1160525917 M * marl_ hi, ive coped a live system onto a vserver, with its ip address configured the saem as the original server, when i shutdopwn the original serer and startup the vs version of it, i can ping its ip from the command prompt on that server, but i cant ping it from outside, anyone give me any idea how to check that the ip address has been sucsesfully tied to the network interface?
1160525926 M * marl_ if any of that makes any sence :)
1160525958 M * Bertl yeah, makes sense, but I suspect you issues are more network related
1160525978 M * Bertl to be precise, it looks like your 'router' doesn't know of the change yet
1160525985 M * marl_ is there a way to list what ips have been linked to the main network interface?
1160525998 M * Bertl yes, try 'ip addr ls'
1160526004 M * marl_ thanks :)
1160526068 M * Bertl I would suggest to a) make sure that the 'original' ip is not present (for the switch/router), b) the new mac is established in the routers arp table, c) the router allows that ip on the new host
1160526106 M * marl_ :) think i may have found it, the netmasks didnt match, just going to try and full switch over to see
1160526228 M * marl_ nope :(
1160526239 M * marl_ cant actually ping out from the guest
1160526255 M * Bertl which means that your router does not route the ip
1160526262 M * Bertl to verify, try the following:
1160526279 M * Bertl ping -I <guest-ip> <target>  (on the host)
1160526308 M * marl_ thats failing
1160526325 M * marl_ so i need to get the router to accept the change in machine
1160526326 M * marl_ ?
1160526339 M * Bertl see? now the question is, do you have issues with the 'outgoing' packets or the incoming
1160526356 M * marl_ lol, any way to check that?
1160526358 M * Bertl do you have a machine you can logon outside that network?
1160526370 M * marl_ yup the one im sitting at
1160526389 M * Bertl okay, then use tcpdump on both machines, like this:
1160526404 M * Bertl tcpdump -vvnei eth0 icmp   (adjust eth0 to your setup)
1160526414 M * Bertl then do a ping like this:
1160526429 M * Bertl ping -c 2 -I <guest-ip> <target>  (on the host) and
1160526442 M * Bertl ping -c 2 <guest-ip>  (on the target
1160526579 M * marl_ ok when i try and ping the target from the vs machine (-I) i see the icmp apearing on the target
1160526601 M * Bertl good, so outbound works, only the reply doesn't get there
1160526621 M * Bertl typical router issue, i.e. your upstream provider does not route the guest ip to your host
1160526698 M * marl_ thanks :)
1160526706 M * Bertl np
1160526711 M * marl_ now i just got to wait to get hold of the help desk i the morning :)
1160526770 M * marl_ i take it the mac addy of the guest machine is the same as the mac of the host?
1160526778 M * Bertl yep
1160526803 M * Bertl if you want to identify the router (which is to blame) just use tracepath from the target to the guest ip
1160526813 M * marl_ i wonder if it would work if i changed the mac addy to match the original box
1160526832 M * Bertl could be, but actually very unlikely
1160526870 M * Bertl if they have some network security there, this would only render your host completely unreachable
1160526952 M * marl_ thanks for the warning, ill wait till i can chout athtem in the morning then :)
1160527224 M * marl_ confirmed the problem box, its caused problems nthe past as well, many many thanks
1160527241 M * Bertl again, you're welcome!
1160528015 Q * gerrit Quit: Client exiting
1160529397 Q * tso Ping timeout: 480 seconds
1160530495 Q * cdrx Read error: Operation timed out
1160530879 M * mugwump wow, Hans has been charged with the murder of his wife
1160530883 M * mugwump http://cbs5.com/topstories/local_story_283171408.html
1160531286 M * Bertl hehe
1160531387 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1160532851 Q * ensc Killed (NickServ (GHOST command used by ensc_))
1160532861 J * ensc ~irc-ensc@p54B4D346.dip.t-dialin.net
1160532871 J * Aiken_ ~james@tooax6-123.dialup.optusnet.com.au
1160533197 Q * Aiken Ping timeout: 480 seconds
1160533917 Q * Piet Remote host closed the connection
1160535141 Q * samueltc Ping timeout: 480 seconds
1160536247 J * FireEgl FireEgl@Sebastian.Atlantica.US
1160536495 J * wenchien ~wenchien@59-105-176-11.adsl.static.seed.net.tw
1160537041 Q * nebuchadnezzar Ping timeout: 480 seconds
1160537100 M * essobi_ Not THE Hans Reiser?
1160537173 M * essobi_ HOLY CRAP is it!
1160537176 M * Aiken_ that is what wikipedia and slashdot say
1160537187 A * essobi_ hugs his filesystem.
1160537192 M * Aiken_ as well as the news sources
1160537195 M * essobi_ Say it ain't so Reiser!
1160538337 M * hardwire hmm
1160538351 M * hardwire I guess reiser isn't going to be going much further if well.. it doesn't go much further 
1160538419 M * hardwire too bad you can't code from jail
1160538447 M * Bertl hmm, maybe there are exceptions nowadays?
1160538541 M * hardwire no
1160538588 M * hardwire I love mod_deflate
1160538627 M * hardwire and caching :)
1160538724 M * hardwire I host start a host caching service :)
1160538754 M * hardwire just proxying to peoples home based web servers.. from a nice happy phat pipe.. and caching the results according to some open rules
1160538777 M * hardwire talk about a pain in the ass
1160539163 Q * ruskie Read error: Operation timed out
1160539180 J * ruskie ~ruskie@ruskie.user.oftc.net
1160539808 M * Bertl okay, off to bed now ... have a good one everyone! cya!
1160539815 N * Bertl Bertl_zZ
1160541351 Q * essobi_ Ping timeout: 480 seconds
1160541629 Q * Aiken_ Quit: Leaving
1160542755 J * Aiken ~james@tooax6-123.dialup.optusnet.com.au
1160543596 Q * s0undt3ch Ping timeout: 480 seconds
1160543676 J * s0undt3ch ~s0undt3ch@81.193.57.157
1160545090 J * tso ~tso@238-253.adsl.pool.ew.hu
1160546825 J * Piet hiddenserv@tor.noreply.org
1160547788 Q * _are_ Ping timeout: 480 seconds
1160547791 J * samueltc ~samuel@72.18.248.90
1160548229 Q * samueltc Quit: BitchX-1.1-final -- just do it.
1160548486 Q * cdrx Ping timeout: 480 seconds
1160550378 Q * Aiken Ping timeout: 480 seconds
1160551679 M * matti Morning.
1160551701 M * daniel_hozac morning.
1160551738 M * matti :)
1160551918 Q * Piet Ping timeout: 480 seconds
1160552710 J * Piet hiddenserv@tor.noreply.org
1160552893 J * meandtheshell ~markus@85-124-232-117.work.xdsl-line.inode.at
1160553580 Q * ruskie Remote host closed the connection
1160553614 J * dna_ ~naucki@p54BCE29F.dip.t-dialin.net
1160553731 J * ruskie ~ruskie@ruskie.user.oftc.net
1160554992 Q * shedi Quit: Leaving
1160555913 J * cdrx ~legoater@242.32.96-84.rev.gaoland.net
1160556430 M * weeble I guess the ReiserFS development will slow down a bit - time to move to XFS... :)
1160556501 M * Wonka i'll stay with ext3 until xfs can do data journalling
1160556627 M * phedny i'm on xfs for /home for years now :)
1160556650 M * Borg- any pros for XFS compared to EXT3?
1160556662 M * Borg- I dont care about jurnaling.. really
1160556701 M * Wonka ext3 is also able to be shrinked, and online too
1160556708 M * Wonka xfs can't be shrinked at all
1160556724 M * phedny shrinking wasn't an issue for me
1160556737 M * phedny don't exactly remember why we choosed xfs above ext3?
1160556741 M * Borg- Wonka: shrinked? heh..
1160556758 M * Borg- growing is a must.. not shrinking
1160556759 A * h01ger uses ext3 for reliability. its just extended ext2. 
1160556777 M * Borg- h01ger: im still using ext2 actualy.
1160556777 M * phedny iirc it was because ext3 has O(n) when searching through dirs and reiserfs / xfs have O(log(n))
1160556782 M * Wonka Borg-: i can't add harddisks indefinitely...
1160556799 M * Borg- Wonka: LVM ?
1160556823 M * Wonka Borg-: would also need shrinking
1160556830 M * harry daniel_hozac: you there?
1160556831 M * harry cc1: warning: -malign-loops is obsolete, use -falign-loops
1160556831 M * harry cc1: warning: -malign-jumps is obsolete, use -falign-jumps
1160556831 M * harry cc1: warning: -malign-functions is obsolete, use -falign-functions
1160556841 M * harry isn't that something that is easily "fixed"?
1160556841 M * phedny and why xfs above reiserfs was because quota support in reiserfs was just a hack :)
1160556848 M * harry those warnings are there a long time...
1160557025 M * matti Hi harry.
1160557026 Q * ||Cobra|| Remote host closed the connection
1160557145 J * shedi ~siggi@dsl-149-109-85.hive.is
1160557183 M * harry hi matti 
1160557195 M * daniel_hozac harry: for what?
1160557218 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl
1160557462 M * harry daniel_hozac: just so it's "clean"?
1160557475 M * harry why NOT fix it?
1160557482 Q * cdrx Ping timeout: 480 seconds
1160557495 M * daniel_hozac harry: fix what, exactly?
1160557603 M * harry the warnings
1160557612 M * daniel_hozac that come from where?
1160557625 M * harry vserver util compile
1160557635 M * harry util-vserver compile ;)
1160557655 M * daniel_hozac well, fix your CFLAGS?
1160557660 M * harry btw. is there a clean way to upgrade from 0.30.210 to 211 ?
1160557722 M * Wonka http://www.heise.de/newsticker/meldung/79288
1160557724 M * daniel_hozac rpm/dpkg/etc.?
1160557741 M * harry daniel_hozac: it's nowhere in util-vserver... so i guess it comes from dietlibc or so (iirc)
1160557781 M * harry daniel_hozac: /me allways compiles from source :S
1160557789 M * daniel_hozac so?
1160557809 M * harry so... what do i do now... just make install on all the machines?
1160557823 M * harry doesn't that leave old .210 data on there?
1160557833 M * daniel_hozac what old .210 data?
1160557844 M * daniel_hozac and building packages really isn't hard.
1160557902 M * harry maybe i should learn that...
1160557931 M * harry and... another important q: should i stop currently running vservers with the old tools, install the new, and then restart the vservers again?
1160557937 M * harry (probably not, but just to be sure)
1160557976 M * harry Wonka: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/35877053/article.pl
1160558058 M * daniel_hozac unless you're using VLAN interfaces, nothing important should have changed.
1160558070 A * harry is using vlan interfaces
1160558082 M * daniel_hozac then i assume you've read NEWS?
1160558097 M * harry not yet... /me just downloaded the source and compiled it
1160558115 M * harry i want to see that everything will be fine before i actually upgrade it all
1160558128 M * daniel_hozac reading NEWS would seem like a good first step then.
1160558197 M * harry i have a novlandev on all my mahcines
1160558231 M * harry i do vlan stuff myself (since i don't want it to bring down an vlan if when there are other servesr using is
1160558234 M * harry it
1160558252 M * harry a vlan
1160558392 M * daniel_hozac so no changes for you then.
1160558401 M * harry seems so :)
1160558419 M * harry well.. if i install the new tools, i can remove the novlandev in all my interfaces :)
1160558444 M * harry hmmm.... vlogin... 
1160558452 A * harry tests
1160558503 M * harry ahm... what's up with the vlogin ?
1160558508 M * daniel_hozac hmm?
1160558540 M * harry         - vlogin provides a terminal proxy which allocates a new psuedo-tty
1160558548 M * daniel_hozac what about it?
1160558551 M * harry where/what/who is the vlogin ?
1160558567 M * harry or is it something that's called when you vserver <name> enter? 
1160558571 M * daniel_hozac did you read the sentence?
1160558582 M * harry yes
1160558592 M * daniel_hozac then you should know.
1160558611 M * daniel_hozac since it like says what it does and when it's called.
1160558650 M * harry so i should test :)
1160558653 M * sid3windr noc:~# for i in `vps faux|grep whois.php|grep -v grep|awk '{print $2}'`; do vkill $i; done
1160558656 M * sid3windr vkill: vc_ctx_kill(): No such process
1160558658 M * sid3windr vkill: vc_ctx_kill(): No such process
1160558661 M * sid3windr odd.
1160558662 M * sid3windr that's from the host
1160558667 M * sid3windr isn't vkill supposed to work like that?
1160558679 M * daniel_hozac you need to specify the context too.
1160558689 M * sid3windr Usage:  vkill [--xid|-c <xid>] [-s <signal>] [--] <pid>*
1160558693 M * sid3windr then it should say so :)
1160558707 M * harry it does...
1160558711 M * sid3windr where?
1160558715 M * harry [--xid|-c <xid>]
1160558719 M * sid3windr [] = optional
1160558722 M * harry true
1160558726 M * sid3windr so it doesn't say so :)
1160558728 M * harry if you don't specify, it killls on the host
1160558735 M * sid3windr oh, like that
1160558737 M * harry so you don't have to
1160558739 M * sid3windr hehe
1160558740 M * sid3windr I see
1160558747 M * sid3windr there's no man vkill ;/
1160558751 M * harry but if you want it in a context, you should specify :)
1160558755 M * sid3windr I understand
1160558764 M * sid3windr wasn't immediately obvious
1160558766 M * harry yeah, i know, but i was still typinig :p
1160558820 M * harry ls
1160558822 M * harry oops
1160559014 M * harry daniel_hozac: how do you make a debian package from it? (with some scripts added?)
1160559027 M * harry (iow: which man do i read?)
1160559150 M * daniel_hozac well, i'd start from micah's package.
1160559191 M * daniel_hozac (the one in unstable)
1160559727 J * matled_ ~matled@85.131.246.184
1160559727 Q * matled Read error: Connection reset by peer
1160559735 N * matled_ matled
1160559811 Q * FireEgl Read error: Connection reset by peer
1160560185 J * lilalinux ~plasma@dslb-084-058-221-134.pools.arcor-ip.net
1160560990 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1160561343 M * h01ger hi! if i create a chroot in the vserver and chroot into it, i cannot mount /proc there :-( is there a way to give that permission?
1160561835 M * harry daniel_hozac: 
1160561837 M * harry gandalf:/usr/local# vserver stdserver start
1160561837 M * harry umount: /vservers/ftpserv/home: not found
1160561837 M * harry umount: /vservers/ftpserv/home: not found
1160561837 M * harry umount: /vservers/ftpserv/home/ftp/upload: not found
1160561839 M * harry umount: /vservers/ftpserv/home/ftp/upload: not found
1160561842 M * harry /usr/local/sbin/vserver: line 486: /usr/local/sbin/vserver-info: No such file or directory
1160561845 M * harry /usr/local/sbin/vserver: line 655: pushd: /usr/local/etc/vservers/stdserver/vdir: No such file or directory
1160561848 M * harry wtf is it doing to ftpserv???
1160561927 M * lilalinux OMG
1160561982 M * harry i really don't get it... :S
1160561989 M * lilalinux You read about Hans Reiser?
1160562088 M * harry yes... some time ago
1160562098 M * harry http://rss.slashdot.org/~r/Slashdot/slashdot/~3/35877053/article.pl
1160562202 M * lilalinux oh, yesterday already
1160562259 M * harry so... new vserver tools just don't work
1160562270 A * harry gotta go to lunch now...
1160562273 M * harry will solve later
1160562329 M * waldi h01ger: secure_mount in ccapabilities
1160564228 Q * Piet Quit: :tiuQ
1160565481 M * cdrx hello
1160567100 M * harry mkay,back!
1160567118 M * harry now... why the hell is it doing something with my ftp server things???
1160567406 M * harry daniel_hozac: ?
1160567462 M * [PUPPETS]Gonzo it -> who?               something -> what?                    ftp server things -> what the hell?
1160567496 M * harry [PUPPETS]Gonzo: check my paste @ 12.17
1160567557 M * harry about 1,5h ago
1160567560 M * [PUPPETS]Gonzo I came online at 13:26...
1160567690 M * harry http://pastebin.ca/197565
1160567791 M * harry http://pastebin.ca/197568 <== even
1160567909 M * [PUPPETS]Gonzo do you use chroot or something similar?
1160567946 M * harry ?
1160567951 M * harry probably...
1160567959 M * harry it's vserver
1160567978 M * harry it works fine when i use the 0.30.210 tools
1160567988 M * harry when i install 211, it gives this error
1160568176 M * h01ger if i add SECURE_MOUNT context capability, what can the guest then mount? everything it has device-nodes for?
