Difference between revisions of "Xen customer information"

From Strugglers
Jump to: navigation, search
(Shared resources: NTP)
(in with the new)
 
(24 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This article provides some useful information for customers of Strugglers Xen virtual machine hosting.
+
[http://bitfolk.com/ http://bitfolk.com/images/logo.gif]
  
==Network settings==
+
Strugglers Xen-based VPS hosting is now known as [http://bitfolk.com/ BitFolk Ltd.]!  Please visit [http://bitfolk.com/customer_information.html the new site].
If hosted on curacao your settings should be as follows:
+
 
+
Address: 212.13.198.x
+
 
+
Gateway: 212.13.198.65
+
 
+
Netmask: 255.255.255.224
+
 
+
==Nameservers==
+
You can run your own nameserver, but a resolver is supplied.  See [[Xen customer information#Shared resources|Shared resources]].
+
 
+
==Shared resources==
+
===DNS===
+
 
+
There is a recursive DNS server on <tt>212.13.198.71</tt> and/or <tt>2001:ba8:0:1f1:a800:ff:fe13:5ca4</tt>. If you aren't running your own nameserver then you can use this IP in your <tt>/etc/resolv.conf</tt>. If you are, then you can use this IP as a forwarder.
+
 
+
===NTP===
+
There is a publically-available NTP server on <tt>ntp.curacao.strugglers.net</tt>.  It only uses nearby public servers itself, but using this server will reduce load on these.
+
 
+
===apt cache===
+
See the [[Xen customer information#Debian-specific|Debian-specific]] section of the [[Xen customer information#Frequently asked questions|FAQ]], below.
+
 
+
===SpamAssassin===
+
There is a [[Wikipedia:SpamAssassin|SpamAssassin]] spamd on <tt>212.13.198.71</tt> which you can connect to with spamc or other spamd clients.  You will not be able to influence the settings of this spamd, but you may find it useful as running your own spamd tends to eat up a lot of RAM.
+
 
+
===Backups===
+
You may have your files backed up locally at no charge, either by buying extra disk space on the backup server or else by dedicating some of your regular disk space to the task.  '''Please note that no guarantees are made of the integrity or availability of backups made; they are provided on a best-effort basis'''.
+
 
+
You will need to allow SSH access to your domain from <tt>root@212.13.198.71</tt>, by adding the [[Media:rsnapshot.pub.txt|rsnapshot SSH public key]] to your root user's <tt>.ssh/authorized_keys</tt> file. Please note that this file is [[Wikipedia:PGP|PGP]] signed by key ID 0xBF15490B and the only line from the file that you should use is the one that starts with 'ssh-dss'.  If you wish you can restrict this key's command to [[Wikipedia:rsync|rsync]].
+
 
+
Once you have installed this command, please [[User:Andy/Contact|contact Andy]] with a list of the paths you want backed up, starting from the root of your filesystem, plus any directories within those that you want excluded. e.g. "Please back up <tt>/data</tt> except for <tt>/data/www/logs</tt>."
+
 
+
Backups will then take place every four hours.  You will not be charged for the bandwidth this uses, although it will show up on your Cacti graphs.
+
 
+
==Frequently asked questions==
+
===General===
+
====Are my bandwidth limits outbound or inbound or both?====
+
Currently since there is an excess of inbound bandwidth, you can have twice as much  inbound as outbound.  e.g. if your plan allows 50GB data transfer then this corresponds to 50GB out (people downloading from your domain) and 100GB in (people uploading to your domain).  Excess data transfer is still charged the same.
+
 
+
====Does my local traffic get counted towards my allowance?====
+
No.  Only traffic destined for or coming from outside of <tt>212.13.198.64/27</tt> will be counted.  This is great incentive for you to make use of the [[Xen customer information#Shared_resources|shared resources]] on offer such as an APT cache and recursive DNS.
+
 
+
====Why do my Cacti bandwidth graphs seem to be backwards (i.e. inbound traffic shows as outbound and vice versa)?====
+
The graphs are plotted from the point of view of the host machine where each Xen domain has a network interface going to it.  Therefore traffic going to your server is going '''out''' from the host, and data coming from your server is coming '''in''' to the host.
+
 
+
Just reverse the directions if you want to think about from the point of view of your own server.
+
 
+
====Why is my Cacti graph empty and the figures read "nan"?====
+
 
+
"nan" stands for "not a number" i.e. "no results".  If your domain has only just been provisioned then this is completely normal - 3 readings are necessary to draw the initial graph, and as readings are done every 5 minutes the daily graph will remain empty for at least the first 15 minutes.
+
 
+
The weekly, monthly and yearly graphs are built from the daily one and will stay empty until the daily graph has the required amount of data: 30 minutes, 2 hours and one day respectively.
+
 
+
The "Inbound/Outbound 95th percentile" lines on the graphs also take a while longer to appear, and probably won't both appear at the same time.
+
 
+
If your domain has been in use for some time and the graphs are empty then there is possibly a problem; please [[User:Andy/Contact|contact Andy]].
+
 
+
====Do I need to synchronise my clock like I would on a normal server?====
+
 
+
No, Xen gets the system time from the host which is already [[Wikipedia:NTP|NTP]]-synced. Running your own ntpd (for example) will work but is unnecessary.
+
 
+
====Is 64MiB of RAM really enough to do anything useful?====
+
 
+
Sure. It's not a great deal, but it's not like trying to run an entire machine in 64MiB either. A Xen user domain kernel is very stripped-down and you probably don't need to run many daemons.
+
 
+
Here's some top output from one of my own user domains which at the time had 128MiB RAM. It's the one hosting this web site, and it runs Apache 2 with PHP, Exim 4 and BIND 9:
+
 
+
<pre>
+
top - 05:28:03 up 12 days, 14:07,  3 users,  load average: 0.01, 0.01, 0.00
+
Tasks:  57 total,  2 running,  52 sleeping,  3 stopped,  0 zombie
+
Cpu(s):  0.0% us,  0.0% sy,  0.0% ni, 100.0% id,  0.0% wa,  0.0% hi,  0.0% si
+
Mem:    126388k total,  122148k used,    4240k free,    27288k buffers
+
Swap:  262136k total,        4k used,  262132k free,    62016k cached
+
</pre>
+
 
+
Note that a large amount of memory is being used for buffer and disk cache anyway.
+
 
+
If you find you're running out then you can purchase more RAM and it will be quickly provisioned.
+
 
+
====IPv6! How do I get that working?====
+
 
+
It probably will "just work". Bring up a network interface that is configured to listen to router advertisements and it should get an IPv6 address based on the MAC address of the interface. On linux domains that happens automatically when eth0 comes up.
+
 
+
Some hosts to talk to to see if it works:
+
 
+
<pre>
+
$ ping6 noc.sixxs.net
+
PING noc.sixxs.net(noc.sixxs.net) 56 data bytes
+
64 bytes from noc.sixxs.net: icmp_seq=1 ttl=45 time=308 ms
+
64 bytes from noc.sixxs.net: icmp_seq=2 ttl=45 time=305 ms
+
64 bytes from noc.sixxs.net: icmp_seq=3 ttl=45 time=306 ms
+
64 bytes from noc.sixxs.net: icmp_seq=4 ttl=45 time=307 ms
+
64 bytes from noc.sixxs.net: icmp_seq=5 ttl=46 time=305 ms
+
 
+
--- noc.sixxs.net ping statistics ---
+
5 packets transmitted, 5 received, 0% packet loss, time 4040ms
+
rtt min/avg/max/mdev = 305.660/306.595/308.063/0.894 ms
+
$ traceroute6 mx1.blitzed.org
+
traceroute to mx1.blitzed.org (2001:1b50:1::2) from 2001:ba8:0:1f1:a800:ff:fe0a:dd6a, 30 hops max, 16 byte packets
+
  1  2001:ba8:0:1f1::1 (2001:ba8:0:1f1::1)  0.553 ms  0.402 ms  0.419 ms
+
2  netservices-uk6x.ipv6.btexact.com (2001:7f8:2:1::11)  1.236 ms *  1.294 ms
+
3  2001:7f8:3::cb9:0:1 (2001:7f8:3::cb9:0:1)  239.865 ms  240.162 ms  359.628 ms
+
4  so-6-0-0.lon11.ip6.tiscali.net (2001:668:0:2::521)  277.956 ms  242.203 ms  242.088 ms
+
5  so-1-0-0.lon22.ip6.tiscali.net (2001:668:0:2::450)  242.058 ms  241.987 ms  241.816 ms
+
6  so-2-0-0.par22.ip6.tiscali.net (2001:668:0:2::b0)  249.595 ms  256.884 ms  248.958 ms
+
7  so-2-0-0.par30.ip6.tiscali.net (2001:668:0:2::a0)  249.363 ms  249.146 ms  249.324 ms
+
8  so-1-0-0.par31.ip6.tiscali.net (2001:668:0:2::4c0)  249.207 ms  249.379 ms  249.467 ms
+
9  so-1-0-2.fra10.ip6.tiscali.net (2001:668:0:2::3a1)  257.856 ms  326.85 ms  257.824 ms
+
10  so-1-0-0.fra20.ip6.tiscali.net (2001:668:0:2::3f1)  355.383 ms  411.456 ms  257.812 ms
+
11  so-0-0-0.bsl10.ip6.tiscali.net (2001:668:0:2::261)  262.815 ms  262.686 ms  262.569 ms
+
12  genotec-gw.ip6.tiscali.net (2001:668:0:3::5000:2)  24.306 ms  24.058 ms  24.  197 ms
+
13  gic-rou-01-all-pos4-0.as16215.net (2001:1b50::1565)  23.847 ms  24.346 ms  24.15 ms
+
14  2001:1b50:1::2 (2001:1b50:1::2)  24.501 ms  24.077 ms  24.12 ms
+
</pre>
+
 
+
====Can/should I run my own firewall?====
+
 
+
You can, and you probably should. Whatever you normally use should work. [[Wikipedia:iptables|iptables]] works fine for Linux, for example.
+
 
+
====When updating libc, the update fails and I get messages regarding <tt>/lib/tls</tt>====
+
<tt>/lib/tls</tt> is a directory of libraries (usually owned by the libc package) which are incompatible with Xen.
+
 
+
When your VPS is provisioned these will be moved to <tt>/lib/tls.disabled</tt>, an empty file created at <tt>/lib/tls</tt> and then made unreadable and immutable.  This is what probably causes your upgrade procedure to fail, but it is necessary because otherwise an update to libc would replace the incompatible TLS libraries.
+
 
+
The easiest way to deal with this is probably to remove everything to do with <tt>/lib/tls</tt>:
+
 
+
<pre>
+
$ sudo chattr -i /lib/tls
+
$ sudo rm -fr /lib/tls /lib/tls.disabled
+
</pre>
+
 
+
Now do your update as normal, and then take care to disable the TLS libraries afterwards:
+
 
+
<pre>
+
$ sudo mv /lib/tls /lib/tls.disabled
+
$ sudo touch /lib/tls
+
$ sudo chmod 0 /lib/tls
+
$ sudo chattr +i /lib/tls
+
</pre>
+
 
+
Fortunately libc updates are rare.
+
 
+
===General Linux===
+
====Can I compile my own kernel?====
+
 
+
Unfortunately at the moment the user domain's kernel must be stored outside the domain itself, in dom0. A facility for user domains to provide their own kernel may be provided in a later version of Xen but until then, if you feel you need a custom kernel, just let me know.
+
 
+
Bear in mind that Xen itself is currently a patch to the Linux kernel, so the range of kernels I can run is rather limited and adding additional patches can be problematic.
+
 
+
You may be interested in [http://strugglers.net/~andy/xen/config-2.6.10-xenU the config file for my user domain kernel].
+
 
+
===Debian-specific===
+
====What should I put in my <tt>/etc/apt/sources.list</tt> file?====
+
 
+
I've set up a local apt-proxy so that packages only need to be downloaded once. Assuming you're using Debian Sarge (stable) then you will want something like:
+
 
+
<pre>
+
deb http://admin.curacao.strugglers.net:9999/debian/ sarge main
+
deb-src http://admin.curacao.strugglers.net:9999/debian/ sarge main
+
 
+
deb http://admin.curacao.strugglers.net:9999/security sarge/updates main
+
</pre>
+
 
+
You can replace <tt>sarge</tt> with <tt>etch</tt> for testing.
+
  
 
[[Category:Hosting]]
 
[[Category:Hosting]]
 
[[Category:Xen]]
 
[[Category:Xen]]

Latest revision as of 20:03, 18 January 2007

http://bitfolk.com/images/logo.gif

Strugglers Xen-based VPS hosting is now known as BitFolk Ltd.! Please visit the new site.