Re: [Vserver] linux-vrf
skip / Hello all. I found an interesting project -- http://linux-vrf.sourceforge.net/ The latest linux-vrf patch is for 2.6.8. Now I'm trying to adapt this patch to 2.6.12 + vserver, and I see that some code in both vserver and linux-vrf is written for similar tasks. My question is to the vserver devel team: would you try to look at the linux-vrf patch and add its functionality to vserver? Linux-vrf does the same with network flows that vserver does with processes. So, chvrf can completely supplement (if not supersede) chbind. For example, two processes, chbind'ed to one ipaddr, can communicate each other. But two processes, chvrf'ed to separate vrf domains, cannot do this except via external network routes or VPN tunnels (even being bind()'ed to the same ipaddr!). -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] linux-vrf
i'm having trouble getting multicast to work inside vservers. does your tool help with this? (see recent archives of list/irc on vserver, search on multicast) skip / I never worked with multicast so far. But I'll try and, if there will be any comments, I'll report you. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] linux-vrf
i'm having trouble getting multicast to work inside vservers. does your tool help with this? skip / And sorry my bad English: with found I mean past of find, discover etc. It's not my project :) Sorry for confusion. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] virtual servers and loopback interface[s]
... Hello. I have a situation when each virtual server must have at least one external and one local address. Local address must provide something like a loopback interface -- so any service in a virtual server can bind onto this address without a risk to be reachable from outside. I prefer to not use iptables in this task, cause of network performance issues. I setup local addresses like 10.0.0.x/32 on the loopback interface, and these addresses aren't reachable from an external network. But they still reachable from other virtual servers. Assume there are two virtuals -- test0 and test1. One virtual, test0 is chbind'ed to 10.0.0.2/32 and another -- to 10.0.0.3/32. But I still can telnet 10.0.0.2 from _test1_. Generally speaking, my question is: is there any ability to have an isolated loopback for every virtual server? Thanks. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] radlinux 0.2.7 announce
... Hello. Some months earlier :) I wrote about VServer-based distro. Now I can announce version 0.2.7. Short description: RAD GNU/Linux is a gateway solution, but can be used as a hosting platform or as a supervising system to run one or more secured context. Network capabilities: PPPoE, PPTP (with MPPE/MPPC), DHCP, 802.1Q, interface bridging with STP, advanced traffic shaping, and so on VServer-related capabilities: RAD GNU/Linux uses VServer as a primary mechanism to manage system services. Each RAD GNU/Linux' standard service runs in its own security context within its own namespace and unions over /etc and /var. Also there is a possibility to run virtual servers that can be used for hosting or to supply necessary services, not included in the RAD distro by default (Squid etc.) Hosting capabilities: safe contexts are used, w/o abilities to mount smth or to setup interfaces. RAD GNU/Linux' config supports limits including cpu scheduler. There are utilities (see docs) to manage disk quotas within virtual servers from the main system. Documents: http://www.radlinux.org/parts/docs . If there are smbdy to help me to proofread docs, this help will be very appreciated, cause English is not my primary language. Thanks. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] radlinux 0.2.7 announce
skip / OpenVPN ? skip / Planned. For this time I've got a request for PPTP, so, this build includes it. OpenVPN support will be included in next builds (I think, in two weeks or like that), 0.2.7 is not the final :) -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vattribute reducecap usage
On Wednesday 24 August 2005 11:07, Peter V. Saveliev wrote: ... skip / Why I got normal security in the first case and no security at all in the second? skip / sorry, the bug was in the script; but the first question remains -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver-0.30.208 build problem: more detailed
...
after subst 's/^\([[:blank:]]\+\)@/\1/' Makefile I got:
skip /
rm -f lib/util-vserver.pc
case '//lib' in \
/usr/lib) libflags=;;
\
*) libflags='-L${libdir}
';; \
esac;
\
case '//include/util-vserver' in
\
/usr/include|/usr/local/include)
pkgincflags=;; \
*)
pkgincflags='-I${pkgincludedir} ';; \
esac;
\
case '//include' in
\
/usr/include|/usr/local/include)
incflags=;; \
*)
incflags='-I${includedir} ';; \
esac;
\
sed -e 's!@'PACKAGE'@!util-vserver!g;
\
s!@'VERSION'@!0.30.208!g;
\
s!@'prefix'@!/!g;
\
s!@'exec_prefix'@!/!g;
\
s!@'libdir'@!//lib!g;
\
s!@'includedir'@!//include!g;
\
s!@'libflags@!${libflags}!g;' \
s!@'incflags@!${incflags}!g;' \
s!@'pkgincflags@!${pkgincflags}!g;' \
s!@'pkgincludedir'@!//include/util-vserver!g'
\
lib/util-vserver.pc.subst lib/util-vserver.pc
sed: -e expression #1, char 349: unterminated address regex
skip /
Any ideas?
--
Peter V. Saveliev
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] rlimit for memory usage
On Monday 22 August 2005 11:44, Oliver Welter wrote: Hi, sorry if this is a stupid question but I cant find an answer I have a maschine with 3 GB physikal RAM What must I put into the rlimits/ directory to allow the vServer to use a maximum of 1.5GB ??? skip / I don't know about rlimits/ directory, but for vlimit it can look like: vlimit --xid X --data 1572864 -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver-0.30.208 build problem: more detailed
On Monday 22 August 2005 16:56, Herbert Poetzl wrote:
On Mon, Aug 22, 2005 at 12:59:57PM +0400, Peter V. Saveliev wrote:
...
s!@'libflags@!${libflags}!g;' \
s!@'incflags@!${incflags}!g;' \
s!@'pkgincflags@!${pkgincflags}!g;' \
s!@'pkgincludedir'@!//include/util-vserver!g'
my first guess would be that those ${*flags} should
be replaced by the shell shortly before they are
fed into the sed expression ...
skip /
I fixed this in the very barbarian way, but it works for me... Check this
patch, please (attachment)
Thanks.
--
Peter V. Saveliev
diff -burN util-vserver-0.30.208/Makefile.in util-vserver-0.30.208-custom/Makefile.in
--- util-vserver-0.30.208/Makefile.in 2005-07-16 00:25:25 +0400
+++ util-vserver-0.30.208-custom/Makefile.in 2005-08-22 13:58:52 +0400
@@ -8743,16 +8743,16 @@
$(BAD_INC_PATHS)) incflags=;;\
*) incflags='-I$${includedir} ';; \
esac; \
- sed -e 's!@'PACKAGE'@!$(PACKAGE)!g; \
-s!@'VERSION'@!$(VERSION)!g; \
-s!@'prefix'@!$(prefix)!g; \
-s!@'exec_prefix'@!$(exec_prefix)!g;\
-s!@'libdir'@!$(libdir)!g; \
-s!@'includedir'@!$(includedir)!g;\
-s!@'libflags@!$${libflags}$(pkgconf_LIBFLAGS)!g;' \
-s!@'incflags@!$${incflags}$(pkgconf_INCFLAGS)!g;' \
-s!@'pkgincflags@!$${pkgincflags}$(pkgconf_PKGINCFLAGS)!g;' \
-s!@'pkgincludedir'@!$(pkgincludedir)!g'\
+ sed -e [EMAIL PROTECTED]@!$(PACKAGE)!g; \
+[EMAIL PROTECTED]@!$(VERSION)!g; \
+[EMAIL PROTECTED]@!$(prefix)!g; \
+[EMAIL PROTECTED]@!$(exec_prefix)!g;\
+[EMAIL PROTECTED]@!$(libdir)!g; \
+[EMAIL PROTECTED]@!$(includedir)!g; \
+[EMAIL PROTECTED]@!$${libflags}$(pkgconf_LIBFLAGS)!g; \
+[EMAIL PROTECTED]@!$${incflags}$(pkgconf_INCFLAGS)!g; \
+[EMAIL PROTECTED]@!$${pkgincflags}$(pkgconf_PKGINCFLAGS)!g; \
+[EMAIL PROTECTED]@!$(pkgincludedir)!g\
$ $@
test -z $(CHMOD_REFERENCE) || $(CHMOD_REFERENCE) '$' '$@'
chmod a-w $@
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] util-vserver-0.30.208 build problem
... Hello! I'm trying to build util-vserver-0.30.208, but I get following errors: 8--- sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_gated.subst' 'sysv/v_gated.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_httpd.subst' 'sysv/v_httpd.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_named.subst' 'sysv/v_named.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_portmap.subst' 'sysv/v_portmap.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_sendmail.subst' 'sysv/v_sendmail.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_smb.subst' 'sysv/v_smb.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_sshd.subst' 'sysv/v_sshd.tmp' sed -e 's!/usr/lib/util-vserver!/usr/lib/util-vserver!g; s!^USR_SBIN=/usr/sbin$!USR_SBIN=/usr/sbin!g; s!^DEFAULT_VSERVERDIR=/vservers$!DEFAULT_VSERVERDIR=/vservers!g' 'sysv/v_xinetd.subst' 'sysv/v_xinetd.tmp' /bin/sed -e '...' scripts/legacy/vps.pathsubst scripts/legacy/vps rm -f lib/util-vserver.pc /bin/sed -e '...' contrib/manifest.dat.pathsubst contrib/manifest.dat sed: -e expression #1, char 336: unterminated address regex make[2]: *** [lib/util-vserver.pc] Error 1 make[2]: *** Waiting for unfinished jobs /bin/sed -e '...' scripts/util-vserver-vars.pathsubst scripts/util-vserver-vars make[2]: *** Waiting for unfinished jobs make[2]: *** Waiting for unfinished jobs make[2]: *** Waiting for unfinished jobs make[2]: *** Waiting for unfinished jobs make[2]: *** Waiting for unfinished jobs make[2]: *** Waiting for unfinished jobs make[2]: Leaving directory `/home/peet/RPM/BUILD/util-vserver-0.30.208' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/peet/RPM/BUILD/util-vserver-0.30.208' make: *** [all] Error 2 make: Leaving directory `/home/peet/RPM/BUILD/util-vserver-0.30.208' 8--- Can anybody help me, where to find the root of evil? Thanks a lot. PS: I wrote about vserver-based linux mini distro -- about six months ago. Now I'm nearly finished the work. http://radlinux.org now uses vserver for service management as well as virtual hosting. If there will be people, interested in my work, I can announce release. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver application
