PLDWWW: Docs/Vserver

[arekm]

Author: arekm   Date: Sat Nov  6 18:57:04 2010 GMT
Module: PLDWWW   URL: http://www.pld-linux.org/Docs/Vserver?action=diff&rev2=157&rev1=156
---- Log message:


---- Page affected: Docs/Vserver

---- Diffs:

================================================================
  
  == Network namespace in vservers ==
  
- Enabling netns and two capabilities: NET_ADMIN (allows interfaces in guest to be managed) and NET_RAW (makes iptables working)
+ Enabling netns and two capabilities: NET_ADMIN (allows interfaces in guest to be managed) and NET_RAW (makes iptables working). 
+ 
+ Plain init style is needed for post-start to run as soon as possible (and with plain init style is just after starting init process).
  
  {{{
  mkdir /etc/vserver/test/spaces
  touch /etc/vserver/test/spaces/net
  echo NET_ADMIN >> /etc/vservers/test/bcapabilities
  echo NET_RAW >> /etc/vservers/test/bcapabilities
+ echo 'plain' > /etc/vservers/test/apps/init/style
  }}}
  
  veth-test - host interface
@@ -1002, +1005 @@

  for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
       pid=$(vserver ${VSERVER_NAME} exec pidof -s sleep)
       [ -n "$pid" ] && break
-      usleep 200000
+      usleep 100000
  done
  ip link set "eth-${VSERVER_NAME}" netns $pid
  sysctl -q -w net.ipv4.conf.veth-${VSERVER_NAME}.forwarding=1
  /sbin/ifup "veth-${VSERVER_NAME}"
+ exit 0
  }}}
  
  Create /etc/vservers/test/scripts/post-stop script:
@@ -1017, +1021 @@

  VSERVER_NAME="$2"
  
  ip link del "veth-${VSERVER_NAME}"
+ exit 0
  }}}
  
  You end with one interface on the host and one inside guest (virtually connected). Configure interfaces, routing as on normal system.