Today's Messages (off)
| Unanswered Messages (on)
| Forum: Support |
|---|
| Topic: VPN inside VE, tunnel only specific traffic |
|---|
| VPN inside VE, tunnel only specific traffic [message #35714] |
Thu, 16 April 2009 15:30 |
 tetra
Messages: 1
Registered: April 2009 |
Junior Member |
From: *pools.arcor-ip.net
|
|
Hello,
I have a venet setup where the HN runs shorewall and controls the traffic going from and into the VEs. Each VE has one public IP.
Now I want to set up a VPN inside one of the VEs. I already got the VPN to work flawlessly but it redirects ALL traffic through the VPN which I do not want.
I thought about marking the packets inside the VE that should take the route through the VPN (based on the destination port) and then direct them to the appropriate routing table, but I don't know how I can accomplish this.
I experimented with iptables inside the VPN VE but it seems to conflict with shorewall somehow - at least the packets aren't marked at all.
What do you think is the best way of doing this? Is there maybe a way to set up the VPN on the HN and use it inside the VE? That way I could use shorewall for marking the packets.
I'm a little confused, sorry when I talk rubbish.
Edit: I think I got it:
echo 0 > /proc/sys/net/ipv4/conf/tun0/rp_filter
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
ip rule add fwmark 1 table vpn
ip route add default dev tun0 table vpn
I don't know if it's the optimal solution, but at least it works. (I tried marking in the POSTROUTING chain first, but I don't know why that doesn't work)
[Updated on: Thu, 16 April 2009 22:15] Report message to a moderator |
|
| | Topic: How to rebuild a openvz kernel in linux kernel with version 2.6.24.7 ? |
|---|
| How to rebuild a openvz kernel in linux kernel with version 2.6.24.7 ? [message #35618] |
Wed, 08 April 2009 11:12 |
minipower
Messages: 1
Registered: March 2009 |
Junior Member |
From: *ecs.umass.edu
|
|
Hi all.
I checked the openVZ.org that the latest version for rebuild a kernel in linux is 2.6.24 and the patch file is not for 2.6.24.y. It means I can not build a openvz kernel in linux with version 2.6.24.7. However, for my experiments,I have to use click modular in kernel mode with version 2.6.24.7 that is the only version it has in 2.6.24.y without 2.6.24. I tried to firstly rebuild a openvz kernel with linux version 2.6.24 and then modified the files mentioned in Click patch file and compiled the kernel. Unfortunately, I can not use Click in the new kernel. As a result, I wonder whether there is a good way to solve this problem. If there is, please let me know it. Thanks a lot.
my email: yindong1982@gmail.com
[Updated on: Wed, 08 April 2009 14:33] Report message to a moderator |
|
| | Topic: Quota on mounted fs |
|---|
| Quota on mounted fs [message #35583] |
Mon, 06 April 2009 15:49 |
tuliogs
Messages: 1
Registered: April 2009 |
Junior Member |
From: *mpt.gov.br
|
|
Hello,
I´m having trouble trying to enable quotas on a mounted filesystem. I set four LVMs, exported with --devnodes and mounted with usrquota,grpquota:
[root@server home]# mount
[snip]
/dev/mapper/VolGroup00-THome on /home type ext3 (rw,data=ordered,nosuid,noexec,usrquota,grpquota)
/dev/mapper/VolGroup00-TTmp on /tmp type ext3 (rw,nosuid,noexec,data=ordered)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
The problem is, when I try to enable quotas, I get the following:
[root@server ~]# quotaon /home
quotaon: using /home/aquota.group on /dev/mapper/VolGroup00-THome [/home]: Permission denied
quotaon: using /home/aquota.user on /dev/mapper/VolGroup00-THome [/home]: Permission denied
This is driving me nuts for some time now.  I tried fiddling with about just plain everything vzquota- or vzctl-related and found nothing related to this in the Wiki or here in the forum, so I´m currently out of ideas. Anyone has any clue on it?
To present time, I´ve been only able to use quotas on the root filesystem. Any help would be immensely appreciated, and thanks in advance.
|
|
| | Topic: Anyone here has a root server at Hetzner.de? Which kernel do you use? |
|---|
| Anyone here has a root server at Hetzner.de? Which kernel do you use? [message #35506] |
Tue, 31 March 2009 17:19 |
Tony2
Messages: 4
Registered: October 2008 |
Junior Member |
From: *dhcp.uni-bielefeld.de
|
|
Hi guys,
does anyone here have a root server at Hetzner.de? If so, could you share which kernel are you using?
I have a few servers at Hetzner; the first one has been running for about 2 years now without any problem and I am more than happy with it. However I don't have such a luck with a few servers ordered later. They all have the problem described in http://forum.openvz.org/index.php?t=msg&goto=33575
At the moment my workaround is to bypass connection tracking, ie my firewall acts like a stateless one. Not a good solution, but I don't have a better one. FWIW, the first server has different hardware than the later ones.
Recently I upgraded one server to debian lenny and try the new openvz kernel 2.6.26 coming with lenny. It was running great for about 3 weeks, and yesterday I got this message:
Mar 31 08:24:02 eu4 kernel: [1885581.110279] BUG: soft lockup - CPU#1 stuck for 62s! [swapper:0]
I did some googling and it seems this problem is not openvz-specific; many people have this problem and a fix is still not available.
Anyway, my main question is: which kernel do you use, or do you recommend me to try?
thanks,
Tony
PS: I run debian etch on all servers, with kernel 2.6.18 from http://download.openvz.org/debian-systs
[Updated on: Wed, 01 April 2009 05:07] Report message to a moderator |
|
| | Topic: VM was delted, how can I restore from rsync backup? |
|---|
 VM was delted, how can I restore from rsync backup? [message #35445] |
Wed, 25 March 2009 21:58 |
joechurch
Messages: 1
Registered: March 2009
Location: Tampa, FL |
Junior Member |
From: *tampfl.fios.verizon.net
|
|
Hi all,
Due to a series of unfortunate events, my VPS running on a OpenVZ VM was deleted at my web host. Now they do have a full backup using rsync from very recently. Its over 10GB in size, probably closer to 15GB. I think its a flat file backup, file for file of the whole VPS/VM. The host tried to setup a new openVZ VM and extract the backup over the new VM files. This did kinda work, my accounts showed up in WHM, but cpanel was broken, none of the cpanel services would start, and many core modules and dependencies were missing for some reason. Then we tried to blow that away and make a new VM, then I'm waiting still for the host to try powering off the VM and restoring the files again, in case something failed the first time.
Obviously I have no other backups, the host was doing my backups and I don't have any to work with locally. I'm desperate to get this VM restored from backup. I am calling on the support of anyone who is willing to help me get this back up and going. On my VM, I had centos 5 installed, with cpanel/WHM. Please let me know if you can offer any help. I am also willing to pay for expert help in getting this server back up and going.
Thanks in advance!
joe
|
|
| | Topic: FAILCNT |
|---|
 FAILCNT [message #35426] |
Wed, 25 March 2009 04:21 |
fanat1k
Messages: 11
Registered: March 2009 |
Junior Member |
From: 88.147.147*
|
|
Hi
I have some problems with memory allocation. On ve104 I have java+apache+tomcat, when I tested 100 simultanios users: fork: Could not allocate memory.
HostMachine: Intel Core2 CPU 6400 @ 2.13GHz / 4Gb / SCSI 320Gbx2 / RAID / Debian 4.1.1-21;
There are 5 VE's.
Linux version 2.6.18-ovz-028stab053.5-smp
Debian 4.1.1-21
# vzctl exec 104 cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
104: kmemsize 5422544 15397142 165351424 181886566 3061
lockedpages 0 0 8073 8073 0
privvmpages 222579 426238 605535 666088 21
shmpages 20 3380 60553 60553 0
dummy 0 0 0 0 0
numproc 103 228 4036 4036 0
physpages 45463 89047 0 9223372036854775807 0
vmguarpages 0 0 605535 9223372036854775807 0
oomguarpages 45463 89047 605535 9223372036854775807 0
numtcpsock 21 316 4036 4036 0
numflock 5 10 1000 1100 0
numpty 0 5 403 403 0
numsiginfo 0 158 1024 1024 0
tcpsndbuf 364896 1073840 38585685 55117141 0
tcprcvbuf 344064 1665552 38585685 55117141 0
othersockbuf 130872 170432 19292842 35824298 0
dgramrcvbuf 0 16880 19292842 19292842 0
numothersock 87 120 4036 4036 0
dcachesize 0 0 36112403 37195776 0
numfile 2459 3315 64576 64576 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 10 10 200 200 0
[Updated on: Wed, 25 March 2009 04:22] Report message to a moderator |
|
| | Topic: Solution for vzdump with NFS mounts inside CT |
|---|
| Solution for vzdump with NFS mounts inside CT [message #35389] |
Mon, 23 March 2009 04:31 |
digidax
Messages: 28
Registered: March 2008 |
Junior Member |
From: *celebraterecords.com
|
|
Hello,
I'm running inside a CT an Apache webserver. The documentroot is mounted with NFS from a storage, so vzdump doesn't work.
If I would write a simple shell script what's first stop the CT an then vzdump the CT and finally start it, would this be a soulution? With the downtime of the http service I wouldn't have a problem.
best regards
Frank
|
|
| | Topic: Troubles during the installation of openvz |
|---|
| Troubles during the installation of openvz [message #35289] |
Sun, 15 March 2009 20:47 |
Balbuzard
Messages: 26
Registered: March 2009
Location: Australia |
Junior Member |
From: *atp.nicta.com.au
|
|
Hi!
I would like to install openvz on my computer, and I am having some troubles during the installation.
I have a debian-etch version of linux on my i-686 computer;
I have followed the instructions there http://wiki.openvz.org/Installation_on_Debian
The depots located at deb http://DEBIAN-MIRROR/debian/ testing main
deb http://DEBIAN-MIRROR/debian-security/ testing/updates main
the instruction apt-get dist-install returns E: Invalid operation dist-install
I have chosen the version fzakernel-2.6.18-686 at the next step
I can not install vztcl! But no problem with vzquota.
What can I do to fix this problem?
the shell returns Since you only requested a single operation it is extremely likely that the package is not installable and a bug report against that package should be filled
The package have unmet dependencies : vzctl : dependencies iproute but it is not installable
E: brocken package
To finish with, here are the returns at the steps confirm proper installation:
uname -r returns 2.6.18-14-fza-686
pa ax | grep vz returns 4359 tty1 S+ 0:00 grepvz
about ifconfig, nothing has changed compared to before the installation.
can anyone help me with these troubles?
Thank you very much!!
|
|
| | Topic: how to upgrade mod_ssl manually ? |
|---|
| how to upgrade mod_ssl manually ? [message #35286] |
Sun, 15 March 2009 13:11 |
sachin
Messages: 27
Registered: September 2007 |
Junior Member |
From: *246.220.26.static.pune.vsnl.net.in
|
|
hello
how to upgrade mod_ssl manually on vps?
please let me know how to do this?
Reply With Quote
|
|
| | Topic: Can't get ipsec working |
|---|
| Can't get ipsec working [message #35275] |
Sat, 14 March 2009 05:01 |
Niklas
Messages: 1
Registered: March 2009 |
Junior Member |
From: *k922.webspeed.dk
|
|
Hi
I'm trying to enable IPSec for a VPS, but can't get it working. I have loaded the needed kernel modules on the host node, and `ipsec verify` shows everything needed is loaded, but it doesn't on the VPS.
From what i can read in the ipsec veriy script, it checks if the /proc/net/pfkey file exists. Is there a way to get this working?
Best regards
Niklas
|
|
| | Topic: A few questions |
|---|
| A few questions [message #35234] |
Tue, 10 March 2009 18:55 |
Cotun
Messages: 1
Registered: March 2009 |
Junior Member |
From: *plus.com
|
|
Hi everybody
I've got a couple of questions about OpenVZ that I hope somebody can help me with.
1) It says in the Debian installation guide
"It is recommended to use a separate partition for container private directories (by default /var/lib/vz/private/<CTID>). The reason why you should do so is that if you wish to use OpenVZ per-container disk quota, you won't be able to use usual Linux disk quotas on the same partition. Bear in mind that per-container quota in this context includes not only pure per-container quota but also usual Linux disk quota used in container, not on HN."
Does this mean that a single partition should be created for /var/lib/vz or /var/lib/vz/private? Or should a new partition be made for each container?
2) If the answer is a single partition for /var/lib/vz, then how do you assign more than one hard disk to separate containers? I'm excluding the case where one container is bigger than one of the hard disks.
3) Is there any way to ensure that a single virtual container is not swapped out under any circumstances. I want to run a tmpfs mount in a single container that I would prefer to remain in memory permanently. It can be assumed that the single container will never be bigger than the RAM available. I'm aware that disabling swap completely would have this effect, but I'd prefer to avoid that if possible.
Thanks
Cotun
|
|
| | Topic: Debug Kernel Question |
|---|
| Debug Kernel Question [message #35167] |
Fri, 06 March 2009 10:02 |
mperkel
Messages: 243
Registered: December 2006 |
Senior Member |
From: *junkemailfilter.com
|
|
I built a debug kernel to debug a kernel problem related to kernel crashes from a bug relating to the EXT3 file system. However the messages file doesn't contain any more information than a standard kernel lockup. Is there a setting I need to activate to get more information about file system problems?
Also - this computer is being used for backups and has a LOT of files and a LOT of hard links. I'm also using one of those Seagate 1.5T drives but I did do the drive bios upgrade. And I've moved the drive to different computers and the problem follows the drive. (Or the fact that I'm backing up running rsync and cp -al and it always dies during the backup)
Sure like to get to the bottom of this. Thanks in advance.
Mar 6 02:25:23 vpsa kernel: ------------[ cut here ]------------
Mar 6 02:25:23 vpsa kernel: kernel BUG at fs/jbd/journal.c:569!
Mar 6 02:25:23 vpsa kernel: invalid opcode: 0000 [1] SMP
Mar 6 02:25:23 vpsa kernel: CPU: 1
Mar 6 02:25:23 vpsa kernel: Modules linked in: vzethdev vznetdev simfs vzrst vzcpt tun vzmon xt_length ipt_ttl xt_tcpmss xt_TCPMSS$
Mar 6 02:25:23 vpsa kernel: Pid: 2365, comm: kjournald Not tainted 2.6.24 #2 ovz008
Mar 6 02:25:23 vpsa kernel: RIP: 0010:[<ffffffff88025629>] [<ffffffff88025629>] :jbd:journal_next_log_block+0x26/0x77
Mar 6 02:25:23 vpsa kernel: RSP: 0018:ffff81022cdede10 EFLAGS: 00010246
Mar 6 02:25:23 vpsa kernel: RAX: ffff81022d0ee000 RBX: ffff81022c583090 RCX: ffffffff8802561f
Mar 6 02:25:23 vpsa kernel: RDX: 0000000000000001 RSI: 0000000000000143 RDI: ffff81022c5830b8
Mar 6 02:25:23 vpsa kernel: RBP: ffff81022c583090 R08: 0000000000000000 R09: 0000000000000000
Mar 6 02:25:23 vpsa kernel: R10: ffffffff8802561f R11: ffff81022cdede98 R12: ffff81022c5830b8
Mar 6 02:25:23 vpsa kernel: R13: ffff81022cdede90 R14: 00000000000001fb R15: ffff8101096f0414
Mar 6 02:25:23 vpsa kernel: FS: 00002ba95e750100(0000) GS:ffff81022fc02708(0000) knlGS:00000000b7f746d0
Mar 6 02:25:23 vpsa kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
Mar 6 02:25:23 vpsa kernel: CR2: 00000031f309ac20 CR3: 00000001909e9000 CR4: 00000000000006a0
Mar 6 02:25:23 vpsa kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Mar 6 02:25:23 vpsa kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Mar 6 02:25:23 vpsa kernel: Process kjournald (pid: 2365, veid=0, threadinfo ffff81022cdec000, task ffff81022d0ee000)
Mar 6 02:25:23 vpsa kernel: Stack: ffff81022c583090 ffff81009c54d930 ffff81022c583090 ffff8100a07bd888
Mar 6 02:25:23 vpsa kernel: ffff8102191033d8 ffffffff8802239a ffff81022c179000 000000802cdfd8b8
Mar 6 02:25:23 vpsa kernel: 00000bec00000000 000001f000000000 ffff81022cdfd8b8 ffffffff81503280
Mar 6 02:25:23 vpsa kernel: Call Trace:
Mar 6 02:25:23 vpsa kernel: [<ffffffff8802239a>] :jbd:journal_commit_transaction+0x6a2/0xdf4
Mar 6 02:25:23 vpsa kernel: [<ffffffff880258ed>] :jbd:kjournald+0xba/0x21d
Mar 6 02:25:23 vpsa kernel: [<ffffffff81048ca2>] autoremove_wake_function+0x0/0x2e
Mar 6 02:25:23 vpsa kernel: [<ffffffff88025833>] :jbd:kjournald+0x0/0x21d
Mar 6 02:25:23 vpsa kernel: [<ffffffff81048b88>] kthread+0x47/0x73
Mar 6 02:25:23 vpsa kernel: [<ffffffff8125e844>] trace_hardirqs_on_thunk+0x35/0x3a
Mar 6 02:25:23 vpsa kernel: [<ffffffff8100cf58>] child_rip+0xa/0x12
Mar 6 02:25:23 vpsa kernel: [<ffffffff8100c66f>] restore_args+0x0/0x30
Mar 6 02:25:23 vpsa kernel: [<ffffffff81048a11>] kthreadd+0x115/0x13a
Mar 6 02:25:23 vpsa kernel: [<ffffffff81048a11>] kthreadd+0x115/0x13a
Mar 6 02:25:23 vpsa kernel: [<ffffffff81048b41>] kthread+0x0/0x73
Mar 6 02:25:23 vpsa kernel: [<ffffffff8100cf4e>] child_rip+0x0/0x12
Mar 6 02:25:23 vpsa kernel:
Mar 6 02:25:23 vpsa kernel:
Mar 6 02:25:23 vpsa kernel: Code: 0f 0b eb fe 48 8b ab e8 02 00 00 48 ff 8b f8 02 00 00 48 8d
Mar 6 02:25:23 vpsa kernel: RIP [<ffffffff88025629>] :jbd:journal_next_log_block+0x26/0x77
Mar 6 02:25:23 vpsa kernel: RSP <ffff81022cdede10>
Mar 6 02:25:23 vpsa kernel: ---[ end trace 5e5300396f9c4ef2 ]---
Junk Email Filter
http://www.junkemailfilter.com
|
|
| | Topic: Is it possible to isolate VEs to specific a specific CPU core |
|---|
| | Topic: VPS Question |
|---|
| VPS Question [message #35154] |
Thu, 05 March 2009 14:45 |
steeleweb
Messages: 22
Registered: February 2009
Location: Kansas City |
Junior Member |
From: 206.57.124*
|
|
Now that I have A GUI for management I have several other questions.
The templates are not really the full OS, how do I get the full OS installed, and is there a way to RDP into them once the OS has been installed in case you would prefer not doing everything from the command line.
I am currently running Centos 5 on my HWN, I have centos, fedora, and ubuntu templates installed. One VPS created that is running centos 5 template.
Thanks Again,
|
|
| | Topic: openvpn inside openvz |
|---|
| openvpn inside openvz [message #35146] |
Thu, 05 March 2009 01:14 |
pichetw
Messages: 1
Registered: March 2009 |
Junior Member |
From: 202.28.179*
|
|
I've installed OpenVPN on my visual host. Clients can connect to the server but can not access to the internet. I try to use NAT script but it does not work. Here is my code.
iptables -A FORWARD -s 192.168.10.0/255.255.255.0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.10.0/255.255.255.0 -o venet0 -j MASQUERADE
and this is my ifconfig
# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1680 (1.6 KiB) TX bytes:1680 (1.6 KiB)
tap0 Link encap:Ethernet HWaddr 82:09:D4:D8:9C:78
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::8009:d4ff:fed8:9c78/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:461 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:67125 (65.5 KiB) TX bytes:15284 (14.9 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:13026 errors:0 dropped:0 overruns:0 frame:0
TX packets:8353 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1352033 (1.2 MiB) TX bytes:1028555 (1004.4 KiB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:122.155.XX.XX P-t-P:122.155.XX.XX Bcast:122.155.XX.XX Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
Client connects through tap0 and I want to have them connected to the internet via venet0 (or venet0:0??)
any ideas?
|
|
| | Topic: risks of granting net_admin? |
|---|
| risks of granting net_admin? [message #35137] |
Wed, 04 March 2009 12:35 |
minektur
Messages: 3
Registered: March 2009 |
Junior Member |
From: *oremut02.us.wh.verio.net
|
|
I'm setting up a guest that wants to use tunneling (openvpn based...) and I find from the documentation that I need to, among other things, grand net_admin rights to the guest.
I've looked pretty far and wide for any documentation on this but haven't found much - I'm wondering what the risks I should consider when doing this.
What else does net_admin give you the ability to do? Is this just giving the administrator of the virtual server more options or does it have ramifications for other guest servers on the machine?
I've seen a a few issues in the linux kernel where granting someone CAP_NET_ADMIN will allow them to exploit some local vulnerability... e.g.
http://www.securityfocus.com/bid/17178/discuss
Are there other issues I should consider?
Fred
|
|
| | Topic: Running NX Nomachine (almost there) |
|---|
| Running NX Nomachine (almost there) [message #35132] |
Wed, 04 March 2009 10:38 |
neondiet
Messages: 1
Registered: March 2009
Location: England, UK |
Junior Member |
From: *nhs.uk
|
|
Hi,
I've installed OpenVZ and have a couple of VPS's running now, installed using the basic centos-5-x86 template. I want to run GNOME in one (possibly more) so I set about installing GNOME and NX Nomachine. It almost works. I can connect using the nxclient from another system and it logs in and authenticates, gives me a session display and even displays the panel with the menu bar at the top. However I get lots of error dialog boxes related to applets which I have to dismiss. Each one contains one of the following messages:
OAFIID:GNOME_SystemTrayApplet
OAFIID:GNOME_ClockApplet
OAFIID:GNOME_MixerApplet
OAFIID:GNOME_WorkspaceSwitcherApplet
OAFIID:GNOME_TrashApplet
OAFIID:GNOME_WindowListApplet
OAFIID:GNOME_ShowDesktopApplet
When starting apps from the menu I get error dialogue boxes with lots of the following errors in the details section:
Adding client to server's list failed, CORBA error: IDL:omg.org/CORBA/COMM_FAILURE:1.0
And often the app just dies. I've tried removing /tmp/orbit-<user> and rebooting as suggested elsewhere on Google, but it makes no difference.
Here's what I did to set up the environment so far. I'm sure I must be missing something:
[root@sdltrng01 ~]# vzctl set 101 --diskspace 6000000:6100000 --save
Saved parameters for CT 101
[root@sdltrng01 ~]# vzctl set 101 --diskinodes 360000:370000 --save
Saved parameters for CT 101
[root@openvz1 ~]# yum install gnome-speech gnome-menus gnome-utils gnome-games \
gnome-python2 gnome-volume-manager gnome-python2-extras gnome-mime-data \
gnome-user-share gnome-desktop gnome-pilot gnome-python2-desktop gnome-python2-gconf \
gnome-python2-gnomevfs gnome-backgrounds gnome-doc-utils gnome-mount \
gnome-netstatus gnome-media gnome-python2-gnomeprint gnome-session \
gnome-python2-bonobo gnome-keyring gnome-icon-theme gnome-system-monitor \
gnome-python2-applet gnome-python2-libegg gnome-vfs2-smb gnome-power-manager \
gnome-python2-canvas gnome-applets gnome-themes gnome-mag gnome-user-docs gnome-vfs2 \
gnome-panel gnome-spell gnome-screensaver gnome-python2-gtksourceview gdm gnome-terminal \
nfs-utils glibc.i386 cups-libs.i386 fontconfig.i386 freetype.i386 libgcc.i386 \
libstdc++.i386 libX11.i386 libXext.i386 libXft.i386 libXrender.i386 audiofile.i386
Make sure I'm up to date with everything:
[root@openvz1 ~]# yum update
Next I install the NX rpms:
nxclient-3.3.0-6.i386.rpm
nxnode-3.3.0-12.i386.rpm
nxserver-3.3.0-15.i386.rpm
[root@openvz1 ~]# rpm -ivh nx*rpm
And then start some missing services and reboot for a clean start. Without these gconfd bitches about file locks in messages:
[root@openvz1 ~]# chkconfig --levels 345 messagebus on
[root@openvz1 ~]# chkconfig --levels 345 portmap on
[root@openvz1 ~]# chkconfig --levels 345 nfslock on
[root@openvz1 ~]# reboot
After rebooting, create a clean new user account, give it a password and then login to that account using nxclient.
It's pretty quick to set up really, and I think this is worth pursuing as I'm sure lots of people would find it useful. Can anyone spot something I've missed?
--nd
[Updated on: Thu, 05 March 2009 04:23] Report message to a moderator |
|
| | Topic: How to restart VE network |
|---|
| How to restart VE network [message #35129] |
Tue, 03 March 2009 15:17 |
praveenray
Messages: 8
Registered: June 2008 |
Junior Member |
From: *perspectivepartners.com
|
|
Hi All
I've simple venet networks in the VE's (ubuntu gutsy) on a CentOS HN. For some reason, the HN lost network connectivity and I had to
manually restart network on the HN. However, now all VEs are unreachable - in order to get them back on, I must restart each VE.
Is there a better way to bring the VEs on network after HN network has been restarted (other than vzctl restart) ?
Please advise.
thanks
|
|
| | Topic: Do you know how to put /vz on a different hard drive? |
|---|
| Do you know how to put /vz on a different hard drive? [message #35127] |
Tue, 03 March 2009 13:03 |
hisaltesse
Messages: 6
Registered: February 2009 |
Junior Member |
From: *hsd1.nj.comcast.net
|
|
Hey guys,
QUESTION 1
I am setting up my deployment of openvz and even though I can just have a /vz partition as recommended, I would like the OS to run on one little hard drive and the containers on a completely different hard drive.
My assumptions is that it comes down to putting the /vz partition on an external hard drive.
Could you please enlighten me on
- whether this is a good approach
- how to achieve this
- what the downfalls are
- what to be careful about
(I am thinking that I may have to automount the other hard disk at boot and having /vz as the mount point but I am not sure if this is all there is to it and how to do it)
QUESTION 2
In fact I have 4 hard disk on my server and I am wondering what would be the best way to manage my storage for openvz.
Here is my plan:
running the host node on disk1
running a RAID 1 on disk 2 and 3 and put /vz on it
using disk 4 as a separate backup disk for the hostnode and the containers in case my raid controller fails. This way if the raid fails my hostnode is not down.
The server has a hardware raid card that allows me to do RAID 0, 1 or 5.
Let me know your thoughts.
Thanks.
|
|
| | Topic: OpenVZ Clustering |
|---|
| OpenVZ Clustering [message #35119] |
Mon, 02 March 2009 18:49 |
kiddbios
Messages: 6
Registered: March 2009 |
Junior Member |
From: *sw.biz.rr.com
|
|
Hello,
The company I work for recently purchased a fiber attached storage array and 2 servers to create a clustered OpenVZ environment. I've been tasked with creating a highly available solution. The only problem with this is that I am fairly new to Linux. I've been using OpenVZ for a few months now and it's been working great. I've been searching for information on how to create an OpenVZ cluster, but everything I have found is referencing DRBD. My understanding is that DRBD is a way to accomplish clustering without having a shared storage resource.
Here is what I would like to do:
Heartbeat
Physical Node 1---------------- Physical Node 2
| |
| |
| |
||||||||||||||||||
|Shared Storage| <---------Virtual Containers Live Here
||||||||||||||||
In the event that the physical node becomes unavailable the containers would automatically fail over to the other node. So my initial questions are:
How is clustering achieved with OpenVZ? Is there a good article/how-to that will point me in the right direction?
Are the individual containers clusterable so that they can be failed over individually?
Are there management tools available for managing how the cluster will behave in certain situations or is everything script based?
Any help is greatly appreciated.
[Updated on: Mon, 02 March 2009 18:52] Report message to a moderator |
|
| | Topic: Hosting Company setup ..... |
|---|
| Hosting Company setup ..... [message #35087] |
Wed, 25 February 2009 15:25 |
schjeall
Messages: 27
Registered: February 2009
Location: Denmark |
Junior Member |
From: 90.184.128*
|
|
I was thinking about how hosting companies setup OpenVZ when it comes to providing access to a VE with a public ip-address. How do they configure networking (using veth or venet), security (if using veth, how do they avoid sniffing of traffic) etc.
Can anyone come with an explanation?
My idea is to use venet. Each VE is assigned an ip-address in the range 192.168.2.1/24. ip-masquerade is setup on the HN.
Internet (Public ip's are mapped to e.g. 192.168.1.1/24)
|
+--+---+ xxx.yyy.xxx.yy1 -> 192.168.1.1
|ROUTER| xxx.yyy.xxx.yy2 -> 192.168.1.2
+-+----+ xxx.yyy.xxx.yyn -> 192.168.1.n
D|
M|
Z|
+--+------------+
| Hardware node | Listenens for 192.168.1.x/24:[1..n] and
| | dnat any port + ip to 192.168.2.x:[1..n]
+---------------+
| IP tables | 192.168.1.x:any port dnat 192.168.2.x:any port
| |
+---------------+
| N1 | N2 | N3 | venet 192.168.2.1/24
+---------------+
My idea is probably not correct and I need some guidance on how to make this work. I want all ports on any VE to be available, when doing something on the corresponding public IP. Therefore I map all public ip's to 192.168.1.x:[1..n] and dnat this to each VE assigned ip address 192.168.2.x:[1..n].
How can dnat be used even smarter or can this be solved more elegantly?
[Updated on: Thu, 26 February 2009 02:20] Report message to a moderator |
|
| | Topic: VENET vs Bridging? |
|---|
| VENET vs Bridging? [message #35076] |
Wed, 25 February 2009 08:39 |
sjdean
Messages: 30
Registered: May 2008 |
Member |
From: 81.168.97*
|
|
Is it best to use what appear to be the default venet0 devices, or to use bridging in guests?
Im putting together a SmoothWALL container. Perhaps I should just do PCI Passthrough is it?
Though I am thinking of hardware transparency.
Cheers
Simon
|
|
| | Topic: Security implications of giving CAP_NET_ADMIN to a vps |
|---|
| | Topic: Public/private network access openvpn routing |
|---|
| Public/private network access openvpn routing [message #34977] |
Sun, 15 February 2009 12:10 |
Santo
Messages: 1
Registered: February 2009 |
Junior Member |
From: *cpe.netcabo.pt
|
|
Hello,
We installed openvpn and its working well, but for a small issue.
setup:
HN with 2 interfaces
eth0 - public IP - 91.91.91.100
eth1 - private IP for access to private network - 10.1.1.20
CT with 2 IP's:
Public IP: 91.91.91.101
Private IP: 10.1.1.101
Openvpn:
net/dhcp: 10.1.1.192/26
Problem:
We can establish a tunnel to 91.91.91.101 and we get an IP 10.1.1.195
We can access the internet with no problem, but the access to the private network is limited to 10.1.1.20 (HN private IP address).
How/what can we do to have access to the rest of the private network? I suspect some iptable rule must be set.. possible on the HN.
Can anyone help with this?
Thank you
Regards
[Updated on: Sun, 15 February 2009 12:11] Report message to a moderator |
|
| | Topic: OpenVZ, vzrpm, vzyum? |
|---|
| OpenVZ, vzrpm, vzyum? [message #34960] |
Fri, 13 February 2009 09:57 |
|
Hi!
I have a CentOS (RHEL) v5 HE, and few CentOS v4 VE's. Problem is that CentOS4 had RPM v4.3 and CentOS5 has RPM v4.4, so I have to use either vzyum/vzrpm from HE, or yum/rpm from local machines.
Is there a way to combine this two somehow? Any ideas?
I would like to use vzyum because of centralized administration, patching and updating, and I need local rpm because of rpmbuild - I'm not satisfied with rpmbuild --nodeps....
Any ideas?
|
|
| | Topic: New Server - Kernel Won't Load |
|---|
| New Server - Kernel Won't Load [message #34904] |
Wed, 11 February 2009 13:03 |
rickhall
Messages: 3
Registered: December 2008
Location: Chicago, IL |
Junior Member |
From: *hnc-bsr1.chi-hnc.il.cable.rcn.com
|
|
Greetings:
I am in the process of setting up a new OpenVZ install on a fresh CentOS 5 server.
I've tried using muliple kernel versions, but I can't seem to get any of them to make it to the initrd.
Current running kernel:
# uname -r
2.6.18-92.el5
# rpm -qa --queryformat "%{name} %{version} %{release} %{arch}\n" | grep kernel
kernel 2.6.18 92.el5 x86_64
ovzkernel-devel 2.6.18 53.1.6.el5.028stab053.6 i686
ovzkernel 2.6.18 92.1.18.el5.028stab060.2 i686
ovzkernel-xen 2.6.18 92.1.18.el5.028stab060.2 i686
ovzkernel-devel 2.6.18 92.1.18.el5.028stab060.2 i686
ovzkernel-xen-devel 2.6.18 92.1.18.el5.028stab060.2 i686
ovzkernel 2.6.18 53.1.6.el5.028stab053.6 i686
Here's what's inside my /etc/grub.conf file:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sda1
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.18.el5.028stab060.2xen)
root (hd0,0)
kernel /boot/xen.gz-2.6.18-92.1.18.el5.028stab060.2
module /boot/vmlinuz-2.6.18-92.1.18.el5.028stab060.2xen ro root=LABEL=/
module /boot/initrd-2.6.18-92.1.18.el5.028stab060.2xen.img
title CentOS (2.6.18-92.1.18.el5.028stab060.2)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-92.1.18.el5.028stab060.2 ro root=LABEL=/
initrd /boot/initrd-2.6.18-92.1.18.el5.028stab060.2.img
title CentOS (2.6.18-53.1.6.el5.028stab053.6)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-53.1.6.el5.028stab053.6 ro root=LABEL=/
initrd /boot/initrd-2.6.18-53.1.6.el5.028stab053.6.img
title CentOS (2.6.18-92.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-92.el5 ro root=LABEL=/
initrd /boot/initrd-2.6.18-92.el5.img
Thank you so much for your help!
Rick
|
|
| | Topic: 2 Digit IDs - Updated |
|---|
| 2 Digit IDs - Updated [message #34808] |
Wed, 04 February 2009 02:11 |
simonfishley
Messages: 1
Registered: February 2009 |
Junior Member |
From: *saao.ac.za
|
|
Hi All
I am pretty new to VZ but have managed to get a server up and running to be a backup for an existing VZ server setup by someone else in our organisation. Trouble is he created his VMs with 2 digit IDs. I wanted to do a vzdump and them move the dumps to the new backup server to make sure they run but vzdump does not seem to like the 2 digit IDs.
Is there anyway to force vzdump to run? Alternatively, is it safe to change the container names?
*Update* - I have found a way to change the container names. This helps a bit but there are a few machines I want to move that I can't take offline to rename so still looking for a way to force the vzdump.
Thanks
Simon
[Updated on: Wed, 04 February 2009 03:21] Report message to a moderator |
|
| | Topic: Consuption of a single virtual machine |
|---|
| Consuption of a single virtual machine [message #34796] |
Tue, 03 February 2009 03:26 |
anto_gc
Messages: 2
Registered: January 2009 |
Junior Member |
From: *Red-79-148-103.dynamicIP.rima-tde.net
|
|
hello all,
How can be known the consumption of CPU of a single virtual machine?
I need to know the CPU consuption of any machine from the EV 0. IS possible?
The CPU consuption with respect the EV 0.
Thanks
--------------EDIT---------------------------------------
If I make
vzctl exec 111 top b -n 1 | grep 'Cpu(s)'
I obtain the cpu usage into de VPS 111, this usage corresponds at the global CPU usage??? I have made some tests and it seems yes that...approximately
other way is making: head -n 1 /proc/stat
I obtain valus for CPU usage...these values corresponds to a global CPU ?? I say...these values sais me the cpu usage of the virtual machine in the main machine???
thanks
[Updated on: Tue, 03 February 2009 12:01] Report message to a moderator |
|
| | Topic: Filesystem size issues |
|---|
| Filesystem size issues [message #34746] |
Fri, 30 January 2009 07:26 |
odiobill
Messages: 2
Registered: October 2008
Location: Bologna, Italy |
Junior Member |
From: *ip.fastwebnet.it
|
|
Hi, I have a container that runs on an ubuntu server 64 bit machine with kernel 2.6.24-19-openvz.
For each running VE I created a single logical volume, but someones are giving me some strange information about used disk space.
20207 is the last VE I created. It also runs an ubuntu server (64 bit).
This is the result of the df -h command:
>-- CUT HERE --<
/dev/mapper/data-20207
172G 727M 165G 1% /var/lib/vz/private/20207
>-- CUT HERE --<
The logical volum is very big (174), but the VE is still empty so used space on it is just 727M).
If I enter the VE, that's what I see issuing the same command:
>-- CUT HERE --<
Filesystem Size Used Avail Use% Mounted on
simfs 285G 114G 165G 41% /
tmpfs 3.9G 40K 3.9G 1% /var/run
tmpfs 3.9G 0 3.9G 0% /var/lock
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 40K 3.9G 1% /var/run
tmpfs 3.9G 0 3.9G 0% /var/lock
>-- CUT HERE --<
How it's that possible? There's something I can do to correct this?
Kind regards,
//Davide
Davide
|
|
| | Topic: what goes wrong with this centos5 iscsi pxe-boot |
|---|
| what goes wrong with this centos5 iscsi pxe-boot [message #34729] |
Thu, 29 January 2009 04:45 |
psc-openvz
Messages: 1
Registered: January 2009 |
Junior Member |
From: *static.dsl.concepts.nl
|
|
I installed Centos5 on an iSCSI disk with (mostly) default options, folowing "Using open-iscsi On A System With No Firmware Boot Support for iSCSI" from the Centos5 release notes ( http://www.centos.org/docs/5/html/release-notes/as-x86/RELEA SE-NOTES-U1-x86-en.html). That went fine!
I saved the initrd (actually the whole boot-dir, Alt-F2&ftp directly after install & before reboot!) and tried to setup pxe for booting this machine. Unfortunately, the release notes are not very clear on this.
I googled for remote boot on centos4 and got a few possibilities. Out of that I setup pxelinux.cfg/default as follows:
default vmlinuz-2.6.18-xen
LABEL vmlinuz-2.6.18-xen
KERNEL vmlinuz-2.6.18-92.el5xen
APPEND initrd=initrd-2.6.18-92.el5xen.img ro root=/dev/sda1 \
iscsi_i=iqn.2005-03.com.max:01.cafb27 \
iscsi_i_ip=192.168.1.0/255.255.255.0 \
iscsi_t=iqn.1994-04.org.netbsd.iscsi-target:target0 \
iscsi_a=192.168.1.250 \
iscsi-if=eth0
Then, on pxe booting, I get "invalid or corrupt kernel image"
To find out the cause, I replaced vmlinuz-2.6.18-92.el5xen with one for remote *installation* (http://ftp.cvut.cz/centos/5.2/os/i386/images/pxeboot/). It then *does* boot & loads the initrd. But before it panics it complains about a lots of FS related problems.
If I also replace the vmlinuz from the above source I get a full working *installation* screen (& that's what I don't need) . So PXE-boot *is* working.
If I uses the non xen-vmlinuz &initrd from the saved boot directory, I get similair FS related errors before a panic.
FYI: I compared the iscsi data with the iscsistartup string in 'init' after extracting it from initrd-2.6.18-92.el5xen.img
What goes wrong or what am I doing wrong??
[Updated on: Thu, 29 January 2009 05:50] Report message to a moderator |
|
| | Topic: Centos 5.2 HN, Ubuntu 8.04 VE, Networking issue [Solved] |
|---|
| Centos 5.2 HN, Ubuntu 8.04 VE, Networking issue [Solved] [message #34728] |
Thu, 29 January 2009 03:48 |
venkatmangudi
Messages: 1
Registered: January 2009
Location: Bangalore, India |
Junior Member |
From: *17.167.122.airtelbroadband.in
|
|
Hi,
I could not get network to start on my VE on Ubuntu, and later when I tried on Debian. I discovered that the /etc/network/interfaces.template listed and the VE was discovering it on startup as well. Thus networking was broken. I found this when I ran invoke-rc.d networking restart
I commented out the entries in the interfaces.template file and it worked. Note that making changes to /etc/networking/interfaces will be overwritten when the VE is restarted. Hope this helps someone out there breaking their head like I did.
Venkat
|
|
| | Topic: open-iscsi inside VE |
|---|
| | Topic: vzdump some strange message when using snapshot |
|---|
| vzdump some strange message when using snapshot [message #34605] |
Tue, 20 January 2009 11:05 |
Noxx
Messages: 4
Registered: August 2008 |
Junior Member |
From: *18-79-r.retail.telecomitalia.it
|
|
Hi all,
hope this is the right section and even the right forum for asking help on this problem.
Using LVM2 i have this partion layout:
LABEL=/ / ext3 defaults 1 1
/dev/VolGroup00/VZ /vz ext3 defaults 1 2
/dev/VolGroup00/VZDUMP /dump ext3 defaults 1 2
/dev/VolGroup00/BACKUP /backup ext3 noquota,rw 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda3 swap swap pri=0,defaults 0 0
Now i have all my container inside /vz and i backup on /dump.
Everything works fine, but i'm a bit worried about some error/message that i got inside messages when using snapshot.
From command line there are no errors:
~]# vzdump11 --dumpdir /dump --snapshot 440
INFO: Starting new backup job - vzdump --dumpdir /dump --snapshot 440
INFO: Starting Backup of VM 440 (openvz)
INFO: status = CTID 440 exist mounted running
INFO: creating lvm snapshot of /dev/mapper/VolGroup00-VZ ('/dev/VolGroup00/vzsnap')
INFO: Logical volume "vzsnap" created
INFO: mounting lvm snapshot
INFO: creating archive '/dump/vzdump-440.dat' (/mnt/vzsnap/private/440)
INFO: Total bytes written: 142192640 (136MiB, 10MiB/s)
INFO: file size 135MB
INFO: Logical volume "vzsnap" successfully removed
INFO: Finished Backup of VM 440 (00:00:17)
But looking inside log message i see those line:
Jan 20 16:39:56 srv1 vzdump[12782]: Starting new backup job - vzdump --dumpdir /dump --snapshot 440
Jan 20 16:39:56 srv1 vzdump[12782]: Starting Backup of VM 440 (openvz)
Jan 20 16:39:58 srv1 kernel: kjournald starting. Commit interval 5 seconds
Jan 20 16:39:58 srv1 kernel: EXT3 FS on dm-3, internal journal
Jan 20 16:39:58 srv1 kernel: EXT3-fs: dm-3: 25 orphan inodes deleted
Jan 20 16:39:58 srv1 kernel: EXT3-fs: recovery complete.
Jan 20 16:39:58 srv1 kernel: EXT3-fs: mounted filesystem with ordered data mode.
Jan 20 16:40:13 srv1 vzdump[12782]: Finished Backup of VM 440 (00:00:17)
Is there something of anomalous ?
Wy those lines EXT3-fs: dm-3: 25 orphan inodes EXT3-fs: recovery complete ?
The system has an'array of 4 disk in raid10 mode.
Tryied searching both this forum and web, and i can't find a solution.
Thanks in advance for any suggestion.
[Updated on: Tue, 20 January 2009 11:07] Report message to a moderator |
|
| | Topic: simple internet router in VE? |
|---|
| simple internet router in VE? [message #34603] |
Tue, 20 January 2009 04:07 |
digidax
Messages: 28
Registered: March 2008 |
Junior Member |
From: *celebraterecords.com
|
|
Hello,
I'm trying to setup a simple router with NAT to get internet access from IP 172.16.0.99 at the LAN (eth1) to the WAN (eth0).
interfaces on HN:
# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:15:17:4B:0A:50
inet Adresse:192.168.130.208 Bcast:192.168.130.255 Maske:255.255.255.0
inet6 Adresse: fe80::215:17ff:fe4b:a50/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4194 errors:0 dropped:0 overruns:0 frame:0
TX packets:7392 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:490557 (479.0 KiB) TX bytes:1777986 (1.6 MiB)
Speicher:feb80000-feba0000 javascript://
eth1 Link encap:Ethernet Hardware Adresse 00:15:17:4B:0A:51
inet Adresse:172.16.0.3 Bcast:172.16.0.255 Maske:255.255.255.0
inet6 Adresse: fe80::215:17ff:fe4b:a51/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:406 errors:0 dropped:0 overruns:0 frame:0
TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:100
RX bytes:31650 (30.9 KiB) TX bytes:61399 (59.9 KiB)
Speicher:febe0000-fec00000
lo Link encap:Lokale Schleife
inet Adresse:127.0.0.1 Maske:255.0.0.0
inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
venet0 Link encap:UNSPEC Hardware Adresse 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST PUNKTZUPUNKT RUNNING NOARP MTU:1500 Metric:1
RX packets:6623 errors:0 dropped:0 overruns:0 frame:0
TX packets:1535 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:0
RX bytes:1659375 (1.5 MiB) TX bytes:136607 (133.4 KiB)
but
# ip r l
172.16.0.4 dev venet0 scope link
192.168.130.209 dev venet0 scope link
192.168.130.0/24 dev eth0 proto kernel scope link src 192.168.130.208
172.16.0.0/24 dev eth1 proto kernel scope link src 172.16.0.3
169.254.0.0/16 dev eth1 scope link
default via 192.168.130.254 dev eth0
asks me, why is network 169.254.0.0/16 present?
From the VE I can ping all host at the WAN, also DNS resolving works. I can also ping from the VE to all Clients located at LAN. From LAN I can ping eth1 and can open a website from apache inside VE on port 80. DNS resolving from internet hosts works also inside LAN because a BIND is also running inside VE.
on VE I'm using:
iptables -A FORWARD -s 172.16.0.99 -j ACCEPT
iptables -A POSTROUTING -t nat -s 172.16.0.99 -j MASQUERADE
I have run a tcpdump while the client tryed: http://www.google.de
on HN: # tcpdump host 172.16.0.99
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:54:10.189894 IP 172.16.0.99.kiosk > bw-in-f99.google.com.http: S 4160233486:4160233486(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:13.127257 IP 172.16.0.99.kiosk > bw-in-f99.google.com.http: S 4160233486:4160233486(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:19.136236 IP 172.16.0.99.kiosk > bw-in-f99.google.com.http: S 4160233486:4160233486(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:31.156345 IP 172.16.0.99.veracity > bw-in-f103.google.com.http: S 3111893581:3111893581(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:34.160112 IP 172.16.0.99.veracity > bw-in-f103.google.com.http: S 3111893581:3111893581(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:40.068256 IP 172.16.0.99.veracity > bw-in-f103.google.com.http: S 3111893581:3111893581(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:40.770259 IP 172.16.0.99.nfs > ipcop.localdomain.ntp: NTPv3, Client, length 48
08:54:52.090269 IP 172.16.0.99.kyoceranetdev > bw-in-f104.google.com.http: S 3303672974:3303672974(0) win 65535 <mss 1460,nop,nop,sackOK>
08:54:55.093254 IP 172.16.0.99.kyoceranetdev > bw-in-f104.google.com.http: S 3303672974:3303672974(0) win 65535 <mss 1460,nop,nop,sackOK>
08:55:01.102152 IP 172.16.0.99.kyoceranetdev > bw-in-f104.google.com.http: S 3303672974:3303672974(0) win 65535 <mss 1460,nop,nop,sackOK>
08:55:13.121419 IP 172.16.0.99.jstel > bw-in-f147.google.com.http: S 1832507979:1832507979(0) win 65535 <mss 1460,nop,nop,sackOK>
13 packets captured
26 packets received by filter
0 packets dropped by kernel
on VE: # tcpdump host 172.16.0.99
tcpdump: WARNING: arptype 65535 not supported by libpcap - falling back to cooked socket
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on venet0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
00:59:29.992900 IP 172.16.0.99.dls-monitor > 172.16.0.4.domain: 26096+ A? www.google.de. (31)
00:59:30.277110 IP 172.16.0.4.domain > 172.16.0.99.dls-monitor: 26096 6/7/0 CNAME[|domain]
2 packets captured
6 packets received by filter
0 packets dropped by kernel
Where is the routing problem from HN to VE?
|
|
| | Topic: IO Accounting : vfs_reads and vfs_read_chars: unit |
|---|
| IO Accounting : vfs_reads and vfs_read_chars: unit [message #34581] |
Mon, 19 January 2009 07:51 |
alx123
Messages: 1
Registered: January 2009 |
Junior Member |
From: *w86-198.abo.wanadoo.fr
|
|
Hi,
I'm posting a thread, because I don't understand the difference between vfs_reads and vfs_read_cahrs in IO Account (/proc/bc/<CT-ID>/ioacct).
And What's the unit of vfs_reads and vfs_read_chars
Exemple for a CT :
------------------------------
read 0
write 0
dirty 0
cancel 0
missed 0
syncs_total 20
fsyncs_total 32641961
fdatasyncs_total 440
range_syncs_total 0
syncs_active 0
fsyncs_active 0
fdatasyncs_active 0
range_syncs_active 0
vfs_reads 186971793
vfs_read_chars 1833248264832521650
vfs_writes 1937841860
vfs_write_chars 2795685237397960
io_pbs 0
-------------------------------
Thank you in Advance.
Regards,
|
|
| | Topic: Weird file access / rights problem |
|---|
| Weird file access / rights problem [message #34561] |
Sun, 18 January 2009 05:55 |
Evil-Knievel
Messages: 1
Registered: January 2009 |
Junior Member |
From: *pool.einsundeins.de
|
|
I run a courier IMAP / POP server in one of my OpenVZ containers. After each reboot, the courier daemon denies access with this error message:
couriertls: imapd.pem: error:02001002:system library: fopen:No such file or directory
Obviously it can't find the certificate file needed for TLS/SSL, though the file exists and has the right permissions set:
-rw------- 1 root root 2591 Dec 11 12:41 pop3d.pem
lrwxrwxrwx 1 root root 9 Jan 13 11:15 imapd.pem -> pop3d.pem
However - if i stop the daemon, do a 'chown root:root' and restart the courier daemons afterwards, everything works fine.
I'm not sure if this is really OpenVZ related, but as i don't any further with this: any help would be greatly appreciated!
|
|
| | Topic: IPv6 - arp problem |
|---|
| IPv6 - arp problem [message #34529] |
Thu, 15 January 2009 08:18 |
jonasb
Messages: 20
Registered: July 2007 |
Junior Member |
From: *122.227.87.static.ens.siw.siwnet.net
|
|
Hello,
I think I have ARP problem with IPv6.
IPv6 is working on HN.
VE can ping HN.
VE can not ping gateway of HN.
Container:
VE:~# route -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2000::/3 :: U 1024 0 0 venet0
fe80::/64 :: U 256 0 0 venet0
::/0 :: !n -1 1 14214 lo
::1/128 :: Un 0 1 4 lo
::1/128 :: Un 0 1 0 lo
2001:XXX:1::c8/128 :: Un 0 1 209 lo
ff00::/8 :: U 256 0 0 venet0
::/0 :: !n -1 1 14214 lo
I cant ping gateway of HN:
VE:~# ping6 2001:XXX:1::1
PING 2001:XXX:1::1(2001:XXX:1::1) 56 data bytes
--- 2001:XXX:1::1 ping statistics ---
166 packets transmitted, 0 received, 100% packet loss, time 165020ms
With tcpdump I can see that the router asking for ip of VE, 2001:XXX:1::c8
14:15:28.515495 IP6 2001:XXX:1::c8 > 2001:XXX:1::1: ICMP6, echo request, seq 1, length 64
14:15:28.516387 IP6 2001:XXX:1::1 > ff02::1:ff00:c8: ICMP6, neighbor solicitation, who has 2001:XXX:1::c8, length 32
14:15:29.515277 IP6 2001:XXX:1::c8 > 2001:XXX:1::1: ICMP6, echo request, seq 2, length 64
14:15:29.516413 IP6 2001:XXX:1::1 > ff02::1:ff00:c8: ICMP6, neighbor solicitation, who has 2001:XXX:1::c8, length 32
Im running CentOS with kernel 2.6.18-92.1.13.el5.028stab059.6.
Any ideas whats wrong?
|
|
| | Topic: container shows not real cpu consumption with "top" command |
|---|
| container shows not real cpu consumption with "top" command [message #34526] |
Thu, 15 January 2009 05:33 |
jevelyt
Messages: 19
Registered: January 2009 |
Junior Member |
From: 212.122.90*
|
|
Hello, with quad core processor I create container with --cpuunits 16 (4% of all cpus) and I launch CS 1.6 server. When there are ~16 players there are no lag, when 20+ of players - ping for the players goes up sharply but in cat /proc/user_beancounters failcnt is 0 in all parameters. I think this is because lack of cpu but with command top or htop the cpu is shown ~0-5%.
Why container doesn't show it's cpu consumption? I think that container shows main server's cpu consumption but not container's. I'm right?
[Updated on: Thu, 15 January 2009 05:47] Report message to a moderator |
|
| | Topic: Moving VEs with IP-Addresses |
|---|
| Moving VEs with IP-Addresses [message #34502] |
Mon, 12 January 2009 18:08 |
OliverH
Messages: 1
Registered: January 2009
Location: NRW |
Junior Member |
From: *netcologne.de
|
|
Hi everyone!
I'm new here and have a question on live migrating VEs.
I want to build an OpenVZ cluster. There are IP Addresses available on the ethernet the hosts are connected to. So I don't want the hosts to route the traffic to the VEs but to bridge it.
What I have done yet is to set up a bridge on each host and add an virtual ethernet device to each VE and to the bridge of the host the VE is running on.
The problem is that I want to use live migration.
So when I move an VE to another maschine, I think the virtual ethernet device would not exist anymore. But even if it exists, I think it would not be bridged to the ethernet device of the new host.
How do I realize it, that my VEs can use their old IP-Addresses automatically when they are moving to a new host?
Did anybody get my point?
Regars,
Oliver
|
|
| | Topic: Lenny linux-image-2.6.26-1-openvz-amd64 2.6.26-12 does not boot on dual Quadcore |
|---|
| Lenny linux-image-2.6.26-1-openvz-amd64 2.6.26-12 does not boot on dual Quadcore [message #34483] |
Sat, 10 January 2009 16:20 |
volker.jaenisch@inqbus.de
Messages: 1
Registered: January 2009 |
Junior Member |
From: *pools.arcor-ip.net
|
|
Hello Openvz Community!
Before filing a bug-report I like to ask
if anybody an this list has got
Debian Lenny linux-image-2.6.26-1-openvz-amd64 2.6.26-12
running on a Dual Quadcore AMD System.
The System consist out of
* supermicro H8DME-2 board
* 2 x AMD Opteron Quadcore 2356
* 32 GB RAM
Running the kernel mentioned above we got a kernel OOPS
if we set the Board BIOS to optimal settings.
If we fall back to the failsave BIOS settings the kernel does OOPS one out of three times, only 
This behavior may be comparable to bug 1110
http://bugzilla.openvz.org/show_bug.cgi?id=1110#attach_844
The same kernel version without openvz
Debian Lenny linux-image-2.6.26-1-amd64 Version 2.6.26-12
runs without any problems. So we draw the conclusion that the kernel OOPS is openvz spezific.
On slightly modified hardware
same board but with a single AMD opteron DUAL core the openvz kernel runs.
So it seems to be a combination of DUAL Quad-Core and openvz?
Any help and ideas appreciated !
Thanks in advance
Volker
|
|
|
Pages (70): [ 17 ]
Current Time: Sun May 26 05:35:52 EDT 2013
|
Members
Search
Help
Register
Login
Home
