1147307588 J * shedi ~siggi@inferno.lhi.is 1147307680 Q * harti Quit: Client exiting 1147308661 M * Skram anyone used like TC in a VServer environment 1147308683 M * Skram i want to test giving a vps a maximum of 3mbit. (in or out) 1147308691 M * gdm tomcat? yeah, i know ppl who have 1147308907 M * Skram ? 1147308910 M * Skram tomcat? 1147309449 Q * odedra Read error: Connection reset by peer 1147310539 J * sam_ ~sam@ip-66-254-43-49.mqdsl.megaquebec.net 1147310541 M * sam_ hi 1147310546 M * Bertl welcome sam_! 1147310599 M * sam_ Bertl: i've listen to your WTH presentation, nice topo 1147310619 M * Bertl k :) 1147310631 M * sam_ also nice water sound effect 1147310655 M * sam_ hey, do you known if the concept of process contextualisation come from Jacques Gelinas (late 2001) 1147310799 M * sam_ anyone else known? 1147310813 T * services.oftc.net http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc19 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)' 1147310823 M * sam_ i'm writing a small summary of the vserver 1147310826 M * micah i'm going to convert a host to a vserver guest, and was thinking something like: 'rsync -az --numeric-ids --exclude /dev --exclude /proc / newlocation:/vservers/guest' would suffice, any opinions on better ways? 1147310840 M * Bertl sam_: afaik, the idea was taken from BSD jails 1147310846 M * sam_ ok 1147310862 M * sam_ thank you Bertl 1147310894 M * Bertl the early vserver project did consist of a 'secured chroot' (which was not secure :) and pid isolation 1147310917 M * Bertl a little later network isolation and the basic idea to unification was born 1147310989 M * sam_ ok, so are you the maintainer since the creation of linux-vserver.org? 1147311013 M * Bertl sam_: but best to ask Jacques Gelinas or mugwump for details regarding the early history ... 1147311041 M * Bertl sam_: yes, when Jack vanished (personal issues) I took over maintainership 1147311088 M * sam_ yes, I 'known' Jacques but it takes weeks before to get a response from him, hehe 1147311144 Q * cehteh Ping timeout: 480 seconds 1147311217 M * micah hm, I know people have done this, but I must be searching for the wrong words 1147311254 M * Bertl micah: -axH --numeric-ids 1147311433 M * sam_ Bertl: what about the future? 1147311446 M * Bertl what about it? :) 1147311506 M * sam_ i mean, a couple of things you would like to see in the project? 1147311550 M * ray6 reeee 1147311563 M * Bertl well, we are constantly adding new stuff, so all I like to see there, I simply implement ... 1147311565 M * micah Bertl: thanks 1147311569 M * micah I knew I was missing one 1147311643 M * Bertl sam_: but of course, things I do not focus on (currently) but I'd like to see added include: more structured documentation, a web interface for control and graphing, userspace enhancements, more distro/packaging support 1147311667 M * sam_ nice 1147311681 M * sam_ ah! about the web interface, what's the ben's interface? 1147311691 M * sam_ I saw some notes in a wiki about that 1147311710 M * Bertl that seems to be the first approach to an open source Linux-VServer web interface 1147311722 M * sam_ ok, it's available? screen shot a least? 1147311739 M * Bertl not from me, but we had it running on LinuxTag :) 1147311750 M * sam_ i would like to show that interface tomorrow 1147311763 M * sam_ ok ok, nice 1147311769 M * Bertl so while it might not be perfect, it is already working 1147311847 M * sam_ I'll not use it, I don't want to scare people with command line (most of my presentation will use command line of course!) 1147312330 M * Bertl sam_: was it you who asked for the logo? 1147312365 M * brc_ Bertl 1147312412 M * brc_ did anything related to network (connect to localhost) change from vs2.0.1.3 to vs2.1.1-rc19 ? 1147312450 M * Bertl yes, a lot of things changed there 1147312508 M * Bertl around 2.1.1-rc6 or so we started cleaning up the network code 1147312513 M * brc_ Hmm! 1147312519 M * brc_ I am having a big problem 1147312529 M * Bertl hmm? 1147312535 M * brc_ a connectiong originated from the vserver itself to the vserver had sourceip=127.0.0.1 1147312540 M * brc_ and now it has the sourceip=vserver_ip 1147312575 M * brc_ Isn't that it ? 1147312583 M * Bertl yep 1147312602 M * brc_ Is there a way (without recompiling kernel) to go back to the old behaviour ? 1147312606 M * brc_ Lot of stuff stopped working 1147312613 M * brc_ MySQL clients connectiong to localhost 1147312627 M * brc_ Daemons that would just accept 127.0.0.1 1147312634 M * Bertl what does your /etc/hosts contain as localhost? 1147312665 M * brc_ i am connecting to 127.0.0.1 not "localhost" 1147312672 M * brc_ and localhost points to 127.0.0.1 1147312690 M * Bertl try to change that to the first ip of the guest 1147312730 M * brc_ Didn't help 1147312735 M * brc_ I think you didn't get the problem 1147312750 M * brc_ Let's say a connection is stablished from the vserver to itself 1147312765 M * brc_ I have two options there, 1) Connect to vserver ip 2) connect to 127.0.0.1 1147312791 M * brc_ On the older patches when i connected to 127.0.0.1 the SOURCEIP from this TCP connection was 127.0.0.1 1147312795 M * brc_ now the sourceip is the vserver_ip 1147312803 M * brc_ Some daemons only accept connections originated FROM 127.0.0.1 1147312812 M * brc_ But now source_ip=vserver_ip 1147312815 M * brc_ and they are all refusing 1147312992 M * Bertl hmm, let me check the changes, sec 1147312998 M * brc_ ok 1147313225 M * Bertl this is probably the one which bites you: http://vserver.13thfloor.at/Experimental/delta-losrc-fix01.diff 1147313256 M * Bertl but it is actually correct, as previously only the destination was rewritten, which gave strange inconsistencies 1147313311 M * Bertl now both are rewritten (for now, until the lo patches are there) which is consistant behaviour 1147313358 M * brc_ Bertl 1147313371 M * brc_ All hostings that use linux-vserver will have problems 1147313389 M * brc_ With this behavior 1147313405 M * Bertl well, you are the first one reporting any since those changes were added 1147313414 M * brc_ No one has upgraded yet 1147313417 M * brc_ but be sure they will 1147313438 M * brc_ You just need to imagine the number of services that only allow connectinos from 127.0.0.1 1147313455 M * brc_ the new kernel was up yesterday and i've found problems with MySQL and VHCS 1147313460 M * brc_ :( 1147313484 M * brc_ I dont know if my opinion counts here .. hehe 1147313516 M * Bertl well, I value your input, and we might make that a compatibility option ... 1147313547 M * brc_ Ok thanks bertl :) 1147313561 M * Bertl but IMHO the real fix is not to depend on this misbehaviour 1147313598 M * Bertl there is nothing wrong with allowing the guest IP instead of 127.0.0.1, which is (currently) not allowed inside a guest 1147313601 M * brc_ I am just afraid because i've been using linux-vserver for some time and as it is not a full virtualization (like UML and others) small changes can have big impacts. never though about that 1147313636 M * brc_ The probelm is that the daemons are created around the world and we can't tell people not to use 127.0.0.1 . :( 1147313646 M * Bertl I agree, we will definitely discuss this tomorrow (and before the final release) 1147313673 M * Bertl maybe we find a smart solution which satisfies everyone ... 1147313688 M * brc_ I am making some workarounds here, setting up ARGV[1] to receive the IP of the vserver and replaces it on 127.0.0.1 :) 1147313694 M * brc_ (on the daemons) 1147313722 M * Bertl interesting 1147313743 M * Bertl why not use localhost, and have that point to the first IP in /etc/hosts? 1147313762 M * Bertl (that's what I and probably many other folks are doing since a few years) 1147313831 M * Bertl the only service which required a real change was the bind9 control client (simple change in config file) 1147313887 M * Bertl but as I said, we will test and discuss this soon ... thanks for your feedback 1147313934 M * Bertl I'm off to bed now as I'm very tired ... have a good one everyone! cya tomorrow! 1147313940 M * brc_ The problem is that changing localhost on the hosts won't help 1147313944 M * brc_ Because the SOURCE ip will be the same 1147313956 M * brc_ ok bertl, i stil owe you those quota stuff 1147313956 M * brc_ hehe 1147313964 M * brc_ but as you see i am with lot of oding in my head :) 1147313966 M * Bertl yes, it will be localhost (the source ip) 1147313980 M * Bertl localhost = first ip = localhost 1147313990 M * brc_ it will be host localhost but not 127.0.0.1, which is what the services want 1147314016 M * Bertl as no service really hardcodes 127.0.0.1 (and no service should do that) it was fine so far 1147314039 M * Bertl anyway, off to bed ... back tomorrow :) 1147314045 N * Bertl Bertl_zZ 1147314122 M * ray6 n8 Bertl 1147314832 Q * id23 Ping timeout: 480 seconds 1147314881 M * brc_ hehe got it to work, nice workaround 1147315446 Q * mountie Quit: LUNCK! 1147316269 Q * BenBen Ping timeout: 480 seconds 1147316304 Q * cemil Ping timeout: 480 seconds 1147316514 J * BenBen ~benny@defiant.wavecon.de 1147316547 J * cemil ~cemil@defiant.wavecon.de 1147316550 J * coke ~after@200.96.91.159 1147317930 Q * sam_ Quit: User abort with 5 Ctrl-C's 1147318532 J * sam_ ~sam@ip-66-254-43-49.mqdsl.megaquebec.net 1147319517 Q * doener__ Quit: leaving 1147320229 M * coke hey 1147320229 M * coke [root@server vservers]# vserver vps01 enter 1147320230 M * coke 'vserver ... suexec' is supported for running vservers only; aborting... 1147320231 M * coke why? 1147320251 M * coke i got errors trying to start .. 1147320464 M * Skram hey all 1147320483 M * Skram [clive@redhat clive]$ cat /etc/fstab 1147320483 M * Skram /dev/sda1 / ext2 defaults 1 1 1147320483 M * Skram /dev/sda6 /home ext2 defaults,usrquota,grpquota 1 2 1147320483 M * Skram /dev/sda5 swap swap defaults 0 0 1147320490 M * Skram will that work INSIDE a vps' /etc/fstab 1147320499 M * Skram well, /etc/vservers/name/fstab (on the host) 1147321368 M * coke any ? 1147321418 M * Skram what error, coke? 1147322101 J * FireEgl Atlantica@Atlantica.DollarDNS.Net 1147322261 J * odedra ~oded@bzq-84-108-241-136.cablep.bezeqint.net 1147322407 M * coke Skram how to put tagxid on my partition 1147322505 M * Skram er... depends onyour fs. 1147322508 M * Skram i dont know, i dont do it,. 1147322514 M * coke hm ok 1147323036 Q * coke Quit: Conecte-se por /server irc.viairc.com.br 1147324984 J * kestrel ~athomas@vsrouter.swapoff.org 1147324987 M * kestrel hi 1147325012 M * hillct kestrel: hi 1147325022 M * kestrel anybody running vserver with the linux tracing toolkit patch? 1147325041 M * kestrel we're getting high i/o load on the box but have no real way of narrowing down what is causingi t 1147325217 M * kestrel and also, does vs 2.0.1 work with 2.6.15 or .16? 