Re: [Vserver] URGENT: rpm-4.3.3-18nonptl from CentOS 4.4 breaks vserver-build
Thanks, Xavier! I will do that. Xavier Montagutelli wrote: On Monday 04 September 2006 04:43, Paul S. Gumerman wrote: The new CentOS 4.4 that was released in the last few days includes a version of rpm that results in the error message "error: can't create transaction lock on /vservers/test/var/lock/rpm/transaction" when trying to build vserver "test", and no rpms are actually installed into the vserver. I had the same message with RHEL 4 update 4. To correct this, you can add the following command in install_prefix/lib/util-vserver/distributions/distrib/initpre : mkdir -p "$vdir"/var/lock/rpm/ Falling back to the previous version of rpm, rpm-4.3.3-13nonptl from CentOS 4.3 fixed the problem. This is on x86_64. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] URGENT: rpm-4.3.3-18nonptl from CentOS 4.4 breaks vserver-build
The new CentOS 4.4 that was released in the last few days includes a version of rpm that results in the error message error: can't create transaction lock on /vservers/test/var/lock/rpm/transaction when trying to build vserver test, and no rpms are actually installed into the vserver. Falling back to the previous version of rpm, rpm-4.3.3-13nonptl from CentOS 4.3 fixed the problem. This is on x86_64. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] localhost oddity on vserver host
Herbert, This problem is on the *host*, not a guest. I've verified that none of the guests on vhost3 (the box with the problem) has anything to do with 127.0.0.1. Also, on vhost3, sshd with explicit "ListenAddress" settings for the host's ip as well as 127.0.0.1 will start and run without complaining that it cannot bind to 127.0.0.1, but netstat doesn't show it listening on localhost. For the life of me, I cant figure this out ... On vhost1 (the working box): [EMAIL PROTECTED] ~]# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.039 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.018 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.033 ms --- 127.0.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2010ms rtt min/avg/max/mdev = 0.018/0.030/0.039/0.008 ms, pipe 2 On vhost3 (the troublesome box): [EMAIL PROTECTED] etc]# ping 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. hit cntrl-C here --- 127.0.0.1 ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 4999ms Any thoughts? Paul Herbert Poetzl wrote: On Fri, Jun 30, 2006 at 08:51:58PM -0400, Paul S. Gumerman wrote: In it's own thread now -- sorry for the unintentional hijack. I have two practically identical vserver hosts, named vhost1 and vhost3. They are both running kernel CentOS (2.6.14.3-vs2.0.1-rc5) x86_64. /etc/hosts on each one is essentially the same, and the routes look good and essentially the same. The ifconfig output for both looks the same, and both show traffic in and out of lo. this suggests that you 'assigned' some loopback ip (probably 127.0.0.1) to both guests, which will them allow to bind to that ip too this very likely results in two guests competing for that address, so some services will be able to bind others will fail ... On vhost1, "ping 127.0.0.1" works as expected, and sshd can listen on the localhost port 22, and can be used there (by freenx). On vhost3, "ping 127.0.0.1" *sends* packets, but shows 100% packet loss. Also, sshd does not complain about listening on localhost, but it doesn't show up in netstat's output, and it doesn't work on localhost (freenx fails). Does anybody have any ideas? Unfortunately, vhost3 is a hundred miles away, and one of the virtual servers is running an important mail server, so I have to be careful. But vhost1 is here, and not so critical, so I can experiment with it. basically I do not see a good reason for assigning 127.x.x.x to a guest, but if you have to, then try to choose different ones, e.g. 127.0.0.2, 127.0.0.3 ... HTH, Herbert Thanks, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] v_sshd wrapper script and freenx remote access app
I have been working on getting the freenx remote X access aplication working on a vserver host machine. When using the v_sshd wrapper, it fails, fairly late in the process of a login. If I do not use the wrapper, and start sshd from the standard initscript with the following lines in sshd_config, it works fine. ListenAddress 192.168.1.42 ListenAddress 127.0.0.1 It appears that the v_sshd wrapper does not allow sshd to listen to the loopback address, but only the interface's primary IP addresses, and that is causing the problem with freenx. Is there some reason that this limitation is necessary? If not, can it be fixed? Best regards, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] localhost oddity on vserver host
