1132617600 M * Bertl okay, if you use the guest ip for the -I option? 1132617628 M * BreezBl0k SNAT all -- 192.168.0.8 <<< vservers IP anywhere to:192.168.0.1 <<< router Host systems IP 1132617636 M * BreezBl0k that make sense? 1132617652 M * Bertl BreezBl0k: can you write that as iptables rule? 1132617659 M * ag- [00:58:54|9|root@caladan:~]# tcpdump -vvnei eth0 icmp 1132617659 M * ag- tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 1132617659 M * ag- 01:00:36.976747 00:a0:24:cb:79:ef > 00:07:cb:1f:98:7e, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 84) 82.238.123.217 > 72.14.207.104: icmp 64: echo request seq 1 1132617663 M * ag- 01:00:37.136183 00:07:cb:1f:98:7e > 00:a0:24:cb:79:ef, ethertype IPv4 (0x0800), length 98: IP (tos 0x0, ttl 236, id 0, offset 0, flags [DF], length: 84) 72.14.207.104 > 82.238.123.217: icmp 64: echo reply seq 1 1132617670 M * BreezBl0k $ 1132617670 M * BreezBl0k -A POSTROUTING -s 192.168.0.8 -j SNAT --to-source 192.168.0.1 1132617681 M * ag- sorry for the previous flood of 3 pings... 1132617707 M * Bertl ag-: and which one is the google ip? 1132617723 M * ag- 72.14.207.104 and 64.233.187.99 are google IPs 1132617746 M * Bertl okay, strange that this works with masquerading ... 1132617775 M * Bertl ag-: please if possible upload the output of 'iptable -t nat -L' 1132617842 M * ag- i have only that in POSTROUTING: 1132617842 M * ag- Chain POSTROUTING (policy ACCEPT) 1132617842 M * ag- target prot opt source destination 1132617842 M * ag- MASQUERADE all -- anywhere anywhere 1132617866 M * Bertl have to try that too :) 1132617924 M * ag- precisely: 1132617926 M * ag- pkts bytes target prot opt in out source destination 1132617926 M * ag- 31454 1915K MASQUERADE all -- any eth0 anywhere anywhere 1132617952 M * ag- Bertl: btw, why shouldn't it work? 1132617993 M * Bertl well, the 'original' idea behind masquerading is the process of connection tracking and dynamic port mapping 1132618018 M * Bertl both is not required for SNATing a guest to the host ip 1132618031 M * Bertl i.e. the SNAT can be done stateless 1132618058 M * Bertl thus, the MASQ only applies to 'forwared' packets 1132618075 M * Bertl (but the packets from guests are not forwarded at all) 1132618228 M * ag- Bertl: i need to precise i have my guests setup on eth1, eth0 being internet output linked to the ISP ATM blackbox... 1132618281 M * ag- input/output, of course :) 1132618293 M * Bertl hmm .. via ATM? 1132618318 M * ag- well, not directly, the blackbox takes care of it 1132618334 M * Bertl so you still speak ethernet 1132618337 M * ag- it's an ethernet connection between the blackbox and the machine 1132618368 M * ag- yes, what i wanted to say is it's not a ppp device, but you understood it :P 1132618450 M * BreezBl0k tcpdump shows the pings going to google from the vserver to the host internet connection 1132618470 M * BreezBl0k but the vserver says 90 packets transmitted, 0 packets received, 100% packet loss 1132618496 M * Bertl BreezBl0k: the important question is, what ip do they use? 1132618511 M * Bertl BreezBl0k: if they use the guest IP, then it will not be routed 1132618513 J * infowolfe ~infowolfe@209-193-49-16-cdsl-rb1.anc.acsalaska.net 1132618529 M * Bertl BreezBl0k: (unless you are using a public ip for that) 1132618535 M * BreezBl0k 192.168.0.8 is the vserver 192.168.0.1 is the host and gateway 1132618556 M * Bertl BreezBl0k: but neither of them is your public ip, right? 1132618577 M * BreezBl0k well i have got it routed on the host so it displays my public ip 1132618586 M * Bertl BreezBl0k: the host will use another IP for the public, right? 1132618593 M * BreezBl0k yup 1132618598 M * BreezBl0k 81.xxxxxxx 1132618601 M * Bertl so, now if you do: 1132618626 M * Bertl ping -c 1 -I 81.xxxxxxx www.google.com 1132618631 M * Bertl then this will work, but 1132618638 M * Bertl ping -c 1 -I 192.168.0.x www.google.com 1132618640 M * Bertl will fail 1132618654 M * Bertl what you need is the following iptables entry: 1132618683 M * Bertl iptables -t nat -A POSTROUTING -s 192.168.0.8 -j SNAT --to 81.xxxxxxx 1132618701 M * Bertl (or make that -I instead of -A if you already have some rules there) 1132618706 M * BreezBl0k niether work the ping -c 1132618734 M * Bertl not even the first one with the 81.xxx ip? 1132618750 M * Bertl (in this case you do not have network connectivity :) 1132618763 M * BreezBl0k im doing that on the vserver right? 1132618769 M * Bertl on the host 1132618773 J * infowolfe_ ~infowolfe@209-193-52-201-cdsl-rb1.nwc.acsalaska.net 1132618782 M * BreezBl0k ahh 1132619007 M * BreezBl0k woot! 1132619016 J * shedi ~siggi@inferno.lhi.is 1132619020 M * BreezBl0k i had to put the SNAT above the masquerade 1132619041 M * Bertl BreezBl0k: well, yes, you should handle the 'local' hosts first 1132619048 M * BreezBl0k thankyou thankyou! 1132619055 M * Bertl you're welcome! 1132619076 Q * infowolfe Ping timeout: 480 seconds 1132619141 M * BreezBl0k its it wise to do a apt-get dist-upgrade for a vserver? 1132619172 M * Bertl hmm .. largely depends on the config 1132619192 M * BreezBl0k well its a fresh install 1132619199 M * BreezBl0k so no harm in trying 1132619303 M * BreezBl0k right im gonna hit the sack 1132619304 M * ag- BreezBl0k: btw, what kernel/patch are you running? 1132619310 M * BreezBl0k im using 1132619326 M * BreezBl0k 2.6.12-vs2.0-gentoo-r1 #1 SMP 1132619349 M * Bertl ag-: you are with 2.6.14, right? 1132619378 M * ag- Bertl: yup, but with 2.6.12-vs2.0, my current config was working too 1132619390 M * Bertl ah, okay ... 1132619427 M * ag- actually, this was 2.6.12.4-vs2.0, i think 1132620167 Q * BreezBl0k Quit: —I-n-v-i-s-i-o-n— 2.0 Build 3515 1132620221 M * derjohn Did anyone run VLS and Linux-Vserver guests on the same host? 1132620232 M * derjohn s/VLS/LVS/ 1132620237 M * sizo n8 1132620249 M * Bertl night sizo! 1132620252 M * sizo nite bertl 1132620253 M * Bertl derjohn: should work 1132620268 M * derjohn Bertl, should reads like "I think so" 1132620280 M * Bertl derjohn: yes, didn't test it recently ... 1132620289 M * derjohn Bertl, but in former times? 1132620298 M * Bertl yes, around 1.9.x 1132620318 M * derjohn In wich way? I mean LVS mit NAT RR-ing to the guests???? 1132620333 M * derjohn s/mit/with *lol 1132620344 M * Bertl hmm, no, don't think that would work 1132620386 M * derjohn I did you LVS within a guest (cannot imagine that) 1132620449 M * Bertl well, LVS works on a router 1132620477 M * Bertl so what I tested is simply that it can do load balancing while compiled with the vserver patches 1132620481 M * derjohn well, I'm thinking about running a apache with ssl and as reverse proxy on the same host as LVS. 1132620516 M * Bertl what would be the purpose/gain? 1132620636 M * micah Bertl: /win go #shorewall 1132620638 M * micah err 1132620649 M * micah I thought I said Bertl: hi! 1132620651 M * micah :) 1132620652 M * Bertl micah: hmm, yes? 1132620668 M * micah mistype 1132620841 M * micah I was going to point out that I am getting "martians" detected on my host because I am networking between loop-back interfaces 1132620859 M * micah for example: martian source 69.80.124.200 from 127.0.0.1, on dev eth0 1132620943 M * Bertl hmm, none of the two listed ips is a martian, right? 1132620967 M * micah no, the first IP is the IP of one of my vservers 1132620975 M * micah the second is of course my loopback 1132620989 M * micah but I have some vservers with interfaces with ips like "127.0.0.2" 1132620990 M * Bertl so, whoever is complaining here, is wrong ... 1132621048 M * micah Bertl: comes from the kernel, when this is set: /proc/sys/net/ipv4/conf/eth0/log_martians = 1 1132621088 M * Bertl yes, well, using 127.0.0.x addresses for guests isnt a good idea anyways .. 1132621165 M * derjohn Bertl, Purpose is to have ONE apache mit https Cert has has n many non ssl apaches in th backend 1132621208 M * Bertl derjohn: hmm, as request delegates? 1132621217 M * derjohn Bertl, you might ask what this has to do with vserver? well, the apache ssl could be in a own conext for security reasons. 1132621229 M * derjohn Bertl, yes, good description 1132621242 M * Bertl so why not do a subrequest via rewriting? 1132621245 M * derjohn or maybe some other https proxy? 1132621268 M * derjohn Bertl, on mod_rewrite basis you mean? 1132621282 M * Bertl for example ... 1132621308 M * micah I guess I should change all these 127.0.0.x addresses to 10.0.0 or 192.168 or other rfc1918 ips 1132621308 M * Bertl you can do the subrequest on private ips to different guests or inside your entwork 1132621324 M * Bertl micah: yes, that would be a good idea 1132621354 M * derjohn Bertl, can you rewrite from a 443 request to 80 request? 1132621368 M * Bertl at least you can do subrequests quite fine 1132621379 M * Bertl as the security is to the first apache only 1132621404 M * derjohn Bertl, in a subrequest something "defined"? 1132621413 M * derjohn (never heard before) 1132621424 M * derjohn or just means what it reads like? 1132621432 J * FireEgl Atlantica@Atlantica.DollarDNS.Net 1132621551 M * Bertl derjohn: check for perl or php modules, both support 'subrequests' 1132621572 M * ag- derjohn: you can rewrite any URL, hoping the browser will cope with it :P 1132621572 M * Bertl of course, the mod_rewrite should be able to do simple subrequests too 1132621666 M * Bertl http://httpd.apache.org/docs/2.0/mod/core.html (search for subrequest) 1132622035 M * derjohn hm, I would have to write some hash function to share load between servers ... ? 1132622199 M * Bertl hmm, you have a farm of apaches behind the main apache? 1132622243 M * derjohn client -> { LVS -> Reverse Proxy } -> realserver does not work. The idea was client -> { LVS -> { vserver- rev. apache}} -> realservers 1132622289 M * derjohn But the host stack "sees" all guest IP (unless NGnet), so it is probably no differnence 1132622316 M * Bertl please explain the vserver- rev. apache part 1132622342 M * derjohn well I want only ONE cetrificate (SSL) woll all backend at one central place 1132622371 M * Bertl okay, let this be the 'main' apache on host A 1132622373 M * derjohn so the reverse does the ssl stuff and put it's uncrypted load to the BE 1132622389 M * derjohn affirmative 1132622391 M * derjohn yes 1132622393 M * Bertl (could also be _inside_ a guest) 1132622401 M * derjohn yes! 1132622420 M * Bertl okay, now let this one do a subrequest 1132622441 M * Bertl to a certain ip _outside_ hostA 1132622448 M * derjohn main-apache "un-ssl-s" it and does a subrequest 1132622457 M * Bertl right 1132622464 M * derjohn to which host in the bE? 1132622487 M * derjohn RR? wRR? least connection (this is the scheduler at the time) 1132622496 M * Bertl well, you probably can use LVS load balancing to distribute the outside ip 1132622512 M * Bertl at least I'd assume it should work 1132622517 M * derjohn after or before "main"? 1132622525 M * Bertl after main 1132622557 M * Bertl you can not use a different IP for the ssl termination 1132622570 M * Bertl otherwise you would break with ssl 1132622605 M * derjohn mom ... *think* ssl-certs are domain-bound? 1132622608 M * derjohn not ip 1132622636 M * Bertl ahem, no, they are ip specific 1132622655 M * Bertl that is, because _before_ the domain is even transmitted, the ssl connection is there 1132622657 M * derjohn ssl opens a socket to an ip an then exchanhes the cert. 1132622673 M * derjohn yes, agreed. 1132622702 M * Bertl that's why you can not have different domains on the same IP/cert 1132622711 M * derjohn ack 1132622750 M * derjohn ah, you mean the client will connect to the LVS-external-IP. if LVS forwards it to main, the ssl algo will fail. 1132622770 M * Bertl yep 1132622789 M * derjohn so the only possible solution is get the request with apache and then VLS it to the BEs. 1132622825 M * Bertl yes, while you could do without the LVS, by using a simple name->ip lookup and a nameserver with RR 1132622916 M * derjohn you mean an "internal" DNS? doesn't the one apchae cache it's requets? but besides that, there may be need to give the BE servers a differnet default GW (load balancing) 1132622960 M * Bertl you can't serve the data from the non-main apaches 1132622971 M * Bertl they have to pass through the main apache to be ssl-ed 1132623012 M * derjohn Bertl, hm, yes ! /me slaps his forehead ;) 1132623251 M * derjohn Bertl, but the VLS think after main only works in theory? I would like to go for LVS, due to it's schedulers, and failover with master->slave connection cache etc. 1132623297 M * Bertl you have to try that, and I'd welcome if you report back if and how it works (or does not work) 1132623333 M * derjohn ok, will do. may have to do with my next payware project. 1132623358 M * derjohn (but first I have to check the quagga bgp md5 kernel patch ;)) 1132623394 M * Bertl hmm, let me know if that works too .. 1132623523 M * derjohn someone brave made the cryptoapi "atomic" for 2.4.32. We assume that the kernel crash (slab.c) occured, when there was an interrupt while the tcp-session's md5 was calculated in the cryptoapi (has something to do with GFP*) 1132623710 M * Bertl derjohn: tx f. email 1132623743 M * derjohn Bertl, just in case I lose or forget it ;) 1132623758 M * Bertl hehe 1132623776 A * derjohn is hoping someone will put this into 2.6.x after it's proven that it works ;) 1132623799 M * derjohn dunno how 2.4 and 2.6 cryptoapi differ though 1132623800 M * Bertl well, I guess it is a question of latency ... 1132623830 M * derjohn Bertl, the tcp-md5-patch itself made it never into the kernel. 1132623871 M * derjohn You have to get the quagga and kernel patches, too (from hasso teppers homepage) if you try to run quagga with that. 1132623899 M * Bertl yep, I know ... 1132623907 M * derjohn k 1132624218 M * Bertl derjohn: btw, your FAQ contains a lot of nice stuff, you might consider either reintegrating that or to integrate the main FAQ ... (and as sidenote, you got the last ''Q wrong (you can use the preview for checking) 1132624466 M * derjohn Bertl, I will take more care, if I know people read stuff ;) I pretty happy that some even use the debian -vs21 kernels. 1132624487 M * derjohn Bertl, at least I know you read it :) 1132624527 M * Bertl well, haven't really checked it yet, but had a brief look 1132624569 J * anonymousc ~anonymous@203.26.95.33 1132624614 M * derjohn Bertl, hope you find sth new in it *lol* , well I can move it into main FAQ, but would try to keep mine as a "pre-filter". If I am of some oppinion it may not be the absolute truth ;) 1132624761 Q * mnemoc Ping timeout: 480 seconds 1132624994 M * Bertl derjohn: well, I'm fine with that ... 1132625026 M * derjohn ok, will do. but not now. I am leaving the bertl-tz now ;) 1132625038 M * Bertl k, good night then! 1132625075 M * derjohn thjx 1132625077 M * derjohn thx 1132625410 J * mnemoc ~amery@200.75.27.18 1132625431 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1132625440 M * Bertl welcome ryker! 1132625441 A * miller7 wonders if anyone is using Chello internet here 1132626692 M * Bertl miller7: very likely, but they do not want to admit it :) 1132626700 M * miller7 :P 1132626712 M * miller7 baaaaad bad people 1132626764 M * miller7 Bertl: is 2.6.12 kernel good for vservers? 1132626807 M * Bertl not as good as 2.6.14.2 :) 1132626832 M * miller7 Oh ok 1132626839 M * miller7 will dload it then 1132626859 M * Bertl there was a lot of cleanups in 2.6.14 1132626868 M * miller7 ic 1132626887 M * miller7 cleanups by you? 1132626896 M * Bertl no, not really :) 1132626982 M * miller7 ok, gonna get myself some coffee and be back in 10 mins 1132628144 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1132628171 M * miller7 mm coffee is nice to wake you up in the early hours :) 1132628290 M * Bertl morning stefani! 1132628389 M * stefani welcome back. 1132628565 M * Bertl anybody still/already awake, please test the following testme.sh: 1132628580 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh-0.14 1132628601 M * Bertl (and let me know if it fails in any obvious ways) 1132629050 M * miller7 I will do so in a while Bert, after I install the new vserver box 1132629060 M * miller7 still upgrading the gentoo box 1132629064 M * miller7 then I will install vserver kernel 1132629068 M * miller7 then test this 1132629076 M * miller7 ok? 1132629102 M * Bertl yeah, sure ... might be that I'm off by then ... but np 1132629108 M * miller7 when will you go? 1132629126 M * Bertl it's 4am now so probably soon ... 1132629131 M * miller7 ok 1132629148 M * miller7 I'll be done with upgrading in about 5 minutes or so (last package is compiling now) 1132629155 M * miller7 so then I have the kernel only 1132629161 M * miller7 can you wait until that? 1132629171 M * Bertl okay, np, should be around for at least 15 minutes 1132629323 J * sebi ~sebi@Fcfa1.f.strato-dslnet.de 1132629332 M * Bertl welcome sebi! 1132629359 M * miller7 Bertl: should I use this one? http://www.13thfloor.at/vserver/s_rel26/v2.0/patch-2.6.12.4-vs2.0.diff.bz2 1132629418 M * Bertl no, give me a minute 1132629422 M * miller7 ok 1132629426 Q * sebi_ Ping timeout: 480 seconds 1132629685 M * Bertl http://vserver.13thfloor.at/Experimental/patch-2.6.14.2-vs2.0.1-rc3.diff 1132629697 T * Bertl Topic: http://linux-vserver.org/ | latest stable 2.0, 2.0.1-rc3, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc8 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1132629709 M * Bertl miller7: take that one 1132629713 M * miller7 ok, just a sec 1132630019 M * miller7 hmmm 1132630028 M * miller7 just a sec Bertl 1132630076 M * miller7 it says I reapplied the patch while I don't think I did 1132630081 M * miller7 let me run it again 1132630233 M * Bertl applies quite fine here ... 1132630247 M * miller7 yeah, probably I screwed up before 1132630263 M * miller7 ok, patched fine too 1132630327 M * miller7 what options will I need to activate in kernel config? 1132630356 M * miller7 I mean I'm asking so that we can make this quicker instead of me looking all the options 1132630360 M * Bertl copy the config from your unpatched kernel 1132630364 M * miller7 did so 1132630370 M * Bertl then do 'make oldconfig' 1132630383 M * Bertl it will ask you only 'new' options 1132630396 M * Bertl (you can take the defaults there then) 1132630404 M * miller7 Preemption Model 1132630420 M * miller7 what do I choose? 1132630429 M * Bertl you take the defaults by pressing 'enter' 1132630476 M * miller7 ok, done so 1132630516 M * miller7 what next? 1132630529 M * Bertl kernel compile time :) 1132630633 M * miller7 ok, compiling 1132630780 M * miller7 how to make your P4 with 4GB ram to run like an 386 1132630783 M * miller7 :) 1132630792 M * miller7 or better 8088 1132630804 M * Bertl install win-xp :) 1132630808 M * miller7 :P 1132630822 M * miller7 no... compiling kernel 2.6 is enough :) 1132630854 M * Bertl ah, no, a p4 will compile that in roughly 10 minutes, while an 8086 will require several hours ... 1132630879 M * miller7 ;) 1132630889 M * miller7 several days probably 1132630903 M * Bertl depends on the config, but yes, might happen 1132630995 M * miller7 it's compiling sound capabilities? Wow... this config needs cleaning 1132631199 M * miller7 ok, rebooting in 1 minute 1132631798 M * miller7 ok 1132631802 M * miller7 what now? 1132631810 M * Bertl compile the tools 1132631815 M * miller7 btw, I managed to hit my head on a wall and it bleeds :( 1132631822 M * miller7 how did I do that :( 1132631845 M * Bertl hmm ... do you need first aid? should I call somebody? 1132631856 M * miller7 call a tall blonde nurse please 1132631877 M * miller7 this tools? http://www.13thfloor.at/vserver/s_rel26/v2.0/util-vserver-0.30.208.tar.gz 1132631905 M * Bertl no, those tools: http://www.13thfloor.at/~ensc/util-vserver/files/alpha/util-vserver-0.30.209.tar.bz2 1132631945 M * miller7 ok done 1132631982 M * Bertl okay, once properly installed, just get the tesme.sh script and execute it 1132632006 M * Bertl (you show you 8 succeeding tests) 1132632044 M * miller7 just a sec, I have to install iproute2 tool 1132632062 M * miller7 or else I can't configure/compile it 1132632103 M * miller7 ok, now it's iptables :) 1132632163 M * miller7 See http://www.candelatech.com/~greear/vlan.html; usually this tool is shipped in the 'vconfig' or 'vlan' package of your distribution 1132632166 M * miller7 what's that now????/ 1132632177 M * miller7 where are all these needed? 1132632213 M * miller7 ok, that was the last one needed 1132632215 M * Bertl well, wait until you get to the beecrypt 1132632222 M * miller7 ????? 1132632262 M * miller7 compiling now 1132632302 M * Bertl don't forget to follow the advices (i.e. use dietlibc and make the distro-install) 1132632379 M * miller7 not sure I know what to do with this 1132632413 M * miller7 make install-distribution 1132632415 M * miller7 I did that 1132632428 M * Bertl good ... time for testme.sh 1132632448 M * miller7 should I run this: setattr --barrier /vservers ? 1132632461 M * miller7 drwxr-xr-x 3 root root 4096 Nov 22 07:06 vservers/ 1132632470 M * Bertl no, the install-distribution will have done that for you 1132632472 M * miller7 ok 1132632478 M * miller7 where is the testme.sh again? 1132632481 M * miller7 where do I get it from? 1132632496 M * Bertl http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh-0.14 1132632530 M * miller7 just a sec... libs are in the wrong place 1132632551 M * Bertl that is not really possible 1132632555 M * miller7 why not 1132632566 M * Bertl because the tools were configured and installed 1132632575 M * miller7 /usr/local/sbin/vserver-info: error while loading shared libraries: libvserver.so.0: cannot open shared object file: No such file or directory 1132632575 M * Bertl so they _know_ where the libs are 1132632588 M * Bertl miller7: then you missed the install part 1132632616 M * miller7 ? 1132632624 M * miller7 I did make; make install; make install-distribution 1132632634 M * Bertl ./configure first, I assume? 1132632638 M * miller7 yep 1132632652 M * Bertl well, then /usr/local/lib is not in your library path 1132632660 M * miller7 ./configure brought up all those errors about iproute2/iptables/vlan thingies missing so I installed and run again 1132632665 M * Bertl (which means you did not configure it properly) 1132632679 M * miller7 # ld.so.conf autogenerated by env-update; make all changes to 1132632679 M * miller7 # contents of /etc/env.d directory 1132632679 M * miller7 /usr/local/lib 1132632679 M * miller7 /usr/i686-pc-linux-gnu/lib 1132632679 M * miller7 /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.5-20050130 1132632695 M * miller7 milo usr # ./testme.sh-0.14 1132632695 M * miller7 Linux-VServer Test [V0.14] Copyright (C) 2003-2005 H.Poetzl 1132632695 M * miller7 chcontext is working. 1132632695 M * miller7 chbind is working. 1132632695 M * miller7 Linux 2.6.14.2-vs2.0.1-rc3 i686/0.30.209/0.30.209 [Ea] (0) 1132632695 M * miller7 VCI: 0002:0001 273 03000016 1132632697 M * miller7 --- 1132632697 M * miller7 [000]# succeeded. 1132632699 M * miller7 [001]# succeeded. 1132632699 M * miller7 [011]# succeeded. 1132632701 M * miller7 [031]# succeeded. 1132632701 M * miller7 [101]# succeeded. 1132632703 M * miller7 [102]# succeeded. 1132632703 M * miller7 [201]# succeeded. 1132632705 M * miller7 [202]# succeeded. 1132632707 M * miller7 ldconfig wasn't run 1132632712 M * Bertl k 1132632721 M * Bertl okay, looks great! 1132632724 M * miller7 cool 1132632727 M * Bertl have fun! 1132632736 M * Bertl I'm off to bed now ... thanks a lot! 1132632743 M * miller7 I'll go check to see if blood is still running from my head :) 1132632747 M * miller7 good night bert 1132632749 N * Bertl Bertl_zZ 1132634796 P * stefani parting (is such sweet sorrow) 1132641095 Q * miller7 Ping timeout: 480 seconds 1132641858 J * cdv ~chdemon@pipe.vmts.ru 1132641950 M * cdv hello, does anybody know quick solution of "chxid Invalid argument" problem? 1132641970 M * cdv fs is mounted with tagxid option 1132643306 M * cdv and it's not a / filesystem 1132646841 Q * ryker Quit: Leaving 1132647466 Q * cdv Ping timeout: 480 seconds 1132648596 Q * shedi Quit: Leaving 1132650913 J * arok ~thorsten@p5495B14D.dip0.t-ipconnect.de 1132652050 J * shedi ~siggi@tolvudeild-198.lhi.is 1132652691 J * TheSeer ~theseer@border.office.salesemotion.net 1132652785 Q * lilo_ Remote host closed the connection 1132652824 J * lilo ~lilo@lilo.usercloak.oftc.net 1132653120 J * yungyuc ~yungyuc@220-135-53-220.HINET-IP.hinet.net 1132655436 Q * Aiken Ping timeout: 480 seconds 1132657981 M * Hollow baggins: around? 1132658833 Q * monrad Quit: Leaving 1132659767 J * chdemon ~cdv@82.162.56.254 1132659821 N * chdemon cdv 1132660369 M * baggins Hollow: yep 1132660424 M * Hollow baggins: regarding your context.conf... you like to help with documentation in general? 1132660437 M * Hollow or even with the whole util-vserver 1132660486 M * baggins if the time permits, yes 1132660506 M * baggins btw why there is no network support in util-vserver? 1132660527 M * Hollow because i did not reimplement it yet :) 1132660554 M * baggins ahh :) 1132660585 M * Hollow the man-page thing got pretty easy, btw.. http://dev.croup.de/proj/util-vserver/browser/trunk/man/vflags.8.in 1132660597 M * Hollow txt2man is your friend then :P 1132660674 M * cdv Hello 1132660682 M * baggins are you going to add support for chbind? 1132660737 M * Hollow no, because chbind uses the legacy network syscall, most of the net thing is already reimplemented with the default syscalls in vncontext.c and vnflags.c, but i'm still missing vc_net_add and vc_net_rem which is quite the essential part of it :P 1132660844 J * ^Cist ~x@p54A5539C.dip.t-dialin.net 1132660854 M * ^Cist moin 1132660878 M * cdv does anybody know solution for "chxid Invalid argument" problem? 1132660912 M * cdv filesystem mounted with -o tagxid and is not a rootfs 1132660922 M * Hollow cdv: which command line did you execute? 1132660946 M * cdv chxid -c 1000 -R /path/to/.. 1132660976 M * Hollow hm, an strace would be helpful.. 1132661048 M * cdv I got but it tales nothing to me :( 1132661073 M * Hollow could you upload the output of the trace somehwere? 1132661109 M * cdv may right here - it's 7 lines only ? 1132661118 M * Hollow probably.. 1132661129 M * cdv execve("/usr/sbin/chxid", ["chxid", "-c", "1000", "/u1/1"], [/* 24 vars */]) = 0 1132661137 M * cdv lstat64("/u1/1", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 1132661142 M * cdv vserver(0, 0x3f, 0, 0, 0x1000000) = 131073 1132661147 M * cdv vserver(0x26020001, 0, 0xbfc75d10, 0, 0x1000000) = -1 EINVAL (Invalid argument) 1132661151 M * cdv write(2, "/u1/1", 5) = 5 1132661155 M * cdv write(2, ": ", 2) = 2 1132661160 M * cdv write(2, "Invalid argument", 16) = 16 1132661166 M * cdv write(2, "\n", 1) = 1 1132661169 M * cdv _exit(1) = ? 1132661235 M * cdv my mount output is: /dev/mapper/vg00-news on /u1 type ext3 (rw,tagxid) 1132661248 M * Hollow ok, let me take a look at the source 1132661263 M * cdv but cat /proc/mounts says: /dev/vg00/storage /u01 ext3 rw 0 0 1132661290 M * Hollow hm, these are different volumes no? 1132661291 M * cdv there is no option set in last output? 1132661303 M * cdv the same 1132661310 M * cdv its lvm volume 1132661314 M * Hollow (always trust /proc/mounts, never trust the mount command) 1132661344 M * cdv and it is available under both this names 1132661350 M * Hollow but /dev/vg00/storage would be /dev/mapper/vg00-storage, no? 1132661414 M * cdv oh sorry I messed the lines 1132661451 M * Hollow so.. what does /proc/mounts show for /ul? 1132661460 M * cdv :/dev/vg00/news /u1 ext3 rw 0 0 1132661479 M * Hollow ok, so tagxid is not enabled.. 1132661488 M * Hollow try: mount-o remount,tagxid /ul 1132661495 M * Hollow mount -o remount,tagxid 1132661531 M * cdv as I know remount doesn't applicable for tagxid activation 1132661547 M * Hollow probably.. umount and mount it again then 1132661552 M * cdv but nevertheless I can unmount and mount it again 1132661556 M * Hollow heh 1132661665 M * cdv it's just the same after mount -o rw,tagxid /dev/vg00/news /u1 1132661671 M * cdv :/dev/vg00/news /u1 ext3 rw 0 0 1132661741 M * Hollow cdv: please run these two test scripts: http://vserver.13thfloor.at/Stuff/SCRIPT/testme.sh-0.14 and http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh-0.11 1132661772 M * cdv i use lvm on software raid5 - may be this is the point, though unlikely? 1132661816 M * Hollow shouldn't matter imo 1132662085 M * Hollow cdv: what did the tests say? 1132662155 Q * Johnnie Quit: G'bye! 1132662202 M * cdv testfs.sh-0.11 still continue to show testing ext2 filesystem 1132662237 M * Hollow so, testme.sh worked fine? 1132671867 T * * Topic: http://linux-vserver.org/ | latest stable 2.0, 2.0.1-rc3, 1.2.10, 1.2.11-rc1, devel 2.1.0-rc8 | util-vserver-0.30.209 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1132671867 T * Bertl - 1132672127 Q * Doener Quit: Leaving 1132672140 Q * infowolfe_ Ping timeout: 480 seconds 1132672151 J * Duckx ~duckx@195.75.27.158 1132672949 J * infowolfe ~infowolfe@209-112-215-110-cdsl-rb1.nwc.acsalaska.net 1132673431 J * Bertl herbert@212.16.62.52 1132673488 Q * Bertl Quit: 1132673516 J * Bertl herbert@212.16.62.52 1132673561 M * Bertl hmm .. am I back? 1132673605 M * Bertl ah, yes seems so :) 1132673821 M * id Hi Bertl =) 1132673831 M * Bertl hey id! 1132674133 M * id Bertl, query 1132674406 M * michal_ Bertl: you seem to be back ;] 1132674696 M * Hollow morning Bertl 1132674736 M * michal_ anyone want buy something like this ? 1132674736 M * michal_ http://moto.allegro.pl/show_item.php?item=71827661 1132674740 M * Bertl morning Hollow! 1132674745 M * michal_ rocket launching car ;] 1132674748 M * michal_ without rocket 1132674752 M * Hollow did you look at the dynamic xid patch? 1132674836 M * derjohn michal_, is there a good place to mount 2-3 TFTs inside=? 1132674842 M * Bertl Hollow: no, sorry, had other stuff to do ... 1132674893 M * michal_ derjohn: hell knows, it's not my ;] 1132674895 Q * monrad Quit: Leaving 1132674930 M * derjohn michal_, I think it will get problems with TUEV here in DE. So: no :) 1132674943 M * michal_ ineed ;] 1132674955 M * michal_ cool thing anyway 1132674960 M * derjohn micah, but ideal for mountinf WLAN antenna! 1132674963 M * derjohn yep 1132674970 M * michal_ lol 1132674984 M * derjohn i mean: real wardriving! 1132675005 M * FaUl derjohn: the bundeswehr has equil things, and they have no problems either, so I think this should not be a problem 1132675023 M * FaUl maybe a little money for the tuef-enigeer :-) 1132675047 M * derjohn FaUl, OMG! (Even with Biodiesel ! :) 1132675067 M * FaUl derjohn: ;-) 1132675111 M * id cya ... 1132675114 Q * id Quit: Leaving 1132675133 M * michal_ :P 1132676157 M * Bertl Medivh: ping? 1132676229 Q * shedi Quit: Leaving 1132677877 J * stefani ~stefani@superquan.apl.washington.edu 1132678105 M * Bertl welcome stefani! 1132678454 M * stefani hola 1132678525 M * Bertl stefani: found a picture of you .. but it doesn't seem you liked to be photographed :) 1132678585 M * baggins Bertl: what needs to be done for new NGNET to work? 1132678599 M * Bertl basically the table virtualizations 1132678610 M * Bertl and the vnet device needs some adaptations 1132678652 M * Bertl baggins: want to address that? or just curious? 1132678685 M * baggins I'd do something if I knew where to start poking ;) 1132678699 M * baggins I can do some cleaning to vnet device 1132678745 M * Bertl ah, no, leave the vnet device ... it needs some changes 1132678761 M * Bertl but you know the 'original' ngnet for 1.9.x? 1132678785 M * baggins never used it, should I start there? 1132678795 M * Bertl it basically contains most of the table virtualizations 1132678823 M * Bertl so, for example, adapting this for the routing tables 1132678833 M * sizo re 1132678842 M * Bertl baggins: (for a start for 'the' routing table) 1132678852 M * Bertl welcome sizo! 1132678857 M * sizo hi bertl 1132678905 M * Bertl baggins: either this, or if you prefer doing something completely different, the iptables (based on skb->nid) 1132678988 M * baggins Bertl: match/target or a new table? 1132679006 M * TheSeer Bertl: any idea what might cause a crond go nuts within a vserver guest? 1132679032 M * TheSeer i get "system error" in /var/log/cron for every process triggered 1132679084 M * Bertl TheSeer: no idea ... 1132679102 M * daniel_hozac TheSeer: strace is your friend ;) 1132679116 M * Bertl baggins: well, table virtualization, the new ngnet does not need iptables, but it has to be 'virtualized' sooner or later 1132679145 M * Bertl baggins: (i.e. that is different to the old ngnet) 1132679155 M * Bertl okay, off for dinenr now ... back later 1132679228 N * Bertl Bertl_oO 1132679949 Q * tanjix Read error: Connection reset by peer 1132682064 J * monrad ~monrad@213083190130.sonofon.dk 1132682082 J * shedi ~siggi@inferno.lhi.is 1132684708 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1132685026 J * Aiken ~james@tooax8-229.dialup.optusnet.com.au 1132686256 J * tanjix tanjix@office.star-hosting.de 1132686258 Q * tanjix Quit: 1132686262 J * tanjix tanjix@office.star-hosting.de 1132686405 Q * shedi Quit: Leaving 1132687530 Q * lilo Ping timeout: 480 seconds 1132687568 J * lilo ~lilo@lilo.usercloak.oftc.net 1132688932 J * dos000 ~dos000@CPE00119572fd49-CM00137186e53a.cpe.net.cable.rogers.com 1132692536 Q * ryker Quit: Leaving 1132692571 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1132692704 Q * ryker Quit: 1132693140 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1132694602 J * lilo_ ~lilo@lilo.usercloak.oftc.net 1132694803 Q * lilo Ping timeout: 480 seconds 1132696748 Q * lilo_ Quit: bbiab 1132697030 Q * sladen Ping timeout: 480 seconds 1132697215 J * lilo ~lilo@lilo.usercloak.oftc.net 1132697433 J * sladen paul@starsky.19inch.net 1132697695 Q * yungyuc Quit: leaving 1132698020 N * Bertl_oO Bertl 1132698028 M * Bertl baggins: ping! 1132698032 M * Bertl evening folks! 1132698218 J * miller7 ~none@213.239.180.101 1132698250 M * miller7 hello guys 1132698320 M * Bertl hey miller7! 1132698329 M * miller7 Hey Bertl 1132698351 M * miller7 can I ask you something? What is the Hollow person about? I mean he makes Gentoo-vserver project 1132698359 M * miller7 should I try that on my gentoo instead? 1132698435 M * miller7 I am in freenode.net #gentoo-vserver but noone's around there 1132698446 M * miller7 I'm confused about what's going on 1132698560 Q * Greek0 Ping timeout: 480 seconds 1132698602 M * Mega-zzz hey BOY! 1132698606 N * Mega-zzz Megabart 1132698636 J * shedi ~siggi@inferno.lhi.is 1132698648 M * Megabart Bertl, you're here? 1132698649 M * Megabart :D 1132698720 M * Bertl Megabart: yep 1132698748 M * Bertl miller7: probably hollow is sleeping 1132698765 M * Megabart good, I have some question to make 1132698782 M * Megabart first (is stupid) 1132698818 M * Megabart which are the problems of vserver? 1132698878 M * Megabart qemu or other emulator are better then vserver? 1132698903 M * ^Cist this is like asking: what are the problems of linux and is *bsd better than windows 1132698953 M * Megabart ^Cist, ok, I change the question 1132698987 M * Megabart If i want to emulate linux, is better to use vserver or other emulator? 1132698999 M * Megabart and why? 1132699006 M * ^Cist vserver doesnt emulate linux at all 1132699021 M * Bertl Megabart: the main question is, what is your aim? 1132699038 M * ag- Megabart: vserver doesn't virtualize at the same level than qemu, uml, or xen 1132699071 M * Bertl well, strictly speaking they are all different :) 1132699111 M * Megabart ok, but vserver is a linux in a linux machine! 1132699124 M * Megabart Bertl Megabart: the main question is, what is your aim? 1132699128 M * Megabart aim???? 1132699142 M * Megabart what means aim? 1132699164 M * Bertl what do you want to accomplish with the virtualization? 1132699187 M * ag- Megabart: aim = purpose = goal :) 1132699225 M * ^Cist if you think of an emulator as an additional layer between the kernel and your apps, vserver isn't an emulator, it's rather some vertical limits that can separate applications without an additional layer 1132699297 M * Megabart i want to have more "virtual" linux for service like apache and other 1132699315 M * Megabart vserver is good for that 1132699320 M * ag- basically, vserver is a huge well done chroot extension :) 1132699413 M * ^Cist if all your apps/requirements are happy with the same kernel, then i'd say that you can't get much better than vserver regarding performance 1132699414 M * miller7 Megabart: if you want to run apache and mysql then vserver is the best possible solution for you taken everything under consideration 1132699443 M * miller7 you can isolate daemons like that very easily and securely 1132699466 M * mugwump Bertl: did I mention I'm talking at linux.conf.au about vserver? 1132699485 M * Megabart therefore, if i want to separate services and i want good performance and good security, vserver is the better solution 1132699519 M * miller7 Megabart: you got that right 1132699536 M * miller7 not good performance... the BEST possible performance from your hardware 1132699553 M * mugwump Anyway, that aside ... should be getting a guy with lots of git experience to setup a public git repo for the patch soon... let me know if you've already got one 1132699559 M * Megabart but, if i want to have a new OS, quemu or xen or.....are the only solution 1132699579 M * miller7 new OS? what do you mean? 1132699587 M * Bertl mugwump: hmm, not that I can remember (but that doesn't mean anything) 1132699595 M * Megabart Operatin system 1132699605 M * ^Cist probably not the only, but vserver won't do this 1132699628 M * miller7 I know what OS means, I didn't understand if by OS you mean Windows for example or you are referring to other Linux distributions also 1132699641 M * Megabart yes yes 1132699659 M * miller7 yes yes what? :) 1132699673 M * miller7 Enrico should have been here :) 1132699680 M * Megabart if i want windows, or other distribution or......macosx, i must use quemu or xen or other emulator 1132699685 M * mugwump there is a strong interest within Catalyst to accelerate acceptance of the vserver patch into the mainstream kernel, and sending patches in cogito's split patch e-mail format might make some people start to take more notice 1132699686 M * Megabart it is right? 1132699696 M * ^Cist other distributions isnt a problem 1132699699 M * miller7 if you want another distribution (like SUSE) you run it inside a vserver 1132699703 M * mugwump but more on that when I have something to show... 1132699703 M * ^Cist linux distributions 1132699704 A * mugwump & 1132699721 M * miller7 if you want Windows you run it in an emulator, like VMWare, Virtual PC, or the others you mentioned 1132699752 M * Megabart WOWWWWWWWWW 1132699764 M * Megabart here it snows! 1132699803 M * Bertl we have 15cm of solid snow here :) 1132699820 M * Megabart much snows = no job! 1132699859 M * Megabart Where? 1132699889 M * Megabart here 3-4cm max :/ 1132700022 M * Megabart What do you live Bertl? 1132700083 M * Megabart with what permission the vserver run? 1132700083 M * Bertl Austria, Europe, the land of the mountains and snow :) 1132700093 M * Megabart wowwww 1132700109 M * miller7 Megabart: how old are you? 1132700114 M * Megabart I live in Italy 1132700147 M * Megabart miller7, i have 22 years 1132700172 M * miller7 :) 1132700174 M * Megabart why? 1132700177 M * miller7 just wondering 1132700203 M * Megabart i don't understand 1132700223 M * miller7 so, any more questions about vserver? 1132700255 M * Megabart now........no :D 1132701154 Q * ryker Quit: Leaving 1132701645 J * ryker ~ryker@c-67-176-240-74.hsd1.in.comcast.net 1132702292 Q * neofutur_ Remote host closed the connection 1132702300 J * neofutur ~neofutur@neofutur.net 1132702420 Q * Loki|muh Remote host closed the connection 1132702433 J * Loki|muh loki@satanix.de 1132702553 J * cdv ~chdemon@pipe.vmts.ru 1132702554 Q * meebey Remote host closed the connection 1132702556 J * meebey meebey@booster.qnetp.net 1132702622 Q * cdv Quit: 1132703006 J * Aiken_ ~james@tooax7-089.dialup.optusnet.com.au 1132703331 Q * Aiken Ping timeout: 480 seconds 1132703487 P * stefani I'm Parting (the water)