SWsoft SWsoft OpenVZ Скачать руководство пользователя страница 73 | Manualshive

Страница: 73 / 119

SWsoft SWsoft OpenVZ Скачать руководство пользователя страница 73

Troubleshooting 73

General Considerations

The general issues to take into consideration when troubleshooting your OpenVZ system are
listed below. You should read them carefully before trying to solve more specific problems.

You should always remember where you are located now in your terminal. Check it

periodically using the

pwd

,

hostname

,

ifconfig

,

cat /proc/vz/veinfo

commands. One and the same command executed inside a VPS and at the HN can lead to
very different results! You can also set up the

PS1

environment variable to show the full

path in the

bash

prompt. To do that, add these lines to

/root/.bash_profile

:

PS1="[\u@\h \w]$ "
export PS1

If the Hardware Node slows down, use

vmstat

,

ps

(

ps axfw

),

dmesg

,

top

to find out

what is happening, never reboot the machine without investigation. If no thinking helps
restore the normal operation, use the Alt+SysRq sequences to dump the memory
(

showMem

) and processes (

showPc

). See

Using ALT+SYSRQ Keyboard Sequences

section

for more information.

If the Hardware Node was incorrectly brought down, on its next startup all the partitions

will be checked and quota recalculated for each VPS, which dramatically increases the
startup time.

Do not run any binary or script that belongs to a VPS directly from the Hardware Node, for

example,

do not

ever do that:

cd /vz/root/99/etc/init.d
./httpd status

Any script inside a VPS could have been changed to whatever the VPS owner chooses: it could
have been trojaned, replaced to something like

rm -rf

, etc. You can use only

vzctl exec

or

vzctl enter

to execute programs inside a VPS.

Do not use init scripts at the Hardware Node. An init script may use

killall

to stop a

service, which means that all similar processes will be killed in all VPSs! You can check

/var/run/

service

.pid

and kill the correspondent process explicitly.

You must be able to detect any rootkit inside a VPS. It is recommended to use the

chkrootkit

package for detection (you can download the latest version from

www.chkrootkit.org

), or at least run

rpm -Va|grep "S.5"

to check up if the MD5 sum has changed for any RPM file.

You can also run

nmap

, for example:

# nmap -p 1-65535 192.168.0.1

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.0.1):
(The 65531 ports scanned but not shown below are in
state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc

«
...
71
72
73
74
75
...
»

Содержание SWsoft OpenVZ

Страница 1: ...SWsoft Inc OpenVZ User s Guide Version 2 7 0 8 2005 ...

Страница 2: ...he copyright holder Distribution of the work or derivative of the work in any standard paper book form for commercial purposes is prohibited unless prior permission is obtained from the copyright holder Linux is a registered trademark of Linus Torvalds OpenVZ and Virtuozzo are trademarks of SWsoft Inc Red Hat is a registered trademark of Red Hat Software Inc UNIX is a registered trademark of The O...

Страница 3: ... 18 OpenVZ Configuration 18 Hardware Node Availability Considerations 19 Installation and Preliminary Operations 20 Installation Requirements 20 System Requirements 20 Network Requirements 22 Installing and Configuring Host Operating System on Hardware Node 23 Choosing System Type 23 Disk Partitioning 24 Finishing OS Installation 26 Installing OpenVZ Software 27 Downloading and Installing OpenVZ K...

Страница 4: ...es Consumption 57 Monitoring Memory Consumption 59 Managing VPS Resources Configuration 60 Splitting Hardware Node Into Equal Pieces 61 Validating Virtual Private Server Configuration 62 Advanced Tasks 63 Determining VPS ID by Process ID 64 Changing System Time from VPS 64 Accessing Devices from Inside Virtual Private Server 66 Moving Network Adapter to Virtual Private Server 68 Enabling VPN for V...

Страница 5: ...ix of OpenVZ Configuration Files 81 Managing OpenVZ Scripts 87 OpenVZ Command Line Interface 91 Matrix of OpenVZ Command Line Utilities 91 vzctl 92 vzlist 100 vzquota 104 Template Management Utilities 110 Supplementary Tools 112 Glossary 115 Index 117 ...

Страница 6: ...e Installation Choosing System Type 23 Figure 3 Fedora Core Installation Choosing Manual Partitioning 24 Figure 4 Fedora Core Installation Disk Druid 25 Figure 5 Fedora Core Installation Disabling Firewall and SELinux 26 Figure 6 Sequence of Executing Action Scripts 89 ...

Страница 7: ...Hardware Nodes and to employ the command line interface for performing various tasks Familiarity with Red Hat Linux Operating System and certain Linux administrator s skills are desirable for a person reading the guide You can obtain some useful information regarding OS installation issues from http www redhat com docs manuals linux Who Should Read This Guide The primary audience for this book is ...

Страница 8: ...plate updates on the Hardware Node add them to and remove from Virtual Private Servers etc Chapter 6 Managing Resources zeroes in on configuring and monitoring the resource control parameters for different VPSs These parameters comprise disk quotas CPU and system resources Common ways of optimizing your VPSs configurations are suggested at the end of the chapter Chapter 7 Advanced Tasks enumerates...

Страница 9: ...ich is to be replaced with a real value Type vzctl destroy vpsid Preformatted On screen computer output in your command line sessions source code in XML C or other programming languages Saved parameters for VPS 101 Monospace Bold What you type contrasted with on screen computer output rpm q vzctl CAPITALS Names of keys on the keyboard SHIFT CTRL ALT KEY KEY Key combinations for which the user must...

Страница 10: ...the bin sbin usr bin and usr sbin directories so the steps in this book show the commands in these directories without absolute path names Steps that use commands in other less common directories show the absolute paths in the examples Feedback If you spot a typo in this guide or if you have thought of a way to make this guide better we would love to hear from you If you have a suggestion for impr...

Страница 11: ...tand alone server for its users and applications as it can be rebooted independently and has its own root access users IP addresses memory processes files applications system libraries and configuration files Light overhead and efficient design of OpenVZ makes it the right virtualization choice for production servers with live applications and real life data The basic OpenVZ VPS capabilities are D...

Страница 12: ... VPS independently from other VPSs or the host system Multiple distributions of a package can be run on one and the same Linux box In fact hundreds of servers may be grouped together in this way Besides the evident advantages of such consolidation increased facility of administration and the like there are some you might not even have thought of say cutting down electricity bills by times OpenVZ p...

Страница 13: ...S has its own IP address multiple IP addresses per VPS are allowed Network traffic of a VPS is isolated from the other VPSs In other words Virtual Private Servers are protected from each other in the way that makes traffic snooping impossible Firewalling may be used inside a VPS the user can create rules limiting access to some services using the canonical iptables tool inside the VPS In other wor...

Страница 14: ... available Hardware Node resources among VPSs Guarantee Quality of Service QoS in accordance with a service level agreement SLA Provide performance and resource isolation and protect from denial of service attacks Simultaneously assign and control resources for a number of Virtual Private Servers etc Resource Management is much more important for OpenVZ than for a standalone computer since compute...

Страница 15: ...er Application Software Virtual Private Server OpenVZ Layer Figure 1 OpenVZ Technology This figure presumes that you have a number of physical servers united into a network In fact you may have only one dedicated server to effectively use OpenVZ for the needs of your network If you have more than one OpenVZ based physical server each one of the servers will have a similar architecture In OpenVZ te...

Страница 16: ...rnel However they are isolated from each other A Virtual Private Server is a kind of sandbox for processes and users Different Virtual Private Servers can run different versions of Linux for example SuSE 9 2 or Fedora Core 4 and many others Each VPS can run its own version of Linux In this case we say that a VPS is based on a certain OS template OS templates are packages shipped with OpenVZ Before...

Страница 17: ...e downloaded from the network repository to the Hardware Node and installed into a temporary VPS which is then packed into a gzipped tarball called the template cache The template cache is used for fast VPS provisioning basically it is a pre created VPS so all that is needed to create a VPS is to untar this file The template cache files are stored in the vz template cache directory Any template ca...

Страница 18: ...sconfig vz and VPS configuration files etc sysconfig vz scripts vpsid conf The global configuration file defines global and default parameters for VPS operation for example logging settings enabling and disabling disk quota for VPSs the default configuration file and OS template on the basis of which a new VPS is created and so on On the other hand a VPS configuration file defines the parameters f...

Страница 19: ...the recommendations below Use RAID storage for critical VPS private areas Do prefer hardware RAID but software mirroring RAID might suit too as a last resort Do not run software on the Hardware Node itself Create special Virtual Private Servers where you can host necessary services such as BIND FTPD HTTPD and so on On the Hardware Node itself you need only the SSH daemon Preferably it should accep...

Страница 20: ...20 Installing and Configuring Host Operating System on Hardware Node 23 Installing OpenVZ Software 27 Installation Requirements After deciding on the structure of your OpenVZ system you should make sure that all the Hardware Nodes where you are going to deploy OpenVZ for Linux meet the following system hardware and software and network requirements System Requirements This section focuses on the h...

Страница 21: ...re Virtual Private Servers you can run The exact figure depends on the number and nature of applications you are planning to run in your Virtual Private Servers However on the average at least 1 GB of RAM is recommended for every 20 30 Virtual Private Servers Disk space Each Virtual Private Server occupies 400 600 MB of hard disk space for system files in addition to the user data inside the Virtu...

Страница 22: ...nternet connection for the Hardware Node Valid IP address for the Hardware Node as well as other IP parameters default gateway network mask DNS configuration At least one valid IP address for each Virtual Private Server The total number of addresses should be no less than the planned number of Virtual Private Servers The addresses may be allocated in different IP networks If a firewall is deployed...

Страница 23: ...n Guide when installing the OS on your Hardware Node After the first several screens you will be presented with a screen specifying the installation type OpenVZ requires Server System to be installed therefore select Server at the dialog shown in the figure below Figure 2 Fedora Core Installation Choosing System Type It is not recommended to install extra packages on the Hardware Node itself due t...

Страница 24: ...ices In case of OpenVZ all your services shall run inside Virtual Private Servers Figure 3 Fedora Core Installation Choosing Manual Partitioning Create the following partitions on the Hardware Node Partition Description Typical size Root partition containing all Hardware Node operating system files 2 4 Gb swap Paging partition for the Linux operating system 2 times RAM vz Partition to host OpenVZ ...

Страница 25: ... OpenVZ based computers The root partition will host the operating system files The server set of Fedora Core 4 occupies approximately 1 GB of disk space so 1 GB is the minimal size of the root partition The size of the swap partition shall be two times the size of physical RAM installed on the Hardware Node The figure below presents a system with a 12 GB SCSI hard drive Figure 4 Fedora Core Insta...

Страница 26: ...ardware Node s IP address host name DNS and default gateway information If you are using DHCP make sure that it is properly configured If necessary consult your network administrator On the Firewall Configuration screen choose No firewall Option Enable SELinux should be set to Disabled Figure 5 Fedora Core Installation Disabling Firewall and SELinux After finishing the installation and rebooting y...

Страница 27: ... be removed Configuring Boot Loader In case you use the GRUB loader it will be configured automatically You should only make sure that the lines below are present in the boot grub grub conf file on the Node title Fedora Core 2 6 8 022stab029 1 root hd0 0 kernel vmlinuz 2 6 8 022stab029 1 ro root dev sda5 quiet rhgb initrd initrd 2 6 8 022stab029 1 img However we recommend that you configure this f...

Страница 28: ... all our interfaces to send redirects net ipv4 conf default send_redirects 1 net ipv4 conf all send_redirects 0 Please edit the file as described To apply the changes issue the following command sysctl p Alternatively the changes will be applied upon the following reboot It is also worth mentioning that normally you should have forwarding net ipv4 ip_forward turned on since the Hardware Node forwa...

Страница 29: ...it d vz start This will load all the needed OpenVZ kernel modules During the next reboot this script will be executed automatically Installing OS Templates Template or package set is a set of package files to be installed into a VPS Operating system templates are used to create new Virtual Private Servers with a pre installed operating system Therefore you are bound to download at least one OS tem...

Страница 30: ... also use one of the already pre cached OS templates available at http openvz org download template cache for the VPS creation To this effect you should download the corresponding OS template and place it to the vz template cache directory on the Node ...

Страница 31: ...tion guides you through the process of creating a Virtual Private Server We assume that you have successfully installed OpenVZ and at least one OS template If there are no OS templates installed on the Hardware Node turn to the Managing Templates chapter first Before you Begin Before you start creating a Virtual Private Server you should Check that the Hardware Node is visible on your network You ...

Страница 32: ...2 you use the range from 1001 to 2000 and so on This approach makes it easier to remember on which Hardware Node a Virtual Private Server has been created and eliminates the possibility of VPS ID conflicts when a Virtual Private Server migrates from one Hardware Node to another Another approach to assigning VPS IDs is to follow some pattern of VPS IP addresses Thus for example if you have a subnet...

Страница 33: ...vz scripts directory and have names with the following mask ve config_name conf sample The most commonly used sample is the ve vps basic conf sample file this sample file has resource control parameters suitable for most web site Virtual Private Servers Thus for example you can create a new VPS by typing the following string vzctl create 101 ostemplate fedora core 4 config vps basic Creating VPS p...

Страница 34: ...g Virtual Private Server network parameters Setting Virtual Private Server user passwords Configuring Quality of Service Service Level parameters For all these tasks the vzctl set command is used Using this command for setting VPS startup parameters network parameters and user passwords is explained later in this subsection Service Level Management configuration topics are dwelled upon in the Mana...

Страница 35: ...ag saves all the parameters to the VPS configuration file You can issue the above commands when the Virtual Private Server is running In this case if you do not want the applied values to persist you can omit the save option and the applied values will be valid only until the Virtual Private Server shutdown To check whether SSH is running inside the Virtual Private Server use vzctl exec which allo...

Страница 36: ... via SSH as root and administer it in the same way as you administer a standalone Linux computer install additional software add users set up services and so on The password will be set inside the VPS in the etc shadow file in an encrypted form and will not be stored in the VPS configuration file Therefore if you forget the password you have to reset it Note that userpasswd is the only option of t...

Страница 37: ... mounted and the VPS is running Alternatively you can make use of the vzlist utility vzlist 101 VPSID NPROC STATUS IP_ADDR HOSTNAME 101 20 running 10 0 186 101 test my org Still another way of getting the VPS status is checking the proc vz veinfo file This file lists all the Virtual Private Servers currently running on the Hardware Node Each line presents a running Virtual Private Server in the VP...

Страница 38: ... that you do not use the fast switch with healthy VPSs unless necessary as the forcible killing of VPS processes may be potentially dangerous The vzctl start and vzctl stop commands initiate the normal Linux OS startup or shutdown sequences inside the Virtual Private Server In case of a Red Hat like distribution System V initialization scripts will be executed just like on an ordinary computer You...

Страница 39: ...itch tells the vzlist utility to output both running and stopped VPSs By default only running VPSs are shown The default columns inform you of the VPS IDs the number of running processes inside VPSs their status IP addresses and hostnames This output may be customized as desired by using vzlist command line switches For example vzlist o veid diskinodes s s diskinodes s VPSID DQINODES S 1 400000 10...

Страница 40: ...roy command The example below illustrates destroying VPS 101 vzctl destroy 101 VPS is currently mounted umount first vzctl stop 101 Stopping VPS VPS was stopped VPS is unmounted vzctl destroy 101 Destroying VPS private area vz private 101 VPS private area was destroyed ls etc sysconfig vz scripts 101 etc sysconfig vz scripts 101 conf destroyed etc sysconfig vz scripts 101 mount destroyed etc sysco...

Страница 41: ...on below illustrates the situation when SSH daemon is not started vzctl exec 101 etc init d sshd status sshd is stopped vzctl exec 101 etc init d sshd start Starting sshd OK vzctl exec 101 etc init d sshd status sshd pid 26187 is running Now VPS users can log in to the VPS via SSH When executing commands inside a Virtual Private Server from shell scripts use the vzctl exec2 command It has the same...

Страница 42: ...ually not included into an OS template In This Chapter Template Lifecycle 42 Listing Templates 44 Working with VPS 45 Template Lifecycle A template cache is an OS template installed into a VPS and then packed into a gzipped tar archive This allows to speed up the creation of a new Virtual Private Server instead of installing all the packages comprising a Linux distribution vzctl just unpacks the a...

Страница 43: ...ernet it might be sped up using a snapshot of an already fetched repository for a given distribution Such snapshots are available from http openvz org download template repocache they are to be unpacked into the vz template directory Please note that this step is optional In case a template cache i e a tar archive already exists vzpkgcache tries to bring it up to date by applying the latest update...

Страница 44: ...available on the Hardware Node Note that some of them might not be cached yet To see only those templates that are cached and thus are ready to be used for creating a VPS use the cached flag with vzpkgls vzpkgls cached fedora core 4 Considering the previous output this means that the centos 4 template is just installed and is not cached yet Specifying a VPS number as a parameter this command print...

Страница 45: ...ollowing command vzyum 123 install mysql server Here vzyum will call the yum package manager and provide it with all the paths to the repositories suitable for the distribution installed into the VPS Yum will calculate the dependencies present you with a list of packages to install update remove based on what you have asked for and if confirmed run a transaction to actually perform all the needed ...

Страница 46: ...ntrols the resources available to a Virtual Private Server through a set of resource management parameters All these parameters are defined either in the OpenVZ global configuration file etc sysconfig vz or in the respective VPS configuration files etc sysconfig vz scripts VPSID conf or in both You can set them by manually editing the corresponding configuration files or by using the OpenVZ comman...

Страница 47: ...cachesize numiptent Managing System Parameters Managing Disk Quotas This section explains what disk quotas are defines disk quota parameters and describes how to perform disk quota related operations Turning on and off per VPS first level disk quotas Setting up first level disk quota parameters for a Virtual Private Server Turning on and off per user and per group second level disk quotas inside a...

Страница 48: ...ge changes during the VPS operation these statistics are not automatically synchronized with the quota file the file just gets the dirty flag They are synchronized only when the VPS is stopped or when the HN is shut down After synchronization the dirty flag is removed If the Hardware Node has been incorrectly brought down for example the power switch was hit the file remains dirty and the quota is...

Страница 49: ...ISK_QUOTA yes checking available space on vz partition df vz Filesystem 1k blocks Used Available Use Mounted on dev sda2 8957295 1421982 7023242 17 vz editing VPS configuration file to add DISK_QUOTA no vi etc sysconfig vz scripts 101 conf checking that quota is off for VPS 101 grep DISK_QUOTA etc sysconfig vz scripts 101 conf DISK_QUOTA no vzctl start 101 Starting VPS VPS is mounted Adding IP add...

Страница 50: ...rs have both soft and hard limits or simply barriers and limits The hard limit is the limit that cannot be exceeded under any circumstances The soft limit can be exceeded up to the hard limit but as soon as the grace period expires the additional disk space or inodes allocations will fail Barriers and limits are separated by colons in Virtual Private Server configuration files and in the command l...

Страница 51: ...limit these users will not be able to own files Enabling per user group quotas for a Virtual Private Server requires restarting the VPS The value for it should be carefully chosen the bigger value you set the bigger kernel memory overhead this Virtual Private Server creates This value must be greater than or equal to the number of entries in the VPS etc passwd and etc group files Taking into accou...

Страница 52: ...hard grace root 38218 50000 60000 45453 70000 70000 the rest of repquota output is skipped root ve101 root dd if dev zero of test dd writing to test Disk quota exceeded 23473 0 records in 23472 0 records out root ve101 root repquota a Report for user quotas on device dev simfs Block grace time 00 00 Inode grace time 00 00 Block limits File limits User used soft hard grace used soft hard grace root...

Страница 53: ... grace status 0 user 1k blocks 38220 50000 60000 loaded 0 user inodes 45453 70000 70000 loaded the rest is skipped The first three lines of the output show the status of first level disk quotas for the Virtual Private Server The rest of the output displays statistics for user group quotas and has separate lines for each user and group ID existing in the system If you do not need the second level q...

Страница 54: ...Private Servers and Hardware Node processes This number is calculated by OpenVZ with the help of a special algorithm The above example illustrates the situation when the Hardware Node is underused In other words the running Virtual Private Servers receive more CPU time than was guaranteed to them In the following example Virtual Private Server 102 is guaranteed to receive about 2 of the CPU time e...

Страница 55: ...mary parameters Parameter Description File avnumproc The average number of processes and threads V numproc The maximal number of processes and threads the VPS may create V numtcpsock The number of TCP sockets PF_INET family SOCK_STREAM type This parameter limits the number of TCP connections and thus the number of clients the server application can handle in parallel V numothersock The number of s...

Страница 56: ...ared among different applications is not included in this resource parameter V numfile The number of files opened by all VPS processes V numflock The number of file locks created by all VPS processes V numpty The number of pseudo terminals such as an ssh session the screen or xterm applications etc V numsiginfo The number of siginfo structures essentially this parameter limits the size of the sign...

Страница 57: ...76 132096 132096 0 numothersock 4 17 80 80 0 dcachesize 78952 108488 524288 548864 0 numfile 194 306 1280 1280 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 dummy 0 0 0 0 0 numiptent 0 0 128 128 0 The failcnt column displays the number of unsuccessful attempts to allocate a particular resource If this value increases after an application fails to start then the corresponding resource limit is in effect lower ...

Страница 58: ...tcprcvbuf unixsockbuf sockrcvbuf kmemsize do echo echo res usage for all VEs in MB cat proc user_beancounters grep res sed s digit g awk BEGIN cur max lim 0 cur 2 max 3 lim 5 END print held cur 1024 1024 max max 1024 1024 limit lim 1024 1024 done ...

Страница 59: ...maintain the same load and resource consumption level High utilization values in general more than 1 or 100 mean that the system is overloaded and the service level of the Virtual Private Servers is degraded Commitment level shows how much resources are promised to the existing Virtual Private Servers Low commitment levels mean that the system is capable of supporting more Virtual Private Servers ...

Страница 60: ...located in all Virtual Private Servers is only the estimation of how much physical memory will be used if all applications claim the allocated memory The memory available for allocation can be not only used the Alloc util column or promised the Alloc commit column but also limited applications will not be able to allocate more resources than is indicated in the Alloc limit column Managing VPS Reso...

Страница 61: ...m kmemsize bar should be 253952 currently 126391 Recommendation dgramrcvbuf bar should be 132096 currently 93622 Note that the configuration produced depends on the given Hardware Node resources Therefore it is important to validate the resulted configuration file before trying to use it which is done with the help of the vzcfgvalidate utility The number of Virtual Private Servers you can run on t...

Страница 62: ...sockbuf bar should ba 132096 currently 122880 Validation completed success The utility checks constraints on the resource management parameters and displays all the constraint violations found There can be three levels of violation severity Recommendation This is a suggestion which is not critical for Virtual Private Server or Hardware Node operations The configuration is valid in general however ...

Страница 63: ... Obtaining Hardware Node ID from Inside Virtual Private Server 65 Accessing Devices from Inside Virtual Private Server 66 Moving Network Adapter to Virtual Private Server 68 Enabling VPN for VPS 69 Loading iptables Modules 69 Creating Configuration File for New Linux Distribution 70 Rebooting Virtual Private Server 71 ...

Страница 64: ...ch other and could even break applications depending on the system time accuracy Normally only the Hardware Node system administrator can change the system time However if you want to synchronize the time via Network Time Protocol NTP you have to run NTP software which will connect to external NTP servers and update the system time It is not advisable to run application software on the Hardware No...

Страница 65: ...ection to ve101 closed date Tue Oct 29 13 01 31 EST 2002 The command session above shows the way to change the system time from Virtual Private Server 101 The changes will affect all the Virtual Private Servers and the Hardware Node itself It is not advisable to have more than one Virtual Private Server with the sys_time capability set on NTP is described in Internet Standard RFC 1305 more informa...

Страница 66: ...n the dev sdb device and create file systems on the first two partitions or use them with any software capable of working with raw block devices such as Oracle database software First we are going to grant the Virtual Private Server the permissions to work with the needed block devices vzctl set 101 devices b 8 16 rw devices b 8 17 rw devices b 8 18 rw save Setting devperms Saved parameters for VP...

Страница 67: ...ter the new partition table has been written you can format it and mount inside the Virtual Private Server root vps101 root mke2fs dev sdb2 Output of mke2fs is skipped root vps101 root mount dev sdb2 mnt root vps101 root df Filesystem 1k blocks Used Available Use Mounted on simfs 1048576 149916 898660 15 ext2 101107 13 95873 1 mnt Remember that you have to specify all minors for the devices you wa...

Страница 68: ...r VPSs on the Node If such a device is removed from the VPS by means of the vzctl set netdev_del command and added to another VPS instead all the network settings of this device are purged To work around this problem you should store all the device settings in the ifcfg dev file and have this file available in the etc sysconfig network scripts directory inside all the VPSs that may have access to ...

Страница 69: ...rw save Create the corresponding device inside the VPS and set the proper permissions vzctl exec 101 mkdir p dev net vzctl exec 101 mknod dev net tun c 10 200 vzctl exec 101 chmod 600 dev net tun Configuring the VPN proper is carried out as a common Linux administration task which is out of the scope of this guide Some popular Linux software for setting up a VPN over the TUN TAP driver includes Vi...

Страница 70: ... VPSs hosted on the given Node is determined by the value of the IPTABLES parameter in the etc sysconfig vz file Naturally those modules that constitute the value of this parameter will be loaded to VPSs only in case they are also loaded on the Hardware Node itself see page 70 This parameter can also be redefined both in VPS sample configuration files etc sysconfig vz scripts ve sample_name conf s...

Страница 71: ... inside a VPS the VPS is stopped and then started by a special script etc sysconfig vz scripts vpsreboot which is executed periodically every minute by default by the cron daemon Cron configuration to run the script is in the file etc cron d vpsreboot If you want a Virtual Private Server to be unable to initiate reboot itself add the ALLOWREBOOT no line to the Virtual Private Server configuration ...

Страница 72: ...blems that may occur during your work with OpenVZ and suggests the ways to solve them In This Chapter General Considerations 73 Kernel Troubleshooting 75 Problems With VPS Management 77 Problems With VPS Operation 79 Problems With Linux Utilities Functioning 79 Getting Technical Support 79 ...

Страница 73: ...hecked and quota recalculated for each VPS which dramatically increases the startup time Do not run any binary or script that belongs to a VPS directly from the Hardware Node for example do not ever do that cd vz root 99 etc init d httpd status Any script inside a VPS could have been changed to whatever the VPS owner chooses it could have been trojaned replaced to something like rm rf etc You can ...

Страница 74: ...ay be logs associated with running a mail server the maillog file automatic tasks the cron file and others However the first place to look into when you are troubleshooting is the var log messages log file It contains the boot messages when the system came up as well as other status messages as the system runs Errors with I O networking and other general system errors are reported in this file So ...

Страница 75: ...command The capital letters in the command names identify the sequence Thus if there are any troubles with the machine and you re about to reboot it please press the following sequences before pressing the Power button ALT SYSRQ M to dump memory info ALT SYSRQ P to dump processes states ALT SYSRQ S to sync disks ALT SYSRQ U to unmount all mounted filesystems ALT SYSRQ E to terminate processes ALT ...

Страница 76: ...multiport ipt_limit ipt_tos ipt_REJECT ip_tables May 24 15 12 07 ts13 CPU 0 VCPU 2147483647 0 May 24 15 12 07 ts13 EIP 0060 c01b4049 Not tainted May 24 15 12 07 ts13 EFLAGS 00010206 May 24 15 12 07 ts13 EIP is at proc_pid_stat 0x289 0x5b0 May 24 15 12 07 ts13 eax d0d48a70 ebx 00000000 ecx 00000000 edx c0128962 May 24 15 12 07 ts13 esi 00000000 edi c599fa70 ebp d93f2f34 esp d93f2e04 May 24 15 12 07...

Страница 77: ...N column for the process in question Then you should open tmp kernel dump in an editor find that number in the first column and then scroll backward to the first function name which can look like this c011e910 sys_nanosleep Then you can tell if the process lives or is blocked into the found function Problems with VPS Management This section includes recommendations on how to settle some problems w...

Страница 78: ...the VPS numeric identifier and addr represents an actual IP address Solution 3 Poor UBC parameters might prevent the VPS from starting Try to validate the VPS configuration see Validating Virtual Private Server Configuration on page 62 See what configuration parameters have caused the error and set appropriate values using the vzctl set save command Solution 4 The VPS might have used all its disk ...

Страница 79: ...set 101 save userpasswd root secret Solution 2 Check forwarding setting by issuing the command cat proc sys ipv4 conf venet0 forwarding If it is 0 then change it to 1 by issuing the command echo 1 proc sys ipv4 conf venet0 forwarding Problems with VPS Operation Timeout WhenAccessing Remote Hosts A host is unreachable by the OpenVZ Hardware Node or its Private Servers though it can be reached from ...

Страница 80: ...uccessfully accomplish its tasks you need to understand how to configure OpenVZ correctly This section explains what configuration parameters OpenVZ has and how they affect its behavior In This Chapter Configuring OpenVZ 81 OpenVZ Command Line Interface 91 ...

Страница 81: ... settings its resource management parameters location of private area IP address and so on etc sysconfig vz scripts ve name conf sample Sample files containing a number of default VPS configurations which may be used as a reference for VPS creation Following samples are shipped with OpenVZ light vps basic Also you may create your new samples customized for your own needs etc sysctl conf Kernel par...

Страница 82: ...e Server should be serialized since two simultaneous operations on the same Virtual Private Server may break its consistency OpenVZ keeps lock files in this directory in order to serialize access to one Virtual Private Server vz lock VE0CPUUNITS CPU weight designated for the Hardware Node itself 1000 Logging parameters affect the vzctl utility logging behavior Parameter Description Default value L...

Страница 83: ... parameters that can be overridden in VPS configuration file Parameter Description Default value VE_ROOT This is a path to the VPS root directory where private area is mounted vz root VEID VE_PRIVATE This is a path to the VPS private area OpenVZ implementation requires VE_PRIVATE reside within a single physical partition vz private VEID CONFIGFILE Default configuration file sample for VPS creation...

Страница 84: ...n system startup OpenVZ automatically starts all Virtual Private Servers that have this parameter set to yes upon startup ALLOWREBOOT Specifies whether VPS may be restarted with reboot command inside If omitted or set to yes reboot is allowed CAPABILITY Specifies capabilities inside of VPS Setting of following capabilities is allowed CHOWN AC_OVERRIDE AC_READ_SEARCH FOWNER FSETID KILL SETGID SETUI...

Страница 85: ... is omitted its value is considered as no CPUUNITS Guaranteed CPU power This is a positive integer number which determines the minimal guaranteed share of the CPU the Virtual Private Server receives The total CPU power in CPUUNITS is its Bogomips number multiplied by 25 OpenVZ reporting tools consider one 1 GHz PIII Intel processor to be approximately equivalent to 50 000 CPU units 250 1000 CPULIM...

Страница 86: ...f kernel memory is 16 50 Kb per process 798720 13148160 851968 14024704 TCPSNDBUF Total size of send buffers for TCP sockets amount of kernel memory allocated for data sent from application to TCP socket but not acknowledged by remote side yet 159744 5365760 262144 10458760 TCPRCVBUF Total size of receive buffers for TCP sockets Amount of kernel memory received from remote side but not read by loc...

Страница 87: ...ted NUMIPTENT The number of IP packet filtering entries 12 128 Network related parameters allow you to set bandwidth management parameters hostname and IP addresses that Virtual Private Server can use as well as to indicate those iptables modules that can be loaded to the VPS HOSTNAME If this parameter is specified then vzctl will set the hostname to its value upon the next VPS start This paramete...

Страница 88: ...PS is started or stopped For example if you want to be able to access the Host OS file system or part of it from VPS 101 then you can bind mount it inside the VPS manually from the Host OS However after you restart the VPS your mount disappears and you should manually type the mount command again OpenVZ allows you to automate procedures like the above by using OpenVZ action scripts There are six a...

Страница 89: ... vzctl will try to undo the action for the mount and start scripts In other words if the start script returns an error then vzctl will stop VPS and if one of the mount scripts fails then vzctl will dismount the VPS private area Please note that in this case vzctl will not execute the stop and umount scripts at all Caution When executing vzctl start both mount and start scripts run However if the s...

Страница 90: ...t i e vzctl with two additional variables VEID and VE_CONFFILE The first one holds the ID of the Virtual Private Server being mounted started stopped dismounted and the second one holds the full path to the VPS configuration file It is probably a bit redundant SWsoft introduced both variables for convenience You can use the following fragment of the code in bash scripts to get access to additional...

Страница 91: ...re Node and in VPSs vzpkgcache Create update a set of template caches vzrpm Simple rpm wrapper to use rpm with a particular VPS vzyum Yum wrapper to use yum with a particular VPS Supplementary tools perform a number of tasks and are used by other OpenVZ utilities vzdqcheck Print file space current usage from quota s point of view vzdqdump and vzdqload Utilities to dump the VPS user group quota lim...

Страница 92: ... Private Server status Displays a Virtual Private Server status set Used to set Virtual Private Server parameters including resource control settings location of private area VPS hostname IP addresses and VPS root user password enter Provides a way for hardware node administrator to enter a Virtual Private Server without knowing VPS root password Use this command with caution and never run it on u...

Страница 93: ...nVZ configuration file you will have to set resource control parameters for the VPS by using the vzctl set command before you are able to start the VPS private path Optional When used specifies path to the Virtual Private Server private area This option is used to override default path to private area from the etc sysconfig vz configuration file VE_PRIVATE variable The argument can contain VEID st...

Страница 94: ...cute custom scripts located in the etc sysconfig vz scripts directory namely in order of execution vpsid mount Optional Virtual Private Server mount script If it exists then it is executed immediately after mounting VPS private area If it exits with non zero status then vzctl dismounts VPS private area and returns the error vpsid start Optional Virtual Private Server start script If it exists then...

Страница 95: ...for vzctl stop unmounts the VPS private area automatically vzctl set This command is used for setting VPS parameters It has the following syntax vzctl set vpsid setting_name value save An optional save switch tells vzctl whether to save changes into the VPS configuration file etc sysconfig vz scripts vpsid conf Practically all VPS settings can be changed dynamically without the necessity of VPS re...

Страница 96: ...RIDE AC_READ_SEARCH CHOWN FOWNER FSETID IPC_LOCK IPC_OWNER KILL LEASE LINUX_IMMUTABLE MKNOD NET_ADMIN NET_BIND_SERVICE NET_BROADCAST NET_RAW SETGID SETPCAP SETUID SYS_ADMIN SYS_BOOT SYS_CHROOT SYS_MODULE SYS_NICE SYS_PACCT SYS_PTRACE SYS_RAWIO SYS_RESOURCE SYS_TIME SYS_TTY_CONFIG root path This setting does NOT move root mount point of your Virtual Private Server to a new path It simply overrides ...

Страница 97: ...CP connections and thus the number of clients the server application can handle in parallel In this version of OpenVZ the limit shall be set to the same value as the barrier numothersock bar lim Number of socket other than TCP Local UNIX domain sockets are used for communications inside the system UDP sockets are used for Domain Name Service DNS queries for example In this version of OpenVZ the li...

Страница 98: ... be set to the same value as the barrier numflock bar lim Number of file locks created by all VPS processes numpty bar lim Number of pseudo terminals For example ssh session screen xterm application consumes pseudo terminal resource In this version of OpenVZ the limit shall be set to the same value as the barrier numsiginfo bar lim Number of siginfo structures essentially this parameter limits siz...

Страница 99: ...ttings allow you to set the hostname the domain to search when a not fully qualified domain name is used the DNS server address and the IP addresses that Virtual Private Server can use as well as to indicate those iptables modules that can be loaded to the VPS hostname name Sets the hostname to the specified name ipadd addr Adds IP address to the list of IP addresses the Virtual Private Server can...

Страница 100: ...to a terminal As such you receive a shell prompt and are able to execute multiple commands as if you were logged in to the Virtual Private Server However be aware that vzctl enter is a potentially dangerous command if you have un trusted users inside the Virtual Private Server Your shell will have its file descriptors accessible for the VPS root in the proc filesystem and a malicious user could ru...

Страница 101: ...he parameters available to be used with the o option vzlist Output Parameters and Their Specifiers Almost any parameter that can be used after the o and s switches of the vzlist utility can be specified by the dot letter combination following the parameter and denoting one of the following things Specifier Description m The maximal registered usage of the corresponding resource by the given VPS b ...

Страница 102: ...emory pages used by several different VPSs mappings of shared libraries for example only a fraction of a page is charged to each VPS The sum of the physpages usage for all VPSs corresponds to the total number of pages used in the system by all accounted users vmguarpages m b l f VMGUARP Memory allocation guarantee in pages one page is 4 Kb Applications are guaranteed to be able to allocate memory ...

Страница 103: ...used for communications inside the system UDP sockets are used for Domain Name Service DNS queries for example dcachesize m b l f DCACHESIZE Total size in bytes of dentry and inode structures locked in memory Exists as a separate parameter to impose a limit causing file operations to sense memory shortage and return an error to applications protecting from excessive consumption of memory due to in...

Страница 104: ...t usage of the corresponding resource is shown by default vzquota This command is used to configure and see disk quota statistics for Virtual Private Servers vzquota is also used to turn on the possibility of using per user group quotas inside the VPS It allows you to configure per user or per group quota inside the Virtual Private Server as well vzctl uses vzquota internally to configure quotas a...

Страница 105: ...hould be counted For the init command you must specify all the limits as well as the file tree where you want to initialize the quota drop Forget about given quota ID dropping existent quota file on Turns on quota accounting on the specified quota ID off Turns off quota accounting on the specified quota ID setlimit Allows changing the quota limits for the running quota stat Shows quota statistics ...

Страница 106: ...erver n inode exptime time Required Expiration time for excess of the inode soft limit Time can be specified in two formats dd hh mm ss For example 30 30 seconds 12 00 12 minutes 20 15 11 00 20 days 15 hours 11 minutes xxA where A h H hour d D day w W week m M month y Y year For instance 7D 7 days 01w 1 week 3m 3 months p path Required Specifies the path to the Virtual Private Server private area ...

Страница 107: ...p quota will not be accounted The default value is 0 p path Required Specifies the path to the Virtual Private Server private area f This option forces recalculation of quota usage even if the quota file does not have dirty flag set on c quota_file Optional Specifies the file to write output of counted disk space and inodes as well as limits If omitted the default var vzquota quota vpsid file is u...

Страница 108: ... options are optional for the vzquota on command However at least one of these options or u ugid limit num must be specified These options are described in the vzquota init subsection c quota_file Optional Specifies the file to write output of counted disk space and inodes as well as limits If omitted the default var vzquota quota vpsid file is used ...

Страница 109: ...ce 1k blocks 113856 2097152 2097152 inodes 42539 200000 220000 User group quota on active Ugids loaded 33 total 33 limit 100 Ugid limit was exceeded no User group grace times and flags type block_exp_time inode_exp_time hex_flags user 0 group 0 User group objects type ID resource usage softlimit hardlimit grace status user 0 1k blocks 113672 0 0 loaded user 0 inodes 42422 0 0 loaded This output is...

Страница 110: ...mplate comprises Locations of network package repositories Scripts needed to be executed on various stages of template installation Public GPG key s needed to check signatures of packages Additional OpenVZ specific packages vzpkgls This utility lists templates installed on the Hardware Node or already installed into a particular VPS It has the following syntax vzpkgls c cached vzpkgls vpsid If you...

Страница 111: ...e s on the command line Normally you run vzpkgcache without any options However it understands the following options r remove osname Remove the cache for the templates specified in the command line osname This option requires an explicit list of templates i e there is no default action to remove all caches vzrpm This utility acts as a simple RPM wrapper to be used for a specific VPS It has the fol...

Страница 112: ...ely vzdqdump displays the corresponding values on the console screen and vzdqload gets the information from the standard input The syntax of the commands is the following vzdqdump general_options quota_id f c quota_file G U T vzdqload general_options quota_id c quota_file G U T The general options are described in the table below h Usage info V vzquota version info v Verbose mode q Quiet mode The ...

Страница 113: ...he command line v Display information for each VPS A Display absolute values in megabytes It is possible to use any of the available options both of them or to do without any options vzcalc This utility is used to calculate Virtual Private Server resource usage It has the following syntax vzcalc v vpsid This utility displays what part of Hardware Node resources Virtual Private Server vpsid is usin...

Страница 114: ...le_name as an argument to the config option of the vzctl create command If a sample with this name already exists the utility will output an error message and will not overwrite the existing configuration vzcfgvalidate This utility is used to check resource management parameters consistency in the Virtual Private Server configuration file It has the following syntax vzcfgvalidate vps_config_file T...

Страница 115: ...tem See also Template Package set is a synonym for Template Private area is a part of the file system where VPS files that are not shared with other Virtual Private Servers are stored siginfo structure or just siginfo is a block of information about signal generation If a process catches a signal it may receive siginfo telling why the system generated that signal If a process monitors its children...

Страница 116: ... configuration files its own applications system libraries and so on Virtual Private Servers share one Hardware Node and one OS kernel However they are isolated from each other Virtual Private Server is a kind of sandbox for processes and users Virtual Private Server 0 is used to designate the Hardware Node itself OpenVZ is a complete server automation and virtualization solution allowing you to c...

Страница 117: ...Hardware Node 23 Creating and Configuring New Virtual Private Server 31 Installing OpenVZ Software 27 Creating and Installing Application Templates 45 Installing OS Templates 29 K Creating Virtual Private Server 33 Kernel Troubleshooting 75 D L Deleting Virtual Private Server 40 Determining VPS ID by Process ID 64 Listing Templates 44 Disk Partitioning 24 Listing Virtual Private Servers 39 Disk Qu...

Страница 118: ...rview 88 vzcalc 113 vzcfgvalidate 114 P vzcpucheck 113 vzctl 92 Preface 7 vzctl create 93 Problems With VPS Management 77 vzctl destroy 94 Problems With VPS Operation 79 vzctl exec vzctl exec2 and vzctl enter 100 R vzctl mount and vzctl umount 95 vzctl set 95 Rebooting Virtual Private Server 71 vzctl start vzctl stop vzctl restart and vzctl status 94 Reference 80 Resource Management 14 vzdqcheck 1...

Страница 119: ...Index 119 W What are Disk Quotas 48 What are Resource Control Parameters 46 What is OpenVZ 11 Who Should Read This Guide 7 ...

Отзывы:

Нет отзывов