I have two practically identical vserver hosts, named vhost1 and vhost3. They are both running kernel CentOS (2.6.14.3-vs2.0.1-rc5) x86_64. /etc/hosts on each one is essentially the same, and the routes look good and essentially the same. The ifconfig output for both looks the same, and both show traffic in and out of lo. On vhost1, ping 127.0.0.1 works as expected, and sshd can listen on the localhost port 22, and can be used there (by freenx). On vhost3, ping 127.0.0.1 *sends* packets, but shows 100% packet loss. Also, sshd does not complain about listening on localhost, but it doesn't show up in netstat's output, and it doesn't work on localhost (freenx fails). Does anybody have any ideas? Unfortunately, vhost3 is a hundred miles away, and one of the virtual servers is running an important mail server, so I have to be careful. But vhost1 is here, and not so critical, so I can experiment with it. Thanks, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] v_sshd wrapper script and freenx remote access app
Sorry about the previous thread hijacks --- I didn't realize what the list server was using to do the threading. I have been working on getting the freenx remote X access aplication working on a vserver host machine. When using the v_sshd wrapper, it fails, fairly late in the process of a login. If I do not use the wrapper, and start sshd from the standard initscript with the following lines in sshd_config, it works fine. ListenAddress 192.168.1.42 ListenAddress 127.0.0.1 It appears that the v_sshd wrapper does not allow sshd to listen to the loopback address, but only the interface's primary IP addresses, and that is causing the problem with freenx. Is there some reason that this limitation is necessary? If not, can it be fixed? Best regards, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] localhost oddity on vserver host
In it's own thread now -- sorry for the unintentional hijack. I have two practically identical vserver hosts, named vhost1 and vhost3. They are both running kernel CentOS (2.6.14.3-vs2.0.1-rc5) x86_64. /etc/hosts on each one is essentially the same, and the routes look good and essentially the same. The ifconfig output for both looks the same, and both show traffic in and out of lo. On vhost1, "ping 127.0.0.1" works as expected, and sshd can listen on the localhost port 22, and can be used there (by freenx). On vhost3, "ping 127.0.0.1" *sends* packets, but shows 100% packet loss. Also, sshd does not complain about listening on localhost, but it doesn't show up in netstat's output, and it doesn't work on localhost (freenx fails). Does anybody have any ideas? Unfortunately, vhost3 is a hundred miles away, and one of the virtual servers is running an important mail server, so I have to be careful. But vhost1 is here, and not so critical, so I can experiment with it. Thanks, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] testme.sh results and minor problem 2.6.14.2 / vs2.1.0-rc8 on x86_64 arch
Herbert, I'm trying to install the most up-todate versions of things before hauling some servers out to a datacenter (must leave my basement --- OH NO! grin) and have run into the following problem. vserver-stat fails, returning: vc_create_context(): Invalid argument but my two vservers do start, they do run, and I can enter them. testme.sh results: Linux-VServer Test [V0.14] Copyright (C) 2003-2005 H.Poetzl chcontext is working. chbind is working. chcontext 0.30.205 -- allocates/enters a security context This program is part of util-vserver 0.30.205 Copyright (C) 2004 Enrico Scholz This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. Linux 2.6.14.2-vs2.1.0-rc8 x86_64/0.30.205/0.30.205 [Ea] (0) VCI: 0002:0001 236 03000174 ([EMAIL PROTECTED]) (gcc version 3.4.4 20050721 (Red Hat 3.4.4-2)) #10 SMP Mon Dec 5 17:03:21 EST 2005 --- [000]# chcontext true chcontext --ctx 45678 true [000]# failed. [001]# chcontext --ctx 45678 egrep 'context|VxID' /proc/self/status [001]# succeeded. [011]# chcontext --secure --ctx 45678 mknod /tmp/testme.sh.eD7841/node c 0 0 [011]# succeeded. [031]# chcontext --hostname zaphod.7838 uname -a | grep -q zaphod.7838 [031]# failed. [101]# chbind --ip 192.168.0.42 true [101]# succeeded. [102]# chbind --ip 192.168.0.1/255.255.255.0 --ip 10.0.0.1/24 true [102]# succeeded. [201]# chcontext --ctx 45678 --flag fakeinit bash -c 'test $$ -eq 1' [201]# succeeded. [202]# chcontext --flag fakeinit bash -c 'test $$ -eq 1' [202]# failed. = of interest (I think): chcontext true returns: vcontext: vc_xidopt2xid(): No such file or directory Any ideas? Best regards, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Arch] i686
Herbert, Where do I find the test? I'll run it for x86_64 for you. I'm currently at 2.6.11.7-vs2.0-pre3. I'll run it and then upgrade and run again. Paul Herbert Poetzl wrote: Linux-VServer Test [V0.12] (C) 2003-2005 H.Poetzl chcontext is working. chbind is working. Linux 2.6.11.8-vs2.0-pre4 i686/0.30.207/0.30.207 [Ea] VCI: 0001:0025 273 03110064 --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. Notes: - works out of the box ;) SMP 4-way vendor_id : GenuineIntel cpu family : 6 model : 10 model name : Pentium III (Cascades) stepping: 1 cpu MHz : 699.587 best, Herbert ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] problems with vserver create -m yum
Enrico, Thanks so much for the explanations. And the detailed info on setting up local repositories was an extra bonus! It appears that I now have a vserver with properly functioning package management with CentOS4. Yet another question ... would you recommend using vunify or vhashify ? I understand that vhashify will work on files that are not part of any package, but I assume that there must be a "cost" or downside to using the extra capability. Regards, Paul (and thanks again!) Enrico Scholz wrote: [EMAIL PROTECTED] ("Paul S. Gumerman") writes: Is there anywhere to be found an explanation of how package management works with the new util-vserver system? I would suggest (for Fedora based systems): 1. create your own yum or apt repository by: a) copy all the shipped RPMs somewhere into your harddrive; e.g. | D=/srv/data/mirror/fedora/core | rsync -a /media/cdrom/Fedora/RPMS/ $D/3/i386 b) ditto for updates (e.g. execute a daily cronjob mirroring the updates directory) | rsync -a http:/// $D/3-updates/i386 c) create the yum filesystem structure there: | mkdir -p $D/.yum/3/i386/{base,updates} | ln -s ../../../../3/i386 $D/.yum/i386/base/RPMS | ln -s ../../../../3-updates/i386 $D/.yum/i386/updates/RPMS d) create the repo there | createrepo $D/.yum/i386/base | createrepo $D/.yum/i386/updates e) ... similarly for apt ... ;) 2. register them as the repository for FC3 a) | mkdir -p /etc/vservers/.distributions/fc3/yum.repos.d b) | cat EOF /etc/vservers/.distributions/fc3/yum.repos.d/fc3.repo [base] name=Fedora Core $releasever - $basearch - Base baseurl=file:///srv/data/mirror/fedora/core/.yum/3/$basearch/base enabled=1 gpgcheck=1 EOF c) | cat EOF /etc/vservers/.distributions/fc3/yum.repos.d/fc3-updates.repo [updates] name=Fedora Core $releasever - $basearch - Updates baseurl=file:///srv/data/mirror/fedora/core/.yum/3/$basearch/updates enabled=1 gpgcheck=0 EOF To be more flexible, I strongly suggest to create an ftp or http vserver which provides the tree at $D. But for bootstrapping, the file:// based repo is ok. You will have to use hardcoded version strings ('3') instead of the flexible '$releasever' in the URL; yum does not provide any way to override this at runtime. Feel free to write a bugreport for yum ;) 3. Now, you can begin to create vservers | # vserver test build -m yum -- -d fc3 and install additional packages; e.g. | # vyum test -- install cfengine | # vrpm test -- -q cfengine 4. When you really need it, you can internalize the packagemanagement with | # vserver test -- pkgmgmt internalize But most of my vservers do not have internal packagemanagement; it adds additional dependencies and my vservers shall be minimal. Current (0.30.207) util-vserver version has a bug in the internalization process: you have to remove the '%_rpmdb' macro manually from /etc/rpm/macros in the vserver. Currently, yum configuration is not copied neither so you have to do this manually. What I am particularly curious about is the usage of the various .rpmdb directories inside each vserver, It is used to mount the rpm database in a secure way. "Secure" means that programs running in the vserver can not modify it. This is solved by 1. creating a new namespace before real rpm operations 2. bind-mounting '/vservers/.pkg/.../rpm/state' to /vservers/.../.rpmdb; this operation is done in a secure way 3. creating a new namespace and unmounting /.rpmdb before scripts are executed 4. changing the context before executing scripts The /.rpmdb mountpoint has to be in the toplevel directory; else when it would be e.g. /var/lib/rpm, an attacker within the vserver could create a /var/lib - /var/foo symlink and place a malicious rpm database (e.g. a such one which causes buffer overflows) into /var/foo/rpm. There are some tricks like mounting the new database into the host also which workarounds some bugs in rpm. and the .pkg directory structure under the vdirbase, and how they are related. Program-depending directories are directly placed under /vservers/.pkg (e.g. 'rpm', 'apt' or 'yum'). Then, there are case depending directories like 'rpm/etc' which corresponds to '/etc/rpm', or 'rpm/state' which holds the rpm database, or 'yum/etc' for the configuration, or ... An important file is the the generated rpm-macros file (rpm/etc/macros): it contains both the %_rpmdb macro mentioned above and a line like: | %_netsharedpath /dev:/etc/rc.d/init.d/halt:/sbin/new-kernel-pkg:/usr/bin/rhgb-client This is needed to prevent installation of certain files (e.g. the default '/etc/rc.d/init.d/halt' causes problems on vserver shutdown, or '/sbin/new-kernel-pkg' makes installation of kernel package fail). Enrico __
Re: [Vserver] problems with vserver create -m yum
That's part of what vserver create should be installing, but it can't run properly. Daniel Hokka Zakrisson wrote: Paul S. Gumerman wrote: I'm following (and correcting where I can) the CentOS distribution howto here: http://linux-vserver.org/CentOS_HowTo this is on a dual Opteron box, using the x86_64 arch, and I'm having a problem with yum. It seems that the $releasever variable is not being set to 4 or 4.0, and so when yum attempts to grab info from the repository, it is trying to access http://mirror.centos.org/CentOS/Null/updates/x86_64/repodata/repomd.xml instead of http://mirror.centos.org/centos/4/updates/x86_64/repodata/repomd.xml I tried the obvious step of exporting releasever=4, but that had no effect. Can anyone help? You should install the centos-release package, or whatever the package that provides redhat-release is called in CentOS. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] MTA inside a vserver
I hope this isn't considered to be an idiotic question, but here goes: What's the minimal way to configure a vserver (using FC3 for both host and guest) to be able to send OUTGOING email via the sendmail service that is already running on the host I've got cron jobs running in a vserver that can't send mail to me. I'm hoping that there's something less heavy-weight than installing sendmail into each vserver. Thanks, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOs distribution
My thoughts exactly! I'll be doing a test install today, then patching a kernel for drbd + linux-vserver. Daniel S. Reichenbach wrote: Hi, This may be somewhat off-topic, but why is it that people like centos which seems to me like REL without support. Since support is what REL is all about, wouldn't it be better to go with FC3 (soon 4) rather than a bunch of outdated software that comprises EL? What am I missing? Fedora Core is updating packages way to fast. While I believe it is fine for personal use to always have the latest version of a package, in business it seems more appropriate to have a working version and only upgrade for security reasons or bug fixes - which is what also differs RHEL from FC - and upgrade to newer versions only if it has significant benefits to offer. I have tried to use Fedora Core for business projects, but this is not a Good Thing(tm). Since I am using FC since its first release, I have noticed, they release packages breaking backward compatibility or even the complete system at least every fourth month. While the rate has lowered, it still is to high for professional use I'd say. IMHO for business projects you need systems where you can say they will run for two or three years without flaws. This is what RHEL offers with support and CentOS without support. With kind regards, Daniel S. Reichenbach ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOs distribution
SELINUX can be disabled at boot time, or I can remove it from the kernel build. I *know* that I'm going to have to rebuild the kernel. Should be interesting to see whether I can patch the Centos-RH kernel sources, or if I'll have to start with vanilla. I was going to do this today, but a good friend came by with a PC infected with CoolWebSearch. If I'm every in the presence of the jerk that wrote THAT crap, I may just employ the .357 solution. Damn ... but it was hard to get rid of! Ehab Heikal wrote: Centos 4 is based on 2.6 kernel, is the 2.6 branch stable. Plus RH now has selinux security enhancements these will not be compatible with a plain vanilla kernel like vserver. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul S. Gumerman Sent: Monday, April 04, 2005 10:41 PM To: vserver@list.linux-vserver.org Subject: [Vserver] CentOs distribution Has anyone tried the CentOs 4.0 distribution with linux-vserver? It's a repackage of RedHat Enterprise Linux 4.0. I'm currently using A mish-mash of FC1, 2 3 and I'm considering a switch to CentOs. Two of my servers are Opteron-based, so I'm particularly interested if you are using the x86_64 arch. http://www.centos.org Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver + dietlibc ...
