1168300844 J * lilalinux_ ~plasma@dslb-084-058-193-080.pools.arcor-ip.net
1168300979 P * stefani I'm Parting (the water)
1168301149 Q * Piet__ Quit: Piet__
1168301275 Q * lilalinux Ping timeout: 480 seconds
1168303013 Q * michal` Ping timeout: 480 seconds
1168303636 J * michal` ~michal@www.rsbac.org
1168304971 Q * lilalinux_ Remote host closed the connection
1168306526 J * _dmax ~semaj@81.193.56.24
1168306801 J * s0undt3ch_ ~s0undt3ch@bl4-56-24.dsl.telepac.pt
1168306876 Q * dmax Ping timeout: 480 seconds
1168306882 N * _dmax dmax
1168306948 Q * s0undt3ch Ping timeout: 480 seconds
1168306948 N * s0undt3ch_ s0undt3ch
1168307675 Q * Fire_Egl Quit: ...
1168309053 J * FireEgl Atl-NA@adsl-61-147-155.bhm.bellsouth.net
1168311233 J * marcfiu ~mef@c-68-39-177-97.hsd1.nj.comcast.net
1168311251 M * Bertl welcome marcfiu!
1168311292 M * marcfiu hello vsWorld.
1168311300 M * marcfiu Bertl: always a pleasure.
1168311485 P * marcfiu 
1168312063 Q * meandtheshell Quit: Leaving.
1168312963 Q * FireEgl Quit: ...
1168313708 M * mugwump hehe... another one... razeherfs
1168313726 M * Bertl hmm?
1168313771 M * mugwump raze-her-fs
1168313779 J * s0undt3ch_ ~s0undt3ch@bl4-57-133.dsl.telepac.pt
1168313782 J * _dmax ~semaj@81.193.57.133
1168313784 M * Bertl yeah, I figured that
1168313793 Q * s0undt3ch_ 
1168313793 J * s0undt3ch_ ~s0undt3ch@81.193.57.133
1168313801 Q * s0undt3ch Killed (NickServ (GHOST command used by s0undt3ch_))
1168313803 N * s0undt3ch_ s0undt3ch
1168313937 M * Bertl ah well, maybe it's just me who doesn't find that funny ...
1168314101 Q * dmax Ping timeout: 480 seconds
1168314106 N * _dmax dmax
1168314516 M * mugwump you did last time !
1168314526 M * mugwump as I recall anyway :)
1168314533 M * mugwump but yes, verging on bad taste
1168314559 M * Bertl problem for me is, the filesystem has not much to do with Hans
1168314582 M * Bertl (and it has absolutely nothing to do with what he did or didn't do)
1168314607 M * Bertl IMHO the reiserfs idea was a good one, the implementation sucks ...
1168314633 M * mugwump Hey, can't be that bad, I've only had one filesystem smashed to smithereens with it before
1168314650 M * mugwump no, wait, two.  no, wait, there was that other time ...  ;)
1168314663 M * Bertl :)
1168315158 Q * Aiken Ping timeout: 480 seconds
1168318998 Q * hardwire Quit: Coyote finally caught me
1168319159 J * hardwire ~hardwire@rdbck-2624.wasilla.mtaonline.net
1168322353 J * FireEgl Proteus@2001:5c0:84dc:1:211:9ff:feca:b042
1168323709 M * doener ah, seems that I'm back...
1168323733 M * doener connection died yesterday, but I didn't find out anything anyway
1168323754 M * Bertl hmm, and it did take you a day to fix that?
1168323784 M * Bertl good morning btw :)
1168324103 M * doener no, I just went to bed, and when I got up (now), the connection was ok
1168324120 M * doener (DSL died, not much I could do about it, but phone my ISP)
1168324133 M * Bertl ah, i.c. yeah, I know that ...
1168324196 M * doener Hm, linux.com has an interesting url scheme... http://www.linux.com/article.pl?sid=06/12/19/0456207 <-- Article written yesterday... about Linux-VServer installation
1168324271 M * doener do we have a press section for such stuff in the wiki? Or shall I just put that under documentation?
1168324292 M * Bertl I would prefer a Linux-VServer in the press
1168324322 M * nebuchadnezzar good morning everybody
1168324356 M * Bertl and a good 1-2u2!
1168324372 M * Bertl doener: looks like a nice article ... tx
1168324421 M * doener good morning nebuchadnezzar 
1168327239 Q * dreamind Quit: dreamind
1168327472 J * Aiken ~james@tooax7-229.dialup.optusnet.com.au
1168330437 M * Loki|muh doener: maybe the url names the day the article was started and it was only released yesterday ;)
