Robert Kawecki | 5 Aug 05:18 2010
Picon

Compile OpenVZ kernel without IA32_EMULATION ?

Hello,
I'd like to compile an OpenVZ kernel (2.6.32, latest patches from Debian
Testing included with the kernel source package) without IA32_EMULATION
on x86_64, but I'm failing to do so, because there is a reference to
VDSO32_SYMBOL in the OpenVZ patch.
Why does OpenVZ depend on VDSO32? Is there any way I can compile OpenVZ
without any IA32 support? Nothing in the kernel seems to use VDSO32
besides Xen and signal.c.
Robert Kawecki | 5 Aug 12:43 2010
Picon

Re: Compile OpenVZ kernel without IA32_EMULATION ?

W dniu 05.08.2010 09:40, Konstantin Khlebnikov pisze:
> Checkpointing depend on this symbol, you may try to disable it.
> kernel/cpt/rst_mm.c:do_rst_mm()

Yes, that is the offending file. I've managed to find it - compiler
error messages showed where it is.
Is there a reason checkpointing depends on VDSO32 in terms of rationale,
rather than code? Can't it be arch-independent?
Well, just changing the type of cpt_vdso to __u64 in the kernel source
doesn't seem like a good idea to me - sure I could replace a few
characters, but I'm not sure as to how VDSO works and if SYSENTER_RETURN
would work with VDSO64_SYMBOL - nothing else in the kernel seems to be
using this macro.
Robert Kawecki | 5 Aug 12:51 2010
Picon

Re: Compile OpenVZ kernel without IA32_EMULATION ?

W dniu 05.08.2010 09:40, Konstantin Khlebnikov pisze:
> Checkpointing depend on this symbol, you may try to disable it.
> kernel/cpt/rst_mm.c:do_rst_mm()

Other than that, doesn't this mean that checkpointing should have
VDSO_COMPAT listed in depends? I'm now seeing this as a bug in kernel
configuration options - not cleanly compiling with a
menuconfig-generated configuration means that menuconfig wasn't able to
mark the required options for me due to lack of proper information.
Vimal | 6 Aug 21:25 2010
Picon

Bridging interfaces inside container

Hi

I have a container and two interfaces inside (eth0 and eth1).  How do
I bridge these two interfaces?  brctl doesn't work from inside the
container.

Thanks,
--

-- 
Vimal
Benjamin Henrion | 10 Aug 11:33 2010

HN with multiple CT with public IP addresses

Hi,

I have 2 differents machines in 2 different data centers, both of them
running OpenVZ containers with public IPs on both the HN and CTs.

When I do a:

$ wget http://whatismyip.org

on CTs on one server, it outputs the public IP address of the CT,
which is fine, while on the other machine it outputs the IP address of
the HN.

Any idea what is wrong?

Best,

--

-- 
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
Benjamin Henrion | 10 Aug 11:46 2010

Re: HN with multiple CT with public IP addresses

On Tue, Aug 10, 2010 at 11:33 AM, Benjamin Henrion <bh@...> wrote:
> Hi,
>
> I have 2 differents machines in 2 different data centers, both of them
> running OpenVZ containers with public IPs on both the HN and CTs.
>
> When I do a:
>
> $ wget http://whatismyip.org
>
> on CTs on one server, it outputs the public IP address of the CT,
> which is fine, while on the other machine it outputs the IP address of
> the HN.
>
> Any idea what is wrong?

I just found out that I had MASQUERADE iptables loaded on the server,
so I disabled it and it worked.

--

-- 
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
(Continue reading)

Dietmar Maurer | 10 Aug 11:50 2010

RE: HN with multiple CT with public IP addresses

> $ wget http://whatismyip.org
> 
> on CTs on one server, it outputs the public IP address of the CT,
> which is fine, while on the other machine it outputs the IP address of
> the HN.
> 
> Any idea what is wrong?

wget downloads files - so I am not sure what you mean? 

You connect to the wrong IP? 

If so, check your DNS settings (or /etc/hosts).

- Dietmar
Razvan Deaconescu | 10 Aug 14:38 2010

Re: Bridging interfaces inside container

On 08/06/2010 10:25 PM, Vimal wrote:
> Hi
>
> I have a container and two interfaces inside (eth0 and eth1).  How do
> I bridge these two interfaces?  brctl doesn't work from inside the
> container.

Hi!

I don't think you can bridge them together. Why would you need that? 
AFAIK, the best you can do is use brctl to add the veth${CTID}.0 and 
veth${CTID}.1 virtual interfaces in a bridge in the host system 
(hardware node).

I think alternate solutions may be used, provided you mention the use of 
bridging two interfaces inside the container.

Razvan
Benjamin Henrion | 10 Aug 17:30 2010

Kernel crash while moving one container with TUN from one HN to another HN

Hi,

I am trying to vzrestore an archive from one HN to another HN,
everything works fine, except the VPN that uses the TUN device, the
kernel crash at some location when I start the new CT on the new HN,
note the 2 different kernel versions:

[ 5343.511737] ------------[ cut here ]------------
[ 5343.511747] WARNING: at
/build/buildd-linux-2.6_2.6.32-19-amd64-lIwQQ8/linux-2.6-2.6.32/debian/build/source_amd64_openvz/fs/sysfs/dir.c:491
sysfs_add_one+0xcc/0xe4()
[ 5343.511753] Hardware name: HP Compaq dc7700p Small Form Factor
[ 5343.511756] sysfs: cannot create duplicate filename
'/devices/virtual/net/mondial'
[ 5343.511760] Modules linked in: vzethdev vznetdev simfs vzrst vzcpt
vzdquota vzmon vzdev xt_tcpudp xt_length xt_hl xt_tcpmss xt_TCPMSS
iptable_mangle iptable_filter xt_multiport xt_limit xt_dscp ipt_REJECT
ip_tables x_tables tun ext2 loop snd_hda_codec_realtek snd_hda_intel
snd_hda_codec parport_pc psmouse snd_hwdep parport evdev snd_pcm
pcspkr serio_raw snd_timer snd tpm_infineon video tpm soundcore
tpm_bios wmi output snd_page_alloc processor button ext3 jbd mbcache
dm_mirror dm_region_hash dm_log dm_snapshot dm_mod sg sd_mod
crc_t10dif sr_mod cdrom uhci_hcd ata_generic ata_piix ehci_hcd floppy
libata usbcore nls_base e1000e scsi_mod thermal thermal_sys [last
unloaded: scsi_wait_scan]
[ 5343.511834] Pid: 9599, comm: tincd Tainted: G        W
2.6.32-5-openvz-amd64 #1
[ 5343.511837] Call Trace:
[ 5343.511842]  [<ffffffff81143bff>] ? sysfs_add_one+0xcc/0xe4
[ 5343.511847]  [<ffffffff81143bff>] ? sysfs_add_one+0xcc/0xe4
(Continue reading)

Vimal | 10 Aug 20:02 2010
Picon

Re: Bridging interfaces inside container

Hi Razvan,

On 10 August 2010 05:38, Razvan Deaconescu <razvan@...> wrote:
>
> I don't think you can bridge them together. Why would you need that? AFAIK,
> the best you can do is use brctl to add the veth${CTID}.0 and veth${CTID}.1
> virtual interfaces in a bridge in the host system (hardware node).
>

Yes, that's the solution to bridge the interfaces outside the
container.  This will work.

> I think alternate solutions may be used, provided you mention the use of
> bridging two interfaces inside the container.

The reason why I needed it was to emulate an ethernet switch inside a
cpu limited openvz container.  I found a user space switch to do
what's required.

--

-- 
Vimal

Gmane