Re: [Vserver] nfs permissions issues

[Herbert Poetzl]

On Wed, Jul 18, 2007 at 04:46:04PM +0100, Ben Brown wrote:
> Ben Brown wrote:
> >Which Kernel option is that? Debian has been *really* helpful and spread 
> > the vserver config about all over the place :S
> 
> 
> Scratch that, I found it:
> 
> CONFIG_VSERVER_LEGACY=y
> # CONFIG_VSERVER_LEGACY_VERSION is not set
> CONFIG_VSERVER_LEGACYNET=y
> CONFIG_VSERVER_PROC_SECURE=y
> CONFIG_VSERVER_HARDCPU=y
> CONFIG_VSERVER_HARDCPU_IDLE=y
> # CONFIG_INOXID_NONE is not set
> # CONFIG_INOXID_UID16 is not set
> # CONFIG_INOXID_GID16 is not set
> CONFIG_INOXID_UGID24=y
> # CONFIG_INOXID_INTERN is not set
> # CONFIG_INOXID_RUNTIME is not set
> # CONFIG_XID_TAG_NFSD is not set
~~~
so, NFS tagging is disabled, and unless there
is a bug in the debian kernel, you should not
experience any issues with sharing files over
NFS (except for the usual NFS issues of course)

> # CONFIG_VSERVER_DEBUG is not set
> CONFIG_VSERVER=y
> CONFIG_VSERVER_SECURITY=y
> 
> Any suggestions?

please try with a vanilla kernel if you can
reliably trigger it somehow (vs2.2.0.2) and
let me know how that goes ...

TIA,
Herbert

> 
> Thanks,
> 
> Ben
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] nfs permissions issues

[Herbert Poetzl]

On Tue, Jul 17, 2007 at 03:35:20PM +0100, Ben Brown wrote:
> I'm having a very strange problem with vserver, and can't find any 
> information on google etc.
> 
> I have a host machine with a vserver, running the debian vserver
> kernel (linux-image-2.6.18-4-vserver-686) on debian etch.
>
> The host machine is mounting an nfs share, in a location within the
> vserver root, e.g. /local/vservers/foo/share
>
> Every now and then, some users in the vserver can see other user's
> files. This is fixed for a brief period of time by rebooting the host
> box, but it always returns.
>
> It is not always happening for the same users, and it is only ever a
> small group of users (about 20 or so out of around 7000) each time.

I don't know what options the debian folks used
for their kernel, but maybe NFS tagging is
enabled in your client (host) but not on the
filer, which might cause some confusion ...

also, if that dir is indeed shared, you actually
want to disable the tagging for this mount

HTH,
Herbert

> Has anyone experinced anything like this, or does anyone have any
> ideas I can try?
> 
> Thanks,
> 
> Ben
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Bug on 2.6.22

[Herbert Poetzl]

On Sat, Jul 14, 2007 at 09:53:21AM +0200, [EMAIL PROTECTED] wrote:
> Hello
> 
> I was testing linux-2.6.22-vs2.2.0-rc5 and it crashes after 
> 30 hours : here is the kern.log
> 
> http://paste.linux-vserver.org/4555

tx for the feedback, should be fixed in vs2.2.0.2(-rc1)

please let us know if it fixes the issue for you too

TIA,
Herbert

> srvweb:/var/log# vserver-info
> Versions:
>Kernel: 2.6.21.5-vs2.2.0-rc3
>VS-API: 0x00020200
>  util-vserver: 0.30.213; Jun 16 2007, 14:53:27
> 
> Features:
>CC: gcc, gcc (GCC) 4.1.2 20061115 (prerelease)
> (Debian 4.1.1-21)
>   CXX: g++, g++ (GCC) 4.1.2 20061115 (prerelease)
> (Debian 4.1.1-21)
>  CPPFLAGS: ''
>CFLAGS:
> '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time'
>  CXXFLAGS:
> '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'
>build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
>  Use dietlibc: yes
>Build C++ programs: yes
>Build C99 programs: yes
>Available APIs: compat,v11,fscompat,v13,net,v21,oldproc,olduts
> ext2fs Source: e2fsprogs
> syscall(2) invocation: alternative
>   vserver(2) syscall#: 273/glibc
> 
> Paths:
>prefix: /usr/local
> sysconf-Directory: ${prefix}/etc
> cfg-Directory: ${prefix}/etc/vservers
>  initrd-Directory: $(sysconfdir)/init.d
>pkgstate-Directory: ${prefix}/var/run/vservers
>   vserver-Rootdir: /opt/vservers
> 
> It crashes when  i just stop and restart a vserver.
> 
> pmenier
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Testing if subscribing works

[Herbert Poetzl]

On Mon, Jul 16, 2007 at 09:11:49AM -0700, Dallas Kashuba wrote:
> I've updated the wiki with information that seems to work for me...
> 
> http://wiki.linux-vserver.org/Communicate
> 
> "You can subscribe by emailing [EMAIL PROTECTED]  
> with subject 'subscribe'.  To unsubscribe just send the email with  
> subject 'unsubscribe'.  You must send the email from the address you  
> are subscribed as, and look out for the confirm message that will be  
> sent back to you from the list.  Once you confirm you will either be  
> subscribed or unsubscribed."
> 
> 
> I just subscribed myself to the list using this method a few weeks  
> ago. And I just tested unsubscribe and it also seems to work (it  
> sends a confirm message but I didn't confirm).
> 
> I'm just another subscriber like you guys and I figured this out  
> through some trial and error, and a little knowledge of Mailman.   
> Somebody really should fix the web interface, but the email interface  
> seems to be fully functional.

we would if we could :(

problem is, the guy who is maintaining the list
(and thus the mailman interface) cannot be reached
for some time (6 month) and we have no real access
to the current subscription list, thus it would be
suboptimal to simply create a new list ...

I'm still hoping we manage to contact/find him and
then we can finally move the list somewhere else

if you want to help, please try to contact/find the
guy (Martin List Peterson) so that we can fix this
once and for all ...

TIA,
Herbert

>   Dallas
> 
> 
> On Jul 16, 2007, at 12:57 AM, Eddy Vervest wrote:
> 
> >and unsubscribe?
> >
> >Please, get me of this list.
> >
> >Eddy
> >
> >>-BEGIN PGP SIGNED MESSAGE-
> >>Hash: SHA1
> >>
> >>Hi,
> >>
> >>just testing if list subscription properly works contrary what the  
> >>Wiki
> >>tries to tell.
> >>
> >>cheers,
> >>- - Markus
> >>
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Anounce: CentOS 5 guest image

[Herbert Poetzl]

On Mon, Jul 16, 2007 at 08:16:41AM -0500, Sandino Araico Sánchez wrote:
> Daniel Hokka Zakrisson wrote:
> > Sandino Araico Sánchez wrote:
> >   
> >> Yum is marked unstable in Gentoo. It works sometimes but i got used to
> >> unpacking the guest image and running a script that creates the config
> >> directory and the config file... It takes me about 20 minutes to setup a
> >> new vservar and have it running
> >> 
> >
> > What config file? You're also aware of vserver ... build -m template, yes?
> >   
> I am aware of build -m template but most of the parameters are the same
> for all my vservers so I hardcoded them in a script so I can use it with
> a small config file with only the values that change. It's not rocket
> science to create a config directory with all the correct values.
> 
> The script is not general purpose. It's designed for the defaults I use
> in all my vservers (no more than 50 lines of code)... It's not intended
> to reinvent the build -m template; It's just a customization for my
> service.
> > 20 minutes does seem like a long time, especially if it doesn't include
> > downloading the guest. What else is your script doing?
> >   
> 20 minutes from registering the new vserver in the DNS, connecting to
> the server, to creating the new vserver, verifying everything works and
> sending notification to the customer
> >   
> >> Yum in Gentoo is sensitive to upgrades of dependencies; it breaks
> >> easily Whenever Yum breaks It's easier to unpack a guest image than
> >> revdep-rebuild.
> >> 
> >
> > So, pin the few packages it does depend on? Seems to me like you're
> > unnecessarily complicating the procedure.
> >   
> LibXML2 with USE=python (for example) ... My opinion is that the host
> server installation should be as minimal as possible and as hardened as
> possible Yum depends on ~10 packages I don't need for anything else.
> I can install yum and revdep-rebuild every time It breaks (I know it
> breaks every now and then), but I don't gain a huge beneffit over
> unpacking a host image and running a configuration script..
> 
> Now, think about supporting not only CentOS but also Fedora, Ubuntu,
> Debian, Slackware, Gentoo, SuSE, an embedded system a friend jut cooked,
> I will end up with lots and lots of new dependency packages and several
> distinct installation procedures instead of a single unified procedure
> of unpacking a host image and running a configuration script.
> 
> Perhaps you are underestimating the usefulness of host images... Perhaps
> a general purpose procedure could be a build -m template install
> followed by unpacking a host image of the Linux distro of your choice.
> If you have many vservers with many different distros you don't need to
> install all the distro-specific tools; you just need to unpack the host
> image and that's it.

hum, that is what the template build method usually does?

(from vserver - build --help)
template... -- (-t )+ [-d ]
...  installs a guest using tarball(s)

best,
Herbert

> -- 
> Sandino Araico Sánchez 
> edce71952773051c884f6a49cc194445 8a3ac99fbf88d0c58677ffd9706081bb5471b756
> 2bc1ad9b84e28ba8725ee0008c80a7f0 5945bcf00844d5a421f7b66e3c5c28467e48f2bc
> --
> 2d188949024d886941f4dff4f500918d 510f47aeec377edb804439a0dae774b9d94269b9
> 0732340cb5d7e7e456e091f11ae3dcb1 f78a9751c2b8f4af0b56f9f175f20172c2c38847
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] df -h output incorrect when using quotas

[Herbert Poetzl]

On Mon, Jul 02, 2007 at 01:00:41AM +0200, diego torres wrote:
> Hi outthere!
> 
> Has anyone got an explanation to this? Running a more-or-less updated
> system
> 
> # uname -a
> Linux anthalia 2.6.21.3-vs2.2.0-rc1 #1 SMP Wed Jun 6 01:01:04 CEST 2007 i686 
> GNU/Linux
> 
> And after ensuring that all the files under a particual guest are
> tagged as being property of the host with chxid, this two outputs
> differ by such a large amount of bytes:
> 
> #du -sh
> 3,9G/home/vservers/services/
> 
> inside the guest:
> # df -h
> FilesystemSize  Used Avail Use% Mounted on
> /dev/hdv1 6.0G  407M  5.3G   8% /
> none  1.0G  4.0K  1.0G   1% /tmp

did you configure the start values correctly?

what tools do you use (util-vserver version)?

TIA,
Herbert

> Thanks in advance!
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vpnc on vserver guest

[Herbert Poetzl]

On Fri, Jul 06, 2007 at 12:55:53PM -0500, Randall Smith wrote:
> I'm trying to give access to a Cisco vpn to a vserver guest, either 
> directly by launching vpnc or indirectly through the host running vpnc.
> 
> The problem with launching vpnc on the guest is that it can't create the 
> tun interface.  I'm not sure why traffic doesn't forward between the 
> guest and host.  I'm guessing it's because the guest doesn't see the tun 
> interface that vpnc creates.
> 
> Either way would be nice.  Any pointers?

create the tun interface on the host (make sure it is
the proper type -- tun vs. tap) and make it persistent,
then start the guest and let the vpnc use the persistent
tun device (after assigning the proper ip to the guest)

(works with openvpn and friends)

HTH,
Herbert

> Randall
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [VServer]: Question about iunlink attributes

[Herbert Poetzl]

On Wed, Jun 27, 2007 at 02:45:56PM -0700, Eric Deschenes wrote:
> Hi VServer Experts,
> 
>I have a question about iunlink attributes.
> 
>Problem description:
>---
>The issue I'm facing right now is that setting attributes using 
> "setattr --iunlink " does not survive a unmount/mount operation.
> 
>I'd like to know if the attributes IU are stored in the file system 
> or in the memory somehow.
> 
>Setup:
>--
>I use vserver version 2.0.1 with vserver-util 0.30.210 - I'm limited 
> to this patch by my project's kernel version :(
>I use reiserfs.
> 
>More background info:
>--
>I use the pre-COW links vserver image and vserver-utils. I'm using 
> setattr to actually restrict some files from the vserver instances to 
> prevent application in the vserver to modify those files (link targets).
>What I'm currently seeing is that when I use "setattr -iunlink 
>  on a link (inside the vserver), I can see it take effect with 
> showattr (so good so far), but those attribute go away when I unmount 
> the partition and remount it. (I tried without rebooting and I'm sure 
> this is the cause of the attribute lost)
> 
>I assumed that the setattr flags for iunlink (UI) where set in the 
> file system and were non-volatile (survive a unmount/mount operation).

yes, but only when you are using the 'attrs' flag for
the reiserfs mount ...

>Is this the expected behavior?
>Is there a workaround or documentation that could help me out with this?

in this specific case, you also want to use the
following bugfix (as we found out :)
probably not the only one left in 2.0 ...

http://vserver.13thfloor.at/Experimental/OBSOLETE/delta-2.6.14.3-reiserfs-fix01.diff

best,
Herbert

> Thanx for your time.
> 
> 
> /Éric
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] best timer freq to use?

[Herbert Poetzl]

On Thu, Jun 14, 2007 at 03:55:31PM -0400, Chuck wrote:
> also, have the vserver systems been tuned around a certain timer frequency?
> 
> 100? or 1000? or in between somewhere? for best efficiency still allowing 
> remote terminal responsiveness under extremely heavy loads?

100 will give better overall resource utilization
and allow the system to get slighly more work done,
1000 OTOH, will increase responsiveness and reduce
latencies slightly, for the cost of slightly higher
overhead from the task switching ...

usually 100 is more than fine for non interactive
systems and up to 50 guests, but you might want to
raise that to 250 or even 1000 for 100 and more
guest systems ...

HTC,
Herbert

> -- 
> 
> Chuck
> 
> 
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Debian guest on a Gentoo Host?

[Herbert Poetzl]

On Wed, Jun 13, 2007 at 06:44:35PM +0200, Benedikt Boehm wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> jepa kazol wrote:
> > Hi guys,
> > I am trying to move all of my gentoo servers to debian and for now I am
> > trying to install a debian guest vserver on a gentoo host. But I
> > couldn't find out how to do that. Is there anyone on this list did the
> > job? Please share your experiences with me...
> 
> emerge debootstrap '>=sys-cluster/util-vserver-0.30.213'

hmm, actually I think the tools should download the
debootstrap themselves, but of course, you can pre-
install it as well ...

best,
Herbert

> vserver  build -m debootstrap  -- -d etch -m
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGcB7zmPFBzbX68WERApUrAJkBt2BM13bE7m8i3inasJM5I79YXwCfcYKj
> 2EDDVhaZzSuF5Kz+SNiMjxY=
> =OjkG
> -END PGP SIGNATURE-
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] disk scheduling ?

[Herbert Poetzl]

On Wed, Jun 06, 2007 at 10:36:25AM +0930, Admin wrote:
> On Wed, 6 Jun 2007 03:07:37 am Nicolas Cadou wrote:
> > Le Tuesday 5 June 2007 06:52, Tony Lewis a écrit :
> > > Nicolas Cadou wrote:
> > > > Le Sunday 3 June 2007 02:15, Tony Lewis a écrit :
> > > >> My context is this: one vserver runs a popular web site, and on
> > > >> another one, occasionally I shift multi-gig files around, with cp. 
> > > >> When I'm doing that, the website vserver grinds to a halt - well,
> > > >> responds to requests quite slowly anyway.
> > > >
> > > > Instead of cp I use rsync --bwlimit=7000, which throttles I/O to a bit
> > > > less than 7MB/s. Works for local disk-to-disk copying, and works quite
> > > > well.
> > >
> > > There's always a workaround, but that's the same as renice'ing processes
> > > on one vserver to be cognisant of the needs of another vserver.  It's
> > > what the CPU limiting handles, so vservers can be more autonomous.
> >
> > I never came to try it, but this might help:
> >
> > http://linux-vserver.org/Frequently_Asked_Questions#Disk_I.2FO_limiting.3F_
> >Is_that_possible.3F
> 
> A while back I made some patches for util-vserver and a vserver-patched 
> kernel 
> which implemented ionice support
> 
> http://www.users.on.net/~anonc/.patches/vserver/
> 
> the readme.txt file has details on requirements and usage
> 
> it should be simple to adapt these to the latest releases.

maybe it would make sense to put guests (by default
or via option) into the idle class on a Linux-VServer
system/kernel?

best,
Herbert

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] disk scheduling ?

[Herbert Poetzl]

On Wed, May 23, 2007 at 01:07:55AM +0200, Attila Csipa wrote:
> A question - is it possible to have something like the CPU token  
> mechanism, but for IO operations (f.e. hdd-s) ?   

there is, but the main problem here is that most of
the I/O is done asynchronous, i.e. it is not done
by the context itself, but by the kernel in general

> I have a problem where one of the contexts is really heavy on IO and  
> I'd try to limit that.

the question here is, _why_  .. maybe your service
really has a high I/O demand, maybe the service is
just badly configured ...

> The scheduler is CFQ, but that does not help much on itself, it's 
> not the scheduling itself that is the problem - if the HDD activity   
> is high, an another context, running apaches will slow down serving   
> files. Running out of children bc of the slowdown apache will start   
> forking new processes to fullfill the incoming demands, this however  
> triggers swapping after running out of ram which in turn makes
> everything even slower, starting a nasty IO bound load spiral.

well, IMHO the configuration needs some adjustments
here, for example, apache should not spawn more
workers than the memory can handle (note that workers
can serve more than one request)

> To make things (maybe) even harder, the IO intensive context is not   
> actually reading/writing all that much data but rather seeking among  
> small blocks of it.   

hmm, maybe it would be possible to keep th relevant
parts in memory, or at least use an index?

> Is there a recommended/usual way of solving IO bound problems among   
> vservers ?

really depends on the problem, my general advice is
to separate I/O bound guests and put them on a really
fast I/O system ...

> Putting in CPU limits or tokens does not help as the CPU-s are
> spending their time on idle or waiting even now so they are always
> full of tokens.

not unusual ... we thought about adding (or in this
case substracting) a penalty for I/O operations, maybe
that would be a viable solution for this kind of cases,
but I think that still needs some testing ...

HTC,
Herbert

> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] New dedicated box for linux-vserver.org

[Herbert Poetzl]

On Tue, May 29, 2007 at 09:41:52AM +0200, Benedikt Boehm wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Benedikt Boehm wrote:
> > Hi all,
> > 
> > as some of you may already have noticed, the web services have
> > experienced some outages during the last weeks, mostly because the
> > machine is heavily overloaded.
> > 
> > Fortunately my employer (www.newthinking-communications.de) has
> > donated a dedicated box for the Linux-VServer project. I have just
> > received the confirmation of our hoster, our new box is an Opteron
> > 1218 Dual Core, 4G RAM, 2x300G HDD, so it should be enough ;)
>
> Finally, the last guest has been moved (database), and things should
> be stable again from now on.

thanks for your commitment, time and efford!
we appreciate it!

best,
Herbert

> Sorry for the inconveniences,
> Bene
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.4 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGW9lAmPFBzbX68WERAnaGAJ45lxaGlek+uM3OVZiqtC7VBbf+VwCeKLyt
> XAGw7LNcPOaw2UOFpmacqIE=
> =YH/8
> -END PGP SIGNATURE-
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] yum update screwed centos guest

[Herbert Poetzl]

On Sat, May 19, 2007 at 10:56:30AM -0400, Chuck wrote:
> On Saturday 19 May 2007 09:59, Daniel Hokka Zakrisson wrote:
> > Chuck wrote:
> >
> > > we run some centos4 x86_64 guests. just did a yum update today on
> > > my template and it screwed up the guest. i do not know all of the
> > > damage yet, it appears to run and the services appear to run but
> > > vserver  enter no longer works. thankfully i always use
> > > the template for update testing first ... whew..
> > >
> > > i get this when i try: vlogin: openpty(): No such file or
> > > directory
> > >
> > > any clues where to look? or should i just restore from a backup
> > > and never use yum update again? it appears it changes what it will
> > > with no regard for existing configuration files.
> > 
> > It has nothing to do with configuration files. You just lost a
> > (few?) device nodes. Recreate or restore /dev from a backup, or
> > another guest.
> 
> oh.. ok so then yum messes with devices as well.. maybe.. ok will do
> that... might have to put that into a script if it keeps doing this
> every restart..

you might configure a readonly bind mount for /dev
which should save you from this and similar trouble

HTH,
Herbert

> > -- 
> > Daniel Hokka Zakrisson
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> 
> -- 
> 
> Chuck
> 
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose 
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] debian host wants centos guest

[Herbert Poetzl]

On Sat, May 12, 2007 at 11:16:33PM +0200, Daniel Hokka Zakrisson wrote:
> [EMAIL PROTECTED] wrote:
> >>thanks  ,
> >>
> >>
> >>i setup the beast and have yum installed but..:
> >>
> >>bash-3.00# yum update
> >>Setting up Update Process
> >>Setting up repositories
> >>not using ftp, http[s], or file for repos, skipping - Null is not a valid
> >>release or hasnt been released yet
> >>Cannot find a valid baseurl for repo: update
> >>Error: Cannot find a valid baseurl for repo: update
> >>
> >>i cannot seems to make this works :)
> >>using vyum on the host works (this is how i setup yum on the guest. But
> >>inside it it fails :(
> >>
> >>  i tried to install whitebox linux but i failed also to find how to build
> >>the guest so i stick with centos :)
> >>
> >hi,
> >
> >i have some finished centos 5 images for linux vserver:
> >http://www.cryptronic.de/wiki/Vserver_en:images_for_openvcp
> >
> >to get yum working:
> >
> >edit /etc/yum.repos.d/CentOS-Base.repo
> >
> >and replace $releasever and $basearch with hardcoded values eg
> >$relesevar: 5
> >$basearch: i386
> >
> >after that yum works quite fine.
> 
> Why would you do that? Why doesn't it have centos-release installed, and 
> why can't it figure out the architecture on its own?
> 
> >best regards
> >
> >oliver werner
> >
> >htpt://www.cryptronic.de
> 
> What's HTPT? ;-)

a tpyo :)

have fun,
Herbert

> -- 
> Daniel Hokka Zakrisson
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

[Herbert Poetzl]

On Sat, May 12, 2007 at 08:20:01PM -0500, Corey Wright wrote:
> On Sat, 12 May 2007 17:36:24 +0200
> Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> 
> > On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote:
> > > The problem is caused by running out of space on /tmp. 
> > > You mount that on tmpfs, specified in fstab in the 
> > > vserver-config dir:
> > > >>>>
> > > none   /tmptmpfs   size=16m,mode=1777  0 0
> > > >>>>
> > > If you remove or comment-out this line (or increase 
> > > the size), it works.
> > 
> > nice one, tx, btw, 16MB for /tmp should be more
> > than sufficient for properly written programs,
> > (larger temporary files go to /var/tmp)
> 
> i must respectfully disagree.  i have never heard of such 
> a rule and the FHS 
> (http://www.pathname.com/fhs/pub/fhs-2.3.html#VARTMPTEMPORARYFILESPRESERVEDBETWEE)
> doesn't include that justification either.

no, actually the FHS doesn't tell anything about large
vs. small files and /tmp vs /var/tmp, except for the
fact the /var/tmp must not be deleted on boot :)

but it is 'common practice' that /tmp is often kept
in memory and thus only provides limited space compared
to ~/tmp or /var/tmp ... YMMV

> and that is why i am on record as saying:
> 
> > btw, i hate that useless default 16 MB tmpfs mount within the guests
> > and removing it from /etc/vservers/guest/fstab is one of the first
> > things i do upon creating a new guest.
> - http://www.paul.sladen.org/vserver/archives/200702/0014.html

well, the mount is not really useless, on the contrary,
it can reduce the overall I/O bandwidth significantly,
and thus improve system performance ... but of course,
everybody is free to resize or remove it ...

> when i last cared to check which directory applications used for
> temporary files (to insure libpam-tmpdir, "automatic per-user
> temporary directories", was effective) i only ever saw used "/tmp"
> (hard-coded unfortunately), TMP, or TMPDIR and those variables do not
> distinguish between maximum temporary file size.

you must be using very old software ...

$ mktemp 
/home/bertl/tmp/tmp.kNGjY29655

> i consider this the only "wart" of linux-vserver.

feel free to remove it for your installations ...

best,
Herbert

> corey
> -- 
> [EMAIL PROTECTED]
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] possibly dumb question

[Herbert Poetzl]

On Sat, May 12, 2007 at 10:51:49AM -0400, Chuck wrote:
> i am installing a workstation which i have no plans to use as a
> vserver host however there may be that possibility in the mid to far
> future...

if you add the Linux-VServer patches, you will find
an application for the features sooner than you think
(e.g. limit a service to certain ips, use the CoW
link breaking to save diskspace ...)

> are the kernels produced with the vserver patches 'improved' over std
> kernels and generally work better? or is it by its nature causing
> slight overhead compared to without?

if there is noticeable overhead, it is considered a
bug and should be reported :)

> i guess it boils down to use vserver patches on a normal workstation
> kernel or not? i have this undefined suspicion it is better with but
> would like a more factual answer :)

well, it should not hurt, of course, if you don't
need it, and/or already patched your kernel with
several other patches, I would not compile it in
just for the fun of doing it ...

HTH,
Herbert

> -- 
> 
> Chuck
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

[Herbert Poetzl]

On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote:
> Hello,
> 
> > I made a package of my guest 'gis' (about 465 MB):
> > /etc/vservers/gis (config of the image)
> > /vservers/gis (home of the guest images)
> >
> > http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2
> 
> ok, i've tried it.
> 
> The problem is caused by running out of space on /tmp. 
> You mount that on tmpfs, specified in fstab in the 
> vserver-config dir:
> 
> none   /tmptmpfs   size=16m,mode=1777  0 0
> 
> If you remove or comment-out this line (or increase 
> the size), it works.

nice one, tx, btw, 16MB for /tmp should be more
than sufficient for properly written programs,
(larger temporary files go to /var/tmp)

best,
Herbert

> Jan

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Hashify 'etch' trouble?

[Herbert Poetzl]

On Thu, May 10, 2007 at 08:53:30PM +0200, Eugen Leitl wrote:
> On Thu, May 10, 2007 at 05:46:48PM +0100, Ben Green wrote:
> 
> > What I want to know is can vhashify be used within older vserver 
> > setups, specifically Debian 'etch' with it's none COWed kernel. What
> > precautions would I need to take and what things can't I do inside
> > these guest servers?
>
> I've been attending a Sun workshop yesterday (about Solaris 10,
> zones/containers, and HA). There's a number of close similiarities
> between HA on linux, and Linux paravirtualization technologies
> with Solaris zones/containers. Instead of vhashify (and symlinks)
> they're using loopback filesystem (LOFS) to minimize space for shared
> resources. I'm not sure why they chose that way, and didn't go for
> simple symlinks.

well, first, we do not use symlinks for a good reason,
and second, with the loopback filesystem, which is more
like an overlay filesystem and/or --bind mount, the
actual saving is not as good as with hardlinks ...

best,
Herbert

> -- 
> Eugen* Leitl http://leitl.org";>leitl http://leitl.org
> __
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: Re: Re: java crash in vserver...

[Herbert Poetzl]

On Wed, May 09, 2007 at 08:18:06AM +0200, Thomas Besser wrote:
> Hi Jan,
> 
> Jan Zuchhold wrote:
> > it's working fine for me:
> > 
> 
> > 1512 [INFO] org.geotools.referencing.factory.epsg.HSQLDataSource -
> > Creating cached EPSG database. It may take a few minutes.
> > 17611 [main] INFO org.springframework.web.context.ContextLoader - Using
> > context class
> > [org.springframework.web.context.support.XmlWebApplicationContext] for
> > [root
> > WebApplicationContext
> > 17611 [main] INFO org.springframework.web.context.ContextLoader - Root
> > WebApplicationContext: initialization completed in 16212 ms
> 
> > 
> 
> > vserver:~# cat /etc/issue
> > Debian GNU/Linux 4.0
> > 
> > vserver:~# java -version
> > java version "1.6.0"
> > Java(TM) SE Runtime Environment (build 1.6.0-b105)
> > Java HotSpot(TM) Server VM (build 1.6.0-b105, mixed mode)
> > 
> > host:~# uname -r
> > 2.6.20.11-vs2.2.0.k7-smp-070502
> 
> Thanx for testing. I have no clue, what my problem is and no idea how to
> resolve this.

maybe you could package up your guest (maybe
after some cleanups to preserve privacy and
reduce size), and upload it somewhere, and
maybe some folks who already had success with
your installation do the same, then try each-
others guests and see what happens ...

if the kernel/config is to blame, then your
guest should work fine on another system and
the other guest should fail on yours, no?

HTH,
Herbert
 
> Perhaps you could send me via pm your installed packages
> (dpkg --get-selections > packages) of your host and guest?
> 
> Regards
> Thomas
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

[Herbert Poetzl]

On Wed, May 09, 2007 at 10:39:06AM +0200, Thomas Besser wrote:
> Asier Baranguán wrote:
> 
> > Thomas Besser escribió:
> > 
> >>> Guest have the CAP_NET_BROADCAST and CAP_SYS_RESOURCE enabled. Perhaps
> >>> you can try with other kernel.
> >> 
> >> I tried several kernels till now.
> >> 
> >> Whats about this CAP_SYS_RESOURCE and where/how to set it? In host or
> >> guest?
> > 
> > You must write it in the bcapabilities file under the vserver
> > configuration folder. It's as simple as:
> > 
> > root # echo CAP_SYS_RESOURCE > /etc/vservers//bcapabilities
> > 
> > Or if you have the file, add it:
> > 
> > root # echo CAP_SYS_RESOURCE >> /etc/vservers//bcapabilities
> > 
> > And restart the vserver. You have some info about the capabilities and the
> > meaning of this files in the linux-vserver page.
> > 
> > http://linux-vserver.org/Capabilities_and_Flags
> > 
> > http://linux-vserver.org/util-vserver:Capabilities_and_Flags
> 
> Thanx, tried CAP_SYS_RESOURCE. Nothing changed.

not unexpected, giving any capabilities beyond the
default set can be considered a (sometimes severe)
reduction in guest security (i.e. you are handing
over control to host specific parts which can be
used either for DoS or in most cases direct control
over host specific entities)

CAP_NET_BROADCAST is not critical, as it is currently
unused :)

best,
Herbert
 
> Regards
> Thomas
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: java crash in vserver...

[Herbert Poetzl]

On Fri, May 04, 2007 at 11:43:24AM +0200, Thomas Besser wrote:
> Herbert Poetzl wrote:
> > could you try that on a release kernel, e.g.
> > 2.6.19.7-vs2.2.0 or 2.6.20.11-vs2.2.0?
> 
> I only found 2.6.20.4-vs2.2.0 on http://linux-vserver.org/

as usual, updates and new test releases can be
found here: http://vserver.13thfloor.at/Experimental/

> With that starting of vserver guest fails:
> 
> vplaystation:~# vserver-stat
> CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
> 0   53 111.6M49M   9m19s31   1m21s15  19h41m17 root server
> vplaystation:~# vserver gis start
> ncontext: vc_net_create(): Invalid argument

looks like a problem with network contexts, do you
happen to still use dynamic contexts after several
years of deprecation?

please double check your config, the kernel should
work perfectly fine ...

> An error occured while executing the vserver startup sequence; when
> there are no other messages, it is very likely that the init-script
> (/etc/init.d/rc 3) failed.
> 
> Common causes are:
> * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build
>   method knows how to deal with this, but on existing installations,
>   appending 'true' to this file will help.
> 
> 
> Failed to start vserver 'gis'
> vplaystation:~# vserver --version
> vserver 0.30.212 -- manages the state of vservers
> This program is part of util-vserver 0.30.212
> 
> Now I'm building 2.6.19.7-vs2.2.0. But I can test it not before monday.
> 
> Thomas
