OpenVZ Forum: Support » [answered] Dbus inside VE

Home » General » Support » [answered] Dbus inside VE

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

[answered] Dbus inside VE [message #34569]

Mon, 19 January 2009 03:59

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Hello,

I'm having a problem running dbus inside a CentOS 5 VE.

The service fails to start without logging any error messages.

If I try to start it from the command line by running:

dbus-daemon --system --nofork

I receive the following output:

Failed to start message bus: Failed to drop capabilities

Using a CentOS 4 template, the service starts without problems.

Any advice would be much appreciated. Thank you.

[Updated on: Mon, 19 January 2009 10:27] by Moderator

Report message to a moderator

Re: Dbus inside VE [message #34574 is a reply to message #34569]

Mon, 19 January 2009 10:27

khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia

Senior Member

Hi.

D-BUS in CentOS5 uses CAP_AUDIT capability which intersects with OpenVZ capabilities. This happened due to the fact that OVZ kernel does not have AUDIT enabled in kernel, but needed the capability for other needs.
So this issue is known already and moreover it's already fixed by more complicated CAP_AUDIT handling (note: OVZ kernel still has AUDIT disabled). And D-BUS will run ok after 2.6.18-028stab060.2 will be available. Please, do not ask the exact ETA - still in progress. Smile

--
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Re: [answered] Dbus inside VE [message #34589 is a reply to message #34569]

Mon, 19 January 2009 14:45

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Hi,

Thank you for your answer.

I'm using a custom built kernel 2.6.24-ovz006 on a Gentoo box right now.

If i understand correctly, i require to add the "CAP_AUDIT" capability to the VE to make dbus work correctly ?

Can i add auditing support in the kernel without breaking anything ?

Is it at least related ?

Report message to a moderator

Re: [answered] Dbus inside VE [message #34593 is a reply to message #34589]

Mon, 19 January 2009 15:03

khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia

Senior Member

Hi.

Quote:

If i understand correctly, i require to add the "CAP_AUDIT" capability to the VE to make dbus work correctly ?

Can i add auditing support in the kernel without breaking anything ?

Is it at least related ?

Yes, it's related. Yes, adding "CAP_AUDIT" into the Container could make dbus happy but it's not so easy. This capability is used for other needs by OVZ code thus simple providing this capability to the Container will create a big security whole on your node...

--
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Re: [answered] Dbus inside VE [message #34596 is a reply to message #34569]

Mon, 19 January 2009 17:54

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Hello,

There is no security concern involved since this is a desktop system used only by me to test different things on it.

I use OpenVZ to debug and test a mail server and right now I'm trying to make a RedHat cluster for learning and testing purposes but the "ricci" tool requires dbus in order to start hence the problem I am facing Smile

I tried adding the "CAP_AUDIT" capability to the VE with the following command:

vzctl set 303 --capability CAP_AUDIT:on --save

But i receive the following error message:

Capability CAP_AUDIT is unknown
Bad parameter for --capability: CAP_AUDIT:on

Can you please tell me the exact name of the capability required by dbus ?

Is there some other way to add this capability ?

Thank you in advance for your response.

Report message to a moderator

Re: [answered] Dbus inside VE [message #34601 is a reply to message #34596]

Mon, 19 January 2009 22:38

khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia

Senior Member

Hi again.

Quote:

Capability CAP_AUDIT is unknown
Bad parameter for --capability: CAP_AUDIT:on

Can you please tell me the exact name of the capability required by dbus ?

You tried the correct name - CAP_AUDIT, but the thing is "vzctl" knows nothing about this capability up to now.

Quote:

Is there some other way to add this capability ?

i'm afraid in any case you'll have to get specially patched kernel and vzctl with new functionality added. Unfortunately at the moment both of them do not exist, but they definitely will be created.

--
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Re: [answered] Dbus inside VE [message #34623 is a reply to message #34569]

Wed, 21 January 2009 18:53

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Hello,

The received answer is really, unexpected.

So, what i understand is that there is no support for running dbus in a VE at this moment ?

Then how can be explained that dbus works without problems in a CentOS 4 container ?

It is VE template dependent ? Is it kernel dependent ?

I also wonder how could no one ever attempted or required dbus in a VE before...

Can you suggest a workaround for running the ricci tool inside a VE without dbus ?

Ricci is part of the RedHat Clustering Suite.

Has anyone tried to cluster several VE's together ? Please tell me if this is in any way possible.

Thank you for your assistance.

Report message to a moderator

Re: [answered] Dbus inside VE [message #34626 is a reply to message #34623]

Thu, 22 January 2009 13:01

khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia

Senior Member

Hi.

you are asking difficult questions. Smile

Quote:

So, what i understand is that there is no support for running dbus in a VE at this moment ?

If we are talking about RHEL5 Container running under RHEL5-based OpenVZ kernel - yes. But support for the dbus has been already added to the test kernels, so it will be available soon, may be even in several days.

Quote:

Then how can be explained that dbus works without problems in a CentOS 4 container ?

It is VE template dependent ? Is it kernel dependent ?

i can guess this is because that(older) version of dbus did not use AUDIT capability. But this is only my guess, i have not checked it.

Quote:

Can you suggest a workaround for running the ricci tool inside a VE without dbus ?

Ricci is part of the RedHat Clustering Suite.

Unfortunately i don't know any workarounds. i suggest you just to wait for several days and try again using the new OVZ kernel with support for dbus.
BTW, please, share the results then about your attempts to configure RedHat Clustering Suite inside a Container, it may be quite interesting for many people.

Hope to hear from you soon.

--
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Re: [answered] Dbus inside VE [message #34633 is a reply to message #34569]

Thu, 22 January 2009 16:18

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Hello,

Can you tell me for which kernel versions this capability will be available ?

ATM I'm running a 2.6.24-006.5 OVZ kernel on a Gentoo system.

I am willing to experiment if i can download a patch and provide you with feedback.

If the new kernel will allow creating a cluster i don't mind providing you the tech walk through.

Waiting for your response.

Report message to a moderator

Re: [answered] Dbus inside VE [message #34635 is a reply to message #34633]

Thu, 22 January 2009 16:32

khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia

Senior Member

Hello.

Quote:

Can you tell me for which kernel versions this capability will be available ?

2.6.18-028stab060.2 RHEL5-based

--
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Re: [answered] Dbus inside VE [message #34663 is a reply to message #34569]

Sat, 24 January 2009 10:01

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Ok, thank you for the update.

I'll have to get the sources for the kernel and do manual patching. Could take some time...

I had some issues with the 2.6.18 branch and the proprietary ATI driver, that's why i'm running the 2.6.24 based OpenVZ release.

If i'm not asking too much, could it be possible to provide me with a patch for this kernel branch also ?

It basically panicked the kernel when running Firefox though the glxgears tool ran fine. Upgrading to the 2.6.24 produced a stable kernel.

I'll get the 2.6.18 patch and post my results as soon as i finish the preliminary tests.

As a suggestion, can you please host on the download.openvz.org server the corresponding kernel source package in the same directory as the combined OpenVZ patch for convenience reasons ?

Or at least a download link to the kernel.org site.

Thank you.

Report message to a moderator

Re: [answered] Dbus inside VE [message #34665 is a reply to message #34569]

Sat, 24 January 2009 13:48

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Back with an update.

I've built the 2.6.18 kernel.

The dbus issue is solved. Dbus started without a problem using the new kernel.

Moving forward with the cluster setup i came across another problem.

Now it seems that the "cman" service requires another feature that is not available in the VE.

Cman is the main service that operates a cluster node.

It requires access to /sys/kernel/config which is the configfs pseudo-filesystem.

After enabling support in the kernel for this filesystem also (initially was not enabled) i still cannot see "/sys/kernel/config" in the VE although this path exists on the HN.

In the init script of cman the following operation is performed regarding the /sys/kernel/config path:

mount -t configfs none /sys/kernel/config/

I'm presume that this feature will be next to impossible to implement due to the way OpenVZ is designed.

Waiting for your response regarding this new "problem".

Thanks.

Report message to a moderator

Re: [answered] Dbus inside VE [message #34730 is a reply to message #34569]

Thu, 29 January 2009 09:48

n00b_admin
Messages: 77
Registered: July 2006
Location: Romania

Member

Hello,

Any updates regarding this matter ?

Thank you.

Report message to a moderator

Re: [answered] Dbus inside VE [message #34731 is a reply to message #34730]

Thu, 29 January 2009 09:58

khorenko
Messages: 533
Registered: January 2006
Location: Moscow, Russia

Senior Member

Hi,

please, file a feature request on this matter to the bugzilla, thus you can be sure this issue won't be lost in forum archive.
But i cannot provide you any ETA when/if this will be implemented.

--
Konstantin

If your problem is solved - please, report it!
It's even more important than reporting the problem itself...

Report message to a moderator

Previous Topic:	what goes wrong with this centos5 iscsi pxe-boot
Next Topic:	Question about new kernels

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Fri Jun 20 13:57:51 GMT 2025

Total time taken to generate the page: 0.05422 seconds