From Fedora Project Wiki

No edit summary
No edit summary
Line 28: Line 28:
# Install: <code>yum install vzctl</code>
# Install: <code>yum install vzctl</code>
# Prepare sysctl settings for network:
# Prepare sysctl settings for network:
## <code>sysctl net.ipv4.ip_forward=1</code>
## <code>sysctl -w net.ipv4.ip_forward=1</code>
## <code>sysctl net.ipv4.conf.default.proxy_arp=0</code>
## <code>sysctl -w net.ipv4.conf.default.proxy_arp=0</code>
## <code>sysctl net.ipv4.conf.all.rp_filter=1</code>
## <code>sysctl -w net.ipv4.conf.all.rp_filter=1</code>
## <code>sysctl net.ipv4.conf.default.send_redirects=1</code>
## <code>sysctl -w net.ipv4.conf.default.send_redirects=1</code>
## <code>sysctl net.ipv4.conf.all.send_redirects=0</code>
## <code>sysctl -w net.ipv4.conf.all.send_redirects=0</code>
|actions=
|actions=
# Create new container: <code>vzctl create 101 --ostemplate centos-6-x86_64</code>
# Create new container: <code>vzctl create 101 --ostemplate centos-6-x86_64</code>
Line 54: Line 54:
|results=
|results=
The following must be true to consider this a successful test run. Be brief ... but explicit.  
The following must be true to consider this a successful test run. Be brief ... but explicit.  
# All steps completes without error
* All steps completes without error
# Steps #4, #9 shows the same. Like this:
* Steps #4, #9 shows the same. Like this:
<pre>
<pre>
Directory /proc/vz not found, assuming non-OpenVZ kernel
Directory /proc/vz not found, assuming non-OpenVZ kernel
Line 73: Line 73:
   537 ?        S      0:00  \_ /usr/sbin/httpd
   537 ?        S      0:00  \_ /usr/sbin/httpd
   542 ?        Ss    0:00 crond
   542 ?        Ss    0:00 crond
</pre>
* #16 step shows like this:
<pre>
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=23.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=23.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=23.8 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 23.104/23.544/23.856/0.343 ms
</pre>
</pre>
|optional=
|optional=
Line 79: Line 90:
* 192.168.50.254 - default gw for my subnet
* 192.168.50.254 - default gw for my subnet
* em1 - my work ethernet interface
* em1 - my work ethernet interface
}}
}}

Revision as of 12:16, 22 July 2013


Description

Basic tests for OpenVZ Linux Containers and Checkpoint/Restore In Userspace (CRIU)

Known issues

  • Problems with SELinux
    • Temporary fix: setenforce 0
    • In version 4.4 we introduced new script for disable SELinux /usr/libexec/vzctl/scripts/vz-postinstall
  • Random system freezes
  • Kernel older or equal 3.10
    • You shall execute vzctl exec 101 killall udevd

4.3.1 specific

  • Doesn't work vzctl exec 101 ps axf (proc is not mounted)
  • criu: command not found
    • yum install crtools (Patch sent to maintainers)
  • Doesn't work vzctl restore 101 (VE_VETH_DEVS failure)

Bug Reports

  • If something went wrong you can see dump.log in /var/lib/vz/dump/Dump.101.fail/ and send bugreport.
  • For bugreport you shall create archive dump and attach to BZ. Create archive (as root):

cd /var/lib/vz/dump/Dump.101.fail/ && tar -cJf /Dump.101.fail.tar.xz *

  • For problems with ethernet you shall send to us ip addr; ip route from host and guest in two files.
  • New bug

Setup

  1. Open terminal
  2. Switch to root user: su -
  3. Install: yum install vzctl
  4. Prepare sysctl settings for network:
    1. sysctl -w net.ipv4.ip_forward=1
    2. sysctl -w net.ipv4.conf.default.proxy_arp=0
    3. sysctl -w net.ipv4.conf.all.rp_filter=1
    4. sysctl -w net.ipv4.conf.default.send_redirects=1
    5. sysctl -w net.ipv4.conf.all.send_redirects=0

How to test

  1. Create new container: vzctl create 101 --ostemplate centos-6-x86_64
  2. Start container: vzctl start 101
  3. Add network interface in container: vzctl set 101 --netif_add em1
  4. Exec ps in container: vzctl exec 101 ps axf
  5. Enter to container: vzctl enter 101
  6. Enable network intarface: ip link set em1 up
  7. Assign ip address to interface: ip addr add 192.168.50.240/24 dev em1
  8. Add route for interface: ip route add default via 192.168.50.254 dev em1
  9. Exec ps in container directly: ps axf
  10. Exit from container: logout
  11. Enable virtual net interface: ip link set veth101.1 up
  12. Add route for virtual net interface: ip route add 192.168.50.240/32 dev veth101.1
  13. Suspend container: vzctl suspend 101
  14. Restore container: vzctl restore 101 or vzctl resume 101
  15. Enter to container: vzctl enter 101
  16. Test network: ping -c 3 192.168.50.254
  17. Exit from container: logout
  18. Stop container: vzctl stop 101

Expected Results

The following must be true to consider this a successful test run. Be brief ... but explicit.

  • All steps completes without error
  • Steps #4, #9 shows the same. Like this:
Directory /proc/vz not found, assuming non-OpenVZ kernel
  PID TTY      STAT   TIME COMMAND
  551 pts/0    R+     0:00 ps axf
    1 ?        Ss     0:00 init
   59 ?        S<s    0:00 /sbin/udevd -d
  299 ?        S<     0:00  \_ /sbin/udevd -d
  459 ?        Sl     0:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
  488 ?        Ss     0:00 /usr/sbin/sshd
  495 ?        Ss     0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
  502 ?        Ss     0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
  503 ?        S      0:00  \_ /usr/sbin/saslauthd -m /var/run/saslauthd -a pam -n 2
  518 ?        Ss     0:00 sendmail: accepting connections
  526 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
  534 ?        Ss     0:00 /usr/sbin/httpd
  537 ?        S      0:00  \_ /usr/sbin/httpd
  542 ?        Ss     0:00 crond
  • #16 step shows like this:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=23.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=23.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=23.8 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 23.104/23.544/23.856/0.343 ms

Optional

In network tests I've used two IPs, em1 network interface. More details about them:

  • 192.168.50.240 - free IP from my subnet
  • 192.168.50.254 - default gw for my subnet
  • em1 - my work ethernet interface