1171152442 M * pflanze Ok, so the problem has only persisted in rc kernels for about 10 (or a bit more) days. 1171152495 M * pflanze Still, it is clear by now that it is a dangerous bug, and nothing gives a clue about this on the ml or the wiki 1171152499 M * daniel_hozac for actual rcs, it was introduced on the 31st of january, and fixed on the 7th of february. 1171152519 M * pflanze Ok, maybe a bug crashing the kernel always deserves attention. 1171152537 M * pflanze But there are so many kernels with crashes.. 1171152550 M * pflanze I'm thinking about creating an information service, 1171152577 M * pflanze where one can subscribe and get information. Like my script, for a particular series of kernels, maybe with additional info by you guys. 1171152605 M * daniel_hozac that requires someone to keep it up to date... 1171152623 M * pflanze Yeah, that's the actual problem, really not sure I get that time. 1171152642 M * pflanze But somehow I'll *have* to invest that time anyway, right, if it's not really automatic. 1171152642 M * daniel_hozac i've only started doing the changelogs for 2.2 because it was a pain trying to remember what each subtle fix did months later. 1171152672 M * daniel_hozac (as i did with the 2.0 changelog) 1171152778 M * daniel_hozac i guess one of these days someone is gonna have to convince Bertl_oO to start using git ;) 1171152900 M * pflanze yes that would be a nice thing. Tracking changes. And knowing a sha1 sum which has been diffused prevents attackers from subverting Bert's server or the wiki links to the kernels also feels better. 1171153166 M * daniel_hozac i've been meaning to try using git for the 2.6.16-vs2.0 tree. 1171153209 Q * flewid Quit: Leaving 1171153510 M * matti :> 1171154729 M * daniel_hozac pflanze: btw, http://svn.linux-vserver.org/projects/util-vserver/changeset/2494 1171154740 N * Bertl_oO Bertl 1171154744 M * Bertl back now ... 1171154766 M * daniel_hozac morning Bertl! 1171154813 M * daniel_hozac you were right about the nebuchadnezzar issue, http://people.linux-vserver.org/~dhozac/p/m/delta-dietdirent-test01.diff seemed to fix it. 1171154873 M * Bertl excellent! good work! 1171154956 M * daniel_hozac the work is usually easy once you know what's wrong ;) 1171155138 M * pflanze Thanks for the notice, daniel 1171155413 M * Bertl ah, I feel funny, should we just do another rc then? :) 1171155472 M * daniel_hozac lol 1171155919 Q * dhansen Ping timeout: 480 seconds 1171155937 M * daniel_hozac ah, that reminds me, did hallyn ever talk to you? 1171156000 M * daniel_hozac he was looking for you last night, i think. 1171156422 J * dhansen ~dave@pool-72-90-117-15.ptldor.fios.verizon.net 1171156444 M * Bertl ah, no ... 1171156650 M * Bertl hallyn: ping? 1171156957 M * daniel_hozac pflanze: re: logging, could you try http://people.linux-vserver.org/~dhozac/p/uv/experimental/delta-logfile-test01.diff? 1171157227 Q * bonbons Quit: Leaving 1171158280 M * pflanze daniel_hozac: isn't this the wrong way round? If it's a file, then open stdin from /dev/null 1171158289 M * daniel_hozac uh, yeah. 1171158308 M * pflanze but thanks, I'll test 1171158309 M * daniel_hozac 02 has it right. 1171158505 Q * FireEgl Quit: ... 1171163581 Q * ||Cobra|| Ping timeout: 480 seconds 1171164108 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1171165644 J * olivierk_ ~olivier@olivierk.org 1171165753 Q * olivierk Ping timeout: 480 seconds 1171167096 Q * Johnsie Quit: G'bye! 1171167505 J * Aiken ~james@ppp118-50.lns1.bne4.internode.on.net 1171168102 M * Bertl evening Aiken! 1171168479 M * Aiken hello 1171168527 M * Aiken the system is finally behaving with briding and I have br0 br0:betty br0:bit-b 1171168581 M * cehteh heh bridging is fun ... after you get it working .. there are some strange things sometimes .. 1171168599 M * cehteh some nic's (wlan) just dont work with bridging etc ... 1171168625 M * Aiken I had 2 gateways and bridging gets rid of one 1171170348 J * cast ~cast@ppp197-9.lns1.adl4.internode.on.net 1171170372 M * Bertl welcome cast! 1171170377 M * cast greetings. 1171170517 M * cast now i'm using debian etch with etch's vserver pkgs, [util-vserver 0.30.211-6], in order to stop root from being able to break out of a vserver instance all that is neccessary is setattr --barrier /var/lib/vservers correct? that's what the wiki says, but the wiki doesn't specify what version of vserver that starts working at [older had something like chmod 000, chattr +t or something] 1171170574 M * Bertl well, that is really _quite_ old, i.e. 2.4 kernels with ancient tools 1171170584 M * cast vserver-info reports 'Kernel: 2.6.18-3-vserver-amd64, VS-API: 0x00020002, util-vserver: 0.30.211; Dec 5 2006, 02:23:50] 1171170595 M * cast ahh. so i'm sorted then :) 1171170598 M * Bertl the --barrier support is there for more than 2 years I guess 1171170606 M * Bertl (probably longer :) 1171170617 M * cehteh do we need the barrier with namespaces anyways? 1171170623 M * Bertl yes 1171170642 M * Bertl cast: I assume, the guests are located in /var/lib/vservers? 1171170672 M * cast Bertl: yes, each has their own directory in there 1171170744 M * Bertl okay, then you should be fine, given that your filesystem supports the barrier flag, of course 1171170810 M * cast yes...that was my next question. i set it with setattr, and showattr shows that its set. it's reiserfs [v3]. i guess its working, then 1171170880 M * Bertl most likely, it could be just shown, but not active 1171170907 M * cast lol. 1171170916 M * cast ill ask in #debian, 1171170926 M * Bertl but trying to access that dir from a context should give you a definite answer 1171170955 M * Bertl try something like 'chcontext --xid 666 - chmod +x /path/to/dir' 1171170975 M * Bertl you should get a kernel warning, that context 666 is messing with the barrier 1171171079 M * cast this is from inside the hmm, is that inside or outside vserver instance? 1171171090 M * Bertl on the host 1171171094 A * cast nods 1171171440 M * cast hmm. 1171171510 M * cast had to skip the -, but experimented on a few dirs. 'chmod +x /var/lib/' worked, 'chmod: changing permissions of `/var/lib/vservers/': Operation not permitted', 'chmod: cannot access `/var/lib/vservers/axv/': Permission denied' 1171171520 M * cast guess i have to read up on vserver more :) 1171171542 M * Bertl check dmesg 1171171552 M * Bertl and it was supposed to be -- instead of - :) 1171171553 J * DoberMann_ ~james@AToulouse-156-1-87-86.w86-196.abo.wanadoo.fr 1171171623 J * ntrs__ ~ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1171171659 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1171171742 M * cast nope, nothing in dmesg 1171171794 M * Bertl maybe the debian folks disabled that then ... 1171171844 Q * comfrey_ synthon.oftc.net electron.oftc.net 1171171844 Q * click synthon.oftc.net electron.oftc.net 1171171844 Q * derjohn synthon.oftc.net electron.oftc.net 1171171844 Q * eyck synthon.oftc.net electron.oftc.net 1171171844 Q * matti synthon.oftc.net electron.oftc.net 1171171848 A * cast nods 1171171859 M * cast not very important right now, just playing with these things 1171171935 Q * ntrs_ Read error: Connection reset by peer 1171172099 N * DoberMann_ DoberMann 1171172106 J * eyck eyck@kuszelas.com 1171172106 J * derjohn ~derjohn@80.69.41.2 1171172106 J * matti matti@acrux.romke.net 1171172106 J * click click@ti511110a080-0186.bb.online.no 1171172106 J * comfrey_ ~comfrey@70.91.185.84 1171173357 J * Electric1lf ~dbharris@bas14-toronto12-1167999764.dsl.bell.ca 1171173359 N * Electric1lf ElectricElf 1171173404 M * ElectricElf Hey, I'm playing around with linux-image-2.6.18.3-vserver-k7 in Etch. My experience is primarily with UML and Xen, but I thought I'd give vserver a try. 1171173422 M * Bertl hehe, sounds good :) 1171173433 M * Bertl basically forget what you know about UML and Xen 1171173455 M * Bertl (that is only keeping you from seeing the big picture) 1171173475 M * Bertl think Linux and Linux-VServer will come naturally 1171173476 M * ElectricElf One of the things I (rather badly) want to do is limit RSS. 'vlimit -c 12345 --rss 100' does cause many processes to not run (well, they core, I dunno if that's normal but whatever). However, 'memtest' from the 'memtester' package appears to be able to allocate all sorts more memory than it should. 