re: [Vserver] Intel or AMD
On Thu, 1 Sep 2005 12:55:02 -0500, Lyn St George wrote Hallo all I don't have an AMD machine to test this on, so have to ask. Are there any known problems running vservers on an AMD host? Anyone have experience with loads and uptimes compared to Intel chips? (I have a dual Xeon which is crashing too frequently and needs to be changed, while the other single Pentiums are fine). Here since a year, everything is dual opterons and some quad opterons. We have around 20 of those (tyan motherboards). We are running FC3 64 bits but most vservers are FC3 32 bits. Running 32 bits vservers on 64 bits kernel is faster, sometime a lot faster, compared to a 32 bits kernel (Running 64 bits vservers is probably faster as well). 64 bits vservers are using more memory, so running 32 bits vservers may be a win here. After doing various benchmarks, I would say Intel has nothing to offer. - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] V_xxxx not running ?
On Mon, 25 Jul 2005 18:12:01 -0500, Enrico Scholz wrote --=-=-= Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable [EMAIL PROTECTED] (Beno=EEt des Ligneris) writes: Chasing each and every config file of services started on your host (apache:443, SSH, mySQL, postgreSQL, etc.) ssh should never be started through v_ssh as every shell inherits the network restrictions else.So it will be impossible to do administrative tasks like (re)starting vservers. This was lost from the 2.4 kernel version of the vserver. root in context 0 was allowed to reset its iproot. - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] V_xxxx not running ?
On Wed, 27 Jul 2005 19:49:03 -0500, Herbert Poetzl wrote On Wed, Jul 27, 2005 at 10:37:48AM -0500, Jacques Gelinas wrote: On Mon, 25 Jul 2005 18:12:01 -0500, Enrico Scholz wrote This was lost from the 2.4 kernel version of the vserver. root in context 0 was allowed to reset its iproot. well, not lost :) but it was changed, yes ... What was the reason ? - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
re: [Vserver] Vserver kernel 2.6 and distro 2.4
On Mon, 13 Jun 2005 12:36:01 -0500, Jean-Christophe Petit wrote Hello, is it possible to use 2.4 kernel distros inside vservers that use a main 2.6 kernel with patch-2.6.11.11-vs2.0-rc4.diff ? Yes. We do this all the time. For some application (rpm for one), you set the LD_ASSUME_KERNEL=2.4.19 variable. - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
re: [Vserver] Can't start vserver on x86_64 with 2.6.11-rc3-vs1.94
On Thu, 17 Feb 2005 14:33:05 -0500, Paul S. Gumerman wrote I'm at the point where I need some help. The machine is a dual Opteron, with Fedora Core 3 installed. I've downloaded a vanilla 2.6.11rc-3 kernel, and patched it with the latest vs1.94-rc4 patch set, which applied and built cleanly. Then I built the util-vserver packages from source, and installed them with rpm. Since I want to try things first with a FC3 x86_64 virtual server, I ended up using the legacy option to build vserver vts64. I then edited rc.sysinit to remove most everything. I also created a test server with the skeleton build option, and used that info and info from Google to create the newer config files for vts64. I'm fairly certain that all the config stuff is good. But .. when I try to start the vserver, I get this error message: vcontext: execvp(/etc/rc.d/rc): No such file or directory Do you have /lib64 installed in the vserver ? Maybe the build strategy ignore this directory (which only exists on x64). - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: next gen platform (was Re: [Vserver] VServer 2.6.9-1.9.3 uptime63d :-))
On Wed, 19 Jan 2005 19:50:01 -0500, Gregory (Grisha) Trubetskoy wrote If it boots and runs as expected, then you're not losing anything. That's just my opinion :-) I think the RH patches are mostly for specific hardware and various esoteric things that they need to work, I've yet to find a problem with the vanilla kernel. This is one requirement of the Fedora project. It has to work with vanilla kernels. - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: next gen platform (was Re: [Vserver] VServer 2.6.9-1.9.3 uptime63d :-))
On Wed, 19 Jan 2005 11:54:02 -0500, Roderick A. Anderson wrote On Wed, 19 Jan 2005, Eric Jorgensen wrote: I've now been looking to make a switch for my host OS. I was less than impressed with Fedora Core 1 and 2, but have been quite pleased with Fedora Core 3, at least on the desktop. Jacques did a pretty good promo for Vserver on the linuxconf list and I got the impression from it he has at least one Vserver running FC3. I was going to ask him about the steps he uses to build the the FC3 vserver kernel -- plus a few other questions -- hopefully today. When I hear back I'll let you know ... well actually I think he might lurk here a bit. We have few FC3 here using 2.6.9vs1.9.3. No tricks in the kernel. Some are opteron systems (64 bits) and runs 32 vservers all fine. I have also FC3 vservers running inside rh9 (using 2.4 or 2.6 kernels). There is no particular steps. I can supply the kernel config file if you want. - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian diffs for vserver 0.29 tools anyone?
On Tue, 16 Dec 2003 09:11:00 -0500, Ivo De Decker wrote On Mon, Dec 15, 2003 at 03:39:05PM -0500, Jacques Gelinas wrote: A small bugfix for the debian newvserver script: Can't find this code in my own newvserver script. I guess the debian package provides another utility called newvserver.sh. Right ? That is correct. The debian package has a debian-specific newvserver script. (the original one is included in the package as newrpmvserver). This is not appropriate. While the original newvserver can create vserver from CDs, it is also useful to clone and reconfigure vservers as well. If the script /usr/lib/vserver/distrib-info was completed for DEB, then all the tools would be able to perform unification and vserver cloning for debian. Further, newvserver could be enhance to create debian install from scratch. For example, it could setup the configuration and call your newvserver.sh script to complete the installation. Right ? - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian diffs for vserver 0.29 tools anyone?
On Sat, 13 Dec 2003 20:49:02 -0500, Ivo De Decker wrote On Fri, Dec 12, 2003 at 09:36:23PM +0100, Ola Lundqvist wrote: New vserver-0.29 packages will be available for unstable now on http://debian.opal.dhs.org/ Also uploaded to unstable since a few seconds. A small bugfix for the debian newvserver script: Can't find this code in my own newvserver script. I guess the debian package provides another utility called newvserver.sh. Right ? When newvserver creates a config file for the vserver, IPROOTDEV is set to eth0, even if another interface is specified. Trivial patch: --- newvserver.sh.orig2003-12-13 20:40:19.0 +0100 +++ newvserver.sh 2003-12-13 20:40:56.0 +0100 @@ -501,7 +501,7 @@ cat EOF /etc/vservers/$VHOST.conf S_HOSTNAME=$VHOST IPROOT=$IP -IPROOTDEV=eth0 +IPROOTDEV=$INTERFACE ONBOOT=yes S_NICE= S_FLAGS=lock nproc$FAKEINIT Greetings, Ivo De Decker ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] addendum to vserver 0.29 change log
I had forgotten one item, important in the change log. Here it is 2.1. v_xxx services bound to 127.0.0.1 V_xxx services (sshd, ...) are special services used in the root server to limit its IP scope to some IPs. This way, vservers are free to use the other IPs of the machine. In previous release, all v_xxx services were bound to eth0 only. It was possible to override this using a corresponding file /etc/vservices/xxx.conf with a line like: IP=ip1 ip2 It turns out to be more practical to bind services to 127.0.0.1 and eth0. X11 forwarding in sshd is working better like this. So now, all v_xxx services are bound to 127.0.0.1 and eth0, unless overridden by the /etc/vservices/xxx.conf - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
re: [Vserver] vrpm code questions
On Mon, 24 Nov 2003 14:34:03 -0500, Bert De Vuyst wrote Hello, After looking at the code of tool vrpm (part of vserver and util-vserver), I have some questions. 1. The location of /vservers is hardcoded in this tool. I think it's at better idea use the option VSERVERS_ROOT=/vservers in this script and to use $VSERVERS_ROOT inside the script. In case of the vserver package by Jacques, the next lines if [ -f /etc/vservers.conf ] ; then source /etc/vservers.conf fi would be a usefull idea to set the $VSERVERS_ROOT. I will fix that 2. In case the vserver is not running, the script starts a new security context. Correct me if I'm wrong, but I think it's not a good idea. Why? Some people have a backup of there vservers on a spare machine in case there serverhardware fails. If they run vrpm on the spare machine, vrpm will startup the vservers to update the packages. This can cause a problem as the IP-address of the vserver is in use by the vserver running on the master server, and you end up running 2 vservers using the same IP-address. I think it would be beter to use chroot to run rpm in case the vserver is down. Starting a new security context does not assign IPs. So it has no impact on other copies of the vserver running elsewhere. The idea of using a security context is to make sure that scripts executed during the RPM update can't access or break the root server. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] re: Alert! --secure broken in 0.27 + vs1.1.5
On Sat, 22 Nov 2003 20:36:01 -0500, Herbert Poetzl wrote Hi Jack! I get this on Linux version 2.4.22-vs1.1.5 with vserver-0.27 # chcontext --secure --ctx 100 grep -i cap /proc/self/status New security context is 100 CapInh: CapPrm: feff CapEff: feff CapBset: feff (which basically means, all except CAP_SETPCAP) Ok, got it. I was passing 0 instead of -2 when lowering the capability ceiling. 0.28 will be released today. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
re: [Vserver] VServer IP Setup (A Journey with Bash)
initialisation. 4.2 From chbind a) Segmentation fault - you managed to call 'chbind --ip' please share the knowledge how you did it? I fixed chbind so it better checks its arguments. Will be in 0.28 5. And the Future? 5.1 Useful Enhancements - extend the script to actually understand /XX netmasks, and convert them for ifconfig Done. Just in ifspec. No need to change the vserver script - add an option to display the actual ifconfig statements and IPOPT lists (would avoid a lot of questions) Done. I added the --verbose option to the /usr/sbin/vserver script - fix the ifspec bug, and do some sanity checks regarding netmasks and interfaces ... done - add a 'cleanup' option to 'remove' the aliases and mounts done by an 'enter' on a stopped vserver. This is always done. a vserver xxx stop always does this even if the vserver is not running. [1] it could be useful to specify this on a 'profile' basis, this way, a test profile could leave out the network stuff ... Such a profile could have a different set of IP or no IP at all then. Why nodev ? - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vserver -.27 change log
vserver 0.27 Change log 1. Enhancements 1.1. Install redhat 9 and fedora core 1 from CD The newvserver utility can now install a vserver from a RedHat 9 or Fedora core 1 first cdrom. As usual you can install a minimum vserver or the complete CD. 1.2. Support for vs1.1 kernels The new kernel with the virtual switch system call is now supported. You can using vserver 0.27 with vs-1.0 (aka ctx) and vs1.1 kernels. 2. Bug fixes 2.1. ULIMIT with -HS The configuration files created by vserver and newvserver now correctly use -HS instead -of -H to set the global ULIMIT settings. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
re: [Vserver] fedora core 1
On Wed, 19 Nov 2003 04:48:02 -0500, Geoffrey D. Bennett wrote Hi there, Just wanted to report some success running Fedora Core 1 in a vserver (Red Hat 7.3 base) as well as share a problem I had and a script I wrote to make future FC1 vserver installs trivial (for me, at least). First the problem: the glibc that comes with FC1 didn't like running some programs (like RPM :( ) -- it failed with cannot enable executable stack as shared object requires. I fixed the problem by rebuilding the glibc RPM with the glibc-execstack-disable patch (comes with the glibc RPM). Odd I am using few vservers with fedora core 1 and I am not seeing this problem. (vserver 0.27 probably out tomorrow let you install fedora base vserver from CD). I have installed plenty of rpm using rpm and did not see this message. This is with glibc-2.3.2-101, the i386 version. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] possibility to get eth0:0 into vserver ?
