Re: [Vserver] using djbdns (tinydns dnscache) from within vserver
Hi, you could alternatively use the 'plain' init style and have a real init inside the guest, just as on uml :) Herbert, would using the plain init style have advantages over what i'm doing now? Even from within the vserver doing for instance a dnsip doesn't work. how does it fail? As for the dnsip failing, it doesn't do anything as in not returning a value. When it works, it immediately returns the correct value. ccapabilities icmp ping those are synonyms, so one of them should be enough, IIRC raw_icmp i tried specifying the raw_icmp option in the file ccapabilities and this is what i got: === Unknown ccap 'raw_icmp' An error occured while executing the vserver startup sequence; when there are no other messages, it is very likely that the init-script (/etc/init.d/rc 2) failed. Common causes are: * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build method knows how to deal with this, but on existing installations, appending 'true' to this file will help. Failed to start vserver 'thor' === If i remove it then it works again. probably the only thing really required to be changed is the way you handle the networking, aside from that djbdns should not have any issues, maybe you can elaborate a little on your network setup, and how you test? (ipconfig route are way below) As for what kind of error, well it doesn't actually give a certain error but pinging the hosts or doing an dnsipq on a machine in the dns records doesn't work. After further testing, I really think it has to do with networking as you say. Some more about my network: Since i used to run 4 uml's, i wanted to ease the way i did networking and configured a bridge (br0) and on that bridge 4 tap devices that my uml's plugged into. Worked great. I no longer use the 4 uml's as they are now converted to vservers but the bridging is still on and i want to keep it that way because i might use the uml's to experiment (as in try things out and destroy it in the process :)). Now, sometimes when i start the vserver, the dns stuff works and sometimes it doesn't. Very weird. I have no clue on how i can track it. Nothing logged in my iptabels (i get a log when a packet is dropped or rejected) and i have no firewalling on the bridge. For instance, sometimes when i start the vserver, when exim comes up, it takes a looong time to start. It show this message Starting MTA: and then takes several minutes to go to the next program that needs to be started. I think this is because of a dns problem, in other words djbdns that isn't capable of doing what it needs to do. Then when i enter the vserver, none of the dns utilities work. I then close the vserver and restart it then and sometimes it then works. Other times i need to restart it several times and can't get it to work. Very strange. Last test i did was bringing the uml and the vserver back on but then use a different ip (/etc/vserver/thor/interfaces/0/ip) for the vserver. Previously i always shut down the uml and use the same ip and name for the vserver. Now i changed these settings. I changed these to thor2: /etc/vservers/thor/uts/nodename /etc/vservers/thor/name I also changed the /etc/resolv.conf in this vserver to this: domain xyz nameserver 192.168.1.25 nameserver 127.0.0.1 where 192.168.1.25 is the vservers own ip adres (the new one, old one is .20) Then i restarted the vserver 5 times and all 5 times dns seems to work like it should. Thanks, Benedict = My wireless router has the ip 192.168.0.1 The wireless bridge attached to eth0 has ip 192.168.0.4 eth0 of the host has ip 192.168.0.2 eth1 of the host has ip 192.168.1.1 (bridge br0 gets this ip when i start teh bridging utils) The uml with djbdns has ip 192.168.1.20 and the vserver had this ip too as i never started them both at the same time. When i did so i changed the ip of the vserver to 192.168.1.25 IFCONFIG HOST = br0 Link encap:Ethernet HWaddr 00:10:B5:40:DD:EE inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2857 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:291940 (285.0 KiB) TX bytes:0 (0.0 b) eth0 Link encap:Ethernet HWaddr 00:10:B5:40:DE:14 inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64372 errors:0 dropped:0 overruns:0 frame:0 TX packets:68799 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:41328067 (39.4 MiB) TX bytes:7599446 (7.2 MiB) Interrupt:10 Base address:0x9400 eth1 Link encap:Ethernet HWaddr 00:10:B5:40:DD:EE UP
[Vserver] [EMAIL PROTECTED]
I read the manual to install vserver on crux. http://list.linux-vserver.org/archive/vserver/msg09371.html I followed each step. But starting vserver fails. # vserver vcrux01 start save_ctxinfo: open(/usr/var/run/vservers/vcrux01): No such file or An error occured while executing the vserver startup sequence; when there are no other messages, it is very likely that the init-script (/sbin/init) failed. Common causes are: * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build method knows how to deal with this, but on existing installations, appending 'true' to this file will help. Failed to start vserver 'vcrux01' The file run in config-directory is an symbolic dead-link. # ls -l /etc/vservers/vcrux01/run lrwxrwxrwx 1 root root 29 Apr 10 17:24 /etc/vservers/vcrux01/run - /usr/var/run/vservers/vcrux01 This is exactly, what I found in the documentation of source save_ctxinfo.c. // Saves current ctx + vserver-info into 'argv[1] + /run' which must be a dead // symlink What goes wrong ? Thanks Falk PS: The configure-options are: ./configure --prefix=/usr \ --sysconfdir=/etc \ --with-initrddir=/etc/rc.d ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [EMAIL PROTECTED]
On Thursday 13 April 2006 14:02, Falk Hamann wrote: I read the manual to install vserver on crux. http://list.linux-vserver.org/archive/vserver/msg09371.html I followed each step. But starting vserver fails. # vserver vcrux01 start save_ctxinfo: open(/usr/var/run/vservers/vcrux01): No such file or An error occured while executing the vserver startup sequence; when there are no other messages, it is very likely that the init-script (/sbin/init) failed. One (euro) cent : does the /usr/var/run/vservers/ directory exists ? If no : create it If yes : what happens if you try touch /usr/var/run/vservers/vcrux01 before vserver .. start ? Common causes are: * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build method knows how to deal with this, but on existing installations, appending 'true' to this file will help. Failed to start vserver 'vcrux01' The file run in config-directory is an symbolic dead-link. # ls -l /etc/vservers/vcrux01/run lrwxrwxrwx 1 root root 29 Apr 10 17:24 /etc/vservers/vcrux01/run - /usr/var/run/vservers/vcrux01 This is exactly, what I found in the documentation of source save_ctxinfo.c. // Saves current ctx + vserver-info into 'argv[1] + /run' which must be a dead // symlink What goes wrong ? Thanks Falk PS: The configure-options are: ./configure --prefix=/usr \ --sysconfdir=/etc \ --with-initrddir=/etc/rc.d ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [EMAIL PROTECTED]
On Thu, 13 Apr 2006 14:12:09 +0200 Xavier Montagutelli [EMAIL PROTECTED] wrote: does the /usr/var/run/vservers/ directory exists ? If no : create it If yes : what happens if you try touch /usr/var/run/vservers/vcrux01 before vserver .. start ? Yes the directory exists. If I touch this file and start again the vserver: the file is deleted and Errormessage is the exactly same. Thanks, but that not solve the problem. Any other ideas ? Bye Falk ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] su ?
Le 13/04/2006 à 15:47:36+0200, Albert Shih a écrit Hi all I've installe two vservers (guest), everthing work fine. Now I want duplicate this two server. I make a squelette with vserver build -m squelette and I copie all files from the working two vservers on my new hosts (running same version of all). On this two news vservers I change some name and on one I can't do su he ask my a password. Event when I'm root. What's wrong ? I answer to myself (in case someone have same problem) I forget to reboot the host after disable selinux. Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Thu Apr 13 16:03:05 CEST 2006 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [xen/i386] 2.6.16-xen-vs2.0.2-rc16 success
This kernel was built by simply applying the VServer patch on top of an already existing 2.6.16-xen kernel. Due to the new way in which the new Xen kernel works (as a sub-arch) nothing extra needs to be done. Two rejected hunks were related to asm-i386/page.h, but they can be safely ignored and requires no manual patching for everything to compile/boot. Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.16-xen-vs2.0.2-rc16 #1 SMP Wed Apr 12 20:59:09 EDT 2006 i686 Ea 0.30.210 273/glibc (DSa) v13,net VCI: 0002:0001 273 0376 (TbLgnP) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
RE: [Vserver] [EMAIL PROTECTED]
Falk, Not sure if this helps any but I have a newer doc version. Pasted it below. I have not tried with crux 2.2 yet. Later Sig How to install and use linux-vserver with crux 2.0 / 2.1 http://crux.nu/ http://linux-vserver.org/ http://gentoo.home.xnull.de/doc/en/vshandbook/index.xml?part=0chap=0 notes: Expect to find errors I may be doing things completely backwards but it seems to work vservers are going to be installed onto seperate partition /vservers/... I use sudo for most root commands. If you prefer to use root then ignore sudo at front of commands Preparing your host server with vserver * Get vserver code cd ~/src/vserver wget http://www.13thfloor.at/vserver/d_rel26/v1.9.5/util-vserver-0.30.204.tar .gz gzip -d util-vserver-0.30.204.tar.gz tar -xf util-vserver-0.30.204.tar wget http://www.13thfloor.at/vserver/d_rel26/v1.9.5/linux-vserver-1.9.5.tar.g z gzip -d linux-vserver-1.9.5.tar.gz tar -xf linux-vserver-1.9.5.tar * Get vanilla linux kernel and compile in vserver patch aquired from above cd /usr/src sudo wget ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-2.6.11.5.tar.bz2 sudo bzip2 -d linux-2.6.11.5.tar.bz2 tar -xf linux-2.6.11.5.tar cd linux-2.6.11.5 sudo cp ../linux-2.6.6/.config . sudo cp ~/src/vserver/patch-2.6.11.5-vs1.9.5.diff sudo patch -p1 -s ../patch-2.6.11.5-vs1.9.5.diff If you want: patch for the specific kernel sudo make menuconfig sudo make all sudo make modules_install * Install newly patched kernel cd /usr/src sudo rm linux sudo ln -s linux-2.6.11.5 linux sudo cp /usr/src/linux-2.6.11.5/arch/i386/boot/bzImage /boot/vmlinuz-2.6.11.5-1 sudo cp System.map /boot/System.map-2.6.11.5-1 cd /boot sudo ls -s System.map-2.6.6-2 System.map sudo vi /etc/lilo.conf ... ... image=/boot/vmlinuz-2.6.11.5-1 label=KERNEL-4 root=/dev/discs/disc0/part2 read-only sudo lilo -q sudo lilo sudo lilo -q * Install additional/required software sudo prt-get install iproute2 sudo prt-get install iptables sudo prt-get install rsync sudo prt-get install dietlibc * Get vconfig binary cd ~/src/ wget http://www.candelatech.com/~greear/vconfig sudo cp vconfig /usr/local/sbin * Complile and install vserver utilities cd ~/src/vserver/util-vserver-0.30.204 ./configure --prefix=/usr/local make sudo make install * Create vserver guest OS directory sudo mkdir -m 000 /vservers sudo mkdir /vservers/vcrux01 * If using SSH (or any other port listening application) change it to listen to the specific interface (ie not 0.0.0.0) sudo vi /etc/ssh/sshd_config ... ... ListenAddress 172.27.12.19 ... ... * restart ssh and ensure it still works sudo /etc/rc.d/sshd restart Building your first vserver * On Host OS sudo vserver vcrux01 build -m skeleton -n vcrux01 --context 100 --hostname vcrux01.corporate.net --interface 172.27.12.24 --netdev eth0 --netmask 255.255.248.0 --initstyle plain * Edit sysctl.conf and configure vshelper sudo vi /etc/sysctl.conf kernel.vshelper = /usr/local/lib/util-vserver/vshelper * Set up vserver barrier (this is untested) sudo showattr -d /vservers/vcrux01/.. ---bui- /vservers/vcrux01/.. sudo setattr --barrier /vservers/vcrux01/.. sudo showattr -d /vservers/vcrux01/.. ---Bui- /vservers/vcrux01/.. * Try this if the above does not work (This works but above should be better) #sudo showattr -d /vservers/vcrux01 #---bui- /vservers/vcrux01 #sudo setattr --barrier /vservers/vcrux01 #sudo showattr -d /vservers/vcrux01 #---Bui- /vservers/vcrux01 * set default tty (not sure if this works) sudo mkdir -p /usr/local/etc/vservers/.defaults/apps/init cd /usr/local/etc/vservers/.defaults/apps/init sudo ln -s /dev/tty6 tty * Check the folowing file to ensure all it configured fine. If not edit files. cat /usr/local/etc/vservers/vcrux01/apps/init/style plain cat /usr/local/etc/vservers/vcrux01/interfaces/dev eth0 cat /usr/local/etc/vservers/vcrux01/interfaces/mask 255.255.248.0 cat /usr/local/etc/vservers/vcrux01/interfaces/0/ip 172.27.12.24 cat /usr/local/etc/vservers/vcrux01/interfaces/0/name c01 cat /usr/local/etc/vservers/vcrux01/uts/nodename vcrux01.corporate.net cat /usr/local/etc/vservers/vcrux01/name vcrux01 cat /usr/local/etc/vservers/vcrux01/fstab none /proc proc defaults 0 0 none /tmp tmpfs size=16m,mode=1777 0 0 none /dev/pts devpts gid=5,mode=620 0 0 cat /usr/local/etc/vservers/crux01/context 100 # set it up so uptime is reflective of vserver uptime not host uptime cat /usr/local/etc/vservers/unixdev1/flags VIRT_UPTIME Install Crux to /vserver/vcrux01 boot from crux install cd mount /, /usr, and /vservers to /mnt, /mnt/usr, and /mnt/vservers chroot to /mnt set root password run crux setup use /mnt/vservers/vcrux01 as install point do not compile kernel, not used do not run lilo do not run lilo do not run lilo see crux handbook for details: http://crux.nu/doc/handbook.html boot OS back up * configure guest OS vcrux01 cd /mnt/vservers/vcrux01 sudo vi ./etc/rc.conf
[Vserver] secure http architecture with vserver howto ?
Hello, I'd like to manage all my web user site ( LAMP base configuration) in a secure way with vserver. One context per user/site could be usefull to limit damage in case of intrusion. How to compartmentilize , without overburden and complicated configuration ? Have you got any recommendation, link, security tips on that type of configuration ? use of vunify ? What are the usage for isp ? thanks in advance for your advice. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] using djbdns (tinydns dnscache) from within vserver
On Thu, Apr 13, 2006 at 10:14:32AM +0200, Benedict Verheyen wrote: Hi, you could alternatively use the 'plain' init style and have a real init inside the guest, just as on uml :) Herbert, would using the plain init style have advantages over what i'm doing now? Even from within the vserver doing for instance a dnsip doesn't work. how does it fail? As for the dnsip failing, it doesn't do anything as in not returning a value. When it works, it immediately returns the correct value. ccapabilities icmp ping those are synonyms, so one of them should be enough, IIRC raw_icmp i tried specifying the raw_icmp option in the file ccapabilities and this is what i got: === Unknown ccap 'raw_icmp' what tools are you using? (probably not 0.30.210) An error occured while executing the vserver startup sequence; when there are no other messages, it is very likely that the init-script (/etc/init.d/rc 2) failed. Common causes are: * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build method knows how to deal with this, but on existing installations, appending 'true' to this file will help. Failed to start vserver 'thor' === If i remove it then it works again. probably the only thing really required to be changed is the way you handle the networking, aside from that djbdns should not have any issues, maybe you can elaborate a little on your network setup, and how you test? (ipconfig route are way below) As for what kind of error, well it doesn't actually give a certain error but pinging the hosts or doing an dnsipq on a machine in the dns records doesn't work. After further testing, I really think it has to do with networking as you say. Some more about my network: Since i used to run 4 uml's, i wanted to ease the way i did networking and configured a bridge (br0) and on that bridge 4 tap devices that my uml's plugged into. Worked great. I no longer use the 4 uml's as they are now converted to vservers but the bridging is still on and i want to keep it that way because i might use the uml's to experiment (as in try things out and destroy it in the process :)). you do not need bridging for the vservers, as they already share the interface on the host Now, sometimes when i start the vserver, the dns stuff works and sometimes it doesn't. Very weird. I have no clue on how i can track it. Nothing logged in my iptabels (i get a log when a packet is dropped or rejected) and i have no firewalling on the bridge. For instance, sometimes when i start the vserver, when exim comes up, it takes a looong time to start. It show this message Starting MTA: and then takes several minutes to go to the next program that needs to be started. I think this is because of a dns problem, in other words djbdns that isn't capable of doing what it needs to do. yes dns timeouts are often a reason for unexpected delays (up to 30 seconds sometimes) Then when i enter the vserver, none of the dns utilities work. I then close the vserver and restart it then and sometimes it then works. Other times i need to restart it several times and can't get it to work. Very strange. maybe you should check /etc/resolv.conf and/or /etc/nsswitch.conf (or at least provide them) Last test i did was bringing the uml and the vserver back on but then use a different ip (/etc/vserver/thor/interfaces/0/ip) for the vserver. Previously i always shut down the uml and use the same ip and name for the vserver. Now i changed these settings. I changed these to thor2: /etc/vservers/thor/uts/nodename /etc/vservers/thor/name I also changed the /etc/resolv.conf in this vserver to this: domain xyz nameserver 192.168.1.25 nameserver 127.0.0.1 you definitely don't want to ask 127.0.0.1 here where 192.168.1.25 is the vservers own ip adres (the new one, old one is .20) Then i restarted the vserver 5 times and all 5 times dns seems to work like it should. Thanks, Benedict = My wireless router has the ip 192.168.0.1 The wireless bridge attached to eth0 has ip 192.168.0.4 eth0 of the host has ip 192.168.0.2 eth1 of the host has ip 192.168.1.1 (bridge br0 gets this ip when i start teh bridging utils) The uml with djbdns has ip 192.168.1.20 and the vserver had this ip too as i never started them both at the same time. When i did so i changed the ip of the vserver to 192.168.1.25 IFCONFIG HOST = br0 Link encap:Ethernet HWaddr 00:10:B5:40:DD:EE inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2857 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:291940 (285.0 KiB) TX bytes:0
Re: [Vserver] using djbdns (tinydns dnscache) from within vserver
Hi, It seemed that all the changes i did to test gave me an inconsistent setup so I rechecked the hosts resolv.conf, the ip's of the vservers and the resolv.conf of the vserver. Then I rebooted and pinging internal machines by name worked for the host and the vserver. Only thing that didn't seem to work was the pinging of external hosts from the host and the vserver. I then checked the settings of the 0 dir inside the interfaces directory of the vserver and i saw the content of dev was still eth0. That means the ip 192.168.1.20 ended up as an alias of the real eth0 which has a different address range 192.168.0.x. I changed that to eth1 and then it all seems to work. BUT after that change i can't ping the internal host anymore by name. So i changed my setup. I'm not sure this is a good way of accomplishing it but it seems like it's the only way to get it working. This is what's in the interfaces directory: 0 - dev: eth0 - ip: 192.168.0.3 (host eth0 192.168.0.2) 1 - dev: eth1 - ip: 192.168.1.20 (host eth1 192.168.1.1) My host resolv.conf search mydomain nameserver 192.168.1.20 nameserver 192.168.0.3 With these changes everything seems to work but as i said, i'm not sure that what i configured as my interfaces in the vserver setup directory is ok. Thanks, Benedict ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Plesk in vserver
Does anyone have experience running plesk control panel in a vserver? Any special tips. I am trying plesk 8 and qmail of plesk will not start with the rest. Any tips? ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver