Today's Messages (off)
| Unanswered Messages (on)
| Forum: Support |
|---|
| Topic: VEID.mount script doesn't run when vz starts |
|---|
| VEID.mount script doesn't run when vz starts [message #49630] |
Sat, 25 May 2013 02:04 |
 dipps
Messages: 1
Registered: May 2013
Location: Australia |
Junior Member |
From: *riverland.net.au
|
|
Hi all. I'm new on this forum, please excuse if I say something dumb.
I've been running openvz for a while. Today I ran 'yum update' on a centos 6.4 box, and that completed without errors.
When I rebooted afterwards, the container's mount script wasn't run. In the past this ran automatically with "vzctl start $VEID" and on boot... now it doesn't. "vzctl status" says the VE is mounted, but the extra mounts in the $VEID.mount script aren't done.
I have run mount by hand, then started the VE's daemons that had failed due to lack of mountpoints, and it's back in action. But I really need the mount script to run at start.
yum has just made the following updates: has something changed about one of these that requires my config to change?
May 25 10:34:38 Installed: vzkernel-2.6.32-042stab076.8.x86_64
May 25 10:34:42 Updated: vzctl-core-4.3-1.x86_64
May 25 10:34:46 Installed: vzstats-0.3.2-1.noarch
May 25 10:34:48 Updated: vzctl-4.3-1.x86_64
I don't think the kernel is the cause: same thing happens with the previous kernel, -042stab76.7
my $VEID.mount script is like this:
. /etc/vz/vz.conf
. ${VE_CONFFILE}
SRC=/mnt/az-tmp/varlog
DST=/var/log
mount --bind -o noatime,nodev,nosuid ${SRC} ${VE_ROOT}${DST}
echo "..${VEID}.mount complete"
Any suggestions? Thanks.. dipps.
|
|
| | Topic: Upgrade OpenVZ Debian Guest OS from Squeeze to Wheezy |
|---|
| | Topic: New container accessing previous container data |
|---|
| New container accessing previous container data [message #49608] |
Tue, 21 May 2013 15:05 |
nostalgeek
Messages: 2
Registered: April 2013
Location: Canada |
Junior Member |
From: 69.157.241*
|
|
All our OpenVZ containers share the Host's filesystem (simfs, no ploop). We don't provide our users with direct access to their block device.
Is it right to assume that it is not possible for a user to access data from a previous containers, unless the user is giving access to the underlying block device (voluntarily using pass-through, or through an OpenVZ or kernel security vulnerability that would allow a user to escape his OpenVZ container).
I'd like to hear Kir's comments or anyone else from OpenVZ or Parallels on this.
Thanks
Simon
|
|
| | Topic: ploop for snapshotting openvz containers on amazon ec2/xen |
|---|
 ploop for snapshotting openvz containers on amazon ec2/xen [message #49556] |
Mon, 13 May 2013 14:49 |
fredish
Messages: 3
Registered: May 2013
Location: Bay Area, USA |
Junior Member |
From: *connectregus.com
|
|
Hello,
I have started using ploop with openvz successfully on centos 6 for snapshotting containers, and it works marvelously. However in moving to Amazon and running on centos 6 via pv-grub, the basic openvz functionalities work per normal, but not with ploop. I believe Xen is doing something unexpected with the locking. I haven't been able to google up any specific info for ec2/xen + openvz + ploop. Is anyone aware of any gotchas or have pointers?
regards, Fred Patton
When running the following script ovz-container-setup.sh--
[ec2-user@blah ~]$ sudo ./ovz-container-setup.sh 201
which consists of:
sudo vzctl create $1 --ostemplate ubuntu-12.04-x86_64 --config unlimited --layout ploop --diskspace 3G
sudo vzctl set $1 --hostname box$1 --ipadd 10.0.0.$1 --nameserver 10.0.0.1 --userpasswd root:jlk4j3298 --onboot yes --save
sudo vzctl start $1
sudo vzctl snapshot $1 --id some-guid
OUTPUT:
**********************************************************
Creating image: /vz/private/201.tmp/root.hdd/root.hdd size=3145728K
Creating delta /vz/private/201.tmp/root.hdd/root.hdd bs=2048 size=6291456 sectors
Storing /vz/private/201.tmp/root.hdd/DiskDescriptor.xml
Adding delta dev=/dev/ploop36619 img=/vz/private/201.tmp/root.hdd/root.hdd (rw)
mke2fs 1.42.3 (14-May-2012)
Discarding device blocks: done
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
196608 inodes, 785915 blocks
39295 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=805306368
24 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
tune2fs 1.42.3 (14-May-2012)
Creating balloon file .balloon-c3a5ae3d-ce7f-43c4-a1ea-c61e2b4504e8
Mounting /dev/ploop36619p1 at /vz/private/201.tmp/root.hdd/root.hdd.mnt fstype=ext4 data=''
Unmounting device /dev/ploop36619
I/O error : No such file or directory
/vz/private/201.tmp/root.hdd/DiskDescriptor.xml:1: parser error : Document is empty
^
/vz/private/201.tmp/root.hdd/DiskDescriptor.xml:1: parser error : Start tag expected, '<' not found
^
Removing stale lock file /vz/lock/201.lck
Warning: distribution not specified in CT config, using defaults from /etc/vz/dists/default
Starting container...
Warning: distribution not specified in CT config, using defaults from /etc/vz/dists/default
stat(/vz/private/201): No such file or directory
stat(/vz/private/201): No such file or directory
Can't umount /vz/root/201: Invalid argument
stat(/vz/private/201): No such file or directory
Unable to start init, probably incorrect template
Container start failed
Killing container ...
Container was stopped
stat(/vz/private/201): No such file or directory
stat(/vz/private/201): No such file or directory
Can't umount /vz/root/201: Invalid argument
Error: failed to apply some parameters, not saving configuration file!
Container private area /vz/private/201 does not exist
Snapshot feature is only available for ploop-based CTs
**********************************************************
ADDITIONAL CONTEXT:
**********************************************************
[ec2-user@blah ~]$ sudo dmesg | tail -n 50
[ 0.211801] device-mapper: ioctl: 4.22.6-ioctl (2011-10-19) initialised: dm-devel@redhat.com
[ 0.237828] <30>udevd[87]: starting version 173
[ 0.292946] xlblk_init: register_blkdev major: 202
[ 0.296020] alloc irq_desc for 275 on node 0
[ 0.296026] alloc kstat_irqs on node 0
[ 0.305178] blkfront: xvde1: barriers disabled
[ 0.606316] EXT4-fs (xvde1): INFO: recovery required on readonly filesystem
[ 0.606345] EXT4-fs (xvde1): write access will be enabled during recovery
[ 6.305800] EXT4-fs (xvde1): orphan cleanup on readonly fs
[ 6.308531] EXT4-fs (xvde1): ext4_orphan_cleanup: deleting unreferenced inode 7113
[ 6.308619] EXT4-fs (xvde1): ext4_orphan_cleanup: deleting unreferenced inode 7109
[ 6.309350] EXT4-fs (xvde1): ext4_orphan_cleanup: deleting unreferenced inode 7076
[ 6.309370] EXT4-fs (xvde1): ext4_orphan_cleanup: deleting unreferenced inode 7074
[ 6.309404] EXT4-fs (xvde1): ext4_orphan_cleanup: deleting unreferenced inode 7072
[ 6.309426] EXT4-fs (xvde1): ext4_orphan_cleanup: deleting unreferenced inode 7068
[ 6.309446] EXT4-fs (xvde1): 6 orphan inodes deleted
[ 6.309460] EXT4-fs (xvde1): recovery complete
[ 6.392109] EXT4-fs (xvde1): mounted filesystem with ordered data mode. Opts:
[ 6.664406] dracut: Remounting /dev/disk/by-label/\x2f with -o noatime,ro
[ 6.685461] EXT4-fs (xvde1): mounted filesystem with ordered data mode. Opts:
[ 6.691476] dracut: Mounted root filesystem /dev/xvde1
[ 6.763928] dracut: Switching root
[ 12.227947] <30>udevd[224]: starting version 173
[ 14.594784] Initialising Xen virtual ethernet driver.
[ 14.595974] alloc irq_desc for 274 on node 0
[ 14.595980] alloc kstat_irqs on node 0
[ 17.844949] NET: Registered protocol family 10
[ 29.386043] eth0: no IPv6 routers present
[ 36.884041] venet0: no IPv6 routers present
[ 49.671537] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 50.059239] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 50.153451] Enabling conntracks and NAT for ve0
[ 50.153466] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 50.458267] RPC: Registered named UNIX socket transport module.
[ 50.458279] RPC: Registered udp transport module.
[ 50.458285] RPC: Registered tcp transport module.
[ 50.458291] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 51.065970] Slow work thread pool: Starting up
[ 51.066120] Slow work thread pool: Ready
[ 51.066160] FS-Cache: Loaded
[ 51.121922] Registering the id_resolver key type
[ 51.122080] FS-Cache: Netfs 'nfs' registered for caching
[ 51.221254] ploop_dev: module loaded
[ 75.822126] ploop36619: unknown partition table
[ 76.882564] ploop36619:
[ 76.900774] ploop36619: p1
[ 80.539312] ploop36619: p1
[ 80.567750] EXT4-fs (ploop36619p1): mounted filesystem with ordered data mode. Opts:
[ 80.643295] CT: 201: started
[ 80.737492] CT: 201: stopped
[ec2-user@blah ~]$ sudo df -iT
Filesystem Type Inodes IUsed IFree IUse% Mounted on
/dev/xvde1 ext4 524288 57886 466402 12% /
tmpfs tmpfs 936809 1 936808 1% /dev/shm
[ec2-user@ip-10-254-73-168 ~]$ sudo ploop stat -d /dev/ploop34720
bio_in 16786
bio_fast 120
bio_full 0
bio_out 28
bio_alloc 75
bio_alloc_whole 64
bio_splits 0
coal_back 0
coal_forw 16547
coal_back2 0
coal_forw2 0
coal_oback 0
coal_oforw 0
coal_mback 0
coal_mforw 0
coal_overlap 0
coal_flush 0
bio_barriers 0
bio_rzero 13
bio_wzero 0
bio_syncwait 75
bio_fsync 19
bio_cows 0
bio_whole_cows 0
merge_neg_cluster 0
merge_neg_disable 0
fast_neg_nomap 116
fast_neg_noem 0
fast_neg_shortem 0
fast_neg_backing 0
bio_lockouts 28
map_lockouts 1
merge_lockouts 0
map_reads 4
map_merges 0
map_single_writes 14
map_multi_writes 10
map_multi_updates 61
bio_trans_whole 0
bio_trans_copy 0
bio_trans_alloc 0
bio_trans_index 0
bio_flush_in 9
bio_fua_in 1
bio_flush_out 9
bio_fua_out 1
bio_flush_skip 0
|
|
| | Topic: Changing permissions on bind mount |
|---|
| Changing permissions on bind mount [message #49542] |
Sat, 11 May 2013 16:26 |
deranjer
Messages: 4
Registered: December 2010
Location: United States |
Junior Member |
From: *hsd1.mi.comcast.net
|
|
I have a SMB bind mount to a openvz client:
#!/bin/bash
mount -o gid=107,uid=107 --bind /mnt/media /var/lib/vz/root/104/mnt/media
I am trying to set the owner of the bind mount to a user on the CLIENT. Not sure how to do that, since I get permission denied when I attempt to change it on the client itself. The ID of the user is 107 on the client, with made me try to mount it with that user, but really didn't think that would work.. at a loss at how to set the owner to a user on the client....
|
|
| | Topic: ploop questions |
|---|
| | Topic: Setting up a HN-based firewall |
|---|
| Setting up a HN-based firewall [message #49437] |
Tue, 30 April 2013 14:53 |
raenk
Messages: 2
Registered: March 2013
Location: Mexico |
Junior Member |
From: *prod-infinitum.com.mx
|
|
Hi,
I'm following the article on the wiki for setting up a HN firewall:
openvz.org/Setting_up_an_iptables_firewall
But the script does not consider ICMP thus are being blocked.
I managed to insert rule to accept requests on the HN, but can't figure it out for the containers. I'm sure this is going to be an easy one, but i'm not that good for scripting + iptables.
Here's my the modified script:
#!/bin/sh
# firewall Start iptables firewall
# chkconfig: 2345 97 87
# description: Starts, stops and saves iptables firewall
# This script sets up the firewall for the INPUT chain (which is for
# the HN itself) and then processes the config files under
# /etc/firewall.d to set up additional rules in the FORWARD chain
# to allow access to containers' services.
# wiki.openvz.org/Setting_up_an_iptables_firewall
. /etc/init.d/functions
# the IP block allocated to this server
SEGMENT="*.*.*.64/27"
# the IP used by the hosting server itself
THISHOST="*.*.*.210"
# services that should be allowed to the HN;
# services for containers are configured in /etc/firewall.d/*
OKPORTS="1234"
# hosts allowed full access through the firewall,
# to all containers and to this server
DMZS=""
purge() {
echo -n "Firewall: Purging and allowing all traffic"
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -F
success ; echo
}
setup() {
echo -n "Firewall: Setting default policies to DROP"
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -I INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -I FORWARD -j ACCEPT -m state --state ESTABLISHED,RELATED
iptables -I INPUT -j ACCEPT -i lo
iptables -I FORWARD -j ACCEPT --source $SEGMENT
success ; echo
echo "Firewall: Allowing access to HN"
for port in $OKPORTS ; do
echo -n " port $port"
iptables -I INPUT -j ACCEPT -d $THISHOST --protocol tcp --destination-port $port
iptables -I INPUT -j ACCEPT -d $THISHOST --protocol udp --destination-port $port
success ; echo
done
for ip in $DMZS ; do
echo -n " DMZ $ip"
iptables -I INPUT -i eth0 -j ACCEPT -s $ip
iptables -I FORWARD -i eth0 -j ACCEPT -s $ip
success ; echo
done
echo "Firewall: Allowing ICMP incoming and outgoing requests (Ping) for HN"
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $THISHOST -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s $THISHOST -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s $THISHOST -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 0/0 -d $THISHOST -m state --state ESTABLISHED,RELATED -j ACCEPT
success ; echo
CTSETUPS=`echo /etc/firewall.d/*`
if [ "$CTSETUPS" != "/etc/firewall.d/*" ] ; then
echo "Firewall: Setting up container firewalls"
for i in $CTSETUPS ; do
. $i
echo -n "$CTNAME CT$CTID"
if [ -n "$BANNED" ]; then
for source in $BANNED ; do iptables -I FORWARD -j DROP --destination $CTIP --source $source ; done
fi
if [ -n "$OPENPORTS" ]; then
for port in $OPENPORTS ; do iptables -I FORWARD -j ACCEPT --protocol tcp --destination $CTIP --destination-port $port ; done
for port in $OPENPORTS ; do iptables -I FORWARD -j ACCEPT --protocol udp --destination $CTIP --destination-port $port ; done
fi
if [ -n "$DMZS" ]; then
for source in $DMZS ; do iptables -I FORWARD -j ACCEPT --protocol tcp --destination $CTIP --source $source ; done
for source in $DMZS ; do iptables -I FORWARD -j ACCEPT --protocol udp --destination $CTIP --source $source ; done
fi
[ $? -eq 0 ] && success || failure
echo
done
fi
echo "Firewall: Allowing ICMP incoming and outgoing requests (Ping) for Containers"
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d $SEGMENT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s $SEGMENT -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s $SEGMENT -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 0/0 -d $SEGMENT -m state --state ESTABLISHED,RELATED -j ACCEPT
success ; echo
}
case "$1" in
start)
echo "Starting firewall..."
purge
setup
;;
stop)
echo "Stopping firewall..."
purge
;;
restart)
$0 stop
$0 start
;;
status)
iptables -n -L
;;
*)
echo "Usage: $0 <start|stop|restart|status>"
;;
esac
|
|
| | Topic: Forkbomb |
|---|
| Forkbomb [message #49410] |
Mon, 29 April 2013 05:21 |
bastoune
Messages: 2
Registered: April 2013 |
Junior Member |
From: *fbx.proxad.net
|
|
Hi everybody,
i'm trying to make hardening on containers to make users unable to damage the host node. I just tried a forkbomb in a container using python
import os
while True:
os.fork()
Running htop on my host node, I see that CPU usage is 100% on all cores, even if i setted params like cpuunit, cpus, cpulimit in configuration file.
How can I struggle against this ?
All my containers are precreated debian templates 
Thx a lot
|
|
| | Topic: Sound in multiple containers |
|---|
| Sound in multiple containers [message #49405] |
Sun, 28 April 2013 22:08 |
Gerard64
Messages: 3
Registered: August 2011
Location: Eijsden / The Netherlands |
Junior Member |
From: *cm-5-7a.dynamic.ziggo.nl
|
|
Is it possible to have sound in more then one vps?
I have sound working in one vps. It would be great if i could access the soundcard from another vps at the same time.
Can somebody tell me if and how to do this?
I tried to set same devnodes settings on 2 containers at the same time this does not work. The vps that starts first has access to the soundcard the other one has no sound till i remove the devnodes settings in the first one then it works but never 2 container at the same time. Is there a way to make it work in more then one container?
I searched the forum to find an answer for this didn't found any posts about it.
Kernel 2.6.32-5-openvz-686 GNU/Linux
Tools Version: 3.0.24-12
[Updated on: Sun, 28 April 2013 22:24] Report message to a moderator |
|
| | Topic: Deployment of OpenVZ containers |
|---|
| Deployment of OpenVZ containers [message #49402] |
Sun, 28 April 2013 13:29 |
ChaiVz
Messages: 8
Registered: January 2013 |
Junior Member |
From: 117.230.241*
|
|
I currently have OpenVZ installed on CentOS 6.3 in a LAN with the host node ip address being 192.168.2.152.How do I assign other users in the LAN a dedicated container of their own so that their sessions are isolated from one another.
I have heard this is possible using OpenVZ,but could anyone please suggest ways to get this done?
|
|
| | Topic: 042stab076.5 and mount options behavior (remount) |
|---|
| 042stab076.5 and mount options behavior (remount) [message #49344] |
Tue, 23 April 2013 04:52 |
bearbear
Messages: 3
Registered: October 2012 |
Junior Member |
From: 91.224.182*
|
|
According to changelog of 042stab076.5:
...
[fs] forbid filesystem mount options (on remount inside a CT) if white list was not provided
...
How can I restore old behaviour. Where i can provide white list and what options i nneed to set?
Thank you!
|
|
| | Topic: Update vzctl |
|---|
| Update vzctl [message #49335] |
Mon, 22 April 2013 03:45 |
dieterr
Messages: 1
Registered: April 2013 |
Junior Member |
From: *danubedc.com
|
|
Hi, I'm runing a OpenVZ on CentOS (RHEL5, see below).
To install vzctl 4.2-1 I've to resolve some dependences:
vzctl-core x86_64 4.2-1
libcgroup x86_64 0.37-4
ovzkernel x86_64 2.6.18-348.3.1.el5.028stab106.2
vzquota x86_64 3.1-1
Are there any problems known, because so I want to minimize risks. I've searched the net and couldn't find any issues. The system hosts two main servers of the company.
Regards
Dieter
Linux version 2.6.18-164.11.1.el5.028stab068.3 (root@rhel5-64-build) (gcc version 4.1.2 20070626 (Red Hat 4.1.2-14)) #1 SMP Wed Feb 17 15:22:30 MSK 2010
vzctl version 3.0.23
|
|
| | Topic: loopback problem on some container |
|---|
| loopback problem on some container [message #49307] |
Fri, 19 April 2013 08:49 |
chut
Messages: 3
Registered: April 2013
Location: Thailand |
Junior Member |
From: 110.77.163*
|
|
Can somebody help me.
On my VPS Host
HP ProLiant 165G7
2x AMD Opteron 6128
ECC DDR3 4x 4GB Transcend UDIMM
2x WD 2TB Black with RAID SW (OS and SWAP)
1x IBM HBA, 2 Dual SAS Port
IBM DS3512 with Dual Controller
6x IBM SAS NL 2TB with RAID Level 10 (VPS Container Data)
All my vps running on SolusVM 1.13.03 License (VPS Control Panel)
but some Container is issue with telnet i try to rebuild new os
1. centos 5 x86_64 - not working on test telnet 127.0.0.1 80
2. centos 6 x86_64 - not working on test telnet 127.0.0.1 80
on my VPS Host i test with nmap
[root@vpsserver3 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 1.7T 2.1G 1.6T 1% /
tmpfs 7.8G 0 7.8G 0% /dev/shm
/dev/mapper/mpathbp1 493G 132G 337G 29% /backup_SAN
/dev/mapper/mpathbp2 20G 1.1G 18G 6% /var
/dev/mapper/mpathap1 2.0T 278G 1.6T 15% /vz
/dev/mapper/mpathcp1 2.0T 199M 1.9T 1% /vz2
/dev/mapper/mpathbp3 957G 200M 908G 1% /vz3
[root@vpsserver3 ~]#
[root@vpsserver3 ~]# uname -a
Linux vpsserver3.dlthhost.com 2.6.32-042stab076.5 #1 SMP Mon Mar 18 20:41:34 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@vpsserver3 ~]# nmap -p2086,2087 203.151.45.x6
Starting Nmap 5.51 at 2013-04-19 19:26 ICT
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Failed to find device venet0 which was referenced in /proc/net/route
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.51 seconds
[root@vpsserver3 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
error: "net.ipv4.ip_conntrack_max" is an unknown key
kernel.shmall = 4294967296
net.core.netdev_max_backlog = 2048
net.core.dev_weight = 64
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_sack = 0
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_max_orphans = 32768
net.core.optmem_max = 20480
net.core.rmem_default = 16777216
net.core.rmem_max = 16777216
net.core.wmem_default = 16777216
net.core.wmem_max = 16777216
net.core.somaxconn = 500
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_max_tw_buckets = 540000
[root@vpsserver3 ~]#
[root@vpsserver3 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr xx:xx:DE:F1:B1:CE
inet addr:203.151.45.x1 Bcast:203.151.45.255 Mask:255.255.254.0
inet6 addr: xxxx::xxxx:deff:fef1:b1ce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:189829860 errors:0 dropped:0 overruns:890 frame:0
TX packets:241780265 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48337595152 (45.0 GiB) TX bytes:174247780127 (162.2 GiB)
Memory:fea60000-fea80000
eth3 Link encap:Ethernet HWaddr xx:xx:DE:F1:B1:CD
inet addr:203.151.45.x2 Bcast:203.151.45.255 Mask:255.255.254.0
inet6 addr: xxxx::xxxx:deff:fef1:b1cd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4052234 errors:0 dropped:0 overruns:0 frame:0
TX packets:512 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1258038993 (1.1 GiB) TX bytes:32220 (31.4 KiB)
Memory:fe9e0000-fea00000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3987227 errors:0 dropped:0 overruns:0 frame:0
TX packets:3987227 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:992490479 (946.5 MiB) TX bytes:992490479 (946.5 MiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:242021075 errors:0 dropped:0 overruns:0 frame:0
TX packets:184395002 errors:0 dropped:1765 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:171037784143 (159.2 GiB) TX bytes:42984061114 (40.0 GiB)
[root@vpsserver3 ~]#
On my Container IP : 203.151.45.x6 (CentOS 6 x86_64)
- Install cPanel VPS
[root@migration /]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:576 errors:0 dropped:0 overruns:0 frame:0
TX packets:576 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:34560 (33.7 KiB) TX bytes:34560 (33.7 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:3100 errors:0 dropped:0 overruns:0 frame:0
TX packets:3123 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:510453 (498.4 KiB) TX bytes:281511 (274.9 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:203.151.45.76 P-t-P:203.151.45.76 Bcast:203.151.45.76 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
[root@migration /]# tail -f /etc/hosts
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
# Auto-generated hostname. Please do not remove this comment.
203.151.45.x6 migration.xxxxhost.com migration
::1 localhost
[root@migration /]# telnet localhost 2086
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection timed out
Trying ::1...
telnet: connect to address ::1: Network is unreachable
[root@migration /]# service cpanel status
cpsrvd (pid 9181) is running...
entropychat is stopped
stunnel is stopped
interchange is stopped
qrunner is stopped
[root@migration /]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.tcp_syncookies = 1
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
[root@migration /]#
In other my Container use Kloxo MR with CentOS 6.4 x86_64 (Nginx 1.3.14, PHP-FPM 5.3.21, MySQL 5.5, BIND 9.9.2-P1-RedHat-9.9.2-2.P1.el6)
- this my Container working without error on telnet : same Hardware, OpenVZ Kernel on problem Container
[root@kloxo-mr network-scripts]# cat ifcfg-venet0
DEVICE=venet0
BOOTPROTO=static
ONBOOT=yes
IPADDR=127.0.0.1
NETMASK=255.255.255.255
BROADCAST=0.0.0.0
IPV6INIT="yes"
[root@kloxo-mr network-scripts]# cat ifcfg-venet0:0
DEVICE=venet0:0
ONBOOT=yes
IPADDR=203.151.45.x0
NETMASK=255.255.255.255
[root@kloxo-mr network-scripts]#
[root@kloxo-mr /]# telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.
[root@kloxo-mr /]#
----
on Container : Debian 6.0 64Bit run with WebSocket (no control panel, no apache)
I try this working telnet
root@server1:/# telnet 127.0.0.1 8443
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.
root@server1:/#
Thanks you for all comment and help
Ronachut
|
|
| | Topic: Selecting IP Address On Venet |
|---|
| Selecting IP Address On Venet [message #49298] |
Thu, 18 April 2013 21:12 |
_bob
Messages: 1
Registered: April 2013 |
Junior Member |
From: *ipredator.se
|
|
My provider gives out a handful of IP addresses on my OpenVZ system. Can I select which address I use for outbound connections from within the CT?
ifconfig:
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
inet6 addr: 3605:3d00:0:3::107/128 Scope:Global
inet6 addr: 3605:3d00:0:3::106/128 Scope:Global
inet6 addr: 3605:3d00:0:3::109/128 Scope:Global
inet6 addr: 3605:3d00:0:3::108/128 Scope:Global
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:41055 errors:0 dropped:0 overruns:0 frame:0
TX packets:46603 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3430999 (3.4 MB) TX bytes:6852002 (6.8 MB)
|
|
| | Topic: NFSV4 client and CT OpenVZ |
|---|
| NFSV4 client and CT OpenVZ [message #49209] |
Tue, 09 April 2013 03:10 |
Zophren
Messages: 2
Registered: March 2013
Location: France |
Junior Member |
From: 91.198.191*
|
|
Hello,
I try to configure NFV4 on a container (CT), i used the container as client.
My configuration (Debian/Lenny):
pve-manager: 1.9-26 (pve-manager/1.9/6567)
running kernel: 2.6.32-6-pve
proxmox-ve-2.6.32: 1.9-50
pve-kernel-2.6.32-4-pve: 2.6.32-33
pve-kernel-2.6.32-6-pve: 2.6.32-55+ovzfix-1
qemu-server: 1.1-32
pve-firmware: 1.0-15
libpve-storage-perl: 1.0-19
vncterm: 0.9-2
vzctl: 3.0.29-3pve1
vzdump: 1.2-16
vzprocps: 2.0.11-2
vzquota: 3.0.11-1dso1
pve-qemu-kvm: 0.15.0-2
ksm-control-daemon: 1.0-6
I would like to use Idmap with NFSV4, to synchronize my account between NFS client and server.
I enable nfs and nfsd features on CT. But i have this message on the log when i try to start nfs-common :
Apr 9 09:03:10 rez10 rpc.idmapd[18504]: libnfsidmap: using domain: rezoo.fr
Apr 9 09:03:10 rez10 rpc.idmapd[18504]: libnfsidmap: processing 'Method' list
Apr 9 09:03:10 rez10 rpc.idmapd[18504]: libnfsidmap: loaded plugin /usr/lib/libnfsidmap/nsswitch.so for method nsswitch
Apr 9 09:03:10 rez10 rpc.idmapd[18505]: Expiration time is 600 seconds.
Apr 9 09:03:10 rez10 rpc.idmapd[18505]: nfsdopenone: Opening /proc/net/rpc/nfs4.nametoid/channel failed: errno 2 (No such file or directory)
I search on google and i don't find a solution. However, i found this => comments.gmane.org/gmane.linux.openvz.user/4640
I extracting the most important :
Quote:Having said that, only NFS v2 and NFS v3 are supported inside CT.
We are currently working on making NFS v4 work inside containers, but we do it for mainline
kernels rather than in RHEL6 kernel. So whenever we will port OpenVZ to any of 3.3 kernels,
it will most probably have NFS v4 support. RHEL7-based OpenVZ kernel will have it, too.
I successful mount my share in the CT with NFSV4, but idmapd not works.
For your information, NFSV4 + Idmapd works on the root host...
Could you please help me ?
|
|
| | Topic: Replatform Debian 6 => CentOS 6.4 - major performance drop |
|---|
| Replatform Debian 6 => CentOS 6.4 - major performance drop [message #49204] |
Mon, 08 April 2013 16:08 |
tdrnetworks
Messages: 1
Registered: April 2013 |
Junior Member |
From: *2-1.cable.virginmedia.com
|
|
Hey,
I wonder if anyone can help, I've first of all hit this bug:
Search bugzilla for: 2554
and have had to revert to an earlier OpenVZ kernel, but my containers since switching from Debian 6 to CentOS have started requiring large amounts of CPU. The graph attached explains it better:
To the left is Debian
To the right is the host redone with CentOS
The guest contain blue is Debian also - is there a performance overhead when virtualising Debian on CentOS? Can anyone else give an indication as to why the contain effectively needs twice the resources since the migration.
I would desperately like to stay on CentOS to get the upstream updates as Debian is seriously lacking, but the performance is ab-missal and on production people are noticing the performance drop!
Any suggestions would be greatly appreciated.
Currently using - 2.6.32-042stab053.5
Have tried using - 2.6.32-042stab077.3
It would appear the system is busy with user requests - but a top within the system seems to indicate, it's not the container making the system incredibly busy:
Thanks,
Keith
[Updated on: Mon, 08 April 2013 16:18] Report message to a moderator |
|
| | Topic: vzquota incompatibility between RHEL5 028stab101.3 & 028stab106.2? |
|---|
| vzquota incompatibility between RHEL5 028stab101.3 & 028stab106.2? [message #49175] |
Fri, 05 April 2013 15:19 |
Jimbo
Messages: 9
Registered: November 2008 |
Junior Member |
From: *cs.yale.edu
|
|
I am not able to live-migrate containers to a 2.6.18-348.3.1.el5.028stab106.2 system due to a vzquota error. The error message vzquota gives is inaccurate, since I do have quotas enabled on this container. I have been able to live migrate containers between previous kernels, for example from a 2.6.18-308.8.2.el5.028stab101.1 system to a 2.6.18-308.8.2.el5.028stab101.3 system.
Is there a vzquota incompatibility between 2.6.18-308.8.2.el5.028stab101.3 and 2.6.18-348.3.1.el5.028stab106.2?
Here's the target system:
[root@physical4 ~]# vzquota
Usage: vzquota [options] command quotaid [command-options-and-arguments]
vzquota commands are:
init Initialize quota data for given quotaid
on Turn on quota accounting for given quotaid
off Turn off quota accounting for given quotaid
drop Delete quota limits from file
setlimit Set quota limits for given quotaid
setlimit2 Set L2 quota limits for given quotaid and QUGID
reload2 Reload L2 quota limits from quota file for given quotaid
stat Show usage and quota limits for given quotaid
show Show usage and quota limits from quota file
[root@physical4 ~]# uname -a
Linux physical4.virtual.yale.edu 2.6.18-348.3.1.el5.028stab106.2 #1 SMP Wed Mar 27 16:56:40 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@physical4 ~]# rpm -q vzquota
vzquota-3.1-1
[root@physical4 ~]#
and here's what happens when I try to live migrate a container to that system:
[root@physical3 ~]# vzquota stat 3244
resource usage softlimit hardlimit grace
1k-blocks 1744820 2300400 2300400
inodes 54431 200000 220000
[root@physical3 ~]# vzmove 3244 physical4
Samba is running
httpd is running
Starting live migration of CT 3244 to physical4
Preparing remote node
Initializing remote quota
Syncing private
Live migrating container...
Syncing 2nd level quota
Error: Failed to undump container
vzquota : (error) Quota is not running for id 3244
Move failed. Try -f ?
[root@physical3 ~]# uname -a
Linux physical3.virtual.yale.edu 2.6.18-308.8.2.el5.028stab101.3 #1 SMP Fri Mar 15 01:26:41 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@physical3 ~]# rpm -q vzquota
vzquota-3.1-1
[root@physical3 ~]#
|
|
| | Topic: 50Gb RAM for i386 CT ? |
|---|
| 50Gb RAM for i386 CT ? [message #49151] |
Tue, 02 April 2013 12:33 |
___jul
Messages: 2
Registered: May 2012 |
Junior Member |
From: *epm.net.co
|
|
Hello,
Sorry dumb question but I surprised here :
I start to admin a new server and I see a CT with 50Gb, 49148mb in used even if CT really use only 3689 mb.
But Can you clear my doubt, here, the CT is Debian 6.0 i386.
How is it possible ?
I can allocate much memory as I want but the CT will only use close to 4Gb, right ?
vm01(vm)[/]# uname -a
Linux vm01 2.6.32-17-pve #1 SMP Wed Nov 28 07:15:55 CET 2012 i686 GNU/Linux
vm01(vm)[/]# free -m
total used free shared buffers cached
Mem: 49152 49148 3 0 0 45459
-/+ buffers/cache: 3689 45462
Swap: 4096 0 4095
Thks
|
|
| | Topic: How to build openvz from source |
|---|
| How to build openvz from source [message #49140] |
Sat, 30 March 2013 05:09 |
alan0924
Messages: 2
Registered: December 2012 |
Junior Member |
From: 113.250.158*
|
|
I want to do some modification on linux source, so I want to build entire openvz kernel and tools from source,
I follow the guide in FAQ to build a kernel, and after reboot kernel works well,
BUT WHEN I prepare to create a virtual container, I cannot find any vz tools like vzctl, what should I do?
I am sorry to my poor English
best regards!!
|
|
| | Topic: user_beancounters: failcnt increasing before resources reach limit |
|---|
| user_beancounters: failcnt increasing before resources reach limit [message #49131] |
Thu, 28 March 2013 08:29 |
david2389
Messages: 1
Registered: March 2013 |
Junior Member |
From: *83.88.55.dyn.user.ono.com
|
|
Hi,
I'm a customer of a VPS provider who uses OpenVZ. I don't have access to the OpenVZ configuration or kernel logs.
I'm finding those typical problems reported elsewhere (e.g. "fork: Cannot allocate memory"). I understand they happen because I'm using too much resources. However, the "maxheld" value in the /proc/user_beancounters file isn't near the "barrier" or "limit" ones, at which point I'd expect the "failcnt" to increase.
To illustrate my problem, consider this partial user_beancounters file:
Version: 2.5
uid resource held maxheld barrier limit failcnt
67767067: kmemsize 26743189 26895615 31457280 34603008 9201127
privvmpages 473723 485794 1048576 1153433 30530
numproc 87 89 128 128 635
Some minutes later, this is how it looks:
Version: 2.5
uid resource held maxheld barrier limit failcnt
67767067: kmemsize 26960203 28481774 31457280 34603008 9227898
privvmpages 431904 599424 1048576 1153433 33525
numproc 88 90 128 128 635
We can see that the failcnt for kmemsize and privvmpages has increased, however the maxheld field doesn't seem to have hit the limit for each field. I'd expect to find something like this:
uid resource held maxheld barrier limit failcnt
67767067: kmemsize 26960203 34603008 31457280 34603008 9227898
Is this normal behaviour? Is there something I can do to make a better usage of the resources I've been allocated?
|
|
| | Topic: Ubuntu 12.10 container has problems with dhcp and default route |
|---|
| Ubuntu 12.10 container has problems with dhcp and default route [message #49128] |
Thu, 28 March 2013 06:03 |
alex88
Messages: 1
Registered: December 2011 |
Junior Member |
From: *29-79-b.business.telecomitalia.it
|
|
Hi guys,
I've an ubuntu 12.10 container, I've set /etc/network/interfaces.tail to:
auto eth0
iface eth0 inet dhcp
up route del default dev venet0
I've added the del default venet0 since it's not natted and I've created a veth bridge between vm with dnsmasq running on it.
The problem is that on boot it gets the ip from dhcp but not the default route, running dhclient eth0 manually makes it works fine.
On ubuntu 12.04 container it works without problems.
Any idea on what could be wrong?
|
|
| | Topic: Status of O_DIRECT option support inside container |
|---|
| Status of O_DIRECT option support inside container [message #49095] |
Wed, 20 March 2013 07:31 |
ivantretyakov
Messages: 2
Registered: March 2013 |
Junior Member |
From: 89.22.4*
|
|
Hello!
We consider to enable fs.odirect flag in the OpenVZ kernel 2.6.32-042stab075.2 for CentOS 6.
I can see at this forum /showthread.php?97158-Leakage-notice following lines:
# allows to enable O_DIRECT inside container
# We still have to disable O_DIRECT by default inside container due to
# compatibility with old broken software (e.g. rpm)
fs.odirect_enable
What is the current status of this issue? Is it safe to use this flag with OpenVZ containers?
|
|
| | Topic: Netrork dropping after a period of time in guest OS |
|---|
| Netrork dropping after a period of time in guest OS [message #49093] |
Tue, 19 March 2013 18:48 |
kubla
Messages: 1
Registered: March 2013
Location: United Kingdom |
Junior Member |
From: *uk.net
|
|
Hi Folks,
This is a bit of a long shot, but here goes: I have 2.6.18-274.3.1.el5.028stab094.3.owl1 x86_64 installed on a Dell Poweredge 1950 with a variety of Ubuntu guests. The on-board Broadcom NIC's have failed on this particular machine, so it has a single Intel PRO/1000 NIC which was configured to run on one IP range. This config all works fine.
I had reason to move a couple of VM's from an identically configured server which needs maintenance; however they use a different IP range. I configured a virtual interface eth0:1 on the host with a spare address in this range & successfully brought the new guests up, however they lost network connectivity after about 3 hours. I restarted the VM's & they worked again for about another 3 hours before losing network connectivity again. I haven't got precise timings yet, but this smacks of some kind of timeout. The VM's on the physical interface eth0 are unaffected, it's only the 2 on the virtual interface eth0:1 which go AWOL. The guest OS can be eliminated since there are VM's on the physical interface using the same venet config:
/proc/sys/net/ipv4/conf/venet0/proxy_arp = 1
/proc/sys/net/ipv4/conf/venet0/forwarding = 1
I have a kludge in place which pings the VM's in question once a minute & issues a vzctl stop, sleeps for a second then issues a vzctl start on the affected containers if the VM doesn't respond to the ping. Obviously far from ideal, but it works.
My Google-fu appears to have deserted me which means I'm probably looking at an edge case. My questions are as follows:
1) Has anyone else experienced anything like this?
2) Is anyone aware of any ethernet timeout things I can tweak?
3) What can I use to debug this issue further?
Kind regards,
Kubla
|
|
| | Topic: network question in openVZ |
|---|
| network question in openVZ [message #49091] |
Mon, 18 March 2013 11:17 |
yesimroy
Messages: 1
Registered: March 2013 |
Junior Member |
From: 140.112.29*
|
|
Hello everyone,
I have a network question shown as the graph below.
Because my poor network concepts and experience, I can't figure out a feasible solution. Can anyone give me some advises, please?
Thank you very much!!
|
|
| | Topic: General advice with Fedora 18 and non-VZ kernel |
|---|
| General advice with Fedora 18 and non-VZ kernel [message #49090] |
Mon, 18 March 2013 10:21 |
eriksq
Messages: 1
Registered: March 2013 |
Junior Member |
From: *hsd1.ma.comcast.net
|
|
Hi Everyone,
I was a big fan of Solaris zones when they first came out and I was looking for a way to implement this type of feature on a web / application /database server I run with OpenVZ.
After trying a few things, and poking around I think I may be better off asking some of you about this before I try much more.
I would like to use containers more for security and backups/snapshots than for quotas. Actually I don't care about quotas at all in terms of disk space, but resource management (CPU, memory) maybe but not a must.
Currently the kernel I'm using is 3.8.2, but gets updated rather regularly by the Fedora maintainers. Because of the big difference in kernel versions I'm not sure if I can even use a VZ kernel.
Next, If I don't use the VZ kernel the networking/bridging instructions are a little confusing. I got to this page:
wiki.openvz.org Slash Using_private_IPs_for_Hardware_Nodes
and the first set of instructions uses asterisks and too many vague pronoun references for my old eyes.
So, with all of this, can some one point me into a better and more productive way to get a VE started?
Thank you,
Erik
|
|
| | Topic: how to make a bridge ? |
|---|
| how to make a bridge ? [message #49084] |
Mon, 18 March 2013 02:35 |
Pottery
Messages: 1
Registered: January 2013 |
Junior Member |
From: 113.251.223*
|
|
I try to bridge the physical interface in the CT0 to the virtual ethernet device. I just fllowed the guide,
I creat a virtual container named CT101, it has a virtual ethernet device veth101.0, and the corresponding network interface in CT101 is eth0. I found that the network interface in CT101 can just receive broadcast packages and can not receive icmp packages.
why ?? and how to bridge the physical interface to the virtual ethernet device ?? thanks!
Attachment: bridge.JPG
(Size: 6.26KB, Downloaded 30 times)
|
|
| | Topic: Binding to non-local IP on startup |
|---|
| Binding to non-local IP on startup [message #49078] |
Fri, 15 March 2013 12:39 |
seanfulton
Messages: 97
Registered: May 2007 |
Member |
From: *static.optonline.net
|
|
Hello, I'm trying to set up an haproxy service in OpenVZ using IP addresses that will be failed over from another machine using heartbeat or similar.
In order to avoid starting haproxy on fail-over, I'd like to have it already running. I used:
echo "net.ipv4.ip_nonlocal_bind = 1" >>/etc/sysctl.conf
sysctl -p
on the host node.
Restarted the VE,
But I still get:
Starting frontend www.SOMENAME.com_80: cannot bind socket [SOMEIP:80]
from haproxy
Any idea what I am missing?
|
|
| | Topic: Ressources usage seems strange |
|---|
| Ressources usage seems strange [message #49077] |
Fri, 15 March 2013 06:32 |
vfinet
Messages: 1
Registered: March 2013 |
Junior Member |
From: *net-89-3-141.rev.numericable.fr
|
|
Hello everyone.
I hit a strange behavior in one of my OpenVZ installation.
I have an OpenVZ server running only one VE.
According to my monitoring and to the top command performed on both hardware node and the VE I can see that cpu usage is 10 time more important in the VE than on the hardware node. Same for the load.
I first think about a problem of ressources but it's not the case because I don't limit my VE (not a single failcnt in /proc/user_beancounters).
All my cores are also available in the VE.
Do you have any idea how cpu and load could be higher inside VE ?
I thought that hardware ressource usage will be the sum of all VE + Hardware server. Do I miss something ?
I use Debian 6.0.7 with kernel 2.6.32-5-openvz-amd64
Please find here version of packages
root@host:~# dpkg -l|grep vz
ii linux-image-2.6-openvz-amd64 2.6.32+29 Linux 2.6 for 64-bit PCs (meta-package), OpenVZ support
ii linux-image-2.6.32-5-openvz-amd64 2.6.32-48squeeze1 Linux 2.6.32 for 64-bit PCs, OpenVZ support
ii linux-image-openvz-amd64 2.6.32+29 Linux for 64-bit PCs (meta-package), OpenVZ support
ii vzctl 3.0.24-12 server virtualization solution - control tools
ii vzdump 1.2.6-1 OpenVZ backup scripts
ii vzquota 3.0.12-3 server virtualization solution - quota tools
Many thanks by advance for all helps or clues that you can provide.
Regards
Vincent
|
|
| | Topic: ipset support |
|---|
| ipset support [message #49074] |
Thu, 14 March 2013 09:58 |
Master Bo
Messages: 1
Registered: March 2013 |
Junior Member |
From: *boyandin.ru
|
|
Hello,
If I am not mistaken, ipset modules are included into kernel as a standard since version 2.6.39. As far as I know, OpenVZ doesn't support ipset in containers.
Are there plans to support it?
Thanks.
|
|
| | Topic: Can veth in CT0 send all packets to virtual ethernet device in CT |
|---|
| | Topic: Deb packages repository |
|---|
| | Topic: OpenVZ and 2 NICs |
|---|
| OpenVZ and 2 NICs [message #49065] |
Sun, 10 March 2013 09:49 |
dochouse
Messages: 1
Registered: March 2013 |
Junior Member |
From: *6-79-r.retail.telecomitalia.it
|
|
hello everyone,
I am trying to figure out how to make my OpenVZ host node working exclusively with one physical nic.
I have an HN with 2 ethernet cards eth0 and eth1. Originally, only eth0 card was configured with the static IP 10.0.0.2 while eth1 had a DHCP assigned address in the same subnet of eth0 (10.0.0.x). I have found myself in need of installing VirtualBox along with openvz because i need to virtualize a couple of windows machines for certain services. So i thought about starting to use the infamous eth1 card to separate the network traffic generated by VirtualBox. So last night i assigned a static ip address to my eth1: 10.0.0.3. the problem is that if i configure eth1 with a static address my dns server running on an openvz container suddenly stops working. As soon as i set eth1 back to DHCP mode everything works fine. I have read something about ARP flux in the openvz wiki but i am no expert and apparently i fail at understanding how to fix the problem.
I suspect that OpenVz takes control of the eth1 interface too and somehow this may be causing some problems...
Now is there a way to bind OpenVz to one and only ethernet card ( In my case eth0) so that i can do what i want with my eth1 nic? How is it possible that if i just configure eth1 the virtualized dns stops working?
What i have noticed is:
Virtualbox works fine but for some reasons i cannot connect to any of my virtualized machines inside of it.
All the openVZ containers are reachable with an SSH connection even with both eth cards set to work with a static IP.
I can use all of the web panels installed on my various openvz containers.
The only thing that apparently stops working is the DNS.
Any hints?
|
|
| | Topic: Two subnets on one HN, one of them statically routed to the other |
|---|
| Two subnets on one HN, one of them statically routed to the other [message #49060] |
Fri, 08 March 2013 21:36 |
raenk
Messages: 2
Registered: March 2013
Location: Mexico |
Junior Member |
From: *prod-infinitum.com.mx
|
|
I have little network knowledge, please bare with me.
I want to know if the solution provided on post #14966, titled "*SOLVED* VEs with different subnets" (can't post links yet) applies to my scenario as well.
That post was supposedly solved with thi article from the wiki: Using_private_IPs_for_Hardware_Nodes
My situation:
The HN has one /29 block working perfectly fine, and it has a second /27 block from a different subnet, statically routed (by the datacenter) to the first IP of the /29 block, which is set for eth0 (first interface/NIC).
The /27 block is to be used for all the containers. I have tried the typical OpenVZ setup and other thing I have found around internet, but when I create a container with an IP of the /27 block, I just can't see the internet from within nor reach it from outside.
Also, I want to be sure that the issue is on my end and not on the datacenter's.
I'm about to hang myself.
|
|
| | Topic: kernel crash |
|---|
| kernel crash [message #49045] |
Mon, 04 March 2013 03:30 |
Egner
Messages: 1
Registered: March 2013 |
Junior Member |
From: *bredband.comhem.se
|
|
Hi there!
i have a kernel crash on my openvz host. "its freezing" and i need to reboot the machine then everything comes back online again.
when i look into the messages file i get this information:
Mar 3 23:14:42 sol last message repeated 4 times
Mar 4 00:16:08 sol kernel: list_add corruption. prev->next should be ffff81062dd993b8, but was 2065756c61762e78
Mar 4 00:16:08 sol kernel: ----------- [cut here ] --------- [please bite here ] ---------
Mar 4 00:16:08 sol kernel: Kernel BUG at lib/list_debug.c:31
Tanks for help!
Egner
|
|
| | Topic: 2 different networks on same VE |
|---|
| 2 different networks on same VE [message #49030] |
Wed, 27 February 2013 12:50 |
TheGreatDoc
Messages: 3
Registered: February 2013
Location: España |
Junior Member |
From: *tvt-datos.es
|
|
Is it possible to have a VE working with 2 differents subnet ip address?
I have a HN with 2 interfaces, one with an public ip and another with private ip.
I have several VEs running on it, some with private ips and some with public ips. All work well but, if I try to use one public and one private on same VE, the secondary IP (no matter what) will not work outside the HN.
Explanation.
If [IP_ADDRESS="84.232.xxx.xxx 172.20.20.252"] all will work ok with the public ip, but private will only ping to 172.20.20.253 (HN Private IP)
If I swich it, [IP_ADDRESS="172.20.20.252 84.232.xxx.xxx"], all will work ok with the private ip, but the public will only have comm with the HN.
Any tip on this? I tried setting NEIGHBOUR_DEVS=detect in vz.conf to all, but then all networking stop working.
Thanks in advance
|
|
| | Topic: ping receives no packets, but tcpdump can see them coming in |
|---|
| ping receives no packets, but tcpdump can see them coming in [message #49020] |
Sat, 23 February 2013 10:36 |
elsdoerfer
Messages: 1
Registered: February 2013 |
Junior Member |
From: *dip.t-dialin.net
|
|
I'm migrating an old Ubuntu OpenVZ instance (Jaunty) to a new CentOS 6.3 host (using vzdump/vzrestore).
Now networking does not work properly. Facts:
- It works just fine if a setup a new OpenVZ instance.
- I can connect INTO the old instance perfectly well, but it cannot connect to the outside.
- It cannot ping the host, nor anything else.
- I've cleared all iptables rules both on host and inside the VE.
ping:
root@dolores:/# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 9999ms
At the same time within the VE:
17:49:12.730360 IP dolores > 8.8.8.8: ICMP echo request, id 59701, seq 1, length 64
17:49:12.735095 IP 8.8.8.8 > dolores: ICMP echo reply, id 59701, seq 1, length 64
17:49:13.730305 IP dolores > 8.8.8.8: ICMP echo request, id 59701, seq 2, length 64
17:49:13.735524 IP 8.8.8.8 > dolores: ICMP echo reply, id 59701, seq 2, length 64
17:49:14.730411 IP dolores > 8.8.8.8: ICMP echo request, id 59701, seq 3, length 64
Of course, /sys/devices/virtual/net/venet0/statistics/rx_bytes is updating, and none of the /sys/devices/virtual/net/venet0/statistics/rx_ error files make a peep.
What's the deal? Where would I look now?
Some more output in case it helps:
root@dolores:/# ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:39652 errors:0 dropped:0 overruns:0 frame:0
TX packets:39398 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3344760 (3.3 MB) TX bytes:3303115 (3.3 MB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:78.46.236.xxx P-t-P:78.46.236.xxx Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
root@dolores:/# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 venet0
root@dolores:/# ip route list table all
default dev venet0 scope link
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 78.46.236.165 dev venet0 table local proto kernel scope host src 78.46.236.165
local 127.0.0.2 dev venet0 table local proto kernel scope host src 127.0.0.2
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
default dev venet0 metric 1 mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable default dev lo table unspec proto kernel metric -1 error -101 hoplimit 255
On the host:
[root@olive ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
static.xxx.236. * 255.255.255.255 UH 0 0 0 venet0
78.46.236.xxx * 255.255.255.224 U 0 0 0 eth0
link-local * 255.255.0.0 U 1002 0 0 eth0
default gw-wan2.little- 0.0.0.0 UG 0 0 0 eth0
iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L is empty both on host and node (node has no nat table).
|
|
| | Topic: Enquiry on CentOS 5.9 + ovzkernel |
|---|
| Enquiry on CentOS 5.9 + ovzkernel [message #49017] |
Wed, 20 February 2013 22:31 |
ccto
Messages: 22
Registered: October 2005 |
Junior Member |
From: 180.92.180*
|
|
Hello,
As I know, up to now, OpenVZ has not released the ovzkernel rebased to CentOS 5.9 one (2.6.18-348).
Do anyone knows any issue to update the host and guest to CentOS 5.9 , but keep the ovzkernel to latest (2.6.18-308.8.2.el5.028stab101.1) ?
Thank you very much for kind attention.
Regards
George
|
|
| | Topic: dropping network on container |
|---|
| dropping network on container [message #49016] |
Wed, 20 February 2013 11:04 |
marcin4
Messages: 1
Registered: February 2013 |
Junior Member |
From: *voipplus.net
|
|
I am having strange issue.
The HN is a updated Centos 5.9 with 20+ VEs running without any issues for years.
Recently I have add an VE from template centos-6-x86-devel and the only issue I am experiencing that the container is loosing network/interface.
It has no pattern, like every 4 hours. When it does happen :
the ifconfig command is stock showing only lo, no ping of any host is available and venet0, venet0:0 are not showing nor responding.
restarting network service also gets stock
I attempted to follow this post:
forum.proxmox.com/threads/8301-OpenVZ-Containers-lose-intern et-connection-%28VLAN-venet%29
but it did not help.
Some times the network will drop for only fief seconds, and sometimes permanently.
The logs do not show anything on VE nor on HN.
|
|
| | Topic: kernel: proc: unrecognized mount option "relatime" or missing value |
|---|
| kernel: proc: unrecognized mount option "relatime" or missing value [message #49011] |
Mon, 18 February 2013 09:23 |
demo
Messages: 1
Registered: February 2013 |
Junior Member |
From: *bb.sky.com
|
|
Hi,
I see this error in my messages log a lot, and I think it is the cause of my server crashing, or temporary loss of network.
Does any one know how to fix it?
Stats:
2.6.18-308.8.2.el5.028stab101.1 #1 SMP x86_64
LABEL=/ / ext3 defaults 1 1
LABEL=/vz /vz ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda3 swap swap defaults 0 0
#none /tmp tmpfs nodev,nosuid,noexec 0 0
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
|
|
| | Topic: Tun coursing kernel panic? |
|---|
| Tun coursing kernel panic? [message #49005] |
Thu, 14 February 2013 08:56 |
iMonsteR
Messages: 1
Registered: February 2013 |
Junior Member |
From: *as13285.net
|
|
I am not sure if this is new, But seem to be getting a kernel panic from Enabling Tun via Modprobe
Using centos 5.9 (64 bit)
With kernel v
2.6.18-308.8.2.el5.028stab101.1
|
|
|
Pages (70): [1 ]
Current Time: Sat May 25 23:16:29 EDT 2013
|
Members
Search
Help
Register
Login
Home
