Re: [Vserver] gentoo guest template stage4?!?
On Sat June 30 2007 07:52, Chuck wrote: i just went to http://people.linux-vserver.org/~hollow/stages/ to get an updated install stage for gentoo guests, and saw a stage 4 archive.. umm, not to appear dumb, but what in the world is a stage4? Looking at the files in the specs subdirectory of that link ... Looks like a minimum guest; syslog-ng, vixie-cron, some utils. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
On Thu May 10 2007 09:14, Thomas Besser wrote: Herbert Poetzl wrote: Thanx for testing. I have no clue, what my problem is and no idea how to resolve this. maybe you could package up your guest (maybe after some cleanups to preserve privacy and reduce size), and upload it somewhere, and maybe some folks who already had success with your installation do the same, then try each- others guests and see what happens ... I made a package of my guest 'gis' (about 465 MB): /etc/vservers/gis (config of the image) /vservers/gis (home of the guest images) http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2 It would be great if Asier or Michael or somebody else have enough bandwith for down-/uploading. I can do that. Will post the url once I have moved a copy. Mike if the kernel/config is to blame, then your guest should work fine on another system and the other guest should fail on yours, no? Yepp, that should be like that ;-) TIA Thomas ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] java crash in vserver...
On Thu May 10 2007 11:08, Michael S. Zick wrote: On Thu May 10 2007 09:14, Thomas Besser wrote: Herbert Poetzl wrote: Thanx for testing. I have no clue, what my problem is and no idea how to resolve this. maybe you could package up your guest (maybe after some cleanups to preserve privacy and reduce size), and upload it somewhere, and maybe some folks who already had success with your installation do the same, then try each- others guests and see what happens ... I made a package of my guest 'gis' (about 465 MB): /etc/vservers/gis (config of the image) /vservers/gis (home of the guest images) http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2 It would be great if Asier or Michael or somebody else have enough bandwith for down-/uploading. I can do that. I lied. Hit a disk limit on the site that has the bandwidth available. But can give the tar-ball a try here and post results. Mike Will post the url once I have moved a copy. Mike if the kernel/config is to blame, then your guest should work fine on another system and the other guest should fail on yours, no? Yepp, that should be like that ;-) TIA Thomas ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: java crash in vserver...
On Wed May 9 2007 01:18, Thomas Besser wrote: Hi Jan, Jan Zuchhold wrote: it's working fine for me: 1512 [INFO] org.geotools.referencing.factory.epsg.HSQLDataSource - Creating cached EPSG database. It may take a few minutes. 17611 [main] INFO org.springframework.web.context.ContextLoader - Using context class [org.springframework.web.context.support.XmlWebApplicationContext] for [root WebApplicationContext 17611 [main] INFO org.springframework.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 16212 ms vserver:~# cat /etc/issue Debian GNU/Linux 4.0 vserver:~# java -version java version 1.6.0 Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Server VM (build 1.6.0-b105, mixed mode) host:~# uname -r 2.6.20.11-vs2.2.0.k7-smp-070502 Thanx for testing. I have no clue, what my problem is and no idea how to resolve this. According to this thread, you are running Java 1.5 and the version reported to work is Java 1.6 Mike Perhaps you could send me via pm your installed packages (dpkg --get-selections packages) of your host and guest? Regards Thomas ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] anybody has experience for Vserver on ARM
On Tue April 24 2007 10:21, Martin wrote: On Tue, 2007-04-24 at 07:58 -0400, Wenbin Zhang wrote: Hi Martin, FC6 has not been ported to ARM. I tried -d fc6, that does not work. But what should be used for -d option on ARM? Thank you very much! If I am correct then -d controls the distro of the guest that you are building. By default only the common few distros are supported, but I'm told that it's pretty simple to add support for others (check the Wiki / archives I'd guess). Of the top of my head I couldn't tell you which distros other than Debian have an ARM port. I can verify that Debian/Etch runs just fine on my ARM machine, see: http://www.cyrius.com/debian/nslu2/ I have not checked or tried a vserver enabled kernel yet though - still on my rather long to-do list. But all of the usual distro software will just install and run. Perhaps you could pop for one of these low cost machines* and build native anything you want for your fone? Mike * your will want to add the console port and up the clock - the only modifications I made to my off the shelf machine. See links from the above url. HTH Cheers, - Martin ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] How to unsubscribe? http://list.linux-vserver.org/mailman/listinfo/vserver doesn't work...
On Thu April 5 2007 02:39, Guenther Fuchs wrote: Hi there, on Thursday, April 5, 2007 at 8:24:26 AM there was posted: VT I want to unsubscribe from vserver ML, but the link VT http://list.linux-vserver.org/mailman/listinfo/vserver doesn't work. VT How can I do that? Send an empty mail from the subscribed address to vserver@list.linux-vserver.org with subject unsubscribe - that should work with mailman lists. The directions included (as a header on every mail) from the list mailer is: List-Unsubscribe: http://list.linux-vserver.org/mailman/listinfo/vserver, mailto:[EMAIL PROTECTED] If that header is correct then; Send an empty mail from the subscribed address to: [EMAIL PROTECTED] with the subject: unsubscribe Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] any kernel gurus know what this is?
On Thu December 7 2006 07:57, Chuck wrote: ok. i am definitely having problems with this new opteron machine we have... only thing i can see remotely close to an error or warning msg is this from the kernel: i get this message as early in the boot process as when it decompresses to begin boot: kernel mapping table up to 100,000,000 at 8000:d800 this is a linux 2.6.18.3 kernel 2.6.18-vs2.1.1-gentoo-r1 could this be a disk controller address? last week the machine died twice both with disk errors, the 2nd time it actually scrambled a few sectors in a lvm partition in the website vserver. i had to run shred on the partition to fix it. just this morning, initially i had no warning something was wrong until i tried to execute any command and got back 'command not found'. turns out the running system could not access the disk array in any fashion. a power cycle brought it back to normal and it has been running ok for the past few hours. in case it helps hardware is 2xopteron dual core 265 tyan 2882D motherboard 4gb registered ram 2 sata2 drives in raid1 configuration. There is a patch in 2.6.18.5 that mentions sata drives. Haven't tried it yet. There are several distro's that are planning to include 2.6.18 in their end-of-year releases. It has been getting a lot of maintenance recently. could i have a setting wrong in the kernel? Like in cockpit error? Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Util-VServer file names
On Wed December 6 2006 15:04, Herbert Poetzl wrote: On Mon, Dec 04, 2006 at 07:17:03PM -0600, Michael S. Zick wrote: Group, Tar-ball: util-vserver-0.30.211.tar.bz2 Path: util-vserver-0.30.211/scripts File: vserver-build.functions.rpm File: vserver-build.rpm Neither file is an rpm package, both are ASCII text files. I suggest that hi-jacking well recognized extensions is a Bad Idea. Better names might be: vserver-rpm-build.whatever and vserver-rpm-build-functions.whatever well, while you are perfectly right there, this _is_ the result of such a procedure ... the pattern is like this: vserver-build.functions.whatever vserver-build.whatever where whatever currently is one of apt, apt-rpm, debootstrap, fai, rpm, yum ... No big deal any longer - it just exposed the need for a few more 'if' statements in my file cataloger. Unless you intend to start making the first line of your text files read: !arch or other 'magic strings' there shouldn't be any problems here. Mike HTC, Herbert Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver][Solved] iproute2 behavior problem
On Mon December 4 2006 23:26, Chuck wrote: On Sunday 03 December 2006 09:25, Michael S. Zick wrote: It appears that, at least on my 2006.1 Gentoo distro, possibly with iproute2 I am not positive if it extends beyond Gentoo, that someone decided to automatically load the arping module even when not asked for. This causes the 2 second delay. Thanks. Another note of things to watch out for goes on the wall here. One person's feature is another person's service call in the middle of the night. Mike A fix for Gentoo installs is after your modules=(iproute2) an additional line of modules=(!arping) cures the problem. I have no idea why they feel this is required on all networking code since they load it no matter what, but unless it does something specifically important to our use, it seems to only get in the way. We use 100% static assignments,gateways,routes,everything so we need no automatic detections of anything at all, and in fact this also cured another of my problems where a specific static route did not work, but now it does after killing that module. I guess it made its own decisions that my instructions were not worthy enough to obey. I am highly irked at Gentoo right now that they would do this with no warnings or notifications that this was a new automagic 'feature' which , unless i am made to understand why I need it, simply has caused me problems. On Sun December 3 2006 05:50, Chuck wrote: On Sunday 03 December 2006 00:28, Herbert Poetzl wrote: this is during boot when initializing the ethx adapters. I noticed that myself on a Debian/Etch system - I suppose any distro that follows their lead (uses the same udevd) might have the same symptoms; Look for: /etc/udev/rules.d/z25_persistent-net.rules which is generated at runtime, during boot, by /etc/udev/persistent-net-generator.rules If you do not intend to be changing nic's in the box in-between boots, then that rule generator only needs to run once per life-time of the machine - not once per every boot. I don't have my hands on your set-up - so I can't say what/how to make the changes to your configuration files, but that is the 'slow to initialize' ethernet nics problem area. Believe me, you do not want to plug in a usb-nic if you want a fast boot - it will eventually boot but you could swear the kernel hung while waiting. Mike On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote: i am assuming this behavior is in recent iproute2 changes. previously on an x86 machine last year, 140 ip addys on one nic would load very fast. now, on amd64 current versions, it pauses 2 whole seconds between ip addys!! when you add them? remove them? or just view them? could be an overeager nameservice reverse lookup trying to find a name to your IPs :) HTH, Herbert it is intolerable. does anyone have a fix for this or know what causes it? too little information ... best, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Util-VServer file names
Group, Tar-ball: util-vserver-0.30.211.tar.bz2 Path: util-vserver-0.30.211/scripts File: vserver-build.functions.rpm File: vserver-build.rpm Neither file is an rpm package, both are ASCII text files. I suggest that hi-jacking well recognized extensions is a Bad Idea. Better names might be: vserver-rpm-build.whatever and vserver-rpm-build-functions.whatever Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] iproute2 behavior problem
On Sun December 3 2006 05:50, Chuck wrote: On Sunday 03 December 2006 00:28, Herbert Poetzl wrote: this is during boot when initializing the ethx adapters. I noticed that myself on a Debian/Etch system - I suppose any distro that follows their lead (uses the same udevd) might have the same symptoms; Look for: /etc/udev/rules.d/z25_persistent-net.rules which is generated at runtime, during boot, by /etc/udev/persistent-net-generator.rules If you do not intend to be changing nic's in the box in-between boots, then that rule generator only needs to run once per life-time of the machine - not once per every boot. I don't have my hands on your set-up - so I can't say what/how to make the changes to your configuration files, but that is the 'slow to initialize' ethernet nics problem area. Believe me, you do not want to plug in a usb-nic if you want a fast boot - it will eventually boot but you could swear the kernel hung while waiting. Mike On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote: i am assuming this behavior is in recent iproute2 changes. previously on an x86 machine last year, 140 ip addys on one nic would load very fast. now, on amd64 current versions, it pauses 2 whole seconds between ip addys!! when you add them? remove them? or just view them? could be an overeager nameservice reverse lookup trying to find a name to your IPs :) HTH, Herbert it is intolerable. does anyone have a fix for this or know what causes it? too little information ... best, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] iproute2 behavior problem
On Sun December 3 2006 08:31, Chuck wrote: On Sunday 03 December 2006 09:25, Michael S. Zick wrote: will check all this out. thanks... this is a production machine and when i reboot it on those rare occasions very late at night, i need it to boot fast as possible with no unnecessary delays as it takes a large number of our sevices down during that time. why someone would introduce a 2 second delay between ip assignments is beyond me. unless someone added a delay for reading diag messages then forgot to remove it. Just guessing on insufficient knowledge - This new udevd is part of the change to parallel initialization; Which is supposed to speed up the boot process. The parallel initialization is a dependency guided system; Could be that does not have all the rough edges smoothed out. I 'fixed' mine by building the required ethernet drivers into the kernel rather than let the system auto-load the modules. (Three nics, two pci, one usb) Now that is not a 'fix' of the problem - but a work-around to get my kernel to boot within a reasonable amount of time. Since this is only a personal-use machine, not a production machine; I just said: good enough for now and went on to more pressing issues here without really running down the prime cause. Mike On Sun December 3 2006 05:50, Chuck wrote: On Sunday 03 December 2006 00:28, Herbert Poetzl wrote: this is during boot when initializing the ethx adapters. I noticed that myself on a Debian/Etch system - I suppose any distro that follows their lead (uses the same udevd) might have the same symptoms; Look for: /etc/udev/rules.d/z25_persistent-net.rules which is generated at runtime, during boot, by /etc/udev/persistent-net-generator.rules If you do not intend to be changing nic's in the box in-between boots, then that rule generator only needs to run once per life-time of the machine - not once per every boot. I don't have my hands on your set-up - so I can't say what/how to make the changes to your configuration files, but that is the 'slow to initialize' ethernet nics problem area. Believe me, you do not want to plug in a usb-nic if you want a fast boot - it will eventually boot but you could swear the kernel hung while waiting. Mike On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote: i am assuming this behavior is in recent iproute2 changes. previously on an x86 machine last year, 140 ip addys on one nic would load very fast. now, on amd64 current versions, it pauses 2 whole seconds between ip addys!! when you add them? remove them? or just view them? could be an overeager nameservice reverse lookup trying to find a name to your IPs :) HTH, Herbert it is intolerable. does anyone have a fix for this or know what causes it? too little information ... best, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] iproute2 behavior problem
On Sun December 3 2006 09:48, Herbert Poetzl wrote: On Sun, Dec 03, 2006 at 07:08:30AM -0500, Chuck wrote: On Sunday 03 December 2006 00:28, Herbert Poetzl wrote: i just tried an experiment. i placed 5 ips on an adapter on the older dell x86 system and still the same behavior so it is not arch related. On Fri, Dec 01, 2006 at 10:32:12PM -0500, Chuck wrote: i am assuming this behavior is in recent iproute2 changes. previously on an x86 machine last year, 140 ip addys on one nic would load very fast. what I do not understand here, why do you configure 140 ips when the host boots at all? wouldn't it be much easier to let util-vserver add the IPs per guest? I'd assume that this would speed up the configuration significantly too, as the tools do not run those funny scripts AFAIK :) I haven't done any debugging of this yet - but if I did, I would start by putting a break-point of some kind in udevd, then adding an address. What I would be looking for is if the adding of an address generates a 'udev event' similar to discovering a new card. I don't think it should, but it might be doing that. It could also just be funky scripting somewhere. Mike HTH, Herbert now, on amd64 current versions, it pauses 2 whole seconds between ip addys!! when you add them? remove them? or just view them? could be an overeager nameservice reverse lookup trying to find a name to your IPs :) HTH, Herbert it is intolerable. does anyone have a fix for this or know what causes it? too little information ... best, Herbert -- Chuck ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] resource management
On Fri December 1 2006 18:47, Chuck wrote: On Friday 01 December 2006 17:38, Michael S. Zick wrote: The host install is 100% stock Gentoo with no modifications other than what is needed to run vservers. The kernel is 2.6.18-vs2.0.2-gentoo-r8 with if the above kernel version is 2.6.18.2 as kernel.org numbers them, replace it with 2.6.18.3 or newer. will have a look at that The kernel.org-2.6.18.3 has some page handling fixes in it. The 2.6.18.2 can be put into a situation where it does not properly use swap. My bad. I was unclear - 'does not handle dirty pages properly' - pages which should either be reclaimed from swap or swapped out. My reason for making that guess was the console message which you quoted. With 4g of ram, you have a ways to grow but will eventually run out of room if you push it hard enough. And swap usage will look like you have plenty of room remaining when oom starts running and/or your filesystem starts to corrupt. Perhaps the easiest way to see if that is 2.6.18.3 is to try applying the 2.6.8.2-3 diff patch to the kernel source with the Gentoo and VServer patches in place (only the extra version string should fail to apply). If patch tells you 'patch already applied' then you have 2.6.18.3(+) Mike we only use about 25% of our ram at this time and i really dont expect any swap at all, but i do see a token amount which i am not sure where it comes from... valkyrie / # free total used free sharedbuffers cached Mem: 406032018450442215276 0 366696 477532 -/+ buffers/cache:10008163059504 Swap: 39037842323903552 The host install is 100% stock Gentoo with no modifications other than what is needed to run vservers. The kernel is 2.6.18-vs2.0.2-gentoo-r8 with util-vserver 0.30.211. Everything is compiled 2006.1 gcc 4.1.1 and glibc .2.4-r4:2.2. Note: 'stock Distribution Name' does not mean an unmodified kernel. no, I realize that... this is 'stock gentoo supplied vserver kernel' Mike util-vserver 0.30.211. Everything is compiled 2006.1 gcc 4.1.1 and glibc .2.4-r4:2.2. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: future vserver on ubuntu
On Tue November 28 2006 08:56, Herbert Poetzl wrote: On Sun, Nov 26, 2006 at 07:18:15PM -0600, Michael S. Zick wrote: On Sun November 26 2006 12:15, Philippe Clérié wrote: Gerald at uni-klu was kind enough to reply to a query I sent him. He will not soon be building a vserver kernel for edgy because of lack of time. So I think I'll stick to dapper for a while yet. Regarding vserver and feisty, it's very likely that the patch is not in the distribution because it's no longer in sid. And it makes sense not to include it in sid since debian is building kernels with built-in vserver. For all architectures too! All? Can't find the -ixp4xx (arm, little endian), nor pa-risc 32 or 64 bit. The ones posted only have the VServer Kconfig changes. hppa(/64) works quite fine in Linux-VServer, arm too, arm26 is not really tested ... but I don't know for the debian versions ... Sorry if I was unclear. The answer is not what architectures work, but what architectures Debian provides pre-built kernels for. I test virgin kernel+VServer on armv5tel Joel tests on hppa/32/64 - but neither of us test the _Debian_ pre-builts. None of those machines are speed demons - so when someone said that pre-built kernels where available - I did spend time searching the package depositories for them. Then offered my update of the word: _all_. For those who roll-their-own: Your best bet on arm is 2.6.18.3 or newer to avoid swap problems ... Probably 2.6.16.???-palatest on hppa (after the spinlock fixes) to avoid scsi iommu problems ... (Neither set of problems are VServer related.) Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] About open Linux phone/SDK Neo1973/OpenMoko your feedback to run linux-vserver on a Arm9 cpu (Samsung s3c2410 SoC)
On Mon November 27 2006 10:28, Robert Michel wrote: Salve! - - - big snip - - - - * 128 MB SDRAM * 64 MB NAND Flash That is a lot of resources ... My NSLU-2 is running Debian/Etch/Arm/el with kernel 2.6.18.2 in 8MB Flash and 32MB Ram Do not know arm9 - but the cpu in my machine is Intel Xscale (ixp42x) (software floating point). I expect the cpu resources to be similar. Lots of luck with your project. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] kernel-2.6.17.13
On Sun November 26 2006 08:54, Daniel Hokka Zakrisson wrote: Roman Pretory wrote: RP ist a horror RP .)modules for iptables have canged RP have to search after use oldconfig What is the old version you compared it against? old Kernel = 2.6.12.3 = old .config Of course, things change, that is to be expected. Netfilter got a rewrite a couple of versions ago (2.6.16, I think). The udev event system also changed across 2.6.14/.15 RP .)Nic's are turned very funny for remote work Find where your host distribution keeps its udev rules, rename your nics using their hardware (mac) address, like: [Debian/Etch location but rule content should be the same] in: /etc/udev/rules.d/z25_persistent-net.rules: # You can modify these, as long as you keep each rule on a single line. SUBSYSTEM==net, DRIVERS==?*, ATTRS{address}==00:00:e8:60:ba:8a, NAME=eth0 SUBSYSTEM==net, DRIVERS==?*, ATTRS{address}==00:01:29:24:75:e9, NAME=eth1 # USB device 0bda:8150 (rtl8150) SUBSYSTEM==net, DRIVERS==?*, ATTRS{address}==00:e0:4c:03:50:1d, NAME=eth2 Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: AW: [Vserver] kernel-2.6.17.13
On Sun November 26 2006 10:20, Roman Pretory wrote: Find where your host distribution keeps its udev rules, rename your nics using their hardware (mac) address, like: [Debian/Etch location but rule content should be the same] in: /etc/udev/rules.d/z25_persistent-net.rules: # You can modify these, as long as you keep each rule on a single line. SUBSYSTEM==net, DRIVERS==?*, ATTRS{address}==00:00:e8:60:ba:8a, NAME=eth0 SUBSYSTEM==net, DRIVERS==?*, ATTRS{address}==00:01:29:24:75:e9, NAME=eth1 # USB device 0bda:8150 (rtl8150) SUBSYSTEM==net, DRIVERS==?*, ATTRS{address}==00:e0:4c:03:50:1d, NAME=eth2 Mike Thanks Usb not used and removed all modules My PCI nics are not hot-swappable, the USB nic is - that entry just shows that things work as expected as I move the nic around the USB tree. to bind ore fix nic/mag/driver makes troubles by cloning or changing nic :-( True - but naming by hardware address is not the only choice. See: man udevinfo and the option: --attribute-walk only useable diver module select and there to much :-) You can specify the driver module to be used (untested here). could brake remote access so have to find differt way but good to know keep it in mind And if all the built-in features fail your needs, a rule can run an external script (untested here). but by the way why a stable patch for a developer(unstable)Kernel(17)?? ore are by information about not up to date? I do not have a clue to that answer. The files on kernel.org show that 2.6.16 and 2.6.18 are being maintained more recently than 2.6.17 - I do not know why that is. BRG Roman Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: future vserver on ubuntu
On Sun November 26 2006 12:15, Philippe Clérié wrote: Gerald at uni-klu was kind enough to reply to a query I sent him. He will not soon be building a vserver kernel for edgy because of lack of time. So I think I'll stick to dapper for a while yet. Regarding vserver and feisty, it's very likely that the patch is not in the distribution because it's no longer in sid. And it makes sense not to include it in sid since debian is building kernels with built-in vserver. For all architectures too! All? Can't find the -ixp4xx (arm, little endian), nor pa-risc 32 or 64 bit. The ones posted only have the VServer Kconfig changes. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vmware in vserver?
On Thu September 28 2006 08:48, John Alberts wrote: I was curious about running vmware in a guest so that I could run an instance of windows on my linux box. That's the only thing I wish vserver could do is let me run windows as a guest os. You might be spinning your wheels on that - many win-apps will detect vmware and refuse to run - even Windows virus applications will usually detect vmware and go into hiding. You might have better luck running Wine - http://www.winehq.com/ If you also have a licensed copy of the M$ dlls - you can set Wine to pick and choose between the M$ dlls and the ones provided with Wine. Please don't start flaming with Why would you use WINDOZE anyway?. Sometimes it's necessary, especially for Windows admins like myself. :) Thanks for everyones input. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] huge oops
On Sat September 23 2006 05:16, Chuck wrote: i am installing on an opteron system using gentoo and portage. when emerging util-vserver it errored with the following cc1: error: unrecognized command line option -fno-stack-protector-all make: *** [bin-x86_64/start.o] Error 1 make: *** Waiting for unfinished jobs cc1: error: unrecognized command line option -fno-stack-protector-all make: *** [bin-x86_64/dyn_start.o] Error 1 make: *** [bin-x86_64/dyn_stop.o] Error 1 make: *** wait: No child processes. Stop. Which compiler? GCC series 3 or series 4? I have not seen that specific error but I have had to tweak some options in the Gentoo configuration files for other changes in the compiler command line options. !!! ERROR: dev-libs/dietlibc-0.28 failed. Call stack: ebuild.sh, line 1546: Called dyn_compile ebuild.sh, line 937: Called src_compile dietlibc-0.28.ebuild, line 42: Called die it is attempting to install util-vserver-0.30.210.tar.bz2 vserver-sources kernel was installed which is 2.6.15-vs2.0.1-gentoo-r5 any ideas? hints? Check the info gcc or the on-line manual for both gcc series 3 and 4; find what happened with the -fno-stack-protector-all option. I have found that the Gentoo dependency system does not include flag changes based on the series of compiler being used. Also the gcc-config utility does not catch all of the flag differences. You can track a rss (live bookmark) of the Gentoo VServer changes with: http://overlays.gentoo.org/proj/vps/timeline?changeset=onwiki=onmax=50daysback=90format=rss Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] mixed gcc versions
On Tue September 19 2006 07:16, Chuck wrote: will a 32 bit guest compiled under gcc 3.4.6 run properly under a 64 bit host compiled using gcc 4.1.1? not positive of what is compatible and what is not. unfortunately i have not found a centos guest template done under 4.1.1 have not looked yet at the centos64 to see if that is under 4.1.1 Only the kernel is common between host and guest. Which means host and guest software needs to be built against the same (or compatible) kernel headers. Plus the consideration that your question implies - the kernel when compiled for 64-bit must still support 32-bit code. Not all brands of machine will support mixed size code. For instance, Linux on pa-risc does not have a 64-bit userland, regardless of the kernel being compiled for either 32-bit or 64-bit. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] mixed gcc versions
On Tue September 19 2006 08:00, Chuck wrote: On Tuesday 19 September 2006 08:50, Michael S. Zick wrote: On Tue September 19 2006 07:16, Chuck wrote: will a 32 bit guest compiled under gcc 3.4.6 run properly under a 64 bit host compiled using gcc 4.1.1? not positive of what is compatible and what is not. unfortunately i have not found a centos guest template done under 4.1.1 have not looked yet at the centos64 to see if that is under 4.1.1 Only the kernel is common between host and guest. Which means host and guest software needs to be built against the same (or compatible) kernel headers. Plus the consideration that your question implies - the kernel when compiled for 64-bit must still support 32-bit code. Not all brands of machine will support mixed size code. For instance, Linux on pa-risc does not have a 64-bit userland, regardless of the kernel being compiled for either 32-bit or 64-bit. it would be a gentoo 64 bit host with 32bit emu enabled If 32-bit emulation is enabled, it should be just fine. You still haven't mentioned the processor type, but if 32-bit code will run on the host, then 32-bit code will run in the guest. and a 32 bit or even possibly the 64bit centos guest.. all gentoo guests will be 64bit gcc 4.1.1 i am just concerned about the centos since thats binary distribution. You probably should not share the same copy of glibc host guest. It is always a good idea for glibc to be built with the same compiler as the rest of userland code. Running a different glibc in a vserver is not a problem, vservers are good at doing things like that. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gcc version mixing?
On Wed September 13 2006 18:26, Chuck wrote: does anyone know if it would cause problems if my host is compiled with gcc 4.1 using nptl while some guests are precompiled binaries using gcc 3.4.6 with the old style threading and others compiled using gcc 4.1 with nptl? i do not have the luxury of making them all 4.1.. so its either hopefully mixing is ok or do all guests in 3.4.6 old threading or i have to do the entire system including host in 3.4.6 old threading. i know basically nothing about the new vs old systems for any kind of compatibility. Here I build experimental glibc and gcc inside of vservers - one of their many uses. They make a great sandbox for anything. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Latest usable Gentoo package
On Thu September 7 2006 06:52, Marcus wrote: Due to the speed the _rc's occured, we thought that moving those ebuilds to our project overlay [1] would make sense. The overlay is subversion based, but you should be able to grab it via wget (or similar) if you can't/wont install subversion just for this single repo. TIA, Christian [1] http://overlays.gentoo.org/svn/proj/vps Wouldn't it be nice to post a short message to the list if a new revision comes up? Somehow I missed revisions 41 to 43 the last week... Try the live bookmark: http://overlays.gentoo.org/proj/vps/timeline?changeset=onwiki=onmax=50daysback=90format=rss Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Multiple NICs, Multiple Networks; Revisited 2
On Sat August 12 2006 02:14, Bob Predaina wrote: eth0, eth1, eth2 and lo are all up and running on the host. the host is using eth0. as a test setup i have installed two guest servers that will be using eth1. both were created using the --interface eth1:192.168.18.252/24 parameter. Have you tried specifying a single address? --interface eth1:192.168.18.252/32 The guests correctly report that they are using eth1 at 192.168.18.252. Even though the guest server's ifconfig information shows binding to the correct ethernet adapter and IP address (eth1:192.168.18.252), it appears that they are responding to incoming traffic on eth1:192.168.18.252, but their outgoing traffic is actually going out through eth0:192.168.18.251. there is no isolation of the network interfaces. Both of those addresses are within the eth1:192.168.18.252/24 specification. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Host and guest compatability
On Wed August 9 2006 08:22, Jim Wight wrote: On Wed, 2006-08-09 at 08:17 +0200, Guenther Fuchs wrote: on Tuesday, August 8, 2006 at 9:46:04 PM there was posted: JW # vserver fc5 start JW /usr/bin/env: /lib/libc.so.6: version `GLIBC_2.4' not found JW (required by /usr/bin/env) Don't know where this comes from, but it definately relates _only_ to the guest. JW FC5 has glibc 2.4 whereas FC4 has glibc 2.3. Is that really the JW problem, or is the message a side-effect of some other problem? It is definately an effect of a guest related problem, which does _not_ relate to the hosts glibc. Well, that's the error I get when I run /vservers/fc5/usr/bin/env on the host. 'chroot /vservers/fc5 /usr/bin/env' is OK. Which means that the env binary and all of its dependencies are complete within the chroot. Since the chroot command does not change the context (or namespace) then it must be the act of trying to run in a different context that breaks something. My guess, the dynamic library handling. Try executing /lib/libc.so.6 in the guest context, see if you get a normal report out of it. It should print its build information, including its version. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Host and guest compatability
On Wed August 9 2006 09:30, Jim Wight wrote: On Wed, 2006-08-09 at 08:50 -0500, Michael S. Zick wrote: Since the chroot command does not change the context (or namespace) then it must be the act of trying to run in a different context that breaks something. My guess, the dynamic library handling. Try executing /lib/libc.so.6 in the guest context, see if you get a normal report out of it. It should print its build information, including its version. What command is required to accomplish that? The file libc.so.6 is an executable. Just substitute /lib/libc.so.6 for where you are using /usr/bin/env in your testing. Or build your own command out of the low level tools, similar too: chbind --ip ${VADDRESS} -- vcontext --create --xid ${VID} --chroot -- \ /usr/bin/env -i HOSTNAME=${VROOT} HOME=/root TERM=${TERM} PS1='\u:\w\$ ' \ PATH='/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin' /bin/bash --login +h I use the above to give myself a command shell inside a vserver context without starting the vserver - the above is independent of the vserver config files. (Note the +h on the Bash command - you need to make Bash drop its path hashing tables.) Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Host and guest compatability
On Wed August 9 2006 10:56, Jim Wight wrote: On Wed, 2006-08-09 at 09:58 -0500, Michael S. Zick wrote: On Wed August 9 2006 09:30, Jim Wight wrote: On Wed, 2006-08-09 at 08:50 -0500, Michael S. Zick wrote: Since the chroot command does not change the context (or namespace) then it must be the act of trying to run in a different context that breaks something. My guess, the dynamic library handling. Try executing /lib/libc.so.6 in the guest context, see if you get a normal report out of it. It should print its build information, including its version. What command is required to accomplish that? The file libc.so.6 is an executable. Just substitute /lib/libc.so.6 for where you are using /usr/bin/env in your testing. OK. I changed the value of _ENV in util-vserver-vars, which results in # vserver fc5 start GNU C Library development release version 2.3.5, by Roland McGrath et al. Oops. Copyright (C) 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 4.0.1 20050727 (Red Hat 4.0.1-5). Compiled on a Linux 2.4.20 system on 2005-08-15. Available extensions: GNU libio by Per Bothner crypt add-on version 2.1 by Michael Glad and others Native POSIX Threads Library by Ulrich Drepper et al The C stubs add-on version 2.1.2. BIND-8.2.3-T5B NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk Glibc-2.0 compatibility add-on by Cristian Gafton GNU Libidn by Simon Josefsson Thread-local storage support included. For bug reporting instructions, please see: http://www.gnu.org/software/libc/bugs.html. vshelper.init: can not determine xid of vserver 'fc5'; returned value was '' which is what executing /lib/libc.so.6 on the (FC4) host gives. Presumably you would expect the output to be the same as # chroot /vservers/fc5 /lib/libc.so.6 GNU C Library development release version 2.4, by Roland McGrath et al. Super! Copyright (C) 2006 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 4.1.0 20060304 (Red Hat 4.1.0-3). Compiled on a Linux 2.6.9 system on 2006-05-12. Available extensions: The C stubs add-on version 2.1.2. crypt add-on version 2.1 by Michael Glad and others GNU Libidn by Simon Josefsson GNU libio by Per Bothner NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk Native POSIX Threads Library by Ulrich Drepper et al BIND-8.2.3-T5B Thread-local storage support included. For bug reporting instructions, please see: http://www.gnu.org/software/libc/bugs.html. Or build your own command out of the low level tools, similar too: chbind --ip ${VADDRESS} -- vcontext --create --xid ${VID} --chroot -- \ /usr/bin/env -i HOSTNAME=${VROOT} HOME=/root TERM=${TERM} PS1='\u:\w\$ ' \ PATH='/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin' /bin/bash --login +h Like this # cd /vservers/fc5 # vcontext --create --xid 49142 --chroot -- /usr/bin/env -i HOME=/root PATH='/bin:/sbin:/usr/bin:/usr/sbin' /bin/bash --login +h New security context is 49142 [EMAIL PROTECTED] /]# cat /etc/redhat-release Fedora Core release 5 (Bordeaux) [EMAIL PROTECTED] /]# /lib/libc.so.6 GNU C Library development release version 2.4, by Roland McGrath et al. Copyright (C) 2006 Free Software Foundation, Inc. You got it and I don't see any complaints from env, bash, the loader, or libc.so.6. Now the only question is why the high-level tools have a problem starting your vserver. Sorry, I can't help with the why, but you have a shell in the virtual context to work from. First would probably be to run /sbin/ldconfig. Major difference here is the various configuration files that the high-level scripts use. These low-level commands aren't referencing them. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] time in guest vserver
On Tue August 1 2006 05:29, Jonathan Dray wrote: I have a correct output with the date function inside guests : mardi 2006, 12:07:14 (UTC+0200) But time only give me 0 : real0m0.000s user0m0.000s sys 0m0.000s Is this normal ? Yes The problem is that the php time() function takes the results of the system time call. try: date And I need the time() value to synchronise database values. Is there any way to have the correct time ? The date-time value would probably be better than using the elapsed time of a process. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] guest network interface disappears
On Tue July 25 2006 09:01, Martin Pajak wrote: Herbert Poetzl schrieb: suspect that one guest gets a 'primary' (i.e. not secondary) ip on the network (check with ip a ls) I tested this and all guests have only their designated addresses bound, so this shouldn't be the cause here. I don't know the primary/secondary propagation, but I guess I don't need it in this scenario. The first address assigned to a nic becomes the primary (only). Additional addresses become 'secondary'. With the default set-up, then if you take down the primary, all addresses go down. There is a flag in /proc, I forget where, that can be set to change the above behavior. With the flag set - then when you take down the (current) primary address, one of the secondary addresses becomes primary. This has been on the mailing list before, should be findable. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] How to discover the real IP Address?
On Sat July 8 2006 07:11, Boniforti Flavio wrote: 2006/7/8, Guenther Fuchs [EMAIL PROTECTED]: So you meant to discover, on which machine you reside, when not having main host access but knowing some of their details, right? Genau! :-) BF Now, I tried following approach: BF pinging localhost gives me 0.0 ms times BF pinging SERVER1 gives me 0.0 ms times BF pinging SERVER2 gives me times form 0.1 to 0.4... BF Is it correct if I assume (without any definite certainty) that my BF VServer resides on SERVER1? This assumption looks correct to me, although it's not certain. Look into ARP tables and MAC adresses for more certainity. Well, looking at ARP tables I can't get anything about the real IPs of the hosts. Is it correct, when I assume that *all* the IPs bound to the real interface have THE SAME MAC Address? If yes, is there any way to get the MAC address from outside? man arping ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] fstab.remote + smbmount
On Fri June 23 2006 19:39, Daniel Hokka Zakrisson wrote: Falk Hamann wrote: 26008 execve(/sbin/mount.smbfs, [/sbin/mount.smbfs, //fsuser/grp, ., -n, -o, rw,nodev,uid=101,gid=100,usernam...], [/* 16 vars */]) = 0 Could the // in //fsuser/grp be throwing off its option parsing? ... 26008 write(2, .: invalid option -- n\n, 23) = 23 Or the -n option is really invalid for that /sbin/mount.smbfs version? (It isn't mentioned on the smbmount man page.) Try running /sbin/mount.smbfs by hand with those variations. Mike ... 26008 write(1, 26008: tree connect failed: ERRD..., 66) = 66 ... I hope, somebody can help me and pinpoint the problem. I can't imagine that smb should not do within a guest. :-( Thanks Falk mount.smbfs is obviously the one printing the error, although it seems to proceed with the mount anyhow. That in turn seems to be denied for some reason (26008?). Do you have the full error message it prints? ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project
On Sat May 27 2006 09:41, Herbert Poetzl wrote: On Thu, May 25, 2006 at 06:07:28AM -0400, Bob Mutch wrote: If you blog or have friends that blog you may want to ask them to blog up on the project. The more noise we make the more companies that will use my list to make donations and the more money that will be sent to support your project. just a small question, who verifies the lists _you_ put together and send to the companies? I mean, it's not clear to me how to prevent misuse of that list by e.g. adding a few additional paypal accounts :) best, Herbert A few more small questions. I note that you state you charge a fee for the lists that you provide. How much? How do you figure the rate? Are you a 503(c)3 tax exempt organization? Where can a audited copy of your books be reviewed? Why are you using the same IP address as a recognized, financial scam artiest? This project has a perfectly good donations page and a working system to accept and acknowledge donations. What is there to be gained by this project by its association with your for-profit (the fees) service? Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project
On Sat May 27 2006 10:40, Michael S. Zick wrote: On Sat May 27 2006 09:41, Herbert Poetzl wrote: On Thu, May 25, 2006 at 06:07:28AM -0400, Bob Mutch wrote: If you blog or have friends that blog you may want to ask them to blog up on the project. The more noise we make the more companies that will use my list to make donations and the more money that will be sent to support your project. just a small question, who verifies the lists _you_ put together and send to the companies? I mean, it's not clear to me how to prevent misuse of that list by e.g. adding a few additional paypal accounts :) best, Herbert A few more small questions. I note that you state you charge a fee for the lists that you provide. How much? How do you figure the rate? Are you a 503(c)3 tax exempt organization? Oops - typo ^^ 501(c)3 Where can a audited copy of your books be reviewed? Why are you using the same IP address as a recognized, financial scam artiest? This project has a perfectly good donations page and a working system to accept and acknowledge donations. What is there to be gained by this project by its association with your for-profit (the fees) service? Mike Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project
On Sat May 20 2006 17:14, Herbert Poetzl wrote: On Fri, May 19, 2006 at 07:27:30AM -0700, Bob Mutch wrote: Hi my name is Bob Mutch ... Hi Bob! .. and I am the owner of Solutions with Service, a Canadian company that uses open source software products. And a bit of information on the source of that mail: [EMAIL PROTECTED]:~$ makeviz bobmutch.com Starting with domain name bobmutch.com. Using default blacklist server list. Search depth limit: 2 .,.1::2 Known network pairs. 64.202.189.170 bobmutch.com. 64.202.189.170 pwfwd-v01.prod.mesa1.secureserver.net. 64.202.165.120 park17.secureserver.net. 68.178.211.113 park18.secureserver.net. 64.202.167.31cns1.secureserver.net. 68.178.211.100 cns2.secureserver.net. 64.202.188.201 jomax.net. 64.202.188.208 secureserver.net. 64.202.166.11mailstore1.secureserver.net. 64.202.166.12smtp.secureserver.net. 64.202.165.120 ip-64-202-165-120.secureserver.net. 68.178.211.113 ip-68-178-211-113.ip.secureserver.net. 64.202.188.201 corpweb-v01.prod.mesa1.secureserver.net. 64.202.188.208 corpweb-v08.prod.mesa1.secureserver.net. Checking Blacklist servers. Checking address 64.202.189.170 Records from l2.spews.dnsbl.sorbs.net !!! [2] Sam Talari, see http://spews.org/ask.cgi?S3214; Checking address 64.202.165.120 Checking address 68.178.211.113 Checking address 64.202.167.31 Checking address 68.178.211.100 Checking address 64.202.188.201 Checking address 64.202.188.208 Checking address 64.202.166.11 Checking address 64.202.166.12 http://spamviz.net; makeviz.bash; v-1.3.0, 2005-msz - - - - - Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Project Support Open Source (SOS) wanted to donation to your project
On Sat May 20 2006 17:14, Herbert Poetzl wrote: On Fri, May 19, 2006 at 07:27:30AM -0700, Bob Mutch wrote: Hi my name is Bob Mutch ... Hi Bob! .. and I am the owner of Solutions with Service, a Canadian company that uses open source software products. I have started a project called ?Project SOS? (Support Open Source) to help fund free and open source software projects. I would like to make a donation to your open source work http://linux-vserver.org though our project. sounds good! Here is the page that how the donations work. http://www.seocompany.ca/project-support-open-source.html sounds good too ... You might read his answer to why are you doing this question. quoted in part: quote Together we came up with the name Gentoo, registered gentoo.org in 2002 and I had some minor input into the ports type package system Robin's developed. /quote Unfortunately, he can't even get his facts straight: [EMAIL PROTECTED]:~$ whois -H gentoo.org Domain ID:D10959563-LROR Domain Name:GENTOO.ORG Created On:04-Oct-1999 16:08:45 UTC Last Updated On:21-May-2005 01:52:15 UTC Expiration Date:04-Oct-2008 16:08:45 UTC - - - - Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] secure a guest against the host's root-account
On Mon April 24 2006 01:02, Oliver Welter wrote: Hi Folks, this might be a strange question for some of you as it is more an academical interesst, but I hope you can help me out ;) Q: Is there a way to prevent that a superuser on the host system can * see process of a guest * enter a guest * receive any other valuable info from the guest The idea behind is easy - I want to give away a guest system that uses an encrypted filesystem for its sensible data. The guest system itsself will provide only very limited access to the data via an API and it must be prevented by any means that even the Bofh of the host can access any of the data So, is there any way to do this ? I guess that SELinux/GR will offer some pointers to forbid root these actions, but are there any easier ways ?? Sounds like SELinux is the tool of choice for that. Mike Oliver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [ARCH] Linux-VServer auf T2000 :)
On Sun April 9 2006 09:36, Guenther Fuchs wrote: Hi there, on Sunday, April 9, 2006 at 4:28:57 PM there was posted: HP Linux 2.6.17-rc1-vs2.1.1 #2 SMP Ah - where's this release to be fetched from? ;-) http://www.kernel.org ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [ARCH] Linux-VServer auf T2000 :)
On Sun April 9 2006 12:45, Guenther Fuchs wrote: Hi there, on Sunday, April 9, 2006 at 6:19:23 PM there was posted: GF Ah - where's this release to be fetched from? ;-) MSZ http://www.kernel.org Oh - they do have VServer patches now? Interesting. The answer can never be better than the question. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] too many open files error
On Thu April 6 2006 11:20, Chuck wrote: Ch On Thursday 06 April 2006 11:56 am, Xavier Montagutelli wrote: Ch On Thursday 06 April 2006 16:46, Chuck wrote: Ch this one is weird. could i be reaching some kind of max on a gentoo Ch platform? Ch Ch we are running approx 40 vserver guests on a 4 processor dell. our email Ch server is running on the 'host' side. Ch Ch my tip on this came from our email list server. the log stated: Ch Ch 6 10:20:19 error: Still trying to open connection Too many open files Ch A single, multi-thread application? There is another limit built into the kernel for applications that use 'select' to get notifications of connection attempts to file descriptors. That limit is the hardcoded size of the file descriptor select structure (in bits). Not sure off-hand how big it is, I think either 64 or 128 bits (open descriptors monitored). You might have to run multiple instances of the e-mail application if this is the cause of the error message. Mike Ch and this is in the log many times. not knowing if this is a program or Ch system error causing this i am taking the safe route while i wait for the Ch program support people to let me know... Ch Ch is there a setting somewhere in the vserver system, i assume on the host, Ch that the number of open files can be set? i dont even know what the stock Ch max is.. Ch Ch Perhaps /proc/sys/fs/file-max ? Ch Ch Ch maybe max files is not the issue. : Ch Ch # cat /proc/sys/fs/file-max Ch 309847 Ch Ch i would think 309k open files would be sufficient. Ch Ch will see what the mailing list software vendor has to say.. Ch Ch Just modify the value by echoing the new value Ch Ch or use sysctl -w fs.file-max= and modify /etc/sysctl.conf Ch Ch -- Ch Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Ch Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Ch Universite de Limoges Ch 123, avenue Albert Thomas Ch 87060 Limoges cedex Ch ___ Ch Vserver mailing list Ch Vserver@list.linux-vserver.org Ch http://list.linux-vserver.org/mailman/listinfo/vserver Ch Ch ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problem with nice inside a vserver
On Sat March 11 2006 07:44, Russell Kliese wrote: On 3/9/06, Russell Kliese [EMAIL PROTECTED] wrote: I have a problem with the find cron job inside a debian vserver. The find cron job runs the updatedb script as follows: #! /bin/sh # # cron script to update the `locatedb' database. # # Written by Ian A. Murdock [EMAIL PROTECTED] and #Kevin Dalley [EMAIL PROTECTED] LOCALUSER=nobody export LOCALUSER if [ -f /etc/updatedb.conf ]; then . /etc/updatedb.conf fi if getent passwd $LOCALUSER /dev/null ; then cd / nice -n ${NICE:-10} updatedb 2/dev/null # cd / updatedb 2/dev/null else echo User $LOCALUSER does not exist. exit 1 fi The updatedb script tries to su to the nobody user, but this fails with the following messages logged in /var/log/auth.log Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for user nobody by root(uid=0) Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission denied If I comment in the line with the # in the above script (and comment out the line above), things work fine (i.e. I don't get the pam_open_session: Permission denied logged in the auth.log). So it seems to be something to do with nice. Note that even if I remove the -n ${NICE:-10} things still don't work. what does the $NICE contain here? maybe a negative value? $NICE is set to 10 in /etc/updatedb.conf, so -n ${NICE:-10} is the same as -n 0. In a shell script? Doesn't :- set a default value if the variable is not already set? Mike could you add some output to the log before that? Sorry, I'm not sure what you mean. Would enabling CAP_SYS_NICE help in this case even though a lower priority is being set? Or is there something else causing this problem? ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver hosting on server4you.com
On Wed February 22 2006 15:28, Matt Nuzum wrote: Well, one mistake I made when deciding on a data center was to failing to see if their service is used by spammers. When I signed up with Neutelligent in the Tampa Bay are of Florida, USA I didn't check this. At the time our servers were installed, several IP blocks were black listed and our users could not send e-mail to some domains (such as AOL). Fortunately, they had already enacted a policy to get abusers off of their network and after a few months the IP Blocks were removed from the DNSbl. Anytime I consider a host in the future, I'm going to ask what their policy on spammers is and check the dns black lists to see if they're listed. I wrote a tool for that purpose (among others), see: http://freshmeat.net/projects/spamviz/ Requires that your system have bash and dig installed. GraphViz is optional. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver distribution? (was CentOS 4(.2) utils RPM/YUM repository)
On Wed February 15 2006 16:35, Matthew Sayler wrote: I've been thinking for some time that it would be great to tailor a distribution especially for Linux-Vserver -- that is, an installable ISO-imagable Linux distribution configured to lay down a very minimal system by default. Mostly I want nothing except for ssh and a few monitoring apps running on my host vserver. Anyone tried this or thought about this? Matthew, Do you mean a runtime only system (I.E: no tool chain) Then the answer is yes. Searching the list for nano-vserver would bring up the thread - but that will not help at the moment, since I have pulled the Dec. 28, 2005 prototype from my site. Currently the project is undergoing a major re-write... Will have that done RSN (tm). Image based on: Staticly linked Bash Dynamicly linked Busybox Your choice of glibc Currently only provides a virtual context shell. Now working on making it provide a virtual server with secure login. The idea is to be able to add your choice of application software - or to be able to install a minimum base installation of anything from within the virtual context shell. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Bug/Issue with Routing, Multiple NICs and vServers
On Fri February 10 2006 02:50, Herbert Poetzl wrote: On Fri, Feb 10, 2006 at 08:58:05AM +0100, Oliver Welter wrote: Hi Folks, I encounter several problems regarding routing with a vServer host that has mutliple networks. - - - - snip if you want a shizophrenic host which can handle separate networks, you simply have to configure that properly, in your case that means to create two tables which contain the separate network entries and only put the 'shared' net in the main table, then have appropriate rules decide which table to choose from, based on the source ip this is nothing Linux-VServer specific, it is the way how linux networking works and it will not change without some kind of network stack virtualization, which will be done in the upcoming ngnet ... best, Herbert Warning - - not tried in real operation - - Enable the bridging code in your kernel config... Add all of your nics to the bridge... Set up your IP tables to send anything 'out of box' to the bridge... Use the bridge rules to block/route/whatever things to proper nic. Last time I used the bridging rules (before adopted in stock kernel), there was not a 'drop on the floor' target... So configure the 'dummy network device' into your kernel - you can use that as a '/dev/null' in the bridge rules. Careful - such a setup can become incomprehensible in a hurry. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ssh into a vserver
On Tue February 7 2006 14:41, Herbert Poetzl wrote: On Tue, Feb 07, 2006 at 08:50:09PM +0100, Norbert Klamann (gpre) wrote: Herbert Poetzl schrieb: On Tue, Feb 07, 2006 at 06:06:08PM +0100, Norbert Klamann (gpre) wrote: Hello all, i have a debian sarge box with a vserver guest in it, both have to share the same ip and I configured the vserver with nodev. My version of the vserver-Software is vs2.0.1 against a 2.6.14.3 - Kernel. I installed sshd in it and bound it to the IP-Adress (not 0.0...) and another port than the host. you got it the wrong way, the guest's sshd does not need any changes, the host's sshd has to be restricted to some host IPs, otherwise ... But I have less ip-adresses than vservers, so the host and the guest have to share . I was under the impression that it is possible to have 2 sshds on 1 ip-adress but 2 ports. Shouldn't this work ? yes, it definitely works, but of course you have to use different ports for that ... View his e-mail headers - they tell the story. Will try to help him off-list Mike best, Herbert -- Viele Gr??e / All the best Norbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Q: Using the vserver list for kernel development.
On Fri February 3 2006 16:21, Martin List-Petersen wrote: On Fri, 2006-02-03 at 21:58 +0100, Cedric Le Goater wrote: Eric W. Biederman wrote: I have recently been doing some vserver related kernel development but have had no luck CC my patches to the vserver list. This last round because I CC to many interested parties. Is the vserver list supposed to be a place where we can post patches for discussion? IMHO yes, so please if possible, make that happen ... Doing my best to CC the interested parties. It looks like the next patchset will go out to 14 different recipients. :) time for a new mailing list ? Well, the limitation might be, that we don't allow attachments or very small ones. I can have a look at things this weekend to increase it. That was the decision mad when we moved the mailinglist the last time. Could also be the handling of BCC - I know he said CC but he might be sending BCC and often list software is set to /dev/null anything BCC for spam reduction. Mike /Martin ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [glibc] Usage of glibc with VServer tools
On Fri February 3 2006 17:06, Michael S. Zick wrote: On Fri February 3 2006 10:14, Michael S. Zick wrote: Group, An update on the discussions in m-l threads: re: http://list.linux-vserver.org/archive/vserver/msg09336.html re: http://list.linux-vserver.org/archive/vserver/msg12349.html - - - snip - - - This should be the last part of what turned out to be a three part message. (After a couple of days of RTFM ...) As to the original question: Can some sort of test be created ... Consider this situation: User has a host system, running an arbitrary version/patch flavor/option set of glibc ... User has just populated the file system with a guest software system using an arbitrary *libc ... Now, for this situation, construct a test the user can run to see if they might run into trouble with the glibc name service system either failing or worse, returning the data from the host definitions rather than the guest definitions during either new context creation or new context entry. (That turns out to be a challenging test specification.) The problem exists because the nss services in glibc are provided by dynamic linking of external DSOs, even in a staticly linked application. AND: For most hardware, glibc performs lazy linking (on call linking). AND: The dynamic linker of glibc can not unlink a DSO from an executing process image and re-link that same process image with a different DSO. (Even if glibc-2.4.x provides that last feature - note the arbitrary glibc in the problem specification.) - - - Testing for glibc nss failure of process(es) executing in two contexts: Not an easy task. Also would require artificial set-up in user's host and/or guest software system. Q.E.D: Not practical. - - - Testing for other glibc failures of process(es) executing in two contexts: This one might be practical. The roots of the problem given above also apply to internationalization in glibc (on-call linking of an external DSO even in a staticly linked application). The tests would require the host and guest locale settings to differ and detecting if a two context process is grabbing the wrong locale data/coversions. - - - The work arounds - - Staticly link two context applications against a *libc that does not provide nss and internationalization as external, link on-call, DSOs - - The glibc case (this fails the arbitrary glibc part of the requirements) - Link two context applications either dynamicly or staticly against glibc. (Static linking gives a larger image but quicker start-up time) - Disable nscd if running in the host (or never start it; I.E: no config file) (nscd --shutdown) - Enable the bind-now feature in the environment of two context applications when creating the process image. (This feature is a glibc build time option - your glibc might not include it.) - - - Why call the previous work arounds ? - - Both the glibc and non-glibc work arounds lock the two context process image to use the host software system implementations. It is conceivable that the guest software system is incompatible with the locked in implementation. - - The glibc work around can also be locked in to the guest implementation using a combination of LD_LIBRARY_PATH and BIND_NOW. - - The point is, the process image is only _KNOWN_ to be compatible with either the host or the guest software system. - - - The solution - - Don't do that. - Immediately after making the context change system call, create a new process image using the new context software system, communicate commands that might make nss or internationalization calls to the proper, context specific, process image. Note 1: Open file descriptors that are not marked close on exec are passed to the process image in the new context. Note 2: The high level, VServer tools are Bash scripts - this means that the executing Bash process image is a two context application. Note 3: ldconfig has options that allow the creation of the (to be) proper ld.so.cache for the file system of the new context from outside of that file system. - - - I.E: A lot of work for no noticeable benefit or even lost functionality. When the linux dynamic loader can unlink and relink a different DSO in a process image - the situation might change. That feature has been on the glibc wish list for nearly a decade - don't hold your breath. None of this means that you can not use glibc with the dynamic nss enabled, it only places restrictions on version compatibility of the libraries in the host and the guest. I hope that having this thread in the m-l archives is a help to someone. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
On Thu February 2 2006 21:55, Herbert Poetzl wrote: On Thu, Feb 02, 2006 at 08:08:38PM -0600, Michael S. Zick wrote: On Thu February 2 2006 19:32, Herbert Poetzl wrote: On Thu, Feb 02, 2006 at 04:33:16PM -0600, Michael S. Zick wrote: On Thu February 2 2006 14:09, Herbert Poetzl wrote: On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote: really depends on the dietlibc, but I'd assume it is _still_ broken on HPPA, nevertheless the glibc is _not_ a good alternative, although it _might_ work for simple things. I guess we can find out when Joel sends results of tests? possible, well, testme and testfs will not detect the insecurities introduced by glibc Are there any tests available to check for these glibc problems? I don't know of explicit tests, but it should be possible to create some, given that somebody wants to spend time on it ... If not, perhaps a pointer or two into the mail archives on the subject or pointer(s) to a discussion of the problems found? http://list.linux-vserver.org/archive/vserver/msg09379.html (there are others, just goolge for it) Thanks, now I read what the concerns are. . . That message is about the date of glibc-2.3.2 - current is 2.3.6 There has been a fair number of changes done between those versions. Some affecting getpwnam() and friends when used in staticly linked programs. well, please also check how 'small' the statically linked tools would be when linked against recent glibc (statically of course :) That I can do - Just need to look up the information on build machine. This is off topic for the subject - so will break this thread. I think both of the mentioned restrictions can now be enforced. would be good as a last resort when dietlibc is failing (as it is currently the case for parisc) Let me spend some time on checking that statement before I go too far out on a limb. please do so, and keep us posted ... Next update will be a thread tagged: [glibc] for future m-l reference. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [glibc] Usage of glibc with VServer tools
Group, An update on the discussions in m-l threads: re: http://list.linux-vserver.org/archive/vserver/msg09336.html re: http://list.linux-vserver.org/archive/vserver/msg12349.html At the time of this writing, there are a lot of distributions which have glibc-2.3.2 deployed (Debian/Sarge for one). The glibc project has released glibc-2.3.6 recently. There are distributions which have deployed all versions inbetween, complicated by distribution specific patches. If that is not confusing enough, even the same distribution may not use the same version of glibc (and with the same build options) depending on the system hardware. For example, a Debian/Sarge/parisc and a Debian/Sarge/x86 system does not deploy the same glibc with the same options. The VServer tools are a combination of low level, compiled tools and high level, Bash scripts. Both of which need to lookup names. These programs expect the name lookup functions to be supplied by the system library[1]. When executing within the host (0) context, the host system library will be used. When executing within the guest (1) context, the guest system library will be used. The problems encountered in the referenced m-l threads are related to when a process has to execute in both/either context(s). Such behavior happens during the creation of and/or entry into a guest context. This is due to there being no guarantee that the libraries in the host and the guest have compatable name lookup implementations. Enforcing such a guarantee is not an option - the guest context should be able to run any system library that is compatable with the host kernel. One work-around is to staticly link the VServer tools - this 'hardcodes' the name lookup implementation to whatever code the library used for linking provided. But what about the copy of Bash that is running the high level scripts? Ah, so... Building a staticly linked[2] copy of Bash-3.1 provides a set of warning messages - pointing to the culprits: quote warning: Using 'getgrent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking. /quote With the same warning for: setgrent, endgrent, getpwent, getpwnam, getpwuid, setpwent, endpwent, getaddrinfo, getservent, setservent, endservent There might be others, those are the ones that Bash-3.1 complains about. Since this warning is related to how glibc implements those functions (in an external DSO), it applies to any program that makes those function calls and staticly linked against glibc-2.3.{2,3,4,5,6} even if that program's build does not report the warnings. The staticly linked Bash-3.1 will run, without runtime error reports, with those calls not present. Of course, those functions will not work, but Bash-3.1 will survive. The Bash-3.1 config-bot.h may be modified to avoid the features that call those functions. But that is not the real solution, the VServer tools need to call those functions also. The solution is to include some 'linker magic' in the build of Bash (and the VServer tools) to include the glibc static library implementation of those calls. I have not determined that 'linker magic' yet - but the static archives are present, even with Debian/Sarge binary only, installations. - - - - - Notes: [1] Which flavor of glibc am I building against? On your VServer tools build system, examine a dynamicly linked application; your distribution's Bash is probably dynamicly linked, use the ldd script: enter: ldd /bin/bash If you see a: linux-gate.so.1 = (high memory address) then the program is linked to use the kernel's 'fast sys-call' entry. This is a kernel code provided, virtual, DSO - there should not be any such file on the system. Note the actual location of libc.so.6 (on the right of the = thing); execute the actual library: (Debian/Sarge/x86 - your milage will vary) enter: /lib/tls/libc.so.6 Which will report some identifying information. Determine the library binaries by: enter: cat /usr/include/gnu/lib-names.h It is the static libraries for libnss_dns*, libnss_files*, and libnss_compat* that will need to be included in the 'linker magic'. - - - - - [2] Translation of build a staticly linked Bash ./configure --enable-net-redirections --enable-static-link \ --disable-rpath --prefix= (Yes, that is --prefix=whitespace, not a typo) make make prefix=/opt/gnu/bash-static install-strip - - - - - Probably more than anyone wanted to know. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
On Fri February 3 2006 12:04, Joel Soete wrote: Appologies for late answer but this isp webmail interface is very a nightmare (it tooks me all this afternoon to reach to login Grrr). Joel, I sent you a possible solution to that problem. Of course, that does not mean you received it. When you get a chance this weekend to beat on your e-mail service, let me know off-list if you didn't receive it. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Samba and Vserver Best Practices
On Fri February 3 2006 12:49, Matt Nuzum wrote: On 2/3/06, Charles Baker [EMAIL PROTECTED] wrote: I'm setting up a host server and several vservers that developers in my organization will use to test bug fixes of our software. They will occasionally need access to certain directories on the vservers to check logs, etc. For convenience sake samba shares to the needed directories would be the thing to have. Is the best practice to set up samba on the host server and share directories within the /vservers/$SERVERNAME/path/to/log/dir or set up samba w/in the vserver itself and share it that way? I've pondered this question myself and haven't come to a definite conclusion. I've had some problems with locking, although that was an older version of Samba and I here the problem I had has been resolved. No matter what I try, I keep coming back to SSH and tail -f and some other custom tools I've written. I've thought about using named pipes that will automatically spit out log files into multiple places, but I haven't taken the time yet to persue this. You mean like: /dev/log (syslog socket)? I envision a daemon process that watches the named pipe and (in my case) spit out a full log file, like normal, then grab interesting log entries and spit them out as separate files into a share that can be accessed elsewhere. Perhaps name the daemon syslogd? Try: man syslogd You can specify selected information to be remotely logged. That is the 'common' syslogd on Linux systems, if using one of the alternatives, remote logging might not be supported. Mike For me, debugging log files containe snippets of XML and SQL and it would be nice if those XML snippets are saved out as *.xml files so that they open in XML spy with just a double click and the sql is saved as *.sql files. The only doubt I have about this working is the challenge of keeping the daemon running. I realize this problem has probably been solved, but I still wonder how it will work in a named pipe scenario. Just food for thought and mindless rambling... -- Matthew Nuzum [EMAIL PROTECTED] www.followers.net - Makers of Elite Content Management System View samples of Elite CMS in action by visiting http://www.followers.net/portfolio/ ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
On Fri February 3 2006 16:14, micah wrote: In gmane.linux.vserver, you wrote: On Fri February 3 2006 12:04, Joel Soete wrote: Appologies for late answer but this isp webmail interface is very a nightmare (it tooks me all this afternoon to reach to login Grrr). Joel, I sent you a possible solution to that problem. Of course, that does not mean you received it. If this was a solution to Joel's problem with dietlib, can you re-send it to the list so the rest of us can know the answer? I'd like to be able to reference it in the future if other HPPA users come here with the same problem. :) Sorry, I wasn't clear... The ISP problem, not the dietlibc problems. Due to the ISP problem, I had to steal a little m-l bandwidth. Apologies, Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [glibc] Usage of glibc with VServer tools
On Fri February 3 2006 10:14, Michael S. Zick wrote: Group, An update on the discussions in m-l threads: re: http://list.linux-vserver.org/archive/vserver/msg09336.html re: http://list.linux-vserver.org/archive/vserver/msg12349.html - - - snip - - - messages - pointing to the culprits: quote warning: Using 'getgrent' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking. /quote With the same warning for: setgrent, endgrent, getpwent, getpwnam, getpwuid, setpwent, endpwent, getaddrinfo, getservent, setservent, endservent There might be others, those are the ones that Bash-3.1 complains about. - - - Yup, there are others - - - The solution is to include some 'linker magic' in the build of Bash (and the VServer tools) to include the glibc static library implementation of those calls. Close, but no golden ring. First, you have to build a special version of glibc with the dynamic, name system service disabled using instead the older static nss. (The glibc doc's claim it can be done, but I haven't tried it.) After all of that work, a static link of the VServer tools against the special glibc is still just a work-around, same as if the tools where linked against a *libc* that does not provide dynamic nss. I.E: A lot of work for no noticeable benefit or even lost functionality. When the linux dynamic loader can unlink and relink a different DSO in a process image - the situation might change. That feature has been on the glibc wish list for nearly a decade - don't hold your breath. None of this means that you can not use glibc with the dynamic nss enabled, it only places restrictions on version compatibility of the libraries in the host and the guest. Aw, well, back to my own project that sidesteps this whole issue. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Step by Step Guide to a nano-vserver
On Wed December 28 2005 16:28, Michael S. Zick wrote: Joel and Group, Today's update is available. Baby-01 now does proper networking, only the directions where wrong. The December 28th version of the guide has been removed, but my server logs show folks still looking for it. So a small progress note: After a serious re-think of the project... After a very major re-write... After getting past the glibc nonsense... I am now back on the job; The next revision should be posted RSN. (I hope) Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
On Thu February 2 2006 12:21, Micah Anderson wrote: Joel, - - - snip What is toh? I would prefer to use dietlibc if possible as it seems to be required to handle some corner security issues. (on) The Other Hand Mike (But tbh I'm still ignoring what kind of pb am I supposed to encounter) I'm sorry, I am not able to parse your acronyms! ? -ENOACRO ? Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
On Thu February 2 2006 14:09, Herbert Poetzl wrote: On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote: really depends on the dietlibc, but I'd assume it is _still_ broken on HPPA, nevertheless the glibc is _not_ a good alternative, although it _might_ work for simple things. I guess we can find out when Joel sends results of tests? possible, well, testme and testfs will not detect the insecurities introduced by glibc Are there any tests available to check for these glibc problems? If not, perhaps a pointer or two into the mail archives on the subject or pointer(s) to a discussion of the problems found? Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: 2.6.16-rc1-vs2.1.0.9 latest test on parisc
On Thu February 2 2006 19:32, Herbert Poetzl wrote: On Thu, Feb 02, 2006 at 04:33:16PM -0600, Michael S. Zick wrote: On Thu February 2 2006 14:09, Herbert Poetzl wrote: On Thu, Feb 02, 2006 at 02:29:38PM -0500, Micah Anderson wrote: really depends on the dietlibc, but I'd assume it is _still_ broken on HPPA, nevertheless the glibc is _not_ a good alternative, although it _might_ work for simple things. I guess we can find out when Joel sends results of tests? possible, well, testme and testfs will not detect the insecurities introduced by glibc Are there any tests available to check for these glibc problems? I don't know of explicit tests, but it should be possible to create some, given that somebody wants to spend time on it ... If not, perhaps a pointer or two into the mail archives on the subject or pointer(s) to a discussion of the problems found? http://list.linux-vserver.org/archive/vserver/msg09379.html (there are others, just goolge for it) Thanks, now I read what the concerns are. . . That message is about the date of glibc-2.3.2 - current is 2.3.6 There has been a fair number of changes done between those versions. Some affecting getpwnam() and friends when used in staticly linked programs. I think both of the mentioned restrictions can now be enforced. Let me spend some time on checking that statement before I go too far out on a limb. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /tmp too small
On Mon January 30 2006 09:05, Eugen Leitl wrote: My vserver looks like this: v64:/# df -k Filesystem 1K-blocks Used Available Use% Mounted on /dev/hdv1 97627508 49680728 47946780 51% / none 16384 0 16384 0% /tmp I would like to increase /tmp Any suggestions very welcome. Two choices... It looks like it is on /dev/shm - if you want to keep it there, increase the size in fstab mount line. If on hard disk, put it on a larger partition. - - - - A note on the /dev/shm and VServers - You may have individual (per VServer) /dev/shm or a pooled /dev/shm - If you mount -o bind the host's /dev/shm on the VServer mount point, your VServer and Host will use a single pool (Yea) BUT the files will have the persistence of the host. I.E: The entries will survive guest restarts (Might have to clean them out yourself). Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] How to vunify/vhashify on Gentoo
On Sun January 22 2006 05:38, Enrico Scholz wrote: [EMAIL PROTECTED] (Wilhelm Meier) writes: I'm using Gentoo as a host and also Gentoo as VPSs. If I try to vunify/vhashify two VPS, I get: gs vservers # ln -s /etc/vservers/vs01 /etc/vservers/vs01c/apps/vunify/refserver.00 gs vservers # vserver vs01c unify Can not determine packagemanagement style failed to determine configfiles Does vhashify/vunify really make sense on Gentoo? AFAIK, Gentoo does not have a packagemanagement and you have to recompile everything (which will probably produce different checksums). Gentoo does handle binary package management - do: emerge --buildpkg whatever (you can set that option in your FEATURES) the 'install' tools accept binary package.tbz2 with a --usepkg option. The package is a 'tar --bzip2' with additional meta-data The process will preserve timestamps and etc as well as any tar --bzip2 Mike When you do a 'make install' from the same source tree, vhashify/vunify will still not work because most 'make install' do not preserve timestamps. But because timestamps are used to check whether files are identically resp. are going into the calculation of the hash value, you will not gain very much with vhashify/vunify on Gentoo. Enrico ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Logo design
On Thu January 19 2006 22:16, Herbert Poetzl wrote: On Thu, Jan 19, 2006 at 08:03:19PM -0600, Matt Nuzum wrote: Rule by committee never works. Someone is going to have to make a final decision soon or this thread is going to overwhelm my mailbox. As a matter of fact, in the last 2.5 years, this exact scenario has occurred three times and there still isn't a logo for VServer. Somebody (bertl?), pick one and say, that's it! guess I will do that, as it seems that nobody organized a 'public' contest and/or voting for this purpose ... but I guess the 'community' is already converging towards something for me it looks like the green checkmark V plus some text (the actual name) seems acceptable to the volks involved so far ... as a vector graphics version is very desireable we should try to get that done with a few small adjustments, and verify the license of the result, so that we can freely use it for our purpose ... maybe we should try to register it or something like that? anybody who knows about the legal details here (and maybe about the costs?) For the USA, I have done that - SpamViz(.net,.com) There is an online form - it can be done electronicly Plus of course, money (about 300usd - might have changed) Start here: http://www.uspto.gov/teas/index.html Mike I'm confident, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Logo design
On Fri January 20 2006 07:42, Michael S. Zick wrote: On Thu January 19 2006 22:16, Herbert Poetzl wrote: On Thu, Jan 19, 2006 at 08:03:19PM -0600, Matt Nuzum wrote: Rule by committee never works. Someone is going to have to make a final decision soon or this thread is going to overwhelm my mailbox. As a matter of fact, in the last 2.5 years, this exact scenario has occurred three times and there still isn't a logo for VServer. Somebody (bertl?), pick one and say, that's it! guess I will do that, as it seems that nobody organized a 'public' contest and/or voting for this purpose ... but I guess the 'community' is already converging towards something for me it looks like the green checkmark V plus some text (the actual name) seems acceptable to the volks involved so far ... as a vector graphics version is very desireable we should try to get that done with a few small adjustments, and verify the license of the result, so that we can freely use it for our purpose ... maybe we should try to register it or something like that? anybody who knows about the legal details here (and maybe about the costs?) For the USA, I have done that - SpamViz(.net,.com) There is an online form - it can be done electronicly Plus of course, money (about 300usd - might have changed) Now 325usd - whatever that happens to be in Canadian dollars. (The fact that linux-vserver.org is owned by a Canadian does not bar the USPTO registration. You intend to register a graphic - not the sequence of letters only.) Start here: http://www.uspto.gov/teas/index.html Note: You can convert that application to an International registration (a 100usd option). Click the Madrid Protocol Forms link on the above page for the gory details. I'll stop the information flow now - let us see if this was more than a passing thought. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Logo design
On Fri January 20 2006 09:17, Matt Nuzum wrote: On 1/19/06, Herbert Poetzl [EMAIL PROTECTED] wrote: maybe we should try to register it or something like that? anybody who knows about the legal details here (and maybe about the costs?) I'm confident, Herbert In the USA (and most western countries, I believe), a creator automatically has copyright for original works. It's enough to simply say that the mark is copyrighted and all rights are reserved (in most cases). If you want to register it as a trademark or service mark then there are costs involved. Correct (in USA at least) for copyrighted materials. A similar situation (in USA at least) applies to trademarks, including graphic trademarks. You may mark it with the single character: (TM) without registration. You may mark it with the single character: (R) only after registration is granted. So while in the design stage, include the circle TM in the graphic. You can decide on the registration question at a later date. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Guest OS Stops Responding After Hours Of Working
On Fri January 13 2006 18:19, John Alberts wrote: Hi all. I'm using vserver on a Gentoo machine. I originally tried to get some help on the gentoo-vserver irc channel; however, I think we must all have opposite schedules. Anyway, I am using Gentoo for my host machine and also Gentoo as the guest os. The guest os runs Apache2 and MySQL and it works well for a while (5, 6 hours). After a while I am unable to connect to the guest os. From the host os, I can reach the guest os (ping, browse web page using links, etc), but not from outside the host os. If I go into the guest os using vserver myguest enter, the only fqdn i can ping is the one for the host os the is in my hosts file. No other fqdn's work. Is DNS accessible on both nic cablings? Could be the resolver is trying the nic/cable setup that does not reach any name server. If I ping a known working ip address, everything starts working again! I have no idea what this means or how to fix it. As a temporary solution, just to keep my guest os working, I put a cron job that pings 2 different servers every half hour. I think it's probably a routing problem, but I'm not sure what to do. My host has 2 gigabit nics, both on the same subnet. Here is my ifconfig -a and route from my host os: (route hangs a while and then finally prints the output below) The delay in route response is probably DNS lookup time (failing and retrying) See if there is a difference in: route and route -n See below --- ifconfig -a route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 205.215.68.0* 255.255.255.0 U 0 00 eth0 205.215.68.0* 255.255.255.0 U 0 00 eth1 loopback* 255.0.0.0 U 0 00 lo default 205.215.68.254 0.0.0.0 UG0 00 eth0 default 205.215.68.254 0.0.0.0 UG0 00 eth1 Note there is no name resolution for names not in '/etc/hosts' Here is the ifconfig -a and route from inside my guest os: -- ifconfig -a eth0 Link encap:Ethernet HWaddr 00:04:23:C3:C4:FE UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:929890 errors:0 dropped:0 overruns:0 frame:0 TX packets:981291 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:256023685 (244.1 Mb) TX bytes:1085603257 (1035.3 Mb) Base address:0xecc0 Memory:df9e-dfa0 eth0:100 Link encap:Ethernet HWaddr 00:04:23:C3:C4:FE inet addr:205.215.68.100 Bcast:205.215.68.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:929890 errors:0 dropped:0 overruns:0 frame:0 TX packets:981291 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:256023685 (244.1 Mb) TX bytes:1085603257 (1035.3 Mb) Base address:0xecc0 Memory:df9e-dfa0 route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 205.215.68.0* 255.255.255.0 U 0 00 eth0 205.215.68.0* 255.255.255.0 U 0 00 * loopback* 255.0.0.0 U 0 00 * default 205.215.68.254 0.0.0.0 UG0 00 eth0 default * 0.0.0.0 UG0 00 * -- Same here. What is the search order in /etc/host.conf? What name services in /etc/resolv.conf? What are the service providers for 'hosts:' in /etc/nsswitch.conf Duh... Which libc version is handling the above? Mike Thanks in advance for any help. John ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Screen inside vserver
On Sat January 14 2006 06:40, Oliver Welter wrote: eyck wrote: afair, you have to ssh into the box to use screen. vserver name enter and issuing a screen command does not work. it's not that it doesn't work, it's that it easier and safer to tell people 'just ssh into your guest' instead of explaining how to make it work. As I dont have SSH running inside the guest and I am not afraid of some work, how :) You could try making it 'by hand' - but that would only work for the pts that you create by hand. Also recall, that on that system, you are using udev and /dev is probably mounted in /tmpfs, not as persistent files on the hard disk. Gentoo gives you three ways to handle a missing device (follow the directions for a missing /dev/console or /dev/null). But what you want to handle is dynamic devices (pts 0...254) in the guest with a device creation system that runs in the host. First, grab all the udev manuals you can lay your hands on... The 'stock' system scripts are creating devices in '/dev'; modify to create them also in /vserver/guestroot/dev Sorry, I don't know how only what. Mike Oliver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Screen inside vserver
On Sat January 14 2006 08:59, Michael S. Zick wrote: On Sat January 14 2006 06:40, Oliver Welter wrote: eyck wrote: afair, you have to ssh into the box to use screen. vserver name enter and issuing a screen command does not work. it's not that it doesn't work, it's that it easier and safer to tell people 'just ssh into your guest' instead of explaining how to make it work. As I dont have SSH running inside the guest and I am not afraid of some work, how :) You could try making it 'by hand' - but that would only work for the pts that you create by hand. Also recall, that on that system, you are using udev and /dev is probably mounted in /tmpfs, not as persistent files on the hard disk. Gentoo gives you three ways to handle a missing device (follow the directions for a missing /dev/console or /dev/null). But what you want to handle is dynamic devices (pts 0...254) in the guest with a device creation system that runs in the host. First, grab all the udev manuals you can lay your hands on... The 'stock' system scripts are creating devices in '/dev'; modify to create them also in /vserver/guestroot/dev Sorry, I don't know how only what. Scratch that - - here is how: Each udev rule can call an external script - write one that hardlinks the just created /dev/pts/xx to a /vservers/guestroot/dev/ptx/xx Now all you have to do is figure out 'which vserver' to create the link in. Mike Mike Oliver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Screen inside vserver
On Sat January 14 2006 09:48, Benedikt Boehm wrote: On Saturday 14 January 2006 16:46, Benedikt Boehm wrote: On Saturday 14 January 2006 16:08, Michael S. Zick wrote: On Sat January 14 2006 08:59, Michael S. Zick wrote: On Sat January 14 2006 06:40, Oliver Welter wrote: eyck wrote: afair, you have to ssh into the box to use screen. vserver name enter and issuing a screen command does not work. it's not that it doesn't work, it's that it easier and safer to tell people 'just ssh into your guest' instead of explaining how to make it work. As I dont have SSH running inside the guest and I am not afraid of some work, how :) You could try making it 'by hand' - but that would only work for the pts that you create by hand. Also recall, that on that system, you are using udev and /dev is probably mounted in /tmpfs, not as persistent files on the hard disk. Gentoo gives you three ways to handle a missing device (follow the directions for a missing /dev/console or /dev/null). But what you want to handle is dynamic devices (pts 0...254) in the guest with a device creation system that runs in the host. First, grab all the udev manuals you can lay your hands on... The 'stock' system scripts are creating devices in '/dev'; modify to create them also in /vserver/guestroot/dev Sorry, I don't know how only what. Scratch that - - here is how: Each udev rule can call an external script - write one that hardlinks the just created /dev/pts/xx to a /vservers/guestroot/dev/ptx/xx Now all you have to do is figure out 'which vserver' to create the link in. Mike i missed that you link it in the root path of the vserver.. probably it works, but it looks more like a workaround, than a fix.. Ah, yes, an interesting problem. But a step towards getting the correct USB socket (dedicated to a particular workstation) with a security device to show up in the correct vserver dedicated to that particular workstation. Using: strace -o screen.txt -e trace=file screen (from within an xterm)... These are the system calls (in the guest) that you have to make succeed from the host that is running udev (the pts/1 is because the xterm is using pts/0): - - - - readlink(/proc/self/fd/0, /dev/pts/1, 511) = 10 - - - - readlink(/proc/self/fd/0, /dev/pts/1, 4095) = 10 stat64(/dev/pts/1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0 open(/dev/pts/1, O_RDWR|O_NONBLOCK) = 3 - - - - So a simple hardlink might not work, but having a rule script that also (on the host) makes the correct node in /vservers/guestroot/dev/pts/* should work. Note that it is the stat64 ... st_rdev=makedev(136, 1) that is the call to the udev system, in your case, triggered on the guest and but directed at the host. So the question remains: Which VServer (by host path) and which xid? It can't be the /proc/self/anything read by the script, since that is running on the host - not in the guest context that triggered the request for a pts. Still scratching my head over this question - it might require a pre-loaded *.so in the guest context to trap these trigger events and proxy them to the udev system running in the host context (with the additional info required). I just hope someone can suggest an easier way. A good starting point would be to repeat my tests, since they may have cockpit errors. Mike The thing is, you normally don't run udev inside a vserver, because you don't have CAP_MKNOD... It would be reasonable to only run udev on the host - host does hardware management, even software emulated hardware. the problem with /dev/pts entries not appearing on vserver ... enter is that the vserver prorcess only migrates to the context and replaces itself with bash, so there is no login process and no terminal devices are created by devpts filesystem (in contrary to the ssh attempt)... i don't know a solution for this atm, but if anyone can help, i'd appreciate it Bene ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Screen inside vserver
On Sat January 14 2006 11:25, Oliver Welter wrote: Hi Guys, sorry for the hints - but dont make too much noise ,) seems to be not that easy... No problem. It was a good question. It needs to be dealt with sooner or later. You might want to reconsider running sshd in your guest while the answer developes ;-) Mike Oliver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] RSS vs. AS, and swap.
On Thu January 12 2006 00:57, Robin Lee Powell wrote: On Thu, Jan 12, 2006 at 07:05:53AM +0100, Herbert Poetzl wrote: On Wed, Jan 11, 2006 at 09:58:43PM -0800, Robin Lee Powell wrote: I have exactly 1, and will only over have 1, so this simply doesn't apply. I really *do* want swap-out behaviour. for one guest, why do you care about limiting memory at all? I mean, why not 'just' let it use up what it takes? Because the app has a habit of slurping so much memory that the host system spends all its time swapping, which happens to be even slower than usual on this machine. Last time this happened, it took me almost 10 minutes just to type the commands to shut down the VServer. What I want is that no matter what the host system has some RAM left to perform a shutdown in case the VServer runs away with itself, but at the same time I'd like the VServer to be able to use swap if reasonable. Ah,so... You need a 'host-only reservation' not a 'guest-limit' - A number or percentage of rss (as?) that can be only allocated by the host context. No other specific limits on host or guest(s); just let the memory management deal with the requests. Not unlike the 'root use only' reservation for filesystem space. That would not solve the problems with a run-away guest, but at least you could still control the system from within the host. I.E: A work-around, not a solution. I am not familiar with the limiting code, not sure if this is practical. Perhaps someone that has worked on the limiting code could comment. Mike -Robin ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Making two vservers see the same data/directory structore.
On Tue January 10 2006 10:04, Herbert Poetzl wrote: yes, you will very likely run into permission issues with xid tagging enabled on the 'shared' directory, because new files will be tagged by one guest and denied to the other (an untagged partition would help here) Herbert, A short note on this... Near the top of my to-do list for 2006 is to see if I can make the ACL system 'xid aware'. Similar to user and group permission lists, there would be an xid permission list (and a per directory xid default). Both the Linux code implementation and the 'standard' for ACL allows extensions. If practical, this would solve this sort of installation problem. The mapping of the same (Sub-)tree into multiple servers while still being selective about permissions on a per server basis. Don't hold your breath - I work slow. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: VServer logo?
On Tue January 10 2006 12:02, Nicolas Costes wrote: Le Vendredi 6 Janvier 2006 22:56, Guenther Fuchs a ?crit?: Hi there, anyone graphically talented created a logo for VServer yet or wants to? I guess, there's not only me wanting to show a powered by Linux- VServer on their page ;-) I once had a try : http://nayco.free.fr/wiki/fetch.php?cache=cachemedia=ebauchekangourou1_petit.png Well... Qute. And they are all smoking something strange. I like it. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] iptables inside vserver client?
On Tue January 10 2006 15:15, Stephan Mueller wrote: Hi, on the hosting page in the wiki the provider [vRoutix], Argentina anounces iptables support inside a vserver client while i read on the beginners faq page that the forward chain is not touched by packets between the clients. Which one is true? :) Do they use some sort of tap or tun devices? Probably both are true. Reading step three of the virtual tour does not say that the ip rules are 'within' your virtual server. Only that the rules that apply to your virtual server can be controlled by a web interface (on the host system) most likely. That would be fairly straight forward thing to do, just write rule chain(s) for a particular IP address. Constrain the web update to do dynamic rules on the rule chain for a particular customer. For instance, start with the dynamic rule handling of PSAD, be creative with the chain naming, add a web interface, etc. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Assigning a virtual console to a given vserver
On Mon January 9 2006 15:49, Bruno wrote: On Sunday 08 January 2006 14:01, Bodo Eggert wrote: On Sun, 8 Jan 2006, Bruno wrote: I would like to assign a virtual console to one or more vservers running on my box. e.g. vc0 - vc6 for host system vc7 for first vserver vc8 for second vserver none for third vserver ... [...] Is this possible? You need the console device file in the vserver dev directory, and you need to tweak the vserver inittab. This worked. For my example I will let the guest start on tty8 and spawn gettys on tty8 and tty9. Steps: - create /dev/tty8 (major 4, minor 8) - create /dev/tty9 (major 4, minor 9) - create /dev/console (major 4, minor 8) A bit obscure unless one recalls that the kernel uses major-minor numbers rather than names. Could not the same thing be done with a sym-link? ln -s /dev/tty8 console That would be a little more obvious when you listed the /dev/* at some later date. Mike - add c8:2345:respawn:sbin/getty 38400 tty8 linux to inittab - add c9:2345:respawn:sbin/getty 38400 tty9 linux to inittab Then start/restart the guest and output appears as expected. Guest is configured using init style plain Bruno ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vservers and quotas
On Fri January 6 2006 14:19, Herbert Poetzl wrote: no, the different taggings work equally well, it's unfortunate that there is no xid aware backup and restore tool, otherwise the transition could be seamless ... ? What about Joerg Schilling's star? http://ftp.berlios.de/pub/star/ I have been digging through the documentation - It reads as if, when using 24-bit uid/gid it will handle the xid properly - But it might not translate from one type of xid tagging into another. Mr. Schilling claims it can be easily tweaked for such a purpose. (in the README) Have not done any testing yet myself. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vservers and quotas
On Fri January 6 2006 14:19, Herbert Poetzl wrote: no, the different taggings work equally well, it's unfortunate that there is no xid aware backup and restore tool, otherwise the transition could be seamless ... Herbert, Seamless backup and restore of xid between different xid marking systems leads me to a dumb question: Is there a flag or token indicating which tagging system is in use? In the inode? In superblock? In kernel? Just point me in the right direction to the appropriate source code - I will see if I can figure something out. Most likely a tag-text conversion such as used for ACLs. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vservers and quotas
On Fri January 6 2006 17:12, Herbert Poetzl wrote: On Fri, Jan 06, 2006 at 03:47:56PM -0600, Michael S. Zick wrote: On Fri January 6 2006 14:19, Herbert Poetzl wrote: no, the different taggings work equally well, it's unfortunate that there is no xid aware backup and restore tool, otherwise the transition could be seamless ... Herbert, Seamless backup and restore of xid between different xid marking systems leads me to a dumb question: Is there a flag or token indicating which tagging system is in use? In the inode? In superblock? no In kernel? yes, the kernel (on 2.x) knows about the tagging info and exports that information to userspace (the testfs.sh scripts reports that) Meaning it is not practical. Since the kernel (and what it exports) can be changed independently of how the files are recorded. You got three inode bits to use for indicators of which xid system was used? (inode.xid.version?) Yes, I think it has to be at the inode level. Consider a ro bind mount... Kernel-1; xid-method-1; root=/dev/hda auxiliary mount: /dev/hdb Kernel-2; xid-method-2; root=/dev/hdb auxiliary mount: /dev/hda Now bind mount the two trees together, I don't see where anything other than an inode.xid.version will do the job. Otherwise one of the file systems will be read/restored incorrectly depending on which kernel is running. The above example is perhaps extreme, but the same thing can happen over time... Backup files. Change Kernel. Restore files. Sequence would work. Change Kernel. Backup files. Restore files. Now the filesystem is trash. Mike this is the relevant code (bash): INFO=(`sed 's/.*:\t//' /proc/virtual/info 2/dev/null || echo 'none'`) case ${INFO[2]:1:1} in 0) TAGI=none ;; 1) TAGI=uid16 ;; 2) TAGI=gid16 ;; 3) TAGI=ugid24;; 4) TAGI=intern;; 5) TAGI=runtime ;; *) TAGI=unknown ;; esac best, Herbert Just point me in the right direction to the appropriate source code - I will see if I can figure something out. Most likely a tag-text conversion such as used for ACLs. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 2.6.15 Vserver patchs
On Thu January 5 2006 05:38, Mike O'Connor wrote: Hi All From the conversation on the list, it would seem as if there are vs patch's for 2.6.15 kernel. Where would I down load these patch's Joel is running HP, pa-risc - I think he built his own patches for testing. No clue about other hardware systems. I would like to test it as the 2.6.15 kernels are the first 2.6 series which support smart via libata. Thanks Mike Another Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] k-2.6.15 + vs-2.1.0.1 + util-verser-0.30.209 + hppa + smp BUG()?
On Wed January 4 2006 09:58, Herbert Poetzl wrote: On Wed, Jan 04, 2006 at 02:49:01PM +0100, Joel Soete wrote: Hello Herbert, I install a second vserver on my parisc-linux box and also updated a bit kernel stuff as this new year borns with a new kernel ;-). All seems to works fine with k-2.6.15 + vs-2.1.0.1 + util-verser-0.30.209 on this system with the up kernel kernel build ;-) Unfortunately the system BUG() with the same kernel src but build for a smp system (as this machine has actualy 2 cpu ;-) ); here is the console message: BUG: soft lockup detected on CPU#0! wow, never heard of a parisc with working SMP There might still be problems with 64bit-SMP on pa-risc; but 32bit-SMP is a done deal. Joel does a lot of the testing on pa-risc - but I think that is 32bit-SMP that he is reporting. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re-use of an existing chroot disk to implement some vserver ; -)
On Wed December 28 2005 05:43, Joel Soete wrote: Hello all, For those who could have some interest, here are just some notes I took for remind of an implementation of a linux-vserver on a parisc-linux boxe(s). (only tested on 32bit up kernel on a c110 and d380 models, though). This particular execise was to re-use existing chrooted disk(s) already debbootstrap, fully populated and customized (i.e. I didn't want to loose that job ;-) ). (take care to use it at your own risks ;-) ) 0/ References 0.1/ the reference used are: http://linux-vserver.org/Step-By-Step+Guide+2.6 0.2/ more details learning: http://www.morethan.org/step_step.html Joel, Group Just posted an update of step_step.html It is still not complete, but getting closer. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Step by Step Guide to a nano-vserver
Joel and Group, Today's update is available. Baby-01 now does proper networking, only the directions where wrong. All links remain the same - see below. Mike On Fri December 23 2005 10:23, Michael S. Zick wrote: Group, This morning's update is available. Also available on-line at: http://www.morethan.org/step_step.html Still don't have networking setup in the baby vserver correctly. Considerations of restricting file access added. The download links remain the same. http://www.spamviz.net/download/step_step.ps.gz The binary image of the loop file: http://www.spamviz.net/download/baby01.bin.gz Should run on any linux-2.6.14-vs-2.0.1/x686 system. Just unpack her and follow the waking baby section of the directions. Should look as if you had started your real machine with the command line option: init=/bin/bash Now, on to inventing her first clone. Enjoy, Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Mon December 26 2005 09:15, Joel Soete wrote: Hello Mike, just one thought (just because it seems to be a std de facto), may some sshd to be able login the vps, tough? Joel, group; I have been looking at that, it seems I have two choices: www.matrixssl.org : : Because it is small. www.openssl.org : : Because it is what most people expect. If we are going to be successful at building a vserver guest that can be remotely rescued, then the decision may have to be made on which can be built with static linkage. Perhaps both? Like this: initial-install (baby01) : : chroot/vserver rescue software - - - - the matrixssl staticly linked - - - - the BusyBox is already providing a telnetd - - - - the BusyBox is providing a vi editor - - - - the BusyBox can be staticly linked - - - - already have a staticly linked Bash base-install (baby02) : : rescue, backup, restore, and maintenance. - - - - the openssl dynamicly linked - - - - a dynamicly linked nano editor - - - - the BusyBox is currently dynamicly linked - - - - I added a dynamicly linked Bash in /opt/gnu/bash/* The baby02 level should be fine for anyone that is not playing with an experimental libc6 (like some that I know). People who need more features should be loading the base-install of some Linux distribution. I am also trying to keep this exercise within a single semester's work in system administration - but I will not cripple the package for that purpose. I will give this some more study, I can't answer my own question at the moment. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Tue December 27 2005 09:04, Dennis Roos wrote: On 27 Dec 2005 at 8:55, Michael S. Zick wrote: On Mon December 26 2005 09:15, Joel Soete wrote: Hello Mike, just one thought (just because it seems to be a std de facto), may some sshd to be able login the vps, tough? Joel, group; I have been looking at that, it seems I have two choices: www.matrixssl.org : : Because it is small. www.openssl.org : : Because it is what most people expect. Did you look at the dropbear sshd ? Looks like I should add that to the list. Now that Santa Claus has gone home, I should have time to look at three packages instead of two. I also stumbled across the following link - which I do not think is on the project page: http://deb.riseup.net/vserver/ Mike From the Gentoo ebuild: DESCRIPTION=small SSH 2 client/server designed for small memory environments HOMEPAGE=http://matt.ucc.asn.au/dropbear/dropbear.html; ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] The nano-vserver package.
Joel, I got past my self created problems last night and have had a good night's sleep. I think my planned package is complete, I wanted to review it with someone, I will try to be brief... This is a single file, perhaps sized to fit on a cdrom. Any Linux system, any hardware, that recognizes the filesystem used (currently Reiser-3) may turn the file into a device with losetup, and then just mount it somewhere in the directory tree. What they will find under mount_point is: mount_point/baby/src All of the virgin source tarballs used. mount_point/baby/doc The step-by-step guide and ... mount_point/refbox The reference vserver based on Bash and BusyBox. This is the single point location of software to share with other vservers. mount_point/vsbox01 An example of a vserver system built by linking to the refbox softwares. Any Linux system that runs the kernel and processor that the software was built for can run the vservers out of the box. Currently that means Linux-2.6.14 with Vs-2.0.1 on an i686 compatable machine. The reference vserver has a non-standard layout. The view from the inside refbox: The base install is a static Bash, the dynamic loader, the three common dynamic libraries and the dynamically linked BusyBox that shows up in: /sbin, /bin, /lib, /etc This is a full Bash, including UDP and TCP i/o and the combination provides over 200 of the common terminal commands. This base install is 5.08 Mb. But I may have forgotten to strip the binaries. No 'init' program, you can do that with a Bash script. The BusyBox has a linuxrc and an init but I haven't tried them. Additional software that can turn the base-install into a minimum-install system is present under the /opt/vender_name/* trees. These can be linked to if a more normal minimum Linux system is desired. Everything that makes this system self maintainable should be present. Currently: /opt/gnu/bash (1.59 Mb) The full, dynamically linked Bash /opt/gnu/coreutils (8.23 Mb) The full, dynamically linked CoreUtils - all of them a version that understands extended file attributes and file access control lists. /opt/sgi (1.98 Mb) The full, dynamically linked ATTR and ACL toolset. /opt/schily (1.05 Mb) The full, dynamically linked star program and friends. This is an alternative to gnu-tar that correctly handles extended file attributes and file control lists. /opt/tecgraf ( tiny ) The Lua programming language. Both the interactive and the command line versions. Also directions on how-to add this to the host's bin-formats included. Lua is ideal for writing human readable, machine executable, configuration files and scripts. I think that is all. Still scratching my head over including external readline and gettext packages. The question is because I can build Lua for none, use the Bash libraries, or use the external packages. The view from inside vsbox01 will have a more typical layout of the first and second level directory trees. This will only be an example - the user will be encouraged to pick and choose what to link to inside of refbox. The total is less than 20Mb - lots of room to play with other setups. You can make a star-ball of whatever you build inside the loop-file when ready to put it on the real filesystem somewhere. Should be both educational for people who build their own and useful as is to run common services. The BusyBox has ftp, rpm and apt tools, should be able for a vserver to install whatever it needs from the network. What common tool set have I overlooked? Do you see anything that really must be included? For anything with more features, a person should start with a Linux base system from a distributor. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Mon December 26 2005 08:43, Michael S. Zick wrote: Joel, A sudden thought while reading my own post. The view from inside vsbox01 will have a more typical layout of the first and second level directory trees. I will give it a job. Configure the bb httpd server to serve the html versions of all the software documentation - just skip dealing with any man-reader or info-reader. I think all of the software packages will output their documentation in html. I just have to dig out the build instructions. I had better build an index of all the software commands are 'built-in' - there are hundreds even in the base-install. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Mon December 26 2005 09:15, Joel Soete wrote: Hello Mike, Michael S. Zick wrote: Joel, I think my planned package is complete, I wanted to review it with someone, I will try to be brief... - - - [ really big snip ] - - - What common tool set have I overlooked? Do you see anything that really must be included? just one thought (just because it seems to be a std de facto), may some sshd to be able login the vps, tough? Thanks, I missed that one. People will expect it to be available. BusyBox does have a telnetd. I just checked, BusyBox has a vi for text editing. Should there be some other editor? I think that emacs would be too big. PS: I am finishing my recipe to re-use a chrooted disk on hppa box and will try asap to build 'baby' and vbox on my parisc-linux box too. I will post a pre-view of baby02.bin later today - It will not all be working - It will have all of the source tarballs and rough, guru level, instructions (except Lua and sshd) to build a non-x86 version. Thanks for your advice. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Mon December 26 2005 11:44, Chuck wrote: On Monday 26 December 2005 10:38 am, Michael S. Zick wrote: I just checked, BusyBox has a vi for text editing. Should there be some other editor? I think that emacs would be too big. yes please... pico or nano either one.. both are small and to me more useful than any of the others. i use them exclusively. this looks like it could make an extremely nice rescue disk. It might get too big for anything smaller than a 100Mb zip disk. Hmmm... My smallest USB drive is 256Mb - That is a thought. It should always fit on a bootable cd though, even after adding a kernel, util-vserver and whatever else a rescue cd needs. Good idea, When I need to make a quick file change, I usually reach for nano myself. I am posting a pre-view of baby-02 for Joel to look at, complete with all sources and most of the binaries built - but it is getting large - I may have to move it to sourceforge.net before I am done. If you or anyone else on the list wants to start looking at it with an eye at non-x86 versions - let me know, I will send you a link. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Mon December 26 2005 08:43, Michael S. Zick wrote: - - - Really Big Snip - - - Today's update to the build guide is posted. Corrections and addition of extending the base system into a minimal system. On line at: http://www.morethan.org/step_step.html Download at: http://www.spamviz.net/download/step_step.ps.gz A tarball of all sources used is at (14Mb): http://www.spamviz.com/download/baby02_src.tar.bz2 The loop file with the base system installed remains the same and is available at (5Mb): http://www.spamviz.net/download/baby01.bin.gz As usual, feedback is welcomed. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The nano-vserver package.
On Mon December 26 2005 12:58, Avery Pennarun wrote: On Mon, Dec 26, 2005 at 09:38:54AM -0600, Michael S. Zick wrote: I just checked, BusyBox has a vi for text editing. Should there be some other editor? I think that emacs would be too big. e3 is an excellent but tiny text editor. It definitely beats nano or pico. Thanks for the tip = = but it does not build for big endian pa-risc. Looks like it will be nano, which will build for any machine that major Linux distributions support. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can i install fedora core 4 in a vserver using the cds
On Thu December 22 2005 22:21, Herbert Poetzl wrote: On Fri, Dec 23, 2005 at 08:37:17AM +0500, Mustafa Abbasi wrote: - - - snip - - - i have downlaoded a mandeake tar from http://free.oszoo.org/download.html. i tried to install install it but i got a few error. could you tell me how to create an empty vserver so that i can copy the mandrake installation in the tar over to that file by mounting the image. vserver name build -m skeleton --context 42 (see http://linux-vserver.org/alpha+util-vserver for some examples and most options) replacing the 'empty' guest dir by your untarred mandrake guest should do the trick ... Mustafa, I can confirm that sequence will work for Gentoo. It should work for any distribution, It is just the details that differ. What you have so far... 1) You used the vserver script to build a skeleton. Presuming the util-vserver tools are installed without any special options... You now have a directory: /vservers/name Which will become the root directory of your guest. Also, the tool has created its own configuration information for the guest-to-be outside of that directory tree. 2) Your have the distribution's --initial tarball-- Whatever that distribution calls it. Untar that tarball so that /vservers/name is the root directory of whatever is in the tarball. Probably, just cd /vservers/name followed by the specific untar command required by that --initial tarball-- That should result in enough of the distribution's system that the distribution can self-install itself. Anything that was over written by untarring that --initial tarball-- should be alright with vserver. What you have at this point may not run under vserver - but it should be able to update itself into a --base-system-- that will. Look through your distribution's install manual for the part that begins with something similar to: chroot /vserver/name /bin/bash ldconfig (or some script that does that) - - - perhaps some other do this first commands - - - - - - like setting up passwords and networking - - - Continue with the instructions with the directions for: To bootstrap the base system Those directions should result in a base (minimal) installation of the distribution inside of the chroot that you are in. - - - perhaps some do this after commands - - - You should be able to exit from the chroot at this point and what you have should run under vserver... vserver name start vserver name enter - - - - It is just all of the details that are a pain - the big picture is easy. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can i install fedora core 4 in a vserver using the cds
On Fri December 23 2005 03:56, Michael S. Zick wrote: On Thu December 22 2005 22:21, Herbert Poetzl wrote: On Fri, Dec 23, 2005 at 08:37:17AM +0500, Mustafa Abbasi wrote: - - - snip - - - i have downlaoded a mandeake tar from http://free.oszoo.org/download.html. Is that the link you used? Those packages are specials for a different kind of virtual server. Under linux-vserver, use the standard distribution stuff. The home page for Fedora downloads is: http://fedora.redhat.com/ Distribution's install guide starts here: http://fedora.redhat.com/docs/fedora-install-guide-en/ I do not know what part of those instructions would be your starting point. Mike i tried to install install it but i got a few error. could you tell me how to create an empty vserver so that i can copy the mandrake installation in the tar over to that file by mounting the image. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can i install fedora core 4 in a vserver using the cds
On Fri December 23 2005 05:07, Mustafa Abbasi wrote: On 12/23/05, Michael S. Zick [EMAIL PROTECTED] wrote: On Fri December 23 2005 03:56, Michael S. Zick wrote: On Thu December 22 2005 22:21, Herbert Poetzl wrote: On Fri, Dec 23, 2005 at 08:37:17AM +0500, Mustafa Abbasi wrote: - - - snip - - - i have downlaoded a mandeake tar from http://free.oszoo.org/download.html. Is that the link you used? Those packages are specials for a different kind of virtual server. no i have not yet used tem and if you say i can't then i guess i should not. but they are just installation like someone suggested (that i use qemu to make the installation) made for qemu. i thought i could extract the contents and use it. are you sure it is not right You have me on that one. I guess you have to consider the source of the information. ME: About 5 days of experience with Vserver OTHERS: A whole lot more -!!!- Could be the qemu is a less trouble free route to take. Consider: If you install a standard distribution, you will end up editing the structure of its init sequence. - - - vserver will start but you will see a lot of - - - messages about things that init could not do. - - - This is not fatal, or even harmful. If you install a distribution already tailored for running under a virtual server (anybodies) then the structure of its init sequence has probably already been edited. So using the qemu version of a distribution might be what you should do - I can't say for sure, so just try it. - - - - I did learn one thing while looking at the Fedora pages - they have instructions for using yum - and linux-vserver has support for yum package management. I can't say - have never done it. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Step by Step Guide to a nano-vserver
On Thu December 22 2005 03:25, Joel Soete wrote: Joel, and Group; I have a rough draft of the step-by-step guide to creating a nano-vserver posted. mmm, I see the baby is a nano baby girl ;-). may be could you (we) find a more shiny name? (refbox, though?) But as she made the light on the obscure side of the force, she's bright, isn't it? name her Bridget? Just a suggestion, in fine, you are its father ;-) Good suggestion I want to live with her for another day or two before I decide what to call her ;) Comments welcome from anyone with time to read through it. Just a comment: What do you think to put the note in paragraph 5.1: Vserver extends the concept of using ... better as a general introduction? (it's the basis but doesn't seems to me enough 'spotlighted') I have added an abstract, an introduction, and changed the title. The morning version of the guide is posted at the same link, just refresh your copy. No changes to the baby01.bin file or how to run it. That file is a Linux/x86 system. It will be awhile before I can build a hppa-risc version. The end result of the tutorial is a virtual server running Bash and BusyBox fully contained within a single file. (Actually, the testfs.sh test file.) The current draft here: http://www.spamviz.net/download/step_step.ps.gz and a question about the: mount -o bind /proc /vservers/refbox/proc why? Because : In fact, till now, I just used 'vserver DebSid star/stop/enter' and my DebSid/fstab already contained: none/proc procdefaults0 0 Is there a subtle difference, I missed? That 'vserver' command is a (large) Bash script in front of the low-level commands. That is one of the many things the script does for the user. The baby uses the low-level commands for now, just to expose to the new user what is happening. Also, she can not be started with vserver refbox start without a bunch of complaints from the vserver script. I will fix that when I get it figured out. The entire virtual server as a compressed file: http://www.spamviz.net/download/baby01.bin.gz Watch out, she is heavy, weights in at about 4Mb. Congratulation: you are the father of a nice baby ;-) Thanks a lot, Joel (PS: her foreseen clone would make stuff more clear, if possible, name her Clara ;)) Today's project is to make a clone of her. And then try using the file extended attributes and file access lists. Maybe I will be able to learn how to protect her from heavy feet in the host. I will be updating the step-by-step as I go, also including anything others mention to me. Thanks very much for your comments Joel. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can i install fedora core 4 in a vserver using the cds
On Thu December 22 2005 11:26, Herbert Poetzl wrote: On Thu, Dec 22, 2005 at 09:21:36PM +0500, Mustafa Abbasi wrote: i have dowlaoded the cds of fedora core 4, but i can't figure out how ito nstall it into a vserver running on debian.i am new so please easy instrucion would be appreciated. well, as Linux-VServer does not do system emulation (i.e. you won't get a virtual CD drive and such), just system (and resource) isolation, you basically have to solve the problem: How do I install FC4 from a bunch of CDs into a directory? Herbert, A few more solutions... First three questions: 1) Is one of the FC4 cds bootable? 2) Can you shutdown your target machine? 3) How old is your version of Bash? Ans. 3) bash --version If it is anything older than the 3.0 version that is in Debian/Sarge, stop here and upgrade it. Independent of your answer to #1 and #2 - use the vserver name build command to build the basic file structure on your system. I think it has a framework for fc4 Quick info on the vserver build command enter: vserver AnyName build --help A detailed guide to building a generic vserver is at: http://www.spamviz.net/download/step_step.ps.gz There is a minimum chance of trashing your system with those directions - play with it until you feel ready to continue. - - - If you do not want to shut down your machine - - - - If you are running a linux kernel compatable with version-2.6.14 plus the vserver-2.0.1 patch on at least an Intel i686 box... You can download a compressed version of that generic vserver from: http://www.spamviz.net/download/baby01.bin.gz Unpack and follow the directions in section 6.7 of the step by step instructions to wake up the baby. Bingo - you are now in a virtual server that acts as if you had booted your machine with the option: init=/bin/bash Follow the FC4 installation instructions from the point where you are replacing a working system (if those exist) with a network source of the FC4 stuff. (I do not expect the current baby01.bin to support cd/dvd device access.) - - - - if you can boot from the FC4 install disk - - - - Well, as Herbert said, find out how to make the installer do the installation into the directory that you created with the vserver name build command rather than the entire disk system. - - - - Mike - - - and the solutions could be: - use rpm with the --root= option to get the packages installed into a dir - use UML or QEMU or some full system emulator to install the CDs in a virtual machine and copy the resulting installing into a directory - adjust/adapt (or just trick) the CD installer into isntalling FC4 on a separate dir/partition - setup a repository (apt-rpm, yum) to install from and use the util-vserver tools to install a guest from scratch (which is the preferred way) HTH, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Step by Step Guide to a nano-vserver
Joel, and Group; I have a rough draft of the step-by-step guide to creating a nano-vserver posted. Comments welcome from anyone with time to read through it. The end result of the tutorial is a virtual server running Bash and BusyBox fully contained within a single file. (Actually, the testfs.sh test file.) The current draft here: http://www.spamviz.net/download/step_step.ps.gz The entire virtual server as a compressed file: http://www.spamviz.net/download/baby01.bin.gz Watch out, she is heavy, weights in at about 4Mb. Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] recommended way to backup vserver guests with nightly cron job?
On Tue December 20 2005 03:30, Gerhard Hofmann wrote: Hi list, I'm a newbie to vserver and I wonder how to backup my vserver guests with a cron job run by the vserver host. I think it should be something like that: vserver myvserver stop ...compress /etc/vserver to a tgz file and save on external storage... vserver myvserver start Have I forgotten something important here? Myvserver will run mysql and apache (TYPO3 content management system), so I think it won't hurt to run a mysqldump before shutting down and backing up myvserver. That would give you the most consistent backup of the content management system. Of course it means there is a time-of-day when you can have the vserver out of service. One of the reasons for running mysqldump is so a consistent version of the database files is dumped. An external-to-mysql backup program could catch the database files in an inconsistent state. But... If you have shut down the vserver, you have also shut down mysql, the file content is now static - if you don't need the mysqldump output for another reason - then you could skip that step. The same reasoning (system operation spans changes in multiple files) applies to apache, the content management system as a whole and the operation of the vserver. So shutting it (the entire vserver) down gives you the most consistent version of everything. If the system is used 24/7 and you can't shut it down for backups, then you could back it up with a host script that runs commands in the vserver context. (See Christian Heim's reply to this thread.) If the system is used 24/7 and is heavily loaded at all times, then things get tricky if you want a consistent set of files for the content management system (and the vserver and apache). Mike What is the best way to invoke the mysqldump command within myvserver? A separate cron job within the guest? TIA Gerhard ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver and Reiserfs3
On Tue December 20 2005 08:27, Joel Soete wrote: Hello Mike, It is great to hear from you again Joel, I am not sure what is wrong with the world's e-mail systems. A collection of notes on adding vserver to a system with an existing ReiserFS-3 filesystem. When configuring your shiny new vps-linux: Under Filesystems on menuconfig; enable ReiserFS extended attributes and ReiserFS POSIX access control lists if not already configured (mine where not). - - - - Right mine wasn't too That may not be 100% required for Vserver, but certainly safer under ReiserFS-3. Not yet available under ReiserFS-4 [snip] Now the testfs.sh script should run, try it: # ./testfs.sh -D /dev/loop0 -M /mnt or for only ReiserFS: # ./testfs.sh -F reiser -D /dev/loop0 -M /mnt - - - - unfortunately still failed at the same places on my parisc box: i.e. [...] verify /mnt/test/file_3053: -+(-)-i-+(-) ~ - [114]# failed. [...] verify /mnt/test/file_3053: -+(-)-i-+(-) ~ i---E [124]# failed. [199]# succeeded. :-( Don't feel that way - If things worked the first time then all programmers would be out selling apples for a living. So most probably, a p-l issue, but i doubt that maintainers would track it down. Those look like lsattr failures - lsattr and chattr are provided as part of e2fsprogs. I built version-1.38 from virgin (without distribution patches) source at: http://e2fsprogs.sourceforge.net According to the change logs - you will need at least version-1.37 of virgin, or a distribution version with the extended attribute fixes. My Debian/Sarge binaries where not up to the task. Try building the virgin sources of 1.38 on hppa - might fix the problem. (lol and no, I definitely don't want to do, I still have to fix many details of my vps as automatic restart when reboot the system, ...) The one thing you really must have is vprocunhide. I built my util-vserver tools with --prefix=/usr - so on my system: cd /etc/rcS.d ln -s /usr/etc/init.d/vprocunhide S72vprocunhide Somewhere late in the host startup sequence works for me. - - - - That said, nice recipe and collection of info. Thanks, That was the high points of two days of note taking. I am working on the next set of notes on Exploring Vserver for newbees (since I am). Thanks a lot, Joel ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Script testfs.sh on Reiser3
On Sun December 18 2005 21:39, Herbert Poetzl wrote: - - - - - PS: anyone tried this on reiser4? PS: did it get into to the kernel yet? It is in Linux-2.6.14-mm2 but it is still only a namesys.com patch for plain Linux-2.6.14 Which applies cleanly to Linux-2.6.14+Vserver-2.0.1 Will give the thing a try - First hint: No extended attribute or ACL questions shown on menuconfig - Either they aren't there yet or they are standard (like xfs). The namesys.com pages give them an honorable mention. - - - - # uname -a Linux wolf466 2.6.14-vs2-r4 #1 PREEMPT Sun Dec 18 08:11:06 CST 2005 i686 GNU/Linux Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Script testfs.sh on Reiser3
On Mon December 19 2005 09:00, micah wrote: Michael S. Zick wrote: wolf466:/mnt# showattr dir_one ---bui- dir_one wolf466:/mnt# setattr --barrier dir_one wolf466:/mnt# showattr dir_one ---Bui- dir_one What version of util-vserver are you using? When you do the setattr --barrier it should result in: ---BUi- dir_one That is a directory, not a file. Since a directory can not be hard linked, should not that be ---Bui- dir_one like it is on Reiser3? This was fixed in version 0.30.208 of util-vserver. The above is the over clipped follow-up for Reiser4. - - - - Linux: 2.6.14 Reiser4: 1.0.5 Vserver: 2.0.1 util-vserver: 0.30.209 Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Vserver and Reiserfs3
Group, A collection of notes on adding vserver to a system with an existing ReiserFS-3 filesystem. When configuring your shiny new vps-linux: Under Filesystems on menuconfig; enable ReiserFS extended attributes and ReiserFS POSIX access control lists if not already configured (mine where not). - - - - Continue with configuration as described in the on-line documents. Build and Install this kernel as described. - - - - Build and Install the util-vserver tools as described. - - - - If the ReiserFS on your system has ever been used by a kernel WITHOUT the above two options, then: boot the shiny new vps-linux in 'single user' mode and run: reiserfsck --clean-attributes device on any devices with a ReiserFS-3 filesystem on them. - - - - Edit the lines in your /etc/fstab for the ReiserFS-3 filesystems to include the additional options: attrs,acl - - - - Reboot now, using your shiny new vps-linux - - - - The testme.sh script should run without errors. - - - - The testfs.sh script expects there to be a mkfs.reiserfs, so: locate where your mkfs.* programs are and where the mkreiserfs program is hiding - create a sym-link to meet the expectations of testfs.sh - the following works for me: ln -s /usr/sbin/mkreiserfs /sbin/mkfs.reiserfs - - - - Create the test device as a file of zeros that is loop mounted: # dd bs=1024k count=1024 if=/dev/zero of=1gb.test # losetup /dev/loop0 ./1gb.test - - - - Now the testfs.sh script should run, try it: # ./testfs.sh -D /dev/loop0 -M /mnt or for only ReiserFS: # ./testfs.sh -F reiser -D /dev/loop0 -M /mnt - - - - Running the test script for the ReiserFS-3 filesystem only leaves the loop file formated as a ReiserFS-3 and unmounted. - - - - Mount it again so you can play with it: mount -o attrs,acl /dev/loop0 /mnt - - - - I worked through the examples in the SuSE in the administrators guide, found here: www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf A note on those examples: use a user name and a group name that already exists on your machine, not the names in the examples. Note how a subdirectory inherits the default acl of its parent. Now you have an alternative or supplement to hard linking files into all of your vserver contexts. - - - - Backing up a filesystem with acl information requires an acl aware program - the star program is one such. - - - - One more note - you had better find the most recent versions of all system utilities this involves - I can't give minimum versions, since I just built the 'most current' of everything to get this to work. - - - - enjoy Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Script testfs.sh on Reiser3
Group, I find differences between lsattr and showattr outputs which the script marks as errors. Background: Linux 2.6.14 on x86 with vserver 2.0.1 applied. util-vserver 0.30.209 ReiserFS 3.6.14 Distribution layout is basicly Debian Sarge Note 1: script expects a mkfs.reiserfs so I faked it with: ln -s /usr/sbin/mkreiserfs /sbin/mkfs.reiserfs Note 2: script calls lsattr (part of e2fsprogs) which means that versions prior to 1.37 will silently fail. I built e2fsprogs 1.38 to get past that one. Here is what I am seeing, all that I can tell is that the attributes reported are different: Without the (-o attrs) option to mount command [mount /dev/loop0 /mnt] # showattr /mnt ---bui- /mnt ui- /mnt/file_9079 ---bui- /mnt/dir_9079 # ./lsattr /mnt/ ./lsattr: Inappropriate ioctl for device While reading flags on /mnt/file_9079 ./lsattr: Inappropriate ioctl for device While reading flags on /mnt/dir_9079 (Which seems reasonable) Note 3: Some of the on-line documentation mentions an xattrs option to reiserfs - my 3.6.14 only understands attrs (correct in the script). Next, umount and mount the test file with the attrs option [mount -o attrs /dev/loop0 /mnt] Now we have (without any changes to the files) # showattr /mnt ---bui- /mnt UI- /mnt/file_9079 ---Bui- /mnt/dir_9079 (Notice the changes of case with the addition of attrs that is going to bite somebody running Reiserfs. ) # ./lsattr /mnt/ i /mnt/file_9079 - /mnt/dir_9079 Which translates as: # ./lsattr -l /mnt/ /mnt/file_9079 Immutable /mnt/dir_9079--- The only conclusion I can reach is either something is broke or incomplete in lsattr or Perhaps the script should not be expecting that the output of lsattr on a reiser3 filesystem to make any sense. PS: anyone tried this on reiser4? Mike ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver