User Tools
docs:vserver
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
docs:vserver [2013-07-06 18:35] glen [Running auditd inside guest] |
docs:vserver [2013-11-26 10:30] arekm |
||
|---|---|---|---|
| Line 1009: | Line 1009: | ||
| * add ''quota_ctl'' to ''/etc/vservers/test/ccapabilities'': | * add ''quota_ctl'' to ''/etc/vservers/test/ccapabilities'': | ||
| - | * restart your vserver and run ''edquota'' inside | + | * restart your vserver and run ''edquota'' inside |
| ===== Network namespace in vservers ===== | ===== Network namespace in vservers ===== | ||
| + | |||
| + | Starting from util-vserver 0.30.216-1.pre3054 there is basic support for creating network namespaces with interfaces inside. | ||
| + | |||
| + | Enabling netns and two capabilities: NET_ADMIN (allows interfaces in guest to be managed) and NET_RAW (makes iptables working). | ||
| + | |||
| + | |||
| + | <file>mkdir /etc/vservers/test/spaces | ||
| + | touch /etc/vserver/test/spaces/net | ||
| + | echo NET_ADMIN >> /etc/vservers/test/bcapabilities | ||
| + | echo NET_RAW >> /etc/vservers/test/bcapabilities | ||
| + | echo 'plain' > /etc/vservers/test/apps/init/style | ||
| + | </file> | ||
| + | |||
| + | Avoid context isolation since it makes little sense when using network namespaces: | ||
| + | <file>touch /etc/vserver/test/noncontext</file> | ||
| + | |||
| + | Configure interfaces: | ||
| + | |||
| + | 0 - arbitrary directory name, just for ordering | ||
| + | |||
| + | myiface0 will be interface name inside of guest (optional, default geth0, | ||
| + | geth1 and so on) | ||
| + | |||
| + | veth-host - interface name on the host side | ||
| + | |||
| + | <file> | ||
| + | mkdir -p /etc/vservers/test/netns/interfaces/0 | ||
| + | echo myiface0 > /etc/vservers/test/netns/interfaces/guest | ||
| + | echo veth-host > /etc/vservers/test/netns/interfaces/host | ||
| + | </file> | ||
| + | |||
| + | !!! FINISH ME. FINISH ME. FINISH ME. !!! | ||
| + | |||
| + | ===== Network namespace in vservers (OLD WAY) ===== | ||
| Enabling netns and two capabilities: NET_ADMIN (allows interfaces in guest to be managed) and NET_RAW (makes iptables working). | Enabling netns and two capabilities: NET_ADMIN (allows interfaces in guest to be managed) and NET_RAW (makes iptables working). | ||
| Line 1017: | Line 1052: | ||
| - | <file>mkdir /etc/vserver/test/spaces | + | <file>mkdir /etc/vservers/test/spaces |
| - | touch /etc/vserver/test/spaces/net | + | touch /etc/vservers/test/spaces/net |
| echo NET_ADMIN >> /etc/vservers/test/bcapabilities | echo NET_ADMIN >> /etc/vservers/test/bcapabilities | ||
| echo NET_RAW >> /etc/vservers/test/bcapabilities | echo NET_RAW >> /etc/vservers/test/bcapabilities | ||
docs/vserver.txt · Last modified: 2015-10-05 15:07 by glen
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
