Skip to main content

The Virtuozzo CheatSheet

             


The Ultimate Virtuozzo Guide







  •  The Virtuozzo Ultimate Guide
           
1. Create a container with vid 101
————-
# vzctl create 101 –config vps.plesk7.fc2 –pkgset fedora-core-2
# vzpkgadd 101 psa-fc2
#############################################
2. How do I validate configuration of VPSes on the hardware node?
There is a set of utilities which can help you with a resources management.
1. vzcfgvalidate: checks the resource’s cross-dependencies for a single VPS
2. vzcheckovr: checks if the hardware node is overcommitted
3. vzcpucheck: check the CPU utilization on the hardware node
4. vzmemcheck: shows the current memory utilization
5. vztopvzstat: utilities which can be used for VPS monitoring
#############################################
3. How do I install APF firewall into the VPS?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Feb,04 2006
Access: public Article ID #875
The installation of APF requires some additional steps to be done on the hardware node.
1. First of all you should define which iptables modules are available for VPSes.
Edit /etc/sysconfig/iptables-config:
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_REDIRECT ipt_state iptable_nat ip_nat_ftp”
Edit /etc/sysconfig/vz:
IPTABLES=”ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport
iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
ipt_REDIRECT ipt_state iptable_nat ip_nat_ftp”
Restart Virtuozzo. All VPSs will be restarted.
# service vz restart
2. Increase numiptent parameter for a VPS you need to install APF into. This parameter limits the amount of iptables rules available for a VPS. Default APF configuration requires ~200 rules. Let’s set it to 400:
# vzctl set 101 –numiptent 400 –save
3. Install APF inside a VPS. Edit /etc/apf/conf.apf, set the following parameters:
IFACE_IN=”venet0″
IFACE_OUT=”venet0″
SET_MONOKERN=”1″
4. Start APF inside a VPS:
# /etc/init.d/apf start
#############################################
4. How do I check / install Virtuozzo license?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Dec,26 2005
Access: public Article ID #1014
Virtuozzo license is stored in /etc/hspc/licenses/vzlicense. Virtuozzo Control Center and Power Panel license is stored in /etc/hspc/licenses/vzcplicense.
5. To check which licenses are currently installed, use
# vzlicview
6. You can also view the properties of license stored in arbitrary file, e.g.
# vzlicview -f /etc/hspc/licenses/vzlicense
7. To install new Virtuozzo license, issue the following command:
# vzlicload
Virtuozzo Control Center and Power Panel licenses can be installed via Control Center web-interface (https://SERVICE_VPS:4643), as well as Virtuozzo license.
Virtuozzo license depends on the following parameters:
1. Unique Hardware ID of the server which is calculated according to motherboard and network card unique identifiers;
2. Maximum number of VPSs allowed to be started simultaneously;
3. Start date and end date;
4. CPU power
#############################################
8. How do I change vzagent0 username or create a new user with the same permissions inside Service VPS?
Create a new user inside service VPS, add that user into vzagent0 group and set shell to /usr/sbin/vzacon. After that add this user to /etc/vzagent.passwd file inside Service VPS.
/etc/vzagent.passwd contains a separate list of users allowed to manage the hardware node using Virtuozzo Management Console and Virtuozzo Control Center. For each user in the list the range of VPSes which can be managed by the user is defined (VPS #0 means the hardware node).
#############################################
9. How do I automate backup operations in Virtuozzo?
VPS backups can be created using vzbackup utility. It should be run on the backup node. You can restore any backup using vzrestore utility.
To configure vzbackup you should do the following:
1. Check global vzbackup configuration file /etc/vzbackup.conf file on the backup node for backup parameters (pay attention to $BACKUP_DIR parameter).
If you are going to make backups using cronjob, set the following parameters:
# Backup directory – where the backups will be stored, e.g
BACKUP_DIR=”/vz/backups”
# backup type. Supported types are “full”, “initial incremental” and
# “incremental”. Default is incremental. If it is impossible to do
# “incremental” then “initial incremental” will be done.
BACKUP_TYPE=”i”
# Backup cron mode
CRON_BACKUP=”yes”
# List of nodes to backup.
BACKUP_NODES=”"
# e-mails to send notifications on backup
BACKUP_NOTIFY_EMAIL=”root@myserver.com”
2. Create directory
# mkdir /vz/backups
3. Add the following command to the crontab on the backup node:
# vzbackup -i -p -a
4. Make sure root user of the backup node is able to access all hardware nodes without a password (propagate DSA public keys).
#############################################
10. How do I create VPS with guaranteed amount of RAM (256M, 512M, etc.)?
Virtuozzo is shipped with sample configuration files which allow to allocate 256, 512, 1024, or 2048 MB of memory for a VPS. These samples can be found in /etc/sysconfig/vz-scripts/ directory on the hardware node (ve-vps.256MB.conf-sample, ve-vps.512MB.conf-sample, ve-vps.1024MB.conf-sample, ve-vps.2048MB.conf-sample).
To create VPS #101 using one of these configuration files, use
# vzctl create 101 –config vps.512MB –pkgset fedora-core-2
To apply some configuration sample to already created VPS, use –applyconfig option of vzctl utility.
The same operation can be done using Virtuozzo Management Console or Virtuozzo Control Center.
#############################################
11, How do I change system time or timezone in a VPS?
You cannot change system time in a VPS because all VPSes on the hardware node have the same system time. However, it is possible to change the default system timezone inside a VPS, for example, by replacing /etc/localtime with the file from /usr/share/zoneinfo which contains a description of your timezone.
#############################################
12, How do I compile some application from sources inside a VPS? It does not seem to have gcc installed.
# vzpkgadd 101 devel-fc2
#############################################
13, How do I add or remove an IP address to a VPS?
# vzctl set 101 –ipadd 192.168.0.1 –save
#############################################
14, How do I perform some action for all VPSes on the hardware node?
vzlist -o veid -H
# for vps in `vzlist -o veid -H` do
vzctl exec $vps ps ax
done
#############################################
15, How do I determine which VPS the process runs on?
# vzpid 10031
Pid VEID Name
10031 113 httpsd
#############################################
16, How do I move a VPS from one server to another?
# vzmigrate -r no 192.168.0.1 101
#############################################
17, How do I upgrade my VPS to the latest version of the OS template?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Dec,23 2005
Access: public Article ID #1010
To upgrade VPS 101 to the latest version of fedora-core-2 OS template, just run the following command:
# vzpkgadd 101 fedora-core-2
If VPS 101 was created on some earlier version of fedora-core-2 template, it will be upgraded to the latest version. Application templates can be upgraded in the same way.
The other approach is to upgrade VPS using standard Redhat utilities such as yum and up2date and use vzcache utility to move common files to the template area after upgrading.
#############################################
18, What does OFFLINE_MANAGEMENT (‘Enable Offline Management’) option mean?To simplify the usage of Virtuozzo Power Panel by a VPS owner, VZPP web interface can be accessible on the VPS IP address. By default, port 4643 is used. If the VPS has an IP address 192.168.0.1 assigned the VZPP management interface is accessible by https://192.168.0.1:4643 even if the VPS is stopped. VZPP accessibility on VPS IP address is controlled by OFFLINE_MANAGEMENT per-VPS configuration parameter. By default, it is set to “yes”. To enable/disable it for VPS #101 use the following
commands:
# vzctl set 101 –offline_management=yes –save
# vzctl set 101 –offline_management=no –save
#############################################
19, My VPS is changing its state to Mounted. How do I fix that?
Mounted’ means that VPS filesystem was mounted into the root filesystem of the hardware node, but a VPS is stopped.
If your VPS is going into Mounted state, please check the following:
1. Virtuozzo license. If you exceeded maximum amount of running VPSs defined in the license, VPSs over that amount will be stopped in 5 minutes. Please check the following article for more information about Virtuozzo licenses.
2. Shutdown inside a VPS. If a VPS was shut down by its owner (i.e. using /sbin/halt, /sbin/shutdown -h, etc.), its state will be Mounted. Just start a VPS using
# vzctl start 101
or using Virtuozzo Control Center / Power Panel.
3. A VPS could be created with a wrong license class (class 1, so-called ‘Light VPS’). This class is obsoleted. You should recreate a VPS using license class 2. To check which license class is assigned to VPS 101, use
# grep CLASSID /etc/sysconfig/vz-scripts/101.conf
#############################################
20, My VPS does not start. What should I check?
1. VPS starts, but then just shuts down in a few minutes.
You don’t have valid Virtuozzo license installed. Please check the output of vzlicview command, the status of the license should be ACTIVE. Check /var/log/messages. More information about Virtuozzo licenses can be found in this article.
2. VPS cannot be started because it is locked.
Please follow the instructions from this article.
3. VPS starts but displays an error “/bin/bash: no such file” or similar.
The owner of the VPS could remove some important package such as bash or glibc. The VPS can also be compromised, see below.
4. The VPS starts but Segmentation fault occures very soon after starting.
The VPS can be compromised, please check the corresponding article.
#############################################
21, How do I determine that my VPS is hacked / compromised?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Dec,23 2005
Access: public Article ID #1013
VPS can be compromised if its owner uses insecure or out-of-date software. To detect if VPS #101 has any rootkits installed, one can use chkrootkit utility either inside a VPS or (better) on a hardware node, using -r /vz/root/101 parameter. There is also a way to determine which packages were modified on a VPS:
# /usr/share/vzpkgtools/vzrpm/bin/rpm –root=/vz/root/101 –veid 101 -Va | egrep ‘^..5|missing’
This command shows files which were modified or removed.
Follow the instructions from the corresponding article to repair hacked VPS.
#############################################
22, My VPS is hacked / compromised. How do I repair or reinstall it?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Dec,23 2005
Access: public Article ID #1012
There are two ways of restoring a VPS which is hacked or cannot be started for some other reasons. Please make sure that you have created full backup of a VPS before applying any of the following solutions.
Solution #1:
# vzctl recover 101
This command will reinstall OS template and all application templates which were previously installed on a VPS. This action will make it possible to start broken VPS but it does not give any guarantee that all rootkits are removed, if any.
Solution #2:
# vzctl reinstall 101
This command will create brand new VPS on the same OS template as broken one, install the same application templates into it, and restore users’ credentials. The contents of the old VPS will be copied into /old directory.
#############################################
23, What does [FAIL] warning in vzstat output mean?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Jan,10 2006
Access: public Article ID #691
Configuration file /etc/vzstat.conf on the hardware node contains thresholds for the following parameters: CPU latency, memory latency, amount of free swapspace, diskspace, etc. You can define your own warning and error levels for any parameter. For example, for swap size:
# Swap free, % limit
# if swap space is heavily used, i.e. swap free < SWAP_FREE_X than
# it’s highlighted with yellow (WARN level) or red (ERR level)
SWAP_FREE_WARN=75
SWAP_FREE_ERR=50
#############################################
24, How do I solve vzquota error: “vzquota : (error) Quota on syscall for 101: Device or resource busy”?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Jan,10 2006
Access: public Article ID #671
Please make sure there are no open files inside VPS root and/or private area (and your current working directory is not inside VPS root/private area) by running the following command on the hardware node:
# lsof 2> /dev/null | egrep ‘/vz/root/101|/vz/private/101′
If there are any processes which hold a directory inside VPS root/private area – kill them.
#############################################
25, How do I solve the problem with vzpkgcache: ‘Cannot create /var/run/vzpkgcache.pid lockfile’?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Jan,05 2006
Access: public Article ID #658
Virtuozzo needs /usr/bin/lockfile to exist for vzpkgcache to work, which is a part of procmail. Please install the procmail package to make vzpkgcache work.
# rpm -qp –requires vzpkgtools-*.swsoft.i386.rpm | grep lockfile /usr/bin/lockfile
# rpm -qf /usr/bin/lockfile
procmail-3.22-5
#############################################
26, Any operation on a VPS gives me “Cannot lock VE”. How do I solve it?
Product versions this article applies to:
* Virtuozzo for Linux
The latest update: Jan,05 2006
Access: public Article ID #655
VPS is locked when some operation (backup, migration, start / stop, etc.) with this VPS is in progress. You can determine which process is holding VPS #101 using the following command on the hardware node:
# cat /vz/lock/101.lck
You can kill that process if needed. Make sure that the process is really killed. If there is no process with that PID on the node, just remove the lockfile.
#############################################
Resouce calculation.
—————
vzcalc veid
vzcalc -v deatiled
vzmemcheck -v
vzcpucheck
[root@test /root]# vzcpucheck
Current CPU utilization: 112681
Power of the node: 112721
[root@test /root]# vzcpucheck -v
veid units
———————–
0 5681
100 1000
1001 4000
1003 4000
1004 4000

Current CPU utilization: 113681
**************************************
SOURCE - virtuozzo.com and swsoft.com and etc…
******************************************



FEED



Share












SUPPORT












VISIT COUNTER !!






Comments

Popular posts from this blog

Defacing Sites via HTML Injections (XSS)

Defacing Sites via HTML Injections Defacing Sites via HTML Injections What Is HTML Injection: "HTML Injection" is called as the Virtual Defacement Technique and also known as the "XSS" Cross Site Scripting. It is a very common vulnerability found when searched for most of the domains. This kind of a Vulnerability allows an "Attacker" to Inject some code into the applications affected in order to bypass access to the "Website" or to Infect any particular Page in that "Website". HTML injections = Cross Site Scripting, It is a Security Vulnerability in most of the sites, that allows an Attacker to Inject HTML Code into the Web Pages that are viewed by other users. XSS Attacks are essentially code injection attacks into the various interpreters in the browser. These attacks can be carried out using HTML, JavaScript, VBScript, ActiveX, Flash and other clinet side Languages. Well crafted Malicious Code can even hep the ...

EKS Cluster and Create CSI Driver to store credentials in AWS Secrets Manager via SecretProviderClass

EKS Cluster | CSI Driver | SecretProviderClass | AWS Secrets Manager Setup EKS Cluster and Manage Credentials at runtime using CSI driver using SecretProviderClass and Secrets Manager Assuming you have Configured/Installed AWS CLI, EKSCTL, KUBECTL, HELM. CSI Basic Information: CSI (Container Storage Interface) widely used as a Storage Technology. Created by Google | Mesosphere | Docker.  It has two two Plugins one runs on the Master Node (Centralized Controller Plugin) and another one on Worker Nodes (Decentralized headless Node Plugin).  CSI communication protocol is gRPC.   The communication between Container Orchestration to Controller Plugin (Master) and to Node Plugin (Worker Node) happens using gRPC .  CSI Drivers : vendor specific compiled into Kubernetes/openshift binaries. To use a CSI driver, a StorageClass needs to be assigned first.  The CSI driver is then set as the Provisioner for the Storage Class. CSI drivers provide three main service...

Linux Systems Performance/Observability (BPF (bpfcc-tools), BCC Tools

  Linux System Performance/Observability Tools Linux Systems Performance/Observability (BPF (bpfcc-tools), BCC Tools Assuming you have Linux Server in place and have the required BPF aka BCC related packages installed on the system(s) for the required Linux distribution. BPF(eBPF) aka BCC Tools (bpfcc-tools) : BPF, which originally stood for Berkley Packet Filter is the dynamic tracing tools for Linux Systems.  BPF initially used for the speeding up for the tcpdump expressions and since then it has been know as the extended Berkley packet Filter (eBPF).  Its new uses are Tracing Tools where it provides programmability for the BPF Compiler Collection (BCC) and bpftrace front ends .   Example: execsnoop, biosnoop etc is a BCC Tool. When facing production performance crisis these such list of tools comes handy to trace and fix the issue. However, it requires certain KERNEL level config options to be enabled such as CONFIG_FTRACE, CONFIG_BPF. Profiling tools typically re...