1122422657 N * Bertl_oO Bertl
1122422680 M * Bertl evening folks!
1122422724 M * Bertl FaUl: hmm?
1122422735 M * Bertl micah: yep, sunday, 13:00 :)
1122424726 M * Bertl FaUl: I'll be back today around 14:00 CET ...
1122424742 M * Bertl okay folks, I'm off to bed now ...
1122424750 N * Bertl Bertl_zZ
1122425255 J * brett ~brett@d60-65-39-223.col.wideopenwest.com
1122425615 Q * brett Quit: leaving
1122425688 J * brett ~brett@d60-65-39-223.col.wideopenwest.com
1122433092 Q * brett Quit: Leaving
1122433712 J * Aiken_ ~james@tooax6-144.dialup.optusnet.com.au
1122434038 Q * Aiken Ping timeout: 480 seconds
1122441569 Q * Pazzo Quit: ..
1122442267 J * xf__ ~i@ppp239-149.lns2.adl2.internode.on.net
1122442455 Q * xf_ Ping timeout: 480 seconds
1122444796 J * marlin ~jimbo@dsl-202-173-187-73.nsw.westnet.com.au
1122444809 N * Bertl_zZ Bertl
1122444820 M * Bertl morning folks!
1122444937 M * Bertl hey marlin! what's up?
1122445111 M * marlin hi all
1122445694 J * timster ~chatzilla@64-142-81-224.dsl.static.sonic.net
1122445713 M * Bertl welcome timster!
1122445725 M * timster :}
1122446170 Q * Aiken_ Quit: Leaving
1122446207 J * Aiken ~james@tooax6-144.dialup.optusnet.com.au
1122446220 M * Bertl wb Aiken!
1122446242 M * Aiken hi
1122446334 M * Bertl Aiken: how was the shopping?
1122446411 M * Aiken spent a bit of money
1122446433 M * Aiken bought a leaf blower that I modified to clean the gutters
1122446459 M * Aiken ran testme 3 times with the modified tools
1122446469 M * Aiken that image really does not like that kernel
1122446481 M * Aiken the test failed once and passed twice
1122446482 N * bipsen_zZ bipsen
1122446493 M * Bertl morning bipsen!
1122446516 M * Bertl Aiken: funny ... do you have one of the 'succeeding' runs recorded?
1122446526 M * bipsen Morning Bertl... Surprised to see you here this time of day... ;-)
1122446542 M * Bertl bipsen: well, it's 8:40 BUT :)
1122446609 M * bipsen I don't know whether any of you experts noticed the messages I got from vserver-build yesterday: vcontext: vc_create_context(): File exists
1122446628 M * bipsen after all RPM's have been installed to the guest OS on a LVM partition
1122446662 M * Bertl well, it basically says that you (the tools) are trying to create a context which already exists ...