1171173524 M * Bertl RSS is resident set size, i.e. the pages you have in memory 1171173541 M * ElectricElf The memlock vlimit appears to function. But it can still increase its RSS quite high. The used memory shows up in 'free' in the "host". Anybody have any thoughts? (In particular, are Debian/Etch kernels known to be broken?) 1171173554 M * Bertl you can still grab address space for up to 3GB or so 1171173573 M * Bertl once you try to fill the memory with pages, the RSS will kick in 1171173589 M * Bertl and yes, debian kernels are outdated and broken :) 1171173637 M * Bertl you might want to use the AS/VM limit to keep your memtest from _allocating_ space 1171173843 N * DoberMann DoberMann[PullA] 1171174084 Q * pflanze Ping timeout: 480 seconds 1171176342 J * meandtheshell ~markus@85.124.37.123 1171176464 J * Johnnie ~jdlewis@jdlewis.org 1171178295 J * Electric1lf ~dbharris@bas14-toronto12-1167995659.dsl.bell.ca 1171178407 Q * ElectricElf Ping timeout: 480 seconds 1171179406 M * Bertl okay, off to bed now .. have a good one everyone! cya! 1171179412 N * Bertl Bertl_zZ 1171179485 M * cast night 1171179491 M * cast thanks for the help 1171183960 N * olivierk_ olivierk 1171187272 Q * dlezcano Ping timeout: 480 seconds 1171188054 J * dlezcano ~dlezcano@AToulouse-252-1-49-120.w83-193.abo.wanadoo.fr 1171188596 Q * Aiken Quit: Leaving 1171188792 P * cast 1171189147 Q * cdrx Ping timeout: 480 seconds 1171189827 Q * m`m`h Ping timeout: 480 seconds 1171190740 J * Piet hiddenserv@tor.noreply.org 1171190808 J * m`m`h ~simba@deb30.mgts.by 1171193645 J * pflanze ~chris@84-73-56-44.dclient.hispeed.ch 1171194140 Q * m`m`h Read error: Operation timed out 1171195046 Q * PowerKe Ping timeout: 480 seconds 1171195292 Q * rob-84x^ Ping timeout: 480 seconds 1171196252 Q * michal` Ping timeout: 480 seconds 1171196649 J * michal` ~michal@81.169.139.228 1171198611 J * m`m`h ~simba@deb30.mgts.by 1171199251 J * _jthm_ ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net 1171199358 N * _jthm_ infowolfe 1171199400 Q * m`m`h Ping timeout: 480 seconds 1171199705 Q * infowolfe_ Ping timeout: 480 seconds 1171200281 Q * mEDI_S Ping timeout: 480 seconds 1171200375 J * mEDI_S ~medi@snipah.com 1171200765 J * m`m`h ~simba@deb30.mgts.by 1171202138 M * matti http://xkcd.com/c208.html 1171202139 M * matti ROTFL 1171202464 M * infowolfe that's awesome 1171202554 M * matti http://xkcd.com/ 1171202554 M * matti ;] 1171202650 A * infowolfe scratches his head and wonders if this is even worth doing 1171202662 M * infowolfe i see that there's a 2.6.20 linux-vserver kernel... 1171202667 M * infowolfe but i'm not entirely sure... 1171202674 M * matti Don't scratch too hard. 1171202679 M * matti You may hurt yourself ;] 1171202685 M * infowolfe if i want to go through the pita that is linux-vserver guest customization 1171202690 M * matti infowolfe: Want some 0xc0ffee? 1171202701 M * infowolfe i like mt dew :-p 1171202708 M * infowolfe uml's performance blows hard 1171202709 M * matti LOL 1171202716 M * matti Yet another Linus Torvalds? 1171202717 M * matti ;] 1171202723 M * infowolfe negative 1171202730 M * matti He is addicted to mt dew IIRC. 1171202733 M * infowolfe lol 1171202744 M * infowolfe i know 2 things of the man 1171202747 M * infowolfe he has nice eyebrows 1171202753 M * infowolfe and he manages the kernel 1171202755 M * matti Hahaha. 1171202763 M * matti :-))) 1171202780 M * infowolfe http://geekz.co.uk/lovesraymond/archive/gun-linux 1171202810 M * matti ROTFL 1171202822 M * infowolfe ELER is classic geek humor 1171202828 M * infowolfe nobody else knows why i'm laughing so hard... 1171202930 M * infowolfe but then again... not everybody realizes who esr/linus/rms are or why rms has a plant-up-the-nose fetish 1171202957 M * infowolfe oooh 1171202959 M * infowolfe that's an idea! 1171202961 A * infowolfe hugs vmware 1171203012 A * matti hugs infowolfe with soft coussins. 1171203012 M * matti ;] 1171203032 M * infowolfe i have to test out linux-vserver/uml stuffs anyway 1171203040 M * infowolfe and my workstation has svm 1171203042 M * infowolfe so it's _fast_ 1171203042 M * matti Oh god. 1171203049 M * matti s/hugs/pokes/ 1171203050 M * infowolfe bah 1171203055 M * matti ;p 1171203056 M * infowolfe i need to screw with kvm as well :( 1171203065 M * infowolfe benchmarking and such 1171203073 M * infowolfe for work :-p 1171203102 M * infowolfe the biggest thing pushing me towards linux-vserver on my personal dedi is the lack of amd64 skas support 1171203117 M * infowolfe i don't like having to screw with guests :-\ 1171203117 M * matti Hmmm... 1171203123 M * infowolfe i like them to work out of the box so to speak 1171203188 M * infowolfe bah 1171203258 A * infowolfe restarts vmware so it uses the right stupid interface :-\ 1171203344 M * infowolfe having vmware bind to the wrong interface in my workstation means that instead of getting live internet, it gets private lan 1171203370 M * cehteh mhm off topic ... but is there a way to let the kernel ignore sync() requests? 1171204096 M * cehteh .. ok no way, looked into the source 1171204269 J * yarihm ~yarihm@84-74-16-225.dclient.hispeed.ch 1171206050 J * cdrx ~legoater@82.227.199.249 1171206242 Q * Johnnie Remote host closed the connection 1171206277 J * Johnnie ~jdlewis@jdlewis.org 1171207537 M * pflanze Does anyone know dhclient and how it can be restricted to only listen on eth0 ? 1171207603 M * pflanze Or, is this not even possible, "listening on an interface", only listening on an ip address? 1171207622 M * daniel_hozac dhclient uses raw sockets, so it can listen on interfaces. 1171207632 M * daniel_hozac (i.e. not IP) 1171207666 M * pflanze ok. so the question is only, how. What I'd like to do is prevent it from taking port 68 of vservers (and also prevent vservers from sending packets to it). 1171207703 M * pflanze (I'm assuming that I can do the latter once the vserver ip's are free from being "bound" by the dhclient) 1171207737 M * pflanze (Then maybe not? and I should just forbit sending any packet from an internal address to port 68 on any address?) 1171207740 M * daniel_hozac dhclient doesn't bind IP addresses, AFAIK. 1171207767 M * pflanze well, netcat -u 10.0.5.1 68 from inside a vserver sends packets which are received by the dhclient on the host. 1171207770 M * daniel_hozac (then again, it might) 1171207778 M * pflanze where 10.0.5.1 is a private network ip from the vserver. 1171207798 M * daniel_hozac hmm, looks like it does bind IP addresses. 1171207897 J * bonbons ~bonbons@83.222.37.103 1171207906 A * pflanze falls back to a global deny rule 1171208516 M * pflanze (Hm strange, why doesn't this help, if vservers all have 10.0.* and 192.168.* addresses only?: for f in 10.0 192.168 ; do iptables -A INPUT -s $f.0.0/255.255.0.0 -p 68 -j REJECT ; done) 1171208532 M * pflanze (ehr, s/INPUT/OUTPUT/, also doesn't work) 1171208541 M * daniel_hozac -p 68? 1171208546 M * pflanze dhcp 1171208550 M * daniel_hozac surely you want -p udp --dport 68? 1171208563 M * pflanze ehrm 1171208569 M * pflanze funny 1171208587 M * pflanze I was already wondering that it didn't complain about the missing protocol definition. 1171208606 M * pflanze I wonder what it took protocol "68" for. 1171208969 A * pflanze verified that iptables -A INPUT -s $f.0.0/255.255.0.0 -p udp --dport 68 -j REJECT works 1171209281 M * daniel_hozac so works means that it doesn't reach dhclient? 1171209439 M * pflanze yes 1171209469 M * pflanze netcat immediately stops when trying to send something, now, and strace on dhclient doesn't output anything anymore. 1171209518 M * pflanze BTW the "INPUT" and "OUTPUT" terminology still confuses me. I didn't expect the above to work with INPUT, but not with OUTPUT. 1171209532 M * daniel_hozac hmm? 1171209548 M * pflanze man iptables says INPUT is for packets coming "into the box". 1171209561 M * daniel_hozac yes. 1171209568 M * pflanze But those surely are not coming from outside of the box. 1171209591 M * daniel_hozac no, but they're still destined for the same host, no? 1171209599 M * pflanze So INPUT maybe means "coming into a program" rather? 1171209613 M * pflanze I don't understand the line of the "box" they draw. 1171209661 M * daniel_hozac not necessarily, but any traffic which is going to an address on that box will go through INPUT. 1171209664 M * pflanze What I also still don't understand is why OUTPUT works for my iptables rules forbidding ip traffic to other vserver's local ip's. 1171209678 M * daniel_hozac why wouldn't it? 1171209699 M * pflanze why doesn't iptables -A OUTPUT -s $f.0.0/255.255.0.0 -p udp --dport 68 -j REJECT work? 1171209700 M * daniel_hozac OUTPUT is for all traffic created on that box. 1171209712 M * daniel_hozac it should. 1171209741 M * pflanze it doesn't. Replace OUTPUT with INPUT and it works. 1171209759 M * daniel_hozac and you don't have any terminal rule in OUTPUT before that? 1171209772 A * pflanze checks 1171210204 M * pflanze Hm, I can't reproduce it anymore, now both variants work 1171210664 M * sannes pflanze : maybe it should be -d instead of -s ? .. err, hm, depends on what you want to do .. 1171210687 M * sannes nevermind 1171210700 M * pflanze (I want prevent dhclient from receiving traffic from vservers) 1171210758 M * bonbons pflanze: what about blocking any DHCP traffic that goes through lo? 1171210810 M * bonbons or you want to prevent guest to play dhcp server for your LAN? 1171210816 M * pflanze no 1171210828 M * pflanze you mean, -i lo ? 1171210838 M * pflanze or -o lo, depends.. 1171210852 M * bonbons yep 1171210877 M * pflanze dunno. 1171210954 M * bonbons but then it affects only traffic local to your host (or between guests) - though guest normally can't capture the broadcast to 0.0.0.0 coming from the dhcp clients 1171211363 J * bleep ~bleep@mon75-2-81-57-111-113.fbx.proxad.net 1171211395 M * bleep hi everybody 1171211425 M * pflanze heh, could reproduce it again, and yeah it was because of another rule sitting there. 1171211430 Q * bleep Quit: User disconnected 1171211433 M * pflanze I did: -A OUTPUT -s 10.0.5.0/255.255.255.0 -d 10.0.5.0/255.255.255.0 -j ACCEPT 1171211459 M * pflanze so sending traffic from the vserver to it's own "localhost" ip port 68 worked, if the rule to forbit that was appended later. 1171211466 M * pflanze all clear now. 1171211510 M * pflanze either adding the --dport 68 rule earlier, or using INPUT makes it work. 1171211871 J * CHTEKK ~chtekk@62.48.110.172 1171211890 M * CHTEKK hi all :) 1171212479 M * daniel_hozac hello 1171212553 N * Bertl_zZ Bertl 1171212553 M * CHTEKK quick question: how could I make something kine /dev/dvb/adapter0 available also inside a guest? FAQ says something about creating the device nodes inside the guests namespace... which means? I'd only have to mknod them? 1171212558 M * Bertl morning folks! 1171212567 M * CHTEKK morning Bertl :) 1171212578 M * Bertl CHTEKK: or cp -va them 1171212615 M * daniel_hozac morning Bertl! 1171212622 M * CHTEKK ok, and this done from the host, cause I imagine you can't just mknod from inside the guest, which makes sense :) ok thanks! 1171212625 M * id23 hi Bertl 1171212640 M * id23 is jfs still broken in mainline ? 1171212674 M * Bertl id23: haven't tried, but I hope somebody reported it yet :) 1171212703 M * id23 i thought you did ;) 1171212717 M * Bertl I can try right now, shouldn't be too hard 1171212869 M * yang hi there Belu 1171212872 M * yang Bertl: 1171212927 M * Bertl id23: with 2.6.19.3 xfs seems to bail out, jfs seems fine :) 1171212971 M * CHTEKK xfs on what if I may ask? I'm using xfs here for my vserver partition, with 2.6.19.3 + gentoo patches + 2.2.0-rc12 vserver 1171213013 M * Bertl it seems locking is broken, so it might just work if you have disabled the sem checks 1171213041 J * EvilDin ~Snake@BSN-77-83-28.dsl.siol.net 1171213047 M * Bertl welcome EvilDin! 1171213060 M * EvilDin hi, how can i make folder /tmp bigger inside of vserver 1171213070 M * yang hey EvilDin 1171213072 M * daniel_hozac edit /etc/vservers//fstab. 1171213089 M * EvilDin tnx 1171213091 M * Bertl hey yang! :) 1171213094 M * EvilDin hi yang :D 1171213132 M * yang EvilDin: Decided to use vserver after all? 1171213158 M * EvilDin yes, i have, i made it and it works :) 1171213171 M * yang EvilDin: great 1171213210 M * yang EvilDin: as you can see it can be stable too, if configured correctly 1171213229 M * EvilDin does anyone here know any good CP for vservers ? 1171213322 M * Bertl webmin? 1171213347 M * yang webmin packages are broken in debian (possibly also removed) 1171214095 J * olivierk_ ~olivier@olivierk.org 1171214203 Q * olivierk Ping timeout: 480 seconds 1171214627 J * dna ~naucki@89.27.213.118 1171214959 J * bleep ~bleep@mon75-2-81-57-111-113.fbx.proxad.net 1171214982 M * bleep hi all 1171215105 M * bleep I try to start more than 49 vservers on etch, but it says "vcontext: vc_create_context(): Out of memory", I know that I don't reach the limit of the host because I tried with 64Mo and 512 Mo and got the same error, someone can help, please ? 1171215117 Q * m`m`h Read error: Operation timed out 1171215313 M * Bertl bleep: that's at least interesting ... 1171215327 M * Bertl how much system memory do you have on that machine? 1171215344 M * Bertl (upload /proc/meminfo to paste.linux-vserver.org) 1171215393 M * bleep I tried with 64Mo and 512 of RAM 1171215553 M * bleep sorry, I uploaded it there : http://paste.linux-vserver.org/1144 1171215878 J * m`m`h ~simba@deb30.mgts.by 1171216118 M * EvilDin hi i have little problem while compiling util-vserver 1171216128 M * EvilDin Can not find the 'vconfig' tool within '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/sbin:/usr/sbin:/usr/local/sbin'. 1171216140 M * Bertl EvilDin: install the vlan tools 1171216156 M * Bertl bleep: and you are getting ENOMEM? 1171216218 M * bleep what is ENOMEM ? I have this message : vcontext: vc_create_context(): Out of memory An error occured while executing the vserver startup sequence; when there are no other messages, it is very likely that the init-script (/etc/init.d/rc 3) failed. Common causes are: * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build method knows how to deal with this, but on existing installations, appending 'true' to this fil 1171216252 M * Bertl yep, that is ENOMEM, i.e. the kernel has not enough memory to allocate some structures 1171216280 M * EvilDin am if i had installed before util-vserver with debian, should i remove util-vserver before i install the new compiled one 1171216286 M * Bertl bleep: but the /proc/meminfo state you uploaded is not when you get that, no? 1171216319 M * bleep ok, happy to learn that :) 1171216374 M * bleep yes, right now, there are 49 vservers running and I just made the cat /proc/meminfo 1171216440 J * ema ~ema@lart.galliera.it 1171216442 M * EvilDin do i have to remove previously installed util-vserver or i can just mke install 1171216461 M * Bertl bleep: so the uploaded meminfo _is_ when you get that? 1171216473 M * daniel_hozac EvilDin: it's always a good idea to remove the old one first, in case stuff has been removed. 1171216498 M * bleep yes 1171216558 M * Bertl okay, I guess you are hitting some weird kernel limit here 1171216582 M * Bertl bleep: do you get a message in dmesg? could you upload the dmesg output too? 1171216705 M * bleep I don't think there's something (I am a noob) : http://paste.linux-vserver.org/1145 1171216756 M * daniel_hozac bleep: is it an SMP kernel? 1171216811 M * bleep yes : Linux lenightclub 2.6.18-3-xen-vserver-686 #1 SMP Mon Dec 4 22:12:17 UTC 2006 i686 GNU/Linux 1171216825 M * Bertl do you know how to build your own kernel? 1171216849 M * daniel_hozac per-CPU allocation limit? 1171216857 M * bleep no, I tried but that's why I installed etch because it was automatic 1171216903 M * bleep daniel_hozac : I didn't touch any settings 1171216973 M * Bertl daniel_hozac: yes, that could be hit here 1171217013 M * Bertl probably they compile for a large number of CPUs 1171217054 M * bleep but the load seems ok : Cpu(s): 24.4%us, 3.0%sy, 0.0%ni, 68.6%id, 0.0%wa, 0.0%hi, 4.0%si, 0.0%st 1171217068 M * Bertl you have more than one cpu? 1171217086 M * bleep no, only one 1171217184 M * Bertl so, what I'd really suggest is to dig into building your own kernel 1171217214 M * bleep please !!!! no 1171217224 J * shedi ~siggi@ftth-237-144.hive.is 1171217253 M * bleep there's no other way ? 