| View previous topic :: View next topic |
| Author |
Message |
herka
n00b
Joined: 08 Aug 2003
Posts: 23
|
 Posted: Sat Jun 11, 2005 11:53 am Post subject: Re: Where to install baselayout-vserver? |
 |
|
| eschoeller wrote: | | Does baselayout-vserver get installed on the host or on the vserver? I have it installed on the vserver, (i had the original sys-apps/baselayout installed for some reason - the USE variable didnt merge sys-apps/baselayout-vserver for some reason). If anyone has any suggestions please let me know: |
baselayout-vserver is supposed (because under developpement) to replace baselayout on gentoo vservers, not on the host. It's purpose is to workaround access restrictions especially to hardware (network board, ...) managed in a completely differnet way on vservers. In fact you create nearly empty /etc/init.d/xxx files.
So, to use it, you have to allow emerge to access it (it is still in ~x86 only) :
| Code: | | echo "sys-apps/baselayout-vserver ~x86" >> /etc/portage/packages.keywords |
then you need to unmerge the standard baselayout
and emerge baselayout-vserver, update the config files and so on.
Take care, I had to face some difficulties on my oldest vserver:
_ the /etc/init.d/net file were not created, instead I still found a /etc/init.d/net.lo and a /etc/init.d/net.eth0. Maybe I had the same problem before but I did not noticed.
_ the /etc/init.d/serial file had not been modified, so the old workaround "is_vserver_guest" function was still present causing an error during the startup. Due to the fact that I am not using any serial stuff, I workaround in doing "rc-update del serial"
_ the update from baselayout version 1.9 to 1.11, include major updates in the way /etc/rc.conf and /etc/conf.d/rc are used (keymaps, ...), the first reboot can be annoying if you do not take care when updating your configuration files.
Good luck
herka
[edit]
BTW I still have the following warning
| Code: |
WARNING: could not determine runlevel - doing soft halt
(it's better to use shutdown instead of halt from the command line)
shutdown: /dev/initctl: No such file or directory
init: /dev/initctl: No such file or directory
|
[/edit] |
|
| Back to top |
|
 |
Luxus
Tux's lil' helper
Joined: 21 Nov 2002
Posts: 98
Location: Germany / Frankfurt
|
| Posted: Wed Jul 20, 2005 3:35 pm Post subject: |
|
|
| anyone have a new url for thos guide? |
|
| Back to top |
|
|
meax
Tux's lil' helper
Joined: 21 Jul 2004
Posts: 88
Location: Babylon
|
|
| Back to top |
|
|
ats2
Apprentice
Joined: 22 Apr 2005
Posts: 297
|
| Posted: Tue Oct 18, 2005 4:05 pm Post subject: |
|
|
Any known problem with an amd 64 machine, either for the host or the guest ?
BTW, with sources should I download ?
Are there any special kernel options to activate (I mean different ones) ?
Thanks !  |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Tue Oct 18, 2005 7:42 pm Post subject: |
|
|
Also a question on the vservers-matter:
Which script should I add to the default runlevel, 'vprocunhide' or 'vservers'? Or both?
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
ats2
Apprentice
Joined: 22 Apr 2005
Posts: 297
|
| Posted: Tue Oct 18, 2005 11:36 pm Post subject: |
|
|
| meulie wrote: | Also a question on the vservers-matter:
Which script should I add to the default runlevel, 'vprocunhide' or 'vservers'? Or both? |
procunhide default works fine here, although http://www.gentoo.org/doc/en/vserver-howto.xml tell to set vserver...
Maybe it depends on wether you would have your vservers started at boot time or by hand. |
|
| Back to top |
|
|
deftek
n00b
Joined: 26 Oct 2005
Posts: 2
Location: Fayetteville, AR
|
| Posted: Wed Oct 26, 2005 8:26 pm Post subject: vserver-new ? |
|
|
Hello, I am in process of creating my first vserver, however I seem to be missing vserver-new ?
Just finished installing util-vserver and I see;vserver vserver-copy vserver-info and vserver-stat.
This is from the stable tree (util-vserver-0.30.205-r1).
What am I missing. 
Many thanks in advance. |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Wed Oct 26, 2005 10:10 pm Post subject: |
|
|
You'll need util-vserver from the unstable tree... 
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
deftek
n00b
Joined: 26 Oct 2005
Posts: 2
Location: Fayetteville, AR
|
| Posted: Thu Oct 27, 2005 7:10 am Post subject: thank you! |
|
|
thank you meulie for the reply, i was wondering what was wrong, I thought i had learned a lesson using unstable after installing gentoo probably 30+ times on my home network, realizing the stable tree is where it is at. trying to keep my unstable ACCEPT_KEYWORDS="~x86" at a minimal lol.  installing this now remotely. once again thank you for the info! much appreciated! trying to set this up in a testing environment at work... hoping to stray from the *dows that permiates due to relying heavily on SAS Software.. hopefully I can get their new BI jsp's working under gentoo tomcat's (plan on setting up some load balancing vservers to take care of the hideous 1280mb JVM heap size under 32 bit environments w/ this on a box with around 14 gigs of ram) *gag* im so sick of managing windows servers... vmware just doesnt cut it for virtual machines... vserver is so amazing from what i read. so yea... hopefully I can implement this to be stable in production usage... anyone have any good tips for tomcat on Vservers? I have toyed w/ *nix since about '98 but its really hard taking a position in a location full of winboxes and migrating... since I feel I break the stuff really easily *take note from above.. that is 30+ times installing/configuring in the last week or so* I am totally sold on gentoo, portage is simply amazing. plan on throwing this on production servers ASAP.
Thank you Gentoo thank you Meulie for the info! |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Fri Nov 11, 2005 11:02 am Post subject: |
|
|
VServer is doing a great job!
But... I have one vserver-instance here that is troubled... It's an attempt of mine to move certain applications from the 'root server' to a vserver on the same physical unit.
When I start this vserver and enter it, almost no processes are running:
| Code: | root 1 0.0 0.0 1444 424 ? S 10:55 0:00 init boot
root 30209 0.0 0.0 1444 408 ? Ss 10:55 0:00 init boot
root 30210 0.1 0.1 2460 1256 ? S 10:55 0:00 /bin/bash /sbin/rc sysinit
root 30226 0.0 0.0 1936 596 ? Ss 10:55 0:00 /sbin/sulogin /dev/console
root 30227 1.5 0.1 2196 1292 pts/29 S 10:55 0:00 /bin/bash -login
root 30239 0.0 0.0 2428 836 pts/29 R+ 10:55 0:00 ps aux |
I'm assuming this happened because I copied too much from the 'root server'... :-/
Is there a list somewhere of the files/scripts that get altered on a virtual server?
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
meulie
l33t
Joined: 17 Jun 2003
Posts: 845
Location: a Dutchman living in Norway
|
| Posted: Fri Nov 11, 2005 11:15 am Post subject: |
|
|
The problem turned out to be a modified /sbin/rc which had gotten overwritten with a regular version...
For this reason I would really very much like a list of modified files!
_________________
Greetz,
Evert Meulie |
|
| Back to top |
|
|
laurian
n00b
Joined: 03 Dec 2005
Posts: 1
|
| Posted: Sat Dec 03, 2005 1:18 pm Post subject: vserver networking issues |
|
|
Hello,
I followed http://www.gentoo.org/doc/en/vserver-howto.xml but I cannot reach from a vserver more than the host IP address.
I set /proc/sys/net/ipv4/ip_forward to 1 but nothing.
There are no rules in iptables (not even in nat), I was expecting that vserver-new will set something.
The vserver was created this way:
| Code: | | vserver-new gentoo-template --hostname magi --context 1062 --interface eth0:10.0.0.62/26 stage3 /root/stage3-pentium4-2005.1-r1.tar.bz2 |
| Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.192 U 0 0 0 eth0
xxx.xxx.xxx.192 0.0.0.0 255.255.255.192 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 xxx.xxx.xxx.193 0.0.0.0 UG 0 0 0 eth0
|
I have no clue where to look, in the vserver I cannot reach the GW. |
|
| Back to top |
|
|
stripe
n00b
Joined: 04 Jan 2004
Posts: 72
Location: Prague
|
| Posted: Wed Jan 18, 2006 3:34 pm Post subject: |
|
|
I have played with the vserver project on my server since friday, everything seems to be working great. I have only one question about the output that vserver script produces:
The boostraped debian guest is actually talking to me in the console what is doing. However gentoo guest stage3 doesn't. Anyway the clean vserver guests have successfuly started. If anything screw ups on the gentoo guest I cannot therefore identify what is wrong with it. I spent three days reading the documentation and googling around about this issue but didn't find anything usable. Imho it is maybe by the redirecting the console from the gentoo guest to the console of master host. But I cannot figure it out. Did anybody solved this issue and can me advice how to do it?
Thanks in advance
| Code: |
master ~ # vserver vw1 start
Starting system log daemon: syslogd.
Starting kernel log daemon: klogd.
Starting MTA: exim4.
Starting internet superserver: inetd.
Starting deferred execution scheduler: atd.
Starting periodic command scheduler: cron.
master ~ #
master ~ # vserver vw2 start
master ~ #
master ~ # vserver-stat
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
0 117 2.3G 586.5M 4h44m14 24m48s31 20h23m33 root server
1253 5 11M 2.6M 0m00s00 0m00s00 3m49s56 vw1
1201 2 3M 972K 0m00s83 0m00s54 0m34s33 vw2
master ~ # vserver-info
Versions:
Kernel: 2.6.14-vs2.0.1-gentoo
VS-API: 0x00020001
util-vserver: 0.30.209; Jan 16 2006, 19:18:43
Features:
CC: i686-pc-linux-gnu-gcc, i686-pc-linux-gnu-gcc (GCC) 3.4.4 (Gentoo Hardened 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)
CXX: i686-pc-linux-gnu-g++, i686-pc-linux-gnu-g++ (GCC) 3.4.4 (Gentoo Hardened 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8)
CPPFLAGS: ''
CFLAGS: '-march=athlon -O2 -pipe -ftracer -std=c99 -Wall -pedantic -W -funit-at-a-time'
CXXFLAGS: '-march=athlon -O2 -pipe -ftracer -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'
build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
ext2fs Source: e2fsprogs
syscall(2) invocation: alternative
vserver(2) syscall#: 273/glibc
Paths:
prefix: /usr
sysconf-Directory: /etc
cfg-Directory: /etc/vservers
initrd-Directory: /etc/init.d
pkgstate-Directory: /var/run/vservers
vserver-Rootdir: /vservers
|
_________________
Sick of computers? Well, Czech girls and beer solve it! Trust me |
|
| Back to top |
|
|
stripe
n00b
Joined: 04 Jan 2004
Posts: 72
Location: Prague
|
| Posted: Mon Jan 23, 2006 12:31 am Post subject: |
|
|
well after spending some time on the irc channels, I have found, that my issue makes the style of init => plain vs gentoo. However guys told me there, that gentoo init is old, dirty and deprecated. Gentoo guest should be started with plain init which is safer and quicker with the console logging in the guest.... just for guys who is curios as me about the init way...
_________________
Sick of computers? Well, Czech girls and beer solve it! Trust me |
|
| Back to top |
|
|
lostSoul
Tux's lil' helper
Joined: 26 Oct 2002
Posts: 125
Location: /earth/germany/bielefeld
|
| Posted: Wed May 24, 2006 3:41 pm Post subject: |
|
|
Hello!
After an upgrade of my package list I cannot start my vservers anymore 
| Code: | Kernel: 2.6.16-vs2.1.1-rc19-gentoo
[ebuild R ] sys-cluster/util-vserver-0.30.210-r13 0 kB |
| Code: | prompt# vserver gentoo-misc start
/usr/lib/util-vserver/vserver.functions: line 763: pushd: /etc/vservers/gentoo-misc/vdir: No such file or directory
Failed to start vserver 'gentoo-misc' |
The vdir file points to:
| Quote: | | lrwxrwxrwx 1 root root 44 Mar 4 17:50 /etc/vservers/gentoo-misc/vdir -> /etc/vservers/.defaults/vdirbase/gentoo-misc |
| Quote: | ls -l /etc/vservers/gentoo-misc/vdir/etc/vservers/gentoo-misc/vdir
ls: /etc/vservers/gentoo-misc/vdir/etc/vservers/gentoo-misc/vdir: No such file or directory |
To which file or dir should the symlink points to? Any suggestions? |
|
| Back to top |
|
|
GNUtoo
Veteran
Joined: 05 May 2005
Posts: 1919
|
|
| Back to top |
|
|
Bob P
Advocate
Joined: 20 Oct 2004
Posts: 3355
Location: Jackass! Development Labs
|
| Posted: Sun Aug 06, 2006 10:50 am Post subject: |
|
|
I'm having a problem with a fresh Gentoo vServer installation, related to network separation. I've built my vServer with 3 NICs, each of which will be attached to a different network. For example, here's what I'm trying to do:
eth0 -- only available to the vServer host, used exclusively for administrative access to the server from a local PC via SSH.
eth1 -- only available to a VPS guest running Samba, to provide Samba services on an isolated a private LAN
eth2 -- only available to two VPS guests, one running VSFTPD and one running Apache. This interface will be placed in a DMZ by an external firewall.
eth0, eth1, eth2 and lo are all up and running on the host. The guest servers have been created using the --interface eth1:192.168.18.252/24 parameter. The guests report that they are using eth1 at 192.168.1.252. Even though the guest server's ifconfig information shows binding to the correct ethernet adapter and IP address (eth1:192.168.18.252), the traffic is actually going out through eth0:192.168.18.251.
Can anyone explain this, or how to fix the problem so that the processes are bound to the correct NIC interface? My ultimate goal is to bind the guest servers to the NIC that exists in the appropriate firewall zone.
Thanks.
_________________
.
Stage 1/3 | Jackass! | Rockhopper! | Thanks | Google Sucks |
|
| Back to top |
|
|
ats2
Apprentice
Joined: 22 Apr 2005
Posts: 297
|
| Posted: Sun Aug 06, 2006 9:56 pm Post subject: |
|
|
Hi,
I'm not sure I understand what your setup is... You have one host with three nics and wish to use these nics as you described for VPS. Okay, but I don't understand why your vservers share the same IP (eth1:192.168.18.252/24 if I'm correct) and how it can work... Maybe I'm confused here, but I do not get it. Each vserver should have its own IP, or am I wrong somewhere ?
Provided there's is no error and I'm wrong, couldn't you use iptables to redirect the output through the correct interface ? NAT'ing maybe ?
Maybe something like that :
| Code: | | iptables -t nat -A PREROUTING -p tcp --dport 80 -i ethx -j DNAT --to 192.168.18.252 |
But since I'm not sure this setup is clear to me, I may be totally out of topic... Coud you post your guests /etc/vservers/<vserver>/interface/0/ip, /etc/vservers/<vserver>/interface/0/prefix ?
And, BTW, did you assign different context values to your guests ? It might cause some trouble otherwise (dunno, just wild guesses).
However, you would get more accurate help, I guess, through the vserver list (if you didn't already try) :http://list.linux-vserver.org/mailman/listinfo/vserver. |
|
| Back to top |
|
|
Bob P
Advocate
Joined: 20 Oct 2004
Posts: 3355
Location: Jackass! Development Labs
|
| Posted: Sun Aug 06, 2006 11:50 pm Post subject: |
|
|
In the test configuration, I've got two NICs:
eth0:192.168.18.251
eth1:192.168.18.252
| Code: | vserver ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:A0:C9:11:CE:8B
inet addr:192.168.18.251 Bcast:192.168.18.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:657 errors:0 dropped:0 overruns:0 frame:0
TX packets:344 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:119501 (116.7 Kb) TX bytes:46176 (45.0 Kb)
eth1 Link encap:Ethernet HWaddr 00:D0:B7:D5:54:AD
inet addr:192.168.18.252 Bcast:192.168.18.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:296 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:88405 (86.3 Kb) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) |
In the test configuration, eth0 is supposed to be reserved exclusively for the host, and eth1 is supposed to be used exclusively by the guest servers. Both guests have been configured to use eth1, but are not using eth1. The vserver is incorrectly passing all of the traffic through eth0. It doesn't matter if there is one guest installed or two, all guests are configured to use eth1 but fail to use eth1 and use eth0 by default. In answer to your question, the contexts are not the same:
| Code: | # vserver-stat
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
0 42 31M 10.6M 0m12s55 0m11s37 3m18s10 root server
8251 5 19.4M 5.2M 0m01s34 0m01s22 2m38s38 samba
8252 1 1.4M 552K 0m00s90 0m00s95 0m05s90 ftp |
The vserver guests are directed to use the IP address associated with eth1:
| Code: | vserver ~ # vserver samba enter
samba / # ifconfig
eth1 Link encap:Ethernet HWaddr 00:D0:B7:D5:54:AD
inet addr:192.168.18.252 Bcast:192.168.18.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:627 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:197647 (193.0 Kb) TX bytes:0 (0.0 b) |
| Code: | # cat /etc/vservers/samba/interfaces/0/ip
192.168.18.252 |
| Code: | vserver ~ # vserver ftp enter
ftp / # ifconfig
eth1 Link encap:Ethernet HWaddr 00:D0:B7:D5:54:AD
inet addr:192.168.18.252 Bcast:192.168.18.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:668 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:211035 (206.0 Kb) TX bytes:0 (0.0 b) |
| Code: | # cat /etc/vservers/ftp/interfaces/0/ip
192.168.18.252 |
It appears that the vservers are correctly configured to use eth1:192.168.18.252 but are incorrectly using eth0:192.168.18.251.
Are there some additional steps that are necessary to bind the interfaces to the physical devices?
edit: fixed typos
_________________
.
Stage 1/3 | Jackass! | Rockhopper! | Thanks | Google Sucks
Last edited by Bob P on Sat Aug 12, 2006 6:16 am; edited 1 time in total |
|
| Back to top |
|
|
ats2
Apprentice
Joined: 22 Apr 2005
Posts: 297
|
| Posted: Mon Aug 07, 2006 1:19 am Post subject: |
|
|
| Bob P wrote: | In the test configuration, I've got two NICs:
It appears that the vservers are correctly configured to use eth1:192.168.18.252 but are incorrectly using eth0:192.168.18.251.
Are there some additional steps that are necessary to bind the interfaces to the physical devices? |
Well, no. If /etc/vservers/<server>/interface/0/dev is correctly set to eth1, they should use eth1...
Your setup seems ok. I don't get what's going wrong either. 
Check the vserver list: there are lots of devs who might solve your problem. |
|
| Back to top |
|
|
ats2
Apprentice
Joined: 22 Apr 2005
Posts: 297
|
| Posted: Tue Aug 08, 2006 2:54 pm Post subject: |
|
|
Hi BobP,
did you find out what was going wrong ? I'm curious to know about it... |
|
| Back to top |
|
|
bonbons
Apprentice
Joined: 04 Sep 2004
Posts: 250
|
| Posted: Sat Aug 12, 2006 9:54 pm Post subject: |
|
|
| ats2 wrote: | | Well, no. If /etc/vservers/<server>/interface/0/dev is correctly set to eth1, they should use eth1... |
No, the interface/x/dev is only there to tell util-vserver to setup the interface itself.
You should replace that file by (empty) interface/0/nodev if you setup the interface in the host init scripts and don't want util-vserver to touch your network config (as this can cause interface to be completly shut down if one of the guest has the primary IP address of the given interface and is shutdown/restarted; result of this, host and other guests using IPs on that interface will lose their IP address an connections they have with those IP addresses)
Linux-VServer does network isolation only at IP address level and does NOT interfere with mainline routing decisions. Thus the IP packets generated by vserver guests will get routed as it would be for the same packet being issued by the host.
The difference between host and guest lies in limitation of source IP address choice for a guest (in case of non-bound client sockets) |
|
| Back to top |
|
|
Bob P
Advocate
Joined: 20 Oct 2004
Posts: 3355
Location: Jackass! Development Labs
|
| Posted: Sun Aug 27, 2006 2:18 pm Post subject: |
|
|
| ats2 wrote: | Hi BobP,
did you find out what was going wrong ? I'm curious to know about it... |
Here's an example of how to do it for two interfaces. Note that the IP addresses will need to be changed:
| Code: | # for Debian / Ubuntu
# The primary network interface
auto eth0
iface eth0 inet static
address 10.10.64.16
netmask 255.255.255.0
network 10.10.64.0
broadcast 10.10.64.255
gateway 10.10.64.1
up /bin/ip route add 10.10.64.0/24 dev eth0 src 10.10.64.16 table 64
up /bin/ip route add default via 10.10.64.1 table 64
up /bin/ip rule add from 10.10.64.0/24 table 64
post-down /bin/ip rule delete from 10.10.64.0/24 table 64
auto eth1
iface eth1 inet static
address 10.10.68.61
netmask 255.255.255.0
network 10.10.68.0
broadcast 10.10.68.255
up /bin/ip route add 10.10.68.0/24 dev eth1 src 10.10.68.61 table 68
up /bin/ip route add default via 10.10.68.1 table 68
up /bin/ip rule add from 10.10.68.0/24 table 68
post-down /bin/ip rule delete from 10.10.68.0/24 table 68 |
_________________
.
Stage 1/3 | Jackass! | Rockhopper! | Thanks | Google Sucks |
|
| Back to top |
|
|
|
Gentoo Chat
