OpenVZ Forum: Support » Trigger scripts?

Home » General » Support » Trigger scripts?

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Trigger scripts? [message #33512]

Sun, 19 October 2008 13:53

orange
Messages: 2
Registered: October 2008

Junior Member

Hi,

Is it possible for a script to be run when a CT is started or shutdown?

Thanks.

Report message to a moderator

Re: Trigger scripts? [message #33520 is a reply to message #33512]

Mon, 20 October 2008 00:32

locutius
Messages: 125
Registered: August 2007

Senior Member

yes you can use crond to identify if the "halt" file is present in the / of the CT then run a command if found

the "halt" file only appears if the CT is stopped and is deleted when the CT starts

beware that the vz reboot crond is 5 mins, it checks for the "halt" file and if found and if onboot=yes then CT is started

Report message to a moderator

Re: Trigger scripts? [message #33539 is a reply to message #33520]

Mon, 20 October 2008 17:07

orange
Messages: 2
Registered: October 2008

Junior Member

What I want to do (in this case) is to run a script that sets up iptables for the CT that is being started.

Does OpenVZ allow this? I would like to have some kind of shutdown/startup trigger mechanism.

If VZ doesn't do it I will have to do it myself with a wrapper script :/

Report message to a moderator

Re: Trigger scripts? [message #33542 is a reply to message #33539]

Mon, 20 October 2008 20:07

locutius
Messages: 125
Registered: August 2007

Senior Member

it is a function of the firewall that ships with the paid product but it is not present in openVZ

apf installed on the HN can be configured with unique iptables rules on an IP basis, very flexible solution http://kb.parallels.com/article_130_875_en.html (note the IFACE and MONKERN settings are the same for HN as they are for CT)

here is a reference in the Wiki just for info about firewalls and openVZ http://wiki.openvz.org/Setting_up_an_iptables_firewall#Setti ng_up_a_firewall_that_allows_per-container_configuration

caution: not all iptables modules are available for openVZ kernel and what there is happens to be bugggy e.g. configure your conntrak settings with vz STOPPED or you get a kernel oops. the solution above for apf inside a CT does not work on the latest kernel and latest version of vz (at least i cant get it to work ... i have it working on older kernels and vz versions)

Report message to a moderator

Previous Topic:	How it supports networking?
Next Topic:	ipTables - SSH

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon May 13 03:08:17 GMT 2024

Total time taken to generate the page: 0.01486 seconds