1126744692 Q * Blissex Remote host closed the connection 1126748806 J * Loki|muh_ loki@satanix.de 1126748806 Q * Loki|muh Read error: Connection reset by peer 1126749356 Q * Loki|muh_ Read error: Connection reset by peer 1126749465 J * Loki|muh loki@satanix.de 1126749509 Q * Loki|muh Quit: 1126749517 J * Loki|muh loki@satanix.de 1126750452 Q * virtuoso iridium.oftc.net jupiter.oftc.net 1126750452 Q * Hunger iridium.oftc.net jupiter.oftc.net 1126750452 Q * obi iridium.oftc.net jupiter.oftc.net 1126750518 J * virtuoso ~s0t0na@shisha.spb.ru 1126750518 J * Hunger Hunger.hu@Hunger.hu 1126750605 J * obi ~obi@tg3.saftware.de 1126750738 Q * Medivh Read error: Operation timed out 1126750760 J * Medivh ck@paradise.by.the.dashboardlight.de 1126751791 Q * RedSpy Ping timeout: 480 seconds 1126754997 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1126755237 J * JonT ~jonathan@203-206-176-245.dyn.iinet.net.au 1126755582 M * JonT I have a few vserver guests running the older releases on the 2.4 kernels. I'm currently in the process of moving everything over to the new 2.0 vserver and would like to implement rlimits during the upgrade. 1126755695 M * JonT My first concern is memory usage - I've found that I can limit RSS (which only covers real RAM) or VM/AS, but is there any way to allocate say 128Mb of RAM AND 256Mb of swap to a context? 1126755741 M * Bertl no, because it is very hard to separate shared pages/data ... and linux-vserver is all about sharing resources 1126755775 M * Bertl but the VM/AS and RSS will be used to 'fake' a ram/swap info ... 1126755786 M * Bertl (this can be enabled with virt_mem flag) 1126755860 M * Bertl JonT: you will have to switch to the new config style (the directory based one) to set the rlimits ... 1126755911 M * JonT Thanks Bertl - I've started converting them to the new config style. What I was impressed with though is that the old configs work really well, so there's no problem with moving the contexts from the old server to the new if I need to 1126755935 M * Bertl that's the idea behind the legacy support :) 1126756011 M * JonT Regarding the virt_mem flag - where abouts do I set that? 1126756037 M * Bertl you already know the FlowerPage? 1126756049 M * JonT aah yes - how can I forget :-) 1126756073 M * Bertl there are links for the flags, ccaps and bcaps ... 1126756112 M * Bertl (they show the available flags and locations) 1126756158 M * Bertl basically you do 'echo "virt_mem" > /etc/vservers//flags 1126756172 M * JonT I'm trying that at this very moment :-) 1126756175 M * Bertl and it will present something like this: 1126756202 M * Bertl - total memory (RAM) = min(RSS_max, real) 1126756232 M * Bertl - total swap space = VM_max-RSS_max 1126756501 M * JonT Is there any way to fake this in /proc/meminfo? 1126756676 M * JonT In other words, instead of displaying total/used swap and RAM for the host, display the context's allocated/limit? 1126756717 M * Bertl that's exactly what the virt_mem does ... 1126756746 M * JonT That's what I was thinking, but it hasn't seem to have done that. Let me try again. 1126756769 M * Bertl check a few things to verify that everything is correct: 1126756801 M * Bertl - the flag is present/set in /proc/virtual//status 1126756827 M * Bertl - the limits are set (see /proc/virtual//limit ) 1126756845 M * Bertl - you are inside the guest :) 1126756858 M * Bertl (third column of the limits is the actual hard limit) 1126756884 M * Bertl ah, and I forgot ... as you probably read on the rlimit page, the memory limits are in pages (4k) 1126756955 M * JonT Yep - I've noticed the limits are in pages - so 128Mb = 32768 in the rss file 1126756963 M * JonT I'll just check the rest 1126756964 M * Bertl precisely 1126757014 M * JonT I think that just worked! I had removed the rss file in rlimits to test the AS stuff - forgot to put it back. I'll just confirm. 1126757134 M * JonT Bertl - that wrked perfectly. Thanks! 1126757192 M * Bertl you're welcome! 1126758963 M * JonT My next problem is with CPU limiting for each context. I've been reading about the Token Bucket that Vserver uses, but I have no idea how I should be setting the cpu rlimit. Is there any advice you can give on dealing with this? 1126759001 M * Bertl http://linux-vserver.org/Scheduler+Parameters 1126759293 M * JonT Thanks - I must have missed that one. Looks like it will do exactly as I need. 1126759308 M * Bertl excellent! 1126759440 M * JonT While looking through the list of parameters, I noticed a "virt_cpu" parameter - what is that supposed to do? 1126759494 M * Bertl it is not done yet, in the future, it will show virtualized cpu usage 1126759515 M * JonT damn :-) Good to know it's something being considered though 1126759540 M * Bertl the load virtualization is working fine ... 1126762239 P * stefani parting (is such sweet sorrow) 1126764209 J * Aiken_ ~james@tooax8-141.dialup.optusnet.com.au 1126764556 Q * Aiken Ping timeout: 480 seconds 1126765400 Q * Hunger Remote host closed the connection 1126765616 J * Hunger Hunger.hu@Hunger.hu 1126765628 Q * Hunger Remote host closed the connection 1126765787 J * Hunger Hunger.hu@Hunger.hu 1126766619 Q * JonT Quit: 1126766936 J * prae ~benjamin@sherpadown.net 1126767275 J * sannes ~ace@simula-dhcp-084.simula.no 1126767285 M * Bertl welcome prae, sannes! 1126767297 M * sannes :) 1126767301 M * sannes morning 1126768184 J * RedSpy max@pD953787B.dip.t-dialin.net 1126768254 M * litage i set the host's hwclock and system clock time. how do you tell a vserver to update its clock? restarting the vserver doesn't sync/change to the host's clock 1126768683 M * Bertl the guest is always in sync with the host clock, as there is only one :) 1126768711 M * Bertl what you might observe is a different time zone inside the guest than on the host 1126768734 M * Bertl (this is configured in /etc/localtime, which is a binary config file declaring the timezone) 1126768894 M * litage hrmm 1126769102 M * AndrewLee Bertl: hi, the testme.sh reports are all succeeded on my ibook. 1126769122 M * AndrewLee Bertl: So that means the kernel-patch-vserver and linux-source-2.6.12 on debian is fine. 1126769170 M * Bertl well, it is a good indication that the basics work :) 1126769184 M * Bertl I wish the testme.sh would test _all_ cases/aspects :) 1126769228 M * Bertl AndrewLee: if you want to do more extensive testing, a) try testme.sh -L and b) have a look into the testfs.sh (which requires an unused partition/loop file) 1126769272 M * AndrewLee Bertl: -L reports all are succeeded as well. 1126769400 J * witchdoc ~witchdoc@d463c194.datahighways.de 1126769407 M * witchdoc hello all 1126769408 M * AndrewLee Bertl: I don't have any unused partition on my ibook, so I can use dd to make a loop file instead, right? 1126769469 M * Bertl welcome witchdoc! 1126769480 M * Bertl AndrewLee: yes, a loopback file works fine ... 1126769500 M * AndrewLee Bertl: And then how to I use the loopback file with testme.sh? 1126769548 M * Bertl AndrewLee: I forgot to mention, for the -L tests to be meaningful, you need to have the VSERVER_DEBUG feature enabled (you can test this with ls /proc/sys/vserver) 1126769591 M * Bertl AndrewLee: the script is testfs.sh (same location as testme.sh) and see testfs.sh -h for usage details 1126769593 M * AndrewLee No such file or directory 1126769612 M * Bertl AndrewLee: so it isn't enabled ... 1126769625 M * AndrewLee Bertl: Ok, should I recompile the kernel to enable it? 1126769638 M * AndrewLee Bertl: Or I can run the testfs.sh first 1126769661 M * Bertl that's completely up to you ... 1126769700 M * Bertl they are independant ... of course, the testfs.sh will produce additional logging with the debug option enabled (barrier checks and such) 1126769748 M * AndrewLee Bertl: Ok, let me recompile the kernel first. 1126769769 M * Bertl take your time, I'm pretty soon off to bed now ... 1126769783 J * Vincent ~vip-vs@cc521104-d.ensch1.ov.home.nl 1126769790 M * AndrewLee Bertl: no problem, I will report to you when you back online. 1126769790 M * Bertl welcome Vincent! 1126769793 M * witchdoc hi Vincent 1126769801 M * Vincent hi all! :) 1126769891 M * witchdoc i want to use an dhcp server into an vserver-guest. i get "Operation not permitted. Is CONFIG_PACKET enabled in your kernel". On the host i can run dnsmasq (the dhcp server). any hits? 1126769912 M * Bertl *hints :) 1126769920 M * witchdoc *g* 1126769927 M * witchdoc and yes any hints 1126769936 M * Bertl witchdoc: yes, you might want to give the CAP_NET_BORADCAST and probably CAP_NET_RAW 1126769958 M * Bertl witchdoc: and of course, configure the netmaks, and broadcast ip properly 1126769967 M * witchdoc uh CAP_NET_RAW is evil, i drop the host interface with this down ... 1126769993 M * Bertl hmm, you might confuse that with CAP_NET_ADMIN ... 1126770021 M * Bertl but I agree that CAP_NET_RAW has it's drawbacks ... but it's very likely that it is required for dhcp 1126770024 M * witchdoc maybe ... thats an diffrent vserver playground (openvpn ...) 1126770065 M * Bertl basically CAP_NET_RAW allows you to open raw sockets for receiving and sending almost arbitrary packets 1126770125 M * witchdoc i have three interfaces for this vps. 0 with the ip/netmask, 1 with the 192.168.0.255 broadcast and 2 with 255.255.255.255 orso ... 1126770144 M * witchdoc i read this in the vserver-wiki 1126770153 M * Bertl yep, looks good ... 1126770212 M * Bertl #define CAP_NET_RAW 13 1126770229 M * Bertl - Allow use of RAW sockets 1126770235 M * Bertl - Allow use of PACKET sockets 1126770257 M * Bertl I assume the latter one is what your dhcp is complaining about ... 1126770324 M * Bertl okay, I'm off to bed now ... have a nice whatever everyone ... and cya later :) 1126770331 N * Bertl Bertl_zZ 1126770351 M * witchdoc n8 bertl 1126770387 M * litage adios Bertl_zZ 1126771780 M * witchdoc thanks i play arount with it ... bye all 1126771791 M * witchdoc s/arount/around/ 1126771793 M * witchdoc ;-) 1126771802 Q * witchdoc Quit: bye all 1126771991 J * erwan_taf ~erwan@81.80.43.77 1126772500 P * erwan_taf Leaving 1126775545 J * Neubix ~brian@p54B06D46.dip.t-dialin.net 1126776668 M * AndrewLee Bertl_zZ: testme.sh -L still reports all succeeded, but testfs.sh -E loopback.file -F ext2 reports failed(ext2 format failed). 1126777443 J * tc ~sr@213.146.121.144 1126777499 M * tc hi, can I use the patch against kernel 2.6.12.4 against 2.6.13.1 ? 1126778059 Q * mcp Read error: Connection reset by peer 1126778143 J * mcp ~hightower@wolk-project.de 1126778685 M * daniel_hozac tc: that's highly unlikely. use the experimental patches for 2.6.13. 1126778716 M * Aiken_ AndrewLee what is loopback.file? a file you want to use the loopback device to access? 1126778729 M * Aiken_ losetup /dev/loop0 somefile 1126778739 M * Aiken_ testfs.sh-0.06 -D /dev/loop0 -M /mnt/disk -F ext2 1126778774 M * tc daniel_hozac: ok, thanks 1126778850 M * tc I've seen vserver 2.1-pre patches in experimental - is there an estimate as to when it will become stable? 1126779330 Q * hvd Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1126779561 J * VooDooMaster VooDoo@topas.informatik.uni-ulm.de 1126779603 M * AndrewLee Aiken_: Should I mount /dev/loop0 /mnt/disk first? 1126779663 M * Aiken_ no 1126779672 M * Aiken_ testfs does the mount/unmount for you 1126779725 M * Aiken_ I created somefile with dd if=/dev/zero of=somefile bs=1M count=20 1126779752 M * AndrewLee Aiken_: Thanks, testfs.sh reports all are succeeded. 1126779797 M * AndrewLee Aiken_: Cool! That's a proof for debian's kernel-patch-vserver+linux-source-2.6.12 works. 1126779860 M * Aiken_ :) 1126779867 M * AndrewLee Aiken_: May I use the test scripts to test for sarge? 1126779920 J * renihs ~renihs___@193.170.52.70 1126780204 M * Aiken_ I don't see why not, thet seem to be general test scripts to make sure everything works 1126780213 M * Aiken_ s/thet/they/ 1126780433 M * AndrewLee Aiken_: Thanks, I will do the test later. 1126782820 Q * Aiken_ Ping timeout: 480 seconds 1126783072 Q * obi Ping timeout: 480 seconds 1126783590 J * obi ~obi@asus.saftware.de 1126784487 Q * obi Ping timeout: 480 seconds 1126785046 J * obi ~obi@2001:6f8:13d4:0:b4b3:42ff:fe90:5844 1126785504 Q * Vudumen Ping timeout: 480 seconds 1126785743 J * Vudumen vudumen@perverz.hu 1126785940 Q * renihs Quit: Leaving 1126787440 Q * Neubix Quit: Verlassend 1126789173 J * BlueT_ ~BlueT@61-59-209-195.adsl.static.seed.net.tw 1126789203 M * BlueT_ AndrewLee, yungyuc: hi :p 1126789232 M * yungyuc BlueT_: hi 1126789353 P * tc Leaving 1126792037 J * azazel ~azazel@81-174-9-35.f5.ngi.it 1126792046 M * azazel hi all 1126792105 M * azazel i'm getting this error trying to run vpopmail on a vserver 2.0: 1126792108 M * azazel /etc/init.d/vpopmail: xmalloc: ../bash/make_cmd.c:500: cannot allocate 32 bytes (0 bytes allocated) 1126792133 M * azazel any hint if it can be a capabilities problem? 1126792392 M * wibble well i haven't had any probs running vpopmail in vs1.2 1126793010 M * daniel_hozac azazel: memory limits? 1126793224 M * azazel daniel_hozac: i'm using vanilla vserver... 1126793260 M * daniel_hozac azazel: but have you set any memory limits for the guest? 1126793311 M * azazel no, nothing 1126793377 Q * VooDooMaster Quit: Nettalk6 der Freeware IRC-Client 1126793909 M * azazel daniel_hozac: there's an ulimit into the bash script... if i comment out it all goes well 1126794547 Q * BWare Ping timeout: 480 seconds 1126794773 Q * lilo Remote host closed the connection 1126794777 J * BWare ~bware@office.intouch.net 1126795098 J * lilo debian-tor@lilo.usercloak.oftc.net 1126795366 Q * lilo Quit: 1126796312 J * lilo U2FsdGVkX1@lilo.usercloak.oftc.net 1126796991 J * mess-mate ~mess-mate@lns-vlq-7-lil-82-254-195-195.adsl.proxad.net 1126797436 Q * mess-mate Quit: ChatZilla 0.9.61 [Mozilla rv:1.7.11/20050729] 1126797896 N * Bertl_zZ Bertl 1126798077 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1126798517 M * Bertl azazel: which bash script? 1126798550 M * [MUPPETS]Gonzo good morning Bertl, welcome back 1126798582 M * Bertl morning folks! morning [MUPPETS]Gonzo! 1126798620 J * stefani ~stefani@superquan.apl.washington.edu 1126799685 M * RedSpy Taking a nap, bbl, bye all :) 1126799690 Q * RedSpy Quit: 1126799934 Q * alexx Read error: Connection reset by peer 1126800272 J * alexx ~alexx@proxy.ikse.net 1126801371 J * liquid3649 ~inet@p5497608A.dip.t-dialin.net 1126801380 M * liquid3649 hi 1126801472 M * liquid3649 could anyone help me with apt-rpm and vapt-get? 1126801499 M * Bertl hey liquid3649! 1126801508 M * liquid3649 hi 1126801520 M * Bertl what do you need? 1126801560 M * liquid3649 when i try to build a vserver with apt-rpm i get an error message 1126801567 Q * obi Ping timeout: 480 seconds 1126801701 J * obi ~obi@2001:6f8:13d4:0:dc00:8cff:feda:7629 1126801703 M * Bertl liquid3649: could you provide the command you use, and the error you get? 1126801730 M * liquid3649 yes just running the build at the moment 1126801792 M * liquid3649 vserver fedora build -m apt-rpm --force --hostname fedora.poing.local --netdev etho --interface 192.168.1.24/24 --contex 24 -- -d fc4 1126801797 M * liquid3649 the command 1126801824 M * liquid3649 W: Release-Dateien einiger Repositories konnten nicht geholt oderauthentifiziert werden.Derartige Repositories werden ignoriert. 1126801825 M * liquid3649 W: There are multiple versions of "gpg-pubkey" in your system. 1126801825 M * liquid3649 This package won't be cleanly updated, unless you leave 1126801825 M * liquid3649 only one version. To leave multiple versions installed, 1126801825 M * liquid3649 you may remove that warning by setting the following 1126801825 M * liquid3649 option in your configuration file: 1126801825 M * liquid3649 RPM::Allow-Duplicated { "^gpg-pubkey$"; }; 1126801827 M * liquid3649 To disable these warnings completely set: 1126801827 M * liquid3649 RPM::Allow-Duplicated-Warning "false"; 1126801831 M * liquid3649 and the error 1126801853 M * liquid3649 i tried to add the lines in apt.conf 1126801864 M * liquid3649 but didnt help 1126801961 M * Bertl well, first use export LC_ALL=C LANG=C (to avoid localization) 1126801980 M * Bertl second, you probably want to use eth0 instead of etho 1126802027 M * liquid3649 ok 1126802028 M * Bertl and finally, it tells you that not all of your repositories could be used and some kind of conflic exists 1126802036 M * Bertl *conflict 1126802066 M * Bertl this conflict is very likely the source of your issues ... 1126802069 M * liquid3649 is it in the source.list ? 1126802126 M * Bertl I'd google for the output, as it is not linux-vserver related but apt-rpm/fc4 related 1126802509 M * liquid3649 ok i will remove some of my gpg-pubkeys 1126802651 M * liquid3649 the other thing with vapt-get is, i get an " Can not find file fpr 'APTSTATEDIR'; " 1126802700 M * Bertl vapt-get is a wrapper to apt-get for guest configuration 1126802730 M * Bertl could you upload the output of 'testme.sh' and 'vserver-info - SYSINFO' somewhere? (e.g. pastebin.com) 1126802742 M * liquid3649 mom 1126803148 M * liquid3649 http://liquid3649.li.funpic.de/attachments/output.log 1126803300 M * Bertl looks good, I doubt that the issues are linux-vserver related 1126803325 M * Bertl check for a) proper repository lists, b) correct keys and package lists 1126803358 M * liquid3649 one fc3 vserver builded with yum is running 1126803386 M * Bertl so the fc3 repos are fine, I assume? 1126803400 M * Bertl ah, yum, sorry :) 1126803446 M * liquid3649 but i got some problem with the yum one :-) 1126803449 M * Bertl liquid3649: there is a --debug option to the vserver command, which should list the actually executed commands ... 1126803481 M * Bertl this might sched some light on the apt/yum/whatever command invocations and allow you to try them by hand ... 1126803483 M * liquid3649 with the apt-rpm build? 1126803495 M * liquid3649 ok 1126803590 Q * kas_3 Remote host closed the connection 1126806030 Q * Hollow Remote host closed the connection 1126806037 J * Hollow ~Hollow@home.xnull.de 1126806212 M * liquid3649 where can i find an working repositories list for fc4 ? 1126806321 M * Bertl that is an excellent question ... unfortunately I can not answer it ... 1126806351 M * Bertl but, I'd suggest to post to the Mailing List, because I think it might be interesting/excellent idea, to 1126806365 M * Bertl get a list for different 'known working' repos ... 1126806615 M * Hollow Bertl: wrt vservd development i'd like to do some irc meeting with you, Greek0, Doener (?), and everyone who likes to get some basic roadmap.. 1126806631 M * Bertl okay, time? 1126806677 M * Bertl Doener seems absent right now ... 1126806695 M * Hollow generally mo-fr 1.00 pm - 12.00 pm CEST and sa/so all day long 1126806700 M * Hollow but not today ;) 1126806724 M * Bertl 1pm - 12pm interesting :) 1126806733 M * Hollow well, scholl suck0rz :P 1126806737 M * Hollow *school 1126806750 M * Bertl you learn for life, not for school :) 1126806758 M * Hollow sure.. 1126806760 M * Hollow haha 1126806774 M * Bertl okay, so let's focus on friday evening or sunday ... 1126806795 M * Hollow yup, fine with me 1126806796 A * Bertl is probably busy on saturday .. 1126807071 M * Hollow Bertl: ok, most important topics i'm thinking about: state changes (kernel-userspace communication) and un-chaining of syscalls 1126807088 M * Bertl okay ... 1126807138 M * Bertl btw, the sys_reboot killer is already in pre10/11 1126807139 M * Hollow after that we should focus on the design of the server (api, rpc interface, whatever) 1126807157 M * Hollow mhm, any diff uploaded yet? 1126807182 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.13.1-vs2.1.0-pre11.diff 1126807186 M * Hollow thx :) 1126807191 Q * lonewolff Quit: leaving 1126807314 J * lonewolff ~lonewolff@host86-128-17-74.range86-128.btcentralplus.com 1126807325 M * Bertl wb lonewolff! 1126807370 M * lonewolff thankyou Bertl 1126808053 J * Aiken ~james@tooax8-141.dialup.optusnet.com.au 1126808501 J * wam ~wigwam@p549CE8F8.dip.t-dialin.net 1126808564 M * wam Hi! I want a pure virtual network between 8 vservers and the host _and_ a real network on the vservers. The real network is no problem. But for the virtual network (which I dont want to put on eth0) - is tun/tap the keyword here? 1126808729 J * nayco ~nayco@lns-bzn-8-nan-82-250-229-181.adsl.proxad.net 1126808746 M * nayco hello !!! 1126808798 M * daniel_hozac wam: dummy would probably be better. 1126808809 M * Bertl wam: not really, there is no concept of a 'purely virtual' network in linux-vserver ... but you can put the IPs on dummy0 and protect traffic with iptables 1126808816 M * Bertl hey nayco! 1126808853 M * nayco Bertl: Did the traces contained something interresting ? 1126808939 M * Bertl unfortunately no ... my resume so far is that the tools check something we do not know yet (maybe similar to the ext2/3) so we either have to read the source, or try a few more things 1126809029 M * wam sorry, I never used the dummy driver before. Could you point me to a doc please? 1126809063 M * nayco That's agood idea, I should try to read quota-utils's source... But I dunno if I can understand them. Anyway, that is strange : Why does it work with a real device, and not with vroot ? What are the differences between /dev/hdax and /dev/vrootx ? 1126809304 M * Bertl wam: modprobe dummy, ifconfig dummy0 :) 1126809341 M * Bertl except for the name and the fact that it will not send any packets, it looks, feels and behaves like eth0 1126809391 M * Bertl nayco: a) different device nodes, but I don't think that is relevant, b) the vroot* does block direct device access (that's the security feature) 1126809445 M * wam Bertl: ok - that easy ;) Thank you 1126809499 M * Bertl you're welcome! 1126809765 M * nayco Bertl: Interesting : What do you call direct device access ?? I mean, I think there is never _direct_ acces to devices, so, I think you're saying this talking about a certain interface to the device.... ? If I understand correctly, the vroot device is a kind of mapping (Is it the right word :~? ) , a type of "firewall-proxy" to the real device... So, any message to it should be redirected to the real device without being altere 1126809765 M * nayco d (But filtered if needed) ? Well, i'm trying to understand ;) ! 1126809873 M * Bertl no, simple example: 1126809893 M * Bertl - open("/dev/hda", rw) and you can wipe out the entire disk 1126809909 M * Bertl - the vroot 'proxy' device will return EPERM here 1126809926 M * Bertl - only the quota ioctls are forwarded transparently 1126809980 M * Bertl does that make sense? 1126810355 M * nayco Ok, that is relatively simple, so, why do the quota tools do not like vroot ? ...Mmmm, when a program accesses the vroot device, does it believe that the vroot is the real device, or is there any way it sees the difference ? 1126810720 Q * flock Remote host closed the connection 1126811303 M * nayco Bertl: http://pastebin.com/364777 1126811411 A * Bertl *looking* 1126811597 M * Bertl nayco: http://pastebin.com/364781 1126811628 M * Bertl maybe some proxy in your way? 1126811860 M * nayco Yes, htat's funny... In fact, I cheated, because I used Firefox to download split-2.6.12.4-vs2.0.tar.gz, and I have actually a proxy on my machine ! Well, I retried wih wget, and it works. So you got it right, my proxy played a joke :-| . 1126811889 M * nayco Ok, I'm downloading quota tools's source. 1126811900 M * Bertl great! 1126812020 M * nayco What do you think about [20:52] ? 1126812055 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1126812520 Q * Blissex Remote host closed the connection 1126813001 Q * liquid3649 Quit: 1126813100 J * jkl eric@c-71-56-237-229.hsd1.co.comcast.net 1126813258 Q * jkl Quit: 1126813478 M * Bertl nayco: ah, missed that, thanks for the reminder ... 1126813503 M * Bertl nayco: no, unless it actually tries to do evil stuff there, it should not notice ... 1126813592 Q * Beave Ping timeout: 480 seconds 1126815197 T * * http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-pre7 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1126815197 T * Bertl - 1126815281 J * Bertl ~herbert@212.16.62.52 1126815363 M * michal Bertl: seen my message before you have timeouted ? 1126815434 M * daniel_hozac michal: mount just passes the options to the syscall. 1126815434 M * michal daniel_hozac: i wonder if there is any example i could look at (lets not reinvent the wheel) 1126815442 Q * wam Ping timeout: 480 seconds 1126815448 M * daniel_hozac it depends on the file system you're adding them to 1126815468 M * michal i would like to add generic option 1126815479 M * michal my_option= 1126815485 M * michal where num is just unsigned int 1126815636 Q * Bertl Remote host closed the connection 1126815718 J * Bertl ~herbert@212.16.62.52 1126815998 Q * Bertl Remote host closed the connection 1126816026 J * Bertl ~herbert@212.16.62.52 1126816083 M * michal hm, looks like i really have to add it in few places. that's bad 1126816390 Q * Bertl Remote host closed the connection 1126816534 Q * prae Quit: Pwet 1126816834 T * * http://linux-vserver.org/ | latest stable 2.0, 2.0.1-pre2, 1.2.10, 1.2.11-rc1, devel 2.1.0-pre7 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1126816834 T * Bertl - 1126817172 M * Vincent that doesn't make sense :) .... is /proc/sys/kernel/vshelper set by an option in ./configure? 1126817332 J * Bertl ~herbert@212.16.62.52 1126817368 M * Bertl hmm .. seems I'm finally back now ... ? 1126817538 J * cg ~cg@80.166.242.46 1126817783 M * Bertl welcome cg! 1126817909 M * Vincent Can these warnings be harmfull? http://pastebin.com/364903 1126817924 M * Vincent I installed ssh in a guest vserver 1126817933 M * Vincent (with apt-get install ssh) 1126817955 M * cg helo 1126817962 M * Vincent Hi cg 1126817980 M * Bertl Vincent: warnings are usually informative, not harmful :) 1126818010 M * cg How must i setup my firewalscript to allaw incomming trafic to a vserver?? 1126818011 M * Vincent fjew :) I can log in form a different host, sow it seems to work (finally :D) 1126818013 M * Bertl Vincent: it tells you, that you have a locale setting which is different from the guest (which might not have any locales installed) 1126818032 M * cg my vserver has got it's own public ip 1126818034 M * Bertl cg: depends on the IPs the guest has ... 1126818049 M * Vincent Bertl: can this because I didn't run "/etc/init.d/vservers-default" yet? 1126818056 M * Bertl okay, in this case, just make sure that it can be routed, everything else is like on the host 1126818124 M * Bertl Vincent: no, this is just to startup/shutdown guests at boot time 1126818127 M * cg i'm not sure 1126818168 M * Bertl my client is still lagging and a little out of syn ... so be patient :) 1126818181 M * cg Bertl: I'm not sure what you mean! i'm runnig with shorewal on my host 1126818224 M * Vincent Bertl: ok, I'll check the locale setting for the guest ... do I need "/etc/init.d/vservers-legacy" when running vs2? 1126818225 M * cg when i from the host-system tries too acces, the webserver on the guest, i stil gets the host 1126818279 M * Bertl Vincent: only if you have legacy guests (with the single file config) 1126818279 M * Vincent cg: did you tell the webserver on the host and guest to listen to the right ip address? 1126818310 M * Vincent Bertl: ok thanks, I don't have legacy guest, just wanted te be sure :) 1126818314 M * Bertl cg: well, think of the vserver IP as another host IP, if you configure your firewall to accept this IP, then the guest will work too 1126818425 M * Vincent cg: is the host running a webserver also? 1126818594 M * Bertl cg: yes, you have to limit 'host' services to certain 'host' IPs to allow the guests to bind those IPs ... 1126818617 M * Bertl (usually you do not run any services on the host except for sshd and ntpd) 1126818703 M * Vincent Well .. Let's get some sleep ... ltrs! 1126818720 M * Bertl night then! 1126818729 Q * Vincent Remote host closed the connection 1126818739 M * cg Vincent: yes, the host is also runnig a webserver. I've bin throug the conf for the host system, and set it up only to listen on one ip 1126818809 M * Bertl good, then restart the apache service inside your guest, and you will be able to reach that one, provided your IP is routed to the outside 1126818843 M * Bertl cg: simple setup test on the host might be: ping -c 5 -I www.google.com 1126818906 M * cg Bertl: that works! 1126818922 M * Bertl okay, so this means that you guest can reach the outside 1126818949 M * Bertl which usually means that it will be reached too ... 1126818983 M * Bertl (unless your firewall is blocking connects or rediricting them to the host ip) 1126819033 M * cg I've just tried to get acces from an externel host, and that worked 1126819051 M * Bertl good, so everything is working, right? 1126819093 M * cg no, i still get the wrong webserver!! I'm now going to move all my services into vservers! 1126819111 M * Bertl just for a test, shut down the host's web server 1126819150 M * Bertl (and restart the guest) 1126819250 M * cg That didn't work, i think i'll start from scratch!! 1126819413 M * Bertl cg: maybe you have some mapping/redirection/proxy stuff configured in your firewall 1126819526 M * cg i'm not sure, but now i will make a setup, where my host only has to act as firewall, router and ssh, and then i wil move the rest into vservers 1126819630 A * SiD3WiNDR glues bertl to the network 1126819696 M * Bertl SiD3WiNDR: tx! 1126819853 P * cg 1126820230 M * mnemoc Bertl: hi, do you have http://linux-vserver.org/Linux-VServer-Paper on a printer-friendly format somewherE? 1126820271 M * Bertl hmm, somebody did a pdf version some time ago, IIRC 1126820340 M * mnemoc vserver.gelf.net/paper/Linux-Vserver-Paper-20040923_formatted.pdf 1126820362 M * mnemoc :) 1126820426 M * Bertl yeah, looks good :) 1126820732 M * michal looks very good /me prints :) 1126820775 M * mnemoc :D 1126820898 Q * obi jupiter.oftc.net plasma.oftc.net 1126821026 J * obi ~obi@2001:6f8:13d4:0:dc00:8cff:feda:7629 1126821070 M * nayco Bertl: I found the quota tools function that causes the error, but I cannot understand what it does... Or, better, how it does it, so I don't know which permission is missing.... 1126821128 M * Bertl nayco: ah, well, please point me to it ... 1126821151 M * Bertl (which tool version, which file, what line) 1126821208 M * nayco Mmmm, I think this has to do with an inode resolution, but, hell, I understand nothing. It'll take hours to me ;). Ok, Here is the paste, and adress of the tar.gz, and all : 1126821553 M * nayco First shot : http://pastebin.com/364947 1126821676 M * Bertl hmm ... you have the guest at hand, I presume? 1126821681 M * nayco Wowww, it's been a long time since I read so much source, Luke. 1126821687 M * nayco Bertl: Yes 1126821700 M * nayco And repquota does not work anymore 1126821702 M * Bertl okay, your mtab inside the guest shows xfs as filesystem, yes? 1126821713 M * nayco Oh, Do I have to setup the vroot each time ? 1126821719 M * nayco wait.... 1126821738 J * nayco_laptop ~nayco@lns-bzn-8-nan-82-250-229-181.adsl.proxad.net 1126821741 M * Bertl each time you boot yes, but not each time you start the guest 1126821743 M * nayco_laptop warp 1126821756 M * Bertl s/each/every/ 1126821770 M * nayco_laptop Bertl: Yes, I just forgot to vrsetup this boot. Ok, I do it.... 1126821785 Q * obi Ping timeout: 480 seconds 1126821920 M * nayco_laptop Ok, it works (Partially ;)). Now, reading the source, I found what is the difference between "repquota -a" (which works) and "repquota" (Which fails). It is the same function that is called, but with a NULL pointer in the case of "repquota -a" 1126821943 M * nayco_laptop ...And a count of 0 1126821961 M * Bertl the mtab, it contains xfs as fielsystem right now, right? 1126821993 M * nayco_laptop Well, tracking it down seemed too long, so I looked for the error message, and luckily, it appears only one time ;) 1126821995 M * nayco_laptop ... 1126822016 M * nayco_laptop /dev/hda9 /home xfs quota,defaults 1 2 1126822045 M * Bertl okay, let's change this to ufs 1126822060 M * Bertl and instead of quota use, usrquota 1126822157 M * nayco_laptop Mmmmm.... k 1126822157 M * nayco_laptop /dev/hda9 /home ufs usrquota,defaults 1 2 1126822186 M * nayco_laptop # repquota /home 1126822186 M * nayco_laptop repquota: Mountpoint (or device) /home not found. 1126822186 M * nayco_laptop repquota: Not all specified mountpoints are using quota. 1126822186 M * nayco_laptop # repquota -a 1126822186 M * nayco_laptop repquota: Quota file not found or has wrong format. 1126822218 M * Bertl okay, now let's try with xfs but keep the userquota 1126822227 M * nayco_laptop .. 1126822266 M * Bertl but I assume the tools try to figure the device (in beforementioned code) 1126822288 M * nayco_laptop Well, "repquota" fails, and "repquota -a" works 1126822318 M * nayco_laptop the is a function, that I have not analyzed yet, that does the lookup, yes. 1126822321 M * Bertl I guess that's the best we can do for now ... 1126822374 M * nayco_laptop well, seems the answer is in quotasys.c, I keep on reading. But, C is not my natural language ;) 1126822375 M * Bertl sd->sd_dev == mnt_entries[i].me_dev && sd->sd_ino == mnt_entries[i].me_ino 1126822388 M * Bertl this check fails, when it should succeed 1126822403 M * Bertl most likely that sd->sd_dev is different from what expected 1126822434 M * nayco_laptop Whats confusing me is basically variable scope : Sometimes in this code I wonder where they are initialised, 1126822458 M * Bertl you can add a printf("%lx == %lx && %lx == %lx\n", sd->sd_dev, mnt_entries[i].me_dev, sd->sd_ino, mnt_entries[i].me_ino); 1126822484 M * Bertl well, the quota code (tools) is not very readable :) 1126822493 M * nayco_laptop and leads me to parts of code I do not understand. I need to read the whole file to know. 1126822518 M * Bertl and most of it, as you can see, is based on interesting assumptions 1126822562 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126822608 M * nayco_laptop The most strange was an initalisation of a variable that is tested the lines after, and in a manner suggesting it should have been initialized somewhere else (Or the test is always false and the code after seems to be never executed) I stilll got to learn ;) 1126822622 M * nayco_laptop Yes ? 1126822635 J * obi ~obi@B3114.karlshof.wh.tu-darmstadt.de 1126822678 M * nayco_laptop Well, I'll try your modification, but I hope i'll be able to compile... I gonna miss some libs for sure ;) 1126822700 M * Bertl put the printf before the if 1126822710 M * nayco_laptop But I agree we need to know what and how is this "sd" pointer 1126822711 M * Bertl you will see that it _almost_ matches ... 1126822735 M * nayco_laptop It almost matches ? 1126822752 M * Bertl yes, except for the device number it should match 1126822795 M * nayco_laptop [00:15] interesting assumptions ?? 1126822804 M * nayco_laptop Ok, for the match 1126822817 M * nayco_laptop So, We should look at the device number. 1126822847 M * nayco_laptop Maybe it gets it wrong, which would not be sruprising, given the results ;) ! 1126822903 J * kas_3 ~dhb55@tor-irc.dnsbl.oftc.net 1126822929 M * Bertl no, I think the tools do some additional checks here, which do not make sense in our case ... 1126822985 M * Bertl interesting details: those checks are not done when we have udf or ext2/3 (which does a bunch of other unwanted checks :) 1126822997 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1126823008 M * Bertl welcome gndmstr! kas_3! 1126823034 M * nayco Woaah, you read C like home language (Why should I be surprised ;) ?) ! 1126823035 M * gndmstr hi. this sure is busy 1126823060 Q * dddd44 Ping timeout: 480 seconds 1126823109 M * gndmstr anyone have experience with cloning a gentoo skeleton? i cant get vunify or vhash to work. they keep saying unknown package system. 1126823150 M * nayco Bertl: Is this what you want ? : 1126823151 M * nayco if (sd->sd_dir) { 1126823151 M * nayco printf("%lx == %lx && %lx == %lx\n", sd->sd_dev, mnt_entries[i].me_dev, sd->sd_ino, mnt_entries[i].me_ino); 1126823151 M * nayco if (sd->sd_dev == mnt_entries[i].me_dev && sd->sd_ino == mnt_entries[i].me_ino) 1126823151 M * nayco break; 1126823151 M * nayco } 1126823160 M * Bertl gndmstr: vhashify does not use packaging systems 1126823185 M * Bertl nayco: yep! 1126823186 M * gndmstr let me re-run it to get the error again 1126823209 M * nayco *it's more fun to compile* 1126823250 M * gndmstr was wrong. its Can not determine packagemanagement style 1126823250 M * gndmstr failed to determine configfiles 1126823298 M * gndmstr think im missing something to make it work but its hard to find out what. can't find a doc for it 1126823349 M * nayco_laptop compiled like a charm. 1126823352 M * nayco_laptop test : 1126823501 M * Bertl gndmstr: could you upload the output of testme.sh somewhere (e.g. pastebin.com)? 1126823526 M * nayco_laptop Bertl: This is what we call, in french, "to have some nose" : 1126823529 M * nayco_laptop # ./repquota /home/ 1126823529 M * nayco_laptop 309 == 0 && 400 == 0 1126823529 M * nayco_laptop repquota: Mountpoint (or device) /home not found. 1126823529 M * nayco_laptop repquota: Not all specified mountpoints are using quota. 1126823550 M * gndmstr pastebin.com? never been there. will put it on my site in a minute 1126823555 M * Bertl np 1126823578 M * nayco_laptop ...although I cannot understand the results, the if was the good one (The one used when passed a dir to test) 1126823593 M * Bertl 3:09 = hda9 4:00 = vroot0 :) 1126823601 M * nayco_laptop oh :D 1126823617 M * nayco_laptop and the "=0" 's ? 1126823621 M * Bertl and you got a warning (you probably missed) that the arguments to the printf are of different size 1126823632 M * nayco_laptop right :D! 1126823637 M * Bertl so you actually want to use llx for them 1126823659 M * nayco_laptop I got it, yes. Well, er... You now your job ;) 1126823666 M * nayco_laptop wait. 1126823774 M * nayco_laptop Well, it changes nothing in how the result is displayed, but now warning. 1126823831 M * gndmstr http://www.forestoflives.com/output.txt 1126823839 M * Bertl tx 1126823863 Q * kas_3 Quit: Leaving 1126823895 M * Bertl gndmstr: okay, could you also add the command you try to use and the output you get? 1126823944 M * gndmstr davin ~ # vserver gentoo hashify 1126823944 M * gndmstr Can not determine packagemanagement style 1126823945 M * gndmstr failed to determine configfiles 1126823978 M * gndmstr also tried unify with same results 1126824003 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126824093 M * Bertl it is a gentoo guest? 1126824102 M * gndmstr yes. host and guest 1126824102 M * nayco Bertl: Ok, I understood: We got to find where "mnt_entries[]" is initialized... 1126824123 M * nayco Well, badly initialized ;) 1126824137 M * gndmstr followed the gentoo how-to hollow wrote 1126824150 M * nayco s/initialized/affected/g 1126824152 M * Bertl gndmstr: ah, okay, that explains it ... you have to do it manually as the util-vserver does not know about gentoo packages yet 1126824162 M * Hollow pong 1126824163 M * Hollow :) 1126824166 M * Hollow hi all 1126824174 M * Bertl gndmstr: but you are using the devel version 2.1.x 1126824192 M * gndmstr ok.. guess ill have to have a re-look at the docs to find how to do that 1126824200 M * gndmstr manual... oh well :) 1126824202 M * Bertl gndmstr: which allows for CoW link breaking ... so you could vhashify all files not caring about config files 1126824218 M * Bertl check out /usr/lib/util-vserver/vhashify --help 1126824230 M * Hollow gndmstr: you try do unify gentoo guests? 1126824239 M * gndmstr yes 1126824250 M * gndmstr thanks Berti ill check that out too. 1126824261 M * Bertl you're welcome! 1126824276 M * Hollow gndmstr: great, i'm very keen on getting some report how it worked out 1126824282 M * gndmstr I got the template running fine and tarred 2 others but that gets expensive in disk space. was hoping to find a way to hard link them 1126824297 M * Bertl nayco: no, there is nothing wrong with what the tools discover, we can not 'fake' the device numbers ... 1126824330 M * Bertl nayco: we also can not provide the vroot numbers in the mount information the tools query 1126824334 M * gndmstr worked perfectly with only one exception. Herbert worked with me in the mailing list. Since I have reiserfs on everything I had to add attrs to the mount options for /vserver 1126824362 M * Bertl gndmstr: ah, you were the one with reiserfs :) 1126824369 M * gndmstr yes 1126824371 M * Hollow ah k, will look at the ml... dev.gentoo.org is down atm due to raid issues, so i have to wait until tomorrow or so 1126824387 M * Bertl nayco: basically the only option for now is to disable those checks ... 1126824398 M * gndmstr ok not in a rush 1126824425 M * gndmstr im pulling my hair out trying to move my entire X configuration from the host to a vserver to see how that works.. i used my extra workstation as a test bed 1126824444 M * gndmstr this workstation is used only remotely via vnc 1126824498 M * nayco Bertl: You mean, disable them in the tools ? 1126824510 M * Bertl yes 1126824517 M * gndmstr i think ill give up trying to move just X and kde and tar the entire host up then just remove things and overlay another baselayout and shut everything in the host down. 1126824560 M * nayco Bertl: Mmmm.... Finally, using the real device in /dev/ is the only solution to have quota working ? 1126824571 M * nayco So, is it that insecure ? 1126824593 M * Bertl nayco: yes, it basically allows guest root to take over your entire machine 1126824619 M * nayco Even if I use them only on /home ? 1126824633 M * Bertl yes, even then ... 1126824643 M * nayco ohhh, dear :( 1126824678 M * Bertl but removing this check or using a different filesystem ext2/3 for example) will make it work 1126824732 M * gndmstr ok time for dinner. thanks guys. ill check that info out and hopefully be able to comprehend it :) 1126824757 Q * gndmstr Remote host closed the connection 1126824772 M * nayco Thinkink of that, nearly all of my vservers have thousand-entries /dev/ , because of urpmi. Is it dangerous, doctor (Ahemmm :P) ? I think I gonna work on making util-vserver work with urpmi, and having them clean the mess in /dev/ 1126824797 M * Bertl yes, that would be strongly advised :) 1126824805 Q * Hunger nova.oftc.net oxygen.oftc.net 1126824805 Q * dddd44 nova.oftc.net oxygen.oftc.net 1126824805 Q * stefani nova.oftc.net oxygen.oftc.net 1126824805 Q * lilo nova.oftc.net oxygen.oftc.net 1126824805 Q * sannes nova.oftc.net oxygen.oftc.net 1126824805 Q * cereal nova.oftc.net oxygen.oftc.net 1126824805 Q * MooingLemur nova.oftc.net oxygen.oftc.net 1126824805 Q * pusling nova.oftc.net oxygen.oftc.net 1126824805 Q * ag- nova.oftc.net oxygen.oftc.net 1126824805 Q * lonewolff nova.oftc.net oxygen.oftc.net 1126824805 Q * BlueT_ nova.oftc.net oxygen.oftc.net 1126824805 Q * mcp nova.oftc.net oxygen.oftc.net 1126824805 Q * Loki|muh nova.oftc.net oxygen.oftc.net 1126824805 Q * nox nova.oftc.net oxygen.oftc.net 1126824805 Q * mugwump nova.oftc.net oxygen.oftc.net 1126824805 Q * click nova.oftc.net oxygen.oftc.net 1126824805 Q * micah nova.oftc.net oxygen.oftc.net 1126824805 Q * AndrewLee nova.oftc.net oxygen.oftc.net 1126824805 Q * Getty nova.oftc.net oxygen.oftc.net 1126824805 Q * meebey nova.oftc.net oxygen.oftc.net 1126824805 Q * case nova.oftc.net oxygen.oftc.net 1126824805 Q * skceb nova.oftc.net oxygen.oftc.net 1126824805 Q * locksy nova.oftc.net oxygen.oftc.net 1126824805 Q * janra_ nova.oftc.net oxygen.oftc.net 1126824805 Q * sladen nova.oftc.net oxygen.oftc.net 1126824805 Q * nayco_laptop nova.oftc.net oxygen.oftc.net 1126824805 Q * flock nova.oftc.net oxygen.oftc.net 1126824805 Q * Hollow nova.oftc.net oxygen.oftc.net 1126824805 Q * azazel nova.oftc.net oxygen.oftc.net 1126824805 Q * nebuchadnezzar nova.oftc.net oxygen.oftc.net 1126824805 Q * monrad nova.oftc.net oxygen.oftc.net 1126824805 Q * mountie nova.oftc.net oxygen.oftc.net 1126824805 Q * maharaja_ nova.oftc.net oxygen.oftc.net 1126824805 Q * TheSeer nova.oftc.net oxygen.oftc.net 1126824805 Q * duckx nova.oftc.net oxygen.oftc.net 1126824805 Q * no_maam_ nova.oftc.net oxygen.oftc.net 1126824805 Q * tchan nova.oftc.net oxygen.oftc.net 1126824805 Q * Nicoli nova.oftc.net oxygen.oftc.net 1126824805 Q * fluor- nova.oftc.net oxygen.oftc.net 1126824805 Q * Greek0 nova.oftc.net oxygen.oftc.net 1126824805 Q * virtuoso nova.oftc.net oxygen.oftc.net 1126824805 Q * obi nova.oftc.net oxygen.oftc.net 1126824805 Q * Bertl nova.oftc.net oxygen.oftc.net 1126824805 Q * nayco nova.oftc.net oxygen.oftc.net 1126824805 Q * Aiken nova.oftc.net oxygen.oftc.net 1126824805 Q * alexx nova.oftc.net oxygen.oftc.net 1126824805 Q * daniel_hozac nova.oftc.net oxygen.oftc.net 1126824805 Q * yungyuc nova.oftc.net oxygen.oftc.net 1126824805 Q * litage nova.oftc.net oxygen.oftc.net 1126824805 Q * maharaja nova.oftc.net oxygen.oftc.net 1126824805 Q * xf nova.oftc.net oxygen.oftc.net 1126824805 Q * stupidawy nova.oftc.net oxygen.oftc.net 1126824805 Q * cryo nova.oftc.net oxygen.oftc.net 1126824805 Q * wibble nova.oftc.net oxygen.oftc.net 1126824805 Q * [MUPPETS]Gonzo nova.oftc.net oxygen.oftc.net 1126824805 Q * DaCa nova.oftc.net oxygen.oftc.net 1126824815 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126824815 J * obi ~obi@B3114.karlshof.wh.tu-darmstadt.de 1126824815 J * nayco_laptop ~nayco@lns-bzn-8-nan-82-250-229-181.adsl.proxad.net 1126824815 J * Bertl ~herbert@212.16.62.52 1126824815 J * flock ~restless@l192-117-111-12.broadband.actcom.net.il 1126824815 J * nayco ~nayco@lns-bzn-8-nan-82-250-229-181.adsl.proxad.net 1126824815 J * Aiken ~james@tooax8-141.dialup.optusnet.com.au 1126824815 J * lonewolff ~lonewolff@host86-128-17-74.range86-128.btcentralplus.com 1126824815 J * Hollow ~Hollow@home.xnull.de 1126824815 J * alexx ~alexx@proxy.ikse.net 1126824815 J * stefani ~stefani@superquan.apl.washington.edu 1126824815 J * lilo U2FsdGVkX1@lilo.usercloak.oftc.net 1126824815 J * azazel ~azazel@81-174-9-35.f5.ngi.it 1126824815 J * BlueT_ ~BlueT@61-59-209-195.adsl.static.seed.net.tw 1126824815 J * mcp ~hightower@wolk-project.de 1126824815 J * sannes ~ace@simula-dhcp-084.simula.no 1126824815 J * Hunger Hunger.hu@Hunger.hu 1126824816 J * virtuoso ~s0t0na@shisha.spb.ru 1126824816 J * Loki|muh loki@satanix.de 1126824816 J * nox ~nox@nox.user.oftc.net 1126824816 J * nebuchadnezzar ~nebu@zion.asgardr.info 1126824816 J * daniel_hozac ~daniel@c-6f1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1126824816 J * mugwump ~samv@watts.utsl.gen.nz 1126824816 J * yungyuc ~yungyuc@220-135-53-220.HINET-IP.hinet.net 1126824816 J * litage ~nick@203.201.96.147 1126824816 J * monrad ~monrad@213083190134.sonofon.dk 1126824816 J * Getty torsten@eisprinzessin.rz.unixnetwork.org 1126824816 J * click click@ti511110a080-3225.bb.online.no 1126824816 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1126824816 J * maharaja_ spear@ip52.ipax.at 1126824816 J * maharaja maharaja@ip52.ipax.at 1126824816 J * xf ~local@ppp246-16.lns2.adl2.internode.on.net 1126824816 J * TheSeer ~theseer@border.office.salesemotion.net 1126824816 J * stupidawy foo@198.77.239.131 1126824816 J * AndrewLee ~andrew@tlug.sinica.edu.tw 1126824816 J * cereal koepi@217.20.124.153 1126824816 J * micah micah@micha.hampshire.edu 1126824816 J * cryo ~say@gw.psoft.od.ua 1126824816 J * fluor- ~fluor@tanneries.squat.net 1126824816 J * Nicoli ask@208.53.159.170 1126824816 J * ag- ag@caladan.roxor.cx 1126824816 J * tchan ~tchan@c-67-174-18-204.hsd1.il.comcast.net 1126824816 J * pusling pusling@195.215.29.124 1126824816 J * Greek0 ~greek0@81.189.246.175 1126824816 J * no_maam_ ~erik@datenzone.de 1126824816 J * duckx ~Duck@mna75-1-81-57-39-234.fbx.proxad.net 1126824816 J * MooingLemur ~troy@shells200.pinchaser.com 1126824816 J * skceb skceb@bang-bang.feuer-frei.com 1126824816 J * janra_ janra@paradox.homeip.net 1126824816 J * sladen paul@starsky.19inch.net 1126824816 J * case ~case@donpanic.faveve.uni-stuttgart.de 1126824816 J * locksy ~locksy@mrtg.sisgroup.com.au 1126824816 J * meebey meebey@booster.qnetp.net 1126824816 J * DaCa ~danny@mail.limehouse.org 1126824816 J * [MUPPETS]Gonzo ~gonzo@langweiligneutral.deswahnsinns.de 1126824816 J * wibble ~tim@sophie.wobb1e.co.uk 1126824831 M * nayco Bertl: Well, running ext2 is dumb nowadays on a fileserver, and I heard ext3 is sloooooooowwww, is it true ? 1126824857 M * Bertl hmm, it was way faster than xfs last time I checked ... 1126824915 M * nayco Ah, they changed it recently, so ? Good. One or two years ago, it was the slowest filesystem.... 1126824931 M * nayco Well, in some banches, but you know benches... 1126824977 M * Bertl yep, we might address the xfs issues once we eliminate the vroot device completely 1126825006 M * nayco ok, so, anyway, this is too late now for me to change my production file servers to use quota inside vservers, and as it's dangerous... I forget for now. 1126825021 M * nayco You pan to eliminate the vroot device ? 1126825024 M * nayco +l 1126825051 M * Bertl yes, in the future, we will block evil actions on 'normal' device nodes 1126825077 M * nayco ok. So, quota problems for example will be solved ? 1126825085 M * Bertl yes 1126825115 M * nayco excellent :). 1126825116 M * Bertl but the xfs quota is working except for the 'detailed' report 1126825127 M * Bertl which is already a major step, IMHO 1126825145 M * nayco Well, but setquota still does not work with vroot. 1126825150 M * Bertl and as I said, 'fixing' the tools would probably make them work 100% 1126825195 M * Bertl we had similar issues with ext2/3 quota, where the tools insist on reading/writing the raw devices ... which of course is insecure ... 1126825220 M * nayco Thats sad, because using the real device in the vserver is bad... And another thing : I do not think manually editing /etc/mtab is a good idea :D !!! 1126825225 M * Bertl but there the 'ufs' did the trick, keeps the tools from doing raw access and everybody is happy ... 1126825241 M * nayco Oh, what is ufs ? 1126825252 M * nayco I forgot to ask tha t in the beginning 1126825269 M * Bertl a filesystem, but we just use the name to keep the tools from looking at the raw partitions :) 1126825289 M * nayco Oh, one that is ignored ? 1126825305 M * Bertl IMHO the tools have way to many assumptions on how quota should be presented to them 1126825306 M * nayco Mmmm, isn't it the union fs I heard about one time ? 1126825333 M * nayco Well, you mean that an anonymous message to the authors....... ;) ? 1126825391 M * Bertl will most likely do nothing :) I know honza (jan) pretty well and he basically agrees that the tools have too many assumptions, but he does not really want to change it :) 1126825407 M * nayco Sad. 1126825436 M * Bertl if you want to 'improve' that you might want to look into removing those checks in a sane way, e.g. with a special build option or so? 1126825473 M * Bertl or maybe just with a flag/option telling the tools to 'just' use this device and do not scan/grep/read other stuff ... 1126825492 M * Bertl (and more important, draw false conclusions :) 1126825566 M * nayco You want me to do that ? Errr, but I only learned "hello world, at school" ;) ! I can read C code, sometime understand portions, but doing this work is above my abilities... 1126825581 M * nayco Well, we are all here to improve ourselve, but ;) 1126825587 M * nayco +s 1126825626 M * Bertl ah, no, I'm not stating that you _should_ do that, I'm just providing options ... 1126825734 M * nayco Well, what you mean here is that the problem is really not kernel related, but only in the tools ? So, disabling some checks to go straight to the syscall is the solution... Right ? 1126825752 M * nayco [01:07] Oh, ok ;) 1126825754 M * Bertl the problem is: 1126825768 M * Bertl - the kernel needs to use a different device as proxy for now 1126825786 M * Bertl - the tools insist on kernel device == fs device for no aparent reason 1126825794 M * Bertl the result is: it fails ... 1126825803 M * nayco Ok, I fully get it. 1126825836 M * nayco While you thinks that simply making the syscall without bothering who is who would suffice 1126825861 M * Bertl you can try to change the if (after the printk) to: 1126825883 M * Bertl # 1126825888 M * nayco => Meaning the kernel only need the device name, and does it alone, no need to precheck 1126825905 M * nayco +s 1126825929 M * Bertl if (sd->sd_dev == 0x400) 1126825945 M * Bertl (will only work when you use vroot0 :) 1126825950 M * nayco :D 1126825967 M * Bertl and I'm pretty confident the rest of the tools will work quite fine 1126826010 M * nayco ok, I try. By doing this, we check that the kernel doesn't bothers with minors and majors and does the work 1126826013 M * nayco ? 1126826039 M * Bertl heh, the kernel bothers, but the tools should not :) 1126826071 M * nayco Yes, I said it wrong, but I agree ;) 1126826077 M * nayco ok : 1126826079 M * nayco printf("%llx == %llx && %llx == %llx\n", sd->sd_dev, mnt_entries[i].me_dev, sd->sd_ino, mnt_entries[i].me_ino); 1126826079 M * nayco //if (sd->sd_dev == mnt_entries[i].me_dev && sd->sd_ino == mnt_entries[i].me_ino) 1126826079 M * nayco if (sd->sd_dev == 0x400) 1126826079 M * nayco break; 1126826114 M * Bertl hmm, let's make it: 1126826151 M * Bertl if (sd->sd_dev == 0x400 && mnt_entries[i].me_dev == 0x309) 1126826161 M * nayco_laptop k 1126826163 M * Bertl this will lock both hda9 and vroot0 1126826215 M * nayco done. test : 1126826287 J * Aiken_ ~james@tooax7-097.dialup.optusnet.com.au 1126826293 M * Bertl morning Aiken_! 1126826296 M * nayco Huh ? does not work, same error ? 1126826340 M * Bertl change the mtab back to xfs 1126826365 M * nayco oh ;) 1126826387 M * nayco it was XFs 1126826394 M * nayco mmm.... 1126826499 M * nayco Hey, but "mnt_entries[i].me_dev" and "mnt_entries[i].me_ino" are always==0 ? 1126826562 M * Bertl hmm ... your print suggest that, but I assumed that to be an error 1126826571 M * Bertl i.e. wrong size of arguments 1126826573 M * nayco Ohhh, ok, I think that we need "sd->sd_ino", not 1126826580 M * nayco mnt_entries[i].me_dev 1126826585 M * nayco no ? 1126826585 M * Bertl okay, try that ... 1126826644 Q * Aiken Ping timeout: 480 seconds 1126826775 J * _cereal koepi@217.20.124.153 1126826787 J * lilo_ U2FsdGVkX1@lilo.usercloak.oftc.net 1126826805 J * pusling_ pusling@195.215.29.124 1126826875 Q * cereal Ping timeout: 480 seconds 1126826878 N * _cereal cereal 1126826900 Q * lilo Ping timeout: 480 seconds 1126826910 Q * pusling Ping timeout: 480 seconds 1126826923 M * nayco Bertl: Ok, I made a mistake while copying it to my laptop. Anyway, here is now the code, and the interresting result : 1126826935 Q * dddd44 Ping timeout: 480 seconds 1126826954 M * nayco printf("sd->sd_dev (%llx) == mnt_entries[i].me_dev (%llx) && sd->sd_ino (%llx) == mnt_entries[i].me_ino(%llx)\n", sd->sd_dev, mnt_entries[i].me_dev, sd->sd_ino, mnt_entries[i].me_ino); 1126826954 M * nayco if (sd->sd_dev == 0x400 && sd->sd_ino == 0x309) 1126826954 M * nayco break; 1126826975 M * nayco_laptop Result : 1126826978 M * nayco_laptop sd->sd_dev (309) == mnt_entries[i].me_dev (400) && sd->sd_ino (80) == mnt_entries[i].me_ino(80) 1126826981 M * nayco_laptop and fail 1126827012 M * Bertl okay, so take my previous if and retry ... 1126827017 M * nayco_laptop 309 != 400, this is more visual to me ;) 1126827024 M * nayco_laptop yep ! 1126827122 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1126827207 M * gndmstr maybe I have the terminology wrong. I have a skeleton set up and working, actually it is a full server with all packages most of my servers will need. I want to clone this into other vservers using hard links except for configs.. is unify or hash what i want? Or is it something else? 1126827218 M * nayco_laptop sd->sd_dev (309) == mnt_entries[i].me_dev (400) && sd->sd_ino (80) == mnt_entries[i].me_ino(80) 1126827250 M * Bertl gndmstr: what you mean is template (skeleton is very empty) 1126827270 M * gndmstr want to save space since this template is about 1.2g 1126827279 M * gndmstr ok i made a skeleton initially then turned it into a template 1126827281 M * gndmstr : 1126827283 M * gndmstr :) 1126827292 M * Bertl gndmstr: yep, you can basically do this with vhashify or manually 1126827318 M * Bertl (you could also use vunify, I guess) 1126827324 M * gndmstr ok so then its back to finding out what config files are needed to be able to create a new vserver with a single command 1126827331 M * gndmstr or a very few commands 1126827358 M * nayco Bertl: I inverted the if ;) : 1126827360 M * nayco if (sd->sd_dev == 0x309 && mnt_entries[i].me_dev == 0x400) 1126827364 M * Bertl yes, and I guess you have to bug Hollow regarding gentoo guests 1126827379 M * nayco_laptop and it works !!! 1126827380 M * nayco_laptop +s 1126827382 M * gndmstr I can't really find enough docs to fully explain what this stuff is.... 1126827383 M * gndmstr hehe 1126827394 M * gndmstr yeah probably. 1126827415 M * gndmstr and so much of it is explained in deb terminology i get lost reading it :) 1126827415 M * Bertl I can explain to you what unification is all about, and what vunify and vhashify does, if you like to? 1126827447 M * gndmstr if it is written somewhere but hidden and if i can find it, i dont want to trouble you with explanations 1126827457 M * Bertl nayco_laptop: great! 1126827478 M * gndmstr once i learn this stuff, i am going to work on a consolidated set of explicit gentoo docs 1126827500 M * nayco Bertl: Setquota now works !!!! 1126827520 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1126827525 M * gndmstr if i can get a brief synopsis so not to trouble you, and maybe a place to find detailed explanations, i can forge it from there 1126827526 M * Bertl gndmstr: IMHO it would be way more productive to integrate gentoo support into the tools and have a single 'unified' documentation :) 1126827534 M * nayco Bertl: But anyway, is it really solving our problem ? 1126827553 M * Bertl nayco: yes, with the vroot0 it is now 'secure' 1126827560 M * gndmstr very true. there still is the stop error which appears to be a gentoo 'thing' 1126827577 M * Bertl http://linux-vserver.org/Linux-VServer-Paper-06 1126827588 M * Bertl (first section, regarding unification) 1126827605 M * nayco Bertl: So, what's left is generalize the code to use something else than vroot0... 1126827605 M * gndmstr cool thanks :) 1126827621 M * Bertl the devel version 2.1.x adds a nice bonus, namely that unified files will automagically break on write 1126827637 M * nayco can this be done withour annoying the author ;) ? 1126827659 M * gndmstr ahh. im not sure what im using. i used the highest version masked packages.. 1126827675 M * Bertl gndmstr: this feature called CoW link breaking allows you to unify arbitrary files, even config or log files ... 1126827695 M * Bertl (as they will be copied on write) 1126827716 M * Bertl nayco: well, I doubt it can be generalized easily ... 1126827726 M * nayco sniffle ;( 1126827728 M * gndmstr ahh nice.. i believe that is what i was hoping for.. something that would simply leave editable configs and link the rest 1126827797 M * gndmstr so if i get 2.1 i can unify the entire thing since i will be zeroing out logs to use it as a template only, and edit configs and get a copy of them locally in each server 1126827805 M * Bertl the difference between vunify and vhashify is, the former is based on identical directory structures, where the latter uses hashes (sha) to identify files with identical contents 1126827831 M * gndmstr ahh. the startup servers will all be mirror images 1126827838 M * gndmstr any changes from there will be within the individual 1126827871 M * gndmstr so then it probably is vunify that i want 1126827878 M * Bertl gndmstr: yes, you could also specify certain directories (to vhashify/unify) to be included or excluded, to avoid the unnecessary breaking on e.g. /etc and /var 1126827916 M * gndmstr ok.. think im going to make some coffee and begin some seriuous reading and study :) 1126827919 M * Bertl gndmstr: basically you are interested in unifying {usr,}/lib and {usr,}/*bin 1126827947 M * gndmstr ok and then copying over /etc 1126827962 M * gndmstr since there are very few files i need to edit in etc to get a working vserver 1126827974 M * Bertl and you do not even need to use vunify/hashify ... you could simply do with: cp -la template new-guest 1126827988 M * Bertl and after that, setting the proper unification flag for all files 1126828024 M * Bertl (which can be done with setattr --iunlink 1126828053 M * gndmstr that may be even easier. ill search for the flag to set. i like that idea and since its linking i can imagine the cp would be fast 1126828069 M * Bertl it is, trust me :) 1126828070 M * gndmstr ok setattr --iunlink 1126828107 M * gndmstr does that work recursively if i do that on the /etc directory or should i do it to the entire vserver at the name 1126828156 M * gndmstr guess im going to have to do it to try it and see. thankfully there isnt much i can break that would be disastrous 1126828160 M * Bertl it has an option to work recursively, but IIRC, this was buggy at some time (maybe fixed by now) 1126828189 M * Bertl and as I said, you probably only want it for the bi and lib files 1126828193 M * gndmstr ok. there are only a few subdirs in etc so moving in and doing it for * is ok 1126828194 M * Bertl *bin 1126828195 M * gndmstr no 1126828199 M * gndmstr only for configs 1126828221 M * gndmstr ok going to go try this and see how much i can break :) 1126828229 M * Bertl no :) you want a copy for the config files and a link for the bin files :) 1126828247 M * Bertl not much space to save on /etc config files ... 1126828255 M * gndmstr ok so i only do the iunlink on /etc 1126828257 M * gndmstr cool 1126828272 M * Bertl no, you got it wrong again ... 1126828276 M * gndmstr sorry 1126828300 M * Bertl iunlink = immutable unlink (e.g. the unification flag) 1126828321 M * Bertl actually two separate flags ... 1126828372 M * gndmstr oh so i do that to /*bin , usr and maybe /libs 1126828378 M * Bertl and if you have a link (hard link) with those flags set, they will be immutable, but you might remove them .. on devel version, it also means that they will 'break' into two separate files (one being a copy) when written to 1126828423 M * Bertl yes, those files are good candidates for saving space .../etc and /var otoh, will not 1126828454 M * gndmstr nothing really in var anyway except lib and that houses changing files anyway 1126828538 M * gndmstr ok so first i make sure im using the 2.1 versions then do the iunlink on the above binaries and then there will be links in /etc but as i edit a config it will save as a real file breaking the link ? 1126828582 M * Bertl it's easier to _copy_ /etc instead of making it links which will break on edit 1126828615 M * Bertl but as I said before, Aiken tested it with _all_ files being hardlinks (with iunlink set) 1126828624 M * Bertl and it worked pretty well ... 1126828642 M * gndmstr yeah. .ok not like its a ton of various things to copy.. a single directory is easy.. 1126828661 Q * dddd44 arion.oftc.net kinetic.oftc.net 1126828661 Q * MooingLemur arion.oftc.net kinetic.oftc.net 1126828661 Q * sannes arion.oftc.net kinetic.oftc.net 1126828661 Q * stefani arion.oftc.net kinetic.oftc.net 1126828661 Q * ag- arion.oftc.net kinetic.oftc.net 1126828664 M * gndmstr if i can get this down it will impress the boss a bunch seeing a new server come up in a matter of minutes 1126828667 M * Bertl on non-devel (2.0.x) you must not unify config or changing files, because they have to be _removed_ before they can be changed 1126828683 M * gndmstr ill make sure im using 2.1 then 1126828718 J * sannes ~ace@simula-dhcp-084.simula.no 1126828746 J * ag- ag@caladan.roxor.cx