1122446700 M * Bertl now the next question is, what context id do you use for that one, and does it really exist?
1122446715 M * bipsen context 10027 ? Hmm.. thought I would get a warning from vserver-build if it already existed
1122446761 M * Bertl check in /proc/virtual for existing ones
1122446808 M * bipsen Contents of info in that dir:
1122446819 M * bipsen VCIVersion:     0002:0001
1122446819 M * bipsen VCISyscall:     273
1122446819 M * bipsen VCIKernel:      03000016
1122446831 M * Bertl that's fine, any subdirs?
1122446835 M * bipsen nope
1122446845 M * Bertl then it should not exist ...
1122446857 M * Bertl let's verify that with:
1122446870 M * Bertl vcontext --create --xid 10027 -- true
1122446880 M * Aiken no
1122446886 M * Aiken I don't
1122446916 M * bipsen New security context is 10027
1122446931 M * Bertl so that's not your issue then ...
1122446963 M * Bertl bipsen: maybe you could upload the output of testme.sh -L somewhere?
1122446974 M * bipsen strange enough, no dir is created in /etc/vservers/<vserver-name>
1122446977 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh-0.13
1122447034 M * Aiken Bertl the filesystem was damaged from all the OOPS so I trashed it and building a more modern 2.6 friendly image
1122447038 M * Aiken then will try again
1122447073 M * bipsen Bertl: well, it says succeeded on all of them
1122447103 M * Bertl k, then please paste at least the Linux and VCI lines
1122447121 M * bipsen Linux 2.6.12.3-vs2.0-rc8.1.ELsmp i686/0.30.208/0.30.208 [Ea] (0)
1122447121 M * bipsen VCI:  0002:0001 273 03000016
1122447143 M * Bertl hmm, EL?
1122447148 M * bipsen the 0.30.208 tools was pulled from CVS yesterday and compiled (due to the issue with LVM installation)
1122447172 M * bipsen EL is just a suffix added by me (same style as the other WBEL kernels)
1122447194 M * Bertl ah, okay ...
1122447222 M * Bertl and when do you get this message?
1122447272 M * bipsen after installation of all the RPM's .... then I get, well 40-60 lines with that error-message
1122447297 M * Bertl Aiken: thanks a lot! and take it easy! no need to rush ...
1122447333 M * bipsen Gotta head off towards work - will be back in approx 15-20 minutes....
1122447341 M * Bertl k, cya!
1122448490 M * bipsen ok, back
1122448551 M * bipsen I've been trying to figure out where vcontext is called from vserver-build - but haven't been able to find out where the commands are executed
1122448572 N * BobR_afk BobR
1122448586 M * bipsen as said earlier - it's also strange, that the vserver configuration dir isn't created
1122448629 M * bipsen maybe I should take this up with Enrico by mail....
1122448690 M * Bertl I assume you are using dietlibc by now, right?
1122448785 M * bipsen As far as I remember, yes....
1122448808 M * bipsen ]# rpm -qa | grep diet
1122448808 M * bipsen dietlibc-0.27-4
1122448809 M * bipsen yep
1122448842 M * Bertl hmm, an older one .. but maybe patched up to recent versions ...
1122449058 M * bipsen I can try to build 0.29 - one sec....
1122449808 M * bipsen okay, more than just one sec - tried to buidl in as rpm, but that seems to take som work...
1122449908 M * bipsen anyway - when building a new vserver - without having the destinations folder being a lvm partition - then I don't get the errors...
1122449984 M * Bertl hmm, okay ...
1122450002 M * bipsen just testing it again (to be sure)
1122450046 M * bipsen I guess the next thing would be to try to do it without specifying a context on the vserver-build command
1122450149 M * Bertl hmm, definitely not ... because that will use dynamic contexts and probably result in funny stuff ...
1122450342 M * bipsen Bertl: How do I remove the 10027 context made earlier ?
1122450378 M * Bertl you mean the guest or what?
1122450431 M * bipsen The one I did using:  vcontext --create --xid 10027 -- true
1122450489 M * bipsen anyway - tried it again (without using a lvm partition) .. still get the "vcontext: vc_create_context(): File exists" error, but at least the configuration directory is created now...
1122450538 M * bipsen I'll try again with another context
1122450670 M * Bertl what is the complete build line you use?
1122450768 M * bipsen ./vserver-build -m yum -n dns-ext2 --hostname ns2.domain.dk --interface domain=eth0:192.168.3.27/24 --initstyle=sysv --context 10028 -- -d wbel4
1122450776 M * bipsen that's the one I'm trying right now
1122450849 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net
1122450868 M * bipsen Okay, I also get the context error on that one
1122450884 M * bipsen maybe there's something buggy in the CVS version of the tools
1122450916 M * Bertl morning prae!
1122450994 M * prae hi Bertl 
1122451002 M * bipsen Wonder whether I should try to summarize all my attempts with the cvs version, and create a bug-report on savannah....
1122451028 M * Bertl well, won't hurt ...
1122451305 Q * Aiken Ping timeout: 480 seconds
1122452404 J * Doener` ~doener@p54875E35.dip.t-dialin.net
1122452835 Q * Doener Ping timeout: 480 seconds
1122453556 N * BobR BobR_afk
1122454874 Q * prae Ping timeout: 480 seconds
1122457393 J * Aiken ~james@tooax6-163.dialup.optusnet.com.au
1122457614 M * Bertl okay, off for now .. back later ...
1122457622 N * Bertl Bertl_oO
1122462353 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net
1122463780 N * BobR_afk BobR
1122463813 N * BobR BobR_afk
1122464590 Q * Aiken Ping timeout: 480 seconds
1122465724 Q * jkl_ Ping timeout: 480 seconds
1122467957 Q * marlin Quit: 
1122470813 Q * flock Ping timeout: 480 seconds
1122471250 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1122473120 Q * _ag_ Quit: BBL, moving gw to cellar
1122473527 Q * prae Quit: Execute Order 69 !
1122473574 J * _mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com
1122473574 Q * mountie Read error: Connection reset by peer
1122473780 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net
1122474105 J * jkl_ eric@c-67-165-222-93.hsd1.co.comcast.net
1122474324 Q * flock Ping timeout: 480 seconds
1122474555 Q * nokoya Quit: changing servers
1122474601 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1122474839 J * nokoya ~young@hi-230-82.tm.net.org.my
1122475244 N * Bertl_oO Bertl
1122475259 M * Bertl greetings!
1122475444 Q * flock Ping timeout: 480 seconds
1122475580 M * SiD3WiNDR heya Bertl 
1122475789 J * brett ~brett@d60-65-39-223.col.wideopenwest.com
1122475847 M * bipsen hi Bertl
1122475874 M * Vudumen Bertl:) hi
1122475893 M * Bertl welcome brett!
1122475905 M * Bertl hey Vudumen, bipsen, SiD3WiNDR!
1122475909 M * brett Thanks :)
1122475916 A * bipsen must try to merge 0.30.208 nd 0.30.208 CVS to see if things can start working...
1122475953 M * daniel_hozac bipsen: doesn't starting syslog make minilogd go away?
1122476001 M * Bertl bipsen: get both versions from cvs (the 0.30.208 release and the HEAD) then do a diff and select the interesting parts ...
1122476082 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il
1122476200 M * Bertl wb flock!
1122476319 M * matti Hi Bertl.
1122476319 M * matti ;]
1122476332 M * Bertl matti: :]
1122476360 M * matti Bertl: I've fresh coffee, want some?
1122476512 M * Bertl yeah, please! :)
1122476528 M * matti :)
1122476575 A * matti gives Bertl a cup of fresh black coffee, enjoy! ;]
1122476576 M * matti ;]
1122476606 M * Bertl tx
1122476706 M * SNy got milk?
1122476707 M * SNy ;p
1122476799 Q * monrad Quit: Leaving
1122476801 J * hallyn ~hallyn@pixpat.austin.ibm.com
1122477051 M * Bertl welcome hallyn!
1122477070 M * hallyn Thank you :)  Good morning.
1122477099 M * hallyn Say, are you still thinking of sending the vserver patches to lkml?
1122477124 M * Bertl yes, I guess I do :)
1122477205 M * hallyn Ok, if you don't do it before friday, I plan to have read through the full patchset in detail so maybe (maybe) I'll be more helpful in joining the discussion.
1122477249 M * Bertl k
1122477249 M * hallyn Hopefully with all the xen/virtualization talk everywhere, people will be inclined to say "I want this too!"
1122477320 M * hallyn I know, you probably don't really care :) ?
1122477374 M * Bertl what I still haven't decided is whether to post just an url to the broken down patches (32) or each patch inlined (as usus for reviewing)
1122477403 M * hallyn I would suggest inline.  Very few people will follow a url, (imo).
1122477826 M * Bertl hallyn: so what is your comment to the patches?
1122477950 M * hallyn Well I'm wondering whether people will prefer the ngnet or the old approach.  They didn't like the way bsdjail did networking...
1122477987 M * hallyn My comment is: i want it in.
1122478012 M * hallyn (I'll have more by tomorrow)
1122478015 M * Bertl hehe, may I ask, why? :)
1122478034 M * Bertl (the 'want it in' part)
1122478041 M * hallyn Because I use it at home, and it's very useful.
1122478059 M * hallyn Don't get me wrong: my management wants it in too.
1122478121 M * Bertl so it's a half personal, half official wish ...
1122478124 M * hallyn (but that doesn't help me so much)
1122478127 M * hallyn yes.
1122478188 M * Bertl well, I guess most linux-vserver user want it in too ... I'm just not convinced that this is the right way to go ...
1122478199 M * hallyn What do you mean?
1122478231 M * hallyn That once it goes in it's likely to get changed?
1122478255 J * monrad ~monrad@213083190130.sonofon.dk
1122478265 M * Bertl let's assume (only theoretically) that the kernel folks decide (well, of course only 30% of them) they want 'linux-vserver' in the mainline kernel
1122478298 M * Bertl of course there will be the following 'requirements' for an inclusion:
1122478312 M * Bertl - make it zero cost when disabled ...
1122478330 M * Bertl - use whatever existing framework is in the kernel
1122478369 M * Bertl - only have a subset of features they 'like'
1122478403 M * Bertl the first one, either results in some #ifdef hell, or a larger restructuring of the whole kernel
1122478434 M * Bertl the second one, probably will force us to utilize LSM hooks and maybe CKRM for resource management
1122478482 M * Bertl it will be a minimal version more compareable to vs1.2 ...
1122478587 M * Bertl and as a result of those, I will have to provide two things in the future:
1122478615 M * Bertl - maintainance for the 'broken' in kernel version
1122478641 M * Bertl - maintainence of the out of kernel patch, which might be even larger than the current one :)
1122478682 M * Bertl (removing inefficient interfaces/frameworks and replacing them by a more direct approach)
1122478684 M * hallyn Does vserver (excluding ngnet) actually have a performance impact?  I hadn't noticed at home, but haven't done any real profiling.
1122478730 M * Bertl hallyn: no, not really, but utilizing existing infrastructure in the kernel for security stuff would ...
1122478750 M * Bertl that's one reason why we do not do it atm ...
1122478779 M * hallyn Well so long as the upstream version is lsm+ckrm, you can just not load those modules, right?  Of course, given that this would offer no advantages to you whatsoever, you might just have to say someone else has to implement and maintain any "alternate" version of vserver.
1122478794 M * hallyn Cause I can see where that's not reasonable from your pov!
1122478830 M * Bertl serge, will you still be around in half an hour or so?
1122478853 M * hallyn yes, I should.
1122478867 M * Bertl okay, I have to leave now, but I'll be back in 30 I guess ...
1122478876 M * hallyn ok, ttyl
1122478889 M * Bertl perfect ...
1122478893 M * Bertl off then ...
1122478898 N * Bertl Bertl_oO
1122480530 N * Bertl_oO Bertl
1122480553 M * Bertl back now ..
1122480580 M * hallyn still here
1122480602 M * Bertl k, well, for example I tried it with debian .. and a special debian kernel patch ...
1122480636 M * Bertl and I have to say that the debian folks do spend a lot of time in this stuff ...
1122480663 M * Bertl nevertheless the result has very poor quality ...
1122480677 M * Bertl (compared to the mainline version)
1122480694 M * hallyn Why did they have their own kernel patch?
1122481231 M * Bertl because debian has it's own (outdated kernel :)
1122481257 M * Bertl s/kernel :)/ :) kernel/
1122481259 M * hallyn Ok - but they weren't trying to take a different approach, just back-porting?
1122481279 M * Bertl yep, it's a special patch version, lacking some features ...
1122481297 M * Bertl and of course it wasn't really updated from the point I provided the patch ...
1122481341 M * Bertl so I'm pretty certain that the 'quality' of linux-vserver will suffer from a mainline inclusion ...
1122481365 M * Bertl of course, it might OTOH allow more folks to test/use it ...
1122481391 M * hallyn I don't know, that seems to be more a matter of userspace utilities.  Depends on the user, of course.
1122481456 M * Bertl btw, what timeframe do you assume for such an integration?
1122481525 M * hallyn my god, i have no idea...  we could take a guess after gauging the initial reaction.  If they let vserver go in without making it use lsm+ckrm, then maybe < 1 yr?  Stab in the dark...
1122481588 M * Bertl hehe, okay at least you are realistic .. well, it took more than a year to get a syscall on every arch :)
1122481590 M * hallyn But then it really sounds like if the initial reaction is "rewrite this all in userspace" (hehe) you should just say "no, if anyone else wants to, they can."
1122481668 M * hallyn Hopefully someone like alan cox would end up backing us up.  He was in favor of bsdjail back in the day, so I would expect he'd like vserver.
1122481721 M * Bertl but I'm 100% sure that at least one kernel maintainer will comment: "we don't need another ioctl, please use separate syscalls for each command' :)
1122481749 M * hallyn or a fs interface.
1122481756 M * Bertl and the second response probably will be, "that can easily be done with a filesystem" :)
1122481783 M * hallyn I volunteer to do that implementation, assuming you're not against it on principle.
1122481801 M * Bertl well, it is not really doable ...
1122481859 M * Bertl let me rephrase this: it's doable, but it really doesn't make things easier ...
1122481860 M * hallyn then i take that back :)
1122481934 M * Bertl but there are some kernel interfaces I'm looking at which might become very interesting in the future (of linux-vserver) like netlink, relayfs and the debugfs
1122481990 M * Bertl and of course, once CKRM has reached some stability and improved performance, it's still my #1 candidate for resource management
1122482028 M * hallyn how far off do you think that is?  (ckrm reaching "stability")  I havne't really looked at ckrm...
1122482072 M * Bertl well, telling from the effords done to make it integrateable (on lkml) I'd say it will need at least half a year to stability
1122482095 M * Bertl and probably another half to be somewhere near to a replacement for what we currently have ...
1122482157 M * Bertl of course, if it still exists then, it might provide features we currently lack ...
1122482292 M * hallyn Is ckrm supposed to allow you to tie a class to a particular cpu?  (i wonder)
1122482293 M * Bertl but to get back to the original track (patch submission for review :)
1122482319 M * Bertl no, and it was discouraged to have two interfaces for that (see cpusets)
1122482353 M * hallyn hmm.
1122482361 M * Bertl but I guess that's not a big issue, as you can use the task affinity to control that
1122482422 M * Hollow morning folks
1122482429 M * hallyn I see - I'd thought cpusets were in-kernel only.  That does look useful.
1122482445 M * Bertl hey Hollow!
1122482491 P * timster 
1122482589 M * Bertl hallyn: well, the cpusets are (for kernel internal) but it was just an example ...
1122482596 M * hallyn All right, I need to go for about 2 hours.  But I promise to do my homework by tomorrow  :)
1122482622 M * hallyn They talk about using cpusets for application binding...
1122482631 M * Bertl yes ...
1122482647 M * Bertl okay, thanks for the conversation, have a good time!
1122482686 M * hallyn nono, thank you :)  ttyl
1122482687 Q * hallyn Quit: leaving
1122483371 J * DaPhreak_ ~phreak@styx.xnull.de
1122483484 Q * DaPhreak Ping timeout: 480 seconds
1122483534 Q * meebey Ping timeout: 480 seconds
1122483733 Q * prae Quit: Execute Order 69 !
1122483818 J * meebey meebey@booster.qnetp.net
1122484036 Q * DaPhreak_ Read error: Connection reset by peer
1122484038 J * DaPhreak ~phreak@styx.xnull.de
1122485374 J * _ag_ ag@caladan.roxor.cx
1122485446 M * Bertl okay ... off for today ...
1122485460 M * Bertl night folks!
1122485468 N * Bertl Bertl_zZ
1122486385 J * stefani ~stefani@superquan.apl.washington.edu
1122486569 P * matti 8-X
1122486770 M * brett Quick question.  Concerning networking, what are the benefits to using route over iptables?
1122486784 M * brett If the question doesn't expose it, I'm not too familiar with either :)
1122487415 M * maharaja :)
1122487452 M * maharaja as far as i know, route is the default way to tell linux how to "route" (send) ip packets
1122487498 M * maharaja you can tell linux via route, that all packets to destination ip or destination network x have to be send via interface ethX
1122487518 M * maharaja afaik, this is the only thing you can do with route
1122487532 M * brett ahhh....that makes sense...yes...
1122487535 M * maharaja route can be used for ipv4, ipv6, etc.
1122487552 M * maharaja (use "man route" or "route --help")
1122487564 M * brett So it'd only be useful if you were doing some vlan stuff?  Or possibly ethernet device aliases?
1122487566 M * maharaja with iptables, you can manipulite lots of things inside a ip packet
1122487598 M * daniel_hozac route is required if you want to send packets anywhere other than your own IP addresses.
1122487618 M * maharaja i do not know when iptables is invoked - if its before or after the routing table
1122487626 M * daniel_hozac both.
1122487635 M * maharaja ah, prerouting/postrouting ;)
1122487641 M * brett But since starting a vserver will add the verser's ip address to the ethernet device, it wouldn't be overly useful....right?
1122487644 M * maharaja pretty obvious
1122487661 M * maharaja brett: do you mind telling us what you plan to do?
1122487715 M * brett I'm just asking general questions :)  I have a vserver running right now and am using iptables to let it run some services, but had read the same thing could be accomplished with route...
1122487733 M * maharaja not really
1122487737 M * daniel_hozac iptables and route don't do the same thing.
1122487745 M * maharaja route does not know anything about ports/protocols, etc
1122487768 M * maharaja its plain: this packet wants to go to ip a.b.c.d - send it via ethX
1122487836 M * maharaja another thing is, that route may only be used for existing devices
1122487852 M * maharaja whereas iptables is build to cope with devices that do not (yet?) exist
1122487874 M * maharaja like "iptables -A OUTPUT -d 10.1.1.0/24 -o eth99" does work
1122487898 M * maharaja if you try something like "route add -net 10.1.1.0/24 gw 10.1.1.1 eth99" you'll get an error msg
1122487928 M * brett So would route distinguish between an device and its aliases or something like eth0:1?
1122488035 M * maharaja mhm - don't know
1122488055 M * maharaja i would guess no
1122488060 M * maharaja but i never tried it
1122488066 M * brett Fair enough :)
1122488115 M * stefani so iptables in a guest does work ?  how about setting up a tun device ? 
1122488142 M * brett This is on the host...
1122490524 M * micah hola stefani
1122490577 M * stefani hola: perhaps i ought to go with NGN.  that looks pretty interesting. 
1122490906 J * ntrs ntrs@Dardeene-68.188.50.87.charter-stl.com
1122491613 M * micah not sure where NGN is at yet, since the focus has been on getting 2.0 finished
1122491625 M * micah stefani: what are you trying to accomplish?
1122491938 M * stefani i have a physical machine running openvpn, running  in tun mode.  the box may have bad memory, and so i was considering temporarily moving openvpn to a guest.  but that is not looking like an option. 
1122492970 M * micah hmm I thought I saw on the mailing list someone talking about openvpn in a vserver
1122493025 M * daniel_hozac i too believe it's doable. you'll need to give the guest enough capabilities to mess with anything related to networking though, i think.
1122493028 M * micah http://www.paul.sladen.org/vserver/archives/200505/0238.html
1122493076 M * micah looks like enrico (the author of util-linux) runs a lot of openvpn's in vservers: http://www.paul.sladen.org/vserver/archives/200505/0241.html
1122493098 M * daniel_hozac s/util-linux/util-vserver/ ;)
1122493729 M * stefani ooh. 
1122493780 M * stefani but they look like openvpn clients, not servers with iptables-MASQ type "routing" 
1122494518 Q * bipsen Read error: Connection reset by peer
1122495903 J * yarihm ~yarihm@80-218-5-17.dclient.hispeed.ch
1122496154 J * bipsen ~secret@pat.progressive.dk
1122497076 Q * brett Quit: Leaving
1122497282 J * jdgiguere geom@Toronto-HSE-ppp3748495.sympatico.ca
1122497306 M * jdgiguere Hi all
1122497343 M * jdgiguere I have trouble with my X11 forwarding :-(
1122497657 M * jdgiguere This is a sample output : http://rafb.net/paste/results/96DVLi91.html
1122500154 Q * cereal Ping timeout: 480 seconds
1122500246 N * bipsen bipsen_zZ
1122500517 M * Doener` jdgiguere: use "X11UseLocalhost no" in sshd_config in the vserver
1122502587 J * Aiken ~james@tooax8-097.dialup.optusnet.com.au
1122503128 Q * yarihm Quit: Leaving
1122504366 J * shuri ~shuri@64.235.209.226
1122504823 Q * shuri Read error: Connection reset by peer
1122508077 P * stefani I'm Parting (the water)