LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-11-2015, 02:01 PM   #16
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,402

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
Difference


Between LXC and OpenVZ.

OpenVZ came first I believe, and contributed a TON or process control stuff to the kernel upstream. In the very latest kernel you can do many OpenVZ things without the OpenVZ patches. OpenVZ is more mature, stable, and powerful, and was designed to create kernel based virtual servers from day one.

LXC was originally designed to isolate processes, and has developed to do that VERY well and in a more standard and transparent way than a chroot jail. It also works for creating kernel based virtual servers. Since the source is already completely in the upstream kernel, I would expect it to replace OpenVZ at some point. Not any time soon.

For a monolithic server, LXC to isolate services is pure gold. For kernel based SERVER creation, where each server looks like a complete installation (including its own networking, different libraries, more like full virtualization) OpenVZ is the right answer: for now.

I have used both. I am currently managing a machine with CentOS as the OS, but OpenVZ virtual containers running CentOS, Fedora, OpenSuse, and Debian. (about 60 containers, I believe) I have seen a server with over 120 containers. I remember running two or three web server containers on a 1u with 512M ram, 80G HDD, and single 32-bit core. Not many solutions support that, but LXC and OpenVZ can.

I currently have clients running VMWARE and XEN servers, with an OpenVZ host client, running multiple containers. (Kernel based virtual running inside full or para virtuals) and it works great!

If you work in IT, you really need both in your toolchest!
 
Old 04-12-2015, 09:33 AM   #17
virtuozzi
LQ Newbie
 
Registered: Apr 2015
Location: Switzerland
Distribution: Debian, Ubuntu, CentOS
Posts: 10

Original Poster
Rep: Reputation: Disabled
I'm in the progress of preparing the node and i've come along several threads and post out there, that a nfs-server doesn't really work well within a lxc-container.
http://comments.gmane.org/gmane.linu...c.general/4956
http://ubuntuforums.org/showthread.php?t=2238113

Do you guys have any experience with this?

How would you design the nfs/dlna-server? lxc, vm or regular roles on top of the physical instance?
The thing is, these two services need dedicated access to a RAID1 backed by 2x3TB disks.
I know i can redirect/mount it correctly just for this one container, but how about backups etc.?

What would be the most flexible and easiest way to set this up and manage it afterwards?

Thanks a lot for some input

vi

Last edited by virtuozzi; 04-12-2015 at 09:53 AM.
 
Old 04-13-2015, 07:55 AM   #18
wpeckham
Senior Member
 
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 2,402

Rep: Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978Reputation: 978
nfs in containers

Not sure the best thing to advise here, I stopped using nfs much about 5 years ago.
check
https://openvz.org/NFS_server_inside_container
and possible http://hungred.com/how-to/setup-openvz-nfs-server

But check the OpenVZ sites often. Now that RHEL7 and CentOS7 are out there are interesting options in the kernel for better NFS support that performs better than user space daemons.

NFS is a service you MAY want to run native. If you do, remember to restrict the export so a rogue client cannot fill and crash your file system. Also, restrict the client range to your local subnet.

I hope that this helps..
 
Old 04-16-2015, 09:42 AM   #19
virtuozzi
LQ Newbie
 
Registered: Apr 2015
Location: Switzerland
Distribution: Debian, Ubuntu, CentOS
Posts: 10

Original Poster
Rep: Reputation: Disabled
Hey community

My home-server is up and running and i've packed it all together into a nice and sleek Silverstone case (SST-GD09B).

I've switched back to oldschool kvm-vms because this whole container virtualization gave me a very hard time and i'll be testing it further in my sandbox.

The important part is, that i have now a running nfs-server, router, fw, backuppc-instance and a great performing zarafa community instance with postfix, clamav, spamassasin etc.

Concerning the zarafa instance, i would like to ask for some help:

i'm able to receive mails (the router is another server with these iptables:
Chain INPUT (policy ACCEPT 4454 packets, 315K bytes)
pkts bytes target prot opt in out source destination
95 10810 ACCEPT all -- lo any anywhere anywhere
11766 2406K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
915 164K DROP all -- eth1 any anywhere anywhere

Chain FORWARD (policy ACCEPT 2 packets, 100 bytes)
pkts bytes target prot opt in out source destination
297K 463M ACCEPT all -- eth1 eth0 anywhere anywhere state RELATED,ESTABLISHED
159K 16M ACCEPT all -- eth0 eth1 anywhere anywhere
0 0 REJECT all -- eth1 eth1 anywhere anywhere reject-with icmp-port-unreachable
119 7140 ACCEPT tcp -- eth0 any anywhere 192.168.0.5 tcp dpt:smtp

Chain OUTPUT (policy ACCEPT 8374 packets, 1927K bytes)
pkts bytes target prot opt in out source destination


192.168.0.5 is the zarafa server and like i said, it can receive mails from outside.
the strange thing is, it can send mails to my gmail-address, but not to my work-address.

telnet from the zarafa server to different mail servers including gmail and the work server are not possible (timing out).
telnet directly from the router-server (with the external ip) is possible to any kind of mail servers.

my isp is assigning me a fixed ip, just fyi.

do you have any idea what this can be?

here's my postfix config:

# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

mydomain = korhal.net
myhostname = tarsonis.korhal.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $mydomain, tarsonis.korhal.net, localhost.korhal.net, , localhost
#relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relay_domains = korhal.net
proxy_interfaces = 87.102.168.163

#anti-spam definitions

smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
permit

smtpd_helo_restrictions = reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname

smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net


# SASL Auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,check_relay_domains,reject_unauth_destination

# Amavis
content_filter=smtp-amavis:[127.0.0.1]:10024

# Zarafa Mailbox mapping
virtual_mailbox_domains = korhal,net
virtual_alias_maps = hash:/etc/aliases
mailbox_command = /usr/bin/zarafa-dagent "$USER"
virtual_transport = zarafa: zarafa_destination_recipient_limit = 1

Last edited by virtuozzi; 04-16-2015 at 09:57 AM.
 
Old 04-16-2015, 11:12 AM   #20
virtuozzi
LQ Newbie
 
Registered: Apr 2015
Location: Switzerland
Distribution: Debian, Ubuntu, CentOS
Posts: 10

Original Poster
Rep: Reputation: Disabled
iptables weren't correctly set up.

i've switched over to fwbuilder and used a template -> works now like a charm =)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
New home server setup. david0321 Linux - Server 7 07-16-2012 05:24 PM
How might I Setup Home Web Server plus File Server plus Printer Sharing brindamo Linux - Server 3 01-14-2008 01:48 AM
home server with no-ip setup LinuxCrazy Linux - Server 2 05-14-2007 05:07 PM
Home Server Setup The Cello Fellow Linux - General 12 10-03-2006 03:43 PM
Newbie setup for home server MasterCephus Linux - Newbie 1 07-21-2004 10:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration