From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Fri Nov 09 2001 - 10:52:20 EST
vserver 0.6
Change log
1. Enhancements
1.1. New kernel 2.4.13 and new immutable flags
The patch now work on top of kernel 2.4.13. Both normal and SMP kernel
are supplied. This new kernel provides mostly the same feature and
implementation as before. Here are the changes:
+ System call number has been changed to avoid conflict with other
new feature in the kernel.
+ New IMMUTABLE-LINK-INVERT flag. This was contributed by Sam Vilain
(sam_at_vilain.net). This new ext2 flag solves the unification issues.
When you unify two vservers, to save disk space, you have to
protect the file somewhat, to avoid one vserver from affecting the
other. The solution is to turn the file immutable so even root
can't modify them (root in vservers is not allowed to play with the
immutable bit).
There was a drawback with this. The unified vservers were locked
somewhat. A vserver administrator could not perform package update
for example.
The new IMMUTABLE-LINKAGE-INVERT solves this. It modifies the way
an immutable file behave. With this flag on, the file may be
unlinked (removed), allowing normal package updates. But the
original data can't be modified.
The default for vunify and vbuild is to set both IMMUTABLE-FILE and
IMMUTABLE-LINKAGE-INVERT bits on linked file. This gives you
robustness (one vserver can't modify the linked file shared by
other vservers) and flexibility (one vserver may evolve
independently.
You absolutely need vserver 0.6 to use this kernel. You can find more
information about the new immutable-linkage-invert flag at
http://sam.vilain.net/immutable. You will find there a modified
ext2fsprog package to use those flags. The vunify and vbuild utility
do not need this package to operate though.
1.2. New vbuild utility
The /usr/lib/vserver/vbuild utility has been written. It allows one to
clone a reference vserver, hard linking files when possible. You end
up creating a new virtual private server with a large package set, yet
using only few megs of disk space. Like the vunify command, vbuild
sets the immutable flag on linked file so the vserver can't change
them (since they are shared between several vservers).
Here is the command line usage:
vbuild [ options ] reference-server new-vservers
+ --testShow what will be done, do not do it.(not completed)
+ --debugPrints some debugging messages.
+ --noflagsDo not put any immutable flags on the file
+ --immutableSet the immutable_file bit on the files.
+ --immutable-mayunlinkSets the immutable_link flag on files.
+ --statsProduce statistics on the number of file linked copied and
so on.
By default, the immutable_file and immutable_link flags are set
on the files. So if you want no immutable flags, you must use
--noflags. If you want a single flag, you must use --noflags first,
then the --immutable or --immutable-mayunlink flag.
1.3. New vtop utility
vtop is a simple shell script, executing the top utility in security
context 1, so it can see all processes.
1.4. vunify rewrite
The /usr/lib/vserver/vunify utility has been rewritten. It uses
roughly the same syntax with few more options.
vunify [ options ] reference-server vservers ... -- packages
+ --testShow what will be done, do not do it.
+ --undoPut back the file in place, using copies from the reference
server.
+ --debugPrints some debugging messages.
+ --noflagsDo not put any immutable flags on the file.
+ --immutableSet the immutable_file bit on the files.
+ --immutable-mayunlinkSets the immutable_link flag on files.
By default, the immutable_file and immutable_link flags are set on the
files. So if you want no immutable flags, you must use --noflags. If
you want a single flag, you must use --noflags first, then the
--immutable or --immutable-mayunlink flag.
If packages is ALL, then all common package with the reference server
will be unified. The new vunify makes sure this is the same package
version before unifying.
2. Changes
2.1. System call renumbering
The system call we had chosen was already assigned to other projects
so we picked new number. This make the old vserver package
incompatible with the newer kernel 2.4.13ctx-3.
If you have already some vserver running and want to upgrade to the
new kernel, here is the update sequence:
# Stop all vservers
/etc/rc.d/init.d/vservers stop
# Disable the vservers service
/sbin/chkconfig vservers off
# Install the new kernel in LILO
# reboot
# Update to the new vserver package
rpm -Uvh vserver-0.6-1.i386.rpm
# Enable the vservers package
/sbin/chkconfig vservers on
# Start the vservers
/etc/rc.d/init.d/vservers start
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:01:00 EDT