| Forum: Support |
|---|
| Topic: Bridge Connection |
|---|
| Bridge Connection [message #40760] |
Wed, 29 September 2010 04:09 |
 ysar68
Messages: 1
Registered: September 2010
Location: Greece - Attiki-Athens |
Junior Member |
From: *on4.ontelecoms.gr
|
|
When i install the openvz i see exempt the kernel and all the installations need to make a bridge with the real ethernet interface , my os is centos 5.5 any solution , because when i try to connect with ip i give to the vps i was connecting in the ssh of the main machine running the openvz and when i put in sshd_config to respond in only one ip the ip i set in vps machine is not responding
so is something about the bridge connection
Ysar , Athens , Greece
[Updated on: Wed, 29 September 2010 04:16] Report message to a moderator |
|
|
| Topic: IPs constantly disconnecting |
|---|
| IPs constantly disconnecting [message #40741] |
Mon, 27 September 2010 04:46 |
jikson26
Messages: 1
Registered: September 2010 |
Junior Member |
From: *oc.oc.cox.net
|
|
Hello,
for some months I have been using OpenVZ with several IPs. I am using cPanel with this VM. there was nothing wrong until about a month ago; my IPs started disconnecting at regular intervals.
It seemed that maybe the ARP entries kept disappearing, I would have to add the IPs to the host node and ping them each time to get them working again, then add them to the VM again.
Are there any known issues similar to this?
Hope someone can help! Thanks!
Info:
# ip rule list
0: from all lookup 255
32766: from all lookup main
32767: from all lookup defaul
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
xxx.xxx.29.204 0.0.0.0 255.255.255.255 UH 0 0 0 veth101.0
xxx.xxx.29.205 0.0.0.0 255.255.255.255 UH 0 0 0 veth101.0
xxx.xxx.29.206 0.0.0.0 255.255.255.255 UH 0 0 0 veth101.0
xxx.xxx.29.203 0.0.0.0 255.255.255.255 UH 0 0 0 veth101.0
xxx.xxx.29.200 0.0.0.0 255.255.255.248 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 xxx.xxx.29.201 0.0.0.0 UG 0 0 0 eth0
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:17:08:D1:06:D3
inet addr:xxx.xxx.29.202 Bcast:xxx.xxx.29.207 Mask:255.255.255.248
inet6 addr: fe80::217:8ff:fed1:6d3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:41001262 errors:0 dropped:0 overruns:0 frame:0
TX packets:45043959 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17032410607 (15.8 GiB) TX bytes:36627639484 (34.1 GiB)
Interrupt:233 Memory:ca000000-ca010000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:677 errors:0 dropped:0 overruns:0 frame:0
TX packets:677 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:246164 (240.3 KiB) TX bytes:246164 (240.3 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
veth101.0 Link encap:Ethernet HWaddr 00:18:51:BC:64:AA
inet6 addr: fe80::218:51ff:febc:64aa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45204612 errors:0 dropped:0 overruns:0 frame:0
TX packets:40660658 errors:0 dropped:9 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:35733073122 (33.2 GiB) TX bytes:16144734528 (15.0 GiB)
# iptables -t nat -L && iptables -t filter -L && iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
# arp -an
? (xxx.xxx.29.201) at 00:D0:02:F0:54:00 [ether] on eth0
? (xxx.xxx.29.203) at 00:18:51:19:D1:B7 [ether] on veth101.0
? (xxx.xxx.29.204) at 00:18:51:19:D1:B7 [ether] on veth101.0
? (xxx.xxx.29.206) at <incomplete> on veth101.0 [Updated on: Mon, 27 September 2010 05:13] Report message to a moderator |
|
|
| Topic: CAPI & CAPIFS support in VE |
|---|
| CAPI & CAPIFS support in VE [message #40702] |
Wed, 22 September 2010 05:27 |
Slydder
Messages: 1
Registered: September 2010 |
Junior Member |
From: *planet-ic.de
|
|
hey all,
I just got USB modem support enabled on an openvz 1.6 VE (both HN and VE are debian lenny amd64) that we are wanting to use as a fax server. unfortunately I am in need of capifs support which is not an available option in vzctl atm.
how hard is it to update the code to allow for capifs support?
thanks,
chuck
|
|
|
| Topic: Problems booting from USB flash |
|---|
| Problems booting from USB flash [message #40682] |
Sun, 19 September 2010 13:09 |
mperkel
Messages: 243
Registered: December 2006 |
Senior Member |
From: *dhcp.mdfd.or.charter.com
|
|
Not sure what the problem is but can't seem to boot from USB flash. Here's my modprobe.conf
options snd-hda-intel index=0
remove snd-hda-intel { /usr/sbin/alsactl store 0 >/dev/null 2>&1 || : ; }; /sbin/modprobe -r --ignore-remove snd-hda-intel
alias eth0 r8169
#alias eth0 forcedeth
alias scsi_hostadapter libata
alias scsi_hostadapter1 usb-storage
alias scsi_hostadapter2 pata_atiixp
alias scsi_hostadapter3 sata_nv
alias scsi_hostadapter4 ahci
alias snd-card-0 snd-hda-intel
options snd-card-0 index=
Boot fails with messages about not finding /dev/root and other file system related failures.
From what I can tell it looks like the USB device isn't initializing in time because after the boot failed message the USB drive attachment message comes up.
What am I missing? Thanks in advance.
Junk Email Filter
http://www.junkemailfilter.com
|
|
|
| Topic: vzmigrate "-r no" not working. It deletes original source container |
|---|
|
| Topic: Ubuntu 10.04 container hangs after vzrestore |
|---|
| Ubuntu 10.04 container hangs after vzrestore [message #40665] |
Wed, 15 September 2010 17:43 |
mindfury
Messages: 2
Registered: September 2010
Location: Michigan, USA |
Junior Member |
From: 12.200.95*
|
|
Hello.
Apologizes in advance of the answer to this is obvious, I've searched Google, the Wiki, and this forum and haven't found anything that works. 
I've done a vzrestore of an Ubuntu 10.04 container on the same HN from which it originated. I destroyed the prior container and restored to the same CTID.
Starting the container works fine, however, the process count when doing 'vzlist' is 1, and the process itself is the init task. I've checked /proc/user_beancounters to see if there were any resource problems, and the failcnt is 0 on everything concerning this CT.
Any thoughts on how I can troubleshoot this further, it seems init is indeed where things are hanging, but I'm not sure as to why.
--
Philip
|
|
|
| Topic: Assigning IPs |
|---|
| Assigning IPs [message #40650] |
Sat, 11 September 2010 18:04 |
PsyberMind
Messages: 1
Registered: September 2010 |
Junior Member |
From: *dsl.iowatelecom.net
|
|
I have a rather serious issue, and I'm not sure how to fix this one
I have a server, with a /27 the problem is, They all seem to be tied to the HN.
I can assign an IP to the container with no problem. I can enter the container, I can PING the IP from within the HN.
When I ssh into the container, my root PW will NOT work. The only way it will work is if I use the root pw for the HN. It's like every IP I have is tied to the HN, and I can't for the life of me figure out why.
I've asked the DC to move the IPs into the vLan, but they are telling me they don't support OpenVZ in any way shape or form, so I'm on my own.
Until I can get this figured out, I am at a standstill
[root@ord-1 ~]# ip r l
unreachable 255.255.255.255
173.236.95.192/28 dev eth0 proto kernel scope link src 173.236.95.194
184.154.11.224/27 dev venet0 proto kernel scope link src 184.154.11.226
unreachable 224.0.0.0/24
184.154.0.0/16 dev venet0 proto kernel scope link src 184.154.11.226
169.254.0.0/16 dev eth0 scope link
default via 173.236.95.193 dev eth0
[root@ord-1 ~]# vzctl enter
CT ID missing
[root@ord-1 ~]# vzctl enter 200
entered into CT 200
[root@vpsctl /]# ip r l
192.0.2.0/24 dev venet0 scope host
169.254.0.0/16 dev venet0 scope link
default via 192.0.2.1 dev venet0
[root@vpsctl /]#
[root@ord-1 ~]# ifconfig;route -n;vzlist -a
eth0 Link encap:Ethernet HWaddr 00:30:48:FC:B4:18
inet addr:173.236.95.194 Bcast:173.236.95.207 Mask:255.255.255.240
inet6 addr: fe80::230:48ff:fefc:b418/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:192074 errors:0 dropped:0 overruns:0 frame:0
TX packets:112012 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:257858784 (245.9 MiB) TX bytes:10188969 (9.7 MiB)
Memory:dc100000-dc120000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:702 errors:0 dropped:0 overruns:0 frame:0
TX packets:702 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:78588 (76.7 KiB) TX bytes:78588 (76.7 KiB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:184.154.11.226 P-t-P:184.154.11.226 Bcast:184.154.255.255 Mask:255.255.0.0
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:166 errors:0 dropped:0 overruns:0 frame:0
TX packets:242 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:19246 (18.7 KiB) TX bytes:19680 (19.2 KiB)
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 - 255.255.255.255 !H 0 - 0 -
173.236.95.192 0.0.0.0 255.255.255.240 U 0 0 0 eth0
184.154.11.224 0.0.0.0 255.255.255.224 U 0 0 0 venet0
224.0.0.0 - 255.255.255.0 ! 0 - 0 -
184.154.0.0 0.0.0.0 255.255.0.0 U 0 0 0 venet0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 173.236.95.193 0.0.0.0 UG 0 0 0 eth0
CTID NPROC STATUS IP_ADDR HOSTNAME
200 16 running 184.154.11.226 vpsctl.xxxxxxx.org
[root@ord-1 ~]#
[Updated on: Sat, 11 September 2010 18:56] Report message to a moderator |
|
|
| Topic: NAT issue |
|---|
| NAT issue [message #40648] |
Fri, 10 September 2010 02:43 |
aLittle
Messages: 1
Registered: September 2010 |
Junior Member |
From: 59.95.98*
|
|
Hello,
I've a private setup of OpenVZ on CentOS. There are 5 containers in total, with significant amount of data being transferred between them. I was wondering if it is possible to assign each VPS a private IP along with the public IP it currently has.
I have seem multiple guides for using NAT on openvz containers. However, it appears they've been written(and probably tested) for systems with no unique public IP.
I know this would have been done by lots of OpenVZ fellows but can someone advise what can I do in this case?
For the curious, the site is a social networking site. The 3 VPS serve as web and database servers, while the remaining two are backup servers (We do off-site and offline backup from these vps).
|
|
|
| Topic: OpenAFS inside OpenVZ CTs |
|---|
 OpenAFS inside OpenVZ CTs [message #40556] |
Tue, 31 August 2010 15:12 |
swish
Messages: 1
Registered: August 2010 |
Junior Member |
From: *engin.umich.edu
|
|
I was looking for a way to use OpenAFS inside a OpenVZ container and couldn't find any resources on it. Is it possible, and if it is, how does one accomplish it? My google-fu may not be up to par, but the only discussions I found on the matter were from 2006 and resulted in no solution.
Host kernel version: 2.6.18-194.8.1.el5.028stab070.2 (I do have OpenAFS enabled and running on the host)
Tool versions: 3.0.24.1-1
Currently trying to accomplish this with a CT running Ubuntu 9.10.
Thanks,
Steve
|
|
|
| Topic: kernel.core_pattern |
|---|
| kernel.core_pattern [message #40552] |
Tue, 31 August 2010 09:30 |
jtaylor
Messages: 1
Registered: August 2010 |
Junior Member |
From: 208.71.184*
|
|
Linux 2.6.26-2-openvz-amd64
it is possible to set a core_pattern starting with a | in order to have your core file processed by a program before being generated. On the parent system (server01), i set the core pattern, and i'm able to generate core dumps that get processed. on the virtual system (server02) it seems to take the core pattern from the parent., but whenever something would generate a core, it doesn't, and the dmesg on the parent server says
[469586.116037] Core dump to |/filename pipe failed
in case it was using the path to the file on the virtual server, i placed a copy of the file on both the virtual and physical machines.
do virtual servers handle pipes in the core pattern file? or am i doing something wrong?
|
|
|
| Topic: strace vzctl start VEID - not stopping |
|---|
| strace vzctl start VEID - not stopping [message #40541] |
Mon, 30 August 2010 14:44 |
bvirtual
Messages: 1
Registered: August 2010 |
Junior Member |
From: *dsl.irvnca.pacbell.net
|
|
"kill -9 pid" fails to stop strace of vzctl. Also, we have 5 VE's that start init, and go no further. It might be related.
First the command as seen from ps, then version info, then extra info. Notice it's using 100% CPU, which is 1 of 8 CPUs, on a dual quad with 32gig RAM, 1 terabyte HD.
# ps aux | grep strace
root 29250 99.5 0.0 4116 776 ? R Aug22 11003:47 strace -f vzctl start 99
strace -- version 4.5.18
vzctl version 3.0.24.1
CentOs release 5.5 (Final)
Linux version 2.6.18-194.8.1.el5.028stab070.2 (root@rhel5-build-x64) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Tue Jul 6 14:55:39 MSD 2010
I've been able to kill -9 other strace processes, but this one, run by another root user, fails to stop. The way I killed strace was to kill off the child vzctl first, or the parent bash shell, and then kill -9 strace.
I've attached strace (strace -p 29250) and sent a KILL signal, and got nothing. Why is strace using 100% CPU? What loop is in it? I was going to read strace source code, to find out, but that will not help me stop this process.
Any hints? Suggestions? Other signals to send? Ok, I could reboot, but there are dozens of containers running.
I've googled and read a lot, apparently strace might be stopping, but starting again. Most strace vzctl posts go back 2 years, which is about how old our OpenVZ install is.
This came about as 'sync' failed to returned. And was state 'uninterruptible.' 'shutdown' failed to complete, leaving 'init' running, along with the two syncs. None could be stopped from the Host OS with kill -9. Other VE's showed the same problem. So reboot the Host OS for another reason, related to changing mount commit values.
Several containers would start init, but go no further, but could be killed. So strace vzctl. The output file showed vzctl *.sh running, but not all of them, and never showed init starting, but ps did.
So, we now have many containers running and one CPU out of action. Killing this one strace process would give us the CPU back. It's been voiced the uneven heating of the quad chip will eventually crack it, and we will lose 4 CPUs. Is that possible? If so, then rebooting is needed. How soon? It's been 6 days now.
Am I posting in the right place? Might there be an strace forum? I'm just starting here.
|
|
|
| Topic: Human readable status of 2.6.32 or source for this status? |
|---|
| Human readable status of 2.6.32 or source for this status? [message #40472] |
Sat, 21 August 2010 12:43 |
januszzz
Messages: 50
Registered: January 2007
Location: Opole, Poland |
Member |
From: *internetdsl.tpnet.pl
|
|
Hi,
I'm waiting for 2.6.32 openvz kernel since a year and I try to read status of the development.
Unfortunately, I haven't found a reliable source of information (RSS? roadmap?) and I kindly ask about its status. Or better - give me link to sources of information.
I'm only advanced user (sysadmin) so I would appreciate human readable info if possible  If not, I accept anything.
Thanks.
|
|
|
| Topic: Out of band console access |
|---|
|
| Topic: NFS on Open VZ Host Issues |
|---|
| NFS on Open VZ Host Issues [message #40439] |
Wed, 18 August 2010 12:45 |
jgriffith
Messages: 1
Registered: August 2010
Location: Ivine, CA USA |
Junior Member |
From: *farheap.com
|
|
I am trying to export directories that are bind mounted in VE's on an Open VZ host and it is not allowing me to export them, giving me the error: Could not export filesystem via NFS with VZQUOTA on
However, I am able to do this very thing on another system that is running a different VZ kernel (same kernel config options, same versions of vzctl, vzquota, and vzdump).
Here are more details on the set up:
Both are Gentoo Hosts.
Both have VE's located in a partition called /data/private
Both have bind mounts on the same partition called /data/mount_location
I am trying to export /data/mount_location via NFS to another server as read only.
The server where this works is using the following kernel: 2.6.27-openvz-chistyakov.1
The server where I need this to work and it's not is using the following kernel: 2.6.27-openvz-kuindzhi.1
I have seen in several places that the fix is to disable vzquota on the partition, but how does one do this?
I have also tried to export these directories with Open VZ shut down, but it still gives me the same errors.
I have checked /proc/vz/vzquota and it is only reporting that vzquota is running where it should be (within the VE directories).
|
|
|
| Topic: VE cann't start after system upgrade |
|---|
| VE cann't start after system upgrade [message #40437] |
Wed, 18 August 2010 04:39 |
lego_12239
Messages: 1
Registered: August 2010 |
Junior Member |
From: *rosinteh.com
|
|
Hi, all.
I have a machine with Debian squeeze and 2.6.32.15 kernel from openvz.org. I use vzctl utility from vzctl Debian package (3.0.24-1). Everything worked fine until last apt-get upgrade. After which I got the next error:
debian:~# vzctl start 101
Starting container ...
Container is mounted
Adding IP address(es): 192.168.100.201
vps-net_add WARNING: Device list is empty
vps-net_add WARNING: Device list is empty
RTNETLINK answers: Network is down
vps-net_add ERROR: Unable to add route /sbin/ip route add 192.168.100.201 dev venet0
Container start failed
Stopping container ...
Container was stopped
Container is unmounted
debian:~#
After this for clarity I done fresh squeeze installation from scratch and got the same result.
How can I resolve this?
Thanks.
|
|
|
| Topic: need help getting /dev/fuse and /dev/net/tun to play nice together in container |
|---|
| need help getting /dev/fuse and /dev/net/tun to play nice together in container [message #40379] |
Mon, 16 August 2010 01:41 |
vpsric
Messages: 1
Registered: August 2010 |
Junior Member |
From: *koolabar.com.au
|
|
Is there any thing special that has to be done to get both /dev/fuse and /dev/net/tun to work together in a container? My present VPS provider can only get one working at a time. When they attempt to update fuse, fuse works but tun doesn't and visa versa. It looks like the the order of the commands below affects which one works.
This is the second provider that I have experienced this issue with. Of course this is not an issue with Xen but it would be nice to be able to get this working with openvz.
<< Commands
vzctl set 2000 --devices c:10:229:rw --save
vzctl exec 2000 mknod /dev/fuse c 10 229
vzctl set 2000 --devices c:10:200:rw --save
vzctl set 2000 --capability net_admin:on --save
>>
Regards.
|
|
|
| Topic: iptables rule not working on local network |
|---|
| iptables rule not working on local network [message #40363] |
Fri, 13 August 2010 14:01 |
newovz
Messages: 4
Registered: August 2010 |
Junior Member |
From: *61.131.53.mtnl.net.in
|
|
Hi,
I have installed OpenVZ on a CentOS 5.5 server in our Office.
The HN IP is static and its IP is 192.168.1.70
I have created a VPS/VE/Container with ID 110 and IP 192.168.1.110
/proc/sys/net/ipv4/ip_forward is set TO 1
Now I have passed the following iptables command:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 5454 -d ! 192.168.1.70/32 -j DNAT --to-destination 192.168.1.70:5454
http://192.168.1.70:5454 has our Control Panel and we wanted that anyone accessing the address http://192.168.1.110:5454 to view the Control Panel.
But this is not working. I can ping the IP 192.168.1.110 from anywhere on the network. But the URL http://192.168.1.110:5454 is not being forwarded to http://192.168.1.70:5454
What could be the reason for it ?
Please help me!
I am a newbie!
[Updated on: Fri, 13 August 2010 14:02] Report message to a moderator |
|
|
| Topic: DDOS in VM |
|---|
| DDOS in VM [message #40337] |
Wed, 11 August 2010 10:12 |
CleberDantas
Messages: 56
Registered: May 2006 |
Member |
From: 200.149.6*
|
|
Hello.
My vps is receiving UDP FLOOD. Via iptraf, i see origem IP.
In vps, i blocked via:
iptables -A INPUT -p udp -j DROP
iptables -I INPUT -s IPLAMMER -j DROP
I continue receiving atack in udp port.
Via software, have other solution?
|
|
|
| Topic: vzdump tarballs |
|---|
| vzdump tarballs [message #40324] |
Wed, 11 August 2010 03:48 |
rubikz
Messages: 4
Registered: August 2010 |
Junior Member |
From: *w90-7.abo.wanadoo.fr
|
|
Hi,
With OpenVZ on Debian Lenny I created multiple VPS on the same hardware.
I use 'vzdump' to take backups of each VE.
To restore these vzdump tarballs, I use 'vzrestore' command.
# /usr/sbin/vzdump --compress --dumpdir /var/lib/vz/dump/ --stop 102
# /usr/sbin/vzrestore vzdump-openvz-102-2010_08_09-15_07_24.tgz 102
I'd like to do a fresh install of Promox VE.
Will it be possible to restore these vzdump tarballs and how ?
Thanks in advance for any help
|
|
|
| Topic: virtual Lenny OpenVZ LDAP-Server and -Clients loginproblems |
|---|
| virtual Lenny OpenVZ LDAP-Server and -Clients loginproblems [message #40298] |
Mon, 09 August 2010 15:50 |
Erdbeergulasch
Messages: 6
Registered: March 2010 |
Junior Member |
From: *5.12.vie.surfer.at
|
|
i have no idea why i can't login on the ldap-client via ldap, so here is a short description of my machines:
I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)
The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.
The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login.
the problem:
on the ftp1, i get with this command
the users configured on the ldap-server,
but with the command
the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent)
and if i try to login via ssh, i get permission denied.
and a doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too.
the VE ftp1 was configured with the following how-to:
http://wiki.debian.org/LDAP/NSS
and the capter "PAM setup with pam_ldap" on
http://wiki.debian.org/LDAP/PAM is configured like there.
i have tryed many debian ldap howtos, but i always get the same problem.
So i think, that the problem is probably that i use openvz.
i hope that someone can help me.
[Updated on: Mon, 09 August 2010 16:06] Report message to a moderator |
|
|
| Topic: CPU Limiting for 2.6.32 |
|---|
| CPU Limiting for 2.6.32 [message #40280] |
Mon, 09 August 2010 04:42 |
Woet
Messages: 9
Registered: November 2008 |
Junior Member |
From: *qweb.nl
|
|
Does the 2.6.32 kernel finally have support for CPU Limiting? (--cpulimit)
If not, why is it taking so long?
|
|
|
| Topic: Is it possible? |
|---|
| Is it possible? [message #40264] |
Fri, 06 August 2010 23:09 |
siterack_net
Messages: 4
Registered: August 2010 |
Junior Member |
From: *hsd1.ga.comcast.net
|
|
Hello all.
I run a small hosting company specializing in reseller acocunts.
I have my primary website http://www.siterack.net located on a seperate physical VPS, away from my primary hostiung servers.
Due to changes in the economy I am looking for ways to cut operating costs. I would place my main on the main server, but if someone's IP gets blocked, that means they cannot login to my site to get live chat.
Long stoery short, I would like an effective way to place my site on my primary dedicated server, and drop the VPS I have, while keeping my site seperated from the SPI firewall.
Can I install OpenVZ on an operational server that was not originally configured as a VPS node?
If not, does anyone know how I could place my site on my primary server and create a passthrough for my domain on CSF firewall?
Any info is appreciated, thanks
Chris Walker
http://www.siterack.net
|
|
|
| Topic: OpenVZ Partitioning |
|---|
|
| Topic: vzctl 3.0.24.1 fixes problem |
|---|
|
| Topic: Problems with nfs client / Ubuntu 9.10 containers |
|---|
| Problems with nfs client / Ubuntu 9.10 containers [message #40184] |
Wed, 28 July 2010 06:00 |
martinburchell
Messages: 1
Registered: July 2010 |
Junior Member |
From: *aptivate.org
|
|
We're having problems mounting directories over NFS.
Kernel is
Linux version 2.6.18-20-ovz-686-pae (tsd@debian.systs.org) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP Mon Nov 9 23:06:15 UTC 2009
Container is Ubuntu 9.10 (downloaded from http://download.openvz.org/template/precreated/ubuntu-9.10-x 86.tar.gz)
When we try to install nfs-common on the container, we get the error message:
Setting up nfs-common (1:1.2.0-2ubuntu8) ...
start: Job failed to start
invoke-rc.d: initscript statd, action "start" failed.
dpkg: error processing nfs-common (--configure):
subprocess installed post-installation script returned error exit status 1
This looks like a problem with Upstart (the replacement for init in Ubuntu 9.10) and OpenVZ
We see the directory mounted and can read files but we can't write to
it, even though the permissions are set correctly for the user.
Any ideas as to how we can fix this problem?
|
|
|
| Topic: Problems with new IP range |
|---|
| Problems with new IP range [message #40104] |
Fri, 16 July 2010 12:47 |
onzehost
Messages: 2
Registered: July 2010 |
Junior Member |
From: *user.veloxzone.com.br
|
|
Hello,
I have a dedicated virtualizing with OpenVZ and needed another IP range, but I am not able to use these IPs, I could configure the VPS with this IP but it does not access the internet.
I need to virtualize the OpenVZ VPS IPs with different networks, as I do that?
|
|
|
| Topic: tcp_syncookies in VE |
|---|
| tcp_syncookies in VE [message #40075] |
Tue, 13 July 2010 16:14 |
GarryB
Messages: 1
Registered: July 2010 |
Junior Member |
From: *dip.t-dialin.net
|
|
Hi,
my Webserver is under DDoS Attack. It's a SYN Flood.
The Webserver is a VE with local ip address. The public ip is routed to the HN and port 80 of the public ip is redirected to port 80 at the local network ip (192.168.0.1).
Now i have to enable tcp_syncookies at the VE. But i seems that it is not possible. So what can i do to stop the SYN flood?
Any suggestions?
thank you!
|
|
|
| Topic: OpenVZ under KVM? |
|---|
|
| Topic: APF in Container Appears to Work, but is it really? |
|---|
| APF in Container Appears to Work, but is it really? [message #40019] |
Thu, 08 July 2010 00:38 |
niatech
Messages: 10
Registered: April 2008 |
Junior Member |
From: 68.71.13*
|
|
I have installed APF on HN and VE following the instructions I have found (ie: modifying IPTABLES in vz.conf and setting MONOKERN=1 in VE).
APF loads fine, however, I still see traffic for blocked IPs in various different logs?
|
|
|
| Topic: CAPABILITY parameter - any documentation? |
|---|
| CAPABILITY parameter - any documentation? [message #40016] |
Tue, 06 July 2010 21:49 |
klearvue
Messages: 5
Registered: September 2009
Location: UK |
Junior Member |
From: *zone5.bethere.co.uk
|
|
From vzctl manpage: "WARNING: setting some of those capabilities may have far reaching security implications"
Is there a HOWTO describing how setting those capabilities can affect system behaviour ("far-reaching security implications")?
Or perhaps someone can provide a brief run-down here?
Some of these capabilities, presumably, can be useful for system hardening.
|
|
|
| Topic: OpenVZ + DRBD high iowait and failure on new kernels |
|---|
| OpenVZ + DRBD high iowait and failure on new kernels [message #40000] |
Mon, 05 July 2010 15:43 |
masood
Messages: 2
Registered: February 2008 |
Junior Member |
From: *cpe.net.cable.rogers.com
|
|
We are using openvz on top of drbd in a failover system on CentOS 5. This was working great for over a year. The last working kernel without any issue was 2.6.18-92.1.1.el5.028stab057.2
After this something has changed that is causing high iowait. The fopen operation is taking so long that mysql queries hang for over a minute to open a table. named starts failing as well. This is happening on a variety of hardware which was working great up to 2.6.18-92.1.1.el5.028stab057.2
We have also tried upgrading drbd to 8.2 and 8.3. Same result on all combination. Tried latest kernel 2.6.18-194.3.1.el5.028stab069. Same problem. The only common variable is openvz kernels after 2.6.18-92.1.1.el5.028stab057.2
Any idea what has changed? Any pointers? Is anyone available to take a look? Successful resolution will be compensated. Thank you.
|
|
|
| Topic: VEs don't start when VZ starts |
|---|
| VEs don't start when VZ starts [message #39980] |
Fri, 02 July 2010 01:50 |
mperkel
Messages: 243
Registered: December 2006 |
Senior Member |
From: *dhcp.mdfd.or.charter.com
|
|
In ourder to fix a problem I had with the latest version of vzctl I tried uninstalling it with rpm -e and then reinstalled an earlier version. When I start the VZ service it starts but it doesn't start the VEs. I can start them manually with vzctl start but I'd like to get then to start when I start the service.
What would rpm -e have erased that I need to put back?
Thanks in advance.
Junk Email Filter
http://www.junkemailfilter.com
|
|
|
| Topic: VZ Kernel Recognizing HD's as IDE? |
|---|
| VZ Kernel Recognizing HD's as IDE? [message #39957] |
Wed, 30 June 2010 16:35 |
Speedy059
Messages: 6
Registered: August 2009
Location: Arizona |
Junior Member |
From: *ph.ph.cox.net
|
|
I have the latest RHEL5 openvz kernel (http://wiki.openvz.org/Download/kernel/rhel5/028stab069.6) and for some reason it is recognizing my sata hard drives as IDE. This is killing my performance on the server.
If I switch over to the default kernel is recognizes the hd's as Sata's.
Here are some hdparm tests using the openvz kernel, and then the default kernel:
--------------------------------------------------------
[root@openvz400 ~]# hdparm -t /dev/hda
/dev/hda:
Timing buffered disk reads: 12 MB in 3.40 seconds =
3.53 MB/sec
--------------------------------------------------------
Then when I switched to a default kernel... ( so disk are displaying in SDA) and gave me these results:
--------------------------------------------------------
hdparm -t /dev/sda
/dev/sda:
Timing buffered disk reads: 248 MB in 3.01 seconds =
82.35 MB/sec
--------------------------------------------------------
Any ideas how to fix this hd issue?
|
|
|
| Topic: Exporting device file |
|---|
| Exporting device file [message #39927] |
Thu, 24 June 2010 14:26 |
divB
Messages: 71
Registered: April 2009 |
Member |
From: *nobaq.net
|
|
Hi,
I have problems exporting a devicefile inside a container:
host # dir /dev/vboxdrv
crw------- 1 root vboxusers 10, 59 24. Jun 18:26 /dev/vboxdrv
host # vzctl set 200 --devices c:10:58:rw
host # vzctl enter 200
200 /# mknod /dev/vboxdrv c 10 58
200 /# chmod 666 /dev/vboxdrv
200 /# dir /dev/vboxdrv
crw-rw-rw- 1 root root 10, 58 24. Jun 20:15 /dev/vboxdrv
Should be fine; BUT:
200 /# cat /dev/vboxdrv
cat: /dev/vboxdrv: Operation not permitted
200 /# echo test > /dev/vboxdrv
bash: /dev/vboxdrv: Operation not permitted
The device itself is fine; on the host it works:
host # cat /dev/vboxdrv
cat: /dev/vboxdrv: Invalid argument
What's wrong? Do I miss something?
Regards,
divB
[Updated on: Thu, 24 June 2010 14:27] Report message to a moderator |
|
|
| Topic: How to let CT's(public IP) out ip show it's own |
|---|
| How to let CT's(public IP) out ip show it's own [message #39924] |
Thu, 24 June 2010 05:45 |
jdkcn
Messages: 1
Registered: June 2010 |
Junior Member |
From: 116.237.107*
|
|
Hi all,
Both HN and CT got public ip in same subnet.
The host got ip:
118.x.x.67
And the VE got ip:
118.x.x.68
And I can access both ip.
The problem is when I access internet in VE(118.x.x.68) I got the HN's Ip(118.x.x.67) not It's public ip(118.x.x.68)
The HN's ip route
HW:~# ip route list table all
192.168.210.8 dev venet0 scope link
192.168.210.9 dev venet0 scope link
192.168.210.4 dev venet0 scope link
192.168.210.5 dev venet0 scope link
192.168.210.6 dev venet0 scope link
192.168.210.7 dev venet0 scope link
118.x.x.71 dev venet0 scope link
118.x.x.68 dev venet0 scope link
192.168.210.2 dev venet0 scope link
118.x.x.0/24 dev vmbr1 proto kernel scope link src 118.x.x.67
192.168.210.0/24 dev vmbr0 proto kernel scope link src 192.168.210.1
default via 118.x.x.1 dev vmbr1
default via 192.168.210.1 dev vmbr0 scope link
broadcast 118.x.x.255 dev vmbr1 table local proto kernel scope link src 118.x.x.67
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.210.255 dev vmbr0 table local proto kernel scope link src 192.168.210.1
broadcast 118.x.x.0 dev vmbr1 table local proto kernel scope link src 118.x.x.67
local 118.x.x.67 dev vmbr1 table local proto kernel scope host src 118.x.x.67
broadcast 192.168.210.0 dev vmbr0 table local proto kernel scope link src 192.168.210.1
local 192.168.210.1 dev vmbr0 table local proto kernel scope host src 192.168.210.1
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
fe80::/64 dev vmbr0 metric 256 expires 21253582sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vmbr1 metric 256 expires 21253599sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21253601sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vmtab103i0 metric 256 expires 21257362sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vmtab103i1 metric 256 expires 21257362sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0 mtu 16436 rtt 10ms rttvar 10ms cwnd 2 advmss 16376 hoplimit 4294967295
local fe80::2ff:2dff:fe16:ffc2 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::2ff:a5ff:fe26:1145 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::a6ba:dbff:fe13:d790 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::a6ba:dbff:fe13:d790 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::a6ba:dbff:fe13:d792 via :: dev lo table local proto none metric 0 mtu 16436 advmss 16376 hoplimit 4294967295
ff00::/8 dev vmbr0 table local metric 256 expires 21253582sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vmbr1 table local metric 256 expires 21253599sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth0 table local metric 256 expires 21253601sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vmtab103i0 table local metric 256 expires 21257362sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev vmtab103i1 table local metric 256 expires 21257362sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
The VE's ip route
~# ip route list table all
192.0.2.1 dev venet0 scope link
118.x.x.0/24 dev venet0 proto kernel scope link src 118.x.x.68
default via 192.0.2.1 dev venet0
broadcast 118.x.x.255 dev venet0 table local proto kernel scope link src 118.x.x.68
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 118.x.x.0 dev venet0 table local proto kernel scope link src 118.x.x.68
local 118.x.x.68 dev venet0 table local proto kernel scope host src 118.x.x.68
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev venet0 table local proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0 mtu 16436 rtt 10ms rttvar 10ms cwnd 2 advmss 16376 hoplimit 4294967295
unreachable default dev lo table unspec proto none metric -1 error -101 hoplimit 255
Thanks.
|
|
|
| Topic: No kernel logs with OpenVZ? |
|---|
| No kernel logs with OpenVZ? [message #39909] |
Mon, 21 June 2010 07:30 |
divB
Messages: 71
Registered: April 2009 |
Member |
From: *adsl.highway.telekom.at
|
|
Hi,
The kern.log, messages, dmesg and so on stays empty on my host system when using OpenVZ!
klogd and syslogd is started on the host.
Is there any known problem with OpenVZ and kernel messages?
Regards,
divB
|
|
|
| Topic: Traffic shaping / rate limit do not work for containers |
|---|
| Traffic shaping / rate limit do not work for containers [message #39906] |
Sat, 19 June 2010 11:26 |
whatever
Messages: 141
Registered: September 2006 |
Senior Member |
From: *176.104.245.bol.net.in
|
|
We set the container limit to 1024 / 2048 and so on but all are able to burst upto 100mbps in/out going traffic.
We are running the
2.6.18-194.3.1.el5.028stab069.5 #1 SMP Tue May 18 17:48:31 MSD 2010 x86_64 x86_64 x86_64 GNU/Linux
Thanks
|
|
|
| Topic: 2,6.32 kernel still has a bug |
|---|
| 2,6.32 kernel still has a bug [message #39904] |
Sat, 19 June 2010 00:15 |
mperkel
Messages: 243
Registered: December 2006 |
Senior Member |
From: *dhcp.mdfd.or.charter.com
|
|
I downloaded the newest git of 2.6.32 and compiled it and still has a memory bug.
Jun 18 21:05:53 vps8 kernel: BUG: Bad page map in process exim pte:00000400 pmd:1a1b62067
Jun 18 21:05:53 vps8 kernel: addr:00007f225624a000 vm_flags:08000070 anon_vma:(null) mapping:ffff88020a4c01f0 index:1b9
Jun 18 21:05:53 vps8 kernel: vma->vm_ops->fault: filemap_fault+0x0/0x30c
Jun 18 21:05:53 vps8 kernel: vma->vm_file->f_op->mmap: generic_file_mmap+0x0/0x49
Jun 18 21:05:53 vps8 kernel: Pid: 11009, comm: exim Not tainted 2.6.32.15 #1
Jun 18 21:05:53 vps8 kernel: Call Trace:
Jun 18 21:05:53 vps8 kernel: [<ffffffff810eafdb>] print_bad_pte+0x1e5/0x1fe
Jun 18 21:05:53 vps8 kernel: [<ffffffff810ec00e>] unmap_vmas+0x60e/0x7de
Jun 18 21:05:53 vps8 kernel: [<ffffffff8108447d>] ? pb_add_ref+0x72/0x81
Jun 18 21:05:53 vps8 kernel: [<ffffffff810f0efd>] exit_mmap+0x96/0xea
Jun 18 21:05:53 vps8 kernel: [<ffffffff8104e481>] mmput+0x5e/0xed
Jun 18 21:05:53 vps8 kernel: [<ffffffff81053972>] exit_mm+0x12e/0x13a
Jun 18 21:05:53 vps8 kernel: [<ffffffff81054e0f>] do_exit+0x203/0x6f9
Jun 18 21:05:53 vps8 kernel: [<ffffffff81439951>] ? do_page_fault+0x26d/0x27c
Jun 18 21:05:53 vps8 kernel: [<ffffffff810553a4>] sys_exit_group+0x0/0x1b
Jun 18 21:05:53 vps8 kernel: [<ffffffff810553bb>] sys_exit_group+0x17/0x1b
Jun 18 21:05:53 vps8 kernel: [<ffffffff8100bec2>] system_call_fastpath+0x16/0x1b
Also - looking for the graphic drivers and not finding them.
Hope this helps.
Junk Email Filter
http://www.junkemailfilter.com
|
|
|
| Topic: Using tc to add qdiscs and filters on veth devices fails. |
|---|
| Using tc to add qdiscs and filters on veth devices fails. [message #39903] |
Fri, 18 June 2010 10:51 |
ChrisT1981
Messages: 1
Registered: June 2010 |
Junior Member |
From: 128.7.5*
|
|
Hi there,
using 2.6.26-1-openvz-686 debian kernel I get a "RTNETLINK answers: invalid argument" message, whenever I try to use tc to add a qdisc or filter for a veth device.
A search in the mailing lists and forum revealed no useful information.
My questions are:
Is it possible at all to use the NETEM Kernel Module via tc inside a container?
If yes: How do I get it to work?
If no: Is there any other lightweight method to emulate delay and jitter on the virtual network?
Is iptables queing working so I could use a userspace script to delay packets?
Thx in advance for any useful hints/answers.
Chris
|
|
|
| Topic: Filesize limitation for normal users |
|---|
| Filesize limitation for normal users [message #39898] |
Thu, 17 June 2010 03:50 |
jhidsa
Messages: 1
Registered: June 2010 |
Junior Member |
From: 62.159.150*
|
|
Hi,
The problem is: by creating a new file, as a normal user, as soon as the file reach 2GB, the file-creating process stops and the message: "File size limit exceeded" appear.
If I directly connect to the system by root (via ssh) and switch to the normal user by using "su - username" all works fine.
My system is: OpenVZ 2.6.24
The VSP runs under SUSE Linux 7.0, 2.6.24-8-pve #1 SMP PREEMPT Fri Oct 16 11:17:55 CEST 2009 i686 unknown
I already checked some things, without sucess:
The limitations shown by "ulimit -a" are identical for both users:
file size (blocks) unlimited
Also the environment settings ("set", "env") are identical.
Creating a new user with the same group assignments like root or the normal user leads to the same result (file limitation at 2GB).
Trying to load the same "profiles" while login like root was also not the solution.
Is there any possibility to enlarge/deactivate this limitation for normal users?
Thanks,
Dragos
|
|
|
Members
Search
Help
Register
Login
Home