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] New dedicated box for linux-vserver.org

[Herbert Poetzl]

On Wed, May 02, 2007 at 02:06:10PM +0200, Benedikt Boehm wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hi all,
> 
> as some of you may already have noticed, the web services have
> experienced some outages during the last weeks, mostly because the
> machine is heavily overloaded.
> 
> Fortunately my employer (www.newthinking-communications.de) has donated
> a dedicated box for the Linux-VServer project. I have just received the
> confirmation of our hoster, our new box is an Opteron 1218 Dual Core, 4G
>  RAM, 2x300G HDD, so it should be enough ;)

great news!
please make sure to add your employer to our
Hall'o'Fame and mention the machine there 

> I will announce the downtime for migration later this week, but expect
> it to take place sometime next week...

okay, maybe we should consider moving the mailing
list there too (sooner or later)

TIA,
Herbert

> Bene
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.3 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGOH6ymPFBzbX68WERAtEhAJkB8Al+x+l2vhmZI8Pispd1F7pmfQCeMdZy
> Z7ZL/vmM0ZGYrkQ+X/j2tng=
> =rX9N
> -END PGP SIGNATURE-
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: java crash in vserver...

[Herbert Poetzl]

On Wed, May 02, 2007 at 08:47:09AM +0200, Thomas Besser wrote:
> Herbert Poetzl wrote:
> 
> > On Tue, Apr 24, 2007 at 09:00:19PM +0200, Herbert Poetzl wrote:
> >> On Tue, Apr 24, 2007 at 11:07:29AM +0200, Thomas Besser wrote:
> >> > Herbert Poetzl wrote:
> >> > > On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
> >> > >> The above mentioned log and also a strace run is here:
> >> > >> http://www.archIT.uni-karlsruhe.de/geoserver/error.log
> >> > >> http://www.archIT.uni-karlsruhe.de/geoserver/strace.log
> >> > > 
> >> > > will look into that after my vacation ...
> >> > 
> >> > Perhaps you had little time to look into the error log?
> >> 
> >> not yet, but I'm online for today (despite my vacation :)
> >> so if you pay a visit to the IRC channel, we can take a
> >> quick look at it ...
> > 
> > back from my vacation now .. but the urls above give
> > 503 Service Unavailable ...
> 
> Works again.

could you try that on a release kernel, e.g.
2.6.19.7-vs2.2.0 or 2.6.20.11-vs2.2.0?

also, what about the ulimits inside the guest?

TIA,
Herbert

> > PS: you can find me on IRC :)
> 
> I will try it in the afternoon.
> 
> Regards
> Thomas
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] behavior i have never seen before

[Herbert Poetzl]

On Sun, Apr 29, 2007 at 07:46:46PM -0400, Chuck wrote:
> 
> it just started today. has been behaving before this. i have a vserver 
> configured to run cacti and nagios. oddly nagios runs, but does not show in 
> the process listing using ps ax. it once did. when i go to stop it with the 
> init scrip it says it cannot find the pid but if i run the init with stop 
> once more it stops it and it truly does.
> 
> it appears to be hiding somehow and it appears to function normally.
> 
> any clues? i don't know if this is an o/s problem that just developed or a 
> vserver situation or  a nagios configuration that i may have messed up 
> accidently or what.. stopping and starting the vserver does not make it 
> appear in the process listing although it is running.
> 
> im running gentoo on the host amd64
> 
> 2.6.19-vs2.2.0-rc2

let's try the final version (vs2.2.0) with a recent
2.6.19.7 kernel first, and see if the issue remains

> util-vserver-0.30.212-r2

won't hurt to try one of the 0.30.213 release candidates
too, just to make sure ...

TIA,
Herbert

> and a gentoo amd64 guest.
> 
> -- 
> 
> Chuck
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Sun, Apr 29, 2007 at 05:30:45PM -0400, Wenbin Zhang wrote:
> Actually I think the syscall error is because of strace on ARM, not because
> of vcmd.
> [EMAIL PROTECTED]:/work/test# ./vcmd
> wenbin print: num_cmd = 0, num_id = 0
> Illegal instruction
> 
> [EMAIL PROTECTED]:/work/test# strace -fF -o vcmd.trace ./vcmd
> syscall: unknown syscall trap 0xef000139
> 
> "unknow syscall" should be a strace bug, I think. The basic failure is
> becuase of "illegal instruction" during vserver(num_cmd, num_id, data)
> syscall.

well, the syscall trap looks fine, 313 is the syscall
on arm and it seems that util-vserver uses the same
implementation, so that should be fine too ...

you might get a warning at compile time, if that would
be interesting to have, otherwise something with your
toolchain could be wrong ...

best,
Herbert

> Thanks,
> Wenbin
> 
> 
> On 4/29/07, Wenbin Zhang <[EMAIL PROTECTED]> wrote:
> >
> >I traced the vcmd command. When the vcmd command is run and without
> >arguments, the error is:
> >syscall: unknown syscall trap 0xef000139
> >
> >This syscall error is occured while "num_ret = vserver(num_cmd, num_id,
> >data);" is executed. I guss ARM is using a different method to register new
> >syscall?
> >
> >Thanks,
> >Wenbin
> >
> >
> >On 4/29/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >>
> >> On Fri, Apr 27, 2007 at 01:02:34PM -0400, Wenbin Zhang wrote:
> >> > Hello, guys,
> >> >
> >> > This time I build a new Vserver enabled kernel and GPE package, now
> >> solved
> >> > the "Illegal instruction" on ARM.
> >> > But I tried "vcmd -i 42 -C ctx_create -- ps auxwww", it just simply
> >> > hung (but I can interrupt the command).
> >> > Any approach to solve this?
> >>
> >> strace -fF -o vcmd.trace vcmd
> >>
> >> > Btw, I tried below command for the vserver kernel, seems OK.
> >> > 1)[EMAIL PROTECTED]:/work/vcmd-0.08# cat /proc/virtual/info
> >> > VCIVersion: 0002:0002
> >> > VCISyscall: 313
> >> > VCIKernel:  0336
> >> >
> >> > 2) [EMAIL PROTECTED]:/work/vcmd-0.08# setattr --~hide /proc/uptime
> >> >
> >> > 3) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-stat
> >> > CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
> >> > 0   49 165.9M  63.9M   0m55s76   0m24s19  10m14s64 root server
> >> >
> >> > 4) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-info
> >> > Versions:
> >> >   Kernel: 2.6.16.13-vs2.0.3-rc1
> >> >   VS-API: 0x00020002
> >> > util-vserver: 0.30.212; Apr 17 2007, 18:47:18
> >> >
> >> > Features:
> >> >   CC: arm-angstrom-linux-gnueabi-gcc,
> >> > arm-angstrom-linux-gnueabi-gcc (GCC) 4.1.1
> >> >  CXX: arm-angstrom-linux-gnueabi-c++,
> >> > arm-angstrom-linux-gnueabi-c++ (GCC) 4.1.1
> >> > CPPFLAGS: ''
> >> >   CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
> >> > -funit-at-a-time'
> >> > CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
> >> > -fmessage-length=0 -funit-at-a-time'
> >> >   build/host: i686-pc-linux-gnu/arm-unknown-none
> >> > Use dietlibc: no (you have been warned)
> >> ~
> >>
> >> >   Build C++ programs: yes
> >> >   Build C99 programs: yes
> >> >   Available APIs: v13,net,v21
> >> >ext2fs Source: kernel
> >> >syscall(2) invocation: traditional
> >> >      vserver(2) syscall#: 313/fallback
> >> >
> >> > Paths:
> >> >   prefix:
> >> >sysconf-Directory: ${prefix}/etc
> >> >cfg-Directory: ${prefix}/etc/vservers
> >> > initrd-Directory: $(sysconfdir)/init.d
> >> >   pkgstate-Directory: ${prefix}/var/run/vservers
> >> >  vserver-Rootdir: /vservers
> >> >
> >> > Assumed 'SYSINFO' as no other option given; try '--help' for more
> >> > information.
> >> >
> >> > Seems everything is fine, but why vcmd cannot be run correctly?
> >>
> >> no idea, maybe a broken toolchain?
> >&g

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Fri, Apr 27, 2007 at 01:02:34PM -0400, Wenbin Zhang wrote:
> Hello, guys,
> 
> This time I build a new Vserver enabled kernel and GPE package, now solved
> the "Illegal instruction" on ARM.
> But I tried "vcmd -i 42 -C ctx_create -- ps auxwww", it just simply 
> hung (but I can interrupt the command).
> Any approach to solve this?

strace -fF -o vcmd.trace vcmd

> Btw, I tried below command for the vserver kernel, seems OK.
> 1)[EMAIL PROTECTED]:/work/vcmd-0.08# cat /proc/virtual/info
> VCIVersion: 0002:0002
> VCISyscall: 313
> VCIKernel:  0336
> 
> 2) [EMAIL PROTECTED]:/work/vcmd-0.08# setattr --~hide /proc/uptime
> 
> 3) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-stat
> CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
> 0   49 165.9M  63.9M   0m55s76   0m24s19  10m14s64 root server
> 
> 4) [EMAIL PROTECTED]:/work/vcmd-0.08# vserver-info
> Versions:
>   Kernel: 2.6.16.13-vs2.0.3-rc1
>   VS-API: 0x00020002
> util-vserver: 0.30.212; Apr 17 2007, 18:47:18
> 
> Features:
>   CC: arm-angstrom-linux-gnueabi-gcc,
> arm-angstrom-linux-gnueabi-gcc (GCC) 4.1.1
>  CXX: arm-angstrom-linux-gnueabi-c++,
> arm-angstrom-linux-gnueabi-c++ (GCC) 4.1.1
> CPPFLAGS: ''
>   CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W
> -funit-at-a-time'
> CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
> -fmessage-length=0 -funit-at-a-time'
>   build/host: i686-pc-linux-gnu/arm-unknown-none
> Use dietlibc: no (you have been warned)
~

>   Build C++ programs: yes
>   Build C99 programs: yes
>   Available APIs: v13,net,v21
>ext2fs Source: kernel
>syscall(2) invocation: traditional
>  vserver(2) syscall#: 313/fallback
> 
> Paths:
>   prefix:
>sysconf-Directory: ${prefix}/etc
>cfg-Directory: ${prefix}/etc/vservers
> initrd-Directory: $(sysconfdir)/init.d
>   pkgstate-Directory: ${prefix}/var/run/vservers
>  vserver-Rootdir: /vservers
> 
> Assumed 'SYSINFO' as no other option given; try '--help' for more
> information.
> 
> Seems everything is fine, but why vcmd cannot be run correctly? 

no idea, maybe a broken toolchain?

best,
Herbert

> (I can run vcmd correctly on my PC machine)
> 
> Thanks,
> Wenbin
> 
> On 4/27/07, Wenbin Zhang <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >On 4/26/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >>
> >> On Wed, Apr 25, 2007 at 12:40:12AM -0400, Wenbin Zhang wrote:
> >> > >
> >> > >
> >> > >> vcmd -i 42 -C ctx_create -- ps auxwww
> >> > >> vserver: ret = 0x002A (42)
> >> > >> USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
> >> COMMAND
> >> > >> root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps
> >> > >> auxwww
> >> > >>
> >> > >I downloaded the vcmd source, and crosscompiled it, then copy to the
> >> ARM
> >> > phone, however, when I tried to run the command, it cannot create the
> >> > process successfully, very strange...
> >> > when I run "vcmd -h", it can show the help, but  when I run " vcmd -i
> >> 42 -C
> >> > ctx_create -- ps auxwww", it just hung.
> >> > [EMAIL PROTECTED]:/work/vcmd- 0.08# ./vcmd -h
> >> > This is ./vcmd V0.08
> >> > options are:
> >> >  -hprint this help message
> >> >  -Adump data after syscall
> >> >  -Bdump data before syscall
> >> >
> >> > Btw, my ARM kernel is vserver enabled, I can find the
> >> > /proc/virtual/info does exist but it is an empty file.
> >>
> >> that sounds odd ...
> >>
> >> > I guess might be the vserver kernel module has some
> >> > problem, but I cannot figure out what it is, which is the
> >> > thing I am worrying about.
> >>
> >> there is no such thing as a Linux-VServer kernel module,
> >> so I'm pretty sure that is fine ...
> >>
> >> > Can you think of any ideas?
> >>
> >> maybe you compiled the wrong kernel?
> >> maybe your toolchain is broken?
> >>
> >> Not really, I compiled other package with my tool chain, that's fine, no
> >problem
> >However seems vserver kernel has some problems.
> >
> >[EMAIL PROTECTED]:/# vserver-info
> >Versions:
> >   Kernel: 2.6.16.13-vs2.0.3-rc1-ezx6
> >   VS-API: Illegal instruction
> >[EMAIL PROTECTED]:/# vserver-stat
> >Illegal instruction
> >
> >Strange, any possiblities?
> >
> >Thanks,
> >Wenbin
> >

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: java crash in vserver...

[Herbert Poetzl]

On Tue, Apr 24, 2007 at 09:00:19PM +0200, Herbert Poetzl wrote:
> On Tue, Apr 24, 2007 at 11:07:29AM +0200, Thomas Besser wrote:
> > Herbert Poetzl wrote:
> > > On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
> > >> The above mentioned log and also a strace run is here:
> > >> http://www.archIT.uni-karlsruhe.de/geoserver/error.log
> > >> http://www.archIT.uni-karlsruhe.de/geoserver/strace.log
> > > 
> > > will look into that after my vacation ...
> > 
> > Perhaps you had little time to look into the error log?
> 
> not yet, but I'm online for today (despite my vacation :)
> so if you pay a visit to the IRC channel, we can take a
> quick look at it ...

back from my vacation now .. but the urls above give
503 Service Unavailable ...

best,
Herbert
PS: you can find me on IRC :)

> best,
> Herbert
> 
> > Thanx for your help.
> > 
> > Thomas
> > 
> > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] ideal setup

[Herbert Poetzl]

On Thu, Apr 26, 2007 at 03:21:44PM -0500, Matthew Nuzum wrote:
> Hello, I've been using linux-vserver for years and years. I'm getting
> ready to put a couple servers into use and it seems things have
> changed greatly since I last configured it. Namely, you can do lots of
> cool stuff that couldn't be done before.
> 
> I'll admit, I'm using a budget colo facility. I want to keep my
> bandwidth down. To achieve this, I've connected the servers via eth1
> to each other to create a private lan. Ideally, all traffic between
> the hosts would use this lan. I first started struggling with the idea
> of setting up multihomed vhosts when I realized it was pure insanity
> to do so. It would be so much better to create all the vservers on the
> private lan segment and use the hosts as routers to the outside world.
> By using SNAT rules, I can keep all my vhost traffic quiet and I can
> even install different services on different vhosts. Smart, right? Am
> I on the right track here, or should I just use multi-homed vservers?
> Anyone here seen a scenario like this documented? I'd love to be able
> to stand on the shoulders of giants.
> 
> Additionally, I would love to use both quota and have the benefits of
> unification. I understand that to use quotas you need a separate
> filesystem. Of course, this makes unification impossible. So I had a
> bright idea.
> 
> Most of the user data, everything I think I need to count against
> quotas as a matter of fact, will be in /home. So what if I create a
> filesystem (loop for example) and somehow mount it so that it is /home
> in the vserver. Would this allow me to enable quotas on the /home area
> of the disk?

yep, but I'd suggest to use lvm volumes, because they
will give you better performance than loop files

> Lastly, what is the best way to share user accounts across several
> vservers? (possibly spanning two physical hosts) Best being simple,
> reliable, non resource intensive and secure.

on the same host: have the same filesystem
on different hosts: use a network based filesystem

HTH,
Herbert

> Thanks for your suggestions and help.
> 
> -- 
> Matthew Nuzum
> newz2000 on freenode
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Wed, Apr 25, 2007 at 12:40:12AM -0400, Wenbin Zhang wrote:
> >
> >
> >> vcmd -i 42 -C ctx_create -- ps auxwww
> >> vserver: ret = 0x002A (42)
> >> USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
> >> root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps
> >> auxwww
> >>
> >I downloaded the vcmd source, and crosscompiled it, then copy to the ARM
> phone, however, when I tried to run the command, it cannot create the
> process successfully, very strange...
> when I run "vcmd -h", it can show the help, but  when I run " vcmd -i 42 -C
> ctx_create -- ps auxwww", it just hung.
> [EMAIL PROTECTED]:/work/vcmd-0.08# ./vcmd -h
> This is ./vcmd V0.08
> options are:
>  -hprint this help message
>  -Adump data after syscall
>  -Bdump data before syscall
> 
> Btw, my ARM kernel is vserver enabled, I can find the
> /proc/virtual/info does exist but it is an empty file. 

that sounds odd ...

> I guess might be the vserver kernel module has some 
> problem, but I cannot figure out what it is, which is the
> thing I am worrying about. 

there is no such thing as a Linux-VServer kernel module,
so I'm pretty sure that is fine ...

> Can you think of any ideas?

maybe you compiled the wrong kernel?
maybe your toolchain is broken?

best,
Herbert

> Thanks,
> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [Release] Stable 2.2.0

[Herbert Poetzl]

On Wed, Apr 25, 2007 at 03:06:58PM +0200, ADNET Ghislain wrote:
> [EMAIL PROTECTED] a écrit :
> >Herbert Poetzl a écrit :
> >>Greetings Community!
> >>
> >>after a longer rc stage, to get rid of all the
> >>minor issues, we proudly present the first release
> >>of the new stable 2.2 branch, which includes all
> >>the 'considered stable' features of the previous
> >>devel branch (2.1.x) which has been superceded by
> >>the 2.3.x devel branch ...
> >>
> >>http://www.13thfloor.at/vserver/s_rel26/v2.2.0/
> >>(tools supposed to work fine on Mandriva 2007.x)
> >>
> >>thanks to all who helped in development and did
> >>test the release candidates ...
> >>
> >>enjoy,
> >>Herbert
> >>
> 
> should that be on the vserver website also ? :)

yep, it is, on the main page IIRC :)

http://linux-vserver.org/

> i am not too familiar with the wiki to add it myself
> as i tried and failed ;)

np ...
best,
Herbert

> -- 
> Cordialement,
> Ghislain
> 



> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Tue, Apr 24, 2007 at 02:18:57PM -0400, Wenbin Zhang wrote:
> On 4/24/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >
> >On Tue, Apr 24, 2007 at 11:43:54AM -0400, Wenbin Zhang wrote:
> >> >
> >> >> For example, I use below command to create the guest:
> >> >> #/sbin/vserver va780 build -m rpm --context 43 --hostname=va780
> >> >--interface
> >> >> va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase
> >/vserver1/.pkg
> >> >--
> >> >> -d fc6
> >> >
> >> >this is one of them, although it has some bugs, like the
> >> >--hostname= which should be --hostname va780.some.domain
> >>
> >>
> >> The other ways mean vcmd, right?
> >> But I reviewed the page
> >> http://linux-vserver.org/VCMD_HowTo
> >>
> >> Seems no way to create isolated process, right?
> >
> >why do you think so? vcmd can do everything necessary
> >for context isolation and context setup (for both,
> >process and network contexts)
> >
> >vcmd -i 42 -C ctx_create -- ps auxwww
> >vserver: ret = 0x002A (42)
> >USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
> >root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps auxwww
> >
> >Thanks! That's pretty good.

> One more question, If I create 3 vserver processes by this way, and I
> allow the 3 processes can access only certain files in my machine, for
> example, only 4 files on my systems.

> Can I group the 3 processes and 4 files together? 

yes, somewhat ...

> say, they can see each other on their vserver domain, but they will
> not be accessible by other program on my host machine?

no, as the host context is also the admin context,
it will have access to those processes and files in
some way ... but you can keep them separate from 
eachother or another group of processes ...

> Thanks,
> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: java crash in vserver...

[Herbert Poetzl]

On Tue, Apr 24, 2007 at 11:07:29AM +0200, Thomas Besser wrote:
> Herbert Poetzl wrote:
> > On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
> >> The above mentioned log and also a strace run is here:
> >> http://www.archIT.uni-karlsruhe.de/geoserver/error.log
> >> http://www.archIT.uni-karlsruhe.de/geoserver/strace.log
> > 
> > will look into that after my vacation ...
> 
> Perhaps you had little time to look into the error log?

not yet, but I'm online for today (despite my vacation :)
so if you pay a visit to the IRC channel, we can take a
quick look at it ...

best,
Herbert

> Thanx for your help.
> 
> Thomas
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Tue, Apr 24, 2007 at 11:43:54AM -0400, Wenbin Zhang wrote:
> >
> >> For example, I use below command to create the guest:
> >> #/sbin/vserver va780 build -m rpm --context 43 --hostname=va780
> >--interface
> >> va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg
> >--
> >> -d fc6
> >
> >this is one of them, although it has some bugs, like the
> >--hostname= which should be --hostname va780.some.domain
> 
> 
> The other ways mean vcmd, right?
> But I reviewed the page
> http://linux-vserver.org/VCMD_HowTo
> 
> Seems no way to create isolated process, right?

why do you think so? vcmd can do everything necessary
for context isolation and context setup (for both,
process and network contexts)

vcmd -i 42 -C ctx_create -- ps auxwww
vserver: ret = 0x002A (42)
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME COMMAND
root 11780  0.0  0.0   1944   672 pts/2R+   13:35   0:00 ps auxwww

best,
Herbert

> >#vserver va780 enter
> >>
> >> What's your mean "get the Linux-VServer isolation working", I guess we
> >> definitely need build a guest, right?
> >
> >no, guests are complex and specialized forms of the
> >modular isolation (processes, networking, filesystem) ...
> >
> >> What's the vcmd doing?
> >
> >it issues all kinds of Linux-VServer syscall commands
> >and thus allows to utilize the complete Linux-VServer API
> 
> 
> Thanks :-) Any detailed documents other than
> http://linux-vserver.org/VCMD_HowTo ?
> 
> >I hardly can find downloadable source/binary for vcmd.
> >
> >you must have been hardly looking then :)
> >
> >http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2
> 
> 
> Thanks ..
> 
> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Tue, Apr 24, 2007 at 09:05:28AM -0400, Wenbin Zhang wrote:
> Btw, Anybody run Vserver successfully on Arm phone? I am using a Moto
> E680i phone, with GPE or OPIE installed, and very doubt vserver can
> run on my platform...

if you send me a phone, I will gladly install the
necessary stuff to create a Linux-VServer guest
there and test that everything works :)

best,
Herbert

> Thanks,
> Wenbin
> 
> On 4/24/07, Wenbin Zhang <[EMAIL PROTECTED]> wrote:
> >
> >Hi Martin,
> >
> >FC6 has not been ported to ARM. I tried "-d fc6", that does not work. But
> >what should be used for "-d" option on ARM? Thank you very much!
> >
> >Thanks,
> >Wenibn
> >
> >On 4/24/07, Martin <[EMAIL PROTECTED]> wrote:
> >>
> >> On Mon, 2007-04-23 at 11:33 -0400, Wenbin Zhang wrote:
> >> > Now I am using "-d fc6" to build the guest.
> >> Has Fedora Core 6 been ported to ARM?  I didn't think it had been.
> >> Obviously I'm missing something.
> >>
> >> Cheers,
> >> - Martin
> >>
> >>
> >>
> >

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Mon, Apr 23, 2007 at 04:14:49PM -0400, Wenbin Zhang wrote:
> >well, depends on _what_ you install and _what_ you
> >actually need, complete kernel and userspace to
> >get the Linux-VServer isolation working should be
> >doable without any libraries and external tools,
> >just with something like vcmd, but if you want the
> >full userspace stuff, including legacy and guest
> >building (which I consider extreme for a phone)
> >you'll have to provide a bunch of tools and libs
> >too ...
> 
> 
> Hello, Thank you very much for your response.
> I just want to build the vserver guest, and can login the guest.

well, there are many different ways to 'build' a guest

> For example, I use below command to create the guest:
> #/sbin/vserver va780 build -m rpm --context 43 --hostname=va780 --interface
> va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg --
> -d fc6

this is one of them, although it has some bugs, like the
--hostname= which should be --hostname va780.some.domain

> #vserver va780 enter
> 
> What's your mean "get the Linux-VServer isolation working", I guess we
> definitely need build a guest, right?

no, guests are complex and specialized forms of the
modular isolation (processes, networking, filesystem) ...

> What's the vcmd doing? 

it issues all kinds of Linux-VServer syscall commands
and thus allows to utilize the complete Linux-VServer API

> I hardly can find downloadable source/binary for vcmd.

you must have been hardly looking then :)

http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2

best,
Herbert

> Thanks,
> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Mon, Apr 23, 2007 at 11:33:12AM -0400, Wenbin Zhang wrote:
> Now I am using "-d fc6" to build the guest. After this, I found
> vserver need lots of supporting program:
>
> bzip2, cmp, rpm, yum, python, I have to cross compile them one by
> one and install them in the phone. Now I still found it need some
> libraries supporting, like libstdc++.so.6.. etc. Maybe it still need
> more libraries, any idea? I don't know whether I can make vserver work
> on phone, it seems too complicated.

well, depends on _what_ you install and _what_ you
actually need, complete kernel and userspace to
get the Linux-VServer isolation working should be
doable without any libraries and external tools,
just with something like vcmd, but if you want the
full userspace stuff, including legacy and guest
building (which I consider extreme for a phone)
you'll have to provide a bunch of tools and libs
too ...

best,
Herbert

> Thanks,
> Wenbin
> 
> On 4/20/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >
> >On Fri, Apr 20, 2007 at 12:01:26PM -0400, Wenbin Zhang wrote:
> >> Hi Herbert and Martin,
> >>
> >> Now I solved the getopt problem with recompiling the util-vserver
> >package
> >> for ARM, thanks!
> >>
> >> Now The vserver script seems can run,
> >> [EMAIL PROTECTED]:/sbin# vserver
> >> Usage: /sbin/vserver 
> >>
> >{start|stop|suexec|restart|condrestart|exec|enter|chkconfig|running|status|delete}
> >>
> >> However, I tried to run
> >> #vserver va780 build -m yum --context 43 --hostname=va780 --interface
> >~~~
> >> va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg
> >--
> >> -d gpe
> >
> >you probably have to 'define' that distro first,
> >at least I don't think it is present in the defaults
> >
> >> to create a vserver, it told me:
> >> ERROR: Can not find configuration for the distribution 'a780';
> >>  please read http://linux-vserver.org/HowToRegisterNewDistributions
> >>  for information how to add support for your own distribution.
> >>
> >> However, if I remove the "-d" option, it told me:
> >> ERROR: Can not determine distribution; please specify it manually with
> >>  the '-d' option.
> >>
> >> Any ideas? What distribution should be used for Arm? thanks!
> >
> >you could try debian?
> >
> >best,
> >Herbert
> >
> >> Wenbin
> >>
> >> On 4/20/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >> >
> >> >On Fri, Apr 20, 2007 at 09:35:13AM -0400, Wenbin Zhang wrote:
> >> >> Hi All,
> >> >>
> >> >> Anybody has experiences for Vserver on ARM? I have lots of problems
> >> >> for this.
> >> >
> >> >yep, seems to works fine here ...
> >> >
> >> >> Firstly I compiled the kernel with Vserver, then compiled the
> >> >> util-vserver. However I haven't made the util-vserver run on my Arm
> >> >> phone. The first reason is my arm phone doesnot support Bash while
> >> >> vserver script is based on Bash. Then I installed the Arm Bash on my
> >> >> phone. The next problem is getopt. 'Getopt' is required for Vserver
> >> >> script, but I cannot find a good Getopt source and compile it on Arm.
> >> >
> >> >the getopt is a standalone tool which is part of
> >> >util-linux (so it should be easy to rebuild that
> >> >for arm) alternatively you can use the bash bult-
> >> >in getopts ...
> >> >
> >> >> And I also noticed duing Vserver setup phase, the program need
> >connect
> >> >> with outside to download some package.
> >> >
> >> >not really, but it depends on the build method
> >> >e.g. template based build methods will not need
> >> >any network access, while network :) based ones
> >> >will 
> >> >
> >> >> I still haven't find an easy way to connect the Arm phone with
> >> >> internet.
> >> >
> >> >should be fairly trivial via bluetooth, just make
> >> >a pairing with a laptop and configure the network
> >> >to route over it, and masquerade the phone's ip
> >> >(probably private) ...
> >> >
> >> >> I am still thinking.. Anybody can share some experiences for
> >> >> this? thanks!
> >> >
> >> >best,
> >> >Herbert
> >> >
> >> >> Wenbin
> >> >
> >> >> ___
> >> >> Vserver mailing list
> >> >> Vserver@list.linux-vserver.org
> >> >> http://list.linux-vserver.org/mailman/listinfo/vserver
> >> >
> >> >
> >
> >> ___
> >> Vserver mailing list
> >> Vserver@list.linux-vserver.org
> >> http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> >

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] bastion host

[Herbert Poetzl]

On Mon, Apr 23, 2007 at 11:52:10AM +0200, Baltasar Cevc wrote:
> Hi Gislain,
> 
> On 23.04.2007, at 09:27, ADNET Ghislain wrote:
> >I run vserver to isolate webserver from the real host. From time to  
> >time i have a process than run wild and block everything. I cannot  
> >even connect (ssh) to the Host. Which would be the more efficient  
> >way to configure the system so that vservers cannot prevent the  
> >host to work even if they are at max disk/network/cpu usage.
> >
> >
> > The host itself does only run ssh and some monitoring tool. So it  
> >stay idle most of the time.
> >
> > The goal is to allways be able to connect to the host and manage  
> >things from here to recover from issues. What "best practice" do  
> >you use with vservers to acheive this goal ?
> 
> You'll have to configure resource limits -  see the following wiki  
> pages for details:
>  - http://linux-vserver.org/Resource_Limits
>  - http://linux-vserver.org/Memory_Limits
> 
> However, there's one thing I wasn't able to cure using these: when  
> guest and host use the same HDD, the host can become horribly slow  
> when a guest does serious IO (I had that problem on a machine with a  
> single PATA drive). This did'nt prevent a login, though, the only  
> thing was everything was painfully slow when the machine was 99%  
> waiting for IO.

enabling cfq I/O scheduler should help a lot here
as it is adjusted based on the context information

best,
Herbert

> Baltasar
> 
> 
> ((( Baltasar Cevc
> 
> 
> ) World wide web:
>   # http://www.openairkino.net/ (a project for the local youth;  
> German only)
>   # http://technik.juz-kirchheim.de/ (programming and admin projects)
>   # http://baltasar.cevc-topp.de/ (private homepage)
> ) Phone:
>   +49 176 23 22 08 22
> )
> 
> 



> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] "vnamespace -e 666 mount" changed behaviour, guest mounts no longer displayed

[Herbert Poetzl]

On Sat, Apr 21, 2007 at 12:45:13AM +0200, Oliver Welter wrote:
> Hi Folks,
> 
> I used the chance to upgrade my boxes and ran into one big issue now:
> 
> I use nagios to monitor my disks, the setup is done like follows:
> 
> * I have one partition per vserver guest
> * the partition is mounted into the guest via the guests fstab 
> (/dev/drbd/www1  /data  ext3  defaults 0 0)
> 
> I used "vnamespace -e  check_disk www1" which runs a nagios script 
> in the namespace of the guest. The nagiso script basically runs a 
> "mount" and greps the output.
> 
> Now, ergh - what happens:
> 
> Old behaviour:
>Kernel: 2.6.15.4-vs2.1.1-rc6-gentoo
>VS-API: 0x00020001
>  util-vserver: 0.30.210; Feb 17 2006, 22:32:37
> 
> 
> box$ vnamespace -e www2 mount
> ...lot of mounts on the root box

that will show whatever is in /etc/mtab, not the 
actual mounts, which are in /proc/mounts

> /dev/drbd/www2 on /vservers/www2/data type ext3 (rw,nodev,data=ordered)
> tmpfs on /vservers/www2/dev type tmpfs (rw)
> none on /vservers/www2/proc type proc (rw,nodiratime,nodev)
> 
> 
> New behaviour:
>Kernel: 2.6.20-vs2.2.0-gentoo
>VS-API: 0x00020200
>  util-vserver: 0.30.212; Apr  9 2007, 02:27:57
> 
> box$ vnamespace -e www1 mount
> ...lot of mounts on the root box
> tmpfs on /vservers/wwwtemplate/dev type tmpfs (rw,size=100k)
> tmpfs on /vservers/netqmail/dev type tmpfs (rw,size=100k)
> 
> The drbd mount is missing, though the nagios script fails.

> Any ideas ???

well, first, where is the mount done?
i.e. on the host or inside the guest?

TIA,
Herbert

> Oliver
> -- 
> Diese Nachricht wurde digital unterschrieben
> oliwel's public key: http://www.oliwel.de/oliwel.crt
> Basiszertifikat: http://www.ldv.ei.tum.de/page72
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Fri, Apr 20, 2007 at 12:01:26PM -0400, Wenbin Zhang wrote:
> Hi Herbert and Martin,
> 
> Now I solved the getopt problem with recompiling the util-vserver package
> for ARM, thanks!
> 
> Now The vserver script seems can run,
> [EMAIL PROTECTED]:/sbin# vserver
> Usage: /sbin/vserver 
> {start|stop|suexec|restart|condrestart|exec|enter|chkconfig|running|status|delete}
> 
> However, I tried to run
> #vserver va780 build -m yum --context 43 --hostname=va780 --interface
~~~
> va7800=eth0:192.168.1.2/24 --rootdir /vserver1 --pkgbase /vserver1/.pkg --
> -d gpe

