1152230637 Q * AndrewLee Ping timeout: 480 seconds 1152231397 Q * lilalinux Remote host closed the connection 1152231516 J * cmatei ~cmatei@home-307461.b.astral.ro 1152231793 M * cmatei 2.6.16.20-vs2.1.1-rc22 with vhashify -> output of fsck -f /vservers is 480k of "Block bitmap differences" 1152231798 M * cmatei anyone amused ? :) 1152231872 J * lilalinux ~plasma@dslb-084-058-218-126.pools.arcor-ip.net 1152231896 N * sarnold sars 1152232669 Q * sladen Ping timeout: 480 seconds 1152232684 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1152235604 J * mire ~mire@104-166-222-85.COOL.ADSL.VLine.verat.net 1152238476 J * hallyn_ ~xa@adsl-75-2-69-58.dsl.chcgil.sbcglobal.net 1152238476 Q * hallyn Read error: Connection reset by peer 1152239381 J * Aiken_ ~james@tooax6-066.dialup.optusnet.com.au 1152239704 Q * Aiken Ping timeout: 480 seconds 1152240909 J * DreamerC_ ~dreamerc@59.112.20.121 1152241299 Q * DreamerC Ping timeout: 480 seconds 1152241589 Q * DreamerC_ Ping timeout: 480 seconds 1152241803 J * DreamerC_ ~dreamerc@59.112.22.147 1152242522 N * DreamerC_ DreamerC 1152245464 J * AndrewLee ~andrew@tnlug.linux.org.tw 1152245837 J * sladen paul@starsky.19inch.net 1152246978 M * Skram whats the best way to take a "image" of a VPS? 1152246980 M * Skram tar? 1152247065 J * zob000 ~zob000@216.58.14.133 1152247185 M * zob000 howdy 1152247261 M * daniel_hozac hi. 1152247267 M * zob000 i am looking at having multiple private ip based guests. the guest is able to connect to outside. how can i the mapping for the incoming ports ? 1152247303 M * zob000 i tried iptables -t nat -D PREROUTING -d ${domain_ip} -i eth0 -p tcp --dport 51812 -j DNAT --to-destination ${guest_ip}:1812 1152247368 M * zob000 basically i want to map certain incoming ports (from the public ip ) to the private ips 1152247473 M * daniel_hozac s/-D/-A/? 1152247489 M * daniel_hozac i don't see anything wrong with that. 1152247533 M * zob000 iptables: Bad rule (does a matching rule exist in that chain?) 1152247537 M * zob000 i get that error 1152247582 M * daniel_hozac you aren't actually using -D though, right? 1152247686 M * zob000 oops 1152247920 J * qos ~qos@211.90.82.139 1152247950 M * Skram whats the best way to take a "snapshot" of a VPS guest? Stop the vps and tar it? what? 1152248039 M * daniel_hozac or dump, or cpio, or ... :) 1152248533 J * cskarby ~cs@195.1.31.69 1152248755 J * coocoon ~coocoon@84.160.112.17 1152248773 M * coocoon morning 1152249121 M * zob000 daniel_hozac, hmm .. for some reason i still dont see the guest . i tried sniffing an i see the ssh coming in 2222 but the host is not forwarding to 192.168.a.b:22 any ideas 1152249395 M * daniel_hozac zob000: do your other rules allow the packets? is the guest running sshd? 1152249468 M * zob000 yes .. i have another guest with the exact same rules but a pub ip and it works ! 1152249498 M * zob000 daniel_hozac, i can enter the guest and see ssh listening via netstat 1152249521 M * zob000 echo "1" > /proc/sys/net/ipv4/ip_forward 1152249521 M * zob000 iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE 1152249526 M * zob000 i added these as well 1152249600 M * daniel_hozac you don't need ip_forward. 1152249605 M * zob000 ok 1152249615 M * daniel_hozac and i don't think MASQUERADE works for guests. 1152249628 M * daniel_hozac try with SNAT instead. 1152249797 M * zob000 i already have snat in there 1152249797 M * zob000 iptables -t nat -A POSTROUTING -s 192.168.35.0/24 -o eth0 -j SNAT --to-source ${domain_ip} 1152249799 M * zob000 the guest is able to see the internet .. it just that the outside cannot get mapped to ports running on the guest 1152249862 M * daniel_hozac so what does your DNAT rule look like? 1152249898 M * zob000 iptables -t nat -A PREROUTING -d ${domain_ip} -i eth0 -p tcp --dport 2222 -j DNAT --to ${guest_ip}:22 1152249968 M * daniel_hozac and i assume that rule doesn't show any increase in the packet and byte counters in iptables -t nat -nvL when you try to connect? 1152250164 M * zob000 daniel_hozac, the number of packets is increasing n the prerouting accept policy near dnat 1152250183 M * daniel_hozac huh? 1152250317 M * zob000 2 120 DNAT tcp -- eth0 * 0.0.0.0/0 domainip tcp dpt:2222 to:192.168.35.1:22 1152250340 M * zob000 2 300 DNAT tcp -- eth0 * 0.0.0.0/0 domainip tcp dpt:2222 to:192.168.35.1:22 1152250383 M * coocoon zob000: iptables -t nat -A POSTROUTING -s 1.2.3.1 -d ! 1.2.3.1 -j SNAT --to-source hotsip 1152250453 M * daniel_hozac zob000: so the 2 doesn't increase when you try to connect, right? 1152250493 M * zob000 yes it does ... i just illustrated it and increased one fild by hand 1152250501 M * zob000 coocoon, what ! is for ? 1152250520 M * coocoon sorry it wasn't that what u need 1152250521 M * zob000 coocoon, no netmask ? 