[Vserver] Re: 32 bit debian/sarge on a 64 bit RedHat ES?
On 07/02/06 14:22 +0100, Daniel Kraft wrote: Hi List! I will get some Dual-Xeon-Servers soon and have to install RedHat ES on them. I want to install debian/sarge-based linux-vservers on top of the RedHat. I have the choice between RedHat ES 32 bit and RedHat ES 64 bit. The questions are: 1. Can I have a 32 bit debian/sarge on a 64 bit RedHat or will I have to install a 64 bit debian? 64 debian better. 2. Is it possible to patch a RedHat Kernel with linux-vserver? I don't want to use a patched vanilla kernel on these systems. Are there pre-patched RedHat-Kernels? for 32RHEL4 we use fedora 2.6.12 kernel. 3. Should I use RedHat ES 32 bit and just ignore the ~20% performance loss for comfortability? it is you to decide. P.S. Debian on top - RHEL inside IMHO will be easier to maintain. -- Matvey Gladkikh ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 32 bit debian/sarge on a 64 bit RedHat ES?
On Thu, Feb 09, 2006 at 12:38:53PM +0300, Matvey Gladkikh wrote: On 07/02/06 14:22 +0100, Daniel Kraft wrote: Hi List! I will get some Dual-Xeon-Servers soon and have to install RedHat ES on them. I want to install debian/sarge-based linux-vservers on top of the RedHat. I have the choice between RedHat ES 32 bit and RedHat ES 64 bit. The questions are: 1. Can I have a 32 bit debian/sarge on a 64 bit RedHat or will I have to install a 64 bit debian? 64 debian better. 2. Is it possible to patch a RedHat Kernel with linux-vserver? I don't want to use a patched vanilla kernel on these systems. Are there pre-patched RedHat-Kernels? for 32RHEL4 we use fedora 2.6.12 kernel. 3. Should I use RedHat ES 32 bit and just ignore the ~20% performance loss for comfortability? it is you to decide. P.S. Debian on top - RHEL inside IMHO will be easier to maintain. hmm, well, except for the minor detail that you (currently) cannot install RPM based distros on a debian host (with the tools) as there is no working rpm/yum/apt-rpm for debian ... of course, images and templates work fine there too and hopefully this deficiency will be soon removed by the debian developers ... best, Herbert -- Matvey Gladkikh ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Delete method for vserver command
HiI added a delete method to the vserver command. To test it, patch the script vserver with this diff.@@ -43,6 +43,7 @@ restart ... restarts the specified vserver; this is the subsequent execution of a synchronized 'stop' and a 'start' condrestart ... restarts the vserver when it is running already+ delete ... deletes the vserver suexec user shell-command args* ... executes a command as the specified user in the vserver exec shell-command args*@@ -96,6 +97,21 @@ exit 0}+function delete()+{+ if test -z $OPTION_SILENT ; then+ read -p Are you sure to delete the vserver $vserver (y/N) deleteok + if [[ ${deleteok} != [Yy] ]] ; then+ exit 2+ fi+ fi++ isVserverRunning $VSERVER_DIR + [EMAIL PROTECTED] $OPTION_SILENT --sync $vserver stop ++ rm -rf `readlink -f $VSERVER_DIR/vdir` $VSERVER_DIR+}+function suexec(){ . $__PKGLIBDIR/vserver.suexec@@ -203,7 +219,7 @@ shift 2 . $__PKGLIBDIR/vserver.$cmd ;;- (suexec|restart)+ (suexec|restart|delete) shift 2 $cmd $@ ;;During the developpement, I detect a bug for the method condrestart. The test, checking if the vserver runs, doesn't work and returns the following error : isVserverRunning: unary operator expected. So, the vserver is always started. I suggest this to correct it : -test ! isVserverRunning $VSERVER_DIR || restart+isVserverRunning $VSERVER_DIR restart Thomas ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Delete method for vserver command
On Thu, Feb 09, 2006 at 11:44:41AM +0100, Thomas Champagne wrote: Hi I added a delete method to the vserver command. To test it, patch the script vserver with this diff. great, please also send it to enrico and/or submit it on savannah (so that it will be picked up in the next release) best, Herbert @@ -43,6 +43,7 @@ restart ... restarts the specified vserver; this is the subsequent execution of a synchronized 'stop' and a 'start' condrestart ... restarts the vserver when it is running already +delete ... deletes the vserver suexec user shell-command args* ... executes a command as the specified user in the vserver exec shell-command args* @@ -96,6 +97,21 @@ exit 0 } +function delete() +{ +if test -z $OPTION_SILENT ; then + read -p Are you sure to delete the vserver $vserver (y/N) deleteok + if [[ ${deleteok} != [Yy] ]] ; then + exit 2 + fi +fi + +isVserverRunning $VSERVER_DIR +[EMAIL PROTECTED] $OPTION_SILENT --sync $vserver stop + +rm -rf `readlink -f $VSERVER_DIR/vdir` $VSERVER_DIR +} + function suexec() { . $__PKGLIBDIR/vserver.suexec @@ -203,7 +219,7 @@ shift 2 . $__PKGLIBDIR/vserver.$cmd ;; -(suexec|restart) +(suexec|restart|delete) shift 2 $cmd $@ ;; During the developpement, I detect a bug for the method condrestart. The test, checking if the vserver runs, doesn't work and returns the following error : isVserverRunning: unary operator expected. So, the vserver is always started. I suggest this to correct it : -test ! isVserverRunning $VSERVER_DIR || restart +isVserverRunning $VSERVER_DIR restart Thomas ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] hints on kernel configuration using Grsec and Vserver
On Wednesday 08 February 2006 18:30, TB wrote: # # Filesystem Protections # CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y # CONFIG_GRKERNSEC_CHROOT_DOUBLE is not set CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y # CONFIG_GRKERNSEC_CHROOT_CHMOD is not set CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y # CONFIG_GRKERNSEC_CHROOT_CAPS is not set Take a closer look at those CHROOT CONFIG's and have again a look at your error message and you'll see it (in case you don't see it, its CONFIG_GRKERNSEC_CHROOT_MOUNT=y that should be # CONFIG_GRKERNSEC_CHROOT_MOUNT is not set Feb 8 17:57:05 MYHOSTNAME kernel: grsec: From MYIPADDRESS: denied mount of proc as /var/lib/vservers/vhost0/proc from chroot by /var/lib/vservers/vhost0/bin/mount[mount:28032] uid/euid:0/0 gid/egid:0/0, parent /var/tmp/debootstrap.mVlEp8/usr/sbin/debootstrap[debootstrap:18704] uid/euid:0/0 gid/egid:0/0 -- Christian Heim [EMAIL PROTECTED] Gentoo Linux Developer - vserver pgpiGglpSsV98.pgp Description: PGP signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [parisc-linux] patch 2.6.16-rc2-vs2.1.0.10 test against pa1 32bit up kernel
On Thu, Feb 09, 2006 at 07:13:33PM +0100, Joel Soete wrote: Hello all, here are the results of this latest patch: Linux patst007 2.6.16-rc2-vs2.1.0.10-pa1-d32up #5 Thu Feb 9 16:30:25 CET 2006 parisc GNU/Linux Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.16-rc2-vs2.1.0.10-pa1-d32up #5 Thu Feb 9 16:30:25 CET 2006 parisc Ea 0.30.210 263/fallback (S*) v13,net VCI: 0002:0001 263 03000116 (TbLgnP) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. --- [L01]# succeeded. [D01]# succeeded. [L02]# succeeded. [D02]# succeeded. [L03]# succeeded. [D03]# succeeded. [L11]# succeeded. [D11]# succeeded. [L12]# succeeded. [D12]# succeeded. [L21]# succeeded. [D21]# succeeded. [L22]# succeeded. [D22]# succeeded. [L31]# succeeded. [D31]# succeeded. Linux-VServer FS Test [V0.12] Copyright (C) 2005-2006 H.Poetzl Linux 2.6.16-rc2-vs2.1.0.10-pa1-d32up parisc/0.30.210 VCI: 0002:0001 263 03000116 (ugid24) --- testing ext2 filesystem ... [000]. (ext2 format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing ext3 filesystem ... [000]. (ext3 format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing xfs filesystem ... [000]. (xfs format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing reiser filesystem ... [000]. (reiserfs format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing jfs filesystem ... [000]. (jfs format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. Heyhey, do I dream or is it supposed to fix jfs pb? yeah, I implemented inode attributes for jfs, waiting for inclusion ... I just hated to see those tests fail :) best, Herbert TIA, Joel --- NOTE! My email address is changing to ... @scarlet.be Please make the necessary changes in your address book. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] (no subject)
I'm using vserver-2.0.1 on CentOS. I got the patch in and created a number of vservers using the legacy method, as I wanted the vservers to be build based upon the base system. Now I am unable to restart or stop any of the VServers. I can something like this: [EMAIL PROTECTED] vservers]# vserver vs5 start WARNING: can not find configuration, assuming legacy method Starting the virtual server vs5 Server vs5 is running [EMAIL PROTECTED] vservers]# vserver vs5 restart WARNING: can not find configuration, assuming legacy method Server vs5 is running Stopping the virtual server vs5 Server vs5 is running ipv4root is now 192.168.1.75 New security context is 49156 Stopping HAL daemon:[FAILED] Stopping sshd: [FAILED] Stopping portmap: [FAILED] Shutting down interface eth0: That's all. No error messages, no more info. The process gets stuck here. The only I can get the vservers going afresh is by restarting the base machine. Not the most efficient method I would think. Did I do something wrong? Any tips? I couldn't find any help on google so far. Thanks in advance, Sukrit.D. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] (no subject)
On Fri, Feb 10, 2006 at 11:55:38AM +0530, sukrit wrote: I'm using vserver-2.0.1 on CentOS. I got the patch in and created a number of vservers using the legacy method, as I wanted the vservers vserver name build -m legacy ? to be build based upon the base system. Now I am unable to restart or stop any of the VServers. I can something like this: [EMAIL PROTECTED] vservers]# vserver vs5 start WARNING: can not find configuration, assuming legacy method Starting the virtual server vs5 Server vs5 is running [EMAIL PROTECTED] vservers]# vserver vs5 restart WARNING: can not find configuration, assuming legacy method Server vs5 is running Stopping the virtual server vs5 Server vs5 is running ipv4root is now 192.168.1.75 New security context is 49156 Stopping HAL daemon:[FAILED] Stopping sshd: [FAILED] Stopping portmap: [FAILED] Shutting down interface eth0: well, I'd start with creating a new style config for that guest or at least fixing up the legacy config you can create a new config with the skeleton method and then copy over your guest data into the created skeleton ... HTH, Herbert That's all. No error messages, no more info. The process gets stuck here. The only I can get the vservers going afresh is by restarting the base machine. Not the most efficient method I would think. Did I do something wrong? Any tips? I couldn't find any help on google so far. Thanks in advance, Sukrit.D. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Bug/Issue with Routing, Multiple NICs and vServers
Hi Folks, I encounter several problems regarding routing with a vServer host that has mutliple networks. I have a host which occupies three networks, my guest has IPs only in two of them resulting in the problem, that guest is unable to ping the third network under certain circumstances. When I try to ping the third network, the packets are emitted with source address from the first activated network (so, the lowest number in the interface directory) - in my case this is an internal maintenance LAN and I get packets that are unroutable. The packets are routed to teh target but are discarded there because they come in via the external NIC (third network) but have a source adderss that belongs to the internal NIC. I hope anybody understands this description - but I cant describe it better... The workaround for now is, to setup the IP belonging to the default route of the host as first in the vServer. It also works when I discard all network-routes from the hosts routing table and adress this by source based routing policies. But I assume that it would be best, when the implementation of vServer network-management hides all routes that are not accessible by the guest. Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver