1149379348 Q * cehteh Server closed connection
1149379619 J * cehteh foobar@cehteh.homeunix.org
1149380350 M * orionpanda well, I've found split BME patches, but no recent COW patch. That's too bad. COW is a great feature to haven even when not using vserver. It should be part of the mainline kernel.
1149381472 Q * sladen Ping timeout: 480 seconds
1149381498 J * sladen paul@starsky.19inch.net
1149381995 J * doener_ ~doener@i5387C04F.versanet.de
1149382395 Q * doener Ping timeout: 480 seconds
1149382912 Q * Zaki Ping timeout: 480 seconds
1149382988 J * Zaki ~Zaki@212.118.97.190
1149384117 J * notlilo ~lilofree@tor-irc.dnsbl.oftc.net
1149384163 Q * notlilo Quit: 
1149384185 J * notlilo ~lilofree@tor-irc.dnsbl.oftc.net
1149384206 A * notlilo waves to Bertl_oO 
1149386565 Q * gdm Server closed connection
1149386581 J * gdm ~gdm@64.62.195.81
1149386645 Q * mountie Quit: LUNCK!
1149386753 M * orionpanda I'm running 2.6.16.17-vs2.1.1-rc21 with vserver legacy support disabled, and testme.sh is giving me: "chcontext is working; chbind failed!
1149386773 M * orionpanda Do I need to have dynamic context support enabled for testme.sh to work ?
1149386806 M * orionpanda Util-vserver version is: util-vserver-0.30.210
1149386842 M * doener_ hm, could you provide the full testme.sh output on http://paste.linux-vserver.org ?
1149386847 M * orionpanda Also, this is a SMP Kernel (dual opteron's)
1149386886 M * orionpanda http://pastebin.com/756897
1149386923 M * doener_ shouldn't cause any problems, I have a X2 at home
1149386938 M * doener_ ah... *LOL*
1149386949 M * orionpanda ??
1149386961 M * doener_ http://www.13thfloor.at/~doener/vserver/tools/testme-legnet.sh
1149386969 M * doener_ please try this version of testme.sh
1149386993 M * daniel_hozac differences?
1149387008 M * orionpanda it works!!
1149387016 M * orionpanda I feel like an idiot. Thx.
1149387019 M * doener_ daniel_hozac: the networking check... one of the proc files is no longer available
1149387021 M * daniel_hozac ah right, the grep stuff?
1149387023 M * daniel_hozac yeah.
1149387037 M * daniel_hozac IIRC we fixed that a while back, i guess Bertl just hasn't released a new testme yet.
1149387039 M * doener_ orionpanda: well, same for me, the message should have ringed some bells earlier ;)
1149387066 M * doener_ daniel_hozac: well, that testme file dates to April 15th ;)
1149387095 M * daniel_hozac heh.
1149387104 M * doener_ unless someone fixed it once again, that is the fix from "a while back" ;)
1149387116 M * daniel_hozac most likely :)
1149387276 M * doener_ hm, four in the morning... good time to give schizonet yet another try...
1149387314 M * doener_ guess around the twentieth try I understand the routing stuff and realize that my approach just cannot work ;)
1149387315 M * daniel_hozac schizonet?
1149387376 M * doener_ that term is courtesy of Sam... I used to call it "nnet" and then "split personality networking"... the network virtualization approach I was talking about about two weeks ago
1149387402 M * daniel_hozac ah, that.
1149387404 M * daniel_hozac lol.
1149388172 J * fosco fosco@tao.mu
1149388173 M * fosco hi
1149388181 M * doener_ hi fosco 
1149388193 M * fosco I have a stupid question sorry but
1149388207 A * doener_ points at the topic
1149388207 M * fosco how do I disable "/proc security" ?
1149388238 M * doener_ disable completely or just make required files available to the vservers?
1149388292 M * fosco disabling completely (but if you know how to define per-files acces it would be nice ;) after my vservers are up again)
1149388366 M * doener_ the basic setup is done via "vprocunhide", an initscript that comes with util-vserver. that makes all required and safe files accessible
1149388376 M * doener_ per file settings can be changed using setattr
1149388389 M * fosco I don't have this vprocunhide script
1149388406 M * doener_ did you compile the tools yourself?
1149388427 M * fosco nope, debian ones
1149388442 M * doener_ etch/sid?
1149388453 M * fosco etch/amd64
1149388478 M * fosco may not be really up to date
1149388488 M * doener_ ok, in debian it's /etc/init.d/util-vserver
1149388491 M * fosco but up to date enough to nod start my vservers anymore
1149388499 M * doener_ that script includes the vprocunhide functionality
1149388507 M * doener_ etch has the same version as sid atm
1149388536 M * doener_ and the debian initscript seems to be quite good/powerful
1149388571 M * fosco maybe :)
1149388590 M * doener_ what kernel version are you running? and from which kernel/tools version did you upgrade?
1149388605 M * fosco 2.6.14.4-vs2.1.0
1149388653 M * fosco ok thank you
1149388669 M * doener_ I guess that means that running the initscript did the trick, right?
1149388687 M * fosco yes
1149388725 M * doener_ great :) you're welcome
1149388739 M * fosco I should configure procfs security asap but for now
1149388757 M * doener_ usually there's no need to configure it
1149388765 M * doener_ the defaults used in that script are quite fine
1149388775 M * fosco I have rebooted the box with a /tmp/reboot -n -f
1149388781 M * fosco to "fix" an i/o wait
1149388803 M * doener_ ah, task in D state? these are evil/annoying...
1149388805 M * fosco and what the suprise my vservers would not start anymone :)
1149388818 M * fosco *panic mode*
1149388837 M * doener_ :)
1149388849 M * fosco I think it is more and hardware issue
1149388899 M * fosco but anyway thank you :)
1149390040 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com
1149390477 Q * softi42 Ping timeout: 480 seconds
1149391075 Q * Johan Server closed connection
1149391098 J * Johan ~finger@lounge.datux.nl
1149391104 J * softi42 pkfpijzo@p549D5FC6.dip.t-dialin.net
1149398943 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1149401595 Q * sukria Server closed connection
1149401606 J * sukria ~sukria@www.sukria.net
1149402268 P * cilkay Leaving
1149402652 Q * Skram Read error: Operation timed out
1149404325 Q * teukka Server closed connection
1149404344 J * teukka ~tmatilai@backport.ri.fi
1149405512 Q * cdrx Ping timeout: 480 seconds
1149406350 J * Skram ~MarkS@admins.sentiensystems.net
1149406357 M * Skram I forgot to connect back to IRC after restarting mah shell server
1149406360 M * Skram sup all?
1149407092 N * Nam NamTemp
1149407157 J * nammie ~nam@S0106001195551ff0.va.shawcable.net
1149407598 Q * NamTemp Ping timeout: 480 seconds
1149408200 M * orionpanda Does anyone know if I can use chattr to set '--iunlink' instead of setattr? What flags do I need to pass to chattr to emulate '--iunlink'?
1149408367 J * dna ~naucki@dialer-180-236.kielnet.net
1149408971 M * Skram how do i do a netstat that shows all connections, not just on the host
1149409542 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1149409926 J * enet ~jpduyx@adsl-228-22.dsl.uva.nl
1149410963 J * bonbons ~bonbons@83.222.39.166
1149412378 J * ion ~ion@iniquity.net
1149414747 J * pisco ~pampel@p508799EA.dip0.t-ipconnect.de
1149414807 P * pisco 
1149415309 Q * mnemoc Ping timeout: 480 seconds
1149415578 J * mnemoc ~amery@216.241.24.10
1149416445 J * pisc1 ~pampel@p50878445.dip0.t-ipconnect.de
1149417330 J * lylix ~eric@dynamic-acs-24-154-53-234.zoominternet.net
1149417467 M * lylix for all those interested in guest images: http://lylix.net/vps+templates/func,select/id,1/ (some x86_64 included)
1149417472 Q * cdrx Ping timeout: 480 seconds
1149417734 M * enet lylix: cool
1149417757 M * enet installable just by unpacking, or needs some more work ?
1149417778 M * lylix most can be unpacked and go
1149417795 M * lylix alot of them only needed the mtab file fixed
1149417800 M * enet ahhh
1149417816 M * enet and with the new configuration directory, do i need to change things to use it with that ?
1149417823 M * lylix ie, formerly a link to /rpoc/mounts.... rm and touch mtab
1149417837 M * lylix nope... thats what we are running... vserver 2.0.1
1149417850 M * enet ahhh
1149417892 M * lylix the basic images in some cases were actually stripped to be as bare as possible
1149417911 M * lylix but also, added some essentials, like yum for all redhat based images
1149417932 M * lylix and slackware has the slapt-get package
1149417958 M * lylix LAMP images include Apache, PHP, MySQL, Postfix, Dovecot, Bind, vsFTPd, and webmin
1149417969 M * enet okay, i am not so into redhat, only have experience with debian / ubuntu and mandrake
1149418009 M * lylix oh, speaking of those, the Ubuntu, Mandrake/Mandriva, and RH9 are stock from other sources... mileage may vary
1149418041 M * enet the debian  / Lamp is not from other sources ?
1149418062 M * lylix no, we took a bare deb 3.1 image and build the LAMP enviro ourselves
1149418074 M * enet and is there one with asterisk ?
1149418079 M * lylix :)
1149418087 M * lylix our AsterliX image... 
1149418101 M * lylix but thats not downloadable ;)
1149418114 M * enet ahhh
1149418117 M * lylix its an Asterisk@Home clone, app for app
1149418138 M * enet okay, i have been experimenting with  ....
1149418164 M * enet forgot the name 
1149418176 M * lylix asterisk web gui?
1149418182 M * enet ahh i remember -> xorcom
1149418203 M * enet now i see you also have asterisk hosting :)
1149418225 M * lylix yep, all of the hosts are ztdummy ready
1149418260 M * lylix which i was recently told isnt required with latest asterisk sources anymore for meetme and MOH
1149418275 M * lylix i personally cant confirm that
1149418295 M * enet i can imagine, some development is going too rapidly to keep up with all the new information
1149418316 M * lylix we had an Astlinux image at one time
1149418327 M * lylix worked rather well and small too :)
1149418347 M * lylix might build it out again for the heck of it and throw it up in the repo
1149418395 M * enet mmm
1149418508 M * lylix nice thing about these images as well is that Bind is compiled with --disable-linux-caps, so runs w/o any extra flags in bcapabilities
1149418557 M * enet thats cool.
1149418557 M * enet i am just in the process to rebuilding my home system, so i only need one machine online 24/7 to give me file sharing, and also to serve my personal external webpages, first steps have been taken, but i also wanted to take up my asterisk project again and use that machine to host that too,  and i guess i can use it for other experiments too, very useful for trying out new stuff and experiment for my LPI course
1149418575 M * enet when will linux-vserver be part of lpi anyway ?
1149418592 M * sid3windr lpi-v1? :)
1149418594 J * Wonka produziert@chaos.in-kiel.de
1149418722 M * enet hey, i see you have the link to telephreak, that is the documantation that made me think about putting it on my vserver ....
1149419304 M * lylix yep, it works well
1149419871 M * enet mmm good for my next weekend ... i have to go now, tnx, see you later
1149420514 Q * ion Remote host closed the connection
1149420690 P * enet 
1149422447 M * daniel_hozac lylix: with recent devel patches, you don't need to alter BIND at all.
1149422492 J * enet ~jpduyx@adsl-228-22.dsl.uva.nl
1149422496 J * Viper0482 ~Viper0482@p54976669.dip.t-dialin.net
1149422522 M * enet lylix: downloading debian-minimal and debian-LAMP didnt succeed: i got errors like : 
1149422522 M * enet gzip: stdin: not in gzip format
1149422522 M * enet tar: Child returned status 1
1149422522 M * enet tar: Uitgestelde afbreking na eerdere fouten
1149422534 M * enet sorry part in dutch 
1149422608 M * enet that was if i downloaded with firefox
1149422616 M * enet wget also didnt work ...
1149422772 M * daniel_hozac what does file say?
1149422840 M * enet cool: it says it is an asci tekst
1149422873 M * enet filesize is 204 bytes or so
1149422958 M * enet something went wrong with downloading i guess
1149422995 M * enet also i noticed that the name automatically turns into 1-i386-LAMP.tar.gz
1149423139 M * enet or something strange in the CMS or firefox not compatible with that download thing
1149424189 Q * enet Quit: 
1149424483 J * yarihm ~yarihm@84-74-17-70.dclient.hispeed.ch
1149425083 Q * FireEgl Ping timeout: 480 seconds
1149426528 Q * pisc1 Ping timeout: 480 seconds
1149427104 J * pisco ~pampel@p5087A392.dip0.t-ipconnect.de
1149427467 J * FireEgl Atlantica@Atlantica.Tcldrop.Com
1149427825 P * pisco 
1149429470 Q * lonewolff Ping timeout: 480 seconds
1149429849 J * AstroB24 ~AstroB@c211-30-36-98.rivrw6.nsw.optusnet.com.au
1149430374 Q * Viper0482 Read error: Connection reset by peer
1149430915 J * Viper0482 ~Viper0482@p54976669.dip.t-dialin.net
1149431539 Q * AstroB24 Quit: Leaving
1149431874 J * pisc1 ~pampel@p5087A3CB.dip0.t-ipconnect.de
1149432563 J * pisco ~pampel@p5087A0D2.dip0.t-ipconnect.de
1149432898 Q * pisc1 Ping timeout: 480 seconds
1149433122 Q * softi42 Quit: Leaving
1149433614 Q * Greek0 Ping timeout: 480 seconds
1149433816 Q * Viper0482 Quit: bin raus, 
1149433949 Q * pisco Ping timeout: 481 seconds
1149433977 J * Viper0482 ~Viper0482@p54976669.dip.t-dialin.net
1149434677 J * pisco ~pampel@p5087A4D9.dip0.t-ipconnect.de
1149435769 M * s0undt3c1 hello ppl
1149435780 N * s0undt3c1 s0undt3ch
1149435796 M * s0undt3ch I'm having some weird problems
1149435822 Q * Zaki Ping timeout: 480 seconds
1149435841 M * s0undt3ch while trying to add a 2nd interface to a guest, and thus creating /etc/vservers/the_guest/interfaces/1/
1149435861 M * s0undt3ch with eth1:127.0.0.2/32
1149435897 M * s0undt3ch when I restart my guest I get 3 devices, eth0/eth1/lo all pointing to 127.0.0.2
1149435939 M * s0undt3ch then I though it might be something related to 127.0.0.0 so, I tried another address on the seccond device
1149435985 M * s0undt3ch so, now it became eth0:10.1.0.50, eth1:10.1.0.55, and inside the guest I got 2 devices but both pointing to 10.1.0.55
1149435992 M * s0undt3ch makes any sense?
1149435999 A * s0undt3ch pings Hollow 
1149436086 M * s0undt3ch with the first case, eth0/eth1/lo all pointing to 127.0.0.2, I'm still able to ping 10.1.0.3(a machine I have) but not 127.0.0.1
1149436106 M * s0undt3ch I can also ping 127.0.0.2, 127.0.0.3(but this one does not exist)
1149436174 M * Loki|muh I can ping 127.0.0.3 in my vserver, too
1149436189 M * Loki|muh it doesn't exist, neither
1149436203 M * s0undt3ch Loki|muh: what devices do you have for your guest?
1149436249 M * Loki|muh i have eth0 192.168.x.y and eth1 216.156.x.y
1149436317 M * s0undt3ch Loki|muh: it seems that we can't ping 127.0.0.1, but we can ping 127.0.0.[2-.....], even with only one device
1149436355 J * Zaki ~Zaki@212.107.126.43
1149436363 M * Loki|muh i can even ping 127.1.1.1
1149436378 M * Loki|muh only 172.0.0.1 is not ping-able
1149436415 M * s0undt3ch but my problem is why ifconfig inside the guest reports 3 devices all pointing to 127.0.0.2(the 2dn devide I added) and not dev1 10.1.0.50(my local lan addr for that guest) dev2 127.0.0.2
1149436474 M * bon root@[neptun]:~# vserver vs01 enter
1149436474 M * bon ipv4root is now
1149436474 M * bon /dev/pts/0: No such file or directory
1149436474 M * bon root@darkstar:/#
1149436480 M * bon is that a correct behaviour?
1149436483 M * bon no /dev/pts*
1149436515 M * Loki|muh looks like old utils
1149436528 M * Loki|muh you don't use the alpha-utils, right?
1149436528 M * bon util-vserver-0.30.210
1149436531 M * Loki|muh hmmmm
1149436550 M * bon there is no /dev/pts/ inside the guest image
1149436576 M * Loki|muh here is, but its empty
1149436594 M * Loki|muh but I get no "ipv4root is now "
1149436600 M * Loki|muh when I enter a guest
1149436620 M * bon there should be an ip
1149436627 M * bon following, but the guest has no interface specified (yet)
1149437015 J * Huzi ~chatzilla@cm65-218.liwest.at
1149437067 M * Huzi Hello! 
1149437085 M * Huzi Anybody out there, who can help me?
1149437101 M * Loki|muh depends ;)
1149437107 M * Huzi oh good
1149437118 M * Huzi I have install vserver 2.0.2 in FC5
1149437144 M * Huzi migrating from a physical server with FC1 into a guest
1149437168 M * Huzi if I start the vserver I allways get the followeing msg
1149437181 M * Huzi An error occured while executing the vserver startup sequence; when
1149437183 M * Huzi there are no other messages, it is very likely that the init-script
1149437185 M * Huzi (/etc/rc.d/rc 3) failed.
1149437186 M * Huzi Common causes are:
1149437188 M * Huzi * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build
1149437190 M * Huzi   method knows how to deal with this, but on existing installations,
1149437192 M * Huzi   appending 'true' to this file will help.
1149437195 M * Huzi In which file should I append true?
1149437242 M * Loki|muh /etc/rc.d/rc in the guest, I suppose
1149437286 M * Huzi should I append true in the caller of /etc/rc.d/rc or somewhere in /etc/rc.d/rc? 
1149437328 M * Loki|muh in /etc/rc.d/rc
1149437349 M * Huzi An where in /etc/rc.d/rc should I append true?
1149437377 M * Loki|muh as I don't know fc I can't answer this correctly
1149437403 M * Loki|muh maybe you add return true somewhere on top of this file
1149437407 M * Loki|muh or only try
1149437411 M * Loki|muh -try+true
1149437499 M * bon hm
1149437501 M * bon my guest
1149437503 M * bon returns nothing
1149437506 M * bon upon 'df -h'
1149437516 M * bon normal? :)
1149437555 M * Loki|muh probably not, my guest is responding correctly
1149437562 M * Loki|muh /dev/hdv1             9,7G  8,5G  693M  93% /
1149437564 M * Loki|muh uh
1149437569 M * Loki|muh I need more space
1149437599 M * Loki|muh :(
1149437685 M * Huzi appending 'true' does not help
1149437712 M * Huzi I run vserver --debug cms1 start and found this message 
1149437804 M * Huzi hmmmmmmmmmm have troubles inserting this msg
1149437831 M * Huzi i get a Segmentation fault on line 164 in the vserver.start skript
1149437847 M * bon Loki|muh: could you show me your /etc/fstab inside the guest?
1149437898 M * Loki|muh bon: # UNCONFIGURED FSTAB FOR BASE SYSTEM
1149437966 M * Loki|muh bon: and the fstab in /etc/vservers/vserverxyz/fstab looks like this:
1149437967 M * Loki|muh |>none    /proc           proc    defaults                0 0
1149437967 M * Loki|muh |>none    /dev/pts        devpts  gid=5,mode=620          0 0
1149438006 M * Hollow s0undt3ch: semi pong
1149438047 M * s0undt3ch hi there Hollow 
1149438067 M * s0undt3ch I'm running vserver on gentoo and found an odd behaviour
1149438090 M * bon Loki|muh: hm
1149438091 M * bon :/
1149438092 M * bon blah
1149438098 M * s0undt3ch while trying to add a 2nd interface to a guest, and thus creating /etc/vservers/the_guest/interfaces/1/
1149438100 M * bon how do i put up an interface inside a guest?
1149438106 M * s0undt3ch with eth1:127.0.0.2/32
1149438121 M * bon 127.0.0.0/24 is reserved no?
1149438125 M * s0undt3ch when I restart my guest I get 3 devices, eth0/eth1/lo all pointing to 127.0.0.2
1149438146 M * s0undt3ch then I though it might be something related to 127.0.0.0 so, I tried another address on the seccond device
1149438151 Q * Zaki Read error: Operation timed out
1149438165 M * Hollow hm, lo is special, dunno what happens... but in devel there is a patch for isolated lo devices
1149438180 M * s0undt3ch so, now it became eth0:10.1.0.50, eth1:10.1.0.55, and inside the guest I got 2 devices but both pointing to 10.1.0.55
1149438185 M * s0undt3ch makes any sense Hollow?
1149438206 M * s0undt3ch with the first case, eth0/eth1/lo all pointing to 127.0.0.2, I'm still able to ping 10.1.0.3(a machine I have) but not 127.0.0.1, I can also ping 127.0.0.2, 127.0.0.3(but this one does not exist)
1149438228 M * s0undt3ch Hollow: I didn't try to add a lo device
1149438296 M * s0undt3ch Hollow: on the first try, I my devices were eth0:10.1.0.50/24, eth1:127.0.0.2/32
1149438307 M * Hollow ok, i still have company, will try to figure it out later..
1149438316 M * s0undt3ch but by it self it added the lo device
1149438320 M * s0undt3ch Hollow: k, thanks
1149438505 J * Zaki ~Zaki@212.118.99.32
1149438516 M * Huzi can i start a vserver into a specificated runlevel?
1149439068 M * bon ok
1149439071 M * bon so i have the guest running :)
1149439076 M * bon what about sshd
1149439079 M * bon can't login in
1149439080 M * bon :/
1149439157 M * bon Server refused to allocate pty
1149439163 M * bon i don't have any /dev/pt*
1149439484 M * bon hm
1149439490 M * bon how can i create /dev/pts?
1149439510 J * sezuan matthias@3ffe:80ee:3931:0:213:8fff:fe01:f96f
1149439523 M * doener_ should have been mounted by the tools on start pu
1149439530 M * doener_ s/pu/up/
1149439535 M * bon hm
1149439536 M * bon nothing :/
1149439568 M * bon root@vs01:/dev# ls pts
1149439569 M * bon /usr/bin/ls: pts: No such file or directory
1149439570 M * bon :/
1149439711 J * Aiken ~james@tooax8-073.dialup.optusnet.com.au
1149439745 M * doener_ ah, the directory probably has to exist beforehand
1149439771 M * bon well
1149439833 M * bon i created it manually
1149439835 M * bon restarted guest
1149439837 M * bon nothig comes up :)
1149440102 M * doener_ how did you create the vserver?
1149440183 M * bon manually
1149440183 M * bon :)
1149440189 M * bon with a script from bubulak
1149440336 M * bon any clue where the problem could lie?
1149440365 M * Loki|muh at the script from bubulak? 
1149440367 M * Loki|muh *g*
1149440389 M * doener_ do you have a fstab in your configuration?
1149440433 M * bon sure
1149440483 Q * s0undt3ch Remote host closed the connection
1149440536 M * doener_ does that contain an entry for devpts?
1149440590 M * bon none      /dev/pts        devpts  gid=5,mode=620          0 0
1149440591 M * bon indeed
1149440633 M * daniel_hozac what do you mean by "nothing comes up"?
1149440640 M * daniel_hozac does /proc/mounts contain it?
1149440679 M * bon no
1149440721 M * daniel_hozac could you try using vserver ... build instead?
1149440740 M * bon hm
1149440740 M * bon well
1149440753 M * bon last time when i tried, i couldn't get slackware guest running
1149441180 M * bon /dev/pts is a dir or mknod created device?
1149441187 M * doener_ directory
1149441204 Q * yarihm Quit: Leaving
1149441490 J * yarihm ~yarihm@84-74-17-70.dclient.hispeed.ch
1149441537 M * bon ok
1149441540 M * bon so i located the problem
1149441543 M * bon but didn't solve it :)
1149441550 M * bon # vserver vs01 start
1149441550 M * bon WARNING: '/etc/vservers/vs01/fstab' does not end on newline
1149441550 M * bon secure-mount: chdir("/dev/pts"): No such file or directory
1149441550 M * bon /etc/vservers/vs01/fstab:2:1: failed to mount fstab-entry
1149441929 Q * shedi Quit: Leaving
1149442158 Q * Huzi Quit: ChatZilla 0.9.52B [Mozilla rv:1.6/20040115]
1149443032 M * daniel_hozac looks like mkdir /vservers/.../dev/pts should fix it.
1149444264 J * meandtheshell ~markus@85-124-207-192.dynamic.xdsl-line.inode.at
1149445924 J * Huzi ~chatzilla@cm65-218.liwest.at
1149445941 Q * Viper0482 Remote host closed the connection
1149446228 J * Greek0 ~greek0@85.255.145.201
1149446565 J * yang ~yang@cpe-213-157-253-172.dynamic.amis.net
1149446588 M * yang Is it possible to monitor traffic on vserver guest IPs ?
1149446600 M * yang with cacti
1149446941 M * Loki|muh i guess that should be possible via iptables-accounting
1149447054 M * yang i allready have some script calculating traffic in iptables
1149447077 M * yang but not graphical output
1149447104 M * Loki|muh i tried to do something with cacti some years ago but I didn't get it to work ;)
1149447354 M * yang :(
1149447774 Q * Huzi Quit: ChatZilla 0.9.52B [Mozilla rv:1.6/20040115]
1149448221 M * lylix check out ipac-ng
1149448239 M * lylix we use it to monitor host + all guests
1149448270 M * lylix uses iptables and can export tp graphs for display on web very easily
1149448433 M * yang ok
1149448454 M * lylix it will actually create an index.html with graphs embedded
1149448474 M * lylix to the web directory of your choosing...
1149448479 M * yang cool
1149448488 M * Loki|muh sounds good, will have a look at it, too
1149448496 M * lylix if you dont have a webserver on the host... you can always dump it to a webserver in a guest ;)
1149448532 M * lylix on one host of ours, it is accounting for about 40 IPs
1149448576 M * lylix i also have a custom script written to generate a page with all IPs, and a page for each guest, so customers can view their traffic also
1149448695 Q * derjohn2 Ping timeout: 480 seconds
1149448706 J * derjohn2 ~aj@dslb-084-058-216-194.pools.arcor-ip.net
1149449073 J * s0undt3ch ~s0undt3ch@bl7-242-101.dsl.telepac.pt
1149449274 M * daniel_hozac ipac-ng doesn't use iptables, or at least it didn't last time i looked at it.
1149449309 M * daniel_hozac it has a private copy of iptables.
1149449321 M * lylix yes it does
1149449369 M * daniel_hozac the iptables backends are horrible hacks.
1149449373 M * lylix once started, "iptables -L" will produce  the rules setup by ipac-ng
1149449396 M * daniel_hozac yep, assuming your versions of netfilter/iptables/etc. match that which ipac-ng copied.
1149449399 M * lylix errr, produce not really an accurate word... more like display
1149449401 M * daniel_hozac iptables 1.3.0 broke it.
1149449445 M * lylix we're running 1.3.4
1149449477 M * lylix ipac-ng 1.31
1149449506 M * daniel_hozac i'm just saying it's not the most reliable piece of software.
1149449513 M * daniel_hozac unless someone rewrote the backends.
1149449524 N * bubulak_ bubulak
1149449570 J * schimmi ~sts@213-172-121-220.dsl.aktivanet.de
1149449617 M * schimmi hi! I want to make a mysql available to a vserver. wondering if it makes sense to rbind-mount the socket of mysql into the vserver
1149449641 M * schimmi would it work and are there any security problems?
1149449656 M * daniel_hozac why wouldn't you just use TCP?
1149449714 M * schimmi would like to use userid-based authentification
1149449761 M * daniel_hozac i wasn't even aware mysql supported that.
1149449940 Q * s0undt3ch Remote host closed the connection
1149450005 J * enet ~jpduyx@adsl-228-22.dsl.uva.nl
1149450480 P * enet 
1149450502 M * doener_ daniel_hozac: AFAIK it doesn't...
1149450707 M * schimmi yes, it doesn't. was wrong
1149450811 J * juggo ~who@h-68-166-181-4.sttnwaho.covad.net
1149450936 M * juggo so I read that someone might have already developed munin plugins for vservers, does anyone have any info?
1149451229 M * doener_ hm, how to get rid of hashified files of deleted vservers?
1149451259 M * doener_ simply delete the whole /vservers/.hash directory and re-hashify all vservers?
1149451346 J * s0undt3ch ~s0undt3ch@bl7-242-101.dsl.telepac.pt
1149451788 M * daniel_hozac find /vservers/.hash -links 1 -exec rm -f {} \;
1149451795 M * daniel_hozac is what i do to clean it up.
1149451810 M * daniel_hozac juggo: http://svn.debian.org/wsvn/pkg-vserver/people/holger/munin-plugins/
1149451845 M * doener_ daniel_hozac: hm, guess "hard" was the wrong search term for find(1) ;)
1149451959 M * daniel_hozac hehe.
1149452120 J * lonewolff ~lonewolff@adleman.lonewolff.info
1149452196 M * juggo cool thanks
1149452262 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1149452785 J * schimmi2 ~sts@213-172-121-220.dsl.aktivanet.de
1149453142 Q * schimmi Ping timeout: 480 seconds
1149453178 M * doener_ daniel_hozac: any idea if hashification is safe to do while the vserver is running?
1149453441 M * doener_ especially for non-rpm distros
1149453552 M * daniel_hozac why wouldn't it be?
1149453580 M * cehteh if something has a file open for writing this writes get lost
1149453604 M * cehteh (if it actually gets linked )
1149453641 M * cehteh well programms seldom keep write handles open and you likely dont want to hashify such files anyway 
1149453770 Q * lilalinux Ping timeout: 480 seconds
1149453771 M * cehteh if files are open for reading they get linked but program which has the filehandle actually keeps the link to the old inode which might become a nameless file and eat space on the disk until closed .. so it actually doesnt benefit from linking until restartet 
1149453826 M * doener_ it's the write case I'm interested in, the read case is obviously safe ;)
1149453831 M * cehteh so i would say one want to reboot the vserver at least after vhashify completes
1149453867 M * cehteh if there is a problem with low disk-space one might stop the vservers before vhashify them
1149453926 M * cehteh files writeable by vservers shouldnt be linked yet alone for security reasons
1149453955 M * doener_ security reasons? performance might suffer on write access, but security?
1149453965 M * cehteh eh 
1149453970 J * mkhl ~mkhl@200-148-40-90.dsl.telesp.net.br
1149454029 M * doener_ cehteh: how could hashifying arbitrary files affect security?
1149454050 M * cehteh you link them together for multiple vserver instances
1149454079 M * doener_ well, yeah, that's the whole point of hashifying ;)
1149454141 M * cehteh i dont know what happens if one has a file (lets say /etc/passwd or /lib/libc.so) open for writing already
1149454181 M * cehteh and then you link them and set the link immutable attribute .. the attributes are likely only checked on opening 
1149454283 J * lilalinux ~plasma@dslb-084-058-225-167.pools.arcor-ip.net
1149454284 M * cehteh so one is left behind with a writeable handle to a file linked over serveral vservers ... or if the file if the handle he had get deleted (the file) and then linked with a smae instance from another vserver then he has a handle to a almost dead file and any writes he do get lost when he closes the handle
1149454287 Q * yarihm Read error: Connection reset by peer
1149454346 M * doener_ you can't "link together" two files, one is replaced by a hardlink to the other
1149454348 M * cehteh well i am not sure .. but vhashify should check and ensure that files it wants to link are not opened for writing by anyone
1149454357 M * doener_ and IUNLINK is set before that happens
1149454372 M * doener_ so we're back at the lost write case :)
1149454411 M * cehteh IUNLINK is might be set before the hardlink is done .. but actually after some process has a writeable handle to it
1149454473 M * cehteh the case is that vhashify has some (2..n) candidates for hardlinking
1149454548 M * cehteh then it chooses one of them (likely just a first-one-wins) as let call it master file .. sets the IUNLINK flag unlinks (deletes) all other of the candidate and then reinstantiates them as hardlink
1149454611 M * cehteh if the 'master' is picked from a running vserver which has a write handle to it then it likely can continue to write on it no matter of the new attribute
1149454637 M * cehteh well thats just a guess ... maybe you verify that
1149454642 M * doener_ if there's no hashified version yet, it takes the one from the vserver it is hashifying (vhashify is done per-vserver)
1149454657 M * cehteh ah ok
1149454666 M * cehteh i thought you want to do it cross vservers
1149454695 M * cehteh actually that makes the most sense .. if it is secure
1149454840 M * cehteh same files on one server are seldom opended at the same time .. while some common files over vservers are always opened in parallel and linking them together gives the biggiest benefit since linkedd files appear only once in the page cache (example: one libc in memory for many vservers)
1149454920 M * doener_ nah, you misunderstood me... the files are unified across vservers
1149454942 M * doener_ but you do that per vserver... "vserver foo hashify" "vserver bar hashify"...
1149454962 M * doener_ all files are gathered in /vservers/.hash
1149454997 M * doener_ for new files, a new hardlink is placed in /vservers/.hash and the file is marked IUNLINK
1149455013 M * cehteh ah ok
1149455029 M * doener_ and when the second vserver is hashified, its files might be replaced be the files in /vservers/.hash/
1149455073 M * doener_ I'll do some tests for the "open write handle" case now...
1149455074 M * cehteh well i (think i) know the unix filesystem semantics quite good but i didnt yet used vhasify .. if the files are accumulated in .hash then it is safe
1149455114 M * cehteh (considering the linking is done in a safe way which should be easy)
1149455119 M * doener_ hm, does that change anything for that case?
1149455125 M * cehteh but yes you loose writes then
1149455165 M * cehteh well simple solution: vhasify should not link any files which have a write handle open
1149455166 M * doener_ file is open in vserver 1, hardlink is created in /vservers/.hash/, file in vserver 2 is replaced by a hardlink to that file
1149455180 M * cehteh actually the only safe solution
1149455220 M * cehteh that wont be sane
1149455225 M * cehteh (in the write case)
1149455251 M * cehteh then vserver1 writes are seen  in vserver 2
1149455265 M * doener_ yep
1149455314 M * cehteh it can either copy  the file to .hash or choose one candidate which is not open for writing an linking that to .hash
1149455321 M * cehteh ans then reinstantiate all other links
1149455337 M * cehteh still writes getting lost but no security proble
1149455356 M * cehteh leaving out any file which is open for writing fixes that all
1149455357 M * daniel_hozac yeah, the flags are only checked on open.
1149455393 A * doener_ .oO( if I'd only manage to understand the vhashify source code... )
1149455401 M * daniel_hozac so i guess you really should stop your guests before hashifying.
1149455402 M * cehteh i didnt looked yet :)
1149455407 M * daniel_hozac haha, i know that feeling.
1149455422 M * daniel_hozac i've tried so many times but i've always given up because it wasn't important enough at the time :)
1149455435 M * cehteh daniel_hozac: better fix vhashify in a way that it does not consider any file which is open for writing
1149455447 M * daniel_hozac and how would you do that?
1149455448 M * doener_ daniel_hozac: well, I've seen some code which looks like it creates a copy in /vservers/.hash instead of linking there, but I'm not sure about that
1149455469 M * cehteh that works in either case, is safe, does the job better when the vservers are stopped but still works while they are runnning
1149455483 M * cehteh and leaves no security problem by wrong usage
1149455512 M * cehteh doener_: thats still not optimal
1149455524 M * doener_ cehteh: i know
1149455543 M * doener_ but it's nice to see any success while deciphering the code
1149455556 M * cehteh well i ever wanted to work on the utils :) but well not yet so far
1149455562 M * cehteh G*
1149455634 M * doener_ it's already quite annoying that it's mixed space/tab indentation...
1149455662 M * Loki|muh sounds bad
1149455666 M * cehteh G*
1149455679 M * Loki|muh aren't there tools for such things?
1149455685 M * cehteh prolly more than one person working on that?
1149455696 M * Loki|muh vim e.g. has a nice function for this
1149455703 M * doener_ indeed... to make it worse, I have vim's "list" feature enabled, which makes tabs and trailing whitespace "visible"
1149455716 M * doener_ cehteh: no, ensc only AFAIK
1149455719 M * Loki|muh lol
1149455739 M * Loki|muh maybe not more than one person but more than one editor *g*
1149455759 M * cehteh ah ... i see you can configure emacs that it prefers tabs for indents but uses spaces for the fine work .. i guess other editors can do that too
1149455779 M * cehteh i just changed that long time ago to use only spaces
1149455786 M * cehteh for my code ..
1149455803 M * Loki|muh in vim if you mark text an press then = it automagicalle idents text the 'right' way ;)
1149455825 M * cehteh 'right' in the eye of the beholder :)
1149455847 M * doener_ so I have this now: http://www.13thfloor.at/~doener/vim.png
1149455849 M * Loki|muh hehe
1149455870 M * Loki|muh looks funny
1149455872 M * daniel_hozac hehe.
1149455882 M * daniel_hozac yeah, some of the code is really annoying.
1149455905 M * daniel_hozac that looks like some of the worst cases though.
1149455960 A * doener_ sometimes thinks that the flower page tells us a bit about the reasons for that... ;)
1149455967 M * daniel_hozac haha.
1149455978 M * Loki|muh :)
1149456011 M * Loki|muh i got a real shock when I first looked at the flower page
1149456091 M * cehteh you know that you can choose diffrent CSS views for the flower page?
1149456114 M * Loki|muh ya, luckily
1149456459 Q * FireEgl Ping timeout: 480 seconds
1149456565 Q * Skram Read error: Operation timed out
1149456788 Q * mkhl Quit: 
1149456823 J * Aiken_ ~james@tooax6-004.dialup.optusnet.com.au
1149457142 Q * Aiken Ping timeout: 480 seconds
1149457167 J * FireEgl Atlantica@Atlantica.Tcldrop.US
1149458553 Q * juggo Remote host closed the connection
1149459499 P * pisco 
1149460174 Q * cdrx Ping timeout: 480 seconds
1149460545 Q * bonbons Quit: Leaving
1149464566 J * ryanc ~foo@c-24-7-159-130.hsd1.ca.comcast.net
1149464570 M * ryanc hello
1149464617 M * ryanc I'm trying to use the newvserver script on debian, but it doesn't seem to work right, the vserver it creates can't be started... anyone have ay expericance with this?
1149465157 Q * dna Quit: Verlassend
1149465197 M * Loki|muh maybe you wanna use one of the creation methods described here: http://linux-vserver.org/alpha+util-vserver
1149465224 M * ryanc Loki|muh: checking that out
1149465285 M * ryanc oh
1149465292 M * ryanc ok, /me tries.....