1152250525 M * coocoon ok 1152250540 M * coocoon sorry 1152250542 M * zob000 ok 1152250564 M * zob000 daniel_hozac, i can paste again whithout being lazy 1152250638 M * zob000 2 120 DNAT tcp -- eth0 * 0.0.0.0/0 ${domain_ip} tcp dpt:2222 to:192.168.35.1:22 1152250644 M * zob000 5 300 DNAT tcp -- eth0 * 0.0.0.0/0 ${domain_ip} tcp dpt:2222 to:192.168.35.1:22 1152250650 M * zob000 8 480 DNAT tcp -- eth0 * 0.0.0.0/0 ${domain_ip} tcp dpt:2222 to:192.168.35.1:22 1152250671 M * daniel_hozac zob000: well then, that's not your problem. are you sure INPUT lets the packets through? 1152250707 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1152250728 M * zob000 if you can go private i can show the full output 1152250778 M * daniel_hozac -t nat isn't really relevant anymore as you showed that already works. 1152250794 M * daniel_hozac what does iptables -nvL INPUT say? which one is increasing? 1152250935 Q * schimmi Read error: Connection reset by peer 1152250940 M * zob000 daniel_hozac, do i need a rule to accept the port ? and then another to forward ? 1152250955 M * zob000 daniel_hozac, i see the drop is increasing 1152250979 M * zob000 by default i have : 1152250981 M * zob000 iptables -P INPUT DROP 1152250982 M * zob000 iptables -P FORWARD DROP 1152250982 M * zob000 iptables -P OUTPUT ACCEPT 1152250982 M * daniel_hozac zob000: yes, if you have rules that drop everything else.. 1152251007 M * zob000 ok 1152251093 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1152251123 M * cdrx morning 1152251123 M * zob000 its still dropping 1152251350 M * daniel_hozac so what rule did you insert into INPUT? 1152251369 M * daniel_hozac is it actually catching the packets? 1152251387 M * zob000 iptables -A INPUT -p tcp -s 0/0 -d ${domain_ip} --dport 2222 --syn -j ACCEPT 1152251422 M * zob000 the accept is not increasing in that row when i do iptables -nvL 1152251534 M * coocoon zob000: sorry but i have one question u r using public ips for the guest? 1152251555 M * zob000 btw. i have 2 guests one with the public ip and one with the private ip. so guesta has public ip and guestb has private ip 1152251583 M * coocoon zob000: and u wanna route guest b 1152251599 M * zob000 coocoon, only certain ports 1152251605 M * daniel_hozac zob000: what's the purpose of the --syn? 1152251623 M * daniel_hozac zob000: you have that rule before any DROP rules, right? 1152251623 M * zob000 no idea .. i usually put it wheni am using tcp 1152251636 M * daniel_hozac zob000: and you should use -d 192.168.35.1. 1152251644 M * coocoon zob000: could this help u http://deb.riseup.net/vserver/old-stuff/networking#NAT 1152251667 M * daniel_hozac zob000: as well as --dport 22. 1152251683 M * zob000 daniel_hozac, i have been there already 1152251742 M * zob000 daniel_hozac, --to is not good ? 1152251749 M * daniel_hozac zob000: hmm? 1152251806 M * zob000 sorry .. i am already using -d and --dport . still nothing different 1152251852 M * daniel_hozac could you paste your entire iptables -nvL INPUT at paste.linux-vserver.org? 1152251860 M * zob000 iptables -A INPUT -s 0/0 -d 0/0 -p udp -j DROP 1152251860 M * zob000 iptables -A INPUT -s 0/0 -d 0/0 -p tcp --syn -j DROP 1152251866 M * zob000 these come way at the bottom 1152252051 M * zob000 daniel_hozac, heh .. looks like i have a drop in there ! http://paste.linux-vserver.org/161 1152252097 J * Milf ~Miranda@ipsio452.ipsi.fraunhofer.de 1152252102 M * zob000 but that was meant to stop traffic coming from the internet looking like local ! 1152252104 M * daniel_hozac is a.b.c.x the public IP addresses? 1152252108 M * zob000 yes 1152252130 M * daniel_hozac as i said, you shouldn't do that. 1152252144 M * daniel_hozac you should use the private IP address, and the port to which you redirect the traffic. 1152252150 M * zob000 daniel_hozac, do you think the drop for 192.168.0.0 is the problem 1152252156 M * daniel_hozac no. 1152252175 M * daniel_hozac unless you're connecting from those addresses. 1152252240 M * zob000 daniel_hozac, there is 2 guests . the rules you see are for the guest with public ip. the 2222 is the only one rule i have for the guest using private ip. and i still cant ssh into that guest 1152252264 M * daniel_hozac zob000: and you shouldn't be able to. 1152252271 M * zob000 daniel_hozac, the public ip is what i use to access both boxes 1152252274 M * daniel_hozac zob000: because you're using the public IP address and the public port. 1152252308 M * daniel_hozac zob000: the rewriting will happen before INPUT gets a crack at the packets, so the destination IP address will be the private one, and the destination port will be 22. 1152252312 M * zob000 huh ?? 2222 is not being used 1152252481 M * cskarby zob000: depending on who is maintaining the different guest you might just run the guests on the same public ip and bind daemons to different ports in the different vserver guests, I guess it should work? 1152252566 M * zob000 daniel_hozac, here are all the rules http://paste.linux-vserver.org/162 1152252579 M * zob000 i dont get what you are saying tho 1152252650 M * zob000 all these rules are applied to the host which has a separate public ip 1152252656 M * daniel_hozac zob000: in INPUT, you must use the guest's private IP address (${guest_ip}) and the private port (22). 1152252685 M * zob000 ah ! 1152252756 M * zob000 wooohooooooooooo 1152252769 M * zob000 daniel_hozac, you da maaaaaaan ! 1152253061 M * zob000 now this sucks .. i have to specify 2 rules for evry port that is forwarded one for input and one for dnat 1152253197 Q * micah Ping timeout: 480 seconds 1152253217 M * zob000 time for writing mcros 1152253851 M * anonc re: device nodes and hardlinks. Is it a security hole is the guest's special character devices are hardlinks to the same nodes in another vserver (null ptyp ttyp urandom etc) 1152254044 Q * coocoon Ping timeout: 480 seconds 1152254391 Q * mountie Remote host closed the connection 1152254719 J * coocoon ~coocoon@84.160.98.187 1152256025 J * Horizon ~alex@216.197.228.130 1152256759 Q * Aiken_ Ping timeout: 480 seconds 1152256971 J * pisco ~pampel@80.135.181.4 1152257113 J * dna ~naucki@dialer-167-89.kielnet.net 1152257315 J * cryo ~say@psoft.user.matrix.farlep.net 1152257356 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1152257456 M * zob000 thanks guys 1152257459 Q * zob000 Quit: Leaving 1152257969 M * Milf Can anyone give me hints on where to start looking if I suspect mem leaks in a server? 1152258006 M * Milf I've got a VServer host, really old, with 6 Gigs of memory, running a total of five guests that occasinally locks down due to swapping 1152258271 M * Adrinael Log vserver-stat output with cron to see which guest is growing its RSS 1152258276 M * Adrinael *shrug* 1152258316 M * Milf Hmmm, vserver-stat, why didn't I think of that? :) 1152258380 M * Milf Hmmm, RSS schows nothing bad: 1152258381 M * Milf CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME DESCRIPTION 1152258381 M * Milf 0 42 140MB 2kB 2h56m53 2d10h56 46d02h59 root server 1152258381 M * Milf 49152 15 88MB 11kB 4h48m46 23h27m06 46d02h58 bigbrother01 1152258381 M * Milf 49153 7 18MB 681B 4m33.06 3h49m29 46d02h58 gmdmail01 1152258382 M * Milf 49155 348 3GB 1MB 1d04h47 3d09h08 46d02h58 slox01 1152258382 M * Milf 49156 47 1GB 112kB 1h38m00 2d10h30 46d02h58 web01 1152258384 M * Milf 49157 8 21MB 554B 11m20.31 3h42m40 46d02h58 webadmin01 1152258543 Q * Horizon Quit: Leaving 1152259634 J * coocoon ~coocoon@84.160.98.187 1152259642 M * Milf Any other ideas? Get rid of swap, track memory usage with command X that I don't know of, work the box with a hammer? 1152259670 M * Adrinael Well, is it swapping _now_? 1152259672 M * daniel_hozac Milf: you should use static xids :) 1152259718 M * Milf daniel_hozac: Not on thix 2.4 Kernel box I don't :) 1152259742 M * Milf adrianel: If the machine starts to swap, it hangs. Fortunately right now it's not swapping. 1152259777 M * daniel_hozac Milf: those RSS values look pretty damn unlikely. 1152259802 M * daniel_hozac Milf: what does /proc/virtual/*/limit say? (if 2.4 has such a thing... i'd guess not) 1152259805 M * Adrinael Well, if it isn't doing it now, then you can't find the cause now. 1152259813 M * Milf Yep, I don't know what RSS stands for, but it seems to me a little low too. 1152259826 M * Adrinael RSS is the resident size. How much is in physical memory. 1152259840 M * Milf Adrianel: I would think I could find out what on the box is hogging 6GB of memory. 1152259853 M * Adrinael 2kB for the root server seems damn low, but I guess nothing happens there except the occasional vserver build? 1152259869 M * Adrinael Milf, if nothing is hogging 6GB now, it's impossible 1152259888 M * Adrinael If there's scissors on the table, how can you detect who held it last night? 1152259893 M * Milf I agree with daniel_hozac those numbers can be safely ignored, alas have to be contemplated why such crap is being displayed. 1152259909 M * daniel_hozac vserver-stat is a pretty ugly hack. 1152259912 M * Milf BTW it's running Linux 2.4.27-vs1.29 i686/0.30/0.30 1152259933 M * Milf and I will probably never get the chance to upgrade that OS 1152259943 M * Milf It's more likely the box will be replaced. 1152259955 M * Adrinael What is slox01 doing? 3GB for address space sounds scary if it occasionally want to use all that 1152260037 M * daniel_hozac and 348 processes... 1152260045 M * Milf It's the company mailserver runnig SLOX 4.1, a Java-based Groupware 1152260062 M * Milf complete with an outdated cyrus imap server 1152260063 M * daniel_hozac ah, Java...... 1152260069 M * Adrinael Haha 1152260078 M * daniel_hozac now it all makes sense. 1152260080 M * meebey Bertl_oO: ping 1152260198 M * Milf Is there an issue with java in vservers? 1152260205 M * meebey nope 1152260209 M * meebey I use java in vservers 1152260211 M * daniel_hozac no, it's just an issue with Java. period. :) 1152260214 M * meebey non-GUI at least 1152260235 M * meebey Milf: do you have PAX or something? 1152260242 M * Milf I know that there are a lot of java processes hogging memory. tried restarting them. No help from that. 1152260250 M * Milf meebey: What's PAX? 1152260259 M * meebey memory protection 1152260264 M * meebey in kernelspace 1152260278 M * phreak`` Milf: Subset of grsec (afair) 1152260285 M * meebey yeah 1152260287 M * daniel_hozac Milf: what does free say? how much RAM is used (± buffers and caches)? 1152260302 M * Milf # free 1152260302 M * Milf total used free shared buffers cached 1152260302 M * Milf Mem: 6212404 6201040 11364 0 49576 4880596 1152260302 M * Milf -/+ buffers/cache: 1270868 4941536 1152260302 M * Milf Swap: 1052248 37564 1014684 1152260321 M * meebey 1.2GB used by java? 1152260322 M * meebey omg 1152260363 M * meebey dont beliee the VSZ value btw, RSS is the interesting one 1152260363 M * anonc is the jvm configured to start with a 1024MB heap by any chance? 1152260364 M * Milf That fits my experiences. How did you know that? from the -/+ buffers line there? 1152260374 N * otaku42_away otaku42 1152260380 M * Milf anonc: how would I know if it was? 1152260382 M * meebey Milf: yes, you need to the read the non-buffer values 1152260417 M * meebey so almost 5GB is still free to use for applications 1152260431 M * meebey Milf: check how your java app is started 1152260436 M * meebey Milf: check the parameters 1152260440 M * Milf So that first line tells me nothing? 1152260448 M * anonc Milf: somewhere in the java app will be the script which launches the jvm - look for the -Xms and -Xmx flags 1152260466 M * meebey Milf: well if you subtract the buffer+cached values, then yes, else no :) 1152260487 M * meebey Milf: cache/buffer is like filesystem cache 1152260494 M * meebey Milf: database server love it too 1152260513 M * meebey linux tries to not waste resources so it uses it for different things 1152260530 M * meebey but if an application requests the memory, it will free the buffer and give it to the application 1152260549 M * Milf Would this be the line to look for: /usr/lib/java/jre/bin/java $SERVER -ms10m -mx120m 1152260568 M * anonc what version of java is it? 1152260585 M * meebey and what kind of java app? :) 1152260592 M * Milf java I think is 1.3.1 1152260595 M * meebey some enterprise code crap? 1152260598 M * Milf and here's another: /usr/lib/java/jre/bin/java $SERVER -ms20M -mx280M 1152260612 M * Milf SuSE Linux OpenExchange 4.1 1152260617 M * meebey Milf: thats an very old java version 1152260620 M * Milf i.e. yes, enterprise code crap. 1152260622 M * meebey Milf: install recent java 1.5 :) 1152260632 M * meebey its much fater too.. 1152260633 M * meebey +s 1152260635 M * meebey lol fater 1152260667 M * Milf meebey: no can do. We've been planning to upgrade to a new Version of OpenExchange since the start of the year, but my boss is stalling for Hardware upgrades. 1152260668 M * meebey maybe such old java is very sloppy with memory management 1152260679 M * Milf I think so too. 1152260716 M * meebey if its a pure java app, it should be easy to install a java 1.5 besides the current install 1152260722 M * meebey and start the server with the new vm 1152260730 M * anonc i'd expect the flags to be -Xms and -Xmx but yes they should be the initial and maximum size of the memory pool 1152260736 M * anonc for that java instance i mean 1152260740 M * meebey its like unpacking java, changing the path in the start script, done 1152260768 M * anonc careful - 1.5 might not be 100% compatible 1152260807 M * anonc colour me unsurprised if old jvms leak memory on linux 1152260823 M * meebey a quick test shouldnt hurt, else use the latest java 1.4 1152260887 M * meebey Milf: you could also duplicate the vserver and try in a different one 1152260899 M * meebey thats nice part of vservers :) 1152260914 M * Milf Yeah hmmm, I don't know if I can reproduce the memory leak in the testserver :) 1152260928 M * Milf But hey, I'll give ti a try. 1152260968 M * meebey worst case could also be that the application is leaking resources 1152260991 M * meebey by having references to objects 1152261054 Q * shedi Quit: Leaving 1152261448 M * Milf meebey: I wouldn't be surprised 1152261500 Q * cskarby Quit: Download Gaim: http://gaim.sourceforge.net/ 1152261786 J * doener ~doener@i577BB8EE.versanet.de 1152262302 Q * dna Quit: Verlassend 1152263958 Q * juggo Quit: Download Gaim: http://gaim.sourceforge.net/ 1152264636 Q * lilalinux Quit: Leaving 1152264731 J * lilalinux ~plasma@dslb-084-058-218-126.pools.arcor-ip.net 1152264856 J * shedi ~siggi@213.190.108.50 1152264860 Q * lilalinux Remote host closed the connection 1152264915 J * lilalinux ~plasma@dslb-084-058-218-126.pools.arcor-ip.net 1152264934 Q * Milf Ping timeout: 480 seconds 1152265254 Q * pisco Ping timeout: 480 seconds 1152265451 Q * eyck Quit: leaving 1152266038 J * dna ~naucki@dialer-167-89.kielnet.net 1152266261 Q * lilalinux Remote host closed the connection 1152266451 J * lilalinux ~plasma@dslb-084-058-218-126.pools.arcor-ip.net 1152267305 P * cryo ðÏËÉÄÁÀ 1152268963 M * nox just read the german article http://www.heise.de/newsticker/meldung/75191 is vserver woundable to that? 1152269080 M * daniel_hozac try it :) 1152269138 M * nox (; 1152269142 J * Viper0482 ~Viper0482@p54975D23.dip.t-dialin.net 1152269307 M * daniel_hozac i'm not sure how it would be exploited exactly. 1152269334 M * daniel_hozac AFAICT, it would just lead to the core file being written with root permissions. 1152269354 M * daniel_hozac but i'm probably just missing something :) 1152269438 M * doener the attack vector is probably sth. like the stuff you have to do when you have write access to the apache log directory (there's a warning somewhere that says that a user with write access to that directory can gain root privileges, I have no idea how that works though) 1152269536 M * nox a bit more detailed changelog would be nice 1152269661 M * daniel_hozac well, it is just a one line change. 1152269850 J * pisco ~pampel@80.135.181.4 1152271468 Q * m4z Ping timeout: 480 seconds 1152271500 Q * dna Quit: Verlassend 1152271527 M * derjohn they talk about a cdromdriver vulnerability , too ... this is not fixed in .4 ? 1152271669 M * anonc does anyone else get [kernel] BUG: warning at include/net/dst.h:154/dst_release() if they create a nodev network interface for a vserver using an ip that doesn't already exist on the server? (try sending some traffic across it). 1152271748 M * daniel_hozac i remember seeing that warning before, so others have gotten it. 1152271820 M * anonc just checking now whether its bonding device specific... 1152271820 M * daniel_hozac how do you send some traffic across it? 1152271928 M * anonc well - in my case i have a guest which has 2 ips on different networks - one nodev. When sending traffic to a destination on the nodev network i get that BUG message (might be udp specific) 1152272003 M * daniel_hozac in which order do you specify the addresses? 1152272041 M * anonc 0 is the address created for the vserver, 1 is the nodev 1152272160 J * m4z m4z@bastard-operator.from-hell.net 1152272172 M * anonc ifconfig inside the guest doesn't show the address (that depends on it having a name - yes?) 1152272258 M * daniel_hozac yes, if the two addresses are on the same interface. 1152272273 M * daniel_hozac but if the address isn't assigned at all, it won't show up. 1152272458 M * anonc mmm - can't trigger it when the host network device isn't a bonding one... 1152272819 Q * derjohn Read error: Connection reset by peer 1152272910 M * anonc yep - its udp only 1152272971 M * anonc and bonding driver specific 1152273272 M * mnemoc hi, dumb off-topic question, can i use a cramfs image as initrd on a vanilla linux26 or i need to mount them from a normal cpio initrd? 1152273832 J * Piet ~piet@tor-irc.dnsbl.oftc.net 1152273905 Q * Piet Quit: 1152274166 Q * cdrx Read error: Operation timed out 1152274376 J * derjohn ~derjohn@80.69.37.19 1152274747 J * mountie ~mountie@CPEdeaddeaddead-CM000a739acaa4.cpe.net.cable.rogers.com 1152275121 J * WorkRoey ~katz@h-69-3-4-130.mclnva23.covad.net 1152275123 M * WorkRoey hi Bertl_oO :) 1152275127 M * WorkRoey Bertl_oO: http://it.slashdot.org/comments.pl?sid=190516&cid=15673917 1152275132 M * WorkRoey you've been propped 1152275945 Q * Viper0482 Quit: one day, i'll find this peer guy and then i'll reset his connection!! 1152276308 J * cdrx ~legoater@cimai.net4.nerim.net 1152277338 J * pisc1 ~pampel@80.135.190.164 1152277404 Q * balbir Ping timeout: 480 seconds 1152277622 J * balbir ~balbir@203.101.54.189 1152277714 Q * pisco Ping timeout: 480 seconds 1152279212 J * sanal_darbe ~PAPATYAv4@88.224.9.107 1152279216 M * sanal_darbe hi 1152279354 N * Bertl_oO Bertl 1152279358 M * Bertl morning folks! 1152279362 J * melvin ~melvin@p5487541C.dip.t-dialin.net 1152279368 M * melvin hi 1152279370 M * Bertl WorkRoey: nice :) 1152279380 M * Bertl welcome melvin! sanal_darbe! 1152279392 M * sanal_darbe Bertl 1152279406 M * melvin my vserver-stat tell me, that the instance is running, but vserver-info lvswww5 RUNNING ; echo $? returns 1 1152279408 M * sanal_darbe adminastor 1152279432 M * melvin who can i seasy check the status of vserver 1152279468 M * Bertl melvin: vserver-stat basically shows information gathered from something like ps 1152279484 M * Bertl melvin: the kernel state can be seen in /proc/virtual 1152279496 M * Bertl melvin: and vserver-info shows the view of the tools 1152279510 M * Bertl obviously they are out of sync somehow 1152279616 M * melvin vserver lvswww5 status says running or stopped. maybee this cvan used to pares 1152279617 Q * mire Quit: Leaving 1152279697 M * Bertl melvin: I'd assume the tools 'tried' to stop the guest, but 'something' is still using the same xid 1152279708 M * coocoon hello bertl 1152279712 M * melvin Bertl: ok 1152279720 M * Bertl melvin: do you use static context ids or the deprecated dynamic ones? 1152279727 M * Bertl hey coocoon! 1152279769 M * coocoon bertl: xfs failled although it is enabled in the kernel http://paste.linux-vserver.org/165 1152279880 M * Bertl coocoon: that's the tiny partition, yes? 1152279894 M * Bertl you can check the reason with something like this: 1152279913 M * Bertl sudo bash testfs.sh -D /dev/sdb3 -M /mnt/test -F xfs -vv 1152279925 M * coocoon ok will try 1152279936 M * Bertl (will probably tell you that the partition is too small) 1152279976 M * coocoon aha it has 8GB, sorry here aren't bigger inside ;-) 1152279999 M * Bertl hmm, 8GB should be enough 1152280008 M * Bertl but IIRC that was hdd3 no? 1152280024 M * Bertl (maybe I confuse that and the reason is something different) 1152280052 P * WorkRoey Leaving 1152280070 M * coocoon bertl: s/dev/sdb3 1152280153 M * Bertl as the test fails with the 000 check, it means that (for whatevwer reason) the filesystem could not be formatted successfully 1152280156 M * sanal_darbe ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ 1152280157 M * sanal_darbe ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ 1152280158 M * sanal_darbe ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ 1152280159 M * sanal_darbe ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ_\|/_ .»º}®{º«..º}®{º«.ADDMÝNEE BAAAAAKKKKKKBBBBEEEEEEEEEEEE .»º}®{º«..»º}®{º«. _\|/_ ææææ(sanal_darbe)'ææææææ 1152280159 Q * sanal_darbe Killed (FloodServ ((FloodServ) Warning, you have triggered a network protection. Stop flooding!)) 1152280167 M * TheSeer *sigh* 1152280212 M * coocoon ok will try another one ;-) 1152280231 J * micah ~micah@208.99.202.72 1152280232 M * Bertl coocoon: nah, check with the line I gave you, it will provide the required info 1152280238 M * Bertl welcome micah! 1152280243 Q * micah Quit: 1152280252 M * TheSeer you scared him away.. 1152280254 M * TheSeer :P 1152280260 M * Bertl seems so :( 1152280290 J * micah ~micah@208.99.202.72 1152280317 A * mnemoc wonders if Bertl will great him again 1152280360 M * Bertl why should I? 1152280390 M * mnemoc to see if he runs away again :p 1152280414 M * Bertl okay, let's try ... 1152280418 M * coocoon the hdd can't be open anymore 1152280429 M * Bertl wb micah! 1152280451 M * micah :D 1152280474 M * Bertl seems this time I didn't scare him :) 1152280538 M * micah the first time i realized i forgot to start screen 1152280561 M * micah so I ran away 1152280569 M * Bertl I can understand that ... 1152280773 M * coocoon bertl: sorry for asking but how is the package name which xfs contains 1152280783 M * Bertl sec, let me check 1152280794 M * coocoon Bertl: because of testfs.sh: line 499: mkfs.xfs: command not found 1152280815 M * Bertl xfsprogs-2.0.0-1mdk (here) 1152280827 M * coocoon Bertl: ok cool 1152280890 J * Viper0482 ~Viper0482@p54975D23.dip.t-dialin.net 1152280918 M * coocoon Bertl: et voila http://paste.linux-vserver.org/166 1152280921 M * Bertl wb Viper0482! 1152280993 M * Bertl coocoon: great, now let's run the entire testfs.sh (with -tx) and the testme.sh with -L, and upload that as one, or post it to the ml :) 1152281026 M * Bertl so we know that the tests succeeded with 2.6.17.3 and rc25 1152281073 M * Bertl on ultra sparc smp that is, yes? 1152281325 M * coocoon bertl: like this one http://paste.linux-vserver.org/167? 1152281568 M * Bertl coocoon: excellent work! thanks a lot! 1152281618 M * coocoon u r welcome hehe thanx for u r help ;-) 1152281656 M * coocoon Bertl: now u have it right 1152281685 Q * cryptronic Ping timeout: 480 seconds 1152281685 Q * Ben_zZz Ping timeout: 480 seconds 1152282939 Q * pisc1 Remote host closed the connection 1152283322 J * pisco ~pampel@80.135.190.164 1152283483 M * Bertl wb pisco! 1152283870 M * derjohn Bertl, changes in rc25 ? 1152283971 M * derjohn Bertl, and: when did you release it? 5.7 ? 1152284010 M * mnemoc doesn't the webserver show the creation time of the patch? 1152284034 J * cryo ~say@psoft.user.matrix.farlep.net 1152284101 M * derjohn mnemoc, yes: 05-Jul-2006 15:14 882K :) 1152284123 M * mnemoc and probably you can find a -rc24-rc25 patch there too :) 1152284210 M * derjohn mnemoc, sure, but i remeber daniel saying, it was only the reaper-fix-03 ... to be honest: I dont have the slightest idea what that would look like in code. and I have to put sth in http://linux-vserver.org/ChangeLogExperimental 1152284230 M * mnemoc :) 1152284304 Q * shedi Quit: Leaving 1152284443 M * Bertl derjohn: minor fix (removed a harmful BUG_ON()) 1152284467 M * derjohn is that the "reaper-fix" ? 1152284478 M * Bertl yep 1152284486 M * derjohn ok, i put it to the wiki 1152284831 M * meebey Bertl: hiya 1152284857 M * meebey Bertl: our website is updated and contains now some more info about the gailei server product that is V-Server based 1152284864 M * meebey Bertl: thought you might find that interesting 1152284873 M * meebey Bertl: http://www.gsd-software.net/galilei_business_server/galilei_start.html 1152284964 M * Bertl meebey: of course! 1152285085 M * derjohn meebey, it spelled VServer not, "V-Server", but YMMV, especially in marketing 1152285106 M * Bertl meebey: of course, would be even greater if there was a link to the project (but maybe I just missed that :) 1152285160 M * meebey Bertl: uh good point :) 1152285170 M * meebey I will forward that 1152285270 M * meebey derjohn: hm official its VServer? 1152285282 M * meebey not sure if I can convince them about that :-P 1152285359 M * derjohn well, check the logo and the website ... we (Bertl) decided it to be VServer :) 1152285412 M * derjohn will a V-Server could reffer to the 'class of v12' we are providing, i.e. openvz may also have "v-servers" ... 1152285472 M * meebey Bertl: btw the project got approved to migrate the system to 2.6 kernel :) 1152285472 M * Bertl meebey: the project is called Linux-VServer, but maybe your 'units' can be called V-Servers ;:) 1152285521 M * meebey is the old config style still supported? 1152285579 M * Bertl yes, as legacy config, but it will not allow newer features 1152285579 M * meebey speciying the interface would be also ok 1152285597 M * meebey migrating all configs is a bit PITA :-P 1152285606 M * meebey because the new layout is more complex 1152285638 M * meebey I still have the migrate script but it needs a lot of modifications 1152285776 M * derjohn meebey, there is a oldstyle to newstyle converting script on the wiki (i've never used it though) 1152286956 N * otaku42 otaku42_away 1152288000 Q * qos Quit: HydraIRC -> http://www.hydrairc.com <- The dawn of a new IRC era 1152288216 J * Ben_zZz B.Lukas@mail.openvcp.org 1152288247 J * cryptronic crypt@mail.openvcp.org 1152288317 J * mire ~mire@104-166-222-85.COOL.ADSL.VLine.verat.net 1152289466 Q * melvin Quit: leaving 1152289466 Q * lilalinux Read error: Connection reset by peer 1152289886 J * raanders ~raanders@rod.homebydesign.com 1152289954 M * raanders Anyone about this late in your day 1152289985 M * Bertl welcome raanders! 1152290013 M * raanders I trying to figure out why the rename of a guest is failing when I try a vyum 1152290030 M * Bertl how did you rename it? 1152290115 M * raanders Hunt all the references to the old name 'test' in all the vserver-ish directories and then mv or ln -sf to the new name 'dev'. 1152290160 M * Bertl if done properly, that should work quite fine, maybe you missed something? 1152290242 M * raanders The error coming back is: Can not find file for 'RPMSTATEDIR'; aborting. Trying t ofind where this is set is ... interesting ... to say the least 1152290259 J * lilalinux ~plasma@dslb-084-058-218-126.pools.arcor-ip.net 1152290378 Q * FireEgl Ping timeout: 480 seconds 1152290488 J * stefani ~stefani@tsipoor.banerian.org 1152290489 Q * stefani Quit: 1152290542 J * stefani ~stefani@tsipoor.banerian.org 1152290558 M * raanders Probably have but my searching hasn't found it. This has happened before when I tried a rename. I'm still looking but hoped someone would say ... I know that error! 1152290669 M * Bertl let me check the config tree .. sec 1152290816 M * raanders Found it! It always helps to voice my foolishness to the world. Sorry for the lost bits. 1152290818 J * dna ~naucki@p54BCFC6C.dip.t-dialin.net 1152290832 M * Bertl raanders: np, was it the cache dir? 1152290847 M * Bertl welcome stefani! dna! 1152290855 M * dna hi 1152290880 M * stefani salut 1152290919 J * poiin2000 poiin2000@80.244.242.124 1152291369 M * raanders It was the base in /etc/vservers/.defaults/vdirbase/.pkg/test. Of course changing this broke it differently and I'm not sure about my other guests now. I'll have to check them shortly. So ... still looking the soultion. 1152291577 M * Bertl well, there is a base dir for each guest 1152291585 M * Bertl you usually do not change the defaults :) 1152291593 Q * stefani Quit: I Quit! 1152291684 N * sars sarnold 1152291845 J * FireEgl Atlantica@Atlantica.Tcldrop.US 1152291934 M * poiin2000 oh hi Wonka:) 1152292413 Q * cdrx Read error: Operation timed out 1152292696 M * Wonka hi poq! 1152292735 M * poiin2000 man trifft sich ueberall:) 1152293329 M * raanders At last. I found the final piece. Some how the yum.conf and yum-hack.conf for the guest were deleted or broken. I copied from a good guest and all is well again. Thanks for the help. 1152293491 M * Bertl anybody here who would like to visit the 'Pforzheimer Linux Tag' and talk about Linux-VServer there (15.07.2006)? unfortunately I'm already booked for that day 1152293523 Q * raanders Quit: Leaving 1152293550 M * Bertl ray6: ping?! 1152294037 Q * balbir Ping timeout: 480 seconds 1152294233 M * Wonka poiin2000: CERT ist überall! 1152294606 M * Bertl okay, I'm off for now .. dinnertime .. will be back later 1152294640 N * Bertl Bertl_oO 1152295926 J * fony_vaio ~Owner@82-32-180-48.cable.ubr05.newt.blueyonder.co.uk 1152295931 M * fony_vaio hi all 1152296132 Q * Viper0482 Remote host closed the connection 1152296416 M * fony_vaio anyone around? 1152296520 M * daniel_hozac sure. 1152296555 M * fony_vaio :D 1152296581 M * fony_vaio i understand that lycos VDS service uses vserver 1152296613 M * fony_vaio i'm wondering whether i can change the kernel, or am i unable to change it myself? 1152296626 M * daniel_hozac there is only one kernel. 1152296643 Q * kaner oxygen.oftc.net nobelium.oftc.net 1152296645 M * fony_vaio and everyone has to use that same kernel on the server? 1152296652 M * daniel_hozac yes. 1152296664 M * fony_vaio then how can they offer different dists? 1152296671 J * dna_ ~naucki@p54BCFC6C.dip.t-dialin.net 1152296685 M * fony_vaio they edit them all to use the same kernel? 1152296714 M * fony_vaio ah, it's beginning to make sense, that's why i can't see anything in /boot 1152296724 M * fony_vaio i just thought it's not mounted 1152296785 J * kaner kaner@strace.org 1152296785 T * neutron.oftc.net http://linux-vserver.org/ | latest stable 2.01, 1.2.10, 1.2.11-rc1, devel 2.1.0, exp 2.{0.2,1.1}-rc25 | util-vserver-0.30.210 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the wiki, and we'll forget about the minute ;) 1152296896 M * fony_vaio daniel_hozac: thanks, i understand how it's working now. :D 1152296954 M * fony_vaio but from the vserver mailing lists, i'm sure people were discussing using iptables... i'm amazed lycos VDS doesnt have this function. 1152297013 M * daniel_hozac discussing it maybe, but it's not possible (yet). 1152297035 Q * dna Read error: Operation timed out 1152297310 M * fony_vaio oh, that's a shame. 1152297321 M * fony_vaio any idea of when it might be implemented into vserver? 1152297621 J * eyck eyck@ghost.anime.pl 1152297712 M * daniel_hozac when someone wants it badly enough ;) 1152297716 J * balbir ~balbir@203.101.54.189 1152297835 M * fony_vaio lots of ppl on the lycos vds forum seem to be interested :D http://forum.lycos-vds.com/index.php?topic=347.0 1152297848 M * fony_vaio i'm surprised none of them came here to ask for it before 1152297866 M * doener fony_vaio: there's no need to "edit" the distros to use the same kernel. You can usually use any (recent enough) kernel with any distro 1152297932 M * fony_vaio doener: i see, it's just that i noticed they'd changed a lot of the default config files from debian defaults, is all. 1152297933 M * doener the only problems I'm aware of are distros that backported nptl to 2.4, you need a nptl-enabled kernel for them, but that's not a problem with 2.6 1152297973 M * doener yeah, probably just the hardware stuff, like setting the time or mounting stuff, as that just produces warnings in a vserver 1152297981 M * fony_vaio they're running 2.6.14.3-vs2.0.1 atm 1152297991 M * fony_vaio doener: got it 1152298024 M * fony_vaio is vserver considered stable for production servers? 1152298037 M * daniel_hozac definitely. 1152298055 M * fony_vaio good to know :) 1152298129 M * fony_vaio so one more question, what do you all recommend in lieu of iptables, tcpwrappers? 1152298228 M * fony_vaio i'm just concerned about security is all, i envision running quite a few services on my lycos vds (including a fully fledged lamp platform, and a mail server) and i obviously would like to ensure maximum uptime if i can. 1152298278 Q * mire Quit: Leaving 1152298329 Q * balbir Ping timeout: 480 seconds 1152298329 M * daniel_hozac i suppose you could just turn off listening on TCP/UDP ports and just use the UNIX sockets for the apps that support it, which you don't want to expose to the world. 1152298497 M * fony_vaio thanks, i'll try it... i just hope all the apps i want to use will support it 1152299398 J * vrwttnmtu ~eryktyktu@82-69-161-137.dsl.in-addr.zen.co.uk 1152301477 Q * fony_vaio Read error: Connection reset by peer 1152303869 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1152304017 Q * cdrx Quit: 1152304989 M * daniel_hozac doener: have you read the /proc/virtnet thread on the ML? do you think it's worth fixing? 1152305471 J * stefani ~stefani@tsipoor.banerian.org 1152305598 M * doener the hardlink count stuff? 1152305698 M * doener no idea, I don't think it actually hurts, but would probably be a nice cosmetic fix 1152305709 J * bonbons ~bonbons@83.222.39.166 1152306114 Q * mountie Quit: LUNCK! 1152306655 M * lilalinux how would I use /dev/stdin in a vserver? 1152306672 M * lilalinux in the host it's a symlink to /proc/self/fd/0 1152306898 M * cehteh you can do that in the vserver too 1152306904 M * cehteh that should be safe 1152306916 M * lilalinux thx 1152307497 Q * Nam Ping timeout: 480 seconds 1152307599 Q * nox Ping timeout: 480 seconds 1152307796 Q * lilalinux Remote host closed the connection 1152307827 Q * dna_ Quit: Verlassend 1152307969 J * nox ~nox@noxlux.de 1152311066 J * Nam ~nam@70.71.224.66 1152311475 Q * bonbons Quit: Leaving 1152313380 Q * pusling Ping timeout: 480 seconds 1152315010 P * stefani I'm Parting (the water) 1152315178 Q * vrwttnmtu Quit: Leaving