Re: [vserver] Understanding localhost

From: John A. Sullivan III <jsullivan_at_opensourcedevel.com>
Date: Fri 01 May 2009 - 14:19:32 BST
Message-Id: <1241183972.6353.30.camel@jaspav.missionsit.net.missionsit.net>

On Fri, 2009-05-01 at 07:24 -0400, John A. Sullivan III wrote:
> On Fri, 2009-05-01 at 04:48 -0400, John A. Sullivan III wrote:
> > Hello, all. I'd like to confirm that I understand the way vserver 2.3
> > is handling localhost and the loopback address.
> >
> > Am I correct to understand that, unlike earlier version, the default
> > kernel compilation makes it safe to use 127.0.0.1 on a guest? That is,
> > each one is uniquely mapped and does not interfere with the host
> > listening in 127.0.0.1? We can thus set our /etc/hosts files to use:
> > 127.0.0.1 localhost localhost.localdomain etc . . .?
> >
> > However, is it also true that daemon bindings to localhost will still be
> > made to the address in /etc/vservers/<guest>/interfaces/0 and will not
> > include 127.0.0.1 unless explicitly bound?
> >
> > I ask because we were delighted to realize we could simplify our zimbra
> > installation by leaving /etc/hosts at 127.0.0.1 for localhost. We then
> > started retrofitting our other servers to do the same. Some of our
> > servers communicate with sshd on 127.0.0.1. We had changed the
> > configuration files to bind them to the non-loopback address, e.g.,
> > 192.168.1.10 because of our old understanding of 127.0.0.1. We also
> > changed sshd_config by removing the ListenAddress 192.168.1.10 so that
> > it goes back to the default of binding to all interfaces.
> >
> > This broke those applications. When we do a netstat -tln on the vserver
> > guests, it shows sshd listening only on 192.168.1.10 (as an example) and
> > not 0.0.0.0. That's fine and we can accommodate it by leaving our
> > settings as they were but I wanted to make sure I hadn't missed
> > something. Thanks - John
> Hmm . . . we're noticing this showing up in our Zimbra installation,
> too. It all went splendidly well despite the hard coded installation
> routine use of 127.0.0.1. However, when it tried to access its java
> engine on localhost, it failed. It looks like almost all (but not quite
> all) services are bound to the non-loopback IP address. I'm getting
> ready to change the localhost entry back to the non-loopback address now
> that the installation is complete but thought I had better check with
> the more knowledgeable folks on the list. Thanks - John
As a follow up to anyone integrating vserver and zimbra, I deleted the
entire vserver guest and started over. This time, I use an /etc/hosts
file with:
        127.0.0.1 localhost.localdomain localhost
        192.168.x.x guestname.domain guestname
There were still a few glitches in the installation such as needing a
symbolic link named /etc/syslog.conf to /etc/rsyslog.conf - nothing to
do with vserver.
As expected, the calls to build the documentation via the java engine
failed but the installation was successful.
I then stopped the vserver and edited the guest's /etc/hosts to now
read:
192.168.x.x localhost.localdomain localhost guestname.domain guestname
The system now starts without error. I was able to manually create the
documentation and all services are bound to 192.168.x.x except 10024
which is, I believe, amavisd and can be fixed in the config file if it
turns into a problem.

However, this seems a little more convoluted than what I've seen posted
elsewhere. That's why I'm wondering if I've done something wrong.
Thanks - John

-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com
http://www.spiritualoutreach.com
Making Christianity intelligible to secular society
Received on Fri May 1 14:19:27 2009
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 01 May 2009 - 14:19:31 BST by hypermail 2.1.8