you probably have to 'define' that distro first,
at least I don't think it is present in the defaults

> to create a vserver, it told me:
> ERROR: Can not find configuration for the distribution 'a780';
>  please read http://linux-vserver.org/HowToRegisterNewDistributions
>  for information how to add support for your own distribution.
> 
> However, if I remove the "-d" option, it told me:
> ERROR: Can not determine distribution; please specify it manually with
>  the '-d' option.
> 
> Any ideas? What distribution should be used for Arm? thanks!

you could try debian?

best,
Herbert

> Wenbin
> 
> On 4/20/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >
> >On Fri, Apr 20, 2007 at 09:35:13AM -0400, Wenbin Zhang wrote:
> >> Hi All,
> >>
> >> Anybody has experiences for Vserver on ARM? I have lots of problems
> >> for this.
> >
> >yep, seems to works fine here ...
> >
> >> Firstly I compiled the kernel with Vserver, then compiled the
> >> util-vserver. However I haven't made the util-vserver run on my Arm
> >> phone. The first reason is my arm phone doesnot support Bash while
> >> vserver script is based on Bash. Then I installed the Arm Bash on my
> >> phone. The next problem is getopt. 'Getopt' is required for Vserver
> >> script, but I cannot find a good Getopt source and compile it on Arm.
> >
> >the getopt is a standalone tool which is part of
> >util-linux (so it should be easy to rebuild that
> >for arm) alternatively you can use the bash bult-
> >in getopts ...
> >
> >> And I also noticed duing Vserver setup phase, the program need connect
> >> with outside to download some package.
> >
> >not really, but it depends on the build method
> >e.g. template based build methods will not need
> >any network access, while network :) based ones
> >will 
> >
> >> I still haven't find an easy way to connect the Arm phone with
> >> internet.
> >
> >should be fairly trivial via bluetooth, just make
> >a pairing with a laptop and configure the network
> >to route over it, and masquerade the phone's ip
> >(probably private) ...
> >
> >> I am still thinking.. Anybody can share some experiences for
> >> this? thanks!
> >
> >best,
> >Herbert
> >
> >> Wenbin
> >
> >> ___
> >> Vserver mailing list
> >> Vserver@list.linux-vserver.org
> >> http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> >

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] suse/fedora on a as a VPS

[Herbert Poetzl]

On Fri, Apr 20, 2007 at 04:58:56PM +0200, Daniel wrote:
> Hi all,
> 
> i tryid to install fedora for a vps on my host.
> I do i like:
> 
> vhost04:~# vserver test0 build -m apt-rpm --hostname test0.nowhe.re 
> --interface 10.0.1.0 --netdev eth0 --netprefix 23 --context 42 -- -d fc4
> 
> then i get follwing errors:
> 
> ***  rpm-fake-resolver was built with glibc;  please do  ***
> ***  not report errors before trying a dietlibc version. ***
~~

> ***  rpm-fake-resolver was built with glibc;  please do  ***
> ***  not report errors before trying a dietlibc version. ***
~~

> rpm-fake-resolver: vc_ctx_migrate(): No such process
> rpm-fake.so: failed to initialize communication with resolver
> 
> 
> any1 know how i can fix it?

what part of 'please do not report errors before trying a 
dietlibc version' was hard to understand?

best,
Herbert
> 
> -- 
> Mit freundlichen Grüßen
> Daniel
> mailto:[EMAIL PROTECTED]
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Herbert Poetzl]

On Fri, Apr 20, 2007 at 09:35:13AM -0400, Wenbin Zhang wrote:
> Hi All,
> 
> Anybody has experiences for Vserver on ARM? I have lots of problems
> for this.

yep, seems to works fine here ...

