From: Chris Wilson (chris_at_netservers.co.uk)
Date: Thu 15 Apr 2004 - 12:27:17 BST
Hi all,
I'm afraid I'm a bit of a newbie at this, having just installed the
vserver patches, and not read much of the documentation yet, so I
apologise if this is a stupid question or a FAQ. I had a brief look at the
mailing list archives but they weren't searchable so I couldn't find
anything in a reasonable amount of time. Have you considered using MARC to
archive messages? (http://marc.theaimsgroup.com)
I have three virtual machines on a vserver, call them A, B and C.
Yesterday I wanted to add an IP address to A. So I added it to the end of
the IPROOT line in /etc/vservers/A.conf, and entered the vserver. I
noticed that my existing processes couldn't see the address, although the
new ones could, which I was half-expecting, so I restarted the vserver.
Then I got an effect I wasn't expecting. None of the addresses on A
were pingable from outside! The machine simply didn't respond to ARPs for
them. I checked the routing table and discovered that I was missing a
route to the IP address which was the source of the ARPs, but even after I
fixed this, I was still not getting any response.
Then I changed the order of the addresses in the IPROOT line, hoping that
I could get at least one of them working, and restarted the virtual
machine, and suddenly they all started working again!
But, having done that, I discovered this morning that another virtual
machine, B, had similarly lost Internet access, at around the same time
yesterday as I shut down A. I hadn't touched B at all. I ran "vserver B
enter" and suddenly B's addresses started working again!
Virtual machine C, on the other hand, was completely unaffected by all
this and worked fine the whole time!
Does anyone have any ideas that could explain this bizarre behaviour? How
is it that a machine can have an address configured, and not respond to
ARPs for it, when it has a route to the source of the ARPs? There are no
netfilter iptables rules, or strange routing configuration on this
machine. It has just a single network interface with two subnets on it.
Any advice you can give me would be greatly appreciated.
I'm using the Vserver patch version 1.27 on kernel 2.4.25, and
util-vserver-0.29.3-0 RPM, unmodified.
By the way, when shutting down a vserver I get lots of errors about being
unable to unmount various filesystems in other vservers, such as /proc. It
doesn't seem to cause a problem, but it's a bit worrying, and slows down
the shutdown process a lot. Is there a workaround for this?
Cheers, Chris.
-- _ __ __ _ / __/ / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \__/_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver