From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Sat 02 Feb 2002 - 02:47:14 GMT
On Thu, 31 Jan 2002 13:15:18 -0500, Matthew Brichacek wrote
> Hello, I have been using vserver for a few days to set up a test lab.
> The servers themselves are running fine, however I am getting some very
> erratic behavior out of the ethernet. When I reboot and bond all the
> servers to myri0 it will only bond 5 (sometimes), the other 5 I can
> enter by hand (sometimes) other times I get the errors:
>
> ifconfig myri0:10 192.168.1.210 up
> SIOCSIFFLAGS: Cannot assign requested address
> SIOCSIFFLAGS: Cannot assign requested address
Are you using kernel 2.4.17ctx-6 ?
There is a bug/feature in this kernel: A vserver only see the network device
it has been assigned to. So far so good, this is the feature.
Now this feature was implemented in the kernel using the ipv4root as the
key. So it is not per se a vserver concept. For example, if you do this
on the console.
/sbin/ifconfig
you see everything. then you do
/usr/sbin/chbind --ip 1.2.3.4 /bin/sh
/sbin/ifconfig
exit
you end up seeing nothing. The chbind call is tying this process to the IP
1.2.3.4 and now the kernel only reports about the interface matching this
one: None.
Now, how is this affecting you. I guess that you wanted access to ssh or
some telnet services in the vserver, so you disabled the sshd or xinetd
services on the root server and enabled v_sshd or v_xinetd. Then you
log to the root server using one ssh or telnet. the v_xx service are tying
a service to a single IP, allowing the various vservers to bind to the same
service.
By binding sshd to a single IP, all shells started by sshd inherit this
binding. With ctx-6, they can't see all the interfaces. So if you try
to start a new vserver, or restart an old one, you will see those messages.
I have fixed this problem by disabling this functionality for security context
0. So the root server still see all device and vserver only see their own stuff.
The solution for now is to start vservers from the console, or do
/usr/sbin/chbind --ip 0.0.0.0 /bin/sh
/usr/sbin/vserver server start
Note that root in security context 0 already had the ability to change its
ipv4root binding unlike root in vserver which are locked with this IP.
> i will get the same errors with eth0 and eth1 also. Am i reaching a
> limitation in the TCP/IP stack? It doesn't seem like it since I can
> still add them by hand when the machine feels like letting me. Is there
> a kernel config option I am missing? (all packages/kernel built
> manually) I have attached a copy of my 01.conf (it's the same for all
> except the IP and hostname change) and my .config. If you need anything
> else please let me know.
It's a cosmetic bug :-) Sorry!
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc