1126051257 M * Bertl fatboy? 1126051280 M * nayco Ok, The problem is that at work, we are multiple time firewalled. So, the only way to get out is mail or IM, we have a im getaway. We use jabber internally, but to get out, we must have an external account on either msn, Y!, aim... I have a Yahoo! one. Do you think we'll be able to talk ? 1126051345 M * hillct Bertl I'm going to swap IPs in order to confirm that it's not a netmask problem 1126051360 M * Bertl hillct: okay, please do so ... 1126051423 M * Bertl nayco: well, maybe you can set up a test machine at work, and tunnel it home, then we could check it out in the evening ... 1126051456 M * nayco er.... I do not think that's that easy... Or I could a machine here. 1126051461 M * nayco +use 1126051512 M * nayco Do you still ant my yahoo nick ? 1126051516 M * nayco +w 1126051521 M * litage what's the best way to start vservers upon system startup? 1126051548 M * Bertl there is a 'mark' (in the config) and a runlevel script for default and legacy startup 1126051553 M * nayco litage: chkconfig --add vserver-defautl ;-) 1126051561 M * hillct so much for being absolutely sure 1126051576 M * Bertl hillct: I thought so :) 1126051610 M * Bertl nayco: well, yahoo is probably too way off for me ... 1126051619 M * nayco ok. 1126051631 A * hillct bows to the greatness of Bertl 1126051634 M * nayco so, I gonna do it here. 1126051645 M * hillct now what's the proper netmask for .132? 1126051656 M * nayco let me fire my laptop ;-) 1126051657 A * hillct digs up an IP calculator 1126051674 M * Bertl well, I suspect your router has /25 which means .0-.127 1126051676 M * nayco ipcalc ? 1126051689 M * Bertl hillct: where .0 is the network and .127 the broadcast 1126051712 M * hillct yeah 1126051713 M * Bertl (which would leave .1 for router and .2-.126 for hosts 1126051751 M * Bertl hillct: your setup OTOH, uses /24, which means .0-.255 ... 1126051767 M * hillct yeah 1126051772 M * Bertl if you have two subnets routed, you have to use a different router for .132 :) 1126051785 M * Bertl probably .128 is network, and .129 the router :) 1126051808 M * litage Bertl: do i need to set the mark for each vserver, or can i just use update-rc.d to install the vservers-default init script? 1126051810 M * hillct gotta get ahold of the colo guys 1126051827 M * hillct I guess to figure out what they've got in that regard 1126051844 M * Bertl litage: it's a script on the host, and you set the 'mark' in the config 1126051859 M * hillct or can I do this on my server directly? 1126051871 M * nayco (___(___________(#~ brb smoke time 1126051876 A * hillct always sucked at this stuff 1126051884 M * litage Bertl: the 'mark' being what exactly, though? 1126051907 M * hillct empty file 1126051915 M * hillct er 1126051917 M * hillct sorry 1126051929 M * hillct file containing the word 'default' 1126051934 M * Bertl hillct: the thing is, if the netmask /25 assumption is correct, your guests are misconfigured ... 1126051934 M * Aiken_ (root@pebbles) cat /etc/vservers/hoppy/apps/init/mark 1126051935 M * Aiken_ default 1126051955 M * litage thanks guys 1126051959 M * Bertl litage: it's described on the FlowerPage (http://www.nongnu.org/util-vserver/doc/conf/configuration.html) 1126051969 M * hillct yeah. K. 1126051995 M * Bertl btw, you can have different startup scripts (at different runlevels) 1126052012 M * litage yup 1126052568 M * hillct Bertl yeah, it turns out they have some mystery routing going on here 1126052587 M * hillct thanks for the second pair of eyes 1126052614 M * Bertl hillct: np, you're welcome! 1126052656 M * Bertl (another issue which I can account to the 99% of non linux-vserver related ones reported here :) 1126052788 M * hillct router misconfigurations? 1126052832 M * Bertl yes, yestarday we had a printer/cups misconfiguration :) 1126052857 M * hillct turns out they were routing a /128 address block into oblivion 1126052906 M * hillct I love how I was paying for that IP for 3 weeks before I even had time to discover it 1126052938 M * Bertl well, maybe you can get those three weeks refunded now :) 1126052982 M * hillct well, it's $0.50/month. Not like it amounts to anything 1126053022 M * hillct although they could write a check for $0.35 then attach a $0.37 stamp to it... 1126053088 M * hillct I once got a bill for a phone calling card in the amount of $0.22 so I called the company and patiently explained why if they didn't accept payment by credit card, I wasn't goint to pay it 1126053143 M * hillct they said, oh sure, no problem. we'll just mark the bill paid. don't worry about it. Next month I got a notice of overdue ballance 1126053601 M * hillct ok, one last issue 1126053634 Q * nayco Quit: Bonne nuit ! 1126053645 M * hillct when I start the vserver mount is attempting to do something it shouldn't 1126053647 M * hillct mount: none already mounted or . busy 1126053694 M * Bertl socheck the entiries in fstab (in all of them, i.e. inside the guest as well as in the config) 1126053705 M * Bertl s/socheck/check/ 1126053714 M * hillct yeah 1126053730 M * hillct I'm actually not mounting anything 1126053748 M * hillct except proc 1126053757 M * hillct which is why this is odd 1126053773 M * hillct of course if I double check I'm sure I again missed something silly 1126053840 M * Bertl does the proc entry (in fstab) contain the word none? 1126053864 M * hillct yes 1126053884 M * hillct this is the default generated by vserver build 1126053884 M * Bertl try to change it to something else, and see if the error changes too 1126053887 M * hillct unmodified 1126053918 M * hillct the entries are /proc /tmp and /dev/pts 1126053934 M * hillct identifcal for working configurations and this new one 1126053947 A * hillct chenges to test 1126054595 M * hillct Is there a configuration option that determines at what point /proc is setup 1126054614 M * hillct it appears to already be mapped (prior to vserver start) on the new vserver 1126054752 M * hillct yup. that appears to be the root of the issue 1126054779 M * hillct is there something that determines when /proc is mounted in a vserver? 1126054790 M * Bertl check the flower page for fstab entries ... maybe you have both configured? 1126054825 M * hillct if you mean both inside and in the /etc/vserver config tree, no. 1126054829 M * hillct checking flower page now 1126055659 M * mugwump hey what's the utility to fake uts info? 1126055932 M * mugwump ah, vuname 1126056230 M * micah_ is there a way to use the vserver command to enter a vserver as a non-root user? 1126056234 N * micah_ micah 1126056248 M * mugwump sudo. 1126056269 M * micah mugwump: no, I want to become a non-root user in the vserver 1126056279 M * mugwump oh. sure, vserver xxx exec su - user 1126056290 M * Bertl micah: vserver enter bash -c "su - user" 1126056295 M * micah oh yeah of course :) 1126056298 M * Bertl *arg* 1126056302 M * Bertl exec not enter 1126056871 M * litage http://linux-vserver.org/ProblematicPrograms says that a working DNS server is required before starting openldap in a vserver. does that mean i need my own, or that the vserver simply needs to be able to do domain name translation? 1126057010 M * Bertl never tried openldap myself, so I just don't know ... 1126057027 M * Bertl litage: but you might check that, and clarify it on the page? 1126057036 M * mugwump I would guess, that if `host' et al work inside the vserver, that you have a working DNS server 1126057063 M * Bertl (resolver yes, name server, not necessarily :) 1126057135 M * litage thanks 1126057363 M * mugwump well, I think that `host' actually requires a DNS server available, not just gethostbyname 1126057499 M * litage so pkg named "host" is needed before installing slapd? 1126057545 M * mugwump not required, but a good idea to test with some utilities that explicitly test DNS that it is available 1126057572 M * mugwump eg, install dnsutils and check that dig works 1126059746 A * mnemoc prefers djbdns 1126059777 M * litage yeah, i'm going to use djbdns, but only when i need it 1126061228 M * Bertl mugwump: http://vserver.13thfloor.at/Stuff/OVZ/vsched.txt let me know what you think of this approach ... 1126061437 M * mugwump looks like a reasonable extraction. So, each vserver with sched set would get N virtual CPUs, each of which can run on any number of physical CPUs (but 1 <-> 1 to avoid cacheline problems) 1126061444 M * mugwump s/extraction/abstraction/ 1126061459 M * mugwump each virtual CPU has its own runqueue (pair) 1126061538 M * Bertl I was thinking of using the existing cpu_affinity + cpu-sets + configurable per cpu token buckets for a more sophisticated approach with less overhead ... 1126061564 M * Bertl of course, this would definitely require a smart userspace tool to get anything configured properly :) 1126061615 J * Johnsie ~john@acs-24-154-91-33.zoominternet.net 1126061642 M * Bertl welcome Johnsie! 1126061647 M * Johnsie Hi. :) 1126061661 M * mugwump ok, so avoid the per-vserver runqueues for efficiency, but I guess they can still have their own hold queues? 1126061721 M * Bertl yes, that was one indea which didn't get much testing yet 1126061743 M * Bertl *idea 1126061756 M * mugwump That will solve the problem where a vserver with far too many processes still gets disproportionate CPU time due to minimum timeslice rules 1126062053 M * mugwump looks good, if you can achieve this without too many active runqueues then it will be very efficient 1126062301 M * Bertl I will try at least :) 1126062412 M * hillct yay! 1126062424 M * Bertl we could make this a small subproject, like the ngnet (still is) to get kernel and userspace ready for that ... you're welcome to join/help with the design ... and I guess Hollow, Doener and Greek0 might want to help with kernel/userspace too ... 1126062430 M * hillct now all I have left are general FC4 problems! 1126062461 M * Bertl hillct: great! so we eliminated all linux-vserver issues ... 1126062630 M * hillct as far as I can tell 1126062693 M * Bertl excellent! a) if you like and not already did so, please consider adding yourself to the list of happy users/providers, b) please keep us updated if you find any issues or have feature requests ... 1126062713 M * hillct K 1126062733 M * Bertl and of course, feel free to hang around here ... 1126062757 M * hillct :) 1126065153 M * hillct later all! 1126065156 P * hillct 1126065310 J * MHGuest138 ~MHGuest13@12.129.230.13 1126065318 N * MHGuest138 syttelc 1126065324 M * Bertl welcome syttelc! 1126065330 M * syttelc hey... 1126065366 M * syttelc troy...u there.. 