manualshive.com logo in svg

SWsoft SWsoft OpenVZ, User Manual, Page: 74 / 119

Share
Download
SWsoft SWsoft OpenVZ User Manual Download Page 74

 

Troubleshooting 74 

 

 
 
Nmap run completed -- 1 IP address (1 host up) scanned  
  in 169 seconds 

to check if any ports are open that should normally be closed. 

That could however be a problem to remove a rootkit from a VPS and make sure it is 100% 
removed. If you're not sure, create a new VPS for that customer and migrate her data there. 

ƒ

 

Check the 

/var/log/

 directory on the Hardware Node to find out what is happening on 

the system. There are a number of log files that are maintained by the system and OpenVZ 
(the 

boot.log

messages

vzctl.log

 log files, etc.), but other services and programs 

may also put their own log files here depending on your distribution of Linux and the 
services and applications that you are running. For example, there may be logs associated 
with running a mail server (the 

maillog

 file), automatic tasks (the 

cron

 file), and others. 

However, the first place to look into when you are troubleshooting is the 

/var/log/messages

 log file. It contains the boot messages when the system came up 

as well as other status messages as the system runs. Errors with I/O, networking, and other 
general system errors are reported in this file. So, we recommend that you turn to the 

messages

 log file first and then proceed with the other files from the 

/var/log/

 

directory. 

ƒ

 

Subscribe to bug tracking lists, at least for Red Hat. You should keep track of new public 

DoS tools or remote exploits for the software and install them into VPSs or at Hardware 
Nodes. 

ƒ

 

When using 

iptables

, there is a simple rule for Chains usage to help protect both the HN 

and its VPSs: 

ƒ

 

use INPUT, OUTPUT to filter packets that come in/out the HN; 

ƒ

 

use FORWARD to filter packets that are designated for VPSs. 

 

 

Summary of Contents for SWsoft OpenVZ

Page 1: ...SWsoft Inc OpenVZ User s Guide Version 2 7 0 8 2005 ...

Page 2: ...he copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Linux is a registered trademark of Linus Torvalds OpenVZ and Virtuozzo are trademarks of SWsoft Inc Red Hat is a registered trademark of Red Hat Software Inc UNIX is a registered trademark of The O...

Page 3: ... 18 OpenVZ Configuration 18 Hardware Node Availability Considerations 19 Installation and Preliminary Operations 20 Installation Requirements 20 System Requirements 20 Network Requirements 22 Installing and Configuring Host Operating System on Hardware Node 23 Choosing System Type 23 Disk Partitioning 24 Finishing OS Installation 26 Installing OpenVZ Software 27 Downloading and Installing OpenVZ K...

Page 4: ...es Consumption 57 Monitoring Memory Consumption 59 Managing VPS Resources Configuration 60 Splitting Hardware Node Into Equal Pieces 61 Validating Virtual Private Server Configuration 62 Advanced Tasks 63 Determining VPS ID by Process ID 64 Changing System Time from VPS 64 Accessing Devices from Inside Virtual Private Server 66 Moving Network Adapter to Virtual Private Server 68 Enabling VPN for V...

Page 5: ...ix of OpenVZ Configuration Files 81 Managing OpenVZ Scripts 87 OpenVZ Command Line Interface 91 Matrix of OpenVZ Command Line Utilities 91 vzctl 92 vzlist 100 vzquota 104 Template Management Utilities 110 Supplementary Tools 112 Glossary 115 Index 117 ...

Page 6: ...e Installation Choosing System Type 23 Figure 3 Fedora Core Installation Choosing Manual Partitioning 24 Figure 4 Fedora Core Installation Disk Druid 25 Figure 5 Fedora Core Installation Disabling Firewall and SELinux 26 Figure 6 Sequence of Executing Action Scripts 89 ...

Page 7: ...Hardware Nodes and to employ the command line interface for performing various tasks Familiarity with Red Hat Linux Operating System and certain Linux administrator s skills are desirable for a person reading the guide You can obtain some useful information regarding OS installation issues from http www redhat com docs manuals linux Who Should Read This Guide The primary audience for this book is ...

Page 8: ...plate updates on the Hardware Node add them to and remove from Virtual Private Servers etc Chapter 6 Managing Resources zeroes in on configuring and monitoring the resource control parameters for different VPSs These parameters comprise disk quotas CPU and system resources Common ways of optimizing your VPSs configurations are suggested at the end of the chapter Chapter 7 Advanced Tasks enumerates...

Page 9: ...ich is to be replaced with a real value Type vzctl destroy vpsid Preformatted On screen computer output in your command line sessions source code in XML C or other programming languages Saved parameters for VPS 101 Monospace Bold What you type contrasted with on screen computer output rpm q vzctl CAPITALS Names of keys on the keyboard SHIFT CTRL ALT KEY KEY Key combinations for which the user must...

Page 10: ...the bin sbin usr bin and usr sbin directories so the steps in this book show the commands in these directories without absolute path names Steps that use commands in other less common directories show the absolute paths in the examples Feedback If you spot a typo in this guide or if you have thought of a way to make this guide better we would love to hear from you If you have a suggestion for impr...

Page 11: ...tand alone server for its users and applications as it can be rebooted independently and has its own root access users IP addresses memory processes files applications system libraries and configuration files Light overhead and efficient design of OpenVZ makes it the right virtualization choice for production servers with live applications and real life data The basic OpenVZ VPS capabilities are D...

