1145923253 Q * ntrs Ping timeout: 480 seconds 1145923376 Q * Blissex Remote host closed the connection 1145923426 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145923915 Q * ntrs Ping timeout: 480 seconds 1145924171 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145927741 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1145928826 M * Skram i feel so stupid 1145928835 M * Skram vcontext --migrate --xid 1 vhtop 1145928837 M * Skram oops 1145928839 M * Skram nevermind 1145928852 M * Skram thanks! 1145928853 M * Skram :) 1145928891 M * Bertl hmm? 1145928897 M * Bertl lol 1145928908 M * Skram does that make sense 1145928908 M * Skram ? 1145928926 M * Skram vcontext --migrate --xid 1 htop 1145928930 M * Bertl if you read between the lines, yes :) 1145928930 M * Skram is like vtop, right? 1145928963 M * Skram what do you mean? 1145928976 M * Bertl vtop is basically top in xid=1 1145929008 M * micah derjohn: sorry, never answered, ps does *not* show them as one group 1145929197 J * matta ~matta@71.224.125.126 1145929402 M * Bertl wb matta! 1145930818 J * Nonamed ~evil@83.228.92.177 1145930828 M * Bertl welcome Nonamed! 1145930841 N * Nonamed DONJAGUAR 1145931279 Q * DONJAGUAR Quit: nz koga 6te imam pak net:Pne me zabrafqite maniciiiii!!!!!!!!!!:P~ 1145931675 M * mugwump my, vnamespace -c doesn't have many safeguards on it, does it 1145931707 M * mugwump just took a box down with it :( 1145931729 M * mugwump here was I thinking I was safely in a child shell of a vnamespace -n 1145931748 M * Bertl huh? 1145931765 M * Bertl what kind of 'safeguards' do you expect? 1145931811 M * mugwump well, it shouldn't run when xid = 0 1145931878 M * Bertl hmm, would be tricky 1145931901 M * Bertl as it usually _is_ run within xid=0, IIRC 1145931912 M * mugwump --cleanup|-c ... remove all mounts from the namespace of the 1145931912 M * mugwump current context 1145931927 M * Bertl yeah, just read that too, not sure it applies 1145931956 M * Bertl probably just allowed when in setup 1145931992 M * Bertl but I have to check it, as it isn't used yet AFAIK 1145932081 M * mugwump I'm getting close to a prototype vserver-build.fai :) 1145935473 M * Bertl okay, off to bed now ... have a nice whatever everyone! cya tomorrow! 1145935486 N * Bertl Bertl_zZ 1145937701 J * Brunette_Girl ~nYtJsIuN@85.102.104.172 1145937783 Q * Brunette_Girl Quit: 1145938419 J * click_ click@ti511110a080-3573.bb.online.no 1145938512 Q * click Ping timeout: 480 seconds 1145938929 Q * matta Ping timeout: 480 seconds 1145946844 J * doener ~doener@i5387C7F7.versanet.de 1145947401 Q * shedi Quit: Leaving 1145948564 Q * FireEgl Ping timeout: 480 seconds 1145949425 J * kilgur user@p50811D13.dip0.t-ipconnect.de 1145949916 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1145950734 N * otak42_away otaku42 1145951816 A * h01ger moins 1145952735 J * FireEgl Atlantica@Atlantica.US 1145953948 Q * ||Cobra|| jupiter.oftc.net kinetic.oftc.net 1145953948 Q * kilgur jupiter.oftc.net kinetic.oftc.net 1145953948 Q * ntrs jupiter.oftc.net kinetic.oftc.net 1145953948 Q * daniel_hozac jupiter.oftc.net kinetic.oftc.net 1145953948 Q * ddlp jupiter.oftc.net kinetic.oftc.net 1145953948 Q * harry jupiter.oftc.net kinetic.oftc.net 1145953948 Q * virtuoso jupiter.oftc.net kinetic.oftc.net 1145953948 Q * h01ger jupiter.oftc.net kinetic.oftc.net 1145953948 Q * locksy jupiter.oftc.net kinetic.oftc.net 1145953948 Q * sannes jupiter.oftc.net kinetic.oftc.net 1145953948 Q * phreak`` jupiter.oftc.net kinetic.oftc.net 1145953948 Q * brc jupiter.oftc.net kinetic.oftc.net 1145953949 Q * cohan jupiter.oftc.net kinetic.oftc.net 1145953949 Q * wibble jupiter.oftc.net kinetic.oftc.net 1145953949 Q * nox jupiter.oftc.net kinetic.oftc.net 1145953949 Q * [PUPPETS]Gonzo jupiter.oftc.net kinetic.oftc.net 1145953949 Q * gdm jupiter.oftc.net kinetic.oftc.net 1145953949 Q * SiD3WiNDR jupiter.oftc.net kinetic.oftc.net 1145953949 Q * kilian jupiter.oftc.net kinetic.oftc.net 1145953949 Q * rmoriz jupiter.oftc.net kinetic.oftc.net 1145953949 Q * Adrinael jupiter.oftc.net kinetic.oftc.net 1145953949 Q * bogus jupiter.oftc.net kinetic.oftc.net 1145954012 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1145954012 J * kilgur user@p50811D13.dip0.t-ipconnect.de 1145954012 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145954012 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1145954012 J * ddlp ~ddlp@sarayi.kariva.org 1145954012 J * harry ~harry@d54C2508C.access.telenet.be 1145954012 J * virtuoso ~s0t0na@80.253.205.251 1145954012 J * bogus ~bogusano@fengor.net 1145954012 J * h01ger ~holger@socket.layer-acht.org 1145954012 J * locksy ~locksy@mrtg.sisgroup.com.au 1145954012 J * sannes ~ace@simula-084.simula.no 1145954012 J * phreak`` ~phreak``@134.68.220.30 1145954012 J * brc bruce@20132181051.user.veloxzone.com.br 1145954012 J * cohan ~cohan@koniczek.de 1145954012 J * kilian kk@projects.verfaction.de 1145954012 J * rmoriz ~roland@195.68.242.245 1145954012 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1145954012 J * gdm ~gdm@64.62.195.81 1145954012 J * [PUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1145954012 J * nox ~nox@nox.user.oftc.net 1145954012 J * wibble wibble@vortex.ukshells.co.uk 1145954012 J * Adrinael adrinael@hoasb-ff09dd00-79.dhcp.inet.fi 1145956572 J * _coocoon_ ~coocoon@p54A06D96.dip.t-dialin.net 1145956583 M * _coocoon_ hello 1145956602 M * kilgur hi _coocoon_ 1145956664 J * ksf ~krazy_sys@202.80.169.52 1145956696 J * lilalinux ~plasma@h1-gw.of.net-lab.net 1145956766 J * the_hydra ~a_mulyadi@202.59.168.5 1145956810 M * the_hydra .. 1145957245 J * Wenix ~wenix@81.7.189.11 1145957599 Q * _coocoon_ Ping timeout: 480 seconds 1145958172 J * _coocoon_ ~coocoon@p54A05B62.dip.t-dialin.net 1145958315 Q * the_hydra Read error: Connection reset by peer 1145958520 Q * lilalinux Ping timeout: 480 seconds 1145958550 J * lilalinux ~plasma@dslb-084-058-192-006.pools.arcor-ip.net 1145958764 Q * doener Quit: leaving 1145959088 J * lilalinux_ ~plasma@dslb-084-058-192-006.pools.arcor-ip.net 1145959088 Q * lilalinux Read error: Connection reset by peer 1145962693 Q * softi42 Ping timeout: 480 seconds 1145963321 J * softi42 ~softi@p549D5C7D.dip.t-dialin.net 1145963707 J * tory Bis@ip220-15.demvar.lv 1145965312 N * tory Tory 1145965318 P * Tory Óõîæó ñ êàíàëà 1145966182 J * Milf ~Miranda@ipsio212.ipsi.fraunhofer.de 1145966198 M * Milf Hello 1145966221 Q * _coocoon_ Ping timeout: 480 seconds 1145966235 M * Milf Are there any know pitfalls with X11 tunneling between a vserver and a windows machine running an X server? 1145966254 M * Milf I've got Putty telling me "PuTTY X11 proxy: wrong authentication protocol attempted" 1145966284 M * derjohn Milf, EHLO ! 1145966310 M * derjohn wrong authentication protocol attempted -> what does the "ssh -v" tell you? 1145966318 M * derjohn or set the sshd to verbose logging 1145966325 M * derjohn it's usually quite readable 1145966368 M * Milf DerJohn: 250-mike.schneider@ipsi.fraunhofer.de 1145966368 M * Milf 250-PIPELINING 1145966368 M * Milf 250-SIZE 100000000 1145966368 M * Milf 250-VRFY 1145966368 M * Milf 250-ETRN 1145966368 M * Milf 250-STARTTLS 1145966371 M * Milf 250-XVERP 1145966371 M * Milf 250 8BITMIME 1145966373 M * Milf :)) 1145966387 M * Milf Aehm, good idea setting Putty to log something. Why didn';t I think of that? 1145966406 M * derjohn Milf, because the people here usually respon so fast ;) 1145966443 M * Milf That's why I always enjoy coming here :) 1145966585 M * Milf Hmmm, having putty log stuff doesn't seem to help. 1145966620 M * Milf I've already treid xhost + on the local machine and directed DISPLAY there directly. That worked. 1145966692 M * Milf So I guess the problem is on the remote Vserver. In that the proxy that tunnels X11 to my local machine won't accept the connection. 1145966847 J * _coocoon_ ~coocoon@p54A07C8B.dip.t-dialin.net 1145967091 M * Milf Hmmm could it be a problem that localhost doesn't exist inside the vserver? 1145967455 Q * _coocoon_ Ping timeout: 480 seconds 1145967468 M * derjohn xhost is evil 1145967476 M * derjohn long live xauth 1145967513 M * derjohn besides that debian's xserver doe snot listen to tcp sockets at all ... remove the nolisten option in /etc/kde.... or /etc/X11/ ... 1145967519 M * Milf Well my point exactly. I just tried xhost to rule out that the problem lies with my Xwin X server 1145967524 M * derjohn and set sshd's X11 forward to "on" 1145967539 M * derjohn win is evil too ! ;) 1145967565 M * Milf Hmmm, as you say. I like the fact that I don't have to worry about installing my machine as my colleague does windows installs :) 1145967589 M * derjohn your colleague seems to be evil, too ;) 1145967622 M * Milf Whatever *turns on bashing-filter* 1145967643 M * Milf What was that you said about xservers being configured not to listen? 1145967648 M * derjohn does you ssh tunnel work for sure? 1145967669 M * derjohn Milf, is your xserver a win? 1145967692 M * Milf On the local machine I have Windows XP running cyginwins Xwin X-Server 1145967711 M * Milf the remote machine is an old SuSE 8.2 Vserver host with a Suse 10.0 Vserver guest 1145967733 M * Milf s/cyginwin/cygwin/ 1145967776 M * derjohn hm, dunno, but make sure it listens to port 600x on localhost. ssh will do the X11 forward if you make an ssh -x or -y (for putty: I dunno) 1145967782 J * pollux foobar@image4.cpe.fr 1145967796 A * derjohn is away for ~1h. customer ;( 1145967834 M * Milf Hmmm, I tried a non-vserver host a the forward works nicely. 1145967949 M * derjohn hm, do you make the /dev/ nodes in the guest? what do we need for a X? Do you run xvfb or real GraKa? 1145967959 M * derjohn but: /me MUST leace now ... sry 1145968030 Q * mire Ping timeout: 480 seconds 1145968097 J * _coocoon_ ~coocoon@p54A0553E.dip.t-dialin.net 1145968207 M * Milf np. Go make your customer happy :) 1145968221 M * Milf Hmmm, /dev nodes, lessee 1145968350 J * miller7 ~none@gige-2.office-nl.irismedia.gr 1145968438 M * miller7 can someone please tell me how to add multiple IPs on the /etc/vservers/interfaces/ path? 1145968441 M * miller7 I have one, I need another one 1145968453 M * miller7 I tried to wiki it up but I didn't find anything useful 1145968528 M * daniel_hozac add another directory. 1145968534 M * miller7 that simple? :) 1145968541 M * daniel_hozac yes. 1145968546 M * Milf Ahem, you mean /etc/vservers//interfaces? 1145968557 M * miller7 yes 1145968563 M * pollux is there a way to force a vserver to use an existing (vlan) device for _all_ connections ? 1145968576 M * miller7 Milf: yes 1145968586 J * mire ~mire@10-166-222-85.COOL.ADSL.VLine.verat.net 1145968590 M * daniel_hozac networking is not device based, it's IP based. 1145968596 A * Milf is too slow in typing. Daniel answered your question. 1145968639 M * Milf How about assigning the Vserver an IP on the vlan interface and direct it's routing there? 1145968644 M * daniel_hozac but if your routes dictate that the vlan device will be used for that address, it will be. 1145968697 M * pollux Milf: that's what I have done. it works, except that it still uses the routing table from the (physical) server, and that's not wht I want 1145968742 M * pollux yes, I was searching a way not to use the routes ... looks like it's not possible 1145968760 M * pollux or to use a different route for the vserver 1145968779 M * daniel_hozac http://archives.linux-vserver.org/200311/0470.html 1145968874 M * pollux can't connect (timeout) 1145968932 M * miller7 Thank you guys 1145969013 M * daniel_hozac http://66.249.93.104/search?q=cache:VjBFu0faMTQJ:www.paul.sladen.org/vserver/archives/200311/0470.html+&hl=en&ct=clnk&cd=1 1145969032 P * miller7 1145969172 M * pollux daniel_hozac: ok, thanks, but I fail to see where it can help 1145969202 M * daniel_hozac source based routing? per vserver routing tables? 1145969301 M * pollux ah, i see 1145969449 J * matta ~matta@71.224.125.126 1145969469 M * pollux daniel_hozac: thanks, it seems ip based routing solves my problem 1145969560 Q * mountie Ping timeout: 480 seconds 1145969684 M * Milf So, does anyone else have an idea what else I could try to get my vserver to export an Xterm? 1145969779 M * daniel_hozac does /etc/hosts inside the guest have the guest's IP address as localhost? 1145969843 M * Milf Hmmm, might try that one. I already tried exporting the display to the hostname rather than localhost 1145969898 M * Milf Changed /etc/hosts, no change: 1145969898 M * Milf > xterm 1145969898 M * Milf Xlib: connection to "localhost:10.0" refused by server 1145969898 M * Milf Xlib: PuTTY X11 proxy: wrong authentication protocol attempted 1145969898 M * Milf xterm Xt error: Can't open display: localhost:10.0 1145969951 M * Milf might be that some needed devices are broken? How would I find out about this? 1145970135 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1145970173 M * daniel_hozac do you have xauth installed on the guest? 1145970191 M * Milf as xauth list works, I think so, yes 1145970257 Q * mountie Remote host closed the connection 1145970289 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1145970307 Q * ksf Quit: 1145971108 Q * Loki|muh Ping timeout: 480 seconds 1145971449 J * Loki|muh loki@satanix.de 1145971800 M * Milf Hmmm, now that's interesting. 1145971834 M * Milf when I get rid of '/unix' in the xauth entry I can successfully export an xterm. 1145972203 M * Milf Hmmm, ok, now I can play frozen bubble, but the display speed sux royale :) 1145972850 Q * Loki|muh Ping timeout: 480 seconds 1145973061 J * ZeNiTHaR ~zenithar@host.34.62.23.62.rev.coltfrance.com 1145973235 Q * matta Ping timeout: 480 seconds 1145973272 M * Milf Ok, another solution is to set X11UseLocalHost to no in /etc/sshd_config 1145973397 Q * mountie Remote host closed the connection 1145973430 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1145974516 J * matta ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1145974530 Q * ZeNiTHaR Quit: ( www.nnscript.de :: NoNameScript 4.02 :: www.XLhost.de ) 1145974632 Q * harry Ping timeout: 480 seconds 1145975354 Q * mountie Remote host closed the connection 1145975535 Q * ||Cobra|| Remote host closed the connection 1145975628 Q * ag- Ping timeout: 480 seconds 1145975659 J * harry ~harry@d54C2508C.access.telenet.be 1145975673 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1145975725 J * ag- ag@caladan.roxor.cx 1145976501 M * Milf I see disconnected people... 1145976522 M * kilgur ... they are everywhere 1145976665 M * Milf some of them don't even know they've been disconnected 1145976670 Q * mountie Remote host closed the connection 1145977403 J * ptl_xid ~iuuuju@151-138-235-201.fibertel.com.ar 1145977410 M * ptl_xid Hello 1145977428 M * Milf Hello ptl_xid 1145977465 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1145977488 M * ptl_xid Hi, I recently installed a 2.6.16.11, applied stable vserver patches (2.0.2-rc16), compiled, rebooted, but the testme.sh didn't succeed :( 1145977496 M * ptl_xid Look: 1145977497 M * ptl_xid Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl 1145977498 M * ptl_xid chcontext is working. 1145977498 M * ptl_xid chbind: kernel does not provide network virtualization 1145977498 M * ptl_xid chbind failed! 1145977498 M * ptl_xid Linux 2.6.16.11 #3 SMP Tue Apr 25 11:50:25 ART 2006 i686 1145977499 M * ptl_xid Ea 0.30.210 273/glibc (DSa) 1145977499 M * ptl_xid VCI: 0002:0001 273 03008036 (TbLgnP) 1145977520 M * ptl_xid do you know what I'm doing wrong ? 1145977532 Q * FireEgl Ping timeout: 480 seconds 1145977542 M * Milf Hmmm, maybe the Vserver options are configured off in the build-config? 1145977554 M * ptl_xid lest see 1145977595 J * Viper0482 ~Viper0482@p54975690.dip.t-dialin.net 1145977599 M * ptl_xid [*] Enable Legacy Kernel API ¦ ¦ 1145977599 M * ptl_xid ¦ ¦ [*] Show a Legacy Version ID ¦ ¦ 1145977599 M * ptl_xid ¦ ¦ [ ] Disable Legacy Networking Kernel API ¦ ¦ 1145977599 M * ptl_xid ¦ ¦ [*] Enable Proc Security ¦ ¦ 1145977599 M * ptl_xid ¦ ¦ [*] Enable Hard CPU Limits ¦ ¦ 1145977601 M * ptl_xid ¦ ¦ [ ] Limit the IDLE task ¦ ¦ 1145977601 M * ptl_xid ¦ ¦ Persistent Inode Context Tagging (UID24/GID24) ---> ¦ ¦ 1145977603 M * ptl_xid ¦ ¦ [ ] Tag NFSD User Auth and Files ¦ ¦ 1145977603 M * ptl_xid ¦ ¦ [ ] VServer Debugging Code 1145977612 M * ptl_xid is that correct ? 1145977683 M * ptl_xid do I have to disable "legacy kernel api", or "legacy networking kernel api"? 1145977727 M * derjohn is the portmap problem still present in a guest? 1145977742 M * derjohn I want to export and mount nfs shares 1145977766 Q * wibble Remote host closed the connection 1145977773 M * knotty ptl_xid: yes disable legacy kernel api 1145977790 M * knotty ptl_xid: and enable Disable Legacy Networking Kernel API 1145977807 M * derjohn ptl_xid, you are using util v 209 and did not compile "dynamic contexts" in your kernel 1145977816 M * ptl_xid ohh, thank you knotty, I'll try it. 1145977833 M * derjohn knotty, sure? _enable_ it 1145977837 M * derjohn ot use .210 utils 1145977840 M * derjohn *or 1145977848 M * ptl_xid No derjohn, util-vserver is 210 1145977865 M * knotty derjohn: I mean put a * in Disable Legacy Networking Kernel API 1145977874 M * ptl_xid I'm using the lasts stable version. 1145977898 M * ptl_xid knotty, thank you, I'm compiling now with that [*] 1145977904 M * derjohn ptl_xid, then you dont need dynamic contexts 1145977929 M * knotty it's like that nebuchadnezzar build our kernel, I don't really know more :/ 1145977942 M * ptl_xid no, I don't need them, I'm planning to use LVM for quota/vserver 1145977949 M * derjohn knotty, then it probably a good kernel! 1145977983 M * knotty derjohn: I think like you, I beleave en nebuchadnezzar :) 1145977992 M * ptl_xid I'm rebooting, we'll see soon... 1145978002 M * knotty believe 1145978086 M * ptl_xid oops... 1145978087 M * ptl_xid Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl 1145978087 M * ptl_xid chcontext is working. 1145978087 M * ptl_xid chbind failed! 1145978087 M * ptl_xid ipv4root is now 127.0.0.1 1145978087 M * ptl_xid Linux 2.6.16.11 #4 SMP Tue Apr 25 12:13:10 ART 2006 i686 1145978088 M * ptl_xid Ea 0.30.210 273/glibc (DSa) 1145978088 M * ptl_xid VCI: 0002:0001 273 03000030 (TbP) 1145978127 M * derjohn ptl_xid, try to execute 'chbind' on the host by itself 1145978151 M * ptl_xid with what arguments ? 1145978175 M * derjohn chbind --help := 1145978176 M * derjohn :) 1145978182 M * ptl_xid rs00:~# chbind --help 1145978183 M * ptl_xid Usage: 1145978183 M * ptl_xid chbind [--silent] [--nid ] [--ip [/]] [--bcast ] [--] * 1145978217 M * ptl_xid any ideas ? 1145978219 M * derjohn chbind --nid --ip / /bin/bash 1145978242 M * ptl_xid rs00:~# chbind --nid 1 --ip 192.168.0.55/255.255.255.0 /bin/bash 1145978242 M * ptl_xid chbind: vc_net_create(): Invalid argument 1145978243 M * derjohn then you should get a bash with only that IP when doinf a "ip addr! 1145978254 M * derjohn 1 !!!!!!!!!!!!! 1145978256 M * derjohn evil ! 1145978264 M * derjohn 0 and 1 are special IDs 1145978270 M * derjohn use >= 2 1145978271 M * ptl_xid ok, another... 1145978273 M * ptl_xid =P 1145978286 M * ptl_xid rs00:~# chbind --nid 2 --ip 192.168.0.55/255.255.255.0 /bin/bash 1145978286 M * ptl_xid ipv4root is now 192.168.0.55 1145978303 M * ptl_xid succeed, didn't ? 1145978306 M * derjohn is you guest context 1 ? 1145978316 M * derjohn change /etc/vserver//context 1145978322 M * derjohn to >=2 1145978340 M * ptl_xid I have no guests yet 1145978452 M * derjohn chbind failed <-- where does this come from? 1145978478 M * ptl_xid here: 1145978478 M * ptl_xid rs00:~# ./testme.sh 1145978479 M * ptl_xid Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl 1145978479 M * ptl_xid chcontext is working. 1145978479 M * ptl_xid chbind failed! 1145978565 M * derjohn hm, I would day testme.sh is too old or buggy ... testme -v ? 1145978619 M * ptl_xid rs00:~# ./testme.sh -v 1145978620 M * ptl_xid Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl 1145978620 M * ptl_xid chcontext is working. 1145978620 M * ptl_xid chbind failed! 1145978620 M * ptl_xid ipv4root is now 127.0.0.1 1145978620 M * ptl_xid chcontext 0.30.210 -- allocates/enters a security context 1145978620 M * ptl_xid This program is part of util-vserver 0.30.210 1145978622 M * ptl_xid Copyright (C) 2004 Enrico Scholz 1145978622 M * ptl_xid This program is free software; you may redistribute it under the terms of 1145978624 M * ptl_xid the GNU General Public License. This program has absolutely no warranty. 1145978624 M * ptl_xid Linux 2.6.16.11 #4 SMP Tue Apr 25 12:13:10 ART 2006 i686 1145978626 M * ptl_xid Ea 0.30.210 273/glibc (DSa) 1145978626 M * ptl_xid VCI: 0002:0001 273 03000030 (TbP) 1145978628 M * ptl_xid (root@rs00) 1145978628 M * ptl_xid (gcc version 4.0.3 (Debian 4.0.3-1)) 1145978630 M * ptl_xid #4 SMP Tue Apr 25 12:13:10 ART 2006 1145978635 M * derjohn ptl_xid, dont flood us ! 1145978640 M * ptl_xid sorry ! 1145978641 M * ptl_xid =P 1145978702 M * ptl_xid where can I get the last version of testme.sh ? 1145978714 M * daniel_hozac http://vserver.13thfloor.at/Stuff/SCRIPT/ 1145978720 M * ptl_xid thx 1145978776 M * ptl_xid mmm, the last one is 0.15, the same I have... 1145978776 M * derjohn daniel_hozac, NFS in a guest? Do I need that kernel option? 1145978795 M * derjohn ptl_xid, maybe it needs dynamic contexts ... I dunno 1145978799 J * ZLinux_ ~ZLinux@212.118.98.196 1145978905 Q * ZLinux[] Ping timeout: 480 seconds 1145978911 M * daniel_hozac derjohn: client or server? 1145978929 M * derjohn ptl_xid, testme.sh -v gives you out human readable infos .... (hast 15 lines) 1145978973 M * derjohn daniel_hozac, I'd love to do both ... one backend-guest as server, to frontends-guests as client (serving apache with pics) 1145978995 M * derjohn daniel_hozac, portmap seems to run ... 1145979020 M * daniel_hozac userspace server, i guess? 1145979052 M * daniel_hozac portmap might need a patch to identify the packets as local and allow the registrations. 1145979063 M * derjohn daniel_hozac, woulnd't ne a problem to use either ... 1145979094 M * derjohn daniel_hozac, ao the portmap faq makes a wrong assumption? 1145979100 M * derjohn (on the wiki) 1145979137 M * daniel_hozac mounting the NFS from fstab.remote in the configuration should work fine, IIRC. 1145979151 M * daniel_hozac hmm? 1145979165 M * derjohn so it's the easiest may to put the server on the host in my vase 1145979167 M * derjohn *casse 1145979174 M * daniel_hozac i've never really tested the NFS in guests. 1145979181 M * derjohn http://linux-vserver.org/NFS+and+portmap 1145979187 M * daniel_hozac i chickened out and used samba instead. 1145979195 M * derjohn there is written als is ok if you name the interface 1145979210 M * daniel_hozac name works fine too. 1145979218 M * daniel_hozac (as would recent patches) 1145979223 M * derjohn kiiikerikiih ! 1145979250 M * derjohn daniel_hozac, so recent VS should not show any problems with that? 1145979252 M * daniel_hozac http://daniel.hozac.com/stuff/portmap-4.0-getifaddrs.patch fixes the problem though. 1145979265 M * derjohn (even without name^W Label set ?= 1145979284 M * daniel_hozac recent in this case means 2.1.1-rc17 or delta-nioctl-feat01.diff 1145979328 M * derjohn well, setting a name shouldnt be problem anyway ... why dont we have an option "autosetifacename" and set the name to the context id ? 1145979498 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1145979555 M * daniel_hozac well, we don't need that anymore :) 1145979582 M * derjohn daniel_hozac, even for ifconfig ? 1145979584 Q * Wenix jupiter.oftc.net kinetic.oftc.net 1145979584 Q * nox jupiter.oftc.net kinetic.oftc.net 1145979584 Q * [PUPPETS]Gonzo jupiter.oftc.net kinetic.oftc.net 1145979584 Q * gdm jupiter.oftc.net kinetic.oftc.net 1145979584 Q * SiD3WiNDR jupiter.oftc.net kinetic.oftc.net 1145979584 Q * rmoriz jupiter.oftc.net kinetic.oftc.net 1145979584 Q * cohan jupiter.oftc.net kinetic.oftc.net 1145979584 Q * brc jupiter.oftc.net kinetic.oftc.net 1145979584 Q * phreak`` jupiter.oftc.net kinetic.oftc.net 1145979584 Q * bogus jupiter.oftc.net kinetic.oftc.net 1145979584 Q * virtuoso jupiter.oftc.net kinetic.oftc.net 1145979584 Q * ddlp jupiter.oftc.net kinetic.oftc.net 1145979584 Q * daniel_hozac jupiter.oftc.net kinetic.oftc.net 1145979585 Q * ntrs jupiter.oftc.net kinetic.oftc.net 1145979585 Q * kilgur jupiter.oftc.net kinetic.oftc.net 1145979585 Q * kilian jupiter.oftc.net kinetic.oftc.net 1145979585 Q * locksy jupiter.oftc.net kinetic.oftc.net 1145979585 Q * Adrinael jupiter.oftc.net kinetic.oftc.net 1145979585 Q * h01ger jupiter.oftc.net kinetic.oftc.net 1145979585 Q * sannes jupiter.oftc.net kinetic.oftc.net 1145979624 J * Wenix ~wenix@81.7.189.11 1145979624 J * kilgur user@p50811D13.dip0.t-ipconnect.de 1145979624 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1145979624 J * daniel_hozac ~daniel@c-2d1472d5.010-230-73746f22.cust.bredbandsbolaget.se 1145979624 J * ddlp ~ddlp@sarayi.kariva.org 1145979624 J * virtuoso ~s0t0na@80.253.205.251 1145979624 J * bogus ~bogusano@fengor.net 1145979624 J * h01ger ~holger@socket.layer-acht.org 1145979624 J * locksy ~locksy@mrtg.sisgroup.com.au 1145979624 J * sannes ~ace@simula-084.simula.no 1145979624 J * phreak`` ~phreak``@134.68.220.30 1145979624 J * brc bruce@20132181051.user.veloxzone.com.br 1145979624 J * cohan ~cohan@koniczek.de 1145979624 J * kilian kk@projects.verfaction.de 1145979624 J * rmoriz ~roland@195.68.242.245 1145979624 J * SiD3WiNDR luser@bastard-operator.from-hell.be 1145979624 J * gdm ~gdm@64.62.195.81 1145979624 J * [PUPPETS]Gonzo gonzo@langweiligneutral.deswahnsinns.de 1145979624 J * nox ~nox@nox.user.oftc.net 1145979624 J * Adrinael adrinael@hoasb-ff09dd00-79.dhcp.inet.fi 1145979645 M * daniel_hozac ptl_xid: testme requires legacy. 1145979652 Q * bogus Remote host closed the connection 1145979662 J * bogus ~bogusano@fengor.net 1145979669 J * gdm_ ~gdm@64.62.195.81 1145979670 Q * gdm Read error: Connection reset by peer 1145979674 M * derjohn daniel_hozac, he, that's what I expected. 1145979683 M * derjohn (since chbind works) 1145979797 M * daniel_hozac ptl_xid: you could modify line 167 to read: out=`chbind $DYN --ip 127.0.0.1 grep 'V4Root' /proc/self/ninfo` 1145979999 N * gdm_ gdm 1145980075 J * FireEgl Atlantica@2001:5c0:84dc:: 1145980106 J * Dr4g Dr4g@82-40-40-135.cable.ubr06.uddi.blueyonder.co.uk 1145980506 M * ptl_xid ohh... 1145980512 M * ptl_xid lets try 1145980549 M * ptl_xid yeahhhh 1145980566 Q * gdm Quit: leaving 1145980576 M * ptl_xid thanks daniel... so the vserver aws actually working, the problem were testme.sh !! 1145980604 M * SiD3WiNDR heh 1145980605 J * gdm ~gdm@64.62.195.81 1145980606 M * SiD3WiNDR evil :) 1145980832 J * Loki|muh loki@satanix.de 1145981343 J * bonbons ~bonbons@83.222.37.206 1145981363 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1145981567 J * VooDooMaster icechat5@topas.informatik.uni-ulm.de 1145981657 J * sladen paul@starsky.19inch.net 1145982855 N * Bertl_zZ Bertl 1145982858 M * Bertl morning folks! 1145982920 Q * Viper0482 Quit: bin raus, 1145983076 J * Viper0482 ~Viper0482@p54976696.dip.t-dialin.net 1145983459 M * Bertl ptl_xid: hmm? issues with testme.sh? 1145983659 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1145983660 M * Roey hi all 1145983662 M * Roey again 1145983662 M * Roey :) 1145983843 M * Bertl hey Roey! 1145983898 M * Roey hey Herbert!!! 1145983912 M * Roey Bertl: oooh I can't wait for this this ngnet thing 1145983915 M * Roey and openvpn 1145983916 M * Roey :( 1145983959 N * otaku42 otaku42_away 1145984011 M * matta me too!! 1145984035 M * matta i'm surprised lycos doesn't have more interest in ngnet 1145984057 M * Bertl matta: why should they? 1145984068 M * matta they offer VPS hosting 1145984079 M * matta i'm sure it's requested by their customers often 1145984090 M * matta (iptables/qos support, etc) 1145984094 M * Roey ah 1145984111 M * Roey matta: I'd *love* to move our VPN to a vserver and get rid of yet another box. 1145984117 Q * VooDooMaster Quit: Not that there is anything wrong with that 1145984118 M * Bertl matta: IIRC they have a web frontend for iptables and are doing rate management on their own 1145984141 M * matta VPN ? 1145984144 M * Bertl matta: but I might be wrong ... 1145984161 M * matta Roey: oh, I got you 1145984165 M * Roey matta: yeah, OpenVPN is a VPN 1145984175 M * matta Bertl: well, they might do that and be functional 1145984179 M * Roey ok 1145984194 M * matta IMHO not the best solution, but I can see it working 1145984212 M * matta that'd require virtualized tun driver 1145984218 M * matta (for OpenVPN) 1145984236 M * Bertl well, that's basically the same as a virtual network stack 1145984255 M * Bertl unless you do the networking in userspace, which might be possible as well 1145984263 M * matta yeah, if you can do the network stack tun should pretty much come along with it 1145984322 M * Bertl and the problem is not the network virtualization itself, that is rather easy (well, a lot of changes actually, but nothing complicated) 1145984334 M * daniel_hozac Bertl: testme's chbind test requires the legacy networkingAPI. 1145984335 M * Bertl the problem is the resulting overhead, we want to avoid 1145984351 M * matta what about making ngnet a kernel option? 1145984357 M * matta so no overhead if not required 1145984375 M * Bertl thought about that, but that roughly duplicates the code and adds a million ifdefs 1145984393 M * Bertl not sure a separate branch would not fit better there 1145984395 M * matta and how are you sure what the overhead is? if done properly it should be a percent or two 1145984450 A * Roey listens closely 1145984581 M * Bertl matta: no, the problem is that every packet traverses the stack twice 1145984629 M * daniel_hozac Bertl: line 167, wouldn't a grep V4Root /proc/self/ninfo be better? or doesn't that exist in 1.2? 1145984641 M * Bertl matta: basically you send some packet from userspace, it goes into the "guest" stack until it would be sent to network, but instead it is reinjected into a virtual switch/bridge, which reinject it into the host stack 1145984720 M * Bertl daniel_hozac: that doesn't exist in 1.2 but we can use different checks according to the VCI 1145984832 J * ben_ ~B.Lukas@88.134.54.56 1145984838 M * ben_ hello 1145984859 M * daniel_hozac Bertl: yeah, i guess that'll require some rearranging though. 1145984946 M * derjohn nfs-kernel-server vs. nfs-user-server -> which should I use in a guest? Do I need the kernel option? for what is that option? 1145984975 A * derjohn just found unfs3 - User-space NFSv3 Server 1145984978 M * daniel_hozac the NFS tagging option? 1145984980 M * matta Bertl: well, yeah, that makes sense. 1145984982 M * derjohn daniel_hozac, yes 1145984987 M * matta Bertl: have you considered a proxy arp scenario? 1145985031 M * derjohn daniel_hozac, only for xid tagging? 1145985034 M * daniel_hozac IIRC it's for using tagxid NFS mounts, and your NFS server needs to support it (so you'll need to use the kernel server on a vserver kernel). 1145985043 M * matta similar to xen... where each eth* device in a vserver maps to a virtual device on the host 1145985052 M * matta then linux routing takes care of it 1145985067 M * derjohn daniel_hozac, OMG, no in this case I trust all hosts and guest .. no XID Tagging needed 1145985068 M * Bertl matta: Xen also traverses the network stack twice 1145985073 M * matta and the routing table it a lot faster than iptables 1145985092 M * matta Bertl: I believe OVZ does the same, so it seems to be socially acceptable. 1145985106 M * Bertl depends on who wants to accept it :) 1145985158 M * Bertl I'm more thinking on extending the isolation principle to other areas like iptables and such 1145985282 Q * derjohn Remote host closed the connection 1145985406 Q * lilalinux_ Ping timeout: 480 seconds 1145985473 M * Bertl okay, leaving now .. will be back later 1145985492 N * Bertl Bertl_oO 1145985986 J * lilalinux_ ~plasma@dslb-084-059-001-025.pools.arcor-ip.net 1145986764 M * micah what are the units in /proc/virtual//limits? 1145986883 Q * lilalinux_ Remote host closed the connection 1145986993 M * daniel_hozac micah: it depends on the limit :) 1145987079 M * micah daniel_hozac: I guess I'm wondering about VM and RSS specifically 1145987098 M * daniel_hozac those are in pages. 1145987120 M * micah its number of pages, right... which is bytes? or no 1145987124 J * Hondo ~Hossa@212.110.98.7 1145987157 M * daniel_hozac a page is 4096 bytes on x86. 1145987161 J * lilalinux ~plasma@dslb-084-059-001-025.pools.arcor-ip.net 1145987208 M * micah ok, so if a graph base is 1024k, then those numbers should be multiplied by 4096 1145987419 M * h01ger daniel_hozac, how to find out the size on other archs? 1145987508 Q * DaKoba Ping timeout: 480 seconds 1145988000 J * matt1 ~matta@c-68-32-239-173.hsd1.pa.comcast.net 1145988335 Q * matta Ping timeout: 480 seconds 1145988511 J * _coocoon_ ~coocoon@p54A06001.dip.t-dialin.net 1145988537 M * _coocoon_ hello 1145989176 M * daniel_hozac h01ger: getpagesize(). 1145989217 M * h01ger daniel_hozac, munin-scripts are usually written in bash or perl, so something in /proc would be nicer :) 1145989256 M * daniel_hozac h01ger: i don't think there's anything like that. 1145989356 M * h01ger what popular archs have a different page size than 4096 ? (to hardcode a workaround :() 1145989416 M * daniel_hozac other architectures have a selectable page size. 1145989447 M * h01ger nice :-() 1145989453 M * daniel_hozac grep 'define[ ]*PAGE_SHIFT' include/asm-*/page.h 1145989638 M * h01ger if the source is there.. 1145989674 J * derjohn ~derjohn@80.69.37.19 1145989717 M * daniel_hozac no, that's just to show you the different page sizes. 1145990101 M * h01ger ah 1145990281 M * daniel_hozac are you sure perl doesn't have a getpagesize() function? Python has one, IIRC. 1145990370 M * h01ger actually i dont know much perl and wrote the plugin in bash, but i'm counting for micah on perl :) 1145990378 M * micah oh oh 1145990389 M * h01ger hehe 1145991204 M * daniel_hozac perl -MPOSIX -e 'print POSIX::sysconf(_SC_PAGESIZE), "\n";' seems to do it here. 1145992381 Q * phreak`` Quit: gone till Friday 1145992487 Q * ben_ Quit: 1145992506 P * Roey Leaving 1145995102 M * Viper0482 hi 1145995118 M * Viper0482 is it possible to group some vserver 1145995119 M * Viper0482 s 1145995191 M * Viper0482 like in the vservers-default init script, to mark them with a different mark and start or stop them in a group 1145995207 M * daniel_hozac yes. 1145995297 M * Viper0482 echo basic > /etc/vservers//apps/init/mark something like this? 1145995418 M * daniel_hozac yes. 1145995912 J * doener ~doener@i5387C7F7.versanet.de 1145995955 M * derjohn doener, want it you with the dual core 3800 + sata disk setup ? 1145995977 M * doener sorry? 1145996001 M * doener s/want/was/ ? 1145996022 M * derjohn someone mentioned having such a machine and I got stuck with a asus a8v-vm san stata disks 1145996034 M * derjohn yes s/want/was/ 1145996042 M * doener 4400+, but yes 1145996051 M * derjohn Which board? 1145996057 M * derjohn going p-msg 1145996125 Q * eyck Ping timeout: 480 seconds 1145996160 M * daniel_hozac i've got a dual core 3800+ :) 1145996858 M * derjohn daniel_hozac, which board chipset? 1145996941 Q * Viper0482 Quit: bin raus, 1145997041 M * derjohn vt8251 ? 1145997175 N * BobR_afk BobR 1145997458 N * BobR BobR_zZ 1145997491 M * daniel_hozac no, nforce 430 MCP. 1145997555 M * ptl_xid I had problems with a nforce 4 AMD X2 4200+... I had to use a i386 distro... sata didn't work 1145997576 M * daniel_hozac i've had no problems at all. everything worked fine out of the box. 1145997596 M * derjohn daniel_hozac, sata disks? via vt8251? 1145997608 M * derjohn if so, which fc did you install :) ? 1145997630 M * daniel_hozac 22:38 < daniel_hozac> no, nforce 430 MCP. 1145997633 M * daniel_hozac ;) 1145997646 M * derjohn ah, yes :/ 1145997669 M * daniel_hozac i've got FC5 installed on it. 1145997671 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1145998512 J * eyck eyck@ghost.anime.pl 1145998900 Q * _coocoon_ Ping timeout: 480 seconds 1145999071 J * _coocoon_ ~coocoon@p54A0634E.dip.t-dialin.net 1146000109 Q * gerrit Ping timeout: 480 seconds 1146000496 J * Aiken ~james@tooax8-027.dialup.optusnet.com.au 1146000574 M * _coocoon_ what does that mean if bertl is oO 1146000619 M * doener out of order/office 1146000633 M * _coocoon_ ah 1146000634 M * _coocoon_ ok 1146000643 M * _coocoon_ so he will not come tonight 1146000867 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1146001117 M * doener it just means he's not around. the above is his explanation for the "_oO" suffix. 1146001333 M * _coocoon_ ok thanx 1146001381 Q * lilalinux Remote host closed the connection 1146001889 N * Bertl_oO Bertl 1146001895 M * Bertl evening folks! 1146001921 M * _coocoon_ hello bertl 1146001938 M * Bertl hey _coocoon_! 1146002211 Q * gerrit Ping timeout: 480 seconds 1146002475 J * coocoon3 ~coocoon@p54A07A8E.dip.t-dialin.net 1146002560 Q * _coocoon_ Ping timeout: 480 seconds 1146002800 Q * bonbons Quit: Leaving 1146002973 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1146003322 J * _coocoon_ ~coocoon@p54A06850.dip.t-dialin.net 1146003505 Q * coocoon3 Ping timeout: 480 seconds 1146004457 Q * matt1 Ping timeout: 480 seconds 1146004613 Q * gerrit Ping timeout: 481 seconds 1146004990 M * derjohn micah, ping 1146004996 M * micah pong 1146005005 M * derjohn uh that one was fast ;) 1146005009 M * micah :) 1146005020 M * micah i was just pulling in the gpl'd version of the bash completion 1146005062 M * Bertl how smart is the bash completion now? 1146005064 M * derjohn I like to compile 2.6.16-1-vserver from the sid sources with make-kpkg, patches applied before ... with apt-get source I get linux-2.6-2.6.16 not a linux-2.6-2.6.16-vsrever ? 1146005089 M * derjohn Bertl, IMO it got worse than before (overfeatures) but works 100% nice ! 1146005119 M * derjohn i.e. if you type vserver TABTAB if will let you set vserver --debug as first arg. 1146005143 M * micah derjohn: were you needing something? 1146005149 M * derjohn i would expect ony the guests names ... but that only cosmetic 1146005158 M * micah oh, I see, you are asking a question about the kernel compiling 1146005190 M * derjohn micah, patches??? after trying 4 houres out , I finally found a patch for the via vt851 SATA controller: http://www.geocities.com/rajahuroman/main.html?200626#Newdiffs 1146005196 M * derjohn *vt8251 1146005200 M * micah derjohn: i dont know the answer to that question, the vserver kernel is a "flavor" and its a new thing that waldi has done, and I have not investigated it yet 1146005217 M * micah derjohn: I'm lost 1146005253 M * derjohn micah, sad ;( I see the VS patches in debian/pactches so I fire a std make-kppg -..... lets see what comes out. 1146005256 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1146005266 Q * mkhl Quit: 1146005500 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1146005533 M * derjohn h01ger, maybe you could gibt me a hint about that howto do that? 1146005689 M * derjohn Bertl, did you see http://kerneltrap.org/node/6492 ? 1146005724 M * derjohn Andrey Savochkin: First of all, OpenVZ is a completely different project than VServer and has different code base. OpenVZ has bigger feature set (including, for example, netfilter support inside VPSs) and significantly better isolation, Denial-of-Service protection and general reliability. Better isolation and DoS protection comes from OpenVZ resource management system, which includes hierarchical CPU scheduler and 1146005729 M * derjohn big words .... 1146005746 M * daniel_hozac derjohn: check the first comment. 1146005750 M * Bertl :) 1146005764 M * Hollow olla * 1146005784 M * derjohn daniel_hozac, *lol* ok 1146005802 M * Bertl derjohn: I guess that answers your question ... 1146005802 A * derjohn rarlely read the trolling ... :) 1146005837 M * Bertl brc: ping? 1146006392 M * brc BERTL! 1146006397 M * brc i am here :) 1146006475 M * Bertl ah, good, just wanted to check if you want to test tonight? 1146006493 M * Bertl (no problem if not) 1146006522 M * brc yes we can test it 1146006532 M * brc what should i do ? 1146006556 M * micah hmm, I'm wondering what limits to place on a new vserver that I dont know what the resource usage will be 1146006585 M * Bertl brc: well, last time, IIRC, we tested the modified quota hases on ext2, vs the old/mainline approach, right? 1146006604 M * daniel_hozac micah: none? 1146006609 M * brc we tested on a unpatched kernel vs. patched kerenel 1146006611 M * Bertl brc: IIRC, you updated the scripts in the meantime, to do additional checks 1146006622 M * brc Sorry not yet, have been really busy on work 1146006630 M * daniel_hozac micah: or some "it should never use this much" style limits. 1146006646 M * brc The script's update are on the top of my todo list 1146006661 M * brc We can test with the new patches and then i would re-run the tests (with group / etc) onall of them again 1146006663 M * micah daniel_hozac: thats what I am trying to figure out, because I have a feeling that this vserver could impact the others negatively 1146006671 M * Bertl brc: ah, okay, well, we could now try to add a second hash and adjust the system to use them 1146006701 M * Bertl brc: would require that you get quota running _inside_ a guest with the current patches 1146006701 M * micah daniel_hozac: do you have a good method of calculating the numbers for "this much" in "it should never use this much"? :) 1146006744 M * Bertl micah: check out the /procvirtual//limits 1146006752 M * brc With the patches i already have or other ones ? 1146006766 M * Bertl micah: it gives you the 'currently' used as well as the max observed values 1146006778 M * micah Bertl: yes, but as I said, this vserver has not even been started yet 1146006786 M * daniel_hozac micah: well, something like half the amount of RAM for RSS would seem reasonable. 1146006791 M * Bertl brc: with the ones you already have, just one guest, and just one quota setup, but from _inside_ 1146006815 M * brc ok gonna run it now 1146006816 M * daniel_hozac micah: what limits in particular are you looking at? 1146006833 M * micah daniel_hozac: what about VM and CPU? 1146006857 M * Bertl brc: for the first step, it's probably the best to copy the real device into the guest (instead of messing with the vroot device) 1146006893 M * micah daniel_hozac: well... I had a situation where I created a vserver for someone and that night before it had ran much they installed some software that essentially made the host unresponsive, so I'm looking for a good base number for whatever limits I need to start a vserver with so I dont get crushed again 1146006910 M * daniel_hozac micah: just one CPU? i guess 50% with a rather high burstability would make the most sense. 1146006920 M * micah daniel_hozac: no, two CPUs 1146006934 M * daniel_hozac you could just limit the guest to one CPU then, initially at least. 1146006936 M * micah two PIII 1gighz 1146006978 M * daniel_hozac until you have some more appropriate limits. 1146006987 M * micah so would setting RSS at 50% of available, and 50% CPU with a high burst be enough? Or should I also set a limit on VM? 1146006989 M * brc Bertl: ok 1146007028 M * daniel_hozac well, lots of VM won't really be a problem. 1146007036 M * Bertl micah: ah, cpu limits? 1146007189 M * micah Bertl: yes, this person has told me that they are experiencing high cpu usage (load average of 3-4 on a P3 750) so I want to make sure I dont start off wrong :) 1146007244 M * daniel_hozac micah: i guess the real question is, how much are you willing to dedicate to that user? 1146007297 M * micah daniel_hozac: no more than 1/4th of the available resources at any given time 1146007345 M * daniel_hozac micah: so set that as the limit. 1146007360 M * derjohn micah, I guess it's --subarch foo ... i.e. --subarch vserver 1146007495 M * micah daniel_hozac: hmm, yeah that makes sense.... if I have 2596500k total available memory would I just put 649125 in /etc/vservers//rss ? 1146007527 M * micah or is it under rlimits now? 1146007585 M * daniel_hozac it's always been under rlimits :) 1146007591 M * Bertl ad cpu limits: once you decided on a fraction, make the numerator and denominator match the range 20-500 1146007612 M * daniel_hozac but the limit is in pages, IIRC. 1146007619 Q * gerrit Ping timeout: 480 seconds 1146007659 M * Bertl well, maybe 10-500 in low cpu cases 1146007665 M * micah daniel_hozac: ah, then this page is incorrect: http://linux-vserver.org/Memory+Allocation, because it says "/etc/vservers//rss" 1146007730 M * daniel_hozac micah: http://linux-vserver.org/Resource+Limits 1146007739 M * micah daniel_hozac: how do I calculate the number of available pages? Is it just avail_memory/page_size ? 1146007760 M * micah ah, perfect, thanks 1146007774 M * micah there is the answer to my pagesize question 1146007875 M * micah seems like avail_memory/page_size will give me the available pages, and then divide that by 4 will give me 1/4th of the available memory, right? 1146007954 M * Bertl you might want to allow roughly half of the RSS, and provide additional swap space 1146008051 M * micah because limiting to 1/4 will be too strict? 1146008094 M * brc Bertl: i am installing the utils and setting up a vs on the test enviroment. 1146008155 M * Bertl okay, good 1146008209 M * h01ger derjohn, hint/howto about what? the plugins? 1146008214 A * h01ger waves 1146008314 M * micah hmm, no number of available pages is not avail_memory/page_size 1146008325 M * derjohn h01ger, well I like to build "waldi's" debian kernel including vserver support. It seems that vserver is a subarch/flavor of the one unified kerel source package. I tried make-kpkg --append-to-version vserver --subarch vserver --initrd buildpackage, but this does not patch the .config ... 1146008325 M * daniel_hozac micah: how so? 1146008351 M * derjohn h01ger, I thought you might know the secret steps .... 1146008382 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1146008394 M * micah daniel_hozac: I think its supposed to be avail_memory/pagesize(1024*1024) 1146008434 M * daniel_hozac micah: if avail_memory is in mebibytes, yes... 1146008493 M * micah daniel_hozac: well, lets say 1gigabyte is 1048576 kilobytes, so 1048576/4096*(1024*1024) will give you 268435456 pages 1146008501 M * h01ger derjohn, i dunno, sorry. but waldi is here, ping :) 1146008512 M * micah err, I am on crack 1146008522 M * derjohn he's marked 'away' 1146008536 M * h01ger he'll come back 1146008576 M * micah a machine with a page size of 4KB and 1GB of physical memory there are 262,144 pages 1146008623 M * micah but 1048576/4096 gives you only 256 pages 1146008624 M * daniel_hozac exactly. 1146008639 M * daniel_hozac that's because 1048576 is kibibytes. 1146008642 M * daniel_hozac 4096 is bytes. 1146008646 M * daniel_hozac divide by 4. 1146008655 M * micah kibibytes, aren't those food? :) 1146008672 M * daniel_hozac heh. 1146008680 M * micah you mean kilobits 1146008698 M * derjohn h01ger, maybe you know that: if there is rules.defs -> with which dh_* will that create a rules? 1146008718 M * h01ger nope :( 1146008731 M * daniel_hozac micah: no, that's just 1000 bits :) 1146008754 J * matta ~matta@c-68-32-202-140.hsd1.pa.comcast.net 1146008782 M * h01ger derjohn, the debian kernel build system is pretty complicated^wsophisticated and i havent looked at in at least 3 month :( 1146008796 M * doener micah: kilobyte = 1000 byte, kibibyte = 1024 bytes 1146008803 M * Bertl welcome matta! 1146008849 M * doener and in your case, you forgot to multiply by 1024, you need the ram size in bytes if you divide by page size in bytes 1146008865 M * micah 1048576 * 1024 / 4096 1146008904 M * micah i need to not do math when I am at a caffeine low 1146009032 J * mkhl ~mkhl@200-148-41-165.dsl.telesp.net.br 1146009064 M * micah Bertl: I am interested in your reasoning as to why you recommend 50% RSS when I am looking to provide only 1/4 of the available resources 1146009067 M * Bertl welcome mkhl! 1146009100 M * Bertl micah: well, a hard limit on RSS will start killing processes inside the guest once the limit is reached 1146009115 M * micah ahh, its a hard limit, good point 1146009119 M * Bertl micah: and usually that resource is not so critical 1146009124 M * matta it's the same with vsize... 1146009141 M * matta what is the recommended rss/vsize ratio these days anyway? 1146009174 M * micah matta: vsize as in VM, or VML? 1146009175 M * matta x / x*2 ? 1146009210 M * matta well, VM is VSIZE and VML is locked pages which should be a much lower limit 1146009242 M * micah matta: VML maybe the same as RSS? 1146009247 M * daniel_hozac no. 1146009257 M * Bertl VML is locked pages 1146009257 M * daniel_hozac VML is really _locked_ into RAM. 1146009285 M * brc Bertl: Running tests! 1146009287 M * micah http://linux-vserver.org/Resource+Limits shows VML and RSS being set to the same limits, probably should be less 1146009295 M * matta usually 64 pages is a good limit for VML 1146009363 M * brc Oops. problems 1146009364 M * matta er, actually more like 6.4 pages 1146009372 M * brc Bertl: setquota wont work on / 1146009380 M * brc sorry, i should set it on /dev/hda :) 1146009381 M * brc hehe 1146009387 M * micah ok, i'm going to go with 64 pages for VML, 50% available pages for RSS, VMZ = RSS / RSS*2 1146009399 M * micah matta: can you set fractional pages? 1146009422 M * matta 64 * 4096 is 256MB 1146009428 M * brc Bertl need your help 1146009429 M * brc setquota: Can't find mountpoint for device /dev/hda2 1146009438 M * matta 6 * 4096 is a much more practical limit 1146009445 M * brc should i create some kind of fake fstab , mtab or something like that ? 1146009449 M * matta hrm 1146009453 M * daniel_hozac matta: more like 256 KiB. 1146009453 M * matta Bertl... 1146009474 M * matta daniel_hozac: it depends if the limit is in kbytes or not 1146009482 M * micah matta: limit is in pages 1146009483 M * daniel_hozac the limit is in pages. 1146009515 M * matta yeah, we just went over that 1146009517 M * daniel_hozac x * (pagesize in bytes) will give you x pages in bytes. 1146009535 M * matta pagesize on x86 is 4096 1146009554 M * daniel_hozac which makes 64 pages 256 KiB. 1146009565 M * matta yeah, I added wrong here for that