|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Cannot Start VE - Unable to set capability: Operation not permitted [message #23230 is a reply to message #23227] |
Wed, 14 November 2007 14:21   |
|
|
I just upgrade the kernel and below the result
Linux localhost 2.6.18-8.1.15.el5.028stab047.1PAE #1 SMP Tue Oct 23 15:48:28 MSD 2007 i686 i686 i386 GNU/Linux
[root@dedicated cache]# cat /proc/self/status
Name: cat
State: R (running)
SleepAVG: 78%
Tgid: 30986
Pid: 30986
PPid: 15060
TracerPid: 0
FNid: 0
Uid: 0 0 0 0
Gid: 0 0 0 0
FDSize: 256
Groups: 0 1 2 3 4 6 10
envID: 0
VPid: 30986
PNState: 0
StopState: 0
VmPeak: 3792 kB
VmSize: 3792 kB
VmLck: 0 kB
VmHWM: 376 kB
VmRSS: 376 kB
VmData: 148 kB
VmStk: 84 kB
VmExe: 16 kB
VmLib: 3528 kB
VmPTE: 24 kB
StaBrk: 0804d000 kB
Brk: 092d5000 kB
StaStk: bfbaa660 kB
Threads: 1
SigQ: 0/7679
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
SigSvd: 0000000000000000
CapInh: 0000000000000000
CapPrm: 00000000fffffeff
CapEff: 00000000fffffeff
Cpus_allowed: ffffffff
Mems_allowed: 1
TaskUB: 0
MMUB: 0
[root@dedicated cache]# vzctl create 100 --ostemplate centos-4-i386-default
Creating VE private area (centos-4-i386-default)
vzquota : (error) Quota on syscall for 100: File exists
vzquota on failed [3]
vzquota : (error) Quota is not running for id 100
Performing postcreate actions
VE private area was created
[root@dedicated cache]# vzctl start 100
Starting VE ...
vzquota : (error) Quota on syscall for 100: File exists
vzquota on failed [3]
So i set in file /etc/sysconfig/vz
DISK_QUOTA=no
now the result
[root@dedicated cache]# vzctl start 100
Starting VE ...
VE is mounted
Adding IP address(es): 209.250.234.166
Setting CPU units: 1000
Configure meminfo: 49152
File resolv.conf was modified
VE start in progress...
Anyway the ip address is needed set to the real ip address or network ip address class ?
Best Regards,
Joko Frank Octo
http://www.jfoc.net - http://www.bestserverhosting.com - http://www.profitnfo.com
[Updated on: Wed, 14 November 2007 14:33] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Cannot Start VE - Unable to set capability: Operation not permitted [message #23287 is a reply to message #23282] |
Thu, 15 November 2007 08:54 |
|
|
[host-node] vzctl create 100 --ostemplate=debian-4.0-i386-minimal
[host-node] vzctl set 100 --ipadd 192.168.0.100 --save
[host-node] vzctl set 100 --nameserver 209.250.234.162 --save
[host-node] vzctl set 100 --hostname vps100 --save
[host-node] vzctl set 100 --netif_add eth0,00:0C:29:08:EE:48 --save
[host-node] vzctl start 100
[host-node] ifconfig veth101.0 0
[host-node] echo 1 > /proc/sys/net/ipv4/conf/veth100.0/forwarding
[host-node] echo 1 > /proc/sys/net/ipv4/conf/veth100.0/proxy_arp
[host-node] echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node] echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
[host-node] vzctl enter 100
[ve-100] ifcfg eth0 0
[ve-100] ifconfig eth0 192.168.0.99
[ve-100] route add default eth0
[ve-100] exit
[host-node] route add 192.168.0.99 dev veth100.0
[host-node] iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 209.250.234.162
[host-node] vzctl enter 100
[ve-100] ping jfoc.net --> the result is ping: unknown host jfoc.net
Above is an instruction i followed step-by-step, but still cannot access the Internet From VE
http://www.jfoc.net - http://www.bestserverhosting.com - http://www.profitnfo.com
|
|
|
|
| Re: Cannot Start VE - Unable to set capability: Operation not permitted [message #23290 is a reply to message #23287] |
Thu, 15 November 2007 09:37 |
vaverin
Messages: 708
Registered: September 2005
|
Senior Member |
|
|
| JFOC wrote on Thu, 15 November 2007 11:54 |
[host-node] vzctl create 100 --ostemplate=debian-4.0-i386-minimal
[host-node] vzctl set 100 --ipadd 192.168.0.100 --save
[host-node] vzctl set 100 --nameserver 209.250.234.162 --save
[host-node] vzctl set 100 --hostname vps100 --save
|
I would note that it is enough for VE networking via venet interface
http://wiki.openvz.org/Virtual_network_device
veth interface is an alternative soulution, and you can not use it at all.
| JFOC wrote on Thu, 15 November 2007 11:54 |
[host-node] vzctl set 100 --netif_add eth0,00:0C:29:08:EE:48 --save
[host-node] vzctl start 100
[host-node] ifconfig veth101.0 0
[host-node] echo 1 > /proc/sys/net/ipv4/conf/veth100.0/forwarding
[host-node] echo 1 > /proc/sys/net/ipv4/conf/veth100.0/proxy_arp
[host-node] echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
[host-node] echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
[host-node] vzctl enter 100
[ve-100] ifcfg eth0 0
[ve-100] ifconfig eth0 192.168.0.99
[ve-100] route add default eth0
[ve-100] exit
[host-node] route add 192.168.0.99 dev veth100.0
|
As I've explained above Veth interafce is not necessary, but
at this point you have configured veth interface too.
| JFOC wrote on Thu, 15 November 2007 11:54 |
[host-node] iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 209.250.234.162
|
this rule means that all forwarded packets will have source ip=209.250.234.162. Is it your hardware node's IP?
| JFOC wrote on Thu, 15 November 2007 11:54 |
[host-node] vzctl enter 100
[ve-100] ping jfoc.net --> the result is ping: unknown host jfoc.net
Above is an instruction i followed step-by-step, but still cannot access the Internet From VE
|
As far as I see you cannot translate jfoc.net name to IP. Are you sure that you have started nameserver on your hardware node? If not -- you can set to VE the same nameserver that uses your hardware node.
Then let's check the following:
- do you able to ping HW node from inside VE (by using its IP)?
- do you able to ping some external IP from inside VE?
thank you,
Vasily Averin
[Updated on: Thu, 15 November 2007 09:38] Report message to a moderator |
|
|
|
| Re: Cannot Start VE - Unable to set capability: Operation not permitted [message #23293 is a reply to message #23290] |
Thu, 15 November 2007 09:58 |
|
|
Why i cannot use this ?
| Quote: |
this rule means that all forwarded packets will have source ip=209.250.234.162. Is it your hardware node's IP?
|
Yes that's 209.250.234.162 is my static ip for server
| Quote: |
As far as I see you cannot translate jfoc.net name to IP. Are you sure that you have started nameserver on your hardware node? If not -- you can set to VE the same nameserver that uses your hardware node.
Then let's check the following:
- do you able to ping HW node from inside VE (by using its IP)?
- do you able to ping some external IP from inside VE?
|
- Yes i'm sure the nameserver has been running well, because this is dedicated server for web hosting.
- I cannot ping HW node from Inside VE (using name / ip)
- I cannot ping any external IP from VE
http://www.jfoc.net - http://www.bestserverhosting.com - http://www.profitnfo.com
|
|
|
|
| Re: Cannot Start VE - Unable to set capability: Operation not permitted [message #23296 is a reply to message #23293] |
Thu, 15 November 2007 10:42 |
vaverin
Messages: 708
Registered: September 2005
|
Senior Member |
|
|
| JFOC wrote on Thu, 15 November 2007 12:58 |
Why i cannot use this ?
|
Sorry my bad english, I mean that you have configured venet network interface and therefore using veth is not necessary.
| JFOC wrote on Thu, 15 November 2007 12:58 |
- Yes i'm sure the nameserver has been running well, because this is dedicated server for web hosting.
- I cannot ping HW node from Inside VE (using name / ip)
- I cannot ping any external IP from VE
|
Hmm. Is eth0 interface up inside your VE?
Could you please show list of interfaces ("ip a l" output) and routing table inside your VE ("ip r l" output).
IMHO it make sense try to remove veth configuration and repeat your experiment.
Also you can give me acess permission for your node (via PM) and I'll try to investigate situation on your node.
[Updated on: Thu, 15 November 2007 10:42] Report message to a moderator |
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
