Re: [Users] Re: vzmigrate left me a zombie container
I got this all the time on other containers, and nobody was ever able to diagnose it. Fortunately the issue was corrected by upgrading to the latest 2.6.18 kernel and the latest vzctl. But the kernel fix, as well as the "fix" for the frozen containers, was to reboot the HN. And the HN shutdown process never went smoothly because the VEs couldn't stop; eventually a power-cycle was necessary. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] /etc/init.d/service stop
So isn't it a global way to avoid killing the > processes of VEs from the host? Nope. A killall would include processes that run in containers. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] /etc/init.d/service stop
When I type: /etc/init.d/ganglia-monitor stop On my Host physical server, it shuts down all the running "gmond" processes both in host and in my VEs. How can I avoid this? I don't know what ganglia is, but the issue sounds simple. my guess is that the init script is probably doing "killall gmond" which yes, would kill all of them. The solution would be to rewrite the init script, to use a PID file or some such to kill only the desired process. If that's beyond your skills, your best bet would be to ask the developers of the software. Tell them that you're running multiple copies of ganglia, and that you'd like to be able to start/stop them independently. Hopefully they can supply you with an init script that kills only the specific gmond. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Distro necessity for OVZ
Yes. My mini-OS boots first on the system and my application currently runs on the mini-OS. Then you should be able to port it over. Take a "tar" of the installed system, use it as a OpenVZ template by specifying it when you "vzctl create" a new VE, and well... start removing what's unnecessary and fixing what's weird. One related Q : does OpenVZ support mips and powerpc too? For that you'll want to read the website: http://wiki.openvz.org/ -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Distro necessity for OVZ
Do I always need a distro to run OpenVZ ? In my case, I don't use a distro but just kernel+initrd+my own application Do you mean, can you run your mini-OS as a guest within a OpenVZ container? Very probably! If your "not a distro" can boot and run on normal hardware, you should be able to: * take a snapshot of the installed system * prune out the kernel and modules * tar it up again * then deploy it as a container template There's a lot of tinkering involved, but the basic answer is that if it'll boot and run on hardware, it'll likely work in a container. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] fs capacity difference
Richard Ray wrote: That is good to know but I did not do that The container is a vzdump restore Oh, okay. Dunno about that one then. How do I get the quota back in sync Shut down the VE. Rename or delete its quota file in /var/vzquota Start it up. The quota will be recalculated as it starts. Restarting to fix quotas is kind of unpleasant, but it's the method I know. Perhaps someone can suggest a way of recalculating the quota file without restarting? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] fs capacity difference
Why is the fs 37% filled on the hardware node and 75% filled on the container Your quota files are out of date. A very common cause of this, would be copying files directly into /vz/private/3251 from the HN. Copying directly into a VE's directory will bypass the quota calculation. For copying files from the HN into a VE, I use SFTP or similar. Seems silly to SFTP to what's basically localhost, but it does avoid hosing your quotas. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Cannot stop or restart container
Hey there. Thanks for the tip about vzps, Thorsten. We are still in that situation I described a few days ago, with a container which won't stop (operation timed out). vzps shows this. # vzps -E 84 ax VEID PID TTY STAT TIME COMMAND 84 32226 ?Z 0:00 [init ] Does this offer any clue to what went wrong, how to prevent it, and how possibly to undo it without rebooting the HN? I understand what zombies/defunct processes are, and that they tend not to go away; but if their hanging around can cause a VE to cease functioning, that's not so great. Any ideas on how we can fix this? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] High Load
how to know, wich proccess belong to wich container??? Use vzpid Example: To see that PHP process 18798 in your top output: vzpid 18798 A lot of system load may not be visible by 'top' though, particularly disk I/O. For this I use 'atop' which can do disk I/O, example: atop -dl 60 It's similar to top, but the -d means to show disk I/O stats, and the 60 means it will refresh every minute. After the first minute (when it's showing averages since boot) you can see which processes are using the most disk I/O, then perhaps use 'ionice' on them. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Cannot start container, error -12
Hey guys. What does this mean? CT: 85: failed to start with err=-12 I've run it through Google, and get nothing specific: some folks upgraded their kernel, some folks rebooted and it went away, etc. Any advice on this? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Cannot stop or restart container
I found my bug report from October 2009 about not being able to stop containers. http://bugzilla.openvz.org/show_bug.cgi?id=1345 Back then we couldn't replicate it, and we chalked it up to "must have already been fixed" or to issues with the VE configs, but here it is today. Any ideas as to how I can figure this out and get this VE restarted, preferably without pulling the plug on the HN? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Cannot start container, error -12
What does this mean? CT: 85: failed to start with err=-12 I see that -12 is ENOMEM. Does this really indicate that my HN is "full" and can't run anymore VEs? Also, can someone explain to me the proper usage of vzmemcheck and how to interpret its output? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Cannot stop or restart container
It gets locked up trying to stop nfsmount. I believe the problem is the virtual nic is down before the nfsmount tries to stop and nfsmount waits forever to close the connection to the server.. Interesting. No connections made here, though; no NFS or similar. Would that apply to open listening sockets as well, e.g. httpd still running? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Cannot stop or restart container
Thorsten Schifferdecker wrote: and any entries logged in kern.log/dmesg as well ? Nope. Just the same message "CT: 85: failed to start with err=-12" -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Cannot stop or restart container
What template are you using and where did you get it from? Slackware 11 I created it myself, based on a working system. This is the same template which we had used previously those months ago, when we weren't able to replicate the bug. Can you vzctl enter it? Nope. "enter into CT 84 failed" -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Cannot stop or restart container
Hey guys. I reported a bug some months ago, not being able to stop and restart a container, getting a timeout instead. When I reported the bug months ago, I was unable to replicate it at the time. But here it is once again: I cannot stop or restart the VE. This clip shows the results which I see: # vzctl restart Customer Restarting container Stopping container ... Unable to stop container: operation timed out # vzlist Customer CTID NPROC STATUS IP_ADDR HOSTNAME 84 3 running - Customer The 3 processes, I don't know what they are but they may be related to this, and may be a clue: After the initial vzctl restart, it got down to 1 process before it timed out. I ran "vzctl exec Customer ps ax" and now I notice that the NPROC increments each time I do this. However from the HN, "ps ax | grep ps" only shows the one 'ps' which I am running, not the ones in the VE. Any thoughts on how I can finally stop this thing and restart it? Note that this is a production HN with production VEs, so rebooting it is not an attractive option. HN OS is Fedora 9 Kernel is 2.6.24.ovz009.1 vzctl-3.0.23-1.x86_64 vzctl-lib-3.0.23-1.x86_64 -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] question
mattias wrote: Only a short question Are openvz customed to run on rhel / centos and not debian Iven if there are packages for debian Are you asking whether you can run OpenVZ on RHEL and CentOS? The answer is yes. Are you asking whether you can run RHEL and CentOS inside OpenVZ containers? The answer is also yes to CentOS, and I don't know ahout RHEL. I meen Now i run a mail server with openvz Not hard to setup on rhel But on debian On debian it was inpossible How do you mean? You set up OpenVZ, then ran a Debian container, and tried to set up mail in Debian? I couldn't help you there, as I don't know Debian. But I do run a dozen mail servers all under OpenVZ, and can say that OpenVZ does not cause any new problems for hosting email. If you can host a mail server on CentOS, then you can host it on CentOS inside OpenVZ. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: SV: SV: [Users] Mail server
SD :: Ventas wrote: And if so close this fuck slow list i think the only slow is you. Oh man, I was trying not to laugh at this whole thing, now there's coffee on my keyboard. Thanks Ventas! -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] The list and a question
Are the list slow? Do you mean, are questions answered quickly? It depends; I've had a few get same-day answers, a few get ignored. Just ask and find out. Can i run a mailserver on a openvz vps Absolutely. No ifs, no ands, no buts - just yes. I meen how to no how much disc space a vm has A container (also called VE or VPS) doesn't have a fixed disk file, it has a quota and it uses the underlying host's filesystem. The quota and usage can be seen from inside the VE using "df" same as usual. The great part, is that the quota can be changed at any time without rebooting or reconfiguring anything. Adding "disk space" to a VE means typing one command, without worrying about adding disks, formatting disks, etc. It's very nice, when someone needs temporary space. I hope that helps explain a little bit. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE affecting all server node.
Good answer, Solar! Some of your ideas may apply to our own situation, as well; we have a MySQL user causing some impact with constant queries. Questions: Can I mount a tmpfs under my simfs? I can't mount the whole VPS as tmpfs nor noatime, but a tmpfs under simfs sounds like a great solution here. If I can then set MySQL's tempfile directory to it, you're right that it could reduce our disk traffic significantly. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE affecting all server node.
How can I limit this VPS to avoid the high load caused by the MySQL query. That would depend on whether it's IO or CPU that's the scarce resource. If it's CPU load, try the --cpuunits param to vzctl. This gives the VE a "priority" when the CPU is otherwise maxed out. Example: Give it a weight of 500, versus the default 1000, and when VPSs fight over CPU time that one will lose. For ourselves, we've often noticed that CPUs are rarely the bottleneck these days, that disk IO is usually the scarcest resource. Check your "top" output and see whether the CPU is showing no idle%. If the idle% is nice and high, then it's likely not your CPUs. To diagnose what's sucking up all the disk throughput, we use "atop -dl 60" to narrow down which processes are consuming the most disk IO, then "ionice" to deprioritize processes as appropriate. Example: atop -dl 60 # notice that the mysqld process (12345) is doing 75% of the IO ionice -c2 -n5 -p 12345 Note that you can't use ionice from a VE, only from the HN. Hope that helps, or at least points the right direction. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: Hosts not responding, kinda urgent
I just left an arpsend job running in cron every 5 minutes. I tried that too, called it "garpd" But it didn't really help and eventually I stopped doing it. I've also had something like this happen when the firewall (wrongly) had an alias that was the same as the IP of a virtual node. Yeah, first thing I checked was the iptables. Even turning iptables off didn't help in this case though. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: Hosts not responding
Are you using the veth or vnet drivers? If it's vnet, I don't have a clue. I depend on IPv6 for a lot of things and vnet is not IPv6 veth Though it's IPv4, not 6. And it's very vanilla: static IPs in all VEs, no DHCP or SMB services at all. Often it's very transitive. Bridges tend to "stall out" as things get added to them and they relearn their MAC deliveries, but that's usually only seconds. Hrm. I'm seeing minutes sometimes, in this case hours until I stumbled across pinging out. So far I've not seen a pattern; different VEs on different HNs, sometimes the same one 2-3 times in a night, sometimes 2-3 different ones over a week, sometimes only 1 in a week. This is the first time though, where it lasted more than 10 minutes. Like I said, I'm wondering whether it's some ARP announcement issue with the veth, the Ethernet bonding, and the 2 switches. I'm also wondering whether switching to venet could solve this, as well as provide other benefits such as performance and security. We do not use DHCP, SMB, or other MAC-based services, nor IPv6, so these omissions from venet would be acceptable. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: Hosts not responding, kinda urgent
It sounds like the switches they're attached to don't have the right arp information. Kinda what I thought, but why? Make sure proxy_arp is enabled, the sysctl is something like: net.ipv4.conf.eth1.proxy_arp = 1 Yep: net.ipv4.conf.lo.proxy_arp = 0 net.ipv4.conf.all.proxy_arp = 0 net.ipv4.conf.default.proxy_arp = 0 net.ipv4.conf.eth0.proxy_arp = 1 net.ipv4.conf.eth1.proxy_arp = 1 net.ipv4.conf.bond0.proxy_arp = 1 net.ipv4.conf.venet0.proxy_arp = 0 net.ipv4.conf.veth6/0.proxy_arp = 1 net.ipv4.conf.veth9/0.proxy_arp = 1 net.ipv4.conf.veth10/0.proxy_arp = 1 net.ipv4.conf.veth16/0.proxy_arp = 1 net.ipv4.conf.veth21/0.proxy_arp = 1 net.ipv4.conf.veth22/0.proxy_arp = 1 net.ipv4.conf.veth23/0.proxy_arp = 1 net.ipv4.conf.veth24/0.proxy_arp = 1 net.ipv4.conf.veth26/0.proxy_arp = 1 net.ipv4.conf.veth27/0.proxy_arp = 1 net.ipv4.conf.veth76/0.proxy_arp = 1 net.ipv4.conf.veth79/0.proxy_arp = 1 net.ipv4.conf.veth20/0.proxy_arp = 1 -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: Hosts not responding, kinda urgent
Any ideas as to what could have caused this "outage" in the first place, and why sending a ping would have fixed it? I can supply some further info, which may be useful. * The bonding driver is in use, slaving eth0 and eth1 into bond0. * There are 2 switches. eth0 goes into one and eth1 into the other. The two switches have a cross-connect. The Internet uplink is on one of the two switches. Perhaps there's some ARP-related issue happening between the bonding and the switches? * During the time of the outage, "arping" to the IP address continued working. Then again, this was probably proxy ARP from the HN. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Re: Hosts not responding, kinda urgent
Well, guys, here's a weird one. I fixed it, but you won't believe how. I used "vzctl enter" to enter the VE, then "route -n" to see its gateway. Then ping the gateway, and it worked; skipped 1-2 pings, but the pings came back and the VEs were once again visible on the Internet. Weird, huh? Thing is, I did them one at a time (after the first one, which I was surprised worked) and it's definitely causative here. I sit there pinging from my PC and from our monitoring server, and nothing nothing nothing; then the instant I send 1 ping to the gateway from within the VPS, it comes up. Four VEs in a row did this. Any ideas as to what could have caused this "outage" in the first place, and why sending a ping would have fixed it? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] Hosts not responding, kinda urgent
Hey guys. I have 4 VEs, out of 13 on this server, which suddenly stopped being networked. No pings, no HTTP, no nothing -- except from the HN itself. The VEs cannot ping out, no DNS, nothing. I know that no changes were made to the HN, as I'm the only one who works on it. And it's kinda urgent as these are live. :) I have tried comparing the 4 that don't work against the 9 which do work, and am coming up totally blank here. * The VEs are running. All VEs use veths. * Double-checked the "route -n" and "ifconfig" output inside the VE. * iptables -- Turned off, I'm positive. "iptables -L" shows nothing but ACCEPTs. * The "route -n" output on the HN is perfectly ordinary; proper veths and host-IP entries, no null-routes or other such shenanigans. * I compared "sysctl -a | grep vethXX | grep ipv4" outputs, and identical except for the vethXX itself. * Restarted one of the affected VEs. No effect at all. So I'm at a loss here. If the routing and veths are OK, and the sysctl output is identical, why would 4 of them suddenly have ceased functioning, and how can I fix them? Following is an example of "sysctl -a | grep ipv4.conf | grep veth16" net.ipv4.conf.veth16/0.forwarding = 1 net.ipv4.conf.veth16/0.mc_forwarding = 0 net.ipv4.conf.veth16/0.accept_redirects = 1 net.ipv4.conf.veth16/0.secure_redirects = 1 net.ipv4.conf.veth16/0.shared_media = 1 net.ipv4.conf.veth16/0.rp_filter = 1 net.ipv4.conf.veth16/0.send_redirects = 1 net.ipv4.conf.veth16/0.accept_source_route = 0 net.ipv4.conf.veth16/0.proxy_arp = 1 net.ipv4.conf.veth16/0.medium_id = 0 net.ipv4.conf.veth16/0.bootp_relay = 0 net.ipv4.conf.veth16/0.log_martians = 0 net.ipv4.conf.veth16/0.tag = 0 net.ipv4.conf.veth16/0.arp_filter = 0 net.ipv4.conf.veth16/0.arp_announce = 0 net.ipv4.conf.veth16/0.arp_ignore = 0 net.ipv4.conf.veth16/0.arp_accept = 0 net.ipv4.conf.veth16/0.disable_xfrm = 0 net.ipv4.conf.veth16/0.disable_policy = 0 net.ipv4.conf.veth16/0.force_igmp_version = 0 net.ipv4.conf.veth16/0.promote_secondaries = 0 The "route -n" line for its veth: Destination Gateway Genmask Flags Metric RefUse Iface 216.93.173.151 0.0.0.0 255.255.255.255 UH0 00 veth16.0 Any thoughts on further diagnostics? If venets are better, and may solve this, perhaps specific instructions on converting one to a venet and trying again? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Host shutdown hangs on vz service stop
That does, indeed, sound very familiar. I just vzcfgvalidate-d my config files and it threw up no problems or errors. :-/ Aww, darn. My thread is here: http://bugzilla.openvz.org/show_bug.cgi?id=1345 It's embarrassing, though a relief, that by the time I had opened the ticket the problem never happened again. We checked vzcfgvalidate, checked vzctl-libs versions, and changed to other kernels but it never happened again. So, we never positively identified a cause and solution. The only changes I had made in previous months were to upgrade the kernel (we use 2.6.24, now at ovz009.1) and to fix the config flaws. So if you're not seeing config issues, maybe a kernel upgrade? They had also suggested updating vzctl and vzctl-libs, and verifying that both packages' versions matched. Though this wasn't our issue, it was one thing they suggested during hunting this bug. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Host shutdown hangs on vz service stop
Unless each VM is stopped from inside it (usually using halt), stopping the container doesn't manage to stop it most of the time, it just blocks. Does it give a timeout? I had an issue before, where "vzctl stop XXX" would eventually time out, leaving the VE in an unpleasant state: no processes left, but not stopped so it can't be restarted. Does that sound familiar? For that one, "vzcfgvalidate" showed that I had mistakes in some limits and correcting the VE config corrected the issue. We never knew why these mistakes would cause stops to timeout, but it did work. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ Linux+ PHP PostgreSQL MySQL DHTML/JavaScript/AJAX "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Shutdown problems
To clarify further on versions: The HN is 2.6.24 ovz009.1 on Fedora 9. We must use 2.6.24 despite its "development" status because 2.6.18 lacks support for AMCC/3ware RAID controllers. Aside from this shutdown issue, we have used it for 14 months now under high loads without issue. Aside from this shutdown issue, we consider it stable and production-grade. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ "No one cares if you can back up — only if you can recover." ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Arp update / sendarp in case of machine movement ?
the ARP caches are flushed. This can be done with "sendarp". Otherwise the host is not reachable. I wrote a gratuitous arp daemon (garpd) which turned out to be necessary for our needs. If you turn down the timeout, it may be just what you need. Want a copy? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Firewall on HN or VE?
We do the firewall confguration on the HN, not in the VE. This keeps it safely out of the customers' hands and in our centralized control. By "safely out of their hands" I mean not only the customers' inexpertise, but also accidental deletion/chmoding of the firewall script in their VE, or a hacker modifying/dropping the firewall. But if you WANT for your customers in their VEs to self-manage their firewalls, having it in the VE would be just the ticket. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] SSL in cloned VEs
How does it work with VEs. If I install it on the VE before cloning, will it work on the clone directly or will i need to reissue certificate for each clone. An invalid SSL certificate, even a self-signed or expired one, will still "work" as far as encrypting data. If you're talking internal use, and don't care about browser complaints, the SSL security is just fine even with an invalid certificate or non-matching hostname. The concern is the browser complaining when the hostname doesn't match up, e.g. a certificate for https://clone-master.whatever.com/ is being presented by https://clone1.whatever.com/ so the browser will raise the "Invalid certificate" complaint. Your browser may let you "just accept it" but that may not be appropriate depending on your customers/users. If you are concerned about the certificates being valid, or at least having the right hostname, it's best to generate them inside the VPS. Technically, you don't even need the container running: you can chroot and call openssl with appropriate arguments. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VPS with diferent subnets
another subnet available but I can't migrate my actual VPS, is posible that I can have some VPS with one subnet and others VPS with anothers subnets. Absolutely. We have 5 subnets and 4 HNs, and the combination of HNs and IPs is entirely arbitrary. Huzzah for proxy arp, eh? I do have some odd issues now and then, which I suspect make this not a great idea even though it does work. One: I have to send out gratuitous ARP (I wrote a garpd if you want it) or else HNs tend to forget who has which IPs. Two: Traffic between subnets and between HNs still seems to transit the router; this means double-transiting our cable to the router. So I don't know that using mixed subnets is necessarily a great idea for production use. If anybody has advice on the matter, my eyes are wide open too! -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] vzctl start yields err=-12
A question: This problem I'm getting of "err=-12" is not accompanied by the noisy kernel dumps mentioned. Does this still sound like a likely cause? Also, I see that the bug was not fixed: http://bugzilla.openvz.org/show_bug.cgi?id=802 The last entry was that it worked for the person reporting it, but in 009.1 which I just downloaded, CONFIG_FAIR_GROUP_SCHED=y If this option must be turned off to avoid this bug, should it be disabled from the distributed config ? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] vzctl start yields err=-12
John Knight wrote: To fix this issue, recompile your kernel with this option commented out: #CONFIG_FAIR_USER_SCHED #CONFIG_FAIR_GROUP_SCHED Thanks a lot for the same-day response, John. I think I can use this tonight on one of our test systems. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] vzctl start yields err=-12
I am having a problem creating and starting a new VE. vzctl start gives me: mounted, container start failed, unmounting. dmesg shows only this: CT: 30: stopped CT: 30: failed to start with err=-12 The verbose log (level 10) is no more useful to me: Starting container ... Running: /usr/sbin/vzquota show 30 Running: /usr/sbin/vzquota on 30 -r 0 -b 104857700 -B 104857700 -i 2100 -I 2100 -e 0 -n 0 -s 0 Mounting root: /vz/root/30 /vz/private/30 Container is mounted Set iptables mask 0x17bf Set features mask / Container start failed Running: /usr/sbin/vzquota stat 30 -f Running: vzquota setlimit 30 -b 104857600 -B 104857600 -i 2000 -I 2000 -e 0 -n 0 Running: /usr/sbin/vzquota stat 30 -f Running: /usr/sbin/vzquota off 30 Container is unmounted It can't possibly be a RAM shortage. This hardware has 24 GB physical, and only 9 is allocated amongst the other VEs. There are presently 8 VEs, and this would make 9 if it would start. Any thoughts on how I can debug this? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: Logging of logins via "vzctl enter"
Please file the appropriate bug to http://bugzilla.openvz.org/. Please set severity to "enhancement" and don't use the word ASAP :) Nicely done, Kir! Spoken like a true open-source man. :) -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] Re: Logging of logins via "vzctl enter"
If you don't trust the root user of your host node, I think you are in trouble. For me, it's not about trust but logging and completeness. I trust myself and our security, but having a more complete log of when the sysadmin stepped in would help our own auditing processes. I hope that it will be implemented ASAP by openvz dev team. Login messages, such as they are, happen when the login program or sshd or similar, make a log entry. If the program doing the login is not making a log entry, so be it. Hypothetically, couldn't "vzctl enter" make such a log entry before launching bash ? Hm. Looking at enter.c I see no reason they couldn't insert some logging code right before the "exec bash" -- except that it would be platform-dependent based on the container's OS. Still, OpenSSH's loginrec.c provides some nice examples of how to log logins and wtmps and the like, with a large degree of platform independence. Hmmm? -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] veth address persistence
Am I missing some step? Maybe another EXTERNAL_SCRIPT to initialize the ip/routes? Yeppers. http://wiki.openvz.org/Veth#Making_a_veth-device_persistent -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE loses connectivity
in my opinion this may be something other than openvz, may be a misconfigured switch (or switch's arp table size?) or router or a different configuration option in switch/router. Yeah, it's so hard to tell. We're using unmanaged GigE switches, but between IP blocks we bounce off the router which we don't control. So I've not even tried to narrow it down! -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] VE loses connectivity
in a period of time some of my VE's (both on subnet1 and subnet2) loses connections. I've had a long-standing problem, as well, with HNs and VPSs randomly losing connectivity for seconds at a time. It's been enough to set off Nagios, to delay SMTP, etc. My workaround (I won't call it a "solution") was to write a simple "gratuitous ARP daemon" or "garpd" This works on the same principle as you discovered: if I retransmit ARP, it solves the problem for a little while. If you want the garpd code, assuming the folks here can't provide a real fix, I'm glad to post it to the list and/or wiki. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] waiting for lo to become free
Hey guys. I never did get a response, and thought to ask again and to post a status update. My original question: http://www.mail-archive.com/users@openvz.org/msg02202.html I was perplexed, since both bugs which had been known to cause this symptom have been marked as fixed for some time. I was running 2.6.24ovz006.4 and 006.5 on the machines which suffered from this, which were newer than the fixed tickets. Anyway, after this bit me yesterday and I was forced to reboot, the 008.1 kernel came up. It has now been 24 hours, and I was able to successfully restart all VPSs on this one server. Perhaps 008.1 has fixed this. I'll let you know. -- HostGIS, Open Source solutions for the global GIS community Greg Allensworth - SysAdmin, Programmer, GIS Person, Security Network+ Server+ A+ Security+ ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: SV: [Users] Virtuozzo
mattias wrote: I reed virtuozzo only support virtulation with the same os on the physical computer ??? Yep, it's kernel-level virtualization. One kernel runs multiple "containers" each of which has their own "ps" and network ports and IP addresses. It is the same "OS" in that they're all using the very selfsame kernel, but you can run different OS distros, sharing the same kernel. It's very spiffy -- IF you don't have a need to run muliple kernels, multiple OSs, etc. -- Gregor Mosheh / Greg AllensworthBS, A+, Network+, Security+, Server+ System Administrator, Lead Programmer HostGIS development & hosting services, http://www.HostGIS.com/ "Remember that no one cares if you can back up, only if you can restore." - AMANDA ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
Re: [Users] total system barrier and limit calculations?
Does anyone have a formula or calculations to figure out what the various beancounter barrier and limit for a paticular host system will be? One word: vzsplit -- Gregor Mosheh / Greg AllensworthBS, A+, Network+, Security+, Server+ System Administrator, Lead Programmer HostGIS development & hosting services, http://www.HostGIS.com/ "Remember that no one cares if you can back up, only if you can restore." - AMANDA ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
[Users] waiting for lo to become free
Hey guys. I'm being haunted by this terrible problem: waiting for lo to become free. This happens when I try to shut down a VE, then the load average skyrockets and the system grinds to a standstill until I pull the power plug. This was reported in 2005, and was reopened and fixed in 2008: http://bugzilla.openvz.org/show_bug.cgi?id=846 Question: Is this fix in the 2.6.24 branch? We must use 2.6.24 for our RAID controllers, and we definitely suffer from this bug. -- Gregor Mosheh / Greg AllensworthBS, A+, Network+, Security+, Server+ System Administrator, Lead Programmer HostGIS development & hosting services, http://www.HostGIS.com/ "Remember that no one cares if you can back up, only if you can restore." - AMANDA ___ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