1171217281 M * Bertl well, even if we change something :) 1171217292 M * Bertl it will probably take a year until it gets into debian ... 1171217300 M * daniel_hozac especially etch. 1171217363 M * bleep I'm not married with etch, is there another distribution that could make it ? 1171217382 M * daniel_hozac # ls -l /proc/virtual/ | wc -l 1171217382 M * daniel_hozac 5005 1171217412 M * daniel_hozac so creating 5000 contexts is no problem :) 1171217419 M * Bertl nice :) 1171217425 M * daniel_hozac (host has 384 MiB RAM) 1171217449 M * Bertl waldi: ping? 1171217569 M * bleep # ls -l /proc/virtual/ | wc -l 1171217572 M * bleep 51 1171217574 M * bleep :( 1171217591 M * daniel_hozac i guess other relevant info is 2.6.19-1.2908.fc6.vs2.2.0.0.rc12.2 which is configured for 32 CPUs. 1171217832 M * Bertl so that would mean that the debian kernel compile for how many cpus? 1171217964 M * daniel_hozac over 500? 1171218011 M * bleep where can I fond this info ? 1171218014 M * bleep find 1171218023 M * daniel_hozac probably in /boot/config-`uname -r` 1171218024 M * Bertl either that, or they removed the percpu patch 1171218108 M * daniel_hozac hmm, actually, the per-CPU stuff doesn't seem to be in 2.0. 1171218146 M * Bertl ah, yes, the debian kernels are still 2.0 :) 1171218164 M * Bertl why didn't I see that from the uname? :) 1171218172 M * daniel_hozac hehe :) 1171218224 M * daniel_hozac so it has to be the kmalloc that's failing, or am i missing something? 1171218240 M * EvilDin hi, while i try to remove util-vserver, i am asked if i stop running guest vserver, do i stop dhem, and install new util-vserver 1171218244 M * EvilDin and start dhem again 1171218249 M * bleep do you think I should try with ubuntu or fedora ? 1171218288 M * daniel_hozac EvilDin: would be a good idea, unless you configure it the same way. 1171218313 M * daniel_hozac bleep: Ubuntu lacks precompiled Linux-VServer kernels. 1171218356 M * bleep fedora then ? which one ? 1171218431 M * EvilDin am i now made install, but why command vserver doesn't work, it say no file found 1171218466 M * daniel_hozac bleep: probably a better idea to try to get the Debian kernel working, or file a bug about it. 1171218569 M * bleep I have already tried for hours without success... 1171218651 M * EvilDin why do i get: root45:~# vserver 1171218651 M * EvilDin -bash: /usr/sbin/vserver: No such file or directory 1171218662 M * EvilDin i make good compile and make and make install 1171218668 M * EvilDin what can i do 1171218693 M * daniel_hozac EvilDin: tell your shell to clear the hash table. 1171218698 M * EvilDin am hoq 1171218699 M * EvilDin how 1171218743 M * Bertl bleep: if you work your way through compiling your custom kernel, you can fine tune it to you hardware, probably improving speed by a factor of 2 :) 1171218795 M * bleep i know, i know... 1171218858 M * EvilDin hi 1171218875 M * EvilDin why vserver is looking for vserver in Can not find a vserver-setup at '/usr/local/etc/vservers/ ---> i have vserver in /etc/vserver 1171218890 M * daniel_hozac because you didn't configure it to look in /etc. 1171218898 M * EvilDin how can i do that 1171218930 M * daniel_hozac add --sysconfdir=/etc to your configure arguments. 1171218946 M * daniel_hozac just like with any other autotooled program. 1171218980 J * infowolfe_ ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net 1171219105 M * EvilDin hm i have one more problem 1171219114 M * EvilDin i have vdir somewhere else 1171219213 M * EvilDin oh no, my .default/vdirbase were overwritten, i had there vdirbase for each vserver 1171219215 M * EvilDin what can i do 1171219223 Q * infowolfe Ping timeout: 480 seconds 1171219287 M * EvilDin nooooo 1171219292 M * EvilDin i just lost everything 1171219294 M * EvilDin !!! 1171219297 Q * yang Ping timeout: 480 seconds 1171219323 M * Bertl EvilDin: stock trader? 1171219336 M * daniel_hozac lol! 1171219339 M * EvilDin yes i had 2 vserver on it 1171219344 M * EvilDin it jus tdelete them 1171219355 M * EvilDin while new util-vserver i installed 1171219360 M * EvilDin how is this even possible 1171219391 M * Bertl what 'just' deleted them? 1171219405 M * EvilDin i compile util-vserver 1171219408 M * EvilDin and make install 1171219420 M * Bertl I doubt that will delete any guest data 1171219420 M * EvilDin and in /etc/vserver there stayed only names of vserver 1171219423 M * EvilDin with no file 1171219423 M * EvilDin s 1171219444 M * EvilDin where else can be moved 1171219444 M * EvilDin ? 1171219462 M * daniel_hozac removing the util-vserver package removed guest configurations? 1171219468 M * EvilDin no 1171219471 M * EvilDin i said not to 1171219487 M * EvilDin the new install of compiled one just remove everything 1171219503 M * daniel_hozac ... installing doesn't remove anything. 1171219532 M * EvilDin then please explain where did files go 1171219631 M * EvilDin vdir in /etc/vservers/.defaults/vdirbase/slofiles was deleted 1171219658 M * EvilDin dhem what should i say to guys who had things on it 1171219677 M * matti Hi Bertl :) 1171219678 M * EvilDin is possible to recover anything 1171219971 M * Bertl EvilDin: IIRC, vdirbase is a symlink 1171219989 M * EvilDin to where 1171219991 M * Bertl EvilDin: if you compiled stuff yourself, the pathes might be different than before 1171220000 M * Bertl by default, it goes to /vservers 1171220014 M * Bertl on debian, it goes somewhere in /var/lib/vservers 1171220087 M * EvilDin yes 1171220092 M * EvilDin i found in /var/lib/vservers 1171220104 M * EvilDin how can i connect those new to that old ones ? 1171220159 M * Bertl again with a symlink ... 1171220171 M * Bertl but you probably want to configure your new built tools 1171220181 M * Bertl to the strange? debian settings instead 1171220195 M * Bertl and make sure to remove the debian tools 1171220205 M * EvilDin i delte debian vserion 1171220220 M * EvilDin can i just make symlink to the old location 1171220287 M * EvilDin how can i create link between /etc/vservers/.defaults/vdirbase/braindead-tracker and /var/lib/vservers/braindead-tracker 1171220327 Q * yarihm Quit: Leaving 1171220396 M * daniel_hozac just reconfigure the utils to the Debian location. 1171220415 M * EvilDin how ? 1171220433 M * daniel_hozac --with-vserverdir or so, check ./configure --help 1171220437 Q * comfrey_ osmotic.oftc.net electron.oftc.net 1171220437 Q * click osmotic.oftc.net electron.oftc.net 1171220437 Q * derjohn osmotic.oftc.net electron.oftc.net 1171220437 Q * eyck osmotic.oftc.net electron.oftc.net 1171220437 Q * matti osmotic.oftc.net electron.oftc.net 1171220449 J * click click@ti511110a080-0186.bb.online.no 1171220449 J * comfrey_ ~comfrey@70.91.185.84 1171220450 J * derjohn ~derjohn@80.69.41.2 1171220463 M * daniel_hozac seems it is --with-vrootdir. 1171220470 J * eyck eyck@kuszelas.com 1171220472 J * matti matti@acrux.romke.net 1171220487 M * EvilDin so --with-vrootdir=/var/lib/vservers ? 1171220491 N * matti Guest1822 1171220503 M * daniel_hozac yep. 1171220658 M * EvilDin hm i still get /usr/local/sbin/vserver: line 802: pushd: /etc/vservers/braindead-tracker/vdir: No such file or directory 1171220696 M * Bertl you are probably on the best way to render your installation almost unusable ... 1171220716 M * Bertl here are some rules you should (have taken) care about: 1171220736 M * Bertl - unisntall old tools (either package management or make uninstall) 1171220749 M * EvilDin i did 1171220751 M * Bertl - uninstall, ./configure, make and make install 1171220771 M * Bertl - don't forget the mentioned make distro-install (or whatever it is called) 1171220788 M * EvilDin i run that command too 1171220811 M * Bertl what did the ./configure output regarding pathes when finished? 1171220831 M * Bertl (it gives an overview page of all configured stuff, upload that to paste.linux-vserver.org) 1171220839 M * EvilDin Paths: 1171220840 M * EvilDin prefix: /usr/local 1171220840 M * EvilDin sysconf-Directory: /etc 1171220840 M * EvilDin cfg-Directory: /etc/vservers 1171220840 M * EvilDin initrd-Directory: $(sysconfdir)/init.d 1171220840 M * EvilDin pkgstate-Directory: ${prefix}/var/run/vservers 1171220840 M * EvilDin vserver-Rootdir: /var/lib/vservers 1171220887 M * EvilDin is this ok ? 