1124582534 J * renihs ~renihs___@193.170.52.70 1124582612 Q * renihs Quit: 1124583017 M * Hollow Bertl: ok, fixed the buggy if/hdd down logic... imo this should be waht we need to abstract for guest contexts 1124583155 M * Nicoli what client OSs does Vserver work with ? i mean is what can be run as a vds on vserver ? 1124583222 M * Bertl linux ... all kind of linux distributions ... 1124583248 M * Nicoli just a amtter of patching um ? 1124583310 M * Bertl hmm ... most distros run unmodified ... of course you want to cleanup start/stop scripts (usually) 1124583315 M * Nicoli chand: how about BSD and Darwin ? 1124583323 M * Nicoli er Bertl 1124583345 M * Bertl as linux-vserver does not run other kernels, but uses a single (host) kernel, you can not run those ... 1124583370 M * Nicoli ahh, yea 1124583589 M * Hollow though you could run bsd userland ;) 1124583643 J * renihs ~renihs___@193.170.52.70 1124583655 M * Bertl yeah, probably as far as binary compatibility goes, even solaris binaries, IIRC :) 1124583679 M * Hollow with gentoo/freebsd you could even "emerge bsdtar" .. ;) 1124583689 M * Hollow paralell to gnutar 1124583695 M * Hollow e.g. 1124583733 M * lownoize hmm 1124584012 M * renihs hmm say, is it possible to run a vpn server (openswan) with a guest?, or does this require to compromise security? 1124584063 M * Bertl depends on the kind of security you have in mind ... 1124584071 M * Bertl (and of course, on the setup) 1124584150 M * Bertl okay, I'm off to bed now .... have a nice whatever everyone! 1124584150 M * renihs i mean, do i have to enable network stuff (on the host) for the guest system which makes it easy to break out? 1124584159 M * renihs gn8 Bertl 1124584167 N * Bertl Bertl_zZ 1124585312 M * renihs gruml, openswan doesnt seem to compile, nvokepluto.c:184: deprecetead stuff, if i add -Werror to compiler flags it aborts a bit later :) 1124586031 M * renihs ha, openswan 2.3.1 worked :) 1124587875 Q * keyser_soze Quit: Abandonando 1124592344 Q * Aiken Quit: Leaving 1124593959 Q * renihs Remote host closed the connection 1124598994 Q * lownoize Ping timeout: 480 seconds 1124599601 J * lownoize ~lownoize@p54AC8640.dip0.t-ipconnect.de 1124599959 Q * lownoize Quit: Leaving 1124604174 Q * lilo Remote host closed the connection 1124604509 J * lilo ~lilo@lilo.usercloak.oftc.net 1124610427 M * eyck openswan rocks, compared to freeswan at least 1124612889 J * renihs ~renihs___@193.170.52.70 1124614117 J * Aiken ~james@tooax6-099.dialup.optusnet.com.au 1124617852 J * ntrs_ ~ntrs@Dardeene-68.188.50.87.charter-stl.com 1124617852 Q * ntrs Read error: Connection reset by peer 1124618083 Q * renihs Ping timeout: 480 seconds 1124618689 J * renihs ~renihs___@193.170.52.70 1124619709 Q * renihs Remote host closed the connection 1124620530 J * Aiken_ ~james@tooax8-172.dialup.optusnet.com.au 1124620849 Q * Aiken Ping timeout: 480 seconds 1124621807 J * Neubix ~brian@G5610.g.pppool.de 1124621823 M * Neubix Hi all , 1124621861 M * Nicoli yo 1124622777 N * Bertl_zZ Bertl 1124622789 M * Bertl morning folks! 1124622803 J * keyser_soze ~cimarron@host113.201-252-24.telecom.net.ar 1124622820 M * Hollow morning Bertl: http://phpfi.com/75010 ;) 1124622859 A * Bertl is looking ... 1124622963 M * Bertl hmm, interesting ... does it allow fractions? 1124622988 M * Hollow fraction of what? 1124622995 M * Hollow you mean float values? 1124623001 M * Bertl yep 1124623003 M * Hollow no 1124623052 M * Hollow i'm not sure if the calculation is correct, but imom it looks ok... http://home.xnull.de/work/gentoo/vserver/tools/vschedcalc 1124623143 M * Bertl ah, k, you might want to allow the rate to be specified ... 1124623153 M * Hollow yeah, k 1124623159 M * Bertl something like add tokens in chunks of [] 1124623170 M * Hollow but does it make any difference if i take 1/10 or 10/100? 1124623178 M * Bertl yep, definitely 1124623183 M * Hollow in which way? 1124623194 J * blah123 ~douglas@c-67-160-174-224.hsd1.or.comcast.net 1124623200 M * Bertl the amount of tokens is calculated in a discrete way 1124623202 M * blah123 anyone alive? 1124623206 M * Bertl welcome blah123! 1124623211 M * blah123 ltns bertl 1124623212 M * blah123 :) 1124623217 M * blah123 how are things? 1124623228 M * blah123 I got a couple of questions of course :) 1124623245 M * Bertl Hollow: so rate=1 means every jiffie, rate=10 means every 10 jiffies, but not between those intervals ... 1124623257 M * Bertl blah123: fine, thanks! and for you? 1124623270 M * blah123 first off. vprochide, whered it go? :) it mentions that it comes with the devel tools. I'm looking at the stable and devel and it appears that the stable version is hire then the devel version of tools. 1124623281 M * blah123 everythings great. 1124623289 M * blah123 just messing with my test boxes :) 1124623300 M * blah123 it being the website 1124623302 M * Bertl well, what versions are you talking about ... :) 1124623308 M * blah123 the util-server 1124623336 M * blah123 from stable to devel 1.9.5 on the website 1124623343 M * blah123 ahh hmmm I'm reading the topic 1124623347 M * Hollow Bertl: i thought rate is just how many tocken we put in the bucket each interval? 1124623349 M * blah123 13floor not updated anymore? 1124623365 M * Bertl blah123: we got stable on 2.6 (vs2.0) :) 1124623397 M * blah123 yea 1124623398 M * Bertl http://www.13thfloor.at/vserver/s_rel26/overview/ 1124623400 M * blah123 thats what I'm plauying with 1124623413 M * blah123 vprochide is still not included in the version of util? 1124623436 M * Bertl sure, version is 0.30.208 (tools) vprocunhide is included (not vprochide :) 1124623458 M * blah123 the name changed? 1124623459 M * blah123 lol 1124623487 M * Bertl hmm, well, never knew there was a vprochide in the stable tools ... 1124623506 M * Bertl Hollow: let me give you an example ... 1124623510 M * blah123 where is vprocunhide installed? 1124623516 M * blah123 if I were using the normal default dirs? 1124623542 M * Bertl /etc/init.d/vprocunhide 1124623604 M * blah123 actually defaults its /usr/local/etc/init.d 1124623607 M * blah123 lol 1124623642 M * Bertl depends on the package :) 1124623660 M * blah123 may want to change that on the next release. no big deal, but I think every distro that I know of uses /etc/init.d but shrug 1124623676 M * blah123 on which package? the util-vserver-0.30.208 lol 1124623713 M * Bertl the util-vserver.tar can be ./configured to all kind of pathes ... 1124623727 M * blah123 yea but I'm saying default, with no changes. 1124623730 M * Bertl the distributions/distributors make packages for distros 1124623732 M * blah123 I know it can 1124623744 M * Bertl for example, there are mandrake packages on my site 1124623755 M * blah123 I was installing from source 1124623756 M * blah123 I apologize 1124623760 M * blah123 I should have mention that prior 1124623762 M * Bertl those will use the proper pathes for mandrake 1124623776 M * Bertl debian has very different pathes for example 1124623794 M * blah123 you mean standard paths? :) 1124623794 M * Bertl they put /vservers into /var/lib/ (only one example) 1124623795 A * blah123 runs 1124623807 M * blah123 hehe i know you are a debian hater :) 1124623827 M * Bertl huh? I'm using debian on several machines ... 1124623830 M * blah123 I wonder why 1124623834 M * blah123 I though you hated debian 1124623851 M * blah123 back in the day I offered to put a mirror up for you on a debian box and you were like god no. 1124623854 M * blah123 lol 1124623863 M * Bertl not really, what I hate is stubborn maintainers ... 1124623872 M * blah123 who doesn't 1124623873 M * blah123 :) 1124623875 M * DaCa :) 1124623896 M * Bertl and it seems that debian slowly gets maintained :) 1124623911 M * blah123 hmm but there are certain standards I think apply to most, I mean I dont think any distro uses /usr/local/etc/init.d :) 1124623932 M * blah123 yea but for the most part its stable 1124623932 M * Bertl every package uses */local/* for defaults ... 1124623943 M * blah123 I've being useing debian for years. many many years. 1124623950 M * DaCa yes, but if you build from source it should go to /usr/local 1124623955 M * Bertl this is so that it doesn't mess with the distro packages 1124623957 M * blah123 at least 7 1124623969 M * blah123 and I've never, ever had a debian box crash 1124624021 M * Hollow my distro never ccrashes too ;) 1124624035 M * Hollow what surprise 1124624038 M * blah123 although I have had several redhat boxes crash 1124624061 M * blah123 couple of mandrakes. and two suse+novell boxes crash 1124624090 M * blah123 so I'm not saying debian is the best. but its certainly stable. :) 1124624109 M * blah123 gentoo is pretty nice too 1124624121 M * Hollow blah123: right :P 1124624134 M * blah123 but gento as a vserver is not really optimal for a hosting enviroment. too much cpu to upgrade. 1124624150 M * blah123 maybe as the host machine 1124624161 M * blah123 but not as a vserver 1124624179 M * Hollow well, if you use bin packages produced on another machine it's pretty much no load at all 1124624285 M * blah123 yea if you had two machiens the same hardware sure, but otherwise what would be the point then of gentoo? it just be another binaried distro 1124624290 M * blah123 thats what I liked about gentoo 1124624300 M * blah123 everything compiled from source so its compiled for your system, your hardware. 1124624302 M * blah123 brb 1124624304 M * Bertl Hollow: http://vserver.13thfloor.at/Stuff/interval.png 1124624312 M * Hollow you even don't need the same hardware, there is a great cross-dev kit in gentoo... 1124624321 M * Bertl the first line is with interval=1 rate=1 1124624332 M * Bertl the second one is interval=10 rate=10 1124624368 M * Hollow hmm 1124624388 M * Hollow and what does it mean for processes? they're scheduled more "fluently"? ;) 1124624401 M * Hollow in case 1 1124624403 M * Bertl really depends on the setup ... 1124624420 M * Bertl in the prio scheduler case it will result in a higher token value ... 1124624462 M * Bertl with proper min values you can get all kinds of effects ... 1124624496 M * Bertl but I agree that over a longer time they are equivalent 1124624539 M * Hollow longer time i.e. cpuhog e.g.? if a process consumes endless cpu time 1124624540 M * Bertl the problem is more the scheduling effects ... 1124624568 M * Bertl let's assume that a process will run for 5 ticks, then wait for another 10 1124624580 M * Bertl (periodically) 1124624582 M * Hollow ticks means jiffies? 1124624587 M * Bertl yep 1124624588 M * Hollow k 1124624617 M * Bertl now if you have a setup interv=2 rate=1 compared to interv=10 rate=5 ? 1124624646 M * Bertl in the first case, the process will get rescheduled 5 times before it will wait 1124624676 A * mugwump sits down at the back and eats popcorn 1124624678 M * Bertl taking a total of 10 tick + 10 ticks waiting 1124624694 M * Bertl hey mugwump! why am I explaining that? :) 1124624706 M * Hollow the 5 tick operation, does take 10 ticks? 1124624724 M * mugwump hey Bertl ... nice work on the 2.0. I've been preparing a talk recently 1124624736 M * Bertl Hollow: yep, even longer, because the process runs for one tick every two ticks ... 1124624750 M * Bertl mugwump: thanks, you like vs2.0? 1124624775 M * Hollow so, a lower rate means more scheduling overhead 1124624776 M * Hollow ? 1124624778 M * mugwump Sure, worksforme :) 1124624787 M * Bertl mugwump: great! for me too :) 1124624809 M * Bertl Hollow: yes, usually (especially if the process is cpu bound) 1124624821 M * Bertl Hollow: but it also means lower latencies ... 1124624827 M * Hollow ok, but this only applies if the bucket is empty, no? 1124624845 M * Bertl without the priority adjustments, yes 1124624907 M * Hollow so, the interval should be (100/$avgcpu)*$interval ? 1124624913 M * Hollow err 1124624915 M * Hollow $rate 1124625005 M * Nicoli is there a vserver kernel patch for BSD ? 1124625054 M * Bertl not that I know of, but they have something called 'jails', which is not as advanced as linux-vserver but better than a simple chroot 1124625165 M * Bertl okay, have to get going ... (theatre) 1124625173 M * Bertl will be back later this evening ... 1124625176 M * eyck theatre? 1124625187 M * eyck eeh, what is wrong with the people these days.. 1124625191 N * Bertl Bertl_oO 1124625219 M * mugwump getting all cultured and stuff :) 1124625262 M * Nicoli heh 1124625278 Q * Neubix Read error: Connection reset by peer 1124625290 M * Hollow yeah.. some people have such thing called "real life" 1124625310 M * Hollow maybe you should look up it's manpage 1124625374 M * Nicoli yea 1124625380 M * Nicoli i hseard its soemwhre in montana 1124625384 M * Nicoli heard 1124625537 M * mugwump Hollow, what type of systems are you trying to bound via the CPU scheduler? 1124625562 M * Hollow gentoo vserver guests 1124625592 M * mugwump sure, what type of applications ? cpu hogs / disk hogs / mix / etc? 1124625619 M * Hollow sorry, can't follow... 1124625621 M * Nicoli whoch reminds ms, is vserver part of partage in gentoo ? or jsut an ebuild ? 1124625635 M * Hollow Nicoli: http://dev.gentoo.org/~hollow/vserver/ 1124625655 M * Hollow look at the bottom of the page for packages in gentoo 1124625706 M * Nicoli thanks 1124625726 M * mugwump I mean, what sort of application is running in the vservers that you're trying to prioritise? 1124625748 M * mugwump a "cpu hog" is a process that primarily places demand on the system processor 1124625769 M * mugwump a "disk hog" or "IO hog" is one that eats disk, like Pg vacuuming 1124625783 M * mugwump a "memory hog" is one that consumes lots of memory while it's running 1124625802 M * mugwump a "network hog", etc etc 1124625948 J * Neubix ~brian@G4576.g.pppool.de 1124626221 M * Hollow mugwump: well, the hard cpu scheduler is for cpu, so looks like i'm talking about cpuhogs here 1124626341 M * sid3windr something on my server is running away witha lot of ram 1124626352 M * sid3windr any way to check which vserver is using it up? 1124626373 M * mugwump sid3windr: you can use `vtop', and press M to sort by memory 1124626381 M * mugwump that will give a quick hint, anyway 1124626392 M * sid3windr :( 1124626403 M * mugwump look at the RSS column 1124626437 M * mugwump `vserver-stat' will show you total VSZ, which is related but relatively useless. Sometimes you'll see your smoking gun with it, though. 1124626462 M * sid3windr yea, vserver-stat didn't give me too much 1124626520 M * mugwump apache looks to take up hundreds of megabytes, but it isn't 1124626580 M * mugwump vserver-stat isn't smart enough to track /proc/NNN/maps to avoid double-counting memory 1124626671 M * mugwump sid3windr: so, `vmstat 1' is showing lots of swap activity? 1124626676 M * mugwump (si/so column)? 1124626821 M * mugwump sid3windr: `vps vaxww | sort +9n | tail -10` should show you top 10 processes on system, assuming your `ps' isn't too different from the one in psutils 1124626834 M * mugwump top 10 RSS hogs, anyway 1124626907 M * mugwump always spamd on my system ;) 1124626946 Q * sid3windr Ping timeout: 480 seconds 1124627228 Q * mcp Read error: Connection reset by peer 1124627250 J * _mcp ~hightower@wolk-project.de 1124627250 M * mugwump hi _mcp ! 1124627250 N * _mcp mcp 1124627377 M * mugwump bah, looks like I failed that Turing test. Think I'll sleep, instead 1124627471 J * sid3windr luser@bastard-operator.from-hell.be 1124627535 M * mugwump back, sid3windr ... did you run out of vm in the end? 1124627580 M * mugwump in case you didn't get it before, something like `vps vaxww | sort +9n | tail -10` should have shown you the 10 processes using the most resident memory, along with the vserver that they are in 1124627598 M * sid3windr yes, I did :( 1124627611 M * sid3windr some 5-10min swapping to death 1124627621 M * sid3windr apparently mysql has 80M/thread 1124627839 M * sid3windr thanks for the help 1124627865 M * sid3windr it's not really fixed yet 1124627868 M * sid3windr but owell. :p 1124627978 M * mugwump you can limit a single vserver's VM size with ulimit, sid3windr 1124628001 M * mugwump although that probably doesn't affect total VM, n/m 1124629500 Q * Aiken_ Quit: Leaving 1124629526 J * hound_ debian-tor@seppia.noreply.org 1124629551 M * hound_ what problems are there with running an xserver inside a vserver 1124630222 M * hound_ oh n/m it was working, I had just messed up the scripts trying to stop it from using 127.0.0.1 1124630340 Q * sid3windr Ping timeout: 480 seconds 1124630571 Q * Loki|muh Remote host closed the connection 1124630577 J * Loki|muh loki@satanix.de 1124630996 J * sid3windr luser@bastard-operator.from-hell.be 1124631335 M * sid3windr CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME 1124631335 M * sid3windr 0 279 2.1G 182.3K 11d27h05 16h40m58 133d32h55 root server 1124631335 M * sid3windr 1 1 3.1M 554 0m00s74 0m01s20 0m34s53 monitoring server 1124631339 M * sid3windr I just noticed that monitoring server 1124631341 M * sid3windr what is it? 1124631396 M * daniel_hozac it's the context that vps and other utilities use for seeing all processes. 1124631426 M * Hollow big brother 1124631427 M * Hollow ;) 1124631434 M * daniel_hozac haha 1124631483 M * Hollow the almighty big brother context is always watching you.. err your contexts ;) 1124631504 M * Hollow and it reads your credit card information 1124633740 Q * Hollow Remote host closed the connection 1124633835 Q * keyser_soze Quit: Abandonando 1124633924 J * Hollow ~Hollow@home.xnull.de 1124635148 J * renihs ~renihs___@193.170.52.70 1124635736 M * Nicoli hrm 1124635741 M * Nicoli [root@vds1 yum.repos.d]# vserver min-centos4 build -m yum --hostname vs1.outpost-host.com --interface domain=eth0:208.53.159.191 --initstyle sysv \ --context 500 --force -- -d centos4 1124635742 M * Nicoli cp: cannot stat `/usr/local/etc/vservers/.defaults/vdirbase/.pkg/min-centos4/yum/etc/yum.conf': No such file or directory 1124635744 M * Nicoli rm -rf /usr/local/etc/vservers/.defaults/vdirbase/min-centos4 /usr/local/etc/vservers/min-centos4 /usr/local/etc/vservers/.defaults/vdirbase/.pkg/min-centos4 1124635745 M * Nicoli [root@vds1 yum.repos.d]# vserver min-centos4 build -m yum --hostname vs1.outpost-host.com --interface domain=eth0:208.53.159.191 --initstyle sysv \ --context 500 --force -- -d centos4 1124635747 M * Nicoli vserver-topdirectory '/usr/local/etc/vservers/.defaults/vdirbase/min-centos4' and/or configuration at '/usr/local/etc/vservers/min-centos4' 1124635748 M * Nicoli exist already; please try to use '--force', or remove them manually 1124635750 M * Nicoli rm -rf 1124635752 M * Nicoli [root@vds1 yum.repos.d]# 1124635758 M * Nicoli any ideas ? 1124636730 M * blah123 hey bertl 1124636737 M * blah123 or anyone 1124636772 M * blah123 anyone there? 1124638287 M * eyck no 1124638698 M * Nicoli not i 1124639943 M * micah i'm not here 1124640790 Q * sid3windr Ping timeout: 480 seconds 1124641095 J * sid3windr luser@bastard-operator.from-hell.be 1124642430 J * keyser_soze ~cimarron@host113.201-252-24.telecom.net.ar 1124643514 Q * Neubix Quit: Verlassend 1124643795 Q * sid3windr Ping timeout: 480 seconds 1124644186 J * sid3windr luser@bastard-operator.from-hell.be 1124645247 Q * keyser_soze Quit: Abandonando 1124645335 Q * renihs Ping timeout: 480 seconds 1124645424 P * hound_ Leaving 1124646638 J * renihs ~renihs___@193.170.52.70 1124646663 Q * renihs Remote host closed the connection 1124647308 Q * monrad Quit: Leaving 1124648480 Q * sid3windr Ping timeout: 480 seconds 1124648772 J * sid3windr luser@bastard-operator.from-hell.be 1124650746 M * eyck neither am i 1124651308 M * Nicoli did anyoen get a chance to look @ what i pasted ? 1124651406 M * Hollow Bertl_oO: wrt kernel-userspace communication, is it possible to kobjects + its event layer? 1124651415 M * Hollow s/to/to use/ 1124651670 J * keyser_soze ~cimarron@host113.201-252-24.telecom.net.ar 1124652926 Q * yarihm Quit: Leaving 1124653754 M * Greek0 Hollow: do you have time for an explaination what you mean? 1124654899 J * Aiken ~james@tooax6-098.dialup.optusnet.com.au 1124655284 M * Hollow Greek0: we were talking about how the kernel sends context state changes to user space 1124655324 M * Greek0 though the vshelper binary? 1124655335 M * Greek0 +r 1124655372 M * Hollow since we were talking about future implementations of the utils it may not be vshelper but a similar app 1124655381 M * Hollow but in general, yes 1124655416 M * Greek0 and what did you actually ask about? what have kobjects to do with this? 1124655466 M * Hollow just read about the kobject event layer, can't this be used to notify user space about context state changes? just like for the hotplug system 1124655553 M * Greek0 ok, I haven't looked much into the kobject stuff, but I've read a little bit of the vserver patch, and saw how it notifies userspace. 1124655597 M * Greek0 and it really isn't that much code, just some that intercepts halt/reboot requests in the kernel if current->xid != 0, and then the setup code for the userspace-helper 1124655619 M * Greek0 ie. what would be the advantage of using the kobject stuff? 1124655784 M * Hollow well, there could be many differnet state changes 1124655791 N * Bertl_oO Bertl 1124655793 M * Hollow some of them are already defined, though not used 1124655800 M * Hollow VSC_SHUTDOWN etc pp 1124655804 M * Hollow hey Bertl 1124655814 M * Bertl evening folks! 1124655841 M * Greek0 hi 1124655903 M * Bertl well, kobjects might be one way ... but there are plenty of other ways to notify userspace ... 1124655904 J * mess-mate ~mess-mate@lns-vlq-7-lil-82-254-207-221.adsl.proxad.net 1124655915 M * Bertl welcome mess-mate! 1124655929 M * mess-mate hi there :) 1124655986 M * Bertl Hollow, Greek0: for example a simple user readable file (maybe one for each context in the future vsfs) would solve that too .. 1124656005 M * mess-mate Bertl: is it your automated welcome message ? 1124656013 M * Hollow vsfs sounds neat :) 1124656051 M * Bertl mess-mate: yes, all automated in wet-ware :) 1124656145 M * mess-mate Little newbie question: i've installed my first debian vserver. That little base take +/- 500M. What other can we do with vserver ? 1124656154 M * Greek0 Bertl: why would you implement an fs for vserver? i.e. what data would you like to export? 1124656241 M * Bertl Greek0: we have a lot of stuff now in /proc/virtual and /proc/virtnet, stuff which actually does not belong to the procfs at all ... 1124656268 M * Bertl and the 2.6 debugfs looks like a nice framework to use for a vsfs ... similar to sysfs ... 1124656282 M * daniel_hozac why not use sysfs itself? 1124656417 M * Bertl yeah, could be an option ... but maybe you want to have 'different' permissions/hooks ... 1124656424 M * Greek0 well, why not leave it in procfs? of course it's not very proc related, but it's an easy way to export data, and I'm a bit sceptical if yet another virtual fs is the right solution 1124656455 M * Bertl Greek0: basically you could mount it 'over' a proc entry ... 1124656483 M * Greek0 mount none -t vsfs /proc/virtual ? 1124656491 M * Bertl for example ... 1124656531 M * Bertl would probably simplify procfs (for the guests) 1124656559 M * Greek0 well, probably it's just that I see new virtual fs's popping up left and right currently.. it seems like we're shifting from proc to sys to custom fs. 1124656592 M * Greek0 well, isn't the hiding of the vitual/virtnet entries done by the normal mechanism via the attributes? 1124656702 M * Bertl yes and no .. the main issue with the virt entries is the way procfs allocates inodes 1124656732 M * Bertl so we currently do some tricky stuff so that we do not clash with the proc inodes 1124656811 M * Greek0 ic 1124657191 M * Bertl mess-mate: still struggling with your guest/install? 1124657841 M * mess-mate Bertl: yes... I don't understand how vserver works exactly. Thought install a vserver as a mailserver, and others, but it needs always a base system, do it ? 1124657968 M * mess-mate Bertl: i mean, a vserver can't share the binary's of a host ? 1124658237 M * Bertl it can .. it's just not the 'usual' way you set it up ... 1124658268 M * mess-mate Bertl: as an example: i've a router/firewall/proxy machine + a webserver/mailserver machine. Can i, on 1 machine, setting-up a vserver for that router/firewall/proxy part and an other for that webserver/mailserver part sharing the same binary's of the host=base of that 1 machine ? 1124658318 M * Bertl you can, but in this kind of setup you probably want to do something different:) 1124658386 M * Bertl for example, you could set up a minimal system for the routing/firewall part on the host, but for logons from outside (via firewall) a separate guest (with more tools/stuff 1124658406 M * mess-mate Bertl: of course it can the usual way (without a vserver) but as i understood vserver works in a chroot environment, do it ? 1124658417 M * Bertl and parallel to the logon guest, you would setup a guest for the web stuff, and maybe a mailer guest 1124658450 M * Bertl mess-mate: linux-vserver is kernel support plus a bunch of userspace tools which allow you to do the following: 1124658487 M * Bertl do something similar to chroot (but more secure) for filesystems, process spaces and ip-ranges 1124658525 M * Bertl so, if you do not want to restrict the filesystem, that's quite fine, but of course, you give up a part of the security aspect ... 1124658566 M * Bertl assuming that each 'guest' does not interfere with the other guests, they can easily share the very same filesystem 1124658604 M * Bertl (the downside is, each guest will be a potential security issue for the other ... 1124658623 M * mess-mate Bertl: ok so it can. What do you mean 'very' same filesystem => not completely ? 1124658656 M * Bertl you can have both, the same and a separate view into the same filesystem :) 1124658690 M * Bertl let me give you an example: do you have a vserver host installed? 1124658755 M * mess-mate Bertl: because i've get to go outside of 1 chroot server to share a part of an other vserver ? 1124658810 M * Bertl pardon? 1124658865 M * mess-mate Bertl: i've just installed a debian/testing in a vserver. Had 3 days work to find out how todo. Followed a WRONG tuto. Finally a simple thing :( 1124658947 M * Bertl hope you fixed the tutorial? 1124658991 M * mess-mate Bertl: no, deleted it. :) 1124659118 M * Bertl so that must have been a tutorial outside of our wiki pages then ... 1124659232 M * mess-mate Bertl: here it is: http://linux-vserver.org/Step-by-Step+Guide+2.6. What's wrong: vserver DebianSid build -m debootstrap -- -d sid -m ftp://ftp.at.debian.org/debian/. There are dependancy problems with that command. A simple debootstrap vserver foo do it. 1124659273 M * Bertl what kind of problems? 1124659288 M * Bertl at least it works fine for woody and sarge IIRC 1124659369 A * Bertl is trying that now ... 1124659379 M * mess-mate Packages are retrieved WITHOUT the dependcy's of them. Sorry, the command is: debootstrap --resolve-deps vserver foo. 1124659414 M * Greek0 mess-mate: aehm. might very well be a debootstrap problem 1124659434 M * Greek0 aj towns uploaded a new debootstrap version after sarge release, which broke quite horribly 1124659474 M * Greek0 a friend of mine tried to use debootstrap to setup a sid buildd one week ago, and debootstrap died horribly 1124659494 M * Greek0 cdebootstrap worked a bit better, but also didn't manage to bring sid to live. 1124659511 M * Bertl yes, it's funny _how_ broken recent debian is .. I always thought sarge was broken :) 1124659536 M * Greek0 IMHO the best way would be to use debootstrap to setup a etch/sarge/woody vserver and then update it. 1124659539 M * Bertl well, it fails here with: E: Couldn't download libsigc++-1.2-5c102 1124659563 M * mess-mate Now my debootstrap works well, but is there a way witout the use of a debootstrap ? 1124659580 M * Greek0 c102 means that it's a package with the old C++ ABI IIRC 1124659590 M * Greek0 and those may very well be gone from the archive by now 1124659604 M * Bertl mess-mate: sure, you can build the guest in whatever way you like ... 1124659649 M * mess-mate Bertl: i've installed ETCH, not SID. That works. 1124659652 M * Bertl mess-mate: have a look at the util-vserver page for other build methods ... 1124659687 M * Bertl http://linux-vserver.org/alpha+util-vserver 1124659697 M * Greek0 mm, nice. sid still not debootstrap-able *g* 1124659714 M * Bertl yep, same error again ... 1124659981 M * Greek0 when it tries to fetch *c102 it clearly wants a package with the old ABI version. so it probably tries to install a package that wasn't rebuilt with g++-4.0 1124660060 M * mess-mate Bertl: ok, but we have only debian linux and openbsd/freebsd systems here. So,the same command is still there for debian: vserver build -m debootstrap * -- -d sarge # or woody 1124660267 M * Greek0 mess-mate: for Debian that's certainly the best way. you just can't bootstrap sid currently due to the g++-4.0 ABI transition that's going on (and breaking stuff) in sid currently 1124660291 M * mess-mate Anyone setup a vserver like this: mkdir /vservers/XX 1124660291 M * mess-mate cd /vservers/XX 1124660291 M * mess-mate cp -ax /sbin /bin /etc /usr /var /dev /lib . 1124660291 M * mess-mate mkdir proc tmp home 1124660293 M * mess-mate chmod 1777 tmp 1124660370 M * Greek0 mess-mate: probably possible. I just don't know why you want sid ATM, and if you really want it, why you can't get it by bootstrapping etch and updating than. 1124660465 M * mess-mate Bertl: i setted-up etch, not sid. Changing sid to etch in that wrong command didn't also the trick. Try and see. 1124660754 M * Greek0 mess-mate: did it work with etch now? and what command fails? 1124661140 M * Bertl mess-mate: that is what 'vserver build -m copy is supposed to do 1124661158 M * mess-mate Bertl: it worked for etch with this commands (after creating the foo.conf and a vserver-root-dir: debootstrap --resolve-deps vserver deb-etch ( deb-etch is my vserver i created), then cd /deb-etch : deb-config. That's all. The base system of etch is there now. 1124661185 M * Bertl there is no foo.conf in recent configurations :) 1124661203 M * mess-mate Bertl: sorry, mean deb-etch.conf 1124661245 M * Bertl there is no *.conf in recen configurations :) 1124661252 M * Bertl *recent 1124661286 M * Bertl the *.conf are just legacy configs, if you upgrade from older tools (like 0.30) 1124661308 M * mess-mate Uhh...? 1124661335 M * Bertl util-vserver uses a tree based config directory ... 1124661351 M * Bertl (it is described on the so called FlowerPage) 1124661376 M * mess-mate Bertl: that blinked page :) 1124661393 M * Bertl if you prefer that stylesheet, yes :) 1124661400 Q * Snow-Man Ping timeout: 480 seconds 1124661421 M * Bertl mess-mate: but back to your setup ... 1124661445 M * Bertl you have a 'guest' debootstrapped somewhere (however you did it :), right? 1124661460 M * mess-mate Bert: yes 1124661494 M * Bertl now the best way to proceed would be to create a skeleton config with proper settings/parameters 1124661512 M * Bertl (ip addresses, context id, hostname, whatever) 1124661539 M * Bertl then move over the directories except /dev to the newly created skeleton 1124661556 M * mess-mate Bertl: takes sowath 500M as base system. No problem for connecting to everywhere, hostname,ip etc... 1124661577 M * Bertl after that, given that your guest was installed properly, you can simply start it ... 1124661613 M * mess-mate Bertl: but no localhost. Have to do that now: setting up a localhost, some packages need it. 1124661656 J * Snow-Man ~sfrost@snowman.net 1124661659 M * mess-mate Bertl: yes i can start..stop..logout whatever.. why ? 1124661668 M * Bertl wb Snow-Man! 1124661681 M * Bertl mess-mate: so maybe I missed your original question/issue? 1124661783 M * mess-mate Bertl: my original question was: is there a way to deal the base system of the host as a base system for a vserver. 1124661832 M * mess-mate Bertl: if a base system is needed for every vserver of course. 1124661954 M * Bertl and my answer was, yes, you can either use the 'copy' build method (which will 'copy' your host system into the guest) or you can let the guests run on your host filesystem, which probably has some security implications ... 1124662013 M * mess-mate Bertl: good news, save space that way. How can i do that ? 1124662058 M * mess-mate Bertl: that last thing of the phrase of course. 1124662070 M * Bertl just --rbind mount the entire rootfs to /vservers/guestxy 1124662140 M * mess-mate Bertl: that way, i've outside the chroot environment of the vserver ? 1124662189 M * Bertl that way your guest will run on the host filesystem (well a vfs copy of it actually) 1124662189 M * mess-mate Bertl: or just setup 1 little base system to deal with other vservers ? 1124662357 M * Bertl I'm still not able to get what you're up to ... 1124662600 M * mess-mate Bertl: something like : mount --bind /home /vservers/deb-etch/home ? 1124662624 M * Bertl sure you can do that ... 1124662699 M * mess-mate Bertl: and what are the security issues if i bind to rootfs ? 1124662733 M * Bertl the guest can modify your rootfs for one, and probably as /dev is available, it can also access all your hardware 1124662933 Q * obi Ping timeout: 480 seconds 1124662954 J * obi ~obi@asus.saftware.de 1124662955 M * Greek0 mess-mate: is the diskspace used by the ververs problematic for your goals? 1124663005 M * Bertl as I understood it so far (please correct me) it's the sharing of files/filesystems between guests ... 1124663016 M * DaCa otoh, if diskspace is important, why not _not_ use namespaces and use unification? 1124663037 M * Greek0 can you unify with the host files? 1124663054 M * Bertl yes, but it's trickier :) 1124663072 M * DaCa its probably easier with a reference vserver 1124663083 M * mess-mate Bertl: YES... sharing files/filesystem between guests ( i understand guests as vservers) 1124663104 M * Greek0 because on the host you usually don't have immutable/iunlink files probably? 1124663119 M * Bertl mess-mate: well, the simplest way is to 'just' mount the filesystem into each guest ... 1124663141 M * Bertl (either --bind or real mount would do) 1124663194 M * mess-mate Bertl: but i loose security and the advantages of vservers ? 1124663233 M * Greek0 mess-mate: you could use bind-mounts to just mount that parts of the host filesystem into the vserver that you really want to share 1124663283 M * Bertl mess-mate: if you share for example /home between 3 guests (yes those are vservers), then you will not impact security, except for the contents of /home (which can be accessed from each of them) 1124663390 M * mess-mate Bertl: /home was an example.. I mean /usr /sbin/ etc.. where some packages are installed to run = the base packages. 1124663444 M * mess-mate Bertl DaCa : that reference vserver is not bas as idea 1124663507 M * Greek0 Bertl: actually I have quite a simmilar setup here, but using your BMEs and ro bind-mounts. BMEs really rock :) 1124663565 Q * keyser_soze Quit: Abandonando 1124663565 M * mess-mate That way chroot <-> chroot shared ? Vserver1 and vserver2 share vserver0 ? 1124663578 M * Bertl mess-mate: for the /bin or /sbin or /lib you can do that, but it's easier to use unification for that ... 1124663650 M * Greek0 mess-mate: yes 1124663656 M * mess-mate Bertl Greek0: what is BMEs and what do you mean by 'unification' ? 1124663677 M * Greek0 unification is the thing that more vservers can share the same files in a secure way 1124663700 J * keyser_soze ~cimarron@host113.201-252-24.telecom.net.ar 1124663749 M * mess-mate is there a util-vserver command for that ? 1124663779 M * Greek0 BMEs allow you to change mount-flags when doing bind-mounts 1124663847 M * mess-mate BME stands for what ? 1124663853 M * Greek0 so you can do mount a /vservers/vs1/a -o bind,ro and it will actually work (so that "a" is mounted readonly for the guest) 1124663857 M * Greek0 bind mount extentions 1124663879 M * mess-mate Let me write that all down :) 1124663899 M * Greek0 note that you can't use that mount line easily on a running vserver due to the namespace stuff (you'd mount it in the host namespace, but not in the guest one) 1124663919 M * Greek0 but it can be done via /etc/vservers//fstab 1124663962 M * Greek0 ok, I'm off to bed now, cu 1124664125 M * Greek0 oh, one last thing, BMEs are not implemented in linux-vserver 2.0. they are only available as add-on patch (or in the new development version) 1124664132 M * Bertl night Greek0! 1124664215 M * keyser_soze Bertl, gurus: i'm having some issues with vserver suexec 1124664360 M * keyser_soze i'm running the following command: 1124664382 M * keyser_soze vserver testsrv3 suexec mysql mysql_install_db 1124664422 M * keyser_soze this command should be executed as mysql user..i'm right? 1124664433 Q * zobel Ping timeout: 480 seconds 1124664463 M * Bertl yup 1124664516 M * keyser_soze mm..this command creates the basic mysql table..it creates it with mysql:mysql owners 1124664545 M * keyser_soze if i enter the vserver and run su - mysql && mysql&&install_db 1124664557 M * keyser_soze folders are created properly 1124664581 M * keyser_soze but running vserver suexec..folders are created with root:root owners 1124664610 M * keyser_soze i was wondering if this is an issue or just lack of understanding from my side 1124664641 M * Bertl what does 'vserver testsrv3 suexec mysql whoami' report? 1124664676 M * keyser_soze aha...root 1124664701 M * Bertl which tool version is that? 1124664732 M * keyser_soze util-vserver 0.30.208 1124664736 M * Bertl (and more important, does a mysql user exist in the guest?) 1124664785 M * keyser_soze yes..it exists 1124664787 M * keyser_soze vserver testsrv3 suexec mysql su mysql -c whoami 1124664798 M * keyser_soze mysql 1124664800 J * zobel zobel@zobel.irc.ftbfs.de 1124664800 M * Bertl could you upload the output of 'vserver-info - SYSINFO' somewhere (e.g. pastebin.com) 1124664839 M * keyser_soze sure... 1124664909 M * keyser_soze http://pastebin.com/342625 1124664931 M * daniel_hozac hmm, i could be reading the code wrong, but to me it seems that suexec requires a UID (not a username). 1124664975 M * keyser_soze man reports: syntax: vserver name suexec userid command 1124664991 M * Bertl yep, in this case the help should be fixed ... 1124664994 M * daniel_hozac right, id, not name. 1124665023 M * Bertl anybody volunteering to file the bug report? 1124665066 M * daniel_hozac it would be nice of vcontext to validate the input as well ;) 1124665088 M * daniel_hozac (rather than just use atol and hope it does ok) 1124665126 M * keyser_soze if i use userid (27 in thiscase) files arecreated mysql:root 1124665161 M * Bertl yeah, probably you want to forget about suexec .. and just do the su yourself 1124665176 M * Bertl you can wrap it like this: 1124665207 M * Bertl vserver testsrv3 exec bash -c "su - mysql ..." 1124665226 M * keyser_soze yep i did it.. 1124665236 M * keyser_soze i was just wondering what i was missing 1124665243 M * Bertl don't know why there is uid but no gid, and why it doesn't understand names ... 1124665254 M * Bertl but I have to admit that I never tried something like that ... 1124665340 M * keyser_soze vserver testsrv3 suexec mysql su mysql -c mysql_install_db does it in the right way 1124665450 M * keyser_soze ok...thx for your help !!! 1124665457 M * Bertl np 1124665469 M * Bertl so anybody going to file that bug report? 1124665625 Q * blah123 Ping timeout: 480 seconds 1124665633 M * mess-mate One more question: can only root running a vserver ? 1124665639 J * monrad ~monrad@213083190134.sonofon.dk 1124665683 M * Bertl mess-mate: no, any user with the required capabilities can do that ... 1124665818 M * mess-mate Have to read a bit more docs. A hint ? 1124665865 M * Bertl first CAP_CONTEXT is required, probably most ADMIN caps too 1124666328 M * mess-mate Bertl: i've setted it as "CAP_SYS_ADMIN" but installed the vserver-root maybe in the wrong place = /vservers root.root 1124666697 M * Bertl hmm .. again I can not follow you ... 1124666794 M * mess-mate Bertl: i'll continue testing/playing further tomorrow. here 01.26. Thanks and Goodnight. 1124666811 M * Bertl k, here too, have a good night! 1124666830 Q * mess-mate Quit: leaving 1124666991 Q * keyser_soze Quit: Abandonando 1124667046 J * keyser_soze ~cimarron@host113.201-252-24.telecom.net.ar 1124668761 Q * Doener Ping timeout: 480 seconds 1124668799 J * Doener ~doener@p548765B1.dip.t-dialin.net