Herbert,
Which Linux Host OS would you reccomend for a new users,
as the easiest setup for a vserver configuration?
I am not trying to start a religious war, just help out new users.
--Luke
___
Vserver mailing list
Vserver@list.linux-vserver.org
Herbert Poetzl said:
well, I'd say you added the S_CONTEXT=100 after you
encountered the first issues ... but you can check
with the lsxid tool doing
lsxid /vservers/web1/etc/init.d/rc
lsxid /vservers/web1/bin/bash
and you can probably fix it by doing:
mv
Herbert Poetzl said:
They appear production stable.
what about the 'known' grsec-vserver incompatibilities?
I have not encountered any bugs that have caused my vservers to crash, or
had a security exploit, or data corruption...
I was not aware their were any major bugs.
Grsec has prevented
I cannot find any documentation for cq-tools, other then a few command line
examples here:
http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits
Is their additional documentation on this tool?
--
Luke Computer Science System Administrator
Security Administrator,College
Nicolas Costes said:
Second thing: This forces me to install a Debian vserver... Well, I was
planning to try Debian, but not this soon ;-) !!! I'd like to keep up
use debian as your vserver host, it's much easier to manager vservers on a
debian box.
I've used redhat/mandrake as vserver host,
Running the 29 version of vserver.
When I enable quota's, i am unable to start a vserver.
The steps I follow are:
#enabled config option in kernel.
CONFIG_INOXID_GID24=y
#installed kernel..
#created ext3 file system
mkfs -t ext3 /dev/sda1
#mounted system with options.
mount -t ext3 -o tagctx
Herbert Poetzl said:
so using the ListenAddress directive for sshd (in the config)
is the usually preferred way of doing it (on the host)
or run ssh on another port on the master, if they master is using a dhcp
assigned address.
--
Luke Computer Science System Administrator
Security
Stephen Frost said:
As I mentioned in the other thread- please don't. It doesn't make sense
and it's really not a sane thing to do for Debian.
It just makes it more complex, with no real benefit.
I would reccomend keeping it the same 2 packages.
--
Luke Computer Science System Administrator
Robert Cope said:
What I've got is a vserver that needs to mount a few NFS shares. The
vserver has two IP addresses, a public and a private, on two network
interfaces. The NFS shares are mounted over the private network. The
problem is that the NFS server is getting the wrong IP sent to it
Bert De Vuyst said:
It's fixed in debian sarge (3.1).
(S18portmap)
I'm not sure they will change it in debian woody.
Bert.
my guess is no, as it's a functional change, not a security fix.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana
I am trying to create new haresource script to cover vserver.
Does anyone have a haresource script for vserver, they would like to share?
And could not find more information on doing this.
high availability wiki:
http://linuxha.trick.ca
high availability homepage:
http://www.linux-ha.org/
Thanks, this is exactly what I am looking for.
I will try and translate it to english.
I understand all the configuration files, so it is useful.
Do you have more then one vserver active on the same host server at a time?
Alberto Cammozzo said:
If reading a few lines in italian does not
I am trying to create new haresource script to cover vserver.
Does anyone have a haresource script for vserver, they would like to share?
high availability wiki:
http://linuxha.trick.ca
high availability homepage:
http://www.linux-ha.org/
google:
mailing list archive:
Robert Cope said:
Jon Bendtsen wrote:
have you considered using greylisting?
Greylisting really does work well. I implemented it on my antispam smtp
servers and its effect was amazing.
Enable surbl in spamassassin.
My (Vserver) external mail server does this, and it will grab a lot of
spam
Is the correct method to use when creating a new vserver using
util-vserver on debian, (per mailing list.)
I am switching my debian servers from vserver to util-vserver as per
debian maintainer's remarks.
I worked with the following and had much success:
vserver NAME build --help (you don't
Are their any comparisons between vserver and user mode linux?
It would appear they both do something very similar.
http://list.linux-vserver.org/archive/vserver/msg03122.html
This seems to indicate vserver is much faster than user mode linux.
Any suggestions on the advantages of one system
Lucas Albers wrote:
Is their any documentation on converting a production server to run as a
vserver?
Any reason why it would not be mounting proc when I start the imported
vserver?
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State
[snip problems using drbd with rebootmgr, as it has a file handle open.]
Is vshelper a stable utility?
Is it supported on debian?
I can't seem to find any deb packages for it.
Herbert Poetzl said:
there is an alternative to the rebootmgr, it's
called vshelper, and it should not have this
Lucas Albers said:
The easiest thing to do, is subscribers only post, like you mentioned.
and enable in spamassassin:
surbl+razor+dcc+pyzor, and then
set the spam reject threshold to 4.0.
As nothing any of us post should post higher then a 3.0.
Closed lists appear to be a reasonable choice
Result:
Changing vserver name after creation, keeps hostname in vserver the same.
Repro:
Create vserver, set ip address to 192.168.1.1.
Then change ip address in /etc/vservers/servername.conf.
When starting apache on the vserver it uses the original ip address listed
in:
/etc/vservers/hosts.
Dariush Pietrzak said:
Hmm, there is another issue here - if you already use app like HP Open
View to do your other management, then putting it in control of vservers
might be the wisest choice.
--
What would be some useful cluster commands?
What are some common vserver operations?
Move
It appears the grsecurity project, is ending.
The developer was not getting the support he required to continue the
project.
If anyone else use grsecurity with vserver, perhaps you could offer him
some support to keep working on it.
Dariush Pietrzak said:
So... noone wants to maintain vserver+grsec... and now noone wants to
maintain grsec itself?
Well he's borrowing money to buy food.
So he can't support himself and spend all his time doing grsecurity. One
of his sponsors failed to pay him, so he's stuck.
The current
I have been busy rsyncing vservers from machine to machine to handle
failed disks in a raid volume.
When you rsync systems, do you usually exclude proc?
Can anyone post a sample of what options they use when rsyncing vservers
from system to system.
I currently use these rsync options: azP
I do
Gebhardt Thomas said:
We are running this type of setup here but don't yet have any experience
with real hardware failures but only with test situations.
Yes, you are right: heartbeat doesn't need to manage the ip takeover,
vserver does. We emit an unsolitcited arp reply in the vserver
Would it make any difference to the benchmark what the native file system
on the base system is?
It mounts the vserver as a virtual ext3 filesystem.
Would it make any difference whether the native file system was ext3 or
reiser?
--
Luke Computer Science System Administrator
Security
The command:
vserver service
on debian is non-functional, correct?
As debian has no equivalent service commmand, this is just a carryover
from redhat.
This is as part of the vserver package.
vserver [ options ] server-name command ...
server-name is a directory in /var/lib/vservers
The
Dude,
read the documentation, you are asking rtm questions.
Gilbert said:
Just curious if anyone would know what this happens to mean:
[EMAIL PROTECTED] vservers]# vserver test start
Starting the virtual server test
Server test is not running
ipv4root is now 69.64.37.50
New security
I have been using this patch combination on my dual-proc p4 system.
It has been surprising stable, even with all my attempts to crash it with
ltp.
Even when running computational jobs, and ltp-kernel tests it has been
uber stable.
I have only been using for a week of hardcore stress testing.
Is
Dariush Pietrzak said:
Is it possible to get these 3 patches working together:
ctx+grsecurity+vserver.
ctx IS vserver? you mean ctx quota+grsec+vserver?
Possible.
Yes, the ctx quota patch.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana
Is it possible to get these 3 patches working together:
ctx+grsecurity+vserver.
I need grsecurity to protect against numerous and repeated shell cracking
atttempts from my students on the login server.
I need the ctx patch to force disk quota's on the server's they use..
Is their any problem
I got an error applying the grsec patch, appears to be trying to delete a
non-existent file on my system.
(link listed below.)
Other then that error, it applied clean.
**
The next patch would delete the file arch/x86_64/ia32/ptrace32.c.orig,
which does not exist! Assume -R? [n]
Apply
I've runt the ltp test project on my servers before production deployment
to test them out.
Debian has the ltp and ltp-kernel-test packages for installing this.
I just setup a quad xeon and let it run 5 days of memory/cpu/process
stress testing, and it passed.
Last summer I had a system that had
Herbert Poetzl said:
201 is known to fail with stable branch and legacy tools
(vserver-0.XX) it works with experimental, and util-vserver
tools (0.29.3 for example)
I read through the archives and could not find any more information
about
this particular error.
that is the reason, why I
Which item is this protecting against?
Herbert Poetzl said:
Hi everyone!
yesterday we spent a few hours to find out the
(for reiserfs users?) obvious about reiserfs and
attributes like immutable or iunlink ...
reiserfs (as in 2.4.25) requires an additional
mount option called 'attrs' to
Are their any updated directions on using
HA+drbd+vserver for high availiablity vserver clustering?
I'm looking for some setup directions on how to use all these items
together for HA vserver clustering.
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
I recently wrote a document on using the mdadm tools on linux for debian
systems.
imo Mdadm is much easier then raidtools or raidtools to use for software
raid.
It include directions on configure a system to switch the root parttion to
software raid, and confgiguring software raid.
While this is
When trying to stop a vserver instance I get the following error:
Can't set the new security context
see complete error here:
--
vserver web2 stop;
Stopping the virtual server web2
Server web2 is running
ipv4root is now 153.90.199.59
: Invalid argument
sleeping 5 seconds
Killing
Lucas Albers said:
When trying to stop a vserver instance I get the following error:
Can't set the new security context
It looks like when I run the vserver script, it does not define the
correct context:
Here is the line from my vserver script to stop or start a vserver.
isn't it supposed
I am running the sourceforge.net wolk 4.11s kernel.
I has vserver as part of the package, but I am unable to determine the
version of vserver.
Is it possible to determien the vserver version from a running system?
I did not see any user space utilities to do this.
Nor could I find anythign in
I installed the testing version of vserver for debian(!).
And I was curious to know why it had this dependency:
gcc-3.3-base
--
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana
41 matches
Mail list logo