Difference between revisions of "Miscellaneous openVZ notes"
m |
m |
||
| Line 54: | Line 54: | ||
= | =Finding container for a given base machine process= | ||
Command '<tt>pstree -pun | less</tt>' on base machine can help in seeing process tree of all containers which includes all container inits and their childrens. This can help in finding | Command '<tt>pstree -pun | less</tt>' on base machine can help in seeing process tree of all containers which includes all container inits and their childrens. This can help in finding process id of init of container under which given process has been started. Once init process id for given container is known, container ID can be determined using: | ||
<pre> | <pre> | ||
lsof 2>&1 | grep <init-pid> | grep -v lsof | lsof 2>&1 | grep <init-pid> | grep -v lsof | ||
Revision as of 03:48, 19 May 2014
<yambe:breadcrumb>OpenvZ</yambe:breadcrumb>
Miscellaneous openVZ notes
Enabling iptables modules for container
Note use of --iptables is deprecated in latest openVZ. iptables can be enabled using:
vzctl set <ctid> --netfilter full
The new setup also disables connection tracking in base machine. This can be re-enabled by editing '/etc/modprobe.d/openvz.conf' and change the line to:
options nf_conntrack ip_conntrack_disable_ve0=0
Source NAT for containers using base machine
Source NAT for containers can be done using base machine to provide LAN/Internet access to container without requiring an additional IP or exposing the container to outside world. To NAT outgoing connections from container use:
iptables -t nat -I POSTROUTING -s <container-private-IP> -o <exit-interface> -j SNAT --to-source <container-ip>
Enabling tun/tap devices for container
To enable tun/tap devices for container (to use container as VPN server) use following steps:
- Use following commands with appropriate CID on base machine
- vzctl set <CID> --devnodes net/tun:rw --save
- vzctl set <CID> --devices c:10:200:rw --save
- vzctl set <CID> --capability net_admin:on --save
- Use following commands as root user inside container
- mkdir -p /dev/net
- mknod /dev/net/tun c 10 200
- chmod 600 /dev/net/tun
- Restart container
Correcting time-zone used in container
If the container image in use is configured for different time-zone then time-zone can be corrected using something like:
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Kolkata /etc/localtime
Finding container for a given base machine process
Command 'pstree -pun | less' on base machine can help in seeing process tree of all containers which includes all container inits and their childrens. This can help in finding process id of init of container under which given process has been started. Once init process id for given container is known, container ID can be determined using:
lsof 2>&1 | grep <init-pid> | grep -v lsof
so that various files used by that process in base machine can be listed. Now if the given process has opened /vz/root/<CID>/dev/null file then it means it is init process of <CID> container.
Detecting if current machine or VM or container is using openVZ
To check if current host is using openVZ use following command as root user:
cat /proc/1/status | grep envID
If value is present and is 0 then openVZ is being used and the command was run on base host. Any other envID indicates CTID of the container being used.
Learned from http://christian.hofstaedtler.name/blog/2008/10/detecting-openvz.html
Changing VE_LAYOUT from ploop to simfs
Latest openVZ installations have default VE_LAYOUT as ploop instead of older simfs. If this is not desired then edit '/etc/vz/vz,conf' and set
VE_LAYOUT=simfs
If ploop is desired then ploop package must be installed.
<yambe:breadcrumb>OpenvZ</yambe:breadcrumb>
