[Vserver] libsensors3 and capabilities
Hi, I'm trying to install jffnms inside a debian etch vserver guest (my test box). dpkg-reconfigure libsensors3 tells me that the kernel isn't compiled with sensors support, but I'd swear it is there. I got to thinking it was a capability thing. Can anyone point me in the right direction? A. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thursday 06 April 2006 07:41 pm, Michael S. Zick wrote: > On Thu April 6 2006 17:41, Chuck wrote: > Ch> > Ch> actually 2 applications, the mail server and the list server both of which can > Ch> open several hundred threads as needed. > Ch> > > The hardcoded maximum per process (in 2.6.x) is 1024*1024 - so that is nothing > unless you have a very, very bad fs descriptor leak. > he is sending me 2 new binaries to see if they cure the problems. he suspects his settings/code since we didnt have this problem until we went to the new version, however at the same time we changed machines so there were too many variables for me to easily decide where the problem was. > Ch> > There is another limit built into the kernel for applications that use > Ch> 'select' > Ch> > to get notifications of connection attempts to file descriptors. > Ch> > > > Browsing fs/select.c makes me think I was wrong on the above - it might be > a libc limit that I recently read. > > Mike > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thu April 6 2006 17:41, Chuck wrote: Ch> Ch> actually 2 applications, the mail server and the list server both of which can Ch> open several hundred threads as needed. Ch> The hardcoded maximum per process (in 2.6.x) is 1024*1024 - so that is nothing unless you have a very, very bad fs descriptor leak. Ch> > There is another limit built into the kernel for applications that use Ch> 'select' Ch> > to get notifications of connection attempts to file descriptors. Ch> > Browsing fs/select.c makes me think I was wrong on the above - it might be a libc limit that I recently read. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thursday 06 April 2006 01:15 pm, Xavier Montagutelli wrote: > On Thursday 06 April 2006 19:01, Michael S. Zick wrote: > > On Thu April 6 2006 11:20, Chuck wrote: > > Ch> On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote: > > Ch> > On Thursday 06 April 2006 16:46, Chuck wrote: > > Ch> > > this one is weird. could i be reaching some kind of max on a gentoo > > Ch> > > platform? > > Ch> > > > > Ch> > > we are running approx 40 vserver guests on a 4 processor dell. our > > email Ch> > > server is running on the 'host' side. > > Ch> > > > > Ch> > > my tip on this came from our email list server. the log stated: > > Ch> > > > > Ch> > > 6 10:20:19 error: Still trying to open connection Too many open > > files Ch> > > > > > > A single, multi-thread application? > > I forget my UN*X basis : could it simply be related to "ulimit -n", the > maximum number of open files per process ? > > run from my terminal prompt: # ulimit -f unlimited so this should be ok. > > > > There is another limit built into the kernel for applications that use > > 'select' to get notifications of connection attempts to file descriptors. > > > > That limit is the hardcoded size of the file descriptor select structure > > (in bits). Not sure off-hand how big it is, I think either 64 or 128 bits > > (open descriptors monitored). > > > > You might have to run multiple instances of the e-mail application if this > > is the cause of the error message. > > > > Mike > > > > Ch> > > and this is in the log many times. not knowing if this is a program > > or Ch> > > system error causing this i am taking the safe route while i > > wait for the Ch> > > program support people to let me know... > > Ch> > > > > Ch> > > is there a setting somewhere in the vserver system, i assume on the > > host, Ch> > > that the number of open files can be set? i dont even know > > what the stock Ch> > > max is.. > > Ch> > > > Ch> > Perhaps /proc/sys/fs/file-max ? > > Ch> > > > Ch> > > Ch> maybe max files is not the issue. : > > Ch> > > Ch> # cat /proc/sys/fs/file-max > > Ch> 309847 > > Ch> > > Ch> i would think 309k open files would be sufficient. > > Ch> > > Ch> will see what the mailing list software vendor has to say.. > > Ch> > > Ch> > Just modify the value by echoing the new value > > Ch> > > > Ch> > or use sysctl -w fs.file-max= and modify /etc/sysctl.conf > > Ch> > > > Ch> > -- > > Ch> > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 > > Ch> > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 > > Ch> > Universite de Limoges > > Ch> > 123, avenue Albert Thomas > > Ch> > 87060 Limoges cedex > > Ch> > ___ > > Ch> > Vserver mailing list > > Ch> > Vserver@list.linux-vserver.org > > Ch> > http://list.linux-vserver.org/mailman/listinfo/vserver > > Ch> > > > Ch> > > ___ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > -- > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 > Universite de Limoges > 123, avenue Albert Thomas > 87060 Limoges cedex > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thursday 06 April 2006 01:01 pm, Michael S. Zick wrote: > On Thu April 6 2006 11:20, Chuck wrote: > Ch> On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote: > Ch> > On Thursday 06 April 2006 16:46, Chuck wrote: > Ch> > > this one is weird. could i be reaching some kind of max on a gentoo > Ch> > > platform? > Ch> > > > Ch> > > we are running approx 40 vserver guests on a 4 processor dell. our email > Ch> > > server is running on the 'host' side. > Ch> > > > Ch> > > my tip on this came from our email list server. the log stated: > Ch> > > > Ch> > > 6 10:20:19 error: Still trying to open connection Too many open files > Ch> > > > > A single, multi-thread application? > actually 2 applications, the mail server and the list server both of which can open several hundred threads as needed. > There is another limit built into the kernel for applications that use 'select' > to get notifications of connection attempts to file descriptors. > > That limit is the hardcoded size of the file descriptor select structure (in bits). > Not sure off-hand how big it is, I think either 64 or 128 bits (open descriptors > monitored). > > You might have to run multiple instances of the e-mail application if this is the > cause of the error message. due to licensing i am not sure it is possible. the license is for single run use on a single machine.. will have to check if that is even possible with this... however, the software vendor feels it is something to do with their settings/possible code problems.. this is a new binary issued so it is possible there are probs there. it appears our number of file handles (upward of 309k is more than sufficient. # cat /proc/sys/fs/file-max 309847 # cat /proc/sys/fs/file-nr 19425 0 309847 Thanks for the info on 'select'.. one more thing to research now :) Chuck > > Mike > > Ch> > > and this is in the log many times. not knowing if this is a program or > Ch> > > system error causing this i am taking the safe route while i wait for the > Ch> > > program support people to let me know... > Ch> > > > Ch> > > is there a setting somewhere in the vserver system, i assume on the host, > Ch> > > that the number of open files can be set? i dont even know what the stock > Ch> > > max is.. > Ch> > > Ch> > Perhaps /proc/sys/fs/file-max ? > Ch> > > Ch> > Ch> maybe max files is not the issue. : > Ch> > Ch> # cat /proc/sys/fs/file-max > Ch> 309847 > Ch> > Ch> i would think 309k open files would be sufficient. > Ch> > Ch> will see what the mailing list software vendor has to say.. > Ch> > Ch> > Just modify the value by echoing the new value > Ch> > > Ch> > or use sysctl -w fs.file-max= and modify /etc/sysctl.conf > Ch> > > Ch> > -- > Ch> > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 > Ch> > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 > Ch> > Universite de Limoges > Ch> > 123, avenue Albert Thomas > Ch> > 87060 Limoges cedex > Ch> > ___ > Ch> > Vserver mailing list > Ch> > Vserver@list.linux-vserver.org > Ch> > http://list.linux-vserver.org/mailman/listinfo/vserver > Ch> > > Ch> > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] libsensors3 and capabilites
Hi, I'm trying to install jffnms inside a debian etch vserver guest (my test box). dpkg-reconfigure libsensors3 tells me that the kernel isn't compiled with sensors support, but I'd swear it is there. I got to thinking it was a capability thing. Can anyone point me in the right direction? A. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [ANNOUNCE] Fedora Core 5 kernels and utils
As some of you may have noticed, the Fedora Core 5 kernel and util-vserver packages have been available from http://rpm.hozac.com/dhozac/fedora/5/vserver/ for a while. However, various issues with the util-vserver packages have kept me from officially announcing it, but those have now been resolved. As you may also know, Fedora Extras 5 carries the latest util-vserver release, however, it lacks the patch needed to make it work on Fedora Core 5. My packages support Fedora Core 5 hosts, as well as building Fedora Core 5 guests. The instructions for using the repository have not changed, just put http://rpm.hozac.com/dhozac/fedora/5/vserver/dhozac-vserver.repo in /etc/yum.repos.d and you'll get it. In other news, x86_64 is now built at the same time as i386, so it is now fully supported (both on Fedora Core 4 and 5). Special thanks to Rich Estill and Marcel Gsteiger who compiled the x86_64 versions previously. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thursday 06 April 2006 19:01, Michael S. Zick wrote: > On Thu April 6 2006 11:20, Chuck wrote: > Ch> On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote: > Ch> > On Thursday 06 April 2006 16:46, Chuck wrote: > Ch> > > this one is weird. could i be reaching some kind of max on a gentoo > Ch> > > platform? > Ch> > > > Ch> > > we are running approx 40 vserver guests on a 4 processor dell. our > email Ch> > > server is running on the 'host' side. > Ch> > > > Ch> > > my tip on this came from our email list server. the log stated: > Ch> > > > Ch> > > 6 10:20:19 error: Still trying to open connection Too many open > files Ch> > > > > A single, multi-thread application? I forget my UN*X basis : could it simply be related to "ulimit -n", the maximum number of open files per process ? > > There is another limit built into the kernel for applications that use > 'select' to get notifications of connection attempts to file descriptors. > > That limit is the hardcoded size of the file descriptor select structure > (in bits). Not sure off-hand how big it is, I think either 64 or 128 bits > (open descriptors monitored). > > You might have to run multiple instances of the e-mail application if this > is the cause of the error message. > > Mike > > Ch> > > and this is in the log many times. not knowing if this is a program > or Ch> > > system error causing this i am taking the safe route while i > wait for the Ch> > > program support people to let me know... > Ch> > > > Ch> > > is there a setting somewhere in the vserver system, i assume on the > host, Ch> > > that the number of open files can be set? i dont even know > what the stock Ch> > > max is.. > Ch> > > Ch> > Perhaps /proc/sys/fs/file-max ? > Ch> > > Ch> > Ch> maybe max files is not the issue. : > Ch> > Ch> # cat /proc/sys/fs/file-max > Ch> 309847 > Ch> > Ch> i would think 309k open files would be sufficient. > Ch> > Ch> will see what the mailing list software vendor has to say.. > Ch> > Ch> > Just modify the value by echoing the new value > Ch> > > Ch> > or use sysctl -w fs.file-max= and modify /etc/sysctl.conf > Ch> > > Ch> > -- > Ch> > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 > Ch> > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 > Ch> > Universite de Limoges > Ch> > 123, avenue Albert Thomas > Ch> > 87060 Limoges cedex > Ch> > ___ > Ch> > Vserver mailing list > Ch> > Vserver@list.linux-vserver.org > Ch> > http://list.linux-vserver.org/mailman/listinfo/vserver > Ch> > > Ch> > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thu April 6 2006 11:20, Chuck wrote: Ch> On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote: Ch> > On Thursday 06 April 2006 16:46, Chuck wrote: Ch> > > this one is weird. could i be reaching some kind of max on a gentoo Ch> > > platform? Ch> > > Ch> > > we are running approx 40 vserver guests on a 4 processor dell. our email Ch> > > server is running on the 'host' side. Ch> > > Ch> > > my tip on this came from our email list server. the log stated: Ch> > > Ch> > > 6 10:20:19 error: Still trying to open connection Too many open files Ch> > > A single, multi-thread application? There is another limit built into the kernel for applications that use 'select' to get notifications of connection attempts to file descriptors. That limit is the hardcoded size of the file descriptor select structure (in bits). Not sure off-hand how big it is, I think either 64 or 128 bits (open descriptors monitored). You might have to run multiple instances of the e-mail application if this is the cause of the error message. Mike Ch> > > and this is in the log many times. not knowing if this is a program or Ch> > > system error causing this i am taking the safe route while i wait for the Ch> > > program support people to let me know... Ch> > > Ch> > > is there a setting somewhere in the vserver system, i assume on the host, Ch> > > that the number of open files can be set? i dont even know what the stock Ch> > > max is.. Ch> > Ch> > Perhaps /proc/sys/fs/file-max ? Ch> > Ch> Ch> maybe max files is not the issue. : Ch> Ch> # cat /proc/sys/fs/file-max Ch> 309847 Ch> Ch> i would think 309k open files would be sufficient. Ch> Ch> will see what the mailing list software vendor has to say.. Ch> Ch> > Just modify the value by echoing the new value Ch> > Ch> > or use sysctl -w fs.file-max= and modify /etc/sysctl.conf Ch> > Ch> > -- Ch> > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Ch> > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Ch> > Universite de Limoges Ch> > 123, avenue Albert Thomas Ch> > 87060 Limoges cedex Ch> > ___ Ch> > Vserver mailing list Ch> > Vserver@list.linux-vserver.org Ch> > http://list.linux-vserver.org/mailman/listinfo/vserver Ch> > Ch> ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote: > On Thursday 06 April 2006 16:46, Chuck wrote: > > this one is weird. could i be reaching some kind of max on a gentoo > > platform? > > > > we are running approx 40 vserver guests on a 4 processor dell. our email > > server is running on the 'host' side. > > > > my tip on this came from our email list server. the log stated: > > > > 6 10:20:19 error: Still trying to open connection Too many open files > > > > and this is in the log many times. not knowing if this is a program or > > system error causing this i am taking the safe route while i wait for the > > program support people to let me know... > > > > is there a setting somewhere in the vserver system, i assume on the host, > > that the number of open files can be set? i dont even know what the stock > > max is.. > > Perhaps /proc/sys/fs/file-max ? > maybe max files is not the issue. : # cat /proc/sys/fs/file-max 309847 i would think 309k open files would be sufficient. will see what the mailing list software vendor has to say.. > Just modify the value by echoing the new value > > or use sysctl -w fs.file-max= and modify /etc/sysctl.conf > > -- > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 > Universite de Limoges > 123, avenue Albert Thomas > 87060 Limoges cedex > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thursday 06 April 2006 16:46, Chuck wrote: > this one is weird. could i be reaching some kind of max on a gentoo > platform? > > we are running approx 40 vserver guests on a 4 processor dell. our email > server is running on the 'host' side. > > my tip on this came from our email list server. the log stated: > > 6 10:20:19 error: Still trying to open connection Too many open files > > and this is in the log many times. not knowing if this is a program or > system error causing this i am taking the safe route while i wait for the > program support people to let me know... > > is there a setting somewhere in the vserver system, i assume on the host, > that the number of open files can be set? i dont even know what the stock > max is.. Perhaps /proc/sys/fs/file-max ? Just modify the value by echoing the new value or use sysctl -w fs.file-max= and modify /etc/sysctl.conf -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Passive FTP with Proftpd within guest
Hi Youri, I'm trying to get a simple Proftpd-mysql server running in one of my guests, and was wondering how I could enable passive ftp connections. Has this got something to do with guest capabilities or do I have to resort to some iptables fiddling on the host? And would the solution be to bind this guest directly to the host address? I cant see your problemdoes your guest use its own IP ? If so, all ports are reachable from "outside" without any problems, same counts for mysql. Just make sure that no "0.0.0.0" gathering process is running on your host - mysql is somewhat greedy in this aspect and will bind to all available IPs if running on the host. Thus will prevent your guest from occuping the port. If you share the IP it would be nearly the same, exept that - of course - no service must run on the IP/Port used by proftp or mysql Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Passive FTP with Proftpd within guest
Hi list, congratulations for all the great work being achieved here! I'm trying to get a simple Proftpd-mysql server running in one of my guests, and was wondering how I could enable passive ftp connections. Has this got something to do with guest capabilities or do I have to resort to some iptables fiddling on the host? And would the solution be to bind this guest directly to the host address? Any insight on this would be greatly appreciated as I don't seem to have found any comprehensible explanation anywhere on the net or on this list, best regards, Youri ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
On Thursday 06 April 2006 08:01 am, Oliver Welter wrote: just wanted to let you know your suggestion cured my problem :) thanks!! it translates perfectly, and now the email software can co-exist with other port 80 guest servers nicely. now if the high ip address usage within a guest works reasonably nicely, it will cure my other problems of not being able to move some machines over to vservers.. > Hi Chuck, > > >> iptable -t nat -I PREROUTING -d 192.168.168.0/24 --dport 80 -j DNAT --to > >> target:port Should work without reasonable impact on the load... > >> > > > > hmm.. ok im no iptables whiz but i will try this syntax... i have to eliminate nat since they are all public ip addresses.. i suspect maybe something like this might work in our saved rules file? (gentoo) > > You will need NAT - as this will translate the destination... > > > > i suspect maybe this may need to be changed.. > > > > -A RH-Firewall-1-INPUT PREROUTING -d 64.113.34.0/24 --dport 80 [dont know what to do with -j here] --to 64.113.34.0/24:7080 > > Basically "PREROUTING" is another chain than the one you are using - so, > I suggest: > iptables -t nat -A PREROUTING -p tcp -d 64.113.34.0/24 --dport 80 -j > DNAT --to :7080 > > This will redirect every traffic to 64.113.34.0/24:80 to the same ip as > the orginal paket but going to port 7080. > > If you want to stuff everything into one vServer with one IP, just > repace the target with > -j DNAT --to vserversip:port > > HTH > > Oliver > > PS: if you have problems revealing private data write PM, or join > #vserver - will be there shortly as oliwel > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] too many open files error
this one is weird. could i be reaching some kind of max on a gentoo platform? we are running approx 40 vserver guests on a 4 processor dell. our email server is running on the 'host' side. my tip on this came from our email list server. the log stated: 6 10:20:19 error: Still trying to open connection Too many open files and this is in the log many times. not knowing if this is a program or system error causing this i am taking the safe route while i wait for the program support people to let me know... is there a setting somewhere in the vserver system, i assume on the host, that the number of open files can be set? i dont even know what the stock max is.. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
On Thursday 06 April 2006 09:09 am, Benoît des Ligneris wrote: > Hello, > > Chuck a écrit : > > tuesday, i ran into a major emergency with a hardware failure on our email > > machine which uses 130 ip addresses. my only choice was to move it to the > > host side of our dell vserver host. this is presently causing an extreme > > amount of port clashes as the email server wants to grab every ip on port 80 > > for webmail rather than stick to a single /24 and i so far have not found a > > way to bind it to only a single network. > > If you are using a vserver kernel, why not use chbind to bind the server > to the IP you want to use ? > interesting utility... never knew it existed... i would have to bind to eth2 and all 130+ ip addys on it though and exclude one... one ip in that same netblock using the same interface is a vserver guest that is a different email server. from what i gather this will lock down all ip addys on that interface... unless it is used first, then an ip is added by a guest using a later startup... with my luck it would go ahead and grab that one too :) > > > putting it into a guest would cure all of this i believe... i did not do this > > initially due to the 16 ip limitations... > > Well, this can easily be changed with a patch to the vserver patch > however there will be a small performance impact. > will have to find this patch and review it... if patched is this performance impact across the board on all guests whether using 1 or 100 ips? or is it restricted to those with >16 ips? > > is that limitation released yet? or is there code available which works well > > enough to stuff it into a production environment? i have had to shut down 14 > > vservers just to get mail to run :( > > We already deploy it in a production environment for at least one year > now (for hosting, 64 IPs). > > > the only other option i have is to buy a replacement server and put mail onto > > that which i prefer not to do as we are targeting a large new server to put > > all the vservers onto which would leave the dell to run email as a stand > > alone machine but this wont happen for a good month yet as once the server > > comes in i have to recompile every virtual to live on amd64/opteron arch as i > > move them over (quite time consuming considering i am moving 40+ vservers off > > a p3 intel environment).. > > > > > > > > -- > Benoit des Ligneris Ph. D. > President de Revolution Linuxhttp://www.revolutionlinux.com/ > OSCAR http://oscar.openclustergroup.org/ > EduLinuxhttp://www.edulinux.org/ > > Toutes les opinions et les prises de position exprimées dans ce courriel > sont celles de son auteur et ne répresentent pas nécessairement celles > de Révolution Linux > > Any views and opinions expressed in this email are solely those of the > author and do not necessarily represent those of Revolution Linux > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
Hello, Chuck a écrit : > tuesday, i ran into a major emergency with a hardware failure on our email > machine which uses 130 ip addresses. my only choice was to move it to the > host side of our dell vserver host. this is presently causing an extreme > amount of port clashes as the email server wants to grab every ip on port 80 > for webmail rather than stick to a single /24 and i so far have not found a > way to bind it to only a single network. If you are using a vserver kernel, why not use chbind to bind the server to the IP you want to use ? > putting it into a guest would cure all of this i believe... i did not do this > initially due to the 16 ip limitations... Well, this can easily be changed with a patch to the vserver patch however there will be a small performance impact. > is that limitation released yet? or is there code available which works well > enough to stuff it into a production environment? i have had to shut down 14 > vservers just to get mail to run :( We already deploy it in a production environment for at least one year now (for hosting, 64 IPs). > the only other option i have is to buy a replacement server and put mail onto > that which i prefer not to do as we are targeting a large new server to put > all the vservers onto which would leave the dell to run email as a stand > alone machine but this wont happen for a good month yet as once the server > comes in i have to recompile every virtual to live on amd64/opteron arch as i > move them over (quite time consuming considering i am moving 40+ vservers off > a p3 intel environment).. > > > -- Benoit des Ligneris Ph. D. President de Revolution Linuxhttp://www.revolutionlinux.com/ OSCAR http://oscar.openclustergroup.org/ EduLinuxhttp://www.edulinux.org/ Toutes les opinions et les prises de position exprimées dans ce courriel sont celles de son auteur et ne répresentent pas nécessairement celles de Révolution Linux Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
On Thursday 06 April 2006 08:01 am, Oliver Welter wrote: > Hi Chuck, > > >> iptable -t nat -I PREROUTING -d 192.168.168.0/24 --dport 80 -j DNAT --to > >> target:port Should work without reasonable impact on the load... > >> > > > > hmm.. ok im no iptables whiz but i will try this syntax... i have to eliminate nat since they are all public ip addresses.. i suspect maybe something like this might work in our saved rules file? (gentoo) > > You will need NAT - as this will translate the destination... > > > > i suspect maybe this may need to be changed.. > > > > -A RH-Firewall-1-INPUT PREROUTING -d 64.113.34.0/24 --dport 80 [dont know what to do with -j here] --to 64.113.34.0/24:7080 > > Basically "PREROUTING" is another chain than the one you are using - so, > I suggest: > iptables -t nat -A PREROUTING -p tcp -d 64.113.34.0/24 --dport 80 -j > DNAT --to :7080 > > This will redirect every traffic to 64.113.34.0/24:80 to the same ip as > the orginal paket but going to port 7080. > ahh ok.. heh i just saw nat and thought private nets immediately. thanks will try this. > If you want to stuff everything into one vServer with one IP, just > repace the target with > -j DNAT --to vserversip:port > unfortunately no can do on a single ip. every domain is assigned its own so it appears to have its own mail server answering as that domain, dns lookups including reverse as that domain etc > HTH > > Oliver > > PS: if you have problems revealing private data write PM, or join > #vserver - will be there shortly as oliwel > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Physical memory utilisation debugging
Hello, What would you advice to assess the physical memory utilisations of processes and vservers ? The RSS column of ps, as well the vserver-stat does not take into account the shared memory, due for instance to CoW between processes inside the same vserver but also across vservers thanks to the unification. I could stop/start services and vservers, and call "free" before and after, make the difference. But is there a way more practical and more precise ? Is there a tool to get the map of the physical memory and how each page is used (mapped to a process virtual space, kernel, etc...), or a tool to compute the amount of shared memory between 2 (or more) processes ? ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
Hi Chuck, iptable -t nat -I PREROUTING -d 192.168.168.0/24 --dport 80 -j DNAT --to target:port Should work without reasonable impact on the load... hmm.. ok im no iptables whiz but i will try this syntax... i have to eliminate nat since they are all public ip addresses.. i suspect maybe something like this might work in our saved rules file? (gentoo) You will need NAT - as this will translate the destination... i suspect maybe this may need to be changed.. -A RH-Firewall-1-INPUT PREROUTING -d 64.113.34.0/24 --dport 80 [dont know what to do with -j here] --to 64.113.34.0/24:7080 Basically "PREROUTING" is another chain than the one you are using - so, I suggest: iptables -t nat -A PREROUTING -p tcp -d 64.113.34.0/24 --dport 80 -j DNAT --to :7080 This will redirect every traffic to 64.113.34.0/24:80 to the same ip as the orginal paket but going to port 7080. If you want to stuff everything into one vServer with one IP, just repace the target with -j DNAT --to vserversip:port HTH Oliver PS: if you have problems revealing private data write PM, or join #vserver - will be there shortly as oliwel -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: many ip addys
On Thursday 06 April 2006 07:17 am, Matvey Gladkikh wrote: > On 06/04/06 07:00 -0400, Chuck wrote: > > On Friday 21 October 2005 12:23 pm, Chuck wrote: > > > On Friday 21 October 2005 12:12 pm, Herbert Poetzl wrote: > > > > On Fri, Oct 21, 2005 at 06:58:38AM -0400, Chuck wrote: > > > > > i forget.. was it ngnet that would support a few hundred ip addys in a > > > > > guest? > > > > > > > > > > i have a few big machines i cant move over until it can efficiently > > > > > support several hundred ip addys (minimum a /24) ... if ngnet is the > > > > > answer im gonna try to raise some funding from my boss .. no promises > > > > > as he does not let go easily.. :D > > > > > > > > hehe, well, ngnet will provide that indeed, > > > > but for a quick and dirty hack you can raise > > > > the limit from the current 16 to something > > > > higher, but you should be aware that the > > > > current implementation will slow down with > > > > every ip address you add ... > > > > > > > does anyone have some facts about how slow this would get with 130 or 140 ip > > addys added to a current vserver? is it just measurable or is it visible? > > unfortunately this mail server is very busy so i am extremely hesitant to try > > this. > > I am useing 256 per vserver guest. > About ~80 ips usually. > Have not seen any big differences in speed. interesting.. is it noticable though? this sucker gets pounded pretty severely and if i reduce its handling capacity i fear the results :) > > My pathched sources can be found: > deb http://matvey.org.ru/pub/debian stable main > will look this over and try to figure out how to do it for a gentoo vserver utils install and vanilla kernel. in case it matters this is my version 2.6.13.3-vs2.1.0-rc4 thank you! > -- > Matvey Gladkikh > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
On Thursday 06 April 2006 07:30 am, Oliver Welter wrote: > Hi Chuck, > > > my only other option is to do policy routing which i don't think our > > switch/router ios is right for.. at least then i could target the entier /24 > > for port 80 requests and translate them to something like 7080 before it gets > > to the machine and then back out again. messy at best i suspect. > > Might it be an option to do so with iptables ? > I use this approach for some servers without any problems - I think that > > iptable -t nat -I PREROUTING -d 192.168.168.0/24 --dport 80 -j DNAT --to > target:port Should work without reasonable impact on the load... > hmm.. ok im no iptables whiz but i will try this syntax... i have to eliminate nat since they are all public ip addresses.. i suspect maybe something like this might work in our saved rules file? (gentoo) i suspect maybe this may need to be changed.. -A RH-Firewall-1-INPUT PREROUTING -d 64.113.34.0/24 --dport 80 [dont know what to do with -j here] --to 64.113.34.0/24:7080 basically anything that say comes in for 64.113.34.11 port 80 needs to go to the same ip address on port 7080 and likewise back out for replies.. any assistance is greatly appreciated.. > Oliver > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
Hi Chuck, my only other option is to do policy routing which i don't think our switch/router ios is right for.. at least then i could target the entier /24 for port 80 requests and translate them to something like 7080 before it gets to the machine and then back out again. messy at best i suspect. Might it be an option to do so with iptables ? I use this approach for some servers without any problems - I think that iptable -t nat -I PREROUTING -d 192.168.168.0/24 --dport 80 -j DNAT --to target:port Should work without reasonable impact on the load... Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: many ip addys
On 06/04/06 07:00 -0400, Chuck wrote: > On Friday 21 October 2005 12:23 pm, Chuck wrote: > > On Friday 21 October 2005 12:12 pm, Herbert Poetzl wrote: > > > On Fri, Oct 21, 2005 at 06:58:38AM -0400, Chuck wrote: > > > > i forget.. was it ngnet that would support a few hundred ip addys in a > > > > guest? > > > > > > > > i have a few big machines i cant move over until it can efficiently > > > > support several hundred ip addys (minimum a /24) ... if ngnet is the > > > > answer im gonna try to raise some funding from my boss .. no promises > > > > as he does not let go easily.. :D > > > > > > hehe, well, ngnet will provide that indeed, > > > but for a quick and dirty hack you can raise > > > the limit from the current 16 to something > > > higher, but you should be aware that the > > > current implementation will slow down with > > > every ip address you add ... > > > > does anyone have some facts about how slow this would get with 130 or 140 ip > addys added to a current vserver? is it just measurable or is it visible? > unfortunately this mail server is very busy so i am extremely hesitant to try > this. I am useing 256 per vserver guest. About ~80 ips usually. Have not seen any big differences in speed. My pathched sources can be found: deb http://matvey.org.ru/pub/debian stable main -- Matvey Gladkikh ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ability to use 130+ ips within a vserver yet?
On Thursday 06 April 2006 06:55 am, Chuck wrote: my only other option is to do policy routing which i don't think our switch/router ios is right for.. at least then i could target the entier /24 for port 80 requests and translate them to something like 7080 before it gets to the machine and then back out again. messy at best i suspect. > tuesday, i ran into a major emergency with a hardware failure on our email > machine which uses 130 ip addresses. my only choice was to move it to the > host side of our dell vserver host. this is presently causing an extreme > amount of port clashes as the email server wants to grab every ip on port 80 > for webmail rather than stick to a single /24 and i so far have not found a > way to bind it to only a single network. > > putting it into a guest would cure all of this i believe... i did not do this > initially due to the 16 ip limitations... > > is that limitation released yet? or is there code available which works well > enough to stuff it into a production environment? i have had to shut down 14 > vservers just to get mail to run :( > > the only other option i have is to buy a replacement server and put mail onto > that which i prefer not to do as we are targeting a large new server to put > all the vservers onto which would leave the dell to run email as a stand > alone machine but this wont happen for a good month yet as once the server > comes in i have to recompile every virtual to live on amd64/opteron arch as i > move them over (quite time consuming considering i am moving 40+ vservers off > a p3 intel environment).. > > > > -- > > Chuck > > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Chuck "...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. " The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] many ip addys
On Friday 21 October 2005 12:23 pm, Chuck wrote: > On Friday 21 October 2005 12:12 pm, Herbert Poetzl wrote: > > On Fri, Oct 21, 2005 at 06:58:38AM -0400, Chuck wrote: > > > i forget.. was it ngnet that would support a few hundred ip addys in a > > > guest? > > > > > > i have a few big machines i cant move over until it can efficiently > > > support several hundred ip addys (minimum a /24) ... if ngnet is the > > > answer im gonna try to raise some funding from my boss .. no promises > > > as he does not let go easily.. :D > > > > hehe, well, ngnet will provide that indeed, > > but for a quick and dirty hack you can raise > > the limit from the current 16 to something > > higher, but you should be aware that the > > current implementation will slow down with > > every ip address you add ... > does anyone have some facts about how slow this would get with 130 or 140 ip addys added to a current vserver? is it just measurable or is it visible? unfortunately this mail server is very busy so i am extremely hesitant to try this. Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] ability to use 130+ ips within a vserver yet?
tuesday, i ran into a major emergency with a hardware failure on our email machine which uses 130 ip addresses. my only choice was to move it to the host side of our dell vserver host. this is presently causing an extreme amount of port clashes as the email server wants to grab every ip on port 80 for webmail rather than stick to a single /24 and i so far have not found a way to bind it to only a single network. putting it into a guest would cure all of this i believe... i did not do this initially due to the 16 ip limitations... is that limitation released yet? or is there code available which works well enough to stuff it into a production environment? i have had to shut down 14 vservers just to get mail to run :( the only other option i have is to buy a replacement server and put mail onto that which i prefer not to do as we are targeting a large new server to put all the vservers onto which would leave the dell to run email as a stand alone machine but this wont happen for a good month yet as once the server comes in i have to recompile every virtual to live on amd64/opteron arch as i move them over (quite time consuming considering i am moving 40+ vservers off a p3 intel environment).. -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