1147325300 M * tokkee kestrel: I'm not sure if 2.0.1 works with .15 or .16 - you might just wanna try to apply the patch, however I think it's not gonna work. 1147325316 M * tokkee kestrel: However, there will be a new stable release (2.0.2) pretty soon. 1147325354 M * kestrel mmm many rejects 1147325392 M * kestrel ok 1147325411 M * kestrel are there snapshots for that? 1147325689 Q * ntrs Ping timeout: 480 seconds 1147325907 Q * shedi Ping timeout: 480 seconds 1147326943 N * otaku42_away otaku42 1147327209 J * dna ~naucki@dialer-154-112.kielnet.net 1147327801 M * kestrel otaku 1147327810 Q * s0undt3ch Remote host closed the connection 1147327813 M * kestrel you're everywhere :) 1147327835 M * otaku42 kestrel: nope, but i'm at places that are interesting :) 1147327853 M * kestrel :) 1147327872 M * kestrel does "soon" for 2.0.2 mean days, weeks, ?? 1147327883 M * tokkee kestrel: It means days. 1147327888 M * kestrel ah 1147327889 M * sid3wind1 :) 1147327895 M * kestrel hmm maybe i should hold off on the upgrade 1147327898 M * tokkee kestrel: There are rc's available... 1147327949 M * kestrel aha 1147327950 M * kestrel rc19 1147327965 M * kestrel i'm running 2.0rc4 atm 1147328184 M * tokkee rc19 might already make it for stable... 1147328769 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1147328889 M * kestrel mmm 1147328892 M * kestrel rejects with ltt 1147329783 J * s0undt3ch ~s0undt3ch@bl7-240-201.dsl.telepac.pt 1147330535 J * _coocoon_ ~coocoon@p54A076C6.dip.t-dialin.net 1147330548 M * _coocoon_ morning 1147330587 M * daniel_hozac morning. 1147330917 Q * nokoya Ping timeout: 480 seconds 1147330998 J * nokoya ~young@hi-230-82.tm.net.org.my 1147331555 M * eyck hmm, I'm not the only one using 2.4 kernel 1147331655 M * daniel_hozac yeah, i think there's one other person... Venomous IIRC. 1147331659 M * daniel_hozac ;) 1147331739 M * eyck and all the others are changing kernels every 36 hours? 1147331749 J * shedi ~siggi@inferno.lhi.is 1147331764 M * eyck interesting, very efficient way of spending time 1147331765 M * daniel_hozac on a good day, every 5 hours! :) 1147331796 M * eyck sounds like fun. 1147331836 M * eyck on the similiarly humorous note, I saw 'servers' running windows 98 ;) 1147331871 M * daniel_hozac lol, really? 1147331902 M * daniel_hozac what were they serving? 1147331967 J * Oli ~skycode@212.224.238.51 1147331978 Q * kestrel Quit: No windows for this server 1147331994 M * eyck hmm, enterprise data, obviously 1147332336 Q * hillct Ping timeout: 480 seconds 1147333205 J * id23 ~id@p54A023F0.dip0.t-ipconnect.de 1147333702 J * pagano ~pagano@lappagano.cnaf.infn.it 1147334088 J * coocoon3 ~coocoon@p54A0715A.dip.t-dialin.net 1147334202 Q * _coocoon_ Ping timeout: 480 seconds 1147334341 Q * Oli Quit: Oli 1147334452 J * owyeah ~owyeah@80.112.195.114 1147334471 M * owyeah hi anybody awake? :D 1147334537 M * owyeah i was wondering if it is possible for the guest system to receive it's IP through DHCP 1147334719 M * eyck hmm, you would have to handle this on the host 1147334875 J * [1]owyeah ~owyeah@80.112.195.114 1147334918 M * [1]owyeah ? 1147335064 P * [1]owyeah 1147335154 Q * owyeah Ping timeout: 480 seconds 1147336087 Q * Greek0 Ping timeout: 480 seconds 1147337345 Q * shedi Quit: Leaving 1147338068 Q * nebuchadnezzar Remote host closed the connection 1147338106 J * cehteh foobar@cehteh.homeunix.org 1147338300 J * nebuchadnezzar ~nebu@zion.asgardr.info 1147340931 J * owyeah2 ~owyeah2@80.112.195.114 1147340940 M * owyeah2 hi, anybody here? 1147340959 M * daniel_hozac yep. 1147340965 M * owyeah2 nice :D 1147340973 J * Greek0 ~greek0@85.255.145.201 1147340991 M * owyeah2 is it possible to use dhcp for a guest os? 1147341001 M * daniel_hozac 10:05 < eyck> hmm, you would have to handle this on the host 1147341022 M * owyeah2 i read something about capabilities that should be given to the guest? 1147341064 M * owyeah2 the host can be configured with a fixed ip if that's needed 1147341133 M * owyeah2 i also read something about routing the traffic throug the hosts iptables but how can multiple guests use the same port in that configuration? 1147341133 M * daniel_hozac it's better to just give the guest a private IP address, and NAT it. 1147341173 M * owyeah2 yes but if i have 4 guests that all run SSH/apache how can i reach them individually? 1147341201 M * daniel_hozac you'd just get 4 IPs on the host, just like you would if you'd use DHCP for the guests. 1147341211 M * daniel_hozac and rewrite all 4. 1147341315 M * owyeah2 hmmm but when i want to access a guest from the "outside" i need to http://hostname 1147341333 M * owyeah2 but how does the host know which guest to forward the request to? 1147341375 M * daniel_hozac if your host gets x.x.x.2, x.x.x.3, etc. and you have privates on y.y.y.2, y.y.y.3, etc. it's a one to one mapping. 1147341435 M * owyeah2 ooh ok.. so what you're saying is that i need to give the hosts multiple IP adresses 1147341554 M * owyeah2 or isn't that what you're saying? :D 1147341585 M * daniel_hozac as all networking happens on the host, yes. 1147341646 Q * sladen Ping timeout: 480 seconds 1147341692 M * owyeah2 but if I only have one public IP I can use? 1147341738 M * eyck you still 'vgot lots of private addressess 1147341757 M * daniel_hozac then you'll need NAT either way, if you want your guests to be publicly accessible. 1147341787 J * shedi ~siggi@tolvudeild-201.lhi.is 1147341794 M * owyeah2 yes that's true but how can i distinctly forward the requested ports to the guests? e.g. when a computer wants to connect to apache on guest 4 1147341817 M * daniel_hozac different ports, just like you would if you had a bunch of real servers. 1147341819 M * owyeah2 while guest 5 also has apache :P 1147341837 M * owyeah2 ok :D 1147341895 M * owyeah2 so i've got 2 options 1) get multiple IP's for the host and forward 1-1 to the guests 2) NAT and use a new port for every service 1147341899 M * owyeah2 ? 1147341919 J * sladen paul@starsky.19inch.net 1147341923 M * daniel_hozac pretty much, yeah. 1147341938 M * owyeah2 but why can't i use dhcp? 1147341959 M * daniel_hozac uh, you can. 1147341983 M * owyeah2 if i say dhcp eth0 in a guest linux complains about: 1147341985 M * owyeah2 SIOCSIFFLAGS: Permission denied 1147341985 M * owyeah2 Open a socket for LPF: Operation not permitted 1147341985 M * owyeah2 exiting. 1147342004 M * daniel_hozac of course, because a guest cannot do that. 1147342012 M * daniel_hozac since all the networking happens on the host. 1147342036 M * owyeah2 hmmm 1147342061 M * owyeah2 how can i use dhcp then? 1147342072 M * daniel_hozac you run it on the host. 1147342090 M * owyeah2 it is.... and i got 1 ip 1147342102 M * owyeah2 (for the host) 1147342117 M * owyeah2 but now i want 1 for the guest :P 1147342121 M * owyeah2 hehe 1147342129 M * daniel_hozac so, get another DHCP address. 1147342159 M * owyeah2 and bind it to? 1147342166 M * daniel_hozac hmm? 1147342205 M * owyeah2 how do I get another IP and how can I pass it to the guest? 1147342243 M * daniel_hozac look in your DHCP client's configuration for the client identifier. 1147342268 M * daniel_hozac and as i said, you probably want to NAT from the DHCP IP address to a private one, in case the DHCP one changes. 1147342315 M * owyeah2 i changed the identifier to root server as suggested somewhere 1147342328 M * owyeah2 idea 1147342374 M * owyeah2 can i get multiple ip adresses to assign to a dummy NIC, via DHCP? and then 1-1 map these to private adresses? 1147342376 M * owyeah2 :D 1147342452 M * daniel_hozac you need to use the real NIC which is connected to the DHCP server... 1147342524 M * owyeah2 hmmm is there any documentation about this procedure? 1147342563 M * daniel_hozac i doubt it. i don't think anyone else is doing it. 1147342601 M * daniel_hozac IIRC Jacques' tools support doing it though. 1147342636 M * owyeah2 hmmmm yes it seems unordinary to not give servers a fixed ip 1147342651 M * owyeah2 but alas I do not manage the IP range here 1147342674 M * owyeah2 but thanks for you help on this 1147342677 M * owyeah2 much appreciated 1147343302 Q * owyeah2 Quit: HydraIRC -> http://www.hydrairc.com <- State of the art IRC 1147343346 J * yarihm ~yarihm@217-162-113-169.dclient.hispeed.ch 1147343575 J * mattr_sf ~matt@p5088447C.dip.t-dialin.net 1147343986 Q * pagano Read error: Connection reset by peer 1147345037 J * coke ~after@201.47.208.155 1147345058 M * coke hello. Any can help me to put tagxid in my partition ? 1147345422 M * daniel_hozac umount ; mount -o tagxid... 1147345500 M * coke under centos? 1147345759 M * coke daniel_hozac, 1147345759 M * coke [root@server yum.repos.d]# umount /dev/hda7 1147345760 M * coke [root@server yum.repos.d]# mount -o tagxid /dev/hda7 1147345760 M * coke mount: /dev/hda7 already mounted or / busy 1147345777 M * daniel_hozac /dev/hda7 is your /? 1147345823 M * coke yes 1147345840 M * daniel_hozac you can't unmount /. 1147345850 M * daniel_hozac and you can't remount it with tagxid. 1147345876 M * daniel_hozac you really don't want to set tagxid on your / filesystem though. 1147345917 M * coke where should i ? 1147345924 M * coke all say: "busy" 1147345952 M * daniel_hozac on /vservers. 1147345973 M * daniel_hozac assuming, of course, that you have a separate filesystem for it. 1147345983 M * coke i dont :P how i do that? 1147345999 M * coke look, when i try create a new vserver 1147346000 M * coke mkdir: cannot create directory `/etc/vservers/.defaults/vdirbase/min-centos4': Read-only file system 1147346004 M * daniel_hozac how do you do what? 1147346029 M * daniel_hozac you probably got your / filesystem remounted ro when you tried to umount it. 1147346045 M * coke ahn :| 1147346047 M * coke how i fix ? 1147346093 M * daniel_hozac assuming it wasn't remounted due to filesystem failure (you checked that, right?), mount -o remount,rw / should do it. 1147346123 M * coke ok, worked. 1147346127 M * coke now i got an error 1147346132 M * coke with vserver build 1147346134 M * coke - 1147346136 M * coke You are using a version of yum which is insecure and broken in chroot 1147346136 M * coke related operations; either apply the patches shipped in the 'contrib/' 1147346136 M * coke directory of util-vserver, or ask the author of yum to apply them 1147346136 M * coke (preferred). 1147346136 M * coke In the meantime, 'vyum' will continue with dirty hacks which might not 1147346136 M * coke work when the vserver is running and local DOS attacks are possible. 1147346136 M * coke Execution will continue in 5 seconds... 1147346172 Q * Zaki Ping timeout: 480 seconds 1147346174 M * daniel_hozac ... did you read it? 1147346188 M * daniel_hozac like, at all? 1147346199 M * coke yes, but i dont know how to apply this patches 1147346201 M * coke what command? 1147346215 M * daniel_hozac patch. 1147346244 M * coke [root@server contrib]# ls 1147346244 M * coke README vlan_2.2-full.patch vlan_2.2-module.patch 1147346246 M * coke is it? 1147346282 M * daniel_hozac umm, no. there are no such files in util-vserver. 1147346310 M * coke it was on /vservers/vps02/usr/share/doc/vconfig-1.8/contrib 1147346325 M * coke I have contrib on my util-vserver source dir 1147346326 M * daniel_hozac and what on earth made you think that is in any way related to it? 1147346331 M * coke is there? 1147346335 M * coke heheh ^^ 1147346346 M * coke I never installed vserver on centos. only on debian 1147346370 M * coke look, i have this files daniel_hozac 1147346370 M * coke [root@server contrib]# ls 1147346370 M * coke -base.list -devel.list Makefile-files manifest.dat.pathsubst yum-2.3.2-chroot.patch 1147346370 M * coke -build.list -legacy.list make-manifest -sysv.list yum-2.3.3-chroot.patch 1147346370 M * coke -core.list -lib.list manifest.dat yum-2.2.1-chroot.patch yum-2.3.4-chroot.patch 1147346469 M * coke daniel_hozac right know? 1147346530 M * daniel_hozac sure. 1147346563 J * Zaki ~Zaki@212.118.96.81 1147346570 M * coke ok, what syntax i should use with patch command? 1147346593 M * daniel_hozac -p1, IIRC. 1147346650 M * coke [root@server contrib]# patch -p1 IIRC 1147346660 M * coke no response. 1147346672 A * daniel_hozac sighs deeply. 1147346700 M * coke sorry but my english is sux :P 1147346772 M * matti ;-p 1147346942 M * coke matti can u help me? ;p 1147348340 M * coke [root@server apps]# /usr/sbin/vserver min-centos4 start 1147348340 M * coke vcontext: vc_create_context(): File exists 1147348343 M * coke what's it ? 1147348377 M * coocoon3 coke: u must delete the vserver u have created before or use the force option 1147348396 M * coocoon3 delete it if it has the same name or context 1147348412 M * coke wasn't o_O 1147348418 M * coke and was created with --force 1147348440 M * coocoon3 coke: does testme.sh work 1147348464 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1147348472 M * coke yes 1147348496 M * coocoon3 and the context id is different 1147348506 M * coke yes 1147348521 M * coocoon3 coke: or wasn't use from another 1147348525 M * coocoon3 vserver 1147348551 M * coke nops :\ 1147348577 M * coke i got this error before 1147348589 M * coke * The configured vshelper '/usr/local/lib/util-vserver/vshelper' does not match the 'vshelper' 1147348590 M * coke script of the util-vserver package 1147348590 M * coke To fix this, you can: 1147348590 M * coke * disable vshelper entirely by executing 1147348590 M * coke | touch "/etc/vservers/.defaults/apps/vshelper/disabled" 1147348591 M * coke ... 1147348658 M * coocoon3 coke: and did u use it in this way 1147348703 Q * id23 Remote host closed the connection 1147348719 M * coke cohan i did touch "/etc/vservers/.defaults/apps/vshelper/disabled" 1147348755 M * coocoon3 coke: what happens then when u start the vserver again 1147348856 M * coke lot of errors 1147348874 M * coocoon3 what shows vserver-stat 1147349062 M * coke shows the server is runnnig.. 1147349071 M * coke but something is wrong.. 1147349086 M * coke when i log into vserver by ssh, i got logged and my session is closed 1147349125 M * coocoon3 coke: vserver foo enter or what 1147349162 M * coke ssh 1147349165 M * coke remote ssh 1147349243 M * coocoon3 coke: have a look here http://linux-vserver.org/HowtoSSHLogin maybe it qwill help 1147349281 M * coke ok thanks 1147349283 J * complexmind ~mark@162.84.2.81.in-addr.arpa 1147349507 M * coke how do i kill a vserver/ 1147349548 M * coocoon3 coke: vkill --xid -s KILL 1147349661 M * coke coocoon3 and 1147349662 M * coke You are using a version of yum which is insecure and broken in chroot 1147349662 M * coke related operations; either apply the patches shipped in the 'contrib/' 1147349662 M * coke directory of util-vserver, or ask the author of yum to apply them 1147349662 M * coke (preferred). 1147349671 M * coke u know what patch command I should use to fix it? 1147349712 M * coocoon3 coke: hm it is not important i think so i got everytiome this message, i do not know i have never thought about it to patch it ;-) 1147349722 M * coke hmm. 1147349722 M * coke ok 1147349732 M * coocoon3 got this message during vserver build 1147349753 M * coke but i have the problem with ssh login 1147349754 M * coke =\ 1147349761 M * coke that url don't help me 1147349771 M * coocoon3 hm have u installed ssh in the vserver 1147349779 M * coke yes. 1147349781 M * coke I can log in 1147349790 M * coke but, when I log in, the server like kills me 1147349821 M * coocoon3 coke: u r host has centos installed right 1147349826 M * coke right 1147349838 M * coocoon3 and the guest is also centos or which distro 1147349848 M * coke centos too 1147349897 M * coocoon3 and the ssh port on the host is set to hostip:22 and the ssh port on the guest is set to another port 1147349909 M * coke is set to another ip . 1147349920 M * coke on host ip1:port on guest ip2:port 1147349923 M * coocoon3 and the port 1147349940 M * coocoon3 ok so it is an internal ip for the guest 1147349941 M * coocoon3 ? 1147349946 M * coke my login is registered on 'last' command on guest. 1147349949 M * coke yes 1147349987 M * coocoon3 and u have use nat to get access to the guest ssh port 1147349993 M * coke no no 1147349998 M * coke what u mean with internal ip ? 1147350012 M * coke the guest have an ip that could be accessed by anyone 1147350064 M * coocoon3 coke: u can use 1.2.3.4 or 192.168.0.88 for the guest to achieve it u must use nat 1147350086 M * coke and how i do this? 1147350101 M * coke but, dude, I can access the server, but it kill me 1147350142 M * coocoon3 coke: but what happens when u login to guest at the console from the host ssh root@foo 1147350167 M * coke kills me 1147350345 M * coocoon3 coke: sorry but i have no idea 1147350368 M * coke :( 1147350401 M * coocoon3 coke: what happens if u enter the vserver 1147350411 M * coke look 1147350419 M * coke every time i finish the vserver build 1147350421 M * coke i got this: 1147350434 M * coke vcontext: vc_create_context(): File exists 1147350434 M * coke An error occured while executing the vserver startup sequence; when 1147350434 M * coke there are no other messages, it is very likely that the init-script 1147350434 M * coke (/etc/rc.d/rc 3) failed. 1147350439 M * coke Common causes are: 1147350440 M * coke * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build 1147350440 M * coke method knows how to deal with this, but on existing installations, 1147350440 M * coke appending 'true' to this file will help. 1147350441 M * coke every time 1147350445 M * coocoon3 paste it her epleasehttp://paste.linux-vserver.org/ 1147350452 M * coke ok 1147350466 M * coocoon3 what happens if u type vserver foo enter 1147350502 M * coke coocoon3 look http://paste.linux-vserver.org/20 1147350528 M * coke and on vserver-stat it shows running, but without host. 1147350529 M * coke 78 1 1.4M 340K 0m00s00 0m00s00 2m19s40 1147350566 M * ntrs Hi all. 1147350583 M * coke hello 1147350590 M * ntrs Is there an easy way to find out which vserver is doing a lot of IO 1147350670 M * coocoon3 coke: i think something went wrong during installation so evrything has been removed after yumming u know this link http://linux-vserver.org/CentOS_HowTo 1147350714 M * coke yes, i did everything following these steps 1147350794 M * coocoon3 if i had this problem i used this switch --keep 1147350825 M * coocoon3 coke. but with installing centos i have never had problems, can u paste testme.sh and vserver.info 1147350845 M * coke yes, hold on 1147350858 M * coke where's vserver.info ? 1147350873 M * coocoon3 vserver-info 1147350885 M * coocoon3 sorry 1147350906 M * coke http://paste.linux-vserver.org/21 1147351203 M * coocoon3 coke: ok no idea, but during yumming there must be shown which progs will be installed and i can't see anything in you output 1147351248 M * coke :/ 1147351252 M * coocoon3 coke: maybe there is the problem 1147351328 M * coke [root@server etc]# vserver srv01 start 1147351328 M * coke Applying Intel Microcode update: FATAL: Could not load /lib/modules/2.6.14.3-vs2.0.1/modules.dep: No such file or directory 1147351328 M * coke MAKEDEV: error making /dev/cpu/microcode: Operation not permitted 1147351351 M * coke coocoon3 look initialization http://paste.linux-vserver.org/22 1147351500 M * coocoon3 coke: ok u have not enabled iptables in the kernel i think so 1147351564 M * coocoon3 coke: hm a lot of services are running 1147351583 M * cehteh coke: the vserver should not try to update the microcode .. but you can just ignore that error 1147351591 M * coke hum 1147351597 M * cehteh (or deinstall the microcode updater) 1147351601 M * coke but, why the server is killing me? 1147351611 M * daniel_hozac a properly created guest should just start syslogd and klogd... 1147351618 M * daniel_hozac (by default) 1147351634 M * cehteh klogd? 1147351637 M * ntrs Is there any IO accounting in the latest stable vserver patches? 1147351649 M * ntrs If not, how can I get some IO accounting? 1147351651 M * daniel_hozac yes, it's started from the same script as syslogd, unfortunately. 1147351678 M * daniel_hozac ntrs: i don't think so... 1147351685 M * cehteh well you can comment that out ... or even let the root server aggregate syslog 1147351707 M * ntrs daniel_hozac, so there is no way to tell which vserver is doing a lot of IO? 1147351738 M * daniel_hozac cehteh: right, but i was referring to by default right after guest creation. 1147351738 M * coke =[ 1147351743 Q * kir Quit: Leaving 1147351775 M * harry daniel_hozac: you caused another kernel release! 1147351778 M * daniel_hozac ntrs: not that i'm aware of. it's possible the cfq stuff could let you do that though. 1147351784 M * daniel_hozac harry: sorry. 1147351795 M * harry no problem... i wont kill you ;) 1147351795 M * cehteh ntrs: the laptop_mode introduced /proc/sys/vm/block_dump to monitor which process does IO ... you can likely abuse that for vservers too 1147351808 M * cehteh besides other tools 1147351810 M * ntrs daniel_hozac, then something must be done about it as soon as possible. 1147351816 M * ntrs cehteh, what other tools? 1147351846 M * ntrs how is block_dump used? 1147351878 M * cehteh there is a note in /usr/src/Documentation/laptop_mode or so 1147351905 M * cehteh basically if you turn it on it sends a log entry for each io operation to syslog .. be careful 1147351947 M * daniel_hozac sounds recursive :) 1147351967 N * Bertl_zZ Bertl 1147351971 M * Bertl morning folks! 1147351976 M * cehteh kernel debugging messages, you probably want to turn off klogd, otherwise 1147351976 M * cehteh the output of block_dump will be logged, causing disk activity that is not 1147351976 M * cehteh normally there. 1147351977 M * coocoon3 hello bertl 1147351978 M * daniel_hozac morning Bertl! 