*solved* OpenVZ on CentOS 5 network issues [message #15782] |
Sun, 12 August 2007 22:13 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
i followed wiki.openvz.org/Quick_installation all the way to wiki.openvz.org/VE_creation with no problems, creating a VE 101 and entered and exited the VE 101 no probs
i followed the procedure and was successful creating a VE using both centos-4-i386-minimal.tar.gz and centos-5-i386-default.tar.gz
my remote server (twin dual-core 2GB RAM CentOS 5 i386) has 16 IPs assigned by my host and both times i assigned a public IP to the VE
my problem is i cannot ssh into the new VE, there appears to be no network connection in the VE (i disabled iptables incase) must i add something to the hardware node network config? or must i further configure the VE to see the hardware eth0?
plz do you have advice? i am looking to set up many VE each with a public IP. i searched the forum but didnt find anything i recognised
[Updated on: Fri, 17 August 2007 00:38] Report message to a moderator
|
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15789 is a reply to message #15783] |
Mon, 13 August 2007 12:24 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
cat /proc/sys/net/ipv4/ip_forward
0
thanks for the reply, i am leading a dev group and we want multiple VE for live test environments, your help is very much appreciated
UPDATE:
i have spoken with my host's tech support and they inform me the public ip's assigned to the server were not added to the network config of the server (there is only a single ip configured on the server) and they are adding all the ip's into the server config now. i will keep you informed
UPDATE:
the host has edited /etc/sysconfig/network-scripts/ and all 11 ips are pointed at eth0 ... he has edited ifcfg-eth0 thru ifcfg-eth0:10
cat /proc/sys/net/ipv4/ip_forward still gives putput = 0
i created a VE 101 using one of the ip's and then tried ssh into the VE but i landed in the hardware node. please what next? (naturally i will continue to search myself) i suspect that because the ips were added to the hardware node config after the install of OpenVZ that perhaps OpenVZ does not see them
thank you for your attention
[Updated on: Mon, 13 August 2007 15:39] Report message to a moderator
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15791 is a reply to message #15789] |
Mon, 13 August 2007 15:43 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
i tried ping www.google.com from VE 101 and got the response:
ping: unknown host www.google.com
... looks like still no network in the VE
UPDATE:
i have read everything now
Virtual Network Device tells me the network should be automatically configured by VZ and delivered into the VE with the command
vzctl set <VEID> --ipadd <IP1>[,<IP2>,...] [--save]
which was done and didnt work, must i use bonding to add the network config for the new ip's?
maybe i must remove OpenVZ from the system and start again and this time maybe the OpenVZ will see the 11 ip's in the HW network config. but then i would have expected to see an article on adding external ip's to a VZ config after installation
help plz. i am going nowhere until this is solved
UPDATE:
i look again at sysctl.conf and file is ok but when i reboot still i get
cat /proc/sys/net/ipv4/ip_forward
0
then i make service network restart and then
cat /proc/sys/net/ipv4/ip_forward
1
... progress?
[Updated on: Mon, 13 August 2007 17:21] Report message to a moderator
|
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15800 is a reply to message #15798] |
Mon, 13 August 2007 22:54 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
24 hours on the OpenVZ forum ... no progress
i sent a mail to sales@openvz.org offering to buy a support package ... no reply
i will ask the host to install CentOS 4.5 and see if the same problem happens again - a default installation of OpenVZ creating a VE without network connection
i will keep you informed, and this topic at the top of the forum until a dev or mod shows up
[Updated on: Mon, 13 August 2007 22:54] Report message to a moderator
|
|
|
|
|
|
|
|
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15832 is a reply to message #15829] |
Tue, 14 August 2007 22:34 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
packet forwarding was enabled and if you read the posters reply he tells you packet forwarding reset to default disabled on HN reboot
it is all ok for you to turn up 48 hours later and say OpenVZ is well supported when for 24 hours there was zero interest in the poster's topic and seeking stability he was forced to re-install an old operating system. the poster's experience is that OpenVZ is not well supported
it is all very well for you to say OpenVZ is well supported when 48 hours after sending a mail to sales@OpenVZ asking to purchase a support contract the poster has received zero reply
the poster has 5 years linux admin experience, has 3 multi-processor production machines, and knows how to read
as this topic demonstrates the poster is working hard to discover tweaks to your system that are apparently hidden and NOT in the wiki e.g. nameserver
is the problem for you that the poster is stubborn and is persisting in the attempt to configure OpenVZ? what exactly is your problem that you post a flame without reading the poster's topic? the poster's experience of the OpenVZ forum is laid out for all to see
the poster is attempting the most basic install possible. a virgin CentOS with the objective of multiple VE all with external IPs. and you turn up to patronise without a single word of assistance
finally:
this looks wrong in sysctl.conf
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
should it be 1?
[Updated on: Tue, 14 August 2007 22:52] Report message to a moderator
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15834 is a reply to message #15832] |
Tue, 14 August 2007 23:24 |
|
dowdle
Messages: 261 Registered: December 2005 Location: Bozeman, Montana
|
Senior Member |
|
|
Excuse me but saying that you x years of Linux admin experience and then not knowing what the /etc/resolv.conf was on the hardware node... that is a conflict if you ask me. I mention that not to cut you down... but show the reality... and to contradict your assertion that openvz isn't well supported.
Regarding your email to sales@openvz.org... email is horribly unreliable these days. If sales didn't get your email, it may be more than 1,000 years before you get a response.
You really should read the docs. Print out the user guide. It is a bit dated... but fairly complete. There isn't anything you are doing that hasn't been done tens of thousands of times before... and it should be well documented.
Regarding the quick install guide on the wiki not including the --nameserver parameter... I wish it was shown but there are a lot of parameters that aren't shown. Looking at the PDF of the Users Guide, on page 35 it is clearly stated that --nameserver should be set. Of course, just like a physical host, you can edit the /etc/resolv.conf by hand on the VPS if desired... and not use the --nameserver parameter.
You also have to realize that doing all of this stuff on a remote machine you don't physically have access to... is about the worst case scenerio. At the very least, you would like physical access to it to set it up... and once initially configured, ship it off to some colocation provider.
If you are honestly trying to say that you should be able to go from total newbie to production system in 24, or 48 or whatever... number of hours... I'm guessing there are zero products that will meet your requirements. You should spend some time testing and learning the system before imposing some arbitrary time table and then griping those trying to help you... within a day or two of your post.
The main complain someone had was they really didn't understand what you were asking... and that you didn't give enough information to describe the problem. I see you have come back over and over trying to improve the information you are providing... that is good. You have to understand that the most knowledgeable folks around are probably native Russian speakers (SWsoft's developers aka OpenVZ's developers) are all based in Russia... so sometimes their English isn't as good as a native speaker. Your English makes me wonder if it is a second language for you. Hey, I'm not complaining... because English is the ONLY language I know.
--
TYL, Scott Dowdle
Belgrade, Montana, USA
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15835 is a reply to message #15834] |
Tue, 14 August 2007 23:40 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
ok so what am i guilty of? being a n00b. well consider this nOOb well roasted and smacked and everything you want to do to me. what a great experience this forum is
still i have the job to configure this server with OpenVZ
thank you very much for your advice, i will abandon the wiki and use the pdf. thanks for the help friend
EDIT: just because i never set networking on a linux box does not mean i know nothing, it means only i rent remote servers and the network config is done by the host
is going to be real fun when after i figure out how to do it alone, and i return here to deliver a critique of the poor wiki documentation that has on your own admission miserably wasted my time and money (that re-install cost me 99 euro) and let me guess that is much less than a 1 year support contract from OpenVZ if they could be bothered to check their mail
i am owner and admin on sites with 40,000+ active members on a single site, i understand forums, sry if that poster set me off but it is frustrating because the outlook is now 72 hours before a reply from any dev or staff member of the forum who can take the issue in hand. a virgin CentOS 5 server failed to work OpenVZ when precisely following the procedure in the Official Installation Guide
[Updated on: Tue, 14 August 2007 23:58] Report message to a moderator
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15836 is a reply to message #15835] |
Tue, 14 August 2007 23:58 |
|
dowdle
Messages: 261 Registered: December 2005 Location: Bozeman, Montana
|
Senior Member |
|
|
Egads... I'm going to take what you said with a sense of humor.
I didn't say the wiki was worthless. In all things, use the best tool for the job. The Users Guide is fairly complete but it is outdated on a number of topics. For example, it was written before the introduction of checkpointing and live migration features.
The commercial product upon which OpenVZ is based (SWsoft's Virtuozzo) is a bit behind in some areas compared to OpenVZ. I believe their current commercial release doesn't support RHEL5/CentOS 5 yet but I don't think that those were really the cause of your problem. As you know, whatever problem you were having should apply to both a CentOS 5 based host as well as a CentOS 4 based host so I'm not sure reinstalling the host OS was a solid plan... but who knows... doing something all over again sometimes helps avoid pitfalls.
I can give you an example with VMware. I emailed them wanting an evaluation license (for ESX server for academic purposes) and didn't hear back from them for over 2 months. I don't know if that is typical (I doubt it) but it is just another data point. You seem to have overlooked my point though... and that is email is especially unreliable these days. A significant percentage, even from the large email providers, doesn't end up where it is supposed to... and if the openvz people did get your email (and I have no idea if they did or didn't) it doesn't matter how long you wait... you are never ever going to get a reply. My point, don't rely on email as your only point of contact... especially in a situation you consider critical... and that applies to everyone... not just OpenVZ.
To clarify... read the User Guide... read the wiki... read everything you can get your hands on. I've been using OpenVZ for well over a year and I'm still learning new stuff.
I also recommend you continue to use the forums... but don't always expect an response in as timely a fashion as you seem to expect.
Other than those points, we are very happy to do our best to help you. I'm a community member... and not a developer... nor someone who is paid. This is community support.
--
TYL, Scott Dowdle
Belgrade, Montana, USA
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15837 is a reply to message #15836] |
Wed, 15 August 2007 00:24 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
nice to meet you dowdle sincerely i do believe i have made contact (of course a sense of humour implant is required, only prob is a good one is expensive)
always zero documentation is better than bad documentation, especially documentation that looks so fine in a wiki format. i was reading all the other docs and thinking all the time "if i follow a new procedure how far away is it taking me from the basic install, what problems do i make for myself?". over time you will come to know me and trust that when i say i will return and post the n00b guide i will do it
____________________________________________________________ ____
DIARY OF A N00B
problem 1 with CentOS 5:
after editing /etc/sysctl.conf and setting net.ipv4.ip_forward = 1 then reboot CentOS 5 >>>
cat /proc/sys/net/ipv4/ip_forward = 0
when i perform service network restart >>
cat /proc/sys/net/ipv4/ip_forward = 1
conclusion: that is as bad as it gets, something between the kernel and the config files is broken
problem 2 with CentOS 5: ... 48 hours later i am still stuck on problem 1, nobody on the OpenZV forum understands me except this real nice guy dowdle. everyone else thinks i am nutz
Problem 3: i have abandoned CentOS 5 and installed CentOS 4.5 ... and now i learn from dowdle to expect the same behaviour from CentOS 4.5
please with your assistance i hope to get there
EDIT: dowdle you are correct, the Wiki installation delivers a CentOS 4.5 n00b a VE without a functioning network connection
now abandoning the installation guides and reverting to the user guide pdf
[Updated on: Wed, 15 August 2007 01:02] Report message to a moderator
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15838 is a reply to message #15837] |
Wed, 15 August 2007 02:25 |
|
dowdle
Messages: 261 Registered: December 2005 Location: Bozeman, Montana
|
Senior Member |
|
|
I don't quite understand what you are saying with problem 1.
