Re: [Vserver] V_xxxx not running ?
On Mon, Jul 25, 2005 at 03:54:05PM +0930, Darryl Ross wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benoît des Ligneris wrote: Hello, Well, I think that this is a useful tool for the vserver project. We are using v_portmap as well as some others v_* scripts. After having installed several vserver hosts I think it is much more easy to modify the services than to go after every application and modify one or several configuration file. Also, it is easy to check the existing services running on a given host and to create the v_* scripts in order to make sure that no port conflict will occur between the vservers and the host. This is a general solution to this kind of problem whereas fixing each application individually can be, IMHO, a pain... Then I would suggest that perhaps you are running too many services on the host? My philosophy is to keep the host as minimal as possible and run everything inside a guest (generally one guest per service). The only two services I run on my hosts are sshd and ntpd. Every other service that I might want to run on the host can be run inside a guest. I run sshd on all my machines on a non-standard port ( for hosts and 222 for guests) as a way of stopping my logs from filling up with door-knock attempts which also solves the port conflict issue. good points and excellent suggestions! thanks, Herbert Regards Darryl -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC5IWE/XQ6DbmPjokRAqs6AJ9Nr6tZfvzS9sMuPxhjh256gy270ACfUDMg J4L9YzUCCdOdtdnd1Jegbs8= =JFu7 -END PGP SIGNATURE- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] V_xxxx not running ?
Hello, Well, it certainly _was_ true at some point, especially when I was testing the vserver on my laptop ; I don't think this is the case now. We simply experiment that some programs have to be run on the host and don't allow to change port/restrict IP/etc. The v_* tools are, IMHO, a generic way to circumvent this kind of problem. This is especially true for portmap (i.e. : you need NFS on your host and you provide NFS we unfsd3 on a vserver, etc.) and there is no possibility to specify this in a config file (as far I know!). The same can be true for other programs : openSLP ?, Also, this can really help the newcommers to the vserver technology. I agree with you that, most of the time, you need those tools when you are using vservers on a regular host. However, it is really easy to use these tools and, in the process, understand how the vservers and the host share certain ressources. Chasing each and every config file of services started on your host (apache:443, SSH, mySQL, postgreSQL, etc.) can be a not very productive task especially during a test... Just my .01$ Ben Darryl Ross wrote: Benoît des Ligneris wrote: Hello, Well, I think that this is a useful tool for the vserver project. We are using v_portmap as well as some others v_* scripts. After having installed several vserver hosts I think it is much more easy to modify the services than to go after every application and modify one or several configuration file. Also, it is easy to check the existing services running on a given host and to create the v_* scripts in order to make sure that no port conflict will occur between the vservers and the host. This is a general solution to this kind of problem whereas fixing each application individually can be, IMHO, a pain... Then I would suggest that perhaps you are running too many services on the host? My philosophy is to keep the host as minimal as possible and run everything inside a guest (generally one guest per service). The only two services I run on my hosts are sshd and ntpd. Every other service that I might want to run on the host can be run inside a guest. I run sshd on all my machines on a non-standard port ( for hosts and 222 for guests) as a way of stopping my logs from filling up with door-knock attempts which also solves the port conflict issue. Regards Darryl -- Benoit des Ligneris Ph. D. President de Revolution Linuxhttp://www.revolutionlinux.com/ OSCAR http://oscar.openclustergroup.org/ EduLinuxhttp://www.edulinux.org/ Toutes les opinions et les prises de position exprimées dans ce courriel sont celles de son auteur et ne répresentent pas nécessairement celles de Révolution Linux Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Install issue with yum - /var/lib/rpm/ ?
[EMAIL PROTECTED] (Brian Ipsen) writes: Hmm... But the .rpmdb directory inside the guest os is empty when the yum installation finishes ? Should it be like that ? Yes; that's ok and expected. Because of security reasons, the rpmdb is located outside of the vserver. | vserver id pkgmgmt internalize should move it into the vserver, but it requires packages like rpm or yum which are not needed for the most vservers. Enrico pgprC4uDsglYP.pgp Description: PGP signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] V_xxxx not running ?
[EMAIL PROTECTED] (Benoît des Ligneris) writes: Chasing each and every config file of services started on your host (apache:443, SSH, mySQL, postgreSQL, etc.) ssh should never be started through v_ssh as every shell inherits the network restrictions else.So it will be impossible to do administrative tasks like (re)starting vservers. Enrico pgpKB5Z23p1jG.pgp Description: PGP signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
RE: [Vserver] V_xxxx not running ?
Also, it is easy to check the existing services running on a given host and to create the v_* scripts in order to make sure that no port conflict will occur between the vservers and the host. This is a general solution to this kind of problem whereas fixing each application individually can be, IMHO, a pain... Then I would suggest that perhaps you are running too many services on the host? My philosophy is to keep the host as minimal as possible and run everything inside a guest (generally one guest per service). The only two services I run on my hosts are sshd and ntpd. Every other service that I might want to run on the host can be run inside a guest. good points and excellent suggestions! thanks, Herbert Is this the official direction of the linux-vserver project? Regarding the post from about a month ago relating linux-vserver and the Solaris containers, it seems there is a huge potential for a tool that allows running virtual machines on a workstation. I ask if this is the official direction because if so, the tools will be engineered with this in mind. However, if the official direction is to allow running on stripped down hosts (ala Xen) and also general purpose workstations (ala Solaris containers) the tools will be designed more flexibly. This is just my $0.02 and food for thought. About every 12 - 18 months I switch from Windows to Linux on my desktop and this fall, when its due to happen again I plan on experimenting with a Solaris containers type of setup on my workstation. -- Matthew Nuzum [EMAIL PROTECTED] www.followers.net - Makers of Elite Content Management System View samples of Elite CMS in action by visiting http://www.followers.net/portfolio/ ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] stuck (can't set the ipv4 root - invalid argument)
Thanks for the reply Herbert. All your suggestions worked as far as getting the kernel and util-vserver compiled and installed. Awsome :) I am now using a vanilla kernel (2.6.12.2) with vserver (2.0-rc6) with util-vserver (0.30.208). I'm still having problems creating my first vserver... Its from here things get hazy. Sites mention the use of newvserver to create a new virtual server, but thatis not part of the util-vserver no it's a debian add on of dubious value ... Thats good to know, so I'll stay away from that. check with http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh and let us know the results ... And the test script works perfectly, but I now have another problem. I got this build instruction from the CentOS howto. (modified for fc4 distro) -8 [EMAIL PROTECTED] util-vserver-0.30.208]# vserver test4 build -m yum -- -d fc4 *** rpm-fake-resolver was built with glibc; please do *** *** not report errors before trying a dietlibc version. *** *** rpm-fake-resolver was built with glibc; please do *** *** not report errors before trying a dietlibc version. *** You are using a version of yum which is insecure and broken in chroot related operations; either apply the patches shipped in the 'contrib/' directory of util-vserver, or ask the author of yum to apply them (preferred). In the meantime, 'vyum' will continue with dirty hacks which might not work when the vserver is running and local DOS attacks are possible. Execution will continue in 5 seconds... *** rpm-fake-resolver was built with glibc; please do *** *** not report errors before trying a dietlibc version. *** You have enabled checking of packages via GPG keys. This is a good thing. However, you do not have any GPG public keys installed. You need to download the keys for packages you wish to install and install them. You can do that by running the command: rpm --import public.gpg.key Alternatively you can specify the url to the key you would like to use for a repository in the 'gpgkey' option in a repository section and yum will install it for you. For more information contact your distribution or package provider. rm -rf /etc/vservers/.defaults/vdirbase/test4 /etc/vservers/test4 /etc/vservers/.defaults/vdirbase/.pkg/test4 8- Its complaining about the GPG keys, so I installed it with. 8 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY #(that didn't work, so i tried another one) rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora --8- All to no avail. Is this a dietlib thing? Can I just install the guest based on the RPM's I have off the cd (which I don't need to check against GPG keys?) Thankyou again for your help, hopefully I'll have a working vserver soon and I'll be sure to document my efforts. Matt. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] stuck (can't set the ipv4 root - invalid argument)
On Tue, Jul 26, 2005 at 11:28:56AM +1000, Matt Paine wrote: Thanks for the reply Herbert. All your suggestions worked as far as getting the kernel and util-vserver compiled and installed. Awsome :) I am now using a vanilla kernel (2.6.12.2) with vserver (2.0-rc6) with hmm, why not 2.6.12.3 (vs2.0-rc8.1)? (just curious) util-vserver (0.30.208). I'm still having problems creating my first vserver... Its from here things get hazy. Sites mention the use of newvserver to create a new virtual server, but thatis not part of the util-vserver no it's a debian add on of dubious value ... Thats good to know, so I'll stay away from that. check with http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh and let us know the results ... And the test script works perfectly, but I now have another problem. I got this build instruction from the CentOS howto. (modified for fc4 distro) well, nevertheless the results might be interesting ... -8 [EMAIL PROTECTED] util-vserver-0.30.208]# vserver test4 build -m yum -- -d fc4 *** rpm-fake-resolver was built with glibc; please do *** *** not report errors before trying a dietlibc version. *** *** rpm-fake-resolver was built with glibc; please do *** *** not report errors before trying a dietlibc version. *** message says it all :) You are using a version of yum which is insecure and broken in chroot related operations; either apply the patches shipped in the 'contrib/' directory of util-vserver, or ask the author of yum to apply them (preferred). In the meantime, 'vyum' will continue with dirty hacks which might not work when the vserver is running and local DOS attacks are possible. Execution will continue in 5 seconds... *** rpm-fake-resolver was built with glibc; please do *** *** not report errors before trying a dietlibc version. *** You have enabled checking of packages via GPG keys. This is a good thing. However, you do not have any GPG public keys installed. You need to download the keys for packages you wish to install and install them. You can do that by running the command: rpm --import public.gpg.key Alternatively you can specify the url to the key you would like to use for a repository in the 'gpgkey' option in a repository section and yum I would take this advice, as most likely the keys are required _inside_ the guest, not on your host (but I might be wrong here) will install it for you. For more information contact your distribution or package provider. rm -rf /etc/vservers/.defaults/vdirbase/test4 /etc/vservers/test4 /etc/vservers/.defaults/vdirbase/.pkg/test4 8- Its complaining about the GPG keys, so I installed it with. 8 rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY #(that didn't work, so i tried another one) rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora --8- All to no avail. Is this a dietlib thing? Can I just install the guest based on the RPM's I have off the cd (which I don't need to check against GPG keys?) it's all a matter of convincing yum/rpm _not_ to require the keys ... Thankyou again for your help, hopefully I'll have a working vserver soon and I'll be sure to document my efforts. sounds good to me ... HTH, Herbert Matt. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
