OpenVZ Forum

Home » General » Discussions » Services running on CT0 and VEs?
Services running on CT0 and VEs? [message #39156] Sat, 20 March 2010 01:01 Go to next message
jantman is currently offline  jantman
Messages: 3
Registered: March 2010
Location: NJ, USA
Junior Member

I'm in the process of evaluating OpenVZ and Xen for a production virtualization project. My major goals are consolidation and fault-tolerance (the latter of which I still have to look into a bit more). I really like OpenVZ's lower overhead, as we run a standardized environment (all Linux servers run CentOS 5, same kernel, all built from the same basic installation).

We use Puppet to manage all of our servers. I happened to be looking around online, and came by, a support forum post about stopping the puppet service on CT0 stops is on CTx's.

The root cause appeared to be that the init scripts use killproc, which on CT0 kill all processes with a given name, even those inside containers.

Does anyone have any experience with this? What are the workarounds? Replacing killproc with a script that makes sure it only kills CT0 processes? Altering all of the init scripts for every service?

This is a major concern to me, as our standardized install includes a number of services that *must* run on every host, regardless of whether it's physical or virtual - SSHd, rsyslog, denyhosts, iptables, puppet, etc.

Thanks for any pointers.

Re: Services running on CT0 and VEs? [message #39165 is a reply to message #39156] Sat, 20 March 2010 20:50 Go to previous message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

It's pretty easy -- one should not kill the processes using the process name, because it relies on a false assumption that process name is unique to the software instance -- in facts it is not, and you'll clearly see that if you'd run two instances of apache or mysqld (which is not uncommon).

Therefore, most daemons and their initscripts work the following way -- then a daemon is started it saves its pid into a file, and then the initscript wants to stop the daemon (or make it reload its config, or do anything else like that), it uses the PID from the file. This is true for most services and definitely sshd and rsyslog from your list work this way (iptables is not a daemon and I do not know anything about denyhosts).

This is what puppet and puppet initscript should do -- save PID at start and use it to shutdown.

If this is absolutely impossible, then killproc should be modified to filter out processes not belonging to host system. This is pretty easy since each /proc/$PID/status have a field named envID: -- if its value is zero this means host system, otherwise it's a process from some container. My guess is such filtering can be implemented in one or at most 34 lines of shell, so it's not a big deal.

Kir Kolyshkin
Previous Topic: Kernel binaries for Ubuntu
Next Topic: 2.6.32
Goto Forum:

Current Time: Tue Sep 26 16:06:48 GMT 2023

Total time taken to generate the page: 0.02235 seconds