1150243600 J * ag- ag@caladan.roxor.cx 1150243706 Q * nebuchadnezzar Ping timeout: 480 seconds 1150243913 J * itguru ~itguru@host86-141-48-66.range86-141.btcentralplus.com 1150243946 P * itguru Leaving 1150244023 J * itguru ~itguru@host86-141-48-66.range86-141.btcentralplus.com 1150244166 M * itguru I am likin the sound of the Vserver thingy 1150245273 J * shedi ~siggi@130.208.221.254 1150246401 J * blake- blake@ip24-250-20-40.ri.ri.cox.net 1150248653 N * sarnold sars 1150248950 J * DarthVader ~Aniken@203.177.212.165 1150249304 P * blake- 1150250287 N * sars sarnold 1150250872 Q * mountie Remote host closed the connection 1150250885 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1150251251 Q * sb Quit: 1150251309 Q * DarthVader Quit: Leaving 1150251986 Q * s0undt3c1 Ping timeout: 480 seconds 1150252181 N * sarnold sars 1150257083 J * s0undt3ch ~s0undt3ch@bl7-244-104.dsl.telepac.pt 1150257182 J * fwl ~f_@83-215-237-1.seek.stat.salzburg-online.at 1150257243 Q * fwl Quit: 1150261825 N * Guest285 otaku42 1150262281 J * s0undt3c1 ~s0undt3ch@bl7-242-26.dsl.telepac.pt 1150262480 Q * s0undt3ch Ping timeout: 480 seconds 1150262735 J * fwl ~f_@83-215-237-1.seek.stat.salzburg-online.at 1150264837 Q * fwl Quit: This computer has gone to sleep 1150265311 J * fwl ~f_@83-215-237-1.seek.stat.salzburg-online.at 1150266708 J * s0undt3ch ~s0undt3ch@bl7-240-252.dsl.telepac.pt 1150266800 Q * s0undt3c1 Ping timeout: 480 seconds 1150269294 J * dna ~naucki@dialer-167-28.kielnet.net 1150269380 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1150269672 J * _coocoon_ ~coocoon@84.160.83.151 1150269679 M * _coocoon_ morning 1150269742 M * phedny mornin' _coocoon_ 1150271018 J * yelifu ~hongdanst@202.38.114.129 1150273042 J * DarthVader ~Aniken@203.177.212.163 1150273207 Q * jkl Ping timeout: 480 seconds 1150273419 J * Viper0482 ~Viper0482@p54975BC2.dip.t-dialin.net 1150274465 J * Fushi Rawr@69-172-154-250.atlsfl.adelphia.net 1150276513 J * CoBoLt ~countcobo@84.196.135.76 1150276518 M * CoBoLt oioi 1150276524 M * CoBoLt how's everyone doing? 1150276685 J * jhaig ~jhaig@mantis.office.netline.net.uk 1150276708 M * CoBoLt I'm getting this error on alpha 1150276717 M * CoBoLt rpm-fake-resolver: vc_set_cflags(): No such process 1150276717 M * CoBoLt rpm-fake.so: failed to initialize communication with resolver 1150276723 M * CoBoLt anyone seen this before? 1150276835 M * jhaig I have set up nss_vserver so that I can log on to guests directly via ssh. When I try 'ssh vserver-user@host' I can log in but I get an error "Could not chdir to home directory /etc/vservers/vserver/vdir/./home/user: Permission denied". Any idea what may be wrong? 1150277188 M * jhaig Also, I can use 'ssh vserver-user@host' but 'ssh user@vserver' doesn't work (NB, I am actually specifying @host and @vserver as ip addresses). http://linux-vserver.org/HowtoHostAuth says that I should be able to use the latter form. 1150277445 J * Milf ~Miranda@141.12.9.154 1150278360 Q * jhaig Remote host closed the connection 1150278372 Q * shedi Quit: Leaving 1150279089 Q * DarthVader Quit: Leaving 1150279175 J * jhaig ~jhaig@mantis.office.netline.net.uk 1150279699 N * Bertl_zZ Bertl 1150279703 M * Bertl morning folks! 1150279713 M * phedny Bertl: had a good sleep? 1150279714 M * _coocoon_ hello bertl 1150279725 M * Bertl phedny: short but good, tx :) 1150279729 M * Bertl hey _coocoon_! 1150279773 M * phedny I have this question about x86_64 1150279801 M * phedny as I read things, it is possible to run 32-bit binaries on a 64-bit kernel by using compat-libraries 1150279822 M * phedny but I wonder whether it is possible to run an entire 32-bit guest on a 64-bit kernel? 1150279837 M * Bertl well, yes, and it is done quite often 1150279854 M * Bertl only thing you need is the ia32 vompatibility/emulation in the kernel 1150279892 M * phedny and then I don't need these compat libraries? 1150279931 M * Bertl they ae already present in the guest (as normal ia32 libts) 1150279936 M * Bertl *libs even 1150279950 M * phedny point is, my computer died and I'm thinking about buying AMD64-based system and I'd like to transfer vservers from backup to it 1150279961 M * Bertl will work without issues 1150279966 M * phedny okay, nice :) 1150280043 M * daniel_hozac CoBoLt: that looks weird. does testme succeed? 1150282214 J * lilalinux ~plasma@dslb-084-058-228-103.pools.arcor-ip.net 1150282222 M * Bertl wb lilalinux! 1150282386 Q * Viper0482 Remote host closed the connection 1150282491 M * cehteh phedny: i made a recipe on the wiki for a 32 bit env on a 64 bit system 1150282587 M * cehteh echo linux_32bit > /etc/vservers/$NAME/personality 1150282587 M * cehteh echo i686 > /etc/vservers/$NAME/uts/machine 1150283006 Q * Nam Ping timeout: 480 seconds 1150283063 M * derjohn cehteh, is that really necessary? i do a export ARCH=i386 ; vserver build .... and there is a 32bit guest on a 64bit env. but beware to complile ia32 emulation in the 64 bit kernel! (else you will get a execve error ... 1150283069 M * derjohn phedny, too ... 1150283134 M * cehteh derjohn: i think thats mostly optional normal apps will work without it .. 1150283155 M * derjohn what? the ia32 emulation? no, it's needed ... 1150283172 M * cehteh the things above 1150283193 M * cehteh and ia32 is not emulated on x86_64 ... 1150283321 J * Nam ~nam@70.78.64.62 1150283347 M * derjohn well I empirically tested what I need: [*] Kernel support for ELF binaries Kernel support for MISC binaries [*] IA32 Emulation IA32 a.out support 1150283369 M * derjohn maybe it's only the misc binaries? 1150283390 M * Bertl ia32 emulation should be essential for having 32bit guest 1150283394 M * Bertl +s 1150283408 M * Bertl without that, the entire 32bit API is not present 1150283508 M * Bertl derjohn: regarding ubuntu in paris, if somebody pays the trip/accomodation I'm fine with it, but I guess it's easier if somebody from france shows up there ... 1150283601 M * derjohn Bertl, did you look at the 'sponsoring' page? interesting that I found Paul Sladen (-> sladen ) on that list. Is he still in vserver business? 1150283783 M * Bertl sladen: ping? are you? 1150283934 M * derjohn Bertl, I think you would be the right one there. if ben collins ask me about kernel details i would have to talk about the weather instead. 1150283964 M * derjohn (not true for packaging or promotion .... ;)) 1150284004 M * Bertl well, if they ask me about ubuntu stuff, I'd have to switch to the weather too :) 1150284020 M * derjohn Bertl, in africa there is always good weather ;) 1150284045 M * Bertl hmm, tell this to the people there ... 1150284074 J * Viper0482 ~Viper0482@p54975BC2.dip.t-dialin.net 1150284077 M * derjohn phedny, cehteh: http://linux-vserver.org/some_hints_from_john <-- '64 bit' FAQ added. would you mind to check? 1150284160 M * doener derjohn: so you got your bullshi^Wkernel running? ;) 1150284164 M * doener SCNR 1150284215 M * derjohn doener, i am afarid, yes, my bullshit serves a large companies webserver now ;) 1150284220 M * phedny derjohn: it's what has just been told in this channel and assuming that is correct, you text would be :) 1150284227 M * derjohn *company's 1150284248 M * phedny derjohn: but as soon as I've bought my AMD64 system, I'll verify it and let you know 1150284249 M * derjohn probably more soon if Bertl doesnt release rc23 .... :) 1150284263 M * derjohn phedny, *lol* ok .... 1150284513 J * jldalla ~jld@200.5.207.233 1150284532 P * jldalla 1150284877 J * liquid3649_ ~Viper0482@p54975BC2.dip.t-dialin.net 1150284934 Q * Viper0482 Ping timeout: 481 seconds 1150285380 M * daniel_hozac derjohn: is the uts/machine necessary? 1150285396 M * daniel_hozac vserver x86-builder exec uname -a 1150285397 M * daniel_hozac Linux x86.builders.hozac.com 2.6.16-1.2123_FC5.vs2.0.2.0.rc21.1 #1 SMP Mon May 22 16:54:21 EDT 2006 i686 athlon i386 GNU/Linux 1150285414 M * doener not in general, but IIRC eg some Java stuff needs that 1150285438 M * daniel_hozac it seems to be set by the linux32 personality though. 1150285457 M * daniel_hozac (i have no uts/machine, just linux32 in personality) 1150285636 M * derjohn daniel_hozac, doener i took over those lines from cehteh. i dont use them myself, but it may make sense to set it ti i686 instead of i386? 1150285674 M * daniel_hozac isn't i386 the hardware platform? 1150285692 M * daniel_hozac i get that on my regular i686 boxes as well. 1150285875 M * doener daniel_hozac: uname -mpi should tell... 1150285944 M * doener hm, well I cannot tell in which order the output is, except for "machine" being the first one, the others are unknown here... 1150285980 M * derjohn daniel_hozac, uhm, no idea. I only saw in Debian a libc6-i686 (optimized) ... but thats a compiler optimisation only, not a differnt $ARCH. I think mandriva offers i586, that not an $ARCH, too ? 1150286055 M * Bertl strictly speaking the hardware platform is x86 1150286061 M * doener derjohn: hm, is libc6-i686 just optimized? IIRC it also provides (or used to) NPTL support while the plain libc6 does not 1150286089 M * Bertl but out of tradition, _most_ distros use i386, some i586 and a few other variants like k6/k7/i686 1150286100 M * Bertl +something 1150286189 M * derjohn doener, a standard libc has no native posix threads? well, I dont code c as you may remember, so i never really cared ; .. besides that it nice weather outside today! 1150286246 M * Milf ... when you're not sitting in front of the AC exhaust shaft 1150286248 M * Milf :) 1150286329 M * Milf can I once again ask about my localhost issue that I also posted to the list? 1150286338 M * doener derjohn: well, the debian libc6 package, not glibc in general... 1150286360 M * daniel_hozac are you sure? 1150286382 M * daniel_hozac i thought NPTL required tsc or some instruction only present on 586 or 686. 1150286446 M * doener daniel_hozac: thus the libc6-i686 package, but distros compiled for i686 will probably have it in their plain libc packages 1150286499 M * doener I just wanted to say that it is not like that "in general", but depends on your distro 1150286533 M * phedny but the output of uname should not be influenced by any distro specific stuff 1150286537 M * Bertl Milf: sure ... 1150286563 M * derjohn the nice thing with standards is that you can choose from a large set of of them :/ 1150286584 M * derjohn Milf, dont ask to ask, just ask ;) 1150286602 M * Milf I can run the ported OX inside a vserver as long as I map lo into it. 1150286633 M * Milf Just mapping localhost to the guests IP in /etc/hosts inside the guest doesn't get me any positive result. 1150286638 M * derjohn Milf, OX != macos 10 ? 1150286646 M * derjohn :) 1150286653 Q * liquid3649_ Remote host closed the connection 1150286657 M * Milf OpenExchange. Commercial version. Will install on SLES9 1150286700 M * daniel_hozac have you found out why it doesn't work with the rewriting? 1150286733 M * doener Milf: did you try to disable hiding of network interfaces? 1150286746 M * Milf The part that doesn't work without loopback interface is written in java and I would have to spend a week finding and interpreting the source code. 1150286761 M * Milf doener: How do I find out if I am hiding any interfaces? 1150286762 M * daniel_hozac eww, Java. 1150286785 M * doener Milf: does ifconfig show lo? if not, hiding is enabled... 1150286809 M * Milf me shrugs its shoulders. It just wants to use the OX, whether it be written in Java, Intercal or Basic. 1150286812 M * derjohn Milf, as i still dont know the problem .... I think you cannot bind to 127.0.0.1 in a guest 1150286849 M * derjohn Milf, forgot to mention Eiffel ;) 1150286850 M * Milf I have a proprietary application written in Java that seems to want 127.0.0.1 1150286857 M * daniel_hozac Milf: also, have you tried the new CONFIG_VSERVER_REMAP_SADDR? IIRC you have to disable legacy to get it to show, but it might do the trick. 1150286857 A * Milf nods to derJohn 1150286901 M * derjohn Milf, so it wants to to bind 127.0.0.1 ... I assuem you set 'localhost' to your public ip in /etc/hosts ? 1150286905 J * Viper0482 ~Viper0482@p54975BC2.dip.t-dialin.net 1150286925 M * derjohn if not, grep -ril 127.0.0.1 /path/to/java/src/* ... 1150286956 M * Milf Ok, let's do this one by one. Doener: Will disabling interface hiding do anything different compared to setting up lo for the guest? 1150286965 M * Milf derjohn: I tried that. No cigar. 1150286976 M * daniel_hozac binds to 127.0.0.1 are remapped to the first IP address of the guest. 1150286980 M * doener it will show all interfaces but still disable direct access to 127.0.0.1 1150286996 M * doener ie. you see more, but cannot do more 1150287012 M * Milf doener: sounds like another thing to try. How do I disable hiding? 1150287041 M * daniel_hozac vattribute --xid ... --bcap ~0 --flag ~hide_netif 1150287065 M * doener 2fast4me ;) 1150287073 M * Milf daniel_hozac: Do I do this while the guest is running? 1150287082 M * daniel_hozac yes. 1150287102 M * daniel_hozac if you have the guest stopped, echo ~hide_netif >> /etc/vservers/.../flags 1150287107 M * derjohn daniel_hozac, do you really _know_ that the binding to a mapped ip works? or do you just assume it? I i ever run accross an example where it doesnt work, i will report. 1150287128 M * daniel_hozac derjohn: well, yes. 1150287165 M * daniel_hozac BIND's control channel is bound to 127.0.0.1. 1150287181 M * doener I assume that OX either wants to see lo, or that it checks that its socket is really bound to 127.0.0.1... 1150287194 M * daniel_hozac the latter would be quite silly, IMHO. 1150287204 M * doener the former would be solved by ~hide_netif, the latter would need the lo patches to be solved in a safe manner 1150287220 M * Milf Hmmm, no cigar. Admin-Interface gives me 'invalid credentials' on login. 1150287223 M * derjohn doener, maybe Java has such a security layer (-> sandbox ...) 1150287232 M * Bertl apropos lo patches *G* maybe we should have a network discussion today? 1150287238 M * daniel_hozac sure. 1150287263 M * doener I'll be gone soon, back at about 20:00 CEST 1150287269 M * Milf I can see lo inside the vserver and I have localhost mapped to first ip of the guest in /etc/hosts 1150287289 M * Bertl daniel_hozac: so around 2000 is fine for you too? 1150287292 M * daniel_hozac Milf: have you tried strace? 1150287298 M * daniel_hozac yeah, 2000 works fine. 1150287305 M * Bertl okay, sounds like a plan ... 1150287314 M * Milf strace I tried, but I don't know what to strace. 1150287323 M * daniel_hozac Milf: the process that fails :) 1150287330 M * Milf tomcat? 1150287352 M * daniel_hozac if you say so. 1150287395 M * Milf The part that fails is a java applet running on a tomcat. Which I know about as much of as the dark side of the monn. Which makes it hard for me to debug. 1150287404 M * Milf s/monn/moon/ 1150287426 M * doener invalid credentials... that sounds like a security check for dst or src address.. 1150287444 M * Bertl Milf: what does localhost resolve to? 1150287461 M * Milf My only hint on what to go on is that it works if I mkdir interface/lo;echo 127.0.0.1>ip;touch nodev;echo 255.0.0.0>mask 1150287484 M * Milf bertl: you mean by running ifconfig inside the guest? 1150287624 M * doener Milf: where exactly does the error message show up? and is that the complete error message? 1150287671 M * Milf The error message shows up on the web interface. 1150287680 M * Milf But hold on, I may have found another problem. 1150287688 M * phedny Milf: is there something in the Tomcat logfiles that may help? 1150287707 M * Milf phedny: I checked there. Nope. No cigar to be won. 1150287755 M * Milf bertl: According to 'host' "localhost.ipsi.fraunhofer.de has address 127.0.0.1" 1150287776 M * CoBoLt daniel_hozac, testme runs fine, i'll be back in about 30 minutes 1150287797 M * CoBoLt just did some shopping :) 1150287806 M * phedny Milf: what does "grep host /etc/nsswitch.conf" say? 1150287833 M * Milf hosts: files dns 1150287860 M * Milf I just had to create resolv.conf, as I made the image of the real server while having booted from Knoppix 1150288034 M * phedny can you post all localhost of 127.0.0.1 related lines from /etc/hosts ? 1150288310 M * Milf #141.12.26.118 miketest-int1.ipsi.fraunhofer.de miketest-int1 1150288310 M * Milf 141.12.26.118 miketest-int1.ipsi.fraunhofer.de miketest-int1 localhost 1150288310 M * Milf #127.0.0.1 localhost 1150288326 M * sladen derjohn / Bertl: hell 1150288333 M * sladen derjohn / Bertl: ...o 1150288361 M * derjohn sladen, ehlo ! you will be on the ubuntu summit ? 1150288437 M * sladen derjohn: I'm unsure yet. I'm paying my own way if I get there... 1150288462 M * derjohn sladen, so the sponsoring application was refused? 1150288475 M * Bertl sladen: so maybe you want to speak for linux-vserver there? 1150288484 M * sladen derjohn: however the logistics are fairly easy since it's just at the other end of the Eurostar to me 1150288508 M * Bertl sladen: we might have to bring you up-to-date, but I guess that wouldn't be a problem :) 1150288548 M * sladen are they specically wanting somebody to talk about vserver then? Or is this in relation to vserver packagin in Ubuntu? 1150288585 M * Bertl well, honestly I don't know, maybe derjohn should bounce you the email? 1150288610 M * derjohn sladen, we talked to mark about vserver and ubuntu on linuxtag. we would love to see it included in edgy. 1150288632 M * sladen derjohn: you mean having the kernel patch included by default? 1150288657 M * Bertl I don't see a good reason against it, as debian has xen/vserver hybrid kernels which work quite fine 1150288685 M * Bertl i.e. you can build/install all variations and combinations 1150288688 M * sladen derjohn: generally the Ubuntu kernel follows the mainline one except for additional drivers and the like or laptop fixes and the like that are going upstream 1150288710 M * Bertl sladen: well, they seem to include xen support though 1150288713 M * sladen Bertl: ah right, so having a separate additional linux-image-vserver ? 1150288728 M * Bertl sladen: precisely, and a xen-domu-linux-vserver 1150288756 M * sladen okay, so that's too more variations 1150288773 M * Bertl yup 1150288801 M * sladen two more 1150288857 M * sladen was there any pariticular aspect that caught Mark's eye? That's the way to get it into Ubuntu 1150288863 M * derjohn sladen, yes, "vserver and xen - just good friends" :) 1150288889 M * Bertl sladen: I guess he liked the moreubuntu multi seat desktop (tm) :) 1150288897 M * derjohn sladen, we showed him a multi-seat Xorg, each xorg in one vserver ;) 1150288986 M * derjohn sladen, (suse is also very interested in that feature, but Milf and zeng didn't finish the howto yet) 1150288986 M * sladen one of the first 'jobs' that Canonical had come in was the HP 444 (1 PC, 4 video cards, 4 usb keyboards, 4 usb sound thingies) 1150289015 M * Milf The Howto is as done as it will get. Bugger Zeng a little so he doesn't forget to post it. 1150289046 M * sladen they still all need /dev/mem don't they 1150289046 M * sladen for X 1150289050 M * Milf sladen: what about 4 mice? 1150289057 A * Milf nods 1150289058 M * derjohn Milf, zeng is still at computex, so not at this pc now :) 1150289070 M * Milf derjohn: Hmmm, he told me other things. 1150289092 M * Milf derjohn: But he's busy catching up at work after his leave 1150289092 M * sladen the. lag. here. is. unbleliveable. 1150289096 M * derjohn sladen, Bertl made first plans to virtualize /dev/mem .... 1150289141 M * sladen ooh, that's really interesting. like ioperm() for it? 1150289176 M * Bertl yup, basically based on assigning PCI ranges to guests 1150289181 M * derjohn sladen, how is the waether in .uk ? (read: I dont know anythings about it ;)) 1150289332 M * sladen derjohn: alternating between a heatwave and tropical rain 1150289334 J * id ~id@p50811B0F.dip0.t-ipconnect.de 1150289340 M * id Hi #vserver 1150289343 M * id hello Bertl 1150289368 M * Bertl welcome id! 1150289371 M * sladen Bertl: if you can see that separate from the context it would have wider-ranging uses for locking down /dev/mem 1150289393 M * sladen derjohn: where are you based? 1150289404 M * derjohn sladen, as20755 :) 1150289411 M * derjohn sladen, .de :) 1150289419 M * sladen derjohn: is your plan that you'd like me to go to UFK and pimp vserver 1150289428 Q * fwl Quit: This computer has gone to sleep 1150289429 M * sladen derjohn: and is there a spec already on the wiki? 1150289432 Q * jhaig Quit: Download Gaim: http://gaim.sourceforge.net/ 1150289454 M * derjohn sladen, what is yoz current e-mail ? 1150289471 M * sladen derjohn: vserver@paul.sladen.org 1150289480 M * derjohn sladen, spec? what kind of spec do you expect? 1150289506 M * sladen Bertl: BTW, I wasn't expecting to see you in a suit at LinuxTag :) 1150289534 M * Bertl sladen: hmm, why no? 1150289536 M * Bertl *not 1150289544 M * derjohn sladen, you wont believe it, it's his everyday clothing :) 1150289551 M * sladen derjohn: https://launchpad.net/distros/ubuntu/+specs 1150289571 M * sladen Bertl: I guess, I'd just never imagined it. 1150289576 M * sladen Bertl: very respectable 1150289593 M * derjohn sladen, have you been on LT ? 1150289593 M * CoBoLt bertl, have you read my question on the alpha release? 1150289634 M * Bertl CoBoLt: hmm, obviously not .. 1150289639 M * derjohn sladen, the plan was to talk to ben collins about the integration of the kernel patch. 1150289641 M * CoBoLt :) 1150289655 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1150289664 M * CoBoLt when I do a build of a vserver, 1150289665 M * CoBoLt i get 1150289675 M * Bertl welcome cdrx! 1150289677 M * derjohn sladen, util-vserver should be a piece of cake (at least the etch packages a good!) 1150289692 M * cdrx hi all ! 1150289702 M * sladen derjohn: yes, the utilties can be a straight sync (import) from Debian 1150289705 M * CoBoLt rpm-fake-resolver: vc_set_cflags(): No such process 1150289705 M * CoBoLt rpm-fake.so: failed to initialize communication with resolver 1150289726 M * CoBoLt now this is an alpha running centOS4.3 1150289734 M * CoBoLt testme gives me succeed on all parts 1150289748 M * sladen derjohn: and if you add the moreubuntu tools as a seperate package, depending on util-vserver then they're built in layers 1150289779 M * CoBoLt btw, LinuxTag, would that be interesting for now german speaking people? 1150289794 M * CoBoLt and second would it be interesting for non geeks too? As in my girlfriend? 1150289801 M * CoBoLt *non-german 1150289843 M * Milf Hmmm, first question: a definite yes; a lot of talks were in english 1150289861 M * Bertl CoBoLt: well, guess it was interesting for non german speakers, and I guess it was less interesting for non computer folks :) 1150289869 M * CoBoLt hehe 1150289873 M * CoBoLt she's computer minded 1150289878 M * CoBoLt but not yet linux minded :) 1150289881 M * Bertl CoBoLt: testme.sh works fine? could you upload that to paste.linux-vserver.org ? 1150289882 M * CoBoLt mind , the not yet :p 1150289887 M * Milf Second question: Ask your girlfriend if she likes fluffy penguins, but if you mostly go to booths and talk geek stuff, your GF will probably get bored like you do when she's trying on shoes :) 1150289928 M * Milf That's the third thing: LinuxTag was beginning of May. The next one is next year. 1150289930 M * Bertl Milf: maybe CoBoLt is a shoe fetishist? 1150289936 M * CoBoLt Bertl , no thank you 1150289938 M * CoBoLt :p 1150289942 M * sladen CoBoLt: LinuxTag is *very* interesting for German people. It's the only conference I know of where they don't speak English :) 1150289958 M * Wonka lol, Milf 1150290008 M * CoBoLt http://paste.linux-vserver.org/86 1150290013 M * CoBoLt bertl, that was for you :) 1150290039 M * CoBoLt for else I might be interested in coming over 1150290082 M * CoBoLt but I'll have to take holiday and oc my gf want a part of me :p 1150290101 M * CoBoLt sladen, are all the expo's in german? 1150290115 M * Bertl CoBoLt: I see glibc, but you compiled with diet, which version btw? 1150290116 M * CoBoLt of in general can we take in account that most speak some english 1150290122 M * CoBoLt hang on 1150290135 M * CoBoLt I used daniels srpms for fedora 1150290141 M * CoBoLt as the same for his util-vservers 1150290158 M * CoBoLt recompiled them on the alpha 1150290171 M * Bertl CoBoLt: so it is dietlibc 0.29 or so? 1150290179 M * CoBoLt 0.28-1 1150290285 M * sladen CoBoLt: only LinuxTag 1150290314 M * CoBoLt nono that was not what I meant sladen, I meant the general booths over there :) 1150290315 M * sladen CoBoLt: daniel stone? (Mr. xorg?) 1150290336 M * Bertl CoBoLt: basically all germans there will speak english too 1150290341 M * sladen CoBoLt: yes, virtually all of them were 1150290341 M * CoBoLt as you guys speak english that should not be a rpoblem :) 1150290344 M * CoBoLt great 1150290357 M * CoBoLt we have fosdem overhere 1150290365 M * CoBoLt so that like my annual linux meeting 1150290371 M * CoBoLt but germany isn't that far :) 1150290383 M * CoBoLt and there is something like trains, cars airplanes :p 1150290444 M * sladen derjohn: recieved 1150290454 M * CoBoLt Bertl any ideas on what goes wrong? 1150290469 M * CoBoLt sladen, what do you mean with mr Xoorg? 1150290470 M * Bertl CoBoLt: you should talk with Aiken once he is around, he is using an alpha too, I have one available too, but this one runs debian, and the guest building work fine there 1150290481 M * CoBoLt hmmm 1150290488 M * CoBoLt I'll check with running a legacy build 1150290492 M * CoBoLt maybe that works 1150290504 M * CoBoLt do you know which distro Aiken uses? 1150290514 M * Bertl CoBoLt: you might try installing the tools from sources to eliminate the remote possibility of rpm issues 1150290531 J * tmyneii ~localhost@161.53.107.100 1150290541 M * CoBoLt okay 1150290559 M * CoBoLt could I just take the sources from the srpms or do you think it is better to run the latest versions? 1150290574 M * CoBoLt and what would you prefer, the stable versions or not? 1150290795 M * Bertl welcome tmyneii! 1150290831 M * Bertl CoBoLt: I'd try latest dietlibc with 0.30.210 1150290837 M * Bertl CoBoLt: kernel should be fine 1150290843 M * CoBoLt ok 1150290856 M * CoBoLt I am building dietlibc 0.29 now 1150290917 M * CoBoLt damn an alpha compiles fast :) 1150290941 M * Bertl hmm, depends on the cpu :) 1150291026 Q * hallyn Quit: leaving 1150291077 Q * tmyneii Quit: HydraIRC -> http://www.hydrairc.com <- IRC for those that like to be different 1150291140 M * Milf Ok, back to the localhost problem: 1150291154 M * Milf unhiding the interfaces didn't help 1150291220 M * CoBoLt 533 miata :) 1150291265 M * Bertl Milf: could you just change the 'localhost' to the first guest ip? 1150291278 M * Bertl (as it is suggested everywhere) 1150291282 M * Milf where? in /etc/hosts? 1150291294 M * Bertl yep, just add a line there with localhost 1150291316 M * Milf Like this: 141.12.26.118 miketest-int1.ipsi.fraunhofer.de miketest-int1 localhost 1150291322 M * Milf Tried it, no cigar. 1150291336 M * Bertl what does the strace/error show in this case? 1150291350 M * Milf That was the other problem: What to strace? 1150291362 M * Milf It's a java applet running on tomcat, displaying a web page. 1150291388 M * Bertl okay, so what about the error? 1150291417 M * Milf The error is the string 'invalid credentials' displayed on the login page that doesn't let me into the admin app 1150291448 M * Bertl I thought there was something like interface not found or so? 1150291479 M * Milf I wish there was. 1150291503 M * Bertl probably I mixed that up now, but why the hell are you trying to unhide lo then? 1150291529 M * Milf 'cause doener said to try that approach. 1150291535 M * Bertl what you actually want to try is to disable the localhost rewriting (as available in rc22) 1150291550 M * sid3windr cool 1150291567 M * Milf Argl, you mean to tell me recompile my kernel? 1150291572 M * Bertl which will give you 127.0.0.1 for the connection, which in turn might work around the brokenness in that applet 1150291600 M * Bertl JFYI: any application which 'assumes' that localhost == 127.0.0.1 is broken 1150291653 M * Milf Yes, I know that. Try telling that to the openexchange people. I couldn't even find their mailing list, even though it's based on an open source project. 1150291674 A * Milf sings 'No need no subset' 1150291681 M * Bertl should there be the 'source code' somewhere? 1150291703 M * Milf If I look hard enough I probably will find the source code. 1150291705 J * pagano ~pagano@131.154.5.20 1150291737 M * Milf So, next thing to try is patch up my kernel to rc22 and then do what? 1150291764 M * Bertl well, if you _find_ the source, I'd grep for a hardcoded 127.0.0.1 and replace that 1150291774 M * Bertl then send a patch to the openexchange folks :) 1150291797 M * Milf ... and wait for the next commercial release :) 1150291826 M * Bertl well, for proprietary applications, you might try disabling the address rewrite stuff 1150291839 M * Bertl (it's a kernel option and we need some testing/feedback anyways :) 1150291868 M * Milf Ok, what will that do? Can I do that with my rc20 kernel? 1150291906 M * Bertl if you apply certain patches, yes :) 1150291928 A * Milf shivers with anticipation at building yet another kernel. 1150291949 M * CoBoLt Bertl custom build gives me the same error 1150291953 M * CoBoLt I'll try legacy now 1150291978 M * Bertl very interesting ... seems like centos is kind of different nowadays 1150291979 M * CoBoLt this works which I expected as I am not using rpm atm 1150291985 M * CoBoLt as in? 1150291992 M * Bertl ah, which reminds me, could you try with a sane gcc too? 1150292003 M * CoBoLt without dietlibc? 1150292006 M * Bertl maybe force downgrade to 3.3.something 1150292010 M * Milf Ok, Bertl, I'll give it a try. Gimme them patches and I'll build me an alternate kernel. 1150292010 M * CoBoLt hmmm 1150292021 M * Bertl Milf: better get rc22 1150292052 M * doener Milf: why shiver? should only take a few seconds.. 1150292060 M * CoBoLt Bertl why downgrade to 3.3? 1150292081 M * Bertl CoBoLt: just to eliminate the possibility of a gcc/diet issue 1150292084 M * CoBoLt I ran vserver on x86 with slackware with 3.4 as gcc 1150292097 M * CoBoLt what would happen if I uninstalled dietlibc? 1150292104 M * CoBoLt how many issues would I run into? 1150292107 M * Bertl yes, but you don't know what centos did put into the gcc 1150292112 M * Milf doener: remember my problems with my last kernel build and the issues with initrd? 1150292112 M * CoBoLt nope 1150292167 M * doener Milf: you know how to do it now, right? ;) 1150292260 M * Milf doener: Yes, but I get these flashbacks :) 1150292391 M * doener btw I just got the OX source and there appears 127.0.0.1 in ldap_addressbooks.xml in conf/groupware/ and conf/webmail/ ... and in their examples, ldap.conf in PREFIX/etc/{groupware,webmail}/ also has 127.0.0.1 in it 1150292407 M * doener maybe you also have 127.0.0.1 in these configuration files in your install 1150292447 M * Milf Hmmm, indeed I haven't grepd for 127.0.0.1 in the whole server, like I did with the originla IP of the server that provided the image 1150292460 M * Bertl doener: uh-oh, you mean a problem between keyboard and chair? 1150292529 M * doener if you like to call it like that... I'd prefer to say "stupid default config combined with unexpected security checks" (if my assumptions hold) 1150292530 M * Milf bertl: Not nice. It would be a problem between user and uaotmatic setup :) 1150292542 M * doener at least the config could use "localhost" instead of "127.0.0.1" 1150292548 A * Milf likes doener's explanation much better :) 1150292564 M * Bertl hehe, I'm fine with that too :) 1150292568 M * Milf or just put the guest's ip in there 1150292585 J * fwl ~f_@83-215-237-1.seek.stat.salzburg-online.at 1150292627 M * Milf and until that find is done, I'll delete some users :) 1150292699 M * CoBoLt guys didn't we have a legacy to new config converter? 1150292699 M * Bertl wb fwl! 1150292710 M * CoBoLt got it :) 1150292712 M * CoBoLt me blind 1150292712 M * CoBoLt :p 1150292744 M * Milf cobolt: post the URL please. I lost my bookmark to that one it seems 1150292757 M * CoBoLt http://linux-vserver.org/Legacy-To-Newstyle-Config 1150292758 M * CoBoLt :p 1150292766 M * CoBoLt couldn't be easier :D 1150292772 A * CoBoLt definately blind 1150292779 M * Milf thanx 1150293473 M * Milf Ok, greped the whole tree for 127.0.0.1 and exchanged all the relevant findings with guests IP. Doesn't help :( 1150293542 Q * brc Ping timeout: 480 seconds 1150293801 J * orionpanda_bbl orionpanda@netblock-66-245-252-180.dslextreme.com 1150293880 M * orionpanda_bbl bertl: I've got delta-ocfs2 running on two nodes (with 2x aoe shared disks). Thanks for the patch! 1150294358 M * Bertl orionpanda_bbl: great, there will be proper support (for testing) soon 1150294376 N * orionpanda_bbl orionpanda 1150294417 M * harry hahaaaaaaaa... tomorrow... /me will make a new grsec + vserver patch!!!! 1150294421 M * orionpanda I don't know if you've run ocfs2 over aoe yet. However, there are some performance issues. Namely, copying over OCFS2 is verrrry sloooow. 1150294427 A * harry has definitive hardware :) 1150294497 M * orionpanda For instance: I can copy a 1gig vserver from one aoe device to another in ~4min (no ocfs). Over OCFS2, I had to kill the rsync after 1 hour. 1150294506 M * Bertl orionpanda: well, personally I would not start with aoe, but a shared disk system 1150294534 M * Bertl but the ocfs2 folks ar very cooperative, you might ask regarding those obvious issues 1150294541 M * orionpanda yes, you're right. I probably jumped the gun. I got excited when I saw the patch. 1150294616 M * id cya laters 1150294618 Q * id Quit: Leaving 1150294786 M * orionpanda Question: Are there any limitations to running vservers from an ext3/resier loopback filesystem? Does all of the functionality (barrier flag, cpu limits, dentry limits, etc) work? 1150294813 M * Bertl sure, when the filesystem is there, the features are there too 1150294859 M * orionpanda excellent. just wanted to be sure. 1150295001 M * CoBoLt Bertl what is the difference between copy and legacy build? 1150295005 M * CoBoLt except for the config scheme? 1150295030 M * Bertl not much I guess, but you have to ask the tool folks about details 1150295046 M * CoBoLt who is doing that? 1150295063 M * Bertl personally I'm using the 'normal' build functionality i.e. distro and skeleton 1150295086 M * Bertl Enrico and recenttly daniel_hozac :) 1150295098 M * CoBoLt well the problem is that rpm / yum don't work 1150295103 M * CoBoLt never used skeleton before 1150295116 M * CoBoLt so would use legacy 1150295123 M * CoBoLt but don't have legacy API in my kernel :) 1150295139 M * Bertl well, it's going away anyways ... 1150295165 M * Bertl IMHO you should work with enrico and/or daniel_hozac to figure _what_ fails in the resolver 1150295184 M * CoBoLt I will 1150295188 M * CoBoLt but daniel was off atm 1150295189 M * Bertl maybe a simple strace might be sufficient to narrow it down 1150295196 M * CoBoLt hmmm 1150295199 M * CoBoLt haven't tried that yet 1150295210 M * Bertl strace -fF -o my.trace ... 1150295294 Q * yelifu Quit: 1150295411 M * CoBoLt Bertl this is further down the road to go 1150295427 M * CoBoLt remember osf_syscall which gave me errors during compilation of my kernel? 1150295439 M * CoBoLt osf_syscall(0x3, 0x11fb91890, 0, 0, 0, 0x11fb91850) = -1 ERRNO_352 (Unknown error 352) 1150295440 M * CoBoLt osf_syscall(0x2, 0x11fb91560, 0x11fb915f0, 0, 0x20000093790, 0x11fb91850) = 54 1150295445 M * CoBoLt see the previous errors? 1150295461 M * Bertl hmm, who is doing thos syscalls? 1150295465 M * Bertl *those 1150295511 M * CoBoLt vserver build does 1150295523 M * Bertl then something is definitely wrong 1150295538 M * CoBoLt I'll output my strace see what I can do ok? 1150295562 M * Bertl upload the stuff on paste.linux-vserver.org 1150295577 M * Bertl btw, what gcc is currently used for your tool builds? 1150295587 M * CoBoLt regular centOS 4.3 1150295590 M * CoBoLt so still 3.4 1150295605 M * Bertl 3.4 really? 1150295606 M * CoBoLt because I _really_ don't want to go a long road away from regular distro 1150295612 M * CoBoLt 3.4.5 I believe 1150295631 M * Bertl isn't there a 3.3 gcc package for centos available too? 1150295639 M * Bertl I doubt that they are 3.4 only 1150295644 M * CoBoLt not for 4.3 as I am aware 1150295704 J * kir ~kir@swsoft-mipt-nat.sw.ru 1150295720 M * CoBoLt Bertl I now have regular gcc (which is 3.4.5 in packages) and there is also gcc4 1150295724 M * CoBoLt but that's it 1150295732 M * CoBoLt do you want the whole trace? 1150295735 M * CoBoLt as it is huge... 1150295763 M * Bertl yes please 1150295768 M * CoBoLt all in pastebin? 1150295780 M * Bertl or if you have some other way to uplaod it, then there 1150295791 M * CoBoLt i'll upload it :) 1150295835 M * CoBoLt http://www.c2root.be/my.trace 1150295838 M * CoBoLt there you go 1150295849 M * Bertl tx 1150295864 Q * ||Cobra|| Remote host closed the connection 1150295965 M * CoBoLt told you is was long :) 1150295974 M * CoBoLt ok 1150295975 M * CoBoLt back in a few 1150295983 M * Bertl k,cya 1150295986 M * CoBoLt need to put new windowwasher on my car :) 1150295989 M * CoBoLt gimme 10 :p 1150295994 M * Bertl np 1150296312 M * CoBoLt back 1150296314 M * CoBoLt that was easy :) 1150296374 M * Bertl okay, I still would like you to try with a different gcc, do you think you could recompile and use an srpm for that? 1150296409 Q * Viper0482 Remote host closed the connection 1150296421 M * CoBoLt for upgrading gcc? 1150296425 M * CoBoLt or downgrading? 1150296428 M * Bertl actually for downgrading it 1150296435 M * CoBoLt would I need to recompile my kernel too :s 1150296443 M * Bertl no, leave it as is 1150296447 M * CoBoLt oef 1150296453 M * CoBoLt I can try 1150296510 M * CoBoLt I'll use the source of centOS 3 1150296532 M * Bertl try with this one, it should work fine: 1150296602 M * CoBoLt which one? 1150296606 M * Bertl sec 1150296610 M * CoBoLt I am downloading 3.2.3 atm 1150296681 M * Bertl http://vserver.13thfloor.at/Stuff/Cross/MDK/gcc-cross-3.3.6-10mdk.src.rpm 1150296745 M * CoBoLt downloading 1150296751 M * CoBoLt although these are mandrake packages 1150296758 M * CoBoLt so it might need MDK based deps... 1150296766 M * CoBoLt btw 13thfloor from the movies? 1150296768 M * CoBoLt great one 1150296771 M * CoBoLt have it over here 1150296773 M * Bertl yep, indeed :) 1150296779 M * CoBoLt f##k matrix 1150296781 M * CoBoLt this is better 1150296786 M * CoBoLt the ending is great 1150296786 M * Bertl well, try to build it with --nodeps 1150296790 M * CoBoLt I will 1150296817 M * CoBoLt the way they made "the end of the world" was just fascination 1150296819 M * CoBoLt great image 1150296837 M * CoBoLt saw it a long time ago 1150296845 M * CoBoLt nut only recently bought the dvd 1150296849 M * CoBoLt 10 euro :) 1150296852 M * CoBoLt couldn't resist 1150296876 M * CoBoLt I appears that gcc might build fine 1150296963 M * CoBoLt nope give me an error 1150297001 M * CoBoLt grmbl 1150297003 M * Bertl which one? 1150297013 M * CoBoLt %{CROSS_ARCH} error 1150297020 M * CoBoLt how do I set the arch type? 1150297023 M * Bertl ah, k, forgot about that 1150297030 M * CoBoLt Invalid configuration `%{CROSS_ARCH}-linux': machine `%{CROSS_ARCH}' not recognized 1150297033 M * CoBoLt uhu 1150297036 M * CoBoLt same here :p 1150297046 M * Bertl maybe try this one instead: http://vserver.13thfloor.at/Stuff/gcc-3.3.6-1mdk.src.rpm 1150297057 M * CoBoLt different one? 1150297066 M * Bertl it's probably better in your case anyway 1150297078 M * Bertl the former one is my cross compiling source package 1150297085 M * CoBoLt aha 1150297094 M * Bertl but as you already figured, you need to specify the target arch :) 1150297121 M * CoBoLt uhu 1150297123 M * CoBoLt but how? 1150297152 M * Bertl sec, btw, the latter one ist still uploading 1150297159 M * CoBoLt woeps 1150297163 M * CoBoLt was already donloading :p 1150297262 M * Bertl you can do --define="CROSS_ARCH alpha" 1150297286 M * CoBoLt wokee 1150297286 M * Bertl rpm -b* should understand that 1150297301 M * CoBoLt rpmbuild on centos 1150297312 M * CoBoLt normally I would do rpmbuild --rebuild package 1150297319 M * Bertl rpm -b* usually calls rpmbuild :) 1150297322 M * CoBoLt lets see :) 1150297341 M * Bertl so, yes, I assume rpmbuild will understand the --define :) 1150297346 M * CoBoLt hehe 1150297375 J * Viper0482 ~Viper0482@p54975BC2.dip.t-dialin.net 1150297610 M * CoBoLt nope doesn't work 1150297617 M * CoBoLt /var/tmp/rpm-tmp.61707: line 42: fg: no job control 1150297618 M * CoBoLt :s 1150297641 M * Bertl gee, such an old rpm system but a new compiler :) 1150297665 M * Bertl you can easily fix that, but I'd try the other rpm first (which was uploaded by now) 1150297711 M * CoBoLt lol 1150297843 M * CoBoLt are you sure the upload is finished? 1150297853 M * Bertl well, it says so here 1150297864 M * CoBoLt ok 1150297869 M * CoBoLt was giving me an error 1150297884 M * CoBoLt now If this doesn't work, I'll try the centOS 3 srpm 1150297897 M * Bertl 4bf2de9bbb812198ad07aed5512dd91c /usr/src/RPM/SRPMS/gcc-3.3.6-1mdk.src.rpm 1150297916 M * Bertl I'd prefer a gcc3.3.something 1150297922 M * CoBoLt uhu 1150297928 M * Bertl IIRC, the older centos had a 3.2.x 1150297938 M * CoBoLt 3.2.3-54 version 1150297942 M * CoBoLt but remember it is redhat 1150297956 M * Bertl maybe a redhat gcc3.3.x would work? 1150297963 M * CoBoLt so this means that it would be 3.3.x but they just patched it to keep version dependencies 1150297974 M * CoBoLt they always do that with EL versions 1150297982 M * Bertl ah, maybe, you can try ... 1150298001 M * CoBoLt lol doesn't work as it wan an mandrake-release :p 1150298022 M * Bertl you can probably fix that up easily if you like to 1150298026 M * CoBoLt just did 1150298026 M * CoBoLt :) 1150298030 M * CoBoLt ln -s :) 1150298101 M * CoBoLt I do hope this is something fixable in the utils... 1150298118 M * CoBoLt so I can stay with the mainstream versions of centOS 1150298138 M * Bertl well, once we know _what_ it is, we might be able to fix it, unless it's a bug in gcc :) 1150298159 M * CoBoLt hehe 1150298165 M * CoBoLt hey I didn't use 2.95 :p 1150298222 M * CoBoLt lol 1150298226 M * CoBoLt dies on the same error :p 1150298243 M * Bertl okay, you know how to build an rpm from the spec? 1150298251 M * CoBoLt rpmbuild -bb 1150298266 M * Bertl okay, just do rpm -i gcc-3.3.6-1mdk.src.rpm 1150298283 M * Bertl edit the spec file and look for '% ' commands in the file section 1150298296 M * CoBoLt no was the forground error 1150298300 M * CoBoLt not the arch error 1150298306 M * CoBoLt that was fixed with --define 1150298333 M * Bertl yes, I though of %arch or something like this 1150298350 M * Bertl that's something which requires newer rpm 1150298356 M * CoBoLt nope no job control thing :) 1150298363 M * CoBoLt is latest rpm provided by redhat 1150298375 Q * itguru Quit: Leaving 1150298375 M * Bertl which is often caused by rpm commands which are unknown to rpm 1150298408 M * Bertl but let's try with the older centos gcc 1150298486 M * daniel_hozac strace works over context creations/enters on alpha? 1150298535 M * Bertl hmm, do we have context stuff here? 1150298543 M * daniel_hozac we certainly should. 1150298551 M * Bertl for building a guest? 1150298557 M * daniel_hozac yeah. 1150298562 M * Bertl aha, hmm? 1150298566 M * daniel_hozac rpm-fake-resolver is meant to be inside the guest. 1150298586 M * Bertl yeah, but I thought without the context stuff 1150298607 M * CoBoLt hi daniel 1150298630 M * CoBoLt I have upload my strace 1150298636 M * CoBoLt www.c2root.be/my.trace 1150298698 M * CoBoLt this only occurs when I try o use yum/rpm to install a guest os 1150298733 M * CoBoLt legacy build works 1150298823 M * CoBoLt second: -m copy say that there is no vserver-build.copy (which is correct) 1150298916 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1150298963 M * daniel_hozac indeed... 1150299005 M * CoBoLt daniel_hozac, do you think this has something to do with centOS? 1150299009 M * CoBoLt of within vserver? 1150299039 M * daniel_hozac the rpm-fake stuff? 1150299041 M * CoBoLt uhu 1150299045 M * CoBoLt that is my whole issue 1150299056 M * CoBoLt that is why I can't install guests with yum 1150299083 M * daniel_hozac i'm more inclined to think it's the alpha part that's ruining it. 1150299102 M * Bertl I wonder where those many, many osf syscalls come from 1150299115 M * CoBoLt damn 1150299116 M * daniel_hozac me too. i thought that was basically unused. 1150299123 M * CoBoLt :s :'( 1150299133 M * Bertl yes, but something does call it repeatedly ... 1150299229 J * yarihm ~yarihm@vpn-global-dhcp1-32.ethz.ch 1150299241 M * daniel_hozac CoBoLt: on your legacy guest, does vrpm work? (i guess you might need vserver ... pkgmgmt internalize first) 1150299266 M * CoBoLt daniel_hozac I am now creating one 1150299269 M * CoBoLt so might take a while 1150299280 M * CoBoLt did already a million things and same amount reinstalls 1150299289 M * CoBoLt so creating a clean vserver 1150299367 M * daniel_hozac you should be able to yum a new guest manually, using something like yum --installroot=/vservers/blah install glibc filesystem coreutils ... 1150299449 M * CoBoLt uhu 1150299459 M * CoBoLt take all the packages in the minimal OS install? 1150299469 J * zkbrsnie ~zkbrsnie@83-64-146-226.klosterneuburg.xdsl-line.inode.at 1150299475 M * CoBoLt but I am still tackling all the configuration thingies :p 1150299483 M * daniel_hozac i guess you could do that... i'm more of a minimalistic guests type of person :) 1150299484 M * Bertl okay, first, when I do your command on my alpha I get this one 1150299495 M * CoBoLt because the flower page is ... destracting :p 1150299504 M * Bertl /usr/lib/util-vserver/vserver-build: line 206: -n: command not found 1150299514 M * daniel_hozac Bertl: shame on you, ancient utils :P 1150299516 M * Bertl which might be related to the fact that it is 0.30.209 1150299527 M * CoBoLt it 0.30.210 overhere 1150299527 M * Bertl so I will update right now :) 1150299531 M * CoBoLt dietlibc 0.29 1150299533 M * CoBoLt hehe 1150299536 J * vasko ~vasko@unreal.rainside.sk 1150299547 M * Bertl daniel_hozac: do we have a tar.gz with your patches too? 1150299550 M * daniel_hozac that means something in the build failed though. 1150299553 M * Bertl welcome vasko! 1150299557 M * vasko hi :) 1150299561 M * daniel_hozac no, not that i'm aware of. 1150299571 M * daniel_hozac i guess i could make one. 1150299572 M * Bertl okay, should this work with mainline? 1150299575 M * vasko can i ask a question? 1150299582 M * daniel_hozac yeah, it should. 1150299583 M * Bertl vasko: you already did! 1150299596 M * vasko heh, well... 1150299606 M * Bertl vasko: want to try with another? 1150299617 M * vasko is there a way to to prevent host to access loopback? 1150299635 M * Bertl hum, loopback as in network lo or as in loop device? 1150299651 M * vasko as network lo 1150299670 M * Bertl no, not really, as the host has all the networking 1150299684 M * Bertl why would you want to block lo there? 1150299694 M * Bertl (just curious) 1150299701 M * vasko i would like to have my guest unable to connect to any (maybe accidently run) service on 127... 1150299729 M * Bertl what about a simple iptables rule? 1150299736 M * daniel_hozac are guests able to do that now? 1150299742 M * daniel_hozac shouldn't the rewriting catch that one? 1150299751 M * Bertl daniel_hozac: yes, it should 1150299770 M * vasko i've expermented a bit with iptables but was unable to do much with lo 1150299784 M * vasko sec plz 1150299789 M * Bertl np 1150299791 N * otaku42 otaku42_away 1150299942 M * vasko hmmm, sorry for the noise, i must have been overlooking something in last try, it is actually possible to do it with iptables :) 1150299981 M * Bertl good to hear .. np, feel free to hang around and/or ask more questions ... 1150300087 M * CoBoLt daniel_hozac, I'll need to go onward first with conversion from legacy to new style 1150300096 M * CoBoLt I'll let you know wether it works or not 1150300097 M * CoBoLt ok? 1150300132 M * vasko Bertl: atm everything works fine for me, but i'll stay anyway 1150300157 M * Bertl even better, what arch/version do you use? 1150300173 M * vasko 2.6.16.12-vs2.0.2-rc18 1150300199 M * vasko and 2.6.16.16-vs2.0.2-rc20 on amd64 1150300221 M * Bertl with 32bit guests on x86_64? 1150300238 M * vasko yes 1150300322 Q * lilo2 Read error: Connection reset by peer 1150300425 M * vasko actually both 32bit and 64bit guests 1150300443 J * lilo2 ~0710AAD4@tor-irc.dnsbl.oftc.net 1150300653 M * Bertl ah, nice to hear that somebody is actually using 64bit guests 1150300666 M * Bertl wb lilo2! 1150300919 M * vasko 32bit ones i do use in production also, even with oracle, the 64bit is under testing, but so far there was no single problem 1150301070 M * daniel_hozac i'm using 64-bit guests too ;) 1150301082 M * Bertl daniel_hozac: why didn't you tell me :) 1150301130 M * daniel_hozac i haven't noticed any problems either. 1150301275 J * bonbons ~bonbons@83.222.39.166 1150301359 M * Bertl welcome bonbons! 1150301490 M * bonbons Hi Bertl! 1150301559 M * bonbons Bertl: is there a major difference between some ifconfig version (that would cause some addresses to show up at some times, some to not show up)? 1150301573 M * Bertl bonbons: you might be interested in the scheduled network talk @ 2000 1150301617 M * Bertl bonbons: it should not happen, but I remember some older ifconfig (debian?) doing strange things ... 1150301669 M * bonbons ok, that may be useful information! I have one IPv6 tester whose IPv6 does not show up in the guest with ifconfig, but does with ip 1150301752 M * bonbons Bertl: what's the subject of conversation @ 20:00 (timezone? UTC+2 or UTC) 1150301808 M * Bertl BUT (i.e. CEST atm :) 1150301953 M * bonbons would be easier if it was UTC ;) 1150302001 M * Bertl topic is some general 'future' network steps ... 1150302134 M * bonbons that's certainly interesting, should be present 1150302542 M * Bertl daniel_hozac: okay now I get: 1150302545 M * Bertl ERROR: Can not find configuration for the distribution 'centos4'; 1150302574 M * daniel_hozac when doing vserver ... build -m yum? 1150302593 M * Bertl obviously lost a '2' there 1150302602 M * Bertl # vserver pollux build -m yum -- -d centos42 1150302602 M * Bertl mount: mount point /etc/rpm does not exist 1150302617 M * daniel_hozac do you have rpm installed? 1150302618 M * Bertl no idea what this one means though ... 1150302631 M * Bertl ah, no probably not on debian :) 1150302668 M * CoBoLt Bertl CentOS4 config was built from what was on the site regarding centOS install 1150302686 M * CoBoLt you can install a centos42 but I don't know about ports on alpha 1150302695 M * CoBoLt didn't loose a 2 1150302696 M * CoBoLt :p 1150302697 M * Bertl CoBoLt: could you try with the centos42 ? 1150302702 M * CoBoLt 4.3 1150302710 M * CoBoLt and the tutorial deals with 4.X :p 1150302711 M * CoBoLt :D 1150302715 M * CoBoLt wrong character 1150302723 M * CoBoLt I run centOS 43 on this machine 1150302725 M * Bertl there is a centos42 in the tools 1150302737 M * CoBoLt I know but will it take my alpha port? 1150302739 M * Bertl could you just for a test try with this one? 1150302762 M * Bertl I'm just curious if that gives the same results 1150302824 M * CoBoLt okay 1150302837 M * Bertl hmm, there is a yum and rpm in debian available ... 1150302844 M * CoBoLt same error bertl 1150302848 M * Bertl okay, tx 1150302848 M * CoBoLt no another issue 1150302853 M * CoBoLt *now 1150302859 M * CoBoLt I have a legacy install 1150302866 M * CoBoLt when stopping I get this 1150302875 M * CoBoLt /usr/lib/util-vserver/vserver.stop: line 100: 29719 Segmentation fault $_LOCKFILE "$1" $tmp $2 1150302910 M * CoBoLt also with vserver.start 1150302950 M * CoBoLt /usr/lib/util-vserver/vserver.start: line 113: 30524 Segmentation fault 1150303011 M * CoBoLt I am on and off computer (fixing dinner atm) 1150303022 M * CoBoLt I'll have an eye on this channel though 1150303156 M * Bertl okay, np 1150303512 M * CoBoLt vserver-stat seems to report ok 1150304131 J * brc bruce@20151197230.user.veloxzone.com.br 1150304215 N * sars sarnold 1150304513 M * Bertl daniel_hozac: okay, the mount seems to be something different 1150304519 M * Bertl # rpm --version 1150304519 M * Bertl RPM version 4.4.1 1150304531 M * Bertl yum --version 1150304535 M * Bertl 2.4.0 1150304540 M * Bertl # vserver pollux build -m yum -- -d centos42 1150304540 M * Bertl mount: mount point /etc/rpm does not exist 1150304576 M * Bertl mkdir seems to help here 1150304687 M * Bertl wow, it seems it is working now! 1150304701 M * Bertl well, I get: 1150304707 M * Bertl No Repositories Available to Set Up 1150304710 M * Bertl No Match for argument: glibc 1150304755 M * Bertl CoBoLt: could you provide a tar of your Centos specs/defaults in /etc/vservers ? 1150304902 M * CoBoLt http://www.c2root.be/vservers.tgz (here you go, kinda large meal I'm prepping:) ) 1150305076 Q * yarihm Quit: Leaving 1150305518 M * Bertl tx 1150305620 M * Bertl CoBoLt: hum, as far as I can tell, this does not include any distro defaults for a 'centos4' no? 1150305639 M * Bertl i.e. for me that results in 1150305642 M * Bertl ERROR: Can not find configuration for the distribution 'centos4'; 1150305761 M * CoBoLt Bertl 1150305762 M * CoBoLt hang on 1150305770 M * CoBoLt I'll give you the centos4 specs 1150305805 M * Bertl don't worry, and please do not let me keep you from the cooking :) 1150305835 M * CoBoLt trout :) 1150305845 M * CoBoLt with tomatoes and mashed potatoes 1150305853 M * CoBoLt with a mix of salads :) 1150305855 M * CoBoLt anyone? 1150305866 M * CoBoLt http://www.c2root.be/distri.tgz 1150305872 M * Bertl salads? isn't that too healthy? 1150305879 M * CoBoLt this is /usr/lib/util-vserver/distributions 1150305887 M * CoBoLt who says geeks have to be unhealthy? 1150305887 M * CoBoLt :p 1150305890 M * CoBoLt gonna continue now 1150305895 M * CoBoLt tty in a few 1150305900 M * Bertl k,cya 1150306070 M * Bertl hmm, well, kind of 'probably would work' here 1150306349 M * Bertl http://paste.linux-vserver.org/88 1150307124 M * daniel_hozac hmm, what yum version is that? a patched one? 1150307268 M * Bertl debian, unpatched yum, v2.40 1150307274 M * Bertl 2.4.0 actually 1150307448 M * daniel_hozac why don't the utils complain? 1150307473 M * Bertl no idea, but if you like you can have a look yourself ... 1150307473 J * doener_ ~doener@i5387ECAC.versanet.de 1150307491 M * daniel_hozac did you update to 0.30.210 already? 1150307496 M * Bertl yes 1150307518 M * Bertl although not the debian tools, maybe I should check them out too 1150307885 Q * doener Ping timeout: 480 seconds 1150307924 M * daniel_hozac does yum --version output several lines? i don't see what else would be failing... 1150307947 M * Bertl yes, it issues a warning and the version number 1150307950 M * Bertl Warning, could not load sqlite, falling back to pickle 1150307950 M * Bertl 2.4.0 1150308028 M * daniel_hozac ah, i guess that's the problem. 1150308081 M * daniel_hozac /usr/lib*/util-vserver/vyum-worker:42 add | tail -n 1 1150308440 M * Bertl hmm, I have a tail -n 1 there 1150308475 M * Bertl (did install the debian tools in the meantime) 1150308479 M * Bertl retrying now 1150308565 M * Bertl gtting dirty hack now 1150308568 M * Bertl *getting 1150308576 M * Bertl installation is running ... 1150308614 M * Bertl time for the network discussion, I'd say? everybody around? 1150308627 M * bonbons I'm present 1150308638 M * Bertl doener_: ? 1150308697 M * Bertl okay, let's start, doener_ will join later I hope/guess :) 1150308701 A * doener_ just arrived 1150308706 M * Bertl excellent! 1150308710 M * doener_ but needs some food first 1150308730 M * Bertl good, get something to eat, I'll fix the topics :) 1150308755 M * Bertl from my side the following points are of interest: 1150308807 M * Bertl - do we want to keep the single ip special case? if yes, do we want to make it special, i.e. require a special flag or something like that? 1150308856 M * Bertl - when we remove the #16 ip limit, does that affect any of the existing interfaces? what issues/solutions do we have/need for legacy here? 1150308908 Q * cdrx Ping timeout: 480 seconds 1150308923 M * Bertl - what kind of ip/address/whatever matching does make sense, and how shall we implement it? should the implementation of the logic happen in userspace (as with iptables), or in the kernel, and be transparent to userspace 1150308952 M * Bertl - with ipv6 and lo soon being part of the networking, what special casing do we need for them? 1150309003 M * Bertl that's it for now, probably will add some others later 1150309030 M * Bertl ah, yes, forgot, required API changes 1150309037 M * daniel_hozac lo implies no for 1, right? 1150309053 M * daniel_hozac as every guest will then have a minimum of two IP addresses. 1150309068 M * Bertl depends, there are two exceptions here 1150309077 M * Bertl a) guests without a separate ip 1150309090 M * Bertl b) guests without lo isolation active and a single ip 1150309107 M * daniel_hozac ah, the lo isolation is meant to be voluntary? 1150309159 M * CoBoLt hi guys 1150309161 M * CoBoLt I'm back 1150309162 M * CoBoLt :) 1150309172 M * CoBoLt finished a healthy meal ... Don't shoot me :p 1150309177 M * bonbons Bertl: could you give a small overview of how lo isolation works? (high-level) 1150309182 M * Bertl CoBoLt: good, please have a desert too ... 1150309222 M * Bertl daniel_hozac: well, for service isolation, folks might want to use chbind with a single ip, so yes, I'd say so 1150309240 M * Bertl bonbons: sure, basically it works like this: 1150309280 M * daniel_hozac Bertl: this is not implemented right now, is it? IIRC the patch doesn't require you to assign 127.0.0.1 to the guest. 1150309309 M * Bertl daniel_hoza: no, will become a flag or cap 1150309320 M * daniel_hozac ok. 1150309371 M * Bertl bonbons: packets are handled in so called skb (socket buffers) 1150309392 M * Bertl the major modification is that we network-id tag those skbs 1150309411 M * Bertl this allows to handle the lo traffic independantly for each network context 1150309427 M * bonbons so for host-local communication both endpoint network contexts are known at any time? 1150309447 M * Bertl i.e. we already know which socket belong to what context, now we also know that for the packets 1150309474 M * Bertl precisely, so we basically block traffic going on 'lo' across contexts 1150309502 M * Bertl and permit traffic between contexts (using lo too, but with non-lo ips) 1150309542 M * Bertl of course, this also requires a few changes (which are quite tricky) to make it work as expected 1150309585 M * Bertl doener_: did you find some time to look at the network context patches posted to lkml? 1150309586 M * bonbons so if someome wants there is context-tagging available for iptables (for any potential IPTables guy that would be around) it's then feasible as well 1150309617 M * Bertl yes, that was actually the first ngnet approach 1150309668 M * Bertl and of course, it can be used/extended for generic iptables matching/tagging 1150309711 M * bonbons ok . While you said lo with lo address: are dummy and similar interfaces seen as lo at skb level? 1150309727 M * Bertl regarding dropping support for the single ip special casing, maybe derjohn will have some numbers soon if it is worth the efford ... 1150309767 M * Bertl bonbons: I'm always talking about the actually used interfaces, not the interfaces which accidentially carry the ips :) 1150309826 M * bonbons yes, my question is wether the kernel keeps some information about the interface carrying the IP 1150309859 M * Bertl yes, it does, but it's not the one sending or receiving the packet 1150309884 M * Bertl i.e. put 192.168.0.1 on dumm0 and 192.168.0.2 on eth0 1150309899 M * Bertl then ping one from the other, and the only involved interface will be lo 1150309955 M * bonbons to this regard we may also need to be careful with IPv6 link-local addresses (as those are interface-local) 1150310008 M * Bertl means? they behave differently from v4 addresses? 1150310048 M * bonbons they can exist on multiple interfaces without conflict and MUST be used with specified interface 1150310087 M * bonbons so fe80::1 on dummy0 can never communicate with fe80::2 on eth0 by nature 1150310095 M * Bertl hmm, what happens if you ping one from the other? 1150310102 M * Bertl (on the same host?) 1150310129 M * bonbons this is the kind of address used for network autoconfiguration, neighbour detection, ICMPv6 (as replacement of ARP) 1150310257 M * bonbons if you try to ping the link-local address of eth0 from dummy0 you will never get an answer 1150310365 M * bonbons the same thing applies for a part of multicast addresses (ip6-allnodes, ip6-allrouters and such) 1150310383 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1150310392 M * Bertl wb cdrx! 1150310484 M * cdrx yep fast diner 1150310520 M * CoBoLt ok, when I ssh to my vserver I end up in my host :s 1150310531 M * CoBoLt also the hostname of my vserver stays the same as the host... 1150310540 M * Bertl CoBoLt: see restricting the host's sshd :) 1150310556 M * CoBoLt only listening on it's own ip? 1150310562 M * Bertl yup 1150310594 M * Bertl CoBoLt: btw, centos4 installation on my debain alpha is almost done 1150310602 M * CoBoLt wtf? 1150310606 M * CoBoLt wokee 1150310609 M * Bertl (68/204): tcp_wrappers-7. 100% |=========================| 115 kB 00:00 1150310616 M * CoBoLt grmbl 1150310625 M * CoBoLt but under centos itself you didn't try it? 1150310636 M * Bertl no, I have no centos for alpha installed 1150310646 M * Bertl but this clarifies it is a centos issue :) 1150310660 M * CoBoLt yup that's a fact 1150310661 M * CoBoLt :) 1150310665 M * bonbons Bertl: so with lo isolation the single-IP case exists if guest has no lo or just 127.0.0.1? 1150310669 M * CoBoLt but centOS is so nice :( 1150310670 M * Bertl CoBoLt: (or at least an issue triggered by centos) 1150310679 M * CoBoLt I mean the maintainers think they are gods 1150310684 M * CoBoLt so telling them will end up in 1150310690 M * CoBoLt is that a custom kernel? 1150310696 M * CoBoLt no, well then we don't support it 1150310698 M * CoBoLt lovely guys 1150310702 M * Bertl bonbons: yep, iif we want to keep that 1150310704 M * CoBoLt got banned several times 1150310718 M * CoBoLt just for asking things which weren't compiled by default :s 1150310731 M * CoBoLt well Bertl, guess I'll stick to the legacy method for now 1150310755 M * CoBoLt if you could just tell me how I need to change my hostname, so I see it in my vserver.. 1150310756 M * Bertl would be interesting to try binaries compiled with gcc33 nevertheless 1150310766 M * bonbons I guess single-IP case is mostly useful if the guest can have kind-of-exclusive access to the IP (aka guest binding on ANY won't take away port for the guest) 1150310789 M * Bertl CoBoLt: somehow I still suspect the gcc/binutils to be responsible for this ... 1150310809 M * CoBoLt Bertl possible 1150310824 M * CoBoLt the fact is if it is gcc 3.4.5 that gives you issues 1150310830 M * Bertl bonbons: the advantage of the single ip special casing is that we do not even touch the network context's structures on a lookup 1150310831 M * CoBoLt what's gonna happen if other distro's upgrade? 1150310850 M * Bertl bonbons: we just replace 0.0.0.0 by that specific ip 1150310869 M * Bertl CoBoLt: tools were compiled with 4.0 gcc here :) 1150310883 M * Bertl CoBoLt: so I assume once Centos upgrades it will be fine too :) 1150310887 M * bonbons yep, but if that's enabled we must ensure that the guest is not able to obtain more addresses (so that the "ANY" remains consistent) 1150310911 M * Bertl bonbons: yes, that's the drawback, but we could have that in two flavors 1150310927 M * Bertl a) we tell the folks that old sockets/connections will not catch up 1150310938 M * Bertl b) we do not permit remove/add there 1150310961 M * bonbons I would prefer b for that case 1150310986 M * Bertl CoBoLt: ah, not enough space on my alpha for centos guest :) 1150310993 M * CoBoLt damn 1150311005 M * daniel_hozac Bertl: b where? 1150311017 M * daniel_hozac in the single IP case? 1150311027 M * Bertl daniel_hozac: in this case for the single ip case in the kernel 1150311042 M * Bertl i.e. you decide you want single ip, you get it but modification does not work 1150311059 M * daniel_hozac of course, that makes sense. 1150311065 M * Bertl alternatively we could do a c) 1150311078 M * Bertl patch up existing sockets to the new ip 1150311096 M * Bertl (which is something I'd rather avoid) 1150311102 M * daniel_hozac yeah, that sounds really ugly. 1150311116 M * bonbons that looks dangerous, especially if there are active connections 1150311128 M * Bertl IMHO the not being able to change is a reasonable tradeoff 1150311140 M * bonbons yep 1150311142 M * Bertl given that it gives a real performance advantage 1150311154 M * Bertl (which still has to be proven) 1150311205 M * bonbons probably the advantage is for repetitive short-lived connections (and UDP) 1150311205 M * Bertl I fixed up the nc_server/client checks to handle all relevant cases and to output an address agnostic result 1150311243 M * Bertl and the princeton folks are going to provide some test blades with a good network connection 1150311259 M * Bertl so I think we will get some numbers soon there 1150311311 M * Bertl for now, I'd suggest we avoid the single ip special case, and add it back later if it really gives an advantage .. your opinions? 1150311366 M * Bertl orionpanda: btw, want to test the latest iattr patch for ocfs2? 1150311398 M * bonbons that's fine (anyhow, single-ip case exists seprately for each protocol - except with the special ANY that is IPv6+IPv4) 1150311426 M * Bertl it's the ANY case we are talking about 1150311430 M * doener_ phone call from my mom... took some time ;) 1150311437 M * doener_ Bertl: no, didn't take a look yet 1150311438 M * Bertl (i.e. replacinf ANY by single IP) 1150311446 M * Bertl *replacing 1150311486 M * bonbons yep, but there are two ANY: IPv4 only any, IPv6 only any and IPv4+IPv6 any. 1150311512 M * Bertl hmm, 1+1 = 3:) 1150311518 M * bonbons the first two are normal single-IP cases, the third one is a more exclusive SINGLE 1150311552 M * Bertl but actually that's a good point 1150311569 M * Bertl regarding ipv4 and ipv6, do we want to mix them at all? 1150311588 M * bonbons so for 1. and 2. single-IP are IP-proto local, for 3. it's way harder (but IPv4+IPv6 sockets can be disabled completely) 1150311595 M * Bertl wouldn't it be sufficient to have an ipv4 and an ipv6 'personality' for a guest= 1150311600 M * Bertl s/=/? 1150311660 M * bonbons that's disable the 3. case, which I'm really fine with (it's quite complex to handle with collisions!) 1150311731 M * Bertl can ipv4 addresses collide with ipv6 ones? or vice versa? 1150311743 M * bonbons yep 1150311760 M * bonbons there are those IPv6 mapped IPv4 addresses which collide 1150311762 M * Bertl for anything except the ANY case? 1150311810 M * Bertl okay, so would it be reasonable for the userspace side to have ipv4 or ipv6 only guests? 1150311827 M * bonbons don't remember the range for IPv4 mapped in IPv6, but there you have IPv6 addresses which are equivalent to IPv4 addresses 1150311873 M * bonbons no, mixed IPv4/IPv6 guests are fine as long as IPv6 sockets are always IPv6 only 1150311897 M * Bertl i.c. and this can be selected in the kernel? or how? 1150311944 M * bonbons that is mixed sockets are disabled in /proc/sys/net/ipv6/bindv6only 1150311973 M * Bertl ah, okay, sow e could force that on 1150311979 M * bonbons or for each created IPv6 socket the IPv6only flag is set 1150312005 M * bonbons we can disable it easily 1150312035 M * Bertl okay, then let's move on for now to the 'matching' question 1150312058 M * Bertl i.e. what kind of address matching do we want, and where should we put the logic 1150312105 M * bonbons matching for "new" connections? 1150312131 M * Bertl general address in nx_info() matches 1150312152 M * bonbons I think we need matching based either in individual address, address range or subnet/mask 1150312174 M * Bertl be it for interface visibility or for collision detection 1150312183 Q * phedny Ping timeout: 480 seconds 1150312204 M * Bertl well, the collision case is a little trickier for ranges 1150312212 M * bonbons individual address is for few addresses (would say less than 5 to be reasonable), range is for non-power-of-two 1150312233 M * bonbons why so? 1150312257 M * Bertl first, how to define ranges, then how to check one range against the other 1150312303 M * bonbons ranges compared to ranges are relatively easy, defined by border addresses addr1-addrN 1150312338 M * Bertl but okay, let's assume we have single ips, ranges (ip + len), and networks (ip + mask) 1150312370 M * Bertl how do we a) combine them, and b) keep the decision/checking as fast/simple as possible 1150312392 M * bonbons so conflict is if range1min < range2max and range1max > range2min (would need to think in details if I'm not missing something but that should be the comparison) 1150312403 M * daniel_hozac what does it mean to assign a range/network to a guest? 1150312416 M * daniel_hozac just an easier way to give it tons of IP addresses? 1150312432 M * Bertl IMHO yes 1150312438 M * bonbons The most work will have to be done when configuring the addresses for the guests (performance there should not be really important) 1150312470 M * Bertl agreed the setup (guest start/address change) can be dog slow 1150312485 M * bonbons yesp, that same style as giving a subnet, just that you dont need to giver 2^n addresses but can assign a free number 1150312485 M * Bertl the important part is the matching which happens on each and every connect 1150312520 M * daniel_hozac that should be fairly simple, no? 1150312522 M * Bertl well, for udp on every packet and several times actually 1150312586 M * Bertl the thing is, with the current approach we always have to check all entries 1150312587 M * bonbons if users can reduce address "container" (individual addr/range/subnet) count to small number then either setup would be effective 1150312617 M * Bertl I'd prefer something which makes decisions like this: 1150312638 M * bonbons if the list of "containers" is sorted, we can check them in a dichotomic way -> log(n) 1150312651 M * Bertl first entry/rule: if outside range x/y, return no, otherwise continue 1150312679 M * Bertl second entry: if within network a/b, return yes, otherwise continue 1150312700 M * Bertl third entry: if ip == z, return yes, otherwise no 1150312733 M * Bertl that would drastically reduce the checks while enhancing the options 1150312741 M * daniel_hozac why the negated check for ranges? 1150312760 Q * derjohn2 Ping timeout: 480 seconds 1150312766 M * Bertl was just an example, all checks could be positive or negative 1150312776 J * derjohn2 ~aj@dslb-084-058-200-014.pools.arcor-ip.net 1150312782 M * bonbons why not keep a list of non-overlapping items in sorted order? 1150312793 M * CoBoLt ok guys 1150312794 M * daniel_hozac i guess returning no doesn't really work at all. 1150312795 M * CoBoLt I'm off 1150312797 M * CoBoLt ttytm 1150312806 M * Bertl CoBoLt: k, cya! 1150312811 Q * CoBoLt Quit: Leaving 1150312819 M * bonbons this way we can start in the middle of list and on each test consider just the half of interest 1150312864 M * Bertl well, doesn't buy you much on many entries 1150312881 M * Bertl a balanced tree will give you log(n) while you have n/2 1150312943 M * bonbons is the gain important for low count of nodes? 1150312945 M * Bertl daniel_hozac: why wouldn't the 'no' work? 1150312966 M * daniel_hozac what if the IP address is within a network or one of the assigned singles? 1150312969 M * bonbons with ranges or subnets I guess having many entries in the list will be very rare 1150312992 M * Bertl daniel_hozac: ah, well, the rules would have to be 'prepared' by userspace 1150313007 M * Bertl daniel_hozac: i.e. they would not necessarily match the input from the user 1150313038 M * Bertl for example, a very simple optimization IMHO would be to 'mask' the given IPs into one single mask or range 1150313061 M * bonbons yep, adding 1.0.0.1 and then 1.0.0.2 and then 1.0.0.3 should result in just range 1.0.0.1 to 1.0.0.3 1150313062 M * Bertl with the sole purpose of producing that 'no' on first access 1150313098 M * Bertl (this could even be stored in the nx_info without external data structures 1150313116 M * bonbons the idea of a enclosing range is good as well 1150313144 M * Bertl for 90% of the check (maybe even more) it would yield the no and be done 1150313171 M * bonbons so context would have either no IP at all, or something in a range/complete range 1150313183 M * Bertl (again assumed that the guests do not overlap, and special ips like 127.0.0.1 are handled differently 1150313186 M * bonbons the more guests the more true that 90% is 1150313186 M * Bertl ) 1150313236 M * Bertl also operations like inclusion or exclusion (union or intersection) might be interesting here 1150313257 M * Bertl sidenote: my centos guest is now installing :) 1150313327 M * doener_ Bertl: special casing for 127.0.0.1 should be easy, just keep the tag for skb that gets into the receive chain, and for non-127.0.0.1 destined ones remove it... anything I miss there? 1150313333 M * bonbons yep, but we should not make it too complex either (that will probably cost much performance) Better confvince users to keep their addresses in a (few) ranges/subnets 1150313368 M * doener_ then receival of tagged skb's would immediately know which socket the skb goes to 1150313371 M * Bertl agreed, the simpler the better 1150313441 M * Bertl doener_: I had some crosstalk restrictions in mind/planned, which would not work with that 1150313478 M * doener_ hm, what exactly? 1150313489 M * Radiance hiya all :) 1150313531 M * Bertl doener_: something like guestX can produce crosstalk, guestY can receive crosstalk, if both is given, they will be allowed to talk to echother 1150313540 M * Radiance perhaps some one knows, i see on a remote server using "top" the init process saying init [2] , why would it be 2 ? normally you'd see only [init] 1150313567 M * Bertl init records the runlevel (current) if there is enough space in the name 1150313593 M * Bertl there is even a special init option ro reserve more space, see init man page 1150313600 M * Radiance ah thanks mate 1150313601 M * Bertl s/ro/to/ 1150313608 M * Radiance i thought for a second it had to do with a zombie issue or so 1150313662 Q * brc Quit: [BX] Reserve your copy of BitchX-1.1-final for the Sony Playstation today! 1150313801 M * Bertl okay, I guess we need at least a nigh of sleep to continue this network discussion, what do you think? 1150313806 M * Bertl *night 1150313807 M * bonbons the existance of subnets/ranges should be visible to userspace (e.g. allowing addition of range/subnet at once) 1150313864 M * bonbons there are two of the point whe could talk about before night, to make them take profit of it 1150313865 J * brc_ bruce@20151197230.user.veloxzone.com.br 1150313875 M * bonbons that's mostly the interface to userspace part 1150313903 M * Bertl okay 1150313940 M * bonbons the limit on address/item count is certainly not of any importance to userspace (too many addresses you be rejected with OOM) 1150313952 M * Bertl my last check of the userspace API gave me the impression that we do not change much there for recent API funtions 1150313993 M * Bertl *need 1150313999 M * bonbons if we do dynamic allocation of mem memory footprint of guest is not an issue either 1150314023 M * Bertl yes, we definitely move away from the in kernel static #n ips 1150314055 M * daniel_hozac only the legacy interface would have to be modified. 1150314066 M * bonbons that's transparent to userspace (should be!) 1150314066 M * Bertl we might once again put the first 4 or 5 rules inline, to avoid memory fragmentation 1150314100 M * bonbons daniel_hozac interface, only implementation 1150314103 M * Bertl (but those are implementation details) 1150314123 M * daniel_hozac yeah, that's what i meant. 1150314161 M * Bertl so don't worry about this, the 16ips are history, which will not affect/change userspace 1150314182 M * bonbons current API is just a special case of adding of "items" (addr/range/subnet) 1150314191 M * daniel_hozac util-vserver will have to be changed, IIRC it uses a static number too. 1150314210 M * Bertl daniel_hozac: that's fine for now, but yes, the changes will be required 1150314233 M * Bertl (not required for max 16 ips and legacy though) 1150314261 J * phedny ~mark@volcano.p-bierman.nl 1150314285 M * Bertl wb phedny! 1150314292 M * bonbons I would propose some API which allows adding subnet/range/ip for IPv4 or IPv6, one item at a time; having the kernel to the merging of that new infor with existing one 1150314333 M * Bertl while I would propose to do the merging in userspace :) 1150314334 M * bonbons this has the major advantage that we can change data management inside of kernel transparently to userspace 1150314361 M * Bertl and the major disadvantage that the complicated stuff has to be done in the kernel :) 1150314395 M * Bertl (doesn't mean that we won't do it this way :) 1150314407 M * bonbons yes, but kernel is sure to have the information the way it wants (otherwise it must validate averything that's equavalent to recalculating) 1150314436 M * Bertl it could also trust userspace data, as for example iptables does 1150314455 M * phedny 21:44:16 -!- Irssi: critical g_io_error_get_from_g_error: assertion `err != NULL' failed 1150314458 M * phedny Bertl: thankz :) 1150314508 M * bonbons just that it binds userspace and kernel implementation 1150314560 M * bonbons but the iptables does not build the whole ruleset in userspace either, as it has important costs when manipulating rules (not just a atomic mem-copy) 1150314569 J * m0Zzg ~m0zg@80.71.242.130 1150314573 M * m0Zzg hello 1150314757 M * bonbons Bertl: we will also have to to some locking on those new dynamic structures (as those I use for modular IPv6, exclusive just for write) 1150314764 J * CoBoLt ~countcobo@84.196.135.76 1150314767 M * CoBoLt hi bertl 1150314772 M * CoBoLt I am downloading debian netinstall atm 1150314773 M * CoBoLt :) 1150314782 M * CoBoLt hoping that this will work in the end :) 1150314797 M * m0Zzg did you heard about Ruslan Ermilov? 1150314823 M * m0Zzg he is russian developer of freeBSD 1150314833 M * CoBoLt uhu 1150314837 M * CoBoLt jst googled on him 1150314877 M * m0Zzg :) sorry, my english is bad. did you heard about his troubles? 1150314881 M * CoBoLt nope 1150314901 M * CoBoLt as I just google on him, I didn't even hear off him before the last 4 minutes 1150314908 M * CoBoLt wassup with the guy? 1150314951 M * m0Zzg his wife needs an operation... oncology 1150314965 M * CoBoLt awtch 1150314967 M * CoBoLt not good 1150314976 M * m0Zzg he told to all open source comunity 1150314999 M * m0Zzg he need very much money 1150315002 M * CoBoLt urls? 1150315023 M * m0Zzg http://people.freebsd.org/~ru/help/ru 1150315031 M * m0Zzg this is his open-letter 1150315039 M * m0Zzg russian language 1150315048 M * CoBoLt can't read the char settings 1150315060 M * m0Zzg koi8-ru 1150315074 M * CoBoLt don't have that installed 1150315078 M * CoBoLt and I don't speak russian 1150315120 M * m0Zzg save with another charset? 1150315148 M * CoBoLt I won't be able to read it still, won't I? 1150315153 M * CoBoLt I don't understand russian 1150315160 M * CoBoLt is it in english somewhere? 1150315188 M * m0Zzg i didn'n saw, but may be 1150315189 M * mnemoc babelfish translates russian 1150315200 Q * cdrx Quit: Leaving 1150315275 M * m0Zzg try to translate 1150315527 M * m0Zzg so, if you want to help him 1150315564 M * m0Zzg you must write to: imp@FreeBSD.org or rwatson@FreeBSD.org 1150315569 M * Bertl btw, there are millions of people dying of hunger ... 1150315570 M * m0Zzg Warner 1150315570 M * m0Zzg Losh 1150315582 M * m0Zzg and Robert Watson 1150315602 M * Hunger of me? 1150315630 M * bonbons Bertl, daniel_hozac, doener_: it's time to have a night over the network subjet! (at least for me) 1150315663 M * doener_ good night then! 1150315672 M * m0Zzg they are coordinating donates in England and Amerika 1150315696 M * Bertl Hunger: well, of your fellow namesake ... 1150315731 M * Hunger :) 1150315770 M * CoBoLt night 1150315777 M * bonbons thanks! will back in about 20 hours 1150315811 Q * bonbons Quit: Leaving 1150315967 P * m0Zzg 1150315975 Q * Zaki Ping timeout: 480 seconds 1150317451 M * Bertl okay, tx folks, I'm off for now .. probably back later! 1150317460 N * Bertl Bertl_oO 1150317935 M * CoBoLt are you guys running etch or sarge? 1150318712 M * sid3windr sarge here 1150318775 M * CoBoLt ok 1150318778 M * CoBoLt just installed 3.1 1150319041 Q * lilo2 Quit: brb 1150319074 Q * zkbrsnie Quit: 1150319108 Q * m4z Ping timeout: 480 seconds 1150319220 Q * lilalinux Ping timeout: 480 seconds 1150319550 J * lilo2 ~0710AAD4@tor-irc.dnsbl.oftc.net 1150319601 Q * Viper0482 Remote host closed the connection 1150319732 J * lilalinux ~plasma@dslb-084-058-226-179.pools.arcor-ip.net 1150320037 J * lilo2_ ~0710AAD4@tor-irc.dnsbl.oftc.net 1150320115 Q * lilo2 Ping timeout: 480 seconds 1150321634 Q * Fushi Read error: Connection reset by peer 1150322773 J * m4z m4z@bastard-operator.from-hell.net 1150322841 Q * dna Quit: Verlassend 1150322972 J * afta ~a@chello085216135073.chello.sk 1150323103 M * afta hello. is it sound to have a vserver for each separate service (dns,web,mail) on a server with more ips, where all those services should be present on each ip - separating services role-wise but not ip-wise? 1150323270 M * doener_ sure 1150323295 J * shedi ~siggi@130.208.221.254 1150323333 M * doener_ ip address sharing is quite possible, you'll just have to restrict the ssh daemons to a single ip address or assign different ports to them 1150323361 M * doener_ s/quite// 1150323388 M * afta hm, i was thinking leaving the ssh just for the host 1150323401 M * afta which would have a dedicated ip 1150323431 M * doener_ well, AFAIK using ssh to enter the vservers is still preferred over "vserver foo enter" 1150323457 M * doener_ and as usual I don't remember the exact reasons :/ 1150323466 M * afta hmm... 1150323500 M * doener_ daniel_hozac: do you remember why? (and if it is still true...) 1150323775 M * afta that forces me to remember the service-ip or service-port 8) but if you say so ;P 1150323927 M * cehteh anyone of you attending to froscon? 1150323939 M * doener_ afta: well, you can easily store that in your ssh config 1150323981 M * doener_ and if you intended to run sshd on the host only, you would probably need that config on the host only anyway. connect there first and then to the vserver 1150324070 J * Aiken ~james@tooax6-178.dialup.optusnet.com.au 1150324096 J * sdsaas ~asdsdadas@node-51-188.jambolnet.com 1150324113 M * sdsaas freeshell? 1150324126 M * sdsaas freeshell for ircd? 1150324195 M * bon :)) 1150324200 M * bon better look somewhere else 1150324251 Q * sdsaas Quit: 1150324271 M * doener_ afta: http://paste.linux-vserver.org/89 1150324294 M * doener_ here's an example for a ssh config 1150324384 M * bon mysql.vserver/ 1150324389 M * bon what's that good for in sshd? 1150324403 Q * sladen Ping timeout: 480 seconds 1150324414 M * doener_ if I, for example, have a sshd on my.host.tld:22 and one on my.host.tld:5000 1150324432 M * doener_ sshd would store the HostKey for both sshd's as "my.host.tld" 1150324453 M * doener_ and obviously get bitchy because it is not the same in case of 2 different sshd's 1150324484 M * doener_ the HostKeyAlias tells ssh to store it as "mysql.vserver" 1150324485 M * bon ah 1150324486 M * bon i see 1150324487 M * bon that's nice 1150324490 M * bon but fortunately 1150324493 M * bon i have plenty of ips 1150324503 M * bon so i can have each vserver on different one if needed 1150324532 M * doener_ (don't ask why I wrote "mysql" once and then "mysql.vserver", it doesn't matter that much, but for example ssh bash completion will break) 1150324557 N * lilo2_ lilo2 1150324557 M * doener_ so using the same string for "Host" and "HostKeyAlias" is a better idea 1150324628 M * doener_ bon: it's already sufficient to have 2 different domain names, so it's mostly a problem for dyndns users (like me ;) 1150324665 M * CoBoLt guys I'm really off now 1150324673 M * doener_ I included it for completeness. The CheckHostIP thing is more important, to avoid that, you actually need one IP address per sshd 1150324674 M * CoBoLt still compiling my kernel on the alpha 1150324683 M * CoBoLt hopefully tomorrow I can run vservers on it :) 1150324685 M * CoBoLt ttytm 1150324688 M * CoBoLt night all 1150324693 M * doener_ good night! 1150324697 Q * CoBoLt Quit: Leaving 1150325380 J * mef ~mef@72-254-14-32.client.stsn.net 1150325390 Q * mef Remote host closed the connection 1150325662 N * sarnold sars 1150325680 N * sars sarnold 1150326382 J * sladen paul@starsky.19inch.net 1150327243 J * aphetadus ~joaopaulo@201.64.40.31 1150327252 P * aphetadus 1150328579 Q * fwl Quit: This computer has gone to sleep 1150329500 J * fwl ~f_@83-215-237-1.seek.stat.salzburg-online.at