1168330553 M * doener possible
1168331753 M * Bertl okay, off to bed now ... have a good one everyone! cya later!
1168331758 N * Bertl Bertl_zZ
1168333926 J * cdrx ~legoater@242.32.96-84.rev.gaoland.net
1168333968 Q * michal` Ping timeout: 480 seconds
1168334359 J * michal` ~michal@www.rsbac.org
1168334416 Q * rob-84x^ Ping timeout: 480 seconds
1168335152 J * rob-84x^ ~rob@submarine.ath.cx
1168335182 J * Piet hiddenserv@tor.noreply.org
1168335190 Q * m`m`h Quit: õÈÏÖÕ Ñ ÏÔ ×ÁÓ
1168335246 J * m`m`h ~simba@deb30.mgts.by
1168335283 M * bXi is there a default limit on memory with vserver?
1168335504 Q * shedi Quit: Leaving
1168335767 Q * softi42 Ping timeout: 480 seconds
1168335967 M * waldi bXi: the memory of the whole system
1168336369 J * softi42 ~softi@p549D6265.dip.t-dialin.net
1168336415 J * dna ~naucki@102-205-dsl.kielnet.net
1168337508 M * bXi waldi: i have a vserver which is limited to 64mb
1168337677 Q * m`m`h Ping timeout: 480 seconds
1168337781 M * ruskie hmmm anyone got a chroot method for vserver build? that would take an existing chroot tarball and use that as a method to build the vserver?
1168338334 Q * FireEgl Quit: ...
1168338609 M * mugwump ruskie: use skeleton
1168338620 M * ruskie yeah that's how I ussualy do it...
1168338630 M * ruskie but it would be nice to do -m chroot -- mytarball
1168338640 M * mugwump yeah.  I wrote my own for fai
1168338671 M * ruskie I still need to make one for sorcery though...
1168338675 J * m`m`h ~simba@deb30.mgts.by
1168338750 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at
1168340122 J * meandtheshell ~markus@85-124-37-70.dynamic.xdsl-line.inode.at
1168340653 Q * cdrx Ping timeout: 480 seconds
1168341848 M * nayco hello, all !
1168342221 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl
1168343400 Q * fs cation.oftc.net panulirus.oftc.net
1168343400 Q * Sebastian|aw cation.oftc.net panulirus.oftc.net
1168343507 J * Sebastian|aw ~sebastian@office.star-hosting.de
1168344174 Q * ensc Killed (NickServ (GHOST command used by ensc_))
1168344184 J * ensc ~irc-ensc@p54B4D8C9.dip.t-dialin.net
1168345620 M * daniel_hozac ruskie: huh? you mean like vserver ... build -m template?
1168345730 M * ruskie daniel_hozac, yup
1168345740 M * daniel_hozac so, uh, what's wrong with it?
1168345768 M * ruskie I didn't say there's anything wrong
1168345771 J * Aiken_ ~james@tooax8-091.dialup.optusnet.com.au
1168345832 M * daniel_hozac so build -m template does what you want, or?
1168345847 M * ruskie erm?
1168345876 M * ruskie what does build -m template do or do you mean substitute one of the existing templates for template?
1168345908 M * daniel_hozac from vserver ... build --help:
1168345909 M * daniel_hozac     template    ... -- (-t <tarball>)+ [-d <distribution>]
1168345909 M * daniel_hozac                 ...  installs a guest using tarball(s)
1168345937 M * ruskie hmm
1168345944 M * ruskie don't see that here
1168345952 M * daniel_hozac then your utils are too old.
1168345969 M * ruskie probably
1168345987 M * ruskie would newer work with: vs2.0.2 kernel patch?
1168345996 M * daniel_hozac yes, of course.
1168346016 M * daniel_hozac 1.2.* should still be supported.
1168346123 Q * Aiken Ping timeout: 480 seconds
1168346361 A * ruskie disables some more init scripts in his chroot and hopes it won't freeze this time around...
1168346647 M * ruskie hmm did the gpg key used to sign change?
1168346719 M * ruskie and where can I get the new one... it's not on subkeys.pgp.net
1168346731 M * daniel_hozac pgp.mit.edu has it.
1168346735 M * daniel_hozac IIRC.
1168346764 M * ruskie ahh yes it's there
1168346873 M * ruskie how often will the key change? or is there a few keys that are used to sign?
1168346929 M * daniel_hozac i'd keep ensc's key around if i were you.
1168346971 Q * m4z Ping timeout: 480 seconds
1168347267 M * ruskie hmm nice... rsync and template... both usefull...
1168347317 P * DavidS 
1168347322 J * David1 ~david@chello062178045213.16.11.tuwien.teleweb.at
1168347338 Q * David1 
1168347539 J * anonc ~anonc@staffnet.internode.com.au
1168347575 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at
1168347640 J * m4z m4z@bastard-operator.from-hell.net
1168348184 Q * Piet Remote host closed the connection
1168348268 J * Piet hiddenserv@tor.noreply.org
1168348459 J * m4z_ m4z@bastard-operator.from-hell.net
1168348480 J * cdrx ~legoater@242.32.96-84.rev.gaoland.net
1168348496 Q * m4z Ping timeout: 480 seconds
1168348497 N * m4z_ m4z
1168348824 J * m4z_ m4z@bastard-operator.from-hell.net
1168348824 Q * m4z Read error: Connection reset by peer
1168348833 N * m4z_ m4z
1168349489 M * ruskie daniel_hozac, when I try runnig vserver stat from the updated utils:
1168349489 M * ruskie  vserver-stat 
1168349491 M * ruskie can not change context: migrate kernel feature missing and 'compat' API disabled: Function not implemented
1168349537 M * daniel_hozac so you've enabled the legacy version ID in the kernel and none of the legacy APIs in the utils.
1168349543 M * ruskie erm
1168349552 M * daniel_hozac re-./configure with --enable-apis=NOLEGACY.
1168349617 M * ruskie yet the rest still works...
1168349818 M * daniel_hozac "the rest"?
1168349899 M * ruskie as in I can start and enter etc...
1168349920 M * ruskie imho it should atleast warn about such an inconsistency
1168349932 J * neuralis_ ~krstic@solarsail.hcs.harvard.edu
1168349933 Q * neuralis Read error: Connection reset by peer
1168350009 M * daniel_hozac you sure you're using the new utils? because they're using basically the same code.
1168350028 M * ruskie util-vserver-0.30.212
1168350042 M * ruskie I didn't have any such issues with util-vserver-0.30.210
1168350083 M * daniel_hozac nothing has changed in that area since 0.30.210.
1168350096 M * ruskie odd
1168350101 M * ruskie and I didn't touch the kernel as well
1168350159 M * daniel_hozac could be a miscompile of the utils.
1168350189 M * ruskie anything is possible...
1168350316 M * daniel_hozac vserver-info - FEATURE migrate && echo true echoes true, right?
1168350368 M * ruskie yup
1168350383 M * ruskie note I already rebuilt with the NOLEGACY
1168350461 M * daniel_hozac strange...
1168350474 M * ruskie might have been a freak occurence
1168350531 M * ruskie since something else weird happened... the init system we use makes use of a /dev/initctl
1168350547 M * ruskie and for some reason the one from the host system was used instead of the one in the guest system
1168350838 M * ruskie hmm would the NOLEGACY impact anything? if it's left in?
1168350863 J * Piet_ hiddenserv@tor.noreply.org
1168351159 Q * Piet Ping timeout: 480 seconds
1168351254 M * daniel_hozac it shouldn't.
1168352127 J * kir ~kir@swsoft-mipt-nat.sw.ru
1168352311 Q * m4z Ping timeout: 480 seconds
1168352505 J * teukka ~teukka@201.254.106.127
1168352832 J * chand ~chand@70.91.81.234
1168353225 J * lilalinux ~plasma@dslb-084-058-193-080.pools.arcor-ip.net
1168353423 Q * Aiken_ Ping timeout: 480 seconds
1168353522 J * m4z m4z@bastard-operator.from-hell.net
1168355089 M * daniel_hozac ruskie: btw, you were running vserver-stat as root, right?
1168355389 M * ruskie yup
1168356337 J * djrise ~djrise2b@109-125.252-81.static-ip.oleane.fr
1168356361 M * djrise hi every one
1168356368 M * daniel_hozac hello
1168356406 M * djrise i'm seeting a hearbaet ip failvoer with vserver
1168356410 M * djrise can you help me ?
1168356421 M * djrise hearbeat
1168356430 M * daniel_hozac what's the problem?
1168356476 M * djrise does heartbeat must be installed in the vserver guest or inthe host
1168356576 M * daniel_hozac i guess that depends on what you want to achieve.
1168356610 M * djrise ok i have two vserver on different machine
1168356633 M * djrise a mail server on one and another mail server to another
1168356639 M * djrise sync with rsync
1168356668 M * djrise and i want to have a virtual address for both
1168356693 M * djrise if one machine fialover the another node take take the job
1168357644 M * harry i'd like to do something like that too... but... i don't think it's possible
1168357663 M * harry since it requires the heartbeat to add ip addresses to vserver guests
1168357667 M * harry dynamically
1168357678 M * harry don't konw if that's... well... a good idea
1168357689 M * harry (someone tested this feature???)
1168358266 N * Bertl_zZ Bertl
1168358273 M * Bertl morning folks!
1168358300 M * Bertl djrise: should be simple, just assign the ip to both guests, and add/remove it on the host
1168358338 M * Bertl (in the failover case)
1168358343 M * djrise hello bertl
1168358368 M * Bertl but typical setups bring up the entire guest on failover, (which naturally brings up the ip on its own)
1168358465 A * harry wants a vrrp failover mechanism on vservers...
1168358524 M * djrise harry, i try vrrp 1 month ago in a vserver
1168358558 M * djrise and it's not a good idea
1168358628 M * djrise maybe vrrp on the host 
1168358901 M * djrise Bertl:ok bertl but heartbeat can do that automatically in case of failover
1168358963 M * djrise please Bertl say if your are ok with me
1168358974 M * djrise i installed hearbeat in both vserver
1168359003 M * djrise and i have a interface eth0:name  for each vserver
1168359122 M * Bertl yes, heartbeat can do both
1168359180 M * djrise but how hearbeat configure the virtual ip ?
1168359207 M * djrise A vserver don't know how to add a ip ?
1168359296 M * Bertl well, recent kernels _do_ know how to add an ip, but that's not what I suggested
1168359317 M * Bertl IMHO the following approaches are the best:
1168359339 M * Bertl - have an entire failover guest (stopped) which 'boots' when the original goes down
1168359366 M * Bertl - assign the ip you want to 'share' to both guests (on different machines) but only to one host
1168359497 M * djrise and when the fist server crash
1168359528 M * djrise IMHO method ???
1168359590 M * Bertl (IMHO = In My Humble Opinion)
1168359606 M * Bertl when the first host crashes, you do either:
1168359612 M * djrise yes i read that to google :-)
1168359614 M * Bertl - start the failed guests anew
1168359631 M * Bertl - assign the failing ips to the running host
1168359666 M * djrise ok but to do this automaticaly 
1168359668 M * Bertl depends on what setup you did choose
1168360113 J * stefani ~stefani@tsipoor.banerian.org
1168360199 M * Bertl hola stefani!
1168360286 M * stefani salut.
1168360306 M * djrise ca c'est un française !
1168360410 M * stefani ouais
1168360519 M * matti Hi Bertl 
1168360583 M * Bertl hey matti!
1168360997 J * dreamind ~dreamind@C2107.campino.wh.tu-darmstadt.de
1168361074 M * Bertl wb dreamind!
1168361110 M * dreamind Hi Bertl :D
1168361185 M * teukka hi all
1168361194 M * teukka i have a question about networking
1168361273 M * teukka a guest has an ip (e.g. 10.x.x.x) on lo device
1168361284 M * Bertl unusual, but okay ...
1168361305 M * teukka when a server binds to 127.0.0.1, it is actually bound to 10 address
1168361320 M * nebuchadnezzar Hi
1168361325 M * Bertl teukka: server = guest?
1168361325 J * shedi ~siggi@inferno.lhi.is
1168361339 M * teukka the client connections to both 127 and 10 addresses work, but they originate from 127
1168361357 M * nebuchadnezzar I do not really understand what CONFIG_VSERVER_SINGLE_IP is for :-/ (vs2.3.0.6)
1168361357 M * teukka server = some program :)
1168361395 M * nebuchadnezzar and according to the description, it's the same as CONFIG_VSERVER_AUTO_LBACK
1168361405 M * Bertl teukka: again, not unexpected, as your source ip can be anything ... if you enable the source ip rewrite option, it will be the first assigned ip
1168361415 M * Bertl nebuchadnezzar: nope, that is wrong
1168361471 M * Bertl nebuchadnezzar: copy&paste error .. will fill in an useful description in the next release
1168361532 M * teukka Bertl: hmm. i was thinking that if it already handles the "redirecting" it would also change the source address
1168361574 M * Bertl nope, those are separate features, some folks want to see the 127. as source, others want to see the first ip
1168361585 M * Bertl will go away with the lback feature of 2.3.x
1168361588 M * teukka ok, when did that option come?
1168361604 M * Bertl the source ip rewriting? 
1168361604 M * teukka i'm using 2.0.3-rc1 i don't see it..
1168361607 M * teukka yep
1168361611 M * nebuchadnezzar Bertl: ok
1168361646 M * nebuchadnezzar Bertl: so, the AUTO_LBACK show 127.0.0.1 ?
1168361664 M * Bertl yes, that's the idea ...
1168361666 M * Bertl teukka: sec
1168361675 M * teukka i know my setup is a bit unusual but i want to restrict the networking between guest "loopback" addresses with iptables
1168361686 M * teukka and that 127 address messes up a bit
1168361754 M * teukka and tomcat uses hard coded 127.0.0.1 in its shutdown..
1168361821 J * comfrey ~comfrey@70.91.185.84
1168361840 M * Bertl teukka: 2.6.16.17-vs2.0.2-rc21
1168361864 M * teukka strange..
1168361919 M * Bertl config  VSERVER_REMAP_SADDR bool    "Remap Source IP Address" depends on EXPERIMENTAL
1168361928 Q * comfrey_ Ping timeout: 480 seconds
1168361954 M * Bertl note: it was removed in 2.3.x, as this will remap by default now
1168362106 M * teukka ah: "depends on EXPERIMENTAL && !VSERVER_LEGACY"
1168362114 M * teukka that explains it. thanks!
1168362164 M * Bertl you're welcome!
1168362260 M * teukka and thanks for the efforts you have made. great piece of software =)
1168362281 M * Bertl thanks for using/testing it! :)
1168362394 Q * ||Cobra|| Read error: Operation timed out
1168362426 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl
1168362551 N * neuralis_ neuralis
1168362577 M * Bertl wb neuralis!
1168362774 M * neuralis thanks, bertl
1168363526 Q * Piet_ Remote host closed the connection
1168363576 J * Piet hiddenserv@tor.noreply.org
1168364833 Q * michal` Ping timeout: 480 seconds
1168365165 M * Bertl okay, off for now ... back later ...
1168365171 N * Bertl Bertl_oO
1168365330 J * michal` ~michal@www.rsbac.org
1168365955 J * mrrm_ ~urkel@tor-irc.dnsbl.oftc.net
1168366048 Q * mrrm Ping timeout: 480 seconds
1168366955 J * duckx ~Duck@tox.dyndns.org
1168367909 Q * cdrx Read error: Operation timed out
1168368522 J * bonbons ~bonbons@83.222.37.103
1168368850 Q * chand Quit: chand
1168370465 J * Piet_ hiddenserv@tor.noreply.org
1168370563 Q * Piet Ping timeout: 480 seconds
1168374970 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net
1168375609 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1168375644 Q * dreamind Quit: dreamind
1168376119 Q * teukka Quit: Leaving
1168376143 Q * michal` Ping timeout: 480 seconds
1168376624 J * michal` ~michal@www.rsbac.org
1168376843 Q * gerrit Ping timeout: 480 seconds
1168377531 J * gerrit ~gerrit@mobile-166-214-050-160.mycingular.net
1168378875 Q * bonbons Quit: Leaving
1168378965 J * independence_ independen@blinkenshell.org
1168379026 Q * independence Ping timeout: 480 seconds
1168379207 J * Piet__ hiddenserv@tor.noreply.org
1168379355 J * Aiken ~james@tooax6-102.dialup.optusnet.com.au
1168379553 Q * Piet_ Ping timeout: 480 seconds
1168379963 Q * bXi Quit: leaving
1168380089 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch
1168380544 N * Bertl_oO Bertl
1168380548 M * Bertl evening folks!
1168380568 M * Bertl daniel_hozac: sorry, forgot about the APIs yesterday, will draft them today ...
1168380620 M * daniel_hozac oh, no worries, i spent most of yesterday sleeping.
1168380643 Q * cdrx Ping timeout: 480 seconds
1168380661 M * Bertl just for fun or?
1168380679 M * daniel_hozac nah, just tired. going back to school always does that to me.
1168380877 Q * lilalinux Remote host closed the connection
1168380936 J * comfrey_ ~comfrey@70.91.185.84
1168381036 Q * comfrey Ping timeout: 480 seconds
1168381268 Q * gerrit Ping timeout: 480 seconds
1168381818 Q * michal` Ping timeout: 480 seconds
1168382293 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1168382365 J * michal` ~michal@www.rsbac.org
1168382751 Q * yarihm Quit: Leaving
1168382906 P * stefani I'm Parting (the water)
1168383207 M * Bertl daniel_hozac: what do you think, shall we do a sched_v5 and get rid of the idle time oddity? i.e. simply make the struct larger and have and array of rate/interval?
1168383250 M * daniel_hozac that's what the util-vserver API looks like already, so it doesn't matter much to me ;)
1168383278 M * daniel_hozac but that makes sense.
1168383292 M * Bertl also, would you prefer a get cmd similar to the set one over a more complex get interface which provides the accounted data too?
1168383320 M * Bertl in the first case, it would be two get commands, one for the 'set' type of fields and one for the others
1168383373 M * Bertl personally I'd split it up into two parts, but it doesn't really matter ...
1168383389 M * daniel_hozac splitting it sounds good to me too.
1168383567 Q * weasel Quit: Changing server
1168383579 Q * dna Quit: Verlassend
1168383668 J * weasel weasel@asteria.debian.or.at
1168383717 M * Bertl daniel_hozac: would you like access to the *time values too?
1168383736 M * daniel_hozac the user, sys and onhold time? or what?
1168383737 M * Bertl i.e. norm/idle/token time? or just the ticks in msec?
1168383775 M * Bertl I also thought about switching the interface to msec and I see a problem there
1168383782 M * daniel_hozac oh?
1168383798 M * Bertl well, while the interval quite naturally fits the msec, the rate does not :)
1168383827 M * daniel_hozac hehe, true.
1168383842 M * Bertl so after spending a little more thought on it, I think the following would be reasonable:
1168383862 M * Bertl - make an interface which lets you retrieve the msec per token
1168383884 M * Bertl - switch the interval to msecs
1168383899 M * Bertl - leave the rate/min/max as is
1168383940 M * Bertl but I'm not sure about that, maybe we can map the tokens to msec in a reasonable way
1168383963 M * Bertl (I mean, in a way folks will understand it :)
1168383965 M * daniel_hozac the msec per token interface sounds fine to me.
1168384032 J * orzel ~orzel@freehackers.org
1168384037 M * Bertl welcome orzel!
1168384053 M * orzel thanks :)
1168384066 M * Bertl daniel_hozac: okay, I'll give it a shot ... 
1168384076 M * orzel i'm used to vserver under gentoo, and i'm doing my first steps under debian. 
1168384085 M * Bertl orzel: congrats!
1168384095 M * orzel i'm using my own kernel, debian is 'stable', but i'm using util-vserver from backports.
1168384125 M * Bertl good choice, the stable one is pretty much outdated
1168384138 M * orzel i've several questions... let's first start with the debian problems. I can start and even enter the vserver. But then, i've got no network
1168384158 M * Bertl hmm, where?
1168384168 M * orzel the host is having two interface : eth0 for outside, and eth1 for local network.
1168384178 M * orzel i have no network from within the vserver
1168384181 M * orzel the host still works ok
1168384190 M * orzel (fortunately, as it's several km away from here :)
1168384211 M * daniel_hozac what makes you say that?
1168384232 M * orzel the vserver is called 'web', i want to put my buggy lamp there. 
1168384240 M * orzel i can't ping nothing, names aren't resolved
1168384246 M * orzel if i ping the gateway, it doesn't work
1168384255 M * orzel (it's the same gateway as the host)
1168384260 M * Bertl good indication that something is wrong ...
1168384266 M * orzel indeed :)
1168384272 M * Bertl let's try with a few simple tests:
1168384277 M * orzel sure!
1168384284 M * Bertl on the host: ping -I <guest-ip> www.google.com
1168384341 M * orzel mmh, wait
1168384356 M * orzel as i said, there's eth0 (extern) and eth1 (local). I dont know on which to bind
1168384363 Q * gerrit Ping timeout: 480 seconds
1168384366 M * orzel first i used eth1, and gave it a local ip 
1168384378 M * Bertl does the ping above work or fail?
1168384381 M * orzel then i used eth0 with a local ip, but that definitely sounds wrong
1168384398 M * orzel Bertl: yes, it works
1168384410 M * Bertl with the guest ip, as configure right now, yes?
1168384411 M * orzel (and not from the vserver)
1168384428 M * orzel ping -I eth0  www.google.com <-exactly that, from host
1168384437 M * Bertl nah, eth0 is no ip :)
1168384449 M * Bertl 12.34.56.78 is one :)
1168384450 M * orzel ping complains with ip
1168384468 M * Bertl then try with the host ip there
1168384476 M * orzel mmh, sorry. it complains with name. 
1168384477 M * Bertl ping -I <host-ip> www.google.com
1168384491 M * orzel ok,so, this, is NOT working :
1168384497 M * orzel ping -I  10.11.0.128 www.google.com
1168384505 M * Bertl so we have a problem not related to Linux-VServer
1168384506 M * orzel (*128 is the vserver ip)
1168384515 M * Bertl nevertheless the solution is pretty obvious
1168384519 M * orzel but as i said, binding this local ip on external eth0 doesn't seem right
1168384530 M * Bertl what is your host ip? a public one?
1168384534 M * orzel yes
1168384549 M * Bertl okay, so you actually want to NAT the private guest ip to the host ip
1168384566 M * orzel mmh.. might be :)
1168384572 M * Bertl let's assume you use the ip assigned above, on eth1
1168384584 M * Bertl then you want to do something like:
1168384589 M * orzel ok. then i'll play with iptables?
1168384597 A * orzel switches to eth1
1168384625 M * Bertl iptables -t nat -A POSTROUTING -s 10.11.0.128 -o eth0 -j SNAT --to <public-ip>
1168384641 M * Bertl (out of my head, so adjust the options)
1168384651 M * orzel but then, i'll have to re-route incoming port 80 to the vserver, right
1168384656 M * orzel dont worry, i know how to do nat
1168384665 M * daniel_hozac you'd need to do that anyway, no?
1168384665 M * Bertl yes, you do that with a similar rule
1168384694 M * Bertl -p tcp --port 80  ... -j DNAT --to 10.11.0.128:80
1168384863 M * orzel using your iptables line, and with eth1:10.11.0.128 used for the vserver. it doesn't work. nor the ping -I, nor ping from within the vserver
1168384899 M * Bertl do you have other iptable rules active?
1168384911 M * orzel my configuration seems quite obvious/usual, no ? isn't there a documentation for this case ?
1168384922 M * orzel Bertl: i have the usual nat rules for the local network on eth1
1168384932 M * Bertl plenty of, all of them boil down to the line above
1168384934 M * orzel (and some reject rules)
1168384952 M * Bertl I'd assume you block the packets in an early stage
1168384955 M * orzel and some redirections too
1168384972 M * Bertl e.g. with reverse path filtering or block rules intercepting 'local' packets
1168384989 M * Bertl note that the packet will not come from eth1
1168385010 M * Bertl it will also not pass any forward chains, only output and the filter chains
1168385020 M * orzel postrouting for -t nat is : 
1168385021 M * orzel MASQUERADE  all  --  anywhere             anywhere
1168385021 M * orzel SNAT       all  --  10.11.0.128          anywhere            to:217.167.255.5
1168385028 M * orzel could that be in wrong order ?
1168385051 M * Bertl could be, depending on the kernel, the MASQ might be sufficient already
1168385076 M * Bertl although MASQ any/any is a little too much masquerading for my taste :)
1168385107 M * orzel i was thinking the same
1168385112 M * Bertl check with tcpdump -vvnei eth0 if the packet leaves the interface
1168385125 M * orzel although i thought i was more precise. Those rules are still mostly black magic to me :(
1168385129 M * Bertl if it leaves, but has wrong ip, it's the natting
1168385144 M * Bertl if it doesn't show up at all, you somehow filter it away :)
1168385190 M * orzel the tcpdump is too verbose
1168385198 M * Bertl use something like:
1168385205 M * Bertl tcpdump -vvnei eth0 icmp
1168385238 M * orzel i grepped on 10.11.0.128
1168385248 M * orzel and if i ping from the vserver, i have this only line : 
1168385250 M * orzel 00:27:01.248243 00:50:fc:b2:eb:98 > 00:30:85:c5:fd:d0, ethertype IPv4 (0x0800), length 74: IP (tos 0x0, ttl  64, id 12730, offset 0, flags [DF], length: 60) 10.11.0.128.56939 > 82.225.154.2.53: [udp sum ok]  48914+ A? www.google.com. (32)
1168385277 M * Bertl well, that shows at least the outgoing packet, with the wrong (not NAT-ed) ip
1168385329 M * orzel i see
1168385388 M * orzel i inversed the two rules 
1168385390 M * orzel and it works :)
1168385400 M * orzel the right ip in tcpdump, and ping works from the vserver
1168385410 M * orzel i think i would never have found myself :(
1168385413 M * orzel Bertl:  thanks :)
1168385417 M * Bertl you're welcome!
1168385471 M * orzel i have another question. On the gentoo box this time.
1168385479 M * Bertl np, go ahead ...
1168385492 M * orzel i dont remember why, but i finally configured the ip for the vserver to be the same as my external static IP
1168385502 M * orzel probably because of this same kind of pb
1168385516 M * Bertl might give you the one or other issue
1168385521 M * orzel and. it works well. apache manages to bind and is viewable by external people
1168385529 M * Bertl especially if services are competing for ports :)
1168385545 M * orzel i dont think so
1168385549 M * Bertl okay
1168385561 M * orzel my question is basically : is this a problem ? security hole.. ? bad thing to do (tm) ?
1168385582 M * Bertl really depends on the setup, let me give a few examples here:
1168385603 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1168385620 M * Bertl - no services on the host, administration via serial interface, all network related stuff is done from within a Linux-VServer guest
1168385639 M * Bertl (absolutely no problem in this case, high security setup)
1168385648 M * orzel not my case:)
1168385668 M * Bertl - a few services on the host, especially ssh
1168385690 M * Bertl possible security issue if the guest is not trusted
1168385710 M * Bertl e.g. guest root could wait for your host to take ssh down
1168385727 M * Bertl and bind it's own sshd there blocking your host sshd startup
1168385727 M * orzel (basically, i have ssh/bind/ftp/imap/pop/smtp.. on host, and http/https on guest)
1168385733 M * orzel mmh, indeed.
1168385776 M * Bertl so the private ip + nat case is the better one here
1168385789 M * Bertl as the guest will not be able to bind host services
1168385803 M * orzel now that i'm a nat/iptables master, i could reconsider this option, indeed.
1168385806 M * orzel :)
1168385853 M * Bertl daniel_hozac: http://vserver.13thfloor.at/Experimental/delta-sched-feat01.diff how does that look for you?
1168385867 M * orzel oh, btw, i 've noticed that on both debian/gentoo, i can't ping 127.0.0.1, is that expected ?
1168385872 M * daniel_hozac yes.
1168385886 M * orzel oh,ok. doesn't that prevent some services to start ?
1168385908 M * Bertl nope, services should use 'localhost' not 127.0.0.1
1168385926 M * Bertl so only broken services are affected, if at all
1168385933 M * daniel_hozac and even then, why would they be trying to ping it?
1168385944 M * daniel_hozac connecting and binding to 127.0.0.1 works fine.
1168385948 M * Bertl to make sure the host is still there :)
1168385953 M * daniel_hozac hehe
1168385974 M * orzel ping: unknown host localhost
1168385976 M * Bertl I ping, therefore I am :)
1168385977 M * daniel_hozac VXSM_MSEC would let userspace specify interval in msec? or?
1168385982 M * orzel mmh, ok :)
1168385986 M * Bertl daniel_hozac: precisely
1168385991 M * daniel_hozac okay.
1168386002 M * Bertl orzel: /etc/hosts   <guest-ip>  localhost
1168386010 M * orzel mm, right
1168386014 M * daniel_hozac looks fine to me.
1168386062 M * Bertl hehe, you are easy to satisfy, didn't even take a VCMD number :)
1168386106 M * Bertl #define VCMD_sched_info         VC_CMD(SCHED, 3, 0)
1168386131 M * daniel_hozac oh right, hehe.
1168386134 M * TrueBrain Question: is there a place in the proc or something that gives the amount of created sockets per vps? 'limits' only gives the current amount of active, which isn't good for graphics :)
1168386162 M * Bertl TrueBrain: hum?
1168386166 M * daniel_hozac so you want a linear graph, or what?
1168386172 M * TrueBrain daniel_hozac: yeah
1168386176 M * TrueBrain I have it of the complete host
1168386181 M * TrueBrain but it would be nice to get the data per VPS
1168386183 M * Bertl TrueBrain: change the GAUGE to COUNTER
1168386207 M * TrueBrain Bertl: the thing is, looking up the current amount of open sockets, doens't tell anything about how fast they are opened and closed
1168386226 M * Bertl hmm, okay, interesting aspect
1168386233 M * TrueBrain (so, you don't know the amount of sockets being created)
1168386251 M * Bertl that could be interesting for other limits as well
1168386257 M * TrueBrain it could, indeed
1168386296 M * TrueBrain (I personally use it to detect strange scripts running on servers)
1168386303 M * Bertl you would be volunteering to test such a feature? and show a few nice graphs?
1168386315 M * TrueBrain sure, why not :)
1168386323 M * TrueBrain I even want to make it if you help me on my way ;)
1168386371 M * Bertl I think we can quite simply add such a circular counter very similar to the min/max values
1168386395 M * Bertl one for increments and one for decrements
1168386408 M * TrueBrain decrements?
1168386428 M * Bertl well, basically one should be deduceable from the sum and the other
1168386471 M * Bertl as hopefully #I + #D = S
1168386486 M * TrueBrain I don't get what you mean with increments and decrements
1168386493 M * TrueBrain but it is getting late here, so my brain isn't that active ;)
1168386494 M * Bertl let's take file handles, as example
1168386511 M * Bertl you open 5 files, so #I=5, #D=0, S=5
1168386518 M * Bertl then you close 3 of them
1168386526 M * ntrs Can I easily create an Ubunty template?
1168386530 M * Bertl #i=5, #D=-3, S=2
1168386541 M * daniel_hozac ntrs: debootstrap should be able to build them.
1168386551 M * TrueBrain Bertl: ah :) But #I and #D stay never ending counters?
1168386563 M * ntrs daniel_hozac, what is debootstrap?
1168386576 M * Bertl TrueBrain: well, circular, but limited in size (e.g. 32 or 64bit)
1168386578 M * daniel_hozac the build method used for Debian and Ubuntu ;)
1168386581 M * TrueBrain (so, after many hours it will be like: #I=1223232, #D=-1223231, S=1
1168386583 M * TrueBrain yeah, of course :)
1168386593 M * ntrs Does the util-vserver support building an ubuntu template?
1168386601 M * Bertl ntrs: you build debian guests with the -m debootstrap, right?
1168386607 M * TrueBrain Bertl: it would be very useful for me :) But #D is a logic result of #I and S :)
1168386616 M * ntrs Bertl, no, I just copy the template I have.
1168386623 M * Bertl TrueBrain: that's what my previous formular said :)
1168386630 M * daniel_hozac ntrs: of course, but you'll need to point them at ubuntu's debootstrap.
1168386633 M * TrueBrain Bertl: hehe, yeah :) But now I understand it too ;)
1168386655 M * Bertl ntrs: okay, you can also debootstrap ubuntu by hand, if you prefer
1168386690 M * Bertl TrueBrain: okay, will prepare something for testing tomorrow
1168386693 M * ntrs hmm, ok. I'll need to do some research on how to do that.
1168386713 M * TrueBrain Bertl: I have exams in 2 days, but after that I have all the time in the world :)
1168386716 M * daniel_hozac ntrs: so something like echo http://archive.ubuntulinux.org/ubuntu/pool/main/d/debootstrap/debootstrap-udeb_0.3.3.1ubuntu1_i386.udeb > /etc/vservers/.defaults/apps/debootstrap/uri; vserver ... build -m debootstrap ... -- -d edgy should work.
1168386744 M * Bertl (you can then save the resulting guest as 'template')
1168386793 M * TrueBrain anyway, for now I wish you all a good night :)
1168386806 M * Bertl have a good one too
1168386812 M * TrueBrain tnx!
1168386874 M * ntrs daniel_hozac, Bertl, thanks, i'll try that.
1168386881 M * Bertl np
1168387125 Q * DavidS Quit: Leaving.