Linux-VServer - User contributions [en]

VServer Hosting

2010-11-20T19:44:31Z

Gebura:

Here is a list of '''Companies''' utilizing '''Linux-VServer''' technology '''for Hosting'''...

{| class="wikitable" style="width: 97%"
! style="width: 25%" | Company
! rowspan="2" | Description
|-
| Location
|-

! [http://www.gigatux.com GigaTux ]
| [https://www.gigatux.com/virtual.php Virtual Private Servers]
* Linux VPSs based in Maidenhead, near London, UK
* Offers Debian Etch 2.6.18 Xen and Vserver kernel as a standard install option
* Also allows users to use custom kernels
* Users have commented on the stability of the Etch VServer kernel
|-
| Location - United Kingdom
|-

! [http://www.lvpshosting.com LVPSHosting Europe ]

| [https://www.lvpshosting.com/vpshosting.html Virtual Private Server ]
* Cluster systems in Rotterdam, Netherlands
* Virtual Private Servers
*NEW - cPanel to all VPS packages can be added
* CentOS 4, CentOS 5, Fedora 10, Fedora 11, Fedora 12, Fedora 13, Ubuntu 8.04 LTS, Ubuntu 9.04, Debian Etch, Debian Lenny
* We have VPS starting from $18.85 (the cheapest you will get)
* Use Code 55CUT (at checkout) to get 55% less for your first month.
* Everything from mainstream adult allow, monitoring systems Nagios and Cacti, application hosting, blog hosting
* Costume VPS's available
|-

|-
| Location - Europe - Netherlands
|-
! [http://www.danec.net DANEC Germany]
Virtual Server Cluster Services
| [https://www.danec.net/customer DANEC Orderpanel]
* Cluster systems in Nuremberg and Frankfurt
* KVM and OpenVZ systems avaiable
* Virtual PBX systems
* Debian, CentOS and Unbutu avaiable

* We have expanded our CoLocation services with
* VPS servers avaiable from 5 euro per month
|-
|-
! [http://rentahost.ch Switzerland]
Virtual Cluster Hosting
| [http://rentahost.ch rentAhost.ch]
* fully virtualized environment
* Build upon our own hardware production
* Using our wonderfull stable Linux Distribution [http://weblinux.ch WebLinux]

* We offer specialized and stable Linux VServer Solutions
* flexible on its most, if needed, stable as rock

* [http://prounix.ch proUnix.ch] - Consultant - Borovcnik Peter
|-
|-
! [http://www.dreamhostps.com/ DreamHost P.S.]
| rowspan=2 |
* Debian servers
* Guaranteed CPU and RAM availability
* Web-based account administration
* On-the-fly web-based VServer configuration tools
|-
| Los Angeles, California, USA
|-
! [http://www.wessexnetworks.com Wessex Networks]
| rowspan=2 |
* Linux VServer Dedicated Managed Virtual Servers
* Debian-based / dedicated IP address
* RAID Storage, Additional Backup, 100Mbit Burst
* Host servers at [http://www.telecityredbus.com/uk/manchester Telecity Redbus Manchester]
|-
| United Kingdom
|-
! [http://www.datakompaniet.no DataKompaniet]
| rowspan=2 |
* We offer affordable Linux VServers on a 100Mbit fiber Internet connection
* Gentoo based / firewalled / 2.6 kernel / private or (optional) public IP
* VServers have been offered since 2004
* Host servers are RAID5 equipped, and have historically had extremly good uptimes
* Host servers are located in a professional server room, in the same building as Uninett Norid (Norway's TLD (.no) Registry)
|-
| Norway
|-
! [http://lylix.net LYLIX]
VPS Hosting
| rowspan=2 |
* Virtual private servers based on '''2.6 kernel and 2.2.0 VServer'''.
* Several different userlands are available in 32 and 64 bit, including '''Gentoo, Debian, Slackware, Fedora Core, CentOS, Arch Linux, OpenSuSE'''.
* Custom images also accepted!
* '''Asterisk PBX and Trixbox supported''', including Meetme, MOH, and IAX.
* '''Three regional datacenter locations''': Northeast, West, and South USA.
* Each primary host backed by secondary host via '''high-availability data replication''' for emergency recovery
* '''"Dedicated" VPS service''' available for guaranteed minimum CPU
* Comprehensive customer portal w/ VPS management and statistics
|-
| United States of America
|-
! [http://www.sns.ro SNS]
System & Network Solutions
| rowspan=2 |
* We are using vservers in most of our setups and on hundreds of servers that offer public services - such as web, mail, dns, sql.
* We also do local evangelisation for the project (just because it kicks ass).
|-
| Romania
|-
! [http://netflow.ru Sky Media]
| rowspan=2 |
|-
| Russia
|-
! [http://acewebhosting.com Ace WebHosting]
| rowspan=2 |
* We provide affordable virtual private servers. We also use vservers for shared hosting.
|-
|
|-
! [http://www.tpg.com.au TPG Internet]
| rowspan=2 |
* Currently using vservers for providing Gaming services.
|-
| Australia
|-
! [http://www.expio.co.nz EXPIO Communications]
| rowspan=2 |
* Specialising in Linux Virtual Server hosting solutions.
* Running the FreeVPS platform, which is based on linux-vserver, integrated with H-Sphere control panel.
* Providing virtual server hosting since 1998.
|-
| New Zealand
|-
! [http://www.hostix.it HostiX]
| rowspan=2 |
* Italian hosting provider has been offering the service since the early versions of vserver.
* Currenly using the stable version but has beta program for the new 2.6 kernels.
* High availability vservers on request too.
|-
| Italy
|-
! [http://www.virtualinfrastructure.nl Virtualinfrastructure.nl]
| rowspan=2 |
* Dutch consultancy and development company LinIT Technologies started a site about Linux vserver technology, also offering consultancy and support for Vserver.
|-
| The Netherlands
|-
! [http://www.virtuaserver.com.br VirtuaServer]
| rowspan=2 |
* Affordable virtual private servers in Brazil.
* The first company in Brazil to introduce vserver hosting.
* We offer our customers an exclusive control panel which allows them to monitor their servers, easily setup firewall rules and backup their data.
* Running kernel 2.6 and hosting Debian, Fedora, Mandrake, Slackware, Conectiva and CentOS virtual servers.
|-
| Brazil
|-
! [http://www.neoisis.net www.neoisis.net]
| rowspan=2 |
* Internet service infrastructure and hosting: domain names, web sites, email systems, virtual servers. Bulk delivery for resellers. Custom-made solutions developed in cooperation with the client.
* Planning and strategy for ICT organization and leadership.
* Research and analysis.
* Tailored systems and programming services. Functional analysis, testing, debugging.
* Usability.
* General ICT consulting.
* Linux-VServer -based virtual servers available with several different distributions.
|-
| Finland
|-
! [http://www.prosite.de/v_server/virtual_server_uebersicht.html Prosite V-Server]
| rowspan=2 |
* High performance v servers on systems with constant performance monitoring
* Leistungsfähige virtuelle Server mit ständiger Performance-Überwachung
* Guaranteed and scalable CPU and RAM use
* Web-based and automated v server administration
* Online web-based VServer configuration tools (image setup, Backup, Rescue)
|-
| Germany
|-
! [http://webhosting.lycos.co.uk/expert/comparevds/ Lycos Europe]
| rowspan=2 |
* active cooperation with VServer project since 2004
* High performance and quality VDS Solutions based on Linux-VServer Technology
* low prices and free trials
* Web Administration panel to monitor and use main functions of your Vserver
* Control Panel to monitor your account data etc.
* Hosted in professional certified datacenter in Germany
|-
| Germany
|-
! [http://www.v-server.cz/ FinalTek.com]
| rowspan=2 |
* Linux kernel 2.6 based vservers / Dual Intel P4 or Xeon platform.
* Providing payed vserver hosting. Starting from 9 EUR per month.
* Distributions: Debian, Centos, Redhat, Fedora, Ubuntu and others on demand.
* Start specs: 400MHz CPU, 192MB RAM, 5GB HDD space, unlimited traffic.
|-
| Germany
|-
! [http://www.greatnet.de/cms/front_content.php?idcat=5 Greatnet VServer]
| rowspan=2 |
* Linux V-Server from Greatnet with Controlpanel (Confixx) included
* Virtual Server start 5,99 Euro each month
* Distributions: Debian, Centos, Gentoo, Fedora, Ubuntu, OpenSuse, Slackware
* Controlpanel (rescue, reinstall, reboot, bandwith usage and many more)
|-
| Czech Republic
|-
! [http://www.vserver-hosting.cz/ vServer-Hosting.cz]
| rowspan=2 |
* Linux kernel 2.6
* Intel Xeon platform
* Distributions: Debian, Ubuntu and others
* Unlimited traffic
|-
| Czech Republic
|-
! [http://www.ikse.net Ikse]
| rowspan=2 |
* Ikse provide Virtual Dedicated Server on Debian and Fedora Core, empty, or with a free 'hosting pack'.
* Convert your existing "real Linux server" to Ikse Virtual Dedicated Server is also possible.
|-
| France
|-
! [http://www.odsol.com ODSOL Premium Web Hosting]
| rowspan=2 |
* We specialise in [http://www.odsol.com ecommerce hosting] using virtual private server technology.
* We offer both Linux-vserver [http://www.odsol.com/virtual_private_server/ virtual dedicated server] and Virtuozzo based [http://www.odsol.com/virtual_private_server/ virtual private server], Cpanel and DirectAdmin control panel included.
|-
|
|-
! [http://www.ip-cracks.ch ip-cracks GmbH]
| rowspan=2 |
* We offer Linux-VServers in different flavours to our customers. The product range starts with the Sandbox Private for residential customers up to the Sandbox Pro for business customers with high expectations. We have a set of new products in the queue which have a strong focus for the small and medium business companies as for an example a centralised DMS. Many services are based on the Linux-vServer technology.
|-
| Switzerland
|-
! [http://www.acox.de/ ACOX Corporation]
| rowspan=2 |
* ACOX Corporation offers low-cost virtual servers based on the linux-vserver.org project.
|-
| Germany
|-
! [http://www.winprofi.de/ WINPROFI]
| rowspan=2 |
* WINPROFI offers cheap virtual servers situated in Munich, Germany.
|-
| Germany
|-
! [http://www.studio-51.net/ Studio 51]
Internet Solutions
| rowspan=2 |
* Studio 51 offers virtual servers based on the linux-vserver.org project.
|-
|
|-
! [http://www.conexim.com.au/ Conexim web hosting]
| rowspan=2 |
* Australian quality hosting company offering general hosting, virtual-servers and dedicated, managed hosting services.
|-
| Australia
|-
! [http://www.liquidweb.com Liquid Web Inc.]
| rowspan=2 |
* Liquid Web uses linux-vserver to offer CPanel based hosting services.
* We service hundreds of clients running linux-vserver in our Datacenter located in Lansing, Michigan (USA.)
|-
|
|-
! [http://www.electronicbox.net Electronicbox Communications]
| rowspan=2 |
* We are using Linux-VServer since 2001 and have test it under high load for mission critical services and Linux-VServer was definitively the best software.
* We are providing secure environment with vserver to companies around the world who look for always online servers.
* This is very important for us to have a good software who can process the high load of data we are having daily on the network.
|-
|
|-
! [http://www.openhosting.com/ OpenHosting, Inc.]
| rowspan=2 |
* Inexpensive VServer-based Virtual Servers.
* Sponsors of the [http://www.openvps.org/ OpenVPS] project.
* Now using kernel 2.6 and vserver 1.9.x!
|-
|
|-
! [http://www.dievo.org/ Digital Evolution]
(wargames.unix.se)
| rowspan=2 |
* Digital Evolution is the largest wargaming-site on the net, content-wise.
* We use vserver for all wargames (more than a dozen right now) and all other services as well.
* The stability, ease of use and performance is unrivaled, migrating our servers to vserver is most definately one of the best decisions we've ever made. It happily serves all people (who, after all, try to break our security) logged in on our shellbased wargames and shells out hunderedes of thousands connections to other services each day.
|-
| Sweden
|-
! [http://www.nine.ch/ Nine Internet Solutions AG]
| rowspan=2 |
* Offering VServers to customers
* We provide [http://nine.ch/vserver/ vServer] with own IP adress. Optionally you can choose between OpenSUSE, Fedora, Ubuntu, Gentoo or CentOS and 32bit.
* On request we install LAMP with Apache, MySQL and PHP as well as ispCP as control panel.
* 70 Dual-Xeon machines with several GB RAM running with Debian Lenny 64bit and linux-vserver-kernel.
* We use VServer as an alternative between the shared webhosting and (managed) dedicated server.
|-
| Switzerland
|-
! [http://vps.at clusterhosting mit system]
| rowspan=2 |
* highavailable vps-servers on cluster
* linux solutions - system, analyse & programming
* docu & infos: http://vps.at
* running 3 machines ( Poweredge 4x400 / 4 gb Ram )
* #-> Linux pe-6300-3 2.6.18-1.2849.fc6.vs2.0.2.1 SMP
|-
| Austria
|-
! [http://AcornHosting.net Acorn Hosting]
| rowspan=2 |
* Running 6 machines (Mostly P4 2GHz) with vservers, various kernel versions. Since Jul '02.
* Customers love vservers because they can run any software version in them, instead of getting stuck with mychoices.
|-
|
|-
! [http://www.tu-braunschweig.de/rz/services/sys/divdienst/vserver TU Braunschweig]
Rechenzentrum
| rowspan=2 |
* Running two machines, mainly webserver for customers from inside the university.
* One additional machine for a number of services i refuse to run on standalone machines because it is wasted cpu-power.
* One machine for various tests and future developements.
|-
| Germany
|
|-
! [http://www.lunarix.de LUNARIX]
| rowspan=2 |
* LUNARIX offers high quality hosting, including:
* Colocation, Dedicated Server, Tower Housing, 19" Housing, Webhosting, vServer, Webspace, Gameserver, Domains.
* We also setup / implement HA (high availability) cluster and load-balacing solutions.
|-
|
|-
! [http://www.wwip.de W)W)ip High Quality Network]
| rowspan=2 |
* Offering VServers to customers
* Offering PBVSC PHP Based Interface to administrate the vservers - PBVSC is back!
* Running since Nov. 2003 stable (Various versions, first we started with vs1.0 now we have 1.22 and kernel 2.4.24 running stable)
* We use VServer too as an alternative between the shared webhosting and serverhousing or rent dedicated server. Customers need a flexible and stable server surroundings and vserver from this projekt is the best we seen out there. Support and community plays hand in hand, not as any commercial products out there. Any other system servers are now in his own vserver on only one big server and it works great. Lower costs on server and therefore lower IT costing. Our IT leader and IT employee in private surroundings, test and use vserver with enthusiasm ;)
|-
| Germany
|-
! [http://www.traffic4all.com Traffic4All.com]
| rowspan=2 |
* Offering VServers to customers
* Server: AMD Athlon(tm) XP 2800+ - 1,5 GB DDR Ram
* Linux t4a3 2.4.23-vs1.22 #12 Thu Jan 1 16:11:12 CET 2004 i686 AMD Athlon(tm) XP 2800+ AuthenticAMD GNU/Linux
|-
|
|-
! [http://www.infoteck.qc.ca Infoteck Internet]
| rowspan=2 |
* Offering VServers to customers
* Servers: Multiple HP LH4 (4 x XEON) and LH6000 (6 x XEON) w/ 4Gb RAM per servers.
* 1.2Tb of shared storage (RAID50)
* Backbone: 2 x 100Mbps backbone (Dual homing/BGP)
|-
| Turkey
|-
! [http://www.natro.com Natro Web Hosting Services]
| rowspan=2 |
* Offering secure Virtual Dedicated Server environments on Debian & Ubuntu hosts with several choices of guests including control panel integration
* Also providing linux hosting services on linux-vserver powered servers
* Clustering of mission critical services
|-
|
|-
! [http://www.omnis.com.tr Omnis Internet Services]
| rowspan=2 |
* We use it on our hosting servers, it gives extra security and managment for us.
* It is life saver product.
|-
|
|-
! [http://www.zylon.net/ Zylon Internet Services]
| rowspan=2 |
* We use it on our hosting servers to provide an extra layer of security for our customers.
* We do not provide full vservers, we only provide 'standard' webhosting facilities.
|-
|
|-
! [http://www.isp4p.net ISP4P]
| rowspan=2 |
* see also http://www.isp4player.net
* Allround ISP 4 Professionals
* Dedicated Server, Tower Housing, 19" Housing, Webhosting, vServer, vServer Reselling, Domains
|-
|
|-
! [http://www.rootbash.com Nauck IT KG]
(rootbash.com)
| rowspan=2 |
|-
| Germany
|-
! [http://www.star-hosting.de Star-Hosting]
| rowspan=2 |
* see also http://www.vserver4free.de
* Get dedicated Servers, vServers and many more services with a very high traffic-contingent!!
|-
| Germany
|-
! [http://www.planet-lab.org/ PlanetLab]
| rowspan=2 |
* PlanetLab is an open, globally distributed platform for developing, deploying and accessing planetary-scale network services.
* PlanetLab nodes support both short-term experiments and long-running network services.
* To date, more than 200 research projects at top academic institutions have used PlanetLab to experiment with such diverse topics as distributed storage, network mapping, peer-to-peer systems, distributed hash tables, and distributed query processing. See http://www.planet-lab.org/ for more details.
|-
|
|-
! [http://www.dsvr.co.uk/ Designer Servers Ltd]
| rowspan=2 |
* Offering effective Linux vserver-protected hosting to web professionals in the UK and beyond.
|-
| United Kingdom
|-
! [http://www.rosehosting.com Rose Web Services L.L.C.]
| rowspan=2 |
* Founded in April 2001, located in St. Louis, Missouri, USA, Rose Hosting provides all kinds of hosting solutions, including [http://www.rosehosting.com Linux VPS Hosting], based on Linux-VServer Technology.
|-
| USA
|-
! [http://sandino.net/ Sandino Networks]
| rowspan=2 |
* Offering VServers to customers
* Dual core servers hardened with GR Security
* Choice of different operating systems: Gentoo, CentOS, Debian, Ubuntu, Slackware, Fedora....
* Choice of different vserver sizes
|-
| México
|-
! [http://www.turnkeyinternet.net TurnKeyInternet.NET]
| rowspan=2 |
* Coast to Coast Datacenter replicated Linux Virtual Private Server packages that are fully mirrored providing 100% uptime.
* Packages include fully managed service and support.
|-
|
|-
! [http://vlinux.biz vlinux.biz]
| rowspan=2 |
* vservers with RAID1/QuadCore/8GB host (512MB guaranteed)
* multihomed location in germany with 4x 1 Gbit uplink.
* Starting with 11.90 EUR / month for a 40GB Raid1 disk, 100 GB traffic p.M. with Gbit Connection (1 IP)
* this ISP also offers a large variety of [http://www.smart-weblications.de/rootserver/ root servers] and also offers server homing.
|-
| Germany
|-
! [http://www.cityservers.net/ CityServers.Net]
Dedicated Servers
| rowspan=2 |
* Offering dedicated servers and economic Fedora vServers hosting to IT professionals in the EU.
* Packages include fully managed service and support.
|-
| Poland
|-
! [http://www.vps2go.com/ VPS2GO]
| rowspan=2 |
* Currenly using the stable version but will be upgraded to new 2.6 kernel + vs2.0 soon.
|-
| Japan
|-
! [http://www.net-lab.net net-lab]
vserver/web-hosting
| rowspan=2 |
* Currently run our first testing host on kernel 2.6 + vs2.0 is running. Server Location: Frankfurt, near DE-CIX.
* Commercial offer for vserver accounts soon available.
|-
| Germany
|-
! [http://www.stepping-stone.ch stepping stone GmbH]
| rowspan=2 |
* Our whole ISP infrastructure (Mail, Web, Directories, ...) is built upon the 2.0 vServer series on the 2.6 Linux kernel, running Gentoo Linux.
* We provide [http://www.stepping-stone.ch/en/products/vserver/linux-vserver-starter/ Gentoo and Debian vServers].
* iptables/netfilter rules are implemented free of charge on the carrier as part of our service.
* As a speciality, you can run [http://www.asterisk.org/ Asterisk] in our vServers!
* Furthermore we're specialized in providing high availability solutions in combination with [[Welcome_to_Linux-VServer.org|Linux VServer]] and [http://www.drbd.org/ DRBD].
|-
| Switzerland
|-
! [http://www.vroutix.com vRoutix]
| rowspan=2 |
* Offering kernel 2.6 Vservers in Argentina. Compaq Xeon/Sun Ultrasparc Servers (with Raid1).
* Very affordable prices.
* Starter: Very low price !
* Lite: Low end users
* Standard: small bussiness
* Pro: mid-size bussiness
* Control panel to monitor your vServer performance, processes, storage, traffic, account data, etc.
* vServers demo accounts for Free. Try out one of our vServers !!!.
* Now with iptables support inside your vServer !!!
|-
| Argentina
|-
! [http://www.mpexnetworks.de MPeXnetworks]
MPeX.net GmbH
| rowspan=2 |
* High performance virtual servers on RAID1 Hosts
* Leistungsfähige virtuelle Server für Ihr Unternehmen.
* MPeXnetworks is offering three vserver packets.
* Our systems have a low customer density, resulting in more power for everyone.
* Nagios monitoring and free e-mail notification is included.
* All VServer offers include a 30 day money-back-guarantee.
|-
| Berlin/Germany
|-
! [http://www.sentiensystems.com SentienSystems]
| rowspan=2 |
* High performance, quality, and secure Virtual Private Servers
* SentienSystems(.com/.net) proudly utilizes and promotes open source software such as Linux-VServer on the secure and performance-intensive Gentoo Linux platform.
|-
| Austin, Texas, USA
|-
! [http://new.pipni.cz/vindex.phtml PIPNI s.r.o]
| rowspan=2 |
* Linux 2.6 Vservers on Intel Xeon platform
* Providing free and payed vServer hosting. Freehosting has no guarantee, payed are guaranted.
* You can select from Slackware, Gentoo or Debian hosting.
* Freehosting specs: 333 MHz CPU, 128 MB RAM, 2 GB HDD space, 10 GB traffic.
|-
| Czech Republic
|-
! [http://www.croup.de croup.de]
crossmedia solutions
| rowspan=2 |
* We provide individual VServer installations for our customers in Germany using Gentoo Linux.
|-
| Germany
|-
! [http://hosting.media72.co.uk Media72 hosting]
| rowspan=2 |
* Red Hat Enterprise Linux solutions
* We provide custom hosting solutions starting from £2.08 a year. Virus and spam protection as standard on all accounts.

|-
| United Kingdom
|-
! [http://www.centrodedatos.com Centrodedatos]
Dedicated Servers / Colocation / Housing
| rowspan=2 |
* Dedicated Servers and Server Clusters based on Linux VServer. Totally personalized solutions.
* Servidores Dedicados y Clusters de Servidores basados en Linux VServer. Soluciones a medida.

|-
| Spain - Barcelona.
|-
! [http://www.condalis.es Condalis]
VPS and Shared Hosting
| rowspan=2 |
* Centos, Debian, Fedora, Gentoo, Mandrake, Redhat, Slackware, Suse, Ubuntu in your VPS Linux-VServer to web professionals in Spain.
* Centos 5 + WHM/Cpanel + RVSkin + Fantastico available for Hosting resellers!

|-
| Spain - Barcelona.
|-
! [http://www.upfrontsystems.co.za/hosting/ploneserver Upfront Systems]
| rowspan="2" |
* Servers in Germany and South Africa
* Debian stable hosts based on linux vserver
* Dedicated (but not limited to) Zope and Plone hosting

|-
| South Africa
|-
! [http://www.notjusthosting.com NotJustHosting]
NotJustHosting
| rowspan="2" |
* Servers in Germany
* Debian stable hosts based on linux vserver, individual solutions
* Fully managed and self-managed packages
* Ruby on Rails, Zope
|-
| Germany - Berlin
|-
! [http://vege.net/vserver vege.net GmbH]
web-hosting / vserver
| rowspan="2" |
* Linux VServer hosting including OpenVCP, DRBD, LVM snapshots
* Servers located in Germany
|-
| Germany - Bremen
|-

! [http://www.netcup.de/vserver/ netcup vServer]
| rowspan=2 |
* Guaranteed CPU and RAM availability
* Web-based account administration
* On-the-fly web-based VServer configuration tools
* Prepared Images with SysCP or Confixx
* Rescue-System
* Firewall
* Backup- / Snapshot-System (Backup / Restore per Click)
|-
| Germany - Karlsruhe
|-

! [http://www.vserver.si Vserver.si]
| rowspan="2" |
* Virtual Private Servers
* Managed Servers
* Hosting
* Domain registration
* Colocation

|-
| Slovenia
|-

! [http://www.alvotech.de/vserver/ Alvotech GmbH - vServer]
| rowspan=2 |
* Guaranteed RAM and CPU availability
* Fully Online administration
* On-the-fly web-based VServer configuration tools
* Prepared Images with Confixx
* Firewall
|-
| Germany - Düsseldorf
|-

! [http://www.topnetworks.de Topnetworks e.K.]
| [http://www.topnetworks.de/vserver.html Linux VServer]
* Linux Kernel 2.6 based vServers
* Fully Online administration
* Hosted in professional certified datacenter in Germany
* Distributions: Debian, Ubuntu, RedHat, Fedora Core, CentOS, Asterisk
* Firewall
* Providing payed vserver hosting. Starting from 1.99 EUR per month.
* Supported Linux VServer project since 2007
|-
| Germany - Düsseldorf
|-

! [http://www.toile-libre.org Toile-libre ! ]
| rowspan=2 |
* Non profit Organization offering Vservers with 256Mo of RAM, 10Go of Disk, 1 IPv4 address (IPv6 planned), a guaranteed part of the CPUs ...
* ... at free price (you decide how much you want/can pay) !
* Hosted by http://as48920.net in France ; Contact us by mail: contact@toile-libre.org ;
|-
| France
|-

|}

VServer Hosting

2010-11-20T19:42:37Z

Gebura:

Here is a list of '''Companies''' utilizing '''Linux-VServer''' technology '''for Hosting'''...

{| class="wikitable" style="width: 97%"
! style="width: 25%" | Company
! rowspan="2" | Description
|-
| Location
|-

! [http://www.gigatux.com GigaTux ]
| [https://www.gigatux.com/virtual.php Virtual Private Servers]
* Linux VPSs based in Maidenhead, near London, UK
* Offers Debian Etch 2.6.18 Xen and Vserver kernel as a standard install option
* Also allows users to use custom kernels
* Users have commented on the stability of the Etch VServer kernel
|-
| Location - United Kingdom
|-

! [http://www.lvpshosting.com LVPSHosting Europe ]

| [https://www.lvpshosting.com/vpshosting.html Virtual Private Server ]
* Cluster systems in Rotterdam, Netherlands
* Virtual Private Servers
*NEW - cPanel to all VPS packages can be added
* CentOS 4, CentOS 5, Fedora 10, Fedora 11, Fedora 12, Fedora 13, Ubuntu 8.04 LTS, Ubuntu 9.04, Debian Etch, Debian Lenny
* We have VPS starting from $18.85 (the cheapest you will get)
* Use Code 55CUT (at checkout) to get 55% less for your first month.
* Everything from mainstream adult allow, monitoring systems Nagios and Cacti, application hosting, blog hosting
* Costume VPS's available
|-

|-
| Location - Europe - Netherlands
|-
! [http://www.danec.net DANEC Germany]
Virtual Server Cluster Services
| [https://www.danec.net/customer DANEC Orderpanel]
* Cluster systems in Nuremberg and Frankfurt
* KVM and OpenVZ systems avaiable
* Virtual PBX systems
* Debian, CentOS and Unbutu avaiable

* We have expanded our CoLocation services with
* VPS servers avaiable from 5 euro per month
|-
|-
! [http://rentahost.ch Switzerland]
Virtual Cluster Hosting
| [http://rentahost.ch rentAhost.ch]
* fully virtualized environment
* Build upon our own hardware production
* Using our wonderfull stable Linux Distribution [http://weblinux.ch WebLinux]

* We offer specialized and stable Linux VServer Solutions
* flexible on its most, if needed, stable as rock

* [http://prounix.ch proUnix.ch] - Consultant - Borovcnik Peter
|-
|-
! [http://www.dreamhostps.com/ DreamHost P.S.]
| rowspan=2 |
* Debian servers
* Guaranteed CPU and RAM availability
* Web-based account administration
* On-the-fly web-based VServer configuration tools
|-
| Los Angeles, California, USA
|-
! [http://www.wessexnetworks.com Wessex Networks]
| rowspan=2 |
* Linux VServer Dedicated Managed Virtual Servers
* Debian-based / dedicated IP address
* RAID Storage, Additional Backup, 100Mbit Burst
* Host servers at [http://www.telecityredbus.com/uk/manchester Telecity Redbus Manchester]
|-
| United Kingdom
|-
! [http://www.datakompaniet.no DataKompaniet]
| rowspan=2 |
* We offer affordable Linux VServers on a 100Mbit fiber Internet connection
* Gentoo based / firewalled / 2.6 kernel / private or (optional) public IP
* VServers have been offered since 2004
* Host servers are RAID5 equipped, and have historically had extremly good uptimes
* Host servers are located in a professional server room, in the same building as Uninett Norid (Norway's TLD (.no) Registry)
|-
| Norway
|-
! [http://lylix.net LYLIX]
VPS Hosting
| rowspan=2 |
* Virtual private servers based on '''2.6 kernel and 2.2.0 VServer'''.
* Several different userlands are available in 32 and 64 bit, including '''Gentoo, Debian, Slackware, Fedora Core, CentOS, Arch Linux, OpenSuSE'''.
* Custom images also accepted!
* '''Asterisk PBX and Trixbox supported''', including Meetme, MOH, and IAX.
* '''Three regional datacenter locations''': Northeast, West, and South USA.
* Each primary host backed by secondary host via '''high-availability data replication''' for emergency recovery
* '''"Dedicated" VPS service''' available for guaranteed minimum CPU
* Comprehensive customer portal w/ VPS management and statistics
|-
| United States of America
|-
! [http://www.sns.ro SNS]
System & Network Solutions
| rowspan=2 |
* We are using vservers in most of our setups and on hundreds of servers that offer public services - such as web, mail, dns, sql.
* We also do local evangelisation for the project (just because it kicks ass).
|-
| Romania
|-
! [http://netflow.ru Sky Media]
| rowspan=2 |
|-
| Russia
|-
! [http://acewebhosting.com Ace WebHosting]
| rowspan=2 |
* We provide affordable virtual private servers. We also use vservers for shared hosting.
|-
|
|-
! [http://www.tpg.com.au TPG Internet]
| rowspan=2 |
* Currently using vservers for providing Gaming services.
|-
| Australia
|-
! [http://www.expio.co.nz EXPIO Communications]
| rowspan=2 |
* Specialising in Linux Virtual Server hosting solutions.
* Running the FreeVPS platform, which is based on linux-vserver, integrated with H-Sphere control panel.
* Providing virtual server hosting since 1998.
|-
| New Zealand
|-
! [http://www.hostix.it HostiX]
| rowspan=2 |
* Italian hosting provider has been offering the service since the early versions of vserver.
* Currenly using the stable version but has beta program for the new 2.6 kernels.
* High availability vservers on request too.
|-
| Italy
|-
! [http://www.virtualinfrastructure.nl Virtualinfrastructure.nl]
| rowspan=2 |
* Dutch consultancy and development company LinIT Technologies started a site about Linux vserver technology, also offering consultancy and support for Vserver.
|-
| The Netherlands
|-
! [http://www.virtuaserver.com.br VirtuaServer]
| rowspan=2 |
* Affordable virtual private servers in Brazil.
* The first company in Brazil to introduce vserver hosting.
* We offer our customers an exclusive control panel which allows them to monitor their servers, easily setup firewall rules and backup their data.
* Running kernel 2.6 and hosting Debian, Fedora, Mandrake, Slackware, Conectiva and CentOS virtual servers.
|-
| Brazil
|-
! [http://www.neoisis.net www.neoisis.net]
| rowspan=2 |
* Internet service infrastructure and hosting: domain names, web sites, email systems, virtual servers. Bulk delivery for resellers. Custom-made solutions developed in cooperation with the client.
* Planning and strategy for ICT organization and leadership.
* Research and analysis.
* Tailored systems and programming services. Functional analysis, testing, debugging.
* Usability.
* General ICT consulting.
* Linux-VServer -based virtual servers available with several different distributions.
|-
| Finland
|-
! [http://www.prosite.de/v_server/virtual_server_uebersicht.html Prosite V-Server]
| rowspan=2 |
* High performance v servers on systems with constant performance monitoring
* Leistungsfähige virtuelle Server mit ständiger Performance-Überwachung
* Guaranteed and scalable CPU and RAM use
* Web-based and automated v server administration
* Online web-based VServer configuration tools (image setup, Backup, Rescue)
|-
| Germany
|-
! [http://webhosting.lycos.co.uk/expert/comparevds/ Lycos Europe]
| rowspan=2 |
* active cooperation with VServer project since 2004
* High performance and quality VDS Solutions based on Linux-VServer Technology
* low prices and free trials
* Web Administration panel to monitor and use main functions of your Vserver
* Control Panel to monitor your account data etc.
* Hosted in professional certified datacenter in Germany
|-
| Germany
|-
! [http://www.v-server.cz/ FinalTek.com]
| rowspan=2 |
* Linux kernel 2.6 based vservers / Dual Intel P4 or Xeon platform.
* Providing payed vserver hosting. Starting from 9 EUR per month.
* Distributions: Debian, Centos, Redhat, Fedora, Ubuntu and others on demand.
* Start specs: 400MHz CPU, 192MB RAM, 5GB HDD space, unlimited traffic.
|-
| Germany
|-
! [http://www.greatnet.de/cms/front_content.php?idcat=5 Greatnet VServer]
| rowspan=2 |
* Linux V-Server from Greatnet with Controlpanel (Confixx) included
* Virtual Server start 5,99 Euro each month
* Distributions: Debian, Centos, Gentoo, Fedora, Ubuntu, OpenSuse, Slackware
* Controlpanel (rescue, reinstall, reboot, bandwith usage and many more)
|-
| Czech Republic
|-
! [http://www.vserver-hosting.cz/ vServer-Hosting.cz]
| rowspan=2 |
* Linux kernel 2.6
* Intel Xeon platform
* Distributions: Debian, Ubuntu and others
* Unlimited traffic
|-
| Czech Republic
|-
! [http://www.ikse.net Ikse]
| rowspan=2 |
* Ikse provide Virtual Dedicated Server on Debian and Fedora Core, empty, or with a free 'hosting pack'.
* Convert your existing "real Linux server" to Ikse Virtual Dedicated Server is also possible.
|-
| France
|-
! [http://www.odsol.com ODSOL Premium Web Hosting]
| rowspan=2 |
* We specialise in [http://www.odsol.com ecommerce hosting] using virtual private server technology.
* We offer both Linux-vserver [http://www.odsol.com/virtual_private_server/ virtual dedicated server] and Virtuozzo based [http://www.odsol.com/virtual_private_server/ virtual private server], Cpanel and DirectAdmin control panel included.
|-
|
|-
! [http://www.ip-cracks.ch ip-cracks GmbH]
| rowspan=2 |
* We offer Linux-VServers in different flavours to our customers. The product range starts with the Sandbox Private for residential customers up to the Sandbox Pro for business customers with high expectations. We have a set of new products in the queue which have a strong focus for the small and medium business companies as for an example a centralised DMS. Many services are based on the Linux-vServer technology.
|-
| Switzerland
|-
! [http://www.acox.de/ ACOX Corporation]
| rowspan=2 |
* ACOX Corporation offers low-cost virtual servers based on the linux-vserver.org project.
|-
| Germany
|-
! [http://www.winprofi.de/ WINPROFI]
| rowspan=2 |
* WINPROFI offers cheap virtual servers situated in Munich, Germany.
|-
| Germany
|-
! [http://www.studio-51.net/ Studio 51]
Internet Solutions
| rowspan=2 |
* Studio 51 offers virtual servers based on the linux-vserver.org project.
|-
|
|-
! [http://www.conexim.com.au/ Conexim web hosting]
| rowspan=2 |
* Australian quality hosting company offering general hosting, virtual-servers and dedicated, managed hosting services.
|-
| Australia
|-
! [http://www.liquidweb.com Liquid Web Inc.]
| rowspan=2 |
* Liquid Web uses linux-vserver to offer CPanel based hosting services.
* We service hundreds of clients running linux-vserver in our Datacenter located in Lansing, Michigan (USA.)
|-
|
|-
! [http://www.electronicbox.net Electronicbox Communications]
| rowspan=2 |
* We are using Linux-VServer since 2001 and have test it under high load for mission critical services and Linux-VServer was definitively the best software.
* We are providing secure environment with vserver to companies around the world who look for always online servers.
* This is very important for us to have a good software who can process the high load of data we are having daily on the network.
|-
|
|-
! [http://www.openhosting.com/ OpenHosting, Inc.]
| rowspan=2 |
* Inexpensive VServer-based Virtual Servers.
* Sponsors of the [http://www.openvps.org/ OpenVPS] project.
* Now using kernel 2.6 and vserver 1.9.x!
|-
|
|-
! [http://www.dievo.org/ Digital Evolution]
(wargames.unix.se)
| rowspan=2 |
* Digital Evolution is the largest wargaming-site on the net, content-wise.
* We use vserver for all wargames (more than a dozen right now) and all other services as well.
* The stability, ease of use and performance is unrivaled, migrating our servers to vserver is most definately one of the best decisions we've ever made. It happily serves all people (who, after all, try to break our security) logged in on our shellbased wargames and shells out hunderedes of thousands connections to other services each day.
|-
| Sweden
|-
! [http://www.nine.ch/ Nine Internet Solutions AG]
| rowspan=2 |
* Offering VServers to customers
* We provide [http://nine.ch/vserver/ vServer] with own IP adress. Optionally you can choose between OpenSUSE, Fedora, Ubuntu, Gentoo or CentOS and 32bit.
* On request we install LAMP with Apache, MySQL and PHP as well as ispCP as control panel.
* 70 Dual-Xeon machines with several GB RAM running with Debian Lenny 64bit and linux-vserver-kernel.
* We use VServer as an alternative between the shared webhosting and (managed) dedicated server.
|-
| Switzerland
|-
! [http://vps.at clusterhosting mit system]
| rowspan=2 |
* highavailable vps-servers on cluster
* linux solutions - system, analyse & programming
* docu & infos: http://vps.at
* running 3 machines ( Poweredge 4x400 / 4 gb Ram )
* #-> Linux pe-6300-3 2.6.18-1.2849.fc6.vs2.0.2.1 SMP
|-
| Austria
|-
! [http://AcornHosting.net Acorn Hosting]
| rowspan=2 |
* Running 6 machines (Mostly P4 2GHz) with vservers, various kernel versions. Since Jul '02.
* Customers love vservers because they can run any software version in them, instead of getting stuck with mychoices.
|-
|
|-
! [http://www.tu-braunschweig.de/rz/services/sys/divdienst/vserver TU Braunschweig]
Rechenzentrum
| rowspan=2 |
* Running two machines, mainly webserver for customers from inside the university.
* One additional machine for a number of services i refuse to run on standalone machines because it is wasted cpu-power.
* One machine for various tests and future developements.
|-
| Germany
|
|-
! [http://www.lunarix.de LUNARIX]
| rowspan=2 |
* LUNARIX offers high quality hosting, including:
* Colocation, Dedicated Server, Tower Housing, 19" Housing, Webhosting, vServer, Webspace, Gameserver, Domains.
* We also setup / implement HA (high availability) cluster and load-balacing solutions.
|-
|
|-
! [http://www.wwip.de W)W)ip High Quality Network]
| rowspan=2 |
* Offering VServers to customers
* Offering PBVSC PHP Based Interface to administrate the vservers - PBVSC is back!
* Running since Nov. 2003 stable (Various versions, first we started with vs1.0 now we have 1.22 and kernel 2.4.24 running stable)
* We use VServer too as an alternative between the shared webhosting and serverhousing or rent dedicated server. Customers need a flexible and stable server surroundings and vserver from this projekt is the best we seen out there. Support and community plays hand in hand, not as any commercial products out there. Any other system servers are now in his own vserver on only one big server and it works great. Lower costs on server and therefore lower IT costing. Our IT leader and IT employee in private surroundings, test and use vserver with enthusiasm ;)
|-
| Germany
|-
! [http://www.traffic4all.com Traffic4All.com]
| rowspan=2 |
* Offering VServers to customers
* Server: AMD Athlon(tm) XP 2800+ - 1,5 GB DDR Ram
* Linux t4a3 2.4.23-vs1.22 #12 Thu Jan 1 16:11:12 CET 2004 i686 AMD Athlon(tm) XP 2800+ AuthenticAMD GNU/Linux
|-
|
|-
! [http://www.infoteck.qc.ca Infoteck Internet]
| rowspan=2 |
* Offering VServers to customers
* Servers: Multiple HP LH4 (4 x XEON) and LH6000 (6 x XEON) w/ 4Gb RAM per servers.
* 1.2Tb of shared storage (RAID50)
* Backbone: 2 x 100Mbps backbone (Dual homing/BGP)
|-
| Turkey
|-
! [http://www.natro.com Natro Web Hosting Services]
| rowspan=2 |
* Offering secure Virtual Dedicated Server environments on Debian & Ubuntu hosts with several choices of guests including control panel integration
* Also providing linux hosting services on linux-vserver powered servers
* Clustering of mission critical services
|-
|
|-
! [http://www.omnis.com.tr Omnis Internet Services]
| rowspan=2 |
* We use it on our hosting servers, it gives extra security and managment for us.
* It is life saver product.
|-
|
|-
! [http://www.zylon.net/ Zylon Internet Services]
| rowspan=2 |
* We use it on our hosting servers to provide an extra layer of security for our customers.
* We do not provide full vservers, we only provide 'standard' webhosting facilities.
|-
|
|-
! [http://www.isp4p.net ISP4P]
| rowspan=2 |
* see also http://www.isp4player.net
* Allround ISP 4 Professionals
* Dedicated Server, Tower Housing, 19" Housing, Webhosting, vServer, vServer Reselling, Domains
|-
|
|-
! [http://www.rootbash.com Nauck IT KG]
(rootbash.com)
| rowspan=2 |
|-
| Germany
|-
! [http://www.star-hosting.de Star-Hosting]
| rowspan=2 |
* see also http://www.vserver4free.de
* Get dedicated Servers, vServers and many more services with a very high traffic-contingent!!
|-
| Germany
|-
! [http://www.planet-lab.org/ PlanetLab]
| rowspan=2 |
* PlanetLab is an open, globally distributed platform for developing, deploying and accessing planetary-scale network services.
* PlanetLab nodes support both short-term experiments and long-running network services.
* To date, more than 200 research projects at top academic institutions have used PlanetLab to experiment with such diverse topics as distributed storage, network mapping, peer-to-peer systems, distributed hash tables, and distributed query processing. See http://www.planet-lab.org/ for more details.
|-
|
|-
! [http://www.dsvr.co.uk/ Designer Servers Ltd]
| rowspan=2 |
* Offering effective Linux vserver-protected hosting to web professionals in the UK and beyond.
|-
| United Kingdom
|-
! [http://www.rosehosting.com Rose Web Services L.L.C.]
| rowspan=2 |
* Founded in April 2001, located in St. Louis, Missouri, USA, Rose Hosting provides all kinds of hosting solutions, including [http://www.rosehosting.com Linux VPS Hosting], based on Linux-VServer Technology.
|-
| USA
|-
! [http://sandino.net/ Sandino Networks]
| rowspan=2 |
* Offering VServers to customers
* Dual core servers hardened with GR Security
* Choice of different operating systems: Gentoo, CentOS, Debian, Ubuntu, Slackware, Fedora....
* Choice of different vserver sizes
|-
| México
|-
! [http://www.turnkeyinternet.net TurnKeyInternet.NET]
| rowspan=2 |
* Coast to Coast Datacenter replicated Linux Virtual Private Server packages that are fully mirrored providing 100% uptime.
* Packages include fully managed service and support.
|-
|
|-
! [http://vlinux.biz vlinux.biz]
| rowspan=2 |
* vservers with RAID1/QuadCore/8GB host (512MB guaranteed)
* multihomed location in germany with 4x 1 Gbit uplink.
* Starting with 11.90 EUR / month for a 40GB Raid1 disk, 100 GB traffic p.M. with Gbit Connection (1 IP)
* this ISP also offers a large variety of [http://www.smart-weblications.de/rootserver/ root servers] and also offers server homing.
|-
| Germany
|-
! [http://www.cityservers.net/ CityServers.Net]
Dedicated Servers
| rowspan=2 |
* Offering dedicated servers and economic Fedora vServers hosting to IT professionals in the EU.
* Packages include fully managed service and support.
|-
| Poland
|-
! [http://www.vps2go.com/ VPS2GO]
| rowspan=2 |
* Currenly using the stable version but will be upgraded to new 2.6 kernel + vs2.0 soon.
|-
| Japan
|-
! [http://www.net-lab.net net-lab]
vserver/web-hosting
| rowspan=2 |
* Currently run our first testing host on kernel 2.6 + vs2.0 is running. Server Location: Frankfurt, near DE-CIX.
* Commercial offer for vserver accounts soon available.
|-
| Germany
|-
! [http://www.stepping-stone.ch stepping stone GmbH]
| rowspan=2 |
* Our whole ISP infrastructure (Mail, Web, Directories, ...) is built upon the 2.0 vServer series on the 2.6 Linux kernel, running Gentoo Linux.
* We provide [http://www.stepping-stone.ch/en/products/vserver/linux-vserver-starter/ Gentoo and Debian vServers].
* iptables/netfilter rules are implemented free of charge on the carrier as part of our service.
* As a speciality, you can run [http://www.asterisk.org/ Asterisk] in our vServers!
* Furthermore we're specialized in providing high availability solutions in combination with [[Welcome_to_Linux-VServer.org|Linux VServer]] and [http://www.drbd.org/ DRBD].
|-
| Switzerland
|-
! [http://www.vroutix.com vRoutix]
| rowspan=2 |
* Offering kernel 2.6 Vservers in Argentina. Compaq Xeon/Sun Ultrasparc Servers (with Raid1).
* Very affordable prices.
* Starter: Very low price !
* Lite: Low end users
* Standard: small bussiness
* Pro: mid-size bussiness
* Control panel to monitor your vServer performance, processes, storage, traffic, account data, etc.
* vServers demo accounts for Free. Try out one of our vServers !!!.
* Now with iptables support inside your vServer !!!
|-
| Argentina
|-
! [http://www.mpexnetworks.de MPeXnetworks]
MPeX.net GmbH
| rowspan=2 |
* High performance virtual servers on RAID1 Hosts
* Leistungsfähige virtuelle Server für Ihr Unternehmen.
* MPeXnetworks is offering three vserver packets.
* Our systems have a low customer density, resulting in more power for everyone.
* Nagios monitoring and free e-mail notification is included.
* All VServer offers include a 30 day money-back-guarantee.
|-
| Berlin/Germany
|-
! [http://www.sentiensystems.com SentienSystems]
| rowspan=2 |
* High performance, quality, and secure Virtual Private Servers
* SentienSystems(.com/.net) proudly utilizes and promotes open source software such as Linux-VServer on the secure and performance-intensive Gentoo Linux platform.
|-
| Austin, Texas, USA
|-
! [http://new.pipni.cz/vindex.phtml PIPNI s.r.o]
| rowspan=2 |
* Linux 2.6 Vservers on Intel Xeon platform
* Providing free and payed vServer hosting. Freehosting has no guarantee, payed are guaranted.
* You can select from Slackware, Gentoo or Debian hosting.
* Freehosting specs: 333 MHz CPU, 128 MB RAM, 2 GB HDD space, 10 GB traffic.
|-
| Czech Republic
|-
! [http://www.croup.de croup.de]
crossmedia solutions
| rowspan=2 |
* We provide individual VServer installations for our customers in Germany using Gentoo Linux.
|-
| Germany
|-
! [http://hosting.media72.co.uk Media72 hosting]
| rowspan=2 |
* Red Hat Enterprise Linux solutions
* We provide custom hosting solutions starting from £2.08 a year. Virus and spam protection as standard on all accounts.

|-
| United Kingdom
|-
! [http://www.centrodedatos.com Centrodedatos]
Dedicated Servers / Colocation / Housing
| rowspan=2 |
* Dedicated Servers and Server Clusters based on Linux VServer. Totally personalized solutions.
* Servidores Dedicados y Clusters de Servidores basados en Linux VServer. Soluciones a medida.

|-
| Spain - Barcelona.
|-
! [http://www.condalis.es Condalis]
VPS and Shared Hosting
| rowspan=2 |
* Centos, Debian, Fedora, Gentoo, Mandrake, Redhat, Slackware, Suse, Ubuntu in your VPS Linux-VServer to web professionals in Spain.
* Centos 5 + WHM/Cpanel + RVSkin + Fantastico available for Hosting resellers!

|-
| Spain - Barcelona.
|-
! [http://www.upfrontsystems.co.za/hosting/ploneserver Upfront Systems]
| rowspan="2" |
* Servers in Germany and South Africa
* Debian stable hosts based on linux vserver
* Dedicated (but not limited to) Zope and Plone hosting

|-
| South Africa
|-
! [http://www.notjusthosting.com NotJustHosting]
NotJustHosting
| rowspan="2" |
* Servers in Germany
* Debian stable hosts based on linux vserver, individual solutions
* Fully managed and self-managed packages
* Ruby on Rails, Zope
|-
| Germany - Berlin
|-
! [http://vege.net/vserver vege.net GmbH]
web-hosting / vserver
| rowspan="2" |
* Linux VServer hosting including OpenVCP, DRBD, LVM snapshots
* Servers located in Germany
|-
| Germany - Bremen
|-

! [http://www.netcup.de/vserver/ netcup vServer]
| rowspan=2 |
* Guaranteed CPU and RAM availability
* Web-based account administration
* On-the-fly web-based VServer configuration tools
* Prepared Images with SysCP or Confixx
* Rescue-System
* Firewall
* Backup- / Snapshot-System (Backup / Restore per Click)
|-
| Germany - Karlsruhe
|-

! [http://www.vserver.si Vserver.si]
| rowspan="2" |
* Virtual Private Servers
* Managed Servers
* Hosting
* Domain registration
* Colocation

|-
| Slovenia
|-

! [http://www.alvotech.de/vserver/ Alvotech GmbH - vServer]
| rowspan=2 |
* Guaranteed RAM and CPU availability
* Fully Online administration
* On-the-fly web-based VServer configuration tools
* Prepared Images with Confixx
* Firewall
|-
| Germany - Düsseldorf
|-

! [http://www.topnetworks.de Topnetworks e.K.]
| [http://www.topnetworks.de/vserver.html Linux VServer]
* Linux Kernel 2.6 based vServers
* Fully Online administration
* Hosted in professional certified datacenter in Germany
* Distributions: Debian, Ubuntu, RedHat, Fedora Core, CentOS, Asterisk
* Firewall
* Providing payed vserver hosting. Starting from 1.99 EUR per month.
* Supported Linux VServer project since 2007
|-
| Germany - Düsseldorf
|-

! [http://www.toile-libre.org Toile-libre ! ]
| rowspan=2 |
* Vservers with 256Mo of RAM, 10Go of Disk, 1 IPv4 address (IPv6 planned), a guaranteed part of the CPUs ... at free price (you decide how much you want/can pay) !
* Hosted by http://as48920.net in France ; Contact us by mail: contact@toile-libre.org ;
|-
| France
|-

|}

VServer Hosting

2010-11-20T19:41:16Z

Gebura: added toile-libre.org vserver hosting.

