: #402743, #403790)

well, unfortunately still an old one, and not the
2.2.0 branch, but hey, better than nothing 

best,
Herbert

 http://bugs.debian.org/402743
 http://bugs.debian.org/403790
 
 -- 
 
 5o   Peter.Mann at tuke.sk
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: keeping a mirror machine synched

2007-02-28 Thread Herbert Poetzl
On Wed, Feb 28, 2007 at 06:49:03AM +, Ticktac UK wrote:
 I used to run a HA NFS configuration using a dual mini-ITX system in
 1U (with a Travla C147 case). The synch speed sucked howver, and the
 drives (300 GB Maxtors) ran too hot and died rather soon. (I RMAed
 them, but one RMAed one is acting up as well, so I'm back to mice and
 pumpkin -- at least the root RAID is working).
 
 In our mini-ITX's we started to use Seagates as the Maxtors were
 dropping down like flys. Although now I know they are one and the
 same, we still opt for Seagates.

 Although Maxtor always replaced them with no problems, its the hassle
 :)

for harddisks, low temperature is the secret of
long life (and stable env. conditions, of course)

hddtemp is a nice tool to figure the disk temp
for most newer drives, and as a rule of the thumb,
everything below 40°C is considered fine and all
above 50°C is considered deadly ...

HTH,
Herbert

 Darren
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: vcontext: vc_create_context(): Out of memory

2007-02-26 Thread Herbert Poetzl
On Tue, Feb 27, 2007 at 10:30:58AM +0900, Taisuke Yamada wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 OK, thanks to your instruction, I've recompiled the kernel,
 switched to static context configuration, and now I'm running
 around 500 virtual-hosts without a hitch.

sounds good to me ...

 However...I have no idea how I can reach to anywhere near
 5000-8000 contexts...
 
 Do all the numbers below mean running 5000-8000 of
 
   chcontext --ctx n command 

basically, a context can be as small as a single
process, or as large as a complete Linux distro

of course, the number of contexts you can run
depends on the amount of resource you have available
(CPU, RAM, I/O, Network, ...)

 commands directly, instead of hosting virtual-environment with
 different context? Since each hosted environment takes several
 MBs of memory and ~100MB of disk space (at least with hashified
 Debian install), even 1000 seems remote to me.

well, multiply the used resources by 1000, get
a machine which matches that and you will be 
able to run 1000+ guests ...

HTC,
Herbert

  Yesterday, I tried to find out absolute maximum number of
  virtualhosts I can host on my server, and got this message after
  40-50VMs:
  yes, known issue with the debian kernel, if you
  switch to mainline kernels, you will get to
  roughly 5000-8000 contexts ...
  
  That is, before you run out of pids. On my x86 test system with 384 MiB of
  RAM, I was able to get 6073 contexts running each with a sleep 3600
  process running before fork started failing with EAGAIN.
 
 Best Regards,
 - --
 Taisuke Yamada [EMAIL PROTECTED], http://rakugaki.org/
 2268 E9A2 D4F9 014E F11D  1DF7 DCA3 83BC 78E5 CD3A
 
 Message to my public address may not be handled in a timely manner.
 For a direct contact, please use my private address on my namecard.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.1 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iD8DBQFF44nS3KODvHjlzToRAhBHAKCV8urmxKNv6i6foG1eG2KEKhmj/ACgh5DU
 RdQzSjfIB5EF5+HHdIA9Pak=
 =y5ZB
 -END PGP SIGNATURE-
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Question about rebuilding an older Debian system with vservers

2007-02-25 Thread Herbert Poetzl
On Sun, Feb 25, 2007 at 12:14:58PM -0800, Kathy Kost wrote:
 
 I have a server that I have inherited from someone who left our   
 company and he built it with Debian 3.1 on the root server and all
 guest vservers. The kernel used was 2.6.8-vserver. I'm going to ask   
 some dumb questions here because I'm mostly familiar with RedHat and  
 Solaris, more than Debian. I have never personally installed a Debian 
 vserver system from scratch. I want to build a duplicate of this  
 system because the original system is having hardware problems and I  
 need to recreate the system if it dies.   

 My question is this: If I install the latest release of Debian -- 
 looks like 3.1r5 and use the latest vserver kernel (can't remember
 what I saw it at last), will the guests that were built on Deb 3.1
 and 2.6.8-vserver kernel work okay? 

yes, definitely, at least as long as you keep
the legacy interfaces enabled, but with minor
changes to the config, even without any of the
legacy stuff

 How I was hoping it would go is like this: I install the new base 
 server with 3.1r5/newer vserver kernel based on vserver install   
 documentation, and then restore /etc/vserver.conf, /etc/vservers and  
 /home/vservers (where the guests reside). I'm worried that the guests 
 were built on an older based kernel and it might cause problems?  

why bother with a debian install, when you 
are used to RedHat? just install Fedora or
Mandriva on the host (with a Linux-VServer
kernel) and restore the guests there, they
will work regardless of the host distro ...

 And also that my assumptions for restoring such a system are too  
 simplistic.   

nope, just make sure that the numeric ids
(uid/gid) stay the same, and do not get messed
up in the copy/restore process ...

 Thanks for any pointers.  

HTH,
Herbert

 Kathy
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Question about rebuilding an older Debian system with vservers

2007-02-25 Thread Herbert Poetzl
On Mon, Feb 26, 2007 at 12:02:44AM +0100, Guenther Fuchs wrote:
 Hi there,
 
 on Sunday, February 25, 2007 at 11:41:47 PM there was posted:
 
 KK http://linux-vserver.org for installation on Fedora but have not
 KK seen anything about RH Ent Linux and how you would install it.
 
 RHEL is using a really old kernel (2.6.9) which is not supported by
 recent Linux-VServer patches. Therefore you would need to find some-
 one to donwgrade the patches back to that kernel - and also use the
 RHEL patches to the kernel as well.
 
 Therefore the official recommended way for RHEL is to use a vanilla
 kernel or instead use e.g. CentOS installation - wich certainly breaks
 the certification of RHEL.
 
 That means: At the moment there is NO way to have a recent Linux-
 VServer system using RHEL except then getting deep into coding and
 patching our RHEL yourself.

well, which IMHO voids the 'certification' anyway
unless you _are_ RedHat and the new kernel will
become the official one :)

  why bother with a debian install, when you
  are used to RedHat? just install Fedora or
  Mandriva on the host (with a Linux-VServer
  kernel) and restore the guests there, they
  will work regardless of the host distro ...
 
 Main recommendation goes finally to what Herbert recommended though -
 I'm for example using Fedora Core 6 on two AMD64 machines (1x Opteron
 Dual-Core, 1x Athlon XP) without any problems. Remember: Main work
 for the host is
 a) supplying the kernel including the network
 b) supplying the tools for the guest handling
 
 That can be (quite secure) done with nearly any available kernel - so
 if no special reason is for RHEL (e.g. certification) I also would
 recommend you to use e.g. Fedora, which is well spread, tested and in
 use (if you want a near RedHat system).

that is correct, fedora seems well maintained
in this regard ...

best,
Herbert

 -- 
 regards 'n greez,
 
 Guenther Fuchs
 (aka muh and powerfox)
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] keeping a mirror machine synched

2007-02-24 Thread Herbert Poetzl
On Sat, Feb 24, 2007 at 05:00:33PM +0100, Peter Mann wrote:
 On Sat, Feb 24, 2007 at 04:13:43PM +0100, Eugen Leitl wrote:
  I run a nightly script (over a private network) which does the
  following synchronisation from the production to the backup machine:
  rsync -a -e ssh /home/ [EMAIL PROTECTED]:/home/
  rsync -a -e ssh /usr/local/etc/vservers/ [EMAIL 
  PROTECTED]:/usr/local/etc/vservers/
  
  My vservers live in /vservers which is a symlink to /home/vservers.
  Apart from /usr/local/etc/vservers/ is there anything else I should synch?
 
 my tip: use rsync --numeric-ids  and --exclude vservers/name1/proc ...
 (and you can use rsync without -e ssh, because it's default in Debian;
 and maybe -e 'ssh -c blowfish')

if you are doing the sync over a trusted network,
then getting rid of the ssh/encryption part is
a big win, both for speed and for cpu overhead

if your network is the bottleneck, using the -z
(compression) will help too, otherwise the following
options might come handy: -axHP

 i'm using some similar rsync scripts ...
 
  Another question: Debian 4.0 is ante portas. Given that 3.1 had 
  everything way out of date, can one rely on stock vserver kernel
  and tools in Debian 4.0?

I hope I'm wrong, but to me it looks like the
new Debian release will already be outdated
when the release happens ...

but hey, that's the debian model ...

 i upgraded all my sarge host servers to etch ... some guest servers is
 still sarge, but almost all are etch ... there is problem with default
 debian vserver kernel in TESTING, but i have my own recompiled kernels
 and new debian kernels are almost ready for entering testing (and
 debian-installer etch rc2/final)

best,
Herbert

 -- 
 
 5o   Peter.Mann at tuke.sk
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] bug or feature

2007-02-23 Thread Herbert Poetzl
On Fri, Feb 23, 2007 at 06:30:15PM -0500, Adrien Laurent wrote:
 Hi,
 
 By mistake I assigned to a guest the same IP than the host.

on guest startup, it will have warned you
that the address was already assigned ...

 I stopped the guest...
 and I lost the host ip... 

a serial (or at least remote :) console
(which should really be part of any serious
hosting setup) would have helped here ...

 hard remote reboot...

well, you assigned it as ip which shall be
added on startup and removed on shutdown,
which is what it did ...

 Is it possible to forbid assignment of host ip to a guest ?

almost everything is possible nowadays :)

but it would not make sense to forbid that,
besides the fact that there is no way to
figure what ip is considered a 'host' ip

besides that, certain setups even require
that you share the host IPs with a guest

HTC,
Herbert

 Thanks,
 
 Adrien
 
 
 
 -- 
 Adrien Laurent
 (514) 284-2020 x 202
 [EMAIL PROTECTED]
 www.modulis.ca
 
 Technical questions? [EMAIL PROTECTED]

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] vcontext: vc_create_context(): Out of memory

2007-02-23 Thread Herbert Poetzl
On Fri, Feb 23, 2007 at 07:05:24PM +0900, Taisuke Yamada wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hi.
 
 Yesterday, I tried to find out absolute maximum number of
 virtualhosts I can host on my server, and got this message after
 40-50VMs:

yes, known issue with the debian kernel, if you
switch to mainline kernels, you will get to
roughly 5000-8000 contexts ...

   # vserver vh2-59 start
   vcontext: vc_create_context(): Out of memory
 
 This is much lower than expected limit (I have 4GB of memory),
 and contrary to above message, there is plenty of free memory:
 
   # free
  total used free  shared  buffers   cached
   Mem: 362  2365060  1268272   0   305952  1706888
   -/+ buffers/cache: 352220  3281112
   Swap:2907724   44  2907680
 
 I also checked ulimit, but all of them are either unlimited or
 huge enough. I did some searching and wondering if vserver is
 limited to 1G (due to 3G/1G split) of memory kernel can use, thus
 ignoring other 3GB.

nope, not at all, though with 4GB memory, the
1G/3G split would be better in most cases, but
again, this issue is not present in mainline
kernels, only in the debian ones ...

 Is this the case? In any case, how can I workaround this issue?

simple, get a 2.6.19.4 and patch it with a
recent patch, e.g. this one:

 http://vserver.13thfloor.at/Experimental/patch-2.6.19.4-vs2.2.0-rc14.diff

and the issue will be gone ... otherwise, wait
for the next debian kernel release, which will
hopefully fix this issue ...

 I'm using Debian GNU/Linux (sid/4.0), with 2.6.18-4-vserver-686
 kernel package. Current environment and vserver status are as follows:
 
   # vserver-stat
   CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
   0   54 259.8M  98.8M  10m35s34   2h46m59   1d19h03 root server
   492944   7.7M   2.5M   0m00s00   0m00s20   1m37s30 vh2-10
   492954   7.7M   2.5M   0m00s00   0m00s20   1m36s71 vh2-11
   ...
   493784   7.7M   2.5M   0m00s10   0m00s10   0m06s90 vh2-58

you should really switch to static contexts
too, because the dynamic ones are deprecated
for more than a year now and will go away
soon ...

   # vserver-stat | wc -l
   51
 
   # vserver-info
   Versions:
   Kernel: 2.6.18-4-vserver-686
   VS-API: 0x00020002
 util-vserver: 0.30.212; Dec  9 2006, 12:26:51
 
   Features:
  CC: gcc, gcc (GCC) 4.1.2 20061115 (prerelease)
 (Debian 4.1.1-20)
 CXX: g++, g++ (GCC) 4.1.2 20061115 (prerelease)
 (Debian 4.1.1-20)
CPPFLAGS: ''
  CFLAGS: '-Wall -g  -O2 -std=c99 -Wall -pedantic -W
 - -funit-at-a-time'
CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
 - -fmessage-length=0 -funit-at-a-time'
  build/host: i486-pc-linux-gnu/i486-pc-linux-gnu

you can probably improve overall performance
of the system, by not compiling for 486
machines too :)

Use dietlibc: yes
  Build C++ programs: yes
  Build C99 programs: yes
  Available APIs: compat,v11,fscompat,v13,net,v21,oldproc,olduts
   ext2fs Source: e2fsprogs
   syscall(2) invocation: alternative
 vserver(2) syscall#: 273/glibc
 
   Paths:
  prefix: /usr
   sysconf-Directory: /etc
   cfg-Directory: /etc/vservers
initrd-Directory: $(sysconfdir)/init.d
  pkgstate-Directory: /var/run/vservers
 vserver-Rootdir: /var/lib/vservers
 
   # dmesg
   Linux version 2.6.18-4-vserver-686 (Debian 2.6.18.dfsg.1-10)
 ([EMAIL PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian
 4.1.1-21)) #1 SMP Fri Feb 2 17:58:05 UTC 2007
   ...
   Use a PAE enabled kernel.
   3200MB HIGHMEM available.
   896MB LOWMEM available.

a 1G/3G split will give you slightly below
3GB lowmem, and you might consider disabling
highmem completely ... but YMMV

best,
Herbert
 
 Thanks in advance.
 - --
 Taisuke Yamada [EMAIL PROTECTED], http://rakugaki.org/
 2268 E9A2 D4F9 014E F11D  1DF7 DCA3 83BC 78E5 CD3A
 
 Message to my public address may not be handled in a timely manner.
 For a direct contact, please use my private address on my namecard.
 
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.1 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iD8DBQFF3rxj3KODvHjlzToRAoE5AJ4nDfuRX+GKSHrYePmmgpcxgs5J/wCgs2JD
 RTGqDpIt0DefrJIteprsOjo=
 =5yg+
 -END PGP SIGNATURE-
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] SYS_NICE bcap not working?

2007-02-21 Thread Herbert Poetzl
On Wed, Feb 21, 2007 at 04:04:41PM -0800, SADANAND Hegde (shegde) wrote:
 Hi,
  
 I am running Redhat Linux (2.6.14.3 Kernel) with
 util-vserver-0.30.210. 

quite an old kernel, so an update to 2.6.19
would probably be advised ...

 After starting 2 Guest OS, from one Guest OS, I
 am able to lower the priority of a process running
 in the 2nd Guest OS using 'renice' command.

 This should not be possible, right?

hmm, why not? lowering the priority is nothing
which would hurt anybody but yourself, raising
the priority above the default OTOH is

 As I understand, raising priority and setting 
 priority is controlled by the bcap SYS_NICE,
 and by default this should be off.

 But apparently this is not the case. I also 
 tried adding ~SYS_NICE to bcap list in
 /etc/guest-os-name/bcapabilities file.
 But it does not make any difference.

# chcontext --xid 42 --secure -- sleep 100 
# cat /proc/virtual/42/status
  UseCnt:   3
  Tasks:1
  Flags:00060200
  BCaps:344c05ff

  CCaps:0101
  Spaces:   0c00

http://linux-vserver.org/Capabilities_and_Flags

  23 0x0080  SYS_NICE

as you can see, SYS_NICE is not set, but similar
to normal Linux, lowering the priority (raising
the nice value) is permitted without SYS_NICE

 Should I do anything else to not allow raising
 priority ? or is this a bug in vserver?

so now it is raising priority? if that is indeed
the case (check the flags) please let me know

# renice -10 $$
renice: 2035: setpriority: Permission denied

 Any help in this regard is very much appreciated.

HTH,
Herbert

 Thanks,
   --Sadanand Hegde--

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Patch 2.6.20

2007-02-19 Thread Herbert Poetzl
On Mon, Feb 19, 2007 at 01:53:01PM +0100, Roman Fiedler wrote:
 Could it be that the line
 
 + #include linux/vs_base.h
 
 is missing in patch for fs/jffs2/ioctl.c (patch-2.6.20-vs2.3.0.10.diff)? 
 Adding it solved a compile error (dereferencing pointer to incomplete 
 type).

thanks, will be in the next release ...

best,
Herbert

 -- 
 DI Roman Fiedler
 Austrian Research Centers GmbH - ARC
 Biomedical Engineering / eHealth systems
 
 Reininghausstr. 13/1
 A-8020 Graz, Austria
 
 T: +43 (0) 316 586 570-10
 F: +43 (0) 316 586 570-12
 E: [EMAIL PROTECTED]
 H: www.eHealth-systems.at
 
 Did you hear about www.ehealth2007.at?
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] raising individual interface devices

2007-02-17 Thread Herbert Poetzl
On Sat, Feb 17, 2007 at 05:53:58PM +0100, Baltasar Cevc wrote:
 
 Hi Chuck
 
 Quoting Chuck [EMAIL PROTECTED]:
 is there a way to raise an individual interface device in a vserver
 without restarting the entire server?
 
 i am installing several vservers that will require various ip
 addresses for specific SSL certs added one at a time but should not
 down the entire service
 just to do so.. eg:
 
 eg:
 
 /etc/vservers/guestname/interfaces/0
 /etc/vservers/guestname/interfaces/1
 
 then i want to add
 
 /etc/vservers/guestname/interfaces/2
 
 and bring it alive without disturbing 0 or 1 or the operation of any
 services under them.

 Add the interface configuration, add the IP to the interface on the 
 host (ip addr add  dev yyy, as far as and enter the vserver 
 (using vserver enter); the newly opened session in the context 
 knows the new IP, too. So you may restart your Webserver then and use 
 the new IP.
 
 Sorry, I've accidently hit send - here's the complete text I wanted
 to write ;-)
 
 Add the interface configuration, add the IP to the interface on the
 host (ip addr add  dev yyy) - so the host knows the IP (which is
 normally done by vserver start). Then enter the vserver (using vserver
 enter); the newly opened session (your bash process or similar) in
 the context knows the new IP, too. So you may add it to your Webserver
 config and restart it (now having the newly assigned IP, too).

well, while this may work with some configurations
(especially older tools :) this works by chance and
not by design, and it will for sure stop working with
non legacy enabled kenels, which make proper use of
network contexts ...

the proper procedure is quite similar though:

 - add the ip to the host (ip addr add ...)
 - add the ip to the guest's network context
   # naddress --add --nid nid --ip ip/mask
 - enter the guest (best via ssh)
 - restart the services if required
   (most services will automatically start using
   the new addresses)
 - update the config to reflect the changes for
   the next guest restart (if desired)

HTC,
Herbert

 Hope that helps,
 Baltasar
 
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Network - How is it implemented?

2007-02-14 Thread Herbert Poetzl
On Tue, Feb 13, 2007 at 02:55:58PM +0100, Jaroslav Tomecek wrote:
 Hi,
 I'm writing some comparison of kernel-based virtualization machines. I 
 want to know something about Linux-VServer networking. I found something 
 (is it true?):
 1) There is no virtual network device.

  correct, Linux-VServer is based on IP Isolation
  this has two advantages:

 1) overhead is non existant, i.e. you get the full
performance of the system

 2) the guest does not need to worry about network
setup, and the host doesn't need to implement
switching or similar ...

  it also has some drawbacks, namely:

  - you cannot manipulate interfaces inside the guest
  - iptables and routing remains on the host, but
can be proxied (i.e. done via policy daemon)
 

 2) Host system works as router.

  well, yes and no, the host system works like any other
  Linux machine, so as a linux system can act as router
  the host can do so too

  networking is kept completely on the host, so nothing
  special (i.e. routing or bridging) is required to
  get the guests working ...

 3) Any communication among VPS is delivered through the host.

  networking happens on the host, guest-guest and
  guest-host traffic is considered local traffic, so
  all the local traffic rules apply there

 4) chbind binds some IPs to some process and its children.

  yes, there is a so called network context, which
  contains a set of 'allowed' IPs and netmasks, which
  will apply for all processes inside that context

 What about changes in original Linux binding to INADDR_ANY? 

  it will be limited to the subset of host IPs assigned
  to the network context

 How does it work now?

  quite fine actually :)

 Is it possible to make some sets of IP adresses with it? 

  yes, although we allow to special case the single ip
  case, by simply replacing INADDR_ANY with that ip,
  the general case is to have a set of (currently up to
  16) different IPs/masks per guest ...

 How? Could you give me some link please?

  sure, best have a look at the source ...
  http://vserver.13thfloor.at/Experimental/patch-2.6.19.3-vs2.2.0-rc12.diff

HTC,
Herbert

 Thanks Jarda
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Routing in VServers

2007-02-14 Thread Herbert Poetzl
On Wed, Feb 14, 2007 at 05:17:39PM +0100, Oliver Welter wrote:
 Hi Asier,
 
  Networking  firewall are not my strong points, so perhaps this could
  sound a silly question.
 
 There are only silly answers...
 
  I've five linux VServers, each with it's own _real_ IP address (not
  192.168.x.y, 10.x, etc). Each one has it's own services but I'd like to
  close access from outside to some ports, but allow full communication
  between the guests. The guests have valid IP addresses so I think
  [DS]NAT is not needed.
 
 Communication between the guests never crosses the iptables rules, 
 so you can safely use the toolset of your distro to block the ports
 from outside. 

ahem, wrong!

traffic between guests and traffic between guest and host
is handled as local traffic, and passes all the chains
appropriate for local traffic, which, and that is probably
what you meant, does _not_ include the FORWARD chains ...

 If you want to do it by hand, there are a lot of rulebuilder
 outside, but for simply blocking ports this should be sufficient:
 
 iptables -I INPUT -p tcp --dport 3306 -j DROP

http://www.faqs.org/docs/iptables/traversingoftables.html

note, in recent kernels the local tables can be selected
independantly IIRC ...

HTC,
Herbert

 Will drop all connections to mysql from outside. If you prefer a
 whitelist approach you can deny all incoming trafic by policy and only
 drill holes into the Firewall where needed - but this is a bit of magic
 as you can really riun your day if you lock yourself out of the box :)
 
 Oliver
 -- 
 Diese Nachricht wurde digital unterschrieben
 oliwel's public key: http://www.oliwel.de/oliwel.crt
 Basiszertifikat: http://www.ldv.ei.tum.de/page72



 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] apt-proxy on vserver host

2007-02-09 Thread Herbert Poetzl
On Fri, Feb 09, 2007 at 12:52:37PM +, Konstantinos Pachopoulos wrote:
 Hi,
 i am trying to set-up apt-proxy on the root server
 of my virtual network. 

good idea ...

 Do i need to tweak the iptables?

unless your current iptable setup doesn't permit
this, no

 In general, i think that i have to change the iptables
 settings only when vserver guests need to communicate
  with each other.

more the other way round, you have to use iptables
to stop the guests from communicating with eachother
(like normal hosts on a network would do)

HTC,
Herbert

 Thanks
   
 ___ 
 Copy addresses and emails from any email account to Yahoo! Mail - quick, easy 
 and free. http://uk.docs.yahoo.com/trueswitch2.html
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: quota problem

2007-02-08 Thread Herbert Poetzl
On Tue, Feb 06, 2007 at 08:55:11AM +0100, Jarek Dylag wrote:
 Hey,
 
 I still can't get quota working. I made some investigation and problem
 started after changes in namespace separation implementation made
 between:

it is still on my (very long :)' todo list, and
assumed everything goes as planned (it never does :)
I will get to that tomorrow ...

best,
Herbert

 patch-2.6.19-vs2.1.x-t4.diff
 and
 patch-2.6.19-vs2.1.x-t7.diff
 
 Jarek Dylag
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Mandriva ?

2007-02-08 Thread Herbert Poetzl
On Sun, Feb 04, 2007 at 04:10:19PM +0100, André Aerts wrote:
 Hello,
 
 did somebody already make a rpm of Vserver for Mandriva?

IIRC, there should be packages available
for util-vserver (userspace) in (or at least
related to) Mandriva 2007.x, if not, I'm
updating my personal packages every now and
then, and they should compile and work on
most Mandrake/-iva versions out there ...

for the kernel part, I'm not a big fan of
precompiled kernels, and I do not know of
any Mandriva specific packages either ...

 I also seek how to create a minimum install of Mandriva
 CS4 in my Vserver install

if you got the RPMs somewhere, the rpm
build method should work, given that you
know what to install ... a viable alternative
should installation via urpmi into a directory
starting with a few 'seed packages', which 
will drag in all the other stuff ...
I also heard that apt-rpm is supported, which 
might allow to bootstrap the guest via network
given that you know where the repositories are

HTH,
Herbert

 Thank you
 Andre
 

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] assigning an IP to each vserver guest

2007-02-08 Thread Herbert Poetzl
On Wed, Feb 07, 2007 at 09:33:11AM -0500, KyoungSoo Park wrote:
 Hello,
 
 I'm a newbie, 

newbies have one free, but next time, please do not
hijack threads [http://en.wikipedia.org/wiki/Thread_hijacking]
or your message will be ignored ...

 and I'm trying to assign an IP to each vserver guest.

 Specifically, I have three working IPs
 (128.112.136.35, 128.112.136.36, 128.112.136.37) but only
 one NIC (eth0) on a machine. I want to run three vserver
 guests but each vserver should only (and exclusively) use
 one of the IPs. 

that is actually the typical setup for Linux-VServer
guests, and thus it doesn't require any special setup

 How should I set up this?

create the guest with an interface option like this:

--interface eth0:128.112.136.35/24

(adjust the /24 to match your network prefix)

or, if they have been created already, modify the
entry in /etc/vservers/name/interfaces to contain
a single directory (e.g. '0') with the following
entries:

   ip (file with the ip, e.g. 128.112.136.35)
   prefix (file with the prefix, e.g. 24)
   dev (file with the device name, e.g. eth0)

 I checked the documentation, and this mailing list, 
 but I couldn't figure out yet. 

 What I've tried is to set something like
 
 IPROOT=128.112.136.36

that sounds like the deprecated legacy config we
abandoned roughly two years ago, so iif your tools
are still using this config, it's definitely time
to upgrade to newer ones (e.g. 0.30.212+)

 in /etc/vservers/guestX.conf, but everytime I run the 
 guestX, I always  see eth0 is mapped to 128.112.136.35,
 which is the the IP address of the machine as you ssh 
 into as root. I want to see this IP changed to
 128.112.136.36 in guestX when I ifconfig in guestX.

 Is this possible?

yes, the config descibed above will do exactly that

HTC,
Herbert

 Thanks,
 KyoungSoo
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] assigning a different IP to each vserver guest

2007-02-08 Thread Herbert Poetzl
On Wed, Feb 07, 2007 at 01:23:05PM -0500, KyoungSoo Park wrote:
 
 Sorry for the duplicate message. I thought the first message
 didn't get through. Anyway, I would greatly appreciate your
 answers!

see previous mail ...

best,
Herbert

 --KyoungSoo
 
 KyoungSoo Park wrote:
 Hello,
 
 I'm a newbie, and I'm trying to assign an IP to each vserver
 guest. Specifically, I have three working IPs
 (128.112.136.35, 128.112.136.36, 128.112.136.37) but only
 one NIC (eth0) on a machine. I want to run three vserver
 guests but each vserver should only (and exclusively) use
 one of the IPs. How should I set up this?
 
