1120003214 N * jonsmel jonsmel_zZ 1120003412 M * Bertl night! 1120004017 M * Bertl okay, folks, I'm off to bed now .. have a good whatever everyone! 1120004047 N * Bertl Bertl_zZ 1120005871 Q * rt_ Ping timeout: 480 seconds 1120006092 J * rt ~rt@195.246.161.1 1120008012 Q * rt Ping timeout: 480 seconds 1120008311 M * Aiken can /vservers be a mount point or is it best to setup the vservers directory under a mount point? 1120008436 J * Blast3r ~NetAdmin@200.72.188.152 1120008440 P * Blast3r 1120009133 M * jkl does anyone know if it is possible to run ssh daemons using the default port on multiple vservers within one host also running ssh ? 1120009149 M * jkl it seems to always log into the host, not the vserver that i try to ssh to 1120009155 M * daniel_hozac bind the host's sshd to its IP address. 1120009186 M * jkl ah, so that it doesnt pickup requests for the aliases? 1120009202 M * daniel_hozac right. 1120009212 M * jkl ok, i should be able to figure that out, thanks 1120010041 J * rt ~rt@195.246.161.1 1120012352 Q * jkl Quit: BitchX-1.0c19 -- just do it. 1120014885 J * Aiken_ ~james@tooax7-238.dialup.optusnet.com.au 1120015210 Q * Aiken Ping timeout: 480 seconds 1120015918 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1120016658 J * neofutur_ ~neofutur@neofutur.net 1120016777 Q * neofutur Ping timeout: 480 seconds 1120017626 N * neofutur_ neofutur 1120017673 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120018450 Q * erwan_taf Ping timeout: 480 seconds 1120021274 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120021905 Q * erwan_taf Ping timeout: 480 seconds 1120024546 J * alexx ~alexx@82.225.136.176 1120025139 J * case ~case@donpanic.faveve.uni-stuttgart.de 1120027959 J * sukria ~sukria@sargon.lncsa.com 1120028686 Q * are|lunch Ping timeout: 480 seconds 1120029404 J * Doener ~doener@p54874AA3.dip.t-dialin.net 1120029484 M * Doener morning folks 1120029586 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120030139 Q * Aiken_ Quit: Leaving 1120030177 M * maharaja hi deoner 1120030400 Q * erwan_taf Ping timeout: 480 seconds 1120031227 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120031282 Q * erwan_taf Quit: 1120031295 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120032215 Q * erwan_taf Quit: Leaving 1120032217 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120032413 J * BWare ~bware@office.intouch.net 1120032911 Q * mountie Remote host closed the connection 1120032919 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1120033021 J * sizo janek@openbug.org 1120033041 M * sizo hi 1120033306 M * Doener welcome sizo 1120033960 Q * erwan_taf Ping timeout: 480 seconds 1120034060 Q * lilo Ping timeout: 480 seconds 1120034070 Q * locksy Ping timeout: 480 seconds 1120034379 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120034627 M * virtuoso Doener: hey 1120034706 M * sizo hi doener 1120034709 M * sizo rt; hi 1120034710 M * sizo ;) 1120035033 Q * erwan_taf iridium.oftc.net helium.oftc.net 1120035033 Q * BWare iridium.oftc.net helium.oftc.net 1120035033 Q * case iridium.oftc.net helium.oftc.net 1120035033 Q * flock iridium.oftc.net helium.oftc.net 1120035033 Q * eyck iridium.oftc.net helium.oftc.net 1120035033 Q * sannes iridium.oftc.net helium.oftc.net 1120035033 Q * monrad iridium.oftc.net helium.oftc.net 1120035033 Q * Hollow iridium.oftc.net helium.oftc.net 1120035033 Q * anonymousc iridium.oftc.net helium.oftc.net 1120035033 Q * Johnsie iridium.oftc.net helium.oftc.net 1120035033 Q * pattieja iridium.oftc.net helium.oftc.net 1120035033 Q * nox iridium.oftc.net helium.oftc.net 1120035034 Q * sizo iridium.oftc.net helium.oftc.net 1120035034 Q * mountie iridium.oftc.net helium.oftc.net 1120035034 Q * sukria iridium.oftc.net helium.oftc.net 1120035034 Q * alexx iridium.oftc.net helium.oftc.net 1120035034 Q * rt iridium.oftc.net helium.oftc.net 1120035034 Q * matti iridium.oftc.net helium.oftc.net 1120035034 Q * rs iridium.oftc.net helium.oftc.net 1120035034 Q * neofutur iridium.oftc.net helium.oftc.net 1120035034 Q * Loki|muh iridium.oftc.net helium.oftc.net 1120035034 Q * stephenM iridium.oftc.net helium.oftc.net 1120035034 Q * jonsmel_zZ iridium.oftc.net helium.oftc.net 1120035034 Q * Vudumen iridium.oftc.net helium.oftc.net 1120035034 Q * maharaja iridium.oftc.net helium.oftc.net 1120035034 Q * tchan iridium.oftc.net helium.oftc.net 1120035037 Q * albeiro iridium.oftc.net helium.oftc.net 1120035037 Q * meebey_ iridium.oftc.net helium.oftc.net 1120035037 Q * zimbo iridium.oftc.net helium.oftc.net 1120035037 Q * mugwump iridium.oftc.net helium.oftc.net 1120035037 Q * sladen iridium.oftc.net helium.oftc.net 1120035037 Q * SNy iridium.oftc.net helium.oftc.net 1120035037 Q * Pazzo iridium.oftc.net helium.oftc.net 1120035037 Q * micah iridium.oftc.net helium.oftc.net 1120035037 Q * janra iridium.oftc.net helium.oftc.net 1120035037 Q * Hunger iridium.oftc.net helium.oftc.net 1120035037 Q * Doener iridium.oftc.net helium.oftc.net 1120035037 Q * Zoiah iridium.oftc.net helium.oftc.net 1120035037 Q * SiD3WiNDR iridium.oftc.net helium.oftc.net 1120035037 Q * dsoul iridium.oftc.net helium.oftc.net 1120035037 Q * mcp iridium.oftc.net helium.oftc.net 1120035037 Q * id iridium.oftc.net helium.oftc.net 1120035037 Q * virtuoso iridium.oftc.net helium.oftc.net 1120035037 Q * FaUl iridium.oftc.net helium.oftc.net 1120035037 Q * DaPhreak iridium.oftc.net helium.oftc.net 1120035037 Q * aba iridium.oftc.net helium.oftc.net 1120035155 J * sizo janek@openbug.org 1120035155 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1120035155 J * BWare ~bware@office.intouch.net 1120035155 J * Doener ~doener@p54874AA3.dip.t-dialin.net 1120035155 J * sukria ~sukria@sargon.lncsa.com 1120035155 J * case ~case@donpanic.faveve.uni-stuttgart.de 1120035155 J * alexx ~alexx@82.225.136.176 1120035155 J * neofutur ~neofutur@neofutur.net 1120035155 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1120035155 J * rt ~rt@195.246.161.1 1120035155 J * matti matti@linux.gentoo.pl 1120035155 J * rs ~rs@imhotep.rhapsodyk.net 1120035155 J * eyck eyck@81.219.64.71 1120035155 J * sannes ~ace@cm-84.118.217.070.chello.no 1120035155 J * Loki|muh loki@satanix.de 1120035155 J * stephenM ~stephen@user-2774.l6.c5.dsl.pol.co.uk 1120035155 J * monrad ~monrad@213083190130.sonofon.dk 1120035155 J * Hollow ~Hollow@home.xnull.de 1120035155 J * anonymousc ~anonymous@staff.internode.com.au 1120035155 J * aba ~aba@eos.turmzimmer.net 1120035155 J * Johnsie ~john@acs-24-154-32-12.zoominternet.net 1120035155 J * pattieja ~pattieja@adsl-69-153-174-41.dsl.stlsmo.swbell.net 