Here is a list of '''Companies''' utilizing '''Linux-VServer''' technology '''for Hosting'''...

{| class="wikitable" style="width: 97%"
! style="width: 25%" | Company
! rowspan="2" | Description
|-
| Location
|-

! [http://www.gigatux.com GigaTux ]
| [https://www.gigatux.com/virtual.php Virtual Private Servers]
* Linux VPSs based in Maidenhead, near London, UK
* Offers Debian Etch 2.6.18 Xen and Vserver kernel as a standard install option
* Also allows users to use custom kernels
* Users have commented on the stability of the Etch VServer kernel
|-
| Location - United Kingdom
|-

! [http://www.lvpshosting.com LVPSHosting Europe ]

| [https://www.lvpshosting.com/vpshosting.html Virtual Private Server ]
* Cluster systems in Rotterdam, Netherlands
* Virtual Private Servers
*NEW - cPanel to all VPS packages can be added
* CentOS 4, CentOS 5, Fedora 10, Fedora 11, Fedora 12, Fedora 13, Ubuntu 8.04 LTS, Ubuntu 9.04, Debian Etch, Debian Lenny
* We have VPS starting from $18.85 (the cheapest you will get)
* Use Code 55CUT (at checkout) to get 55% less for your first month.
* Everything from mainstream adult allow, monitoring systems Nagios and Cacti, application hosting, blog hosting
* Costume VPS's available
|-

|-
| Location - Europe - Netherlands
|-
! [http://www.danec.net DANEC Germany]
Virtual Server Cluster Services
| [https://www.danec.net/customer DANEC Orderpanel]
* Cluster systems in Nuremberg and Frankfurt
* KVM and OpenVZ systems avaiable
* Virtual PBX systems
* Debian, CentOS and Unbutu avaiable

* We have expanded our CoLocation services with
* VPS servers avaiable from 5 euro per month
|-
|-
! [http://rentahost.ch Switzerland]
Virtual Cluster Hosting
| [http://rentahost.ch rentAhost.ch]
* fully virtualized environment
* Build upon our own hardware production
* Using our wonderfull stable Linux Distribution [http://weblinux.ch WebLinux]

* We offer specialized and stable Linux VServer Solutions
* flexible on its most, if needed, stable as rock

* [http://prounix.ch proUnix.ch] - Consultant - Borovcnik Peter
|-
|-
! [http://www.dreamhostps.com/ DreamHost P.S.]
| rowspan=2 |
* Debian servers
* Guaranteed CPU and RAM availability
* Web-based account administration
* On-the-fly web-based VServer configuration tools
|-
| Los Angeles, California, USA
|-
! [http://www.wessexnetworks.com Wessex Networks]
| rowspan=2 |
* Linux VServer Dedicated Managed Virtual Servers
* Debian-based / dedicated IP address
* RAID Storage, Additional Backup, 100Mbit Burst
* Host servers at [http://www.telecityredbus.com/uk/manchester Telecity Redbus Manchester]
|-
| United Kingdom
|-
! [http://www.datakompaniet.no DataKompaniet]
| rowspan=2 |
* We offer affordable Linux VServers on a 100Mbit fiber Internet connection
* Gentoo based / firewalled / 2.6 kernel / private or (optional) public IP
* VServers have been offered since 2004
* Host servers are RAID5 equipped, and have historically had extremly good uptimes
* Host servers are located in a professional server room, in the same building as Uninett Norid (Norway's TLD (.no) Registry)
|-
| Norway
|-
! [http://lylix.net LYLIX]
VPS Hosting
| rowspan=2 |
* Virtual private servers based on '''2.6 kernel and 2.2.0 VServer'''.
* Several different userlands are available in 32 and 64 bit, including '''Gentoo, Debian, Slackware, Fedora Core, CentOS, Arch Linux, OpenSuSE'''.
* Custom images also accepted!
* '''Asterisk PBX and Trixbox supported''', including Meetme, MOH, and IAX.
* '''Three regional datacenter locations''': Northeast, West, and South USA.
* Each primary host backed by secondary host via '''high-availability data replication''' for emergency recovery
* '''"Dedicated" VPS service''' available for guaranteed minimum CPU
* Comprehensive customer portal w/ VPS management and statistics
|-
| United States of America
|-
! [http://www.sns.ro SNS]
System & Network Solutions
| rowspan=2 |
* We are using vservers in most of our setups and on hundreds of servers that offer public services - such as web, mail, dns, sql.
* We also do local evangelisation for the project (just because it kicks ass).
|-
| Romania
|-
! [http://netflow.ru Sky Media]
| rowspan=2 |
|-
| Russia
|-
! [http://acewebhosting.com Ace WebHosting]
| rowspan=2 |
* We provide affordable virtual private servers. We also use vservers for shared hosting.
|-
|
|-
! [http://www.tpg.com.au TPG Internet]
| rowspan=2 |
* Currently using vservers for providing Gaming services.
|-
| Australia
|-
! [http://www.expio.co.nz EXPIO Communications]
| rowspan=2 |
* Specialising in Linux Virtual Server hosting solutions.
* Running the FreeVPS platform, which is based on linux-vserver, integrated with H-Sphere control panel.
* Providing virtual server hosting since 1998.
|-
| New Zealand
|-
! [http://www.hostix.it HostiX]
| rowspan=2 |
* Italian hosting provider has been offering the service since the early versions of vserver.
* Currenly using the stable version but has beta program for the new 2.6 kernels.
* High availability vservers on request too.
|-
| Italy
|-
! [http://www.virtualinfrastructure.nl Virtualinfrastructure.nl]
| rowspan=2 |
* Dutch consultancy and development company LinIT Technologies started a site about Linux vserver technology, also offering consultancy and support for Vserver.
|-
| The Netherlands
|-
! [http://www.virtuaserver.com.br VirtuaServer]
| rowspan=2 |
* Affordable virtual private servers in Brazil.
* The first company in Brazil to introduce vserver hosting.
* We offer our customers an exclusive control panel which allows them to monitor their servers, easily setup firewall rules and backup their data.
* Running kernel 2.6 and hosting Debian, Fedora, Mandrake, Slackware, Conectiva and CentOS virtual servers.
|-
| Brazil
|-
! [http://www.neoisis.net www.neoisis.net]
| rowspan=2 |
* Internet service infrastructure and hosting: domain names, web sites, email systems, virtual servers. Bulk delivery for resellers. Custom-made solutions developed in cooperation with the client.
* Planning and strategy for ICT organization and leadership.
* Research and analysis.
* Tailored systems and programming services. Functional analysis, testing, debugging.
* Usability.
* General ICT consulting.
* Linux-VServer -based virtual servers available with several different distributions.
|-
| Finland
|-
! [http://www.prosite.de/v_server/virtual_server_uebersicht.html Prosite V-Server]
| rowspan=2 |
* High performance v servers on systems with constant performance monitoring
* Leistungsfähige virtuelle Server mit ständiger Performance-Überwachung
* Guaranteed and scalable CPU and RAM use
* Web-based and automated v server administration
* Online web-based VServer configuration tools (image setup, Backup, Rescue)
|-
| Germany
|-
! [http://webhosting.lycos.co.uk/expert/comparevds/ Lycos Europe]
| rowspan=2 |
* active cooperation with VServer project since 2004
* High performance and quality VDS Solutions based on Linux-VServer Technology
* low prices and free trials
* Web Administration panel to monitor and use main functions of your Vserver
* Control Panel to monitor your account data etc.
* Hosted in professional certified datacenter in Germany
|-
| Germany
|-
! [http://www.v-server.cz/ FinalTek.com]
| rowspan=2 |
* Linux kernel 2.6 based vservers / Dual Intel P4 or Xeon platform.
* Providing payed vserver hosting. Starting from 9 EUR per month.
* Distributions: Debian, Centos, Redhat, Fedora, Ubuntu and others on demand.
* Start specs: 400MHz CPU, 192MB RAM, 5GB HDD space, unlimited traffic.
|-
| Germany
|-
! [http://www.greatnet.de/cms/front_content.php?idcat=5 Greatnet VServer]
| rowspan=2 |
* Linux V-Server from Greatnet with Controlpanel (Confixx) included
* Virtual Server start 5,99 Euro each month
* Distributions: Debian, Centos, Gentoo, Fedora, Ubuntu, OpenSuse, Slackware
* Controlpanel (rescue, reinstall, reboot, bandwith usage and many more)
|-
| Czech Republic
|-
! [http://www.vserver-hosting.cz/ vServer-Hosting.cz]
| rowspan=2 |
* Linux kernel 2.6
* Intel Xeon platform
* Distributions: Debian, Ubuntu and others
* Unlimited traffic
|-
| Czech Republic
|-
! [http://www.ikse.net Ikse]
| rowspan=2 |
* Ikse provide Virtual Dedicated Server on Debian and Fedora Core, empty, or with a free 'hosting pack'.
* Convert your existing "real Linux server" to Ikse Virtual Dedicated Server is also possible.
|-
| France
|-
! [http://www.odsol.com ODSOL Premium Web Hosting]
| rowspan=2 |
* We specialise in [http://www.odsol.com ecommerce hosting] using virtual private server technology.
* We offer both Linux-vserver [http://www.odsol.com/virtual_private_server/ virtual dedicated server] and Virtuozzo based [http://www.odsol.com/virtual_private_server/ virtual private server], Cpanel and DirectAdmin control panel included.
|-
|
|-
! [http://www.ip-cracks.ch ip-cracks GmbH]
| rowspan=2 |
* We offer Linux-VServers in different flavours to our customers. The product range starts with the Sandbox Private for residential customers up to the Sandbox Pro for business customers with high expectations. We have a set of new products in the queue which have a strong focus for the small and medium business companies as for an example a centralised DMS. Many services are based on the Linux-vServer technology.
|-
| Switzerland
|-
! [http://www.acox.de/ ACOX Corporation]
| rowspan=2 |
* ACOX Corporation offers low-cost virtual servers based on the linux-vserver.org project.
|-
| Germany
|-
! [http://www.winprofi.de/ WINPROFI]
| rowspan=2 |
* WINPROFI offers cheap virtual servers situated in Munich, Germany.
|-
| Germany
|-
! [http://www.studio-51.net/ Studio 51]
Internet Solutions
| rowspan=2 |
* Studio 51 offers virtual servers based on the linux-vserver.org project.
|-
|
|-
! [http://www.conexim.com.au/ Conexim web hosting]
| rowspan=2 |
* Australian quality hosting company offering general hosting, virtual-servers and dedicated, managed hosting services.
|-
| Australia
|-
! [http://www.liquidweb.com Liquid Web Inc.]
| rowspan=2 |
* Liquid Web uses linux-vserver to offer CPanel based hosting services.
* We service hundreds of clients running linux-vserver in our Datacenter located in Lansing, Michigan (USA.)
|-
|
|-
! [http://www.electronicbox.net Electronicbox Communications]
| rowspan=2 |
* We are using Linux-VServer since 2001 and have test it under high load for mission critical services and Linux-VServer was definitively the best software.
* We are providing secure environment with vserver to companies around the world who look for always online servers.
* This is very important for us to have a good software who can process the high load of data we are having daily on the network.
|-
|
|-
! [http://www.openhosting.com/ OpenHosting, Inc.]
| rowspan=2 |
* Inexpensive VServer-based Virtual Servers.
* Sponsors of the [http://www.openvps.org/ OpenVPS] project.
* Now using kernel 2.6 and vserver 1.9.x!
|-
|
|-
! [http://www.dievo.org/ Digital Evolution]
(wargames.unix.se)
| rowspan=2 |
* Digital Evolution is the largest wargaming-site on the net, content-wise.
* We use vserver for all wargames (more than a dozen right now) and all other services as well.
* The stability, ease of use and performance is unrivaled, migrating our servers to vserver is most definately one of the best decisions we've ever made. It happily serves all people (who, after all, try to break our security) logged in on our shellbased wargames and shells out hunderedes of thousands connections to other services each day.
|-
| Sweden
|-
! [http://www.nine.ch/ Nine Internet Solutions AG]
| rowspan=2 |
* Offering VServers to customers
* We provide [http://nine.ch/vserver/ vServer] with own IP adress. Optionally you can choose between OpenSUSE, Fedora, Ubuntu, Gentoo or CentOS and 32bit.
* On request we install LAMP with Apache, MySQL and PHP as well as ispCP as control panel.
* 70 Dual-Xeon machines with several GB RAM running with Debian Lenny 64bit and linux-vserver-kernel.
* We use VServer as an alternative between the shared webhosting and (managed) dedicated server.
|-
| Switzerland
|-
! [http://vps.at clusterhosting mit system]
| rowspan=2 |
* highavailable vps-servers on cluster
* linux solutions - system, analyse & programming
* docu & infos: http://vps.at
* running 3 machines ( Poweredge 4x400 / 4 gb Ram )
* #-> Linux pe-6300-3 2.6.18-1.2849.fc6.vs2.0.2.1 SMP
|-
| Austria
|-
! [http://AcornHosting.net Acorn Hosting]
| rowspan=2 |
* Running 6 machines (Mostly P4 2GHz) with vservers, various kernel versions. Since Jul '02.
* Customers love vservers because they can run any software version in them, instead of getting stuck with mychoices.
|-
|
|-
! [http://www.tu-braunschweig.de/rz/services/sys/divdienst/vserver TU Braunschweig]
Rechenzentrum
| rowspan=2 |
* Running two machines, mainly webserver for customers from inside the university.
* One additional machine for a number of services i refuse to run on standalone machines because it is wasted cpu-power.
* One machine for various tests and future developements.
|-
| Germany
|
|-
! [http://www.lunarix.de LUNARIX]
| rowspan=2 |
* LUNARIX offers high quality hosting, including:
* Colocation, Dedicated Server, Tower Housing, 19" Housing, Webhosting, vServer, Webspace, Gameserver, Domains.
* We also setup / implement HA (high availability) cluster and load-balacing solutions.
|-
|
|-
! [http://www.wwip.de W)W)ip High Quality Network]
| rowspan=2 |
* Offering VServers to customers
* Offering PBVSC PHP Based Interface to administrate the vservers - PBVSC is back!
* Running since Nov. 2003 stable (Various versions, first we started with vs1.0 now we have 1.22 and kernel 2.4.24 running stable)
* We use VServer too as an alternative between the shared webhosting and serverhousing or rent dedicated server. Customers need a flexible and stable server surroundings and vserver from this projekt is the best we seen out there. Support and community plays hand in hand, not as any commercial products out there. Any other system servers are now in his own vserver on only one big server and it works great. Lower costs on server and therefore lower IT costing. Our IT leader and IT employee in private surroundings, test and use vserver with enthusiasm ;)
|-
| Germany
|-
! [http://www.traffic4all.com Traffic4All.com]
| rowspan=2 |
* Offering VServers to customers
* Server: AMD Athlon(tm) XP 2800+ - 1,5 GB DDR Ram
* Linux t4a3 2.4.23-vs1.22 #12 Thu Jan 1 16:11:12 CET 2004 i686 AMD Athlon(tm) XP 2800+ AuthenticAMD GNU/Linux
|-
|
|-
! [http://www.infoteck.qc.ca Infoteck Internet]
| rowspan=2 |
* Offering VServers to customers
* Servers: Multiple HP LH4 (4 x XEON) and LH6000 (6 x XEON) w/ 4Gb RAM per servers.
* 1.2Tb of shared storage (RAID50)
* Backbone: 2 x 100Mbps backbone (Dual homing/BGP)
|-
| Turkey
|-
! [http://www.natro.com Natro Web Hosting Services]
| rowspan=2 |
* Offering secure Virtual Dedicated Server environments on Debian & Ubuntu hosts with several choices of guests including control panel integration
* Also providing linux hosting services on linux-vserver powered servers
* Clustering of mission critical services
|-
|
|-
! [http://www.omnis.com.tr Omnis Internet Services]
| rowspan=2 |
* We use it on our hosting servers, it gives extra security and managment for us.
* It is life saver product.
|-
|
|-
! [http://www.zylon.net/ Zylon Internet Services]
| rowspan=2 |
* We use it on our hosting servers to provide an extra layer of security for our customers.
* We do not provide full vservers, we only provide 'standard' webhosting facilities.
|-
|
|-
! [http://www.isp4p.net ISP4P]
| rowspan=2 |
* see also http://www.isp4player.net
* Allround ISP 4 Professionals
* Dedicated Server, Tower Housing, 19" Housing, Webhosting, vServer, vServer Reselling, Domains
|-
|
|-
! [http://www.rootbash.com Nauck IT KG]
(rootbash.com)
| rowspan=2 |
|-
| Germany
|-
! [http://www.star-hosting.de Star-Hosting]
| rowspan=2 |
* see also http://www.vserver4free.de
* Get dedicated Servers, vServers and many more services with a very high traffic-contingent!!
|-
| Germany
|-
! [http://www.planet-lab.org/ PlanetLab]
| rowspan=2 |
* PlanetLab is an open, globally distributed platform for developing, deploying and accessing planetary-scale network services.
* PlanetLab nodes support both short-term experiments and long-running network services.
* To date, more than 200 research projects at top academic institutions have used PlanetLab to experiment with such diverse topics as distributed storage, network mapping, peer-to-peer systems, distributed hash tables, and distributed query processing. See http://www.planet-lab.org/ for more details.
|-
|
|-
! [http://www.dsvr.co.uk/ Designer Servers Ltd]
| rowspan=2 |
* Offering effective Linux vserver-protected hosting to web professionals in the UK and beyond.
|-
| United Kingdom
|-
! [http://www.rosehosting.com Rose Web Services L.L.C.]
| rowspan=2 |
* Founded in April 2001, located in St. Louis, Missouri, USA, Rose Hosting provides all kinds of hosting solutions, including [http://www.rosehosting.com Linux VPS Hosting], based on Linux-VServer Technology.
|-
| USA
|-
! [http://sandino.net/ Sandino Networks]
| rowspan=2 |
* Offering VServers to customers
* Dual core servers hardened with GR Security
* Choice of different operating systems: Gentoo, CentOS, Debian, Ubuntu, Slackware, Fedora....
* Choice of different vserver sizes
|-
| México
|-
! [http://www.turnkeyinternet.net TurnKeyInternet.NET]
| rowspan=2 |
* Coast to Coast Datacenter replicated Linux Virtual Private Server packages that are fully mirrored providing 100% uptime.
* Packages include fully managed service and support.
|-
|
|-
! [http://vlinux.biz vlinux.biz]
| rowspan=2 |
* vservers with RAID1/QuadCore/8GB host (512MB guaranteed)
* multihomed location in germany with 4x 1 Gbit uplink.
* Starting with 11.90 EUR / month for a 40GB Raid1 disk, 100 GB traffic p.M. with Gbit Connection (1 IP)
* this ISP also offers a large variety of [http://www.smart-weblications.de/rootserver/ root servers] and also offers server homing.
|-
| Germany
|-
! [http://www.cityservers.net/ CityServers.Net]
Dedicated Servers
| rowspan=2 |
* Offering dedicated servers and economic Fedora vServers hosting to IT professionals in the EU.
* Packages include fully managed service and support.
|-
| Poland
|-
! [http://www.vps2go.com/ VPS2GO]
| rowspan=2 |
* Currenly using the stable version but will be upgraded to new 2.6 kernel + vs2.0 soon.
|-
| Japan
|-
! [http://www.net-lab.net net-lab]
vserver/web-hosting
| rowspan=2 |
* Currently run our first testing host on kernel 2.6 + vs2.0 is running. Server Location: Frankfurt, near DE-CIX.
* Commercial offer for vserver accounts soon available.
|-
| Germany
|-
! [http://www.stepping-stone.ch stepping stone GmbH]
| rowspan=2 |
* Our whole ISP infrastructure (Mail, Web, Directories, ...) is built upon the 2.0 vServer series on the 2.6 Linux kernel, running Gentoo Linux.
* We provide [http://www.stepping-stone.ch/en/products/vserver/linux-vserver-starter/ Gentoo and Debian vServers].
* iptables/netfilter rules are implemented free of charge on the carrier as part of our service.
* As a speciality, you can run [http://www.asterisk.org/ Asterisk] in our vServers!
* Furthermore we're specialized in providing high availability solutions in combination with [[Welcome_to_Linux-VServer.org|Linux VServer]] and [http://www.drbd.org/ DRBD].
|-
| Switzerland
|-
! [http://www.vroutix.com vRoutix]
| rowspan=2 |
* Offering kernel 2.6 Vservers in Argentina. Compaq Xeon/Sun Ultrasparc Servers (with Raid1).
* Very affordable prices.
* Starter: Very low price !
* Lite: Low end users
* Standard: small bussiness
* Pro: mid-size bussiness
* Control panel to monitor your vServer performance, processes, storage, traffic, account data, etc.
* vServers demo accounts for Free. Try out one of our vServers !!!.
* Now with iptables support inside your vServer !!!
|-
| Argentina
|-
! [http://www.mpexnetworks.de MPeXnetworks]
MPeX.net GmbH
| rowspan=2 |
* High performance virtual servers on RAID1 Hosts
* Leistungsfähige virtuelle Server für Ihr Unternehmen.
* MPeXnetworks is offering three vserver packets.
* Our systems have a low customer density, resulting in more power for everyone.
* Nagios monitoring and free e-mail notification is included.
* All VServer offers include a 30 day money-back-guarantee.
|-
| Berlin/Germany
|-
! [http://www.sentiensystems.com SentienSystems]
| rowspan=2 |
* High performance, quality, and secure Virtual Private Servers
* SentienSystems(.com/.net) proudly utilizes and promotes open source software such as Linux-VServer on the secure and performance-intensive Gentoo Linux platform.
|-
| Austin, Texas, USA
|-
! [http://new.pipni.cz/vindex.phtml PIPNI s.r.o]
| rowspan=2 |
* Linux 2.6 Vservers on Intel Xeon platform
* Providing free and payed vServer hosting. Freehosting has no guarantee, payed are guaranted.
* You can select from Slackware, Gentoo or Debian hosting.
* Freehosting specs: 333 MHz CPU, 128 MB RAM, 2 GB HDD space, 10 GB traffic.
|-
| Czech Republic
|-
! [http://www.croup.de croup.de]
crossmedia solutions
| rowspan=2 |
* We provide individual VServer installations for our customers in Germany using Gentoo Linux.
|-
| Germany
|-
! [http://hosting.media72.co.uk Media72 hosting]
| rowspan=2 |
* Red Hat Enterprise Linux solutions
* We provide custom hosting solutions starting from £2.08 a year. Virus and spam protection as standard on all accounts.

|-
| United Kingdom
|-
! [http://www.centrodedatos.com Centrodedatos]
Dedicated Servers / Colocation / Housing
| rowspan=2 |
* Dedicated Servers and Server Clusters based on Linux VServer. Totally personalized solutions.
* Servidores Dedicados y Clusters de Servidores basados en Linux VServer. Soluciones a medida.

|-
| Spain - Barcelona.
|-
! [http://www.condalis.es Condalis]
VPS and Shared Hosting
| rowspan=2 |
* Centos, Debian, Fedora, Gentoo, Mandrake, Redhat, Slackware, Suse, Ubuntu in your VPS Linux-VServer to web professionals in Spain.
* Centos 5 + WHM/Cpanel + RVSkin + Fantastico available for Hosting resellers!

|-
| Spain - Barcelona.
|-
! [http://www.upfrontsystems.co.za/hosting/ploneserver Upfront Systems]
| rowspan="2" |
* Servers in Germany and South Africa
* Debian stable hosts based on linux vserver
* Dedicated (but not limited to) Zope and Plone hosting

|-
| South Africa
|-
! [http://www.notjusthosting.com NotJustHosting]
NotJustHosting
| rowspan="2" |
* Servers in Germany
* Debian stable hosts based on linux vserver, individual solutions
* Fully managed and self-managed packages
* Ruby on Rails, Zope
|-
| Germany - Berlin
|-
! [http://vege.net/vserver vege.net GmbH]
web-hosting / vserver
| rowspan="2" |
* Linux VServer hosting including OpenVCP, DRBD, LVM snapshots
* Servers located in Germany
|-
| Germany - Bremen
|-

! [http://www.netcup.de/vserver/ netcup vServer]
| rowspan=2 |
* Guaranteed CPU and RAM availability
* Web-based account administration
* On-the-fly web-based VServer configuration tools
* Prepared Images with SysCP or Confixx
* Rescue-System
* Firewall
* Backup- / Snapshot-System (Backup / Restore per Click)
|-
| Germany - Karlsruhe
|-

! [http://www.vserver.si Vserver.si]
| rowspan="2" |
* Virtual Private Servers
* Managed Servers
* Hosting
* Domain registration
* Colocation

|-
| Slovenia
|-

! [http://www.alvotech.de/vserver/ Alvotech GmbH - vServer]
| rowspan=2 |
* Guaranteed RAM and CPU availability
* Fully Online administration
* On-the-fly web-based VServer configuration tools
* Prepared Images with Confixx
* Firewall
|-
| Germany - Düsseldorf
|-

! [http://www.topnetworks.de Topnetworks e.K.]
| [http://www.topnetworks.de/vserver.html Linux VServer]
* Linux Kernel 2.6 based vServers
* Fully Online administration
* Hosted in professional certified datacenter in Germany
* Distributions: Debian, Ubuntu, RedHat, Fedora Core, CentOS, Asterisk
* Firewall
* Providing payed vserver hosting. Starting from 1.99 EUR per month.
* Supported Linux VServer project since 2007
|-
| Germany - Düsseldorf
|-

! [http://www.toile-libre.org Toile-libre ! ]
| rowspan=2 |
* Vservers with 256Mo of RAM, 10Go of Disk, 1 IPv4 address (IPv6 planned) ...
* ... at free price (you decide how much you want/can pay) !
* Hosted by http://as48920.net in France ; Contact us by mail: contact@toile-libre.org
|-
| France
|-

|}

Installation on Debian

2009-10-26T15:10:49Z

Gebura: /* vserver's /proc/mounts issue */

This guide is written against Debian Etch (4.0) and works on Lenny (5.0) as well. Both releases include kernel '''linux-image-vserver-686''', so no manual patching is needed. Hence, Installation on Debian Etch/Lenny is pretty easy and straightforward.

If you need to compile your own kernel, you need to apply the vserver-version.patch. [http://www.kwu.hu/vserver.txt Details at 2007/May/04]

== Packages installation ==
The packages required by Linux-VServer are:
* '''linux-image-vserver-686''' - This is the current kernel, use '''linux-image-vserver-amd64''' on 64-bit systems, you can still create 32-bit guests
* '''util-vserver''' - These are the utilities used to administer the guests
* '''ssh''' - This is probably already installed, but just in case it isn't

All the packages you need can be obtained via
<pre>aptitude install linux-image-vserver-686 util-vserver ssh</pre>
so run this as ''root'' and reboot.
To check out wherever everything went fine you may run
<pre>uname -r</pre>
and check that kernel version contains '''vserver''', e.g. '''2.6.18-4-vserver-686'''. That's it.

Now that the host system is ready, you can proceed with [[Building Guest Systems|building guests]].

=== Install util-vserver by source ===
Occasionally, Debian's util-vserver package can be too old. So, we'll need to compile from [http://people.linux-vserver.org/~dhozac/t/uv-testing/ source].

First, install the required packages for util-vserver to compile.
<pre>apt-get install vlan dietlibc-dev pkg-config libnss3-dev</pre>

Then, we configure util-vserver
<pre>./configure --prefix=/usr --enable-release --mandir=/usr/share/man \
--infodir=/usr/share/info --sysconfdir=/etc --enable-dietlibc \
--localstatedir=/var --with-vrootdir=/home</pre>
Note: You should change ''--with-vrootdir'' accordingly

Finally, we run make to finalise the installation
<pre>make && make install debian && make install install-distribution</pre>

Running ''vserver-info'' will show you that the proper util-vserver is installed. :)

Debian likes to be funny, so we need to enable the following,
* echo /usr/lib/util-vserver/vshelper >| /proc/sys/kernel/vshelper
* echo kernel.vshelper = /usr/lib/util-vserver/vshelper >> /etc/sysctl.conf
* update-rc.d vprocunhide defaults
* update-rc.d vservers-default defaults

== Versions ==
Debian already contains vservers kernels, so no manual patching and compiling is needed.
{|class="wikitablenowrap"
!Debian release
!Kernel version
!VServer version
|-
| Etch
| 2.6.18+6
| 2.0.2.2-rc9
|-
| Lenny
| 2.6.26+17
| 2.3.0.35
|-
|}

== Issues with the current 2.6.26 Kernel ==

=== Hard CPU scheduling ===

This will not work in the Debian 'Lenny' Kernel, the patch used simply does not contain any of this functionality.

=== Problems due to Xattrs ===

There are two sets of issues within the Lenny kernel caused by the change in value of the Xattrs (extended attributes) applied to file in Vserver setups. The patch used in Debian Lenny uses Xattr flags which are set in positions which differ from the flags set by Debian kernels as well as most of the mainline Vserver patches. This result is that Xattrs of files in a non lenny system appear to have completely different flags in Lenny and vice versa. Since these flags are crucial to vserver hashification and chroot security, they can have devastating effects on Vserver guests and on host system security. If you have recently moved to or away from the stock Lenny Vserver kernel, have look at the symptoms below to see if any match your experiences, and apply the fixes/use another kernel as you see fit.

As of writing these issue has not been corrected within the Debian archive. These fixes must be applied whenever moving vserver guest '''from''' or '''to''' the Debian 'Lenny's vserver kernel. For more details and a more concise explanation see [http://irc.13thfloor.at/LOG/2009-05/LOG_2009-05-12.txt Bertls IRC explanation ].

==== Chroot Security Problems ====

Linux-Vserver uses file Xattrs to protect guest superusers from being able to view files above their root, preventing access to host file. This creates issues for anyone who:

* has created a guest with a Debian 2.6.26-*-vserver kernel and wishes to use it with another kernel.
* has created a guest with a different kernel and wishes to use it on a Debian 2.6.26-*-vserver kernel based host.

In effect, the barrier normally in place for guest servers is not recognised by the kernel (the chroot problem) in the situation above and/or immutable links will not function correctly (the unification problem)failing to break when overwritten) in a unified guest setup. Symptoms suffered may include:

* the possibility of vserver guest processes escaping their chroots and accessing other parts of the filesystem
* guest not starting

To fix the barrier flags for a current kernel, see [[Secure_chroot_Barrier#Solution:_Secure_Barrier | these instructions]]. Note that on some setups a barrier flags will appear on all directories under the guest hierarchy, and need to be unset in order to allow the servers to run. Use showattr to reveal the state of play for your guests and fix appropriately.

==== Unification Problems ====

There is a discrepancy between the immutable-unlink flag used for file unification, the process used in vhashify. This creates considerable issues for anyone who:

* has unified guests with a Debian 2.6.26-*-vserver kernel and wishes to use them with another kernel.
* has unified guests with a different kernel and wishes to then it on a Debian 2.6.26-*-vserver kernel based host.

Symptoms suffered may include:

* file that cannot be deleted
* any process involving the writing of files in guests not working
* files not being unlinked on write

To fix the problem each file must be unlinked then the unification re-applied, or one could try this script submitted to [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508523 bugs.debian.org].

=== /proc/mounts issue ===

The vserver's /proc/mounts let appear the vserver path on the host. lsof (for example) is able to print it.

== References ==
* Linux-VServer HOWTO by Daniel15: http://howtoforge.com/linux_vserver_debian_etch

Installation on Debian

2009-10-26T15:10:26Z

Gebura: added /proc/mounts issue

This guide is written against Debian Etch (4.0) and works on Lenny (5.0) as well. Both releases include kernel '''linux-image-vserver-686''', so no manual patching is needed. Hence, Installation on Debian Etch/Lenny is pretty easy and straightforward.

If you need to compile your own kernel, you need to apply the vserver-version.patch. [http://www.kwu.hu/vserver.txt Details at 2007/May/04]

== Packages installation ==
The packages required by Linux-VServer are:
* '''linux-image-vserver-686''' - This is the current kernel, use '''linux-image-vserver-amd64''' on 64-bit systems, you can still create 32-bit guests
* '''util-vserver''' - These are the utilities used to administer the guests
* '''ssh''' - This is probably already installed, but just in case it isn't

All the packages you need can be obtained via
<pre>aptitude install linux-image-vserver-686 util-vserver ssh</pre>
so run this as ''root'' and reboot.
To check out wherever everything went fine you may run
<pre>uname -r</pre>
and check that kernel version contains '''vserver''', e.g. '''2.6.18-4-vserver-686'''. That's it.

Now that the host system is ready, you can proceed with [[Building Guest Systems|building guests]].

=== Install util-vserver by source ===
Occasionally, Debian's util-vserver package can be too old. So, we'll need to compile from [http://people.linux-vserver.org/~dhozac/t/uv-testing/ source].

First, install the required packages for util-vserver to compile.
<pre>apt-get install vlan dietlibc-dev pkg-config libnss3-dev</pre>

Then, we configure util-vserver
<pre>./configure --prefix=/usr --enable-release --mandir=/usr/share/man \
--infodir=/usr/share/info --sysconfdir=/etc --enable-dietlibc \
--localstatedir=/var --with-vrootdir=/home</pre>
Note: You should change ''--with-vrootdir'' accordingly

Finally, we run make to finalise the installation
<pre>make && make install debian && make install install-distribution</pre>

Running ''vserver-info'' will show you that the proper util-vserver is installed. :)

Debian likes to be funny, so we need to enable the following,
* echo /usr/lib/util-vserver/vshelper >| /proc/sys/kernel/vshelper
* echo kernel.vshelper = /usr/lib/util-vserver/vshelper >> /etc/sysctl.conf
* update-rc.d vprocunhide defaults
* update-rc.d vservers-default defaults

== Versions ==
Debian already contains vservers kernels, so no manual patching and compiling is needed.
{|class="wikitablenowrap"
!Debian release
!Kernel version
!VServer version
|-
| Etch
| 2.6.18+6
| 2.0.2.2-rc9
|-
| Lenny
| 2.6.26+17
| 2.3.0.35
|-
|}

== Issues with the current 2.6.26 Kernel ==

=== Hard CPU scheduling ===

This will not work in the Debian 'Lenny' Kernel, the patch used simply does not contain any of this functionality.

=== Problems due to Xattrs ===

There are two sets of issues within the Lenny kernel caused by the change in value of the Xattrs (extended attributes) applied to file in Vserver setups. The patch used in Debian Lenny uses Xattr flags which are set in positions which differ from the flags set by Debian kernels as well as most of the mainline Vserver patches. This result is that Xattrs of files in a non lenny system appear to have completely different flags in Lenny and vice versa. Since these flags are crucial to vserver hashification and chroot security, they can have devastating effects on Vserver guests and on host system security. If you have recently moved to or away from the stock Lenny Vserver kernel, have look at the symptoms below to see if any match your experiences, and apply the fixes/use another kernel as you see fit.

As of writing these issue has not been corrected within the Debian archive. These fixes must be applied whenever moving vserver guest '''from''' or '''to''' the Debian 'Lenny's vserver kernel. For more details and a more concise explanation see [http://irc.13thfloor.at/LOG/2009-05/LOG_2009-05-12.txt Bertls IRC explanation ].

==== Chroot Security Problems ====

Linux-Vserver uses file Xattrs to protect guest superusers from being able to view files above their root, preventing access to host file. This creates issues for anyone who:

* has created a guest with a Debian 2.6.26-*-vserver kernel and wishes to use it with another kernel.
* has created a guest with a different kernel and wishes to use it on a Debian 2.6.26-*-vserver kernel based host.

In effect, the barrier normally in place for guest servers is not recognised by the kernel (the chroot problem) in the situation above and/or immutable links will not function correctly (the unification problem)failing to break when overwritten) in a unified guest setup. Symptoms suffered may include:

* the possibility of vserver guest processes escaping their chroots and accessing other parts of the filesystem
* guest not starting

To fix the barrier flags for a current kernel, see [[Secure_chroot_Barrier#Solution:_Secure_Barrier | these instructions]]. Note that on some setups a barrier flags will appear on all directories under the guest hierarchy, and need to be unset in order to allow the servers to run. Use showattr to reveal the state of play for your guests and fix appropriately.

==== Unification Problems ====

There is a discrepancy between the immutable-unlink flag used for file unification, the process used in vhashify. This creates considerable issues for anyone who:

* has unified guests with a Debian 2.6.26-*-vserver kernel and wishes to use them with another kernel.
* has unified guests with a different kernel and wishes to then it on a Debian 2.6.26-*-vserver kernel based host.

Symptoms suffered may include:

* file that cannot be deleted
* any process involving the writing of files in guests not working
* files not being unlinked on write

To fix the problem each file must be unlinked then the unification re-applied, or one could try this script submitted to [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508523 bugs.debian.org].

=== vserver's /proc/mounts issue ===

The vserver's /proc/mounts let appear the vserver path on the host. lsof (for example) is able to print it.

== References ==
* Linux-VServer HOWTO by Daniel15: http://howtoforge.com/linux_vserver_debian_etch

Frequently Asked Questions

2009-10-20T19:06:43Z

Gebura:

<div style="margin: 2em auto 2em auto; padding: 10px; background-color: #F9ECCD; border: 1px solid #004433; text-align: center;">
[[Image:Icon-Caution.png|left]]
We currently migrate to MediaWiki from our old installation, but not all content has been migrated yet. Take a look at the [[Wiki Team]] page for instructions how to help or look at the [http://oldwiki.linux-vserver.org old wiki] to find the information not migrated yet.

'''To ease migration we created a [[List of old Documentation pages]].'''
</div>

CURRENTLY THE CONTENT OF THE OLD WIKI FAQ (AND MORE) IS BEING MIGRATED TO THIS PAGE (TASK: DERJOHN)

__TOC__

== General ==

{{Question
|Question=What is a 'Guest'?
||Details=To talk about stuff, we need some naming. The physical machine is called 'Host' and the 'main' context running the Host Distro is called 'Host Context'. The virtual machine/distro is called 'Guest' and basically is a Distribution (Userspace) running inside a 'Guest Context'.
|Signature=derjohn}}

{{Question
|Question=What kind of Operating System (OS) can I run as guest?
||Details= With VServer you can only run Linux guests. The trick is that a guest does not run a kernel on its own (as XEN and UML do), it merely uses a virtualized host kernel-interface. VServer offers so called security contexts which make it possible to separate one guest from each other, i.e. they cannot get data from each other. Imagine it as a chroot environment with much more security and features.
|Signature=derjohn}}

{{Question
|Question=Is this a new project? When was it started?
||Details=The first public occurrence of Linux-VServer was Oct 2001. The initial mail can be found here: http://www.cs.helsinki.fi/linux/linux-kernel/2001-40/1065.html
So you can expect a mature software product which does its magic quite well (And hey, we have a version > 2.0!)
|Signature=derjohn}}

{{Question
|Question=Which distributions did you test?
||Details=Some. Check out the wiki for ready-made guest images. But you can easily build own guest images, e.g. with Debian's debootstrap. Checkout [[Building Guest Systems]] how to do that.
|Signature=derjohn}}

{{Question
|Question=Is VServer comparable to XEN/UML/QEMU?
||Details=Nope. XEN/UML/QEMU and VServer are just good friends. Because you ask, you probably know what XEN/UML/QEMU are. VServer in contrary to XEN/UML/QEMU does not "emulate" any hardware you run a kernel on. The purpose of Linux VServer is to isolate (groups of) applications. The isolation is done by the kernel (see [[Overview]] for a more detailed comparison). You can run a VServer kernel in a XEN/UML/QEMU guest. This is confirmed to work at least with Linux 2.6/vs2.0.
|Signature=derjohn}}

{{Question
|Question=With which version should I begin?
||Details=If you are new to VServer I recommend to try the latest stable kernel patch, and the latest util-vserver "alpha" release.
|Signature=derjohn}}

{{Question
|Question=Is VServer secure?
||Details=We hope so. It should be as least as secure as Linux is. We consider it much much more secure though.
|Signature=derjohn}}

{{Question
|Question=Performance?
||Details=For a single guest, we basically have native performance. Some tests showed insignificant overhead (about 1-2%) others ran faster than on an unpatched kernel. This is IMVHO significantly less than other solutions waste, especially if you have more than a single guest (because of the resource sharing).
|Signature=derjohn}}

{{Question
|Question=What is the "great flower page"?
||Details=Well, [http://www.nongnu.org/util-vserver/doc/conf/configuration.html this page] contains all configuration options for util-vserver. The name of the page is derived from the stylesheet(s) it contains.
|Signature=derjohn}}

== Resources usage ==

{{Question
|Question=Resource sharing?
||Details=Yes ....
* memory: Dynamically.
* CPU usage: Dynamically (token bucket)
|Signature=derjohn}}

{{Question
|Question=Resource limiting?
||Details=You can put limits per guest on different subsystems.
* using ulimits and rlimits (rlimit is a new feature of kernel 2.6/vs2.0.) per guest, to limit the memory consumption, the number of processes or file-handles, ... : see [[Resource Limits]]
* CPU usage : see [[CPU Scheduler]]
* disk space usage : see [[Disk Limits and Quota]]
Note that you can only offer guaranteed resource availability with some ticks at the time.
|Signature=derjohn&xm}}

{{Question
|Question=How do I limit a guests RAM? I want to prevent OOM situations on the host!
||Details=First you can read [http://linux-vserver.org/Memory+Allocation] and [[Memory Limits]].
If you want a recipe, do this:
# Check the size of memory pages. On x86 and x86_64 is usually 4 KB per page.
# Create /etc/vserver/<guest>/rlimits/
# Check your physical memory size on the host, e.g. with "free -m". maxram = kilobytes/pagesize.
# Limit the guests physical RAM to value smaller then maxram:<pre>echo %%insertYourPagesHereSmallerThanMaxram%% > /etc/vserver/<guest>/rlimits/rss </pre>
# Check your swapspace, e.g. with 'swapon -s'. maxswap = swapkilobytes/pagesize.
# Limit the guest's maximum number of as pages to a value smaller than (maxram+maxswap): <pre> echo %%desiredvalue%% > /etc/vserver/<guest>/rlimits/as </pre>
# Correctly display the memory information inside the guest:<pre>echo "VIRT_MEM" >> /etc/vservers/<guest>/flags</pre>
It should be clear this can still lead to OOM situations. Example: You have two guests and your as limit per guest is greater than 50% of (maxram+maxswap). If both guests request their maximum at the same point in time, there will be not enough mem .....
|Signature=derjohn}}

{{Question
|Question=Disk I/O limiting? Is that possible?
||Details=Well, since vs2.1.1 Linux-VServer supports a mechanism called 'I/O scheduling', which appeared in the 2.6 mainline some time ago. The mainline kernel offers several I/O schedulers:
<pre>
# cat /sys/block/hdc/queue/scheduler
noop [anticipatory] deadline cfq
</pre>

The default is anticipatory a.k.a. "AS". When running several guests on a host you probably want the I/O performance shared in a fair way among the different guests. The kernel comes with a "completely fair queueing" scheduler, CFQ, which can do that. (More on schedulers can be found at http://lwn.net/Articles/114770/)
This is how to set the scheduler to "cfq" manually:
<pre>
root# echo "cfq" > /sys/block/hdc/queue/scheduler
root# cat /sys/block/hdc/queue/scheduler
noop anticipatory deadline [cfq]
</pre>
Keep in mind that you have to do it on all physical discs. So if you run an md-softraid, do it to all physical /dev/hdXYZ discs!
If you run Debian there is a predefined way to set the /sys values at boot-time:
<pre>
# apt-get install sysfsutils
[...]

# grep cfq /etc/sysfs.conf
block/sda/queue/scheduler = cfq
block/sdc/queue/scheduler = cfq

# /etc/init.d/sysfsutils restart
</pre>

For non-vserver processes and CFQ you can set by which key the kernel decides about the fairness:
<pre>
cat /sys/block/hdc/queue/iosched/key_type
pgid [tgid] uid gid
</pre>
Hint: The 'key_type'-feature has been removed in the mainline kernel recently. Don't look for it any longer :(

The default is tgid, which means to share fairly among process groups. Think every guest is treated like a own process group. It's not possible to set a scheduler strategy within a guest. All processes belonging to the same guest are treated like "noop" within the guest. So: If you run apache and some ftp-server within the _same_ guest, there is no fair scheduling between them, but there is fair scheduling between the whole guest and all other guests.

And: It's possible to tune the scheduler parameters in several ways. Have a look at /sys/block/hdc/queue/....
|Signature=derjohn}}

{{Question
|Question=Nice disk I/O scheduling, is that possible?
||Details=Well, since linux 2.6.13 processess have another priority next to the cpu nice scheduling hint, it's called io nice.
It's split into three groups, called real-time, best effort and idle. The default is best-effort, but within best-effort, you can have a niceness from 0 to and including 7.
You can set this niceness by the tool ionice, which for debian is either in the package util-linux or schedutils.
To change the io-niceness you need the <tt>CAP_SYS_NICE</tt>, '''and''' need to have the same uid as the processe you want to ionice.

:'''Note:''' If you want to use any schedulung other than best-effort you will also need the <tt>CAP_SYS_ADMIN</tt>-flag. Be warned that this gives quite some capabilities to the vserver, not just for I/O scheduling!

If you want to increase the niceness of an I/O hogging process within a vserver you need to do:
<PRE>
chcontext --xid sponlp1 sudo -u '#2089' ionice -c2 -n5 -p24409
</PRE>
with sudo and ionice installed on the root server to increase the *nice*ness of pid 24409, with uid 2089
|Signature=Groteblup}}

== Unification ==

{{Question
|Question=What is unification (vunify)?
||Details=Unification is Hard Links on Steroids. Guests can 'share' common files (usually binaries and libraries) in a secure way, by creating hard links with special properties (immutable but unlinkable (removable)). The tool to identify common files and to unify them is called vunify.
|Signature=derjohn}}

{{Question
|Question=What is vhashify?
||Details=The successor of vunify, a tool which does unification based on hash values (which allows to find common files in arbitrary paths.)
It creates hardlinks to files named after a hash of the content of the file. If you have a recent version of the vserver patch (2.2+), with CONFIG_VSERVER_COWBL enabled, you can even modify the hardlinked files inside the vservers and the links will be broken automatically.
There seems to be a catch when a hashified file has multiple hardlinks inside a guest, or when another internal hardlink is added after hashification. Link breaking will remove all the internal hardlinks too, so the guest will end up with different copies of the original file. The correct solution would be to not hashify files that have multiple links prior to hashification, and to break the link to the hashified version when a new internal hardlink is created. Apparently, this is not implemented yet (?).
|Signature=Guy-}}

{{Question
|Question=How do I manage a multi-guest setup with vhashify?
||Details=For 'vhashify', just do these once:
<pre>
mkdir /etc/vservers/.defaults/apps/vunify/hash /vservers/.hash
ln -s /vservers/.hash /etc/vservers/.defaults/apps/vunify/hash/root
</pre>
Then, do this one line per vserver:
<pre>
mkdir /etc/vservers/<vservername>/apps/vunify # vhashify reuses vunify configuration
</pre>
To hashify a running vserver, do (possibly from a cronjob):
<pre>
vserver name-of-guest hashify
</pre>

The guest needs to be running because vhashify tries to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver enter</tt>.

In order for the OS cache to benefit from the hardlinking, you'll have to restart the vservers.

To clean up hashified files that are no longer referenced by any vserver, do (possibly from a cronjob):
<pre>
find /vservers/.hash -type f -links 1 -print0 | xargs -0 rm
</pre>

Until you do this, the files still take up place even though no vservers need them.
|Signature=Guy-}}

== Filesystem usage ==

{{Question
|Question=Is there a way to implement "user/group quota" per VServer?
||Details=Yes, but not on a shared partition for now. You need to put the guest on a separate partition, setup a vroot device (to make the quota access secure), copy that into the guest, and adjust the mtab line inside the guest.
|Signature=derjohn}}

{{Question
|Question=What about "Quota" for a context? Howto limit disk usage?
||Details=Context quotas are now called Disk Limits (so that we can tell them apart from the user/group quotas :). They are supported out of the box (with vs2.0+) for all major filesystems (ext2/3, ReiserFS, JFS). You need to tag the FS with XID (see below). Please read [[Disk Limits and Quota]] for more information.
|Signature=derjohn}}

{{Question
|Question=How do I tag a guest's directory with xid?
||Details=Tagging the guest's files gives you several advantages, e.g. the accounting will work properly.
Filesystem XID tagging only works on supported filesystem. Those are currently: ext2/3, reiserfs/reiser3, xfs and jfs.
To activate the XID tagging you have to mount the filesystem with "-o tag" (former tagxid is outdated since VS2.2). Attention: It's _not_ possible to "-o remount,tag", you have to mount it freshly. The guests will tag their files automatiaclly. If you copy files in from the host, you have to tag them manually like this:
<pre>
chxid -c xid -R /var/lib/vservers/<guest>
</pre>
Note: Context 0 and 1 will see all files, guests will only be able to access untagged files and their own XID. They can see other XID files but no information about the file, e.g. no owner, no group, no permissions.
Note: It is not advised to tag the root filesystem, as [http://www.paul.sladen.org/vserver/archives/200602/0020.html explained by Herbert] : trying to do so will expose you to some troubles !
|Signature=derjohn_and_gonzo_and_are}}

{{Question
|Question=How can I copy anything from host to guest partition, normally unvisible on host?
||Details=You should just change namespace, e.g.:
<pre>
vnamespace --enter <xid> -- /bin/bash
</pre>
and then use standard cp or rsync programs.
|Signature=SergiuszPawlowicz}}

== Network ==

{{Question
|Question=Does it support IPv6?
||Details=Currently it requires an additional patch, but the functionality should be available in 2.3+ soon. [[IPv6]] has more information.
|Signature=derjohn}}

{{Question
|Question=I can't do all I want with the network interfaces inside the guest?
||Details=For now the networking is 'Host Business' -- the host is a router, and each guest is a server. You can set the capability ICMP_RAW in the context of the guest, or even the capability CAP_NET_RAW (which would even allow to sniff interfaces of other guests!). Likely to change with ngnet.
|Signature=derjohn}}

{{Question
|Question=How do I add several IPs to a vserver?
||Details=First of all a single guest vserver only supports up to 16 IPs (There is a 64-IP patch available, which is in "derjohn's kernel").
Here is a little helper-script that adds a list of IPs defined in a text file, one per line.
<pre>
#!/bin/bash
j=1
for i in `cat myiplist`; do
j=$(($j+1))
mkdir $j
echo $i > $j/ip
echo "24" > $j/prefix
done
</pre>
|Signature=derjohn}}

{{Question
|Question=How do I assign a new IP address to a running guest?
||Details=This is done from the host server:
* add the ip on the host, for example
<pre>
ip addr add 194.169.123.23/24 dev eth0
</pre>
* add the ip to the guest's network context (a guests NID is the same as the XID {context ID})
<pre>
naddress --add --nid <nid> --ip 194.169.123.23/24
</pre>
* enter the guest (best via ssh)
* restart the services that need to make use of the new address if required
* update the config in ''/etc/vserver/<servername>/interfaces'' to reflect the changes for the next guest restart (if desired)
|Signature=BenjaminGreen}}

{{Question
|Question=If my host has only one a single public IP, can I use RFC1918 IP (e.g. 192.168.foo.bar) for the guest vservers?
||Details=Yes, use iptables with SNAT to masquerade it.
<pre>
iptables -t nat -I POSTROUTING -s $VSERVER_NETZ ! -d $VSERVER_NETZ -j SNAT --to $EXT_IP
</pre>
See: [[HowtoPrivateNetworking]] and
http://www.tgunkel.de/it/software/doc/linux_server.en#h3-VServer_Masquerading_SNAT (THX, [MUPPETS]Gonzo)
|Signature=derjohn}}

{{Question
|Question=If I shut down my vserver guest, the whole Internet interface ethX on the host is shut down. What happened?
||Details=When you shut down a guest (''i.e. vserver foo stop''), the IP is brought down on the host also. If this IP happens to be the primary IP of the host, the kernel will not only bring down the primary IP, but also all secondary IP addresses. But in very recent kernels, there is an option ''settable'' which prevents that nasty feature. It's called "alias promotion". You may set it via sysctl by adding ''net.ipv4.conf.all.promote_secondaries=1'' in /etc/sysctl.conf or via sysctl command line.
|Signature=derjohn}}

{{Question
|Question=Can I run an OpenVPN Server in a guest?
||Details=
Yes. To get a OpenVPN Server running in a guest, all networking setup has to be done on the host. This answer describes the common case and shows some pitfalls, for detailled information about OpenVPN, please consult the appropriate documentation on the OpenVPN homepage.
This is the minimal OpenVPN configuration for the Server which will be used to demonstrate how to get it running in a client:
<pre>
# Networking setup
server 192.168.16.0 255.255.255.0
dev tun16
ifconfig-noexec
comp-lzo
# Certificates
dh ...
ca ...
cert ...
key ...
# Management
persist-key
keepalive 10 60
verb 4
</pre>
First of all you have to prepare the host with a persistent interface in the right mode and with the right settings. This is easily done by using openvpn and the ip and route tools.
<pre>
# openvpn --mktun --dev tun16
# ip link set dev tun16 txqueuelen 100
# ifconfig tun16 192.168.16.1 pointopoint 192.168.16.2 mtu 1500
# route add -net 192.168.16.0 netmask 255.255.255.0 gw 192.168.16.2
</pre>
If you need different settings, openvpn will tell you the ifconfig and route commands it uses to configure the interface when being started on the host with the original config file, but without ifconfig-noexec.
Additionally, the guest needs /dev/net/tun to make OpenVPN happy. This can be created with MAKEDEV:
<pre>
# cd /var/lib/vserver/<myopenvpnserver>/dev/
# ./MAKEDEV tun
(creates the dev/net/tun device accessible by the guest - even a tap interface needs /dev/net/tun !)
</pre>
Finally, the guest needs to have the tun device assigned:
<pre>
# head /etc/vservers/<myopenvpnserver>/interfaces/1/*
==> /etc/vservers/<myopenvpnserver>/interfaces/1/ip <==
192.168.16.1

==> /etc/vservers/<myopenvpnserver>/interfaces/1/nodev <==
tun16

==> /etc/vservers/<myopenvpnserver>/interfaces/1/prefix <==
24
#
</pre>
The client's conf may look like that:
<pre>
# Basic setup
client
proto tcp-client
dev tun
remote <ipaddress>
comp-lzo
verb 4

# Certificate
ca ...
</pre>

[ Based on derJohn's original answer, all errors mine ]
|Signature=DavidS}}

{{Question
|Question=Trying to connect to a vserver from the host or another vserver on the same host fails
||Details=strace shows
<pre>
sin_addr=inet_addr("xx.xx.xx.xx")}, yy) = -1 EINVAL (Invalid argument)
</pre>
A: The host/guest cannot communicate with another guest on same host.
* check all netmasks on all interfaces (do they overlap) ?
* check policy routing (disable it temporary) ?
* check that lo is up (Networking within a host/guest always uses lo interface)
|Signature=CommonProblems}}

{{Question
|Question=Can I use iptables ?
||Details=Yes but right now only on the host (rootserver). Please realize that all traffic is local and will not touch the forward chain.
|Signature=BeginnerFAQ}}

{{Question
|Question=Is it possible to prevent guest from bringing down primary ip?
||Details=Yes. Remove /etc/vservers/<guest>/interfaces/X/dev, and touch /etc/vservers/<guest>/interfaces/X/nodev
|Signature=Daniel&Serge}}

== Administration tools ==

{{Question
|Question=Which guest vservers are running?
||Details=Use vserver-stat to find out. Example output:
<pre>
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
0 77 965.1M 334.6M 14m14s18 2m28s69 1h33m46 root server
49152 7 14M 5.2M 0m00s40 0m00s30 1h30m15 chiffon
</pre>
|Signature=derjohn}}

{{Question
|Question=Is there a web-based interface for vserver that will allow creation/deletion/configuration etc. of vserver guests?
||Details=
* http://OpenVPS.org which is a set of scripts with a web-interface for webhosters/ISPs
* http://Openvcp.org which is a distributed system (agent!) with a web-interface, with which you can build/remove guests
* http://vsmon.revolutionlinux.com/ is a distributed monitoring-only solution that allows you to search for a particular vserver in your park.
|Signature=derjohn}}

== Hosting foreign distributions ==

{{Question
|Question=I run a Debian host and want to build an Ubuntu guest. Howto?
||Details=Simple ;) Assume you want to build a breezy guest on a sid host with IP 192.168.0.2 and hostname vubuntu, then do:
<pre>
vserver vubuntu build --force -m debootstrap --hostname vubuntu.myvservers.net --netdev eth0 --interface 192.168.0.2/24 \
--context 42 -- -d breezy -m http://de.archive.ubuntu.com/ubuntu
</pre>

[UPDATE] Currently there are problems in building breezy under unclear circumstances, which seems to have to do with udev. If the above didnt work, try:
<pre>
vserver vubuntu build --force -m debootstrap --hostname vubuntu.myvservers.net --netdev eth0 --interface 192.168.0.2/24 \
--context 42 -- -d breezy -m http://de.archive.ubuntu.com/ubuntu -- --exclude=udev
</pre>
In very recent versions of the utils, the problem should not occur anymore (it has to do with the 'secure-mount' if you look in the MLs)

Well, sid's debootstrap knows how to bootstrap Ubuntu linux. Make sure to have a current debootstrap package:
<pre>
apt-get update
apt-get install debootstrap
</pre>
The knowledge how to build ubuntu 'breezy badger' (which you probably want to be your guest at the time of writing) has been added recently.
|Signature=derjohn}}

{{Question
|Question=I want to build a Gentoo guest. Howto?
||Details=Even simpler ;) See http://www.gentoo.org/proj/en/vps/vserver-howto.xml#doc_chap3 .
|Signature=gcc}}

== Application level problems ==

{{Question
|Question=I did everything right, but the application foo does not start. What's up there?
||Details=Before asking on the IRC channel, please check out the 'problematic programs' page:
[[Problematic Programs]]
|Signature=derjohn}}

{{Question
|Question=When I try to ssh to the guest, I log into the host, even if I installed sshd on the guest. What's wrong here?
||Details=Look at /etc/ssh/sshd_config of the host:
<pre>
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
</pre>
And now change the setting to
<pre>
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress your.hosts.ip.here # not the guests IP!
</pre>
Then '/etc/init.d/ssh restart' on the host, after that on the guest (if you did apt-get install ssh on the guest already.)
Do I have to explain more? If the hosts sshd binds all available IP addresses on port 22 (The hosts 'sees' even all addresses of the guests!). So if the guest starts its sshd, it can't bind to port 22 any more. You need to change that setting only on the host.
(BTW: A similar approach has to be done for a lot of daemons, e.g. Apache. If the daemon does not support an explicit bind, you may use the chbind command to 'hide' IP addresses from the daemon before starting.)|Signature=derjohn}}

{{Question
|Question=Bind9 does not like to start in my guest.
||Details=Check out the [[Problematic Programs]] page and/or get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian package] for Debian Sid guests and check out the [http://linux-vserver.derjohn.de/bind9-packages/README.txt readme]. (Hint: This is fresh stuff. Please give me feedback)

[UPDATE] Since VServer Devel 2.1.1-rc18 you do not need to patch the userland tools anymore. The capabilities are masked.
|Signature=derjohn}}

{{Question
|Question=My mysqld running in a guest behaves strangely and is awfully slow/locks up
||Details=This can be related to /tmp being too small. mysqld stores temporary tables in /tmp and as such, if a lot of queries happen and /tmp runs full this can cause one query to lock up whilst creating the tmp table and all other queries waiting to acquire the lock. There are two possible solutions to that problem: a.) Modify /etc/vservers/vserver-name/fstab and assign more memory to the tmpfs of /tmp and b.) remove the /tmp entry from /etc/vservers/vserver-name/fstab completly. Especially on database servers with a rather high load the second one might be the preferred method.|Signature=sp}}

{{Question
|Question=Pure-FTP does not run inside a VServer?
||Details=That's because it has capabilities enabled, make sure you rebuild your distro's package passing also the `--without-capabilities` flag to configure.
|Signature=Pedro Algarvio, aka, s0undt3ch}}

{{Question
|Question=Why do neither sshd nor crond (vixie-cron) work correctly in my CentOS / Fedora guest? I get 'pam_loginuid(crond:session): set_loginuid failed opening loginuid' and similar lines in my logs.
||Details=Took me a while to figure this out, and it turned out to be mentioned in the old wiki. Here is the solution on how to solve a common problem with sshd / crond, somehow related to selinux and auditing:

pam authentication (also used with openssh) enables "pam_loginuid.so" in the /etc/pam.d/* files. Comment those out as they are not necessary and will not load within a guest anyway. This probably is also necessary on updates later on, if the configs get changed. You therefore may add the following command line to a cronjob file or your software update script:
<pre>
/bin/sed --in-place -e "s/^session.*required.*pam_loginuid.so/# session\trequired\tpam_loginuid.so/g" /etc/pam.d/*
</pre>
|Signature=patrick}}

{{Question
|Question=How do i install nagios-plugins on a Gentoo guest?
||Details=Unfortunately, the nagios-plugins ./configure scripts wants to ping 127.0.0.1 which is not available inside a guest. Therefore you have to build nagios-plugins outside the guest.
The easiest way to do this from the host (assuming the guest is running) is:
<pre>
vnamespace -e <xid> -- chroot /vservers/<name> emerge nagios-plugins -va
</pre>
|Signature=Hollow}}

{{Question
|Question=Somebody runs ntpd in guest and you can't use ntpdate in host?
||Details=Try to run ntpdate with options -u :
ntpdate -u ntp.domain.xy
or you can use command:
chbind --nid 42 --ip 1.2.3.4 -- ntpdate ntp.domain.xy
where IP will be the IP of host.
|Signature=Punkie/Bertl}}

== Start / Stop a VServer ==

{{Question
|Question=How do I make a vserver guest start by default?
||Details=At least on Debian, I can tell you how to do it with the new-style config. If your guest is called "derjohn" and you want it to be started somewhere at the of your bootstrap process, then do:
<pre>
echo "default" > /etc/vservers/derjohn/apps/init/mark
</pre>
If you want to start it earlier, please read the init script "/etc/init.d/util-vserver" to find out how to do it. In most cases you don't need to change this. On Debian the vservers are started at "20", so after most other stuff is up (networking etc.).

Besides that I created a small helper script for managing the autostart foo: ((vserver-autostart))|Signature=derjohn}}

{{Question
|Question=My host works, but when I start a guest it says that it has a problem with chbind.
||Details=You are probably using util-vserver <= 0.30.209, which does use dynamic network contexts internally (With 0.30.210 this fact changed). So if you compiled your kernel without dynamic contexts, you may start guests, but you can't use the network context.The solution is either to switch to .210 util (or Hollow's toolset) or compile the kernel with dynamic network contexts.
SE Keyword: invalid option `nid' testme.sh
|Signature=derjohn}}

{{Question
|Question=What is old-style and new-style config?
||Details=Old-style config refers to a single text-file that contains all the configuration settings. With new-style config the configuration is split into several directories and files. You should probably go for new-style config if you are asking.
|Signature=derjohn}}

{{Question
|Question=How can I reboot/halt guests?
||Details=It depends.
For legacy Linux-VServer (i.e. 1.2.x), you have to replace /sbin/halt in the guests with vreboot and start rebootmgr in the host. You also need to have a <guest>.conf file in /etc/vservers for each guest. Please have a look at /etc/init.d/rebootmgr.
For Linux-VServer 2.0+, sys_reboot has been virtualized to do the right thing. No changes are needed in guests. Please note that some things depend on the init style used by the guest : read [[util-vserver:InitStyles]]
|Signature=derjohn}}

{{Question
|Question=What is the initial PATH?
||Details=By default, vserver uses the 'sysv' startup style, which mimics the init process by running the 3rd runlevel through '/etc/init.d/rc 3' (or '/etc/rc.d/rc 3'). Usually this 'rc' script uses a hard-coded PATH. In the case it doesn't, util-vserver also mimics init's default PATH through /etc/vservers/.defaults/apps/init/environment, or if not present /usr/local/lib/util-vserver/defaults/environment. Beware that all those default PATH usually do not include /usr/local.
|Signature=daniel_hozac&Beuc}}

{{Question
|Question=When I try to start a guest i get this message "/proc/uptime can not be accessed. Usually, this is caused by procfs-security. Please read the FAQ for more details"?
||Details=After a reboot you need to run the vprocunhide script. If running this script causes many errors to print on the screen, try checking the kernel you have booted with (perhaps it does not have the linux-vserver extensions enabled).
|Signature=mattzerah}}

== Kernel ==

{{Question
|Question=Is SMP Supported?
||Details=Yes, on all SMP capable kernel architectures.
|Signature=derjohn}}

{{Question
|Question=Do I really need the legacy-interfaces? What are these legacy-interfaces?
||Details=Since Linux-VServer is an ongoing project, new features might replace old ones, some might require a development version. Legacy-interfaces are available for backward compability (which might be removed someday) with Linux-VServer 1.2.x.
|Signature=derjohn}}

{{Question
|Question=I have a vserver running on a Linux kernel with preemption. Is VServer "preempt" safe?
||Details=There are no known issues about running vserver on a preemption enabled kernel. I would like to add, that the vserver kernelhackers would probably exclude that option in 'make menuconfig' if there would be an incompatibility. Just my $.02 :)
|Signature=derjohn}}

{{Question
|Question=32 vs 64 Bit? What should I take?
||Details=If you have the choice make the host a 64 bit one. You can run a guest as 32 bit or as 64 bit on a 64 bit host. To run it as 32 bit, you need to compile the x86_64 (a.k.a. AMD64) with the following options:
<pre>
[*] Kernel support for ELF binaries
<M> Kernel support for MISC binaries
[*] IA32 Emulation <---- without that, the entire 32bit API is not present
<M> IA32 a.out support
</pre>
You can force the guest to behave like a 32 environment like this:
<pre>
echo linux_32bit > /etc/vservers/$NAME/personality
echo i686 > /etc/vservers/$NAME/uts/machine
</pre>
(thanks cehteh for the hint!)

But you can force debootstrap to put 32 bit binaries into the guest by 'export ARCH=i386';
<pre>
export ARCH=i386 ; vserver build ....
</pre>

On debian when using the newvserver script "export ARCH=i386" has no effect, just use:
<pre>
newvserver --arch i386 ...
</pre>
|Signature=derjohn}}

== Distribution specific questions ==

{{Question
|Question=VServer is included in the stable Debian GNU/Linux for years now. What VS version did they include?
||Details=At the time of writing, Debian Lenny is the stable release of Debian and includes a 2.6.26 based kernel-package called 2.6.26-2-vserver-ARCH. This currently contains VServer 2.3.0.35 (according to changelog.Debian.gz in the Debian package).
|Signature=scientes}}

{{Question
|Question=Were can I get newer versions of VServer as ready made packages for Debian?
||Details=Here you go: http://linux-vserver.derjohn.de/ . There is also some stuff on backports.org, but my kernels are always 'devel' branch.
|Signature=derjohn}}

== Misc ==

{{Question
|Question=Why isn't there a device /dev/xyz within a guest?
||Details=Device nodes allow userspace to access hardware (or virtual resources). Creating a device node inside the guest's namespace will give access to that device, so for security reasons, the number of 'given' devices is small.
|Signature=derjohn}}

{{Question
|Question=I want to (re)mount a partition in a running guest ... but the guest has no rights (capability) to (re)mount?
||Details=I'll explain. I take as example your /tmp partition within the guest is too small, what will be likely the case if you stay with the 16MB default (vserver build mounts /tmp as 16 MB tmpfs!).
<pre>
# vnamespace -e XID mount -t tmpfs -o remount,size=256m,mode=1777 none /var/lib/vservers/<guest>/tmp/
</pre>
(if there's a problem, try expanding the symlinks in the mount path)
Be warned that the guest will not recognize the change, as the /etc/mtab file is not updated when you mount like this. To permanently change the mount, edit /etc/vserver/<guest>/fstab on the host.

If you get:
<pre>
mount: can't find /var/lib/vservers/<guest>/tmp in /etc/fstab or /etc/mtab
</pre>
then try instead:
<pre>
vnamespace -e builder chroot /var/lib/vservers/<guest>/ mount -o remount,size=64m,mode=1777 /tmp
</pre>

Note that this not work for adding a bindmount (<tt>-o bind</tt>) of a directory outside of a vserver into the vserver. For this, there is no alternative but restarting the vserver.
|Signature=derjohn}}

{{Question
|Question=Does anyone know how to increase the size of /tmp within a vserver w/o restarting?
||Details=Use the remount option for mount.
# vnamespace -e XID mount -n -t tmpfs -o remount,size=32m tmpfs /<vdir>/<guest>/tmp
or something like that. The arguments are needed since mount is not going to be using /etc/fstab for the information and the version of /proc/mounts is best understood by
# vnamespace -e XID cat /proc/mounts.
See [[Frequently_Asked_Questions#I want to (re)mount a partition in a running guest ... but the guest has no rights (capability) to (re)mount?]]
|Signature=derjohn/dhozac}}

{{Question
|Question=#1 ERROR: capset(): Operation not permitted
||Details=capabilities are not enabled in kernel-setup
please check that CONFIG_SECURITY_CAPABILITIES is loaded or included in the kernel. ( check with "cat /path_to_kernel/.config | grep -i cap ")
(2.6.11.5-vs-1.9.5 + 0.30-205)
|Signature=IrcQuestions}}

{{Question
|Question=How can I make 'vserver start' mount the root filesystem?
||Details=Mount it via /etc/vservers/vserver-name/fstab, make sure to set the option 'dev' e.g.:
<pre>/dev/drbd0 / xfs rw,dev 0 0</pre>
|Signature=AdrianReyer}}

{{Question
|Question=I deleted a guest's directory without shutting it down. Now I have a "ghost" running. Is there any possibility to get it out of proc without rebooting?
||Details=
vkill --xid <xid> -s 15; sleep 2; vkill --xid <xid> -s 9

You will also need to remove guest's ip, for example with:
ip addr del <ip> dev eth0
|Signature=daniel_hozac & gebura }}

{{Question
|Question=When using nice and su (for example, in the updatedb cron job), I get: su: Permission denied. What does it mean?
||Details=A guest cannot lower its nice value - and that's what 'su' does through pam_limits which sets a nice value of 0. You can see it through strace:
$ strace nice su nobody
[...]
setpriority(PRIO_PROCESS, 0, 0) = -1 EACCES (Permission denied)
You can use 'su nobody -c nice some_cmd' instead.
(Now there's the question of why a guest process cannot lower its nice value.)
|Signature=daniel_hozac&Beuc}}

{{Question
|Question=How do I handle NFS mounts within in a guest?
||Details=There are three ways.

'''1)''' Mount the NFS share from the host OS and let vserver guest access it as part of it's file system.

''mount --bind'' may also be beneficial in this scenario.

'''2)''' Use util-vserver and create a ''fstab.remote'' file in the /etc/vserver/<vserver_name> directory. Populate this with the NFS shares and they will be mounted in the context of the vserver guest.

See http://www.nongnu.org/util-vserver/doc/conf/configuration.html

'''3)''' Add capabilities to the vserver guest instance to grant sufficient rights to allow NFS mounts.

Add the following to /etc/vserver/<vserver_name>/bcapabilities
SYS_ADMIN
Add the following to /etc/vserver/<vserver_name>/ccapabilities
SECURE_MOUNT
BINARY_MOUNT

See [[Capabilities_and_Flags]] for more information about vserver capabilities.

If you want the NFS shares to be mounted when the guest starts, add them to /etc/vserver/<vserver_name>/fstab

||Signature=martindk}}

{{Question
|Question=vserver start/stop/enter fails with something like "vnamespace: execvp("/usr/sbin/vserver"): No such file or directory" ?
||Details=Check whether ''/usr'' is mounted in the namespace you are working with.
<pre>vnamespace -e <guest> cat /proc/mounts</pre>
If there is no ''/usr'', you can fix your problem with simply mounting it using the following command:
<pre>vnamespace -e <guest> mount /dev/<device> /usr</pre>

||Signature=sim0n}}

{{Question
|Question=The command vserver <$server> start gives '/etc/init.d/rc: line 74: /etc/default/rcS: No such file or directory', what do I do?
||Details=The vserver has not been correctly installed, this has several reasons
check your install log and it should tell you something about that your server didn't get installed properly
* use stable distribution of debian as server (debootstrap may be different over the versions)
* deny_mount, deny_caps and deny_pivot should be off if your running grsec.

||Signature=Dude}}

{{Question
|Question=How could I rename a vserver directory?
||Details=Please note : this procedure renames the '''directory''', not the '''hostname''' !
#Stop the vserver in question
#rename the <tt>/vservers/<server name></tt> directory
#rename the <tt>/etc/vservers/<server name></tt> directory
#update link: <tt>/etc/vservers/<server name>/run</tt> → <tt>/var/run/vservers/<server name></tt>
#update link: <tt>/etc/vservers/<server name>/vdir</tt> → <tt>/etc/vservers/.defaults/vdirbase/<server name></tt>
#update link: <tt>/etc/vservers/<server name>/cache</tt> → <tt>/etc/vservers/.defaults/cachebase/<server name></tt>
#update link: <tt>/var/run/vservers.rev/<server XID></tt> → <tt>/etc/vservers/<server name></tt>
#Start the vserver in question. It should start properly.

|Signature=FlorianD (from ''hillct'' page in old wiki)}}

== Upgrade from 2.0 to 2.2 ==

{{Question
|Question=I now get errors like "ncontext: vc_net_create(): Invalid argument; dynamic contexts disabled." on startup. Vservers are not started
||Details=Dynamic context are disabled by default and are deprecated. For example, tagxid and network checks won't be useable with dynamic ids. Now you should manually assign a explicit context to your vservers, like
echo 101 > /etc/vservers/myvserv/context
ADDENDUM: please consider that valid static contexts are between 2 and 49151 ( daniel_hozac on IRC ) otherwise you will end up with unexplainable error "ncontext: vc_net_migrate(): No such process" when trying to start the vserver.

|Signature=daniel_hozac&Beuc}}

{{Question
|Question=How do I assign a static context to an existing vserver?
||Details=Simple ;) See the answer above.
|Signature=gcc}}

{{Question
|Question=Since upgrading to a newer VS version my guest complains about "vsched: non-numeric value specified for '--priority_bias" at start time. What's wrong?
||Details=The scheduler paramters changed.You can use this (ugly) script to convert them or do it by hand:
<pre>
# cat /usr/local/sbin/vserver-convert-schedule-to-scheddir
#/bin/sh
mkdir /etc/vservers/$1/sched
sed -e 1p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/fill-rate
sed -e 2p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/interval
sed -e 3p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/tokens
sed -e 4p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/tokens-min
sed -e 5p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/tokens-max

mv /etc/vservers/$1/schedule /etc/vservers/$1/schedule.converted.see.scheddir

# see: http://oldwiki.linux-vserver.org/Scheduler+Parameters
# see: http://www.nongnu.org/util-vserver/doc/conf/configuration.html#sched
</pre>
||Signature=derjohn}}

{{Question
|Question=Since upgrading to a newer VS version my guest doesn't have the amount of shared memory (SHM / SHMMAX / SHMALL ) as it had in the former version. What changed?
||Details=Every VS version that runs on a kernel >= 2.6.19 offers sysctl values per guest. This has to do with the 'ipc namespace' feature that was added to the mainline kernel in version 2.6.19. Linux-VServer uses that feature to give each guest a separate 'ipc namespace' and thus 'own' sysctl values per guest. Because shmmax is such a sysctl value, you have to set it per guest.
Here is an example how to do so:

<pre>
# mkdir /etc/vservers/<vserver>/sysctl/0 -p
# echo kernel.shmall > /etc/vservers/<vserver>/sysctl/0/setting
# echo 134217728 > /etc/vservers/<vserver>/sysctl/0/value
# mkdir /etc/vservers/<vserver>/sysctl/1 -p
# echo kernel.shmmax > /etc/vservers/<vserver>/sysctl/1/setting
# echo 134217728 > /etc/vservers/<vserver>/sysctl/1/value
</pre>
It's also explained on the geat flower page:
# see: http://www.nongnu.org/util-vserver/doc/conf/configuration.html -> Look for "sysctl".

After changing those values, restart your guest, enter it and check if the values are set:
<pre>
# sysctl -a | grep shm
...
kernel.shmall = 134217728
kernel.shmmax = 134217728
</pre>

||Signature=derjohn}}

Frequently Asked Questions

2009-10-20T19:05:45Z

Gebura:

<div style="margin: 2em auto 2em auto; padding: 10px; background-color: #F9ECCD; border: 1px solid #004433; text-align: center;">
[[Image:Icon-Caution.png|left]]
We currently migrate to MediaWiki from our old installation, but not all content has been migrated yet. Take a look at the [[Wiki Team]] page for instructions how to help or look at the [http://oldwiki.linux-vserver.org old wiki] to find the information not migrated yet.

'''To ease migration we created a [[List of old Documentation pages]].'''
</div>

CURRENTLY THE CONTENT OF THE OLD WIKI FAQ (AND MORE) IS BEING MIGRATED TO THIS PAGE (TASK: DERJOHN)

__TOC__

== General ==

{{Question
|Question=What is a 'Guest'?
||Details=To talk about stuff, we need some naming. The physical machine is called 'Host' and the 'main' context running the Host Distro is called 'Host Context'. The virtual machine/distro is called 'Guest' and basically is a Distribution (Userspace) running inside a 'Guest Context'.
|Signature=derjohn}}

{{Question
|Question=What kind of Operating System (OS) can I run as guest?
||Details= With VServer you can only run Linux guests. The trick is that a guest does not run a kernel on its own (as XEN and UML do), it merely uses a virtualized host kernel-interface. VServer offers so called security contexts which make it possible to separate one guest from each other, i.e. they cannot get data from each other. Imagine it as a chroot environment with much more security and features.
|Signature=derjohn}}

{{Question
|Question=Is this a new project? When was it started?
||Details=The first public occurrence of Linux-VServer was Oct 2001. The initial mail can be found here: http://www.cs.helsinki.fi/linux/linux-kernel/2001-40/1065.html
So you can expect a mature software product which does its magic quite well (And hey, we have a version > 2.0!)
|Signature=derjohn}}

{{Question
|Question=Which distributions did you test?
||Details=Some. Check out the wiki for ready-made guest images. But you can easily build own guest images, e.g. with Debian's debootstrap. Checkout [[Building Guest Systems]] how to do that.
|Signature=derjohn}}

{{Question
|Question=Is VServer comparable to XEN/UML/QEMU?
||Details=Nope. XEN/UML/QEMU and VServer are just good friends. Because you ask, you probably know what XEN/UML/QEMU are. VServer in contrary to XEN/UML/QEMU does not "emulate" any hardware you run a kernel on. The purpose of Linux VServer is to isolate (groups of) applications. The isolation is done by the kernel (see [[Overview]] for a more detailed comparison). You can run a VServer kernel in a XEN/UML/QEMU guest. This is confirmed to work at least with Linux 2.6/vs2.0.
|Signature=derjohn}}

{{Question
|Question=With which version should I begin?
||Details=If you are new to VServer I recommend to try the latest stable kernel patch, and the latest util-vserver "alpha" release.
|Signature=derjohn}}

{{Question
|Question=Is VServer secure?
||Details=We hope so. It should be as least as secure as Linux is. We consider it much much more secure though.
|Signature=derjohn}}

{{Question
|Question=Performance?
||Details=For a single guest, we basically have native performance. Some tests showed insignificant overhead (about 1-2%) others ran faster than on an unpatched kernel. This is IMVHO significantly less than other solutions waste, especially if you have more than a single guest (because of the resource sharing).
|Signature=derjohn}}

{{Question
|Question=What is the "great flower page"?
||Details=Well, [http://www.nongnu.org/util-vserver/doc/conf/configuration.html this page] contains all configuration options for util-vserver. The name of the page is derived from the stylesheet(s) it contains.
|Signature=derjohn}}

== Resources usage ==

{{Question
|Question=Resource sharing?
||Details=Yes ....
* memory: Dynamically.
* CPU usage: Dynamically (token bucket)
|Signature=derjohn}}

{{Question
|Question=Resource limiting?
||Details=You can put limits per guest on different subsystems.
* using ulimits and rlimits (rlimit is a new feature of kernel 2.6/vs2.0.) per guest, to limit the memory consumption, the number of processes or file-handles, ... : see [[Resource Limits]]
* CPU usage : see [[CPU Scheduler]]
* disk space usage : see [[Disk Limits and Quota]]
Note that you can only offer guaranteed resource availability with some ticks at the time.
|Signature=derjohn&xm}}

{{Question
|Question=How do I limit a guests RAM? I want to prevent OOM situations on the host!
||Details=First you can read [http://linux-vserver.org/Memory+Allocation] and [[Memory Limits]].
If you want a recipe, do this:
# Check the size of memory pages. On x86 and x86_64 is usually 4 KB per page.
# Create /etc/vserver/<guest>/rlimits/
# Check your physical memory size on the host, e.g. with "free -m". maxram = kilobytes/pagesize.
# Limit the guests physical RAM to value smaller then maxram:<pre>echo %%insertYourPagesHereSmallerThanMaxram%% > /etc/vserver/<guest>/rlimits/rss </pre>
# Check your swapspace, e.g. with 'swapon -s'. maxswap = swapkilobytes/pagesize.
# Limit the guest's maximum number of as pages to a value smaller than (maxram+maxswap): <pre> echo %%desiredvalue%% > /etc/vserver/<guest>/rlimits/as </pre>
# Correctly display the memory information inside the guest:<pre>echo "VIRT_MEM" >> /etc/vservers/<guest>/flags</pre>
It should be clear this can still lead to OOM situations. Example: You have two guests and your as limit per guest is greater than 50% of (maxram+maxswap). If both guests request their maximum at the same point in time, there will be not enough mem .....
|Signature=derjohn}}

{{Question
|Question=Disk I/O limiting? Is that possible?
||Details=Well, since vs2.1.1 Linux-VServer supports a mechanism called 'I/O scheduling', which appeared in the 2.6 mainline some time ago. The mainline kernel offers several I/O schedulers:
<pre>
# cat /sys/block/hdc/queue/scheduler
noop [anticipatory] deadline cfq
</pre>

The default is anticipatory a.k.a. "AS". When running several guests on a host you probably want the I/O performance shared in a fair way among the different guests. The kernel comes with a "completely fair queueing" scheduler, CFQ, which can do that. (More on schedulers can be found at http://lwn.net/Articles/114770/)
This is how to set the scheduler to "cfq" manually:
<pre>
root# echo "cfq" > /sys/block/hdc/queue/scheduler
root# cat /sys/block/hdc/queue/scheduler
noop anticipatory deadline [cfq]
</pre>
Keep in mind that you have to do it on all physical discs. So if you run an md-softraid, do it to all physical /dev/hdXYZ discs!
If you run Debian there is a predefined way to set the /sys values at boot-time:
<pre>
# apt-get install sysfsutils
[...]

# grep cfq /etc/sysfs.conf
block/sda/queue/scheduler = cfq
block/sdc/queue/scheduler = cfq

# /etc/init.d/sysfsutils restart
</pre>

For non-vserver processes and CFQ you can set by which key the kernel decides about the fairness:
<pre>
cat /sys/block/hdc/queue/iosched/key_type
pgid [tgid] uid gid
</pre>
Hint: The 'key_type'-feature has been removed in the mainline kernel recently. Don't look for it any longer :(

The default is tgid, which means to share fairly among process groups. Think every guest is treated like a own process group. It's not possible to set a scheduler strategy within a guest. All processes belonging to the same guest are treated like "noop" within the guest. So: If you run apache and some ftp-server within the _same_ guest, there is no fair scheduling between them, but there is fair scheduling between the whole guest and all other guests.

And: It's possible to tune the scheduler parameters in several ways. Have a look at /sys/block/hdc/queue/....
|Signature=derjohn}}

{{Question
|Question=Nice disk I/O scheduling, is that possible?
||Details=Well, since linux 2.6.13 processess have another priority next to the cpu nice scheduling hint, it's called io nice.
It's split into three groups, called real-time, best effort and idle. The default is best-effort, but within best-effort, you can have a niceness from 0 to and including 7.
You can set this niceness by the tool ionice, which for debian is either in the package util-linux or schedutils.
To change the io-niceness you need the <tt>CAP_SYS_NICE</tt>, '''and''' need to have the same uid as the processe you want to ionice.

:'''Note:''' If you want to use any schedulung other than best-effort you will also need the <tt>CAP_SYS_ADMIN</tt>-flag. Be warned that this gives quite some capabilities to the vserver, not just for I/O scheduling!

If you want to increase the niceness of an I/O hogging process within a vserver you need to do:
<PRE>
chcontext --xid sponlp1 sudo -u '#2089' ionice -c2 -n5 -p24409
</PRE>
with sudo and ionice installed on the root server to increase the *nice*ness of pid 24409, with uid 2089
|Signature=Groteblup}}

== Unification ==

{{Question
|Question=What is unification (vunify)?
||Details=Unification is Hard Links on Steroids. Guests can 'share' common files (usually binaries and libraries) in a secure way, by creating hard links with special properties (immutable but unlinkable (removable)). The tool to identify common files and to unify them is called vunify.
|Signature=derjohn}}

{{Question
|Question=What is vhashify?
||Details=The successor of vunify, a tool which does unification based on hash values (which allows to find common files in arbitrary paths.)
It creates hardlinks to files named after a hash of the content of the file. If you have a recent version of the vserver patch (2.2+), with CONFIG_VSERVER_COWBL enabled, you can even modify the hardlinked files inside the vservers and the links will be broken automatically.
There seems to be a catch when a hashified file has multiple hardlinks inside a guest, or when another internal hardlink is added after hashification. Link breaking will remove all the internal hardlinks too, so the guest will end up with different copies of the original file. The correct solution would be to not hashify files that have multiple links prior to hashification, and to break the link to the hashified version when a new internal hardlink is created. Apparently, this is not implemented yet (?).
|Signature=Guy-}}

{{Question
|Question=How do I manage a multi-guest setup with vhashify?
||Details=For 'vhashify', just do these once:
<pre>
mkdir /etc/vservers/.defaults/apps/vunify/hash /vservers/.hash
ln -s /vservers/.hash /etc/vservers/.defaults/apps/vunify/hash/root
</pre>
Then, do this one line per vserver:
<pre>
mkdir /etc/vservers/<vservername>/apps/vunify # vhashify reuses vunify configuration
</pre>
To hashify a running vserver, do (possibly from a cronjob):
<pre>
vserver name-of-guest hashify
</pre>

The guest needs to be running because vhashify tries to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver enter</tt>.

In order for the OS cache to benefit from the hardlinking, you'll have to restart the vservers.

To clean up hashified files that are no longer referenced by any vserver, do (possibly from a cronjob):
<pre>
find /vservers/.hash -type f -links 1 -print0 | xargs -0 rm
</pre>

Until you do this, the files still take up place even though no vservers need them.
|Signature=Guy-}}

== Filesystem usage ==

{{Question
|Question=Is there a way to implement "user/group quota" per VServer?
||Details=Yes, but not on a shared partition for now. You need to put the guest on a separate partition, setup a vroot device (to make the quota access secure), copy that into the guest, and adjust the mtab line inside the guest.
|Signature=derjohn}}

{{Question
|Question=What about "Quota" for a context? Howto limit disk usage?
||Details=Context quotas are now called Disk Limits (so that we can tell them apart from the user/group quotas :). They are supported out of the box (with vs2.0+) for all major filesystems (ext2/3, ReiserFS, JFS). You need to tag the FS with XID (see below). Please read [[Disk Limits and Quota]] for more information.
|Signature=derjohn}}

{{Question
|Question=How do I tag a guest's directory with xid?
||Details=Tagging the guest's files gives you several advantages, e.g. the accounting will work properly.
Filesystem XID tagging only works on supported filesystem. Those are currently: ext2/3, reiserfs/reiser3, xfs and jfs.
To activate the XID tagging you have to mount the filesystem with "-o tag" (former tagxid is outdated since VS2.2). Attention: It's _not_ possible to "-o remount,tag", you have to mount it freshly. The guests will tag their files automatiaclly. If you copy files in from the host, you have to tag them manually like this:
<pre>
chxid -c xid -R /var/lib/vservers/<guest>
</pre>
Note: Context 0 and 1 will see all files, guests will only be able to access untagged files and their own XID. They can see other XID files but no information about the file, e.g. no owner, no group, no permissions.
Note: It is not advised to tag the root filesystem, as [http://www.paul.sladen.org/vserver/archives/200602/0020.html explained by Herbert] : trying to do so will expose you to some troubles !
|Signature=derjohn_and_gonzo_and_are}}

{{Question
|Question=How can I copy anything from host to guest partition, normally unvisible on host?
||Details=You should just change namespace, e.g.:
<pre>
vnamespace --enter <xid> -- /bin/bash
</pre>
and then use standard cp or rsync programs.
|Signature=SergiuszPawlowicz}}

== Network ==

{{Question
|Question=Does it support IPv6?
||Details=Currently it requires an additional patch, but the functionality should be available in 2.3+ soon. [[IPv6]] has more information.
|Signature=derjohn}}

{{Question
|Question=I can't do all I want with the network interfaces inside the guest?
||Details=For now the networking is 'Host Business' -- the host is a router, and each guest is a server. You can set the capability ICMP_RAW in the context of the guest, or even the capability CAP_NET_RAW (which would even allow to sniff interfaces of other guests!). Likely to change with ngnet.
|Signature=derjohn}}

{{Question
|Question=How do I add several IPs to a vserver?
||Details=First of all a single guest vserver only supports up to 16 IPs (There is a 64-IP patch available, which is in "derjohn's kernel").
Here is a little helper-script that adds a list of IPs defined in a text file, one per line.
<pre>
#!/bin/bash
j=1
for i in `cat myiplist`; do
j=$(($j+1))
mkdir $j
echo $i > $j/ip
echo "24" > $j/prefix
done
</pre>
|Signature=derjohn}}

{{Question
|Question=How do I assign a new IP address to a running guest?
||Details=This is done from the host server:
* add the ip on the host, for example
<pre>
ip addr add 194.169.123.23/24 dev eth0
</pre>
* add the ip to the guest's network context (a guests NID is the same as the XID {context ID})
<pre>
naddress --add --nid <nid> --ip 194.169.123.23/24
</pre>
* enter the guest (best via ssh)
* restart the services that need to make use of the new address if required
* update the config in ''/etc/vserver/<servername>/interfaces'' to reflect the changes for the next guest restart (if desired)
|Signature=BenjaminGreen}}

{{Question
|Question=If my host has only one a single public IP, can I use RFC1918 IP (e.g. 192.168.foo.bar) for the guest vservers?
||Details=Yes, use iptables with SNAT to masquerade it.
<pre>
iptables -t nat -I POSTROUTING -s $VSERVER_NETZ ! -d $VSERVER_NETZ -j SNAT --to $EXT_IP
</pre>
See: [[HowtoPrivateNetworking]] and
http://www.tgunkel.de/it/software/doc/linux_server.en#h3-VServer_Masquerading_SNAT (THX, [MUPPETS]Gonzo)
|Signature=derjohn}}

{{Question
|Question=If I shut down my vserver guest, the whole Internet interface ethX on the host is shut down. What happened?
||Details=When you shut down a guest (''i.e. vserver foo stop''), the IP is brought down on the host also. If this IP happens to be the primary IP of the host, the kernel will not only bring down the primary IP, but also all secondary IP addresses. But in very recent kernels, there is an option ''settable'' which prevents that nasty feature. It's called "alias promotion". You may set it via sysctl by adding ''net.ipv4.conf.all.promote_secondaries=1'' in /etc/sysctl.conf or via sysctl command line.
|Signature=derjohn}}

{{Question
|Question=Can I run an OpenVPN Server in a guest?
||Details=
Yes. To get a OpenVPN Server running in a guest, all networking setup has to be done on the host. This answer describes the common case and shows some pitfalls, for detailled information about OpenVPN, please consult the appropriate documentation on the OpenVPN homepage.
This is the minimal OpenVPN configuration for the Server which will be used to demonstrate how to get it running in a client:
<pre>
# Networking setup
server 192.168.16.0 255.255.255.0
dev tun16
ifconfig-noexec
comp-lzo
# Certificates
dh ...
ca ...
cert ...
key ...
# Management
persist-key
keepalive 10 60
verb 4
</pre>
First of all you have to prepare the host with a persistent interface in the right mode and with the right settings. This is easily done by using openvpn and the ip and route tools.
<pre>
# openvpn --mktun --dev tun16
# ip link set dev tun16 txqueuelen 100
# ifconfig tun16 192.168.16.1 pointopoint 192.168.16.2 mtu 1500
# route add -net 192.168.16.0 netmask 255.255.255.0 gw 192.168.16.2
</pre>
If you need different settings, openvpn will tell you the ifconfig and route commands it uses to configure the interface when being started on the host with the original config file, but without ifconfig-noexec.
Additionally, the guest needs /dev/net/tun to make OpenVPN happy. This can be created with MAKEDEV:
<pre>
# cd /var/lib/vserver/<myopenvpnserver>/dev/
# ./MAKEDEV tun
(creates the dev/net/tun device accessible by the guest - even a tap interface needs /dev/net/tun !)
</pre>
Finally, the guest needs to have the tun device assigned:
<pre>
# head /etc/vservers/<myopenvpnserver>/interfaces/1/*
==> /etc/vservers/<myopenvpnserver>/interfaces/1/ip <==
192.168.16.1

==> /etc/vservers/<myopenvpnserver>/interfaces/1/nodev <==
tun16

==> /etc/vservers/<myopenvpnserver>/interfaces/1/prefix <==
24
#
</pre>
The client's conf may look like that:
<pre>
# Basic setup
client
proto tcp-client
dev tun
remote <ipaddress>
comp-lzo
verb 4

# Certificate
ca ...
</pre>

[ Based on derJohn's original answer, all errors mine ]
|Signature=DavidS}}

{{Question
|Question=Trying to connect to a vserver from the host or another vserver on the same host fails
||Details=strace shows
<pre>
sin_addr=inet_addr("xx.xx.xx.xx")}, yy) = -1 EINVAL (Invalid argument)
</pre>
A: The host/guest cannot communicate with another guest on same host.
* check all netmasks on all interfaces (do they overlap) ?
* check policy routing (disable it temporary) ?
* check that lo is up (Networking within a host/guest always uses lo interface)
|Signature=CommonProblems}}

{{Question
|Question=Can I use iptables ?
||Details=Yes but right now only on the host (rootserver). Please realize that all traffic is local and will not touch the forward chain.
|Signature=BeginnerFAQ}}

{{Question
|Question=Is it possible to prevent guest from bringing down primary ip?
||Details=Yes. Remove /etc/vservers/<guest>/interfaces/X/dev, and touch /etc/vservers/<guest>/interfaces/X/nodev
|Signature=Daniel&Serge}}

== Administration tools ==

{{Question
|Question=Which guest vservers are running?
||Details=Use vserver-stat to find out. Example output:
<pre>
CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
0 77 965.1M 334.6M 14m14s18 2m28s69 1h33m46 root server
49152 7 14M 5.2M 0m00s40 0m00s30 1h30m15 chiffon
</pre>
|Signature=derjohn}}

{{Question
|Question=Is there a web-based interface for vserver that will allow creation/deletion/configuration etc. of vserver guests?
||Details=
* http://OpenVPS.org which is a set of scripts with a web-interface for webhosters/ISPs
* http://Openvcp.org which is a distributed system (agent!) with a web-interface, with which you can build/remove guests
* http://vsmon.revolutionlinux.com/ is a distributed monitoring-only solution that allows you to search for a particular vserver in your park.
|Signature=derjohn}}

== Hosting foreign distributions ==

{{Question
|Question=I run a Debian host and want to build an Ubuntu guest. Howto?
||Details=Simple ;) Assume you want to build a breezy guest on a sid host with IP 192.168.0.2 and hostname vubuntu, then do:
<pre>
vserver vubuntu build --force -m debootstrap --hostname vubuntu.myvservers.net --netdev eth0 --interface 192.168.0.2/24 \
--context 42 -- -d breezy -m http://de.archive.ubuntu.com/ubuntu
</pre>

[UPDATE] Currently there are problems in building breezy under unclear circumstances, which seems to have to do with udev. If the above didnt work, try:
<pre>
vserver vubuntu build --force -m debootstrap --hostname vubuntu.myvservers.net --netdev eth0 --interface 192.168.0.2/24 \
--context 42 -- -d breezy -m http://de.archive.ubuntu.com/ubuntu -- --exclude=udev
</pre>
In very recent versions of the utils, the problem should not occur anymore (it has to do with the 'secure-mount' if you look in the MLs)

Well, sid's debootstrap knows how to bootstrap Ubuntu linux. Make sure to have a current debootstrap package:
<pre>
apt-get update
apt-get install debootstrap
</pre>
The knowledge how to build ubuntu 'breezy badger' (which you probably want to be your guest at the time of writing) has been added recently.
|Signature=derjohn}}

{{Question
|Question=I want to build a Gentoo guest. Howto?
||Details=Even simpler ;) See http://www.gentoo.org/proj/en/vps/vserver-howto.xml#doc_chap3 .
|Signature=gcc}}

== Application level problems ==

{{Question
|Question=I did everything right, but the application foo does not start. What's up there?
||Details=Before asking on the IRC channel, please check out the 'problematic programs' page:
[[Problematic Programs]]
|Signature=derjohn}}

{{Question
|Question=When I try to ssh to the guest, I log into the host, even if I installed sshd on the guest. What's wrong here?
||Details=Look at /etc/ssh/sshd_config of the host:
<pre>
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
</pre>
And now change the setting to
<pre>
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
ListenAddress your.hosts.ip.here # not the guests IP!
</pre>
Then '/etc/init.d/ssh restart' on the host, after that on the guest (if you did apt-get install ssh on the guest already.)
Do I have to explain more? If the hosts sshd binds all available IP addresses on port 22 (The hosts 'sees' even all addresses of the guests!). So if the guest starts its sshd, it can't bind to port 22 any more. You need to change that setting only on the host.
(BTW: A similar approach has to be done for a lot of daemons, e.g. Apache. If the daemon does not support an explicit bind, you may use the chbind command to 'hide' IP addresses from the daemon before starting.)|Signature=derjohn}}

{{Question
|Question=Bind9 does not like to start in my guest.
||Details=Check out the [[Problematic Programs]] page and/or get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian package] for Debian Sid guests and check out the [http://linux-vserver.derjohn.de/bind9-packages/README.txt readme]. (Hint: This is fresh stuff. Please give me feedback)

[UPDATE] Since VServer Devel 2.1.1-rc18 you do not need to patch the userland tools anymore. The capabilities are masked.
|Signature=derjohn}}

{{Question
|Question=My mysqld running in a guest behaves strangely and is awfully slow/locks up
||Details=This can be related to /tmp being too small. mysqld stores temporary tables in /tmp and as such, if a lot of queries happen and /tmp runs full this can cause one query to lock up whilst creating the tmp table and all other queries waiting to acquire the lock. There are two possible solutions to that problem: a.) Modify /etc/vservers/vserver-name/fstab and assign more memory to the tmpfs of /tmp and b.) remove the /tmp entry from /etc/vservers/vserver-name/fstab completly. Especially on database servers with a rather high load the second one might be the preferred method.|Signature=sp}}

{{Question
|Question=Pure-FTP does not run inside a VServer?
||Details=That's because it has capabilities enabled, make sure you rebuild your distro's package passing also the `--without-capabilities` flag to configure.
|Signature=Pedro Algarvio, aka, s0undt3ch}}

{{Question
|Question=Why do neither sshd nor crond (vixie-cron) work correctly in my CentOS / Fedora guest? I get 'pam_loginuid(crond:session): set_loginuid failed opening loginuid' and similar lines in my logs.
||Details=Took me a while to figure this out, and it turned out to be mentioned in the old wiki. Here is the solution on how to solve a common problem with sshd / crond, somehow related to selinux and auditing:

pam authentication (also used with openssh) enables "pam_loginuid.so" in the /etc/pam.d/* files. Comment those out as they are not necessary and will not load within a guest anyway. This probably is also necessary on updates later on, if the configs get changed. You therefore may add the following command line to a cronjob file or your software update script:
<pre>
/bin/sed --in-place -e "s/^session.*required.*pam_loginuid.so/# session\trequired\tpam_loginuid.so/g" /etc/pam.d/*
</pre>
|Signature=patrick}}

{{Question
|Question=How do i install nagios-plugins on a Gentoo guest?
||Details=Unfortunately, the nagios-plugins ./configure scripts wants to ping 127.0.0.1 which is not available inside a guest. Therefore you have to build nagios-plugins outside the guest.
The easiest way to do this from the host (assuming the guest is running) is:
<pre>
vnamespace -e <xid> -- chroot /vservers/<name> emerge nagios-plugins -va
</pre>
|Signature=Hollow}}

{{Question
|Question=Somebody runs ntpd in guest and you can't use ntpdate in host?
||Details=Try to run ntpdate with options -u :
ntpdate -u ntp.domain.xy
or you can use command:
chbind --nid 42 --ip 1.2.3.4 -- ntpdate ntp.domain.xy
where IP will be the IP of host.
|Signature=Punkie/Bertl}}

== Start / Stop a VServer ==

{{Question
|Question=How do I make a vserver guest start by default?
||Details=At least on Debian, I can tell you how to do it with the new-style config. If your guest is called "derjohn" and you want it to be started somewhere at the of your bootstrap process, then do:
<pre>
echo "default" > /etc/vservers/derjohn/apps/init/mark
</pre>
If you want to start it earlier, please read the init script "/etc/init.d/util-vserver" to find out how to do it. In most cases you don't need to change this. On Debian the vservers are started at "20", so after most other stuff is up (networking etc.).

Besides that I created a small helper script for managing the autostart foo: ((vserver-autostart))|Signature=derjohn}}

{{Question
|Question=My host works, but when I start a guest it says that it has a problem with chbind.
||Details=You are probably using util-vserver <= 0.30.209, which does use dynamic network contexts internally (With 0.30.210 this fact changed). So if you compiled your kernel without dynamic contexts, you may start guests, but you can't use the network context.The solution is either to switch to .210 util (or Hollow's toolset) or compile the kernel with dynamic network contexts.
SE Keyword: invalid option `nid' testme.sh
|Signature=derjohn}}

{{Question
|Question=What is old-style and new-style config?
||Details=Old-style config refers to a single text-file that contains all the configuration settings. With new-style config the configuration is split into several directories and files. You should probably go for new-style config if you are asking.
|Signature=derjohn}}

{{Question
|Question=How can I reboot/halt guests?
||Details=It depends.
For legacy Linux-VServer (i.e. 1.2.x), you have to replace /sbin/halt in the guests with vreboot and start rebootmgr in the host. You also need to have a <guest>.conf file in /etc/vservers for each guest. Please have a look at /etc/init.d/rebootmgr.
For Linux-VServer 2.0+, sys_reboot has been virtualized to do the right thing. No changes are needed in guests. Please note that some things depend on the init style used by the guest : read [[util-vserver:InitStyles]]
|Signature=derjohn}}

{{Question
|Question=What is the initial PATH?
||Details=By default, vserver uses the 'sysv' startup style, which mimics the init process by running the 3rd runlevel through '/etc/init.d/rc 3' (or '/etc/rc.d/rc 3'). Usually this 'rc' script uses a hard-coded PATH. In the case it doesn't, util-vserver also mimics init's default PATH through /etc/vservers/.defaults/apps/init/environment, or if not present /usr/local/lib/util-vserver/defaults/environment. Beware that all those default PATH usually do not include /usr/local.
|Signature=daniel_hozac&Beuc}}

{{Question
|Question=When I try to start a guest i get this message "/proc/uptime can not be accessed. Usually, this is caused by procfs-security. Please read the FAQ for more details"?
||Details=After a reboot you need to run the vprocunhide script. If running this script causes many errors to print on the screen, try checking the kernel you have booted with (perhaps it does not have the linux-vserver extensions enabled).
|Signature=mattzerah}}

== Kernel ==

{{Question
|Question=Is SMP Supported?
||Details=Yes, on all SMP capable kernel architectures.
|Signature=derjohn}}

{{Question
|Question=Do I really need the legacy-interfaces? What are these legacy-interfaces?
||Details=Since Linux-VServer is an ongoing project, new features might replace old ones, some might require a development version. Legacy-interfaces are available for backward compability (which might be removed someday) with Linux-VServer 1.2.x.
|Signature=derjohn}}

{{Question
|Question=I have a vserver running on a Linux kernel with preemption. Is VServer "preempt" safe?
||Details=There are no known issues about running vserver on a preemption enabled kernel. I would like to add, that the vserver kernelhackers would probably exclude that option in 'make menuconfig' if there would be an incompatibility. Just my $.02 :)
|Signature=derjohn}}

{{Question
|Question=32 vs 64 Bit? What should I take?
||Details=If you have the choice make the host a 64 bit one. You can run a guest as 32 bit or as 64 bit on a 64 bit host. To run it as 32 bit, you need to compile the x86_64 (a.k.a. AMD64) with the following options:
<pre>
[*] Kernel support for ELF binaries
<M> Kernel support for MISC binaries
[*] IA32 Emulation <---- without that, the entire 32bit API is not present
<M> IA32 a.out support
</pre>
You can force the guest to behave like a 32 environment like this:
<pre>
echo linux_32bit > /etc/vservers/$NAME/personality
echo i686 > /etc/vservers/$NAME/uts/machine
</pre>
(thanks cehteh for the hint!)

But you can force debootstrap to put 32 bit binaries into the guest by 'export ARCH=i386';
<pre>
export ARCH=i386 ; vserver build ....
</pre>

On debian when using the newvserver script "export ARCH=i386" has no effect, just use:
<pre>
newvserver --arch i386 ...
</pre>
|Signature=derjohn}}

== Distribution specific questions ==

{{Question
|Question=VServer is included in the stable Debian GNU/Linux for years now. What VS version did they include?
||Details=At the time of writing, Debian Lenny is the stable release of Debian and includes a 2.6.26 based kernel-package called 2.6.26-2-vserver-ARCH. This currently contains VServer 2.3.0.35 (according to changelog.Debian.gz in the Debian package).
|Signature=scientes}}

{{Question
|Question=Were can I get newer versions of VServer as ready made packages for Debian?
||Details=Here you go: http://linux-vserver.derjohn.de/ . There is also some stuff on backports.org, but my kernels are always 'devel' branch.
|Signature=derjohn}}

== Misc ==

{{Question
|Question=Why isn't there a device /dev/xyz within a guest?
||Details=Device nodes allow userspace to access hardware (or virtual resources). Creating a device node inside the guest's namespace will give access to that device, so for security reasons, the number of 'given' devices is small.
|Signature=derjohn}}

{{Question
|Question=I want to (re)mount a partition in a running guest ... but the guest has no rights (capability) to (re)mount?
||Details=I'll explain. I take as example your /tmp partition within the guest is too small, what will be likely the case if you stay with the 16MB default (vserver build mounts /tmp as 16 MB tmpfs!).
<pre>
# vnamespace -e XID mount -t tmpfs -o remount,size=256m,mode=1777 none /var/lib/vservers/<guest>/tmp/
</pre>
(if there's a problem, try expanding the symlinks in the mount path)
Be warned that the guest will not recognize the change, as the /etc/mtab file is not updated when you mount like this. To permanently change the mount, edit /etc/vserver/<guest>/fstab on the host.

If you get:
<pre>
mount: can't find /var/lib/vservers/<guest>/tmp in /etc/fstab or /etc/mtab
</pre>
then try instead:
<pre>
vnamespace -e builder chroot /var/lib/vservers/<guest>/ mount -o remount,size=64m,mode=1777 /tmp
</pre>

Note that this not work for adding a bindmount (<tt>-o bind</tt>) of a directory outside of a vserver into the vserver. For this, there is no alternative but restarting the vserver.
|Signature=derjohn}}

{{Question
|Question=Does anyone know how to increase the size of /tmp within a vserver w/o restarting?
||Details=Use the remount option for mount.
# vnamespace -e XID mount -n -t tmpfs -o remount,size=32m tmpfs /<vdir>/<guest>/tmp
or something like that. The arguments are needed since mount is not going to be using /etc/fstab for the information and the version of /proc/mounts is best understood by
# vnamespace -e XID cat /proc/mounts.
See [[Frequently_Asked_Questions#I want to (re)mount a partition in a running guest ... but the guest has no rights (capability) to (re)mount?]]
|Signature=derjohn/dhozac}}

{{Question
|Question=#1 ERROR: capset(): Operation not permitted
||Details=capabilities are not enabled in kernel-setup
please check that CONFIG_SECURITY_CAPABILITIES is loaded or included in the kernel. ( check with "cat /path_to_kernel/.config | grep -i cap ")
(2.6.11.5-vs-1.9.5 + 0.30-205)
|Signature=IrcQuestions}}

{{Question
|Question=How can I make 'vserver start' mount the root filesystem?
||Details=Mount it via /etc/vservers/vserver-name/fstab, make sure to set the option 'dev' e.g.:
<pre>/dev/drbd0 / xfs rw,dev 0 0</pre>
|Signature=AdrianReyer}}

{{Question
|Question=I deleted a guest's directory without shutting it down. Now I have a "ghost" running. Is there any possibility to get it out of proc without rebooting?
||Details=
vkill --xid <xid> -s 15; sleep 2; vkill --xid <xid> -s 9

You will also need to remove guests ip, for example with:
ip addr del <ip> dev eth0
|Signature=daniel_hozac & gebura }}

{{Question
|Question=When using nice and su (for example, in the updatedb cron job), I get: su: Permission denied. What does it mean?
||Details=A guest cannot lower its nice value - and that's what 'su' does through pam_limits which sets a nice value of 0. You can see it through strace:
$ strace nice su nobody
[...]
setpriority(PRIO_PROCESS, 0, 0) = -1 EACCES (Permission denied)
You can use 'su nobody -c nice some_cmd' instead.
(Now there's the question of why a guest process cannot lower its nice value.)
|Signature=daniel_hozac&Beuc}}

{{Question
|Question=How do I handle NFS mounts within in a guest?
||Details=There are three ways.

'''1)''' Mount the NFS share from the host OS and let vserver guest access it as part of it's file system.

''mount --bind'' may also be beneficial in this scenario.

'''2)''' Use util-vserver and create a ''fstab.remote'' file in the /etc/vserver/<vserver_name> directory. Populate this with the NFS shares and they will be mounted in the context of the vserver guest.

See http://www.nongnu.org/util-vserver/doc/conf/configuration.html

'''3)''' Add capabilities to the vserver guest instance to grant sufficient rights to allow NFS mounts.

Add the following to /etc/vserver/<vserver_name>/bcapabilities
SYS_ADMIN
Add the following to /etc/vserver/<vserver_name>/ccapabilities
SECURE_MOUNT
BINARY_MOUNT

See [[Capabilities_and_Flags]] for more information about vserver capabilities.

If you want the NFS shares to be mounted when the guest starts, add them to /etc/vserver/<vserver_name>/fstab

||Signature=martindk}}

{{Question
|Question=vserver start/stop/enter fails with something like "vnamespace: execvp("/usr/sbin/vserver"): No such file or directory" ?
||Details=Check whether ''/usr'' is mounted in the namespace you are working with.
<pre>vnamespace -e <guest> cat /proc/mounts</pre>
If there is no ''/usr'', you can fix your problem with simply mounting it using the following command:
<pre>vnamespace -e <guest> mount /dev/<device> /usr</pre>

||Signature=sim0n}}

{{Question
|Question=The command vserver <$server> start gives '/etc/init.d/rc: line 74: /etc/default/rcS: No such file or directory', what do I do?
||Details=The vserver has not been correctly installed, this has several reasons
check your install log and it should tell you something about that your server didn't get installed properly
* use stable distribution of debian as server (debootstrap may be different over the versions)
* deny_mount, deny_caps and deny_pivot should be off if your running grsec.

||Signature=Dude}}

{{Question
|Question=How could I rename a vserver directory?
||Details=Please note : this procedure renames the '''directory''', not the '''hostname''' !
#Stop the vserver in question
#rename the <tt>/vservers/<server name></tt> directory
#rename the <tt>/etc/vservers/<server name></tt> directory
#update link: <tt>/etc/vservers/<server name>/run</tt> → <tt>/var/run/vservers/<server name></tt>
#update link: <tt>/etc/vservers/<server name>/vdir</tt> → <tt>/etc/vservers/.defaults/vdirbase/<server name></tt>
#update link: <tt>/etc/vservers/<server name>/cache</tt> → <tt>/etc/vservers/.defaults/cachebase/<server name></tt>
#update link: <tt>/var/run/vservers.rev/<server XID></tt> → <tt>/etc/vservers/<server name></tt>
#Start the vserver in question. It should start properly.

|Signature=FlorianD (from ''hillct'' page in old wiki)}}

== Upgrade from 2.0 to 2.2 ==

{{Question
|Question=I now get errors like "ncontext: vc_net_create(): Invalid argument; dynamic contexts disabled." on startup. Vservers are not started
||Details=Dynamic context are disabled by default and are deprecated. For example, tagxid and network checks won't be useable with dynamic ids. Now you should manually assign a explicit context to your vservers, like
echo 101 > /etc/vservers/myvserv/context
ADDENDUM: please consider that valid static contexts are between 2 and 49151 ( daniel_hozac on IRC ) otherwise you will end up with unexplainable error "ncontext: vc_net_migrate(): No such process" when trying to start the vserver.

|Signature=daniel_hozac&Beuc}}

{{Question
|Question=How do I assign a static context to an existing vserver?
||Details=Simple ;) See the answer above.
|Signature=gcc}}

{{Question
|Question=Since upgrading to a newer VS version my guest complains about "vsched: non-numeric value specified for '--priority_bias" at start time. What's wrong?
||Details=The scheduler paramters changed.You can use this (ugly) script to convert them or do it by hand:
<pre>
# cat /usr/local/sbin/vserver-convert-schedule-to-scheddir
#/bin/sh
mkdir /etc/vservers/$1/sched
sed -e 1p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/fill-rate
sed -e 2p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/interval
sed -e 3p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/tokens
sed -e 4p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/tokens-min
sed -e 5p -n /etc/vservers/$1/schedule > /etc/vservers/$1/sched/tokens-max

mv /etc/vservers/$1/schedule /etc/vservers/$1/schedule.converted.see.scheddir

# see: http://oldwiki.linux-vserver.org/Scheduler+Parameters
# see: http://www.nongnu.org/util-vserver/doc/conf/configuration.html#sched
</pre>
||Signature=derjohn}}

{{Question
|Question=Since upgrading to a newer VS version my guest doesn't have the amount of shared memory (SHM / SHMMAX / SHMALL ) as it had in the former version. What changed?
||Details=Every VS version that runs on a kernel >= 2.6.19 offers sysctl values per guest. This has to do with the 'ipc namespace' feature that was added to the mainline kernel in version 2.6.19. Linux-VServer uses that feature to give each guest a separate 'ipc namespace' and thus 'own' sysctl values per guest. Because shmmax is such a sysctl value, you have to set it per guest.
Here is an example how to do so:

<pre>
# mkdir /etc/vservers/<vserver>/sysctl/0 -p
# echo kernel.shmall > /etc/vservers/<vserver>/sysctl/0/setting
# echo 134217728 > /etc/vservers/<vserver>/sysctl/0/value
# mkdir /etc/vservers/<vserver>/sysctl/1 -p
# echo kernel.shmmax > /etc/vservers/<vserver>/sysctl/1/setting
# echo 134217728 > /etc/vservers/<vserver>/sysctl/1/value
</pre>
It's also explained on the geat flower page:
# see: http://www.nongnu.org/util-vserver/doc/conf/configuration.html -> Look for "sysctl".

After changing those values, restart your guest, enter it and check if the values are set:
<pre>
# sysctl -a | grep shm
...
kernel.shmall = 134217728
kernel.shmmax = 134217728
</pre>

||Signature=derjohn}}

Disk Limits and Quota

2009-10-19T15:47:31Z

Gebura: Some content has been removed by a bot :( re-added it

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want to update disk usage of a guest activating disk limits, then you can use this script.
It will count the usage of all files and update the limits:
<pre>
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1
</pre>

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Disk Limits and Quota

2009-10-19T15:46:28Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want to update disk usage of a guest activating disk limits, then you can use this script.
It will count the usage of all files and update the limits:
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

util-vserver:Capabilities and Flags

2009-10-19T15:43:59Z

Gebura:

This page discusses how to set capabilities and flags for a util-vserver guest. Also check http://www.nongnu.org/util-vserver/doc/conf/configuration.html for additional information.
A couple of general rules applies to all of the files described on this page:
* The filenames are all relative to the guest's configuration directory, which typically is <code>/etc/vservers/<em><guest></em></code> but by default <code>/usr/local/etc/vservers/<em><guest></em></code> when built from source.
* One capability/flag per line
* To remove something set by default, prefix it with ~, for instance:
echo ~SET_UTSNAME >> ccapabilities
* Comments can be added with #:
echo \# Disable utsname configuration >> ccapabilities
* To set a specific bit which does not yet have a name in util-vserver, you can use the following notation to set bit 6:
echo ^6 >> ncapabilities

=== Setting context capabilities (ccaps) ===
* Add the capabilities to a file named <code>ccapabilities</code>:
echo SYSLOG >> ccapabilities
* The default ccaps are:
SET_UTSNAME
RAW_ICMP

=== Setting context flags (cflags) ===
* Add the flags to a file named <code>flags</code>:
echo VIRT_MEM >> flags
* The default cflags are (in addition to the defaults set by the kernel):
HIDE_NETIF

=== Setting network flags (nflags) ===
* Add the flags to a file named <code>nflags</code>:
echo HIDE_NETIF >> nflags
* The default nflags are:
HIDE_NETIF

=== Setting POSIX capabilities (bcaps) ===
* Add the capabilities to a file named <code>bcapabilities</code>:
echo CHOWN >> bcapabilities
* The default bcaps are:
CHOWN
DAC_OVERRIDE
DAC_READ_SEARCH
FOWNER
FSETID
KILL
SETGID
SETUID
NET_BIND_SERVICE
SYS_CHROOT
SYS_PTRACE
SYS_BOOT
SYS_TTY_CONFIG
LEASE
AUDIT_WRITE

=== Setting network capabilities (ncaps) ===
* Add the capabilities to a file named <code>ncapabilities</code>:
echo ^12 >> ncapabilities
* There are no default ncaps.

=== Modify flags without restarting the vservers ===
If you would like to edit those flags without restarting the vservers, you can use vattribute and nattribute. See [[util-vserver:Cheatsheet]]

Capabilities and Flags

2009-10-19T15:42:12Z

Gebura: added vattribute,nattribute, link to util-vserver:Cheatsheet

In computer science, a capability is a token used by a process to prove that it is allowed to perform an operation on an object. The Linux Capability System is based on "POSIX Capabilities", a somewhat different concept, designed to split up the all powerful root privilege into a set of distinct privileges.

== The Capability/Flag System ==

=== POSIX Capabilities ===

A process has three sets of bitmaps called the inheritable(I), permitted(P), and effective(E) capabilities. Each capability is implemented as a bit in each of these bitmaps that is either set or unset.

When a process tries to do a privileged operation, the operating system will check the appropriate bit in the effective set of the process (instead of checking whether the effective uid of the process is 0 as is normally done).

For example, when a process tries to set the clock, the Linux kernel will check that the process has the CAP_SYS_TIME bit (which is currently bit 25) set in its effective set.

The permitted set of the process indicates the capabilities the process can use. The process can have capabilities set in the permitted set that are not in the effective set.

This indicates that the process has temporarily disabled this capability. A process is allowed to set a bit in its effective set only if it is available in the permitted set. The distinction between effective and permitted exists so that processes can "bracket" operations that need privilege.

The inheritable capabilities are the capabilities of the current process that should be inherited by a program executed by the current process. The permitted set of a process is masked against the inheritable set during exec(). Nothing special happens during fork() or clone(). Child processes and threads are given an exact copy of the capabilities of the parent process.

The implementation in Linux stopped at this point, whereas POSIX Capabilities require the addition of capability sets to files too, to replace the SUID flag (at least for executables)

=== Upper Bound for Capabilities ===

Because the current Linux Capability system does not implement the filesystem related portions of POSIX Capabilities which would make setuid and setgid executables secure, and because it is much safer to have a secure upper bound for all processes within a context, an additional per-context capability mask has been added to limit all processes belonging to that context to this mask.
The meaning of the individual caps (bits) of the capability bound mask is exactly the same as with the permitted capability set.

=== Context Capabilities ===

As the Linux capabilities have almost reached the maximum number that is possible without heavy modifications to the kernel, it was a natural step to add a context-specific capability system.

The Linux-VServer context capability set acts as a mechanism to fine tune existing Linux capabilities. It is not visible to the processes within a context, as they would not know how to modify or verify it.

In general there are two ways to use those capabilities:
* Require one or a number of context capabilities to be set in addition to a given Linux capability, each one controlling a distinct part of the functionality. For example the CAP_NET_ADMIN could be split into RAW and PACKET sockets, so you could take away each of them separately by not providing the required context capability.
* Consider the context capability sufficient for a specified functionality, even if the Linux Capability says something different. For example mount() requires CAP_SYS_ADMIN which adds a dozen other things we do not want, so we define VXC_SECURE_MOUNT to allow mounts for certain contexts.

The difference between the context flags and the context capabilities is more an abstract logical separation than a functional one, because they are handled in a very similar way.

== List of capabilities/flags ==

Below is a list of capabilities and flags used for contexts and processes within. The tables contain the following information:

; Bit : The bit number to enable the capability/flag
; Mask : The bit number in hexadecimal notation
; Name : Human readable identifier used in userspace utilities
; Tag : Special capability/flag code to denote special behaviour, legacy usage and others (see below)
; Description : Description of capability/flag effects

=== Special capability/flags codes ===

The tag column may contain one or more of the following tags:

{| class="wikitable_inline"
! Tag
! Description
|-
| I
| Internal use only
|-
| L
| Only supported with legacy enabled
|-
| O
| One time capability/flag (once it's cleared, it can't be re-enabled again)
|-
| U
| Unsupported
|-
| X
| Slightly different meaning in legacy
|}

=== Context capabilities (ccaps) ===

The set of available context capabilities is specific to Linux-VServer and applied to all processes contained within a context. Below is a list of capabilities currently available in 2.1.1 and above.

{| class="wikitable_list"
! Bit
! Mask
! Name
! Tag
! Description
|-
| style="text-align: right" | 0
| style="font-family: monospace" | 0x00000001
| SET_UTSNAME
|
| Allow setdomainname(2) and sethostname(2)
|-
| style="text-align: right" | 1
| style="font-family: monospace" | 0x00000002
| SET_RLIMIT
|
| Allow setrlimit(2)
|-
| style="text-align: right" | 8
| style="font-family: monospace" | 0x00000100
| RAW_ICMP
|
| Allow usage of raw ICMP sockets
|-
| style="text-align: right" | 12
| style="font-family: monospace" | 0x00001000
| SYSLOG
|
| Allow syslog(2)
|-
| style="text-align: right" | 16
| style="font-family: monospace" | 0x00010000
| SECURE_MOUNT
|
| Allow secure mount(2)
|-
| style="text-align: right" | 17
| style="font-family: monospace" | 0x00020000
| SECURE_REMOUNT
|
| Allow secure remount
|-
| style="text-align: right" | 18
| style="font-family: monospace" | 0x00040000
| BINARY_MOUNT
|
| Allow binary/network mounts
|-
| style="text-align: right" | 20
| style="font-family: monospace" | 0x00100000
| QUOTA_CTL
|
| Allow quota ioctls
|-
| style="text-align: right" | 21
| style="font-family: monospace" | 0x00200000
| ADMIN_MAPPER
|
| Allow access to device mapper
|-
| style="text-align: right" | 22
| style="font-family: monospace" | 0x00400000
| ADMIN_CLOOP
|
| Allow access to loop devices
|-
| style="text-align: right" | 24
| style="font-family: monospace" | 0x01000000
| KTHREAD
|
| Allow creating kernel threads
|}

=== Context flags (cflags) ===

The set of available context flags is specific to Linux-VServer and applied to all processes contained within a context. Below is a list of flags available in 2.1.1 and above.

{| class="wikitable_list"
! Bit
! Mask
! Name
! Tag
! Description
|-
| style="text-align: right" | 0
| style="font-family: monospace" | 0x00000001
| INFO_LOCK
| L
| Prohibit further context migration
|-
| style="text-align: right" | 1
| style="font-family: monospace" | 0x00000002
| INFO_SCHED
| L
| Account all processes as one
|-
| style="text-align: right" | 2
| style="font-family: monospace" | 0x00000004
| INFO_NPROC
| L
| Apply process limits to context
|-
| style="text-align: right" | 3
| style="font-family: monospace" | 0x00000008
| INFO_PRIVATE
| L
| Context cannot be entered
|-
| style="text-align: right" | 4
| style="font-family: monospace" | 0x00000010
| INFO_INIT
| X
| Show a fake init process
|-
| style="text-align: right" | 5
| style="font-family: monospace" | 0x00000020
| INFO_HIDE
| X
| Hide context information in task status
|-
| style="text-align: right" | 6
| style="font-family: monospace" | 0x00000040
| INFO_ULIMIT
| L
| Apply ulimits to context
|-
| style="text-align: right" | 7
| style="font-family: monospace" | 0x00000080
| INFO_NSPACE
| L
| Use private namespace
|-
| style="text-align: right" | 8
| style="font-family: monospace" | 0x00000100
| SCHED_HARD
|
| Enable hard scheduler
|-
| style="text-align: right" | 9
| style="font-family: monospace" | 0x00000200
| SCHED_PRIO
|
| Enable priority scheduler
|-
| style="text-align: right" | 10
| style="font-family: monospace" | 0x00000400
| SCHED_PAUSE
|
| Pause context (unschedule)
|-
| style="text-align: right" | 20
| style="font-family: monospace" | 0x00010000
| VIRT_MEM
|
| Virtualize memory information
|-
| style="text-align: right" | 21
| style="font-family: monospace" | 0x00020000
| VIRT_UPTIME
|
| Virtualize uptime information
|-
| style="text-align: right" | 22
| style="font-family: monospace" | 0x00040000
| VIRT_CPU
|
| Virtualize cpu usage information
|-
| style="text-align: right" | 23
| style="font-family: monospace" | 0x00080000
| VIRT_LOAD
|
| Virtualize load average information
|-
| style="text-align: right" | 24
| style="font-family: monospace" | 0x00100000
| VIRT_TIME
|
| Allow per guest time offsets
|-
| style="text-align: right" | 28
| style="font-family: monospace" | 0x01000000
| HIDE_MOUNT
|
| Hide entries in /proc/$pid/mounts
|-
| style="text-align: right" | 29
| style="font-family: monospace" | 0x02000000
| HIDE_NETIF
|
| Hide foreign network interfaces
|-
| style="text-align: right" | 30
| style="font-family: monospace" | 0x04000000
| HIDE_VINFO
|
| Hide context information in task status
|-
| style="text-align: right" | 32
| style="font-family: monospace" | 0x0001<<32
| STATE_SETUP
| IO
| Enable setup state
|-
| style="text-align: right" | 33
| style="font-family: monospace" | 0x0002<<32
| STATE_INIT
| IO
| Enable init state
|-
| style="text-align: right" | 34
| style="font-family: monospace" | 0x0004<<32
| STATE_ADMIN
| O
| Enable admin state
|-
| style="text-align: right" | 36
| style="font-family: monospace" | 0x0010<<32
| SC_HELPER
| I
| Enable state change helper
|-
| style="text-align: right" | 37
| style="font-family: monospace" | 0x0020<<32
| REBOOT_KILL
|
| Kill all processes on reboot(2)
|-
| style="text-align: right" | 38
| style="font-family: monospace" | 0x0040<<32
| PERSISTENT
|
| Make context persistent
|-
| style="text-align: right" | 48
| style="font-family: monospace" | 0x0001<<48
| FORK_RSS
|
| Block fork when RSS limit is exceeded
|-
| style="text-align: right" | 49
| style="font-family: monospace" | 0x0002<<48
| PROLIFIC
|
| Allow context to create new contexts
|-
| style="text-align: right" | 52
| style="font-family: monospace" | 0x0010<<48
| IGNEG_NICE
|
| Ignore priority raise
|}

=== Network context flags (nflags) ===

The set of available network context flags is specific to Linux-VServer and applied to all processes contained within a network context. Below is a list of flags available in 2.1.1 and above.

{| class="wikitable_list"
! Bit
! Mask
! Name
! Tag
! Description
|-
| style="text-align: right" | 0
| style="font-family: monospace" | 0x00000001
| INFO_LOCK
|
| Prohibit further context migration
|-
| style="text-align: right" | 8
| style="font-family: monospace" | 0x00000100
| SINGLE_IP
|
| Enable special handling of network contexts with a single IP only
|-
| style="text-align: right" | 9
| style="font-family: monospace" | 0x00000200
| LBACK_REMAP
|
| use loopback-virtualisation (will only work in 2.3.0.xx or greater)
|-
| style="text-align: right" | 10
| style="font-family: monospace" | 0x00000400
| LBACK_ALLOW
|
| if set, allows guests without LBACK_REMAP to connect to 127.0.0.0/8
|-
| style="text-align: right" | 29
| style="font-family: monospace" | 0x02000000
| HIDE_NETIF
|
| Hide foreign network interfaces
|-
| style="text-align: right" | 30
| style="font-family: monospace" | 0x04000000
| HIDE_LBACK
|
| hides the real loopback-address from the guest (rewrites to 127.0.0.1) (will only work in 2.3.0.xx or greater)
|-
| style="text-align: right" | 32
| style="font-family: monospace" | 0x0001<<32
| STATE_SETUP
| IO
| Enable setup state
|-
| style="text-align: right" | 34
| style="font-family: monospace" | 0x0004<<32
| STATE_ADMIN
| O
| Enable admin state
|-
| style="text-align: right" | 36
| style="font-family: monospace" | 0x0010<<32
| SC_HELPER
| I
| Enable state change helper
|-
| style="text-align: right" | 38
| style="font-family: monospace" | 0x0040<<32
| PERSISTENT
|
| Make network context persistent
|}

=== System capabilities (bcaps) ===

The set of available system capabilities is inherited from the Linux kernel and applied to all processes contained within a context. Below is a list of capabilities currently available in the vanilla kernel.

<div style="color: red; font-weight: bold;">
BIG FAT WARNING: Adding any system capability to your virtual server WILL reduce security. Do not change the default values unless you absolutely know what you are doing!
</div>

{| class="wikitable_list"
! Bit
! Mask
! Name
! Description
|-
| style="text-align: right" | 0
| style="font-family: monospace" | 0x00000001
| CHOWN
| In a system with the [_POSIX_CHOWN_RESTRICTED] option defined, this overrides the restriction of changing file ownership and group ownership.
|-
| style="text-align: right" | 1
| style="font-family: monospace" | 0x00000002
| DAC_OVERRIDE
| Override all DAC access, including ACL execute access if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
|-
| style="text-align: right" | 2
| style="font-family: monospace" | 0x00000004
| DAC_READ_SEARCH
| Overrides all DAC restrictions regarding read and search on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.
|-
| style="text-align: right" | 3
| style="font-family: monospace" | 0x00000008
| FOWNER
| Overrides all restrictions about allowed operations on files, where file owner ID must be equal to the user ID, except where CAP_FSETID is applicable. It doesn't override MAC and DAC restrictions.
|-
| style="text-align: right" | 4
| style="font-family: monospace" | 0x00000010
| FSETID
| Overrides the following restrictions that the effective user ID shall match the file owner ID when setting the S_ISUID and S_ISGID bits on that file; that the effective group ID (or one of the supplementary group IDs) shall match the file owner ID when setting the S_ISGID bit on that file; that the S_ISUID and S_ISGID bits are cleared on successful return from chown(2) (not implemented).
|-
| style="text-align: right" | 5
| style="font-family: monospace" | 0x00000020
| KILL
| Overrides the restriction that the real or effective user ID of a process sending a signal must match the real or effective user ID of the process receiving the signal.
|-
| style="text-align: right" | 6
| style="font-family: monospace" | 0x00000040
| SETGID
|
* Allows setgid(2) manipulation
* Allows setgroups(2)
* Allows forged gids on socket credentials passing.
|-
| style="text-align: right" | 7
| style="font-family: monospace" | 0x00000080
| SETUID
|
* Allows set*uid(2) manipulation (including fsuid).
* Allows forged pids on socket credentials passing.
|-
| style="text-align: right" | 8
| style="font-family: monospace" | 0x00000100
| SETPCAP
| Transfer any capability in your permitted set to any pid, remove any capability in your permitted set from any pid
|-
| style="text-align: right" | 9
| style="font-family: monospace" | 0x00000200
| LINUX_IMMUTABLE
| Allow modification of S_IMMUTABLE and S_APPEND file attributes
|-
| style="text-align: right" | 10
| style="font-family: monospace" | 0x00000400
| NET_BIND_SERVICE
|
* Allows binding to TCP/UDP sockets below 1024
* Allows binding to ATM VCIs below 32
|-
| style="text-align: right" | 11
| style="font-family: monospace" | 0x00000800
| NET_BROADCAST
| Allow broadcasting, listen to multicast
|-
| style="text-align: right" | 12
| style="font-family: monospace" | 0x00001000
| NET_ADMIN
|
* Allow interface configuration
* Allow administration of IP firewall, masquerading and accounting
* Allow setting debug option on sockets
* Allow modification of routing tables
* Allow setting arbitrary process / process group ownership on sockets
* Allow binding to any address for transparent proxying
* Allow setting TOS (type of service)
* Allow setting promiscuous mode
* Allow clearing driver statistics
* Allow multicasting
* Allow read/write of device-specific registers
* Allow activation of ATM control sockets
|-
| style="text-align: right" | 13
| style="font-family: monospace" | 0x00002000
| NET_RAW
|
* Allow use of RAW sockets
* Allow use of PACKET sockets
|-
| style="text-align: right" | 14
| style="font-family: monospace" | 0x00004000
| IPC_LOCK
|
* Allow locking of shared memory segments
* Allow mlock and mlockall (which doesn't really have anything to do with IPC)
|-
| style="text-align: right" | 15
| style="font-family: monospace" | 0x00008000
| IPC_OWNER
| Override IPC ownership checks
|-
| style="text-align: right" | 16
| style="font-family: monospace" | 0x00010000
| SYS_MODULE
|
* Insert and remove kernel modules - modify kernel without limit
* Modify cap_bset
|-
| style="text-align: right" | 17
| style="font-family: monospace" | 0x00020000
| SYS_RAWIO
|
* Allow ioperm/iopl access
* Allow sending USB messages to any device via /proc/bus/usb
|-
| style="text-align: right" | 18
| style="font-family: monospace" | 0x00040000
| SYS_CHROOT
| Allow use of chroot()
|-
| style="text-align: right" | 19
| style="font-family: monospace" | 0x00080000
| SYS_PTRACE
| Allow ptrace() of any process
|-
| style="text-align: right" | 20
| style="font-family: monospace" | 0x00100000
| SYS_PACCT
| Allow configuration of process accounting
|-
| style="text-align: right" | 21
| style="font-family: monospace" | 0x00200000
| SYS_ADMIN
|
* Allow configuration of the secure attention key
* Allow administration of the random device
* Allow examination and configuration of disk quotas
* Allow configuring the kernel's syslog (printk behaviour)
* Allow setting the domainname
* Allow setting the hostname
* Allow calling bdflush()
* Allow mount() and umount(), setting up new smb connection
* Allow some autofs root ioctls
* Allow nfsservctl
* Allow VM86_REQUEST_IRQ
* Allow to read/write pci config on alpha
* Allow irix_prctl on mips (setstacksize)
* Allow flushing all cache on m68k (sys_cacheflush)
* Allow removing semaphores (Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores and shared memory)
* Allow locking/unlocking of shared memory segment
* Allow turning swap on/off
* Allow forged pids on socket credentials passing
* Allow setting readahead and flushing buffers on block devices
* Allow setting geometry in floppy driver
* Allow turning DMA on/off in xd driver
* Allow administration of md devices (mostly the above, but some extra ioctls)
* Allow tuning the ide driver
* Allow access to the nvram device
* Allow administration of apm_bios, serial and bttv (TV) device
* Allow manufacturer commands in isdn CAPI support driver
* Allow reading non-standardized portions of pci configuration space
* Allow DDI debug ioctl on sbpcd driver
* Allow setting up serial ports
* Allow sending raw qic-117 commands
* Allow enabling/disabling tagged queuing on SCSI controllers and sending arbitrary SCSI commands
* Allow setting encryption key on loopback filesystem
* Allow setting zone reclaim policy
|-
| style="text-align: right" | 22
| style="font-family: monospace" | 0x00400000
| SYS_BOOT
| Allow use of reboot()
|-
| style="text-align: right" | 23
| style="font-family: monospace" | 0x00800000
| SYS_NICE
|
* Allow raising priority and setting priority on other (different UID) processes
* Allow use of FIFO and round-robin (realtime) scheduling on own processes and setting the scheduling algorithm used by another process.
* Allow setting cpu affinity on other processes
|-
| style="text-align: right" | 24
| style="font-family: monospace" | 0x01000000
| SYS_RESOURCE
|
* Override resource limits. Set resource limits.
* Override quota limits.
* Override reserved space on ext2 filesystem
* Modify data journaling mode on ext3 filesystem (uses journaling resources)
* ''NOTE:'' ext2 honors fsuid when checking for resource overrides, so you can override using fsuid too
* Override size restrictions on IPC message queues
* Allow more than 64hz interrupts from the real-time clock
* Override max number of consoles on console allocation
* Override max number of keymaps
|-
| style="text-align: right" | 25
| style="font-family: monospace" | 0x02000000
| SYS_TIME
|
* Allow manipulation of system clock
* Allow irix_stime on mips
* Allow setting the real-time clock
|-
| style="text-align: right" | 26
| style="font-family: monospace" | 0x04000000
| SYS_TTY_CONFIG
|
* Allow configuration of tty devices
* Allow vhangup() of tty
|-
| style="text-align: right" | 27
| style="font-family: monospace" | 0x08000000
| MKNOD
| Allow the privileged aspects of mknod()
|-
| style="text-align: right" | 28
| style="font-family: monospace" | 0x10000000
| LEASE
| Allow taking of leases on files
|-
| style="text-align: right" | 29
| style="font-family: monospace" | 0x20000000
| AUDIT_WRITE
| ??
|-
| style="text-align: right" | 30
| style="font-family: monospace" | 0x40000000
| AUDIT_CONTROL
| ??
|}

== Setting flags and capabilities ==
To see how to set the flags and capabilities, see [[util-vserver:Capabilities and Flags]] if you're using util-vserver.

If you would like to edit those flags without restarting the vservers, you can use vattribute and nattribute. See [[util-vserver:Cheatsheet]]

Virtualization Overhead

2009-10-01T11:20:29Z

Gebura:

Why is there no article here?

-- because noone wrote one.

PlanetLab guys have done some measurements: http://www.cs.princeton.edu/~mef/research/vserver/paper.pdf

Disk Limits and Quota

2009-05-18T14:14:35Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want to update disk usage of a guest activating disk limits, then you can use this script.
It will count the usage of all files and update the limits:
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Disk Limits and Quota

2009-05-18T14:13:49Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want update disk usage of a guest activating disk limits, then you can use this script.
It will count the usage of all files and update the limits:
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Disk Limits and Quota

2009-05-18T14:11:25Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want update disk usage of a guest after setting the limits you can use this script.
It will count usage of all files and update the limits:
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Disk Limits and Quota

2009-05-18T14:10:47Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want update disk usage of a guest after setting the limits you can use this script:
It will count usage of all files and update the limits
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Disk Limits and Quota

2009-05-18T14:01:25Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want update disk usage of a guest after setting the limits you can use this script:
#/bin/sh
_dir=/var/lib/vservers
if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;
chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Disk Limits and Quota

2009-05-18T14:01:05Z

Gebura:

== Introduction ==
We call ''Disk Limit'' a disk space limit in a filesystem for one context (i.e. VServer). If you are interested in using user/group quotas inside a VServer, this is not the right place, look at the [[Quotas]] page.

Of course, you can also use a dedicated partition (or logical volume) for each guest, which is another way to limit disk space usage per guest.

== Activating disk limits ==

For VServer version 2.0, please read http://oldwiki.linux-vserver.org/Disk+Limits

For VServer 2.2+, the procedure is nearly the same, only the mount option has changed:

# Activate the XID tagging on the filesystem hosting the VServer, using the ''tag'' mount option. You cannot use the ''remount'' option to add the tag on an already mounted filesystem. '''Be warn''', it is not advised to use it on the root filesystem! In the next example, we use the <tt>/dev/sdb1</tt> partition to host all the guests, under the <tt>/vservers</tt> directory <pre>mount -o tag /dev/sdb1 /vservers</pre>
# Consider modifying your <tt>/etc/fstab</tt> file if necessary, to make the mount option persist across reboots
# Tag the files belonging to the VServer with its XID <pre>chxid -URx -c vs_name /vservers/vs_name </pre>
# Write the limits under the <tt>/etc/vservers/vs_name/dlimits</tt> directory :
## Create this directory if necesary
## Create one sub-directory for each filesystem (in most cases, you should have only one), using any identifier (for example <tt>root</tt>)
## Under <tt>/etc/vservers/vs_name/dlimits/root/</tt> create the following files :
### <tt>directory</tt> : contains the directory to which the limit should be applied
### <tt>inodes_total</tt> : the amount of inodes this vserver should be limited to
### <tt>reserved</tt> : how much space (percentage-wise) should be reserved for the root user
### <tt>space_total</tt> : the amount of space this vserver should be limited to (measured in blocks of 1024 bytes)

== Controling disk limits ==

After starting your VServer, you can control the actual limit using the ''vdlimit'' command (in this example, 300 is the context number associated with ''vs_name'') :
# vdlimit --xid vs_name /vservers
300 /vservers
space_used=154604
space_total=204800
inodes_used=7834
inodes_total=100000
reserved=5

You can also use the ''vdu'' command to count space or inodes used by a specific guest
# vdu --xid vs_name --space /vservers
/vservers 154604
# vdu --xid vs_name --inodes /vservers
/vservers 7834

If you just want update disk usage of a guest after setting the limits you can use:
#/bin/sh
_dir=/var/lib/vservers

if [ ! -d $_dir/$1 ]; then
echo no such vserver
exit 1;
fi;

chxid -URx -c $1 $_dir/$1
vdlimit --xid $1 -s space_used=$(vdu --xid $1 --space $_dir/$1 | cut -d" " -f2) $_dir/$1
vdlimit --xid $1 -s inodes_used=$(vdu --xid $1 --inode $_dir/$1 | cut -d" " -f2) $_dir/$1

== Removing disk limits ==
To remove disk limits, remove the <tt>/etc/vservers/vs_name/dlimits/root</tt> directory '''and''' remove the limits with the following command
# vdlimit --xid vs_name --remove /vservers

== More information ==
* See also ''dlimits'' on the util-vserver homepage http://www.nongnu.org/util-vserver/doc/conf/configuration.html
* For information about limiting diskspace with XFS, please see the [[XFS]] page.

