Hi, I'm not an OpenVZ developer or heavy user, so my observations may be irrelevant.
On 06.07.2010 17:33, Brian Moon wrote: > We have three physical boxes that use OpenVZ. One is the server that > is home to our developers' environment. Each developer has his own > container. We have the occasional container stop responding due to too > many resources used, but the entire server is fine. > The other two installs we have are in production. They are sort of > miscellaneous installation boxes. > On no regular schedule, the two production servers will hang. Do the production servers hang, or is the hang restricted to all containers? > And it is a weird hang. They still respond to ping. And TCP > connnections answer (connect) but don't respond. There is nothing in > syslog on the host server or any containers. There is nothing on the > console. I know that problem from hanging harddisks, and from various security incidents where I was called in to investigate. Things I'd do to investigate further: Set up a host which runs tcpdump and some web server. I'll call that host diaghost. Open a screen session (GNU screen, a textmode utility) on one of the production servers (not in a VE), and run the following commands, each in its own screen: ping diaghost while true; do curl -s http://diaghost/ -o /dev/null; sleep 1; done Monitor the network interface of diaghost with tcpdump (you only need ICMP), and monitor the web server logs as well. If your production server starts to hang, does it still send pings and HTTP requests to diaghost? Check the hard disk light as well (make sure it works for all disks). Is the hard disk light on while the server hangs, or is it off? > # uname -a > Linux atl-vz1 2.6.18-028stab056 #1 SMP Tue Jun 30 07:50:32 EDT 2009 > x86_64 Intel(R) Xeon(R) CPU E5420 @ 2.50GHz GenuineIntel GNU/Linux That kernel is pretty old. It is possible that the hangs are caused by some missing security update which may allow an attacker to successfully enter your production servers. Regards, Carl-Daniel -- http://www.hailfinger.org/ _______________________________________________ Users mailing list Users@openvz.org https://openvz.org/mailman/listinfo/users
