vserver 0.22 changes log

vserver 0.22 changes log

previous versions: 0.21
Change log index

Enhancements

kernel 2.4.19ctx-15

A new kernel patch is available. It tool some time to achieve/debug (another tcp_tw_bucket issue, like ctx-9). Here are the features:

I have not done any benchmark with the new bind(any) stuff. It might be a little slower. Potentially not visible. Comments welcome.

newvserver: Excluded directories

When building a new vserver out of another, you can exclude few directories. Only the directory structure will be copied. By default, newvserver exclude /var/log, /var/run and /var/spool/mail.

There is a TAB in the form to enter up to 4 directories to exclude.

newvserver: sshd cleanup

When cloning a vserver, you may want to reset the sshd private keys so new ones are generated. A check-box is now provided to handle that. It is on by default.

This avoids having all your vserver ending with the same sshd private keys...

Per IP netmask

The IPROOT entry in the vserver configuration file now support one netmask per entry. The complete syntax is

IPROOT="[device:]ip[/netmask] ..."

where stuff in square bracket is optional.

server run-level

A vserver does not use its own init process unless fakeinit is used. Normally /sbin/init writes into /var/run/utmp to record the current run-level and some tools are using that.

Now even if you are not using fakeinit, /var/run/utmp is properly initialized with the proper runlevel (as found in /etc/inittab).

vbuild: new --excldir option

When using vbuild to clone a vserver, you can use the --excldir option repeatedly to exclude some files. The directory structure is duplicated, but no file is copied. This is used by newvserver.

vrpm: No unification is /var/log

When using the --unify, the /var/log directory is excluded. Some packages are owning files there and are not tagged as configuration file (which is fair). Unifying those files is creating problems.

This problem was specific to /var/log (and everything under) as far as I can see, so this is hard-coded in the vrpm script.

vserver profiles

It is sometime useful to operate a vserver with some settings and then operate it with different settings. A setting is called a profile and covers the S_HOSTNAME, IPROOT and IPROOTDEV.

There are two ways to select a profile:

Once you have started a vserver with a given profile, it is stored in the /var/run/vserver/XX.ctx file, so you can enter and stop the vserver using the active profile, even if you have changed the profile value in the configuration file.

The newvserver tool has been modified so you can immediately enter the second profile value. By default, one profile is called prod and the other is called backup.

vservers may be used as a fail-over strategy where whole servers may be switched on and off on the fly. Now one may use some synchronization tool (rsync ?) to make sure the backup is up to date. Sometime, it is not enough and you wish to maintain the backup in sync with the production vserver in real-time or almost. To perform that, you need to enable the backup server, but you can't do that unless you provide different network setting (avoid having two vserver running with the same IP). So the profile concept was introduced.

When starting a vserver using a given profile, the environment variable PROFILE is defined so you can perform various action such as exchanging key configuration file, starting services differently and so on.

Linuxconf users may want to enable the switchprofile pseudo service (available lately) to switch between different configuration file set.

vserver: empty IPROOT

When a vserver must run with the same IP as the root server, the trick was to set IPROOT=0.0.0.0. Now setting an empty IPROOT is equivalent (and more intuitive).

Bug fixes

vserver: setting resources when using enter or exec

The vserver was not setting the ulimit resources when performing an "enter" or "exec" command. Fixed!