Re: [Vserver] The $64,000 dollar question
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: snip / So the big question is which (preferably YUM-able) distribution should I use for the host? I'm currently thinking CentOS 5 as it has an end-of-life in about 5 years. I hope to be retired by then. :-) Plus I believe I read that it is actually supported in Daniel's repository. Unfortunately not, I haven't had enough round tuits lately, but you can use the FC6 kernel RPM (though that is not as updated as I'd like it to be, Fedora no longer updates the public tree) for now. Daniel, How about the util-vserver RPMs? Can I build them for CentOS 5 from another distribution or does the tarball handle the distribution? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Vserver copy. The saga continues!
The builds using rsync are going well but this has created a bit of a problem. Typically I build using yum as the method. This creates all the necessary files in /etc/vservers/guest/apps. Using rsync doesn't. Is there a command/incantation to convert a vserver guest to another package-management system like yum, apt-get, etc? I suspect the pieces to do this are in the vserver script but if the method is just undocumented it would be quicker. TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver copy. The saga continues!
Chuck wrote: On Thursday 12 July 2007 13:55, Roderick A. Anderson wrote: if i use vserver build with its rsync options it makes the /etc/vserver/guest directory for me just like any other build using vserver. are you using rsync by itself? maybe thats why. the vserver application automatically makes the /etc/vserver/guest areas for anything as far as i know. Nope. vserver guest build -m rsync ... i noticed you mention /etc/vserver/guest/apps you use other files besides style and mark? i many times use mtab for certain things but i just copy a 'template' mtab file in. since most of my guests are not cookie-cutter i usually have to modify the settings in the /etc/vserver config area anyway so its no big deal to copy/modify capability files, mtab,add name to interfaces etc. Yeah, apps/pkgmgmt/* is not created. I've done the copy and edit route as you said in your other post but it is such a candidate for scripting I figured it might have been. But then how often does one change the package management system they are using? Well beside me. 8-( i have never gotten into different pkg mgt systems and have never used them to build a guest, only to update its own files internally. i suppose i am 'far behind the times', but i treat each guest as its own server and run the updates internally etc. (doesn't get me in trouble that way :) ). Here is the problem. vyum complains with vcontext: execvp(yum): No such file or directory Which is only one of the missing files. So I'll be looking in to building yet-another-script to do this or add it to the existing vserver script. I think it's bash/shell and not python. Thanks for the thoughts, Rod -- The builds using rsync are going well but this has created a bit of a problem. Typically I build using yum as the method. This creates all the necessary files in /etc/vservers/guest/apps. Using rsync doesn't. Is there a command/incantation to convert a vserver guest to another package-management system like yum, apt-get, etc? I suspect the pieces to do this are in the vserver script but if the method is just undocumented it would be quicker. TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The $64,000 dollar question
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Thanks to all for your help and suggestions on copying Vserver guests. So far it has worked quite well. I'm now on to newer things which brings me to the question. What distribution should I use for the Host? With Daniel's excellent repository(s) I have been using Fedora Core 5. I has been very stable and makes any work in the host easy. And then the guests get FC5 which with vyum makes them very easy to to maintain/enhance. But I just went through a repository hell trying to update the host. Not sure what was going on but I suspect that with FC5 at end-of-life this will happen more often. Repository hell? Meaning what, exactly? I was checking for updates yum check-update and got md5sum failure for twenty plus extras repositories before I walked off to do something else. Came back so 10 minutes or more later and the check was done. So the big question is which (preferably YUM-able) distribution should I use for the host? I'm currently thinking CentOS 5 as it has an end-of-life in about 5 years. I hope to be retired by then. :-) Plus I believe I read that it is actually supported in Daniel's repository. Unfortunately not, I haven't had enough round tuits lately, but you can use the FC6 kernel RPM (though that is not as updated as I'd like it to be, Fedora no longer updates the public tree) for now. Year I know about that. I've been trying to figure out a way to counterfeit or steal them. No luck so far. And does it make sense to use an _older_ distribution in the guests that don't change much? Sounds like the definition of an enterprise-distro, so CentOS should be fine there too... Well I was thinking of the Fedora series. But I'm liking CentOD more and more. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Hosts and Guests and NTP; oh my.
I need to provide time services for the local network (less than 50 servers, workstations and Windows boxes) and since that is pretty lite weight I'm thinking of putting it into the guest that will be handling DNS queries. But ... I'm pretty sure a guest normally can't change the system clock so I plan on having the host run ntpd for setting the system time and the guest provide the service to the network. Is this a disaster waiting to happen? Are there any other/better ways to do this? Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Hosts and Guests and NTP; oh my.
Chuck wrote: On Tuesday 03 July 2007 19:07, Roderick A. Anderson wrote: I need to provide time services for the local network (less than 50 servers, workstations and Windows boxes) and since that is pretty lite weight I'm thinking of putting it into the guest that will be handling DNS queries. But ... I'm pretty sure a guest normally can't change the system clock so I plan on having the host run ntpd for setting the system time and the guest provide the service to the network. Is this a disaster waiting to happen? Are there any other/better ways to do this? we run several time servers and to be honest i wouldn't even consider making a vserver guest a time server. let the host do it all. it takes literally no resources and is easy to configure. our 3 host machines each is a time server as well, offering ntp service to different portions of our networks. the time spent in massaging configurations to allow a vserver to serve time, if it can even be done properly, is better spent in having a nice dinner :) i have found vservers answer 99.% of my needs, but ntp is one service i would not even consider for virtualizing. my 2 cents anyway :) A very excellent two penny's worth. The plan developed before I remembered there might be an issue. Not wanting to admit to others at work it might not be so great I forged on. Thanks for the clue-stick. Rod -- Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] fuse ( sshfs ) in guests
Before I start messing around with systems is anyone running fuse-sshfs from inside a guest? I see the fuse module, so I assume :-), all I need to do is get it loaded then install fuse-sshfs, fuse, fuse-libs into a guest. I am a little concerned that fuse and fuse-libs might clash with the vs2 module? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 End of Life and Linux-Vserver
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: With the announcement of the EOL for Fedora Core 5 I'm wondering where I should go next or if I should go ... next? So actually this is more a question for Daniel Zakrisson since he provides the FC5 vserver kernel and vserver-utils RPMs and the repository. How long do you think you'll keep updating the FC5 stuff? Thanks, Rod I guess I'll handle it the same way I handled the FC4 EOL, i.e. keep pushing updates until the base kernel (2.6.20) is no longer receiving them. As for the utils, I hope Enrico will manage to get 0.30.213 in before the EOL, and that should be fine for a while at least. Thanks Daniel. I have a few Vserver hosts based on FC5 and only a partially finished server ( hardware ) to use as a staging/transition system. I see you have the FC6 RPMs in place but my experience with FC6, at least as a workstation, was less than satisfactory so I'm holding/hoping FC7 will be better. Again thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Catalyst Framworks (perl not CISCO) and Vserver
This is going to be very vague but please bear with me. We just rebooted into a new kernel 2.6.20-1.2312.fc5.vs2.2.0.1smp and now the Catalyst test servers (http) will not automagically restart correctly when they detects changes in the .pm files. I see the message it has noticed the changed file but then just sits there until I Ctrl-C and start the server again. This was working with the 2.6.18-1.2255.fc5.vs2.0.2.2.0.rc9.1smp kernel. Anyone familiar with Catalyst and/or have an idea where to look for what is causing this? I'm thinking capabilities but with the change in both the base kernel and the Linux-vserver I could use a clue as to where to look. It is mostly an irritation to have to manually restart the Catalyst test server but I forgotten when I made a change to the application code and wondered why my changes didn't take affect. :-( Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] FC5 End of Life and Linux-Vserver
With the announcement of the EOL for Fedora Core 5 I'm wondering where I should go next or if I should go ... next? So actually this is more a question for Daniel Zakrisson since he provides the FC5 vserver kernel and vserver-utils RPMs and the repository. How long do you think you'll keep updating the FC5 stuff? Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CIFS-mounts in vserver guests: solved
Wilhelm Meier wrote: Am Montag, 2. April 2007 schrieb Wilhelm Meier: after our conversion I got the quick cifs hack running (using a special CLONE-flag for the cifs-thread). The I got this patch, which changes the api to kthread_run. But, the problem remains. I still got this error in dmesg: I've to correct myself! I had a configuration flaw ... if the patch is in place, it works as expected. CIFS-shares can be mounted inside the guests. Wilhelm, Would you be willing to put some instructions together on what it takes to do this? TIA, Rod -- - Wilhelm ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 Linux-Vserver ( gotcha ).
Daniel Hokka Zakrisson wrote:
Roderick A. Anderson wrote:
I found another slight gotcha in the install process.
I think the following is the fix.
After:
A. Installing the vserver utilities system from rpm
Need to run the command:
service vprocunhide start
And in the future (util-vserver 0.30.213+),
service util-vserver start
Daniel is there a discussion for util-vserver going on? IRC or another
mailing list? The ease of set-up and use of Linux-Vservers is my main
interest so I would like to follow along and know what is planned and
happening.
I think I saw a thread that indicated you were actually or kind-of
taking on development of util-vserver.
would be a good idea. The easier, non-version specific way would be to
just reboot again after installing the utils, but that's not at all as
pretty.
This idea did cross my mind but since I had just rebooted to get the new
kernel running it went against the grain for me.
Could the command
yum install util-vserver{,-core,-lib,-sysv,-build}
be run before rebooting the system? Then the new kernel would be
started along with the rest of the utilities with a single reboot.
Not sure if the util-vserver{,-core,-lib,-sysv,-build} need to have a
running vserver kernel to do the right stuff.
Rod
--
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] OSCON 2007?
Anyone planning on attending OSCON in 2007? Anyone planning a presentation on Linux-Vserver? Where do we go and who do we talk to about this? My assumption is it would cost too much for an individual or their company to pay on their own for most of the active developers. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: I keep loosing track of who does/has done what. Another point to to clarify is if there is still the issue with the pam modules. Section 5, third bullet. On FC6? I haven't verified it there, but (on FC5) the module will log an error every time it's used. I guess removing modules that will not work is a good idea anyway, to keep down the overhead. My bad. I have a FC6 system at home ( not a Linux-Vserver ) but I'm working on a FC5 system at work. And I'm going to stop replying and start a new message thread for my next post. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] FC5 Linux-Vserver ( gotcha ).
I found another slight gotcha in the install process. I think the following is the fix. After: A. Installing the vserver utilities system from rpm Need to run the command: service vprocunhide start Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: I'm migrating a FC5 system to a Linux-Vserver and found while following the directions that the latest non-vserver kernel is newer than one in your repository. Yeah. I was hoping FC5 would get a 2.6.19 kernel based RSN, but it seems that's not happening (at least not right now), so I'll probably release a new one soon. FC6 should get a 2.6.19 update within a week or so, so that will not be upgraded just yet. My suggestion is to change the instructions to exclude the kernel(s) and yum and add the dhozac.repo before doing a yum -y update after the initial install. I always thought that seemed like the right thing to do, but I was a bit too lazy to update the howto (and now it's frozen until it's migrated ;-)). And I'm a little too hesitant to mess with others work. I'll keep notes as I go ( this is a running system I'm migrating so I can't just do it during the day ) and pass them along. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Guenther Fuchs wrote: Hi there, on Wednesday, January 3, 2007 at 1:03:25 PM there was posted: jmp NB: jmp Did you plan to make a quickstart for vserver fedora core 6 in jmp the near future ? jmp The formers were great and usefull ... as the formers where written by me I take this as my task ;-) This week I've had planned to write a new howto as I want to upgrade two of my machines - unfortunately I mixed this with trying to get a SATAII hardware raid (Promise TX4310) to run which I couldn't, as it only got linux drivers for RHEL4 (kernel 2.6.9) and I didn't want to go back on such a late kernel. So I will setup this later on the week with a software raid as previous, so look forward to receive the new howto soon. I keep loosing track of who does/has done what. Another point to to clarify is if there is still the issue with the pam modules. Section 5, third bullet. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Daniel Hokka Zakrisson wrote: jean-marc pouchoulon wrote: snip / The instructions from FC5 should basically apply, but I suppose migrating the howto to the new wiki and updating it to cover FC6 would be a good idea. I'm migrating a FC5 system to a Linux-Vserver and found while following the directions that the latest non-vserver kernel is newer than one in your repository. My suggestion is to change the instructions to exclude the kernel(s) and yum and add the dhozac.repo before doing a yum -y update after the initial install. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Socket Access ... I think
I'm trying to install and use, in a vserver guest, a perl module ( IO::All ) and it keeps failing a test and when I skip the tests and just do an install it still doesn't work. Looking at the tests I see lots of socket stuff. Short ( easy ) question is has anyone installed IO::All in a Vserver guest? Longer ( lamer ) question is for suggestions as to what the minimum to maximum capabilities I should try are? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Socket Access ... I think
Herbert Poetzl wrote: On Fri, Dec 15, 2006 at 03:00:15PM -0800, Roderick A. Anderson wrote: I'm trying to install and use, in a vserver guest, a perl module (IO::All ) and it keeps failing a test and when I skip the tests and just do an install it still doesn't work. Looking at the tests I see lots of socket stuff. Short ( easy ) question is has anyone installed IO::All in a Vserver guest? Longer ( lamer ) question is for suggestions as to what the minimum to maximum capabilities I should try are? hmm, I think it would shed some light on this to provide a little more information about the failing tests ... Me too! I'll have to take the time to look the test over. I was mostly hoping someone had already dealt with this module. And since I'm fighting a time line and dodging time-wasters, I decided it would take too long to sort out so I found another module that will work for now. Thanks for the response anyway. Rod -- best, Herbert Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Vserver host and CORAID
I can't talk the sysadmin into letting me take one of our CORAID boxes home for testing :-) so I'll ask here. Anyone using a CORAID (http://www.coraid.com) device with Linux-Vservers? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network local to vserver host and guests?
Christian Affolter wrote: Hi! I build and use vservers where the guests need to cooperate with each other. That is, a system with with guests running Postfix, PostgreSQL, or Apache ( multiple guests as they are mod_perl driven ) and they all need to communicate with each other. So I want to build a Virtual LAN ( different from my take on a VLAN ) with virtual NICs. Basically the traffic never hits the physical LAN/WAN. That make sense? IS it possible? If so what what should I be looking for in my research? Yes it is possible, with the dummy net interface. You'll have to enable the dummy net driver support (CONFIG_DUMMY=y) in your kernel. Thanks Chris. Is there a way test for this? I could ask Daniel if it got set in the Fedora Core 5 RPMs he built but that would be _really_ lazy. :-) Rod -- regards, Chris ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver + squid + squidguard
Alejandro Cabrera Obed wrote: Hi people, sorry to bother you but I have an squidguard error I don't know, possible vserver configurationn ??? I tell you what I have: * vserver with localhost mapping to a non-routable IP * Squid + Squidguard * In squid.conf: I replaced all the 127.0.0.1 and 127.0.0.0/8 addresses by the corresponding non-routable IP/Network from my vserver Squid is running OK at port 3128, people navigate through it. But when I put the redirect_program /usr/bin/squidGuard tag into squid.conf in order to use squidguard filters, I restart squid and it doesn't start at all (my squidGuard.conf file is very simple for testing). And from the squidguard.log file I get this errors (mayby because of vserver ???): 2006-10-27 10:28:26 [18773] init domainlist /var/lib/squidguard/db/porn/domains 2006-10-27 10:28:31 [18771] sgDbLoadTextFile: put: Cannot allocate memory From this message I'd suggest you look a the file /var/lib/squidguard/db/porn/domains to make sure it isn't broken. Rod -- I really appreciate your support. Greetings, Alejandro ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] having a routing problem from guests
Taking this a step further I'm trying to do something similar and getting _strange_ results. Using totally fake IPs here is what I'm trying to set up. ( As typing this I see Chuck just posted to the thread with similar information. ) Host system with three NICs: eth0, eth1, eth2. Fedora Core 5 and all guests are FC5 using Daniel's excellent RPMs and was just updated this AM. eth0 is connected to a switch/router for one up-stream provider and has a block of 16 addresses designated for it: 123.45.67.192/28. eth1 is connected to different switch/router for a different upstream provider with a block of 16 addresses designated for it: 98.76.54.192/28. eth2 is connected to a switch which is the private in-house network for connection to the backup server, fileserver, and other non-public resources and can use any address in the 192.168.254.0/24 network. IT currently isn't configured or activated. I'll cross that bridge later. I've configured four guests so far. Three use the eth0 connection and one uses the eth1. I have created two files in /etc/sysconfig/network-scripts: route-eth0 route-eth1 They are using what I think is the current ( Redhat approved ) format. GATEWAY0=123.45.67.1 NETMASK0=255.255.255.240 ADDRESS0=123.45.67.192 and GATEWAY1=98.76.54.1 NETMASK1=255.255.255.240 ADDRESS1=98.76.54.192 I have assigned the IPs 123.45.67.193 and 98.76.54.193 to the two NICs for the host to use. ( Enforcement of the classless subnet isn't being enforced as the company the server is at has the full C Class for both IP ranges -- they're an ISP. ) ifcfg-eth0 contains: DEVICE=eth0 BOOTPROTO=static BROADCAST=66.193.36.255 HWADDR=00:00:00:00:00:00 # faked up IPADDR=123.45.67.193 NETMASK=255.255.255.0 NETWORK=123.45.67.0 ONBOOT=yes and ifcfg-eth1 contains: DEVICE=eth1 BOOTPROTO=static HWADDR=01:01:01:01:01:01 # faked up BROADCAST=98.76.54.255 IPADDR=98.76.54.193 NETMASK=255.255.255.240 NETWORK=98.76.54.192 ONBOOT=yes Lastly iptables is pretty open. The problem is that though I can ping from a different network to both of the host's to IPs and I can ping out from the three guests that use eth0 and I can ping the eth1 guest from a eth0 guest I can't ping from the eth1 guest to the outside world. The cursor just sits there blinking at me. #$%^* computers. :-) All the guests were created using the same set of commands with only the contexts, IPs, interface etc. different. So I'm hoping it is just something really stupid or overlooked on my part. Hope this is hijacking hte thread too much. Rod -- Herbert Poetzl wrote: On Thu, Sep 28, 2006 at 07:35:09PM -0400, Chuck wrote: my 32 net guests cannot contact outside 39 net machines on our same network. they can contact other 39 net guests on the same host. conversely, the external 39 net machine cannot contact any 32 net ip on the vserver host or any guest.. I assume you mean something like 10.32.0.x/24 and 10.39.0.y/24 here (well, at least it sounds like that is what you mean) the problem i had was when within a 32net guest if i ping a 39 net external host, it goes out our 39 net card to the external host gets answered and routed back into our host on 32net since the source ip header in the packet is 32 net and the system ignores it. yes, by default, the host is allowed to choose any network address which is assigned to an interface, the reverse path filter basically blocks packets which could not have originated from that interface, because it does not hold that ip setting below to 0 cures that. so, what you basically did, is to allow the packets to leave the interfaces with an ip from a different interface/routing too (which is harmless, but probably not what you actually wanted) am i doing something extremely stupid by disabling this or is it secure enough not to worry? we are protected by tons of acls in various routers plus a very strict iptables on the host. the better approach would be to set up two routing tables, (given that there are two nics/routes on the host), and use source based routing to figure the proper interface but if that 'works for you' then it is no big deal, as I said, it's usually off by default ... HTH, Herbert i found below in sysctl.conf was set to 1. if i set it to 0 as shown everything works properly.. # Enables source route verification. 0 disables net.ipv4.conf.default.rp_filter = 0 -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list
Re: [Vserver] having a routing problem from guests
Chuck wrote: On Friday 29 September 2006 11:53, Chuck wrote: [snip] Lastly iptables is pretty open. The problem is that though I can ping from a different network to both of the host's to IPs and I can ping out from the three guests that use eth0 and I can ping the eth1 guest from a eth0 guest I can't ping from the eth1 guest to the outside world. The cursor just sits there blinking at me. #$%^* computers. :-) i had exactly the same symptoms when i first started this .. it only worked after switching to iproute2 and setting up tables and rules.. suddenly everything started working with the exception of my current problem of a /23 network not talking to a specific /24 network off the host... it is working now although i consider it a bandaid until i am assured this is how it is supposed to work internally. for redhat-style systems i do not know if iproute2 package replaces the init scripts and how the syntax works for setting routes and rules... it may have to be a separate script created with the proper ip route or ip rule commands.. Yes, recent Redhat-ian systems use iproute2 and the sysv script (ifup-route) _seems_ to beat the route-eth? files into submission. I'm beginning to think I've done something odd to this guest or am completely confused as to the values I'm using. I'm going to try another later today of this evening. Thanks Chuck. Rod -- All the guests were created using the same set of commands with only the contexts, IPs, interface etc. different. So I'm hoping it is just something really stupid or overlooked on my part. Hope this is hijacking hte thread too much. Rod -- Herbert Poetzl wrote: On Thu, Sep 28, 2006 at 07:35:09PM -0400, Chuck wrote: my 32 net guests cannot contact outside 39 net machines on our same network. they can contact other 39 net guests on the same host. conversely, the external 39 net machine cannot contact any 32 net ip on the vserver host or any guest.. I assume you mean something like 10.32.0.x/24 and 10.39.0.y/24 here (well, at least it sounds like that is what you mean) the problem i had was when within a 32net guest if i ping a 39 net external host, it goes out our 39 net card to the external host gets answered and routed back into our host on 32net since the source ip header in the packet is 32 net and the system ignores it. yes, by default, the host is allowed to choose any network address which is assigned to an interface, the reverse path filter basically blocks packets which could not have originated from that interface, because it does not hold that ip setting below to 0 cures that. so, what you basically did, is to allow the packets to leave the interfaces with an ip from a different interface/routing too (which is harmless, but probably not what you actually wanted) am i doing something extremely stupid by disabling this or is it secure enough not to worry? we are protected by tons of acls in various routers plus a very strict iptables on the host. the better approach would be to set up two routing tables, (given that there are two nics/routes on the host), and use source based routing to figure the proper interface but if that 'works for you' then it is no big deal, as I said, it's usually off by default ... HTH, Herbert i found below in sysctl.conf was set to 1. if i set it to 0 as shown everything works properly.. # Enables source route verification. 0 disables net.ipv4.conf.default.rp_filter = 0 -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Chuck ...and the hordes of M$*ft users descended upon me in their anger, and asked 'Why do you not get the viruses or the BlueScreensOfDeath or insecure system troubles and slowness or pay through the nose for an OS as *we* do?!!', and I answered...'I use Linux'. The Book of John, chapter 1, page 1, and end of book ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 Install note.
Daniel Hokka Zakrisson wrote: Guenther Fuchs wrote: Hi there, on Friday, September 8, 2006 at 8:37:04 PM there was posted: RAA If you are using Daniel's repository for a system that you built awhile RAA ago you should edit your /etc/yum/repos.d/fedora-updates.repo file and RAA add yum to the exclude line. RAA You don't want Fedora messing up Daniel's fix to yum so vyum doesn't RAA complain all the time. :-) I certainly don't - but I've not yet had any problem with that. I'm using Danel's yum-2.6.1-0.fc5.chroot3 on my FC5 building host which never was trying to get updated by a Fedora package, so I can't really see what happend at your side. As far as I can see there is no newer version available. Daniel - what do you think, should yum be added to the exclude line same as kernel or do you ensure by using epoch numbers or such that the Fedora packages can't get precene over your's? No, I'm not using any ugly hacks like that ;) Yeah, I think it belongs on the exclude line. Who did the Fedora Core 5 Install on the wiki? Well someone did add it ( yum ) to the exclude line. I was looking at the 'new' wiki and ended up back on the old so looked to see what might have changed and noticed that. The View History on the old wiki sucks a bit. All the dates show last December. I know my change wasn't then. ( rod.homebydesign.com ). Since the dates are mostly bogus we get to blame powerfox :-) for the recent most recent editing and additions. Good job Guenther! Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 Install note.
John Francis Lee wrote: Yes, it's just documentation... but I'd never know about Danlle and Bertl's good coding if I hadn't had your help getting it up and running so easily. Thank you Guenther. Thank you Daniel. Thank you Bertl. Thank you Herbert. Reference my previous post: I forgot to mention Herbert. With all the nome-de-plume's floating around I'm keep getting confused as to whom is whom. :-) Rod -- On ศ., 2006-09-08 at 23:50 +0200, Guenther Fuchs wrote: Hi there, on Friday, September 8, 2006 at 10:39:01 PM there was posted: RAA Who did the Fedora Core 5 Install on the wiki? Mmmm - looks like me ;-) RAA Well someone did add it ( yum ) to the exclude line. Oh yes - also looks like me. Didn't remeber that. Seems I'm getting older ;-) RAA Good job Guenther! Thanks. But it's just documentation. Main cred's are to go to Daniel and Bertl for doing the codings. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] clean-up hash directory
Corey Wright wrote:
i was curious if vhashify cleaned up after itself (delete orphaned
instances of files in hash directory), and it appears it doesn't. these
commands should do the job. well, technically this just lists files with a
hardlink count of 1 and prints the total size in bytes of all listed files
on the last line (so you know how much space you are saving).
find /etc/vservers/.defaults/vdirbase/.hash/ -type f -printf %n %s %p\n |
grep '^1[[:space:]]' | awk '{ sum += $2; print $3 } END { print sum }'
to delete those listed files, add to the end:
| while read FILE; do rm -f ${FILE}; done
does anybody see any problem with my logic?
Corey,
Did you hear anything on this? I ran the query on a 12+ guest system (
all FC5 ) and it ran for well over a couple of minutes before I got
tired of watching the output. This leads me to think I've got lots of
orphans. I'd like to get rid of them ( Save the inodes! ) but want to
understand what I'm doing first. Rather not fubar a live system.
I'm not sure I fully understand how vhashify works. Where are the
actual files located. Are the entries in
/etc/vservers/.defaults/vdirbase/.hash/
links to the actual files and then each guest links to these -- links?
Rod
--
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] listing of --bind mounts
It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. When you do what? I see the bind mounts just fine in /etc/mtab, as well as /proc/mounts. From the host mount doesn't show them but a vserver $GUEST exec mount does. It appears to be a context thingy. Anyway to run a command for all the 'active' contexts? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] listing of --bind mounts
Stephan Mueller wrote: * Roderick A. Anderson [EMAIL PROTECTED] [24.08.2006]: It appears I'm clueless on this but I have RFTM or at least the man page for the mount command but still don't see a method. How do I get a listing of all the --bind (from /etc/vservers/$GUEST/fstab ) mounts from the host? All I'm seeing is the regular mounts; partitions, nfs, etc. if I got your point you should try df -a on the host. This gives you a list of all mount points, including soft mounts. Darn I was hoping it was this easy but no luck. I think it has to do with the 'soft mounts(?)' are in the context of the $GUEST. Thanks, Rod -- Cheers, Steph. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] failed on vyum gast -- install yum :-(
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: jehan procaccia wrote: snip / I had also change fedora repositories to point to our local mirrors so I wasn't sure which of these 2 actions resolved my problem, now I'am pretty sure that starting the guest was the good one Could you provide the steps/actions you used to point to your local repository? snip / TIA, Rod I just put a yum.repos.d with my own .repo files in /etc/vservers/.distributions/dist. I think ( after a little looking ) you meant: /usr/lib/util-vserver/distributions/dis I think I'm starting to get the hang of this. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] failed on vyum gast -- install yum :-(
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: jehan procaccia wrote: snip / I had also change fedora repositories to point to our local mirrors so I wasn't sure which of these 2 actions resolved my problem, now I'am pretty sure that starting the guest was the good one Could you provide the steps/actions you used to point to your local repository? snip / TIA, Rod I just put a yum.repos.d with my own .repo files in /etc/vservers/.distributions/dist. I think ( after a little looking ) you meant: /usr/lib/util-vserver/distributions/dis I think I'm starting to get the hang of this. Rod No, that's the installation supplied copy. The one in /etc/vservers is the one you should put your own files in, as they won't be overwritten by updates. Interesting. There is no fc5 there and in the other fc's there is only an apt directory with a sources.list file in each. Date of all the dirs there is June 1 of this year ( probably when I first installed util-vserver. ) I'm lost again! Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] failed on vyum gast -- install yum :-(
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: jehan procaccia wrote: snip / I had also change fedora repositories to point to our local mirrors so I wasn't sure which of these 2 actions resolved my problem, now I'am pretty sure that starting the guest was the good one Could you provide the steps/actions you used to point to your local repository? snip / TIA, Rod I just put a yum.repos.d with my own .repo files in /etc/vservers/.distributions/dist. I think ( after a little looking ) you meant: /usr/lib/util-vserver/distributions/dis I think I'm starting to get the hang of this. Rod No, that's the installation supplied copy. The one in /etc/vservers is the one you should put your own files in, as they won't be overwritten by updates. Interesting. There is no fc5 there and in the other fc's there is only an apt directory with a sources.list file in each. You'll have to create it, along with the yum.repos.d directory. When it exists, it will override the one found in /usr. Darn I found it on the flower page. I must have forgotten seeing it. Thanks. Date of all the dirs there is June 1 of this year ( probably when I first installed util-vserver. ) I'm lost again! Rod ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver-copy failing
Henrik Woffinden wrote: Hi, Can anyone tell me how to make vserver-copy work? It looks like it does everything, but the network interface name isn't created. Creating every vserver via build and downloading packages online is not an option since they all need to be 100% identical (obviosly apart from IP + hostname). I also need to make maybe 50-75 servers with 16 guests each, so I can't have different versions everywhere. I two am running into the issue of creating a copies of guests. Not anywhere near your scale but I want it faster than a build each time. I still haven't sorted out all the processes. Though I looked at vserver-copy I think I found two different scripts that went about it in totally different ways. What I have tried, but had problems with, is to: * build $FIRSTGUEST and get it all up-to-date and in place. * build $NEWGUEST one using the skeleton method. * remove all the files from the /vserver/$NEWGUEST * copy all the files from $FIRSTGUEST into $NEWGUEST. Issues I haven't confirmed/resolved are: * if I need to copy all the files/information from /vservers/.pkg/$FIRSTGUEST into /vservers/.pkg/$NEWGUEST. Just an issue of getting some time. * How to create the mark file and hash ( vhasify ) directory. I believe the skeleton method does the rest of the creation/building just fine. What would be really great is a clone method that allowed you to specify which guest to use as the donor. HTH ( or at least gets you heading in a good direction ), Rod -- -- info - Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.17-1.2157_FC5.vs2.0.2.0.rc26.1smp #1 SMP Sat Jul 15 17:05:38 EDT 2006 i686 Ea 0.30.210 273/glibc (DSa) compat,v11,fscompat,v13,net,oldproc,olduts VCI: 0002:0001 273 03010036 (TbLgnPD) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] UN - vhashify - ing
Corey Wright wrote:
On Wed, 12 Jul 2006 14:53:51 -0700
Roderick A. Anderson [EMAIL PROTECTED] wrote:
Is there a neat trick to un-hashify a guest?
find / -type f \
| while read FILE; do
cp -av ${FILE} ${FILE}.remove-hashification
rm ${FILE}
mv ${FILE}.remove-hashification ${FILE}
done
that's just an example, but should convey the idea well enough.
I figured based on some posts from a _long_ time ago it would be copy
operation but this is very neat.
Will this work from both inside and outside the guest? It a filesystem
thing being exploited ( utilized probably sounds better ) by Linux-Vserver?
It would probably help me understand better what vhashify
is doing ... without going through the code.
http://archives.linux-vserver.org/200605/0098.html
I remember reading this post. Probably stored it some place and have
now forgotten where.
http://archives.linux-vserver.org/200605/0228.html
I seem to remember this one also.
Thanks,
Rod
--
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] UN - vhashify - ing
Is there a neat trick to un-hashify a guest? Nothing I can find on the site or using google. Well actually I found one of my previous messages asking about this. Not really sure why I'd want to do this but the-powers-that-be might request it. It would probably help me understand better what vhashify is doing ... without going through the code. TIA Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] One more problem: vserver ethernet alias
Kathy Kost wrote: I posted this before but not sure it actually went to the list, being my first post. I am having troubles with a vserver (named www) in that when I add a 6th IP alias to it, it will not create the interface when the entire system is rebooted. And until I remove that 6th definition and reboot again, the Apache2 server inside of vserver www will not start up, because the network did not initialize correctly. I have not had any troubles with adding these definitions until this time. What do the other 5 look like? Same except for IP? If I manually do an ifconfig and add the interface by hand in the root server, then restart the www vserver and it's Apache2 server, then it's happy. I'm at a loss as to why on reboot, this 6th definition has a problem. Is there anything in the www guest's /var/log/httpd/error ( or access ) log that seems odd. I have it defined in /etc/vserver/www/interfaces/6 and have the files dev, ip, and name. The IP I'm using is unique and not conflicting with any of the other device aliases and the name I'm using for that interface is 8 characters long (and shorter than some of the other ones). How about in /etc/sysconfig/network-scripts . Is there by any chance a stray ifcfg-eth? or ifcfg-eth?:? with that IP in it. If anyone has any ideas, it would be much appreciated. Since I'm not up to needing to add multiple IP per guest I'm shooting in the dark here. Why multiple IPs per Apache guest? One 'webmaster' for several domains? Seems six ( unified ) guests wouldn't use all that much more disk space nor add much overhead verses one Apache instance running multiple VirtualHosts. YMMV Thanks again for the help -- Kathy Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Cannot install yum on vserver guest on FC5
Henrik Woffinden wrote: Hello. I'm new to Vserver, and I've gone stuck during install of my first guest. I'm using : - Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.17-1.2139_FC5.vs2.0.2.0.rc24.1smp #1 SMP Sat Jun 24 00:00:11 EDT 2006 i686 Ea 0.30.210 273/glibc (DSa) compat,v11,fscompat,v13,net,oldproc,olduts VCI: 0002:0001 273 03010036 (TbLgnPD) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. - Output of uname -a: - Linux hostname.changed.com 2.6.17-1.2139_FC5.vs2.0.2.0.rc24.1smp #1 SMP Sat Jun 24 00:00:11 EDT 2006 i686 i686 i386 GNU/Linux - Installation following http://linux-vserver.org/VServer+installation+Fedora+Core+5 worked fine until section 5. When I run: vyum guest name -- install yum Then I get this: - You are using a version of yum which is insecure and broken in chroot related operations; either apply the patches shipped in the 'contrib/' directory of util-vserver, or ask the author of yum to apply them (preferred). In the meantime, 'vyum' will continue with dirty hacks which might not work when the vserver is running and local DOS attacks are possible. Execution will continue in 5 seconds... A well known irritation. I've been looking/checking to see if this is still true especially with FC5. In the mean time I've hacked the script and given it my own text and taken the 5 second timeout out. Cannot find a valid baseurl for repo: core Error: Cannot find a valid baseurl for repo: core I've seen a lot of these the last few days. Started for me Sunday when I was trying to build some guests on a newly build host. After much searching through the code I couldn't find the actual cause but suspect it is a problem with the FC5 repository mirror list ( and possibly some of the repositories are having issues also). This is not an isolated case for me. I've had this problem on two different systems, on two different networks, from two different ISPs, at two different locations , in two different states. Is that too much? :-) Usually after several; up-arrow and enters; it finally works. Good luck. I won't have a chance to research/debug it again until this week-end. All my vserver guests at work are built and doing fine. Rod -- - I hope that someone can help me further on. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vyum verbosity?
Is there a way to turn up the verbosity when using vyum? Looking in /usr/sbin/vyum and /usr/lib/util-vserver/vyum-worker I don't see anything to turn the verbosity level up. Specifically I'll looking for a method keep a ssh connection from timing out when it takes a __looonnng__ time to pull info and the RPMs from the repositories. An alternative would be to use a local repository. Not sure how to do this. Since vyum doesn't like the version of yum I'm having a tough time figuring out where it is getting yum-hack.conf from. Any suggestions? TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /proc/virtnet error
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: While doing some clean up I was looking for remnants of a guest. When I ran: # find / -name '*vs666*' I got the following error message right away. WARNING: Hard link count is wrong for /proc/virtnet: this may be a bug in your filesystem driver. Since this directory has the context of guests as subdirs I was wondering if I might have caused this while _playing_ around -- creating, copying, deleting guests, etc. No, not at all. It seems we 'We' as in Linux-Vserver or 'we' as in the person building the guests or 'we' as in the Linux/File system folks? just don't keep track of how many directories are inside /proc/virtual or /proc/virtnet, so the count never changes. How would I ( can I ) go about correcting this -- besides rebooting the host or using other drastic measures? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /proc/virtnet error
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: While doing some clean up I was looking for remnants of a guest. When I ran: # find / -name '*vs666*' I got the following error message right away. WARNING: Hard link count is wrong for /proc/virtnet: this may be a bug in your filesystem driver. Since this directory has the context of guests as subdirs I was wondering if I might have caused this while _playing_ around -- creating, copying, deleting guests, etc. No, not at all. It seems we 'We' as in Linux-Vserver or 'we' as in the person building the guests or 'we' as in the Linux/File system folks? We as in Linux-VServer. just don't keep track of how many directories are inside /proc/virtual or /proc/virtnet, so the count never changes. How would I ( can I ) go about correcting this -- besides rebooting the host or using other drastic measures? Well, you'd first have to implement it in the kernel ;) Ok, so for the guy that thinks of 'C' as the third letter in the alphabet, it will be a reboot to fix this instance. Does it bother anyone else? Has anyone else ran into it? Could it mask other more dangerous problems? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /proc/virtnet error
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: How would I ( can I ) go about correcting this -- besides rebooting the host or using other drastic measures? Well, you'd first have to implement it in the kernel ;) Ok, so for the guy that thinks of 'C' as the third letter in the alphabet, it will be a reboot to fix this instance. I think you misunderstood me, there's no way to fix it, other than implementing the needed kernel support. As soon as you have a guest running, the count will be incorrect again. Nope I understood but I was thinking my creating/deleting was causing the counts to get out of alignment and that reboot of the host would get them back into harmony -- until my next round of creating and deleting. Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] /proc/virtnet error
While doing some clean up I was looking for remnants of a guest. When I ran: # find / -name '*vs666*' I got the following error message right away. WARNING: Hard link count is wrong for /proc/virtnet: this may be a bug in your filesystem driver. Since this directory has the context of guests as subdirs I was wondering if I might have caused this while _playing_ around -- creating, copying, deleting guests, etc. The host system is build from Daniel's excellent FC5 RPMs and instructions with the guests built using the vyum method. Filesystem is ext3 built on software raid ( with no other errors -- even at the console ). Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Stopping a 'noname' guest
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: While playing about I forgot to stop a vserver before deleting it. Homw I have this 'no-name' guest running and can't remember how to stop it other than rebooting the server ( which has worked on other/old vserver kernels ). vkill --xid xid -- -1 ought to do it, but if not, you could always vkill the processes in the context one by one. What a week-end. I tried several things and then I sent the message off and went to do 'other-stuff'. Came back, saw your message, logged in and the guest was gone! Not sure why or how that happened. Anyway thanks for the clue. After reading this I remembered the 'vkill' command from a similar problem many months ago. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Stopping a 'noname' guest
While playing about I forgot to stop a vserver before deleting it. Homw I have this 'no-name' guest running and can't remember how to stop it other than rebooting the server ( which has worked on other/old vserver kernels ). It is frustrating. I'm tryigng to create these from a remote location and my ssh connection keeps getting dropped and I can't figure out where. Seems as long as there is traffic the link stays up but if vserver xxx build -m yum ... is slow the @#$%^ ssh link thinks there is no traffic and drops the connection. Grr. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vlogin error
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: After making several copies/clones of a vserver I am getting the following message when I try to install yum ( for internal pkgmgmt ) using vyum. # vyum demo -- install yum vlogin: execvp(): No such file or directory You should probably internalize package management prior to cloning the guest. Once again thanks Daniel. Further fiddling makes me think for our purposes that internalizing package management isn't a good idea at this time. The guest I'm using to make copies from ( test ) was created using the steps described in my previous messages. The copy was created by: 1. vserver demo build -m skeleton -context 666 --hostname=yadayada.example.com --interface demo=eth0:192.168.13.13/24 2. cp -a /vservers/test/* /vservers/demo There were several entrys in the /dev directory that I left alone during the copy. I'm thinking there is something missing in the second step above. Pointers/suggestions? If you want to use external package management, even if it's just to internalize it, you'll have to copy /vservers/.pkg/test to /vservers/.pkg/demo, and quite possibly create a symlink (/etc/vservers/name/apps/pkgmgmt/base, according to my cursory investigation). I'll look at this. I was thinking I was missing somethink like this. I just couldn't track it down. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Cloning/Copying ... again!
Marcus Mülbüsch wrote: I'm trying to make copies of a Vserver guest. These will all be on the same system. ... Is this a good route or are there other methods that will be fast/safer/whatever? I was hoping that util-vserver would provide that by now, but as far as I know, it still doesn't ... Isn't that what vserver [...] clone effectively does? (vserver-copy does'nt do it, even if it promises to do so.) Or am I missing something here? Well I'm missing quite a bit of documentation. I've tried the man page ( is the old one for Jacques' vserver-utils ) and a vserver --help has no mention of a clone option/method. Of course there is the source which I will be looking as time permits. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Wiki down?
Is there an issue with vserver.strahlungsfrei.de. I keep getting timeouts and can't get the wiki to show up. While waiting on this; does anyone have some documentation handy on using vhashify and how it works? I've got my first 5 vserver guests created and want(/need?) to do this as most of them will be very similar. TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Wiki down?
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Is there an issue with vserver.strahlungsfrei.de. I keep getting timeouts and can't get the wiki to show up. While waiting on this; does anyone have some documentation handy on using vhashify and how it works? I've got my first 5 vserver guests created and want(/need?) to do this as most of them will be very similar. http://linux-vserver.org/alpha+util-vserver has a section on it. Thanks Daniel. I'm looking at it right now and trying a vhashify on one of my _less_ strategic guests. Ie. it can be replaced. :-) I thought I had all the pieces in place but got these three errors: error: cannot open Packages index using db3 - No such file or directory (2) error: cannot open Packages database in /var/lib/rpm Duplicate hash-dir entry '0' found The first might be the RPM move from Berkley db version 3 to version 4 and so version 3 doesn't get installed. A quick check with rpm shows only db4. Bug in vhashify or in some RPM libraries is is using? The second is strange ( unless it is related to the first. ) There are RPM databases in /var/lib/rpm . The last I can figure out as somehow both a '0' and '00' got created in the '/etc/vservers/.defaults/apps/vunify/hash/' directory. I did the 0 and the 00 got ( by date stamp ) created last week when I was building a 'new' guest. So the error is probably coming from the vhashify binary having trouble by treating the '0' and '00' as numeric instead of as alphanumeric. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Cloning/Copying ... again!
Herbert Poetzl wrote: On Mon, Jun 26, 2006 at 01:37:26PM +0200, Marcus Mülbüsch wrote: I'm trying to make copies of a Vserver guest. These will all be on the same system. ... Is this a good route or are there other methods that will be fast/safer/whatever? I was hoping that util-vserver would provide that by now, but as far as I know, it still doesn't ... Isn't that what vserver [...] clone effectively does? yes, is it already part of 0.30.210? guess I have to revisit the tools and see what of daniels stuff did get in and what not ... (vserver-copy does'nt do it, even if it promises to do so.) that is supposed to 'copy' the host system into a guest (basically creating a copy of the host) As I discovered with more reading. I've got the -m skeleton and copy -a going great. Playing with vhashify right now to see how it affects the operation. Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [x86] 2.6.17-1.2139_FC5.vs2.0.2.0.rc24.1works fine
Guenther Fuchs wrote: Hi there, 4tr - newest FC5 rpm kernel (Daniels 2.6.17) works fine here: Whew! I just started a yum update at noon then went back to my day job. I would have just trusted Daniel's excellent work and rebooted the system ( remote about 35 miles away ). Now I can _just_ trust Daniel's work :-) Thanks, Rod -- --- snip --- # ./testme.sh -Lv Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. chcontext 0.30.210 -- allocates/enters a security context This program is part of util-vserver 0.30.210 Copyright (C) 2004 Enrico Scholz This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. Linux 2.6.17-1.2139_FC5.vs2.0.2.0.rc24.1 #1 Fri Jun 23 23:23:28 EDT 2006 i686 Ea 0.30.210 273/glibc (DSa) compat,v11,fscompat,v13,net,oldproc,olduts VCI: 0002:0001 273 03010036 (TbLgnPD) ([EMAIL PROTECTED]) (gcc version 4.1.1 20060525 (Red Hat 4.1.1-1)) #1 Fri Jun 23 23:23:28 EDT 2006 --- [000]# chcontext true chcontext --xid 45678 true [000]# succeeded. [001]# chcontext --xid 45678 egrep 'context|VxID' /proc/self/status [001]# succeeded. [011]# chcontext --secure --xid 45678 mknod /tmp/testme.sh.T17001/node c 0 0 [011]# succeeded. [031]# chcontext --hostname zaphod.16998 uname -a | grep -q zaphod.16998 [031]# succeeded. [101]# chbind --ip 192.168.0.42 true [101]# succeeded. [102]# chbind --ip 192.168.0.1/255.255.255.0 --ip 10.0.0.1/24 true [102]# succeeded. [201]# chcontext --xid 45678 --flag fakeinit bash -c 'test $$ -eq 1' [201]# succeeded. [202]# chcontext --flag fakeinit bash -c 'test $$ -eq 1' [202]# succeeded. --- [L01]# chcontext --xid 45601 bash -c 'true ' [L01]# succeeded. [D01]# chcontext bash -c 'true ' [D01]# succeeded. [L02]# chcontext --xid 45602 bash -c 'true | true' [L02]# succeeded. [D02]# chcontext bash -c 'true | true' [D02]# succeeded. [L03]# chcontext --xid 45603 bash -c 'true true' [L03]# succeeded. [D03]# chcontext bash -c 'true true' [D03]# succeeded. [L11]# chcontext --xid 45611 bash -c 'true /dev/null' /dev/zero [L11]# succeeded. [D11]# chcontext bash -c 'true /dev/null' /dev/zero [D11]# succeeded. [L12]# chcontext --xid 45612 bash -c 'true /dev/zero' /dev/null [L12]# succeeded. [D12]# chcontext bash -c 'true /dev/zero' /dev/null [D12]# succeeded. [L21]# chcontext --xid 45621 bash -c 'bash -c true ' [L21]# succeeded. [D21]# chcontext bash -c 'bash -c true ' [D21]# succeeded. [L22]# chcontext --xid 45622 bash -c 'bash -c false | true ' [L22]# succeeded. [D22]# chcontext bash -c 'bash -c false | true ' [D22]# succeeded. [L31]# chcontext --xid 45631 bash -c 'echo `ls`' [L31]# succeeded. [D31]# chcontext bash -c 'echo `ls`' [D31]# succeeded. --- snap --- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Cloning/Copying ... again!
I'm trying to make copies of a Vserver guest. These will all be on the same system. So far I have: Started with a FC5 Linux-Vserver install ( per http://linux-vserver.org/VServer+installation+Fedora+Core+5. ) The system was already running a stock FC5 install with some updates. I followed that with: [EMAIL PROTECTED] ~]# vserver $REF build -m yum \ --context $LO \ --hostname=$REF.$DOMAIN \ --interface site0=eth0:192.168.112.$LO/25 \ --initstyle sysv \ -- -d fc5 Then a few packages to make the system usable plus a few to make it a onetime vyum run for individual packages. [EMAIL PROTECTED] ~]# vyum $REF -- -y install \ rootfiles passwd ntsysv system-config-date vixie-cron \ crontabs vim-minimal openssh* which less \ make gzip tar wget gpg unzip bzip2 \ elinks perl-DBD-Pg Since most of the guests will be running web sites/applications. [EMAIL PROTECTED] ~]# vyum $REF -- -y groupinstall Web Server And we're always having to add in packages ( mostly from CPAN ) that require a compile. [EMAIL PROTECTED] ~]# vyum $REF -- -y groupinstall Development Tools Now a little house keeping. [EMAIL PROTECTED] ~]# echo -e \ nameserver 192.168.112.7\nnameserver 192.168.112.11\n \ /vservers/$REF/etc/resolv.conf vserver $REF start vserver $REF exec pwconv vserver $REF exec pwck vserver $REF exec passwd root ---===+++***+++===--- Now I'm ready to make several clones of this system that will then be enhanced. After much reading, searching, cursing, and drinking I'm still lost as to what is the best route to do this. I think it is: vserver $NEW build -m skelton \ --context $NEWLO \ --hostname=$NEW.$DOMAIN \ --interface site1=eth0:192.168.112.$NEWLO/25 \ Followed by some other stuff to wipe the /var/vservers/$NEW/* stuff and copy the /var/vservers/$REF to /var/vservers/$NEW. Since we're retro-fitting this running/working/testing system to be a Linux-Vserver I hesitate to try commands that might bring it to a screaming halt. Is this a good route or are there other methods that will be fast/safer/whatever? This is also the beginning of my quest to get the knowledge to build a more user-friendly front-end. TIA for any help or suggestions, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Friendly user interface to the vserver command(s)
Herbert Poetzl wrote: On Wed, Jun 14, 2006 at 12:48:55PM -0400, Patrice Levesque wrote: I am trying to build a more user-friendly interface to the util-vserver commands. Similar to the linuxconf interface Jacques created for the vserver-utils. You may find recent Jacques' tools (they work with current linux-vserver kernel patches) in ftp://ftp.solucorp.qc.ca/pub/vserver/ No need to fight with util-vserver. well, not unless you want recent features like the various limits and capabilities or the scheduler settings ... Thanks Herbert. I was going to mention the same. Patrice, I've used Jacques' linuxconf and vserver for years and I actually still have several running ctx kernels but I now want ( and probably will need ) several of the new features. Therefore the request. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Friendly user interface to the vserver command(s)
I am trying to build a more user-friendly interface to the util-vserver commands. Similar to the linuxconf interface Jacques created for the vserver-utils. There was a semi-thread on this several months ago with a suggestion for using 'make menuconfig' and this would be find but I, personally, am not into learning another language at this time. So what I'm looking for is the processes for common vserver stuff. 1. Create a guest with all the common options, 2. create a reference guest -- all the various ways with their pro and cons, 3. create a guest from another ( reference ) guest -- same as 2 above, and 4. (un)vunify/(un)vhashify a guest. for starters. If any other POU's ( plain old user ) on the list have additional wishes or desires please let me know. Some documentation of what is actually happening for each of these processes would be great. There has been a lot of discussion on the list and there is a _load_ of info on the wiki and web site but most of it comes down to knowing a lot more about vservers and the kernel than the POU does or wants to. Later I'd like to add administrative functions: - Networking stuff, - firewall configuration, - private networking, - etc. I am prepared to offer a bounty of US$25 each for 2, 3, and 4 above. ( I'd like to offer more but I'm doing this on my own. I host several non-profit/not-for-profit web sites -- for free -- on my server and I need to make it easier for me to admin them. Plus I will be making the results available to the vserver community. ) Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] 502 error for http://rpm.hozac.com
I'm getting a 502 from apache ( The proxy server received an invalid response from an upstream server. ) when I try to access via yum firefox from my desktop and links from a different network. http://www.hozac.com is fine; other than those of us with barely one language find it challenging. :-) It's a first time error for me so I'm not sure what to make of it, what to do, who to notify. Suggestions? TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Multiple NICs, multiple networks: Revisited
Roderick A. Anderson wrote: I have looked at http://linux-vserver.org/Recipes; -- configuring routing for a server with two network interfaces and it makes sense but since I use sysv ( Redhat/Fedora/CentOS ) systems I'm not sure how to accomplish the same thing. That is at boot or network restart time without user intervention. Any R/F/C users that are doing multiple networks and routing on the list that can share their knowledge? I have found the answer but still have to test it. Once I do I'll add to the Recipes page. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Multiple NICs, multiple networks: Revisited
I have looked at http://linux-vserver.org/Recipes; -- configuring routing for a server with two network interfaces and it makes sense but since I use sysv ( Redhat/Fedora/CentOS ) systems I'm not sure how to accomplish the same thing. That is at boot or network restart time without user intervention. Any R/F/C users that are doing multiple networks and routing on the list that can share their knowledge? TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Hashification process ( not working? )
Roderick A. Anderson wrote: Despite following the instructions found at As a follow up I think I found the problem. Somehow I ended up with a circular link list. /var/vservers/.hash/.hash = /var/vservers/.hash Anyway it was getting ugly so I decided to remove the two guests and probably due to my inexperience couldn't delete the the files in /var/vservers. Tried every trick I could think of; chattr -R -i, chmod -R u+rwx, etc. Finally remembering that I'd had file system problems many years ago I rebooted into a normal kernel and was able to rm -rf /var/vservers/*. Booted back into the vs kernle and all is progressing. I'll leave vhashify alone for a bit. Rod -- http://linux-vserver.org/alpha+util-vserver for vhashify I am getting error messages. Two vserver guests; test and site; ( with a few different packages and some modified files ) I have: mkdir -p /etc/vservers/.defaults/apps/vunify/hash mkdir -p /var/vservers/.hash ln -s /var/vservers/.hash /etc/vservers/.defaults/apps/vunify/hash/0 mkdir -p /etc/vservers/site/apps/vunify mkdir -p /etc/vservers/test/apps/vunify vserver site hashify and then get this message. error: db4 error(13) from dbenv-open: Permission denied error: cannot open Packages index using db3 - Permission denied (13) error: cannot open Packages database in /var/vservers/site/.rpmdb What did I miss? ( This setup is based on the FC5 install instructions and I've added several packages using vyum. ) Any other references on the web site or wiki to using vhashify that I missed? Rod ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Networking: inside and out
I've ( thanks to everyone ) got a working Linux-Vserver and one guest. The current issues are I can't get httpd or sshd to start in the guest. This system is being migrated to L-V so has sshd and apache ( two VirtualHosts ) running currently. I have modified sshd_config, httpd.conf, and ssl.conf to listen only on the IPs and ports the host is using and modified the guest's files to listen on its IPs and ports. The guest was build using this variation on the FC5 page. vserver test build -m yum --context 34 --hostname=test.example.com --interface test1=eth0:nn.nnn.nnn.34/25 -- -d fc5 Yes it is a half a Class-C network. ( All incriminating values have been changed to protect the guilty -- me. ) The error I'm getting is: Starting httpd: (99)Cannot assign requested address: make_sock: could not bind to address nn.nnn.nnn.34:80 no listening sockets available, shutting down Unable to open logs I've fiddled a couple of settings trying to get it to work plus looked at every page on the web site, wiki, and old message I thought might help but, no joy. Most of the networking stuff I've found seems to deal with getting around limited IPs. This is not my issue. I have an IP for each and every guest I'll be setting up. FWIW, I have three _very_ old vservers ( circa CTX kernels ) running anywhere from 6 to 10 guests so I'm pretty sure I just missed something that has changed in the new configuration. Any pointers? TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Networking: inside and out
Grzegorz Nosek wrote: snip / Open file limits? Missing CAP_NET_BIND or some other capabilities? Maybe a strace will be useful (should show you what is the exact error). Does ip addr show (or ifconfig -a) on the guest show the proper IP address? Possibility on the file limits. I'll research. CAP_NET_BIND? Dang! I didn't think this was a special capability. ( Probably need some scripts that do common things -- like set up a guest for httpd, database, etc. ) I'll run the strace ( didn't think of that ) later but now I have a new(?) issue. After trying nodev in interfaces I wasn't getting the binding to eth0. I just checked again and Found the problem!!! A conflict ( I still have to find why ) with port 443 on the host and guest. Man I hate retro-fitting. As soon as I get one checked out the host becomes the 'host' only. Thanks, once again, to all for suggestions. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Errors on stopping vserver
Fareha Shafique wrote: Hi, When I stop the vserver I get the following: Stopping sshd: [FAILED] Shutting down kernel logger: [FAILED] Shutting down system logger: [ OK ] Starting killall: Stopping sshd:[FAILED] [FAILED] I'm not sure why I this happens. Any help would be appreciated. I'm trying to catch up on several months worth of messages (from the latest to earlier ) and can't remember if I saw an answer to this. FWIW I just ran into the same issue and it has to do with sshd failing start to in your guest server. Typically becuase the IP address is already in use somewhere else. ( The host server? ). Check the settings in sshd_config for the host and all the guest servers. Make sure the ListenAddress is set to/for the correct IP address/server combination. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Hashification process ( not working? )
Despite following the instructions found at http://linux-vserver.org/alpha+util-vserver for vhashify I am getting error messages. Two vserver guests; test and site; ( with a few different packages and some modified files ) I have: mkdir -p /etc/vservers/.defaults/apps/vunify/hash mkdir -p /var/vservers/.hash ln -s /var/vservers/.hash /etc/vservers/.defaults/apps/vunify/hash/0 mkdir -p /etc/vservers/site/apps/vunify mkdir -p /etc/vservers/test/apps/vunify vserver site hashify and then get this message. error: db4 error(13) from dbenv-open: Permission denied error: cannot open Packages index using db3 - Permission denied (13) error: cannot open Packages database in /var/vservers/site/.rpmdb What did I miss? ( This setup is based on the FC5 install instructions and I've added several packages using vyum. ) Any other references on the web site or wiki to using vhashify that I missed? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Errors on stopping vserver
Fareha Shafique wrote:
Roderick A. Anderson wrote:
Fareha Shafique wrote:
Hi,
When I stop the vserver I get the following:
Stopping sshd: [FAILED]
Shutting down kernel logger: [FAILED]
Shutting down system logger: [ OK ]
Starting killall: Stopping sshd:[FAILED]
[FAILED]
I'm not sure why I this happens. Any help would be appreciated.
I'm trying to catch up on several months worth of messages (from the
latest to earlier ) and can't remember if I saw an answer to this.
FWIW I just ran into the same issue and it has to do with sshd failing
start to in your guest server. Typically becuase the IP address is
already in use somewhere else. ( The host server? ). Check the
settings in sshd_config for the host and all the guest servers. Make
sure the ListenAddress is set to/for the correct IP address/server
combination.
Thanks for the reply. I have ssh working fine now. The kernel logger
however always fails to start and hence fails to stop
Sorry I forgot about that. Typically this comes from Redhat-ian
systems. Syslogd and klogd are started and stopped from 'inside' the
same script.
/etc/rc.d/init.d/syslog
Edit the file and comment out any lines that mention klogd.
In the Fedora Core 5 install I'm looking at there are these lines.
18: [ -f /sbin/klogd ] || exit 0
25: KLOGD_OPTIONS=-2
40: echo -n $Starting kernel logger:
41: daemon klogd $KLOGD_OPTIONS
42: echo
47: echo -n $Shutting down kernel logger:
48: killproc klogd
49: echo
59: status klogd
79: RETVAL=1
80: echo -n Reloading klogd...
81: klog=`cat /var/run/klogd.pid 2/dev/null`
82: if [ -n ${klog} ] [ -e /proc/${klog} ]; then
83: kill -USR2 $klog;
84: RETVAL=$?
85: fi
86: if [ $RETVAL -ne 0 ]; then
87: fail
88: else
89: success
90: fi
In the immortal words of Herbert;
HTH,
Rod
--
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] 'new' vyum(?) issue
I am getting the following when trying to use yum to install packages. # vyum test -- install yum Can not find file for 'RPMSTATEDIR'; aborting I am up to Step #5 of the Fedora Core 5 Linux-Vserver install with a side trip to the FC4 page to get the patched yum information/link -- yum-2.4.1-1.chroot.fc4.noarch.rpm file. This is the results of testme.sh # ./testme.sh Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.16-1.2111_FC5.vs2.0.2.0.rc19.1smp #1 SMP Fri May 5 23:34:27 EDT 2006 i686 Ea 0.30.210 273/glibc (DSa) compat,v11,fscompat,v13,net,oldproc,olduts VCI: 0002:0001 273 03010036 (TbLgnPD) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. The vserver guest 'test' does start and can be entered. I have used yum/rpm installs for all things. Any suggestions as to where to look to get the correct value(s) for RPMSTATEDIR and where to set it? TIA, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 'new' vyum(?) issue
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: snip / Well, everything is working fine here, with kernel-2.6.16-1.2123_FC5.vs2.0.2.0.rc21.1, util-vserver-0.30.210-14.fc5 and yum-2.6.1-0.fc5. Did you try without the patched yum? Maybe I was being too clever and installed before trying. Been a few days ago and I've been 'into' another project so I can't remember why I did. I seem to remember there being a _good_ reason ;-) I'm going back to the old version now. It is looking difficult to do. No force/go-back option with yum. BTW, thanks for the excellant RPMs. They have made things much easier ( until my cleverness got the better of me. ) Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 'new' vyum(?) issue
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: I am getting the following when trying to use yum to install packages. # vyum test -- install yum Can not find file for 'RPMSTATEDIR'; aborting snip / Well, everything is working fine here, with kernel-2.6.16-1.2123_FC5.vs2.0.2.0.rc21.1, util-vserver-0.30.210-14.fc5 and yum-2.6.1-0.fc5. Did you try without the patched yum? I think my first reply slipped off the list and went directly to Daniel. Currently I have replaced the patched yum with the latest 'standard' yum for FC5. I am still get the same error message. Looking in /usr/lib/util-vserver I find RPMSTATEDIR in two files; functions and pkgmgmt. Trying to chase them backwards I think the problem may be that I created /vservers as a link to /var/vservers because we decided recently to convert the system into a Linux-Vserver. ( Apache, mod_perl, Catalyst issues. ) Since '/var' is on a different partition than '/' I had to softlink it. Could this be the problem? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 'new' vyum(?) issue
Guenther Fuchs wrote: Hi there, on Tuesday, May 23, 2006 at 6:42:03 PM there was posted: RAA I am up to Step #5 of the Fedora Core 5 Linux-Vserver install with a RAA side trip to the FC4 page to get the patched yum information/link -- RAA yum-2.4.1-1.chroot.fc4.noarch.rpm file. Don't use FC4 yum with FC5 - FC5 is working fine out of the box as described, thank's to Daniel's RPMs. As I'm discovering. I'm back tracing my setup and going at it again! Thanks, Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 'new' vyum(?) issue
Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: Daniel Hokka Zakrisson wrote: Roderick A. Anderson wrote: I am getting the following when trying to use yum to install packages. # vyum test -- install yum Can not find file for 'RPMSTATEDIR'; aborting snip / snip id=2 / It shouldn't be. How did you create the guest? Are you using internal package management, without telling the utils? Probably too much cleverness on my part. I used rpm to remove the previous util-vserver install and then re-installed it. All ( so far ) seems to be working correctly. I do get the message from vyum: ---===+++***+++===--- You are using a version of yum which is insecure and broken in chroot related operations; either apply the patches shipped in the 'contrib/' directory of util-vserver, or ask the author of yum to apply them (preferred). In the meantime, 'vyum' will continue with dirty hacks which might not work when the vserver is running and local DOS attacks are possible. Execution will continue in 5 seconds... ---===+++***+++===--- but then goes on and installs. I'm currently stuffing in a few of the suggested rpms (Step #5) then I'll give it a new whirl. Thanks for all the help and suggestions. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 'new' vyum(?) issue
Roderick A. Anderson wrote: snip / I'm currently stuffing in a few of the suggested rpms (Step #5) then I'll give it a new whirl. Stuffed with what I think will do the job this vserver is for. Web server! Others on the horizon. Has anyone created lists of RPMs ( yup I'm one of those ) for vservers of differing purposes? Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS 4(.2) utils RPM/YUM repository [scanned]
Veit Wahlich wrote: Am Mittwoch, den 15.02.2006, 19:41 -0800 schrieb Roderick A. Anderson: This is what I get back. /usr/sbin/vserver: line 155: /usr/lib/util-vserver/vserver-build: No such file or directory /usr/sbin/vserver: line 155: exec: /usr/lib/util-vserver/vserver-build: cannot execute: No such file or directory And guess what? Yup vserver-build. yum install util-vserver-build and it will work. Sorry, but I did not invent this overdriven package separation, dont know who to blame... ;) A duh on my part again. I should have looked in the repository and noticed this. Well now that I review there was this during the yum install Running Transaction Installing: util-vserver-lib # [1/6] Updating : yum # [2/6] Installing: util-vserver-sysv# [3/6] Installing: util-vserver # [4/6] /var/tmp/rpm-tmp.71895: line 7: /usr/sbin/setattr: No such file or directory Installing: util-vserver-core# [5/6] Cleanup : yum # [6/6] Suggestions? Did I skip some steps? I don't remember setting the proc security setting when I build the kernel. I continue awaiting enlightenment! ( aka. clue-stick :-) Okay, that is a dependency problem... util-vserver-core needs to be a Prereq: /usr/sbin/setattr or Prereq: util-vserver-core header... Will change that later today. For security reasons, please run setattr --barrier /vservers by hand! Will do. Again thanks ( especially for your patience ) and for making the CentOS RPMS. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] CentOS 4(.2) utils RPM/YUM repository
I've spent several hours ( fighting? ) to get the Vserver utils installed and working on a CentOS 4.2 clean install. Getting the kernel built was easy. (Only took four tries with three being typos on my part. ) Util_vserver is a whole different issue. After a couple of snafus on my part I succeded in getting it to compile, check, and install but not work when I tried to build an initial guest. Somewhere along the line there appears to be a bit of cruft from a previous failed install. The vserver script keeps coming back that it can't find vshelper in /usr/local/bin/ ( or was it /usr/local/sbin/ -- several days ago that I last tried ). Where does vshelper get created? During hte kernel build or is it part of util_vserver? A 'make uninstall' doesn't seem to get all the stuff so I've been trying to eliminate is by guessing what all of the files are. So my request for a RPM or repository. In the mean time I'll try to beat it into submission! Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS 4(.2) utils RPM/YUM repository [scanned]
Veit Wahlich wrote: Hi Roderick, Am Mittwoch, den 15.02.2006, 14:06 -0800 schrieb Roderick A. Anderson: So my request for a RPM or repository. I am running repositories for CentOS4 based VServer hosts and FC4/CentOS4 based guests: http://naturidentisch.de/packages/ Using the http://naturidentisch.de/packages/centos4/cru-centos4.repo file, making a CentOS4 host VServer-capable is as easy as installing a VServer-patched kernel and running yum install util-vserver yum. I must be blind in both eyes. Now that you mention this I seem to remember seeing it ( or something similar ) float across the list a while ago but I didn't see it when looking this week-end. Hold the presses -- just looked and I did find this site. The EXPERIMENTAL part kept me from jumping in. Also I like my little sister. This also reminded me there was a thread on your packages. I'll go looking for it and see what steps I need to get this going. Thank you _VERY_ much. Rod -- Regards, // Veit ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS 4(.2) utils RPM/YUM repository [scanned]
Veit Wahlich wrote: Hi Roderick, Am Mittwoch, den 15.02.2006, 14:06 -0800 schrieb Roderick A. Anderson: So my request for a RPM or repository. I am running repositories for CentOS4 based VServer hosts and FC4/CentOS4 based guests: http://naturidentisch.de/packages/ Using the http://naturidentisch.de/packages/centos4/cru-centos4.repo file, making a CentOS4 host VServer-capable is as easy as installing a VServer-patched kernel and running yum install util-vserver yum. Closer but no prize yet. After installing as above I ran this command. vserver min-centos42 build -m yum --hostname testing.tsmg.us --interface domain=eth0:192.168.0.136/24 --initstyle sysv --context 500 --force -- -d centos42 I followed the CentOS HowTo Section C modify where necessary -- therefore the centos42 instead of centos4. This is what I get back. /usr/sbin/vserver: line 155: /usr/lib/util-vserver/vserver-build: No such file or directory /usr/sbin/vserver: line 155: exec: /usr/lib/util-vserver/vserver-build: cannot execute: No such file or directory And guess what? Yup vserver-build. Well now that I review there was this during the yum install Running Transaction Installing: util-vserver-lib # [1/6] Updating : yum # [2/6] Installing: util-vserver-sysv# [3/6] Installing: util-vserver # [4/6] /var/tmp/rpm-tmp.71895: line 7: /usr/sbin/setattr: No such file or directory Installing: util-vserver-core# [5/6] Cleanup : yum # [6/6] Suggestions? Did I skip some steps? I don't remember setting the proc security setting when I build the kernel. I continue awaiting enlightenment! ( aka. clue-stick :-) Rod -- Regards, // Veit ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS 4(.2) utils RPM/YUM repository [scanned]
Veit Wahlich wrote: Am Mittwoch, den 15.02.2006, 15:52 -0800 schrieb Roderick A. Anderson: Hold the presses -- just looked and I did find this site. The EXPERIMENTAL part kept me from jumping in. Also I like my little sister. Heh, well, this was initially an apt-only repository, yum support was added later. Unfortunately, yum and apt dissent on interpreting dependencies, i.e. apt would not upgrade a package that is obsoleted by another until this is requested, while yum would replace the obsoleted one automatically. This is why yum is still marked experimental - I just discovered such a problem today with my previous bash-syslog packages. Also, Angela Merkel became German chancellor some months ago, thus we have another clue for the riskiness... ;) Thanks. This gave me a chuckle. Obviously we in the U.S. don't keep up on non-US politics enough or I would have know how old the posting was. Of course no where else seems to have a Bush so there is no entertainment value in watching others politics. Rod -- ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vs2.0 and Fedora Core 3
I've returned after a week-end and a two day trip to wilds but was
disappointed that my problems with vs2 had not magically fixed themselves.
I've followed the instructions for FC3 --
http://linux-vserver.org/FedoraCore3_HowTo -- only deviating where
versions are different and with the addition of getting a known good
.config ( from the OpenVPS site ) to build the vserver kernel.
When I get to building a new guest I keep getting the error about not
finding glibc ( this using the '-m apt-rpm' switch ).
After reading _much_ more I've found the vserver-build.yum script and am
attempting to build a guest as I type. This just completed but I got lots
of warnings about an insecure yum. With a solution of applying some
patches and rebuilding or pestering the author to do it.
Now when I try vserver-stat I get a warning about procfs-security.
Using the link and following through I get the impression this should not
be happening with with the 2.6 kernel and vs2.0.
Sorted that out with vprocunhide but now getting an error about
/etc/rc.d/rc and level 3 ...
The fix -- to append true to the end of the file didn't work.
So my question is has anyone got a Fedora Core ( 3 ) vserver and guests
running? Fedora Core only because I don't currenyly have the time to
install some other distribution. Besides great as xxx distribution is
there are a lot of Fedora/REL/CentOS installs out there.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vs2.0 and Fedora Core 3
On Wed, 17 Aug 2005, Herbert Poetzl wrote:
On Tue, Aug 16, 2005 at 02:16:37PM -0700, Roderick A. Anderson wrote:
I've returned after a week-end and a two day trip to wilds but was
disappointed that my problems with vs2 had not magically fixed themselves.
lol ...
Yes there was no magic there. Well at least for me. It's, as you can
see, me at the keyboard trying new incantations.
The fix -- to append true to the end of the file didn't work.
sounds very hmm ... interesting?
I guess it would be very beneficial (if you are not already
doing so) to report all the obstacles you are hitting one
by one, either to the mailing list or, even better, as bug
reports to savannah (for util-vserver) so that those issues
can be sorted out in future versions ...
I'll start this process as soon as I get a new power-supply in my system
at home. At least there I can have a Czechvar at hand. :-) I'm hoping
to stop at the computer store this evening and pick it up. Then I'll do a
CentOS 4 install and upgrade to vs2.0. Of course you know once I'm doing
it 'clean' I will have no problems. :-(
With all the new stuff being added and changed the HOWTOs for older
distributions are getting a little rusty and tarnished. I've waited
almost a year for the computer I'm going to install it on and vs2. A few
more days won't hurt -- too bad.
Thanks,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vs2.0 and Fedora Core 3
On Wed, 17 Aug 2005, Enrico Scholz wrote:
[EMAIL PROTECTED] (Roderick A. Anderson) writes:
I've followed the instructions for FC3 --
http://linux-vserver.org/FedoraCore3_HowTo --
Version number of util-vserver (0.30.205) is a little bit low in this
HowTo; there should be native support for fc3 in recent versions (see
point 8).
Yes, I am using 0.30.208.
only deviating where versions are different and with the addition of
getting a known good .config ( from the OpenVPS site ) to build the
vserver kernel.
When I get to building a new guest I keep getting the error about not
finding glibc ( this using the '-m apt-rpm' switch ).
This is probably caused by an outdated sources.list in
/etc/vservers/.distributions/fc3/apt/sources.list so that the apt
repository can not be found. It is possible also that the repository is
incomplete or inconsistent.
Maintaining all these metainformation about the distributions (apt + yum
repositories) becomes hard and I am not sure what I will do regarding
them. Perhaps, they will be outsourced into a separate package which can
be updated more often.
I'm going to try a CentOS 4 install as soon ( as I menting in another
message ) I get a new power supply for one of my systems at home. Looking
at the sources.list for apt I tried a couple of pings and they failed.
The CentOS 4 HOWTO looks , at first glance , to make this a non-problem
since I understand yum better than apt.
The idea to break them out into a separate package would be good.
Building the vserver will succeed but it will not be possible to use an
unmodified 'vyum' with a running vserver. Unfortunately, 'yum' does not
provide enough options to workaround this without patches :(
I'll look for the patch instructions and give it a try.
'vprocunhide' (or executing vc_set_iattr(2) manully) *is* required. The
reference rpm (which is mentioned in the howto above also) should register
this script so it gets executed at the next boot automatically.
Missed the reboot solution. ( Feels too Windowsy :-)
Sorted that out with vprocunhide but now getting an error about
/etc/rc.d/rc and level 3 ...
The fix -- to append true to the end of the file didn't work.
The exact message (above the general hints) would be interesting.
Just for fun here it is!
# vserver test start
save_ctxinfo:
symlink(/usr/local/etc/vservers/test,/usr/local/etc/vservers/.defaults/run.rev/49153):
No such file or directory
An error occured while executing the vserver startup sequence; when
there are no other messages, it is very likely that the init-script
(/etc/rc.d/rc 3) failed.
Common causes are:
* /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build
method knows how to deal with this, but on existing installations,
appending 'true' to this file will help.
Failed to start vserver 'test'
BTW, I was suspecting the RPM build was bogus so I did a .configure ; make
; make check ; make install and I'm still get the errors.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] tagxid redux?
Well my questions ( which I'm shooting all over as I find a new place to
ask :-) are:
What is tagxid?
Are there any problems with using this on a single partition ( well there
is also a swap partition but no /vservers) hardware RAID cause any
problems?
There was a thread last November/December on tagxid but it dealt with why
it was used/needed.
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] tagxid redux?
On Fri, 12 Aug 2005, Roderick A. Anderson wrote:
I have an answer.
Well my questions ( which I'm shooting all over as I find a new place to
ask :-) are:
What is tagxid?
Are there any problems with using this on a single partition ( well there
is also a swap partition but no /vservers) hardware RAID cause any
problems?
There was a thread last November/December on tagxid but it dealt with why
it was used/needed.
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Error -- E: Couldn't find package glibc
I'm still playing and have backed out the OpenVPS rpms to see what it
takes to run vservers with vs2.0 and the util-vserver commands
While trying to build a new guest I'm having problems.
# vserver ref build -m apt-rpm --hostname=ref.tsmg.us --interface
eth1:192.168.25.69/24 -- -d fc3
Renamed '/vservers/ref' to '/vservers/ref.~1123881581~'
Renamed '/usr/local/etc/vservers/ref' to
'/usr/local/etc/vservers/ref.~1123881581~'
Renamed '/vservers/.pkg/ref' to '/vservers/.pkg/ref.~1123881581~'
Reading Package Lists... Done
Building Dependency Tree... Done
Reading Package Lists... Done
Building Dependency Tree... Done
E: Couldn't find package glibc
rm -rf /vservers/ref /usr/local/etc/vservers/ref /vservers/.pkg/ref
I've checked, updated, and re-updates to include glibc. Is there another
package that goes by a similar name that I'm missing? Here is what I've
got.
# rpm -qa | grep glibc
glibc-common-2.3.5-0.fc3.1
glibc-headers-2.3.5-0.fc3.1
glibc-2.3.5-0.fc3.1
glibc-devel-2.3.5-0.fc3.1
glibc-kernheaders-2.4-9.1.87
And one lst thing. How in the do I get util-vserver to use /etc/vservers
instead lf /usr/local/etc/vservers? I tried by modifying the spec file
but that appears to no be working. Is there a switch I can use with
rpmbuild?
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error -- E: Couldn't find package glibc
On Sat, 13 Aug 2005, Herbert Poetzl wrote:
it is missing on the repository/in the rpm list
to get the guest installed from not on your host
system ...
I was thinking this but it seemd strange that such an important package
would be missing. When I looked in the sources.list in
/etc/vservers/.distributions/fc3/apt/ I see what looks like all the sites
as being commented out. In fact they look _really_ broken in comparison
to /etc/apt/sources.list.d/mirror-select.list file.
Is there a fairly easy method to build a guest using yum ( or straight rpm
) since I know they are working?
where, and how did you get the rpms for your tests?
Built from the sources -- util-vserver-0.30.208.tar.bz2
As I was driving home this evening I realized I might have had some
artifacts from a previous install ( months ago -- that has sat around as I
waited the vs2 release and some time to work on the server ) that were
polluting the set up. I read in one of the threads that Enrico had made
this change already. More research to do.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vs2.0 and the tools
I have built and installed a new kernel and nd getting ready to build the
tools but have one question I've not seen asked or seen mentioned before.
It is probably falls somewhere below stupid on the question scale.
Do I have to have the new kernel running to build the tools? I can't
reboot right now ( it's nearly 4:00am and I'm 35 miles from the NOC where
the box is :-). That is, is there anything in the tools that requires the
vServer to be running for them to build correctly? The system is
currently running 2.6.10-vs1.9.4 installed from OpenVPS rpms but using the
legacy tools/configuration. I'm trying to get as much done while my
portion of the world sleeps.
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vs2.0 and the tools
On Thu, 11 Aug 2005, Herbert Poetzl wrote:
I probably wasn't clear on this.
given you do not disable legacy support, you can still use
the legacy tools for your shiny new vs2.0 kernel ...
There is a vServer 2.6.10-vs1.94 kernel running but nothing important
guest-wise in on the system.
if you compile and install the 0.30.208 (+fix) tools, they
should also work fine with your existing kernel, so ...
Will they then work with the new vs2.0 kernel, ie. the build doesn't look
at running kernel and make decisions about what/hoe to build the utils.
whatever you do, it is supposed to just work :)
Famous last words. Yes I am hoping this is so.
Follow up question.
I went ahead and started building the utils as RPMs and ran into a couple
of dependency issues. This is probably more an Enrico question.
Why tetex-latex? Is it Redhat ( RPM ) build-documentation requirement?
Why xalan-j ( Java? ) Is this also a Redhat-ism?
I like RPMs but I'd prefer a really clean Vserver host. ( I'll try a
straight tarball build next. )
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vs2.0 and the tools
On Thu, 11 Aug 2005, Herbert Poetzl wrote:
hmm, you obviously didn't use the (mandrake) rpms from
my page ... because they disable most of those ...
It would be a first :-( for me ) to have a Mandrake RPM work on a
non-Mandrake system. But I'm game. I'll give them a try.
I read the README file a little closer and discovered --without xalan so
the RPMs are building as I type. A ./configure, make, make installed
worked also.
Best,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] My adventures with vs2.0 ... :-)
Well it seems I've found the same problem others have but no solution. It
seems to be something about Fedora Core 3, SMP, and later kernels from
pristine sources ( or in the case vs2.0 patched ). There were a couple of
mentions of SCSI RAID devices also.
This is a quad Xenon system with a Mylex Corporation DAC960PG host RAID
controller.
I followed the the instructions from
http://linux-vserver.org/Step-by-Step+Guide+2.6 with the exception I did a
make modules_install followed by a make install.
The first error that comes back is:
Unable to find device-mapper major/minor
Reading all physical volumes. This may take a while.
...
Kernel panic - not syncing: Attempting to kill init
I did not make any changes during make menuconfig -- accepting the
defaults. Any ideas as to what I missed?
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] util-vserver docs
I ( think ) I went all over the site and wiki but never seemed to come
across the documentation for util-vserver package.
I could swear I found some last time I looked at it but no luck this time.
Do I have to download and install it?
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Upgrade main server from 2.4 to 2.6 kernel
On Wed, 11 May 2005, Herbert Poetzl wrote:
they are supposed to work out of the box ...
Sounds good to me. Thanks.
(if not, please let us know ;)
I probably will.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Arch] i686
On Mon, 9 May 2005, Paul S. Gumerman wrote:
snip /
Where do I find the test? I'll run it for x86_64 for you. I'm
currently at 2.6.11.7-vs2.0-pre3. I'll run it and then upgrade and run
again.
snip /
Linux-VServer Test [V0.12] (C) 2003-2005 H.Poetzl
chcontext is working.
chbind is working.
Linux 2.6.11.8-vs2.0-pre4 i686/0.30.207/0.30.207 [Ea]
VCI: 0001:0025 273 03110064
For the slow ones in the crowd ( ie. me ) is there a vs1.9.5 patch for
2.6.11.8 or do you think the vs2.0 is close to stable? I try to follow
the list but just can't keep up and sometimes kill the messages in the
thread when I think I've got the gist.
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Arch] i686
On Mon, 9 May 2005, Herbert Poetzl wrote:
For the slow ones in the crowd ( ie. me ) is there a vs1.9.5 patch for
2.6.11.8 or do you think the vs2.0 is close to stable?
well, the vs2.0 _is_ stable per definition ...
Yeah but whoms definition? :-) I'm game. I'll give it a shot this week
or week-end. Classes endthis week and I'm not giving a final as such so
I'll have more time to play.
I try to follow the list but just can't keep up and sometimes
kill the messages in the thread when I think I've got the gist.
hehe, yeah hevay mailing list traffic, about five
messages per week ;)
Well I usually only get to read the list two or three times a week.
Since last friday I had at least 10 - 15 messages though most were in one
thread. Yes it is pretty low volume but for the kernel challenged it is
heavy reading.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Vservers and Rootkits
I have a vserver that has all the indicators that is is a victim of a root
kit ( SucKIT ). In my readings so far I see that SucKIT is is loaded
through /dev/kmem ( ie. it doesn't need a kernel sith support for loadable
kernel modules -- http://la-samhna.de/library/rootkits/list.html ).
This is a very old Vserver kernel ( embarrassing but true -- 2.4.21ctx-17
).
Several other vservers , like this one , were built unified to a
reference cserver so whenever I find a replaced/changed file in the
'compromised' vserver ; fcheck ( run in the main server ) reports all the
unified vservers' files as changed.
For awhile I didn't have fcheck checking all the places it should have so
I've played hell trying to erradicate the rootkit. So my question is is
possible for an exploit using /dev/kmem in a vserver to stick something
in the kernel like a this?
Each time after I find and remove or replace the files and/or directories
I reboot the vserver ( not the main ). I'm still seeing the return of the
'[EMAIL PROTECTED]*' buggers. So either I haven't got all the compromised
accounts
plugged or there is someway the hole is remaining open.
I'm trying to remove this rather than just build a new vserver and move to
it. A Good exercise I feel.
Any thoughts or ideas on this?
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
Will code for ale, porter, or single-malt
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOs distribution
On Wed, 6 Apr 2005, Daniel S. Reichenbach wrote:
IMHO for business projects you need systems where you can say they
will run for two or three years without flaws. This is what RHEL
offers with support and CentOS without support.
And if you want semi-support there is whitebox linux
http://whiteboxlinux.org/. A friend has it running on his home server
then went out a bought a REL book and found almost no differences.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Strange new error
Suddenly I'm getting this error when I tryed to enter a vserver. After
stopping it ( with lots of killall messages ) I can't start it now.
Here are the specifics:
Linux version 2.4.26-vs1.28 ([EMAIL PROTECTED]) (gcc version 3.3.2
20031022 (Red Hat Linux 3.3.2-1)) #1 Mon Aug 9 10:27:57 PDT 2004
util-vserver-0.30-0
util-vserver-linuxconf-0.30-0
$ vserver acco start
Starting the virtual server acco
Server acco is not running
ipv4root is now xxx.xxx.xxx.xxx
Host name is now www.example.com
New security context is 138
/usr/sbin/vserver: line 795: 20676 Segmentation fault $NICECMD
$CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST $CHCONTEXT_CMD $SILENT
$DISCONNECT $CAPS $FLAGS $CTXOPT $HOSTOPT $DOMAINOPT --secure
$SAVE_S_CONTEXT_CMD /var/run/vservers/$1.ctx $CAPCHROOT_CMD $CHROOTOPT .
$STARTCMD
The IP has been masked and the domainames faked since this will end up on
far too many search engines.
Does the ring a bell for anyone?
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Never mind -- [Vserver] Strange new error
On Tue, 29 Mar 2005, Roderick A. Anderson wrote:
Sorry for the wasted bandwidth. I have no clue as to what cause the error
but after creating a new vserver , copying relevant files , renaming
vserver directories and files ; all is well.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] (no subject)
On Wed, 23 Mar 2005, Herbert Poetzl wrote:
no, typically util-vserver will suit your needs quite well
of course if you like the older (about one year) tools
better (for whatever reason), then feel free to use them,
they should work in legacy mode quite well ...
I'll add that Jacques is semi-actively working on the Vserver-utils
packages. Since I support two other techs doing support on about 15
Linux-based boxes with half those running Linux-Vserver and these other
techs have grown very comfortable with the Linuxconf interface for their
tasks. So I like to stay with Jacques work since it has the same look and
feel for them ( and me ) as Linuxconf.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] PostgreSQL 8 in Vserver
On Tue, 8 Mar 2005, Bjoern Steinbrink wrote:
chcon is a tool to change the security context of a file, which is part
of the SELinux stuff, about which I know absolutely nothing ;)
So it's not linux-vserver related (i believe).
It appears to be an issue with creating a Vserver from a distribution
CDROM. I'll do some more checking. I've semi-resolved this issue but it
might have spawned another that has me going around in circles.
The short question is : has anyone got PostgreSQL 8.0.1 running in a
2.6.10-vs1.9.4 vserver?
The results I'm getting while trying to start postgresql are inconsistent
so I need some more tests to see if there is a discernible pattern.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] PostgreSQL 8 in Vserver
I'll start here since the word 'context' came up when tried researching
it.
I have a Dual PII/250 with 512/MB Ram, Adaptec 29160 SCSI host adapter,
IDE CDROM, dual NICs ( eth0 = LAN, eth1 = WAN ), Fedora Core 3 -- Linux
version 2.6.10-vs1.9.4 ( RPM built by OpenVPS ).
I created my reference vserver from a Fedora Core 3 minimal plus some
added packages and a little editing of some configuration files in the
reference vserver. The new vserver and the reference vserver were created
using a 'fixed' newvserver from Jacques' utilities. The PostgreSQL
vserver was created without unification.
I installed PostreSQL 8.0.1 from the PGDG RPMs. This required mx as I put
it all in. When I started PostgreSQL the first time ( after sorting out a
missing /etc/sysconfig/network file ) I got an error about /usr/bin/chcon
and permission denied.
The line out of /etc/rc.d/init.d/posrgresql ( with variables expanded ) is
[ -x /usr/bin/chcon ] /usr/bin/chcon -t postgresql_log_t \
/var/lib/pgsql/pgstartup.log
Since the man page mentions changing the context I though this list was
a good first place to ask. I'll be hitting the PostgreSQL ADMIN list
next. The error message has not appeared again so I can't replicated it.
Would this be a PostgreSQL issue or some setting I need to change in
the reference vserver or vserver itself before starting PostgreSQL? I
probably will only create a few Vservers for running PostgreSQL but
inquiring minds want to know.
Thanks for any input,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Netfilter automation tools.
I'm starting to hit the memory wall with the number and difference in type
of netfilter (iptable) rules for the many different Vserver setup I have.
While looking to add some logging rules and searching on da'web I came
across an article comparing NetFilter automation tools. The one that
caught my eye was ferm ( for easy rule making ) but the last update
appears to be late 2003. So either it is really good or been kind-of
abandoned.
What are the production Vserver folks using to make netfilter easier?
Cheers,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] RHEL3 - Rpm lockup when installing new vserver ?
On Wed, 2 Mar 2005, Herbert Poetzl wrote:
pardon my ignorance, but what is cfengine?
Besides Daniel Reichenbach's reply I'll add this is what is used for the
new vserver utilities to hold configuration information instead of the
VSERVER.conf and VSERVER.sh files in /etc/vservers.
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Utility Programs in Vservers
Thanks Herbert. Your insights are always useful and fun.
Rod
On Wed, 16 Feb 2005, Herbert Poetzl wrote:
On Tue, Feb 15, 2005 at 09:15:32AM -0800, Roderick A. Anderson wrote:
Well that's a pretty sorry excuse for a Subject but the only thing I could
think of. :-)
Short story. A client got their Vserver broken into and though it appears
I got them cleaned out but I'm still doing some forensics. There were
some files changed ( I don't think they knew it was a Vserver ) and fcheck
caught the problem files but I'm not sure if they are even needed.
hehe ... good that they didn't knew then ...
Is there any reason for ifdown, ifup, installkernel, ldconfig, sln,
vhalt, vreboot are needed or should be in a Vserver?
the is no use, but also no harm in ifdown/ifup if the
vserver does not have the NET_ADMIN capability ...
ldconfig and sln might be useful inside .. who knows
but vhalt and vreboot are not used anymore ...
This is pretty old kernel ( CTX ) and I think I made a mistake and
created the Vserver from the main server.
I'm also seeing some $VSERVER/dev/hdx?, $VSERVER/dev/log,
$VSERVER/dev/stdout, $VSERVER/dev/ttyo?, and $VSERVER/dev/tty.
anything more than the following is not needed and might
(or will) be dangerous if supplied ...
crw-rw-rw-1 root root 1, 7 Apr 6 2003 full
srw-rw-rw-1 root root0 Feb 16 01:42 log=
crw-rw-rw-1 root root 1, 3 Apr 6 2003 null
crw-rw-rw-1 root root 5, 2 Feb 16 03:07 ptmx
drwxr-xr-x2 root root0 Feb 16 01:37 pts/
crw-r--r--1 root root 1, 8 Apr 6 2003 random
crw-rw-rw-1 root root 5, 0 Apr 6 2003 tty
crw-r--r--1 root root 1, 9 Apr 6 2003 urandom
crw-rw-rw-1 root root 1, 5 Apr 6 2003 zero
std* are usually symlinks into /proc so they should be
fine ...
Any pointers or thoughts?
HTH,
Herbert
TIA,
Rod
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Open Source Software - You usually get more than you pay for...
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
