Virtualizáció

IOMMU Ryzen alatt nem működik

( coco | )
Virtualizáció

Próbálnám működésre bírni a hardver virtualizációt egy frissen összerakott gépen, hiába van engedélyezve az IOMMU és az SVM a BIOS-ban a dmesg ezt mondja:

root@Tower:~# dmesg | grep IOM
[ 0.000000] DMAR: IOMMU disabled
[ 8.619243] AMD IOMMUv2 driver by Joerg Roedel
[ 8.619463] AMD IOMMUv2 functionality not available on this system

Valaki futott bele ilyesmibe? Amit találtam, hogy az AGESA-val van valami gebasz, ha ez igaz akkor kb. az IOMMU az új lapokon amik friss BIOS-sal jönnek nem működik....

A config lentebb: Ryzen 7 2700, Asrock B450 Pro4

root@Tower:~# lshw
tower
description: Desktop Computer
product: To Be Filled By O.E.M. (To Be Filled By O.E.M.)
vendor: To Be Filled By O.E.M.
version: To Be Filled By O.E.M.
serial: To Be Filled By O.E.M.
width: 4294967295 bits
capabilities: smbios-3.2 dmi-3.2 smp vsyscall32
configuration: boot=normal chassis=desktop family=To Be Filled By O.E.M. sku=To Be Filled By O.E.M. uuid=7085C2CE-B089-0000-0000-000000000000
*-core
description: Motherboard
product: B450 Pro4
vendor: ASRock
physical id: 0
serial: M80-C4011201005
*-firmware
description: BIOS
vendor: American Megatrends Inc.
physical id: 0
version: P3.50
date: 07/18/2019
size: 64KiB
capacity: 15MiB
capabilities: pci upgrade shadowing cdboot bootselect socketedrom edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb biosbootspecification uefi
*-memory
description: System Memory
physical id: e
slot: System board or motherboard
size: 32GiB
*-bank:0
description: [empty]
product: Unknown
vendor: Unknown
physical id: 0
serial: Unknown
slot: DIMM 0
*-bank:1
description: DIMM DDR4 Synchronous Unbuffered (Unregistered) 2133 MHz (0.5 ns)
product: 2400 C15 Series
vendor: Unknown
physical id: 1
serial: 00000000
slot: DIMM 1
size: 16GiB
width: 64 bits
clock: 2133MHz (0.5ns)
*-bank:2
description: [empty]
product: Unknown
vendor: Unknown
physical id: 2
serial: Unknown
slot: DIMM 0
*-bank:3
description: DIMM DDR4 Synchronous Unbuffered (Unregistered) 2133 MHz (0.5 ns)
product: 2400 C15 Series
vendor: Unknown
physical id: 3
serial: 00000000
slot: DIMM 1
size: 16GiB
width: 64 bits
clock: 2133MHz (0.5ns)
*-cache:0
description: L1 cache
physical id: 10
slot: L1 - Cache
size: 768KiB
capacity: 768KiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=1
*-cache:1
description: L2 cache
physical id: 11
slot: L2 - Cache
size: 4MiB
capacity: 4MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=2
*-cache:2
description: L3 cache
physical id: 12
slot: L3 - Cache
size: 16MiB
capacity: 16MiB
clock: 1GHz (1.0ns)
capabilities: pipeline-burst internal write-back unified
configuration: level=3
*-cpu
description: CPU
product: AMD Ryzen 7 2700 Eight-Core Processor
vendor: Advanced Micro Devices [AMD]
physical id: 13
bus info: cpu@0
version: AMD Ryzen 7 2700 Eight-Core Processor
serial: Unknown
slot: AM4
size: 1374MHz
capacity: 4100MHz
width: 64 bits
clock: 100MHz
capabilities: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb hw_pstate sme ssbd sev ibpb vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt sha_ni xsaveopt xsavec xgetbv1 xsaves clzero irperf xsaveerptr arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif overflow_recov succor smca cpufreq
configuration: cores=8 enabledcores=8 threads=16

upcloud.com

( uid_21239 | )
Virtualizáció

A facebook az arcomba tolta a reklamjukat. Van veluk tapasztalata valakinek?

Tobb meresz kijelentes mellett rogton a kezdo oldalon azt irjak, hogy:
>we will give you a 100% SLA with 50x payback for any downtime of over 5 minutes.

Akkor most hogy is van ez a 100% SLA?

VM konvertálás Xenserver 7 -re

( Amadeus77 | )
Virtualizáció

Sziasztok!

Van egy Windows XP VM ami VmWare Workstation 6.5 ön szépen működött, ezt kellene konvertálnom és müködőképessé tennem Xenserver 7.2 ön. Viszont teljesen járatlan vagyok ezen a téren (vm konvertálás). Természetesen Google-n rákerestem de hosszú szívások helyett inkább megkérezlek benneteket mi a tapasztalat, hogy érdemes ezt csinálni! Egyántalán hogyan lehet VmWare VM-eket convertálni Xenserverre?

LXC 3.0.4 error

( makgab | )
Virtualizáció

Üdv!
Fedora 30 szerveren az LXC mindenhol azt írja, hogy:
"850 Received container state "STOPPiNG" instead of "RUNNING""

Ez ha jól láttam bug: https://github.com/lxc/lxc/issues/3125

Downgrade lesz, vagy javításra lehet számítani?

A logban van egy "no space left on device", pedig van hely a disken... :o

lxc-start centos7-1 20190909175108.821 INFO lxccontainer - lxccontainer.c:do_lxcapi_start:971 - Set process title to [lxc monitor] /var/lib/lxc centos7-1
lxc-start centos7-1 20190909175108.821 INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver nop
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start centos7-1 20190909175108.821 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start centos7-1 20190909175108.822 INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start centos7-1 20190909175108.822 DEBUG terminal - terminal.c:lxc_terminal_peer_default:676 - No such device - The process does not have a controlling terminal
lxc-start centos7-1 20190909175108.823 INFO start - start.c:lxc_init:919 - Container "centos7-1" is initialized
lxc-start centos7-1 20190909175108.823 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.823 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.823 ERROR cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1277 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1"
lxc-start centos7-1 20190909175108.823 ERROR cgfsng - cgroups/cgfsng.c:monitor_create_path_for_hierarchy:1298 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1"
lxc-start centos7-1 20190909175108.823 ERROR cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1387 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1"
lxc-start centos7-1 20190909175108.824 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.824 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.824 ERROR cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1277 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-1"
lxc-start centos7-1 20190909175108.824 ERROR cgfsng - cgroups/cgfsng.c:monitor_create_path_for_hierarchy:1298 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-1"
lxc-start centos7-1 20190909175108.824 ERROR cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1387 - Failed to create cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-1"
lxc-start centos7-1 20190909175108.825 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.825 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.825 INFO cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1403 - The monitor process uses "lxc.monitor/centos7-1-2" as cgroup
lxc-start centos7-1 20190909175108.825 ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/centos7-1-2/cgroup.procs"
lxc-start centos7-1 20190909175108.825 ERROR start - start.c:__lxc_start:1992 - Failed to enter monitor cgroup
lxc-start centos7-1 20190909175108.825 DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:839 - First child 9893 exited
lxc-start centos7-1 20190909175108.825 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:850 - Received container state "STOPPING" instead of "RUNNING"
lxc-start centos7-1 20190909175108.825 ERROR lxc_start - tools/lxc_start.c:main:329 - The container failed to start
lxc-start centos7-1 20190909175108.825 ERROR lxc_start - tools/lxc_start.c:main:332 - To get more details, run the container in foreground mode
lxc-start centos7-1 20190909175108.825 ERROR lxc_start - tools/lxc_start.c:main:334 - Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start centos7-1 20190909175108.827 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start centos7-1 20190909175108.827 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start centos7-1 20190909175108.827 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1178 - No space left on device - Failed to move monitor 9894 to "/sys/fs/cgroup/cpuset//lxc.pivot/cgroup.procs"

Linuxon: Hyper-V Replica megoldás

( Proci85 | )
Virtualizáció

Sziasztok

A windows tud olyat ami végre tetszik: failover cluster Hyper-V Replica
A windowsos kollégák elmondása alapján ez 2 szerverből áll, aktív és passzív. A passziv folyamatosan kapja az aktívtól a virtuális gépek replikáit. Előszőr a teljeset utána csak a differenciákat. Ezek mehetnek akár 5 másodpercenként is.
Ha lehal az aktív node, kézzel át lehet kapcsolni a passzívot és a legutolsó állapotból beindul a virtuális gép.
A virtuális gépek végig local diszken vannak, mindkét node-on, nincs közös storage.
Ami tetszik, hogy a passzív node tudja, hogy azok a replikák virtuális gépek és kezelni tudja őket automatikusan.

Linuxon hogy lehetne ezt megoldani leginkább fájdalom mentesen valami GUI-val?
Van DRBD, meg XEN, amiről van egy devopsakadémia oktatás is, de ott full CLI van, a passzív node nem tudja, ha új VM-et csinálok az aktívon, kézzel kell mindig utánahúzni a passzív node-ot, hogy valamit kezdjen az új DRBD partícióval. Sok hibázási lehetőség, amit egy több fős csapatnál nem vállalnék fel.

Proxmox esetleg tud ilyet rendesen felkészítve? Említette aze gyik hupos kolléga, hogy a zfs is tud távoli snapshotot készíteni. Ilyen témára használható?

Docker +Portainer config hogyan?

( kbalint | )
Virtualizáció

Helló, csak játszásiból felraktam egy Hass.io-t dockerbe és portainerrel kezelem.

1) Az érdekelne, hogy szokás a docker configokat beállítani?
Gitből kicsekkolok egy könyvtárba mindent, és azt valahol megadom a portainer UI-ban?
Lehet ezt automatizálni, hogy mindig onnan húzza ki a mastert?
Láttam, hogy van 'docker config' parancs, de annak a kimenete is hova lesz? Azt lehet gitbe irányítani mondjuk?

2) Ha összeraktam a kis játszóteremet Portainerben, akkor annak az egésznek a configját hogy tudom lementeni?
Mondjuk felrakok egy nginx-et proxyval a HA-hoz, nem lenne baj, ha ugyanazokkal a beállításokkal állna fel ha máshova deployolom.

Köszi!

Openstack endpoint-ok

( uid_21239 | )
Virtualizáció

Valaki el tudja magyarázni, hogy milyen gyakorlati haszna van a három különböző enpoint tipusnak? (public,admin,internal)
Milyen pluszt nyújt biztonság terén a 3 különböző endpoint az alap felhasználó authentication/authorization-on felül?
Tudják a különböző service-ek, hogy éppen melyik endpoint-juk lett meghivva? Ha igen, mit kezdenek ezzel az infóval?

Feliratkozás a következőre: Virtualizáció