Home » Mailing lists » Users » openvz and SuSE
| openvz and SuSE [message #1113] |
Wed, 01 February 2006 13:25  |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
Hello @all,
I'm tried to work with XEN3 and SuSE but I've the problem with compiling
my own kernel (SMP, 64GB). So I've read the artikel about openvz and
think it's better for me because I only need linux VPS on i386 machines.
Is it possible to patch a running SuSE Box with openvz? And how to setup
a SuSE VPS on this host, are there any good HowTos for this? German is
prefered.
Thanks a lot
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1114 is a reply to message #1113] |
Wed, 01 February 2006 13:43  |
|
|
Which suse version do you have?
Specifically, we do not currently provide suse rpms, but the ones made
for redhat should be OK. Latest vzctl (an utility to control VPSs)
version that fixes initscript to work with SuSE will be released today
or tomorrow.
As for the suse VPS, there is a opensuse-10 precreated VPS template
available. Unfortunately for its networking to work it requires some
stuff from kernel (sysfs support from inside a VPS), and this is off by
default in our kernel. The situation will be fixed with the release of
068 (or later) kernel there sysfs can be turned on/off per VPS. For now,
you need to change one config setting and recompile the kernel to get
opensuse-10 template working.
Our future plans include releasing a custom kernel which is basically
SuSE kernel (all the SuSE patches and stuff) with OpenVZ functionality
added. We will also be creating more suse templates.
Kir.
Daniel Bauer wrote:
> Hello @all,
>
> I'm tried to work with XEN3 and SuSE but I've the problem with
> compiling my own kernel (SMP, 64GB). So I've read the artikel about
> openvz and think it's better for me because I only need linux VPS on
> i386 machines.
>
> Is it possible to patch a running SuSE Box with openvz? And how to
> setup a SuSE VPS on this host, are there any good HowTos for this?
> German is prefered.
>
> Thanks a lot
> Daniel
|
|
|
|
|
|
| Re: openvz and SuSE [message #1124 is a reply to message #1113] |
Wed, 01 February 2006 17:00 |
|
|
Daniel Bauer wrote:
> From: "Kir Kolyshkin" <kir@openvz.org>
>
>> Daniel Bauer wrote:
>>
>>>> Which suse version do you have?
>>>
>>>
>>> 9.3 or 10.0, I prefer 9.3, the VPS should be SuSE 9.3
>>
>>
>> OK. I remember that somebody created some SuSE templates, search in
>> forum.openvz.org.
>
>
> I've found this message:
> http://forum.openvz.org/index.php?t=msg&th=190&start =0&
>
> and his site
> http://web150.dd01.profihoster.net/
>
> but there is only a template for SuSE 9.3 64bit server-image for
> openVZ (155 MB)
Ask the author about x86 (i386) template as well :) if he will have
enough requests he may consider doing it :)
>> If you are brave enough you can try doing it all yourself. This is
>> not very complicated -- basically you need to create a chrooted
>> environment with all the needed stuff installed. All the needed stuff
>> are libraries, startup scripts and init, some programs (like ssh)
>> etc. Then you run this in a VPS.
>
>
> I think this is the best way, maybe I could use my existing real
> machines or do I have to include something for VPS in the
> configurations / patches / modification?
Well, as a minimum you should
(1) modify /etc/fstab so it will not try mounting your real hard disk
partition(s)
(2) remove getty from /etc/inittab
(3) some suse versions requires to comment out one line in /sbin/rc
(will tell you later which one)
Everything else is optimizations. This can include:
(4) quit using tmpfs for /dev
(5) moving from udev to static /dev
(6) remove extra entries from /dev to save disk space and inodes
(7) remove kernel, grub, kernel module tools - those are not needed (in
order for RPM to be happy, you might add a short dummy rpm which
virtually 'Provides:' all this stuff)
(8) modify initscripts to boot faster
(9) ...and so on.
But those are just optimizations -- they are not strictly required.
> I found this kernel for my machine:
> http://download.openvz.org/kernel/022stab064.1/ovzkernel-ent erprise-2.6.8-022stab064.1.i686.rpm
>
>
> What about security fixes with this kernel?
We have included a lot of security fixes in our kernel (all that are
known to date) -- just read change logs.
|
|
|
|
| Re: openvz and SuSE [message #1152 is a reply to message #1124] |
Thu, 02 February 2006 16:27 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Kir Kolyshkin" <kir@openvz.org>
> Daniel Bauer wrote:
>> From: "Kir Kolyshkin" <kir@openvz.org>
>>> Daniel Bauer wrote:
>>>>> Which suse version do you have?
>>>>
>>>> 9.3 or 10.0, I prefer 9.3, the VPS should be SuSE 9.3
>>>
>>>
>>> OK. I remember that somebody created some SuSE templates, search in
>>> forum.openvz.org.
>>
>>
>> I've found this message:
>> http://forum.openvz.org/index.php?t=msg&th=190&start =0&
>>
>> and his site
>> http://web150.dd01.profihoster.net/
>>
>> but there is only a template for SuSE 9.3 64bit server-image for
>> openVZ (155 MB)
>
> Ask the author about x86 (i386) template as well :) if he will have
> enough requests he may consider doing it :)
>
>>> If you are brave enough you can try doing it all yourself. This is
>>> not very complicated -- basically you need to create a chrooted
>>> environment with all the needed stuff installed. All the needed
>>> stuff are libraries, startup scripts and init, some programs (like
>>> ssh) etc. Then you run this in a VPS.
>>
>>
>> I think this is the best way, maybe I could use my existing real
>> machines or do I have to include something for VPS in the
>> configurations / patches / modification?
>
> Well, as a minimum you should
> (1) modify /etc/fstab so it will not try mounting your real hard disk
> partition(s)
> (2) remove getty from /etc/inittab
> (3) some suse versions requires to comment out one line in /sbin/rc
> (will tell you later which one)
ok, that sounds good, I'll have a try with SuSE.
I've started now with installing fedora-core 4 and updated the kernel as
mentioned, some prebuild VPS are still running. But how can I access now
some physical harddiscs? I need to mount /dev/sdd1 (my data partition).
How to enable the second eth interface?
> Everything else is optimizations. This can include:
>
> (4) quit using tmpfs for /dev
> (5) moving from udev to static /dev
> (6) remove extra entries from /dev to save disk space and inodes
> (7) remove kernel, grub, kernel module tools - those are not needed
> (in order for RPM to be happy, you might add a short dummy rpm which
> virtually 'Provides:' all this stuff)
> (8) modify initscripts to boot faster
> (9) ...and so on.
> But those are just optimizations -- they are not strictly required.
>
>> I found this kernel for my machine:
>> http://download.openvz.org/kernel/022stab064.1/ovzkernel-ent erprise-2.6.8-022stab064.1.i686.rpm
>>
>> What about security fixes with this kernel?
>
> We have included a lot of security fixes in our kernel (all that are
> known to date) -- just read change logs.
so you update this kernel with actual patches and the OpenVZ Users could
install the new one everytime it's released?
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1165 is a reply to message #1152] |
Thu, 02 February 2006 17:06 |
|
|
Daniel Bauer wrote:
> ok, that sounds good, I'll have a try with SuSE.
>
> I've started now with installing fedora-core 4 and updated the kernel
> as mentioned, some prebuild VPS are still running. But how can I
> access now some physical harddiscs? I need to mount /dev/sdd1 (my data
> partition).
See pages 66-67 of OpenVZ User's Guide. In short, here it is.
You just enable device access for a given VPS, like this:
vzctl set NNN --devnodes sdd1:rw --save
Next, you create the device file (you can just cp /dev/sdd1
/vz/root/NNN/dev)
Next, you mount your partition from inside a VPS as usual.
> How to enable the second eth interface?
You want it to be dedicated to a single VPS, or you just want to access
some other network via it?
In the first case, see page 68 of OpenVZ User's Guide. In the second
case, use it as you would do on a normal Linux box, i.e. add IP, proper
routes and everything should work.
> so you update this kernel with actual patches and the OpenVZ Users could
> install the new one everytime it's released?
Exactly.
Regards,
Kir.
|
|
|
|
| Re: openvz and SuSE [message #1171 is a reply to message #1165] |
Thu, 02 February 2006 18:36 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Kir Kolyshkin" <kir@openvz.org>
> Daniel Bauer wrote:
>
>> ok, that sounds good, I'll have a try with SuSE.
>>
>> I've started now with installing fedora-core 4 and updated the kernel
>> as mentioned, some prebuild VPS are still running. But how can I
>> access now some physical harddiscs? I need to mount /dev/sdd1 (my
>> data partition).
>
> See pages 66-67 of OpenVZ User's Guide. In short, here it is.
>
> You just enable device access for a given VPS, like this:
> vzctl set NNN --devnodes sdd1:rw --save
>
> Next, you create the device file (you can just cp /dev/sdd1
> /vz/root/NNN/dev)
>
> Next, you mount your partition from inside a VPS as usual.
>
>> How to enable the second eth interface?
>
> You want it to be dedicated to a single VPS, or you just want to
> access some other network via it?
>
> In the first case, see page 68 of OpenVZ User's Guide. In the second
> case, use it as you would do on a normal Linux box, i.e. add IP,
> proper routes and everything should work.
Hi Kir,
sorry for asking silly questions, I don't see the manual, only the quick
install, I'll be back when I've read it ;)
Thanks a lot for all your help. OpenVZ is basicly working now within 1
hours, GREAT! I think I'll do a custom SuSE install at the weekend , if
it works and I'm ready I'll give you the precreated tar.gz if you want
to.
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1194 is a reply to message #1165] |
Fri, 03 February 2006 08:59 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Kir Kolyshkin" <kir@openvz.org>
> Daniel Bauer wrote:
>> ok, that sounds good, I'll have a try with SuSE.
Is there a howto for creating templates, or should I start with building
the directory tree by myself?
Why is the stuff double in private and root, I thougt that the root is
only the mounted stuff from private?
>> I've started now with installing fedora-core 4 and updated the kernel
>> as mentioned, some prebuild VPS are still running. But how can I
>> access now some physical harddiscs? I need to mount /dev/sdd1 (my
>> data partition).
>
> See pages 66-67 of OpenVZ User's Guide. In short, here it is.
>
> You just enable device access for a given VPS, like this:
> vzctl set NNN --devnodes sdd1:rw --save
>
> Next, you create the device file (you can just cp /dev/sdd1
> /vz/root/NNN/dev)
>
> Next, you mount your partition from inside a VPS as usual.
Great!!!
>> How to enable the second eth interface?
>
> You want it to be dedicated to a single VPS, or you just want to
> access some other network via it?
>
> In the first case, see page 68 of OpenVZ User's Guide. In the second
> case, use it as you would do on a normal Linux box, i.e. add IP,
> proper routes and everything should work.
I've three nics, but only one venet0.
i.e. eth0 is connected to intranet for use of VPS
(10.x.x.x)
eth1 is connected to internet for use of VPS
(20.x.x.x)
eth2 s connected to intranet only for use of the Host
(30.x.x.x)
I'd like to use:
VPS1: intranet (eth0)
VPS2: internet (eth1)
VPS3: intranet (eth0) + internet (eth1)
On the host (eth2) I don't want to have an IP of the intranet or
internet, the nics should be used for the VPS.
As I understand it's not possible to share a real nic with Host and
diff. VPS, so howto setup this configuration?
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1195 is a reply to message #1194] |
Fri, 03 February 2006 09:20 |
|
|
Daniel Bauer wrote:
> From: "Kir Kolyshkin" <kir@openvz.org>
>
>> Daniel Bauer wrote:
>>
>>> ok, that sounds good, I'll have a try with SuSE.
>>
> Is there a howto for creating templates, or should I start with
> building the directory tree by myself?
No, there is no formal howto, but somehow people manage to find out all
the details. It is probably not that hard, and there are two approaches:
(A)
Currently our template tools can use yum-enabled repositories, so the
way to go is:
1. Take yum-enabled repo (or create one from a bunch of RPMS using
createrepo).
2. Take one of the existing OS templates metadata and find out what is it.
3. Create a metadata for your OS template, based on the above.
4. Run vzpkgcache to create a template cache.
(B)
Alternative approach is just to install a set of packages into chrooted
environment (in RPM world you use 'rpm -i --root' for that, in Debian
world you use 'debootstrap'), then do some fine tuning and finally tar
this environment. The final tarball can be placed to /vz/template/cache
and used as a template. Basically, you need to install some basic stuff
- system libraries, init scripts, useful binaries etc.
> Why is the stuff double in private and root, I thougt that the root is
> only the mounted stuff from private?
It is not doubled. You can think of it as a bind mount (although it's a
bit more than that).
Private is a source for mount (i.e. what we mount), while root is a
mountpoint (i.e. where we mount it).
|
|
|
|
|
|
|
|
| Re: openvz and SuSE [message #1201 is a reply to message #1195] |
Fri, 03 February 2006 10:43 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Kir Kolyshkin" <kir@openvz.org>
> Daniel Bauer wrote:
>> From: "Kir Kolyshkin" <kir@openvz.org>
>>> Daniel Bauer wrote:
>>>> ok, that sounds good, I'll have a try with SuSE.
>>>
>> Is there a howto for creating templates, or should I start with
>> building the directory tree by myself?
>
> No, there is no formal howto, but somehow people manage to find out
> all the details. It is probably not that hard, and there are two
> approaches:
>
> (A)
> Currently our template tools can use yum-enabled repositories, so the
> way to go is:
> 1. Take yum-enabled repo (or create one from a bunch of RPMS using
> createrepo).
> 2. Take one of the existing OS templates metadata and find out what is
> it.
> 3. Create a metadata for your OS template, based on the above.
> 4. Run vzpkgcache to create a template cache.
>
> (B)
> Alternative approach is just to install a set of packages into
> chrooted environment (in RPM world you use 'rpm -i --root' for that,
> in Debian world you use 'debootstrap'), then do some fine tuning and
> finally tar this environment. The final tarball can be placed to
> /vz/template/cache and used as a template. Basically, you need to
> install some basic stuff - system libraries, init scripts, useful
> binaries etc.
ok I'll have a try with SuSE ;)
>> Why is the stuff double in private and root, I thougt that the root
>> is only the mounted stuff from private?
>
> It is not doubled. You can think of it as a bind mount (although it's
> a bit more than that).
> Private is a source for mount (i.e. what we mount), while root is a
> mountpoint (i.e. where we mount it).
ok, that is what I understood, but when I stop the VPS, the root is
still full of content, shouldn't it be unmounted?
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1202 is a reply to message #1200] |
Fri, 03 February 2006 10:52 |
dim
Messages: 344
Registered: August 2005
|
Senior Member |
|
|
On Friday 03 February 2006 13:40, Daniel Bauer wrote:
> From: "Mishin Dmitry" <dim@sw.ru>
>
> >> I've three nics, but only one venet0.
> >> i.e. eth0 is connected to intranet for use of VPS
> >> (10.x.x.x)
> >> eth1 is connected to internet for use of VPS
> >> (20.x.x.x)
> >> eth2 s connected to intranet only for use of the Host
> >> (30.x.x.x)
> >>
> >> I'd like to use:
> >> VPS1: intranet (eth0)
> >> VPS2: internet (eth1)
> >> VPS3: intranet (eth0) + internet (eth1)
> >>
> >> On the host (eth2) I don't want to have an IP of the intranet or
> >> internet, the nics should be used for the VPS.
> >>
> >> As I understand it's not possible to share a real nic with Host and
> >> diff. VPS, so howto setup this configuration?
> >
> > You should assign IP from intranet to VPS1, IP for internet to VPS2
> > and both
> > such IPs to VPS3.
>
> Sorry that doesn't work here if you don't have a IP on the host.
> i.e.
> Host:
> eth0 10.1.0.1/255.255.255.0
> eth1 10.2.0.1/255.255.255.0*
>
> VPS1:
> venet0:0 10.3.0.2/255.255.255.255
>
> VPS2:
> venet0:0 10.4.0.3/255.255.255.255*
>
> VPS3:
> venet0:0 10.3.0.4/255.255.255.255
> venet0:1 10.4.0.4/255.255.255.255*
>
> * not used in this test
>
> a Client with IP 10.1.0.100 could ping the host
> a Client with IP 10.3.0.100 could ping nothing
>
> If I set the host to 10.3.0.1 then I could ping the Host, VPS1 and VPS3.
> So it seems to me that is necessary to have an IP on the host from the
> same subnet.
You are right.
>
> I see that when I start the VPS a new route for each IP, maybe this is
> the problem, is it not better to bridge the adapters between Host and
> VPS?
venet works on IP level, not Ethernet. So, bridging is impossible for now.
>
> Bye
> Daniel
>
--
Thanks,
Dmitry.
|
|
|
|
| Re: openvz and SuSE [message #1204 is a reply to message #1201] |
Fri, 03 February 2006 11:04 |
|
|
Daniel Bauer wrote:
>>> Why is the stuff double in private and root, I thougt that the root
>>> is only the mounted stuff from private?
>>
>>
>> It is not doubled. You can think of it as a bind mount (although it's
>> a bit more than that).
>> Private is a source for mount (i.e. what we mount), while root is a
>> mountpoint (i.e. where we mount it).
>
> ok, that is what I understood, but when I stop the VPS, the root is
> still full of content, shouldn't it be unmounted?
vzctl stop does unmounting of the root area. If you stop VPS from within
a VPS itself, the mount is still there -- and you can umount manually
(vzctl umount NNN).
Creating a cron job for that is problematic - you can not distinguish a
case there you stopped VPS from inside so it needs to be unmounted from
the case there you just mounted a VPS (say, to do some maintenance). So
it is left as is, since there is no problem to left it mounted - it does
not consume much resources etc.
|
|
|
|
| Re: openvz and SuSE [message #1208 is a reply to message #1204] |
Fri, 03 February 2006 12:35 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Kir Kolyshkin" <kir@openvz.org>
> Daniel Bauer wrote:
>>>> Why is the stuff double in private and root, I thougt that the root
>>>> is only the mounted stuff from private?
>>>
>>>
>>> It is not doubled. You can think of it as a bind mount (although
>>> it's a bit more than that).
>>> Private is a source for mount (i.e. what we mount), while root is a
>>> mountpoint (i.e. where we mount it).
>>
>> ok, that is what I understood, but when I stop the VPS, the root is
>> still full of content, shouldn't it be unmounted?
>
> vzctl stop does unmounting of the root area. If you stop VPS from
> within a VPS itself, the mount is still there -- and you can umount
> manually (vzctl umount NNN).
ok, now I see ;)
> Creating a cron job for that is problematic - you can not distinguish
> a case there you stopped VPS from inside so it needs to be unmounted
> from the case there you just mounted a VPS (say, to do some
> maintenance). So it is left as is, since there is no problem to left
> it mounted - it does not consume much resources etc.
is it better to stop a machine inside by "poweroff" or using vzctl stop?
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1209 is a reply to message #1202] |
Fri, 03 February 2006 12:38 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Mishin Dmitry" <dim@sw.ru>
> On Friday 03 February 2006 13:40, Daniel Bauer wrote:
>> From: "Mishin Dmitry" <dim@sw.ru>
>>
>> >> I've three nics, but only one venet0.
>> >> i.e. eth0 is connected to intranet for use of VPS
>> >> (10.x.x.x)
>> >> eth1 is connected to internet for use of VPS
>> >> (20.x.x.x)
>> >> eth2 s connected to intranet only for use of the Host
>> >> (30.x.x.x)
>> >>
>> >> I'd like to use:
>> >> VPS1: intranet (eth0)
>> >> VPS2: internet (eth1)
>> >> VPS3: intranet (eth0) + internet (eth1)
>> >>
>> >> On the host (eth2) I don't want to have an IP of the intranet or
>> >> internet, the nics should be used for the VPS.
>> >>
>> >> As I understand it's not possible to share a real nic with Host
>> >> and
>> >> diff. VPS, so howto setup this configuration?
>> >
>> > You should assign IP from intranet to VPS1, IP for internet to VPS2
>> > and both
>> > such IPs to VPS3.
>>
>> Sorry that doesn't work here if you don't have a IP on the host.
>> i.e.
>> Host:
>> eth0 10.1.0.1/255.255.255.0
>> eth1 10.2.0.1/255.255.255.0*
>>
>> VPS1:
>> venet0:0 10.3.0.2/255.255.255.255
>>
>> VPS2:
>> venet0:0 10.4.0.3/255.255.255.255*
>>
>> VPS3:
>> venet0:0 10.3.0.4/255.255.255.255
>> venet0:1 10.4.0.4/255.255.255.255*
>>
>> * not used in this test
>>
>> a Client with IP 10.1.0.100 could ping the host
>> a Client with IP 10.3.0.100 could ping nothing
>>
>> If I set the host to 10.3.0.1 then I could ping the Host, VPS1 and
>> VPS3.
>> So it seems to me that is necessary to have an IP on the host from
>> the
>> same subnet.
> You are right.
>>
>> I see that when I start the VPS a new route for each IP, maybe this
>> is
>> the problem, is it not better to bridge the adapters between Host and
>> VPS?
> venet works on IP level, not Ethernet. So, bridging is impossible for
> now.
is it possible to take another way to work on Ethernet level, because I
don't want a official IP for the host.
1. security
2. no need for
3. one official IP less for each block
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1210 is a reply to message #1208] |
Fri, 03 February 2006 12:48 |
|
|
Daniel Bauer wrote:
> is it better to stop a machine inside by "poweroff" or using vzctl stop?
It is a bit better to stop it using vzctl stop -- this way vzctl will
umount the area, delete network routes etc.
In case you run poweroff from inside a VPS, network routes will be
cleaned up by vpsnetclean script executed each 5 minutes from cron.
|
|
|
|
| Re: openvz and SuSE [message #1213 is a reply to message #1209] |
Fri, 03 February 2006 13:00 |
dim
Messages: 344
Registered: August 2005
|
Senior Member |
|
|
On Friday 03 February 2006 15:38, Daniel Bauer wrote:
> is it possible to take another way to work on Ethernet level, because I
> don't want a official IP for the host.
> 1. security
> 2. no need for
> 3. one official IP less for each block
If you have only one or two VPSs, you can use real devices dedicated to each
VPS, but this is not your case. For now, we don't work on Ethernet level and
you are required to have one more real IP for the block.
I suppose, that from security point of view it is a not big deal, while you
can use netfilter to protect it and additionally all VPSs, because their
traffic goes through HN route tables.
If it is still the problem, you can check Virtuozzo's Name Based Hosting
feature - it allows to use one real IP for multiple VPSs (pop, smtp, http,
ftp)
>
> Daniel
>
--
Thanks,
Dmitry.
|
|
|
|
| Re: openvz and SuSE [message #1218 is a reply to message #1213] |
Fri, 03 February 2006 13:37 |
Daniel Bauer
Messages: 37
Registered: February 2006
|
Member |
|
|
From: "Mishin Dmitry" <dim@sw.ru>
> On Friday 03 February 2006 15:38, Daniel Bauer wrote:
>> is it possible to take another way to work on Ethernet level, because
>> I
>> don't want a official IP for the host.