Herbert --- a small typo here: with glibc, every v* command which executes something fails with execv*: permission denied That should read: with dietlibc, every v* command which executes something fails with execv*: permission denied glibc seems to work fine. BTW what are the Known issues with glibc Herbert Poetzl wrote: ... is not working on at least two platforms: x86_64 (aka amd64) --- tried several dietlibc versions - dietlibc-0.27-4.src.rpm - self compiled 0.28 release - cvs release 31.Mar.2005 - debian 0.28 version all on Fedora Core release 3 (Heidelberg) (tools work fine with glibc, except for the known issues) with glibc, every v* command which executes something fails with execv*: permission denied even disabling noexec (noexec=off) did not improve the situation ... the following dietlibc test program works fine: #include stdio.h #include stdlib.h #include unistd.h int main(int argc, char *argv[]) { int ret; ret = execvp(echo, argv); /* not supposed to get here */ if (ret) perror(execvp); exit(1); } ppc (7450) after adding a bunch of patches to dietlibc, the dietlibc itself compiles (0.28++) and can be installed ./configure complains ... configure: WARNING: ext2fs/ext2_fs.h: present but cannot be compiled configure: WARNING: ext2fs/ext2_fs.h: check for missing prerequisite headers? configure: WARNING: ext2fs/ext2_fs.h: see the Autoconf documentation configure: WARNING: ext2fs/ext2_fs.h: section Present But Cannot Be Compiled configure: WARNING: ext2fs/ext2_fs.h: proceeding with the preprocessor's result configure: WARNING: ext2fs/ext2_fs.h: in the future, the compiler will take precedence configure: WARNING: ## -- ## configure: WARNING: ## Report this to [EMAIL PROTECTED] ## configure: WARNING: ## -- ## although the following is installed: - libext2fs2-1.35-1mdk - libext2fs2-devel-1.35-1mdk and finally the compile fails with: if diet ppc-mandrake-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I. -I ./lib -I ./ensc_wrappers -D_GNU_SOURCE -D_REENTRANT -DNDEBUG -O2 -fsigned-char -frename-registers -mcpu=750 -mtune=7450 -pipe -std=c99 -Wall -pedantic -W -MT src/vshelper-sync.o -MD -MP -MF $depbase.Tpo -c -o src/vshelper-sync.o src/vshelper-sync.c; \ then mv -f $depbase.Tpo $depbase.Po; else rm -f $depbase.Tpo; exit 1; fi src/vshelper-sync.c:89:4: #error vshelper relies on the Linux select() behavior (timeout holds remaining time) this is on Mandrake 9.1 (Bamboo) for ppc but it fails with the very same issue on Yellow Dog Linux (and probably Mandrake 10.1, but not tested) please investigate! TIA, Herbert PS: please let us know when you will find some time to look into it ... ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vservers under Debian
dietlibc version 0.28 built fine on x86_64, but it simply didn't work (caused all kinds of problems with vserver). Paul Ola Lundqvist wrote: Hello On Mon, Apr 04, 2005 at 05:33:37PM +0200, Herbert Poetzl wrote: On Mon, Apr 04, 2005 at 07:35:40AM +0200, Ola Lundqvist wrote: Hello On Thu, Mar 31, 2005 at 05:16:28PM +0100, Gaz Wilson wrote: Does anyone have any experience with the development branch of Vserver and Debian? Yes I'm the maintainer and yesterday util-vserver 0.30.204 finally found it's way to sarge. hey, great! Yes. There were a couple of issues with dietlibc but I have got help from some people, including the dietlibc maintainer and now it build fine on all arches, except hppa and arm, that it should not build on as there is no reserved syscall. 0.30.205 is out (but requires some changes) so I'd suggest waiting for 0.30.206 and update to that once done ... Ok, I'll wait for 0.30.206 to come out then. I got a bug report on vserver-copy that it should have --numeric-ids added to the rsync command to preserve permissions properly. It would be great if that is added as well. Regards, // Ola best, Herbert So if would be really nice if you could try this on this version of util-vserver as well. If there is any problem, I would like bug reports so it can be fixed. Happy hacking! Regards, // Ola I'm having trouble with things not running within the vserver, most notably "w" and "ifconfig", although my testing stopped there, there may be many more... I have a totally clean build of Debian (Sarge), running kernel 2.6.11 and VS 1.9.5 built from source. I have built util-vserver-0.30.204 from source, with the following configure line: ./configure --with-vrootdir=/local/vservers Which went well, this was installed. I have then created a vserver with the following command line: vserver test01 build -m debootstrap --hostname test01 --netdev eth0 --interface 172.29.31.242/16 -- -d sarge Which appeared to go well. I then started it up: host01:/# vserver test01 start Starting system log daemon: syslogd. Starting kernel log daemon: klogd. Starting MTA: exim4. Starting internet superserver: inetd. Starting deferred execution scheduler: atd. Starting periodic command scheduler: cron. All OK so far, but when I enter the server, I get all sorts of oddness... If I enter the vserver, then execute in this order: ls, mount, df, w, ifconfig, ifconfig -a, mount /proc and id - I get: host01:/# vserver test01 enter mesg: /dev/pts/0: Operation not permitted test01:/# ls bin dev homelibmnt proc sbin sys usr boot etc initrd media opt root srv tmp var test01:/# mount /dev/hdv1 on / type ufs (defaults) none on /proc type proc (defaults) none on /tmp type tmpfs (size=16m,mode=1777) none on /dev/pts type devpts (gid=5,mode=620) test01:/# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/hdv1 63457000176252 60057308 1% / none 16384 0 16384 0% /tmp test01:/# w Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: /proc /proc procdefaults In the meantime, mount /proc /proc -t proc test01:/# ifconfig Segmentation fault test01:/# ifconfig -a Segmentation fault test01:/# mount /proc mount: permission denied test01:/# id uid=0(root) gid=0(root) groups=0(root) I have read many many pages of documentation from various servers including: http://lena.franken.de/linux/debian_and_vserver/vserver.html http://linux-vserver.org/alpha+util-vserver http://www.13thfloor.at/vserver/* http://www.solucorp.qc.ca/miscprj/s_context.hc etc etc but to no avail. Has anyone seen this issue before and can they advise me what might be astray? I guess there could be something in the kernel that is missing or needed, but I couldn't say... GW -- / Gary Wilson, aka dragon/dragonlord/dragonv480\ .'(_.--. e: [EMAIL PROTECTED] MSN: dragonv480 .--._)`. _ | Skype:dragonv480 ICQ:342070475 AIM:dragonv480 | _ `.( `--' w: http://volvo480.northernscum.org.uk `--' ).' \w: http://www.northernscum.org.uk / ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- - Ola Lundqvist --- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
Re: [Vserver] Vservers under Debian
Ola Lundqvist wrote: Hello On Mon, Apr 04, 2005 at 12:44:07PM -0400, Paul S. Gumerman wrote: dietlibc version 0.28 built fine on x86_64, but it simply didn't work (caused all kinds of problems with vserver). I did not really understand this. I understand that dietlibc compile on x86_64 but: * dietlibc, do it work? not for util-vserver * util-vserver, do it compile? yes * util-vserver, do it work? no Regards, // Ola ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] CentOs distribution
Has anyone tried the CentOs 4.0 distribution with linux-vserver? It's a repackage of RedHat Enterprise Linux 4.0. I'm currently using A mish-mash of FC1, 2 3 and I'm considering a switch to CentOs. Two of my servers are Opteron-based, so I'm particularly interested if you are using the x86_64 arch. http://www.centos.org Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Possible newbie type question
Herbert, I'm sure there must be a very interesting story surrounding the "flower page". Care to let us newbies in on the joke??? Paul Herbert Poetzl wrote: On Tue, Mar 29, 2005 at 03:18:14PM +0100, Gaz Wilson wrote: Hi! I have recently built a test server using Debian and have installed the Debian packages for vservers (running on a 2.4 kernel) I then found that the development releases for 2.4 and 2.6 kernels have much more interesting and fun options that would be of use to me, so I rebuilt the Debian box (using Sarge) and opted to install vs 1.9.5-rc1 on a 2.6 kernel with the GRSec 2.1.3 patches - all has gone well. To complement this, I downloaded util-vserver-0.30.203, but I have a question which probably has a very obvious answer - the above tool package does not have a newvserver script with it, so I am at a loss as to the "proper" way to add new virtual servers onto the system? the newvserver script has been obsoleted almost a year ago, and you can find some examples for the util-vserver tools, and a complete description of the configuration tree at: http://linux-vserver.org/alpha+util-vserver http://www.nongnu.org/util-vserver/doc/conf/configuration.html Any advice appreciated :) 1.9.5 is released (2.6.11.6 is current), tools are 0.30.205, you can get the relase at: http://www.13thfloor.at/vserver/d_rel26/v1.9.5/ and the tools at http://www.13thfloor.at/~ensc/util-vserver/files/alpha/ HTH, Herbert GW -- / Gary Wilson, aka dragon/dragonlord/dragonv480\ .'(_.--. e: [EMAIL PROTECTED] MSN: dragonv480 .--._)`. _ | Skype:dragonv480 ICQ:342070475 AIM:dragonv480 | _ `.( `--' w: http://volvo480.northernscum.org.uk `--' ).' \w: http://www.northernscum.org.uk / ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] I'm in trouble now ....
Enrico --- thanks for the quick help. The kernel is compiled with SELINUX, but also compiled with SELINUX disabled. The thing is, this was all working fine a short time ago; I'm completely boggled! Should I recompile with those CFLAGS next, or what? Enrico Scholz wrote: [EMAIL PROTECTED] ("Paul S. Gumerman") writes: I tried to start loco-reference, but got the message "an error occurred very likely that initscript faild " with no other details regarding just what had failed. When I started it again, I did get the message that lines 1 and 3 in the fstab had failed because the fs's were already mounted, so it did get that far, at least. I also found that I could no longer stop any of the running vservers. The message was " still running unexpectedly. Please investigate it manually." Running vserver-stat results in a Segmentaion fault. Tracking this segfault would be helpfully. Do you see kernel messages (oops) there? Else, possible ways to trace it are: * chcontext --xid 1 strace vserver-stat * chcontext --xid 1 gdb vserver-stat -- r + bt I tried these two ... [EMAIL PROTECTED] ~]# chcontext --xid 1 strace vserver-stat New security context is 1 chcontext: execvp("strace"): Permission denied [EMAIL PROTECTED] ~]# chcontext --xid 1 gdb vserver-stat -- r + bt chcontext: execvp("gdb"): Permission denied [EMAIL PROTECTED] ~]# Ran "vserver fc3-reference hashify", which ran ok with one message (sorry, can't recall it now). The exact message would be helpful perhaps. I know, I know ... sorry, but it only did it the one time, now I just get the "vserver ... suexec" message. But obviously something bigger than just vhashify problems is happening here, so I'm not too concerned about this point at the moment. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] I'm in trouble now ....
Herbert ... hope you can help. Here's what's happened: I've had 1.94-rc4 with kernel 2.6.11-rc3 running just fine on a dual Opteron box under FC3-x86_64. I have two vservers that I startup on reboot, and two more "reference" servers that were startable. These are all FC3-x86_64 vservers. Thursday, I did a "yum update", and got 18 packages updated. Then I downloaded vserver-util-0.30.205 (I was REALLY excited to read about vhashify, and wanted to try it), found an updated dietlibc-0.28 (previous version would not build on x86_64), built and installed that, then built and installed util-vserver. Ran "vserver fc3-reference hashify", which ran ok with one message (sorry, can't recall it now). Then tried "vserver loco-reference hashify" which failed with a message saying "vserver ... suexec is support for running vserver only; aborting ..." BTW, that should read "supported". I tried to start loco-reference, but got the message "an error occurred very likely that initscript faild " with no other details regarding just what had failed. When I started it again, I did get the message that lines 1 and 3 in the fstab had failed because the fs's were already mounted, so it did get that far, at least. I also found that I could no longer stop any of the running vservers. The message was " still running unexpectedly. Please investigate it manually." Running vserver-stat results in a Segmentaion fault. I tried going back to util-vserver-0.30.203 ... didn't change anything. I tried linking with glibc ... again no change. I tried rebooting ... no change. One interesting thing ... the two vservers that are set up to start on boot still start! (Which is a very good thing, since my development database in now running in one of those vservers.) Also, this might be a hint: if I try running vtop (as root) I get "chcontext: execvp: ("top") Permission denied" I also just noticed that the attempt to hashify, after the reboot, now also says "failed to determine configfiles". ARRRGGGHHH! Let me know if there's any more info that I can provide Hopefully, Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [announce] util-vserver 0.30.205 + status report
Where can I find this? It doesn't appear to be available at the 13th floor site ... the latest I see is 30.204. Paul Enrico Scholz wrote: Hello, version 0.30.205 util-vserver (alpha branch) is out. Noticable changes are a new 'vhashify' command which is a successor of 'vunify'. It uses some aggressive techniques like mmap'ing of files and the creation of sparse files. To prevent data lossage, it is strongly recommended to execute 'make check' when using non-ext3 filesystems. (Unfortunately, the 'cmp' tool is sometimes not configured for large files and will create false positives). Another issue is 'vyum': the current 'yum' version makes it impossible to execute it when the vserver is running (there, /.. might be unequal to /). A fix for yum can be found at https://bugzilla.redhat.com/beta/show_bug.cgi?id=146650#c1 but the upstream author dislikes it. Feel free to request another fix there ;) Enrico ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Performance of vserver
Herbert ... memory might be the issue here, after all it means less than 50MB for each vserver, that might easily drag you into swapping which very easily gets you into trashing ... While "trashing" is not a bad description of the consequences, the word is "thrashing" . REALLY REALLY BIG GRIN!! Paul Herbert Poetzl wrote: On Wed, Mar 16, 2005 at 11:00:55PM +0100, Werner Schalk wrote: Hi Herbert, thank you for your answer. memory might be the issue here, after all it means less than 50MB for each vserver, that might easily drag you into swapping which very easily gets you into trashing ... Is there a way of setting up a swap file for every vserver so that they do not run out of memory? well, you can have as many swap files as the OS (and your disk space) permits, but that won't help you with the memory ... in other words, if you run out of _memory_, then the system will start using the _swap_ space and that will slow down everything, maybe leading to trashing which is not what you want to have on a vserver host ... don't forget, the disks are nowadays a few powers slower than the memory, which is already a few powers behind the cpu ;) HTH, Herbert Thanks a lot again and bye, Werner. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] New vserver config vs. legacy config
As a new user I'm hesitant to barge in like this, but I feel strongly on this issue. I have to say that the new configuration, with it's staggering number of subdirectories, is TERRIBLE to use. I don't understand what drove the decision to go this way ... there is an enormous value in being able to see all the configuration information in ONE place, at ONE time, and a real cost to not being able to do so. Herbert Poetzl wrote: On Tue, Mar 01, 2005 at 11:49:52AM -0800, Roderick A. Anderson wrote: On Tue, 1 Mar 2005, Brian Ipsen wrote: I've attached my wbel3-minimum file here (copy/paste from a Windows based pc, you might want to convert it first). It might be possible to reduce it further - first of all I'd just like to get a server ip and running inside the vserver environment - than I can play around with reducing the number of needed RPM's afterwards ;-) Thanks I'll check it out. I just went through a Fedora Core 3 install of the main server and was very unhappy with all the 'stuff' included when I didn't request it. I'm hoping to come up with a _really_ minimal set for the main server and the vserver. They are being read from /home/wbel3 - I've copied all RPM packages into that dir... "rpm -k *.rpm" doesn't show any packages as damaged. RAM/swap issue. IDE drives? And the best a friend ran into was a bad controller/cable combination though that was connected to a IDE RAID card. I'm using a modified install- script - which has been modified io read the wbel3-minimum list, and grab the RPMs from the dir in the /home folder, instead of using the CD-Rom drive I don't know if the linuxconf gui is better to handle this stuff.. Different. Jacques is still doing some development on it and I like the brain-dead simple interface for something I do rarely -- create new vserver. I only use it from the command line so the gui is text based. hmm, may I ask a question here? is it the pseudo graphical interface (curses) of linuxconf which makes it brain-dead simple or is it something else? because if that is really an important issue here, we could consider something like make menuconfig does for the kernel (for vserver creation) TIA, Herbert I'll look at your list and see what it will take to test it on the system I am working on right now. Rod -- "Open Source Software - You usually get more than you pay for..." "Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL" ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Can't start vserver on x86_64 with 2.6.11-rc3-vs1.94
I'm at the point where I need some help. The machine is a dual Opteron, with Fedora Core 3 installed. I've downloaded a vanilla 2.6.11rc-3 kernel, and patched it with the latest vs1.94-rc4 patch set, which applied and built cleanly. Then I built the util-vserver packages from source, and installed them with rpm. Since I want to try things first with a FC3 x86_64 virtual server, I ended up using the legacy option to build vserver vts64. I then edited rc.sysinit to remove most everything. I also created a test server with the skeleton build option, and used that info and info from Google to create the newer config files for vts64. I'm fairly certain that all the config stuff is good. But .. when I try to start the vserver, I get this error message: vcontext: execvp(/etc/rc.d/rc): No such file or directory and the server fails to start. Of course, the file really IS there in the vdir, and in the proper place. I've searched high and low, and I cannot find anyone else having this particular issue. Any ideas? As an aside, I can't seem to get anywhere with building a vserver with yum --- it just complains about missing a .pkg directory. when I use the --pkgbase option, it seems to ignore it. Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Can't start vserver on x86_64 with 2.6.11-rc3-vs1.94
The "legacy" method did, in fact, ignore /lib64 and failed to copy it. After manually copying that directory, I got no error messages, but I still couldn't start the vserver. I finally managed to get the "yum" method to work, and the vserver starts YEAH! Jacques Gelinas wrote: On Thu, 17 Feb 2005 14:33:05 -0500, Paul S. Gumerman wrote I'm at the point where I need some help. The machine is a dual Opteron, with Fedora Core 3 installed. I've downloaded a vanilla 2.6.11rc-3 kernel, and patched it with the latest vs1.94-rc4 patch set, which applied and built cleanly. Then I built the util-vserver packages from source, and installed them with rpm. Since I want to try things first with a FC3 x86_64 virtual server, I ended up using the "legacy" option to build vserver "vts64". I then edited rc.sysinit to remove most everything. I also created a "test" server with the "skeleton" build option, and used that info and info from Google to create the newer config files for "vts64". I'm fairly certain that all the config stuff is good. But .. when I try to start the vserver, I get this error message: vcontext: execvp("/etc/rc.d/rc"): No such file or directory Do you have /lib64 installed in the vserver ? Maybe the build strategy ignore this directory (which only exists on x64). - Jacques Gelinas [EMAIL PROTECTED] dav_ufs: Access your home directory using WebDav http://www.solucorp.qc.ca/miscprj/dav_ufs.hc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: Fedora 3 X86_64 vserver
Mart, Adaptive Server Enterprise/12.5.0.3/EBF 10980 ESD#1/P/Linux Intel/Linux 2.4.18-18.7.xsmp i686/rel12503/1919/32-bit/OPT/Mon Mar 24 20:49:12 is running just fine in an FC3 2.6.11-rc3-vs1.94-rc4 kernel host, with a yum-installed vserver with the absolute up to the minute current FC3 updates. It all just *worked*, once I got everything copied over from my old development database machine, and got all the names and permissions set up for sybase. Oh I had to copy resolv.conf from the host into the vserver's vdir. I think that was it. Not yet tested, other than a query or two, but I've always found that if it ran at all, Sybase would work just fine. (Knocking on wood now ) Paul ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver