1154476809 M * cehteh Skram: mysql doesnt support that 1154476854 M * cehteh maybe recent version with the inodb backend and some careful config options 1154476856 M * Skram i have an image with mysql.. i can untar and run it.. and the mysql tables still work.. 1154476860 M * Skram hmm okay 1154476864 M * Skram right on 1154476889 M * cehteh will work doesnt say anything about unnoticed data corruptions, lost transactions and stuff 1154476891 M * daniel_hozac well, as long as it's not being written to while you're backing it up, it should be fine. 1154476903 M * Skram Right 1154476912 M * cehteh postgresql support it (but also only if u set it up to properly) 1154476921 M * Skram Right. thanks 1154476936 M * cehteh daniel_hozac: thats hard to enforce i think 1154476950 M * daniel_hozac very much so. 1154476956 M * daniel_hozac easier to just stop it. 1154476958 M * cehteh execpt stopping the db while backing up 1154476959 M * doener cehteh: MyISAM tables know nothing about ACID transactions ;) and there's even a "program" to do such hot-backups... simply lock the tables, copy/tar the files and unlock the tables 1154476991 M * doener for innodb you need to buy some extra program for hot backups... 1154477010 M * Skram well.. i dumped my mysql data into a file and tarred it up with other files.... BUT i dont have root mysql access to all the vpses.. 1154477014 M * cehteh are you sure that lcoking is enough? ... i dont know about the flushing plolicies of the database backend 1154477116 M * daniel_hozac lock + flush should do it, no? 1154477128 M * doener cehteh: "lock" as in "FLUSH TABLES READ LOCK" of course... 1154477160 M * cehteh ;) 1154477190 M * doener s/READ/WITH READ/ 1154477221 M * doener http://dev.mysql.com/doc/refman/4.1/en/flush.html 1154477267 M * doener oh boy... the current reiser4 threads are huge... (lkml) 1154477408 M * Skram i use reiserfs 1154477422 M * Skram blah, person who set this server up.. lvm too; whatever 1154477772 M * cehteh eh 1154477790 M * cehteh ist some time ago that i checked reiser4 for the last time 1154477795 M * cehteh is it stable now? 1154477806 M * cehteh i always managed to break it somehow 1154477816 J * chand ~chand@gw.net81-65-27.noos.fr 1154477828 M * cehteh performance was great but who cares when it crashes 1154477910 M * doener well, according to the threads is either perfect, total crap or somewhere in between... ;) 1154477947 M * cehteh i only belive in my own tests 1154477977 M * cehteh and they show that performance is perfect and stability is crap 1154477992 M * cehteh which doesnt count as 'in between' for me 1154478023 M * doener I was only referring to stability 1154478037 M * cehteh there are not many things on a computer which are more worse than a crashing filesystem 1154478068 M * cehteh i can (at least could some time ago) crash it reproducible 1154478086 M * doener a number of folks like to play the FS-X-has-lost-most-files(-for-me) game 1154478091 M * cehteh is someone says it is perfect, then he didnt stress testet it 1154478128 M * doener which then boils down to "all FS suck" (at least if you're pessimistic ;) 1154478136 M * cehteh do you have a reiser4 somewhere? 1154478160 M * Skram is it safe to use split on tar(.bz2) files.. i just append them together and untar... right? 1154478166 M * cehteh not i am talking about a syntehtic stress test from which i suspect a FS to pass it 1154478188 M * doener no, I'm not eager to play with my data.... ext3 works for me, so I stay with it 1154478196 M * cehteh many lost-my-files go back to some abuse (which shouldnt happen too) 1154478265 M * cehteh but thats really a simple demand if i can crash a fresh filesystem in a controlled environment without poweroutage on hardware which is not defecht i want it to survive that test 1154478294 M * cehteh that isnt a hard claim or? 1154478326 M * cehteh and i am not one of the hans-reiser bashing guys .. i use reiser3 and it works well too 1154478349 M * doener till you hit the "too many same hashed files" limit ;) 1154478377 M * cehteh reiser4 is just not finished/mature and counting the assertation which are in the code is not a (sufficient) metric for code quality 1154478406 M * doener http://lkml.org/lkml/2006/7/21/109 -- if you have a day spare :) 1154478413 M * cehteh no thanks ... 1154478430 M * cehteh if i am bored and building some kernels i may give it a new try . 1154478487 M * cehteh if it survives my tests then its fine (tests: running dbench in parallel with some fsx instances, fsck, rinse, repeat) 1154478500 M * cehteh fsck's shall never detect errors that way 1154478518 M * cehteh actually it even locked the kernel or crashed it last time 1154482607 J * SJr sjr@S01060000e8d915d1.vf.shawcable.net 1154482646 M * SJr Question can I setup different VServers to connect to a PPP server and access those ones indepenantly of eachother? 1154482765 J * anonc ~anonc@staffnet.internode.com.au 1154482807 M * Bertl SJr: hmm, yes, why not? 1154483024 M * SJr Hmmmm I'm reading the FAQ and it seems that there are lots of issues with networking 1154483034 M * SJr and various calls 1154483063 M * Bertl no, not really, the main 'issue' with networking is, that folks expect something virtualized or separate ... 1154483082 M * Bertl while Linux-VServer only does IP isolation for the guests 1154483090 M * Bertl and all networking happens on the host 1154483097 M * SJr ah 1154483116 M * SJr so in theory if I were to connect to different machines in the vserver they would overlap and conflict with eachother, the routing tables wouldn't be seperate 1154483177 M * Bertl depends on what you configured on the host :) 1154483190 M * SJr hmmmm well basically I think I want to work with seperate, but thanks :) 1154483203 M * Bertl look, it's not much different from normal networking ... 1154483232 M * Bertl you can have separate routing and iptables and all that stuff (as on any other linux box) just by setting them up on the host 1154483258 M * Bertl the guests are _just_ using that setup (being limited to a subset of all ips) 1154483438 M * SJr Bertl hmmm but in general you can't have two routes to the same IP and expect applications to be able to choose there route 1154483440 M * SJr afaik 1154483510 M * Bertl why would you want to do that? 1154483531 M * Bertl usually it is sufficient to have two routes for two different (source) ips 1154483560 M * Bertl I do not see a working setup where two guests would have the same ip but different routes? 1154483592 M * Bertl well, actually you could have that too, assumed the guests use different ports 1154483618 M * SJr basically I work for an ISP and want to do a dial up tester 1154483663 M * SJr but if I'm using PHP to connect to a site, I see no way to specify my source IP 1154483669 M * Bertl okay, so each guest would get a separate ip, no? 1154483692 M * Bertl dial up tester == something which connects somewhere to test? 1154483696 M * SJr yes 1154483719 M * Bertl so as I see that, you start a ppp session for each guest, receiving a separate guest ip, no? 1154483744 M * SJr Yes 1154483754 M * Bertl each guest will then have a separate 'default' route 1154483765 M * Bertl (based on it's source ip of course) 1154483790 M * Bertl your limit here is only the number of routing tables available in linux (255-3) 1154483799 M * SJr hmmmmm 1154483801 M * SJr that's fine 1154483812 M * Bertl so you can basically test 252 guests/dial-ups at once :) 1154483843 M * SJr hmmmm 1154483848 M * SJr what distro is good for vserver 1154483863 M * Bertl the one you are comfortable with :) 1154483948 M * SJr hmmmmm 1154483988 M * SJr Bertl if I want to expand and run things like nmap or tcpdump in these vservers will I have problems? 1154484023 M * Bertl well, by default low level connects are not permitted 1154484026 M * SJr Ideally I'd like these to be completely open ended. 1154484041 M * Bertl i.e. things which sniff or inject arbitrary packets 1154484043 M * SJr and according to the FAQ DHCP and Bind have porblems running. 1154484096 M * Bertl bind has issues because the bind folks did not understand the capability system, and even those issues have been worked around in latest devel 1154484103 Q * sannes Quit: BitchX-1.1-final -- just do it. 1154484116 M * Bertl (i.e. disabling the capability stuff for bind makes it work quite fine) 1154484120 M * SJr hmmmm but things like nmap and php would work fine? 1154484126 M * SJr oh wait, nmap won't easily :) 1154484136 M * Bertl nmap will require raw sockets 1154484161 M * SJr How does VServer stack up against Xen or UML? 1154484180 M * Bertl well, it's faster and uses less resources 1154484191 M * SJr but...? 1154484191 M * Bertl but you cannot run your own kernel for each guest 1154484264 M * Bertl so, if you want to test with _almost_ real machines, you should probably go for xen, you can probably have 20 or 30 guests running there with almost no difference to real systems 1154484298 M * Bertl or alternatively QEMU, which is a system emulator like VMware 1154484308 M * SJr I thought Xen is like VMware? 1154484322 M * Bertl depends on the VMware :) 1154484341 M * SJr which VMWare? 1154484349 M * Bertl yes precisely :) 1154484456 M * SJr I'm familiar with VMWare, oh you mean like ESX or whatever. hmmmm 1154484501 M * Bertl one is similar to Xen, the other is similar to QEMU ... of course, different features ... 1154484712 M * SJr Hmmmm 1154484937 Q * chand Quit: chand 1154485382 M * ray6 Hi from Grand Canyon BTW... no vservers here though :) NE1 on Defcon this week? 1154485455 M * Skram hey, ray6 1154485468 M * Skram I was at the grand canyon less than 6 or so weeks ago 1154485474 M * Skram i know a couple of people going to defcon.. 1154485650 M * Bertl ray6: yep, grand canyon is nice ... 1154485670 M * Skram Yeapps 1154485675 M * Skram I met ray6 at HOPE :) 1154485691 M * Skram my talk went foobar, but it was fun 1154486922 Q * Vudumen Remote host closed the connection 1154486954 J * Vudumen ~vudumen@217.20.138.14 1154487106 Q * meandtheshell Quit: bye bye ... 1154487230 Q * s0undt3ch Ping timeout: 480 seconds 1154487428 Q * gerrit Ping timeout: 480 seconds 1154487538 J * s0undt3ch ptubejuj@bl7-242-37.dsl.telepac.pt 1154488020 J * gerrit ~gerrit@66.46.95.226 1154489436 M * matti Skram: I heard there will be no Defcon this year? It is true? 1154489449 M * Skram matti: who said that? 1154489464 M * Skram I know a couple people inLas Vegas.. a couple making it out tonight from Seattle, Etc. 1154489468 M * Skram I doubt that's tru 1154489469 M * Skram e 1154489480 M * matti Spender. 1154489481 M * matti [01:21:34] < spender> hate to be the bearer of bad news 1154489482 M * matti [01:21:38] < spender> but there won't be any defcon this year 1154489490 M * Skram where was this said? 1154489497 M * matti #grsecurity 1154489501 M * Skram pfft 1154489502 M * Skram whatever 1154489520 M * Bertl matti: maybe he meant that he will not join ... 1154489522 M * matti But, I am not sure... so I am askin' ;p Peace man :) 1154489545 M * matti Bertl: Well, they said something about Iraq and so on... 1154489558 M * Skram wha? 1154489566 M * matti Bertl: So I just though. Well, nevermind :) 1154489574 M * Bertl not saying that it is not true, just providing 'options' :) 1154489587 M * matti Skram: Oh I mean Israel. 1154489592 M * matti Skram: I am tired, sorry :) 1154489604 M * Skram :) 1154489757 M * matti Bertl: BTW, can cpusets be handy somehow? I mean, from vserver point of view. 1154489885 M * Bertl yes, definitely 1154490016 M * matti :) 1154490017 M * matti Aye. 1154490023 M * matti Will read more about then. 1154490164 M * Bertl hah! I finally managed to get a persistant tunnel over a constantly reconnecting, ip-changing adsl line ... 1154491359 Q * glut Read error: No route to host 1154491821 M * matti Bertl: Horraayyy!! :) 1154494796 M * Bertl okay, enough done for today ... off to bed now ... have a nice whatever everyone ... and cya tomorrow! 1154494802 N * Bertl Bertl_zZ 1154497698 J * coocoon ~coocoon@p54A07CDC.dip.t-dialin.net 1154497722 M * coocoon morning 1154498840 M * Skram morning 1154498845 M * Skram wasnt i on when you went to sleep!? 1154498848 M * Skram scary 1154498862 M * coocoon evening ;-) 1154498864 M * Skram heh 1154498866 M * Skram its 1am 1154498870 M * Skram i have something at 8am 1154498873 M * coocoon ok mahlzeit 1154498873 M * Skram eww 1154498890 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154498980 J * pisc1 ~pampel@p5087A50E.dip0.t-ipconnect.de 1154499641 Q * pisc1 Ping timeout: 480 seconds 1154499739 M * coocoon Hollow: no sparc support for vserver-utils ?????? ;-) 1154500089 J * zkbrsnie ~zkbrsnie@83-64-146-226.klosterneuburg.xdsl-line.inode.at 1154500755 J * dna ~naucki@97-227-dsl.kielnet.net 1154501633 Q * coocoon Quit: KVIrc 3.2.0 'Realia' 1154501754 J * renihs ~penguin@83-65-34-34.arsenal.xdsl-line.inode.at 1154501934 J * coocoon ~coocoon@p54A0740B.dip.t-dialin.net 1154502475 J * bonbons ~bonbons@83.222.36.236 1154503778 J * Pazzo ~thomas@dialin-225136.rol.raiffeisen.net 1154504124 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1154504130 Q * sladen Ping timeout: 480 seconds 1154504449 Q * Viper0482 Remote host closed the connection 1154504586 J * Jeevan ~Jeevan@adsl-065-006-150-049.sip.asm.bellsouth.net 1154504816 Q * Jeevan 1154505533 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1154506022 M * renihs hmm funny, just seeeing a vserver where i cant use chxid (invalid argument) 1154506041 Q * schimmi Ping timeout: 480 seconds 1154506042 M * renihs hmm cant remeber, does something need to be enabled for that? 1154506073 M * renihs ah tagxid 1154506107 M * renihs i guess? 1154506142 M * abi tagxid is my guess too 1154506293 J * glut glut@no.suid.pl 1154506579 M * renihs hmm 1154506589 M * renihs this is a reiser, says unknown option 1154506666 M * abi what vserver version? 1154506679 M * renihs nono works, just me beeing dumb 1154506681 M * renihs tried a remount 1154506688 M * renihs which is disabled intentionally 1154506697 M * abi :) 1154506726 M * renihs vservers are so stable, i usually cant remember anything (only doing things once :) 1154507154 J * sladen paul@starsky.19inch.net 1154510599 J * chand ~chand@gw.net81-65-27.noos.fr 1154510621 Q * chand 1154510650 J * schimmi ~sts@aquila.tcs.ifi.lmu.de 1154512141 M * renihs hmm whats the way again to modify ulimit in vserver (gentoo) 1154512145 M * renihs stupid brain cant remember 1154512399 M * anonc you mean to set a limit from outside? 1154512599 M * anonc /etc/vservers//rlimits 1154512649 M * anonc see rlimits section here: http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1154512689 Q * Greek0 Quit: Lost terminal 1154512803 J * Greek0 ~greek0@85.255.145.201 1154512818 M * renihs anonc, yep, thx alot 1154512883 J * mire ~mire@29-167-222-85.COOL.ADSL.VLine.verat.net 1154513376 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154513756 M * renihs hmm me dumb, i guess i have to create a /etc/vserver//rlimits/ dir and in there i create a ressource in which i put for example nproc 10000 1154514036 M * renihs echo 10000 > nproc.max for example? 1154514703 J * lilalinux ~plasma@80.69.35.186 1154514826 Q * Viper0482 Remote host closed the connection 1154515050 Q * Curus Ping timeout: 480 seconds 1154515523 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154516049 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1154516780 Q * Viper0482 Remote host closed the connection 1154517980 Q * Aiken Ping timeout: 480 seconds 1154518066 Q * michal` Ping timeout: 480 seconds 1154518399 J * _Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1154518576 J * michal` ~michal@www.rsbac.org 1154518581 Q * Roey Ping timeout: 480 seconds 1154518939 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154519010 J * _Kara ~Kashira@ip-80-226-230-253.vodafone-net.de 1154519021 M * _Kara hi 1154519199 M * _Kara i have a problem with some of my vservers. it seems as if the apache freezes as soon as somebody makes a large upload via ftp. apache still listens, but does not answer anymore. Only restart of httpd solves the problem. is this maybe a known issue? 1154519692 Q * Viper0482 Remote host closed the connection 1154520002 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154521365 J * wam ~wam@proxy1.msh.de 1154521806 J * Curus ~Curus@kbhn-vbrg-sr0-vl209-213-185-8-10.perspektivbredband.net 1154521850 J * _cob ~cob@pc-csa01.science.uva.nl 1154522012 M * renihs hmm i still have a problem with ulimit within a vserver 1154522018 Q * ||Cobra|| Ping timeout: 480 seconds 1154522054 M * renihs i did set rlimits and changed the ulimit on the vserver host, within the guest i can set ulimit but 1154522055 M * renihs for example 1154522063 M * renihs ulimit -HN 10000 works 1154522078 M * renihs hoever if i would try ulimit -n 8000 afterwards -> error 1154522083 M * renihs i can only set them once 1154522085 M * renihs strange 1154522117 M * renihs lets say they are set to 10000, i can lower them to 6000 but not raise them again 1154522672 M * derjohn renihs, you cannot gibe 'lager' values, only lower ones 1154522686 M * derjohn but why do set ulimit on the host? 1154522689 M * harry heya all! 1154522695 M * derjohn you mean: ulimit for the guest! 1154522702 M * derjohn harry, weclome ! 1154522715 M * harry stupid q maybe but: i've got a question/situation which i need solved and i don't konw if it's possible 1154522729 M * harry my system now is made up of: /vserver/ 1154522740 M * harry each is a logical volume (lvm2) of a certain size 1154522744 M * harry online expandable etc... 1154522747 M * harry so really neato 1154522753 M * harry BUT! it's on local disks 1154522767 M * harry i want to put it all on a NAS box, 1 big logical volume 1154522775 M * harry /vservers 1154522786 M * harry with all the virtual machines in there 1154522798 M * harry BUT! how do i get per directory quota on such an nfs share? 1154522816 M * harry so that 1 machine cannot fill the entire /vserver dir 1154522846 M * harry this would be awesome, because then, i could just setup 5 really big machines 1154522849 M * harry all mount /vservers 1154522864 M * harry and i can start vservers as i wish on different real hosts 1154522870 M * harry my own load balancer :) 1154522881 M * harry 1 machine down? just vserver start on another 1154522884 M * harry and we're off again 1154522953 M * harry our nasbox is mirrored to DR site, so it makes disaster recovery extremely easy! 1154522959 M * harry just put half of the machines over there 1154522965 M * harry half heree... and let's go! 1154522973 M * harry but... i need per vserver-quota 1154522975 M * harry on an nfs share 1154523000 M * harry 1 nfs volume per vserver is not really an option , since that would be too much overhead/kill :) 1154523058 M * harry i hope this explanation is clear, and someone can help me figure this one out 1154523073 M * renihs derjohn, if i set with rlimits the max files to 10000 and the vserver HOST system does only support 1024 it would still work? 1154523130 M * doener harry: AFAIK there's some special support for disk-limits over nfs. Don't know if that needs a patched nfs server kernel though 1154523167 M * harry a patched nfs server kernel??? 1154523173 M * harry nasbox is a netapps machine 1154523186 M * harry it's the host itself that needs to "check the qouta" i would think? 1154523204 M * harry the nasbox can't "set quota" on subdirs 1154523241 M * harry well... it can, but only on per user level... so 3GB for each subdir on the /vservers/ ...but for each user 1154523254 M * harry so that means: 20 users => 20x3GB 1154523261 M * harry i want only 3 gig for each server 1154523575 J * meandtheshell ~markus@85-124-175-215.dynamic.xdsl-line.inode.at 1154523705 M * _Roey hi all 1154523708 M * _Roey hey harry, doener 1154523717 M * _Roey derjohn 1154523734 M * _Roey how's the new networking code coming? 1154523745 M * _Roey meandtheshell: hey man, I like your nick 1154523784 M * meandtheshell _Roey: thx :) 1154523803 M * harry heya romke 1154523805 M * harry _Roey: 1154523932 J * Milf ~Miranda@ipsio433.ipsi.fraunhofer.de 1154523974 M * _Roey aye 1154523993 M * _Roey harry: so what's this thing called again? 1154524002 M * _Roey the next-gen networking code? 1154524042 M * renihs hmmm cat /proc/virtual//limits shows 1154524050 M * renihs Limit current min/max soft/hard hits 1154524050 M * renihs NON: 18962 0/ 18962 -1/ -1 0 1154524067 M * renihs ANON= anomous paging? i guess thats not yet supported to increase the value 1154524147 M * derjohn renihs, i think so but only up to 1024 files :) (Linux has 4096 or such by default since 2.6) 1154524169 M * renihs -- ANON (18) ANON -r page anonymous memory pages 1154524177 M * renihs http://linux-vserver.org/Resource+Limits says its not yet supported :((( 1154524193 M * renihs -r = .. rlimit (accounted/planned) 1154524196 M * renihs :((( 1154524336 M * derjohn renihs, what do you wan to achieve? 1154524338 M * derjohn *want 1154524345 M * renihs i want to increase the ANON value 1154524365 M * renihs thats a vserver running the secure global desktop crap from sun 1154524385 M * renihs but cant get it running, throwing io exceptions, file descriptor problems etc 1154524399 M * renihs i fixed most but now it seems it reaches the max paging value 1154524404 M * derjohn renihs, and that need anon pages? (/me does not know what anon pages are .. but limits VSZ and RSS) 1154524422 M * renihs anonymous memory pages 1154524427 M * derjohn is ANON <= VSZ 1154524431 M * renihs http://linux-vserver.org/Resource+Limits 1154524432 M * derjohn ? 1154524435 M * renihs hmm i doubt that 1154524441 M * derjohn renihs, yes, I read that .... 1154524448 Q * Viper0482 Quit: one day, i'll find this peer guy and then i'll reset his connection!! 1154524460 M * renihs hmm 1154524465 M * renihs you say i should increase vsz? 1154524475 M * derjohn IMVVVVHO a guest cannot have more mem then AS + VSZ 1154524480 M * derjohn *than 1154524514 M * derjohn renihs, check http://linux-vserver.org/some_hints_from_john, one of the last Qs. 1154524524 M * renihs hmm but my box has 4gb ram 1154524527 M * renihs i doubt thats the problem 1154524539 M * derjohn renihs, (I mave be wrong though .. if so: please tell me!) 1154524562 M * derjohn renihs, keep in mind the limit works with pages. A page is usually 4 KB on x86. 1154524568 M * renihs but whats AS? 1154524569 M * renihs ah 1154524573 M * derjohn renihs, maybe divide your vales by 4. 1154524595 M * derjohn AS = Active set 1154524625 M * derjohn more or less AS = physical mem, VSZ = swap, so AS+VSZ < real mem 1154524625 M * renihs however i dont catch your drift at the moment 1154524630 M * renihs ah :) 1154524632 M * renihs ok 1154524647 M * renihs hmm in total i have 12 GB then 1154524654 M * renihs 4gb ram, gb swap :) 1154524656 M * renihs 8 1154524667 M * derjohn renihs, just guessed your limits dont work, maybe becuase of the *4 problem. it was just a guess ... :) 1154524686 M * renihs my limits work now, but there is no option in rlimits for ANON (yet) 1154524687 M * derjohn 4 GB swap? you're insane ; ) *lol* 1154524694 M * renihs 8GB 1154524698 M * renihs twice the size of mem 1154524703 M * renihs incase of core dump :) 1154524712 M * renihs pointless i know 1154524713 M * derjohn renihs, so the ANON Value is unlimited? (or: host max) 1154524747 M * derjohn renihs, if a host _uses_ 8 GB of swap, even with fast disks it get slow as a commodore64 :) 1154524754 M * renihs at /proc/virtual/3398/limit -> NON: 18984 0/ 18984 -1/ -1 0 1154524756 M * renihs it uses 0 1154524757 M * renihs :) 1154524777 M * renihs can i query you? 1154524781 M * derjohn renihs, well, but the sun desktop complains? 1154524783 M * renihs wanna paste 5 lines 1154524801 M * derjohn renihs, sure, but i cannot guarantee a cool answer ;) 1154524825 M * derjohn other are more enlightend than me .... (they may be asleep now) 1154524834 M * renihs ya but spamming the chan? 1154525362 J * pisc1 ~pampel@p50879867.dip0.t-ipconnect.de 1154525656 Q * _Roey Ping timeout: 480 seconds 1154525700 Q * pisco Ping timeout: 480 seconds 1154525710 J * _Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1154526233 N * Bertl_zZ Bertl 1154526239 M * Bertl morning folks! 1154526341 M * renihs hi Bertl 1154526361 M * renihs if i could phrase my problem i would make good use of you now 1154526361 M * derjohn Bertl, hello! FYI: the artcle just got accepted. 1154526367 M * renihs lucky for you i cant :) 1154526430 M * Bertl derjohn: excellent work! thanks a lot! 1154526441 J * Ben81 ~Ben81@tipi0e.lri.fr 1154526444 M * Ben81 kubuntu-fr 1154526449 M * Bertl renihs: well, you can try? :) 1154526468 M * Ben81 oups bad windows sorry 1154526475 M * Bertl Ben81: np 1154526488 M * derjohn Bertl, is it normal that in /proc/virtual/limit all ANON Pages are used up? (nearly always) 1154526521 M * Bertl you mean that they do not get below the current max? 1154526525 M * renihs heh, i got a vserver running suns "secure global desktop", however the java vms running there throw java.io exceptions, complain about missing file descriptors and no availiable workers :) 1154526544 M * renihs i fixed most with rlimits but somehow that thingie has a bottleneck somewhere 1154526545 M * Milf ANyone know where I can find printable Linux Howtos? tldp.org has me baffled and shows only online versions. 1154526571 M * Bertl renihs: well, java (especially from sun :) is known to have certain resource bottlenecks :) 1154526581 M * renihs :) 1154526607 M * derjohn Bertl, yes, it looks like mAX = current ... 1154526624 M * renihs hmm but one thing is strange, i set nofile to 8192 in rlimits but if i do a ulimit -n in my guest it returns 1024 1154526638 M * Bertl Milf: http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/ps/ 1154526646 M * renihs cant change neither, unless i set it in my vserver host and restart the vserver guest (then its the same value as in host) 1154526669 M * renihs and then i can only decrease the value (but not set it higher again) 1154526673 M * Bertl renihs: rlimits and ulimits are different beasts 1154526690 M * renihs ya but doesnt rlimit affect the ulimit inside a vserver? 1154526696 M * derjohn Milf, ehlo! Did "someone" contact you? 1154526696 M * Bertl renihs: first, check that your host has no hard/soft limits on that one (with ulimit -HS) 1154526716 M * renihs ulimit -HS shows unlimited 1154526729 M * Bertl ulimit -aH 1154526739 M * renihs and aH shows 1024 1154526750 M * renihs for files 1154526751 M * Bertl see, so there is your limit, and it is inherited to the guest 1154526772 M * Bertl you can, nevertheless, raise the hard limit with CAP_RESOURCE 1154526783 M * Milf derjohn: 250 which 'someone' do you mean? Gonzo? 1154526796 M * Milf bertl: thankx 1154526808 M * derjohn Milf, nope I forwarded you "stuff" to someone. I am pretyt sure, he' 1154526816 M * derjohn ll contact you soon. 1154526824 M * derjohn simply wait ;) 1154526845 M * Milf derjohn: What "stuff" of mine did you still have? I'll be anxiously waiting :) 1154526883 M * derjohn Milf, your CV *lol* 1154526929 Q * Ben81 Quit: Leaving 1154526932 M * Milf derjohn: Oh, someone with a consulting/headhunting outfit in Mainz maybe? 1154526943 M * derjohn Milf, yup. 1154526953 A * Milf wondered where that guy got it's address. 1154526972 M * derjohn Milf, I hope my lesser magic will work for you ;) 1154527008 M * Milf derjohn: So I'll call the guy up and have a chat with him. Would've already done it if he'd included regards from you. 1154527035 M * renihs uhm, how can i give CAP_RESOURCE, i remember darkly that with the old vservers i had to put it into a config but ....googling 1154527063 M * Milf derjohn: Any Keywords for me? 1154527131 M * Bertl renihs: bcapabilities, but I'd try to raise that limit for root on the host and restart the guest 1154527142 M * Bertl renihs: saves you a lot of trouble lateron :) 1154527201 A * Milf slaps it's face: the Howto in .pdf format was right on the Ruby porter's webpage ... *stupid* *stupid* *stupid* 1154527210 M * renihs hmm :) but security concerns are not a problem at the moment 1154527211 M * derjohn Milf, keywords: derjohn is a friend :) 1154527227 M * renihs k i will try one more time, i wish those java thingies would just tell me were they are hitting a max 1154527239 M * derjohn Milf, but I doubt that it will be vserver correlated. 1154527254 A * Milf thinks: Yes, that makes a good keyword. Just like "Ken sent me" 1154527283 A * derjohn thinks Milf played to much adult games ;) 1154527371 A * Milf smirks that it finally found someone who knows that line. 1154527424 M * renihs hmm strange, those scripts should have set a new ulimit -n value but they did not (inherited from root host) 1154527456 M * renihs Bertl, just for "testing" purposes, how can i give CAP_ressource? :) 1154527509 M * Bertl just add it to the bcapabilities file 1154527533 M * Bertl i.e. echo CAP_RESOURCE >>/etc/vservers//bcapabilities (IIRC) 1154527545 M * renihs Error on file descriptor circuit. Killing PE Manager <- great error msg :) 1154527563 M * renihs Bertl, thanks alot 1154527623 M * Bertl okay, have to get something to eat now ... brb 1154527627 M * renihs Unknown bcap 'CAP_RESOURCE' 1154527634 M * renihs hmm 1154527690 M * renihs mahlzeit :) 1154527695 Q * bonbons Quit: Leaving 1154527852 M * Bertl CAP_SYS_RESOURCE probably 1154528014 M * renihs ya i noticed 1154528015 M * renihs :) 1154528023 M * renihs however it doesnt wanna stop now :) 1154528091 Q * gerrit Ping timeout: 480 seconds 1154528289 M * Bertl renihs: unusual, but vkill is your friend 1154528299 M * renihs ya, hmm 1154528304 M * renihs however as usual you are right 1154528308 M * renihs didnt solve the issue 1154528309 M * renihs : 1154528310 M * renihs :) 1154528370 M * Bertl it might be some ugly job, but did you consider stracing the entire beast, checking for 'unusual' errors? 1154528410 M * renihs hmm 1154528420 M * renihs its not option because that script calls upon so many things 1154528426 M * renihs howver i now have a new error :) 1154528429 M * renihs Couldn't start Tarantella services: unable to bind to port 5427. 1154528429 M * renihs :) 1154528441 M * renihs that one wasnt there before :) 1154528451 M * Bertl probably something is already/still bound there 1154528478 M * renihs nop 1154528499 M * renihs shouldnt want to bind there, it doesnt do it on solaris 1154528528 M * Bertl well, maybe there are different 'tarantellas' on solaris :) 1154528554 M * renihs nope they say its the same :) 1154528565 M * renihs hehe, but me dumb, i have alot close_waits on that port 1154528566 M * Bertl as usual, google might be your friend 1154528572 M * renihs typing is a skill i should possesss 1154528574 M * renihs ya 1154528591 M * Bertl so my 'still bound' assumption was right then :) 1154528629 M * renihs yes 1154528631 M * renihs as always 1154528632 M * renihs :) 1154528710 J * minder2004 minder@cpe-065-184-156-123.ec.res.rr.com 1154528750 J * gerrit gerrit@66.46.95.227 1154528803 Q * Pazzo Quit: Ex-Chat 1154528810 M * _Roey hey all 1154528813 M * derjohn renihs, i bet the java-spider wants to binf 127.0.0.1m which is not there in vserver. set localhost to the guest ip in /etc/hosts of the guest. 1154528816 M * _Roey again 1154528822 M * _Roey Bertl: heya! 1154528824 N * _Roey Roey 1154528826 M * Roey hehe 1154528842 M * renihs derjohn, hmm valid assumption 1154528842 M * renihs lol 1154528845 M * renihs lemme try 1154528883 M * derjohn of better: check the code for 127.0.0.1 and replace it. some tools "hardcode" 127.0.0.1 (sadly) 1154528893 M * Bertl hey Roey! 1154528913 M * renihs derjohn, thats my next try 1154528924 M * derjohn renihs, have fun ;) 1154528934 M * Roey Bertl: how is that next-generation net code coming? 1154528934 M * renihs :) 1154528947 M * Roey that will allow for an easier time with openvpn 1154528951 M * Roey over vserver 1154528951 M * Roey ? 1154528958 M * derjohn Bertl, we need a counter in /proc that gets a hit when a guests get remapped from 127.0.0.1 1154528978 M * derjohn Bertl, that would easify the debugging ;) 1154528989 M * Bertl Roey: pretty good actually, but mostly in mainline 1154529009 M * Bertl derjohn: should not be too hard actually ... 1154529041 M * Roey Bertl: so is this the most current documentation for openvpn+vserver: http://linux-vserver.org/OpenVPN 1154529069 M * Bertl maybe, no idea when that was updated 1154529092 M * derjohn Roey, check: http://linux-vserver.org/some_hints_from_john 1154529098 M * derjohn one of the last Qs. 1154529162 Q * minder2004 1154529183 M * Roey thanks derjohn :) 1154529189 M * Roey that's your document? 1154529200 M * derjohn Roey, yup, my braindump ;) 1154529278 M * Roey =) 1154529281 M * Roey well thank you very much 1154529285 M * Roey that is a lovely braindump 1154529294 M * Bertl derjohn: you actually observe increasing ANON usage? 1154529366 Q * schimmi Ping timeout: 480 seconds 1154529832 M * derjohn Bertl, dunno, I looked it up for renihs, but this probs were not correlated to the ANON limits at all as it seems. 1154529875 M * derjohn Bertl, but limiting AS+VSZ should set a 'hard' Maximum fir a guest? is ANON to be added ? 1154529877 M * Bertl well, I _think_ the anon/file accounting (file not reported IIRC) should be correct, as it is verified on guest exit 1154529877 M * renihs i had ANON: 18997 0/ 18997 -1/ -1 0 and i thought i might be related 1154530092 J * mef ~mef@targe.CS.Princeton.EDU 1154530097 M * Bertl welcome mef! 1154530099 M * mef hello 1154530167 M * renihs hi mef 1154530382 Q * wam Quit: Verlassend 1154531091 J * schimmi ~sts@port-212-202-73-176.dynamic.qsc.de 1154531097 M * mef hi renihs 1154531284 M * Milf Where Do i get older Kernelpatches again? I need 2.6.13, as that's the latest that will be Ruby-patcheable 1154531305 M * Wonka Milf: kernel.org 1154531321 M * Milf I mean VServer patches for older kernel versions. 1154531333 M * sid3windr ruby-patchable? :) 1154531339 M * Milf A 2.6.13 Kernel I already have. 1154531359 M * Milf No, not Ruby the programming language, but Ruby the kernel patch. 1154531436 M * renihs gruml, 127.0.0.1 is also hardcoded in most binaries, crappy tarantella stuff 1154531447 M * doener as in backstreet-ruby (or whatever it was called)? 1154531452 M * Wonka Milf: http://vserver.13thfloor.at/Experimental/OLD-2.0/ 1154531455 M * renihs hmm is there any simple way of faking the 127.0.0.1 maybe? 1154531458 M * Wonka Milf: http://vserver.13thfloor.at/Experimental/OLD-2.1/ 1154531466 A * Milf points to renihs and sez: See? He's got the same problem I'm having with OpenExchange. 1154531478 M * renihs use scalix 1154531479 M * renihs :) 1154531481 M * Milf wonka: Experimental only? 1154531488 M * renihs alot better than openexhange but also commercial :( 1154531491 M * Wonka Milf: haven't found others 1154531502 M * doener Milf: check 13thfloor.at 1154531508 M * Wonka Milf: only for 2.6.12.4 1154531557 M * Milf Well what the heck, it's only an experimental setup to try out Zeng's Howto. 1154531557 M * sid3windr scalix is slow 1154531567 M * Milf Wahtever is scalix? 1154531611 M * sid3windr groupware 1154531630 M * renihs lol, i now have a loopback device in my vserver 1154531666 M * derjohn renihs, yes, but 127.0.0.1 might get problematic. usually you use 127.0.0.2/32 on eth0 := 1154531668 M * derjohn :) 1154531675 M * Milf Well does scalix connect to Outlook, which many of our users use? 1154531684 M * sid3windr yep. 1154531694 M * Milf Does Scalix have a migration tool to port all of the data we currently have in SLOX to it? 1154531700 M * sid3windr I doubt it. 1154531724 M * Milf Hmm, there was a yes somewhere. Interesting, you got a URL for me? 1154531749 M * sid3windr www.scalix.com 1154531752 M * renihs Milf, yes 1154531754 M * Milf Thanks. 1154531757 M * sid3windr but < sid3windr> scalix is slow 1154531758 M * renihs and it works too 1154531758 M * sid3windr ;) 1154531769 M * sid3windr and it can't cache public folders offline 1154531773 M * sid3windr which sucks 1154531775 M * renihs i never got openexchange really workding (with calendar and deeper stuff but that was more than a year ago 1154531776 M * sid3windr so we don't use it 1154531787 M * derjohn Milf, for a mapi client you can even check stalker's communigate pro, which is said to be the fastest mailserver ever. 1154531789 M * renihs true, its not fast but neither is exchange 1154531888 M * derjohn really: it has incredilble smtp performance. but it's not opensource, so I dont use it ;) 1154531940 M * Milf Whatever. This company is going to hell and I don't care. I'll set up OPenExchange but I doubt the necessary hardware arrives in time :) 1154531955 M * derjohn Milf, cool planning ;) 1154531987 M * Milf Me gotta think of me. So I'll push through some projects so I have something to talk about on recruiting interviews :) 1154532046 M * Milf derjohn: I'm working on the OpenExchange install since last christmas. My boss keeps changing parameters and waiting for new hardware to satisfy the new parameters. 1154532053 A * phedny scraps Milf from his list of potential foreign employees 1154532090 A * Milf gives phedny a thumbs up. 1154532157 M * Roey YES 1154532159 M * Roey I remember now. 1154532162 M * Roey Bertl: it's called ngnet. 1154532171 M * Roey Bertl: and I meant to ask how ngnet development was coming along 1154532244 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154532255 Q * Viper0482 1154532507 M * Bertl Roey: well, one part of ngnet is on-hold, waiting for the mainline development results 1154532512 M * Roey oh, ok. 1154532524 M * Bertl Roey: the other part (including ipv6) is working to some extend 1154532558 J * Viper0482 ~Viper0482@p5497781B.dip.t-dialin.net 1154532639 M * Milf cya all 1154532646 Q * Milf Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1154532826 J * |coocoon| ~coocoon@p54A07407.dip.t-dialin.net 1154532892 J * _coocoon_ ~coocoon@p54A07407.dip.t-dialin.net 1154532912 Q * _coocoon_ 1154533141 Q * coocoon Ping timeout: 480 seconds 1154533195 Q * |coocoon| Quit: KVIrc 3.2.0 'Realia' 1154533651 P * pisc1 1154534947 P * mef 1154535586 Q * renihs Quit: Leaving 1154535760 Q * romke Quit: leaving 1154535764 Q * _cob Remote host closed the connection 1154536419 J * bonbons ~bonbons@83.222.36.236 1154536773 Q * Viper0482 Remote host closed the connection 1154537530 Q * KantankerousKid 1154537956 Q * _Kara 1154537967 J * KantankerousKid ~blah@149.9.0.27 1154539251 Q * meandtheshell Quit: bye bye ... 1154539261 J * meandtheshell ~markus@85-124-175-215.dynamic.xdsl-line.inode.at 1154539468 M * Skram Okay.. getting a new server for dev and playing, for the most part; Until now I have done VServers on gentoo.. which is better/easier/more stable.. VServers on CentOS or Debian? 1154539747 M * Bertl IIRC, by now, debian includes all the required stuff by default 1154539820 M * Skram wow 1154539823 M * Skram hrmm 1154539834 M * Skram CentOS is easy too though 1154540048 J * rastaman ~conf@200-71-184-101.nat.genericrev.telcel.net.ve 1154540048 Q * FireEgl Ping timeout: 480 seconds 1154540085 M * Bertl welcome rastaman! 1154540111 J * stefani ~stefani@tsipoor.banerian.org 1154540133 M * Bertl wb stefani! 1154540144 M * stefani hola Bertl. 1154540426 M * Skram anyone done VServer with a CentOS host? 1154540457 M * Bertl I'm pretty sure someone did :) 1154540464 M * Skram well, yeah :) 1154540549 P * rastaman 1154540605 M * brc_ I did 1154540609 M * brc_ i do 1154540609 M * brc_ :) 1154540629 M * Skram CentOS 4.3 (32 bit) 1154540640 M * Skram Im ordering a server.. will see how VServer goes on it 1154540749 M * matti Bertl: Maybe you can help me... 1154540795 M * matti Bertl: Did you ever used the mkinitrd/mkinitramfs to generate _correct_ initrd for latest kerneles? 1154540823 M * matti Bertl: I cannot understand, why kernel developer even touched this functionality and broke it. 1154540827 M * Bertl hmm, yes, works just fine on my ancient mandrake :) 1154540829 A * matti is a bit frustrated. 1154540855 A * phedny unfrustrates matti and shares some inspiration with him 1154540862 M * matti I can't build corrent initrd image for 2.6.17.7. 