>> 1. security
>> 2. no need for
>> 3. one official IP less for each block
> If you have only one or two VPSs, you can use real devices dedicated
> to each
> VPS, but this is not your case. For now, we don't work on Ethernet
> level and
> you are required to have one more real IP for the block.
>
> I suppose, that from security point of view it is a not big deal,
> while you
> can use netfilter to protect it and additionally all VPSs, because
> their
> traffic goes through HN route tables.
>
> If it is still the problem, you can check Virtuozzo's Name Based
> Hosting
> feature - it allows to use one real IP for multiple VPSs (pop, smtp,
> http,
> ftp)
Hello Dmitry,
thanks for your explaination.
If I understand you right, you do the firewalling on the host, not in
the VPS. I think it will work and I could afford one more IP for the
host, but my opinion was to have less as possible on my host and let the
VPS do the work ;)
Thanks again
Daniel
|
|
|
|
| Re: openvz and SuSE [message #1228 is a reply to message #1218] |
Fri, 03 February 2006 15:03 |
dim
Messages: 344
Registered: August 2005
|
Senior Member |
|
|
OpenVZ allows to use firewall both on HN and in VPSs.
And I was completely wrong talking that there is no way!!!
You can set no IP to eth0, but have VPSs accessible from intranet.
Here:
ifconfig eth0 0
ip r add 10.0.0.0/8 dev eth0
ip r add default via GW_ADDR
sysctl -w net.ipv4.conf.eth0.proxy_arp=1
ip route add VPS1_IP dev venet0
vzctl start VPS1
there should be some warnings, just skip them.
So, the main point is to enable arp_proxying on intranet interface and have
added VPS related routes before VPS start (else vzctl will return with error
- you may fix this in /usr/lib/vzctl/scripts/vps-functions)
On Friday 03 February 2006 16:37, Daniel Bauer wrote:
> From: "Mishin Dmitry" <dim@sw.ru>
>
> > On Friday 03 February 2006 15:38, Daniel Bauer wrote:
> >> is it possible to take another way to work on Ethernet level, because
> >> I
> >> don't want a official IP for the host.
> >> 1. security
> >> 2. no need for
> >> 3. one official IP less for each block
> >
> > If you have only one or two VPSs, you can use real devices dedicated
> > to each
> > VPS, but this is not your case. For now, we don't work on Ethernet
> > level and
> > you are required to have one more real IP for the block.
> >
> > I suppose, that from security point of view it is a not big deal,
> > while you
> > can use netfilter to protect it and additionally all VPSs, because
> > their
> > traffic goes through HN route tables.
> >
> > If it is still the problem, you can check Virtuozzo's Name Based
> > Hosting
> > feature - it allows to use one real IP for multiple VPSs (pop, smtp,
> > http,
> > ftp)
>
> Hello Dmitry,
>
> thanks for your explaination.
>
> If I understand you right, you do the firewalling on the host, not in
> the VPS. I think it will work and I could afford one more IP for the
> host, but my opinion was to have less as possible on my host and let the
> VPS do the work ;)
>
> Thanks again
> Daniel
>
--
Thanks,
Dmitry.
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Re: openvz and SuSE [message #1461 is a reply to message #1445] |
Thu, 09 February 2006 01:47 |
jbond007
Messages: 78
Registered: January 2006
Location: Miami
|
Member |
|
|
sorry you not right !
i have image Opensuse 10 for vps
my host run centos4.2
sample
after i crete the vzctl create 151 --ostemplate open-suse-****
vps create perfect
vzctl set 150 --ipadd *******
i try ping
the ip not respond !
bad
ok so i try using vzctl enter 151
to find the issue
i use yast
not network device
the main issue here Opensuse is not ready to support vps network device not show
like fedora or centos image
Please Help me ASAP Regards !!!!!!!!!!
[Updated on: Thu, 09 February 2006 01:48] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
Goto Forum:
Current Time: Sun Jul 14 22:57:50 GMT 2024
Total time taken to generate the page: 0.02360 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