1147351992 M * cehteh .. reading the doc is really recommended 1147351996 M * cehteh hi Bertl 1147352012 M * ntrs Hi Bertl 1147352043 M * coke hello Bertl 1147352068 A * complexmind can't resist... 1147352069 M * ntrs Bertl, is there some way to see which vserver is doing a lot of IO, essentially hogging down the whole host? 1147352071 M * complexmind hi Bertl! 1147352072 M * harry mkay... now... how are we gonna do this... 1147352080 M * harry new kernel, new grsec and new vserver patch 1147352093 M * harry this calls for a new patch :) 1147352115 M * Bertl ntrs: hmm, I did add some kind of I/O accounting but that didn't make it into devel yet 1147352143 M * harry Bertl: are there some bugfixes that i need to be careful about? 1147352145 M * Bertl ntrs: your best bet is to pause the guests for a short time, and see if the excessive I/O stops 1147352147 M * ntrs Oh, can I ask you to put it in devel as soon as possible, of course if it's a safe patch. 1147352149 M * harry that are not in rc19 yet? 1147352171 M * Bertl ntrs: will look at it soon, it's on my todo ... 1147352179 M * ntrs Bertl, OK. 1147352188 M * Bertl ntrs: what patch version and I/O scheduler do you use? 1147352198 M * ntrs the latest kernel/patch with cfq 1147352210 M * Bertl harry: yes, the ongoing lock fixes 1147352215 M * harry aha 1147352218 M * harry diff? 1147352234 M * Bertl ntrs: okay, so you should already have some kind of fair I/O scheduling 1147352250 M * harry we're gonna get our vserver machine down this evening... so i want the new kernel patches, new grsec etc... 1147352258 M * harry best if it's also the new vserver patch ;) 1147352264 M * daniel_hozac http://daniel.hozac.com/vserver/delta-locks-fix03.diff 1147352275 M * daniel_hozac that just fixes the issues, doener is working on cleanups and optimizations. 1147352317 M * Bertl daniel_hozac: did you read the info brc_ provided? 1147352323 M * Bertl s/info/input/ 1147352385 M * Bertl I seriously consider having an option (maybe compile time) to change the remapping behaviour (loopback -> ip) for source addresses, what's your opinion on that? 1147352460 M * daniel_hozac well, ideally the broken software should be fixed :) 1147352488 M * daniel_hozac but yeah, i guess having it as an option makes sense, at least until the lo patch is working. 1147352503 M * Bertl precisely that's the idea 1147352935 M * Bertl ntrs just reported that 2.6.16.16 is out, with the lock fix 1147352940 M * harry hmmm... 1147352943 M * daniel_hozac indeed. 1147352958 M * harry Bertl: does that make daniel_hozac's fix redundant? 1147352969 M * daniel_hozac harry: no, my fix is to the vserver code. 1147352993 M * harry yes, i know, but it hasn't got anything to do with the kernel fix then? 1147352994 M * ntrs I will try to patch 2.0.2-rc19 against it 1147353017 M * harry damn.. 1147353033 M * harry need diff stuff! 1147353062 M * Bertl we will roll out an rc20 pretty soon 1147353110 M * Bertl daniel_hozac: care to give an overview what we are missing in rc19 (not considering the planned uts modificiations) 1147353126 M * Bertl so that I can check for it 1147353127 M * harry Bertl: i've got a maintenance window this evening 1147353130 M * harry so i need it now ;) 1147353156 M * Bertl just start with rc19 and use a delta later 1147353170 M * harry we're still using the rc18 1147353173 M * daniel_hozac the uts fixes (i.e. not the restructuring), and the locks fix? 1147353180 M * harry so actually, i need a diff from rc18 to rc19 ;) 1147353187 M * Bertl okay, urls for the latest versions? 1147353194 M * daniel_hozac http://daniel.hozac.com/vserver/delta-locks-fix03.diff 1147353201 M * daniel_hozac http://daniel.hozac.com/vserver/delta-utsname-fix01s.diff 1147353203 M * daniel_hozac http://daniel.hozac.com/vserver/delta-utsname-fix01d.diff 1147353216 M * Bertl excellent! tx! 1147353222 M * daniel_hozac (the one with the unwanted .orig :)) 1147353326 M * harry does anyone still have the diff from rc18 to rc19 ? 1147353340 M * harry someone in here had it... ;) 1147353347 M * daniel_hozac http://daniel.hozac.com/vserver/delta-2.0.2-rc18-rc19.diff http://daniel.hozac.com/vserver/delta-2.1.1-rc18-rc19.diff 1147353351 M * harry tnx 1147353986 Q * coke Quit: 1147354034 J * azazel ~azazel@81-174-45-117.f5.ngi.it 1147354058 M * harry hmmm... manual patching kinda sucks... :s 1147354080 Q * sam_ Quit: BitchX-1.1-final -- just do it. 1147354259 Q * yarihm Quit: Leaving 1147354282 M * ntrs If I patch 2.6.16.16 with 2.0.2-rc19 the only problem is with the locks.c file of course. Now, diff reports this: 1147354327 M * ntrs patching file fs/locks.c 1147354327 M * ntrs Hunk #6 succeeded at 469 with fuzz 2 (offset -1 lines). 1147354327 M * ntrs Hunk #7 succeeded at 792 (offset 3 lines). 1147354327 M * ntrs Hunk #8 succeeded at 797 (offset -1 lines). 1147354329 M * ntrs Hunk #9 succeeded at 990 (offset 3 lines). 1147354330 M * ntrs Hunk #10 succeeded at 1003 (offset -1 lines). 1147354334 M * ntrs Hunk #11 succeeded at 1080 (offset 3 lines). 1147354336 M * ntrs Hunk #13 succeeded at 1698 (offset 3 lines). 1147354338 M * ntrs Hunk #15 succeeded at 1847 (offset 3 lines). 1147354355 M * ntrs does the fuzz refer to line 469 in the .orig file or the final (patched) file? 1147354413 M * harry ntrs: i made a diff from 2.6.16.13-grsec with the grsec+vserver 1147354423 M * harry 2.0.2-rc18 1147354433 M * harry to a 2.6.16.16 with new grsec 1147354443 M * harry and now patching to vserver 2.0.2-rc19 1147354450 M * harry kinda... sucky work :) 1147354457 M * ntrs I am not sure how it is relevant to my question? 1147354490 M * daniel_hozac ntrs: it refers to the lease_alloc function. 1147354510 M * ntrs I know that but line 469 in the .orig file is just a comment. 1147354523 M * Bertl the line 469 hunk is fine 1147354542 M * ntrs I see. So it should be ok to use that patch. 1147354550 M * ntrs 2.0.2-rc19 1147354605 M * ntrs ? 1147354629 M * Bertl together with the lock-fix, yes 1147354696 M * ntrs the lock fix in the kernel? 1147354705 M * Bertl http://daniel.hozac.com/vserver/delta-locks-fix03.diff 1147354722 M * ntrs Oh, so I need to add that one too? 1147354742 M * ntrs Any other one that is important, that will probably make it into rc20? 1147354949 J * Pazzo ~Pazzo@adsl136-175.aknet.it 1147354962 M * Pazzo hi @all 1147354996 M * Bertl welcome Pazzo! 1147354996 M * daniel_hozac hello 1147355004 M * harry daniel_hozac: that delta-locks thing is the only thing that has to be done? 1147355029 M * daniel_hozac to fix the lease accounting, yes. 1147355049 M * daniel_hozac (and avoid a potential oops, but i doubt that case is ever encountered) 1147355062 M * Pazzo hi Bertl, daniel_hozac! 1147355076 M * harry daniel_hozac: mkay tnx! 1147355082 M * harry so... how do i call this patch??? ;) 1147355141 M * Pazzo Bertl: I'm sitting in a classroom as some kind of "teacher", and after suffering by doing my linux lessions for some time we are playing around with linux-vserver since yesterday :-) 1147355163 M * Bertl great! 1147355179 M * Bertl any new things (features/bugs/whatever) you encountered? 1147355212 M * Pazzo Bertl: trouble with ubuntu's util-vserver 1147355244 M * ray6 reee bertl 1147355250 M * Bertl Pazzo: ah, well, that's not unusual ... but I guess they will iron out the issues soon 1147355254 M * Pazzo debootstrap method leaves 2 active mountpoints, vserver build fails 1147355257 M * Bertl ray6: hey ray! 1147355273 M * Pazzo I "patched" the script by adding two short umount lines 1147355282 M * ray6 bertl: i'm in the krenn presentation just now 1147355296 M * Bertl ray6: ah, great! what do they show? 1147355351 M * Pazzo Bertl: we are still using Breezy as I didn't find enough time to sync a Dapper mirror to this classroom's server - but we are using util-vserver from dapper as there is still 0.30.208 in breezy 1147355371 M * ray6 they showed just slides in the presentation, no live demo, but they told me virtuozzo is the best! 1147355376 M * Pazzo an hour ago we started putting vservers on drbd :-) 1147355386 M * Bertl ray6: ah, of course :) 1147355397 M * ray6 and it can zero downtime migrate... but they dont use that :))) 1147355408 M * Bertl Pazzo: cool! 1147355410 M * Bertl ray6: lol! 1147355420 M * ray6 so even a maintenance failover reoots all VMs 1147355430 M * Bertl LOL! 1147355443 M * Pazzo trouble by compiling it, as there is no drbd source compiling with 2.6.16, neither on breezy nor on dapper - so I got 0.7.18 from debian SID 1147355445 M * ray6 but they thought they could do that in the future :) 1147355469 M * Pazzo in 5 minutes we'll go on by configuring it to run our first vservers on drdb 1147355481 M * Pazzo s/drdb/drbd/ 1147355489 M * ray6 a drbd developer is here... new drbd can write on both nodes, could use that for xen migration :) 1147355512 M * Pazzo Bertl: googling I found a really short discussion between you and someone else about openssi & vserver 1147355513 M * Bertl ray6: who? 1147355536 M * harry http://ludit.kuleuven.be/software/vserver/ 1147355537 M * Bertl Pazzo: yep? 1147355556 M * ray6 bertl: ah ask me names... one of the two employed at linbit 1147355557 M * harry this is the latest and greatest then??? rc19 with lockfile fix? 1147355573 M * Pazzo Bertl: "Somebody: is it possible? Bertl: Should be, still doesn't work" 1147355646 M * Pazzo Bertl: Is there already a way to try something like this? would be great! beneath NGN (is there something new to try out?) moving running vservers from one host to another one would be great 1147355662 M * Pazzo s/great/REALLY great/ 1147355681 M * Pazzo it's the only killing-feature I'm missing :o) 1147355808 M * ray6 pazzo: run vservers under xen :) 1147355944 M * Bertl Pazzo: no good reason to complicate Linux-VServer with migration 1147355974 M * eyck hmm, 1147355983 M * eyck migration would be a killer feature 1147355984 M * Bertl Pazzo: what will work is software suspend (which could be used for migration) 1147356003 M * Pazzo Bertl: I wouldn't complicate Linux-VServer - but what about making OpenSSI xid-aware? 1147356007 M * Bertl Pazzo: and almost-live migration with xen 1147356031 M * Pazzo hi eyck! 1147356034 M * Bertl Pazzo: OpenSSI is a different approach which I'm interested in 1147356052 M * Pazzo Bertl: software suspend sounds cool! 1147356054 M * Bertl eyck: it's a marketing feature 1147356076 M * eyck hmm, not really 1147356109 M * eyck well, unless you call things like RAID or virtualisation a 'marketing feature' 1147356133 M * eyck oh well, we will wait untill you grow to see a need for such things.. 1147356174 M * ray6 :) 1147356195 M * eyck hi Pazzo! 1147356294 M * Bertl eyck: feel free to start your own branch of Linux-VServer with live migration :) 1147356363 M * eyck I don't like publicity, I would need a frontman 1147356479 M * Pazzo Bertl: would "live migration" meen deep and large changes to linux-vserver / linux-kernel? 1147356487 M * Pazzo s/mee/mean/ 1147356537 M * Bertl yes, especially we would need to give up certain isolations and replace them with full virtualizations 1147356550 M * Bertl which in turn means adding overhead 1147356582 M * Bertl besides that, it will be very fragile regarding migration between different systems 1147356636 M * Bertl and last but not least, it's neither suited for failover nor load balancing 1147356639 M * Pazzo ack 1147356660 M * Bertl the OpenSSI direction is more what I'm aiming for 1147356678 M * Pazzo I guess virtuozzo is VERY "intrusive", is it? 1147356690 M * Bertl and btw, we will get checkpointing in mainline sooner or later 1147356702 M * azazel mmm... what's openSSI? 1147356714 M * Pazzo how do they do "ZERO-DOWNTIME-MIGRATION"? 1147356728 M * Bertl (which is actually what SWsoft calls 'zero-downtime') 1147356816 J * sam_ ~sam@ip-66-254-43-49.mqdsl.megaquebec.net 1147356816 M * Bertl Pazzo: simple, by not counting the time after stopping processes, writing the data to disk, rsyncing it over, and restarting them there 1147356827 M * sam_ hola 1147356827 M * cehteh Bertl: do you think the linux swsuspend code could be abused for that (freezing process groups) 1147356848 M * Bertl cehteh: sure, and for maintainance, you could really make use of that 1147356871 M * cehteh well and i would definitlely like if a stopped process could be forced to completely swapped out 1147356894 M * cehteh actually thats done lazy and not complete 1147356901 M * cehteh (or?) 1147356908 M * Bertl that will happen by default, except for locked pages and kernel memory 1147356929 M * cehteh note the 'forced' 1147357048 M * Bertl what would be the point in 'forcing' swap behaviour? 1147357140 M * cehteh if i stop a process i usually do that in the hope that some other programs have less latency .. but if it swaps lazily out then i get delays 1147357160 M * cehteh means prepared STOP before i start some computation which should complete fast 1147357187 M * cehteh so the forced is not meant as default but rather explicit 1147357206 M * cehteh kill -STOP %1; swapout %1; ... i would wish 1147357210 M * Bertl you could increase the swapiness 1147357245 M * cehteh $ cat /proc/sys/vm/swappiness 1147357246 M * cehteh 100 1147357248 M * cehteh :P 1147357289 M * cehteh well its only a wish .. i can live without it 1147357329 M * cehteh the high swappiness has the drawback that active processes get swapped out too ... 1147357345 M * cehteh so its not really a substitute 1147357360 J * doener ~doener@i5387D0C8.versanet.de 1147357372 M * cehteh and i dont know if a stopped process has priority when swapping out 1147357384 M * cehteh besides the normal page-ageing 1147357405 M * Bertl morning doener! 1147357425 M * doener morning folks 1147357434 M * cehteh na doener :) 1147357491 M * sam_ there is something special to do if i want to get vsched work? 1147357539 M * sam_ I tried some value, but cpuhog still consume 99% of my cpu 1147357669 M * azazel sam_: do you have compiled hard cpu limits? 1147357737 M * Bertl sam_: you also have to enable sched_hard for that guest 1147357765 M * sam_ azazel: yes 1147357768 M * sam_ Bertl: no 1147357773 M * sam_ in the flags file? 1147357791 M * Bertl yep or with vattribute 1147357805 M * azazel oh, i forgot that :) 1147357901 M * sam_ wow bertl, thanks for the 476th times... 1147357917 M * Bertl you're welcome! :) 1147358035 Q * mattr_sf Quit: Leaving 1147358434 Q * sam_ Quit: My damn controlling terminal disappeared! 1147358475 M * Bertl cehteh: should not be too hard to force a swap-out of a process' pages 1147358583 M * cehteh Bertl: from kernelspace? .. likely not, but from userspace you cant controll which processes pages get swapped out 1147358630 M * Bertl well, if you want to sponsor such a kernel development, I'm pretty sure somebody here might be interested to work on that 1147358644 M * Bertl (or alternatively you can start hacking the kernel a little) 1147358645 M * cehteh just prefer pages from stopped processes when doing a swap-out round ... 1147358667 M * Bertl that's actually more complicated, as there is no direct mapping from page to process 1147358683 M * cehteh yeah maybe i do that some day .. actually i think that would be a nice feature, but very optional and no urge for it 1147358730 M * cehteh mhm 1147358765 J * kir ~kir@swsoft-mipt-nat.sw.ru 1147358771 M * Bertl wb kir! 1147358775 M * ray6 hi kir :) 1147358801 M * kir hey Bertl, ray6 1147359207 M * Pazzo Bertl: they are REALLY struggling with all kind of drbd errors hehehe 1147359212 M * Pazzo :-) 1147359230 M * azazel they...who? 1147359250 M * Pazzo azazel: my students ;-) 1147359258 M * Pazzo (-> scroll up) 1147359287 Q * s0undt3ch Ping timeout: 480 seconds 1147359818 J * Oli ~skycode@212.224.238.51 1147360170 M * Bertl welcome Oli! 1147360180 M * Bertl Pazzo: yeah, drbd isn't that simple ... 1147360422 M * kir Thomas Krenn did a presentation on Linux Tag of their failover technology using Virtuozzo and DRBD and heartbeat 1147360435 M * kir unfortunately I was not able to see it 1147360458 M * kir this is the URL: http://www.linuxtag.org/2006/en/besucher/programm/freies-vortragsprogramm/samstag.html?talkid=306 1147360605 M * Bertl kir: we did one too, with Linux-VServer drbd and heartbeat :) 1147360664 M * mnemoc what about keepalived? 1147360680 M * Bertl kir: but unfortunately you wasn't able to see that either ... 1147360753 Q * MrX Ping timeout: 480 seconds 1147360931 M * kir Bertl, was it during your workshop? 1147361043 M * [PUPPETS]Gonzo hi Kir :) 1147361181 Q * shedi Quit: Leaving 1147361235 M * Pazzo Bertl: most of the drbd's are up and running (we also have had to create a new breeze package for drbd-utils out of SID's sources), but no time left to try out vserver & heartbeat on them. we'll do so tomorrow, cya! 1147361313 Q * Pazzo Quit: ... 1147361528 Q * cehteh Ping timeout: 480 seconds 1147361631 M * Bertl kir: no, at the booth 1147361658 M * sid3wind1 a breezer package! 1147361842 M * [PUPPETS]Gonzo Kir: The Servers in the 19" rack 1147361846 Q * wenchien Quit: Terminated with extreme prejudice - dircproxy 1.0.5 1147361868 J * jesse_ ~wenchien@221-169-69-23.adsl.static.seed.net.tw 1147361902 M * kir [PUPPETS]Gonzo, oh I see 1147361925 N * jesse_ wenchien 1147361928 M * kir [PUPPETS]Gonzo, hi :) 1147361960 M * [PUPPETS]Gonzo :) 1147362355 J * cehteh foobar@cehteh.homeunix.org 1147362491 M * Bertl hey wenchien! 1147362515 M * wenchien hi Bertl!! :-) 1147362754 J * s0undt3ch ~s0undt3ch@bl7-245-141.dsl.telepac.pt 1147363024 Q * sladen Ping timeout: 480 seconds 1147363262 J * sladen paul@starsky.19inch.net 1147363361 J * MrX ~urk@219.95.6.76 1147364266 M * ray6 reee 1147364344 J * bonbons ~bonbons@83.222.38.81 1147364348 Q * s0undt3ch Quit: leaving 1147364419 J * Viper0482 ~Viper0482@p5497754C.dip.t-dialin.net 1147364483 J * ben_ ~Lukas@88.134.54.56 1147364507 M * ben_ hello! 1147364560 M * daniel_hozac hi 1147365372 M * Bertl hey ben_! 1147365495 M * ben_ I get open just one hate about trac... 1147365545 M * ben_ Webinterface and realease lasts only so long because nobody up to now opensource managenet software it has built is first-class... 1147365775 M * ben_ Does nobody know open source status tool for open source devl what one can need? 1147365793 M * Bertl what kind of tool do you ahve in mind? 1147365802 A * doener loves trac 1147365896 M * ben_ Based on php / mysql something so like trac, but just no python and no sqlite 1147365931 M * doener what's wrong with python and sqlite? trac works and that's what counts 1147365934 J * renegade_ ~renegade@dslb-088-073-131-166.pools.arcor-ip.net 1147365961 P * renegade_ 1147366023 J * bakchos666 ~renegade@dslb-088-073-131-166.pools.arcor-ip.net 1147366082 M * bakchos666 hi anyone can help me with linux-vserver? 1147366117 M * doener I guess that's one of the main purposes of this channel ;) 1147366172 M * bakchos666 i have installed vserver in debian etch, works fine i can ping it from local hosts 1147366199 M * Bertl hmm, yes? 1147366204 M * bakchos666 i have 2 machines 1 for firewall and one for workstation 1147366226 M * bakchos666 i one guest i installed a game called netpanzer 1147366249 M * bakchos666 anyone can join the game server from internet 1147366265 M * bakchos666 but ican not from my own workstation 1147366297 M * bakchos666 i can from the firewall machine but not my other pc 1147366307 M * bakchos666 ping works fine 1147366325 M * bakchos666 questions? 1147366553 M * bakchos666 has to do i guess with routing but i am not a network expert, i use firestarter to handle internet connection sharing between my hosts 1147366645 M * bakchos666 i use the /etc/hosts for my domains 1147366721 M * doener so you have the vservers on the workstation, and in one of them runs netpanzer, right? 1147366744 M * bakchos666 vserver is located in firewall host 1147366747 M * doener does the vserver have a public ip address or are there iptables rules in action? 1147366770 M * bakchos666 vserver has only loca ip 1147366781 M * bakchos666 192.168.1.10 1147366800 M * doener and the local client tries to connect to that ip address? 1147366807 M * bakchos666 yes 1147366817 M * bakchos666 works from firewall host 1147366826 M * bakchos666 but not the other local host 1147366835 M * bakchos666 funny 1147366878 M * doener ok, but the netpanzer server is running in that vserver on the firewall host, right? 1147366894 M * bakchos666 yes inside a vvserver guest 1147366927 M * trash if you can ping the server where netzpanzer is running it probably ain't a routing issue. perhaps more like a firewall issue. 1147366934 M * doener ok, the workstation also has an ip address from that subnet? 1147366956 M * bakchos666 yes workstation ip 192.168.0.11 1147366981 M * bakchos666 netpanzer server port 3040 1147366995 M * doener so .1.10 and .0.10? 1147367003 M * doener ehrm, .0.11 1147367013 M * bakchos666 yes 1147367039 M * bakchos666 should be 0.10 0.11? 1147367045 M * trash depends on what your netmask is. 1147367089 M * doener should be fine, was just a bit unexpected ;) 1147367128 M * doener ok, could you make your iptables rules available? ( http://paste.linux-vserver.org ) 1147367179 M * bakchos666 i use firestarter no iptables directly 1147367214 M * doener well, I assume it generates iptables rules, right? 1147367235 M * doener you can list the active rules using: iptables -L 1147367246 M * doener iptables -t nat -L is probably also interesting 1147367261 M * bakchos666 ok wait 1147367553 M * bakchos666 done 1147367643 N * otaku42 otaku42_away 1147367707 M * TrueLight Hi! Inside a VPS the amount of logged in users is wrong... any ideas how that is possible? 1147367739 M * doener bakchos666: heh :) you usually provide the url(s) to your pastes, but I've found them anyway 1147367776 M * bakchos666 sorry i am newbie here 1147367847 M * doener it's valid for any irc channel where you provide pastes, so just remember it for the future :) 1147367856 M * bakchos666 ok thanks 1147367894 M * doener TrueLight: IIRC logged in users are stored in /var/run/utmp, so that file probably just didn't get cleaned up for some reason 1147367965 M * TrueLight doener: it ispretty much empty inside the VPS, any idea what can cuase that? 1147368108 M * doener no, sorry... If it was too big (ie. too many users shown as being logged in) I might have an idea where to look, but for it being too empty, I can't come up with anything 1147368134 M * Bertl maybe missing permissions for the pam session or so? 1147368184 M * doener bakchos666: could you start "tcpdump port 3040" on the firewall host, try to connect from your workstation and then provide the output of tcpdump? 1147368211 M * bakchos666 doener: ok i try 1147368397 Q * sladen Ping timeout: 480 seconds 1147368426 M * bakchos666 doener : tcpdump port 3040 1147368435 M * bakchos666 doener : listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 1147368443 M * doener that's all? 1147368447 M * bakchos666 doener : nothing happens 1147368495 M * bakchos666 doener : i run netpanzer -b 192.168.1.10:3040 as a bot but crashes 1147368509 M * doener eth0 is the right interface? ie. the one the workstation is connected to? 1147368534 M * bakchos666 eth0 is external eth1 is internal 1147368568 M * doener ok, then change that to: tcpdump -i eth1 port 3040 1147368577 M * bakchos666 ok 1147368654 J * sladen paul@starsky.19inch.net 1147368668 M * bakchos666 its works now i will paste it again at paste.linux-vserver.org 1147368685 M * bakchos666 doener : what url to use? 1147368797 M * doener to tell us? the one that is in your browsers address bar after sending the paste 1147368821 M * bakchos666 ok done 1147368841 Q * coocoon3 Quit: KVIrc 3.2.0 'Realia' 1147368845 M * bakchos666 doener : http://paste.linux-vserver.org/25 1147368863 M * doener hm, should be /26 actually 1147368881 M * bakchos666 ahhh, sorry 1147368952 M * doener ok, we don't get any reply sent to the client... let's check those rules once again (I didn't spot anything obvious on the first try) 1147368970 M * doener q:Quit d:Del u:Undel s:Save m:Mail r:Reply g:Group ?:Help 707 r + May 09 Thomas Promny / ( 22) Cronjob löschen 1147368977 M * doener oops 1147368986 J * shedi ~siggi@inferno.lhi.is 1147369044 M * doener phew... I few lines later in that xterm is sensitive information... guess I'm lucky today... 1147369103 M * daniel_hozac hehe. 1147369159 M * doener hm, well... the replies probably won't leave on port 3040, so my above conclusion is stupid... 1147369208 M * daniel_hozac doesn't port 3040 mean source or destination? shouldn't the reply come from source port 3040? 1147369219 J * anarcat ~anarcat@H144.C72.B0.tor.eicat.ca 1147369227 M * anarcat hey micah 1147369239 M * doener Bertl: there's a masquerade rule for all connections in bakchos666's setup... I guess that could cause trouble and should be limited to eth0 (external interface)? 1147369271 M * doener daniel_hozac: hm, I'd expect it to open a second port for outgoing traffic as multiple clients may connect 1147369273 M * daniel_hozac doener: it probably is. 1147369296 M * daniel_hozac doener: several clients can connect to the same port... 1147369304 M * bakchos666 port 3040 is where all players connect 1147369320 M * bakchos666 from internet works fine 1147369337 M * daniel_hozac doener: interfaces aren't shown without -v 1147369361 M * bakchos666 ?? 1147369405 M * doener daniel_hozac: ehrm, right... 1147369713 M * doener bakchos666: please re-do the iptables pastes with -v added to the options ( daniel_hozac: anything else that I missed? ) 1147369716 P * anarcat ciao 1147369732 M * bakchos666 doener : ok 1147369877 M * Bertl depending on the kernel version, MASQ rules might be applied to local traffic 1147369930 M * doener it's not local traffic in this case, vserver running the server is on one box, client is on the other 1147369976 M * bakchos666 doener : could you give me the complete command? 1147369980 M * doener daniel_hozac: regarding the ports stuff... when you listen() on a socket, each time you accept() a new socket for that client is created which will use a different port... at least that's the only mode of operation I'm aware of 1147369986 M * bakchos666 i got iptables v1.3.3: no command specified 1147369996 M * doener bakchos666: iptables -t nat -v -L 1147370023 M * daniel_hozac doener: since when does accept() open a new _connection_? 1147370074 M * bakchos666 ok done http://paste.linux-vserver.org/27 1147370123 M * Bertl doener: locally generated traffic that is 1147370161 M * doener Bertl: ah, right, confused that... will probably never understand/remember how masq works 1147370175 M * harry haha... pastebin from vserver for vserver 1147370226 M * doener ok, so masq is for ppp0 only 1147370312 M * bakchos666 doener : need masq for eth0 or eth1 ? 1147370316 M * doener no 1147370338 M * doener i thought the rule was for all interfaces and that that would cause trouble 1147370351 M * bakchos666 ah ok :-) 1147370432 M * Bertl for clarification: the idea behind 'masquerading' is, that if you change the ip for some service inside your lan (to some public IP for example) it might happen that the port the original machine uses/used is already taken on your host, so you have to 'remap' not only the IP, but also do that on a port aware basis 1147370437 J * ub ~ub@p5484C0E9.dip0.t-ipconnect.de 1147370468 M * Bertl this, of course, is not required for connections which are originating from the same host, as it will not use an already used port (per definition) 1147370472 M * Bertl welcome ub! 1147370479 Q * Oli Quit: Oli 1147370583 M * ub Hello everybody, hi Bertl. I'm new, just testing IRC and lurking into your interesting projects channel :-) 1147370689 M * Bertl ub: feel free to lurk and hang around, and if you like, ask questions :) 1147370757 M * doener daniel_hozac: ok, not my day... definitely... you are right... 1147370792 M * doener I had mixed up local and foreign address in netstat output... 1147370796 M * ub Bertl: Thanks. Although I use linux-vserver on an AMD X2 I have no questions in the moment. The only thing I want to say is: thank you for that great piece of software! 1147370818 M * Bertl thanks for the flowers! and, you're welcome! 1147370827 J * lilalinux ~plasma@dslb-084-058-198-212.pools.arcor-ip.net 1147370913 M * doener Bertl: any idea what's the problem on bakchos666 setup? I'm out of (bad) ideas 1147370956 M * Bertl no, as I haven't looked into it yet, just picked up the masq vs net 1147370974 M * Bertl short overview what the issue is? 1147371061 M * doener two boxes "firewall" and "workstation". A vserver on "firewall" is running a netpanzer server. Users can connect from the internet, from "firewall", but not from "workstation" 1147371062 M * bakchos666 I have a gameserver inside a vserver guest and i can not connect it from my lan 1147371163 M * daniel_hozac how are you connecting to it? DNS or private IP address? 1147371172 M * Bertl so, basically network access works, but not lan access? 1147371172 M * bakchos666 private ip 1147371205 M * Bertl the game server uses some udp/tcp mix I presume? 1147371230 M * bakchos666 yes tcp and or upd 1147371242 M * Bertl the guest on the firewall has two ips assigned? 1147371257 M * bakchos666 only 1 eth0 1147371265 M * Bertl a public or a private one? 1147371271 M * bakchos666 private 1147371284 M * Bertl and this private ip is in your lan, yes? 1147371291 M * bakchos666 yes 1147371310 M * Bertl nevertheless public ips can connect to your gameserver in this guest, yes? 1147371320 M * bakchos666 yes 1147371332 M * daniel_hozac can your guest ping the workstation? 1147371334 M * Bertl because of a masquerading rule and dialup/whatever over ppp? 1147371347 M * bakchos666 ping yes work fine 1147371361 M * bakchos666 both sides 1147371408 M * bakchos666 maybe has to do with gameserver and not vserver itsself 1147371418 M * Bertl okay, is it possible to have no 'active' connections on that server? 1147371443 M * Bertl i.e. is it a problem to test with 0 connections to the gameserver? 1147371443 M * bakchos666 which server, the vserver? 1147371481 M * Bertl what I'd like to do is the following: 1147371497 M * Bertl start a tcpdump -vvnei eth0 on the firewall 1147371514 M * Bertl then try to connect via the lan, and watch the packets 1147371516 M * daniel_hozac eth0 is the external interface. 1147371524 M * Bertl okay, then eth1 1147371551 M * bakchos666 ok then 1147371612 M * bakchos666 connect from firewall host, same box? 1147371640 M * Bertl connect from your client in the lan 1147371652 M * Bertl (workstation) to the firewall gameserver 1147371657 M * bakchos666 ok wait 1147371936 M * bakchos666 first : my server is listed at http://netpanzer.n-d-m.net/index.php, name is Thermopylae 1147372022 M * bakchos666 second : http://paste.linux-vserver.org/28 1147372078 M * Bertl what is the netmask of your local lan? 1147372112 M * bakchos666 firewall box? 1147372121 M * Bertl yes, there and on the workstation 1147372190 M * bakchos666 netmask 255.255.255.0 both 1147372211 M * Bertl 192.168.0.11 192.168.1.10 1147372220 M * Bertl those are different networks then 1147372232 M * bakchos666 right 1147372242 M * bakchos666 i change ip 1147372246 M * Bertl so how should this work? 1147372269 M * bakchos666 so its a logical problem? right 1147372281 M * bakchos666 my fault, right? 1147372319 M * Bertl probably, try to use 192.168.0.10 or 192.168.1.11 1147372330 M * bakchos666 ok wait 1147372500 J * id23 ~id@p54A023F0.dip0.t-ipconnect.de 1147372505 M * Bertl welcome id23! 1147372514 M * id23 grützi Bertl 1147372518 M * id23 hi #vserver 1147372586 M * id23 no -rc20 ? ;) 1147372603 M * Bertl patience ... will be there soon 1147372613 M * id23 just kidding 1147373197 Q * bakchos666 Ping timeout: 480 seconds 1147373560 M * Bertl doener, daniel_hozac, brc_: http://vserver.13thfloor.at/Experimental/delta-saddr-fix01.diff 1147373570 M * Bertl let me know what you think about it ... 1147373754 M * Bertl network tests only show this difference inside a guest 1147373756 M * Bertl -T_1101 [0] *local* L 192.168.0.2:1101 * *:0 [ *] |NC TIMEOUT 1147373760 M * Bertl +T_1101 [0] *local* B *local*:1101 *- *local*:1101 [ *] |EADDRNOTAVAIL 1147373763 M * Bertl -T_1101 [l] *local* B *local*:1101 *- *local*:1101 [ *] |EADDRNOTAVAIL 1147373766 M * Bertl +T_1101 [l] *local* L 192.168.0.2:1101 * *:0 [ *] |NC TIMEOUT 1147373838 J * bakchos666 ~renegade@dslb-088-073-146-047.pools.arcor-ip.net 1147373853 J * rebel666 ~renegade@dslb-088-073-146-047.pools.arcor-ip.net 1147373860 M * Bertl wb bakchos666! 1147374007 M * daniel_hozac looks sane. 1147374022 M * rebel666 i have some network problems with workstation, sorry for delay 1147374029 M * Bertl np 1147374577 Q * rebel666 Ping timeout: 480 seconds 1147374577 Q * bakchos666 Ping timeout: 480 seconds 1147374753 M * ub I read some info regarding routing between vservers - but at the end I was confused. I think some information was inconsistent (for me). What should I read if I want to use iptables (read: shorewall) on the host to handle traffic from/to two (local but distinct) ethernets with several vservers bound to one or the other NIC? 1147374862 M * Bertl all routing happens on the host, the only changes to normal linux networking are: binds to ANY_ADDR (0.0.0.0) are limited to the guest IPs, connects and packets to 127.0.0.1 are remapped to the first guest IP, routing lookup with saddrs of 0.0.0.0 will be remapped to the first IP too 1147374884 M * Bertl everything else is completely unchanged 1147375149 M * ub Thanks for the answer. I think I have to read a little bit more documentation... 1147375216 J * bakchos666 ~renegade@dslb-088-073-140-118.pools.arcor-ip.net 1147375229 M * ub I will try to set up shorewall an see what traffic is acting as expected by me ;-) 1147375233 J * rebel666 ~renegade@dslb-088-073-140-118.pools.arcor-ip.net 1147375309 M * Bertl ub: depending on the kernel version, the only relevant parts are: MASQ does not work for locally originating traffic (except for very recent kernels) and do not assume that guest to guest traffic passes the FORWARD chain 1147375491 Q * locksy Ping timeout: 480 seconds 1147375535 M * ub Bertl: Fine. My kernel is 2.6.16-1-vserver-amd64-k8. 1147375546 M * ub If it does not pass FORWARD - do have a chance to control the traffic by other chains? 1147375583 M * Bertl yes, traffic between guests will pass on the loopback interface coming from OUTPUT and passing INPUT 1147375654 J * redcoder666 ~renegade@dslb-088-073-042-226.pools.arcor-ip.net 1147375683 M * ub Okay, that gives me some oportunities. Thanks. 1147375717 Q * rebel666 Ping timeout: 480 seconds 1147375717 Q * bakchos666 Ping timeout: 480 seconds 1147376036 T * Bertl http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc20 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;)' 1147376041 M * Bertl *rc20 1147377235 M * id23 =) 1147378199 Q * redcoder666 Quit: Leaving 1147378242 J * bakchos666 ~renegade@dslb-088-073-042-226.pools.arcor-ip.net 1147378333 M * bakchos666 Bertl: Hi, the same problem persists even after changing iip address 1147378372 M * Bertl could you do the tcpdump once again? 1147378378 M * bakchos666 sure 1147378393 M * Bertl and could you also check that the server (config?) allows private ips? 1147378477 Q * ub Remote host closed the connection 1147378639 M * bakchos666 Bertl: http://paste.linux-vserver.org/29 , server config allows private ips? i am not sure i understand the questiion 1147378689 M * Bertl well, it might just be that, for sanity reasons, the configuration of your game server does not allow private ips (192.168.x.x) to connect ... 1147378790 M * bakchos666 configuration of gameserver is the same as before, without linux-vserver worked from my workstation, i could connect 1147378811 M * Bertl okay 1147378858 M * Bertl 22:13:46.506894 IP alien.1147 > localhost.3040: S 2664488118:2664488118(0) win 65535 1147378861 M * Bertl alien? 1147378879 M * bakchos666 the name of my workstation 1147378914 M * Bertl aha, and your server is called localhost? 1147378929 M * bakchos666 no atlantis 1147378957 M * Bertl try again with -vvnei eth1 1147378965 M * Bertl and do not limit to the port 1147378975 M * Bertl we are interesting in icmp messages too 1147378983 M * bakchos666 ok 1147379104 M * bakchos666 Bertl: http://paste.linux-vserver.org/30 1147379124 M * bakchos666 icmp is also allowed from firewall 1147379149 M * Bertl yes, but your tcpdump doesn't capture it 1147379157 M * Bertl try with the following line: 1147379170 M * Bertl tcpdump -vvnei eth1 1147379175 M * Bertl avoid the port part 1147379184 M * bakchos666 ok 1147379199 M * Bertl make sure that you do not have too much traffic on that interface 1147379241 M * bakchos666 does not work without eth1 part 1147379253 M * Bertl tcpdump -vvnei eth1 1147379466 M * bakchos666 http://paste.linux-vserver.org/31 1147379546 M * bakchos666 traffic? well the gameserver is on with some players from internet 1147379590 M * bakchos666 i can make the gameserver only privat if you like 1147379593 M * Bertl no 1147379616 M * Bertl it looks like the packet from your workstation is silently dropped by some of your firewall rules 1147379635 M * Bertl let's check that with a simple tool, netcat 1147379656 M * Bertl maybe it's already installed, probably called nc 1147379660 M * bakchos666 if it is a firewall problem i will try shorewall and not firestarter 1147379677 M * bakchos666 nc ? what is that? 1147379692 M * Bertl the tool, netcat, is usually called nc (as binary) 1147379709 M * Bertl your workstation is linux too? 1147379737 M * bakchos666 both, linux, windows xp dualboot 1147379751 M * bakchos666 right now winxp 1147379753 M * Bertl okay, let's install the netcat (nc) if it isn't already installed 1147379766 M * Bertl on both the firewall and the workstation (linux) 1147379778 M * bakchos666 ok 1147379868 M * bakchos666 debian on firewall says netcat is already the newest version. wait to reboot workstation 1147379872 J * s0undt3ch ~s0undt3ch@bl7-246-94.dsl.telepac.pt 1147379885 M * Bertl welcome s0undt3ch! 1147380112 M * bakchos666 Bertl : also installed in linux workstation, idont know about windoze :-) 1147380126 M * Bertl yep, linux is fine :) 1147380141 M * Bertl okay, now let's try the following on the firewall 1147380173 Q * Viper0482 Remote host closed the connection 1147380234 M * Bertl nc -l -p 666 -s 192.168.0.3 1147380245 M * Bertl and on the workstation you 'try' 1147380269 M * Bertl nc 192.168.0.3 666 1147380287 M * Bertl in theory you should be able to type some chars then on the workstation 1147380294 M * Bertl and they should appear on the firewall 1147380301 M * bakchos666 ok 1147380308 M * bakchos666 wait 1147380312 M * Bertl but I guess the workstation nc will give you some error 1147380344 M * Bertl (or maybe timeout) 1147380470 M * bakchos666 i have to configure the workstation a bit, before do that, i receive network unreachable 1147380542 Q * ben_ Read error: Connection reset by peer 1147380610 M * bakchos666 now nothing in the firewall console 1147380630 M * Bertl yep, kind of expected that 1147380643 M * Bertl could you, just for a test, shut down the firewall? 1147380656 M * Bertl and see if the nc starts working then? 1147380657 M * bakchos666 sure 1147380720 M * bakchos666 it works now 1147380735 M * Bertl okay, I assume your gameserver will work now too (on lan) 1147380745 M * bakchos666 i test ... 1147380774 M * Bertl so basically you have to dig through the firewall config and look for typos or such blocking the 192.168.0.x network 1147380811 M * bakchos666 no 1147380841 M * bakchos666 still i cant connect from workstation 1147380861 M * Bertl could you do the tcpdump again now? 1147380866 M * bakchos666 ok 1147380962 M * bakchos666 wait it works now 1147380976 M * Bertl thought so ... 1147380994 M * bakchos666 i send output if you like 1147381004 M * Bertl not required, I guess 1147381019 M * Bertl basically it is the firewall setup which discards your packets 1147381048 M * bakchos666 ok then, i have to digg into firewall, but no change with firestarter or? 1147381067 M * Bertl well, one fw software is probably as good as the other 1147381100 M * Bertl once you figure out _what_ rule blocks your local lan and/or what config you have to tweak, it will magically start working 1147381133 M * bakchos666 ok i try to figure out the problem thank you very for your help 1147381140 M * Bertl you're welcome! 1147381336 M * bakchos666 I guess enought for today, see you, bye all 1147381342 M * Bertl cya 1147381355 Q * bakchos666 Quit: Leaving 1147381565 Q * bonbons Quit: Leaving 1147382210 J * locksy ~locksy@mrtg.sisgroup.com.au 1147382341 M * Bertl welcome locksy! 1147382440 Q * s0undt3ch Remote host closed the connection 1147382522 J * s0undt3ch ~s0undt3ch@bl7-246-94.dsl.telepac.pt 1147382967 M * brc_ BERTL 1147382968 M * brc_ i am here 1147382971 M * brc_ :) 1147382997 M * Bertl great! could you give the rc20 (or the patch mentioned above) a try and let me know if that fixes your issues? 1147383084 J * oliwel ~mail-at-o@host-62-245-151-178.customer.m-online.net 1147383146 M * brc_ Sure. where can i get it ? 1147383178 M * id23 http://vserver.13thfloor.at/Experimental/patch-2.6.16.16-vs2.0.2-rc20.diff 1147383221 M * harry hmmmmmm 1147383229 A * harry wants a diff again! :) 1147383240 M * harry is teher a delta from rc19 to rc20? 1147383242 M * brc_ My HD is showming me errors. 1147383252 M * brc_ Ok 1147383255 M * brc_ applying the patch right now. 1147383310 M * brc_ can i apply that on 2.6.16.14 ? 1147383316 M * harry brc_: try it 1147383318 M * brc_ There are new kernels everyday 1147383319 M * brc_ ok 1147383319 M * harry normally, you can 1147383327 M * harry but why not 2.6.16.16 ?\ 1147383559 M * brc_ because i will need to download it 1147383575 M * brc_ going to try on 2.6.16.14 if it doens't work i will download 2.6.16.16 1147383585 M * brc_ does it increase a number per day ? :) 1147383615 J * lordfelix ~LordFelix@host88-27.pool8260.interbusiness.it 1147383663 M * harry sorta ;) 1147383685 M * harry [harry@damien ~]$ date;uptime;uname -a 1147383685 M * harry Thu May 11 23:41:18 CEST 2006 23:41:18 up 66 days, 21:33, 1 user, load average: 0.40, 0.51, 0.43 1147383688 M * harry Linux damien 2.6.16-rc5 #3 SMP PREEMPT Mon Feb 27 12:01:18 CET 2006 i686 i686 i386 GNU/Linux 1147383698 M * harry the rc5 was released when i booted it... 1147383708 M * harry i don't know how manu rc's there were 1147383725 M * harry but this means: at least 16 kernels in 66 days 1147383747 M * brc_ weird 1147383754 M * harry btw. i'm fixing a patch from rc19 to rc20 1147383913 M * brc_ i am already compiling the kernel 1147383920 M * brc_ :) 1147383937 Q * id23 Ping timeout: 480 seconds 1147384217 Q * softi42 Ping timeout: 480 seconds 1147384753 J * softi42 ~softi@p549D6BB8.dip.t-dialin.net 1147385073 Q * oliwel Remote host closed the connection 1147385192 M * harry am i wrong, or is daniel_hozac's patch not included there? 1147385273 M * harry sry... it's there 1147385322 Q * dna Quit: Verlassend 1147385798 M * harry http://ludit.kuleuven.be/software/vserver/delta/delta-2.0.2-rc19-rc20.diff 1147385863 M * harry should i upgrade... i guess not... i've got the lock fix, i don't really need the 127.0.0.1 fix, and the rest is cleanup + not i386 1147385867 M * harry right? 1147385874 M * Bertl yep 1147385886 M * harry BUT 1147385896 M * harry i am gonna put the rc20 patch on my site... 1147385924 Q * lordfelix Read error: Connection reset by peer 1147386215 M * derjohn rc20 ? WTF ! I evening not here .... changes? 1147386226 M * harry there we go 1147386231 M * harry http://ludit.kuleuven.be/software/vserver/patch-2.6.16.16-vs2.0.2-rc20-grsec2.1.9.diff 1147386243 M * harry get it, patch it, use it... and report probs! :) 1147386256 M * Bertl derjohn: basically the lock issues (2.6.16.16) and saddr rewrite changes 1147386284 A * harry found a way to handle the patches :) 1147386301 M * harry a lot of diskspace... a lot of kernel trees 1147386304 M * harry but... it's workable! 1147386310 M * derjohn lock issues? lock like file lock? concerns all filesystems? (i.e. should I immedialtely upgrade ? 1147386383 M * harry config:/usr/local/config/kernel# ls -d linux-2.6.16.1*|wc 18 18 399 1147386408 M * [PUPPETS]Gonzo I have a stuck vserver which has only its init process running - vserver xxx stop does not work, what can I do about it? 1147386440 M * Bertl if there is really an init running, you can kill it with vkill 1147386544 M * [PUPPETS]Gonzo vkill -c contextid pid whereby contextid is my contextid and pid is the pid according to vps? does not work, "no such process" - 1147386568 M * harry i'm wondering... how many people (other than me) use the grsec+vserver patches i make? i want to know if they experience any problems (or not) 1147386587 M * [PUPPETS]Gonzo ah, no, with contextid, i get no error but the process still is there 1147386679 A * harry off to bed 1147386682 M * [PUPPETS]Gonzo -9 is highest signal for killing a process, right? 1147386703 M * Bertl not the highest, but it is unblockable 1147386790 M * cehteh if -9 doesnt work then something in the kernel is barfed up, reboot by time 1147386800 M * [PUPPETS]Gonzo damn 1147386831 M * cehteh can you chcontext into the context? 1147386844 M * [PUPPETS]Gonzo I can enter the vserver, yes 1147386853 M * Bertl [PUPPETS]Gonzo: init is protected inside the guest 1147386891 M * Bertl vkill --xid -s 9 -- 1 1147386936 M * [PUPPETS]Gonzo this did work 1147386939 M * [PUPPETS]Gonzo thanks a lot! 1147386942 M * cehteh ah :) 1147386952 M * Bertl [PUPPETS]Gonzo: you're welcome! 1147386981 A * [PUPPETS]Gonzo schnuerrt sein Packerl und verschwindet. 1147387088 Q * gdm Remote host closed the connection 1147387091 Q * lilalinux Quit: Leaving 1147387101 M * complexmind hi bertl 1147387114 M * complexmind long time no speak again :) 1147387148 M * complexmind I was wondering, how is progress with the libvserver work? 1147387261 M * Bertl hey complexmind! 1147387266 M * complexmind hi! 1147387274 M * complexmind how are you? 1147387278 M * Bertl well, you have to ask Hollow or phreak`` for that I guess! 1147387287 M * Bertl I'm fine, tx, and you? 1147387289 M * complexmind ok cool :) 1147387294 M * complexmind yeah great thanks 1147387361 M * complexmind we have been struggling a little bit to manage all our vservers and are looking for a way to centralise the configuration 1147387380 M * complexmind in a db schema 1147387391 M * complexmind do you know if anyone is doing anything similar? 1147387497 M * Bertl I guess many folks do that .. especially providers 1147387499 M * cehteh i am working on a small extension / configuration language which i plan to proprose for vserver tools when it is finished 1147387514 M * cehteh but first i have to finish it :) 1147387517 M * complexmind :) 1147387560 M * complexmind we (our dev/systems team) have been discussing writing some replacements for the ore parts of util-vserver which talk directly to a db 1147387584 M * cehteh what benefits do you expect from a db? 1147387593 M * cehteh central storage of configs? 1147387597 M * complexmind we already have the schema setup and a method of pushing configs out 1147387614 M * complexmind but I would like to make the link a little more 'live' if you see what I mean 1147387632 Q * azazel Quit: Client exiting 1147387672 M * complexmind well at the moment this schema is quite specific to our setup with routers -> servers -> vservers and then service specific configs below that 1147387724 M * complexmind our host and router firewalls also hang off this schema as well (we use some php/xslt/bwmtools to build dynamic firewalls) 1147387753 M * complexmind what I would like is for our "vserver" binary to talk to our db direct instead of reading from local file system 1147387775 M * cehteh mhm just a thought, the current config (directory tree) could be easily distributed via some networked filesystem too 1147387794 M * cehteh well .. dunno about your requirements 1147387838 M * complexmind yes that is true but it loses much of the beauty of sql (we have a lot of different parts of the system plumbed into our schema) 1147387855 M * cehteh i am quite sql agnostic for simple things :) 1147387862 M * complexmind :) 1147387903 M * complexmind I used to use NFS to build a kind of registry on a central server and that worked ok ish 1147387964 M * cehteh well i see that it might be usefull for some scenarios .. when i finsihed my config language i will contact enrico about details and how to integrate it (actually i make it for my own use but i think the vserver utils will benefit from it) ... and if the goes into the main tools then we can think about a database module too 1147387994 M * cehteh well if you are in urge you have to do something on your own ... or maybe pay me to help you :) 1147388045 M * cehteh but my config language is not yet proprosed or even acknowledged with any vserver developer .. so i dont know what the rest of the people will think about it 1147388049 M * complexmind I have excellent programming resources available, perhaps we could look together at it 1147388072 J * gdm ~gdm@64.62.195.81 1147388078 M * complexmind you might also be interested in some of our schema (some of it not really vserver-specific) 1147388125 M * cehteh well for now i focus on my lang ... which is itself in no way related to vserver 1147389191 M * ray6 complexmind: are they public somewhere? 1147389209 M * complexmind the schema? 1147389214 M * ray6 yes 1147389220 M * complexmind no not at the moment 1147389236 M * complexmind they are operational, but very specific to our environment 1147389260 M * complexmind well not that specific really I suppose 1147389263 M * complexmind :) 1147389286 J * prae ~benjamin@sherpadown.net 1147389338 M * complexmind It is basically a mapping of the current vserver config tree into a database, but with additional relations like vs->serverid 1147389384 M * ray6 complexmind: so you put all parameters from the config into the database 1:1? Or just the ones you need to have different in each server? 1147389385 M * complexmind plus all the non-vserver config (firewalls etc) 1147389422 M * complexmind well I have treid to remain as flexible as the vserver config is, so you can set global defaults and then override per-vserver 1147389718 A * ray6 is doing something similar for his xen servers... I also thought about modifying the user space tools to talk directly to the DB but don't see the real benefit yet... 1147389747 M * ray6 while the drawback of course would be to have a stronger dependency from the DB server 1147389866 M * complexmind http://paste.linux-vserver.org/32 1147389878 M * complexmind that is the scema I am currently playing with 1147389901 M * complexmind db is not a problem, we can replicate or use ndb 1147389955 M * ray6 oh, mysql has no IP data types? 1147389990 M * complexmind it's not perfect yet :) I wasn't aware of one 1147390011 M * cehteh complexmind: did you seen the new (unoffical?) administration (web-) frontend? 1147390012 M * ray6 prefix/subnet/broadcast/network seems redundant information... I just have net/mask for my networks 1147390022 M * derjohn bye, n8, .... 1147390033 M * cehteh n8 derjohn 1147390034 M * complexmind cehteh: nope 1147390077 M * cehteh wo was its programmer ben_ or BenBen ? ... i always mix that :) 1147390078 M * complexmind ray6: yeah it's in there because the vserver config has it, I don't use it either 1147390101 M * complexmind I use ip/prefix personally 1147390105 M * complexmind lol 1147390136 M * cehteh well .. since these things are upcoming we should keep an eye on them to be compatible and not to diverge to far .. 1147390159 A * ray6 wanted to save the IPs as indexes to the subnet but Postgres can't calculate with IPs :( (it has IP data types) 1147390173 M * complexmind yeah that would be nice 1147390189 M * ray6 cehteh: is any information about that interface online? I just read it could be seen on linuxtag? 1147390193 M * complexmind we are still debating the ip table 1147390199 M * brc_ bertl 1147390202 M * brc_ almost finishing the test 1147390210 M * cehteh ray6: ask ben_ or BenBen :) 1147390232 M * brc_ MY hd got badblocks so everything is really slow here. just finishing the test so i can reinstall a new hd 1147390309 M * complexmind yeah I would be interested to see that interface too 1147390321 M * complexmind before we go and write one :) 1147390476 M * cehteh for a first preview it looked quite good 1147390499 M * complexmind was it based on a host level or was it centralised? 1147390547 M * brc_ Bertl: I tested on a test server and it is working really well know. Connections to 127.0.0.1 are originated from 127.0.0.1 and connections to vserver's ip are originated from vserver's ip. Perfect! :) 1147390553 M * brc_ know=now 1147390596 M * Bertl okay, good! 1147390641 J * Andi ~Andi@socks.tuwien.ac.at 1147390643 Q * Andi Quit: 1147390764 M * cehteh complexmind: i dont know much about the internas .. you have a daemon on each host .. and a central webserver which serves the frontend 1147390784 M * cehteh the frontend is php, the daemons are C or C++ 1147390814 M * complexmind there was some talk of a configuration daemon some time ago I wonder if this is the same thing 1147390833 M * cehteh thats all i know :) ... and the look and feel .. which was really good (intuitive, simple) 1147390842 M * cehteh dunno 1147390891 M * cehteh unfortunally i lost a bit vserver knowledge past time since i didnt followed the project that much (prolly because vserver alsways works for me :P) 1147390915 M * complexmind yeah same I come in here every 6 months or so to make sure I'm not missing anything :) 1147390942 M * complexmind and when I'm planning development that involves vserver 1147390950 M * cehteh well and i am not working at a hosting company .. just using it for some people who would need such and for office servers (one machine makes inter and intranet) 1147390957 J * MrX` ~urk@219.95.9.225 1147390966 M * Bertl wb MrX`! 1147390975 M * MrX` Thx 1147390982 M * complexmind right 1147390999 M * cehteh anyways i am off to bed now ... good night 1147391007 Q * MrX Ping timeout: 480 seconds 1147391009 M * complexmind cehteh: nn 1147391090 N * MrX` MrX 1147391202 Q * prae Quit: Pwet