1117671686 J * ciphernaut ~a@61.88.18.130
1117674037 M * Bertl okay folks! enough for me for today ...
1117674043 J * explasm__ explasm@p549FED5C.dip.t-dialin.net
1117674043 M * Bertl night everyone!
1117674051 N * Bertl Bertl_zZ
1117674478 Q * eXplasm2 Ping timeout: 480 seconds
1117681740 J * Martyn ~blah@c-66-176-173-243.hsd1.fl.comcast.net
1117684440 Q * Martyn Quit: Leaving
1117689021 N * Bertl_zZ Bertl
1117689052 M * Bertl morning!
1117689749 M * id morning Bertl !
1117690119 M * Bertl hey id!
1117691304 M * Bertl okay, off for now ... back later ...
1117691308 N * Bertl Bertl_oO
1117691328 J * hwarrier hwarrier@adsl-216-100-137-145.dsl.snfc21.pacbell.net
1117691438 Q * sebd Remote host closed the connection
1117692053 Q * hwarrier Ping timeout: 480 seconds
1117696844 Q * virtuoso Ping timeout: 480 seconds
1117697938 P * sith 
1117698642 J * prae ~prae@ezoffice.mandriva.com
1117699698 J * prae_ ~prae@ezoffice.mandriva.com
1117699698 Q * prae Read error: Connection reset by peer
1117700695 J * enum ~Administr@ip-207-145-127-226.lax.megapath.net
1117700698 M * enum yo
1117700712 M * DaPhreak mornin' enum 
1117700720 M * enum I was wondering if there was a distinct difference between xen, and vserver?
1117700728 M * enum I am used to using xen, but a buddy toldme about vserver
1117700744 M * enum mornin DaPhreak ;)
1117700753 N * Bertl_oO Bertl
1117700779 Q * rs Quit: rs
1117700857 M * DaPhreak well there's the right person awaking .. ;) morning Bertl 
1117700870 M * Bertl enum: yes, xen uses a modified kernel for each guest and a special kernel/supervisor on the host
1117700887 M * Bertl enum: vserver just uses a modified host kernel, no kernels for the guests ;)
1117700906 M * enum hmm, can vserver run on a 64-bit host?
1117700941 M * Bertl yup, it was successfully tested on s390x, sparc64 and x86_64
1117700952 M * enum also, are there performance costs with running all hosts on the same kernel like that?
1117700962 M * enum I know uml is setup on the host kernel, but is really slow
1117700977 M * Bertl no, it's more a performance win, because do you not _have_ a guest kernel
1117700982 Q * prae_ Quit: Client exiting
1117700993 M * Bertl (i.e. no kernel overhead in the guest ... same performance as native 
1117700993 M * enum I basically plan on using virtual server for hosting.. would this be a good idea
1117701004 M * enum (sorry.. I';m full of q today ) ;p
1117701022 M * Bertl lycos and a bunch of other hosting providers do so, so I guess yes ...
1117701106 M * enum k, just one more I swear.. Does the setup differ extremly on a 64-bit host system?  Or does it just compile in 32-bit mode like most other apps?
1117701264 Q * cryo Ping timeout: 480 seconds
1117701337 M * Bertl enum: on 64bit host, you probably want to compile it 64 bit (the kernel) and you can choose if you have 32bit or 64bit userspace (control utilities)
1117701356 M * enum very nice..
1117701363 M * Bertl but of course, you could also use a 32bit kernel ;)
1117701378 M * enum what sucks..is that I just spent 4 hours compiling a 32-bit gentoo so I could run xen.. 
1117701381 M * enum haha
1117701401 M * enum I think I will give this a try on one of my machines
1117701406 M * Bertl for the guests, you can use the personality settings to make a guest 32 or 64 bit (relatively new ;)
1117701426 M * enum thanks Bertl !  You have been a HUGE help
1117701432 M * Bertl you're welcome!
1117701446 M * enum wait.. so I can run 64-bit guests as well?!
1117701450 M * enum I love this
1117701466 M * Bertl sure, you can do everything you can do on the host
1117701882 J * rs ~rs@imhotep.rhapsodyk.net
1117702229 M * Bertl hey rs!
1117702234 M * rs hey
1117702419 M * Bertl k, have to catch some more sleep ... back later ...
1117702427 N * Bertl Bertl_zZ
1117702463 M * SiD3WiNDR does asterisk run under vserver?
1117703232 Q * rs Quit: rs
1117703524 J * cryo ~say@212.86.243.154
1117704773 J * rs ~rs@m216.net81-66-20.noos.fr
1117704915 J * virtuoso ~s0t0na@80.253.205.251
1117707601 J * Aiken ~james@tooax6-196.dialup.optusnet.com.au
1117708364 Q * rs Quit: rs
1117710148 J * zimbo ~zimbo@callisto.dom.bonis.de
1117711412 J * ruuth VooDoo@topas.informatik.uni-ulm.de
1117712933 N * Bertl_zZ Bertl
1117713329 M * Doener` morning again Bertl
1117713357 M * Bertl hey Doener`! really needed a 'nap' ...
1117713429 M * Bertl hey Aiken! zimbo! you're new here?
1117713487 M * Bertl Doener`: do you feel able to do some source browsing, or still too busy?
1117713487 M * Aiken yes
1117713488 M * Pazzo hi Bertl, Doener!
1117713515 M * Bertl Aiken: can we do anything for you, or just watching ... (which is fine too ;)
1117713530 M * Aiken been playing with vserver on a 2.4.29 kernel fior abit, only juts found out abt this channel tonight
1117713565 M * Doener` Bertl: i'll cancel my presentation... won't get it done in time, so yes, i have time now ;)
1117713580 J * rs ~rs@mon75-8-82-230-181-39.fbx.proxad.net
1117713588 M * Bertl hmm, sure about that? I mean, those things should have priority!
1117713592 M * ruuth hi! is it possible to run IPCOP as a vserver guest?
1117713628 M * Bertl ruuth: propably, but I'm not sure it's a good idea though
1117713635 M * ruuth why?
1117713686 M * Bertl well, you get a little 'more' protection by the secure chroot, and the missing caps, but you need at least raw network access ...
1117713733 M * Doener` Bertl: well, i'm not canceling it because i want to get free time, but because i will not be able to get it done in time...
1117713751 M * ruuth Bertl: I can only can/want to set up 1 Server and want to gain this little more protection. IPCop would get eth1 exclusive for DSL.
1117713801 M * Bertl well, yes, my question basically is, why not put it on the host?
1117713836 M * ruuth Bertl: You know - the german computer magazine c't did a debian project with ipcop in UML and considers it as relatively secure ...
1117713867 M * ruuth Bertl: Because IPCOP seems to be a full distro - so I can't put it on the gentoo host ..
1117713890 M * Bertl hmm, yeah, just read that ... somehow remembered it as a service ...
1117713936 M * Bertl well, I guess you have to test it ...
1117713959 M * ruuth Bertl: It'S a real cool all-in-one-packet - but it still uses kernel 2.4 because UML can't be stopped in 2.6 :(
1117713992 M * ruuth Bertl: and I wnat to setup an amd64 server - and the c't server is debian sarge 32 bit :(
1117714032 M * Bertl hmm, well, depends, if it wants to load special modules, you probably have a big problem ;)
1117714075 M * ruuth Bertl: In the mean time I like gentoo and vserver ... so I thought it would be great to combine it ... which modules make trouble?
1117714089 M * ruuth Bertl: Is firewalling inside a vserver is possible?
1117714097 M * Bertl any modules it wants to load into the host kernel
1117714120 M * Bertl ruuth: yes, but it applies for the entire host
1117714167 M * ruuth Bertl: ah ... ok ...
1117714211 M * Bertl but I just read (in their FAQ) that they have a channel at freenode, so maybe pay a visit there and ask them about 'kernel requirements'
1117714256 M * Bertl having proper modules for the 'normal' iptables stuff should not be hard with a vserver kernel
1117714548 M * Bertl Doener`: I'm doing (well one of my scripts is right now) a breakdown of the 2.0-rc3 for reviewing ...