 I checked the documentation, and this mailing list, but I couldn't
 figure out yet. What I've tried is to set something like
 
 IPROOT=128.112.136.36
 
 in /etc/vservers/guestX.conf, but everytime I run the guestX, I always
 see eth0 is mapped to 128.112.136.35, which is the the IP address of
 the machine as you ssh into as root. I want to see this IP changed to
 128.112.136.36 in guestX when I ifconfig in guestX. Is this possible?
 
 Thanks,
 KyoungSoo
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] Re: quota problem

2007-02-08 Thread Herbert Poetzl
On Thu, Feb 08, 2007 at 09:54:16AM +0100, Joerg Maier wrote:
 Hi,
 
 only as a remark. I have quota now working with 2.6.19.3
 vs2.2.0-rc10 (I think rc10, it was 2 days ago i downloaded it).

question is, on what filesystem, and with what options

IIRC, ext3 is kind of hairy, as it supports two different
kinds of quote, a journaled one and the 'normal' ext2
quota stuff ...

 I think my issue was that /etc/mtab and /etc/fstab have to be correct.
 To get that i put them in /etc/vserver/name/apps/init/ (As far as i
 remember, only mail access ehre now).

yes, it _is_ essential to get proper values at mount
(real mount time) and mtab (for the guest)

thanks,
Herbert

 Regards, Joerg
 
 On Do, 8.02.2007, 06:55, Herbert Poetzl sagte:
  On Tue, Feb 06, 2007 at 08:55:11AM +0100, Jarek Dylag wrote:
  Hey,
 
  I still can't get quota working. I made some investigation and problem
  started after changes in namespace separation implementation made
  between:
 
  it is still on my (very long :)' todo list, and
  assumed everything goes as planned (it never does :)
  I will get to that tomorrow ...
 
  best,
  Herbert
 
  patch-2.6.19-vs2.1.x-t4.diff
  and
  patch-2.6.19-vs2.1.x-t7.diff
 
  Jarek Dylag
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
  ___
  Vserver mailing list
  Vserver@list.linux-vserver.org
  http://list.linux-vserver.org/mailman/listinfo/vserver
 
 
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] routing between host and guest

2007-02-06 Thread Herbert Poetzl
On Tue, Feb 06, 2007 at 02:20:40PM +0100, ADNET Ghislain wrote:
 Hello,
 
 I have some trouble with the routing between host and guest. 

I doubt that, as there is none :)

 I have guest having a 10.x ip and a public ip different 
 from the host public IP. 

in the same network, or on different networks?

 I have setup DNAT and SNAT between the 10.x and guest 
 publicip and it works from outside 

hmm, the guest has been assigned both ips?
why would you do NAT on the guest then?

 but i cannot telnet port 80 into my guest from the host 

port 80 is usually used for http, so 'telnet in'
is probably the wrong approach ...

 nor telnet on my guest public ip from inside the guest itself.

check on the host with tcpdump for details on
the traffic

 Anyone can point a little how-to on this i googled but failed to
 find one ?

the general rule is, it is a linux system,
with all networking 'on the host' and ip isolation
for the guests, nothing more, nothing less

I'd suggest to remove the NAT if the guest already
has a public IP (as it is not very useful then)

HTH,
Herbert

 using 2.16.19.2 with 2.2.0rc10 patch on debian
 
 -- 
 Cordialement,
 Ghislain



 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


Re: [Vserver] kernel panic on vs2.2.0-rc11

2007-02-06 Thread Herbert Poetzl
On Tue, Feb 06, 2007 at 10:55:56AM +0100, Jarek Dylag wrote:
 Hi,
 
 My test server crashes after executing :
 
 vserver name exec
 or
 vserver name enter
 
 I tested:
 patch-2.6.19.2-vs2.2.0-rc9.diff
 patch-2.6.19.3-vs2.2.0-rc11.diff
 
 Last version without this issue is vs2.2.0.rc8.7.
 Opps in attachement.

could you do a 'cat /proc/virtual/status'
just before and right after the 'evil' exec
and also provide the guest config you are
using?

TIA,
Herbert

 Jarek Dylag

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


  1   2   3   4   5   6   7   8   9   10   >