Re: [Vserver] Anounce: CentOS 5 guest image
Sandino Araico Sánchez wrote: In case somebody finds it useful, here it is: http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2 http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2.md5 http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2.asc It was cooked from a CentOS 5 stage2 image snip Not to rain on your parade, but you're aware of vserver ... build -m yum ... -- -d centos5 which will automatically build a CentOS 5 guest, right? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Anounce: CentOS 5 guest image
Sandino Araico Sánchez wrote: That's right, but yum does not always work on Debian or Gentoo hosts. Oh? Details? Both Debian and Gentoo have packages for yum, so that sounds like bug(s) which should be reported to the maintainers... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver copy. The saga continues!
Roderick A. Anderson wrote: The builds using rsync are going well but this has created a bit of a problem. Typically I build using yum as the method. This creates all the necessary files in /etc/vservers/guest/apps. Using rsync doesn't. Is there a command/incantation to convert a vserver guest to another package-management system like yum, apt-get, etc? I suspect the pieces to do this are in the vserver script but if the method is just undocumented it would be quicker. Oh, you're using external package management? To ease the migration, you probably should've internalized that before the move, and then externalized it again once you got to the destination server. Now, I think you should be able to just copy /vservers/.pkg/guest to /vservers/.pkg on the destination host, and just make sure you have all of the necessary symlinks and files in apps/pkgmgmt. For reference, the commands to internalize/externalize package management are: vserver guest pkgmgmt internalize (possibly with --force since you don't seem to have yum installed in the guest) move the guest, and then run... vserver guest pkgmgmt externalize -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] The $64,000 dollar question
Roderick A. Anderson wrote: Thanks to all for your help and suggestions on copying Vserver guests. So far it has worked quite well. I'm now on to newer things which brings me to the question. What distribution should I use for the Host? With Daniel's excellent repository(s) I have been using Fedora Core 5. I has been very stable and makes any work in the host easy. And then the guests get FC5 which with vyum makes them very easy to to maintain/enhance. But I just went through a repository hell trying to update the host. Not sure what was going on but I suspect that with FC5 at end-of-life this will happen more often. Repository hell? Meaning what, exactly? So the big question is which (preferably YUM-able) distribution should I use for the host? I'm currently thinking CentOS 5 as it has an end-of-life in about 5 years. I hope to be retired by then. :-) Plus I believe I read that it is actually supported in Daniel's repository. Unfortunately not, I haven't had enough round tuits lately, but you can use the FC6 kernel RPM (though that is not as updated as I'd like it to be, Fedora no longer updates the public tree) for now. And does it make sense to use an _older_ distribution in the guests that don't change much? Sounds like the definition of an enterprise-distro, so CentOS should be fine there too... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Error while executing the vserver startup sequence
Jake Solid wrote: I'm getting the following error when trying to create a gust on my CentOS 5 x86_64. I was able to find all files listed below and dont no for sure where is the problem. I'm using util-vserver-0.30.213-0.1 [EMAIL PROTECTED] ~]# vserver myguest build --force -m yum --context 42 --hostname=host.myguest.com --interface eth0=eth0:1.2.3.4/255.255.240.0 -- -d centos5 It looks to me like yum isn't finding any mirrors, and is thus unable to find any RPMs. Have you modified the repo files yourself, or is this OOTB? You might want to do something like: mkdir -p /etc/vservers/.distributions/centos5 cp -a /usr/lib*/util-vserver/distributions/centos5/yum /etc/vservers/.distributions/centos5 sed -i 's/debuglevel=.*/#\0/' /etc/vservers/.distributions/centos5/yum/yum.conf to get yum to show you what's happening. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] fedora 7 and vserver
jean-marc pouchoulon wrote: jean-marc pouchoulon a écrit : Hi all, Do daniel's repository will contain in the near future kernel and vserver-util for fedora 7 ? it seems that util-vserver are in fedora 7. Yes, the utils have been in Fedora (Extras at first) since FC5. As for the kernel, I've been meaning to look at it for some time now, but have been distracted by other things. I'll try to do it this weekend. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /dev/hdv1 , apache + umask trouble
Oliver Heinz wrote: Hi, after some testing it seems that I have some strange behaviour with the root fs in guests. I have an apache 1.3 running, with php4 scripts that do an file upload to the filesystem. I wanted to change the umask for file creation and had different behaviour for the resulting file being on the root fs (/dev/hdv1 which shows as via mount ufs) and a seperate bind mount. When the file ist created on the seperate mount umask works and i can set whatever umask i want resulting in the corresponing mode. When the file is created somewhere on the / ufs it's created with with mode 0600, no matter what umask I set - it's just completely ignored, SGID is also ignored the resulting file is owned by the primary group of the apache-process. chmod in php does work fine, umask on the commanline does work too. Has anybody ever experienced such strange behaviour? TIA, Oliver php code: ... umask (0002); if(is_uploaded_file($userfile) move_uploaded_file($userfile, $file_name)) .. result on seperate bind mount: drwxrwsr-x 2 www-data wdvuser 4096 2007-06-26 13:54 . drwxrwsr-x 7 ftp wdvuser 4096 2007-06-26 09:20 .. -rw-rw-r-- 1 www-data wdvuser 5253 2007-06-26 13:54 logo.jpg result on root fs (/dev/hdv1, ufs): drwxrwsr-x 2 www-data wdvuser 4096 2007-06-26 14:39 . drwxr-xr-x 6 root root 4096 2007-06-26 14:37 .. -rw--- 1 www-data www-data 3624 2007-06-26 14:39 logo.jpg mount output: /dev/hdv1 on / type ufs (defaults) /var/www/test type none (0) fstab: none/proc procdefaults,noexec,nosuid 0 0 none/dev/ptsdevpts gid=5,mode=620 0 0 /srv/www/test /var/www/test nonebind Versions: Kernel: 2.6.19.7-grsec2.1.10-vs2.2.0 VS-API: 0x00020200 util-vserver: 0.30.212; Jan 16 2007, 11:59:37 Sounds to me like the file is originally on the root filesystem, e.g. in /tmp, and move_uploaded_file is optimized to simply rename(2) the file if the source and destination are on the same filesystem, which would mean that the umask isn't used at all. An strace should tell you more though... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] init-style gentoo with baselayout-1.13.0_alpha12
Marcus Mülbüsch wrote: I have a Gentoo vserver set up with vserver-sources-2.2.0, util-vserver-0.30.213 and baselayout-1.13.0_alpha12 Thus I can use the gentoo init-style. Fine so far. Building and using that vserver is easy; I followed http://www.gentoo.org/proj/en/vps/vserver-howto.xml almost exactly. I want to start a daemon from inittab (in this case: monit), so it gets respawned when dieing. Works fine with older gentoo vserver guests which use the plain init style. However, when inside a guest vserver with gentoo init style, there is no seperate init process for each guest. So when I issue init q I get a init: /dev/initctl: No such file or directory. I freely admit that I do not exactly know what I'm expected to do here. :-/ A few pointers on what I don't understand, how I can solve that problem, or what I am to do instead of using inittab would be very appreciated. If you want to use init and the features it provides, you're going to have to use the plain initstyle. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS 5 building guest machine
Jake Solid wrote: Hello, I completed the nstallation of the latest version of vserver on a CentOS 5 machine. I'm trying to find procedures on how to build a CentOS 5 guest machine. Any inputs will be appreciated, vserver centos5 build -m yum ... -- -d centos5 should do the trick, once you replace the dots with your desired options. Is that not the case? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] 2.6.21.5-vs2.2.0-rc3-grsec2.1.10
Guten Tag harry, am Donnerstag, 21. Juni 2007 um 01:08 schrieben Sie: waauw, my english is terrible, excuse me for that... but the message is clear i guess ;) anyone will understand u.. of course ;) -- Mit freundlichen Grüßen Daniel mailto:[EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Re:] vcontext/login CPU usage at 100%
Ruben Leote Mendes wrote: Hi, I also have this problem. Is there already a solution? My setup: # vserver-info Versions: Kernel: 2.6.20.11-vs2.2.0 VS-API: 0x00020200 util-vserver: 0.30.212; Dec 9 2006, 12:26:51 snip Yes, upgrade to util-vserver 0.30.213. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] disk quota and vhashify
ADNET Ghislain wrote: Hi, To have disk quotas it seems the best to have a partition for each Vserver guests. But vhashify use hardlink and i think it does not cross partition. What would be the best way to have vhashify AND quota on the vserver ? *Is there a way to implement user/group quota per VServer?* A: Yes, but not on a shared partition for now. You need to put the guest on a separate partition, setup a vroot device (to make the quota access secure), copy that into the guest, and adjust the mtab line inside the guest. is disk limits the solution ? how disk limit work with the quota support ? http://oldwiki.linux-vserver.org/Disk+Limits this tells that it set limits but i don't know how this interact with the quota utilities or the likes. Anyone ghas experiences on how it works ? Disk limits limit the entire guest on that filesystem, not users or groups within that guest. Nobody has wanted user/group quotas on a shared filesystem yet to do the required testing. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] compatibility question
Guten Tag Chuck, am Samstag, 2. Juni 2007 um 00:57 schrieben Sie: i am suffering from severe burnout and cannot truly think properly today but i need to give the boss an answer anyway :( we have an amd64 opteron system using tyan motherboard. guests have been compiled on this. if we want to place a mirror server in place for the guests, must we match the chipset etc or is it enough that the guest is compiled for amd64? ihave received a quote on an exact replica of our production server, but i would also like to explore other possibilities for lesser expense, still using the opteron processors but possibly different motherboard. i am talking guests only. i know the host o/s would be uniquely installed. i guess what i am asking is does the guest care as long as it is the same processors? we want to simply copy the guests from one machine to the other so if needed the 2nd machine can take over almost immediately. u can copy the vserver from mashine A to B without problems. I works fine for me. There is a backup command for the vservers included which backup a vserver via rsync/ssh? or so -- Mit freundlichen Grüßen Daniel mailto:[EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Correct usage of vlan devices / weird error
Oliver Welter wrote: Hi Folks, Today I ran into a problem with newtwork devices on vlans. My box has one physikal interface (eth0) which hosts two vlans (vlan3 + vlan4). The basic vlan interfaces are created on system bootup and have each one ip assigned. In the vserver-config I used the default syntax with vlan3 in the file dev and ignored the warnings on startup *sic* which worked on my old config (0.30.210 tools on 2.6.15 kernel). What do you have now? Today an angry customer called that his webserver is down - examination showed: The guest has a total of 6 interfaces assigned where 4 are in vlan3, the first 3 in the vlan startup properly, the 4th one shows NETLINK: numeric result out of range. What settings are you using for that interface? (I.e. what does tail /etc/vservers/guest/interfaces/3/* show?) Anybody has an idea on this ? And perhaps anybody can point me to a good idea how to get rid of the warnings. I dont succeed with the nodev flag... How do you not succeed? You simply touch the file, and the utils will do nothing whatsoever with regard to setting up that IP address/interface, they'll just assign it to the network context. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] yum update screwed centos guest
Chuck wrote: we run some centos4 x86_64 guests. just did a yum update today on my template and it screwed up the guest. i do not know all of the damage yet, it appears to run and the services appear to run but vserver guestname enter no longer works. thankfully i always use the template for update testing first ... whew.. i get this when i try: vlogin: openpty(): No such file or directory any clues where to look? or should i just restore from a backup and never use yum update again? it appears it changes what it will with no regard for existing configuration files. It has nothing to do with configuration files. You just lost a (few?) device nodes. Recreate or restore /dev from a backup, or another guest. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 End of Life and Linux-Vserver
Roderick A. Anderson wrote: With the announcement of the EOL for Fedora Core 5 I'm wondering where I should go next or if I should go ... next? So actually this is more a question for Daniel Zakrisson since he provides the FC5 vserver kernel and vserver-utils RPMs and the repository. How long do you think you'll keep updating the FC5 stuff? Thanks, Rod I guess I'll handle it the same way I handled the FC4 EOL, i.e. keep pushing updates until the base kernel (2.6.20) is no longer receiving them. As for the utils, I hope Enrico will manage to get 0.30.213 in before the EOL, and that should be fine for a while at least. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Acceptable characters in a vserver name?
Guillaume Pratte wrote: Hello, A quick question. What are the acceptable characters in a vserver name? I would suppose [a-z][A-Z] + '_' and '-' are ok, but are accents, spaces and other characters acceptable? I'd like to say yes, but I haven't tried it. It's a bug if it doesn't work. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian host wants centos guest
[EMAIL PROTECTED] wrote: thanks , i setup the beast and have yum installed but..: bash-3.00# yum update Setting up Update Process Setting up repositories not using ftp, http[s], or file for repos, skipping - Null is not a valid release or hasnt been released yet Cannot find a valid baseurl for repo: update Error: Cannot find a valid baseurl for repo: update i cannot seems to make this works :) using vyum on the host works (this is how i setup yum on the guest. But inside it it fails :( i tried to install whitebox linux but i failed also to find how to build the guest so i stick with centos :) hi, i have some finished centos 5 images for linux vserver: http://www.cryptronic.de/wiki/Vserver_en:images_for_openvcp to get yum working: edit /etc/yum.repos.d/CentOS-Base.repo and replace $releasever and $basearch with hardcoded values eg $relesevar: 5 $basearch: i386 after that yum works quite fine. Why would you do that? Why doesn't it have centos-release installed, and why can't it figure out the architecture on its own? best regards oliver werner htpt://www.cryptronic.de What's HTPT? ;-) -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Linux-VServer Live CD?
On 4/20/07, Daniel Clark [EMAIL PROTECTED] wrote: On 4/20/07, Michael Luksch [EMAIL PROTECTED] wrote: Daniel Clark schrieb: Has anyone made a LiveCD for Linux-VServer? yup, a colleague of mine did so..(building liveCDs is his primary hobby ;) If anyone else would like this, I've posted it up at: http://opensysadmin.com/iso/2007-03-29.vserver-zod.i686.iso Here is the MD5SUM: 60667e579c9583e5aec6f248637474ca 2007-03-29.vserver-zod.i686.iso -- Daniel Clark # http://dclark.us # http://opensysadmin.com ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Linux-VServer Live CD?
On 4/20/07, Michael Luksch [EMAIL PROTECTED] wrote: Daniel Clark schrieb: Has anyone made a LiveCD for Linux-VServer? yup, a colleague of mine did so..(building liveCDs is his primary hobby ;) i can make it available for ftp/http downloading for you on our company's server, if you want, but just temporarily for 1 to 2 days Thanks, that would be great - I could also give you a place to ftp it to if that would be easier. If not making it more publicly available is just a matter of bandwidth, I'd be willing to host it on my website (at least unless/until it gets me over 2TB/month of traffic - I redirect large downloads using Coblitz - http://codeen.cs.princeton.edu/coblitz/ - so that is highly unlikely). it is based on gentoo 2006.1 build for i686 kernel utils: 2.6.20-vs2.3.0.11-gentoo sys-cluster/util-vserver-0.30.212-r2 Mit freundlichen Grüßen / best regards Michael Luksch - perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);' -- Daniel Clark # http://dclark.us # http://opensysadmin.com ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Linux-VServer Live CD?
Has anyone made a LiveCD for Linux-VServer? If not, any hints/tips/warnings/recommendations for an OS base? I am looking for a way to demo a client/server application, and Linux-VServer with the vunify functionality at first glance looks like it could be ideal. The CD itself would have the minimal OS and vserver-enabled kernel, and vunifiy-ed filesystems of the server and clients (which wouldn't differ by that much), and any changes during the run would be written to ramdisk. Based on a previous thread it sounded like Linux-VServer has its own Copy-on-Write (CoW) functionality, removing the need for unionfs/aufs for the virtual machines themselves (although I assume you'd still want it enabled in a small ram disk for the rest of the CD). -- Daniel Clark # http://dclark.us # http://opensysadmin.com ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] die 3er?
Guten Tag Cryptronic, wie schauts den bei euch mit dem neuen release aus? Wird es bald kommen? ;) -- Mit freundlichen Grüßen Daniel mailto:[EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Semaphores
Cryptronic wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, is there a possibility to see all semaphores vserver's are using? Because it is very difficult to enter each vserver and run ipcs. To see how much semaphores are in use would it do for me. It depends on the kernel. For kernels 2.6.19, chcontext --xid 1 ipcs should do the trick. For newer kernels, the namespaces in mainline have complicated this particular feature so you'll have to do something like vsomething vserver --all -- exec ipcs -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] die 3er?
Guten Tag Daniel, am Sonntag, 15. April 2007 um 23:20 schrieben Sie: Guten Tag Cryptronic, wie schauts den bei euch mit dem neuen release aus? Wird es bald kommen? ;) sry bug in my mua :( -- Mit freundlichen Grüßen Daniel mailto:[EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] STRG+C doesn't work after update to vs2.2.0-grsec2.1.10
Thorsten Büker wrote: And it's me, again, After noticing that binutils = 2.17 are necessary to build a 2.6.19.7 kernel [1] and after getting the message chbind: vc_set_ipv4root(): Invalid argument out of my way [2], I finally built a new kernel, which seems to work fine. Fine, beside one minor problem ;-) Entering the Vserver's context via vserver name enter and executing a command (e.g. tail -f something), it's not possible to stop the process using strg+c, like I used to do up to some hours ago (vs2.0.2.1-grsec2.1.9 / 2.6.17.14). Unfortunately I've got no idea, where to start troubleshooting -- do you have any hint on the relevant kernel option? Please find some sections of the kernel's config below. Until changing towards Etch in a couple of weeks, Sarge's standard util-vserver is version 0.30.204-5. I tried util-vserver's backport 0.30.210-8 and obviously it works now. And that's the only thing you changed? It's the exact same kernel, with the same configuration? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] mknod error in vserver
Alejandro Cabrera Obed wrote: Dear all, I have a vserver in Debian Etch (kernel 2.6.18-4-vserver-686) and I've tried to install Asterisk 1.2 from apt. After I execute apt-get install asterisk I get this error: Setting up zaptel (1.2.11.dfsg-1) ... mknod: `/dev/zap/ctl': Operation not permitted dpkg: error processing zaptel (--configure): subprocess post-installation script returned error exit statu If I install the zaptel package alone I have the same errormaybe I cannot create such devices in the vserver technology. Why can't I make this device ??? Because you're in a guest. If a guest was allowed to create device nodes as it saw fit, it would be no problem at all to escape from the guest, overwrite files, etc. Another question: do you recommnend to install Asterisk without vserver instead ??? Simply pre-creating the device from the host should do the trick, IMHO. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Martin wrote: On Wed, 2007-04-04 at 16:34 +0200, Daniel Hokka Zakrisson wrote: Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. That's why it's configurable ;-) snip Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. At the risk of sounding ungreatful for all of the hard work done on vserver - what is the 'use case' for this feature? As I understand it there is nothing to keep the host from playing with /dev/kmem or otherwise tampering with the kernel, so I can't see how a feature like this will provide any strong guarentees; unless heirarchies of contexts (which would be extreemly cool) are planned. Or is it just intended as a 'speed bump' / politeness feature? Of course the host admin can still do whatever she wants, but if you're in the business of selling truly private guests, i.e. guests without VXF_STATE_ADMIN (meaning they cannot be administered from the host), a kernel with privacy enabled, each guest living on an encrypted device only the guest has access to etc., doing so would probably not be appreciated by the clientele. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Thanks for the change log Daniel. Something is solliciting my curiosity though: - privacy for guests, which will hide things from xid 1 I am not sure I am found of that privacy thing. That's why it's configurable ;-) Isn't xid 1 the monitoring context? Yes. Isn't supposed to be able to see everything in the system? Well, not if you want to protect the guests from the host. For instance, if I remember correctly, vserver-stat uses xid 1 to mesure the memory usage of each vserver... In older versions/kernels, yeah. But that's already rather broken by design. Maybe it's an irrational fear, but it seems to me like an invitation to root kits... With this privacy option, how will we be able to precisely account the memory usage of each vserver? vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if you have a recent enough kernel that has the accounting APIs). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote:
Daniel Hokka Zakrisson a écrit :
Guillaume Pratte wrote:
Maybe it's an irrational fear, but it seems to me like an invitation
to root kits... With this privacy option, how will we be able to
precisely account the memory usage of each vserver?
vserver-stat in util-vserver 0.30.213 doesn't use xid 1 anymore (if
you have a recent enough kernel that has the accounting APIs).
Can you tell me in which version of the patch the accounting APIs where
introduced? (Is it in the just-released 2.2.0?)
I wrote:
The major changes are:
...
- accounting APIs, making it easier to write monitoring programs
Can you point me toward the documentation of these APIs?
include/linux/vserver/{limit,sched}_cmd.h is probably the best.
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CIFS-mounts in vserver guests: solved
Wilhelm Meier wrote: Am Dienstag, 3. April 2007 schrieb Roderick A. Anderson: Wilhelm Meier wrote: Am Montag, 2. April 2007 schrieb Wilhelm Meier: after our conversion I got the quick cifs hack running (using a special CLONE-flag for the cifs-thread). The I got this patch, which changes the api to kthread_run. But, the problem remains. I still got this error in dmesg: I've to correct myself! I had a configuration flaw ... if the patch is in place, it works as expected. CIFS-shares can be mounted inside the guests. Wilhelm, Would you be willing to put some instructions together on what it takes to do this? Ok., get the patch from the list and apply it to /usr/src/linux-vserver/fs/cifs/connect.c (or whatever you kernel source path is). Has the patch been submitted to (and reviewed by) linux-kernel@vger.kernel.org, [EMAIL PROTECTED] and [EMAIL PROTECTED] Note that it already doesn't follow the typical coding style used in the kernel (regarding the if/while( x ) thing). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] Stable 2.2.0 : where is the changelog?
Guillaume Pratte wrote: Hello, Where can I find the change log from version 2.02? I don't see it linked from http://www.13thfloor.at/vserver/s_rel26/v2.2.0/ Thanks! Guillaume AFAIK there is none. In theory, a combination of http://linux-vserver.org/ChangeLog-2.1 and http://linux-vserver.org/ChangeLog-2.2 should get you there, but the first is horribly out of date, so here's a little ChangeLog-according-to-Daniel. The major changes are: - COW link breaking - 2.6.19+ support (i.e. using the mainline namespaces) - capability masking, allowing things like bind9 to run unmodified in guests - artificially advancing idle time, allowing fair sharing of CPU resources among guests - accounting APIs, making it easier to write monitoring programs And a few of the rather minor/less useful changes: - allows raising the bcapabilities of a guest while it's running - virtualized time - the ability to create private guests, that cannot be easily administered from the host - warnings without CONFIG_VSERVER_DEBUG (so Debian users will see them too...) - legacy disabled by default (so util-vserver 0.30.213+ recommended) - privacy for guests, which will hide things from xid 1 - a scheduling monitor -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver and VRF support
Albert Mak (almak) wrote: Is there any work done to make Vserver work with VRF? -Albert Meaning multiple routing tables? That's already the recommended way to set different default routes for the guests. Works the same way they do in Linux. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] CentOS RPM's
Matt Paine wrote: Hi Guys I've been a while (again) since I've mucked around with linux-vserver, but the time is here again. This time with CentOS. My ideal setup, as i've come to realise, is a CentOS installation as the host OS, with a linux vserver kernel. Now, my problem lies with an RPM that would suite my purposes. I am unable to find an out of the box kernel RPM, so I thought i'de give it a crack. I've started building RPM's for other software recently,so I thought it would be within my power to try a kernel build. I was wrong. I cant even build the CentOS4.4 kernel on a basic machine with the build software installed, and the src rpm from the CentOS site, let alone a patched version of the CentOS kernel, or a vanilla kernel. (yes, i've tried the vanilla kernel, with a make rpm-pkg and that has the same problems). By the way, trying to make a vanilla kernel, no patches, with standard make commands (no make rpm) fails with the same reasons (invalid string offset errors from the linker). Sounds somewhat odd, but I've had problems trying to build 2.6.20 on it too. Haven't really investigated it yet though. Has anyone got kernel RPM's with the linux vserver patches installed (vanilla or otherwise) that are build for CentOS4.4? I know Daniel has the fedora kernels, and I've been scouring his rpm repository to find the centos ones with no luck (plenty of util-vserver rpms, but no kernels). I had the thought that the vserver stuff might already be in the kernel (long shot i know, but anythings possible) so I downloaded the util-vserver rpms and tried them, to no avail of course :) The problem with the CentOS kernel is that it's really old and it would require major surgery in order to get any sort of recent Linux-VServer version on there. I've been playing with the idea of providing more recent, vanilla kernel RPMs too, but nothing has come out of that yet, mostly because the userspace matches the old kernel. So in order to get a recent kernel working nicely, you'd probably need to update at least udev and mkinitrd. I would love to be able to compile a kernel and package it as an RPM, however at the moment my efforts are not being rewarded with anything remotely usable. If someone could help me with compiling the kernel that would be appreciated (I have the logs showing what errors I'm getting). Posting the errors is always a good idea... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Guest fedora under Gentoo Host
Stéphane GAUTIER wrote: Hi, I try to create a Fedora vserver and I have this error message : # vserver test build -m yum -- -d fc5 rpm-fake.so: vc_create_context(): Invalid argument rpm-fake.so: failed to initialize communication with resolver You didn't specify a context id. Add --context 42 and it should work fine. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problems with Knoppix 5.2 (which should be Vserver-enabled...)
Gerhard Hofmann wrote: Because these are quite a lot of steps I always thought it would be nice to have a Debian distro that is Vserver-enabled out-of-the-box. Like, say, Debian Etch? Now, in the recenct release of German magazine c't, there was a Knoppix 5.2 CD which claims to be Vserver-ready. Obviously not... Has anybody here already tried Knoppix 5.2 and can share his or her experiences? I booted Knoppix, tried to setup a Vserver like this: vserver vserver1 build \ -n vserver1 \ --hostname vserver1 \ --interface eth0:192.168.1.133/24 \ -m debootstrap -- -d sarge I get this error message: /etc/vservers/.defaults/vdirbase/vserver1: Function not implemented Which means the kernel isn't patched with Linux-VServer. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver enter eating cpu and vkill problem
Jarek Dylag wrote:
Hey
[...]
Yeah, I know where it happens, but why it happens and how to fix it is
still a mystery. Thus far, every solution I've tried has failed.
http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-vlogin-efds.diff
has two of the things I've tried to fix it.
I added additional check in termina_copy() functon:
Could you try
http://svn.linux-vserver.org/projects/util-vserver/changeset/2514?format=diffnew=2514
instead? Essentially the same thing, just in the (IMHO) correct function.
--- vlogin.c.old2006-12-09 17:15:22.0 +0100
+++ vlogin.c2007-03-14 13:47:13.0 +0100
@@ -139,6 +139,11 @@
} else if (len == -1)
return;
+ if (len == 0) {
+terminal_kill(SIGTERM);
+exit(1);
+ }
+
/* write activity to user */
EwriteAll(dst, buf, len);
}
It fixes the problem, but i don't know if i haven't broken something else.
Jarek Dylag
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/17/07, harry [EMAIL PROTECTED] wrote: in the same sense... disable all firewalls, open up your telnet port and allow passwordless rootlogin on all your machines or pull the plug those are the only possibilities, right? Are you asking me? D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/16/07, Daniel Hokka Zakrisson [EMAIL PROTECTED] wrote: Daniel W. Crompton wrote: After reading Jean-Marc's answer I thought it could also be the fact that you might just need to create /dev/mem. You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. Seriously if you care about your guest being secure you make sure that the host doesn't have physical network access. If you want to be able to run certain programs in a guest you sometimes need rights which are available to only the host. That's the whole point of caps. I want to make it clear that I have no idea what the OCS program does, but if you want to run it in a guest then you need to be able to access /dev/mem. Making the guest insecure is the price you have to pay. Having network access for a machine means risking remote attacks it's the price you pay. I hardly run anything on my host systems besides syslog and sshd, practically everything runs in a guest. Some guests have caps that give it almost full access to the host system on other guests you don't even have write access to the disk or a compiler. (It logs to the host's syslog anyway.) The level of access you need in a guest determines who access is given to, not whether you do something or not. The only thing you absolutely never ever want to do is give somebody you don't trust physical access to the host, anything else is a question of need. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
Daniel W. Crompton wrote: On 3/16/07, Daniel Hokka Zakrisson [EMAIL PROTECTED] wrote: Daniel W. Crompton wrote: After reading Jean-Marc's answer I thought it could also be the fact that you might just need to create /dev/mem. You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. Seriously if you care about your guest being secure you make sure that the host doesn't have physical network access. If you want to be able to run certain programs in a guest you sometimes need rights which are available to only the host. That's the whole point of caps. Which should not be taken as lightly as you just need to create XYZ. It's something that essentially voids the entire virtualization/isolation that Linux-VServer provides... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/17/07, Daniel Hokka Zakrisson [EMAIL PROTECTED] wrote: You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. Seriously if you care about your guest being secure you make sure that the host doesn't have physical network access. If you want to be able to run certain programs in a guest you sometimes need rights which are available to only the host. That's the whole point of caps. Which should not be taken as lightly as you just need to create XYZ. It's something that essentially voids the entire virtualization/isolation that Linux-VServer provides... You are right that I was a little flippant in my remark that one should just create /dev/mem, and should have mentioned the security implications. My remark did contain reservation you didn't pick-up on. You might just need to create XYZ carries a very different message than you just need to create XYZ. In this case might means that it is possible that you would need to do XYZ, I realize that this reservation could be missed in a cursory reading. However that doesn't however negate the fact that to run OCS Agent as is in a guest you might just need to create /dev/mem. regards, D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand [EMAIL PROTECTED] wrote:
unless(-r /dev/mem){
die localtime(). = You don't have enough rights to
run this program\n;
}
After reading Jean-Marc's answer I thought it could also be the fact
that you might just need to create /dev/mem.
vs / # perl
unless(-r /dev/mem){
die localtime(). = You don't have enough rights to run this program\n;
}
vs / # ls -l /dev/mem
crw-r- 1 root root 1, 1 Dec 20 00:15 /dev/mem
D.
blaze your trail
--
redhat
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
Daniel W. Crompton wrote: After reading Jean-Marc's answer I thought it could also be the fact that you might just need to create /dev/mem. You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand [EMAIL PROTECTED] wrote: I want to install OCS Inventory Agent on a guest. When I launch agent, I can read this error in log file: I'am under root account. How can I resolve this ? When you are running in a guest you don have as many rights as root on the host, the guest has certain capabilities disabled. Do you know what the Agent is trying to do when it installs, perhaps starting the installer with strace will give you an idea what capability it needs to install. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand [EMAIL PROTECTED] wrote: ...snipped for brevity... I use strace. I can see this : ... skip ... stat64(/dev/mem, 0x814e0c8) = -1 ENOENT (No such file or directory) Looks like you can access /dev/mem, probably it looks like it needs to access this for some reason. BTW Nicolas, above, is right if it needs to do that kind of access it's probably better on the host system. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver patch making its way into the kernel.org kernels...?
On 3/13/07, Technical Support [EMAIL PROTECTED] wrote: Hi Ken, However, the folks on our platform team are concerned - they want to use a stock kernel (which evidently means something downloaded directly from kernel.org) and don't like the idea of a patch. I doubt there are many people who actually run a stock kernel. Not because they are kernel hackers, but because practically all the Linux distros have a slightly modified kernel. What you, or your platform team, actually want is not a vanilla kernel. What you need is a maintainer, somebody who looks after the branch and merges the vanilla and whatever preemptive, optimizing, memory, hardware patches you need for your servers. In the case of Linux-VServer you already have that. The illusion that patching isn't the right path is just that, an illusion. It's the same reason you use menuconfig to modify your kernel. Herbert Poetzl and many others take great care in producing the patches and making sure they work. This is why they add a kernel target to the version, so you are reasonably guaranteed that the patch will work. (Although there's no warranty.) Evidently this causes a long-term maintenance issue - not necessarily from the technical perspective of applying the patch, but from a documentation, regression testing, license compliance (we distribute appliances, so we have to do extra work for GPL compliance), etc. That isn't entirely the case either, as far as I can see you would need to do this for the vanilla kernel too. The added advantage is that as you know the changes - patches - you are making to the kernel you can guess where the gains and losses will be. I just had to respond, forgive me if I sound a little undaunted by your team's concerns. I realize that once you send out the appliance and it fails it's very difficult to get the customers (trust) back. I know that I don't want it to seem that I'm advocating you selling bleeding edge too your customers, because I'm advocating the opposite. However I get the idea that the project team thinks this is just another step in a long manufacturing trail that if slashed would make life easier. It's not going to happen today... D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] gentoo update breaks shutdowns?
Chuck wrote: ... my util-vserver version is 0.30.212-r2 kernel version 2.6.19-vs2.2.0-rc2 You sure you were running that kernel before? IIRC that one has a broken vc_ctx_kill, so you might want to upgrade... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver enter eating cpu and vkill problem
Jarek Dylag wrote: Hey, [...] Apparently it happens when the session is not ended properly (disconnections, etc) I could reproduce the problem as follow: * ssh to the server as normal user * sudo su - * vserver XX enter * now from another term, kill -9 on either of the two su processes (su - or -su) At that point the session in the vserver ends but vcontext is still hooked to the current terminal so cpu is fine. * now quit the current terminal At that point vcontext is not hooked to any terminal (vps ax = ? on the tty column) and using top you see it's running 100% cpu, ~ 80% system and 20% user. I'll look in to it. I am unable to reproduce that here. The vlogin process does stick around, which it probably shouldn't, but its resource usage is the same as it's always been. I can reproduce it on debian sid with 2.6.20.1-vs2.3.0.11 kernel. ps auxf USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 2716 82.5 0.0 116 40 ?R15:17 7:04 login root 2774 0.0 0.3 5072 1660 pts/6Ss+ 15:17 0:00 \_ /bin/bash -login I straced login process, strace shows: Process 2716 attached - interrupt to quit select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, \r, 64) = 1 write(3, \r, 1) = 1 select(4, [0 3], NULL, NULL, NULL) = 1 (in [3]) read(3, \r\n, 64) = 2 write(1, \r\n, 2) = 2 select(4, [0 3], NULL, NULL, NULL) = 1 (in [3]) read(3, \33[1m/ \33[37;0m(\33[32;1m1525\33[37;0m..., 64) = 47 write(1, \33[1m/ \33[37;0m(\33[32;1m1525\33[37;0m..., 47) = 47 Here session ended: select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, , 64) = 0 select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, , 64) = 0 select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, , 64) = 0 select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, , 64) = 0 select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, , 64) = 0 select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) read(0, , 64) = 0 select(4, [0 3], NULL, NULL, NULL) = 1 (in [0]) Yeah, I know where it happens, but why it happens and how to fix it is still a mystery. Thus far, every solution I've tried has failed. http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-vlogin-efds.diff has two of the things I've tried to fix it. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian vserver and AMD x2 AM2 CPUs
Konstantinos Pachopoulos wrote: Hi, has anybody had any experience with with VServer (Debian) and Dual Core AM2 CPUs? Does it work OK? In general, if a vanilla kernel works on it, so will Linux-VServer. And if for some reason it doesn't, that's a bug that should get fixed rather quickly. Is it posssible -would it be possible in the future maybe- for VServer to take advantage of the AMD CPUs built-in virtualization technology? Not really, Linux-VServer is more about isolation than virtualizing hardware. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [PATCH] vserver, quota and vroot fix
Jan Rekorajski wrote: Hi, The following hunk got lost sometime between 2.6.16 and 2.6.18, as Network Failure System hit me again, I just _had_ to find out why quota did not work with latest vserver patches ;) The patch is so long because quotactl_block() has to be after vroot_get_real_bdev declaration, the real meat is between #if defined(CONFIG_BLK_DEV_VROOT) || defined(CONFIG_BLK_DEV_VROOT_MODULE) #endif IMHO it got lost after 2.6.18, i.e. it's not present in 2.6.19 nor 2.6.20. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chroot barrier problem when consolidating var and etc
Martin Fick wrote: I have run into a chroot barrier problem when consolidating a vserver's etc and var files under the same parent directory. When the /etc/init.d/util-vserver script runs it sets a chroot barrier on the parent of the vserver's var directory. That's a Debian-thing, although it is a good idea. If the etc and var directories share this parent the barrier somehow prevents the vserver from accessing its etc files. Specifically, when starting the verserver, I get this error: vlimit: fstat(/etc/vservers/server-name/rlimits): Permission denied My layout is the following: /etc/vservers/server-name - /vservers/server-name/etc /var/lib/vservers/server-name - /vservers/server-name/var /vservers/server-name/etc /vservers/server-name/var I have seen this error reported by others who have also symlinked their etc directory, but I have not seen any good solution given to this problem. My workaround has been to simply put the vserver's var directory in a subdirectory like this instead. The simpler version is to use something like: /vservers/etc/guest /vservers/var/guest where only the var directory needs to have the barrier set. Is this normal behavior, should I just not be doing this? Is my workaround a security problem? Is there potentially a simple fix that should be implemented in the way that the standard vserver directories are layed out to allow a setup like this to function without my workaround? You want to have the barrier set, otherwise the guest will be able to break out of the chroot and into other guests (and with your setup, change the configuration to give the guest more privileges). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] util-vserver 0.30.210-10(edgy) var-run dir missing
Forwarding Address wrote: snip Ubuntu is strange in that it uses a tmpfs mount for /var/run, which means that the directories will be gone as soon as you reboot. In Debian (and thus Ubuntu) this was fixed in 0.30.211-6, and for vanilla, util-vserver 0.30.213-rc4 with http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-ubuntu-init.diff on top is supposed to do the right thing. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Installing Vserver on RedHat ES4
Kolly Christian, Bedag wrote: Hello, I'll have to try to install Linux-Vserver on an RedHat ES4 server. The Kernel version included in this distribution is 2.6.9. Is it possible to patch this Kernel, wich is allready patched by RedHad, with the Vserver Patch or do I have to patch an official Kernel? You'll have to get a vanilla kernel. Patching 2.6.9 with a recent patch would be a _lot_ of work... -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] raising individual interface devices
Herbert Poetzl wrote: On Sat, Feb 17, 2007 at 05:53:58PM +0100, Baltasar Cevc wrote: Hi Chuck Quoting Chuck [EMAIL PROTECTED]: is there a way to raise an individual interface device in a vserver without restarting the entire server? i am installing several vservers that will require various ip addresses for specific SSL certs added one at a time but should not down the entire service just to do so.. eg: eg: /etc/vservers/guestname/interfaces/0 /etc/vservers/guestname/interfaces/1 then i want to add /etc/vservers/guestname/interfaces/2 and bring it alive without disturbing 0 or 1 or the operation of any services under them. Add the interface configuration, add the IP to the interface on the host (ip addr add dev yyy, as far as and enter the vserver (using vserver enter); the newly opened session in the context knows the new IP, too. So you may restart your Webserver then and use the new IP. Sorry, I've accidently hit send - here's the complete text I wanted to write ;-) Add the interface configuration, add the IP to the interface on the host (ip addr add dev yyy) - so the host knows the IP (which is normally done by vserver start). Then enter the vserver (using vserver enter); the newly opened session (your bash process or similar) in the context knows the new IP, too. So you may add it to your Webserver config and restart it (now having the newly assigned IP, too). well, while this may work with some configurations (especially older tools :) this works by chance and not by design, and it will for sure stop working with non legacy enabled kenels, which make proper use of network contexts ... Some configurations meaning util-vserver 0.30.209 and older, or using dynamic contexts. the proper procedure is quite similar though: - add the ip to the host (ip addr add ...) - add the ip to the guest's network context # naddress --add --nid nid --ip ip/mask - enter the guest (best via ssh) - restart the services if required (most services will automatically start using the new addresses) Just to clarify: if your guest had just one IP address before, and you're not using 2.3, you'll have to restart all of your services for them to get the new IP. - update the config to reflect the changes for the next guest restart (if desired) HTC, Herbert Hope that helps, Baltasar -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network - How is it implemented?
Philippe Teuwen wrote: iptables and routing remains on the host, but can be proxied (i.e. done via policy daemon) Hi Herbert, Does such daemon exist already? Yes: http://www.virtuaserver.com.br/forum/viewtopic.php?t=130 -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network - How is it implemented?
John Alberts wrote: the host. The main problem is that opening a port because 1 guest needs it, opens that port for all guests and the host. So why don't you specify the guest's IP address in the rule? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] debian host wants centos guest
ADNET Ghislain wrote: is it possible to build a centos guest on a debian host ? Yes. i cannot made it . i have setup a server using vyum and -d centos4 but i got a system so tiny that i havent any yum or rpm or any package (not even vi) and anything i want to install fails. Fails how? How are you trying to install it? If you want the guest to manage its own packages, you should run: vyum guest -- install yum vserver guest pkgmgmt internalize -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] ultra frustration
Chuck wrote: why did you ever remove vserver-new? it was so SIMPLE to clone a template that way. i cannot get this to work. i am sure it is just frustration on my part. i go by the vserver help built in and send it this cmdline: vserver tbfweb build --context 3911 --hostname tbfweb --interface eth3:64.113.39.11/24 --initstyle plain -m rsync --source /vservers/c64webmintmpl and immediately it says unrecognized --source ... since you're missing the -- before it. Add that and it should be fine. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC6 hangs while creating a vserver
Matt Paine wrote: snip This should be fixed in 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.2 which I pushed to the repository a while ago. Please let us know if you still experience any problems with that version. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Another bug?
Lyn St George wrote:
I have scripts that run from the host and restart daemons
inside vservers, using suexec. Eg:
/usr/sbin/vserver {name} suexec {user} {cmd}
Is user a username or a uid?
These worked fine with 30.309 tools and 2.6.14 kernel.
Now, with 2.6.19.2 kernel, 2.2.0-rc10 patch and
30.212 tools, the suexec no longer works and stays as root
resulting in failed commands.
I think it's the other way around. If you answered username above, your
old utils would've run the command as root, while 0.30.211 fixes this to
understand usernames and bail out if it's not a number nor a valid
username.
I see nothing in the changelog or docs about a change.
Is this another bug?
Seems to work fine here, and this hasn't changed since 0.30.211:
[EMAIL PROTECTED] ~]# vserver --version
vserver 0.30.213-rc1 -- manages the state of vservers
This program is part of util-vserver 0.30.213-rc1
Copyright (C) 2003,2004,2005 Enrico Scholz
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
[EMAIL PROTECTED] ~]# vserver fc6 suexec apache id
uid=48(apache) gid=48(apache) groups=48(apache)
[EMAIL PROTECTED] ~]# vserver fc6 suexec pdns id
uid=100(pdns) gid=101(pdns) groups=101(pdns)
[EMAIL PROTECTED] ~]# grep pdns /etc/passwd
[EMAIL PROTECTED] ~]# grep pdns /vservers/fc6/etc/passwd
pdns:!!:100:101:PowerDNS user:/:/sbin/nologin
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC6 hangs while creating a vserver
Matt Paine wrote:
...
I've just pushed 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.1 which (as the name
suggests) contains an update to 2.2.0-rc12 which fixes numerous bugs. If
it still happens with that kernel, the trace removed below would be needed
to track down the bug.
Below that I have typed out what I see on the screen after it dies. I
needed to type this out so please excuse any typo's (i'll be as accurate
as I can).
...
---8--- contents of /var/log/messages
Feb 8 23:34:55 clustman Updated: yum.noarch 3.0.3-1.fc6.chroot
Feb 8 23:34:58 clustman Updated: yum-updatesd.noarch 3.0.3-1.fc6.chroot
Feb 8 23:35:37 clustman kernel: vxD: assertion [xid(0) == current(41)]
failed. @fs/locks.c:835
Feb 8 23:36:06 clustman last message repeated 16 times
Feb 8 23:36:06 clustman kernel: ··· mapping device: 0050 target:
0050 flags: 0002 mode: 2000 mapped=0
Feb 8 23:36:08 clustman kernel: vxD: assertion [xid(0) == current(41)]
failed. @fs/locks.c:835
Feb 8 23:36:18 clustman last message repeated 15 times
Feb 8 23:36:18 clustman kernel: ··· mapping device: 0013 target:
0013 flags: 0002 mode: 2000 mapped=0
Feb 8 23:36:19 clustman kernel: vxD: assertion [xid(0) == current(41)]
failed. @fs/locks.c:835
Feb 8 23:36:29 clustman last message repeated 8 times
Feb 8 23:36:29 clustman kernel: ··· mapping device: 0019 target:
0019 flags: 0002 mode: 2000 mapped=0
Feb 8 23:36:29 clustman kernel: vxD: assertion [xid(0) == current(41)]
failed. @fs/locks.c:835
Feb 8 23:36:32 clustman last message repeated 7 times
Feb 8 23:36:35 clustman avahi-daemon[2369]: Registering new address
record for 192.168.0.101 on eth0.
Feb 8 23:36:36 clustman kernel: BUGging on (p == reaper ||
reaper-exit_state)
Feb 8 23:36:36 clustman kernel: [ cut here ]
Feb 8 23:43:04 clustman syslogd 1.4.1: restart.
Feb 8 23:43:05 clustman kernel: klogd 1.4.1, log source = /proc/kmsg
started.
Feb 8 23:43:05 clustman kernel: Linux version
2.6.19-1.2901.fc6.vs2.2.0.0.rc9.1 ([EMAIL PROTECTED])
(gcc version 4.1.1 20070105 (Red Hat 4.1.1-51)) #1 SMP Thu Feb 1
01:06:08 EST 2007
8
---8- appears on console before power cycle is needed -
3BUG: sleeping function called from invalid context at
kernel/rwsem.c:20 in atomic():0, irqs_disabled():1
{... dump trace/show_trace/etc, i can type this in if its relevent...}
Fixing recursive fault but reboot is needed!
-8-
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kernel panic on vs2.2.0-rc11
Jarek Dylag wrote: Hi, could you do a 'cat /proc/virtual/status' just before and right after the 'evil' exec and also provide the guest config you are using? After exec system crashes, so i can provide only status before exec: UseCnt: 33 Tasks: 14 Flags: 0006020f0310 BCaps: 3fff CCaps: 00100101 Spaces: 0c020200 That's /proc/virtual/xid/status. /proc/virtual/status will contain use counts for fs_structs, which is most likely what's causing your oops... But without the after shot, it'll be impossible to say if that's what's causing it. Thera are all bcapabilities enabled for guests on this system Why on earth would you do that? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kernel panic on vs2.2.0-rc11
Jarek Dylag wrote: ... I finally managed to reproduce this, and it should be fixed 2.2.0-rc12. Please let us know how it goes. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext not permitted
Lyn St George wrote: In the end, it seems that it was LVM. I eventually found this No, this was an actual bug. It should be fixed in 2.2.0-rc12. page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 which specifically mentions that LVM needs a different configuration. So I did that - and with the new-style config so the LVM fix would work - and now the vservers start and can be entered properly. They still don't stop properly, and 'ps -ax' does not show all processes, so I guess things need to be tweaked. But at least they run. What? ps ax is not supposed to show _all_ processes, just the ones belonging to the current context. If you want to show all of them, use vps on the host. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] apache2 prefork and kernel oops
Randall Smith wrote: ... Pid: 4438, comm: rc Not tainted 2.6.18-3-vserver-amd64 #1 This kernel is known to be broken. You need to get 2.6.18-4 from sid. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vserver images
Hi all, can someone tell me where i can find new linux images for the vserver? Somethink like fedora or centos? I found only centos 4.3 but 4.4 is the newest... Anyone maintain a mirror? If someone is interessred to maintain a image mirror we can speak over that.. i can offer space and traffic for that... -- greetz daniel ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vserver images
Hi all, can someone tell me where i can find new linux images for the vserver? Somethink like fedora or centos? I found only centos 4.3 but 4.4 is the newest... Anyone maintain a mirror? If someone is interessred to maintain a image mirror we can speak over that.. i can offer space and traffic for that... -- greetz daniel ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver patch for recent 2.6.16
Markus Schuster wrote: 2.) compile time I had some problems with JFS, there are some constants used that aren't defined elsewhere. The patch adds the two functions jfs_set_inode_flags and jfs_sync_flags to fs/jfs/jfs_inode.c and most/all? of the constants used in this two functions are undefined. But no problem for me as I don't need JFS. I've just disabled it. No further compile time problems with my .config. Sorry for the long response time, I forgot to upload the new patch. JFS should work fine (but not support barrier/immutable/iunlink/etc.) in http://people.linux-vserver.org/~dhozac/p/k/patch-2.6.16.38-vs2.0.3-rc1.1.diff -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Disconnect on vserver build
Marc Guyard wrote: Hi, I've a problem to install vserver on a dedicated server. In fact, i only access to him with ssh. My problem is'nt really the installation but the build. When i launch a verserver build image ( i follow this tutorial ), after the second yum, i'm disconnect from my ssh and i cannot reconnect without restart the server. Do you know why ? Most likely you told the utils that your host's IP address belonged to the guest and that it should be brought up and down along with it, so when the initpost script runs to clean up the guest after installing it, the IP address is removed as the guest is stopped, leading to a host without IP addresses. You really should give the guest a separate IP address, perhaps a private one if you don't have any spare public ones, to avoid this problem and many others (like the guests ability to interfere with the host's daemons). If you really don't want to use another IP address, you could simply leave out the network interface on your vserver ... build command line. I think that will only do the Right Thing(tm) with util-vserver 0.30.213-pre5+ though (i.e., set nodev). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vrsetup : No such device or address
Joerg Maier wrote: Hi, i got an issuem with vrsetup to configure a block device to quota_ctl inside a vserver. I am using vs2.1.1-rc48 from linux-vserver.org on a vanilla kernel. Why such an old kernel? 2.1.1.7.1 is the latest release of the 2.1 branch, but you're really suggested to use 2.2.0-rc8.7... [EMAIL PROTECTED]:/etc/vservers# vrsetup /dev/vroot/mail /dev/vgsystem/lvmail open(/dev/vroot/mail): No such device or address You _did_ enable vroot support in your kernel, and if you compiled it as a module, it _is_ loaded, right? -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vrsetup : No such device or address
Joerg Maier wrote: Hi, Why such an old kernel? 2.1.1.7.1 is the latest release of the 2.1 branch, but you're really suggested to use 2.2.0-rc8.7... I found the 2.1 version is almost stable and thats what i wanted as the machine will go productive soon. Do you think the 2.2 version is stable in the same amount as 2.1 is? Given that 2.2 is the next stable series, and it's mostly the same code as 2.1, I'd say so. 2.1.1-rc48 has a few rather serious bugs too, IIRC. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] VSZ gets smaller than RSS
[EMAIL PROTECTED] wrote: i! Is it possible that VSZ becomes smaller/lower than RSS in 'vserver-stat' after starting some applications (JBoss and Tomcat with Active-BPEL engine, see #1)? In order for a page to be in RAM, it would have to mapped, I'm quite sure... ~ # vserver-stat CTX PROCVSZRSS userTIME sysTIMEUPTIME NAME 0 58 296.4M 22.3M 0m02s42 0m04s55 6m33s88 root server 1151 5 1.3G 283.4M 0m38s45 0m00s82 4m41s19 lvg-1-151 115216 393.6M 793.8M 1m14s76 0m01s93 4m36s71 lvg-1-152 -- #2 1153 7 1.3G 195.7M 0m19s50 0m00s62 4m31s70 lvg-1-153 -- #1 1154 3 42.2M 2.7M 0m00s00 0m00s00 4m21s36 lvg-1-154 You're using a vserver-stat which just sums up the values in /proc. This can break in any number of ways, like e.g. overflowing. You could try using a 2.2.0-rc7+ kernel with util-vserver-0.30.213-pre1+ to get vserver-stat to look at the values in /proc/virtual/xid/limit, which should be correct (although I suppose they can still overflow). -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] sparc vserver issues
Matt Kulka wrote:
Hi,
The following is also in prettier form at http://www.lqx.net/~matt/
sparc-vserver
I have a few issues with vserver on sparc. Namely, permission denied
errors (which are pretty broad) when trying to su or when cron tries
to run a crontab (even a root crontab). Also, when stopping the
vserver with nfs points mounted, a kernel error is generated. The
former issues are #1 and #2 while the latter issue is #3.
Platform: Sun T2000 (8-core, 1ghz, 8GB RAM)
Kernel: Linux 2.6.19-vs2.3.0.6-gentoo #3 SMP Mon Jan 22 19:09:52 MST
2007 sparc64 sun4v UltraSparc T1 (Niagara) GNU/Linux
Installed Versions:
sys-libs/glibc-2.3.6-r5 USE=nptl nptlonly -build -erandom -glibc-
compat20 -glibc-omitfp (-hardened) (-multilib) -nls -profile (-
selinux) 0 kB
dev-libs/dietlibc-0.30-r2 USE=-debug 0 kB
sys-cluster/util-vserver-0.30.212-r1 USE=-bash-completion 0 kB
Issue #1:
In the vserver, the cron daemon starts but is unable to run any
crontabs. The result of it trying is:
Jan 23 13:00:01 cron[15618]: Permission denied
in /var/log/messages. This is certainly related to issue #2.
Issue #2:
In the vserver, su is unable to change to any user. Doing so results
in the following error
su: Permission denied
The following is shown in /var/log/messages:
Jan 23 13:26:27 su[6123]: Successful su for dude by root
Jan 23 13:26:27 su[6123]: + pts/2 root:dude
Jan 23 13:26:27 su(pam_unix)[6123]: session opened for user dude by
(uid=0)
Jan 23 13:26:27 su[6123]: pam_open_session: Permission denied
A log of strace for su - can be found at http://www.lqx.net/~matt/
sparc-vserver/su.log
Try lowering the limits in your guest's /etc/security/limits.conf,
alternatively remove pam_limits.so from your pam configuration to see if
that fixes it.
Issue #3:
The vserver is unable to be shutdown cleanly due to mounted nfs
mounts. Stopping the vserver produces this error message:
This is a known mainline problem. I've notified (who I think are) the
correct people, hopefully we'll get a fix soon.
/usr/lib/util-vserver/vserver.functions: line 895: 8230 Segmentation
fault $_VWAIT --timeout $VSHELPER_SYNC_TIMEOUT --status-fd 3
$2 $_is_tmpdir/out 2$_is_tmpdir/err 3$_is_tmpdir/fifo
internal error: 'vwait' exited with an unexpected status ''; I will
try to continue but be prepared for unexpected events.
and this in the kernel messages:
[ 1071.769529] Unable to handle kernel NULL pointer dereference
[ 1071.769555] tsk-{mm,active_mm}-context = 1f09
[ 1071.769570] tsk-{mm,active_mm}-pgd = f801fcd4e000
[ 1071.769586] \|/ \|/
[ 1071.769593] @'/ .. \`@
[ 1071.769600] /_| \__/ |_\
[ 1071.769607] \__U_/
[ 1071.769672] vserver(6161[#0]): Oops [#1]
[ 1071.769690] TSTATE: 004411f01600 TPC: 007182b0 TNPC:
007182b4 Y: Not tainted
[ 1071.769724] TPC: _spin_lock_irq+0xc/0x1c
[ 1071.769739] g0: 0004 g1: g2:
00200200 g3: 007b6fa0
[ 1071.769763] g4: f801fdc54960 g5: f80003d53340 g6:
f801f83cc000 g7: 007b6fa0
[ 1071.769783] o0: 0a08 o1: 00fa o2:
0004 o3:
[ 1071.769805] o4: 0072 o5: sp:
f801f83cf081 ret_pc: 00548620
[ 1071.769827] RPC: lockd_down+0xe4/0x10c
[ 1071.769843] l0: 008c1c00 l1: 008e3800 l2:
007b4fc0 l3: f801fff9c0c0
[ 1071.769867] l4: f801fdc54a38 l5: f801f83cfdc0 l6:
f801fdc54ab0 l7:
[ 1071.769887] i0: 007b6c00 i1: 00827f00 i2:
i3: 0001
[ 1071.769911] i4: 00200200 i5: f801fdcf77d8 i6:
f801f83cf141 i7: 005215dc
[ 1071.769938] I7: nfs_free_server+0x98/0x110
[ 1071.769950] Caller[005215dc]: nfs_free_server+0x98/0x110
[ 1071.769972] Caller[004ac554]: deactivate_super+0x50/0x6c
[ 1071.77] Caller[004c22f0]: release_mounts+0x8c/0xa4
[ 1071.770023] Caller[004c24b0]: __put_namespace+0x64/0x78
[ 1071.770044] Caller[0046f890]: free_nsproxy+0x34/0x78
[ 1071.770070] Caller[0045a1dc]: do_exit+0x8ac/0x960
[ 1071.770094] Caller[0045a364]: do_group_exit+0x9c/0xa0
[ 1071.770114] Caller[00406c94]: linux_sparc_syscall32+0x3c/0x40
[ 1071.770144] Caller[00025360]: 0x25368
[ 1071.770165] Instruction DUMP: 81c3e008 0100 9190200f
8143e00a 0ac040d0 0100 81c3e008 0100
[ 1071.770209] Fixing recursive fault but reboot is needed!
After this point, as it says, a reboot is needed. The vserver fails
to start again. With no nfs shares mounted, the vserver shutdown
cleanly.
Any help is appreciated..
Matt Kulka
Easynews - Usenet Made Easy!
http://www.easynews.com
[EMAIL PROTECTED]
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux
Re: [Vserver] Loopback interface
Marc Guyard wrote: Hi everybody, I want to know if it's possible to have a loopback interface on each virtual server with vserver? I've read this here : http://linux-vserver.org/Frequently_Asked_Questions_scratch *127.0.0.1 issues* I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory 0 in /etc/vservers/server/interfaces to 1 and created interface 0 as : dev lo ip 127.0.0.1 mask 255.0.0.0 name lo now interface 1 is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface 0 is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1 Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with checking for ICMP ping syntax... That is certainly a bad idea. Giving all the guests access to the same IP address _will_ create conflicts as soon as two guests want to run the same service. The 2.3.0.x versions support a per-guest loopback by assigning the guest 127.x.y.1 IP addresses, where x.y is replaced with the nid. The idea is that it will be rewritten to 127.0.0.1 whenever userspace asks, but I'm not sure whether that functionality is present yet, nor if the address is usable without assigning it to the guest manually. (Herbert?) -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: vserver patch for recent 2.6.16
Okay, the patch at http://people.linux-vserver.org/~dhozac/p/k/patch-2.6.16.37-vs2.0.3-rc1.diff seems to work in my _very_ basic testing, basically a testme+testfs and a vserver guest start/stop. It should have almost all of the deltas leading up to 2.0.3-rc1 from 2.0.2-rc22, which weren't specific to another kernel version. Please let us know how it works. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver enter eating cpu and vkill problem
Philippe Teuwen wrote: Hello, Here are some problems I have with vserver. My environment: Kernel: Debian vserver_pre-patched kernel for AMD64: Linux version 2.6.17-2-vserver-amd64 (Debian 2.6.17-9) ([EMAIL PROTECTED]) (gcc version 4.1.2 20060901 (prerelease) (Debian 4.1.1-13)) #1 SMP Wed Sep 13 18:02:36 CEST 2006 According to changelog.Debian, this version is using vserver patch v2.0.2 util-vserver: 0.30.211-6 First problem: In some situations my CPU was burning like hell for days before I noticed it. This was the vcontext/login process, the one running when using the command vserver XX enter. If it happens that the process is disconnected from its terminal it eats all the CPU :-( Apparently it happens when the session is not ended properly (disconnections, etc) I could reproduce the problem as follow: * ssh to the server as normal user * sudo su - * vserver XX enter * now from another term, kill -9 on either of the two su processes (su - or -su) At that point the session in the vserver ends but vcontext is still hooked to the current terminal so cpu is fine. * now quit the current terminal At that point vcontext is not hooked to any terminal (vps ax = ? on the tty column) and using top you see it's running 100% cpu, ~ 80% system and 20% user. I'll look in to it. Second problem (cosmetic): Depending on the tool, the process I was talking about in the previous problem appears as vcontext (top, pgrep,... cat /proc/NNN/status) or as login (ps ax, pgrep -f,... cat /proc/NNN/cmdline) or should I say login\0\0\0\0\0\0\0\0\0\0\0... This is quite disturbing using processes mgmt tools like when I wrote a cron to detect cpu hangry vcontext processes to be killed :-) Lots of programs overwrite the process name to get nicer ps/top/etc. output. Third problem I discovered when writing that watchdog: Processes from guests are not displayed using ps/top/etc in context 0 (ps ax from host) but well in context 1 (e.g. vps ax). Fine. But if I want to kill one of them: host:~# vserver devel enter devel:~# top --- in another host term --- host:~# ps -C top PID TTY TIME CMD host:~# vps -C top PID CONTEXT TTY TIME CMD 17111 31022 devel pts/13 00:00:00 top host:~# vkill 17111 vkill: vc_ctx_kill(): No such process vkill needs the context too, i.e. vkill --xid devel 17111. host:~# chcontext --ctx 1 ps -C top PID TTY TIME CMD 17111 pts/13 00:00:00 top host:~# chcontext --ctx 1 kill 17111 no error but nothing happens neither: host:~# vps -C top PID CONTEXT TTY TIME CMD 17111 31022 devel pts/13 00:00:00 top host:~# kill 17111 host:~# vps -C top PID CONTEXT TTY TIME CMD worked!! This is not the behaviour I expected. Apart from that I'm happy running vserver for almost a year with now 6 guests. Phil PS: nothing particular here when I ran testme.sh Linux-VServer Test [V0.17] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.17-2-vserver-amd64 #1 SMP Wed Sep 13 18:02:36 CEST 2006 x86_64 Ea 0.30.211 236/glibc (DSa) compat,v11,fscompat,v13,net,v21,oldproc,olduts VCI: 0002:0002 236 0316 (TbLgnP) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] stop vserver cause error/oops - with new debian 4.0 vserver kernel version
-3-vserver-amd64 #1 Jan 8 10:55:37 hal9000 kernel: RIP: 0010:[8027e45e] [8027e45e] __wake_up_common+0x24/0x68 Jan 8 10:55:37 hal9000 kernel: RSP: 0018:810011515cc8 EFLAGS: 00010092 Jan 8 10:55:37 hal9000 kernel: RAX: 0292 RBX: 81000f741188 RCX: Jan 8 10:55:37 hal9000 kernel: RDX: 0001 RSI: 0001 RDI: 81000f741188 Jan 8 10:55:37 hal9000 kernel: RBP: 810011515cf8 R08: 82180f74119e R09: Jan 8 10:55:37 hal9000 kernel: R10: R11: 8100130ed268 R12: 0001 Jan 8 10:55:37 hal9000 kernel: R13: 0001 R14: 81000f741188 R15: Jan 8 10:55:37 hal9000 kernel: FS: 2b6e32afc6d0() GS:8052f000() knlGS: Jan 8 10:55:37 hal9000 kernel: CS: 0010 DS: ES: CR0: 8005003b Jan 8 10:55:37 hal9000 kernel: CR2: 82180f74119e CR3: 077fc000 CR4: 06e0 Jan 8 10:55:37 hal9000 kernel: Process apache2 (pid: 28327[#51], threadinfo 810011514000, task 8100130ed140) Jan 8 10:55:37 hal9000 kernel: Stack: 0001 81000f741188 0001 Jan 8 10:55:37 hal9000 kernel: 0292 0001 810011515d38 8022d038 Jan 8 10:55:37 hal9000 kernel: 0020 810011515d58 0020 8100010f4780 Jan 8 10:55:37 hal9000 kernel: Call Trace: Jan 8 10:55:37 hal9000 kernel: [8022d038] __wake_up+0x38/0x4f Jan 8 10:55:37 hal9000 kernel: [80214181] do_exit+0x901/0x948 Jan 8 10:55:37 hal9000 kernel: [80246e14] cpuset_exit+0x0/0x6c Jan 8 10:55:37 hal9000 kernel: [8022a295] get_signal_to_deliver+0x4b0/0x4df Jan 8 10:55:37 hal9000 kernel: [80228cb6] do_signal+0x55/0x751 Jan 8 10:55:37 hal9000 kernel: [80232404] lock_sock+0xa2/0xad Jan 8 10:55:37 hal9000 kernel: [8023f839] d_rehash+0x6a/0x80 Jan 8 10:55:37 hal9000 kernel: [802610ba] _spin_lock_bh+0x9/0x14 Jan 8 10:55:37 hal9000 kernel: [8022fb95] release_sock+0x13/0xaa Jan 8 10:55:37 hal9000 kernel: [803d18bb] inet_accept+0xab/0xb7 Jan 8 10:55:37 hal9000 kernel: [8039837d] sys_accept+0x1b8/0x1ea Jan 8 10:55:37 hal9000 kernel: [80220b9b] __up_read+0x13/0x8a Jan 8 10:55:37 hal9000 kernel: [8025ab97] sysret_signal+0x1c/0x27 Jan 8 10:55:37 hal9000 kernel: [8025ae1b] ptregscall_common+0x67/0xac Jan 8 10:55:37 hal9000 kernel: Jan 8 10:55:37 hal9000 kernel: Jan 8 10:55:37 hal9000 kernel: Code: 49 8b 18 eb 2a 49 8d 78 e8 45 8b 68 e8 4c 89 f9 8b 55 d0 8b Jan 8 10:55:37 hal9000 kernel: RSP 810011515cc8 Jan 8 10:55:37 hal9000 kernel: 1Fixing recursive fault but reboot is needed! --- additional notes: 1. other vserver instances can be stopped successfully. 2. with the kernel 2.6.17.13-vs2.0.2.1 this failure does not appear. Regards -- Oliver Paulus ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 Linux-Vserver ( gotcha ).
Roderick A. Anderson wrote:
Daniel Hokka Zakrisson wrote:
Roderick A. Anderson wrote:
I found another slight gotcha in the install process.
I think the following is the fix.
After:
A. Installing the vserver utilities system from rpm
Need to run the command:
service vprocunhide start
And in the future (util-vserver 0.30.213+),
service util-vserver start
Daniel is there a discussion for util-vserver going on? IRC or another
mailing list? The ease of set-up and use of Linux-Vservers is my main
interest so I would like to follow along and know what is planned and
happening.
As Herbert said, IRC is always a good place to reach me, and where most of
the discussions happen.
I think I saw a thread that indicated you were actually or kind-of
taking on development of util-vserver.
Yeah, I've been doing most of the work recently, with help from Enrico and
Benedikt.
would be a good idea. The easier, non-version specific way would be to
just reboot again after installing the utils, but that's not at all as
pretty.
This idea did cross my mind but since I had just rebooted to get the new
kernel running it went against the grain for me.
Yeah, that's what I meant by the pretty comment.
Could the command
yum install util-vserver{,-core,-lib,-sysv,-build}
be run before rebooting the system? Then the new kernel would be
started along with the rest of the utilities with a single reboot.
Not sure if the util-vserver{,-core,-lib,-sysv,-build} need to have a
running vserver kernel to do the right stuff.
The only thing I can think of/remember is that you'd have to set the
barrier manually post-reboot with something like setattr --barrier
/vservers /vservers/.pkg. This is what I normally do, since I really hate
rebooting (my systems take way too long to reboot).
Rod
--
Daniel Hokka Zakrisson
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC5 Linux-Vserver ( gotcha ).
Roderick A. Anderson wrote: I found another slight gotcha in the install process. I think the following is the fix. After: A. Installing the vserver utilities system from rpm Need to run the command: service vprocunhide start And in the future (util-vserver 0.30.213+), service util-vserver start would be a good idea. The easier, non-version specific way would be to just reboot again after installing the utils, but that's not at all as pretty. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Roderick A. Anderson wrote: I'm migrating a FC5 system to a Linux-Vserver and found while following the directions that the latest non-vserver kernel is newer than one in your repository. Yeah. I was hoping FC5 would get a 2.6.19 kernel based RSN, but it seems that's not happening (at least not right now), so I'll probably release a new one soon. FC6 should get a 2.6.19 update within a week or so, so that will not be upgraded just yet. My suggestion is to change the instructions to exclude the kernel(s) and yum and add the dhozac.repo before doing a yum -y update after the initial install. I always thought that seemed like the right thing to do, but I was a bit too lazy to update the howto (and now it's frozen until it's migrated ;-)). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
Roderick A. Anderson wrote: I keep loosing track of who does/has done what. Another point to to clarify is if there is still the issue with the pam modules. Section 5, third bullet. On FC6? I haven't verified it there, but (on FC5) the module will log an error every time it's used. I guess removing modules that will not work is a good idea anyway, to keep down the overhead. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] /sbin/vserver: line 686 685 Error
[EMAIL PROTECTED] wrote: My host is Sarge-3.1 (updated upgraded) My guest is same.(10 of them..aka: care, care2, care3.care10) How can I fix this issue ...? Installing findutils should do it. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
jean-marc pouchoulon wrote: Oh? /etc/vservers/.defaults/apps/vshelper/sync-timeout works as expected here, how did you set it and what did you set it to? Ok sync-timeout works as expected. ( put it at 120s value and it wait after killall 2 mn - I think that timeout was before killall ) I assume you mean the killall script from the guest? The 2 minutes is from the beginning of the stop process until all left-over processes will be forcibly killed by the stop script. In addition, the killall script in Fedora/RHEL/CentOS doesn't actually kill all processes, it just stops all services that still have their /var/lock/subsys files around. Did you plan to make a quickstart for vserver fedora core 6 in the near future ? The formers were great and usefull ... The instructions from FC5 should basically apply, but I suppose migrating the howto to the new wiki and updating it to cover FC6 would be a good idea. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting /proc/sys/kernel/shmmax on the guest
Herbert Poetzl wrote:
On Tue, Jan 02, 2007 at 03:47:35AM +0100, Daniel Hokka Zakrisson wrote:
Herbert Poetzl wrote:
On Mon, Jan 01, 2007 at 02:05:30PM +0100, william Famy wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To begin with Happy new year to every vserver guy.
and a happy new year to you too ...
I have to extand the shmmax for my guest but I do not manage to do it.
cat /proc/sys/kernel/shmmax
134217728
I have tried the /etc/vserver/host/rlimits
I have tried to add bcapability
but I do not manage to go ahead with it.
I've run under 2.6.19.1 with the last devel vserver patch under
debian etch as host.
Could somebody tell me how to modify the guest config to execute
echo 134217728 /proc/sys/kernel/shmmax for my guest.
as 2.6.19.x incorporates the mainline namespace
stuff, you have to set those values from one of
the early guest startup script (e.g. prepre-start)
while you still have 'enough' capabilities ...
I assume this requires the IPC namespace to be created?
That doesn't happen until the context is created, so none of
the scripts would work for this particular problem.
hmm, isn't the context supposed to exist in
the post-start script? if not, please could
you once and for all clarify which script is
started when and in what context(s)?
The context will exist in the post-start scripts, but they won't be run
inside the context, and the context will already have lost the extra
capabilities.
Having a non-executable one that does something like
VSERVER_EXTRA_CMDS=( $_CHAINECHO /proc/sys/kernel/shmmax 134217728 )
is probably the only way to make it happen (with current tools).
okay, any plans to allow for such support?
also using the sysctl interface instead of the
deprecated procfs one (which might as well be
hidden away :) is advised ...
maybe special tool support will be added soon,
so please double check with the tool maintainers
I guess some nicer way to support it would be required,
especially as more of these settings become available.
what do you have in mind ... please share
your thoughts, as I think those settings _might_
become essential for certain setups ...
I guess something like /etc/vservers/guest/sysctl/id/{setting,value}
shouldn't be a problem, should it?
TIA,
Herbert
HTH,
Herbert
Thanks for any help.
--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting time out on vserver stop
jean-marc pouchoulon wrote: Hi I have(It seems ... I am not sure I have understood all) a slow ldap service to stop ( on FC6 ). That service exceed the time limit on vserver stop command and killall is launched = desorderely shutdown for the ldap. Where can I increase time out on a vserver stop to wait for normally terminated process ? (sync-timeout seems to be ignored.) Oh? /etc/vservers/.defaults/apps/vshelper/sync-timeout works as expected here, how did you set it and what did you set it to? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] setting /proc/sys/kernel/shmmax on the guest
Herbert Poetzl wrote: On Mon, Jan 01, 2007 at 02:05:30PM +0100, william Famy wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To begin with Happy new year to every vserver guy. and a happy new year to you too ... I have to extand the shmmax for my guest but I do not manage to do it. cat /proc/sys/kernel/shmmax 134217728 I have tried the /etc/vserver/host/rlimits I have tried to add bcapability but I do not manage to go ahead with it. I've run under 2.6.19.1 with the last devel vserver patch under debian etch as host. Could somebody tell me how to modify the guest config to execute echo 134217728 /proc/sys/kernel/shmmax for my guest. as 2.6.19.x incorporates the mainline namespace stuff, you have to set those values from one of the early guest startup script (e.g. prepre-start) while you still have 'enough' capabilities ... I assume this requires the IPC namespace to be created? That doesn't happen until the context is created, so none of the scripts would work for this particular problem. Having a non-executable one that does something like VSERVER_EXTRA_CMDS=( $_CHAINECHO /proc/sys/kernel/shmmax 134217728 ) is probably the only way to make it happen (with current tools). also using the sysctl interface instead of the deprecated procfs one (which might as well be hidden away :) is advised ... maybe special tool support will be added soon, so please double check with the tool maintainers I guess some nicer way to support it would be required, especially as more of these settings become available. HTH, Herbert Thanks for any help. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] compil error on 2.6.19.1
[EMAIL PROTECTED] wrote: Hi all A compil problem on 2.6.19.1 with patch-2.6.19.1-vs2.1.1.6.diff I got this error : LD .tmp_vmlinux1 fs/built-in.o(.text+0x423f): In function `chrdev_open': : undefined reference to `vs_map_device' fs/built-in.o(.text+0x22446): In function `bd_acquire': : undefined reference to `vs_map_device' make: *** [.tmp_vmlinux1] Erreur 1 I think the device mapping patches were included a bit prematurely (I don't think they're supposed to be there), but to get rid of the errors you could enable CONFIG_VSERVER_DEVICE (though I had problems booting without some further fixes, http://people.linux-vserver.org/~dhozac/p/k/delta-dmap-feat04.4.diff). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Vserver doesn't start automatically
Alejandro Cabrera Obed wrote: Dear all, I have a vserver on a Debian Etch box with the corresponding packages versions to this distribution, which has the /etc/vservers/virtual1/apps/init/mark file with the 'default' value in order to start automatically on booting. In the past it starts automatically OK, but today it doesn't (yesterday there was a power shutdown and the Debian box was down). I get this messages on the boot process: starting vservers of type 'default'/usr/lib/util-vserver/vserver.functions: line 696: popd: /tmp/vserver-init.us3839: no such file or directory Failed to start vserver 'virtual1' make ** [.proxy.stamp] Error 1 make target 'all' not remake because of errors ERROR Can you help me to correct this problem ??? What util-vserver version is that? It's supposed to be fixed in 0.30.211-6+. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] [Release] util-vserver 0.30.212
Bert De Vuyst wrote: Thanks! One question: is it possible to change the version number in the next release to 1.0? Util-vserver is now a production release, it's not longer a beta. The version numbering should reflect this. Actually, I think it's labeled alpha :-) There are still certain aspects which are alpha/beta. For instance, I have no intention of supporting the schedule file in 0.30.213+, as 0.30.212+ supports a (IMHO) vastly superior one-file-per-value structure for it. Another aspect is libvserver. I break ABI/API with almost every release, so that would basically require adding yet another backwards compatibility layer, or upping the soname for every release. The latter would be even worse than what we have today, as right now, old apps _might_ still work. One might suggest to use a similar numbering as used by the kernel patches. Util-vserver 2.0 for the linux-vserver 2.0 (and util-vserver 2.2 for linux-vserver 2.2) Except the utils work for all those kernels, and then some. I'd prefer to keep that, rather than having lots and lots of branches. Best regards, Bert. I think we will have to release 1.0 at some point. But then I think it should support the stability requirements that are to be expected, such as stable configuration, ABI and API. While I think it shouldn't be too hard to do that in most cases, there will no doubt be cases where breaking at least one is required in order to move us forward. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Bug again on 2.6.19
[EMAIL PROTECTED] wrote: Hello all I try util-vservers-0.30.212-rc5 with patch-vs-2.1.1.4.diff on kernel 2.6.19 : And a few minutes later after starting vservers, i loose their context and got this message in syslog : Lose their context? What does that mean exactly? Dec 9 11:15:34 srvweb kernel: BUG: warning at kernel/vserver/proc.c:398/proc_vx_info_read() Dec 9 11:15:34 srvweb kernel: [dump_trace+107/417] dump_trace+0x6b/0x1a1 Dec 9 11:15:34 srvweb kernel: [show_trace_log_lvl+23/43] show_trace_log_lvl+0x17/0x2b Dec 9 11:15:34 srvweb kernel: [__func__.0+3843/287512] 0xc0326c7b Dec 9 11:15:34 srvweb kernel: DWARF2 unwinder stuck at 0xc0326c7b Dec 9 11:15:34 srvweb kernel: Dec 9 11:15:34 srvweb kernel: Leftover inexact backtrace: Dec 9 11:15:34 srvweb kernel: Dec 9 11:15:34 srvweb kernel: [show_trace+15/17] show_trace+0xf/0x11 Dec 9 11:15:34 srvweb kernel: [dump_stack+19/21] dump_stack+0x13/0x15 Dec 9 11:15:34 srvweb kernel: [proc_vx_info_read+90/222] proc_vx_info_read+0x5a/0xde Dec 9 11:15:34 srvweb kernel: [vfs_read+138/308] vfs_read+0x8a/0x134 Dec 9 11:15:34 srvweb kernel: [sys_read+65/103] sys_read+0x41/0x67 Dec 9 11:15:34 srvweb kernel: [sysenter_past_esp+86/121] sysenter_past_esp+0x56/0x79 Dec 9 11:15:34 srvweb kernel: [__xfrm_state_bump_genids+83/339] __xfrm_state_bump_genids+0x53/0x153 Dec 9 11:15:34 srvweb kernel: === This is probably a race in the proc-code that we haven't been able to track down yet, but if you have a sure-fire way to reproduce it, that would help a lot. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [Release] util-vserver 0.30.212
Hello everybody! util-vserver 0.30.212 is an early christmas present to you all, with a couple of new features and a few fixes. Get it now, from http://ftp.linux-vserver.org/pub/utils/util-vserver/ In the new features department, there are things like: - IPv6 support if using Bruno Prémont's IPv6 patch. - IP addresses can be added on the fly (if the context had more than one address before), with naddress --nid guest --add --ip address - namespace cleanup was improved to such a degree that I thought it was safe to enable by default (can be disabled again by touch /etc/vservers/.defaults/nonamespace-cleanup). - wrapper scripts for Gentoo have been added (vemerge, vesync, vupdateworld and vdispatch-conf), thanks to Benedikt Böhm. - the gentoo initstyle has been reimplemented by Benedikt Böhm. - support for the Linux-VServer 2.1+ APIs has been implemented. This means the new scheduler can now be configured using the utils, with a completely new configuration format (see /etc/vservers/vserver-name/sched on the great flower page[1]), among other things. - support for 2.6.19 kernels has also been added. - an rsync build method has been added, which can be used to facilitate simple cloning, both from other hosts and locally. From the fixes department, we got things like: - vserver guest start --rescue /bin/bash now works as expected - vyum working on FC6. - vlogin can now be disabled, by touch /etc/vservers/.defaults/apps/vlogin/disable - all unconfigured ulimits are reset to the maximum value, so the limits from the host are no longer inherited. - building Fedora guests on non-Fedora system should work again. For the complete list of changes, see the ChangeLog inside the tarball. [1] http://www.nongnu.org/util-vserver/doc/conf/configuration.html -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo update-world script
On 12/7/06, John Alberts [EMAIL PROTECTED] wrote: Did you try doing what the output suggests? It says to run 'emaint --check world' Yes, emaint (below) tells me I'm missing packages I installed with emerge. I'll start a fresh build and see if it works with that. # emaint --check world Checking world for problems 'sys-devel/distcc' is not installed 'dev-lang/nasm' is not installed 'dev-libs/lzo' is not installed Finished blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo update-world script
On 12/8/06, Benedikt Böhm [EMAIL PROTECTED] wrote: ...snipped for brevity... looks like you have the wrong profile... can you paste the output of emerge --info from inside the guest? Portage 2.0.54 (default-linux/x86/vserver, gcc-3.4.6, glibc-2.3.5-r2, 2.6.15-vs2.0.1-gentoo-r5 i686) = System uname: 2.6.15-vs2.0.1-gentoo-r5 i686 Celeron (Coppermine) Gentoo Base System version 1.6.14 distcc 2.18.3 i486-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: [Not Present] dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox:1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS=x86 AUTOCLEAN=yes CBUILD=i686-pc-linux-gnu CFLAGS=-O2 -march=i686 -mtune=i686 -funroll-loops -pipe CHOST=i686-pc-linux-gnu CONFIG_PROTECT=/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/share/config CONFIG_PROTECT_MASK=/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d CXXFLAGS=-O2 -march=i686 -mtune=i686 -funroll-loops -pipe DISTDIR=/usr/portage/distfiles FEATURES=autoconfig buildpkg ccache distcc distlocks sandbox sfperms strict GENTOO_MIRRORS=http://192.168.1.101/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo MAKEOPTS=-j3 PKGDIR=/usr/portage/packages PORTAGE_TMPDIR=/var/tmp PORTDIR=/usr/portage SYNC=rsync://192.168.1.101/gentoo-portage USE=x86 alsa berkdb bitmap-fonts bzip2 cli cracklib crypt dlloader dri expat fortran gdbm gpm iconv ipv6 isdnlog ncurses nls pam pcre perl pppd python readline reflection session slang spl ssl tcpd truetype-fonts type1-fonts udev usb xorg zlib video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo input_devices_keyboard input_devices_mouse input_devices_evdev userland_GNU kernel_linux elibc_glibc alsa_cards_intel8x0 alsa_cards_usb-audio Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] testme.sh chcontext and chbind failed
Sheldon Knight wrote: I have just built and successfully run a Redhat Linux 2.6.18.3 vserver vs2.1.1.2 patched kernel and installed util-vserver-0.30.210 tools. When I ran testme.sh I go the following output. What have I missed? More specifically, how on earth did you manage to get this? I.e. what commands did you use? Also, why did you go with an old version of the tools? Use dietlibc: no (you have been warned) You really should install dietlibc and use that. Available APIs: legacy,compat,v11,fscompat,v13obs,v13,net,oldproc,olduts How did you manage to build the legacy API? I haven't been able to build that for a while. build/host: x86_64-unknown-linux-gnu/x86_64-unknown-linux-gnu ... syscall(2) invocation: traditional vserver(2) syscall#: 273/glibc Well, this is wrong. First of all, you probably should use the alternative or at least fast syscall invocation. Secondly, the syscall number is 236 on x86_64. How you got these values is beyond me, only thing I can think of is something like a mix of x86 and x86_64. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kernel bug
Andreas Baetz wrote: On Tuesday 28 November 2006 15:54, Herbert Poetzl wrote: On Tue, Nov 28, 2006 at 08:11:35AM +0100, Andreas Baetz wrote: On Sunday 26 November 2006 23:22, Herbert Poetzl wrote: On Fri, Nov 24, 2006 at 08:11:39AM +0100, Andreas Baetz wrote: On Thursday 23 November 2006 18:49, Herbert Poetzl wrote: On Thu, Nov 23, 2006 at 02:43:13AM +0100, Herbert Poetzl wrote: thanks, should be fixed in the next release vs2.0.2.2-rc8 is out ... I tried vs2.0.2.2-rc8 with 2.6.18.3, the vserver starts ok, no errors, but when I stopped it, the whole system freezed. Right after Deconfiguring network interfaces...done. okay, maybe you get around, the stack trace of all processes would probably tell us more ... I wrote down some of the trace output by hand: hmm, the numbers of those dumps would be interesting, especially if you have an unstripped kernel (vmlinux) available, so we can figure _where_ this happens so a serial console or some other means of recording them would be very helpful, if not available, try with a photo camera ... I did some more tests: At console 1: host:~# vserver deb4 enter deb4:/# .. Then I stopped all services in deb4 .. deb4:/# ps ax PID TTY STAT TIME COMMAND 1 ?Ss 0:00 init [2] 4999 ?S+ 0:00 login 5023 pts/0Ss 0:00 /bin/bash -login 5043 pts/0R+ 0:00 ps ax At console 2: host:~# vps ax|grep 8004 4999 8004 deb4 tty3 S+ 0:00 login 5023 8004 deb4 pts/0Ss+0:00 /bin/bash -login 5049 0 MAIN tty2 S+ 0:00 grep 8004 At console 1: deb4:/# hit CTRL-D EIP: [e2fd8894] 0xe2fd8894 SS:ESP 0068:e4711f20 1Fixing recursive fault but reboot is needed! host kernel: Oops: 0002 [#1] host kernel: PREEMPT host kernel: CPU:0 host kernel: EIP is at 0xe2fd8894 host kernel: eax: e2fd ebx: e2fd8930 ecx: 0001 edx: 0001 host kernel: esi: edi: e2fd8890 ebp: e4711f48 esp: e4711f20 host kernel: ds: 007b es: 007b ss: 0068 host kernel: Process vcontext (pid: 4638[#8004], ti=e471 task=e4334ab0 task.ti=e471) host kernel: Stack: c01195e3 e2fd 0001 0001 0001 host kernel: 0001 0286 e4711f6c c011b1af 0001 e2fd8890 host kernel: e4711f9c e4334ab0 0010 c17efa90 c01224b9 c011ac30 host kernel: Call Trace: host kernel: Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 88 fd e2 30 89 fd e2 02 00 00 00 00 00 00 00 2f 65 74 63 2f 76 73 65 72 host kernel: EIP: [e2fd8894] 0xe2fd8894 SS:ESP 0068:e4711f20 some more info: I copied the / of a working vserver and used it as / of deb4. vserver deb4 stop now works. It seems that something inside the / of the old deb4 is causing the system to crash when no more processes are running with that xid. So if a user of a certain vserver manages to create that condition in a vserver, then ending all processes in that vserver, the user could manage to crash the host. And what condition is that, exactly? Without a complete trace or at least a way to reproduce this, it's going to be pretty much impossible to fix it. Would it be possible for you to tar up the whole guest and upload it somewhere? Or setup a serial console so catch the previous Oops (which would hopefully have a usable stack trace)? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Just for info about 2.6.19
[EMAIL PROTECTED] wrote: Hello I try new release today (patch-2.6.19-vs2.1.x-t1.diff) but it doesn't work properly : boot ok, starting vserver ok but it doesn't switch context i think. I try to explain : my master is : srvweb So i try : srvweb:/#vserver vweb1 start srvweb:/#vserver vweb2 start srvweb:/#vserver vweb3 start All seems to work fine but suddenly the prompt is changing : vweb3:/# whereas i didn't enter into vserver !!! The context-ID are OK in /usr/local/var/run/vservers/vwebX.ctx but i can't never get out from vweb3 !!! i've seen on the tty1 a message : get_ctx_id() and the prompt was changing alone whereas i wasn't loggued on this tty. Then i enter into vserver vweb3 and i try to leave it with CTRL-D : it stays in vweb3 in the home directory of user with which i connect to the master ! I can never come back to the master I think it's a very little bug for you :-) Thanks again for your great job. Patrick You _are_ using at least util-vserver 0.30.212-rc1, right? That's when the initial 2.6.19 support was added, and (from what I hear) it works for most things, but some are broken (e.g. chcontext not creating a new UTS namespace). -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Network local to vserver host and guests?
Roderick A. Anderson wrote: Christian Affolter wrote: Hi! I build and use vservers where the guests need to cooperate with each other. That is, a system with with guests running Postfix, PostgreSQL, or Apache ( multiple guests as they are mod_perl driven ) and they all need to communicate with each other. So I want to build a Virtual LAN ( different from my take on a VLAN ) with virtual NICs. Basically the traffic never hits the physical LAN/WAN. That make sense? IS it possible? If so what what should I be looking for in my research? Yes it is possible, with the dummy net interface. You'll have to enable the dummy net driver support (CONFIG_DUMMY=y) in your kernel. Thanks Chris. Is there a way test for this? I could ask Daniel if it got set in the Fedora Core 5 RPMs he built but that would be _really_ lazy. :-) ifconfig dummy0 IP address... But yes, it is enabled in Fedora's kernels. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: AW: [Vserver] kernel-2.6.17.13
Roman Pretory wrote: RP ist a horror RP .)modules for iptables have canged RP have to search after use oldconfig What is the old version you compared it against? old Kernel = 2.6.12.3 = old .config Of course, things change, that is to be expected. Netfilter got a rewrite a couple of versions ago (2.6.16, I think). RP .)Nic's are turned very funny for remote work What do you mean by that, what was expected and what did you get? 2 nic's in each server Production1: 2x 3 Com90xx == not testet Production2: Intel / Realtech == error Testsystem: 2x 3 Com90xx == error after reboot with the new kernel eth0 = eth1 eth1 = eth0 You shouldn't rely on the kernel's naming. If you need eth0 to refer to a specific interface, you'll have to tell your distribution's network scripts to rename the interface with that hardware address. RP .)Mailserver can't send mails with the new kernel Again - what do you mean by that, what was expected and what did you get? A bit on information is necessary - a bit more always welcom. You should know that from your first request session mailserver fc3 trys to send mails and can't take wron ip ,can't find host... in bash all ok dns give correct answers =look for log =reboot sendmail =reboot guest =reboot node =reboot node with 2.6.12.3 == mail are send! =reboot node with 2.6.17 == error again =reboot node with 2.6.12.3 == mail are send! And why can't you send mail with 2.6.17? What does take wrong IP mean? -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver bug on kernel 2.6.18.3
[EMAIL PROTECTED] wrote: Hello, I compiled kernel 2.6.18.3 with patch-2.6.18.3-vs2.1.1.1.diff on debian-3.1-sarge-backports Compil ok, starting ok but when i launch vserver vweb1 start, i got the following errors which seems to be the same as Andreas Baetz. I've read Herbert should fix it in the next release . It was just to show the bug is probably in the patch-2.6.18.3-vs2.1.1.1.diff , too. It's fixed in 2.1.1.2. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] FC: cru again access denied, FC6 progress?
Guenther Fuchs wrote:
Hi there,
cru's FC repositories again show access denied (we had that before
unfortunately) - isn't there a possibility, either Daniel or me could
arrang a irror?
While a mirror would be a good idea, it seems to work fine now.
Relating FC6: Daniel, I've seen you've started working on this, any
schedule available on the progess / any estimated release for the
community to expect soon or later?
Well, the kernel should be working already, and util-vserver is
available from Extras (although a few things are broken in 0.30.211, but
that should be fixed with 0.30.212). Or do you mean the
vps-{dev,fakekernel,fakepackages} packages? Last I tried, the ones from
FC5 actually worked fine for FC6 as well, and they seem to work fine still.
--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] hostname -va
Daniel Haensse wrote: Dear list, I have a problem with hostname -va inside of vserver. Any hints? best regards Dani vserver1.foobar.com ... 192.168.5.101 virtual1.foobar.com virtual1 vserver1 != virtual1 ;) -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