1117715030 M * ruuth Bertl: Ok - il'll try it there - many thanks!
1117715049 Q * rs Quit: rs
1117715082 M * Bertl ruuth: you're welcome!
1117715205 M * eyck 2.4.31 is out
1117715208 M * eyck Aiken:
1117715220 M * eyck unchrological a bit,
1117715221 M * eyck today
1117715223 M * eyck are we
1117715227 M * eyck yes?
1117715234 M * Bertl ah, no ... ;)
1117715280 M * Aiken so it means there is a new kernel for 2 machines I don't want to upgrade
1117715300 M * Aiken are there any limits on what the host filesystem is? ie I had problems with setattr on reisferfs
1117715300 M * Aiken was with 2.6.11.10 + vserver 2.0rc2 + util-vserver-0.30.207
1117715364 M * Bertl reiserfs needs a special 'attrs' mount option, IIRC 
1117715372 M * Bertl (only Hans knows why, I guess ;)
1117715388 M * Bertl Doener`: http://vserver.13thfloor.at/Experimental/del-vs2.0-rc3/
1117715569 M * Aiken in my defense I'll claim to not being able to find that option in the man page
1117715648 M * Bertl well, yeah, I had to look in the source too ...
1117715657 M * SiD3WiNDR that's ghey. :)
1117715678 M * SiD3WiNDR it's too hot! :(
1117716105 J * DuckMaster ~duckx@195.75.27.158
1117716204 Q * DaCa Ping timeout: 480 seconds
1117716484 Q * albeiro Ping timeout: 481 seconds
1117716593 J * albeiro ~albeiro@procyon.romke.net
1117717887 M * aba Hm. I have something mounted in one vserver, but can't unmount it (not from outside because I don't know which namespace, and not from inside because ?). Any hints?
1117718103 M * Bertl does the guest have an xid?
1117718128 M * aba xid? What's that? :P
1117718137 M * aba you mean a context id?
1117718161 M * Bertl yup
1117718165 M * aba yes, it has.
1117718197 M * Bertl vnamespace -e %xid -- umount ...
1117718214 M * aba vnamespace -e $(cat /etc/vservers/athene/context) mount should show the correct mounts?
1117718252 M * Bertl no, but vnamespace -e cat /proc/mounts might ...
1117718265 M * Bertl -e %xid that is
1117718310 M * aba vnamespace: vc_xidopt2xid("%16"): No such file or directory
1117718323 M * aba or am I just too stupid? :)
1117718351 M * Bertl hmm, well, and I guessed folks would misinterpret <xid> ;)
1117718405 M * aba Bertl: so, what do you mean with %xid?
1117718417 M * aba I did a "-e 16", and didn't work.
1117718427 M * Bertl how did it fail?
1117718442 M * aba showing all mounts of the master machine
1117718460 M * Bertl well, some of them, but also the relevant ones I hope
1117718474 M * Bertl (after all you are still on the host)
1117718517 M * Doener` in the vserver namespace you got the host mounts + the vserver mounts... of course you can't reach the former from within the vserver because of the chroot
1117718532 M * Bertl you can do 'vnamespace -e 16 -- chroot /vservers/athene /bin/bash
1117718539 M * aba ok.
1117718548 M * Bertl hmm, no, requires a chcontext too ;)
1117718566 M * aba so, just the umount doesn't want to work because it's not mounted. Bah.
1117718570 M * Bertl but it's probably easier to just do the umount ...
1117718589 M * aba ah, did it.
1117718592 M * aba ok, thanks,
1117718616 M * Bertl np, btw, what symbolism would you interpret as the context number?
1117718638 M * Bertl (e.g. <xid> %xid $xid `xid` ....)
1117718675 M * Doener` you'll get 5 answers if you ask this question 4 times ;)
1117718675 M * aba $(cat /etc/vserver/<your vservername>/context)
1117718690 M * Bertl ah, so <xid> then ;)
1117718691 M * aba or alternativly just an <xid>, where xid is the number ...
1117718710 M * Bertl okay, will move back to that, seems to be better understood ...
1117718717 M * Doener` btw, vnamespace -e <vserver> should also work with recent tools...
1117718735 M * Bertl yeah, the vc_xidopt2xid() suggests that
1117718842 J * sebd ~sebd@lesdeveloppementsdurables.org
1117718850 M * Bertl welcome sebd!
1117718852 Q * explasm__ Remote host closed the connection
1117718858 M * sebd hello all
1117720093 M * Aiken considering it will be Friday in 12 minutes for me I think. night all would be better  :)
1117720144 Q * ruuth Quit: Nettalk6 der Freeware IRC-Client
1117720166 Q * Aiken Quit: Leaving
1117720269 J * rs ~rs@Laubervilliers-151-13-4-57.w82-127.abo.wanadoo.fr
1117720808 J * rs_ ~rs@Laubervilliers-151-13-4-57.w82-127.abo.wanadoo.fr
1117720824 Q * rs Ping timeout: 480 seconds
1117721500 Q * Vudumen Ping timeout: 480 seconds
1117721696 J * Vudumen vudumen@perverz.hu
1117722178 M * Bertl wb Vudumen?
1117722315 M * Vudumen hi Bertl :)
1117722340 M * Bertl hey, I'd like to compile and boot a testkernel on the sun, is that fine?
1117723186 M * FaUl re
1117723195 M * Bertl wb FaUl!
1117723254 Q * brc Ping timeout: 480 seconds
1117723421 J * DaCa ~danny@mail.limehouse.org
1117725458 J * robig ~robig_m@envoppp90.envia-tel.de
1117725462 M * robig hallo
1117725484 M * robig can sb help me with some vserver trouble?
1117725510 Q * eyck Quit: leaving
1117725670 M * Vudumen Bertl: it's fine :)
1117725756 M * Pazzo robig: don't ask if you might ask a question - ask!
1117725766 M * Bertl Vudumen: was just asking, because there is a chance that it doesn't boot up again ;)
1117725811 M * Vudumen Bertl: in this case i can go to the console.
1117725828 M * Bertl excellent ...
1117726186 J * eyck ~eyck@81.219.64.71
1117726211 J * mef ~mef@pcp09895218pcs.ewndsr01.nj.comcast.net
1117726292 M * robig do i have to make any changes so my sevices in the vserver can be accessed from the outside?
1117726308 M * robig (iptables should be ok)
1117726343 M * Bertl welcome mef!
1117726348 M * mef hey bertl
1117726356 M * Bertl robig: iptables inside a vserver are not supported yet
1117726379 M * Bertl robig: if the 'services' are fine (for your setup) it should work without any modification to the guest
1117726394 M * Bertl (you might need to restrict services on the host though)
1117726442 M * robig hm.. it doesnt work. my three other VS went right, but ne new ones not :(
1117726458 M * mef bertl: the ckrm numtask controller has bugs and we cannot afford to wait for the fix.
1117726467 M * Bertl robig: _what_ doesn't work? ;)
1117726486 M * Bertl mef: numtask like nproc ?
1117726489 M * mef bertl: so for this reason, I want to just leverage the ULIMIT support on the max number of tasks permitted in a vserver.
1117726497 M * mef bertl: nproc yes
1117726520 M * mef bertl: we are still way behind in our util-vservers and so still have /etc/vservers/xyz.conf files.
1117726550 M * Bertl tough luck, but IIRC a few folks started conversion tools (not that it is really hard to do)
1117726550 M * mef bertl: what doc must I read to figure out how to use nproc with the ULIMIT support?
1117726569 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1117726577 M * robig e.g. i installed an apache2 on the new vserver, set it to an free port, set the firewall on the host to accept the port, but i get only "connection refused"
1117726594 M * eyck hmm
1117726603 M * Bertl robig: guest uses same ip as the host?
1117726604 M * eyck why on 2.6.x I can see no vserver-name?
1117726605 M * eyck 49153    5   4.3M   375    0m00s00   0m00s00  10m33s66 
1117726611 M * eyck where did name go?
1117726613 M * robig yes
1117726620 M * Bertl eyck: you are using legacy config ;)
1117726652 M * Bertl robig: and the apache service _did_ start quite fine?
1117726657 M * mef bertl: yikes.. the "pot" page.
1117726673 M * robig the error log says that..
1117726694 M * Bertl mef:  /etc/vservers/vserver-name/rlimits/nproc
1117726703 M * eyck Bertl: is that a bad thing?
1117726708 M * mef bertl: cool
1117726721 M * Bertl robig: okay, check with 'lsof -i' inside the guest
1117726739 M * Bertl eyck: no, but you won't get a name with that unless you set it yourself ;)
1117726754 M * mef I don't have that script... where can I find it?
1117726763 M * mef bertl: I don't have that script... where can I find it?
1117726772 M * Bertl mef: which one?
1117726784 M * mef bertl: /etc/vservers/vserver-name/rlimits/nproc
1117726788 M * robig nice tool :)
1117726804 M * Bertl mef: that's the path to your config file (where you add the process limit)
1117726822 M * robig this says that apache2 is listen on www, but should listen on 8080
1117726832 M * robig hm.
1117726835 M * Bertl mef: see the url I referred you too (btw, it has different stylesheets)
1117726982 M * mef bertl: we still use the old /etc/vservers/vserver-name.conf style of configuration.  So will the /usr/sbin/vserver vserver-name start command just enforce this limit on the vserver (i.e., with the older tools)?
1117727023 M * Bertl mef: no, you have to move on to the new (1 year old) config file format ...
1117727047 M * Bertl (or configure the limit by hand)
1117727138 M * Bertl mef: vlimit --xid <xid> -H --nproc <procs>
1117727174 M * robig now listens on right port.. but still doesnt work 
1117727178 M * mef bertl: as I said, we are lagging behind, but will sync up with your stuff this summer.
1117727213 M * Bertl robig: still connection refused?
1117727259 M * robig yep
1117727271 M * robig the ssh daemon too
1117727276 M * Bertl no logs inside the guest?
1117727286 M * robig nothing seems to be bad
1117727297 M * mef vlimit will restrict the vserver to nprocs until the next reboot?
1117727306 M * mef bertl: vlimit will restrict the vserver to nprocs until the next reboot?
1117727309 M * Bertl robig: you sure that your firewalling doesn't interfere?
1117727333 M * Bertl mef: yes, and you do not have to prefix every question, I read you anyways ;)
1117727381 M * robig i checked it and checked it... but im not realy sure..
1117727401 M * Bertl robig: maybe you could disable your firewall for a short test?
1117727422 M * robig nice idea..
1117727524 M * FaUl Bertl: you highlightedme some days ago?
1117727541 M * Bertl likely, but don't aks me why ;)
1117727579 M * FaUl hehe
1117727646 M * Pazzo Bertl: (little feedback) 2.6.11.11-vs2.0-rc3 seems to be running fine - like all the other rc's 'til now ;-)
1117727656 M * Bertl good!
1117727660 M * robig do you know how i can delete all chains quickly?
1117727669 M * robig and add one to allow all?
1117727744 M * Bertl iptables -F <chain> -P <chain> ACCEPT
1117727783 M * Bertl (for the chains INPUT, OUTPUT, FORWARD, and -t nat PREROUTING, POSTROUTING, OUTPUT)
1117727946 J * Doener_ ~doener@p54875F1F.dip.t-dialin.net
1117728004 M * mef bertl: the version of vlimit I have is ancient and does not support those options. :(
1117728031 M * Bertl mef: get a new one http://www.13thfloor.at/~ensc/util-vserver/files/alpha/
1117728384 Q * Doener` Ping timeout: 480 seconds
1117729441 J * eXplasm explasm@p549FED5C.dip.t-dialin.net
1117729544 P * DuckMaster Leaving
1117730211 M * romke hmm, in topic there stil is -rc2 - should it be -rc3?
1117730230 M * Bertl horrible! please change it ;)
1117730253 T * romke http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-rc3, ng9.5  -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)    
1117730376 M * Bertl Doener_: hmm, seems they are rerunning my patches every day now (osdl/plm)
1117730534 M * Doener_ hm, any reason for doing so?
1117730575 M * Bertl probably because I did provide feedback on the clock/build issues ;)
1117730596 M * Bertl not that it did get better ;)
1117730611 M * Bertl ah, btw, you still want/need an explanation for the regress stuff?
1117730619 M * Doener_ sure :)
1117730630 M * Bertl I had a look at the scripts yesterday ...
1117730648 M * Bertl they basically run the build (kernel/modules) for each subsystem (directory)
1117730663 M * Bertl and account the warnings/errors for that one ...
1117730673 M * Bertl so Building fs/coda: 2 warnings, 0 errors
1117730684 M * Bertl means that this dir did give 2 warnings
1117730705 M * Bertl they also check for different configs ...
1117731073 Q * eyck Ping timeout: 480 seconds
1117731336 Q * Hollow Remote host closed the connection
1117731393 J * Hollow ~Hollow@home.xnull.de
1117731943 J * brc bruce@200165222071.user.veloxzone.com.br
1117732146 Q * alexx Quit: Bye
1117732652 M * Bertl welcome Hollow! brc!
1117732660 M * Hollow heya Bertl 
1117732676 M * Doener_ off now, back tomorrow...
1117732679 N * Doener_ Doener|gon
1117732680 N * Doener|gon Doener|gone
1117732802 Q * brc Quit: BitchX: often imitated, never duplicated!
1117733523 M * FaUl *sproing*
1117734106 M * Bertl *sproing* ? like the faul in a box? ;)
1117734371 J * eyck ~eyck@81.219.64.71
1117734433 M * FaUl Bertl: ack
1117734434 M * FaUl :-)
1117734542 J * alexx ~alexx@82.225.136.176
1117734563 M * Bertl welcome alexx!
1117734576 M * alexx hello all :)
1117734710 M * FaUl     ich bin immo und dies ist ein test blah fasel foo bar baz
1117734712 M * FaUl oh
1117734721 M * FaUl just fixing my keyboard :-)
1117734762 M * FaUl that spacebar doesn't work fine
1117734845 M * FaUl fsck
1117734949 M * FaUl ah 
1117734951 M * FaUl much better now
1117734953 M * FaUl  :-)
1117735084 J * monrad ~monrad@213083190130.sonofon.dk
1117735348 M * Bertl FaUl: hmm, well ... you know that the channel is logged? ;)
1117735369 M * DaPhreak well 4 times or so ;)
1117735374 M * DaPhreak at once .. :D
1117735381 M * FaUl Bertl: i don't care about logs :-)
1117735402 M * Bertl good ;)
1117735455 M * DaPhreak Bertl: any idea's about that /dev/log pipe listening ?
1117735528 Q * eyck Quit: leaving
1117735720 M * Bertl DaPhreak: I hoped that we already had resolved that one ;)
1117735745 M * Bertl DaPhreak: no seriously, you will need to use a separate pipe for each guest
1117736028 M * Bertl and the host's log has to listen to them ...
1117736076 M * DaPhreak yeah .. thats what I did ;) we did yesterday the net-logging ..
1117736280 M * Bertl so you have to configure the syslog-ng to log to /dev/log then ...
1117736309 M * Bertl (or the services)
1117736350 M * DaPhreak inside of the guest ?!
1117736365 J * eyck eyck@81.219.64.71
1117736377 M * eyck eh
1117736401 M * Bertl well, do you have a syslog-ng config at hand for the host?
1117736422 M * DaPhreak yeah .. as yesterday
1117736425 M * eyck sure, which host?
1117736441 M * Bertl DaPhreak: url (maybe in private)
1117736680 Q * rs_ Quit: rs_
1117736714 M * mef bertl: I am trying to use my old version of vlimit to set nproc with "vlimit -c 510 -H --6 1000", but it fails without error.
1117736756 M * mef bertl: we will upgrade to the latest version of util-vserver.  So I just want to do whatever hack is necessary to set the nproc limit.
1117736778 M * mef bertl: we will upgrade, but can't do this right now, but I need to set nproc limits asap. :(
1117736879 J * shuri sjnesjd@64.235.209.226
1117737174 M * Bertl mef: what kernel version?
1117737179 M * Bertl welcome shuri!
1117737224 M * mef 2.6.10 with vserver 1.9.3.17
1117737250 M * mef Our 2.6.10 kernel is based on the latest FC2 release.
1117737250 M * Bertl should support the vc_set_limit syscall command ...
1117737281 M * mef you mean vc_set_rlimit or is there also a vc_set_limit?
1117737294 M * Bertl no, vc_set_rlimit it is ...
1117737317 M * mef actually... it does support the syscall, as it works with a vlimit from the latest version of util-vservers.
1117737334 M * Bertl so why not use that?
1117737337 M * mef for reasons I don't want to get into, I need to make our version of vlimit.
1117737365 M * Bertl well, then go ahead, the interface (API/ABI) is public, no?
1117737384 M * Bertl http://vserver.13thfloor.at/Stuff/API-2.0/
1117737411 M * Bertl should work fine for 1.9.3.17 (regarding limits)
1117737478 M * mef I guess I am trying to understand the CALL_VC(CALL_VC_V11... etc. magic in our version of util-vserver/lib/syscall_rlimit.c.
1117737516 M * mef vc_get_rlimit works.
1117737542 M * shuri hi Bertl!
1117737544 M * mef but the vc_set_rlimit in our ancient version does not.
1117737547 M * Bertl you should use the templates/includes from the API ...
1117737626 M * shuri is there any doc about 2.0-rc installation?
1117737646 M * Bertl shuri: hmm, no? patch, compile, boot?
1117737672 M * Bertl mef: you can take the vdlimit as example ...
1117737676 M * shuri aplha tools?
1117737692 M * Bertl advised, but not strictly required ...
1117737798 M * shuri so it should be the same features of 1.9 right?
1117737827 M * Bertl features are basically identical, some things have been removed though and others have been fixed
1117737850 M * shuri good
1117737929 Q * cryo Ping timeout: 480 seconds
1117738012 M * mef bertl: with vdlimit, are you suggesting that I make the syscalls in a manner similar to vserver(VCMD_add_dlimit, ...)?
1117738039 M * Bertl yup, that's how all my experimental tools do it ...
1117738063 M * mef excellent.
1117738506 M * Bertl okay, folks ... off for now ... back later ...
1117738518 N * Bertl Bertl_oO
1117738588 M * eyck okay
1117739308 Q * shuri Ping timeout: 480 seconds
1117740088 M * mef bertl: turns out that my unmodified, yet ancient version of vlimit had a cut-n-paste bug.  It did not set up the limit->hard/maximum value properly. Easy fix.
1117741005 J * hwarrier ~harikb@64.161.133.227
1117741600 J * cryo ~say@212.86.243.154
1117743051 Q * alexx Quit: Bye
1117746007 Q * robig Read error: Connection reset by peer
1117747115 N * Bertl_oO Bertl
1117747130 M * Bertl evening folks!
1117747225 M * albeiro evening Bertl :)
1117747347 M * DaPhreak welcome back Bertl :)
1117747545 M * mef hey bertl
1117747563 M * mef got vlimit working.
1117747575 M * Bertl yeah, read it!
1117747575 M * mef turns out the old version I had contained a cut-n-paste error.
1117747582 M * mef cool
1117747612 M * mef what are the units for RSS for the vlimit command?
1117747625 M * mef kilo or mega bytes?
1117747628 M * mef or bytes?
1117747632 M * mef or pages?
1117747683 M * FaUl *gaehn*
1117747690 A * FaUl 'll go to bed now i guess
1117748027 M * Bertl mef: pages
1117748081 M * mef bertl: thanks... just figured that one out by running lmbench memsize.
1117748093 M * mef bertl: and playing around with the limit values.
1117748110 M * mef bertl: excellent!
1117748128 M * Bertl fascinating what kind of limits linux-vserver already has, no?
1117748179 M * Bertl btw, you could make yourself extremely useful by testing the different limits (especially the semaphore/shared memory limits are almost untested)
1117748699 M * mef AS == shared memory limits?
1117748747 M * Bertl AS is adress space (or VM limits)
1117748754 J * alexx ~alexx@82.225.136.176
1117748772 M * mef bertl: "you the man"... we'll probably switch pretty quickly.
1117748801 M * mef which ones are the semaphore/shared memory limits?
1117748816 M * mef what kinds of things do apps have to do to hit those limits?
1117748850 M * mef by shared memory are you referring to sysv shared memory or basic sharing of pages between processes?
1117748884 M * Bertl you already found the /proc/virtual/<xid>/* entries?
1117748898 M * Bertl sysv shm 
1117748994 M * mef besides installing multiple copies of postgres in separate vservers, what other "real" apps out there use sysv shm?
1117749013 M * Bertl no idea, same goes for the semaphores ...
1117749036 M * Bertl but we added the limits/accounting and didn't really get around testing them ;)
1117749133 M * mef we'll probably run a benchmark of postgres in the not to distant future, as we are planning to run all of the benchmarks presented in the 2003 SOSP paper on "Xen and the art of virtualization".
1117749162 M * Bertl ah, good idea ;)
1117749172 M * mef I thought in vserver the sysv shm spare was separated out between vservers.  Pardon being a fool and asking this question, what is it that you need to limit?
1117749197 M * Bertl there is a host side limit, which is a kind of upper bound
1117749216 M * mef hmph... I suppose the xen folks wont have that kind of limitations, right?!
1117749224 M * Bertl the isolation does prevent that the guests can access the resources, but it doesn't elevate the limit ...
1117749271 M * mef ok... will promise to test that as part of our comparison of xen vs. vserver (or more generally paravirtualization vs. OS virtualization).
1117749290 M * mef or rather, I promise to find someone who will test it. :)
1117749322 M * Bertl good, also make sure that you test _several_ instances (guests) running at the same time ... (with shared sources, maybe unified ;)
1117749354 M * Bertl according to xen terminology we probably reach about 150-200% native speed then ;)
1117749421 M * mef What happens when a process hits the RSS limit? Does it just get killed or is it forced to swap out?
1117749465 M * mef bertl: there will be a scalability test for sure, which is a big reason PlanetLab uses vserver.
1117749501 M * mef bertl: at any given instant in time there are 30-40 vservers running on a planetlab node (most nodes have 1GB RAM and a reasonably fast proc).
1117749529 M * mef bertl: would be hard to do that with Xen, though, they are working on things that will let them reduce their mem foot print.
1117749546 M * Bertl mef: no process is swapped unless real memory is exhausted
1117749566 M * Bertl (that's the only way to sanely deal with it, remember?)
1117749585 M * Bertl but in the future we might penalize access above a soft limit
1117749602 M * Bertl for now the hard limit just returns -ENOMEM where applicable
1117749660 M * mef bertl: ok
1117749754 J * Aiken ~james@tooax6-138.dialup.optusnet.com.au
1117749767 M * Bertl welcome Aiken!
1117749782 M * Aiken good morning
1117749797 M * Aiken just booted with my brand new 2.6.11.11-vs2.0-rc3 kernel
1117749898 M * Bertl you forgot 'shiny' ;)
1117749963 M * DaPhreak yeah .. the brand new shiny .11-vs2.0-rc3(-grsec) works quite fine ;)
1117750059 M * mef bertl: when I set RSS limits and then run a program that exceeds that limit, I get the following message in dmesg
1117750063 M * mef VM: killing process memsize
1117750096 M * mef I thought the prg should just get -ENOMEM?!
1117750311 M * Bertl depends on the configuration of your OOM killer
1117750326 M * Bertl I would assume a strict no overcommit setup
1117751439 M * Aiken which util-vserver to use? I can compile .30 & .30.203 but .03.207 won't compile for me
1117751467 M * Aiken I have been using .30 with my 2.4.29 + vs1.2.10 box fine
1117751551 M * romke Aiken: 30.207 works fine
1117751559 M * Aiken :(
1117751600 M * Aiken it is blowing up with some of the /usr/include/linux headers
1117751605 M * romke Aiken: why 207 won't compile ?
1117751662 M * Aiken I am getting errors with /usr/include/linux/bitops.h /usr/include/asm/processor.h /usr/include/linux/spinlock.h
1117751682 M * Bertl Aiken: details? maybe a build log?
1117751684 M * Aiken this glibc (2.3.2) was build against the headers from a 2.6.8.1 kernel
1117751778 M * Aiken http://pastebin.com/294226
1117751921 M * Aiken how much do you want? that was from the compile that blew up with it's many error messages
1117752131 M * Bertl where does /usr/include/linux/bitops.h come from?
1117752214 M * Aiken a 2.6.8.1 kernel
1117752242 Q * alexx Quit: Bye
1117752342 M * Aiken I thought I have used .30.207 before, unfortunaley this system is a back copy, last week had the worst reiserfs corruption I ever had. bad enough I had to use an old backup to recover my system
1117752375 M * Aiken so can not say what might be different between when I might have had 207 working and now :(
1117752477 M * Aiken glicb 2.3.2, linux headers 2.6.8.1, kernel 2.6.11.11-vs20-rc3, binutils 2.15.92.0.2 and gcc 3.3.5
1117752653 M * Bertl Aiken: what distro is this?
1117752698 M * Aiken my own, a couple of years ago it started as lfs 4.0 and I build my own little distro around that
1117752736 M * Bertl hmm, okay, so you can't tell where the headers come from, I guess
1117752764 M * Bertl because having unprocessed kernel headers in userspace is doomed to fail ... unfortunately
1117752944 M * Aiken I have been working my way back through util-vserver version, .30.204 is that last that I can build
1117754333 J * alexx ~alexx@82.225.136.176
1117754781 J * terr ~gilles@ip-213-49-114-75.dsl.scarlet.be
1117754856 M * terr Hello?
1117755095 M * Bertl hello?
1117755132 M * terr Hi Herbert.
1117755177 M * Bertl greetings Gilles!
1117755180 M * terr A few minutes to enlighten me about possibly terrible mistakes?
1117755247 M * terr I hardly dare tell you I can't make your example work ;-/
1117755295 M * Bertl lol
1117755347 M * terr If you aren't tired yet, please have a look at http://harfang.pastebin.com/294260
1117755690 M * Bertl where do those come from?
1117755691 M * Bertl #
1117755692 M * Bertl 172.83.0.0/24 dev eth0.2  proto kernel  scope link  src 172.83.0.100
1117755837 M * terr I just ran the script pasted there. And it appeared as as consequence.
1117755842 M * Bertl probably your vserver config is bad ...
1117755858 M * Bertl I don't think this is a result of the script I can see
1117755875 M * terr Ooh, let me check...
1117756293 M * terr Of course, right you are.  I make the change and restart the procedure.
1117756585 M * terr Now for something else :-{ all prefixes set to 16.  Running the script and:
1117756587 M * terr RTNETLINK answers: Network is unreachable
1117756587 M * terr RTNETLINK answers: No such process
1117756587 M * terr RTNETLINK answers: Network is unreachable
1117756589 M * terr RTNETLINK answers: No such process
1117756617 M * Bertl config for your vserver?
1117756677 M * terr Same as before, just changed the prefix.