1160568418 M * harry guess so....
1160568732 M * harry noone here who can help?
1160568775 M * harry i don't even know where to look
1160568785 M * harry gandalf:/usr/local/sbin# wc -l vserver
1160568786 M * harry 288 vserver
1160568803 M * harry how the hell can it say: line 486 and 655 ??? there are only 288 lines
1160568879 M * [PUPPETS]Gonzo "which vserver"
1160568900 M * harry that one off course
1160568933 M * [PUPPETS]Gonzo once again in other words, please?
1160568961 M * harry /usr/local/sbin/vserver
1160569810 J * dna___ ~naucki@p54BCE29F.dip.t-dialin.net
1160570177 Q * dna_ Ping timeout: 480 seconds
1160570211 J * Rich_Estill ~restill@c-24-11-195-139.hsd1.mi.comcast.net
1160570331 M * harry i don't get it
1160570887 M * harry mkay... util-vserver 0.30.211 just doesnt work at all...
1160570961 J * marlow ~marlow@valhalla.sca.airwire.ie
1160570972 M * marlow da .... kindda busy here, eh ?
1160571032 J * rhodes ~rhodes@hc652a895.dhcp.vt.edu
1160571058 M * harry seems to be because i mount stuff in another vps...
1160571562 N * Bertl_zZ Bertl
1160571566 M * Bertl morning folks!
1160571610 M * tokkee Morning Bertl.
1160571615 M * Bertl harry: regarding secure mount: all filesystems which are device node based _and_ do not require specific permissions
1160571636 M * Bertl hey marlow!, tokkee!
1160571707 M * Bertl harry: ther error you get means that one of the vserver functions didn't find the guest home
1160571708 M * harry Bertl: aha...
1160571733 M * harry Bertl: ahmm.... what? and how? and: why?
1160571761 M * Bertl well, the why we do not know yet, but chances are _very_ good that it has to do with xid tagging and/or barrier flags
1160571792 M * Bertl (or with disappearing commands)
1160571805 M * harry mkay... i don't have xid tagging :)
1160571817 M * harry what are barrier flags?
1160571824 M * Bertl that is a good start, double check with lsxid /usr/local/etc/vservers/stdserver/vdir
1160571839 M * Bertl you should get a number of ||ERR|| lines
1160571846 M * harry !!ERR!!               /usr/local/etc/vservers/stdserver/vdir
1160571850 M * harry that's the only one
1160571882 M * Bertl okay
1160571918 M * Bertl what are your 'typical' partitions on the host?
1160571938 M * Bertl (maybe you could upload cat /proc/mounts from the host?)
1160572079 M * marlow Bertl : morn
1160572087 A * marlow is still in coffee lacking mode
1160572140 M * Bertl marlow: when you have the proper caffeine levels, we should talk about the mailing lists ...
1160572162 M * marlow uhm ... more work :P
1160572170 M * marlow Bertl : sure
1160572175 M * Bertl nah, not really, just a few simple changes
1160572184 M * harry http://pastebin.ca/197656
1160572192 M * harry that's cat /proc/mounts 
1160572216 Q * glut Remote host closed the connection
1160572229 M * marlow Bertl : i see the wiki has been worked on .. however some stuff seems to have gone missing
1160572232 M * Bertl harry: ah, okay, it's an util-vserver bug, I'd say :)
1160572252 M * harry Bertl: i know that
1160572253 M * Bertl harry: what I suspect happens here is the following:
1160572274 M * Bertl the new tools have a new feature to clean up the namespace
1160572280 M * marlow Bertl : anyhow .. mailinglists are supposed to move to a new location .. getting a dedicated vserver
1160572292 M * Bertl harry: unfortunately, they clean up your /usr dir too :)
1160572301 M * marlow Bertl : and thus i would love some volunteer to help maintaining it :)
1160572314 M * harry grmbl...
1160572317 M * harry thats not good
1160572335 M * harry if i shutdown ftpserv
1160572347 M * Bertl marlow: okay, what do you have in mind?
1160572361 M * harry it only gives me: the no such file or directory errors
1160572391 M * Bertl marlow: I think it should not be a big deal to move the entire mailinglists somewhere else (if you don't want to handle it anymore)
1160572417 M * marlow Bertl : i'm not saying, that i don't want to handle it anymore
1160572442 M * marlow Bertl : just suggesting, that sometimes more than one person can handle requests more responsive
1160572466 M * Bertl ah, yeah, that's one of the small changes I had in mind :)
1160572476 M * harry so Bertl : the only thing i can do is wait for daniel_hozac to come back and help me fix this?
1160572509 M * Bertl marlow: I also would prefer to have a mirror copy of a separate guest somewhere else which basically can jump in when we have issues
1160572534 M * marlow Bertl : in that sense, dedicated vserver
1160572537 M * Bertl harry: nope, check the changes (diff) between .210 and .211, read the new options in the config
1160572558 M * Bertl harry: IIRC, there should be an option to disable/enable the guest cleanup
1160572573 M * Bertl marlow: yep, would that be in your interest?
1160572589 M * marlow Bertl : that's what i suggested (further up) :D
1160572602 M * marlow Bertl : i'm building the box here in Ireland right now
1160572624 M * Bertl okay, great, that's the host for this purpose, right?
1160572626 M * marlow Bertl : get it set up etc., then test move things over
1160572631 M * marlow yep
1160572652 M * Bertl okay, so it would not hurt to setup a guest for that purpose in the meanwhile (here or so)?
1160572677 M * marlow well .. i'm setting up a guest here right now to do the testing
1160572687 M * marlow make sure all works as before, but it's on it's own
1160572694 M * Bertl ah, okay, so we should not duplicate this efford then
1160572714 M * Bertl what distro is that guest based on?
1160572720 M * marlow debian usually
1160572727 M * Bertl okay, that's fine
1160572755 M * marlow i suggest, i get it set up entirely and let you get a tar of the guest
1160572763 M * marlow you can check it out yourself then
1160572779 M * Bertl harry: but you should definitely tell daniel_hozac about it (once he's up/here) so that he can think about a proper workaround
1160572786 M * marlow once we're happy, we move the dns etc.
1160572793 M * harry Bertl: will do
1160572798 M * harry because this kinda sucks ;)
1160572804 M * Bertl marlow: great, make that a dump or so (that we do not lose uid/gid and links)
1160572831 M * Bertl harry: yeah, I guess he just didn't think about separate /usr mounts)
1160572853 A * harry lvm fan ;)
1160572866 M * harry so all "big" things in a different partition :)
1160572931 M * Bertl yeah, IMHO it's quite legitimate .. i.e. it was just overseen
1160572953 M * Bertl s/overseen/overlooked/ :)
1160572999 M * harry weird thing... on another server i've got running, it was no problem at all :S
1160573023 M * harry maybe i should just leave the tools alone...
1160573876 Q * ntrs Remote host closed the connection
1160574249 J * simon00 ~simon00@host154-158-static.47-85-b.business.telecomitalia.it
1160574281 M * simon00 a little question......
1160574309 M * simon00 can anyone tell me something about loopback interface inside vserver?
1160574315 M * harry sure
1160574322 M * harry if you put it there, it's there :)
1160574328 M * simon00 eheheheh
1160574330 M * simon00 :-)
1160574354 M * simon00 but what about services using lo interface inside different vservers?
1160574369 M * simon00 it work?
1160574379 M * harry afaik : yes
1160574380 J * ntrs ~ntrs@68-188-51-87.dhcp.stls.mo.charter.com
1160574405 M * simon00 no port conflict?
1160574423 M * harry give them: 127.0.0.1 127.0.0.2 etc..
1160574438 M * harry in that case: definately no problem :)
1160574451 M * Bertl simon00: better approach is to avoid 127.x.x.x at all
1160574451 M * simon00 umh
1160574456 M * simon00 yes
1160574458 M * simon00 bertl
1160574465 M * Bertl simon00: and to add an entry localhost <ip> in /etc/host
1160574466 M * simon00 but i can't
1160574469 M * harry true , off course :)
1160574487 M * Bertl simon00: why?
1160574504 M * simon00 i'm trying to make zimbra work inside a vserver
1160574508 M * simon00 and it work
1160574514 M * simon00 with lo interface
1160574518 M * SNy "Local" services would come to mind.
1160574566 M * simon00 i find no way (for now) to remobe loopback interface,
1160574579 M * Bertl simon00: how does it require lo?
1160574588 M * simon00 in several way
1160574603 M * simon00 mysql that i solved, postfix idem
1160574612 M * simon00 the hard part is tomcat
1160574613 M * Bertl postfix doesn't require that
1160574619 M * Bertl neither does tomcat
1160574637 M * simon00 in zimbra standard configuration use dspam etc 
1160574648 M * simon00 and communicate with them using 127.0.0.1
1160574664 M * Bertl should work fine to configure that to localhost (or the first assigned ip)
1160574758 M * Bertl doener: ping?
1160575082 M * doener pong
1160575258 M * Bertl ah, good!
1160575271 M * Bertl I have a new idea for the loopback/local ips :)
1160575280 M * doener you as well?
1160575283 M * doener ;)
1160575288 M * Bertl hehe, you too?
1160575288 M * doener but mine didn't work out
1160575298 M * simon00 tell your ideas
1160575300 M * Bertl okay, here is the idea:
1160575318 M * Bertl - we currently map 127.0.0.1 to the first ip
1160575334 M * Bertl - we also 'remap' the source ip (on option)
1160575365 M * Bertl what if we 'tag' the sockets to be 'local' sockets or local capable sockets
1160575388 M * Bertl and simply map the addresses back when going to userspace?
1160575443 M * Bertl i.e. the packets will arrive with 127.0.0.1 from 127.0.0.1 or so
1160575456 M * Bertl but they actually traversed the stack with the first guest ip
1160575488 M * Bertl and the sockets themselves are bound to the first ip too
1160575513 M * Bertl does that sound reasonable?
1160575543 M * doener hm, which problems does that solve?
1160575563 M * Bertl the setting localhost/config/whatever from 127.0.0.1 to first ip ones
1160575587 M * Bertl (and the collision on lo/ 127.0.0.1 ones)
1160575607 M * Bertl we could even use this to remap to 'virtual' guest unique 127.x.x.1 addresses
1160575644 M * Bertl i.e. it's not necessary to use the first guest ip at all
1160575882 M * doener humm...
1160575898 J * glut glut@no.suid.pl
1160575903 M * marlow i'm outta here
1160575907 M * marlow will be back tomorrow or so
1160575947 M * marlow Bertl : new wiki is nice, but i think a good bit of people have been lost in the Hall of Fame
1160575957 M * marlow Bertl : and some other stuff was missing, too
1160576011 Q * duckx Quit: Client exiting
1160576118 Q * marlow Quit: ....... gone ........ are you sure ?
1160576312 M * Borg- bah.. too much broken software around
1160576333 M * Bertl welcome glut! hey Borg-!
1160576423 M * Borg- howdy Bertl 
1160576475 J * rob-84x^ rob@submarine.ath.cx
1160577597 J * duckx ~Duck@tox.dyndns.org
1160578055 Q * simon00 
1160578083 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk
1160578360 M * ntrs Can I run multiple guests in more than one subnet on the same host. The host only has one NIC.
1160578419 M * Blissex ntrs: what does that mean? Be specific.
1160578671 J * Piet_ hiddenserv@tor.noreply.org
1160578687 Q * Piet_ 
1160578723 J * Piet hiddenserv@tor.noreply.org
1160578750 J * nebuchadnezzar ~nebu@zion.asgardr.info
1160579035 M * Bertl ntrs: yes, of course
1160579055 M * ntrs Bertl, how, vlans?
1160579072 M * Bertl not required, but an option too
1160579263 J * pzYsTorM schak@dslc-082-082-067-245.pools.arcor-ip.net
1160579310 M * Bertl ntrs: basically you handle it like several networks on a normal linux system (without Linux-VServer)
1160579320 M * pzYsTorM hi! grsecurity for 2.6.18 is released. when will you release the vserver-patch with grsecurity for 2.6.18?
1160579332 M * ntrs Bertl, but on a single NIC?
1160579357 M * Bertl sure, no problem with that, every entry has a netmask and broadcast address
1160579383 M * Bertl there is no limitation to how many networks share a nic
1160579563 M * ntrs Bertl, every entry where? I thought you could only have one network on a single interface
1160579601 M * ntrs I don't quite understand this.
1160579685 M * Bertl # ip addr add 10.0.0.1/24 dev dummy0
1160579691 M * Bertl # ip addr add 10.1.0.1/24 dev dummy0
1160579697 M * Bertl # ip addr ls dummy0
1160579710 M * Bertl now you have two class c networks on dummy0
1160579745 M * Bertl of course, similar works for eth0 or eth1.27
1160580122 M * ntrs Ok, but how will the switch know where the packets need to go?
1160580131 M * ntrs It's connected to a dumb switch
1160580161 M * ntrs And this all happens on the command line. Is there a way to do this using the ifcfg scripts in /etc/sysconfig?
1160580175 M * ntrs so that it survives a reboot.
1160580214 M * Bertl the packets will go where you tell them to go
1160580224 M * wenchien I think a dumb switch knows nothing about ip
1160580226 M * Bertl and yes, the ifcfg scripts can handle that
1160580238 M * Bertl you have to make one script per network though
1160580282 M * wenchien hi, Bertl :)
1160580283 M * SNy Bertl: I haven't looked at this lately, but the problem with the loopbacks using actual external IPs is that it happens to be remotely accessible.
1160580318 M * SNy Which is clearly the exact opposite of what a lo normally is.
1160580323 M * Bertl SNy: no, not really
1160580334 M * SNy When not properly explained, this is pretty dangerous.
1160580345 M * SNy Well, OK, it was when I encountered it.
1160580351 M * Bertl nope, doubt so
1160580365 M * Bertl you probably did something wrong back then
1160580376 M * SNy I hadn't known what my ISP had done.
1160580394 M * Bertl thing is, whatever traffic happens on the host will go through lo
1160580395 M * SNy Which was giving me a lo, but in the vserver way of using first IP as lo.
1160580412 M * Bertl regardless of what ips are actually used
1160580429 M * Bertl (and where they are assigned to :)
1160580432 M * SNy I bound a service to lo.
1160580453 M * SNy And due to lo actually being the public ip, it was accessible from outside.
1160580461 M * SNy Which I neither wanted nor was aware of.
1160580492 M * SNy As I said, I don't really know how stuff is done now.
1160580518 M * SNy But from what you told me back then, it was the there wasn't really a lo in the vservers.
1160580544 M * SNy But as an option, you could "mask" the first ip as also being lo or something.
1160580549 M * Bertl yes, this kind of 'misconfiguration' could be eliminated by the approach outlined above
1160580555 M * SNy At least, so I understood it.
1160580598 M * SNy But why can't you have an actual lo in the vserver?
1160580615 M * SNy Something that doesn't have outside connectivity at all?
1160580647 M * Bertl well, thing is, let's assume we put 127.0.0.1 into each guest
1160580658 M * SNy You said above that the traffic would still go through the complete stack, which sounds like not being quite the same.
1160580667 M * Bertl now one guest binds port 80 to 127.0.0.1
1160580673 M * SNy Yes.
1160580682 M * Bertl and the other guest could reach that guest at port 80/127.0.0.1
1160580695 M * Bertl which would not be what you'd expect either :)
1160580702 M * SNy But why would this be so?
1160580724 M * Bertl because we do not do network virtualization (which adds significant overhead) but network isolation
1160580745 M * Bertl i.e. having subsets of 'allowed' ips for each guest
1160580762 M * Bertl when the subsets overlap (think 127.0.0.1) we have a problem
1160580775 M * SNy Well, yeah, that is the nic:tag part?
1160580791 M * SNy as in eth0:guest0?
1160580802 M * Bertl well, if you use ancient tools, yes :)
1160580810 M * SNy But isn't loopback different anyway?
1160580816 M * SNy Ah, hehe.
1160580825 M * SNy I am not using any tools myself, really.
1160580832 M * Bertl but it doesn't make a difference
1160580847 M * Bertl the interfaces are not related to the isolation linux-vserver does
1160580862 M * Bertl i.e. where the actual ip is bound to does not matter
1160580887 M * SNy As I said, I don't really know about the internals, so I take your word for it.
1160580908 J * stefani ~stefani@tsipoor.banerian.org
1160580919 M * SNy However, for loopback, it would seem reasonable to somehow come up with something that enable separation.
1160580951 M * SNy So that guest1 doesn't see guest0's lo.
1160580953 M * daniel_hozac Bertl: delta-lo0.05.1 isn't even on the table anymore?
1160580981 M * daniel_hozac harry: do you have /etc/vservers/.defaults/namespace-cleanup or so?
1160580992 M * Bertl maybe, we'll see ... IMHO the mapping could fulfill the same purpose while being simpler
1160580996 M * daniel_hozac harry: namespace cleanup isn't enabled by default.
1160581026 M * daniel_hozac wouldn't the mapping still lead to the problem SNy is describing? (the bind on public address problem)
1160581119 M * Bertl nope, we could identify 'local' sockets/addresses
1160581137 M * Bertl especially if we use the 127.x.x.z range
1160581144 M * daniel_hozac ah, ok.
1160581455 M * SNy Well, regarding the accessibility, an easy fix would be to discard anything not originating from 127.0.0.1 itself.
1160581482 M * SNy That is what you need to do in the application anyway, to avoid the public availability.
1160582343 N * Rich_Estill Rich_afk_lunch
1160583167 J * bonbons ~bonbons@83.222.36.111
1160584995 Q * hardwire Quit: Coyote finally caught me
1160585037 J * hardwire ~hardwire@89-208-58-66.gci.net
1160585096 N * Rich_afk_lunch Rich_Estill
1160585548 Q * shedi Quit: Leaving
1160587515 J * lilalinux_ ~plasma@dslb-084-058-221-134.pools.arcor-ip.net
1160587515 Q * lilalinux Read error: Connection reset by peer
1160588901 Q * Blissex Read error: Connection reset by peer
1160589275 Q * lilalinux_ Remote host closed the connection
1160590003 J * shedi ~siggi@inferno.lhi.is
1160590915 Q * phedny Ping timeout: 480 seconds
1160591381 M * h01ger if i set the flag IGNEG_NICE (which btw is also needed, to silently ignore priority _decreasing_), the warning in the logs is gone. can't i just allow priority renicing?
1160591381 M * Bertl okay, off for now ... back later ...
1160591412 M * Bertl h01ger: renicing isn't forbidden by default
1160591423 M * h01ger and btw, oldwiki.linux-vserver.org makes it kind of hard to life up to the topic :)
1160591432 M * Bertl h01ger: but it has to be 'nicer' than the current value
1160591449 M * h01ger Bertl, hmmm. for my vservers it is... trying with 19 instead of 10 now..
1160591478 M * Bertl priority or nice value :)
1160591480 J * phedny ~mark@volcano.p-bierman.nl
1160591515 M * h01ger Bertl, nice value. 
1160591595 M * Bertl         if (niceval < task_nice(p) && !can_nice(p, niceval)) {
1160591614 M * Bertl from 2.6.18-vs2.1.1-rc38
1160591634 M * Bertl so if niceval >= task_nice(p) it will not even check
1160591645 M * Bertl (for VXF_IGNEG_NICE that is)
1160591723 M * Bertl okay, as I said ... back later ...
1160591727 N * Bertl Bertl_oO
1160593001 Q * comfrey Ping timeout: 480 seconds
1160593857 J * FireEgl FireEgl@2001:5c0:84dc:1:4::1
1160596597 M * harry daniel_hozac: it's there, yes
1160597137 J * LeJaune ~genest@ANantes-156-1-56-227.w90-12.abo.wanadoo.fr
1160597291 P * LeJaune Kopete 0.11.3 : http://kopete.kde.org
1160598202 Q * FireEgl Read error: Connection reset by peer
1160598320 M * daniel_hozac harry: that's why then. i'm amazed that worked with .210 though, should've oopsed your kernel.
1160598481 M * daniel_hozac hmm, ah, no, it was enabled by an environmental variable.
1160598684 J * __A ~atokhy@hc6526bc1.dhcp.vt.edu
1160598689 P * __A 
1160599661 Q * mire Quit: Leaving
1160599943 M * matled some part of the vserver command from util-vserver seems to eat from stdin, is there any reason for this? or is this related to context switching?
1160600186 M * ntrs daniel_hozac, is there any known problem with .211 when starting guests automatically with mark default?
1160600279 Q * rhodes Quit: Leaving
1160600679 M * daniel_hozac ntrs: not AFAIK, why?
1160600700 M * ntrs well, on boot time there were a bunch of hung processes
1160600707 M * ntrs and I had to kill them all
1160600728 M * daniel_hozac can you reproduce it with start-vservers?
1160600750 M * ntrs what is start-vservers?
1160600771 M * daniel_hozac the script that starts a group of guests.
1160600790 M * ntrs I don't think I have that script?
1160600794 M * daniel_hozac /usr/lib*/util-vserver/start-vservers --all -m default --start should do it.
1160600815 M * ntrs ok, is there a stop script as well?
1160600823 M * daniel_hozac change --start to --stop
1160600827 M * ntrs ok
1160600830 M * ntrs let me try that
1160600873 M * ntrs fyi this is on x86_64
1160600884 M * ntrs # /usr/lib64/util-vserver/start-vservers --all -m default --stop
1160600902 M * ntrs worked
1160601002 M * ntrs # /usr/lib64/util-vserver/start-vservers --all -m default --start
1160601005 M * ntrs worked too
1160601022 M * ntrs is that what's happening on boot with the mark default?
1160601057 M * daniel_hozac should be.
1160601068 M * daniel_hozac what if you use the init script?
1160601106 M * daniel_hozac matled: i have no idea what would be doing that. if you find it, let me know.
1160601204 M * ntrs what init scripy is that?
1160601218 M * daniel_hozac /etc/init.d/vservers-default, by default.
1160601225 M * ntrs oh, yes.
1160601258 M * daniel_hozac meaning you can reproduce it by using that?
1160601318 M * matled daniel_hozac: it seems to do it only for a terminal (i.e. I type the next command and parts of it get lost) not with pipes (seq 1 100 | (vserver ...; head -n 1) works), it is a bit strange
1160601336 M * matled s/terminal/tty/
1160601337 M * daniel_hozac matled: hmm, what version is that?
1160601348 M * matled 0.30.210
1160601351 M * matled debian package
1160601366 M * daniel_hozac could you try with 0.30.211 instead? this should be fixed.
1160601424 Q * bonbons Quit: Leaving
1160601459 M * ex daniel_hozac, hi, can you tell (i see that you know a little bit :) what vserver-util (not util-vserver) will bring in future?
1160601479 M * ex i see such port in gentoo, it's future version of util-vserver?
1160601513 M * daniel_hozac it's no longer called vserver-utils, it's been split into vcd, vstatd and vwrappers.
1160601513 M * matled daniel_hozac: thanks, .211 works
1160601578 M * daniel_hozac as for what it will bring, i guess the daemon with RPC is the biggest change.
1160601585 M * ex oh, vcd looks promising (it looks cool thing for making stats)
1160601598 M * daniel_hozac that'd be vstatd, i suppose.
1160601623 M * ex i've tried vcd or vstatd, it's some daemon with sqlite backend
1160601632 M * ex but it's >2.1.X only, so i've to wait a little
1160601634 M * daniel_hozac yep.
1160601652 M * daniel_hozac and it's not a future version of util-vserver.
1160601657 M * ex ok, got it
1160601666 M * daniel_hozac it's a completely different way of doing things, basically :)
1160601684 M * ex but i see there was some lib for managing vservers
1160601695 M * ex i thought that vserver-util will base on it
1160601699 M * daniel_hozac libvserver?
1160601711 M * daniel_hozac yes, vcd, vstatd and vwrappers all rely on it.
1160601721 M * daniel_hozac AFAIK libvserver is just a syscall wrapper library though.
1160601739 M * ex ok, now i know everything :)
1160601760 M * ex vserver was a really suprise for me
1160601770 M * ex i've never used any virtualization for servers
1160601791 M * ex and know, every new box (except databases) are VServers
1160601817 M * daniel_hozac hehe.
1160601831 M * ex it really makes admin life easier :)
1160601835 M * daniel_hozac indeed.
1160601929 M * ex  /etc/vserver/X is a little bit foggy
1160601949 M * ex but, with some page (owful colors, flower something) it was not so bad
1160601953 M * daniel_hozac for util-vserver? i assume you know the great flower page?
1160601962 M * ex exactely :)
1160602139 N * Bertl_oO Bertl
1160602144 M * Bertl back now ..
1160602156 M * daniel_hozac wb Bertl
1160602284 M * Bertl daniel_hozac: any conclusions regarding harry's issues?
1160602315 M * daniel_hozac well, they are expected.
1160602329 M * daniel_hozac no /usr will certainly make the tools go crazy :)
1160602342 M * Bertl ah, so the cleanup is 'not supposed' to handle that case?
1160602371 M * daniel_hozac the thing is, making sure all the required paths aren't unmounted would be non-trivial.
1160602384 M * Bertl what about getting a file handle on important pathes/files?
1160602442 M * daniel_hozac hmm, but the cleanup happens rather early, so that would be a whole lot of files.
1160602455 M * daniel_hozac and maintaining that list would get very ugly.
1160602472 M * Bertl what about making some assumptions here, like
1160602500 M * Bertl */*/lib/vserver and the dir of the vserver command?
1160602524 M * daniel_hozac i was thinking about that, but then what about the non-vserver commands used?
1160602538 M * daniel_hozac i.e. what if util-vserver is installed in /opt, and nice is in /usr/bin/nice...
1160602563 M * daniel_hozac certainly namespace cleanup lets you shoot yourself in the foot quite easily.
1160602576 M * Bertl okay, do we have a list to block umounts for the cleanup?
1160602587 M * daniel_hozac yes.
1160602599 M * daniel_hozac oh, you mean in the configuration or so?
1160602602 M * Bertl can this be put into .defaults?
1160602614 M * daniel_hozac yeah, i was thinking about that...
1160602624 M * Bertl yes, that would allow harry to specify /usr and friends there
1160602642 M * daniel_hozac $__PKGLIBDIR, $__SBINDIR, vdir, and then allow configuration would make sense.
1160602645 M * Bertl in general I would add the vserver pathes there (at install time)
1160602677 M * Bertl if you have unusual setups, you can always extend that then
1160602689 M * daniel_hozac yeah.
1160602738 M * daniel_hozac i can't use it on one of my boxes for instance, because /pub is unmounted and thus i can't use vyum anymore (file:///pub/... paths), so it's something i've been meaning to add anyway.
1160603128 M * daniel_hozac hmm, __CONFDIR should probably also be on the list.
1160603149 M * Bertl yeah, right
1160603210 M * daniel_hozac and probably at least one of the directories in var.
1160603299 Q * meandtheshell Quit: exit (0);
1160603378 Q * dna___ Quit: Verlassend
1160604726 Q * Piet Quit: :tiuQ
1160605667 J * mire ~mire@211-166-222-85.adsl.verat.net
1160605906 P * stefani I'm Parting (the water)
1160609853 M * almak hi
1160610221 M * Bertl hey almak!
1160610382 M * almak Hey, I want to limit memory for a vserver context, do I set the VM limit or RSS limit?
1160610414 M * Bertl depends on what you want to limit
1160610430 M * Bertl RSS = Resident Set Size (i.e. pages in memory)
1160610441 M * Bertl VM (or better AS) is the address space
1160610486 M * almak I have a system with swapping turned off. So essentially my AS soace is the same as my RSS, is that true?
1160610506 M * Bertl nope
1160610522 M * Bertl but with swapping turned off, the RSS is the only limit of interest to you
1160610545 M * Bertl i.e. you probably do not care about address space that much
1160610570 M * Bertl if you turn off overcommitment (I wouldn't suggest to do so in your case)
1160610581 M * Bertl the AS space would become the 'real' memory
1160610649 M * almak Is overcommitment in vserver 2.01?
1160610689 M * Bertl it's a main kernel feature, so yes, it is there :)
1160610726 M * almak ha
1160610730 M * Bertl you can disable it via sysctl, but that will probably stop your system from working unless you have _really_ a lotof memory
1160610750 M * almak got it.
1160610790 M * almak With swapping turned on I should limit AS then.
1160610982 M * Bertl you want to have an AS limit there to avoid the case where you run out of swap
1160611024 M * Bertl it's not quite correct how I present it here, but the complete mechanics are complext and sometimes tricky
1160611059 M * Bertl basically when you have overcommitment enabled, userspace can 'request' memory up to AS hard limit (inside a guest)
1160611079 M * Bertl and it can 'isntantiate' memory up to RSS (not accounting the swap space)