About this list Date view Thread view Subject view Author view Attachment view

From: Thomas Gelf (vserver_at_gelf.net)
Date: Sat 21 Feb 2004 - 18:41:20 GMT


Hi Mark,

I added some comments to the beginning of the script, here they are so
you can easily decide if it is worth to look at the attached code :o)

# WARNING: This script has been changed by Thomas Gelf to meet the
# following requirements:
#
# - static context ids at creation time
# - context based disk limits
# - "advanced" network configuration, meens changing interface name
# (was buggy) and asking for a netmask (util-vserver uses netmask
# from the host servers interface - this didn't work with our
# "bridged-dummy-interface"-solution, as our dummy interface e0 was
# configured 0.0.0.0 promisc
# - IPROOTDEV has been removed (you should replace "eth0" with
# "$INTERFACE" if you change it back. We are using only IPROOT, it
# should be enhanced to support more interfaces and/or ip addresses
# - we added "sched" to S_FLAGS, "fakeinit" was also added statically
# (you should change it back to "$FAKEINIT")
# - we set default nice level 1 for all our vservers - not really
# necessary, change it back
# - we are currently doing some tests with memory limits using ULIMIT
# (please remove our settings)
# - we did cosmetic changes to /etc/fstab, totally unnecessary, change
# it back
# - we have had also changed the created sources.list files, as we are
# using apt-proxy on our host - this has been removed from this
# script as it is too specific and only regards our local solution
# - you can see "MAX_INODES" and "MAX_BLOCKS" in /etc/v../$VHOST.CONF
# these settings have absolutely no effect until you use our patch
# against the vserver shell script in util-vserver v0.28 from Enrico
# - we modified VREBOOT_LOCATION, please change it to the right path
# - we create the halt/reboot/shutdown links in the vservers - the
# links are created from the host server, so the path names seem
# wrong but they are not because the links are symbolic
# - we change all the $VHOST.conf files to mode 600 - in most cases
# not necessary
# - we added some "chattr -t" to prevent problems witch recursive +t
# attributes
# - hopefully I didn't forget to mention something important - just
# run a "diff" to be absolutely sure
#
# USE THIS SCRIPT AT YOUR OWN RISK, as it has been tested on only one
# machine to create something like 150 Vservers during our tests last
# week. We didn't have any problem using it, but we are not responsible
# if it deletes all your data, burns down your house or throws some eggs
# on GWB when he talks bullshit next time :o)
#
# I would like to use this lines to thank my trainee Matthias Wurz for
# his great work on the vserver project during the last two weeks!

In this lines is mentioned a patch to the vserver shell script from
Enrico Scholz, it is also attached to this mail. This patch is a
quick-and-dirty solution and requires perl to be installed on the host
server. it should be no problem to realize it without perl. this patch
allows the easy use of context-based disk limits and does nothing if
"MAX_INODES" and "MAX_BLOCKS" are not set in the vservers *.conf file.

There is still much work to be done, at the moment there are no
commandline parameters for $VROOTDISK, $MAX_INODES and $MAX_BLOCKS.
calculation of used inodes is done in a very stupid way and calculation
of used blocks matches kilobytes and not blocks.

Nonetheless the solution is easy, reboot-proof and works fine for us.

At the moment we are testing the vproc utils, we would like to create
a script that permits to use them in the "deny all permit xyz"-way as
we learned it in the firewall tutorials :) we are trying to find out
wich proc entrys are really needed inside a vserver - if someone has
done this before: we would appreciate any help.

Kind regards,
Thomas

Am Sam, den 21.02.2004 schrieb Mark Lawrence um 15:54:
> Hi Thomas,
>
> I would be keen to do an update to the newvserver script. If you don't
> mind sending me the changes you have made, regardless of the state they
> are in, I will make an effort to include as relevant...
>
> Cheers, Mark.

-- 
Thomas Gelf <vserver_at_gelf.net>

--- /root/tools/util-vserver-0.28/scripts/vserver Thu Jan 22 17:15:59 2004
+++ vserver Sat Feb 21 23:03:21 2004
@@ -34,6 +34,9 @@
 CHCONTEXT_CMD=$USR_SBIN/chcontext
 SAVE_S_CONTEXT_CMD=$USR_LIB_VSERVER/save_s_context
 CAPCHROOT_CMD=$USR_LIB_VSERVER/capchroot
+CQHADD_CMD=$USR_SBIN/cqhadd
+CQDLIM_CMD=$USR_SBIN/cqdlim
+CQHREM_CMD=$USR_SBIN/cqhrem
 VSERVERKILLALL_CMD=$USR_LIB_VSERVER/vserverkillall
 DEFAULTPATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin
 
@@ -448,6 +451,15 @@
                 S_NICE=
                 S_FLAGS=
                 . /etc/vservers/$1.conf
+
+ # Disk Limit by Thomas Gelf & Matthias Wurz
+ if [ $MAX_INODES != "" -a $MAX_BLOCKS != "" ]; then
+ USED_BLOCKS=`du -sk $VROOTDIR/$1 2>/dev/null | perl -e "while(<>) { s/\s+.*$//s; print; }"`
+ USED_INODES=`du -a $VROOTDIR/$1 2>/dev/null | wc -l | perl -e "while(<>) { s/\s+//g; print; }"`
+ $CQHADD_CMD -x $S_CONTEXT -v $VROOTDISK
+ $CQDLIM_CMD -x $S_CONTEXT -S $USED_INODES,$MAX_INODES,$USED_BLOCKS,$MAX_BLOCKS,0 -v $VROOTDISK
+ fi
+
                 export PROFILE
                 ifconfig_iproot $1
                 cd $VROOTDIR/$1 || exit 1
@@ -647,6 +659,12 @@
         # but when you exit, the server is considered not running
         umountproc $VROOTDIR/$1
         cd /
+
+ # Disk Limit by Thomas Gelf & Matthias Wurz
+ if [ $MAX_INODES != "" -a $MAX_BLOCKS != "" ]; then
+ $CQHREM_CMD -x $S_CONTEXT -v $VROOTDISK
+ fi
+
         test -x /etc/vservers/$1.sh && /etc/vservers/$1.sh post-stop $1
         ifconfig_iproot_off $1
 elif [ "$2" = "restart" ] ; then


_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 21 Feb 2004 - 18:41:23 GMT by hypermail 2.1.3