Re: [Vserver] Anounce: CentOS 5 guest image
Sandino Araico Sánchez wrote: > Yum is marked unstable in Gentoo. It works sometimes but i got used to > unpacking the guest image and running a script that creates the config > directory and the config file... It takes me about 20 minutes to setup a > new vservar and have it running What config file? You're also aware of vserver ... build -m template, yes? 20 minutes does seem like a long time, especially if it doesn't include downloading the guest. What else is your script doing? > Yum in Gentoo is sensitive to upgrades of dependencies; it breaks > easily Whenever Yum breaks It's easier to unpack a guest image than > revdep-rebuild. So, pin the few packages it does depend on? Seems to me like you're unnecessarily complicating the procedure. > I have used debootstrap in Gentoo to create Debian vservers and It works > just fine. As it should. It's just a simple shellscript. > About Yum in Debian I don't know about It's stability status but I have > only seen it working few times.... Oh? I don't recall hearing about any problems. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Anounce: CentOS 5 guest image
Sandino Araico Sánchez wrote: > That's right, but yum does not always work on Debian or Gentoo hosts. Oh? Details? Both Debian and Gentoo have packages for yum, so that sounds like bug(s) which should be reported to the maintainers... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Anounce: CentOS 5 guest image
Sandino Araico Sánchez wrote: > In case somebody finds it useful, here it is: > http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2 > http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2.md5 > http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2.asc > > It was cooked from a CentOS 5 stage2 image > > Not to rain on your parade, but you're aware of vserver ... build -m yum ... -- -d centos5 which will automatically build a CentOS 5 guest, right? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver copy. The saga continues!
Roderick A. Anderson wrote: > The builds using rsync are going well but this has created a bit of a > problem. Typically I build using yum as the method. This creates all > the necessary files in /etc/vservers//apps. Using rsync doesn't. > > Is there a command/incantation to convert a vserver guest to another > package-management system like yum, apt-get, etc? > > I suspect the pieces to do this are in the vserver script but if the > method is just undocumented it would be quicker. Oh, you're using external package management? To ease the migration, you probably should've internalized that before the move, and then externalized it again once you got to the destination server. Now, I think you should be able to just copy /vservers/.pkg/ to /vservers/.pkg on the destination host, and just make sure you have all of the necessary symlinks and files in apps/pkgmgmt. For reference, the commands to internalize/externalize package management are: vserver pkgmgmt internalize (possibly with --force since you don't seem to have yum installed in the guest) vserver pkgmgmt externalize -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The $64,000 dollar question
Roderick A. Anderson wrote: > Thanks to all for your help and suggestions on copying Vserver guests. > So far it has worked quite well. > > > I'm now on to newer things which brings me to the "question." What > distribution should I use for the Host? > > With Daniel's excellent repository(s) I have been using Fedora Core 5. > I has been very stable and makes any work in the host easy. And then > the guests get FC5 which with vyum makes them very easy to to > maintain/enhance. > But I just went through a repository hell trying to update the host. > Not sure what was going on but I suspect that with FC5 at end-of-life > this will happen more often. "Repository hell"? Meaning what, exactly? > So the big question is which (preferably YUM-able) distribution should I > use for the host? I'm currently thinking CentOS 5 as it has an > end-of-life in about 5 years. I hope to be retired by then. :-) Plus I > believe I read that it is actually supported in Daniel's repository. Unfortunately not, I haven't had enough round tuits lately, but you can use the FC6 kernel RPM (though that is not as updated as I'd like it to be, Fedora no longer updates the public tree) for now. >And does it make sense to use an _older_ distribution in the guests > that don't change much? Sounds like the definition of an "enterprise"-distro, so CentOS should be fine there too... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] One More Time - copy a Guest from system to system
Roderick A. Anderson wrote: > Daniel Hokka Zakrisson wrote: >> Roderick A. Anderson wrote: >>> I've been all through the Wiki and old docs, searched using Google, >>> looked through my _OLD_ messages (back to 2003) and still can't come up >>> with a well defined method to copy a (running if possible) vserver >>> guest >>> from one system to another. >>> >>> From my reading I think I need to build the _new_ guest 'mynewone' >>> using the skeleton method. Then rm all the files in /vserver/mynewone >>> and follow that with a rsync from the _old_ guest to the _new_ guest. >>> Unfortunately the vserver docs are from the CTX kernels. A vserver >>> --help gets a semi-useful help screen. Any newer docs? >>> >>> What special rsync switches do I need or use to make this process >>> doable? As in it is a running guest that I'd prefer not taking down >>> until the actual move I'm sure /proc and maybe /dev could cause >>> problems. >>> >>> The need for the hot copy is because the _old_ guest has a big pile of >>> installed perl modules and _other_ software packages. It would be >>> easier to copy than (re)install them. :-) >> >> The way I'd do it: >> export RSYNC_RSH=ssh >> vserver build -m rsync --context ... -- --source >> [EMAIL PROTECTED]:/vservers// > > I've got this far but since it is getting a new IP I used that instead > of the current IP. Not a high traffic site so after I change to the old > IP I'll try this next step. > >> > > How not good? I'm thinking rsync does it right so maybe my invocation > could have been wrong. ??? It's always best to make sure something didn't go terribly wrong... ;-) >> rsync -Hazx --numeric-ids [EMAIL PROTECTED]:/vservers// > > The man page for rsync seems to indicate that the -H switch will be in > conflict with the -a switch or the other way around. To me, it just says that -a doesn't include -H. > Rod > -- >> /vservers// >> vserver start >> >> -- >> Daniel Hokka Zakrisson -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] One More Time - copy a Guest from system to system
Roderick A. Anderson wrote: > And as always Daniel ... you rock. Thanks. This is much simpler than > what I thought it could be. You're welcome! > Can I assume that after --context and before -- (the ...) I can put in > other switches? > > --interface, --initstyle, --hostname, etc? Yeah, of course. I meant to specify a context number before the dots, that must've gotten lost somewhere... > I was just getting ready to try _my method_ on a small guest but this > will be better. > > > Again thanks, > Rod > -- > Daniel Hokka Zakrisson wrote: >> Roderick A. Anderson wrote: >>> I've been all through the Wiki and old docs, searched using Google, >>> looked through my _OLD_ messages (back to 2003) and still can't come up >>> with a well defined method to copy a (running if possible) vserver >>> guest >>> from one system to another. >>> >>> From my reading I think I need to build the _new_ guest 'mynewone' >>> using the skeleton method. Then rm all the files in /vserver/mynewone >>> and follow that with a rsync from the _old_ guest to the _new_ guest. >>> Unfortunately the vserver docs are from the CTX kernels. A vserver >>> --help gets a semi-useful help screen. Any newer docs? >>> >>> What special rsync switches do I need or use to make this process >>> doable? As in it is a running guest that I'd prefer not taking down >>> until the actual move I'm sure /proc and maybe /dev could cause >>> problems. >>> >>> The need for the hot copy is because the _old_ guest has a big pile of >>> installed perl modules and _other_ software packages. It would be >>> easier to copy than (re)install them. :-) >> >> The way I'd do it: >> export RSYNC_RSH=ssh >> vserver build -m rsync --context ... -- --source >> [EMAIL PROTECTED]:/vservers// >> >> rsync -Hazx --numeric-ids [EMAIL PROTECTED]:/vservers// >> /vservers// >> vserver start >> >> -- >> Daniel Hokka Zakrisson >> ___ >> Vserver mailing list >> Vserver@list.linux-vserver.org >> http://list.linux-vserver.org/mailman/listinfo/vserver > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] One More Time - copy a Guest from system to system
Roderick A. Anderson wrote: > I've been all through the Wiki and old docs, searched using Google, > looked through my _OLD_ messages (back to 2003) and still can't come up > with a well defined method to copy a (running if possible) vserver guest > from one system to another. > > From my reading I think I need to build the _new_ guest 'mynewone' > using the skeleton method. Then rm all the files in /vserver/mynewone > and follow that with a rsync from the _old_ guest to the _new_ guest. > Unfortunately the vserver docs are from the CTX kernels. A vserver > --help gets a semi-useful help screen. Any newer docs? > > What special rsync switches do I need or use to make this process > doable? As in it is a running guest that I'd prefer not taking down > until the actual move I'm sure /proc and maybe /dev could cause problems. > > The need for the hot copy is because the _old_ guest has a big pile of > installed perl modules and _other_ software packages. It would be > easier to copy than (re)install them. :-) The way I'd do it: export RSYNC_RSH=ssh vserver build -m rsync --context ... -- --source [EMAIL PROTECTED]:/vservers// rsync -Hazx --numeric-ids [EMAIL PROTECTED]:/vservers// /vservers// vserver start -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error while executing the vserver startup sequence
Jake Solid wrote: > I'm getting the following error when trying to create a gust on my CentOS > 5 > x86_64. I was able to find all files listed below and dont no for sure > where > is the problem. I'm using util-vserver-0.30.213-0.1 > > [EMAIL PROTECTED] ~]# vserver myguest build --force -m yum --context 42 > --hostname=host.myguest.com --interface eth0=eth0:1.2.3.4/255.255.240.0 -- > -d centos5 It looks to me like yum isn't finding any mirrors, and is thus unable to find any RPMs. Have you modified the repo files yourself, or is this OOTB? You might want to do something like: mkdir -p /etc/vservers/.distributions/centos5 cp -a /usr/lib*/util-vserver/distributions/centos5/yum /etc/vservers/.distributions/centos5 sed -i 's/debuglevel=.*/#\0/' /etc/vservers/.distributions/centos5/yum/yum.conf to get yum to show you what's happening. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] init-style gentoo with baselayout-1.13.0_alpha12
Marcus Mülbüsch wrote: > I have a Gentoo vserver set up with vserver-sources-2.2.0, > util-vserver-0.30.213 and baselayout-1.13.0_alpha12 > > Thus I can use the "gentoo" init-style. Fine so far. Building and using > that vserver is easy; I followed > http://www.gentoo.org/proj/en/vps/vserver-howto.xml almost exactly. > > I want to start a daemon from inittab (in this case: monit), so it gets > respawned when dieing. Works fine with older gentoo vserver guests which > use the "plain" init style. > > However, when inside a guest vserver with "gentoo" init style, there is > no seperate init process for each guest. So when I issue "init q" I get > a "init: /dev/initctl: No such file or directory". > > I freely admit that I do not exactly know what I'm expected to do here. > :-/ > > A few pointers on what I don't understand, how I can solve that problem, > or what I am to do instead of using inittab would be very appreciated. If you want to use init and the features it provides, you're going to have to use the plain initstyle. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /dev/hdv1 , apache + umask trouble
