Editing
VPS Management
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Misc jail Items == We are overselling hard drive space on jail2, jail8, jail9, a couple jails on jail17, jail4, jail12 and jail18. Even though the vn file shows 4G size, it doesn’t actually occupy that amount of space on the disk. So be careful not to fill up drives where we’re overselling – use oversellcheck to confirm you’re not oversold by more than 10G. There are other truncated jails, they are generally noted in a the file on the root system: /root/truncated The act of moving a truncated vn to another system un-does the truncating- the truncated vn is filled with 0’s and it occupies physical disk space for which it’s configured. So, you should use dumpremote to preserve the truncation. * if you are getting disk full messages for a BSD customer, it's fairly safe to clear out their /usr/ports/distfiles dir * 4.x: ps and top an only be run by root in these jails. Done on purpose: As for `ps` and `top` - non-root users can run them, just not successfully because we have locked the permissions on /dev/mem and /dev/kmem to be root-readable only. That is why non-root users cannot successfully run `ps` and `top`. * user quotas do not work on freebsd jails - you cannot set up quotas at all, and that's that. * You cannot inject a process into a 4.x jail, only HUP running processes. 6.x and onward you can with jexec * jails see base machine’s uptime/load when running top/w * if someone is unable to get in- cant ping, etc- see if they were blocked by castle (DoS), see if their ip is on the system (post reboot it was lost cause wasn’t in the rc.conf). preboot should catch that. * in FreeBSD you cant su to root unless you belong to wheel group – so if you remove your acct and setup a new one, we have to add it to wheel group (add to /etc/group) * Dmesg from underlying sys is seen in customers dmesg on jail * Popper process going crazy @ 40% for 10min = someone who leaves mail on server * Don’t force umounts on 4.x jails – it crashes the machine, generally ok on newer machines (running md) * Good book for admin http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?userid=t824VyRAYz&isbn=0596005164&itm=2 * Self-sign ssl cert http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert * conversation with Glenn about semaphores and pgsql <pre>SDBoody: hey, these are valid amounts/figures/increments right: kern.ipc.semmni=1280 kern.ipc.semmns=1280 gr8feen: probably... I always forget exactly what those are, so I usually have to look them up SDBoody: semaphores SDBoody: i took the current 1024 and added 256 to them SDBoody: need more for pgsql gr8feen: I meant the mni and mns parts... gr8feen: some of those are not ones you just want to add to... hang on a sec and I'll look them up.. gr8feen: what's semmsl set to? SDBoody: kern.ipc.semmsl: 1024 SDBoody: kern.ipc.msgseg: 2048 kern.ipc.msgssz: 8 kern.ipc.msgtql: 40 kern.ipc.msgmnb: 2048 kern.ipc.msgmni: 40 kern.ipc.msgmax: 16384 kern.ipc.semaem: 16384 kern.ipc.semvmx: 65534 kern.ipc.semusz: 152 kern.ipc.semume: 10 kern.ipc.semopm: 100 kern.ipc.semmsl: 1024 kern.ipc.semmnu: 512 kern.ipc.semmns: 1024 kern.ipc.semmni: 1024 kern.ipc.semmap: 768 kern.ipc.shm_allow_removed: 0 kern.ipc.shm_use_phys: 1 kern.ipc.shmall: 262144 kern.ipc.shmseg: 256 kern.ipc.shmmni: 784 kern.ipc.shmmin: 1 kern.ipc.shmmax: 536870912 kern.ipc.maxsockets: 25600 gr8feen: ok...msl is max per id, mni is max ids, mns is max number of semaphores... so you probably want something like mns = mni * msl gr8feen: which one did you run out of? SDBoody: not sure how to tell- ipcs shows the sems in use add up to 1024 SDBoody: there are 59 entries gr8feen: I'm assuming you tried to start postgres and it failed? SDBoody: yes gr8feen: it should have logged why, somewhere.. gr8feen: if I recall, it'll tell you which one it ran out of SDBoody: > DETAIL: Failed system call was semget(1, 17, 03600). gr8feen: so it wanted an id with 17 semaphores...I'd start by making mns = 17*mni and leave mni and mnl set to what they are now and see what it does SDBoody: i think mni is plenty high SDBoody: ok, more reasonable 17408 gr8feen: yeah...just change that one and see how it goes.. SDBoody: and leave mni alone at 1024? gr8feen: yeah...mni id the max number of ids...but if it's trying to get something like 17 per id, your going to hit mns before you hit anything else SDBoody: right, but doesn't hurt to have it that high (assuming) gr8feen: not really... I think those get allocated out of ram that you cant page out, but it's still such a small amount that it really doesn't matter SDBoody: looks like that worked, thx! gr8feen: cool see semaphores: ipcs -a -s</pre>
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information