Virtualizáció

Nem nudom mennyire kuldheto be ide ez a problema de sajnos elegge a veget jarom mar az otleteimnek.

Adott egy syslog szerver ami gyujti a logokat. Logrotate-tel minden oraban a forgatott log file-okat feltoltom egy S3 bucket-be "A" account ala.

Ez eddig megy. Az S3 bucketen beallitottem egy policy-t hogy replikaljon "B" account ala (backup)

Namost ez a replikacio nem tortenik meg. 

Mar hozzaadtam mindenki canonical ID-jet mindeket buckethez. Valtoztatasok utan uj teszt fajlokat hozok letre. Semmi hir.

aws s3api -val a replication status:failed uzenetnel messzebbre nem jutok.

Az external_account_who_write_the_files iam accountok azok amikben a syslog server van. Onnan tortenik az elso korben a feltoltes az "A" account ala.

Ez itt  a source bucket Role-ja

```{
    "Version": "2012-10-17",
    "Id": "PutObjPolicy",
    "Statement": [
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::source-bucket/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        },
        {
            "Sid": "AWSSourcebucketWrite20131101",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::external_account_who_write_the_files:root",
                    "arn:aws:iam::external_account_who_write_the_files:root",
                    "arn:aws:iam::external_account_who_write_the_files:root"
                ]
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::source-bucket/*",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}
```

Ez pedig a target bucket policy

```
{
    "Version": "2012-10-17",
    "Id": "PutObjPolicy",
    "Statement": [
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::source-bucket-replication/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                },
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        },
        {
            "Sid": "Stmt123",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::source_bucket_account:root"
            },
            "Action": [
                "s3:ReplicateObject",
                "s3:ReplicateDelete"
            ],
            "Resource": "arn:aws:s3:::source-bucket-replication/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "true"
                }
            }
        }
    ]
}
```

Sziasztok!

Van egy konténerem aminek a fáljait szeretném felmountolni a /var/asd mappába. 

Ezt megtudom csinálni egy új konténer indításánál:

docker run --name=asd -d -v /var/asd/:/config -p 1234:1234 asd

Csakhogy ezzel egy teljesen új konténert indít, mindent beállítást elölről kell kezdeni a konténerben lévő programba. A már meglévő konténert viszont nem lehet -v kapcsolóval indítani. 

Van rá valami megoldás, hogy a már meglévő konténert mountoljam fel a host-ra, vagy pedig újra kell kezdeni az új konténerrel?

Köszi

Hasznalja meg itt valaki? Igen nagy a csend a honlapjukon meg a github repo-n is. 

Sziasztok, par napja nem tatalok megoldast/beallitast erre a problemara:

Addott egy laptop Core™ i7-8550U Processoral amin ha szamitas intenziv folyamatot futtatok a hoston akkor szepen felkuszik a frequencia 1.9Ghz rol boven 3Ghz felé es a cpu utilization is 90%+.(Idealis homerseklet eseten es persze halozatrol uzemeltetve )

Van viszont egy Windows VM-em amin a Vcpu az fix 1.9Ghz, es nem tudom ravenni hogy "turbozzon" akarmilyen szamitast futtatok, kiakad 100% -on a guest taskmanager szerint de a Host CPU az nem izzad. Vmware integracio telepive van a virtualis gepen.

Gondolom van erre valami beallitas valahol, de eddig nem sikerult megtalalnom googli segitsegevel sem.

A kornyezet VMWare Workstation 15 es Windows 10 Host, ha esetleg valaki tudja kerem ne tartsa magaban :)

Próbálnám működésre bírni a hardver virtualizációt egy frissen összerakott gépen, hiába van engedélyezve az IOMMU és az SVM a BIOS-ban a dmesg ezt mondja:

root@Tower:~# dmesg | grep IOM
[ 0.000000] DMAR: IOMMU disabled
[ 8.619243] AMD IOMMUv2 driver by Joerg Roedel
[ 8.619463] AMD IOMMUv2 functionality not available on this system

Valaki futott bele ilyesmibe? Amit találtam, hogy az AGESA-val van valami gebasz, ha ez igaz akkor kb. az IOMMU az új lapokon amik friss BIOS-sal jönnek nem működik....

A config lentebb: Ryzen 7 2700, Asrock B450 Pro4

root@Tower:~# lshw
tower
description: Desktop Computer
product: To Be Filled By O.E.M. (To Be Filled By O.E.M.)
vendor: To Be Filled By O.E.M.
version: To Be Filled By O.E.M.
serial: To Be Filled By O.E.M.
width: 4294967295 bits
capabilities: smbios-3.2 dmi-3.2 smp vsyscall32
configuration: boot=normal chassis=desktop family=To Be Filled By O.E.M. sku=To Be Filled By O.E.M. uuid=7085C2CE-B089-0000-0000-000000000000
*-core
description: Motherboard
product: B450 Pro4
vendor: ASRock
physical id: 0
serial: M80-C4011201005
*-firmware
description: BIOS
vendor: American Megatrends Inc.
physical id: 0
version: P3.50
date: 07/18/2019
size: 64KiB
capacity: 15MiB
capabilities: pci upgrade shadowing cdboot bootselect socketedrom edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb biosbootspecification uefi
*-memory
description: System Memory
physical id: e
slot: System board or motherboard
size: 32GiB
*-bank:0
description: [empty]
product: Unknown
vendor: Unknown
physical id: 0
serial: Unknown
slot: DIMM 0
*-bank:1
description: DIMM DDR4 Synchronous Unbuffered (Unregistered) 2133 MHz (0.5 ns)
product: 2400 C15 Series
vendor: Unknown
physical id: 1
serial: 00000000
slot: DIMM 1
size: 16GiB
width: 64 bits
clock: 2133MHz (0.5ns)
*-bank:2
description: [empty]
product: Unknown
vendor: Unknown
physical id: 2
serial: Unknown
slot: DIMM 0
*-bank:3
description: DIMM DDR4 Synchronous Unbuffered (Unregistered) 2133 MHz (0.5 ns)
product: 2400 C15 Series
vendor: Unknown
physical id: 3
serial: 00000000
slot: DIMM 1
size: 16GiB
width: 64 bits
clock: 2133MHz (0.5ns)
*-cache:0
description: L1 cache
physical id: 10
slot: L1 - Cache
size: 768KiB
capacity: 768KiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=1
*-cache:1
description: L2 cache
physical id: 11
slot: L2 - Cache
size: 4MiB
capacity: 4MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=2
*-cache:2
description: L3 cache
physical id: 12
slot: L3 - Cache
size: 16MiB
capacity: 16MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=3
*-cpu
description: CPU
product: AMD Ryzen 7 2700 Eight-Core Processor
vendor: Advanced Micro Devices [AMD]
physical id: 13
bus info: cpu@0
version: AMD Ryzen 7 2700 Eight-Core Processor
serial: Unknown
slot: AM4
size: 1374MHz
capacity: 4100MHz
width: 64 bits
clock: 100MHz
capabilities: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca cpufreq
configuration: cores=8 enabledcores=8 threads=16

Elég beszédes a cím. :)
LinuxMint oprendszeren snap install lxd, öröm boldogság. Lxd konténer megy, szeretném elérni a belső hálón is.
Hol találom a konfig fájlokat?

A facebook az arcomba tolta a reklamjukat. Van veluk tapasztalata valakinek?

Tobb meresz kijelentes mellett rogton a kezdo oldalon azt irjak, hogy:
>we will give you a 100% SLA with 50x payback for any downtime of over 5 minutes.

Akkor most hogy is van ez a 100% SLA?

Sziasztok!

Van egy Windows XP VM ami VmWare Workstation 6.5 ön szépen működött, ezt kellene konvertálnom és müködőképessé tennem Xenserver 7.2 ön. Viszont teljesen járatlan vagyok ezen a téren (vm konvertálás). Természetesen Google-n rákerestem de hosszú szívások helyett inkább megkérezlek benneteket mi a tapasztalat, hogy érdemes ezt csinálni! Egyántalán hogyan lehet VmWare VM-eket convertálni Xenserverre?

Üdv!
Fizikai gépet (Windows) mivel a legpraktikusabb VBox virtuális gépbe konvertálni?
Melyik utility-t ajánljátok? Pl. MS Disk2VHD v. "VMWare vCenter Converter: P2V Virtual Machine Converter"?

Üdv!
Fedora 30 szerveren az LXC mindenhol azt írja, hogy:
"850 Received container state "STOPPiNG" instead of "RUNNING""

Ez ha jól láttam bug: https://github.com/lxc/lxc/issues/3125

Downgrade lesz, vagy javításra lehet számítani?

A logban van egy "no space left on device", pedig van hely a disken... :o

lxc-start centos7-1 20190909175108.821 INFO lxccontainer - lxccontainer.c:do_lxcapi_start:971 - Set process title to [lxc monitor] /var/lib/lxc centos7-1
lxc-start centos7-1 20190909175108.821 INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver nop
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start centos7-1 20190909175108.822 DEBUG terminal - terminal.c:lxc_terminal_peer_default:676 - No such device - The process does not have a controlling terminal
lxc-start centos7-1 20190909175108.823 INFO start - start.c:lxc_init:919 - Container "centos7-1" is initialized
lxc-start centos7-1 20190909175108.823 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.823 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.823 ERROR cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1277 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1"
lxc-start centos7-1 20190909175108.823 ERROR cgfsng - cgroups/cgfsng.c:monitor_create_path_for_hierarchy:1298 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1"
lxc-start centos7-1 20190909175108.823 ERROR cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1387 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1"
lxc-start centos7-1 20190909175108.824 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.824 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.824 ERROR cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1277 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-1"
lxc-start centos7-1 20190909175108.824 ERROR cgfsng - cgroups/cgfsng.c:monitor_create_path_for_hierarchy:1298 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-1"
lxc-start centos7-1 20190909175108.824 ERROR cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1387 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-1"
lxc-start centos7-1 20190909175108.825 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.825 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.825 INFO cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1403 - The monitor process uses "lxc.monitor/centos7-1-2" as cgroup
lxc-start centos7-1 20190909175108.825 ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-2/cgroup.procs"
lxc-start centos7-1 20190909175108.825 ERROR start - start.c:__lxc_start:1992 - Failed to enter monitor cgroup
lxc-start centos7-1 20190909175108.825 DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:839 - First child 9893 exited
lxc-start centos7-1 20190909175108.825 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:850 - Received container state "STOPPING" instead of "RUNNING"
lxc-start centos7-1 20190909175108.825 ERROR lxc_start - tools/lxc_start.c:main:329 - The container failed to start
lxc-start centos7-1 20190909175108.825 ERROR lxc_start - tools/lxc_start.c:main:332 - To get more details, run the container in foreground mode
lxc-start centos7-1 20190909175108.825 ERROR lxc_start - tools/lxc_start.c:main:334 - Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start centos7-1 20190909175108.827 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.827 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.827 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1178 - No space left on device - Failed to move monitor 9894 to "/sys/fs/cgroup/cpuset//lxc.pivot/cgroup.procs"