Created attachment 223963 [details]
vserver patches archive

Created attachment 223965 [details]
Linux Vserver sources for 2.6.33 and vs2.3.0.36.30.3 patchset

Added hollow to CC

Comment 4 Benedikt Böhm (RETIRED) 2010-03-17 07:33:40 UTC

did you encounter the following problem while testing 2.6.33? http://list.linux-vserver.org/archive?mss:3633:201003:mjpjeilcfnfaepfcnddb

Nope, I didn't. Everything seems to work.

Let me sumarize what SW components I use for testing (maybe it helps):

- Host:
=======

1. Gentoo Linux with default/linux/amd64/10.0 profile

2. Linux kernel 2.6.33 with gentoo patchset (see sys-kernel/gentoo-sources-2.6.33) and the vserver patch from http://vserver.13thfloor.at/Experimental/patch-2.6.33-vs2.3.0.36.30.3.diff (packed into vserver-patches-2.6.33_2.3.0.36.30.3.tar.bz2 to stick with gentoo kernel patch mechanism). Let me emphasize that NO CHANGES IN SOURCES (neither in stock kernel nor in patches) WERE MADE BY ME.

3. Furthermore, I use this "core system" software:
   - sys-apps/baselayout-2.0.1
   - sys-apps/openrc-0.6.0-r1
   - sys-fs/udev-149

4. I use the attached kernel configuration (see kernel-config-x86_64-2.6.33-vs2.3.0.36.30.3)

5. Vserver utils: sys-cluster/util-vserver-0.30.216_pre2864

6. cat /etc/portage/package.keywords (to get an overview of what is used from masked):
app-crypt/ccid ~amd64
app-emulation/emul-linux-x86-baselibs
app-emulation/emul-linux-x86-compat
app-emulation/emul-linux-x86-gtklibs
app-emulation/emul-linux-x86-medialibs
app-emulation/emul-linux-x86-sdl
app-emulation/emul-linux-x86-soundlibs
app-emulation/emul-linux-x86-xlibs
=app-emulation/virtualbox-bin-3.1.4* ~amd64
=app-emulation/virtualbox-modules-3.1.4* ~amd64
app-emulation/wine ~amd64
=app-text/acroread-9.1* ~amd64
app-text/pdftk ~amd64
dev-db/pysql ~amd64
dev-libs/opensc ~amd64
dev-python/cx-oracle ~amd64
=dev-util/kbuild-0.1.5* ~amd64
media-gfx/picasa ~amd64
media-gfx/rawstudio ~amd64
net-wireless/iwl3945-ucode ~amd64
=net-wireless/wpa_supplicant-0.6.9* ~amd64
sys-apps/baselayout ~amd64
sys-apps/openrc ~amd64
sys-apps/pcsc-lite ~amd64
=sys-apps/sysvinit-2.87* ~amd64
sys-cluster/util-vserver ~amd64
=sys-fs/cryptsetup-1.0.7* ~amd64
>=sys-fs/lvm2-2.02.56-r1 ~amd64
=sys-kernel/gentoo-sources-2.6.32* ~amd64
sys-kernel/vserver-sources ~amd64
www-apache/mod_wsgi ~amd64
x11-wm/fluxbox ~amd64


- Guests:
=========

I've created the template from stage3, that can be found on mirrors (for example: http://www.gentoo.sk/pub/releases/amd64/current-stage3/hardened/).
Here is the info from within the "RAW" guest template (only package.use varies among guests)

1. emerge --info

Portage 2.1.7.17 (hardened/linux/amd64/10.0/no-multilib, gcc-4.3.4, glibc-2.10.1-r1, 2.6.33-vs2.3.0.36.30.3 x86_64)
=================================================================
System uname: Linux-2.6.33-vs2.3.0.36.30.3-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T7300_@_2.00GHz-with-gentoo-2.0.0
Timestamp of tree: Sun, 14 Mar 2010 11:15:03 +0000
app-shells/bash:     4.0_p35
dev-lang/python:     2.6.4-r1
sys-apps/baselayout: 2.0.0
sys-apps/openrc:     0.6.0-r1
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.63-r1
sys-devel/automake:  1.10.3
sys-devel/binutils:  2.18-r3
sys-devel/gcc:       4.3.4
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -fomit-frame-pointer -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -O2 -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests distlocks fixpackages news nodoc noinfo noman parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
GENTOO_MIRRORS="http://mirror.gentoo.sk/pub ftp://gentoo.mirror.web4u.cz/ http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="acl amd64 bash-completion berkdb bzip2 cli cracklib crypt cups cxx dri gdbm hardened iconv justify minimal mmx modules mudflap ncurses nls nptl nptlonly openmp pam pcre pic pppd readline reflection session spl sse sse2 sysfs tcpd vim-syntax xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="alias authz_host authz_owner authz_user autoindex dir env ext_filter         filter info log_config logio mime mime_magic negotiation rewrite setenvif status      unique_id userdir vhost_alias auth_digest" APACHE2_MPMS="worker" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

2. cat /etc/portage/package.keywords 
# baselayout-2/openrc stuff
=sys-apps/makedev-3.23.1 ~amd64
sys-apps/openrc ~amd64
~sys-apps/baselayout-2.0.0 ~amd64
~sys-fs/udev-141 ~amd64
=sys-apps/sysvinit-2.86-r12 ~amd64

3. cat /etc/portage/package.unmask 
# we want portage-2.2
#=sys-apps/portage-2.2*

4. cat /etc/portage/package.use 
app-editors/vim -minimal
dev-lang/python ssl
dev-libs/libxml2 python
net-misc/wget ssl
sys-devel/gcc fortran
sys-libs/cracklib python
sys-libs/glibc glibc-omitfp
sys-process/vixie-cron -pam

Note that I also tried to build debian guest to check the hashify feature, works out of the box.

- Vserver configuration
=======================

Only things added into /etc/vserver/<vsX>:

1. ls -la /etc/vservers/ldap01/cgroup/
total 24
drwx------ 2 root root 4096 Mar 16 21:34 ./
drwx------ 7 root root 4096 Mar 16 21:37 ../
-rw------- 1 root root    4 Mar 16 20:59 cpu.shares
-rw------- 1 root root    2 Mar  9 22:40 cpuset.cpus
-rw------- 1 root root    5 Mar 16 21:25 memory.limit_in_bytes
-rw------- 1 root root    5 Mar 16 16:35 memory.memsw.limit_in_bytes

2. cat /etc/vservers/ldap01/cflags 
hideinfo
hide_vinfo
#hide_mount
virt_mem
virt_uptime
virt_cpu
virt_load

- Using cgroups:
================

If omitted, CGROUP based limit enforcement does not take place, however, the guest are runable.

1. mkdir /lib/udev/devices/cgroup (make it persistent across reboots)

2. mount -t cgroup none /dev/cgroup -o cpu,cpuset,memory,cpuacct,devices,freezer


- Creating guests
=================

vserver <VS_X> build -m clone 
  --context <XID> \
  --hostname <hostname> \
  --interface <iface:ip/net_bits> \
  --initstyle gentoo \
  -- -d gentoo --source /vservers/<LIVING_VS_TPL>

Note, that this guest will be actually copied not cloned using hashes (debian guest will uses hashes and COW links if the LIVING_VS_TPL is hashified).


I was rather long, but maybe helpfull :)

Created attachment 223981 [details]
Vserver-enabled kernel configuration for Dell Latitude d630

Comment 7 Benedikt Böhm (RETIRED) 2010-04-04 06:41:25 UTC

in cvs now, thanks for testing