1115596830 M * Bertl welcome BrewmeisterJim!
1115596868 M * ft OK, Bertl, up for round two of making this thing work? :)
1115596886 M * Bertl hehe, everything working so far?
1115596891 M * ft Yeah, except networking ;)
1115596905 M * ft I can ping the local IP, but not the router
1115596908 M * ft The host's IP, that is
1115596930 M * Bertl please explain your setup ...
1115596949 M * ft Well, the box's IP is 10.0.3.232, and the router is 10.0.0.1
1115596954 M * ft Not sure what else to explain :)
1115596961 M * Bertl netmask
1115596970 M * Bertl and what ip did you give the guest?
1115596972 M * ft 255.255.248.0
1115596985 M * ft 192.168.1.2... But it seems IP less when I check it inside the vserver
1115597003 M * Bertl try with 'ip addr ls' inside
1115597022 M * Bertl and does your router know what to do with 192.168.1.2 packets?
1115597026 M * ft Uhm? ip: command not found? :)
1115597038 M * ft Hm, yeah, guess I should NAT it ;)
1115597060 M * Bertl ad ip: apt-get install iproute
1115597071 M * hillct ip command isn't part of any minimal install of any distribution I've seen
1115597075 M * ft Well, can't apt-get install anything without network :)
1115597088 M * Bertl ft: after you did the SNAT
1115597112 M * hillct can you doit from the host usin INSTALLBASE
1115597141 M * ft Hmm, still can't ping the router
1115597145 M * Bertl iptables -A POSTROUTING -s 192.168.1.2 -j SNAT --to-source 10.0.3.232
1115597160 M * ft Oh
1115597170 M * daniel_hozac +-t nat ;)
1115597175 M * Bertl if you configured masquerading, that's for packets traveling _through_ your host ;)
1115597192 M * ft So, -t nat too? :)
1115597206 M * Bertl yeah, always forget that one ;)
1115597224 M * ft Got gateway!
1115597237 M * ft Network working, yay :)
1115597240 A * ft writes down
1115597262 M * Bertl well, that's nothing unusual, it's plain linux-networking ...
1115597273 M * ft Yeah, I just didn't think about the need for NAT
1115597278 M * ft Because it's too late for my brain to be working :)
1115597311 M * ft ... and other lame excuses ;)
1115597341 M * ft OK, since I'm no iptables wizard, can anyone give me a line for forwarding a port from the host to the vserver? :)
1115597405 M * daniel_hozac iptables -t nat -A PREROUTING -d 10.0.3.232 -p tcp --dport <port> -j DNAT --to 192.168.1.2:<new port>
1115597420 M * ft Thank you very much :)
1115597737 M * ft Hmm, almost working :)
1115597751 M * ft iptables -t nat -A PREROUTING -d 194.255.113.16 -p tcp --dport 20022 -j DNAT --to 192.168.1.2:22
1115597762 M * ft telnet to 192.168.1.2 22 from that machine works
1115597772 M * ft But telnet 194.255.113.16 20022 from the outside doesn't give any reply
1115597780 M * ft 20021 gives connection refused as expected
1115597798 M * Bertl DaCa: could you give me a short explanation how woody/sarge/testing/unstable/3.0/3.1 match?
1115597848 M * Bertl ft: default route?
1115597862 M * ft Bertl, no, did a special route for it ;)
1115597867 M * Bertl (check the packets with tcpdump on the host)
1115597874 M * ft But as I said, I can reach 192.168.1.2 port 22 from that machine fine
1115597890 M * DaCa Bertl: stable == woody == 3.0 ; testing == sarge == 3.1 ; unstable == sid
1115597906 M * ft So here's how it works outsidebox -> 194.255.113.16 -> 10.0.3.232 -> 192.168.1.2
1115597918 M * Bertl ah, okay, and 'main' is the main stuff compared to 'contrib' or so?
1115597920 M * ft Telnet to 192.168.1.2 from 194.255.113.16 works fine
1115597968 M * daniel_hozac ft: sounds like you don't want 194.255.113.16 in the PREROUTING rule.
1115597989 M * Bertl yeah, more like 10.0.3.232 ;)
1115598011 M * DaCa Bertl: main is the really free software, according to DFSG, contrib has software that has dependencies on non-free components
1115598016 M * ft Hmm, why? :)
1115598026 M * DaCa Bertl: DFSG is debian free software guidelines
1115598026 M * ft 194.255.113.16 is the one doing the port forwarding
1115598075 M * ft 10.0.3.232 is just doing normal routing
1115598084 M * Bertl ft: -d means 'destination'
1115598111 M * ft Yes, and 194.255.113.16 is the destination when I do "telnet 194.255.113.16 20022", right? Or did I miss something here? :)
1115598122 M * Bertl DaCa: ah, thaks a lot!
1115598143 M * Bertl ft: your router most likely changed (masqueraded) that into your local ip, no?
1115598157 M * ft No
1115598162 M * ft 194.255.113.16 is my real IP on that machine
1115598174 M * ft Again, 2 different machines
1115598181 M * Bertl so you ahve been misleading us, no?
1115598182 M * ft 194.255.113.16 is my x86 Linux box doing routing
1115598191 M * ft 10.0.3.232 is the PPC box running the vserver
1115598200 M * ft Perhaps I have, but not intentionally ;)
1115598202 M * Bertl check with tcpdump, what packets arrive
1115598216 M * ft OK
1115598231 M * Bertl tcpdump -vvnei ethX
1115598256 M * ft Let me make a usable rule first, or there will be lots of output ;)
1115598341 M * ft Want me to paste here?
1115598364 M * ft Hm, I'll put it on http
1115598399 M * Bertl yeah, that would be kind!
1115598420 Q * eXplasm Quit: Verlassend
1115598436 J * eXplasm ~explasm@p549FDF88.dip.t-dialin.net
1115598454 M * ft http://194.255.113.16/~bigfoot/test/ipforward
1115598498 M * Bertl 195.128.174.209.47909 > 194.255.113.16.20022 and 195.128.174.209.47909 > 192.168.1.2.22
1115598523 M * Bertl so now try to reach 195.128.174.209 from inside
1115598551 M * ft jaca:/# ping 195.128.174.209
1115598552 M * ft PING 195.128.174.209 (195.128.174.209) 56(84) bytes of data.
1115598552 M * ft 64 bytes from 195.128.174.209: icmp_seq=1 ttl=57 time=13.3 ms
1115598575 M * Bertl try ping -I 192.168.1.2
1115598586 M * ft From inside the vserver?
1115598602 M * Bertl  yup
1115598608 M * ft No such argument
1115598608 M * Bertl and which port is not working?
1115598627 M * ft Uhm
1115598628 M * Bertl well, get a working ping then ;)
1115598641 M * ft Well, [-I interface or address]
1115598642 M * ft Hmm
1115598663 M * ft What do you mean which port?
1115598674 M * Bertl 20022 or 22 ?
1115598680 M * hillct Bertl thanks for your help. We'll see how things propogate over night.
1115598683 M * ft 22 is the port on the vserver, 20022 is the port on my router
1115598689 A * hillct heads home
1115598695 P * hillct 
1115598700 M * ft Telnet to 192.168.1.2 22 from my router works fine
1115598709 M * ft Telnet to 194.255.113.16 20022 from an outside box doesn't work
1115598749 A * ft is turning this into #iptables :)
1115598783 M * ft PING 195.128.174.209 (195.128.174.209) from 192.168.1.2 : 56(84) bytes of data.
1115598783 M * ft 64 bytes from 195.128.174.209: icmp_seq=1 ttl=57 time=15.0 ms
1115598784 M * ft BTW
1115598797 M * Bertl ah, good ;)
1115598967 M * Bertl hey, now installing debian on a virtual *  DECstation 5000/200
1115598988 M * ft So, what are the odds that I'm getting this port forwarding working? ;)
1115599022 M * Bertl 70% I'd say, given that you are not used to iptables stuff ;)
1115599051 M * ft The amount of work I've done with iptables amounts to about normal NAT stuff and filtering a few IPs completely :)
1115599158 Q * eXplasm Quit: Verlassend
1115599162 J * eXplasm ~explasm@p549FDF88.dip.t-dialin.net
1115599188 M * Bertl the ips still confuse me (in your setup) maybe you could draw some network diagram ... (ascii art?)
1115599242 M * ft The full thing is a bit confusing, but I'll try
1115599288 M * ft And the first person to laugh at my drawing skills will die ;)
1115599299 M * Bertl add meaningful names (i.e. hsot names too)
1115599322 M * Bertl s/hsot/host/ ;)
1115599328 M * ft OK, I'll try :)
1115599335 M * ft Gonna need a highres image ;)
1115599393 M * ft This ain't gonna work graphically, gonna do it in ASCII
1115599394 M * Bertl make sure to encode it in a non proprietary format ;)
1115599407 M * ft Is ASCII good enough? :)
1115599428 M * Bertl yep, said that before ;)
1115599472 M * ft Now, if vi would only stop pissing me off
1115599491 M * ft No, it won't, let's use ced instead :)
1115599825 M * ft http://194.255.113.16/~bigfoot/test/mynetwork <-- warning, wide stuff :)
1115599829 M * ft Hope it is somewhat readable
1115599859 J * ysm ~yanmorin@Sherbrooke-HSE-ppp3609884.sympatico.ca
1115599890 M * Bertl welcome ysm!
1115599923 M * ysm hi Bertl 
1115600201 M * ft Bertl, confused yet? ;)
1115600266 M * Bertl well, it looks strange ...
1115600298 M * ft Good :)
1115600312 M * Bertl let's cut down those netmasks to /30 and /22 and such
1115600329 M * ft Go ahead ;)
1115600416 Q * monrad Ping timeout: 480 seconds
1115600435 J * eXplasm2 ~explasm@p549FF32B.dip.t-dialin.net
1115600557 M * ysm does one user of a part of the vserver can turn down completly the vserver?
1115600597 M * Bertl if the administrator of that vserver is very lazy, then yes
1115600617 M * Bertl ft: potatohead is dualhomed too?
1115600667 M * ft Yes, as explained in the top ;)
1115600703 Q * eXplasm Read error: Operation timed out
1115600804 M * ft So, basicly, Q200 is our border router (and shit loads of other stuff) doing plain routing for machines with public IPs on the default VLAN, and NAT for machines with private IP addresses
1115600843 M * ft Potatohead has a public IP, and is on the private network too. Physically it's the same wire, though.
1115600845 M * Bertl http://vserver.13thfloor.at/Stuff/ft_net.txt
1115600855 M * Bertl is this correct? (cleaned up your drawing)
1115600893 M * ft No, jaca is behind Volapyk. Jaca is the vserver (having 192.168.1.2)
1115600895 M * ft Otherwise yes
1115600910 M * Bertl well, on what host is jaca on?
1115600919 M * ft Volapyk
1115600926 M * ft (10.0.3.232)
1115600931 M * Bertl then the drawing _is_ correct as is ...
1115600940 M * ft OK...
1115600941 M * Bertl because there is no _behind_ in vserver ;)
1115600961 Q * BrewmeisterJim Quit: 
1115600969 M * ft Well, it is still routing through 10.0.3.232 through NAT ;)
1115600971 M * Bertl now what do you want to get wprlomg
1115600979 M * ft wprlomg? :)
1115600981 M * Bertl ft: no it's not routing 
1115600982 M * ft Working?
1115600995 M * Bertl hey you are good ;)
1115601000 M * ft :P
1115601019 M * ft Well, I want someone from the outside to be able to SSH to volapyk, using the public IP address of Potatohead
1115601070 M * Bertl aha, and the public ip of potatohead is routed where?
1115601091 M * ft ... to potatohead? As shown in the drawing?
1115601107 M * Bertl okay, well, we have adresses but no routing in this diagram, no ;)
1115601135 M * Bertl okay, so you want to forward the port 22? to volapyk?
1115601148 M * ft Port 20022 on potatohead to port 22 on volapyk
1115601216 M * Bertl okay, so that should be done with:
1115601269 M * ft (waiting in excitement :)
1115601281 M * Bertl iptables -t nat -A PREROUTING -d 194.255.113.16 -p tcp --dport 20022 -j DNAT --to 10.0.3.232:22
1115601292 M * Bertl (on potatohead=
1115601303 M * ft Which is what I did ;)
1115601316 M * ft iptables -t nat -A PREROUTING -d 194.255.113.16 -p tcp --dport 20022 -j DNAT --to 192.168.1.2:22
1115601319 M * Bertl and you need to tell volapyk, that the incoming addresses
1115601322 M * ft That's the line I wrote (cut'n'paste)
1115601325 M * Bertl should go back to potatohead
1115601330 M * ft Oh
1115601340 M * ft How do I do that?
1115601346 M * Bertl but you can get around that, by masquerading that too
1115601354 M * ft OK, how do I masquerade it, then? :)
1115601367 M * Bertl (will result in logins always coming from potatohead)
1115601368 M * ft I was under the impression that it was doing that anyway
1115601397 M * Bertl do you have a fixed ip from outside? (ips maybe?)
1115601404 M * ft Yes
1115601422 M * ft (Just one)
1115601433 M * Bertl in this case you could 'add' the route for that on volapyk
1115601468 M * ft Hm?
1115601515 M * Bertl ip route add host <external> via gw 10.0.0.103
1115601534 M * ft But that will only work for one host, then?
1115601539 M * ft I'd like to have connections from any IP possible
1115601550 M * Bertl but it's probably much better to do the redirection from the router, no?
1115601574 M * Bertl i.e. map port 20022 to 10.0.3.232:22 in the first place?
1115601582 M * ft Q200? I've got no control over the Q200 box
1115601597 M * Bertl hmm, that's bad ;)
1115601606 M * ft I don't see why that should help anyway :)
1115601612 M * Bertl okay, then let's do the masquerading on the potatohead
1115601626 M * ft It's some embedded hardware, running Linux and some web-GUI
1115601632 M * ft Can't do much fancy stuff on it anyway
1115601703 M * Bertl iptables -t nat -A POSTROUTING -d 10.0.3.232 -p tcp --dport 22 -j SNAT --to-source 10.0.0.103
1115601718 M * Bertl (on potatohead)
1115601757 M * ft You surely mean 194.255.113.16 and not 10.0.3.232?
1115601767 M * Bertl no
1115601786 M * ft But Potatohead doesn't have IP 10.0.3.232
1115601804 M * Bertl yeah, but the ssh connection is forwared there, -d == destination
1115601808 M * ft Ah
1115601814 M * ft Both rules, right:)
1115601838 M * Bertl probably marking the packet in the first rule would be a better choice
1115601846 M * ft Hm, that's still a nogo
1115601851 M * ft potatohead:~# iptables -t nat -A POSTROUTING -d 10.0.3.232 -p tcp --dport 22 -j SNAT --to-source 10.0.0.103
1115601851 M * ft potatohead:~# iptables -t nat -A PREROUTING -d 194.255.113.16 -p tcp --dport 20022 -j DNAT --to 192.168.1.2:22
1115601868 M * Bertl now let me see the packets on volapyk and make sure the tables are flushed ....
1115601877 M * ft Err
1115601885 M * ft One rule on the wrong machine :)
1115601887 M * ft Hang on :P
1115601903 M * ft Getting tired and losing concentration :P
1115601953 M * ft iptables v1.2.11: can't initialize iptables table `nat': Permission denied (you mustbe root)
1115601971 M * ft (That's from Volapyk)
1115602014 M * Bertl well, _are_ you root?
1115602020 M * ft Yes
1115602021 M * Bertl is the nat module loaded?
1115602029 M * Bertl did you build it?
1115602033 M * ft I'm pretty sure I built NAT into the kernel, but let me doublecheck it
1115602045 M * Bertl and what the hell are you doing on volapyk?
1115602055 M * ft Uhm
1115602057 M * ft I'm still tired
1115602059 M * ft #$^@#$%@# :)
1115602076 M * ft volapyk:~# iptables -t nat -A POSTROUTING -d 10.0.3.232 -p tcp --dport 22 -j SNAT --to-source 10.0.0.103
1115602077 M * ft volapyk:~#
1115602078 M * ft Worked
1115602079 M * ft OK
1115602085 M * ft (Won't tell you what I did wrong, you'll laugh at me :P)
1115602092 M * Bertl haha! ;)
1115602119 M * ft :)
1115602125 M * ft But, still nogo with telnetting in
1115602136 M * Bertl sure, you want to use ssh, no?
1115602144 M * ft I get no connection at all
1115602147 M * ft bigfoot@picknicker:~$ telnet 194.255.113.16 20022
1115602147 M * ft Trying 194.255.113.16...
1115602156 M * Bertl now let's tcpdump on Volapyk
1115602158 M * ft Normally I'd get
1115602160 M * ft bigfoot@picknicker:~$ telnet 194.255.113.16 22
1115602160 M * ft Trying 194.255.113.16...
1115602160 M * ft Connected to 194.255.113.16.
1115602160 M * ft Escape character is '^]'.
1115602161 M * ft SSH-1.99-OpenSSH_3.8.1p1 Debian-8.sarge.4
1115602174 M * Bertl tcpdump -vvnei ethX  port 22
1115602279 M * ft http://194.255.113.16/~bigfoot/test/sshlog
1115602309 M * Bertl okay, so one nat rule didn't work
1115602334 M * Bertl ahem, and why are you using 192.168.1.2 now?
1115602348 M * Bertl did you change the rules?
1115602406 M * Bertl yep, you did modify them .. please use mine ;)
1115602429 M * ft Uhm, actually
1115602440 M * ft You're gonna kill me anyway :)
1115602452 M * Bertl not very likely ...
1115602461 M * ft I really did mean that I wanted the SSH connection forwarded to the vserver
1115602465 M * ft Oh yes, very likely
1115602475 M * ft I just can't get anything right anymore :)
1115602494 M * ft Which is 192.168.1.2
1115602504 M * Bertl okay, then adjust the POSTROUTING rule to that
1115602513 M * ft iptables -t nat -A POSTROUTING -d 192.168.1.2 -p tcp --dport 22 -j SNAT --
1115602514 M * ft to-source 10.0.0.103
1115602514 M * ft ?
1115602538 M * Bertl well, you have a small compilcation there ...
1115602548 M * ft M'kay?
1115602552 M * Bertl namely that potatohead is not in 192.168.x.x
1115602582 M * Bertl so the real question should be, why not use 10.0.3.233 or so for the vserver guest?
1115602588 M * ft Right, as 192.168.x.x doesn't exist as a real network
1115602598 M * Bertl (which would match the actual networking much better)
1115602617 M * ft Because all IPs on that network is controlled by the DHCP server
1115602623 M * ft Well, most are...
1115602628 M * ft Could use one out of the DHCP range, I guess
1115602643 M * ft OK, how do I change the IP of the vserver?
1115602653 M * Bertl first, shut it down ;)
1115602657 M * ft OK
1115602669 M * Bertl then edit /etc/vservers/jaca/interfaces/0/ip
1115602670 M * ft shutdown -h now from inside it?
1115602680 M * Bertl vserver jaca stop
1115602686 M * ft k
1115602713 M * ft 10.0.0.104 it is
1115602723 M * ft vserver jaca start, then?
1115602735 M * Bertl fix the netmask/prefix first
1115602760 M * ft Where is that?
1115602775 M * Bertl same dir, different file
1115602782 M * ft There's "dev" and "ip"
1115602791 M * ft The only files there
1115602801 M * Bertl hmm, so you didn#t specify any at creation time ...
1115602806 M * ft Probably not
1115602815 M * Bertl so be it ... leave it as it is now ...
1115602819 M * ft OK
1115602867 M * ft OK, vserver started
1115602904 M * Bertl now change the 10.0.3.232 in the rules I pasted to the new ip
1115602913 M * Bertl DaCa: still awake?
1115602999 J * ntrs ruzin@Dardeene-68.188.50.87.charter-stl.com
1115603009 M * Bertl wb ntrs!
1115603066 M * ft volapyk:~# iptables -t nat -A POSTROUTING -d 10.0.0.104 -p tcp --dport 22 -j SNAT --t
1115603067 M * ft o-source 10.0.0.103
1115603068 M * ft Right?
1115603117 M * ft And
1115603119 M * ft potatohead:~# iptables -t nat -A PREROUTING -d 194.255.113.16 -p tcp --dport 20022 -j DNAT --to 10.0.0.104:22
1115603122 M * ft ?
1115603176 M * Bertl hmm, yes looks fine
1115603189 M * ft But doesn't work ;)
1115603198 M * ft (surprise)
1115603206 M * Bertl tcpdump on volapyk please
1115603221 M * ft http://194.255.113.16/~bigfoot/test/sshlog
1115603237 M * ft Hm, hang on
1115603269 M * ft OK, try now
1115603279 M * ft Time is slightly wrong on Volapyk I noticed ;)
1115603318 M * Bertl why does the source address get there unmodified?
1115603325 J * hillct ~hillct@client200-5.dsl.intrex.net
1115603335 M * ft volapyk:~# iptables -t nat -L POSTROUTING
1115603335 M * ft Chain POSTROUTING (policy ACCEPT)
1115603335 M * ft target     prot opt source               destination
1115603336 M * ft SNAT       tcp  --  anywhere             10.0.0.104          tcp dpt:ssh to:10.0.0.103
1115603337 M * ft Dunno
1115603346 M * hillct heh. Still at it?
1115603361 M * ft Well, with my concentration, it becomes hard
1115603365 M * ft I'm trying to drive Bertl insane
1115603365 M * Bertl you got it wrong again
1115603378 M * ft I pasted the line here?
1115603389 M * Bertl sec
1115603396 M * ft And it seems I'm doing a good job at it ;)
1115603504 M * Bertl hmm .. 
1115603523 Q * ntrs Quit: Leaving
1115603526 M * Bertl let#s remove both rules and try:
1115603582 M * ft Both removed...
1115603681 M * Bertl okay, add the prerouting again
1115603713 M * ft Added
1115603729 M * ft potatohead:~# iptables -t nat -A PREROUTING -d 194.255.113.16 -p tcp --dport 20022 -j DNAT --to 10.0.0.104:22
1115603787 M * Bertl andiptables -t nat -A POSTROUTING -d 10.0.0.104 -j SNAT --to 10.0.0.103
1115603798 M * ft On Volapyk?
1115603809 M * Bertl s/andiptables/and add/ no on potatohead
1115603813 M * ft OK
1115603822 M * ft potatohead:~# iptables -t nat -A POSTROUTING -d 10.0.0.104 -j SNAT --to 10.0.0.103
1115603835 M * ft The default route from Volapyk doesn't go through Potatohead, BTW...
1115603838 M * ft Just so you now:)
1115603839 M * ft +k
1115603850 M * Bertl yup, thought so ;)
1115603860 M * Bertl otherwise we would not have those issues ;)
1115603865 M * ft :P
1115603877 M * ft I love making things complicated :P
1115603917 M * ft Well, I get an SSH connection now
1115603925 M * Bertl excellent!
1115603931 M * Bertl probably to the host ;)
1115603938 M * ft It doesn't accept my root password, though :P
1115603944 M * ft Yeah, like
1115603945 M * ft ly
1115603952 M * ft Yep, it is
1115603962 M * Bertl you have to 'restrict' the sshd on the host to the ip
1115603963 M * ft The root password for Volapyk works on it ;)
1115603979 M * Bertl you can do that by changing the sshd_config
1115603980 M * ft k, gotcha
1115604006 M * ft OK, done, now I get connection refused ;)
1115604024 M * ft Because I also get it on 10.0.0.104 port 22
1115604026 M * Bertl now you have to start the sshd inside the guest, which probably failed before
1115604031 M * ft OK
1115604076 M * ft Damn, it works ;)
1115604084 M * ft Thanks a bunch for your patience :)
1115604098 M * Bertl you're welcome!
1115604104 M * Bertl and have a look at the topic ;)
1115604116 M * ft :)
1115604134 M * ft I'll need some sleep first, or I'll get it all wrong :)
1115604144 M * Bertl that is fine ;)
1115604159 M * ft OK, saved those two lines in a script:)
1115604191 M * Bertl my mips install finished too ...
1115604196 M * ft Great :)
1115604213 M * ft And now... Now I'll go catch some sleep :)
1115604216 M * ft Thanks again for your help :)
1115604231 M * ft With my luck, someone will wake me up at 8 this morning :)
1115604236 M * Bertl again, you are welcome!
1115605153 P * hillct 
1115607713 J * alex234 new@217.85.232.190
1115607731 P * alex234 
1115608909 Q * ysm Quit: ysm
1115609708 Q * Shuri Read error: Connection reset by peer
1115611782 J * ntrs ruzin@Dardeene-68.188.50.87.charter-stl.com
1115611961 Q * Loki|muh_ Remote host closed the connection
1115611981 J * Loki|muh loki@satanix.de
1115612389 N * mikegrb MikeGarb
1115612402 N * MikeGarb mikegrb
1115615743 J * ciphernaut ~a@61.88.18.130
1115615749 M * ciphernaut hi all
1115616739 M * Bertl hey ciphernaut!
1115616908 M * Doener` morning folks!
1115616965 J * gpirujo ~gpirujo@200.70.153.42
1115616975 M * Doener` welcome gpirujo 
1115616989 M * gpirujo hello
1115616993 M * gpirujo thanks :)
1115617003 M * Bertl morning Doener`!
1115617003 M * gpirujo i'm installing vserver for my 1st time
1115617007 M * Bertl hey gpirujo!
1115617017 M * gpirujo hi Bertl 
1115617023 M * gpirujo got a question
1115617036 M * gpirujo may i?
1115617041 M * Bertl of course!
1115617047 M * Bertl (see topic)
1115617058 M * gpirujo oh you are right :)
1115617075 M * gpirujo i'm using debian
1115617088 M * gpirujo instead of dbootstrapping a new installation from the internet
1115617111 M * gpirujo can i just untar a previous non-vserver installation in the directory?
1115617129 M * gpirujo i know i have to tweak the net config etc, but would it work?
1115617131 M * Bertl yes, but you should clean it up to make it 'secure'
1115617150 M * Doener` yep, should work, but will need some adjustments... but a fresh debootstrap will need that, too ;)
1115617177 M * gpirujo ah ok, the normal adjustments then
1115617201 M * gpirujo i have a fresh kernel tree now and the patch
1115617223 M * gpirujo could you point me to some orientation about kernel options that must be set for a vserver kernel?
1115617236 M * Bertl default options are fine ...
1115617247 M * ciphernaut Im trying out vserver creation with lvm's
1115617259 M * Bertl gpirujo: if you are testing on a new arch, enable vserver debugging
1115617265 M * gpirujo great! thanks Bertl :)
1115617286 M * gpirujo nope, k7
1115617300 M * ciphernaut i create the volume and mount it at the point where I want it to exist  /var/liv/vservers/sarge02/
1115617312 M * ciphernaut create a subdirectory dir
1115617338 M * gpirujo oh one more
1115617353 M * gpirujo would vmware work on a vserver enabled kernel?
1115617361 M * gpirujo i still need to use windows :)
1115617386 M * ciphernaut now, when i build the vserver, I it tells me I need to use the force option, which I did already specify
1115617402 M * Bertl ciphernaut: yep, bug in the tools
1115617411 M * Bertl (is somewhat fixed in the svn tree)
1115617421 M * ciphernaut this is form the svn tree
1115617428 M * ciphernaut from even
1115617438 M * ciphernaut in f(n) base.initFilesystem
1115617454 M * ciphernaut force is passed to it
1115617464 M * ciphernaut but it gets ignored?
1115617533 M * Bertl hmm, this is from the svn? interesting, I thought ola fixed exactly this ...
1115617588 M * Doener` ciphernaut: hmm... IIRC the only thing --force does is renaming the existing directory and thus _not_ touch it... that's probably not what you want...
1115617608 M * Doener` the fix in svn makes the check depend on /vservers/foobar/dev instead of /vservers/foobar
1115617661 M * Doener` so that you can use a logical volume (or some other mount) to install, as long as there's no dev directory in it
1115617711 M * Doener` and btw, force has to be given if front of the -- ;)
1115617746 M * Doener` i.e. vserver foo build -m something --force -- -d bla _not_ vserver foo build -m something -- -d bla --force
1115617922 M * gpirujo thanks Bertl and Doener`! goodbye :)
1115617984 M * Bertl cya!
1115617985 M * ciphernaut my bad.  I read the functions as requiring the dev directory to exist
1115617992 P * gpirujo 
1115618010 M * ciphernaut killed the dev directory and it works
1115618054 M * Doener` good :)
1115618104 M * Bertl btw, how far did you get with the syscall integration? (new syscall.h code)
1115618122 M * FaUl Bertl: i'm fighting with my scsi-controler, some dumbheads broke sym53c8xx_2 in 2.6. sorry that this takes so long
1115618146 M * Doener` hell, i'm so stupid...
1115618158 M * Bertl huh?
1115618168 M * Doener` the .12-rc2 introduced macros for accounting stuff...
1115618187 M * Doener` mm->rss += (HPAGE_SIZE / PAGE_SIZE); becomes add_mm_counter(mm, rss, HPAGE_SIZE / PAGE_SIZE);
1115618195 M * Bertl hehe ;)
1115618208 M * Bertl sounds familiar ;)
1115618230 M * Doener` and what do i do? right, i fix up all those friggin' hunks instead of making the macro call vx_FOOpages_BAR
1115618249 M * Bertl ooh *G*
1115618288 A * Doener` puts a sign on his screen: "COFFEE BEFORE WORK! NO MATTER WHICH TIME OF THE DAY!"
1115618356 M * Bertl be honest, you just wanted to leave that to me .. no? ;)
1115618384 M * Doener` surely not... about 70% of the time i spent for the rc2 port was this stuff...
1115618441 M * Doener` i did the rc3 based on the rc2 port, but because that one was broken i decided to do the rc4 port from scratch and i've started to do the same shit again :/
1115618619 M * Bertl well, it's not always perfect on the first shot ...
1115618709 M * Doener` yeah, at least i managed to notice it while fixed the last hunk that needed fixing...
1115619262 M * Bertl so somebody from the core team was probably looking at linux-vserver code, or just coincidence?
1115619293 M * Bertl do you, by any chance, know who introduced those changes?
1115619316 M * Doener` #define add_mm_counter(mm, member, value) (mm)->_##member += (value) would become: #define add_mm_counter(mm, member, value) vx_##memberpages_add((mm), (value))
1115619318 M * Doener` right?
1115619339 A * Doener` isn't sure about the ##memberpages thing...
1115619346 M * Bertl wont work ...
1115619351 M * Doener` thought so... ;)
1115619366 M * Bertl you need vx_ ## member ## pages_add
1115619383 M * Doener` ok, thanks
1115619754 M * Bertl np
1115620435 M * ciphernaut cya all
1115620466 N * ciphernaut ciphernaut_zz
1115620663 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it
1115620672 M * Pazzo morning!
1115620679 M * Bertl morning Pazzo!
1115620815 M * Pazzo hi Bertl!
1115620825 M * Pazzo anything new about the zombie processes?
1115620869 M * Bertl yup, solved ...
1115620882 M * Pazzo TELL ME MORE!!!
1115620885 M * Pazzo ;-)
1115620971 M * Pazzo don't know if you have read my lines from saturday - I noted that processes recieve a wrong signal on "shutdown"...
1115620975 M * Bertl http://list.linux-vserver.org/archive/vserver/msg09701.html
1115621014 M * Bertl but basically it's better to do it in a different order .. e.g. avoid the touch, do the echo first ;)
1115621268 M * Doener` morning Pazzo!
1115621284 M * Doener` Pazzo: i've worked with Sarge as a moving target for way too long...
1115621307 M * Doener` of course we can provide debootstrap scripts with util-vserver, for the stable ones...
1115621321 M * Doener` (of which Sarge should be one by now, right?
1115621397 M * Doener` i got some kind of minimal Sarge debootstrap script by now... it even avoids the /dev troubles the tools need to fixup later...
1115621453 M * Pazzo morning doener!
1115621471 M * Pazzo Bertl: testserver booting ;-)
1115621495 M * Doener` unfortunately the tools move the original dev out of the way to cope with the original debootstrap behaviour, so the 'fixed' debootstrap script actually makes the ssh install i included fail ;)
1115621526 M * Doener` but hey, i can keep the 'wrong' dev creation in place... the tools care about it ;)
1115621541 M * Doener` will probably fix that up in the evening
1115621607 M * Pazzo Bertl: heeey, seems to work :-)
1115621609 M * Doener` hmm.. maybe replacing "mv" by "cp -a" in the tools would also work... even with 'fixed' and standard debootstrap scripts...
1115621705 M * Pazzo Doener: yeah, sarge is stable and hurd is coming ;-)
1115621747 M * Pazzo Doener: /dev troubles?
1115621987 M * Doener` Pazzo: sarge is frozen, isn't it? i heard sth. like that...
1115621995 M * Doener` frozen should be enough ;)
1115622030 M * Doener` the debootstrap script create a /dev (of course ;) which contains too many entries (expected)... the tools clean it up afterwards...
1115622064 M * Pazzo Doener: yeah, frozen once again ;)
1115622087 M * Doener` but as the tools provide a minimal /dev prior to debootstrapping (but move it out of the way), we can remove the dev-creation from the debootstrap script (and stop the tools from moving the minimal /dev)
1115622142 M * Doener` instead of moving it away, we could have the tools create a safe copy of it, and just put that back in place after debootstrapping...
1115622146 M * Pazzo how is this handled for other distributions?
1115622203 M * Doener` other distros are created really minimal, just the essential rpms are installed... and they're probably already running on limited caps, thus no mknod possible ;)
1115622212 M * Pazzo ok, found the "fixupDebian" function...
1115622282 M * Pazzo Doener: 'til now I liked the "own debootstrap script" thing, and I was doing so for a while...
1115622336 M * Pazzo ...but now as there has been some discussion I would prefer doing things a little bit different
1115622414 M * Pazzo if we leave debootstrap untouched and do the cleanup later in vserver-build.debootstrap (after debootstrap has done it's job)...
1115622437 M * Pazzo ...also sid users will be happy
1115622498 M * Pazzo there are only a small number of fixes needed to clean up a vserver (like "fixupDebian") - so why supply a full debootstrap script?
1115622529 M * Pazzo I know that it works, I love doing so - but I'm convinced that the other solution would be better
1115622614 M * Doener` Pazzo: how would you know _what_ to cleanup in a sid install?
1115622621 M * Doener` that's even more of a moving target...
1115622651 M * Doener` they could decide to make syslog-ng the default... or replace inetd with xinetd or whatever...
1115622825 M * Bertl is this really a problem (i.e.  something related to cleanup)?
1115622881 M * Pazzo Doener: we could create some scripts, vserver-build.debootstrap-cleanup_woody, ...-cleanup_sarce etc...
1115622899 M * Pazzo vserver-build.debootstrap calls (includes) the right script
1115622901 M * Bertl hm .. it's getting obscurer ...
1115622911 M * Pazzo woody / sarge needs no modification
1115622934 M * Pazzo also sid probably doesn't change such things every month
1115622939 M * Bertl please enlighten me why a) debian needs to run init? and b) why debian has special cleanup requirements?
1115623025 M * Doener` it doesn't need to run init... sysv initstyle also works fine... according to the mailing list there's a (broken?) package which has pre/post-install scripts which rely on init...
1115623071 M * Doener` b) the debootstrap build method uses plain debootstrap which creates an install suitable to boot from... i.e. a full dev, a bunch of hardware related stuff and so on...
1115623096 M * Bertl okay, that's fine ...
1115623108 M * Bertl ad a) fix it in debian
1115623131 M * Bertl ad b) so what? should be fine no? we replace /dev and do not start hardware related services?
1115623139 M * Doener` a) agreed ;) b) the dev stuff is cleaned up by the tools... unneeded packages are not removed, init scripts are not removed...
1115623172 M * Doener` there are two ways we see... I would prefer providing adapted debootstrap scripts (yes, its scriptable ;)
1115623184 M * Bertl okay, for configuring the services 'not' to be run or removing packages 'not' required we can have distro specific scripts ...
1115623190 M * Doener` Pazzo would prefer adding all the cleanup in extra functions in the tools
1115623215 M * Bertl if that is possible for debootstrap, then this would be the preferred way to go
1115623268 M * Pazzo Bertl: debootstrap has so-called debootstrap scripts - I'm currently using a "proprietary" debootstrap script with a) some packages removed and b) calling an extra cleanup script
1115623281 M * Doener` i have hacked the tools to be able to used debootstrap script provided in /etc/vservers/.distros/debian/debootstrap/
1115623307 M * Doener` those would be called sarge.vserver, woody.vserver, sarge.whateveryouwant...
1115623309 M * Pazzo I didn't apply this changes to vserver-build.debootstrap as I didn't want to patch it with every upgrade
1115623370 M * Doener` now i can do: vserver foo build -m debootstrap -- -d sarge --> i get the default sarge installation from debootstrap
1115623409 M * Doener` or: vserver bar build -m debootstrap -- -d sarge -v vserver --> i get a vserver install based on /etc/vservers/.distributions/debian/debootstrap/sarge.vserver
1115623443 M * Doener` my current sarge.vserver removes stuff like ppp packages and others, cleans up the runlevels and so on
1115623464 M * Pazzo In my opinion delivering vserver-debootstrap-scripts would be too intrusive - and we would also make live harder for people with a need for their own debootstrap scripts
1115623507 M * Doener` Pazzo: cp myscript /etc/vservers/.dists/debian/debootstrap/sarge.something ?
1115623527 M * Doener` or just: vserver foobar build -m debootstrap -- -d sarge -s myscript ?
1115623559 M * Pazzo I believe that removing ppp*, cleaning up runlevels etc doesn't justify vserver-specific debootstrap scripts - why don't we just call them "cleanup scripts" and let them be handled by vserver-build.debootstrap?
1115623591 M * Pazzo "vserver foobar build -m debootstrap -- -d sarge" should be enough!
1115623645 M * Pazzo a util_vserver user shouldn't have to take care of adding a "-s blabla" or "-v variant" just to make sure that cleanup happens
1115623654 M * Pazzo this can also be done "transparently"
1115623698 M * Doener` then let's have it named 'sarge' instead of 'sarge.vserver' and used it by default if not specified otherwise...
1115623783 M * Doener` and if no such script is found (f.e. for sid), use the debootstrap default script for that and do the minimal cleanup (dev and such)
1115623957 M * Bertl okay, folks ... I'm off to bed now ...
1115623965 M * Bertl have a good time, and cya later ...
1115623981 M * Doener` night Bertl!
1115623990 M * Pazzo Doener: why should cleanup be done by a debootstrap script and not by a second one? we wouldn't be forced to supply the whole debootstrap stuff
1115623995 M * Pazzo good night Bertl!
1115624016 N * Bertl Bertl_zZ
1115624394 M * Pazzo Doener?
1115624460 M * Pazzo maintain a debootstrap script for a non-stable Debian is not so funny :)
1115624480 M * Pazzo maintaining cleanup scripts would require much less work
1115624504 M * Doener` thus i said: 08:48:27 Doener` of course we can provide debootstrap scripts with util-vserver, for the stable ones...
1115624518 M * Doener` and: 09:29:43 Doener` and if no such script is found (f.e. for sid), use the debootstrap default script for that and do the minimal cleanup (dev and such)
1115624634 M * Pazzo hmmm... and why do different things for different debian "flavours"? why don't we ship exactly one cleanup scripts for each of them?
1115624663 M * Doener` the cleanup script would need to remove 43 packages, 4 directories, 6 runlevel scripts and fixup two scripts...
1115624711 M * Doener` (about 43, maybe more...)
1115624806 M * Doener` (that's for sarge, no idea about woody/sid)
1115624821 J * prae ~prae@ezoffice.mandriva.com
1115624941 M * Pazzo Doener: remove 43 packages??? which ones?
1115625026 M * Pazzo I remove just iptables and the ppp* stuff and don't care about the rest - the resulting vserver "weights" 96mb (after apt-get clean) - what else do you remove?
1115625154 M * DaPhreak morning Doener`, prae, Pazzo :)
1115625326 Q * ciphernaut_zz iridium.oftc.net charm.oftc.net
1115625326 Q * Vudumen iridium.oftc.net charm.oftc.net
1115625326 Q * mep_ iridium.oftc.net charm.oftc.net
1115625326 Q * _BWare_ iridium.oftc.net charm.oftc.net
1115625326 Q * DaCa iridium.oftc.net charm.oftc.net
1115625326 Q * hellekin iridium.oftc.net charm.oftc.net
1115625326 Q * Hollow iridium.oftc.net charm.oftc.net
1115625326 Q * FaUl iridium.oftc.net charm.oftc.net
1115625326 Q * logger iridium.oftc.net charm.oftc.net
1115625326 Q * sladen_ iridium.oftc.net charm.oftc.net
1115625326 Q * ndim_ iridium.oftc.net charm.oftc.net
1115625326 Q * eyck iridium.oftc.net charm.oftc.net
1115625326 Q * flock iridium.oftc.net charm.oftc.net
1115625326 Q * kevinp iridium.oftc.net charm.oftc.net
1115625326 Q * lilo iridium.oftc.net charm.oftc.net
1115625326 Q * torisa iridium.oftc.net charm.oftc.net
1115625326 Q * gaba iridium.oftc.net charm.oftc.net
1115625353 M * Doener` base-config aptitude libsig++-1.2.5c102 bsdmainutils console-common console-tools libconsole console-data cpio dhcp-client ed exim4 exim4-base exim4-config exim4-daemon-light libgcrypt11 libgnutls11 libgcrypt7 libgpg-error0 libopencdk8 libtasn1-2 fdutils groff-base info libssl0.9.7 libzlo1 liblockfile1 libpcre3 mailx man-db manpages nano nvi ppp pppconfig pppoe pppoeconf libpcap0.7 tasksel libtextwrap1 telnet wget
1115625353 M * Pazzo hi DaPhreak!
1115625385 M * Doener` and makedev...
1115625403 M * Pazzo Doener: what do you add instead of exim? nullmailer?
1115625461 J * ciphernaut_zz ~a@61.88.18.130
1115625461 J * Vudumen vudumen@perverz.hu
1115625461 J * mep_ mep@p5091F637.dip.t-dialin.net
1115625461 J * _BWare_ ~bware@office.intouch.net
1115625461 J * DaCa ~danny@mail.limehouse.org
1115625461 J * hellekin ~hellekin@v41.ath.cx
1115625461 J * Hollow ~Hollow@home.xnull.de
1115625461 J * logger ~rs@vds.pas-mal.com
1115625461 J * sladen_ paul@starsky.19inch.net
1115625461 J * FaUl ~immo@ip88.164.1211G-CUD12K-01.ish.de
1115625461 J * ndim_ hun@helena.bawue.de
1115625461 J * eyck eyck@81.219.64.71
1115625461 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1115625461 J * kevinp ~kevinp@ny.webpipe.net
1115625461 J * lilo ~lilo@lilo.usercloak.oftc.net
1115625461 J * torisa hak@heceta.db.net
1115625461 J * gaba ~gaba@protest.net
1115625553 M * Doener` nothing... who says i need a mailer there? i even tend to remove logrotate and cron...
1115625626 M * Pazzo Doener: if you are going to use an "internal" package management you'll need a mailer
1115625727 M * aba Bertl_zZ: what#
1115625727 M * aba Bertl_zZ: what's the question about jigdo?
1115625827 M * Pazzo Doener: that would be a minimalistic Debian vserver - a interesting variant, but probably not making happy most (hosting) vserver owners (no manpages, no wget)
1115626150 M * Pazzo you should also remove cron as it depends on a mta. the question is: would you like to install a new base vserver just providing the context and basic libs or would you like to provide a "base debian system"?
1115626322 M * Doener` cron does not depend on an mta... it only recommends one
1115626355 M * Doener` and apt, aptitude etc. also seems to work fine without an mta...
1115626422 M * Doener` Pazzo: we could provide both, given that we use debootstrap scripts or a hell lot of cleanup stuff...
1115626447 M * Doener` i've done the absolutely minimal approach, i could as well do a minimally cleaned up one and so on...
1115626459 M * Pazzo I would agree about that
1115626527 M * Pazzo so what if we provide a) the cleanup part as separate scripts (one per flavour) and b) a debootstrap variant for a minimalistic server - the cleanup script is always called, regardless of what debootstrap script is used
1115626534 M * Doener` somewhere there's an end of 'doing it just using debootstrap' as we cannot rely on dependecy resolvement... we have to supply every needed package
1115626558 M * Pazzo (as the cleanup does important things as removing getty's from inittab, removing "evil" startup scripts etc)
1115626568 M * Pazzo (and fixing /dev)
1115626626 M * Doener` hm, i already do that in my debootstrap thing... i think we should call the cleanup stuff only when needed (f.e. when using the debian default debootstrap scripts)
1115626766 M * Pazzo why make things complicated? move your cleanup stuff out of your debootstrap script and into a separate one and we don't have do mantain the whole script for all debian flavours
1115626781 M * Pazzo cleanup would work out-of-the box for the next debian generation
1115626844 M * Pazzo and someone can have it's personal sarge.superhosting without the need for taking care of implementing vserver cleanup stuff into his own debootstrap script
1115626892 M * Doener` he wouldn't need to... he could simply use the supplied one as starting point and modify that one...
1115627073 M * Pazzo Doener: "apt-get upgrade" on the host would destroy his script
1115627094 M * Doener` hu?
1115627100 M * Pazzo or, if he gives the script a different name
1115627122 M * Doener` why would it destroy the script?
1115627133 M * Pazzo if the way of doing cleanup improves he has to track all changes and put them into his own script
1115627236 M * Pazzo (forget "destroy the script" - what I wanted to say was if he modifies the orignial script in it's original location...)
1115627267 M * Doener` even that shouldn't destroy it, debconf should then ask if we wants to replace it ;)
1115627300 M * Pazzo only if it's marked as a config file
1115627394 M * Doener` it should be, right?
1115627409 M * Doener` anyway... i got to go, university awaits me... cya later!
1115627415 N * Doener` Doener|gone
1115627473 M * Pazzo cya
1115628850 J * erwan_taf ~erwan@81.80.43.77
1115629719 Q * berni jupiter.oftc.net plasma.oftc.net
1115629719 Q * aba jupiter.oftc.net plasma.oftc.net
1115629872 J * berni ~berni@svr01.mucip.net
1115629872 J * aba ~aba@sol.turmzimmer.net
1115631166 Q * Hollow Read error: Connection reset by peer
1115631272 J * rs ~rs@staff.lycos.fr
1115631274 M * rs yo
1115631389 M * Pazzo hi rs!
1115631621 J * Hollow ~Hollow@home.xnull.de
1115632481 J * ntrs_ ntrs@Dardeene-68.188.50.87.charter-stl.com
1115632481 Q * ntrs Read error: Connection reset by peer
1115633726 N * Doener|gone Doener
1115633738 M * Doener decided not to go ;)
1115633831 M * ft I'm building Debian/PPC packages now
1115633848 M * ft Though I guess bertl won't wake up for some hours ;)
1115633942 M * Doener i guess ola will be interested ;)
1115633951 M * Doener (ola is the debian util-vserver maintainer)
1115633960 M * ft Oo
1115633963 M * ft Didn't know ;)
1115633969 M * Doener now you do ;)
1115633972 M * ft Yeah :)
1115633974 A * ft prods ola
1115634008 M * Doener ok, back to my 2.6.12-rc4-vs2.0-pre4 port...
1115634021 M * ft Enjoy
1115634377 M * ft http://194.255.113.16/~bigfoot/files/vserver-debian-ppc/
1115635843 J * ntrs__ ntrs@Dardeene-68.188.50.87.charter-stl.com
1115635844 Q * ntrs_ Read error: Connection reset by peer
1115636031 Q * rs Ping timeout: 480 seconds
1115637420 M * Doener *sigh* rc4 has really interesting changes...
1115637465 M * Doener in try_to_unmap_one() we now got: inc_mm_counter(mm, rss); instead of mm->rss--;
1115637509 M * albeiro that's serves some purpose probably ;p
1115637531 M * Doener probably it's a long form of: bugs++ ;)
1115638425 Q * mep_ Quit: Leaving
1115638799 M * aba ft: and what is the problem?
1115639599 J * rs ~rs@staff.lycos.fr
1115639736 J * matti matti@linux.gentoo.pl
1115640404 J * Wurd ~kvlt@modemcable157.235-201-24.mc.videotron.ca
1115641583 Q * _BWare_ Remote host closed the connection
1115641662 J * BWare ~bware@office.intouch.net
1115641696 M * Wurd Doener are you there%
1115641697 M * Wurd <?
1115641769 M * Doener yep
1115641780 M * Wurd great
1115641786 M * Wurd i'd like to ask you something
1115641793 M * Doener go ahead ;)
1115641807 M * Wurd in this document http://www.13thfloor.at/~doener/wurd , are the "apt-get update" commands to be executed INSIDE the vserver ?
1115641817 M * Doener sec...
1115641841 M * Doener yep, the last two have to be done from the inside...
1115641866 M * Wurd ok, and whats that? : (enter:
1115641866 M * Wurd 1,2
1115641869 M * Wurd c
1115641886 M * Doener "apt-get update" will ask you some questions, those are the answers ;)
1115641936 M * Wurd thats what i thought
1115641942 M * Doener hm... where did that 'vserver fc3-base enter" go?...
1115641942 M * Wurd alright
1115641986 M * Wurd are you familiar with apt ?
1115642051 M * Wurd wait, let me ask you this question first:
1115642066 M * Wurd for following the steps in "(enter:
1115642066 M * Wurd 1,2
1115642071 M * Doener debian's apt: yes, aptrpm: no
1115642093 M * Wurd for following the steps in "http://www.13thfloor.at/~doener/wurd" , what should be in /etc/apt/sources.list ?
1115642107 M * Wurd should it be ayo.freshrpms.net ? because that's what's there by default
1115642135 M * Doener in the vserver? there shouldn't be any sources.list... 
1115642143 M * Wurd outside the vserver
1115642143 M * Doener does it copy the one from the host?
1115642155 M * Doener outside doesn't matter...
1115642167 M * Wurd cause i need to install vim ON the vserver. for that i need to execute "vapt-get"
1115642182 M * Doener no you don't...
1115642198 M * Doener vim is contained in the base group...
1115642213 M * Wurd all that, because the "apt-get update" command to be executed inside my vserver, doesnt work. and i believe it's because my resolv.conf is invalid. thus i need vim to edit & fix it
1115642222 M * Wurd vim is contained in the base group? :((((
1115642226 M * Doener edit it from the host?
1115642248 M * Wurd if vim is contained in the base group then i probably did something wrong :(
1115642249 M * Doener or simply do (inside the vserver): echo nameserver 1.2.3.4 > /etc/resolv.conf
1115642256 M * Wurd i really thought i was doing alright this time...
1115642294 M * Doener if you didn't get to do the apt-get update stuff, you also didn't do the "apt-get groupinstall base" yet i assume...
1115642304 M * Wurd that is correct.
1115642311 M * Doener --> base group is not yet installed
1115642317 M * Doener ----> no vim yet ;)
1115642327 M * Wurd is there a character that means "changeline" ? because my resolv.conf has more than one line
1115642356 M * Wurd anyway, its not critical. i'll try just entering one adress
1115642361 M * Doener echo -e "line1\nline2\n" > /etc/resolv.conf
1115642371 M * Wurd oh cool. thanks
1115642498 M * Wurd seems to work! woohoo
1115642505 Q * BWare Quit: using sirc version 2.211+KSIRC/1.3.11
1115642541 J * BWare ~bware@office.intouch.net
1115642542 M * Wurd "1,2" means what ?
1115642551 Q * BWare Quit: 
1115642551 M * Doener type: 1,2<enter>
1115642554 M * Wurd k
1115642654 M * Wurd ImportError: No module named libxml2
1115642661 M * Wurd i should probably install that ?
1115642676 M * ft aba, some syscall stuff not implemented in diet-libc (I think :) and some gethostbyname fix
1115642706 M * aba ft: well, I have a vserver running on ppc - but of course, I have my own installation ...
1115642740 M * ft Well, it didn't work for me before, but after bertl made those patches, it works :)
1115642744 M * aba (and, I won't swear that I use diet-libc)
1115642755 M * aba ah, cool
1115642780 M * ft I've got no clue about it anyway, I just wanted to try it out yesterday and stumbled into a lot of problems :)
1115642791 M * ft Been using vserver for less than 24h :P
1115642855 M * Wurd i've installed libxml2, but "apt-get groupinstall" is still telling me this error:  
1115642857 M * Wurd  File "/usr/lib/python2.3/site-packages/rhpl/comps.py", line 5, in ?
1115642857 M * Wurd     import libxml2
1115642857 M * Wurd ImportError: No module named libxml2
1115642876 M * Doener interesting... didn't get that one... 
1115642899 M * Doener apt-get install libxml2-python
1115642906 P * erwan_taf Leaving
1115642938 M * Wurd you mean vapt-get ?
1115642983 M * Doener inside your vserver there's no vapt-get...
1115643018 J * BWare ~bware@office.intouch.net
1115643046 M * Wurd correct. but i thought i had to use "vapt-get" outside the vserver in order to install stuff inside the vserver
1115643155 M * Doener also possible... but you can also use apt-get inside the vserver as we internalized the package management...
1115643252 M * aba or just vserver $name exec apt-get ...
1115643365 M * Doener well vapt-get is less typing ;)
1115643540 M * Wurd its working, cool.
1115643548 M * Wurd libxml2-python fixed it.
1115645883 M * Wurd Doener , how do you call this kind of installation i just did? 
1115645889 M * Wurd "core base", or something?
1115645927 M * Doener i don't call that anything ;) and i have no idea how others would call it
1115646097 M * Wurd you once told me it was a "fedora core base install"
1115646112 M * Wurd and that when i simply did a "vserver build bla bla", it wasnt even a base install
1115646328 M * Doener the packages you now got installed is what the fc folks consider what makes a base system...
1115646377 M * Doener btw, how did you come to the name "core base"?
1115646438 M * Wurd <Doener> a fedora core 3 base install...
1115646472 M * Doener yep... i've randomly chosen that wording...
1115646497 M * Wurd oh.
1115646551 M * Doener it's "fedora core 3" with the "base" group "install"ed --> "fedora core 3 base install"
1115646577 M * Wurd and what is the "base group" ?
1115646596 M * Doener a group of packages that fedora folks call "base"
1115646619 M * Doener there's also a group called "core" and probably some others...
1115646640 M * Wurd ok
1115646783 M * Doener building 2.6.12-rc4-vs2.0-pre4 now...
1115647444 N * sladen_ sladen
1115647782 Q * rs Read error: Connection reset by peer
1115648119 J * rs ~rs@staff.lycos.fr
1115648279 M * rs re
1115648288 M * ft Hi
1115648411 M * Doener wb rs
1115649202 Q * flock Read error: Operation timed out
1115649223 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1115649589 M * Doener Pazzo: have you seen Timo's (IceTi) latest mails on the ml?
1115650524 M * Pazzo re
1115650528 M * SiD3WiNDR smagnusson is a dumbass
1115650565 M * Pazzo Doener: (Timo) => how to unsubscribe?
1115650580 M * Doener yep ;) he shouldn't be using a computer...
1115650747 M * Pazzo "And then ???!" <= maybe he should read? or maybe write his e-mail into the appropriate field and then delete it using TippEx (English synonym for tippex?)...
1115650813 M * SiD3WiNDR :D
1115650837 M * SiD3WiNDR Doener: oh, we were talking about the same guy, I didn't realize ;)
1115650883 Q * BWare Remote host closed the connection
1115650949 M * Doener SiD3WiNDR: hm? i meant Timo, not smagnusson...
1115651002 J * BWare ~bware@office.intouch.net
1115651035 A * Doener can't see why the latter one should be a dumbass...
1115651118 M * Doener hmm... i messed up the limits this time... ;) (port to .12-rc4)
1115651245 M * SiD3WiNDR Doener: hm, must have misread the from line.. I was talking about the "and then ???!", not smagnusson indeed.. OOPS.
1115652144 Q * Wurd Quit: BitchX-1.0c20cvs -- just do it.
1115652697 J * wurd ~kvlt@modemcable157.235-201-24.mc.videotron.ca
1115653145 N * BobR_zZ BobR
1115653814 Q * wurd Quit: BitchX-1.0c20cvs -- just do it.
1115655792 N * BobR BobR_oO
1115657230 Q * prae Quit: Client exiting
1115657668 M * DaPhreak hmm Doener ?
1115657733 M * DaPhreak is there any new ngnet patch that fits on vs-2.0_pre4 ?
1115657762 M * FaUl DaPhreak: there is, moment
1115657785 M * FaUl DaPhreak: http://vserver.13thfloor.at/Experimental/NGNET/diff-vs2.0-pre4-ng9.5.diff
1115657810 A * DaPhreak goes to clean his glasses
1115657824 M * DaPhreak thanks FaUl :) must have overlooked these :)
1115657876 M * FaUl DaPhreak: ok, you may invest the saved time at fixing that sym53c8xx_2 drivers in 2.6.11.8 :-)
1115657900 M * DaPhreak heh, first i'll need to fix the vsgrsec stuff :)
1115657928 M * FaUl DaPhreak: i don't need vsgrsec but sym53.. :)
1115657939 M * DaPhreak hehe ;)
1115658092 M * DaPhreak are these sym53c8xx_2 drivers broken on vserver or are the generally broken ?
1115658214 M * FaUl DaPhreak: gennerally i guess
1115658233 M * FaUl because it seems to be a driver problem and i don't see any relationships to vs-patches 
1115658522 M * DaCa DaPhreak: what do you mean with 'fix vsgrsec stuff'?
1115658573 M * DaPhreak yeah .. well i partially work on an vserver-grsec patched kernel :)
1115658603 M * DaPhreak and sometimes well, someone (the maintainer) puts out a new version, and thats the time where i need to "fix" the patch ;)
1115658674 M * DaCa DaPhreak: thats why I ask, you simply mean updating pre3 -> pre4 or did you find another issue with the patch I provide
1115658719 M * DaPhreak nope .. not yet, since i have first to put in all the other stuff from pre2 -> pre4; then grsec-stuff ..
1115658723 J * erwan_ho ~erwan@lns-vlq-39f-81-56-133-136.adsl.proxad.net
1115658751 M * DaPhreak then it's time for the ngnet stuff :)
1115659407 Q * albeiro Ping timeout: 480 seconds
1115659410 Q * erwan_ho Remote host closed the connection
1115659421 Q * matti Ping timeout: 480 seconds
1115661190 J * albeiro albeiro@albeiro.usercloak.oftc.net
1115661197 J * matti matti@linux.gentoo.pl
1115661762 Q * torisa Read error: Operation timed out
1115661887 J * torisa ~lp_ql@142.46.199.182
1115662148 J * Beave ~beave@vistech.org
1115662152 M * Beave hey all. 
1115662216 M * Beave I'm missing something thats probably really simple.  When I start a vps,  the vps doesnt bind to the ip address i specify.  The VPS starts,  but for example,  if i try to SSH in, i connect to the host system.
1115662216 Q * torisa Read error: Connection reset by peer
1115662227 J * torisa ~lp_ql@heceta.db.net
1115662273 M * Beave hey lp.
1115662695 M * DaCa Beave: thats because sshd on the host listens to any ip address, and intercepts it, the fix is to edit /etc/ssh/sshd_config and use ListenAddress to limit it to the host's IP 
1115662752 M * FaUl Beave: or just start vserver-ssh first ;)
1115662755 M * Beave Yeah - I thought the same thing..  This is a template/guest image i pulled from a working system.  Wait..  I know how we fix is. 
1115662757 M * Beave actually.  
1115662770 M * Beave what we did,  is on the host system,  bound ssh to the host ip address..  
1115662804 M * Beave thansk a ton guy.
1115662815 M * Beave i knew one of you would help jog my non-static memory.
1115662882 Q * rs Ping timeout: 480 seconds
1115662900 M * Beave That was terrible.  I knew it was going to be something simple  (I initially looked at our guest images sshd config).  
1115664863 N * Bertl_zZ Bertl
1115664877 M * Bertl evening folks!
1115664997 M * Bertl torisa: new here?
1115665153 M * Beave I think i might know torisa..  and if so.. yes.
1115665241 M * Beave He helped me setup a VPS server that runs 15 or so Asterisk PBX's within VPS's.
1115665245 M * Beave sorta cool.
1115665245 M * DaCa 1.1 denk ik
1115665248 M * DaCa oops
1115665328 M * Bertl Beave: sounds cool!
1115665503 M * Beave yes.  It ends up the ztdummy drive (for things like music on hold,  conferencing,  etc) share very well.  Took a bit of tweaking, but it works great. 
1115665529 M * Beave we load the ztdummy driver on the host system,  and the VPS's then use it.  It's been running for two months,  with no problems. 
1115665573 M * Beave We're going to write a mimi-howto VPS+Asterisk ...  
1115665579 M * Beave err..mini...
1115665631 M * Bertl cool, maybe a post to the mailing list would be a good idea too .. just to show folks _what_ you can do ;)
1115665754 M * Beave will do.  We looked and looked but never found anyone else doing such a thing.  So,  that was the idea.  Post it,  and get it out there. 
1115666334 N * ntrs__ ntrs
1115666343 M * ft Good morning, Bertl ;0
1115666344 M * ft ;) too
1115666634 Q * torisa Read error: Operation timed out
1115667397 M * Bertl morning ft!
1115667541 M * ft I did the Debian packages
1115667558 M * ft http://194.255.113.16/~bigfoot/files/vserver-debian-ppc/
1115667567 M * Bertl great!
1115667579 M * Bertl will test them tonight ...
1115667798 J * Doener` ~doener@p5487749F.dip.t-dialin.net
1115667966 M * Bertl evening Doener`!
1115668111 Q * Doener Read error: Operation timed out
1115668489 J * lilo_ ~lilo@lilo.usercloak.oftc.net
1115668490 Q * lilo Read error: Connection reset by peer
1115669519 Q * lilo_ Read error: Operation timed out
1115669770 J * lilo ~lilo@lilo.usercloak.oftc.net
1115669800 J * heini ~rik@vdeijnden.com
1115670137 Q * heini Quit: Client exiting
1115670346 M * Doener` evening Bertl!
1115670371 M * Doener` (have been afk, it was just my line being disconnected half an hour ago ;)
1115670378 M * Bertl ;)
1115670441 M * Doener` so i fixed a bug in rss accouting in rc4 and messed up vserver rss/anon accouting in my port ;)
1115670466 M * Bertl and I thought you didn't want to talk to me anymore ;)
1115670480 M * Doener` yeah, sure :p
1115670747 Q * yarihm Quit: Leaving
1115670859 M * Pazzo re
1115670864 M * Pazzo hi @ll!
1115670869 M * Doener` wb Pazzo 
1115671058 M * Bertl hey Pazzo!
1115671106 M * Bertl sladen: you around?
1115671235 M * sladen yup
1115671265 M * Bertl I have a compaq with a remote insight management thingy here, and google popped up with your name ...
1115671291 M * Bertl do you have any experience with those things?
1115671401 M * sladen yes
1115671410 M * sladen they're a depressing but useful bit of kit
1115671425 M * Bertl excellent, might I ask you a few things in private?
1115671512 M * eyck   * so, what are you wearing... *
1115672117 M * SiD3WiNDR :D
1115672403 M * Doener` Bertl: how i am supposed to use the rss/anon limit debug output? i get a bazillion lines and more of output... :(
1115673031 M * Bertl hmm, well, yeah, you record them and then evaluate them (probably with a script)
1115673361 M * Bertl but basically the best check is the exit value ...
1115673375 M * Bertl (you get that with debug enabled, without and debug_* set
1115673480 M * Doener` yep, i got those... but didn't tell me much, just that it was wrong ;)
1115673490 M * Doener` btw, this is correct, right?
1115673491 M * Doener` #define set_mm_counter(mm, member, value) vx_ ## member ## pages_sub((mm), ((mm)->_##member - value))
1115673553 M * Bertl yup is fine ...
1115673559 M * Doener` k, thanks
1115673580 M * Bertl but you have to be careful there, not all 'set' have to be accounted for
1115673695 M * Bertl okay, off for now .. back later
1115673735 N * Bertl Bertl_oO
1115674073 M * Doener` ah right... it's exactly the value that gets subtracted in dup_mmap that is wrong...
1115674315 M * Pazzo sorry, totally OT: anyone knowing suse? how can I find out a) suse version of a running system and b) where to configure the firewall? is there some yast stuff?
1115674407 P * Pazzo Verlassend
1115674414 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it
1115674416 M * Pazzo ups
1115674423 M * Doener` found the firewall? *g*
1115674465 M * Pazzo hehe... you can be sure that I'm not running suse - and I know exactly where to find my firewall ;-)
1115674478 Q * Pazzo Quit: Verlassend
1115674501 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it
1115674504 M * Pazzo *grrr*
1115674513 M * Pazzo (struggling with xchat)
1115674525 M * Doener` ah, hitting ^W eh?
1115674550 M * Pazzo no - joined freenode without telling him to use a new tab
1115674565 M * Doener` ah, i.c.
1115674618 M * Doener` i get more and more used to using ^W to delete a word when using vim/bash, but thanks to gnome (which IIRC introduced that silly shortcut) xchat closes the current tab when you hit ^W
1115674687 M * Pazzo hey, ^W on my bash is cool ;-) didn't know that!
1115674703 M * Doener` ad suse version: try /etc/suse_version or /etc/SuSE-release
1115674955 M * Pazzo hehe, got it on freenode/#suse, thnx:
1115674972 M * Pazzo /etc/sysconfig/SuSEfirewall2 or yast and cat /etc/SuSE-release
1115675384 M * Pazzo have to leave now - I have to stand up at 5:30 tomorrow morning... and then to drive to "Peschiera del Garda" (lake Garda) 'cause of an old firewall - let's hope they have good fish there ;-p
1115675388 M * Pazzo cu Doener!
1115675393 M * Doener` cya!
1115675413 N * Pazzo PazZzzzooo
1115675722 M * Doener` hm... changing sched.h is not compile time friendly ;)
1115677221 J * Jani ~Jani@G9866.g.pppool.de
1115677224 M * Jani *waves* Hi all
1115677230 M * Doener` welcome Jani 
1115677260 M * Jani Just a little and fast question (I hope) I have 2.6.11.5-vs1.9.5
1115677273 J * infowolfe infowolfe@209-112-218-51-cdsl-rb1.nwc.acsalaska.net
1115677277 M * Jani I thought that I have read somewhere in the wiki how I can set an quota and a process limit to a vserver
1115677283 M * infowolfe any kernel-hackers in the house?
1115677284 M * Jani But I can't find this site anymore...
1115677333 M * infowolfe Jani, I know it's possible, but I forget how ;-)
1115677349 M * daniel_hozac Jani: flower page.
1115677351 M * infowolfe iirc, ULIMIT and RLIMIT
1115677358 M * infowolfe daniel_hozac, nice response ;-)
1115677375 M * Doener` infowolfe: what do you need?
1115677382 M * infowolfe Doener`, kernel hackers?
1115677397 M * infowolfe Doener`, http://rafb.net/paste/results/NEAUH575.html yummy non-fatal oopses, non-vserver related
1115677405 M * infowolfe but I can't find anybody willing to look at them for me.
1115677435 M * infowolfe amd64, 2.6.11.8, no-acpi compiledin
1115677443 M * infowolfe s/compiledin/compiled in/
1115677457 M * infowolfe it's a high-load mysql db server.
1115677459 M * Jani infowolfe: Thankies
1115677469 M * Doener` hm, somehow this looks familiar...
1115677478 M * infowolfe I suspect bad ram in the machine, but as it's a leased box, I can't exactly swap it out to test ;-)
1115677491 M * daniel_hozac memtest86 ;)
1115677520 M * infowolfe daniel_hozac, again, leased box, it's in texas, i'm in alaska, it's not very convenient to fly there and beat the hell out of their techs in order to get to my box :-)
1115677553 M * infowolfe although, judging from the response time on trouble tickets, i'm thinking that i wouldn't have too many to beat up ;-)
1115677560 M * ft :)
1115677626 M * infowolfe on 2.6.11.7 they were coming about every 10-30 minutes
1115677641 M * infowolfe our db sees a constant 4mbit/s from the webservers
1115678042 N * Bertl_oO Bertl
1115678046 M * Doener` wb Bertl 
1115678052 M * Bertl thanks! evening folks!
1115678057 M * infowolfe wb, bertl
1115678064 M * infowolfe good evening bertl
1115678089 M * infowolfe Bertl, do you have any ideas about the following? http://rafb.net/paste/results/NEAUH575.html
1115678096 M * Doener` .12-rc4-vs2.0-pre4 has finished my test cycle... testme.sh works, some random stuff in a vserver works, and... the syslog stuff also works... no more oops :)
1115678116 M * Bertl Doener`: -L tests?
1115678158 M * Doener` also work... it was the set_mm_counter in dup_mmap that caused the breakage, i introduced __set_mm_counter for that one
1115678227 M * Doener` the "collect all stuff and sort out relevant things" approach worked, I easily recognized which one was guilty :) thanks
1115678268 M * Bertl infowolfe: hmm, which kernel?
1115678324 M * Doener` 2.6.11.8
1115678342 M * Doener` (line 7)
1115678354 M * Bertl ah, thanks!
1115678393 M * Bertl well, seems like mysql has a hard time doing something to the disk I/O system
1115678418 M * Bertl probably using sendfile or somesuch ...
1115678443 M * Doener` there we go... http://www.13thfloor.at/~doener/vserver/patches/patch-2.6.12-rc4-vs2.0-pre4.diff
1115678576 N * BobR_oO BobR
1115678705 N * BobR BobR_zZ
1115679005 M * infowolfe sry, was afk
1115679015 M * infowolfe Bertl, do you suggest I recompile mysql?
1115679025 M * infowolfe or do you think it might be a hardware issue?
1115679285 M * Bertl could be, do you other messages in the kernel log?
1115679342 M * infowolfe nothing related to aacraid
1115679373 A * Doener` wonders how the rss bug survived from rc{1,2} till rc4... ;)
1115679911 J * Shuri sjnesjd@64.235.209.226
1115679977 M * Bertl welcome Shuri!
1115679996 M * Shuri thx Bertl
1115680025 M * Shuri how are you?
1115680038 N * ciphernaut_zz ciphernaut
1115680072 M * Doener` morning ciphernaut 
1115680113 M * Bertl Shuri: well, mostly fine ...
1115680164 M * Doener` hmm... mostly doesn't sound too good...
1115680183 M * ft Bertl, still alive?
1115680258 M * Shuri yes  mostly doesn't sound too good...
1115680338 M * Bertl well, I'm wasting my time because compaq/hp is too stupid to get anything right ...
1115680345 M * Bertl ft: yup, still alive
1115680369 J * eyck_ eyck@81.219.64.71
1115680370 Q * eyck Read error: Connection reset by peer
1115680619 M * ciphernaut morning all
1115680771 J * rs ~rs@212.43.230.5
1115680973 M * Bertl morning ciphernaut! welcome rs!
1115681056 Q * rs Remote host closed the connection
1115682267 Q * eyck_ Read error: Connection reset by peer
1115682474 Q * infowolfe Quit: Leaving
1115682591 J * eyck eyck@81.219.64.71
1115682603 M * ciphernaut vserver <name> status returns status codes depending on the state they are in.  Where can I find a complete list of exit codes regarding this function?
1115682744 A * Jani waves out. "Nighty night. I will come tomorrow back."
1115682749 M * Doener` night Jani 
1115682778 M * Bertl             msg $"Vserver '$vserver' is running at context '$ctx'"
1115682782 M * Bertl             exit 0
1115682785 M * Bertl             msg $"Vserver '$vserver' is stopped"
1115682788 M * Bertl             exit 3
1115682793 M * Bertl         echo $"Usage: $0 {start|stop|suexec|restart|condrestart|exec|enter|chkconfig|running|status}" >&2
1115682793 M * Jani And tomorrow I would try out the limit thingies.
1115682797 M * Bertl         exit 2
1115682804 Q * Jani Quit: Verlassend
1115682828 M * ciphernaut and exit code 5 if it cannot find the config for it
1115682864 M * Bertl Can not find a vserver-setup at '$VSERVER_DIR/'.
1115682866 M * Bertl     exit 5
1115682868 M * Bertl yup
1115682906 M * ciphernaut are 1,2 and 4 unused?
1115683063 M * Doener` 2 is wrong usage (see above)
1115683178 M * Doener`     echo $"Can not find util-vserver installation (the file '$UTIL_VSERVER_VARS' would be expected); aborting..." >&2
1115683178 M * Doener`     exit 1
1115683195 M * Doener` 4 seems to be unused