create

-------------

# vzctl create 101 --config vps.plesk7.fc2 --pkgset fedora-core-2

# vzpkgadd 101 psa-fc2


########################################################################


How do I validate configuration of VPSes on the hardware node?

There is a set of utilities which can help you with a resources management.

1. vzcfgvalidate: checks the resource's cross-dependencies for a single VPS
2. vzcheckovr: checks if the hardware node is overcommitted
3. vzcpucheck: check the CPU utilization on the hardware node
4. vzmemcheck: shows the current memory utilization
5. vztop, vzstat: utilities which can be used for VPS monitoring


############################################################################


How do I install APF firewall into the VPS?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Feb,04 2006
Access: public Article ID #875

The installation of APF requires some additional steps to be done on the hardware node.

1. First of all you should define which iptables modules are available for VPSes.

Edit /etc/sysconfig/iptables-config:

IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_REDIRECT ipt_state iptable_nat ip_nat_ftp"


Edit /etc/sysconfig/vz:



IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport
iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length
ipt_REDIRECT ipt_state iptable_nat ip_nat_ftp"



Restart Virtuozzo. All VPSs will be restarted.

# service vz restart


2. Increase numiptent parameter for a VPS you need to install APF into. This parameter limits the amount of iptables rules available for a VPS. Default APF configuration requires ~200 rules. Let's set it to 400:

# vzctl set 101 --numiptent 400 --save


3. Install APF inside a VPS. Edit /etc/apf/conf.apf, set the following parameters:

IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"


4. Start APF inside a VPS:

# /etc/init.d/apf start

#########################################################################################################################

How do I check / install Virtuozzo license?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Dec,26 2005
Access: public Article ID #1014

Virtuozzo license is stored in /etc/hspc/licenses/vzlicense. Virtuozzo Control Center and Power Panel license is stored in /etc/hspc/licenses/vzcplicense.

To check which licenses are currently installed, use
# vzlicview


You can also view the properties of license stored in arbitrary file, e.g.
# vzlicview -f /etc/hspc/licenses/vzlicense


To install new Virtuozzo license, issue the following command:
# vzlicload


Virtuozzo Control Center and Power Panel licenses can be installed via Control Center web-interface (https://SERVICE_VPS:4643), as well as Virtuozzo license.

Virtuozzo license depends on the following parameters:

1. Unique Hardware ID of the server which is calculated according to motherboard and network card unique identifiers;
2. Maximum number of VPSs allowed to be started simultaneously;
3. Start date and end date;
4. CPU power

#########################################################################################################################

How do I change vzagent0 username or create a new user with the same permissions inside Service VPS?

Create a new user inside service VPS, add that user into vzagent0 group and set shell to /usr/sbin/vzacon. After that add this user to /etc/vzagent.passwd file inside Service VPS.
/etc/vzagent.passwd contains a separate list of users allowed to manage the hardware node using Virtuozzo Management Console and Virtuozzo Control Center. For each user in the list the range of VPSes which can be managed by the user is defined (VPS #0 means the hardware node).

#########################################################################################################################


How do I automate backup operations in Virtuozzo?

VPS backups can be created using vzbackup utility. It should be run on the backup node. You can restore any backup using vzrestore utility.

To configure vzbackup you should do the following:

1. Check global vzbackup configuration file /etc/vzbackup.conf file on the backup node for backup parameters (pay attention to $BACKUP_DIR parameter).

If you are going to make backups using cronjob, set the following parameters:

# Backup directory - where the backups will be stored, e.g

BACKUP_DIR="/vz/backups"

# backup type. Supported types are "full", "initial incremental" and
# "incremental". Default is incremental. If it is impossible to do
# "incremental" then "initial incremental" will be done.

BACKUP_TYPE="i"

# Backup cron mode

CRON_BACKUP="yes"

# List of nodes to backup.

BACKUP_NODES=""

# e-mails to send notifications on backup

BACKUP_NOTIFY_EMAIL="root@myserver.com"



2. Create directory

# mkdir /vz/backups


3. Add the following command to the crontab on the backup node:

# vzbackup -i -p -a



4. Make sure root user of the backup node is able to access all hardware nodes without a password (propagate DSA public keys).


#########################################################################################################################


How do I create VPS with guaranteed amount of RAM (256M, 512M, etc.)?

Virtuozzo is shipped with sample configuration files which allow to allocate 256, 512, 1024, or 2048 MB of memory for a VPS. These samples can be found in /etc/sysconfig/vz-scripts/ directory on the hardware node (ve-vps.256MB.conf-sample, ve-vps.512MB.conf-sample, ve-vps.1024MB.conf-sample, ve-vps.2048MB.conf-sample).

To create VPS #101 using one of these configuration files, use

# vzctl create 101 --config vps.512MB --pkgset fedora-core-2

To apply some configuration sample to already created VPS, use --applyconfig option of vzctl utility.

The same operation can be done using Virtuozzo Management Console or Virtuozzo Control Center.

#########################################################################################################################


How do I change system time or timezone in a VPS?

You cannot change system time in a VPS because all VPSes on the hardware node have the same system time. However, it is possible to change the default system timezone inside a VPS, for example, by replacing /etc/localtime with the file from /usr/share/zoneinfo which contains a description of your timezone.

#########################################################################################################################


How do I compile some application from sources inside a VPS? It does not seem to have gcc installed.

# vzpkgadd 101 devel-fc2

#########################################################################################################################

How do I add or remove an IP address to a VPS?

# vzctl set 101 --ipadd 192.168.0.1 --save

#########################################################################################################################

How do I perform some action for all VPSes on the hardware node?

vzlist -o veid -H

# for vps in `vzlist -o veid -H` do
vzctl exec $vps ps ax
done

#########################################################################################################################

How do I determine which VPS the process runs on?

# vzpid 10031
Pid VEID Name
10031 113 httpsd

#########################################################################################################################
How do I move a VPS from one server to another?

# vzmigrate -r no 192.168.0.1 101

#########################################################################################################################

How do I upgrade my VPS to the latest version of the OS template?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Dec,23 2005
Access: public Article ID #1010
To upgrade VPS 101 to the latest version of fedora-core-2 OS template, just run the following command:

# vzpkgadd 101 fedora-core-2


If VPS 101 was created on some earlier version of fedora-core-2 template, it will be upgraded to the latest version. Application templates can be upgraded in the same way.

The other approach is to upgrade VPS using standard Redhat utilities such as yum and up2date and use vzcache utility to move common files to the template area after upgrading.


#########################################################################################################################


What does OFFLINE_MANAGEMENT ('Enable Offline Management') option mean?To simplify the usage of Virtuozzo Power Panel by a VPS owner, VZPP web interface can be accessible on the VPS IP address. By default, port 4643 is used. If the VPS has an IP address 192.168.0.1 assigned the VZPP management interface is accessible by https://192.168.0.1:4643 even if the VPS is stopped. VZPP accessibility on VPS IP address is controlled by OFFLINE_MANAGEMENT per-VPS configuration parameter. By default, it is set to "yes". To enable/disable it for VPS #101 use the following
commands:

# vzctl set 101 --offline_management=yes --save
# vzctl set 101 --offline_management=no --save

#########################################################################################################################

My VPS is changing its state to Mounted. How do I fix that?

Mounted' means that VPS filesystem was mounted into the root filesystem of the hardware node, but a VPS is stopped.

If your VPS is going into Mounted state, please check the following:

1. Virtuozzo license. If you exceeded maximum amount of running VPSs defined in the license, VPSs over that amount will be stopped in 5 minutes. Please check the following article for more information about Virtuozzo licenses.

2. Shutdown inside a VPS. If a VPS was shut down by its owner (i.e. using /sbin/halt, /sbin/shutdown -h, etc.), its state will be Mounted. Just start a VPS using
# vzctl start 101

or using Virtuozzo Control Center / Power Panel.

3. A VPS could be created with a wrong license class (class 1, so-called 'Light VPS'). This class is obsoleted. You should recreate a VPS using license class 2. To check which license class is assigned to VPS 101, use
# grep CLASSID /etc/sysconfig/vz-scripts/101.conf
##############################################################################################################################

My VPS does not start. What should I check?

1. VPS starts, but then just shuts down in a few minutes.

You don't have valid Virtuozzo license installed. Please check the output of vzlicview command, the status of the license should be ACTIVE. Check /var/log/messages. More information about Virtuozzo licenses can be found in this article.

2. VPS cannot be started because it is locked.

Please follow the instructions from this article.

3. VPS starts but displays an error "/bin/bash: no such file" or similar.

The owner of the VPS could remove some important package such as bash or glibc. The VPS can also be compromised, see below.

4. The VPS starts but Segmentation fault occures very soon after starting.

The VPS can be compromised, please check the corresponding article.




#############################################################################################################################

How do I determine that my VPS is hacked / compromised?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Dec,23 2005
Access: public Article ID #1013

VPS can be compromised if its owner uses insecure or out-of-date software. To detect if VPS #101 has any rootkits installed, one can use chkrootkit utility either inside a VPS or (better) on a hardware node, using -r /vz/root/101 parameter. There is also a way to determine which packages were modified on a VPS:

# /usr/share/vzpkgtools/vzrpm/bin/rpm --root=/vz/root/101 --veid 101 -Va | egrep '^..5|missing'


This command shows files which were modified or removed.

Follow the instructions from the corresponding article to repair hacked VPS.

#############################################################################################################################

My VPS is hacked / compromised. How do I repair or reinstall it?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Dec,23 2005
Access: public Article ID #1012

There are two ways of restoring a VPS which is hacked or cannot be started for some other reasons. Please make sure that you have created full backup of a VPS before applying any of the following solutions.

Solution #1:

# vzctl recover 101

This command will reinstall OS template and all application templates which were previously installed on a VPS. This action will make it possible to start broken VPS but it does not give any guarantee that all rootkits are removed, if any.

Solution #2:

# vzctl reinstall 101

This command will create brand new VPS on the same OS template as broken one, install the same application templates into it, and restore users' credentials. The contents of the old VPS will be copied into /old directory.

#############################################################################################################################

What does [FAIL] warning in vzstat output mean?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Jan,10 2006
Access: public Article ID #691

Configuration file /etc/vzstat.conf on the hardware node contains thresholds for the following parameters: CPU latency, memory latency, amount of free swapspace, diskspace, etc. You can define your own warning and error levels for any parameter. For example, for swap size:

# Swap free, % limit
# if swap space is heavily used, i.e. swap free < SWAP_FREE_X than
# it's highlighted with yellow (WARN level) or red (ERR level)
SWAP_FREE_WARN=75
SWAP_FREE_ERR=50

#############################################################################################################################

How do I solve vzquota error: "vzquota : (error) Quota on syscall for 101: Device or resource busy"?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Jan,10 2006
Access: public Article ID #671

Please make sure there are no open files inside VPS root and/or private area (and your current working directory is not inside VPS root/private area) by running the following command on the hardware node:

# lsof 2> /dev/null | egrep '/vz/root/101|/vz/private/101'


If there are any processes which hold a directory inside VPS root/private area - kill them.



#############################################################################################################################

How do I solve the problem with vzpkgcache: 'Cannot create /var/run/vzpkgcache.pid lockfile'?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Jan,05 2006
Access: public Article ID #658

Virtuozzo needs /usr/bin/lockfile to exist for vzpkgcache to work, which is a part of procmail. Please install the procmail package to make vzpkgcache work.

# rpm -qp --requires vzpkgtools-*.swsoft.i386.rpm | grep lockfile /usr/bin/lockfile

# rpm -qf /usr/bin/lockfile
procmail-3.22-5


#############################################################################################################################

Any operation on a VPS gives me "Cannot lock VE". How do I solve it?
Product versions this article applies to:

* Virtuozzo for Linux

The latest update: Jan,05 2006
Access: public Article ID #655

VPS is locked when some operation (backup, migration, start / stop, etc.) with this VPS is in progress. You can determine which process is holding VPS #101 using the following command on the hardware node:

# cat /vz/lock/101.lck


You can kill that process if needed. Make sure that the process is really killed. If there is no process with that PID on the node, just remove the lockfile.

#############################################################################################################################


Resouce calculation.

---------------
vzcalc veid
vzcalc -v deatiled

vzmemcheck -v
vzcpucheck
[root@test /root]# vzcpucheck
Current CPU utilization: 112681
Power of the node: 112721



[root@test /root]# vzcpucheck -v
veid units
-----------------------
0 5681
100 1000
1001 4000
1003 4000
1004 4000
...
Current CPU utilization: 113681

physpages: total number of RAM pages used by processes in this Virtual
Environment.




Primary parameters
1 numproc Number of processes and threads.
2 numtcpsock Number of TCP sockets.
3 numothersock Number of sockets other than TCP.
4 vmguarpages Memory allocation guarantee, in pages.
Secondary parameters
5 kmemsize Size of unswappable kernel memory, allocated for
processes in this Virtual Environment.
6 tcpsndbuf Total size of TCP send buffers.
7 tcprcvbuf Total size of TCP receive buffers.
8 othersockbuf Total size of UNIX-domain socket buffers, UDP
and other datagram protocol send buffers.
9 dgramrcvbuf Receive buffers of UDP and other datagram protocols.
10 oomguarpages The guaranteed amount of memory for the case
the memory is .over-booked. (out-of-memory kill
guarantee), in pages.
11 privvmpages Memory allocation limit, in pages.
Auxiliary parameters
12 lockedpages Process pages not allowed to be swapped out
(pages locked by mlock(2)).
13 shmpages Total size of shared memory (IPC, shared anonymous
mappings and tmpfs objects), in pages.
14 physpages Total number of RAM pages used by processes.
15 numfile Number of open files.
16 numflock Number of file locks.
17 numpty Number of pseudo-terminals.
18 numsiginfo Number of siginfo structures.
19 dcachesize Total size of dentry and inode structures locked
in memory.
20 numiptent Number of NETFILTER (IP packet filtering)



Primary parameters
1 numproc limiting yes no yes pcs
2 numtcpsock limiting yes no yes pcs
3 numothersock limiting yes no yes pcs
4 vmguarpages guarantee no guarantee no pages
Secondary parameters
5 kmemsize limiting yes yes yes bytes
6 tcpsndbuf limiting yes yes yes bytes
7 tcprcvbuf limiting yes yes yes bytes
8 othersockbuf limiting yes yes yes bytes
9 dgramrcvbuf limiting yes yes yes bytes
10 oomguarpages guarantee yes guarantee no pages
11 privvmpages limiting yes yes yes pages
Auxiliary parameters
12 lockedpages limiting yes yes yes pages
13 shmpages limiting yes no yes pages
14 physpages accounting yes no no pages
15 numfile limiting yes no yes pcs
16 numflock limiting yes yes yes pcs
17 numpty limiting yes no yes pcs
18 numsiginfo limiting yes no yes pcs
19 dcachesize limiting yes yes yes bytes
20 numiptent limiting yes no yes pcs


http://www.virtuozzo.com/en/products/tools/vzmc/
http://www.virtuozzo.com/en/products/tools/vzcc/
http://kb.swsoft.com/category82.php
http://kb.swsoft.com/article_130_876_en.html

Partly from sw-soft FAQ and rest from researches

Nikhil Thomas

Chief Consultant.

Admin-Ahead Server Technologies.