Frequently Asked Questions scratch

2009-05-15T15:58:50Z

Gebura:

== A. General ==
{{Question|Question=Credits||Details=
This FAQ includes information taken from the FAQs of Jacques GÃ©linas and Paul Sladen.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Are there other FAQs available?||Details=
Yes. There are other (mostly older) FAQ's available:
*[http://www.solucorp.qc.ca/howto.hc?projet=vserver Jacques GÃ©linas FAQ]
*[http://www.paul.sladen.org/vserver/faq/ Paul Sladen's vserver FAQ]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find a overview of Linux-VServer?||Details=
*((short presentation))
* [http://en.wikipedia.org/wiki/Linux-VServer Wikipedia Article]
*ProjectOverview (an introduction to the VServer Project, by ChuckD)
*[http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 Introduction by Jacques GÃ©linas]
|Signature=Linux-Vserver FAQ}}{{Question|Question=How to verify that a setup is working properly?||Details=
*To verify that your setup works properly, there are some test scripts to check basic functionality.
primarily [http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh testme.sh] and [http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh testfs.sh] (see ((TestScripts)) for more details)|Signature=Linux-Vserver FAQ}}

== B. Requirements ==
{{Question|Question=What hardware is supported by linux-vserver?||Details=
The following platforms are supported in the stable versions of linux-vserver.
*alpha
*i386 and higher (and compatible)
*ia32 / ia64
*mips / mips64
*hppa / hppa64
*ppc / ppc64
*sparc / sparc64
*s390 / s390x
*x86_64 (AMD64)
*uml/xen
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which kernel versions are supported?||Details=
recent 2.4 and 2.6 kernels (stable), recent 2.6 kernels (development).
Some ancient versions of Linux-VServer are backported to 2.2.x kernels. You can find more information [http://vserver.digitalangel.com.au/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I run Linux-vserver on my favorite distribution?||Details=
Linux-VServer was originally developed on Red Hat/Mandriva, but it is rather distribution independent. It runs fine with other distributions (Debian, SuSE). Some distributions run a patched kernel, which can make it a bit harder to build a new kernel with Linux-VServer support|Signature=Linux-Vserver FAQ}}

== C. Versions ==
{{Question|Question=What's the latest version of Linux-VServer?||Details=
You can find the [http://www.13thfloor.at/vserver/s_release latest stable 2.4 release] or [http://www.13thfloor.at/vserver/s_rel26 latest stable 2.6 release] as well as the [http://www.13thfloor.at/vserver/d_rel26 latest development release] at [http://www.13thfloor.at/vserver/ http://www.13thfloor.at/vserver/]
Check out the ((Release FAQ)) for information on releases and version numbering
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find prereleases and release candidates?||Details=
Check the [http://vserver.13thfloor.at/Experimental experimental area] for new patches.|Signature=Linux-Vserver FAQ}}

== D. Tools (util-vserver and vserver) ==
{{Question|Question=What do I need them for?||Details=
These are the userspace tools for Linux-VServer. You need them to use the functionality of Linux-VServer.
|Signature=Linux-Vserver FAQ}}{{Question|Question=What's the difference between vserver and util-vserver?||Details=
The vserver package are the 'legacy utilities', written by Jacques GÃ©linas.
The util-vserver package is a reimplementation of these tools in C by Enrico Scholz, which follows the kernel development more closely.
util-vserver tools are currently considered the mainstream tools (You can't use both packages on the same machine.)
Both packages have their own version numbering. Don't let the version numbering confuse you.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which version of the tools packages do I need? Do I have to upgrade?||Details=
*:It can be useful to have a recent version of the tools package installed on your box. It's a good idea to upgrade your tools when you upgrade your kernel. In the next list you find the versions you need to have at least, but it's a good idea to use more recent versions.
*linux-vserver 1.00
**vserver 0.26
**util-vserver 0.24
*linux-vserver 1.20
**vserver 0.28
**util-vserver 0.25
*linux-vserver 2.00
**util-vserver 0.30 or 0.30.209|Signature=Linux-Vserver FAQ}}

== E. Download ==
{{Question|Question=Where can I dowload the latest version of:||Details=
*[http://www.13thfloor.at/vserver/ The kernel patch]
*[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*[http://savannah.nongnu.org/files/?group=util-vserver util-vserver]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Distribution specific packages||Details=
*Red Hat
**[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*Mandrake
**[http://www.13thfloor.at/vserver/s_release/v1.00/ vserver]
*Debian
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver&searchon=names&subword=1&version=all&release=all vserver] - All Linux-VServer-related Debian-packages (Probably slow, +100 results).
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=linux-image-2.6-vserver&searchon=names&subword=1&version=all&release=all Official precompiled kernels] - These are the official Debian kernels compiled with Linux-VServer-support.
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver-debiantools&searchon=names&subword=1&version=all&release=all vserver-debiantools] - These scripts install Debian straight off the web from Debian.org's world-wide network of mirrors.
*Gentoo
**[http://dev.croup.de/proj/gentoo-vps/wiki/VserverHowto vserver]|Signature=Linux-Vserver FAQ}}

== F. Network Usage? ==
{{Question|Question=Is IPv6 supported?||Details=
At this moment, only IPv4 (the current most frequently used standard) is supported.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I put my vservers in different networks?||Details=
Yes you can. You have to bind your vserver to a interface on the host machine, but you can choose the interface in the configuration file of your vserver (in /etc/vservers/SERVER.conf). Make sure your host server does have an interface in the network you need on your vserver.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible for a vserver to have a other default gateway than the host machine does use?||Details=
Yes. Use iproute2 to set the default gateway.
You can find more information on routing in linux-vserver in [http://archives.linux-vserver.org/200311/0470.html this posting] on the mailinglist.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I use more than one IP address in a vserver||Details=
Yes you can. Edit the configuration file of the vserver (/etc/vservers/SERVER.conf).
In case you want to use example IP addresses on one interface
IPROOT="10.1.2.3 10.1.2.12"
IPROOTDEV="eth0"
In case you want to use 2 or more interfaces
IPROOT="eth0:10.1.2.3 eth1:10.1.2.12"
IPROOTDEV=""
In case you want to use IP-number in different subnets
IPROOT="eth0:10.1.2.3/255.255.255.0 eth0:10.1.3.12/255.255.0.0"
IPROOTDEV=""
If you are using vserver 2.0+ you have to create subdirectories in /etc/vserver/<vserver-name>/interfaces/
for each IP you want to use, i.e.
/etc/vserver/<vserver-name>/interfaces/0
/etc/vserver/<vserver-name>/interfaces/1
These subdirectories have to contain files with the options you want to set. See the [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html Flower page] for more info
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible to use the real device (eth0, eth1) instead of the device alias created by vserver?||Details=
Yes. Set up the IP aliases yourself on the host server
*Set IPROOT= to those IPs
*Unset IPROOTDEV so the vserver script won't try to setup the IP aliases.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I modify the behavior of my vservers?||Details=
There are a number of capabilities and flags that you can modify listed [http://linux-vserver.org/Caps+and+Flags here] (and [http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/cflags-v13.c?rev=HEAD here (cflags-v13.c)]).
|Signature=Linux-Vserver FAQ}}{{Question|Question=Were can I find more information on networking in Linux-VServer?||Details=
You can find more information on the internals of networking in Linux-VServer [http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt here].|Signature=Linux-Vserver FAQ}}

== G. Software compatibility ==
{{Question|Question=Bind does not work in a vserver||Details=
* capset failed
* The bind package expect to have the capability CAP_SYS_RESOURCE.
It expects this because it was compiled this way on Linux and to increase its ulimit.
* By default, a vserver does not have this capability for a good reason, you may have a look at 'man capabilities' to see how much control that capability allows.
* A vserver starts with some ulimit values and can only reduce them, not enlarge them.
* If you know what you are doing, you can give the capability to the vserver running bind.
* A securer solution is to compile bind without that requirement by specifying './configure --disable-linux-caps'
It looks like you only can run bind as root once you compile bind with this option, but this should be fine inside a vserver.
* bind does not respond to queries
* Bind seems to have problems with a query socket check. Bind believes the query is comming on a non-query socket, and doesn't answer the request.
* putting "query-source address YOUR_VSERVER_IP;" in your named.conf solves this problem.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Is DHCP possible in a vserver?||Details=
It's possible to run a DHCP server inside a vserver, but it required a CAP_NET_RAW capability.
The solution for 2.6 kernel with new-style config is to add CAP_NET_RAW entry in the /etc/vserver/<vserver-name>/bcapabilities file, and it might be unnecessary to add 255.255.255.255 into bcast file, please read [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for more details. If you are still use the legacy config, please read the answer below.
It's possible to run a DHCP server inside a vserver, but there is a catch. The set_ipv4root assigns one IP and one broadcast address to a vserver. UDP service listening to 0.0.0.0 (bind any) in a vserver are indeed listening to the vserver IP and vserver broadcast.
This is all they will get. This is fine for most services.
Unfortunately, dhcpd is receiving special broadcasts. Its clients are unaware of their IP number, so they are using special broadcast 255.255.255.255 address.
A vserver generally runs with the broadcast address of the network device (the one used to setup the IP alias). This network device has a broadcast address which is never 255.255.255.255. Those special broadcast are not sent to the vserver. The solution is to set the IPROOTBCAST entry in the vserver configuration file like this IPROOTBCAST=255.255.255.255
Restart your vserver and dhcpd will work. There is a catch (at least with 2.4.18ctx-9). If you are using other services in the save vserver, also relying on broadcast for proper operation (samba for one), they won't operate properly.
One solution would be to enhance the semantics a little: A vserver would listen for its IP address, its broadcast address and also for 255.255.255.255.
The dhcpd case is probably very specific though.

|Signature=Linux-Vserver FAQ}}{{Question|Question=NFS-server||Details=
It's not posible to run a NFS-kernel server inside a vserver, to work securely this would need a lot of work.
You can try to run the NFS userspace server, the traditional Linux user space NFS server and UNFS3 are both reported to work.
take a look at ((NFS and portmap)) if you have problems with your portmap

|Signature=Linux-Vserver FAQ}}{{Question|Question=Run Level Based Distributions as Ververs (Red Hat and such ....)||Details=
If you see errors after the command vserver <name> stop like these:

Syncing hardware clock to system time hwclock is unable to get I/O port access: the iopl(3) call failed FAILED]
Turning off swap: Not superuser. [FAILED]
Turning off quotas: quotaoff: Can't stat() mounted device /dev/hdv1: No such file or directory
Unmounting file systems: umount2: No such file or directory umount: /vservers: not found

Then look for S* links in /etc/rc6.d/ and remove the one responsible for the errors. In RH9 it is called S01reboot
A 'normal' server does some stuff on shutdown, like saving the time to the hwclock, or storing random pool data and finally invokes the reboot. Some of those actions are just not allowed in a vserver.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Vservers and X Windows||Details=
Please see the ((Vservers and X)) page for information about this.

|Signature=Linux-Vserver FAQ}}{{Question|Question=sshd with X11-Forwarding in a vserver||Details=
add ```'X11UseLocalhost no'``` to your sshd_config
|Signature=Linux-Vserver FAQ}}{{Question|Question=See also: [ProblematicPrograms]||Details=
== H. Help ==
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find more information on the Linux-VServer project?||Details=
First have a look at the ((documentation)) section of the website. In case you can't find the answer here, have a look at the mailinglist archives. If this doesn't help jou, there is still a mailinglist and a IRC channel were you can ask for help.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Does the Linux-VServer project have a mailing list?||Details=
Yes. You can subscribe [http://list.linux-vserver.org/mailman/listinfo/vserver here]. Archives are located [http://list.linux-vserver.org/archive/vserver/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is there a IRC channel ||Details=
Yes, join #vserver on irc.oftc.net.|Signature=Linux-Vserver FAQ}}

== I. Issues ==
{{Question|Question=When starting or entering a vserver I get "''Error: /proc must be mounted''". 'vserver-stat' and 'vps' are failing with "''open("/proc/uptime"): No such file or directory''". Sometimes, other files in /proc are mentioned. What can I do?||Details=
Make sure that in devel and experimental the required proc entries are visible inside a vserver. With alpha utilities, execute the ||Details=vprocunhide||Details= script. See ((Proc-Security)) also.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Inside a vserver I can still use mknod to create devices, even without CAP_MKNOD capability. What's wrong? (this probably applies to all other capabilities but that was not tested)||Details=
This is probably a problem in your kernel configuration. If you include "Enable different security models" (CONFIG_SECURITY), then make sure to also include "Default Linux Capabilities" (CONFIG_SECURITY_CAPABILITIES) or compile it as a module. In this latter case you must insert the 'capability' module into the kernel. This is for example true for current (2.6.8.1) debian kernel configurations.
|Signature=Linux-Vserver FAQ}}{{Question|Question=After stopping/restarting a vserver my network is gone! What the hell?||Details=
See above.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Only root can access any files in the vserver||Details=
Check the permissions of the vserver's / directory. The 2.4 branch's chroot-escape blocker (chmod 0000 and chattr +t) is meant to be applied to the directory containing the vservers (for example /vservers) not the vservers' root directories themselves. If you revoked all permissions for a vserver's root directory, re-grant them with "chmod 0755 /path/to/vserver-root".
|Signature=Linux-Vserver FAQ}}{{Question|Question="daemon() failed: Success" - What? Succesfully failing?||Details=
Not really vserver related but here's the answer: Somebody replaced your /dev/null with a regular file, create a real /dev/null and it will start working again. We got no idea why the error message happens to be so funny(?).
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I start a vserver, "FATAL: kernel too old" message appears and vserver can't be started||Details=
Edit your /etc/vservers/<vsname>/uts/release and define a value greater than kernel version
example, if you have a kernel "2.6.11", set "2005" for example :-)
|Signature=Linux-Vserver FAQ}}{{Question|Question=I switched from old to new configuration and now all my ip addresses are gone!||Details=
They are not, ifconfig just doesn't show them. The new tools use 'iproute' instead of 'ifconfig' which allows you to use multiple interface addresses with the same label. In such cases, ifconfig shows only the first address for each label, which probably isn't available in the vserver. Unless you specify a name for an ip address, it will be given the interface name as label, eg. eth0, and ifconfig breaks. You can assign names to your interface addresses in the vserver configuration, see [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for details.
Earlier, we said that the interface addresses were "nameless", this was wrong. As said above, the addresses in question actually all have the same name/label. Knowing this we could actually virtualize the ioctl interface which ifconfig uses in a meaningful way, making ifconfig show the vserver's ip addresses as expected, even when it shares its label with other ip addresses (of course only if there aren't multiple ip addresses in the same vserver that share the same label, but that's an ifconfig limitation, not a vserver bug). The [http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.16.5-vs2.0.2-rc16-devinet_ioctl.diff patch] should apply to most Linux-VServer versions for kernel 2.6 and will probably be included in future versions.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I enter/ssh into a vserver I can see all of the interfaces and interface aliases with ifconfig.||Details=
I experienced this after upgrading from a 2.4 to 2.6 kernel with vs-2.0 patch using legacy-method .conf files. Upgrading from legacy-method to the new one (see [http://linux-vserver.org/Legacy-To-Newstyle-Config Converting From Legacy to New]) caused the problem to go away.
|Signature=Linux-Vserver FAQ}}{{Question|Question=I keep my vserver roots on their own devices. I can unmount them but the device (like drbd or lvm) remains in use until all of my vservers are killed off ("Someone has opened the device for RW access").||Details=
When you mount something it is recorded in the current namespace. When you start a vserver it makes copy of the namespace. You can then unmount in the original namespace without any problems, however the device is still in use. This is because the device is still mounted in the new namespace. You can do something like this: "vnamespace -e runningVserver umount /mnt/point". After this you should be able to remove the device (drbdadm secondary /dev/drbd0 or whatever).
More information:
*[http://linux-vserver.org/Namespaces About Namespaces]
*[http://linux-vserver.org/advanced+DRBD+mount+issues DRBD Mount Issues]
*[http://list.linux-vserver.org/archive/vserver/msg11444.html This thread], which deals with the same issue.
*[http://list.linux-vserver.org/archive/vserver/msg10415.html This thread], terse but helpful.
*[http://www.gossamer-threads.com/lists/drbd/users/9282?page=last And this], a thread of related stuff.
WARNING: if you use the kernel cleanup feature then make sure you know what you are doing. I didn't, it was ugly.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I stop a vserver its network alias does not go away, I am getting 'RTNETLINK answers: Cannot assign requested address||Details='
Try running 'ip addr' and see if the interface names are being truncated (note: I came across a thread that seems to suggest that this might happen even if the interface name is not being truncated?). The function that kills the interface specifies its name, if it is truncated then 'ip' will not be able to find the interface.
Another cause might be that the IP was added (or already present at startup) with a different netmask, and therfore can not be removed properly
My solution to this is very, very gross. Open up your vserver.functions file and find the disableInterfaces function. If you change
IP_ADDR) $_IP addr del "$@";;
to
IP_ADDR) $(echo $_IP addr del "$@"|sed 's/broadcast + label [^[:space:]]\+//');;
then ip will try to delete the interface by its IP alone.
Anyone with a better solution is strongly encouraged to modify this entry.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Why does the vserver run on a BSD fs (ufs) ?!||Details=
* I see something like: /dev/hdv1 / ufs defaults 0 0
The ufs part is correct and it is so to trick the quota tools to not try to lowlevel access the fs. The entry is FAKE anyway, ufs just solved this quota userland issue nicely (more or less).
* For details see: [http://list.linux-vserver.org/archive/vserver/msg09133.html] and [http://archives.linux-vserver.org/200401/0232.html]
* When I issue a ping it returns:
[root@VServerGuest /]# ping 123.123.123.123
connect: Invalid argument
* When I issue a DNS lookup it returns:
[root@VServerGuest /]# host www.yahoo.ca
socket.c: internal_send: 222.222.222.222#53: Invalid argument
;; connection timed out; no servers could be reached
* When I try to run vyum it returns:
[root@VServerGuest /]# vyum VServerGuest -- check-update
Cannot find a valid baseurl for repo: core
Error: Cannot find a valid baseurl for repo: core
Make sure that you have either a Public IP setup on the VServer Guest, or that you have a proper SNAT/DNAT rules setup on your VServer Host. After that, restart the vserver guest with the verbose option to see what your ipv4root is set to:
[root@VServerGuest /]# vserver -v VServerGuest start
ipv4root is now 127.0.0.10 111.111.111.111
New security context is 49156
You must make sure the order of the interfaces are correct. The very first Interface (decided upon by alphabetical order of the interface directory name) for the VServer is the default IP used for all network connections. This must be either a public IP or an IP that has been D/SNAT'd.
|Signature=Linux-Vserver FAQ}}

== G. Problematic Programs ==
Some programs do things that might work on a normal host but not inside a V-Server. This is often not a fault of V-Server itself, the programs are doing automagic things which fail and no proper error handling is done. Also sometimes the actions need special rights which are not permitted by default in V-Servers. Allowing CAPs is often not necessary since those special CAPs are only required once (e.g. when the program initializes the directories/settings/whatever).

{{Question|Question=OpenGroupware Apache Module
||Details=If your V-Server doesn't have access to localhost, then the connection to the !OpenGroupware server will fail with a "Internal Server Error".
The apache module for !OpenGroupware called mod_ngobjweb uses a hardcoded "127.0.0.1" IP address in the source (handler.c line 339), this line you need to change to the IP address that should be used (the IP of the V-Server that runs the OpenGroupware server)|Signature=ProblematicPrograms}}

{{Question|Question=Hylafax (with CAPI)|Details=
:If you want to run hylafax in a V-Server, you will get a CAP and device problem which can be easily solved. First you need your capi20 devices in your V-Server, which can't be created by ./MAKEDEV (requires special CAPs) so copy the devices into the V-Server, like this (command run on the host):
:cp -aR /dev/capi* /vservers/your_vserver/dev
:Now hylafax can access your CAPI ISDN card but will exit after a few seconds, the problem is it tries to create a /dev/null nod in the hylafax chroot. This fails because of missing CAPs, so lets help hylafax again with copying the nod into the hylafax chroot in the V-Server. Like this (command run on the host):
:cp -aR /dev/null /vservers/your_vserver/var/spool/hylafax/dev
:Allright, now hylafax should have CAPI access and run properly.|Signature=ProblematicPrograms}}

{{Question|Question=Links inside screen inside a V-Server|Details=
:Don't know why, but links crashes systematically being inside a screen session inside a V-Server started outside a V-Server. (please elaborate!)|Signature=ProblematicPrograms}}

{{Question|Question=screen inside a VServer|Details=

<pre>

[root@ge root]# vserver zoe enter

zoe:/# screen
Cannot open your terminal '/dev/pts/5' - please check.

zoe:/# strace screen
...
stat64("/dev/pts/5", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
open("/dev/pts/5", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)

</pre>

:is neither a bug nor an issue with screen, it just shows that a vserver context is not allowed to mess with host terminals. either use ssh/telnet to reach the 'guest' or start the screen session before you do the 'enter' (i.e. on the host)|Signature=ProblematicPrograms}}

{{Question|Question=!OpenLDAP Startup|Details=
:slapd needs name resolution available in order to start up, otherwise it appears to hang. Make sure you have working DNS (or whatever) available to your vserver before starting one with slapd. This behavior is confirmed in my setup, no confirmation from others yet. My Setup: vservers all bind to an interface on a DMZ-like network segment, BIND runs on a vserver. slapd would hang at startup if the BIND vserver had not been started first.|Signature=ProblematicPrograms}}

{{Question|Question=rndc|Details=
:Bind's rndc has a hardcoded 127.0.0.1 somewhere so any command to rndc will fail with connection refused.
:You should have a reachable localhost address defined in /etc/hosts and then you can use rndc -s localhost command
:You can make a rndc.conf and set the default-server option, like that the '-s localhost' isn't necessary.|Signature=ProblematicPrograms}}

{{Question|Question=Asterisk|Details=
:Since some version of Asterisk (at least since 1.0.2), it will not run anymore. On start it fails with: "Unable to set high priority"
:This can be solved by allowing CAP_SYS_NICE for that VServer.
:You can also not run Asterisk with the realtime priority :
:Just pass the '-p' command ligne argument to disable the read-time priority.
:.
:Good doc on setting up Asterisk devices in the vserver:
:http://www.telephreak.org/papers/vpa/|Signature=ProblematicPrograms}}

{{Question|Question=Open/!FreeSwan|Details=
:Fails because of writing to /proc (requires patch)
:TODO: write me|Signature=ProblematicPrograms}}

{{Question|Question=Samba|Details=
:Oplocks don't work as smbd insists on receiving break requests from 127.0.0.1 \\
Just patch source/smbd/oplock.c (commenting paranoid code)
<pre>
+++ oplock.c.orig 2005-02-14 14:27:51.000000000 +0200
--- oplock.c 2005-02-02 12:27:50.000000000 +0200
@@ -181,14 +181,12 @@
return False;
}

+#if 0
/* Validate message from address (must be localhost). */
if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
DEBUG(0,("receive_local_message: invalid 'from' address \
(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
return False;
}
+#endif

/* Setup the message header */
SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
</pre>
or if you don't want to patch the samba source code you can disable oplock in Samba and it will work too!
Just put the following in your smb.conf:
<pre>
kernel oplocks = no
oplocks = no
</pre>

Note: The Vserver using Samba should also listen on the broadcast address. Thereby you will not be able to have two samba servers in the same net (on the same broadcast). |Signature=ProblematicPrograms}}

{{Question|Question=Samba from Debian 3.1|Details=
The samba deb in sarge (3.1) provided file sharing. The only oddity observed is that the vserver guest running samba did not appear in a windows box's 'My Network Places'
Use a WINS server. The SMB browsing protocol relies heavily on broadcasts on the local net, which are problematic with vservers. WINS resolution on the other hand is unicast and works flawlessly under vserver.|Signature=ProblematicPrograms}}

{{Question|Question=Samba printer and file server with cups|Details=
:Samba runs correctly in a Mandriva (Mdk) 10.1 Vserver, (Apart from the above oplock problem ?).
: \\
First, edit your {{/etc/sysconfig/network}} file, and set {{networking}} to {{yes}} (This will solve problems for other services !):
<pre>
# cat /etc/sysconfig/network
NETWORKING=yes
</pre>
: \\
Some more tweaking is needeed in {{/etc/smb.conf}}:
<pre>
# cat /etc/smb.conf
...
# YOUR VSERVER IP/MASK HERE
interfaces = xxx.xxx.xxx.xxx/mask
...
</pre>
: \\
That's all !!!
: \\
But if you're using Samba + Cups to provide printing for Windows clients, AND if you want to use the {{Point and Print}} feature, there is more: In the {{[printers]}} section of your {{smb.conf}}, you should have the {{use client drivers}} directive set to {{no}}, or the driver upload procedure will fail !
<pre>
# cat /etc/smb.conf
...
use client driver = no
...
</pre>
: \\
So, here is a full {{smb.conf}} file:
<pre>
# cat /etc/samba/smb.conf | awk '!/^$/ && !/^\s*(#|;)/ {print $0}'
[global]
workgroup = MYDOMAIN
netbios name = MYHOSTNAME
server string = MYCOMMENT (Samba %v)
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 127. MYVSERVERIP/MYVSERVERMASK
wins server = MYWINSIP
dns proxy = no
# for french users:
dos charset = 850
unix charset = ISO8859-1
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
use client driver = no
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
</pre>
: \\
...And a working smbusers:
<pre>
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator MYDOMAIN\administrator
nobody = guest pcguest smbguest
</pre>|Signature=ProblematicPrograms}}

{{Question|Question=Cups print server|Details=
: Symptoms: The Cups init script exits with:
<pre>
Starting CUPS printing system: cupsd: Child exited with status 98!
</pre>
: \\
And the logs ({{/var/log/cups/error_log}}) show:
<pre>
E [date:hour...] StartListening: Unable to bind socket for address 0.0.0.0:631 - Address already in use.
</pre>
:...Or something like this.
: \\
With a correct "cupsd.conf file" (Tested version 1.1.21-0.rc1.7mdk, on Mandrake 10.1 - Now Mandriva), it works; All we need is to remove references to {{127.0.0.1}} or {{localhost}} from the file, as well as correctly unsetting the {{Listen}} directive:
<pre>
LogLevel info
TempDir /var/spool/cups/tmp
# No 'Listen' directive !
Port 631
BrowseAddress @LOCAL
BrowseDeny All
BrowseAllow @LOCAL
BrowseOrder deny,allow
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From YOUR_NETWORK_ADDRESS/YOUR_NETMASK # Example: 172.16.0.0/24
# Or
Allow From @LOCAL
</Location>
</pre>
: \\
Then you'll need to modify the {{/etc/init.d/cups}} script, to comment any section referring to {{127.0.0.1}} lookup and configuration. This section exists at least on Mandrake 10.1, and is pretty long (Lines 35 to 55 and/or 79), and additionnaly four "{{else...if}}" lines must be commented far below (Lines 161 to 164) !
: \\
Remember to stop any Cupsd running in the host server, or to start it ''via'' a wrapper {{/etc/init.d/v_cups}} script:
<pre>
#!/bin/sh
# chkconfig: 2345 15 60
# description: Wrapper to start cups bound to a single IP
USR_LIB_VSERVER=/usr/lib/util-vserver
exec $USR_LIB_VSERVER/vsysvwrapper cups $*
</pre>
: \\
Do not forget to give a password to the root user, if you want to ba able to manage your printers from the web interface (http://yourcupsvserver:631)!
<pre>
# passwd root
...
</pre>
: \\
If you use Mandriva 10.1 (And maybe some other distros), you’ll need to add the printers drivers for Cups, and reload it:
<pre>
# urpmi --root /vservers/yourcupsvserver/ cups-drivers
# /etc/init.d/cups reload
</pre>
: \\
…It added 67 Mb of packages for me.
: \\
Then use {{/etc/init.d/v_cups (re)start}} to launch Cups on the host server.
:You will now be able to make Cupsd start in the vserver , but more tweaking on the ACLs may be necessary to avoid authentification problems...|Signature=ProblematicPrograms}}

{{Question|Question=Bind9 on Debian GNU/Linux Woody (3.0) and Sarge (3.1)|Details=
:named provided by the bind9 binary packages fails to start because it is compiled with CAPs option.
: \\
The debian way is to build** your own package without CAPs:
: \\
<pre>
su -
cd /usr/src
apt-get build-dep bind9
apt-get source bind9
cd bind9-x.x.x
vi debian/rules
</pre>
: \\
Insert the following line after "./configure --prefix=/usr \":
: \\
<pre>
--disable-linux-caps \
</pre>
: \\
On a NPTL-enabled system you alse have to replace \\
<pre>
--enable-threads \
</pre>
: with \\
<pre>
--disable-threads \
</pre>
: or bind might refuse to run with an other user than root.
: \\
Save the file and go ahead with compiling/installing:
: \\
<pre>
dpkg-buildpackage
dpkg -i ../bind9-x.x.x.deb
echo "bind9 hold" | dpkg --set-selections
</pre>
: \\
The last line is to set the package "on hold", so it is not touched by the update process. you have to take care of security holes by yourself now!
: \\
The Xs in "bind9-x.x.x" denote the version number of bind9.
: \\

** Alternatively you can allow the CAP_SYS_RESOURCE for that V-Server.

The best way would be to fix bind, which is somehow broken when it comes to capabilities.
Daniel Hokka Zakrisson repaired it. His patch is to be found here:

[http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch bind-9.3.2-caps-when-available.patch]
So, if you recompile, it would be the cleanest way to apply that patch. Thanks Daniel!

It would be also nice, if someone submits that patch to the bind people or maybe to your distribution's package maintainers in the first step.

Get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian bind9 package] for Debian Sid guests. Feedback welcome: aj@net-lab.net|Signature=ProblematicPrograms}}

{{Question|Question=Postfix 2.1.5 (Debian Sarge)|Details=
:On a vserver with two interfaces (lo and eth0), and a postfix 2.1.5 listening on lo, postfix can't send emails : "Invalid argument"... Setting smtp_bind_address (http://www.postfix.org/postconf.5.html#smtp_bind_address) to the external address solves the issue.|Signature=ProblematicPrograms}}

{{Question|Question=Zimbra Mail|Details=
Zimbra is many applications (including Postfix and MySQL and OpenLDAP and more) which try to take over the interfaces, and depend a lot on binding from 127.0.0.1 - it is not hard to change, but there is a couple of tricks - it is documented here - http://wiki.zimbra.com/index.php?title=Install_VServer|Signature=ProblematicPrograms}}

{{Question|Question=xine|Details=
xine won't start with no error message.
"xine --verbose" shows this.
<pre>
ERROR: Could not determine network interfaces, you must use a interfaces config line
</pre>
This happens if you have the xineplug_inp_smb.so plugin. Delete it and everything is fine.|Signature=ProblematicPrograms}}

{{Question|Question=127.0.0.1 issues|Details=
I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as :
:dev lo
:ip 127.0.0.1
:mask 255.0.0.0
:name lo

now interface "1" is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface "0" is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1

Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with "checking for ICMP ping syntax..."

<font size="+1" color="red"> /!\ BIG FAT WARNING: DON'T DO THIS: THE VSERVER WILL HAVE ACCESS TO THE 127.0.0.1 OF THE HOST (quoting Bertl from irc) </font>

|Signature=ProblematicPrograms}}

{{Question|Question=Hula-project|Details=
Does not want to start :(|Signature=ProblematicPrograms}}

Frequently Asked Questions scratch

2009-05-15T15:53:27Z

Gebura:

== A. General ==
{{Question|Question=Credits||Details=
This FAQ includes information taken from the FAQs of Jacques GÃ©linas and Paul Sladen.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Are there other FAQs available?||Details=
Yes. There are other (mostly older) FAQ's available:
*[http://www.solucorp.qc.ca/howto.hc?projet=vserver Jacques GÃ©linas FAQ]
*[http://www.paul.sladen.org/vserver/faq/ Paul Sladen's vserver FAQ]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find a overview of Linux-VServer?||Details=
*((short presentation))
* [http://en.wikipedia.org/wiki/Linux-VServer Wikipedia Article]
*ProjectOverview (an introduction to the VServer Project, by ChuckD)
*[http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 Introduction by Jacques GÃ©linas]
|Signature=Linux-Vserver FAQ}}{{Question|Question=How to verify that a setup is working properly?||Details=
*To verify that your setup works properly, there are some test scripts to check basic functionality.
primarily [http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh testme.sh] and [http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh testfs.sh] (see ((TestScripts)) for more details)|Signature=Linux-Vserver FAQ}}

== B. Requirements ==
{{Question|Question=What hardware is supported by linux-vserver?||Details=
The following platforms are supported in the stable versions of linux-vserver.
*alpha
*i386 and higher (and compatible)
*ia32 / ia64
*mips / mips64
*hppa / hppa64
*ppc / ppc64
*sparc / sparc64
*s390 / s390x
*x86_64 (AMD64)
*uml/xen
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which kernel versions are supported?||Details=
recent 2.4 and 2.6 kernels (stable), recent 2.6 kernels (development).
Some ancient versions of Linux-VServer are backported to 2.2.x kernels. You can find more information [http://vserver.digitalangel.com.au/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I run Linux-vserver on my favorite distribution?||Details=
Linux-VServer was originally developed on Red Hat/Mandriva, but it is rather distribution independent. It runs fine with other distributions (Debian, SuSE). Some distributions run a patched kernel, which can make it a bit harder to build a new kernel with Linux-VServer support|Signature=Linux-Vserver FAQ}}

== C. Versions ==
{{Question|Question=What's the latest version of Linux-VServer?||Details=
You can find the [http://www.13thfloor.at/vserver/s_release latest stable 2.4 release] or [http://www.13thfloor.at/vserver/s_rel26 latest stable 2.6 release] as well as the [http://www.13thfloor.at/vserver/d_rel26 latest development release] at [http://www.13thfloor.at/vserver/ http://www.13thfloor.at/vserver/]
Check out the ((Release FAQ)) for information on releases and version numbering
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find prereleases and release candidates?||Details=
Check the [http://vserver.13thfloor.at/Experimental experimental area] for new patches.|Signature=Linux-Vserver FAQ}}

== D. Tools (util-vserver and vserver) ==
{{Question|Question=What do I need them for?||Details=
These are the userspace tools for Linux-VServer. You need them to use the functionality of Linux-VServer.
|Signature=Linux-Vserver FAQ}}{{Question|Question=What's the difference between vserver and util-vserver?||Details=
The vserver package are the 'legacy utilities', written by Jacques GÃ©linas.
The util-vserver package is a reimplementation of these tools in C by Enrico Scholz, which follows the kernel development more closely.
util-vserver tools are currently considered the mainstream tools (You can't use both packages on the same machine.)
Both packages have their own version numbering. Don't let the version numbering confuse you.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which version of the tools packages do I need? Do I have to upgrade?||Details=
*:It can be useful to have a recent version of the tools package installed on your box. It's a good idea to upgrade your tools when you upgrade your kernel. In the next list you find the versions you need to have at least, but it's a good idea to use more recent versions.
*linux-vserver 1.00
**vserver 0.26
**util-vserver 0.24
*linux-vserver 1.20
**vserver 0.28
**util-vserver 0.25
*linux-vserver 2.00
**util-vserver 0.30 or 0.30.209|Signature=Linux-Vserver FAQ}}

== E. Download ==
{{Question|Question=Where can I dowload the latest version of:||Details=
*[http://www.13thfloor.at/vserver/ The kernel patch]
*[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*[http://savannah.nongnu.org/files/?group=util-vserver util-vserver]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Distribution specific packages||Details=
*Red Hat
**[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*Mandrake
**[http://www.13thfloor.at/vserver/s_release/v1.00/ vserver]
*Debian
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver&searchon=names&subword=1&version=all&release=all vserver] - All Linux-VServer-related Debian-packages (Probably slow, +100 results).
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=linux-image-2.6-vserver&searchon=names&subword=1&version=all&release=all Official precompiled kernels] - These are the official Debian kernels compiled with Linux-VServer-support.
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver-debiantools&searchon=names&subword=1&version=all&release=all vserver-debiantools] - These scripts install Debian straight off the web from Debian.org's world-wide network of mirrors.
*Gentoo
**[http://dev.croup.de/proj/gentoo-vps/wiki/VserverHowto vserver]|Signature=Linux-Vserver FAQ}}

== F. Network Usage? ==
{{Question|Question=Is IPv6 supported?||Details=
At this moment, only IPv4 (the current most frequently used standard) is supported.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I put my vservers in different networks?||Details=
Yes you can. You have to bind your vserver to a interface on the host machine, but you can choose the interface in the configuration file of your vserver (in /etc/vservers/SERVER.conf). Make sure your host server does have an interface in the network you need on your vserver.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible for a vserver to have a other default gateway than the host machine does use?||Details=
Yes. Use iproute2 to set the default gateway.
You can find more information on routing in linux-vserver in [http://archives.linux-vserver.org/200311/0470.html this posting] on the mailinglist.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I use more than one IP address in a vserver||Details=
Yes you can. Edit the configuration file of the vserver (/etc/vservers/SERVER.conf).
In case you want to use example IP addresses on one interface
IPROOT="10.1.2.3 10.1.2.12"
IPROOTDEV="eth0"
In case you want to use 2 or more interfaces
IPROOT="eth0:10.1.2.3 eth1:10.1.2.12"
IPROOTDEV=""
In case you want to use IP-number in different subnets
IPROOT="eth0:10.1.2.3/255.255.255.0 eth0:10.1.3.12/255.255.0.0"
IPROOTDEV=""
If you are using vserver 2.0+ you have to create subdirectories in /etc/vserver/<vserver-name>/interfaces/
for each IP you want to use, i.e.
/etc/vserver/<vserver-name>/interfaces/0
/etc/vserver/<vserver-name>/interfaces/1
These subdirectories have to contain files with the options you want to set. See the [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html Flower page] for more info
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible to use the real device (eth0, eth1) instead of the device alias created by vserver?||Details=
Yes. Set up the IP aliases yourself on the host server
*Set IPROOT= to those IPs
*Unset IPROOTDEV so the vserver script won't try to setup the IP aliases.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I modify the behavior of my vservers?||Details=
There are a number of capabilities and flags that you can modify listed [http://linux-vserver.org/Caps+and+Flags here] (and [http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/cflags-v13.c?rev=HEAD here (cflags-v13.c)]).
|Signature=Linux-Vserver FAQ}}{{Question|Question=Were can I find more information on networking in Linux-VServer?||Details=
You can find more information on the internals of networking in Linux-VServer [http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt here].|Signature=Linux-Vserver FAQ}}

== G. Software compatibility ==
{{Question|Question=Bind does not work in a vserver||Details=
* capset failed
* The bind package expect to have the capability CAP_SYS_RESOURCE.
It expects this because it was compiled this way on Linux and to increase its ulimit.
* By default, a vserver does not have this capability for a good reason, you may have a look at 'man capabilities' to see how much control that capability allows.
* A vserver starts with some ulimit values and can only reduce them, not enlarge them.
* If you know what you are doing, you can give the capability to the vserver running bind.
* A securer solution is to compile bind without that requirement by specifying './configure --disable-linux-caps'
It looks like you only can run bind as root once you compile bind with this option, but this should be fine inside a vserver.
* bind does not respond to queries
* Bind seems to have problems with a query socket check. Bind believes the query is comming on a non-query socket, and doesn't answer the request.
* putting "query-source address YOUR_VSERVER_IP;" in your named.conf solves this problem.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Is DHCP possible in a vserver?||Details=
It's possible to run a DHCP server inside a vserver, but it required a CAP_NET_RAW capability.
The solution for 2.6 kernel with new-style config is to add CAP_NET_RAW entry in the /etc/vserver/<vserver-name>/bcapabilities file, and it might be unnecessary to add 255.255.255.255 into bcast file, please read [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for more details. If you are still use the legacy config, please read the answer below.
It's possible to run a DHCP server inside a vserver, but there is a catch. The set_ipv4root assigns one IP and one broadcast address to a vserver. UDP service listening to 0.0.0.0 (bind any) in a vserver are indeed listening to the vserver IP and vserver broadcast.
This is all they will get. This is fine for most services.
Unfortunately, dhcpd is receiving special broadcasts. Its clients are unaware of their IP number, so they are using special broadcast 255.255.255.255 address.
A vserver generally runs with the broadcast address of the network device (the one used to setup the IP alias). This network device has a broadcast address which is never 255.255.255.255. Those special broadcast are not sent to the vserver. The solution is to set the IPROOTBCAST entry in the vserver configuration file like this IPROOTBCAST=255.255.255.255
Restart your vserver and dhcpd will work. There is a catch (at least with 2.4.18ctx-9). If you are using other services in the save vserver, also relying on broadcast for proper operation (samba for one), they won't operate properly.
One solution would be to enhance the semantics a little: A vserver would listen for its IP address, its broadcast address and also for 255.255.255.255.
The dhcpd case is probably very specific though.

|Signature=Linux-Vserver FAQ}}{{Question|Question=NFS-server||Details=
It's not posible to run a NFS-kernel server inside a vserver, to work securely this would need a lot of work.
You can try to run the NFS userspace server, the traditional Linux user space NFS server and UNFS3 are both reported to work.
take a look at ((NFS and portmap)) if you have problems with your portmap

|Signature=Linux-Vserver FAQ}}{{Question|Question=Run Level Based Distributions as Ververs (Red Hat and such ....)||Details=
If you see errors after the command vserver <name> stop like these:

Syncing hardware clock to system time hwclock is unable to get I/O port access: the iopl(3) call failed FAILED]
Turning off swap: Not superuser. [FAILED]
Turning off quotas: quotaoff: Can't stat() mounted device /dev/hdv1: No such file or directory
Unmounting file systems: umount2: No such file or directory umount: /vservers: not found

Then look for S* links in /etc/rc6.d/ and remove the one responsible for the errors. In RH9 it is called S01reboot
A 'normal' server does some stuff on shutdown, like saving the time to the hwclock, or storing random pool data and finally invokes the reboot. Some of those actions are just not allowed in a vserver.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Vservers and X Windows||Details=
Please see the ((Vservers and X)) page for information about this.

|Signature=Linux-Vserver FAQ}}{{Question|Question=sshd with X11-Forwarding in a vserver||Details=
add ```'X11UseLocalhost no'``` to your sshd_config
|Signature=Linux-Vserver FAQ}}{{Question|Question=See also: [ProblematicPrograms]||Details=
== H. Help ==
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find more information on the Linux-VServer project?||Details=
First have a look at the ((documentation)) section of the website. In case you can't find the answer here, have a look at the mailinglist archives. If this doesn't help jou, there is still a mailinglist and a IRC channel were you can ask for help.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Does the Linux-VServer project have a mailing list?||Details=
Yes. You can subscribe [http://list.linux-vserver.org/mailman/listinfo/vserver here]. Archives are located [http://list.linux-vserver.org/archive/vserver/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is there a IRC channel ||Details=
Yes, join #vserver on irc.oftc.net.|Signature=Linux-Vserver FAQ}}

== I. Issues ==
{{Question|Question=When starting or entering a vserver I get "''Error: /proc must be mounted''". 'vserver-stat' and 'vps' are failing with "''open("/proc/uptime"): No such file or directory''". Sometimes, other files in /proc are mentioned. What can I do?||Details=
Make sure that in devel and experimental the required proc entries are visible inside a vserver. With alpha utilities, execute the ||Details=vprocunhide||Details= script. See ((Proc-Security)) also.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Inside a vserver I can still use mknod to create devices, even without CAP_MKNOD capability. What's wrong? (this probably applies to all other capabilities but that was not tested)||Details=
This is probably a problem in your kernel configuration. If you include "Enable different security models" (CONFIG_SECURITY), then make sure to also include "Default Linux Capabilities" (CONFIG_SECURITY_CAPABILITIES) or compile it as a module. In this latter case you must insert the 'capability' module into the kernel. This is for example true for current (2.6.8.1) debian kernel configurations.
|Signature=Linux-Vserver FAQ}}{{Question|Question=After stopping/restarting a vserver my network is gone! What the hell?||Details=
See above.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Only root can access any files in the vserver||Details=
Check the permissions of the vserver's / directory. The 2.4 branch's chroot-escape blocker (chmod 0000 and chattr +t) is meant to be applied to the directory containing the vservers (for example /vservers) not the vservers' root directories themselves. If you revoked all permissions for a vserver's root directory, re-grant them with "chmod 0755 /path/to/vserver-root".
|Signature=Linux-Vserver FAQ}}{{Question|Question="daemon() failed: Success" - What? Succesfully failing?||Details=
Not really vserver related but here's the answer: Somebody replaced your /dev/null with a regular file, create a real /dev/null and it will start working again. We got no idea why the error message happens to be so funny(?).
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I start a vserver, "FATAL: kernel too old" message appears and vserver can't be started||Details=
Edit your /etc/vservers/<vsname>/uts/release and define a value greater than kernel version
example, if you have a kernel "2.6.11", set "2005" for example :-)
|Signature=Linux-Vserver FAQ}}{{Question|Question=I switched from old to new configuration and now all my ip addresses are gone!||Details=
They are not, ifconfig just doesn't show them. The new tools use 'iproute' instead of 'ifconfig' which allows you to use multiple interface addresses with the same label. In such cases, ifconfig shows only the first address for each label, which probably isn't available in the vserver. Unless you specify a name for an ip address, it will be given the interface name as label, eg. eth0, and ifconfig breaks. You can assign names to your interface addresses in the vserver configuration, see [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for details.
Earlier, we said that the interface addresses were "nameless", this was wrong. As said above, the addresses in question actually all have the same name/label. Knowing this we could actually virtualize the ioctl interface which ifconfig uses in a meaningful way, making ifconfig show the vserver's ip addresses as expected, even when it shares its label with other ip addresses (of course only if there aren't multiple ip addresses in the same vserver that share the same label, but that's an ifconfig limitation, not a vserver bug). The [http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.16.5-vs2.0.2-rc16-devinet_ioctl.diff patch] should apply to most Linux-VServer versions for kernel 2.6 and will probably be included in future versions.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I enter/ssh into a vserver I can see all of the interfaces and interface aliases with ifconfig.||Details=
I experienced this after upgrading from a 2.4 to 2.6 kernel with vs-2.0 patch using legacy-method .conf files. Upgrading from legacy-method to the new one (see [http://linux-vserver.org/Legacy-To-Newstyle-Config Converting From Legacy to New]) caused the problem to go away.
|Signature=Linux-Vserver FAQ}}{{Question|Question=I keep my vserver roots on their own devices. I can unmount them but the device (like drbd or lvm) remains in use until all of my vservers are killed off ("Someone has opened the device for RW access").||Details=
When you mount something it is recorded in the current namespace. When you start a vserver it makes copy of the namespace. You can then unmount in the original namespace without any problems, however the device is still in use. This is because the device is still mounted in the new namespace. You can do something like this: "vnamespace -e runningVserver umount /mnt/point". After this you should be able to remove the device (drbdadm secondary /dev/drbd0 or whatever).
More information:
*[http://linux-vserver.org/Namespaces About Namespaces]
*[http://linux-vserver.org/advanced+DRBD+mount+issues DRBD Mount Issues]
*[http://list.linux-vserver.org/archive/vserver/msg11444.html This thread], which deals with the same issue.
*[http://list.linux-vserver.org/archive/vserver/msg10415.html This thread], terse but helpful.
*[http://www.gossamer-threads.com/lists/drbd/users/9282?page=last And this], a thread of related stuff.
WARNING: if you use the kernel cleanup feature then make sure you know what you are doing. I didn't, it was ugly.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I stop a vserver its network alias does not go away, I am getting 'RTNETLINK answers: Cannot assign requested address||Details='
Try running 'ip addr' and see if the interface names are being truncated (note: I came across a thread that seems to suggest that this might happen even if the interface name is not being truncated?). The function that kills the interface specifies its name, if it is truncated then 'ip' will not be able to find the interface.
Another cause might be that the IP was added (or already present at startup) with a different netmask, and therfore can not be removed properly
My solution to this is very, very gross. Open up your vserver.functions file and find the disableInterfaces function. If you change
IP_ADDR) $_IP addr del "$@";;
to
IP_ADDR) $(echo $_IP addr del "$@"|sed 's/broadcast + label [^[:space:]]\+//');;
then ip will try to delete the interface by its IP alone.
Anyone with a better solution is strongly encouraged to modify this entry.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Why does the vserver run on a BSD fs (ufs) ?!||Details=
* I see something like: /dev/hdv1 / ufs defaults 0 0
The ufs part is correct and it is so to trick the quota tools to not try to lowlevel access the fs. The entry is FAKE anyway, ufs just solved this quota userland issue nicely (more or less).
* For details see: [http://list.linux-vserver.org/archive/vserver/msg09133.html] and [http://archives.linux-vserver.org/200401/0232.html]
* When I issue a ping it returns:
[root@VServerGuest /]# ping 123.123.123.123
connect: Invalid argument
* When I issue a DNS lookup it returns:
[root@VServerGuest /]# host www.yahoo.ca
socket.c: internal_send: 222.222.222.222#53: Invalid argument
;; connection timed out; no servers could be reached
* When I try to run vyum it returns:
[root@VServerGuest /]# vyum VServerGuest -- check-update
Cannot find a valid baseurl for repo: core
Error: Cannot find a valid baseurl for repo: core
Make sure that you have either a Public IP setup on the VServer Guest, or that you have a proper SNAT/DNAT rules setup on your VServer Host. After that, restart the vserver guest with the verbose option to see what your ipv4root is set to:
[root@VServerGuest /]# vserver -v VServerGuest start
ipv4root is now 127.0.0.10 111.111.111.111
New security context is 49156
You must make sure the order of the interfaces are correct. The very first Interface (decided upon by alphabetical order of the interface directory name) for the VServer is the default IP used for all network connections. This must be either a public IP or an IP that has been D/SNAT'd.
|Signature=Linux-Vserver FAQ}}

== G. Problematic Programs ==
Some programs do things that might work on a normal host but not inside a V-Server. This is often not a fault of V-Server itself, the programs are doing automagic things which fail and no proper error handling is done. Also sometimes the actions need special rights which are not permitted by default in V-Servers. Allowing CAPs is often not necessary since those special CAPs are only required once (e.g. when the program initializes the directories/settings/whatever).

{{Question|Question=OpenGroupware Apache Module
||Details=If your V-Server doesn't have access to localhost, then the connection to the !OpenGroupware server will fail with a "Internal Server Error".
The apache module for !OpenGroupware called mod_ngobjweb uses a hardcoded "127.0.0.1" IP address in the source (handler.c line 339), this line you need to change to the IP address that should be used (the IP of the V-Server that runs the OpenGroupware server)|Signature=ProblematicPrograms}}

{{Question|Question=Hylafax (with CAPI)|Details=
:If you want to run hylafax in a V-Server, you will get a CAP and device problem which can be easily solved. First you need your capi20 devices in your V-Server, which can't be created by ./MAKEDEV (requires special CAPs) so copy the devices into the V-Server, like this (command run on the host):
:cp -aR /dev/capi* /vservers/your_vserver/dev
:Now hylafax can access your CAPI ISDN card but will exit after a few seconds, the problem is it tries to create a /dev/null nod in the hylafax chroot. This fails because of missing CAPs, so lets help hylafax again with copying the nod into the hylafax chroot in the V-Server. Like this (command run on the host):
:cp -aR /dev/null /vservers/your_vserver/var/spool/hylafax/dev
:Allright, now hylafax should have CAPI access and run properly.|Signature=ProblematicPrograms}}

{{Question|Question=Links inside screen inside a V-Server|Details=
:Don't know why, but links crashes systematically being inside a screen session inside a V-Server started outside a V-Server. (please elaborate!)|Signature=ProblematicPrograms}}

{{Question|Question=screen inside a VServer|Details=

<pre>

[root@ge root]# vserver zoe enter

zoe:/# screen
Cannot open your terminal '/dev/pts/5' - please check.

zoe:/# strace screen
...
stat64("/dev/pts/5", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
open("/dev/pts/5", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)

</pre>

:is neither a bug nor an issue with screen, it just shows that a vserver context is not allowed to mess with host terminals. either use ssh/telnet to reach the 'guest' or start the screen session before you do the 'enter' (i.e. on the host)|Signature=ProblematicPrograms}}

{{Question|Question=!OpenLDAP Startup|Details=
:slapd needs name resolution available in order to start up, otherwise it appears to hang. Make sure you have working DNS (or whatever) available to your vserver before starting one with slapd. This behavior is confirmed in my setup, no confirmation from others yet. My Setup: vservers all bind to an interface on a DMZ-like network segment, BIND runs on a vserver. slapd would hang at startup if the BIND vserver had not been started first.|Signature=ProblematicPrograms}}

{{Question|Question=rndc|Details=
:Bind's rndc has a hardcoded 127.0.0.1 somewhere so any command to rndc will fail with connection refused.
:You should have a reachable localhost address defined in /etc/hosts and then you can use rndc -s localhost command
:You can make a rndc.conf and set the default-server option, like that the '-s localhost' isn't necessary.|Signature=ProblematicPrograms}}

{{Question|Question=Asterisk|Details=
:Since some version of Asterisk (at least since 1.0.2), it will not run anymore. On start it fails with: "Unable to set high priority"
:This can be solved by allowing CAP_SYS_NICE for that VServer.
:You can also not run Asterisk with the realtime priority :
:Just pass the '-p' command ligne argument to disable the read-time priority.
:.
:Good doc on setting up Asterisk devices in the vserver:
:http://www.telephreak.org/papers/vpa/|Signature=ProblematicPrograms}}

{{Question|Question=Open/!FreeSwan|Details=
:Fails because of writing to /proc (requires patch)
:TODO: write me|Signature=ProblematicPrograms}}

{{Question|Question=Samba|Details=
:Oplocks don't work as smbd insists on receiving break requests from 127.0.0.1 \\
Just patch source/smbd/oplock.c (commenting paranoid code)
<pre>
+++ oplock.c.orig 2005-02-14 14:27:51.000000000 +0200
--- oplock.c 2005-02-02 12:27:50.000000000 +0200
@@ -181,14 +181,12 @@
return False;
}

+#if 0
/* Validate message from address (must be localhost). */
if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
DEBUG(0,("receive_local_message: invalid 'from' address \
(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
return False;
}
+#endif

/* Setup the message header */
SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
</pre>
or if you don't want to patch the samba source code you can disable oplock in Samba and it will work too!
Just put the following in your smb.conf:
<pre>
kernel oplocks = no
oplocks = no
</pre>

Note: The Vserver using Samba should also listen on the broadcast address. Thereby you will not be able to have two samba servers in the same net (on the same broadcast). |Signature=ProblematicPrograms}}

{{Question|Question=Samba from Debian 3.1|Details=
The samba deb in sarge (3.1) provided file sharing. The only oddity observed is that the vserver guest running samba did not appear in a windows box's 'My Network Places'
Use a WINS server. The SMB browsing protocol relies heavily on broadcasts on the local net, which are problematic with vservers. WINS resolution on the other hand is unicast and works flawlessly under vserver.|Signature=ProblematicPrograms}}

{{Question|Question=Samba printer and file server with cups|Details=
:Samba runs correctly in a Mandriva (Mdk) 10.1 Vserver, (Apart from the above oplock problem ?).
: \\
First, edit your {{/etc/sysconfig/network}} file, and set {{networking}} to {{yes}} (This will solve problems for other services !):
<pre>
# cat /etc/sysconfig/network
NETWORKING=yes
</pre>
: \\
Some more tweaking is needeed in {{/etc/smb.conf}}:
<pre>
# cat /etc/smb.conf
...
# YOUR VSERVER IP/MASK HERE
interfaces = xxx.xxx.xxx.xxx/mask
...
</pre>
: \\
That's all !!!
: \\
But if you're using Samba + Cups to provide printing for Windows clients, AND if you want to use the {{Point and Print}} feature, there is more: In the {{[printers]}} section of your {{smb.conf}}, you should have the {{use client drivers}} directive set to {{no}}, or the driver upload procedure will fail !
<pre>
# cat /etc/smb.conf
...
use client driver = no
...
</pre>
: \\
So, here is a full {{smb.conf}} file:
<pre>
# cat /etc/samba/smb.conf | awk '!/^$/ && !/^\s*(#|;)/ {print $0}'
[global]
workgroup = MYDOMAIN
netbios name = MYHOSTNAME
server string = MYCOMMENT (Samba %v)
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 127. MYVSERVERIP/MYVSERVERMASK
wins server = MYWINSIP
dns proxy = no
# for french users:
dos charset = 850
unix charset = ISO8859-1
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
use client driver = no
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
</pre>
: \\
...And a working smbusers:
<pre>
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator MYDOMAIN\administrator
nobody = guest pcguest smbguest
</pre>|Signature=ProblematicPrograms}}

{{Question|Question=Cups print server|Details=
: Symptoms: The Cups init script exits with:
<pre>
Starting CUPS printing system: cupsd: Child exited with status 98!
</pre>
: \\
And the logs ({{/var/log/cups/error_log}}) show:
<pre>
E [date:hour...] StartListening: Unable to bind socket for address 0.0.0.0:631 - Address already in use.
</pre>
:...Or something like this.
: \\
With a correct "cupsd.conf file" (Tested version 1.1.21-0.rc1.7mdk, on Mandrake 10.1 - Now Mandriva), it works; All we need is to remove references to {{127.0.0.1}} or {{localhost}} from the file, as well as correctly unsetting the {{Listen}} directive:
<pre>
LogLevel info
TempDir /var/spool/cups/tmp
# No 'Listen' directive !
Port 631
BrowseAddress @LOCAL
BrowseDeny All
BrowseAllow @LOCAL
BrowseOrder deny,allow
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From YOUR_NETWORK_ADDRESS/YOUR_NETMASK # Example: 172.16.0.0/24
# Or
Allow From @LOCAL
</Location>
</pre>
: \\
Then you'll need to modify the {{/etc/init.d/cups}} script, to comment any section referring to {{127.0.0.1}} lookup and configuration. This section exists at least on Mandrake 10.1, and is pretty long (Lines 35 to 55 and/or 79), and additionnaly four "{{else...if}}" lines must be commented far below (Lines 161 to 164) !
: \\
Remember to stop any Cupsd running in the host server, or to start it ''via'' a wrapper {{/etc/init.d/v_cups}} script:
<pre>
#!/bin/sh
# chkconfig: 2345 15 60
# description: Wrapper to start cups bound to a single IP
USR_LIB_VSERVER=/usr/lib/util-vserver
exec $USR_LIB_VSERVER/vsysvwrapper cups $*
</pre>
: \\
Do not forget to give a password to the root user, if you want to ba able to manage your printers from the web interface (http://yourcupsvserver:631)!
<pre>
# passwd root
...
</pre>
: \\
If you use Mandriva 10.1 (And maybe some other distros), you’ll need to add the printers drivers for Cups, and reload it:
<pre>
# urpmi --root /vservers/yourcupsvserver/ cups-drivers
# /etc/init.d/cups reload
</pre>
: \\
…It added 67 Mb of packages for me.
: \\
Then use {{/etc/init.d/v_cups (re)start}} to launch Cups on the host server.
:You will now be able to make Cupsd start in the vserver , but more tweaking on the ACLs may be necessary to avoid authentification problems...|Signature=ProblematicPrograms}}

{{Question|Question=Bind9 on Debian GNU/Linux Woody (3.0) and Sarge (3.1)|Details=
:named provided by the bind9 binary packages fails to start because it is compiled with CAPs option.
: \\
The debian way is to build** your own package without CAPs:
: \\
<pre>
su -
cd /usr/src
apt-get build-dep bind9
apt-get source bind9
cd bind9-x.x.x
vi debian/rules
</pre>
: \\
Insert the following line after "./configure --prefix=/usr \":
: \\
<pre>
--disable-linux-caps \
</pre>
: \\
On a NPTL-enabled system you alse have to replace \\
<pre>
--enable-threads \
</pre>
: with \\
<pre>
--disable-threads \
</pre>
: or bind might refuse to run with an other user than root.
: \\
Save the file and go ahead with compiling/installing:
: \\
<pre>
dpkg-buildpackage
dpkg -i ../bind9-x.x.x.deb
echo "bind9 hold" | dpkg --set-selections
</pre>
: \\
The last line is to set the package "on hold", so it is not touched by the update process. you have to take care of security holes by yourself now!
: \\
The Xs in "bind9-x.x.x" denote the version number of bind9.
: \\

** Alternatively you can allow the CAP_SYS_RESOURCE for that V-Server.

The best way would be to fix bind, which is somehow broken when it comes to capabilities.
Daniel Hokka Zakrisson repaired it. His patch is to be found here:

[http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch bind-9.3.2-caps-when-available.patch]
So, if you recompile, it would be the cleanest way to apply that patch. Thanks Daniel!

It would be also nice, if someone submits that patch to the bind people or maybe to your distribution's package maintainers in the first step.

Get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian bind9 package] for Debian Sid guests. Feedback welcome: aj@net-lab.net|Signature=ProblematicPrograms}}

{{Question|Question=Postfix 2.1.5 (Debian Sarge)|Details=
:On a vserver with two interfaces (lo and eth0), and a postfix 2.1.5 listening on lo, postfix can't send emails : "Invalid argument"... Setting smtp_bind_address (http://www.postfix.org/postconf.5.html#smtp_bind_address) to the external address solves the issue.|Signature=ProblematicPrograms}}

{{Question|Question=Zimbra Mail|Details=
Zimbra is many applications (including Postfix and MySQL and OpenLDAP and more) which try to take over the interfaces, and depend a lot on binding from 127.0.0.1 - it is not hard to change, but there is a couple of tricks - it is documented here - http://wiki.zimbra.com/index.php?title=Install_VServer|Signature=ProblematicPrograms}}

{{Question|Question=xine|Details=
xine won't start with no error message.
"xine --verbose" shows this.
<pre>
ERROR: Could not determine network interfaces, you must use a interfaces config line
</pre>
This happens if you have the xineplug_inp_smb.so plugin. Delete it and everything is fine.|Signature=ProblematicPrograms}}

{{Question|Question=127.0.0.1 issues|Details=
I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as :
:dev lo
:ip 127.0.0.1
:mask 255.0.0.0
:name lo

now interface "1" is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface "0" is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1

Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with "checking for ICMP ping syntax..."

<font size="+1" color="red"> /!\ BIG FAT WARNING: DON'T DO THIS IT WILL ADD VSERVER ACCESS TO THE 127.0.0.1 OF THE HOST (quoting Bertl from irc) </font>

|Signature=ProblematicPrograms}}

{{Question|Question=Hula-project|Details=
Does not want to start :(|Signature=ProblematicPrograms}}

Frequently Asked Questions scratch

2009-05-15T15:52:15Z

Gebura:

== A. General ==
{{Question|Question=Credits||Details=
This FAQ includes information taken from the FAQs of Jacques GÃ©linas and Paul Sladen.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Are there other FAQs available?||Details=
Yes. There are other (mostly older) FAQ's available:
*[http://www.solucorp.qc.ca/howto.hc?projet=vserver Jacques GÃ©linas FAQ]
*[http://www.paul.sladen.org/vserver/faq/ Paul Sladen's vserver FAQ]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find a overview of Linux-VServer?||Details=
*((short presentation))
* [http://en.wikipedia.org/wiki/Linux-VServer Wikipedia Article]
*ProjectOverview (an introduction to the VServer Project, by ChuckD)
*[http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 Introduction by Jacques GÃ©linas]
|Signature=Linux-Vserver FAQ}}{{Question|Question=How to verify that a setup is working properly?||Details=
*To verify that your setup works properly, there are some test scripts to check basic functionality.
primarily [http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh testme.sh] and [http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh testfs.sh] (see ((TestScripts)) for more details)|Signature=Linux-Vserver FAQ}}

== B. Requirements ==
{{Question|Question=What hardware is supported by linux-vserver?||Details=
The following platforms are supported in the stable versions of linux-vserver.
*alpha
*i386 and higher (and compatible)
*ia32 / ia64
*mips / mips64
*hppa / hppa64
*ppc / ppc64
*sparc / sparc64
*s390 / s390x
*x86_64 (AMD64)
*uml/xen
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which kernel versions are supported?||Details=
recent 2.4 and 2.6 kernels (stable), recent 2.6 kernels (development).
Some ancient versions of Linux-VServer are backported to 2.2.x kernels. You can find more information [http://vserver.digitalangel.com.au/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I run Linux-vserver on my favorite distribution?||Details=
Linux-VServer was originally developed on Red Hat/Mandriva, but it is rather distribution independent. It runs fine with other distributions (Debian, SuSE). Some distributions run a patched kernel, which can make it a bit harder to build a new kernel with Linux-VServer support|Signature=Linux-Vserver FAQ}}

== C. Versions ==
{{Question|Question=What's the latest version of Linux-VServer?||Details=
You can find the [http://www.13thfloor.at/vserver/s_release latest stable 2.4 release] or [http://www.13thfloor.at/vserver/s_rel26 latest stable 2.6 release] as well as the [http://www.13thfloor.at/vserver/d_rel26 latest development release] at [http://www.13thfloor.at/vserver/ http://www.13thfloor.at/vserver/]
Check out the ((Release FAQ)) for information on releases and version numbering
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find prereleases and release candidates?||Details=
Check the [http://vserver.13thfloor.at/Experimental experimental area] for new patches.|Signature=Linux-Vserver FAQ}}

== D. Tools (util-vserver and vserver) ==
{{Question|Question=What do I need them for?||Details=
These are the userspace tools for Linux-VServer. You need them to use the functionality of Linux-VServer.
|Signature=Linux-Vserver FAQ}}{{Question|Question=What's the difference between vserver and util-vserver?||Details=
The vserver package are the 'legacy utilities', written by Jacques GÃ©linas.
The util-vserver package is a reimplementation of these tools in C by Enrico Scholz, which follows the kernel development more closely.
util-vserver tools are currently considered the mainstream tools (You can't use both packages on the same machine.)
Both packages have their own version numbering. Don't let the version numbering confuse you.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which version of the tools packages do I need? Do I have to upgrade?||Details=
*:It can be useful to have a recent version of the tools package installed on your box. It's a good idea to upgrade your tools when you upgrade your kernel. In the next list you find the versions you need to have at least, but it's a good idea to use more recent versions.
*linux-vserver 1.00
**vserver 0.26
**util-vserver 0.24
*linux-vserver 1.20
**vserver 0.28
**util-vserver 0.25
*linux-vserver 2.00
**util-vserver 0.30 or 0.30.209|Signature=Linux-Vserver FAQ}}

== E. Download ==
{{Question|Question=Where can I dowload the latest version of:||Details=
*[http://www.13thfloor.at/vserver/ The kernel patch]
*[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*[http://savannah.nongnu.org/files/?group=util-vserver util-vserver]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Distribution specific packages||Details=
*Red Hat
**[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*Mandrake
**[http://www.13thfloor.at/vserver/s_release/v1.00/ vserver]
*Debian
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver&searchon=names&subword=1&version=all&release=all vserver] - All Linux-VServer-related Debian-packages (Probably slow, +100 results).
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=linux-image-2.6-vserver&searchon=names&subword=1&version=all&release=all Official precompiled kernels] - These are the official Debian kernels compiled with Linux-VServer-support.
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver-debiantools&searchon=names&subword=1&version=all&release=all vserver-debiantools] - These scripts install Debian straight off the web from Debian.org's world-wide network of mirrors.
*Gentoo
**[http://dev.croup.de/proj/gentoo-vps/wiki/VserverHowto vserver]|Signature=Linux-Vserver FAQ}}

== F. Network Usage? ==
{{Question|Question=Is IPv6 supported?||Details=
At this moment, only IPv4 (the current most frequently used standard) is supported.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I put my vservers in different networks?||Details=
Yes you can. You have to bind your vserver to a interface on the host machine, but you can choose the interface in the configuration file of your vserver (in /etc/vservers/SERVER.conf). Make sure your host server does have an interface in the network you need on your vserver.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible for a vserver to have a other default gateway than the host machine does use?||Details=
Yes. Use iproute2 to set the default gateway.
You can find more information on routing in linux-vserver in [http://archives.linux-vserver.org/200311/0470.html this posting] on the mailinglist.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I use more than one IP address in a vserver||Details=
Yes you can. Edit the configuration file of the vserver (/etc/vservers/SERVER.conf).
In case you want to use example IP addresses on one interface
IPROOT="10.1.2.3 10.1.2.12"
IPROOTDEV="eth0"
In case you want to use 2 or more interfaces
IPROOT="eth0:10.1.2.3 eth1:10.1.2.12"
IPROOTDEV=""
In case you want to use IP-number in different subnets
IPROOT="eth0:10.1.2.3/255.255.255.0 eth0:10.1.3.12/255.255.0.0"
IPROOTDEV=""
If you are using vserver 2.0+ you have to create subdirectories in /etc/vserver/<vserver-name>/interfaces/
for each IP you want to use, i.e.
/etc/vserver/<vserver-name>/interfaces/0
/etc/vserver/<vserver-name>/interfaces/1
These subdirectories have to contain files with the options you want to set. See the [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html Flower page] for more info
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible to use the real device (eth0, eth1) instead of the device alias created by vserver?||Details=
Yes. Set up the IP aliases yourself on the host server
*Set IPROOT= to those IPs
*Unset IPROOTDEV so the vserver script won't try to setup the IP aliases.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I modify the behavior of my vservers?||Details=
There are a number of capabilities and flags that you can modify listed [http://linux-vserver.org/Caps+and+Flags here] (and [http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/cflags-v13.c?rev=HEAD here (cflags-v13.c)]).
|Signature=Linux-Vserver FAQ}}{{Question|Question=Were can I find more information on networking in Linux-VServer?||Details=
You can find more information on the internals of networking in Linux-VServer [http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt here].|Signature=Linux-Vserver FAQ}}

== G. Software compatibility ==
{{Question|Question=Bind does not work in a vserver||Details=
* capset failed
* The bind package expect to have the capability CAP_SYS_RESOURCE.
It expects this because it was compiled this way on Linux and to increase its ulimit.
* By default, a vserver does not have this capability for a good reason, you may have a look at 'man capabilities' to see how much control that capability allows.
* A vserver starts with some ulimit values and can only reduce them, not enlarge them.
* If you know what you are doing, you can give the capability to the vserver running bind.
* A securer solution is to compile bind without that requirement by specifying './configure --disable-linux-caps'
It looks like you only can run bind as root once you compile bind with this option, but this should be fine inside a vserver.
* bind does not respond to queries
* Bind seems to have problems with a query socket check. Bind believes the query is comming on a non-query socket, and doesn't answer the request.
* putting "query-source address YOUR_VSERVER_IP;" in your named.conf solves this problem.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Is DHCP possible in a vserver?||Details=
It's possible to run a DHCP server inside a vserver, but it required a CAP_NET_RAW capability.
The solution for 2.6 kernel with new-style config is to add CAP_NET_RAW entry in the /etc/vserver/<vserver-name>/bcapabilities file, and it might be unnecessary to add 255.255.255.255 into bcast file, please read [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for more details. If you are still use the legacy config, please read the answer below.
It's possible to run a DHCP server inside a vserver, but there is a catch. The set_ipv4root assigns one IP and one broadcast address to a vserver. UDP service listening to 0.0.0.0 (bind any) in a vserver are indeed listening to the vserver IP and vserver broadcast.
This is all they will get. This is fine for most services.
Unfortunately, dhcpd is receiving special broadcasts. Its clients are unaware of their IP number, so they are using special broadcast 255.255.255.255 address.
A vserver generally runs with the broadcast address of the network device (the one used to setup the IP alias). This network device has a broadcast address which is never 255.255.255.255. Those special broadcast are not sent to the vserver. The solution is to set the IPROOTBCAST entry in the vserver configuration file like this IPROOTBCAST=255.255.255.255
Restart your vserver and dhcpd will work. There is a catch (at least with 2.4.18ctx-9). If you are using other services in the save vserver, also relying on broadcast for proper operation (samba for one), they won't operate properly.
One solution would be to enhance the semantics a little: A vserver would listen for its IP address, its broadcast address and also for 255.255.255.255.
The dhcpd case is probably very specific though.

|Signature=Linux-Vserver FAQ}}{{Question|Question=NFS-server||Details=
It's not posible to run a NFS-kernel server inside a vserver, to work securely this would need a lot of work.
You can try to run the NFS userspace server, the traditional Linux user space NFS server and UNFS3 are both reported to work.
take a look at ((NFS and portmap)) if you have problems with your portmap

|Signature=Linux-Vserver FAQ}}{{Question|Question=Run Level Based Distributions as Ververs (Red Hat and such ....)||Details=
If you see errors after the command vserver <name> stop like these:

Syncing hardware clock to system time hwclock is unable to get I/O port access: the iopl(3) call failed FAILED]
Turning off swap: Not superuser. [FAILED]
Turning off quotas: quotaoff: Can't stat() mounted device /dev/hdv1: No such file or directory
Unmounting file systems: umount2: No such file or directory umount: /vservers: not found

Then look for S* links in /etc/rc6.d/ and remove the one responsible for the errors. In RH9 it is called S01reboot
A 'normal' server does some stuff on shutdown, like saving the time to the hwclock, or storing random pool data and finally invokes the reboot. Some of those actions are just not allowed in a vserver.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Vservers and X Windows||Details=
Please see the ((Vservers and X)) page for information about this.

|Signature=Linux-Vserver FAQ}}{{Question|Question=sshd with X11-Forwarding in a vserver||Details=
add ```'X11UseLocalhost no'``` to your sshd_config
|Signature=Linux-Vserver FAQ}}{{Question|Question=See also: [ProblematicPrograms]||Details=
== H. Help ==
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find more information on the Linux-VServer project?||Details=
First have a look at the ((documentation)) section of the website. In case you can't find the answer here, have a look at the mailinglist archives. If this doesn't help jou, there is still a mailinglist and a IRC channel were you can ask for help.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Does the Linux-VServer project have a mailing list?||Details=
Yes. You can subscribe [http://list.linux-vserver.org/mailman/listinfo/vserver here]. Archives are located [http://list.linux-vserver.org/archive/vserver/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is there a IRC channel ||Details=
Yes, join #vserver on irc.oftc.net.|Signature=Linux-Vserver FAQ}}

== I. Issues ==
{{Question|Question=When starting or entering a vserver I get "''Error: /proc must be mounted''". 'vserver-stat' and 'vps' are failing with "''open("/proc/uptime"): No such file or directory''". Sometimes, other files in /proc are mentioned. What can I do?||Details=
Make sure that in devel and experimental the required proc entries are visible inside a vserver. With alpha utilities, execute the ||Details=vprocunhide||Details= script. See ((Proc-Security)) also.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Inside a vserver I can still use mknod to create devices, even without CAP_MKNOD capability. What's wrong? (this probably applies to all other capabilities but that was not tested)||Details=
This is probably a problem in your kernel configuration. If you include "Enable different security models" (CONFIG_SECURITY), then make sure to also include "Default Linux Capabilities" (CONFIG_SECURITY_CAPABILITIES) or compile it as a module. In this latter case you must insert the 'capability' module into the kernel. This is for example true for current (2.6.8.1) debian kernel configurations.
|Signature=Linux-Vserver FAQ}}{{Question|Question=After stopping/restarting a vserver my network is gone! What the hell?||Details=
See above.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Only root can access any files in the vserver||Details=
Check the permissions of the vserver's / directory. The 2.4 branch's chroot-escape blocker (chmod 0000 and chattr +t) is meant to be applied to the directory containing the vservers (for example /vservers) not the vservers' root directories themselves. If you revoked all permissions for a vserver's root directory, re-grant them with "chmod 0755 /path/to/vserver-root".
|Signature=Linux-Vserver FAQ}}{{Question|Question="daemon() failed: Success" - What? Succesfully failing?||Details=
Not really vserver related but here's the answer: Somebody replaced your /dev/null with a regular file, create a real /dev/null and it will start working again. We got no idea why the error message happens to be so funny(?).
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I start a vserver, "FATAL: kernel too old" message appears and vserver can't be started||Details=
Edit your /etc/vservers/<vsname>/uts/release and define a value greater than kernel version
example, if you have a kernel "2.6.11", set "2005" for example :-)
|Signature=Linux-Vserver FAQ}}{{Question|Question=I switched from old to new configuration and now all my ip addresses are gone!||Details=
They are not, ifconfig just doesn't show them. The new tools use 'iproute' instead of 'ifconfig' which allows you to use multiple interface addresses with the same label. In such cases, ifconfig shows only the first address for each label, which probably isn't available in the vserver. Unless you specify a name for an ip address, it will be given the interface name as label, eg. eth0, and ifconfig breaks. You can assign names to your interface addresses in the vserver configuration, see [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for details.
Earlier, we said that the interface addresses were "nameless", this was wrong. As said above, the addresses in question actually all have the same name/label. Knowing this we could actually virtualize the ioctl interface which ifconfig uses in a meaningful way, making ifconfig show the vserver's ip addresses as expected, even when it shares its label with other ip addresses (of course only if there aren't multiple ip addresses in the same vserver that share the same label, but that's an ifconfig limitation, not a vserver bug). The [http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.16.5-vs2.0.2-rc16-devinet_ioctl.diff patch] should apply to most Linux-VServer versions for kernel 2.6 and will probably be included in future versions.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I enter/ssh into a vserver I can see all of the interfaces and interface aliases with ifconfig.||Details=
I experienced this after upgrading from a 2.4 to 2.6 kernel with vs-2.0 patch using legacy-method .conf files. Upgrading from legacy-method to the new one (see [http://linux-vserver.org/Legacy-To-Newstyle-Config Converting From Legacy to New]) caused the problem to go away.
|Signature=Linux-Vserver FAQ}}{{Question|Question=I keep my vserver roots on their own devices. I can unmount them but the device (like drbd or lvm) remains in use until all of my vservers are killed off ("Someone has opened the device for RW access").||Details=
When you mount something it is recorded in the current namespace. When you start a vserver it makes copy of the namespace. You can then unmount in the original namespace without any problems, however the device is still in use. This is because the device is still mounted in the new namespace. You can do something like this: "vnamespace -e runningVserver umount /mnt/point". After this you should be able to remove the device (drbdadm secondary /dev/drbd0 or whatever).
More information:
*[http://linux-vserver.org/Namespaces About Namespaces]
*[http://linux-vserver.org/advanced+DRBD+mount+issues DRBD Mount Issues]
*[http://list.linux-vserver.org/archive/vserver/msg11444.html This thread], which deals with the same issue.
*[http://list.linux-vserver.org/archive/vserver/msg10415.html This thread], terse but helpful.
*[http://www.gossamer-threads.com/lists/drbd/users/9282?page=last And this], a thread of related stuff.
WARNING: if you use the kernel cleanup feature then make sure you know what you are doing. I didn't, it was ugly.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I stop a vserver its network alias does not go away, I am getting 'RTNETLINK answers: Cannot assign requested address||Details='
Try running 'ip addr' and see if the interface names are being truncated (note: I came across a thread that seems to suggest that this might happen even if the interface name is not being truncated?). The function that kills the interface specifies its name, if it is truncated then 'ip' will not be able to find the interface.
Another cause might be that the IP was added (or already present at startup) with a different netmask, and therfore can not be removed properly
My solution to this is very, very gross. Open up your vserver.functions file and find the disableInterfaces function. If you change
IP_ADDR) $_IP addr del "$@";;
to
IP_ADDR) $(echo $_IP addr del "$@"|sed 's/broadcast + label [^[:space:]]\+//');;
then ip will try to delete the interface by its IP alone.
Anyone with a better solution is strongly encouraged to modify this entry.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Why does the vserver run on a BSD fs (ufs) ?!||Details=
* I see something like: /dev/hdv1 / ufs defaults 0 0
The ufs part is correct and it is so to trick the quota tools to not try to lowlevel access the fs. The entry is FAKE anyway, ufs just solved this quota userland issue nicely (more or less).
* For details see: [http://list.linux-vserver.org/archive/vserver/msg09133.html] and [http://archives.linux-vserver.org/200401/0232.html]
* When I issue a ping it returns:
[root@VServerGuest /]# ping 123.123.123.123
connect: Invalid argument
* When I issue a DNS lookup it returns:
[root@VServerGuest /]# host www.yahoo.ca
socket.c: internal_send: 222.222.222.222#53: Invalid argument
;; connection timed out; no servers could be reached
* When I try to run vyum it returns:
[root@VServerGuest /]# vyum VServerGuest -- check-update
Cannot find a valid baseurl for repo: core
Error: Cannot find a valid baseurl for repo: core
Make sure that you have either a Public IP setup on the VServer Guest, or that you have a proper SNAT/DNAT rules setup on your VServer Host. After that, restart the vserver guest with the verbose option to see what your ipv4root is set to:
[root@VServerGuest /]# vserver -v VServerGuest start
ipv4root is now 127.0.0.10 111.111.111.111
New security context is 49156
You must make sure the order of the interfaces are correct. The very first Interface (decided upon by alphabetical order of the interface directory name) for the VServer is the default IP used for all network connections. This must be either a public IP or an IP that has been D/SNAT'd.
|Signature=Linux-Vserver FAQ}}

== G. Problematic Programs ==
Some programs do things that might work on a normal host but not inside a V-Server. This is often not a fault of V-Server itself, the programs are doing automagic things which fail and no proper error handling is done. Also sometimes the actions need special rights which are not permitted by default in V-Servers. Allowing CAPs is often not necessary since those special CAPs are only required once (e.g. when the program initializes the directories/settings/whatever).

{{Question|Question=OpenGroupware Apache Module
||Details=If your V-Server doesn't have access to localhost, then the connection to the !OpenGroupware server will fail with a "Internal Server Error".
The apache module for !OpenGroupware called mod_ngobjweb uses a hardcoded "127.0.0.1" IP address in the source (handler.c line 339), this line you need to change to the IP address that should be used (the IP of the V-Server that runs the OpenGroupware server)|Signature=ProblematicPrograms}}

{{Question|Question=Hylafax (with CAPI)|Details=
:If you want to run hylafax in a V-Server, you will get a CAP and device problem which can be easily solved. First you need your capi20 devices in your V-Server, which can't be created by ./MAKEDEV (requires special CAPs) so copy the devices into the V-Server, like this (command run on the host):
:cp -aR /dev/capi* /vservers/your_vserver/dev
:Now hylafax can access your CAPI ISDN card but will exit after a few seconds, the problem is it tries to create a /dev/null nod in the hylafax chroot. This fails because of missing CAPs, so lets help hylafax again with copying the nod into the hylafax chroot in the V-Server. Like this (command run on the host):
:cp -aR /dev/null /vservers/your_vserver/var/spool/hylafax/dev
:Allright, now hylafax should have CAPI access and run properly.|Signature=ProblematicPrograms}}

{{Question|Question=Links inside screen inside a V-Server|Details=
:Don't know why, but links crashes systematically being inside a screen session inside a V-Server started outside a V-Server. (please elaborate!)|Signature=ProblematicPrograms}}

{{Question|Question=screen inside a VServer|Details=

<pre>

[root@ge root]# vserver zoe enter

zoe:/# screen
Cannot open your terminal '/dev/pts/5' - please check.

zoe:/# strace screen
...
stat64("/dev/pts/5", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
open("/dev/pts/5", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)

</pre>

:is neither a bug nor an issue with screen, it just shows that a vserver context is not allowed to mess with host terminals. either use ssh/telnet to reach the 'guest' or start the screen session before you do the 'enter' (i.e. on the host)|Signature=ProblematicPrograms}}

{{Question|Question=!OpenLDAP Startup|Details=
:slapd needs name resolution available in order to start up, otherwise it appears to hang. Make sure you have working DNS (or whatever) available to your vserver before starting one with slapd. This behavior is confirmed in my setup, no confirmation from others yet. My Setup: vservers all bind to an interface on a DMZ-like network segment, BIND runs on a vserver. slapd would hang at startup if the BIND vserver had not been started first.|Signature=ProblematicPrograms}}

{{Question|Question=rndc|Details=
:Bind's rndc has a hardcoded 127.0.0.1 somewhere so any command to rndc will fail with connection refused.
:You should have a reachable localhost address defined in /etc/hosts and then you can use rndc -s localhost command
:You can make a rndc.conf and set the default-server option, like that the '-s localhost' isn't necessary.|Signature=ProblematicPrograms}}

{{Question|Question=Asterisk|Details=
:Since some version of Asterisk (at least since 1.0.2), it will not run anymore. On start it fails with: "Unable to set high priority"
:This can be solved by allowing CAP_SYS_NICE for that VServer.
:You can also not run Asterisk with the realtime priority :
:Just pass the '-p' command ligne argument to disable the read-time priority.
:.
:Good doc on setting up Asterisk devices in the vserver:
:http://www.telephreak.org/papers/vpa/|Signature=ProblematicPrograms}}

{{Question|Question=Open/!FreeSwan|Details=
:Fails because of writing to /proc (requires patch)
:TODO: write me|Signature=ProblematicPrograms}}

{{Question|Question=Samba|Details=
:Oplocks don't work as smbd insists on receiving break requests from 127.0.0.1 \\
Just patch source/smbd/oplock.c (commenting paranoid code)
<pre>
+++ oplock.c.orig 2005-02-14 14:27:51.000000000 +0200
--- oplock.c 2005-02-02 12:27:50.000000000 +0200
@@ -181,14 +181,12 @@
return False;
}

+#if 0
/* Validate message from address (must be localhost). */
if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
DEBUG(0,("receive_local_message: invalid 'from' address \
(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
return False;
}
+#endif

/* Setup the message header */
SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
</pre>
or if you don't want to patch the samba source code you can disable oplock in Samba and it will work too!
Just put the following in your smb.conf:
<pre>
kernel oplocks = no
oplocks = no
</pre>

Note: The Vserver using Samba should also listen on the broadcast address. Thereby you will not be able to have two samba servers in the same net (on the same broadcast). |Signature=ProblematicPrograms}}

{{Question|Question=Samba from Debian 3.1|Details=
The samba deb in sarge (3.1) provided file sharing. The only oddity observed is that the vserver guest running samba did not appear in a windows box's 'My Network Places'
Use a WINS server. The SMB browsing protocol relies heavily on broadcasts on the local net, which are problematic with vservers. WINS resolution on the other hand is unicast and works flawlessly under vserver.|Signature=ProblematicPrograms}}

{{Question|Question=Samba printer and file server with cups|Details=
:Samba runs correctly in a Mandriva (Mdk) 10.1 Vserver, (Apart from the above oplock problem ?).
: \\
First, edit your {{/etc/sysconfig/network}} file, and set {{networking}} to {{yes}} (This will solve problems for other services !):
<pre>
# cat /etc/sysconfig/network
NETWORKING=yes
</pre>
: \\
Some more tweaking is needeed in {{/etc/smb.conf}}:
<pre>
# cat /etc/smb.conf
...
# YOUR VSERVER IP/MASK HERE
interfaces = xxx.xxx.xxx.xxx/mask
...
</pre>
: \\
That's all !!!
: \\
But if you're using Samba + Cups to provide printing for Windows clients, AND if you want to use the {{Point and Print}} feature, there is more: In the {{[printers]}} section of your {{smb.conf}}, you should have the {{use client drivers}} directive set to {{no}}, or the driver upload procedure will fail !
<pre>
# cat /etc/smb.conf
...
use client driver = no
...
</pre>
: \\
So, here is a full {{smb.conf}} file:
<pre>
# cat /etc/samba/smb.conf | awk '!/^$/ && !/^\s*(#|;)/ {print $0}'
[global]
workgroup = MYDOMAIN
netbios name = MYHOSTNAME
server string = MYCOMMENT (Samba %v)
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 127. MYVSERVERIP/MYVSERVERMASK
wins server = MYWINSIP
dns proxy = no
# for french users:
dos charset = 850
unix charset = ISO8859-1
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
use client driver = no
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
</pre>
: \\
...And a working smbusers:
<pre>
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator MYDOMAIN\administrator
nobody = guest pcguest smbguest
</pre>|Signature=ProblematicPrograms}}

{{Question|Question=Cups print server|Details=
: Symptoms: The Cups init script exits with:
<pre>
Starting CUPS printing system: cupsd: Child exited with status 98!
</pre>
: \\
And the logs ({{/var/log/cups/error_log}}) show:
<pre>
E [date:hour...] StartListening: Unable to bind socket for address 0.0.0.0:631 - Address already in use.
</pre>
:...Or something like this.
: \\
With a correct "cupsd.conf file" (Tested version 1.1.21-0.rc1.7mdk, on Mandrake 10.1 - Now Mandriva), it works; All we need is to remove references to {{127.0.0.1}} or {{localhost}} from the file, as well as correctly unsetting the {{Listen}} directive:
<pre>
LogLevel info
TempDir /var/spool/cups/tmp
# No 'Listen' directive !
Port 631
BrowseAddress @LOCAL
BrowseDeny All
BrowseAllow @LOCAL
BrowseOrder deny,allow
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From YOUR_NETWORK_ADDRESS/YOUR_NETMASK # Example: 172.16.0.0/24
# Or
Allow From @LOCAL
</Location>
</pre>
: \\
Then you'll need to modify the {{/etc/init.d/cups}} script, to comment any section referring to {{127.0.0.1}} lookup and configuration. This section exists at least on Mandrake 10.1, and is pretty long (Lines 35 to 55 and/or 79), and additionnaly four "{{else...if}}" lines must be commented far below (Lines 161 to 164) !
: \\
Remember to stop any Cupsd running in the host server, or to start it ''via'' a wrapper {{/etc/init.d/v_cups}} script:
<pre>
#!/bin/sh
# chkconfig: 2345 15 60
# description: Wrapper to start cups bound to a single IP
USR_LIB_VSERVER=/usr/lib/util-vserver
exec $USR_LIB_VSERVER/vsysvwrapper cups $*
</pre>
: \\
Do not forget to give a password to the root user, if you want to ba able to manage your printers from the web interface (http://yourcupsvserver:631)!
<pre>
# passwd root
...
</pre>
: \\
If you use Mandriva 10.1 (And maybe some other distros), you’ll need to add the printers drivers for Cups, and reload it:
<pre>
# urpmi --root /vservers/yourcupsvserver/ cups-drivers
# /etc/init.d/cups reload
</pre>
: \\
…It added 67 Mb of packages for me.
: \\
Then use {{/etc/init.d/v_cups (re)start}} to launch Cups on the host server.
:You will now be able to make Cupsd start in the vserver , but more tweaking on the ACLs may be necessary to avoid authentification problems...|Signature=ProblematicPrograms}}

{{Question|Question=Bind9 on Debian GNU/Linux Woody (3.0) and Sarge (3.1)|Details=
:named provided by the bind9 binary packages fails to start because it is compiled with CAPs option.
: \\
The debian way is to build** your own package without CAPs:
: \\
<pre>
su -
cd /usr/src
apt-get build-dep bind9
apt-get source bind9
cd bind9-x.x.x
vi debian/rules
</pre>
: \\
Insert the following line after "./configure --prefix=/usr \":
: \\
<pre>
--disable-linux-caps \
</pre>
: \\
On a NPTL-enabled system you alse have to replace \\
<pre>
--enable-threads \
</pre>
: with \\
<pre>
--disable-threads \
</pre>
: or bind might refuse to run with an other user than root.
: \\
Save the file and go ahead with compiling/installing:
: \\
<pre>
dpkg-buildpackage
dpkg -i ../bind9-x.x.x.deb
echo "bind9 hold" | dpkg --set-selections
</pre>
: \\
The last line is to set the package "on hold", so it is not touched by the update process. you have to take care of security holes by yourself now!
: \\
The Xs in "bind9-x.x.x" denote the version number of bind9.
: \\

** Alternatively you can allow the CAP_SYS_RESOURCE for that V-Server.

The best way would be to fix bind, which is somehow broken when it comes to capabilities.
Daniel Hokka Zakrisson repaired it. His patch is to be found here:

[http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch bind-9.3.2-caps-when-available.patch]
So, if you recompile, it would be the cleanest way to apply that patch. Thanks Daniel!

It would be also nice, if someone submits that patch to the bind people or maybe to your distribution's package maintainers in the first step.

Get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian bind9 package] for Debian Sid guests. Feedback welcome: aj@net-lab.net|Signature=ProblematicPrograms}}

{{Question|Question=Postfix 2.1.5 (Debian Sarge)|Details=
:On a vserver with two interfaces (lo and eth0), and a postfix 2.1.5 listening on lo, postfix can't send emails : "Invalid argument"... Setting smtp_bind_address (http://www.postfix.org/postconf.5.html#smtp_bind_address) to the external address solves the issue.|Signature=ProblematicPrograms}}

{{Question|Question=Zimbra Mail|Details=
Zimbra is many applications (including Postfix and MySQL and OpenLDAP and more) which try to take over the interfaces, and depend a lot on binding from 127.0.0.1 - it is not hard to change, but there is a couple of tricks - it is documented here - http://wiki.zimbra.com/index.php?title=Install_VServer|Signature=ProblematicPrograms}}

{{Question|Question=xine|Details=
xine won't start with no error message.
"xine --verbose" shows this.
<pre>
ERROR: Could not determine network interfaces, you must use a interfaces config line
</pre>
This happens if you have the xineplug_inp_smb.so plugin. Delete it and everything is fine.|Signature=ProblematicPrograms}}

{{Question|Question=127.0.0.1 issues|Details=
I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as :
:dev lo
:ip 127.0.0.1
:mask 255.0.0.0
:name lo

now interface "1" is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface "0" is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1

Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with "checking for ICMP ping syntax..."

<font size="+1" color="red"> /!\ BIG FAT WARNING: DON'T DO THIS IT WILL ADD VSERVER ACCESS TO THE 127.0.0.1 OF THE HOST (quoting Bertl on irc) </font>

|Signature=ProblematicPrograms}}

{{Question|Question=Hula-project|Details=
Does not want to start :(|Signature=ProblematicPrograms}}

Frequently Asked Questions scratch

2009-05-15T15:51:02Z

Gebura:

== A. General ==
{{Question|Question=Credits||Details=
This FAQ includes information taken from the FAQs of Jacques GÃ©linas and Paul Sladen.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Are there other FAQs available?||Details=
Yes. There are other (mostly older) FAQ's available:
*[http://www.solucorp.qc.ca/howto.hc?projet=vserver Jacques GÃ©linas FAQ]
*[http://www.paul.sladen.org/vserver/faq/ Paul Sladen's vserver FAQ]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find a overview of Linux-VServer?||Details=
*((short presentation))
* [http://en.wikipedia.org/wiki/Linux-VServer Wikipedia Article]
*ProjectOverview (an introduction to the VServer Project, by ChuckD)
*[http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 Introduction by Jacques GÃ©linas]
|Signature=Linux-Vserver FAQ}}{{Question|Question=How to verify that a setup is working properly?||Details=
*To verify that your setup works properly, there are some test scripts to check basic functionality.
primarily [http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh testme.sh] and [http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh testfs.sh] (see ((TestScripts)) for more details)|Signature=Linux-Vserver FAQ}}

== B. Requirements ==
{{Question|Question=What hardware is supported by linux-vserver?||Details=
The following platforms are supported in the stable versions of linux-vserver.
*alpha
*i386 and higher (and compatible)
*ia32 / ia64
*mips / mips64
*hppa / hppa64
*ppc / ppc64
*sparc / sparc64
*s390 / s390x
*x86_64 (AMD64)
*uml/xen
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which kernel versions are supported?||Details=
recent 2.4 and 2.6 kernels (stable), recent 2.6 kernels (development).
Some ancient versions of Linux-VServer are backported to 2.2.x kernels. You can find more information [http://vserver.digitalangel.com.au/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I run Linux-vserver on my favorite distribution?||Details=
Linux-VServer was originally developed on Red Hat/Mandriva, but it is rather distribution independent. It runs fine with other distributions (Debian, SuSE). Some distributions run a patched kernel, which can make it a bit harder to build a new kernel with Linux-VServer support|Signature=Linux-Vserver FAQ}}

== C. Versions ==
{{Question|Question=What's the latest version of Linux-VServer?||Details=
You can find the [http://www.13thfloor.at/vserver/s_release latest stable 2.4 release] or [http://www.13thfloor.at/vserver/s_rel26 latest stable 2.6 release] as well as the [http://www.13thfloor.at/vserver/d_rel26 latest development release] at [http://www.13thfloor.at/vserver/ http://www.13thfloor.at/vserver/]
Check out the ((Release FAQ)) for information on releases and version numbering
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find prereleases and release candidates?||Details=
Check the [http://vserver.13thfloor.at/Experimental experimental area] for new patches.|Signature=Linux-Vserver FAQ}}

== D. Tools (util-vserver and vserver) ==
{{Question|Question=What do I need them for?||Details=
These are the userspace tools for Linux-VServer. You need them to use the functionality of Linux-VServer.
|Signature=Linux-Vserver FAQ}}{{Question|Question=What's the difference between vserver and util-vserver?||Details=
The vserver package are the 'legacy utilities', written by Jacques GÃ©linas.
The util-vserver package is a reimplementation of these tools in C by Enrico Scholz, which follows the kernel development more closely.
util-vserver tools are currently considered the mainstream tools (You can't use both packages on the same machine.)
Both packages have their own version numbering. Don't let the version numbering confuse you.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which version of the tools packages do I need? Do I have to upgrade?||Details=
*:It can be useful to have a recent version of the tools package installed on your box. It's a good idea to upgrade your tools when you upgrade your kernel. In the next list you find the versions you need to have at least, but it's a good idea to use more recent versions.
*linux-vserver 1.00
**vserver 0.26
**util-vserver 0.24
*linux-vserver 1.20
**vserver 0.28
**util-vserver 0.25
*linux-vserver 2.00
**util-vserver 0.30 or 0.30.209|Signature=Linux-Vserver FAQ}}

== E. Download ==
{{Question|Question=Where can I dowload the latest version of:||Details=
*[http://www.13thfloor.at/vserver/ The kernel patch]
*[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*[http://savannah.nongnu.org/files/?group=util-vserver util-vserver]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Distribution specific packages||Details=
*Red Hat
**[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*Mandrake
**[http://www.13thfloor.at/vserver/s_release/v1.00/ vserver]
*Debian
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver&searchon=names&subword=1&version=all&release=all vserver] - All Linux-VServer-related Debian-packages (Probably slow, +100 results).
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=linux-image-2.6-vserver&searchon=names&subword=1&version=all&release=all Official precompiled kernels] - These are the official Debian kernels compiled with Linux-VServer-support.
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver-debiantools&searchon=names&subword=1&version=all&release=all vserver-debiantools] - These scripts install Debian straight off the web from Debian.org's world-wide network of mirrors.
*Gentoo
**[http://dev.croup.de/proj/gentoo-vps/wiki/VserverHowto vserver]|Signature=Linux-Vserver FAQ}}

== F. Network Usage? ==
{{Question|Question=Is IPv6 supported?||Details=
At this moment, only IPv4 (the current most frequently used standard) is supported.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I put my vservers in different networks?||Details=
Yes you can. You have to bind your vserver to a interface on the host machine, but you can choose the interface in the configuration file of your vserver (in /etc/vservers/SERVER.conf). Make sure your host server does have an interface in the network you need on your vserver.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible for a vserver to have a other default gateway than the host machine does use?||Details=
Yes. Use iproute2 to set the default gateway.
You can find more information on routing in linux-vserver in [http://archives.linux-vserver.org/200311/0470.html this posting] on the mailinglist.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I use more than one IP address in a vserver||Details=
Yes you can. Edit the configuration file of the vserver (/etc/vservers/SERVER.conf).
In case you want to use example IP addresses on one interface
IPROOT="10.1.2.3 10.1.2.12"
IPROOTDEV="eth0"
In case you want to use 2 or more interfaces
IPROOT="eth0:10.1.2.3 eth1:10.1.2.12"
IPROOTDEV=""
In case you want to use IP-number in different subnets
IPROOT="eth0:10.1.2.3/255.255.255.0 eth0:10.1.3.12/255.255.0.0"
IPROOTDEV=""
If you are using vserver 2.0+ you have to create subdirectories in /etc/vserver/<vserver-name>/interfaces/
for each IP you want to use, i.e.
/etc/vserver/<vserver-name>/interfaces/0
/etc/vserver/<vserver-name>/interfaces/1
These subdirectories have to contain files with the options you want to set. See the [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html Flower page] for more info
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible to use the real device (eth0, eth1) instead of the device alias created by vserver?||Details=
Yes. Set up the IP aliases yourself on the host server
*Set IPROOT= to those IPs
*Unset IPROOTDEV so the vserver script won't try to setup the IP aliases.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I modify the behavior of my vservers?||Details=
There are a number of capabilities and flags that you can modify listed [http://linux-vserver.org/Caps+and+Flags here] (and [http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/cflags-v13.c?rev=HEAD here (cflags-v13.c)]).
|Signature=Linux-Vserver FAQ}}{{Question|Question=Were can I find more information on networking in Linux-VServer?||Details=
You can find more information on the internals of networking in Linux-VServer [http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt here].|Signature=Linux-Vserver FAQ}}

== G. Software compatibility ==
{{Question|Question=Bind does not work in a vserver||Details=
* capset failed
* The bind package expect to have the capability CAP_SYS_RESOURCE.
It expects this because it was compiled this way on Linux and to increase its ulimit.
* By default, a vserver does not have this capability for a good reason, you may have a look at 'man capabilities' to see how much control that capability allows.
* A vserver starts with some ulimit values and can only reduce them, not enlarge them.
* If you know what you are doing, you can give the capability to the vserver running bind.
* A securer solution is to compile bind without that requirement by specifying './configure --disable-linux-caps'
It looks like you only can run bind as root once you compile bind with this option, but this should be fine inside a vserver.
* bind does not respond to queries
* Bind seems to have problems with a query socket check. Bind believes the query is comming on a non-query socket, and doesn't answer the request.
* putting "query-source address YOUR_VSERVER_IP;" in your named.conf solves this problem.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Is DHCP possible in a vserver?||Details=
It's possible to run a DHCP server inside a vserver, but it required a CAP_NET_RAW capability.
The solution for 2.6 kernel with new-style config is to add CAP_NET_RAW entry in the /etc/vserver/<vserver-name>/bcapabilities file, and it might be unnecessary to add 255.255.255.255 into bcast file, please read [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for more details. If you are still use the legacy config, please read the answer below.
It's possible to run a DHCP server inside a vserver, but there is a catch. The set_ipv4root assigns one IP and one broadcast address to a vserver. UDP service listening to 0.0.0.0 (bind any) in a vserver are indeed listening to the vserver IP and vserver broadcast.
This is all they will get. This is fine for most services.
Unfortunately, dhcpd is receiving special broadcasts. Its clients are unaware of their IP number, so they are using special broadcast 255.255.255.255 address.
A vserver generally runs with the broadcast address of the network device (the one used to setup the IP alias). This network device has a broadcast address which is never 255.255.255.255. Those special broadcast are not sent to the vserver. The solution is to set the IPROOTBCAST entry in the vserver configuration file like this IPROOTBCAST=255.255.255.255
Restart your vserver and dhcpd will work. There is a catch (at least with 2.4.18ctx-9). If you are using other services in the save vserver, also relying on broadcast for proper operation (samba for one), they won't operate properly.
One solution would be to enhance the semantics a little: A vserver would listen for its IP address, its broadcast address and also for 255.255.255.255.
The dhcpd case is probably very specific though.

|Signature=Linux-Vserver FAQ}}{{Question|Question=NFS-server||Details=
It's not posible to run a NFS-kernel server inside a vserver, to work securely this would need a lot of work.
You can try to run the NFS userspace server, the traditional Linux user space NFS server and UNFS3 are both reported to work.
take a look at ((NFS and portmap)) if you have problems with your portmap

|Signature=Linux-Vserver FAQ}}{{Question|Question=Run Level Based Distributions as Ververs (Red Hat and such ....)||Details=
If you see errors after the command vserver <name> stop like these:

Syncing hardware clock to system time hwclock is unable to get I/O port access: the iopl(3) call failed FAILED]
Turning off swap: Not superuser. [FAILED]
Turning off quotas: quotaoff: Can't stat() mounted device /dev/hdv1: No such file or directory
Unmounting file systems: umount2: No such file or directory umount: /vservers: not found

Then look for S* links in /etc/rc6.d/ and remove the one responsible for the errors. In RH9 it is called S01reboot
A 'normal' server does some stuff on shutdown, like saving the time to the hwclock, or storing random pool data and finally invokes the reboot. Some of those actions are just not allowed in a vserver.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Vservers and X Windows||Details=
Please see the ((Vservers and X)) page for information about this.

|Signature=Linux-Vserver FAQ}}{{Question|Question=sshd with X11-Forwarding in a vserver||Details=
add ```'X11UseLocalhost no'``` to your sshd_config
|Signature=Linux-Vserver FAQ}}{{Question|Question=See also: [ProblematicPrograms]||Details=
== H. Help ==
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find more information on the Linux-VServer project?||Details=
First have a look at the ((documentation)) section of the website. In case you can't find the answer here, have a look at the mailinglist archives. If this doesn't help jou, there is still a mailinglist and a IRC channel were you can ask for help.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Does the Linux-VServer project have a mailing list?||Details=
Yes. You can subscribe [http://list.linux-vserver.org/mailman/listinfo/vserver here]. Archives are located [http://list.linux-vserver.org/archive/vserver/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is there a IRC channel ||Details=
Yes, join #vserver on irc.oftc.net.|Signature=Linux-Vserver FAQ}}

== I. Issues ==
{{Question|Question=When starting or entering a vserver I get "''Error: /proc must be mounted''". 'vserver-stat' and 'vps' are failing with "''open("/proc/uptime"): No such file or directory''". Sometimes, other files in /proc are mentioned. What can I do?||Details=
Make sure that in devel and experimental the required proc entries are visible inside a vserver. With alpha utilities, execute the ||Details=vprocunhide||Details= script. See ((Proc-Security)) also.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Inside a vserver I can still use mknod to create devices, even without CAP_MKNOD capability. What's wrong? (this probably applies to all other capabilities but that was not tested)||Details=
This is probably a problem in your kernel configuration. If you include "Enable different security models" (CONFIG_SECURITY), then make sure to also include "Default Linux Capabilities" (CONFIG_SECURITY_CAPABILITIES) or compile it as a module. In this latter case you must insert the 'capability' module into the kernel. This is for example true for current (2.6.8.1) debian kernel configurations.
|Signature=Linux-Vserver FAQ}}{{Question|Question=After stopping/restarting a vserver my network is gone! What the hell?||Details=
See above.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Only root can access any files in the vserver||Details=
Check the permissions of the vserver's / directory. The 2.4 branch's chroot-escape blocker (chmod 0000 and chattr +t) is meant to be applied to the directory containing the vservers (for example /vservers) not the vservers' root directories themselves. If you revoked all permissions for a vserver's root directory, re-grant them with "chmod 0755 /path/to/vserver-root".
|Signature=Linux-Vserver FAQ}}{{Question|Question="daemon() failed: Success" - What? Succesfully failing?||Details=
Not really vserver related but here's the answer: Somebody replaced your /dev/null with a regular file, create a real /dev/null and it will start working again. We got no idea why the error message happens to be so funny(?).
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I start a vserver, "FATAL: kernel too old" message appears and vserver can't be started||Details=
Edit your /etc/vservers/<vsname>/uts/release and define a value greater than kernel version
example, if you have a kernel "2.6.11", set "2005" for example :-)
|Signature=Linux-Vserver FAQ}}{{Question|Question=I switched from old to new configuration and now all my ip addresses are gone!||Details=
They are not, ifconfig just doesn't show them. The new tools use 'iproute' instead of 'ifconfig' which allows you to use multiple interface addresses with the same label. In such cases, ifconfig shows only the first address for each label, which probably isn't available in the vserver. Unless you specify a name for an ip address, it will be given the interface name as label, eg. eth0, and ifconfig breaks. You can assign names to your interface addresses in the vserver configuration, see [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for details.
Earlier, we said that the interface addresses were "nameless", this was wrong. As said above, the addresses in question actually all have the same name/label. Knowing this we could actually virtualize the ioctl interface which ifconfig uses in a meaningful way, making ifconfig show the vserver's ip addresses as expected, even when it shares its label with other ip addresses (of course only if there aren't multiple ip addresses in the same vserver that share the same label, but that's an ifconfig limitation, not a vserver bug). The [http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.16.5-vs2.0.2-rc16-devinet_ioctl.diff patch] should apply to most Linux-VServer versions for kernel 2.6 and will probably be included in future versions.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I enter/ssh into a vserver I can see all of the interfaces and interface aliases with ifconfig.||Details=
I experienced this after upgrading from a 2.4 to 2.6 kernel with vs-2.0 patch using legacy-method .conf files. Upgrading from legacy-method to the new one (see [http://linux-vserver.org/Legacy-To-Newstyle-Config Converting From Legacy to New]) caused the problem to go away.
|Signature=Linux-Vserver FAQ}}{{Question|Question=I keep my vserver roots on their own devices. I can unmount them but the device (like drbd or lvm) remains in use until all of my vservers are killed off ("Someone has opened the device for RW access").||Details=
When you mount something it is recorded in the current namespace. When you start a vserver it makes copy of the namespace. You can then unmount in the original namespace without any problems, however the device is still in use. This is because the device is still mounted in the new namespace. You can do something like this: "vnamespace -e runningVserver umount /mnt/point". After this you should be able to remove the device (drbdadm secondary /dev/drbd0 or whatever).
More information:
*[http://linux-vserver.org/Namespaces About Namespaces]
*[http://linux-vserver.org/advanced+DRBD+mount+issues DRBD Mount Issues]
*[http://list.linux-vserver.org/archive/vserver/msg11444.html This thread], which deals with the same issue.
*[http://list.linux-vserver.org/archive/vserver/msg10415.html This thread], terse but helpful.
*[http://www.gossamer-threads.com/lists/drbd/users/9282?page=last And this], a thread of related stuff.
WARNING: if you use the kernel cleanup feature then make sure you know what you are doing. I didn't, it was ugly.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I stop a vserver its network alias does not go away, I am getting 'RTNETLINK answers: Cannot assign requested address||Details='
Try running 'ip addr' and see if the interface names are being truncated (note: I came across a thread that seems to suggest that this might happen even if the interface name is not being truncated?). The function that kills the interface specifies its name, if it is truncated then 'ip' will not be able to find the interface.
Another cause might be that the IP was added (or already present at startup) with a different netmask, and therfore can not be removed properly
My solution to this is very, very gross. Open up your vserver.functions file and find the disableInterfaces function. If you change
IP_ADDR) $_IP addr del "$@";;
to
IP_ADDR) $(echo $_IP addr del "$@"|sed 's/broadcast + label [^[:space:]]\+//');;
then ip will try to delete the interface by its IP alone.
Anyone with a better solution is strongly encouraged to modify this entry.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Why does the vserver run on a BSD fs (ufs) ?!||Details=
* I see something like: /dev/hdv1 / ufs defaults 0 0
The ufs part is correct and it is so to trick the quota tools to not try to lowlevel access the fs. The entry is FAKE anyway, ufs just solved this quota userland issue nicely (more or less).
* For details see: [http://list.linux-vserver.org/archive/vserver/msg09133.html] and [http://archives.linux-vserver.org/200401/0232.html]
* When I issue a ping it returns:
[root@VServerGuest /]# ping 123.123.123.123
connect: Invalid argument
* When I issue a DNS lookup it returns:
[root@VServerGuest /]# host www.yahoo.ca
socket.c: internal_send: 222.222.222.222#53: Invalid argument
;; connection timed out; no servers could be reached
* When I try to run vyum it returns:
[root@VServerGuest /]# vyum VServerGuest -- check-update
Cannot find a valid baseurl for repo: core
Error: Cannot find a valid baseurl for repo: core
Make sure that you have either a Public IP setup on the VServer Guest, or that you have a proper SNAT/DNAT rules setup on your VServer Host. After that, restart the vserver guest with the verbose option to see what your ipv4root is set to:
[root@VServerGuest /]# vserver -v VServerGuest start
ipv4root is now 127.0.0.10 111.111.111.111
New security context is 49156
You must make sure the order of the interfaces are correct. The very first Interface (decided upon by alphabetical order of the interface directory name) for the VServer is the default IP used for all network connections. This must be either a public IP or an IP that has been D/SNAT'd.
|Signature=Linux-Vserver FAQ}}

== G. Problematic Programs ==
Some programs do things that might work on a normal host but not inside a V-Server. This is often not a fault of V-Server itself, the programs are doing automagic things which fail and no proper error handling is done. Also sometimes the actions need special rights which are not permitted by default in V-Servers. Allowing CAPs is often not necessary since those special CAPs are only required once (e.g. when the program initializes the directories/settings/whatever).

{{Question|Question=OpenGroupware Apache Module
||Details=If your V-Server doesn't have access to localhost, then the connection to the !OpenGroupware server will fail with a "Internal Server Error".
The apache module for !OpenGroupware called mod_ngobjweb uses a hardcoded "127.0.0.1" IP address in the source (handler.c line 339), this line you need to change to the IP address that should be used (the IP of the V-Server that runs the OpenGroupware server)|Signature=ProblematicPrograms}}

{{Question|Question=Hylafax (with CAPI)|Details=
:If you want to run hylafax in a V-Server, you will get a CAP and device problem which can be easily solved. First you need your capi20 devices in your V-Server, which can't be created by ./MAKEDEV (requires special CAPs) so copy the devices into the V-Server, like this (command run on the host):
:cp -aR /dev/capi* /vservers/your_vserver/dev
:Now hylafax can access your CAPI ISDN card but will exit after a few seconds, the problem is it tries to create a /dev/null nod in the hylafax chroot. This fails because of missing CAPs, so lets help hylafax again with copying the nod into the hylafax chroot in the V-Server. Like this (command run on the host):
:cp -aR /dev/null /vservers/your_vserver/var/spool/hylafax/dev
:Allright, now hylafax should have CAPI access and run properly.|Signature=ProblematicPrograms}}

{{Question|Question=Links inside screen inside a V-Server|Details=
:Don't know why, but links crashes systematically being inside a screen session inside a V-Server started outside a V-Server. (please elaborate!)|Signature=ProblematicPrograms}}

{{Question|Question=screen inside a VServer|Details=

<pre>

[root@ge root]# vserver zoe enter

zoe:/# screen
Cannot open your terminal '/dev/pts/5' - please check.

zoe:/# strace screen
...
stat64("/dev/pts/5", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
open("/dev/pts/5", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)

</pre>

:is neither a bug nor an issue with screen, it just shows that a vserver context is not allowed to mess with host terminals. either use ssh/telnet to reach the 'guest' or start the screen session before you do the 'enter' (i.e. on the host)|Signature=ProblematicPrograms}}

{{Question|Question=!OpenLDAP Startup|Details=
:slapd needs name resolution available in order to start up, otherwise it appears to hang. Make sure you have working DNS (or whatever) available to your vserver before starting one with slapd. This behavior is confirmed in my setup, no confirmation from others yet. My Setup: vservers all bind to an interface on a DMZ-like network segment, BIND runs on a vserver. slapd would hang at startup if the BIND vserver had not been started first.|Signature=ProblematicPrograms}}

{{Question|Question=rndc|Details=
:Bind's rndc has a hardcoded 127.0.0.1 somewhere so any command to rndc will fail with connection refused.
:You should have a reachable localhost address defined in /etc/hosts and then you can use rndc -s localhost command
:You can make a rndc.conf and set the default-server option, like that the '-s localhost' isn't necessary.|Signature=ProblematicPrograms}}

{{Question|Question=Asterisk|Details=
:Since some version of Asterisk (at least since 1.0.2), it will not run anymore. On start it fails with: "Unable to set high priority"
:This can be solved by allowing CAP_SYS_NICE for that VServer.
:You can also not run Asterisk with the realtime priority :
:Just pass the '-p' command ligne argument to disable the read-time priority.
:.
:Good doc on setting up Asterisk devices in the vserver:
:http://www.telephreak.org/papers/vpa/|Signature=ProblematicPrograms}}

{{Question|Question=Open/!FreeSwan|Details=
:Fails because of writing to /proc (requires patch)
:TODO: write me|Signature=ProblematicPrograms}}

{{Question|Question=Samba|Details=
:Oplocks don't work as smbd insists on receiving break requests from 127.0.0.1 \\
Just patch source/smbd/oplock.c (commenting paranoid code)
<pre>
+++ oplock.c.orig 2005-02-14 14:27:51.000000000 +0200
--- oplock.c 2005-02-02 12:27:50.000000000 +0200
@@ -181,14 +181,12 @@
return False;
}

+#if 0
/* Validate message from address (must be localhost). */
if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
DEBUG(0,("receive_local_message: invalid 'from' address \
(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
return False;
}
+#endif

/* Setup the message header */
SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
</pre>
or if you don't want to patch the samba source code you can disable oplock in Samba and it will work too!
Just put the following in your smb.conf:
<pre>
kernel oplocks = no
oplocks = no
</pre>

Note: The Vserver using Samba should also listen on the broadcast address. Thereby you will not be able to have two samba servers in the same net (on the same broadcast). |Signature=ProblematicPrograms}}

{{Question|Question=Samba from Debian 3.1|Details=
The samba deb in sarge (3.1) provided file sharing. The only oddity observed is that the vserver guest running samba did not appear in a windows box's 'My Network Places'
Use a WINS server. The SMB browsing protocol relies heavily on broadcasts on the local net, which are problematic with vservers. WINS resolution on the other hand is unicast and works flawlessly under vserver.|Signature=ProblematicPrograms}}

{{Question|Question=Samba printer and file server with cups|Details=
:Samba runs correctly in a Mandriva (Mdk) 10.1 Vserver, (Apart from the above oplock problem ?).
: \\
First, edit your {{/etc/sysconfig/network}} file, and set {{networking}} to {{yes}} (This will solve problems for other services !):
<pre>
# cat /etc/sysconfig/network
NETWORKING=yes
</pre>
: \\
Some more tweaking is needeed in {{/etc/smb.conf}}:
<pre>
# cat /etc/smb.conf
...
# YOUR VSERVER IP/MASK HERE
interfaces = xxx.xxx.xxx.xxx/mask
...
</pre>
: \\
That's all !!!
: \\
But if you're using Samba + Cups to provide printing for Windows clients, AND if you want to use the {{Point and Print}} feature, there is more: In the {{[printers]}} section of your {{smb.conf}}, you should have the {{use client drivers}} directive set to {{no}}, or the driver upload procedure will fail !
<pre>
# cat /etc/smb.conf
...
use client driver = no
...
</pre>
: \\
So, here is a full {{smb.conf}} file:
<pre>
# cat /etc/samba/smb.conf | awk '!/^$/ && !/^\s*(#|;)/ {print $0}'
[global]
workgroup = MYDOMAIN
netbios name = MYHOSTNAME
server string = MYCOMMENT (Samba %v)
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 127. MYVSERVERIP/MYVSERVERMASK
wins server = MYWINSIP
dns proxy = no
# for french users:
dos charset = 850
unix charset = ISO8859-1
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
use client driver = no
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
</pre>
: \\
...And a working smbusers:
<pre>
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator MYDOMAIN\administrator
nobody = guest pcguest smbguest
</pre>|Signature=ProblematicPrograms}}

{{Question|Question=Cups print server|Details=
: Symptoms: The Cups init script exits with:
<pre>
Starting CUPS printing system: cupsd: Child exited with status 98!
</pre>
: \\
And the logs ({{/var/log/cups/error_log}}) show:
<pre>
E [date:hour...] StartListening: Unable to bind socket for address 0.0.0.0:631 - Address already in use.
</pre>
:...Or something like this.
: \\
With a correct "cupsd.conf file" (Tested version 1.1.21-0.rc1.7mdk, on Mandrake 10.1 - Now Mandriva), it works; All we need is to remove references to {{127.0.0.1}} or {{localhost}} from the file, as well as correctly unsetting the {{Listen}} directive:
<pre>
LogLevel info
TempDir /var/spool/cups/tmp
# No 'Listen' directive !
Port 631
BrowseAddress @LOCAL
BrowseDeny All
BrowseAllow @LOCAL
BrowseOrder deny,allow
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From YOUR_NETWORK_ADDRESS/YOUR_NETMASK # Example: 172.16.0.0/24
# Or
Allow From @LOCAL
</Location>
</pre>
: \\
Then you'll need to modify the {{/etc/init.d/cups}} script, to comment any section referring to {{127.0.0.1}} lookup and configuration. This section exists at least on Mandrake 10.1, and is pretty long (Lines 35 to 55 and/or 79), and additionnaly four "{{else...if}}" lines must be commented far below (Lines 161 to 164) !
: \\
Remember to stop any Cupsd running in the host server, or to start it ''via'' a wrapper {{/etc/init.d/v_cups}} script:
<pre>
#!/bin/sh
# chkconfig: 2345 15 60
# description: Wrapper to start cups bound to a single IP
USR_LIB_VSERVER=/usr/lib/util-vserver
exec $USR_LIB_VSERVER/vsysvwrapper cups $*
</pre>
: \\
Do not forget to give a password to the root user, if you want to ba able to manage your printers from the web interface (http://yourcupsvserver:631)!
<pre>
# passwd root
...
</pre>
: \\
If you use Mandriva 10.1 (And maybe some other distros), you’ll need to add the printers drivers for Cups, and reload it:
<pre>
# urpmi --root /vservers/yourcupsvserver/ cups-drivers
# /etc/init.d/cups reload
</pre>
: \\
…It added 67 Mb of packages for me.
: \\
Then use {{/etc/init.d/v_cups (re)start}} to launch Cups on the host server.
:You will now be able to make Cupsd start in the vserver , but more tweaking on the ACLs may be necessary to avoid authentification problems...|Signature=ProblematicPrograms}}

{{Question|Question=Bind9 on Debian GNU/Linux Woody (3.0) and Sarge (3.1)|Details=
:named provided by the bind9 binary packages fails to start because it is compiled with CAPs option.
: \\
The debian way is to build** your own package without CAPs:
: \\
<pre>
su -
cd /usr/src
apt-get build-dep bind9
apt-get source bind9
cd bind9-x.x.x
vi debian/rules
</pre>
: \\
Insert the following line after "./configure --prefix=/usr \":
: \\
<pre>
--disable-linux-caps \
</pre>
: \\
On a NPTL-enabled system you alse have to replace \\
<pre>
--enable-threads \
</pre>
: with \\
<pre>
--disable-threads \
</pre>
: or bind might refuse to run with an other user than root.
: \\
Save the file and go ahead with compiling/installing:
: \\
<pre>
dpkg-buildpackage
dpkg -i ../bind9-x.x.x.deb
echo "bind9 hold" | dpkg --set-selections
</pre>
: \\
The last line is to set the package "on hold", so it is not touched by the update process. you have to take care of security holes by yourself now!
: \\
The Xs in "bind9-x.x.x" denote the version number of bind9.
: \\

** Alternatively you can allow the CAP_SYS_RESOURCE for that V-Server.

The best way would be to fix bind, which is somehow broken when it comes to capabilities.
Daniel Hokka Zakrisson repaired it. His patch is to be found here:

[http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch bind-9.3.2-caps-when-available.patch]
So, if you recompile, it would be the cleanest way to apply that patch. Thanks Daniel!

It would be also nice, if someone submits that patch to the bind people or maybe to your distribution's package maintainers in the first step.

Get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian bind9 package] for Debian Sid guests. Feedback welcome: aj@net-lab.net|Signature=ProblematicPrograms}}

{{Question|Question=Postfix 2.1.5 (Debian Sarge)|Details=
:On a vserver with two interfaces (lo and eth0), and a postfix 2.1.5 listening on lo, postfix can't send emails : "Invalid argument"... Setting smtp_bind_address (http://www.postfix.org/postconf.5.html#smtp_bind_address) to the external address solves the issue.|Signature=ProblematicPrograms}}

{{Question|Question=Zimbra Mail|Details=
Zimbra is many applications (including Postfix and MySQL and OpenLDAP and more) which try to take over the interfaces, and depend a lot on binding from 127.0.0.1 - it is not hard to change, but there is a couple of tricks - it is documented here - http://wiki.zimbra.com/index.php?title=Install_VServer|Signature=ProblematicPrograms}}

{{Question|Question=xine|Details=
xine won't start with no error message.
"xine --verbose" shows this.
<pre>
ERROR: Could not determine network interfaces, you must use a interfaces config line
</pre>
This happens if you have the xineplug_inp_smb.so plugin. Delete it and everything is fine.|Signature=ProblematicPrograms}}

{{Question|Question=127.0.0.1 issues|Details=
I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as :
:dev lo
:ip 127.0.0.1
:mask 255.0.0.0
:name lo

now interface "1" is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface "0" is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1

Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with "checking for ICMP ping syntax..."

[red] /!\ BIG FAT WARNING: DON'T DO THIS IT WILL ADD VSERVER ACCESS TO THE 127.0.0.1 OF THE HOST (quoting Bertl on irc) [/red]

|Signature=ProblematicPrograms}}

{{Question|Question=Hula-project|Details=
Does not want to start :(|Signature=ProblematicPrograms}}

Frequently Asked Questions scratch

2009-05-15T15:50:27Z

Gebura:

== A. General ==
{{Question|Question=Credits||Details=
This FAQ includes information taken from the FAQs of Jacques GÃ©linas and Paul Sladen.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Are there other FAQs available?||Details=
Yes. There are other (mostly older) FAQ's available:
*[http://www.solucorp.qc.ca/howto.hc?projet=vserver Jacques GÃ©linas FAQ]
*[http://www.paul.sladen.org/vserver/faq/ Paul Sladen's vserver FAQ]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find a overview of Linux-VServer?||Details=
*((short presentation))
* [http://en.wikipedia.org/wiki/Linux-VServer Wikipedia Article]
*ProjectOverview (an introduction to the VServer Project, by ChuckD)
*[http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 Introduction by Jacques GÃ©linas]
|Signature=Linux-Vserver FAQ}}{{Question|Question=How to verify that a setup is working properly?||Details=
*To verify that your setup works properly, there are some test scripts to check basic functionality.
primarily [http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh testme.sh] and [http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh testfs.sh] (see ((TestScripts)) for more details)|Signature=Linux-Vserver FAQ}}

== B. Requirements ==
{{Question|Question=What hardware is supported by linux-vserver?||Details=
The following platforms are supported in the stable versions of linux-vserver.
*alpha
*i386 and higher (and compatible)
*ia32 / ia64
*mips / mips64
*hppa / hppa64
*ppc / ppc64
*sparc / sparc64
*s390 / s390x
*x86_64 (AMD64)
*uml/xen
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which kernel versions are supported?||Details=
recent 2.4 and 2.6 kernels (stable), recent 2.6 kernels (development).
Some ancient versions of Linux-VServer are backported to 2.2.x kernels. You can find more information [http://vserver.digitalangel.com.au/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I run Linux-vserver on my favorite distribution?||Details=
Linux-VServer was originally developed on Red Hat/Mandriva, but it is rather distribution independent. It runs fine with other distributions (Debian, SuSE). Some distributions run a patched kernel, which can make it a bit harder to build a new kernel with Linux-VServer support|Signature=Linux-Vserver FAQ}}

== C. Versions ==
{{Question|Question=What's the latest version of Linux-VServer?||Details=
You can find the [http://www.13thfloor.at/vserver/s_release latest stable 2.4 release] or [http://www.13thfloor.at/vserver/s_rel26 latest stable 2.6 release] as well as the [http://www.13thfloor.at/vserver/d_rel26 latest development release] at [http://www.13thfloor.at/vserver/ http://www.13thfloor.at/vserver/]
Check out the ((Release FAQ)) for information on releases and version numbering
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find prereleases and release candidates?||Details=
Check the [http://vserver.13thfloor.at/Experimental experimental area] for new patches.|Signature=Linux-Vserver FAQ}}

== D. Tools (util-vserver and vserver) ==
{{Question|Question=What do I need them for?||Details=
These are the userspace tools for Linux-VServer. You need them to use the functionality of Linux-VServer.
|Signature=Linux-Vserver FAQ}}{{Question|Question=What's the difference between vserver and util-vserver?||Details=
The vserver package are the 'legacy utilities', written by Jacques GÃ©linas.
The util-vserver package is a reimplementation of these tools in C by Enrico Scholz, which follows the kernel development more closely.
util-vserver tools are currently considered the mainstream tools (You can't use both packages on the same machine.)
Both packages have their own version numbering. Don't let the version numbering confuse you.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which version of the tools packages do I need? Do I have to upgrade?||Details=
*:It can be useful to have a recent version of the tools package installed on your box. It's a good idea to upgrade your tools when you upgrade your kernel. In the next list you find the versions you need to have at least, but it's a good idea to use more recent versions.
*linux-vserver 1.00
**vserver 0.26
**util-vserver 0.24
*linux-vserver 1.20
**vserver 0.28
**util-vserver 0.25
*linux-vserver 2.00
**util-vserver 0.30 or 0.30.209|Signature=Linux-Vserver FAQ}}

== E. Download ==
{{Question|Question=Where can I dowload the latest version of:||Details=
*[http://www.13thfloor.at/vserver/ The kernel patch]
*[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*[http://savannah.nongnu.org/files/?group=util-vserver util-vserver]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Distribution specific packages||Details=
*Red Hat
**[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*Mandrake
**[http://www.13thfloor.at/vserver/s_release/v1.00/ vserver]
*Debian
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver&searchon=names&subword=1&version=all&release=all vserver] - All Linux-VServer-related Debian-packages (Probably slow, +100 results).
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=linux-image-2.6-vserver&searchon=names&subword=1&version=all&release=all Official precompiled kernels] - These are the official Debian kernels compiled with Linux-VServer-support.
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver-debiantools&searchon=names&subword=1&version=all&release=all vserver-debiantools] - These scripts install Debian straight off the web from Debian.org's world-wide network of mirrors.
*Gentoo
**[http://dev.croup.de/proj/gentoo-vps/wiki/VserverHowto vserver]|Signature=Linux-Vserver FAQ}}

== F. Network Usage? ==
{{Question|Question=Is IPv6 supported?||Details=
At this moment, only IPv4 (the current most frequently used standard) is supported.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I put my vservers in different networks?||Details=
Yes you can. You have to bind your vserver to a interface on the host machine, but you can choose the interface in the configuration file of your vserver (in /etc/vservers/SERVER.conf). Make sure your host server does have an interface in the network you need on your vserver.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible for a vserver to have a other default gateway than the host machine does use?||Details=
Yes. Use iproute2 to set the default gateway.
You can find more information on routing in linux-vserver in [http://archives.linux-vserver.org/200311/0470.html this posting] on the mailinglist.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I use more than one IP address in a vserver||Details=
Yes you can. Edit the configuration file of the vserver (/etc/vservers/SERVER.conf).
In case you want to use example IP addresses on one interface
IPROOT="10.1.2.3 10.1.2.12"
IPROOTDEV="eth0"
In case you want to use 2 or more interfaces
IPROOT="eth0:10.1.2.3 eth1:10.1.2.12"
IPROOTDEV=""
In case you want to use IP-number in different subnets
IPROOT="eth0:10.1.2.3/255.255.255.0 eth0:10.1.3.12/255.255.0.0"
IPROOTDEV=""
If you are using vserver 2.0+ you have to create subdirectories in /etc/vserver/<vserver-name>/interfaces/
for each IP you want to use, i.e.
/etc/vserver/<vserver-name>/interfaces/0
/etc/vserver/<vserver-name>/interfaces/1
These subdirectories have to contain files with the options you want to set. See the [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html Flower page] for more info
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible to use the real device (eth0, eth1) instead of the device alias created by vserver?||Details=
Yes. Set up the IP aliases yourself on the host server
*Set IPROOT= to those IPs
*Unset IPROOTDEV so the vserver script won't try to setup the IP aliases.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I modify the behavior of my vservers?||Details=
There are a number of capabilities and flags that you can modify listed [http://linux-vserver.org/Caps+and+Flags here] (and [http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/cflags-v13.c?rev=HEAD here (cflags-v13.c)]).
|Signature=Linux-Vserver FAQ}}{{Question|Question=Were can I find more information on networking in Linux-VServer?||Details=
You can find more information on the internals of networking in Linux-VServer [http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt here].|Signature=Linux-Vserver FAQ}}

== G. Software compatibility ==
{{Question|Question=Bind does not work in a vserver||Details=
* capset failed
* The bind package expect to have the capability CAP_SYS_RESOURCE.
It expects this because it was compiled this way on Linux and to increase its ulimit.
* By default, a vserver does not have this capability for a good reason, you may have a look at 'man capabilities' to see how much control that capability allows.
* A vserver starts with some ulimit values and can only reduce them, not enlarge them.
* If you know what you are doing, you can give the capability to the vserver running bind.
* A securer solution is to compile bind without that requirement by specifying './configure --disable-linux-caps'
It looks like you only can run bind as root once you compile bind with this option, but this should be fine inside a vserver.
* bind does not respond to queries
* Bind seems to have problems with a query socket check. Bind believes the query is comming on a non-query socket, and doesn't answer the request.
* putting "query-source address YOUR_VSERVER_IP;" in your named.conf solves this problem.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Is DHCP possible in a vserver?||Details=
It's possible to run a DHCP server inside a vserver, but it required a CAP_NET_RAW capability.
The solution for 2.6 kernel with new-style config is to add CAP_NET_RAW entry in the /etc/vserver/<vserver-name>/bcapabilities file, and it might be unnecessary to add 255.255.255.255 into bcast file, please read [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for more details. If you are still use the legacy config, please read the answer below.
It's possible to run a DHCP server inside a vserver, but there is a catch. The set_ipv4root assigns one IP and one broadcast address to a vserver. UDP service listening to 0.0.0.0 (bind any) in a vserver are indeed listening to the vserver IP and vserver broadcast.
This is all they will get. This is fine for most services.
Unfortunately, dhcpd is receiving special broadcasts. Its clients are unaware of their IP number, so they are using special broadcast 255.255.255.255 address.
A vserver generally runs with the broadcast address of the network device (the one used to setup the IP alias). This network device has a broadcast address which is never 255.255.255.255. Those special broadcast are not sent to the vserver. The solution is to set the IPROOTBCAST entry in the vserver configuration file like this IPROOTBCAST=255.255.255.255
Restart your vserver and dhcpd will work. There is a catch (at least with 2.4.18ctx-9). If you are using other services in the save vserver, also relying on broadcast for proper operation (samba for one), they won't operate properly.
One solution would be to enhance the semantics a little: A vserver would listen for its IP address, its broadcast address and also for 255.255.255.255.
The dhcpd case is probably very specific though.

|Signature=Linux-Vserver FAQ}}{{Question|Question=NFS-server||Details=
It's not posible to run a NFS-kernel server inside a vserver, to work securely this would need a lot of work.
You can try to run the NFS userspace server, the traditional Linux user space NFS server and UNFS3 are both reported to work.
take a look at ((NFS and portmap)) if you have problems with your portmap

|Signature=Linux-Vserver FAQ}}{{Question|Question=Run Level Based Distributions as Ververs (Red Hat and such ....)||Details=
If you see errors after the command vserver <name> stop like these:

Syncing hardware clock to system time hwclock is unable to get I/O port access: the iopl(3) call failed FAILED]
Turning off swap: Not superuser. [FAILED]
Turning off quotas: quotaoff: Can't stat() mounted device /dev/hdv1: No such file or directory
Unmounting file systems: umount2: No such file or directory umount: /vservers: not found

Then look for S* links in /etc/rc6.d/ and remove the one responsible for the errors. In RH9 it is called S01reboot
A 'normal' server does some stuff on shutdown, like saving the time to the hwclock, or storing random pool data and finally invokes the reboot. Some of those actions are just not allowed in a vserver.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Vservers and X Windows||Details=
Please see the ((Vservers and X)) page for information about this.

|Signature=Linux-Vserver FAQ}}{{Question|Question=sshd with X11-Forwarding in a vserver||Details=
add ```'X11UseLocalhost no'``` to your sshd_config
|Signature=Linux-Vserver FAQ}}{{Question|Question=See also: [ProblematicPrograms]||Details=
== H. Help ==
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find more information on the Linux-VServer project?||Details=
First have a look at the ((documentation)) section of the website. In case you can't find the answer here, have a look at the mailinglist archives. If this doesn't help jou, there is still a mailinglist and a IRC channel were you can ask for help.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Does the Linux-VServer project have a mailing list?||Details=
Yes. You can subscribe [http://list.linux-vserver.org/mailman/listinfo/vserver here]. Archives are located [http://list.linux-vserver.org/archive/vserver/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is there a IRC channel ||Details=
Yes, join #vserver on irc.oftc.net.|Signature=Linux-Vserver FAQ}}

== I. Issues ==
{{Question|Question=When starting or entering a vserver I get "''Error: /proc must be mounted''". 'vserver-stat' and 'vps' are failing with "''open("/proc/uptime"): No such file or directory''". Sometimes, other files in /proc are mentioned. What can I do?||Details=
Make sure that in devel and experimental the required proc entries are visible inside a vserver. With alpha utilities, execute the ||Details=vprocunhide||Details= script. See ((Proc-Security)) also.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Inside a vserver I can still use mknod to create devices, even without CAP_MKNOD capability. What's wrong? (this probably applies to all other capabilities but that was not tested)||Details=
This is probably a problem in your kernel configuration. If you include "Enable different security models" (CONFIG_SECURITY), then make sure to also include "Default Linux Capabilities" (CONFIG_SECURITY_CAPABILITIES) or compile it as a module. In this latter case you must insert the 'capability' module into the kernel. This is for example true for current (2.6.8.1) debian kernel configurations.
|Signature=Linux-Vserver FAQ}}{{Question|Question=After stopping/restarting a vserver my network is gone! What the hell?||Details=
See above.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Only root can access any files in the vserver||Details=
Check the permissions of the vserver's / directory. The 2.4 branch's chroot-escape blocker (chmod 0000 and chattr +t) is meant to be applied to the directory containing the vservers (for example /vservers) not the vservers' root directories themselves. If you revoked all permissions for a vserver's root directory, re-grant them with "chmod 0755 /path/to/vserver-root".
|Signature=Linux-Vserver FAQ}}{{Question|Question="daemon() failed: Success" - What? Succesfully failing?||Details=
Not really vserver related but here's the answer: Somebody replaced your /dev/null with a regular file, create a real /dev/null and it will start working again. We got no idea why the error message happens to be so funny(?).
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I start a vserver, "FATAL: kernel too old" message appears and vserver can't be started||Details=
Edit your /etc/vservers/<vsname>/uts/release and define a value greater than kernel version
example, if you have a kernel "2.6.11", set "2005" for example :-)
|Signature=Linux-Vserver FAQ}}{{Question|Question=I switched from old to new configuration and now all my ip addresses are gone!||Details=
They are not, ifconfig just doesn't show them. The new tools use 'iproute' instead of 'ifconfig' which allows you to use multiple interface addresses with the same label. In such cases, ifconfig shows only the first address for each label, which probably isn't available in the vserver. Unless you specify a name for an ip address, it will be given the interface name as label, eg. eth0, and ifconfig breaks. You can assign names to your interface addresses in the vserver configuration, see [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for details.
Earlier, we said that the interface addresses were "nameless", this was wrong. As said above, the addresses in question actually all have the same name/label. Knowing this we could actually virtualize the ioctl interface which ifconfig uses in a meaningful way, making ifconfig show the vserver's ip addresses as expected, even when it shares its label with other ip addresses (of course only if there aren't multiple ip addresses in the same vserver that share the same label, but that's an ifconfig limitation, not a vserver bug). The [http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.16.5-vs2.0.2-rc16-devinet_ioctl.diff patch] should apply to most Linux-VServer versions for kernel 2.6 and will probably be included in future versions.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I enter/ssh into a vserver I can see all of the interfaces and interface aliases with ifconfig.||Details=
I experienced this after upgrading from a 2.4 to 2.6 kernel with vs-2.0 patch using legacy-method .conf files. Upgrading from legacy-method to the new one (see [http://linux-vserver.org/Legacy-To-Newstyle-Config Converting From Legacy to New]) caused the problem to go away.
|Signature=Linux-Vserver FAQ}}{{Question|Question=I keep my vserver roots on their own devices. I can unmount them but the device (like drbd or lvm) remains in use until all of my vservers are killed off ("Someone has opened the device for RW access").||Details=
When you mount something it is recorded in the current namespace. When you start a vserver it makes copy of the namespace. You can then unmount in the original namespace without any problems, however the device is still in use. This is because the device is still mounted in the new namespace. You can do something like this: "vnamespace -e runningVserver umount /mnt/point". After this you should be able to remove the device (drbdadm secondary /dev/drbd0 or whatever).
More information:
*[http://linux-vserver.org/Namespaces About Namespaces]
*[http://linux-vserver.org/advanced+DRBD+mount+issues DRBD Mount Issues]
*[http://list.linux-vserver.org/archive/vserver/msg11444.html This thread], which deals with the same issue.
*[http://list.linux-vserver.org/archive/vserver/msg10415.html This thread], terse but helpful.
*[http://www.gossamer-threads.com/lists/drbd/users/9282?page=last And this], a thread of related stuff.
WARNING: if you use the kernel cleanup feature then make sure you know what you are doing. I didn't, it was ugly.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I stop a vserver its network alias does not go away, I am getting 'RTNETLINK answers: Cannot assign requested address||Details='
Try running 'ip addr' and see if the interface names are being truncated (note: I came across a thread that seems to suggest that this might happen even if the interface name is not being truncated?). The function that kills the interface specifies its name, if it is truncated then 'ip' will not be able to find the interface.
Another cause might be that the IP was added (or already present at startup) with a different netmask, and therfore can not be removed properly
My solution to this is very, very gross. Open up your vserver.functions file and find the disableInterfaces function. If you change
IP_ADDR) $_IP addr del "$@";;
to
IP_ADDR) $(echo $_IP addr del "$@"|sed 's/broadcast + label [^[:space:]]\+//');;
then ip will try to delete the interface by its IP alone.
Anyone with a better solution is strongly encouraged to modify this entry.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Why does the vserver run on a BSD fs (ufs) ?!||Details=
* I see something like: /dev/hdv1 / ufs defaults 0 0
The ufs part is correct and it is so to trick the quota tools to not try to lowlevel access the fs. The entry is FAKE anyway, ufs just solved this quota userland issue nicely (more or less).
* For details see: [http://list.linux-vserver.org/archive/vserver/msg09133.html] and [http://archives.linux-vserver.org/200401/0232.html]
* When I issue a ping it returns:
[root@VServerGuest /]# ping 123.123.123.123
connect: Invalid argument
* When I issue a DNS lookup it returns:
[root@VServerGuest /]# host www.yahoo.ca
socket.c: internal_send: 222.222.222.222#53: Invalid argument
;; connection timed out; no servers could be reached
* When I try to run vyum it returns:
[root@VServerGuest /]# vyum VServerGuest -- check-update
Cannot find a valid baseurl for repo: core
Error: Cannot find a valid baseurl for repo: core
Make sure that you have either a Public IP setup on the VServer Guest, or that you have a proper SNAT/DNAT rules setup on your VServer Host. After that, restart the vserver guest with the verbose option to see what your ipv4root is set to:
[root@VServerGuest /]# vserver -v VServerGuest start
ipv4root is now 127.0.0.10 111.111.111.111
New security context is 49156
You must make sure the order of the interfaces are correct. The very first Interface (decided upon by alphabetical order of the interface directory name) for the VServer is the default IP used for all network connections. This must be either a public IP or an IP that has been D/SNAT'd.
|Signature=Linux-Vserver FAQ}}

== G. Problematic Programs ==
Some programs do things that might work on a normal host but not inside a V-Server. This is often not a fault of V-Server itself, the programs are doing automagic things which fail and no proper error handling is done. Also sometimes the actions need special rights which are not permitted by default in V-Servers. Allowing CAPs is often not necessary since those special CAPs are only required once (e.g. when the program initializes the directories/settings/whatever).

{{Question|Question=OpenGroupware Apache Module
||Details=If your V-Server doesn't have access to localhost, then the connection to the !OpenGroupware server will fail with a "Internal Server Error".
The apache module for !OpenGroupware called mod_ngobjweb uses a hardcoded "127.0.0.1" IP address in the source (handler.c line 339), this line you need to change to the IP address that should be used (the IP of the V-Server that runs the OpenGroupware server)|Signature=ProblematicPrograms}}

{{Question|Question=Hylafax (with CAPI)|Details=
:If you want to run hylafax in a V-Server, you will get a CAP and device problem which can be easily solved. First you need your capi20 devices in your V-Server, which can't be created by ./MAKEDEV (requires special CAPs) so copy the devices into the V-Server, like this (command run on the host):
:cp -aR /dev/capi* /vservers/your_vserver/dev
:Now hylafax can access your CAPI ISDN card but will exit after a few seconds, the problem is it tries to create a /dev/null nod in the hylafax chroot. This fails because of missing CAPs, so lets help hylafax again with copying the nod into the hylafax chroot in the V-Server. Like this (command run on the host):
:cp -aR /dev/null /vservers/your_vserver/var/spool/hylafax/dev
:Allright, now hylafax should have CAPI access and run properly.|Signature=ProblematicPrograms}}

{{Question|Question=Links inside screen inside a V-Server|Details=
:Don't know why, but links crashes systematically being inside a screen session inside a V-Server started outside a V-Server. (please elaborate!)|Signature=ProblematicPrograms}}

{{Question|Question=screen inside a VServer|Details=

<pre>

[root@ge root]# vserver zoe enter

zoe:/# screen
Cannot open your terminal '/dev/pts/5' - please check.

zoe:/# strace screen
...
stat64("/dev/pts/5", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
open("/dev/pts/5", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)

</pre>

:is neither a bug nor an issue with screen, it just shows that a vserver context is not allowed to mess with host terminals. either use ssh/telnet to reach the 'guest' or start the screen session before you do the 'enter' (i.e. on the host)|Signature=ProblematicPrograms}}

{{Question|Question=!OpenLDAP Startup|Details=
:slapd needs name resolution available in order to start up, otherwise it appears to hang. Make sure you have working DNS (or whatever) available to your vserver before starting one with slapd. This behavior is confirmed in my setup, no confirmation from others yet. My Setup: vservers all bind to an interface on a DMZ-like network segment, BIND runs on a vserver. slapd would hang at startup if the BIND vserver had not been started first.|Signature=ProblematicPrograms}}

{{Question|Question=rndc|Details=
:Bind's rndc has a hardcoded 127.0.0.1 somewhere so any command to rndc will fail with connection refused.
:You should have a reachable localhost address defined in /etc/hosts and then you can use rndc -s localhost command
:You can make a rndc.conf and set the default-server option, like that the '-s localhost' isn't necessary.|Signature=ProblematicPrograms}}

{{Question|Question=Asterisk|Details=
:Since some version of Asterisk (at least since 1.0.2), it will not run anymore. On start it fails with: "Unable to set high priority"
:This can be solved by allowing CAP_SYS_NICE for that VServer.
:You can also not run Asterisk with the realtime priority :
:Just pass the '-p' command ligne argument to disable the read-time priority.
:.
:Good doc on setting up Asterisk devices in the vserver:
:http://www.telephreak.org/papers/vpa/|Signature=ProblematicPrograms}}

{{Question|Question=Open/!FreeSwan|Details=
:Fails because of writing to /proc (requires patch)
:TODO: write me|Signature=ProblematicPrograms}}

{{Question|Question=Samba|Details=
:Oplocks don't work as smbd insists on receiving break requests from 127.0.0.1 \\
Just patch source/smbd/oplock.c (commenting paranoid code)
<pre>
+++ oplock.c.orig 2005-02-14 14:27:51.000000000 +0200
--- oplock.c 2005-02-02 12:27:50.000000000 +0200
@@ -181,14 +181,12 @@
return False;
}

+#if 0
/* Validate message from address (must be localhost). */
if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
DEBUG(0,("receive_local_message: invalid 'from' address \
(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
return False;
}
+#endif

/* Setup the message header */
SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
</pre>
or if you don't want to patch the samba source code you can disable oplock in Samba and it will work too!
Just put the following in your smb.conf:
<pre>
kernel oplocks = no
oplocks = no
</pre>

Note: The Vserver using Samba should also listen on the broadcast address. Thereby you will not be able to have two samba servers in the same net (on the same broadcast). |Signature=ProblematicPrograms}}

{{Question|Question=Samba from Debian 3.1|Details=
The samba deb in sarge (3.1) provided file sharing. The only oddity observed is that the vserver guest running samba did not appear in a windows box's 'My Network Places'
Use a WINS server. The SMB browsing protocol relies heavily on broadcasts on the local net, which are problematic with vservers. WINS resolution on the other hand is unicast and works flawlessly under vserver.|Signature=ProblematicPrograms}}

{{Question|Question=Samba printer and file server with cups|Details=
:Samba runs correctly in a Mandriva (Mdk) 10.1 Vserver, (Apart from the above oplock problem ?).
: \\
First, edit your {{/etc/sysconfig/network}} file, and set {{networking}} to {{yes}} (This will solve problems for other services !):
<pre>
# cat /etc/sysconfig/network
NETWORKING=yes
</pre>
: \\
Some more tweaking is needeed in {{/etc/smb.conf}}:
<pre>
# cat /etc/smb.conf
...
# YOUR VSERVER IP/MASK HERE
interfaces = xxx.xxx.xxx.xxx/mask
...
</pre>
: \\
That's all !!!
: \\
But if you're using Samba + Cups to provide printing for Windows clients, AND if you want to use the {{Point and Print}} feature, there is more: In the {{[printers]}} section of your {{smb.conf}}, you should have the {{use client drivers}} directive set to {{no}}, or the driver upload procedure will fail !
<pre>
# cat /etc/smb.conf
...
use client driver = no
...
</pre>
: \\
So, here is a full {{smb.conf}} file:
<pre>
# cat /etc/samba/smb.conf | awk '!/^$/ && !/^\s*(#|;)/ {print $0}'
[global]
workgroup = MYDOMAIN
netbios name = MYHOSTNAME
server string = MYCOMMENT (Samba %v)
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 127. MYVSERVERIP/MYVSERVERMASK
wins server = MYWINSIP
dns proxy = no
# for french users:
dos charset = 850
unix charset = ISO8859-1
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
use client driver = no
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
</pre>
: \\
...And a working smbusers:
<pre>
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator MYDOMAIN\administrator
nobody = guest pcguest smbguest
</pre>|Signature=ProblematicPrograms}}

{{Question|Question=Cups print server|Details=
: Symptoms: The Cups init script exits with:
<pre>
Starting CUPS printing system: cupsd: Child exited with status 98!
</pre>
: \\
And the logs ({{/var/log/cups/error_log}}) show:
<pre>
E [date:hour...] StartListening: Unable to bind socket for address 0.0.0.0:631 - Address already in use.
</pre>
:...Or something like this.
: \\
With a correct "cupsd.conf file" (Tested version 1.1.21-0.rc1.7mdk, on Mandrake 10.1 - Now Mandriva), it works; All we need is to remove references to {{127.0.0.1}} or {{localhost}} from the file, as well as correctly unsetting the {{Listen}} directive:
<pre>
LogLevel info
TempDir /var/spool/cups/tmp
# No 'Listen' directive !
Port 631
BrowseAddress @LOCAL
BrowseDeny All
BrowseAllow @LOCAL
BrowseOrder deny,allow
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From YOUR_NETWORK_ADDRESS/YOUR_NETMASK # Example: 172.16.0.0/24
# Or
Allow From @LOCAL
</Location>
</pre>
: \\
Then you'll need to modify the {{/etc/init.d/cups}} script, to comment any section referring to {{127.0.0.1}} lookup and configuration. This section exists at least on Mandrake 10.1, and is pretty long (Lines 35 to 55 and/or 79), and additionnaly four "{{else...if}}" lines must be commented far below (Lines 161 to 164) !
: \\
Remember to stop any Cupsd running in the host server, or to start it ''via'' a wrapper {{/etc/init.d/v_cups}} script:
<pre>
#!/bin/sh
# chkconfig: 2345 15 60
# description: Wrapper to start cups bound to a single IP
USR_LIB_VSERVER=/usr/lib/util-vserver
exec $USR_LIB_VSERVER/vsysvwrapper cups $*
</pre>
: \\
Do not forget to give a password to the root user, if you want to ba able to manage your printers from the web interface (http://yourcupsvserver:631)!
<pre>
# passwd root
...
</pre>
: \\
If you use Mandriva 10.1 (And maybe some other distros), you’ll need to add the printers drivers for Cups, and reload it:
<pre>
# urpmi --root /vservers/yourcupsvserver/ cups-drivers
# /etc/init.d/cups reload
</pre>
: \\
…It added 67 Mb of packages for me.
: \\
Then use {{/etc/init.d/v_cups (re)start}} to launch Cups on the host server.
:You will now be able to make Cupsd start in the vserver , but more tweaking on the ACLs may be necessary to avoid authentification problems...|Signature=ProblematicPrograms}}

{{Question|Question=Bind9 on Debian GNU/Linux Woody (3.0) and Sarge (3.1)|Details=
:named provided by the bind9 binary packages fails to start because it is compiled with CAPs option.
: \\
The debian way is to build** your own package without CAPs:
: \\
<pre>
su -
cd /usr/src
apt-get build-dep bind9
apt-get source bind9
cd bind9-x.x.x
vi debian/rules
</pre>
: \\
Insert the following line after "./configure --prefix=/usr \":
: \\
<pre>
--disable-linux-caps \
</pre>
: \\
On a NPTL-enabled system you alse have to replace \\
<pre>
--enable-threads \
</pre>
: with \\
<pre>
--disable-threads \
</pre>
: or bind might refuse to run with an other user than root.
: \\
Save the file and go ahead with compiling/installing:
: \\
<pre>
dpkg-buildpackage
dpkg -i ../bind9-x.x.x.deb
echo "bind9 hold" | dpkg --set-selections
</pre>
: \\
The last line is to set the package "on hold", so it is not touched by the update process. you have to take care of security holes by yourself now!
: \\
The Xs in "bind9-x.x.x" denote the version number of bind9.
: \\

** Alternatively you can allow the CAP_SYS_RESOURCE for that V-Server.

The best way would be to fix bind, which is somehow broken when it comes to capabilities.
Daniel Hokka Zakrisson repaired it. His patch is to be found here:

[http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch bind-9.3.2-caps-when-available.patch]
So, if you recompile, it would be the cleanest way to apply that patch. Thanks Daniel!

It would be also nice, if someone submits that patch to the bind people or maybe to your distribution's package maintainers in the first step.

Get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian bind9 package] for Debian Sid guests. Feedback welcome: aj@net-lab.net|Signature=ProblematicPrograms}}

{{Question|Question=Postfix 2.1.5 (Debian Sarge)|Details=
:On a vserver with two interfaces (lo and eth0), and a postfix 2.1.5 listening on lo, postfix can't send emails : "Invalid argument"... Setting smtp_bind_address (http://www.postfix.org/postconf.5.html#smtp_bind_address) to the external address solves the issue.|Signature=ProblematicPrograms}}

{{Question|Question=Zimbra Mail|Details=
Zimbra is many applications (including Postfix and MySQL and OpenLDAP and more) which try to take over the interfaces, and depend a lot on binding from 127.0.0.1 - it is not hard to change, but there is a couple of tricks - it is documented here - http://wiki.zimbra.com/index.php?title=Install_VServer|Signature=ProblematicPrograms}}

{{Question|Question=xine|Details=
xine won't start with no error message.
"xine --verbose" shows this.
<pre>
ERROR: Could not determine network interfaces, you must use a interfaces config line
</pre>
This happens if you have the xineplug_inp_smb.so plugin. Delete it and everything is fine.|Signature=ProblematicPrograms}}

{{Question|Question=127.0.0.1 issues|Details=
I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as :
:dev lo
:ip 127.0.0.1
:mask 255.0.0.0
:name lo

now interface "1" is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface "0" is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1

Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with "checking for ICMP ping syntax..."

/!\ BIG FAT WARNING: DON'T DO THIS IT WILL ADD VSERVER ACCESS TO THE 127.0.0.1 OF THE HOST (quoting Bertl on irc)

|Signature=ProblematicPrograms}}

{{Question|Question=Hula-project|Details=
Does not want to start :(|Signature=ProblematicPrograms}}

Frequently Asked Questions scratch

2009-05-15T15:50:01Z

Gebura:

== A. General ==
{{Question|Question=Credits||Details=
This FAQ includes information taken from the FAQs of Jacques GÃ©linas and Paul Sladen.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Are there other FAQs available?||Details=
Yes. There are other (mostly older) FAQ's available:
*[http://www.solucorp.qc.ca/howto.hc?projet=vserver Jacques GÃ©linas FAQ]
*[http://www.paul.sladen.org/vserver/faq/ Paul Sladen's vserver FAQ]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find a overview of Linux-VServer?||Details=
*((short presentation))
* [http://en.wikipedia.org/wiki/Linux-VServer Wikipedia Article]
*ProjectOverview (an introduction to the VServer Project, by ChuckD)
*[http://www.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=0 Introduction by Jacques GÃ©linas]
|Signature=Linux-Vserver FAQ}}{{Question|Question=How to verify that a setup is working properly?||Details=
*To verify that your setup works properly, there are some test scripts to check basic functionality.
primarily [http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh testme.sh] and [http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh testfs.sh] (see ((TestScripts)) for more details)|Signature=Linux-Vserver FAQ}}

== B. Requirements ==
{{Question|Question=What hardware is supported by linux-vserver?||Details=
The following platforms are supported in the stable versions of linux-vserver.
*alpha
*i386 and higher (and compatible)
*ia32 / ia64
*mips / mips64
*hppa / hppa64
*ppc / ppc64
*sparc / sparc64
*s390 / s390x
*x86_64 (AMD64)
*uml/xen
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which kernel versions are supported?||Details=
recent 2.4 and 2.6 kernels (stable), recent 2.6 kernels (development).
Some ancient versions of Linux-VServer are backported to 2.2.x kernels. You can find more information [http://vserver.digitalangel.com.au/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I run Linux-vserver on my favorite distribution?||Details=
Linux-VServer was originally developed on Red Hat/Mandriva, but it is rather distribution independent. It runs fine with other distributions (Debian, SuSE). Some distributions run a patched kernel, which can make it a bit harder to build a new kernel with Linux-VServer support|Signature=Linux-Vserver FAQ}}

== C. Versions ==
{{Question|Question=What's the latest version of Linux-VServer?||Details=
You can find the [http://www.13thfloor.at/vserver/s_release latest stable 2.4 release] or [http://www.13thfloor.at/vserver/s_rel26 latest stable 2.6 release] as well as the [http://www.13thfloor.at/vserver/d_rel26 latest development release] at [http://www.13thfloor.at/vserver/ http://www.13thfloor.at/vserver/]
Check out the ((Release FAQ)) for information on releases and version numbering
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find prereleases and release candidates?||Details=
Check the [http://vserver.13thfloor.at/Experimental experimental area] for new patches.|Signature=Linux-Vserver FAQ}}

== D. Tools (util-vserver and vserver) ==
{{Question|Question=What do I need them for?||Details=
These are the userspace tools for Linux-VServer. You need them to use the functionality of Linux-VServer.
|Signature=Linux-Vserver FAQ}}{{Question|Question=What's the difference between vserver and util-vserver?||Details=
The vserver package are the 'legacy utilities', written by Jacques GÃ©linas.
The util-vserver package is a reimplementation of these tools in C by Enrico Scholz, which follows the kernel development more closely.
util-vserver tools are currently considered the mainstream tools (You can't use both packages on the same machine.)
Both packages have their own version numbering. Don't let the version numbering confuse you.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Which version of the tools packages do I need? Do I have to upgrade?||Details=
*:It can be useful to have a recent version of the tools package installed on your box. It's a good idea to upgrade your tools when you upgrade your kernel. In the next list you find the versions you need to have at least, but it's a good idea to use more recent versions.
*linux-vserver 1.00
**vserver 0.26
**util-vserver 0.24
*linux-vserver 1.20
**vserver 0.28
**util-vserver 0.25
*linux-vserver 2.00
**util-vserver 0.30 or 0.30.209|Signature=Linux-Vserver FAQ}}

== E. Download ==
{{Question|Question=Where can I dowload the latest version of:||Details=
*[http://www.13thfloor.at/vserver/ The kernel patch]
*[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*[http://savannah.nongnu.org/files/?group=util-vserver util-vserver]
|Signature=Linux-Vserver FAQ}}{{Question|Question=Distribution specific packages||Details=
*Red Hat
**[http://dns.solucorp.qc.ca/miscprj/s_context.hc?prjstate=1&nodoc=1 vserver]
*Mandrake
**[http://www.13thfloor.at/vserver/s_release/v1.00/ vserver]
*Debian
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver&searchon=names&subword=1&version=all&release=all vserver] - All Linux-VServer-related Debian-packages (Probably slow, +100 results).
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=linux-image-2.6-vserver&searchon=names&subword=1&version=all&release=all Official precompiled kernels] - These are the official Debian kernels compiled with Linux-VServer-support.
**[http://packages.debian.org/cgi-bin/search_packages.pl?keywords=vserver-debiantools&searchon=names&subword=1&version=all&release=all vserver-debiantools] - These scripts install Debian straight off the web from Debian.org's world-wide network of mirrors.
*Gentoo
**[http://dev.croup.de/proj/gentoo-vps/wiki/VserverHowto vserver]|Signature=Linux-Vserver FAQ}}

== F. Network Usage? ==
{{Question|Question=Is IPv6 supported?||Details=
At this moment, only IPv4 (the current most frequently used standard) is supported.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I put my vservers in different networks?||Details=
Yes you can. You have to bind your vserver to a interface on the host machine, but you can choose the interface in the configuration file of your vserver (in /etc/vservers/SERVER.conf). Make sure your host server does have an interface in the network you need on your vserver.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible for a vserver to have a other default gateway than the host machine does use?||Details=
Yes. Use iproute2 to set the default gateway.
You can find more information on routing in linux-vserver in [http://archives.linux-vserver.org/200311/0470.html this posting] on the mailinglist.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I use more than one IP address in a vserver||Details=
Yes you can. Edit the configuration file of the vserver (/etc/vservers/SERVER.conf).
In case you want to use example IP addresses on one interface
IPROOT="10.1.2.3 10.1.2.12"
IPROOTDEV="eth0"
In case you want to use 2 or more interfaces
IPROOT="eth0:10.1.2.3 eth1:10.1.2.12"
IPROOTDEV=""
In case you want to use IP-number in different subnets
IPROOT="eth0:10.1.2.3/255.255.255.0 eth0:10.1.3.12/255.255.0.0"
IPROOTDEV=""
If you are using vserver 2.0+ you have to create subdirectories in /etc/vserver/<vserver-name>/interfaces/
for each IP you want to use, i.e.
/etc/vserver/<vserver-name>/interfaces/0
/etc/vserver/<vserver-name>/interfaces/1
These subdirectories have to contain files with the options you want to set. See the [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html Flower page] for more info
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is it possible to use the real device (eth0, eth1) instead of the device alias created by vserver?||Details=
Yes. Set up the IP aliases yourself on the host server
*Set IPROOT= to those IPs
*Unset IPROOTDEV so the vserver script won't try to setup the IP aliases.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Can I modify the behavior of my vservers?||Details=
There are a number of capabilities and flags that you can modify listed [http://linux-vserver.org/Caps+and+Flags here] (and [http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/lib/cflags-v13.c?rev=HEAD here (cflags-v13.c)]).
|Signature=Linux-Vserver FAQ}}{{Question|Question=Were can I find more information on networking in Linux-VServer?||Details=
You can find more information on the internals of networking in Linux-VServer [http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt here].|Signature=Linux-Vserver FAQ}}

== G. Software compatibility ==
{{Question|Question=Bind does not work in a vserver||Details=
* capset failed
* The bind package expect to have the capability CAP_SYS_RESOURCE.
It expects this because it was compiled this way on Linux and to increase its ulimit.
* By default, a vserver does not have this capability for a good reason, you may have a look at 'man capabilities' to see how much control that capability allows.
* A vserver starts with some ulimit values and can only reduce them, not enlarge them.
* If you know what you are doing, you can give the capability to the vserver running bind.
* A securer solution is to compile bind without that requirement by specifying './configure --disable-linux-caps'
It looks like you only can run bind as root once you compile bind with this option, but this should be fine inside a vserver.
* bind does not respond to queries
* Bind seems to have problems with a query socket check. Bind believes the query is comming on a non-query socket, and doesn't answer the request.
* putting "query-source address YOUR_VSERVER_IP;" in your named.conf solves this problem.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Is DHCP possible in a vserver?||Details=
It's possible to run a DHCP server inside a vserver, but it required a CAP_NET_RAW capability.
The solution for 2.6 kernel with new-style config is to add CAP_NET_RAW entry in the /etc/vserver/<vserver-name>/bcapabilities file, and it might be unnecessary to add 255.255.255.255 into bcast file, please read [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for more details. If you are still use the legacy config, please read the answer below.
It's possible to run a DHCP server inside a vserver, but there is a catch. The set_ipv4root assigns one IP and one broadcast address to a vserver. UDP service listening to 0.0.0.0 (bind any) in a vserver are indeed listening to the vserver IP and vserver broadcast.
This is all they will get. This is fine for most services.
Unfortunately, dhcpd is receiving special broadcasts. Its clients are unaware of their IP number, so they are using special broadcast 255.255.255.255 address.
A vserver generally runs with the broadcast address of the network device (the one used to setup the IP alias). This network device has a broadcast address which is never 255.255.255.255. Those special broadcast are not sent to the vserver. The solution is to set the IPROOTBCAST entry in the vserver configuration file like this IPROOTBCAST=255.255.255.255
Restart your vserver and dhcpd will work. There is a catch (at least with 2.4.18ctx-9). If you are using other services in the save vserver, also relying on broadcast for proper operation (samba for one), they won't operate properly.
One solution would be to enhance the semantics a little: A vserver would listen for its IP address, its broadcast address and also for 255.255.255.255.
The dhcpd case is probably very specific though.

|Signature=Linux-Vserver FAQ}}{{Question|Question=NFS-server||Details=
It's not posible to run a NFS-kernel server inside a vserver, to work securely this would need a lot of work.
You can try to run the NFS userspace server, the traditional Linux user space NFS server and UNFS3 are both reported to work.
take a look at ((NFS and portmap)) if you have problems with your portmap

|Signature=Linux-Vserver FAQ}}{{Question|Question=Run Level Based Distributions as Ververs (Red Hat and such ....)||Details=
If you see errors after the command vserver <name> stop like these:

Syncing hardware clock to system time hwclock is unable to get I/O port access: the iopl(3) call failed FAILED]
Turning off swap: Not superuser. [FAILED]
Turning off quotas: quotaoff: Can't stat() mounted device /dev/hdv1: No such file or directory
Unmounting file systems: umount2: No such file or directory umount: /vservers: not found

Then look for S* links in /etc/rc6.d/ and remove the one responsible for the errors. In RH9 it is called S01reboot
A 'normal' server does some stuff on shutdown, like saving the time to the hwclock, or storing random pool data and finally invokes the reboot. Some of those actions are just not allowed in a vserver.

|Signature=Linux-Vserver FAQ}}{{Question|Question=Vservers and X Windows||Details=
Please see the ((Vservers and X)) page for information about this.

|Signature=Linux-Vserver FAQ}}{{Question|Question=sshd with X11-Forwarding in a vserver||Details=
add ```'X11UseLocalhost no'``` to your sshd_config
|Signature=Linux-Vserver FAQ}}{{Question|Question=See also: [ProblematicPrograms]||Details=
== H. Help ==
|Signature=Linux-Vserver FAQ}}{{Question|Question=Where can I find more information on the Linux-VServer project?||Details=
First have a look at the ((documentation)) section of the website. In case you can't find the answer here, have a look at the mailinglist archives. If this doesn't help jou, there is still a mailinglist and a IRC channel were you can ask for help.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Does the Linux-VServer project have a mailing list?||Details=
Yes. You can subscribe [http://list.linux-vserver.org/mailman/listinfo/vserver here]. Archives are located [http://list.linux-vserver.org/archive/vserver/ here].
|Signature=Linux-Vserver FAQ}}{{Question|Question=Is there a IRC channel ||Details=
Yes, join #vserver on irc.oftc.net.|Signature=Linux-Vserver FAQ}}

== I. Issues ==
{{Question|Question=When starting or entering a vserver I get "''Error: /proc must be mounted''". 'vserver-stat' and 'vps' are failing with "''open("/proc/uptime"): No such file or directory''". Sometimes, other files in /proc are mentioned. What can I do?||Details=
Make sure that in devel and experimental the required proc entries are visible inside a vserver. With alpha utilities, execute the ||Details=vprocunhide||Details= script. See ((Proc-Security)) also.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Inside a vserver I can still use mknod to create devices, even without CAP_MKNOD capability. What's wrong? (this probably applies to all other capabilities but that was not tested)||Details=
This is probably a problem in your kernel configuration. If you include "Enable different security models" (CONFIG_SECURITY), then make sure to also include "Default Linux Capabilities" (CONFIG_SECURITY_CAPABILITIES) or compile it as a module. In this latter case you must insert the 'capability' module into the kernel. This is for example true for current (2.6.8.1) debian kernel configurations.
|Signature=Linux-Vserver FAQ}}{{Question|Question=After stopping/restarting a vserver my network is gone! What the hell?||Details=
See above.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Only root can access any files in the vserver||Details=
Check the permissions of the vserver's / directory. The 2.4 branch's chroot-escape blocker (chmod 0000 and chattr +t) is meant to be applied to the directory containing the vservers (for example /vservers) not the vservers' root directories themselves. If you revoked all permissions for a vserver's root directory, re-grant them with "chmod 0755 /path/to/vserver-root".
|Signature=Linux-Vserver FAQ}}{{Question|Question="daemon() failed: Success" - What? Succesfully failing?||Details=
Not really vserver related but here's the answer: Somebody replaced your /dev/null with a regular file, create a real /dev/null and it will start working again. We got no idea why the error message happens to be so funny(?).
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I start a vserver, "FATAL: kernel too old" message appears and vserver can't be started||Details=
Edit your /etc/vservers/<vsname>/uts/release and define a value greater than kernel version
example, if you have a kernel "2.6.11", set "2005" for example :-)
|Signature=Linux-Vserver FAQ}}{{Question|Question=I switched from old to new configuration and now all my ip addresses are gone!||Details=
They are not, ifconfig just doesn't show them. The new tools use 'iproute' instead of 'ifconfig' which allows you to use multiple interface addresses with the same label. In such cases, ifconfig shows only the first address for each label, which probably isn't available in the vserver. Unless you specify a name for an ip address, it will be given the interface name as label, eg. eth0, and ifconfig breaks. You can assign names to your interface addresses in the vserver configuration, see [[VServerConfiguration]] or [http://www.nongnu.org/util-vserver/doc/conf/configuration.html The Great Flower Page] for details.
Earlier, we said that the interface addresses were "nameless", this was wrong. As said above, the addresses in question actually all have the same name/label. Knowing this we could actually virtualize the ioctl interface which ifconfig uses in a meaningful way, making ifconfig show the vserver's ip addresses as expected, even when it shares its label with other ip addresses (of course only if there aren't multiple ip addresses in the same vserver that share the same label, but that's an ifconfig limitation, not a vserver bug). The [http://www.13thfloor.at/~doener/vserver/patches/diff-2.6.16.5-vs2.0.2-rc16-devinet_ioctl.diff patch] should apply to most Linux-VServer versions for kernel 2.6 and will probably be included in future versions.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I enter/ssh into a vserver I can see all of the interfaces and interface aliases with ifconfig.||Details=
I experienced this after upgrading from a 2.4 to 2.6 kernel with vs-2.0 patch using legacy-method .conf files. Upgrading from legacy-method to the new one (see [http://linux-vserver.org/Legacy-To-Newstyle-Config Converting From Legacy to New]) caused the problem to go away.
|Signature=Linux-Vserver FAQ}}{{Question|Question=I keep my vserver roots on their own devices. I can unmount them but the device (like drbd or lvm) remains in use until all of my vservers are killed off ("Someone has opened the device for RW access").||Details=
When you mount something it is recorded in the current namespace. When you start a vserver it makes copy of the namespace. You can then unmount in the original namespace without any problems, however the device is still in use. This is because the device is still mounted in the new namespace. You can do something like this: "vnamespace -e runningVserver umount /mnt/point". After this you should be able to remove the device (drbdadm secondary /dev/drbd0 or whatever).
More information:
*[http://linux-vserver.org/Namespaces About Namespaces]
*[http://linux-vserver.org/advanced+DRBD+mount+issues DRBD Mount Issues]
*[http://list.linux-vserver.org/archive/vserver/msg11444.html This thread], which deals with the same issue.
*[http://list.linux-vserver.org/archive/vserver/msg10415.html This thread], terse but helpful.
*[http://www.gossamer-threads.com/lists/drbd/users/9282?page=last And this], a thread of related stuff.
WARNING: if you use the kernel cleanup feature then make sure you know what you are doing. I didn't, it was ugly.
|Signature=Linux-Vserver FAQ}}{{Question|Question=When I stop a vserver its network alias does not go away, I am getting 'RTNETLINK answers: Cannot assign requested address||Details='
Try running 'ip addr' and see if the interface names are being truncated (note: I came across a thread that seems to suggest that this might happen even if the interface name is not being truncated?). The function that kills the interface specifies its name, if it is truncated then 'ip' will not be able to find the interface.
Another cause might be that the IP was added (or already present at startup) with a different netmask, and therfore can not be removed properly
My solution to this is very, very gross. Open up your vserver.functions file and find the disableInterfaces function. If you change
IP_ADDR) $_IP addr del "$@";;
to
IP_ADDR) $(echo $_IP addr del "$@"|sed 's/broadcast + label [^[:space:]]\+//');;
then ip will try to delete the interface by its IP alone.
Anyone with a better solution is strongly encouraged to modify this entry.
|Signature=Linux-Vserver FAQ}}{{Question|Question=Why does the vserver run on a BSD fs (ufs) ?!||Details=
* I see something like: /dev/hdv1 / ufs defaults 0 0
The ufs part is correct and it is so to trick the quota tools to not try to lowlevel access the fs. The entry is FAKE anyway, ufs just solved this quota userland issue nicely (more or less).
* For details see: [http://list.linux-vserver.org/archive/vserver/msg09133.html] and [http://archives.linux-vserver.org/200401/0232.html]
* When I issue a ping it returns:
[root@VServerGuest /]# ping 123.123.123.123
connect: Invalid argument
* When I issue a DNS lookup it returns:
[root@VServerGuest /]# host www.yahoo.ca
socket.c: internal_send: 222.222.222.222#53: Invalid argument
;; connection timed out; no servers could be reached
* When I try to run vyum it returns:
[root@VServerGuest /]# vyum VServerGuest -- check-update
Cannot find a valid baseurl for repo: core
Error: Cannot find a valid baseurl for repo: core
Make sure that you have either a Public IP setup on the VServer Guest, or that you have a proper SNAT/DNAT rules setup on your VServer Host. After that, restart the vserver guest with the verbose option to see what your ipv4root is set to:
[root@VServerGuest /]# vserver -v VServerGuest start
ipv4root is now 127.0.0.10 111.111.111.111
New security context is 49156
You must make sure the order of the interfaces are correct. The very first Interface (decided upon by alphabetical order of the interface directory name) for the VServer is the default IP used for all network connections. This must be either a public IP or an IP that has been D/SNAT'd.
|Signature=Linux-Vserver FAQ}}

== G. Problematic Programs ==
Some programs do things that might work on a normal host but not inside a V-Server. This is often not a fault of V-Server itself, the programs are doing automagic things which fail and no proper error handling is done. Also sometimes the actions need special rights which are not permitted by default in V-Servers. Allowing CAPs is often not necessary since those special CAPs are only required once (e.g. when the program initializes the directories/settings/whatever).

{{Question|Question=OpenGroupware Apache Module
||Details=If your V-Server doesn't have access to localhost, then the connection to the !OpenGroupware server will fail with a "Internal Server Error".
The apache module for !OpenGroupware called mod_ngobjweb uses a hardcoded "127.0.0.1" IP address in the source (handler.c line 339), this line you need to change to the IP address that should be used (the IP of the V-Server that runs the OpenGroupware server)|Signature=ProblematicPrograms}}

{{Question|Question=Hylafax (with CAPI)|Details=
:If you want to run hylafax in a V-Server, you will get a CAP and device problem which can be easily solved. First you need your capi20 devices in your V-Server, which can't be created by ./MAKEDEV (requires special CAPs) so copy the devices into the V-Server, like this (command run on the host):
:cp -aR /dev/capi* /vservers/your_vserver/dev
:Now hylafax can access your CAPI ISDN card but will exit after a few seconds, the problem is it tries to create a /dev/null nod in the hylafax chroot. This fails because of missing CAPs, so lets help hylafax again with copying the nod into the hylafax chroot in the V-Server. Like this (command run on the host):
:cp -aR /dev/null /vservers/your_vserver/var/spool/hylafax/dev
:Allright, now hylafax should have CAPI access and run properly.|Signature=ProblematicPrograms}}

{{Question|Question=Links inside screen inside a V-Server|Details=
:Don't know why, but links crashes systematically being inside a screen session inside a V-Server started outside a V-Server. (please elaborate!)|Signature=ProblematicPrograms}}

{{Question|Question=screen inside a VServer|Details=

<pre>

[root@ge root]# vserver zoe enter

zoe:/# screen
Cannot open your terminal '/dev/pts/5' - please check.

zoe:/# strace screen
...
stat64("/dev/pts/5", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 5), ...}) = 0
open("/dev/pts/5", O_RDWR|O_NONBLOCK) = -1 EACCES (Permission denied)

</pre>

:is neither a bug nor an issue with screen, it just shows that a vserver context is not allowed to mess with host terminals. either use ssh/telnet to reach the 'guest' or start the screen session before you do the 'enter' (i.e. on the host)|Signature=ProblematicPrograms}}

{{Question|Question=!OpenLDAP Startup|Details=
:slapd needs name resolution available in order to start up, otherwise it appears to hang. Make sure you have working DNS (or whatever) available to your vserver before starting one with slapd. This behavior is confirmed in my setup, no confirmation from others yet. My Setup: vservers all bind to an interface on a DMZ-like network segment, BIND runs on a vserver. slapd would hang at startup if the BIND vserver had not been started first.|Signature=ProblematicPrograms}}

{{Question|Question=rndc|Details=
:Bind's rndc has a hardcoded 127.0.0.1 somewhere so any command to rndc will fail with connection refused.
:You should have a reachable localhost address defined in /etc/hosts and then you can use rndc -s localhost command
:You can make a rndc.conf and set the default-server option, like that the '-s localhost' isn't necessary.|Signature=ProblematicPrograms}}

{{Question|Question=Asterisk|Details=
:Since some version of Asterisk (at least since 1.0.2), it will not run anymore. On start it fails with: "Unable to set high priority"
:This can be solved by allowing CAP_SYS_NICE for that VServer.
:You can also not run Asterisk with the realtime priority :
:Just pass the '-p' command ligne argument to disable the read-time priority.
:.
:Good doc on setting up Asterisk devices in the vserver:
:http://www.telephreak.org/papers/vpa/|Signature=ProblematicPrograms}}

{{Question|Question=Open/!FreeSwan|Details=
:Fails because of writing to /proc (requires patch)
:TODO: write me|Signature=ProblematicPrograms}}

{{Question|Question=Samba|Details=
:Oplocks don't work as smbd insists on receiving break requests from 127.0.0.1 \\
Just patch source/smbd/oplock.c (commenting paranoid code)
<pre>
+++ oplock.c.orig 2005-02-14 14:27:51.000000000 +0200
--- oplock.c 2005-02-02 12:27:50.000000000 +0200
@@ -181,14 +181,12 @@
return False;
}

+#if 0
/* Validate message from address (must be localhost). */
if(from.sin_addr.s_addr != htonl(INADDR_LOOPBACK)) {
DEBUG(0,("receive_local_message: invalid 'from' address \
(was %lx should be 127.0.0.1)\n", (long)from.sin_addr.s_addr));
return False;
}
+#endif

/* Setup the message header */
SIVAL(buffer,OPBRK_CMD_LEN_OFFSET,msg_len);
</pre>
or if you don't want to patch the samba source code you can disable oplock in Samba and it will work too!
Just put the following in your smb.conf:
<pre>
kernel oplocks = no
oplocks = no
</pre>

Note: The Vserver using Samba should also listen on the broadcast address. Thereby you will not be able to have two samba servers in the same net (on the same broadcast). |Signature=ProblematicPrograms}}

{{Question|Question=Samba from Debian 3.1|Details=
The samba deb in sarge (3.1) provided file sharing. The only oddity observed is that the vserver guest running samba did not appear in a windows box's 'My Network Places'
Use a WINS server. The SMB browsing protocol relies heavily on broadcasts on the local net, which are problematic with vservers. WINS resolution on the other hand is unicast and works flawlessly under vserver.|Signature=ProblematicPrograms}}

{{Question|Question=Samba printer and file server with cups|Details=
:Samba runs correctly in a Mandriva (Mdk) 10.1 Vserver, (Apart from the above oplock problem ?).
: \\
First, edit your {{/etc/sysconfig/network}} file, and set {{networking}} to {{yes}} (This will solve problems for other services !):
<pre>
# cat /etc/sysconfig/network
NETWORKING=yes
</pre>
: \\
Some more tweaking is needeed in {{/etc/smb.conf}}:
<pre>
# cat /etc/smb.conf
...
# YOUR VSERVER IP/MASK HERE
interfaces = xxx.xxx.xxx.xxx/mask
...
</pre>
: \\
That's all !!!
: \\
But if you're using Samba + Cups to provide printing for Windows clients, AND if you want to use the {{Point and Print}} feature, there is more: In the {{[printers]}} section of your {{smb.conf}}, you should have the {{use client drivers}} directive set to {{no}}, or the driver upload procedure will fail !
<pre>
# cat /etc/smb.conf
...
use client driver = no
...
</pre>
: \\
So, here is a full {{smb.conf}} file:
<pre>
# cat /etc/samba/smb.conf | awk '!/^$/ && !/^\s*(#|;)/ {print $0}'
[global]
workgroup = MYDOMAIN
netbios name = MYHOSTNAME
server string = MYCOMMENT (Samba %v)
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
log file = /var/log/samba/log.%m
max log size = 50
map to guest = bad user
security = domain
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers
idmap uid = 10000-20000
idmap gid = 10000-20000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = 127. MYVSERVERIP/MYVSERVERMASK
wins server = MYWINSIP
dns proxy = no
# for french users:
dos charset = 850
unix charset = ISO8859-1
[homes]
comment = Home Directories
browseable = no
writable = no
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
use client driver = no
[print$]
path = /var/lib/samba/printers
browseable = yes
write list = @adm root
guest ok = yes
inherit permissions = yes
</pre>
: \\
...And a working smbusers:
<pre>
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator MYDOMAIN\administrator
nobody = guest pcguest smbguest
</pre>|Signature=ProblematicPrograms}}

{{Question|Question=Cups print server|Details=
: Symptoms: The Cups init script exits with:
<pre>
Starting CUPS printing system: cupsd: Child exited with status 98!
</pre>
: \\
And the logs ({{/var/log/cups/error_log}}) show:
<pre>
E [date:hour...] StartListening: Unable to bind socket for address 0.0.0.0:631 - Address already in use.
</pre>
:...Or something like this.
: \\
With a correct "cupsd.conf file" (Tested version 1.1.21-0.rc1.7mdk, on Mandrake 10.1 - Now Mandriva), it works; All we need is to remove references to {{127.0.0.1}} or {{localhost}} from the file, as well as correctly unsetting the {{Listen}} directive:
<pre>
LogLevel info
TempDir /var/spool/cups/tmp
# No 'Listen' directive !
Port 631
BrowseAddress @LOCAL
BrowseDeny All
BrowseAllow @LOCAL
BrowseOrder deny,allow
<Location />
Order Deny,Allow
Deny From All
Allow From @LOCAL
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From YOUR_NETWORK_ADDRESS/YOUR_NETMASK # Example: 172.16.0.0/24
# Or
Allow From @LOCAL
</Location>
</pre>
: \\
Then you'll need to modify the {{/etc/init.d/cups}} script, to comment any section referring to {{127.0.0.1}} lookup and configuration. This section exists at least on Mandrake 10.1, and is pretty long (Lines 35 to 55 and/or 79), and additionnaly four "{{else...if}}" lines must be commented far below (Lines 161 to 164) !
: \\
Remember to stop any Cupsd running in the host server, or to start it ''via'' a wrapper {{/etc/init.d/v_cups}} script:
<pre>
#!/bin/sh
# chkconfig: 2345 15 60
# description: Wrapper to start cups bound to a single IP
USR_LIB_VSERVER=/usr/lib/util-vserver
exec $USR_LIB_VSERVER/vsysvwrapper cups $*
</pre>
: \\
Do not forget to give a password to the root user, if you want to ba able to manage your printers from the web interface (http://yourcupsvserver:631)!
<pre>
# passwd root
...
</pre>
: \\
If you use Mandriva 10.1 (And maybe some other distros), you’ll need to add the printers drivers for Cups, and reload it:
<pre>
# urpmi --root /vservers/yourcupsvserver/ cups-drivers
# /etc/init.d/cups reload
</pre>
: \\
…It added 67 Mb of packages for me.
: \\
Then use {{/etc/init.d/v_cups (re)start}} to launch Cups on the host server.
:You will now be able to make Cupsd start in the vserver , but more tweaking on the ACLs may be necessary to avoid authentification problems...|Signature=ProblematicPrograms}}

{{Question|Question=Bind9 on Debian GNU/Linux Woody (3.0) and Sarge (3.1)|Details=
:named provided by the bind9 binary packages fails to start because it is compiled with CAPs option.
: \\
The debian way is to build** your own package without CAPs:
: \\
<pre>
su -
cd /usr/src
apt-get build-dep bind9
apt-get source bind9
cd bind9-x.x.x
vi debian/rules
</pre>
: \\
Insert the following line after "./configure --prefix=/usr \":
: \\
<pre>
--disable-linux-caps \
</pre>
: \\
On a NPTL-enabled system you alse have to replace \\
<pre>
--enable-threads \
</pre>
: with \\
<pre>
--disable-threads \
</pre>
: or bind might refuse to run with an other user than root.
: \\
Save the file and go ahead with compiling/installing:
: \\
<pre>
dpkg-buildpackage
dpkg -i ../bind9-x.x.x.deb
echo "bind9 hold" | dpkg --set-selections
</pre>
: \\
The last line is to set the package "on hold", so it is not touched by the update process. you have to take care of security holes by yourself now!
: \\
The Xs in "bind9-x.x.x" denote the version number of bind9.
: \\

** Alternatively you can allow the CAP_SYS_RESOURCE for that V-Server.

The best way would be to fix bind, which is somehow broken when it comes to capabilities.
Daniel Hokka Zakrisson repaired it. His patch is to be found here:

[http://daniel.hozac.com/stuff/bind-9.3.2-caps-when-available.patch bind-9.3.2-caps-when-available.patch]
So, if you recompile, it would be the cleanest way to apply that patch. Thanks Daniel!

It would be also nice, if someone submits that patch to the bind people or maybe to your distribution's package maintainers in the first step.

Get my [http://linux-vserver.derjohn.de/bind9-packages/bind9-capacheck_9.3.2-2_i386.deb vserver-guest-ready Debian bind9 package] for Debian Sid guests. Feedback welcome: aj@net-lab.net|Signature=ProblematicPrograms}}

{{Question|Question=Postfix 2.1.5 (Debian Sarge)|Details=
:On a vserver with two interfaces (lo and eth0), and a postfix 2.1.5 listening on lo, postfix can't send emails : "Invalid argument"... Setting smtp_bind_address (http://www.postfix.org/postconf.5.html#smtp_bind_address) to the external address solves the issue.|Signature=ProblematicPrograms}}

{{Question|Question=Zimbra Mail|Details=
Zimbra is many applications (including Postfix and MySQL and OpenLDAP and more) which try to take over the interfaces, and depend a lot on binding from 127.0.0.1 - it is not hard to change, but there is a couple of tricks - it is documented here - http://wiki.zimbra.com/index.php?title=Install_VServer|Signature=ProblematicPrograms}}

{{Question|Question=xine|Details=
xine won't start with no error message.
"xine --verbose" shows this.
<pre>
ERROR: Could not determine network interfaces, you must use a interfaces config line
</pre>
This happens if you have the xineplug_inp_smb.so plugin. Delete it and everything is fine.|Signature=ProblematicPrograms}}

{{Question|Question=127.0.0.1 issues|Details=
I had problems with an application that wanted me to access it on 127.0.0.1 and AS 127.0.0.1 to be able to do its configuration. A simple tweak solved the problem. I renamed the default interface directory "0" in /etc/vservers/server/interfaces to "1" and created interface 0 as :
:dev lo
:ip 127.0.0.1
:mask 255.0.0.0
:name lo

now interface "1" is the default created interface by the vserver build script with a local adress like 192.168.1.2 and interface "0" is the loopback. I can now telnet on 127.0.0.1 and it sees that im connecting to 127.0.0.1 from 127.0.0.1

Compiling nagios-1.4 within a vserver requires this, otherwise it hangs during the configure with "checking for ICMP ping syntax..."|Signature=ProblematicPrograms}}

/!\ BIG FAT WARNING: DON'T DO THIS IT WILL ADD VSERVER ACCESS TO THE 127.0.0.1 OF THE HOST (quoting Bertl on irc)

{{Question|Question=Hula-project|Details=
Does not want to start :(|Signature=ProblematicPrograms}}

util-vserver:Vhashify

2009-03-31T22:37:14Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"

5A:
* looks like you already had the symlink setup.
<code>ls -l /etc/vservers/.defaults/apps/vunify/hash</code>

<code>[...]</code>

<code>lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash </code>

<code>lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /var/lib/vservers/.hash </code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:32:19Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>ls -l /etc/vservers/.defaults/apps/vunify/hash</code>

<code>[...]</code>

<code>lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash </code>

<code>lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /var/lib/vservers/.hash </code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:32:01Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>ls -l /etc/vservers/.defaults/apps/vunify/hash</code>

<code>[...]</code>

<code>lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash </code>

<code>lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash </code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:31:45Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>ls -l /etc/vservers/.defaults/apps/vunify/hash</code>

<code>[...]</code>

<code>lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash </code>

<code>lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash </code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:31:29Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>ls -l /etc/vservers/.defaults/apps/vunify/hash</code>
<code>[...]</code>
<code>lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash </code>
<code>lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash </code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:30:57Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<quote>ls -l /etc/vservers/.defaults/apps/vunify/hash
[...]
lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash
lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash
</quote>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:30:39Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>ls -l /etc/vservers/.defaults/apps/vunify/hash
[...]
lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash
lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash
</code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:30:13Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>
ls -l /etc/vservers/.defaults/apps/vunify/hash

[...]

lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash

lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash

</code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:29:56Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
<code>
ls -l /etc/vservers/.defaults/apps/vunify/hash
[...]
lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash
lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash
</code>
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

util-vserver:Vhashify

2009-03-31T22:29:24Z

Gebura: /* Mini FAQ */

== All about vunify / vhashify ==

Some collected wisdom about the vunify/vhashify functionality:

* "unification" is the process of replacing files with hardlinks to identical files in other vservers (or, in the case of vhashify, more precisely to a common base); for security, the files are then supplied with immutable-but-unlinkable flags (a vserver speciality), and recently COW link capability has been added to vserver (2.2+), which means that when such a file is being modified, the hardlink is automatically dissolved and the contents copied (CONFIG_VSERVER_COWBL).

* vhashify is the successor to vunify; vunify only looks at files at identical relative paths and links them if they are identical; vhashify builds hash values over the contents of ''all'' (non-excluded) files and links them into a common base directory, or unifies them with pre-existing links there. So running hashification on multiple vservers will effectively hard link their identical files.

* You don't call the vhashify tool directly (which lives in lib/util-vserver/), but let the "vserver" multipurpose script do the work:

vserver <vserver-name> hashify

* The guest needs to be running for the above because vhashify may try to figure out what files not to hashify by calling the package manager of the guest via <tt>vserver exec</tt>; the reason for this is that it tries not to unify config files because they couldn't be written to afterwards unless COW links are supported (which is a recent addition), which may be a hassle (unlike with program/library files which are not overwritten but replaced on upgrades). The details of how the list of config files is retrieved can be found in <tt>scripts/vpkg</tt> (<tt>lib/util-vserver/vpkg</tt> after installation), which is called by the vhashify program (through MatchList_initManually). Currently this means redhat|mandrake and debian are supported. It is looking at a XXX/style file (what's XXX?) for finding out which distribution a guest is running (can this be a problem?) -> open questions to be looked at.
* To prevent vhashify from getting a list of config files from the packagemgt system, see the <tt>pkgmgmt-ignore</tt> and <tt>pkgmgmt-force</tt> options in <tt>/etc/vservers/.defaults/apps/vunify</tt> or per-vserver configuration directory. If you disable this, you might want to set a manual exclude list, when the default <tt>/usr/lib/util-vserver/defaults/vunify-exclude</tt> is not sufficient.
* See <tt>/etc/vservers/<vserver-name>/apps/vunify/exclude</tt> on the flower page for a meaning of the <tt>exclude</tt> file.



=== Backups ===

Be careful to restore the link flags when making or restoring from backups, or vservers won't be safely parted anymore. Do either of the following:

* use tools which backup and restore the link flags ("dump" and "restore" might work, the writer of these lines has not tested them)

* back up the directory containing the hashes, too (<tt>/vservers/.hash</tt> when following the suggested configuration directives); for restoring from the backup, also restore the .hash directory, then run setattr over all files contained therein; this should work (not yet tested!):

find /vservers/.hash -type f -print0|xargs -0 setattr --iunlink --

* (back up and) restore each vserver individually, so no hardlinks to other vservers are created. Then run hashify. (Be aware that you need more space until hashify has run, so restoring from a backup onto a partition of equal size might not work.)

=== Cleanup ===
Remove non referenced files

find /vservers/.hash -type f -links 1 -exec rm -v '{}' ';'

=== Mini FAQ ===

1Q: <serek> so after cloning, i need to dist-upgrade each vserver separately but finally they will use the same files, right?

1A: <Bertl> you can upgrade all at once or separately, whenever you run vhashify on them, identical data will be linked together

2Q: <serek> may vhashify two existing hosts as well, right?

2A: <Bertl> yep, anytime

3Q: <fluor-> < Bertl> you can upgrade all at once or separately <- what would the "all at once" method be?

3A: <Bertl> depends on the package management, for most common management mechanisms, there is vapt, vyum, and vrpm

Note that "all at once" doesn't mean "simultaneously", just "with a single command". When you mass upgrade your vservers, their identical files won't be hardlinked together until you run vserver hashify again on each of them. This means you'll need a lot more disk space until you vhashify. And don't forget to remove hashed files that no longer have other hard links.

4Q: What does the syntax -/+/~ refer to in the vunify-exclude file ?

4A:
* - Means exclude : Default operation (same as no modifier)
* + Means include : Allow you to include file/folder in a excluded folder
* ~ Means skip : ??

5Q: I have got the message "Duplicate hash-dir entry 'root' found"
4A:
* looks like you already had the symlink setup.
ls -l /etc/vservers/.defaults/apps/vunify/hash
[...]
lrwxrwxrwx 1 root root 23 mar 1 00:19 00 -> /var/lib/vservers/.hash
lrwxrwxrwx 1 root root 15 avr 1 00:00 root -> /vservers/.hash
* Remove the link /etc/vservers/.defaults/apps/vunify/hash/root

=== See also ===

* [[util-vserver:Documentation]] or maybe rather the [http://www.nongnu.org/util-vserver/doc/conf/configuration.html "Flower Page"]
* [[Frequently_Asked_Questions#What_is_unification_.28vunify.29.3F]]

ProcFS

2009-03-01T01:06:10Z

Gebura: /* Context specific information */

Information about currently running contexts can be found inside the /proc/virtual and /proc/virtnet directory. All information provided there is read-only, i.e. it cannot be used to change any values like other entries in /proc may do. Because it usually is world-readable you do not have to gain root access to look at this information.

Beside this information you can also control various debugging related settings using /proc/sys/vserver/debug if you have enabled debugging in your kernel configuration.

'''Note:''' The examples and descriptions are based on the 2.1.1 kernel patch. If you're using a previous version some information may not be present and/or available with a slightly different name.

== Generic information ==

Currently there is only one file with generic information about the vserver host, that is /proc/virtual/info:

=== info ===

<pre>
# cat /proc/virtual/info
VCIVersion: 0002:0002
VCISyscall: 236
VCIKernel: 03000016
</pre>

; VCIVersion : Current API version of the kernel
; VCISyscall : Syscall number of the vserver syscall
; VCIKernel : Bitmask of the CONFIG_VSERVER kernel configuration options

Beside ''VCIKernel'' the information provided in this file can also be gathered using the ''vserver-info'' utility from util-vserver.

<pre>
# vserver-info
Versions:
Kernel: 2.6.17-2-vserver-amd64
VS-API: 0x00020002
util-vserver: 0.30.210; Sep 30 2006, 23:55:41
Features:
CC: gcc, gcc (GCC) 4.1.2 20060928 (prerelease) (Debian 4.1.1-15)
CXX: g++, g++ (GCC) 4.1.2 20060928 (prerelease) (Debian 4.1.1-15)
CPPFLAGS: ''
CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time'
CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'
build/host: x86_64-pc-linux-gnu/x86_64-pc-linux-gnu
Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,fscompat,v13,net,oldproc,olduts
ext2fs Source: e2fsprogs
syscall(2) invocation: alternative
vserver(2) syscall#: 236/glibc
</pre>

== Context specific information ==

=== info ===
<pre>
# cat /proc/virtual/<xid>/info
ID: 1001
Info: 83c37000
Init: 0
</pre>

; ID : Context ID
; Info : Memory location of the vx_info structure
; Init : Real PID of the init process

=== status ===

This file contains general status information.

<pre>
# cat /proc/virtual/<xid>/status
UseCnt: 38
Tasks: 16
Flags: 0000000002020010
BCaps: 00000000344c04ff
CCaps: 0000000000000101
</pre>

; UseCnt : References to the vx_info struct
; Tasks : Number of processes (tasks) inside the context
; Flags : [[Capabilities and Flags]]
; BCaps : [[Capabilities and Flags]]
; CCaps : [[Capabilities and Flags]]

=== sched ===

This file contains information about the [[CPU Scheduler]].

<pre>
# cat /proc/virtual/<xid>/sched
FillRate: 1,1
Interval: 4,8
TokensMin: 15
TokensMax: 125
PrioBias: 0
VaVaVoom: 0
cpu 0: 0 0 0 0 0 R- 62 15 125 1/4 1/8
</pre>

; FillRate : Number of tokens filled into the bucket at each interval
; Interval : Number of jiffies between each fill interval
; TokensMin : Minimum number of tokens to be scheduled
; TokensMax : Maximum number of tokens in the bucket
; PrioBias : Priority bias
; VaVaVoom : The calculated priority bonus a guest gets
; cpu X
: Ticks spent in user-space
: Ticks spent in kernel-space
: Ticks spent on hold
: Token time ??
: Idle time ??
: On hold (H) or running (R)
: Uses IDLE time (I) or not (-)
: Current number of tokens
: Minimum number of tokens to be scheduled
: Maximum number of tokens in the bucket
: Minimum number of tokens to be scheduled (IDLE time setting)
: Maximum number of tokens in the bucket (IDLE time setting)

=== cacct ===

This file contains information about [[Context Accounting]], including socket accounting and slab allocator accounting.

<pre>
# cat /proc/virtual/<xid>/cacct
Type recv #/bytes send #/bytes fail #/bytes
UNSPEC: 0/0 0/0 0/0
UNIX: 0/0 0/0 0/0
INET: 0/0 0/0 0/0
INET6: 0/0 0/0 0/0
PACKET: 0/0 0/0 0/0
OTHER: 0/0 0/0 0/0

slab: 0 0 4294965416 0

page[0]: 0 0 0 0 0 0 0 0
page[1]: 0 0 0 0 0 0 0 0
page[2]: 0 0 0 0 0 0 0 0
page[3]: 0 0 0 0 0 0 0 0
page[4]: 0 0 0 0 0 0 0 0
</pre>

=== cvirt ===

This file contains information about virtualized data, including context uptime bias, utsname settings, thread information and load average.
Note: some fields are moved in nsproxy file with vs2.3.x.

<pre>
# cat /proc/virtual/<xid>/cvirt
BiasUptime: 49.73
SysName: Linux
NodeName: XXXX.test.org
Release: 2.6.11-rc5
Version: #12 Sun Feb 27 01:07:29 CET 2005
Machine: i686
DomainName:
nr_threads: 16
nr_running: 0
nr_unintr: 0
nr_onhold: 0
load_updates: 14585
loadavg: 0.00 0.00 0.00
total_forks: 272
</pre>

; BiasUptime : Context uptime bias (System uptime - BiasUptime = Context uptime)
; SysName : Kernel name
; NodeName : Network node hostname
; Release : Kernel release
; Version : Kernel version
; Machine : Machine hardware name
; DomainName : Network node domainname
; nr_threads : Total number of threads
; nr_running : Number of running threads
; nr_unintr : Number of uninterruptible threads
; nr_onhold : Number of threads on hold
; load_updates : Total number of load average updates
; loadavg : Number of jobs in the run queue averaged over 1, 5, and 15 minutes
; total_forks : Total number of forks

=== nsproxy ===

Vs 2.3.x (experimental) only.

<pre>
NSProxy: ffff81000460d338 [ffff81007cca9bc0,ffff8100378d5800,ffff8100378e7600]
Namespace: ffff81007cca9bc0 [#2]
RootPath: /
SysName: Linux
NodeName: lenny-amd64
Release: 2.6.26-1-vserver-amd64
Version: #1 SMP Sat Jan 10 19:46:42 UTC 2009
Machine: x86_64
DomainName: (none)
SEMS: 250 32000 32 128 0
MSG: 8192 16384 286
SHM: 33554432 2097152 4096 0
</pre>

=== limit ===

This file contains information about [[Resource Limits]], including [[Context Accounting]] (i.e these do not appear in cacct).

<pre>
# cat /proc/virtual/<xid>/limit
Limit current min/max soft/hard hits
PROC: 2 2/ 2 -1/ -1 0
VM: 4024 4024/ 4024 -1/ -1 0
VML: 0 0/ 0 -1/ -1 0
RSS: 50 50/ 50 -1/ -1 0
ANON: 33 33/ 33 -1/ -1 0
FILES: 19 19/ 19 -1/ -1 0
OFD: 5 5/ 5 -1/ -1 0
LOCKS: 0 0/ 0 -1/ -1 0
SOCK: 2 2/ 2 -1/ -1 0
MSGQ: 0 0/ 0 -1/ -1 0
SHM: 0 0/ 0 -1/ -1 0
SEMA: 0 0/ 0 -1/ -1 0
SEMS: 0 0/ 0 -1/ -1 0
DENT: 2315 2315/ 2315 -1/ -1 0
</pre>

; Limit : Limit name/identifier
; current : Current value
; min : Minimum value since the last reset
; max : Maximum value since the last reset
; soft : Soft limit
; hard : hard limit
; hits : Total amount of current reaching hard

== Debugging Control ==

The /proc/sys/vserver/debug directory is only present if you have enabled CONFIG_VSERVER_DEBUG during kernel compilation.

To enable debugging you can use a command similar to the following to enable debugging. Please see [[Kernel Debugging]] for more information.

<pre>
# echo 255 >/proc/sys/vserver/debug_switch
</pre>