OpenVPN issues on a OpenVZ / Virtuozzo enabled VPS

Error Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)

Just follow the KB at http://wiki.openvz.org/VPN_via_the_TUN/TAP_device

Error Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)

As mentioned in the same KB URL, just do the steps below and things should be alright again

vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save

Basically the errors are caused by the non-execution of the two commands mentioned above.

pure-ftpd fails to start in a OpenVZ server

Issue : pure-ftpd was not starting in a ispCP enabled VPS server. It was showing failed status in both xinetd and standalone version. ispCP stores the information in MySQL database.

Troubleshooting :

Run the pure-ftpd script using the command itself, and without the sysV startup script.
/usr/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -E -fftp -H -I15 -lmysql:/etc/pure-ftpd/pureftpd-mysql.conf -L7500:8 -m4 -s -U133:022 -u500 -i -Oclf:/var/log/pureftpd.log -k99 -Z -4

Again failure. Now turn for strace.
yum install strace

Error to be noted was below

capset(0x19980330, 0, {CAP_CHOWN|CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_NET_ADMIN|CAP_SYS_CHROOT|CAP_SYS_NICE, CAP_CHOWN|CAP_DAC_READ_SEARCH|CAP_SETGID|CAP_SETUID|CAP_NET_BIND_SERVICE|CAP_NET_ADMIN|CAP_SYS_CHROOT|CAP_SYS_NICE, 0}) = -1 EPERM (Operation not permitted)

followed by a log message in /var/log/messages as
pure-ftpd: (?@?) [ERROR] Unable to switch capabilities : Operation not permitted

Edit the VPS configuration file in the node to add lines below directly as below and then restart the vps from node or PIM or anything you use as the control panel.

CAPABILITY=”CHOWN:on DAC_READ_SEARCH:on SETGID:on SETUID:on NET_BIND_SERVICE:on NET_ADMIN:on SYS_CHROOT:on SYS_NICE:on”

A restart of VPS should fix the error

Server refused to allocate pty in a VPS & CentOS 5.3

With CentOS 5.3 released on 1st April of this year, more udev related issues crops in. I don’t know when OpenVZ will get better in its thinking. Issue is there in every VPS who has got the udev upgraded as a result of no excludes in yum.conf entries. Two solutions exists as per http://wiki.openvz.org/Container_enter_failed

Editing the rc.sysinit is the solution which will work here. But when I explained to one of our customers that we edited rc.sysinit, he thought it is /etc/rc.sysinit in the node. Be warned : Don’t do that! Instead from the node edit the etc/sysinit of the VPS, like vi /vz/private/VPSID/etc/rc.sysinit.

However the proper solution, we believe is to

yum remove udev

go ahead with yes to remove dependencies as well. It will also remove ImageMagick, which you have to later install it manually from source. Follow the how to for the installation of ImageMagick below, since the yum based installation of ImageMagick has dependency on hal and udev packages.

/me wonders why are they dependent though..

yum install ghostscript
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz
tar xvzf ImageMagick.tar.gz
rm -rf ImageMagick.tar.gz
cd ImageMagick*
./configure –enable-shared –with-modules  –with-freetype=yes –with-gs-font-dir=default –with-perl=yes –with-xml=yes –with-zlib=yes –with-jpeg=yes –with-png=yes –without-x
make
make install

After the udev is removed, edit the /etc/yum.conf and make sure that the exclude= line has udev* mkinitrd module-init-tools and kernel* added to it. cPanel usually adds kernel*, but I guess its our responsibility to add udev* in a VPS, till cPanel’s upcp does it for us in a VPS