Re: [Vserver] gentoo guest template stage4?!?

[Michael S. Zick]

On Sat June 30 2007 07:52, Chuck wrote:
> 
> i just went to http://people.linux-vserver.org/~hollow/stages/ to get an 
> updated install stage for gentoo guests, and saw a stage 4 archive.. umm, not 
> to appear dumb, but what in the world is a stage4?
> 
> 

Looking at the files in the specs subdirectory of that link ...
Looks like a minimum guest; syslog-ng, vixie-cron, some utils.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] java crash in vserver...

[Michael S. Zick]

On Thu May 10 2007 11:08, Michael S. Zick wrote:
> On Thu May 10 2007 09:14, Thomas Besser wrote:
> > Herbert Poetzl wrote:
> > >> Thanx for testing. I have no clue, what my problem is and no idea how to
> > >> resolve this.
> > > 
> > > maybe you could package up your guest (maybe
> > > after some cleanups to preserve privacy and
> > > reduce size), and upload it somewhere, and
> > > maybe some folks who already had success with
> > > your installation do the same, then try each-
> > > others guests and see what happens ...
> > 
> > I made a package of my guest 'gis' (about 465 MB):
> > /etc/vservers/gis (config of the image)
> > /vservers/gis (home of the guest images)
> > 
> > http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2
> > 
> > It would be great if Asier or Michael or somebody else have enough bandwith
> > for down-/uploading.
> >
> 
> I can do that.

I lied. 
Hit a disk limit on the site that has the bandwidth available.
But can give the tar-ball a try here and post results.

Mike

> Will post the url once I have moved a copy.
> 
> Mike 
> > > if the kernel/config is to blame, then your
> > > guest should work fine on another system and
> > > the other guest should fail on yours, no?
> > 
> > Yepp, that should be like that ;-)
> > 
> > TIA
> > Thomas
> > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> > 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...

[Michael S. Zick]

On Thu May 10 2007 09:14, Thomas Besser wrote:
> Herbert Poetzl wrote:
> >> Thanx for testing. I have no clue, what my problem is and no idea how to
> >> resolve this.
> > 
> > maybe you could package up your guest (maybe
> > after some cleanups to preserve privacy and
> > reduce size), and upload it somewhere, and
> > maybe some folks who already had success with
> > your installation do the same, then try each-
> > others guests and see what happens ...
> 
> I made a package of my guest 'gis' (about 465 MB):
> /etc/vservers/gis (config of the image)
> /vservers/gis (home of the guest images)
> 
> http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2
> 
> It would be great if Asier or Michael or somebody else have enough bandwith
> for down-/uploading.
>

I can do that.
Will post the url once I have moved a copy.

Mike 
> > if the kernel/config is to blame, then your
> > guest should work fine on another system and
> > the other guest should fail on yours, no?
> 
> Yepp, that should be like that ;-)
> 
> TIA
> Thomas
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Re: Re: Re: Re: java crash in vserver...

[Michael S. Zick]

On Wed May 9 2007 01:18, Thomas Besser wrote:
> Hi Jan,
> 
> Jan Zuchhold wrote:
> > it's working fine for me:
> > 
> 
> > 1512 [INFO] org.geotools.referencing.factory.epsg.HSQLDataSource -
> > Creating cached EPSG database. It may take a few minutes.
> > 17611 [main] INFO org.springframework.web.context.ContextLoader - Using
> > context class
> > [org.springframework.web.context.support.XmlWebApplicationContext] for
> > [root
> > WebApplicationContext
> > 17611 [main] INFO org.springframework.web.context.ContextLoader - Root
> > WebApplicationContext: initialization completed in 16212 ms
> 
> > 
> 
> > vserver:~# cat /etc/issue
> > Debian GNU/Linux 4.0
> > 
> > vserver:~# java -version
> > java version "1.6.0"
> > Java(TM) SE Runtime Environment (build 1.6.0-b105)
> > Java HotSpot(TM) Server VM (build 1.6.0-b105, mixed mode)
> > 
> > host:~# uname -r
> > 2.6.20.11-vs2.2.0.k7-smp-070502
> 
> Thanx for testing. I have no clue, what my problem is and no idea how to
> resolve this.
>

According to this thread, you are running Java 1.5 and the
version reported to work is Java 1.6

Mike

> Perhaps you could send me via pm your installed packages
> (dpkg --get-selections > packages) of your host and guest?
> 
> Regards
> Thomas
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] anybody has experience for Vserver on ARM

[Michael S. Zick]

On Tue April 24 2007 10:21, Martin wrote:
> On Tue, 2007-04-24 at 07:58 -0400, Wenbin Zhang wrote:
> > Hi Martin, 
> > 
> > FC6 has not been ported to ARM. I tried "-d fc6", that does not work.
> > But what should be used for "-d" option on ARM? Thank you very much!
> If I am correct then -d controls the distro of the guest that you are
> building.  By default only the common few distros are supported, but I'm
> told that it's pretty simple to add support for others (check the Wiki /
> archives I'd guess).  Of the top of my head I couldn't tell you which
> distros other than Debian have an ARM port.
>

I can verify that Debian/Etch runs just fine on my ARM machine, see:
http://www.cyrius.com/debian/nslu2/

I have not checked or tried a vserver enabled kernel yet though - 
still on my rather long to-do list.

But all of the usual distro software will just install and run.

Perhaps you could pop for one of these low cost machines* and build
native anything you want for your fone?

Mike 
* your will want to add the console port and up the clock -
the only modifications I made to my off the shelf machine.
See links from the above url.

> HTH
> 
> Cheers,
>  - Martin
> 
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] How to unsubscribe? http://list.linux-vserver.org/mailman/listinfo/vserver doesn't work...

[Michael S. Zick]

On Thu April 5 2007 02:39, Guenther Fuchs wrote:
> Hi there,
> 
> on Thursday, April 5, 2007 at 8:24:26 AM there was posted:
> 
> VT> I want to unsubscribe from vserver ML, but the link
> VT> http://list.linux-vserver.org/mailman/listinfo/vserver doesn't work.
> VT> How can I do that?
> 
> Send an empty mail from the subscribed address to
> vserver@list.linux-vserver.org with subject "unsubscribe" - that
> should work with mailman lists.
> 

The directions included (as a header on every mail) from the list mailer is:

List-Unsubscribe: ,


If that header is correct then;
Send an empty mail from the subscribed address to:
[EMAIL PROTECTED]
with the subject: unsubscribe

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] any kernel gurus know what this is?

[Michael S. Zick]

On Thu December 7 2006 07:57, Chuck wrote:
> 
> ok. i am definitely having problems with this new opteron machine we have... 
> 
> only thing i can see remotely close to an error or warning msg is this from 
> the kernel:
> 
> i get this message as early in the boot process as when it decompresses to 
> begin boot:
> 
> "kernel mapping table up to 100,000,000 at 8000:d800"
> 
>  this is a linux 2.6.18.3 kernel
> 
> 2.6.18-vs2.1.1-gentoo-r1
> 
> could this be a disk controller address?
> 
> 
> last week the machine died twice both with disk errors, the 2nd time it 
> actually scrambled a few sectors in a lvm partition in the website vserver. i 
> had to run shred on the partition to fix it.
> 
> just this morning, initially i had no warning something was wrong until i 
> tried to execute any command and got back  'command not found'. turns out the 
> running system could not access the disk array in any fashion. a power cycle 
> brought it back to normal and it has been running ok for the past few hours.
> 
> in case it helps
> hardware is
> 2xopteron dual core 265
> tyan 2882D motherboard
> 4gb registered ram
> 2 sata2 drives in raid1 configuration.
> 

There is a patch in 2.6.18.5 that mentions sata drives.
Haven't tried it yet.

There are several distro's that are planning to include
2.6.18 in their end-of-year releases.  It has been getting 
a lot of maintenance recently.

> could i have a setting wrong in the kernel? 
> 

Like in cockpit error?  

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Util-VServer file names

[Michael S. Zick]

On Wed December 6 2006 15:04, Herbert Poetzl wrote:
> On Mon, Dec 04, 2006 at 07:17:03PM -0600, Michael S. Zick wrote:
> > Group,
> > 
> > Tar-ball: util-vserver-0.30.211.tar.bz2
> > Path: util-vserver-0.30.211/scripts
> > File: vserver-build.functions.rpm
> > File: vserver-build.rpm
> > 
> > Neither file is an rpm package, both are
> > ASCII text files.
> > 
> > I suggest that hi-jacking well recognized
> > extensions is a "Bad Idea".
> > 
> > Better names might be: vserver-rpm-build.
> > and vserver-rpm-build-functions.
> 
> well, while you are perfectly right there, this _is_
> the result of such a procedure ...
> 
> the pattern is like this:
> 
> vserver-build.functions.
> vserver-build.
> 
> where  currently is one of
> apt, apt-rpm, debootstrap, fai, rpm, yum ...
>

No big deal any longer - it just exposed the need for
a few more 'if' statements in my file cataloger.

Unless you intend to start making the first line of
your text files read:
! 

or other 'magic strings' there shouldn't be any problems here.

Mike
> HTC,
> Herbert
> 
> > Mike
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver][Solved] iproute2 behavior problem

[Michael S. Zick]

On Mon December 4 2006 23:26, Chuck wrote:
> On Sunday 03 December 2006 09:25, Michael S. Zick wrote:
> 
> It appears that, at least on my 2006.1 Gentoo distro, possibly with iproute2 
> I 
> am not positive if it extends beyond Gentoo, that someone decided to 
> automatically load the arping module even when not asked for. This causes the 
> 2 second delay. 
>

Thanks.
Another note of things to watch out for goes on the wall here.
One person's feature is another person's service call in the
middle of the night.

Mike

> A fix for Gentoo installs is after your modules=("iproute2")  
> an additional line of modules=("!arping") cures the problem. I have no idea 
> why they feel this is required on all networking code since they load it no 
> matter what, but unless it does something specifically important to our use, 
> it seems to only get in the way. We use 100% static 
> assignments,gateways,routes,everything so we need no automatic detections of 
> anything at all, and in fact this also cured another of my problems where a 
> specific static route did not work, but now it does after killing that 
> module. I guess it made its own decisions that my instructions were not 
> worthy enough to obey. I am highly irked at Gentoo right now that they would 
> do this with no warnings or notifications that this was a new 
> automagic  'feature' which , unless i am made to understand why I need it, 
> simply has caused me problems.
> 
> 
> > On Sun December 3 2006 05:50, Chuck wrote:
> > > On Sunday 03 December 2006 00:28, Herbert Poetzl wrote:
> > > 
> > > 
> > > this is during boot when initializing the ethx adapters. 
> > >
> > 
> > I noticed that myself on a Debian/Etch system - I suppose
> > any distro that follows their lead (uses the same udevd) 
> > might have the same symptoms;
> > 
> > Look for: /etc/udev/rules.d/z25_persistent-net.rules
> > which is generated at runtime, during boot,
> > by /etc/udev/persistent-net-generator.rules
> > 
> > If you do not intend to be changing nic's in the box 
> > in-between boots, then that rule generator only needs
> > to run once per life-time of the machine - not once
> > per every boot.
> > 
> > I don't have my hands on your set-up - so I can't say
> > what/how to make the changes to your configuration files,
> > but that is the 'slow to initialize' ethernet nics problem
> > area.
> > 
> > Believe me, you do not want to plug in a usb-nic if you want
> > a fast boot - it will eventually boot but you could swear
> > the kernel hung while waiting.
> > 
> > Mike
> > > 
> > > > On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote:
> > > > 
> > > > > i am assuming this behavior is in recent iproute2 changes. previously
> > > > > on an x86 machine last year, 140 ip addys on one nic would load very
> > > > > fast.
> > > > >
> > > > > now, on amd64 current versions, it pauses 2 whole seconds between ip
> > > > > addys!!
> > > > 
> > > > when you add them? remove them? or just view them?
> > > > 
> > > > could be an overeager nameservice reverse lookup
> > > > trying to find a name to your IPs :)
> > > > 
> > > > HTH,
> > > > Herbert
> > > > 
> > > > > it is intolerable. does anyone have a fix for this or know what causes
> > > > > it?
> > > > 
> > > > too little information ...
> > > > 
> > > > best,
> > > > Herbert
> > > > 
> > > > > --
> > > > >
> > > > > Chuck
> > > > >
> > > > > ___
> > > > > Vserver mailing list Vserver@list.linux-vserver.org
> > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > > 
> > > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Util-VServer file names

[Michael S. Zick]

Group,

Tar-ball: util-vserver-0.30.211.tar.bz2
Path: util-vserver-0.30.211/scripts
File: vserver-build.functions.rpm
File: vserver-build.rpm

Neither file is an rpm package, both are
ASCII text files.

I suggest that hi-jacking well recognized
extensions is a "Bad Idea".

Better names might be: vserver-rpm-build.
and vserver-rpm-build-functions.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] iproute2 behavior problem

[Michael S. Zick]

On Sun December 3 2006 09:48, Herbert Poetzl wrote:
> On Sun, Dec 03, 2006 at 07:08:30AM -0500, Chuck wrote:
> > On Sunday 03 December 2006 00:28, Herbert Poetzl wrote:
> > 
> > i just tried an experiment. i placed 5 ips on an adapter on the older
> > dell x86 system and still the same behavior so it is not arch related.
> 
> > > On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote:
> 
> > > > i am assuming this behavior is in recent iproute2 changes.
> > > > previously on an x86 machine last year, 140 ip addys on one nic
> > > > would load very fast.
> 
> what I do not understand here, why do you configure
> 140 ips when the host boots at all? wouldn't it be
> much easier to let util-vserver add the IPs per
> guest? I'd assume that this would speed up the
> configuration significantly too, as the tools do
> not run those funny scripts AFAIK :)
>

I haven't done any debugging of this yet - but if I did,
I would start by putting a break-point of some kind in udevd,
then adding an address.  
What I would be looking for is if the adding of an address 
generates a 'udev event' similar to discovering a new card.
I don't think it should, but it might be doing that.
It could also just be funky scripting somewhere.

Mike 

> HTH,
> Herbert
> 
> > > > now, on amd64 current versions, it pauses 2 whole seconds between
> > > > ip addys!!
> > > 
> > > when you add them? remove them? or just view them?
> > > 
> > > could be an overeager nameservice reverse lookup
> > > trying to find a name to your IPs :)
> > > 
> > > HTH,
> > > Herbert
> > > 
> > > > it is intolerable. does anyone have a fix for this or know what causes
> > > > it?
> > > 
> > > too little information ...
> > > 
> > > best,
> > > Herbert
> > > 
> > > > --
> > > >
> > > > Chuck
> > > >
> > > > ___
> > > > Vserver mailing list Vserver@list.linux-vserver.org
> > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > 
> > 
> > -- 
> > 
> > Chuck
> > 
> > "...and the hordes of M$*ft users descended upon me in their anger,
> > and asked 'Why do you not get the viruses or the BlueScreensOfDeath
> > or insecure system troubles and slowness or pay through the nose 
> > for an OS as *we* do?!!', and I answered...'I use Linux'. "
> > The Book of John, chapter 1, page 1, and end of book
> > 
> > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] iproute2 behavior problem

[Michael S. Zick]

On Sun December 3 2006 08:31, Chuck wrote:
> On Sunday 03 December 2006 09:25, Michael S. Zick wrote:
> 
> 
> will check all this out. thanks... this is a  production machine and when i 
> reboot it on those rare occasions very late at night, i need it to boot fast 
> as possible with no unnecessary delays as it takes a large number of our 
> sevices down during that time. why someone would introduce a 2 second delay 
> between ip assignments is beyond me. unless someone added a delay for reading 
> diag messages then forgot to remove it.
>

Just guessing on insufficient knowledge -

This new udevd is part of the change to parallel initialization;
Which is supposed to speed up the boot process.

The parallel initialization is a dependency guided system;
Could be that does not have all the rough edges smoothed out.

I 'fixed' mine by building the required ethernet drivers into
the kernel rather than let the system auto-load the modules.
(Three nics, two pci, one usb)

Now that is not a 'fix' of the problem - but a work-around to
get my kernel to boot within a reasonable amount of time.

Since this is only a personal-use machine, not a production
machine; I just said: "good enough for now" and went on to
more pressing issues here without really running down the
prime cause.

Mike
> 
> > On Sun December 3 2006 05:50, Chuck wrote:
> > > On Sunday 03 December 2006 00:28, Herbert Poetzl wrote:
> > > 
> > > 
> > > this is during boot when initializing the ethx adapters. 
> > >
> > 
> > I noticed that myself on a Debian/Etch system - I suppose
> > any distro that follows their lead (uses the same udevd) 
> > might have the same symptoms;
> > 
> > Look for: /etc/udev/rules.d/z25_persistent-net.rules
> > which is generated at runtime, during boot,
> > by /etc/udev/persistent-net-generator.rules
> > 
> > If you do not intend to be changing nic's in the box 
> > in-between boots, then that rule generator only needs
> > to run once per life-time of the machine - not once
> > per every boot.
> > 
> > I don't have my hands on your set-up - so I can't say
> > what/how to make the changes to your configuration files,
> > but that is the 'slow to initialize' ethernet nics problem
> > area.
> > 
> > Believe me, you do not want to plug in a usb-nic if you want
> > a fast boot - it will eventually boot but you could swear
> > the kernel hung while waiting.
> > 
> > Mike
> > > 
> > > > On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote:
> > > > 
> > > > > i am assuming this behavior is in recent iproute2 changes. previously
> > > > > on an x86 machine last year, 140 ip addys on one nic would load very
> > > > > fast.
> > > > >
> > > > > now, on amd64 current versions, it pauses 2 whole seconds between ip
> > > > > addys!!
> > > > 
> > > > when you add them? remove them? or just view them?
> > > > 
> > > > could be an overeager nameservice reverse lookup
> > > > trying to find a name to your IPs :)
> > > > 
> > > > HTH,
> > > > Herbert
> > > > 
> > > > > it is intolerable. does anyone have a fix for this or know what causes
> > > > > it?
> > > > 
> > > > too little information ...
> > > > 
> > > > best,
> > > > Herbert
> > > > 
> > > > > --
> > > > >
> > > > > Chuck
> > > > >
> > > > > ___
> > > > > Vserver mailing list Vserver@list.linux-vserver.org
> > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > > 
> > > 
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] iproute2 behavior problem

[Michael S. Zick]

On Sun December 3 2006 05:50, Chuck wrote:
> On Sunday 03 December 2006 00:28, Herbert Poetzl wrote:
> 
> 
> this is during boot when initializing the ethx adapters. 
>

I noticed that myself on a Debian/Etch system - I suppose
any distro that follows their lead (uses the same udevd) 
might have the same symptoms;

Look for: /etc/udev/rules.d/z25_persistent-net.rules
which is generated at runtime, during boot,
by /etc/udev/persistent-net-generator.rules

If you do not intend to be changing nic's in the box 
in-between boots, then that rule generator only needs
to run once per life-time of the machine - not once
per every boot.

I don't have my hands on your set-up - so I can't say
what/how to make the changes to your configuration files,
but that is the 'slow to initialize' ethernet nics problem
area.

Believe me, you do not want to plug in a usb-nic if you want
a fast boot - it will eventually boot but you could swear
the kernel hung while waiting.

Mike
> 
> > On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote:
> > 
> > > i am assuming this behavior is in recent iproute2 changes. previously
> > > on an x86 machine last year, 140 ip addys on one nic would load very
> > > fast.
> > >
> > > now, on amd64 current versions, it pauses 2 whole seconds between ip
> > > addys!!
> > 
> > when you add them? remove them? or just view them?
> > 
> > could be an overeager nameservice reverse lookup
> > trying to find a name to your IPs :)
> > 
> > HTH,
> > Herbert
> > 
> > > it is intolerable. does anyone have a fix for this or know what causes
> > > it?
> > 
> > too little information ...
> > 
> > best,
> > Herbert
> > 
> > > --
> > >
> > > Chuck
> > >
> > > ___
> > > Vserver mailing list Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] resource management

[Michael S. Zick]

On Fri December 1 2006 22:56, Chuck wrote:
> On Friday 01 December 2006 21:51, Michael S. Zick wrote:
> 
> i installed this new kernel, and decided to reboot immediately. there is a 
> CONSIDERABLE difference in the amount of initial memory used! i have never 
> seen this machine this low before. 680mb. typically startup memory has always 
> been around 900mb. 
>

Super!
 
> there is also a noticable difference in the response of the machine.. time 
> will tell.
>

A personal record: 2.6.18.2 is the only kernel that ever trashed my reiserfs.
I have been beating on 2.6.18.3 for over a week now with no problems found.

> thanks for the info!
> 
> i still need to find out if i need to set file handles higher etc, and how to 
> do that.
> 

I do not have a clue to that question.  Someone on the list that is running
a high resource requirement installation will have to comment on that.

> 

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] resource management

[Michael S. Zick]

On Fri December 1 2006 18:47, Chuck wrote:
> On Friday 01 December 2006 17:38, Michael S. Zick wrote:
> > > The host install is 100% stock Gentoo with no modifications other than 
> what is 
> > > needed to run vservers.  The kernel is 2.6.18-vs2.0.2-gentoo-r8 with 
> > >
> > 
> > if the above kernel version is 2.6.18.2 as kernel.org numbers them,
> > replace it with 2.6.18.3 or newer.
> 
> will have a look at that
> 
> > 
> > The kernel.org-2.6.18.3 has some page handling fixes in it.
> > The 2.6.18.2 can be put into a situation where it does not properly use 
> > swap.

My bad.  I was unclear - 'does not handle dirty pages properly' - pages 
which should either be reclaimed from swap or swapped out.

My reason for making that guess was the console message which you quoted.

With 4g of ram, you have a ways to grow but will eventually run out of
room if you push it hard enough.  And swap usage will look like you
have plenty of room remaining when oom starts running and/or your filesystem
starts to corrupt.

Perhaps the easiest way to see if that is 2.6.18.3 is to try applying the
2.6.8.2-3 diff patch to the kernel source with the Gentoo and VServer
patches in place (only the extra version string should fail to apply).

If patch tells you 'patch already applied' then you have 2.6.18.3(+)

Mike
> 
> we only use about 25% of our ram at this time and i really dont expect any 
> swap at all, but i do see a token amount which i am not sure where it comes 
> from...
> 
> valkyrie / # free
>  total   used   free sharedbuffers cached
> Mem:   406032018450442215276  0 366696 477532
> -/+ buffers/cache:10008163059504
> Swap:  39037842323903552
> 
> 
> > The host install is 100% stock Gentoo with no modifications other than what 
> is 
> > needed to run vservers.  The kernel is 2.6.18-vs2.0.2-gentoo-r8 with 
> >
> > util-vserver 0.30.211. Everything is compiled 2006.1 gcc 4.1.1 and 
> > glibc .2.4-r4:2.2.
> 
> > Note: 'stock ' does not mean an unmodified kernel.
> > 
> 
> no, I realize that... this is 'stock gentoo supplied vserver kernel'
> 
> > Mike
> > 
> > > util-vserver 0.30.211. Everything is compiled 2006.1 gcc 4.1.1 and 
> > > glibc .2.4-r4:2.2.
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] resource management

[Michael S. Zick]

On Fri December 1 2006 12:52, Chuck wrote:
> suddenly out of nowhere, on a brand new 1 month old dual opteron machine we 
> started getting system lockups and crashes.. I managed to track it down to a 
> bad block in the email mailboxes.. the email server, of necessity for now 
> must run on the host since it uses 140ip addresses. eventually we will move 
> everyone to namespace and i can put it into a vserver..
> 
> now on to my question.
> 
> we have a TON of open files I am sure. Presently there are 20 guests running, 
> some, like a web server has 260 domain on it and it is quite busy. Are we 
> approaching or exceeding some kind of system resource limit maybe?
> 
> I never get to see the console since the server is 1000 miles away, but this 
> morning someone read a msg that seemd to be information only. I have no clue 
> what this means:  Kernel Direct Mapping Table up to 100,000,000 @8000:d800.
> 
> Any clues? Any advice how to set higher resources in the host system if this 
> is becoming a problem? I have never had to do this before but also have not 
> worked on a system so large. We are only about half done. I expect there to 
> be approx 50-60 vservers on this machine with at least 15-20 of them very 
> busy.
> 
> The host install is 100% stock Gentoo with no modifications other than what 
> is 
> needed to run vservers.  The kernel is 2.6.18-vs2.0.2-gentoo-r8 with 
>

if the above kernel version is 2.6.18.2 as kernel.org numbers them,
replace it with 2.6.18.3 or newer.

The kernel.org-2.6.18.3 has some page handling fixes in it.
The 2.6.18.2 can be put into a situation where it does not properly use swap.
Note: 'stock ' does not mean an unmodified kernel.

Mike

> util-vserver 0.30.211. Everything is compiled 2006.1 gcc 4.1.1 and 
> glibc .2.4-r4:2.2.
> 
> The disk subsystem is a SATA2 hardware raid5 with all partitions except root 
> boot and swap, using LVM2. At present there are 27 mount points used.
> 
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: future vserver on ubuntu

[Michael S. Zick]

On Tue November 28 2006 08:56, Herbert Poetzl wrote:
> On Sun, Nov 26, 2006 at 07:18:15PM -0600, Michael S. Zick wrote:
> > On Sun November 26 2006 12:15, Philippe Clérié wrote:
> > > Gerald at uni-klu was kind enough to reply to a query I sent him. He will
> > > not soon be building a vserver kernel for edgy because of lack of time.
> > > 
> > > So I think I'll stick to dapper for a while yet.
> > > 
> > > Regarding vserver and feisty, it's very likely that the patch is not in 
> > > the
> > > distribution because it's no longer in sid. And it makes sense not to
> > > include it in sid since debian is building kernels with built-in vserver.
> > > For all architectures too! 
> > 
> > All?
> > Can't find the -ixp4xx (arm, little endian), nor pa-risc 32 or 64 bit.
> > The ones posted only have the VServer Kconfig changes.
> 
> hppa(/64) works quite fine in Linux-VServer, arm
> too, arm26 is not really tested ... but I don't 
> know for the debian versions ...
>

Sorry if I was unclear.  The answer is not what architectures work,
but what architectures Debian provides pre-built kernels for.

I test virgin kernel+VServer on armv5tel Joel tests on hppa/32/64 -
but neither of us test the _Debian_ pre-builts.

None of those machines are speed demons - so when someone said that
pre-built kernels where available - I did spend time searching the
package depositories for them.  Then offered my update of the word: _all_.

For those who roll-their-own:
Your best bet on arm is 2.6.18.3 or newer to avoid swap problems ...
Probably 2.6.16.???-pa on hppa (after the spinlock fixes)
to avoid scsi iommu problems ...
(Neither set of problems are VServer related.)

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] About open Linux phone/SDK Neo1973/OpenMoko & your feedback to run linux-vserver on a Arm9 cpu (Samsung s3c2410 SoC)

[Michael S. Zick]

On Mon November 27 2006 10:28, Robert Michel wrote:
> Salve!
> 
- - - big snip - - - -

>  * 128 MB SDRAM
>  * 64 MB NAND Flash
> 
That is a lot of resources ...

My NSLU-2 is running Debian/Etch/Arm/el with
kernel 2.6.18.2 in 8MB Flash and 32MB Ram

Do not know arm9 - but the cpu in my machine is
Intel Xscale (ixp42x) (software floating point).
I expect the cpu resources to be similar.

Lots of luck with your project.
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: future vserver on ubuntu

[Michael S. Zick]

On Sun November 26 2006 12:15, Philippe Clérié wrote:
> Gerald at uni-klu was kind enough to reply to a query I sent him. He will
> not soon be building a vserver kernel for edgy because of lack of time.
> 
> So I think I'll stick to dapper for a while yet.
> 
> Regarding vserver and feisty, it's very likely that the patch is not in the
> distribution because it's no longer in sid. And it makes sense not to
> include it in sid since debian is building kernels with built-in vserver.
> For all architectures too! 

All?
Can't find the -ixp4xx (arm, little endian), nor pa-risc 32 or 64 bit.
The ones posted only have the VServer Kconfig changes.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: AW: AW: [Vserver] kernel-2.6.17.13

[Michael S. Zick]

On Sun November 26 2006 10:20, Roman Pretory wrote:
> 
> 
> Find where your host distribution keeps its udev rules,
> rename your nics using their hardware (mac) address, like:
> 
> [Debian/Etch location but rule content should be the same]
> in: /etc/udev/rules.d/z25_persistent-net.rules:
> 
> # You can modify these, as long as you keep each rule on a single line.
> 
> SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:00:e8:60:ba:8a",
> NAME="eth0"
> 
> SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:01:29:24:75:e9",
> NAME="eth1"
> 
> # USB device 0bda:8150 (rtl8150)
> SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:e0:4c:03:50:1d",
> NAME="eth2"
> 
> Mike
> 
> 
> Thanks
> 
> Usb not used and removed all modules
>

My PCI nics are not hot-swappable, the USB nic is - that entry just
shows that things work as expected as I move the nic around the USB tree.

> to bind ore fix nic/mag/driver makes troubles by cloning or changing nic :-(
>

True - but naming by hardware address is not the only choice.
See: man udevinfo  and the option: --attribute-walk

> only useable diver module select and there to much :-)

You can specify the driver module to be used (untested here).

> could brake remote access so have to find differt way
> but good to know keep it in mind
>

And if all the built-in features fail your needs, a rule
can run an external script (untested here).

> 
> 
> but by the way why a stable patch for a developer(unstable)Kernel(17)??
> ore are by information about not up to date?
> 

I do not have a clue to that answer.

The files on kernel.org show that 2.6.16 and 2.6.18 are being maintained
more recently than 2.6.17 - I do not know why that is.

> BRG
> Roman 
> 
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: AW: [Vserver] kernel-2.6.17.13

[Michael S. Zick]

On Sun November 26 2006 08:54, Daniel Hokka Zakrisson wrote:
> Roman Pretory wrote:
> > RP> ist a horror
> > RP> .)modules for iptables have canged
> > RP> have to search after use oldconfig
> > 
> >>> What is the old version you compared it against?
> > 
> > old Kernel = 2.6.12.3 = old .config
> 
> Of course, things change, that is to be expected. Netfilter got a 
> rewrite a couple of versions ago (2.6.16, I think).
>

The udev event system also changed across 2.6.14/.15 

> > RP> .)Nic's are turned very funny for remote work
> > 

Find where your host distribution keeps its udev rules,
rename your nics using their hardware (mac) address, like:

[Debian/Etch location but rule content should be the same]
in: /etc/udev/rules.d/z25_persistent-net.rules:

# You can modify these, as long as you keep each rule on a single line.

SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:00:e8:60:ba:8a", 
NAME="eth0"

SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:01:29:24:75:e9", 
NAME="eth1"

# USB device 0bda:8150 (rtl8150)
SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:e0:4c:03:50:1d", 
NAME="eth2"

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vmware in vserver?

[Michael S. Zick]

On Thu September 28 2006 08:48, John Alberts wrote:
> I was curious about running vmware in a guest so that I could run an
> instance of windows on my linux box.  That's the only thing I wish
> vserver could do is let me run windows as a guest os.
>

You might be spinning your wheels on that - many win-apps will detect
vmware and refuse to run - even Windows virus applications will usually
detect vmware and go into hiding.

You might have better luck running Wine -


If you also have a licensed copy of the M$ dlls - you can set Wine
to pick and choose between the M$ dlls and the ones provided with Wine.

> Please don't start flaming with "Why would you use WINDOZE anyway?".
> Sometimes it's necessary, especially for Windows admins like myself.
> :)
> 
> Thanks for everyones input.
> 

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] huge oops

[Michael S. Zick]

On Sat September 23 2006 05:16, Chuck wrote:
> i am installing on an opteron system using gentoo and portage.
> 
> when emerging util-vserver it errored with the following
> 
> cc1: error: unrecognized command line option "-fno-stack-protector-all"
> make: *** [bin-x86_64/start.o] Error 1
> make: *** Waiting for unfinished jobs
> cc1: error: unrecognized command line option "-fno-stack-protector-all"
> make: *** [bin-x86_64/dyn_start.o] Error 1
> make: *** [bin-x86_64/dyn_stop.o] Error 1
> make: *** wait: No child processes.  Stop.
> 

Which compiler?  GCC series 3 or series 4?

I have not seen that specific error but I have had to tweak
some options in the Gentoo configuration files for other changes
in the compiler command line options.

> !!! ERROR: dev-libs/dietlibc-0.28 failed.
> Call stack:
>   ebuild.sh, line 1546:   Called dyn_compile
>   ebuild.sh, line 937:   Called src_compile
>   dietlibc-0.28.ebuild, line 42:   Called die
> 
> 
> it is attempting to install util-vserver-0.30.210.tar.bz2
> 
> vserver-sources kernel was installed which is 2.6.15-vs2.0.1-gentoo-r5
> 
> any ideas? hints?
> 

Check the "info gcc" or the on-line manual for both gcc series 3 and 4;
find what happened with the "-fno-stack-protector-all" option.

I have found that the Gentoo dependency system does not include flag
changes based on the series of compiler being used.  Also the gcc-config
utility does not catch all of the flag differences.

You can track a rss (live bookmark) of the Gentoo VServer changes with:


> 
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] mixed gcc versions

[Michael S. Zick]

On Tue September 19 2006 08:00, Chuck wrote:
> On Tuesday 19 September 2006 08:50, Michael S. Zick wrote:
> > On Tue September 19 2006 07:16, Chuck wrote:
> > > will a 32 bit guest compiled under gcc 3.4.6 run properly under a 64 bit 
> host 
> > > compiled using gcc 4.1.1?
> > > 
> > > not positive of what is compatible and what is not.
> > > 
> > > unfortunately i have not found a centos guest template done under 4.1.1
> > > 
> > > have not looked yet at the centos64 to see if that is under 4.1.1
> > > 
> > 
> > Only the kernel is common between host and guest.
> > 
> > Which means host and guest software needs to be built against
> > the same (or compatible) kernel headers.
> > 
> > Plus the consideration that your question implies - the kernel
> > when compiled for 64-bit must still support 32-bit code.
> > 
> > Not all brands of machine will support mixed size code.
> > For instance, Linux on pa-risc does not have a 64-bit userland,
> > regardless of the kernel being compiled for either 32-bit or 64-bit.
> > 
> 
> it would be a gentoo 64 bit host with 32bit emu enabled 
>

If 32-bit emulation is enabled, it should be just fine.

You still haven't mentioned the processor type, but if 32-bit code
will run on the host, then 32-bit code will run in the guest.

> and a 32 bit or even  
> possibly the 64bit centos guest.. all gentoo guests will be 64bit gcc 4.1.1
> 
> i am just concerned about the centos since thats binary distribution.
> 

You probably should not share the same copy of glibc host & guest.
It is always a "good idea" for glibc to be built with the same compiler
as the rest of userland code.

Running a different glibc in a vserver is not a problem, vservers are
good at doing things like that.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] mixed gcc versions

[Michael S. Zick]

On Tue September 19 2006 07:16, Chuck wrote:
> will a 32 bit guest compiled under gcc 3.4.6 run properly under a 64 bit host 
> compiled using gcc 4.1.1?
> 
> not positive of what is compatible and what is not.
> 
> unfortunately i have not found a centos guest template done under 4.1.1
> 
> have not looked yet at the centos64 to see if that is under 4.1.1
> 

Only the kernel is common between host and guest.

Which means host and guest software needs to be built against
the same (or compatible) kernel headers.

Plus the consideration that your question implies - the kernel
when compiled for 64-bit must still support 32-bit code.

Not all brands of machine will support mixed size code.
For instance, Linux on pa-risc does not have a 64-bit userland,
regardless of the kernel being compiled for either 32-bit or 64-bit.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] gcc version mixing?

[Michael S. Zick]

On Wed September 13 2006 18:26, Chuck wrote:
> does anyone know if it would cause problems if my host is compiled with gcc 
> 4.1 using nptl while some guests are precompiled binaries using gcc 3.4.6 
> with the old style threading and others compiled using gcc 4.1 with nptl? 
> 
> i do not have the luxury of making them all 4.1.. so its either hopefully 
> mixing is ok or do all guests in 3.4.6 old threading or i have to do the 
> entire system including host in 3.4.6 old threading. i know basically nothing 
> about the new vs old systems for any kind of compatibility.
> 
> 

Here I build experimental glibc and gcc inside of vservers - 
one of their many uses.  They make a great sandbox for anything.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Latest "usable" Gentoo package

[Michael S. Zick]

On Thu September 7 2006 06:52, Marcus wrote:
> > Due to the speed the _rc's occured, we thought that moving those ebuilds to 
> > our project overlay [1] would make sense. The overlay is subversion based, 
> > but you should be able to grab it via wget (or similar) if you can't/wont 
> > install subversion just for this single repo.
> > 
> > TIA, Christian
> > 
> > [1] http://overlays.gentoo.org/svn/proj/vps
> 
>Wouldn't it be nice to post a short message to the list if a new 
> revision comes up? Somehow I missed revisions 41 to 43 the last week...
> 

Try the live bookmark:
http://overlays.gentoo.org/proj/vps/timeline?changeset=on&wiki=on&max=50&daysback=90&format=rss

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Multiple Routing Tables (Was: PPP inside VServer)

[Michael S. Zick]

On Tue September 5 2006 02:52, Eugene Roux wrote:
> 
> Current Status:
>* Multiple VEs are up and stable.
>* VEs see their serial devices (all mapped to "/dev/modem").
>* Connecting to "/dev/modem" using "cu -l" gives sane results.
>* PPP connections establishes fine when tried individually.
>* Trying to bring up more than one PPP interface at a time causes
>  the second to abort when it tries to set a default route.
> 
> Any suggestions and/or tips?
> 

man pppd
See the: nodefaultroute and replacedefaultroute options.

They should give you control of the trying to set a default
route.

You might check how many /dev/ppp0 devices are trying to
be set up also.  ppp usually makes the connection: 
ppp? <-> /dev/something

Since routing is on the host, you might have to poke at
the ppp code to get it to take an option for the device
name. I.E: pppdev=ppp0 (vserver 0), pppdev=ppp1 (vserver 1)

It may be that you have to many ppp0 devices visible from
the host (or you would if it wasn't aborting).

Mike

> Regards,
> Eug?ne
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Multiple NICs, Multiple Networks; Revisited 2

[Michael S. Zick]

On Sat August 12 2006 02:14, Bob Predaina wrote:
> 
> eth0, eth1, eth2 and lo are all up and running on the
> host. the host is using eth0.  as a test setup i have
> installed two guest servers that will be using eth1. 
> both were created using the --interface
> eth1:192.168.18.252/24 parameter. 
>

Have you tried specifying a single address?
--interface eth1:192.168.18.252/32

> The guests correctly 
> report that they are using eth1 at 192.168.18.252. 
> 
> Even though the guest server's ifconfig information
> shows binding to the correct ethernet adapter and IP
> address (eth1:192.168.18.252), it appears that they
> are responding to incoming traffic on
> eth1:192.168.18.252, but their outgoing traffic is
> actually going out through eth0:192.168.18.251. there
> is no isolation of the network interfaces.
> 

Both of those addresses are within the 
eth1:192.168.18.252/24 specification.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Host and guest compatability

[Michael S. Zick]

On Wed August 9 2006 10:56, Jim Wight wrote:
> On Wed, 2006-08-09 at 09:58 -0500, Michael S. Zick wrote:
> > On Wed August 9 2006 09:30, Jim Wight wrote:
> > > On Wed, 2006-08-09 at 08:50 -0500, Michael S. Zick wrote:
> > > > Since the chroot command does not change the context (or namespace) then
> > > > it must be the act of trying to run in a different context that breaks
> > > > something.
> > > > 
> > > > My guess, the dynamic library handling.
> > > > 
> > > > Try executing /lib/libc.so.6 in the guest context, see if you get a
> > > > normal report out of it.  It should print its build information,
> > > > including its version.
> > > 
> > > What command is required to accomplish that?
> > > 
> > 
> > The file libc.so.6 is an executable.
> > 
> > Just substitute "/lib/libc.so.6" for where you are using "/usr/bin/env"
> > in your testing.
> 
> OK. I changed the value of _ENV in util-vserver-vars, which results in
> 
> # vserver fc5 start
> GNU C Library development release version 2.3.5, by Roland McGrath et
> al.

Oops.

> Copyright (C) 2005 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> Compiled by GNU CC version 4.0.1 20050727 (Red Hat 4.0.1-5).
> Compiled on a Linux 2.4.20 system on 2005-08-15.
> Available extensions:
> GNU libio by Per Bothner
> crypt add-on version 2.1 by Michael Glad and others
> Native POSIX Threads Library by Ulrich Drepper et al
> The C stubs add-on version 2.1.2.
> BIND-8.2.3-T5B
> NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
> Glibc-2.0 compatibility add-on by Cristian Gafton
> GNU Libidn by Simon Josefsson
> Thread-local storage support included.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/libc/bugs.html>.
> vshelper.init: can not determine xid of vserver 'fc5'; returned value
> was ''
> 
> which is what executing /lib/libc.so.6 on the (FC4) host gives.
> Presumably you would expect the output to be the same as
> 
> # chroot /vservers/fc5 /lib/libc.so.6
> GNU C Library development release version 2.4, by Roland McGrath et al.
>

Super!

> Copyright (C) 2006 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> Compiled by GNU CC version 4.1.0 20060304 (Red Hat 4.1.0-3).
> Compiled on a Linux 2.6.9 system on 2006-05-12.
> Available extensions:
> The C stubs add-on version 2.1.2.
> crypt add-on version 2.1 by Michael Glad and others
> GNU Libidn by Simon Josefsson
> GNU libio by Per Bothner
> NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk
> Native POSIX Threads Library by Ulrich Drepper et al
> BIND-8.2.3-T5B
> Thread-local storage support included.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/libc/bugs.html>.
> 
> > Or build your own command out of the low level tools, similar too:
> > 
> > chbind --ip ${VADDRESS} -- vcontext --create --xid ${VID} --chroot -- \
> > /usr/bin/env -i HOSTNAME=${VROOT} HOME=/root TERM="${TERM}" PS1='\u:\w\$ ' \
> > PATH='/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin' 
> > /bin/bash --login +h
> 
> Like this
> 
> # cd /vservers/fc5
> # vcontext --create --xid 49142 --chroot -- /usr/bin/env -i HOME=/root
> PATH='/bin:/sbin:/usr/bin:/usr/sbin' /bin/bash --login +h
> New security context is 49142
> [EMAIL PROTECTED] /]# cat /etc/redhat-release
> Fedora Core release 5 (Bordeaux)
> [EMAIL PROTECTED] /]# /lib/libc.so.6
> GNU C Library development release version 2.4, by Roland McGrath et al.
> Copyright (C) 2006 Free Software Foundation, Inc.
>

You got it and I don't see any complaints from "env", "bash", the loader,
or libc.so.6.

Now the only question is why the high-level tools have a problem starting
your vserver.

Sorry, I can't help with the "why", but you have a shell in the virtual
context to work from.  First would probably be to run /sbin/ldconfig.

Major difference here is the various configuration files that the
high-level scripts use.  These low-level commands aren't referencing them.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Host and guest compatability

[Michael S. Zick]

On Wed August 9 2006 09:30, Jim Wight wrote:
> On Wed, 2006-08-09 at 08:50 -0500, Michael S. Zick wrote:
> > Since the chroot command does not change the context (or namespace) then
> > it must be the act of trying to run in a different context that breaks
> > something.
> > 
> > My guess, the dynamic library handling.
> > 
> > Try executing /lib/libc.so.6 in the guest context, see if you get a
> > normal report out of it.  It should print its build information,
> > including its version.
> 
> What command is required to accomplish that?
> 

The file libc.so.6 is an executable.

Just substitute "/lib/libc.so.6" for where you are using "/usr/bin/env"
in your testing.

Or build your own command out of the low level tools, similar too:

chbind --ip ${VADDRESS} -- vcontext --create --xid ${VID} --chroot -- \
/usr/bin/env -i HOSTNAME=${VROOT} HOME=/root TERM="${TERM}" PS1='\u:\w\$ ' \
PATH='/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin' /bin/bash 
--login +h

I use the above to give myself a command shell inside a vserver context without
"starting" the vserver - the above is independent of the vserver config files.

(Note the "+h" on the Bash command - you need to make Bash drop its path hashing
tables.)

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Host and guest compatability

[Michael S. Zick]

On Wed August 9 2006 08:22, Jim Wight wrote:
> On Wed, 2006-08-09 at 08:17 +0200, Guenther Fuchs wrote:
> > on Tuesday, August 8, 2006 at 9:46:04 PM there was posted:
> > 
> > JW>   # vserver fc5 start
> > JW>   /usr/bin/env: /lib/libc.so.6: version `GLIBC_2.4' not found
> > JW> (required by /usr/bin/env)
> > 
> > Don't know where this comes from, but it definately relates _only_ to
> > the guest.
> 
> > JW> FC5 has glibc 2.4 whereas FC4 has glibc 2.3. Is that really the
> > JW> problem, or is the message a side-effect of some other problem?
> > 
> > It is definately an effect of a guest related problem, which does
> > _not_ relate to the hosts glibc.
> 
> Well, that's the error I get when I run /vservers/fc5/usr/bin/env on the
> host. 'chroot /vservers/fc5 /usr/bin/env' is OK.
> 

Which means that the env binary and all of its dependencies are complete
within the chroot.

Since the chroot command does not change the context (or namespace) then
it must be the act of trying to run in a different context that breaks
something.

My guess, the dynamic library handling.

Try executing /lib/libc.so.6 in the guest context, see if you get a
normal report out of it.  It should print its build information,
including its version.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] time in guest vserver

[Michael S. Zick]

On Tue August 1 2006 05:29, Jonathan Dray wrote:
> I have a correct output with the date function inside guests :
> mardi 2006, 12:07:14 (UTC+0200)
> 
> But time only give me 0 :
> 
> real0m0.000s
> user0m0.000s
> sys 0m0.000s
> 
> Is this normal ?
> 
Yes

> The problem is that the php time() function takes the results of the system
> time call.
>
try: date

> And I need the time() value to synchronise database values.
> Is there any way to have the correct time ?
> 
The date-time value would probably be better than using
the elapsed time of a process.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] guest network interface disappears

[Michael S. Zick]

On Tue July 25 2006 09:01, Martin Pajak wrote:
> Herbert Poetzl schrieb:
> 
> > suspect that one guest gets a 'primary' (i.e. not
> > secondary) ip on the network (check with ip a ls)
> 
> I tested this and all guests have only their designated addresses bound, 
>   so this shouldn't be the cause here. I don't know the 
> "primary/secondary propagation", but I guess I don't need it in this 
> scenario.
> 

The first address assigned to a nic becomes the primary (only).
Additional addresses become 'secondary'.

With the default set-up, then if you take down the primary,
all addresses go down.

There is a flag in /proc, I forget where, that can be set
to change the above behavior.

With the flag set - then when you take down the (current)
primary address, one of the secondary addresses becomes
primary.

This has been on the mailing list before, should be findable.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] How to discover the "real" IP Address?

[Michael S. Zick]

On Sat July 8 2006 07:11, Boniforti Flavio wrote:
> 2006/7/8, Guenther Fuchs <[EMAIL PROTECTED]>:
> 
> > So you meant to discover, on which machine you reside, when not having
> > main host access but knowing some of their details, right?
> 
> Genau! :-)
> 
> > BF> Now, I tried following approach:
> > BF> pinging localhost gives me 0.0 ms times
> > BF> pinging SERVER1 gives me 0.0 ms times
> > BF> pinging SERVER2 gives me times form 0.1 to 0.4...
> >
> > BF> Is it correct if I assume (without any definite certainty) that my
> > BF> VServer resides on SERVER1?
> >
> > This assumption looks correct to me, although it's not certain. Look
> > into ARP tables and MAC adresses for more certainity.
> 
> Well, looking at ARP tables I can't get anything about the "real" IPs
> of the hosts. Is it correct, when I assume that *all* the IPs bound to
> the real interface have THE SAME MAC Address? If yes, is there any way
> to get the MAC address from "outside"?
>

man arping

> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] fstab.remote + smbmount

[Michael S. Zick]

On Fri June 23 2006 19:39, Daniel Hokka Zakrisson wrote:
> Falk Hamann wrote:
> > 26008 execve("/sbin/mount.smbfs", ["/sbin/mount.smbfs", "//fsuser/grp", 
> > ".", "-n", "-o", "rw,nodev,uid=101,gid=100,usernam"...], [/* 16 vars */]) = > > 0
>

Could the "//" in "//fsuser/grp" be throwing off its option parsing?

> ...
> > 26008 write(2, ".: invalid option -- n\n", 23) = 23
>

Or the "-n" option is really invalid for that /sbin/mount.smbfs version?
(It isn't mentioned on the smbmount man page.)

Try running /sbin/mount.smbfs by hand with those variations.

Mike
> ...
> > 26008 write(1, "26008: tree connect failed: ERRD"..., 66) = 66
> ...
> > 
> > I hope, somebody can help me and pinpoint the problem. I can't imagine that 
> > smb should not do within a guest. :-(
> > Thanks Falk
> > 
> 
> mount.smbfs is obviously the one printing the error, although it seems 
> to proceed with the mount anyhow. That in turn seems to be denied for 
> some reason (26008?). Do you have the full error message it prints?
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] localhost

[Michael S. Zick]

On Wed June 7 2006 17:43, Alexander Kabanov wrote:
> hi,
> 
> what about this (need to verify, going to this evening)
> 
> ifconfig dummy0 10.10.10.10 up
> 
> and then give two IPs to each guest, i.e. (vserver/interfaces)
> 
> eth0 x.x.x.x - external IP
> dummy0 10.10.10.11 - internal IP
> 
> guest's /etc/hosts
> x.x.x.x guest01
> 10.10.10.11 localhost
> 
> unfortunatelly, most likely it is not a solution for Albert's problem.
> 
> is there anything that needs to be done to firewall? it seems to me
> the dummy iface is some kind of internal device similar to lo. Would
> be good to hear mainteiners opinion about this approach.
> 
> thanks
> 
> --Shurik

Not exactly similar to lo.
It is the network interface equivalent of /dev/null.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project

[Michael S. Zick]

On Sat May 27 2006 10:40, Michael S. Zick wrote:
> On Sat May 27 2006 09:41, Herbert Poetzl wrote:
> > On Thu, May 25, 2006 at 06:07:28AM -0400, Bob Mutch wrote:
> > > 
> > > If you blog or have friends that blog you may want to ask 
> > > them to blog up on the project. The more noise we make the 
> > > more companies that will use my list to make donations and 
> > > the more money that will be sent to support your project.
> > 
> > just a small question, who verifies the lists _you_
> > put together and send to the companies? I mean, it's
> > not clear to me how to prevent misuse of that list
> > by e.g. adding a few additional paypal accounts :)
> > 
> > best,
> > Herbert
> > 
> 
> A few more small questions.
> 
> I note that you state you charge a fee for the lists that you
> provide.  How much?  How do you figure the rate?
> 
> Are you a 503(c)3 tax exempt organization?
Oops - typo ^^ 501(c)3

> Where can a audited copy of your books be reviewed?
> 
> Why are you using the same IP address as a recognized, financial
> scam artiest?  
> 
> This project has a perfectly good donations page and a
> working system to accept and acknowledge donations.  What
> is there to be gained by this project by its association with
> your for-profit (the fees) service?
> 
> Mike

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project

[Michael S. Zick]

On Sat May 27 2006 09:41, Herbert Poetzl wrote:
> On Thu, May 25, 2006 at 06:07:28AM -0400, Bob Mutch wrote:
> > 
> > If you blog or have friends that blog you may want to ask 
> > them to blog up on the project. The more noise we make the 
> > more companies that will use my list to make donations and 
> > the more money that will be sent to support your project.
> 
> just a small question, who verifies the lists _you_
> put together and send to the companies? I mean, it's
> not clear to me how to prevent misuse of that list
> by e.g. adding a few additional paypal accounts :)
> 
> best,
> Herbert
> 

A few more small questions.

I note that you state you charge a fee for the lists that you
provide.  How much?  How do you figure the rate?

Are you a 503(c)3 tax exempt organization?
Where can a audited copy of your books be reviewed?

Why are you using the same IP address as a recognized, financial
scam artiest?  

This project has a perfectly good donations page and a
working system to accept and acknowledge donations.  What
is there to be gained by this project by its association with
your for-profit (the fees) service?

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project

[Michael S. Zick]

On Sat May 20 2006 17:14, Herbert Poetzl wrote:
> On Fri, May 19, 2006 at 07:27:30AM -0700, Bob Mutch wrote:
> > Hi my name is Bob Mutch ...
> 
> Hi Bob!
> 
> > .. and I am the owner of Solutions with Service,
> > a Canadian company that uses open source software products.
> 
> > I have started a project called ?Project SOS? (Support Open Source) to 
> > help fund free and open source software projects.
> 
> > I would like to make a donation to your open source work 
> > http://linux-vserver.org though our project.
> 
> sounds good!
> 
> > Here is the page that how the donations work.
> > 
> > http://www.seocompany.ca/project-support-open-source.html
> 
> sounds good too ...
> 

You might read his answer to "why are you doing this" question.
quoted in part:


Together we came up with the name Gentoo, registered gentoo.org in 2002 
and I had some minor input into the ports type package system Robin's developed.


Unfortunately, he can't even get his facts straight:

[EMAIL PROTECTED]:~$ whois -H gentoo.org

Domain ID:D10959563-LROR
Domain Name:GENTOO.ORG
Created On:04-Oct-1999 16:08:45 UTC
Last Updated On:21-May-2005 01:52:15 UTC
Expiration Date:04-Oct-2008 16:08:45 UTC

- - - -

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project

[Michael S. Zick]

On Sat May 20 2006 17:14, Herbert Poetzl wrote:
> On Fri, May 19, 2006 at 07:27:30AM -0700, Bob Mutch wrote:
> > Hi my name is Bob Mutch ...
> 
> Hi Bob!
> 
> > .. and I am the owner of Solutions with Service,
> > a Canadian company that uses open source software products.
> 

And a bit of information on the source of that mail:

[EMAIL PROTECTED]:~$ makeviz bobmutch.com

Starting with domain name >bobmutch.com.<
Using default blacklist server list.
Search depth limit: 2
.,.1::2
Known network pairs.
64.202.189.170   bobmutch.com.
64.202.189.170   pwfwd-v01.prod.mesa1.secureserver.net.
64.202.165.120   park17.secureserver.net.
68.178.211.113   park18.secureserver.net.
64.202.167.31cns1.secureserver.net.
68.178.211.100   cns2.secureserver.net.
64.202.188.201   jomax.net.
64.202.188.208   secureserver.net.
64.202.166.11mailstore1.secureserver.net.
64.202.166.12smtp.secureserver.net.
64.202.165.120   ip-64-202-165-120.secureserver.net.
68.178.211.113   ip-68-178-211-113.ip.secureserver.net.
64.202.188.201   corpweb-v01.prod.mesa1.secureserver.net.
64.202.188.208   corpweb-v08.prod.mesa1.secureserver.net.

Checking Blacklist servers.
Checking address 64.202.189.170
Records from l2.spews.dnsbl.sorbs.net
"!!! [2] Sam Talari, see http://spews.org/ask.cgi?S3214";
Checking address 64.202.165.120
Checking address 68.178.211.113
Checking address 64.202.167.31
Checking address 68.178.211.100
Checking address 64.202.188.201
Checking address 64.202.188.208
Checking address 64.202.166.11
Checking address 64.202.166.12

http://spamviz.net; makeviz.bash; v-1.3.0, 2005-msz

- - - - -

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] secure a guest against the host's root-account

[Michael S. Zick]

On Mon April 24 2006 01:02, Oliver Welter wrote:
> Hi Folks,
> 
> this might be a strange question for some of you as it is more an 
> academical interesst, but I hope you can help me out ;)
> 
> Q: Is there a way to prevent that a superuser on the host system can
> 
> * see process of a guest
> * enter a guest
> * receive any other valuable info from the guest
> 
> The idea behind is easy - I want to give away a guest system that uses 
> an encrypted filesystem for its sensible data. The guest system itsself 
> will provide only very limited access to the data via an API and it must 
> be prevented by any means that even the "Bofh" of the host can access 
> any of the data
> 
> So, is there any way to do this ? I guess that SELinux/GR will offer 
> some pointers to forbid root these actions, but are there any "easier" 
> ways ??
> 
Sounds like SELinux is the tool of choice for that.

Mike
> Oliver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [ARCH] Linux-VServer auf T2000 :)

[Michael S. Zick]

On Sun April 9 2006 12:45, Guenther Fuchs wrote:
> Hi there,
> 
> on Sunday, April 9, 2006 at 6:19:23 PM there was posted:
> 
> GF> Ah - where's this release to be fetched from? ;-)
> MSZ> http://www.kernel.org
> 
> Oh - they do have VServer patches now? Interesting.
> 
The answer can never be better than the question.
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [ARCH] Linux-VServer auf T2000 :)

[Michael S. Zick]

On Sun April 9 2006 09:36, Guenther Fuchs wrote:
> Hi there,
> 
> on Sunday, April 9, 2006 at 4:28:57 PM there was posted:
> 
> HP> Linux 2.6.17-rc1-vs2.1.1 #2 SMP
> 
> Ah - where's this release to be fetched from? ;-)
> 
http://www.kernel.org
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] too many open files error

[Michael S. Zick]

On Thu April 6 2006 17:41, Chuck wrote:
Ch> 
Ch> actually 2 applications, the mail server and the list server both of which 
can 
Ch> open several hundred threads as needed.
Ch> 

The hardcoded maximum per process (in 2.6.x) is 1024*1024 - so that is nothing
unless you have a very, very bad fs descriptor leak.

Ch> > There is another limit built into the kernel for applications that use 
Ch> 'select'
Ch> > to get notifications of connection attempts to file descriptors.
Ch> > 

Browsing fs/select.c makes me think I was wrong on the above - it might be
a libc limit that I recently read.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] too many open files error

[Michael S. Zick]

On Thu April 6 2006 11:20, Chuck wrote:
Ch> On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote:
Ch> > On Thursday 06 April 2006 16:46, Chuck wrote:
Ch> > > this one is weird. could i be reaching some kind of max on a gentoo
Ch> > > platform?
Ch> > >
Ch> > > we are running approx 40 vserver guests on a 4 processor dell. our email
Ch> > > server is running on the 'host' side.
Ch> > >
Ch> > > my tip on this came from our email list server. the log stated:
Ch> > >
Ch> > > 6 10:20:19  error: Still trying to open connection Too many open files
Ch> > >

A single, multi-thread application?

There is another limit built into the kernel for applications that use 'select'
to get notifications of connection attempts to file descriptors.

That limit is the hardcoded size of the file descriptor select structure (in 
bits).
Not sure off-hand how big it is, I think either 64 or 128 bits (open 
descriptors 
monitored).

You might have to run multiple instances of the e-mail application if this is 
the
cause of the error message.

Mike

Ch> > > and this is in the log many times. not knowing if this is a program or
Ch> > > system error causing this i am taking the safe route while i wait for 
the
Ch> > > program support people to let me know...
Ch> > >
Ch> > > is there a setting somewhere in the vserver system, i assume on the 
host,
Ch> > > that the number of open files can be set? i dont even know what the 
stock
Ch> > > max is..
Ch> > 
Ch> > Perhaps /proc/sys/fs/file-max ? 
Ch> > 
Ch> 
Ch> maybe max files is not the issue. :
Ch> 
Ch> # cat /proc/sys/fs/file-max
Ch> 309847
Ch> 
Ch> i would think 309k open files would be sufficient.
Ch> 
Ch> will see what the mailing list software vendor has to say..
Ch> 
Ch> > Just modify the value by echoing the new value
Ch> > 
Ch> > or use sysctl -w fs.file-max= and modify /etc/sysctl.conf
Ch> > 
Ch> > -- 
Ch> > Xavier Montagutelli  Tel : +33 (0)5 55 45 77 20
Ch> > Service Commun Informatique  Fax : +33 (0)5 55 45 77 60
Ch> > Universite de Limoges
Ch> > 123, avenue Albert Thomas
Ch> > 87060 Limoges cedex
Ch> > ___
Ch> > Vserver mailing list
Ch> > Vserver@list.linux-vserver.org
Ch> > http://list.linux-vserver.org/mailman/listinfo/vserver
Ch> > 
Ch> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problem with nice inside a vserver

[Michael S. Zick]

On Sat March 11 2006 07:44, Russell Kliese wrote:
> >> >> >> >On 3/9/06, Russell Kliese <[EMAIL PROTECTED]> wrote:
> >> >> >> >
> >> >> >> >
> >> >> >> >>I have a problem with the find cron job inside a debian vserver.
> >> >> >> >>
> >> >> >> >>The find cron job runs the updatedb script as follows:
> >> >> >> >>
> >> >> >> >>#! /bin/sh
> >> >> >> >>#
> >> >> >> >># cron script to update the `locatedb' database.
> >> >> >> >>#
> >> >> >> >># Written by Ian A. Murdock <[EMAIL PROTECTED]> and
> >> >> >> >>#Kevin Dalley <[EMAIL PROTECTED]>
> >> >> >> >>
> >> >> >> >>LOCALUSER="nobody"
> >> >> >> >>export LOCALUSER
> >> >> >> >>if [ -f /etc/updatedb.conf ]; then
> >> >> >> >>  . /etc/updatedb.conf
> >> >> >> >>fi
> >> >> >> >>
> >> >> >> >>if getent passwd $LOCALUSER > /dev/null ; then
> >> >> >> >>  cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
> >> >> >> >>  # cd / && updatedb 2>/dev/null
> >> >> >> >>else
> >> >> >> >>  echo "User $LOCALUSER does not exist."
> >> >> >> >>  exit 1
> >> >> >> >>fi
> >> >> >> >>
> >> >> >> >>The updatedb script tries to su to the nobody user, but this
> >> fails
> >> >> >> with
> >> >> >> >>the following messages logged in /var/log/auth.log
> >> >> >> >>
> >> >> >> >>Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
> >> >> >> >>Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for
> >> >> user
> >> >> >> >>nobody by root(uid=0)
> >> >> >> >>Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission
> >> >> denied
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>If I comment in the line with the # in the above script (and
> >> >> comment
> >> >> >> out
> >> >> >> >>the line above), things work fine (i.e. I don't get the
> >> >> >> >>"pam_open_session: Permission denied" logged in the auth.log).
> >> So
> >> >> it
> >> >> >> >>seems to be something to do with nice. Note that even if I
> >> remove
> >> >> the
> >> >> >> >>"-n ${NICE:-10}" things still don't work.
> >
> > what does the $NICE contain here? maybe a negative value?
> 
> $NICE is set to 10 in /etc/updatedb.conf, so -n ${NICE:-10} is the same as
> -n 0.
>
In a shell script?  Doesn't ":-" set a default value if the variable is
not already set?

Mike
> 
> > could you add some output to the log before that?
> 
> Sorry, I'm not sure what you mean.
> 
> >> >> >> >>Would enabling CAP_SYS_NICE help in this case even though a
> >> lower
> >> >> >> >>priority is being set? Or is there something else causing this
> >> >> >> problem?
> 
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vserver hosting on server4you.com

[Michael S. Zick]

On Wed February 22 2006 15:28, Matt Nuzum wrote:
> 
> Well, one mistake I made when deciding on a data center was to failing
> to see if their service is used by spammers. When I signed up with
> "Neutelligent" in the Tampa Bay are of Florida, USA I didn't check
> this. At the time our servers were installed, several IP blocks were
> black listed and our users could not send e-mail to some domains (such
> as AOL). Fortunately, they had already enacted a policy to get abusers
> off of their network and after a few months the IP Blocks were removed
> from the DNSbl.
> 
> Anytime I consider a host in the future, I'm going to ask what their
> policy on spammers is and check the dns black lists to see if they're
> listed.
>

I wrote a tool for that purpose (among others), see:
http://freshmeat.net/projects/spamviz/
 
Requires that your system have bash and dig installed. GraphViz is optional.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] vserver distribution? (was CentOS 4(.2) utils RPM/YUM repository)

[Michael S. Zick]

On Wed February 15 2006 16:35, Matthew Sayler wrote:
> 
> I've been thinking for some time that it would be great to tailor a
> distribution especially for Linux-Vserver -- that is, an installable
> ISO-imagable Linux distribution configured to lay down a very minimal
> system by default.  Mostly I want nothing except for ssh and a few
> monitoring apps running on my host vserver.
> 
> Anyone tried this or thought about this?
> 
Matthew,

Do you mean a runtime only system (I.E: no tool chain)

Then the answer is yes.

Searching the list for nano-vserver would bring up the
thread - but that will not help at the moment, since
I have pulled the Dec. 28, 2005 prototype from my site.

Currently the project is undergoing a major re-write...
Will have that done RSN (tm).

Image based on:

Staticly linked Bash
Dynamicly linked Busybox
Your choice of glibc

Currently only provides a virtual context shell.

Now working on making it provide a virtual server with
secure login.

The idea is to be able to add your choice of application
software - or to be able to install a minimum base installation
of anything from within the virtual context shell.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Bug/Issue with Routing, Multiple NICs and vServers

[Michael S. Zick]

On Fri February 10 2006 02:50, Herbert Poetzl wrote:
> On Fri, Feb 10, 2006 at 08:58:05AM +0100, Oliver Welter wrote:
> > Hi Folks,
> > 
> > I encounter several problems regarding routing with a vServer host that 
> > has mutliple networks.
> > 
- - - - snip
> 
> if you want a shizophrenic host which can handle separate
> networks, you simply have to configure that properly, in 
> your case that means to create two tables which contain
> the separate network entries and only put the 'shared' net
> in the main table, then have appropriate rules decide which
> table to choose from, based on the source ip
> 
> this is nothing Linux-VServer specific, it is the way how
> linux networking works and it will not change without some
> kind of network stack virtualization, which will be done
> in the upcoming ngnet ...
> 
> best,
> Herbert
> 
Warning - - not tried in real operation - -

Enable the bridging code in your kernel config...
Add all of your nics to the bridge...
Set up your IP tables to send anything 'out of box' to the bridge...
Use the bridge rules to block/route/whatever things to proper nic.

Last time I used the bridging rules (before adopted in stock kernel),
there was not a 'drop on the floor' target...
So configure the 'dummy network device' into your kernel - you can
use that as a '/dev/null' in the bridge rules.

Careful - such a setup can become incomprehensible in a hurry.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] ssh into a vserver

[Michael S. Zick]

On Tue February 7 2006 14:41, Herbert Poetzl wrote:
> On Tue, Feb 07, 2006 at 08:50:09PM +0100, Norbert Klamann (gpre) wrote:
> > Herbert Poetzl schrieb:
> > >On Tue, Feb 07, 2006 at 06:06:08PM +0100, Norbert Klamann (gpre) wrote:
> > >
> > >>Hello all,
> > >>i have a debian sarge box with a vserver guest in it, both have to
> > >>share the same ip and I configured the vserver with nodev.
> > >>
> > >>My version of the vserver-Software is vs2.0.1 against a 2.6.14.3 - Kernel.
> > >>
> > >>I installed sshd in it and bound it to the IP-Adress (not 0.0...) and 
> > >>another port than the host.
> > >
> > >
> > >you got it the wrong way, the guest's sshd does not need
> > >any changes, the host's sshd has to be restricted to some
> > >host IPs, otherwise ...
> > 
> > But I  have less ip-adresses than vservers, so the host and the guest 
> > have to share . I was under the impression that it is possible to have 2 
> > sshds on 1 ip-adress but 2 ports. Shouldn't this work ?
> 
> yes, it definitely works, but of course you have to use
> different ports for that ...
>
View his e-mail headers - they tell the story.
Will try to help him off-list

Mike 
> best,
> Herbert
> 
> > -- 
> > Viele Gr??e / All the best
> > 
> > Norbert
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] ssh into a vserver

[Michael S. Zick]

On Tue February 7 2006 13:50, Norbert Klamann (gpre) wrote:
> Herbert Poetzl schrieb:
> > On Tue, Feb 07, 2006 at 06:06:08PM +0100, Norbert Klamann (gpre) wrote:
> > 
> >>Hello all,
> >>i have a debian sarge box with a vserver guest in it, both have to
> >>share the same ip and I configured the vserver with nodev.
> >>
> >>My version of the vserver-Software is vs2.0.1 against a 2.6.14.3 - Kernel.
> >>
> >>I installed sshd in it and bound it to the IP-Adress (not 0.0...) and 
> >>another port than the host.
> > 
> > 
> > you got it the wrong way, the guest's sshd does not need
> > any changes, the host's sshd has to be restricted to some
> > host IPs, otherwise ...
> 
> But I  have less ip-adresses than vservers, 
>
How can this be?  You can run a local network on a single machine with
a single network interface and a public network address at the same time.

How have you setup your iptables in the host?  Got -SNAT?


Mike
> so the host and the guest  
> have to share . I was under the impression that it is possible to have 2 
> sshds on 1 ip-adress but 2 ports. Shouldn't this work ?
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [glibc] Usage of glibc with VServer tools

[Michael S. Zick]

On Fri February 3 2006 17:06, Michael S. Zick wrote:
> On Fri February 3 2006 10:14, Michael S. Zick wrote:
> > Group,
> > 
> > An update on the discussions in m-l threads:
> > re: http://list.linux-vserver.org/archive/vserver/msg09336.html
> > re: http://list.linux-vserver.org/archive/vserver/msg12349.html
> > 
> - - - snip - - -
> 
This should be the last part of what turned out to be a three part message.

(After a couple of days of RTFM ...)

As to the original question: "Can some sort of test be created ..."

Consider this situation:
User has a host system, running an arbitrary version/patch flavor/option set
of glibc ...
User has just populated the file system with a guest software system 
using an arbitrary *libc ...

Now, for this situation, construct a test the user can run to see if they
might run into trouble with the glibc name service system either failing
or worse, returning the data from the host definitions rather than the
guest definitions during either new context creation or new context entry.

(That turns out to be a challenging test specification.)

The problem exists because the nss services in glibc are provided by dynamic 
linking of external DSOs, even in a staticly linked application.
AND:
For most hardware, glibc performs "lazy linking" (on call linking).
AND:
The dynamic linker of glibc can not unlink a DSO from an executing process
image and re-link that same process image with a different DSO.

(Even if glibc-2.4.x provides that last feature - 
note the "arbitrary glibc" in the problem specification.)

- - - Testing for glibc nss failure of process(es) executing in two contexts:

Not an easy task.  Also would require artificial set-up in user's host
and/or guest software system.  Q.E.D: Not practical.

- - - Testing for other glibc failures of process(es) executing in two contexts:

This one might be practical.
The roots of the problem given above also apply to internationalization in
glibc (on-call linking of an external DSO even in a staticly linked 
application).

The tests would require the host and guest locale settings to differ and
detecting if a "two context" process is grabbing the wrong locale 
data/coversions.

- - - The work arounds

- - Staticly link "two context" applications against a *libc that does not 
provide
nss and internationalization as external, link on-call, DSOs 

- - The glibc case (this fails the "arbitrary glibc" part of the requirements)

- Link "two context" applications either dynamicly or staticly against glibc.
(Static linking gives a larger image but quicker start-up time)

- Disable nscd if running in the host (or never start it; I.E: no config file)
(nscd --shutdown)

- Enable the "bind-now" feature in the environment of "two context" applications
when creating the process image.
(This feature is a glibc build time option - your glibc might not include it.)

- - - Why call the previous "work arounds" ?

- - Both the glibc and non-glibc "work arounds" lock the "two context" process
image to use the host software system implementations.  It is conceivable that 
the guest software system is incompatible with the "locked in" implementation.

- - The glibc "work around" can also be "locked in" to the guest implementation
using a combination of LD_LIBRARY_PATH and BIND_NOW.

- - The point is, the process image is only _KNOWN_ to be compatible with either
the host or the guest software system.

- - - The solution

- - Don't do that.

- Immediately after making the "context change" system call, create a new 
process image using the new context software system, communicate commands
that might make nss or internationalization calls to the proper, context
specific, process image.

Note 1: Open file descriptors that are not marked "close on exec" are passed
to the process image in the new context.

Note 2: The high level, VServer tools are Bash scripts - this means that the
executing Bash process image is a "two context" application.

Note 3: ldconfig has options that allow the creation of the (to be) proper
ld.so.cache for the file system of the new context from outside of that
file system.

- - - 

> I.E: A lot of work for no noticeable benefit or even lost functionality.
> 
> When the linux dynamic loader can unlink and relink a different DSO
> in a process image - the situation might change.  That feature has been
> on the glibc wish list for nearly a decade - don't hold your breath.
> 
> None of this means that you can not use glibc with the dynamic nss enabled, 
> it only places restrictions on version compatibility of the libraries in 
> the host and the guest.
> 

I hope that having this thread in the m-l archives is a help to someone.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Q: Using the vserver list for kernel development.

[Michael S. Zick]

On Fri February 3 2006 16:21, Martin List-Petersen wrote:
> On Fri, 2006-02-03 at 21:58 +0100, Cedric Le Goater wrote:
> > Eric W. Biederman wrote:
> > 
> > >>>I have recently been doing some vserver related kernel development
> > >>>but have had no luck CC my patches to the vserver list.  This
> > >>>last round because I CC to many interested parties.
> > >>>
> > >>>Is the vserver list supposed to be a place where we can post
> > >>>patches for discussion?  
> > >>
> > >>IMHO yes, so please if possible, make that happen ...
> > > 
> > > Doing my best to CC the interested parties.  It looks like the next
> > > patchset will go out to 14 different recipients.
> > 
> > :)
> > 
> > time for a new mailing list ?
> 
> Well, the limitation might be, that we don't allow attachments or very
> small ones. I can have a look at things this weekend to increase it.
> That was the decision mad when we moved the mailinglist the last time.
>
Could also be the handling of BCC - 

I know he said CC but he might be sending BCC and often list software
is set to >/dev/null anything BCC for spam reduction.

Mike 
> /Martin
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Step by Step Guide to a nano-vserver

[Michael S. Zick]

On Wed December 28 2005 16:28, Michael S. Zick wrote:
> Joel and Group,
> Today's update is available.
> 
> Baby-01 now does proper networking,
> only the directions where wrong.
> 
> 
The December 28th version of the guide has been removed,
but my server logs show folks still looking for it.

So a small progress note:

After a serious re-think of the project...
After a very major re-write...
After getting past the glibc nonsense...

I am now back on the job;
The next revision should be posted RSN. (I hope)

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] [glibc] Usage of glibc with VServer tools

[Michael S. Zick]

On Fri February 3 2006 10:14, Michael S. Zick wrote:
> Group,
> 
> An update on the discussions in m-l threads:
> re: http://list.linux-vserver.org/archive/vserver/msg09336.html
> re: http://list.linux-vserver.org/archive/vserver/msg12349.html
> 
- - - snip - - -
>
> messages - pointing to the culprits:
> 
> 
> warning: Using 'getgrent' in statically linked applications requires at
> runtime the shared libraries from the glibc version used for linking.
> 
> 
> With the same warning for:
> setgrent, endgrent, getpwent, getpwnam, getpwuid, setpwent, endpwent,
> getaddrinfo, getservent, setservent, endservent
> 
> There might be others, those are the ones that Bash-3.1 complains about.
> 
- - - Yup, there are others - - -
> 
> The solution is to include some 'linker magic' in the build of Bash (and
> the VServer tools) to include the glibc static library implementation of
> those calls.
> 
Close, but no golden ring.

First, you have to build a special version of glibc with the dynamic,
name system service disabled using instead the older static nss.
(The glibc doc's claim it can be done, but I haven't tried it.)

After all of that work, a static link of the VServer tools against
the special glibc is still just a work-around, same as if the tools
where linked against a *libc* that does not provide dynamic nss.

I.E: A lot of work for no noticeable benefit or even lost functionality.

When the linux dynamic loader can unlink and relink a different DSO
in a process image - the situation might change.  That feature has been
on the glibc wish list for nearly a decade - don't hold your breath.

None of this means that you can not use glibc with the dynamic nss enabled, 
it only places restrictions on version compatibility of the libraries in 
the host and the guest.

Aw, well, back to my own project that sidesteps this whole issue.
Mike


___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc

[Michael S. Zick]

On Fri February 3 2006 16:14, micah wrote:
> In gmane.linux.vserver, you wrote:
> > On Fri February 3 2006 12:04, Joel Soete wrote:
> >> > 
> >> Appologies for late answer but this isp webmail interface is very a 
> >> nightmare
> >> (it tooks me all this afternoon to reach to login Grrr).
> >> 
> > Joel,
> >
> > I sent you a possible solution to that problem.
> > Of course, that does not mean you received it.
> 
> If this was a solution to Joel's problem with dietlib, can you re-send
> it to the list so the rest of us can know the answer? I'd like to be
> able to reference it in the future if other HPPA users come here with
> the same problem. :)
> 
Sorry, I wasn't clear...

The ISP problem, not the dietlibc problems.
Due to the ISP problem, I had to steal a little m-l bandwidth.

Apologies,
Mike

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Samba and Vserver Best Practices

[Michael S. Zick]

On Fri February 3 2006 12:49, Matt Nuzum wrote:
> On 2/3/06, Charles Baker <[EMAIL PROTECTED]> wrote:
> > I'm setting up a host server and several vservers that developers in my
> > organization will use to test bug fixes of our software. They will
> > occasionally need access to certain directories on the vservers to check
> > logs, etc.
> >
> > For convenience sake samba shares to the needed directories would be the
> > thing to have. Is the best practice to set up samba on the host server
> > and share directories within the /vservers/$SERVERNAME/path/to/log/dir
> > or set up samba w/in the vserver itself and share it that way?
> 
> I've pondered this question myself and haven't come to a definite
> conclusion. I've had some problems with locking, although that was an
> older version of Samba and I here the problem I had has been resolved.
> 
> No matter what I try, I keep coming back to SSH and tail -f and some
> other custom tools I've written.
> 
> I've thought about using named pipes that will automatically spit out
> log files into multiple places, but I haven't taken the time yet to
> persue this.
>
You mean like: /dev/log (syslog socket)?

> 
> I envision a daemon process that watches the named pipe and (in my
> case) spit out a full log file, like normal, then grab "interesting"
> log entries and spit them out as separate files into a share that can
> be accessed elsewhere. 
>
Perhaps name the daemon syslogd?
Try: man syslogd

You can specify selected information to be remotely logged.

That is the 'common' syslogd on Linux systems, if using one of the
alternatives, remote logging might not be supported.


Mike

> For me, debugging log files containe snippets 
> of XML and SQL and it would be nice if those XML snippets are saved
> out as *.xml files so that they open in XML spy with just a double
> click and the sql is saved as *.sql files.
> 
> The only doubt I have about this working is the challenge of keeping
> the daemon running. I realize this problem has probably been solved,
> but I still wonder how it will work in a named pipe scenario.
> 
> Just food for thought and mindless rambling...
> 
> --
> Matthew Nuzum <[EMAIL PROTECTED]>
> www.followers.net - Makers of "Elite Content Management System"
> View samples of Elite CMS in action by visiting
> http://www.followers.net/portfolio/
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc

[Michael S. Zick]

On Fri February 3 2006 12:04, Joel Soete wrote:
> > 
> Appologies for late answer but this isp webmail interface is very a nightmare
> (it tooks me all this afternoon to reach to login Grrr).
> 
Joel,

I sent you a possible solution to that problem.
Of course, that does not mean you received it.

When you get a chance this weekend to beat on your
e-mail service, let me know off-list if you didn't receive it.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] [glibc] Usage of glibc with VServer tools

[Michael S. Zick]

Group,

An update on the discussions in m-l threads:
re: http://list.linux-vserver.org/archive/vserver/msg09336.html
re: http://list.linux-vserver.org/archive/vserver/msg12349.html

At the time of this writing, there are a lot of distributions which
have glibc-2.3.2 deployed (Debian/Sarge for one).  
The glibc project has released glibc-2.3.6 recently.

There are distributions which have deployed all versions inbetween, 
complicated by distribution specific patches.

If that is not confusing enough, even the same distribution may not
use the same version of glibc (and with the same build options) depending
on the system hardware.  
For example, a Debian/Sarge/parisc and a Debian/Sarge/x86 system does 
not deploy the same glibc with the same options.

The VServer tools are a combination of low level, compiled tools and
high level, Bash scripts.  Both of which need to lookup names.
These programs expect the name lookup functions to be supplied by
the system library[1].

When executing within the host (0) context, the host system library
will be used.
When executing within the guest (>1) context, the guest system library
will be used.

The problems encountered in the referenced m-l threads are related to
when a process has to execute in both/either context(s).
Such behavior happens during the creation of and/or entry into a guest
context.

This is due to there being no guarantee that the libraries in the host
and the guest have compatable name lookup implementations.

Enforcing such a guarantee is not an option - the guest context should
be able to run any system library that is compatable with the host kernel.

One work-around is to staticly link the VServer tools - this 'hardcodes'
the name lookup implementation to whatever code the library used for
linking provided.

But what about the copy of Bash that is running the high level scripts?
Ah, so...

Building a staticly linked[2] copy of Bash-3.1 provides a set of warning
messages - pointing to the culprits:


warning: Using 'getgrent' in statically linked applications requires at
runtime the shared libraries from the glibc version used for linking.


With the same warning for:
setgrent, endgrent, getpwent, getpwnam, getpwuid, setpwent, endpwent,
getaddrinfo, getservent, setservent, endservent

There might be others, those are the ones that Bash-3.1 complains about.

Since this warning is related to how glibc implements those functions (in
an external DSO), it applies to any program that makes those function calls 
and staticly linked against glibc-2.3.{2,3,4,5,6} even if that program's
build does not report the warnings.

The staticly linked Bash-3.1 will run, without runtime error reports, with
those calls not present.  Of course, those functions will not work, but
Bash-3.1 will survive.

The Bash-3.1 config-bot.h may be modified to avoid the features that call
those functions.  But that is not the real solution, the VServer tools
need to call those functions also.

The solution is to include some 'linker magic' in the build of Bash (and
the VServer tools) to include the glibc static library implementation of
those calls.

I have not determined that 'linker magic' yet - but the static archives
are present, even with Debian/Sarge binary only, installations.

- - - - -

Notes:

[1] Which flavor of glibc am I building against?

On your VServer tools build system, examine a dynamicly linked application;
your distribution's Bash is probably dynamicly linked, use the ldd script:

enter: ldd /bin/bash

If you see a: linux-gate.so.1 => (high memory address)
then the program is linked to use the kernel's 'fast sys-call' entry.
This is a kernel code provided, virtual, DSO - there should not
be any such file on the system.

Note the actual location of libc.so.6 (on the right of the => thing);
execute the actual library:
(Debian/Sarge/x86 - your milage will vary)

enter: /lib/tls/libc.so.6

Which will report some identifying information.

Determine the library binaries by:
enter: cat /usr/include/gnu/lib-names.h

It is the static libraries for libnss_dns*, libnss_files*, and
libnss_compat* that will need to be included in the 'linker magic'.

- - - - -

[2] Translation of "build a staticly linked Bash"

./configure --enable-net-redirections --enable-static-link \
--disable-rpath --prefix=

(Yes, that is --prefix=, not a typo)

make
make prefix=/opt/gnu/bash-static install-strip

- - - - -

Probably more than anyone wanted to know.
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc

[Michael S. Zick]

On Thu February 2 2006 21:55, Herbert Poetzl wrote:
> On Thu, Feb 02, 2006 at 08:08:38PM -0600, Michael S. Zick wrote:
> > On Thu February 2 2006 19:32, Herbert Poetzl wrote:
> > > On Thu, Feb 02, 2006 at 04:33:16PM -0600, Michael S. Zick wrote:
> > > > On Thu February 2 2006 14:09, Herbert Poetzl wrote:
> > > > > On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote:
> > > > > > > 
> > > > > > > 
> > > > > > > really depends on the dietlibc, but I'd assume it
> > > > > > > is _still_ broken on HPPA, nevertheless the glibc
> > > > > > > is _not_ a good alternative, although it _might_ 
> > > > > > > work for simple things.
> > > > > > 
> > > > > > I guess we can find out when Joel sends results of tests?
> > > > > 
> > > > > possible, well, testme and testfs will not 
> > > > > detect the insecurities introduced by glibc
> > > > > 
> > > > Are there any tests available to check for these glibc problems?
> > > 
> > > I don't know of explicit tests, but it should be
> > > possible to create some, given that somebody wants
> > > to spend time on it ...
> > > 
> > > > If not, perhaps a pointer or two into the mail archives on
> > > > the subject or pointer(s) to a discussion of the problems found?
> > > 
> > > http://list.linux-vserver.org/archive/vserver/msg09379.html
> > > (there are others, just goolge for it)
> 
> > Thanks, now I read what the concerns are. . .
> > 
> > That message is about the date of glibc-2.3.2 - current is 2.3.6
> >
> > There has been a fair number of changes done between those versions.
> > Some affecting getpwnam() and friends when used in staticly linked
> > programs.
> 
> well, please also check how 'small' the statically
> linked tools would be when linked against recent glibc
> (statically of course :)
> 
That I can do - Just need to look up the information on build machine.

This is off topic for the subject - so will break this thread.

> > I think both of the mentioned restrictions can now be enforced.
> 
> would be good as a last resort when dietlibc is failing
> (as it is currently the case for parisc)
> 
> > Let me spend some time on checking that statement before I go too
> > far out on a limb.
> 
> please do so, and keep us posted ...
> 
Next update will be a thread tagged: [glibc] for future m-l reference.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc

[Michael S. Zick]

On Thu February 2 2006 19:32, Herbert Poetzl wrote:
> On Thu, Feb 02, 2006 at 04:33:16PM -0600, Michael S. Zick wrote:
> > On Thu February 2 2006 14:09, Herbert Poetzl wrote:
> > > On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote:
> > > > > 
> > > > > 
> > > > > really depends on the dietlibc, but I'd assume it
> > > > > is _still_ broken on HPPA, nevertheless the glibc
> > > > > is _not_ a good alternative, although it _might_ 
> > > > > work for simple things.
> > > > 
> > > > I guess we can find out when Joel sends results of tests?
> > > 
> > > possible, well, testme and testfs will not 
> > > detect the insecurities introduced by glibc
> > > 
> > Are there any tests available to check for these glibc problems?
> 
> I don't know of explicit tests, but it should be
> possible to create some, given that somebody wants
> to spend time on it ...
> 
> > If not, perhaps a pointer or two into the mail archives on
> > the subject or pointer(s) to a discussion of the problems found?
> 
> http://list.linux-vserver.org/archive/vserver/msg09379.html
> (there are others, just goolge for it)
>
Thanks, now I read what the concerns are. . .

That message is about the date of glibc-2.3.2 - current is 2.3.6

There has been a fair number of changes done between those versions.
Some affecting getpwnam() and friends when used in staticly linked
programs.

I think both of the mentioned restrictions can now be enforced.

Let me spend some time on checking that statement before I go too 
far out on a limb.

Mike
 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc

[Michael S. Zick]

On Thu February 2 2006 14:09, Herbert Poetzl wrote:
> On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote:
> > > 
> > > 
> > > really depends on the dietlibc, but I'd assume it
> > > is _still_ broken on HPPA, nevertheless the glibc
> > > is _not_ a good alternative, although it _might_ 
> > > work for simple things.
> > 
> > I guess we can find out when Joel sends results of tests?
> 
> possible, well, testme and testfs will not 
> detect the insecurities introduced by glibc
> 
Are there any tests available to check for these glibc problems?

If not, perhaps a pointer or two into the mail archives on
the subject or pointer(s) to a discussion of the problems found?

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc

[Michael S. Zick]

On Thu February 2 2006 12:21, Micah Anderson wrote:
> 
> Joel,
>
- - - snip 
> 
> What is "toh"? I would prefer to use dietlibc if possible as it seems to
> be required to handle some corner security issues.
> 
(on) The Other Hand

Mike
> > (But tbh I'm still ignoring what kind of pb am I supposed to encounter)
> 
> I'm sorry, I am not able to parse your acronyms!
> 
? -ENOACRO ?

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] /tmp too small

[Michael S. Zick]

On Mon January 30 2006 09:05, Eugen Leitl wrote:
> 
> My vserver looks like this:
> v64:/# df -k
> Filesystem   1K-blocks  Used Available Use% Mounted on
> /dev/hdv1 97627508  49680728  47946780  51% /
> none 16384 0 16384   0% /tmp
> 
> I would like to increase /tmp
> 
> Any suggestions very welcome.
> 
Two choices...

It looks like it is on /dev/shm - if you want to keep it there,
increase the size in fstab mount line.

If on hard disk, put it on a larger partition.

- - - - 

A note on the /dev/shm and VServers -

You may have individual (per VServer) /dev/shm or a pooled 
/dev/shm -

If you mount -o bind the host's /dev/shm on the VServer mount
point, your VServer and Host will use a single pool (Yea) BUT
the files will have the persistence of the host.  I.E: The entries
will survive guest restarts (Might have to clean them out yourself).

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] lsxid error message.

[Michael S. Zick]

Group,

The existing message has been driving me up the wall.
Please consider the following tweak...

--- lsxid.c.orig2006-01-27 09:48:59.0 -0600
+++ lsxid.c 2006-01-27 09:50:05.0 -0600
@@ -152,7 +152,7 @@
 #endif
   
   if (ctx==VC_NOCTX) {
-memcpy(buf, "!!ERR!!", 7);
+memcpy(buf, "!NOCTX!", 7);
 Vwrite(1, buf, sizeof buf);
 need_write = false;
   }

Thank you,
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] ifconfig problem with virtual interfaces

[Michael S. Zick]

On Mon January 23 2006 05:31, Raimund Specht wrote:
> Hi !
> 
> We have a very strange problem here with virtual IP addresses (various 
> up-to-date 2.6 kernels with vserver 2.0):
> 
> Let eth0 have a normal IP address. Let v1 and v2 be two vservers with a 
> virtual IP on eth0 each.
> 
> # vserver v1 start
> # vserver v2 start
> 
> ifconfig shows eth0, eth0:v1, and eth0:v2 as expected, everything works.
> 
> # vserver v1 stop
> 
> Now ifconfig shows that all virtual IPs have been removed although 
> vserver-stat shows that v2 is still running. Networking with v2 doesn't 
> work either. This only happens if the vserver, that was startet first, ist 
> stopped. Other orderings work fine.
> 
> This problem is not vserver related, we can reproduce it on non-vserver 
> systems/kernels too. The following commands reproduce it on 90% of our 
> systems (Debian, Ubuntu, Gentoo, all with Linux 2.6):
> 
> # ifconfig eth0:1 1.2.3.4
> # ifconfig eth0:2 1.2.3.5
> # ifconfig eth0:1 del 1.2.3.4
> 
> 
> Does anyone else have this problem?
> Any workaround except defining an eth0:dummy interface outside any vserver?
> 
Stolen from the Linux-VServer mailing list:


and recent kernels (means 2.6.14 and later) support
an actual workaround for this 'feature', which can
be easily activated via sysctl

?sysctl -w net.ipv4.conf.all.promote_secondaries=1

this will activate the so called secondary promotion
which means that the kernel will 'elect' a secondary
to become the new primary if the old one is taken
down ...


Say thank you Herbert.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] How to vunify/vhashify on Gentoo

[Michael S. Zick]

On Sun January 22 2006 05:38, Enrico Scholz wrote:
> [EMAIL PROTECTED] (Wilhelm Meier) writes:
> 
> > I'm using Gentoo as a host and also Gentoo as VPSs. If I try to 
> > vunify/vhashify two VPS, I get:
> >
> > gs vservers # ln 
> > -s /etc/vservers/vs01 /etc/vservers/vs01c/apps/vunify/refserver.00
> >
> > gs vservers # vserver vs01c unify
> > Can not determine packagemanagement style
> > failed to determine configfiles
> 
> Does vhashify/vunify really make sense on Gentoo? AFAIK, Gentoo does not
> have a packagemanagement and you have to recompile everything (which
> will probably produce different checksums).
>
Gentoo does handle binary package management - do:

emerge --buildpkg whatever (you can set that option in your FEATURES)
the 'install' tools accept .tbz2 with a --usepkg option. 

The package is a 'tar --bzip2' with additional meta-data 
The process will preserve timestamps and etc as well as any tar --bzip2

Mike
 
> When you do a 'make install' from the same source tree, vhashify/vunify will
> still not work because most 'make install' do not preserve timestamps. But
> because timestamps are used to check whether files are identically resp. are
> going into the calculation of the hash value, you will not gain very much
> with vhashify/vunify on Gentoo.
> 
> 
> 
> Enrico
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Logo design

[Michael S. Zick]

On Fri January 20 2006 09:17, Matt Nuzum wrote:
> On 1/19/06, Herbert Poetzl <[EMAIL PROTECTED]> wrote:
> > maybe we should try to register it or something
> > like that? anybody who knows about the legal
> > details here (and maybe about the costs?)
> >
> > I'm confident,
> > Herbert
> 
> In the USA (and most western countries, I believe), a creator
> automatically has copyright for original works. It's enough to simply
> say that the mark is copyrighted and all rights are reserved (in most
> cases). If you want to register it as a trademark or service mark then
> there are costs involved.
> 
Correct (in USA at least) for copyrighted materials.

A similar situation (in USA at least) applies to trademarks, including
graphic trademarks.

You may mark it with the single character: (TM) without registration.

You may mark it with the single character: (R) only after registration
is granted.

So while in the design stage, include the "circle TM" in the graphic.

You can decide on the registration question at a later date.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Logo design

[Michael S. Zick]

On Fri January 20 2006 07:42, Michael S. Zick wrote:
> On Thu January 19 2006 22:16, Herbert Poetzl wrote:
> > On Thu, Jan 19, 2006 at 08:03:19PM -0600, Matt Nuzum wrote:
> > > Rule by committee never works. Someone is going to have to make a
> > > final decision soon or this thread is going to overwhelm my mailbox.
> > >
> > > As a matter of fact, in the last 2.5 years, this exact scenario has
> > > occurred three times and there still isn't a logo for VServer.
> > >
> > > Somebody (bertl?), pick one and say, "that's it!"
> > 
> > guess I will do that, as it seems that nobody
> > organized a 'public' contest and/or voting for
> > this purpose ... but I guess the 'community' is
> > already converging towards something 
> > 
> > for me it looks like the green checkmark V plus
> > some text (the actual name) seems acceptable to
> > the volks involved so far ...
> > 
> > as a vector graphics version is very desireable
> > we should try to get that done with a few small
> > adjustments, and verify the license of the result,
> > so that we can freely use it for our purpose ...
> > 
> > maybe we should try to register it or something
> > like that? anybody who knows about the legal
> > details here (and maybe about the costs?)
> > 
> For the USA, I have done that - SpamViz(.net,.com)
> 
> There is an online form - it can be done electronicly
> Plus of course, money (about 300usd - might have changed)
>
Now 325usd - whatever that happens to be in Canadian dollars.

(The fact that linux-vserver.org is owned by a Canadian does
not bar the USPTO registration. You intend to register a
graphic - not the sequence of letters only.)

> 
> Start here:
> http://www.uspto.gov/teas/index.html
>
Note: You can convert that application to an International
registration (a 100usd option).

Click the "Madrid Protocol Forms" link on the above page
for the gory details.

I'll stop the information flow now - let us see if this
was more than a passing thought.

Mike 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Logo design

[Michael S. Zick]

On Thu January 19 2006 22:16, Herbert Poetzl wrote:
> On Thu, Jan 19, 2006 at 08:03:19PM -0600, Matt Nuzum wrote:
> > Rule by committee never works. Someone is going to have to make a
> > final decision soon or this thread is going to overwhelm my mailbox.
> >
> > As a matter of fact, in the last 2.5 years, this exact scenario has
> > occurred three times and there still isn't a logo for VServer.
> >
> > Somebody (bertl?), pick one and say, "that's it!"
> 
> guess I will do that, as it seems that nobody
> organized a 'public' contest and/or voting for
> this purpose ... but I guess the 'community' is
> already converging towards something 
> 
> for me it looks like the green checkmark V plus
> some text (the actual name) seems acceptable to
> the volks involved so far ...
> 
> as a vector graphics version is very desireable
> we should try to get that done with a few small
> adjustments, and verify the license of the result,
> so that we can freely use it for our purpose ...
> 
> maybe we should try to register it or something
> like that? anybody who knows about the legal
> details here (and maybe about the costs?)
> 
For the USA, I have done that - SpamViz(.net,.com)

There is an online form - it can be done electronicly
Plus of course, money (about 300usd - might have changed)

Start here:
http://www.uspto.gov/teas/index.html

Mike

> I'm confident,
> Herbert
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Screen inside vserver

[Michael S. Zick]

On Sat January 14 2006 11:25, Oliver Welter wrote:
> Hi Guys,
> 
> sorry for the hints - but dont make too much noise ,)
> 
> seems to be not that easy...
> 
No problem.  It was a good question.  It needs to be
dealt with sooner or later.

You might want to reconsider running sshd in your guest
while the answer developes ;-)

Mike

> Oliver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Screen inside vserver

[Michael S. Zick]

On Sat January 14 2006 11:20, Benedikt Boehm wrote:
> On Saturday 14 January 2006 17:34, Michael S. Zick wrote:
> > Using: strace -o screen.txt -e trace=file screen (from within an xterm)...
> >
> > These are the system calls (in the guest) that you have to make succeed
> > from the host that is running udev (the pts/1 is because the xterm is using
> > pts/0):
> >
> > - - - -
> > readlink("/proc/self/fd/0", "/dev/pts/1", 511) = 10
> > - - - -
> > readlink("/proc/self/fd/0", "/dev/pts/1", 4095) = 10
> > stat64("/dev/pts/1", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...})
> > = 0 open("/dev/pts/1", O_RDWR|O_NONBLOCK)   = 3
> > - - - -
> >
> > So a simple hardlink might not work, but having a rule script that also (on
> > the host) makes the correct node in ///dev/pts/*
> > should work.
> 
> you're not supposed to make device nodes in /dev/pts, because it is a dynamic 
> filesystem showing allocated pseudo terminals... [1]
> 
> >
> > Note that it is the stat64 ... st_rdev=makedev(136, 1) that is the call to
> > the udev system, in your case, triggered on the guest and but directed at
> > the host.
> >
> > So the question remains: Which VServer (by host path) and which xid?
> >
> > It can't be the /proc/self/ read by the script, since that is
> > running on the host - not in the guest context that triggered the request
> > for a pts.
> >
> > Still scratching my head over this question - it might require a pre-loaded
> > *.so in the guest context to trap these trigger events and proxy them to
> > the udev system running in the host context (with the additional info
> > required).
> >
> > I just hope someone can suggest an easier way.
> > A good starting point would be to repeat my tests, since they may have
> > cockpit errors.
> 
> Well, prefering fixes and not workarounds (as stated previously ;) i'd rather 
> tend to create the necessary files in /dev/pts (inside the guest) by 
> allocating a pseudo terminal after migrating the vserver process.. trying it 
> out right now, and will report any issue back here..
>
The main issue is that the /dev/pts is a kernel provided, virtual filesystem
that tracks which of the 255 pts are in use.

However you do it, you have to run through the kernel in context 0 so that its
record keeping is correct.

Otherwise, you might end up using pts/0 in all of the guests while the kernel
records that pts/0, pts/1, pts/2 ... are in use.

I am pretty sure that the kernel will believe any major/minor number a device
special node carries - so even though the kernel is assigning a new /dev/pts/16 
to the most recent request - hand creating a /vserver/vps16/dev/pts/16 should
work since it has the correct major/minor.  Programs within the guest (such as
login) that check for a link outside of /dev/* will only see the guest's view
of /dev/pts/16.

I am not suggesting that one should modify /dev/pts/* - only the
/vserver/vps16/dev/pts/16 path.  The trick is keeping it in lock-step with the
kernel's virtual filesystem.

Mike


> [1] http://www.nsa.gov/selinux/papers/slinux/node60.html
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Screen inside vserver

[Michael S. Zick]

On Sat January 14 2006 09:48, Benedikt Boehm wrote:
> On Saturday 14 January 2006 16:46, Benedikt Boehm wrote:
> > On Saturday 14 January 2006 16:08, Michael S. Zick wrote:
> > > On Sat January 14 2006 08:59, Michael S. Zick wrote:
> > > > On Sat January 14 2006 06:40, Oliver Welter wrote:
> > > > > eyck wrote:
> > > > > >> afair, you have to ssh into the box to use screen.
> > > > > >> vserver  enter and issuing a screen command does not work.
> > > > > >
> > > > > >  it's not that it doesn't work, it's that it easier and safer to
> > > > > > tell people 'just ssh into your guest' instead of explaining how to
> > > > > > make it work.
> > > > >
> > > > > As I dont have SSH running inside the guest and I am not afraid of
> > > > > some work, how :)
> > > >
> > > > You could try making it 'by hand' - but that would only work for the
> > > > pts that you create by hand.  Also recall, that on that system, you are
> > > > using udev and /dev is probably mounted in /tmpfs, not as persistent
> > > > files on the hard disk.
> > > > Gentoo gives you three ways to handle a missing device (follow the
> > > > directions for a missing /dev/console or /dev/null).
> > > >
> > > > But what you want to handle is dynamic devices (pts 0...254) in the
> > > > guest with a device creation system that runs in the host.
> > > >
> > > > First, grab all the udev manuals you can lay your hands on...
> > > >
> > > > The 'stock' system scripts are creating devices in '/dev'; modify to
> > > > create them also in ///dev
> > > >
> > > > Sorry, I don't know how only what.
> > >
> > > Scratch that - - here is how:
> > >
> > > Each udev rule can call an external script - write one that hardlinks the
> > > just created /dev/pts/xx to a ///dev/ptx/xx
> > >
> > > Now all you have to do is figure out 'which vserver' to create the link
> > > in.
> > >
> > > Mike
> 
> i missed that you link it in the root path of the vserver.. probably it 
> works, 
> but it looks more like a workaround, than a fix..
> 
Ah, yes, an interesting problem.  But a step towards getting the correct USB
socket (dedicated to a particular workstation) with a security device to show 
up in the correct vserver dedicated to that particular workstation.

Using: strace -o screen.txt -e trace=file screen (from within an xterm)...

These are the system calls (in the guest) that you have to make succeed from
the host that is running udev (the pts/1 is because the xterm is using pts/0):

- - - -
readlink("/proc/self/fd/0", "/dev/pts/1", 511) = 10
- - - -
readlink("/proc/self/fd/0", "/dev/pts/1", 4095) = 10
stat64("/dev/pts/1", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
open("/dev/pts/1", O_RDWR|O_NONBLOCK)   = 3
- - - -

So a simple hardlink might not work, but having a rule script that also (on the
host) makes the correct node in ///dev/pts/* should work.

Note that it is the stat64 ... st_rdev=makedev(136, 1) that is the call to the 
udev
system, in your case, triggered on the guest and but directed at the host.

So the question remains: Which VServer (by host path) and which xid?

It can't be the /proc/self/ read by the script, since that is running
on the host - not in the guest context that triggered the request for a pts.

Still scratching my head over this question - it might require a pre-loaded *.so
in the guest context to trap these trigger events and proxy them to the udev 
system
running in the host context (with the additional info required).

I just hope someone can suggest an easier way.
A good starting point would be to repeat my tests, since they may have cockpit 
errors.

Mike

> >
> > The thing is, you normally don't run udev inside a vserver, because you
> > don't have CAP_MKNOD...
> >
It would be reasonable to only run udev on the host - host does hardware 
management,
even software emulated hardware.

> >
> > the problem with /dev/pts entries not appearing on vserver ... enter is
> > that the vserver prorcess only migrates to the context and replaces itself
> > with bash, so there is no login process and no terminal devices are created
> > by devpts filesystem (in contrary to the ssh attempt)...
> >
> > i don't know a solution for this atm, but if anyone can help, i'd
> > appreciate it
> >
> > Bene
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Screen inside vserver

[Michael S. Zick]

On Sat January 14 2006 08:59, Michael S. Zick wrote:
> On Sat January 14 2006 06:40, Oliver Welter wrote:
> > eyck wrote:
> > >> afair, you have to ssh into the box to use screen.
> > >> vserver  enter and issuing a screen command does not work.
> > >  it's not that it doesn't work, it's that it easier and safer to tell
> > > people 'just ssh into your guest' instead of explaining how to make it
> > > work.
> > 
> > As I dont have SSH running inside the guest and I am not afraid of some 
> > work, how :)
> >
> You could try making it 'by hand' - but that would only work for the pts
> that you create by hand.  Also recall, that on that system, you are using
> udev and /dev is probably mounted in /tmpfs, not as persistent files on
> the hard disk.
> Gentoo gives you three ways to handle a missing device (follow the directions
> for a missing /dev/console or /dev/null).
> 
> But what you want to handle is dynamic devices (pts 0...254) in the guest
> with a device creation system that runs in the host.
>  
> First, grab all the udev manuals you can lay your hands on...
> 
> The 'stock' system scripts are creating devices in '/dev'; modify to create 
> them also in ///dev
> 
> Sorry, I don't know how only what.
>
Scratch that - - here is how:

Each udev rule can call an external script - write one that hardlinks the
just created /dev/pts/xx to a ///dev/ptx/xx

Now all you have to do is figure out 'which vserver' to create the link in.

Mike 
> Mike
> > Oliver
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Screen inside vserver

[Michael S. Zick]

On Sat January 14 2006 06:40, Oliver Welter wrote:
> eyck wrote:
> >> afair, you have to ssh into the box to use screen.
> >> vserver  enter and issuing a screen command does not work.
> >  it's not that it doesn't work, it's that it easier and safer to tell
> > people 'just ssh into your guest' instead of explaining how to make it
> > work.
> 
> As I dont have SSH running inside the guest and I am not afraid of some 
> work, how :)
>
You could try making it 'by hand' - but that would only work for the pts
that you create by hand.  Also recall, that on that system, you are using
udev and /dev is probably mounted in /tmpfs, not as persistent files on
the hard disk.
Gentoo gives you three ways to handle a missing device (follow the directions
for a missing /dev/console or /dev/null).

But what you want to handle is dynamic devices (pts 0...254) in the guest
with a device creation system that runs in the host.
 
First, grab all the udev manuals you can lay your hands on...

The 'stock' system scripts are creating devices in '/dev'; modify to create 
them also in ///dev

Sorry, I don't know how only what.

Mike
> Oliver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Guest OS Stops Responding After Hours Of Working

[Michael S. Zick]

On Fri January 13 2006 18:19, John Alberts wrote:
> Hi all.  I'm using vserver on a Gentoo machine.  I originally tried to get
> some help on the gentoo-vserver irc channel; however, I think we must all
> have opposite schedules.
> 
> Anyway, I am using Gentoo for my host machine and also Gentoo as the guest
> os.  The guest os runs Apache2 and MySQL and it works well for a while (5, 6
> hours).  After a while I am unable to connect to the guest os.  From the
> host os, I can reach the guest os (ping, browse web page using links, etc),
> but not from outside the host os.  If I go into the guest os using vserver
> myguest enter, the only fqdn i can ping is the one for the host os the is in
> my hosts file.  No other fqdn's work.  
>
Is DNS accessible on both nic cablings?
Could be the resolver is trying the nic/cable setup that does not reach 
any name server.

> If I ping a known working ip address, 
> everything starts working again!  I have no idea what this means or how to
> fix it.  As a temporary solution, just to keep my guest os working, I put a
> cron job that pings 2 different servers every half hour.
> I think it's probably a routing problem, but I'm not sure what to do.  My
> host has 2 gigabit nics, both on the same subnet.
> 
> Here is my ifconfig -a and route from my host os: (route hangs a while and
> then finally prints the output below)
>
The delay in route response is probably DNS lookup time (failing and retrying)
See if there is a difference in: "route " and "route -n"

See below 
> ---
> ifconfig -a
> 
> route
> 
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> 205.215.68.0*   255.255.255.0   U 0  00 eth0
> 205.215.68.0*   255.255.255.0   U 0  00 eth1
> loopback*   255.0.0.0   U 0  00 lo
> default 205.215.68.254  0.0.0.0 UG0  00 eth0
> default 205.215.68.254  0.0.0.0 UG0  00 eth1
>
Note there is no name resolution for names not in '/etc/hosts'

 
> 
> 
> Here is the ifconfig -a and route from inside my guest os:
> --
> ifconfig -a
> eth0  Link encap:Ethernet  HWaddr 00:04:23:C3:C4:FE
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:929890 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:981291 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:256023685 (244.1 Mb)  TX bytes:1085603257 (1035.3 Mb)
>   Base address:0xecc0 Memory:df9e-dfa0
> 
> eth0:100  Link encap:Ethernet  HWaddr 00:04:23:C3:C4:FE
>   inet addr:205.215.68.100  Bcast:205.215.68.255  Mask:255.255.255.0
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:929890 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:981291 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:256023685 (244.1 Mb)  TX bytes:1085603257 (1035.3 Mb)
>   Base address:0xecc0 Memory:df9e-dfa0
> 
> route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse
> Iface
> 205.215.68.0*   255.255.255.0   U 0  00 eth0
> 205.215.68.0*   255.255.255.0   U 0  00 *
> loopback*   255.0.0.0   U 0  00 *
> default 205.215.68.254  0.0.0.0 UG0  00 eth0
> default *   0.0.0.0 UG0  00 *
> --
>
Same here.

What is the search order in /etc/host.conf? 
What name services in /etc/resolv.conf?
What are the service providers for 'hosts:' in /etc/nsswitch.conf
Duh...
Which libc version is handling the above?

Mike

> Thanks in advance for any help.
> 
> John
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] RSS vs. AS, and swap.

[Michael S. Zick]

On Thu January 12 2006 00:57, Robin Lee Powell wrote:
> On Thu, Jan 12, 2006 at 07:05:53AM +0100, Herbert Poetzl wrote:
> > On Wed, Jan 11, 2006 at 09:58:43PM -0800, Robin Lee Powell wrote:
> > > I have exactly 1, and will only over have 1, so this simply
> > > doesn't apply.  I really *do* want swap-out behaviour.
> > 
> > for one guest, why do you care about limiting memory at all?
> > 
> > I mean, why not 'just' let it use up what it takes?
> 
> Because the app has a habit of slurping so much memory that the host
> system spends all its time swapping, which happens to be even slower
> than usual on this machine.  Last time this happened, it took me
> almost 10 minutes just to type the commands to shut down the
> VServer.
> 
> What I want is that no matter what the host system has some RAM left
> to perform a shutdown in case the VServer runs away with itself, but
> at the same time I'd like the VServer to be able to use swap if
> reasonable.
>
Ah,so...
You need a 'host-only reservation' not a 'guest-limit' -

A number or percentage of rss (as?) that can be only allocated by
the host context.  No other specific limits on host or guest(s); just 
let the memory management deal with the requests.

Not unlike the 'root use only' reservation for filesystem space.

That would not solve the problems with a run-away guest, but at least
you could still control the system from within the host.

I.E: A work-around, not a solution.

I am not familiar with the limiting code, not sure if this is practical.
Perhaps someone that has worked on the limiting code could comment.

Mike
> -Robin
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] iptables inside vserver client?

[Michael S. Zick]

On Tue January 10 2006 15:15, Stephan Mueller wrote:
> Hi,
> 
> on the hosting page in the wiki the provider [vRoutix], Argentina
> anounces iptables support inside a vserver client while i read on the
> beginners faq page that the forward chain is not touched by packets
> between the clients.
> 
> Which one is true? :) Do they use some sort of tap or tun devices?
>
Probably both are true.

Reading step three of the virtual tour does not say that the ip rules
are 'within' your virtual server.  Only that the rules that apply to
your virtual server can be controlled by a web interface (on the host
system) most likely.

That would be fairly straight forward thing to do, just write 
rule chain(s) for a particular IP address.  Constrain the web update
to do dynamic rules on the rule chain for a particular customer.

For instance, start with the dynamic rule handling of PSAD, be creative 
with the chain naming, add a web interface, etc.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: VServer logo?

[Michael S. Zick]

On Tue January 10 2006 12:02, Nicolas Costes wrote:
> Le Vendredi 6 Janvier 2006 22:56, Guenther Fuchs a ?crit?:
> > Hi there,
> >
> > anyone graphically talented created a logo for VServer yet or wants
> > to? I guess, there's not only me wanting to show a "powered by Linux-
> > VServer" on their page ;-)
> 
> I once had a try : 
> http://nayco.free.fr/wiki/fetch.php?cache=cache&media=ebauchekangourou1_petit.png
> 
> Well...
>
Qute.
And they are all smoking something strange. 
I like it.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Making two vservers see the same data/directory structore.

[Michael S. Zick]

On Tue January 10 2006 10:04, Herbert Poetzl wrote:
> 
> yes, you will very likely run into permission issues with
> xid tagging enabled on the 'shared' directory, because new
> files will be tagged by one guest and denied to the other
> (an untagged partition would help here)
> 
Herbert,

A short note on this...

Near the top of my to-do list for 2006 is
to see if I can make the ACL system 'xid aware'.

Similar to user and group permission lists, there
would be an xid permission list (and a per directory
xid default).

Both the Linux code implementation and the 'standard'
for ACL allows extensions.

If practical, this would solve this sort of installation
problem.  The mapping of the same (Sub-)tree into multiple
servers while still being selective about permissions on
a per server basis.

Don't hold your breath - I work slow.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Assigning a virtual console to a given vserver

[Michael S. Zick]

On Mon January 9 2006 15:49, Bruno wrote:
> On Sunday 08 January 2006 14:01, Bodo Eggert wrote:
> > On Sun, 8 Jan 2006, Bruno wrote:
> > > I would like to assign a virtual console to one or more vservers running
> > > on my box.
> > >
> > > e.g.
> > >  vc0 - vc6 for host system
> > >  vc7 for first vserver
> > >  vc8 for second vserver
> > >  none for third vserver
> > >  ...
> >
> > [...]
> >
> > > Is this possible?
> >
> > You need the console device file in the vserver dev directory, and you
> > need to tweak the vserver inittab.
> 
> This worked.
> 
> For my example I will let the guest start on tty8 and spawn gettys on tty8 
> and 
> tty9.
> 
> Steps:
> - create /dev/tty8 (major 4, minor 8)
> - create /dev/tty9 (major 4, minor 9)
> - create /dev/console (major 4, minor 8)
>
A bit obscure unless one recalls that the kernel uses major-minor
numbers rather than names.

Could not the same thing be done with a sym-link?
ln -s /dev/tty8 console

That would be a little more obvious when you listed the /dev/*
at some later date.

Mike

> - add "c8:2345:respawn:sbin/getty 38400 tty8 linux" to inittab
> - add "c9:2345:respawn:sbin/getty 38400 tty9 linux" to inittab
> 
> Then start/restart the guest and output appears as expected.
> 
> Guest is configured using init style "plain"
> 
> Bruno
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Vservers and quotas

[Michael S. Zick]

On Fri January 6 2006 17:12, Herbert Poetzl wrote:
> On Fri, Jan 06, 2006 at 03:47:56PM -0600, Michael S. Zick wrote:
> > On Fri January 6 2006 14:19, Herbert Poetzl wrote:
> > >
> > > no, the different taggings work equally well, it's
> > > unfortunate that there is no xid aware backup and
> > > restore tool, otherwise the transition could be 
> > > seamless ...
> > > 
> > Herbert,
> > Seamless backup and restore of xid between different
> > xid marking systems leads me to a dumb question:
> > 
> > Is there a flag or token indicating which tagging
> > system is in use?  In the inode?  In superblock?
> 
> no
> 
> > In kernel?
> 
> yes, the kernel (on 2.x) knows about the tagging
> info and exports that information to userspace
> (the testfs.sh scripts reports that)
>
Meaning it is not practical.
Since the kernel (and what it exports) can be changed
independently of how the files are recorded.

You got three inode bits to use for indicators
of which xid system was used?  (inode.xid.version?) 

Yes, I think it has to be at the inode level.

Consider a ro bind mount...

Kernel-1; xid-method-1; root=/dev/hda
auxiliary mount: /dev/hdb

Kernel-2; xid-method-2; root=/dev/hdb
auxiliary mount: /dev/hda

Now bind mount the two trees together, I don't
see where anything other than an inode.xid.version
will do the job.  Otherwise one of the file systems
will be read/restored incorrectly depending on which
kernel is running.

