| View previous topic :: View next topic |
| Author |
Message |
Theasker
l33t
Joined: 18 Nov 2006
Posts: 656
Location: Zaragoza (Spain)
|
 Posted: Thu Sep 17, 2009 11:56 am Post subject: [OpenVZ] network |
 |
|
Anybody know how to configure the network for openvz?, I find information to do so and I have no knowledge to the bridge or what he has to do.
thanks in advance
_________________
"Oigo y olvido. Veo y recuerdo. Hago y comprendo" |
|
| Back to top |
|
 |
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2792
Location: Pittsburgh, PA, USA
|
| Posted: Mon Sep 21, 2009 2:38 am Post subject: |
|
|
Using a bridge with openvz is not necessary. In the 5 or so HW nodes I have only 2 of them are using a bridge.
However I can tell you one area you may run into trouble. The default script that initializes the network for gentoo does not work or at least not as expected.
Here is part of my /etc/vz/200.conf file that I have on the machine I am typing from:
| Code: | # CPU fair sheduler parameter
CPUUNITS="1000"
OFFLINE_MANAGEMENT="yes"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="gentoo-20060317-amd64-stage3"
ORIGIN_SAMPLE="vps.basic"
IP_ADDRESS="192.168.1.240"
HOSTNAME="vs_svn"
NAME="vs_svn" |
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
marksteven
n00b
Joined: 21 Sep 2009
Posts: 3
|
| Posted: Tue Sep 22, 2009 10:06 am Post subject: |
|
|
Hi,
Kernel module
First of all, check that vznetdev module is loaded:
# lsmod | grep vznetdev
If it is not, load the module:
# modprobe vznetdev
You might want to check /etc/init.d/vz script to make sure the module gets loaded during startup.
Adding IP address to a container
vzctl set <CTID> --ipadd <IP1>[,<IP2>,...] [--save]
Note: This option is incremental, so IP addresses are added to already existing ones.
Example
vzctl set 101 --ipadd 10.0.0.1 --save
After executing this command IP address 10.0.0.1 will be added to container 101 and IP configuration will be saved to a container configuration file.
Removing IP address from a container
vzctl set <CTID> --ipdel <IP1>[,<IP2>,...] [--save]
vzctl set <CTID> --ipdel all [--save]
Example
vzctl set 101 --ipdel 10.0.0.1
After executing this command IP address 10.0.0.1 will be removed from container 101, but IP configuration will not be changed in container config file. And after container reboot IP address 10.0.0.1 will be assigned to this container again.
Thanks for sharing this information.
_________________
fetes des meres
Last edited by marksteven on Thu Sep 24, 2009 9:33 am; edited 1 time in total |
|
| Back to top |
|
|
Theasker
l33t
Joined: 18 Nov 2006
Posts: 656
Location: Zaragoza (Spain)
|
| Posted: Tue Sep 22, 2009 8:16 pm Post subject: |
|
|
| marksteven wrote: | Hi,
Kernel module
First of all, check that vznetdev module is loaded:
# lsmod | grep vznetdev
If it is not, load the module:
# modprobe vznetdev
|
| Code: | # modprobe vznetdev
FATAL: Module vznetdev not found.
# modprobe vznetdev
FATAL: Module vznetdev not found. |
| marksteven wrote: |
You might want to check /etc/init.d/vz script to make sure the module gets loaded during startup.
Adding IP address to a container
|
| Code: | # /etc/init.d/vz start
* Service vz starting
failed to load module vzmon [ !! ]
* ERROR: vz failed to start
|
| marksteven wrote: |
vzctl set <CTID> --ipadd <IP1>[,<IP2>,...] [--save]
Note: This option is incremental, so IP addresses are added to already existing ones.
Example
vzctl set 101 --ipadd 10.0.0.1 --save
After executing this command IP address 10.0.0.1 will be added to container 101 and IP configuration will be saved to a container configuration file.
Removing IP address from a container
vzctl set <CTID> --ipdel <IP1>[,<IP2>,...] [--save]
vzctl set <CTID> --ipdel all [--save]
Example
vzctl set 101 --ipdel 10.0.0.1
After executing this command IP address 10.0.0.1 will be removed from container 101, but IP configuration will not be changed in container config file. And after container reboot IP address 10.0.0.1 will be assigned to this container again.
Thanks for sharing this information. |
| This is the process I followed to install OpenVZ wrote: | # emerge openvz-sources
boot with the kernel openvz
echo "sys-cluster/vzctl ~x86" >> /ect/portage/package.keywords
/etc/sysctl.conf
# OpenVZ
# packet forwarding enabled and proxy arp disabled
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.default.proxy_arp = 0
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
# Enables the magic-sysrq key
kernel.sysrq = 1
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
# sysctl -p
# /etc/init.d/vz start
* Service vz starting
failed to load module vzmon [ !! ]
* ERROR: vz failed to start
/etc/conf.d/net
modules=( "iwconfig" )
iwconfig_wlan0="mode ad-hoc"
essid_ath0="TheaskerWiFi"
config_ath0=( "192.168.0.69/24" )
routes_ath0=( "default via 192.168.0.1" )
key_TheaskerWiFi="xxx"
#channel_ath0="3"
config_venet0=("192.168.0.101 netmask 255.255.255.0")
cd /vz/template/cache
wget http://download.openvz.org/template/precreated/contrib/gentoo-openvz-x86-2008.11.30.tar.gz
vzctl create 101 --ostemplate gentoo-openvz-x86-2008.11.30
vzctl set 101 --onboot yes --save
vzctl set 101 --ipadd 192.168.0.101 --save
vzctl set 101 --nameserver 192.168.0.69 --save
vzctl set 101 --hostname host.gentoo1.com --save
vzctl start 101
# vzlist -a
VEID NPROC STATUS IP_ADDR HOSTNAME
101 2 running 192.168.0.101 host.gentoo1.com
# vzctl enter 101
gentoo-openvz-~x86-2008-11-30 / # /etc/init.d/sshd start
* Starting sshd ... [ok]
# exit
logout
exited from VE 101
# ssh root@192.168.0.101
ssh: connect to host 192.168.0.101 port 22: Connection refused |
_________________
"Oigo y olvido. Veo y recuerdo. Hago y comprendo" |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2792
Location: Pittsburgh, PA, USA
|
|
| Back to top |
|
|
Theasker
l33t
Joined: 18 Nov 2006
Posts: 656
Location: Zaragoza (Spain)
|
| Posted: Tue Sep 22, 2009 9:10 pm Post subject: |
|
|
| # ifconfig wrote: | lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:192.168.0.101 P-t-P:192.168.0.101 Bcast:0.0.0.0 Mask:255.255.255.0
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:240 (240.0 B)
|
| # route wrote: | Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 venet0
loopback localhost.local 255.0.0.0 UG 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 2 0 0 venet0
|
| # cat /etc/conf.d/net wrote: | dns_servers_venet0="192.168.0.69"
config_venet0=( "192.168.0.101/24" )
routes_venet0=( "default via 192.168.0.1" )
#routes_venet0=( "-net 192.0.2.0/24" "default via 192.0.2.1" ) |
_________________
"Oigo y olvido. Veo y recuerdo. Hago y comprendo" |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2792
Location: Pittsburgh, PA, USA
|
| Posted: Tue Sep 22, 2009 9:17 pm Post subject: |
|
|
Looks fine.
On the HN (hardware node) edit the /etc/ssh/sshd_config so that the listen address is just the ip address of the host.
Then restart sshd on the HN and guest.
So on my HN
| Code: |
datastore3 ~ # grep Listen /etc/ssh/sshd_config
ListenAddress 192.168.1.33
#ListenAddress ::
|
_________________
John
My gentoo overlay
Instructons for overlay
Last edited by drescherjm on Tue Sep 22, 2009 9:25 pm; edited 2 times in total |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2792
Location: Pittsburgh, PA, USA
|
| Posted: Tue Sep 22, 2009 9:23 pm Post subject: |
|
|
BTW, here is what I have for my kernel config
| Code: | datastore3 ~ # zgrep VZ /proc/config.gz
CONFIG_VZ_FAIRSCHED=y
# OpenVZ
CONFIG_VZ_GENCALLS=y
CONFIG_VZ_DEV=m
CONFIG_VZ_WDOG=m
CONFIG_VZ_CHECKPOINT=m
CONFIG_VZ_QUOTA=m
CONFIG_VZ_QUOTA_UNLOAD=y
CONFIG_VZ_QUOTA_UGID=y
datastore3 ~ # lsmod | grep vz
vznetdev 24072 4
vzrst 122728 0
vzcpt 105592 0
tun 16452 2 vzrst,vzcpt
vzdquota 43508 2 [permanent]
vzmon 29520 5 vznetdev,vzrst,vzcpt
vzdev 7248 3 vznetdev,vzdquota,vzmon
datastore3 ~ # uname -a
Linux datastore3 2.6.27.21-openvz-ext4-new-00011-g36d3faf-dirty #10 SMP Thu Aug 27 04:46:33 EDT 2009 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz GenuineIntel GNU/Linux
|
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Theasker
l33t
Joined: 18 Nov 2006
Posts: 656
Location: Zaragoza (Spain)
|
| Posted: Tue Sep 22, 2009 9:23 pm Post subject: |
|
|
| # nano /etc/ssh/sshd_config wrote: | Port 22
...
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
ListenAddress 192.168.0.69
...
|
| Code: | # /etc/init.d/sshd restart
gentoo-openvz-~x86-2008-11-30 / # ping 192.168.0.101
PING 192.168.0.101 (192.168.0.101) 56(84) bytes of data.
64 bytes from 192.168.0.101: icmp_seq=1 ttl=64 time=0.209 ms
64 bytes from 192.168.0.101: icmp_seq=2 ttl=64 time=0.136 ms
64 bytes from 192.168.0.101: icmp_seq=3 ttl=64 time=0.031 ms
^C
--- 192.168.0.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.031/0.125/0.209/0.073 ms
gentoo-openvz-~x86-2008-11-30 / # ping 192.168.0.69
PING 192.168.0.69 (192.168.0.69) 56(84) bytes of data.
^C
--- 192.168.0.69 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3106ms
gentoo-openvz-~x86-2008-11-30 / # ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
^C
--- 192.168.0.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5011ms
exit
$ ssh root@192.168.0.101
ssh: connect to host 192.168.0.101 port 22: Connection refused |
_________________
"Oigo y olvido. Veo y recuerdo. Hago y comprendo" |
|
| Back to top |
|
|
Theasker
l33t
Joined: 18 Nov 2006
Posts: 656
Location: Zaragoza (Spain)
|
| Posted: Tue Sep 22, 2009 9:26 pm Post subject: |
|
|
| Code: | # cd /usr/src/linux
TheaskerHost linux # zgrep VZ /proc/config.gz
CONFIG_VZ_FAIRSCHED=y
# OpenVZ
CONFIG_VZ_GENCALLS=y
CONFIG_VZ_DEV=y
CONFIG_VZ_WDOG=y
CONFIG_VZ_CHECKPOINT=y
CONFIG_VZ_QUOTA=m
# CONFIG_VZ_QUOTA_UNLOAD is not set
CONFIG_VZ_QUOTA_UGID=y
# lsmod | grep vz
# uname -a
Linux TheaskerHost 2.6.27-openvz-briullov.1-r2 #2 SMP Sat Aug 29 09:17:46 CEST 2009 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz GenuineIntel GNU/Linux |
_________________
"Oigo y olvido. Veo y recuerdo. Hago y comprendo" |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2792
Location: Pittsburgh, PA, USA
|
| Posted: Tue Sep 22, 2009 9:44 pm Post subject: |
|
|
I am not sure of this issue. I can definitely ping from the guest:
| Code: | datastore3 ~ # vzctl enter 200
entered into CT 200
vs_ldap2 / # ping 192.168.1.33
PING 192.168.1.33 (192.168.1.33) 56(84) bytes of data.
64 bytes from 192.168.1.33: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from 192.168.1.33: icmp_seq=2 ttl=64 time=0.025 ms
64 bytes from 192.168.1.33: icmp_seq=3 ttl=64 time=0.026 ms
64 bytes from 192.168.1.33: icmp_seq=4 ttl=64 time=0.024 ms
64 bytes from 192.168.1.33: icmp_seq=5 ttl=64 time=0.008 ms
64 bytes from 192.168.1.33: icmp_seq=6 ttl=64 time=0.009 ms
^C
--- 192.168.1.33 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5002ms
rtt min/avg/max/mdev = 0.008/0.018/0.026/0.008 ms
vs_ldap2 / #
|
Your /etc/init.d/vz is not starting because it wants to load vz modules. I believe if you define MODULES_DISABLED=yes in your /etc/conf.d/vz that the init script will not try to do this and actually start. I have never tested this on any of my openvz machines however.
Are there any failures in your /proc/user_beancounters?
This would be any line with failcnt > 0
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Theasker
l33t
Joined: 18 Nov 2006
Posts: 656
Location: Zaragoza (Spain)
|
| Posted: Wed Sep 23, 2009 8:59 am Post subject: |
|
|
ok, It's disabled
| cat /etc/conf.d/vz wrote: | ...
MODULES_DISABLED=yes
... |
Now start the service, but this option does not load any module, I don't know if they will be required to operate the network
# /etc/init.d/vz start
* Service vz starting
* Service vz started
I think I also have misconfigured network Virtual Machine
Host configuratión
| # cat /etc/conf.d/net wrote: | # Red wireless atheros con madwifi
modules=( "iwconfig" )
iwconfig_wlan0="mode ad-hoc"
essid_ath0="TheaskerWiFi"
config_ath0=( "192.168.0.69/24" )
routes_ath0=( "default via 192.168.0.1" )
key_TheaskerWiFi="xxx"
#channel_ath0="3"
config_venet0=("192.168.0.101 netmask 255.255.255.0") |
| # cat /etc/resolv.conf wrote: | nameserver 195.235.113.3
nameserver 194.143.192.22
|
Virtual Machine configuratión
I do not know how to configure the Virtual Machine Network
| # cat /etc/conf.d/net wrote: | dns_servers_venet0="192.168.0.69"
config_venet0=( "192.168.0.101/32" )
routes_venet0=( "default via 192.168.0.1" )
#routes_venet0=( "-net 192.0.2.0/24" "default via 192.0.2.1" )
|
| # cat /etc/resolv.conf wrote: | # Generated by net-scripts for interface venet0
nameserver 192.168.0.69
|
| Quote: |
# vzctl enter 101
entered into VE 101
# ping -c 2 192.168.0.101
PING 192.168.0.101 (192.168.0.101) 56(84) bytes of data.
64 bytes from 192.168.0.101: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 192.168.0.101: icmp_seq=2 ttl=64 time=0.033 ms
--- 192.168.0.101 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.033/0.049/0.065/0.016 ms
# ping -c 2 192.168.0.69
PING 192.168.0.69 (192.168.0.69) 56(84) bytes of data.
--- 192.168.0.69 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1018ms |
--- === EDIT === ---
If I shut down and restart the virtual machine, change the file /etc/conf.d/net
| # cat /etc/conf.d/net wrote: | # This blank configuration will automatically use DHCP for any net.*
# scripts in /etc/init.d. To create a more complete configuration,
# please review /usr/share/doc/openrc/net.example and save your configuration
# in /etc/conf.d/net (this file :]!).
#dns_servers_venet0="192.168.0.69"
config_venet0=( "192.168.0.101/32" )
routes_venet0=( "-net 192.0.2.0/24" "default via 192.0.2.1" )
#routes_venet0=( "-net 192.0.2.0/24" "default via 192.0.2.1" ) |
_________________
"Oigo y olvido. Veo y recuerdo. Hago y comprendo" |
|
| Back to top |
|
|
|
Networking & Security
