Re: [vserver] Understanding localhost:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] Understanding localhost

From: John A. Sullivan III <jsullivan_at_opensourcedevel.com>
Date: Fri 01 May 2009 - 12:24:50 BST
Message-Id: <1241177090.6353.13.camel@jaspav.missionsit.net.missionsit.net>

On Fri, 2009-05-01 at 04:48 -0400, John A. Sullivan III wrote:
> Hello, all. I'd like to confirm that I understand the way vserver 2.3
> is handling localhost and the loopback address.
>
> Am I correct to understand that, unlike earlier version, the default
> kernel compilation makes it safe to use 127.0.0.1 on a guest? That is,
> each one is uniquely mapped and does not interfere with the host
> listening in 127.0.0.1? We can thus set our /etc/hosts files to use:
> 127.0.0.1 localhost localhost.localdomain etc . . .?
>
> However, is it also true that daemon bindings to localhost will still be
> made to the address in /etc/vservers/<guest>/interfaces/0 and will not
> include 127.0.0.1 unless explicitly bound?
>
> I ask because we were delighted to realize we could simplify our zimbra
> installation by leaving /etc/hosts at 127.0.0.1 for localhost. We then
> started retrofitting our other servers to do the same. Some of our
> servers communicate with sshd on 127.0.0.1. We had changed the
> configuration files to bind them to the non-loopback address, e.g.,
> 192.168.1.10 because of our old understanding of 127.0.0.1. We also
> changed sshd_config by removing the ListenAddress 192.168.1.10 so that
> it goes back to the default of binding to all interfaces.
>
> This broke those applications. When we do a netstat -tln on the vserver
> guests, it shows sshd listening only on 192.168.1.10 (as an example) and
> not 0.0.0.0. That's fine and we can accommodate it by leaving our
> settings as they were but I wanted to make sure I hadn't missed
> something. Thanks - John
Hmm . . . we're noticing this showing up in our Zimbra installation,
too. It all went splendidly well despite the hard coded installation
routine use of 127.0.0.1. However, when it tried to access its java
engine on localhost, it failed. It looks like almost all (but not quite
all) services are bound to the non-loopback IP address. I'm getting
ready to change the localhost entry back to the non-loopback address now
that the installation is complete but thought I had better check with
the more knowledgeable folks on the list. Thanks - John 

-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
Received on Fri May 1 12:24:42 2009
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 01 May 2009 - 12:24:45 BST by hypermail 2.1.8