1145404819 M * brc hey bertl 1145404832 M * brc sorry but didnt have time to make those changes (add group/moving between users) on the scripts 1145404845 M * brc Gonna do it tomorrow 1145404863 Q * ntrs Ping timeout: 480 seconds 1145405017 M * Bertl brc: no problem, had other things to do too 1145405060 M * Bertl derjohn: for example, I'm not sure the orange border on the green V is really good 1145405076 M * Bertl derjohn: we also might add a TM to Linux :) 1145405121 M * derjohn and remove the copyright at the footer? you have it anyway .... 1145405139 M * Bertl yeah, was just a test actually, for the symbol charset 1145405141 M * derjohn yes, the Linux Trademark Problem (TM) may occir 1145405156 M * derjohn whom do we ask to ask for a free Linux Licsense? 1145405194 M * brc Bertl i am having a problem. One of the users is using an application that is really I/O intensive. He is alqways CPU and makes the hole servers alow. Would CPU limits help? Which would be the best approach on this case ? 1145405200 M * Bertl if I understood that right, then Linus said something that this is granted by default to Linux related projects or so ... but IANAL 1145405206 M * brc alow=slow 1145405212 M * doener_ derjohn: "immer der der fragt" 1145405219 M * doener_ ;) 1145405244 M * Bertl brc: well, if you have a recent devel kernel, try enabling the cfq i/o scheduler, it is context aware 1145405250 M * derjohn brc on host set the "cfq" I/O scheduler. that shares IO fair among the guests 1145405301 M * brc Is cfq I/O sheduler stable on 2.6.15.4-vs2.0.1.3.img ? 1145405312 M * brc i can't "play" on this server :) 1145405328 M * Bertl it is stable, but I'm not sure that is recent enough 1145405374 M * derjohn brc, here is a config howto: http://linux-vserver.org/some_hints_from_john (look for cfq) .. dunno about the version 1145405430 M * brc But i don't think this is a I/O problem. Check if this is possible: His proccess makes constant HEAVY access to disk, so this proccess is always active and consuming lot of CPU to do this task. When other vservers want to use the CPU there is always this big concorrent taking most of the cpu 1145405456 M * brc soo i though cpu limits would work 1145405479 M * brc The vserver whhich is always with I/O would be put on hold so that the others would do their tasks 1145405508 M * derjohn brc, without knowing the exact situation: bottleneck in webhosting is mostly the disk io. 1145405526 M * derjohn make a iostat -k 1 1000 and check the transactiosn per second (tps) 1145405532 M * brc In this case most of the servers rarely access disks 1145405543 M * derjohn ide: max 250-300, sata maybe 400, biiig scsi 800 1145405585 M * derjohn ..... application that is really I/O intensive.... -> you meant network IO ? 1145405590 M * brc Can i check that with vmstat ? 1145405598 M * brc derjohn: i mean disk i/o 1145405625 M * derjohn brc> In this case most of the servers rarely access disks -> sry I think me missunderstand each other :/ 1145405633 M * brc The overall load is really good. When this vserver stats its proccess, it reads/writes to disk a lot and consumes LOT OF CPU. Everything gets slow 1145405633 M * Bertl derjohn: okay, I uploaded a bitmap version too: http://vserver.13thfloor.at/Stuff/LOGO/Linux-VServer-1.00.png 1145405674 M * Bertl derjohn: please ask a few folks till tomorrow evening what they think about it and what they would like to see improved 1145405676 M * brc derjohn: All servers rarely use disk but one of them make intensive disk i/o 1145405698 M * derjohn brc, you know which one? 1145405724 M * brc Yes 1145405747 M * derjohn Bertl, Ok, but we may lose the chance to get into te catalogue ... but: ... do we care? 1145405763 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145405774 M * brc All i want is that can friendly work together. How? When this heavy vserver starts its intensive I/O it would use less cpu than others. I think that this would solve. What do you think ? 1145405783 M * derjohn which process consumes the cpu? 1145405798 M * Bertl derjohn: well, I thought you said something about a deadline on thursday? 1145405804 M * brc p2p clients like mldonkey or bittorrent 1145405812 M * derjohn Bertl, tuesday (today) 1145405817 M * brc specially at the hashing 1145405821 M * derjohn but let me look it up again 1145405846 M * Bertl in that case I add the Linux(TM) and remove the C2006 and you can submit it 1145405858 M * Bertl they might allow to update it a day later ... 1145405880 M * derjohn brc, to experience disk I/O is the dead of all webhosting. renice-ing does not help. 1145405941 J * ntrs__ ~ntrs@dsl-203-81-rt2-bras.wnvl.centurytel.net 1145405958 Q * ntrs_ Read error: Connection reset by peer 1145405962 M * brc My point is that all vservers rarely do disk I/O and one of them do intensive disk I/O making everything slow 1145405969 M * brc on all of them 1145405980 M * derjohn Bertl, [LT06-Pro-Announce] Urgent deadline for "Messejournal": Tuesday, April 18, 10:00 AM 1145405989 M * derjohn but I submit it anyway 1145406003 M * derjohn but longer waiting is bad 1145406036 M * derjohn Bertl, could make the (c) update? 1145406047 M * derjohn brc, now I get what you mean ! 1145406081 M * derjohn brc: you say let the one draw the IO power as long as the other can use the CPU - it doesnt hurt 1145406102 M * derjohn brc, do you run softraid? 1145406118 M * brc derjohn: No raid. Just a normal IDE 7200 Drive 1145406148 M * brc I was wondering if CPU limits would help with that. I though that this intensive task would be put on hold so that others could work 1145406164 M * derjohn well, keep in mind that open and close and disk I/O will still need kernel resources: buffers, handles etc. 1145406165 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145406208 M * derjohn well try to set the cpu limits.what does cat /proc/virtual/pid/limis etc say about the evil sharer? 1145406244 J * matta ~matta@71.224.125.126 1145406260 Q * ntrs Read error: Connection reset by peer 1145406296 M * brc Now everything seems normal, it just makes everything slow on the p2p hashing fase (reads entire file from disk). When it starts intensive I/O which value should i check on the limits file ? 1145406334 M * derjohn brc besides that it may also consume cpu for looking through the tcp connects xypeertopeer keeps open. 1145406360 M * derjohn the limits tell you about max and min usage of resources .. and current AFAIR. 1145406380 M * derjohn ther you see if it hits the limit after you set a cpu limit 1145406381 M * brc i use limits for limiting memory 1145406395 M * derjohn add themfor cpu and try it out 1145406401 M * brc are cpu limits stable on 2.6.15.4-vs2.0.1.3 ? 1145406403 M * Bertl derjohn: http://vserver.13thfloor.at/Stuff/LOGO/Linux-VServer-1.01* 1145406432 M * Bertl brc: 2.0.x is the stable branch, so yes, they _are_ stable :) 1145406438 M * derjohn i _may_ help, that the host cannot make sooo much IO, because processes have to wait until they can process 1145406465 M * brc Bertl: ok :) 1145406467 M * derjohn Bertl, CPU limits are in the stable brach? 1145406476 M * derjohn Bertl, I mean scheduling 1145406480 M * brc Ok 1145406504 M * derjohn brc, I asked that, I did not claim that ;) 1145406513 M * Bertl http://linux-vserver.org/Release+FAQ 1145406519 M * brc I will try that on a test enviroment. Do you think that the cpu schedule overhead might be a problem on loaded systems ? 1145406555 M * brc from release+faq cpu limits are stable 1145406596 M * derjohn brc, if that was the case the cpu limits would be relatively useless :) 1145406612 M * brc true :) 1145406620 Q * ntrs__ Ping timeout: 480 seconds 1145406623 M * Bertl if you need additional performance and/or flexibility, I'd suggest to go for 2.1.1 though, because this contains the per cpu schedulers 1145406628 M * derjohn the token bucket scheduler doesnt need much cpupower by itself 1145406640 M * brc I just have 1 cpu 1145406684 M * Bertl brc: ah, well, that probably explains why you experience sloppy behaviour, but nice tuning could probably optimized that away 1145406718 M * Bertl personally I was not very happy with the 2.6.15.x kernels 1145406729 M * Bertl they did not behave as I expected (in production) 1145406734 M * doener_ hm, yet another 2.6.16.x 1145406748 M * derjohn .8 ?ß 1145406754 M * doener_ yup 1145406759 M * derjohn security? 1145406764 M * brc Bertl: i will upgrade it on a near future, users dont like constant reboots :) 1145406768 M * doener_ DoS 1145406784 M * doener_ Stephen Hemminger: ip_route_input panic fix (CVE-2006-1525) 1145406785 M * derjohn hm. *heul* 1145406832 M * Bertl doener_: hmm, 2.6.16.8=? 1145406886 M * doener_ yes 1145406889 M * Bertl ah, yes, I see, good that I forgot to upload the 2.6.16.7 patches :) 1145406901 M * doener_ heh 1145406942 M * brc browsing securitufocus, lot of local DoS vulnerabilits 1145406978 M * Bertl most of those do not apply to Linux-VServer though 1145407025 M * brc is that due to the CAPS limitation ? 1145407041 M * Bertl yes, either that or to the fact that networking is still on the host 1145407079 M * Bertl derjohn: does the logo look fine to you now? 1145407108 M * derjohn yes it does. 1145407147 M * brc that's why i like linux-vserver. after you get quota and ngnet working it will be 100% :) 1145407178 M * Bertl ah, I think there will always be stuff to do ... 1145407182 M * brc Going to try the cpu limits stuff. Thanks for your help doener/bertl. 1145407192 M * Bertl you're welcome! 1145407192 M * brc Bertl, tomorrow i will have the script finished with the missing tests. 1145407198 M * brc good night!! 1145407204 M * Bertl good night! 1145407258 M * Bertl so doener_, what do you think of the latest lo patches? 1145407366 M * doener_ brc: that was derjohn, not me ;) 1145407376 M * doener_ Bertl: I didn't take a look yet 1145407385 M * Bertl do you plan to? 1145407444 M * doener_ is lo0.03 the whole thing, or do they form a patch series? 1145407486 M * Bertl no, that's everything in one patch, ontop of the normal rc16 1145407525 M * doener_ what was the magic url to get formatted diffs? 1145407569 M * Bertl ah, probably doesn't work on that host, it was .hl 1145407595 M * doener_ indeed, does not work... ah well, vim will do 1145407866 M * doener_ hm, what's the "FIXME: extend by ^nid" about? 1145407884 M * doener_ ah, nvm 1145407890 M * Bertl that was an idea? to speed up the hash by using that 1145407916 M * Bertl but I'm pretty sure that this won't work for several reasons, and I did not do it right now because I _wanted_ to have collisions 1145407959 M * doener_ i got a bit confused by 'fixme', as I didn't see any reason for a real error 1145407976 M * Bertl the only missing part IMHO, ATM is that guests cannot cross talk, and the host is not handled properly regarding lo 1145407983 M * Bertl *parts 1145408260 M * derjohn Bertl, Linux-VServer ermöglicht es, mehrere Instanzen von GNU/Linux auf einer einzigen Maschine laufen zu lassen. Die Instanzen werden durch Context Isolation streng voneinander getrennt. Jeder Context läuft auf dem selben Kernel, was diese Virtualisierungstechnik sehr effizient macht. Die Anwendungsmöglichkeiten reichen von einzelnen isolierten Prozessen bis hin zu ganzen Virtual Private Servern - viele Distributionen können unverändert in einem Cont 1145408261 M * derjohn ext betrieben werden. 1145408265 M * derjohn ok ? 1145408282 M * derjohn bzw: http://linux-vserver.org/Linux-VServer-self-definition 1145408384 M * Bertl s/Jeder Context läuft auf dem selben Kernel/Alle Kontexte benutzen ein(en) gemeinsame(n/s) Kernel 1145408402 M * derjohn *lol* 1145408407 M * derjohn .de vs. at ? 1145408435 M * doener_ hm, the thrown-in english words make me shiver ;) And I'm not sure whether "multiple instances of GNU/Linux" is actually correct, as it that term IMHO includes a kernel 1145408461 M * doener_ ie. it would mean multiple kernels as well 1145408471 M * derjohn i am aware ogf that. thats why i chose GUN/Linux. 1145408498 M * Bertl Mehrere Instanzen von GNU/Linux Distributionen? 1145408517 M * derjohn I wanted to avoid "distribution" - why? Because "multiple distributions" could be misleading: you can also run the samwe several times. 1145408555 M * Bertl that's why I suggest to say Multiple instances of GNU/Linux distributions with a single kernel :) 1145408687 M * derjohn wiki changed. @ doener_ besser so? 1145409162 M * derjohn native spekaers here? Linux-VServer is for running multiple instances of GNU/Linux distributions with a single kernel. That makes this virtualization technique very efficient. -> correct? 1145409180 Q * cohan Ping timeout: 480 seconds 1145409235 M * doener_ "Linux-VServer erlaubt es ein GNU/Linux System zu virtualisieren indem es in Kontexte unterteilt wird. Die Kontexte sind streng voneinander getrennt, teilen sich jedoch einen gemeinsamen Kernel, was die Virtualisierung sehr effizient macht. Die Kontexte können dabei verschieden ausgeprägt sein, von der Ausführung eines einzelnen Prozess bis hin zu Instanzen kompletter Distributionen. 1145409261 M * derjohn -> wikizied? 1145409336 M * derjohn doener_, kannst du es wikisieren? Ich nehme es dann genau so in die Mail an die LT Leuete 1145409576 M * Skram Hey kats. 1145409617 M * Bertl derjohn: please keep it english ... 1145409640 M * Skram yes! 1145409644 M * Bertl (the talk here on the channel :) 1145409647 M * Skram ipcalc 70.86.176.0/26 1145409648 M * Skram woops 1145409655 M * Bertl lol 1145409769 M * Skram big woop, people know one of our ip blocks.. 1145409836 M * derjohn Bertl, what do oyu think about that: Linux-VServer erlaubt es ein GNU/Linux System zu virtualisieren indem es in Kontexte unterteilt wird. 1145409851 M * derjohn IMO it misses the point a little 1145409878 Q * anonc Quit: adios 1145409886 M * Bertl yep, it misses it somewhat :) 1145409904 M * derjohn but the rest of the text if fine 1145409910 J * Aiken_ ~james@tooax7-101.dialup.optusnet.com.au 1145410048 M * Bertl evening Aiken_! 1145410093 M * doener_ I tried to start at the smallest unit we have and build up on that, as the fact that you actually 'compose' several features the way you need them to create a VPS was important to me... But yeah, the start of that text is too generic 1145410133 M * doener_ (and the composition isn't really mentioned... :( ) 1145410233 Q * Aiken Ping timeout: 480 seconds 1145410369 M * derjohn Linux-VServer erlaubt es, GNU/Linux Systeme virtualisieren. Dies wird durch eine strenge Unterteilung des Kernels in Kontexte erreicht. 1145410369 M * derjohn Alle Kontexte laufen in diesem gemeinsamen Kernel, was diese Virtualisierungstechnik sehr effizient macht. Die Kontexte können dabei verschieden ausgeprägt sein, von der Ausführung eines einzelnen Prozess bis hin zu Instanzen kompletter Distributionen. 1145410460 M * doener_ #vserver.de for that topic? 1145410484 M * derjohn where else? it is about vserver and for vserver .... 1145410522 M * doener_ note the ".de" ;) as Bertl pointed out that we should stick to English here 1145411066 Q * gerrit Ping timeout: 480 seconds 1145411661 M * Bertl derjohn: move your ass over to #vserver.de :) 1145411684 M * derjohn does that existt? 1145411755 M * Bertl for a short time it will, then we remove it again 1145413045 M * Aiken_ hi Bertl 1145413055 M * Aiken_ was this ever fixed or looked at? http://pastebin.com/668482 1145413068 M * Aiken_ I get that after vserver avon stop 1145413077 M * Aiken_ 2.6.15-vs2.1.0.4 1145413090 M * Bertl sec 1145413102 M * Skram is .15-vs2 stable? 1145413106 M * Skram i heard of some problems.. 1145413140 M * Bertl Aiken_: you basically want to stop the guest before you remove it ... 1145413151 M * Aiken_ I did stop the guest before the rm -rf 1145413170 M * Bertl well, looks like the /dev/pts and /proc is still mounted inside 1145413194 M * Aiken_ a 2nd rm -rf avon/ deletes them with out error 1145413218 M * Aiken_ I would think if they were still mounted the 2nd rm should fail as well 1145413246 M * Bertl that's at least interesting ... 1145413356 M * Bertl I don't think it was investigated, I assume it was considered a problem between keyboard and chair ... 1145413358 M * Aiken_ while you think I'll grab some lunch :) 1145413455 M * Aiken_ I'll try it on the alpha, it has a 2.6.16 kernel 1145413553 M * Bertl okay, good :) 1145413722 M * Bertl ah, slashdot will tell us why 'OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux.' 1145413745 M * Bertl btw, either they have a new developer or I missed something :) 1145413769 M * Bertl or does anybody know Andrey Savochkin, the 'lead developer of the OpenVZ server virtualization'? 1145414579 M * Aiken_ 2.6.15-vs2.1.0.4 http://pastebin.com/668509 1145414580 M * Aiken_ 2.6.16-vs2.1.1-rc13 http://pastebin.com/668516 1145414596 M * Aiken_ looks like it was kernel version related with it wokring as expected in the later kernel 1145414606 M * Bertl okay, great! 1145414606 M * Aiken_ maybe time to upgrade the kernel on this machine 1145414647 M * doener_ Bertl: hm, slashdot as well? I've read an interview on kerneltrap... lots of pr... 1145414682 M * doener_ ah ok, it's the kerneltrap interview 1145414702 M * Bertl well, I think I will at least comment on the kerneltrap interview 1145414828 Q * softi42 Ping timeout: 480 seconds 1145415067 M * Aiken_ a grep of his name on the a std kernel source comes up with a few hits 1145415342 M * doener_ Bertl: btw, while reading that interview I wondered about what he said about eg. performance differences between OpenVZ and Virtuozzo. I'd expect that to be kernel stuff and as such also be subject to the GPL. 1145415354 M * doener_ do you by chance know any details on that? 1145415425 M * Bertl only thing I heard was that they let the customers sign an NDA which basically keeps them from requesting kernel stuff 1145415441 M * Bertl of course the official version is that this is done with modules 1145415446 J * softi42 ~softi@p549D58A4.dip.t-dialin.net 1145415480 M * Bertl an interesting detail IMHO is that the 'soft-link' filesystem which might give compareable performance to unification, is not in OpenVZ 1145415518 M * Bertl aside from that, our last performance tests showed that OpenVZ is faster than Xen, but slower than Linux-VServer :) 1145415551 M * doener_ In some older interview I remember reading something along the lines of them admitting that they violated the GPL in the past, because they couldn't allow anyone to see the code because of business reasons... I'd actually not be surprised if that is still true for parts of Virtuozzo 1145415582 M * Bertl I would assume so too, but maybe matta knows more here? 1145415596 J * matt1 ~matta@71.224.125.126 1145415663 J * anonc ~anonc@staffnet.internode.com.au 1145415913 M * Bertl Aiken_: seems he conrtibuted around 1998-2000 to some parts 1145416035 Q * matta Ping timeout: 480 seconds 1145416646 M * derjohn n8 all! dream well! 1145416655 M * doener_ sleep well! 1145416667 M * Bertl good night! 1145418285 M * micah I have unaccountable load on one of my machines, nothing is particularly running according to vtop and vps, could I have a stray process in an odd context somehow that I can't see? 1145418315 M * Bertl unlikely, where do you see the load? 1145418415 M * micah in the uptime on the host 1145418452 M * micah I dont see any blocking processes at all, but the load is 1.64 1145418455 M * Bertl then it should be a host process 1145418481 M * Bertl but 1.64 is not that much ... 1145418505 M * Bertl could you upload the vtop output somewhere? 1145418513 M * micah no, its not, but you would expect to see a blocking process :) 1145418521 M * Bertl (on SMP please with all cpus shown) 1145418544 M * Bertl micah: a blocking process usually does not add to the load, a running does ... 1145418632 M * micah sorry, thats what I meant 1145418675 M * micah Bertl: http://revolt.org/vtop 1145418921 M * Bertl well, 5 processes consuming time as it seems 1145418972 M * Bertl what kernel version is that? 1145418995 M * micah the ones with significant TIME+ column entries? 1145419013 M * Bertl yes, well, more the %CPU actually 1145419022 M * micah hmm, yeah this is an older 2.6.8 kernel on this box 1145419031 M * Bertl is the raid rebuilding right now? 1145419048 M * micah not according to /proc/mdstat 1145419062 M * Bertl what happens if you issue 'sync'? 1145419067 M * Bertl does the load start to drop? 1145419108 M * micah it seems like it does 1145419123 M * Bertl what I/O scheduler do you use? 1145419124 M * micah went from 1.66 to 1.35 already 1145419137 M * micah but now back up 1145419194 M * micah I have no scheduler set on this machine, so its the default which is... 1145419234 M * micah hmm, where is that documentation 1145419257 M * micah probably anticipatory? 1145419322 M * Bertl check the one used in sysfs 1145419403 M * micah for the block devices? 1145419566 M * micah must be anticipatory as all devices/queue directories have antic_expire 1145419808 M * Bertl yes, for the block device(s) 1145419855 M * micah this kernel doesn't support /sys/block/hdc/queue/scheduler but /sys/block/sdd/queue/iosched/ contains antic_expire 1145420244 M * Bertl check cat /sys/block/sdd/queue/scheduler 1145420260 M * Bertl and check it for the md you are actually using too 1145420527 M * Bertl micah: btw, any ideas why the 0.30.210 tools (in debian backports) were not built for alpha? 1145420604 M * micah yeah, thats what I meant that the /sys/block//queue/scheduler doesn't exist, only iosched/ 1145420623 M * Bertl interesting, ancient kernel then, ah, yes you said 2.6.8 1145420636 M * micah why the alpha tools were not built, let me see 1145420679 M * Bertl Unpacking util-vserver (from .../util-vserver_0.30.209-0bpo1_alpha.deb) ... 1145420686 M * micah there is a problem with the alpha build machine it appears, it isn't pulling in dependencies properly, I'll start bugging people about that 1145420689 M * Bertl no 0.30.210 version 1145420718 M * Bertl okay, tx 1145420727 M * micah it didn't build on arm or powerpc either, hrmf 1145420746 M * micah well, bed time for me, I'll chase those build machine maintainers around tomorrow 1145420759 M * Bertl excellent! tia! have a good sleep! 1145420924 M * Bertl okay, I'm off to bed now too .. have a nice one everyone! cya tomorrow! 1145420931 N * Bertl Bertl_zZ 1145425449 J * keitheis- ~keitheis-@61-64-67-214-adsl-tpe.STATIC.so-net.net.tw 1145427552 Q * keitheis- Quit: Chatzilla 0.9.72 [Firefox 1.5.0.2/2006030804] 1145427803 J * |coocoon| ~coocoon@p54A07791.dip.t-dialin.net 1145427809 M * |coocoon| morning 1145428360 M * eyck hmmm... 1145428367 M * eyck " In the interview Savochkin goes into great detail about how virtualization works, and why OpenVZ outshines the competition, comparing it to VServer,".... 1145428408 M * cehteh who is Savochkin? Virtuzo's CEO? 1145428460 M * eyck yupp, and he got an interview on kerneltrap as 'OS virtualisation guru' 1145428495 M * |coocoon| boot 1145428643 M * cehteh lol 1145428677 M * cehteh well .. next time they ask Bill Gates why Microsoft Windows is superior to Linux 1145428691 M * cehteh or Larry Ellison whats better, MySQL or Oracle 1145428809 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net 1145430136 M * eyck well, Oracle is better, obviously, but they could ask - what is better, DB2 or Oracle, or Postgresql or Oracle 1145430506 M * cehteh ok, right 1145430570 M * cehteh but also the term 'better' is quite subjective ... 1145430649 M * eyck yeah, I would like someone to ask Ellison if Oracle is better then SQLite ;) 1145430669 M * cehteh lol 1145430705 M * cehteh or ask bill gates if linux is better than MS-DOS :) 1145431155 Q * Provito Quit: Leaving 1145432160 J * Dr4g ~Dr4g@80-195-133-218.cable.ubr06.uddi.blueyonder.co.uk 1145432221 J * salads ~manis@tor-irc.dnsbl.oftc.net 1145432271 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1145432501 J * _fry_ ~fry_@gprs-pool-1-009.eplus-online.de 1145433443 Q * complexmind Quit: using sirc version 2.211+KSIRC/1.3.12 1145433715 M * Hollow hm 1145433728 M * Hollow the best about Savochkins interview is bertls comment :) 1145433794 Q * matt1 Ping timeout: 480 seconds 1145433920 M * |coocoon| hollow: morning hollow 1145433951 M * |coocoon| hollow: have made it, now i am working on partitioning the machine 1145433958 M * |coocoon| how should i set it up 1145433968 M * |coocoon| hollow: what do u think 1145433998 M * Hollow lvm2 1145434003 M * kir Hollow, believe it or not first of all we did not pay a dime to Jeremy. it is not ad, it is kernel hacker interview 1145434018 M * Hollow well, i did not say it is true what bertl said 1145434027 M * Hollow maybe: s/best/funniest/ 1145434075 M * |coocoon| hollow: with or without raid 1145434078 M * kir Hollow, to my mind by adding this comment it's Bertl who looks evil not those big company SWsoft (which, in a way, sponsors vserver development by providing dionysos;) 1145434086 P * _fry_ ... und tschüß 1145434117 M * kir Hollow, actually it makes me more sad than funny :( 1145434119 M * Hollow kir: well, i'd really be the last one to care about this stuff 1145434135 M * Hollow and i'm niether pro or con ovz or vserver 1145434147 M * Hollow and you know that ;) 1145434155 M * kir Hollow, appreciated. I know for sure you are "neurtal" :) 1145434167 M * kir s/neurtal/neutral/ 1145434171 M * Hollow well, no, i'm surely biased, but that's why i keep quiet :) 1145434204 M * Hollow |coocoon|: raid? 1145434214 M * Hollow how many drives do you have? 1145434214 M * |coocoon| software raid 1145434218 M * |coocoon| 5 1145434220 M * Hollow oh 1145434223 M * |coocoon| a 9,1 1145434248 M * |coocoon| but two are different 1145434252 M * Hollow yes, would probably make sense.. but you can just add all volumes to one group in lvm2, so you don't necessarily need raid 1145434276 M * |coocoon| ok i ve tried it but if i set it to 9GB i got 2gb 1145434282 M * |coocoon| i do not know whgy 1145434312 M * Hollow what did you try? lvm or raid? 1145434320 M * |coocoon| lvm 1145434334 M * |coocoon| create logical volume 1145434377 M * Hollow the first you have to do is to add physical volumes to lvm using pvcreate 1145434402 M * |coocoon| ok yes right i am in installation screen i will try 1145434407 M * Hollow like: pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1 1145434409 M * |coocoon| should i use reiser or ext3 1145434420 M * Hollow ext3 1145434421 M * Hollow :) 1145434484 M * Hollow the only thing you shouldn't do is using lvm for / 1145434506 M * Hollow (although it is possible iirc) 1145434549 M * |coocoon| yes i tried to set sda the whole disk to ext3 but it shows 2gb instead of 9gb 1145434610 M * |coocoon| it shows that the maximum size is 2gb 1145434626 M * Hollow does fdisk show the right size? 1145434687 M * |coocoon| the size is right shown but the partitioning tool has probs 1145434751 M * |coocoon| which partition table must i use 1145434828 M * Hollow just clear any existing partition table and create one linux parition using the whole disk 1145434856 M * |coocoon| ther e are to many primary partitions is the report 1145434916 J * cryo ~say@psoft.user.matrix.farlep.net 1145434948 M * Hollow after creating one partition? ;) 1145435091 J * cohan ~cohan@koniczek.de 1145435352 M * |coocoon| it happens only at one partition where the sun os has been installed 1145436927 J * pagano ~pagano@lappagano.cnaf.infn.it 1145437093 M * pagano hi guys :) 1145437524 J * ebiederm ~eric@ebiederm.dsl.xmission.com 1145437618 Q * Aiken_ Ping timeout: 480 seconds 1145438167 N * ebiederm ebiederm_zz 1145438508 Q * shedi Ping timeout: 480 seconds 1145438698 M * eyck lvm should be put on top of raid... 1145438718 M * eyck same goes for xfs 1145438826 M * pagano I have these errors when I try to start a new vm 1145438858 M * pagano http://pastebin.com/668878 1145439310 Q * wenchien Quit: Terminated with extreme prejudice - dircproxy 1.0.5 1145439384 J * shedi ~siggi@cpe-24-165-167-167.midsouth.res.rr.com 1145440466 M * tokkee vserver sarge-amd64-base build --context 5002 --hostname sarge-amd64-base --interface eth1:192.168.5.2/32 -m debootstrap -- -d sarge -m 'http://192.168.5.1/apt-cacher?/ftp.de.debian.org/debian-amd64/debian/' -- -arch amd64 1145440470 M * tokkee /usr/sbin/debootstrap: line 209: .: /etc/vservers/.defaults/vdirbase/sarge-amd64-base: is a directory 1145440473 M * tokkee WTF? 1145440582 M * tokkee Can anybody tell me what's going wrong here? 1145440773 M * tokkee *d'oh* s/-arch/--arch/ ;-) 1145440785 M * tokkee $head -> $wall 1145441294 M * |coocoon| what ias there /etc/vservers/.defaults/vdirbase/sarge-amd64-base 1145441439 M * tokkee |coocoon|: ? 1145441454 M * |coocoon| is there a directory or a text file 1145441477 M * |coocoon| maybe u must delete the vserver u have created befor 1145441478 M * |coocoon| e 1145441484 M * |coocoon| or use force 1145441490 M * tokkee |coocoon|: It says it's a directory - so I guess that's what it is ;-) 1145441522 M * tokkee |coocoon|: No... I passwd a wrong argument (-arch instead of --arch) to debootstrap - that's what caused the error. 1145441539 M * |coocoon| ah ok 1145441548 M * tokkee |coocoon|: But thx anyway :-) 1145441579 M * |coocoon| everytime i get wrong 1145441644 M * tokkee Huh? 1145441666 M * |coocoon| what does that mean huh 1145441701 M * tokkee What do you get wrong? 1145441723 M * |coocoon| nothing but my knowledge is very less 1145441795 M * pagano for login ssh on vm I must change sshd_conf of guest or host ? 1145441808 M * tokkee |coocoon|: Usually, that changes pretty fast ;-) 1145441828 M * tokkee pagano: host 1145442028 M * pagano and put that in ListenAddress the ip of the host, right? 1145442053 M * tokkee Jep. 1145442115 M * pagano infact, it works :) 1145442752 M * tokkee :-) 1145443147 Q * michal` Ping timeout: 480 seconds 1145443488 J * michal` ~michal@www.rsbac.org 1145445034 M * kir cehteh, Andrey Savochkin is just yet another kernel hacker, he is not CEO or something. isn't it clear from the interview? he did a lot of stuff for mainstream kernel 1145445043 M * kir cehteh, sorry I reply too late 1145445114 M * h01ger micah, ping 1145445119 A * h01ger waves 1145445148 M * kir cehteh, surely his opinion is biased, but it is biased in the very same way as Bertl's opinion about OpenVZ is biased. And neither side should be blamed for that. There are opinions and there are facts. Facts are more or less objective, opinions are always subjective, there's nothing wrong with that. 1145445325 M * micah h01ger: pong 1145445382 M * micah kir: what are you speaking of? 1145445643 M * kir micah, it was a reply to cehteh's question "who is Savockin", about 5 hours ago. yeah I'm slow I know 1145445687 M * micah was this an article somewhere? 1145445759 M * micah ah, I see on slashdot/kerneltrap 1145445761 M * kir micah, yep, http://kerneltrap.org/ has an inteview with an OpenVZ kernel hacker 1145445852 M * kir personally I do not like the words "outshine the competition" by myself; it's too provocative. But Andrey did not say that, it's the words of who sent the link to slashdot 1145446531 M * h01ger micah, in layer-acht.org/vserver-munin-plugins/ there is a screenshot dir, in the first pic, which kind of drawing do you prefer ? that for usersys or for cpusys? 1145446679 M * waldi aja, 19,08 prozesse 1145446681 M * h01ger Bertl_zZ, can you please elaborate a bit on your comment on kerneltrap about "a pending GPL violation which might have led to the OpenVZ release in the first place?" 1145446698 M * waldi h01ger: -v? 1145446706 M * h01ger waldi, for what? 1145446711 M * waldi h01ger: the later 1145446712 M * h01ger http://kerneltrap.org/node/6492#comment 1145446738 M * micah h01ger: hmm, I'm not sure! 1145446747 M * h01ger micah, me neither :/ 1145446760 M * micah h01ger: I'm hoping for munin drawings that can be used to figure out scheduling and limit issues 1145446796 M * micah h01ger: I'm thinking that if you have graphs of guest resource usage you can set limits based on their past usage +10% more or so, and then you can watch to see if they hit those limits 1145446814 M * h01ger for this kind of combined graphs i would only could the sum of limit violations per vserver. (and have another per vserver plugin with detailed limit violations..) 1145446839 M * h01ger s/could/count/ 1145446878 M * micah yeah 1145446923 M * micah it would be easy to grab the limit violations too 1145446958 M * h01ger yup. but as there are 8 (?) limits you can violate... per vserver... it should be graphed per vserver :) 1145446995 M * micah yeah, I agree it would be better separate 1145447000 M * h01ger ok. i will work a bit on different stuff now and try to find some time for the plugins later today.. 1145447034 M * h01ger micah, is there an vserver-alioth project to put the plugins in svn ? 1145447075 M * micah h01ger: there is, I need to get alioth admin access so i can add you 1145447131 M * micah h01ger: hey, I have it! 1145447221 M * h01ger :) 1145447230 A * h01ger is h01ger-guest on alioth 1145447266 M * micah ok, it appears as if svn.d.o is down right now, but I'm adding you 1145447289 M * h01ger fine & no problem. 1145447359 M * micah its been my experience that the upstream munin people accept plugins pretty easily 1145447524 M * h01ger yeah, thats where i want to put them in the end. i allready reserved a vserver category on their wiki :) 1145447612 M * micah great :) 1145447679 M * micah h01ger: only the http interface for svn.d.o is down, the actual svn repo is avail 1145447696 M * micah h01ger: svn+ssh://svn.debian.org/svn/pkg-vserver 1145447727 M * h01ger thx 1145447737 M * nebuchadnezzar hi 1145447780 A * h01ger checks it out and looks for a place to store the plugins.. 1145447816 M * micah h01ger: yeah, I was just looking at that... maybe a new root dir? 1145447874 M * micah h01ger: right now there is backports/, experimental/, and then the two directories for the unstable work of those two packages... those maybe should be moved into their own sub directory 1145447927 M * micah h01ger: basically I have been the only one doing commits on this, Ola hasn't done anything except a few comments here and there in the BTS, i dont think he is even watching the commit logs 1145447953 J * {Besi} ~Besi@80.91.113.25 1145447957 M * micah h01ger: btw. web is back for svn after I bugged them 1145448016 A * h01ger tried a full checkout but no space left... so you mean a new root dir next to util-vserver and kernel-patch-vserver ? 1145448024 M * h01ger or ? 1145448052 M * {Besi} !seen Xhaxhi 1145448152 M * micah h01ger: yeah, maybe a directory for "people" and then you can put things in there? or a directory for "scripts" or "misc" or, hmm need coffee 1145448238 M * h01ger micah, :) i was surprised you were already up :) people or scripts|misc sounds good to me. take your coffee, relax and decide. and then tell me. i'm in no hurry for that atm... 1145448311 M * micah h01ger: i had to bring biella to the airport early :) how about you pick something, I dont really need to have such control :) 1145448348 M * h01ger hehe 1145448390 M * h01ger i'll think about it as a background process. /me needs to work now.. 1145448451 Q * {Besi} Quit: 1145449251 J * NikDaPhreak ~NikDaPhre@212.72.210.5 1145449255 M * NikDaPhreak hi all :-) 1145449795 T * phreak`` http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc17 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1145449861 J * flo ~r4ge@micky.fmi.uni-passau.de 1145449875 P * flo Leaving 1145452340 Q * brc Ping timeout: 480 seconds 1145452914 J * mef ~mef@targe.CS.Princeton.EDU 1145453166 Q * salads Quit: brb 1145453191 J * salads ~manis@tor-irc.dnsbl.oftc.net 1145453213 Q * salads Quit: 1145453242 J * salads ~manis@tor-irc.dnsbl.oftc.net 1145453809 Q * matti Ping timeout: 480 seconds 1145454410 J * matti matti@212.244.232.46 1145454705 Q * cohan Quit: leaving 1145455193 Q * matti Ping timeout: 480 seconds 1145455269 N * kevinp_gone kevinp 1145455358 J * matta ~matta@71.224.125.126 1145455470 M * kevinp daniel_hozac you around? 1145455550 J * matti matti@linux.gentoo.pl 1145455558 J * matt1 ~matta@71.224.125.126 1145455959 Q * matta Ping timeout: 480 seconds 1145456626 Q * waldi Remote host closed the connection 1145456843 Q * NikDaPhreak Ping timeout: 480 seconds 1145457317 J * Milf ~Miranda@ipsio453.ipsi.fraunhofer.de 1145458052 Q * Heinzwurst Ping timeout: 480 seconds 1145458075 N * Bertl_zZ Bertl 1145458085 M * Bertl morning folks! 1145458102 M * |coocoon| hello bertl 1145458114 M * |coocoon| nice to see u i have made it to install deb sparc 1145458121 M * |coocoon| on the enterprise 1145458158 M * |coocoon| now how to go further 1145458165 M * Bertl hey excellent! 1145458168 M * |coocoon| that u can reach the machine 1145458179 M * Bertl so you got the remote control working too? 1145458194 M * |coocoon| no i am looking for it 1145458202 M * Bertl ah, how did you install it? 1145458203 M * |coocoon| i think i must configure the booloader 1145458211 M * |coocoon| but here is only silo and i have no idea 1145458232 M * Bertl ah, okay, so you have everything running but don't see anything on the rcs? 1145458244 M * |coocoon| hm i tried it with normal cdrom installation, assign the right id 1145458258 M * |coocoon| yes right if i connect the rsc no ip appears 1145458280 M * |coocoon| i also can#t configure lvm volumes for all disks 1145458295 M * Bertl okay, we'll look at this one by one ... 1145458300 M * |coocoon| i do not know why but during installation there doesn't wotrk anything 1145458322 M * |coocoon| ok how to make the server reachable vi dyn.dns 1145458346 M * |coocoon| can't install grub or must i configure silo 1145458356 M * Bertl silo is fine, it is the sparc boot loader 1145458364 M * |coocoon| maybe u can reach the server now 1145458379 M * Bertl let's give it a try, msg me the ip/port 1145458384 M * |coocoon| i started the router new and then u have 24 h 1145458461 M * doener_ Bertl: i'm planning which days i'm going to LinuxTag. You'll be there on friday, right? 1145458522 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1145458541 N * BobR_oO BobR 1145458653 M * Bertl I'm currently trying to figure when I will be there, probably from friday morning till saturday afternoon or so 1145458671 M * Bertl not sure about accomodation yet ... 1145458754 N * ebiederm_zz ebiederm 1145458781 M * ebiederm So when is LinuxTag? 1145458812 M * doener_ 3rd to 6th of May 1145458824 M * Bertl h01ger: well, in some chat some of the swsoft folks (do not remember the details) 'admitted' that they ahd to keep back the source code because that would give away their secrets and advantage ... 1145458836 M * doener_ s/to/till/? *needs better English...* 1145458875 M * ebiederm hmm. 1145458884 M * Bertl h01ger: and I talked with a few folks who did actually buy Virtuozzo(tm) at some point, and they had to sign NDAs and such and were never given the source to the kernel modifications 1145458893 Q * |coocoon| Ping timeout: 480 seconds 1145458894 M * Bertl hey ebiederm! going to pay a visit? 1145458934 M * ebiederm Only to the channel. Unless I start making plans a year in advance I rarely make it to things. 1145458999 M * ebiederm Unless LinuxTag is conducted in English I would bet totally lost. The name at least sounds german/deutsch. 1145459038 M * matt1 Bertl: secrets? :) 1145459064 M * Bertl matt1: hey! 1145459099 M * matt1 as we see now the 'secrets' are not all that great :) 1145459107 M * Bertl matt1: well, the stuff they _now_ released as OpenVZ, I guess 1145459119 M * matt1 they still have their vzfs private 1145459144 M * matt1 but as a user of it, I'll tell you unification/CoW links blows it out of the water as far as maintaining sharing consistency 1145459200 M * matt1 Sam's vunify that checks the name/perms/SHA1 can be done as a weekly cron to re-unify if root users in a vserver all decide to upgrade, etc 1145459219 M * doener_ ebiederm: there are both german and english talks/workshops/... 1145459220 Q * pagano Ping timeout: 480 seconds 1145459234 M * matt1 their vzcache takes days to run... and while it does it locks every VPS so if a user does a 'reboot' inside their own VPS it's locked on the host and won't boot. 1145459257 M * matt1 so you need to kill that days worth of heavy disk I/O to start that single VPS up 1145459266 M * matt1 it really makes the program useless 1145459304 M * doener_ Bertl: I'll probably be there friday/saturday as well... looking at InfoMail #3, the Achat hotel looks good (ie. affordable ;) 1145459372 M * Bertl ah, good hint, I have to ask Nils though, not sure they do not already provide accomodation for a workshop guy, they did for a speaker two years ago 1145459405 M * Bertl ebiederm: how is the mainline virtualization going? 1145459425 M * Bertl ebiederm: didn't see many related emails on lkml last week? 1145459474 M * ebiederm A little quiet at the moment. Last week because of some related work I did I got fixed into fixing a ptrace bug. 1145459502 M * Bertl ah, well, we knew that 100 things will get fixed on the way 1145459502 M * ebiederm The short description, the code was never made SMP safe when SMP support was added to the kernel. 1145459554 M * ebiederm My OLS paper is basically done so the worst of the distractions are fixed. 1145459557 M * Bertl I was pleased to see that a bunch of things in my queue (not really Linux-VServer related) got fixed in 2.6.17-rc1 too 1145459588 M * ebiederm Jeff Dike has started working on a Time namespace. 1145459602 J * |coocoon| ~coocoon@p54A05193.dip.t-dialin.net 1145459608 M * |coocoon| hello 1145459612 M * Bertl ebiederm: good idea ... 1145459623 M * ebiederm It looks like some interesting ideas but his initial patches were pretty buggy. 1145459638 M * Bertl but, what is the purpose? 1145459642 M * |coocoon| bertl: have i lost the connection 1145459647 M * Bertl |coocoon|: np 1145459654 M * |coocoon| have u made it 1145459663 M * |coocoon| or something wrote what i haven't read 1145459686 M * ebiederm Bertl: Well from my perspective things like the monotonic timer need to be handled after migration. 1145459698 M * Bertl |coocoon|: nope, still waiting for some ip/port here 1145459716 M * Bertl ebiederm: ah, for migration purposes, yes that makes sense 1145459729 M * |coocoon| oh ok sorry i have lost the connection after restarting my router 1145459741 M * |coocoon| ok i will send it private ok 1145459746 M * Bertl yes, please 1145459791 M * doener_ Bertl: well, at least the mail ends with "Please register for project workshops!", so I guess the special rates for rooms should be available to you 1145459905 M * doener_ ebiederm: I didn't read the time namespace stuff in detail, but wasn't its purpose to allow UML to get native speed in that area? 1145459908 M * ebiederm It also helps with testing date bugs like the y2k problem. 1145459934 M * ebiederm doener_: That was the other think that Jeff was looking at extending ptrace so he only intercepted some 1145459938 M * ebiederm of the system calls. 1145459953 M * doener_ k 1145459953 M * ebiederm But putting a simple syscall nr filter in the kernel. 1145459987 M * doener_ 2.6.16.9... this is getting annoying... 1145459995 J * Viper0482 ~Viper0482@p549773F1.dip.t-dialin.net 1145460018 M * doener_ I like the wording on lwn though... "Today's first stable 2.6.16 release..." :) 1145460066 M * eyck we're expecting some other stable 2.6.16 releases tomorrow? 1145460154 J * Heinzwurst ~i@dsl55-244.pool.bitel.net 1145460170 M * doener_ or even today... .7 was released less than 2 hours after .6 1145460255 M * Heinzwurst Ermm .... I try to start up a guest-vserver on a 2.6.14.3-vs2.0.1 system with style:sysv .... but the interface doesn't get UP .... when I start in style:plain it works .... 1145460260 M * Heinzwurst how is that? 1145460316 M * Heinzwurst (with style:plain I have trouble to shutdown the vserver) 1145460417 J * _coocoon_ ~coocoon@p54A07F0B.dip.t-dialin.net 1145460460 M * ebiederm The uts namespace conversation has been going along pretty well. 1145460588 Q * |coocoon| Ping timeout: 480 seconds 1145460677 M * ebiederm What is fun, is that I just sent out a patch for a bug that I traced all of the way back to the 1.0 kernel. Talk about races that people never see. 1145460907 M * Bertl Heinzwurst: what tools do you use? 1145460935 M * Heinzwurst Gentoo-Package sys-cluster/util-vserver-0.30.210-r9 1145460960 M * Bertl and you are sure about the interface part? 1145460989 M * Bertl Heinzwurst: the interface should be configured by the tools before the guest is started, so it should not matter what init style you use 1145460998 M * Heinzwurst nope, I guess I just don't get it ... ;) 1145461028 M * daniel_hozac kevinp: i am now. 1145461040 M * Bertl Heinzwurst: by default the IPs are not visible via ifconfig (it's just too old) maybe that confuses you? 1145461082 M * Heinzwurst hhmnnnn .... okay ..... I switched back to style:plain and it also didn't come up ... :( 1145461102 M * Bertl Heinzwurst: check with 'ip addr ls' 1145461112 M * Heinzwurst What do I need for the interfaces? .... only the definitions in etc/vserver/[name]/interfaces/0/* 1145461127 M * Bertl yes, chances are good that it is already there 1145461142 M * phreak`` morning Bertl :) 1145461150 M * Bertl good morrning phreak``! 1145461156 M * phreak`` (just scrolling through he backlog) 1145461226 M * Heinzwurst wow ... that's true .... ip addr ls shows the IP .... only ifconfig shows a wrong stuff 1145461259 M * Bertl funnily we found a way to fix that recently 1145461281 M * Bertl so, the very latest kernels have a workaround for that 1145461297 M * Bertl Heinzwurst: but it doesn't affect networking, it's just cosmetic 1145461379 M * Heinzwurst only the proftpd laments about not finding the IP ... :) 1145461388 Q * _coocoon_ Ping timeout: 480 seconds 1145461398 J * |coocoon| ~coocoon@p54A0574E.dip.t-dialin.net 1145461419 M * Heinzwurst Starting proftpdepikur9 - Fatal: unable to determine IP address of 'epikur9'. 1145461514 Q * matt1 Ping timeout: 480 seconds 1145461560 M * Bertl Heinzwurst: okay, stop the guest, and add a 'name' entry to your interfaces/0 1145461581 M * Bertl something like 'echo test > ..../interfaces/0/name 1145461601 M * Bertl then start the guest again, it will now use an alias 1145461602 M * Heinzwurst i have so .... but interesting is, that on "ip addr ls" it shows the same name as for another vserver-guest, even if the name is different 1145461604 M * Bertl i.e. eth0:test 1145461634 M * Bertl Heinzwurst: it will only show 4 characters in addition to the eth0: part on ifconfig 1145461643 M * Heinzwurst on vserver has ..../interfaces/0/name = epi the other .../0/name = epu 1145461652 M * Heinzwurst but ip addr ls shows for every server "epi" 1145461666 M * Bertl that is at least strange 1145461682 M * Bertl what else does your /interfaces/0 contain? 1145461769 M * Heinzwurst the whole "ip addr ls" is: 1145461770 M * Heinzwurst inet x.y.z.154/26 brd x.y.z.191 scope global eth0 1145461774 M * Heinzwurst inet x.y.z.136/26 brd x.y.z.191 scope global secondary eth0:epi 1145461778 M * Heinzwurst inet x.y.z.159/26 brd x.y.z.191 scope global secondary eth0:epi 1145461802 M * Heinzwurst there is a dev, ip, name, prefix inside 1145461819 M * Heinzwurst (and) a bcast_ and mask_ (with underline, for testing) 1145461834 M * Bertl okay, maybe you changed the 'name' while the guest was running? 1145461849 M * Bertl try to stop the guest in question and remove the ip manually 1145461864 M * Bertl with 'ip addr del x.y.z.159/26 dev eth0:epi 1145461876 M * phreak`` Bertl: got a second ? 1145461880 M * ebiederm Bertl: The important news with mainline virtualization is that while there are still some technical sticking points we aren't getting deadlock on everyone's requirements. 1145461883 Q * Loki|muh Read error: Connection reset by peer 1145461899 M * Bertl phreak``: sure 1145461952 J * Loki|muh loki@satanix.de 1145461963 M * kevinp daniel_hozac: when I used the configuration as specified on the flower page, the settings were ignored 1145461984 M * kevinp I had to put them in a subfolder 0 before it used them 1145461987 J * _coocoon_ ~coocoon@p54A06D74.dip.t-dialin.net 1145462033 M * kevinp as specified in this doc: http://linux-vserver.org/Disk+Limits 1145462042 M * _coocoon_ bertl: sorry, so how to assign dynamic dns, i have the option here, but no domain for that, this must mustn't it 1145462109 M * kevinp as far as the context id, I also ran chxid -c 737 -R /vservers/testing.com/ on it with no change 1145462144 M * kevinp and would the old script work if I had the wrong chxid? 1145462154 M * Bertl _coocoon_: never did that, but there are free services for that IIRC 1145462167 M * Bertl _coocoon_: let me see if I can find one, or if somebody knows 1145462173 M * _coocoon_ ok 1145462202 M * daniel_hozac kevinp: yes, the old script just sums all the files in those directories. 1145462220 M * daniel_hozac kevinp: and the flower page states that there is a index directory, just as for interfaces. 1145462240 Q * ||Cobra|| Remote host closed the connection 1145462248 Q * |coocoon| Ping timeout: 480 seconds 1145462257 M * _coocoon_ bertl: must i activate remote access into the router 1145462261 M * _coocoon_ i will try 1145462384 M * Bertl http://www.oth.net/dyndns.html 1145462386 M * Heinzwurst Bertl: I guess you're right ... i started two times the same eth0:epi but couldn't see with ifconfig and thought it didn't come up because of the same name ... in real, it went up and now I have double .... 1145462415 M * Heinzwurst I just can not ip addr del because the other vserver is a live server .... have to wait until tonight ... :) 1145462417 M * Bertl Heinzwurst: as I said, no problem, just remove the wrong one and restart the guest 1145462419 M * Heinzwurst thank you for your help 1145462434 M * Bertl you're welcome! 1145462455 M * kevinp daniel_hozac: ok, I get it now the at the end was for the 0, etc 1145462470 M * daniel_hozac kevinp: and did you stop the guest, remove the cache, and then start the guest to check if the chxid changed anything? 1145462525 M * kevinp when removing the cache file, do I need to remove the dlimits directory as well or something? 1145462541 M * Bertl daniel_hozac: could you give a short overview of the mechanisms behind the new dlimit stuff? i.e. when is the filesystem checked with vdu and/or when is it just reloaded? or is there a page to read about it? 1145462541 M * kevinp I have never got the cache file to recreate on a reboot 1145462571 M * daniel_hozac kevinp: as i said in the email, it only exists when the guest is stopped. 1145462592 M * kevinp gotcha 1145462615 J * jesse_ ~wenchien@221-169-69-23.adsl.static.seed.net.tw 1145462616 M * daniel_hozac Bertl: basically, if the cache doesn't exist, vdu is run. when you stop the guest, the current vdlimit values are cached. 1145462637 M * daniel_hozac Bertl: when you start the guest again, the values are read, then the cache is removed, and the cycle restarts. 1145462652 M * Hollow hey Bertl! 1145462671 M * Hollow i've found out more about lo0.03 1145462684 J * doener ~doener@i5387C14D.versanet.de 1145462698 M * kir matt1, speaking of vzcache it actually tries to find the files which are common between different VPSs and put those into template area. vunify, on the other hand, tries to find files in VPS which do exist in the template area already and when does unification. that's the major difference. 1145462743 Q * _coocoon_ Ping timeout: 480 seconds 1145462811 M * Bertl daniel_hozac: sounds simple ... 1145462822 M * daniel_hozac Bertl: it is :) 1145462831 M * Bertl kir: you got that wrong :) 1145462861 M * Bertl kir: and you obviously missed vhashify, but that's a different story 1145462877 M * Bertl Hollow: cool, let's hear! 1145462951 M * Hollow Bertl: the binding seems to work, netstat shows the correct adresses... but if i bind to 127.0.0.1 in two different guests, and then try to connect from the host to 127.0.0.1 i get the last guest that binded to it, after killing the last guest, the guest which binded previously to 127.0.0.1 is now accessible 1145462971 M * Bertl kir: you should find more info here: http://linux-vserver.org/alpha+util-vserver 1145463007 M * Bertl Hollow: ah, yes, I somewhat expected that, but didn't test/know for sure 1145463022 M * Hollow beside that it looks very promising 1145463034 M * Bertl Hollow: but for generic 0.0.0.0 and specific ip (!= 127.0.0.1) binds it works for udp and tcp, right? 1145463062 M * Bertl Hollow: another thing you could test is extending the IP set (or changing it) on the fly, which should work too 1145463066 M * Hollow ah, didn't test udp.. but for tcp yes... don't remeber for sure with 0.0.0.0, let me look again 1145463085 Q * doener_ Ping timeout: 480 seconds 1145463138 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1145463182 M * kir Bertl, as I read about vunify it gets dst-path (a path to guest) and reference-path (a path to what we call "template area") and link files in dst_path to those in reference_path, this is what I was trying to say and I do not see where am I wrong 1145463200 M * Hollow Bertl: for tcp it only works as expected if i bind to specific ip != 127... if i use 0.0.0.0 the same happens as with 127.0.0.1 1145463237 M * kir Bertl, and yes, vhashify is similar to vzcache that matt1 talked about 1145463242 M * Bertl kir: that both the dst and the reference could be guests 1145463261 M * Bertl kir: i.e. no need for a 'template' as you use it 1145463287 M * kir Bertl, the thing is one should not compare oranges to apples, but oranges to oranges -- so one should compare vzcache to vhashify not vunify 1145463370 M * Hollow Bertl: for udp netcat tells me operation not permitted after trying to connect the first time 1145463387 J * _coocoon_ ~coocoon@p54A07829.dip.t-dialin.net 1145463387 M * Hollow if i bind to 127 and try to connect to it from the host 1145463408 M * Bertl Hollow: okay, maybe leave the host out for now 1145463419 M * Bertl (i.e. just look at guest vs guest) 1145463588 Q * ntrs_ Quit: Leaving 1145463818 M * _coocoon_ bertl: i have it 1145463942 J * bonbons ~bonbons@83.222.37.206 1145464061 M * Bertl _coocoon_: thanks! works! 1145464068 M * Bertl welcome bonbons! 1145464092 M * bonbons morning Bertl! 1145464112 M * Hollow Bertl: http://phpfi.com/113666 1145464206 M * Hollow (lotest has 192.168.0.123 only, lotest .124 respectively) 1145464213 M * Hollow *lotest2 1145464242 M * Bertl ah, so udp across guests works, but tcp is blocked, yes? 1145464248 M * Hollow seems so 1145464259 M * Hollow althought the 127 udp doesn't work too 1145464271 M * Bertl yes, that is kind-of intentional 1145464279 M * Hollow the nc in lotest fails with operation not permitted after lotest2 connects 1145464325 M * Hollow and also the udp traffic doesn't work always if bound to 0.0.0.0 1145464330 M * Hollow (last example) 1145464336 N * jesse_ wenchien 1145464365 M * Bertl Hollow: no, that's just that nc dies after receiving the first packet 1145464381 M * Hollow hm 1145464399 M * Hollow right 1145464400 M * Bertl IIRC, that is normal behaviour 1145464417 M * Hollow yes.. it's confusing.. the connection is gone, but my nc process does not die.. confused me yesterdayas well 1145464474 M * _coocoon_ ok bye to all 1145464477 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1145464542 M * Hollow Bertl: btw, a question about cpu_id for the sched.. on UP systems setting cpu=0 and including it in teh setmask does have the same effect as if i'd leave it out, right? 1145464573 M * Bertl hmm, on UP that should not matter, but I'm not 100% sure 1145464613 M * Bertl ah, yes, right, on UP the scheduler is updated unconditionally 1145464624 M * Bertl we might want to adjust that to match SMP behaviour 1145464689 M * Hollow ok.. 1145464711 M * Hollow just came to my mind while thinking about the config 1145464739 M * Bertl yeah, it's probably better to be closer to SMP 1145464758 M * Bertl btw, I added a FORCE flag recently, to force scheduler updates 1145464773 M * Hollow what kind of updates? 1145464795 M * Bertl the scheduler buckets are updated lazily (by default) 1145464807 M * Bertl i.e. when no task is scheduled on that cpu, no update happens 1145464821 M * Bertl this update can be forced now with the FORCE flag 1145464823 M * Hollow ah, ok.. didn't know that.. does it have any effect then? 1145464841 M * Bertl it's mainly to get /proc data in sync for tests and such 1145464842 M * Hollow if nothing is scheduled why obther to update? 1145464846 M * Hollow ic.. 1145464865 M * Bertl so it should not be the default, but an option 1145464877 M * Bertl afk, getting something to eat, brb 1145464881 M * Hollow ok ;) 1145465592 M * Bertl back now ... 1145465705 M * matta wtf? 1145465714 M * matta you see this kerneltrap interview? 1145465727 M * h01ger Bertl, ic. sounds bad. btw, there are new comments.. 1145465728 M * Bertl yes 1145465943 M * matta Andrey Savochkin: First of all, OpenVZ is a completely different project than VServer and has different code base. OpenVZ has bigger feature set (including, for example, netfilter support inside VPSs) and significantly better isolation, Denial-of-Service protection and general reliability. Better isolation and DoS protection comes from OpenVZ resource management system, which includes hierarchical CPU scheduler and User Beancounter patch 1145466056 M * Bertl see, you should not use that VServer project stuff :) 1145466197 M * matta lol 1145466200 M * matta I see you are first comment 1145466223 M * matta they definitely have a huge marketing machine behind them 1145466228 M * matta LOTS of venture capital 1145466232 M * kir matta, this is evil and it will ruin your VServer box 1145466253 M * kir matta, but you should not use VServer since the simple C program run in any guest will ruin your box 1145466260 M * kir matta, so you got it right 1145466290 M * kir matta, and here is the program: http://pastebin.com/669333 1145466303 M * kir matta, it is easy and naive, no tricky stuff 1145466331 M * kir matta, so *PLEASE* do not run it. but it shows that OpenVZ resource management is better, you have to face the fact 1145466350 M * kir Bertl, I think you do have a workaround or solution? 1145466489 M * daniel_hozac kir: so OpenVZ applies limits, even if the admin doesn't configure any? that doesn't sound annoying at all. 1145466522 M * Bertl kir: all I see is a huge number of dirs, what problem do you have with that? 1145466525 M * matta well, I use Xen anyway kir :) 1145466539 J * lilalinux ~plasma@dslb-084-058-202-192.pools.arcor-ip.net 1145466565 M * matta I don't see how you don't see Xen 3.0 as stable... it's on 3.0.2-2 and has HP, RedHat, IBM, Novell, etc backing it 1145466586 M * matta is swsoft so scared of these competing technologies? :) 1145466596 M * Bertl kir: just ran it on a vserver kernel, except for a few thousand dots nothing happened 1145466604 M * kir daniel_hozac, OpenVZ has a few configuration samples, and there is a sample which is made default in a config file, so if you do not specify a config to use, default will be used. Of course you can specify the other config, or manage all the resources separately (like vzctl set 123 --privvmpages X:Y) 1145466641 J * mnemoc ~amery@216.241.24.10 1145466642 M * matta this is very un-professional. 1145466645 M * kir Bertl, so it keeps running? 1145466659 M * matta for swsoft developers to take stabs at competing technologies 1145466677 M * matta and even come into the project channels to fight 1145466680 M * kir matta, this very piece of interview was actually taken some time in November next year 1145466693 M * Bertl kir: yes, I stopped it CTRL-C after a few minutes 1145466696 M * Hollow didn't know you have a time machine ;) 1145466705 A * h01ger just run "while true ; do mkdir a ; cd a ; done while true ; do mkdir a ; cd a ; done" in a guest... nothing happened except what should 1145466708 M * kir s/next/last/ 1145466718 M * Hollow :) 1145466721 M * h01ger aeh, i ran it once :) 1145466728 M * kir h01ger, shell code will not work, you need C code. as bash is really slow doing this 1145466739 M * daniel_hozac kir: so you do apply limits without consulting the admin. that's nice. 1145466743 M * matta I will be letting Moruga and Jack Z about the un-professionallism I have experienced here. 1145466750 M * h01ger perl? :) 1145466762 M * Bertl kir: so the intention is to trash the system on the I/O level, right? 1145466766 M * kir h01ger, did't try it with perl, should work afaiu 1145466771 M * kir Bertl, no. 1145466772 M * matta (yes, I am a decently large Virtuozzo customer) 1145466778 M * kir Bertl, the problem is dcachesize 1145466788 M * Bertl kir: so? what should happen what doesn't happen here? 1145466802 M * kir Bertl, phreak`` killed his box with that 1145466831 M * kir Bertl, oom killer apparently kills random process -- not only in your guest but in other guests as well. 1145466845 M * Bertl I mean, the linux kernel is probably missing a maximum path depth here 1145466847 M * kir matta, sure, go ahead 1145466876 M * kir Bertl, there is no limit on the maximum path, there should not be. there is a limit on path that you can pass in a syscall like chdir() 1145466892 M * kir Bertl, but you can do chdir() many times and there's nothing wrong with that 1145466957 M * Bertl okay, so OpenVZ does limit the dcache per guest, is that the message? 1145466984 M * kir daniel_hozac, everything is under control, this is just a sane default. we also do have a default for, say, OS template (a distro used for the VPS, for the guest) so if you do not specify any it will take default, so you do not have to say --ostemplate fedora-core-5 each time 1145467020 M * kir Bertl, the message is there is not enough isolation in VServer if a guest user can trigger killing other user's and other guest's processes 1145467031 M * matta kir: does openvz limit the rss of each guest? does it have a fair queuing I/O such as vservers per-context CFQ? 1145467053 M * Bertl kir: well, I'm pretty sure you can do similar with OpenVZ too 1145467073 M * Bertl kir: after all, it's not the corner cases we try to cover 1145467085 M * eyck hmm, 1145467097 M * Bertl kir: seems like OpenVZ's only design focus is to handle evil users 1145467103 M * eyck you're supposed to cover corner cases when it comes to security 1145467107 M * kir matta, rss -- yes. CFQ -- we are working on it 1145467127 M * matta kir: what is the rss (NOT vsize) ubc variable? 1145467142 M * kir Bertl, we would love to have an exploit from you. I can give you an access to an OpenVZ VE 1145467158 M * kir matta, physpages I suppose 1145467162 M * matta bzzzzz 1145467163 M * matta wrong 1145467192 M * matta you can't limit per-VPS rss with virtuozzo/openvz 1145467200 M * matta physpages is accounting only 1145467208 M * Bertl so, let's have a look at the OpenVZ dcache code, maybe so ideas can be reused :) 1145467208 M * matta how do you not know so much about your own product? 1145467236 M * Bertl matta: it's not 'his' product 1145467252 M * Bertl matta: you ahve to talk to swdev if you want to know kernel details 1145467277 M * kir matta, sorry I was wrong we do not limit physpages -- it's for accounting only. 1145467309 M * kir matta, still rss is potentially limited by privvmpages -- obviously you can not have more rss that privvmpages 1145467331 M * matta kir is on the project 1145467339 J * brc bruce@20151210016.user.veloxzone.com.br 1145467352 M * kir matta, have I answered your question now? 1145467354 M * matta kir: but privvmpages can be swapped out 1145467358 M * matta rss cannot be 1145467370 M * matta so limiting privvmpages is just limiting VSIZE 1145467372 M * kir still you can not have rss > privvmpages, so it is limited 1145467381 M * Bertl http://download.openvz.org/kernel/broken-out/2.6.16-026test005.1/diff-ubc-dcache-20060303 1145467388 M * Bertl that's the relevant code? 1145467389 M * matta but what about the hosts swap? 1145467394 M * matta should the host should swap like mad? 1145467414 M * matta or should 'in-kernel' memory also be limited, seems like it should to me. 1145467439 M * matta why is anyone from swsoft so unwilling to not admit they shit out golden code? 1145467483 M * matta and could possibly _learn something_ from other projects instead of simply bashing them? 1145467504 M * kir matta, can you join #openvz at freenode.net where we can discuss it? it's a bit offtopic here I'm afraid 1145467511 M * matta no 1145467514 M * matta you came in here 1145467516 M * matta with your trolling 1145467521 M * matta so you complete your trolling here. 1145467564 M * matta are you scared you don't know exactly what you're talking about and want the OpenVZ cronies to jump all over me? 1145467576 M * kir matta, it IS not trolling 1145467591 A * Hollow sighs 1145467600 J * dev ~dev@swsoft-mipt-nat.sw.ru 1145467602 M * kir matta, I have reported about a security vulnerability. yeah i know this is probably not the best way 1145467619 M * matta it is very intrusive to the vserver project. 1145467625 M * kir here comes dev, he definitely knows more about UBC and all that stuff. I am just an egg 1145467646 M * matta kir: and dev is the creamy filling? 1145467654 M * kir Bertl, I suppose yes 1145467667 M * kir matta, not sure what you mean, sorry I'm not a native speaker 1145467682 M * kir matta, dev is the leader of openvz/virtuozzo kernel team if you mean that 1145467788 M * Bertl so it probably takes an hour to add a dcache limit 1145467789 M * matta I don't see what info he can provide that you have already provided. 1145467798 M * Bertl now the funny question is, do we need that? 1145467846 M * kir Bertl, it took about 2 seconds in our setup, probably something is different on yours 1145467868 M * Bertl kir: how long does it take on vanilla? 1145467873 M * matta kir: you mean it's 'configured properly' ? 1145467893 M * matta or that Bertl configured it not to purposely fail for some interview? 1145467901 M * kir matta, apparently you have some questions about OpenVZ UBCs. the best place to ask is #openvz at freenode.net, and the best person to ask is either [sw]dev or saw@ -- but he is not on the IRC 1145467910 M * matta I don't have any questions about UBC 1145467919 M * matta I have a better understanding of it than you do, apparently. 1145467925 M * Bertl lol 1145467935 M * matta the 'developer' for OpenVZ 1145467946 M * Bertl he never claimed that 1145467955 M * kir matta, yes I am not a kernel developer, I do work on the areas such as tools 1145467956 M * Bertl IIRC, it always said: Project Leader 1145467975 M * kir matta, good for you that you know that very area better 1145468015 M * Bertl but once again I ask myself, why would two Free/OpenSource Projects have such issues working together ... 1145468018 M * kir matta, I did work on testing and tools (such as vzctl, template tools etc) 1145468030 M * kir Bertl, it's sad for me too 1145468050 M * Bertl and the only answer I have so far is that one is not really independent/free from company policies 1145468053 M * kir Bertl, hope we will work together somehow through LKML and the other parties involved 1145468121 M * kir Bertl, personally I am mostly independent (or at least I hope so). I do care for OpenVZ so my opinion is biased towards openvz (such as your opinion is biased towards VServer since this is your baby) 1145468130 M * Bertl kir: I hope so too, and you should know that I do not have any problem working with 'other' companies, which is also true for SWsoft ... although I would appreciate if they'd stop bashing around and glorifying their code, and start working on the real stuff 1145468210 M * Bertl btw, it was a lot harder to remove the dir tree again :) 1145468229 M * kir Bertl, we do work on a real stuff, don't we. and this is Andrey's opinion expressed in the article. He is the author of most of the UBC code, he knows that stuff inside and out (not like me, as matta just shown here), he did that for 5 years and it is he, personally, who thinks that OpenVZ has better resource management, and this is what he says 1145468236 M * Bertl (but I still do not see any difference to vanilla here) 1145468243 M * kir Bertl, Andrey didn't said that VServer is worse 1145468260 M * kir Bertl, he expressed his opinion 1145468264 M * Bertl kir: you're sure you read the article? 1145468266 M * matta Andrey Savochkin: First of all, OpenVZ is a completely different project than VServer and has different code base. OpenVZ has bigger feature set (including, for example, netfilter support inside VPSs) and significantly better isolation, Denial-of-Service protection and general reliability. Better isolation and DoS protection comes from OpenVZ resource management system, which includes hierarchical CPU scheduler and User Beancounter patch 1145468270 M * matta that sounds like 'better' 1145468305 M * matta it actually uses the word 'better' quite a few times 1145468321 M * kir Bertl, "bigger feature set" and "significantly better isolation". 1145468340 M * Bertl kir: for example, I haven't seen any good argument/test which shows that a two level scheduler is better than the hard cpu scheduler we have ... 1145468348 M * matta "Better isolation and DoS protection" 1145468350 M * Bertl (nor that it is worth the overhead) 1145468364 M * kir Bertl, still if you have some issues with Andrey why don't you contact him directly. Or ask Jeremy to interview you on the topic of VServer and say that you think VServer resource management is way better? 1145468376 M * kir Bertl, I mean, nobody can stop you. 1145468394 M * Bertl kir: I'm sure about that, but I really don't want to waste my time for such things ... 1145468404 M * daniel_hozac yay, payback playground style! 1145468417 M * matta kir: see, Bertl doesn't have a corporate agenda... 1145468433 M * Bertl kir: if you or Savochkin want to bash around, go ahead ... 1145468446 M * matta Bertl was just defending himself. 1145468463 Q * matti Ping timeout: 480 seconds 1145468466 M * matta if vserver was not so played off as a poor alternative to OpenVZ I doubt he would have made his comment. 1145468468 M * Bertl kir: and maybe you folks get the project name right next time :) 1145468498 M * Bertl matta: I would not even have bothered to make an account on kernel trap 1145468529 M * kir Bertl, OpenVZ is an open subset of Virtuozzo (VZ), thus the name 1145468550 M * Bertl hmm, you forgot the (tm) :) 1145468582 M * kir Bertl, I have received enough from matta tonight, please try not to be ironic 1145468583 M * Bertl so, there are closed source parts of the kernel, yes? 1145468604 M * Bertl proprietary binary only modules for the VZ customers 1145468622 M * Bertl which make it (according to your pages) 24/7 ready and much faster 1145468629 M * daniel_hozac that were originally written for Windows. 1145468645 M * daniel_hozac (otherwise the non-GPL binary module thing doens't fly) 1145468656 M * Bertl of course :) 1145468674 M * kir Bertl, this phrase about "24/7" was indeed a marketing bullshit so I have removed it 1145468709 M * Bertl kir: see, remove all that marketing bullshit and we will get along really great! 1145468739 M * Bertl kir: a new exploit or kernel issue, no problem, one team will pick it up and inform the other 1145468765 M * Bertl kir: nobody in the channel when somebody needs help, no problem either, the other team can give some hints 1145468785 M * Bertl kir: don't you see that bashing eachother doesn't benefit anyone? 1145468824 M * kir Bertl, it is not bashing, again (1) Andrey expressed his opinion and I believe he will tell the same with a "lie detector" attached 1145468871 M * kir Bertl, there is an exploit in VServer we shown to you, you fix it and your software will become better 1145468873 M * eyck and also, openvz does not support 2.4.x, while Vserver does, which is great, 1145468896 M * kir eyck, and also openvz does not support ppc 1145468922 M * kir OK I'm off, it was a long day today.... 1145468922 M * matta kir: I believe it was the method by which you expressed the exploit. 1145468942 M * tokkee How can I create a new vserver, when I already have the base of the "chroot" environment? 1145468956 M * matta (13:03:51) kir: matta, this is evil and it will ruin your VServer box 1145468956 M * matta (13:04:12) kir: matta, but you should not use VServer since the simple C program run in any guest will ruin your box 1145468956 M * matta (13:04:19) kir: matta, so you got it right 1145468956 M * matta (13:04:49) kir: matta, and here is the program: http://pastebin.com/669333 1145468956 M * matta (13:05:02) kir: matta, it is easy and naive, no tricky stuff 1145468957 M * matta (13:05:30) kir: matta, so *PLEASE* do not run it. but it shows that OpenVZ resource management is better, you have to face the fact 1145468967 M * kir matta, yep it was not great. but it is to illustrate what Andrey said 1145468975 M * matta that does not seem 'helpful' to Bertl at all 1145468976 M * Hollow tokkee: vserver build -m skeleton [other opts to build command] 1145468985 M * kir matta, those words about "DoS protection" 1145468992 M * tokkee Hollow: thx. 1145468994 M * Hollow then copy the contents of the chroot to / 1145468999 M * dev guys, stop it please 1145469004 M * kir OK I'm off, let's stop spamming 1145469006 Q * kir Quit: Leaving 1145469038 M * tokkee Hollow: Oh I need to copy that stuff _after_ building the vserver? 1145469047 M * Hollow you can actually move it ;) 1145469051 M * Hollow yes 1145469051 M * matta dev: are you upset because your collegue did not express himself in a professional manner? 1145469073 M * Hollow the skeleton method only creates the config + some devices in / 1145469130 M * tokkee Hollow: Well, actually I have a (Debian) base installation in one vserver and I want to use that as base for several other vserver using unionfs-mounts... is that still gonna work? 1145469155 M * Hollow uhm.. donÄt know about unionfs.. but there is a howto iirc 1145469159 M * ray6 oh, did I miss something? :) Is there still someone from SWsoft around who can tell me if OpenVZ will ever be applyable to a xenU patched kernel? :) 1145469187 M * dev matta: everyone can be emotional :) sorry for him. 1145469226 M * Hollow tokkee: have you thought about using unification rather than unionfs? 1145469257 M * Bertl ray6: dev is the one you want to talk to 1145469304 M * matta dev: apology accepted. 1145469346 M * dev ray6: I remember someone from #openvz reported that it is easy enough. I also saw reports from vserver that collisions are really simple and patches apply without much problems 1145469359 M * dev matta: are you Matt Ayress? 1145469367 M * Bertl btw, did anybody try the 'exploit' (or whatever we should call it) as unpriviledged user on a normal linux system? 1145469378 M * tokkee Hollow: I just read about it in the mail-archieve. The point is that I know how to use unionfs, but I don't know how to use unification ;-) 1145469388 M * Hollow heh 1145469394 M * Hollow i don't know either :) 1145469402 M * dev Bertl: it should work on std linux as well. 1145469404 M * daniel_hozac tokkee: vserver ... hashify all of your vservers, voila ;) 1145469414 M * Bertl dev: even as normal user, right? 1145469427 M * matta dev: Yes I am. 1145469436 M * ray6 dev: I tried it with both about a week ago. Vserver is just one very simple to resolve collission, openvz hat much more so I delayed that. If you know someone who did a patch of openvz+xen I'd be interested 1145469442 M * Bertl dev: I mean, nothing is stopping a 0815 user from doing that 1145469470 M * dev Bertl: I suppose yes. Maybe only inode disk or cache limit 1145469476 M * tokkee daniel_hozac: I'm not sure, if that is as flexible as unionfs. What I want is the ability to "reset" a given vserver to the base system at any time... 1145469478 M * matta dev: and if you know that, then you know I have helped your development and features greatly in the past. 1145469485 M * phreak`` meh, my box is still deleting that aaa/aaa/aaa/ :) 1145469490 M * matta dev: and do not appreciate the method your group has chosen. 1145469499 M * dev matta: yes, I really appreciate it. 1145469501 M * daniel_hozac tokkee: not quite the same, no. 1145469507 M * dev :) 1145469518 M * matta dev: I could have done the same for the multiple exploits and bugs that I found in virtuozzo 1145469529 M * dev phreak``: does it trigger OOM on deletion? :) 1145469536 M * matta dev: I hope you will show Bertl more respect in the future. 1145469546 M * phreak`` dev: not yet, no 1145469568 M * Bertl dev: ah, OOM is disabled on my machines 1145469586 M * dev matta: it was triggered by _very_ unpolite comment of Bertl. I tried to convince guys to ignore that :/ 1145469643 M * Bertl dev: overcommitment that is 1145469645 M * dev Bertl: but in this case it should slowdown machine quite much, no? 1145469658 M * matta dev: was anything Bertl said in his comment un-true? 1145469664 M * Bertl dev: well, not that much, but yes, you see the difference 1145469664 M * tokkee Does anybody know a link to a vserver+unionfs howto? 1145469686 M * dev matta: 1. we didn't pay any money for the interview. 1145469707 M * dev matta: 2. "speculation" comments are also unpolite/untrue. 1145469726 M * dev Bertl: do you have much RAM? 1145469747 M * Bertl dev: about 1GB on the machine I tested 1145469751 M * dev ray6: can you provide an URL to Xen and tell me which OpenVZ version you want to use 1145469756 M * matta ok, I will accept that. 1145469771 M * micah dev: such an 'exploit' can be done on a vanilla kernel, why claim it as an exploit of Vserver? 1145469778 M * matta dev: Thank you for showing the vserver project of a potential exploit. 1145469787 M * Hollow lol 1145469808 M * micah its hardly an exploit, there is no priviledge escalation, no data leakage, only possible denial of service 1145469817 M * dev micah: because with multiple virtual environments such issues become much more important. 1145469821 M * ray6 micah: as a vserver should provide isolation, that's a point I can see to be taken. But I haven't verified the exploit yet, just booting up my xen-vserver domU :) 1145469848 M * micah dev: its still not an issue isolated to vservers 1145469848 M * ebiederm Just for the fun of it how many open files can I have in OpenVZ? 1145469862 M * micah dev: its disengenious to claim it is a vserver 'exploit' 1145469875 M * dev ebiederm: it is regulated by numfiles UBC settings. 1145469890 M * ebiederm And what is a typical configuration value? 1145469895 M * ray6 dev: sure, in a second... 1145469900 M * dev micah: It was not me who called it 'exploit'. It's Kir error. And I told sorry for that already 1145469938 M * dev micah: it is not an exploit. but it is a kind of a weak isolation. 1145469939 M * Bertl folks, let's try to calm down and focus 1145469948 M * dev Bertl: yup. 1145469958 M * Bertl first, let me apologize for the 'passionate' comment on kernel trap 1145469977 M * dev Bertl: thanks for this! 1145470006 M * Bertl I think I was annoyed by the repetitive arguments that OpenVZ is the ultimate solution 1145470042 M * dev Bertl: I propose to say less bad words about VServer/OpenVZ from both parties publicly. 1145470058 M * Hollow let's just do it behind doors :) 1145470071 M * daniel_hozac but, we have no doors. 1145470073 M * cehteh http://www.heise.de/newsticker/meldung/72124 .. (german) 1145470074 M * daniel_hozac the IRC logs are public :( 1145470076 M * dev Bertl: It is just a personal opinion of one guy. Xen guys often repeat that Xen is the best for everything. Didn't they? 1145470086 M * micah you can imply 'bad words' by saying 'we are better' 1145470102 M * Bertl dev: which also annoys me, but they are company backed too 1145470103 M * micah yes, the xen marketting is just as annoying for the same reason 1145470115 M * ray6 dev: the main problem is that I can't find a raw patch for 2.6.16, so I have to try the one for 2.6.8 or try to extract the one from the fedora kernel-srpm which surely has some fedora dependencies. Is there a raw 2.6.16 openvz patch available? 1145470137 M * dev ray6: it's enough to tell me that you need 2.6.16 :) 1145470139 M * Bertl nevertheless, it's no excuse to bash back on you 1145470163 M * ray6 dev: current xen only is 2.6.16 so that's why a patch for 2.6.16 would be the best 1145470175 M * dev ray6: and Xen source URL? 1145470180 M * Bertl ray6: http://download.openvz.org/kernel/broken-out/2.6.16-026test005.1/diff-ubc-dcache-20060303 1145470191 M * Bertl remove the last path elements 1145470194 M * ray6 dev: use the package from http://www.cl.cam.ac.uk/Research/SRG/netos/xen/downloads/xen-3.0-testing-src.tgz that's currently the best 1145470243 M * Bertl second, the dcache issue seems to be a generic linux kernel DoS, which every user can easily do, no? 1145470269 M * daniel_hozac Bertl: shouldn't the delta-udpaddr-fix01 be applied to the 2.0.2 tree as well? 1145470284 M * Bertl so that makes me wonder if we should not treat it as critical as all the other exploits seen lately ... 1145470297 M * daniel_hozac yay, 2.6.16.10! :) 1145470302 M * Bertl daniel_hozac: it needs a small modification, I have a patch here, IIRC 1145470329 M * Bertl dev: so we should think about fixing that (if possible at all) in mainline 1145470340 M * Bertl dev: maybe with a new ulimit? 1145470342 M * dev Bertl: there are many ways of hacking Linux. treating them as "common" to Linux mainstream and ignoring them is not the best way IMHO 1145470343 M * daniel_hozac (or have they released .10 already? .9 is 10 hours old now) 1145470353 M * phreak`` daniel_hozac: lol :) 1145470356 M * ray6 dev: extract it. put a linux-2.6.16.tar.bz2 inside (it will download it otherwise), edit the Makefile to read KERNELS ?= linux-2.6-xenU in the first non-comment line and say "make prep-kernels" - it should give you a linux-2.6.16-xenU directory with the patched kernel tree 1145470371 M * dev Bertl: I'm pretty sure, all mainstream gurus are aware of such issues :/ 1145470385 M * ebiederm Bertl: There is a point and all of the bean counter type work reinforces this that if you are going to expect untrusted users you should care more about bugs then people who only expect trusted users. 1145470390 M * dev ray6: oh, god :) 1145470392 M * phreak`` daniel_hozac: only the novell/suse people submitted AppArmor for inclusion 1145470394 M * ebiederm But certainly the problems should be fixed in mainline if the happen. 1145470428 M * Bertl ebiederm: well, if there are only 'trusted' users on vanilla linux, why should there be untrusted on vps? 1145470460 M * Bertl ebiederm: I don't think that Linux-VServer is for the evil part of the world :) 1145470462 Q * cehteh Read error: Connection reset by peer 1145470475 M * ray6 dev: applying a vserver 2.6.16-patch to this xenU tree is a matter of minutes as xen is mainly on other parts of the kernel. Possibly that's also true for openvz but I'd need a 2.6.16 openvz to verify this :) 1145470491 M * ebiederm Bertl: In practice it is mostly the law of large numbers. 1145470491 M * matta openvz 2.6.16 does NOT apply to a 2.6.16-xen kernel 1145470495 M * matta there are many conflicts 1145470520 M * ebiederm The more users you have the more likely they will cause problems. When you can increase your number of sysadmins it is easy to increase your total number of users. 1145470520 M * ray6 matta: that's what I expected from my experiments with the patch from the fedora-SRPM :) 1145470538 M * Bertl ebiederm: what I wonder is why there is no limit on the path depth in dcache? 1145470563 M * Bertl ebiederm: does it make sense to have more than, let's say MAX_PATHDEPTH or so chars in a path? 1145470563 M * ebiederm Bertl: Because there is not path depth in the dcache. 1145470569 M * ray6 Bertl: I see a point in using isolation for not having to trust the users as much as usually. If you want to leave that part of isolation to openvz... :) 1145470575 M * dev ebiederm: sorry, missed you question about numfiles. I suppose it's about 1024 files or so. 1145470594 M * ray6 (or to xen, which achieves this really well :) 1145470627 M * ray6 or both. Use xen to seperate good from bad, and then use one xenU to have all the good guys in vservers :) 1145470654 M * ray6 (or openvz if we can make it apply, hey, it's just different technologies, we're not in a war here :) 1145470666 M * dev ebiederm: numfiles are separate from dcachesize in UBC 1145470688 M * dev ebiederm: moreover, the problem is not about files, but about pinned dentries. 1145470702 M * ebiederm dev: Partly I was wondering if OpenVZ has found some tehniques for comprehensively attacking the problem of resource consumption or if it is still a matter of pluggin one hole at a time. 1145470783 M * ebiederm dev: With 1K files per process and 100 processes I can trigger the oom killer on any shipping production system I know of right now. 1145470795 M * dev ebiederm: I'm not sure how comprehensive it is from your POV, but we just do accounting and limiting. 1145470841 M * dev ebiederm: no, UBC accounts dcaches/inodes pinned by VPS owners to dcachesize parameter. 1145470892 M * Bertl dev: I think what ebiederm tries to tell you is that, a OpenVZ entity 1145470901 M * ebiederm Bertl: having a max number of dcache entries in the path may be intereting in the kernel. 1145470912 M * Bertl with 100 processes (limit) and 1k files per process would go down easily 1145470933 M * Bertl but here the fact is missed that the entire guest is limited to 1k files 1145470966 M * Bertl ebiederm: I would have expected something along those lines 1145470967 M * ebiederm And with entire guest limits things are much easier to control. 1145470995 M * ebiederm I can also probably kill the kernel if ptrace works inside the guest. 1145471005 M * ray6 the main question IMHO is: is openvz immune to this issue because it isolates the OOM killer, or just because it by default has stricter limits (which it has from my experience :) and therefore the user's can't trigger it so easily? 1145471020 M * Bertl well, I think we will add the dcache accounting for now, but a generic mainline approach would be better IMHO 1145471027 M * dev Bertl: no, I think Eric tries to tell that 100 process x 1k files can held lots of dentries. 1145471062 M * Bertl that probably too, but it's not possible in OpenVZ or Linux-VServer if the limits are set 1145471065 M * dev ebiederm, Bertl: I try to tell that we have a limit imposed on VPS pinned dentries, called "dcachesize". It's not opened files. But dentries+inodes 1145471082 M * dev which are pinned and can't be freed 1145471098 M * Bertl what error do you get when you hit the limit, btw? 1145471111 M * ebiederm 100 process x 1k files can hold lots of /proc entries which can hold processes in the EXIT_DEAD state. Which is much worse than the usual scenario. 1145471126 M * dev cd will return ENOMEM or so. don't remember 1145471144 M * ebiederm Actually a totally pinned dentry limit sort of works. It is hard to account for shared dentries though. 1145471172 M * dev yup. shared dentries is an overkill 1145471199 M * ebiederm A global system max on the number of pinned dcache entries is certainly sounds reasonable. 1145471215 M * dev ebiederm: /proc dentries are charged as well. 1145471254 M * ebiederm To a large extent the solution is not to use 32bit systems when you have lots of memory so you don't have a distinction about what memory the kernel can use. 1145471266 M * ebiederm dev: /proc dentries are 10x as bad as normal dentries. 1145471344 Q * Dr4g Quit: Open Source Development :: http://dynamichell.org 1145471348 M * dev ebiderm: I know this. And I read security@kernel.org to know about ptrace :) 1145471353 M * ebiederm Without my cleanups sitting in the -mm tree there are resource consumption issues. 1145471360 M * dev BTW, thanks for you work! 1145471582 M * ebiederm My core point being that if there isn't something comprehensively different like a change to the OOM killer, or a proof that you are limiting all possible resources someone may consume you are better because of more perspiration. Wheras a better technique that nips things in the bud (say a container aware OOM killer) puts you ahead algorithmically. 1145471608 M * ebiederm Being ahead algorithmically is the only kind that counts. 1145471626 M * ebiederm In the long term. 1145471636 M * micah having the OOM killer be context aware would be good 1145471698 M * dev ebiederm: I checked that /proc dentries are also accounted in dcachesize, so you are effectively limited in number of dead tasks you can hold 1145471711 M * ebiederm micah: Maybe. I'm not certain you can make an OOM killer that can tell where the problem case is. 1145471714 M * matta ebiederm: that's the way to be thinking... having to go through and add hooks for every single possible resource that could be a DoS would just drive people mad. 1145471718 M * Bertl micah: that's not too hard ... 1145471761 M * dev ebiederm: we have VPS aware OOM killer to some extent. 1145471779 M * matta dev: you have an oom guarantee 1145471803 M * micah ebiederm: I dont understand how the OOM killer makes its decisions now, but I assume it tries to choose with some educated guessing 1145471822 M * dev matta: yes. for dcachesize it is not needed as it limited. 1145471823 M * matta micah: it is tunable... 1145471893 M * Bertl micah: basically I'd advise any server admin to turn off overcommitment completely 1145471900 M * dev sure. to make OOM killer comprehensive you need to account all kinds of resources. but if you account them why not limit instead of waiting for OOM? 1145471920 M * Bertl this immediately disables the OOM killer on vanilla _and_ patched kernels 1145471967 M * ray6 dev: OK, using the patch-026test005-combined.gz patch I also have just a bunch of rejects. Are you already looking into these ore should I? :) 1145472000 M * ray6 Bertl: some java setups seem to rely on overcommitment being possibly, but I guess giving them 4G swap will also satisfy them :) 1145472009 Q * lilalinux Remote host closed the connection 1145472040 M * Bertl ray6: yes, java is somewhat broken in this regard 1145472092 M * dev Bertl: w/o overcommitment you can't fully utilize your HW, no? 1145472112 M * dev ray6: one sec please. 1145472112 M * Bertl dev: hmm? 1145472120 M * ray6 dev: why not? Swap's so cheap today... 1145472136 M * ray6 OK, untrue for x86_64 :) 1145472139 M * Bertl dev: you just won't allow to give away more memory than you have, no? 1145472141 M * dev :)))) 1145472143 M * matta ray6: disk I/O is NOT cheap 1145472159 M * Bertl matta: it won't swap any more or less this way 1145472163 M * ray6 matta: we're talking about the ability to alloc large amounts of memory WITHOUT using them 1145472179 M * ray6 matta: that can be usefull for algorithms which somehow use memory in a sparse way 1145472193 M * ebiederm ray6: Or for common operations like fork. 1145472200 M * Bertl IMHO the only difference is, that you get an -ENOMEM when you alloc it, instead of an OOM killer when nothing else is free 1145472249 J * _coocoon_ ~coocoon@p54A07829.dip.t-dialin.net 1145472261 M * _coocoon_ hello 1145472267 M * Bertl ebiederm: does the fork get the memory allocations wrong with overcommitment turned off? 1145472283 M * dev Bertl: IMHO it's not the only difference. If you mmap 1Gb file as private do you charge for 1Gb? 1145472288 M * ray6 bertl: sure, but if I just alloc it without using all pages (for example use it in a laaaaarge hash) I have no problems with OC turned on, but will fail otherwise 1145472308 M * _coocoon_ bertl: hello bertl how does it work is the machine ok 1145472319 M * ebiederm Bertl: I don't know how the accounting is done but if over commit is really disabled than a fork should cost as much as allocating everything you have twice. 1145472336 M * Bertl _coocoon_: seems fine, but I didn't get to do much yet 1145472352 M * ebiederm Bertl: Things like fork are common reasons for doing overcommit. 1145472354 M * dev ebiederm: this is what I'm trying to say Bertl. 1145472381 M * _coocoon_ bertl: oh ok no prob will have a look for dyn dns or have u something get to know 1145472386 M * Bertl ebiederm, dev: okay, might be a good point for overcommitment 1145472389 M * _coocoon_ bertl: about this 1145472396 M * dev ray6: are you here? 1145472427 M * Bertl _coocoon_: okay, great, tia! 1145472441 M * ebiederm At the same time if it is just user space memory you can satisfy it with just huge amounts of swap added to your system. 1145472464 M * ebiederm The truly ugly case is large amounts of kernel data structures. 1145472490 M * Bertl they can be overcommited too? 1145472501 M * phreak`` meh, still deleting ;( 1145472516 M * Bertl phreak``: lol 1145472530 M * dev phreak``: write a small program, bash is _very_ slow as it calls pwd too often 1145472534 M * Bertl phreak``: rmdir aaa; cd .. in a loop? 1145472537 M * phreak`` I've shouldn't have that script 20mins running :) 1145472563 M * ray6 phreak: did you run it inside a vserver? with how much GB of RAM? :) 1145472587 M * _coocoon_ is here someone who has experiences with nvidia graphiccard and linux, usuing the nvidia driver 1145472588 M * phreak`` ray6: on a plain vanilla, to see if it's also an issue there :) 1145472618 M * ray6 phreak: was it an issue inside a vserver on the same machine? 1145472634 M * h01ger micah, what do you think about a people-directory inside or parallel to the experimental-dir ? 1145472638 M * Bertl _coocoon_: you need to add some patches for newer kernels IIRC 1145472647 M * phreak`` ray6: yeah, it was :) 1145472655 M * _coocoon_ hm i have done it works but the fonts are toooooooooo small 1145472671 M * Bertl _coocoon_: that's the DPI setting of your display/X 1145472712 M * phreak`` hrm, thats great :P http://phpfi.com/113709 1145472818 M * Bertl okay, off for now, will be back in a few hours ... 1145472828 M * _coocoon_ ok thanx bye 1145472828 N * Bertl Bertl_oO 1145472841 M * phreak`` have fun Bertl_oO 1145472890 M * dev matta: ping 1145472938 M * matta dev: yes? 1145473387 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1145473509 J * lilalinux ~plasma@dslb-084-058-202-192.pools.arcor-ip.net 1145473871 J * fosco fosco@tao.mu 1145473873 M * fosco hi 1145473949 M * fosco I have a little problem just after executing vserver [name] start 1145473950 M * fosco vnamespace: vc_set_namespace(): No such process 1145473984 M * fosco from where does it can come from? :\ 1145475353 Q * lilalinux Remote host closed the connection 1145475435 M * daniel_hozac fosco: you get that from vserver ... start? 1145475681 J * yoh ~yoh@ravana.rutgers.edu 1145475717 M * yoh please help poor Debian vserver user ;-)) yesterday night I obviousely done something stupid 1145475782 M * yoh following the lines from http://linux-vserver.org/index.php?page=Proc-Security, now I get permission denied for everything 1145475794 M * yoh vserver www exec /bin/bash 1145475801 M * yoh vcontext: execvp("/bin/bash"): Permission denie 1145475823 M * yoh I believe I did chattr --barrier www/ 1145475864 M * daniel_hozac setattr --~barrier www, and that's not on that page. 1145475898 M * yoh daniel_hozac, this is the page which I reached and went to sleep ;) so barrier was on previous one ;-) 1145475982 M * yoh daniel_hozac, thanks - that helped 1145476075 M * yoh damn - it was on some totally different page... http://deb.riseup.net/vserver/preparing/#set_up_the_general_vserver_directories_including_the_barrier 1145476091 M * yoh heh heh 1145476128 J * Oli ~skycode@212.224.225.242 1145476162 M * daniel_hozac that doesn't say you should set it on the guest directories, just the one above it. 1145476171 M * Oli good evening peolpe 1145478438 M * brc Is tehre a way to monitor processor usage to see how CPU schedule is working ? 1145478476 Q * Viper0482 Quit: bin raus, 1145478601 M * daniel_hozac brc: vtop? i guess you could script something for /proc/virtual/.../sched too. 1145478672 M * brc didnt know about /proc.....sched. thanks :) 1145478702 M * brc btw, do you think that it is a good idea to force usnig vsched while all servers are active a cpu schedule for just one vserver that is consuming LOT OF CPU ? 1145478733 M * brc I made myself confuse. All vservers active. One of them using lot of cpu power makinmg everything slow. I will run vsched and schedule just this one 1145478758 M * daniel_hozac sure. 1145478762 M * brc 10% cpu power: vsched --fill-rate 10 --interval 100 --tokens 100 --tokens_min 30 --tokens_max 200 1145478763 M * brc :) 1145478765 M * brc hehe cool 1145478765 M * brc :) 1145478836 M * brc if the other servers are not using the processor, will it use just 10% ? 1145478933 M * daniel_hozac no. 1145478957 M * kevinp daniel_hozac: so I just confirmed that I am an idiot and all the quota stuff works as it should 1145479002 M * kevinp the trick was using the chxid command, stopping the vserver, deleting the cache file, then starting it 1145479110 M * daniel_hozac so following instructions does work! amazing ;) 1145479125 M * brc hehe this cpu schedule thing is cool 1145479136 M * brc The vserver was almost taking all the CPU 1145479140 M * brc now he is waiting, i can see it in vtop 1145479142 M * brc congatulations 1145479153 M * kevinp yeah, I know that I understand it the instructions make a lot more sense too :) 1145479169 M * kevinp s/I know/and now/ 1145479436 M * micah h01ger: sounds good to me 1145479475 M * yoh I am trying to setup vserver to listen on two physical interfaces -- eth0 (private lan where it has its own IP), eth1 - public where I need to do SNAT. 1145479482 M * yoh but on start I see RTNETLINK answers: File exists 1145479489 M * yoh what could be the catch? 1145479500 M * daniel_hozac do either interface already have the IP address you assigned? 1145479574 M * kevinp yoh: so how did you see the vserver waiting in vtop? 1145479609 M * yoh kevinp, sorry - I don't get it... 1145479645 M * kevinp was it a specific process that you were watching? You don't the the load average of a specific vserver as a unit, correct? 1145479646 M * yoh daniel_hozac, physical interface has its own public IP, I am providing vserver with a private ip 10.1.0.2... 1145479685 M * yoh kevinp, ah - I am the wrong addressee -- I have no problems with load ;-) it was brc ;-) 1145479697 M * kevinp oops, sorry! :) 1145479723 M * kevinp if you do `ip a`, so you see 10.1.0.2 already assigned to the host server? 1145479750 M * kevinp s/so/do/ 1145479758 M * kevinp (gotta learn to type better) 1145479800 M * yoh kevinp, indeed... although I stopped vserver... let me disassign that ip somehow... ?? 1145479863 M * kevinp I'm not sure on the official answer here, daniel_hozac? init script? utils are supposed to do it... 1145479865 M * micah if not turning off overcommit, is there a kernel scheduler that is better for vservers? I would guess that this depends on what guests are doing 1145479880 M * yoh ok - removed it... trying now 1145479907 Q * bonbons Quit: Leaving 1145479973 M * yoh cool - now interface gets assigned properly with no complains... though still can't ping outside from entered vserver... nat postrouting seems not catching it... 1145480032 J * Aiken ~james@tooax6-009.dialup.optusnet.com.au 1145480039 J * _coocoon_ ~coocoon@p54A07829.dip.t-dialin.net 1145480129 M * yoh is first OUTPUT chain engaged or POSTROUTING of nat? 1145480150 M * yoh my OUTPUT firewall is blocking anything which comes out of vserver... 1145480165 M * daniel_hozac do local packets even travel through the nat table? 1145480248 M * yoh daniel_hozac, I thought they have to go through SNAT ... 1145480262 M * daniel_hozac yeah, i guess so. 1145480269 M * yoh if address translation is necessary, which is the case of my virtual ip 10.1.0.2 1145480329 M * yoh strange thing that on firewall LOGs they look like comming from private network address OUT=eth1 SRC=10.0.0.112, although eth1 is public interface, and it doesn't have 10.0.0 address assigned but only public IP and 10.1.0.2 1145480500 M * daniel_hozac so what does your SNAT rule look like? 1145480614 M * h01ger micah, yes to an or-question is not really helpful, but anyway, i'll go for people paralell to experimental ;) 1145480614 M * yoh http://pastebin.com/670114 1145480684 M * yoh the problem is that it doesn't catch any packets comming out from the vserver since they come as from 10.0.0.113 1145480697 M * yoh and I don't see if I screwed up netmasks... 1145480700 M * yoh weirdo 1145480707 M * yoh s/113/112/ 1145480713 M * daniel_hozac i guess that's the first IP address of the guest? 1145480770 M * yoh it is of eth0 of the guest, right... 1145480787 M * yoh but I thought that it has to choose interface/ip according to the routing table? 1145480843 M * daniel_hozac no, the source IP address will by default be the first one. 1145480854 M * yoh AHA... 1145480857 M * yoh hm... 1145480865 M * yoh ok - good to know... I will just tune my nat then... 1145480894 M * micah h01ger: oooh, I missed the 'or' sorry! :) I think parallel is the way to go, so you picked the one I meant to say yes to :) 1145480917 M * yoh though it is somewhat counterintuitive and may be wrong?? 1145481059 M * micah Bertl_oO: the missing alpha util-vserver backport is being worked on, the other architectures have been resolved (except for arm which has its own problems) 1145481205 M * yoh daniel_hozac, still packats don't go through postrouting snat rule for some reason, but that is for later -- THANK YOU DANIEL for your help! I am taking off 1145481209 M * h01ger micah, :) 1145481229 M * daniel_hozac yoh: your rule doesn't catch the packets. 1145481239 M * daniel_hozac yoh: source: 10.1.0.0/24. 1145481259 M * yoh daniel_hozac, yeah... but I don't see why... I changed it to be source 10.0.0.112 1145481275 M * yoh which is what in logs.. 1145481286 M * daniel_hozac yoh: because it's your guest's first IP address. 1145481312 M * yoh and any interface and any destination.... rrright - and that is what iptables reports on output.... 1145481381 J * waldi ~waldi@bblank.thinkmo.de 1145481396 M * waldi re 1145481411 M * yoh I just keep getting ping: sendmsg: Operation not permitted, and no counts increases in nat PREROUTING POSTROUTING, only OUTPUT in nat counts increment 1145481431 M * yoh weirdo... I am running away -- thank you once again! 1145483015 N * Bertl_oO Bertl 1145483021 M * Bertl back now, evening folks! 1145483084 M * Bertl micah: excellent, tx! 1145483093 M * doener evening Bertl 1145483642 M * sladen Skram: yes 1145483687 M * _coocoon_ evening bertl 1145483731 Q * h01ger Quit: h01ger 1145483753 J * h01ger ~holger@socket.layer-acht.org 1145483791 M * _coocoon_ bertl: should i let run the server? 1145483835 M * ray6 reee Bertl :) 1145483881 M * ray6 Bertl: read that kerneltrap posting, they were mainly annoyed by the "paid interview" assumption? :) 1145483945 M * ray6 Bertl: I find it interesting to call this "insulting Jeremy", what is worse, accepting Money for such an interview or being naive enough to post this without even getting money for it? :) 1145484144 M * Bertl hehe 1145484182 M * _coocoon_ ray: can i have the link please 1145484186 M * Bertl well, Jeremy is the poor guy in the middle in any case... 1145484238 M * Bertl ray6: how's the OVZ Xen progress? 1145484372 M * Bertl ray6: ah, btw, could you test with one of your BSDs what happens with the 'exploit' there? 1145484464 M * ray6 Bertl: OVZ applies relatively easy to the xen kernel, about as much hazzle as the vserver patch. But currently I have no networking in mein XenU-openvz kernel for some reason, can't load the netfront module 1145484493 M * ray6 and I'm randomly switching to german in meine sentences. strange :) should fix that :) 1145484506 M * Bertl yep, fix that first :) 1145484628 M * ray6 Bertl: better jetzt? Oh no %-> Regarding BSD: I could try in my XenUs, haven't even tried it on my linuxes yet. And also not in my vserver domU, but that I can easily do when I boot my Notebook anyway :) 1145484710 M * Bertl would be interesting to see what happens 1145484717 P * fosco 1145484767 M * ray6 what's the current status? It crashes the host when used in a vserver? and when run on the host? 1145484792 M * ray6 s/crashes the host/brings the oom-killer to kill random processes/? 1145484814 M * Bertl ray6: status is, it DoSes a linux system when run as unpriviledged user :) 1145484829 M * Bertl ray6: no vserver or whatever required 1145484869 M * ray6 I also can try it inside my normal openVZ installation if you're interested in that 1145484925 M * Bertl well, as they pointed out that they do dcache limiting by default, I assume it will simply hit a limit 1145484939 M * ray6 ah, can't easily try it inside BSD, no compiler there. A shell is too slow? 1145484954 M * Bertl yes, shell is too slow according to dev 1145484967 M * ray6 Bertl: but what if we increase the limit? :) 1145484968 Q * _coocoon_ Ping timeout: 480 seconds 1145484970 M * Bertl but you should be able to execute a linux elf binary too, no? 1145484983 M * Bertl ray6: well, then it will have the same effect, I guess 1145485047 M * ray6 bertl: not without some compatibility environment I suppose (the elf binary). But I guess BSD has a maximum dir-depth of 256 and will terminate there 1145485091 M * Bertl that's the problem, the dir depth would have to be enforced by the filesystem somehow 1145485111 M * ray6 didn't linux have a limit there, too, in old days? :) 1145485124 M * Bertl the path length is limited IIRC 1145485148 M * Bertl but it's not that urgent to test 1145485264 J * _coocoon_ ~coocoon@p54A05524.dip.t-dialin.net 1145485363 M * Bertl wb _coocoon_! 1145485408 M * _coocoon_ hello bertl have a dyndns but i do not know exactly know, but if i give u access to my account u can read out my ip adress 1145485428 M * _coocoon_ so have u read my question if i can shutdown the server today or do u need it 1145485454 M * Bertl obviously missed that one 1145485468 M * Bertl yes please go ahead and shut it down for today 1145485476 M * Bertl thanks a lot for your time! 1145485495 M * Bertl we will continue another time, with compiling a vserver kernel 1145485524 M * _coocoon_ so first we sgould try to get the rsc to work 1145485546 M * Bertl yes, but I fear that will require accessing it from outside somehow 1145485558 M * Bertl but I will read the documentation for that 1145485674 M * _coocoon_ so i give u the account settings of my dyndns account so from there u can get the ip everytime ----> http://www.tldp.org/HOWTO/Remote-Serial-Console-HOWTO/index.html 1145485737 M * Bertl _coocoon_: I think the dyndns name should be sufficient, if I got the right 1145485744 M * Bertl s/the/that/ 1145485746 M * _coocoon_ here is one from sun http://docs.sun.com/source/816-3886-10/rsc_inst.htm 1145485762 M * Bertl okay, tx, will read it ... 1145485796 M * _coocoon_ yes i thought it too but pinging doesn't work i do not know why 1145486093 J * |coocoon| ~coocoon@p54A07C0A.dip.t-dialin.net 1145486127 M * ray6 how long does this exploit need? 1145486192 M * ray6 I will never get rid of this fs structure again %-( 1145486201 M * |coocoon| ok it works fine so we only need the rsc connection 1145486216 M * Bertl ray6: well, it really depends, sometimes it starts oom killing after a few seconds 1145486235 M * Bertl ray6: I could not make it work here either, not even under a vserver guest 1145486250 M * ray6 bertl: I just started it inside a native linux DomU (the one I have my vserver setup in) and it's running now for a minute or so 1145486275 M * Bertl well, yes, you will never get rid of the directory structure :) 1145486285 M * Bertl |coocoon|: excellent, thanks again! 1145486313 M * ray6 Bertl: is there a known best way to get rid of it? :) 1145486331 M * |coocoon| is it no problem that it is a 64 bit and not 32bit or does this make no differences 1145486353 Q * _coocoon_ Ping timeout: 480 seconds 1145486358 Q * |coocoon| Quit: 1145486376 J * _coocoon_ ~coocoon@p54A07C0A.dip.t-dialin.net 1145486392 M * Bertl _coocoon_: actually that is an advantage 1145486407 M * Bertl so we can test 64 bit and 32 bit userspace and compatibility mode 1145486410 M * _coocoon_ ok fine the 300mhz is not too slow 1145486419 M * _coocoon_ or are 1145486419 M * Bertl as it is also dual CPU we again test SMP too 1145486431 M * Bertl the 300Mhz is more than sufficient 1145486438 M * Bertl it's a fine machine for that purpose 1145486445 M * _coocoon_ oh ok thats fine 1145486451 M * doener rm -a aaa took 12 seconds to get rid of the directories, 'exploit' ran for 31 seconds 1145486503 M * Bertl doener: on vanilla or vserver or what? and what happened? 1145486519 M * _coocoon_ the joke was yesterday there was someon to count the electrical current 1145486530 M * _coocoon_ directly at the time i started to install 1145486566 M * doener this time I ran it on the host, first run was in a vserver... nothing happened but maybe i just didn't let it run long enough 1145486640 M * Bertl _coocoon_: hehe, well, yeah, I guess the ventilation system consumes a lot of power, the CPUs themselves are probably moderate 1145486650 M * doener well, slab is growing a lot... 500MB now 1145486699 M * doener 600mb now 1145486705 M * doener so about 100mb per minute 1145486709 M * brc Bertl: Yesterday when i said about scripts i was talking about the quota stuff :) 1145486715 M * _coocoon_ i only connected one psu and also it is not so loud as i thought, it is also possible to back the system up, does this also make sense 1145486718 M * brc Good night everyone 1145486724 M * Bertl brc: good night! 1145486733 M * Bertl brc: yeah, lol 1145486752 M * brc doener: i tried the cpu scheduler, i turned it ON at that vserver that was doing lot of IO's. Problem solved 1145486762 M * brc Everything is fast for everyone again 1145486765 M * Bertl brc: excellent! 1145486778 M * Bertl brc: that is 2.1.1-rc?? 1145486805 M * _coocoon_ bertl: bertl: another question about unifying, because of my less understanding of vserver using : what has more advantage and does make more sense installing all services on the host (apache, mailserver, dns, ...) and unify them with the vserver or to use for each service one vserver and unify it with the others 1145486836 M * Bertl unification with the host is a bad idea IMHO in general 1145486836 M * brc Bertl: No, vmlinuz-2.6.15.4-vs2.0.1.3 1145486853 M * ray6 cool now I developed an xen exploit while removing my directories :) 1145486855 M * Bertl brc: ah, okay 1145486876 M * Bertl _coocoon_: IMHO the host should only carry minimal services 1145486886 M * Bertl _coocoon_: e.g. monitoring and sshd 1145486905 M * Bertl then you can make a 'base' guest where you start from 1145486919 M * _coocoon_ so install all services on one vserver and then unify it with all others 1145486921 M * Bertl and copy that for you 'specialized' guests (mail, apache, etc) 1145486925 M * _coocoon_ or how to do this 1145486936 M * Bertl then you just unify/vhashify all guests 1145486951 M * Bertl the tools should take care of figuring common files 1145486977 M * Bertl daniel_hozac: btw, what was the result of the unification issue micah had? is that solved? 1145487016 M * _coocoon_ but what happens if i use different os versions, there are different service versions 1145487030 M * daniel_hozac Bertl: hmm, i can't remember. 1145487038 M * micah Bertl: no, I wasn't able to play much further with it 1145487055 M * Bertl yes, if the binaries differ, nothing will get unified, but chances are small if you use the same base distro/guest 1145487065 M * Bertl (that was for _coocoon_) 1145487101 M * Bertl micah: okay, just wanted to know ... 1145487143 M * _coocoon_ bertl: but what hapens if there is a guest with minimal installation, so that i can decide what i want to install, so then i will have performance problems right 1145487154 M * micah I had two different guests, one of debian woody and one of debian sarge, and the hashing created a large number of links in the .hash directory, but they all only had 2 links 1145487208 M * Bertl _coocoon_: no, not at all 1145487233 M * daniel_hozac micah: well, that's not very unexpected. 1145487250 M * Bertl the unification will not hurt performance in any way 1145487260 M * _coocoon_ but what happens if i have for example slackware guests (in different versions) a debian guest and so on 1145487270 M * _coocoon_ +s 1145487275 M * daniel_hozac micah: i guess pretty much all files differ between those. 1145487279 M * _coocoon_ a lot of different guest systems 1145487292 M * Bertl you can only gain from unification, if there are common files, it will reduce the resource consumption 1145487312 M * Bertl if there are no common files, you will not gain anything, but not lose anything either 1145487365 M * daniel_hozac well, you'll lose a bit of inodes. 1145487383 M * Bertl well, yes 1145487432 M * micah daniel_hozac: true, but does the hashificiation process create a hash hardlink for every file in the guest? 1145487449 M * micah daniel_hozac: regardless if there is a duplicate of that file elsewhere 1145487449 M * daniel_hozac micah: yes. 1145487454 M * Bertl you will lose roughly 2 inodes I guess 1145487460 M * daniel_hozac micah: as you only hashify one vserver at a time. 1145487471 M * micah ok, so that accounts for that, but I wonder why those were taking up space 1145487471 M * ray6 now I have fsck running on the evil structure. fun fun fun :) 1145487472 M * Bertl for the hash directories 1145487483 M * _coocoon_ but how to know when to unificate or is it possible to set the system up that files which are the same will be unificate 1145487500 M * Bertl _coocoon_: that's exactly what the tools do for you 1145487504 M * micah _coocoon_: you just need to run it every once and a while, depending on how often you expect your guests to change 1145487537 M * Bertl daniel_hozac: note: the inodes involved are just the directory inodes for the hash dirs 1145487542 M * daniel_hozac Bertl: right. 1145487580 M * micah perhaps my df was misrepresenting the used space 1145487585 M * _coocoon_ but u told me i do not know exactly when that it is better to install a base guest and unificate it with the new createtd on, but if i have a lot of different os versions so i must install a lot of guest for unification 1145487590 M * Bertl otherwise my kernel trees would have killed my filesystem long ago :) 1145487620 M * Bertl _coocoon_: look at it from a different angle: 1145487640 M * Bertl _coocoon_: you install 10 guest to your liking (without even thinking about unification) okay? 1145487652 M * _coocoon_ ok 1145487668 M * Bertl _coocoon_: once you are done, you start a tool (vhashify) and if will detect common files and unify them 1145487684 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145487685 M * _coocoon_ oh aha it detects them 1145487689 M * Bertl in the best case, you win back 90% of the diskspace and gain performance 1145487702 M * micah _coocoon_: then maybe once a month you can vhashify again to catch anything new 1145487708 M * Bertl in the worst case you lose 2 inodes and a lot of dir entries :)O 1145487720 M * Bertl _coocoon_: sounds like a good deal? 1145487729 M * _coocoon_ yes right 1145487776 M * _coocoon_ lose dir entries why 1145487779 M * micah ok, I'm going to try this again... I do a df before anything, and I see that there is 31446768 blocks used 1145487798 M * micah then I do a vserver hashify 1145487817 M * Bertl _coocoon_: because vhashify makes a hard link for every 'hashed' file 1145487828 M * _coocoon_ ok 1145487843 M * Bertl _coocoon_: but you should not worry about that, this is not even worth mentioning (from the space PoV) 1145487872 M * _coocoon_ so another question to that if i make copy vserver.... is it possible that there starts the vhashifying/ unifying does this make sense 1145487882 M * micah now that vhashify finished with the first vserver, df shows that 31446776 is used 1145487923 M * micah so I lost 8 blocks, nothing big 1145487938 M * _coocoon_ ok thats good ;-) 1145487940 M * micah so i vhashify a second vserver 1145487957 M * micah now I have 31446796 1145487975 M * micah lost 20 blocks... odd this is not right 1145488005 M * micah the vhashify is going very fast this time, when before it took some time 1145488010 M * Bertl that's okay 1145488031 M * micah third guest, now I have 31446880 used 1145488032 M * Bertl as I said, you will lose some disk space 1145488040 M * micah 104 blocks, nothing big 1145488041 M * Bertl for the directory entries 1145488065 M * micah I wonder why it was so much the time I did it before 1145488105 M * Bertl something must have gone terribly wrong back then 1145488114 M * Bertl that's why I asked if this was resolved 1145488139 M * micah I'm going to remove my .hash and try it again 1145488145 M * micah as I've rebooted since then 1145488178 M * micah not that should matter at all... 1145488248 M * _coocoon_ ok thanx for all answers, and good night 1145488291 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1145488383 M * daniel_hozac Bertl: hmm, doesn't arch/um/sys-x86_64/syscalls.c need #include ? (2.1.1-rc17) 1145488411 M * Bertl could be, did you get a warning or so? 1145488420 M * daniel_hozac no, my script found it. 1145488450 M * Bertl cool, I love your script 1145488486 M * Bertl btw, last time I wanted to ask for another cool script, but I forgot what it was 1145488581 M * daniel_hozac ah? 1145488622 M * Bertl must have been related to some systematical search 1145488635 M * Bertl maybe I remember, then I will ask you :) 1145488640 M * daniel_hozac hehe, ok. 1145488682 P * kevinp Leaving 1145488711 M * daniel_hozac any reason nioctl-feat01 isn't in 2.0.2-rc17? 1145488757 M * Bertl probably because I forgot 1145488806 M * daniel_hozac did the udpaddr need an additional fix for stable? because the delta applied cleanly. 1145488847 M * Bertl give me a minute to check a few things there, including the syscall 1145489119 M * Bertl ah, no the nioctly was not added to stable because I wanted to get some feedback 1145489152 M * Bertl but I think it will get into stable shortly 1145489192 M * daniel_hozac ok, how about udpaddr? 1145489201 M * Bertl that will get in 1145489213 M * Bertl it's a clean fix 1145489220 M * daniel_hozac yeah. 1145489240 M * Bertl same for the ndpath fix, but that should be already in 1145489261 M * Bertl (this actually required different patches for stable and devel) 1145489264 M * daniel_hozac yeah, that's in 2.0.2-rc17. 1145489289 M * daniel_hozac as is the devinet-clean01. 1145489293 M * Bertl yep 1145489297 M * Bertl dead code removal 1145489309 M * daniel_hozac yeah. 1145489534 M * Bertl it seems I'm too tired to get anything useful done atm, and my cleanup script is still crunching on the harddisk ... so I think I will go to bed now ... 1145489560 M * Bertl thanks for everything ... have a good whatever everyone and cya tomorrow! 1145489560 Q * eyck Ping timeout: 480 seconds 1145489570 M * daniel_hozac good night! 1145489575 N * Bertl Bertl_zZ 1145489800 J * eyck eyck@ghost.anime.pl 1145489814 M * micah ok, I removed the .hash dir and did the first hashify, and I went from 31280508 to 31752024, a loss of 471516 blocks, a lot more 1145489867 M * daniel_hozac and i guess your guest is about that big? 1145490212 Q * FireEgl Ping timeout: 480 seconds 1145490261 M * micah hard to check right now, I'm hashifying a second 1145490718 M * micah takes...a....long...time 1145490772 M * daniel_hozac hehe. 1145490777 M * derjohn hashifying -> http://flor.nl/text/softdrugs.html :) 1145490817 M * micah finally finished 1145490828 M * micah went from 31752024 to 32820492 used 1145490841 M * micah loss of 1068468 blocks 1145490893 M * daniel_hozac so what does du -s /vservers/{1,2} say? 1145490908 M * micah the first one is: 2867368 1145490945 M * micah the second one is: 1407380 1145490967 M * micah so your guess about my guest being that big is wrong :) 1145491075 M * daniel_hozac indeed. 1145491098 M * micah something is not working right here 1145491117 J * FireEgl Atlantica@Atlantica.Tcldrop.Org