The above example is perhaps extreme, but the same
thing can happen over time...

Backup files.
Change Kernel.
Restore files.

Sequence would work.

Change Kernel.
Backup files.
Restore files.

Now the filesystem is trash.

Mike

> this is the relevant code (bash):
> 
> INFO=(`sed 's/.*:\t//' /proc/virtual/info 2>/dev/null || echo ''`)
> case ${INFO[2]:1:1} in
>   0) TAGI="none"  ;;
>   1) TAGI="uid16" ;;
>   2) TAGI="gid16" ;;
>   3) TAGI="ugid24";;
>   4) TAGI="intern";;
>   5) TAGI="runtime"   ;;
>   *) TAGI="unknown"   ;;
> esac
> 
> best,
> Herbert
> 
> > Just point me in the right direction to the appropriate
> > source code - I will see if I can figure something out.
> > Most likely a tag<->text conversion such as used for
> > ACLs.
> > 
> > Mike
> > ___
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Vservers and quotas

[Michael S. Zick]

On Fri January 6 2006 14:19, Herbert Poetzl wrote:
>
> no, the different taggings work equally well, it's
> unfortunate that there is no xid aware backup and
> restore tool, otherwise the transition could be 
> seamless ...
> 
Herbert,
Seamless backup and restore of xid between different
xid marking systems leads me to a dumb question:

Is there a flag or token indicating which tagging
system is in use?  In the inode?  In superblock?
In kernel?

Just point me in the right direction to the appropriate
source code - I will see if I can figure something out.
Most likely a tag<->text conversion such as used for
ACLs.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Vservers and quotas

[Michael S. Zick]

On Fri January 6 2006 14:19, Herbert Poetzl wrote:
> 
> no, the different taggings work equally well, it's
> unfortunate that there is no xid aware backup and
> restore tool, otherwise the transition could be 
> seamless ...
> 
?
What about Joerg Schilling's star?


I have been digging through the documentation -
It reads as if, when using 24-bit uid/gid it will
handle the xid properly -

But it might not translate from one type of xid
tagging into another.

Mr. Schilling claims it can be easily tweaked for
such a purpose. (in the README)

Have not done any testing yet myself.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] 2.6.15 Vserver patchs

[Michael S. Zick]

On Thu January 5 2006 05:38, Mike O'Connor wrote:
> Hi All
> 
> >From the conversation on the list, it would seem as if there are vs
> patch's for 2.6.15 kernel.
> 
> Where would I down load these patch's
>
Joel is running HP, pa-risc - I think he built his own patches for testing.
No clue about other hardware systems.

> 
> I would like to test it as the 2.6.15 kernels are the first 2.6 series
> which support smart via libata.
> 
> Thanks
> Mike
>
Another Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] k-2.6.15 + vs-2.1.0.1 + util-verser-0.30.209 + hppa + smp BUG()?

[Michael S. Zick]

On Wed January 4 2006 09:58, Herbert Poetzl wrote:
> On Wed, Jan 04, 2006 at 02:49:01PM +0100, Joel Soete wrote:
> > Hello Herbert,
> > 
> > I install a second vserver on my parisc-linux box and also updated a
> > bit kernel stuff as this new year borns with a new kernel ;-).
> >
> > All seems to works fine with "k-2.6.15 + vs-2.1.0.1 +
> > util-verser-0.30.209" on this system with the up kernel kernel build
> > ;-)
> >
> > Unfortunately the system BUG() with the same kernel src but build for
> > a smp system (as this machine has actualy 2 cpu ;-) ); here is the
> > console message: BUG: soft lockup detected on CPU#0!
> 
> wow, never heard of a parisc with working SMP
> 
There might still be problems with 64bit-SMP on pa-risc;
but 32bit-SMP is a done deal.

Joel does a lot of the testing on pa-risc - but I think
that is 32bit-SMP that he is reporting.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Step by Step Guide to a nano-vserver

[Michael S. Zick]

Joel and Group,
Today's update is available.

Baby-01 now does proper networking,
only the directions where wrong.

All links remain the same - see below.

Mike
On Fri December 23 2005 10:23, Michael S. Zick wrote:
> Group,
> This morning's update is available.
> 
> Also available on-line at:
> <http://www.morethan.org/step_step.html>
> 
> Still don't have networking setup in the baby
> vserver correctly.
> 
> Considerations of restricting file access added.
> 
> The download links remain the same.
> <http://www.spamviz.net/download/step_step.ps.gz>
> 
> The binary image of the loop file:
> <http://www.spamviz.net/download/baby01.bin.gz>
> 
> Should run on any linux-2.6.14-vs-2.0.1/x686 system.
> Just unpack her and follow the "waking baby" section
> of the directions.
> Should look as if you had started your real machine
> with the command line option: init=/bin/bash
> 
> Now, on to inventing her first clone.
> 
> Enjoy,
> Mike
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
> 
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re-use of an existing chroot disk to implement some vserver ; -)

[Michael S. Zick]

On Wed December 28 2005 05:43, Joel Soete wrote:
> Hello all,
> 
> For those who could have some interest,
> here are just some notes I took for remind of an implementation of a 
> linux-vserver on a parisc-linux boxe(s).
> (only tested on 32bit up kernel on a c110 and d380 models, though).
> 
> This particular execise was to re-use existing chrooted disk(s) already 
> debbootstrap, fully populated and customized (i.e. I didn't
> want to loose that job ;-) ).
> 
> (take care to use it at your own risks ;-) )
> 
> 0/ References
> 0.1/ the reference used are:
> 
> 
> 0.2/ more details learning:
> 
> 
Joel, Group
Just posted an update of step_step.html 
It is still not complete, but getting closer.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Tue December 27 2005 09:04, Dennis Roos wrote:
> On 27 Dec 2005 at 8:55, Michael S. Zick wrote:
> 
> > On Mon December 26 2005 09:15, Joel Soete wrote:
> > > Hello Mike,
> > > 
> > > just one thought (just because it seems to be a std de facto), may
> > > some sshd to be able login the vps, tough? 
> > > 
> > Joel, group;
> > 
> > I have been looking at that, it seems I have two choices:
> > 
> > www.matrixssl.org : : Because it is small.
> > www.openssl.org : : Because it is what most people expect.
> Did you look at the dropbear sshd ?
> 
Looks like I should add that to the list.

Now that Santa Claus has gone home, I should have time to
look at three packages instead of two.

I also stumbled across the following link - which I do not
think is on the project page:
<http://deb.riseup.net/vserver/>

Mike
> >From the Gentoo ebuild:
> DESCRIPTION="small SSH 2 client/server designed for small memory 
> environments"
> HOMEPAGE="http://matt.ucc.asn.au/dropbear/dropbear.html";
> 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Mon December 26 2005 09:15, Joel Soete wrote:
> Hello Mike,
> 
> just one thought (just because it seems to be a std de facto), 
> may some sshd to be able login the vps, tough? 
> 
Joel, group;

I have been looking at that, it seems I have two choices:

www.matrixssl.org : : Because it is small.
www.openssl.org : : Because it is what most people expect.

If we are going to be successful at building a vserver guest
that can be remotely rescued, then the decision may have
to be made on which can be built with static linkage.

Perhaps both?  Like this:

initial-install (baby01) : : chroot/vserver rescue software
 - - - - the matrixssl staticly linked
 - - - - the BusyBox is already providing a telnetd
 - - - - the BusyBox is providing a vi editor
 - - - - the BusyBox can be staticly linked
 - - - - already have a staticly linked Bash

base-install (baby02) : : rescue, backup, restore, and maintenance.
 - - - - the openssl dynamicly linked
 - - - - a dynamicly linked nano editor
 - - - - the BusyBox is currently dynamicly linked
 - - - - I added a dynamicly linked Bash in /opt/gnu/bash/*

The baby02 level should be fine for anyone that is not playing
with an experimental libc6 (like some that I know).

People who need more features should be loading the
base-install of some Linux distribution.

I am also trying to keep this exercise within a single semester's
work in system administration - but I will not cripple the 
package for that purpose.

I will give this some more study, I can't answer my own
question at the moment.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Mon December 26 2005 12:58, Avery Pennarun wrote:
> On Mon, Dec 26, 2005 at 09:38:54AM -0600, Michael S. Zick wrote:
> 
> > I just checked, BusyBox has a vi for text editing.
> > Should there be some other editor?
> > I think that emacs would be too big.
> 
> e3 is an excellent but tiny text editor.  It definitely beats nano or pico.
>
Thanks for the tip = = but it does not build for big endian pa-risc. 

Looks like it will be nano, which will build for any machine
that major Linux distributions support.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Mon December 26 2005 08:43, Michael S. Zick wrote:
>
- - - Really Big Snip - - -
> 
Today's update to the build guide is posted.

Corrections and addition of extending the base
system into a minimal system.

On line at:
<http://www.morethan.org/step_step.html>

Download at:
<http://www.spamviz.net/download/step_step.ps.gz>

A tarball of all sources used is at (14Mb):
<http://www.spamviz.com/download/baby02_src.tar.bz2>

The loop file with the base system installed remains
the same and is available at (5Mb):
<http://www.spamviz.net/download/baby01.bin.gz>

As usual, feedback is welcomed.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Mon December 26 2005 11:44, Chuck wrote:
> On Monday 26 December 2005 10:38 am, Michael S. Zick wrote:
> > 
> > I just checked, BusyBox has a vi for text editing.
> > Should there be some other editor?
> > I think that emacs would be too big.
> > 
> 
> yes please... pico or nano  either one.. both are small and
> to me more useful than any of the others. i use them exclusively.
> this looks like it could make an extremely nice rescue disk.
>
It might get too big for anything smaller than a 100Mb zip disk.
Hmmm...  My smallest USB drive is 256Mb - That is a thought.

It should always fit on a bootable cd though, even after adding
a kernel, util-vserver and whatever else a rescue cd needs.

> 
> 
Good idea,
When I need to make a quick file change, I usually
reach for nano myself.

I am posting a pre-view of baby-02 for Joel to look at, complete
with all sources and most of the binaries built - but it is getting
large - I may have to move it to sourceforge.net before I am done.

If you or anyone else on the list wants to start looking at it with
an eye at non-x86 versions - let me know, I will send you a link.

Mike

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Mon December 26 2005 09:15, Joel Soete wrote:
> Hello Mike,
> 
> Michael S. Zick wrote:
> > Joel,
> > 
> > I think my planned package is complete, I wanted
> > to review it with someone, I will try to be brief...
> > 
- - - [ really big snip ] - - -
> 
> > What common tool set have I overlooked?
> > Do you see anything that really must be included?
> > 
> just one thought (just because it seems to be a std de facto), may some sshd 
> to be able login the vps, tough?
> 
Thanks,
I missed that one.  
People will expect it to be available.
BusyBox does have a telnetd.

I just checked, BusyBox has a vi for text editing.
Should there be some other editor?
I think that emacs would be too big.

> 
> PS: I am finishing my recipe to re-use a chrooted disk on hppa box 
> and will try asap to build 'baby' and vbox on my parisc-linux box  
> too.
>
I will post a pre-view of baby02.bin later today -
It will not all be working -

It will have all of the source tarballs and rough,
guru level, instructions (except Lua and sshd)
to build a non-x86 version.

Thanks for your advice.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] The nano-vserver package.

[Michael S. Zick]

On Mon December 26 2005 08:43, Michael S. Zick wrote:
> Joel,
> 
A sudden thought while reading my own post.

> The view from inside  will have a more typical
> layout of the first and second level directory trees.
> 
I will give it a job.

Configure the bb httpd server to serve the html versions
of all the software documentation - just skip dealing with
any man-reader or info-reader.

I think all of the software packages will output their 
documentation in html.  I just have to dig out the build
instructions.

I had better build an index of all the software commands
are 'built-in' - there are hundreds even in the base-install.

Mike

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] The nano-vserver package.

[Michael S. Zick]

Joel,
I got past my self created problems last night
and have had a good night's sleep.

I think my planned package is complete, I wanted
to review it with someone, I will try to be brief...

This is a single file, perhaps sized to fit on a cdrom.

Any Linux system, any hardware, that recognizes
the filesystem used (currently Reiser-3) may turn
the file into a device with losetup, and then just
mount it somewhere in the directory tree.

What they will find under  is:
/baby/src
All of the virgin source tarballs used.
/baby/doc
The step-by-step guide and ...
/refbox
The reference vserver based on Bash
and BusyBox.  This is the single point
location of software to share with other
vservers.
/vsbox01
   An example of a vserver system built by
   linking to the  softwares.

Any Linux system that runs the kernel and
processor that the software was built for can
run the vservers "out of the box".
Currently that means Linux-2.6.14 with Vs-2.0.1
on an i686 compatable machine.

The reference vserver has a non-standard layout.
The view from the inside :

The base install is a static Bash, the dynamic loader,
the three common dynamic libraries and the dynamically
linked BusyBox that shows up in: /sbin, /bin, /lib, /etc

This is a full Bash, including UDP and TCP i/o
and the combination provides over 200 of the
common terminal commands. 

This base install is 5.08 Mb. But I may have forgotten
to strip the binaries.

No 'init' program, you can do that with a Bash script.
The BusyBox has a linuxrc and an init but I haven't
tried them.

Additional software that can turn the base-install
into a minimum-install system is present under the
/opt/ will have a more typical
layout of the first and second level directory trees.

This will only be an example - the user will be encouraged
to pick and choose what to link to inside of .

The total is less than 20Mb - lots of room to play with
other setups.  You can make a star-ball of whatever
you build inside the loop-file when ready to put it on
the real filesystem somewhere.

Should be both educational for people who build their
own and useful as is to run common services.

The BusyBox has ftp, rpm and apt tools, should be
able for a vserver to install whatever it needs  
from the network.

What common tool set have I overlooked?
Do you see anything that really must be included?

For anything with more features, a person should
start with a Linux base system from a distributor.

Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Re: Hello Joel

[Michael S. Zick]

On Fri December 23 2005 11:10, you wrote:
> 
> > Still, baby may have a twin sister by Christmas.
> > 
> not during Christmas night, it would so be a brother name Jesus ;-)
> 
If I am lucky, 
Santa Claus will build these (#$%@&) attr & acl sources for me.

The on-line document has had another update. The end is in sight,
only have to fill in the middle.

I have also been reading the IRC logs for both answers and common
questions to guide what I include in baby and the documentation.

This should end with two virtual servers, protected from each other
and protected from the host - just like your question asked about.

Break time here,

Mike

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Step by Step Guide to a nano-vserver

[Michael S. Zick]

On Fri December 23 2005 13:36, Herbert Poetzl wrote:
> On Fri, Dec 23, 2005 at 10:23:58AM -0600, Michael S. Zick wrote:
> > Group,
> > This morning's update is available.
> > 
> > Also available on-line at:
> > <http://www.morethan.org/step_step.html>
> > 
> > Still don't have networking setup in the baby
> > vserver correctly.
> > 
> > Considerations of restricting file access added.
> > 
> > The download links remain the same.
> > <http://www.spamviz.net/download/step_step.ps.gz>
> > 
> > The binary image of the loop file:
> > <http://www.spamviz.net/download/baby01.bin.gz>
> > 
> > Should run on any linux-2.6.14-vs-2.0.1/x686 system.
> > Just unpack her and follow the "waking baby" section
> > of the directions.
Oops,
You also need reiserFS-3 in your kernel.

> 
> great!
>
Yes I am proud of my baby vserver - all virgin sources -
with zero patching.

> 
> > Should look as if you had started your real machine
> > with the command line option: init=/bin/bash
> > 
> > Now, on to inventing her first clone.
> 
> could you imagine to extend this to non x86 archs
> too, especially x86_64, ppc/64, mips, sparc and arm?
>
And different filesystems (e2fx, e3fx, xfs should all work).
Once I finish learning how to teach her tricks - like networking.

If anyone with those machines wants to follow the directions,
I can post the resulting /dev/loop file.

It might be better to wait until she is a little more finished.
I still have a lot to learn.  I think this is only day 5.

Her world space is still 96% empty, room for a lot more
twins/clones with samples of different setups.

> 
> best,
> Herbert
> 
Thanks for taking the time to look at this.

Happy Holidays
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Step by Step Guide to a nano-vserver

[Michael S. Zick]

Group,
This morning's update is available.

Also available on-line at:


Still don't have networking setup in the baby
vserver correctly.

Considerations of restricting file access added.

The download links remain the same.


The binary image of the loop file:


Should run on any linux-2.6.14-vs-2.0.1/x686 system.
Just unpack her and follow the "waking baby" section
of the directions.
Should look as if you had started your real machine
with the command line option: init=/bin/bash

Now, on to inventing her first clone.

Enjoy,
Mike
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver