Virtuozzo
How do I install APF firewall into the VE?
by dino on Apr.01, 2010, under Virtuozzo
The installation of APF requires some additional steps to be taken on the hardware node.
1. First of all, you should define which iptables modules are available for VEs.
Edit /etc/sysconfig/iptables-config file on a Virtuozzo hardware node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
Edit /etc/sysconfig/vz file on a Virtuozzo hardware node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
Please note – iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line, no linebreaks is allowed in this parameter.
Restart Virtuozzo. All VEs will be restarted.
# service vz restart
2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Lets set it to 400 in the example below for VE #101:
# vzctl set 101 --numiptent 400 --save
3. Install APF inside the VE. Edit /etc/apf/conf.apf inside VE, set the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
4. Start APF inside the VE:
# /etc/init.d/apf start
Virtuozzo : How do I get amount of network traffic consumed by a Container?
by dino on Feb.05, 2010, under Virtuozzo
f you have Service Container running on a hardware node then you may use the utility ‘vza_ve_stat’ to obtain amount of network traffic consumed by any container on a node.
Usage:
vza_ve_stat user@host ctid start_time [end_time]
where:
user – vzagent0
host – IP address of Service Container on a hardware node
ctid – ID of container in question
start_time and end_time define period you want to get traffic for.
Please note that start_time and end_time should be entered in the following format: 2000-01-01T12:00:00+0400
You may need to install the package ‘perl-XML-Parser’ (e.g. using ‘yum install perl-XML-Parser’ command on a server) if you get the error “Can’t locate XML/Parser.pm in @INC”.
For example, to obtain traffic of the container #101 for the period from 01 Jan 2010 up to the current moment the command would be:
# vza_ve_stat vzagent0@10.55.40.1 101 2010-01-01T00:00:00+0000
vzagent0@10.55.40.1's password:
bytes in = 69447065 packets in = 385929 bytes out = 755800760 packets out = 649168
You may also get information about network traffic using PMC (Parallels Management Console):
1. double click on the needed container
2. in the opened window go to Monitor > Traffic Summary
3. Choose needed period of time and click ‘Download’
The same can be done in PIM (Parallels Infrastructure Manager):
1. Open PIM
2. Go to Infrastructure manager > Virtual Private Servers > choose needed container > Network > Traffic Usage
Virtuozzo : How to find out the IP address of master node or unregister slave node from Virtuozzo group without access to master node.
by dino on Dec.30, 2009, under Virtuozzo
[How to] How to find out the IP address of master node or unregister slave node from Virtuozzo group without access to master node.
It is not possible to login to PIM, the following error is displayed:
The Node you are trying to log in to is a Slave Node of a Virtuozzo Group. Only the address of the Master Node of this Group can be used for logging in.
The IP of master node is unknown or it is not possible to unregister the slave node.
The IP address of master node can be found out using vzagroup utility, e.g. on Virtuozzo for Linux node:
# /opt/vzagent/bin/vzagroup list
The same utility can be used to force unregistering slave node from group – “vzagroup removeFromGroup” command should be used in this case.
Additional information
Other options are available from built-in help, which is shown when utility is invoked with no parameters:
# /opt/vzagent/bin/vzagroup
Master node commands:
vzagroup addSlave [--force] USER[:PASSWORD]@ADDRESS
vzagroup removeSlave USER[:PASSWORD]@ADDRESS
vzagroup list
Note: credentials should be specified to connect to slave
Slave or single node commands:
vzagroup addToGroup USER[:PASSWORD]@ADDRESS
vzagroup removeFromGroup
Note: master node credentials should be specified
Is Internet Explorer 8.0 compatible with Parallels Virtuozzo Containers for Windows?
by dino on Nov.25, 2009, under Virtuozzo
Is Internet Explorer 8.0 compatible with Parallels Virtuozzo Containers for Windows?
Release notes
Parallels Virtuozzo Containers 3.5.1 for Windows:
Internet Explorer 8 is not supported by Virtuozzo 3.5.1 for Windows. It is not allowed to install it on hardware node or inside containers. Installed IE8 inside containers can lead to failure on containers start.
Parallels Virtuozzo Containers 4.0 for Windows:
Internet Explorer 8 is supported by Parallels Virtuozzo Containers 4.0 for Windows starting from VZU400027 update. Internet Explorer 8 is installed on the host itself and upgrades all existing Containers on first start up.