> Firstly I compiled the kernel with Vserver, then compiled the
> util-vserver. However I haven't made the util-vserver run on my Arm
> phone. The first reason is my arm phone doesnot support Bash while
> vserver script is based on Bash. Then I installed the Arm Bash on my
> phone. The next problem is getopt. 'Getopt' is required for Vserver
> script, but I cannot find a good Getopt source and compile it on Arm.

the getopt is a standalone tool which is part of
util-linux (so it should be easy to rebuild that
for arm) alternatively you can use the bash bult-
in getopts ...

> And I also noticed duing Vserver setup phase, the program need connect
> with outside to download some package. 

not really, but it depends on the build method
e.g. template based build methods will not need
any network access, while network :) based ones
will 

> I still haven't find an easy way to connect the Arm phone with
> internet. 

should be fairly trivial via bluetooth, just make
a pairing with a laptop and configure the network
to route over it, and masquerade the phone's ip
(probably private) ...

> I am still thinking.. Anybody can share some experiences for
> this? thanks!

best,
Herbert

> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Linux-VServer Live CD?

[Herbert Poetzl]

On Fri, Apr 20, 2007 at 01:27:42AM -0400, Daniel Clark wrote:
> Has anyone made a LiveCD for Linux-VServer?

as mentioned on IRC, Knoppix should have some support
for booting a Linux-VServer enabled kernel, although
I do not have the details and/or know what version ...

> If not, any hints/tips/warnings/recommendations for an OS base?
> 
> I am looking for a way to demo a client/server application, and
> Linux-VServer with the vunify functionality at first glance looks
> like it could be ideal.
> 
> The CD itself would have the minimal OS and vserver-enabled kernel,
> and vunifiy-ed filesystems of the server and clients (which wouldn't
> differ by that much), and any changes during the run would be written
> to ramdisk.
> 
> Based on a previous thread it sounded like Linux-VServer has its own
> Copy-on-Write (CoW) functionality, removing the need for unionfs/aufs
> for the virtual machines themselves (although I assume you'd still
> want it enabled in a small ram disk for the rest of the CD).

yes and no, CoW Link Breaking is there, which is probably
not what you have in mind when you talk about unionfs ...

i.e. it allows you to have hard linked files on a read-write
filesystem which will be copied (on demand) by the kernel 
when written to ...

nevertheless, I can easily imagine having a tmpfs based
demo setup with a bunch of Linux-VServer guests (they can
be as small as 20MB, but usually will take 180-220MB)
utilizing unification to run a number of them (10-30)
completely from RAM ...

so keep brain storming/asking/checking ...

best,
Herbert

> -- 
> Daniel Clark # http://dclark.us # http://opensysadmin.com
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Vserver and VRF support

[Herbert Poetzl]

On Sat, Apr 14, 2007 at 10:51:31AM +0200, Benny Amorsen wrote:
> > "DHZ" == Daniel Hokka Zakrisson <[EMAIL PROTECTED]> writes:
> 
> DHZ> Albert Mak (almak) wrote:
> >> Is there any work done to make Vserver work with VRF? -Albert
> 
> DHZ> Meaning multiple routing tables? That's already the recommended
> DHZ> way to set different default routes for the guests. Works the
> DHZ> same way they do in Linux.
> 
> It would be very useful to be able to say that traffic from a
> particular vserver needs to go through a particular routing table.

> Right now you have to match on IP address.

that is what IP level isolation is about, separating
networking by IPs ...

> OpenVZ is nicer for this, because each guest gets its own routing
> table which can be manipulated with the normal ip route ... commands.

and as it uses a separate network stack for each guest,
it also adds roughly twice the overhead to networking,
and consumes more than twice the amount of resources ...

> Even policy routing is supported.

not everybody wants/needs virtualized network stacks,
actually only a few, non ip based apps require it to
work properly, but mainline will provide layer 2
virtualization (in addition to the layer 3 isolation
Linux-VServer does) soon, and of course we will support
that too ...

so in the near future you can decide if you prefer to
have a virtual network stack with significant overhead
or just IP isolation with no measureable overhead ...

best,
Herbert

> /Benny
> 
> 
> ___
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

[Herbert Poetzl]

On Sat, Apr 14, 2007 at 11:52:22AM +0200, Thorsten Büker wrote:
> Hi Herbert,
> 
> Btw, in the meantime I noticed that "netstat -pantu" neither outputs 
> any listening daemons nor any connections -- independent of the version 
> of used util-vserver. With the old 2.6.17.14 kernel, this command 
> worked fine. Did anyone struggle about the same behaviour?
 inside a guest or where?
>>> Inside the guest, yes.
>>
>> could you try with vs2.2.0 without grsec?

> Unfortunately (well, indeed not unfortunately ;-)) the concerned 
> machines run in productive state, so I'm not eager rebooting them using 
> another kernel. Is there any other way to produce a helpful hint on the 
> netstat issue?

you can try to do strace -fF -o netstat.trace netstat -pantu
and check/upload the resulting netstat.trace file somewhere
maybe it gives some clue to the folks combining Linux-VServer
with grsec ...

> If not, I might build a kernel without grsec and test it in the late 
> evening.

if it happens with vs2.2.0 (without any other patches) then
it is considered a Linux-VServer issue/bug and will be fixed

here on a test server with vs2.2.0, I get the following:
 
# netstat -pantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address   Foreign Address 
State   PID/Program name   
tcp0  0 10.0.0.1:10026  0.0.0.0:*   
LISTEN  32480/master
tcp0  0 10.0.0.1:80 0.0.0.0:*   
LISTEN  32467/httpd 
tcp0  0 10.0.0.1:5432   0.0.0.0:*   
LISTEN  32146/postmaster
tcp0  0 10.0.0.1:25 0.0.0.0:*   
LISTEN  32480/master
udp0  0 10.0.0.1:34300  10.0.0.1:34300  
ESTABLISHED 32146/postmaster

HTH,
Herbert

> kind regards,
>   Thorsten
> ___
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] java crash in vserver...

[Herbert Poetzl]

On Fri, Apr 13, 2007 at 09:30:32AM +0200, Thomas Besser wrote:
> Hi,
> 
> I'm trying to install 'geoserver' (http://geoserver.org, written in Java,
> version 1.5.0-rc4) into a linux vserver (host and guest debian etch).
> 
> On a fresh installed and native etch box this installation runs without
> problems, so the problem seems to be vserver specific.
> 
> Installation crashes with an java error in conjunction with libc, as far as
> I understand the error output:

first, check it on the host, maybe you have changed
certain settings in the kernel which are affecting
this specific application

> 3510 [INFO] org.geotools.referencing.factory.epsg.HSQLDataSource - Creating
> cached EPSG database. It may take a few minutes.
> #
> # An unexpected error has been detected by HotSpot Virtual Machine:
> #
> #  SIGBUS (0x7) at pc=0xb7e43ccf, pid=24680, tid=3084740832
> #
> # Java VM: Java HotSpot(TM) Client VM (1.5.0_10-b03 mixed mode, sharing)
> # Problematic frame:
> # C  [libc.so.6+0x6cccf]  memcpy+0x2f
> #
> # An error report file with more information is saved as hs_err_pid27177.log

then, make sure that the gust installation is 
identical to the 'native etch box', i.e. contains
all the libraries and stuff ...

> # If you would like to submit a bug report, please visit:
> #   http://java.sun.com/webapps/bugreport/crash.jsp
> #
> 
> Are there any known problems with java applications in vserver?
> http://linux-vserver.org/Problematic_Programs says nothing about java.

none we would know of ...

> I tested it also with several JDK's directly from SUN (also jdk1.6), always
> the same error. Also I tested another java application (ApacheDS) without
> problems.
> 
> The above mentioned log and also a strace run is here:
> http://www.archIT.uni-karlsruhe.de/geoserver/error.log
> http://www.archIT.uni-karlsruhe.de/geoserver/strace.log

will look into that after my vacation ...

best,
Herbert

> Any hints what could be done for getting more informations for
> troubleshooting?
> 
> Thanx in advance...
> Thomas
> 
> ___
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

[Herbert Poetzl]

On Wed, Apr 11, 2007 at 04:55:11PM +0200, Thorsten Büker wrote:
> 
>>> Btw, in the meantime I noticed that "netstat -pantu" neither outputs any 
>>> listening daemons nor any connections -- independent of the version of 
>>> used util-vserver. With the old 2.6.17.14 kernel, this command worked 
>>> fine. Did anyone struggle about the same behaviour?
>> 
>> inside a guest or where?
> 
> Inside the guest, yes.

could you try with vs2.2.0 without grsec?

TIA,
Herbert

> kind regards,
>   Thorsten
> ___
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Roadmap

[Herbert Poetzl]

On Tue, Apr 03, 2007 at 07:06:39PM +0200, Jaroslav Tomecek wrote:
> Hi,

> I am looking for some roadmap and plans of future development
> of Linux-VServer. Could you give me a hand?

there are many areas we will work on in the future,
but ATM, the main focus is on mainline (kernel.org)
virtualization and isolation, and to make sure that
it doesn't add unnecessary overhead ...

best,
Herbert

PS: Linux-VServer development is mostly event driven,
and I guess that will stay so in the future ...

> Thx, Jarda
> 
> ___
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10

[Herbert Poetzl]

On Tue, Apr 10, 2007 at 08:58:59PM +0200, Thorsten Büker wrote:
> Hi Daniel, hi list,
> 
> >And that's the only thing you changed? It's the exact same kernel, with 
> >the same configuration?
> 
> Yes, it's the 2.6.19.7 kernel with an unchanged configuration -- just 
> replaced the util-vserver package.
> 
> Btw, in the meantime I noticed that "netstat -pantu" neither outputs any 
> listening daemons nor any connections -- independent of the version of 
> used util-vserver. With the old 2.6.17.14 kernel, this command worked 
> fine. Did anyone struggle about the same behaviour?

inside a guest or where?

TIA,
Herbert

> kind regards,
>   Thorsten
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] How to unsubscribe? http://list.linux-vserver.org/mailman/listinfo/vserver doesn't work...

[Herbert Poetzl]

On Thu, Apr 05, 2007 at 04:19:58PM +0200, Guenther Fuchs wrote:
> Hi there,
> 
> on Thursday, April 5, 2007 at 3:20:04 PM there was posted:
> 
> MSZ> The directions included (as a header on every mail) from the list mailer 
> is:
> 
> MSZ> List-Unsubscribe:
> MSZ> 
> 
> You're right, my post had the incorrect mailing adress as the folder
> rules changed it locally.
> 
> MSZ> If that header is correct then;
> MSZ> Send an empty mail from the subscribed address to:
> MSZ> [EMAIL PROTECTED]
> MSZ> with the subject: unsubscribe
> 
> The header is correct. Beside that (@bertl): list.linux-vserver.org
> should work though, it seems only, the httpd has died there for some
> reason.

it was reported to our Mailing List manager a week
ago now .. I hope he soon finds the time to take
a look now soon ...

best,
Herbert

> -- 
> regards 'n greez,
> 
> Guenther Fuchs
> (aka "muh" and "powerfox")
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [Release] Stable 2.2.0

[Herbert Poetzl]

On Sun, Apr 01, 2007 at 03:15:37PM -0400, Chuck wrote:
> On Sunday 01 April 2007 12:33, Herbert Poetzl wrote:
> 
> 
> dumb question. i didnt see it in the changelog but then
> again i may not know what i am looking at :)
> 
> 1. will production vserver code soon have real 127.0.0.1
>unique to each guest?

probably, I guess 2.2.1 will have that ...

>this is something that is sorely needed to prevent hours
>of possibly insecure workarounds with some software.

I am not aware of many software packages which
would require any changes to work with the
current implementation (in this regard)

> 2. this looks like the production version of what we are 
>currently running... 

> util-vserver 0.30.212-r2
> kernel 2.6.19-vs2.2.0-rc2

> I suspect an upgrade to production would not hurt us considering our
> kernel version.. i guess my question is would it be a seamless upgrade
> for us to production? 

I hope so ...

> i would probably bump the kernel to 2.6.20 at the same time.

2.6.19.7 and 2.6.20.4 should be both fine, but
a lot of minor issues were ironed out between
rc2 and final (rc21+ :) same goes for the tools
btw, which are at 0.30.213-rc6

HTC,
Herbert

> > Greetings Community!
> > 
> > after a longer rc stage, to get rid of all the
> > minor issues, we proudly present the first release
> > of the new stable 2.2 branch, which includes all
> > the 'considered stable' features of the previous
> > devel branch (2.1.x) which has been superceded by
> > the 2.3.x devel branch ...
> > 
> > http://www.13thfloor.at/vserver/s_rel26/v2.2.0/
> > (tools supposed to work fine on Mandriva 2007.x)
> > 
> > thanks to all who helped in development and did
> > test the release candidates ...
> > 
> > enjoy,
> > Herbert
> > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> 
> -- 
> 
> Chuck
> 
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose 
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] [Release] Stable 2.2.0

[Herbert Poetzl]

Greetings Community!

after a longer rc stage, to get rid of all the
minor issues, we proudly present the first release
of the new stable 2.2 branch, which includes all
the 'considered stable' features of the previous
devel branch (2.1.x) which has been superceded by
the 2.3.x devel branch ...

http://www.13thfloor.at/vserver/s_rel26/v2.2.0/
(tools supposed to work fine on Mandriva 2007.x)

thanks to all who helped in development and did
test the release candidates ...

enjoy,
Herbert

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] CIFS-mounts in vserver guests

[Herbert Poetzl]

On Fri, Mar 30, 2007 at 08:21:15AM +0200, Wilhelm Meier wrote:
> Am Freitag, 30. März 2007 schrieb Herbert Poetzl:
> > okay, good, first step, please try with vs2.2.0-rc21
> > maybe it started working in the meantime :)
> 
> O.k., I tried with vs2.3.0.11, but no luck (should I do also with 
> 2.2.0-rc21 ?):

yes, definitely, that was what I suggested :)

> vs115 ~ # uname -a
> Linux vs115 2.6.20-vs2.3.0.11-gentoo #1 SMP Tue Mar 27 20:23:08 CEST 2007 
> i686 
> Intel(R) Pentium(R) M processor 1200MHz GenuineIntel GNU/Linux
> 
> I gave the mount-ccaps:
> 
> gs vs115 # cat ccapabilities
> binary_mount
> secure_mount
> 
> And then I also tried with SYS_ADMIN bcaps (shouldn't be needed):
> 
> gs vs115 # cat bcapabilities
> SYS_ADMIN
> 
> gs vs115 # cat /proc/virtual/115/status
> UseCnt: 11
> Tasks:  4
> Flags:  000602020010
> BCaps:  346c05ff
> CCaps:  00050101
> Spaces: 0c020200
> gs vs115 #
> 
> Following is an excerpt from trace of mount.cifs:
> 
> ioctl(3, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon echo ...}) 
> = 0
> close(3)= 0
> munmap(0xb7ee8000, 4096)= 0
> mount("//192.168.2.3/public", "/mnt", "cifs", 
> MS_MANDLOCK, "unc=//192.168.2.3\\public,ip=192."...) = -1 ENOMEM (Cannot 
> allocate memory)
> fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 2), ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
> 0xb7ee8000
> write(1, "mount error 12 = Cannot allocate"..., 40mount error 12 = Cannot 
> allocate memory
> ) = 40
> write(1, "Refer to the mount.cifs(8) manua"..., 60Refer to the mount.cifs(8) 
> manual page (e.g.man mount.cifs)
> ) = 60
> exit_group(-1)  = ?
> Process 30345 detached
> vs115 ~ #   

any interesting output in 'dmesg'?

> > then, as mentioned in the previous email, try to
> > catch me on the irc channel (#vserver @ irc.oftc.net)

> o.k.

cya there then ...

> -- 
> Wilhelm Meier
> email: [EMAIL PROTECTED]
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] CIFS-mounts in vserver guests

[Herbert Poetzl]

On Thu, Mar 29, 2007 at 06:38:50PM +0200, Wilhelm Meier wrote:
> Hi all,
> 
> I would like to reactivate an old topic, that is mounting cifs-shares
> inside a vserver guest. I tried this some time ago with no luck:
> 
> http://www.paul.sladen.org/vserver/archives/200610/0032.html
> 
> Was there any activity on this topic in the mean time?

not that I would know of ...

> If there is interest in this, I would like to offer some time 
> to do the testing ;-)

okay, good, first step, please try with vs2.2.0-rc21
maybe it started working in the meantime :)

then, as mentioned in the previous email, try to
catch me on the irc channel (#vserver @ irc.oftc.net)

TIA,
Herbert

> -- 
> Wilhelm Meier
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] xdmcp on host and vserver

[Herbert Poetzl]

On Tue, Mar 27, 2007 at 11:45:42AM +0200, Lars Brandi Jensen wrote:
> Hi
> 
> I am having a little problem getting xdmcp working from my gentoo 
> guest. It is installed with kdm and when i try to connect i get the   
> greeter from my host. 

> I guess it is similar to #30 in the FAQ.

yep, looks like your host's X/xdmcp has already bound to
all IPs and thus the guest cannot bind his IP

> Is there any references to setting up xdmcp and kdm in a guest around.

no, but it should be quite simple, here with an older
gdm, I just go to the configuration/security setup and
change the listen ip to something more appropriate

HTH,
Herbert

> Lars Brandi Jensen
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problems with Knoppix 5.2 (which should be Vserver-enabled...)

[Herbert Poetzl]

On Wed, Mar 21, 2007 at 05:03:39PM +0100, Gerhard Hofmann wrote:
> Hi all,
> 
> I have some Vserver hosts running that were setup according to this HowTo:
> http://www.howtoforge.com/linux_vserver_debian
> 
> Because these are quite a lot of steps I always thought it would be nice
> to have a Debian distro that is Vserver-enabled out-of-the-box.
> 
> Now, in the recenct release of German magazine c't, there was a Knoppix
> 5.2 CD which claims to be Vserver-ready.
> 
> Has anybody here already tried Knoppix 5.2 and can share his or her
> experiences?
> 
> I booted Knoppix, tried to setup a Vserver like this:
> vserver vserver1 build \
> -n vserver1 \
> --hostname vserver1 \
> --interface eth0:192.168.1.133/24 \
> -m debootstrap -- -d sarge
> 
> I get this error message:
> /etc/vservers/.defaults/vdirbase/vserver1: Function not implemented
> 
> Any ideas? Or any other Vserver-ready distro out there?

see previous answer ...

best,
Herbert

> TIA
> Gerhard
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problems with Knoppix 5.2 (which should be Vserver-enabled...)

[Herbert Poetzl]

On Wed, Mar 21, 2007 at 03:09:48PM +0100, Gerhard Hofmann wrote:
> Hi all,
> 
> I have some Vserver hosts running that were setup according to this HowTo:
> http://www.howtoforge.com/linux_vserver_debian
> 
> Because these are quite a lot of steps I always thought it would be nice
> to have a Debian distro that is Vserver-enabled out-of-the-box.

debian already includes Linux-VServer to some extend,
so if you install the proper debian vserver kernel,
you will get an older but mostly working install ...

> Now, in the recenct release of German magazine c't, there was a Knoppix
> 5.2 CD which claims to be Vserver-ready.
> 
> Has anybody here already tried Knoppix 5.2 and can share his or her
> experiences?
> 
> I booted Knoppix, tried to setup a Vserver like this:
> vserver vserver1 build \
> -n vserver1 \
> --hostname vserver1 \
> --interface eth0:192.168.1.133/24 \
> -m debootstrap -- -d sarge
> 
> I get this error message:
> /etc/vservers/.defaults/vdirbase/vserver1: Function not implemented

first, unless they changed something, you want to use
the following command:

 vserver vserver1 build \
--context 666 \
--hostname vserver1.test.org \
--interface eth0:192.168.1.133/24 \
-m debootstrap -- -d sarge

> Any ideas? Or any other Vserver-ready distro out there?

IIRC, there are kernel packages for RH/Fedora, Debian and Gentoo
and userspace tool packages for most known distros ...

note: personally I'm against binary kernel packages ... YMMV

HTH,
Herbert

> TIA
> Gerhard
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Vserver CPU limit question

[Herbert Poetzl]

On Mon, Mar 19, 2007 at 11:40:01PM +0100, Herbert Poetzl wrote:
> On Mon, Mar 19, 2007 at 01:52:42PM -0700, Albert Mak (almak) wrote:
> > Hi Herbert,
> > 
> > I repeated the same expriment with sched_hard. The result is the
> > same, vserver is not able to enforce the CPU limit. I am under the
> > impression that sched_prio will also make use of the priority scheme
> > to limit CPU utilization per Vserver context
> 
> sounds really strange, as it is working fine here ...
> (with linux-2.6.19.7-vs2.2.0-rc19)
> 
> here is a short example how you can test it, eliminating
> all possible reasons for doing something wrong
> 
>  - get and compile the vcmd tool [1] and the cpuhog [2]
>  - do the following incantations:
> 
>vcmd -i 100 -BC ctx_create .flagword=^34^33^32^8 -- cpuhog
> 
>  - check the results with 'vtop' which should show something
>like this:
> 
>PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND 
>
>29 root  25   0  1312  252  200 H 24.5  0.5   0:33.81 cpuhog   
>   
>30 root  16   0  1808  900  728 R  1.5  1.6   0:14.84 top  
>   
> 
> by default, the CPU limit will be roughly 25% without
> doing any adjustments to the token buckets ...
> 
> also note that a working token bucket looks like this:
> 
>  FillRate:   1,1
>  Interval:   4,8
>  TokensMin:  6
>  TokensMax: 50
>  PrioBias:   0
>  cpu 0: 5296 11 17101 5288 0 R- 6 6 50 1/4 1/8 0 0
> ~~ hold ticks
> 
> I will check that with your ancient kernel and patch 
> version shortly ...

tested now with 2.6.14.3-vs2.0.1 ...

works fine here as expected:

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
   22 root  25   0  1304  252  200 R 24.1  0.4   0:09.59 cpuhog 
   23 root  17   0  1800  896  728 R  2.5  1.5   0:02.72 top

best,
Herbert

> HTH,
> Herbert
> 
> [1] http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2
> [2] http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog.c
> 
> > Thanks for your help.
> > -Albert
> > 
> > -bash-2.05b# cat /proc/virtual/2/status
> > UseCnt: 9
> > Tasks:  3
> > Flags:  000202020110
> > BCaps:  354c24ff
> > CCaps:  0101
> > Ticks:  0
> > 
> > -bash-2.05b# cat /proc/virtual/3/status
> > UseCnt: 9
> > Tasks:  3
> > Flags:  000202020110
> > BCaps:  354c24ff
> > CCaps:  0101
> > Ticks:  0
> > 
> > 
> > top - 14:02:25 up  2:34,  3 users,  load average: 1.91, 0.88, 0.34
> > Tasks: 132 total,   3 running, 129 sleeping,   0 stopped,   0 zombie
> > Cpu(s): 100.0% us,  0.0% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi,  0.0% 
> > si
> > Mem:513084k total,   118572k used,   394512k free,16704k buffers
> > Swap:0k total,0k used,0k free,46648k cached
> > 
> >   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> > 32600 root  25   0  1336  232  184 R 49.8  0.0   1:38.31 exceed_cpu_limi
> > 32697 root  25   0  1336  232  184 R 49.8  0.0   1:14.18 exceed_cpu_limi
> > 
> > 
> > -bash-2.05b# cat /proc/virtual/2/sched
> > Token:   140
> > FillRate: 80
> > Interval:100
> > TokensMin:50
> > TokensMax:   140
> > PrioBias:  0
> > VaVaVoom:  0
> > cpu 0: 127657 47 0
> > 
> > -bash-2.05b# cat /proc/virtual/3/sched
> > Token:   140
> > FillRate: 10
> > Interval:100
> > TokensMin:50
> > TokensMax:   140
> > PrioBias:  0
> > VaVaVoom:  0
> > cpu 0: 113825 45 0
> > 
> > 
> > 
> > -Original Message-
> > From: Herbert Poetzl [mailto:[EMAIL PROTECTED]
> > Sent: Sun 3/18/2007 7:45 AM
> > To: Albert Mak (almak)
> > Cc: vserver@list.linux-vserver.org
> > Subject: Re: [Vserver] Vserver CPU limit question
> >  
> > On Sat, Mar 17, 2007 at 10:17:47PM -0700, Albert Mak (almak) wrote:
> > > Hi Herbert
> > > 
> > > Here is the output of /proc/virtual/2/status as requested Both
> > > context 2 and 3 have the same setting.
> > > 
> > > -bash-2.05b# cat /proc/virtual/2/status 
> > > UseCnt: 7
> > > Tasks:  2
> > > Flags:  000202020210
> > ~~
> > http://linux-vserver.org/Capabilities_and_Flags
> > 
> &

Re: [Vserver] Vserver CPU limit question

[Herbert Poetzl]

On Mon, Mar 19, 2007 at 01:52:42PM -0700, Albert Mak (almak) wrote:
> Hi Herbert,
> 
> I repeated the same expriment with sched_hard. The result is the
> same, vserver is not able to enforce the CPU limit. I am under the
> impression that sched_prio will also make use of the priority scheme
> to limit CPU utilization per Vserver context

sounds really strange, as it is working fine here ...
(with linux-2.6.19.7-vs2.2.0-rc19)

here is a short example how you can test it, eliminating
all possible reasons for doing something wrong

 - get and compile the vcmd tool [1] and the cpuhog [2]
 - do the following incantations:

   vcmd -i 100 -BC ctx_create .flagword=^34^33^32^8 -- cpuhog

 - check the results with 'vtop' which should show something
   like this:

   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND   
 
   29 root  25   0  1312  252  200 H 24.5  0.5   0:33.81 cpuhog 
   30 root  16   0  1808  900  728 R  1.5  1.6   0:14.84 top

by default, the CPU limit will be roughly 25% without
doing any adjustments to the token buckets ...

also note that a working token bucket looks like this:

 FillRate: 1,1
 Interval: 4,8
 TokensMin:6
 TokensMax:   50
 PrioBias: 0
 cpu 0: 5296 11 17101 5288 0 R- 6 6 50 1/4 1/8 0 0
~~ hold ticks

I will check that with your ancient kernel and patch 
version shortly ...

HTH,
Herbert

[1] http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.08.tar.bz2
[2] http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog.c

> Thanks for your help.
> -Albert
> 
> -bash-2.05b# cat /proc/virtual/2/status
> UseCnt: 9
> Tasks:  3
> Flags:  000202020110
> BCaps:  354c24ff
> CCaps:  0101
> Ticks:  0
> 
> -bash-2.05b# cat /proc/virtual/3/status
> UseCnt: 9
> Tasks:  3
> Flags:  000202020110
> BCaps:  354c24ff
> CCaps:  0101
> Ticks:  0
> 
> 
> top - 14:02:25 up  2:34,  3 users,  load average: 1.91, 0.88, 0.34
> Tasks: 132 total,   3 running, 129 sleeping,   0 stopped,   0 zombie
> Cpu(s): 100.0% us,  0.0% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi,  0.0% si
> Mem:513084k total,   118572k used,   394512k free,16704k buffers
> Swap:0k total,0k used,0k free,46648k cached
> 
>   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> 32600 root  25   0  1336  232  184 R 49.8  0.0   1:38.31 exceed_cpu_limi
> 32697 root  25   0  1336  232  184 R 49.8  0.0   1:14.18 exceed_cpu_limi
> 
> 
> -bash-2.05b# cat /proc/virtual/2/sched
> Token:   140
> FillRate: 80
> Interval:100
> TokensMin:50
> TokensMax:   140
> PrioBias:  0
> VaVaVoom:  0
> cpu 0: 127657 47 0
> 
> -bash-2.05b# cat /proc/virtual/3/sched
> Token:   140
> FillRate: 10
> Interval:100
> TokensMin:    50
> TokensMax:   140
> PrioBias:  0
> VaVaVoom:  0
> cpu 0: 113825 45 0
> 
> 
> 
> -Original Message-
> From: Herbert Poetzl [mailto:[EMAIL PROTECTED]
> Sent: Sun 3/18/2007 7:45 AM
> To: Albert Mak (almak)
> Cc: vserver@list.linux-vserver.org
> Subject: Re: [Vserver] Vserver CPU limit question
>  
> On Sat, Mar 17, 2007 at 10:17:47PM -0700, Albert Mak (almak) wrote:
> > Hi Herbert
> > 
> > Here is the output of /proc/virtual/2/status as requested Both
> > context 2 and 3 have the same setting.
> > 
> > -bash-2.05b# cat /proc/virtual/2/status 
> > UseCnt: 7
> > Tasks:  2
> > Flags:  000202020210
>   ~~
> http://linux-vserver.org/Capabilities_and_Flags
> 
> 0100 sched_hard
> 0200 sched_prio
> 
> so you haven't enabled sched_hard here, which explains
> why you do not see hard scheduling behaviour :)
> 
> HTC,
> Herbert
> 
> > BCaps:  354c24ff
> > CCaps:  0101
> > Ticks:  0
> > 
> > Thanks.
> > 
> > -Albert
> > -Original Message-
> > From: Herbert Poetzl [mailto:[EMAIL PROTECTED] 
> > Sent: Saturday, March 17, 2007 11:36 AM
> > To: Albert Mak (almak)
> > Cc: vserver@list.linux-vserver.org
> > Subject: Re: [Vserver] Vserver CPU limit question
> > 
> > On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
> > > Hi,
> > > 
> > > I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU 
> > > limit capabilities. I have 2 vserver contexts both running CPU 
> > > intensive app capable of using up 100%

Re: [Vserver] Just for info

[Herbert Poetzl]

On Mon, Mar 19, 2007 at 09:26:39AM +0100, [EMAIL PROTECTED] wrote:
> Hello
> 
> I had a problem with vs2.2.0-rc16 on linux-2.6.20.2
> 
> (cf paste.linux-vserver.org/1275)
> 
> It seems to work fine now with vs2.2.0-rc18 and kernel-2.6.20.3.

emphasis on seems .. IMHO this is a mainline issue
with a disappearing tty->driver (either because the
tty is reused while still active or something similar)

it is currently tracked here:

 http://vserver.13thfloor.at/Stuff/BUGHUNT/bertl-0002

and I added your trace to the dir, because I think
we are observing the very same issue ...

best,
Herbert

> srvweb:/usr/local# ./testme.sh
> Linux-VServer Test [V0.16] Copyright (C) 2003-2006 H.Poetzl
> chcontext is working.
> chbind is working.
> Linux 2.6.20.3-vs2.2.0-rc18 #1 SMP PREEMPT Sun Mar 18 10:58:12 CET 2007 i686
> Ea 0.30.212 273/glibc (DSa) 
> VCI: 0002:0200 273 03000711 (TbP)
> ---
> [000]# succeeded.
> [001]# succeeded.
> [011]# succeeded.
> [031]# succeeded.
> [101]# succeeded.
> [102]# succeeded.
> [201]# succeeded.
> [202]# succeeded.
> 
> srvweb:/usr/local# cat /proc/version
> Linux version 2.6.20.3-vs2.2.0-rc18 ([EMAIL PROTECTED]) (version gcc 3.3.5 
> (Debian 1:3.3.5-13)) #1 SMP PREEMPT Sun Mar 18 10:58:12 CET 2007
> 
> srvweb:/usr/local# zgrep -i vserver /proc/config.gz
> # Linux VServer
> # CONFIG_VSERVER_LEGACY is not set
> # CONFIG_VSERVER_LEGACYNET is not set
> # CONFIG_VSERVER_REMAP_SADDR is not set
> CONFIG_VSERVER_COWBL=y
> # CONFIG_VSERVER_VTIME is not set
> CONFIG_VSERVER_PROC_SECURE=y
> # CONFIG_VSERVER_HARDCPU is not set
> CONFIG_VSERVER_PRIVACY=y
> CONFIG_VSERVER_WARN=y
> # CONFIG_VSERVER_DEBUG is not set
> CONFIG_VSERVER=y
> CONFIG_VSERVER_NGNET=y
> 
> srvweb:/usr/local# vserver-stat
> CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
> 0   85 596.7M 192.2M  23m08s77   7m17s52  20h46m31 root server
> 20  15 397.4M 121.6M   0m43s95   0m06s76  20h44m31 vweb1
> 21  15 521.4M  88.4M   0m04s61   0m01s86  20h44m17 vweb2
> 22  16 105.6M  38.3M   0m30s60   0m18s23  20h44m08 vweb3
> 
> 
> Patrick
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] how to make default system running on the top of one vserver?

[Herbert Poetzl]

On Mon, Mar 19, 2007 at 12:45:38AM -0400, Wenbin Zhang wrote:
> Hello Guys,
> 
> I have one question here, how to make default system running on the top of
> one vserver? That is:
> 
> -
>  vserver
> ---
>  host linux
> 
>  hardware
> ---
> 
> 1) I setup one server on the default host system.
>(Both the host system and the verser are linux).

hopefully, otherwise it won't work, it's not a VM or
VMM, Linux-VServer is OS-Level virtualization :)

> 2) After the machine power on and boot, the whole 
>thing will be taken over by the vserver, say, 
>the GUI display, the input are controlled by 
>vserver automatically. 

so you have to put the relevant stuff into the
context and provide that context with the necessary
capabilities (depends on the actual hw interfaces)

>After boot, the user were not expected to use 
>the host linux again.

> 3) But the display/input control still can be 
>switched to the host linux in case of need. 
>After using, the control will be able to switch 
>back to vserver.

that _really_ depends on the hw and the software
used for e.g. interface and input ...

you can put services into a context quite early in
the system startup, you could even put the entire
host init process into a context from initramfs

> Any good idea to achieve this?

you might want to have a look at the MoreUbuntu
solution for multi seat linux ...

best,
Herbert

> Thanks,
> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Vserver CPU limit question

[Herbert Poetzl]

On Sat, Mar 17, 2007 at 10:17:47PM -0700, Albert Mak (almak) wrote:
> Hi Herbert
> 
> Here is the output of /proc/virtual/2/status as requested Both
> context 2 and 3 have the same setting.
> 
> -bash-2.05b# cat /proc/virtual/2/status 
> UseCnt: 7
> Tasks:  2
> Flags:  000202020210
~~
http://linux-vserver.org/Capabilities_and_Flags

  0100 sched_hard
  0200 sched_prio

so you haven't enabled sched_hard here, which explains
why you do not see hard scheduling behaviour :)

HTC,
Herbert

> BCaps:  354c24ff
> CCaps:  0101
> Ticks:  0
> 
> Thanks.
> 
> -Albert
> -Original Message-
> From: Herbert Poetzl [mailto:[EMAIL PROTECTED] 
> Sent: Saturday, March 17, 2007 11:36 AM
> To: Albert Mak (almak)
> Cc: vserver@list.linux-vserver.org
> Subject: Re: [Vserver] Vserver CPU limit question
> 
> On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
> > Hi,
> > 
> > I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU 
> > limit capabilities. I have 2 vserver contexts both running CPU 
> > intensive app capable of using up 100% CPU, I am setting up on vserver
> 
> > to limit 1 context to 10% CPU  and the 2nd to 80% CPU, both using
> flags sched_prio.
> > I am seeing CPU usage split 50/50 between the 2 contexts. I repeated 
> > the same test using sched_hard with the same result (kernel 
> > VSERVER_HARDCPU config set to y). I am expecting to see at least the 
> > CPU usage close to the Vserver limits.
> > 
> > Have I got the wrong settings or some other issues. Your help is 
> > really appreciated.
> > 
> > -Albert
> > 
> > top - 18:37:04 up 26 min,  1 user,  load average: 2.04, 1.40, 0.62
> > Tasks: 127 total,   3 running, 124 sleeping,   0 stopped,   0 zombie
> > Cpu(s): 98.7% us,  1.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi, 
> > 0.0% si
> > Mem:513084k total,   115660k used,   397424k free,10200k
> buffers
> > Swap:0k total,0k used,0k free,39332k
> cached
> > 
> >   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
> >  6616 root  20   0  1332  228  184 R 49.8  0.0   2:23.12
> > exceed_cpu_limi
> >  6513 root  20   0  1336  232  184 R 48.1  0.0   2:43.79
> > exceed_cpu_limi
> > 
> > -bash-2.05b# vps
> >   PID CONTEXT TTY  TIME CMD
> >  3672 0 MAIN  pts/000:00:00 bash
> >  6513 2 APP1  pts/000:03:01 exceed_cpu_limi
> >  6616 3 APP2  pts/000:02:40 exceed_cpu_limi
> >  7655 1 ALL_PROC  pts/000:00:00 vps
> >  7656 1 ALL_PROC  pts/000:00:00 ps
> > 
> > -bash-2.05b# pwd
> > /etc/vservers/APP1
> > -bash-2.05b# cat flags
> > sched_prio
> 
> you want to add sched_hard here if you want hard scheduling, the prio
> scheduler will only adjust priorities according to the token buckets ...
> 
> I'd also suggest to use a more recent kernel (and probably Linux-VServer
> patch) than this one as the scheduler was enhanced quite a lot in 2.2.x
> 
> > -bash-2.05b# cat schedule
> > 80
> > 100
> > 200
> > 50
> > 140
> > dummy
> > 
> > -bash-2.05b# pwd
> > /etc/vservers/APP2
> > -bash-2.05b# cat flags
> > sched_prio
> > -bash-2.05b# cat schedule
> > 10
> > 100
> > 200
> > 50
> > 140
> > dummy
> > 
> > -bash-2.05b# cat /proc/virtual/2/sched
> > Token:   140
> > FillRate:  1
> > Interval:100
> > TokensMin:50
> > TokensMax:   140
> > PrioBias:  0
> > VaVaVoom: -5
> > cpu 0: 229674 71 0
> > 
> > -bash-2.05b# cat /proc/virtual/3/sched
> > Token:   140
> > FillRate: 10
> > Interval:100
> > TokensMin:50
> > TokensMax:   140
> > PrioBias:  0
> > VaVaVoom: -5
> > cpu 0: 217275 54 0
> 
> looks like none of the token buckets is active here, what does the
> /proc/virtual/2/status show?
> 
> TIA,
> Herbert
> 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Oops with rejecting routes in vservers instance

[Herbert Poetzl]

On Thu, Mar 15, 2007 at 07:38:44PM +0100, Herbert Poetzl wrote:
> On Thu, Mar 15, 2007 at 12:18:12PM +0100, Asier Baranguán wrote:
> > Asier Baranguán escribió:
> > 
> > >>~~~
> > >>quite ancient ... could you try something like 2.6.18-4 or
> > >>even better 2.6.19.7-vs2.2.0-rc17 and tell me if you see
> > >>the same issues?
> > >>
> > >>will try to recreate it here ...
> > >
> > >Oops.
> > >
> > >Kernel 2.16.38-vs2.0.3-rc1 and same problem... 

okay, was actually easy to recreate, thanks to your
information and testing ... turned out to be an
issue present in recent versions too ...

> > >Is there any fix for this in the 'stable' 2.6.16 kernel?

yep, we updated the 2.6.16 kernel to 2.6.16.43 and
the patch to 2.0.3-rc2, you can find it here:

http://vserver.13thfloor.at/Experimental/patch-2.6.16.43-vs2.0.3-rc2.diff

thanks for spotting,
Herbert

> > Emm... I want to say "any fix for the 2.0.3rc1 release 
> > of the 'stable' 
> > 2.6.16 kernel"
> 
> will check that tonight or tomorrow, when I get
> around digging out that old kernel :)
> 
> best,
> Herbert
> 
> > Thanks
> 
> > begin:vcard
> > fn;quoted-printable:Asier Barangu=C3=A1n
> > n;quoted-printable:Barangu=C3=A1n;Asier
> > org;quoted-printable:ELPA Gesti=C3=B3n
> > adr;quoted-printable;dom:;;c/ Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009
> > email;internet:[EMAIL PROTECTED]
> > title:A/P
> > tel;work:944.23.01.66
> > tel;fax:944.23.01.78
> > x-mozilla-html:FALSE
> > url:http://www.elpagestion.com
> > version:2.1
> > end:vcard
> > 
> 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Vserver CPU limit question

[Herbert Poetzl]

On Fri, Mar 16, 2007 at 06:54:26PM -0700, Albert Mak (almak) wrote:
> Hi,
> 
> I have Linux (2.6.14.3 Kernel) with Vserver 2.0.1 and testing the CPU
> limit capabilities. I have 2 vserver contexts both running CPU intensive
> app capable of using up 100% CPU, I am setting up on vserver to limit 1
> context to 10% CPU  and the 2nd to 80% CPU, both using flags sched_prio.
> I am seeing CPU usage split 50/50 between the 2 contexts. I repeated the
> same test using sched_hard with the same result (kernel VSERVER_HARDCPU
> config set to y). I am expecting to see at least the CPU usage close to
> the Vserver limits.
> 
> Have I got the wrong settings or some other issues. Your help is really
> appreciated.
> 
> -Albert
> 
> top - 18:37:04 up 26 min,  1 user,  load average: 2.04, 1.40, 0.62
> Tasks: 127 total,   3 running, 124 sleeping,   0 stopped,   0 zombie
> Cpu(s): 98.7% us,  1.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  0.0% hi,
> 0.0% si
> Mem:513084k total,   115660k used,   397424k free,10200k buffers
> Swap:0k total,0k used,0k free,39332k cached
> 
>   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
>  6616 root  20   0  1332  228  184 R 49.8  0.0   2:23.12
> exceed_cpu_limi
>  6513 root  20   0  1336  232  184 R 48.1  0.0   2:43.79
> exceed_cpu_limi
> 
> -bash-2.05b# vps
>   PID CONTEXT TTY  TIME CMD
>  3672 0 MAIN  pts/000:00:00 bash
>  6513 2 APP1  pts/000:03:01 exceed_cpu_limi
>  6616 3 APP2  pts/000:02:40 exceed_cpu_limi
>  7655 1 ALL_PROC  pts/000:00:00 vps
>  7656 1 ALL_PROC  pts/000:00:00 ps
> 
> -bash-2.05b# pwd
> /etc/vservers/APP1
> -bash-2.05b# cat flags
> sched_prio

you want to add sched_hard here if you want hard
scheduling, the prio scheduler will only adjust
priorities according to the token buckets ...

I'd also suggest to use a more recent kernel
(and probably Linux-VServer patch) than this one
as the scheduler was enhanced quite a lot in 2.2.x

> -bash-2.05b# cat schedule
> 80
> 100
> 200
> 50
> 140
> dummy
> 
> -bash-2.05b# pwd
> /etc/vservers/APP2
> -bash-2.05b# cat flags
> sched_prio
> -bash-2.05b# cat schedule
> 10
> 100
> 200
> 50
> 140
> dummy
> 
> -bash-2.05b# cat /proc/virtual/2/sched
> Token:   140
> FillRate:  1
> Interval:100
> TokensMin:50
> TokensMax:   140
> PrioBias:  0
> VaVaVoom: -5
> cpu 0: 229674 71 0
> 
> -bash-2.05b# cat /proc/virtual/3/sched
> Token:   140
> FillRate: 10
> Interval:100
> TokensMin:50
> TokensMax:   140
> PrioBias:  0
> VaVaVoom: -5
> cpu 0: 217275 54 0

looks like none of the token buckets is active
here, what does the /proc/virtual/2/status show?

TIA,
Herbert

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] OCS Inventory

[Herbert Poetzl]

On Sat, Mar 17, 2007 at 02:37:39PM +, Daniel W. Crompton wrote:
> On 3/17/07, Daniel Hokka Zakrisson <[EMAIL PROTECTED]> wrote:
> >>>You absolutely never ever want to do that, if you care the least about 
> >>>the
> >>>guest being secure... /dev/mem would give it complete access to the
> >>>contents of your RAM.
> >>Seriously if you care about your guest being secure you make sure that
> >>the host doesn't have physical network access. If you want to be able
> >>to run certain programs in a guest you sometimes need rights which are
> >>available to only the host. That's the whole point of caps.
> >Which should not be taken as lightly as "you just need to create XYZ".
> >It's something that essentially voids the entire virtualization/isolation
> >that Linux-VServer provides...
> 
> You are right that I was a little flippant in my remark that one
> should just create /dev/mem, and should have mentioned the security
> implications. My remark did contain reservation you didn't pick-up on.
> "You might just need to create XYZ" carries a very different message
> than "you just need to create XYZ." In this case "might" means that it
> is possible that you would need to do XYZ, I realize that this
> reservation could be missed in a cursory reading.
> 
> However that doesn't however negate the fact that to run OCS Agent as
> is in a guest you might just need to create /dev/mem.

you might want to check with the source (of OCS Agent)
what the application actually does with /dev/mem

best,
Herbert

> regards,
> 
> D.
> 
> 
> blaze your trail
> 
> --
> redhat
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] DNS query-source * inside a vserver

[Herbert Poetzl]

On Wed, Mar 14, 2007 at 11:21:51PM +0100, Jean-François Leroux wrote:
> Hi,
> There is something I'm not sure I understand, so maybe you could help
> me figure out. Here it goes: we have a Debian vserver running BIND9
> (recompiled). Everything works fine, except that the line
> 
> query-source * ...
> 
> breaks bind9 while query-source x.x.x.x works fine.
> 
> Well, my understanding of this is that query-source * uses INADDR_ANY,

that would be what one would suspect, yes, but we
_know_ that the bind folks are not very good with
things like common and sense ...

> that would map to the first available ip on an host and does not

no, that would bind to _all_ ips on the host and
the assigned subset (one or more IPs) on the guest
and more important, that probably would work

> inside a vserver. 

> Am I wrong ?

maybe bind9 does something creative, use strace to
find out and let us know ...

> Could somebody point me towards the correct explanation (a link 
> for example) ?

I would also try to trick bind9, by simply using
query-source 0.0.0.0 (which _is_ INADDR_ANY)

best,
Herbert

> Cheers

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Oops with rejecting routes in vservers instance

[Herbert Poetzl]

On Thu, Mar 15, 2007 at 12:18:12PM +0100, Asier Baranguán wrote:
> Asier Baranguán escribió:
> 
> >>~~~
> >>quite ancient ... could you try something like 2.6.18-4 or
> >>even better 2.6.19.7-vs2.2.0-rc17 and tell me if you see
> >>the same issues?
> >>
> >>will try to recreate it here ...
> >
> >Oops.
> >
> >Kernel 2.16.38-vs2.0.3-rc1 and same problem... ¿Is there any fix for 
> >this in the 'stable' 2.6.16 kernel?
> 
> Emm... I want to say "any fix for the 2.0.3rc1 release of the 'stable' 
> 2.6.16 kernel"

will check that tonight or tomorrow, when I get
around digging out that old kernel :)

best,
Herbert

> Thanks

> begin:vcard
> fn;quoted-printable:Asier Barangu=C3=A1n
> n;quoted-printable:Barangu=C3=A1n;Asier
> org;quoted-printable:ELPA Gesti=C3=B3n
> adr;quoted-printable;dom:;;c/ Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009
> email;internet:[EMAIL PROTECTED]
> title:A/P
> tel;work:944.23.01.66
> tel;fax:944.23.01.78
> x-mozilla-html:FALSE
> url:http://www.elpagestion.com
> version:2.1
> end:vcard
> 

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vmware-player on host

[Herbert Poetzl]

On Wed, Mar 14, 2007 at 04:11:08PM -0300, sysadmin wrote:
> Hi,
> 
> I´m running a gentoo x86_64 on a amd64 box, after patch the kernel
> with Linux-VServer patch, the vmware-player doens´t work anymore.
> Vmware products will only run on a guest? 

I don't think so ... or let me rephrase, when it
runs fine on the guest, you can definitely make
it run on the host

> It´s possible to fix this?

sure, send me the source tarball for the player,
and I'll ahve a look at the issue :)

best,
Herbert

> Regards, 
> 
> Marlon
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Re: Oops with rejecting routes in vservers instance

[Herbert Poetzl]

