LinuxBabu ………..

Sometimes it is need to place /vz partition on external storage. How to perform this procedure on Parallels Virtuozzo Containers system?

Here are exact steps:

1. Make sure that external storage is available as device in /dev/ directory (via e.g. NFS or ISCSI layer)

2. Mount this storage under e.g. mount point /vzs using required options and filesystem type:
# mount /dev/ext_storage_dev_name /vzs

3. Stop Virtuozzo:
# service vz stop

4. Copy all content from /vz to /vzs:
# cp -a /vz/* /vzs/

5. Unmount old /vz directory and /vzs directory:
# umount /vz
# umount /vzs

6. Edit in the file /etc/fstab line for /vz entry to mount external storage under /vz mount point.

7. mount /vz again:
# mount /vz

8. Start Virtuozzo:
# service vz start

The installation of APF requires some additional steps to be taken on the hardware node.

1. First of all, you should define which iptables modules are available for VEs.

Edit /etc/sysconfig/iptables-config file on a Virtuozzo hardware node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Edit /etc/sysconfig/vz file on a Virtuozzo hardware node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Please note – iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line, no linebreaks is allowed in this parameter.

Restart Virtuozzo. All VEs will be restarted.
# service vz restart

2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Lets set it to 400 in the example below for VE #101:
# vzctl set 101 --numiptent 400 --save

3. Install APF inside the VE. Edit /etc/apf/conf.apf inside VE, set the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"

4. Start APF inside the VE:
# /etc/init.d/apf start


f you have Service Container running on a hardware node then you may use the utility ‘vza_ve_stat’ to obtain amount of network traffic consumed by any container on a node.

Usage:
vza_ve_stat user@host ctid start_time [end_time]

where:
user – vzagent0
host – IP address of Service Container on a hardware node
ctid – ID of container in question
start_time and end_time define period you want to get traffic for.

Please note that start_time and end_time should be entered in the following format: 2000-01-01T12:00:00+0400

You may need to install the package ‘perl-XML-Parser’ (e.g. using ‘yum install perl-XML-Parser’ command on a server) if you get the error “Can’t locate XML/Parser.pm in @INC”.

For example, to obtain traffic of the container #101 for the period from 01 Jan 2010 up to the current moment the command would be:
# vza_ve_stat vzagent0@10.55.40.1 101 2010-01-01T00:00:00+0000
vzagent0@10.55.40.1's password:
bytes in = 69447065 packets in = 385929 bytes out = 755800760 packets out = 649168

You may also get information about network traffic using PMC (Parallels Management Console):
1. double click on the needed container
2. in the opened window go to Monitor > Traffic Summary
3. Choose needed period of time and click ‘Download’

The same can be done in PIM (Parallels Infrastructure Manager):
1. Open PIM
2. Go to Infrastructure manager > Virtual Private Servers > choose needed container > Network > Traffic Usage

Symptoms

By default Microsoft updates installed on Virtuozzo host are applied in containers during next containers start.

Resolution

If auto applying Microsoft updates in containers is unnecessary option it is possible to configure containers to not install updates even if its are on Virtuozzo host.

The following example shows how to disable this auto applying option for container 100:

vzcfgt set 100 DisableWindowsUpdates 1

If this option is set to “1″ no more windows updates will be applied to the container 100.

But you can still manually install or remove windows updates to this container by using Container Update Manager.

To find Container Update Manager click Start button on the node and go to All Programs, Parallels, Parallels Virtuozzo Containers.

The command below enables auto applying option for container 100:

vzcfgt set 100 DisableWindowsUpdates 0

Also it’s possible to disable auto applying option for all newly created containers on a node:

vzcfgt set 0 DisableWindowsUpdates 1

Note: If it’s necessary to enable the auto installation of windows updates back in containers you should re-configure each container separately.

While installing APF on your VPS you get the following error :

# apf -r
apf(28442): {glob} status log not found, created
apf(28463): {glob} flushing & zeroing chain policies
apf(28463): {glob} firewall offline
apf(28500): {glob} activating firewall
apf(28551): {glob} unable to load iptables module (ip_tables), aborting.
apf(28500): {glob} firewall initalized
apf(28500): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.

You need to configure the APF for your VPS.

nano -w /etc/apf/conf.apf

modify
SET_MONOKERN=”0″

to
SET_MONOKERN=”1″

Restart APF

apf -r