From Fedora Project Wiki

No edit summary
No edit summary
Line 27: Line 27:
# Install: <code>yum install vzctl</code>
# Install: <code>yum install vzctl</code>
# Prepare sysctl settings for network:
# Prepare sysctl settings for network:
## <code>sysctl net.ipv4.ip_forward=1</code>
## <code>sysctl net.ipv4.ip_forward=1</code>
## <code>sysctl net.ipv4.ip_forward=1</code>
## <code>sysctl net.ipv4.conf.default.proxy_arp=0</code>
## <code>sysctl net.ipv4.conf.default.proxy_arp=0</code>

Revision as of 12:08, 22 July 2013


Description

Basic tests for OpenVZ Linux Containers and Checkpoint/Restore In Userspace (CRIU)

Known issues

  • Problems with SELinux
    • In version 4.4 we introduced new script for disable SELinux /usr/libexec/vzctl/scripts/vz-postinstall
  • Random system freezes
  • Kernel older or equal 3.10
    • You shall execute vzctl exec 101 killall udevd

4.3.1 specific

  • Doesn't work vzctl exec 101 ps axf (proc is not mounted)
  • criu: command not found
    • yum install crtools (Patch sent to maintainers)
  • Doesn't work vzctl restore 101 (VE_VETH_DEVS failure)

Bug Reports

  • If something went wrong you can see dump.log in /var/lib/vz/dump/Dump.101.fail/ and send bugreport.
  • For bugreport you shall create archive dump and attach to BZ. Create archive (as root):

cd /var/lib/vz/dump/Dump.101.fail/ && tar -cJf /Dump.101.fail.tar.xz *

  • For problems with ethernet you shall send to us ip addr; ip route from host and guest in two files.
  • New bug

Setup

  1. Open terminal
  2. Switch to root user: su -
  3. Install: yum install vzctl
  4. Prepare sysctl settings for network:
    1. sysctl net.ipv4.ip_forward=1
    2. sysctl net.ipv4.conf.default.proxy_arp=0
    3. sysctl net.ipv4.conf.all.rp_filter=1
    4. sysctl net.ipv4.conf.default.send_redirects=1
    5. sysctl net.ipv4.conf.all.send_redirects=0

How to test

  1. Create new container: vzctl create 101 --ostemplate centos-6-x86_64
  2. Start container: vzctl start 101
  3. Add network interface in container: vzctl set 101 --netif_add em1
  4. Exec ps in container: vzctl exec 101 ps axf
  5. Enter to container: vzctl enter 101
  6. Enable network intarface: ip link set em1 up
  7. Assign ip address to interface: ip addr add 192.168.50.240/24 dev em1
  8. Add route for interface: ip route add default via 192.168.50.254 dev em1
  9. Exec ps in container directly: ps axf
  10. Exit from container: logout
  11. Enable virtual net interface: ip link set veth101.1 up
  12. Add route for virtual net interface: ip route add 192.168.50.240/32 dev veth101.1
  13. Suspend container: vzctl suspend 101
  14. Restore container: vzctl restore 101 or vzctl resume 101
  15. Enter to container: vzctl enter 101
  16. Test network: ping -c 3 192.168.50.254
  17. Exit from container: logout
  18. Stop container: vzctl stop 101

Expected Results

The following must be true to consider this a successful test run. Be brief ... but explicit.

  1. All steps completes without error
  2. Steps #4, #9 shows the same. Like this:
Directory /proc/vz not found, assuming non-OpenVZ kernel
  PID TTY      STAT   TIME COMMAND
  551 pts/0    R+     0:00 ps axf
    1 ?        Ss     0:00 init
   59 ?        S<s    0:00 /sbin/udevd -d
  299 ?        S<     0:00  \_ /sbin/udevd -d
  459 ?        Sl     0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
  488 ?        Ss     0:00 /usr/sbin/sshd
  495 ?        Ss     0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
  502 ?        Ss     0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
  503 ?        S      0:00  \_ /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
  518 ?        Ss     0:00 sendmail: accepting connections
  526 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
  534 ?        Ss     0:00 /usr/sbin/httpd
  537 ?        S      0:00  \_ /usr/sbin/httpd
  542 ?        Ss     0:00 crond

Optional

In network tests I've used two IPs, em1 network interface. More details about them:

  • 192.168.50.240 - free IP from my subnet
  • 192.168.50.254 - default gw for my subnet
  • em1 - my work ethernet interface