Page 12: ... VPS independently from other VPSs or the host system Multiple distributions of a package can be run on one and the same Linux box In fact hundreds of servers may be grouped together in this way Besides the evident advantages of such consolidation increased facility of administration and the like there are some you might not even have thought of say cutting down electricity bills by times OpenVZ p...

Page 13: ...S has its own IP address multiple IP addresses per VPS are allowed Network traffic of a VPS is isolated from the other VPSs In other words Virtual Private Servers are protected from each other in the way that makes traffic snooping impossible Firewalling may be used inside a VPS the user can create rules limiting access to some services using the canonical iptables tool inside the VPS In other wor...

Page 14: ... available Hardware Node resources among VPSs Guarantee Quality of Service QoS in accordance with a service level agreement SLA Provide performance and resource isolation and protect from denial of service attacks Simultaneously assign and control resources for a number of Virtual Private Servers etc Resource Management is much more important for OpenVZ than for a standalone computer since compute...

Page 15: ...er Application Software Virtual Private Server OpenVZ Layer Figure 1 OpenVZ Technology This figure presumes that you have a number of physical servers united into a network In fact you may have only one dedicated server to effectively use OpenVZ for the needs of your network If you have more than one OpenVZ based physical server each one of the servers will have a similar architecture In OpenVZ te...

Page 16: ...rnel However they are isolated from each other A Virtual Private Server is a kind of sandbox for processes and users Different Virtual Private Servers can run different versions of Linux for example SuSE 9 2 or Fedora Core 4 and many others Each VPS can run its own version of Linux In this case we say that a VPS is based on a certain OS template OS templates are packages shipped with OpenVZ Before...

Page 17: ...e downloaded from the network repository to the Hardware Node and installed into a temporary VPS which is then packed into a gzipped tarball called the template cache The template cache is used for fast VPS provisioning basically it is a pre created VPS so all that is needed to create a VPS is to untar this file The template cache files are stored in the vz template cache directory Any template ca...

Page 18: ...sconfig vz and VPS configuration files etc sysconfig vz scripts vpsid conf The global configuration file defines global and default parameters for VPS operation for example logging settings enabling and disabling disk quota for VPSs the default configuration file and OS template on the basis of which a new VPS is created and so on On the other hand a VPS configuration file defines the parameters f...

Page 19: ...the recommendations below Use RAID storage for critical VPS private areas Do prefer hardware RAID but software mirroring RAID might suit too as a last resort Do not run software on the Hardware Node itself Create special Virtual Private Servers where you can host necessary services such as BIND FTPD HTTPD and so on On the Hardware Node itself you need only the SSH daemon Preferably it should accep...

Page 20: ...20 Installing and Configuring Host Operating System on Hardware Node 23 Installing OpenVZ Software 27 Installation Requirements After deciding on the structure of your OpenVZ system you should make sure that all the Hardware Nodes where you are going to deploy OpenVZ for Linux meet the following system hardware and software and network requirements System Requirements This section focuses on the h...

Page 21: ...re Virtual Private Servers you can run The exact figure depends on the number and nature of applications you are planning to run in your Virtual Private Servers However on the average at least 1 GB of RAM is recommended for every 20 30 Virtual Private Servers Disk space Each Virtual Private Server occupies 400 600 MB of hard disk space for system files in addition to the user data inside the Virtu...

Page 22: ...nternet connection for the Hardware Node Valid IP address for the Hardware Node as well as other IP parameters default gateway network mask DNS configuration At least one valid IP address for each Virtual Private Server The total number of addresses should be no less than the planned number of Virtual Private Servers The addresses may be allocated in different IP networks If a firewall is deployed...

Page 23: ...n Guide when installing the OS on your Hardware Node After the first several screens you will be presented with a screen specifying the installation type OpenVZ requires Server System to be installed therefore select Server at the dialog shown in the figure below Figure 2 Fedora Core Installation Choosing System Type It is not recommended to install extra packages on the Hardware Node itself due t...

Page 24: ...ices In case of OpenVZ all your services shall run inside Virtual Private Servers Figure 3 Fedora Core Installation Choosing Manual Partitioning Create the following partitions on the Hardware Node Partition Description Typical size Root partition containing all Hardware Node operating system files 2 4 Gb swap Paging partition for the Linux operating system 2 times RAM vz Partition to host OpenVZ ...

Page 25: ... OpenVZ based computers The root partition will host the operating system files The server set of Fedora Core 4 occupies approximately 1 GB of disk space so 1 GB is the minimal size of the root partition The size of the swap partition shall be two times the size of physical RAM installed on the Hardware Node The figure below presents a system with a 12 GB SCSI hard drive Figure 4 Fedora Core Insta...

Page 26: ...ardware Node s IP address host name DNS and default gateway information If you are using DHCP make sure that it is properly configured If necessary consult your network administrator On the Firewall Configuration screen choose No firewall Option Enable SELinux should be set to Disabled Figure 5 Fedora Core Installation Disabling Firewall and SELinux After finishing the installation and rebooting y...

Page 27: ... be removed Configuring Boot Loader In case you use the GRUB loader it will be configured automatically You should only make sure that the lines below are present in the boot grub grub conf file on the Node title Fedora Core 2 6 8 022stab029 1 root hd0 0 kernel vmlinuz 2 6 8 022stab029 1 ro root dev sda5 quiet rhgb initrd initrd 2 6 8 022stab029 1 img However we recommend that you configure this f...

Page 28: ... all our interfaces to send redirects net ipv4 conf default send_redirects 1 net ipv4 conf all send_redirects 0 Please edit the file as described To apply the changes issue the following command sysctl p Alternatively the changes will be applied upon the following reboot It is also worth mentioning that normally you should have forwarding net ipv4 ip_forward turned on since the Hardware Node forwa...

Page 29: ...it d vz start This will load all the needed OpenVZ kernel modules During the next reboot this script will be executed automatically Installing OS Templates Template or package set is a set of package files to be installed into a VPS Operating system templates are used to create new Virtual Private Servers with a pre installed operating system Therefore you are bound to download at least one OS tem...

Page 30: ... also use one of the already pre cached OS templates available at http openvz org download template cache for the VPS creation To this effect you should download the corresponding OS template and place it to the vz template cache directory on the Node ...

Page 31: ...tion guides you through the process of creating a Virtual Private Server We assume that you have successfully installed OpenVZ and at least one OS template If there are no OS templates installed on the Hardware Node turn to the Managing Templates chapter first Before you Begin Before you start creating a Virtual Private Server you should Check that the Hardware Node is visible on your network You ...

Page 32: ...2 you use the range from 1001 to 2000 and so on This approach makes it easier to remember on which Hardware Node a Virtual Private Server has been created and eliminates the possibility of VPS ID conflicts when a Virtual Private Server migrates from one Hardware Node to another Another approach to assigning VPS IDs is to follow some pattern of VPS IP addresses Thus for example if you have a subnet...

Page 33: ...vz scripts directory and have names with the following mask ve config_name conf sample The most commonly used sample is the ve vps basic conf sample file this sample file has resource control parameters suitable for most web site Virtual Private Servers Thus for example you can create a new VPS by typing the following string vzctl create 101 ostemplate fedora core 4 config vps basic Creating VPS p...

Page 34: ...g Virtual Private Server network parameters Setting Virtual Private Server user passwords Configuring Quality of Service Service Level parameters For all these tasks the vzctl set command is used Using this command for setting VPS startup parameters network parameters and user passwords is explained later in this subsection Service Level Management configuration topics are dwelled upon in the Mana...

Page 35: ...ag saves all the parameters to the VPS configuration file You can issue the above commands when the Virtual Private Server is running In this case if you do not want the applied values to persist you can omit the save option and the applied values will be valid only until the Virtual Private Server shutdown To check whether SSH is running inside the Virtual Private Server use vzctl exec which allo...

Page 36: ... via SSH as root and administer it in the same way as you administer a standalone Linux computer install additional software add users set up services and so on The password will be set inside the VPS in the etc shadow file in an encrypted form and will not be stored in the VPS configuration file Therefore if you forget the password you have to reset it Note that userpasswd is the only option of t...

Page 37: ... mounted and the VPS is running Alternatively you can make use of the vzlist utility vzlist 101 VPSID NPROC STATUS IP_ADDR HOSTNAME 101 20 running 10 0 186 101 test my org Still another way of getting the VPS status is checking the proc vz veinfo file This file lists all the Virtual Private Servers currently running on the Hardware Node Each line presents a running Virtual Private Server in the VP...

Page 38: ... that you do not use the fast switch with healthy VPSs unless necessary as the forcible killing of VPS processes may be potentially dangerous The vzctl start and vzctl stop commands initiate the normal Linux OS startup or shutdown sequences inside the Virtual Private Server In case of a Red Hat like distribution System V initialization scripts will be executed just like on an ordinary computer You...

Page 39: ...itch tells the vzlist utility to output both running and stopped VPSs By default only running VPSs are shown The default columns inform you of the VPS IDs the number of running processes inside VPSs their status IP addresses and hostnames This output may be customized as desired by using vzlist command line switches For example vzlist o veid diskinodes s s diskinodes s VPSID DQINODES S 1 400000 10...

Page 40: ...roy command The example below illustrates destroying VPS 101 vzctl destroy 101 VPS is currently mounted umount first vzctl stop 101 Stopping VPS VPS was stopped VPS is unmounted vzctl destroy 101 Destroying VPS private area vz private 101 VPS private area was destroyed ls etc sysconfig vz scripts 101 etc sysconfig vz scripts 101 conf destroyed etc sysconfig vz scripts 101 mount destroyed etc sysco...

Page 41: ...on below illustrates the situation when SSH daemon is not started vzctl exec 101 etc init d sshd status sshd is stopped vzctl exec 101 etc init d sshd start Starting sshd OK vzctl exec 101 etc init d sshd status sshd pid 26187 is running Now VPS users can log in to the VPS via SSH When executing commands inside a Virtual Private Server from shell scripts use the vzctl exec2 command It has the same...

Page 42: ...ually not included into an OS template In This Chapter Template Lifecycle 42 Listing Templates 44 Working with VPS 45 Template Lifecycle A template cache is an OS template installed into a VPS and then packed into a gzipped tar archive This allows to speed up the creation of a new Virtual Private Server instead of installing all the packages comprising a Linux distribution vzctl just unpacks the a...

Page 43: ...ernet it might be sped up using a snapshot of an already fetched repository for a given distribution Such snapshots are available from http openvz org download template repocache they are to be unpacked into the vz template directory Please note that this step is optional In case a template cache i e a tar archive already exists vzpkgcache tries to bring it up to date by applying the latest update...

Page 44: ...available on the Hardware Node Note that some of them might not be cached yet To see only those templates that are cached and thus are ready to be used for creating a VPS use the cached flag with vzpkgls vzpkgls cached fedora core 4 Considering the previous output this means that the centos 4 template is just installed and is not cached yet Specifying a VPS number as a parameter this command print...

Page 45: ...ollowing command vzyum 123 install mysql server Here vzyum will call the yum package manager and provide it with all the paths to the repositories suitable for the distribution installed into the VPS Yum will calculate the dependencies present you with a list of packages to install update remove based on what you have asked for and if confirmed run a transaction to actually perform all the needed ...

Page 46: ...ntrols the resources available to a Virtual Private Server through a set of resource management parameters All these parameters are defined either in the OpenVZ global configuration file etc sysconfig vz or in the respective VPS configuration files etc sysconfig vz scripts VPSID conf or in both You can set them by manually editing the corresponding configuration files or by using the OpenVZ comman...

Page 47: ...cachesize numiptent Managing System Parameters Managing Disk Quotas This section explains what disk quotas are defines disk quota parameters and describes how to perform disk quota related operations Turning on and off per VPS first level disk quotas Setting up first level disk quota parameters for a Virtual Private Server Turning on and off per user and per group second level disk quotas inside a...

Page 48: ...ge changes during the VPS operation these statistics are not automatically synchronized with the quota file the file just gets the dirty flag They are synchronized only when the VPS is stopped or when the HN is shut down After synchronization the dirty flag is removed If the Hardware Node has been incorrectly brought down for example the power switch was hit the file remains dirty and the quota is...

Page 49: ...ISK_QUOTA yes checking available space on vz partition df vz Filesystem 1k blocks Used Available Use Mounted on dev sda2 8957295 1421982 7023242 17 vz editing VPS configuration file to add DISK_QUOTA no vi etc sysconfig vz scripts 101 conf checking that quota is off for VPS 101 grep DISK_QUOTA etc sysconfig vz scripts 101 conf DISK_QUOTA no vzctl start 101 Starting VPS VPS is mounted Adding IP add...

Page 50: ...rs have both soft and hard limits or simply barriers and limits The hard limit is the limit that cannot be exceeded under any circumstances The soft limit can be exceeded up to the hard limit but as soon as the grace period expires the additional disk space or inodes allocations will fail Barriers and limits are separated by colons in Virtual Private Server configuration files and in the command l...

Page 51: ...limit these users will not be able to own files Enabling per user group quotas for a Virtual Private Server requires restarting the VPS The value for it should be carefully chosen the bigger value you set the bigger kernel memory overhead this Virtual Private Server creates This value must be greater than or equal to the number of entries in the VPS etc passwd and etc group files Taking into accou...

Page 52: ...hard grace root 38218 50000 60000 45453 70000 70000 the rest of repquota output is skipped root ve101 root dd if dev zero of test dd writing to test Disk quota exceeded 23473 0 records in 23472 0 records out root ve101 root repquota a Report for user quotas on device dev simfs Block grace time 00 00 Inode grace time 00 00 Block limits File limits User used soft hard grace used soft hard grace root...

Page 53: ... grace status 0 user 1k blocks 38220 50000 60000 loaded 0 user inodes 45453 70000 70000 loaded the rest is skipped The first three lines of the output show the status of first level disk quotas for the Virtual Private Server The rest of the output displays statistics for user group quotas and has separate lines for each user and group ID existing in the system If you do not need the second level q...

Page 54: ...Private Servers and Hardware Node processes This number is calculated by OpenVZ with the help of a special algorithm The above example illustrates the situation when the Hardware Node is underused In other words the running Virtual Private Servers receive more CPU time than was guaranteed to them In the following example Virtual Private Server 102 is guaranteed to receive about 2 of the CPU time e...

Page 55: ...mary parameters Parameter Description File avnumproc The average number of processes and threads V numproc The maximal number of processes and threads the VPS may create V numtcpsock The number of TCP sockets PF_INET family SOCK_STREAM type This parameter limits the number of TCP connections and thus the number of clients the server application can handle in parallel V numothersock The number of s...

Page 56: ...ared among different applications is not included in this resource parameter V numfile The number of files opened by all VPS processes V numflock The number of file locks created by all VPS processes V numpty The number of pseudo terminals such as an ssh session the screen or xterm applications etc V numsiginfo The number of siginfo structures essentially this parameter limits the size of the sign...

Page 57: ...76 132096 132096 0 numothersock 4 17 80 80 0 dcachesize 78952 108488 524288 548864 0 numfile 194 306 1280 1280 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 numiptent 0 0 128 128 0 The failcnt column displays the number of unsuccessful attempts to allocate a particular resource If this value increases after an application fails to start then the corresponding resource limit is in effect lower ...

Page 58: ...tcprcvbuf unixsockbuf sockrcvbuf kmemsize do echo echo res usage for all VEs in MB cat proc user_beancounters grep res sed s digit g awk BEGIN cur max lim 0 cur 2 max 3 lim 5 END print held cur 1024 1024 max max 1024 1024 limit lim 1024 1024 done ...

Page 59: ...maintain the same load and resource consumption level High utilization values in general more than 1 or 100 mean that the system is overloaded and the service level of the Virtual Private Servers is degraded Commitment level shows how much resources are promised to the existing Virtual Private Servers Low commitment levels mean that the system is capable of supporting more Virtual Private Servers ...

Page 60: ...located in all Virtual Private Servers is only the estimation of how much physical memory will be used if all applications claim the allocated memory The memory available for allocation can be not only used the Alloc util column or promised the Alloc commit column but also limited applications will not be able to allocate more resources than is indicated in the Alloc limit column Managing VPS Reso...

Page 61: ...m kmemsize bar should be 253952 currently 126391 Recommendation dgramrcvbuf bar should be 132096 currently 93622 Note that the configuration produced depends on the given Hardware Node resources Therefore it is important to validate the resulted configuration file before trying to use it which is done with the help of the vzcfgvalidate utility The number of Virtual Private Servers you can run on t...

Page 62: ...sockbuf bar should ba 132096 currently 122880 Validation completed success The utility checks constraints on the resource management parameters and displays all the constraint violations found There can be three levels of violation severity Recommendation This is a suggestion which is not critical for Virtual Private Server or Hardware Node operations The configuration is valid in general however ...

Page 63: ... Obtaining Hardware Node ID from Inside Virtual Private Server 65 Accessing Devices from Inside Virtual Private Server 66 Moving Network Adapter to Virtual Private Server 68 Enabling VPN for VPS 69 Loading iptables Modules 69 Creating Configuration File for New Linux Distribution 70 Rebooting Virtual Private Server 71 ...

Page 64: ...ch other and could even break applications depending on the system time accuracy Normally only the Hardware Node system administrator can change the system time However if you want to synchronize the time via Network Time Protocol NTP you have to run NTP software which will connect to external NTP servers and update the system time It is not advisable to run application software on the Hardware No...

Page 65: ...ection to ve101 closed date Tue Oct 29 13 01 31 EST 2002 The command session above shows the way to change the system time from Virtual Private Server 101 The changes will affect all the Virtual Private Servers and the Hardware Node itself It is not advisable to have more than one Virtual Private Server with the sys_time capability set on NTP is described in Internet Standard RFC 1305 more informa...

Page 66: ...n the dev sdb device and create file systems on the first two partitions or use them with any software capable of working with raw block devices such as Oracle database software First we are going to grant the Virtual Private Server the permissions to work with the needed block devices vzctl set 101 devices b 8 16 rw devices b 8 17 rw devices b 8 18 rw save Setting devperms Saved parameters for VP...

Page 67: ...ter the new partition table has been written you can format it and mount inside the Virtual Private Server root vps101 root mke2fs dev sdb2 Output of mke2fs is skipped root vps101 root mount dev sdb2 mnt root vps101 root df Filesystem 1k blocks Used Available Use Mounted on simfs 1048576 149916 898660 15 ext2 101107 13 95873 1 mnt Remember that you have to specify all minors for the devices you wa...

Page 68: ...r VPSs on the Node If such a device is removed from the VPS by means of the vzctl set netdev_del command and added to another VPS instead all the network settings of this device are purged To work around this problem you should store all the device settings in the ifcfg dev file and have this file available in the etc sysconfig network scripts directory inside all the VPSs that may have access to ...

Page 69: ...rw save Create the corresponding device inside the VPS and set the proper permissions vzctl exec 101 mkdir p dev net vzctl exec 101 mknod dev net tun c 10 200 vzctl exec 101 chmod 600 dev net tun Configuring the VPN proper is carried out as a common Linux administration task which is out of the scope of this guide Some popular Linux software for setting up a VPN over the TUN TAP driver includes Vi...

Page 70: ... VPSs hosted on the given Node is determined by the value of the IPTABLES parameter in the etc sysconfig vz file Naturally those modules that constitute the value of this parameter will be loaded to VPSs only in case they are also loaded on the Hardware Node itself see page 70 This parameter can also be redefined both in VPS sample configuration files etc sysconfig vz scripts ve sample_name conf s...

Page 71: ... inside a VPS the VPS is stopped and then started by a special script etc sysconfig vz scripts vpsreboot which is executed periodically every minute by default by the cron daemon Cron configuration to run the script is in the file etc cron d vpsreboot If you want a Virtual Private Server to be unable to initiate reboot itself add the ALLOWREBOOT no line to the Virtual Private Server configuration ...

Page 72: ...blems that may occur during your work with OpenVZ and suggests the ways to solve them In This Chapter General Considerations 73 Kernel Troubleshooting 75 Problems With VPS Management 77 Problems With VPS Operation 79 Problems With Linux Utilities Functioning 79 Getting Technical Support 79 ...

Page 73: ...hecked and quota recalculated for each VPS which dramatically increases the startup time Do not run any binary or script that belongs to a VPS directly from the Hardware Node for example do not ever do that cd vz root 99 etc init d httpd status Any script inside a VPS could have been changed to whatever the VPS owner chooses it could have been trojaned replaced to something like rm rf etc You can ...

Page 74: ...ay be logs associated with running a mail server the maillog file automatic tasks the cron file and others However the first place to look into when you are troubleshooting is the var log messages log file It contains the boot messages when the system came up as well as other status messages as the system runs Errors with I O networking and other general system errors are reported in this file So ...

Page 75: ...command The capital letters in the command names identify the sequence Thus if there are any troubles with the machine and you re about to reboot it please press the following sequences before pressing the Power button ALT SYSRQ M to dump memory info ALT SYSRQ P to dump processes states ALT SYSRQ S to sync disks ALT SYSRQ U to unmount all mounted filesystems ALT SYSRQ E to terminate processes ALT ...

Page 76: ...multiport ipt_limit ipt_tos ipt_REJECT ip_tables May 24 15 12 07 ts13 CPU 0 VCPU 2147483647 0 May 24 15 12 07 ts13 EIP 0060 c01b4049 Not tainted May 24 15 12 07 ts13 EFLAGS 00010206 May 24 15 12 07 ts13 EIP is at proc_pid_stat 0x289 0x5b0 May 24 15 12 07 ts13 eax d0d48a70 ebx 00000000 ecx 00000000 edx c0128962 May 24 15 12 07 ts13 esi 00000000 edi c599fa70 ebp d93f2f34 esp d93f2e04 May 24 15 12 07...

Page 77: ...N column for the process in question Then you should open tmp kernel dump in an editor find that number in the first column and then scroll backward to the first function name which can look like this c011e910 sys_nanosleep Then you can tell if the process lives or is blocked into the found function Problems with VPS Management This section includes recommendations on how to settle some problems w...

Page 78: ...the VPS numeric identifier and addr represents an actual IP address Solution 3 Poor UBC parameters might prevent the VPS from starting Try to validate the VPS configuration see Validating Virtual Private Server Configuration on page 62 See what configuration parameters have caused the error and set appropriate values using the vzctl set save command Solution 4 The VPS might have used all its disk ...

Page 79: ...set 101 save userpasswd root secret Solution 2 Check forwarding setting by issuing the command cat proc sys ipv4 conf venet0 forwarding If it is 0 then change it to 1 by issuing the command echo 1 proc sys ipv4 conf venet0 forwarding Problems with VPS Operation Timeout WhenAccessing Remote Hosts A host is unreachable by the OpenVZ Hardware Node or its Private Servers though it can be reached from ...

Page 80: ...uccessfully accomplish its tasks you need to understand how to configure OpenVZ correctly This section explains what configuration parameters OpenVZ has and how they affect its behavior In This Chapter Configuring OpenVZ 81 OpenVZ Command Line Interface 91 ...

Page 81: ... settings its resource management parameters location of private area IP address and so on etc sysconfig vz scripts ve name conf sample Sample files containing a number of default VPS configurations which may be used as a reference for VPS creation Following samples are shipped with OpenVZ light vps basic Also you may create your new samples customized for your own needs etc sysctl conf Kernel par...

Page 82: ...e Server should be serialized since two simultaneous operations on the same Virtual Private Server may break its consistency OpenVZ keeps lock files in this directory in order to serialize access to one Virtual Private Server vz lock VE0CPUUNITS CPU weight designated for the Hardware Node itself 1000 Logging parameters affect the vzctl utility logging behavior Parameter Description Default value L...

Page 83: ... parameters that can be overridden in VPS configuration file Parameter Description Default value VE_ROOT This is a path to the VPS root directory where private area is mounted vz root VEID VE_PRIVATE This is a path to the VPS private area OpenVZ implementation requires VE_PRIVATE reside within a single physical partition vz private VEID CONFIGFILE Default configuration file sample for VPS creation...

Page 84: ...n system startup OpenVZ automatically starts all Virtual Private Servers that have this parameter set to yes upon startup ALLOWREBOOT Specifies whether VPS may be restarted with reboot command inside If omitted or set to yes reboot is allowed CAPABILITY Specifies capabilities inside of VPS Setting of following capabilities is allowed CHOWN AC_OVERRIDE AC_READ_SEARCH FOWNER FSETID KILL SETGID SETUI...

Page 85: ... is omitted its value is considered as no CPUUNITS Guaranteed CPU power This is a positive integer number which determines the minimal guaranteed share of the CPU the Virtual Private Server receives The total CPU power in CPUUNITS is its Bogomips number multiplied by 25 OpenVZ reporting tools consider one 1 GHz PIII Intel processor to be approximately equivalent to 50 000 CPU units 250 1000 CPULIM...

Page 86: ...f kernel memory is 16 50 Kb per process 798720 13148160 851968 14024704 TCPSNDBUF Total size of send buffers for TCP sockets amount of kernel memory allocated for data sent from application to TCP socket but not acknowledged by remote side yet 159744 5365760 262144 10458760 TCPRCVBUF Total size of receive buffers for TCP sockets Amount of kernel memory received from remote side but not read by loc...

Page 87: ...ted NUMIPTENT The number of IP packet filtering entries 12 128 Network related parameters allow you to set bandwidth management parameters hostname and IP addresses that Virtual Private Server can use as well as to indicate those iptables modules that can be loaded to the VPS HOSTNAME If this parameter is specified then vzctl will set the hostname to its value upon the next VPS start This paramete...

Page 88: ...PS is started or stopped For example if you want to be able to access the Host OS file system or part of it from VPS 101 then you can bind mount it inside the VPS manually from the Host OS However after you restart the VPS your mount disappears and you should manually type the mount command again OpenVZ allows you to automate procedures like the above by using OpenVZ action scripts There are six a...

Page 89: ... vzctl will try to undo the action for the mount and start scripts In other words if the start script returns an error then vzctl will stop VPS and if one of the mount scripts fails then vzctl will dismount the VPS private area Please note that in this case vzctl will not execute the stop and umount scripts at all Caution When executing vzctl start both mount and start scripts run However if the s...

Page 90: ...t i e vzctl with two additional variables VEID and VE_CONFFILE The first one holds the ID of the Virtual Private Server being mounted started stopped dismounted and the second one holds the full path to the VPS configuration file It is probably a bit redundant SWsoft introduced both variables for convenience You can use the following fragment of the code in bash scripts to get access to additional...

Page 91: ...re Node and in VPSs vzpkgcache Create update a set of template caches vzrpm Simple rpm wrapper to use rpm with a particular VPS vzyum Yum wrapper to use yum with a particular VPS Supplementary tools perform a number of tasks and are used by other OpenVZ utilities vzdqcheck Print file space current usage from quota s point of view vzdqdump and vzdqload Utilities to dump the VPS user group quota lim...

Page 92: ... Private Server status Displays a Virtual Private Server status set Used to set Virtual Private Server parameters including resource control settings location of private area VPS hostname IP addresses and VPS root user password enter Provides a way for hardware node administrator to enter a Virtual Private Server without knowing VPS root password Use this command with caution and never run it on u...

Page 93: ...nVZ configuration file you will have to set resource control parameters for the VPS by using the vzctl set command before you are able to start the VPS private path Optional When used specifies path to the Virtual Private Server private area This option is used to override default path to private area from the etc sysconfig vz configuration file VE_PRIVATE variable The argument can contain VEID st...

Page 94: ...cute custom scripts located in the etc sysconfig vz scripts directory namely in order of execution vpsid mount Optional Virtual Private Server mount script If it exists then it is executed immediately after mounting VPS private area If it exits with non zero status then vzctl dismounts VPS private area and returns the error vpsid start Optional Virtual Private Server start script If it exists then...

Page 95: ...for vzctl stop unmounts the VPS private area automatically vzctl set This command is used for setting VPS parameters It has the following syntax vzctl set vpsid setting_name value save An optional save switch tells vzctl whether to save changes into the VPS configuration file etc sysconfig vz scripts vpsid conf Practically all VPS settings can be changed dynamically without the necessity of VPS re...

Page 96: ...RIDE AC_READ_SEARCH CHOWN FOWNER FSETID IPC_LOCK IPC_OWNER KILL LEASE LINUX_IMMUTABLE MKNOD NET_ADMIN NET_BIND_SERVICE NET_BROADCAST NET_RAW SETGID SETPCAP SETUID SYS_ADMIN SYS_BOOT SYS_CHROOT SYS_MODULE SYS_NICE SYS_PACCT SYS_PTRACE SYS_RAWIO SYS_RESOURCE SYS_TIME SYS_TTY_CONFIG root path This setting does NOT move root mount point of your Virtual Private Server to a new path It simply overrides ...

Page 97: ...CP connections and thus the number of clients the server application can handle in parallel In this version of OpenVZ the limit shall be set to the same value as the barrier numothersock bar lim Number of socket other than TCP Local UNIX domain sockets are used for communications inside the system UDP sockets are used for Domain Name Service DNS queries for example In this version of OpenVZ the li...

Page 98: ... be set to the same value as the barrier numflock bar lim Number of file locks created by all VPS processes numpty bar lim Number of pseudo terminals For example ssh session screen xterm application consumes pseudo terminal resource In this version of OpenVZ the limit shall be set to the same value as the barrier numsiginfo bar lim Number of siginfo structures essentially this parameter limits siz...

Page 99: ...ttings allow you to set the hostname the domain to search when a not fully qualified domain name is used the DNS server address and the IP addresses that Virtual Private Server can use as well as to indicate those iptables modules that can be loaded to the VPS hostname name Sets the hostname to the specified name ipadd addr Adds IP address to the list of IP addresses the Virtual Private Server can...

Page 100: ...to a terminal As such you receive a shell prompt and are able to execute multiple commands as if you were logged in to the Virtual Private Server However be aware that vzctl enter is a potentially dangerous command if you have un trusted users inside the Virtual Private Server Your shell will have its file descriptors accessible for the VPS root in the proc filesystem and a malicious user could ru...

Page 101: ...he parameters available to be used with the o option vzlist Output Parameters and Their Specifiers Almost any parameter that can be used after the o and s switches of the vzlist utility can be specified by the dot letter combination following the parameter and denoting one of the following things Specifier Description m The maximal registered usage of the corresponding resource by the given VPS b ...

Page 102: ...emory pages used by several different VPSs mappings of shared libraries for example only a fraction of a page is charged to each VPS The sum of the physpages usage for all VPSs corresponds to the total number of pages used in the system by all accounted users vmguarpages m b l f VMGUARP Memory allocation guarantee in pages one page is 4 Kb Applications are guaranteed to be able to allocate memory ...

Page 103: ...used for communications inside the system UDP sockets are used for Domain Name Service DNS queries for example dcachesize m b l f DCACHESIZE Total size in bytes of dentry and inode structures locked in memory Exists as a separate parameter to impose a limit causing file operations to sense memory shortage and return an error to applications protecting from excessive consumption of memory due to in...

Page 104: ...t usage of the corresponding resource is shown by default vzquota This command is used to configure and see disk quota statistics for Virtual Private Servers vzquota is also used to turn on the possibility of using per user group quotas inside the VPS It allows you to configure per user or per group quota inside the Virtual Private Server as well vzctl uses vzquota internally to configure quotas a...

Page 105: ...hould be counted For the init command you must specify all the limits as well as the file tree where you want to initialize the quota drop Forget about given quota ID dropping existent quota file on Turns on quota accounting on the specified quota ID off Turns off quota accounting on the specified quota ID setlimit Allows changing the quota limits for the running quota stat Shows quota statistics ...

Page 106: ...erver n inode exptime time Required Expiration time for excess of the inode soft limit Time can be specified in two formats dd hh mm ss For example 30 30 seconds 12 00 12 minutes 20 15 11 00 20 days 15 hours 11 minutes xxA where A h H hour d D day w W week m M month y Y year For instance 7D 7 days 01w 1 week 3m 3 months p path Required Specifies the path to the Virtual Private Server private area ...

Page 107: ...p quota will not be accounted The default value is 0 p path Required Specifies the path to the Virtual Private Server private area f This option forces recalculation of quota usage even if the quota file does not have dirty flag set on c quota_file Optional Specifies the file to write output of counted disk space and inodes as well as limits If omitted the default var vzquota quota vpsid file is u...

Page 108: ... options are optional for the vzquota on command However at least one of these options or u ugid limit num must be specified These options are described in the vzquota init subsection c quota_file Optional Specifies the file to write output of counted disk space and inodes as well as limits If omitted the default var vzquota quota vpsid file is used ...

Page 109: ...ce 1k blocks 113856 2097152 2097152 inodes 42539 200000 220000 User group quota on active Ugids loaded 33 total 33 limit 100 Ugid limit was exceeded no User group grace times and flags type block_exp_time inode_exp_time hex_flags user 0 group 0 User group objects type ID resource usage softlimit hardlimit grace status user 0 1k blocks 113672 0 0 loaded user 0 inodes 42422 0 0 loaded This output is...

Page 110: ...mplate comprises Locations of network package repositories Scripts needed to be executed on various stages of template installation Public GPG key s needed to check signatures of packages Additional OpenVZ specific packages vzpkgls This utility lists templates installed on the Hardware Node or already installed into a particular VPS It has the following syntax vzpkgls c cached vzpkgls vpsid If you...

Page 111: ...e s on the command line Normally you run vzpkgcache without any options However it understands the following options r remove osname Remove the cache for the templates specified in the command line osname This option requires an explicit list of templates i e there is no default action to remove all caches vzrpm This utility acts as a simple RPM wrapper to be used for a specific VPS It has the fol...

Page 112: ...ely vzdqdump displays the corresponding values on the console screen and vzdqload gets the information from the standard input The syntax of the commands is the following vzdqdump general_options quota_id f c quota_file G U T vzdqload general_options quota_id c quota_file G U T The general options are described in the table below h Usage info V vzquota version info v Verbose mode q Quiet mode The ...

Page 113: ...he command line v Display information for each VPS A Display absolute values in megabytes It is possible to use any of the available options both of them or to do without any options vzcalc This utility is used to calculate Virtual Private Server resource usage It has the following syntax vzcalc v vpsid This utility displays what part of Hardware Node resources Virtual Private Server vpsid is usin...

Page 114: ...le_name as an argument to the config option of the vzctl create command If a sample with this name already exists the utility will output an error message and will not overwrite the existing configuration vzcfgvalidate This utility is used to check resource management parameters consistency in the Virtual Private Server configuration file It has the following syntax vzcfgvalidate vps_config_file T...

Page 115: ...tem See also Template Package set is a synonym for Template Private area is a part of the file system where VPS files that are not shared with other Virtual Private Servers are stored siginfo structure or just siginfo is a block of information about signal generation If a process catches a signal it may receive siginfo telling why the system generated that signal If a process monitors its children...

Page 116: ... configuration files its own applications system libraries and so on Virtual Private Servers share one Hardware Node and one OS kernel However they are isolated from each other Virtual Private Server is a kind of sandbox for processes and users Virtual Private Server 0 is used to designate the Hardware Node itself OpenVZ is a complete server automation and virtualization solution allowing you to c...

Page 117: ...Hardware Node 23 Creating and Configuring New Virtual Private Server 31 Installing OpenVZ Software 27 Creating and Installing Application Templates 45 Installing OS Templates 29 K Creating Virtual Private Server 33 Kernel Troubleshooting 75 D L Deleting Virtual Private Server 40 Determining VPS ID by Process ID 64 Listing Templates 44 Disk Partitioning 24 Listing Virtual Private Servers 39 Disk Qu...

Page 118: ...rview 88 vzcalc 113 vzcfgvalidate 114 P vzcpucheck 113 vzctl 92 Preface 7 vzctl create 93 Problems With VPS Management 77 vzctl destroy 94 Problems With VPS Operation 79 vzctl exec vzctl exec2 and vzctl enter 100 R vzctl mount and vzctl umount 95 vzctl set 95 Rebooting Virtual Private Server 71 vzctl start vzctl stop vzctl restart and vzctl status 94 Reference 80 Resource Management 14 vzdqcheck 1...

Page 119: ...Index 119 W What are Disk Quotas 48 What are Resource Control Parameters 46 What is OpenVZ 11 Who Should Read This Guide 7 ...

Reviews:

No comments