On Tue, Mar 13, 2007 at 10:09:15PM +0100, Markus Neubauer (Liste) wrote:
> Test this effect:
> 
> on the host:
> $ route add -net 192.168.0.0/16 reject dev ppp0
> 
> on a vserver do then:
> $ route -n
> 
> result:
> 
> Mar 13 21:52:26 m10 kernel: Unable to handle kernel NULL pointer
> dereference at virtual address 00a8
> Mar 13 21:52:26 m10 kernel: printing eip:
> Mar 13 21:52:26 m10 kernel: c013525e
> Mar 13 21:52:26 m10 kernel: *pde = 
> Mar 13 21:52:26 m10 kernel: Oops:  [#1]
> Mar 13 21:52:26 m10 kernel: PREEMPT SMP
> Mar 13 21:52:26 m10 kernel: Modules linked in: qozap zaptel crc_ccitt
> nfs lockd nfs_acl sunrpc ebt_log ebtable_filter ebtables ip6ta
> Mar 13 21:52:26 m10 kernel: CPU:1
> Mar 13 21:52:26 m10 kernel: EIP:0060:[]Tainted: GF VLI
> Mar 13 21:52:26 m10 kernel: EFLAGS: 00010213   (2.6.16-3-vserver-686 #1)
~~~
quite ancient ... could you try something like 2.6.18-4 or
even better 2.6.19.7-vs2.2.0-rc17 and tell me if you see
the same issues?

will try to recreate it here ...

TIA,
Herbert

> Mar 13 21:52:26 m10 kernel: EIP is at dev_in_nx_info+0x1c/0x95
> Mar 13 21:52:26 m10 kernel: eax:    ebx: f6fa9500   ecx:
> 0001   edx: e53d6000
> Mar 13 21:52:26 m10 kernel: esi:    edi: f743a9c0   ebp:
>    esp: e53d7e88
> Mar 13 21:52:27 m10 kernel: ds: 007b   es: 007b   ss: 0068
> Mar 13 21:52:27 m10 kernel: Process route (pid: 22958[#1557],
> threadinfo=e53d6000 task=f54f1ab0)
> Mar 13 21:52:27 m10 kernel: Stack: <0>f6fa9500  0201
> a8c0 c027f1aa  f743a9c0 f54f1ab0
> Mar 13 21:52:27 m10 kernel: 31687465 30303009 41454630 30300939 30303030
> 30093030 09313030 09300930
> Mar 13 21:52:27 m10 kernel: 30300930 46463030 30094646 30093009 2600
> eb370570 f54f1ab0 f54f1bdc
> Mar 13 21:52:27 m10 kernel: Call Trace:
> Mar 13 21:52:27 m10 kernel: [] fib_seq_show+0x89/0x129
> Mar 13 21:52:27 m10 kernel: [] rb_insert_color+0xad/0xce
> Mar 13 21:52:27 m10 kernel: [] __vma_link+0x44/0x53
> Mar 13 21:52:27 m10 kernel: [] seq_read+0x197/0x266
> Mar 13 21:52:27 m10 kernel: [] vfs_read+0xa6/0x13d
> Mar 13 21:52:27 m10 kernel: [] sys_read+0x3b/0x63
> Mar 13 21:52:27 m10 kernel: [] syscall_call+0x7/0xb
> Mar 13 21:52:27 m10 kernel: Code: 39 5c 81 2c 74 e7 40 39 d0 7c f5 31 c0
> 5b c3 55 b8 01 00 00 00 31 ed 57 56 53 8b 7c 24 18 85 ff 74
> Mar 13 21:52:27 m10 kernel: <6>note: route[22958] exited with
> preempt_count 2
> 
> Not always, but in other cases the server crashes totally...
> 
> Greets
> Markus
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vserver patch making its way into the kernel.org kernels...?

[Herbert Poetzl]

On Tue, Mar 13, 2007 at 12:02:28AM -0700, Technical Support wrote:
> hi folks,
> 
> apologies if this is a ticklish question or one I should just know the
> answer to, but...

> I'm working for a large company that churns out lots of machines and am 
> trying to convince them to use vservers to help with several issues.

> However, the folks on our "platform team" are concerned - they want
> to use a "stock kernel" (which evidently means something downloaded
> directly from kernel.org) and don't like the idea of a patch.
> Evidently this causes a long-term maintenance issue - not necessarily
> from the technical perspective of applying the patch, but from a
> documentation, regression testing, license compliance (we distribute
> appliances, so we have to do extra work for GPL compliance), etc.

well, if the stock kernel.org kernel does what you want, 
then there is no need to add patches like Linux-VServer :)

> So the questions I've been asked to ask are these --

>Is there progress on getting the vserver modifications into the 
>"standard kernel"?

yes, OS-Level virtualization (and isolation) is getting into
the mainline (vanilla) kernel

>Is that even something the project hopes to accomplish at some
>point?

hmm, not really, but we are trying to make sure that whatever
gets into mainline is actually useful and performant, but I
think the actual framework will take quite a while until it
is available (and usable) in mainline

>If yes, any idea when...?  :)

the first elements of Linux-VServer are already in mainline
(e.g. the various spaces introduced over time) and more stuff
is getting in every day, a fully working isolation solution
like Linux-VServer will take a few years to stabilize though

HTC,
Herbert

> Thanks in advance!
> 
> - Ken ([EMAIL PROTECTED])
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] java socket connections between guests seem to have the host as a source

[Herbert Poetzl]

On Sun, Mar 11, 2007 at 09:58:06PM +, Konstantinos Pachopoulos wrote:
> Hi,
> before reinstalling the host system (the guests have
> remained exactly the same) there was no problem. Now,

reinstall from what to what? 

> if i create a java socket connection from one guest to
> another, the guests believe that the source of the
> connection is the host! Do i need to change something
> in /etc/vservers/guest-name dir? While creating each
> guest i had used the "hostname" parameter however...

what kernel, patch and tool versions?

> Ideas?

could be anything, but if the ip is not assigned to
the guest, it sounds strange, i.e. the guest should
not be able to use it for anything ...

TIA,
Herbert

> ___ 
> All New Yahoo! Mail – Tired of unwanted email come-ons? Let our SpamGuard 
> protect you. http://uk.docs.yahoo.com/nowyoucan.html
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] gentoo update breaks shutdowns?

[Herbert Poetzl]

On Sun, Mar 11, 2007 at 02:33:44AM -0500, Chuck wrote:
> there is something in my system that updated recently that has since broken 
> vserver's ability to report shutting down guests. I get this kind of report 
> on every type of guest. it also appears to be a random thing. other times i 
> shut guests down and i get no errors. this variable behavior was only noticed 
> yesterday because we are moving physical drives around so we have had to 
> stop/start the server otherwise we may not stop any for months. it also waits 
> the 'timeout' time before reporting.
> 
> as in example below, after this message i try a vps ax|grep 3910 and i find 
> no 
> processes with that context running! an immediate restart is error free.
> 
> valkyrie boinc # vserver cacti stop
> A timeout occured while waiting for the vserver to finish and it will
> be killed by sending a SIGKILL signal. The following process list
> might be useful for finding out the reason of this behavior:
> 
> --
> 14685  3910 cacti ?Ss 0:00 init [3]
> 15181  3910 cacti ?Ss 0:00  \_ /usr/sbin/syslog-ng
> 15245  3910 cacti ?Ssl0:00  \_ /usr/sbin/named -u named 
> -n 
> 4 -t /var/bind
> 15265  3910 cacti ?Ss 0:00  \_ /usr/sbin/apache2 -D 
> DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
> start
> 15266  3910 cacti ?S  0:00  |   \_ /usr/sbin/apache2 -D 
> DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
> start
> 15312  3910 cacti ?Sl 0:00  |   \_ /usr/sbin/apache2 -D 
> DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
> start
> 15313  3910 cacti ?Sl 0:00  |   \_ /usr/sbin/apache2 -D 
> DEFAULT_VHOST -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k 
> start
> 15310  3910 cacti ?Ss 0:01  \_ /usr/sbin/clamd
> 15327  3910 cacti ?Ss 0:00  \_ /usr/bin/freshclam -d
> 15468  3910 cacti ?Ss 0:00  \_ /usr/sbin/cron
> 15539  3910 cacti ?Ds 0:00  \_ /sbin/shutdown -r 0 w
> --
> Vserver '/etc/vservers/cacti' still running unexpectedly; please investigate 
> it manually...

maybe it takes quite long (timeout +/- something)
and thus, the timeout strikes sometimes ...

I observed similar with qmail, which is quite
strange in shutdown behaviour, especially when
combined with other services ...

(read: it can take between 1 and 10 minutes to
do a proper shutdown)

just and idea,
Herbert

> essentially when it behaves like this, every shutdown says it is still
> running does anyone in gentoo-vserver land have any clue what may be
> causing this apparently false report?
> 
> my util-vserver version is 0.30.212-r2
> 
> kernel version
> 
> 2.6.19-vs2.2.0-rc2
> 
> 
> 
> -- 
> 
> Chuck
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] moving guests

[Herbert Poetzl]

On Tue, Mar 06, 2007 at 04:13:17PM +0100, [EMAIL PROTECTED] wrote:
> Hi,
> 
> Was wondering if there is a possibility to move guests between hosts 
> without stopping them ?

not yet, but mainline is going into that direction
so as soon as Linux will be able to do such things,
it will also be part of Linux-VServer

a work around is to put the Linux-VServer kernel in
a Xen domU and migrate the entire domain over to
a backup machine which usually covers all the down
for maintainance cases ...

> I allready have set up shared filesystem im running my guests from,
> was just looking for a possibility so guests wouldnt need to be
> re-started when im in need to move them around.

stop/start should take less than 5 seconds if the
guests are configured properly, so I guess the
downtime is acceptable ...

best,
Herbert

> TiA
> 
> Konrad Gutkowski 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Ethernet interfaces vanished

[Herbert Poetzl]

On Tue, Mar 06, 2007 at 07:09:28AM +0100, Cryptronic wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hi all,
> 
> I have problems with the "virtual" nics.

I doubt that, as there are no virtual nics in Linux-VServer
(but read on, it might contain some clues :)

> Sometimes a interface in a vserver suddenly vanished and 
> ifconfig in the vserver doesn't show anything.

which would suggest that the ip was removed on the host
or one of your guests has too many priviledges (e.g.
network admin caps)

first thing would be to check on the host with:

 ip addr ls

(make yourself comfortable with the output before that
happens, so that you see what actually changed)

> My interface setup contains in interfaces/0/
> bcast
> dev
> ip
> mask
> 
> also ip addr list list some of the ip's of the vservers as global and
> global secondary scopes:
> inet xxx/24 brd xxx scope global eth0
> inet xxx/24 brd xxx scope global secondary eth0
> inet xxx/24 brd xxx scope global secondary eth0
> inet xxx/24 brd xxx scope global secondary eth0

here we are approaching the _real_ issue, which is
an unfortunate config ...

> xxx where real ip addresses.
> 
> I'm running vserver-utils 212 and the following kernel:
> 2.6.18.5-vs2.1.1.3-amd64-squash-drbd-256ip-ipv6
> 
> Maybe this problem is known?

yes, it is, let me explain _what_ happens:

 - you ahve no specific ip assigned to the host on
   that network/interface therefore
 - the first started guest becomes the 'primary'
   address holder on that network/interface
 - you also have 'promote secondaries' disabled
   on this interface (sysctl), so
 - when the one guest using the primary is taken
   down, the Linux kernel will remove all the other
   secondary addresses from the interface, without
   any further notice, which will render your guests
   IP-less until the addresses are re-added ...

solutions:

 a) assign a 'primary' address to the host, so that
all guests will get secondaries ...

 b) activate 'promote secondaries' like this:
sysctl -w net.ipv4.conf.eth0.promote_secondaries=1


HTC,
Herbert

> On 2.6.20.1-vs2.2.0-amd64-squash-drbd-256ip the same things happens.
> 
> best regards
> 
> Oliver
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFF7QWXOBdlVlcPuhwRAqeqAKCP5gUa0mE6hdQ4MOSxmUKiKEcHHQCgwGny
> U1Z0rlzy2FXsWz7WyduvSWc=
> =03V0
> -END PGP SIGNATURE-
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] a bit off topic but good to know if there is a known problem

[Herbert Poetzl]

On Tue, Mar 06, 2007 at 03:11:51AM +, Martin wrote:
> On Mon, 2007-03-05 at 20:24 +0100, Herbert Poetzl wrote:
> > On Mon, Mar 05, 2007 at 07:43:51AM -0500, Chuck wrote:
> > > On Monday 05 March 2007 06:15, Herbert Poetzl wrote:
> 
> > > 
> > > controllers. i would rather see the boss change the case to a 2u and
> > > put a real hardware raid controller in on a 2 card riser but.. it
> > > is not my call.. (and of course we find all this out after the machine
> > > has been in our production environment for 5 months)
> > 
> > in most cases the hardware raid controller is not worth
> > the money, as a software raid usually gives a much better
> > performance with less latency and more control for the
> > operating system ...
> > 
> > nevertheless, hw-raid can have some advantages if it is
> > done properly, e.g. auto reconstruction without affecting
> > the system performance and/or battery buffering in power
> > failure cases ...
> 
> I used to like the idea of hardware RAID but two things put me off:
> 
> 1. When you pull the power on a system apparently the memory goes
> first but I/O systems function for just a bit longer - often writing
> junk data. This is apparently one of the things the high end UNIX
> vendors used to spend money on trying to get right. In short, you
> *need* a battery backed hardware RAID if you are serious about
> avoiding data corruption. These are more expensive. It also makes any
> form of RAID device that requires drivers to run (i.e. the soft-RAID
> devices on many modern machines) a little questionable to my mind.
> 
> 2. Data corruption is serious because none of the formats the hardware
> RAID systems use are public. I am under the impression that in many
> cases even data recovery specialists do not have access to these. Thus
> you are completely at the mercy of the tools the vendor gives you. If
> they are buggy or you get into a situation (see above) that they can't
> recover from it's game over.
> 
> Thus, I would *strongly* advise that unless you /need/ the performance
> a hardware RAID controller gives (and can then afford the UPS and the

note that the 'performance' in many cases is a myth,
for several reasons, mainly because:

 - hardware raid has 2-256MB cache, software has 1-4GB
 - hardware raid has a single channel to the host,
   while proper setup soft raid can burst over N channels
   simultaniously (and will do so, e.g. for separate I/O
   threads)
 - elevator in the kernel, vs limited TCQ

best,
Herbert

> high level service contract with the vendor, etc.), use the Linux
> software RAID. 

> If it all goes wrong you can always read the source and piece things
> together manually. I've had to do this. It's not fun but it is
> possible. For me it made the difference between having to tell my boss
> that the fileserver would be down for a while and having to tell my
> boss that we would have to revert to last months backup.
> 
> HTH
> 
> Cheers,
>  - Martin
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] a bit off topic but good to know if there is a known problem

[Herbert Poetzl]

On Mon, Mar 05, 2007 at 07:43:51AM -0500, Chuck wrote:
> On Monday 05 March 2007 06:15, Herbert Poetzl wrote:
> > On Sun, Mar 04, 2007 at 05:42:01PM -0500, Chuck wrote:
> > > i have seen many of you have similar setups so if there is a known
> > > problem we should all know about it...
> > >
> > > has anyone heard of a problem with the sda channel in the SATA
> > > on board silicone image 3114 controller in general or on a tyan
> > > 2882D series motherboard using opteron processors? we are running
> > > a software raid1 and sda keeps going south even with a new hdd to
> > > the point it is not detectable at all.. a power down, unplug plug
> > > back in and restart usually cures it and the array re-syncs then
> > > gets an error and sda is no longer visible to anything,.. it is a
> > > tyan GX28 system.
> > >
> > > i am running all my vserver partitions on lvm2 under this if that
> > > has any bearing..
> > >
> > > outside of a faulty motherboard i am at a loss as to what could
> > > cause this.
> > 
> > this is what google had to say :)
> > 
> > http://www.linuxquestions.org/questions/showthread.php?t=351495
> > 
> http://www.leenooks.com/Silicon+Image+311x+sata+controllers+and+some+Seagate+disks
> > 
> > in general, the Sil 311x is considered very slow
> > and 'crappy' but it should be supported quite fine
> > 
> 
> we are kinda stuck with the on board controller however since this is
> a 1u case and the riser is already used for a nic. i think we may try
> replacing sda with a western digital drive. the seagates we are using
> are not on the black list in the driver but are of the same family..
> if this wd works we will replace the 2nd drive with a wd and will have
> learned the hard way never to use seagate paired with silicone image
> controllers. i would rather see the boss change the case to a 2u and
> put a real hardware raid controller in on a 2 card riser but.. it
> is not my call.. (and of course we find all this out after the machine
> has been in our production environment for 5 months)

in most cases the hardware raid controller is not worth
the money, as a software raid usually gives a much better
performance with less latency and more control for the
operating system ...

nevertheless, hw-raid can have some advantages if it is
done properly, e.g. auto reconstruction without affecting
the system performance and/or battery buffering in power
failure cases ...

best,
Herbert

> > http://www.tyan.com/archive/products/html/gx28b2882_spec.html
> > 
> > looking at the specs for the GX28 I see AMD chipsets
> > which 'might' lack proper support, the Sil 3114 there
> > is also connected to the legacy 32bit bus and does
> > only support SATA 1.0, so I wouldn#t expect too much
> > from that ...
> > 
> > HTH,
> > Herbert
> > 
> > > -- 
> > > 
> > > Chuck
> > > 
> > > ___
> > > Vserver mailing list
> > > Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> 
> -- 
> 
> Chuck
> 
> "...and the hordes of M$*ft users descended upon me in their anger,
> and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> or insecure system troubles and slowness or pay through the nose 
> for an OS as *we* do?!!', and I answered...'I use Linux'. "
> The Book of John, chapter 1, page 1, and end of book
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] a bit off topic but good to know if there is a known problem

[Herbert Poetzl]

On Sun, Mar 04, 2007 at 05:42:01PM -0500, Chuck wrote:
> i have seen many of you have similar setups so if there is a known
> problem we should all know about it...
>
> has anyone heard of a problem with the sda channel in the SATA on
> board silicone image 3114 controller in general or on a tyan 2882D
> series motherboard using opteron processors? we are running a software
> raid1 and sda keeps going south even with a new hdd to the point it is
> not detectable at all.. a power down, unplug plug back in and restart
> usually cures it and the array re-syncs then gets an error and sda is
> no longer visible to anything,.. it is a tyan GX28 system.
>
> i am running all my vserver partitions on lvm2 under this if that has
> any bearing..
>
> outside of a faulty motherboard i am at a loss as to what could cause
> this.

this is what google had to say :)

http://www.linuxquestions.org/questions/showthread.php?t=351495
http://www.leenooks.com/Silicon+Image+311x+sata+controllers+and+some+Seagate+disks

in general, the Sil 311x is considered very slow
and 'crappy' but it should be supported quite fine

http://www.tyan.com/archive/products/html/gx28b2882_spec.html

looking at the specs for the GX28 I see AMD chipsets
which 'might' lack proper support, the Sil 3114 there
is also connected to the legacy 32bit bus and does
only support SATA 1.0, so I wouldn#t expect too much
from that ...

HTH,
Herbert

> -- 
> 
> Chuck
> 
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] debian vserver and AMD x2 AM2 CPUs

[Herbert Poetzl]

On Sat, Mar 03, 2007 at 09:37:20AM +, Konstantinos Pachopoulos wrote:
> Hi,
> has anybody had any experience with with VServer
> (Debian) and Dual Core AM2 CPUs? Does it work OK? 

supposed to be okay, if it gives you issues, it
can be considered a bug and should be reported

> Is it posssible -would it be possible in the future
> maybe- for VServer to take advantage of the AMD CPUs
> built-in virtualization technology?

nope, and IMHO it doesn't make sense either, the
different virtualization technologies (IVT and AMD-V)
aid in virtualizing hardware to allow Virtual Machines
to get more performant (i.e. at some point to reach
native performance), while Linux-VServer is already
there, i.e. it provides "native" or even better 
performance, but no hardware virtualization at all
but it is limited to a single kernel, running a bunch
(10-500) of isolated guest distros side bz side ...

HTC,
Herbert

> Thanks
> ___ 
> New Yahoo! Mail is the ultimate force in competitive emailing. Find out more 
> at the Yahoo! Mail Championships. Plus: play games and win prizes. 
> http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [PATCH] vserver, quota and vroot fix

[Herbert Poetzl]

On Fri, Mar 02, 2007 at 08:05:04PM +0100, Daniel Hokka Zakrisson wrote:
> Jan Rekorajski wrote:
> > Hi,
> > The following hunk got lost sometime between 2.6.16 and 2.6.18,
> > as Network Failure System hit me again, I just _had_ to find out why quota
> > did not work with latest vserver patches ;)
> > The patch is so long because quotactl_block() has to be after
> > vroot_get_real_bdev declaration, the real meat is between
> > #if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE)
> > #endif
> 
> IMHO it got lost after 2.6.18, i.e. it's not present in 2.6.19 nor 2.6.20.

yep, I think we lost it when we were hacking on
the device mapping stuff, as it would have
replaced the the vroot completely ...

will make sure that it is re-introduced in
the next release ...

thanks,
Herbert

> -- 
> Daniel Hokka Zakrisson
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: about Vserver for ARM

[Herbert Poetzl]

On Fri, Mar 02, 2007 at 12:26:30PM -0500, Wenbin Zhang wrote:
> Hi Herbert,
> 
> Thank you very much!
> Actually I'd like to send you a phone to test it :-)

perfect ... I'll send you my postal address
in a private mail then ...

> But before I do that, let me try it firstly :-)

sure ...

> Yes I can switch to 2.6, no problems. 

in this case, I'd suggest to do so, for several 
reasons, one being the fact that the 2.0/2.2
branches are much more performant than the 1.2
branch, another being that the 2.2 patches provide
a lot more useful features ...

> However I checked the arm-ezx patch,
> http://www.openezx.org/download/,

> all the patches are for linux 2.6.16 kernel. 

yeah, folks love the 2.6.16 kernel :)

> However, for Vserver patches,
> http://ftp.linux-vserver.org/pub/kernel/vs2.0/,

> they are only 2.6.12, 2.6.14, 2.6.17 version. 
> So the two kind of patches are not for the same 
> version of 2.6 kernel.

check out this one:

http://people.linux-vserver.org/~dhozac/p/k/patch-2.6.16.37-vs2.0.3-rc1.diff

> Moreover, even they are for the same version, for
> example, 2.6.16 kernel, I guess there are still
>  conflicts if we apply the two patches simutaneously. 

> We have two ways:
> 1) apply openezx patch, then Vserver patch
> 2) apply Vserver patch, then openexz patch
> 
> But we cannot guarantee the two patch have no i
> conflicts each other, any ideas?

yes, that's called merging, and that is what you
have to do when you got more than one patch ...

of course, it helps a lot if you know one or even
better all of the involved patches :)

best,
Herbert

> Thanks,
> Wenbin
> 
> On 3/1/07, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> >
> >On Thu, Mar 01, 2007 at 01:51:20PM -0500, Wenbin Zhang wrote:
> >> Hello Guys,
> >>
> >> I want to run the Vserver on Moto E680i cell phone, which is an ARM
> >> chip, specically the Intel XScale-Bulverde chip. I guess Vserver
> >> should be able to support this architecture. I downloaded the E680i
> >> kernel souce code from:
> >>
> >https://opensource.motorola.com/sf/frs/do/downloadFile/projects.a780e680/frs.a780_e680_source.a780_e680/frs1003?dl=1
> >
> >sounds good!
> >
> >> However, all the Vserver patches on
> >> http://ftp.linux-vserver.org/pub/kernel/vs1.2/ cannot match the
> >> E680i linux 2.4 source code. There are lots of conflicts.
> >
> >not unexpected, it's quite old and doesn't probably fit
> >what you need for the E680i ...
> >
> >the main question is, are you sure you want to go with
> >the 2.4 kernel instead of 2.6? I know, arm support is
> >not the best in Linux, especially as there are many
> >different hardware vendors with quite different ideas
> >how the arch support should look like ...
> >
> >> Could you let me know where to download the ARM kernel source
> >> code and the corresponding Vserver patch? Thank you very much!
> >
> >well, here are the good news, the 2.6 patches will
> >work on arm quite well, so given that you can go with
> >2.6 on your sub-arch, that would simplify it a lot
> >
> >there are also good news when you have to stick with
> >2.4 for whatever reason, and it basically boils down
> >to the fact that Linux-VServer is quite hardware
> >agnostic, so I do not think it would be too hard to
> >adapt the patches to your vendor specific tree ...
> >
> >so for example I could imagine to adapt the patches
> >for your specific branch if you send me a phone for
> >testing it :)
> >
> >best,
> >Herbert
> >
> >> Thanks,
> >> Wenbin
> >
> >> ___
> >> Vserver mailing list
> >> Vserver@list.linux-vserver.org
> >> http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> >

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] rm: operation not permitted

[Herbert Poetzl]

On Thu, Mar 01, 2007 at 08:23:10PM +0100, yanek wrote:
> Hello Herbert,
> 
> Thanks for your answer.
> 
> On Thu, 2007-03-01 at 19:09 +0100, Herbert Poetzl wrote:
> 
> snip
> > first, what filesystem?
> 
> ext3
> 
> > second, what are the attributes of the directory
> > tree above those files? check with the following
> > tools:
> > 
> >  showattr -d 
> 
> For the dir:
> ---bui- change_sqlpass/
> 
> For the files inside:
> Ui- change_sqlpass.pot
> Ui- config.php
> Ui- config.php.sample
> Ui- COPYING
> Ui- functions.php
> Ui- generate.php
> Ui- getpot
> Ui- index.php
> Ui- INSTALL
> Ui- make_release.sh
> Ui- md5crypt.php
> Ui- options.php
> Ui- README
> Ui- setup.php
> Ui- version

well, here you go, however you managed to get those
flag set here, this _is_ the cause of your issues

 U stands for the Immutable-Invert-on-Unlink

which basically inverts the meaning of the Immutable (I)
flag for all unlink (remove) operations

you can remove that flag with 

 setattr --~iunlink 

and once that is removed, you will be able to remove
those files with rm 

best,
Herbert

> >  lsxid -d 
> > 
> 
> > 
> > the attributes of the directory containing change_sqlpass
> > are the interesting ones ...
> > check with the commands given above besides the
> > normal lsattr -d 
> 
> # lsattr -d plugins/
> -- plugins/
> 
> # showattr -d plugins/
> ---bui- plugins/
> 
> > 
> > > For some reason, lsxid does not seem to work on the host:
> snip
> > well, that just means that tagxid is disabled for
> > this filesystem ...
> 
> Thanks for the explanation.
> Then I suppose that this issue is unrelated to tagxid.
> Should I be wrong, please tell me and I'll try to make it work to
> provide the results of lsxid.
> 
> > 
> > > Distro is Debian Etch, with kernel 2.6.18-4-vserver-686.
> > 
> > might be worth a try with a mainline kernel, but
> > I don't think it is debian related ...
> > 
> > HTH,
> > Herbert
> 
> I always forget about the 'showattr' tool and only checked usual xattr
> with lsattr.
> Is there any page describing the flags set / shown by setattr /
> showattr? Could not find a manpage.
> 
> Just in case it could be useful: I use unification (vhashify) on all
> vservers.
> 
> Thanks again.
> 
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: about Vserver for ARM

[Herbert Poetzl]

On Thu, Mar 01, 2007 at 01:51:20PM -0500, Wenbin Zhang wrote:
> Hello Guys,
> 
> I want to run the Vserver on Moto E680i cell phone, which is an ARM
> chip, specically the Intel XScale-Bulverde chip. I guess Vserver
> should be able to support this architecture. I downloaded the E680i
> kernel souce code from:
> https://opensource.motorola.com/sf/frs/do/downloadFile/projects.a780e680/frs.a780_e680_source.a780_e680/frs1003?dl=1

sounds good!

> However, all the Vserver patches on
> http://ftp.linux-vserver.org/pub/kernel/vs1.2/ cannot match the 
> E680i linux 2.4 source code. There are lots of conflicts.

not unexpected, it's quite old and doesn't probably fit
what you need for the E680i ...

the main question is, are you sure you want to go with
the 2.4 kernel instead of 2.6? I know, arm support is
not the best in Linux, especially as there are many
different hardware vendors with quite different ideas
how the arch support should look like ...

> Could you let me know where to download the ARM kernel source 
> code and the corresponding Vserver patch? Thank you very much!

well, here are the good news, the 2.6 patches will
work on arm quite well, so given that you can go with
2.6 on your sub-arch, that would simplify it a lot

there are also good news when you have to stick with
2.4 for whatever reason, and it basically boils down
to the fact that Linux-VServer is quite hardware
agnostic, so I do not think it would be too hard to
adapt the patches to your vendor specific tree ...

so for example I could imagine to adapt the patches 
for your specific branch if you send me a phone for
testing it :)

best,
Herbert

> Thanks,
> Wenbin

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] rm: operation not permitted

[Herbert Poetzl]

On Wed, Feb 28, 2007 at 11:08:42PM +0100, yanek wrote:
> Hello guys,
> 
> Sorry if this has been answered before, I searched the archives but the
> only related thread I could find does not help me much
> ( http://list.linux-vserver.org/archive/vserver/msg09907.html ).
> 
> Trying to remove a directory (as root) on a vserver gives me an
> "operation not permitted" warning:
> 
> web:/usr/share/squirrelmail/plugins# rm -fr change_sqlpass/
> rm: cannot remove `change_sqlpass//README': Operation not permitted
> rm: cannot remove `change_sqlpass//COPYING': Operation not permitted
> rm: cannot remove `change_sqlpass//generate.php': Operation not
> permitted
> rm: cannot remove `change_sqlpass//md5crypt.php': Operation not
> permitted
> rm: cannot remove `change_sqlpass//config.php': Operation not permitted
> rm: cannot remove `change_sqlpass//setup.php': Operation not permitted
> rm: cannot remove `change_sqlpass//change_sqlpass.pot': Operation not
> permitted
> rm: cannot remove `change_sqlpass//functions.php': Operation not
> permitted
> rm: cannot remove `change_sqlpass//index.php': Operation not permitted
> rm: cannot remove `change_sqlpass//config.php.sample': Operation not
> permitted
> rm: cannot remove `change_sqlpass//version': Operation not permitted
> rm: cannot remove `change_sqlpass//INSTALL': Operation not permitted
> rm: cannot remove `change_sqlpass//getpot': Operation not permitted
> rm: cannot remove `change_sqlpass//make_release.sh': Operation not
> permitted
> rm: cannot remove `change_sqlpass//options.php': Operation not permitted

first, what filesystem?
second, what are the attributes of the directory
tree above those files? check with the following
tools:

 showattr -d 
 lsxid -d 

> Same thing if I try to remove it from the host / root-server.

interesting ...

> Here's the perms for this directory and its content:
> 
> drwxr-xr-x  2 root root  4096 2007-02-27 18:06 ./
> drwxr-xr-x 21 root root  4096 2007-02-28 22:17 ../
> -rw-r--r--  2 root root  2856 2005-11-12 08:06 change_sqlpass.pot
> -rw-r-  2 root root 10705 2007-02-26 16:46 config.php
> -rw-r--r--  2 root root 10462 2005-11-12 07:04 config.php.sample
> -rw-r--r--  2 root root 15228 2005-11-12 05:17 COPYING
> -rw-r--r--  2 root root 24712 2005-11-12 07:48 functions.php
> -rw-r--r--  2 root root   555 2004-11-28 09:30 generate.php
> -rwxr--r--  2 root root   390 2005-11-12 06:29 getpot*
> -rw-r--r--  2 root root   469 2004-11-28 09:30 index.php
> -rw-r--r--  2 root root  1484 2005-11-12 05:12 INSTALL
> -rwx--  2 root root  5324 2005-11-12 03:36 make_release.sh*
> -rw-r--r--  2 root root  2787 2004-11-28 09:30 md5crypt.php
> -rw-r--r--  2 root root  1149 2005-11-12 01:59 options.php
> -rw-r--r--  2 root root  7270 2005-11-12 07:06 README
> -rw-r--r--  2 root root  2234 2005-11-12 08:06 setup.php
> -rw-r--r--  2 root root28 2005-11-12 08:06 version
> 
> No xattr is set on the files:
> 
> -- change_sqlpass/README
> -- change_sqlpass/COPYING
> -- change_sqlpass/generate.php
> -- change_sqlpass/md5crypt.php
> -- change_sqlpass/config.php
> -- change_sqlpass/setup.php
> -- change_sqlpass/change_sqlpass.pot
> -- change_sqlpass/functions.php
> -- change_sqlpass/index.php
> -- change_sqlpass/config.php.sample
> -- change_sqlpass/version
> -- change_sqlpass/INSTALL
> -- change_sqlpass/getpot
> -- change_sqlpass/make_release.sh
> -- change_sqlpass/options.php

> 
> Nor on the directory:
> 
> -- change_sqlpass

the attributes of the directory containing change_sqlpass
are the interesting ones ...
check with the commands given above besides the
normal lsattr -d 

> For some reason, lsxid does not seem to work on the host:
> 
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/README
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/COPYING
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/generate.php
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/md5crypt.php
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/config.php
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/setup.php
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/change_sqlpass.pot
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/functions.php
> !!
> ERR!!   
> /var/lib/vservers/web/usr/share/squirrelmail/plugins/change_sqlpass/i

Re: [Vserver] scheduler: CPU_Scheduler paper vs CONFIG_VSERVER_HARDCPU

[Herbert Poetzl]

On Wed, Feb 28, 2007 at 09:29:49AM -0800, Alex Shultz wrote:
> Hi list.
> 
> I'm a newbie in VServer. And I'm a little bit confused
> about 'HARD LIMIT'. How 'hard limit' from
> http://linux-vserver.org/CPU_Scheduler and other docs
> intersects with CONFIG_VSERVER_HARDCPU kernel option?
> 
> Is it the same thing or different?

the Token Bucket Scheduler Extension is enabled by
the CONFIG_VSERVER_HARDCPU option. the TB can be
used for several things, e.g. accounting, priorization
and of course to do hard limits and fair scheduling

> For example, I'd like to know, how CPU time will be
> distributed between two VServers with 3 identical busy
> loop's ( while (1) ) tasks:
> 
> VServer 1 - one taks is running;
> VServer 2 - two taks are running;

with the TB Scheduler disabled, it will balance out
at 1:2 distributed over all CPUs, with the TB sched
enabled and priorization you will get something between
1:2 and 1:1 depending on your config, with the hard
limit or fair scheduling enabled, you can basically
get any ratio between those two, with or without
idle time on the host system

> I've take a look at the VServer
> patch-2.6.18.5-vs2.0.3-rc1.diff, and can't find the
> place where a task can be really held on (deactivated)
> when CONFIG_VSERVER_HARDCPU=n

that is correct ...

> So, I guess CPU time distribution will be:
> 
> VServer 1 - 33%, VServer 2 - 66%. Am I wrong? 

with CONFIG_VSERVER_HARDCPU=n, yes, as stated above

> The http://oldwiki.linux-vserver.org/vsched+explained
> paper says:
> 
> "For simple cases, like evenly distributing cpu time
> between vservers, you probably just want to set the
> ratio to somewhere between 1/N (where N is the number
> of servers) and 1/P (where P is the maximum expected
> peak load per CPU), and not bother with hard
> scheduling."

> So, does it really mean that without
> CONFIG_VSERVER_HARDCPU, the cpu time will be "evenly
> distributed between __vservers__"? Is it correct?

no, and I cannot find the place where it would state
that any TB scheduling would happen with the TB scheduler
disabled :)

> If a task can be holded without
> CONFIG_VSERVER_HARDCPU, please, can you point me to
> the kernel source file and line?

sorry, doesn't happen, so I can't :)

HTC,
Herbert

> Please CC an answer to [EMAIL PROTECTED], I'm not
> subscribed to the list yet
> 
> 
>  
> 
> Food fight? Enjoy some healthy debate 
> in the Yahoo! Answers Food & Drink Q&A.
> http://answers.yahoo.com/dir/?link=list&sid=396545367
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: keeping a mirror machine synched

[Herbert Poetzl]

On Wed, Feb 28, 2007 at 06:49:03AM +, Ticktac UK wrote:
> >I used to run a HA NFS configuration using a dual mini-ITX system in
> >1U (with a Travla C147 case). The synch speed sucked howver, and the
> >drives (300 GB Maxtors) ran too hot and died rather soon. (I RMAed
> >them, but one RMAed one is acting up as well, so I'm back to mice and
> >pumpkin -- at least the root RAID is working).
> 
> In our mini-ITX's we started to use Seagates as the Maxtors were
> dropping down like flys. Although now I know they are one and the
> same, we still opt for Seagates.
>
> Although Maxtor always replaced them with no problems, its the hassle
> :)

for harddisks, low temperature is the secret of
long life (and stable env. conditions, of course)

hddtemp is a nice tool to figure the disk temp
for most newer drives, and as a rule of the thumb,
everything below 40°C is considered fine and all
above 50°C is considered deadly ...

HTH,
Herbert

> Darren
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Couldn't download base-config

[Herbert Poetzl]

On Wed, Feb 28, 2007 at 01:12:04PM +0100, Peter Mann wrote:
> On Mon, Feb 05, 2007 at 05:16:44PM +0100, Peter Mann wrote:
> > On Mon, Feb 05, 2007 at 06:11:04AM +0100, Herbert Poetzl wrote:
> > >  - debian tends to break things, and then avoid to
> > >fix up the breakage for a long time (see kernel)
> > 
> > just now it's special case, because of preparing next stable, 
> > so "testing" is frozen
> > 
> > http://www.debian.org/doc/FAQ/ch-ftparchives#s-testing
> 
> 
> now we have new vserver kernel in Etch/testing:
> 
> http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.18.dfsg.1-11/changelog
> 
>* Update vserver patch to 2.0.2.2-rc9. (closes: #402743, #403790)

well, unfortunately still an old one, and not the
2.2.0 branch, but hey, better than nothing 

best,
Herbert

> http://bugs.debian.org/402743
> http://bugs.debian.org/403790
> 
> -- 
> 
> 5o   Peter.Mann at tuke.sk
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: keeping a mirror machine synched

[Herbert Poetzl]

On Tue, Feb 27, 2007 at 02:22:14PM -0800, Martin Fick wrote:
> > From: Eugen Leitl <[EMAIL PROTECTED]>
> > 
> > ...I also have an identically configured second such
> 
> > machine.
> > 
> > I run a nightly script (over a private network)
> > which does the
> > following synchronisation from the production to the
> > backup machine:
> > rsync -a -e ssh /home/ [EMAIL PROTECTED]:/home/
> > rsync -a -e ssh /usr/local/etc/vservers/
> > [EMAIL PROTECTED]:/usr/local/etc/vservers/
> > 
> > My vservers live in /vservers which is a symlink to
> > /home/vservers.
> > Apart from /usr/local/etc/vservers/ is there
> > anything else I should synch?
>  
> You could also use drbd and heartbeat to do the
> mirroring and have active failover of your vserver!  I
> use a custom heartbeat script for vservers to do this,
> seems to work well,

well, maybe you want to share it then, or
even do some wiki page on how to do this ...

TIA,
Herbert

> -Martin
>  
> 
> It's here! Your new message!  
> Get new email alerts with the free Yahoo! Toolbar.
> http://tools.search.yahoo.com/toolbar/features/mail/
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: vcontext: vc_create_context(): Out of memory

[Herbert Poetzl]

On Tue, Feb 27, 2007 at 10:30:58AM +0900, Taisuke Yamada wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> OK, thanks to your instruction, I've recompiled the kernel,
> switched to static context configuration, and now I'm running
> around 500 virtual-hosts without a hitch.

sounds good to me ...

> However...I have no idea how I can reach to anywhere near
> 5000-8000 contexts...
> 
> Do all the numbers below mean running 5000-8000 of
> 
>   chcontext --ctx  command &

basically, a context can be as small as a single
process, or as large as a complete Linux distro

of course, the number of contexts you can run
depends on the amount of resource you have available
(CPU, RAM, I/O, Network, ...)

> commands directly, instead of hosting virtual-environment with
> different context? Since each hosted environment takes several
> MBs of memory and ~100MB of disk space (at least with "hashified"
> Debian install), even 1000 seems remote to me.

well, multiply the used resources by 1000, get
a machine which matches that and you will be 
able to run 1000+ guests ...

HTC,
Herbert

> >>> Yesterday, I tried to find out absolute maximum number of
> >>> virtualhosts I can host on my server, and got this message after
> >>> 40-50VMs:
> >> yes, known issue with the debian kernel, if you
> >> switch to mainline kernels, you will get to
> >> roughly 5000-8000 contexts ...
> > 
> > That is, before you run out of pids. On my x86 test system with 384 MiB of
> > RAM, I was able to get 6073 contexts running each with a sleep 3600
> > process running before fork started failing with EAGAIN.
> 
> Best Regards,
> - --
> Taisuke Yamada <[EMAIL PROTECTED]>, http://rakugaki.org/
> 2268 E9A2 D4F9 014E F11D  1DF7 DCA3 83BC 78E5 CD3A
> 
> Message to my public address may not be handled in a timely manner.
> For a direct contact, please use my private address on my namecard.
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFF44nS3KODvHjlzToRAhBHAKCV8urmxKNv6i6foG1eG2KEKhmj/ACgh5DU
> RdQzSjfIB5EF5+HHdIA9Pak=
> =y5ZB
> -END PGP SIGNATURE-
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Question about rebuilding an older Debian system with vservers

[Herbert Poetzl]

On Mon, Feb 26, 2007 at 12:02:44AM +0100, Guenther Fuchs wrote:
> Hi there,
> 
> on Sunday, February 25, 2007 at 11:41:47 PM there was posted:
> 
> KK> http://linux-vserver.org for installation on Fedora but have not
> KK> seen anything about RH Ent Linux and how you would install it.
> 
> RHEL is using a really old kernel (2.6.9) which is not supported by
> recent Linux-VServer patches. Therefore you would need to find some-
> one to donwgrade the patches back to that kernel - and also use the
> RHEL patches to the kernel as well.
> 
> Therefore the "official" recommended way for RHEL is to use a vanilla
> kernel or instead use e.g. CentOS installation - wich certainly breaks
> the "certification" of RHEL.
> 
> That means: At the moment there is NO way to have a recent Linux-
> VServer system using RHEL except then getting deep into coding and
> patching our RHEL yourself.

well, which IMHO voids the 'certification' anyway
unless you _are_ RedHat and the new kernel will
become the official one :)

> >> why bother with a debian install, when you
> >> are used to RedHat? just install Fedora or
> >> Mandriva on the host (with a Linux-VServer
> >> kernel) and restore the guests there, they
> >> will work regardless of the host distro ...
> 
> Main recommendation goes finally to what Herbert recommended though -
> I'm for example using Fedora Core 6 on two AMD64 machines (1x Opteron
> Dual-Core, 1x Athlon XP) without any problems. Remember: Main "work"
> for the host is
> a) supplying the kernel including the network
> b) supplying the tools for the guest handling
> 
> That can be (quite secure) done with nearly any available kernel - so
> if no special reason is for RHEL (e.g. certification) I also would
> recommend you to use e.g. Fedora, which is well spread, tested and in
> use (if you want a near RedHat system).

that is correct, fedora seems well maintained
in this regard ...

best,
Herbert

> -- 
> regards 'n greez,
> 
> Guenther Fuchs
> (aka "muh" and "powerfox")
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Question about rebuilding an older Debian system with vservers

[Herbert Poetzl]

On Sun, Feb 25, 2007 at 12:14:58PM -0800, Kathy Kost wrote:
> 
> I have a server that I have inherited from someone who left our   
> company and he built it with Debian 3.1 on the root server and all
> guest vservers. The kernel used was 2.6.8-vserver. I'm going to ask   
> some dumb questions here because I'm mostly familiar with RedHat and  
> Solaris, more than Debian. I have never personally installed a Debian 
> vserver system from scratch. I want to build a duplicate of this  
> system because the original system is having hardware problems and I  
> need to recreate the system if it dies.   

> My question is this: If I install the latest release of Debian -- 
> looks like 3.1r5 and use the latest vserver kernel (can't remember
> what I saw it at last), will the guests that were built on Deb 3.1
> and 2.6.8-vserver kernel work okay? 

yes, definitely, at least as long as you keep
the legacy interfaces enabled, but with minor
changes to the config, even without any of the
legacy stuff

> How I was hoping it would go is like this: I install the new base 
> server with 3.1r5/newer vserver kernel based on vserver install   
> documentation, and then restore /etc/vserver.conf, /etc/vservers and  
> /home/vservers (where the guests reside). I'm worried that the guests 
> were built on an older based kernel and it might cause problems?  

why bother with a debian install, when you 
are used to RedHat? just install Fedora or
Mandriva on the host (with a Linux-VServer
kernel) and restore the guests there, they
will work regardless of the host distro ...

> And also that my assumptions for restoring such a system are too  
> simplistic.   

nope, just make sure that the numeric ids
(uid/gid) stay the same, and do not get messed
up in the copy/restore process ...

> Thanks for any pointers.  

HTH,
Herbert

> Kathy
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] keeping a mirror machine synched

[Herbert Poetzl]

On Sat, Feb 24, 2007 at 05:00:33PM +0100, Peter Mann wrote:
> On Sat, Feb 24, 2007 at 04:13:43PM +0100, Eugen Leitl wrote:
> > I run a nightly script (over a private network) which does the
> > following synchronisation from the production to the backup machine:
> > rsync -a -e ssh /home/ [EMAIL PROTECTED]:/home/
> > rsync -a -e ssh /usr/local/etc/vservers/ [EMAIL 
> > PROTECTED]:/usr/local/etc/vservers/
> > 
> > My vservers live in /vservers which is a symlink to /home/vservers.
> > Apart from /usr/local/etc/vservers/ is there anything else I should synch?
> 
> my tip: use rsync --numeric-ids  and --exclude "vservers/name1/proc" ...
> (and you can use rsync without -e ssh, because it's default in Debian;
> and maybe -e 'ssh -c blowfish')

if you are doing the sync over a trusted network,
then getting rid of the ssh/encryption part is
a big win, both for speed and for cpu overhead

if your network is the bottleneck, using the -z
(compression) will help too, otherwise the following
options might come handy: -axHP

> i'm using some similar rsync scripts ...
> 
> > Another question: Debian 4.0 is ante portas. Given that 3.1 had 
> > everything way out of date, can one rely on stock vserver kernel
> > and tools in Debian 4.0?

I hope I'm wrong, but to me it looks like the
new Debian release will already be outdated
when the release happens ...

but hey, that's the debian model ...

> i upgraded all my sarge host servers to etch ... some guest servers is
> still sarge, but almost all are etch ... there is problem with default
> debian vserver kernel in TESTING, but i have my own recompiled kernels
> and new debian kernels are almost ready for entering "testing" (and
> debian-installer etch rc2/final)

best,
Herbert

> -- 
> 
> 5o   Peter.Mann at tuke.sk
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vcontext: vc_create_context(): Out of memory

[Herbert Poetzl]

On Fri, Feb 23, 2007 at 07:05:24PM +0900, Taisuke Yamada wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Hi.
> 
> Yesterday, I tried to find out absolute maximum number of
> virtualhosts I can host on my server, and got this message after
> 40-50VMs:

yes, known issue with the debian kernel, if you
switch to mainline kernels, you will get to
roughly 5000-8000 contexts ...

>   # vserver vh2-59 start
>   vcontext: vc_create_context(): Out of memory
> 
> This is much lower than expected limit (I have 4GB of memory),
> and contrary to above message, there is plenty of free memory:
> 
>   # free
>  total used free  shared  buffers   cached
>   Mem: 362  2365060  1268272   0   305952  1706888
>   -/+ buffers/cache: 352220  3281112
>   Swap:2907724   44  2907680
> 
> I also checked ulimit, but all of them are either unlimited or
> huge enough. I did some searching and wondering if vserver is
> limited to 1G (due to 3G/1G split) of memory kernel can use, thus
> ignoring other 3GB.

nope, not at all, though with 4GB memory, the
1G/3G split would be better in most cases, but
again, this issue is not present in mainline
kernels, only in the debian ones ...

> Is this the case? In any case, how can I workaround this issue?

simple, get a 2.6.19.4 and patch it with a
recent patch, e.g. this one:

 http://vserver.13thfloor.at/Experimental/patch-2.6.19.4-vs2.2.0-rc14.diff

and the issue will be gone ... otherwise, wait
for the next debian kernel release, which will
hopefully fix this issue ...

> I'm using Debian GNU/Linux (sid/4.0), with 2.6.18-4-vserver-686
> kernel package. Current environment and vserver status are as follows:
> 
>   # vserver-stat
>   CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME
>   0   54 259.8M  98.8M  10m35s34   2h46m59   1d19h03 root server
>   492944   7.7M   2.5M   0m00s00   0m00s20   1m37s30 vh2-10
>   492954   7.7M   2.5M   0m00s00   0m00s20   1m36s71 vh2-11
>   ...
>   493784   7.7M   2.5M   0m00s10   0m00s10   0m06s90 vh2-58

you should really switch to static contexts
too, because the dynamic ones are deprecated
for more than a year now and will go away
soon ...

>   # vserver-stat | wc -l
>   51
> 
>   # vserver-info
>   Versions:
>   Kernel: 2.6.18-4-vserver-686
>   VS-API: 0x00020002
> util-vserver: 0.30.212; Dec  9 2006, 12:26:51
> 
>   Features:
>  CC: gcc, gcc (GCC) 4.1.2 20061115 (prerelease)
> (Debian 4.1.1-20)
> CXX: g++, g++ (GCC) 4.1.2 20061115 (prerelease)
> (Debian 4.1.1-20)
>CPPFLAGS: ''
>  CFLAGS: '-Wall -g  -O2 -std=c99 -Wall -pedantic -W
> - -funit-at-a-time'
>CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
> - -fmessage-length=0 -funit-at-a-time'
>  build/host: i486-pc-linux-gnu/i486-pc-linux-gnu

you can probably improve overall performance
of the system, by not compiling for 486
machines too :)

>Use dietlibc: yes
>  Build C++ programs: yes
>  Build C99 programs: yes
>  Available APIs: compat,v11,fscompat,v13,net,v21,oldproc,olduts
>   ext2fs Source: e2fsprogs
>   syscall(2) invocation: alternative
> vserver(2) syscall#: 273/glibc
> 
>   Paths:
>  prefix: /usr
>   sysconf-Directory: /etc
>   cfg-Directory: /etc/vservers
>initrd-Directory: $(sysconfdir)/init.d
>  pkgstate-Directory: /var/run/vservers
> vserver-Rootdir: /var/lib/vservers
> 
>   # dmesg
>   Linux version 2.6.18-4-vserver-686 (Debian 2.6.18.dfsg.1-10)
> ([EMAIL PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian
> 4.1.1-21)) #1 SMP Fri Feb 2 17:58:05 UTC 2007
>   ...
>   Use a PAE enabled kernel.
>   3200MB HIGHMEM available.
>   896MB LOWMEM available.

a 1G/3G split will give you slightly below
3GB lowmem, and you might consider disabling
highmem completely ... but YMMV

best,
Herbert
 
> Thanks in advance.
> - --
> Taisuke Yamada <[EMAIL PROTECTED]>, http://rakugaki.org/
> 2268 E9A2 D4F9 014E F11D  1DF7 DCA3 83BC 78E5 CD3A
> 
> Message to my public address may not be handled in a timely manner.
> For a direct contact, please use my private address on my namecard.
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFF3rxj3KODvHjlzToRAoE5AJ4nDfuRX+GKSHrYePmmgpcxgs5J/wCgs2JD
> RTGqDpIt0DefrJIteprsOjo=
> =5yg+
> -END PGP SIGNATURE-
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] bug or feature

[Herbert Poetzl]

On Fri, Feb 23, 2007 at 06:30:15PM -0500, Adrien Laurent wrote:
> Hi,
> 
> By mistake I assigned to a guest the same IP than the host.

on guest startup, it will have warned you
that the address was already assigned ...

> I stopped the guest...
> and I lost the host ip... 

a serial (or at least remote :) console
(which should really be part of any serious
hosting setup) would have helped here ...

> hard remote reboot...

well, you assigned it as ip which shall be
added on startup and removed on shutdown,
which is what it did ...

> Is it possible to forbid assignment of host ip to a guest ?

almost everything is possible nowadays :)

but it would not make sense to forbid that,
besides the fact that there is no way to
figure what ip is considered a 'host' ip

besides that, certain setups even require
that you share the host IPs with a guest

HTC,
Herbert

> Thanks,
> 
> Adrien
> 
> 
> 
> -- 
> Adrien Laurent
> (514) 284-2020 x 202
> [EMAIL PROTECTED]
> www.modulis.ca
> 
> Technical questions? [EMAIL PROTECTED]

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] SYS_NICE bcap not working?

[Herbert Poetzl]

On Wed, Feb 21, 2007 at 04:04:41PM -0800, SADANAND Hegde (shegde) wrote:
> Hi,
>  
> I am running Redhat Linux (2.6.14.3 Kernel) with
> util-vserver-0.30.210. 

quite an old kernel, so an update to 2.6.19
would probably be advised ...

> After starting 2 Guest OS, from one Guest OS, I
> am able to lower the priority of a process running
> in the 2nd Guest OS using 'renice' command.

> This should not be possible, right?

hmm, why not? lowering the priority is nothing
which would hurt anybody but yourself, raising
the priority above the default OTOH is

> As I understand, raising priority and setting 
> priority is controlled by the bcap SYS_NICE,
> and by default this should be off.

> But apparently this is not the case. I also 
> tried adding ~SYS_NICE to bcap list in
> /etc//bcapabilities file.
> But it does not make any difference.

# chcontext --xid 42 --secure -- sleep 100 &
# cat /proc/virtual/42/status
  UseCnt:   3
  Tasks:1
  Flags:00060200
  BCaps:344c05ff

  CCaps:0101
  Spaces:   0c00

http://linux-vserver.org/Capabilities_and_Flags

  23 0x0080  SYS_NICE

as you can see, SYS_NICE is not set, but similar
to normal Linux, lowering the priority (raising
the nice value) is permitted without SYS_NICE

> Should I do anything else to not allow raising
> priority ? or is this a bug in vserver?

so now it is raising priority? if that is indeed
the case (check the flags) please let me know

# renice -10 $$
renice: 2035: setpriority: Permission denied

> Any help in this regard is very much appreciated.

HTH,
Herbert

> Thanks,
>   --Sadanand Hegde--

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Patch 2.6.20

[Herbert Poetzl]

On Mon, Feb 19, 2007 at 01:53:01PM +0100, Roman Fiedler wrote:
> Could it be that the line
> 
> + #include 
> 
> is missing in patch for fs/jffs2/ioctl.c (patch-2.6.20-vs2.3.0.10.diff)? 
> Adding it solved a compile error (dereferencing pointer to incomplete 
> type).

thanks, will be in the next release ...

best,
Herbert

> -- 
> DI Roman Fiedler
> Austrian Research Centers GmbH - ARC
> Biomedical Engineering / eHealth systems
> 
> Reininghausstr. 13/1
> A-8020 Graz, Austria
> 
> T: +43 (0) 316 586 570-10
> F: +43 (0) 316 586 570-12
> E: [EMAIL PROTECTED]
> H: www.eHealth-systems.at
> 
> Did you hear about www.ehealth2007.at?
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] raising individual interface devices

[Herbert Poetzl]

On Sat, Feb 17, 2007 at 05:53:58PM +0100, Baltasar Cevc wrote:
> 
> >Hi Chuck
> >
> >Quoting Chuck <[EMAIL PROTECTED]>:
>>> is there a way to raise an individual interface device in a vserver
>>> without restarting the entire server?
>>> 
>>> i am installing several vservers that will require various ip
>>> addresses for specific SSL certs added one at a time but should not
>>> down the entire service
>>> just to do so.. eg:
>>> 
>>> eg:
>>> 
>>> /etc/vservers/guestname/interfaces/0
>>> /etc/vservers/guestname/interfaces/1
>>> 
>>> then i want to add
>>> 
>>> /etc/vservers/guestname/interfaces/2
>>> 
>>> and bring it alive without disturbing 0 or 1 or the operation of any
>>> services under them.

>> Add the interface configuration, add the IP to the interface on the 
>> host (ip addr add  dev yyy, as far as and enter the vserver 
>> (using vserver enter); the newly opened "session" in the context 
>> knows the new IP, too. So you may restart your Webserver then and use 
>> the new IP.
> 
> Sorry, I've accidently hit send - here's the complete text I wanted
> to write ;-)
> 
> Add the interface configuration, add the IP to the interface on the
> host (ip addr add  dev yyy) - so the host knows the IP (which is
> normally done by vserver start). Then enter the vserver (using vserver
> enter); the newly opened "session" (your bash process or similar) in
> the context knows the new IP, too. So you may add it to your Webserver
> config and restart it (now having the newly assigned IP, too).

well, while this may work with some configurations
(especially older tools :) this works by chance and
not by design, and it will for sure stop working with
non legacy enabled kenels, which make proper use of
network contexts ...

the proper procedure is quite similar though:

 - add the ip to the host (ip addr add ...)
 - add the ip to the guest's network context
   # naddress --add --nid  --ip /
 - enter the guest (best via ssh)
 - restart the services if required
   (most services will automatically start using
   the new addresses)
 - update the config to reflect the changes for
   the next guest restart (if desired)

HTC,
Herbert

> Hope that helps,
> Baltasar
> 
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Routing in VServers

[Herbert Poetzl]

On Wed, Feb 14, 2007 at 05:17:39PM +0100, Oliver Welter wrote:
> Hi Asier,
> 
> > Networking & firewall are not my strong points, so perhaps this could
> > sound a silly question.
> 
> There are only silly answers...
> 
> > I've five linux VServers, each with it's own _real_ IP address (not
> > 192.168.x.y, 10.x, etc). Each one has it's own services but I'd like to
> > close access from outside to some ports, but allow full communication
> > between the guests. The guests have valid IP addresses so I think
> > [DS]NAT is not needed.
> 
> Communication between the guests never crosses the iptables rules, 
> so you can safely use the toolset of your distro to block the ports
> from outside. 

ahem, wrong!

traffic between guests and traffic between guest and host
is handled as local traffic, and passes all the chains
appropriate for local traffic, which, and that is probably
what you meant, does _not_ include the FORWARD chains ...

> If you want to do it by hand, there are a lot of rulebuilder
> outside, but for simply blocking ports this should be sufficient:
> 
> iptables -I INPUT -p tcp --dport 3306 -j DROP

http://www.faqs.org/docs/iptables/traversingoftables.html

note, in recent kernels the local tables can be selected
independantly IIRC ...

HTC,
Herbert

> Will drop all connections to mysql from outside. If you prefer a
> whitelist approach you can deny all incoming trafic by policy and only
> drill holes into the Firewall where needed - but this is a bit of magic
> as you can really riun your day if you lock yourself out of the box :)
> 
> Oliver
> -- 
> Diese Nachricht wurde digital unterschrieben
> oliwel's public key: http://www.oliwel.de/oliwel.crt
> Basiszertifikat: http://www.ldv.ei.tum.de/page72



> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Network - How is it implemented?

[Herbert Poetzl]

On Tue, Feb 13, 2007 at 02:55:58PM +0100, Jaroslav Tomecek wrote:
> Hi,
> I'm writing some comparison of kernel-based virtualization machines. I 
> want to know something about Linux-VServer networking. I found something 
> (is it true?):
> 1) There is no virtual network device.

  correct, Linux-VServer is based on IP Isolation
  this has two advantages:

 1) overhead is non existant, i.e. you get the full
performance of the system

 2) the guest does not need to worry about network
setup, and the host doesn't need to implement
switching or similar ...

  it also has some drawbacks, namely:

  - you cannot manipulate interfaces inside the guest
  - iptables and routing remains on the host, but
can be proxied (i.e. done via policy daemon)
 

> 2) Host system works as router.

  well, yes and no, the host system works like any other
  Linux machine, so as a linux system can act as router
  the host can do so too

  networking is kept completely on the host, so nothing
  special (i.e. routing or bridging) is required to
  get the guests working ...

> 3) Any communication among VPS is delivered through the host.

  networking happens on the host, guest-guest and
  guest-host traffic is considered local traffic, so
  all the local traffic rules apply there

> 4) chbind binds some IPs to some process and its children.

  yes, there is a so called network context, which
  contains a set of 'allowed' IPs and netmasks, which
  will apply for all processes inside that context

> What about changes in original Linux binding to INADDR_ANY? 

  it will be limited to the subset of host IPs assigned
  to the network context

> How does it work now?

  quite fine actually :)

> Is it possible to make some sets of IP adresses with it? 

  yes, although we allow to special case the single ip
  case, by simply replacing INADDR_ANY with that ip,
  the general case is to have a set of (currently up to
  16) different IPs/masks per guest ...

> How? Could you give me some link please?

  sure, best have a look at the source ...
  http://vserver.13thfloor.at/Experimental/patch-2.6.19.3-vs2.2.0-rc12.diff

HTC,
Herbert

> Thanks Jarda
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Unaligned access in kernel 2.6.18.2 with vserver 2.1.1 on sparc64

[Herbert Poetzl]

On Mon, Nov 20, 2006 at 11:45:56PM +0100, Peter Falth wrote:
> I saw that my answer did not reach the list, so here it is again
> 
> Herbert Poetzl wrote:
> >On Wed, Nov 15, 2006 at 01:54:48AM +0100, Peter Falth wrote:
> >>I get an unaligned access kernel warning when the host boots up.
> >>This is also repeated when I do vserver-stat.
> >>I have tested both Debian precompiled and compiled
> >>myself from the kernel sources with the same result.
> >
> >means you got vanilla 2.6.18.2 from kernel.org and
> >the vs2.1.1 patch and it gave the unaligned access too?
> >
> Yes a vanilla 2.6.18.2 + vs2.1.1
> also vs 2.0.2.2-rc5 gave the same unaligned access

guess we found the cause for the unaligned access
in the dietlibc readdir() function ... if you need/want
details, please contact Daniel Hokka Zakrisson

(guess it should appear sooner or later in dietlibc)

HTH,
Herbert

> >>Except for this it works great. It was my first time 
> >>using vserver
> >
> >welcome to the club!
> >
> >>Debian unstable sparc64 on Ultra 5 and 10.
> >>The unpatched kernel do not show the access errors
> >
> >unpatched means, unpatched debian or unpatched
> >vanailla from kernel.org?
> yes vanilla from kernel.org
> >
> >>Here is a copy of the error mesages
> >> 
> >>
> >>U10:/home/peter# vserver-stat  
> >>CTX   PROCVSZRSS  userTIME   sysTIMEUPTIME NAME  
> >>0   69 354.5M 111.5M   2m37s41   1m00s66   1d14h25 root server  
> >>49152   19 254.7M 107.3M   1m31s90   0m14s64   1d14h22 vs1  
> >>  
> >>
> >>From kernel messages  
> >>
> >>Nov 14 14:17:29 U10 kernel: Kernel unaligned access at TPC[4bf060] 
> >>filldir64+0x68/0x140  
> >>Nov 14 14:17:29 U10 kernel: Kernel unaligned access at TPC[4bf07c] 
> >>filldir64+0x84/0x140  
> >>Nov 14 14:17:29 U10 kernel: Kernel unaligned access at TPC[4bf034] 
> >>filldir64+0x3c/0x140  
> >>Nov 14 14:17:29 U10 kernel: Kernel unaligned access at TPC[4bf060] 
> >>filldir64+0x68/0x140  
> >>Nov 14 14:17:29 U10 kernel: Kernel unaligned access at TPC[4bf07c] 
> >>filldir64+0x84/0x140
> >
> >would you be willing to run a test patch on that machine?
> >I would be interesting in investigating this, whenever you 
> >find some time  ...
> >
> No problem, send the patch and I will try it out
> 
> Peter
> 
> >TIA,
> >Herbert
> >
> >>Peter
> >>
> >>___
> >>Vserver mailing list
> >>Vserver@list.linux-vserver.org
> >>http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] apt-proxy on vserver host

[Herbert Poetzl]

On Fri, Feb 09, 2007 at 12:52:37PM +, Konstantinos Pachopoulos wrote:
> Hi,
> i am trying to set-up apt-proxy on the "root server"
> of my virtual network. 

good idea ...

> Do i need to tweak the iptables?

unless your current iptable setup doesn't permit
this, no

> In general, i think that i have to change the iptables
> settings only when vserver guests need to communicate
>  with each other.

more the other way round, you have to use iptables
to stop the guests from communicating with eachother
(like normal hosts on a network would do)

HTC,
Herbert

> Thanks
>   
> ___ 
> Copy addresses and emails from any email account to Yahoo! Mail - quick, easy 
> and free. http://uk.docs.yahoo.com/trueswitch2.html
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver