Re: Re: Re[3]: [Vserver] [Release] Per Context Quota and Disk Limits ...
Hello Alex, I have downloaded the new freevps stuff, and I have it working fairly well. My question is this, will I need to add CAP_SYS_RESOURCE to the .conf file for the vserver, in order to make bind work? and can I do a shutdown from inside the vserver? TyroneM. From: Alex Lyashkov [EMAIL PROTECTED] Date: 2003/12/02 Tue AM 01:29:40 EST To: [EMAIL PROTECTED] Subject: Re: Re: Re[3]: [Vserver] [Release] Per Context Quota and Disk Limits ... On Tuesday 02 December 2003 00:26, [EMAIL PROTECTED] wrote: Hello Alex, Will the new freevps stuff work on redhat9, or only 7.3? It`s rpm builded at rh 7.3 box, i think it must work with RH 8, but RH 9 have many many changes in kernel/glibc.. You can try it - but I don`t test with RH 9. Next release planing move to kernel-2.4.20-20.x. or lastes at moment code frezze. -- With best regards, Alex ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] (no subject)
TEST ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: Re: Re[3]: [Vserver] [Release] Per Context Quota and Disk Limits ...
Hello Alex, Will the new freevps stuff work on redhat9, or only 7.3? From: Alex Lyashkov [EMAIL PROTECTED] Date: 2003/12/01 Mon PM 04:28:41 EST To: [EMAIL PROTECTED] Subject: Re: Re[3]: [Vserver] [Release] Per Context Quota and Disk Limits ... On Monday 01 December 2003 22:32, Alex Klymov wrote: Hello Alex, Monday, December 1, 2003, 10:22:42 AM, you wrote: AL On Monday 01 December 2003 16:41, Herbert Poetzl wrote: On Mon, Dec 01, 2003 at 09:15:33AM -0500, [EMAIL PROTECTED] wrote: Hello Herbert, I have a question to ask? what is the difference between the current vserver, and Freevps? well, FreeVPS is a late branch of vserver which was done by Alexey Lyashkov who adapted the vserver patches to the redhat kernel (around 2.4.18) ... this branch has some (experimental) features not yet in vserver (at least not in stable) like the virtualized network and routing tables, or some resource limits ... AL also with virtual root and privated disknamespace which allowed use mount AL inside vps. It`s do not need hack for dir with permisions 000 as quarantine AL zone. AL some speed optimizations as full devided sockets lists and devided netlink AL part. AL rpm with it was uploaded to web. AL next stages of development AL 1) add baundwith control to virtual devices (or 2 level packets scheduler) AL 2) add full divided routing tables and implement 2 level routing AL 3) rework memory limits for do account based on page allocations, not on AL account VM. AL 4) add context taging for skb structure AL 5) add permits for use set_rlimits inside vps without security compromise. AL 6) divide process accounting per vps Sounds interesting to try - whats the exact URL of rpm? and what's in it - just kernel binary or patch too? all. patch/src.rpm/rpms. - some utils/docs. http://www.freevps.com/download/rpms/ on site not updated news about release but rpm`s was changed. -- With best regards, Alex ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: Re: [Vserver] is there any getting started with vserver documentation anywhere?
Hello Simon, The vskel is a very good tool, nice job. I have but one question about creating the vservers, is there a way allocate disk, memory space for each vserver? I understand the ulimit to be the number of limited processes within the vserver. I ask this because, if your in webhosting customers would want to see some type of accounting for service level agreements, is this possible? From: Simon Garner [EMAIL PROTECTED] Date: 2003/11/05 Wed PM 05:04:18 EST To: [EMAIL PROTECTED] Subject: Re: [Vserver] is there any getting started with vserver documentation anywhere? On Thursday, November 06, 2003 10:28 AM NZT, Jan-Hendrik Heuing [EMAIL PROTECTED] wrote: Just to get this right: - vanilla kernel should not be used on redhat - vserver does not patch redhat kernel yet ? It looks a bit like there is no straight way using redhat9 with vserver, am I right with this conclusion ? Correct... that's assuming redhat9 uses NPTL, I'm pretty sure it does but somebody correct me if I'm wrong... Anyway, if you still know the place of the kernel sources, I'd still like to know, as I can't find them. And I guess at some point there will be patches for the redhat kernel. up2date --download kernel-source The redhat9+ kernels also use the O(1) scheduler which I think is the main sticking point for vserver, but there has been work on O(1) vserver patches... somebody else can tell you more about that. What would be the way to go ? Use debian as the host, and maybe use rh vservers ? I'd like to use redhat for some things as I know about it. Just looking into debian... At Herbert's suggestion I'm now using Mandrake 9.2 and have found it quite nice. It's a redhat-based/redhat-style distribution, so most things are quite similar to redhat (i.e. it uses rpms and the system layout is much the same). But it doesn't use NPTL or O(1), so a vanilla kernel with vserver patches works just fine on Mandrake. -Simon ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
RE: RE: [Vserver] Rpms for vserver 0.27 (got it)
Hello Guys, Here the log from /var/log/messages (let me know what you think) SSH Secure Shell 3.0.0 (Build 196) Copyright (c) 2000-2001 SSH Communications Security Corp - http://www.ssh.com/ This is a commercial version and requires a license from SSH Communications Security Corp. This program uses RSA BSAFEĀ® Crypto-C by RSA Security Inc. Last login: Mon Nov 24 09:04:36 2003 from 172.16.0.9 [EMAIL PROTECTED] root]# [EMAIL PROTECTED] root]# service named start Starting named: named: capset failed: Operation not permitted [EMAIL PROTECTED] root]# vi /var/log/messages [FAILED] Nov 24 04:33:33 redhat9 syslogd 1.4.1: restart. Nov 24 04:33:33 redhat9 syslog: syslogd startup succeeded Nov 24 04:33:33 redhat9 syslog: klogd startup succeeded Nov 24 04:33:33 redhat9 nscd: nscd startup succeeded Nov 24 04:33:35 redhat9 sshd: RSA1 key generation succeeded Nov 24 04:33:39 redhat9 sshd: RSA key generation succeeded Nov 24 04:34:01 redhat9 sshd: DSA key generation succeeded Nov 24 04:34:01 redhat9 sshd: succeeded Nov 24 04:34:02 redhat9 xinetd[13521]: pmap_set failed. service=sgi_fam program=391002 version=2 Nov 24 04:34:03 redhat9 xinetd[13521]: xinetd Version 2.3.10 started with libwrap options compiled in. Nov 24 04:34:03 redhat9 xinetd[13521]: Started working: 0 available services Nov 24 04:34:05 redhat9 xinetd: xinetd startup succeeded Nov 24 04:34:09 redhat9 httpd: httpd startup succeeded Nov 24 04:34:10 redhat9 crond: crond startup succeeded Nov 24 04:34:28 redhat9 sshd(pam_unix)[13570]: session opened for user root by (uid=0) Nov 24 04:38:30 redhat9 sshd(pam_unix)[13570]: session closed for user root Nov 24 04:38:37 redhat9 sshd(pam_unix)[13683]: session opened for user root by (uid=0) Nov 24 04:42:17 redhat9 sshd(pam_unix)[13683]: session closed for user root Nov 24 04:43:01 redhat9 sshd(pam_unix)[13729]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=172.16.0.9 user=root Nov 24 04:50:05 redhat9 sshd(pam_unix)[13732]: session opened for user root by (uid=0) Nov 24 04:58:44 redhat9 sshd(pam_unix)[13732]: session closed for user root Nov 24 04:59:00 redhat9 sshd(pam_unix)[13869]: session opened for user root by (uid=0) Nov 24 05:02:33 redhat9 httpd: httpd shutdown succeeded Nov 24 05:02:33 redhat9 sshd: sshd -TERM succeeded Nov 24 05:02:33 redhat9 xinetd[13521]: Exiting... Nov 24 05:02:33 redhat9 xinetd: xinetd shutdown succeeded Nov 24 05:02:34 redhat9 crond: crond shutdown succeeded Nov 24 05:02:34 redhat9 nscd: nscd shutdown succeeded Nov 24 05:02:34 redhat9 syslog: klogd shutdown failed Nov 24 05:02:34 redhat9 exiting on signal 15 Nov 24 05:02:52 redhat9 syslogd 1.4.1: restart. Nov 24 05:02:52 redhat9 syslog: syslogd startup succeeded Nov 24 05:02:53 redhat9 kernel: klogd 1.4.1, log source = /proc/kmsg started. Nov 24 05:02:53 redhat9 syslog: klogd startup succeeded Nov 24 05:02:53 redhat9 nscd: nscd startup succeeded Nov 24 05:02:53 redhat9 sshd: succeeded Nov 24 05:02:53 redhat9 xinetd[14192]: pmap_set failed. service=sgi_fam program=391002 version=2 Nov 24 05:02:54 redhat9 xinetd[14192]: xinetd Version 2.3.10 started with libwrap options compiled in. Nov 24 05:02:54 redhat9 xinetd[14192]: Started working: 0 available services Nov 24 05:02:56 redhat9 xinetd: xinetd startup succeeded Nov 24 05:03:00 redhat9 httpd: httpd startup succeeded Nov 24 05:03:01 redhat9 crond: crond startup succeeded Nov 24 05:03:25 redhat9 sshd(pam_unix)[14241]: session opened for user root by (uid=0) Nov 24 05:26:28 redhat9 xinetd[14192]: Exiting... Nov 24 05:26:29 redhat9 xinetd: xinetd shutdown succeeded Nov 24 05:26:29 redhat9 xinetd[15573]: pmap_set failed. service=sgi_fam program=391002 version=2 Nov 24 05:26:30 redhat9 xinetd[15573]: xinetd Version 2.3.11 started with libwrap loadavg options compiled in. Nov 24 05:26:30 redhat9 xinetd[15573]: Started working: 0 available services Nov 24 05:26:32 redhat9 xinetd: xinetd startup succeeded Nov 24 05:32:53 redhat9 syslogd 1.4.1: restart. Nov 24 05:32:54 redhat9 qmail: Starting qmail: succeeded Nov 24 05:32:58 redhat9 qmail: qmail-send shutdown succeeded Nov 24 04:33:33 redhat9 syslogd 1.4.1: restart. Nov 24 04:33:33 redhat9 syslog: syslogd startup succeeded Nov 24 04:33:33 redhat9 syslog: klogd startup succeeded Nov 24 04:33:33 redhat9 nscd: nscd startup succeeded Nov 24 04:33:35 redhat9 sshd: RSA1 key generation succeeded Nov 24 04:33:39 redhat9 sshd: RSA key generation succeeded Nov 24 04:34:01 redhat9 sshd: DSA key generation succeeded Nov 24 04:34:01 redhat9 sshd: succeeded Nov 24 04:34:02 redhat9 xinetd[13521]: pmap_set failed. service=sgi_fam program=391002 version=2 Nov 24 04:34:03 redhat9 xinetd[13521]: xinetd Version 2.3.10 started with libwrap options compiled in. Nov 24 04:34:03 redhat9 xinetd[13521]: Started working: 0 available services Nov 24 04:34:05 redhat9 xinetd: xinetd startup succeeded Nov 24 04:34:09 redhat9 httpd: httpd startup succeeded Nov 24 04:34:10 redhat9 crond: crond startup succeeded Nov 24
RE: RE: [Vserver] Rpms for vserver 0.27 (got it)
Here it is, Last login: Sun Nov 23 21:53:32 2003 [EMAIL PROTECTED] root]# ls anaconda-ks.cfg install.log install.log.syslog vps [EMAIL PROTECTED] root]# vi /etc/vservers/redhat9.conf # Description: RedHat 9 VPS Server if [ = ]; then PROFILE=prod fi case $PROFILE in prod) # Select the IP number(s) assigned to the virtual server # These IPs will be defined as IP alias # The alias will be setup on IPROOTDEV # You can specify the device if needed # IPROOT=eth0:1.2.3.4 eth1:3.4.5.6 IPROOT=172.16.0.109 # You can define on which device the IP alias will be done # The IP alias will be set when the server is started and unset # when the server is stopped # The netmask and broadcast are computed by default from IPROOTDEV #IPROOTMASK= #IPROOTBCAST= IPROOTDEV=eth0 # You can set a different host name for the vserver # If empty, the host name of the main server is used S_HOSTNAME=redhat9.icanreach.com ;; backup) IPROOT= #IPROOTMASK= #IPROOTBCAST= IPROOTDEV=eth0 S_HOSTNAME= ;; esac # Set ONBOOT to yes or no if you want to enable this # virtual server at boot time ONBOOT=yes # Control the start order of the vservers # Lower value start first PRIORITY=100 # You can set a different NIS domain for the vserver # If empty, the current on is kept # Set it to none to have no NIS domain set S_DOMAINNAME= # You can set the priority level (nice) of all process in the vserver # Even root won't be able to raise it S_NICE= # You can set various flags for the new security context # lock: Prevent the vserver from setting new security context # sched: Merge scheduler priority of all processes in the vserver #so that it acts a like a single one. # nproc: Limit the number of processes in the vserver according to ulimit #(instead of a per user limit, this becomes a per vserver limit) # private: No other process can join this security context. Even root # Do not forget the quotes around the flags S_FLAGS=lock nproc # You can set various ulimit flags and they will be inherited by the # vserver. You enter here various command line argument of ulimit # ULIMIT=-H -u 200 # The example above, combined with the nproc S_FLAGS will limit the # vserver to a maximum of 200 processes ULIMIT=-HS -u 1000 # You can set various capabilities. By default, the vserver are run # with a limited set, so you can let root run in a vserver and not # worry about it. He can\'t take over the machine. In some cases # you can to give a little more capabilities \(such as CAP_NET_RAW\) # S_CAPS=CAP_NET_RAW S_CAPS=CAP_NET_RAW CAP_SYS_ADMIN CAP_NET_ADMIN # Select an unused context (this is optional) # The default is to allocate a free context on the fly # In general you don't need to force a context #S_CONTEXT= From: Charles Dale [EMAIL PROTECTED] Date: 2003/11/25 Tue PM 08:16:37 EST To: [EMAIL PROTECTED] Subject: RE: RE: [Vserver] Rpms for vserver 0.27 (got it) [snip] Nov 24 12:00:13 redhat9 named: named: capset failed: Operation not permitted Nov 24 12:00:13 redhat9 named: named startup failed Looks to me like CAP_SYS_RESOURCE hasn't been enabled for some reason for that vserver. Please post contents of the vserver conf file. BTW, (to list in general), how do I easily find out which caps a particular context has? Chuck ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver