1170288008 Q * lilalinux Ping timeout: 480 seconds 1170288015 M * Pazzo no 1170288029 J * lilalinux__ ~plasma@dslb-084-058-211-080.pools.arcor-ip.net 1170288055 M * daniel_hozac i guess you should create that then. 1170288107 M * Pazzo done 1170288152 M * daniel_hozac is it still a problem? 1170288458 Q * lilalinux_ Ping timeout: 480 seconds 1170288459 M * Pazzo yup... but that's a cosmetic problem, so who cares... as soon as possible I'll kill this guests and replace them with debian ( if they allow me to do so) 1170288489 M * Pazzo there is another little problem: 1170288500 M * Pazzo do you remember the nfs thing yesterday? 1170288505 M * daniel_hozac sure. 1170288516 M * Pazzo everything was running smooth with unfsd and fstab.remote 1170288562 M * daniel_hozac but? 1170288564 M * Pazzo (another "real" host <-> vserver guest, nfs server on both sides, "cross-mounting" on partition per side) 1170288570 M * Pazzo works great 1170288572 M * Pazzo BUT 1170288592 M * Pazzo now both hosts are guests on the same vhost 1170288606 M * Pazzo !? 1170288631 M * Pazzo (I know, a bind mount would solve the problem :-) 1170288652 M * daniel_hozac so the NFS mount isn't working anymore? 1170288658 M * Pazzo no 1170288706 M * daniel_hozac Bertl: 2.2.0-rc9 still has the + new_nxi->nx_flags &= NXF_PERSISTENT; 1170288723 M * daniel_hozac Bertl: missing the ~ 1170288831 M * Pazzo btw: which vserver version would you suggest for use on productional systems? 1170288846 M * daniel_hozac 2.2.0-rc9. 1170288858 M * Pazzo thnx 1170288908 Q * id23 Ping timeout: 480 seconds 1170288920 Q * [Che]eDog Ping timeout: 480 seconds 1170288945 M * Pazzo are there any known grave issues with the old 2.1.1-rc-whatever one? 1170288969 M * daniel_hozac that's why the 2.1 branch is at 2.1.1.7.1 :) 1170288978 M * daniel_hozac (well, part of that is the 2.6.19 rebase) 1170289172 J * [Che]eDog ~edog@91.149.145.111 1170289173 M * Pazzo daniel_hozac: a big big big THANK YOU for your help and your patience!!! 1170289189 Q * [Che]eDog 1170289191 M * daniel_hozac you're welcome! 1170289209 J * [Che]eDog ~edog@91.149.145.111 1170289219 Q * dna Quit: Verlassend 1170289221 M * Pazzo I've head enough trouble today, I simply did two bind-mounts right now... I'll solve the NFS thing another day 1170289243 Q * FireEgl Quit: ... 1170289324 M * Pazzo but just to don't missunderstand things: is it possible (in your believes) to run two guests, one of them with a fstab.remote mounting an nfs share from the other one? 1170289365 M * daniel_hozac i don't see why not. 1170289379 M * daniel_hozac but NFS is a bit of black magic... 1170289517 M * Pazzo (I agree :-) hmm... and to make things even more complicate: if both of them need to use fstab.remote to mount a share running on the opposite one - would this also work? 1170289639 M * daniel_hozac how would you start them? 1170289652 M * daniel_hozac both would require that the other one be up and running already... 1170289718 M * daniel_hozac it really seems like bind mounts are the better option. 1170289724 M * daniel_hozac (also much less overhead) 1170289849 J * nou Chaton@causse.larzac.fr.eu.org 1170290170 M * Pazzo daniel_hozac: I agree completely... it's a chicken <--> egg problem :o) 1170290828 J * ChiTo ~chito@189.134.45.113 1170290842 M * Pazzo bye all, I have to leave now! 1170290854 M * [Che]eDog bb 1170290865 M * Pazzo daniel_hozac: thank you once again!! 1170290871 Q * Pazzo Quit: ... 1170290939 M * ChiTo Hi everybody, i have make my own guest image but it cant bind any service on the ip, some services said that the ip is already in use. i.e. httpd or sshd, does anybody has experienced this? 1170290988 M * daniel_hozac ChiTo: are you running, e.g. httpd and sshd on the host? 1170291004 M * ChiTo daniel_hozac, no 1170291016 M * mugwump netstat -plunt will tell you 1170291018 M * ChiTo daniel_hozac, it seems that the ip that i am using for the vserver is just reserved to the host 1170291031 M * mugwump look for things listening on 0.0.0.0 / ::0 1170291062 M * ChiTo daniel_hozac, does it has to do with mac addresses? because my provider doesnt allow more than one mac addres for each port at its switch 1170291089 M * daniel_hozac uh, what address did you assign your guest? 1170291107 M * daniel_hozac and do what mugwump told you to do. that'll clear things up. 1170291153 M * ChiTo daniel_hozac, the netstat doesnt tell me that the services are up on the host, and on the guest it says that the http is listening on 1.2.3.4:80, but it is not truth 1170291179 M * ChiTo daniel_hozac, i have telneted to that port and is refused, it seems goes to the host and not the vserver 1170291230 M * daniel_hozac so, where did you get the address from? 1170291244 M * daniel_hozac and from where are you testing? 1170291359 M * ChiTo i have a pool on my server for many ips, and i have assigned one of them properly to the guest, when the guest starts the host starts the eth0:myguest without problems, the problem comes when i try to get a service on the guest, there is a eth0:myguest on the guest with the ip assigned but the services failed at starting 1170291406 M * daniel_hozac i thought you said the guest showed the service as listening? 1170291433 M * ChiTo yeah 1170291438 M * ChiTo but it is not truth that is listening 1170291457 M * daniel_hozac so the services do succeed in starting? 1170291473 M * ChiTo i.e.: 1170291481 M * ChiTo bash-3.1# /etc/init.d/sshd start 1170291481 M * ChiTo Starting sshd: [ OK ] 1170291483 M * ChiTo this is on guest 1170291485 M * ChiTo and : 1170291491 M * ChiTo bash-3.1# netstat -an | grep 22 1170291492 M * ChiTo bash-3.1# 1170291513 M * daniel_hozac and there's nothing in the logs? 1170291559 M * ChiTo i have seen something fot the ntpd: 1170291577 M * ChiTo Jan 31 18:36:08 vs01 ntpd[16372]: bind() fd 4, family 2, port 123, addr 0.0.0.0, in_classd=0 flags=8 fails: Address already in use 1170291577 M * ChiTo Jan 31 18:36:08 vs01 ntpd[16372]: bind() fd 4, family 2, port 123, addr 172.16.10.2, in_classd=0 flags=8 fails: Address already in use 1170291587 M * daniel_hozac running ntpd in a guest is never going to work. 1170291613 M * ChiTo because on the host is running i guess no? 1170291622 M * daniel_hozac (well, unless you give it the required capabilities) 1170291630 M * daniel_hozac yep, that'd explain those errors. 1170291641 M * ChiTo but what about the other services 1170291646 M * ChiTo it supposes that are different ips 1170291675 M * daniel_hozac so telnet 80 doesn't work from the host? 1170291737 M * ChiTo it says it is refused 1170291746 M * ChiTo when i tried to stop the vserver i get: 1170291751 M * ChiTo usr/lib/util-vserver/vserver.stop: line 85: 16721 Killed "${NICE_CMD[@]}" ${USE_VNAMESPACE:+$_VNAMESPACE --enter "$S_CONTEXT" -- } $_VCONTEXT $SILENT_OPT --migrate --chroot --xid "$S_CONTEXT" -- "${INITCMD_STOP[@]}" 1170291751 M * ChiTo A timeout occured while waiting for the vserver to finish and it will 1170291751 M * ChiTo be killed by sending a SIGKILL signal. The following process list 1170291751 M * ChiTo might be useful for finding out the reason of this behavior: 1170291779 M * ChiTo that happening when was trying to stop the networki interfaces 1170291786 J * shuri ~shuri@hq01.electronicbox.net 1170291811 M * daniel_hozac that probably means your guest needs more than 30 seconds to shut down. 1170291936 M * ChiTo bash-3.1# /etc/init.d/httpd start 1170291936 M * ChiTo Starting httpd: httpd: apr_sockaddr_info_get() failed for vs01.unixzone.net 1170291936 M * ChiTo httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName 1170291936 M * ChiTo [ OK ] 1170291947 M * ChiTo bash-3.1# netstat -an | grep 80 1170291947 M * ChiTo tcp 0 0 216.75.2.130:80 0.0.0.0:* LISTEN 1170291956 M * ChiTo if you try to telnet it you will be refused 1170291962 M * ChiTo because it refers that ip to the host 1170291968 M * ChiTo and the http is not up on the host 1170291978 M * daniel_hozac and you don't have anything like iptables? 1170291997 M * ChiTo that sounds logic let me disabled it 1170292162 Q * duckx Remote host closed the connection 1170292265 M * ChiTo the packets now pass for the port 80, the problem persists with ssh and iptables from the host is disabled now 1170292289 M * ChiTo if you telnet 216.75.2.130 22 the reponse you are getting is from the host 1170292292 M * ChiTo not from the guest 1170292307 M * ChiTo but the 216.75.2.130 for http is from the guest 1170292366 M * daniel_hozac are you running an sshd on the host as well? 1170292368 M * ChiTo when a new ip is added to the vserver it has another MAC? 1170292375 M * ChiTo or uses the same mac address from the nic ? 1170292378 M * daniel_hozac no. 1170292385 M * daniel_hozac the MAC is the same. 1170292402 M * ChiTo sshd is running on the host 1170292411 M * ChiTo but let me see if it is binded to every interfac 1170292416 M * ChiTo or just its ip 1170292479 M * ChiTo daniel_hozac, you are right daniel 1170292491 M * ChiTo i need to put the explicit ips for the bindings 1170292511 M * ChiTo if the ssh is going to run on the host and the guest then specify the ip 1170292530 M * daniel_hozac you just need to do that on the host. 1170292537 M * daniel_hozac the guest is already limited to its subset. 1170292540 M * ChiTo oh pefrfect 1170292543 M * Bertl hmm, I guess I have a test version for the new syscall shiny 2007 :) 1170292556 M * ChiTo i am trying this vserver with a xenU 1170292557 M * daniel_hozac cool! 1170292559 M * Bertl (only x86 implemented for now :) 1170292574 M * ChiTo congrats every everybody for this project 1170292578 M * daniel_hozac how do you solve the errno thing? 1170292589 M * Bertl we'll see if it solves that :) 1170292603 M * Bertl but IMHO it should now 1170292613 M * daniel_hozac i mean, do you call __errno_location and such? 1170292614 M * Bertl let me upload the code so far ... 1170292659 M * daniel_hozac btw, did you see my note about the vc_net_create error case? missing ~ before NXF_PERSISTENT? 1170292750 M * Bertl ah, no, we should fix that 1170292799 M * Bertl when was that, today? 1170292804 M * daniel_hozac about an hour ago. 1170292819 M * Bertl ah, was burried deep in inline assembler and cpp magic :) 1170292822 M * Bertl http://vserver.13thfloor.at/Experimental/SYSCALL/syscall_shiny12.h 1170292824 M * daniel_hozac hehe 1170292894 M * Bertl it uses the same principles as before, but the important changes are: 1170292915 M * Bertl - we do not rely on the 'not officially defined' concattenation of asm code 1170292927 M * Bertl (i.e. we generate a monolithic asm block now) 1170292940 M * Bertl - we do not even remotely rely on register assignments 1170292952 M * Bertl (which didn't work so well anyway) 1170292993 M * Bertl IMHO any issue we encounter now (besides minor fixes in my code :) can be considered gcc bugs :) 1170293022 M * daniel_hozac nice! 1170293023 M * Bertl we might not get the best code with this, or the best register optimization .. well we will get what gcc can do :) 1170293056 M * Bertl and I simplified the arch description ... 1170293138 M * Bertl we can still do register assignments for archs which cope well with that 1170293148 M * Bertl (at least I hope so :) 1170293289 M * daniel_hozac sounds good. 1170293462 M * Bertl I just got a message that shuri is ready for testing too :) 1170293468 M * shuri :) 1170293485 M * Bertl so while I still clean that stuff up ... 1170293502 M * Bertl daniel_hozac: could you give shuri a few hints how to integrate that in util-vserver? 1170293529 M * Bertl shuri: arch is x86 atm, yes? 1170293535 M * shuri yes 1170293540 M * Bertl okay, good 1170293543 M * daniel_hozac just replacing lib/syscall-alternative.h should do the trick. 1170293558 M * Bertl excellent, shuri, you have the url? 1170293573 M * shuri no 1170293580 M * Bertl http://vserver.13thfloor.at/Experimental/SYSCALL/syscall_shiny12.h 1170293584 M * shuri ok 1170293586 M * shuri let me try 1170293605 M * Bertl configure with normal options, no disable stuff 1170293655 M * shuri yes 1170293943 M * shuri still got the Segmentation fault 1170293955 M * Bertl that's bad ... 1170293967 M * shuri i use util-vserver-0.30.212 1170293970 M * shuri it ok? 1170293975 M * Bertl yes, should be fine 1170293977 M * daniel_hozac probably doesn't matter. 1170293994 M * Bertl where does it segfault? daniel_hozac? 1170294009 M * Bertl can we get the asm code of that section easily? 1170294018 M * Bertl (i.e. with -S) 1170294021 M * daniel_hozac try compiling int main(int argc, char *argv[]) { return 0; } with diet -Os gcc test.c 1170294027 M * daniel_hozac and run ./a.out. 1170294058 M * Bertl ah, that's the dietlibc test 1170294071 M * daniel_hozac (Ubuntu was the one who changed the compiler default flags, right?) 1170294086 M * Bertl right ... 1170294163 M * shuri you want me to run thos command? int main(int argc, char *argv[]) { return 0; } with diet -Os gcc test.c ? 1170294176 M * Bertl diet -Os gcc not diet gcc -Os btw? 1170294203 M * shuri int main(int argc, char *argv[]) { return 0; } with diet -Os gcc test.c 1170294204 M * shuri bash: syntax error near unexpected token `(' 1170294210 M * Bertl ah, 1170294233 M * Bertl do echo 'int main(int argc, char *argv[]) { return 0; }' >test.c 1170294233 M * daniel_hozac no, save the int main... to a file named test.c, and then run the diet -Os gcc test.c 1170294256 M * Bertl you specify the optimization to diet? 1170294257 M * daniel_hozac and diet parses -Os itself. 1170294262 M * Bertl ah, cool 1170294286 M * daniel_hozac (i don't know if that's any better or worse than gcc's variant, but i believe that's how the tools use it) 1170294297 M * Bertl okay, good then 1170294328 M * shuri ./a.out 1170294328 M * shuri shuri@fiesty:~$ 1170294335 M * daniel_hozac so that worked fine? 1170294343 M * Bertl seems so 1170294377 M * Bertl shuri: please get http://vserver.13thfloor.at/Experimental/SYSCALL/sc_test.c 1170294390 M * shuri got it 1170294405 M * Bertl ah, we want the errno stuff there, so 1170294415 M * Bertl just a sec, I try something 1170294555 M * Bertl http://vserver.13thfloor.at/Experimental/SYSCALL/sc_test_ef.c 1170294561 M * Bertl take this one, and do: 1170294585 M * Bertl gcc -Wall -Os -c -o sc_test_ef sc_test_ef.c 1170294590 M * Bertl and if that works 1170294599 M * Bertl gcc -Wall -Os -S -o sc_test_ef.s sc_test_ef.c 1170294631 M * Bertl you have to name the syscall_shiny12.h 1170294634 M * Bertl syscall_new.h 1170294658 M * Bertl and it has to be in the same dir or in the include path somewhere 1170294688 M * shuri ok 1170294741 M * shuri both command work 1170294849 M * Bertl good, please uplaod the segfaulting command (vserver-info? stat?) and the sc_test_ef.s file somewhere 1170294868 M * shuri ok 1170294957 M * shuri http://64.235.209.226/vservers/ 1170294961 M * Bertl tx 1170295031 M * Bertl so the asm code looks perfectly fine, no? 1170295054 M * Bertl shuri: which command segfaulted on you? 1170295080 M * shuri vserver-stat 1170295086 M * shuri vserver-info 1170295147 M * shuri vuname 1170295166 M * Bertl okay 1170295174 M * shuri vserver-stat 1170295183 M * shuri vshelper-sync 1170295196 M * shuri vrsetup 1170295203 M * shuri vps 1170295204 M * shuri lol 1170295323 M * Bertl hmm execQuery()? (for vserver-info) 1170295516 M * shuri me? 1170295517 Q * ChiTo Quit: Leaving 1170295557 M * Bertl daniel_hozac: gdb always points to procedure starts? 1170295595 M * Bertl shuri: let's try to disable diet for now and see if that helps 1170295609 M * shuri ok 1170295613 M * Bertl but keep the alternate syscall (with the new shiny copied in) 1170295625 M * shuri mc 1170295626 M * daniel_hozac that sounds like dietlibc/stack-proctector problems indeed. 1170295862 M * shuri ok that work with --disable-dietlibc 1170295894 M * Bertl good, can you actually verify vserver functionalitywith that too? 1170295910 M * shuri ok leet me reboot with a vserver kernel enable 1170295912 M * shuri brb 2 min 1170295916 M * Bertl okay, tx! 1170295923 Q * shuri Remote host closed the connection 1170295938 M * Bertl daniel_hozac: so the syscall is probably fixed, but what causes the segfaults? 1170295968 M * Bertl I mean, is ubuntu dietlibc unable to create more complex binaries? 1170295994 M * daniel_hozac maybe the stack protector doesn't get enabled for such simple functions. 1170296011 M * Bertl the function gdb was reporting did indeed some stuff on the stak 1170296021 M * Bertl i.e. dynamically assign variables and such 1170296031 M * Bertl s/variables/initializers 1170296075 M * Bertl maybe some 'other' magic options are passed? 1170296081 M * daniel_hozac could be. 1170296105 M * Bertl do we have simple (trivial) test code in util-vserver somewhere? 1170296113 M * Bertl i.e. a tool which doesn't do much 1170296157 M * Bertl could it be library related? 1170296168 M * daniel_hozac setattr? chxid? 1170296179 M * daniel_hozac or if you want truly minimal, chain-echo. 1170296226 M * Bertl chain-echo looks good :) 1170296265 M * Bertl how do I use it? 1170296293 M * daniel_hozac chain-echo * 1170296300 M * Bertl yeah, I saw that :) 1170296310 M * Bertl what does file/data mean? 1170296324 M * daniel_hozac it writes to . 1170296331 M * daniel_hozac then executes * 1170296338 M * daniel_hozac it's like echo, but chainable :) 1170296350 M * Bertl ./chain-echo test test true 1170296357 M * Bertl chain-echo: open(): No such file or directory 1170296372 M * daniel_hozac oh, the file needs to exist already... 1170296376 M * daniel_hozac so not like echo. 1170296421 M * Bertl ./chain-echo test test true 1170296424 M * Bertl chain-echo: execv(): No such file or directory 1170296432 M * Bertl but I guess I can mend that :) 1170296449 M * Bertl okay, unfortunately, that one doesn't segfault :( 1170296456 M * daniel_hozac hehe, seems to be almost a bit too minimal... 1170296475 M * daniel_hozac i guess it requires some larger (arrays?) stack variables. 1170296482 J * shuri ~shuri@hq01.electronicbox.net 1170296484 M * shuri re 1170296498 M * shuri 2.6.19.2-vs2.2.0-rc8 #1 1170296508 M * daniel_hozac -rc9 was released earlier tonight :) 1170296555 M * shuri well 1170296580 M * daniel_hozac shuri: could you try echo 'int main(int argc, char *argv[]) { char buf[16]; strcpy(buf, "a"); printf("%s\n", buf); return 0; }' > test.c; diet -Os gcc -O2 -Wall test.c 1170296651 M * daniel_hozac (lots of warnings, i imagine, as no headers are included) 1170296667 M * daniel_hozac but ignore those, and try to run the resulting binary, assuming it compiles successfully. 1170296717 M * Bertl shuri: okay, does chcontext work? (e.g. chcontext --xid 100 true ) 1170296728 M * shuri iet -Os gcc -O2 -Wall test.c 1170296729 M * shuri test.c: In function 'main': 1170296729 M * shuri test.c:1: warning: implicit declaration of function 'strcpy' 1170296729 M * shuri test.c:1: warning: incompatible implicit declaration of built-in function 'strcpy' 1170296729 M * shuri test.c:1: warning: implicit declaration of function 'printf' 1170296730 M * shuri test.c:1: warning: incompatible implicit declaration of built-in function 'printf' 1170296754 M * daniel_hozac right. 1170296760 M * shuri mc 1170296794 A * Bertl .o( somehow I have the feeling shuri uses midnight commander :) 1170296804 M * shuri lol 1170296841 M * shuri chcontext 1170296841 M * shuri vcontext: vc_create_context(): Invalid argument 1170296884 M * Bertl and with: chcontext --xid 100 true ? 1170296935 M * shuri chcontext --xid 100 true 1170296935 M * shuri New security context is 100 1170296952 M * Bertl okay, so the syscall is working too :) 1170296964 M * Bertl the EINVAL is from using a dynamic context 1170296975 M * Bertl (probably got a message in syslog/dmesg too) 1170296977 M * daniel_hozac shuri: did you run ./a.out after compiling the last one? did it work too? 1170297011 M * shuri ./a.out 1170297012 M * shuri Segmentation fault 1170297035 M * Bertl bingo! 1170297061 M * Bertl I guess we can hand that over to the ubuntu bug tracker now? 1170297078 M * daniel_hozac i'd say so. 1170297081 M * Bertl excellent work folks! 1170297104 M * Bertl shuri: you are using the ubuntu dietlibc I guess? 1170297109 M * shuri i dont understand but i am happy to help you :) 1170297111 M * shuri yes 1170297125 M * Bertl okay, let's try to replace that with a self compiled? daniel_hozac? 1170297133 M * shuri dietlibc-dev 0.30-4ubuntu 1170297158 M * daniel_hozac hmm, i've never built dietlibc manually, actually. 1170297164 M * Bertl trivial 1170297166 M * shuri me yes 1170297166 M * daniel_hozac ensc does such a good job of maintaining it :) 1170297196 M * Bertl okay, then let's try that, and specify the diet path for our little test program 1170297202 M * shuri i can test self compile dietlibs with the new syscall 1170297206 M * Bertl you do not need to install it actually 1170297226 M * shuri !google dietlibc 1170297227 M * Bertl shuri: explanation for non coders :) 1170297228 M * daniel_hozac shuri: just out of curiousity, does diet -Os gcc -O2 -fno-stack-protector test.c; ./a.out fail too? 1170297258 M * Bertl shuri: the issue seems to come up when diet is using special library stuff 1170297259 M * shuri yes it failed 1170297280 M * Bertl shuri: or at least, the program has some complexity 1170297290 M * shuri http://www.fefe.de/dietlibc/ 1170297296 M * shuri is the right url& 1170297301 M * Bertl btw, I'd be interested in the a.out from the first compile 1170297305 M * Bertl shuri: yep, that's it 1170297358 M * shuri make in progress 1170297370 M * Bertl okay, so all in all it is quite positive 1170297386 M * Bertl the syscall wrapper seems to work, even with glibc 1170297410 M * Bertl we have a trivial test case for the ubuntu folks 1170297417 M * daniel_hozac shuri: IIRC you may need to edit one of the configuration headers to select your stack protector stuff, if you're compiling with it. 1170297443 M * shuri yuu are right 1170297446 M * shuri edundant-decls -o bin-i386/elftrunc contrib/elftrunc.c 1170297446 M * shuri make: *** [bin-i386/elftrunc] Segmentation fault 1170297571 M * shuri -fno-stack-protector ? 1170297594 M * daniel_hozac try adding that to CFLAGS. 1170297599 M * shuri yes 1170297603 M * shuri already done 1170297607 M * shuri make in progress 1170297609 M * daniel_hozac (i don't remember what the exact flag is, it's something along those lines...) 1170297647 M * shuri ok work 1170297679 M * Bertl good, now use it on the test.c 1170297807 M * shuri ./diet -Os gcc -O2 -fno-stack-protector test.c 1170297807 M * shuri test.c: In function 'main': 1170297807 M * shuri test.c:1: warning: incompatible implicit declaration of built-in function 'strcpy' 1170297807 M * shuri test.c:1: warning: incompatible implicit declaration of built-in function 'printf 1170297816 M * shuri ./a.out 1170297816 M * shuri Segmentation fault 1170297859 M * daniel_hozac try -fno-stack-protector-all as well? 1170297872 M * shuri ./diet -v 1170297872 M * shuri diet version dietlibc-0.30 (non-install version in source tree 1170297881 M * daniel_hozac (logically the former should include the latter, IMHO...) 1170297893 M * shuri same error 1170297902 M * daniel_hozac did you rebuild dietlibc with it? 1170297908 M * shuri humm 1170297946 M * shuri .i run 1170297948 M * shuri ./diet -Os gcc -O2 -fno-stack-protector test.c 1170298014 M * shuri ./diet -Os gcc -O2 -Wall test.c 1170298023 M * daniel_hozac right, but before that, rebuild dietlibc with CLFAGS="-fno-stack-protector -fno-stack-protector-all" 1170298035 M * daniel_hozac (or maybe you really do need one of those patches) 1170298044 J * ntrs ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1170298097 M * shuri cc1: error: unrecognized command line option "-fno-stack-protector-all" 1170298101 M * daniel_hozac ok. 1170298108 M * daniel_hozac so forget that, and try sed -i -e 's!^#define WANT_SSP$!// \0!g; s!.*\(#define WANT_STACKGAP\).*!\1!g' dietfeatures.h 1170298121 M * daniel_hozac and then rebuild it. 1170298145 M * shuri you talk about dietlibc? 1170298148 M * daniel_hozac yep. 1170298152 M * Bertl btw, the code generation is quite fine with inline definitions now .. didn't expect that :) 1170298179 M * daniel_hozac inline definitions? 1170298193 M * shuri oi add the fno-stack-protector flag? 1170298233 M * Bertl daniel_hozac: with -O2 -fPIC http://paste.linux-vserver.org/1009 1170298275 M * daniel_hozac shuri: yeah, you still want -fno-stack-protector, i think. 1170298312 M * daniel_hozac oh, cool 1170298314 M * Bertl so except for the return code check, which I can probably improve a little, it looks really nice 1170298324 M * daniel_hozac indeed. 1170298406 M * Bertl I think it might even be possible to keep the result in eax for the checl 1170298409 M * Bertl *check 1170298494 M * shuri fno-stack-protector 1170298516 M * mugwump pop quiz: in which 2.4.x kernel were filesystem namespaces introduced? 1170298753 M * shuri ok folk i got to go 1170298753 M * daniel_hozac 2.4.19. 1170298759 M * daniel_hozac (IIRC) 1170298769 M * shuri i can come back tomorrow 1170298784 M * daniel_hozac np, i need to get some sleep too... 1170298807 M * Bertl okay, thanks again ... 1170298810 M * daniel_hozac good night everyone! 1170298818 M * Bertl have a good one daniel_hozac! shuri! 1170299850 Q * SNy Remote host closed the connection 1170299873 J * SNy 3fbecece19@bmx-chemnitz.de 1170300242 Q * SNy Remote host closed the connection 1170300757 J * SNy 7d73f0a643@bmx-chemnitz.de 1170301971 Q * shuri Remote host closed the connection 1170304978 M * pflanze If I want to mount --bind the vserver's own /dev onto it's /mnt/foo/dev, what should go into the /etc/vservers/x/fstab? 1170305007 M * Bertl /mnt/foo/dev /dev bind ... 1170305022 M * pflanze "/dev /mnt/foo/dev .." or "/vservers/x/dev /mnt/foo/dev .." 1170305024 M * pflanze ? 1170305033 M * Bertl neither nor 1170305042 M * Bertl /mnt/foo/dev /dev :) 1170305046 M * pflanze ehr strange, let me try 1170305056 M * Bertl the first one is in the host context 1170305062 M * Bertl the second one in the guest context 1170305142 M * pflanze gave me "failed to mount fstab-entry" 1170305179 M * pflanze usually you give the source argument first, right? 1170305185 M * Bertl yes 1170305195 M * Bertl and the source is /path/to/vserver/dev 1170305202 M * pflanze ah 1170305209 M * Bertl the destination of the mount otoh is 1170305215 M * Bertl /dev 1170305219 M * pflanze then "/vservers/x/dev" "/mnt/foo/dev" 1170305236 M * pflanze the /mnt/foo is inside vserver 1170305237 M * Bertl what's /mnt/foo/dev now? 1170305242 M * Bertl ah, yes 1170305254 M * Bertl thought you wanted to remount /dev special 1170305300 M * pflanze ehrr the source is visible from the host anyway, what did I think. (Late at night) 1170305310 M * pflanze sry & thanks 1170305317 M * Bertl np, you're welcome! 1170305959 N * [Che]eDog [Che]eDog|ZzZzZ 1170306494 M * pflanze hmm, root@elvis-5 root# cat /dev/mysqldevice gives me a permission error, brw------- 1 mysql root 253, 8 2007-01-28 01:04 /dev/mysqldevice 1170306516 M * pflanze from the host I can cat it w/o problem, and /dev/null inside the vserver can be cat'ed as well, so it's not a mount nodev issue 1170306522 M * Bertl yep, expected 1170306534 M * Bertl nope, it is mounted nodev 1170306542 M * Bertl guest has a different namespace 1170306556 M * Bertl i.e. you --bind mounted it twice 1170306566 M * pflanze no that's another story here 1170306571 M * Bertl unmount it on the host, you'll see it still is there on the guest 1170306616 M * pflanze this /dev is on the vserver root volume (which is the /vservers/ volume from the host) 1170306660 M * pflanze and there's no mounting on /dev for this vserver (only the usual /dev/pts mounting) 1170306669 M * pflanze this is not my above "foo" vserver 1170306674 M * Bertl okay, thought it was the same guest as before 1170306729 M * Bertl 253:8 what's that? 1170306785 M * pflanze that's an lvm volume 1170306800 M * Bertl so a devmapper entry then? 1170306806 M * mugwump yep 1170306809 M * Bertl and you want raw access to that? 1170306821 M * pflanze that's on the host: brw------- 1 root root 253, 8 2007-01-28 01:04 /dev/mapper/mirrorvg-e5_mysql 1170306823 M * Bertl I mean, are you sure about that :) 1170306834 M * mugwump presumably he's running InnoDB 1170306834 M * pflanze yes, that's for mysql 1170306836 M * pflanze yes 1170306861 M * Bertl you know that this basically screws your host if one gets access? 1170306867 M * Bertl (to the guest) 1170306873 M * mugwump it shouldn't, nothing mounts it 1170306894 M * Bertl hmm, good point 1170306919 M * mugwump I used to do that until I got fed up of MySQL 1170306923 M * Bertl pflanze: what kernel version? 1170306937 M * pflanze btw it did work under vserver 2.0.2; this is 2.6.19.2-vs2.2.0-rc8.7 1170307032 M * Bertl yep, it's a feature 1170307034 M * Bertl http://linux-vserver.org/Capabilities_and_Flags 1170307047 M * Bertl ADMIN_MAPPER is probably required 1170307063 M * mugwump ouch, won't that let you run lvm admin commands? 1170307148 M * Bertl yes, the device itself should not be restricted .. hmm 1170307252 M * Bertl pflanze: are you sure that nothing else is keeping you from accessing it? 1170307306 M * pflanze well root@elvis-5 root# cat /dev/mysqldevice -> cat: /dev/mysqldevice: Keine Berechtigung 1170307312 M * pflanze I've no idea what it could be 1170307323 M * pflanze elvis-5 is inside the vserver 1170307351 M * Bertl /dev/zero esits there too? 1170307367 M * pflanze root@elvis-5 root# cat /dev/zero|xxd|head 1170307367 M * pflanze 0000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 1170307404 M * Bertl okay, might be an ownership issue 1170307461 M * pflanze well not a normal one, at least? 1170307462 M * pflanze root@elvis-5 root# chmod g+r /dev/mysqldevice 1170307462 M * pflanze root@elvis-5 root# cat /dev/mysqldevice|xxd|head -1 1170307462 M * pflanze cat: /dev/mysqldevice: Keine Berechtigung 1170307462 M * pflanze root@elvis-5 root# l /dev/mysqldevice 1170307462 M * pflanze brw-r----- 1 mysql root 253, 8 2007-01-28 01:04 /dev/mysqldevice 1170307504 M * Bertl do you get EPERM or EACCES? 1170307513 M * Bertl check with strace -fF 1170307567 M * pflanze open("/dev/mysqldevice", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied) 1170307569 M * Bertl should be EACCES, and you need to 'assign' that mapper entry to the guest 1170307586 M * Bertl we have a check in place which might be a little too strict 1170307593 M * Bertl but probably it is fine 1170307602 M * pflanze how, assign? 1170307669 M * Bertl yeah, that's probably th problem for you right now 1170307687 M * Bertl the xid is assigned when the mapping is done 1170307703 M * Bertl i.e. you need to do the dmsetup in the guest context 1170307733 M * Bertl i.e. something like: chcontext --xid -- dmsetup ... 1170307783 M * pflanze I've never used dmsetp, just lvcreate etc. 1170307784 M * Bertl guess I will change that so that guests are allowed to access host mappings too, when the device node is present 1170307797 M * Bertl pflanze: try dmsetup table 1170307886 M * pflanze root@elvis dev# dmsetup table|grep 'mirrorvg-e5_mysql:' 1170307886 M * pflanze mirrorvg-e5_mysql: 0 6291456 linear 3:12 18874752 1170307886 M * pflanze mirrorvg-e5_mysql: 6291456 2097152 linear 3:12 50495872 1170307903 M * Bertl now you can use that for creating the mapping 1170307909 M * pflanze ah 1170307917 M * Bertl you first remove the old one 1170307924 M * Bertl dmsetup remove blabla 1170307928 M * pflanze why are there two entries? 1170307939 M * pflanze ah two parts? 1170307946 M * Bertl those are two different mappings for the same, yes 1170307961 M * Bertl start offset device size 1170307970 M * Bertl ah, forgot type 1170307980 M * Bertl start offset device size 1170308012 M * pflanze maybe I try with a test 'lvcreate ..' first? 1170308039 M * Bertl you can do that, note that the guest does not ahve to be running to assign the xid 1170308060 M * pflanze interesting, is this kept across host reboots? 1170308066 M * Bertl also note that the host will lose access to the mapping 1170308070 M * pflanze (xid file tagging, i guess) 1170308076 M * pflanze that's ok 1170308080 M * Bertl nope, that is only for runtime 1170308093 M * Bertl i.e. it is an attribute of the actual mapping 1170308103 M * Bertl not of the device (which will change over reboots) 1170308368 M * pflanze I don't find a "start" subcommand on the dmsetup manpage 1170308375 M * pflanze did you mean "create"? 1170308386 M * Bertl yep, the create will 'start' it 1170308400 M * Bertl well, actually once the mapping is there, it 'just' works 1170308467 M * pflanze do I just call "dmsetup create mirrorvg-e5_mysql" and feed it the above two lines from dmtable setup|grep.. ? 1170308486 M * Bertl yes, that should work 1170308492 M * pflanze ok, let me try 1170308650 Q * [Che]eDog|ZzZzZ Ping timeout: 480 seconds 1170308748 M * pflanze root@elvis root# chcontext --xid 1005 -- dmsetup create mirrorvg-e5_mysql 1170308748 M * pflanze device-mapper: version ioctl failed: Keine Berechtigung 1170308748 M * pflanze Incompatible libdevmapper 1.02.02 (2005-12-02)(compat) and kernel driver 1170308748 M * pflanze Command failed 1170308758 M * pflanze well so I'll have to add that capability first i gues 1170308783 M * Bertl the guest is running, I presume? 1170308793 M * pflanze yes 1170308798 M * pflanze I can shut it down 1170308812 M * Bertl if you shut it down, the chcontext should get the permissions 1170308818 M * Bertl s/get/have/ 1170309199 M * pflanze Ok, now it works. Thanks, Bertl! 1170309222 M * Bertl np 1170309999 M * pflanze (btw, forgot to mention that I had to strip the name from the dmsetup table lines (something like s/^.*?://); just for completeness) 1170310010 M * Bertl right 1170313733 Q * cdrx Ping timeout: 480 seconds 1170315723 M * Bertl okay, off to bed now ... have a good one everyone! cya! 1170315727 N * Bertl Bertl_zZ 1170316453 J * ybanafa ybanafa@89.189.66.185 1170316732 M * ybanafa Hi All .. my uname -a [Linux deb 2.6.17.14-grsec2.1.9-vs2.0.2.1 #3 SMP Tue Jan 30 20:37:26 AST 2007 x86_64 GNU/Linux] I cannot install sid vserver [getting cannot install base-config] ? How Can add vserver etch ? .. Thanx an advance 1170317204 M * ybanafa plz, Help me . . my uname -a [Linux deb 2.6.17.14-grsec2.1.9-vs2.0.2.1 #3 SMP Tue Jan 30 20:37:26 AST 2007 x86_64 GNU/Linux] I cannot install sid vserver [getting cannot install base-config] ? How Can add vserver etch ? .. Thanx an advance 1170317406 J * q\ ~java@avr49-1-82-245-33-193.fbx.proxad.net 1170317411 M * q\ hi 1170317494 M * q\ is it possible to have a vserver network interface in dhcp mode ? 1170317602 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1170318189 M * ybanafa q\ : Yes with NAT 1170318227 M * q\ i mean how to configure my vserver to ask for dhcp ? 1170318255 J * id23 ~id@p50814034.dip0.t-ipconnect.de 1170318278 M * ybanafa q\: base-config 1170318316 M * q\ oh i see, from my vserver OS 1170318345 M * q\ so what should i do with my /etc/vservers/my_guest/interface/0/ip ? 1170318446 M * ybanafa auto eth1 1170318447 M * ybanafa iface eth1 inet dhcp 1170318476 M * q\ so the ip file act like an interface file 1170318484 M * ybanafa dhcp Only 1170318489 M * q\ didn't seem to :/ 1170318500 M * q\ ok thanks 1170318596 J * ntrs_ ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1170318621 Q * ybanafa Quit: using sirc version 2.211+KSIRC/1.3.11 1170318820 Q * ntrs Ping timeout: 480 seconds 1170319712 Q * cdrx Remote host closed the connection 1170320192 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1170320569 Q * shedi Quit: Leaving 1170323572 J * dna ~naucki@250-203-dsl.kielnet.net 1170326332 Q * Aiken Quit: Leaving 1170327972 J * shedi ~siggi@v10-222-142.lhi.is 1170329136 J * duckx ~Duck@tox.dyndns.org 1170329298 M * Guy- q\: I don't think this will work 1170329298 Q * derjohn Read error: Connection reset by peer 1170329310 M * Guy- q\: a vserver can't modify its IP address 1170329334 M * Guy- q\: so a dhcp client running in the vserver won't do any good 1170329370 M * Guy- q\: you'd have to run it on the host, somehow extract the lease information and configure the guest with it 1170329388 M * Guy- q\: however, I don't think there's a way to update the guest IP if the lease changes 1170329403 J * derjohn ~derjohn@80.69.41.2 1170329551 M * matti :) 1170329572 M * Guy- did I say something funny? :) 1170329628 Q * lilalinux__ Ping timeout: 480 seconds 1170329734 J * lilalinux__ ~plasma@dslb-084-059-009-202.pools.arcor-ip.net 1170330186 Q * thunder1 Ping timeout: 480 seconds 1170330207 J * thunder1 ~thu@tor-irc.dnsbl.oftc.net 1170331855 M * nox well CAP_NET_ADMIN should work but doesn?t enhance security (; 1170331933 M * nox dunno if there is a ccap for ip change only already 1170332105 M * matti Guy-: No, not at all. Just smiling :D 1170332581 M * Hollow matti: drugs ain't good ;) 1170332636 M * matti Hollow: Hyhy. 1170332646 M * matti :-) 1170332757 J * snowseal ~snowseal@84.244.180.190 1170332863 M * snowseal is there a 'Dynamic Kernel Module Support'-package for the vserver kernel patch? this would build and insert the modeule in a running kernel 1170332880 M * snowseal or does it really require a rebuild. 1170332905 M * Hollow snowseal: you cannot build vserver as a module 1170332916 M * matti No. You need to apply a patch. You cannot build it as a module unfortunately. 1170333316 M * Guy- btw, who would be the one to approach with a wichlist item for util-vserver? 1170333320 M * Guy- wishlist, even 1170333348 M * Hollow Guy-: daniel_hozac probably .. 1170333845 Q * lilalinux__ Quit: Leaving 1170333940 M * daniel_hozac and if you do it soon, it might even make it into 0.30.213 :) 1170334004 Q * Roey Ping timeout: 480 seconds 1170334484 Q * duckx Remote host closed the connection 1170334509 J * duckx ~Duck@tox.dyndns.org 1170334548 Q * duckx Remote host closed the connection 1170334571 J * duckx ~Duck@tox.dyndns.org 1170335050 M * Guy- daniel_hozac: it's going to take some explaining; irc or email? 1170335064 M * daniel_hozac IRC is fine for me. 1170335114 J * yarihm ~yarihm@whitehead2.nine.ch 1170335316 M * Guy- daniel_hozac: OK 1170335338 M * Guy- daniel_hozac: what I'd like is for runit and vserver to play together better 1170335376 M * Guy- daniel_hozac: specifically, it'd be nice to have a utility that does 'set up the context of vserver x if it doesn't exist yet; then, enter it and exec program y' 1170335426 M * daniel_hozac like vserver ... start --rescue y...? 1170335433 M * Guy- I'm not sure 1170335444 M * daniel_hozac (though that would likely fail if the context existed) 1170335449 M * Guy- then no 1170335464 M * Guy- vserver start isn't what I need anyway, because it has a concept of 'starting' a vserver 1170335465 M * daniel_hozac it really wouldn't be hard to write a wrapper that does --rescue if it doesn't exist, and exec if it does though... 1170335511 M * daniel_hozac starting the guest is required before using it is fully secure. 1170335514 M * Guy- is there a way for the host to send signals to processes running in vservers? 1170335532 M * daniel_hozac that's why you need vserver ----insecure ... exec ... to run programs in stopped guests. 1170335550 M * daniel_hozac sure, with vkill. 1170335577 M * Guy- the way I understand it, 'starting' a vserver just means setting is context and namespaces up 1170335579 M * daniel_hozac the spectator is also able to kill any process, IIRC. 1170335611 M * Guy- what exactly does 'starting' do, other than the above? 1170335626 M * daniel_hozac and setting up IP addresses, mounts, disk limits, cpusets, running scriptlets,... 1170335642 M * Guy- OK, in my world that's part of setting up the context :) 1170335643 M * daniel_hozac and that's just the fluff around the start. 1170335656 M * snowseal thanks Hollow and matti. 1170335662 M * daniel_hozac setting up the context is vcontext and vattribute. 1170335666 M * Guy- OK 1170335680 M * daniel_hozac well, i guess vsched and vnamespace would qualify too. 1170335701 M * Guy- I think I need to start at the beginning by explaining what runit is and what it does 1170335744 M * Guy- for our purposes here, let's just say there is a 'runsv' process that's responsible for keeping one particular service up, or sending it signals when instructed to do so 1170335762 M * Guy- this has a number of advantages over sysV init, I won't go into that here 1170335794 M * daniel_hozac is there any particular reason you don't just bring up the contexts persistently when the host boots, and then just use vserver ... exec? 1170335795 M * Guy- the thing is, runsv works by forking a child and expecting that child to eventually become the service it is supposed to monitor 1170335814 M * Guy- last time I tried, that didn't work 1170335821 M * Guy- sure, I can try again 1170335829 A * snowseal suggests a dkms (module) version of the kernel patch as a wishlist item to daniel_hozac. ;) 1170335851 M * daniel_hozac snowseal: Linux-VServer cannot be a module. it adds hooks, modifies existing code, etc. 1170335863 M * Guy- with vserver exec, will runsv's child be the actual program running in the vserver? 1170335878 M * Guy- i.e. vserver guest exec apache -F 1170335891 M * daniel_hozac yes, the scripts will exec the final command line. 1170335904 M * Guy- and ther will be no interim stuff like with vserver start? 1170335909 M * Guy- there 1170335920 M * daniel_hozac such as? 1170335921 M * snowseal expected something like that.. it would have been too nice to be true. ;) kay, good luck duded. /leaving 1170335934 M * Guy- /bin/bash /usr/sbin/chbind --silent --secure --nid 2 --ip 192.168.0.4/24 -- /usr/lib/util-vserve 1170335937 P * snowseal 1170335938 M * Guy- r/exec-ulimit /etc/vservers/squid/ulimits /usr/sbin/vcontext --create --silent --xid 2 -- /usr/sbin/vnamespace --set -- /usr/sbin/vlimit --dir /etc/vservers/squid/rlimits --miss 1170335941 M * Guy- ingok -- /usr/sbin/vsched --xid self --force -- /usr/sbin/vuname --xid self --dir /etc/vservers/squid/uts --missingok -- /usr/sbin/vuname --xid self --set -t context=/etc/vserve 1170335944 M * Guy- rs/squid -- /usr/sbin/vattribute --set --secure --flag default --flag fakeinit -- /usr/lib/util-vserver/save_ctxinfo /etc/vservers/squid /usr/bin/env -i PATH=/bin:/usr/bin:/sbin 1170335947 M * Guy- :/usr/sbin /usr/sbin/vcontext --migrate-self --endsetup --chroot --silent 1170335950 M * Guy- this 1170335968 M * daniel_hozac what about it? parts of it needs to be there, yes. 1170336010 M * Guy- the problem is that if I do vserver start, my child process is /usr/sbin/vnamespace --new -- /usr/sbin/vserver ----nonamespace 1170336034 M * Guy- when I send my child a signal, it doesn't arrive at the 'other end' (the process launched from cmd.start) 1170336037 M * daniel_hozac vserver.start doesn't exec its child. 1170336066 Q * thunder1 Ping timeout: 480 seconds 1170336089 J * thunder1 ~thu@tor-irc.dnsbl.oftc.net 1170336102 M * Guy- OK, I see vserver exec does what I need 1170336106 M * Guy- however 1170336121 M * Guy- it'd be nice if it could also 'start' the vserver in an idempotent way 1170336127 M * Guy- maybe add a switch or something 1170336138 M * daniel_hozac it's not safe. 1170336144 M * daniel_hozac that's why it needs ----insecure. 1170336154 M * Guy- how is that less safe than doing 'vserver start' separately? 1170336165 M * daniel_hozac because exec doesn't fully bring up the guest. 1170336169 M * daniel_hozac it can't, due to the way exec works. 1170336204 M * Guy- OK, so that's my wishlist item then :) maybe it could fork a child that 'brings up' the guest first, if it's not 'up' 1170336234 M * daniel_hozac you realize that's a 2-line shell script wrapper, right? 1170336234 M * Guy- I'd like this because it's more robust 1170336262 M * Guy- no, until now I didn't 1170336284 M * Guy- probably I still don't properly understand how to 'bring up' a guest without starting any process in it 1170336285 M * daniel_hozac vserver "$1" status &>/dev/null || vserver "$1" start; vserver "$@" 1170336295 M * daniel_hozac ... persistent. 1170336341 M * Guy- I can make it persistent by fiddling with a file under /etc/vservers, correct? 1170336351 M * daniel_hozac two files, yes. 1170336371 M * Guy- OK, and then I'd set cmd.start to /bin/true or something 1170336377 M * daniel_hozac yep. 1170336380 M * Guy- so I get an empty vserver context that's 'up' 1170336391 M * Guy- OK 1170336399 M * Guy- can the parent of vserver exec send a signal to its child? 1170336410 M * Guy- (which is running in the guest?) 1170336428 M * daniel_hozac if the parent is running in xid 0, not without using vkill. 1170336497 M * Guy- and if it's running in xid 1, will it be able to vserver exec? 1170336628 M * Guy- OK, let me rephrase my wish :) I need a 'signal relay' that runs in xid 0, execs a child in a vserver, and relays all signals it receives to the child, then exits if the child exits (but not until then) 1170336673 M * daniel_hozac that doesn't really sound like something that'd see a lot of use... ;) 1170336687 M * daniel_hozac also note that things like SIGKILL wouldn't work. 1170336692 M * Guy- well, it would be just the thing for us runit/daemontools fans 1170336697 M * Guy- sure, it won't work for sigkill 1170336719 M * Guy- shall I explain the use case? 1170336750 M * yarihm daniel_hozac: remember the opensuse-distro-definition you gave me? i'm running into some strange error here i didn't find much about with google: 1170336751 M * yarihm vserver -v opensuse build --interface opensuse=eth0:217.150.241.151/32 -m yum --initstyle plain -- -d opensuse10.2 1170336751 M * yarihm /etc/vservers/.defaults/vdirbase/opensuse: Function not implemented 1170336768 M * daniel_hozac are you running a vserver patched kernel? 1170336777 M * yarihm uh ... let me guess 1170336783 M * Guy- oops, lunchtime 1170336784 M * Guy- bbl 1170336791 M * yarihm oops, shametime here 1170336792 M * daniel_hozac Guy-: that sounds more like something you'd create locally... 1170337779 M * Loki|muh can someone tell my, why --defaulttty is used in /usr/lib/util-vserver/start-vservers? 1170337830 M * yarihm daniel_hozac: i ran into another problem, hopefully this time not such newbie-error related: 1170337832 M * yarihm entry-1111-sis:/etc/vservers# vserver opensuse start 1170337832 M * yarihm vshelper.init: can not determine xid of vserver 'opensuse'; returned value was '' 1170337840 M * Loki|muh as long as that option is used, I have a few guests in which apache and mysql will not be started 1170337850 M * Loki|muh any hints how to debug this? 1170337861 M * yarihm after having bootstrapped the vserver with your opensuse-distro-definition. i read about that error on the mailinglist, but to be honest, i do not understand the problem 1170337864 M * daniel_hozac yarihm: it means your guest isn't starting any service. 1170337882 M * daniel_hozac so it dies before start has completed. 1170337885 M * yarihm daniel_hozac: well, that's not nice ... 1170337911 M * yarihm daniel_hozac: should I maybe have set the initstyle to something different? 1170337911 M * daniel_hozac yarihm: as i said before though, OpenSuSE is gonna need quite a bit of love before it works. 1170337924 M * yarihm daniel_hozac: yeah, you warned me :) can't complain 1170337931 M * daniel_hozac yarihm: initstyle plain would work around the issue. 1170337950 M * yarihm daniel_hozac: ok, i'll set it to plain then and see what happens ... 1170337994 M * Guy- daniel_hozac: this signal relay would allow runit running in xid0 to directly monitor and control services running in vserver guests, something that's not currently possible without error-prone workarounds 1170338033 M * daniel_hozac Loki|muh: do you have a defaulttty set? 1170338073 M * Guy- daniel_hozac: I've seen other people trying to bring runit and vserver together (in mailing list archives and irc chatlogs), so I think this feature would be useful to a wider audience than just me 1170338078 M * daniel_hozac Loki|muh: otherwise it should use /dev/null... 1170338182 M * Guy- daniel_hozac: if someone were to write it, could it be shipped with util-vserver? 1170338184 J * _dmax ~semaj@bl4-59-180.dsl.telepac.pt 1170338230 M * daniel_hozac writing it is not a problem, it should just be a couple of lines. 1170338315 M * Guy- oh 1170338318 M * Loki|muh daniel_hozac: where can I set it? i search the wiki for defaulttty and the only hit was the bash-completion ;) 1170338366 M * daniel_hozac /etc/vservers//apps/init/tty or /etc/vservers/.defaults/apps/init/tty 1170338415 M * Loki|muh no, isn't set anywhere 1170338416 M * Guy- daniel_hozac: it might be a bit more complex than it looks; there is an issue with file descriptors 1170338429 M * Loki|muh daniel_hozac: should the tty be set? 1170338455 M * Guy- daniel_hozac: but no, on second thought, there isn't 1170338466 M * daniel_hozac Loki|muh: so your services don't come up if stdin/stdout/stderr refer to /dev/null? that sounds wrong... does executing /etc/init.d/ start < /dev/null &> /dev/null work? 1170338474 M * Guy- daniel_hozac: so, if it's not a big deal, do you think you'll do it? 1170338534 M * Loki|muh daniel_hozac: the funny thing is that the problem only occurs with some guests, not with all... I will try that 1170338536 Q * dmax Ping timeout: 480 seconds 1170338540 N * _dmax dmax 1170338544 M * daniel_hozac Guy-: i have no way of testing it. 1170338560 M * Guy- daniel_hozac: I hereby formally volunteer :) 1170338657 M * yarihm daniel_hozac: well, i now got it booting with initstyle plain ... there is not much use of what is inside this vserver though, it seems that it lacks almost all essential stuff for some reason, not even yast is installed :) seems really like quite a thing to invest love in... 1170338699 M * daniel_hozac yarihm: you could vyum -- install stuff. 1170338823 M * Loki|muh daniel_hozac: ah found the problem /dev/console was nonexistent. when i linked it to tty, everything's fine :) 1170338848 M * yarihm daniel_hozac: trying ... gotta get the names of the packages first ... 1170339152 M * Loki|muh strange thing that some daemons need /dev/console to start properly 1170339186 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1170339771 J * [Che]eDog ~edog@91.149.146.84 1170339934 M * daniel_hozac Guy-: http://people.linux-vserver.org/~dhozac/t/signal-relay.c 1170341964 Q * gab Quit: Leaving 1170342764 Q * cehteh Ping timeout: 480 seconds 1170343153 M * Guy- daniel_hozac: thanks, will try it soon 1170343334 M * yarihm daniel_hozac: ok, i got it running now more or less ... init-stuff is still obscure, but somehow it works more or less. i get a kernel-oops when i shut down the vserver ... should i be worried? 1170343356 M * daniel_hozac yarihm: Debian etch kernel, 2.6.18-3? 1170343407 M * yarihm daniel_hozac: yes 1170343445 M * daniel_hozac yarihm: it's broken. upgrade to 2.6.18-4, which should be in sid now. 1170343459 J * adrien-modulis ~adrien@ip228.modulis.ca 1170343461 M * yarihm ok, thanks 1170343467 M * adrien-modulis Hi everyone 1170343504 M * daniel_hozac hello 1170343615 M * adrien-modulis is it possible to easily top the bandwidth of a vserver ? 1170343657 M * daniel_hozac "top the bandwidth"? meaning limit it? 1170343661 M * adrien-modulis yes 1170343670 M * adrien-modulis like maximum 3 mbit for a vserver 1170343696 M * daniel_hozac iptables/QoS should be able to do that. 1170343713 J * FireEgl Proteus@2001:5c0:84dc:1:211:9ff:feca:b042 1170343721 M * daniel_hozac probably using QoS would be more appropriate. 1170343822 M * adrien-modulis Ok I see 1170344326 J * shuri ~shuri@hq01.electronicbox.net 1170345686 M * q\ ok Guy-, that's what I was thinking, thank you ! 1170345750 M * Guy- np 1170345775 M * daniel_hozac q\: DHCP for guests? Jacques tools allow that. 1170345791 M * q\ hum 1170345896 M * daniel_hozac (certain cases aren't handled yet though, if i understood our last discussion correctly) 1170345925 M * q\ ok, I'll have a look at that 1170345930 Q * Roey Ping timeout: 480 seconds 1170346015 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1170346097 M * adrien-modulis Question, is there a difference between the rlimit/cpu and the cpu scheduler ? 1170346170 M * adrien-modulis I have ten servers on a host, echo 10 > /etc/vservers/name/rlimits/cpu; will it "cap" the vserver to use only 10% of the ressources ? 1170346176 M * daniel_hozac rlimits/cpu doesn't work. 1170346182 M * adrien-modulis ok 1170346197 M * daniel_hozac if it did, it would limit the guest to 10 (milli)seconds of CPU time. 1170346202 M * daniel_hozac and after that, the guest would be useless. 1170346206 M * adrien-modulis ok 1170346212 M * daniel_hozac so, it doesn't make much sense. 1170346223 M * adrien-modulis Ok I understand 1170346229 Q * duckx Quit: Client exiting 1170346232 M * adrien-modulis so where do we set the cpu-scheduler 1170346239 Q * FireEgl Remote host closed the connection 1170346275 M * daniel_hozac depending on your util-vserver version, /etc/vservers//sched or /etc/vservers//schedule 1170346285 M * adrien-modulis ok 1170346534 Q * DreamerC Quit: leaving 1170346623 Q * Roey Ping timeout: 480 seconds 1170346668 M * Guy- daniel_hozac: signal-relay seems to work like a charm, thanks a lot 1170346684 M * Guy- daniel_hozac: I can write a wiki page on how to use it 1170346711 N * Bertl_zZ Bertl 1170346715 M * Bertl morning folks! 1170346719 M * Guy- hi Bertl 1170346727 M * daniel_hozac morning Bertl! 1170346754 M * adrien-modulis I have 0.30.212, What do I put inside thoses files ? I haven't found any documentation 1170346758 M * adrien-modulis Hi Bertl 1170346773 M * daniel_hozac adrien-modulis: http://linux-vserver.org/CPU_Scheduler 1170346905 M * adrien-modulis This one I read it 1170346910 M * adrien-modulis but I've just found 1170346911 M * adrien-modulis http://oldwiki.linux-vserver.org/Scheduler+Parameters 1170346927 M * daniel_hozac that's not the suggested way anymore. 1170346933 M * adrien-modulis shit 1170346934 M * daniel_hozac and will not be supported for 0.30.213+. 1170346944 M * daniel_hozac (hmm, did i remove that already?) 1170346963 M * adrien-modulis but the link you sent me doesn't tell what to put in thoses files 1170346978 M * daniel_hozac yes it does. 1170346989 M * daniel_hozac the terminology used is the same as that on the flower page. 1170347127 M * Bertl http://vserver.13thfloor.at/Experimental/SYSCALL/syscall_shiny13.h 1170347130 J * DreamerC ~dreamerc@125-225-97-49.dynamic.hinet.net 1170347143 M * Bertl (should handle alpha, arm, x86 and x86_64 for now) 1170347214 M * Bertl once we have sparc and ppc done, I think it is time for broader testing ... 1170347509 J * stefani ~stefani@tsipoor.banerian.org 1170347620 P * adrien-modulis 1170347624 J * duckx ~Duck@tox.dyndns.org 1170347647 M * Bertl welcome stefani! duckx! 1170347656 M * stefani salut encore. 1170347659 M * Bertl wb DreamerC! 1170347942 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1170348098 M * Bertl daniel_hozac: do you remember, who was having the sparc issues? 1170348114 M * daniel_hozac which ones? 1170348125 M * Bertl with the syscall result being overwritten 1170348131 M * daniel_hozac nebuchadnezzar, IIRC. 1170348137 M * Bertl ah, right! 1170348142 M * Bertl nebuchadnezzar: ping? 1170348408 M * Bertl daniel_hozac: I take it, jfs is incomplete on 2.6.16.38? 1170348908 Q * Roey Ping timeout: 480 seconds 1170348969 M * daniel_hozac yeah, right, i forgot to release the updated patch... 1170349475 M * daniel_hozac ok, uploaded and mail sent. 1170349490 M * Bertl excellent! tx! 1170349631 M * Guy- daniel_hozac: I have three more minor wishes, can you grant them? :) 1170349645 M * daniel_hozac depends on what they are, i suppose. 1170349647 M * Guy- daniel_hozac: #1: signal-relay should prefix its messages with "signal-relay: " 1170349665 M * Guy- daniel_hozac: #2: it should exit(111) if it has internal trouble (convention of the runit world) 1170349690 M * Guy- daniel_hozac: #3: a -P switch that causes the child to be put into its own process group and signals being relayed to that process group would be nice 1170349749 M * Bertl hehe, and of course, it's not correct if it doesn't carry DJB's copyright :) 1170349774 M * Guy- let's just leave sleeping DJBs lie :) 1170349806 M * Guy- (runit is (c) Gerrit Pape, btw :) 1170349917 M * daniel_hozac i have to admit that process groups are still a rather unfamiliar concept for me. 1170349937 M * FaUl mh, dan seemed not to be sleeping this morning ;-) 1170349954 M * Guy- from what I gather, it's a matter of calling setsid() to become session leader 1170349991 M * Bertl Guy-: obviously depends on what runit you mean, as I just found: http://www.go-runit.com/ 1170350007 M * Guy- Bertl: http://smarden.org/runit 1170350017 M * Guy- or apt-cache show runit 1170350018 M * Bertl I know, tx ... 1170350028 Q * shedi Quit: Leaving 1170350055 M * Bertl Guy-: and I'm happy that the runit-world now can use Linux-VServer too 1170350100 M * Guy- Bertl: it could so far too, it's just a nicer, cosier feeling with the new signal-relay and persistent contexts :) 1170350151 M * Bertl but probably you are the person to explain to me the advantages of runit over sysv? 1170350159 M * daniel_hozac Bertl: can we kill process groups with vc_ctx_kill? or does that happen automatically by killing the leader? 1170350178 M * daniel_hozac (can you tell i've never really dealt with them? :)) 1170350192 M * Bertl we have no pg mechanism in place in vkill 1170350213 M * Bertl if the leader is killed, that should send a signal to the group too 1170350222 M * Guy- uhm 1170350227 M * daniel_hozac okay. 1170350228 M * Bertl but be could add specific process/session signals too 1170350230 M * Guy- not outside vserver 1170350261 M * Guy- normally, you kill(-PGID) to send a signal to the pg led by a process with PID==PGID 1170350265 M * daniel_hozac or is it -? 1170350270 M * Guy- yes 1170350309 M * Bertl as I said, session/pg kills are not implemented for now 1170350321 M * Bertl but the range is not used, atm, so it could be extended 1170350354 M * Guy- does that mean that even inside a vserver, it's impossible to kill a process group? 1170350361 M * daniel_hozac no 1170350364 M * Guy- or just that vc_ctx_kill can't do it? 1170350370 M * daniel_hozac it just means that we'd have to migrate into the context to do it. 1170350375 M * Guy- ic 1170350380 M * daniel_hozac (which i suppose would be possible) 1170350397 M * Guy- OK, it's not _that_ important, I guess this feature can wait until vc_ctx_kill can handle PGs 1170350412 M * Guy- it's just something that's nice to have 1170350419 M * Bertl how many services do you run per guest? 1170350441 M * Guy- between 1 and oh, about 6 I guess 1170350469 M * Bertl hmm, I've read the backlog, but I still don't get why you have the runit running outside the guest? 1170350484 M * Guy- I have runit running outside the guest anyway 1170350484 M * daniel_hozac yeah, that seems somewhat strange to me too. 1170350505 M * Guy- I don't use vserver to host for 3rd parties 1170350517 M * Guy- I use it to partition servers that do many different things 1170350525 M * Bertl it would only make sense to put the runit on the host if there is _one_ service per guest 1170350534 M * daniel_hozac Bertl: btw, i've been meaning to ask you, do you know of a definitive way to get the highest available CPU id? 1170350541 M * Guy- Bertl: I don't agree 1170350555 M * Bertl Guy-: okay, then please enlighten me ... 1170350571 M * Bertl daniel_hozac: userspace? 1170350571 M * Guy- Bertl: if runit is inside the guest, it's difficult to control individual services from the host 1170350572 M * daniel_hozac Bertl: or does CPU hotplug renumber them? 1170350577 M * daniel_hozac Bertl: yeah. 1170350584 M * Guy- Bertl: and you can't easily shut down a running guest 1170350586 Q * id23 Ping timeout: 480 seconds 1170350599 M * Guy- Bertl: (within the runit paradigm anyway) 1170350628 M * Bertl daniel_hozac: probably parsing proc is the simplest 1170350639 M * Bertl daniel_hozac: (but checking now) 1170350641 M * Guy- Bertl: whereas with runit running on the host, the matter of running a service inside a vserver becomes just one other variable of process state you have to set up before launching it 1170350661 M * Guy- Bertl: like uid/gid, environment, resource limits etc. 1170350703 M * Guy- Bertl: what I did so far was what I also documented on the wiki, under init-styles; to have cmd.start start a 'runsvdir' process inside the vserver and to monitor that using runit running on the host 1170350705 M * Bertl but why not put that (including the runit) into the guest? init/minit works fine inside a guest too, no? of course, we could also put it outside :) 1170350735 M * Guy- Bertl: if I put it inside the guest, it becomes unnecessarily complex to query the status of individual services on the host 1170350747 M * Guy- Bertl: imagine I have a squid service, running in a guest 1170350758 Q * duckx Remote host closed the connection 1170350786 M * Guy- Bertl: with the proposed signal-relay mechanism, I can just do sv status squid, and it tells me if squid is running; I can sv restart squid to restart it; the logs it writes to stdout/stderr are caught by an svlogd running on the host 1170350790 J * duckx ~Duck@tox.dyndns.org 1170350818 M * Guy- Bertl: if I put runit inside the guest, I have a vserver-squid service, but I can't easily query the status of the actual squid service, nor can I easily send it signals from the host 1170350839 M * Bertl Guy-: how would that differ from checking if the entire guest is running? or restarting the guest? 1170350843 J * donuto eb456e0840@83.149.112.45 1170350852 M * Guy- Bertl: I have to wrap it all into 'vserver exec's, and I also have a superfluous runsvdir running with no obvious benefit 1170350875 M * Guy- Bertl: the guest might be running, but the squid inside might not 1170350896 M * Bertl if you do not make it persistent, no 1170350898 M * Guy- Bertl: and if I sv restart vserver-squid, the TERM signal doesn't actually reach the runsvdir inside the guest, it just kills vnamespace on the host 1170350901 M * donuto hi ! Can some one recommend a working document for setting up openvpn in a vserver for multiple roadwarriors ? thanks 1170350958 M * Bertl donuto: basic concept is to create the tun/tap persistent, then just use them inside ... all addresses have to be assigned to the guest, either statically or on demand 1170350983 M * Guy- Bertl: also, I have a vserver with cupsys and samba inside; if I just want to restart cupsys, I don't want to restart the entire guest, because that would kill the samba sessions too 1170351005 M * Bertl Guy-: that's because you are mixing services 1170351033 M * Guy- samba is made up of two services anyway, smbd and nmbd 1170351062 M * Guy- how do I send a hup signal to smbd to re-read its configuration? 1170351070 M * Guy- sv hup vserver-samba doesn't do that 1170351077 M * donuto Bertl, ok, but i read that it's not possible to create a tun for working with a vserver ? The setup would be to use 1 ip address, so each roadwarrior gets a private ip .... not sure if this work 1170351091 M * Bertl Guy-: don't get me wrong, I'm fine with whatever you do, but it looks more like you want to change runit to handle services distributed over several guests 1170351094 M * Guy- sure, vserver samba exec sv hup smbd does, but that's not portable 1170351123 J * id23 ~id@p50812267.dip0.t-ipconnect.de 1170351130 M * Guy- Bertl: no, I'm honestly trying to explain why I feel my approach is better than having a separate runit inside each guest :) 1170351146 M * Bertl donuto: you can easily assing 10 private ips to a guest, and use them on 10 different tun devices 1170351161 M * Guy- for example, this hup thing is trivial with signal-relay: sv hup vserver-samba-smbd, and voila 1170351182 M * daniel_hozac donuto: does the road warrior config create one interface per client? 1170351202 M * Guy- plus I needn't separately worry about logging inside the vservers because service logs are trivially gathered on the host (or in a different vserver if I want) 1170351255 Q * gerrit Ping timeout: 480 seconds 1170351275 M * Guy- Bertl: and while one way to do all this would indeed be changing runit, signal-relay does the job just fine, and apparently it was pretty easy to write too 1170351315 M * donuto Bertl, i am not sure, just researching if it will work like this: roadwarrior 1 connect to openvpn in vserver, gets private ip and can surf,mail,ftp 1170351329 M * donuto (also for danial_hozac ) 1170351344 M * Bertl daniel_hozac: hack: use the sys_sched_getaffinity on init, it should give you the online cpus :) 1170351357 M * daniel_hozac donuto: i don't see why not. 1170351409 M * Bertl donuto: I don't know either, as I do not know roadwarrior :) 1170351454 M * Guy- Bertl: I think he means 'road warrior', as in 'person whose IP changes all the time' :) 1170351483 M * donuto daniel_hozac so it should work i gues, but this is with tun or tap ? or both ? 1170351501 M * donuto Bertl, i don't know him too, yet :p 1170351519 M * Guy- donuto: it shouldn't matter so long as you don't need/want/try to change the interface configuration from inside the guest 1170351597 M * daniel_hozac donuto: i don't think tun or tap would matter, but derjohn's entry on the FAQ suggests tun didn't work for whatever reason... 1170351633 M * Bertl donuto: well, the name doesn't matter (tun/tap) the question is more, layer 2 or layer 3 1170351649 M * donuto oh ok, cause i only wish to make it work like a simple NAT setup 1170351651 M * Bertl donuto: by default, tap refers to layer 2 while tun is layer 3 1170351660 M * donuto i see now 1170351664 M * donuto didn't know 1170351670 M * derjohn daniel_hozac, it's long time ago, but IIRC it had to do with the peer-address-bug in interfaces/0/ip ... there was (is?) as mask falsely checked by the tools. 1170351681 M * Bertl donuto: and yes, private ips can be processed with simple NAT rules 1170351750 M * donuto ok thank you all, i will experiment on old computer here, if you know of anything i must keep an eye on please let me know 1170351759 M * Guy- donuto: I've always found that a tap setup is easier to implement and maintain than tun 1170351817 M * Bertl donuto: just don't think VMware, think Linux(-VServer), then networking becomes simple ... 1170351880 M * Guy- Bertl: I think that statement would have confused me a lot when I was completely new to vserver :) 1170351884 M * daniel_hozac donuto: the FAQ entry should be fine. 1170351890 M * Bertl Guy-: I'm using tun setups exclusively for all my 'ip' tunnels, as the overhead is smaller and I do not need to transport non-ip traffic 1170351956 M * Guy- Bertl: sure, but it somehow feels 'kludgy' to me, there are all sorts of limitations (wasn't the something with a minimum netmask of /30 on windows?), you can't bridge, ... 1170351974 M * Bertl on what? 1170351979 M * Guy- Bertl: to me, a tap interface is clean and plain, it's just a new ethernet port 1170352007 M * Guy- Bertl: 'on windows'? 1170352016 M * Guy- Bertl: or what do you mean, 'on what'? 1170352035 M * donuto i will remember that, 1170352035 M * donuto thanks again ! :P 1170352048 M * Bertl Guy-: I do not use tunnels on my windows :) 1170352076 M * Guy- Bertl: lucky you :) 1170352090 M * Bertl curtains yes, maybe I put flowers there ... 1170352139 M * Guy- Bertl: and no doubt you close, or at least minimize them for the night? :) 1170352163 M * Bertl I definitely close them all for the night :) 1170352200 J * derjoerg ~Miranda@199.42.240.136 1170352209 M * Bertl welcome derjoerg! 1170352215 M * derjoerg hi all 1170352271 M * derjoerg derjohn: hi, do you made any progress in building the actual vserver-sources with ubuntu dapper? 1170352346 M * derjohn derjoerg, nope, not yet. It's even worse: the current vserver patches only apply to current vanuilla sources, but not 2.6.15 .... (or what kernel did dapper useß?) 1170352371 M * Bertl 2.6.15? 1170352380 M * Bertl are we going back in time here? 1170352402 M * Bertl derjohn: you might want to take a look at daniel's 2.6.16.38 version? 1170352445 M * q\ daniel_hozac> I'm sorry to bother you, but I only found that page about vserver as dhcp client 1170352445 M * q\ http://www.solucorp.qc.ca/changes.hc?projet=vserver&version=all 1170352457 M * q\ but that's with old config style 1170352458 M * derjohn Bertl, i just look it up: t 2.6.17.6-ubuntu1-amd64-vs211-rc29 1170352461 M * Bertl ah, hi q\! 1170352463 M * derjoerg derjohn: yes, its 2.6.15 ;-( 1170352466 M * q\ and i didn't found where to set it in new config 1170352466 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1170352474 M * q\ hi Bertl 1170352487 M * daniel_hozac q\: jacques' utils don't support the new config style. 1170352488 M * q\ ! :) 1170352502 M * derjohn derjoerg, hm, not 2.6.17 ? I am confused ! 1170352504 M * Bertl q\: dhcp was/is? supported by jacques' too version 1170352512 M * q\ so there's no way to do it with new config style ? 1170352517 M * daniel_hozac not yet. 1170352528 M * q\ ohhh ok ! 1170352528 M * Bertl q\: but it should be easy for you to add 1170352543 M * derjohn derjoerg, check uname -a on your dapper ... I think my brain got sieve-ish ... 1170352547 M * Bertl q\: and maybe it will be added to util-vserver too at some point 1170352556 M * Bertl (given there is enough interest and testing) 1170352559 M * q\ I'll be waiting :) 1170352568 M * derjoerg derjohn: sorry, you are right. ubuntu dapper shipps official with 2.6.15, but the last kernel from you is the mentioned by you 1170352571 M * derjohn but maybe Bertl's hint with daniels 2.6.16 might be a good start 1170352585 M * q\ thanks 1170352600 M * Bertl q\: while waiting is the easy approach, doing would be the better one :) 1170352601 M * q\ I'll have a look at how I may help :) 1170352614 M * q\ yep 1170352645 M * Bertl AFAIK, most dhcp clients support client identifiers and have a way to report the results, instead of blindly setting them 1170352656 Q * _cob Ping timeout: 480 seconds 1170352672 M * Bertl so the first step would be a simple script to use the vserver name to request an ip 1170352703 M * Bertl that could then, maybe together with an update? script, be execute before the actual guest startup 1170352730 M * derjohn derjoerg, root@ubuntu:~# apt-cache search linux-image-2.6 1170352730 M * derjohn linux-image-2.6.17-10-generic - Linux kernel image for version 2.6.17 on x86/x86_64 1170352783 M * derjohn derjoerg, argh ... deb http://archive.ubuntu.com/ubuntu edgy main universe multiverse .... it was edgy ! 1170352807 M * derjohn I wonder if my kernel did work in dapper, too ? 1170352847 M * derjoerg derjohn: actually I'm using 2.6.17.6-ubuntu1 on dapper 1170352873 Q * shuri Remote host closed the connection 1170352888 M * Bertl okay, off for a few hours ... back later ... 1170352893 N * Bertl Bertl_oO 1170352897 M * q\ see ya 1170352905 N * jbailey-afk jbailey 1170352958 M * daniel_hozac q\: looking at how jacques' tools do it and then adding something similar to util-vserver shouldn't be too hard. 1170353037 M * daniel_hozac (and if you need any help, just ask) 1170353114 M * q\ yes, thanks, I'll do that during this night 1170353245 M * derjoerg derjohn: VS-API: 0x00020102, util-vserver: 0.30.212 1170353325 M * derjohn derjoerg, I remember that I did it for edgy only, as I wanted mark to include it in edgy (edgy wasnt released at that time) 1170353335 M * derjohn on dapper I used vanilla kernels ... 1170353436 M * derjoerg derjohn: do you have a recommendation, which vserver release to use? 1170353518 M * donuto //quit 1170353545 Q * donuto Quit: leaving 1170353595 M * daniel_hozac derjoerg: 2.2.0-rc9. 1170353714 M * derjoerg so I should build vanilla kernel 2.6.19.2 together with vs 2.2.0-rc9 !?! 1170353734 M * derjohn derjoerg, yes, A good choice ! 1170353805 M * derjoerg ok, I will try (this will be my first kernel-build 1170354063 M * derjohn with edgy there was the problem that the softraids did not come up .. I think they used the dm-way , but I am not really sure. 1170354249 M * derjoerg derjohn: oh, do I understand this right, there are problems with softraids? I'm using softraid 1170354292 M * derjohn derjoerg, yes, with edgy. Thats why I didnt use vanilla-based kernels with edgy. with dapper there is no problem. 2.2.0-x is a good choice there. 1170354323 M * derjoerg derjohn: puh, ok 1170354572 J * cehteh ~ct@pipapo.org 1170355069 M * derjoerg derjohn: after running "make menuconfig" I get a lot of errors like "scripts/kconfig/lxdialog/checklist.c:312: error: 'KEY_RESIZE' undeclared (first use in this function)" ?? 1170355274 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1170355425 M * daniel_hozac do you have ncurses-dev installed, or whatever the package is called in your distro? 1170355589 M * derjoerg daniel_hozac: thanks, that was the problem 1170355694 M * derjoerg in the menuconfig-dialog, are there all necessary options selected for vserver? 1170355713 Q * yarihm Quit: Leaving 1170355774 M * daniel_hozac have you imported a config? 1170355783 M * daniel_hozac starting with e.g. derjohn's config might be a good idea. 1170355827 M * derjoerg yes, I've imported config-2.6.17.6-ubuntu1 1170355992 M * derjoerg but when running make oldconfig, I get a lot of ".config:XXXX: trying to assign nonexistent symbol YYYYY" XXXX is a line-number, I think, YYYYY is e.g. UNION_FS 1170356109 J * shedi ~siggi@ftth-237-144.hive.is 1170356443 M * daniel_hozac right. 1170356446 M * daniel_hozac that's expected. 1170356552 M * derjoerg do I need also a new util-vserver? 1170356570 J * Roey ~katz@h-69-3-4-130.mclnva23.covad.net 1170356570 M * derjoerg or can I use the existing one? 1170356610 J * jmcaricand ~kvirc@d90-144-46-122.cust.tele2.fr 1170356948 J * shuri ~shuri@hq01.electronicbox.net 1170357409 M * derjoerg it is 0.30.212 1170357903 M * derjoerg ok, anyway. thank you daniel_hozac and derjohn I'll try it and come back even with a success or a disaster, and write it here 1170357935 Q * q\ Ping timeout: 480 seconds 1170358008 Q * derjoerg Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org 1170358348 J * dm8tbr dm8tbr@dk0td.afthd.tu-darmstadt.de 1170358444 J * q\ ~java@avr49-1-82-245-33-193.fbx.proxad.net 1170358873 J * dreamind ~dreamind@C2107.campino.wh.tu-darmstadt.de 1170358875 Q * dreamind Remote host closed the connection 1170359288 M * dm8tbr anyone got an idea if it is possible to use a tun device to get ipv6 into an vserver? 1170359645 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1170359811 M * daniel_hozac dm8tbr: hmm? you'd need to use the IPv6 patch anyway. 1170359913 M * dm8tbr daniel_hozac: i expected that, yes. but would it be possible to have the 6-in4-tunnel end in the vserver? 1170360196 Q * sladen Ping timeout: 480 seconds 1170360340 J * sladen paul@starsky.19inch.net 1170360804 J * FireEgl Proteus@2001:5c0:84dc:1:211:9ff:feca:b042 1170360875 M * daniel_hozac dm8tbr: you'd need to set it up on the host. 1170361285 M * dm8tbr as far as i've read it is possible to have openvpn tunnels terminate inside a vserver. is this correct? or did i missunderstand something 1170361310 M * daniel_hozac yep. 1170361407 J * Piet hiddenserv@tor.noreply.org 1170361580 M * dm8tbr so i guess it should be possible using the v6 patches and an accessible tun device 1170361913 Q * Piet Ping timeout: 480 seconds 1170363952 M * Guy- daniel_hozac: where do I get the new util-vserver from, so I can play with persistent contexts? svn? 1170363975 M * daniel_hozac sure, or http://people.linux-vserver.org/~dhozac/p/uv/experimental/util-vserver-0.30.213-rc1.tar.bz2 1170363986 M * Guy- the tarball will do nicely, thanks 1170364573 J * Aiken ~james@ppp220-70.lns2.bne1.internode.on.net 1170364843 J * yarihm ~yarihm@84-75-123-221.dclient.hispeed.ch 1170364960 Q * dna Quit: Verlassend 1170365169 M * Guy- daniel_hozac: ah, what's the workaround for the stackprotector issue again? 1170365194 M * daniel_hozac -fno-stack-protector? 1170365312 M * Guy- no, that wasn't it 1170365315 M * Guy- I reread the old logs 1170365317 M * Guy- debian/rules binary CC='diet -Os gcc-4.0' 1170365323 M * Guy- this is what fixed it last time 1170365332 M * daniel_hozac you get it on Debian too? 1170365382 M * Guy- this is Ubuntu 1170365390 M * daniel_hozac ah, ok. 1170365591 M * Guy- wtf? 1170365592 M * Guy- usr/bin/ld: lib/.libs/lib_libvserver_la-capabilities.o: relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC 1170365595 M * Guy- lib/.libs/lib_libvserver_la-capabilities.o: could not read symbols: Bad value 1170365603 Q * marcfiu Quit: Download Gaim: http://gaim.sourceforge.net/ 1170365949 M * daniel_hozac btw, http://people.linux-vserver.org/~dhozac/t/signal-relay.c should have do the right thing now. 1170365960 M * daniel_hozac s/have // 1170365998 M * Guy- great, thanks 1170366041 M * daniel_hozac (i forgot about that vim session...) 1170366108 M * Guy- btw, it looks like it doesn't check the value of new_group and goes and setsid()s anyway 1170366136 M * daniel_hozac whoops. 1170366252 M * Guy- this stack protector issue is getting the better of me 1170366273 M * Guy- with the gcc-4.0 workaround, libeecrypt doesn't compile 1170366308 M * Guy- sorry, that was inaccurate; stuff that uses libeecrypt doesn't compile 1170366324 M * Guy- OK, let's try to build on debian... 1170366818 J * Piet hiddenserv@tor.noreply.org 1170367042 J * comfrey ~comfrey@70.91.185.84 1170367067 M * Guy- OK, that worked 1170367068 J * comfrey__ ~comfrey@70.91.185.84 1170367138 Q * comfrey_1 Ping timeout: 480 seconds 1170367172 Q * FireEgl Remote host closed the connection 1170367238 Q * comfrey_ Ping timeout: 480 seconds 1170367675 J * hatoon ~musis@189.12.136.10 1170367684 M * hatoon boa noite a todos 1170367695 M * hatoon alguem aqui saber usar ou ja usou o postfix 1170367742 M * daniel_hozac channel language is English. 1170367764 P * stefani I'm Parting (the water) 1170367782 P * hatoon 1170368017 J * EvilDI ~Snake@BSN-77-83-28.dsl.siol.net 1170368049 M * EvilDI hi, how can i set that vserver could use maximum of 20% of CPU ? 1170368101 M * daniel_hozac http://linux-vserver.org/CPU_Scheduler and see /etc/vservers//sched on the flower page. 1170368170 M * EvilDI am, and what exectly should i put in sched ? there is not any example 1170368232 M * EvilDI do i just enter 1170368238 M * EvilDI 1 1170368239 M * EvilDI 5 1170368266 M * daniel_hozac that'd work. 1170368289 M * EvilDI will this mean 1/5 of CPU 1170368313 M * daniel_hozac sure. 1170368345 M * EvilDI and in vserver will show if 20% CPU of main mascine is use, will show 100% CPU of vserver 1170368422 M * daniel_hozac i don't think so. 1170368441 M * EvilDI am where should sched be, in rlimits or in just /guest/ 1170368479 M * EvilDI am here http://oldwiki.linux-vserver.org/Scheduler+Parameters 1170368491 M * EvilDI it say that there has to be 6 lines 1170368495 M * EvilDI is that true 1170368505 M * EvilDI or is 2 enough 1170368658 M * daniel_hozac schedule is deprecated. 1170368662 M * daniel_hozac you should use the sched directory. 1170368703 M * EvilDI wait a min, is sched a direcotry or the file, if is directory, what else should i pu in 1170368725 M * daniel_hozac a directory. as the flower page shows. 1170368753 M * EvilDI what flower? 1170368804 M * daniel_hozac http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1170368913 M * EvilDI hm 1170368926 M * EvilDI and what is used for hard CPU limit of 1/5 cpu 1170369072 M * daniel_hozac a fill-rate of 1 and an interval of 5, no? 1170369075 M * EvilDI i still don't get where, in which files should be numbers written 1170369163 M * EvilDI but if i have dual core 1170369183 M * Guy- daniel_hozac: is 'vserver status' supposed to report one running process for an empty persistent context? 1170369184 M * EvilDI this then mean i have to choose 1/10 for 20% 1170369248 M * daniel_hozac Guy-: yes. 1170369264 M * Guy- OK 1170369272 M * daniel_hozac EvilDI: 1/10 would mean 10% of each CPU, yes. 1170369280 M * EvilDI ok ql 1170369331 Q * Piet Remote host closed the connection 1170369442 M * Guy- daniel_hozac: are all reported process numbers off by one then? 1170369450 M * daniel_hozac no. 1170369453 M * daniel_hozac just persistent contexts. 1170369465 M * daniel_hozac (i guess that could be fixed...) 1170369487 M * Guy- off by way more than one, btw 1170369500 J * Piet hiddenserv@tor.noreply.org 1170369502 M * Guy- with 15 running processes (ps axfu inside vserver), vserver status reports 30 1170369507 M * daniel_hozac hmm? 1170369517 M * Guy- I'm serious 1170369521 M * daniel_hozac what kernel is that? 1170369533 M * Guy- 2.6.19.2-vs2.2.0-rc8.7 1170369552 M * EvilDI am, i have one question more, i set rss.hard but when vserver reach the max of ram, process were just killed, and whole vserver stuck 1170369554 M * EvilDI why 1170369572 M * daniel_hozac because the OOM-killer strikes when you go over the hard limit. 1170369600 M * daniel_hozac Guy-: threads or anything like that? 1170369606 M * daniel_hozac Guy-: what kind of processes? 1170369616 M * Guy- squid 1170369616 M * EvilDI abd what can be done against this? 1170369625 M * daniel_hozac don't go over the limit? 1170369631 M * EvilDI hm 1170369631 M * daniel_hozac that's basically the point of the limit... 1170369633 M * Guy- daniel_hozac: how do I count threads? 1170369640 M * Guy- there was a ps switch... 1170369641 M * daniel_hozac Guy-: ps maux, e.g. 1170369645 M * Guy- ah 1170369664 M * EvilDI am where can i see if cPU limit take effect? 1170369666 M * Guy- OK, it's the threads 1170369680 M * Guy- but no 1170369691 M * Guy- I have 48 processes if I count threads 1170369698 M * Guy- and vserver status reports 30 1170369700 M * daniel_hozac EvilDI: /proc/virtual//sched 1170369731 M * daniel_hozac EvilDI: try to run a CPU hog in the guest, and check how much your CPUs are used. 1170369747 M * EvilDI FillRate: 1,1 1170369747 M * EvilDI Interval: 4,8 1170369747 M * EvilDI TokensMin: 62 1170369747 M * EvilDI TokensMax: 500 1170369747 M * EvilDI PrioBias: 0 1170369748 M * EvilDI cpu 0: 10274 1889 0 0 0 R- 250 62 500 1/4 1/8 0 0 1170369748 M * EvilDI cpu 1: 3265 880 0 0 0 R- 250 62 500 1/4 1/8 0 0 1170369758 M * EvilDI is this ok or not? 1170369771 M * daniel_hozac Guy-: could you paste the ps output? 1170369778 M * Guy- sure, a sec 1170369816 M * daniel_hozac EvilDI: that looks like you didn't set anything, btw, did you also set the sched_hard flag? 1170369841 M * Guy- daniel_hozac: http://paste.linux-vserver.org/1014 1170369873 M * daniel_hozac (wow, 4 digits. lots of spam, i guess...) 1170369877 M * EvilDI am i just add files to /etc/virtual/name/sched/ --> fill-rate and interval 1170369887 M * EvilDI what else should i do 1170369906 M * EvilDI how to set hard? 1170369950 M * daniel_hozac Guy-: i count 29. 1170369999 M * daniel_hozac (or 31? my basic math skills seem to suck right now) 1170370039 M * Guy- I'm not sure what lines to count 1170370080 M * daniel_hozac ok, 31. 1170370088 M * Guy- one of which is ps 1170370098 M * Guy- which isn't running when vserver status is 1170370101 M * Guy- so 30 is OK then... 1170370109 M * EvilDI daniel_hozac: sched_hard flag? where to set this? 1170370114 M * daniel_hozac EvilDI: in the flags file. 1170370125 M * Guy- daniel_hozac: but how do you come up with 31? 1170370138 M * daniel_hozac Guy-: you should only count the lines where command is - 1170370143 M * EvilDI do i rename file-rate and interval or what? 1170370181 M * Guy- OK, yes, 31 1170370223 M * Guy- doesn't this mean vserver status won't allow me to tell the difference between an empty persistent context and one with a single process in it? let's try... 1170370237 M * daniel_hozac does it matter? 1170370274 M * Guy- just academic interest :) 1170370275 M * daniel_hozac EvilDI: the sched directory works fine for me. 1170370284 M * Guy- but no, with a single process it reports 2 1170370290 M * EvilDI am what do you have in it 1170370336 M * daniel_hozac Guy-: only for persistent contexts. 1170370346 M * daniel_hozac Guy-: for a non-persistent context, it'd report 1. 1170370360 M * Guy- it doesn't really matter, I was just tinkering 1170370366 M * Guy- thanks for indulging me :) 1170370460 M * EvilDI daniel_hozac: could you tell me exectly what do you have in directory sched 1170370493 M * daniel_hozac echo 20 > /etc/vservers//sched/fill-rate; echo 40 > /etc/vservers//sched/interval is what i did. 1170370558 M * EvilDI i made same just number in fill-rate was 1 and in interval 10, is this not goor? 1170370561 M * EvilDI good? 1170370573 M * daniel_hozac what util-vserver version are you using? 1170370609 M * EvilDI vserver 0.30.204 1170370618 M * daniel_hozac well, that's why then. 1170370627 M * daniel_hozac you're using ancient utils, they don't support the sched directory. 1170370640 M * EvilDI aha so which version should i use 1170370646 M * EvilDI i get this one with my system 1170370654 M * EvilDI in debian 1170370655 M * daniel_hozac 0.30.212. 1170370672 M * daniel_hozac (should be available from backports) 1170370709 M * EvilDI am 1170370717 M * EvilDI ok i will check tomorrow 1170370720 M * EvilDI tnx for help 1170370884 M * daniel_hozac Guy-: vserver-stat shows the right values... 1170370907 M * Guy- indeed 1170370909 M * Guy- thanks 1170370916 M * daniel_hozac i'm not sure fixing vserver ... status is worth it. 1170370922 M * Guy- probably not 1170370956 M * Guy- OTOH, if it's just off by one for persistent contexts, it's just a matter of an if (persistent) { processes-- } or similar... 1170371025 M * daniel_hozac but that's really ugly. 1170371043 M * daniel_hozac (as persistent is not easily available) 1170371291 M * Guy- then I wouldn't bother 1170371362 M * Guy- about signal-relay... I'd also modify it to use kill() if the child is in the same context, or if we can't get the context of the child 1170371373 M * Guy- this would make it generic (would work without vserver) 1170371387 M * Guy- or with children that aren't running in guests 1170371449 M * daniel_hozac it should already work for that, IMHO. 1170371685 M * Guy- ah, it does 1170371754 M * Guy- and then again, it doesn't 1170371764 M * Guy- % ./signal-relay cat 1170371764 M * Guy- signal-relaysetpgrp: Operation not permitted 1170371764 M * Guy- signal-relayvc_get_task_xid: Function not implemented 1170371764 M * Guy- zsh: quit ./signal-relay cat 1170371788 M * Guy- the prefix is missing ": " from the end, but that's just cosmetic 1170371794 M * daniel_hozac heh, yeah. 1170371812 M * Guy- I don't think you need the setpgrp(), btw - chpst (a runit tool that also does process groups) doesn't invoke it 1170371833 M * daniel_hozac no setpgid either? 1170371847 M * Guy- let me check 1170371856 M * daniel_hozac interesting that it'd return EPERM though. 1170371870 M * daniel_hozac i assume you tried that on either a non-vserver host, or as a user? 1170371893 M * Guy- as a user 1170371905 M * daniel_hozac right. that's not gonna work for the vserver syscalls. 1170371909 M * Guy- if (pgrp) setsid(); 1170371914 M * daniel_hozac should work fine as root. 1170371927 M * Guy- this is what chpst does 1170371946 M * Guy- pgrp is an int that is set when -P appears on the command line 1170371946 M * daniel_hozac ok, i removed the setpgrp. 1170372131 M * Guy- beautiful 1170372170 M * Guy- only thing left: don't start if no child specified on command line :) 1170372271 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1170372281 J * ensc ~irc-ensc@p54B4DF36.dip.t-dialin.net 1170372293 Q * gerrit Ping timeout: 480 seconds 1170372316 M * daniel_hozac that should do it. 1170372564 M * Guy- still doesn't work as a user though 1170372569 M * daniel_hozac no. 1170372574 M * Guy- but I don't think that's important 1170372757 Q * yarihm Quit: Leaving 1170372863 J * dna ~naucki@14-215-dsl.kielnet.net 1170372951 Q * [Che]eDog Ping timeout: 480 seconds 1170373690 Q * EvilDI Quit: AnacønÐa · "Nature always sides with the hidden flaw" 1170373736 Q * dmax Ping timeout: 480 seconds 1170374159 Q * kevinp Quit: Leaving 1170374348 Q * s0undt3ch Ping timeout: 480 seconds 1170374368 J * s0undt3ch ~s0undt3ch@80.69.34.154