1127001612 M * Bertl lol, okay .. np 1127001615 M * linc :o| 1127001625 A * linc is an idiot! 1127001625 M * linc lol 1127001646 Q * Blissex Read error: Connection reset by peer 1127001648 Q * linc Quit: 1127001652 M * Aiken http://pastebin.com/366729 this is not a good oops 1127001663 M * Aiken not sure if it is vserver related or just xfs not happy 1127001687 A * Bertl *looking* 1127001696 M * Aiken all I have to do is modprobe xfs; cd /usr/src/linux; grep -r sometext * 1127001709 M * Aiken the strange bit is /usr/src/linux is sitting on ext3 1127001741 M * Bertl cool, stack size 4k? 1127001742 M * Aiken I pick /usr/src/linux because I know there is a lot of file in that directory 1127001767 M * Bertl if so, could you retry with 8k? 1127001802 M * Aiken where is the option, I don;t remember seeing it with the alpha 1127001847 M * Bertl sec 1127001859 M * Bertl CONFIG_4KSTACKS=y 1127001895 M * Aiken x86 has it under kernel hacking 1127001898 M * Aiken alpha does not 1127001907 M * Bertl is it in the .config? 1127001928 M * Aiken no 1127001946 M * Bertl k, probably not relevant then .. 1127001973 M * Bertl without the xfs module, the grep is fine? 1127001980 M * Aiken correct 1127002008 M * Bertl and if you modprobe xfs, then wait about 30 seconds nothing happens? 1127002073 M * Bertl (or maybe a little longer actually) 1127002079 M * Aiken haev not waited 30 yet, normally an interval of 5 - 10sec before I start the grep and the grep goes for a minute or so before the oops 1127002091 M * Aiken have to go reset the machine, back in 1 min 1127002107 M * Bertl the idea is to figure if it is module unloading or filesystem flush related 1127002178 M * Aiken ok 1127002206 M * Aiken at least after the oops the xfs module can not be unload 1127002572 Q * yarihm Quit: Leaving 1127002774 M * Aiken let it sit 8 minutes 1127002777 M * Aiken nothing happend 1127002796 M * Bertl okay, now unload it 1127002801 M * Aiken does not work 1127002806 M * Aiken 1193 pts/1 D 0:00 rmmod xfs 1127002815 M * Bertl hmm, D state? 1127002819 M * Aiken disk 1127002839 M * Bertl yeah, I know, just unusual for rmmod 1127002862 M * Bertl any oops? 1127002871 M * Aiken D uninterruptible sleep (usually IO) 1127002875 M * Aiken no oops 1127002894 M * Aiken all I can think of is to build a std kernel and see what happens 1127002924 M * Bertl hmm, previously, you mentioned some unresolved symbols or so 1127002932 M * Aiken when building xfsprogs 1127002958 M * Aiken xfsprogs want a symbol that is only defined is debugging is on 1127002961 M * Bertl okay, let's try with an unpatched kernel .. 1127004440 M * Aiken mayeb alpha + xfs problem 1127004530 M * Bertl could be, could even be xfs problem. period. 1127004556 M * Aiken can not rmmod xfs with a std kernel 1127004577 M * Bertl you never know, on x86, enabling 4k stack (which is now the default) will give you funny issues with reiser and xfs together ... 1127004596 M * Bertl Aiken: can you reproduce the grep crash? 1127004632 M * Aiken yes 1127004637 M * Aiken it just went 1127004649 M * Bertl excellent! so we have something to report/feed back mainstream 1127004686 M * Bertl the vanilla kernel is 2.6.13.1? 1127004734 M * Aiken yes 1127004758 M * Bertl oops looks similar/identical? 1127004777 M * Aiken http://pastebin.com/366752 kswapd0 grep syslogd 1127004892 M * Bertl hmm, that doesn't look nice .. 1127004936 M * Bertl looks like kswapd is evicting pages (which should be pinned) on memory pressure 1127004947 M * Bertl (the grep is a good pressure tool) 1127005011 M * Aiken for several of the crash attempts I had top running with a 1 sec update time 1127005029 M * Aiken 196 meg of ram and abt 280 meg of swap 1127005041 M * Aiken it was only getting to 8k swap in use 1127005056 M * Bertl yes, but I assume RAM was full, no? 1127005074 M * Aiken total used free shared buffers cached 1127005074 M * Aiken Mem: 185 182 2 0 9 145 1127005074 M * Aiken -/+ buffers/cache: 27 158 1127005074 M * Aiken Swap: 281 0 281 1127005097 M * Bertl I'm not saying that it _did_ swap out the pages, which would probably be harmless, most likely it just dropped the pages :/ 1127005100 M * Aiken that 'free' is the only cmd run since the oops 1127005132 M * Aiken I am not sure I want to think abt that, that would be bad, very bad 1127005174 M * Bertl in any case, you should submit it to lkml and alpha-linux asap 1127005225 M * Bertl do you see a way to verify similar on x86? (i.e. copy over your partition or so?) 1127005285 M * Bertl or maybe it can be reproduced with dd if=/dev/zero of=/dev/null bs= instead of grep 1127005354 M * Aiken I am wondering if having it compiled in instead of as a module would make anyy difference 1127005401 M * Bertl I would not focus on xfs right now ... 1127005415 M * Bertl I guess xfs is just a katalyst ... 1127005436 M * Bertl well, OTOH, the xfs module is broken for sure ... 1127005443 M * Bertl (because of the unloading) 1127005458 M * Aiken after yesterday all I was trying to do give cow + xfs a hard time to see how it went 1127005487 M * Bertl and modulo those mainstream issues it went fine, IIRC :) 1127005828 M * Aiken dd if=/dev/sda of=/dev/null killed it as well 1127005846 M * Bertl okay, that sounds easy to test on other archs too ... 1127005879 M * Bertl xfs as module and module load, then the dd? 1127006178 M * Aiken yes 1127006257 M * Bertl 2.6.12.4 on x86_64 works fine, xan even unload xfs 1127006260 M * Bertl *can 1127006270 M * Bertl compiling 2.6.13.1 now ... 1127006327 M * Aiken trying on this xp2100 now 1127006576 M * nayco Er... I never tried another build method than "skeleton" before... How does it work to use, for example, "-m yum" ? 1127006587 M * nayco I tried with "vserver test1 build -m yum" ... 1127006625 M * Bertl try with -m debootstrap (that's probably the easiest) 1127006646 M * Bertl example is available on the wiki's alpha util-vserver page 1127006755 M * nayco is debootstrap close enough to the behaviour of an hypotetical "urpmi" method ? I mean, I'm doing this to learn how this stuff works, to reproduce it for urpmi... 1127006776 M * Bertl hmm, probably no, guess yum is closest ... 1127006788 M * Bertl but I have never tried yum before ... :) 1127006796 M * nayco Ok ;) 1127006916 M * Bertl but actually I'd search for that, IIRC, a few folks had issues with that, they also provided a command line example ... 1127006937 M * nayco Reading the scripts, I tried to understand how the packages are handled for each distro and package manager. It's hard to figure out... I need to run one, I think. The questions are : Where are stored the packages databases ? Where and how the packages are downloaded ? How to start the doanload and install ? 1127006951 M * nayco *reading the wiki* 1127006963 M * Bertl for debootstrap I know how it works ... 1127007019 M * Bertl it basically installs and invokes debootstrap which fetches all required packages (fulfilling the package dependancies listed in /etc/vservers/.dist*) and isntalls them into the specified dir 1127007071 M * nayco Well, I've got a rough idea of how to proceed with urpmi: 1127007113 M * nayco install urpmi (What if the distro isn't a Mandiva ? Dunno if urpmi exists for other distros...) 1127007161 M * Bertl other methods have this issue too 1127007164 M * nayco * create/read a source list for urpmi 1127007173 M * Bertl I'd just 'assume' urpmi is installed. period. 1127007194 M * Bertl in a second step, you can think about providing a generalized urpmi package 1127007200 M * nayco You lean, if the user isn't using a Madiva host, "back off" ? 1127007216 M * nayco Which means ? 1127007222 M * Bertl (like the apt-rpm for example) 1127007242 M * nayco The problem is to preconfigure or make the user configure packages sources ... 1127007253 M * Bertl no, just don't mix the steps, I mean, first, assume it is there 1127007268 M * Bertl make it work so that it installs a working guest 1127007291 M * Bertl _then_ think about providing urpmi on non mandriva hosts 1127007317 M * Bertl e.g. you have a hard time to get apt-rpm working on debian 1127007336 M * Bertl so apt-rpm based install methods won't work out of the box on debian 1127007344 M * nayco You're right: the last step is relevant only if the two other work on Mandriva ;) 1127007378 M * nayco Ok, so, first step : urpmi.addmedia "......" "....." with "....." 1127007386 J * lilo ~lilo@lilo.usercloak.oftc.net 1127007401 M * Bertl welcome lilo! 1127007484 M * nayco I gonna check the other methods to see how they do it, but they seem to have only a sources list file, so maybe providing a default one then using it to add the medias is enough. 1127007510 M * Bertl could be ... 1127007613 M * nayco Second step : Maybe urpmi.update (The first time, it is not required, as we just created the medias, and the next times, it is not useful if the medias are stable ones, as they should for production... I can't imagine someone using cooker as a source for a production server. Errr, well, I know one: Me, on my laptop ;)) 1127007728 M * nayco third step : cp -a /vservers/$vserver/dev /vservers/$vserver/dev.tmp /* yes... */ 1127007740 M * nayco fourth step : urpmi --root /vservers/$vserver --media main basesystem 1127007770 M * nayco fifth step : rm -rf /vservers/$vserver/dev ; mv /vservers/$vserver/dev.tmp /vservers/$vserver/dev 1127007780 M * nayco thats all, I think. 1127007801 Q * lilo_ Ping timeout: 480 seconds 1127007884 M * Bertl yeah, well, the /dev part sounds hackish, guess the scripts might do that simpler (i.e. probably by default, rm /dev and create required nodes) 1127007946 M * nayco Mmmmm, this is harder : urpmi needs to be run with a (several) database(s) different from the host's, a least to provide support for different versions of the distro... Nargggh. 1127008016 M * nayco For /dev : Well, why not, as what you say is faster for a script (When doing it by hand, mv/cp is faster than mknod ;)) 1127008044 M * Bertl I really doubt that, and what do you want to copy? 1127008199 M * nayco I mean, for the last vservers I installed, I made a backup of /dev/ with mv (or cp ?) after vserver-build, used urpmi, then manually removed the new /dev to put back the old one: I dinot want to mknod by hand the entries. But in a automated script, this can be faster... 1127008252 M * Bertl especially as you do not want to have a 'backup' of /dev lying around somewhere ... 1127008276 M * nayco yep... 1127008319 M * nayco Well, I don't keep it, because it is renamed from dev.tmp to dev, and is used for the new vserver ;) 1127008368 M * nayco but if I can find a way to prevent urpmi to create dev entries in the first place... 1127008411 M * Bertl I assume debootstrap for example does also create /dev entries, they are removed afterwards and _the necessary_ dev entries are created 1127008426 J * Aiken_ ~james@tooax7-001.dialup.optusnet.com.au 1127008432 M * Bertl I really, really, doubt that this is distro/build method specific :) 1127008432 M * nayco I realise that most of my production vservers have a full /dev/ :((( I gonna correct this on mondays, fast ! 1127008460 M * Bertl nayco: just don't tell anyone, otherwise you're dead :) 1127008474 M * nayco Well, once I get debootstrap to work, I can see how it works. And I gonna read carefully the script. 1127008515 M * nayco Bertl: Well, tell me, in fact, this is not more harmful than running a usal linux server, i.e. all in the host, huh ? 1127008536 M * Bertl do you give away guest root? 1127008549 M * nayco And you still keep most of the flexibility vservers provide :) 1127008554 M * nayco Guest root ? 1127008576 M * Bertl does somebody except you have root access to one of the vps/guests? 1127008577 M * nayco Not even "nobody" access :PPP 1127008608 M * nayco Be root on my servers and be killed, that's what I tell them :) 1127008644 M * Bertl okay, so no root access inside the guests, right? 1127008659 M * Bertl then it isn't really different from any other linux server 1127008706 M * nayco These are basically (file|web) servers, so no access for nobody apart through usual network services. 1127008769 Q * Aiken Ping timeout: 480 seconds 1127008807 M * nayco That what I thought. But, I'm still confused: Why is it so harmfull to have /dev entries ? I mean, could this lead to chroot escapes ? Or tricks like "dd if=/dev/urandom of=/dev/hda" inside a guest, shtitting the whole machine ? 1127008813 M * nayco -t 1127008851 M * nayco doesn't the ctx kernel protects from these ? 1127008883 M * Bertl no, neither the ctx kernel, nor the linux-vserver kernel :) 1127008898 M * nayco Ok, ok, ctx was a shortcut, ;) 1127008915 M * Bertl the kernel prevents the creation of device nodes (with mknod & friends) 1127008952 M * Bertl but, let's say you have /dev/hda1 inside the guest, and your vserver partitions is also on hda1 ... 1127008971 M * Bertl then you can do a few things ... 1127008987 M * Bertl - zero out hda1 while mounted *fun* 1127009015 M * Bertl - write to hda1, so that a device node for hda appears in /tmp :) 1127009061 M * Bertl - rewrite the partition table via hda *great fun* 1127009067 M * nayco This is really fun as I saw one day that the machine doesn't stop running... I think that can be a good joke to play to a friend. 1127009068 M * Bertl well you got the idea ... 1127009127 M * nayco Sorry for the second one, I didn't know about this : Writing to a disk node create another node in /tmp ??? 1127009153 M * Bertl well, if you have raw access to a device node, a lot of things are possible 1127009181 M * nayco Ok, I get it, and anyway, I gonna clean these entries as fast as possible ;) 1127009290 M * nayco Ohhh, I tried minutes ago to create a FC4 vserver, but it didn't work : I forgot about the -d switch... :-| 1127009464 M * nayco Well, reading the page, I see that the "rpm" method could definitely support mandriva... maybe I should base my work on that script. Well, gonna read it again first. 1127009836 M * nayco luckily, vserver-build.debootstrap is easier to understand... 1127010455 M * nayco Bertl: look at this, I think taht's one of my question answered ;) (From vserver-build.debootstrap script) : 1127010457 M * nayco function fixupDebian 1127010458 M * nayco { 1127010458 M * nayco $_RM -rf "$1"/dev 1127010458 M * nayco $_MV "$1"/dev.X "$1"/dev 1127010458 M * nayco } 1127010496 M * Bertl excellent ... 1127010590 M * nayco This script really is easier to understand : I'm analyzing it line-by-line, and surprisingly I manage to guess what is done... I think I've got a good candidate to copy/paste here. 1127010869 M * Aiken_ sgi's 2.6.13 xfs is different from the std kernel's xfs, how much I am not sure. I really don't feel like downloading 23 meg on dialup 1127010875 M * Aiken_ I know Kconfig is different 1127011117 M * Bertl can't reproduce it on x86_64 ... 1127011132 M * Bertl so maybe it's really alpha specific 1127011176 M * Aiken_ did not have a problem on this machine either 1127011182 M * nayco Aiken_: you wanted to do a diff between the kernel's xfs source and sgi's ? 1127011192 M * Aiken_ yes 1127011219 M * nayco Is it hard to do (Apart from the download rate ;) ? 1127011331 M * nayco 'cause I have a 10M adsl... downloading 24 Mb takes about 30 seconds... 1127011332 M * Aiken_ combination of download rate and I am getting fed up with it 1127011356 M * nayco I could diff it for you of that's not too hard for me. 1127011369 M * nayco *if that's 1127011835 M * Aiken_ I might grab it later 1127011846 M * nayco ok. 1127012974 M * Aiken_ it was quicker than I expected 1127013491 M * nayco Strange, I had to modify vserver-build.debootstrap to be able to install sarge or hoary.... I had to add "echo i386 > $DEBOOTSTRAP_DIR/arch" :-| 1127013510 M * nayco Is it a debootstrap bug ? 1127013520 M * Bertl hmm, sounds interesting ,,, 1127013538 M * Bertl please a) publish that on the ML and b) send a bug-report to savannah 1127013548 M * nayco Ok, I learned a lot tonight^Wthis morning, got to sleep.... 1127013553 M * Bertl because, I think debian/debootstrap assumes i386 1127013559 M * nayco Bertl: Yes, I send a mail to hte ml 1127013564 M * Bertl and Mandr* has i686 1127013572 M * Bertl or i586 at least 1127013577 M * nayco i586 1127013597 M * Bertl but IIRC, this issue exists on other distros too ... 1127013619 M * nayco But it's late (early), so my mail will be short ;) 1127013631 M * Bertl np, take your time, just don't forget to send it 1127013642 M * Bertl tomorrow evening will be fine too 1127013727 M * nayco ok, I paste this conversation somewhere and will make a mail of it. Now, I see better how vserver-buil.debootstrap works, that is not too hard to understand, I think I gonna be relatively free in my manner to implement urpmi.... 1127013745 M * Bertl excellent! 1127013779 M * Bertl I'm almost off to bed too, Aiken_ any conclusions? 1127013840 M * Aiken_ feet up, eating lunch and watching some bike racing while some more of the sgi kernel downloads 1127013886 M * nayco Anyway, think I have 4 or 5 other (bugs)? to post to enrico.... I doesn't seem present on the ML these days, so I gonna use savannah 1127013960 M * nayco [05:22] => >>arghhhh !<< 1127013979 A * nayco goes to bed, 'night all, and thanks ! 1127014005 M * Aiken_ Bertl as I only wanted to try xfs to see how the cow worked I am losing enthusiasm fast 1127014014 Q * nayco Quit: \_°< <=PAN!!! 1127014041 M * Bertl Aiken_: can understand that, nevertheless, please file a bug-report on lkml (unless you already did so) 1127014060 M * Aiken_ not yet 1127015681 J * ag-2_ ag@muaddib.roxor.cx 1127015684 Q * ag-2 Ping timeout: 480 seconds 1127016737 M * Aiken_ just trying a kernel with the sgi xfs 1127017373 M * Aiken_ no problem with sgi xfs SGI-XFS CVS-2005-09-17_05:00_UTC 1127017458 M * Bertl okay, so it is very likely kernel xfs related 1127017599 M * Bertl and I'm finally off to bed now ... thanks for investigating, and TIA for the LKML report :) 1127017613 M * Bertl have a nice whatever, everyone! cya tomorrow ... 1127017620 N * Bertl Bertl_zZ 1127017974 Q * dddd44 Ping timeout: 480 seconds 1127022760 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127024215 Q * flock Ping timeout: 480 seconds 1127024480 J * _nokoya young@hi-230-82.tm.net.org.my 1127024609 Q * nokoya Ping timeout: 480 seconds 1127024617 N * _nokoya nokoya 1127026679 J * Aiken__ ~james@tooax6-180.dialup.optusnet.com.au 1127026998 Q * Aiken_ Ping timeout: 480 seconds 1127030387 Q * ag- Quit: BRB 1127030405 J * ag-- ag@caladan.roxor.cx 1127030514 Q * ag-- Quit: 1127030738 Q * ag-2_ Quit: BRB 1127030769 J * ag-2 ag@muaddib.roxor.cx 1127030869 J * ag- ag@82.238.123.217 1127033229 J * yarihm ~yarihm@84-74-16-246.dclient.hispeed.ch 1127034878 Q * lilo Remote host closed the connection 1127034892 J * lilo ~lilo@lilo.usercloak.oftc.net 1127035519 Q * lilo Remote host closed the connection 1127035866 J * lilo ~lilo@lilo.usercloak.oftc.net 1127036117 M * yarihm any pointers to the patch against 2.6.13.1? i'm always a bit lost on the page, i never seem to find the new stuff 1127037370 Q * dddd44 Ping timeout: 480 seconds 1127037456 M * Aiken__ http://vserver.13thfloor.at/Experimental/ 1127037486 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127038154 M * yarihm Aiken__: thanks a bunch, that's what i was looking for 1127040216 J * prae ~benjamin@sherpadown.net 1127041444 N * Aiken__ Aiken 1127042828 Q * Aiken Quit: Leaving 1127043159 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1127043216 M * gndmstr does anyone know if any of the gentoo ~x86 iptables ebuilds have the ngnet patch installed? 1127043833 J * Rushmoom ~me@80-219-252-33.dclient.hispeed.ch 1127044985 Q * Doener Quit: Leaving 1127049085 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1127050145 Q * skceb Remote host closed the connection 1127051360 N * Bertl_zZ Bertl 1127051364 M * Bertl morning folks! 1127051381 M * Bertl gndmstr: I doubt that, as it doesn't work right now (ngnet) 1127051434 M * Bertl yarihm: 'which' page are you looking at (for new stuff)? 1127051465 M * maharaja Bertl: yesterday, i deployed a new vserver with the same kernel configuration except for 4gb mem and sata support 1127051487 M * maharaja lets assume that server1 is the old "crashy" server, and server2 is the new one 1127051495 M * Bertl k 1127051498 M * maharaja server1 and server2 are connected via the serial cable 1127051517 M * maharaja i start minicom on server1 and get an mgetty session on server2 - no problem 1127051531 M * maharaja i can issue the sysrq keys and am getting the expected output 1127051551 M * maharaja but its not working vice versa 1127051557 J * menomc ~amery@200.75.27.17 1127051564 M * maharaja could there be an issue with metalog/syslog? 1127051564 M * Bertl maharaja: broken cable ... 1127051585 M * maharaja because i use metalog on server1 where i get no feedback from 1127051599 M * Bertl maharaja: I do not assume metalog does grab the serial device no? 1127051614 M * maharaja honestly, i do not know 1127051615 M * maharaja :) 1127051643 M * maharaja i guess ill reinstall syslog on server1 1127051644 M * Bertl well, rule #1, don't run software you do not know :) 1127051646 M * maharaja and simply try it 1127051664 Q * mnemoc Ping timeout: 480 seconds 1127051664 N * menomc mnemoc 1127051698 M * gndmstr does anyone know if any of the gentoo ~x86 iptables ebuilds have the ngnet patch installed? 1127051741 M * maharaja ok - nothing changed :) 1127051764 M * Bertl gndmstr: < Bertl> gndmstr: I doubt that, as it doesn't work right now (ngnet) 1127051785 M * gndmstr oh ok. was wondering since the kernel does have the patch and vnet is offered 1127051789 M * maharaja the strange thing is that i get the login prompt and the sysrq help screen from server1 on server2 1127051797 M * maharaja but no cpu regs/etc. output 1127051808 M * maharaja . 1127051808 M * maharaja main: SysRq : HELP : loglevel0-8 reBoot tErm Full kIll saK showMem Nice showPc unRaw Sync showTasks Unmount 1127051808 M * maharaja SysRq : Show Regs 1127051811 M * maharaja is output i get 1127051817 M * maharaja and the regs are listed in dmesg on server1 1127051842 M * Bertl not on the console? then it is not your primary console 1127051863 M * sannes http://www.13thfloor.at/vserver/s_rel26/v2.0/patch-2.6.12.4-vs2.0.diff works with 2.6.13.1 also? 1127051904 M * Bertl sannes: unlikely, take http://vserver.13thfloor.at/Experimental/patch-2.6.13-vs2.0.1-pre2.diff.bz2 1127051967 M * sannes ok, pre .. hm, I guess there arn't many changes between 2.0 and 2.0.1-pre 1127051992 M * Bertl well, only changes to a better patch, as this is the _stable_ branch :) 1127052002 M * maharaja Bertl: how do i know my primary console? 1127052036 M * Bertl usually it's the first one specified on the kernel boot line 1127052203 M * maharaja so it should be the primary 1127052207 M * maharaja maybe a broken serial port 1127052209 M * maharaja damn it :) 1127052229 M * Bertl could be, maybe it is set to IR in the bios, maybe your cable is broken 1127052252 M * Bertl try to use the cable the other way round ... see if that changes behaviour 1127052302 M * Bertl also, as I already mentioned, check the handshake options in minicom (you might have a cable which does not support hardware handshake (online)) 1127052678 M * maharaja whats the handshake option? and whats "ir" ? 1127052728 M * Bertl IR = infra red, handshake can be hardware (RTS/CTS) or Software (xON/xOFF) 1127053327 M * gndmstr are there performance hits on a system where the host runs several services open to the public while running guest servers as well as compared to placing the host services within a guest? 1127053413 Q * dddd44 Remote host closed the connection 1127053551 M * Bertl gndmstr: not really, but maybe you could elaborate on this? 1127053651 M * gndmstr i have one server, specifically a secondary mx server that has many support programs installed in it especially in CPAN and to install all this fresh into a guest would take literally hours.. in trying to be a bit lazy i was wondering what impact leaving it running as is and simply installing other less active guests underneath would be 1127053688 M * gndmstr as compared to moving it to a guest 1127053692 M * sannes gndmstr : I don't think the load would be any different from you running it a sepearte vserver 1127053714 M * gndmstr so then basically no or minimal impact 1127053732 M * Bertl gndmstr: not performence wise, only administrative and security wise 1127053734 M * sannes gndmstr : of course you would miss out on the features of vservers :/ 1127053760 M * gndmstr over time i would probably slowly install it into a guest but it isnt something i look forward to :) 1127053766 M * Bertl gndmstr: but moving host services into a guest should be 'trivial' 1127053769 J * dddd44 ~dhb55@tor-irc.dnsbl.oftc.net 1127053777 M * gndmstr ? how would that be trivial 1127053788 M * gndmstr i cant even remember everything needed in cpan :) 1127053817 M * Bertl well, util-vserver supports the 'copy' build method 1127053833 M * gndmstr although qmail itself is reasonably self contained, the rest is a mess to install. 1127053840 M * Bertl copy ... the copy-all-from-host method which uses the recent configuration scheme 1127053842 M * gndmstr so then i could make a clone of the host 1127053863 M * gndmstr and then just edit various files to make it into a guest like kill net code and junk like that 1127053871 M * Bertl yes, that's the idea, and after that, clean up both 1127053915 M * gndmstr hmm... interesting... guess i need to do lots more reading.. somehow i missed that option the first read-thru 1127053956 M * gndmstr heh thanks 1127053980 M * gndmstr makes life quite a bit easier since all users programs run as and their permissions would be copied as well 1127054047 M * Bertl you're welcome! 1127054057 M * gndmstr if i wanted to have a caching dns local to some service, would it be better to have named running on the host so all guests can use it locally or install it into the single guest that needs it. 1127054100 M * Bertl really depends on the setup/situation, you also missed option C, put the named in a separate guest :) 1127054133 J * Equonix Equonix@213-48-80-102.haw.cvx.blueyonder.co.uk 1127054144 M * gndmstr i knew there would be no benefit of continuing studying hours after 'ground zero burnout' :) 1127054174 M * Bertl welcome Equonix! 1127054176 M * gndmstr i went to bed the first morning after 18 hrs of continuous reading and studying and going over configs in my mind and on paper 1127054183 M * Equonix Hey Bertl :) 1127054188 M * gndmstr was so burned out... :) 1127054742 Q * click Ping timeout: 480 seconds 1127054825 Q * Rushmoom Server closed connection 1127054869 J * Rushmoom ~me@80-219-252-33.dclient.hispeed.ch 1127054873 J * click click@ti511110a080-1724.bb.online.no 1127054878 M * Bertl wb Rushmoom! hey click! 1127054932 M * click heya, i really hate powerouts :/ 1127055128 M * Hollow heya Bertl 1127055140 M * Bertl morning? Hollow! 1127055153 M * Hollow no, not morning, awake since 11am ;) 1127055218 M * Bertl regarding the irc discussion, I have time till 1800 and most likely from 2300 up 1127055465 M * meebey Bertl: I just found an information leak in vs1.2.10 1127055481 M * Bertl meebey: let's hear! 1127055491 M * meebey Bertl: the program mount can't find the mounts of the server 1127055504 M * Hollow Greek0: ping? 1127055505 M * meebey Bertl: cat /proc/anypid/mounts will show the real mounts 1127055534 M * meebey Bertl: which would help an intruder 1127055546 M * meebey I just had a break in inside a vserver 1127055555 M * meebey but he didnt came far because of the firewall :) 1127055565 M * Bertl meebey: yeah, that is a known deficiency 1127055567 M * meebey IRC backdoor that was 1127055611 M * Bertl meebey: it is a little different with namespaces than with normal chroots though ... 1127055651 M * meebey ic 1127055659 M * meebey its not that bad, but I felt I should report it 1127055672 M * Bertl yeah, thanks, you feedback is appreciated! 1127055741 J * nayco_laptop ~nayco@lns-bzn-10-nan-82-251-52-163.adsl.proxad.net 1127055752 M * Bertl welcome nayco! 1127055812 M * nayco_laptop hello :) ! Had a nice night^Wmorning ? 1127056005 M * Hollow Bertl: probably i'm already half asleep at 23pm, so dunno... 1127056035 M * Hollow did i ever mention, that school sucks? 1127056064 M * nayco_laptop work sux even more ;) 1127056074 M * nayco_laptop well, depends 1127056077 M * Hollow depends on your job ;) 1127056098 M * daniel_hozac work gets you money ;) 1127056120 M * Hollow yeah, that's a plus for sure :P 1127056168 M * Rushmoom Good "moring" everyone! 1127056178 M * Hollow morning Rushmoom 1127056190 M * Rushmoom Very general question: What strategy would you recommend for keeping a productive (gentoo) vserver environment up to date? Updating everything ASAP, or just the kernel, or just the utils? What about the baselayout? 1127056226 M * Hollow well, the host systems should not needed to be updated too often, but you should do it from time to time 1127056257 M * Hollow and about updating vserver guests.. look at http://home.xnull.de/work/gentoo/vserver/tools/ some nice scripts in there for doing that 1127056265 M * Rushmoom Hollow: But IF I update them, kernel and util-vserver should be updated together? 1127056285 Q * lilo Server closed connection 1127056298 M * Hollow probably yeah 1127056301 J * lilo ~lilo@lilo.usercloak.oftc.net 1127056306 M * Greek0 Hollow: pong 1127056321 M * Hollow Greek0: have some minutes to continue the meeting? 1127056325 M * Rushmoom Hollow: Oh, there are some *nice* tools there, thanks for the hint! 1127056345 M * Hollow Rushmoom: you're welcome, i use them on my production box, they're working quite fine 1127056393 M * Hollow basically, with vupdateworld, the first guests who merges a package creates a bin pakcgae that all other hosts can use 1127056405 M * Greek0 Hollow: will be in half-time-attention mode for the next minutes or so, since dinner is ready 1127056430 M * Hollow mkay 1127056447 M * Rushmoom Hollow: This is exactly what I was looking for for ages! :-) This sure helps a lot to keep traffic low... 1127056469 M * Hollow traffic, well... not that much difference, but the load decreases heavily 1127056597 M * Hollow Rushmoom: be sure to create a shread package dir 1127056600 M * Hollow *shared 1127056610 M * Hollow else it won't work 1127056648 M * Rushmoom Hollow: Like a common place for the distfiles? Or are the binary packages stored somewhere else? 1127056665 M * Hollow in /usr/portage/packages, do you use a shared portage tree? 1127056681 M * Rushmoom not yet 1127056706 M * Hollow you should probably do that, a whol tree (~600MB?) in each guest is kinda waste of disk space 1127056763 M * Rushmoom Yes, that was worrying me for a long time. But how to do it? Hardlinks (of course) don't work, so it would have to be a NFS or something like that? 1127056779 M * Bertl Hollow: ok, to get things going ... did you get a chance to try the reboot_kill stuff yet? 1127056791 M * Rushmoom nope 1127056820 M * Hollow Rushmoom: do it like here: http://phpfi.com/78963 1127056820 M * Rushmoom Sorry, I was offline for 6 weeks, missed out on quite a bit of vserver developement :) 1127056825 M * Hollow Bertl: no, sorry 1127056864 M * Hollow Rushmoom: this shares the hosts /usr/portage among the guests with bind mounts 1127056915 M * Bertl Hollow: would be nice to know if that 'fixes' some of the (gentoo?) reported issues .. I guess 1127056929 M * Hollow yeah, i'll try and let you know 1127056970 M * Bertl Hollow: would be great! keep in mind, it's a flag 1127056995 M * Hollow yep, so it should just kill everything if sys_reboot is called, right? 1127057017 Q * ag-2 Server closed connection 1127057027 J * ag-2 ag@muaddib.roxor.cx 1127057068 M * Bertl Hollow: yes, first the children, then the init 1127057075 M * Hollow k, i'll take a look 1127057087 M * Rushmoom Hollow: It didn't realize there is such an easy way to accomplish this, thanks :) But what if I [want | have] to use different versions of packages on the host and guests? Just 'emerge =-' and it should be fine? 1127057154 M * Hollow Rushmoom: i'm not quite sure which checks are applied for bin packages in portage (cflags, use flags, chost, compiler version etc) so with many different guests it _could_ lead to problems 1127057228 M * Hollow Bertl: so, what's left for the discussion? what about the kernel-user communication part e.g.? 1127057237 M * Rushmoom Hollow: cflags, chost and gcc would be exactly the same, use flags probably not, so I'll just have to find out I guess :) 1127057254 M * Greek0 re 1127057264 M * Bertl Hollow: yes, but first I'd like to consider the spawning a little more 1127057265 M * Hollow iirc portage checks use flags and recompiles the package if use flags don't match 1127057278 M * Hollow Bertl: k 1127057383 M * Bertl because it leaves a view questions to me like: a) when we start init, the namespace has to be there already, so who is going to set that one up? 1127057388 M * Bertl *few 1127057418 M * Hollow hm, the daemon? 1127057423 M * Bertl i.e. I think we need a 'kickstart' process inside before init 1127057456 M * Bertl but maybe there are 'better' ideas ... 1127057470 M * Greek0 hmm. the former discussion was about the VXF_REBOOT_KILL flag? 1127057476 M * Hollow what would have to be done inside before init? 1127057485 M * Hollow Greek0: yep 1127057502 M * Bertl Greek0: yes, jsut needs testing and feedback 1127057521 M * Equonix Hey all I have apt-get install the util-vserver package on debian... now that it is installed what is the next step? 1127057566 M * Bertl Equonix: you probbaly want to verify that it works with the testme.sh script 1127057593 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh 1127057623 M * Bertl Equonix: if that works fine then the next step is guest creation 1127057655 M * Equonix both things fail 1127057670 M * Bertl did you patch the kernel and boot the new kernel? 1127057693 M * Equonix not yet. 1127057700 M * Rushmoom Equonix: http://deb.riseup.net/vserver/preparing/ 1127057728 M * Greek0 well, I thought we had a process that just did the whole startup work like context creation, namespace stuff, network setup, ... 1127057755 M * Bertl Greek0: okay, but that has to 'register' stuff for the context, so it has to be 'part' of it, no? 1127057756 M * Greek0 i.e. a seperate process that'd be spawned just to create the context and do execve("init", ..) in the end 1127057768 M * Greek0 Bertl: EPARSE 1127057779 M * Greek0 ah 1127057810 M * Bertl last time we (agreed?) on some 'spawn' feature to create init inside the guest 1127057830 M * Bertl this should work quite fine except for a few details ... 1127057837 M * Greek0 uhm yep 1127057876 M * Greek0 had a problem with my perspective: what is currently done / what can/will be done in the future 1127057924 M * Hollow hm, the question is: what needs to be done inside and what can be done from outside? 1127057981 M * Bertl well, we need to do the following: 1127057990 M * Bertl - create the context 1127057996 M * Bertl - setup flags and ccaps 1127058002 M * Bertl - setup bcaps 1127058009 M * Bertl - create a namespace 1127058023 M * Bertl - do the chroot/rbind 1127058038 M * Bertl - set scheduler and limits 1127058061 M * Bertl the problematic steps might be: 1127058066 M * Greek0 currently we have contexts destroyed when the last process in it dies. this might be kinda problematic with the spawn-init feature. since when init is spawned we probably don't want the context-setup-process to be around anymore, no? 1127058105 M * Bertl - the bcaps 1127058116 M * Bertl - the chroot and namespace 1127058134 M * Bertl everything else can be done in a 'setup' stage 1127058150 M * Hollow why bcaps? 1127058162 M * Bertl the bcaps might be applied automagically by the spawn process, so that should be easy 1127058253 M * Bertl that leaves us with the namespace and chroot/rbind 1127058259 M * Hollow well, you can just set them from outside, no? 1127058280 M * Bertl what? 1127058284 M * Hollow bcaps? 1127058300 M * Bertl yes, but they won't apply to processes unless they fork (right now) 1127058315 M * Bertl and they will not allow to be raised easily 1127058340 M * Hollow well, if you create the context and set bcaps afterwards, what would happen if you then start init? 1127058363 M * Bertl depends on how init is started ... 1127058401 M * Bertl but if init is running and you set the bcaps later, it will not take the new limits 1127058412 M * Hollow yeah 1127058446 M * Bertl but as I said, bcaps can be solved ... 1127058454 M * Bertl (easily) 1127058463 M * Hollow mkay 1127058467 M * Hollow so the chroot thing 1127058474 Q * Equonix Quit: 1127058478 M * Bertl chroot/rbind and namespaces 1127058491 M * Greek0 hmm. so we just have to make sure we fork after we set the bcaps (or let spawn-init do the work for us) 1127058690 M * Bertl I assume you want to setup the namespace with an userspace tool ... 1127058714 M * Hollow i'm still not sure what has to be done with the namespaces exactly 1127058714 M * Bertl (instead of engineering the guest via syscalls) 1127058768 M * Bertl Hollow: well, maybe we should delay this until Doener has more time, because he did a lot of namespace investigations 1127058797 M * Hollow yeah, maybe i can take a more detailed look until then too 1127058835 M * Greek0 as far as I understand it it's forking to create a new namespace, rbinding guest-topdir to /, chroot to / (so the current process notices the new root) 1127058874 M * Hollow at which point do you mount the guests fstab? 1127058896 M * Greek0 whereas chroot to / is actually chroot to /path/to/vserver.. at least that's how util-vserver does it currently 1127058925 M * Bertl here is how it was planned/designed: 1127058936 M * Bertl - create a new namespace (CLONE_NS) 1127058949 M * Bertl - cleanup unwanted stuff (part I) 1127058969 M * Bertl - mount whatever is required for the guest (host side) 1127058988 M * Bertl - cleanup unwanted stuff (part II) 1127059002 M * Bertl - mount whatever is required inside the guest (guest side) 1127059013 M * Bertl - rbind + chroot 1127059033 M * Hollow how can a guest mount things? 1127059039 M * Hollow is there a flag? 1127059046 M * Bertl the cleanup and mount parts are twofold because ... 1127059095 M * Bertl a) you might need some mounted partitions to 'mount/bind' them into the guest, and b) you do not require those mounts to hang around inside the guest (once they've been moved/mounted) 1127059112 M * Bertl Hollow: at this point, you have all powers and no restrictions 1127059128 M * Hollow i.e. you do that outside the context? 1127059136 M * Bertl Hollow: but there are some flags to allow secure mounts from inside the guest 1127059137 M * Hollow and then set the namespace to the context? 1127059158 M * Bertl Hollow: context is usually in 'setup' state, so you can do a lot more 1127059183 M * Bertl but yes, any process 'could' provide a namespace 1127059199 M * Hollow jetzt wirds spannend 1127059224 M * Hollow lol, keine mehrheit! 1127059224 M * Bertl we could also have two different namespaces, one for administration the other for guest processes 1127059225 M * Hollow haha 1127059243 M * Bertl Hollow: please english! :) 1127059248 M * Hollow yeah, sorry *g* 1127059273 M * Bertl okay, and I'm off for now ... back around midnight ... 1127059281 M * Hollow yup, cya 1127059294 N * Bertl Bertl_oO 1127059372 M * Greek0 hmm 1127059426 M * Greek0 what I'd like to know is the security aspect of rbind/chroot 1127059497 M * Greek0 and if it wouldn't actually be easier to use pivot_root, since then you can have the host-/ around in the guest namespace until you're sure you don't need it any more 1127061329 Q * nayco_laptop Remote host closed the connection 1127062005 M * gndmstr you can set CAP_SYS_RESOURCE for a number of guests, correct? or is it limited to one guest 1127062164 M * Greek0 you can set it individually for every guest, or you can set a default for every guest 1127062195 M * Greek0 /etc/vservers//bcapabilities vs. /etc/vservers/.default/bcapabilities 1127062238 M * Greek0 or .defaults or whatever it is (you can look it up on the flower page) 1127062429 M * gndmstr cool thanks 1127062505 M * gndmstr im not sure how a gentoo package of bind will be affected by a vserver and i dont want to do a special install because then it will get overwritten on the next update of bind.. this way i can run the update management and not worry 1127062542 M * gndmstr this would only be used in maybe 4 vservers anyway. not every one runs a name server 1127063645 Q * neofutur arion.oftc.net keid.oftc.net 1127063645 Q * michal arion.oftc.net keid.oftc.net 1127063645 Q * nox arion.oftc.net keid.oftc.net 1127063645 Q * eyck_ arion.oftc.net keid.oftc.net 1127063645 Q * sannes arion.oftc.net keid.oftc.net 1127063645 Q * derbien arion.oftc.net keid.oftc.net 1127063645 Q * ntrs__ arion.oftc.net keid.oftc.net 1127063645 Q * Loki|muh arion.oftc.net keid.oftc.net 1127063645 Q * lonewolff arion.oftc.net keid.oftc.net 1127063645 Q * BlueT_ arion.oftc.net keid.oftc.net 1127063645 Q * micah arion.oftc.net keid.oftc.net 1127063645 Q * Getty arion.oftc.net keid.oftc.net 1127063645 Q * AndrewLee arion.oftc.net keid.oftc.net 1127063645 Q * case arion.oftc.net keid.oftc.net 1127063645 Q * meebey arion.oftc.net keid.oftc.net 1127063645 Q * locksy arion.oftc.net keid.oftc.net 1127063645 Q * sladen arion.oftc.net keid.oftc.net 1127063646 J * sannes ~ace@simula-dhcp-084.simula.no 1127063648 J * micah micah@micha.hampshire.edu 1127063650 J * AndrewLee ~andrew@tlug.sinica.edu.tw 1127063655 J * case ~case@donpanic.faveve.uni-stuttgart.de 1127063655 J * michal ~michal@graffias.estrefa.pl 1127063656 J * derbien ~derbien@whiterabbit.nbmc.de 1127063656 J * Getty torsten@eisprinzessin.rz.unixnetwork.org 1127063657 J * BlueT_ ~BlueT@61-59-209-195.adsl.static.seed.net.tw 1127063657 J * eyck eyck@81.219.64.71 1127063657 J * sladen paul@starsky.19inch.net 1127063660 J * meebey meebey@booster.qnetp.net 1127063660 J * Loki|muh loki@satanix.de 1127063661 J * ntrs__ ~ntrs@68-188-50-87.dhcp.stls.mo.charter.com 1127063664 J * lonewolff ~lonewolff@host86-128-17-74.range86-128.btcentralplus.com 1127063945 J * neofutur ~neofutur@neofutur.net 1127064174 Q * DaCa Ping timeout: 480 seconds 1127064412 Q * gndmstr Remote host closed the connection 1127066376 J * gndmstr ~gndmstr@ip1.pathworx.sbbsnet.net 1127066435 M * gndmstr if i want to create a template that i will never run, do i have to create it with the vserver tools or can i just make the directory and install my distro, then mod it to run under vservers but never actually do it. all the clones will link to this 1127066566 M * gndmstr or would it be better to make it run, then prevent it from auto-starting 1127066848 M * daniel_hozac being able to run it would probably be useful if you want to update it post-installation. 1127066862 M * gndmstr which i will.. 1127066884 M * gndmstr it isnt so proper to actually make it a production server tho is it.. i was thinking of something simple like a name server 1127066940 M * daniel_hozac the template? 1127066943 M * gndmstr the philosophy of a template is to be able to run, update pkgs but otherwise remain turned off? 1127066944 M * gndmstr yes 1127066983 M * daniel_hozac it really depends on how you want to use the template. 1127066999 M * Rushmoom gndmstr: That's exactly how I handle it... 1127067030 M * Rushmoom I created a (gentoo-)template, which I have run sometimes, but 99% of the time is shut down, and is just being used to clone new guests 1127067042 M * gndmstr seems reasonable... if i used it as a production server, then the clone would get all the unnecessary larger logs etc that i would have to truncate anyway 1127067052 M * gndmstr makes sense 1127067056 M * gndmstr thats what im doing 1127067080 M * gndmstr heh i get lost when i look at the debian instructions :) 1127067240 M * gndmstr im compiling a single source document for doing a gentoo vserver.... there are sooo many jumps you have to make to find things to do to it and if my 'cohorts' are going to comprehend this at all they need it all in one doc.. so im just gonna start with a link to hollow's how-to and then elaborate on it from there in mine. 1127067342 M * gndmstr it took the mailing list to find out about the file.c patch to make CoW work with reiser and i found the setattr --barrier statement elsewhere as well.. so its been a bit of a detective job but fun :) 1127067380 M * Hollow hm 1127067397 M * Hollow the vserver-new script can clone gentoo guests 1127067423 M * gndmstr yes i saw that just today. going to try it out later. should be good :) 1127067442 M * gndmstr already tried the vemerge and it worked like a champ 1127067445 M * Hollow though i use the template target most of the time 1127067449 M * gndmstr updated only that one guest 1127067486 M * Rushmoom Hollow: Just out of curiosity: Does the vserver-new script already take into account that /etc/hostname changed to /etc/conf.d/hostname? 1127067499 M * gndmstr does it clone by adding a real distro or does it clone by links? 1127067502 M * Hollow it doesn't touch it at all 1127067516 M * Hollow it clones by copying the whole tree 1127067521 M * Hollow no links here 1127067533 M * gndmstr ahh so ~650mb each guest then 1127067540 M * Hollow mine have ~250MB 1127067573 M * gndmstr hmm somehow my template wound up being about 650mb with only proftpd and sshd installed in it 1127067587 M * Hollow seems like you don't use shared portage trees 1127067598 M * gndmstr i didnt on that no 1127067603 M * gndmstr i share distfiles 1127067606 M * gndmstr but thats it so far 1127067620 M * Hollow http://phpfi.com/78963 1127067624 M * Hollow look at this 1127067673 M * gndmstr so then after unpacking stage3, i could just do the links to the host portage tree and proceed 1127067684 M * Hollow no links.. bind mount 1127067692 M * gndmstr thats what i meant 1127067693 M * gndmstr sorry 1127067695 M * Hollow yup 1127067709 M * Hollow let the host sync once per night and you have updated portage all over the place 1127067720 M * gndmstr i found it best tho to mount the distfiles to my nfs distfiles since all machines share that 1127067723 M * gndmstr interesting 1127067735 M * gndmstr good idea. 1127067759 M * Hollow gndmstr: look at vesync, it does the metadata update in each guest as well 1127067784 M * gndmstr is vpackages something you do or is it something that is necessary for vservers 1127067788 M * gndmstr ok 1127067799 M * Hollow sth i do.. because host and guest have very different bin packages in my case 1127067852 M * Hollow dinner, bbl 1127067861 M * gndmstr yeah.. so far mine too.. i use severe opts in my machines, but the guests ive been using stage3.. more being lazy i guess. maybe i should just bite the bullet and do a stage1 and be done with it 1127067864 M * gndmstr ok 1127069207 M * Hollow gndmstr: you could try the new minimal stages 1127069236 M * Hollow http://phreak.xnull.de/gentoo/vserver/stages/ 1127069259 M * Hollow they're i386 builds 1127069268 M * Hollow i686 builds will come soon 1127069351 M * gndmstr maybe im incorrect in this.. my plan is to make a production server template with all installed common packages that any vserver may normally use and just install special packages in the guest.. that way any vserver can have dns apache mysql etc just by setting the config files 1127069357 M * gndmstr is that a wrong way to do it? 1127070143 M * gndmstr is kernel option proc/kcore suport of any use to me or vservers? 1127070146 Q * Rushmoom Quit: 1127070315 M * Hollow gndmstr: you don't need kcore in general 1127070327 M * Hollow and your plan sounds reasonable 1127070360 M * gndmstr ok. cool. so then really the minimal isnt what i want right? i just need to do an optimized build using stage1 as normal? 1127070390 M * gndmstr i use some p3 opts and the i686 stuff seems to run well 1127070444 M * gndmstr CFLAGS="-march=pentium3 -O3 -funroll-loops -fprefetch-loop-arrays -pipe" 1127070456 M * gndmstr are any of those not good for vservers? 1127070672 M * Hollow don't think so 1127070680 M * gndmstr ok cool 1127070716 M * gndmstr im setting up our first production server. not much of a load on this one so if i mess it up almost no impact on the system :) 1127070784 M * Hollow yeah, i'm also running a quite "un-loaded" box 1127070794 M * Hollow 5 guests 1127070827 M * gndmstr the next host will have to be perfect. thats why im messing with my own and only this one production one first as the next host will get hit quite hard 1127070843 M * gndmstr my test bed here has 5 as well 1127070878 J * nayco ~nayco@lns-bzn-10-nan-82-251-52-163.adsl.proxad.net 1127070883 J * DaCa ~danny@mail.limehouse.org 1127070898 M * gndmstr im a bit concerned about virtualizing some of our web servers. some of them do some serious video streaming 1127070900 M * Hollow what specs does your box have? 1127070959 M * gndmstr my test bed is a single p3 933 with only 512mb ram.. the first production server is a single p3 850 with 1gb ram, but that mostly will be housing name servers and a light duty database 1127071000 M * Hollow 5 guests should not be aproblem then 1127071026 M * Hollow well, for sure it depends on the work the guests do, but if you just virtualize your current box it should work fine 1127071107 M * gndmstr yeah based on my tests here it looks like it.. the next box will be a bit more serious but i will take care not to load it too much. that will be a dual p3 850 with 2gb ram.. im gonna ask the boss for a dual amd 2600+ with 4gb for the bigger web host 1127071155 M * gndmstr maybe i can even talk him into a dual amd64 machine 1127071185 M * Hollow gndmstr: by using the hard cpu scheduler you can ensure resources for each guest, you should probably consider it's usage 1127071215 M * gndmstr thats one of the reasons we have so many servers is to spread the load on older hardware. at present there isnt a server above dual 933 in the lot. 1127071226 M * gndmstr hmm.. will have to add that to my studies 1127071252 M * gndmstr thankfully the heavier duty applications dont have to be done for several weeks yet. i have till end of year to virtualize all 39 servers 1127071275 M * Hollow good luck ;) 1127071306 M * gndmstr thanks im gonna need it.. especially with the web servers.. they have an average of 130+ ip addys each.. have to split that up a lot 1127071337 M * Hollow which distros do you use mostly? 1127071345 M * gndmstr and thats a minimum .. all those are secure sites 1127071371 M * gndmstr was 100% redhat and finally convinced the boss gentoo was the way and it will wind up being 100% gentoo by the end of year 1127071380 M * Hollow great! 1127071389 M * Hollow seems like we'll have some more talks then ;) 1127071392 M * gndmstr this first box is gentoo and so will the second one.. im converting existing servers into hosts 1127071403 M * gndmstr you couldnt pay me to run a different distro 1127071409 A * Hollow nods 1127071414 M * gndmstr thats what i use on my main workstation here at home.. 1127071438 M * gndmstr its a dual 933 with 2gb ram and dual monitor setup.. i cant function with less any more 1127071454 M * Hollow heh 1127071478 M * gndmstr i usually keep at least 20 ssh connections open all day 1127071505 M * gndmstr plus several browsers etc.. so people say im nuts when i say i have 10 desktops defined but thats the only way i can organize my work 1127071506 M * Hollow do you just virtualize services on existing boxes, or do you move existing boxes to guests at some new hardware? 1127071563 M * gndmstr right now we are consolidating and virtualizing existing hardware that is under used.. i will be adding existing server services to that and retire the boxes they came from.. then we will have to buy a few new ones as well for the more powerful requirements 1127071600 M * gndmstr like this first production server, the 850.. all its running at present is a private jabber server for us and a name server 1127071665 M * gndmstr the problem i ran into with dedicated servers is the fact that the boss hired a network engineer to creat vlans from our routers to the switches and create dedicated lan switch ports for each machine.. this has caused me more trouble than you can imagine 1127071674 M * Hollow k, so for gentoo vserver things, the best places to look are the vserver howto (you probably read it already), http://dev.gentoo.org/~hollow/ http://phreak.xnull.de/gentoo/ and http://home.xnull.de/work/gentoo/vserver/ 1127071713 M * Hollow ehm.. append vserver/ to the first url 1127071730 M * gndmstr ive read yours... thats how i created my test box out of my 2nd workstation 1127071755 M * gndmstr unless im missing something tho, i think you need to add one thing to yours 1127071757 M * Hollow good, unfortunately it's a bit outdated, will be fixed Real Soon Now (tm) 1127071767 M * gndmstr the setattr --barrier /vservers statement 1127071773 J * Aiken ~james@tooax6-189.dialup.optusnet.com.au 1127071803 M * gndmstr oujtside of that and the file.c patch i needed for reiserfs, it worked perfectly first time 1127071805 M * Hollow the util-vserver ebuilds prints an einfo currently, but you're probably right, not many read those 1127071878 M * gndmstr sometimes itis hard to catch those especially when doing multiple builds.. ive asked several times for them to make it so all info is displayed at the end of the entire thing:) 1127071911 M * gndmstr or placed into a file with instructions at the end to read the file 1127071958 M * Hollow there are some "eloggers" but dunno how and how well they work 1127072039 M * Hollow oh wow, they're solving gtk use flag hell 1127072043 M * gndmstr hmm... never knew about that. will research that as well.. hehe my to-do notes in this file have just reached 5 pages :) 1127072052 M * gndmstr cool 1127072672 M * gndmstr so i hear ngnet doesnt work yet... shame i could really use it.. kernel already has it, so its just iptables and wait for it to work a bit.. i need unique lo in each guest barriered from others in the same host 1127072716 M * Hollow hm, yeah, i'd appriciate some love for ngnet too 1127072763 M * gndmstr wish i knew more about coding for linux i'd take a stab at it.. but the last c programming i did on a professional basis was for msdos 15 yrs ago 1127072832 M * Hollow heh, i'll be afk watching tv, just ping me if you have any questions, i'll notice it.. 1127072843 M * gndmstr needless to say not much is the same :) 1127072869 M * gndmstr ok. think im settled.. installing the kernel in the production machine now 1127072878 M * Hollow k, good luck! 1127072886 M * gndmstr i have a precarious position with these machines .. they have to be right first time 1127072891 M * gndmstr they are 1000 miles away 1127072913 M * gndmstr i have serial console set up but that doesnt help sometimes 1127072916 M * gndmstr ok have fun with tv 1127072917 M * gndmstr :) 1127074350 M * gndmstr does anyone know if /vservers can work as a link either soft or hard to /home/vservers? 1127074583 M * Hollow gndmstr: you shoudl probably change /etc/vserver/.defaults/vdirbase 1127074790 M * gndmstr yeah.. was just trying to be uniform across all hosts 1127074802 M * gndmstr just means it will be in a different place in differnt hosts 1127074822 M * Hollow depending on your partitioning, probably.. ;) 1127074888 M * gndmstr yeah. some servers ill be renaming the backups mount to vservers... i suppose i could be uniform in putting them all in /home 1127074915 M * gndmstr some the home partiton is the largest others the backups one is.. individual backups are no longer used so those are just idle mounts 1127074943 M * gndmstr we rsync to a single multi tb backup storage server 1127075000 M * gndmstr what i had originally thought of doing was creating all the vserver installs on one /vserver partition on the big storage server 1127075027 M * gndmstr all the guests would live there and be run by their respective hosts.. then it would be super easy to move a guest to another host 1127075084 M * gndmstr problem is file access would be at network speed and since there is only a single gb nic in the big server, with all 39 guests hitting it at once it could easily saturate 1127075635 J * nox ~nox@noxlux.de 1127075933 J * jkl eric@c-71-56-237-229.hsd1.co.comcast.net 1127077852 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1127077853 J * quasi2k ~Marcus@dsl-217-17-22-122.teliko.net 1127077859 M * quasi2k hi 1127077918 M * BlueT_ :) 1127077958 Q * lilo Ping timeout: 480 seconds 1127077966 M * quasi2k one problem 1127077974 M * quasi2k installed vserver 1127077982 M * quasi2k worked without problems 1127078004 M * quasi2k but how do i setup a gateway for the hosts 1127078012 M * quasi2k vserver2 1127078063 M * quasi2k could someone help? 1127078068 M * daniel_hozac you don't. the guests use the same networking stack as the host. 1127078116 M * quasi2k got 2 networks eth0 and eth1 (eth1 is internal) 1127078126 M * quasi2k vserver is set up at eth1 1127078147 M * quasi2k but need to connect out through eth0 and it 1127078157 M * quasi2k doesn't work 1127078164 M * daniel_hozac sounds like you don't have the appropriate SNAT rules in place. 1127078204 J * RomanK ~roman@p54A1D8C6.dip.t-dialin.net 1127078208 M * RomanK hi 1127078224 M * daniel_hozac this topic has been discussed to death many times, search the mailling list archives as well as the IRC log archives. 1127078257 M * quasi2k k 1127078289 M * daniel_hozac hello RomanK 1127078377 M * RomanK i'd really like to ask a question about vserver... but... everything works just so fine ;) i guess i just stay here a while and listen to the problems of others ;) 1127078870 M * gndmstr quasi2k- is the host a member of both networks? or only the private network? 1127078911 J * quasi2k_ ~Marcus@dsl-217-17-22-122.teliko.net 1127079054 Q * quasi2k Ping timeout: 480 seconds 1127079661 M * Greek0 Bertl_oO: what do you do in arch/frv/kernel/kernel_thread.S actually? 1127080469 M * gndmstr dont think he is back yet 1127080750 M * Greek0 I know, I'm just placing the question here, hoping for an answer later on 1127080775 M * gndmstr heh then he is one of the very few who reviews his logs from his away timestamp :) 1127080897 M * daniel_hozac Greek0: marks kernel threads as such? 1127081136 M * Greek0 uhm yes, but why does he comment out CLONE_VM for example? 1127081178 M * daniel_hozac it's defined elsewhere. 1127081310 M * Greek0 hmm. I can't see a #define anywhere in the patch. why should that define be duplicated there in the vanilla tree? 1127081334 M * daniel_hozac it's in include/linux/sched.h 1127081539 M * Greek0 sadly sched.h isn't included in kernel_thread.S. it can't even be since sched.h contains c code without ifdef protection 1127081574 M * gndmstr im gonna be lazy here and ask instead of search... is it ok to run cron in a guest? or should the host handle it all? 1127081629 M * daniel_hozac why wouldn't it be ok to run cron in a guest? 1127081655 M * gndmstr not sure. just wanted to be sure is all.. 1127081764 M * daniel_hozac Greek0: i guess frv support is broken then ;) 1127081778 M * Greek0 :P 1127081812 M * gndmstr what about slocate as long as the nightly cron is timed an hour apart in each guest 1127081835 M * gndmstr i can imagine it would bring a server to its knees if it wasnt staggered properly 1127081897 M * Aiken my answer to slocate is uninstall it everywhere 1127081903 M * Greek0 well, it could lead to a certain amount of unresponsiveness perhaps ;) 1127081911 M * Greek0 Aiken: why? 1127081922 M * daniel_hozac Greek0: won't other architectures suffer from the same problem? 1127081949 M * gndmstr LOL i tend to agree but we have several died-in-the-wool rh admins who seriously want that 1127081949 M * Aiken 1. I don;t use locate and 2. I got sick of being woken just after 4 am everymorning from the noise of a 100 gig or so being searched 1127081951 M * gndmstr ok thanks 1127081957 M * gndmstr LOL 1127081974 M * gndmstr i dont have that problem.. the servers are 1000 miles away from me 1127081997 M * Aiken I considered it unnecessary thrashing of the drives in the machine 1127082025 M * gndmstr yeah.. i like find better.. i hardly have to look for anything anyway, but these others are lazy 1127082028 M * Greek0 hmm good point 1127082032 M * Greek0 I don't use it too actually. 1127082063 M * gndmstr besides, if i just keep slocate in the host, then it will index all the guests too 1127082076 M * Greek0 daniel_hozac: I've seen CLONE_KT related stuff in other archs too, but that problem seems to be frv specific, since he commented out the CLONE_VM #define one line above 1127082156 M * daniel_hozac Greek0: but wouldn't a CLONE_KTHREAD define be needed in the other archs? like, say, ppc(64)? 1127082228 M * Greek0 CLONE_KTHREAD is defined in sched.c. the frv problem is that it needs that constant inside an asm file. 1127082280 M * daniel_hozac sched.h, no? ppc(64) and alpha also use that constant in asm files. 1127082324 M * daniel_hozac alpha seems to have some way of moving constants from C to asm though, but i see no such magic for ppc(64). 1127082368 M * Greek0 hu? how does alpha do that? 1127082389 M * daniel_hozac i would imagine it creates a symbol or something with the value of the constant. 1127082406 M * daniel_hozac arch/alpha/kernel/asm-offsets.c 1127082413 M * daniel_hozac DEFINE(...) 1127082602 M * Greek0 .. grepping the kernel tree now 1127082638 M * Greek0 http://paste.debian.net/1949 1127082764 P * quasi2k_ 1127082767 M * daniel_hozac so ppc(64) are just lacking the DEFINE(...). 1127082789 M * Greek0 ppc* have the DEFINE 1127082798 M * daniel_hozac right, but it's not in the patch for CLONE_KTHREAD. 1127082843 M * daniel_hozac yet CLONE_KTHREAD is used in arch/ppc(64)/kernel/misc.S 1127082847 Q * maharaja Ping timeout: 480 seconds 1127082861 M * daniel_hozac or am i completely misunderstanding everything? 1127083011 M * Greek0 daniel_hozac: no, ppc* uses those constants in asm code, and there is no CLONE_KTHREAD DEFINE().. 1127083026 M * Greek0 however bertl is using vserver on his ibook afaik 1127083035 A * Greek0 is confused 1127083041 Q * Aiken Remote host closed the connection 1127083042 J * Aiken_ ~james@tooax6-189.dialup.optusnet.com.au 1127083042 M * daniel_hozac yeah, that's what makes me think i'm confused. 1127083239 M * Greek0 I guess it's easier to wait for bertl to come back then to set up cross-compiling for another arch now 1127083250 M * daniel_hozac probably :P 1127083802 M * Greek0 ok, off sleeping 1127083803 M * Greek0 cu 1127083809 M * daniel_hozac good night 1127085073 M * gndmstr question 1127085100 M * gndmstr on a gentoo template im building i just noticed that the boot runlevel has all broken links.. is this normal or should i del and re-add them 1127085134 M * daniel_hozac i don't know how Gentoo works, but you probably shouldn't run the boot runlevel in vservers. 1127085146 M * gndmstr maybe thats why they are broken 1127085154 M * gndmstr the things they run seem to be set anyway 1127085168 M * gndmstr ill leave it alone 1127085181 Q * nayco Quit: Bonne nuit ! 1127085383 N * Bertl_oO Bertl 1127085391 M * Bertl evening folks! 1127085447 M * gndmstr evening :) 1127085502 M * Bertl Greek0: CLONE_KTHREAD is pretty new, and I 'assumed' that respective .S files would just #include proper definitions instead of redefining it over and over again .. but we already discovered that alpha (and probably other archs) has funny ways to do it :) 1127085514 M * Bertl hey gndmstr: everything fine? 1127085749 J * quasi2k_ ~Marcus@dsl-217-17-22-122.teliko.net 1127085771 M * Bertl welcome quasi2k_! 1127085793 M * Bertl Greek0: but thanks for the hint, will update those archs too ... 1127085804 J * maharaja maharaja@ip52.ipax.at 1127085812 M * Bertl welcome maharaja! 1127085820 M * quasi2k_ could someone please help me with routing couldn't get it running 1127085829 M * quasi2k_ allready searched web 1127085837 M * Bertl what is the issue? 1127085891 M * quasi2k_ server running vserver got 2 interfaces eth0 inet eth1 internal shorewall as firewall installed (iptables) vserver setup with eth1 1127085903 M * quasi2k_ couldn't reach inet with vserver 1127085917 M * Bertl well, classical misconfiguration of shorewall 1127085927 M * Bertl try to add the following: 1127085968 M * Bertl iptables -t nat -I postrouting -s -j SNAT --to 1127085995 M * Bertl s/postrouting/POSTROUTING/ 1127086088 M * quasi2k_ iptables -t nat -I postrouting -s 192.168.1.200 -j SNAT --to 217.17.22.122 1127086088 M * quasi2k_ iptables: No chain/target/match by that name 1127086108 M * Bertl *see my correction* 1127086154 M * quasi2k_ thx:-) 1127086159 M * Bertl you're welcome! 1127086167 M * quasi2k_ do you know where to add in shorewall 1127086183 M * Bertl no idea, don't use it ... but I know it can be added ... 1127086200 M * Bertl maybe somebody else here knows the details ... 1127086270 Q * prae Quit: Pwet 1127087805 Q * Blissex Read error: Connection reset by peer