Re: altlinux p6 template caches

Greetings,

----- Original Message -----
> please find ALT Linux p6 branch template caches, tested to work
> with vzctl-3.0.28.3-alt2 and kernel-image-ovz-el-2.6.32-alt49:
> http://ftp.linux.kiev.ua/pub/Linux/ALT/people/mike/ovz/altlinux-p6-20120206-x86_64.tar.gz
> http://ftp.linux.kiev.ua/pub/Linux/ALT/people/mike/ovz/altlinux-p6-20120206-i586.tar.gz
> 
> I've also added the link to http://www.altlinux.org/OpenVZ [ru].

I've added those two to the contributed OS Templates.  Thanks for your contribution.

TYL,
--

-- 
Scott Dowdle
704 Church Street
Belgrade, MT 59714
(406)388-0827 [home]
(406)994-3931 [work]

howto device by-id

How do I pass a device to a VE using the by-id link

# vzctl set 3261 --devnodes /dev/tape/by-id/scsi-200900de606413000:rw
Bad parameter for --devnodes: /dev/tape/by-id/scsi-200900de606413000:rw

Richard

sync in container

_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users

vmstat FPE

_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users

RHEL6 and stateful firewall inside container

Hello users@...

I'm trying to upgrade our rhel5 based openvz servers to rhel6 but I got
problem with iptables. If I try to use firewall inside container, I can
load rules, but firewall rejects all incoming packets. Host is redhet-6
and container is centos-6. I tested with kernels

vzkernel-2.6.32-042stab044.17.x86_64
vzkernel-2.6.32-042stab048.1.x86_64
vzkernel-2.6.32-042stab049.2.x86_64

My firewall config
# Generated by iptables-save v1.4.7 on Wed Feb  1 13:05:26 2012
*mangle
:PREROUTING ACCEPT [2:381]
:INPUT ACCEPT [2:381]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:559]
:POSTROUTING ACCEPT [4:559]
COMMIT
# Completed on Wed Feb  1 13:05:26 2012
# Generated by iptables-save v1.4.7 on Wed Feb  1 13:05:26 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:559]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Feb  1 13:05:26 2012

Is it know problem or is it my misconfiguration? Firewall on redhat-5 is
functioning fine.

--

-- 
Mikko Hirvonen <Mikko.V.Hirvonen@...>
Helsingin yliopisto / Tietotekniikkakeskus / Verkkopalvelut

vzctl create 994 --ostemplate mycustomtemplate fails with Disk quota exceeded

Hi,

I am creating a new VZ with vzctl create 994 --ostemplate, and it
fails with this kind of error:

==========================================================================
$ vzctl create 994 --ostemplate mycustomtemplate
tar: ./usr/lib/python2.6/dist-packages/IPython/frontend/process/__init__.py:
Cannot create symlink to
`../../../../../../share/pyshared/IPython/frontend/process/__init__.py':
Disk quota exceeded
==========================================================================

Any idea?

--

-- 
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."

OpenVZ patch for Debian Squeeze?

Hello,

I'm trying to build a custom OpenVZ kernel under Debian.

Installing the source packages/patches only gave me the
plain kernel, without OpenVZ patches.  I also cannot
find a package kernel-patch-openvz in the repositories.

How does one build a custom OpenVZ kernel on Debian Squeeze?

Thanks,
 -Rick

Share container's HD space over servers

Hello,

I've setup a mirrored GlusterFs to share container's disc space and to
have a spare fisical server in case it's needed.
I only share the "private" directory over two servers, is it OK or I
should share whole "lib/vz" directory? Now I switched from original HN
to it's backup, most of CT works fine, but others not, but I don't know
if it's due the shared disc space or it's related to the new HN
configuration.
Can I share vz disc space over two servers and switch from one to
another? What directory should I share?

Thanks,

--

-- 
Marc Olivé
Blau Advisors

marc.olive@...

C/ Molí de Guasch, 10 baixos 1a,
43440 L’Espluga de Francolí (Tarragona)
Tel. +34 977 870 702
Tel i Fax. + 34 977 870 507

www.blauadvisors.com

Problems doing live migration

Hello,

I'm trying to do a manual live migration on a Linux 2.6.32-5-openvz-amd64 and 
openvz 3.0.24, but I'm getting some troubles:

.- Container's suspend seems OK.
.- But I'm not able to dump the container:
"Can not dump container: Invalid argument
Error: iptables-save exited with 255
Checkpointing failed"
.- I can issue iptables-save command with no problem.
.- Also, I'm not able to resume the container:
"Can not resume container: No such file or directory"
.- After this happens, vzctl complains about quota issues.

Here's is a session log:

~# vzctl chkpnt 114 --suspend
Setting up checkpoint...
        suspend...
        get context...
Checkpointing completed succesfully
~# vzctl chkpnt 114 --dump --dumpfile /tmp/114.dump
Setting up checkpoint...
        join context..
        dump...
Can not dump container: Invalid argument
Error: iptables-save exited with 255
Checkpointing failed
~# vzctl chkpnt 114 --dump --dumpfile /tmp/114.dump
Setting up checkpoint...
        join context..
        dump...
Cannot set linkdir in kernel: Too many links
Checkpointing failed
~#  vzctl chkpnt 114 --resume
Resuming...
Can not resume container: No such file or directory
~# ls -ld /var/lib/vz/*/114
drwxr-xr-x 21 root root 4096 12 gen 12:13 /var/lib/vz/private/114
drwxr-xr-x  2 root root 4096 10 gen  2011 /var/lib/vz/root/114
~# vzctl stop 114
Stopping container ... 
Container was stopped  
vzquota : (error) Quota off syscall for id 114: Device or resource busy
vzquota : (error)       Possible reasons:
vzquota : (error)       - Container's root is not unmounted
vzquota : (error)       - there are opened files inside container's 
root/private area
vzquota : (error)       - your current working directory is inside a container 
directory
vzquota : (error)         root/private area
vzquota off failed [3] 
~# vzctl start 114
Starting container ... 
vzquota : (warning) Quota is running for id 114 already
Container is mounted   
Adding IP address(es): 10.81.53.15
Setting CPU units: 1000
Container start in progress...
~# vzctl exec 114 reboot                                           
~# vzctl stop 114
Stopping container ... 
Container was stopped  
vzquota : (error) Quota off syscall for id 114: Device or resource busy
vzquota : (error)       Possible reasons:
vzquota : (error)       - Container's root is not unmounted
vzquota : (error)       - there are opened files inside container's 
root/private area
vzquota : (error)       - your current working directory is inside a container 
directory
vzquota : (error)         root/private area
vzquota off failed [3] 

If I use the "vzmigrate" command, the result is similar, here's the last logs, 
the command issued is "vzmigrate -v -r no --keep-dst --online linux-01 117":

Checkpointing completed succesfully
   Dumping container
Setting up checkpoint...
        join context..
        dump...
Can not dump container: Invalid argument
Error: iptables-save exited with 255
Checkpointing failed
Error: Failed to dump container
Resuming...
Can not resume container: No such file or directory

Why I can not dump the container? iptables-save is there on my system and I 
can execute it, why is that command needed after all?

Thanks,

-- 

Marc Olivé
Blau Advisors

marc.olive@...

C/ Molí de Guasch, 10 baixos 1a,
43440 L’Espluga de Francolí (Tarragona)
Tel. +34 977 870 702
Tel i Fax. + 34 977 870 507

www.blauadvisors.com

_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users

Change the size of /tmp in openvz?

Hi,

I am trying to change the size of the /tmp directory which is currently of 1GB:

====================================================================
root <at> bob /etc/vz/dists [41]# vzctl enter 998
entered into CT 998
root <at> testing:/# mount
/dev/simfs on / type simfs (rw,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,relatime,size=5120k,mode=755)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=490536k,mode=755)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,relatime,size=981072k)
tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,relatime,size=981072k)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620)
root <at> testing:/#
====================================================================

Any idea where to change that value of "981072k"? I am digging into
the config files and elsewhere, but I cannot figure out from where
this value comes from.

Best,

--

-- 
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."

broken precreated templates

I have a bunch of EL6 (Scientific Linux, to be precise) containers up
and running from a bunch of EL6 HNs. Today I discovered that my log
files on those containers was never rotated. Literally: _never_. I've
started to dig why the bloody hell. I thought of everything. First of
all I thought about broken logrotate, but the verbose runs from
command line showed me that it works just fine. After that I thought
that there is something dirty with cron. It appears that Red Hat made
a switch from vixie-cron to cronie on their EL6 release. I checked the
/var/log/cron log and the contents of the /etc/cron.d directory and
learned that cronie only runs hourly jobs the regular way. No daily
stuff there. That surprised me as shit. I started to dig further. From
that hourly job (/etc/cron.d/0hourly) it runs the contents
/etc/cron.hourly using run-parts as it should. And there is only one
script inside cron.hourly -- 0anacron. Anacron does the job now. It
has its advantages, but it's not the topic. There is two packages
bundled inside EL6: cronie-anacron and cronie-noanacron. First one
does stuff regularly as we all are keen to and the second one is the
default which has this asynchronous behavior. Well, let's stick to the
defaults. After learning all that stuff I took a look at one of my HN
and I saw there that anacron was doing just fine there. It was running
daily as it should, there were traces of anacron in /var/log/cron log.
On the container, /var/log/cron was clean of anacron traces. It means
that it never worked there. That's some bloody mess, eh?

So, if the HN is fine and problem only appears inside the containers
it was obvious that there is something broken inside the template. I
use custom Scientific Linux templates based off the default one from
the website. It appears that on normal SL6 install the
/etc/cron.hourly/0anacron is 755, while inside my template it was 644.
That's the problem. All hourly runs were dry runs, hence no daily
runs, no logrotates, et cetera.

I've downloaded the original scientific-6-x86_64 template from the
website and checked it. It has that problem. Out of curiosity I've
checked the centos-6-x86_64 template -- it has that problem too.

So while I'm writing a quick puppet hack to change the permission bits
on my affected hosts, why don't you fix your templates, eh? It's a
disaster, really.

--

-- 
SY, Ilya A. Otyutskiy aka Sharp