Parallels Virtuozzo Containers 4.5 for Windows:
IE8 is supported by PVC 4.5 for both Windows 2003 and Windows 2008 server platforms.
[How to] How to configure containers to not apply Microsoft updates installed on Virtuozzo host.
by dino on May.23, 2009, under Virtuozzo
Symptoms
By default Microsoft updates installed on Virtuozzo host are applied in containers during next containers start.
Resolution
If auto applying Microsoft updates in containers is unnecessary option it is possible to configure containers to not install updates even if its are on Virtuozzo host.
The following example shows how to disable this auto applying option for container 100:
vzcfgt set 100 DisableWindowsUpdates 1
If this option is set to “1″ no more windows updates will be applied to the container 100.
But you can still manually install or remove windows updates to this container by using Container Update Manager.
To find Container Update Manager click Start button on the node and go to All Programs, Parallels, Parallels Virtuozzo Containers.
The command below enables auto applying option for container 100:
vzcfgt set 100 DisableWindowsUpdates 0
Also it’s possible to disable auto applying option for all newly created containers on a node:
vzcfgt set 0 DisableWindowsUpdates 1
Note: If it’s necessary to enable the auto installation of windows updates back in containers you should re-configure each container separately.
Is Internet Explorer 8.0 compatible with Parallels Virtuozzo Containers for Windows?
by dino on May.23, 2009, under Virtuozzo
Internet Explorer 8 is not supported by Parallels Virtuozzo Containers for Windows yet.
It is not allowed to install it on hardware node or inside containers.
Installed IE8 inside containers can lead to failure on containers start.
APF installation error on VPS : unable to load iptables module (ip_tables), aborting.
by dino on Sep.29, 2008, under Virtuozzo
While installing APF on your VPS you get the following error :
apf(28442): {glob} status log not found, created
apf(28463): {glob} flushing & zeroing chain policies
apf(28463): {glob} firewall offline
apf(28500): {glob} activating firewall
apf(28551): {glob} unable to load iptables module (ip_tables), aborting.
apf(28500): {glob} firewall initalized
apf(28500): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.
You need to configure the APF for your VPS.
nano -w /etc/apf/conf.apf
modify
to
Restart APF
apf -r
Now you will be able to complete apf installation fine 
Protected: Parallels Virtuozzo vzup2date error : [RPM] Dependencies conflict.
by dino on Sep.26, 2008, under Virtuozzo
error: stat of /var/log/cron failed: No such file or directory
by dino on Jul.29, 2008, under Basics, Command Line, Uncategorized, Virtuozzo, WebMin
Hi guys… Today I faced a issue with a new VPS installed with EZ template Centos 5.2. I was preparing the VPS with logwatch, apf and other security and got cron error under roots mail.
Cron errors shows log errors :
/etc/cron.daily/logrotate:
error: stat of /var/log/boot.log failed: No such file or directory
error: stat of /var/log/cron failed: No such file or directory
OR
You do not find log files updating
This was due to the syslog daemon not running. Check if the service is running and restart. Your server may have syslogd daemon on rsyslogd depending on your OS.
I had rsyslogd on Centos 5.2
# /etc/init.d/rsyslog status
rsyslogd is stopped
rklogd is stopped# /etc/init.d/rsyslog start
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
Check if the service is being started at the starup :
# chkconfig –list | grep rsyslog
rsyslog 0:off 1:off 2:off 3:off 4:off 5:off 6:off
Use Command to enable the daemon at startup
# chkconfig rsyslog on
The log files were not being created due to the daemons stopped, after restart all started generating.
Cheers!
cPanel FAQ for VPS
by admin on Jul.04, 2008, under Virtuozzo, cPanel
From: http://www.cpanel.net/docs/whm/FAQ.htm
Q: I’m having server problems but the problem is not listed below. What should I do?
A: There are two options:
- You can search the Knowledgebase in WebHost Manager. The is explained in the support part of this manual.
- You can search the CPanel forums – http://support.cpanel.net/
Q: How do I login to Cpanel from a non-GUI?
A: Do the following:
- /usr/local/cpanel startup
- /etc/rc.d/init.d/cpanel3 restart – This will restart CPanel.
Q: I just got another server, what do I do?
A: If you would like to make your two servers work together, you will need to establish a trust relationship with your primary nameserver – refer to Establishing a trust relationship for more information. You can also transfer your old server’s files to your new server – refer to Transfers for more information.
Q: Proftp will not start it says, ‘unable to determine the ip address of mydomainhere.com’. What do I do?
A: You need to change your hostname to a FQDN (Fully Qualified Domain Name ). A FQDN has a host name, and a domain name which includes a top-level domain, e.g. www.sub.domain.com.
- #pico /etc/sysconfig/network
- Type hostname www.sub.domain.com
- Save changes and quit pico.
- Now, add a DNS Zone for yourdomain.com in WebHost Manager.
- Add an entry to /etc/hosts for your hostname.
Q: I have a CPanel license but when I login it says ‘Invalid Lisc File’. What’s wrong?
A: There are a couple of possibilities. The date on your server could be improperly synced, your main IP could have changed, or your files could have been corrupted.
- First, try to resync your server’s date:
#rdate -s rdate.darkorb.net
- If that does not work, try to update your CPanel license file:
#/usr/local/cpanel/cpkeyclt
- If these do not work contact your distributor so they can update your license
Q: My install keeps saying “waiting for updated to finish”. What should I do?
A: Do the following:
- Open another Terminal window and run as root:
#rsync -av rsync://ftp.cpanel.net/scripts /scripts
- /etc/rc.d/init.d/cpanel3 restart – This will restart CPanel.
Q: What types of traffic does the Bandwidth monitor show?
A: The bandwidth monitor watches http, ftp, and pop traffic.
Q: I’ve added accounts in WebHost Manager that aren’t showing up. What’s wrong?
A: Your domain database has not been updated, you need to run:
#/scripts/updateuserdomains
Q: What does Initial Nameserver Setup do?
A: This starts the name and adds it to the list of daemons to be checked.
Q: What should I do about partitioning my drive? What sizes do I need?
A: Refer to Installation for more information.
Q: How do I upgrade using buildapache.sea?
A: Do the following:
- SSH into your server.
- SU and log in as root.
- #wget http://layer1.cpanel.net/buildapache.sea
- #chmod 755 buildapache.sea
- #./buildapache.sea
- Wait for the installer to complete.
- Cleanup after the install with:
#rm -Rf buildapache/
#rm buildapache.sea
Q: How can I use Cpanel in a non-graphical environment?
A: Do the following:
- #/sbin/chkconfig –add xfs
- #/sbin/service xfs start
Q: Neomail keeps returning no MD5.so in @INC. What do I do?
A: #/scripts/cleanmd5
Q: How can I fix problems with mail that result from incorrect permissions?
A: #/scripts/mailperm
Q: I’m trying to add FrontPage extensions, or a new account, and I get sd(8,10) write failure, user limit block reached. What do I do?
A: #/scripts/fixquotas
Q: What can fix many common problems?
A: #/scripts/fixcommonproblems
Q: I keep getting a 500 error when trying to use Mailman. What is wrong?
A: Your hostname is not being sent with your e-mail. Do the following:
- #/scripts/fixoldlistswithsuexec
- If that doesn’t work, try:
#/scripts/fixmailmanwithsuexec
#pico /usr/local/apache/conf/httpd.conf – move the last vhost to the first vhost in the file.
Q: What do I do when Mailman wants UID 99 but is getting -1?
A: #/scripts/upcp
Q: My subdomain logs are not being processed. What do I do?
A: Do the following:
- #rm -f ~username/tmp/lastrun
- #killall -9 cpanellogd
- #/usr/local/cpanel/cpanellogd
Q: How do I enable FrontPage on port 443 with ssl?
A: Do the following:
- /usr/local/frontpage/version5.0/bin/owsadm.exe -o install -p 443 -m
- $domain -t apache-fp -xuser $user -xgroup $group -servconf
- “/etc/httpd/conf/httpd.conf”
Q: Neomail complains of no MD5.so in @INC – what do I do?
A: Do the following:
- Rebuild Perl using installer from http://cpanel.net/
- Just running /scripst/cleanmd5 should do it.
Q: When adding FrontPage, I get sd(8,10) write failure, user limit block reached. What do I do?
A: Run /scripts/fixquotas
Q: How do I fix general mail problems related to permissions?
A: /scripts/mailperm
Q: How do I fix the most common problems?
A: /scripts/fixcommonproblems
Q: How do I fix cgi scripts that are returning a 500 error because of permissions?
A: Do the following:
- /scripts/fixsuexeccgiscripts
- Read /usr/local/apache/logs/suexec_log for Mailman 500 Error.
- /scripts/fixmailmanwithsuexec
- Edit /usr/local/apache/conf/htpd.conf and move the vhost it creates (almost always the last one in the file) to be the first vhost.
- Restart Apache: /etc/rc.d/init.d/httpd restart
- Run /scripts/fixoldlistswithsuexec
Q: What do I do when Mailman wants UID 99 when getting -1?
A: Do the following:
- Edit httpd.conf
- Make sure Group is set to nobody.
- Run /scripts/upcp – that should rebuild mailman with the correct UID/GID.
/scripts/upcp should now detect this and fix it for you automatically.
- Turn on SYN Cookies if built into the kernel.
- echo 1 >/proc/sys/net/ipv4/tcp_syncookies – at boot time after the /proc file system has been mounted.
Q: How do I troubleshoot Perl scripts?
A: Do the following:
- Edit Perl / cgi script – at top of file #!/usr/bin/perl
- Use CGI::Carp qw(fatalsToBrowser); – errors should be redirected to browser rather then getting a 500 error.
- Also, check if the script runs on the command line – perl -w ./scriptname.cgi – and see if it gives you errors.
Q: What do I do if subdomain logs are not getting processed?
A: Do the following:
- rm -f ~username/tmp/lastrun
- killall -9 cpanellogd
- /usr/local/cpanel/cpanellogd
Q: How do I stop a crontab?
A: Add – >/dev/null 2>&1 – after the entry in the crontab.
Q: What do I do when MySQL gives error of access denied for root@localhost?
A: Make sure root pass is in /root/.my.cnf, this is usually the first root password the box was given when CPanel was installed.
Q: How do I set the /etc/my.cnf file for sites with vbb forums that don’t close connections, thus spawning 500 mysqld’s and hogging all the RAM?
A: Do the following to mysqld:
- set-variable = max_connections=1500
- set-variable = max_user_connections=200
- set-variable = wait_timeout=200
- set-variable = interactive_timeout=800
Q: What do I do if SpamAssassin is taking up a lot of memory and CPU?
A: The chances are the dbm database has gotten corrupted. Try this:
- Find out what user it’s running as with ‘top’.
- cd /home/user/
- rm -rf .spamassasin
- Then mail them a couple of times to see if it fixes the problem.
Q: What do I do if buildapache.sea bombs out with a lot of nasty looking errors?
A: Do the following:
- Find out the version (cat /etc/redhat-release).
- Find a server running the same version that works.
- tar xzvf bits.tgz /usr/include/bits
- Copy that to the broken server.
- Backup /usr/include/bits somewhere.
- tar xzvf bits.tgz from /
Q: What do I do when a Guestbook is not showing anything, I get a blank page when trying to view, and no errors when submitting?
A: Do the following:
chown nobody /home/username/.guestbook
Make sure ‘nobody’ can write to it.
Q: What do I do when all the Perl/CGI scripts that are not running as root (including Interchange) get the error “getgrgid: invalid groupid XXXXX”? From Apache’s error_log …
[Tue Mar 26 09:13:16 2002] [error] [client x.x.x.x] (2)No such file or directory: getgrgid: invalid groupid 32015
[Tue Mar 26 09:13:16 2002] [error] (2)No such file or directory: exec of /home/username/public_html/utility.cgi failed
[Tue Mar 26 09:13:16 2002] [error] [client x.x.x.x] Premature end of script headers: /home/username/public_html/script.cgi
A: Do the following:
chmod 644 /etc/group
If that doesn’t fix it, check permissions on the passwd file and shadow file as well just for good measure.
Q: What are the default locations for Mailman, exim config, exim log, or the exim reject log?
A: The locations are:
- Mailman lists = /usr/local/cpanel/3rdparty/mailman/lists/
- Exim Config = /etc/exim.conf
- Exim Log = /var/log/exim_mainlog
- Exim Reject Log = /var/log/exim_rejectlog
Q: What do I do when setting up a trust relationship and I get errors about possible security threats and stuff about SSH/known_hosts?
A: Most likely the master server has changed it’s ssl info. The easiest way to remedy this is:
- cd /etc/
- rm -rf .ssh
Then try setting up the trust relationship again.
-
Howdy. Welcome to LinuxBabu ...........!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