1154540867 M * Bertl matti: what is the issue on your side? 1154540879 M * Bertl i.e. where does it fail? 1154540912 M * matti All the time, when I try to boot the magic "no cpio magic" error shows up. 1154540938 M * matti I try different version of mkinird, mkinitramfs and even gentoo genkernel solution. 1154540946 M * matti Everything just do not work. 1154540950 M * Bertl means it checks/looks for an initramfs ... 1154540966 M * bonbons matti: sure you have compiled all you need into the new kernel? 1154540968 M * Bertl initramfs is cpio, while inird is still image 1154540994 M * matti Yes. 1154540996 M * Skram Pentium 920 - 2.8Ghz (2 x 2MB cache) 1154540999 M * Skram Should be a nice host.. 1154541011 M * matti Bertl: I never had any problem with generation of initrd. 1154541016 M * matti Bertl: Since 2.6.17.7 1154541021 M * Skram will just be running ~5 vpses 1154541023 M * matti Bertl: This drives me crazy :) 1154541030 M * Wonka my initramfs is generated via "cd $initramfs ; find . -depth | cpio --quiet -c -o | gzip -n -9 > $initramfs_image" 1154541065 M * matti Wonka: And the $initramfs is? 1154541109 M * matti Skram: Nice indeed. 1154541113 M * Wonka the directory containing the bootup stuff - /init and stuff 1154541172 M * matti Wonka: Heh, and what about any time-saving solution? 1154541177 M * Wonka ? 1154541197 M * Wonka haven't used a distro kernel for ages... 1154541204 M * matti Wonka: I've not time to spent all my work time on making yet another linuxrc stuff, etc. 1154541213 M * Wonka mh 1154541242 M * matti I cannot understand, why even this stuff was changed by developers. 1154541243 M * Wonka last time i used mkinitramfs, it just worked... 1154541254 M * matti This is totaly insane. 1154541262 M * Wonka the kernel developers wanted to get the old rootfs findung stuff out 1154541277 M * matti Wonka: And, and initramfs is _highly_ development. 1154541281 M * Wonka matti: no 1154541293 M * Wonka it's very stable, afaics 1154541294 M * Bertl well, initramfs simplifies a lot of things 1154541297 M * Wonka ack 1154541305 M * matti Hm. 1154541313 M * Wonka take a ramfs, unpack a cpio image into it... 1154541320 M * Bertl but, what I do _not_ understand is, why the direct floppy boot code was completely removed 1154541333 M * matti Bertl: You also noticed this? 1154541340 M * Wonka start /init after that 1154541347 M * matti Bertl: I don't understad this either. 1154541353 M * Bertl i.e. it is now impossible to dd a kernel to a floppy/memory stick without adding a boot loader 1154541354 M * Wonka everything else is userspace's problem 1154541382 A * matti thinks, that linux kernel is going in wrong direction somehow... 1154541388 M * Wonka Bertl: they could have made it optional... 1154541395 M * Wonka matti: why? 1154541408 M * Wonka Bertl: anyway, floppies ary dying out, and rightly so 1154541433 M * matti Wonka: Lack of documentation, things are changed too fast from version to version. 1154541455 M * matti Wonka: I am only mortal being. 1154541456 M * Wonka matti: getting things in faster was the intention... 1154541479 M * matti Wonka: I don't have time to sit 24/7 and read mailing lists, etc. 1154541482 M * Bertl Wonka: yeah, floppies are dying out, but the big companies providing bios updates haven't heard about that yet :) 1154541489 M * Wonka i don't read mls too 1154541490 M * matti Wonka: This is not good at all. 1154541512 M * Wonka Bertl: my last bios updates worked from CD-RWs with FreeDOS 1154541530 M * Bertl hehe, but it _came_ as floppy image, no? 1154541546 M * Wonka Bertl: thinkpad updates yes. hp updates are available as .iso 1154541557 M * Wonka Bertl: alternatively, windows .exe 1154541600 M * brc_ Bertl: How does this network virtualization thing work ? 1154541635 M * Bertl which one? 1154541667 M * brc_ The one you told me in pvt. Which will make iptables and routing inside vserver working 1154541723 M * matti HEh. 1154541729 M * Wonka ngnet? 1154541731 A * matti is stupid or something... 1154541739 M * matti I cannot make this working. 1154541740 M * matti :< 1154541750 M * Bertl brc_: well, Linux-VServer focuses (for performance reasons) on IP based Isolation not on network virtualization 1154541764 M * matti HEh, and today is my birthday, and I sit in work figthing with initramfs. Jesus. 1154541768 M * matti :< 1154541786 M * Bertl brc_: nevertheless, the recently formed virtualization task-force is working on network virtualization for mainline (linux) 1154541826 M * Bertl brc_: this will be utilized by Linux-VServer as soon as a 'working' prototype is present 1154541861 M * Bertl brc_: but the option for network/ip isolation (as done currently) will still remain 1154541913 M * brc_ do you know when will it be availble? Weeks, months or years? :) 1154541938 M * Bertl I'd say there should be something to work with at the end of this year .. maybe first quarter 2007 1154541944 M * dhansen brc_: patches availalble in months, merged in mainline closer to a year 1154541963 J * romke ~romke@procyon.romke.net 1154541970 M * brc_ good to know, i like linux-vserver a lot and it will be nice to be able to have routing and iptables working inside vserver 1154541999 M * brc_ btw, everyone ever though about this solution for iptables: Having a daemon running on host and "iptables binary" on each vserver would be a client to that daemon 1154542013 M * brc_ And it would send to daemon ARGV 1154542015 M * Bertl brc_: care to elaborate why you would want to have routing and iptables inside a guest? 1154542041 M * Bertl brc_: and yes, that _is_ a solution which is used by certain providers :) 1154542049 M * brc_ daemon would parse arguments sent by the client and insert them into a vserver specific chain 1154542073 M * Bertl brc_: yep, either that or via some web page ... works quite nicely as I was told 1154542100 M * brc_ Bertl: Clients want to have iptables, create vpns, etc. In a "commercial" enviroment i see quota as a priority. Quota is needed for cpanel, plesk, ensim to work 1154542107 M * brc_ i offer a web page to my clients 1154542129 M * brc_ Bertl: Any of those firewall solutions available? (client->server iptables) 1154542165 M * Bertl it seems that the providers see that as value-add and do not provide their solutions to the public (yet) 1154542186 M * brc_ As soon as i get the quota script working i will work on that (firewall) 1154542203 M * Bertl brc_: so the reason for having per guest iptables, routing and so on, is purely customer demand, yes? 1154542210 M * brc_ What makes me lazy is ahving to work with C. I prefer using php to parse stuff. dont work with C for years 1154542243 M * brc_ Bertl: Customers want security and autonomy. they want to be able to create firewall rules. In our case, we've had clients been attacked (apache attack) and he needed scripts to filter that. 1154542276 M * brc_ It is like mod_evasive creates a black-list of hosts who are attacking his vserver and firewall rules needs to be created 1154542293 M * brc_ Advanced users usually like to create their own firewall rules 1154542332 M * brc_ Most clients nowadays also want a comercial panel like cpanel, ensim, plesk, etc. All of those panels do need iptables (bandiwth management) and quota to work properly 1154542332 M * Bertl i.c., thanks for the insight 1154542374 M * brc_ We now have one server with XEN so we can offer this kind of clients what they need 1154542382 M * brc_ (commercial panels :) ) 1154542508 M * brc_ So my conclusion is that when vserver gets all that stuff working there will be no point on using other virtualization tecnologies. 1154542527 M * brc_ sorry for flooding the channel :) 1154542537 M * Roey well 1154542539 M * Roey there will be 1154542541 M * Roey and I'll tell you why 1154542558 M * Roey 1) vserver guests all share the same kernel 1154542591 M * Roey so the the admin would still have to keep an eye out for escalation threats 1154542635 M * Roey 2) you can't abstract a vserver into one file on the file system, becaus eyou have to be able to mount it in the host's mounting table. 1154542641 M * Roey and that's annoying for backups. 1154542663 M * Roey 3) vserver can't do snapshots (because guest images can't be done) 1154542682 M * Roey Bertl: stop me when I start going wrong 1154542705 M * brc_ if you have them on a separate partition, can't you have snapshots ? 1154542724 M * Roey Bertl: the two biggest advantages I see of vserver over xen and vmware are that (a) vserver guests cannot change their IP, and (b) vserver guests run at native speeds. 1154542731 M * Roey brc_: from what I wrote, 1154542736 M * Roey 2) you can't abstract a vserver into one file on the file system, becaus eyou have to be able to mount it in the host's mounting table. 1154542745 M * Roey it has to be mounted in the host's mounting table. 1154542756 M * Roey you can't take a snapshot in mid-operation. 1154542766 M * Roey sure you can make an LVM partition 1154542780 M * Roey and you can take snapshots of the guest's partition with that 1154542781 M * Roey however 1154542815 M * Roey but 1154542820 M * Roey it's *so* much ahssle. 1154542822 M * brc_ i though that when a XEN vps was on the image was mounted, so it would be the same as having a vserver on a separate partition. i'm probrably wrong :) 1154542823 M * Roey you have to use lvm. 1154542828 M * Roey you have to make separate partition. 1154542832 M * Roey yada yada yada. 1154542870 M * Roey brc_: wouldn't it be a bad thing (tm) to have two kernels trying to access the same filesystem, don't you think? 1154542893 M * Bertl brc_: it is very similar to have a xen image file and a loopback mounted file for a vserver guest 1154542896 M * Roey maybe 'mounting' for xen means something different than for vservers and the traditional unix definitino of mount. 1154542909 M * Roey Bertl: except that you can't snapshot. 1154542912 M * Bertl although I would not suggest to use loopback files because of the overhead :) 1154542913 M * Roey Bertl: not easily anyway. 1154542938 M * Bertl Roey: hadnling of such files is not different to xen 1154542996 M * Roey but Herbert why would you want to have the host kernel mount a guest virtual server's filesystem when the guest virtual server's kernel may potentially try and write to it? 1154543037 M * Bertl no idea, but it _is_ mounted by the virtual guest no? 1154543103 J * shedi ~siggi@inferno.lhi.is 1154543119 M * Bertl so no differnce to having the fs mounted on the host (and used by the guest) 1154543185 M * Skram Bah.. im trying to decide if I should try Xen on VServer on this new server.. 1154543227 M * Bertl you mean, Linux-VServer on Xen, or Linux-VServer _or_ Xen :) 1154543236 M * Skram _or_ 1154543246 M * Skram I think ill stick with only Linux-VServer 1154543250 M * Roey Skram: if you have vt/pacifica chip, xen 1154543266 M * Roey otherwise there's no point... you still have to modify the kernel, just as you would with vserver. 1154543268 M * Roey the guest kernel. 1154543272 M * Skram yeah 1154543280 M * Roey with vmware and xen-with-pacifica/vt, you don't have to modify the guest at all. 1154543285 M * Skram LinuxVServer! 1154543288 M * Roey of course, vserver is true native speed. 1154543299 M * Roey Skram: you have to modify the guest's kernel to work under vserver. 1154543306 M * Skram Yeah 1154543310 M * Skram I like VServer 1154543335 M * brc_ vserver is good, really fast 1154543336 M * Skram now just gotta wait for the server to be provisioned.. and I am very new at CentOS 1154543336 M * brc_ :) 1154543340 M * Skram Maybe I'll like it 1154543340 M * Bertl Roey: hmm? 1154543350 M * Skram brc_: indeed, why we have stuck with it :)_ 1154543358 M * brc_ dunno :) 1154543373 M * brc_ Skram: snapshot gerenation is something interesting to offer to clients 1154543377 M * brc_ maybe there are some other ways 1154543381 M * Skram brc_: right 1154543388 M * Skram brc_: well, what do you mean 1154543391 M * Skram tarring a vps? sure 1154543397 M * brc_ Why not creating a loopback image, mounting it and rsyncing with /vservers/VSERVER/ 1154543406 M * Skram Hmm 1154543409 M * Roey the problem is 1154543412 M * Roey these things all suck 1154543413 M * Roey honestly. 1154543415 M * Skram explain 1154543422 M * Skram A tar is usually fine.. 1154543425 M * brc_ i mean. the loopback image will be the snapshot 1154543426 M * Bertl dm and snapshot is quite simple, and it works :) 1154543427 M * Roey you either miss out on speed 1154543450 M * Skram Bertl:"dm"? 1154543452 M * brc_ so you mount the image and rsync with the vserver. and there is the snapshot 1154543464 M * brc_ bertl is not giving us the best ways to do this :P 1154543468 M * brc_ what is dm ? 1154543483 M * Roey or you miss out on security 1154543485 M * Bertl dm is what replaced lvm and the old evms (now lvm2 and evms) 1154543511 M * Skram oh meh 1154543530 M * Skram brc_: i dont 100% understand what you mean, and therefore dont see whats so great about your idea 1154543540 M * Skram will you restate it a little more clearly and in one big chunk? 1154543543 M * Skram :) <3 1154543566 M * brc_ Yes. Let me try :) First let's check what our point is. We want to offer our clients a imagem of their vserver, right ? 1154543638 M * Roey arg 1154543638 M * Roey lvm 1154543641 M * Roey what a ripoff. 1154543649 M * Skram brc_: right.. 1154543654 M * Roey if lvm goes, all your lvm partitions go. 1154543667 M * Roey it's not like sun's zfs, where snapshotting is built right into the filesystme. 1154543678 M * Roey xfs that does snapshots would be a nice thing. 1154543685 M * brc_ Ska: Ok. Let's say it is user "brc". We create a brc_snapshot.img with dd, format it with ext2. Now we have an empty fs. 1154543706 M * Roey that's what depresses me about computers, is that PCs are only thinking about things now that have been solved for decades now (like on mainframes, for example) 1154543711 M * Roey like virtualization 1154543722 M * Roey and dynamic CPU/memory repartitioning. 1154543735 M * brc_ Skram: User requests first snapshot. Image is mounted on /tmp/brc and we run rsync. rsync will make /tmp/brc the same as /vserver/brc. When the proccess ofr rsync finished we umount /tmp/brc and brc.img is the snapshot. 1154543736 M * Bertl well, this is how I see it: Linux-VServer is for the smart people, who know what they want and what they are doing, who understand (or at least try to understand) the mechanics behind this kind of virtualization 1154543748 M * Bertl while Xen or VMware is more for the masses 1154543760 M * brc_ Skram: Second time user requests snapshot, image is mounted again. Rsync is smart and will only copy new fles, removing old ones. New snapshjot will be done in seconds. 1154543762 M * brc_ What you think ? 1154543770 M * Bertl just put in the SuSE install disk and select 'Xen server' :) 1154543788 M * matti :P 1154543789 M * Skram Bertl: *lol* yeah 1154543795 M * romke rotfl 1154543810 J * FireEgl ~FireEgl@Atlantica.CJB.Net 1154543813 M * Skram brc_: I kind of understand.. Our Node that I usually work on is using LVN, eww 1154543830 M * Skram brc_: i dont totally know what you mean by mount /tmp/brc 1154543834 M * Skram something to look into.. 1154543854 M * brc_ let me try again... maybe i am not clear. do you know rsync ? 1154543859 M * Skram yes 1154543859 M * Bertl while I have to agree that 'mass' hosting (or vpn providing as it is called nowadays) is a major application for Linux-VServer ... there is much more you can do with it :) 1154543871 M * Skram Bertl: Indeed 1154543928 M * Bertl for example, when I want to restrict my wossname service to some ips, I can simply to that with basically no overhead, show me how to do that with Xen ... 1154543933 M * Roey brc_: 1154543939 M * Roey brc_: I think that rsync would be disastrously slow. 1154543948 M * brc_ Skram: Ok. so it is like. User requests snapshot , his vserver is at /vserver/brc. On the first time he requested we do: dd if=/dev/urandom of=/tmp/brc.img size=VSERVER_SIZE ; mount /tmp/brc.img /tmp/brc -o loop ; rsync /vserver/brc /tmp/brc ; umount /tmp/brc -> Client can now download brc.img, the snapshot 1154543952 M * Roey why do you need to parse the guest's file tree ir you're just backing it up? 1154543959 M * Roey better to just copy the entire image. 1154543973 M * Skram brc_: i dont use dd 1154543974 M * brc_ You didn't get the point. first time will be slow 1154543976 M * Skram but i get the idea 1154543980 M * brc_ second time will be faster 1154543983 M * brc_ Now on the second time: 1154543985 M * Skram brc_: i get the rsync implentation.. yeah 1154544000 M * brc_ mount /tmp/brc.img /tmp/brc -o loop; rsync /vserver/brc /tmp/brc ; umount /tmp/brc 1154544006 M * brc_ See we didn't create the image again 1154544010 M * Bertl rsync of an average guest will take a few seconds (if done every day) 1154544015 M * Roey brc_: but you nkow what 1154544019 M * brc_ we just mounted it and rsync synced it with the vserver tree 1154544021 M * Roey it's just extra hassle. 1154544041 M * Skram brc_: put this on the wiki.. so we dont have to parse irc logs and we can show others... :) 1154544042 M * Roey with vmware, you can treat the image snapshot as a file (because it is just a file). 1154544050 M * brc_ I see that as a good alternative, but in my case it would need too much extra DISK space. 1154544064 M * Skram brc_: Right 1154544071 M * Roey brc_: what does disk space matter when the host is only a max of eight gigs or so large? 1154544073 M * Bertl Roey: with linux, you can do the same, no? 1154544074 M * brc_ Never used wiki, do you think it is a good idea? Should i really add it? What do you think bertl ? 1154544090 M * Roey if you get a 400-gig disk, you can store fifty of those images. 1154544092 M * Roey yeah. 1154544093 M * Roey *yeay 1154544094 M * Roey big deal. 1154544120 M * Skram brc_: it could just be a stub.. for you, me, and other to add on, maybe make a script to automate it, etc. 1154544127 M * brc_ true. i would get a drive just for backups and use a compressed FS 1154544131 M * Skram i say go for it, brc_ 1154544134 M * brc_ for snapshots 1154544137 M * Skram Yeapps 1154544152 M * Bertl brc_: feel free to do so (adding a wiki page), but add comments and use the preview :) 1154544176 M * Skram http://linux-vserver.org/Snapshots_brc?action=edit 1154544191 M * Skram (for example_ 1154544259 M * brc_ ok going to add it now 1154544266 M * Skram Right on 1154544280 M * Skram I will look at it later, think, try, and maybe write a script or two, we'll see 1154544293 M * brc_ Can i write something i have not tested ? 1154544306 M * Skram yeah.. just say you havent tested it.. 1154544310 M * Skram or, why dont you test it 1154544331 M * brc_ i will but i don't have much time 1154544338 M * brc_ i want to implement that, going to add it maybe there are new ideas 1154544344 M * Skram ok 1154544406 M * brc_ I am on www.linux-vserver.org how do i go to the wiki? Should i just do http://linux-vserver.org/Snapshots?action=edit 1154544407 M * brc_ ? 1154544429 J * coocoon ~coocoon@p54A07675.dip.t-dialin.net 1154544572 M * brc_ skram i am doing a script, wanna try out the script ? 1154544583 M * brc_ btw, how do you create the .IMG without dd? 1154544682 M * Skram i dont know 1154544685 M * Skram brc_: not yet 1154544702 M * brc_ ok 1154544703 M * Skram brc_: yes to going to http://linux-vserver.org/Snapshots?action=edit 1154544708 M * brc_ ok doing it 1154544711 M * Skram right on 1154544717 M * Skram ill be back in a bit 1154544755 M * brc_ ok 1154545039 Q * romke Quit: leaving 1154545505 Q * DreamerC Quit: leaving 1154545516 J * pisco ~pampel@p50879867.dip0.t-ipconnect.de 1154545534 P * pisco 1154545654 M * Skram okie dokies 1154545655 J * DreamerC ~dreamerc@59-112-27-53.dynamic.hinet.net 1154545662 M * Skram brc_: what did you call the page, for my future reference 1154545703 M * Bertl http://linux-vserver.org/Snapshots 1154545729 M * Skram o ok, he must be deciding to re write it or something 1154545733 M * Skram (no rush, of course) 1154545910 M * brc_ i am first creating it on a .txt 1154545917 M * brc_ and then i will send to the wiki 1154545920 M * brc_ and creating a script 1154545923 M * brc_ it will be kinda automated 1154545924 M * Skram right on 1154545926 M * Skram cool 1154545927 M * Skram brb 1154545954 M * matti Wonka: Thanks for the hint mate. 1154545963 M * matti Wonka: I made it manually. And it works fine now. 1154545983 M * Roey matti: there is an israeli singer 1154545985 M * Roey mati caspi 1154545986 M * Roey very famous 1154545988 M * Roey very good 1154545990 M * Roey just fyi. 1154546004 M * Wonka np :) 1154546016 M * matti ;p 1154546018 M * matti Roey: :) 1154546020 M * Roey :) 1154546031 M * Roey I've always like that name, mati 1154546033 M * Roey and tomer 1154546039 M * Roey maybe I'll name my children mati & tomer 1154546042 Q * KantankerousKid Ping timeout: 480 seconds 1154546062 M * matti ;] 1154546068 M * Roey and gal 1154546073 M * Roey or gili for a girl actually 1154546075 M * Roey woohoo 1154546076 M * Roey gili 1154546084 M * Roey oh, you're in poland. 1154546091 M * Roey dobry wiezcor :) 1154546095 M * Bertl hmm, seems we are heading #offtopic :) 1154546114 A * Roey excels at that, unfortunately :( 1154546144 A * matti too :( 1154546146 M * matti Sorry. 1154546147 M * matti :< 1154546149 M * brc_ the script is smaller than i though 1154546193 J * KantankerousKid ~blah@154.35.1.12 1154546259 M * matti Bertl: BTW, is "disabling barriers" messages quite normal for dm and md devices/filesystems? 1154546343 M * Bertl google thinks so :) 1154546399 M * brc_ What is the easiest and fastest way of creating a ext2 or ext3 .IMG 1154546416 M * brc_ dd and mkfs.ext2 ? 1154546435 M * Bertl yep 1154546460 Q * schimmi Quit: Verlassend 1154546650 J * romke ~romke@procyon.romke.net 1154546912 M * brc_ bertl, should i get if from /dev/urandom? Any faster place ? 1154546927 M * brc_ i mean "dd if= 1154546928 M * brc_ " 1154547116 M * Bertl brc_: usually /dev/zero is fine :) 1154547131 M * Bertl especially if you want to compress it lateron ... 1154547384 M * brc_ The script is almost done, just testing it 1154547400 M * brc_ I would be glade if the quota tests were so easy as this one :) 1154547402 M * brc_ glad 1154548325 M * brc_ done 1154548336 M * brc_ snapshot script is beautifull. hehehehe 1154548520 M * brc_ done 1154548526 M * brc_ How do i get to that link from the site ? 1154548656 M * brc_ hmm this wiki stuff destroyed my shell script comments 1154548667 M * brc_ well the script is there and wroking if soemone wanna give it a shot 1154548864 J * ntrs_ ~ntrs@207-119-216-114.dyn.centurytel.net 1154548890 M * Skram oh 1154548893 M * Skram hmm 1154548915 M * Skram uno momento 1154548940 M * brc_ If you wanna copy and paste it better to "EDIT DOCUMMENT" on wiki else the shell script will be completly broken 1154548947 M * Skram brc_: fixed. 1154548951 M * Skram well, fixing.. 1154548957 M * Skram ill tell you when its saved 1154548971 M * Skram slow... 1154548978 J * ntrs__ ~ntrs@207-119-222-200.dyn.centurytel.net 1154548988 M * Skram http://linux-vserver.org/Snapshots better? 1154548997 M * Skram ill fix the bullet as well.. 1154549041 M * brc_ Much Better! :) 1154549118 M * Skram why keep them in /tmp/ (by default)? 1154549238 Q * ntrs Ping timeout: 480 seconds 1154549275 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1154549298 M * Bertl wb ntrs! 1154549345 Q * ntrs_ Ping timeout: 480 seconds 1154549352 M * Skram brc_: still around? 1154549443 M * brc_ ye 1154549444 M * brc_ yes 1154549445 M * brc_ i am here 1154549446 M * Skram hmm 1154549459 M * Skram maybe ill real quick make a vps.. then see what happens 1154549478 M * Skram ill use a real live one actually 1154549487 M * Skram see, i am using resierfs and lvm right now.. 1154549495 M * brc_ ok create a small one so you can see the resuts faster 1154549499 M * brc_ results 1154549507 M * Skram i see it makes it for ext2 1154549509 M * brc_ The dumbest part of this script is the VSERVER_SIZE argument 1154549509 M * Skram what does that mean for me? 1154549517 M * brc_ the created snapshot uses ext2 1154549517 M * Skram brc_: right.. i noticed 1154549535 M * brc_ doesn't have to do with the fs you are actually using 1154549548 M * Skram hwo would i restore or "unpack" the .img then? 1154549554 M * Skram im just talking theoritically 1154549610 M * Skram hercules debian-dev # tar -xvf /nas/2/templates/debian/debian3.1-base_ssh.tar.gz 1154549613 M * Skram woops 1154549619 M * Skram ill see what happens 1154549635 M * brc_ no 1154549639 M * brc_ to restoer you would 1154549647 M * brc_ mount IMAGE_FILE /mnt -o loop 1154549655 M * brc_ rsync /mnt/ /vservers/vserver_name 1154549658 M * brc_ umount /mnt/ 1154549663 M * Skram no, that command was to unpack my stock image 1154549665 Q * ntrs__ Ping timeout: 480 seconds 1154549668 M * Skram hmm okay 1154549671 M * brc_ Got it ? 1154549678 M * brc_ If i have time i will fix the script for that 1154549684 M * brc_ maybe having the .img gzipped would also be nice 1154549694 M * Skram meh 1154549720 M * Skram hercules debian-dev # du -sh /vservers/debian-dev/ 1154549720 M * Skram 161M /vservers/debian-dev/ 1154549720 M * Skram hercules debian-dev # ./bruce.sh get-e 1154549721 M * Skram hercules debian-dev # sh /bruce.sh get-e 161 1154549722 M * Skram right? 1154549734 M * Skram (this is the initial image that will be made) 1154549992 M * brc_ yes! 1154549996 Q * lilalinux Remote host closed the connection 1154550081 M * Bertl okay, off for now ... will be back later this evening! 1154550085 M * brc_ cya bwertl 1154550085 N * Bertl Bertl_oO 1154550152 M * Skram peace, Bertl_oO 1154550246 M * brc_ skram tried the script out and it works so you are all welcome to test it :P 1154550257 M * Skram heh 1154550264 M * Skram yeah.. good thing it didnt bork this box 1154550276 M * Skram thing is, this doesnt compress or anything 1154550294 M * Skram /vservers/snapshots/debian-dev.img on /vservers/debian-dev2 type ext2 (rw,loop=/dev/loop0) 1154550313 M * Skram so when restoring.. one should mount it.. copy files to the /vserver/VSERVER/ directory, and unmount.. brc_ ? 1154550360 M * brc_ to restore just do this: 1154550375 M * brc_ mount IMAGE_FILE /mnt ; rsync /mnt /vservers/VSERVER/ 1154550381 M * brc_ umount /mnt/ 1154550385 M * brc_ I should add this to the script 1154550389 M * Skram hmm yeah 1154550395 M * Skram ill add it to my own in a little bit 1154550395 M * brc_ I dont know if it is possible to mount a compromssed image 1154550402 M * Skram yeah 1154550406 M * Skram not really needed 1154550408 M * brc_ so we could gzip or bzip2 the image, and mount it gziped 1154550411 M * Skram SNAPSHOT_MOUNT_DIR=/tmp/snapshots_mounted 1154550412 M * Skram # Where are snapshots going to be stored? 1154550412 M * Skram SNAPSHOT_DIR=/nas/2/vserver-snapshots 1154550412 M * Skram # Vserver 1154550414 M * Skram VSERVER_DIR=/vservers/ 1154550416 M * Skram damn it 1154550417 M * brc_ it would be smarter. 1154550419 M * Skram wrong place to post 1154550444 M * brc_ Not using lot of space .. 1154550451 M * brc_ Now i am wondering how to create snapshots like 1154550459 M * Skram it uses the exact same amount as the running vps 1154550459 M * brc_ snapshot-2006-08-02, etc, without using much space 1154550473 M * Skram you mean like, each one only has the changes from last time? 1154550480 M * brc_ yeah 1154550487 M * brc_ bud i would liek to have that not consuming much disk space 1154550490 M * brc_ just consuming the changes 1154550496 M * Skram have fun 1154550499 Q * zkbrsnie 1154550503 M * brc_ i already have that but not in a image snapshot style 1154550508 M * Skram right 1154550515 M * brc_ i have a backupserver with all backups from last 7 days 1154550520 M * Skram right on 1154550535 M * Skram see, i dont think the default for the script should put snapshots in /tmp/ 1154550546 M * Skram many people clear /tmp or reboot their system, etc. 1154550548 M * Skram whatever 1154550556 M * brc_ I will fix that and add the restore stuff 1154550565 M * brc_ first i am thinking about the incremental stuff. 1154550566 M * brc_ :) 1154550569 M * Skram yeah 1154550575 M * Skram well, i think there should be different scripts 1154550594 M * Skram im adding to your current one, update me if you do anything crazy.. ill upate you in the same way 1154550755 M * brc_ ok 1154550759 M * brc_ i will keep the wiki updated 1154550773 M * Skram im making changes.. so it restores 1154550781 M * brc_ two scripts? What i find bad of having 2 scripts are the configs 1154550794 M * Skram meh 1154550809 M * Skram i find it easier.. less arguments.. no way to get mixed up, if you ask me 1154550841 M * brc_ true 1154550849 M * brc_ are you doing the restores on a different one ? 1154550853 M * Skram yes 1154550870 M * Skram i called the original vserver-snapmake 1154550877 M * Skram callign restore, vserver-snaprestore 1154550886 M * Skram just me and my crazy self, maybe 1154551029 M * brc_ hehe cool 1154551031 J * DreamerC_ ~dreamerc@59-112-7-191.dynamic.hinet.net 1154551087 M * Skram brc_: want me to pm you my restore stuff? its VERY simple.. 1154551102 M * brc_ It is another script ? 1154551104 M * Skram yes. 1154551112 M * brc_ Is it possible to add to the wiki ? 1154551116 M * Skram sure 1154551117 M * Skram in a bit 1154551118 M * brc_ ok 1154551384 M * Skram what do you mean by resize snapshot? 1154551398 Q * DreamerC Ping timeout: 480 seconds 1154551469 M * brc_ for example 1154551472 M * brc_ the vserver has 161MB 1154551478 M * brc_ your snaphost image file has 161MB 1154551483 M * brc_ now the vserver is using 300MB 1154551487 M * Skram right 1154551491 M * brc_ We need to resize the snapshot 1154551497 M * Skram how is this done? 1154551500 M * brc_ Not hard to automate this 1154551510 J * ntrs_ ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com 1154551510 M * Skram i dont think we should let the user tell how big it is 1154551514 M * Skram just use like du -sh 1154551514 M * brc_ well we need to append to the end of the image 000000 until it reaches the desired size 1154551516 M * Skram or whatever 1154551522 M * Skram oy 1154551528 M * brc_ then e2fsck -v -y 1154551531 M * brc_ and then resizefs 1154551538 M * brc_ and it will have the nwe size 1154551545 M * brc_ dont know if it is possible to resize it to a smaller size 1154551547 M * Skram you cant just resizefs? 1154551552 M * brc_ hmm 1154551554 M * brc_ dont know resizefs 1154551562 M * brc_ dont know if it can do it 1154551565 M * Skram well, i thought it existed 1154551565 M * Skram heh 1154551566 M * Skram okay 1154551573 M * Skram see, thats the part that makes this.. not so good :) 1154551593 M * brc_ yeah it exists but i dont thjink it will resize the image itself 1154551607 M * brc_ There are some ways of doing this 1154551611 M * Skram Just out of curiousity, what do you use for yur "Painel De Controle"? In-house made? 1154551617 M * brc_ people who use XEN VPS with images have to resize the vps lot of times 1154551623 M * Skram right 1154551623 M * brc_ have you checked out the site ? 1154551630 M * brc_ Yeah in-house 1154551637 M * Skram Pretty cool 1154551661 M * Skram very nice.. 1154551693 M * brc_ gave some work :) 1154551722 M * brc_ i mean, lot of work it gave us :) 1154551729 M * Skram yeah 1154551744 M * Skram does it use an api that you all wrote to communicate or all shell commands, etc.? 1154551789 M * brc_ Shell commands, semaphores, etc. the firewall module was the one that gave more work 1154551798 M * brc_ due to semaphores and verifications 1154551801 M * brc_ but we coded it in a dumb way 1154551815 M * Skram its not open to the public to give a look anywhere.. is it? 1154551821 M * brc_ I hope to have time to code a "iptables" shell command which will be a client connectiong to a daemon running in the host 1154551842 Q * ntrs Ping timeout: 480 seconds 1154551847 M * brc_ No, there are even some bugs on the codes which are been fixed. if it was open we were ruined :P 1154551855 M * brc_ i mean security flaws 1154551866 M * Skram brc_: so a vps customer can add a rule for their vps/ip to the host's instance of iptables 1154551875 M * brc_ yeah, making it in a transparent way 1154551880 M * brc_ as if the rules were on his vserver 1154551885 M * Skram oh.. id be very interested in checking it out.. but i guess that wouldnt be good for you all's business 1154551893 M * brc_ Why ? 1154551897 M * Skram i dont know 1154551907 M * Skram well, you just said you wouldnt release the code 1154551913 M * Skram you all spent the time on it 1154551915 M * brc_ Ahh.. the iptables command i want to release 1154551936 M * Skram i am an up and coming php/shell/whatever programmer.. always looking for a good project w/ real people to work on 1154551940 M * Skram ;\ 1154551978 M * brc_ Do you code C ? 1154551982 M * Skram No 1154551984 M * brc_ Do you wanna help me in this iptables stuff ? 1154551986 M * Skram I could learn :P 1154552000 M * brc_ what i really need working right now is iptables and quota 1154552000 M * Skram heh.. sorry I dont know much if anything significant regarding C code 1154552003 M * cehteh mhm 1154552005 M * Skram yeah 1154552009 M * brc_ i had to move some customers to XEN because they need quota and iptables 1154552013 M * brc_ it is bad to work with two tecnologies 1154552022 A * cehteh would like someone who helps him with his extension language 1154552045 M * cehteh implemented in C .. but a lot Doc'ing and such needs to be done 1154552047 M * brc_ The iptables daemon could be coded using PHP buti guess it would be really CPU consuming , so , not worth it 1154552059 M * Skram brc_: right 1154552077 M * Skram i thought you were talking about just a web-interface for iptabes and customers 1154552132 M * brc_ we already have this interface but we found that it is not really usefull 1154552138 M * brc_ for advanced users 1154552143 M * cehteh firehol.sf.net not a webinterface .. but if you want to make a webinterface then use that as backend instead present a customer just clickable iptables 1154552146 M * brc_ there are some people who need real-time response to attacks 1154552169 M * brc_ and they need iptables to work inside vps 1154552197 M * cehteh brc_: almost doable 1154552206 M * brc_ How ? 1154552243 M * cehteh means iptables are maintained from the root-server but it creates a sub-table for each vserver and letso only packets designed for it into that 1154552255 M * brc_ that's what i need 1154552266 M * brc_ Is that a chain for each vserver ? 1154552300 M * cehteh then you have a iptables definition script inside the vserver and watch that file if the user alters it then the root server reloads it 1154552306 M * Skram Vudumen: you wrote PanelVirtua? 1154552308 M * cehteh yes chain, not table it meant 1154552310 M * Skram I meant to say brc_ 1154552324 M * cehteh brc_: and really look at fireho.sf.net ;) 1154552426 M * brc_ is that at fireho.sf.net ? 1154552443 Q * mire Quit: Leaving 1154552444 M * brc_ firehol.sf.net 1154552503 M * cehteh ye 1154552504 M * cehteh s 1154552599 M * cehteh eh no firehol is only a very smart iptables builder (kindof expert system, not just yet another iptables language) which makes me like it 1154552617 M * cehteh but you can certainly easily extend it in the way i told 1154552635 M * Skram there isnt a faster way of finding the size of the /vserver/vserver folder (as needed for brc_'s script) then doing a du on it.. is there? 1154552640 M * cehteh if you cant do it, you can ask me .. i would like to be contracted for such a job :P 1154552658 M * brc_ Skram: Maybe getting it from vdlimit? 1154552677 M * Skram never heard or used that 1154552678 M * Skram heh 1154552679 M * brc_ cehteh: Do you wanna help coding the iptables "clients" inside the vserver ? 1154552688 M * brc_ vdlimit is used to set the disk limits for each vserver 1154552695 M * Skram blah 1154552701 M * Skram i dont think my filesystem even supports that 1154552717 M * brc_ Bertl probrably knows an easy way 1154552719 M * brc_ faster than du 1154552719 M * brc_ :) 1154552723 M * Skram Bertl_oO: <3 1154552861 M * cehteh brc_: i could do that 1154552983 M * brc_ cool so let's work together :) 1154553101 M * cehteh wel actually i am busy and i would like such since it is often asked but i dont really need it now .. 1154553171 M * cehteh the question is more if your are working for a some company could it be funding such work a little bit? 1154553476 M * brc_ what does funding mean? Sorry but i am not a native English speaker. 1154553483 M * Skram money 1154553489 M * Skram like you pay cehteh to helo you al 1154553496 M * brc_ Don't know anyone who would pay 1154553503 M * brc_ but i am sure i could have that done myself . help would be appreciated. 1154553669 M * cehteh brc_: well i just dont know for what you need this and who employs you ... 1154553713 M * cehteh i considered to do such a thing too some day .. but if some company needs it urgently i could do it earlier/faster if they pay for it 1154553743 M * cehteh but if you also only work on your own you can ask me for help 1154553794 Q * dna Quit: Verlassend 1154554227 M * Skram brc_: you be around for a couple of minutes/ 1154554291 M * brc_ back 1154554295 M * brc_ i am working so i get away sometimes :) 1154554322 M * brc_ cehteh: i am going to work on my own on this project 1154554516 M * brc_ not for a company 1154554518 M * brc_ help is appreciated 1154554527 M * brc_ I just gotta finish some quota test scripts for bertl 1154554528 M * brc_ before this.. 1154554971 M * brc_ can you check that? hehee 1154554973 M * brc_ oops 1154554978 M * Skram ? 1154555146 P * stefani I'm Parting (the water) 1154555252 M * brc_ it was meant to be a pvt 1154555260 M * Skram o 1154555324 M * Skram hey.. isnt the general rule that a server have twice as much swap as it has RAM? 1154555432 Q * bonbons Quit: Leaving 1154555492 J * Aiken ~james@tooax6-087.dialup.optusnet.com.au 1154555816 P * SJr 1154556012 M * cehteh Skram: not really 1154556016 M * Skram oh 1154556024 M * Skram im the crazy one in that case 1154556031 M * cehteh it was ages ago ... when you only had 128MB ram 1154556035 M * Skram hehe yeah 1154556049 M * cehteh today i would rather consider what the server has to do 1154556059 M * Skram yeah 1154556076 M * cehteh for a big database for example i would disable swap completely and give it (G ram or whatever ;) 1154556081 M * cehteh 8G 1154556132 M * cehteh generally you dont want to start swapping anyways .. 1154556211 M * cehteh setting swappiness to 0 and have as much swap as you have ram is for 1G+ machines prolly ssufficent .. well if you run a lot of vservers it might be diffrent 1154556214 M * doener yep, swapping is useful only too avoid the OOM killer, better adjust your setup to need only as much of swap to survive an unexpected increase in memory usage (stupid php scripts can easily kill gigs of mem though) 1154556226 M * doener s/too/to/ 1154556229 Q * insomniac Remote host closed the connection 1154556258 M * cehteh swap dosent really prevent the oom killer always .. even if enough swap is available 1154556289 M * doener I wondered why a server's apache processes kept using 400 Megs of ram... turned out that there was a php script that did "SELECT * FROM foo", where foo is a 400MB MySQL table 1154556298 M * cehteh ;) 1154556302 M * doener memory limits don't work for the result buffering... 1154556309 M * doener (php's memory limits that is) 1154556332 J * blues^ blues@blysk.ds.pg.gda.pl 1154556372 Q * blues Read error: No route to host 1154556481 J * insomniac ~insomniac@slackware.it 1154556616 Q * romke Read error: Connection reset by peer 1154557234 M * cehteh better ulimit a vserver and run a 'and' :) 1154557973 Q * meandtheshell Quit: bye bye ... 1154559520 Q * KantankerousKid 1154563072 M * Skram woo hoo kernel on new system booted..im worried about the old one though 1154563145 M * Skram chbind failed! 1154563145 M * Skram Linux 2.6.17.7-vs2.0.2-rc27 #1 SMP Wed Aug 2 17:23:53 CDT 2006 i686 1154563145 M * Skram Ea 0.30.210 273/glibc (DSa) 1154563146 M * Skram VCI: 0002:0001 273 03008036 (TbLgnP) 1154563149 M * Skram oh fook