skip / looks interesting, maybe you want to do a short introduction what RAD GNU/Linux is all about so that folks on the ML get a first impression ... skip / The system was created as easy to setup and use Linux-based router application. It is busybox-based, system image is ~13Mb for now. After booting from CD, HDD or via DHCP it resides in the operating memory and doesn't need any disk drive. System features -- r/o root fs, r/w parts reside on tmpfs stacked with root via unionfs. The system has simple Cisco-like shell written in AWK and one system-wide config. Some system capabilities (at this moment): + PCI NIC autodetection + routing, firewalling, with vlan support, bridging + dhcp, pppoe server + ip accounting with NetFlow + traffic shaping Todo: - VoIP gateway, asteriks - virtual hosting with vserver, maybe with admin web interface Screenshots: http://radlinux.peet.spb.ru/files/screenshots/rt-monitor1.png/view Documentation: http://rad.peet.spb.ru/files/doc/ -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vserver application
... I did it :) Test build of RAD GNU/Linux uses vserver for regular service management. Example: 8-- interface ethernet 0 address 10.0.0.2/24 address 10.0.0.3/24 address 10.0.0.4/24 ! resource-list test address 10.0.0.2/24 scheduler hard 30% limit nproc 16 files 8 limit data 4096 limit rss 1024 ! service httpd port 80 realm basic root:secret allow 192.168.0.0/255.255.0.0 resource-list test 8-- So service httpd will be limited to ~30% cpu load, 16 running processes, 8 open files, 4Mb data and 1Mb rss. And will only see 10.0.0.2/24. If there is anybody interested in details, mail me or see docs for 0.2.1 at http://rad.peet.spb.ru/files/doc/ PS: sorry poor English in docs -- I have no persistent proofreader, and this version still is not checked. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] some sched question
On Wednesday 06 April 2005 02:42, Herbert Poetzl wrote: skip / well, you probably didn't activate the sched_prio either, so the token bucket is not active at all ... skip / How I can do it? Also with vattribute? -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] some sched question
On Wednesday 06 April 2005 02:42, Herbert Poetzl wrote: skip / well, you probably didn't activate the sched_prio either, so the token bucket is not active at all ... skip / Ok! I read cflags-v13.c, so, with vattribute --set --xid X --flag Y I got all I need :) -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] unable to run ntp on vserver kernel / drop root privileges not allowed
01 2005 17:19 [EMAIL PROTECTED] (a): Hi All, I encountered a problem when I wnated to start a NTP on a vserver-base system i get cap_set_proc() failed to drop root privileges: Operation not permitted The system is Suse 9.2 with a vserver 2.6.9 kernel does ntpd start on this kernel in xid=0, that is, _not_ in virtual context? I'm not sure, but If it doesn't, see capabilities module or like that -- realtime etc, depends on the kernel configuration. -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] unable to run ntp on vserver kernel / drop root privileges not allowed
skip / does ntpd start on this kernel in xid=0, that is, _not_ in virtual context? yes the ntp is running in the main context I'm not sure, but If it doesn't, see capabilities module or like that -- realtime etc, depends on the kernel configuration. hmm - so I think I have to mod the sources as I cant find appropriate kernel config params... skip / So, that's not, what I think... I encountered the same problem, but on the normal kernels 2.6.8/9/10. The solve was to 'modprobe capabilities' or 'modprobe realtime'. But if ntpd runs in the main context, I think, it is not the same case. Maybe, you've to look around capabilities(7) to get appropriate CAP_* in the context? -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vsched
... # vsched --help Usage: vsched [--xid xid] 8-- Can anybody tell me, what mean these options? [--fill-rate rate] -- in which measure? percents? [--interval interval] -- milliseconds? nanoseconds? crocodiles per mile? ;) skip cause=clear/ [--prio-bias bias] -- what is bias? 8-- [--] [command args*] -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver 1.9.5 configuration questions
On Wednesday 30 March 2005 14:15, Herbert Poetzl wrote: skip / where I can read about it? http://linux-vserver.org/Linux-VServer-Paper-06 (06.3) http://linux-vserver.org/Linux-VServer-Paper-14 quote This example assumes that two servers have been allocated equal CPU time (FIXME - how is this configured?) /quote how is this configured? skip / option is now called tagxid ... http://vds.pas-mal.com/irclogs/vserver-log.20050303.html | Bertl hmm, guess I have to do a howto use for the vdlimit too ... | was hoping that it will be implemented properly in the | util-vserver before that happens ... didn't happen yet :/ Ok, I read vdlimit now, thanks. Mount with -o tagxid also works. skip / -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver 1.9.5 configuration questions
On Monday 28 March 2005 20:45, Herbert Poetzl wrote: skip / yes, that's right, but that doesn't mean that you just can have one address per interface, just more structured entries ok skip / that is what the token bucket scheduler is for ... where I can read about it? skip / yep per context disk limits on a shared partition are part of the 1.9.x releases, you just have to use xid tagged filesystems ... the same question? I found only http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits but attempts to mount ext2 with -o tagctx fail skip / just make sure to feed-back the changes, otherwise other folks will end up reinventing your bicycle ;) skip / I'll share packages after work is done, but I don't think that will be common case. I have no bash and I have only 12Mb (24 in the memory) system. So, as I think, I won't be able to use util-vserver as it is. Now I try to understand how it works, to make more simple analogue for more simple cases -- no build, no unify, no snapshots (for this time) -- I only wanna start, stop, enter and monitor vservers. More about the project is on http://rad.peet.spb.ru/ -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] util-vserver 1.9.5 configuration questions
... Now I plan to migrate to 1.9.5 2.6.11, 'cause of resource limits; and I have some questions: 1) is it right, that I've to create one directory /etc/vservers/vserver-name/interfaces/iface per interface and there can be only one address on such interface? I didn't read the code, I'll do it while going to the home this night, but the answer will help me anyway. Now I use rewritten vserver (util 1.28), that adds addresses via iproute2, not ifconfig, so, I haven't any problems with address labels etc. 2) where I can find documentation on /etc/vservers/vserver-name/rlimits/* syntax? Can I define hard limits on cpu memory usage per context? E.g., I want context bala.org to use not more than 50% CPU time, roughly speeking. Now I have to monitor vserver cluster and to stop a context manually (via script, anyway), when it consumes too much CPU or memory. 3) Now I use LVM, so there is no problems with disk quotas: there is only one context per partition. Now I want my system to get smaller and plan to refuse LVM. Is there per context disk limits in 1.9.5? PS: package size and config simplicity are critical, so, I'll read new util-vserver code (at least shell scripts ;) anyway, and will patch it to fit my needs, as I did it before with 1.28. But I don't wanna invent a bicycle, so, thanks for any help. PPS: sorry my terrible English -- Peter V. Saveliev ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