Oliver Heinz wrote: > Hi, > > after some testing it seems that I have some strange behaviour with the > root > fs in guests. > > I have an apache 1.3 running, with php4 scripts that do an file upload to > the > filesystem. I wanted to change the umask for file creation and had > different > behaviour for the resulting file being on the root fs (/dev/hdv1 which > shows > as via mount ufs) and a seperate bind mount. > > When the file ist created on the seperate mount umask works and i can set > whatever umask i want resulting in the corresponing mode. > > When the file is created somewhere on the / ufs it's created with with > mode > 0600, no matter what umask I set - it's just completely ignored, SGID is > also > ignored the resulting file is owned by the primary group of the > apache-process. > > chmod in php does work fine, umask on the commanline does work too. > > Has anybody ever experienced such strange behaviour? > > > TIA, > Oliver > > > > php code: > > ... > umask (0002); > if(is_uploaded_file($userfile) && move_uploaded_file($userfile, > $file_name)) > .. > > result on seperate bind mount: > drwxrwsr-x 2 www-data wdvuser 4096 2007-06-26 13:54 . > drwxrwsr-x 7 ftp wdvuser 4096 2007-06-26 09:20 .. > -rw-rw-r-- 1 www-data wdvuser 5253 2007-06-26 13:54 logo.jpg > > > result on root fs (/dev/hdv1, ufs): > drwxrwsr-x 2 www-data wdvuser 4096 2007-06-26 14:39 . > drwxr-xr-x 6 root root 4096 2007-06-26 14:37 .. > -rw--- 1 www-data www-data 3624 2007-06-26 14:39 logo.jpg > > > > > > mount output: > /dev/hdv1 on / type ufs (defaults) > /var/www/test type none (0) > > > > fstab: > none/proc procdefaults,noexec,nosuid 0 0 > none/dev/ptsdevpts gid=5,mode=620 0 0 > /srv/www/test /var/www/test nonebind > > > Versions: >Kernel: 2.6.19.7-grsec2.1.10-vs2.2.0 >VS-API: 0x00020200 > util-vserver: 0.30.212; Jan 16 2007, 11:59:37 Sounds to me like the file is originally on the root filesystem, e.g. in /tmp, and move_uploaded_file is optimized to simply rename(2) the file if the source and destination are on the same filesystem, which would mean that the umask isn't used at all. An strace should tell you more though... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] fedora 7 and vserver
jean-marc pouchoulon wrote: > jean-marc pouchoulon a écrit : >> Hi all, >> Do daniel's repository will contain in the near future kernel and >> vserver-util for fedora 7 ? >> > it seems that util-vserver are in fedora 7. Yes, the utils have been in Fedora (Extras at first) since FC5. As for the kernel, I've been meaning to look at it for some time now, but have been distracted by other things. I'll try to do it this weekend. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS 5 building guest machine
Jake Solid wrote: > Hello, > > I completed the nstallation of the latest version of vserver on a CentOS 5 > machine. I'm trying to find procedures on how to build a CentOS 5 guest > machine. > > Any inputs will be appreciated, vserver centos5 build -m yum ... -- -d centos5 should do the trick, once you replace the dots with your desired options. Is that not the case? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Re:] vcontext/login CPU usage at 100%
Ruben Leote Mendes wrote: > Hi, > > I also have this problem. Is there already a solution? > > My setup: > > # vserver-info > Versions: >Kernel: 2.6.20.11-vs2.2.0 >VS-API: 0x00020200 > util-vserver: 0.30.212; Dec 9 2006, 12:26:51 > Yes, upgrade to util-vserver 0.30.213. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] disk quota and vhashify
ADNET Ghislain wrote: > Hi, > > To have disk quotas it seems the best to have a partition for each > Vserver guests. But vhashify use hardlink and i think it does not cross > partition. What would be the best way to have vhashify AND quota on the > vserver ? > > > *Is there a way to implement "user/group quota" per VServer?* > > A: Yes, but not on a shared partition for now. You need to put the guest > on a separate partition, setup a vroot device (to make the quota access > secure), copy that into the guest, and adjust the mtab line inside the > guest. > > >is disk limits the solution ? how disk limit work with the quota > support ? > > http://oldwiki.linux-vserver.org/Disk+Limits > >this tells that it set limits but i don't know how this interact with > the quota utilities or the likes. Anyone ghas experiences on how it works > ? Disk limits limit the entire guest on that filesystem, not users or groups within that guest. Nobody has wanted user/group quotas on a shared filesystem yet to do the required testing. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Correct usage of vlan devices / weird error
Oliver Welter wrote: > Hi Folks, > > Today I ran into a problem with newtwork devices on vlans. > > My box has one physikal interface (eth0) which hosts two vlans (vlan3 + > vlan4). The "basic" vlan interfaces are created on system bootup and > have each one ip assigned. > > In the vserver-config I used the default syntax with "vlan3" in the file > "dev" and ignored the warnings on startup *sic* which worked on my old > config (0.30.210 tools on 2.6.15 kernel). What do you have now? > Today an angry customer called that his webserver is down - examination > showed: > The guest has a total of 6 interfaces assigned where 4 are in vlan3, the > first 3 in the vlan startup properly, the 4th one shows "NETLINK: > numeric result out of range". What settings are you using for that interface? (I.e. what does tail /etc/vservers//interfaces/3/* show?) > Anybody has an idea on this ? And perhaps anybody can point me to a good > idea how to get rid of the warnings. I dont succeed with the "nodev" > flag... How do you not succeed? You simply touch the file, and the utils will do nothing whatsoever with regard to setting up that IP address/interface, they'll just assign it to the network context. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 End of Life and Linux-Vserver
Roderick A. Anderson wrote: With the announcement of the EOL for Fedora Core 5 I'm wondering where I should go next or if I should go ... next? So actually this is more a question for Daniel Zakrisson since he provides the FC5 vserver kernel and vserver-utils RPMs and the repository. How long do you think you'll keep updating the FC5 stuff? Thanks, Rod I guess I'll handle it the same way I handled the FC4 EOL, i.e. keep pushing updates until the base kernel (2.6.20) is no longer receiving them. As for the utils, I hope Enrico will manage to get 0.30.213 in before the EOL, and that should be fine for a while at least. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] yum update screwed centos guest
Chuck wrote: we run some centos4 x86_64 guests. just did a yum update today on my template and it screwed up the guest. i do not know all of the damage yet, it appears to run and the services appear to run but vserver enter no longer works. thankfully i always use the template for update testing first ... whew.. i get this when i try: vlogin: openpty(): No such file or directory any clues where to look? or should i just restore from a backup and never use yum update again? it appears it changes what it will with no regard for existing configuration files. It has nothing to do with configuration files. You just lost a (few?) device nodes. Recreate or restore /dev from a backup, or another guest. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Acceptable characters in a vserver name?
Guillaume Pratte wrote: Hello, A quick question. What are the acceptable characters in a vserver name? I would suppose [a-z][A-Z] + '_' and '-' are ok, but are accents, spaces and other characters acceptable? I'd like to say yes, but I haven't tried it. It's a bug if it doesn't work. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian host wants centos guest
[EMAIL PROTECTED] wrote: thanks , i setup the beast and have yum installed but..: bash-3.00# yum update Setting up Update Process Setting up repositories not using ftp, http[s], or file for repos, skipping - Null is not a valid release or hasnt been released yet Cannot find a valid baseurl for repo: update Error: Cannot find a valid baseurl for repo: update i cannot seems to make this works :) using vyum on the host works (this is how i setup yum on the guest. But inside it it fails :( i tried to install whitebox linux but i failed also to find how to build the guest so i stick with centos :) hi, i have some finished centos 5 images for linux vserver: http://www.cryptronic.de/wiki/Vserver_en:images_for_openvcp to get yum working: edit /etc/yum.repos.d/CentOS-Base.repo and replace $releasever and $basearch with hardcoded values eg $relesevar: 5 $basearch: i386 after that yum works quite fine. Why would you do that? Why doesn't it have centos-release installed, and why can't it figure out the architecture on its own? best regards oliver werner htpt://www.cryptronic.de What's HTPT? ;-) -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Semaphores
Cryptronic wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, is there a possibility to see all semaphores vserver's are using? Because it is very difficult to enter each vserver and run ipcs. To see how much semaphores are in use would it do for me. It depends on the kernel. For kernels < 2.6.19, chcontext --xid 1 ipcs should do the trick. For newer kernels, the namespaces in mainline have complicated this particular feature so you'll have to do something like vsomething vserver --all -- exec ipcs -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] mknod error in vserver
Alejandro Cabrera Obed wrote: Dear all, I have a vserver in Debian Etch (kernel 2.6.18-4-vserver-686) and I've tried to install Asterisk 1.2 from apt. After I execute "apt-get install asterisk" I get this error: Setting up zaptel (1.2.11.dfsg-1) ... mknod: `/dev/zap/ctl': Operation not permitted dpkg: error processing zaptel (--configure): subprocess post-installation script returned error exit statu If I install the zaptel package alone I have the same errormaybe I cannot create such devices in the vserver technology. Why can't I make this device ??? Because you're in a guest. If a guest was allowed to create device nodes as it saw fit, it would be no problem at all to escape from the guest, overwrite files, etc. Another question: do you recommnend to install Asterisk without vserver instead ??? Simply pre-creating the device from the host should do the trick, IMHO. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10
Thorsten Büker wrote: And it's me, again, After noticing that binutils >= 2.17 are necessary to build a 2.6.19.7 kernel [1] and after getting the message "chbind: vc_set_ipv4root(): Invalid argument" out of my way [2], I finally built a new kernel, which seems to work fine. Fine, beside one minor problem ;-) Entering the Vserver's context via "vserver name enter" and executing a command (e.g. "tail -f something"), it's not possible to stop the process using strg+c, like I used to do up to some hours ago (vs2.0.2.1-grsec2.1.9 / 2.6.17.14). Unfortunately I've got no idea, where to start troubleshooting -- do you have any hint on the relevant kernel option? Please find some sections of the kernel's config below. Until changing towards Etch in a couple of weeks, Sarge's standard util-vserver is version 0.30.204-5. I tried util-vserver's backport 0.30.210-8 and obviously it works now. And that's the only thing you changed? It's the exact same kernel, with the same configuration? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Martin wrote: On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote: Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that "privacy" thing. That's why it's configurable ;-) Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. At the risk of sounding ungreatful for all of the hard work done on vserver - what is the 'use case' for this feature? As I understand it there is nothing to keep the host from playing with /dev/kmem or otherwise tampering with the kernel, so I can't see how a feature like this will provide any strong guarentees; unless heirarchies of contexts (which would be extreemly cool) are planned. Or is it just intended as a 'speed bump' / politeness feature? Of course the host admin can still do whatever she wants, but if you're in the business of selling truly private guests, i.e. guests without VXF_STATE_ADMIN (meaning they cannot be administered from the host), a kernel with privacy enabled, each guest living on an encrypted device only the guest has access to etc., doing so would probably not be appreciated by the clientele. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote:
Daniel Hokka Zakrisson a écrit :
Guillaume Pratte wrote:
Maybe it's an irrational fear, but it seems to me like an invitation
to root kits... With this privacy option, how will we be able to
precisely account the memory usage of each vserver?
vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if
you have a recent enough kernel that has the accounting APIs).
Can you tell me in which version of the patch the accounting APIs where
introduced? (Is it in the just-released 2.2.0?)
I wrote:
The major changes are:
...
- accounting APIs, making it easier to write monitoring programs
Can you point me toward the documentation of these APIs?
include/linux/vserver/{limit,sched}_cmd.h is probably the best.
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Thanks for the change log Daniel. Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that "privacy" thing. That's why it's configurable ;-) Isn't xid 1 the monitoring context? Yes. Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. For instance, if I remember correctly, vserver-stat uses xid 1 to mesure the memory usage of each vserver... In older versions/kernels, yeah. But that's already rather broken by design. Maybe it's an irrational fear, but it seems to me like an invitation to root kits... With this privacy option, how will we be able to precisely account the memory usage of each vserver? vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if you have a recent enough kernel that has the accounting APIs). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CIFS-mounts in vserver guests: solved
Wilhelm Meier wrote: Am Dienstag, 3. April 2007 schrieb Roderick A. Anderson: Wilhelm Meier wrote: Am Montag, 2. April 2007 schrieb Wilhelm Meier: after our conversion I got the quick cifs hack running (using a special CLONE-flag for the cifs-thread). The I got this patch, which changes the api to kthread_run. But, the problem remains. I still got this error in dmesg: I've to correct myself! I had a configuration flaw ... if the patch is in place, it works as expected. CIFS-shares can be mounted inside the guests. Wilhelm, Would you be willing to put some instructions together on what it takes to do this? Ok., get the patch from the list and apply it to /usr/src/linux-vserver/fs/cifs/connect.c (or whatever you kernel source path is). Has the patch been submitted to (and reviewed by) linux-kernel@vger.kernel.org, [EMAIL PROTECTED] and [EMAIL PROTECTED] Note that it already doesn't follow the typical coding style used in the kernel (regarding the if/while( x ) thing). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver and VRF support
Albert Mak (almak) wrote: Is there any work done to make Vserver work with VRF? -Albert Meaning multiple routing tables? That's already the recommended way to set different default routes for the guests. Works the same way they do in Linux. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Hello, Where can I find the change log from version 2.02? I don't see it linked from http://www.13thfloor.at/vserver/s_rel26/v2.2.0/ Thanks! Guillaume AFAIK there is none. In theory, a combination of http://linux-vserver.org/ChangeLog-2.1 and http://linux-vserver.org/ChangeLog-2.2 should get you there, but the first is horribly out of date, so here's a little ChangeLog-according-to-Daniel. The major changes are: - COW link breaking - 2.6.19+ support (i.e. using the mainline namespaces) - capability masking, allowing things like bind9 to run unmodified in guests - artificially advancing idle time, allowing fair sharing of CPU resources among guests - accounting APIs, making it easier to write monitoring programs And a few of the rather minor/less useful changes: - allows raising the bcapabilities of a guest while it's running - virtualized time - the ability to create private guests, that cannot be easily administered from the host - warnings without CONFIG_VSERVER_DEBUG (so Debian users will see them too...) - legacy disabled by default (so util-vserver 0.30.213+ recommended) - privacy for guests, which will hide things from xid 1 - a scheduling monitor -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS RPM's
Matt Paine wrote: > Hi Guys > > I've been a while (again) since I've mucked around with linux-vserver, > but the time is here again. This time with CentOS. > > My ideal setup, as i've come to realise, is a CentOS installation as the > host OS, with a linux vserver kernel. > > Now, my problem lies with an RPM that would suite my purposes. I am > unable to find an out of the box kernel RPM, so I thought i'de give it a > crack. I've started building RPM's for other software recently,so I > thought it would be within my power to try a kernel build. I was wrong. > I cant even build the CentOS4.4 kernel on a basic machine with the build > software installed, and the src rpm from the CentOS site, let alone a > patched version of the CentOS kernel, or a vanilla kernel. (yes, i've > tried the vanilla kernel, with a make rpm-pkg and that has the same > problems). By the way, trying to make a vanilla kernel, no patches, with > standard make commands (no make rpm) fails with the same reasons > (invalid string offset errors from the linker). Sounds somewhat odd, but I've had problems trying to build 2.6.20 on it too. Haven't really investigated it yet though. > Has anyone got kernel RPM's with the linux vserver patches installed > (vanilla or otherwise) that are build for CentOS4.4? I know Daniel has > the fedora kernels, and I've been scouring his rpm repository to find > the centos ones with no luck (plenty of util-vserver rpms, but no > kernels). I had the thought that the vserver stuff might already be in > the kernel (long shot i know, but anythings possible) so I downloaded > the util-vserver rpms and tried them, to no avail of course :) The problem with the CentOS kernel is that it's really old and it would require major surgery in order to get any sort of recent Linux-VServer version on there. I've been playing with the idea of providing more recent, vanilla kernel RPMs too, but nothing has come out of that yet, mostly because the userspace matches the old kernel. So in order to get a recent kernel working nicely, you'd probably need to update at least udev and mkinitrd. > I would love to be able to compile a kernel and package it as an RPM, > however at the moment my efforts are not being rewarded with anything > remotely usable. If someone could help me with compiling the kernel that > would be appreciated (I have the logs showing what errors I'm getting). Posting the errors is always a good idea... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Guest fedora under Gentoo Host
Stéphane GAUTIER wrote: > Hi, > > I try to create a Fedora vserver and I have this error message : > > # vserver test build -m yum -- -d fc5 > rpm-fake.so: vc_create_context(): Invalid argument > rpm-fake.so: failed to initialize communication with resolver You didn't specify a context id. Add --context 42 and it should work fine. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] "vserver enter" eating cpu and vkill problem
Jarek Dylag wrote:
> Hey
>
> [...]
>> Yeah, I know where it happens, but why it happens and how to fix it is
>> still a mystery. Thus far, every solution I've tried has failed.
>> http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-vlogin-efds.diff
>> has two of the things I've tried to fix it.
>
> I added additional check in termina_copy() functon:
Could you try
http://svn.linux-vserver.org/projects/util-vserver/changeset/2514?format=diff&new=2514
instead? Essentially the same thing, just in the (IMHO) correct function.
> --- vlogin.c.old2006-12-09 17:15:22.0 +0100
> +++ vlogin.c2007-03-14 13:47:13.0 +0100
> @@ -139,6 +139,11 @@
>} else if (len == -1)
> return;
>
> + if (len == 0) {
> +terminal_kill(SIGTERM);
> +exit(1);
> + }
> +
>/* write activity to user */
>EwriteAll(dst, buf, len);
> }
>
> It fixes the problem, but i don't know if i haven't broken something else.
>
> Jarek Dylag
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problems with Knoppix 5.2 (which should be Vserver-enabled...)
Gerhard Hofmann wrote: > Because these are quite a lot of steps I always thought it would be nice > to have a Debian distro that is Vserver-enabled out-of-the-box. Like, say, Debian Etch? > Now, in the recenct release of German magazine c't, there was a Knoppix > 5.2 CD which claims to be Vserver-ready. Obviously not... > Has anybody here already tried Knoppix 5.2 and can share his or her > experiences? > > I booted Knoppix, tried to setup a Vserver like this: > vserver vserver1 build \ > -n vserver1 \ > --hostname vserver1 \ > --interface eth0:192.168.1.133/24 \ > -m debootstrap -- -d sarge > > I get this error message: > /etc/vservers/.defaults/vdirbase/vserver1: Function not implemented Which means the kernel isn't patched with Linux-VServer. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
Daniel W. Crompton wrote: > On 3/16/07, Daniel Hokka Zakrisson <[EMAIL PROTECTED]> wrote: >> Daniel W. Crompton wrote: >>> After reading Jean-Marc's answer I thought it could also be the fact >>> that you might just need to create /dev/mem. >> >> You absolutely never ever want to do that, if you care the least about >> the >> guest being secure... /dev/mem would give it complete access to the >> contents of your RAM. > > Seriously if you care about your guest being secure you make sure that > the host doesn't have physical network access. If you want to be able > to run certain programs in a guest you sometimes need rights which are > available to only the host. That's the whole point of caps. Which should not be taken as lightly as "you just need to create XYZ". It's something that essentially voids the entire virtualization/isolation that Linux-VServer provides... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
Daniel W. Crompton wrote: > After reading Jean-Marc's answer I thought it could also be the fact > that you might just need to create /dev/mem. You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo update breaks shutdowns?
Chuck wrote: > ... > my util-vserver version is 0.30.212-r2 > > kernel version > > 2.6.19-vs2.2.0-rc2 You sure you were running that kernel before? IIRC that one has a broken vc_ctx_kill, so you might want to upgrade... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] "vserver enter" eating cpu and vkill problem
Jarek Dylag wrote:
> Hey,
>
> [...]
>> >> Apparently it happens when the session is not ended properly
>> >> (disconnections, etc)
>> >> I could reproduce the problem as follow:
>> >> * ssh to the server as normal user
>> >> * sudo su -
>> >> * vserver XX enter
>> >> * now from another term, kill -9 on either of the two su processes
>> ("su
>> >> -"
>> >> or "-su")
>> >> At that point the session in the vserver ends but vcontext is still
>> >> hooked
>> >> to the
>> >> current terminal so cpu is fine.
>> >> * now quit the current terminal
>> >> At that point vcontext is not hooked to any terminal (vps ax => "?"
>> on
>> >> the
>> >> tty column)
>> >> and using top you see it's running 100% cpu, ~ 80% system and 20%
>> user.
>> >
>> > I'll look in to it.
>>
>> I am unable to reproduce that here. The vlogin process does stick
>> around,
>> which it probably shouldn't, but its resource usage is the same as it's
>> always been.
>
> I can reproduce it on debian sid with 2.6.20.1-vs2.3.0.11 kernel.
>
> ps auxf
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 2716 82.5 0.0 116 40 ?R15:17 7:04 login
> root 2774 0.0 0.3 5072 1660 pts/6Ss+ 15:17 0:00 \_
> /bin/bash -login
>
> I straced login process, strace shows:
>
> Process 2716 attached - interrupt to quit
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "\r", 64) = 1
> write(3, "\r", 1) = 1
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [3])
> read(3, "\r\n", 64) = 2
> write(1, "\r\n", 2) = 2
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [3])
> read(3, "\33[1m/ \33[37;0m(\33[32;1m1525\33[37;0m"..., 64) = 47
> write(1, "\33[1m/ \33[37;0m(\33[32;1m1525\33[37;0m"..., 47) = 47
>
> Here session ended:
>
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "", 64) = 0
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "", 64) = 0
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "", 64) = 0
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "", 64) = 0
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "", 64) = 0
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
> read(0, "", 64) = 0
> select(4, [0 3], NULL, NULL, NULL) = 1 (in [0])
Yeah, I know where it happens, but why it happens and how to fix it is
still a mystery. Thus far, every solution I've tried has failed.
http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-vlogin-efds.diff
has two of the things I've tried to fix it.
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian vserver and AMD x2 AM2 CPUs
Konstantinos Pachopoulos wrote: > Hi, > has anybody had any experience with with VServer > (Debian) and Dual Core AM2 CPUs? Does it work OK? In general, if a vanilla kernel works on it, so will Linux-VServer. And if for some reason it doesn't, that's a bug that should get fixed rather quickly. > Is it posssible -would it be possible in the future > maybe- for VServer to take advantage of the AMD CPUs > built-in virtualization technology? Not really, Linux-VServer is more about isolation than virtualizing hardware. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver 0.30.210-10(edgy) var-run dir missing
Forwarding Address wrote: > Ubuntu is strange in that it uses a tmpfs mount for /var/run, which means that the directories will be gone as soon as you reboot. In Debian (and thus Ubuntu) this was fixed in 0.30.211-6, and for vanilla, util-vserver 0.30.213-rc4 with http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-ubuntu-init.diff on top is supposed to do the right thing. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chroot barrier problem when consolidating var and etc
Martin Fick wrote:
> I have run into a chroot barrier problem when
> consolidating a vserver's etc and var files under the
> same parent directory. When the
> /etc/init.d/util-vserver script runs it sets a chroot
> barrier on the parent of the vserver's var directory.
That's a Debian-thing, although it is a good idea.
> If the etc and var directories share this parent the
> barrier somehow prevents the vserver from accessing
> its etc files. Specifically, when starting the
> verserver, I get this error:
>
> vlimit: fstat("/etc/vservers//rlimits"):
> Permission denied
>
>
> My layout is the following:
>
> /etc/vservers/ ->
> /vservers//etc
> /var/lib/vservers/ ->
> /vservers//var
>
> /vservers//etc
> /vservers//var
>
> I have seen this error reported by others who have
> also symlinked their etc directory, but I have not
> seen any good solution given to this problem. My
> workaround has been to simply put the vserver's var
> directory in a subdirectory like this instead.
The simpler version is to use something like:
/vservers/etc/
/vservers/var/
where only the var directory needs to have the barrier set.
> Is this normal behavior, should I just not be doing
> this? Is my workaround a security problem? Is there
> potentially a simple fix that should be implemented in
> the way that the standard vserver directories are
> layed out to allow a setup like this to function
> without my workaround?
You want to have the barrier set, otherwise the guest will be able to
break out of the chroot and into other guests (and with your setup, change
the configuration to give the guest more privileges).
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [PATCH] vserver, quota and vroot fix
Jan Rekorajski wrote: > Hi, > The following hunk got lost sometime between 2.6.16 and 2.6.18, > as Network Failure System hit me again, I just _had_ to find out why quota > did not work with latest vserver patches ;) > The patch is so long because quotactl_block() has to be after > vroot_get_real_bdev declaration, the real meat is between > #if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE) > #endif IMHO it got lost after 2.6.18, i.e. it's not present in 2.6.19 nor 2.6.20. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vcontext: vc_create_context(): Out of memory
Herbert Poetzl wrote: > On Fri, Feb 23, 2007 at 07:05:24PM +0900, Taisuke Yamada wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Hi. >> >> Yesterday, I tried to find out absolute maximum number of >> virtualhosts I can host on my server, and got this message after >> 40-50VMs: > > yes, known issue with the debian kernel, if you > switch to mainline kernels, you will get to > roughly 5000-8000 contexts ... That is, before you run out of pids. On my x86 test system with 384 MiB of RAM, I was able to get 6073 contexts running each with a sleep 3600 process running before fork started failing with EAGAIN. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Installing Vserver on RedHat ES4
Kolly Christian, Bedag wrote: > Hello, > > I'll have to try to install Linux-Vserver on an RedHat ES4 server. > > The Kernel version included in this distribution is 2.6.9. Is it > possible to patch this Kernel, wich is allready patched by RedHad, with > the Vserver Patch or do I have to patch an official Kernel? You'll have to get a vanilla kernel. Patching 2.6.9 with a recent patch would be a _lot_ of work... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] raising individual interface devices
Herbert Poetzl wrote: > On Sat, Feb 17, 2007 at 05:53:58PM +0100, Baltasar Cevc wrote: >> >> >Hi Chuck >> > >> >Quoting Chuck <[EMAIL PROTECTED]>: >>>> is there a way to raise an individual interface device in a vserver >>>> without restarting the entire server? >>>> >>>> i am installing several vservers that will require various ip >>>> addresses for specific SSL certs added one at a time but should not >>>> down the entire service >>>> just to do so.. eg: >>>> >>>> eg: >>>> >>>> /etc/vservers/guestname/interfaces/0 >>>> /etc/vservers/guestname/interfaces/1 >>>> >>>> then i want to add >>>> >>>> /etc/vservers/guestname/interfaces/2 >>>> >>>> and bring it alive without disturbing 0 or 1 or the operation of any >>>> services under them. > >>> Add the interface configuration, add the IP to the interface on the >>> host (ip addr add dev yyy, as far as and enter the vserver >>> (using vserver enter); the newly opened "session" in the context >>> knows the new IP, too. So you may restart your Webserver then and use >>> the new IP. >> >> Sorry, I've accidently hit send - here's the complete text I wanted >> to write ;-) >> >> Add the interface configuration, add the IP to the interface on the >> host (ip addr add dev yyy) - so the host knows the IP (which is >> normally done by vserver start). Then enter the vserver (using vserver >> enter); the newly opened "session" (your bash process or similar) in >> the context knows the new IP, too. So you may add it to your Webserver >> config and restart it (now having the newly assigned IP, too). > > well, while this may work with some configurations > (especially older tools :) this works by chance and > not by design, and it will for sure stop working with > non legacy enabled kenels, which make proper use of > network contexts ... Some configurations meaning util-vserver 0.30.209 and older, or using dynamic contexts. > the proper procedure is quite similar though: > > - add the ip to the host (ip addr add ...) > - add the ip to the guest's network context ># naddress --add --nid --ip / > - enter the guest (best via ssh) > - restart the services if required >(most services will automatically start using >the new addresses) Just to clarify: if your guest had just one IP address before, and you're not using 2.3, you'll have to restart all of your services for them to get the new IP. > - update the config to reflect the changes for >the next guest restart (if desired) > > HTC, > Herbert > >> Hope that helps, >> Baltasar -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Moving guest and can not enter again.
sys-admin_at_emaxx.nl wrote: > ... > But I couldn't enter the guest: > > ~ # vserver shadow-vs01 enter > vlogin: openpty(): No such file or directory > Which means your guest is either lacking /dev/ptmx or the /dev/pts mount, rendering it incapable of creating psuedo ttys. If you don't want those for some reason, you'll need 0.30.212 and touch /etc/vservers/.defaults/apps/vlogin/disable. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian host wants centos guest
ADNET Ghislain wrote: > is it possible to build a centos guest on a debian host ? Yes. > i cannot made it . i have setup a server using vyum and -d centos4 but i > got a system so tiny that i havent any "yum" > or "rpm" or any package (not even vi) and anything i want to install > fails. Fails how? How are you trying to install it? If you want the guest to manage its own packages, you should run: vyum -- install yum vserver pkgmgmt internalize -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network - How is it implemented?
John Alberts wrote: > the host. The main problem is that opening a port because 1 guest > needs it, opens that port for all guests and the host. So why don't you specify the guest's IP address in the rule? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network - How is it implemented?
Philippe Teuwen wrote: >> iptables and routing remains on the host, but >> can be proxied (i.e. done via policy daemon) > > Hi Herbert, > > Does such daemon exist already? Yes: http://www.virtuaserver.com.br/forum/viewtopic.php?t=130 -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ultra frustration
Chuck wrote: > why did you ever remove vserver-new? it was so SIMPLE to clone a template > that > way. i cannot get this to work. i am sure it is just frustration on my > part. > i go by the vserver help built in and send it this cmdline: > > vserver tbfweb build --context 3911 --hostname tbfweb --interface > eth3:64.113.39.11/24 --initstyle plain -m > rsync --source /vservers/c64webmintmpl > > and immediately it says unrecognized --source ... since you're missing the -- before it. Add that and it should be fine. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC6 hangs while creating a vserver
Matt Paine wrote: > This should be fixed in 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.2 which I pushed to the repository a while ago. Please let us know if you still experience any problems with that version. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Another bug?
Lyn St George wrote:
> I have scripts that run from the host and restart daemons
> inside vservers, using suexec. Eg:
> /usr/sbin/vserver {name} suexec {user} {cmd}
Is user a username or a uid?
> These worked fine with 30.309 tools and 2.6.14 kernel.
> Now, with 2.6.19.2 kernel, 2.2.0-rc10 patch and
> 30.212 tools, the suexec no longer works and stays as root
> resulting in failed commands.
I think it's the other way around. If you answered username above, your
old utils would've run the command as root, while 0.30.211 fixes this to
understand usernames and bail out if it's not a number nor a valid
username.
> I see nothing in the changelog or docs about a change.
>
> Is this another bug?
Seems to work fine here, and this hasn't changed since 0.30.211:
[EMAIL PROTECTED] ~]# vserver --version
vserver 0.30.213-rc1 -- manages the state of vservers
This program is part of util-vserver 0.30.213-rc1
Copyright (C) 2003,2004,2005 Enrico Scholz
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
[EMAIL PROTECTED] ~]# vserver fc6 suexec apache id
uid=48(apache) gid=48(apache) groups=48(apache)
[EMAIL PROTECTED] ~]# vserver fc6 suexec pdns id
uid=100(pdns) gid=101(pdns) groups=101(pdns)
[EMAIL PROTECTED] ~]# grep pdns /etc/passwd
[EMAIL PROTECTED] ~]# grep pdns /vservers/fc6/etc/passwd
pdns:!!:100:101:PowerDNS user:/:/sbin/nologin
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC6 hangs while creating a vserver
Matt Paine wrote:
> ...
I've just pushed 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.1 which (as the name
suggests) contains an update to 2.2.0-rc12 which fixes numerous bugs. If
it still happens with that kernel, the trace removed below would be needed
to track down the bug.
> Below that I have typed out what I see on the screen after it dies. I
> needed to type this out so please excuse any typo's (i'll be as accurate
> as I can).
> ...
> ---8<--- contents of /var/log/messages
> Feb 8 23:34:55 clustman Updated: yum.noarch 3.0.3-1.fc6.chroot
> Feb 8 23:34:58 clustman Updated: yum-updatesd.noarch 3.0.3-1.fc6.chroot
> Feb 8 23:35:37 clustman kernel: vxD: assertion [xid(0) == current(41)]
> failed. @fs/locks.c:835
> Feb 8 23:36:06 clustman last message repeated 16 times
> Feb 8 23:36:06 clustman kernel: ··· mapping device: 0050 target:
> 0050 flags: 0002 mode: 2000 mapped=0
> Feb 8 23:36:08 clustman kernel: vxD: assertion [xid(0) == current(41)]
> failed. @fs/locks.c:835
> Feb 8 23:36:18 clustman last message repeated 15 times
> Feb 8 23:36:18 clustman kernel: ··· mapping device: 0013 target:
> 0013 flags: 0002 mode: 2000 mapped=0
> Feb 8 23:36:19 clustman kernel: vxD: assertion [xid(0) == current(41)]
> failed. @fs/locks.c:835
> Feb 8 23:36:29 clustman last message repeated 8 times
> Feb 8 23:36:29 clustman kernel: ··· mapping device: 0019 target:
> 0019 flags: 0002 mode: 2000 mapped=0
> Feb 8 23:36:29 clustman kernel: vxD: assertion [xid(0) == current(41)]
> failed. @fs/locks.c:835
> Feb 8 23:36:32 clustman last message repeated 7 times
> Feb 8 23:36:35 clustman avahi-daemon[2369]: Registering new address
> record for 192.168.0.101 on eth0.
> Feb 8 23:36:36 clustman kernel: BUGging on (p == reaper ||
> reaper->exit_state)
> Feb 8 23:36:36 clustman kernel: [ cut here ]
> Feb 8 23:43:04 clustman syslogd 1.4.1: restart.
> Feb 8 23:43:05 clustman kernel: klogd 1.4.1, log source = /proc/kmsg
> started.
> Feb 8 23:43:05 clustman kernel: Linux version
> 2.6.19-1.2901.fc6.vs2.2.0.0.rc9.1 ([EMAIL PROTECTED])
> (gcc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 SMP Thu Feb 1
> 01:06:08 EST 2007
> >8
>
>
>
> ---8<- appears on console before power cycle is needed -
> <3>BUG: sleeping function called from invalid context at
> kernel/rwsem.c:20 in atomic():0, irqs_disabled():1
>
> {... dump trace/show_trace/etc, i can type this in if its relevent...}
>
>
> Fixing recursive fault but reboot is needed!
>
>
> ->8-
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext not permitted
Lyn St George wrote: > In the end, it seems that it was LVM. I eventually found this No, this was an actual bug. It should be fixed in 2.2.0-rc12. > page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 > which specifically mentions that LVM needs a different > configuration. So I did that - and with the new-style config > so the LVM fix would work - and now the vservers start and > can be entered properly. They still don't stop properly, and > 'ps -ax' does not show all processes, so I guess things need > to be tweaked. But at least they run. What? ps ax is not supposed to show _all_ processes, just the ones belonging to the current context. If you want to show all of them, use vps on the host. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kernel panic on vs2.2.0-rc11
Jarek Dylag wrote: > ... I finally managed to reproduce this, and it should be fixed 2.2.0-rc12. Please let us know how it goes. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kernel panic on vs2.2.0-rc11
Jarek Dylag wrote: > Hi, > >> could you do a 'cat /proc/virtual/status' >> just before and right after the 'evil' exec >> and also provide the guest config you are >> using? > > After exec system crashes, so i can provide only status before exec: > > UseCnt: 33 > Tasks: 14 > Flags: 0006020f0310 > BCaps: 3fff > CCaps: 00100101 > Spaces: 0c020200 That's /proc/virtual//status. /proc/virtual/status will contain use counts for fs_structs, which is most likely what's causing your oops... But without the after shot, it'll be impossible to say if that's what's causing it. > Thera are all bcapabilities enabled for guests on this system Why on earth would you do that? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] apache2 prefork and kernel oops
Randall Smith wrote: > ... > Pid: 4438, comm: rc Not tainted 2.6.18-3-vserver-amd64 #1 This kernel is known to be broken. You need to get 2.6.18-4 from sid. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver patch for recent 2.6.16
Markus Schuster wrote: > 2.) compile time > I had some problems with JFS, there are some constants used that aren't > defined elsewhere. The patch adds the two functions jfs_set_inode_flags > and > jfs_sync_flags to fs/jfs/jfs_inode.c and most/all? of the constants used > in > this two functions are undefined. But no problem for me as I don't need > JFS. I've just disabled it. No further compile time problems with > my .config. Sorry for the long response time, I forgot to upload the new patch. JFS should work fine (but not support barrier/immutable/iunlink/etc.) in http://people.linux-vserver.org/~dhozac/p/k/patch-2.6.16.38-vs2.0.3-rc1.1.diff -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Disconnect on vserver build
Marc Guyard wrote: > Hi, > > I've a problem to install vserver on a dedicated server. > In fact, i only access to him with ssh. > My problem is'nt really the installation but the build. > > When i launch a verserver build image ( i follow this tutorial ), after > the > second yum, i'm disconnect from my ssh and i cannot reconnect without > restart the server. > Do you know why ? Most likely you told the utils that your host's IP address belonged to the guest and that it should be brought up and down along with it, so when the initpost script runs to clean up the guest after installing it, the IP address is removed as the guest is stopped, leading to a host without IP addresses. You really should give the guest a separate IP address, perhaps a private one if you don't have any spare public ones, to avoid this problem and many others (like the guests ability to interfere with the host's daemons). If you really don't want to use another IP address, you could simply leave out the network interface on your vserver ... build command line. I think that will only do the Right Thing(tm) with util-vserver 0.30.213-pre5+ though (i.e., set nodev). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vrsetup : No such device or address
Joerg Maier wrote: > Hi, > >> Why such an old kernel? 2.1.1.7.1 is the latest release of the 2.1 >> branch, >> but you're really suggested to use 2.2.0-rc8.7... > > I found the 2.1 version is almost stable and thats what i wanted as > the machine will go productive soon. Do you think the 2.2 version is > stable in the same amount as 2.1 is? Given that 2.2 is the next stable series, and it's mostly the same code as 2.1, I'd say so. 2.1.1-rc48 has a few rather serious bugs too, IIRC. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vrsetup : No such device or address
Joerg Maier wrote:
> Hi,
>
> i got an issuem with vrsetup to configure a block device to quota_ctl
> inside a vserver. I am using vs2.1.1-rc48 from linux-vserver.org on a
> vanilla kernel.
Why such an old kernel? 2.1.1.7.1 is the latest release of the 2.1 branch,
but you're really suggested to use 2.2.0-rc8.7...
> [EMAIL PROTECTED]:/etc/vservers# vrsetup /dev/vroot/mail /dev/vgsystem/lvmail
> open("/dev/vroot/mail"): No such device or address
You _did_ enable vroot support in your kernel, and if you compiled it as a
module, it _is_ loaded, right?
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VSZ gets smaller than RSS
[EMAIL PROTECTED] wrote: > i! > > Is it possible that VSZ becomes smaller/lower than RSS in 'vserver-stat' > after starting some applications (JBoss and Tomcat with Active-BPEL > engine, see #1)? In order for a page to be in RAM, it would have to mapped, I'm quite sure... > > ~ # vserver-stat > CTX PROCVSZRSS userTIME sysTIMEUPTIME NAME > 0 58 296.4M 22.3M 0m02s42 0m04s55 6m33s88 root server > 1151 5 1.3G 283.4M 0m38s45 0m00s82 4m41s19 lvg-1-151 > 115216 393.6M 793.8M 1m14s76 0m01s93 4m36s71 lvg-1-152 <-- #2 > 1153 7 1.3G 195.7M 0m19s50 0m00s62 4m31s70 lvg-1-153 <-- #1 > 1154 3 42.2M 2.7M 0m00s00 0m00s00 4m21s36 lvg-1-154 You're using a vserver-stat which just sums up the values in /proc. This can break in any number of ways, like e.g. overflowing. You could try using a 2.2.0-rc7+ kernel with util-vserver-0.30.213-pre1+ to get vserver-stat to look at the values in /proc/virtual//limit, which should be correct (although I suppose they can still overflow). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: vserver patch for recent 2.6.16
Okay, the patch at http://people.linux-vserver.org/~dhozac/p/k/patch-2.6.16.37-vs2.0.3-rc1.diff seems to work in my _very_ basic testing, basically a testme+testfs and a vserver guest start/stop. It should have almost all of the deltas leading up to 2.0.3-rc1 from 2.0.2-rc22, which weren't specific to another kernel version. Please let us know how it works. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Loopback interface
Marc Guyard wrote: > Hi everybody, > > I want to know if it's possible to have a loopback interface on each > virtual > server with vserver? > I've read this here : > http://linux-vserver.org/Frequently_Asked_Questions_scratch > > *127.0.0.1 issues* I had problems with an application that wanted me to > access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its > configuration. > A simple tweak solved the problem. I renamed the default interface > directory > "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as : > dev > lo ip 127.0.0.1 mask 255.0.0.0 name lo > > now interface "1" is the default created interface by the vserver build > script with a local adress like 192.168.1.2 and interface "0" is the > loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to > 127.0.0.1 from 127.0.0.1 > Compiling nagios-1.4 within a vserver requires this, otherwise it hangs > during the configure with "checking for ICMP ping syntax..." That is certainly a bad idea. Giving all the guests access to the same IP address _will_ create conflicts as soon as two guests want to run the same service. The 2.3.0.x versions support a per-guest loopback by assigning the guest 127.x.y.1 IP addresses, where x.y is replaced with the nid. The idea is that it will be rewritten to 127.0.0.1 whenever userspace asks, but I'm not sure whether that functionality is present yet, nor if the address is usable without assigning it to the guest manually. (Herbert?) -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] sparc vserver issues
Instruction DUMP: 81c3e008 0100 9190200f > 8143e00a 0ac040d0 0100 81c3e008 0100 > [ 1071.770209] Fixing recursive fault but reboot is needed! > > After this point, as it says, a reboot is needed. The vserver fails > to start again. With no nfs shares mounted, the vserver shutdown > cleanly. > > Any help is appreciated.. > > Matt Kulka > Easynews - Usenet Made Easy! > http://www.easynews.com > [EMAIL PROTECTED] -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] "vserver enter" eating cpu and vkill problem
I wrote:
> Philippe Teuwen wrote:
>> Hello,
>>
>> Here are some problems I have with vserver.
>>
>> My environment:
>> Kernel: Debian vserver_pre-patched kernel for AMD64:
>> Linux version 2.6.17-2-vserver-amd64 (Debian 2.6.17-9)
>> ([EMAIL PROTECTED])
>> (gcc version 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)) #1 SMP Wed
>> Sep
>> 13 18:02:36 CEST 2006
>> According to changelog.Debian, this version is using vserver patch
>> v2.0.2
>> util-vserver: 0.30.211-6
>>
>> First problem:
>> In some situations my CPU was burning like hell for days before I
>> noticed
>> it.
>> This was the vcontext/login process, the one running when using the
>> command "vserver XX enter".
>> If it happens that the process is disconnected from its terminal it eats
>> all the CPU :-(
>>
>> Apparently it happens when the session is not ended properly
>> (disconnections, etc)
>> I could reproduce the problem as follow:
>> * ssh to the server as normal user
>> * sudo su -
>> * vserver XX enter
>> * now from another term, kill -9 on either of the two su processes ("su
>> -"
>> or "-su")
>> At that point the session in the vserver ends but vcontext is still
>> hooked
>> to the
>> current terminal so cpu is fine.
>> * now quit the current terminal
>> At that point vcontext is not hooked to any terminal (vps ax => "?" on
>> the
>> tty column)
>> and using top you see it's running 100% cpu, ~ 80% system and 20% user.
>
> I'll look in to it.
I am unable to reproduce that here. The vlogin process does stick around,
which it probably shouldn't, but its resource usage is the same as it's
always been.
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] "vserver enter" eating cpu and vkill problem
Philippe Teuwen wrote:
> Hello,
>
> Here are some problems I have with vserver.
>
> My environment:
> Kernel: Debian vserver_pre-patched kernel for AMD64:
> Linux version 2.6.17-2-vserver-amd64 (Debian 2.6.17-9) ([EMAIL PROTECTED])
> (gcc version 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)) #1 SMP Wed Sep
> 13 18:02:36 CEST 2006
> According to changelog.Debian, this version is using vserver patch v2.0.2
> util-vserver: 0.30.211-6
>
> First problem:
> In some situations my CPU was burning like hell for days before I noticed
> it.
> This was the vcontext/login process, the one running when using the
> command "vserver XX enter".
> If it happens that the process is disconnected from its terminal it eats
> all the CPU :-(
>
> Apparently it happens when the session is not ended properly
> (disconnections, etc)
> I could reproduce the problem as follow:
> * ssh to the server as normal user
> * sudo su -
> * vserver XX enter
> * now from another term, kill -9 on either of the two su processes ("su -"
> or "-su")
> At that point the session in the vserver ends but vcontext is still hooked
> to the
> current terminal so cpu is fine.
> * now quit the current terminal
> At that point vcontext is not hooked to any terminal (vps ax => "?" on the
> tty column)
> and using top you see it's running 100% cpu, ~ 80% system and 20% user.
I'll look in to it.
> Second problem (cosmetic):
> Depending on the tool, the process I was talking about in the previous
> problem appears
> as vcontext (top, pgrep,... cat /proc/NNN/status)
> or as login (ps ax, pgrep -f,... cat /proc/NNN/cmdline) or should I say
> "login\0\0\0\0\0\0\0\0\0\0\0..."
> This is quite disturbing using processes mgmt tools like when I wrote a
> cron
> to detect cpu hangry vcontext processes to be killed :-)
Lots of programs overwrite the process name to get nicer ps/top/etc. output.
> Third problem I discovered when writing that watchdog:
> Processes from guests are not displayed using ps/top/etc in context 0 (ps
> ax from host)
> but well in context 1 (e.g. vps ax).
> Fine.
> But if I want to kill one of them:
>
> host:~# vserver devel enter
> devel:~# top
>
> --- in another host term ---
> host:~# ps -C top
> PID TTY TIME CMD
> host:~# vps -C top
> PID CONTEXT TTY TIME CMD
> 17111 31022 devel pts/13 00:00:00 top
> host:~# vkill 17111
> vkill: vc_ctx_kill(): No such process
vkill needs the context too, i.e. vkill --xid devel 17111.
> host:~# chcontext --ctx 1 ps -C top
> PID TTY TIME CMD
> 17111 pts/13 00:00:00 top
> host:~# chcontext --ctx 1 kill 17111
>
> host:~# vps -C top
> PID CONTEXT TTY TIME CMD
> 17111 31022 devel pts/13 00:00:00 top
> host:~# kill 17111
> host:~# vps -C top
> PID CONTEXT TTY TIME CMD
>
>
>
> This is not the behaviour I expected.
>
> Apart from that I'm happy running vserver for almost a year with now 6
> guests.
>
> Phil
>
> PS: nothing particular here when I ran testme.sh
> Linux-VServer Test [V0.17] Copyright (C) 2003-2006 H.Poetzl
> chcontext is working.
> chbind is working.
> Linux 2.6.17-2-vserver-amd64 #1 SMP Wed Sep 13 18:02:36 CEST 2006 x86_64
> Ea 0.30.211 236/glibc (DSa)
>
> VCI: 0002:0002 236 0316 (TbLgnP)
> ---
> [000]# succeeded.
> [001]# succeeded.
> [011]# succeeded.
> [031]# succeeded.
> [101]# succeeded.
> [102]# succeeded.
> [201]# succeeded.
> [202]# succeeded.
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 Linux-Vserver ( gotcha ).
Roderick A. Anderson wrote: I found another slight gotcha in the install process. I think the following is the fix. After: A. Installing the vserver utilities system from rpm Need to run the command: service vprocunhide start And in the future (util-vserver 0.30.213+), service util-vserver start would be a good idea. The easier, non-version specific way would be to just reboot again after installing the utils, but that's not at all as pretty. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Roderick A. Anderson wrote: I keep loosing track of who does/has done what. Another point to to clarify is if there is still the issue with the pam modules. Section 5, third bullet. On FC6? I haven't verified it there, but (on FC5) the module will log an error every time it's used. I guess removing modules that will not work is a good idea anyway, to keep down the overhead. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Roderick A. Anderson wrote: I'm migrating a FC5 system to a Linux-Vserver and found while following the directions that the latest non-vserver kernel is newer than one in your repository. Yeah. I was hoping FC5 would get a 2.6.19 kernel based RSN, but it seems that's not happening (at least not right now), so I'll probably release a new one soon. FC6 should get a 2.6.19 update within a week or so, so that will not be upgraded just yet. My suggestion is to change the instructions to exclude the kernel(s) and yum and add the dhozac.repo before doing a yum -y update after the initial install. I always thought that seemed like the right thing to do, but I was a bit too lazy to update the howto (and now it's frozen until it's migrated ;-)). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
jean-marc pouchoulon wrote: Oh? /etc/vservers/.defaults/apps/vshelper/sync-timeout works as expected here, how did you set it and what did you set it to? Ok sync-timeout works as expected. ( put it at 120s value and it wait after killall 2 mn - I think that timeout was before killall ) I assume you mean the killall script from the guest? The 2 minutes is from the beginning of the stop process until all left-over processes will be forcibly killed by the stop script. In addition, the killall script in Fedora/RHEL/CentOS doesn't actually kill all processes, it just stops all services that still have their /var/lock/subsys files around. Did you plan to make "a quickstart for vserver fedora core 6 " in the near future ? The formers were great and usefull ... The instructions from FC5 should basically apply, but I suppose migrating the howto to the new wiki and updating it to cover FC6 would be a good idea. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /sbin/vserver: line 686 & 685 Error
[EMAIL PROTECTED] wrote: My host is Sarge-3.1 (updated & upgraded) My guest is same.(10 of them..aka: care, care2, care3.care10) How can I fix this issue ...? Installing findutils should do it. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
jean-marc pouchoulon wrote: Hi I have(It seems ... I am not sure I have understood all) a slow ldap service to stop ( on FC6 ). That service exceed the time limit on "vserver stop" command and killall is launched = desorderely shutdown for the ldap. Where can I increase time out on a vserver stop to wait for normally terminated process ? (sync-timeout seems to be ignored.) Oh? /etc/vservers/.defaults/apps/vshelper/sync-timeout works as expected here, how did you set it and what did you set it to? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting /proc/sys/kernel/shmmax on the guest
Herbert Poetzl wrote:
On Tue, Jan 02, 2007 at 03:47:35AM +0100, Daniel Hokka Zakrisson wrote:
Herbert Poetzl wrote:
On Mon, Jan 01, 2007 at 02:05:30PM +0100, william Famy wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To begin with Happy new year to every vserver guy.
and a happy new year to you too ...
I have to extand the shmmax for my guest but I do not manage to do it.
cat /proc/sys/kernel/shmmax
134217728
I have tried the /etc/vserver/host/rlimits
I have tried to add bcapability
but I do not manage to go ahead with it.
I've run under 2.6.19.1 with the last devel vserver patch under
debian etch as host.
Could somebody tell me how to modify the guest config to execute
"echo 134217728 /proc/sys/kernel/shmmax " for my guest.
as 2.6.19.x incorporates the mainline namespace
stuff, you have to set those values from one of
the early guest startup script (e.g. prepre-start)
while you still have 'enough' capabilities ...
I assume this requires the IPC namespace to be created?
That doesn't happen until the context is created, so none of
the scripts would work for this particular problem.
hmm, isn't the context supposed to exist in
the post-start script? if not, please could
you once and for all clarify which script is
started when and in what context(s)?
The context will exist in the post-start scripts, but they won't be run
inside the context, and the context will already have lost the extra
capabilities.
Having a non-executable one that does something like
VSERVER_EXTRA_CMDS=( $_CHAINECHO /proc/sys/kernel/shmmax 134217728 )
is probably the only way to make it happen (with current tools).
okay, any plans to allow for such support?
also using the sysctl interface instead of the
deprecated procfs one (which might as well be
hidden away :) is advised ...
maybe special tool support will be added soon,
so please double check with the tool maintainers
I guess some nicer way to support it would be required,
especially as more of these settings become available.
what do you have in mind ... please share
your thoughts, as I think those settings _might_
become essential for certain setups ...
I guess something like /etc/vservers//sysctl//{setting,value}
shouldn't be a problem, should it?
TIA,
Herbert
HTH,
Herbert
Thanks for any help.
--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting /proc/sys/kernel/shmmax on the guest
Herbert Poetzl wrote: On Mon, Jan 01, 2007 at 02:05:30PM +0100, william Famy wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To begin with Happy new year to every vserver guy. and a happy new year to you too ... I have to extand the shmmax for my guest but I do not manage to do it. cat /proc/sys/kernel/shmmax 134217728 I have tried the /etc/vserver/host/rlimits I have tried to add bcapability but I do not manage to go ahead with it. I've run under 2.6.19.1 with the last devel vserver patch under debian etch as host. Could somebody tell me how to modify the guest config to execute "echo 134217728 /proc/sys/kernel/shmmax " for my guest. as 2.6.19.x incorporates the mainline namespace stuff, you have to set those values from one of the early guest startup script (e.g. prepre-start) while you still have 'enough' capabilities ... I assume this requires the IPC namespace to be created? That doesn't happen until the context is created, so none of the scripts would work for this particular problem. Having a non-executable one that does something like VSERVER_EXTRA_CMDS=( $_CHAINECHO /proc/sys/kernel/shmmax 134217728 ) is probably the only way to make it happen (with current tools). also using the sysctl interface instead of the deprecated procfs one (which might as well be hidden away :) is advised ... maybe special tool support will be added soon, so please double check with the tool maintainers I guess some nicer way to support it would be required, especially as more of these settings become available. HTH, Herbert Thanks for any help. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver doesn't start automatically
Alejandro Cabrera Obed wrote: Dear all, I have a vserver on a Debian Etch box with the corresponding packages versions to this distribution, which has the /etc/vservers/virtual1/apps/init/mark file with the 'default' value in order to start automatically on booting. In the past it starts automatically OK, but today it doesn't (yesterday there was a power shutdown and the Debian box was down). I get this messages on the boot process: starting vservers of type 'default'/usr/lib/util-vserver/vserver.functions: line 696: popd: /tmp/vserver-init.us3839: no such file or directory Failed to start vserver 'virtual1' make ** [.proxy.stamp] Error 1 make target 'all' not remake because of errors ERROR Can you help me to correct this problem ??? What util-vserver version is that? It's supposed to be fixed in 0.30.211-6+. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] compil error on 2.6.19.1
[EMAIL PROTECTED] wrote: Hi all A compil problem on 2.6.19.1 with patch-2.6.19.1-vs2.1.1.6.diff I got this error : LD .tmp_vmlinux1 fs/built-in.o(.text+0x423f): In function `chrdev_open': : undefined reference to `vs_map_device' fs/built-in.o(.text+0x22446): In function `bd_acquire': : undefined reference to `vs_map_device' make: *** [.tmp_vmlinux1] Erreur 1 I think the device mapping patches were included a bit prematurely (I don't think they're supposed to be there), but to get rid of the errors you could enable CONFIG_VSERVER_DEVICE (though I had problems booting without some further fixes, http://people.linux-vserver.org/~dhozac/p/k/delta-dmap-feat04.4.diff). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] util-vserver 0.30.212
Bert De Vuyst wrote: Thanks! One question: is it possible to change the version number in the next release to 1.0? Util-vserver is now a production release, it's not longer a beta. The version numbering should reflect this. Actually, I think it's labeled alpha :-) There are still certain aspects which are alpha/beta. For instance, I have no intention of supporting the schedule file in 0.30.213+, as 0.30.212+ supports a (IMHO) vastly superior one-file-per-value structure for it. Another aspect is libvserver. I break ABI/API with almost every release, so that would basically require adding yet another backwards compatibility layer, or upping the soname for every release. The latter would be even worse than what we have today, as right now, old apps _might_ still work. One might suggest to use a similar numbering as used by the kernel patches. Util-vserver 2.0 for the linux-vserver 2.0 (and util-vserver 2.2 for linux-vserver 2.2) Except the utils work for all those kernels, and then some. I'd prefer to keep that, rather than having lots and lots of branches. Best regards, Bert. I think we will have to release 1.0 at some point. But then I think it should support the stability requirements that are to be expected, such as stable configuration, ABI and API. While I think it shouldn't be too hard to do that in most cases, there will no doubt be cases where breaking at least one is required in order to move us forward. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [Release] util-vserver 0.30.212
Hello everybody! util-vserver 0.30.212 is an early christmas present to you all, with a couple of new features and a few fixes. Get it now, from http://ftp.linux-vserver.org/pub/utils/util-vserver/ In the new features department, there are things like: - IPv6 support if using Bruno Prémont's IPv6 patch. - IP addresses can be added on the fly (if the context had more than one address before), with naddress --nid --add --ip - namespace cleanup was improved to such a degree that I thought it was safe to enable by default (can be disabled again by touch /etc/vservers/.defaults/nonamespace-cleanup). - wrapper scripts for Gentoo have been added (vemerge, vesync, vupdateworld and vdispatch-conf), thanks to Benedikt Böhm. - the gentoo initstyle has been reimplemented by Benedikt Böhm. - support for the Linux-VServer 2.1+ APIs has been implemented. This means the new scheduler can now be configured using the utils, with a completely new configuration format (see /etc/vservers//sched on the great flower page[1]), among other things. - support for 2.6.19 kernels has also been added. - an rsync build method has been added, which can be used to facilitate simple cloning, both from other hosts and locally. From the fixes department, we got things like: - vserver start --rescue /bin/bash now works as expected - vyum working on FC6. - vlogin can now be disabled, by touch /etc/vservers/.defaults/apps/vlogin/disable - all unconfigured ulimits are reset to the maximum value, so the limits from the host are no longer inherited. - building Fedora guests on non-Fedora system should work again. For the complete list of changes, see the ChangeLog inside the tarball. [1] http://www.nongnu.org/util-vserver/doc/conf/configuration.html -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Bug again on 2.6.19
[EMAIL PROTECTED] wrote: Hello all I try util-vservers-0.30.212-rc5 with patch-vs-2.1.1.4.diff on kernel 2.6.19 : And a few minutes later after starting vservers, i loose their context and got this message in syslog : "Lose their context"? What does that mean exactly? Dec 9 11:15:34 srvweb kernel: BUG: warning at kernel/vserver/proc.c:398/proc_vx_info_read() Dec 9 11:15:34 srvweb kernel: [dump_trace+107/417] dump_trace+0x6b/0x1a1 Dec 9 11:15:34 srvweb kernel: [show_trace_log_lvl+23/43] show_trace_log_lvl+0x17/0x2b Dec 9 11:15:34 srvweb kernel: [__func__.0+3843/287512] 0xc0326c7b Dec 9 11:15:34 srvweb kernel: DWARF2 unwinder stuck at 0xc0326c7b Dec 9 11:15:34 srvweb kernel: Dec 9 11:15:34 srvweb kernel: Leftover inexact backtrace: Dec 9 11:15:34 srvweb kernel: Dec 9 11:15:34 srvweb kernel: [show_trace+15/17] show_trace+0xf/0x11 Dec 9 11:15:34 srvweb kernel: [dump_stack+19/21] dump_stack+0x13/0x15 Dec 9 11:15:34 srvweb kernel: [proc_vx_info_read+90/222] proc_vx_info_read+0x5a/0xde Dec 9 11:15:34 srvweb kernel: [vfs_read+138/308] vfs_read+0x8a/0x134 Dec 9 11:15:34 srvweb kernel: [sys_read+65/103] sys_read+0x41/0x67 Dec 9 11:15:34 srvweb kernel: [sysenter_past_esp+86/121] sysenter_past_esp+0x56/0x79 Dec 9 11:15:34 srvweb kernel: [__xfrm_state_bump_genids+83/339] __xfrm_state_bump_genids+0x53/0x153 Dec 9 11:15:34 srvweb kernel: === This is probably a race in the proc-code that we haven't been able to track down yet, but if you have a sure-fire way to reproduce it, that would help a lot. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kernel bug
Andreas Baetz wrote: On Tuesday 28 November 2006 15:54, Herbert Poetzl wrote: On Tue, Nov 28, 2006 at 08:11:35AM +0100, Andreas Baetz wrote: On Sunday 26 November 2006 23:22, Herbert Poetzl wrote: On Fri, Nov 24, 2006 at 08:11:39AM +0100, Andreas Baetz wrote: On Thursday 23 November 2006 18:49, Herbert Poetzl wrote: On Thu, Nov 23, 2006 at 02:43:13AM +0100, Herbert Poetzl wrote: thanks, should be fixed in the next release vs2.0.2.2-rc8 is out ... I tried vs2.0.2.2-rc8 with 2.6.18.3, the vserver starts ok, no errors, but when I stopped it, the whole system freezed. Right after "Deconfiguring network interfaces...done." okay, maybe you get around, the stack trace of all processes would probably tell us more ... I wrote down some of the trace output by hand: hmm, the numbers of those dumps would be interesting, especially if you have an unstripped kernel (vmlinux) available, so we can figure _where_ this happens so a serial console or some other means of recording them would be very helpful, if not available, try with a photo camera ... I did some more tests: At console 1: host:~# vserver deb4 enter deb4:/# .. Then I stopped all services in deb4 .. deb4:/# ps ax PID TTY STAT TIME COMMAND 1 ?Ss 0:00 init [2] 4999 ?S+ 0:00 login 5023 pts/0Ss 0:00 /bin/bash -login 5043 pts/0R+ 0:00 ps ax At console 2: host:~# vps ax|grep 8004 4999 8004 deb4 tty3 S+ 0:00 login 5023 8004 deb4 pts/0Ss+0:00 /bin/bash -login 5049 0 MAIN tty2 S+ 0:00 grep 8004 At console 1: deb4:/# EIP: [] 0xe2fd8894 SS:ESP 0068:e4711f20 <1>Fixing recursive fault but reboot is needed! host kernel: Oops: 0002 [#1] host kernel: PREEMPT host kernel: CPU:0 host kernel: EIP is at 0xe2fd8894 host kernel: eax: e2fd ebx: e2fd8930 ecx: 0001 edx: 0001 host kernel: esi: edi: e2fd8890 ebp: e4711f48 esp: e4711f20 host kernel: ds: 007b es: 007b ss: 0068 host kernel: Process vcontext (pid: 4638[#8004], ti=e471 task=e4334ab0 task.ti=e471) host kernel: Stack: c01195e3 e2fd 0001 0001 0001 host kernel: 0001 0286 e4711f6c c011b1af 0001 e2fd8890 host kernel: e4711f9c e4334ab0 0010 c17efa90 c01224b9 c011ac30 host kernel: Call Trace: host kernel: Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 88 fd e2 <30> 89 fd e2 02 00 00 00 00 00 00 00 2f 65 74 63 2f 76 73 65 72 host kernel: EIP: [] 0xe2fd8894 SS:ESP 0068:e4711f20 some more info: I copied the / of a working vserver and used it as / of deb4. "vserver deb4 stop" now works. It seems that something inside the / of the old deb4 is causing the system to crash when no more processes are running with that xid. So if a user of a certain vserver manages to create that condition in a vserver, then ending all processes in that vserver, the user could manage to crash the host. And what condition is that, exactly? Without a complete trace or at least a way to reproduce this, it's going to be pretty much impossible to fix it. Would it be possible for you to tar up the whole guest and upload it somewhere? Or setup a serial console so catch the previous Oops (which would hopefully have a usable stack trace)? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] testme.sh chcontext and chbind failed
Sheldon Knight wrote: I have just built and successfully run a Redhat Linux 2.6.18.3 vserver vs2.1.1.2 patched kernel and installed util-vserver-0.30.210 tools. When I ran testme.sh I go the following output. What have I missed? More specifically, how on earth did you manage to get this? I.e. what commands did you use? Also, why did you go with an old version of the tools? Use dietlibc: no (you have been warned) You really should install dietlibc and use that. Available APIs: legacy,compat,v11,fscompat,v13obs,v13,net,oldproc,olduts How did you manage to build the legacy API? I haven't been able to build that for a while. build/host: x86_64-unknown-linux-gnu/x86_64-unknown-linux-gnu ... syscall(2) invocation: traditional vserver(2) syscall#: 273/glibc Well, this is wrong. First of all, you probably should use the alternative or at least fast syscall invocation. Secondly, the syscall number is 236 on x86_64. How you got these values is beyond me, only thing I can think of is something like a mix of x86 and x86_64. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Just for info about 2.6.19
[EMAIL PROTECTED] wrote: Hello I try new release today (patch-2.6.19-vs2.1.x-t1.diff) but it doesn't work properly : boot ok, starting vserver ok but it doesn't switch context i think. I try to explain : my master is : srvweb So i try : srvweb:/#vserver vweb1 start srvweb:/#vserver vweb2 start srvweb:/#vserver vweb3 start All seems to work fine but suddenly the prompt is changing : vweb3:/# whereas i didn't enter into vserver !!! The context-ID are OK in /usr/local/var/run/vservers/vwebX.ctx but i can't never get out from vweb3 !!! i've seen on the tty1 a message : get_ctx_id() and the prompt was changing alone whereas i wasn't loggued on this tty. Then i enter into vserver vweb3 and i try to leave it with CTRL-D : it stays in vweb3 in the home directory of user with which i connect to the master ! I can never come back to the master I think it's a very little bug for you :-) Thanks again for your great job. Patrick You _are_ using at least util-vserver 0.30.212-rc1, right? That's when the initial 2.6.19 support was added, and (from what I hear) it works for most things, but some are broken (e.g. chcontext not creating a new UTS namespace). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network local to vserver host and guests?
Roderick A. Anderson wrote: Christian Affolter wrote: Hi! I build and use vservers where the guests need to cooperate with each other. That is, a system with with guests running Postfix, PostgreSQL, or Apache ( multiple guests as they are mod_perl driven ) and they all need to communicate with each other. So I want to build a Virtual LAN ( different from my take on a VLAN ) with virtual NICs. Basically the traffic never hits the physical LAN/WAN. That make sense? IS it possible? If so what what should I be looking for in my research? Yes it is possible, with the dummy net interface. You'll have to enable the dummy net driver support (CONFIG_DUMMY=y) in your kernel. Thanks Chris. Is there a way test for this? I could ask Daniel if it got set in the Fedora Core 5 RPMs he built but that would be _really_ lazy. :-) ifconfig dummy0 ... But yes, it is enabled in Fedora's kernels. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] kernel-2.6.17.13
Roman Pretory wrote: RP> ist a horror RP> .)modules for iptables have canged RP> have to search after use oldconfig What is the old version you compared it against? old Kernel = 2.6.12.3 = old .config Of course, things change, that is to be expected. Netfilter got a rewrite a couple of versions ago (2.6.16, I think). RP> .)Nic's are turned very funny for remote work What do you mean by that, what was expected and what did you get? 2 nic's in each server Production1: 2x 3 Com90xx == not testet Production2: Intel / Realtech == error Testsystem: 2x 3 Com90xx == error after reboot with the new kernel eth0 = eth1 eth1 = eth0 You shouldn't rely on the kernel's naming. If you need eth0 to refer to a specific interface, you'll have to tell your distribution's network scripts to rename the interface with that hardware address. RP> .)Mailserver can't send mails with the new kernel Again - what do you mean by that, what was expected and what did you get? A bit on information is necessary - a bit more always welcom. You should know that from your first "request session" mailserver fc3 trys to send mails and can't take wron ip ,can't find host... in bash all ok dns give correct answers =>look for log =>reboot sendmail =>reboot guest =>reboot node =>reboot node with 2.6.12.3 == mail are send! =>reboot node with 2.6.17 == error again =>reboot node with 2.6.12.3 == mail are send! And why can't you send mail with 2.6.17? What does "take wrong IP" mean? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver bug on kernel 2.6.18.3
[EMAIL PROTECTED] wrote: Hello, I compiled kernel 2.6.18.3 with patch-2.6.18.3-vs2.1.1.1.diff on debian-3.1-sarge-backports Compil ok, starting ok but when i launch vserver vweb1 start, i got the following errors which seems to be the same as Andreas Baetz. I've read Herbert should fix it in the next release . It was just to show the bug is probably in the patch-2.6.18.3-vs2.1.1.1.diff , too. It's fixed in 2.1.1.2. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC: cru again "access denied", FC6 progress?
Guenther Fuchs wrote:
Hi there,
cru's FC repositories again show "access denied" (we had that before
unfortunately) - isn't there a possibility, either Daniel or me could
arrang a irror?
While a mirror would be a good idea, it seems to work fine now.
Relating FC6: Daniel, I've seen you've started working on this, any
schedule available on the progess / any estimated release for the
community to expect soon or later?
Well, the kernel should be working already, and util-vserver is
available from Extras (although a few things are broken in 0.30.211, but
that should be fixed with 0.30.212). Or do you mean the
vps-{dev,fakekernel,fakepackages} packages? Last I tried, the ones from
FC5 actually worked fine for FC6 as well, and they seem to work fine still.
--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Some questions about various utilities
Jaroslav Tomecek wrote: Hi, can you answer my questions please? 1) Why is there the "dummy line" on the bottom of '/etc/vservers//schedule' file That should be the priority bias, but due to a bug (IMHO) in vsched, it doesn't fail if it's not a number and dummy translates to 0. (This is fixed in trunk by the way, so everyone with dummy on the sixth line will have to fix it or upgrade to the new configuration format for the scheduler ;-)) 2) What does the option '--prio-bias' for 'vsched' command mean? It's added to all priorities calculated for the guest, so a priority bias of 5 and a guest process with a priority of 10 would result in a priority of 15. 3) Which option will be used when I put both 'sched_prio' and 'sched_hard' into 'flags' file? Why would you do that? :-) As far as I can tell though, both would be used, meaning it would adjust the priorities as well as put the context on hold when it runs out of tokens. 4) I found the chcontext utility and the 'vcontext' and 'vattribute' utilities. What's the difference? Is there any useful help for vcontext and vattribute? chcontext was the old utility, which with the alpha utils was replaced by a script that translates the options to the correct vcontext/vattribute/vuname/etc. calls. vcontext just enters/creates the context, vattribute sets the [bc]capabilities and flags, while vuname sets the hostname and similar information. vserver 0.30.210 2.6.16.11-vs2.1.1-rc18 You might want to consider an upgrade, as we're at 0.30.211 and 2.6.18.2-vs2.1.1 now. ;-) -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] openpty(): No such file
Oliver Heinz wrote: Hello, yesterday I upgraded my development server from vmlinuz-2.6.12.5-vs2.0 to 2.6.17.14-grsec2.1.9-vs2.0.2.1 and util-vserver from util-vserver-0.30.210 to util-vserver-0.30.211. All Debian/Ubuntu guests are running fine, but for the old Suse9.0 guest when entering via vserver servername enter i get an error: [EMAIL PROTECTED]:/usr/src/packages# vserver dakar enter vlogin: openpty(): No such file or directory [EMAIL PROTECTED]:/usr/src/packages# Any Idea what's wrong? Entering via ssh works fine, all services are running, so it's not a major issue, just annoing. Does it have /dev/ptmx and a mounted /dev/pts? When you log in through ssh, what tty are you on? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] hostname -va
Daniel Haensse wrote: Dear list, I have a problem with hostname -va inside of vserver. Any hints? best regards Dani vserver1.foobar.com ... 192.168.5.101 virtual1.foobar.com virtual1 vserver1 != virtual1 ;) -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] LOCKS constantly decreasing
Stefan Konrad Riedel wrote: Hi all, I'm using 2.6.17-11.33vs2.0.2.1 from dists/dapper/uniklu-vserver/binary-i386/linux-image-2.6.17-11-server_2.6.17-11.33vs2.0.2.1_i386.deb and in one of the 2 vservers I see the value locks decreasing constantly (about 1 per second in steps of 4-6 every 5 seconds): Every 2,0s: cat /proc/virtual/49153/limit ... LOCKS: -103993 -1 -1 0 The other vserver has LOCKS:-126, but has some fewer packages. So I like to know if this leads to problems in stability? Is there a way to tell which process is eating all this locks? Thanks for an answer. Konrad Looks like whoever rebased the patch on that kernel didn't get the lock accounting quite right. This in and of itself shouldn't lead to stability problems, it's just an accounting bug (and thus you wouldn't be able to limit it), but there could be more problems with the rebase (downside of not using vanilla ;-)). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer reboot - timeout opening/writing control channel /dev/initctl
Oliver Paulus wrote: As expected if you're not running an init (i.e. using the plain initstyle). >You'll have to use reboot -f to invoke vshelper which would reboot the guest. Can you explain that a little bit more in detail for me? How is it possible to use a simple reboot within vserver? reboot alone won't work without an init, and by default guests don't have one (see below). reboot -f just calls into the kernel and tells it to reboot. This is caught by the patch and the kernel runs vshelper, which does the rebooting/halting. As expected if you're not running an init (i.e. using the plain initstyle). I think vserver is running init on startup. Only if you're using the plain initstyle, the default (sysv) just runs the initscripts without going through init. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VServer reboot - timeout opening/writing control channel /dev/initctl
Oliver Paulus wrote: Hello, I am runnung VServer 2.0.2.1 with 2.6.17.13 kernel on a Debian Etch machine. util-vserver in version 0.30.211. The guest (vserver) is running Etch too. I have set CAP_SYS_BOOT in /etc/vservers//bcapabilities. Every time I want to reboot from within the guest (vserver) I get the following error: CAP_SYS_BOOT is given by default, as it's handled specially in the kernel. shutdown: timeout opening/writing control channel /dev/initctl init: timeout opening/writing control channel /dev/initctl As expected if you're not running an init (i.e. using the plain initstyle). You'll have to use reboot -f to invoke vshelper which would reboot the guest. What is with vshelper? Is this needed for rebooting in VServer 2.x too? Yes. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problems with Ethernet
William Berks wrote: Yesterday I install a copy of Gentoo on a server that I am building. The motherboard, a Supermicro X7DVL-E uses 5000V Blackford-VS MCH chipset. Until I tried the latest kernel from Gentoo 2.6.17, I could not find either the hard drives or the network. But, with that kernel, everything works great. I then built a kernel using the vserver patches. This is a 2.6.15 kernel. When I boot using this kernel, it fails to detect the network. has anyone else encounter this before? Any suggestions? Why did you get such an old kernel when you know you need at least 2.6.17? I'd suggest you try at least 2.6.17.13-vs2.0.2.1, or whatever is the latest in the Gentoo overlay. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Changing CPU scheduler && vhashify prblm
Jaroslav Tomecek wrote: Hi, 1) Is it possible to change the configuration of CPU scheduler on-the-fly (something like 'vlimit' command for memory limits)? Yes, with vsched. 2) I tried to hashify two vservers based on Suse. The 'vserver hashify' command returned: manwe3:/ # vserver manwe-a hashify Packagemanagement is not supported for 'suse' style failed to determine configfiles I thought that that hashification doesn't depend on packagemanagement. Can you help me please? Well, vhashify is using a lot of the same code as vunify, and it still needs a way to exclude configuration files (on non-devel kernels, but the utils don't make that distinction). If you add |suse to line 80 of /lib*/util-vserver/vpkg, so it looks like (redhat|mandrake|suse), does it work? This is my configuration: manwe3:/ # vserver --version vserver 0.30.210 -- manages the state of vservers This program is part of util-vserver 0.30.210 Copyright (C) 2003,2004,2005 Enrico Scholz This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. manwe3:/ # uname -a Linux manwe3 2.6.18-vs2.1.1-rc38-smp #3 SMP Tue Oct 17 22:29:30 CEST 2006 x86_64 x86_64 x86_64 GNU/Linux manwe3:/ # Old utils and old kernel ;) -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Postgres, Vserver & Firewall
Tim Mecking wrote: Never ever block any local traffic. Enter the following lines as root in a root-server shell and your problem should be gone: Unless you actually want to limit your guests' ability to communicate with eachother (and themselves). iptables -I INPUT -i lo -j ACCEPT iptables -I OUTPUT -o lo -j ACCEPT iptables -I FORWARD -i lo -o lo -j ACCEPT FORWARD with -i lo -o lo? I'd be inclined to DROP those since that should never happen. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chbind: kernel does not provide network virtualization
Miroslav Ruda wrote:
Helo,
I have tried to move successful vserver instalation from one machine to second
one and I failed. On second machine, I had to compile new kernel (
2.6.18-vs2.1.1-rc38-smp) but I did copy of util-vserver-0.30.210 and virtual
servers.
However, I'm getting error message "chbind: kernel does not provide network
virtualization", even for simple test extracted from testme.sh:
manwe3:/scratch/ruda/linux-2.6.18 # strace -f -s 300 chbind --ip 127.0.0.1 grep
ipv4 /proc/self/status
execve("/opt/vserver/sbin/chbind", ["chbind", "--ip", "127.0.0.1", "grep",
"ipv4", "/proc/self/status"], [/* 57 vars */]) = 0
open("/proc/net/dev", O_RDONLY) = 3
read(3, "Inter-| Receive|
Transmit\n face |bytespackets errs drop fifo frame compressed
multicast|bytespackets errs drop fifo colls carrier compressed\nlo:
5225079183000 0 0 0 52250791830
00 "..., 8192) = 1184
read(3, "", 7008) = 0
close(3)= 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2aacd0183000
vserver(0, 0x3f, 0, 0x22, 0)= 65791
This shows you have enabled the legacy version ID option in the kernel,
but your utils weren't configured with any legacy APIs and thus are
unable to do anything.
You'll either have to disable the legacy version ID (why did you enable
that in the first place?), or recompile your utils with
--enable-apis=NOLEGACY passed to ./configure.
--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Getting Error : chbind: vc_set_ipv4root(): Function not implemented
joonseong ahn wrote: [EMAIL PROTECTED]:~$ sudo vserver vserver1 start chbind: vc_set_ipv4root(): Function not implemented ... snip... [EMAIL PROTECTED]:~$ sudo vserver-info - SYSINFO Versions: Kernel: 2.6.17.13-vs2.0.2.1 VS-API: 0x000100ff util-vserver: 0.30.210; Sep 30 2006, 22:18:30 Available APIs: compat,v11,fscompat,v13,net,oldproc,olduts It looks like you've enabled a legacy version in the kernel (CONFIG_VSERVER_LEGACY_VERSION), which makes the old tools use the older API, but that fails, probably because you did not enable the legacy networking (CONFIG_VSERVER_LEGACYNET=y/CONFIG_VSERVER_NGNET=n). To fix it, you can either rebuild your kernel with full legacy support, or you remove all of the legacy support (but CONFIG_VSERVER_LEGACY, in case you don't want to update your util-vserver from 0.30.210 to 0.30.211). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problems with libusb in vservers
Ludovic RESLINGER wrote: Hi, I have a problem to use USB scanner using libusb in vserver. It seems impossible to access to /proc/bus/usb/* in vserver. I modified the /usr/lib/util-vserver/defaults/vprocunhide-files to add /proc/bus, but there is only /proc/bus/input and /proc/bus/pci. I added the line to fstap to mount /proc/bus/usb but it changed nothing. When I specify /proc/bus/usb in vprocunhide-files, I meet this error when I try to reload vprocunhide: (...) Fixing /proc entries visibility.../proc/bus/usb/: Invalid argument /proc/bus/usb/devices: Invalid argument /proc/bus/usb/005: Invalid argument /proc/bus/usb/005/001: Invalid argument (...) As expected, since usbfs doesn't support the flags. The way to get this working is a bit hackish, because you must unhide /proc/bus/usb _before_ usbfs is mounted there, alternatively something like: vnamespace -n bash umount -n /proc/bus/usb setattr --~hide /proc/bus/usb exit should do it. Note that you'll still need to have it in the guest's fstab. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] rebooting from inside
Mehdi Bennani wrote: > Actually, with sysv, reboot -f doesn't return any error but the > vserver doesn't reboot > (ssh session isn't interrupted and the uptime shown by vserver-stat on > the host doesn't go back to zero). Hmm. How did you install the utils? Did you install them by hand? If so, did you remember to run make install-distribution? (which would install /sbin/vshelper, the program that executes reboots on behalf of guests) The utils 0.30.210 were installed with apt. I just uninstalled it and dpkg'ed the new 0.30.211, hoping it would help but nope... /sbin/vshelper is a soft link to /usr/lib/util-vserver/vshelper Interesting. Could you run mkdir -p /etc/vservers/.defaults/apps/vshelper ln -s /var/log/vshelper.log /etc/vservers/.defaults/apps/vshelper/logfile touch /var/log/vshelper.log and try again, and post the contents of /var/log/vshelper.log? Also, does vserver test26 restart work as expected? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] rebooting from inside
Mehdi Bennani wrote: > > reboot -f gives the same result on both init styles Interesting, even with sysv? What is left in the guest at that point? Actually, with sysv, reboot -f doesn't return any error but the vserver doesn't reboot (ssh session isn't interrupted and the uptime shown by vserver-stat on the host doesn't go back to zero). Hmm. How did you install the utils? Did you install them by hand? If so, did you remember to run make install-distribution? (which would install /sbin/vshelper, the program that executes reboots on behalf of guests) What distribution are you running in your guest? Debian Sarge built with "vserver NAME build -m debootstrap -- -d sarge". My sarge guest reboots fine, with both sysv and plain initstyle. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
