| 1 |
As far as I'm conserned, hardened gentoo requires a specific kernel patch. As you share a single kernel with VServer patch across all your vservers on one host, it seems to me a hardened vserver can't be done, but please refer to the hardened gentoo people as I do not have experience with this. |
| 2 |
|
| 3 |
In my case, I had a lot of services running on two hosts, making it virtually impossible to do normal maintanance on the os (upgrading, patching, etc) as I could not get downtime for all of the services at once and settings and dependencies began to overlap. Splitting them up to several vservers, I can now take one of them and patch it without stopping all the others. Additionally I will put the vservers filesystems on a SAN, making it possible to switch them to other nodes in seconds, thus providing a kind of failover mechanism. In this case it is wise to split services up, espacially if they are unrelated to each other while running on the same host. |
| 4 |
|
| 5 |
Sharing Filesystems across vservers should be done with network filesystems like samba, nfs (attention, have a look at vserver documentation!). Well, as I think about it, you should be able to share local filesystems, as access to these is managed via the same kernel for every VServer... could work :-? If you plan to test this, please tell me how it worked out! |
| 6 |
|
| 7 |
|
| 8 |
mit freundlichen Grüßen |
| 9 |
|
| 10 |
Matthias Witschel |
| 11 |
|
| 12 |
Infraserv GmbH & Co. Höchst KG |
| 13 |
Geschäftsfeld IT-Services |
| 14 |
Computing Services |
| 15 |
Server Center |
| 16 |
|
| 17 |
-----Ursprüngliche Nachricht----- |
| 18 |
Von: Jean Blignaut [mailto:jean@×××××××.biz] |
| 19 |
Gesendet: Dienstag, 31. Januar 2006 13:12 |
| 20 |
An: gentoo-server@l.g.o |
| 21 |
Betreff: RE: [gentoo-server] rsyncd inside vserver |
| 22 |
|
| 23 |
Im interested in this vserver process but still a little uncertain about how it works. |
| 24 |
I mean I have a rough idea and I know it sounds promising and that I would like to finish setting it up (started that last week, but had to tackle other stuff meanwhile) |
| 25 |
Questions: |
| 26 |
But are you able to have a 'hardened' vserver? Because I was wanting to try that out also. |
| 27 |
Also does It make sense to run mysql in one virtual server apache in another and your MTA in another and pop3/imap in yet another? (only examples of what I mean) Can the virtual servers share folders/partitions? |
| 28 |
etc. etc. |
| 29 |
|
| 30 |
-----Original Message----- |
| 31 |
From: Witschel, Matthias, Infraserv-Hoechst/DE [mailto:Matthias.Witschel@×××××××××.com] |
| 32 |
Sent: Tuesday, January 31, 2006 10:50 AM |
| 33 |
To: gentoo-server@l.g.o |
| 34 |
Subject: AW: [gentoo-server] rsyncd inside vserver |
| 35 |
|
| 36 |
No. NFSD is not running on the Host. But since i virtualized the function that was running on the host I found rsync running on the host without spcific IP binding (well, it seems rsync cant be bound to a specific IP?), so the deamon on the host blocked the virtual IP. After stopping rsyncd on the host, the virtual server worked fine. |
| 37 |
Thanx for your suggestion! It finaly directed me into the right direction. |
| 38 |
|
| 39 |
Is there a specific mailing list for the gentoo vserver project? I'm planning virtualisation of at least 7 productive services, including mailrelay, mediawiki, cups and samba. I am willing to share my experiences as well as I will need help from others. |
| 40 |
|
| 41 |
mit freundlichen Grüßen |
| 42 |
|
| 43 |
Matthias Witschel |
| 44 |
|
| 45 |
Infraserv GmbH & Co. Höchst KG |
| 46 |
Geschäftsfeld IT-Services |
| 47 |
Computing Services |
| 48 |
Server Center |
| 49 |
|
| 50 |
Industriepark Höchst |
| 51 |
Geb. C 584, Raum U10e |
| 52 |
|
| 53 |
-----Ursprüngliche Nachricht----- |
| 54 |
Von: Benedikt Boehm [mailto:hollow@g.o] |
| 55 |
Gesendet: Montag, 30. Januar 2006 21:52 |
| 56 |
An: gentoo-server@l.g.o |
| 57 |
Betreff: Re: [gentoo-server] rsyncd inside vserver |
| 58 |
|
| 59 |
Do you, by any chance, run nfsd on the host? |
| 60 |
|
| 61 |
if yes http://forums.gentoo.org/viewtopic-t-359538.html my be of help for you.. if you need nfsd on the host try to bind it to one specific ip only, instead of 0.0.0.0 |
| 62 |
|
| 63 |
HTH |
| 64 |
-- |
| 65 |
gentoo-server@g.o mailing list |
| 66 |
|
| 67 |
|
| 68 |
-- |
| 69 |
gentoo-server@g.o mailing list |
| 70 |
|
| 71 |
|
| 72 |
-- |
| 73 |
gentoo-server@g.o mailing list |
| 74 |
|
| 75 |
|
| 76 |
-- |
| 77 |
gentoo-server@g.o mailing list |
Archives