1126065721 M * syttelc :)) 1126065846 M * Bertl syttelc: can I help you? :) 1126065880 M * syttelc u a tech? 1126065905 M * Bertl maybe, depends on the definition of 'tech' :) 1126065914 M * syttelc hmmm...what do u do? 1126065936 M * Bertl currently coding, editing some stuff and chatting on irc ... 1126065965 M * Bertl we have at least the last one in common ... 1126065995 M * matta Bertl: 1126066001 M * matta so what do you think of this openvirtuozzo? 1126066029 M * Bertl well, interesting stuff ... will have to look into it more closely 1126066045 M * matta it's really watered down 1126066049 M * matta but the kernel should be interesting 1126066069 M * syttelc my goodness...i duno what u guys r talkin about... 1126066083 M * matta syttelc: www.openvirtuozzo.org 1126066138 M * syttelc am opening... 1126066149 M * Bertl matta: but I guess the intentions are not so brave as they might sound ... but I hope I'm totally wrong on that ... 1126066169 M * matta not so brave? 1126066189 M * matta what they've done is opened the kernel and some very simple os image tools 1126066243 M * Bertl which already led to some hype on their irc channel :) 1126066250 M * matta while stuff like the command line tools for migrations, CoW, backups, recovers, repairs, etc are still closed (as makes sense for a commercial entity) 1126066265 M * matta I expect the kernel side CoW is available though 1126066288 M * Bertl btw, Aiken was successfully testing/using our COW under extreme conditions :) 1126066309 M * matta hrm, the patch you/i put together? or this like a v2 ? 1126066327 M * Bertl several completely unified guests running at once ... 1126066348 M * Bertl matta: this is the development version with integrated COW link breaking 1126066354 M * matta I had unified guests running with that dudes cow patch w/ vserver after some patching 1126066360 M * syttelc hmmm...am lost...u go guyz 1126066393 M * Bertl syttelc: well, I guess you came here for _some_ reason .. no? 1126066395 M * matta so it is like the old unified stuff just with link breaking on copy? 1126066405 J * Aiken__ ~james@tooax6-102.dialup.optusnet.com.au 1126066409 M * Bertl syttelc: maybe now would be the perfect moment to share that with us :) 1126066412 M * matta versis unlink and create 1126066425 M * Bertl yep, precisely ... 1126066437 M * matta so not based on the german guys CoW patch at all 1126066468 M * Bertl oh, yes it is .. but it avoids all the unsolved issues a 'normal' COW would introduce 1126066595 M * matta wasn't the major issue about multiple processes trying to modify a file at once? 1126066619 M * litage after an hour+ of poking around to see why ldap takes >3 minutes to start, i discovered it's spending 188 seconds trying to read from an empty string. this happens only in a guest/vserver; not on a host. so i'm wondering if this is being caused by linux-vservers. any thoughts? 1126066620 M * matta and not having to use multiple inodes 1126066656 M * litage strace of starting slapd (check out line 417): http://rafb.net/paste/results/rbuTSq58.html 1126066677 M * Bertl litage: possible but unlikely ... what did the page say about working DNS? ~180 secs sounds like 3x60 secs dns timeout? 1126066681 M * matta so how does this work bertl, is it liked unified where the file in the vserver root just turns from a cowlink to a regular file or is it still a link but to a special cow area? 1126066732 Q * Aiken_ Ping timeout: 480 seconds 1126066736 M * Bertl matta: it's a unified file as before, with immutable and iunlink set, just when you write to it, a copy is made, which you can alter as you like ... 1126066742 N * Aiken__ Aiken 1126066751 M * Bertl welcome Aiken? 1126066756 M * Aiken hello 1126066780 M * matta Bertl: nice 1126066787 M * matta why no mention of that on the list? 1126066796 M * litage Bertl: sounds about right. but `host` and `dig` run fine in the ldap vserver 1126066823 M * Bertl matta: it's development stuff but it was mentioned on the channel ... 1126066847 M * Bertl matta: and we finished it two days ago :) 1126066858 M * matta that will be a nice feature 1126066876 M * matta you know as far as the base kernel you guys are up to par with virtuozzo for the most part, exceeding in some areas 1126066951 M * Bertl well, we have to get ngnet going and do something to improve the scheduler, but after that, I guess VZ should be a subset of linux-vserver :) 1126066992 M * matta since you are still working on quota inside vserver you might want to check out the 2.6.8 virtuozzo kernel source to see what they are doing, apparently it has some feature for aquota.user/group to be links to /proc and then the kernel itself handles the quota rather than using a pseudo device 1126067002 M * matta Bertl: your scheduler is already superior 1126067025 M * Bertl matta: yes, but we know how to make it much better :) 1126067029 M * matta ahhhh 1126067043 M * matta here is an idea for you 1126067067 M * Bertl ah, forgot, the first step for per context quota on 2.6 is also part of the development release 1126067083 M * matta in 2.6 the cfq scheduler already does a good job of being fair and good performing, but it is based on per-process in it's current mode 1126067096 M * matta i'm not sure how difficult it would be to make cfq per-context aware 1126067169 M * matta it seems the biggest limit with VPS hosts is disk I/O 1126067171 M * matta then RAM 1126067175 M * matta cow will help the ram 1126067187 M * Bertl (and the disk I/O :) 1126067207 M * matta right, less cache usage and less swap 1126067297 M * matta i know you have a lot to do still, but definitely worth looking into making CFQ per-process aware 1126067300 M * matta http://kerneltrap.org/node/4406 1126067313 M * matta someone wrote an ionice program, to set I/O priority per process 1126067325 M * matta so the same could be done with vservers 1126067336 M * Bertl yes, I had a look at that already ... 1126067355 M * matta not exactly trivial? 1126067372 M * Bertl this is probably very easy to integrate ... I'm just waiting until mainline catches up ... 1126067397 M * matta this is from 12/2004 1126067406 M * matta would think it would be there already 1126067416 M * Bertl yes, but I/O scheduling is not perfect yet ... 1126067463 M * Bertl the main issues are with the queues and request handling 1126067475 M * matta it seems all the major distros are setting cfq as the default, not sure what the default in vanilla is 1126067502 M * Bertl IIRC, you have all 3 schedulers on by default, you can select them via /proc 1126067531 M * matta eh? 1126067544 M * matta it is elevator=xxx on the kernel command line 1126067574 M * litage when ldap is run in vserver, why does it have special requirements for a nameserver? 1126067609 A * litage doesn't understand why ldap doesn't just use the nameserver specified for the network interface 1126067648 M * Bertl litage: I don't think that there are 'special' requirements, I just think that ldap might 'require' a proper nameserver setup, which might not be present in all cases ... 1126067683 A * Bertl has no clue about openldap requirements :) 1126067721 M * litage even if i was to setup my own dns server (eg: djbdns), how would i tell ldap about the dns server? 1126067769 M * Aiken /etc/resolv.conf ? 1126067786 M * Aiken in the guest 1126067790 M * Bertl litage: pipe([3, 4]), then read(3, "", 128) 1126067802 M * Bertl litage: could you strace it with -fF ? 1126067810 M * litage Bertl: no 1126067814 A * litage looks up -fF 1126067872 M * litage Bertl: how does this sound?: strace -T -fF -q -e open,close,read,write -o /root/slapd-start.ocrw2.strace /etc/init.d/slapd start 1126067881 M * Bertl also it is checking for /bin/pidof, what does it use that for? 1126067903 M * litage s/-e/-e trace=/ 1126067928 M * Bertl I'd like to see the *exec* and signal stuff too 1126067936 M * litage no idea what it's using /bin/pidof for 1126067941 M * litage k, i'll remove the -e 1126068041 Q * eugenesan Quit: Trillian (http://www.ceruleanstudios.com 1126068436 Q * syttelc Quit: syttelc 1126068483 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1126068491 M * Bertl welcome stefani! 1126068581 M * stefani howdy. 1126068652 M * litage Bertl: the strace and starting ldap is taking significantly longer than the usual 3 minutes. so far, this is all that was sent to syslog: http://rafb.net/paste/results/gTFF7n33.html 1126068717 M * Bertl let's wait and see ... probably the trace already contains some clues 1126068770 M * litage Bertl: the trace is 7500 lines long already 1126068794 M * litage sorry, 2000 lines long 1126068837 M * Bertl upload it as .txt file somewhere (not via pastebin( 1126068840 M * Bertl )) 1126069084 M * litage slapd is still stalled. it's been close to 10 minutes. shall i let it continue, or kill it? 1126069106 M * Bertl let it run, but upload the output so far ... 1126069369 M * litage Bertl: http://deadorange.com/slapd-start.forks.strace 1126069398 M * Bertl tx 1126069455 M * litage thank you, Bertl 1126069489 M * matta Bertl: whatever happened to your idea to limit the # of forks/sec of a vserver? 1126069492 M * litage i was unable to find any ops that took longer than 0.009 seconds 1126069551 M * Bertl what is written here: /var/lib/ldap/log.0000000001 1126069562 M * litage Bertl: it's a binary log 1126069569 M * Bertl cool! 1126069584 M * litage hahah why's that 1126069620 M * Bertl ah, now we are getting somewhere ... 1126069634 M * litage Bertl: i just discovered slapd can be run in debug mode. i'm going to stop the current starting of slapd, and do it again with debug mode turned off, and without strace 1126069656 M * litage oh, should i hold off with debug mode for a moment? 1126069662 M * Bertl /etc/nsswitch.conf and /etc/host.conf ... 1126069670 M * Bertl no, go ahead, do the debug run ... 1126069755 M * litage Bertl: would it help to see my /etc/nsswitch.conf and /etc/host.conf? 1126069818 M * Bertl could not hurt to see them (of the guest of course) 1126069831 M * litage yup 1126069857 M * litage hrm `skill kill strace`, `skill kill slapd`, `kill PID` aren't killing slapd or strace 1126069905 M * litage shall i do a kill -9? :( 1126069907 M * Bertl try to send a SIGCONT to all involved parties ... 1126069929 M * litage k 1126069935 M * litage top says strace is using no cpu 1126069990 M * litage SIGCONT as in `kill -s SIGCONT STRACE_PID`? 1126070012 M * Bertl not the strace, the traced processes 1126070026 M * litage n/m, it just stopped =P 1126070155 M * litage Bertl: hosts, host.conf, nsswitch.conf: http://rafb.net/paste/results/XH23Bx62.html 1126070304 M * Bertl hmm, please try the following (just for a test): http://rafb.net/paste/results/9ZEgUy33.html 1126070318 M * Bertl (and get rid of the public ip ranges :) 1126070477 M * litage the public ip ranges? 1126070513 M * Bertl 172.168.x.x which we know belong to AOL :) 1126070529 M * litage ah right. hahah 1126070556 M * litage to get rid of the public ranges, i'd have to change several things on several machines.. 1126070557 M * mugwump must be related to some 192.186.x addresses that were ruining my day earlier :) 1126070582 M * litage mugwump: yeah i think the person who set up 172.168 on this network was thinking about 192.168 1126070604 M * mugwump couldn't work out why my iptables rule wasn't working... tried all sorts of things :) 1126070607 M * Bertl matta: you know VZ somewhat, what can you tell me of the user-beancounters? heard/seen anything of it? 1126070894 M * litage Bertl: i've added the debug switch to init script, but it's not doing anything.. 1126070927 M * litage Bertl: btw, i tried slapd on my workstation, which has a public ip (172.168.1.15), and it worked fine; no stalling. so i don't think that's the problem 1126070997 M * Bertl what does 'dig www.google.com' give you inside the guest? 1126071157 Q * Johnsie Read error: Connection reset by peer 1126071174 M * litage Bertl: http://rafb.net/paste/results/07vYr275.html 1126071211 P * stefani parting (is such sweet sorrow) 1126071233 M * Bertl 172.168.1.1 is your local nameserver? 1126071265 M * litage yes 1126071281 M * litage (it's the router) 1126071329 M * Bertl so, did the changes to hosts and nsswitch affect the behaviour? 1126071333 M * litage no 1126071369 J * Johnsie ~john@acs-24-154-91-33.zoominternet.net 1126071375 M * Bertl might it be that the process/daemon is 'just' doing something? 1126071377 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126071388 M * Bertl welcome kas_3! 1126071391 M * litage not sure what you mean 1126071412 M * Bertl well, the strace you uploaded shows that the daemon is doing something ... 1126071448 M * Bertl (it's not waiting or hanging, just working ...) 1126071450 Q * dddd44 Ping timeout: 480 seconds 1126071507 M * litage yeah, but the working part is doing something strange 1126071523 M * litage and i have a feeling it's because it's inside a vserver 1126071546 M * Bertl okay, why not put it outside for a moment? 1126071565 M * Bertl (i.e. use chroot to get into the guest dir, and start the daemon there) 1126071668 M * litage k 1126071793 M * litage starting still stalls when chroot'd into the vserver 1126071816 M * Bertl so it is configuration related, not vserver related, no? 1126071823 M * litage looks like it =) 1126071832 M * litage what might this mean?: daemon: IPv6 socket() failed errno=97 (Address family not supported by protocol) 1126071856 M * Bertl looks like it is trying to do ipv6 stuff, but ipv6 is turned off 1126071874 M * Bertl (in a guest this is always turned off, on the host it depends on your kernel) 1126072206 M * litage Bertl: when i run slapd manually: http://rafb.net/paste/results/HnShZU46.html 1126072221 M * litage (and then it stalls for a while) 1126072251 M * Bertl looks like it is trying to resolve 'owl' via your nameserver 1126072271 M * Bertl what does 'dig owl' return? 1126072302 M * litage nothing 1126072323 M * Bertl maybe that's what the person meant with the DNS :) 1126072407 M * litage hrm, so the vserver's hostname has to resolve to an ip address? 1126072443 M * Bertl seems so, no idea why it ignores the hosts and nsswitch, which should (after the suggested modifications) not require a nameserver for that 1126072532 M * litage but even if i setup a local dns server, how would i direct ldap to it? 1126072541 J * dddd44 U2FsdGVkX1@tor-irc.dnsbl.oftc.net 1126072556 M * Bertl I assume via /etc/resolv.confg 1126072559 M * Bertl *conf 1126072580 M * Bertl you could try by removing the nameserver entries in /etc/resolv.conf 1126072658 M * litage there are 2 entries in the guest's resolv.conf: "search altcall.com" and "nameserver 172.168.1.1" 1126072675 M * Bertl remove both 1126072692 M * litage but then the guest won't know where to look for google.com, for instance 1126072709 M * Bertl yep, but it will most likely use /etc/hosts 1126072720 Q * kas_3 Ping timeout: 480 seconds 1126072728 M * litage ah 1126072729 M * Bertl litage: and it's just for a test 1126072756 M * litage yip 1126072895 M * litage Bertl: after emptying resolv.conf and starting slapd manually again, the same results are occuring (prev paste: http://rafb.net/paste/results/HnShZU46.html) 1126072966 M * Bertl well, then it's probably hanging somewhere else ... 1126072999 M * Bertl I'd try to get it running on the host/a test machine first ... if that works fine, try again with the guest 1126073018 M * litage Bertl: i already did =/ 1126073177 M * Bertl get it running or try? 1126073281 M * litage got it running, and successfull did an ldapsearch 1126073300 M * Bertl okay, so where did the config and stuff go? 1126073332 M * Bertl you should be able to move that setup completely into a guest ... 1126073366 M * Greek0 hi 1126073378 M * Bertl morning Greek0! 1126073398 M * Greek0 I'm just finishing my installation of debian on my sparcstation 1126073405 M * Bertl cool! 1126073573 M * litage Bertl: i'll try that 1126073766 M * Bertl litage: probably it's a simple issue, maybe you should try harder to activate the debug mode ... 1126073766 M * Greek0 Bertl: who is SWsoft? 1126073783 M * Bertl the company doing Virtuozzo(TM) 1126073804 M * Bertl a commercial product very similar to linux-vserver ... 1126073828 M * Greek0 yep, saw it yesterday 1126073877 N * HostingGeek ^_^ 1126073889 N * ^_^ HostingGeek 1126074089 M * Greek0 I'm not sure how hostile SWsoft is, but you're infringing their copyright by putting that on your server.. 1126074122 M * Bertl what? the GPL code? 1126074146 M * Greek0 I don't want to play copyright police, I just thought you'd better know in case you overlooked it 1126074188 M * Greek0 Bertl: the document. vsched document, in case it's really by them. "All rights reserved" means you can't even redistribute that thing 1126074237 M * Greek0 http://vserver.13thfloor.at/Stuff/OVZ/vsched.txt that one 1126074246 M * Bertl hmm, well, it is part of their released kernel patch (that's why I copied the COPYING file there) 1126074278 M * Bertl so IMHO their copyright is wrong, as the kernel is GPL, no? 1126074312 M * Bertl and yes, I know that copyright is different from license ... 1126074342 M * Greek0 hmm. well IMHO the license counts that's cited in a file. 1126074359 M * Greek0 and if those 2 doc files clearly state "all rights reserved" than that's problematic IMHO 1126074369 M * Bertl okay, guess it should be removed from the kernel patch then, no? 1126074382 M * Greek0 it would also mean that if you want to redistribute their code you have to remove that files beforehand 1126074386 M * Greek0 yes 1126074419 M * Bertl now that becomes even more interesting, as they have this 'clause' in all their kernel files ... 1126074439 M * Greek0 which clause? 1126074448 M * Bertl All rights reserved. 1126074473 M * Greek0 do their file headers have the "I am GPL" declaration in them? 1126074499 M * litage Bertl: in /etc/hosts should i have "owl" on the "172.168.1.124" or "127.0.0.1" line, or on both? 1126074505 M * Bertl no, they just state the Copyright and the line 'All rights reserved.' 1126074524 M * Greek0 The COPYING file doesn't mean anything if you don't declare that you actually use that license too 1126074568 M * Greek0 AFAIK it might work if they had some README in the source tree that clearly states "Despite what is stated in the source files themselves you may use all those files under the GPL" 1126074574 M * Bertl what about this one: http://openvirtuozzo.org/documentation/licenses/ 1126074623 M * Bertl IMHO it clearly states that the kernel (patches) are GPL v2 1126074635 M * Greek0 hmm.. I'd say it would be definitely nicer to have a clearer statement on that 1126074665 M * Bertl I agree, would you mind putting a topic/question on their forum? 1126074681 M * Greek0 no, haven't been flamed for quite some time anyway ;) 1126074709 M * Bertl util then I'll block the access to that folder ... 1126074846 M * Greek0 I think it should be save to redistribute the kernel patches themselves, since they are clearly a derived work of the linux kernel, and if they sued you for distibuting them (all rights reserved), they will probably sued too for disregarding the GPL 1126074862 M * Greek0 but I wouldn't be so sure about the documentation 1126074899 M * Bertl it is part of the kernel patch (taken from kernel/Documentation) 1126074924 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126075030 Q * dddd44 Ping timeout: 480 seconds 1126075205 M * Greek0 yep, found it already 1126075313 M * Greek0 hmm. devel@openvirtuozzo.org? 1126075967 M * litage should running `ifconfig -a` on a guest list an ip address? no ip address is listed when i run it 1126076029 M * Bertl Greek0: whatever you prefer ... I've brought this issue up on the OVZ irc channel, they are confused because there should be some statement from SWsoft declaring it GPL ... 1126076073 M * Aiken litage an example of what I get http://pastebin.com/356788 1126076162 M * litage thanks Aiken 1126076176 M * litage what should a guest's /etc/hosts file look like? 1126076207 M * Aiken all mine have is 127.0.0.1 localhost.localdomain localhost 1126076213 M * Aiken I am using dns for everything else 1126076234 M * litage Aiken: why is your guest's hostname not in /etc/hosts ? 1126076240 M * Aiken some system installs do put the hostname/ip pair in there as well 1126076245 M * Aiken because I use dns for it 1126076276 M * Aiken I have a dns setup on my gate way machine that is authoritive for my lan can caching for everything else 1126076285 M * litage which dns server do you use? 1126076291 M * Aiken bind 1126076321 M * Aiken nearly all of my machines are dhcp with the machines identify attached to the MAC of the network card 1126076344 M * litage if i don't have my own dns server, what should be in a guest's /etc/hosts ? 1126076375 M * Aiken I assume the guests ip and name 1126076478 M * Aiken without a dns I would have 127.0.0.1 defined and the images ip/hostname at least 1126076479 M * litage so these 2 entries?: "127.0.0.1 localhost.localdomain localhost" and "a.b.c.d HOSTNAME" 1126076615 M * Aiken from the house server 1126076618 M * Aiken 127.0.0.1 localhost.localdomain localhost 1126076619 M * Aiken 172.16.31.1 barney 1126076621 M * Greek0 so, mail to user@openvirtuozzo.org is out 1126076782 M * eyck Greek0: you did the SWIG setup for libvserver, right? 1126076819 M * Greek0 eyck: yep 1126076844 M * Greek0 Hollow then did the better ruby integration (that ruby build thing) 1126076979 M * eyck Greek0: have you got any idea how hard would it be to do the same for GnuTLS ? 1126077053 M * Greek0 eyck: for what lang do you want them (i.e. are you sure there aren't already some SSL bindings for that lang?) 1126077092 M * eyck yeah, i'm sure :( (well, for perl of course:) 1126077111 M * eyck I just need an estimate of how large of a task that is, 1126077146 M * eyck I wouldn't want to discover that I need a month to finish the task adter I spent few hours on it 1126077191 M * Greek0 it's really not that easy to say. it depends a lot on the library interface. 1126077235 M * Greek0 e.g. I spent 1 to 1 1/2 just because libvserver used an array within structures somewhere, and I wanted to access those as lists in python 1126077291 M * eyck ok, thanks 1126077295 M * Greek0 but libvserver was pretty clean except for that, and I was done with just some minimal stuff (telling swig that uint32_t and stuff are actually integers) and then just %include'ing the vserver.h file in the interface definition 1126077363 M * litage if "172.168.1.124 owl" is in /etc/hosts, any idea what might prevent `host -v owl` from returning 172.168.1.124? 1126077382 M * Greek0 all in all I spent about 3-5 houres doing this, but most of it was probably just coming up to (some slow) speed with swig, since this was my first try with it 1126077812 M * Greek0 VooDooMaster: it just occured to me that what you want to do (accounting of different vservers based on interfaces when they actually all use the host IP) can't work IMHO 1126077862 M * Aiken litage host ignores whatever in is in /etc/hosts for me as well 1126077885 M * litage hrm 1126077894 M * litage does dig ignore /etc/hosts, too? 1126077897 M * litage (for you) 1126077900 M * Bertl Aiken: really? what does the nsswitch contain? 1126077912 M * Aiken yes 1126077923 M * eyck hmm, 1126077925 M * Aiken but I can ssh will use /etc/hosts 1126077931 M * eyck host/dig are NS tools AFAIK, 1126077947 M * eyck 'ping owl' for example should you nss, thus files 1126077955 M * eyck should use, 1126077955 M * Greek0 host is a simple utility for performing DNS lookups. 1126077956 M * eyck damn. 1126077964 M * Greek0 ^-- host only does dns lookups 1126077970 M * Greek0 (from the manpage) 1126077975 M * eyck exactly, thus it wouldn't use nss 1126077978 M * litage ah 1126077991 M * litage what about gethostbyname? 1126077992 M * Aiken Bertl a simple conf file http://pastebin.com/356820 1126077993 M * Bertl right, sounds reasonable ... 1126078012 M * Bertl gethostbyname should use the resolver 1126078012 M * Aiken my nsswitch.conf is nothing complicated 1126078040 M * Bertl and as you have '# 1126078041 M * Bertl hosts: files dns 1126078051 M * Greek0 I often use ping if I really need an ipaddress. OTOH a tool which just does gethostbyname() would be nice.. 1126078060 M * litage Aiken: hrm. slapd (ldap)'s gethostbyname isn't using the resolver though (last line): http://rafb.net/paste/results/HnShZU46.html 1126078066 M * eyck yeah, right, hosts: files db dns winbind nis 1126078108 M * Hollow morning folks 1126078164 M * Bertl morning Hollow! 1126078164 M * litage howdy hollow 1126078197 M * Bertl I'm off to bed now ... the OVZ folks promised to clarify regarding the license btw ... 1126078263 M * Bertl have a good whatever everyone ... cya later 1126078271 N * Bertl Bertl_zZ 1126078549 M * litage Bertl_zZ, thanks for your help today, i really super appreciated it 1126078600 M * Aiken just wrote a really simple program to test the behaviour of gethostbyname 1126078604 M * Aiken it uses the hosts file 1126078621 M * Aiken but then that is what my nsswitch.conf tells it to 1126078621 M * litage may i give it a whirl please? 1126078641 M * litage how do i tell gethostbyname to check /etc/hosts first? 1126078763 M * eyck I don't think you can, 1126078770 M * Aiken http://pastebin.com/356827 1126078771 M * eyck you can reconfigure your nss though 1126078798 M * Aiken hosts: files dns 1126078862 M * litage Aiken: that's what i have in the guest's /etc/nsswitch.conf: hosts: files dns 1126078880 M * Greek0 doesn't nssswitch tell it what to do first? 1126078895 M * Greek0 i.e. files dns should check /etc/hosts first 1126078929 M * litage Greek0: that's what i thought 1126079201 M * Aiken it does not matter which order I have files dns it still works for me 1126079222 M * Aiken that example only fails is I remove files from the hosts line in nsswitch.conf 1126079309 J * i0o ~iostream@85.97.136.89 1126079890 J * ntrs_ ~ntrs@Dardeene-68.188.50.87.charter-stl.com 1126079890 Q * ntrs Read error: Connection reset by peer 1126080136 J * prae ~prae@gut75-1-81-57-27-189.fbx.proxad.net 1126080422 Q * i0o Quit: 1126080520 J * aznboifaka ~brianlam9@dialup-4.248.1.138.Dial1.Honolulu1.Level3.net 1126080605 P * aznboifaka 1126080689 M * litage Aiken, Greek0: here's the problem i'm trying to solve: http://rafb.net/paste/results/l0fMjM13.html 1126081151 M * Greek0 hmm. what's the last output of strace when it hangs? 1126081182 M * Greek0 the strace you put online seems like it includes the part where slapd is killed too 1126081485 M * litage Greek0: the strace that's at http://rafb.net/paste/results/rbuTSq58.html finishes successfully 1126081535 M * litage Greek0: if there's an strace that would be more helpful, i'll run it and post the results 1126081565 M * Greek0 ah 1126081604 M * Greek0 well, can you strace slapd inside the vserver where it hangs? most useful would be a log where you marked the location where it hangs. 1126081627 M * Greek0 i.e. open the strace output file while slapd hangs, and remember the last line number 1126081641 M * litage k 1126081647 M * Greek0 then when you've killed slapd (or it finished itself or something) go back to the strace and mark that location 1126081735 M * litage running now. in the meantime, if this helps at all: hosts, host.conf, nsswitch.conf: http://rafb.net/paste/results/KQU7ro61.html 1126081944 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126081965 Q * kas_3 Ping timeout: 480 seconds 1126082453 M * litage Greek0: deadorange.com/slapd-start2.strace 1126082461 M * litage Greek0: marked with ***STALLED HERE 1126082471 M * litage (line 1611) 1126082509 M * litage however, slapd printed "finished starting slapd", but strace hasn't finished for some reason 1126082527 M * litage (maybe because slapd's a daemon?) 1126083402 J * Milf ~Miranda@ipsio165.ipsi.fraunhofer.de 1126083548 M * litage WEEEEEEEEEELAHHHHHHHH 1126083554 A * litage dances like a maniac 1126083565 M * litage Greek0: turns out the problem was the fscking firewall 1126083565 M * Milf Hello 1126083575 M * litage Greek0: it wasn't allowing loopback connections. rrr! 1126083579 M * litage howdy Milf, what's up 1126083631 M * Milf Still having problems getting an old install to work with new tools and Kernel 1126083666 M * litage Milf: what's the problem exactly? i'm new to linux-vservers, but might be able to help 1126083704 M * Milf The vserver wont sto unless I enter them and 'reboot -f' 1126083729 M * Milf Also I've got problems with the vshelper kernel file always pointing to the wrong place 1126083821 M * Milf Ok, solved the second problem with a link from /sbin/vshelper to the correct location 1126083825 M * Milf Gotte go te a meeting. 1126083838 M * litage Milf: is there anything preventing you from removing the old installation and installing the newest versions? 1126084110 M * Greek0 litage: hehe, evil 1126084183 M * Greek0 Milf: well, which version of tools/kernel do you use? 1126084288 M * Greek0 new tools should automatically come with /sbin/vshelper. if you can't use that location for whatever strange reason you can also set the vshelper path via /proc 1126084306 M * Greek0 and once vshelper is in place again shutdowns from inside/outside should work again too, actually 1126084399 M * eyck Bertl_zZ: hmm, I've got something resembling and idea when it comes to kind-of-replacement for vserver sth exec 1126084708 J * Aiken_ ~james@tooax7-222.dialup.optusnet.com.au 1126084981 Q * Aiken_ Quit: 1126085019 Q * Aiken Ping timeout: 480 seconds 1126087309 J * _are_ ~are@p54A0886F.dip0.t-ipconnect.de 1126087313 M * _are_ hi 1126087539 M * litage Greek0: hihgly 1126088110 Q * dddd44 Remote host closed the connection 1126088305 J * mef ~mef@pcp09895218pcs.ewndsr01.nj.comcast.net 1126088870 M * Greek0 litage: once it took me weeks to get openvpn working in a bridged configuration.. 1126088911 M * Greek0 I created tap0, added it to the bridge and ran openvpn 1126088918 M * litage tap0? 1126088938 M * Greek0 and some time later, when I descided to look at the problem again, I saw that openvpn was talking about tap1 all the time. 1126088946 M * Greek0 tap* tunnel interfaces to the kernel 1126088956 M * Greek0 the thing over which openvpn emulates a network device 1126088969 M * _are_ uhm, yes, openvpn doesn't use existing interfaces, it uses the next free one 1126088969 M * litage ah 1126088988 M * Greek0 _are_: well, it does, you just have to name it explicitly with the dev directive 1126089004 M * Greek0 I had 'dev tap', after changing it to 'dev tap0' it worked immediately 1126089050 M * _are_ Greek0: I'd rather try and set up the tunnel, then create the bridge link. Should work both ways, however. 1126089106 M * Greek0 my setup is now to use tap0 always on the server 1126090877 J * dddd44 thiesi@tor-irc.dnsbl.oftc.net 1126092510 M * Milf re 1126094640 Q * mef Quit: using sirc version 2.211+KSIRC/1.3.10 1126096043 M * Hollow Greek0: http://phpfi.com/77491 ;) 1126096081 M * Hollow some thoughts on the configuration 1126096567 M * Greek0 will look at it later 1126096574 M * Greek0 I think I'll go to bed again 1126096733 J * monrad ~monrad@213083190134.sonofon.dk 1126097979 Q * _are_ Quit: bbl 1126098057 Q * virtuoso Quit: leaving 1126098079 J * virtuoso ~s0t0na@shisha.spb.ru 1126098615 J * mef ~mef@pcp09895218pcs.ewndsr01.nj.comcast.net 1126098621 Q * mef Quit: 1126099177 Q * lilo_ Remote host closed the connection 1126099244 J * lilo ~lilo@lilo.usercloak.oftc.net 1126099874 Q * neofutur Ping timeout: 480 seconds 1126100695 Q * obi jupiter.oftc.net oxygen.oftc.net 1126100695 Q * Loki|muh_ jupiter.oftc.net oxygen.oftc.net 1126100695 Q * eyck jupiter.oftc.net oxygen.oftc.net 1126100695 Q * michal jupiter.oftc.net oxygen.oftc.net 1126100695 Q * toidinamai jupiter.oftc.net oxygen.oftc.net 1126100695 Q * revenger_ jupiter.oftc.net oxygen.oftc.net 1126100695 Q * duckx jupiter.oftc.net oxygen.oftc.net 1126100695 Q * BWare jupiter.oftc.net oxygen.oftc.net 1126100695 Q * meebey jupiter.oftc.net oxygen.oftc.net 1126100695 Q * cereal jupiter.oftc.net oxygen.oftc.net 1126100695 Q * case jupiter.oftc.net oxygen.oftc.net 1126100695 Q * Beave jupiter.oftc.net oxygen.oftc.net 1126100695 Q * Bertl_zZ jupiter.oftc.net oxygen.oftc.net 1126100695 Q * locksy jupiter.oftc.net oxygen.oftc.net 1126100695 Q * dsoul jupiter.oftc.net oxygen.oftc.net 1126100695 Q * janra_ jupiter.oftc.net oxygen.oftc.net 1126100695 Q * sladen jupiter.oftc.net oxygen.oftc.net 1126100695 Q * logger jupiter.oftc.net oxygen.oftc.net 1126100695 Q * nokoya jupiter.oftc.net oxygen.oftc.net 1126100695 Q * Hollow jupiter.oftc.net oxygen.oftc.net 1126100695 Q * litage jupiter.oftc.net oxygen.oftc.net 1126100695 Q * micah jupiter.oftc.net oxygen.oftc.net 1126100695 Q * tchan jupiter.oftc.net oxygen.oftc.net 1126100695 Q * wibble jupiter.oftc.net oxygen.oftc.net 1126100695 Q * SiD3WiNDR jupiter.oftc.net oxygen.oftc.net 1126100695 Q * BobR_oO jupiter.oftc.net oxygen.oftc.net 1126100695 Q * daniel_hozac jupiter.oftc.net oxygen.oftc.net 1126100695 Q * [MUPPETS]Gonzo jupiter.oftc.net oxygen.oftc.net 1126100695 Q * alexx jupiter.oftc.net oxygen.oftc.net 1126100695 Q * stupidawy jupiter.oftc.net oxygen.oftc.net 1126100695 Q * DaCa jupiter.oftc.net oxygen.oftc.net 1126100695 Q * mcp jupiter.oftc.net oxygen.oftc.net 1126100695 Q * HostingGeek jupiter.oftc.net oxygen.oftc.net 1126100695 Q * lilo jupiter.oftc.net oxygen.oftc.net 1126100705 J * logger ~rs@vds.pas-mal.com 1126100705 J * nokoya young@hi-230-82.tm.net.org.my 1126100705 J * Hollow ~Hollow@home.xnull.de 1126100705 J * litage ~nick@203.201.96.60 1126100705 J * micah micah@micha.hampshire.edu 1126100705 J * tchan ~tchan@c-24-13-81-164.hsd1.il.comcast.net 1126100705 J * wibble ~tim@sophie.wobb1e.co.uk 1126100705 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1126100705 J * BobR_oO ~georg@212.16.62.52 1126100705 J * daniel_hozac ~daniel@c-6f1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1126100705 J * [MUPPETS]Gonzo ~gonzo@langweiligneutral.deswahnsinns.de 1126100705 J * HostingGeek ~m00@200.48.233.220.exetel.com.au 1126100705 J * alexx ~alexx@proxy.ikse.net 1126100705 J * stupidawy foo@198.77.239.131 1126100705 J * mcp ~hightower@wolk-project.de 1126100705 J * DaCa ~danny@mail.limehouse.org 1126100724 J * Loki|muh_ loki@satanix.de 1126100724 J * eyck eyck@81.219.64.71 1126100724 J * michal ~michal@michal.usercloak.oftc.net 1126100724 J * obi ~obi@asus.saftware.de 1126100724 J * toidinamai ~frank@toidinamai.de 1126100724 J * revenger_ ~joe@bulldog.infosys.de 1126100724 J * duckx ~Duck@mna75-1-81-57-39-234.fbx.proxad.net 1126100724 J * dsoul darksoul@vice.ii.uj.edu.pl 1126100724 J * BWare ~bware@office.intouch.net 1126100724 J * meebey meebey@booster.qnetp.net 1126100724 J * locksy ~locksy@mrtg.sisgroup.com.au 1126100724 J * Bertl_zZ ~herbert@212.16.62.52 1126100724 J * cereal ~cereal@217.20.124.153 1126100724 J * case ~case@donpanic.faveve.uni-stuttgart.de 1126100724 J * sladen paul@starsky.19inch.net 1126100724 J * Beave ~beave@vistech.org 1126100724 J * janra_ janra@paradox.homeip.net 1126100779 J * lilo ~lilo@lilo.usercloak.oftc.net 1126100968 Q * obi jupiter.oftc.net arion.oftc.net 1126100968 Q * Beave jupiter.oftc.net arion.oftc.net 1126100968 Q * case jupiter.oftc.net arion.oftc.net 1126100968 Q * meebey jupiter.oftc.net arion.oftc.net 1126100968 Q * BWare jupiter.oftc.net arion.oftc.net 1126100968 Q * duckx jupiter.oftc.net arion.oftc.net 1126100968 Q * toidinamai jupiter.oftc.net arion.oftc.net 1126100968 Q * Loki|muh_ jupiter.oftc.net arion.oftc.net 1126100968 Q * locksy jupiter.oftc.net arion.oftc.net 1126100968 Q * janra_ jupiter.oftc.net arion.oftc.net 1126100968 Q * cereal jupiter.oftc.net arion.oftc.net 1126100968 Q * michal jupiter.oftc.net arion.oftc.net 1126100968 Q * eyck jupiter.oftc.net arion.oftc.net 1126100968 Q * dsoul jupiter.oftc.net arion.oftc.net 1126100968 Q * Bertl_zZ jupiter.oftc.net arion.oftc.net 1126100968 Q * revenger_ jupiter.oftc.net arion.oftc.net 1126100968 Q * sladen jupiter.oftc.net arion.oftc.net 1126101031 J * Loki|muh_ loki@satanix.de 1126101031 J * eyck eyck@81.219.64.71 1126101031 J * michal ~michal@michal.usercloak.oftc.net 1126101031 J * obi ~obi@asus.saftware.de 1126101031 J * toidinamai ~frank@toidinamai.de 1126101031 J * revenger_ ~joe@bulldog.infosys.de 1126101031 J * duckx ~Duck@mna75-1-81-57-39-234.fbx.proxad.net 1126101031 J * dsoul darksoul@vice.ii.uj.edu.pl 1126101031 J * BWare ~bware@office.intouch.net 1126101031 J * meebey meebey@booster.qnetp.net 1126101031 J * locksy ~locksy@mrtg.sisgroup.com.au 1126101031 J * Bertl_zZ ~herbert@212.16.62.52 1126101031 J * cereal ~cereal@217.20.124.153 1126101031 J * case ~case@donpanic.faveve.uni-stuttgart.de 1126101031 J * sladen paul@starsky.19inch.net 1126101031 J * Beave ~beave@vistech.org 1126101031 J * janra_ janra@paradox.homeip.net 1126101715 N * Bertl_zZ Bertl 1126101729 M * Milf Bertl are you awake? 1126101743 M * Bertl morning folks! 1126101753 M * Bertl Milf: yes I am .. somwhat :) 1126101773 M * Milf Good day ladies and Gentlemen, it is 4p.m. and a very good morning to you college students :) 1126102010 M * Bertl lol 1126102049 M * Bertl well, I got to bed @ 9:30am ... 1126102068 J * tchan_ ~tchan@c-24-13-81-164.hsd1.il.comcast.net 1126102202 Q * tchan Killed (NickServ command used by tchan_) 1126102204 N * tchan_ tchan 1126102821 J * fluor- ~fluor@tanneries.squat.net 1126102875 M * Milf Normal ja 1126102917 M * fluor- hi there - is it necessary to bind *every* service to a specific IP address on the host, even if I'm not planning to install similar services on the vservers, or can I just do that for services I'll be using on host _and_ on vservers? 1126102940 M * Milf the latter 1126102965 M * fluor- Milf: cool, I can stop fighting against Postfix, then ;) 1126102985 M * Milf But you'll be flummoxed if you change your mind and try to setup a service on the vserver you already set up on the host 1126102995 M * Bertl fluor-: nevertheless you should cut down services on the host to a minimum (for security reasons) 1126103011 M * Milf right now I only know of sshd that should be set up rigorously in the host. 1126103023 M * fluor- Bertl: sure, but some services seem pretty relucted to be bound to anything 1126103035 M * fluor- Milf: apache, proftpd & xinetd went fine 1126103048 M * fluor- Milf: I'm having trouble with Postfix, and NFS daemons 1126103057 M * Milf Ok, but who wants to run an apache on the host? 1126103092 M * Milf <-- convinced spartanic 1126103110 M * fluor- Milf: someone who wants to share SSL certificates in between Postfix, dovecot & apache2, without replicated this sensitive file over 3 sub-servers 1126103118 J * mef ~mef@targe.CS.Princeton.EDU 1126103146 M * Milf Then set those three services into the same vserver 1126103160 M * Milf <-- doesn't get it 1126103172 M * fluor- Milf: I'll probably move onto that once my vserver scheme is set 1126103175 M * Bertl fluor-: you can also use the v_* wrappers for limiting services on the host (or simply chbind --ip ...) for services other than ssh ... 1126103179 M * fluor- Milf: I'm migrating from UML to vserver ATM 1126103205 M * fluor- Bertl: v_* wrappers? 1126103272 M * Bertl there are some runlevel scripts e.g. v_postfix which can be used instead of postfix (as runlevel script) to limit that to a single IP (or set of IPs) without changing anything in the postfix config 1126103289 M * fluor- hmm, nice 1126103301 M * fluor- chbind looks tasty though 1126103307 M * fluor- but I'll have to change my startup scripts 1126103323 M * fluor- which will eventually get overrided in an upgrade 1126103323 M * Bertl that's what the wrappers are for ... 1126103330 M * fluor- right 1126103394 M * fluor- Bertl: thanks for all the tips! 1126103406 M * Bertl fluor-: you're welcome! 1126103425 M * Bertl welcome mef! 1126103480 M * Milf Bertl can I bug you a little about some problem I'm having since I upgrade from 2.4 Kernel with util0.30 to 2.6 with util 0.30.208? 1126103701 M * Bertl sure ... 1126103711 J * Milf0438 ~Miranda@ipsio319.ipsi.fraunhofer.de 1126103721 M * Milf0438 Hmmm, did I just nod off due to network problems? 1126103896 M * Milf0438 Bertl can I ask you my question? 1126103908 M * Bertl 16:35 < Bertl> sure ... 1126103963 M * mnemoc *g* 1126103983 M * Milf0438 Sorry, I got disconnected and didn't hear your answer. 1126104002 M * Milf0438 Ok, I have no problems with the new tools not working with legacy config. 1126104018 M * Milf0438 I found the script on the list archives to make a transition. 1126104024 Q * Milf Ping timeout: 480 seconds 1126104030 M * Milf0438 But my verservers wont stop by themselves 1126104047 N * Milf0438 Milf 1126104060 M * Milf I have to enter then and manually do reboot -f 1126104087 M * Milf or I can add a line like that to the initscripts 1126104137 M * Milf But I don't know if that's very clean to do. 1126104274 M * Bertl hmm ... won't stop means they keep hanging around or what? 1126104294 M * Milf Yep, the init process refuses to die 1126104309 M * Milf and 'vserver test01 stop' hangs indef 1126104326 M * Milf (This is SuSE we're talking about) 1126104414 M * Bertl did you compile the tools with dietlibc? 1126104527 M * Milf How would I find out if I did or not? 1126104552 M * Bertl vserver-info - SYSINFO 1126104587 M * Milf I didn't compile with dietlibs 1126104618 M * Bertl so you have been warned :) 1126104647 M * Bertl seriously, try with dietlibc, it should work 1126104685 M * Milf Hmmm, I didn't set any configs to exclude that, so configure probably didn't find any. 1126104720 M * Bertl yes, probably it _wasn't_ installed 1126104737 M * Milf What is the dietlibc and where can I get it? 1126104802 M * Bertl http://www.fefe.de/dietlibc/ what distro do you use? 1126104803 M * Milf hmmm config --enable-dietlibc worked 1126104811 M * Milf SuSE 1126104826 M * Bertl suse uses yast, right? 1126104832 M * Milf Yep 1126104837 M * Milf Use dietlibc: yes (using -lcompat) 1126104842 M * Milf will that be enough? 1126104844 M * Bertl try installing it with yast 1126104856 M * Bertl (the dietlibc) 1126105015 M * Milf Hmmmhmmm, my testserver has dietlibc 0.21 available :) 1126105224 M * Bertl well, 0.28 is current ... but it might even work :) 1126105229 M * Milf This will take a while on a PII 1126105250 M * Milf Nope compiler error *sighs* 1126105445 M * mnemoc Bertl: 0.29 :) 1126105502 M * Milf Would the build with -lcompat be any help? 1126105506 M * Bertl ah, 0.29, good :) 1126105530 M * Bertl Milf: why not 'just' install dietlibc on your machine? 1126105546 M * Milf I ran into a compiler error on the test machine 1126105575 M * Bertl one you had not before? 1126105586 M * Milf Didn't have it before. 1126105593 M * Bertl (I guess your compiler is just too old or not completely installed) 1126105594 M * Milf Lemme try if the lcompat mode works. 1126105610 M * Milf or I can try the production machine :) 1126105635 M * Milf Testmachine has SuSE 8.2, production has 9.2 i think 1126105637 Q * litage Ping timeout: 480 seconds 1126105659 M * Bertl http://www.novell.com/products/linuxpackages/professional/dietlibc.html 1126105714 M * Milf 0.23 --> that's why SuSE is also on the list of OSes that suck :) 1126105737 M * Milf One way or the other, it won't build on the test machine. 1126105741 M * Milf I'll try the prod server. 1126105763 M * Bertl well, you can always compile the dietlibc from scratch ... even on suse :) 1126105778 M * Milf Yep, that'll be my last resort 1126105832 M * Milf Hmm, gotta explicitly enbale the dietlibc, even if it's installed. 1126105861 M * Milf Same problem 1126105861 M * Milf In file included from lib/getvserverbyctx.c:31: 1126105861 M * Milf lib/getvserverbyctx-compat.hc: In function `handleLegacy': 1126105861 M * Milf lib/getvserverbyctx-compat.hc:45: error: dereferencing pointer to incomplete type 1126106116 J * Milf0438 ~Miranda@ipsio12.ipsi.fraunhofer.de 1126106131 M * Milf0438 Sorry, I got flipped out again by our firewall. 1126106140 M * Milf0438 right after my last remark 1126106244 M * Milf0438 (ok, looked in the logs, no one said anything :) 1126106334 M * Bertl Milf0438: seems like suse is not a good distro for compiling, what gcc do you ahve? 1126106398 M * Milf0438 CC: gcc, gcc (GCC) 3.3 20030226 (prerelease) (SuSE Linux) 1126106405 M * Milf0438 that's on the testserver 1126106428 M * Bertl and it gives you the error above? 1126106444 Q * Milf Ping timeout: 480 seconds 1126106620 Q * VooDooMaster Quit: Nettalk6 der Freeware IRC-Client 1126106625 M * Greek0 Vudumen: ping? 1126106635 M * Vudumen Greek0: pong 1126106651 M * Greek0 ah finally :) 1126106665 M * Vudumen :) 1126106669 M * Greek0 could you put online the sources for your libvserver .debs please? 1126106677 M * Vudumen yes 1126106697 M * Vudumen but it's not a correct package so debian/rules binary won't build it : 1126106698 M * Vudumen ) 1126106710 M * Greek0 I'd like to rebuild them against glibc instead of dietlibc, and I was to lazy to do it myself 1126106717 M * Greek0 uh, how does it build then? 1126106719 M * Vudumen well you can download it :) 1126106722 M * Vudumen it's already done 1126106728 M * Vudumen just use 0.3-1 instead of 0.3-2 1126106750 J * Milf ~Miranda@ipsio3.ipsi.fraunhofer.de 1126106763 J * cryo ~say@212.86.243.154 1126106764 M * Milf I gotta go and kill the networking department. 1126106771 M * Greek0 have fun Milf 1126106778 M * Milf alas, I'm on vacation in half an hour 1126106780 M * HostingGeek Milf: I already did that for you 1126106801 M * Milf Bertl: yes, gcc 3.3 gives me that error. 1126106828 M * Milf I'll check the sources now and if I can't compile it in 5 Minutes, I'll stick to hotfixes for the already updated server until after my vacation 1126106839 J * litage ~nick@203.201.96.188 1126106869 M * Milf I already have a nice conversion script for legacy to confdir 1126106888 M * Vudumen Greek0: you can use the packages i've uploaded 1126106899 M * Vudumen libvserver_0.3-1_i386.deb and libvserver-dev_0.3-1_i386.deb 1126106904 M * Vudumen these are compiled with glibc support 1126106921 M * Greek0 ah 1126106933 M * Greek0 hmm, can I have a look at the source anyway? 1126106956 M * Vudumen i've uploaded the source tar.gz 1126106961 M * Vudumen check it if you want :) 1126106992 M * Vudumen but as i said it's not a correct package :) i build the lib with hands and then copy the files to the correct location and then run debian/rules binary 1126107040 M * Greek0 uargs ;) 1126107070 Q * Milf0438 Ping timeout: 480 seconds 1126107072 M * Vudumen i said that it's a bit "crappy" :P 1126107195 J * DuckMaster ~duckx@195.75.27.158 1126107200 M * Milf ok, I forget about debigging :) 1126107492 M * Bertl Milf: okay, enjoy your vacation! 1126107506 M * Milf Gotta patch up the prodserver first. 1126107526 M * Milf don't want my colleague to despair if he has to fix anything there. 1126107536 M * Bertl but I'm off for now ... back later though ... 1126107543 M * Bertl so good luck! 1126107550 M * Milf see ya 1126107552 N * Bertl Bertl_oO 1126107562 M * mef bertl: when will you be back. 1126107643 M * Bertl_oO mef: guess around mindnight at least probably earlier 1126107647 M * HostingGeek Beave: NOOO! 1126107653 M * HostingGeek Bertl_oO: NOOO! 1126107665 M * HostingGeek Bertl_oO: stay your my only friend 1126107676 M * HostingGeek Bertl_oO: if you go I have no friends j/k 1126107694 M * Bertl_oO HostingGeek: time to start making new ones, eh? 1126107720 M * HostingGeek Bertl_oO: no one can replace you 1126108432 M * michal lol 1126108451 M * michal Bertl popular as always 1126108474 M * michal HostingGeek: he will return, but as i know probably in the night ;) 1126108671 Q * prae Quit: Execute Order 69 ! 1126109839 J * lilo_ debian-tor@lilo.usercloak.oftc.net 1126109864 Q * lilo Killed (NickServ command used by lilo_) 1126109872 N * lilo_ lilo 1126109960 M * Milf --> Vacation 1126109969 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1126112031 M * Hollow LOL! 1126112039 M * Hollow http://del.icio.us/tag/hemp look at the 5th entry 1126112182 Q * mef Quit: using sirc version 2.211+KSIRC/1.3.10 1126112442 M * daniel_hozac ahhaha 1126113096 M * Hollow :) 1126115377 J * nayco ~nayco@82.251.20.245 1126115428 M * nayco Hello, all !!! 1126115611 A * Greek0 waits for del.icio.us to load.. 1126115617 M * Greek0 terribly slow today :-/ 1126115657 M * HostingGeek its dead! 1126116190 M * Greek0 Hollow: hehe, nice tag 1126116299 M * HostingGeek DEAD! 1126116358 Q * DuckMaster Quit: Leaving 1126116394 M * HostingGeek wtf is up with their CSS file 1126116425 M * HostingGeek :) epiphany can swap css files :) 1126116433 M * HostingGeek grass1 is pritty good 1126116647 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1126116673 M * nayco HostingGeek: Talking about the great flower page ? 1126116692 M * HostingGeek ? 1126116717 M * SiD3WiNDR yes, he does. 1126116724 M * nayco The util-vserver config page ? 1126116731 M * SiD3WiNDR weedpage rocks. 1126116733 M * Greek0 yep 1126116740 M * nayco Arffffffffffffffff :D :D :D !!!! 1126116754 M * Greek0 nayco: context: http://del.icio.us/tag/hemp 1126116755 M * nayco Yes, WeedPage is my favorite to :D :P :D ! 1126116798 M * nayco *too 1126116836 M * nayco Greek0: Ok ! that's funny that vserver config ended up in the smokescreen category of delicious... ;-) 1126116869 M * nayco I forgot : Thanks, guys 1126117945 J * maharaja maharaja@ip52.ipax.at 1126118039 M * Johnsie The problem is, you about have to be on drugs to read it. 1126118090 M * Hollow Greek0: funniest is, i found it on some headshop site lol 1126118109 M * Greek0 lol 1126118126 M * Hollow have to do some shop coding for them, and just clikced on the rss news link, and wtf /etc/vservers popped up lol 1126118141 M * Greek0 Hollow: did you talk with Bertl about the ruby stuff already? 1126118146 M * Hollow no 1126118160 M * Hollow imo many won't like ruby ;) 1126118189 M * Greek0 I did neither. was busy with my sparcstation and with getting some general infrastructure for kernel cross-compiles up 1126118230 M * Greek0 I'd still prefer python, since it's also quite widespread. but I can live with other languages too 1126118238 M * Greek0 one exception: perl would be no-go for me 1126118275 J * mef ~mef@targe.CS.Princeton.EDU 1126118276 M * Greek0 I mean, I could probably handle it too, I just think that it wouldn't be very positive for my interest in this stuff 1126118638 M * Hollow hm, yeah... we could use python too, would have to dig into it first, but that shouldn't be _that_ problem.. 1126118723 M * Greek0 mm. probably the same situation as with me and ruby.. 1126118904 J * hillct ~hillct@client200-5.dsl.intrex.net 1126120103 M * Greek0 Hollow: btw, could you clarify the license a bit in the README? that libvserver as a whole is GPL'ed? 1126120127 M * Greek0 I'm currently building .deb's, and it would be nice if the license was more then totally clear in the upstream sources 1126120264 M * Hollow Greek0: yup, GPL 1126120280 M * Greek0 yep, would be nice if you could stuff that into the readme, or the authors file 1126120290 M * Hollow yup 1126120301 M * Greek0 so it's clear that this also covers the README itself, other documentation, ... 1126120616 M * Hollow ipod nano, yummie 1126120702 M * nayco you guys talk about libvserver bindings to other languages ? 1126120712 M * hillct Hollow is there a generic pvprocunhide-files file list that represents a good starting point for hiding /proc contents from vhosts? 1126120718 M * hillct er vservers 1126120734 M * Hollow hillct: /usr/lib/util-vserver/default/vprocunhide-files 1126120753 M * hillct really? 1126120757 M * Hollow yeap 1126120761 M * hillct didn't see that file 1126120765 M * Hollow :) 1126120765 A * hillct looks again 1126120772 M * Hollow at least with my installation 1126120852 A * nayco wonders which languages will be supported by libvserver 1126120885 M * hillct hmm 1126120888 M * hillct yeah, it's there 1126120891 M * hillct cool 1126120905 M * Hollow nayco: well, probably all that swig supports ;) 1126120919 M * nayco Hollow: What is swig ? 1126120951 M * Hollow Simplified Wrapper and Interface Generator 1126120963 M * hillct now I still don't get why /proc shows up in a new vserver I created with tools 30.208 and vs2.01 when the vserver is down, whereas with vservers created earlier, /proc is mounted as part of the vserver startup process 1126120966 M * nayco Ok, I gonna google for it 1126120966 M * Hollow it generates bindings from your header files (basically) 1126121007 M * nayco Hollow: So it can generate libvserver bindings for many languages ? 1126121028 M * Hollow yeah, some probably need tweaking in the swig interface file, but should be possible 1126121038 M * nayco Oh : "Currently supports Python, Perl, and Tcl" .... Good 1126121058 M * Hollow yeah, it supports 11 languages iirc 1126121093 M * nayco So, in the future, managing vservers from perl could possible ? I gonna take a look to see if it can handle PHP 1126121119 M * nayco LOL : SWIG - Serious Wine Imbibers Group - www.swig.co.uk 1126121149 M * Hollow yeah, all that would be possible, though you'll get problems running it in apacher or so, because apache ain't root 1126121189 M * nayco ...Mmmm, good point. Er... suexec is made for that, no ? 1126121194 M * Hollow but probably there will be a daemon with an rpc or soap like interface so that problem is solved too 1126121198 M * Hollow but gtg, cu later 1126121210 M * nayco although it is a security threat 1126121225 M * Hollow nayco: suexec won't let you exec as root, and tbh, i'd never encourage people to do ;) 1126121241 M * nayco I agree ;-) 1126121269 M * nayco So it's not possible to manage vserver from a web interface ? 1126121272 M * Hollow ok, cu! 1126121277 M * nayco Bye. 1126121281 M * Hollow nayco: with a daemon with rpc or soap it would be 1126121288 M * nayco K 1126121739 M * Greek0 there is some project that allows managing vservers via a webinterface 1126121751 M * Greek0 look at http://del.icio.us/greek0/vserver 1126121757 M * Greek0 somewhere there should be the linke 1126121760 M * Greek0 -e 1126121767 M * nayco k 1126121796 M * micah I set someone's shell to be /usr/local/bin/v.admin a script that simply does:/usr/sbin/vserver admin exec bash -c "su - cms" 1126121802 M * micah but when I try to login, I get this error: 1126121817 M * micah 'vserver ... suexec' is support for running vservers only; aborting... 1126121841 M * nayco er.... Did you start you vserver ? 1126121846 M * nayco +r 1126121869 M * micah nayco: yes, it is running 1126121877 M * micah nayco: I can run that command as root 1126121906 M * Greek0 micah: have you got /usr../v.admin in /etc/shells? 1126121908 M * nayco Ok, so, it is the syntax of your command that scares it... 1126121939 M * micah Greek0: yes 1126121968 M * Greek0 hmm. but if you set that as shell for someone, it will be executed with their uid 1126121974 M * Greek0 which is normally != root 1126121992 M * Greek0 so vserver wouldn't work normally, or? 1126122044 M * micah Greek0: true... but sudo does not work either 1126122077 M * Greek0 what does sudo say? 1126122094 M * micah vcontext: execvp("-c"): No such file or directory 1126122120 M * Greek0 aeh. what commandline do you have for sudo? 1126122138 M * micah sudo /usr/sbin/vserver admin exec bash -c "su - cms" 1126122158 M * micah probably quotes are goofy 1126122259 M * Greek0 probably 1126122309 M * hillct is this not the same thing as using v_sshd and allowing the user to login to the 'cms' account? 1126122332 M * hillct or don't you want to ptovide an external IP? 1126122336 Q * lonewolff Remote host closed the connection 1126122346 M * micah hillct: I am not sure what v_sshd does 1126122362 M * micah hillct: but what I have is a host and a vserver that share the same IP, the host has sshd running, so I cannot run it on the vserver 1126122419 M * hillct yeah, if you don't have a separate external IP for your vserver, the sshd solution won't help much 1126122451 M * hillct as far as web interfaces, I've been toying with the idea of implementing a webmin module for management of vservers 1126122467 M * hillct but I havn't begun work on it 1126122621 M * micah huh, i got it to work now 1126122628 J * lonewolff ~lonewolff@host86-128-17-74.range86-128.btcentralplus.com 1126122643 M * hillct what'd you have to do? 1126122693 M * hillct set the setuid bit ov vserver? 1126122726 M * micah no, I'm not sure what I did heh 1126122739 M * hillct hmm 1126122742 M * micah the script simply has: 1126122745 M * micah sudo /usr/sbin/vserver admin exec bash -c "su - cms" 1126122751 M * micah which is what I thought I had before 1126122870 J * yarihm ~yarihm@80-218-5-17.dclient.hispeed.ch 1126122909 M * Greek0 micah: btw, vserver also supports suexec 1126123456 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net 1126123465 A * oliwel send a hello to the crowd 1126123522 M * oliwel *knockknock* anybody here 1126123624 M * Greek0 hi 1126123650 M * oliwel Hi 1126123662 M * oliwel Are you familiar with Routing and VLANs 1126123960 M * Greek0 not entirely, but you can ask your question and we'll look if we can help 1126124062 M * oliwel Hmm ok I will try 1126124079 M * oliwel I have setup my base system with two vlans 1126124079 A * Greek0 wonders if he's on dope. libvserver doesn't like to build when run from dpkg-buildpackage.. strange 1126124100 M * oliwel So I now have eth0.1 on Network A and eth0.2 on network B 1126124120 M * oliwel The Basesystem can route into either networks 1126124143 M * oliwel Now I have a vserver-guest that has a IP from Network A 1126124162 M * oliwel From the guest I cannot ping to network B 1126124249 M * oliwel when I look at the routing table inside the guets there is a line for network B but it has "*" as interface (as eth0.2 is not known inside the vserver 1126124249 M * Greek0 which makes sense, not? 1126124259 M * Greek0 mm 1126124263 M * oliwel Yesno - of course I cannot ping directly because its another network, but I must create a root 1126124265 M * oliwel route 1126124285 M * oliwel Packets from vserver1 must go through the host to go to network b 1126124354 M * Greek0 how should the vserver access network b if it doesn't have an ipaddress within it's space? 1126124400 M * Greek0 what you can do is NAT'ing on the host based on some criterium 1126124415 M * oliwel The problem is that inside the vserver I have a dedicated route for network b but it uses an interface not existing inside the server 1126124424 M * Greek0 if you really want the guest to be able to talk to both networks just give him access to the second network b 1126124440 M * Greek0 i.e. another entry in /etc/vservers/*/interfaces 1126124443 M * oliwel I dont want to give him an IP in B but it must reach B 1126124463 M * Greek0 what should it do on B without a valid ip address? 1126124468 M * oliwel it should use the default route 1126124482 M * oliwel it should talk to anoterh host taht is in B 1126124500 M * Greek0 so it should use the ipaddress of the host in this case? 1126124511 M * oliwel No - 1126124532 M * Greek0 look. if it should connect to hosts on network b it has to have an IP that's inside of the range of network b 1126124534 M * oliwel Server 1 hast the IP Adress 10.0.0.100, Server 2 has 10.0.1.100 1126124544 M * Greek0 ? 1126124546 M * oliwel So A shpuld talk to B using the default Router 1126124565 M * oliwel i have a router conntecting both networks 1126124597 M * Greek0 so your vserver host does the routing? 1126124607 M * oliwel yes 1126124632 M * oliwel the problem seems to be that the host is member in both networks but the guest is not 1126124657 M * Greek0 and you want the guest to be treated as if it was a normal server within network A? 1126124663 M * oliwel the guest sees the route but not interface it must use 1126124670 M * Greek0 i.e. just like if you put a real server on network A? 1126124684 M * oliwel jes 1126124745 M * Greek0 hmm. you need some iptables rule for that IIRC 1126124810 M * oliwel but I cant make rule sfor the guest 1126124827 M * Greek0 of course you can. on the host, based on the guest IP 1126124837 M * oliwel hmm the might work 1126124918 M * oliwel I will try - thx a lot 1126124922 A * oliwel waves goodbye to the crowd 1126124923 M * Greek0 uhm 1126124925 M * Greek0 wait 1126124927 M * oliwel ok 1126124953 M * Greek0 I'm not sure an iptables rule will do it.. I thought of something like SNAT or DNAT, but that won't work.. 1126124965 M * Greek0 do you really do routing between the networks, not NAT or something like this? 1126125001 M * oliwel I have a Cisco Router and a VLAN capable Switch, the eth0 is a real trunk 802.11q 1126125021 M * oliwel The host has two IPs , one in each VLAN 1126125047 M * oliwel at least my host can ping all IPs and can be pinged on both IPs from outside 1126125076 M * oliwel I think there is no Routing involed as the host should select the correct network 1126125094 M * oliwel the default route is using the vlan1 - so this is working too 1126125230 M * Greek0 hmm. 1126125248 M * Greek0 but can you actually ping a 10.0.0.x address from a 10.0.1.y host? 1126125273 M * Greek0 i.e. when you're not on that special machine or on your cisco router? 1126125371 M * oliwel yes 1126125374 M * Greek0 ok 1126125383 M * oliwel from hosts outside everything is working 1126125425 Q * dddd44 Ping timeout: 480 seconds 1126125430 M * Greek0 can I see your current interfaces configuration? `cat /etc/vservers//interfaces//*` should be enough 1126125485 M * oliwel I think this is the problem: 1126125490 M * oliwel On the Host 1126125494 M * oliwel 212.18.24.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.4 1126125499 M * oliwel inside the vserver 1126125501 M * oliwel 212.18.24.0 0.0.0.0 255.255.255.0 U 0 0 0 * 1126125515 M * Greek0 no, _only_ your vserver config 1126125530 M * oliwel mom 1126125563 M * oliwel cat /etc/vservers/mx02/interfaces/0/* 1126125565 M * oliwel eth0.3 1126125567 M * oliwel 82.135.58.33 1126125568 M * oliwel mx02 1126125570 M * oliwel 24 1126125589 M * oliwel 82.135.58.33 is eth0.3 VLAN3 1126125594 M * oliwel 212... is VLAN 4 1126125603 M * oliwel the Host has interfaces in both 1126125616 M * Greek0 hmm. ok, so my idea won't work 1126125672 M * Greek0 I'm not sure if this is 100% correct, but the interface name shouldn't actually matter that much for the vserver config 1126125682 M * oliwel ? 1126125689 P * hillct 1126125703 M * Greek0 the linux kernel (and vserver afaik) don't work in terms of interfaces, but only in terms of ips 1126125749 M * oliwel ok 1126125754 M * Greek0 hmmm. can you show me the relevant parts of the routing table on the host? 1126125760 M * oliwel Something is strange: 1126125762 M * Greek0 both vlans 1126125764 M * oliwel When I start the vserver 1126125766 M * oliwel ERROR: trying to add VLAN #3 to IF -:eth0:- error: Invalid argument 1126125774 M * oliwel same when I stop it... 1126125894 M * Greek0 oliwel? 1126125896 M * oliwel ja 1126125905 M * Greek0 routing table on the host? 1126125913 M * oliwel mom 1126125914 M * Greek0 for the 2 vlans 1126125968 M * oliwel 82.135.58.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.3 1126125970 M * oliwel 212.18.24.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.4 1126125971 M * oliwel 192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 1126125973 M * oliwel 0.0.0.0 82.135.58.1 0.0.0.0 UG 0 0 0 eth0.3 1126125981 M * oliwel the 192 is a second NIC - ignore this pls 1126125985 M * Greek0 ok 1126126034 A * Greek0 goes to reread the networking docs 1126126130 M * oliwel *g* 1126126351 M * oliwel so any ideas ? 1126126360 M * Greek0 ok, lacking better ideas, try this: add a second interface for eth0.4, assign some dummy ip, proper netmask and stuff, and just use netfilter to drop (or reject) every traffic coming from or going to that ip 1126126388 M * oliwel I dont understand the sense of this 1126126496 M * oliwel still there ? 1126126504 M * Greek0 cd /etc/vservers/interfaces; mkdir 1; echo eth0.4 > 1/dev; echo 212.18.24.254 > 1/ip; echo 255.255.255.0 > 1/netmask; iptables -A INPUT -d 212.18.24.254 -j DROP; iptables -A OUTPUT -s 212.18.24.254 -j DROP 1126126513 M * Greek0 took some time building that line --^ 1126126544 M * oliwel ok mom 1126126578 M * Greek0 if that still doesn't work, or you want a real solution, not some strange hack, you can wait for about an hour, than Bertl will be back (at least he said so). He can probably help much better then I can 1126126608 M * oliwel Tell me - what do you want to show with that hack ? 1126126638 M * Greek0 that way the route inside the guest should at least show and probably also work correctly 1126126654 M * oliwel ok I understand that I give an IP from Net B to the host and the iptables should prevent it from being connected ? 1126126657 M * Greek0 while still forbidding the guest to actually use that ip on the .4 subnet 1126126679 M * oliwel But there is a clue in your minds :) 1126126683 M * Greek0 (on the eth0.4 subnet that is) 1126126699 M * oliwel The Guest will use the given IP from B to ping Hosts on B directly 1126126717 M * oliwel And as I forbid the packets nothing wil happen 1126126772 M * Greek0 hmm. ok. then don't DROP but do SNAT (and DNAT if you wish) 1126126794 M * oliwel this means I must NAT from the B net to the A Net...thats ugly 1126126829 M * Greek0 iptables -A POSTROUTING -s 212.18.24.254 -j SNAT --to-source 82.135.58.33 1126126836 M * oliwel I think then the best way will be to put the host on a total isolated (loopback) network and do everything by iptabels 1126126862 M * oliwel THX I know abput Nating - but it is not a clean solution in my opionion 1126126884 M * Greek0 yep, that would probably work, you could use a dummy interface for that. 1126126898 M * Greek0 I'd really suggest waiting for Bertl, he'll probably have a solution 1126126914 M * Greek0 or if he does not he's the one who can fix this limitation in linux-vserver ;) 1126127023 M * oliwel Yreah Bertl is great :=) 1126127044 M * oliwel So I have to do some other work, erhaps I will try to talk to bertl or write a mail to the list 1126127050 M * oliwel THX for trying 1126127051 M * oliwel bye 1126127054 M * Greek0 sorry for failing ;) 1126127055 M * Greek0 cu 1126127058 A * oliwel waves goodbye to the crowd 1126127063 Q * oliwel Quit: Chatzilla 0.9.68.5 [SUSE 1.0.6-4.1/20050715] 1126127740 Q * mef Quit: using sirc version 2.211+KSIRC/1.3.10 1126128022 Q * yarihm Quit: Leaving 1126128075 J * no_maam ~erik@datenzone.de 1126128076 M * no_maam hi 1126128201 M * no_maam what is the best way to have a kind of private ip-address on a linux-vserver? 1126128217 M * no_maam should I bind the ip-address to lo? 1126128251 M * daniel_hozac dummy0 would be better. 1126128294 M * no_maam ok 1126128665 Q * Blissex Remote host closed the connection 1126128822 M * no_maam can I somehow nat this vserver out? 1126128891 M * daniel_hozac iptables -t nat -A POSTROUTING -s -j SNAT --to-source 1126129279 M * mugwump Hollow: around? 1126131312 Q * nayco Quit: Bonne nuit ! 1126131595 J * menomc ~amery@200.75.27.79 1126131700 Q * mnemoc Ping timeout: 480 seconds 1126131700 N * menomc mnemoc 1126132454 Q * Doener Ping timeout: 480 seconds 1126132478 J * Doener ~doener@p548764BA.dip.t-dialin.net 1126132955 M * Greek0 finally.. I've got a script now that makes .debs from built kernel trees. it works for in-tree builds as well as for out-of-tree builds 1126133319 M * mugwump hooray! publish it! 1126133379 M * mugwump make-kpkg is quite simply a bunch of arse. 1126133409 M * Greek0 will do. I'll now setup a cross compile environment here and and make sure that script works for cross builds too 1126133433 M * mugwump excellent! I've recently built a few vserver packages ... see http://apt.utsl.gen.nz/debian/ 1126133435 M * Greek0 well, my script uses make-kpkg to do most of the work. the problem with make-kpkg is just that it doesn't work on already built trees. 1126133453 M * mugwump yes, and this leads to a loooooong debug cycle 1126133486 M * mugwump That README.txt is so preliminary it's funny :) 1126133511 M * Greek0 yep. fortunately it's not too hard. 1126133535 M * Greek0 basically it's just creating the stamp files and some more files that make-kpkg needs 1126133539 M * mugwump http://apt.utsl.gen.nz/debian/pool/sarge-i386/ are a couple of packages I've made so far 1126133579 M * Greek0 I go an extra mile and create some meta-information too that gets included by make-kpkg 1126133591 M * Greek0 like toolchain versions and stuff 1126133607 M * Greek0 16,5M kernel-image? allmodconfig? 1126133608 M * mugwump I was wondering how to add extra dependencies, like module-init-tools seem to be needed 1126133638 M * mugwump I took the config from the kernel-image-2.6.12-686-smp package in Debian sid 1126133688 M * mugwump But if I could use one kernel tree, and build multiple kernels using varying .config files, where each new build was actually only partial compiling, that would rock 1126133695 N * [MUPPETS]Gonzo G|bei|Ratten 1126133725 M * Greek0 well the official packages have a dependency on module-init-tools 1126133745 M * mugwump yes, I wanted to build a kernel that was as versatile as the default one. 1126133795 M * Greek0 hmm donno what those guys use actually. you can do all sorts of stuff if you decuple generating the debian dir from building the package 1126133802 M * Greek0 make-kpkg debian 1126133806 M * Greek0 1126133811 M * Greek0 make-kpkg kernel_image 1126133830 M * mugwump yeah, but I want the hack hack hack part to be automatic :) 1126133861 M * Greek0 what really rocks with make-kpkg are the maintainer scripts 1126133868 M * Greek0 that automatically update boot loaders and stuff 1126133898 M * mugwump well, yes. but then, `make install' also has hooks to make that work, too 1126133957 M * Greek0 uhm yea. I just never did make install manually ;) 1126133976 M * mugwump On debian|ubuntu it is very nice indeed 1126134006 M * Greek0 http://greek0.net/~greek0/div/makedeb 1126134021 M * mugwump It would be *fantastic* if I could use `make install' to get it to the point where I like it, then `make-kpkg --just-fucking-assemble-the-deb-bitch' 1126134060 M * Greek0 well I don't use such cool names, but mkdeb lets you do more or less that 1126134075 M * Greek0 modulo maintainer scripts of course, that's all handled by make-kpkg 1126134118 M * mugwump very cool... hey want to put a short copyleft etc at the top? 1126134131 M * Greek0 ah, of course, sorry 1126134150 M * Greek0 after hinting people 2 times about copyright stuff today, I seem to be lazy myself :) 1126134173 M * mugwump so ... what other packages have you made? a libvserver? 1126134257 M * mugwump ah, that was you posting about it on the ML 1126134292 J * Aiken ~james@tooax8-061.dialup.optusnet.com.au 1126134322 M * Greek0 yep 1126134325 M * mugwump btw personally my vote on that issue is that the util-vserver debian package delivers that file to a different place, or in a seperate package like libvserver0 1126134336 M * Greek0 I'm working on libvserver debs 1126134359 M * Greek0 libvserver0 seems too much. the util-vserver libvserver.so isn't used anywhere outside of util-vserver 1126134374 A * mugwump nods 1126134375 M * Greek0 that's why I think it should just go to /usr/lib/util-vserver/libvserver.so 1126134381 A * mugwump nodnods 1126134411 M * Greek0 putting it in /usr/lib/ is a bit suspicious anyway, since util-vserver is not an official library package and doesn't include an soversion in the package name 1126134432 M * Greek0 so abi changes would in that lib will/would be quite a PITA if anyone else used it 1126134444 M * mugwump Yes, indeed. On another note, I'm quite keen to wrap libvserver in XS, so that we can have a Perl userland suite as well as any other C one people want to write 1126134491 M * Greek0 ok, updated version there 1126134705 M * Greek0 the script will probably change a bit when I add that cross-compile stuff 1126135279 M * mugwump ok ... which VCS systems are you savvy with / prefer? 1126135349 M * Greek0 I know arch pretty well, played a bit with git. saw a little bit of darcs. I'm not a big fan of cvs or svn. 1126135397 M * Greek0 I just believe that distributed VCSes make it much easier for other people to contribute, which is one of the things you definitely _want_ to make easy in your project 1126135427 M * mugwump they do. SVN is not one of those, for sure. But svk layers that atop it. 1126135434 M * mugwump I mean to learn git in the near future 1126135468 M * mugwump I'm thinking it might be possible to make a program that emulates svk but uses Git as a filesystem :-> 1126135604 M * Greek0 oh, svk might be pretty nice too 1126135634 M * Greek0 I've heared that svn is a pain to setup, and for my personal use I mostly have arch 1126135728 M * litage morning vserver peoples 1126135738 M * Greek0 I hate it when I run out of water. now I even have to get up and get some :-/ 1126136236 Q * Aiken Remote host closed the connection 1126136257 M * Greek0 I think I have some problems with the apt-get UI: http://paste.debian.net/1835 1126136324 Q * lilo Remote host closed the connection 1126136884 Q * click Ping timeout: 480 seconds 1126136992 J * lilo ~lilo@lilo.usercloak.oftc.net 1126137019 N * Bertl_oO Bertl 1126137023 M * Bertl evening folks! 1126137039 M * Bertl mugwump: check out cogito ... 1126137132 M * mugwump mmm, what we're actually planning for linux.conf.au is to have two 2 hour VCS tutorials on different days, one for svk/svl and one for cogito 1126137227 M * mugwump In theory the systems should be able to work together... but we'll see how well that works out in practice