1149724825 Q * Cocobu Quit: Parti 1149724832 Q * michal` Ping timeout: 480 seconds 1149724872 Q * cdrx Ping timeout: 480 seconds 1149725247 J * michal` ~michal@www.rsbac.org 1149725758 M * Radiance BertI, sorry about last night, i fell asleep 1149725811 M * Radiance BertI, i recompiled just a vanilla 2.6.16.20, tripple checked the config, but still high load on the cpu, i suspect it has to do with the crappy sis chipset (i don't use sis at all normally because of exactly these kind of trouble) :) 1149726212 Q * notlilo Ping timeout: 480 seconds 1149726437 Q * lilalinux Remote host closed the connection 1149727997 J * lithyum lithyum@r200-40-239-124-dialup.adsl.anteldata.net.uy 1149728432 Q * sladen Ping timeout: 480 seconds 1149728515 J * sladen paul@starsky.19inch.net 1149728974 P * lithyum 1149730330 N * sarnold sars 1149733154 M * orionpanda What are some attack vectors for breaking out of a vserver? I know it's possible to breakout of chroot jails. Is this possible from inside a vserver? 1149734702 M * [PUPPETS]Gonzo afaik no, if you set up the barriers... 1149734846 J * Aiken_ ~james@tooax8-023.dialup.optusnet.com.au 1149735162 Q * Aiken Ping timeout: 480 seconds 1149742784 J * notlilo ~lilofree@tor-irc.dnsbl.oftc.net 1149745349 N * otaku42_away otaku42 1149746001 Q * Snow-Man Read error: Operation timed out 1149746052 J * Snow-Man ~sfrost@kenobi.snowman.net 1149750445 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1149750820 J * Smutje ~Smutje@xdsl-87-78-98-134.netcologne.de 1149751625 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1149753826 J * dna ~naucki@dialer-178-183.kielnet.net 1149754067 M * jhaig Hello. I'm working through the how-to at "http://linux-vserver.org/CentOS_HowTo" and I have got to the stage of starting the test server. Running "vserver min-centos4 start" an error: "vcontext: vc_create_context(): File exists" followed by some comments about /etc/rc.d/rc which I have followed but do not seem to fix the issue. Can someone help? This is my first time with vserver so I don't really know too much about what I am doing. Thanks 1149754126 J * Ac0r ace@pD9E2AB9A.dip.t-dialin.net 1149754141 M * Ac0r hi 1149754191 N * Ac0r AzE 1149754611 M * jhaig Hello AzE. You an expert on vserver, because I asked a question just before you arrived. 1149754626 M * jhaig Sorry, "are you an expert on vserver?" 1149754632 M * AzE hi, no sorry, i have problems too 1149754633 M * AzE :) 1149754657 M * jhaig I think it is too early in the morning. 1149754661 M * AzE hehe 1149754669 M * AzE not for me 1149754687 M * jhaig This channel was quite active yesterday afternoon. 1149754711 M * AzE does anyone know this error: http://www.nopaste.info/index.php?id=1103545272 ? 1149754725 M * jhaig Not too early for me neither, but these channels do often have a bit of a US bias, which makes now very early. 1149754735 M * AzE hehe 1149754789 M * Aiken_ AzE my first guess would be to do what it says in line 10 of that message 1149754815 M * AzE where can i find that option? 1149754963 M * Aiken_ maybe /vservers/vs100/etc/rc.d/rc 1149755098 M * jhaig Aiken_: Did you seem my question regarding the CentOS HowTo? 1149755208 M * Aiken_ jhaig don't know 1149755237 M * AzE i dont have that dir 1149755307 M * jhaig OK, thanks. 1149755386 J * s0undt3ch ~s0undt3ch@bl7-249-252.dsl.telepac.pt 1149755389 M * Aiken_ AzE the etc/rc.d directory in the guest 1149755419 M * Aiken_ if that does not work I have no other suggestions at the moment 1149755428 M * AzE hmmm 1149755496 M * AzE i have rc0.d - rc6.d 1149755546 Q * s0undt3c1 Read error: Operation timed out 1149755767 J * ccalmels ~ccalmels@cimai.net4.nerim.net 1149755928 J * dlezcano ~dlezcano@cimai.net4.nerim.net 1149756243 J * notlilo_ debian-tor@tor-irc.dnsbl.oftc.net 1149756285 Q * notlilo Remote host closed the connection 1149757413 Q * bragon Ping timeout: 480 seconds 1149758110 M * daniel_hozac jhaig: did you select a static context for your guest? did you set it to the same thing as another guest? what does vserver-stat say? 1149758195 M * daniel_hozac jhaig: and i'd wager that this channel has mostly europe based users. 1149758268 M * daniel_hozac AzE: hmm, how did you build the guest? looks like you set a static id that contains letters. 1149758298 M * AzE i've allready found that problem 1149758307 M * AzE some file attributes went wrong 1149758412 Q * weasel Ping timeout: 480 seconds 1149758523 J * weasel weasel@asteria.debian.or.at 1149758762 M * jhaig daniel_hozac: I have a line from "vserver-stat" that says "500 1 1.4M 336K 0m00s00 0m00s00 1h28m44". 500 was the context that I set for the new server, and it was the first server created. 1149758777 M * jhaig I have since created another one with context 501, and there is a similar line for this. 1149758782 M * daniel_hozac so something is already running in there. 1149758801 M * daniel_hozac what does chcontext --xid 500 ps aux say? 1149758820 M * jhaig vserver min-centos4 stop gives me "vserver 'min-centos4' is not running" 1149758867 M * jhaig Three lines, second line is: "root 889 0.0 0.0 1528 336 ? Ss 09:57 0:00 minilogd" 1149758889 M * daniel_hozac that darn minilogd, eh. 1149758916 M * jhaig I gave that as just an example, to confirm that the output was correct. ;-) 1149758923 M * daniel_hozac i wasn't aware it also broke on building. 1149758940 M * daniel_hozac you'll have to kill it, use vkill. 1149758943 M * jhaig Ah, I thought you were being ironic. So there *is* something wrong with minilogd. 1149758964 M * daniel_hozac yes. 1149758978 M * daniel_hozac it breaks the shutdown sequence for CentOS guests. 1149759066 M * jhaig Thanks. I did "vkill -c 500 889" and now the start command comes up with a different error, although it still seems to have started correctly this time. 1149759112 M * jhaig "Applying Intel Microcode update: FATAL: Could not load /lib/modules/2.6.16.20-vs2.0.2-rc22/modules.dep: No such file or directory" - I guess that that is not as FATAL as it is making out. 1149759149 M * daniel_hozac nah. 1149759159 M * daniel_hozac that just means you haven't cleaned up your initscripts yet. 1149759293 Q * shedi Quit: Leaving 1149759683 M * jhaig Thanks for the help. 1149759727 M * jhaig I have just made a change to the online document. I am a little surprised that I didn't need to register, log in, or anything to be able to do this! 1149760228 M * daniel_hozac what's the point of a wiki if everyone can't edit it? :) 1149760361 M * jhaig Well, I've not submitted to a wiki before. I assumed that there would be some registration system, though. 1149761628 J * shedi ~siggi@dsl-og-108-50.du.vortex.is 1149762155 J * lilalinux ~plasma@dslb-084-058-196-186.pools.arcor-ip.net 1149762677 N * Bertl_oO Bertl 1149762681 M * Bertl morning folks! 1149763983 M * derjohn moin Bertl ! 1149764141 J * Milf ~Miranda@ipsio172.ipsi.fraunhofer.de 1149764163 M * Milf good midday everyone 1149764179 M * Bertl hey derjohn! Milf! 1149764190 M * Milf Bertl: How were the Linuxwochen? 1149764204 M * Bertl jhaig: you can (and should) set your name in the wiki :) 1149764230 M * Bertl Milf: great! got a lot of positive feedback 1149764358 M * jhaig Bertl: I did do, but what is to stop me from putting 'Zaphod Beeblebrox' (that is not my real name) and then writing a load of rubbish? 1149764378 M * Milf Was there an outcome of the panel Virtualisation panel? 1149764423 M * Bertl jhaig: your common sense ... :) 1149764455 M * Bertl jhaig: and if you feel the overwhelming need to do something like that, there is the 'Hacker Page' too *G* 1149764465 M * derjohn jhaig, because i would hit out your front teeth :) 1149764506 M * derjohn jhaig, you could even write rubbish _with_ an login, nor? 1149764535 A * derjohn thinks: so many people write loads of rubbish and even earn money with that ;) 1149764729 M * jhaig OK, I've just now bothered to read the top of the vserver home page, which answers this question. ;-) 1149764816 M * Milf Hmmm, it seems that registering is useless if you are behind a NAT and your ip changes often. 1149764850 M * derjohn Milf, extended helo ;) ! 1149764924 M * Milf EHLO? 1149764932 M * derjohn Milf, yes :) 1149764967 M * Milf 250-milf 1149764967 M * Milf 250-PIPELINING 1149764967 M * Milf 250-SIZE 100000000 1149764967 M * Milf 250-VRFY 1149764967 M * Milf 250-ETRN 1149764968 M * Milf 250-STARTTLS 1149764968 M * Milf 250-XVERP 1149764970 M * Milf 250 8BITMIME 1149765000 M * derjohn 500 - I cannot stand 250 milfs 1149765014 M * derjohn news from the multiseat-front? 1149765063 M * Milf Ahem, erm, I still must write the article for c't, 1149765222 M * derjohn is it possible to run an OpenVPN (server) in a vserver guest? 1149765241 M * Milf And for that I wanted to install a multiseat myself first. 1149765253 M * Milf And for that I need the testmachine to be available 1149765259 M * Milf and for that ... oh what a list. 1149765442 M * Bertl derjohn: seems like a FAQ nowadays ... 1149765494 M * derjohn Bertl, BTW: http://www.openvpn.org <---- Is it only 127dotted for me ? 1149765528 M * Bertl nope 1149765528 M * derjohn Bertl, i found http://linux-vserver.org/openVPN but that's about Clients .... 1149765539 M * derjohn Bertl, they are down? wow ... 1149767209 M * Loki|muh derjohn: seems like an oldstyle config -> i.e. : IPROOT="tunX:a.b.c.d" 1149767285 M * derjohn Loki|muh, yes .... but I saw people using --interface eth0:1.2.3.4 so I think you can use this with newstyle config too 1149767343 M * derjohn but: this config style give more "rights" to the guest? 1149767493 M * Bertl nope, usually not 1149767612 Q * AzE Ping timeout: 480 seconds 1149767705 J * AzE BasTard0@pD9E2A6E1.dip.t-dialin.net 1149767765 J * mkhl ~mkhl@200-148-41-167.dsl.telesp.net.br 1149768649 M * tokkee Loki|muh, derjohn: I always use --interface iface:ip/netmask 1149769462 Q * Aiken_ Ping timeout: 480 seconds 1149769472 Q * Nam Ping timeout: 480 seconds 1149771086 M * Milf Hmmm, does the linux Kernel have capabilities to dump me a debuggable core in case of panic etc? 1149771279 M * Bertl there are patches to do that (for the kernel) 1149771294 M * Bertl but it is not part of mainline (yet) 1149771450 J * abi ~abi@enz.schiach.de 1149771457 M * Bertl welcome abi! 1149771467 M * abi hi. 1149771566 M * derjohn Bertl, do we have support for tuntap devices in util-vserver? (like vlan ...?) if not, I will have to usetunctl from UML ! 1149771666 M * sid3windr ohnoes, not uml! 1149771771 M * daniel_hozac what would be the point? 1149772034 M * Bertl well, it might make sense to create a tun/tap beforehand 1149772151 M * daniel_hozac is it possible to have another process connect to it afterwards? 1149772157 A * daniel_hozac hasn't played with tun/tap for years. 1149772164 M * Bertl I think so, but not sure ... 1149772187 M * Bertl anyway, I'd like to 'extend' the tun/tap stuff to be context aware/specific 1149772189 M * derjohn daniel_hozac, Bertl i just try .... http://linux-vserver.org/some_hints_from_john <.. last Q&A, but unfinished yet 1149772217 M * Bertl what about this 'basic' idea: 1149772231 M * Bertl - have per guest tun/tap devices via isolation 1149772252 M * Bertl - allow to manage them but only allow for 'assigned' ips? 1149772267 M * derjohn Bertl, and what about the /dev/net/tun which OpenVPN tries to read? 1149772268 J * DarthVader ~Aniken@203.177.212.165 1149772282 M * Bertl derjohn: that is the master device like /dev/ptmx 1149772338 M * Bertl I'm pretty sure it lowers the network security to allow that, but that is a tradeoff folks who _want_ tun/tap are willing to take anyways IMHO 1149772422 M * derjohn Bertl, ye, I do just now ... I preconfigure tun0 and MAKEDEV to have the guest running openvpn 1149772455 M * daniel_hozac how does OpenVPN connect to the preconfigured tun0? 1149772504 M * derjohn daniel_hozac, openvpn does a "ifconfig 10.10.10.100 10.10.10.110 line", but since ovpn 2.0 also a "ifconfig-noexec 10.10.10.100 10.10.10.110" 1149772528 M * daniel_hozac but OpenVPN needs to run the tun0 interface. 1149772533 M * derjohn daniel_hozac, and please: I dont know much about openvpn yet, I just _try_ to get it running like this 1149772548 M * derjohn daniel_hozac, "persist-tun" line? 1149772555 M * derjohn daniel_hozac, I post my conf ... mom ... 1149772576 M * daniel_hozac well, i haven't used OpenVPN for a year, at least. 1149772594 M * derjohn daniel_hozac, I dunno yet who openvpn decides which tun device to take ... by ip? i have to try 1149772613 M * derjohn daniel_hozac, and please: I dont know much about openvpn yet, I just _try_ to get it running like this 1149772618 M * derjohn sry 1149772629 M * derjohn daniel_hozac, i updated the last Q: http://linux-vserver.org/some_hints_from_john 1149772647 M * daniel_hozac i guess ioctl(/dev/net/tun, TUNSETIFF, ifr.ifr_name="tun0") might give it control of it? 1149772675 M * derjohn i guess I only have a vague imagination about what you are talking ;) 1149772732 M * daniel_hozac yeah, that seems to do it. i guess i understand how it's supposed to work now. 1149772764 M * Bertl so basically precreating it would suffice, yes? 1149772771 M * daniel_hozac yep. 1149772791 M * Bertl would we gain anything by allowing the isolation and/or setup? 1149772804 M * Bertl (don't think so, no?) 1149772822 J * independence independen@marcusson.no-ip.com 1149772829 M * Bertl wb independence! 1149772836 M * independence hi! :) 1149772844 M * daniel_hozac what do you mean by setup? the creation of tun/taps? 1149772846 J * Nam ~nam@S0106001195551ff0.va.shawcable.net 1149772850 M * independence I still have some problems with my quota 1149772877 M * Bertl daniel_hozac: no, by allowing to 'change' e.g. the ip for a 'guest' tun within assigned range 1149772878 M * derjohn independence, rm -rf /var/porn ? :) 1149772885 M * independence In the guest system, /dev/hdv1 doesn't seem to be a valid device or something 1149772890 M * derjohn independence, sry .... 1149772893 M * independence Quotahceck doesn't work 1149772895 M * independence derjohn: :P 1149772897 M * Bertl independence: how was it created? 1149772911 M * independence vrsetup /dev/loop2 /dev/vroot0 1149772919 M * Bertl independence: also important questions are: 1149772924 M * independence cp -af /dev/vroot0 /vservers/rhea/dev/hdv1 1149772938 M * Bertl - does the guest have quota_ctl (capability)? 1149772952 M * independence Yep 1149772956 M * Bertl - is the filesystem mounted with quota (valid for some fs) 1149772965 M * independence Check 1149772967 M * Bertl - does your mtab entry contain the funny ufs entry 1149772973 M * independence Check 1149772979 M * independence But mine is not ufs, it's ext3 1149773017 M * daniel_hozac Bertl: i guess assigning IP addresses would be required for clients? 1149773042 M * independence brb 1149773100 A * phedny had some experience with OpenVPN, so if there are questions I might be able to answer them 1149773109 M * phedny s/had/has/ 1149773142 M * Bertl independence: that's fine, but you _need_ to mislead the quota tools into believing it isn't ext2/3, otherwise they try to directly access the filesystem 1149773174 M * Bertl (which they aren't allowed for security reasons) 1149773334 M * daniel_hozac Bertl: i guess isolation would be good in the sense that your pre-allocated tuns won't be stolen by other guests... 1149773462 M * Bertl could that happen? 1149773481 M * daniel_hozac sure. 1149773578 M * doener_ morning! 1149773584 M * daniel_hozac if you temporarily stop the service using the tun. 1149773588 M * daniel_hozac morning doener! 1149773711 M * Bertl hey doener_! 1149773722 M * Bertl daniel_hozac: hmm, does that return/dealloc the tun? 1149773753 M * daniel_hozac not if you set it into persistant mode which you'll have to as you pre-allocate it on the host. 1149773786 M * Bertl precisely, so it should work quite fine, IMHO 1149773800 M * daniel_hozac hmm? 1149773829 M * daniel_hozac guest B can easily steal guest A's tun, unless i'm missing something critical here. 1149773847 M * Bertl how so? 1149773894 M * derjohn hey, now i need a client: ovpn-server[23178]: Listening for incoming TCP connection on [undef]:443 1149773895 M * derjohn 1149773923 M * daniel_hozac if you pre-allocate tun0 for guest A, and guest A stops the service temporarily, the tun0 is up for grabs. 1149773963 M * Bertl hmm, seems we are going around in circles 1149773971 M * daniel_hozac (this of course requires that both guests have /dev/net/tun) 1149773989 M * Bertl my last answer/question to that was: 1149774001 M * Bertl 15:35 < Bertl> daniel_hozac: hmm, does that return/dealloc the tun? 1149774015 M * Bertl and your reply was: 1149774027 M * Bertl 15:35 < daniel_hozac> not if you set it into persistant mode which you'll have to as you pre-allocate it on the host. 1149774028 Q * FireEgl Ping timeout: 480 seconds 1149774044 M * Bertl so, assumed that we _have_ a tun/tap in persistant mode 1149774057 M * Bertl what _exactly_ would happen when the guest service stops 1149774071 M * Bertl (without having special rights/devices/etc for the tun) 1149774080 M * daniel_hozac nothing. 1149774096 M * Bertl okay, so how could guest B grab that tun from guest A then? 1149774104 M * phedny Bertl: persistance means that the daemon won't create and destory the tapN network interface, so IP config stays the same and TCP connections might survive a daemon restart 1149774110 M * daniel_hozac if guest B has /dev/net/tun, it can attach to it. 1149774127 M * daniel_hozac in the same way guest A initially attached to it. 1149774139 M * Bertl ah, oaky, now I understand ... 1149774150 M * Bertl good, sow e should isolate that issue away ... 1149774157 M * Bertl s/sow e/so we/ 1149774196 M * Bertl derjohn: is the /dev/net/tun required for openvpn to make it work? I assume yes 1149774236 M * daniel_hozac yes. 1149774247 M * daniel_hozac it's the only way to attach to a tun. 1149774251 M * daniel_hozac AFAICT, anyway. 1149774252 M * derjohn Bertl, yes 1149774290 M * jhaig How do I ssh into a virtual server? I have followed (or tried to, and probably got it wrong) but ssh always seems to take me to the host. Also, I'm not entirely clear where I should set up users - on the host or on the guests. 1149774310 M * derjohn Bertl, even if it is persistent tun0 device, it wants to open /dev/net/tun (it gets the packets from there ... in case of a taop device get gets frames) 1149774368 M * doener_ Bertl: btw, you really should have also told me about using quickfix mode with cscope when we sat on the parking lot in Wiesbaden ;) 1149774403 M * doener_ discovered that yesterday, I can't believe I always took the pain of 'normal' mode 1149774435 M * derjohn BTW: in ./Documentation/networking/tuntap.txt are coding examples how to attach. 1149774444 M * derjohn jhaig, http://linux-vserver.org/some_hints_from_john <-- check ssh section 1149774729 M * Milf Hmmm, is there a command to rebuild ssh keys in ubuntu dapper? dpkg-reconfigure ssh doesn't work after deleting the keys 1149774747 M * derjohn ssk-keygen -t dsa -b 2048 ? 1149774758 M * Milf Nothing else? *sigh* 1149774782 M * daniel_hozac i guess you mean server keys? 1149774787 M * Milf Yep. 1149774806 M * daniel_hozac you'll probably have to move them to the correct place as well. 1149774821 M * jhaig derjohn: Great! Now at least I'm getting an authentication rejection on the guest. ;-) 1149774822 M * derjohn /etc/sshd/.... 1149774832 M * Milf I'm a bit spoilt with SuSE VServers, as they genereate keys on startup if there are non. 1149774846 M * derjohn jhaig, hm ? so you got the right shell ? 1149774874 M * derjohn Milf, create the keys with ssh-keygen and move them to /etc/sshd/ .... 1149774895 M * derjohn Milf, or try dpkg-reconfigure -plow (open)ssh-server 1149774908 M * derjohn (debconf prio "low") 1149774986 M * jhaig derjohn: I'm not sure yet, and I have a meeting in a minute :-( But at least I now have ssh going through to the guest instead of the host, which is a step forward. 1149775005 M * Milf Hmmm, thanks. openssh-server was the package to reconfigure. 1149775006 M * jhaig Thanks for the help 1149775013 M * Milf On sarge it was just 'ssh' 1149775017 M * derjohn jhaig, would you mind to set a link from the wiki page you have been at first to the one i pointed out? 1149775024 M * derjohn Milf, _was_ :) 1149775035 M * derjohn Milf, dpkg --get-selections |grep ssh 1149775098 M * yang doener_: did you get my donation? 1149775137 M * Milf Thanks. 1149775142 M * doener_ yang: yeah, arrived yesterday :) 1149775152 M * Wonka german article about new OpenVZ version: http://www.heise.de/newsticker/meldung/73989 1149775164 M * Wonka they call it "free" again... 1149775165 M * yang doener_: ok, cool! 1149775188 A * Wonka still thinks Virtuozzo is a GPL violation 1149775252 M * jhaig derjohn: Done. It was this page: http://linux-vserver.org/HowtoSSHLogin 1149775260 M * doener_ Bertl: hm, seems like the Qlusters guy paid them a visit as well (judging from the fact that they provide per vserver mac addresses now) 1149775282 M * derjohn jhaig, and now hurry up! Your appointment ;) 1149775297 M * Wonka but they got virtualized network, enabling own MACs for Virtual Servers, and also IPv6 1149775351 M * derjohn doener_, Qlusters integrates vserver pretty soon ... matt mailed us already 1149775361 Q * shedi Ping timeout: 480 seconds 1149775375 M * derjohn doener_, (dunno if they have VZ support) 1149775425 M * doener_ derjohn: did they resolve the mac/arp issues they had? 1149775448 M * daniel_hozac derjohn: hmm, seems like creating tuns inside a guest works fine... why do you need to pre-create it? 1149775467 M * derjohn doener_, dunno, but he said, he's happy now (I guess they went the dhcp client ip way .... but: let them surporise us ;)) 1149775467 M * daniel_hozac just to assign the address? 1149775490 M * jhaig derjohn: All the other people in the meeting are sitting in the desks round me, so if I go now I'll be sitting in an empty room. 1149775532 M * jhaig ... there's nothing like good time keeping, and this is nothing like good timekeeping. 1149775541 M * Bertl doener_: url/code/patch? 1149775572 M * Bertl (for the qlusters stuff) 1149775580 M * derjohn Bertl, like a/s/l u/c/p get a more and more common abbrev. :) 1149775627 M * derjohn Bertl, I think doener_ was refferring generally to it: doener_ ? do you know more? 1149775686 M * Bertl btw, I thought openvz guests already had a separate mac? 1149775698 M * Bertl how would they do routing on the host? 1149775734 M * Bertl kir: could you elaborate on the MAC changes in OpenVZ devel/beta? 1149775771 M * yang Is anyone working on IPv6 support ? 1149775772 M * kir Bertl, sure 1149775794 M * kir Bertl, basically, there was a venet device (similar to yours ngnet AFAIK) 1149775822 M * derjohn yang, yes, bonbons has a beta-quality patch out 1149775823 M * kir Bertl, venet limitations are: no broadcasts/multicasts, IP should be set from the host system 1149775849 M * Bertl okay 1149775872 M * yang derjohn: IPv6 for guests ? 1149775875 M * kir Bertl, so now, in addition to venet, we have veth, which is also some kind of a virtual network device, this one is with the MAC address and can be used with bridging 1149775878 M * Bertl the host endpoint can be used for routing and bridging, right? 1149775883 M * derjohn yang, yes. 1149775884 M * kir Bertl, that's it. 1149775895 M * Bertl kir: but that's how it was before, no? 1149775910 M * Bertl (i.e. like UML without the uml part :) 1149775917 M * kir Bertl, more details here: http://blog.openvz.org/ and here: http://wiki.openvz.org/Virtual_Ethernet_device 1149775961 M * Bertl so, I'm wondering, what was the 'change' in the 'new' beta? 1149775985 M * kir Bertl, no with venet it's routing not brigding. So in the host system you have to have a route for each VE IP, like this: 195.214.233.188 dev venet0 scope link src 195.214.233.190 1149776003 M * kir Bertl, it's not a change, it's an addition. Old good venet is here to stay. 1149776014 M * kir Bertl, where have you read about the 'change'? 1149776015 M * yang I am wondering where I could find some info's on how to start gentoo guest, I only did the installation for debian. 1149776063 M * kir yang, google for gentoo-vps and follow the first link 1149776108 M * Bertl kir: on your latest heise ad 1149776170 M * kir Bertl, it's not ad, it's just that we issue the press release and people are writing about it. 1149776172 A * doener_ .oO( "ad", let the flaming begin.... *g* ) 1149776183 M * kir Bertl, OK I will try to read it through babelfish 1149776233 M * yang kir: well what i am wondering is, that my host runs on debian, but i would like to have a guest with gentoo or slackware is that possible? 1149776258 M * kir yang, sure 1149776265 M * Bertl kir: hmm, why does every announcement contain links to Virtuozzo and SWsoft and the very same advertisement slogan? 1149776267 M * kir yang, basically you have to use stage3 tarball 1149776316 M * Bertl kir: and for the translation, the only 'relevant' line is: 1149776323 M * kir Bertl, I do not know. BTW translation says that OpenVZ got a new feature, and since now a VE can have a MAC address, and this is exactly what veth does. 1149776343 M * Bertl "Thusly created virtual Linux-Server can be assigned a separate MAC address" 1149776384 M * Bertl yeah, my question is, what's new about the MAC? I always thought your venet had a mac address already? 1149776399 M * kir Bertl, I do not really know why they link to SWsoft and Virtuozzo...probably because each of our press releases are ended up with "OpenVZ is basis for Virtuozzo, a commercial offering from SWsoft" or smth like this. 1149776428 M * kir Bertl, no, venet is "macless" -- and that is why you can not do broadcasts/multicasts 1149776440 M * Bertl kir: (regarding the ad) let me ask _why_ that is so? :) 1149776464 M * Bertl kir: ad venet: ah, okay, so that was on the ip layer, basically 1149776482 M * kir Bertl, you want to ask me or heise.de? sure go ahead/ 1149776508 M * Bertl kir: you, or your company, which does the press releases, no? 1149776551 M * kir Bertl, from inside a VE, you see venet as PtP device : 3: venet0: mtu 1500 qdisc noqueue\nlink/void 1149776585 M * Bertl ah, okay, I understand, tx for the explanation! 1149776902 M * kir Bertl, no probs :) 1149777632 Q * independence Ping timeout: 480 seconds 1149779654 N * otaku42 otaku42_away 1149780019 Q * DarthVader Quit: Leaving 1149780027 J * DarthVader ~Aniken@203.177.212.165 1149780088 Q * DarthVader Quit: 1149780167 J * Viper0482 ~Viper0482@p54976F3E.dip.t-dialin.net 1149780403 M * Bertl wb Viper0482! 1149780635 Q * ||Cobra|| Remote host closed the connection 1149781139 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1149781427 J * stefani ~stefani@tsipoor.banerian.org 1149781956 M * Bertl welcome stefani! 1149782111 M * stefani hey 1149782752 Q * cdrx Remote host closed the connection 1149783188 M * derjohn Bertl, if i set a "nodev", the interface should appear with 'ip addr' in the guest? I tried that with a tun0, which does not show up at all .... 1149783213 M * daniel_hozac does the interface have the address? 1149783239 J * bonbons ~bonbons@83.222.39.166 1149783247 M * derjohn daniel_hozac, inet 10.10.10.110 peer 10.10.10.100/32 scope global tun0 1149783248 M * jhaig OK, I'm continuing to stumble my way through some of the documentation. In this one - I have successfully set a 5G limit to a guest. However, running the chxid command gave a whole lot of 'Invalid argument' messages for (as far as I can tell) every single file in the virtual server. Should I be worried about this? 1149783269 M * daniel_hozac jhaig: did you mount with tagxid? what filesystem do you use? 1149783280 M * jhaig Actually, I think it hasn't worked, as the disk usage is 0. 1149783282 M * derjohn daniel_hozac, I dunno how to set a peer in ../interfaces/1/... 1149783283 M * jhaig Yes. 1149783320 M * daniel_hozac jhaig: also, what versions are you using? 1149783326 M * daniel_hozac derjohn: you can't, most likely. 1149783341 M * daniel_hozac derjohn: that should show... 1149783342 M * jhaig This is from "/etc/fstab" - "LABEL=/usr/local /usr/local ext3 defaults 1 2". I then mounted with "mount -o tagxid,rw /usr/local/" 1149783342 M * derjohn daniel_hozac, so my idea was to set it up from the host side 1149783365 M * jhaig I'm using the latest stable. 1149783367 M * derjohn daniel_hozac, but what Ip set in ...interfaces/ip? none? 1149783376 M * daniel_hozac jhaig: umounting before that, i assume? 1149783387 M * jhaig Yes 1149783410 M * daniel_hozac derjohn: you have to set the IP address. that's what matters in the nodev case. 1149783413 M * jhaig 1) Shut down vservers, 2) unmounted /usr/local, 3) remounted /usr/local and 4) started up vservers 1149783425 M * daniel_hozac jhaig: so your vservers live on /usr/local? 1149783434 M * daniel_hozac --with-vrootdir=/usr/local/vservers? 1149783436 M * jhaig Yes - /usr/local/vservers 1149783466 M * jhaig Mainly because I installed the machine and then started reading the documentation. Otherwise I would have made a /vservers partition. 1149783498 M * derjohn daniel_hozac, and the "dev" name .... what happens if the ip in the conf is not the one the interface currently uses? /me thinks of "10.10.10.100 peer bal" != "10.10.10.100" .... 1149783525 M * daniel_hozac derjohn: if you set nodev, you're expected to set it up yourself. 1149783552 M * derjohn derjohn: you have to set the IP address <---- why? 1149783561 M * derjohn ah 1149783561 M * jhaig My guest is called 'elrond' and the chxid I did was "chxid -c elrond -R /usr/local/vservers/elrond/" 1149783588 M * daniel_hozac the IP address and prefix is what's forwarded to chbind, which later sets it in the kernel. 1149783588 M * derjohn daniel_hozac, you mean i have to setup it on the host? k, i kick the "ip" and "prefix" out ... 1149783604 M * daniel_hozac derjohn: no, you _must_ have IP and prefix/netmask. 1149783648 M * daniel_hozac derjohn: otherwise there's no point in specifying it at all. 1149783665 M * daniel_hozac derjohn: does /proc/virtnet//status contain the IP address? 1149783671 M * jhaig In the howto it has "chxid -c test1 -R /vservers/test1/" - I assume that 'test1' needs to be replaced by the same thing in both cases. 1149783679 M * daniel_hozac err, i mean .../info 1149783693 Q * mkhl Ping timeout: 480 seconds 1149783697 M * daniel_hozac jhaig: yes. 1149783754 M * daniel_hozac jhaig: do you have tagxid in /proc/mounts? 1149783759 M * jhaig In the kernel .config file I have 'CONFIG_INOXID_UGID24=y' and all the other INOXID lines are commented out. 1149783806 M * jhaig Hmmm, no, /proc/mounts doesn't have tagxid, but 'mount' says that it does. 1149783818 M * daniel_hozac mount is a liar :) 1149783872 J * _coocoon_ ~coocoon@p54A06058.dip.t-dialin.net 1149783942 M * derjohn daniel_hozac, ip addr |grep tun -< {}, ip addr |grep 10.10 -> {}, # cat /proc/virtnet/138/info 1149783942 M * derjohn ID: 138 1149783942 M * derjohn Info: ffff810076cbc000 1149783942 M * derjohn 0: 80.69.34.134/255.255.255.255 1149783942 M * derjohn 1: 10.10.10.100/255.255.255.255 1149783959 M * jhaig I've unmounted, edited /etc/fstab, and remounted and still /proc/mounts doesn't contain tagxid. 1149783973 M * daniel_hozac jhaig: what version is that? 1149783975 M * _coocoon_ hello to all 1149784008 M * daniel_hozac derjohn: and ip addr says 10.10.10.100 is assigned to tun0? it should show... 1149784025 M * jhaig daniel_hozac: Kernel 2.6.16, vserver 2.0.2-rc22, util-vserver 0.30.210 1149784025 M * _coocoon_ bertl: hello bertl r u there i hope u haven't needed the sparc till now 1149784038 M * jhaig daniel_hozac: CentOS 4.3 1149784067 M * daniel_hozac jhaig: have you tried running testfs.sh? 1149784078 M * daniel_hozac http://vserver.13thfloor.at/Stuff/SCRIPT/testfs.sh-0.13 1149784124 M * derjohn tun0: mtu 1500 qdisc pfifo_fast qlen 500 ... inet 10.10.10.100 peer 10.10.10.110/32 scope global tun0 1149784267 M * daniel_hozac derjohn: ip addr add 10.10.10.100 dev tun0 peer 10.10.10.110/32 scope global? 1149784289 M * jhaig daniel_hozac: Running "testfs.sh -D /dev/hda2 -M /usr/local" - ext3 passed and all the others failed. 1149784289 M * derjohn daniel_hozac, inet 10.10.10.100 peer 10.10.10.110/32 scope global tun0 1149784306 M * daniel_hozac jhaig: i hope you didn't have anything important on /dev/hda2? 1149784308 M * derjohn daniel_hozac, i'll try now doing it via a tap device in my desperation 1149784404 M * daniel_hozac derjohn: it seems like the peer stuff is what breaks it. 1149784412 M * daniel_hozac once i remove that, i see the interface and the address. 1149784425 M * derjohn daniel_hozac, i guess some comparison is not be equal any longer 1149784436 M * derjohn daniel_hozac, yes, THEN it appears ... 1149784453 M * jhaig daniel_hozac: No. It is a test machine. 1149784467 M * derjohn daniel_hozac, with tap device I can openvpn + bridgeing, so i can use a normal /30 for the vpn 1149784640 M * jhaig daniel_hozac: Ah, I see. A destructive test. 1149784658 M * daniel_hozac jhaig: yeah ;) 1149784694 M * jhaig I suppose I should really have asked what the test did first. I did think about it. 1149784737 M * derjohn daniel_hozac, got it running with a tap device and /24 network ;)) 1149784760 M * derjohn daniel_hozac, (no "peer" ...) 1149784853 M * daniel_hozac derjohn: i'm still not understanding why peer breaks it. 1149784868 M * derjohn daniel_hozac, but you can reproduce it? 1149784874 M * daniel_hozac yeah. 1149784885 M * derjohn daniel_hozac, where to file the bug? utils or kernel? 1149784891 M * daniel_hozac kernel. 1149784914 M * derjohn daniel_hozac, so ../interfaces/peer or ../interfaces/options ? 1149784922 M * derjohn daniel_hozac, no need for that? 1149784922 M * daniel_hozac hmm? 1149784947 M * derjohn daniel_hozac, to create it with the guest i.e. no "nodev" config 1149785055 M * daniel_hozac just to add the IP address with a peer? 1149785098 M * derjohn daniel_hozac, well, yes ... ok, i agree that no many people have their vsevers on a ppp interface, but in the vpn case ... 1149785232 M * daniel_hozac i guess you could file a bug, but it'll probably just sit there. 1149785243 M * derjohn daniel_hozac, *lol, ok 1149785478 Q * jhaig Quit: Download Gaim: http://gaim.sourceforge.net/ 1149785655 Q * dlezcano Quit: Leaving 1149785767 M * _coocoon_ daniel_hozac: hello daniel how to solve the problem that two glibc packages will be donloaded and install see http://paste.linux-vserver.org/66 i have an amd64 system and wanted to insta fc5 for x86_64 1149785773 M * _coocoon_ +ll 1149785833 M * daniel_hozac _coocoon_: why is it a problem? it just means you'll be able to run regular x86 binaries. 1149785908 M * _coocoon_ daniel_hozac: ok maybe right but the guest building failled --> Transaction Check Error: package libgcc-4.1.0-3 is already installed 1149785974 M * daniel_hozac _coocoon_: could you paste the entire build output? 1149786012 M * _coocoon_ daniel_hozac: yes one moment please, it is working 1149786084 M * _coocoon_ daniel_hozac:http://paste.linux-vserver.org/67 1149786337 M * daniel_hozac i can't reproduce that here. 1149786387 M * _coocoon_ daniel_hozac: ok 1149786421 M * daniel_hozac what do your /usr/lib*/util-vserver/distributions/fc5/pkgs/* contain? 1149786426 J * mkhl ~mkhl@200-153-153-154.dsl.telesp.net.br 1149786428 M * _coocoon_ glibc 1149786462 Q * michal` Ping timeout: 480 seconds 1149786498 M * _coocoon_ 01--> glibc 02 --> --reinstall filesystem 03--> coreutils setup 1149786526 M * daniel_hozac hmm, where did you get those from? 1149786557 M * _coocoon_ util-vserver installation 'default' for fc3 and fc4 1149786614 M * daniel_hozac i guess that's why i can't reproduce it then... i'll try changing it. 1149786621 N * sars sarnold 1149786745 M * _coocoon_ daniel_hozac: maybe it will help i change it to the files u have in the /usr/lib*/util-vserver/distributions/fc5/pkgs/*, because of i am trying to build the guest with suse 10.0 1149786782 M * _coocoon_ daniel_hozac: so i can't use the util-vserver-build-0.30.210-15.fc5.x86_64.rpm, or should i try to install these rpm packages 1149786807 M * daniel_hozac even with the files from fc4 it works. 1149786819 M * daniel_hozac except the guest is incomplete. 1149786872 M * _coocoon_ ah ok then which packages do i need to start the guest 1149786912 M * daniel_hozac replace setup with initscripts in 03. 1149786933 M * _coocoon_ daniel_hozac: oh ok i will try 1149786974 J * michal` ~michal@www.rsbac.org 1149787516 M * Bertl wb michal`! 1149787723 Q * Greek0 Quit: leaving 1149787787 Q * AzE Ping timeout: 480 seconds 1149788289 J * Greek0 ~greek0@85.255.145.201 1149789045 J * doener ~doener@i5387F177.versanet.de 1149789357 Q * phreak`` Ping timeout: 480 seconds 1149789407 J * phreak`` ~phreak``@140.211.166.183 1149789452 Q * doener_ Ping timeout: 480 seconds 1149791109 Q * Adrinael Quit: Whee 1149791939 Q * dsoul Read error: Operation timed out 1149792110 J * shedi ~siggi@inferno.lhi.is 1149792591 M * stefani i am finally starting to get the hang of rlimits 1149792632 M * Bertl good, if you have questions, just shoot 1149793198 Q * Viper0482 Quit: bin raus, 1149793212 Q * _coocoon_ Quit: KVIrc 3.2.0 'Realia' 1149793236 P * Roey Leaving 1149794207 M * phedny just trying to compile a vserver-enabled kernel, but it gives me an error message 1149794212 M * phedny http://paste.linux-vserver.org/68 1149794325 Q * derjohn2 Ping timeout: 480 seconds 1149794341 J * derjohn2 ~aj@dslb-084-058-241-238.pools.arcor-ip.net 1149794534 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1149794729 J * _mcp ~hightower@wolk-project.de 1149794747 M * phedny a non-patched kernel seems to compile, so I may assume it's a vserver-related problem 1149794828 Q * mcp Read error: Connection reset by peer 1149794832 N * _mcp mcp 1149795080 M * phedny it seems the include/asm-i386/page.h file rejected 2 hunks from the patch, one of which includes this PHYSICAL_START symbol 1149795103 M * Bertl older patch/kernel? 1149795154 M * Bertl IIRC, we do not patch this since 2.6.16 or so, as it was included in mainline 1149795169 M * phedny 2.1.1-rc13 from development sources 1149795208 M * phedny I'll try a kernel from kernel.org instead of the one 'apt-get install kernel-sources' gives me 1149795235 M * Bertl yeah, and better get rc22 too 1149795276 M * phedny indeed 1149795296 M * phedny I fetched the rc13 because Ubuntu shipped me a .15 kernel 1149796108 J * FireEgl Atlantica@Atlantica.US 1149796275 Q * mkhl Quit: 1149796922 Q * sladen Ping timeout: 480 seconds 1149797128 J * sladen paul@starsky.19inch.net 1149797796 Q * shedi Quit: Leaving 1149798320 J * insomnia1 ~insomniac@slackware.it 1149798320 Q * insomniac Read error: Connection reset by peer 1149798922 Q * bonbons Quit: Leaving 1149800560 Q * lilalinux Read error: Connection reset by peer 1149801315 J * lilalinux ~plasma@dslb-084-058-233-036.pools.arcor-ip.net 1149801891 J * mef ~mef@targe.CS.Princeton.EDU 1149802001 M * mef hello 1149802622 M * Bertl hey mef! 1149803588 M * ray6 hi Bertl :) Thanks to a stupid redhat patch I just found out that virtuozzo doesn't support auditd in the kernel, does vserver? :) 1149803649 J * Aiken ~james@tooax6-214.dialup.optusnet.com.au 1149804302 N * mugwump_ mugwump 1149804861 M * gdm hi, quick question that i'm probably too stupid to answer ;-) 1149804862 Q * mef Remote host closed the connection 1149804879 M * gdm i'd like to know the recommended current versionfor debian stable 1149804896 M * gdm as i'm running something old and it's causing me problmes 1149804903 M * Bertl kernel: 2.6.16.20, patch 2.0.2-rc22, tools 0.30.210 1149804974 M * bon bertl! 1149804977 M * bon hello everyone :) 1149804992 M * Bertl hey bon! 1149805012 M * bon i was thinking, don't you need mirror of the page+content? 1149805036 M * Bertl well, you are not alone with that thought 1149805072 M * Bertl thing is, it's a little tricky, but if you want to spend some time on it, it might work 1149805122 M * Bertl regardless of that, I can add you to my private list of folks willing to help if we actually need something or have a complete solution for wiki distribution ... 1149805186 M * Bertl (in which case I'd ask you to /msg me some contact information) 1149805188 M * bon well yeah, add me there :) 1149805255 M * Bertl thanks! 1149805313 Q * cdrx Quit: Leaving 1149805903 M * Bertl okay, back later ... 1149805908 N * Bertl Bertl_oO 1149806236 J * shedi ~siggi@inferno.lhi.is 1149807544 Q * dna Quit: Verlassend 1149808456 Q * sezuan charon.oftc.net plasma.oftc.net 1149809231 Q * lilalinux Remote host closed the connection