Aleksandar Ivanisevic | 1 Nov 12:31 2010
X-Face
Picon

Re: Routing all VZ's traffic through a VPN on the host?

Benjamin Henrion <bh@...> writes:

> Hi,
>
> I am looking on how to route all the traffic coming from the
> containers through a VPN interface which is on the hardware node.
>
> Any idea?
>
> I am using venet, not veth interfaces.

Just use a regular source route. The exact recipe will depend on your
config.

Be aware though that there is a bug (or a "feature" if you ask ovz people)
that will prevent you for using an ipsec on a HN unless you
specifically turn policy routing off **in a container**.

http://bugzilla.openvz.org/show_bug.cgi?id=1554

--

-- 
Ti si arogantan, prepotentan i peglaš vlastitu frustraciju. -- Ivan
Tišljar, hr.comp.os.linux
Barbara Nowak | 2 Nov 18:23 2010
Picon

Quota 2nd level problem

Hi,

I migrated my server from vserver to openvz. All seems to work well but I had a problem with quota 2nd level.
I've aldeady readed many articles (and tutorials) founded on google, but I doing someting wrong... Please give me advice what I have doing wrong :(

On my machine:
marvin:/# cat /proc/version
Linux version 2.6.32-5-openvz-amd64 (Debian 2.6.32-26) (dannf-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed Oct 20 00:52:29 UTC 2010

marvin:/proc# mount |grep "101"
/dev/mapper/vg0-v1 on /vhost/101 type ext3 (rw,usrquota,grpquota)

I had set in vz.conf:
VE_ROOT=/var/lib/vz/root/$VEID
VE_PRIVATE=/vhost/$VEID

marvin:/etc/vz/conf# cat 101.conf
[....]
# Disk quota parameters (in form of softlimit:hardlimit)
DISK_QUOTA="yes"

# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="139456348:139456348"
DISKINODES="139456348:139456348"
QUOTATIME="0"
QUOTAUGIDLIMIT="190"

Now I try start a 101 vhost:

marvin:/etc/vz/conf# vzctl start 101
Starting container ...
Container is mounted
Adding IP address(es): [...]
Running container script: /etc/vz/dists/scripts/debian-add_ip.sh
Setting CPU units: 1000
Configuring meminfo: 9223372036854775807
Set hostname: [....]
Running container script: /etc/vz/dists/scripts/debian-set_hostname.sh
Setting quota ugidlimit: 190
Running container script: /etc/vz/dists/scripts/set_ugid_quota.sh
Container start in progress...

marvin:/etc/vz/conf# vzquota stat 101
   resource          usage       softlimit      hardlimit    grace
  1k-blocks         898572       139456348      139456348
     inodes          28118       139456348      139456348

marvin:/etc/vz/conf# vzctl enter 101
entered into CT 101

s1:/# ls -la /etc |grep mtab
lrwxrwxrwx  1 root  root      12 Oct 31 15:41 mtab -> /proc/mounts

s1:/# cat /etc/mtab
/dev/simfs / simfs rw,relatime 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0
s1:/# cat /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>                       <dump>  <pass>
proc            /proc           proc    defaults                        0       0

s1:/# repquota --version
Quota utilities version 4.00-pre1.
Compiled with: USE_LDAP_MAIL_LOOKUP EXT2_DIRECT HOSTS_ACCESS ALT_FORMAT RPC RPC_SETQUOTA BSD_BEHAVIOUR
Bugs to jack-AlSwsSmVLrQ@public.gmane.org

s1:/# edquota root
No filesystems with quota detected.

s1:/# exit
logout
exited from CT 101


So magic question is what I need to change to change /etc/mtab entry to mount FS with quota ?
Sorry for simple (?) question but my ideas was over :(

Greetings
Barbara


_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users
Maxim Dolgikh | 3 Nov 15:16 2010
Picon

Re: Quota 2nd level problem

Hello,

As i understand you use different partitions for root and private on the HN. I 
think you need enable quotas on the VE_ROOT partition too.

On Tuesday 02 November 2010 19:23:57 Barbara Nowak wrote:
> Hi,
> 
> I migrated my server from vserver to openvz. All seems to work well but I
> had a problem with quota 2nd level.
> I've aldeady readed many articles (and tutorials) founded on google, but I
> doing someting wrong... Please give me advice what I have doing wrong :(
> 
> On my machine:
> marvin:/# cat /proc/version
> Linux version 2.6.32-5-openvz-amd64 (Debian 2.6.32-26) (dannf@...)
> (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed Oct 20 00:52:29 UTC 2010
> 
> marvin:/proc# mount |grep "101"
> /dev/mapper/vg0-v1 on /vhost/101 type ext3 (rw,usrquota,grpquota)
> 
> I had set in vz.conf:
> VE_ROOT=/var/lib/vz/root/$VEID
> VE_PRIVATE=/vhost/$VEID
> 
> marvin:/etc/vz/conf# cat 101.conf
> [....]
> # Disk quota parameters (in form of softlimit:hardlimit)
> DISK_QUOTA="yes"
> 
> # Disk quota parameters (in form of softlimit:hardlimit)
> DISKSPACE="139456348:139456348"
> DISKINODES="139456348:139456348"
> QUOTATIME="0"
> QUOTAUGIDLIMIT="190"
> 
> Now I try start a 101 vhost:
> 
> marvin:/etc/vz/conf# vzctl start 101
> Starting container ...
> Container is mounted
> Adding IP address(es): [...]
> Running container script: /etc/vz/dists/scripts/debian-add_ip.sh
> Setting CPU units: 1000
> Configuring meminfo: 9223372036854775807
> Set hostname: [....]
> Running container script: /etc/vz/dists/scripts/debian-set_hostname.sh
> Setting quota ugidlimit: 190
> Running container script: /etc/vz/dists/scripts/set_ugid_quota.sh
> Container start in progress...
> 
> marvin:/etc/vz/conf# vzquota stat 101
>    resource          usage       softlimit      hardlimit    grace
>   1k-blocks         898572       139456348      139456348
>      inodes          28118       139456348      139456348
> 
> marvin:/etc/vz/conf# vzctl enter 101
> entered into CT 101
> 
> s1:/# ls -la /etc |grep mtab
> lrwxrwxrwx  1 root  root      12 Oct 31 15:41 mtab -> /proc/mounts
> 
> s1:/# cat /etc/mtab
> /dev/simfs / simfs rw,relatime 0 0
> proc /proc proc rw,relatime 0 0
> sysfs /sys sysfs rw,relatime 0 0
> tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
> tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0
> s1:/# cat /etc/fstab
> # /etc/fstab: static file system information.
> #
> # <file system> <mount point>   <type>  <options>                      
> <dump> <pass>
> proc            /proc           proc    defaults                        0
> 0
> 
> s1:/# repquota --version
> Quota utilities version 4.00-pre1.
> Compiled with: USE_LDAP_MAIL_LOOKUP EXT2_DIRECT HOSTS_ACCESS ALT_FORMAT RPC
> RPC_SETQUOTA BSD_BEHAVIOUR
> Bugs to jack@...
> 
> s1:/# edquota root
> No filesystems with quota detected.
> 
> s1:/# exit
> logout
> exited from CT 101
> 
> 
> So magic question is what I need to change to change /etc/mtab entry to
> mount FS with quota ?
> Sorry for simple (?) question but my ideas was over :(
> 
> Greetings
> Barbara
Kir Kolyshkin | 3 Nov 17:35 2010

Re: Quota 2nd level problem

Looks like you mix 1st and 2nd level quotas.

First-level quota is set by --diskspace and --diskinodes and this is 
quota for a CT.

Second-level quota is quota for users/groups inside a container, and it 
is enabled
by doing vzctl set $CTID --quotaugidlimit NNN. See the description of the
parameter in vzctl man page.

Let us know if it helps.

Kir.

On 11/02/2010 08:23 PM, Barbara Nowak wrote:
> Hi,
>
> I migrated my server from vserver to openvz. All seems to work well 
> but I had a problem with quota 2nd level.
> I've aldeady readed many articles (and tutorials) founded on google, 
> but I doing someting wrong... Please give me advice what I have doing 
> wrong :(
>
> On my machine:
> marvin:/# cat /proc/version
> Linux version 2.6.32-5-openvz-amd64 (Debian 2.6.32-26) 
> (dannf@...) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Wed 
> Oct 20 00:52:29 UTC 2010
>
> marvin:/proc# mount |grep "101"
> /dev/mapper/vg0-v1 on /vhost/101 type ext3 (rw,usrquota,grpquota)
>
> I had set in vz.conf:
> VE_ROOT=/var/lib/vz/root/$VEID
> VE_PRIVATE=/vhost/$VEID
>
> marvin:/etc/vz/conf# cat 101.conf
> [....]
> # Disk quota parameters (in form of softlimit:hardlimit)
> DISK_QUOTA="yes"
>
> # Disk quota parameters (in form of softlimit:hardlimit)
> DISKSPACE="139456348:139456348"
> DISKINODES="139456348:139456348"
> QUOTATIME="0"
> QUOTAUGIDLIMIT="190"
>
> Now I try start a 101 vhost:
>
> marvin:/etc/vz/conf# vzctl start 101
> Starting container ...
> Container is mounted
> Adding IP address(es): [...]
> Running container script: /etc/vz/dists/scripts/debian-add_ip.sh
> Setting CPU units: 1000
> Configuring meminfo: 9223372036854775807
> Set hostname: [....]
> Running container script: /etc/vz/dists/scripts/debian-set_hostname.sh
> Setting quota ugidlimit: 190
> Running container script: /etc/vz/dists/scripts/set_ugid_quota.sh
> Container start in progress...
>
> marvin:/etc/vz/conf# vzquota stat 101
>    resource          usage       softlimit      hardlimit    grace
>   1k-blocks         898572       139456348      139456348
>      inodes          28118       139456348      139456348
>
> marvin:/etc/vz/conf# vzctl enter 101
> entered into CT 101
>
> s1:/# ls -la /etc |grep mtab
> lrwxrwxrwx  1 root  root      12 Oct 31 15:41 mtab -> /proc/mounts
>
> s1:/# cat /etc/mtab
> /dev/simfs / simfs rw,relatime 0 0
> proc /proc proc rw,relatime 0 0
> sysfs /sys sysfs rw,relatime 0 0
> tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
> tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620 0 0
> s1:/# cat /etc/fstab
> # /etc/fstab: static file system information.
> #
> # <file system> <mount point> <type> <options> <dump> <pass>
> proc            /proc           proc    
> defaults                        0       0
>
> s1:/# repquota --version
> Quota utilities version 4.00-pre1.
> Compiled with: USE_LDAP_MAIL_LOOKUP EXT2_DIRECT HOSTS_ACCESS 
> ALT_FORMAT RPC RPC_SETQUOTA BSD_BEHAVIOUR
> Bugs to jack@...
>
> s1:/# edquota root
> No filesystems with quota detected.
>
> s1:/# exit
> logout
> exited from CT 101
>
>
> So magic question is what I need to change to change /etc/mtab entry 
> to mount FS with quota ?
> Sorry for simple (?) question but my ideas was over :(
>
> Greetings
> Barbara
>
>
Barbara Nowak | 3 Nov 22:18 2010
Picon

Re: Quota 2nd level problem

Hi,

On Tuesday 03 November 2010 22:04:07 Maxim Dolgikh wrote:

>As i understand you use different partitions for root and private on the HN. I 
>think you need enable quotas on the VE_ROOT partition too.

No, It is not good solutions.
Does not help....

On Tuesday 03 November 2010 22:04:07 Kir Kolyshkin wrote:

> Looks like you mix 1st and 2nd level quotas.
> First-level quota is set by --diskspace and --diskinodes and this is quota for 
>a CT.
>
>Second-level quota is quota for users/groups inside a container, and it is 
>enabled
>by doing vzctl set $CTID --quotaugidlimit NNN. See the description of the
>parameter in vzctl man page.
>
>Let us know if it helps.

I've already set --quotaugidlimit but it does not help.

Hoever I've checked again my config files...
Someting works strange:

marvin:~# cat /etc/vz/conf/101.conf
[...]
DISK_QUOTA="yes"
DISKSPACE="139456348:139456348"
DISKINODES="139456348:139456348"
QUOTATIME="0"
QUOTAUGIDLIMIT="190"

but in /etc/vz/vz.conf i had:
DISK_QUOTA=no

these settings turn off 2-nd level quota.. Is any priority of reading config 
files ?
After changing DISK_QUOTA in vz.conf:

marvin:~# vzctl enter 101
entered into CT 101
s1:/# ls -la |grep quota
lrwxrwxrwx  1 root root    39 Nov  3 22:01 aquota.group -> 
/proc/vz/vzaquota/00000029/aquota.group
lrwxrwxrwx  1 root root    38 Nov  3 22:01 aquota.user -> 
/proc/vz/vzaquota/00000029/aquota.user
s1:/# mount
/dev/simfs on / type reiserfs (rw,usrquota,grpquota)

Hoever:
s1:/# edquota root
No filesystems with quota detected.

Greetings
Barbara
lst_hoe02 | 4 Nov 09:37 2010
Picon

Re: Quota 2nd level problem

Zitat von Barbara Nowak <basiamnowak@...>:

> Hi,
>
>
>
> On Tuesday 03 November 2010 22:04:07 Maxim Dolgikh wrote:
>
>> As i understand you use different partitions for root and private  
>> on the HN. I
>> think you need enable quotas on the VE_ROOT partition too.
>
> No, It is not good solutions.
> Does not help....
>
>
> On Tuesday 03 November 2010 22:04:07 Kir Kolyshkin wrote:
>
>> Looks like you mix 1st and 2nd level quotas.
>> First-level quota is set by --diskspace and --diskinodes and this  
>> is quota for
>> a CT.
>>
>> Second-level quota is quota for users/groups inside a container, and it is
>> enabled
>> by doing vzctl set $CTID --quotaugidlimit NNN. See the description of the
>> parameter in vzctl man page.
>>
>> Let us know if it helps.
>
> I've already set --quotaugidlimit but it does not help.
>
> Hoever I've checked again my config files...
> Someting works strange:
>
> marvin:~# cat /etc/vz/conf/101.conf
> [...]
> DISK_QUOTA="yes"
> DISKSPACE="139456348:139456348"
> DISKINODES="139456348:139456348"
> QUOTATIME="0"
> QUOTAUGIDLIMIT="190"
>
> but in /etc/vz/vz.conf i had:
> DISK_QUOTA=no
>
> these settings turn off 2-nd level quota.. Is any priority of reading config
> files ?
> After changing DISK_QUOTA in vz.conf:
>
> marvin:~# vzctl enter 101
> entered into CT 101
> s1:/# ls -la |grep quota
> lrwxrwxrwx  1 root root    39 Nov  3 22:01 aquota.group ->
> /proc/vz/vzaquota/00000029/aquota.group
> lrwxrwxrwx  1 root root    38 Nov  3 22:01 aquota.user ->
> /proc/vz/vzaquota/00000029/aquota.user
> s1:/# mount
> /dev/simfs on / type reiserfs (rw,usrquota,grpquota)

As far as i know Quotas are only supported on ext3.

http://wiki.openvz.org/Disk_quota

Regards

Andreas

Attachment (smime.p7s): application/pkcs7-signature, 8170 bytes
_______________________________________________
Users mailing list
Users@...
https://openvz.org/mailman/listinfo/users
Barbara Nowak | 4 Nov 20:05 2010
Picon

Re: Quota 2nd level problem

Hi,

> On Tuesday 04 November 2010 19:53:07 "lst_hoe02@..." wrote:

>
Thanks for the suggestions, but I think I found the problem.

At first I downloaded this OSTEMPLATE: 
http://download.openvz.org/template/precreated/contrib/debian-5.0-amd64-minimal.tar.gz

and setup a new VPS with Kir's sugestion. All work - quota 1st and 2nd level..

New debian version will be released soon (I hope :)).
So I modified my sources.list to this:

# cat /etc/apt/sources.list
deb      http://ftp2.de.debian.org/debian squeeze main contrib non-free

apt-get update
apt-get dist-upgrade

VPS config is unchanged. After this :

> s1:/# mount
> /dev/simfs on / type reiserfs (rw,usrquota,grpquota)
yes... i dont understand this...
Reiserfs is my root server partition, but not for VPS. VPS partition is ext3. 
Link from /proc/mounts fo /etc/mtab was removed (static file was created)
and quota 2nd level does not working anymore...

# dpkg -s quota
Package: quota
Status: install ok installed
Priority: optional
Section: admin
Installed-Size: 1572
Maintainer: Michael Meskes <meskes@...>
Architecture: amd64
Version: 4.00~pre1-4
Depends: e2fslibs (>= 1.37), libc6 (>= 2.3), libcomerr2 (>= 1.01), libdbus-1-3 
(>= 1.0.2), libldap-2.4-2 (>= 2.4.7), libnl1 (>= 1.1), libwrap0 (>= 7.6-4~), 
debconf (>= 1.2.9) | debconf-2.0, lsb-base (>= 3.2-13)
Suggests: libnet-ldap-perl, rpcbind | portmap

>As far as i know Quotas are only supported on ext3.
>
> http://wiki.openvz.org/Disk_quota
Yes, I readed this article.

Greetings
Barbara
Razvan Deaconescu | 5 Nov 14:49 2010

Re: Re: Traffic shaping *inside* OpenVZ containers

On 09/15/2010 03:17 PM, Benny Amorsen wrote:
> Razvan Deaconescu <razvan-Z8229FDUryEdnm+yROfE0A@...>
> writes:
> 
>> I've added all sch_* modules on the hardware node. I've restarted the
>> OpenVZ container and tried running tc. It still doesn't work. Should
>> only the sch_* modules be inserted?
> 
> I'm not sure what you mean by "only the sch_* modules".
> 
> We use tc extensively with the RedHat/CentOS-based OpenVZ kernels... 
> 
> Ah, I think I know what the problem is. You need to give the guest
> additional privileges. Notice that this is dangerous if you have
> untrusted guests!
> 
> We use: CAPABILITY="NET_ADMIN:on NET_RAW:on SYS_ADMIN:on"

Hi, Benny!

I've added the capabilities as you've mentioned, restarted the VE but it
still doesn't work. I've done an strace on the tc command and the only
difference from the similar command of the base system (hardware node)
is the presence of the /proc/net/psched file[1].

Could the absence of /proc/net/psched affect tc's behavior?

Razvan

[1]
-----
ct# strace -e open tc qdisc add dev eth0 root handle 1: htb default 90
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libresolv.so.2", O_RDONLY)   = 3
open("/lib/libm.so.6", O_RDONLY)        = 3
open("/lib/libdl.so.2", O_RDONLY)       = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/proc/net/psched", O_RDONLY)      = -1 ENOENT (No such file or
directory)
open("/usr//lib/tc/q_htb.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
RTNETLINK answers: Invalid argument
---
hw# strace -e open tc qdisc add dev eth0 root handle 1: htb default 90
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libresolv.so.2", O_RDONLY)   = 3
open("/lib/libm.so.6", O_RDONLY)        = 3
open("/lib/libdl.so.2", O_RDONLY)       = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/proc/net/psched", O_RDONLY)      = 3
open("/usr//lib/tc/q_htb.so", O_RDONLY) = -1 ENOENT (No such file or
directory)
---
Benjamin Henrion | 7 Nov 12:50 2010

where to find 2.6.32-28 debian kernel?

Hi,

I want to install the dzhanibekov version of the kernel, I use debian,
it seems the -28 revision of the kernel has been updated in SID:

http://permalink.gmane.org/gmane.linux.debian.devel.kernel.cvs/11596

I did an update, I can find this metapackage:

http://packages.debian.org/sid/linux-image-2.6-openvz-686

But when I install it, it does not install anything.

Do you know where I can find the -28 deb package?

Best,

--
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."
Benjamin Henrion | 7 Nov 13:02 2010

EXT4 bug

Hi,

Does anybody if this critical bug is fixed?

http://lists.debian.org/debian-kernel/2010/11/msg00058.html

I encountered this bug a while ago, forcing me to go back to ext3.

Best,

--

-- 
Benjamin Henrion <bhenrion at ffii.org>
FFII Brussels - +32-484-566109 - +32-2-4148403
"In July 2005, after several failed attempts to legalise software
patents in Europe, the patent establishment changed its strategy.
Instead of explicitly seeking to sanction the patentability of
software, they are now seeking to create a central European patent
court, which would establish and enforce patentability rules in their
favor, without any possibility of correction by competing courts or
democratically elected legislators."

Gmane