1120035155 J * nox ~nox@noxlux.de 1120035155 J * Hunger Hunger.hu@levnor.hu 1120035155 J * jonsmel_zZ ~jscottorn@209.33.206.3 1120035155 J * Vudumen vudumen@perverz.hu 1120035155 J * maharaja maharaja@ipax.at 1120035155 J * Zoiah Zoiah@matryoshka.zoiah.net 1120035155 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1120035155 J * tchan ~tchan@c-24-13-81-164.hsd1.il.comcast.net 1120035155 J * dsoul darksoul@pingu.ii.uj.edu.pl 1120035155 J * mcp ~hightower@wolk-project.de 1120035155 J * albeiro ~albeiro@albeiro.usercloak.oftc.net 1120035155 J * id ~id@relax-media.softwarezentrum.de 1120035155 J * virtuoso ~s0t0na@80.253.205.251 1120035155 J * meebey_ meebey@booster.qnetp.net 1120035155 J * zimbo ~zimbo@callisto.dom.bonis.de 1120035155 J * mugwump ~samv@210-54-92-184.ipnets.xtra.co.nz 1120035157 J * sladen paul@starsky.19inch.net 1120035157 J * janra janra@paradox.homeip.net 1120035157 J * SNy ~mfr@bmx-chemnitz.de 1120035157 J * Pazzo ~Pazzo@host130-250.pool8172.interbusiness.it 1120035157 J * micah micah@micha.hampshire.edu 1120035157 J * FaUl ~immo@ip88.164.1211G-CUD12K-01.ish.de 1120035157 J * DaPhreak ~phreak@styx.xnull.de 1120035626 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120035773 M * rt just to inform you all: sizo is my stalker... 1120035852 M * sizo :-D 1120036755 Q * erwan_taf Ping timeout: 480 seconds 1120037301 M * Hollow morning * 1120037309 M * Hollow DaPhreak: pingy 1120037702 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120038722 M * DaPhreak Hollow: pong 1120038733 M * Hollow >query 1120039061 J * eXplasm explasm@p549F7A10.dip.t-dialin.net 1120039202 Q * rs Quit: rs 1120039791 Q * erwan_taf Remote host closed the connection 1120040132 Q * sukria Quit: see you 1120040350 T * services.oftc.net : http://linux-vserver.org/ | latest stable 1.2.10, devel 1.9.5, 2.0-rc4, ng9.5 -- He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1120040363 Q * Hollow Remote host closed the connection 1120040710 J * Hollow ~Hollow@home.xnull.de 1120040789 J * locksy ~locksy@mrtg.sisgroup.com.au 1120042130 M * rt is there already a new version of the vserver-utils like vserver-copy? my version needs a vserver.conf.... 1120042183 M * rt util-vserver 0.30.204-5 1120042223 Q * Hollow Remote host closed the connection 1120042335 M * sizo rt; jup 1120042349 M * sizo 0.30.207 1120042369 M * sizo if you're like alpha releases 1120042387 M * sizo rt; http://www.13thfloor.at/~ensc/util-vserver/files/alpha/util-vserver-0.30.207.tar.bz2 1120042667 M * sizo s/\'re//g 1120042969 M * rt sizo can t speak english very well, his teacher was his mother ;) 1120043210 J * are|lunch ~are@gateway-dsl.lihas.de 1120043229 Q * are|lunch Quit: 1120043275 M * sizo rt; don't be rude, boy! ;) 1120043319 M * sizo join #flirt.de if you need attention and/or friends;) 1120043404 M * sizo gtg.. :) 1120043405 P * sizo part. 1120044667 J * sukria ~sukria@213.223.184.194 1120044948 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120045317 J * Hollow ~Hollow@home.xnull.de 1120045372 Q * rt Read error: Connection reset by peer 1120045382 J * rt ~rt@195.246.161.1 1120045506 Q * Hollow Remote host closed the connection 1120045512 J * Hollow ~Hollow@home.xnull.de 1120045777 Q * erwan_taf Quit: Leaving 1120046006 J * rs ~rs@staff.lycos.fr 1120046559 J * rt_ ~rt@195.246.161.1 1120046559 Q * rt Read error: Connection reset by peer 1120046612 Q * rt_ Quit: 1120047067 J * kd ~kd@uw106.internetdsl.tpnet.pl 1120047151 Q * kd Quit: 1120047643 J * ruuth VooDoo@topas.informatik.uni-ulm.de 1120047709 J * rt ~rt@195.246.161.1 1120047893 N * Bertl_zZ Bertl 1120047897 M * id Hi Bertl 1120047905 M * Bertl morning folks! 1120047908 M * id #slept well ? 1120047959 M * Bertl I guess so .. 1120047968 A * Bertl still has to wake up completely ... 1120047987 M * eyck 0good luck 1120048089 M * Hollow morning Bertl 1120048172 M * Bertl hey eyck! Hollow! 1120048210 M * eyck hello, 1120048240 M * eyck those gals at #flitrt.de, they seem like then don't speak civilised languages.... 1120048319 M * Bertl what do you expect from a bunch of russian guys :) 1120048326 M * SNy hehe 1120048332 M * SNy what server is that on 1120048342 A * SNy wants to see for himself 1120048597 J * _ag_ ag@caladan.roxor.cx 1120049319 M * Bertl welcome _ag_ 1120049334 M * _ag_ Bertl: hi 1120049453 M * aba Bertl: I have one question about devices: Is it possible to allow the root into a vserver to create some "safe" devices (or to copy existing dev entries around)? 1120049497 M * rt hmm, when i do a reboot inside my vserver, the vserver is going down, but it doesn t come up 1120049509 M * Bertl aba: currently not, but if that becomes an issue, we could switch to a general device protection 1120049531 M * Bertl rt: kernel/version/distro/config? 1120049550 M * aba Bertl: for now, I do it with a cron job on the master, but that's not as nice as I wish 1120049594 M * rt patch-2.6.11.10-vs2.0-rc2.diff.bz2 / util-vserver 0.30.204-5 / vserver-debian 0.1.10 1120049595 M * aba and, BTW, I would like to get pbuilder running some time, which means I need to be able to not only extract chroots, but also to mount proc inside 1120049600 M * Bertl hmm, what devices do you copy around, IIMA? 1120049620 M * Bertl rt: try to update to 0.30.207 1120049663 M * rt ok, there isnt a .deb of version 207, right? 1120049677 M * Bertl it shuld be in broken^Wunstable :) 1120049688 M * rt :-) 1120049706 M * Bertl actually I'm wrong, because I should refer to sarge as broken :) 1120049754 M * Bertl aba: proc mounts should be fine (with 2.0) 1120049772 M * Bertl aba: btw, any plans how to proceed with sarge and 2.0 ? 1120049911 M * aba Bertl: no plans from that, at least on my side ... 1120049914 M * aba sorry. 1120049919 M * Bertl np 1120049921 M * aba Bertl: didn't try proc mounts recently 1120050688 M * _ag_ i already sought in the wiki, then found nothing, where is the cvs/svn for vserver? 1120050787 M * Bertl ha! well, we have two repositories for the tools, one is at savannah, the other on openfoundry, but no cvs/svn for the kernel stuff ... 1120050918 M * _ag_ Bertl: ok :) so if i wanna do some patches for 2.6 branch, i can use the last version 1.9.5? 1120050942 M * Bertl kernel side? I'd go for one of the 2.0-rc4 releases 1120050956 M * Bertl currently 2.6.11.11 and 2.6.12 1120050984 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.11.11-vs2.0-rc4.diff.bz2 1120051030 M * Bertl http://www.13thfloor.at/~doener/vserver/patches/patch-2.6.12-vs2.0-rc4.diff.bz2 1120051049 M * Bertl what patches do you plan to do, IIMA? 1120051083 M * _ag_ Bertl: non-i386 hardware related: arm, hppa, sparc, and so on... 1120051098 M * Bertl interesting, anything missing there? 1120051121 M * _ag_ in case of issues, sukria already notices issues on sparc64 1120051145 M * Bertl you have access top all this hardware? 1120051147 M * _ag_ i haven't fully tested yet, planning to do so 1120051150 M * _ag_ Bertl: yep :) 1120051155 M * Bertl excellent! 1120051195 M * sukria _ag_: true 1120051230 M * Bertl well, there are a bunch of 'issues' left ... sparc64 should not be one of the archs .. but hey it's some time since I tested on sparc64 1120051241 M * _ag_ on sparc64, it seems to be mainly alignement constraints 1120051252 M * _ag_ explaining the SIGBUSes 1120051254 M * sukria _ag_: exactly, SIGBUS 1120051263 M * Bertl yeah, but that's userspace, no? 1120051289 M * Bertl btw, same is even more true for alpha (arch) 1120051291 M * sukria I think the problem comes from the vserver tools, IIRC 1120051326 M * Bertl _ag_: but don't get me wrong, your help is more than welcome! 1120051365 M * _ag_ Bertl: you haven't said anything upsetting :) 1120051379 M * Bertl feel free to ask me when you need anything ... 1120051481 M * Bertl btw, arm is basically untested, i.e. I booted a kernel there, but had no userspace available ... 1120051501 M * Bertl hppa is running quite fine in my basement ... 1120051547 M * Bertl (of course it requires the special parisc patches *sigh*) 1120051567 M * _ag_ vserver is incredibly cool, it deserves portability :) 1120051586 M * Bertl exactly my opinion! 1120051728 M * Bertl _ag_: you do not have an alpha too by any chance? 1120051745 M * _ag_ Bertl: i have too 1120051782 M * Bertl great! it works there to some extend, but it actually needs some recoding in alpha internals 1120051796 M * _ag_ btw, mips and mipsel too :) 1120051810 M * Bertl even better :) 1120051948 M * Bertl _ag_: hmm, and as I can see, you like debian ... 1120051971 M * _ag_ Bertl: completely crazy indeed ;P 1120051993 M * Bertl which brings me to dietlibc being broken on many archs ... 1120052037 M * Bertl and the build system (or more precisely the debian package for util-vserver) seems to get the cross compile stuff wrong ... 1120052078 M * Bertl recently I downloaded the alpha package (for unstable, IIRC) and they use the wrong syscall (i.e. the one for x86) 1120052096 M * Bertl naturally it didn't work ... 1120052358 M * _ag_ i suppose the maintainer didn't care about non-i386, period 1120052403 M * aba _ag_: more like not enough QA spent on it pre-release 1120052614 N * jonsmel_zZ jonsmel 1120052623 M * Bertl morning jonsmel! 1120052633 M * jonsmel morning bert, all! 1120053378 Q * rs Quit: rs 1120053654 J * rs ~rs@staff.lycos.fr 1120053856 J * eric__ ~eric@ool-182cef46.dyn.optonline.net 1120053862 N * eric__ jkl 1120054837 M * sannes doesn't the recursive bind mount affect the namespace? 1120054891 M * Bertl yes, it does, why? 1120054910 M * Bertl welcome jkl! 1120055109 M * sannes because vnamespace -e vs01 bash drops me in the namespace of vs01, but there is no sign of the mentioned rbind (in http://linux-vserver.org/Namespaces) 1120055151 M * Bertl that's because the tools do the rbind 'later' 1120055186 M * sannes in another namespace? 1120055192 M * Bertl IIRC, enricos reason for doing it so was to allow 'maintenance' access to the namespace 1120055248 M * sannes which is good, but how is it done .. I can't wrap my head around it .. hehe 1120055273 M * Bertl haven't had a closer look at the tools, but --debug might sched some light on it? 1120055286 M * jkl Bertl: hello! 1120055327 M * jkl i did my major vserver migration last night 1120055332 M * sannes because when I do stuff in the namespace it appears in the server, but it can't be the same namespace because rbind isn't done there.. 1120055348 M * jkl seems to have gone over pretty well 1120055372 M * jkl except i have no cluse about hostfs 1120055377 M * jkl *clue 1120055384 M * sannes so I must be visualizing this wrong 1120055638 M * Bertl well, the bind/rbind stuff do not interfere with namespace stuff 1120055646 M * Bertl s/do/does/ 1120055687 M * Bertl so you can pretty fine do the rbind on every enter, etc ... 1120055701 M * Bertl jkl: hostfs? 1120055738 M * sannes ah, I miss understood " yes, it does, why?" 1120055839 M * jkl Bertl: yes, i believe - I have an HD that i want to mount, and have a vserver access 1120055849 M * jkl or actually multiple vservers concurrently accessing if possible 1120055907 M * jkl heh, i try to mount it directly to the vserver's /home but nothing is there according to the vserver, the host can see it all fine though 1120055938 M * Bertl so you are trying to mount it from inside the guest? or on the host? 1120055970 M * jkl ideally in the guest, i think that would be more secure 1120055996 M * jkl but mount complains about permission it seems 1120056016 M * Bertl you have to switch to the guest's namespace on the host (with vnamespace) then do the mount 1120056065 M * sannes jkl : if on the host: vnamespace -e vservername mount /dev/whatever /vservers/vservername/home 1120056094 M * jkl how can i enable multiple vservers to access it at once? 1120056130 M * jkl would i need to do something like nfs? 1120056149 M * sannes heh, mount it in all the vservers? 1120056167 M * Bertl no, that isn't the best idea actually 1120056186 M * Bertl but you can mount it on the host, before you startup the guests 1120056199 M * Bertl and use --bind or --rbind to make a copy there 1120056208 M * Bertl (for each guest) 1120056365 M * sannes Bertl : what is the reason one shouldn't mount the same volume, but rather bind mount it? if both should be able to read it and the host has no interest in it? 1120056384 M * sannes read and write 1120056414 M * Bertl if you mount the fs twice, it really depends on fs handling this fact (i.e. two superblocks) 1120056414 M * jkl word 1120056436 M * Bertl if you use --bind or --rbind the filesystem is not concerned with this fact 1120056557 M * brc bertl! 1120056558 M * brc gmorning 1120056573 M * Bertl morning brc! 1120056638 M * sannes so the kernel can ruin the fs doing this? or add even more overhead? does mainstream local fses handle this? ext2/3, reiserfs? 1120056665 M * brc isnt there really any way to haave a per vserver user quota, when all the vservers are on the same partition ?? 1120056674 M * brc i need any workaround :) 1120056718 M * Bertl sannes: ext2/3 allow for this, but it's a little tricky 1120056742 M * Bertl brc: well, you can port the quota patches from 2.4 to 2.6 or use 2.4 ... 1120056783 M * brc hehehe 1120056806 M * brc if i had kernel knowlodge 1120056824 M * brc is the kernel patch for 2.4 stable ? 1120056832 M * _ag_ brc: you can do that with xfs quotas 1120056876 M * Bertl _ag_: sure? 1120056889 M * Bertl brc: it is well tested on 2.4 1120056898 M * brc _agÇ how ?? 1120056907 M * brc i've never used xfs 1120056908 M * brc how does that work 1120056985 Q * flock Ping timeout: 480 seconds 1120057070 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1120057386 J * UnWiz ~chatzilla@p54B20EDF.dip0.t-ipconnect.de 1120057511 M * _ag_ Bertl: i just checked, i talked too soon :/ 1120057550 M * UnWiz hi everybody 1120057824 M * UnWiz Wonder if anybody is around who can help me with a weired problem. 1120057825 M * UnWiz Host is running 2.6.11.11 vs2.0rc4. I have a eth0 and a ppp0 (pppoe) interface. 1120057827 M * UnWiz Everything appears to be fine until the ppp0 changes its ip address and a bind9 process in a vs tries to send out dns queries 1120057830 M * UnWiz What happens? I get the following messages in the host's syslog file: Badness in dst_release at include/net/dst.h:150 1120057853 M * sannes Bertl : tricky? I havn't done anything special, just added to both the fstabs .. am I doing something bad? 1120057903 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120057921 M * DaPhreak UnWiz: you could do some magic with the ifdown/up scripts (as I do) 1120057980 M * Bertl UnWiz: sounds like a net-dev issue ... 1120057986 M * _ag_ s/soon/early/ :( 1120057989 M * UnWiz DaPhreak: you mean taking the if down and down within the vs? 1120058007 M * UnWiz read down and up :- 1120058016 M * DaPhreak nope .. or is the vs listening to the ppp-device ? 1120058044 M * Bertl okay, have to leave now ... will be back later this evening ... 1120058052 M * UnWiz no, its the main server's if. 1120058052 M * DaPhreak later Bertl ;) 1120058085 M * DaPhreak i guess you use it as nat/masq router .. so you could do something like this: 1120058097 M * UnWiz Berlt: I'm pretty new in this channel. Has it been discussed before? 1120058174 M * DaPhreak not that i'm aware of .. but he means it sounds (your syslog-message about include/net/dst.h) like a net-dev issue (which is the net-dev mailinglist of the mainline kernel AFAIK) 1120058189 N * Bertl Bertl_oO 1120058283 M * UnWiz I'm not happy with 2.6.11 anyway. maybe it's been solved in 2.6.12. will check the list 1120059197 Q * _ag_ Quit: leaving 1120059700 J * _ag_ ag@caladan.roxor.cx 1120059739 M * maharaja how do i start vservers at system startup? 1120059782 M * maharaja i tried to put "default" into apps/mark 1120059799 M * maharaja but the vserver has not been started 1120059893 M * id is etc/vservers-default executed on startup ? 1120059924 M * maharaja i've got no /etc/vservers-default 1120059940 M * id sorry /etc/init.d/vservers-default 1120059951 M * maharaja it is 1120059963 M * id strange - works for me 1120059971 M * maharaja stopping them seems to work 1120059975 M * maharaja but the start failed 1120059976 M * maharaja mhm 1120059980 M * id hmm 1120060055 M * maharaja waiting for the scp to finish 1120060057 M * maharaja ill retry it then 1120060646 J * lilo ~lilo@lilo.usercloak.oftc.net 1120060926 M * Doener sannes, Bertl_oO: the rbind mount is done before the namespace is set. sannes, did you by chance trust "mount" instead of "/proc/mounts"? 1120061342 M * micah has anyone gotten screen to work in vservers? 1120061366 M * micah I am guessing you need to have some privledges to access some pty devices to let it work 1120061374 M * Doener should work if you "enter" the vserver via ssh... 1120061751 M * micah ah, that makes sense 1120061825 Q * sannes Ping timeout: 480 seconds 1120062758 M * micah what should the permissions on /vservers be? 1120062790 M * DaPhreak hmm 0000 ? 1120062803 M * micah really? 1120062808 M * micah I thought that was not the case 1120062818 M * DaPhreak well depends on the kernel ... 1120062829 M * micah w.6.11 vs1.9.5 1120062832 M * micah err 1120062833 M * micah 2.6.11 1120062976 M * Doener micah: choose what you like ;) 1120062982 M * DaPhreak micah: you were right .. only the barrier flag should be set on /vservers 1120062991 M * Doener if you don't use namespaces, you have to set the barrier flag 1120062999 M * micah DaPhreak: how can I determine if the barrier flag is set? 1120063010 M * DaPhreak lsattr /vservers 1120063015 M * micah I am not sure if I do use namespaces or not 1120063022 M * micah yes, lsattr shows me ------------- 1120063025 M * Doener showattr... 1120063029 M * Doener lsattr was on 2.4 ;) 1120063032 M * DaPhreak ah ;) yeah 1120063036 M * micah ---Bui- /vservers/ 1120063040 M * micah ---bui- /vservers/MI 1120063047 M * micah those are correct? 1120063050 M * Doener yep 1120063053 M * micah cool thanks :) 1120063069 M * Doener if /vservers/ is the 'real' parent of /vservers/MI 1120063078 M * micah last question for the day -- is there a way to add an IP to a vserver without restarting it? 1120063083 M * Doener (don't ask me, which are the cases in which it isn't the parent ;) 1120063085 M * micah Doener: it is the real parent 1120063086 M * DaPhreak Doener: am I right with the suspicion that the perms are negligible on 2.6 ? 1120063096 M * Doener 18:36:21 Doener micah: choose what you like ;) 1120063103 M * Doener DaPhreak: i.e. yes ;) 1120063104 M * DaPhreak micah: no, i don't think so :) 1120063111 M * micah DaPhreak: so I need to restart the vserver 1120063124 M * Doener micah: new config? 1120063125 M * DaPhreak might only be possible with ngnet, but i'm not sure 1120063134 N * jonsmel jonsmel|lunch 1120063135 M * Doener hm, shouldn't matter anyways.. 1120063150 M * micah Doener: yeah I want to make a new IP available to the vserver 1120063157 M * DaPhreak micah: you got it ... 1120063168 M * micah Doener: should I make a new interface, or do I make a new eth:something? 1120063178 M * DaPhreak Doener: is the weather also nice at your place ?! ;P (my head is burning ;P) 1120063179 M * Doener micah: add the ip address to the config, configure it yourself (i.e. ip addr add foo bar), then enter the vserver and restart those processes that should get the new ip address 1120063204 M * Doener so that's not really on-the-fly, but you can maybe keep some of the processes running 1120063206 M * micah DaPhreak: its burning here too 1120063217 M * DaPhreak heh, head or the sun ?! ;P 1120063226 M * Doener quite ok today, around 24° C 1120063249 M * Doener (means around 26-28° C in my room ;) 1120063259 M * DaPhreak heh, sauna ;P 1120063269 M * micah Doener: so I make a new /etc/vservers/MI/interfaces/2 directory, then add an ip file with the new IP, and a prefix file with the prefix, then configure it on the host using ip addr? 1120063279 M * Doener yep 1120063295 M * micah hmm 1120063301 M * Doener then enter the vserver via "vserver foo enter" and restart the processes that need the new address... 1120063303 M * micah but to do that on the host I will need to make eth0:1 or something 1120063310 M * Doener why? 1120063332 M * Doener since 2.4.something (or even 2.3.something?) you don't need aliases any more 1120063336 M * micah oh? 1120063342 M * micah I can just mkae eth2 if I want? 1120063361 M * Doener no, you can assign addresses to the interface without giving them a name 1120063364 J * sannes ~ace@cm-84.118.217.070.chello.no 1120063390 M * Doener ifconfig won't show them, because it doesn't know about the netlink interface, but "ip a" will... 1120063391 M * sannes Doener : I'm guilty .. 1120063413 M * Doener sannes: heh :) 1120063421 M * DaPhreak so the /etc/vserver//interfaces/#NUM/name is useless on 2.6 ? 1120063449 M * Doener DaPhreak: it's not useless... if you want aliases, you get them this way... you simply don't _need_ them 1120063460 M * DaPhreak ah :) 1120063494 M * Doener might be that some programs rely to see the addresses via ifconfig, then you want/need an alias, but usually you don't 1120063494 M * micah huh 1120063509 M * micah so what is it that will enable my vserver to be able to use any arbitrary interface I configure on the host? 1120063512 M * Doener s/rely to see/rely on seeing/ 1120063534 M * DaPhreak the config i guess .. 1120063551 M * DaPhreak as you stated earlier ;) 1120063566 M * Doener micah: hm? to sent out packages? nothing required... the host's routing table is used, so it doesn't matter to which interface the address is bound... 1120063596 M * Doener you can even assign a public ip to dummy0 and give that to your vserver, it will be able to talk to the outside then anyways... 1120063605 M * micah huh 1120063616 M * micah so could I add a secondary public IP to eth0 then too? 1120063617 M * Doener (the sysctl arp_filter setting may affect that, but i don't know much about that) 1120063624 M * Doener of course 1120063643 M * micah I have not used ip addr before 1120063649 M * Doener 1: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 1120063649 M * Doener link/ether 00:26:54:08:28:d8 brd ff:ff:ff:ff:ff:ff 1120063649 M * Doener inet 192.168.1.1/24 brd 192.168.0.255 scope global eth0 1120063649 M * Doener inet 192.168.100.100/24 brd 192.168.100.255 scope global eth0 1120063649 M * Doener inet 10.0.0.1/32 scope global eth0 1120063650 M * Doener 2: lo: mtu 16436 qdisc noqueue 1120063660 M * DaPhreak *shrug* 1120063665 M * Doener i got three addresses on eth0 ;) 1120063683 M * DaPhreak http://phpfi.com/67680 1120063689 M * Doener ifconfig will only show the first, because it only shows named addresses 1120063689 M * micah so I do: ip addr add some.ip.address.here some.netmask.here 1120063689 M * micah ? 1120063750 M * Doener ip addr add 192.168.100.100/24 broadcast + dev eth0 1120063761 M * Doener should look like that 1120063763 M * micah I include the +? 1120063773 M * Doener that's what the tools call 1120063827 M * Doener yep, + has a special meaning for the broadcast setting 1120063833 M * Doener It is possible to use the special symbols '+' and '-' instead of 1120063833 M * Doener the broadcast address. In this case, the broadcast address is 1120063833 M * Doener derived by setting/resetting the host bits of the interface pre- 1120063833 M * Doener fix. 1120063841 M * Doener (from man ip) 1120063852 M * micah oh cool 1120063852 M * maharaja argl, that default vserver stuff is not working 1120063858 M * maharaja brb - cooking dinner 1120063888 M * micah ok, so I configure that on the host, do I need to make /etc/vservers/$VS/interfaces/$IF/...? 1120063900 M * Doener yep... 1120063907 M * micah ok, i do 1120063922 M * Doener the "ip addr add" stuff is just because the tools would create the ip address only when the vserver is started 1120063929 A * DaPhreak stabs the utils (again) 1120063930 M * Doener as you keep it running, the address wouldn't be there 1120063937 M * micah ok 1120063944 M * Doener and the config is used to determine the arguments to chbind 1120063954 M * Doener (on "vserver xxx enter") 1120063955 M * micah so if I add it to the /etc/vservers/... then i dont need to configure it in the host's /etc/network/interfaces 1120063987 M * Doener no, /etc/network/interfaces is not needed (unless you want the address to be always configured) 1120064003 M * Doener i.e. also when the vserver is not running 1120064051 M * micah ok, what i did not understand was the correlation between the /etc/vservers/vs1/interfaces/# and the ip addr add .... eth0 1120064057 M * micah but I see that there is none, and it does not matter 1120064074 M * micah I can choose any # in /etc/vservers/vs1/interfaces and it will be fine 1120064156 M * Doener when the vserver is started, the tools read /etc/vserver/vs1/interfaces/*/{ip,dev,prefix,...} 1120064185 M * Doener if there is _no_ file called "nodev" the configured address is create via "ip addr add ...." 1120064203 M * Doener and when the vserver is stopped, the address is removed via "ip addr del ...." 1120064241 M * Doener for (almost?) every command, chbind is called with the configured ip addresses to have the vserver being restricted to those 1120064611 M * micah cool 1120064630 M * micah so if there is no "nodev" and the vserver is started and the ip addr add ... is run 1120064634 M * micah what interface does it use to add? 1120064644 M * Doener the one configured in "dev" 1120064687 M * Doener IIRC the "dev" file can be either in /etc/vservers//interfaces, or separate in each /etc/vservers//interfaces/#/ 1120064693 M * micah oh! 1120064700 M * micah I didn't know you could put one in /interfaces/# as well 1120064717 M * micah if you do not, is the dev from /etc/vservers//interfaces used by default? 1120064730 M * Doener yep 1120064760 M * Doener having it in ../interfaces/#/ is good if you want the addresses on different interfaces... 1120064781 M * micah right 1120064788 M * micah thanks, this makes more sense to me 1120064847 Q * eXplasm Ping timeout: 480 seconds 1120064990 Q * erwan_taf Ping timeout: 480 seconds 1120065035 M * daniel_hozac so, 2.6.12.1 works fine with initrd/initramfs. 1120065157 J * eXplasm explasm@p549F5E02.dip.t-dialin.net 1120065169 J * erwan_taf ~erwan@AToulouse-105-2-2-69.w217-128.abo.wanadoo.fr 1120066160 Q * erwan_taf Ping timeout: 480 seconds 1120067158 Q * zimbo Ping timeout: 480 seconds 1120067471 Q * eXplasm Remote host closed the connection 1120067512 J * eXplasm explasm@p549F5E02.dip.t-dialin.net 1120068354 P * UnWiz 1120069319 M * jkl so, i try to ssh between vservers and i get Host key verification failed. - any ideas? 1120069551 M * jkl chmod 666 /dev/tty 1120069555 M * jkl that fixed it 1120069558 M * jkl thanks jkl!! 1120070739 Q * sukria Quit: see you 1120070772 M * jkl anyone running courier-imap within a gentoo vserver? 1120070851 M * sannes Added CAP_QUOTACTL to bcapability, added vroot device to vserver, mounted with usrqouta and grpquota.. tried quotaon /dev/myvrootdev .. hm, what else do I have to enable to make quota work? .. 1120070859 M * sannes jkl : I do 1120070968 J * zimbo ~zimbo@callisto.dom.bonis.de 1120070999 J * Echel0n ryan@231.168-60-66-fuji-dsl.dhcp.surewest.net 1120071597 Q * eXplasm Quit: Verlassend 1120071602 J * eXplasm explasm@p549F5E02.dip.t-dialin.net 1120072092 Q * alexx Ping timeout: 480 seconds 1120072165 M * jkl sannes: i'm having trouble getting it started 1120072175 Q * micah Ping timeout: 480 seconds 1120072186 M * jkl running /etc/init.d/courier-imap says [ok] but it isnt started 1120072200 M * jkl if i run the rc script referenced in the init script though, it starts up just fine. 1120072267 Q * rs Quit: rs 1120073045 J * micah micah@micha.hampshire.edu 1120073259 M * micah Doener: it seems as if the ip addr add command did not work 1120073271 M * micah Doener: the IP is on the host, but the vserver cannot use it 1120073286 Q * Echel0n Quit: Leaving 1120073296 M * Doener you also added the ip address to the configuration, right? 1120073347 M * micah Doener: yes, I did, but I did not restart the vserver itself 1120073366 M * micah oh, maybe I need to leave and re-enter the vserver 1120073370 M * micah now that the IP is added to the config 1120073377 M * micah otherwise it is not available, right? 1120073380 M * Doener yep 1120073386 N * jonsmel|lunch jonsmel 1120073405 M * Doener and only processes started from _there_ will have the new ip address 1120073433 M * Doener i.e. if you want your apache to get the additional ip address, restart it from within that shell 1120073470 M * Doener as i said, it's not really on the fly, but you may keep most of your processes running without any downtime this way 1120073504 M * micah yes, this is better, and also illustrative of how things work 1120073536 M * Doener yep, it clearly shows the separation between isolation on the process and the network level 1120073578 M * Doener the tools don't allow it directly, but there's no problem with having a vserver that has some processes with access to ip addresses A and others with access to ip addresses B, they can even overlap 1120073616 M * sannes jkl : tried, looking in the logs? 1120073619 J * _mountie ~mountie@trb229.travel-net.com 1120073798 M * micah Doener: thanks, this has been very educational 1120073813 M * Doener you're welcome 1120073905 J * tanjix ~tanjix@office.star-hosting.de 1120073911 M * tanjix Hello together 1120073995 M * Doener hm, no I've fscked my pty stuff :( 1120074014 M * Doener guess I'll take a look at telnet or openssh to see how they do it... 1120074082 Q * mountie Ping timeout: 480 seconds 1120074088 M * tanjix i have a mysterious problem: i have e.g. 15 vservers running on a machine with debian sarge - on 8 of them apache2 runs very well. on the other ones it won't start because of an error (28)No space left on device: mod_rewrite: could not create rewrite_log_lock - if i stop one vserver where apache2 runs and start apache on an "infected" system, it starts up... any ideas why that? 1120074245 M * eyck hmm, you're using tmpfs ? 1120074249 M * eyck are you? 1120074308 M * Doener could you strace apache? maybe you run out of some sysvipc resource 1120074338 M * Doener hm, guess that doesn't make sense for the rewrite_log_lock... 1120074351 M * Doener check what eyck suggested 1120074376 M * Doener alpha tools by default setup a tmpfs /tmp for the vservers... 1120074403 N * _mountie mountie 1120074567 M * Doener micah: one thing you most probably want to restart to have access to the new ip address is crond. otherwise if for example logrotate (started by crond) restarts your apache it would "lose" the new ip address again 1120074619 M * Doener "it" being apache 1120074627 M * tanjix eyck: how do is ee that ? 1120074664 M * Doener tanjix: enter the vserver in question and check with df if there's any space left on /tmp 1120074743 M * Doener if /tmp does not appear it's probably not on a tmpfs, but i'd check /proc/mounts in that case anyways. don't know if df relies on /etc/mtab matching the current mounts 1120074744 M * tanjix Doener: /tmp is nit directly mounted with a separate mountpoint 1120074770 M * micah Doener: gooood idea 1120074810 Q * sannes Quit: m 1120074821 M * tanjix vs6603:/# cat /etc/mtab 1120074821 M * tanjix vs6603:/# 1120074825 M * tanjix vs6603:/# cat /etc/mtab 1120074825 M * tanjix vs6603:/# 1120074839 M * Doener then cat /proc/mounts now 1120074839 M * tanjix grr :) 1120074858 M * tanjix mtab file says: /dev/hdv1 / ext3 defaults 1 1 1120074897 M * tanjix that's a very long list @ Doener 1120074908 M * Doener hm... kernel 2.4? 1120074942 M * tanjix yes 1120074949 M * Doener stable tools then i guess? 1120074958 M * tanjix sorry? 1120074972 M * Doener we have stable and alpha tools 1120074980 M * Doener check version with chcontext --version 1120074998 M * tanjix version 0.29 1120075007 M * Doener ok, stable tools, so no tmpfs mount 1120075018 M * Doener then please strace the failing apache startup 1120075037 M * tanjix may i post the whole output here ` 1120075079 M * Doener better use a pastebin 1120075088 M * tanjix e.g. ? 1120075094 M * Doener pastebin.com ;) 1120075101 M * Doener http://pastebin.com 1120075118 A * Doener should remember to use full urls... 1120075147 M * Doener ... and to finally get to know the difference between urls and uris... 1120075158 M * tanjix that url gives mysql errors :) 1120075180 M * Doener http://pastebin.ca/ 1120075204 M * tanjix http://pastebin.ca/16400 1120075240 M * Doener with -fF please 1120075284 M * tanjix strace -fF ... ? 1120075301 M * Doener google says you're running out of semaphores 1120075346 M * Doener yep 1120075347 M * eyck shm? 1120075348 M * tanjix yes i found s.th. about that error and the command ipcs -s 1120075363 M * Doener eyck: sem 1120075369 M * Doener shm is shared memory IIRC 1120075399 M * eyck right, sorry. 1120075401 M * tanjix is there a workaround for that semaphore array problem ? 1120075408 M * eyck get some more :) 1120075426 M * tanjix and how :) 1120075469 M * eyck probably in /proc/sys/sem 1120075505 M * tanjix that file does not exist 1120075514 M * Doener .../sys/kernel/... 1120075531 M * tanjix main66:~# cat /proc/sys/kernel/sem 1120075531 M * tanjix 250 32000 32 128 1120075541 M * tanjix and how could i increase them ? 1120075546 A * Doener is searching for a description of the values... 1120075576 M * eyck kernel.sem = 25032000 32 128 1120075605 M * tanjix sry ? 1120075624 M * Doener that's from /etc/sysctl.conf... 1120075634 M * eyck right. 1120075661 M * tanjix just writing that in this file ? 1120075676 M * eyck http://www.ibm.com/support/docview.wss?rs=969&context=SSBQZT&dc=DB520&uid=swg21161535&loc=en_US&cs=UTF-8&lang=en 1120075693 M * eyck echo "2000 256000 32 128" > /proc/sys/kernel/sem 1120075700 M * eyck or 1120075701 M * eyck kernel.sem=250 3200 32 128 1120075709 M * eyck in /etc/sysctl.conf 1120075711 M * tanjix is a reboot needed ? 1120075724 M * eyck no 1120075757 M * eyck hmm, but you shouldn't run out of those that fast... 1120075776 M * eyck I had problems like this when some app was constantly requesting new semaphores... 1120075782 M * tanjix i did that echo command and tried to start apache now... not working :( 1120075787 M * Doener tanjix: got mod_perl_apps or sth. like that running? i've seen bug reports about it leaking semaphores 1120075803 M * tanjix Doener: yes, they are enabled in apache2 1120075807 M * eyck hmm, how many semaphores are there in use in your system? 1120075819 M * tanjix how do i see that eack ? 1120075827 M * eyck ipcs sem probably 1120075850 M * tanjix hm i think i must run that in each vserver 1120075855 M * tanjix the host does not return anything 1120075862 M * eyck hmm, AFAIK those are not virtualised 1120075870 M * Doener chcontext --ctx 1 ipcs -s 1120075878 M * Doener chcontext --ctx 1 cat /proc/sysvipc/sem 1120075888 M * Doener one of those should probably work... 1120075890 M * eyck hmm 1120075896 M * eyck or maybe they are, 1120075944 M * tanjix the first line worked the second too 1120075945 M * tanjix main66:~# chcontext --ctx 1 cat /proc/sysvipc/sem | wc -l 1120075945 M * tanjix 129 1120075945 M * tanjix main66:~# 1120075957 M * eyck not that much.. 1120075971 M * eyck not too few either, 1120075981 M * eyck maybe there is something leaking after all 1120075988 M * Doener hmm.. that's 128 + title line 1120076010 M * tanjix Doener: yes 1120076016 M * Doener which equals the last number in the echo command, being the number of ids 1120076037 M * Doener and AFAICT /proc/sysvipc/sem entries all have different ids... i.e. try raising the last number 1120076041 M * eyck wait wait, how many was there before you upped the limit to 128? 1120076052 M * Doener it was 128 before 1120076065 M * eyck echo "2000 256000 32 256" > /proc/sys/kernel/sem maybe? 1120076068 M * Doener only the first two were raised 1120076074 M * Doener eyck: yep, i'd say so 1120076182 M * tanjix is there any solution left ? :) 1120076195 M * Doener did you try eyck's last suggestion? 1120076207 M * tanjix opps :) one sec 1120076245 M * tanjix look good apache2 is up and running 1120076251 M * Doener great! 1120076271 M * Doener I'd suggest to check whether there's a semaphore leak somewhere though 1120076456 M * eyck also, there is a small problem with IPC and linux...like, it's possible to leak them in a way that nothing but reboot returns them to the system 1120076552 M * tanjix what is the maximum i could "tune up" the sem's ? 1120076630 M * eyck hmm, that's your call 1120076653 M * eyck but if you've got a leak, no metter how much you 'tune up' your leak will fill it up 1120076671 M * tanjix i will try it with 256 1120076694 M * tanjix another question: do you know if plesk is running inside a vserver ? 1120077315 M * micah I would like to find an opensource control panel that vserver people could modify to work with vservers 1120077879 M * Doener micah: "work with vservers" like "configure vserver settings" or "configure applications inside a vserver"? 1120077969 M * micah Doener: perhaps both... I am not sure 1120077982 M * micah Doener: but I think the latter is more what a control panel would do 1120078005 M * micah most control panels can only operate one apache, and it has to be on the system that the control panel is running on 1120078013 M * Doener well, a control panel for vservers would do the former, thus i ask ;) 1120078031 M * Doener (a control panel that controls vserver...) 1120078064 M * micah ah, i see 1120078077 M * micah yes, I think we were speaking of a web hosting control panel 1120078113 M * Doener what you want is a panel that knows about vservers, is run on the host, and can control the applications inside the various vservers, right? 1120078149 M * micah yes, because using vservers in a web hosting environment is useful for two purposes: 1120078159 M * micah 1. isolate individual customers into individual vservers 1120078171 M * micah 2. isolate individual services/CMS' etc. into vservers 1120078181 M * Doener i.e. some example of working with it would be: select vserver1, select apache, add domain, restart apache. select vserver5, select mysql, drop database. 1120078214 M * micah the latter is more useful (IMHO), because if you want to be able to install a CMS, say postnuke, for customers, it would be prudent to isolate postnuke in its own vserver for security reasons 1120078223 M * Doener and in a hosting context, limit the users to selected vservers/services or sth. like that 1120078224 M * Doener right? 1120078238 M * micah yes, exactly 1120078311 M * micah however another example of working with it could also be: select vserver2, install new instance of postnuke for customer, select vserver5, select mysql, create database for postnuke 1120078359 M * micah it depends on how you decide to use vservers 1120078366 M * Doener hm, the "install postnuke" part is quite specific, some extendable framework would be good i guess, so that you can add actions... 1120078392 M * micah your vservers could be set up to only have individual services in them (a vserver with apache, one with bind, one with mysql), but then the vserver with apache is vulnerable to every codebase installed in it 1120080811 Q * tanjix Quit: 1120080863 N * Bertl_oO Bertl 1120080884 M * Bertl evening folks! 1120081045 M * id wb Bertl 1120081055 M * Bertl hey id! 1120081132 M * Doener evening Bertl! 1120081182 M * Doener ahh... non the pty works again... didn't check error condition on write and that messed up my write() loop (bytes left/offset got messed up) 1120081188 M * Doener s/non/now/ 1120081224 M * Bertl sounds good! I see tanjix payed a visit? 1120081247 M * Doener now let's see if i can get that into my daemon... 1120081272 M * Doener decided to try "vserver xxx enter" mode first 1120081275 M * Doener yep, he did 1120081359 M * Doener intended implementation: daemon forks a process which migrates into the chosen context. then it gets itself a pty, makes it its controlling terminal and passes the master fd to the client via the unix socket 1120081388 M * Doener then the process exec()s a bash whose input/output is then handled by the client 1120081410 M * Doener that way we should have a valid pty in the vserver 1120081457 M * micah evening Bertl 1120081475 M * Bertl Doener: sounds good, might work :) 1120081482 M * Bertl evening micah! 1120081500 M * micah Doener: that would make screen work from vserver xxx enter? 1120081518 M * Doener it might fail at the point where the pty master's fd is sent to the client, didn't try if that fd stays valid across context boundaries... guess I'll know soon ;) 1120081523 M * Doener micah: probably 1120081557 M * Bertl Doener: but we could arrange for this in a different way 1120081581 M * Bertl remember my 'suggestion' to make virtualized consoles/vts? 1120081596 M * Doener uhm.. no, sorry 1120081617 M * Bertl np, we could arrange for bidirectional terminals in/out the guest 1120081632 M * Bertl they could be handled by mgetty or mingetty inside 1120081644 M * Bertl and an appropriate 'handler'/daemon outside 1120081685 M * Bertl that would allow both, logon via 'login' and enter via pipe/terminal 1120082080 M * Bertl (comments are welcome :) 1120082301 M * jonsmel Hey Bert, JFYI, looks like we are going to attempt gfs again to see if we can't get that working, The other options just won't work most issues lie within what filesystem to use 1120082327 M * Bertl evening jonsmel! 1120082372 M * Bertl well, gfs seems more suited for the community ... so maybe we can get it working as expected ... 1120082393 M * jonsmel it's not vserver issue, it's cluster issues 1120082413 M * jonsmel more precise is quorum issues 1120082445 M * Bertl well, I guess gfs folks are interested in fixing that, no? 1120082446 M * jonsmel but I'm going to see how I can alter gfs to hopefully make it work 1120082462 M * jonsmel From their stand point that is they way they want it to work 1120082476 M * Bertl hmm ... please elaborate ... 1120082479 M * jonsmel if too many nodes fall inactive the cluster breaks 1120082497 M * jonsmel and won't go active again until enough nodes are back in the cluster 1120082526 M * jonsmel so say in our case where we just want a solid share block device for all nodes 1120082565 M * jonsmel if we lose even one of our front ends or restart it the cluster goes down which causes all vservers to close 1120082592 M * jonsmel we want it so that the cluster doesn't care about how many nodes are in the cluster 1120082602 M * jonsmel just serve out the block device 1120082663 M * jonsmel than make any sort of sense 1120082762 M * Bertl http://gfs.wikidev.net/Installation 1120082778 M * Bertl Ordinarily the loss of quorum after one node fails out of two will prevent the remaining node from continuing (if both nodes have one vote.) Some special configuration options can be set to allow the one remaining node to continue operating if the other fails. To do this only two nodes with one vote each can be defined in cluster.conf. The two_node and expected_votes values must then be set to 1 in the cman config section as follows. 1120082789 M * jonsmel yeah, i've been looking at most of their installation pages 1120082826 M * jonsmel I am checking with them to see if that only applys with a two node setup or if I can have many nodes 1120082849 M * Bertl probably the 'changes' for multinode setups are minimal 1120082862 M * jonsmel that's what I am hoping 1120082949 J * suburban suburban@21-75-246-201.adsl.terra.cl 1120083038 Q * suburban Quit: 1120083588 J * Aiken ~james@tooax6-188.dialup.optusnet.com.au 1120083600 M * Bertl evening Aiken! 1120083600 M * jonsmel well, off for now, talk to ya tomorrow 1120083607 N * jonsmel jonsmel_zZ 1120083607 M * Bertl jonsmel: cya! 1120083617 M * Aiken hello 1120083797 Q * eXplasm Remote host closed the connection 1120084280 J * ruuth2 ~ruuth@dialin-145-254-248-081.arcor-ip.net 1120084302 N * ruuth2 VooDooMaster 1120084308 M * Doener it works! :) 1120084340 M * VooDooMaster Congratulations Doener 1120084353 M * Doener thx 1120084387 M * Bertl hmm .. to me it has the 'bug' touch .. sorry :/ 1120084413 M * Doener hm? 1120084501 M * Bertl well, if taht works, it should also be possible to conenct two guests in this way, no? 1120084634 M * Doener if you manage to get a unix domain socket in a location accessible by both guests, then i guess yes 1120084675 M * Doener that's what enrico always said, it being possibly a way to break out of the chroot, by exchanging fds over a unix socket 1120084719 M * Bertl okay, and how do we avoid this 'exploit' in this particular case? 1120084738 M * Doener the pty case? 1120084742 M * Bertl yep 1120084784 M * Bertl or is it a non-issue? 1120084836 M * Doener you can exchange arbitrary data that way... 1120084856 M * Doener if there's a shared writable filesystem 1120084925 M * Bertl well, I ahve no problem with data exchange, it's more the question: "can an evil /bin/bash escape via such a pty? 1120085051 M * Doener hmm... good question... 1120085116 M * Doener you cannot exchange the slave side (i.e. the thing that appears as /dev/pts/#), if a fd for that one crosses a context boundary, you end up with EBADF 1120085212 M * Doener what you can do is controlling a process in the other context having the slave of the pty as its controlling terminal... if that context gave you the master fd of the pty 1120086637 Q * VooDooMaster Quit: Nettalk6 der Freeware IRC-Client 1120087316 M * Doener ok, hitting some issues again and i'm pretty tired, so I'm off to bed now... 1120087326 M * Doener have a good one and good night folks! 1120087539 M * id bye Doener 1120087551 M * Bertl night Doener! 1120089176 M * Hollow heya 1120089584 M * Bertl hey Hollow! 1120089593 M * Hollow hey Bertl, how's it going?