From: Oliver Welter (mail_at_oliwel.de)
Date: Sun 28 Nov 2004 - 15:21:22 GMT

Hi Lars,

> How do I manage firewall/iptables per vserver?
> Do I install it on every vserver, og is it possible to install on the host
> server? What solution is the easiest to maintain?

As ip filtering is done by the kernel, as a vserver does not have a
kernel you must do it on the main host. Normally you dont allow your
vServers accessing the filtering rules because they can afecct the
network of the whole maschine

> How do I manage replicating when a MySQL is also running inside a vserver?
> You cannot replicate MySQL by using rsync, so the vserver has to be "on" to
> use MySQL internal replication feature.
OUCH - you should NEVER replicate a running mySQL with rsync...MySQL has
a built in replication feature that works via network - use this

> Normally I setup MySQL on localhost for services on the server that need
> access to a database.
> Is it better to do external MySQL requests to another vserver only running
> MySQL and then setup a MySQL slave inside a secondary vserver replicating the
> first MySQL-only vserver?

A replicated MySQL Server can be access read-only, connect to the server
as it where external (via IP) or create a hardlink from the vServer to
the socket-file (havent tried it out but should work...)

> Some like this:
> Apache vserver <-> MySQL master vserver -> MySQL slave vserver
> Is this a good solution, I seem to remember that MySQL requests are slow when
> going through TCP layer and not a socket (on localhost)?

I think that it is not that mich slower....


