1169078431 J * lilalinux__ ~plasma@dslb-084-058-219-250.pools.arcor-ip.net 1169078479 M * Bertl kugg: is that with newer tools? 1169078499 M * kugg no it was a mistake by me 1169078501 M * kugg :) 1169078506 M * Bertl ok, np 1169078531 M * kugg I had an old copy in /usr/local/sbin but want to use /usr/sbin/ version 1169078543 M * kugg new version works fine 1169078863 Q * lilalinux_ Ping timeout: 480 seconds 1169079016 M * Bertl okay, good to hear ... 1169079909 Q * dna Quit: Verlassend 1169082273 J * agryppa1 ~kb2qzv@cab-dr-cvx1-7.dial.airstreamcomm.net 1169083289 Q * meandtheshell Quit: Leaving. 1169085033 J * FireEgl Proteus@adsl-17-137-63.bhm.bellsouth.net 1169086345 Q * gerrit Quit: Client exiting 1169086457 Q * mnemoc Ping timeout: 480 seconds 1169086874 J * mnemoc ~amery@kilo105.server4you.de 1169087942 Q * avena Quit: Fui embora 1169088228 Q * Piet Quit: Piet 1169090682 M * ntrs how do I see all connections on the host and on all the guests from the host? 1169090699 M * ntrs I tried chcontext --xid 1 netstat -anlp but it does not work 1169090711 M * ntrs Using 0.30.212 1169090725 M * Bertl you want to use ncontext for recent kernel versions 1169090741 M * Bertl as you want to reach the network context, not the pid context 1169090775 M * ntrs # ncontext --nid 1 netstat -anlp 1169090775 M * ntrs Neither '--create' nor '--migrate' specified; try '--help' for more information 1169090793 M * Bertl you want to use the migrate 1169090802 M * ntrs sh, ok 1169090821 M * ntrs # ncontext --migrate --nid 1 netstat -anlp 1169090821 M * ntrs ncontext: vc_net_migrate(): No such process 1169090852 M * Bertl kernel version? 1169090871 M * ntrs 2.6.19.1 with 2.2.0-rc5 1169091124 M * Bertl will take a little, I have to regen my image 1169091281 M * ntrs Ok, I'm here 1169091503 Q * softi42 Read error: Connection timed out 1169091541 J * softi42 ~softi@p549D6FA8.dip.t-dialin.net 1169091731 Q * Nam Remote host closed the connection 1169092468 M * Bertl ntrs: yep, I can confirm this, nid=1 is not implemented 1169092485 M * Bertl will be there in the next release, expect a patch shortly 1169092529 M * ntrs oh, come on. there should not be faults/bugs like this. 1169092576 M * Bertl obviously nobody checked that since we switched from xid to nid 1169092579 M * ntrs I understand subtle bugs, but this is a whole feature missing. 1169092600 M * Bertl which just means that folks obviously didn't need that yet 1169092606 M * ntrs Obviously. I thought there was some level of automated testing done before you release any version, or is that not the case? 1169092624 M * Bertl yes, there is, but it does not cover the spectator context 1169092637 M * Bertl as this is not required for the actual functionality 1169092648 M * ntrs Ok, maybe it should. It probably would not be difficult to add to the tests. 1169092846 M * Bertl well, additional test scripts are always welcome 1169093016 M * daniel_hozac indeed. a regression test suite would be very much appreciated :) 1169093520 Q * bronson_ Read error: Connection reset by peer 1169093628 M * Bertl daniel_hozac, ntrs: http://vserver.13thfloor.at/Experimental/delta-nid-fix01.diff 1169093655 M * Bertl (the patch also adjust the remaining network related checks to nid) 1169093726 M * daniel_hozac the vc_task_nid looks suspicious. shouldn't that be done by do_vserver? 1169093752 M * Bertl correct, the checks there should handle those 1169093759 M * Bertl (i.e. in switch) 1169093775 M * Bertl but I think it is also there in task_xid 1169093789 M * Bertl so I will fix that up in a separate patch 1169093800 M * daniel_hozac okay. 1169093835 Q * agryppa1 Ping timeout: 480 seconds 1169094322 M * Bertl okay, I'm off to bed now ... have a good one everyone! 1169094328 N * Bertl Bertl_zZ 1169097045 Q * Aiken Quit: Leaving 1169099173 J * oo ~oo@gprs-ggsn5-nat.mobil.telenor.no 1169100195 J * agryppa1 ~kb2qzv@cab-dr-cvx1-36.dial.airstreamcomm.net 1169100523 J * truecolor ~truecolor@222.93.152.207 1169102045 Q * oo Ping timeout: 480 seconds 1169102210 Q * agryppa1 Quit: Leaving 1169104047 Q * jtrsh Quit: Leaving 1169105050 J * oo ~oo@89.191.9.147 1169105061 Q * oo 1169105088 J * oo ~oo@89.191.9.147 1169105927 M * daniel_hozac hmm, what do you think, /etc/vservers//sysctl/*/{setting,value} or /etc/vservers//sysctl.conf? 1169106372 Q * truecolor Quit: Leaving 1169106545 J * oo_ ~oo@213.225.118.190 1169106770 Q * oo Ping timeout: 480 seconds 1169107300 Q * oo_ Quit: oo_ 1169108763 M * daniel_hozac ensc: the 2.9.6 patch no longer applies to 3.0.3? 1169108805 M * daniel_hozac (re: yum) 1169108860 M * daniel_hozac wow, it certainly doesn't. 1169109014 J * renihs ~penguin@83-65-34-34.arsenal.xdsl-line.inode.at 1169109394 M * renihs morning 1169109398 M * daniel_hozac morning. 1169109403 J * oo ~oo@89.191.9.147 1169109410 M * oo hey :) 1169109414 M * daniel_hozac hello 1169109466 M * oo I have some traffic on port 7794. But I cannot disclose what program runs that traffic from the hostos using netstat -nap 1169109475 M * oo Does anyone have a tip? 1169109494 M * daniel_hozac depending on your version, chcontext --xid 1 netstat -nap might work. 1169109568 M * oo no 1169109577 M * daniel_hozac so you're using 2.1+? 1169109588 M * oo But Knowing about --xid 1 was clever :) 1169109658 M * daniel_hozac as we found out this morning, this functionality is missing from current 2.2 versions, so you'll need http://vserver.13thfloor.at/Experimental/delta-nid-fix01.diff 1169109761 J * dna ~naucki@179-240-dsl.kielnet.net 1169109795 Q * dlezcano Ping timeout: 480 seconds 1169110281 M * Hollow morning 1169110306 M * daniel_hozac morning Hollow 1169111035 Q * m`m`h Ping timeout: 480 seconds 1169111049 J * juggo ~lemur@h-68-166-181-4.sttnwaho.covad.net 1169111128 M * juggo well that was a first, just restarted a vserver and it crashed my system 1169111130 M * juggo Will now restart. 1169111130 M * juggo /etc/rc6.d/S90reboot: line 17: 2593 Segmentation fault reboot -d -f -i 1169111156 M * daniel_hozac crashed your system? 1169111162 M * daniel_hozac i.e. you can't reach it anymore? 1169111175 M * juggo well luckily is was one in my house 1169111177 M * daniel_hozac what kernel are you using? 1169111192 M * juggo hopefully I have a pic of the stack trace 1169111203 M * juggo 2.6.18-3 debian backport 1169111206 M * daniel_hozac most recent Debian etch/sid kernel? 1169111221 M * daniel_hozac i guess the backport has the same problem. 1169111309 M * Loki|muh juggo: try a kernel from http://kernel-archive.buildserver.net/debian-kernel/ 1169111336 M * juggo yeah most recent etch kernel I think 1169111372 M * juggo is there a known issue 1169111383 M * daniel_hozac yes. 1169111402 M * juggo the picture I have is bad but it's something 1169111406 M * juggo Bad EIP value 1169111447 M * juggo are you interested in seeing it? 1169111466 M * Loki|muh juggo: there is a bug # in bugs.debian.org, the maintainers asked us to try the new version 1169111484 M * Loki|muh juggo: with this new version there were no more segfaults for me 1169111528 M * juggo well that's good to hear, this is a first so it's not like it's been common, I've been running this kernel on 3-4 machines for a few weeks now, with lots of vserver stats and stops 1169111552 M * juggo is there anything in particular that causes it. or rather is there anything that can be done to prevent it? 1169111557 M * daniel_hozac the exact program that causes it has not yet been determined. 1169111560 M * daniel_hozac AFAIK. 1169111606 M * daniel_hozac just upgrading should do it. 1169111634 M * Loki|muh juggo: for me it occured only with etch-vserver guests ;) 1169111664 M * juggo well the only thing I can say is I was playing with sshd, and it was seeming to bind to multiple addresses despite the listenaddress directive 1169111698 M * daniel_hozac that might be it. 1169111710 M * juggo ie, the server had an ip like 10.2.3.25 which I used in a listen address, but then I could ssh to it with 10.2.3.26, so long as that was an ip that was active on the interface 1169111762 M * juggo I thought vservers were fine just so long as they didn't bind to 0.0.0.0 1169111843 M * daniel_hozac hmm? 1169111851 M * daniel_hozac guests can only bind to their own interfaces. 1169111856 M * daniel_hozac it's only the host you must limit. 1169112245 Q * juggo Ping timeout: 480 seconds 1169112681 J * jugg1 ~lemur@h-68-166-181-4.sttnwaho.covad.net 1169112840 M * jugg1 ok I can say with some certainty that it's sshd related 1169112947 J * Piet hiddenserv@tor.noreply.org 1169112951 M * jugg1 that server also bridges my net connection 1169112968 M * jugg1 and it crashed again when I tried to start the vservers 1169112985 M * jugg1 not I've removed the listenaddress directives and I'm starting them again 1169112990 M * jugg1 we'll see what happens 1169113159 M * jugg1 so I guess my remaining question is, assuming this segfault thing is patched in a newer kernel package, does that mean sshd will work right as well, that is allowing vservers to bind to private ip's on the same port without interfering with one another? 1169113317 M * jugg1 I suppose in the short term I can put the vservers that absolutely need sshd on different ports, but that's not a good long term option 1169113329 N * jugg1 juggo 1169113329 M * Loki|muh ? 1169113349 M * juggo well the problem seems that I had 2 vservers using sshd on port 22 1169113353 M * Loki|muh of course each vserver-guest-sshd can listen on port 22... 1169113378 M * juggo that's not what I'm finding 1169113406 M * Loki|muh for me it was always working this way ;) 1169113427 M * Loki|muh juggo: I would suppose you should try a vanilla kernel with vserver patch 1169113438 M * juggo yeah for me too until today 1169113444 M * Loki|muh if the problem occurs still, it is vserver related 1169113466 M * Loki|muh otherwise you should file a bug for the debian-kernel-maintainers 1169113490 M * Loki|muh for me, I had this problem: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=403790 1169113499 M * juggo well I would suspect the port binding thing is vserver related, or a bug in openssh-server 1169113506 M * Loki|muh your problem sounds different 1169113507 J * sylvio ~XsrX@imk32.mb.uni-magdeburg.de 1169113574 J * shedi ~siggi@dsl-149-109-85.hive.is 1169113620 M * juggo perhaps, a lot of the stacktrace stuff looks similar 1169113651 M * juggo i'm really having 2 issues, which may or may not be related, it may just be that trying to diagnose 1 led me to triggering the other 1169113688 M * daniel_hozac what IP addresses have you assigned to your guests? 1169113706 M * daniel_hozac and have you properly limited the host sshd? 1169113716 M * juggo so the one I'm testing right now 1169113717 M * juggo 10.2.3.37 1169113733 M * daniel_hozac only? 1169113734 M * juggo ListenAddress 10.2.3.37 1169113762 M * juggo yeah the host doesn't listen on port 22 1169113769 M * daniel_hozac so that's the only thing you have in /proc/virtnet//info? 1169113774 M * juggo nothing I have on the public internet does 1169113822 M * juggo ok wait a minute 1169113842 M * juggo the ip there is different then the one reported elsewhere 1169113869 M * daniel_hozac such as? 1169113907 M * daniel_hozac those are the addresses assigned to the network context, and as such the only ones available. 1169113959 M * juggo am I seeing an off by 1 error 1169114000 M * juggo ok the server with ip 10.2.3.37 is reported in cat /proc/virtnet/49160/info as 10.2.3.41 1169114022 M * juggo which is the address of server 49159 1169114044 Q * dna Quit: Verlassend 1169114059 M * juggo meanwhile /proc/virtnet/49159/info reports an ip of 10.2.3.32 which is the ip of server 49158 1169114080 M * juggo and so on, off by 1 across the board 1169114083 M * daniel_hozac you should stop using dynamic contexts right now. 1169114099 M * juggo fair enough I'll do that now 1169114118 M * daniel_hozac it's pure guess-work which nid belongs to which xid otherwise. 1169114137 M * daniel_hozac it's also possible to have multiple nids for one xid. 1169114154 M * daniel_hozac (e.g. each vserver ... enter will create a new one) 1169114156 J * LinkinPark LPHreToRok@59.94.42.210 1169114230 M * juggo ok this will take a couple of minutes, 12 vservers 1169114362 M * juggo scary, just got a kernel ooops restarting a sarge vserver 1169114365 M * juggo not crash though 1169114395 M * daniel_hozac i take it you didn't upgrade your kernel yet? 1169114406 J * dlezcano ~dlezcano@blueice1n1.uk.ibm.com 1169114453 Q * softi42 Ping timeout: 480 seconds 1169114526 M * juggo not yet 1169114555 M * juggo though I've done many restarts and never had these issues before 1169114799 M * juggo I saw 2 ooops but then stopped sshd and haven't seen any more 1169114815 M * juggo and by sshd I mean sshd in the guest 1169114819 M * juggo guests 1169115060 J * softi42 ~softi@p549D5B56.dip.t-dialin.net 1169115080 M * juggo ok all set to static contexts 1169115153 Q * kugg Ping timeout: 480 seconds 1169115197 M * juggo ok even with static contexts the same problem exists 1169115221 M * juggo so the server with ip 10.2.3.37 has an sshd directive listenaddress 10.2.3.37 1169115264 M * juggo but I can ssh to it using 10.2.3.38 .39 .40 etc 1169115322 J * meandtheshell ~markus@85-124-37-83.dynamic.xdsl-line.inode.at 1169115419 M * daniel_hozac and that guest is assigned only 10.2.3.37? 1169115424 M * juggo yes 1169115432 M * juggo I'm doing a test with another service now 1169115468 M * daniel_hozac how many IP addresses have you assigned to the guest? 1169115499 M * juggo just that 1 1169115508 M * juggo and the same thing doesn't happen with lighttpd 1169115514 M * juggo so it's definitely sshd 1169115580 M * juggo yeah so lighttpd bound to that port works the way it should but sshd doesn't 1169115595 M * juggo openssh-server 4.3p2-8 1169115774 J * derjohn2 ~aj@dslb-084-058-094-043.pools.arcor-ip.net 1169115890 Q * LinkinPark Quit: "Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposit 1169116027 Q * dmax Quit: changing servers 1169116049 Q * s0undt3ch Remote host closed the connection 1169116239 J * dmax ~semaj@bl4-62-53.dsl.telepac.pt 1169116326 M * juggo I can also verify that it does not happen under sarge 1169116358 M * juggo ssh 1:3.8.1p1-8.sarge.6 1169116381 M * juggo ssh 3.8.1p1-8.sarge.6 1169116392 M * daniel_hozac when the problematic sshd is running, what does netstat -pnlt show? 1169116397 M * daniel_hozac inside the guest, that is. 1169116451 M * juggo netstat -pnlt 1169116452 M * juggo Active Internet connections (only servers) 1169116452 M * juggo Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 1169116452 M * juggo tcp 0 0 10.2.3.37:80 0.0.0.0:* LISTEN 23903/lighttpd 1169116452 M * juggo tcp 0 0 10.2.3.37:22 0.0.0.0:* LISTEN 2659/sshd 1169116492 M * daniel_hozac and you don't have anything like NAT happening on that box? 1169116515 M * juggo there is nat 1169116524 M * juggo snat to get out from the vservers dnat to get it 1169116527 M * juggo in 1169116541 J * s0undt3ch ~s0undt3ch@bl4-62-53.dsl.telepac.pt 1169116552 M * juggo but I thought that was standard 1169116577 M * daniel_hozac what exactly do your rules look like? 1169116595 M * daniel_hozac and have you verified that without the NAT rules, the problem still occurs? 1169116636 M * juggo I haven't 1169116669 M * juggo wait, you may be on to something 1169116703 M * juggo looks like there might be an erroneous dnat rule 1169116795 Q * meandtheshell Ping timeout: 480 seconds 1169116836 M * juggo ok, it looks like that was it, someone changed a rule so that all port 22 traffic went to that vserver 1169116860 M * juggo sorry for taking so much of your time 1169116871 M * juggo because we're not smart enough to have good changecontrol procedures 1169116880 Q * kir Ping timeout: 480 seconds 1169116966 M * daniel_hozac np. 1169116967 M * juggo thanks for all the help though, and hopefully the kernel upgrade will prevent any future crashes 1169117095 Q * brcc Ping timeout: 480 seconds 1169117217 J * meandtheshell ~markus@85-124-206-219.dynamic.xdsl-line.inode.at 1169117253 J * kir ~kir@swsoft-mipt-nat.sw.ru 1169117936 M * matti Morning. 1169118169 Q * s0undt3ch Quit: leaving 1169118190 J * s0undt3ch ~s0undt3ch@80.69.34.154 1169118671 J * m`m`h ~simba@deb30.mgts.by 1169118841 Q * lilalinux__ Remote host closed the connection 1169118981 J * lilalinux ~plasma@dslb-084-058-219-250.pools.arcor-ip.net 1169119125 J * kugg ~kugg@90-227-91-196-no120.tbcn.telia.com 1169120373 Q * lilalinux Remote host closed the connection 1169120805 Q * oo Ping timeout: 480 seconds 1169121058 Q * Piet Remote host closed the connection 1169121181 J * Piet hiddenserv@tor.noreply.org 1169121820 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1169121830 J * ensc ~irc-ensc@p54B4D823.dip.t-dialin.net 1169122208 T * * http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc7, devel 2.1.1.7.1, 2.3.0.7, stable+grsec 2.0.2.1, 2.2.0-rc7, devel+grsec 2.1.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1169122208 T * daniel_hozac - 1169122443 M * daniel_hozac Bertl_zZ: looks like the sysctl thing will need some kernel side magic too. 1169122774 T * * http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc7, devel 2.1.1.7.1, 2.3.0.7, stable+grsec 2.0.2.1, 2.2.0-rc7, devel+grsec 2.1.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1169122774 T * daniel_hozac - 1169122943 Q * softi42 Ping timeout: 480 seconds 1169123112 Q * derjohn2 Ping timeout: 480 seconds 1169123362 M * daniel_hozac or it's just me being silly, i'm having a hard time telling which. 1169123362 Q * oo Quit: oo 1169123550 J * softi42 ~softi@p549D4905.dip.t-dialin.net 1169123872 J * brcc bruce@i.am.someasshole.com 1169124588 M * daniel_hozac ok, the latter. 1169125039 Q * sylvio 1169125210 Q * juggo Quit: Leaving. 1169126296 M * Radiance OT: any one encountered this before: device-mapper ioctl cmd 9 failed: Invalid argument 1169126577 J * oo ~oo@89.191.9.147 1169127415 Q * oo Ping timeout: 480 seconds 1169127755 M * daniel_hozac any suggestions on how to describe the sysctl setting and value files? 1169127811 M * daniel_hozac (which btw are supported in trunk now) 1169129385 M * matti Descript sysctl? 1169129392 M * matti What you mean? 1169129439 J * dna ~naucki@p54BCECD4.dip.t-dialin.net 1169129465 M * matti Eh, sorry. s/Descript/Describe/ 1169129601 J * danychouinard ~dchouinar@206.167.65.15 1169129700 M * danychouinard Hello. Can I use rsync to backup a running vserver? 1169130051 M * daniel_hozac matti: for the flower page. 1169130078 M * daniel_hozac danychouinard: sure. just remember to re-rsync with --delete after you've stopped it. 1169130098 M * matti daniel_hozac: Hm... 1169130122 M * danychouinard daniel_hozac, thanks 1169130182 M * daniel_hozac having sysctl/*/setting described as "the sysctl setting" and sysctl/*/value as "the value" doesn't really seem useful. 1169130365 M * daniel_hozac but at the same time, i can't come up with anything more verbose. 1169131581 Q * dna Quit: Verlassend 1169132335 N * Bertl_zZ Bertl 1169132340 M * Bertl morning folks! 1169132360 M * daniel_hozac morning Bertl! 1169132381 M * Bertl daniel_hozac: what about doing something similar to the host? 1169132392 M * daniel_hozac hmm? 1169132401 M * Bertl /etc/sysctl.conf 1169132416 M * daniel_hozac right, well, that was my initial idea too. 1169132468 M * daniel_hozac which i thought would be very simple, just make a shell script that does sysctl -p $VSERVER_DIR/sysctl.conf && exec "$@" 1169132512 M * daniel_hozac however, (i assume it's) the fork required which messes that up, leading to EPERM when trying to write to the file. 1169132545 M * daniel_hozac and parsing sysctl.conf myself seemed like too much work. 1169132565 M * ntrs Will there be a new rc for 2.2.0 with the two nid fixes? 1169132579 M * Bertl ntrs: yes, will be released today ... 1169132589 M * ntrs ok, I will wait for that. 1169132639 M * Hollow 2.2.0 will be released today, or another rc? 1169132737 M * daniel_hozac another rc presumably, since nobody noticed that the network spectator context was broken yet ;) 1169132866 Q * m`m`h Ping timeout: 480 seconds 1169132969 J * derjohn2 ~aj@dslb-084-058-023-028.pools.arcor-ip.net 1169133363 Q * derjohn3 Ping timeout: 480 seconds 1169133567 J * m`m`h ~simba@deb30.mgts.by 1169134432 M * daniel_hozac Bertl: include/linux/vserver/Kconfig:unifdef-y is missing inode.h in 2.2.0-rc7 1169134705 Q * Smutje Ping timeout: 480 seconds 1169134813 M * daniel_hozac not Kconfig, Kbuild. 1169134997 J * Smutje ~Smutje@xdsl-87-78-98-134.netcologne.de 1169135147 M * Bertl ah, thanks 1169135768 Q * danychouinard Read error: Connection timed out 1169135820 J * danychouinard ~dchouinar@206.167.65.15 1169136309 Q * derjohn2 Remote host closed the connection 1169136986 M * Bertl daniel_hozac: ah, no, we probably need to keep the vx/nx_check() in vc_task_x/nid() 1169136995 M * daniel_hozac oh? 1169137018 M * Bertl as the vc_task_x/nid() basically is a combination of two commands 1169137035 M * Bertl it will always report the xid/nid of the current task 1169137060 M * Bertl but it will require permissions for getting info for a different task 1169137334 Q * danychouinard Quit: Quitte 1169137754 T * Bertl http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc8, devel 2.1.1.7.1, 2.3.0.7, stable+grsec 2.0.2.1, 2.2.0-rc7, devel+grsec 2.1.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1169137789 M * Bertl ntrs, blino: 2.2.0-rc8 should fix the network spectator and the ecryptfs stuff 1169137809 M * ntrs what is ecryptfs? 1169137832 M * Bertl a hack in the vfs layer, kind of crypto filesystem 1169137940 M * ntrs Bertl, is this a vserver thing or a vanilla kernel thing? 1169137958 M * Bertl a vanilla thing 1169137963 M * ntrs ok 1169137968 M * blino Bertl: ok, thanks :) I'll update asap 1169138244 J * marcfiu ~mef@aegis.CS.Princeton.EDU 1169138255 M * marcfiu hello 1169138266 M * daniel_hozac hey 1169138274 M * marcfiu will be moving us over to vs2.2.x (or later). 1169138285 M * marcfiu was wondering which util-vserver to use with that? 1169138287 M * daniel_hozac cool. 1169138290 M * daniel_hozac 0.30.212 or later. 1169138292 M * marcfiu 0.30.212? 1169138293 M * marcfiu ok 1169138294 M * marcfiu great 1169138297 M * marcfiu just upgraded to that. 1169138306 M * marcfiu thanks daniel_hozac 1169138354 M * Bertl hey marcfiu! how's going? 1169138380 M * marcfiu ok 1169138382 M * daniel_hozac Bertl: about the first problem in http://archives.linux-vserver.org/200701/0054.html, shouldn't vlogin be killed by SIGHUP? 1169138396 M * marcfiu Bertl: got a bunch of things behind me. 1169138405 M * marcfiu Bertl: will be looking into that tax thing today. 1169138443 M * Bertl marcfiu: okay, tx! 1169138473 M * Bertl daniel_hozac: hmm, depends on the signal mask, I'd say? 1169138496 M * Bertl I think I've seen similar on non Linux-VServer kernels too 1169138501 N * marcfiu marcfiu_oO 1169138533 M * daniel_hozac Bertl: but it's not catching SIGHUP, and AFAICT the default is to terminate. 1169138556 M * Bertl so you suspect the signal is lost somewhere? or rejected? 1169138573 M * daniel_hozac yeah, that's what i'm guessing. 1169138591 M * Bertl okay, we hould have some debug output when it is blocked, no? 1169138668 M * daniel_hozac indeed. 1169138705 M * Bertl (unless it is blocked/ignored in userspace of course) 1169138732 M * Bertl but I think we can do some tests in this direction 1169138748 M * Bertl can you recreate this on your system? did you try? 1169138770 M * Bertl haven't tried yet here ... 1169138776 M * daniel_hozac i can't reproduce the CPU usage, but vlogin and the spawned shell sticks around. 1169138811 M * Bertl okay, let's ignore the 99% cpu, some apps (e.g. vi) tend to hog the cpu when left without terminal 1169138867 M * Bertl okay, so what is the sequence you do? 1169138905 M * Bertl and can we reduce it to a few vcmd commands maybe? 1169138961 M * daniel_hozac the sequence described in the mail previously. 1169139168 M * daniel_hozac ah, seems i've got the racing CPU now too. 1169139329 M * daniel_hozac i don't get anything in dmesg so the signal must be getting lost elsewhere, or it's just not being delivered. 1169139409 M * Bertl hmm, maybe put a debug line in kill_something_info() 1169139429 M * Bertl also listing the processes there might be a good idea 1169139438 M * daniel_hozac vkill doesn't seem to work either. it just keeps returning -ESRCH. 1169139458 M * Bertl the process is in what state? 1169139471 M * daniel_hozac one is in sleeping, the other is in running. 1169139490 M * Bertl funny, the ESRCH would suggest that the process was not found 1169139494 M * daniel_hozac right. 1169139503 M * Bertl can you verify the xid of that task? 1169139523 M * Bertl what does the process proc entry vx_info show? 1169139570 M * daniel_hozac 8010, the correct xid. 1169139590 M * Bertl and still vc_ctx_kill does return ESRCH? 1169139602 M * daniel_hozac indeed. 1169139666 M * Bertl vx_info_kill(%p[#%d],%d,%d)* debug output says something? 1169139675 M * Bertl VXD_CBIT(misc, 4) 1169139685 M * daniel_hozac vxD: vx_info_kill(d5287000[#8010],3549,15)* 1169139693 J * dna ~naucki@p54BCF4F2.dip.t-dialin.net 1169139709 M * Bertl 3549 is the correct pid? 1169139735 M * Bertl do we get the vx_info_kill(%p[#%d],%d,%d) = %d too? 1169139737 M * daniel_hozac it's the one from vps, and the one i checked in proc. 1169139739 M * daniel_hozac yeah. 1169139747 M * daniel_hozac vxD: vx_info_kill(d5287000[#8010],3549,15) = -3 1169139760 M * daniel_hozac x86, so ESRCH. 1169139769 M * Bertl okay, that is good and bad :) 1169139786 M * Bertl dinnertime, will think about it, but I guess I have an idea 1169139800 M * Bertl if you want to investigate in the meantime, I think it is a bug 1169139808 M * Bertl in find_task_by_real_pid() 1169139818 M * Bertl back shortly 1169139823 N * Bertl Bertl_oO 1169140213 J * bonsaikitten ~Chilli-fl@dslb-084-063-052-060.pools.arcor-ip.net 1169140250 M * daniel_hozac hmm, actually, it's group_send_sig_info that's returning ESRCH. 1169140311 Q * m`m`h Ping timeout: 480 seconds 1169140316 M * bonsaikitten so, here I am asking weird stuff again 1169140329 M * bonsaikitten Q: is it possible to use iptables from within a vserver? 1169140391 M * daniel_hozac not native iptables, but there is a userspace wrapper. 1169140407 M * daniel_hozac http://www.virtuaserver.com.br/forum/viewtopic.php?p=215 1169140451 M * bonsaikitten argh ... aaaaah! 1169140453 M * bonsaikitten cool :-) 1169140458 M * bonsaikitten thanks daniel_hozac 1169140550 M * daniel_hozac Bertl_oO: ah, it's the vx_check in check_kill_permission. 1169140562 M * bonsaikitten another one - is it possible to have a loopback network interface? 1169140598 M * daniel_hozac just give each guest a unique private address that you don't route. 1169140625 M * bonsaikitten ah, so I add 192.168.0.1 and don't route it to the outside 1169140628 M * bonsaikitten excellent 1169140630 M * daniel_hozac it's just easier to use the regular address though. 1169140650 M * daniel_hozac 127.0.0.1 will automatically be rewritten to the guest's first IP address. 1169140658 M * bonsaikitten well ... I want to have a service not visible on the outside 1169140671 M * daniel_hozac okay, so for that you'll need the extra IP. 1169140683 M * daniel_hozac in 2.3+, there will be a virtualized loopback too. 1169140693 M * daniel_hozac or well, is. 1169140703 M * bonsaikitten ETA ? 1169140738 M * daniel_hozac on? 1169140743 M * bonsaikitten 2.3 1169140750 M * daniel_hozac 2.3.0.7 is the latest version. 1169140759 M * bonsaikitten oh, I be lagging behind again :-) 1169140761 M * daniel_hozac but it's an experimental development version. 1169140767 M * bonsaikitten ah 1169140779 M * bonsaikitten good enough 1169141510 N * Bertl_oO Bertl 1169141513 M * Bertl back now 1169141535 M * Bertl daniel_hozac: ad check_kill_permission() hmm? please elaborate! 1169141796 J * bonbons ~bonbons@83.222.37.103 1169141913 M * daniel_hozac vkill will get there via group_send_sig_info, and VS_ADMIN isn't allowed there. 1169141941 M * daniel_hozac and the warning is conditional on current->xid, which is why i didn't get the warning. 1169141975 M * Bertl ah, right, good point! 1169141987 M * Bertl sow e add admin there too, yes? 1169141998 M * daniel_hozac i think so. 1169142008 M * daniel_hozac that made vkill work, at least. 1169142044 M * Bertl but OTOH, that would allow killing processes in contexts from the host 1169142052 M * Bertl (without using the vkill at all) 1169142065 M * Bertl s/host/host context/ 1169142116 M * daniel_hozac right, that's what i expected. 1169142350 M * Bertl hmm, we should change the SI_FROMUSER(info) to be a system call 1169142379 M * Bertl avoiding both, the perm and the search check 1169142426 M * ntrs was that bug with vnamespace hanging ever fixed? The one where it hangs if run from a script and works fine if run manually. Bertl I think you said something about env variables being passed or not being passed. 1169142510 Q * michal` Ping timeout: 480 seconds 1169142609 M * daniel_hozac hmm? 1169142664 M * ntrs Bertl, do you remember that? 1169142685 M * ntrs daniel_hozac, I think it was a problem with one of the utilities 1169142734 M * Bertl ntrs: if it was related to the env, it should be already solved 1169142741 M * Bertl s/soleved/fixed/ 1169142759 Q * Smutje Remote host closed the connection 1169142768 J * Smutje ~Smutje@xdsl-87-78-98-134.netcologne.de 1169142786 M * daniel_hozac was this with vserver ... exec or just vnamespace? 1169142794 M * ntrs Basically running "vserver restart" from a script causes vnamespace to hang. Runing it manually at the command line works fine 1169142846 M * ntrs Bertl, fixed in the kernel patch or the utils? 1169142852 M * Bertl utils 1169142868 M * ntrs Bertl, daniel_hozac, which version fixes that? 1169142873 M * ntrs I already have 0.30.212 1169142892 M * daniel_hozac and the problem still exists? 1169142915 M * daniel_hozac i'm reading up now.. 1169142930 M * ntrs yes this is with .212 1169142972 J * michal` ~michal@www.rsbac.org 1169143045 Q * shedi Ping timeout: 480 seconds 1169143085 J * shedi ~siggi@dsl-149-109-85.hive.is 1169143086 M * daniel_hozac vnamespace becomes a zombie, right? 1169143102 M * ntrs yes, ps aux shows it with status "X" 1169143173 M * daniel_hozac X == dead, no? 1169143185 M * Bertl yes, correct 1169143202 M * daniel_hozac what would keep a task around when it's dead? 1169143212 Q * bonsaikitten Quit: Leaving 1169143219 M * Bertl the various 'shutdown' parts 1169143226 M * ntrs the calling script I guess 1169143245 M * daniel_hozac isn't it set to EXIT_DEAD only after being reaped? 1169143253 M * Bertl yes 1169143288 M * Bertl but note: EXIT_DEAD != TASK_DEAD 1169143332 J * Piet_ hiddenserv@tor.noreply.org 1169143334 M * Bertl exit_notify does EXIT_ZOMBIE -> EXIT_DEAD 1169143349 M * daniel_hozac i thought that was only for some special tasks. 1169143360 M * Bertl and if it reaches EXIT_DEAD, it should get released 1169143374 M * Bertl I assume the namespace (especially proc) keeps a reference 1169143423 M * Bertl I have no idea how and if I did relate that with the env, I have no memory of that ... 1169143475 M * ntrs Bertl, you said something about some env being passed or not being passed to the util. I don't remember the exact details. 1169143484 M * ntrs In any case, this is not working properly. 1169143568 M * daniel_hozac do we have a reproducer? 1169143573 M * Bertl ntrs: could you refresh my memory where the script is started from? 1169143586 M * Bertl ntrs: was that some kind of apache script or so, yes? 1169143593 M * ntrs from a cron job 1169143611 M * Bertl ah, okay, so it works fine with bash, but fails when in the crontab, yes? 1169143618 M * ntrs no, just a perl script 1169143619 M * ntrs yes 1169143648 M * Bertl that explains why I think it might be related to the cron env 1169143658 M * daniel_hozac indeed. 1169143760 Q * Piet Ping timeout: 480 seconds 1169143781 M * daniel_hozac this is on x86_64, right? 1169143865 M * ntrs yes 1169143867 J * m`m`h ~simba@deb30.mgts.by 1169144134 M * ntrs daniel_hozac, does it make any difference if it is on x86_64? 1169144158 M * daniel_hozac i don't know, it shouldn't 1169144209 M * Bertl I'm going to extend the vx_info_kill() to take a siginfo struct 1169144265 M * Bertl and I will use that for the vkill for now, maybe extending the vkill to actually return info at a later time 1169144268 M * daniel_hozac well, restarting a guest with a simple /usr/sbin/vserver guest restart shellscript from crond works fine here. 1169144292 M * Bertl maybe ntrs can provide his perl script for testing? 1169144366 M * daniel_hozac if not, just testing with the simplest possible script yourself might help. 1169144381 M * Bertl IIRC, that's what he did 1169144599 M * ntrs This is the script: 1169144601 M * ntrs #!/usr/bin/perl 1169144601 M * ntrs $output=`vserver unknown restart`; 1169144601 M * ntrs exit $output; 1169144630 M * ntrs just tested it again and it vnamespace hangs again 1169144673 M * ntrs there is one other process that is not going away and is in "S" state 1169144675 M * ntrs /usr/sbin/sendmail -FCronDaemon -i -odi -oem -oi -t 1169144700 M * daniel_hozac hmm, that script looks odd. 1169144702 M * Bertl so maybe that is actually vkill related then :) 1169144724 M * ntrs daniel_hozac, ok, what is odd about the script? 1169144734 M * daniel_hozac $output would be the output from the command, exit would expect an integer for the exit code. 1169144762 M * Bertl daniel_hozac: does that matter for the test? 1169144762 M * ntrs ok, you want me to remove the exit line and try again? 1169144774 M * daniel_hozac it shouldn't, i guess. 1169144797 M * ntrs I'll try without the exit line just in case 1169144852 M * daniel_hozac i can't reproduce it with that script either though. 1169144884 M * ntrs same thing without the exit line 1169144895 M * matti Hi Bertl. 1169144915 Q * dlezcano Read error: Connection reset by peer 1169144917 M * Bertl ntrs, daniel_hozac: let's compare the cron and perl versions 1169144917 J * adrien-modulis ~adrien@hvmoduli.enter-net.com 1169144942 M * adrien-modulis Hi all 1169144942 M * daniel_hozac vixie-cron-4.1-64.fc6 1169144943 M * daniel_hozac perl-5.8.8-10 1169144951 M * ntrs on the next run it clears the previous hung process, I guess it lets it die completely and creates a new zombie 1169144997 M * ntrs vixie-cron-4.1-44.EL4 1169145000 M * adrien-modulis does anyone knows if there is a version of vserver-copy that works with the last config scheme (folders VS .conf) ? 1169145010 M * ntrs perl-5.8.5-36.RHEL4 1169145027 M * daniel_hozac adrien-modulis: vserver ... build -m rsync ... -- --source /vservers/ 1169145041 M * Bertl adrien-modulis: yep, that is the preferred way to do it 1169145077 M * Bertl adrien-modulis: the copy script is gone for quite a while now 1169145082 M * adrien-modulis ok 1169145085 Q * m`m`h Ping timeout: 480 seconds 1169145118 M * daniel_hozac ntrs, Bertl: do we know which vnamespace process that is? 1169145150 M * Bertl hmm? you mean which pid or where it comes from= 1169145150 M * daniel_hozac i.e. is it the vnamespace --enter one from the stop, or the vnamespace --new one from the start? 1169145164 M * adrien-modulis so the vserver-copy should be removed from the distrib 1169145178 M * ntrs daniel_hozac, btw if I kill crond then the hung processes go away 1169145180 M * Bertl adrien-modulis: IIRC it is not part of the tools anymore 1169145189 M * daniel_hozac adrien-modulis: vserver-copy has been legacy for a really long time. 1169145199 M * daniel_hozac ntrs: so crond is the parent? 1169145225 M * ntrs daniel_hozac, yes of course, crond is starting the script if necessary, checks every minute. 1169145263 M * daniel_hozac but the vnamespaces ought to be reaped by the scripts. 1169145273 M * Bertl daniel_hozac, ntrs: we could add a check to output the 'current' pid number between stop and start, with something like bash -c "echo $$" & 1169145306 M * daniel_hozac good idea. 1169145355 M * ntrs Bertl, where do I add that? 1169145380 M * daniel_hozac /usr/sbin/vserver line 108. 1169145397 M * Bertl yep, ebfore the .... start 1169145422 M * Bertl processes from the stop should get lower pids 1169145433 M * Bertl while the start pids will be higher than that 1169145467 M * Bertl adding a 'sleep 1' right after the bash statement wouldn't hurt 1169145515 M * daniel_hozac i guess you'd want bash -c 'echo $$' too. 1169145525 M * daniel_hozac i.e. single quotes. 1169145540 M * Bertl what about this one: 1169145552 M * Bertl bash -c 'echo $$ & wait' 1169145582 M * Bertl that should be as good as it gets :) 1169145625 J * m`m`h ~simba@deb30.mgts.by 1169145663 M * ntrs wait a minute 1169145681 M * daniel_hozac ntrs: are you getting the output from the script? otherwise you might need to 1>&2 that... 1169145687 M * ntrs when I run this script even manually on the command line it hangsvnamespace 1169145752 M * daniel_hozac the modified vserver, or what? 1169145787 M * adrien-modulis ok - I got the script from an previous version of util-vserver-0.30.212 1169145873 M * Bertl daniel_hozac: it is still in 0.30.212? 1169145875 M * ntrs daniel_hozac, no, just the oneliner. 1169145889 M * ntrs so, crond is not the problem 1169145903 M * daniel_hozac ntrs: without modifying vserver? 1169145905 M * ntrs I can run the one line perl script manually at the command line and vnamespace hangs 1169145912 M * daniel_hozac Bertl: vserver-copy? yeah, if you don't use the RPMs. 1169145916 M * ntrs daniel_hozac, yes without modifying vserver 1169145919 M * daniel_hozac (or if you install the -legacy RPM) 1169145935 M * Bertl daniel_hozac: ah, i.c., thought it was already removed 1169145935 M * daniel_hozac well, that's interesting... i can't get it to hang at all. 1169145954 M * ntrs daniel_hozac, and my perl script never finishes, until I press ctrl-c 1169145960 M * daniel_hozac nah, it's there with the rest of the legacy cruft. 1169145965 M * daniel_hozac untouchable :) 1169145987 M * ntrs once I press ctrl-c the perl script finishes and the vnamespace process goes away 1169146004 M * Bertl well, that's a perl issue then :) 1169146032 M * ntrs I am trying with a bash script now 1169146063 M * ntrs ok a bash script worked fine. So I guess it is a perl issue 1169146093 M * daniel_hozac does a bash script work fine from crond too? 1169146103 M * adrien-modulis Bertl: I know we already had this conversation but I ran into a lot of programs using 127.0.0.1 and not localhost 1169146105 M * Bertl maybe try with the system? statement instead of the back ticks? 1169146119 M * adrien-modulis Bertl: and it's not idiot proof for a new vserver user 1169146120 M * Bertl adrien-modulis: really? more broken programs? 1169146127 M * adrien-modulis yep 1169146137 M * Bertl adrien-modulis: 2.3.x will handle 127.0.0.1 quite fine 1169146138 M * daniel_hozac even so, using 127.0.0.1 should work fine. 1169146141 M * adrien-modulis ok 1169146149 M * adrien-modulis how come ? 1169146150 M * daniel_hozac as long as programs don't check that it is 127.0.0.1. 1169146154 M * adrien-modulis they do 1169146163 M * daniel_hozac then they're not only broken, they're insane. 1169146171 M * adrien-modulis they jsut don't work until I replace with the IP 1169146183 M * adrien-modulis I know but the purpose of virtualization is to work right waway 1169146193 M * adrien-modulis with the minimum of adaptation 1169146203 M * adrien-modulis all this programs works fine with xen 1169146206 M * Bertl as I said, 2.3.x will do that 1169146213 M * adrien-modulis that's very good new 1169146217 M * adrien-modulis *news 1169146230 M * Bertl but xen is a nice solution too if you do not care about the overhead 1169146236 M * adrien-modulis well, I do ! 1169146261 M * Bertl in which case you will have to adjust one or the other thing :) 1169146276 M * Bertl nevertheless, as I already said, 2.3.x has the code to work around that 1169146277 M * adrien-modulis that's what I'm doing 1169146297 M * adrien-modulis if I want to understand vserver in depth 1169146300 M * adrien-modulis what do you advice ? 1169146304 M * adrien-modulis read the source code ? 1169146309 M * Bertl read the source, definitely 1169146320 M * adrien-modulis it's well documented ? 1169146329 M * adrien-modulis do I need advanced kernel linux knowledge ? 1169146332 M * Bertl we spend a lot of time making the source code easily readable and understandable 1169146338 M * adrien-modulis perfect 1169146350 M * Bertl and of course, we try to keep it as simple as possible 1169146353 M * adrien-modulis buy "we" who do you mean ? 1169146364 M * adrien-modulis daniel ? jacques Gelina ? 1169146367 M * Bertl the developers working on Linux-VServer 1169146402 M * adrien-modulis ok 1169146407 M * adrien-modulis the one from the wiki ? 1169146423 M * Bertl developers should be listed on the wiki, yes 1169146437 M * ntrs daniel_hozac, not yet but I will try it out 1169146455 M * Bertl adrien-modulis: kernel side is baiscally daniel_hozac, bonbons, doener and myself 1169146461 Q * shedi Quit: Leaving 1169146490 M * Bertl adrien-modulis: this is probably a good start if you want to dive into the kernel stuff: http://vserver.13thfloor.at/Experimental/split-2.6.18.2-vs2.1.1/ 1169146531 M * Bertl also you should be familiar with the Linux-VServer paper 1169146539 M * adrien-modulis ok 1169146543 M * adrien-modulis that's a lot to read 1169146547 M * adrien-modulis but I think it worth it 1169146581 M * Bertl if you have specific questions to the code or functionality, be my guest ... 1169146854 M * adrien-modulis is there a particular reason why the configuration is not inside one easy to use file ? 1169146861 M * adrien-modulis I mean for each vserver ? 1169146877 M * daniel_hozac because a bunch of files is much easier to use. 1169146881 M * Bertl yes, because a single file is not that easy to use :) 1169146899 M * adrien-modulis well I think it's easier to script with multiuples files 1169146918 M * adrien-modulis but harder to updated by hand 1169146954 M * daniel_hozac how is echo x > file harder than vi file, find location, add file=x? 1169146970 M * Bertl it was discussed and suggested that somebody write a script which maps a single property list style file to the actual directory tree and back 1169146980 M * Bertl interestingly nobody cared enough to do that yet :) 1169146989 M * adrien-modulis that's a fact 1169147006 M * daniel_hozac what's a fact? 1169147023 M * adrien-modulis that echo x > is in fact not harder than vi 1169147043 M * daniel_hozac so, how does "harder to update by hand" factor in to that? 1169147058 M * adrien-modulis I mean for a fresh new user 1169147071 M * adrien-modulis it looks a bit complicated compare to the other virtualization technologies 1169147073 M * Bertl I think roughly 50% prefer one over the other, because of no particular reason 1169147095 M * adrien-modulis anyway it's not a bid geal.. 1169147103 M * Bertl if you are used to lengthy files with complex structures (think bind and apache) you probably prefer that 1169147115 M * adrien-modulis yep 1169147131 M * adrien-modulis I have a usage question 1169147139 M * Bertl let's hear ... 1169147147 M * adrien-modulis my vserver run asterisk (a voip software) 1169147160 M * adrien-modulis in the host I want to gzip a running vserver 1169147161 M * Bertl okay, not that unusua 1169147164 M * adrien-modulis for backup purpose 1169147178 M * Bertl +l 1169147183 M * adrien-modulis even with nice -n 2 tar -c ... 1169147190 Q * michal` Ping timeout: 480 seconds 1169147191 M * adrien-modulis it stills overload the server 1169147203 M * adrien-modulis and the vserver that droppping and chopping the calls 1169147208 M * Bertl you mean it interferes with the asterisk 1169147223 M * adrien-modulis yeah 1169147232 M * adrien-modulis asterisk has not enough ressources to works correctly 1169147260 M * Bertl try with a nice 20 1169147269 M * ntrs daniel_hozac, it still fails when run from cron. 1169147317 M * adrien-modulis Bertl: I will 1169147342 M * Bertl it that still fails, depending on your setup, you could do the actual crunching part in a separate context 1169147346 M * daniel_hozac ntrs: so you have the zombie/dead process? 1169147365 M * adrien-modulis chcontext on the tar ? 1169147369 M * adrien-modulis using hard-limits ? 1169147372 M * Bertl yep 1169147383 M * adrien-modulis about hard limits, I never used them 1169147399 M * Bertl well, in this case it would be the hard cpu scheduler 1169147437 M * adrien-modulis for that I need to add "CPU" to the rlimit file ? 1169147457 M * adrien-modulis rlimits/cpu 1169147480 M * Bertl no, but that is a common misconception 1169147523 M * Bertl the CPU rlimit, if it was supported (which isn't the case :) would limit the total cpu time (in seconds) for a context ... hardly what you want 1169147610 M * adrien-modulis so where can I get information about the "hard cpu scheduler" ? 1169147646 M * Bertl on the wiki, here on the channel and of course in the source code :) 1169147651 M * ntrs daniel_hozac, yes, but now the zombie is not vnamespace but the bash script itself 1169147686 M * Bertl ntrs: as we cannot recreate it, do you have a machine you can test on (with a different kernel?) 1169147720 M * ntrs Bertl, yes, I'll try with a different kernel 1169147722 M * Bertl I would like to fix up the signalling part and add a few debug statements too 1169147766 J * michal` ~michal@www.rsbac.org 1169147795 M * Bertl adrien-modulis: http://linux-vserver.org/CPU_Scheduler 1169147817 M * Bertl (which reminds me that I want to fix the equations there :) 1169148651 Q * neuralis Remote host closed the connection 1169148658 J * neuralis ~krstic@solarsail.hcs.harvard.edu 1169148693 Q * dna Read error: Connection reset by peer 1169148752 J * dna ~naucki@p54BCF4F2.dip.t-dialin.net 1169149023 Q * neuralis Remote host closed the connection 1169149026 J * neuralis ~krstic@solarsail.hcs.harvard.edu 1169149249 M * Bertl daniel_hozac: I think this might work: http://vserver.13thfloor.at/Experimental/delta-vkill-fix02.diff 1169149663 M * daniel_hozac yeah, that works. 1169149708 M * Bertl I wonder if that fixes the observed issues too ... 1169149723 M * daniel_hozac the vlogin problem? 1169149729 M * Bertl yep 1169149827 M * daniel_hozac nope, still running, and using the CPU. 1169149867 M * daniel_hozac the CPU-thing should be easily solvable though. 1169149913 M * daniel_hozac i'm thinking the parent bash process isn't forwarding the HUP properly. 1169149924 M * daniel_hozac (because that's still around too) 1169149925 Q * neuralis Remote host closed the connection 1169149932 J * neuralis ~krstic@solarsail.hcs.harvard.edu 1169149943 M * Bertl daniel_hozac: does the signal get delivered now? 1169149963 M * daniel_hozac vlogin doesn't die, so i'd assume no. 1169149978 M * Bertl no debug statement there? okay, I'll add something 1169150182 M * daniel_hozac i guess just making vlogin notice the hangup would suffice though. 1169150226 M * Bertl IMHO the signal should get delivered now 1169150249 M * Bertl maybe you could change the current->xid check to 1 1169150293 M * Bertl (in kernel/signal.c check_kill_permission()) 1169150370 M * daniel_hozac yeah. 1169150403 M * Bertl does the vkill still return ESRCH btw? 1169150444 M * daniel_hozac no, vkill is fine with vkill-fix02. 1169150584 M * daniel_hozac vxW: signal xid mismatch d7db7870[#8010,2824] xid=#0 1169150610 J * lylix ~eric@dynamic-acs-24-154-34-43.zoominternet.net 1169150615 M * daniel_hozac the \n in that vxwprintk should be removed, btw. 1169150625 M * Bertl ah, right 1169150636 M * lylix g/e folks... 1169150642 M * Bertl welcome lylix! 1169150661 M * lylix Q... whats the best way to setup a unix socket to communicate betw host and guest? 1169150687 M * Bertl daniel_hozac: okay, let me do a fix03, I think I know how we can handle that .. 1169150691 M * lylix im guessing prob just setting it up somewher ein the guests fs? 1169150708 M * Bertl lylix: yes, that is a good start :) 1169150780 Q * neuralis Quit: Reconnecting 1169150842 M * Bertl daniel_hozac: and you are sending the signal to #8010/2824? 1169150856 M * daniel_hozac well, i'm not sending any signal at all :) 1169150881 M * daniel_hozac i'm not quite sure what pid 2824 is though. 1169150903 M * daniel_hozac it's not the vlogin process. 1169150913 M * Bertl it could be a child parent signal across contexts 1169150934 M * Bertl so we might make an exception for this 1169150937 M * daniel_hozac 2824 is low enough it probably has to be part of the enter process. 1169150960 M * Bertl we should dump the sig info too .. sec 1169151101 Q * micah Remote host closed the connection 1169151159 J * micah ~micah@208.99.202.72 1169151212 J * neuralis_ ~krstic@solarsail.hcs.harvard.edu 1169151463 Q * micah Remote host closed the connection 1169151504 Q * neuralis_ 1169151759 M * daniel_hozac well, i seem to have fixed vlogin now. 1169151781 M * daniel_hozac killing the su - process still causes really weird behaviour though. 1169151785 M * Bertl what was the issue? a debug enhancement will be there in a few seconds 1169151810 M * daniel_hozac well, it doesn't realize that stdin has hungup. 1169151819 J * micah ~micah@micah.riseup.net 1169151822 M * Bertl ah, okay 1169152004 M * Bertl okay, It's up 1169152033 J * turkeyboys ~turkeyboy@88.234.71.228 1169152041 M * Bertl welcome turkeyboys! 1169152080 M * turkeyboys we were glad 1169152106 M * turkeyboys bertly 1169152170 P * turkeyboys 1169152558 M * daniel_hozac hmm, seems the vlogin fix wasn't sufficient... 1169152583 M * Bertl check the fix03, it should shed some info on that 1169152595 M * daniel_hozac yeah, i'm running with that now. 1169152606 M * Bertl VXD_CBIT(misc, 7) 1169152648 M * daniel_hozac yeah, i've got it enabled. 1169152667 M * daniel_hozac the warning isn't triggering, so it can't be blocked... 1169152732 M * adrien-modulis Bertl: I tried the nice -n 20 doesn't make any difference 1169152747 M * adrien-modulis so I will try to chcontext my gzip 1169152804 M * adrien-modulis How should I use /usr/sbin/vlimit -c XXX --cpu ? to limit cpu usage from guest 1169152812 M * daniel_hozac not at all. 1169152826 M * daniel_hozac you use vsched to control the hard CPU scheduler. 1169152854 M * daniel_hozac well, s/hard//. it controls the prio scheduler too. 1169152945 Q * dna Ping timeout: 480 seconds 1169152956 M * adrien-modulis is there any standard ratio recommanded ? 1169152971 M * daniel_hozac wouldn't make much sense, would it? 1169152976 M * daniel_hozac that depends entirely on your requirements. 1169153026 Q * dmax Ping timeout: 480 seconds 1169153049 J * dmax ~semaj@81.193.60.13 1169153262 Q * dmax Remote host closed the connection 1169153368 J * dmax ~semaj@81.193.60.13 1169153381 Q * glut Ping timeout: 480 seconds 1169153434 J * john-modulis ~john@hvmoduli.enter-net.com 1169153444 M * Bertl welcome john-modulis! 1169153450 M * john-modulis hello ^^ 1169153630 Q * Piet_ Ping timeout: 480 seconds 1169153664 J * Piet_ hiddenserv@tor.noreply.org 1169153799 Q * h3x Read error: Connection reset by peer 1169154266 N * marcfiu_oO marcfiu 1169154282 M * Bertl wb marcfiu! 1169154314 M * marcfiu hey Bertl 1169154550 Q * m`m`h Ping timeout: 480 seconds 1169154757 Q * Piet_ Remote host closed the connection 1169154843 J * dna ~naucki@p54BCD49A.dip.t-dialin.net 1169154916 M * transaci1 isn't it in general possible to assign internet routed ips to vserver? 1169154931 M * Bertl yes 1169154948 M * Bertl i.e. yes, you can assign all kind of ips to guests 1169154970 J * jabra ~jabra@70.90.101.105 1169154972 M * jabra hey guys 1169154977 M * Bertl welcome jabra! 1169154992 M * jabra wondering what method you use for moving a vserver from one host to another 1169155002 M * Bertl usually rsync 1169155007 M * jabra k 1169155018 M * Bertl suggested options: -axH --numeric-ids 1169155032 M * Guy- you might add -S too 1169155033 M * jabra so ideally if you have like backupninja same deal 1169155056 M * Bertl Guy-: ah, good point 1169155058 M * transaci1 Bertl: i did that, but, all went nice, mysql started ssh started but then came apache: http://phpfi.com/194867 1169155105 M * Bertl transaci1: first, you want to get the hostname added to /etc/hosts 1169155112 M * Guy- and --partial, if the link is slow 1169155129 M * Bertl transaci1: something like: 62.141.53.87 localhost n00k 1169155133 M * jabra what about if i wanta tar.bz2 it up 1169155142 M * transaci1 Bertl: already done 1169155161 M * Bertl transaci1: second, you probably have an apache running on the host, or debian with a broken config (2 listen directives :) 1169155185 M * transaci1 Bertl: there is an apache running, but in another vserver 1169155204 M * Bertl jabra: works too, but is more problematic, on ext2/3 I'd sugegst to use dump/restore which works quite fine for me 1169155219 M * Bertl transaci1: if that guest has a different ip assigned it will be no problem 1169155232 M * Bertl transaci1: if that guest has the same ip, you need to use a different port 1169155233 M * transaci1 Bertl: that's what i thought 1169155240 M * jabra dump / restore ? 1169155257 M * jabra is that an arg i need to add ? or something ? 1169155258 M * Bertl jabra: those are lowlevel backup tools for ext2/3 1169155262 M * jabra ah 1169155269 M * Bertl you can transfer a guest like this: 1169155281 M * transaci1 Bertl: all my vserver run in a 10.0.0.0 net, just this one should have a world routed ip 1169155301 M * Bertl dump 0zf - /vservers/guest | ssh root@target "cd /vservers && restore rf -" 1169155315 M * jabra k 1169155317 M * Bertl transaci1: that is absolutely no problem 1169155340 M * transaci1 Bertl: then it's possibly a apache bug? 1169155344 M * Bertl transaci1: I'm 100% sure that either your apache has a dumplicate lsiten directive or the host is running something on that port 1169155351 M * Bertl *duplicate 1169155367 M * transaci1 Bertl: ok i double chack it 1169155388 M * Bertl transaci1: you can verify that with nc (netcat) and lsof 1169155405 M * jabra Bertl: so tar wouldn't work on ext3 ? 1169155426 M * Bertl problem is, tar doesn't handle certain aspects that well/easily 1169155438 M * Bertl like the numeric ids or hardlinks 1169155443 M * jabra ah ok 1169155454 M * Bertl of course, depends on the actual tar :) 1169155460 M * jabra so the idea being the vserver would come back but perhaps need to be rebooted 1169155483 M * jabra or would things be totally out of sync 1169155490 M * Bertl well, if you mess up the uids, you get a somewhat unusable guest 1169155505 M * Bertl just think, /var/spool/mail owned by rpc 1169155525 M * jabra right 1169155575 M * jabra so than how do you backup vservers ? 1169155578 M * Bertl daniel_hozac: btw, how is the 'tar' install method dealing with the uid/gid issue? 1169155581 M * jabra don't you use backupninja ? 1169155621 M * Bertl no, I had a look at it some time ago, but decided that dump/restore and rsync backup is sufficient for my purposes 1169155654 M * jabra so i'll probably use rsync 1169155697 J * Piet_ hiddenserv@tor.noreply.org 1169155737 M * Hollow Bertl: gentoo installation has always worked for me with tar xpf/cpf, and also the handbook uses this method .. 1169155777 M * Hollow maybe some older tars have problems with this? 1169155777 M * Bertl yes, but what if you do that on a debian host with completely different passwd entries? 1169155827 M * Hollow does tar only work on usernames? 1169155831 M * bonbons Bertl: isn't tar using the UIDs instead of names? 1169155847 M * Hollow not sure, but gentoo also adds dynamic users during package installation, so uids might be different too 1169155869 M * Bertl should be simple to test, no? :) 1169155878 M * bonbons at least it extracted mainline kernels with 'unknown' UIDs for some time... 1169155892 M * Bertl yes, unknown, but what about _known_? 1169155909 M * Bertl I think the simplest test is to create two users 1169155922 Q * marcfiu Quit: Download Gaim: http://gaim.sourceforge.net/ 1169155924 M * Bertl then make two directories and touch a file there from each user account 1169155937 M * Bertl tar that up, switch the uid/gid in /etc/passwd 1169155943 M * Bertl and restore the tar ... 1169155944 M * Hollow even tar has --numeric-owner 1169155970 M * Bertl newer tars have that 1169155983 M * Bertl probably debian will not have that yet :) 1169155996 M * Hollow ... 1169155998 M * Hollow :) 1169156018 M * Bertl well, maybe it has, I don't know ... :) 1169156034 M * Hollow probably in the experimental-super-unstable tree ;) 1169156050 M * Hollow in two years it will move to testing 1169156102 M * derjohn Hollow, no, it will be enabled in debian's new bleeding edge edition "geeky". 1169156130 M * derjohn # tar --help |grep num 1169156130 M * derjohn --numeric-owner immer Zahlen für Nutzer-/Gruppennamen verwenden 1169156150 M * derjohn :-) 1169156165 M * Bertl derjohn: ich will aber nix Zahlen :) 1169156193 M * derjohn Bertl the Zechpreller ... ah. no, that was linuxtag ... 1169156195 M * derjohn :) 1169156205 M * jabra Bertl: i'll let you know how this works for me 1169156209 M * Bertl derjohn: please, fix your locale :) 1169156254 M * derjohn Bertl, *lol*, OK :) 1169156472 Q * bonbons Quit: Leaving 1169156616 J * Aiken ~james@tooax7-147.dialup.optusnet.com.au 1169156730 M * Bertl morning Aiken! 1169156757 M * Aiken good morning 1169156777 M * transaci1 Bertl: could you pls elaborate your netcat/lsof suggestion 1169156800 N * transaci1 transacid 1169156811 J * Piet__ hiddenserv@tor.noreply.org 1169156874 M * Bertl transacid: sure, you can use 'nc -l -s -p 80' to 'simulate' the apache 1169156896 M * transacid on the guest system? 1169156906 M * Bertl yes, on the guest and on the host system 1169156984 M * Bertl transacid: and 'lsof -nli | grep http' will help you to find stuff already bound at that port 1169157022 M * transacid ok 1169157036 M * Bertl again, both on the host and the guest 1169157210 Q * Piet_ Ping timeout: 480 seconds 1169157314 M * transacid ok on the hostsystem it aborts with "Can't grab ~XX.XXX.XX.XX:80 with bind 1169157330 M * Bertl so you have something running there already :) 1169157342 M * Bertl check now with the lsof line what ... 1169157351 M * transacid but i tried it with the guest ip there 1169157362 M * Bertl that's correct 1169157389 M * transacid and lsof -nli | grep http" 1169157400 M * transacid and "lsof -nli | grep http" reports nothing 1169157409 M * Hollow you can even do lsof -i :80 1169157434 M * Bertl ah, nice, didn't think of that one ... 1169157442 M * transacid ah Hollow that worked 1169157481 M * transacid lol no got the wrong ip 1169157515 M * Bertl okay, if you get an error with the netcat, but lsof doesn't find anything on the host, then there are two options 1169157537 M * Bertl a) you have a guest, which is using the same guest ip for apache (or similar) 1169157550 M * Bertl b) you do not have the guest ip assigned on the host at all 1169157572 M * Bertl you can check b) with 'ip addr ls | grep ' 1169157575 M * Hollow does nid=1 work to see all ip/ports/socket whtaever? 1169157590 M * Bertl with the recent fixes, yes 1169157598 M * transacid a) all other vserver-guests have 10.1.1.* addresses 1169157603 M * Bertl Hollow: i.e. with 2.2.0-rc8 1169157607 M * Hollow ah, ok 1169157607 M * transacid b) i dun understand 1169157647 M * Bertl check with the ip addr ls line if that 'public/guest' ip is assigned on the host 1169157673 M * Bertl if that doesn't output anything, you haven't started the guest/configured the ip on the host yet 1169157688 M * Bertl (nc cannot bind to a non existing ip :) 1169157764 J * shedi ~siggi@ftth-237-144.hive.is 1169157771 M * Bertl wb shedi! 1169157797 M * shedi thank you sir 1169157831 M * transacid Bertl: ifconfig inside the guest sais that the ip is asssinged, and even mysql binds to it 1169157875 M * Bertl okay, so just let's recap what you figured so far (please correct me when I'm wrong) 1169157892 M * Bertl - there is nothing showing up on the host with lsof -i :80 1169157899 M * transacid right 1169157912 M * Bertl - there is nothing showing up with lsof -i :80 inside the guest 1169157917 M * transacid right 1169157932 M * Bertl - the netcat line on the host fails 1169157939 M * transacid right 1169157942 M * Bertl - the netcat line on the guest fails too 1169157946 M * transacid no 1169157950 M * Bertl no? 1169157994 M * transacid e.g. the guest ip is 1.2.3.4 and i type in nc -l -s 1.2.3.4 -p 8 inside the guest, it works 1169158003 M * transacid 80* 1169158013 M * Bertl that would actually mean that apache should work quite fine :) 1169158024 M * transacid yes _it should_ 1169158027 M * Bertl what if you do 1169158039 M * Bertl (inside the guest) nc -l -p 80 1169158047 M * Bertl does that work too? 1169158069 M * transacid yes 1169158081 M * Bertl okay, then it is definitely an apache issue ... 1169158086 M * transacid n00k :~# lsof -i :80 1169158086 M * transacid COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME 1169158087 M * Bertl let's do the following: 1169158087 M * transacid nc 28812 root 3u IPv4 39054476 TCP n00k:www (LISTEN) 1169158104 M * Bertl (ah, that explains why you got not output from the grep :) 1169158126 M * Bertl the port is called http here, and obviously www on your side 1169158126 M * transacid hehe yes 1169158144 M * Bertl okay, let's start the apache manually, and verify that it fails 1169158151 M * Bertl (inside the guest) 1169158163 M * transacid any options to pass? 1169158176 M * Hollow -X probably 1169158177 M * Bertl then wait a little, and start it with prepending 'strace -fF -o apache.trace' 1169158197 M * Bertl i.e. strace -fF -o apache.trace .... 1169158233 M * Hollow -X tells apache to not fork to background and to not spawn any children, good for debugging .. 1169158243 M * Bertl ah, good to know 1169158315 M * jabra Bertl: i transfered it but my backupninja doesn't have /dev/urandom 1169158324 M * jabra for the vservers 1169158330 M * Bertl how so? 1169158345 M * jabra not sure 1169158347 M * transacid n00k :~# apache2 -X 1169158348 M * transacid apache2: apr_sockaddr_info_get() failed for n00k 1169158348 M * transacid apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName 1169158355 M * Bertl jabra: was it lost on the transfer? 1169158358 M * jabra no 1169158369 M * jabra just like not backed up 1169158372 M * Bertl transacid: that's okay 1169158373 M * jabra with backupninja 1169158393 M * transacid and now strace? 1169158395 M * Bertl jabra: maybe it needs a special option to copy device nodes 1169158402 M * jabra probably 1169158407 M * Bertl transacid: no, obviously you do not get the error now 1169158424 M * Bertl transacid: i.e. apache did start quite fine so far 1169158456 M * Hollow transacid: maybe you had to wait for some timeout .. sometimes a port is still "in use" if you killed a process, but after some time you can rebind .. 1169158475 M * Bertl yes, that happens when the connections are not terminated properly 1169158490 M * Bertl they will end up in TIME_WAIT 1169158495 M * Hollow well, for kill -9 this is probably alway the case, no? 1169158507 M * Bertl yes, typically :) 1169158577 M * transacid ok aoache runs, but now i get the http error code 503 1169158607 M * Bertl that's servie unavailable 1169158611 M * Bertl *service 1169158648 M * transacid yes 1169158672 M * Bertl i.e. something which apache returns, because it cannot serve your pages 1169158681 M * jabra Bertl: --devices preserve device files (super-user only) 1169158681 M * jabra -D same as --devices --specials 1169158690 M * jabra fyi 1169158773 M * transacid hmm that'S very strange, i still get it when apache isn't even running anymore 1169158804 M * Bertl transacid: then something else is running on that port :) 1169158811 M * Hollow probably nc? :D 1169158826 M * Bertl would that return a 503? 1169158830 M * Hollow but it wouldn't return 503, right? 1169158833 M * Hollow heh 1169158839 J * m`m`h ~simba@deb30.mgts.by 1169158855 M * transacid but there isn't realy running anything 1169158863 M * transacid not on the host and not on the guest 1169158883 M * Bertl I can imagine a few possibilites 1169158901 M * Bertl beginning with Linux-VServer related stuff: 1169158928 M * Bertl - you have a rogue guest which is not limited to an ip subset and thus claims 0.0.0.0 instead 1169158968 M * Bertl - you have a weir DNAT rule which remaps the ports, thus they hit a different guest/port 1169158972 M * Bertl *weird 1169158982 M * Bertl now the network related possibilities: 1169159004 M * Bertl - requests are filtered on a firewall, the apache stuff was only remotely related 1169159036 M * Bertl - routing is messed up, some packets are lost, a proxy is confused and gives you strange results 1169159063 M * Bertl of course, also your kernel could be broken as well as apache itself :) 1169159082 M * Hollow maybe even a DNS is messed up and returns the wrong IP? 1169159093 M * Bertl yes, good idea 1169159160 M * transacid ok i hit nmap against my primary ip where 80 should be open due to an listening apache in a guest, which is NATed 1169159178 M * transacid and against my secondary, which i wanna use in that guest 1169159189 M * transacid and that is open aswell 1169159210 M * transacid but there is nothing listening on 80 1169159235 M * Bertl you get 'open'? 1169159242 M * transacid yap on both 1169159250 M * Bertl that usually means that there _is_ something listening :) 1169159339 M * jabra 'vserver ... suexec' is supported for running vservers only; aborting..? 1169159342 M * jabra any ideas ? 1169159350 M * Hollow vserver ... start? 1169159351 M * jabra ya 1169159408 M * jabra Bertl: this rsync doesnt look like it is smooth 1169159420 M * jabra along with backupninja 1169159440 A * jabra considers roling his own method 1169159460 M * Bertl why would you want to exec something in a stopped guest? 1169159478 M * jabra that is tryin to start it when it isn't running 1169159503 M * Bertl so, backupninja did mess up the backup? 1169159540 M * jabra naw 1169159555 M * Bertl so what's the problem, IYO? 1169159567 M * jabra wait 1169159569 M * jabra ok 1169159575 M * jabra so i had backup ninja work 1169159580 M * jabra it didn't copy /dev 1169159591 M * jabra so i had to take it from the running vserver rather than the backup 1169159636 M * Bertl should be no problem, as long as you copy the device nodes 1169159645 M * Bertl (instead of device contents :) 1169159651 M * jabra right 1169159711 M * jabra guess my question is how can i add -D to backupninja 1169159721 M * Bertl daniel_hozac: btw, would it work to put the vserver guest into /etc/vservers/foo/vdir ? 1169159954 P * john-modulis 1169160246 M * Guy- do you know off the top of your heads what vserver version Debian's linux-image-2.6.18-3-xen-vserver-amd64 has? 1169160302 M * Bertl an old one :) 1169160320 M * Guy- OK, that's good enough, thanks :) 1169160321 M * Bertl nah, just kidding, no idea, but the debian folks might know 1169160388 M * Hollow :) 1169160397 M * Hollow debian bash day today, eh? :) 1169160416 M * Guy- in some channels, every day is a Debian bashing day :) 1169160424 M * Hollow hehe 1169160497 M * Bertl nah, actually I'm very fine with debian recently 1169160515 M * Bertl they are doing a much much better job than the ubuntu folks 1169160533 Q * dna Quit: Verlassend 1169160551 M * Guy- in what way? I use both and haven't noticed much of a quality difference either way 1169160611 M * Guy- (obviously, ubuntu would be nowhere without debian, but everyone knows that) 1169160665 M * Guy- in case you were wondering, said kernel package apparently has 2.0.2.2-rc8 1169160675 M * Bertl AFAIK, there is no currently working kernel for ubuntu 1169160683 M * Bertl (Linux-VServer kernel that is) 1169160688 M * Guy- ah 1169160691 M * Guy- no, there isn't 1169160705 M * Guy- OTOH, there isn't one with a recent version of vserver for Debian either 1169160778 M * Bertl yes, there is 1169160814 M * Bertl (well, not for the 2.6.19 yet, but for 2.6.18 at least) 1169160818 M * Guy- OK, what I mean to say was 'one that uses the 2.2 branch' 1169160854 M * Guy- and there is no kernel later than 2.6.18 packaged for Debian at all, at least for amd64 1169160913 M * Guy- of course, they pick and choose what to include from Linus's tree, which does get tricky after a while 1169160935 M * Guy- I don't want to pretend it's not a lot of effort 1169161117 M * Bertl talk to waldi, there will probably be a 2.6.20 with up to date Linux-VServer (if nothing goes wrong) 1169161139 M * harry can someone change the topic 1169161149 M * harry 2.2.0-rc8 is released with grsec patches too 1169161167 M * harry i have to update the site too, but i don't know how 1169161179 T * Guy- http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc1, 2.2.0-rc8, devel 2.1.1.7.1, 2.3.0.7, stable+grsec 2.0.2.1, 2.2.0-rc8, devel+grsec 2.1.1 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1169161203 M * harry tnx 1169161210 M * Guy- I hope that was OK 1169161217 M * harry yeah, it's ok :) 1169161253 M * Guy- any chance of a vserver-grsec-xen patch? :) 1169161263 M * harry haha, that's kinda... really hard 1169161266 M * Guy- btw, how hairy is it to merge grsec and vserver? 1169161270 M * harry vserver+xen should be possible 1169161279 M * harry grsec + xen is... well... hard :) 1169161283 M * Guy- vserver+xen is definitely possible, it's even packaged for debian 1169161288 M * harry Guy-: depends on how good you know code :) 1169161289 M * Bertl vserver on the xen arch works quite fine 1169161294 M * harry *the code 1169161316 M * Guy- harry: assuming I can read C code but I'm not normally up to my waist in the kernel? 1169161331 M * harry then... if you're really careful... doable :) 1169161337 M * harry it's no rocket science :) 1169161349 M * Guy- I know, I used to merge grsec with other stuff a few years ago 1169161363 M * Guy- but if there are horrible conflicts... 1169161367 M * harry there are a few really tricky parts... 1169161379 M * Guy- OK, I'll just leave it to you then :) 1169161383 M * harry but if you look/read/analyse carefully, you'll get through it :) 1169161399 M * harry you can allways look at what i did, and improve 1169161418 M * Guy- that's unlikely :) 1169161443 M * Guy- how much testing do these grsec-vserver kernels get? 1169161458 M * harry i usually test them with all the options etc... 1169161468 M * harry and it seems quite a lot of people use it 1169161476 M * harry i run it on my servers 1169161491 M * harry (2.6.17.13 atm, can't constantly upgrade production machines) 1169161521 M * harry how the hell can i update the patchtable on the site???? 1169161521 M * Guy- OK, thanks 1169161527 M * harry is it possible through links 1169161528 M * harry np 1169161545 M * Guy- I can do it for you if you tell me what to change 1169161549 M * Bertl Hollow: could you update the wiki? 1169161567 M * harry Guy-: if i knew how to get to the correct page, i would ;) 1169161573 M * harry but there doesn't seem an easy way 1169161580 M * harry on my laptop at work, i have it bookmarked 1169161584 M * harry but... i'm not at work now :) 1169161584 M * Guy- ah, and the main page isn't even editable 1169161604 M * Hollow harry: it is a template .. http://linux-vserver.org/index.php?title=Template:CurrentPatchTable&action=edit 1169161605 M * Guy- isn't it http://linux-vserver.org/Welcome_to_Linux-VServer.org we're talking about? 1169161610 M * Guy- ahhh 1169161614 M * harry that's the one :) 1169161627 M * Hollow you can't edit the main page, but you can edit the template 1169161654 M * Guy- I haven't used templates in mediawiki yet, but I can see how they're useful :) 1169161665 M * Guy- wow, the wind's really picking up speed here too 1169161667 M * harry bookmarked here too :) 1169161670 M * harry and done :) 1169161674 A * harry off again 1169161675 M * Guy- it just rattled the roof... 1169161678 A * harry keeps up to date :) 1169161813 M * harry Guy-: this patch i put online isn't tested, but it's the same as the previous one, the rc8 patch applied cleanly, so... ;) 1169161840 M * Bertl yeah, it is unlikely that the rc7->rc8 changes anything 1169161856 M * Bertl (for grsec) 1169161868 M * Hollow Bertl: btw, any ETA for 2.2.0 yet? 1169161883 M * Guy- this could be grsec's big return into my life :) 1169161884 M * Guy- we'll see 1169162268 M * Guy- is the feature matrix in the wiki up to date? 1169162281 M * Guy- http://linux-vserver.org/Feature_Matrix <-- this 1169162421 M * Guy- if so, I don't necessarily need 2.2 after all... COW link breaking is nice, but not a must, I guess 1169162426 M * Bertl mostly 1169162548 M * Guy- let's see if I understand the difference between iunlink and COW 1169162573 M * Guy- with iunlink, I can upgrade packages in a vserver even if it uses files that are hardlinked and shared with other vservers 1169162585 M * Guy- because the package manager unlinks the file first and then creates a new one in its place 1169162599 M * Guy- with COW, even overwriting the hardlinked file would work 1169162603 M * Guy- is this correct? 1169162656 M * Bertl yes 1169162665 M * Guy- excellent 1169162671 M * Bertl Hollow: should be already out, but we had a few issues 1169162726 M * Bertl ntrs: could you check with the latest two patches, and the debugging enabled (regarding the hang issue)? 1169162755 M * Bertl http://vserver.13thfloor.at/Experimental/delta-vkill-fix0{2,3}.diff 1169162796 M * Hollow Bertl: ok, so it will be Really Soon Now ;) 1169162812 M * Bertl I Really Hope So :) 1169162842 M * Bertl but as usual, the motto is: it's done when it's done ... 1169162851 M * Hollow sure .. 1169163620 Q * tso Ping timeout: 480 seconds 1169163631 M * adrien-modulis I got a very weird issue 1169163640 M * adrien-modulis I have to vserver host 1169163648 M * adrien-modulis one start a guest at IP 247 1169163660 M * adrien-modulis I stop the guest 1169163670 M * adrien-modulis I start a copy of this guest on the other server 1169163687 M * Bertl okay 1169163689 M * adrien-modulis and it's enable to assign ip 247 1169163702 M * adrien-modulis I can put any ip but 247 1169163715 M * Bertl probably the ip is not removed on the other host 1169163739 M * adrien-modulis after I stop it 1169163742 M * adrien-modulis it doesn't ping 1169163744 M * Bertl or the router/switch is not updated when you move the guest 1169163753 M * adrien-modulis that what I tought first 1169163792 M * Bertl but? 1169163823 M * adrien-modulis if I add the ip as a virutal interface 1169163827 M * adrien-modulis on the second host 1169163829 M * adrien-modulis I can ping it 1169163840 M * Bertl virtual interface means? 1169163845 M * adrien-modulis eth0:1 1169163852 M * Bertl so you mean an alias :) 1169163853 M * adrien-modulis another Ip for the same device 1169163856 M * adrien-modulis alias yes 1169163871 M * adrien-modulis is it possible to rewrite the mac address for a vserver 1169163872 M * adrien-modulis ? 1169163878 M * Bertl okay, could you upload the ip addr ls output without the alias? 1169163884 M * adrien-modulis that would help the arp cache of the switch 1169163899 M * Bertl you cannot change the mac of a guest or alias 1169163917 M * Bertl you can send out arp information to update the switch 1169163933 M * Bertl easiest way is to do: 1169163943 M * Bertl ping -I 1169163978 M * adrien-modulis http://paste.linux-vserver.org/901 1169163991 M * adrien-modulis ok I'm gonna try that 1169164012 M * Bertl that is no 'ip addr ls' output :) 1169164179 Q * duckx Quit: Client exiting 1169164181 M * adrien-modulis done 1169164191 M * adrien-modulis for the secondary host 1169164200 Q * mountie Quit: LUNCK! 1169164339 M * adrien-modulis it WORKS ! 1169164360 M * adrien-modulis I ping -I the gateway with from the new host with the ip 1169164361 M * Bertl so it was a router/switch issue, yes? 1169164365 M * adrien-modulis yes it was 1169164365 J * mountie ~mountie@CPE0080c6fe323f-CM000a739acaa4.cpe.net.cable.rogers.com 1169164381 M * adrien-modulis thank you vbery much Bertl ! 1169164388 M * Bertl you're welcome!