openvz

Udev is a dependency of xorg and other development packages that breaks OpenVZ containers if installed or upgraded.

Re-create the missing devices after an upgrade via:

For a permanent fix, edit /etc/rc.sysinit to disable udev and auto-repair the devices:

On running daily lvm snapshot backups via vzdump on OpenVZ servers, I noticed the below Kernel errors in logwatch reports.

This would show up on busy servers only, probably caused due to lvm snapshot running out of space.

I edited "/usr/bin/vzdump" and increased the size from 500m to 1000m which seems to have resolved the issue for now.

I was seeing loss in network connectivity when an OpenVZ container is stopped and noticed that the bridge mac address was taking the mac address of an existing containers virtual network interface instead of the physical interface.

The solution was to set the bridge mac address to the physical interface:

Here is what my "/etc/sysconfig/vz-scripts/vps.umount" looks like which is used to remove routes to container with veth-bridge from bridge.

Here's is a simple shell script to run a weekly lvm snapshot dump of all OpenVZ containers using the vzdump utility:

1. Host will be open on LAN and guests on WAN. Additionally, there is a bridged LAN for guests.
2. We will be using bridge networking for protecting the Host Network and saving IP addresses, also giving flexibility with the guest network setup.
3. Configure LAN Eth1 port to 192.168.1.2
4. WAN Eth0 port is not assigned any IP address.
6. Install the required bridge-utils package via:

* Network:

* WAN Bridge device br0:

* WAN eth0 device:

* LAN Bridge device br1:

* LAN eth1 device:

Helper script to create users on all OpenVZ VEs simultaneously:

If you manage several OpenVZ containers, here is a simple bash script to keep the OpenVZ containers upto date.

Following the instruction over at OpenVZ Wiki, I've had no problems with the installation and creation of templates prior to CentOS-5.2 on x86_64 systems. However, with the latest set of updates to CentOS-5.2, the vzpkgcache seems to have been broken as sysklogd is no longer being installed by default. Below is how I got it to work:

Note: edit /vz/template/centos/5/x86_64/config/minimal.list and append .x86_64 to all except for the addons packages. Then run:

which gives the below error at the end:

The solution was to edit "/vz/template/centos/5/x86_64/config/install-post" and set syslog and syslog.conf sed replacements with exit status of "0".

1. Increase the NUMIPTENT values in VE conf file to 1000 on the host:
   
   NUMIPTENT="1000:1000"

2. Edit "/etc/sysconfig/vz" on the host:
   
   IPTABLES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_owner ipt_length ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_recent"

3. Make sure the above modules are loaded on the host, so it would help if you have APF on the host as well.
   
4. Restart the VE
   
   # vzctl restart <VEID>

5. It is normal to get ipt_recent error as below:
   
   Warning: Unknown iptable module: ipt_recent, skipped

   You can verify the modules loaded via:
   

   # vzctl exec <VEID> grep ipt_recent /proc/net/ip_tables_matches

   Note: ipt_recent is required for passive ftp to work, else... will need to specify passive ftp ports in ftp conf file and open those ports via apf as well.

6. Here is a typical apf config on a VE with CentOS-5 running ISPConfig.
   DEVEL_MODE="0"
IFACE_IN="venet0"
IFACE_OUT="venet0"
IFACE_TRUSTED=""
SET_MONOKERN="1"
IG_TCP_CPORTS="21,22,25,53,80,81,110,143,443"
IG_UDP_CPORTS="53"
EGF="1"
EG_TCP_CPORTS="21,25,80,443,43"
EG_UDP_CPORTS="20,21,53"

Recently, I've had a client who's had issues with uploading files and general functioning of the ISPConfig hosting control panel.

So the first thing I checked out was "/proc/user_beancounters", and everything seemed normal there.

Quick check with `vzquota` turned out that the inodes were maxed out.

Blocks and Inodes can also be checked/displayed within the container via `df -h` and `df -i`.

Additionally, since he had a lot of users, he was maxed out on the users limits too. Noticed that with `repquota -a` which pulled up a huge number of users.

Increasing the appropriate limits with vzctl on diskspace, diskinodes and quotaugidlimit resolved all issues.