Virtuozzo : RTNETLINK answers: Operation not supported

Here is a new bug which I faced on virtuozzo 4 and 4.6 for Centos 6 VPS.

VPS fails to add IP during start or networking fails when network is restarted :

-bash-4.1# /etc/init.d/network restart
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: RTNETLINK answers: Operation not supported
Failed to bring up lo.
[FAILED]
Bringing up interface venet0: RTNETLINK answers: Operation not supported
Failed to bring up venet0.
[FAILED]
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
-bash-4.1#

ifconfig shows blank as networking fails to start :

-bash-4.1# ifconfig
-bash-4.1# rpm -q iproute
iproute-2.6.32-31.el6.x86_64
-bash-4.1# cat /etc/redhat-release
CentOS release 6.5 (Final)
-bash-4.1#

Here is the fix, download the rpm’s as per your VPS arch.

for 64-bit systems: http://mirror.centos.org/centos/6.4/os/x86_64/Packages/iproute-2.6.32-23.el6.x86_64.rpm
for 32-bit systems: http://mirror.centos.org/centos/6.4/os/i386/Packages/iproute-2.6.32-23.el6.i686.rpm

Networking is not available in VPS so download it on the Hardware Node :

cd /root/dino
wget http://mirror.centos.org/centos/6.4/os/x86_64/Packages/iproute-2.6.32-23.el6.x86_64.rpm

Copy it to the affected VPS :
cp iproute-2.6.32-23.el6.x86_64.rpm /vz/private/VEID/fs/root/root/
replace VEID with the affected VPS ID.

vzctl enter VEID

-bash-4.1# cd /root/
-bash-4.1# rpm -q iproute
iproute-2.6.32-31.el6.x86_64
-bash-4.1# rpm -e iproute --nodeps
-bash-4.1# rpm -Uvh iproute-2.6.32-23.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:iproute ########################################### [100%]
-bash-4.1# /etc/init.d/network restart
Shutting down loopback interface: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface venet0: Determining if ip address 127.0.0.1 is already in use for device venet0...
SIOCADDRT: Network is unreachable
SIOCADDRT: Network is unreachable
[ OK ]
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
RTNETLINK answers: File exists
-bash-4.1#

Now you can see the IP’s responding. Please make sure you check the RPM and OS versions:

Parallels KB : http://kb.parallels.com/en/118992

UPDATE :

to avoid updates due to yum append iproute* to exclude line in file /etc/yum.conf

Virtuozzo 4.7 Install Error :: lspci

Virtuozzo 4.7 install show Hardware check errors as below :

=========
[general] error getting information about file /sbin/lspci (No s|
=========

The error is due to missing package pciutils which is not included in CentOS 6 minimal install.

Install pciutils using yum on CentOS server :

yum install pciutils

Once done you can start the install without issues.

Parallels Power Panel show “Forbidden” error for all containers

Parallels Power Panel show “Forbidden” error for all containers,

APPLIES TO:
Virtuozzo Containers for Windows 4.0
Virtuozzo for Linux 3.x
Virtuozzo Containers for Windows 4.5
Virtuozzo Containers for Linux 4.0
Virtuozzo for Windows 3.5.1 SP1

Symptoms
The following error appears for all containers in the Parallels Power Panel:

Forbidden

The IP address of a physical server cannot be used with its Parallels Power Panel port number.

Do one of the following:

* If you want to open the Parallels Virtual Automation Control Center, use the IP address of the management server with the default port number.
* If you want to open the Parallels Power Panel, use the IP address or hostname of the Virtual Environment.

Cause
This issue may appear if the service container has no disk space remaining.

Resolution
To resolve this issue, users must find what has caused the lack of free disk space or increase the service container disk limit by the following command:

vzctl set 1 --diskspace 2000000 --save

PPP in container

To start the pppd daemon in a container / VPS you need PPP enabled for the container. Then it is possible, for example, to connect to your DSL provider in a VPS.

ppp modules need to be loaded in the HN :

# lsmod | grep ppp
#
# modprobe ppp_async
# modprobe ppp_deflate
# lsmod | grep ppp
ppp_deflate 39168 0
zlib_deflate 52760 1 ppp_deflate
ppp_async 45184 0
ppp_generic 63760 2 ppp_deflate,ppp_async
slhc 39680 1 ppp_generic
crc_ccitt 35200 1 ppp_async

set “ppp” feature for stoppped VE:

vzctl set [VEnumber] --features ppp:on --save

start VE :

# vzctl start [VEnumber]

Prepare /dev/ppp within VE:

# vzctl set [VEnumber] --devices c:108:0:rw --save
# vzctl exec [VEnumber] mknod /dev/ppp c 108 0
# vzctl exec [VEnumber] chmod 600 /dev/ppp

See if it works (as root):

VE# /usr/sbin/pppd

You should see gibberish in the standard output like

~ÿ}#À!}!}!} }4}"}&} } } } }%}&‹ÁöY}

If there is an error message instead, something went wrong.

🙂

Placing /vz partition to external storage (NAS, NFS)

Sometimes it is need to place /vz partition on external storage. How to perform this procedure on Parallels Virtuozzo Containers system?

Here are exact steps:

1. Make sure that external storage is available as device in /dev/ directory (via e.g. NFS or ISCSI layer)

2. Mount this storage under e.g. mount point /vzs using required options and filesystem type:
# mount /dev/ext_storage_dev_name /vzs

3. Stop Virtuozzo:
# service vz stop

4. Copy all content from /vz to /vzs:
# cp -a /vz/* /vzs/

5. Unmount old /vz directory and /vzs directory:
# umount /vz
# umount /vzs

6. Edit in the file /etc/fstab line for /vz entry to mount external storage under /vz mount point.

7. mount /vz again:
# mount /vz

8. Start Virtuozzo:
# service vz start

How do I install APF firewall into the VE?

The installation of APF requires some additional steps to be taken on the hardware node.

1. First of all, you should define which iptables modules are available for VEs.

Edit /etc/sysconfig/iptables-config file on a Virtuozzo hardware node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Edit /etc/sysconfig/vz file on a Virtuozzo hardware node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"

Please note – iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line, no linebreaks is allowed in this parameter.

Restart Virtuozzo. All VEs will be restarted.
# service vz restart

2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Lets set it to 400 in the example below for VE #101:
# vzctl set 101 --numiptent 400 --save

3. Install APF inside the VE. Edit /etc/apf/conf.apf inside VE, set the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"

4. Start APF inside the VE:
# /etc/init.d/apf start

Virtuozzo : How do I get amount of network traffic consumed by a Container?

f you have Service Container running on a hardware node then you may use the utility ‘vza_ve_stat’ to obtain amount of network traffic consumed by any container on a node.

Usage:
vza_ve_stat user@host ctid start_time [end_time]

where:
user – vzagent0
host – IP address of Service Container on a hardware node
ctid – ID of container in question
start_time and end_time define period you want to get traffic for.

Please note that start_time and end_time should be entered in the following format: 2000-01-01T12:00:00+0400

You may need to install the package ‘perl-XML-Parser’ (e.g. using ‘yum install perl-XML-Parser’ command on a server) if you get the error “Can’t locate XML/Parser.pm in @INC”.

For example, to obtain traffic of the container #101 for the period from 01 Jan 2010 up to the current moment the command would be:
# vza_ve_stat vzagent0@10.55.40.1 101 2010-01-01T00:00:00+0000
vzagent0@10.55.40.1's password:
bytes in = 69447065 packets in = 385929 bytes out = 755800760 packets out = 649168

You may also get information about network traffic using PMC (Parallels Management Console):
1. double click on the needed container
2. in the opened window go to Monitor > Traffic Summary
3. Choose needed period of time and click ‘Download’

The same can be done in PIM (Parallels Infrastructure Manager):
1. Open PIM
2. Go to Infrastructure manager > Virtual Private Servers > choose needed container > Network > Traffic Usage

Virtuozzo : How to find out the IP address of master node or unregister slave node from Virtuozzo group without access to master node.

[How to] How to find out the IP address of master node or unregister slave node from Virtuozzo group without access to master node.

It is not possible to login to PIM, the following error is displayed:

The Node you are trying to log in to is a Slave Node of a Virtuozzo Group. Only the address of the Master Node of this Group can be used for logging in.

The IP of master node is unknown or it is not possible to unregister the slave node.

The IP address of master node can be found out using vzagroup utility, e.g. on Virtuozzo for Linux node:

# /opt/vzagent/bin/vzagroup list

The same utility can be used to force unregistering slave node from group – “vzagroup removeFromGroup” command should be used in this case.
Additional information

Other options are available from built-in help, which is shown when utility is invoked with no parameters:

# /opt/vzagent/bin/vzagroup

  • Usage: vzagroup

    Master node commands:

    vzagroup addSlave [–force] USER[:PASSWORD]@ADDRESS

    vzagroup removeSlave USER[:PASSWORD]@ADDRESS

    vzagroup list

  • Note: credentials should be specified to connect to slave

    Slave or single node commands:

    vzagroup addToGroup USER[:PASSWORD]@ADDRESS

    vzagroup removeFromGroup
    Note: master node credentials should be specified

    Is Internet Explorer 8.0 compatible with Parallels Virtuozzo Containers for Windows?

    Is Internet Explorer 8.0 compatible with Parallels Virtuozzo Containers for Windows?

    Release notes
    Parallels Virtuozzo Containers 3.5.1 for Windows:

    Internet Explorer 8 is not supported by Virtuozzo 3.5.1 for Windows. It is not allowed to install it on hardware node or inside containers. Installed IE8 inside containers can lead to failure on containers start.

    Parallels Virtuozzo Containers 4.0 for Windows:

    Internet Explorer 8 is supported by Parallels Virtuozzo Containers 4.0 for Windows starting from VZU400027 update. Internet Explorer 8 is installed on the host itself and upgrades all existing Containers on first start up.

    Parallels Virtuozzo Containers 4.5 for Windows:

    IE8 is supported by PVC 4.5 for both Windows 2003 and Windows 2008 server platforms.

    [How to] How to configure containers to not apply Microsoft updates installed on Virtuozzo host.

    Symptoms

    By default Microsoft updates installed on Virtuozzo host are applied in containers during next containers start.

    Resolution

    If auto applying Microsoft updates in containers is unnecessary option it is possible to configure containers to not install updates even if its are on Virtuozzo host.

    The following example shows how to disable this auto applying option for container 100:

    vzcfgt set 100 DisableWindowsUpdates 1

    If this option is set to “1” no more windows updates will be applied to the container 100.

    But you can still manually install or remove windows updates to this container by using Container Update Manager.

    To find Container Update Manager click Start button on the node and go to All Programs, Parallels, Parallels Virtuozzo Containers.

    The command below enables auto applying option for container 100:

    vzcfgt set 100 DisableWindowsUpdates 0

    Also it’s possible to disable auto applying option for all newly created containers on a node:

    vzcfgt set 0 DisableWindowsUpdates 1

    Note: If it’s necessary to enable the auto installation of windows updates back in containers you should re-configure each container separately.