1159315335 M * daniel_hozac oh, i get it.
1159315364 M * mugwump hardcoding /usr/sbin/fai, you mean?
1159315399 M * daniel_hozac no, the string comparisons match anywhere in the path, it's not a direct match.
1159315468 M * mugwump wow.  I've got an rm -rf that's been running for, like, an hour
1159315482 M * daniel_hozac how much is it removing?
1159315501 M * doener deep directory hierarchy?
1159315502 M * mugwump >3G of unpacked kernel git repo
1159315512 M * mugwump not deep at all
1159315514 J * svenssom ~svn@200.167.29.207
1159315517 M * mugwump but a LOT of inodes :)
1159315561 M * mnemoc that's why i love reiser4 :p
1159315618 M * mugwump reiser4... now loses your files AND your ex-wife
1159315630 M * daniel_hozac hahaha.
1159315639 M * mnemoc :D
1159315644 M * Bertl lol
1159315718 M * daniel_hozac mugwump: am i parsing it correctly that you're basically setting it up from the inside?
1159315777 M * mugwump yes; you mount the "nfsroot" as /, and the "target" as /tmp/target
1159315802 M * mugwump then just let /usr/sbin/fai (linked from /etc/init.d/rcS) go
1159315824 M * mugwump the script detects running in a virtual environment by the absence of /proc/cmdline
1159315830 M * daniel_hozac ok, cool.
1159315852 M * mugwump (which I found wasn't always guaranteed to be there on a real, vanilla kernel.  go, procfs)
1159315865 M * daniel_hozac hehe.
1159315923 M * daniel_hozac well, i'll continue cleaning it up tomorrow... i'm gonna get some sleep now. good night!
1159315966 M * mugwump cool, g'night!
1159316108 M * doener mugwump: are about 550000 inodes enough for a comparison?
1159316174 M * mugwump ok, so each of the 256 object directories had ~11MB of files
1159316187 M * mugwump in addition to the >200MB packfile
1159316271 M * mugwump if we estimate an average of 5k per object, that's about the same - 550k inodes.
1159316301 M * mugwump however the average might have been a lot smaller due to tree objects, 1k average would give 2.6M inodes :)
1159316302 M * doener ok, let's see... took 4 seconds for empty files
1159316321 M * mugwump real    87m33.263s
1159316349 M * doener actually, I expected to hit enter after typing the three dots, but then rm finished ;)
1159316377 M * doener mugwump: is there an easy way to reproduce your tree?
1159316424 M * mugwump sure, use git-clone to pull Linus' tree, then git-fetch every single branch of every single tree on kernel.org/git
1159316436 M * mugwump actually I ran out of disk space before I got that many
1159316443 M * mugwump which led to a badly borked repo
1159316524 M * mugwump and I only got up to about j in the trees :)
1159316546 M * mugwump lesson: unless you have unlimited disk space, git-repack && git-prune-packed every few branches
1159316611 M * doener did you fetch them manually, or using some script? "copying" all the urls seems tedious
1159316644 M * mugwump a script, it's not very complicated
1159316675 M * mugwump you just need to make sure you do, eg: git-fetch git://.../blah headname:refs/heads/branch_prefix_headname
1159316734 A * doener is happy to know how to use "pull", "status" and "diff"
1159316751 M * mugwump pull is just fetch+merge
1159316792 M * mugwump or fetch+fastforward, if no merging is necessary
1159316824 M * doener I once tried to have a local branch and somehow messed up the upstream stuff, pulls failed, files were missing... I just went and did a new clone
1159316853 M * doener then I decided to not touch it again until I find time to read some manual...
1159316944 P * svenssom Leaving
1159317778 M * mugwump yeah I've had the internals explained to me a couple of times now by some fairly core devs, so I'm a bit more comfortable with it
1159318366 M * doener mugwump: btw, didn't you experiment with "clean" namespaces some time ago (about a year?), too?
1159318418 M * doener ok, two years...
1159318644 M * doener mugwump: found your wishlist :) http://www.paul.sladen.org/vserver/archives/200411/0037.html
1159318669 M * doener mugwump: does this sound like a step in that direction? http://people.linux-vserver.org/~doener/double_namespace_setup.txt
1159318687 M * doener mugwump: what additionally would you like to have?
1159318759 M * doener (vserver-in-vserver is out of the question atm)
1159318774 M * Bertl is it?
1159318817 M * doener at least for the namespace clone-and-cleanup without permissions and as far as I'm concerned
1159318831 M * Bertl k :)
1159318916 M * doener and especially the "magical" part is more Bertlish than doenerish
1159319340 M * Bertl so I have to do all the magic then? :)
1159319499 M * doener daniel_hozac will probably help with that, vserver userspace is black magic ;)
1159319767 M * doener anyway, off to bed *yawn* have a good one!
1159319827 Q * gerrit_ Ping timeout: 480 seconds
1159319950 M * Bertl doener: good night!
1159320243 M * Bertl guess I'm off to bed too ... have a good one everyone! cya!
1159320252 N * Bertl Bertl_zZ
1159320267 M * [PUPPETS]Gonzo Confirm E-mail address
1159320267 M * [PUPPETS]Gonzo From Linux-VServer
1159320267 M * [PUPPETS]Gonzo Jump to: navigation, search
1159320267 M * [PUPPETS]Gonzo Invalid confirmation code. The code may have expired. 
1159320275 M * [PUPPETS]Gonzo :-|
1159320356 M * mugwump doener: heh, that's an old list :)
1159320389 M * [PUPPETS]Gonzo funny, two mails came, second one was ok
1159320802 M * mugwump doener: doesn't adding "namespace" to /etc/vservers/xxx/flags do all of the stuff you mention?
1159320872 A * mugwump keeps reading
1159320943 M * mugwump oh, I see, you want to have a namespace that you can make mounts in from outside the vserver
1159321221 A * mugwump hmms
1159321242 M * mugwump I think the biggest confusion is that changes to the namespace inside the vserver are not reflected outside
1159321272 M * mugwump I guess that intermediate namespace would give you a place where you can have the host namespace *and* the vserver namespace
1159321276 M * mugwump but, you still have to change into it
1159321347 M * mugwump however I see why this is useful
1159321394 M * mugwump you could get away with one über-namespace per host, I guess
1159321421 M * mugwump (NS2 in your layout - sees mounts of both host and guest)
1159321449 M * mugwump and people that prefer it can make the host run in NS2 and forget NS1
1159323217 J * gerrit_ ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1159323228 Q * ensc Killed (NickServ (GHOST command used by ensc_))
1159323238 J * ensc ~irc-ensc@p54B4DB57.dip.t-dialin.net
1159323768 Q * Piet Ping timeout: 480 seconds
1159324173 J * Aiken__ ~james@tooax6-109.dialup.optusnet.com.au
1159324500 Q * Aiken Ping timeout: 480 seconds
1159328709 Q * Aiken__ Quit: Leaving
1159334130 J * Aiken ~james@tooax8-205.dialup.optusnet.com.au
1159335683 N * nokoya nokoya953
1159335688 N * nokoya953 nokoya
1159336448 Q * s0undt3ch Server closed connection
1159336450 J * s0undt3ch ~s0undt3ch@82.155.69.211
1159336555 Q * derjohn Server closed connection
1159336565 J * derjohn ~derjohn@80.69.37.19
1159338144 J * zkbrsnie ~zkbrsnie@83-64-146-226.klosterneuburg.xdsl-line.inode.at
1159338307 J * meandtheshell ~markus@85-124-37-92.dynamic.xdsl-line.inode.at
1159338331 Q * zkbrsnie 
1159338341 Q * _are_ Ping timeout: 480 seconds
1159338411 J * s0undt3ch_ ~s0undt3ch@bl7-243-185.dsl.telepac.pt
1159338507 J * zkbrsnie ~zkbrsnie@83-64-146-226.klosterneuburg.xdsl-line.inode.at
1159338512 Q * derjohn2 Ping timeout: 480 seconds
1159338516 J * derjohn2 ~aj@dslb-084-058-198-084.pools.arcor-ip.net
1159338758 J * dna_ ~naucki@211-215-dsl.kielnet.net
1159338837 Q * s0undt3ch Ping timeout: 480 seconds
1159338837 N * s0undt3ch_ s0undt3ch
1159339714 M * doener mugwump: yep, a setup with NS2(host)/NS3(guest) only is easily possible, NS1 is just for those folks that prefer a clean host namespace
1159339734 M * mugwump right
1159339746 M * doener the current namespace approach offers nothing else, just a clean host namesapce
1159339753 M * doener s/sapce/space/
1159339767 M * mugwump I think your idea is good; I've certainly run into this problem
1159339850 M * mugwump so, if you unmount things in the root namespace, they'll also unmount in the NS2, right?
1159339862 M * doener yep
1159339869 M * mugwump what if I unmount the vserver's root ?
1159339915 M * doener the vserver is running on a bind mount of the mount the vserver is on
1159339934 M * doener so what you cannot even see that mount in the host namespace
1159339986 M * mugwump I mean, say that /vservers/cheese is its own filesystem
1159339992 M * mugwump and I unmount that in NS1
1159340009 M * mugwump which rule wins, the one that says NS2 gets umounts from NS2, or the one that says it gets mounts from NS3?
1159340015 M * doener both
1159340023 M * doener :)
1159340039 M * doener on step in the setup process is: mount --bind /vservers/cheese /vservers/cheese
1159340050 M * doener the original mount is what NS1 and NS2 see
1159340057 M * doener the bind mount is what NS2 and NS3 see
1159340065 M * mugwump ok, so the 'underlying' mount disappears
1159340075 M * mugwump sneaky
1159340137 M * doener what might cause problems is that the mainline shared subtree stuff introduce some limits on what you can do with such marked mounts, to avoid loops
1159340189 M * doener so we might need some special handling there, but if we have that single NS2 stored in the kernel, it should be relatively easy to adjust the code
1159340212 M * matti :)
1159340214 M * matti Hi doener :)
1159340219 M * doener morning matti 
1159340226 M * matti What's up?
1159340245 M * doener call 0xc0ffee
1159340337 M * doener oh, and my flu is omnipresent...
1159340657 M * meandtheshell doener: hi there - I do have a question about "bind mount" - is this, every context has its own mount ... so for n guests we do have n bind mounts. Is this correct?
1159340697 M * doener in the proposed setup, yes.
1159340825 M * meandtheshell ok - I see - have you bookmarked some URL that explains that a bit - if already looked out for it but ... the old/new wiki makes it quite confusing for people new to Linux-VServer. TIA :)
1159340860 M * doener well, I've written the proposal ;) http://people.linux-vserver.org/~doener/double_namespace_setup.txt
1159340895 M * meandtheshell doener: well - so lucky me - catching the right guy in the first place :)
1159340902 M * doener heh
1159341884 J * yarihm ~yarihm@whitehead2.nine.ch
1159342495 Q * Adrinael Server closed connection
1159342498 J * Adrinael adrinael@hoasb-ff0edd00-43.dhcp.inet.fi
1159342653 J * Aiken__ ~james@tooax6-181.dialup.optusnet.com.au
1159342980 Q * Aiken Ping timeout: 480 seconds
1159343051 Q * tdjb Server closed connection
1159343062 J * tdjb ~tdjb@209.151.52.189
1159343833 Q * nayco Quit: Lost terminal
1159344337 J * nayco ~nayco@proxy2.laroche.univ-nantes.fr
1159344450 M * nayco Hello, all !
1159344462 N * nayco nayco_work
1159344483 M * nayco_work Where's my nick ?
1159344514 M * nayco_work well...
1159344960 J * Borg- ~borg@217.97.139.162
1159344961 M * Borg- moin
1159345465 Q * gdm Server closed connection
1159345492 J * gdm ~gdm@www.iteration.org
1159346120 M * Borg- okey.. found why chroot didnt worked :>
1159346127 M * Borg- bloody dynamic libs..
1159346129 J * lilalinux ~plasma@dslb-084-058-219-118.pools.arcor-ip.net
1159346240 M * doener glibc version mismatch?
1159346287 M * Borg- nope.. you have very early to do chroot /home/vservers/name /sbin/ldconfig
1159346419 J * bgigon ~Benjamin@5-63.206-83.static-ip.oleane.fr
1159348210 J * klv5f2v7 ~foo@81.215.162.133
1159348415 N * klv5f2v7 stew[away]
1159348527 A * stew[away] hym.
1159348633 A * stew[away] stew.!
1159348679 A * stew[away] A-kill!
1159348689 A * stew[away] LiNuX Rulezz.
1159348696 A * stew[away] LiNuX System Administrator!
1159348758 Q * stew[away] Quit: < Klavye [ 5.FinaL ] > [ http://www.klavye.web.tr ] - irc.klavyescript.org - Lee
1159348875 M * bgigon ?!
1159348888 M * daniel_hozac that's exactly what i was thinking...
1159348952 M * Borg- okey..
1159348961 M * Borg- vserver works.. now I have problem w/ binding to specified IP
1159348967 M * harry i wasn't...
1159348967 M * bgigon when I see that, I say "no drugs" ...
1159348972 A * harry never thinks...
1159349015 M * harry thinking allways leads to conclusions... and those are extremely dangerous
1159349197 M * Borg- is this normal.. if.. let say.. I have inetd running on host system (it bind *:23) and then I start guest system and *:23 is available there too?
1159349211 M * daniel_hozac no.
1159349241 M * Borg- hmm.. so I b0rked something :/
1159349256 M * Borg- any clues?
1159349302 M * daniel_hozac is netstat showing it as 0.0.0.0:23 on the host?
1159349304 M * Borg- netstat -an doesnt show *:23 on guest.. but telnet 192.168.65.129 (guest IP) accepts the connection
1159349312 M * Borg- and I can log to host system
1159349313 M * daniel_hozac well, that doesn't mean anything.
1159349323 M * daniel_hozac there you go, that's expected behaviour.
1159349333 M * Borg- telnet is done from guest of course.
1159349335 M * daniel_hozac one of the many reasons why you shouldn't run services on your host.
1159349343 M * Borg- aha.. ok
1159349350 M * Borg- or bind them to one IP?
1159349355 M * Borg- main IP let say?
1159349391 M * Borg- hmm one interesting thing :>> 127.0.0.1 doesnt work on guest.. there is a light in tunnel :>
1159349569 M * daniel_hozac what do you mean?
1159349611 J * Aiken ~james@tooax7-203.dialup.optusnet.com.au
1159349626 M * Borg- I desperate need lo:127.0.0.1 on every guest
1159349648 M * daniel_hozac i.e. a private one? why?
1159349680 M * Borg- my developers arent very flexible.. and they use 127.0.0.1 everywhere to do some tests ( both bind() and connect() )
1159349707 M * Borg- of only they could use gethostbyname(localhost) before connect() and bind() it would be nice.. but
1159349711 M * Borg- s/of/if/
1159349732 M * doener 127.0.0.1 is rewritten to the vserver's first ip adress automagically
1159349763 M * Borg- the guest first IP?
1159349768 M * daniel_hozac yes.
1159349778 M * Borg- ohh.. kewl.. then seems my problem is solved! thx :)
1159349893 M * sid3windr not always great
1159349903 M * sid3windr stuff used to bind on 127.0.0.1 to be available from localhost only
1159349909 M * sid3windr in vserver you can reach the ports from outside
1159349918 M * sid3windr e.g. amavis
1159349926 M * sid3windr (luckily amavis still has access control)
1159349939 M * Borg- sid3windr: hmm indeed.. it could be improved
1159349940 Q * Aiken__ Ping timeout: 480 seconds
1159349957 M * harry hmm...
1159349961 M * Borg- okey.. is ther some dedailed info about -netdev and -interface for vserver-build ? I need to understand how it works..
1159349977 M * harry Remap Source IP Address in kernel config
1159349986 M * harry read the help options on that...
1159349993 M * harry s/options//
1159350008 A * sid3windr runs 2.0 not 2.1 ;>
1159350015 A * harry too
1159350019 M * sid3windr oh
1159350021 M * sid3windr it's in 2.0 too?
1159350028 M * daniel_hozac yes.
1159350033 M * Borg- because I have eth0-4.. eth2 is connected.. and I used --netdev eth0.. in guest I have eth0 w/ my IP
1159350036 M * harry yes
1159350041 M * Borg- and on host I have eth2 and eth0 configured..
1159350046 M * harry in the latest and greatest :)
1159350063 M * Borg- so I wonder if is there a way to use vth0 or sth like that ;) 
1159350074 M * daniel_hozac all the networking happens on the host.
1159350101 M * Borg- daniel_hozac: ok.. I under stand now that host is actualy unusable :) thats clear..
1159350206 M * daniel_hozac guests are just limited to a subset of the host's IP addresses.
1159350383 M * Borg- yeah. thats clear
1159350402 M * Borg- oki.. time to play around.. to discover possibilites :) thanks for support guys!
1159351796 M * Borg- is possible to name guest iface differently? vth0 or sth like that? or must use eth2 as name too?
1159352424 M * Borg- okey. screw it.. its just cosmetic ;]
1159352427 M * Borg- eth2 will work fine.
1159352550 Q * Aiken Ping timeout: 480 seconds
1159353768 Q * m4z Quit: http://www.catb.org/~esr/faqs/smart-questions.html
1159353826 J * m4z m4z@bastard-operator.from-hell.net
1159356872 J * Piet hiddenserv@tor.noreply.org
1159356983 Q * transacid Remote host closed the connection
1159357482 J * Piet_ hiddenserv@tor.noreply.org
1159357512 J * transacid ~transacid@transacid.de
1159357584 Q * Piet Remote host closed the connection
1159358138 J * _are_ ~are@62.112.159.81
1159358141 M * _are_ hi
1159358306 Q * Curus Ping timeout: 480 seconds
1159358568 Q * glut charon.oftc.net arion.oftc.net
1159358568 Q * ruskie charon.oftc.net arion.oftc.net
1159358568 Q * michal` charon.oftc.net arion.oftc.net
1159358568 Q * bubulak charon.oftc.net arion.oftc.net
1159358568 Q * kaner charon.oftc.net arion.oftc.net
1159358568 Q * MrX charon.oftc.net arion.oftc.net
1159358568 Q * vasko charon.oftc.net arion.oftc.net
1159358571 J * Curus ~Curus@kbhn-vbrg-sr0-vl209-213-185-8-10.perspektivbredband.net
1159358591 J * ruskie ~ruskie@ruskie.user.oftc.net
1159358648 J * michal` ~michal@www.rsbac.org
1159358650 J * glut glut@no.suid.pl
1159358650 J * bubulak ~bubulak@whisky.pendo.sk
1159358650 J * kaner kaner@strace.org
1159358650 J * MrX ~urk@219.95.24.141
1159358650 J * vasko ~vasko@unreal.rainside.sk
1159358761 M * phedny Virtuosso based VPS provider provide this minimum RAM guarantee thingy
1159358774 M * phedny is this functionallity available for vserver?
1159358909 J * Hollow_mobile ~bene@217.110.45.98
1159358914 A * Hollow_mobile waves
1159358939 A * phedny waves back and wonders how mobile Hollow_mobile is
1159358987 M * Hollow_mobile beside that i miss my internet connection, everything seems fine :)
1159359004 M * mnemoc Hollow_mobile: when will it be installed?
1159359017 M * Hollow_mobile 2-3 weeks still
1159359034 M * mnemoc oh
1159359042 M * Hollow_mobile mnemoc: is chris around?
1159359069 A * mnemoc pokes morfoh
1159359102 M * Hollow_mobile well, he isn't in here :D
1159359105 J * morfoh ~morfoh@kilo105.server4you.de
1159359109 M * Hollow_mobile ah
1159359110 M * mnemoc :)
1159359111 M * morfoh hi *
1159359121 M * Hollow_mobile well, would be a private talk anyway :P
1159359126 M * Hollow_mobile hey chris
1159359133 M * morfoh hey Hollow_mobile :9
1159359135 M * morfoh :)
1159359142 M * Hollow_mobile morfoh: i'd like to visit babelsberg :D
1159359411 Q * click Ping timeout: 480 seconds
1159359494 J * click click@ti511110a080-6047.bb.online.no
1159359536 M * daniel_hozac hey Hollow_mobile!
1159359555 M * Hollow_mobile hey daniel_hozac
1159359591 M * Hollow_mobile some pics: http://benedikt.boehm.name/gallery/v/berlinwohnung/
1159359707 M * daniel_hozac that looks awesome.
1159359733 M * Hollow_mobile indeed :D
1159359765 M * Hollow_mobile nice area, beside the chruches :P
1159359771 M * daniel_hozac hehe.
1159359773 M * Hollow_mobile *churches
1159359787 M * Hollow_mobile they ring every day, but well... my music is louder :P
1159359805 M * daniel_hozac lol
1159359811 M * daniel_hozac every hour, or just daily?
1159359830 M * Hollow_mobile just daily ;)
1159359835 M * daniel_hozac phew.
1159359840 M * Hollow_mobile at miday
1159359843 M * Hollow_mobile hehe
1159361359 N * Piet_ Piet
1159361415 Q * nebuchadnezzar Ping timeout: 480 seconds
1159361419 M * Piet would you recommend using irqbalance for a vserver host?
1159361424 M * Piet its a smp system
1159361639 J * Piet_ hiddenserv@tor.noreply.org
1159361888 M * meandtheshell Hollow_mobile: nice flat - you live there alone? or is more a "Studentenbude" that needs to be shared with tons of "NachtschwÃ¤rmern" ...  :)
1159362015 Q * Piet Killed (NickServ (GHOST command used by Piet_))
1159362020 N * Piet_ Piet
1159362030 M * Piet <Piet> would you recommend using irqbalance for a vserver host?
1159362030 M * Piet <Piet> its a smp system
1159362136 Q * transacid Quit: Lost terminal
1159362156 M * Hollow_mobile meandtheshell: well, i live with a friend there... but i'd be one of those nachtschw?rmers as well ;)
1159362427 M * meandtheshell Hollow_mobile: I see - what area of Berlin is this (since it looks very fine - a lot of trees, beautiful church ...)
1159362480 M * Hollow_mobile wilmersdorf
1159362489 M * Hollow_mobile am volkspark
1159362545 A * meandtheshell maps area_names to map because he's got no clue at all where that is :)
1159362638 J * transacid ~transacid@transacid.de
1159362824 M * Hollow_mobile ok, have to leave
1159362829 M * Hollow_mobile cu
1159362833 M * mnemoc cu Hollow_mobile 
1159362840 M * daniel_hozac cya, have fun!
1159362870 M * Hollow_mobile thanks, will have inet connection at unni next week, so i'll be online more often again ;)
1159362877 Q * Hollow_mobile Quit: This computer has gone to sleep
1159363996 Q * zkbrsnie 
1159364525 Q * gerrit_ Ping timeout: 480 seconds
1159365247 Q * Piet Remote host closed the connection
1159365398 J * harti ~hw@83-215-237-5.seek.stat.salzburg-online.at
1159365410 Q * meandtheshell Remote host closed the connection
1159365462 J * Piet hiddenserv@tor.noreply.org
1159365475 J * meandtheshell ~markus@85-124-37-92.dynamic.xdsl-line.inode.at
1159365586 J * Daniel15 ~dansoftau@220-245-145-19-vic-pppoe.tpgi.com.au
1159365628 M * Daniel15 Whoever admins Linux-Vserver.org, you need to implement some sort of anti-spam on your wiki ;)
1159365646 M * Daniel15 I just cleaned a whole heap of spam from one page
1159365655 M * Daniel15 http://linux-vserver.org/index.php?title=Talk%3AWelcome_to_Linux-VServer.org&diff=1716&oldid=1715
1159365657 M * Daniel15 ;)
1159365862 Q * Radiance Ping timeout: 480 seconds
1159365972 M * daniel_hozac yep.
1159366602 Q * harti Quit: Leaving
1159366796 J * gerrit_ ~gerrit@bi01p1.co.us.ibm.com
1159367524 M * daniel_hozac mugwump: could you see if http://people.linux-vserver.org/~dhozac/p/uv/experimental/vserver-build.fai still works? and how would i go about installing fai on my Fedora box?
1159367551 M * daniel_hozac (so i can see for myself ;))
1159367641 N * Bertl_zZ Bertl
1159367645 M * Bertl morning folks!
1159367651 M * daniel_hozac morning Bertl!
1159367739 Q * Daniel15 Quit: Daniel15
1159367933 M * daniel_hozac mugwump: killprocs is broken, but i think the rest should work...
1159368067 N * Belu_zZz Belu
1159368521 J * nebuchadnezzar ~nebu@zion.asgardr.info
1159368662 M * daniel_hozac mugwump: ... or not. i just realized that it's a new shell, meaning no variables.
1159368704 M * daniel_hozac hell, i broke the entire script.
1159368728 M * Bertl lol
1159368791 J * murdoc ~anything@wsip-70-169-163-40.dc.dc.cox.net
1159368814 M * Bertl welome murdoc!
1159368889 M * murdoc danke
1159369221 M * daniel_hozac mugwump: ok, try number 2. http://people.linux-vserver.org/~dhozac/p/uv/experimental/vserver-build-fai.patch moves the new namespace to before vserver-build, which i still think is the correct place for it.
1159369243 M * daniel_hozac (patch is against latest svn, if that's not obvious)
1159369967 Q * Belu Ping timeout: 480 seconds
1159370002 Q * cryptronic Ping timeout: 480 seconds
1159370040 J * Piet_ hiddenserv@tor.noreply.org
1159370146 Q * Piet Remote host closed the connection
1159370380 Q * Borg- Quit: leaving
1159370556 Q * yarihm Ping timeout: 480 seconds
1159370673 J * stefani ~stefani@tsipoor.banerian.org
1159371065 J * coocoon ~coocoon@p54A053AE.dip.t-dialin.net
1159371096 M * coocoon hello to all
1159371156 M * daniel_hozac hi
1159371224 M * Bertl wb stefani! coocoon!
1159371236 M * Bertl okay, off for dinner now ... back shortly
1159371241 N * Bertl Bertl_oO
1159371749 Q * glut Server closed connection
1159371779 J * glut glut@no.suid.pl
1159372538 Q * soatolaEspera Read error: Connection reset by peer
1159373020 N * Bertl_oO Bertl
1159373026 M * Bertl back now
1159373056 Q * Piet_ Ping timeout: 480 seconds
1159373403 J * bonbons ~bonbons@83.222.36.111
1159373441 M * Bertl welcome bonbons!
1159373691 Q * _are_ Ping timeout: 480 seconds
1159373711 M * bonbons Hey Bertl!
1159374275 M * matled does the reducecap stuff make sense here http://oldwiki.linux-vserver.org/MoreUbuntu? I thought it would change the capabilities of the program executed, not the parent, so executing reducecap [..] /bin/true should change nothing
1159374562 M * daniel_hozac matled: indeed.
1159374613 M * doener reducecap probably changes the maximum capabilities for the context...
1159374645 M * doener it uses the legacy interface and IIRC that used to affect all existing and future processes in the context
1159374699 M * daniel_hozac not the existing ones, surely? i thought we only added that in 2.1.1-rc18.
1159374782 M * daniel_hozac you're right though, any process entering the context after that would lack that capability.
1159374844 M * doener hm, I thought there used to be a loop  for the existing tasks...
1159375132 Q * goblin Server closed connection
1159375144 J * goblin ~jaaa@sr-fw1.router.uk.clara.net
1159375177 Q * gerrit_ Ping timeout: 480 seconds
1159375354 M * Bertl on 2.1.1 it is not relevant what caps are given to the processes
1159375375 M * Bertl the only relevant factor is the mask, which is global now
1159375393 M * Bertl (although processes couldhave less caps too :)
1159375453 M * daniel_hozac exactly, but reducecap masks the context's caps.
1159375480 M * daniel_hozac (and thus the process's caps.
1159375493 M * Bertl yes, but not directly anymore
1159375511 M * Bertl well, for the context, I mean, not for each process
1159375625 Q * dna_ Quit: Verlassend
1159375660 M * daniel_hozac right.
1159375915 J * gerrit_ ~gerrit@bi01p1.co.us.ibm.com
1159377786 J * Borg- borg@cube.benet.uu3.net
1159378117 J * duckx ~Duck@tox.dyndns.org
1159378300 Q * bgigon Quit: Quitte
1159378427 M * meandtheshell Bertl: as of now I'm not familiar with namespaces and how Linux-VServer applies them and furthermore the impact in managing/configuring the whole Linux-VServer shebang. I found that http://oldwiki.linux-vserver.org/Namespaces Is there more Information around or do I have to take a look at the source code?
1159378631 M * Bertl well, namespaces are not something Linux-VServer specific
1159378642 M * Bertl they are part of 2.4 and 2.6 kernels for some while now
1159378669 M * Bertl OTOH it is not that complicated, if you know how databases and views work, that is quite similar
1159378765 M * meandtheshell Bertl: as i figured out the main reason (maybe the only one?) using namespaces is for being able that every context does have its own view to the file system
1159378808 M * Bertl precisely
1159379072 M * meandtheshell ok - so ... what still confuses me (haven't walked the source till now ... ) is if, or if not, as of now, the namespace thing is used per default or do I have to enable it for the context I wanted to use namespaces and if so ... what's the case for the non default namespace usage (what I read in the new wiki until now makes me think namespaces are used per default now - no?)
1159379177 M * daniel_hozac they're used by default since 0.29.<something>.
1159379251 M * meandtheshell daniel_hozac: ah - I see - you brought more light into my world telling me that ...
1159379273 M * Bertl but you can disable them with some option
1159379279 M * daniel_hozac indeed.
1159379293 M * daniel_hozac /etc/vservers/{.defaults,guest}/nonamespace
1159379311 M * meandtheshell daniel_hozac: why do I need namespaces with contexts if every context does have its own partition - do I?
1159379400 M * daniel_hozac the namespaces are mostly used to separate guest mounts from host mounts.
1159379578 M * meandtheshell I see - so namespaces (the way Linux-VServer uses them) only affect which context can mount/unmount or "see" parts of the directory tree THEY DO NOT affect things like quota etc. - am I right?
1159379621 M * meandtheshell its because you said "mostly" ....
1159379697 M * Bertl yep, everything _below_ the vfs is not affected at all
1159379782 Q * gerrit_ Ping timeout: 480 seconds
1159379783 M * meandtheshell Bertl: ok - quota etc. is considered to be below the vfs layer - also right? Well I'm pretty sure but asking the fools way makes happy people :)
1159379819 M * meandtheshell in fact every tool etc. that works on data, permissions etc. must work below the vfs layer ...
1159379985 J * Radiance 4a34f7f037@halt.1984world.eu
1159380179 M * meandtheshell is there a common sense what's best - n contexts on one partition (shared partition) or n contexts and n partitions - quota for example works on a per context base (at least that's my information stand) - what does people usually setup - the shared partition variant I guess - no? 
1159380621 M * daniel_hozac it depends on your requirements.
1159380635 M * daniel_hozac a shared partition means you can use hashification to cut down on space and memory requirements.
1159380675 M * daniel_hozac but as you said, per-context quota only works with separate partitions.
1159380685 M * meandtheshell daniel_hozac: that has to be done manually by linking (ldconfig) - right?
1159380695 M * daniel_hozac what?
1159380708 M * Bertl welcome Radiance!
1159380721 M * daniel_hozac the hashification? yeah, you have to run vserver ... hashify every once in a while.
1159380727 M * Radiance hiya bud ! :)
1159380770 M * meandtheshell daniel_hozac: yes I meant the hashification and ldconfig
1159380775 M * daniel_hozac (and then find /vservers/.hash -links 1 -print0 | xargs -0 rm -f to clean it up)
1159380785 M * daniel_hozac meandtheshell: i don't get how ldconfig relates to hashification?
1159380862 M * meandtheshell daniel_hozac: well, yesterday if I recall correctly ... you mentioned ldconfig in conjunction with hashificatoin - I may got it wront :)
1159380969 M * daniel_hozac the only time i mentioned ldconfig yesterday was in relation to rpm not finding libvserver.so.0.
1159380977 M * meandtheshell ok so - what do I have to do in order to hashify?
1159380988 M * meandtheshell daniel_hozac: right - that was it ... :)
1159381032 M * meandtheshell can it be done with util-vservers?
1159381036 M * daniel_hozac yes.
1159381042 M * daniel_hozac as i said, vserver <guest> hashify
1159381049 M * meandtheshell ah - ok
1159381049 M * daniel_hozac after setting it up.
1159381070 M * daniel_hozac http://oldwiki.linux-vserver.org/alpha+util-vserver has a section of vhashify.
1159381150 M * meandtheshell daniel_hozac: thank you
1159381301 Q * sladen Ping timeout: 480 seconds
1159381677 J * sladen paul@starsky.19inch.net
1159382690 Q * bubulak Server closed connection
1159382702 J * bubulak ~bubulak@whisky.pendo.sk
1159382885 M * Bertl nap attack ... back alter :)
1159382889 M * Bertl *later
1159382897 N * Bertl Bertl_zZ
1159383478 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1159383978 M * Greek0 does selinux work together with vserver?
1159384003 M * node Greek0: not yet
1159384059 Q * nox Ping timeout: 480 seconds
1159384433 M * Greek0 thanks
1159384501 M * node Greek0: it is being worked on 
1159385071 Q * phreak`` Quit: leaving
1159385102 J * phreak`` ~phreak``@140.211.166.183
1159385459 M * daniel_hozac node: how doesn't it work? i've never tried.
1159385489 M * node daniel_hozac: it cant enforce anything correctly for guests
1159385546 M * daniel_hozac so even if you set the file contexts and such and modify the policy, you can't use it?
1159385571 M * doener in a controlled environment (service separation, same distro everywhere, maybe more) it could work (administration done from the host)
1159385597 M * doener (just a wild guess)
1159385603 M * daniel_hozac yeah, that's what i think too.
1159385608 M * node well, the access decisions are made in the kernel
1159385613 M * doener but that's _very_ limited
1159385634 M * daniel_hozac node: right, so why is that a problem?
1159385638 M * doener and probably even more complicated than the usual selinux setup
1159385639 M * node and afaik, the kernel security server hasn't been modified to take xid into account when rendering decisions
1159385653 M * node so, you have different policies loaded in different guests
1159385671 M * node how is the kernel security server supposed to render an access decision if it doesnt know which policy to use?
1159385698 M * daniel_hozac SELinux supports multiple policies already?
1159385729 M * node no
1159385758 M * daniel_hozac well, then that argument is void before it even exists :)
1159385771 M * node what do you mean by 'supports multiple policies'
1159385777 M * daniel_hozac anyway, why shouldn't the use-case doener created work?
1159385790 M * daniel_hozac 21:34 < node> so, you have different policies loaded in different guests
1159385796 M * daniel_hozac that's not possible at all, is it?
1159385803 M * node no, but it should be
1159385821 M * node that is what i was looking into
1159385906 M * doener daniel_hozac: I guess node is argumenting for the "usual" use case, where it's not service separation, but more like vserver hosting
1159385916 M * doener where each vserver wants its own policy
1159385919 M * node yes
1159385920 M * daniel_hozac right, and i can see why that is useful.
1159385927 M * daniel_hozac but that doesn't mean SELinux doesn't work with vserver.
1159385941 M * daniel_hozac (with the proper policy)
1159385942 M * doener depends on your POV ;)
1159385959 M * node yeah, it will 'work'
1159385970 M * node as in, wont crash your system, and enforce 1 policy
1159385977 M * node well, it'll enforce 1 policy correctly
1159386048 M * node however i'd like to see each guest be able to have its own policy
1159386248 Q * lilalinux Remote host closed the connection
1159386546 J * comfrey ~comfrey@h-64-105-215-75.sttnwaho.covad.net
1159387290 J * tatiane ~tatiane@201009104058.user.veloxzone.com.br
1159387294 M * [PUPPETS]Gonzo if I move a vserver (guest) from one host to another, do I have to create it on the new host or can I just rsync the files in /vservers and /etc/vservers and start it?
1159387302 Q * tatiane 
1159387487 M * daniel_hozac [PUPPETS]Gonzo: externalized package management?
1159387625 M * [PUPPETS]Gonzo externa- WHAT?
1159387658 M * [PUPPETS]Gonzo I created a vserver on a host some time ago and want to move it to another - new host
1159387665 J * _are_ ~are@62.112.159.81
1159387680 M * daniel_hozac [PUPPETS]Gonzo: do you use vrpm/vyum/vapt-get to manage the software installed on it? or is it a non-RPM based guest?
1159387806 M * [PUPPETS]Gonzo it's an ubuntu guest and I don't use any "virtual package management", I manage each vserver "by hand"
1159387826 M * daniel_hozac well then, /vservers and /etc/vservers should suffice then.
1159387832 M * [PUPPETS]Gonzo ok
1159387844 M * [PUPPETS]Gonzo I asked, because I did not find the xid in any file
1159387851 M * [PUPPETS]Gonzo maybe I was blind
1159387857 M * daniel_hozac /etc/vservers/.../context
1159387883 M * [PUPPETS]Gonzo then this vserver does not have one
1159387889 M * [PUPPETS]Gonzo I should change this ;)
1159387905 M * daniel_hozac yep, dynamic contexts are deprecated and will be going away soon.
1159387929 M * harry they better! :p
1159387939 A * harry slaps daniel_hozac (just for the fun of it ;))
1159387941 J * nox ~nox@noxlux.de
1159387949 M * [PUPPETS]Gonzo just create a file called "context" and put some unique number in it?
1159387954 M * harry yup
1159387957 M * daniel_hozac yes, between 2 and 49151.
1159387963 M * harry (allways nice to have a system for it tough :))
1159387979 M * harry like all my hosts start with 100, 200, 300... (so 3 hosts)
1159387991 M * harry each of them can have 100 virtual hosts... before i run into probs ;))
1159388004 M * harry i have 1 disaster recovery machine, which has config/images of all
1159388009 M * daniel_hozac i'm using my xid as the last octet of the IP address too, so i'm limited.
1159388018 M * [PUPPETS]Gonzo thanks a lot. 
1159388022 M * harry on which networking is (off course) the same, where , in case of disaster, i can just start another :))
1159388043 M * harry you gotta love this way of working
1159388073 M * [PUPPETS]Gonzo but as you are here and awake: I mounted my new /vserver with tagxid - do I have to do anything to make it count/tag the files? or just copy them there, start the vserver and rock on?
1159388133 M * daniel_hozac chxid -c <guest> -R /vservers/<directory>
1159388136 M * harry don't use that (yet), so i don't know :))
1159388153 M * [PUPPETS]Gonzo thanks
1159388163 M * [PUPPETS]Gonzo I'll put that in my mailbox, so I'll find it again
1159388174 M * [PUPPETS]Gonzo btw: did not find such info in the wiki (easily)
1159388176 M * harry will need that to set limits on vps sizes
1159388183 M * harry per vps quota etc.. :)
1159388186 M * daniel_hozac http://oldwiki.linux-vserver.org/Disk+Limits
1159388199 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch
1159388218 M * [PUPPETS]Gonzo a running vserver taggs automatically?
1159388236 M * daniel_hozac yes, any file created by a guest will be automatically tagged.
1159388256 M * [PUPPETS]Gonzo I love you ;)
1159388400 Q * gerrit Ping timeout: 480 seconds
1159388829 Q * comfrey Quit: Lost terminal
1159389216 Q * bonbons Quit: Leaving
1159389277 J * gcj ~chris@cpc1-cmbg7-0-0-cust497.cmbg.cable.ntl.com
1159389282 M * gcj evening all
1159389317 M * daniel_hozac evening
1159389327 M * gcj does anyone have any idea how to configure limits so that a runaway vserver does not make the host unusable through swap storms when it runs too low on rss/as?
1159389363 M * mugwump gcj: lookup rlimit
1159389386 M * gcj i've set rlimits already, on rss, as and nproc, but it's still possible to make the host unusable
1159389404 M * mugwump the limits are being exceeded?
1159389419 M * gcj when a vserver gets close to exhausing its address space, it starts paging out applications, that must be paged back in again immediately -> swap storm
1159389424 M * gcj the limits are not being exceeded
1159389435 M * mugwump ah
1159389447 M * mugwump which i/o scheduler are ou using? ant. or cfq?
1159389455 M * gcj default, i guess cfq?
1159389487 M * mugwump I think anticipatory is the default.  in theory cfq should be better, but perhaps each vserver's i/o isn't being a separate class anyway
1159389506 M * mugwump ie, there is still one big swapd
1159389541 M * daniel_hozac i think they are on devel.
1159389644 M * mugwump gcj: might be worth giving the devel patch a spin on a test box
1159389676 M * gcj hmm, not really an option i'm afraid
1159389694 M * gcj i only have my production server, and changing the kernel is dangerous because getting physical access is not easy
1159389722 M * gcj presumably if only one vserver is swapping, it can still bring down the system through iowaits?
1159389848 M * daniel_hozac mugwump: did you see my patch?
1159389852 M * gcj perhaps deadline scheduler will make those swap ios wait for a bit?
1159389905 M * mugwump I'm not sure.  Trying alternate schedulers can't hurt that much
1159389908 M * gcj will try cfq anyway
1159389918 M * gcj i thought i had to reboot but it seems to be possible to change at runtime
1159389918 M * mugwump daniel_hozac: no, I didn't ... what did you do?
1159389921 M * gcj thanks
1159389930 M * daniel_hozac i started to clean fai up.
1159389937 M * mugwump aha
1159389945 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/uv/experimental/vserver-build-fai.patch
1159390073 M * mugwump yeah that looks a bit tidier, nice work :)
1159390077 M * mugwump I'll give it a try today
1159390084 Q * murdoc 
1159390092 M * daniel_hozac thanks, i think it shouldn't break anything but killprocs.
1159390127 M * mugwump ok.  is it worth asking for confirmation at the beginning without showing the user any details about what they're confirming?
1159390195 M * daniel_hozac what sort of details do you have in mind?
1159390249 M * mugwump what nfsroot is going to be used, what ip, interface, etc.
1159390273 M * daniel_hozac FAI_NFSROOT is already echoed, no?
1159390289 M * daniel_hozac personally i don't really see the point of that though :)
1159390317 M * daniel_hozac i mean, the user did just input it into the command line.
1159390321 M * mugwump oh yes, it is, right there
1159390332 M * mugwump they might have used -f somevserver
1159390350 M * mugwump in which case you're showing them it's using /var/lib/vservers/somevserver/usr/lib/fai/nfsroot etc
1159390363 M * daniel_hozac hmm, true.
1159390375 J * gerrit ~gerrit@bi01p1.co.us.ibm.com
1159390452 J * sp sp@delta.sp.or.at
1159390458 Q * ruskie Quit: Disconnecting from stoned server.
1159390461 M * sp hi
1159390473 M * daniel_hozac hello
1159390476 M * sp I just wanted to inform you all about something I've just noticed:
1159390511 M * sp mysql seems to be storing tmp tables in /tmp which can cause problems with default 16MiB tmpfs /tmp in vservers
1159390545 M * sp I didn't find a note about that anywhere, so you might want to add that to the wiki
1159390557 M * daniel_hozac feel free.
1159390582 M * Borg- holy necro
1159390584 M * sp ok, I'll do that myself, I still thought it might be a good idea letting you know about that 'issue'
1159390585 M * _are_ derjohn: as I see you updated the faq on xid-tagging. Just for my understanding: will a guest see untagged files? can the host see tagged files of the guest?
1159390586 M * Borg- I didnt noticed that :)
1159390597 M * Borg- is /tmp mandatory in vserver?
1159390601 M * daniel_hozac no.
1159390602 M * sp no, it isn't
1159390616 M * sp removing it from the vserver's fstab actually did the trick for me/us
1159390620 M * Borg- how to get rid of it when buidling?
1159390628 M * daniel_hozac you can change the default fstab.
1159390640 M * Borg- oki :) thx
1159390651 M * Borg- I usualy do ln -s /var/tmp /tmp
1159390651 J * ruskie ~ruskie@ruskie.user.oftc.net
1159390758 M * derjohn _are_, *lol* I did the update 3 mins ago :)
1159390806 M * daniel_hozac _are_: the guest will see untagged files. the host will see all files.
1159390831 M * derjohn the host can see tagged files, yes (context 0 and 1 shoudl be able to see them). but other guests cannot (!) see them. a common problem is with unification .... this wont work as the file can only have one xid.
1159390836 M * derjohn daniel_hozac, corerct?
1159390841 M * derjohn *correct
1159390862 M * daniel_hozac well, guests can see them, just not anything about them.
1159390867 A * derjohn must go now. bbl.
1159390885 M * daniel_hozac i.e. they'll see the filename, but not the owner, group, permissions, etc.
1159390900 M * derjohn really? see is "see the file" or "read the file content"
1159390906 M * derjohn ah
1159390908 M * derjohn kk
1159390918 M * daniel_hozac see the file.
1159390923 M * daniel_hozac in directory listings.
1159390968 M * derjohn well, he see /var/porn/movie.avi but cant watch it? well .. doesnt really matter ;)
1159390987 M * daniel_hozac right.
1159390999 M * derjohn _are_, your turn to update the FAQ ... /me offf now byte !
1159391014 M * daniel_hozac bye!
1159391038 M * [PUPPETS]Gonzo baba derjohn
1159391067 M * sp added some info regarding the mysqld 'problem' to the FAQ
1159391241 Q * gerrit Ping timeout: 480 seconds
1159391329 M * _are_ done
1159391337 N * Bertl_zZ Bertl
1159391344 M * Bertl back now ...
1159391350 M * [PUPPETS]Gonzo wb bertl
1159391493 M * Bertl sp: that#s interesting .. might explain some of those 'all table locked' issues folks reported some time ago
1159391504 M * sp oh yes
1159391510 M * Bertl sp: is that something new in mysql?
1159391513 M * sp I've just seen it on a way 'bigger' machine
1159391541 M * Bertl IIRC, larger data should go into /var/tmp according to some filesystem guidelines
1159391543 M * sp I don't know, we've just switched to a vserver-based enviroment
1159391580 M * Bertl ah, np, do you know if that behaviour is adjustable in mysql?
1159391597 M * Bertl i.e. can this data be redirected somewhere?
1159391648 M * sp mhh, it actually is or should be using /var/tmp
1159391671 M * gcj Bertl, good evening. can u suggest any way to avoid swap storms when a vserver runs out of rss/as and starts paging out its applications? change io scheduler to cfq as mugwump suggested to me?
1159391673 M * sp however, the problem has been solved for us by removing the tmpfs /tmp mount
1159391764 M * _are_ well, having /tmp as a ramdisk as such is no bad idea for performance. Just the default is to small for big webservers, mailservers or database servers
1159391870 M * Bertl gcj: swap storms or probably better called trashing is something which happens on the host
1159391897 M * sp I'm aware of the performance gain you get
1159391919 M * Bertl gcj: the only suggestion I can give there is a) increase the available memory or b) reduce the resident set size of all guest (or just the number of guests)
1159391933 M * gcj reducing rss seems to be what caused the problem
1159391938 M * sp however, to be safe I'd still recommend not using a tmpfs on a big database server
1159391952 M * Bertl gcj: not the limit, the actual usage
1159391953 M * gcj i think that one vserver got a working set bigger than rss, and started thrashing
1159391969 J * Piet hiddenserv@tor.noreply.org
1159391972 J * gerrit ~gerrit@bi01p1.co.us.ibm.com
1159391980 J * dna_ ~naucki@p54BCE609.dip.t-dialin.net
1159391987 M * Bertl the limits inside the guest will not cause excessive swapping, it will cause processes to be killed
1159392000 M * Bertl (if the hard limit is hit)
1159392010 M * gcj surely that's true for as but not rss?
1159392046 M * harry as gives a -ENOMEM normally
1159392048 M * Bertl especially rss, because apps which _require_ a page to be resident (when the limit is already reached) will not be able to get that page
1159392048 Q * mire Quit: Leaving
1159392049 M * [PUPPETS]Gonzo one last question for today: how can I show the xid of a file from the host view?
1159392065 M * harry rss gives you a crash
1159392070 M * gcj Bertl, doesn't the kernel just page something out so that it can give them a page?
1159392072 M * Bertl gcj: instead the OOM killer will go wild
1159392083 M * gcj unless all the rss is locked, it can do that, right?
1159392095 M * gcj oom killer did nothing for me when this happened to me yesterday
1159392096 M * Bertl yes, but it would have done that before
1159392099 M * harry Bertl: ahm... OOM when a vps is at it's rss?
1159392113 M * Bertl at the hard limit, yes
1159392127 M * harry wait, the system rss or the hard limited rss ?
1159392130 M * gcj i have only hard limits, i didn't see the usefulness of soft limits
1159392134 M * Bertl the soft limit, which can be considered the 'physical memory'
1159392146 M * Bertl will not cause the process to be harmed
1159392150 M * harry so if my vps gets to it's hard limit rss, OOM will kill processes?
1159392162 M * Bertl yes
1159392171 M * harry in-context processes?
1159392174 M * harry or ALL processes?
1159392180 M * Bertl or deny allocations if that is possible
1159392197 M * gcj Bertl, are you sure? i don't understand, i thought that oom only applied to lack of VM (AS) and not lack of real memory (RSS)
1159392201 J * mire ~mire@239-167-222-85.COOL.ADSL.VLine.Verat.NET
1159392203 M * Bertl really depends on the case, usually rss is not allocated but instead just consumed
1159392219 M * harry aaaah... the joy of linux vmm :)
1159392241 M * Bertl gcj: I know what you mean, but VM != AS if you are strict
1159392246 M * harry i thought limiting memory per vps was a good thing
1159392258 M * Bertl let me explain the mechanics behind it
1159392265 M * gcj harry, it seems to be an excellent idea, but not sufficient to prevent swap death
1159392274 M * gcj err, i mean thrashing :-)
1159392278 M * Bertl on the host side we have two level memory
1159392289 M * Bertl - physical memory (pages)
1159392290 M * harry but, if it starts oom when 1 vps runs out of memory, and another vps has java running, it kills java?
1159392297 M * Bertl - swap space (pages too)
1159392306 A * harry listenes to Bertl now :)
1159392327 M * Bertl the virtual memory on x86 is usually limited to 1-4GB
1159392341 M * Bertl (this is a physical limitation of this arch)
1159392370 M * Bertl now the physical memory _and_ the swap space, both make up the virtual memory
1159392392 M * Bertl the amount of pages kept in physical memory at any point is called RSS
1159392411 M * Bertl the maximal size of the VM address range is called AS
1159392453 M * Bertl now how to account this inside a guest, which possibly shares pages with other guests or the host?
1159392460 M * harry so vmm can never be more than #mempages + #swappages
1159392488 M * Bertl we can pretty easy account RSS pages assigned and sum them up for each guest
1159392530 M * Bertl this accounting is not perfect as it does not necessarily reflect the amount of memory used by the guest
1159392544 M * Bertl (would only be correct with swapping disabled)
1159392565 M * gcj Bertl, do you mean it doesn't reflect the amount of real memory (ram) used by the guest?
1159392576 M * Bertl OTOH, we can account the 'virtual' memory a task allocates with the kernel
1159392580 M * Piet Bertl: would you recommend using irqbalance on a SMP vserver host? if so, should th user space tool be used, too?
1159392587 M * Bertl gcj: no, it _exactly_ reflects that amount
1159392589 M * harry gcj: it doesn't reflect how much ram is PHYSICALLY used
1159392600 M * harry because pages can be swapped out
1159392600 M * Bertl harry: wrong!
1159392603 M * harry ?
1159392622 M * Bertl the RSS = Resident Set Size is _exactly_ the number of pages in RAM
1159392652 M * harry ah, so swapped pages aren't in there?
1159392658 M * Bertl exactly
1159392679 M * harry then i don't get this: 23:29 < Bertl> (would only be correct with swapping disabled)
1159392681 M * daniel_hozac [PUPPETS]Gonzo: lsxid
1159392683 M * Bertl but, as the host knows better than any guest what to swap out and what not
1159392686 M * gcj Bertl, ok so when you said "memory used" you meant virtual memory? i see
1159392696 M * Bertl gcj: nope
1159392703 M * Bertl let me make an example
1159392718 M * Bertl let's assume we have a single process running in xid=666
1159392737 M * Bertl the process does a malloc(1GB)
1159392750 M * Bertl we ignore memory used for the process itself and such stuff
1159392778 M * Bertl this immediately results in RSS=0 and AS=1GB
1159392792 M * Bertl how much ram/swap does it use up? none
1159392810 M * Bertl but, it has a potential to use up to 1GB in sum
1159392810 M * harry (some administration pages, but we'll not count those ;))
1159392828 M * Bertl so, let's further assume out hardware has 512MB of RAM
1159392829 M * gcj ok, it hasn't touched the pages, so the kernel doesn't reserve any real memory for them?
1159392840 M * Bertl and 2GB of swap
1159392845 M * gcj they are effectively "swapped out" to /dev/zero?
1159392856 M * Bertl yes, something like that
1159392874 M * Bertl now when the process starts to write random data to those pages
1159392887 M * harry brk()! :)
1159392892 M * Bertl real memory will be allocated for that (on every page fault)
1159392902 Q * Snow-Man Server closed connection
1159392904 J * Snow-Man ~sfrost@kenobi.snowman.net
1159392924 M * Bertl the system will provide (depending on the swappiness) RSS pages up to a certain limit
1159392926 M * gcj and something will be paged out to make room for that real memory? (or clean cache buffers dropped)
1159392937 M * Bertl and after that it will start paging out older pages
1159392960 M * Bertl so we will end up, with let's say 256MB in RSS and 768MB in swap
1159392992 M * gcj btw, where would be a good place to document this on the wiki?
1159393024 J * xdarw ~XircUser@tor-irc.dnsbl.oftc.net
1159393025 M * daniel_hozac we already have too many documenting memory, IMHO.
1159393039 M * daniel_hozac i.e. a merge and a more prominent place is probably what is really needed.
1159393065 Q * xdarw 
1159393066 M * harry Bertl: now, imagine i have a server: 1 GB ram, 1GB swap
1159393086 M * harry i want 1 vps that can take "all" of the memory, but still make it workable
1159393095 M * harry what are sane defaults for as/rss ?
1159393119 M * harry does it make sense to make as > 2GB/4?
1159393131 M * harry does it make sense to make rss > 2GB/4?
1159393131 M * Bertl sorry, phone call, back now
1159393136 M * harry does it make sense to make rss > 1GB/4?
1159393148 M * harry 3 q's, all the same ... sorta ;))
1159393159 M * Bertl so, we decided to present a 'conventiona' view inside a guest
1159393175 M * Bertl (as the truth absolutely doesn't match what folks expect)
1159393219 M * Bertl and this convenience thing uses the soft/hard limits of RSS to show memory (RAM) and swap
1159393255 M * Bertl so, if you set RSS(hard) to 1GB and RSS(soft) to 256MB
1159393272 M * Bertl this will look like a system with 256MB ram and 768MB swap
1159393294 M * Bertl although the pages could be both in ram and in swap
1159393325 M * Bertl natrually, once the virtual ram+swap is exhausted (i.e. you reach the hard RSS limit) the only option is OOM
1159393348 M * harry what happens when you just echo <bleh> > /etc/vservers/.../rlimits/rss ?
1159393350 M * gcj ok, that's not what i expected at all
1159393369 M * Bertl dcjbut it makes sense now, yes?
1159393373 M * harry then rss is HARD ?
1159393373 M * gcj i thought the swap was AS(hard)-RSS(hard)
1159393376 M * harry or soft?
1159393398 M * daniel_hozac harry: both.
1159393412 M * Bertl should have been gcj: but it makes sense now, yes?
1159393427 M * gcj i don't understand what AS is useful for, but RSS makes sense now, yes
1159393438 M * harry same here, gcj :)
1159393443 M * Bertl gcj: the AS (address space) becomes a little more complicated once you apply it to more than one process
1159393457 M * Bertl let's consider a second example
1159393484 M * Bertl we now have two processes, both using 100M mapped from a file
1159393509 M * Bertl to map this file, both have to 'allocate' AS worth of at least 100M
1159393525 M * Bertl how much RSS will they both use up?
1159393539 M * harry depends on the amount of shm :)
1159393541 M * Bertl maximal 100M as the file is only mapped once
1159393542 M * gcj depends on how they access those pages
1159393544 M * gcj '
1159393568 M * Bertl as long as they do not write to it in a non shared mapping
1159393584 M * Bertl but, the AS value will be 100MB for each of them
1159393602 M * Bertl to reflect that we can only add them up to 200MB total usage
1159393612 M * gcj so total AS for the context will be at least 200M?
1159393623 M * Bertl (otherwise we would have to tag pages with context tags, which really adds overhead)
1159393647 M * Bertl gcj: yes, exactly, it will be the sum of all allocations
1159393663 M * harry so limiting as is... well... not that good with really multithreaded applications, such as apache
1159393675 M * harry which spawns processes like crazy, but has a lot of shared mem
1159393679 M * Bertl we additionally account shared and locked pages, because they actually can be a DoS cause
1159393685 M * gcj then AS limits are not so useful, because they don't reflect the use of any real limited resource?
1159393715 M * Bertl gcj: basically the AS is an upper boundary to tell processes that they are beyond their limits in a nice way
1159393721 M * harry gcj: looking for "sane defaults that can't crash the entire system"? ;)
1159393730 M * gcj harry, yes :-)
1159393735 M * harry same here :)
1159393735 M * gcj of course :-)
1159393741 Q * eyck Ping timeout: 480 seconds
1159393752 M * Bertl i.e. allocations will fail and not cause OOM when the AS limit is hit
1159393768 M * harry i've seen that on one of our webservers...
1159393776 M * Bertl the problem is, you could easily get the system to a sane behaviour with disabling the overommitment
1159393782 M * harry even when i gave it 2GB, it still hit the top a few times
1159393788 M * gcj  but how would I know where to set it? it's perfectly ok for 100 processes to map that 100M file, it only uses 100M of real pages
1159393792 M * Bertl OTOH, that would basically eliminate java and similar apps
1159393812 M * Bertl (which are so broken by design, that they allocate all memory at once)
1159393819 M * harry now i get it... apache spawns 150x20MB
1159393835 M * harry and bam... you're over the top , without actually using mem :)
1159393852 M * Bertl gcj: thats why you have the RSS too
1159393865 M * gcj Bertl, that's why RSS limits seem much more useful
1159393880 M * harry but, Bertl , if we sum up: rss.soft => RAM and rss.hard => RAM + SWAP ?
1159393881 M * Bertl it is basically the hard way to tell them processes that they reached a limit
1159393895 M * harry should we look at it that way?
1159393895 M * gcj are there any AS limits on a real (non-virtual) system? i don't think there are
1159393898 M * Bertl harry: inside the guest, yes
1159393914 M * Bertl gcj: yes, but they are per process not total
1159393916 M * gcj oom may kill an apache process if it uses too much memory, but apache recovers and keeps running
1159393917 M * harry and as in the guest... is... well... not very useful for anything, right?
1159393943 M * Bertl harry: as I said, it is the nice way to stop DoS
1159393959 M * Bertl harry: just think memory fork bomb
1159393962 M * gcj a per-process AS limit would seem to be more useful than a context-wide one
1159393964 M * harry hmm...
1159393981 M * Bertl gcj: those are there and can be set too, see ulimits
1159394006 M * Bertl gcj: but of course, you do not have to use the AS limits at all
1159394026 M * gcj Bertl, can they be configured using the vserver init mechanism?
1159394041 M * Bertl yes, they are part of the configuration
1159394043 M * gcj or do they have to be set inside each virtual server?
1159394074 M * Bertl you can lower them inside, but not raise them
1159394080 M * Bertl without giving additional caps)
1159394084 M * harry Bertl: if i have a 1GB ram, 1GB sawp machine, and i give the host a rss.soft of 256000 and hard of 512000
1159394093 M * harry that will keep me safe for the vps , right?
1159394101 M * Bertl yes
1159394104 M * harry leaves me ... well... some pages :)
1159394116 M * harry mem forkbomb in vps can't kill my host
1159394116 M * Bertl but it might as well result in 768MB ram used for the guest
1159394120 M * harry will it start oom?
1159394138 M * Bertl once the guest tries to instantiate pages above 768M, yes
1159394139 M * harry yeah sure... but not trash my system
1159394140 M * gcj Bertl, i thought it would limit the guest to 256M ram
1159394149 M * daniel_hozac Bertl: hmm, soft and hard limits are added together?
1159394153 M * gcj at least top in the guest would show 256M ram, right?
1159394156 M * harry gcj: it's pages
1159394159 M * harry not ram
1159394160 M * Bertl daniel_hozac: nope
1159394167 M * Bertl my fault
1159394173 M * harry pages on i386 are 4096 bytes
1159394175 M * Bertl s/768/512/
1159394207 M * Bertl gcj: yes, the guest will _show_ 256MB ram
1159394216 M * harry Bertl: when will OOM start then?
1159394233 M * harry what happens when i reach rss.hard in a guest... oom starts killing inside the guest?
1159394238 M * harry on the entire system?
1159394239 M * Bertl the 256000 are pages?
1159394246 M * harry yeah
1159394274 M * Bertl so soft=1GB and hard=2GB, yes?
1159394279 M * gcj oh, sorry harry, i misread
1159394287 M * gcj the guest could still use all your memory
1159394290 M * harry sorta, keeping some leftover for real system ;))
1159394293 M * gcj and you might not be able to log in
1159394295 M * Bertl harry: in this case there is a small chance that you get OOM on the host too
1159394312 M * harry yeah, ok, but make it 200000 and 400000 then
1159394317 M * Bertl especially as the kernel will use up some memory too
1159394335 M * harry just... enough to keep the HOST running
1159394342 M * harry but still giving the vps "all" the resources
1159394343 M * harry ;)
1159394345 M * gcj that would leave you about 200M for host processes and cache
1159394349 M * gcj which seems like a good idea
1159394356 M * Bertl yep, that should work
1159394356 M * gcj (ram, that is)
1159394365 M * harry mkay... but... if vps reaches rss.hard
1159394368 M * harry what happens?
1159394369 M * harry OOM?
1159394371 M * Bertl yep
1159394375 M * harry OOM on what?/who?
1159394387 M * Bertl unless you have strict no-overcommitment enabled
1159394395 M * harry if OOM kills my sshd on the host... it's useless :)
1159394413 M * Bertl that's why you can protect certain tasks from oom
1159394414 M * harry if it kills in vps... i don't care ;)
1159394428 M * Bertl i.e. it would be a good idea to protect improtant deamons
1159394440 M * harry interesting... how/where do you do that?
1159394459 M * Bertl but yes, that is something which we haven't implemented yet, the kill will happen 99% inside the guest, but there is no guarantee
1159394476 M * Bertl the protection is there, just google for it
1159394495 M * daniel_hozac hmm, what happens if a malicious guest user decides to protect all of the tasks?
1159394501 M * harry so, if i'm right, here... and i make a "mistake" and put a rss.hard of 256 ("i thought it was megabytes" mistake or so)
1159394504 M * gcj Bertl, is that because a process on the host trying to allocate memory when there's none left (because the guest has eaten it all) could be killed by the host's oom killer?
1159394510 M * harry you could end up having OOM killing processes
1159394514 M * Bertl daniel_hozac: guest side protection should not be possible
1159394519 M * harry while there is tons of rss free on the host itself
1159394526 M * daniel_hozac Bertl: ah, ok.
1159394551 M * Bertl gcj: yep, in this case the OOM might as well hit the host 'accidentially'
1159394598 M * Bertl what is planned in the near future, (i.e. right after 2.1.x release) is to add bonus/malus info for guest processes
1159394603 M * gcj so the safest configuration would be sum(rss.hard over all VPS) < (host ram + swap)
1159394613 M * Bertl definitely
1159394623 M * matled a question about tmpfs: is there any reason not to use large tmpfs with enough swap instead of a separate partition for /tmp?
1159394627 M * harry hmm... Bertl , gcj : doesn't that depend on the vps'es?
1159394638 M * gcj and sum(rss.soft over all VPS) < (host RAM)?
1159394641 M * harry what are the odds of 4 hosts allocating all memory at the same time ?
1159394648 M * Bertl matled: no, that why we use tmpfs inside as an example
1159394649 M * gcj harry, low, you can overcommit
1159394655 M * gcj that's what linux does by default
1159394657 M * harry gcj: i'd say! :)
1159394676 M * gcj that's why i said "safest" not "sanest" :-)
1159394680 M * harry ah :)
1159394692 M * harry anyway, so my q... am i right? : if you have NO as
1159394701 M * matled Bertl: ok, it is just very small :)
1159394718 M * Bertl matled: yeah, but you can adjust it easily
1159394721 M * harry you can easily DOS the entire machine by making mallocing processes that still "behave well" in a oom score ?
1159394756 M * Bertl harry: that would be something which could be caught by other limits (like nproc or AS)
1159394759 M * harry so, rss.soft = 128, rss.hard=256 (as a mistake or whatever)
1159394778 M * harry that would make oom start killing processes if the vps malloc's too much
1159394786 M * harry even if there is allmost 1GB ram free on the host
1159394792 M * harry and allmost 1GB swap free
1159394795 M * Bertl the 'suggested' limits vary from what you have to expect from your customers
1159394811 M * harry i expect the worst ;)
1159394818 M * harry (hence the grsec EXTRAs ;))
1159394855 M * gcj me too
1159394859 M * Bertl if you generally assume 'good' behaviour, but want to avoid issues when somebody types a smiley in bash :(){ :|:; }
1159394860 M * gcj even through blind stupidity
1159394863 M * harry but that's the case, right?... you can have a lot of free ram + swap on the host... if a vps reaches it's hard rss limit, oom kills
1159394875 M * gcj i have one user who runs XAMPP with a memory leak
1159394881 M * gcj it keeps hosing my box
1159394897 M * Bertl gcj: well, in this case the hardlimit will catch it
1159394910 M * Bertl and OOM kill is here the proper method, no?
1159394919 M * gcj yeah, i used to have just AS limits, now i have rss hard limits and i hope that will help
1159394927 M * harry gcj: imagine you have a java program in a different vps, chances are, they are gonna get killed when the XAMPP host reaches hard rss limit
1159394935 M * gcj yes, oom kill is what i want (in the guest, that is)
1159394944 M * gcj yes, that happened too
1159394979 M * harry this kinda sucks... this means you can "kill programms from other virtual servers" from an independent vps!
1159395000 M * gcj but if i set the rss hard limit low enough, then it can't happen, because oom will kill their appache while there are still free pages on the host
1159395011 M * harry so if i suspect someone is using too much memory, i just malloc to death, oom will kill me (and possibly the other one)
1159395029 M * Bertl chances are very good that you only kill yourself
1159395046 M * Bertl but I agree, assuming a very hostile environment, without any administrator
1159395056 M * harry Bertl: creative mallocing gives you an easy lower score on the OOM table than java ;))
1159395074 M * daniel_hozac why on earth would you be running java if you don't want OOM? :)
1159395074 M * Bertl you might be able to create beatiful DoS scenarios
1159395104 M * gcj i still have issues with starting java on boot inside guests (i.e. doesn't work)
1159395111 M * harry so: a meetingmaker virtual server and a webserver on 1 host... host mallocs nicely, creative spirit can kill your meetingmaker :)
1159395126 M * Bertl gcj: only AS limits should keep your java from starting
1159395129 M * harry gcj: you using pax features too?
1159395140 M * gcj no pax, and no as limits at that time
1159395140 M * harry or just vserver, no grsec patch?
1159395154 M * gcj it starts fine by hand, just not from init
1159395161 J * Aiken ~james@tooax6-136.dialup.optusnet.com.au
1159395165 M * daniel_hozac gcj: could you please try with util-vserver 0.30.211-rc2?
1159395167 M * Bertl gcj: ah, that is probably another issue, see ENV
1159395189 M * Bertl yep, rc2 might solve that, do we have defaults for the env there?
1159395190 M * harry aha... anyways... thanks a lot for the explanation on memory, Bertl !
1159395196 M * daniel_hozac yes, a default PATH.
1159395201 M * gcj yes, thank you bertl!
1159395203 M * daniel_hozac (the only thing in there, for now)
1159395207 M * Bertl you're welcome!
1159395208 M * gcj do you want this documented anywhere?
1159395216 M * Bertl yeah, that would be great
1159395228 M * Bertl might make sense to look through the old pages on memory too
1159395239 M * harry i never found a page that explains this stuff in a clear way, like i just got here :)
1159395259 M * gcj new wiki is kind of sparse
1159395260 M * harry i'm not a good text writer, but i could try to help, if you need any, gcj 
1159395281 M * daniel_hozac yes, the wiki is still being migrated
1159395281 M * Bertl I think I'm going to point the oldwiki really to the old wiki now
1159395288 M * daniel_hozac yes please.
1159395293 M * daniel_hozac why was it moved in the first place?
1159395299 M * harry reminds me to learn a LOT more on memory management in the linux kernel
1159395301 M * Bertl because Hollow wanted to
1159395305 M * daniel_hozac ah, ok.
1159395345 J * mire__ ~mire@25-167-222-85.COOL.ADSL.VLine.Verat.NET
1159395354 M * gcj why does the documentation page not link to any documentation? (except old docs)
1159395384 M * gcj harry, thanks, i'll try to write it up and maybe you can review it and point out any mistakes i made?
1159395404 M * daniel_hozac gcj: because there are no new docs? :)
1159395437 M * gcj is the new FAQ a good place for this kind of info?
1159395469 M * daniel_hozac memory requires its own page(s).
1159395474 M * daniel_hozac it's a very complex subject.
1159395477 M * harry gcj: sure :)
1159395486 M * daniel_hozac you should probably link it from the FAQ though.
1159395516 Q * mire Ping timeout: 480 seconds
1159395549 M * gcj ok
1159395834 M * gcj who maintains gentoo ebuilds? daniel_hozac, is it you?
1159395842 M * daniel_hozac no, Hollow and phreak``.
1159395847 M * daniel_hozac i'm a Fedora guy :)
1159395904 M * gcj ok, can you give me a url to 0.30.211-rc2 please?
1159395918 M * daniel_hozac ebuild? or just the tarball?
1159395929 M * gcj ebuild if you have it, otherwise tarball is fine
1159395935 J * mire_ ~mire@119-166-222-85.COOL.ADSL.VLine.verat.net
1159395938 M * gcj i think i can make the ebuild myself
1159395941 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/uv/experimental/util-vserver-0.30.211-rc2.tar.bz2 is the tarball.
1159395946 M * gcj thanks
1159395982 M * gcj no patches to apply?
1159396007 M * daniel_hozac none that are really crucial, i think.
1159396014 M * gcj aww :-(
1159396039 M * daniel_hozac you could build from the SVN directly, if you want the really latest and greatest :)
1159396047 M * gcj thanks, i'll pass :-)
1159396053 M * gcj since this is a production system
1159396060 J * Crackstar ~crackstar@xdsl-87-78-106-208.netcologne.de
1159396073 M * daniel_hozac 0.30.211-rc2 is just two commits from HEAD ;)
1159396087 M * gcj well, i'll trust you that it works :-)
1159396088 M * Crackstar does vserver runs on a debian 64bit enviroment?
1159396091 Q * mire__ Ping timeout: 480 seconds
1159396094 M * daniel_hozac Crackstar: yes.
1159396106 M * Crackstar fine, thanks :)
1159396535 M * mugwump daniel_hozac: does it include the patch you sent me?
1159396551 M * daniel_hozac mugwump: no, i haven't committed that to svn yet either.
1159396581 M * daniel_hozac (and -rc2 is a few days old)
1159396595 M * mugwump rightio, I'll get svn head, try applying the patch and see if the result builds me vservers via fai
1159396625 M * daniel_hozac thanks.
1159396648 Q * kaner Server closed connection
1159396656 J * kaner kaner@strace.org
1159396776 M * mugwump what's the svn url?
1159396815 M * mugwump doesn't seem to be an anon. svn server listening on svn.linux-vserver.org
1159396824 J * mire__ ~mire@20-166-222-85.COOL.ADSL.VLine.Verat.NET
1159396841 M * daniel_hozac http://svn.linux-vserver.org/svn/util-vserver/trunk/
1159396862 Q * ag- Server closed connection
1159396891 J * ag- ~ag@82.238.123.217
1159396958 A * mugwump starts it svk sync'ing
1159397028 M * gcj Bertl, u still here?
1159397076 Q * mire_ Ping timeout: 480 seconds
1159397149 M * gcj i have a question about AS mapping. if a process memory maps a file, it doesn't use any of the system's virtual memory resources, does it? i.e. the total virtual memory in the system is increased by the same amount, isn't it? (if it was a read-only file, it could be seen as a read-only swap file)
1159397217 Q * dna_ Quit: Verlassend
1159397248 M * Bertl gcj: yep
1159397270 Q * MrX Server closed connection
1159397293 M * gcj but it counts towards the AS limit anyway?
1159397306 M * Bertl gcj: any filesystem mappings will not use up memory except for the file itself
1159397315 J * MrX ~urk@219.95.24.141
1159397322 M * Bertl the pages will be loaded into memory though
1159397340 M * gcj not necessarily all of them? i.e. the kernel can page them out if necessary?
1159397351 M * Bertl precisely
1159397359 M * Bertl well, they are not paged, just discared
1159397364 M * gcj i think it would be good if such mappings did not contribute towards RSS use
1159397368 M * Bertl *discarded
1159397376 M * gcj they might be paged if they are dirty in a read-write mapping?
1159397403 M * Bertl depends on the mapping, if they are still a file mapping, they are written back to the file
1159397411 M * gcj but maybe not immediately?
1159397427 M * Bertl when the rss is needed, immediately
1159397429 M * gcj only when the host decides to flush dirty pages, due to age or memory pressure
1159397459 M * Bertl daniel_hozac: I redirected the old wiki now and added the 'moving' warn sign
1159397479 M * Bertl daniel_hozac: I probably should disable editing too
1159397488 M * daniel_hozac yeah.
1159397655 P * stefani I'm Parting (the water)
1159397815 M * Bertl okay, guess that should do it ... will take a little to propagate, I guess
1159397940 J * Piet_ hiddenserv@tor.noreply.org
1159398119 J * FireEgl FireEgl@Sebastian.Atlantica.US
1159398141 Q * Piet Remote host closed the connection
1159398163 M * gcj Bertl, if a guest exceeds the soft RSS limit, will the host kernel start to swap out pages to make sure that no more than the soft limit is in RAM?
1159398217 M * Bertl nope, that would lead to an overall degradation
1159398252 M * Bertl but, what we have planned (not done yet) is to penalize the guest in regard of scheduling
1159398301 M * gcj does the rss soft limit have any effect right now?
1159398327 Q * yarihm Quit: Leaving
1159398344 Q * _are_ Quit: bbl
1159398366 M * matti Ehh.
1159398462 M * daniel_hozac hmm, i thought we increased the likelyhood of the guest's pages being swapped out as it went over the soft limit?
1159398471 M * daniel_hozac or was that just an idea?
1159398510 M * Bertl IIRC, not yet
1159398520 M * Bertl gcj: except for the swap/mem virtualization, no
1159398578 M * gcj gcj, which is just what top reports, it has no effect on actual behaviour of any process that doesn't try to determine how much ram is in the system?
1159398597 M * Bertl correct
1159398623 M * Bertl daniel_hozac: the problem with the pages swapping is that we have to figure the context from the page in question
1159398653 M * Bertl but metrics for choosing the OOM task would be easy to do
1159398685 M * Bertl i.e. as soon as somebody is interested in testing this, we can add it
1159398729 N * Piet_ Piet
1159398768 M * gcj what happens if a guest process exceeds the hard AS limit for that guest?
1159398777 Q * sid3windr Ping timeout: 480 seconds
1159398785 M * Bertl allocations get -ENOMEM
1159398811 M * gcj ok, like brk() with no overcommit when memory runs out?
1159398830 M * Bertl yes, or like brk() when you reach the 4G limit on x86
1159398862 M * gcj ok
1159398916 M * gcj ok, i wrote something up here: http://www.linux-vserver.org/Memory_Limits
1159398922 M * gcj it's not very good yet, but it's a start
1159399004 M * daniel_hozac umm, RSS is actually used RAM, no?
1159399036 Q * Piet Remote host closed the connection
1159399057 J * _are_ ~are@62.112.159.81
1159399118 M * Bertl yeah, this needs a little rephrasing
1159399129 M * Bertl RSS is the amount of pages in memory
1159399158 M * Bertl but the rss hard limit is shown as the ram+swap inside a guest
1159399167 M * gcj so the RSS value (current use of RAM) and the RSS hard limit are not really the same thing?
1159399181 Q * ay_ Server closed connection
1159399182 J * ay ay@false.linpro.no
1159399256 M * gcj it does make sense for the RSS limit to be greater than the amount of ram in the machine, but the rss value will never exceed the amount of ram?
1159399342 M * Bertl well, that is a problem we are aware of, and there is no easy solution atm
1159399367 M * Bertl generally I'd suggest to keep the RSS hard limit below max physical ram
1159399368 M * gcj i think there should be two separate counters, rss and vm (or rm and vm)
1159399517 Q * ruskie Remote host closed the connection
1159399712 J * ruskie ~ruskie@ruskie.user.oftc.net
1159399785 M * Bertl gcj: maybe, maybe we will also add full page accounting at some point
1159399797 M * Bertl (despite the overhead)
1159399798 M * mugwump wahey!  1000 revisions of util-vserver copied
1159399813 M * gcj ok i'm going to bed, can work on it more tomorrow
1159399814 M * mugwump in only 45 minutes
1159399821 M * gcj goodnight all, and thanks
1159399826 M * Bertl good night!
1159399831 Q * gcj Quit: zZz
1159399901 J * sid3windr luser@bastard-operator.from-hell.be
1159399911 M * Bertl wb sid3windr!
1159400149 M * Bertl we don't have limits on anon pages yet, do we?
1159400371 M * daniel_hozac i can only find vx_anonpages_avail's definition, so i'd say no.
1159400379 J * garo ~garo@dD5778861.access.telenet.be
1159400395 M * Bertl wb garo!
1159400432 M * Bertl yeah, we could easily enforce a limit there, but it would end up as OOM
1159400441 M * garo I see that openvz is not competing with linux-vserver :)
1159400462 M * Bertl garo: how so?
1159400479 M * Bertl I mean, from what do you see that :)
1159400494 M * garo because you are in both channels
1159400529 M * Bertl ah, right, well, kir pays a visit here every now and then too, so that observation is right
1159400539 M * daniel_hozac keep your friends close, and your enemies closer? :)
1159400575 M * Bertl well, let's not see OVZ as 'the enemy' :)
1159400585 M * daniel_hozac yeah, i was just kidding.
1159400628 M * Bertl although I consider OVZ and Virtuozzo(tm) a competing product
1159400634 M * garo It's more like a friend you are always competing with if you see him ?
1159400696 M * Bertl yeah, personally I think this kind of competition is very benefical ... keeps both sides from slacking ... (no reference to a well known distro here)
1159400768 M * garo I'm trying to decide what I'm gonna use on my testserver: i'm considering xen, vserver and openvz 
1159400792 M * Bertl well, each of them has it's advantages and disadvantages
1159400809 M * Bertl IMHO it really depends on your requirements
1159400812 M * garo Can vserver take snapshots of guests ? (save disk,cpu and memory state)
1159400829 M * Bertl nope
1159400849 M * garo that's one of the main requirements that i need :(
1159400850 M * Bertl snapshotting requires full virtualization
1159400870 M * Bertl as we are on the lightweight side (high performance) that's a nono
1159400926 M * Bertl but look at it like this, if that is your main requirement, you are down to two :)
1159400972 M * garo my reqs from most to least important : snapshots, speed, security
1159401001 M * Bertl what do you need/use the snapshoting for?
1159401034 M * garo fast returninto a previous state
1159401047 M * Bertl well, I thought so, but why? :)
1159401049 M * garo s/returninto/return to/
1159401092 M * garo that's a strange question
1159401111 M * Bertl okay, let me rephrase it ...
1159401149 M * Bertl folks around the world run applications on linux boxes, without any snapshot capability. what are they missing?
1159401192 M * Bertl i.e. what kind of application do you have which requires 'going back' to previous system states (at a system, not application level)
1159401212 M * Bertl garo: don't get me wrong, I'm just curious
1159401300 M * garo this is a test server, so i want to do freaky things with it, i want to recover from 'fuck-up' a bit faster then
1159401351 M * garo i can with a normal backup and i also want to return to exactly the same state and that's not always possible with a backup
1159401361 M * garo (or it takes a lot of work)
1159401378 M * Bertl ah, i.c. so you probably want to be as realistic in the emulation as possible (close to a real machine) too