OpenVZ Forum


Home » General » Support » iptables fail in CT lastest OVZ kernel
Re: kernel module load fail [message #33621 is a reply to message #33603] Sun, 26 October 2008 09:52 Go to previous messageGo to previous message
locutius is currently offline  locutius
Messages: 125
Registered: August 2007
Senior Member
node B:

[root]# apf --start 2> apflog.txt

apflog.txt is without set -x
apflog1.txt is with set -x

everything iptables is failing

iptables is running in the CT. it is almost as if there is a problem with permissions

i have another HN to set up today. i cross my fingers for no problems

UPDATE:

i have installed OVZ on a new server node C. bad news: node C is behaving exactly the same as node B, apf will not run in a CT

i made an experiment and copied over the CT with working apf from node A to node C. when i started the previously good CT on node C then apf failed to work with all the same errors. conclusion: the problem is not in the CT config

there were other problems with node B that i did not report because i did not think were interesting. however, i see the same errors on node B and node C (both are many CT running httpd and mysqld):

1. the HN will not serve webpages longer than 24 hours before they stop. restarting the CT does not fix the problem. restarting vz service does not fix the problem. rebooting the HN solves it for another 24 hours before it stops again

2. stopping a CT on both B and C gives this error:

Message from syslogd@ at Mon Oct 27 10:08:44 2008 ...
host1 kernel: unregister_netdevice: device f5e56000 marked to leak
Message from syslogd@ at Mon Oct 27 10:08:44 2008 ...
host1 kernel: free_netdev: device venet0=f5e56000 leaked
Message from syslogd@ at Mon Oct 27 10:08:47 2008 ...
host1 kernel: unregister_netdevice: device f5e56800 marked to leak
Message from syslogd@ at Mon Oct 27 10:08:47 2008 ...
host1 kernel: free_netdev: device lo=f5e56800 leakedVE was stopped
VE is unmounted


3. stopping a CT on node C gives the broken pipe error

today i will make an experiment and stop iptables on the HN and the CT to test if the CT will serve for longer than 24 hours with iptables stopped

____________________________________________________________ ___

i appreciate the help you give. i have just completed a migration of 100+ vps from one datacentre to another, from older reliable OVZ that stays up for 6 months without intervention to new OVZ that cannot stay up for 24 hours

i am pointing the finger at the kernel

while building template cache on node C vzpkgcache failed with the error "syslog file not found" when syslogd is running

if you want me to raise bugs on any of these issues please tell me. i will work on this until a solution is found

UPDATE:

node B and C running for 4 hours with iptables disabled give the same leak error when stopping a CT. iptables is not the culprit. it is the OVZ network service causing the leak
  • Attachment: apflog.txt
    (Size: 27.36KB, Downloaded 491 times)
  • Attachment: apflog1.txt
    (Size: 247.84KB, Downloaded 510 times)

[Updated on: Mon, 27 October 2008 13:20]

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Mmap size on VPS [SOLVED]
Next Topic: apt-get package cache
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Thu Feb 19 03:13:32 GMT 2026

Total time taken to generate the page: 0.42792 seconds
Powered by FUDforum Powered by Virtuozzo Containers