On Wed, 12 Nov 2003 20:40:05 -0500, Rus Foster wrote hi, is it possible that i get a real eth0 device into my vserver ? at moment i have within a vserver: eth0 Link encap:Ethernet HWaddr 00:0C:76:45:2B:4D UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:186757294 errors:0 dropped:0 overruns:1 frame:0 TX packets:146945296 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2816075333 (2.6 GiB) TX bytes:2576350543 (2.3 GiB) Interrupt:10 But because of this software is commercial, the software wants a binding to eth0:0 to communicate with the company server of confixx -and doesn`t found such a device in the vserver. Name the vserver 0. Should work A vserver sees all devices corresponding to the IPs it is using. One solution (beside naming the vserver 0), is to setup the IP aliases yourself on the host server -Set IPROOT= to those IPs -Unset IPROOTDEV so the vserver script won't try to setup the IP aliases. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] fedora core 1
On Thu, 20 Nov 2003 20:09:03 -0500, Herbert Poetzl wrote On Thu, Nov 20, 2003 at 12:51:57PM -0500, Jacques Gelinas wrote: On Wed, 19 Nov 2003 04:48:02 -0500, Geoffrey D. Bennett wrote Hi there, Hi Geoffrey! Just wanted to report some success running Fedora Core 1 in a vserver (Red Hat 7.3 base) as well as share a problem I had and a script I wrote to make future FC1 vserver installs trivial (for me, at least). First the problem: the glibc that comes with FC1 didn't like running some programs (like RPM :( ) -- it failed with cannot enable executable stack as shared object requires. I fixed the problem by rebuilding the glibc RPM with the glibc-execstack-disable patch (comes with the glibc RPM). I heard from Rik (v. Riel) that one of RedHat's aims (or requirements) is that Fedora works with vanilla kernels (correct me if I've got it wrong) so any problem with vanilla 2.4.xx can be considered a Fedora bug, and should be reported ... Good thing. Odd. I finally withness this problem on my build machine running a 2.2 kernel and hosting various chrooted build environment. On my notebook with 2.4.22vs1.00, fedora1 seems to work well as a vserver (including rpmbuild) Odd I am using few vservers with fedora core 1 and I am not seeing this problem. (vserver 0.27 probably out tomorrow let you install fedora base vserver from CD). Hi Jack! what interface will those 0.27er tools support? stable or development? Both. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
RE: [Vserver] Vserver rpm errors
On Fri, 7 Nov 2003 06:47:04 -0500, Charles Dale wrote Seeing as they work on with RPM 4.0 but not with 4.2 I assume it is some bug in the version of RPM used to build them. Of all the similar failures I found on Google, none of them required updating the client RPM, just that the packages would be rebuilt (probably with an updated RPM). That doesn't make things much clearer... Maybe Jack can tell us which rpm he's using. I am using an RPM from rh7 and in general, it installs everywhere. I am using that for many projects. On which distro are you seeing this problem ? - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] An interesting problem/bug with IP aliases
On Fri, 31 Oct 2003 10:05:02 -0500, Chris Wright wrote * Jacques Gelinas ([EMAIL PROTECTED]) wrote: The ip command uses the same kernel interface as ifconfig to setup IP aliases. The SECONDARY flag can't be touched using the kernel interface. So the command will produce the same problem. While the ip command do more, especially on the routing side, it does the same thing on the IP aliases side. This isn't actually the case. The difference is how you can set the secondary flag, etc. Try this: # ip addr add 192.168.1.0/24 dev eth0 # ip addr add 192.168.1.1 dev eth0 # ip addr add 192.168.1.2 dev eth0 # ip addr list now you have two useable aliaes .1 and .2 (try pinging them from another machine). With .1 being the first one you set up (take note of the subnets that they are assigned to). Yes I am taking note. Both (1.2 and 1.1) end up on /32. I am getting the same result with ifconfig. They end up on different networks. $ /sbin/ip addr add 192.168.0.0/24 dev eth0 $ /sbin/ip addr add 192.168.0.1 dev eth0 $ /sbin/ip addr add 192.168.0.2 dev eth0 $ /sbin/ip addr list inet 192.168.0.0/24 scope global eth0 inet 192.168.0.1/32 scope global eth0 inet 192.168.0.2/32 scope global eth0 Now if I do $ /sbin/ip addr add 192.168.0.0/24 dev eth0 $ /sbin/ip addr add 192.168.0.1/24 dev eth0 $ /sbin/ip addr add 192.168.0.2/24 dev eth0 $ /sbin/ip addr list inet 192.168.0.0/24 scope global eth0 inet 192.168.0.1/24 scope global secondary eth0 inet 192.168.0.2/24 scope global secondary eth0 Now if I delete 192.168.0.0, I am loosing then all. - I have review this problem. I realise now why most people have not experienced this problem. If you set an IP alias (using whatever tool) on eth0, using the same network as currently defined on eth0, then the aliases become all secondary and you loose the aliases definition only if you unconfigure eth0, which you seldom do. We have withness this problem because we generally use private networks inside a host server and all the vservers are hook to this network. We do this to achieve physical network failover. All our server have 2 nics and using gated the internal network used by the vservers is advertised on both nics. Using the ip addr add 192.168.0.0/24 dev eth0 above should cure our own problem. I realise this is not a typical setup. - Jacques Gelinas [EMAIL PROTECTED] vserver: run general purpose virtual servers on one box, full speed! http://www.solucorp.qc.ca/miscprj/s_context.hc ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver