Containers gone wrong: lxc vs. xen

I run a few websites myself and I was always keen on making my life easier looking after them. So virtual servers and services are not something that I ignore if you catch my drift. I have been running xen for quite a long while and I have to say it is bothersome to upgrade all of those linux machines running this and that, isn’t it?

So I did try some other virtualization approaches before and I quite liked the idea of the OS level virtualization, that is similar to the regular BSD jails, but on linux and it worked nicely.The virtual machine was not that well isolated, I was a bit cautious to use it in production but the idea stuck – mainly because of the ease of maintaining the server, where you upgrade the OS only once and all VMs get the updates automatically, since they simply run from the root FS of the main machine, basically.

So when people started to come across with the lxc and docker, calling them “mature” and “OS level virtual machines”, I was rather excited to try them on. I thought they would provide the same idea – secure virtualization of the running processes environment while keeping the FS in sync with the main host, allowing for an easy maintenance.

Oh, boy, was I into a major disappointment! First, the whole thing of lxc is based on downloading virtual machines over the Internet from an insecure repository. Okay, we do that with Debian, but Debian has been around for many a decade, so we kinda trust them, all right? Why should I want to run my production services on a VM that has been installed by someone else and offered for me as a download? What a silly idea indeed.

But, secondly, it is no better than hardware-emulating hypervisor-based virtualization in terms of maintenance. Once you get this VM downloaded and installed, it behaves completely separately. You have to go to each VM and update it manually! Except that you share the kernel and you may have a compatibility problem there, oops. What sort of nonsense is that? Why would anyone want to move from xen to lxc if the maintenance is the same but security and quality is down the drain, eh? For some mythical changes in performance or what else?

So, to summarize: I say lxc and everything based on top of it sucks. It serves no real purpose, it is an over-complicated exercise in engineering that solves a non-existing problem (if any at all).

What we really need is something similar… -->

continue reading →

IMAP with Maildir gotcha: No such file or directory

An interesting gotcha wasted me quite a bit of time and frustration last evening. After installing OTRS I went to configure the email delivery for tickets. I created a new virtual user, gave it a password and so it was all set. And it did not work when I tried to fetch the mail from OTRS. The message of OTRS itself did not help at all being very generic but the server reported this:

Feb 11 14:19:59 mail imapd-ssl: Connection, ip=[x.x.x.x]
Feb 11 14:19:59 mail imapd-ssl: chdir example.com/otrs/: No such file or directory
Feb 11 14:19:59 mail imapd-ssl: otrs@example.com: No such file or directory

It was hard to imagine a more cryptic message. I could not understand what could be wrong. And why would the server try to chdir into some strange directory. I flushed, changed passwords, tried all sorts of protocols, nothing helped. At a certain point I typed in a wrong password and the message changed to the very familiar “user login failed”. And then the realization hit me.

You just need the directory, you know. Maildir means there must be a directory for the IMAP server to look into. That’s what it tells me! IMAP says that it cannot find the directory where the messages should be. And sure enough, the Maildir directory is not there. Who would create it? Silly me.

And, of course, after the fact you remember it all: always send a welcome message to the new IMAP users so that the mailbox or Maildir is created for them… Hard to remember though when you don’t create new mail users so often.… -->

continue reading →

Moving email from one IMAP server to another

Ah, the power of tools! What do you do when you want to move lots and lots of email between two IMAP servers? Sure, you could open them both in Thunderbird and drag-and-drop messages. It would simply take forever and you would be transmitting messages first to your computer and then back to another server. And Thunderbird has a bad habit of timing out. There is a better way.

Login to the server (or you can do it actually from client if transferring back and force is okay). Get mutt. Then open the source mailbox like this:

mutt -f imaps://albert%40example.com@imap.gmail.com/%5BGmail%5D/All%20Mail

and wait for mutt to load the headers of the email. Once it is ready, select all messages by pressing T and entering ~A. Save the messages to your target server by pressing ;s (if you want to move the mail) or ;C (if you want a copy) and giving the destination IMAP server:

imaps://albert%40example.com@mail.example.com/INBOX

And watch the magic of UNIX tools unfold :)… -->

continue reading →

“Denial of Service” Attack

My site is under a Distributed Denial of Service Attack (DDOS) since yesterday. What it means is that the server may be overloaded some or most of the time, server may crash under the load and you may be unable to reach the website.

I suppose this is one way of expressing disagreement with my views or saying that the information I publish is not welcome by someone. I am not pleased by this attack on my personal web site. On the other hand, I guess this means that I am doing something right.… -->

continue reading →

Tigr.net

Tag Archives: server

Containers gone wrong: lxc vs. xen

Moving email from one IMAP server to another

“Denial of Service” Attack