1145145658 M * ray6 daniel: ah, OK, I'm building inside a minimalistic installed xen DomU :)
1145145689 M * daniel_hozac FYI, i'll have -14 RPMs ready in a few minutes.
1145145750 M * ray6 that's .30.210 with your 20 patches?
1145145760 M * daniel_hozac yes.
1145145778 M * ray6 just built -5 through :)
1145145789 M * derjohn daniel_hozac, are the 20+ set fc specific?
1145145812 M * daniel_hozac derjohn: 1 is Fedora/CentOS specific, 1 is Fedora Core 5 host and guest support.
1145145841 M * derjohn ah, fc5 runs now as guest without hazzles?
1145145844 M * daniel_hozac then quite a few of the patches come from the Debian and Gentoo packages.
1145145866 M * derjohn but they didnt make it into ensc's upstream release?
1145145877 M * daniel_hozac none of these are in ensc's tree.
1145145884 M * daniel_hozac he hasn't updated it since 0.30.210 was released.
1145145915 M * daniel_hozac (at least not the public copy)
1145145922 M * derjohn well, it get time someone get CVS access there (/me thinks of daniel_hozac as candidate ;))
1145145931 M * derjohn *write access
1145145981 M * Bertl no problem with that, don't know how savannah handles this though
1145146080 M * derjohn Bertl, you wave write access? Or could you grant write access? (it's mess that all distri-maintainers have to get the secret patches ....)
1145146095 M * Bertl I don't think so
1145146145 M * daniel_hozac ensc is the only one with access to the savannah project, AFAIK.
1145146191 A * ray6 now has FC4 in Dom0, FreeBSD 7 in an DOMU and another DomU running Centos4 with a vserver kernel in which I'm bootstraping a debian guest right now :)
1145146204 M * daniel_hozac ray6: hmm, scratch that, i've got no CentOS roots setup.
1145146205 M * derjohn daniel_hozac, did anyone ever ask to et write access? or isnt that something you'd like to have .. I mean to patch it anyway
1145146238 M * daniel_hozac i wouldn't know. Enrico has been very responsive in the past, i guess he's just swamped with work.
1145146248 M * Bertl derjohn: IIRC the last time somebody (sam) branched the tools into a public repository
1145146266 M * Bertl but the commits there didn't last very long
1145146269 M * derjohn daniel_hozac, yes, no offense to enrico, he did great work!
1145146285 M * ray6 daniel: what do you mean? scratch the image? I've got a cent43minimal.tar.gz :)
1145146296 M * daniel_hozac ray6: mock configs.
1145146385 M * derjohn well at least a "progressive branch" of the utils would ne nice so see ...  (besides that they should drop that silly 'alpha' status addon)
1145146402 M * ray6 daniel: hm?
1145146422 M * daniel_hozac derjohn: that's what HEAD is for.
1145146443 M * derjohn yes, I ensc would give you access to HEAD ;) 
1145146443 M * daniel_hozac ray6: mock is a "rebuild source RPM in chroot" helper.
1145146466 M * derjohn I thought of a parallel branch but head would be cool, too ;)
1145146474 M * daniel_hozac i don't really mind keeping my work as patches.
1145146495 M * daniel_hozac it's easier to build RPMs from a bunch of patches than from a CVS checkout :)
1145146511 M * h01ger munin now produces graphs for number of processes and virtual memory used :)
1145146549 M * derjohn daniel_hozac, well, sure, but how will the patches go into uptream? Do you commeit them on savannah?
1145146557 M * daniel_hozac ray6: http://rpm.hozac.com/dhozac/fedora/5/vserver/SRPMS/util-vserver-0.30.210-14.fc5.src.rpm
1145146562 M * derjohn (or send them to enrico)
1145146576 M * daniel_hozac derjohn: well, the larger ones already have a patch entry at savannah's tracker.
1145146593 M * ray6 is there something fc5 specific in that SRPM? I'm using C4 as the host currently
1145146608 M * daniel_hozac ray6: no, the sources are all the same.
1145146762 M * ray6 procfs-security. Please read the FAQ for more details
1145146769 M * ray6 /proc/uptime can not be accessed. Usually, this is caused by
1145146771 M * daniel_hozac service vprocunhide start ;)
1145146771 M * ray6 hmmm
1145146795 M * ray6 I should reboot after installing the vserver utils? :)
1145146816 M * daniel_hozac no, just starting the vprocunhide service is sufficient
1145146822 M * ray6 (or "should have ..." :)
1145146934 M * ray6 ok, looks good, got the debian guest running
1145147086 M * derjohn secure-mount: chdir("/dev/pts"): No such file or directory -> was this one of the current issues with the utils?
1145147092 M * ray6 oh, running short of memory in the guest's host. 64MB and no swap there %-)
1145147137 M * daniel_hozac derjohn: no, but that should've been created by the vserver ... build.
1145147179 A * derjohn slaps himself for copying a complete physical udev-ed server in .....
1145147520 M * shuri lol
1145147554 M * Bertl daniel_hozac: did the source mapping help/work for you?
1145147565 M * daniel_hozac Bertl: i haven't tested it yet.
1145147634 Q * shuri Remote host closed the connection
1145148015 Q * Wenix Remote host closed the connection
1145148194 P * matta 
1145148668 M * Bertl daniel_hozac: cool, the osdl results finished
1145148695 M * Bertl seems there are no great differences except for the sparse run which ahs 18160 warnings :)
1145148719 M * daniel_hozac haha, wow.
1145148769 M * Bertl but you should look at the output, looks really cool
1145148820 M * daniel_hozac yeah, that's so much better than the other ones.
1145148873 M * Bertl but I think the sparse run was just not done on mainline yet
1145148985 M * Bertl or maybe an unfortunate run, as the 2.0.2 passed the sparse
1145149004 M * Bertl ah, no, sorry, wrong tab :)
1145149028 M * nebuchadnezzar derjohn: you can check the http://www.asgardr.info/twiki/bin/view/Main/MasteringVservers to look at --exclude --include stuff :-)
1145151289 M * derjohn nebuchadnezzar, yes, looks good. even with mtr-tiny :) I will try with my next build !
1145151346 M * nebuchadnezzar ok
1145151361 M * nebuchadnezzar I have some vxW: xid=400 did hit the barrier
1145151401 M * nebuchadnezzar is there a way to make all the barrier stuff clean ?
1145151403 M * Bertl that means somebody tried to manipulate a dir with the barrier set
1145151419 M * Bertl vattrib --~barrier
1145151429 M * Bertl probably recursive and such, see --help
1145151439 M * Bertl vattr
1145151464 M * Bertl nonsense
1145151471 M * Bertl setattr
1145151481 M * Bertl setattr -R --~barrier 
1145151498 M * nebuchadnezzar on the host / ?
1145151513 M * nebuchadnezzar and then setattr --barrier /var/lib/vservers
1145151515 M * Bertl well, wherever you suspect invalid barriers
1145151530 M * Bertl no, you want: setattr --barrier /var/lib/vservers/guest/..
1145151542 M * Bertl note that the '..' is literal
1145151550 M * nebuchadnezzar arf
1145151906 M * derjohn anyone tried hylaFax with ISDN/CAPI within a guest?
1145151932 M * Bertl IIRC, folks got asterisk running, so that should be almost trivial :)
1145151977 A * derjohn @TODO: build asterisk guest
1145152102 M * derjohn ERROR: CAPI not installed, started or have no access rights on it! -> seems it uses kernel calls to the blobby AVM Fritz module, which it isnt allowed within a context
1145152132 A * Bertl is very pleased that the gcc 4.1 compiles showed no new warnings ...
1145152132 J * aRko^ aRko_@85.158.39.179
1145152139 M * Bertl welcome aRko^!
1145152259 M * derjohn n8 folks!
1145152267 M * Bertl good night derjohn!
1145152278 M * gdm hia
1145152290 M * gdm Bertl: did u get a chance to look at that page yet?
1145152308 M * Bertl well, chance yes, but I forgot :/
1145152317 M * gdm ;-)
1145152328 M * Bertl will do so in a few minutes :)
1145152335 Q * aRko^ Quit: 
1145152366 M * gdm ok, kool. the picture, btw, is mainly for some color and not because it is specifically needed
1145152392 M * Bertl we have a picture? :)
1145152432 A * Bertl goes looking ...
1145152432 M * gdm well, diagram
1145152436 M * nebuchadnezzar Bertl: where can I find explanation of the attribute flags ?
1145152464 J * matt1 ~matta@c-68-81-35-243.hsd1.pa.comcast.net
1145152473 M * Bertl nebuchadnezzar: you mean for setattr?
1145152478 M * nebuchadnezzar yes
1145152485 M * Bertl gdm: nice, colorful picture indeed :)
1145152486 M * nebuchadnezzar and showattr
1145152511 M * gdm Bertl: hehe :)
1145152531 M * gdm stolen from another website, of course (there was no copyright notice displayed)
1145152534 M * Bertl nebuchadnezzar: I think there is a howto/explanation regarding the proc hiding stuff
1145152568 M * Bertl that should cover admin, watch and hide
1145152576 M * nebuchadnezzar ok
1145152586 M * Bertl and then the unification stuff, which covers iunlink
1145152596 M * Bertl the iunlink-but-not-immutable is a special case
1145152608 M * Bertl and the barrier itself, which you already know
1145152832 M * nebuchadnezzar ok so only /var/lib/vservers has the B
1145152855 M * Bertl if that is identical to /path/to/guest/.. then yes :)
1145152861 M * Bertl (for all guests)
1145152872 M * nebuchadnezzar yes, for all guests
1145152921 M * nebuchadnezzar so guest can not escape from /var/lib/vservers, but what about escaping their root to go in another vserver root ?
1145153047 M * Bertl that's not possible without the help from outside
1145153054 M * nebuchadnezzar ok
1145153066 M * Bertl well, at least as far as we know :)
1145153305 Q * matt1 Ping timeout: 480 seconds
1145153540 M * nebuchadnezzar Bertl: vxW: xid=1 did hit the barrier <-- xid=1 is not a xid of a vserver
1145153555 M * Bertl that's the spectator context
1145153570 M * nebuchadnezzar as I read yes
1145153572 M * Bertl the one used for vtop or vps
1145153593 M * Bertl that should not happen unless you use the test scripts or so?
1145153606 M * nebuchadnezzar each time i make a vps I get a hit the barrier log
1145153626 M * Bertl hmm, maybe the tools use that to check the barrier?
1145153795 M * nebuchadnezzar vtop do not produce one
1145153817 M * nebuchadnezzar arf
1145153823 M * nebuchadnezzar vps afx produce one
1145153828 M * nebuchadnezzar not vps alone
1145153850 M * nebuchadnezzar which only give my current process
1145153914 M * nebuchadnezzar ok, thanks a lot
1145153919 M * nebuchadnezzar now it's time to sleep for me
1145153927 M * Bertl interesting, why would vps hit the barrier?
1145153943 M * nebuchadnezzar the a
1145153945 A * ray6 also should go to sleep
1145153965 M * nebuchadnezzar Bertl: it looks for all vservers
1145153994 M * nebuchadnezzar ok, so good night
1145153999 M * ray6 Bertl: cu tomorrow...  
1145154004 M * Bertl yeah, but why should it be trying to modify something there ...
1145154013 M * Bertl okay, cya ray6! night nebuchadnezzar!
1145154278 M * knotty Bertl: it seem that 'vps a' hit the barrier only when I am in a guest
1145154372 M * Bertl knotty: ah, that could be
1145154380 M * gdm Bertl: here's another page, too: http://linux-vserver.org/Memory+Allocation
1145154393 M * gdm Bertl: i'd really appreciate comments on that one!
1145154414 M * gdm it is the more practical, i think, rather than the theoretical knowledge behind it
1145154520 M * Bertl hmm, the what is what is wrong :/
1145154534 M * Bertl VM has nothing to do with RAM
1145154557 M * Bertl VM is the sum of all virtual pages inside the guest
1145154571 M * Bertl VML is the sum of all virtual pages locked into memory
1145154587 M * Bertl RSS is the number of pages currently present in RAM
1145154599 M * Bertl ANON is the number of anonymous pages
1145154612 M * Bertl SHM is the shared memory (ipc)
1145154626 M * Bertl the rest is not relevant for memory
1145154708 M * gdm that is the memory allocation page, right?
1145154720 M * Bertl yep
1145154739 M * knotty Bertl: if I am in 2 guests and I do 'vps a' on the host, that hit the barrier 2 times
1145154782 M * Bertl knotty: you sure that you don't have a barrier somewhere else?
1145154836 M * Bertl knotty: let me check the source ...
1145154962 M * knotty I don't know if I have barrier somewhere else, nebuchadnezzar did it
1145155361 M * gdm Bertl: ok, i've updated that page now
1145155395 M * Bertl knotty: hmm, it might actually happen during a normal permission check when traversing the barrier
1145155450 M * Bertl knotty: will check that and when I can confirm that, we'll add the WATCH to the exceptions for that check
1145155497 M * Bertl fs/namei.c ~234 in dx_permission()
1145155523 M * Bertl there is VX_ADMIN and probably there should be VX_ADMIN|VX_WATCH
1145155568 Q * softi42 Ping timeout: 480 seconds
1145155799 M * knotty ok thanks Bertl
1145156188 J * softi42 ~softi@p549D491F.dip.t-dialin.net
1145159055 M * micah besides what appears in vserver-stat and what is in /etc/vservers/<vserver>/context, is there any other way to map a vserver name to its xid?
1145159110 M * Bertl the name is purely userspace
1145159117 M * micah vserver-info <vsname> XID
1145159121 M * micah apparantly does it too
1145159129 M * micah only if its static
1145159149 M * Bertl as I said, the kernel is not involved here
1145159151 M * micah it probably just parses the context file :)
1145159171 M * daniel_hozac micah: vserver-info ... CONTEXT true IIRC.
1145159232 M * micah yeah vserver-info ... CONTEXT doesn't parse the context file, wonder how it gets it
1145159308 M * daniel_hozac it does, that's what the true is for.
1145159319 M * daniel_hozac but first, it asks the kernel.
1145159328 M * micah utilvserver_fmt_long
1145159483 M * daniel_hozac micah: btw, did i tell you about http://daniel.hozac.com/vserver/util-vserver/?
1145159540 M * micah daniel_hozac: I dont think so, how is this different from the CVS?
1145159564 M * micah (besides it being a lot easier for me to figure out when things are newer :)
1145159565 M * daniel_hozac well, CVS didn't have most of the patches until a few hours ago ;) (but it does now, so i guess the point is moot)
1145159620 M * micah so whats new in here? Last I knew was the vcontextuid patch was updated
1145159663 M * daniel_hozac well, it's got all the Debian package patches, and some of the Gentoo ones.
1145159673 M * daniel_hozac plus some easy fixes for bugs in savannah.
1145159736 M * daniel_hozac (apis, condrestart, cpuset, nice, prefix, remove-init-style-gentoo, start-vservers, usage should be the new ones)
1145159942 A * micah starts pulling in patches :)
1145159968 M * micah what is fixed by the apis?
1145160015 M * daniel_hozac typo and letting you specify oldproc and olduts for --enable-apis.
1145160418 M * Bertl okay, I'm off to bed for tonight ...
1145160425 M * micah goodnight Bertl !
1145160428 M * Bertl have a good one everyone ... cya tomorrow!
1145160433 N * Bertl Bertl_zZ
1145160434 M * daniel_hozac good night!
1145160643 J * TheGame TheGame@203.184.13.101
1145160648 M * micah daniel_hozac: what does the prefix patch fix? it looks like it modifies configure
1145160677 M * micah but configure and configure.ac syntax always boggles me
1145160755 M * daniel_hozac vserver ... build -m yum breaks when you configure with --prefix=/ rather than --prefix=. so the patch makes --prefix=/ == --prefix=
1145160823 M * micah thanks
1145160994 M * micah I had part of the start-vservers patch (the okfile fix)
1145161000 M * daniel_hozac yeah, i know.
1145161022 M * micah whats the MARK_ANY add?
1145161041 M * daniel_hozac start-vservers --all --stop will actually stop all vservers, not just unmarked ones.
1145161059 M * micah oh yeah, i just ran into that and was going to look into it :)
1145161074 M * micah i guess that solves that problem
1145161086 M * daniel_hozac it did in my tests.
1145161372 M * micah I dont think I pulled in the fc5 patch either
1145161550 M * micah which appears to make installing fedora guests work more correctly?
1145161557 M * micah i dont really understand redhat 
1145161583 Q * TheGame Quit: LOL. Owned by stirk
1145161583 M * daniel_hozac the fc5 patch lets you install Fedora Core 5 guests, and use it as a host.
1145161728 J * TheGame TheGame@203.184.13.101
1145161750 M * micah lots of changes to this version 
1145162196 M * micah daniel_hozac: thanks for pulling those patches together, I've just uploaded a new version of the .deb with those fixes added that were missing
1145162854 J * Zaki ~zaki@212.118.96.168
1145164592 P * TheGame 
1145165899 J * reedtv ~wangchunh@219.142.143.184
1145165911 P * reedtv 
1145166183 M * Zaki hi
1145167339 Q * Zaki Quit: Leaving
1145167374 J * ZLinux ~ZLinux@212.118.96.168
1145169680 Q * knotty Quit: Parti Ailleurs
1145171355 J * burak ~a@81.215.154.218
1145171388 P * burak 
1145172386 J * Viper0482 ~Viper0482@p54975DA3.dip.t-dialin.net
1145174300 Q * Viper0482 Ping timeout: 480 seconds
1145174459 J * lilalinux__ ~plasma@dslb-084-058-212-040.pools.arcor-ip.net
1145174835 Q * lilalinux_ Ping timeout: 480 seconds
1145174940 J * Viper0482 ~Viper0482@p5497714B.dip.t-dialin.net
1145177168 Q * bogna Quit: 
1145179319 M * nebuchadnezzar hello
1145179348 M * h01ger huhu :)
1145179562 M * nebuchadnezzar are the procs and mount related boot script usefull in a vserver ?
1145179652 M * nebuchadnezzar arf, fstab is empty so no
1145181268 M * h01ger hmmmm... vserver-stat shows the user and the systime used, but i cant find that info in /proc looking at http://linux-vserver.org/HowTo+Read+ProcFS - any pointers?
1145181275 A * h01ger is improving his muninplugins
1145181681 M * mnemoc did you run procunhide?
1145181729 M * h01ger no
1145181762 M * h01ger i can find the infos mentioned in that wiki page in /proc/virtual, but i cant find some info that vserver-stat shows..
1145183999 Q * FireEgl Quit: Bye...
1145185183 J * Dr4g ~Dr4g@80-195-133-218.cable.ubr06.uddi.blueyonder.co.uk
1145185788 Q * mnemoc Ping timeout: 480 seconds
1145186680 M * nebuchadnezzar is here a way to make some cleanup in the .hash ?
1145186717 M * nebuchadnezzar is: find /var/lib/vservers/.hash -type f -links 1 sufficient ?
1145186804 M * nebuchadnezzar or should I rm -rf the directory and rehashify all vservers ?
1145187102 Q * Viper0482 Ping timeout: 480 seconds
1145187229 M * daniel_hozac i use the find command.
1145187294 M * h01ger does anyone use fail2ban or denyhosts with vservers?
1145187530 M * nebuchadnezzar daniel_hozac: ok, and you rm 
1145187548 M * daniel_hozac right, -exec rm -f {} \;
1145187567 M * nebuchadnezzar is should be integrated to vhashify :-)
1145187587 J * Viper0482 ~Viper0482@p54976199.dip.t-dialin.net
1145187592 M * nebuchadnezzar daniel_hozac: is there a way to know who is hard linked to a file ?
1145187599 M * daniel_hozac well, it's not really part of vhashify's job.
1145187647 M * daniel_hozac well, ls -li and find -inum <inode> -xdev?
1145187657 M * daniel_hozac or maybe just find -samefile
1145187681 M * nebuchadnezzar it's not possible that 2 files in .hash are hard-links
1145187691 M * nebuchadnezzar a sort of dead-lock in the .hash
1145187711 M * daniel_hozac no, the same file will always generate the same hash.
1145187719 M * nebuchadnezzar arf, sure
1145187722 M * daniel_hozac that's sort of the point of the hashing :)
1145187727 M * nebuchadnezzar so I rm all -links 1
1145187734 M * daniel_hozac right.
1145187909 M * Hollow :)
1145187916 M * Hollow daniel_hozac: vcd has TLS suport :)
1145187926 M * Hollow gnutls is very nice
1145187934 M * nebuchadnezzar yes 
1145187936 M * daniel_hozac Hollow: i thought you weren't going to implement that :)
1145187940 M * nebuchadnezzar gnutls is good
1145187947 M * Hollow well, it was so freaking easy
1145187948 M * Hollow :P
1145187954 M * Hollow with gnutls
1145187959 M * nebuchadnezzar and what is vcd ?
1145187959 M * Hollow i love it :D
1145187966 M * Hollow vserver control daemon
1145187977 M * nebuchadnezzar ok
1145187990 M * nebuchadnezzar it there some doc somewhere ? draft ,
1145187990 M * nebuchadnezzar ?
1145187993 M * Hollow http://home.xnull.de/work/vserver/vcd.spec.html
1145188025 M * daniel_hozac is the login needed then?
1145188034 M * Hollow yes..
1145188055 M * Hollow this is just _transport layer_ security
1145188073 M * Hollow i still need a username for internal vcd acls
1145188081 M * daniel_hozac yes, but you can use the email address of the client certificate for that.
1145188098 M * nebuchadnezzar the CN in fact
1145188100 M * Hollow hm.. which client certificate?
1145188107 M * nebuchadnezzar Hollow: for the TLS connection
1145188113 M * Hollow i don't have one
1145188118 M * nebuchadnezzar auth by client cert
1145188119 M * daniel_hozac but you could.
1145188119 M * Hollow and i don't need one for ssl sites :o
1145188141 M * nebuchadnezzar Hollow: vcd is developped in C/C++ ?
1145188142 M * daniel_hozac TLS allows mutual verification.
1145188156 M * Hollow then every client would need a cert.. what mess... it's already enought to create certs for the server... tbh that was the hardest part in the tls implementation :o
1145188177 M * daniel_hozac lol
1145188180 M * Hollow you should know that i hate all this crypto stuff
1145188180 M * nebuchadnezzar arf
1145188213 M * nebuchadnezzar Hollow: but it so freaking easy, remember: you love it :-)
1145188213 M * Hollow but yes... i see that there could be dumb admins not protecting their vcd and such... so at least minimum tls..
1145188214 M * Hollow :P
1145188232 M * Hollow the spec still says no TLS for vcd
1145188233 M * Hollow lol
1145188253 M * Hollow no, i don't want to rely on client certs
1145188275 M * daniel_hozac why not?
1145188349 M * daniel_hozac it's far more secure than a username and password.
1145188373 M * Hollow see above :)
1145188438 M * Hollow (i'm just too lazy to get used to tls, ok? :)
1145188450 M * daniel_hozac :P
1145188486 M * Hollow i also just bugfixed the TLS implementation.. someone gave me a patch for it.. ;)
1145188826 J * ciphernaut ~Elive_use@dsl-58-6-115-82.qld.westnet.com.au
1145188966 M * nebuchadnezzar daniel_hozac: what do you think about ard-links with less than (num of vserver) +1 ?
1145189063 M * daniel_hozac well, assuming all of your vservers don't have the same software installed, that's perfectly legit.
1145189072 M * daniel_hozac (and the same distribution)
1145189577 J * Dr4g_ ~Dr4g@80-195-133-218.cable.ubr06.uddi.blueyonder.co.uk
1145189614 Q * Viper0482 Ping timeout: 480 seconds
1145189725 Q * phedny Ping timeout: 480 seconds
1145189913 J * Viper0482 ~Viper0482@p549750BF.dip.t-dialin.net
1145190013 Q * Dr4g Ping timeout: 480 seconds
1145190069 N * Bertl_zZ Bertl
1145190073 M * Bertl morning folks!
1145190210 J * phedny ~mark@volcano.p-bierman.nl
1145190469 M * nebuchadnezzar morning Bertl 
1145190569 M * h01ger moin moin Bertl - are you reading backlog(s) or should i rephrase my questions ? :)
1145190590 M * nebuchadnezzar does /etc/vservers/.default/apps/vuniy/exclude add to the default maybe built-in list or does it completly remplace it ?
1145190661 M * derjohn Bertl, you didnt comment http://linux-vserver.org/ChangeLogExperimental that yet - does this reflect the truth? 
1145190681 M * Bertl h01ger: it's simpler if you repeat/rephrase it :)
1145190688 M * daniel_hozac nebuchadnezzar: completely replace it.
1145190690 M * Bertl h01ger: but yes I do read them ...
1145190712 M * nebuchadnezzar ok, I understand now
1145190724 M * daniel_hozac h01ger: AFAICT, that's just the sum of all currently running processes, not something you should rely on at all.
1145190728 M * nebuchadnezzar if I want to add some I need to do it locally to each vservers
1145190780 M * nebuchadnezzar Is there a way to know the default list ?
1145190798 M * Bertl derjohn: well, the lines you did put there are from me (or?), so they should be fine
1145190824 M * Bertl derjohn: will add the changes between rc6 and rc15 later ...
1145190845 M * daniel_hozac nebuchadnezzar: /usr/lib/util-vserver/defaults/vunify-exclude
1145190867 M * h01ger daniel_hozac, isnt " cat /proc/virtual/$i/status |grep Tasks|cut -f2 " the number of processes on vserver $i ?
1145190869 M * nebuchadnezzar ok thanls
1145190875 M * derjohn misunderstanding: I meant the text i put in front of the changelogs and the idea to split between stable-exp and devel-exp
1145190902 M * daniel_hozac h01ger: yes.
1145190916 M * Bertl derjohn: ahh, well, I just got up :)
1145190917 M * h01ger Bertl, i want to know the milli-secs used (usertime, systime per vserver) as vserver-stat shows, but cant find it in /proc/virtual
1145190918 M * derjohn If the is correct I think that I now understood the release cycling
1145190934 M * h01ger daniel_hozac, so, that number is not reliable ? in what sense ?
1145190992 Q * ciphernaut Remote host closed the connection
1145191040 M * ray6 moring Bertl
1145191062 M * Bertl morning ray6 
1145191089 M * Bertl h01ger: no such information is available, but you can get the user and sys ticks (jiffies) from /proc/virtual/42/sched
1145191099 M * Bertl cpu 0: 3 5 0 0 0 R- 25 6 50 1/4 1/8
1145191099 M * Bertl cpu 1: 0 1 0 0 0 R- 25 6 50 1/4 1/8
1145191130 M * h01ger cpu 0: 34383 18065 0
1145191134 M * h01ger :)
1145191156 M * Bertl see that's user,sys, and hold time
1145191164 M * h01ger hold ?
1145191170 M * Bertl okay, off for lunch ...
1145191177 M * h01ger (and why do you have more numbers?)
1145191181 M * h01ger Bertl, bon appetite!
1145191188 M * Bertl because I use a devel kernel?
1145191194 N * Bertl Bertl_oO
1145191202 M * h01ger Bertl_oO, sure, what numbers are those ? 
1145191350 M * derjohn h01ger, bertl fiddled with scheduler in the lastest release. the scheduler file has now even two more number. and there is schedmon to watch the scheduler from outside the kernel. i _suspect_ those number comming from the new approch ..
1145191394 M * h01ger ah
1145191439 M * derjohn i think the wiki is updated already .... and the old format is still compatible if you upgrade 
1145191461 M * derjohn hm, how can I find out which version of VS a running kernel has?
1145191515 M * derjohn h01ger, with your  munin plugin: do you also count if a guest hits a limit ?
1145191587 M * derjohn h01ger, I mean from the host side in /proc/virtual/<context>/limit
1145191603 M * daniel_hozac derjohn: /proc/virtual/info?
1145191621 M * daniel_hozac (won't tell you exactly, but will give you a pretty good idea)
1145191641 M * derjohn daniel_hozac, hooray it a .... VCIKernel:      031101f6 .... foo? :)
1145191666 M * daniel_hozac not that one, the VCIVersion.
1145191673 M * daniel_hozac VCIKernel is what features are enabled.
1145191721 M * derjohn daniel_hozac, I would file a wish the the proc tells somethign like ct /proc/virtual/vsversion -> 2.1.1-rc28 ... my value is VCIVersion:     0002:0001
1145191762 M * daniel_hozac well, that's why there's a Makefile patch ;)
1145191772 M * daniel_hozac uname -r should contain -vs...
1145191795 M * derjohn h01ger, what VS version do sid's vserver-k7 kernels use? It's not very documented in /usr/share/doc
1145191843 M * derjohn daniel_hozac, yes, _my_ kernels do so: 2.6.15-amd64-vs2.1.0.5.1 , Debian says  2.6.16-1-vserver-k7
1145191888 M * h01ger derjohn, i'm not monitoring hits atm, just started last nite, but i'll note the idea..
1145191905 A * h01ger starts a todo and creates a _directory_ for this little project :)
1145191937 M * daniel_hozac derjohn: ask the changelog?
1145191946 M * derjohn daniel_hozac, but it find it questionable to add it to the uanme, if you add vserver, xen, foo and bar you'll need a triple head to see what kernel is running :)
1145192003 M * derjohn daniel_hozac, Debian has that in /usr/share/doc/packagename.... but the dont mention all patches. maybe in the src-package of the kernel, i'll download it :)
1145192485 M * daniel_hozac derjohn: FYI, http://svn.debian.org/wsvn/kernel/releases/linux-2.6/2.6.16-7/debian/patches/?rev=0&sc=0
1145192523 M * derjohn daniel_hozac, hehe ... you are steadily moving towards Debain ;)
1145192557 M * daniel_hozac not at all :)
1145192766 M * daniel_hozac h01ger: kernel/vserver/sched_proc.h:vx_info_proc_sched_pc shows you what those numbers are.
1145192931 M * h01ger do you have a http-url ? i dont have the source atm...
1145192934 M * h01ger ;)
1145192965 M * daniel_hozac well, it's in the patch, so http://vserver.13thfloor.at/Experimental/
1145192993 M * h01ger ok :)
1145193197 M * derjohn daniel_hozac, not at all? BTW: my new vserver host is called 'hozac' .. the next one will maybe be enrico ... :)
1145193212 M * daniel_hozac lol
1145193239 M * h01ger ok, for the moment i'll care more about sched_proc.h in http://www.13thfloor.at/vserver/s_rel26/v2.01/patch-2.6.14.3-vs2.01.diff but its good to understand. thanx daniel !
1145193493 M * derjohn daniel_hozac, and: it's a debian host :)
1145193643 M * Hollow phreak``: ping
1145193814 Q * Dr4g_ Read error: Connection reset by peer
1145194487 Q * derjohn Remote host closed the connection
1145194829 N * insomnia1 insomniac
1145195946 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1145195946 Q * ntrs Read error: Connection reset by peer
1145196233 J * ntrs__ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1145196640 Q * ntrs_ Ping timeout: 480 seconds
1145198022 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net
1145198238 N * Bertl_oO Bertl
1145198241 M * Bertl back now ..
1145198416 M * ZLinux wb Bertl :)
1145198563 M * Bertl hey ZLinux!
1145199166 M * h01ger hey Bertl - what does hold in /p/v//sched mean ? like iowait ?
1145199189 M * Bertl no, that's the ticks the hard cpu scheduler did put the context on hold
1145199199 M * Bertl i.e. when the token bucket is empty<
1145199249 M * Bertl s/<//
1145199277 M * h01ger its 0 for all my vservers - so none is waiting?
1145199292 J * Oli ~skycode@ip-213-49-144-133.dsl.scarlet.be
1145199292 Q * Oli Quit: 
1145199294 J * Oli_ ~skycode@ip-213-49-144-133.dsl.scarlet.be
1145199325 M * Bertl h01ger: I assume you have no sched_hard activated
1145199353 M * Oli_ hi al
1145199424 M * Bertl hey Oli_!
1145199469 M * h01ger Bertl, right :)
1145199477 M * Oli_ I have a few questions may I bother you ?
1145199480 A * h01ger has been reading http://linux-vserver.org/Scheduler+Parameters now
1145199510 M * Bertl Oli_: sure, but I have to leave now ... have to get to the EasterHegg ..
1145199551 M * Bertl off now .. back in the evening ... cya
1145199556 N * Bertl Bertl_oO
1145199734 M * Oli_ :-D
1145199734 M * Oli_ I just can't activate hard_cpu limits, I have a working debian setup, what flags do I have ti set up int he flags file ?
1145199734 M * Oli_ Bertl : Have a nice Easter ;-)
1145199768 M * ray6 reee
1145199845 Q * Oli_ Remote host closed the connection
1145200028 J * Oli ~skycode@ip-213-49-144-133.dsl.scarlet.be
1145200470 M * daniel_hozac Oli: sched_hard, but it requires your kernel having those features enabled.
1145200639 M * Oli I thought it was so, is there a wy to check that out trough /proc ?
1145200722 M * daniel_hozac /proc/virtual/info
1145200766 M * daniel_hozac VCIKernel, & (1 << 5).
1145200817 M * h01ger VCIKernel:      03000036
1145200830 M * h01ger so yes?
1145200840 M * daniel_hozac right.
1145200843 M * Oli my info file says 
1145200843 M * Oli VCIVersion:     0001:0025
1145200844 M * Oli VCISyscall:     273
1145200844 M * Oli VCIKernel:      83000016
1145200868 M * daniel_hozac hmm, what kernel is that? 1.9.5 or so?
1145200907 M * Oli that's a 2.6.8 with the debian packaged patch
1145200973 M * Oli yeps that 1.9.5.3
1145200993 M * daniel_hozac you might want to upgrade.
1145201005 Q * blizz Ping timeout: 480 seconds
1145201022 M * Oli to 2.01 then ?
1145201038 M * daniel_hozac or 2.0.2-rc16.
1145201048 M * Oli ok
1145201130 M * Oli 1.9.5 doesn't support limitations ?
1145201184 J * Dr4g Dr4g@80-195-133-218.cable.ubr06.uddi.blueyonder.co.uk
1145201188 M * Oli (I'm not keen on recompiling it right now as it's a production machine) but I'll give it a go anyway
1145201189 M * daniel_hozac i have no idea. i don't have any trees that old lying around.
1145201199 M * Oli fair enough
1145201275 M * daniel_hozac but your kernel does not have hard scheduling enabled if it is in the patch.
1145201304 M * Oli ok, I'll repatch and recompile one
1145201313 M * Oli thansk a lot
1145201464 M * Oli time for an up to date kernel too, it won't hurt
1145201466 J * blizz ~blizz@evilhackerdu.de
1145202732 M * micah h01ger: we should've talked last night, I wrote a munin plugin also
1145202835 M * micah h01ger: but i suspect yours is better off than mine
1145203170 M * h01ger micah: :-) why do you expect mine to be better?
1145203183 M * h01ger (and i did talk here :-P :-)
1145203259 M * micah h01ger: oh, I meant my last night, not yours :(
1145203307 M * h01ger that was after mine :)
1145203311 M * h01ger anyway
1145203336 M * h01ger i'll publish mine shortly, then we can take the best of both
1145203342 M * h01ger micah, what do you graph atm=
1145203344 M * h01ger micah, what do you graph atm?
1145203360 M * micah h01ger: because it seems like you've done more than me, I just made something to graph memory usage, I was going to make the graph show the limits set, if there were any, so it was easy to tell if your guest was hitting a limit
1145203383 M * micah i'm just pulling RSS, VSZ, VMl...
1145203489 M * h01ger me too, plus number of procs... user+sys-time is not finished yet
1145203516 M * h01ger i'll send you a query for my plugins - the "public" release for all will come soonish :)
1145203522 A * h01ger needs to do laundry now
1145203580 M * daniel_hozac FYI, tokkee did a collectd plugin not too long ago.
1145203614 M * h01ger whats collectd ? :)
1145203623 J * |coocoon| ~coocoon@p54A05FFD.dip.t-dialin.net
1145203636 M * daniel_hozac http://verplant.org/collectd
1145203637 M * h01ger micah, btw, i'm not sure yet wether to you GAUGE or DERIVED for user+systime...
1145203640 M * h01ger daniel_hozac, thx!
1145203643 M * |coocoon| hello
1145203658 M * bonbons daniel_hozac: what does your collecd plugin monitor?
1145203669 M * daniel_hozac it's not mine. it's tokkee's.
1145203728 M * bonbons what does it monitor?
1145203779 M * daniel_hozac i don't know.
1145203790 M * h01ger tokkee, in your followup to http://list.linux-vserver.org/archive/vserver/msg12667.html you link to an example page "with screenshots" - unfortunatly those are not there (anymore)
1145203812 M * h01ger bonbons, http://verplant.org/collectd/ has a good description
1145203816 M * daniel_hozac http://archives.linux-vserver.org/200603/0090.html
1145203821 M * h01ger basically munin/mrtg for a single host
1145203870 A * h01ger frowns: to different mail archives on linux-vserver.org ;-/ :)
1145203878 M * bonbons h01ger: I know collectd, but as I understood tokkee wrote a vserver-related plugin for it <- what does the plugin monitor?
1145203921 Q * |coocoon| Quit: KVIrc 3.2.0 'Realia'
1145203936 M * h01ger bonbons, read the mail daniel + me refer to here
1145203967 M * bonbons just reading it
1145204071 M * micah h01ger: sorry was away for a moment
1145204101 M * micah h01ger: yeah, I was trying to separate memory from other things to be able make things clearer
1145204146 M * micah h01ger: I was using AREA for RSS, VM, VML (similar to the existing memory plugin), I haven't done any CPU anything 
1145204154 M * micah daniel_hozac: http://verplant.org/collectd is 404
1145204302 M * micah wow, the collectd plugins have to be in C?
1145204334 M * h01ger micah, http://verplant.org/collectd/
1145204398 A * h01ger is away now to - cu
1145205691 M * micah daniel_hozac: there are no changes between -rc15 and -rc16?
1145205715 M * micah daniel_hozac: waldi said to ask you :)
1145205879 M * daniel_hozac nope.
1145205882 M * daniel_hozac not for stable.
1145206113 N * Bertl_oO Bertl
1145206132 M * Bertl back for a moment ... from the EasterHegg
1145206221 M * Skram in a VPS setting, how could I do QoS for certain protocols/ports?
1145206351 Q * Oli Quit: Oli
1145206745 Q * nebuchadnezzar Remote host closed the connection
1145208591 M * ray6 skram: simply based on the IP?
1145208599 M * ray6 oh, hi Bertl :)
1145208626 M * Skram ray6: ip and/or protocol
1145208653 M * Skram (everyone gets a /32)
1145208672 M * ray6 skram: i meant QoS should work in the VPS setting exactly like in a normal environment
1145208679 M * Skram hmm
1145208688 M * Skram but how do i set it up on the host
1145208688 M * ray6 of course you have to do it outside the vserver
1145208694 M * Skram right
1145208704 M * Skram so.. i have iptables setup, should i do it via that or what
1145208767 Q * matta Ping timeout: 480 seconds
1145208833 M * ray6 usually you use tc for traffic limiting etc.
1145208841 M * Skram tc?
1145208842 M * Skram hrmm
1145208849 M * ray6 http://lartc.org/howto :)
1145208931 M * Skram http://gentoo-wiki.com/HOWTO_Packet_Shaping ?
1145208995 M * Skram ill go thru the link you posted
1145209013 M * Skram hercules linux # cat /usr/src/linux/.config | grep NETLINK
1145209013 M * Skram CONFIG_NETFILTER_NETLINK=m
1145209013 M * Skram CONFIG_NETFILTER_NETLINK_QUEUE=m
1145209013 M * Skram CONFIG_NETFILTER_NETLINK_LOG=m
1145209013 M * Skram # CONFIG_IP_NF_CONNTRACK_NETLINK is not set
1145209020 M * Skram uhmm, thats all fine right?
1145209089 M * ray6 I'm not an expert on shaping also :) simple priorizations can be done using iptables and the default queues IIRC, there are a few "cookbooks" at the end of the lartc howto
1145209108 M * Skram right now i am modprobbing everything i need
1145209273 M * phreak`` Hollow: pong
1145209301 M * Skram I want a /8
1145209590 M * Skram ray6: uhmmm
1145209619 M * Skram http://lartc.org/howto/lartc.rpdb.html anything wrong if on default I dont have any rules in the list?
1145210885 M * daniel_hozac yes.
1145211187 J * nebuchadnezzar ~nebu@zion.asgardr.info
1145211588 Q * Viper0482 Remote host closed the connection
1145211802 J * Viper0482 ~Viper0482@p549750BF.dip.t-dialin.net
1145212123 Q * nebuchadnezzar Ping timeout: 480 seconds
1145212599 Q * Viper0482 Remote host closed the connection
1145212981 J * Viper0482 ~Viper0482@p549750BF.dip.t-dialin.net
1145214207 M * tokkee h01ger, bonbons: http://tokkee.org/cgi-bin/collection.cgi/vserver-42097
1145214346 M * tokkee Btw. if there are any collectd related questions, don't hesitate to ask - I think I know the code pretty well ;-)
1145214370 M * bonbons tokkee, thanks. I will take your offer :-)
1145214432 M * tokkee bonbons: Just make sure you hilight me, or write an email/query ;-)
1145214440 M * bonbons tokkee: Q1: is the sourcecode of your plugin available somewhere?
1145214481 M * bonbons tokkee: Q2: is it easily possible to add multiple instances for some plugins (like mysql) in order to monitor multiple servers from same collectd instance
1145214482 M * daniel_hozac https://subversion.verplant.org/collectd/trunk/src/vserver.c
1145214483 J * nebuchadnezzar ~nebu@zion.asgardr.info
1145214506 M * bonbons ah ok, not seen as it was not in last release :-)
1145214581 M * bonbons tokkee: last bit for now: is a NUT (UPS-monitor) plugin in the works?
1145214597 M * tokkee bonbons: My plugin is available from SVN or the upcoming 3.9 release (http://collectd.org/files/collectd-3.9.0.tar.gz).
1145214616 M * tokkee 3.9 is to be considered unstable for now, though.
1145214626 M * tokkee bonbons: None that I know of.
1145214683 M * bonbons tokkee: thanks, will look at collectd & vserver/nut support between my IPv6 hacks on VServer
1145214704 M * daniel_hozac bonbons: how far along are you with that? seems more and more people are asking about it.
1145214724 M * tokkee bonbons: "IPv6 hacks on VServer" sounds great :-)
1145214742 M * SiD3WiNDR :)
1145214754 M * SiD3WiNDR yea I'm silently cheering for bonbons ;)
1145214755 M * daniel_hozac bonbons: you got the groundwork, with the dynamic allocation stuff too?
1145214773 M * SiD3WiNDR was going to get a box ready to run his testpatch on but the motherboard crapped out, currently waiting for a spare :(
1145214774 M * bonbons I'm in progress of optimising my devel environment (cow-based), should be progressing more starting from tomorrow
1145214777 M * daniel_hozac (or were we leaving that for the next iteration?)
1145214841 M * bonbons dynamic allocation was delayed for after IPv6 basics work (a bit wasted memory at the beginning is not such a problem :))
1145214861 M * daniel_hozac ok, cool.
1145214902 M * daniel_hozac i guess the dynamic allocation will solve the problems that people have with the 16 IP addresses too.
1145214968 M * bonbons yep
1145215326 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net
1145215334 A * oliwel waves hello to the crowd
1145215341 M * oliwel happy easter everybody ;)
1145215365 M * oliwel seems to be not very crowded here...
1145215366 Q * Cru Read error: Connection reset by peer
1145215366 Q * nokoya Write error: connection closed
1145215367 Q * BobR_oO Read error: Connection reset by peer
1145215384 J * BobR_oO odie@212.16.62.52
1145215396 J * nokoya young@hi-230-82.tm.net.org.my
1145215452 J * Cru ~mindwarp@turbodiesel.e.de.wahlich.com
1145216346 Q * sizo Quit: leaving
1145218151 M * nebuchadnezzar plouf
1145218202 M * nebuchadnezzar I'm searching some network-related documentation
1145218219 M * nebuchadnezzar I wonder if using vlan can not solve the 127.0.0.1 problem
1145218236 M * daniel_hozac what 127.0.0.1 problem?
1145218327 J * Oli ~skycode@ip-213-49-144-133.dsl.scarlet.be
1145218353 M * nebuchadnezzar daniel_hozac: I'm not sure we can assign it to a dummy interface
1145218362 A * nebuchadnezzar search the doc
1145218408 M * daniel_hozac remember, networking is IP based, not interface based.
1145218566 M * daniel_hozac and what problem are you trying to solve?
1145218698 M * nebuchadnezzar rndc
1145218705 M * nebuchadnezzar 127.0.0.1 is hardcoded 
1145218727 M * daniel_hozac and it expects the packets to be coming back from 127.0.0.1?
1145218753 M * daniel_hozac because 127.0.0.1 being hardcoded is no problem, it's rewritten in the kernel.
1145218823 Q * Viper0482 Remote host closed the connection
1145218841 M * SiD3WiNDR it expects them to come back via 127.0.0.1 indeed
1145219183 M * daniel_hozac maybe we should just rewrite that to the first IP address too.
1145219199 M * nebuchadnezzar if in a vserver I want to run a service only on a "loopback" device, I must prevent other vserver to connect to it
1145219252 M * daniel_hozac do you have an strace of rndc?
1145219259 M * nebuchadnezzar no
1145219260 M * daniel_hozac or a code snippet?
1145219300 M * nebuchadnezzar daniel_hozac: assigning localhost to the public ip of the vserver and calling rndc -s localhost do the trick
1145219339 M * nebuchadnezzar but bind bind its 993 port to the public IP :-/
1145219361 A * nebuchadnezzar do not feel very clear
1145219373 M * daniel_hozac so give all guests their own private address.
1145219388 M * nebuchadnezzar ok
1145219394 M * daniel_hozac and use that as their localhost.
1145219637 Q * Oli Quit: Oli
1145220084 Q * oliwel Quit: Chatzilla 0.9.71 [Firefox 1.5.0.1/2006021318]
1145220147 M * nebuchadnezzar [22:13] <daniel_hozac> remember, networking is IP based, not interface based. <-- sure, but a vlan should solve this, all vserver can have it's own private 127.0.0.1, AFAIK
1145220150 M * nebuchadnezzar I must test
1145220550 M * daniel_hozac nebuchadnezzar: so how would 127.0.0.1 differ from, say, 127.0.0.1?
1145220619 M * nebuchadnezzar well, with real lan, 2vlan can have the same subnet
1145220636 M * nebuchadnezzar 2 same IPs are different, depending on the vlan 
1145220820 M * bonbons nebuchadnezzar: and how is it decided to which vlan to associate a socket bound to say 127.0.0.1?
1145220880 M * bonbons an app will not say "I want the IP on vlan XYZ"!
1145220887 M * nebuchadnezzar I was thinking that it was context specific
1145220912 M * nebuchadnezzar I assign the dummy0.1 to one vserver and dummy0.2 to another
1145220942 M * bonbons there is no way to associate a vlan/net device to a context until there is ngnet.
1145220952 M * nebuchadnezzar :-/
1145220994 M * bonbons the only thing util-vserver does is configure an interface for you (if you request it to do so). But kernel never sees more of it that the pure IP address
1145221046 M * nebuchadnezzar erf, and when ngnet will arrive ? ;-)
1145221078 M * bonbons ask Bertl and ebiederm for that
1145221080 M * daniel_hozac <Bertl>     as I see it, the next few steps will be: 1) a 2.0.2 and 2.1.1 release, 2) per context quota, 3) ipv6 in current networking mode, 4) ngnet
1145221093 M * nebuchadnezzar ok
1145221121 J * knotty ~void@fny94-1-82-67-169-3.fbx.proxad.net
1145221127 M * nebuchadnezzar :-)
1145223185 Q * Dr4g Read error: Connection reset by peer
1145223207 J * Dr4g ~Dr4g@80-195-133-218.cable.ubr06.uddi.blueyonder.co.uk
1145224133 J * FireEgl Atlantica@Atlantica.US.TO
1145224952 Q * bonbons Quit: Leaving
1145226708 Q * goldnlink Read error: Connection reset by peer
1145227149 J * shedi ~siggi@cpe-24-165-167-167.midsouth.res.rr.com
1145228481 M * orzel I'm the happy user of a multi-vhost apache+php server running inside a vserver
1145228495 M * orzel the main server has iptables rules to forward port 80 to the vserver
1145228500 M * orzel using -t nat
1145228538 M * orzel Now. where it comes to fun, is that my squid proxy, running on the main server (host), can't access my own site, because the "-t nat" rules aren't used
1145228567 M * orzel and i can't find a proper iptables line to just blindly forward port 80 to the vserver ip
1145228575 M * orzel do any of you know ?
1145229056 J * Dr4g_ ~Dr4g@80-195-133-218.cable.ubr06.uddi.blueyonder.co.uk
1145229505 Q * Dr4g Ping timeout: 480 seconds
1145231520 Q * orzel Remote host closed the connection