What I do with /etc/sysctl.conf is:
mv /etc/sysctl.conf /etc/sysctl.conf.factory
nano -w /etc/sysctl.conf
Paste in the lines shown on the Quick install quide:
# On Hardware Node we generally need
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# TCP Explict Congestion Notification
#net.ipv4.tcp_ecn = 0
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
Save it out. Please copy and paste from the guide as it might wrap funny here.
Note that if that value gets set more than once, it takes whatever it was last set to. In the end, you want forwarding = 1. While it is used by OpenVZ, it really isn't an openvz specific thing. My guess is that set the value to 1 at the top of the sysctl.conf and later set it to 0... and it keeps the later value. In any event, it should be set to 1. Moving the original file and pasting in the lines shown on the quick start guide makes sure it is set correctly.
- - - -
Now I have to ask a question. You have a hosting provider that is giving you multiple IP addresses. Are you sure those addresses are being routed to your physical box? Do a traceroute for the IP address of the hardware node and the other addresses. They should all have the same last hop and if they don't it is a routing issue your hosting provider will have to fix.
- - - -
After you have your VPSes installed and running... stop iptables on the hardware node just to make sure it isn't in the way. If stopping it makes everything work, you know it is a firewall issue you need to fix.
- - - -
Other than that, we've kinda been spinning in circles going over and over the same stuff. To get past that, I'd like to have root access to the hardware node so I can poke at it.
I've setup openvz a few dozen times and never really run into a problem that wasn't resolved by the methods I mentioned above. Oh, you do have SELINUX turned off in the hardware node, right?
--
TYL, Scott Dowdle
Belgrade, Montana, USA
|
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15841 is a reply to message #15838] |
Wed, 15 August 2007 02:41 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
my /etc/sysctl.conf ...
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# we do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
you can see it has the lines required by OpenVZ but also the following lines which were already in situ:
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
the instruction is to 'paste' which suggested to me that i replace any dupes with the OpenVZ line and keep everything else
there is one line in the PDF i find which may point to the problem:
pp29: ... or routing to the VPS has been set up via the Hardware Node
the server IPs are all set and working for the HN server. am i correct there is another layer of config as our friend suggested where the HN must be told how to route the external IPs to the VEs?
you can use the email locutius@gmail.com to contact me or send me your email i we can discuss you taking a look at the config
i really do appreciate the help
EDIT: the problem with problem 1 was after editing, saving and rebooting the HN the changes in sysctl.conf did not take effect. only when i made a service network restart did the sysctl.conf take effect .... yes very very strange, and that was what was confusing about the beginning of this thread, why would anyone expect an updated sysctl.conf not to take effect on a reboot :/
EDIT: confirmed iptables stopped in HN and VE, SELINUX off, HN IP and VE IP traceroutes are identical
[Updated on: Wed, 15 August 2007 02:50] Report message to a moderator
|
|
|
Re: OpenVZ on CentOS 5 network issues [message #15844 is a reply to message #15841] |
Wed, 15 August 2007 03:21 |
locutius
Messages: 125 Registered: August 2007
|
Senior Member |
|
|
i enabled source based routing in sysctl.conf with:-
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.conf.all.accept_source_route = 1
then restarted the network on the HN:-
[root@xxx~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down interface venet0: [ OK ]
Shutting down loopback interface: [ OK ]
Disabling IPv4 packet forwarding: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
Bringing up interface venet0: [ OK ]
everything ok, but then in the VE:-
[root@vps101 /]# service network restart
Shutting down interface venet0: [ OK ]
Shutting down loopback interface: [ OK ]
Setting network parameters: net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
error: unknown error 1 setting key 'kernel.sysrq'
error: unknown error 1 setting key 'kernel.core_uses_pid'
[FAILED]
Bringing up loopback interface: [ OK ]
Bringing up interface venet0: [ OK ]
then from HN:-
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
85.17.*the VE IP* 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
85.17.*the HN IP* 0.0.0.0 255.255.255.192 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 85.17.182.254 0.0.0.0 UG 0 0 0 eth0
and from ve:-
[root@vps101 /]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 venet0
any ideas?
[Updated on: Wed, 15 August 2007 03:31] Report message to a moderator
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|