1171220916 M * Bertl I wouldn't install it in /usr/local, but the guest path is okay 1171220936 M * EvilDin it is sth wrong with vdir, what should be in it ? 1171220986 M * Bertl the vdir in a guest is again a symlink to the guest data 1171221003 M * Bertl it usually uses the indirection over .defaults 1171221031 N * Electric1lf ElectricElf 1171221052 M * EvilDin vdir -> /etc/vservers/.defaults/vdirbase/braindead-tracker 1171221054 M * EvilDin i have this 1171221062 M * Bertl okay, looks good 1171221064 M * EvilDin but in vdirbase i don't have anything 1171221073 M * Bertl now where does /etc/vservers/.defaults/vdirbase point to? 1171221074 M * EvilDin should i make links there 1171221099 M * EvilDin vdirbase -> /vservers 1171221110 M * EvilDin it should in /var/lib/vservers 1171221112 M * Bertl so that is now pointing to the wrong address 1171221122 M * EvilDin how can i fix that 1171221123 M * Bertl remove that, if you are sure the tools have been installed 1171221133 M * Bertl and recreate the link properly 1171221142 M * EvilDin am could you please help me create link 1171221143 M * Bertl rm -f /etc/vservers/.defaults/vdirbase 1171221151 M * Bertl ln -s /var/lib/vservers /etc/vservers/.defaults/vdirbase 1171221253 N * Guest1822 matti 1171221270 M * EvilDin hm i have this problem now 1171221316 M * EvilDin http://pastebin.ca/350820 1171221356 M * Bertl you are using one of the debian kernels? 1171221372 M * EvilDin no, i have vanilla kernel patched to the last version 1171221381 M * EvilDin 2.2.0-rc12 1171221393 M * Bertl with legacy and legacy version id enabled? 1171221404 M * EvilDin um 1171221414 M * Bertl you built it yourself? 1171221433 M * EvilDin yes 1171221434 M * Bertl try 'grep LEGACY .config' 1171221453 M * EvilDin CONFIG_PM_LEGACY=y 1171221453 M * EvilDin # CONFIG_MEGARAID_LEGACY is not set 1171221453 M * EvilDin CONFIG_LEGACY_PTYS=y 1171221453 M * EvilDin CONFIG_LEGACY_PTY_COUNT=256 1171221453 M * EvilDin CONFIG_VSERVER_LEGACY=y 1171221454 M * EvilDin CONFIG_VSERVER_LEGACY_VERSION=y 1171221454 M * EvilDin CONFIG_VSERVER_LEGACYNET=y 1171221467 M * EvilDin is this ok 1171221488 M * Bertl here we go, you have to either enable the legacy ABI for the tools, or disable the legacy version in the kernel 1171221507 M * Bertl ./configure --enable-apis=NOLEGACY .... (for the tools) 1171221525 M * Bertl # CONFIG_VSERVER_LEGACY_VERSION is not set (for the kernel) 1171221534 M * EvilDin so what is better ? 1171221550 M * Bertl I would disable the legacy stuff in the kernel 1171221564 M * Bertl especially as you have recent? tools, no? 1171221566 M * EvilDin ok where in menuconfig is that legacy 1171221577 M * Bertl in the vserver menu 1171221586 M * EvilDin yes i have the newest one from linux-vsers 1171221589 M * EvilDin vservers 1171221601 M * Bertl btw, you can hit '/' and type something to search in make menuconfig 1171221632 M * EvilDin am do i siable this 1171221633 M * EvilDin [*] Enable Legacy Kernel API x x 1171221633 M * EvilDin x x [*] Show a Legacy Version ID x x 1171221633 M * EvilDin x x [*] Enable dynamic context IDs 1171221684 M * Bertl yes, you want to disable all of them 1171221685 M * EvilDin but i saw in gudies that this have to be enabled 1171221696 M * Bertl only if you have legacy tools 1171221717 M * Bertl btw, if you press '?' on one of those options 1171221726 M * Bertl you will get an explanation ... read it! 1171221793 M * EvilDin aha this is for old tools :D 1171221816 M * EvilDin this Enable Legacy Networking Kernel API 1171221821 M * EvilDin should be disabled too ? 1171221859 M * Bertl hmm, let me see what the config help says *G* 1171221920 M * EvilDin hm please tell me what you find out 1171221944 M * Bertl well, it says, as you can easily verify by pressing '?' 1171221950 M * Bertl This enables the legacy networking API which is used 1171221954 M * Bertl by older tools (pre 0.30.210) to set up the network 1171221959 M * Bertl context (chbind). 1171221968 M * EvilDin so i remove ? 1171221973 M * Bertl now, the question is, what tool version do you use? 1171221999 M * EvilDin last from page 1171222005 M * EvilDin so 212 1171222018 M * Bertl so, keep or disable? 1171222029 M * EvilDin diable 1171222033 M * EvilDin disable 1171222033 M * Bertl bingo! 1171222060 M * EvilDin ok i will compile kernel now and reboot 1171222066 M * Bertl excellent! 1171222067 M * EvilDin i hope then will work 1171222084 M * EvilDin i there anything else that i could have problems 1171222090 M * EvilDin please stay for 10 min here 1171222094 M * EvilDin that i compile 1171222098 M * Bertl if you are recompiling the kernel 1171222106 M * Bertl you might also check some other switches 1171222114 M * Bertl yyou are on x86? 1171222119 M * EvilDin am yes 1171222123 M * EvilDin pentium 4 1171222126 M * Bertl 32bit? 1171222132 M * EvilDin um yes 1171222140 M * Bertl okay, how much memory? 1171222145 M * EvilDin dual core probably 1171222146 M * EvilDin 1 GB 1171222159 M * Bertl dual core should be 64bit capable, btw 1171222174 M * EvilDin so what elese can i do 1171222179 M * EvilDin else 1171222194 M * Bertl do you have highmem enabled? 1171222204 M * EvilDin un don't know 1171222216 M * Bertl grep HIGHMEM .config 1171222232 M * EvilDin # CONFIG_NOHIGHMEM is not set 1171222232 M * EvilDin CONFIG_HIGHMEM4G=y 1171222232 M * EvilDin # CONFIG_HIGHMEM64G is not set 1171222232 M * EvilDin CONFIG_HIGHMEM=y 1171222232 M * EvilDin # CONFIG_DEBUG_HIGHMEM is not set 1171222242 M * EvilDin is this ok ? 1171222244 M * Bertl so you want to disable that 1171222250 M * matti ;] 1171222251 M * Bertl and switch to 2/2G 1171222259 M * EvilDin wha ? 1171222262 M * EvilDin why? 1171222271 M * Bertl because that will improve overall performance 1171222289 M * EvilDin where is that 1171222297 M * matti EvilDin: Memory split is more efficient than HIGHMEM itself. High memory access cost more. 1171222311 M * matti EvilDin: You need to enable EMBEDDED 1171222312 M * matti ;] 1171222316 M * EvilDin aha 1171222320 M * EvilDin i disable highmem 1171222325 M * EvilDin i get sth new 1171222333 M * EvilDin Memory split (3G/1G user/kernel split) 1171222343 M * Bertl yep, you want to select 2/2 there 1171222346 M * matti EvilDin: Basically - you want to have as much low-mem as possible. 1171222361 M * EvilDin ok 1171222362 M * EvilDin i set 1171222364 M * matti :) 1171222368 M * EvilDin what else can i make better 1171222371 M * Bertl EvilDin: do you plan to limit cpu per guest? 1171222379 M * EvilDin i thought about that 1171222383 M * EvilDin if it is possible 1171222393 M * Bertl did you enable CONFIG_VSERVER_HARDCPU ? 1171222413 M * Bertl if not, enable that and the skip idle time, but not the limit idle task 1171222414 M * EvilDin yep 1171222434 M * EvilDin [*] Enable Hard CPU Limits x x 1171222434 M * EvilDin x x [*] Avoid idle CPUs by skipping Time x x 1171222434 M * EvilDin x x [*] Limit the IDLE task 1171222443 M * EvilDin is this ok 1171222444 M * Bertl disable the last one 1171222447 M * EvilDin ok 1171222462 M * EvilDin ok what else 1171222477 M * Bertl preemption? 1171222501 M * matti Bertl: Skipping idle time is bad? 1171222520 M * Bertl EvilDin: is this going to be a server for guests? or a game/multimedia station which just has a few guests on it? 1171222533 M * Bertl matti: the last one is 'Limit the IDLE task' 1171222536 M * EvilDin there will be 3-4 vservers on it 1171222554 M * Bertl matti: (which is just for beautification of top) 1171222558 M * EvilDin for apache2, mysql 1171222582 M * Bertl EvilDin: yeah, but the servers purpose is to handle those guests, yes? 1171222584 M * EvilDin am is there anything else i should set 1171222588 M * EvilDin yes 1171222599 M * EvilDin to handle guests 1171222607 M * Bertl then back to my question: preemption? 1171222610 M * matti Bertl: So, no performance improvements? 1171222622 M * EvilDin preemption ?? 1171222637 M * matti Bertl: If so, then this option is a bit confusing and more or less useless :) Hehe. 1171222642 M * Bertl matti: limitting the idle task just reduces the pauses when nopthing is running 1171222650 M * matti Bertl: I know. 1171222662 M * matti Bertl: Mayby this should be te default behaviour? 1171222670 M * Bertl the help text explains it pretty much 1171222695 M * EvilDin ok anything else, to improve 1171222708 M * Bertl matti: we don't want scheduling overhead by default :) 1171222716 M * Bertl EvilDin: what are your preemption settings :) 1171222726 M * EvilDin what this word preemption mean? 1171222751 M * matti Bertl: Probably not. 1171222751 M * Bertl http://en.wikipedia.org/wiki/Preemption_%28computing%29 1171222751 M * matti ;) 1171222771 J * olivierk ~olivier@olivierk.org 1171222803 M * Bertl EvilDin: it is one of the config options 1171222804 M * EvilDin ok i don't know, i didn't set anything like this 1171222808 J * Piet_ hiddenserv@tor.noreply.org 1171222832 M * Bertl grep PREEMPT .config 1171222854 M * EvilDin CONFIG_PREEMPT_NONE=y 1171222854 M * EvilDin # CONFIG_PREEMPT_VOLUNTARY is not set 1171222854 M * EvilDin # CONFIG_PREEMPT is not set 1171222854 M * EvilDin CONFIG_PREEMPT_BKL=y 1171222880 Q * olivierk_ Ping timeout: 480 seconds 1171222883 M * Bertl okay, that should be fine 1171222907 M * EvilDin ok 1171222915 M * EvilDin anything else, or i compile 1171222921 M * matti Bertl: See, this: "This might improve interactivity and latency, but will also marginally increase scheduling overhead." - fot me this means "well, they say "marginally", but on the other hand they also said "improve interactivity and latency". I want it! Yes!". Hehe. 1171222925 M * matti :> 1171222936 M * matti Bertl: Since today, I was sure, that this will help a bit ;p 1171222949 M * matti :) 1171222957 M * matti s/fot/for/ 1171222971 M * Bertl yeah, we might rephrase that a little 1171222986 M * Bertl I was thinking it might actually give some improvement 1171222988 M * EvilDin ok i will compile kernel 1171223008 M * Bertl but IMHO the option is just when you want to show that 50% cpu are 50% cpu (with top :) 1171223019 M * cehteh the wikipedia article is bad written 1171223038 M * matti Bertl: Well. You know that, because you developed this. I don't :) 1171223081 M * Bertl cehteh: please improve it :) 1171223088 M * matti Heheh. 1171223096 M * cehteh not now :P 1171223097 M * matti Sorry guys. 1171223114 A * matti didn't want to get anybody confused ;p 1171223141 M * cehteh Bertl: but it should link to recursion ... 1171223164 M * Bertl hmm? 1171223172 M * cehteh explaining Preemption with the word preempt .... 1171223197 M * cehteh Pre-emption as used with respect to operating systems means the ability of the operating system to preempt .. 1171223204 Q * Piet Ping timeout: 480 seconds 1171223323 M * Bertl http://www.thefreedictionary.com/preempt 1171223379 M * cehteh yeah sure ... but should be better explained in the first place 1171223422 M * cehteh Making a scheduler preemptible has the advantage of better system responsiveness and scalability. << really? ... 1171223460 M * Bertl scalability is always debateable, responsiveness will increase :) 1171223535 M * cehteh i think even the later is debateable but prolly true since thats a design goal for preempt schedulers 1171223556 M * cehteh bandwidth will decrease compared to cooperative schedulers 1171223601 M * Bertl throughput is orthogonal to latency (which is the key component for 'responsiveness') 1171223793 P * bleep 1171223877 M * EvilDin hm 1171223880 M * EvilDin i compile 1171223883 M * EvilDin rebooot 1171223887 M * EvilDin now i get this 1171223888 M * EvilDin http://pastebin.ca/350857 1171223891 M * EvilDin while starting 1171223922 M * Bertl your guest probably doesn't use a static context id 1171223938 M * EvilDin what this mean, and how can i fix 1171223956 M * EvilDin yes i didn't set and context id 1171223957 M * Bertl what's in /etc/vservers//context ? 1171223961 M * EvilDin while building 1171223979 M * EvilDin i don't have file context 1171223990 M * Bertl see, you are missing that one 1171224003 M * Bertl i.e. choose a number between 2 and 49151 1171224005 M * EvilDin do i create it 1171224013 M * Bertl (make sure it is unique for each guest) 1171224036 M * Bertl put that number into the file 1171224040 M * cehteh last octet from its IP is a good choice 1171224044 Q * m`m`h Ping timeout: 480 seconds 1171224047 M * EvilDin ok 1171224070 M * EvilDin dhem 1171224073 M * EvilDin now i get save_ctxinfo: open("/var/run/vservers/braindead-tracker"): No such file or directory 1171224090 M * Bertl that is because your guests were created with the old tools 1171224096 M * bonbons EvilDin: missing the parent folder? 1171224097 M * EvilDin yes 1171224099 M * Bertl so some other symlinks are wrong 1171224108 M * EvilDin which 1171224111 J * m`m`h ~simba@deb30.mgts.by 1171224121 M * bonbons this one: /var/run/vservers/ 1171224124 M * EvilDin run -> /var/run/vservers/braindead-tracker 1171224126 M * Bertl make sure there is a directory /var/run/vservers 1171224134 M * EvilDin this is 1171224139 M * EvilDin but seem not to work 1171224143 M * Bertl then stop the guest and start it again 1171224161 M * EvilDin hm i haven't started it yet 1171224187 M * EvilDin i don't even have /var/run/vservers/ 1171224198 M * EvilDin can i make new this files ? 1171224199 M * Bertl 21:02 < Bertl> make sure there is a directory /var/run/vservers 1171224253 M * EvilDin yeeee 1171224255 M * EvilDin it works 1171224261 M * Bertl congrats! 1171224262 M * EvilDin thank you very much 1171224269 M * Bertl you're welcome! 1171224492 N * DoberMann[PullA] DoberMann 1171224807 M * daniel_hozac Bertl: it should be safe to upgrade to shiny15, right? 1171224868 M * Bertl yes, I'd say so, all tests were positive yet 1171225543 M * daniel_hozac http://people.linux-vserver.org/~dhozac/p/uv/experimental/util-vserver-0.30.213-rc2.tar.bz2 1171225567 M * Bertl ah, excellent! 1171225726 M * EvilDin hi, how can i create gentoo vserver on debian server ? 1171225780 M * daniel_hozac vserver gentoo build -m template ... -- -t /path/to/stage3* -d gentoo 1171225818 M * EvilDin i used 1171225818 M * EvilDin vserver prenesi build --context 234 --hostname prenesi --interface 89.106.65.234/24 --initstyle plain -m template -- -t /root/stage3-i686-20060317.tar.bz2 -d gentoo 1171225846 M * EvilDin but i get error: 1171225846 M * EvilDin >>> Adding shared /usr/portage to fstab ... 1171225846 M * EvilDin !!! Cannot find /usr/portage! You should definitely use a 1171225846 M * EvilDin !!! shared portage tree if you have multiple Gentoo guests! 1171225846 M * EvilDin >>> Checking init-style ... plain 1171225848 M * EvilDin Unsupported packaging method: application/x-bzip2 1171225880 M * Bertl lol 1171225896 M * Bertl bzip2 installed? 1171225938 M * EvilDin yes 1171225945 M * daniel_hozac and more importantly, is file built against it? 1171225960 M * EvilDin ? 1171225982 M * EvilDin i think sth is wrong with command for install 1171225991 M * daniel_hozac what does file -Nbiz -m /lib/magic /path/to/stage3* return? 1171226065 M * EvilDin hm, what is 1171226069 M * EvilDin vserver ? 1171226096 M * daniel_hozac no, the prefix with which you installed util-vserver. 1171226106 M * daniel_hozac by default /usr/local, but distributions would normally use /usr. 1171226131 J * yang ~yang@yang.sponsor.oftc.net 1171226161 M * EvilDin root45:~# file -Nbiz -m /usr/local/lib/magic /root/stage3-i686-20060317.tar.bz2 1171226161 M * EvilDin file: could not find any magic files! 1171226180 M * daniel_hozac whoops, you need /usr/local/lib/util-vserver/magic 1171226180 M * EvilDin should be stage uncompressed ? 1171226209 M * daniel_hozac compressed ought to work as well, but unfortunately it depends on file to figure out the format.... 1171226280 M * EvilDin root45:~# file -Nbiz -m /usr/local/lib/util-vserver/magic /root/stage3-i686-20060317.tar.bz2 1171226280 M * EvilDin application/x-bzip2 1171226295 M * daniel_hozac so the -z option doesn't work for bzip2 files on your system. 1171226316 M * EvilDin dunno 1171226327 M * EvilDin it is bzip2 on debian 1171226344 M * daniel_hozac which Debian? 1171226355 M * EvilDin 3.1 sarge 1171226390 M * EvilDin what can i do 1171226463 M * daniel_hozac not much, i guess. you'll have to bunzip2 the file to use the template build method. 1171226503 M * Bertl daniel_hozac: btw, wouldn't bzcat be a viable option? 1171226521 M * daniel_hozac hmm, for? 1171226523 M * EvilDin so i uncompress 1171226523 J * olivierk_ ~olivier@213.41.185.134 1171226554 M * Bertl daniel_hozac: well, you are unpacking the template, no? 1171226559 M * daniel_hozac yes. 1171226572 M * Bertl and that fails at some point? 1171226582 M * daniel_hozac no, it's before the unpacking. 1171226594 M * Bertl so what exactly fails? 1171226595 M * daniel_hozac when it tries to figure out _how_ to unpack it. 1171226613 M * daniel_hozac (by using file) 1171226615 Q * olivierk Ping timeout: 480 seconds 1171226633 M * daniel_hozac it seems that file is incapable of peeking inside bzip2 files on Debian sarge. 1171226645 M * EvilDin i get this 1171226647 M * EvilDin root45:~# vserver prenesi build --context 234 --hostname prenesi --interface 89.106.65.234/24 --initstyle plain -m template -- -t /root/stage3-i686-20060317.tar.bz2 -d gentoo 1171226647 M * EvilDin No device specified for interface '0'; do not forget to set the 'nodev' option 1171226647 M * EvilDin >>> Adding shared /usr/portage to fstab ... 1171226647 M * EvilDin !!! Cannot find /usr/portage! You should definitely use a 1171226647 M * EvilDin !!! shared portage tree if you have multiple Gentoo guests! 1171226648 M * EvilDin >>> Checking init-style ... plain 1171226648 M * EvilDin Unsupported packaging method: application/x-bzip2 1171226665 M * Bertl daniel_hozac: well, it is so on many other distros too ... especially older ones 1171226686 M * daniel_hozac i guess so. using file was a bad choice. 1171226717 M * EvilDin so gentoo can't be installed or what ? 1171226723 M * daniel_hozac sure it can. 1171226725 M * Bertl file -i ../vserver_include_2.0.tar.bz2 1171226725 M * Bertl ../vserver_include_2.0.tar.bz2: application/octet-stream 1171226741 M * daniel_hozac well, for that problem we have our own magic file. 1171226752 M * daniel_hozac try adding -m /util-vserver/magic 1171226799 M * Bertl okay, that gives at least: 1171226804 M * Bertl ../vserver_include_2.0.tar.bz2: application/x-bzip2 1171226825 M * daniel_hozac -z is the (apparently) problematic option. 1171226832 M * Bertl but the same seems to be the result on debian, no? 1171226841 M * EvilDin hm i decompress with bzip2 and try again, now i get this: 1171226843 M * EvilDin root45:~# vserver prenesi build --context 234 --hostname prenesi --interface 89.106.65.234/24 --initstyle plain -m template -- -t /root/stage3 1171226843 M * daniel_hozac which should peek inside of gzip/bzip2 files. 1171226844 M * EvilDin -i686-20060317.tar -d gentoo 1171226844 M * EvilDin No device specified for interface '0'; do not forget to set the 'nodev' option 1171226844 M * EvilDin >>> Adding shared /usr/portage to fstab ... 1171226844 M * EvilDin !!! Cannot find /usr/portage! You should definitely use a 1171226844 M * EvilDin !!! shared portage tree if you have multiple Gentoo guests! 1171226844 M * EvilDin >>> Checking init-style ... plain 1171226846 M * EvilDin >>> Found baselayout-1.6.14 1171226846 M * EvilDin !!! Will not do automagic changes to baselayout < 1.13 1171226848 M * EvilDin !!! You have to take care for yourself ... 1171226860 M * daniel_hozac EvilDin: please use paste.linux-vserver.org for longer pastes. 1171226870 M * EvilDin ok 1171226871 M * Bertl EvilDin: from now on, please use paste.linux-vserver.org for everything longer than 3 lines 1171226875 M * EvilDin ok 1171226936 M * EvilDin what can be done 1171226953 M * daniel_hozac about what? 1171226963 M * Bertl probably about the nodev part 1171226985 M * EvilDin nodev i know 1171226994 M * Bertl daniel_hozac: btw, can we add something like nodev: if you insist on this error message? 1171226996 M * EvilDin what about Cannot find /usr/portage! You should definitely use a 1171227008 M * Bertl daniel_hozac: or am I missing something there? 1171227017 M * daniel_hozac Bertl: hehe, that message is now a warning ;) 1171227022 M * daniel_hozac (and it sets nodev for you) 1171227032 M * EvilDin nodev is warning i know that and i know how to fix 1171227039 M * Bertl yeah, okay, by why should it warn on a perfectly normal setup? 1171227042 M * EvilDin i have problem wit portage 1171227055 M * daniel_hozac Bertl: just to make sure it's intended. 1171227064 M * Bertl EvilDin: it just suggests that you have an share it 1171227074 M * EvilDin am i didn't specific interface because i have virtual interfaces 1171227087 M * Bertl daniel_hozac: that's why I'd suggest to add a nodev: if you really want to make sure :) 1171227112 M * daniel_hozac that was my initial idea too :) 1171227116 M * Bertl or let me put that the other way around, I'd like to have a way to do a perfectly fine config _without_ warning 1171227162 M * EvilDin hm now i get vserver-topdirectory '/etc/vservers/.defaults/vdirbase/prenesi' and/or configuration at '/etc/vservers/prenesi' 1171227162 M * EvilDin exist already; please try to use '--force', or remove them manually. 1171227185 M * Bertl because the guest was created quite fine 1171227196 M * EvilDin i am not sure 1171227197 M * EvilDin :d 1171227198 M * Bertl it now exists, so either delete it or overwrite it :) 1171227215 M * daniel_hozac well, parsing nodev: would take more effort than what's there now. 1171227222 M * EvilDin ok i start it 1171227224 M * EvilDin and i get in 1171227254 M * waldi Bertl: icmp echo reply 1171227257 M * daniel_hozac but i guess it's doable. 1171227260 M * Bertl daniel_hozac: then I would drop the warning, or make it depend on some --with-weird-warnings :) 1171227267 M * EvilDin but network in it doesn't work 1171227290 M * Bertl waldi: hey, it seems we found that debian has a 51 context limit :) 1171227312 M * daniel_hozac Bertl: wasn't it 49? :) 1171227325 M * Bertl well, take or give two :) 1171227350 M * waldi Bertl: hmm? 1171227351 M * Bertl waldi: might be a good occasion to update :) 1171227366 M * Bertl waldi: we assume, that the kernel runs out of per cpu space 1171227410 M * daniel_hozac we did, then we realized it was an old version which doesn't have any per-CPU structures ;) 1171227425 J * ircuser95151 ~5bbb0017@webmaster.progtech.ru 1171227460 M * daniel_hozac so it has to be the kmalloc that's failing. 1171227488 M * ircuser95151 hello. i have many records in /var/log/messages like this one - "vxW: xid=1 did hit the barrier.". 1171227493 M * daniel_hozac (or maybe the alloc_uid) 1171227497 M * ircuser95151 can anybody explain what does it mean? 1171227509 M * daniel_hozac ircuser95151: it means the spectator hit the barrier. 1171227510 N * Piet_ Piet 1171227548 M * daniel_hozac ircuser95151: it also means you're running a somewhat outdated kernel, as that warning has been removed from recent kernels. 1171227593 M * daniel_hozac ... or so i thought. 1171227607 M * ircuser95151 i am not a profi with linux. this message - is it bad or not so ? 1171227619 M * daniel_hozac Bertl: didn't we decide to let the spectator cross the barrier? 1171227682 M * daniel_hozac ircuser95151: it's not a problem. 1171227723 M * ircuser95151 ok. but this messages happend to often. earlier (about 2 weeks ago) I didn't saw so much of them 1171227890 M * ircuser95151 1 1171227916 M * daniel_hozac that probably means you're just running vps/vtop more often... 1171227916 Q * ircuser95151 Quit: IRC Webgate on http://ircinfo.ru -- all about IRC (EOF) 1171227922 J * newnick ~5bbb0017@webmaster.progtech.ru 1171227939 M * newnick was disconnected 1171227976 M * newnick i was asking about why these messsages shows to often 1171228150 Q * newnick 1171228264 J * adamm ~adamm@polaris.galacticasoftware.com 1171228369 M * adamm I just noticed something with networking in vserver. If I have a dummy interface setup with a 192.168.1.0/24 and a vserver only has a public IP on eth0, (ifconfig -a shown only the eth0 interface), I can still ping though the 192.168.1.0/24! It is like the interface is just cosmetically hidden, but still accessible. Is this the correct behaviour? 1171228636 M * Bertl daniel_hozac: yes, IIRC, we did 1171228678 M * Bertl adamm: ping doesn't even reach the guest (from outside) 1171228710 M * Bertl adamm: i.e. an incoming ping (from another host) is answered by the host with the proper reply 1171228714 M * adamm So, I should be able to ping, but I should not be able to connect to a service, right? 1171228816 M * adamm I guess this is because the vserver does not split the network stack per guest so the guest shares the routing table with the host... 1171228842 M * Bertl more than that, icmp is not related to routing at this layer :) 1171228881 M * Bertl i.e. an icmp request reaches the host, it checks if the ip is present (which is) and the icmp is answered 1171229012 M * adamm Well, I'm not concerned if it is answered or not. The question is more why am I even able to initiate the ping request where I do not see the network (with ifconfig) 1171229015 M * adamm Ok, installed iproute 1171229028 M * adamm the 192.168.1.0/24 is listed under if4 interface... 1171229051 M * adamm but gets hidden in ifconfig. 1171229057 M * Bertl no, it is not hidden 1171229075 M * adamm ifconfig -a does not show it 1171229076 M * Bertl just ifconfig is several years old, and does not handle the kernel API 1171229082 M * adamm ahh! ok :) 1171229101 M * Bertl basically ifconfig should have been abandoned 5 or more years ago 1171229123 M * Bertl if you check on the host, it will not see most stuff there either 1171229194 M * adamm Anyway, back to the "hidden' interface. `ip route` tells me that my privae IP address (192.168.1.1) was essentially inherited from the parent. It was not part of any configuration of vserver. This is why I'm able to ping stuff on the private network. 1171229262 M * adamm Ahh! `ip route` shows the routing table. `ip link` only shows the eth0 interface I see in ifconfig. 1171229306 M * Bertl if you don't assign an ip to a guest, the guest cannot bind services to it ... 1171229321 M * Bertl or the other way round, the guest can only bind services to assigned ips 1171229533 M * adamm Yes, but the guest seems to be still able to route packets to the networks with the wrong IP. This is where I pulled some hair out when I tried combining a routing box with vserver box. It just wouldn't work. Now I see why. If 66.a.b.c pings 192.168.1.5, normally, that would't work (without DNAT), but since they are on the same vserver host, the packets just seem to go though the lo interface... 1171229573 M * Bertl yes, all 'local' ips will be using lo directly 1171229592 M * Bertl you can block them with iptables though 1171229615 M * Bertl with very recent kernels, you can also (somewhat easily) redirect them 1171229670 M * adamm I'm using the 2.6.19.2 and I was a little suprised that NAT at least partially works. For example, going from 192.168.x.x (vserver) to public IP (host). 1171229696 M * Bertl sure, everything iptables can do, can be utilized 1171229709 M * Bertl there is no guest specific networking or stack 1171229726 M * Bertl there is just isolation on the ip (tcp and udp) layer 1171229799 M * Bertl you can dedicate a routing table (from multiple routing tables) to each guest, and set it up to have per guest routing, similar you can process the packets through a separate iptables chain, but all that happens on the host 1171229799 M * adamm Exactly. That can cause all sorts of problems if not careful. 1171229843 M * Bertl well, no problems here so far :) 1171229926 M * adamm Some months ago, I tried setting up routing such that default route for different vservers would go though a different IP (2 public IPs on 2 PPP). So, the default route worked perfectly. But I could not get routing for the other IP. 1171229959 M * Bertl then you did something wrong with your routing ... 1171229962 M * adamm The packets were being routed through the wrong interface with the other IP. 1171230005 M * adamm There was not errors in routing table. I later moved the routing table to a different box that now acts as the iptables/router, and it works perfectly. 1171230067 M * Bertl well, it's for sure simpler to handle for the unexperienced than multiple routing tables 1171230158 M * adamm Well, I have multiple routing tables (2 because of 2 IPs on two interfaces) on the router. And it works just as expected. I think it was a bug in the old vserver (it was 2.0 or 1.99 or some old version) with 2.6.16 kernel. 1171230183 M * Bertl 1.99 would be interesting :) 1171230210 M * adamm don't remember :) 1171230214 M * Bertl but I can assure you, there is nothing (in the Linux-VServer patch) which would affect that, it might still have been a 2.6.16 mainline issue 1171230240 M * adamm maybe 1171230601 M * Bertl daniel_hozac: did you report the dietlibc readdir() issue upstream yet? 1171230603 Q * meandtheshell Quit: Leaving. 1171231373 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at 1171231531 M * adamm Would it be possible if the vserver patches were distributed as signed diffs? Like the patches or released of Linux for example. 1171231565 M * waldi Bertl: isn't 2.2.0-pre3 new enough=? 1171231586 M * Bertl adamm: you can get a signature for a specific version iif you need it 1171231639 M * adamm Bertl: where from? Case-by-case basis? 1171231660 M * Bertl from me, and yes, on a case-by-case basis 1171231721 M * adamm Bertl: See, it would be nice to have them in the download area as path.sign file or something... I know, I'm paranoid but I think this is the only way where everyone know where the code actually comes from :) 1171231800 N * DoberMann DoberMann[ZZZzzz] 1171231895 M * Bertl adamm: well, it will hardly get more official than from me :) 1171231906 M * Bertl waldi: yes, that should be fine 1171231925 M * Bertl waldi: it seems to happen with the 2.6.18-3 kernels :) 1171231949 M * adamm Bertl: I know, but that way one could get the official seal directly without bothering you :) 1171231977 M * Bertl yeah, but that would _constantly_ bother me with signing :) 1171231988 M * waldi use https? 1171232030 M * Bertl well, we could add a certificate for certain sites I guess 1171232107 M * adamm https doesn't solve the issue at hand. The problem is someone gets access to server, modifies the patches. Then there is a problem. Code signing solves this problem. https is not needed because there is no sensitive information being transfered anyway. 1171232170 M * Bertl well, if somebody breaks into my servers, she can probably modify the kernel trees without me immediately noticing ... 1171232187 M * Bertl that in turn would result in a false security, with a signed patch, no? 1171232228 M * adamm so, the server is the same as your development box? 1171232241 M * Bertl the one I build the patches on, yes 1171232361 M * Bertl well, maybe I will add some kind of automation to that, now that I have a better upstream connection ... will think about it 1171232510 M * adamm maybe you guys need a signed version tracking tree, like arch or git for development... 1171232544 M * waldi what will this fix=? 1171232565 M * waldi someone with access to the box can also hack gnupg to accept fake signatures 1171232567 M * adamm so one can trust the source code? Or at least the source of the source code? 1171232595 M * adamm so what? You get your own gpg to check the signatures. 1171233121 M * daniel_hozac Bertl: not yet, i tried to subscribe to the mailing list but i haven't gotten any confirmation yet. 1171233160 M * Bertl bah, send an email to fefe, cc to me or so :) 1171233205 M * Bertl ah, and ensc, for fedora, no? 1171233422 M * daniel_hozac well, Fedora only builds for x86{,_64} and ppc. 1171233480 M * Bertl ah, okay 1171233703 M * daniel_hozac do we know what arches are affected? or is it sparc64 only at this point? 1171233740 M * Bertl I'd say, sparc64, alpha, probably ppc64, hppa, maybme mips64? 1171234020 J * Aiken ~james@ppp118-50.lns1.bne4.internode.on.net 1171234258 M * daniel_hozac okay, sent. 1171234370 M * Bertl morning Aiken! 1171234376 M * Aiken hi 1171234528 Q * duckx Remote host closed the connection 1171234717 Q * infowolfe_ Read error: Operation timed out 1171234806 J * infowolfe ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net 1171234837 M * matti Hi Aiken 1171235338 Q * Piet Quit: Piet 1171235547 Q * dlezcano Ping timeout: 480 seconds 1171236001 J * FireEgl Proteus@68.220.222.136 1171236319 Q * ensc Killed (NickServ (GHOST command used by ensc_)) 1171236328 J * ensc ~irc-ensc@p54B4F453.dip.t-dialin.net 1171237084 Q * shedi Quit: Leaving 1171237089 Q * dna Read error: Connection reset by peer 1171237597 J * shedi ~siggi@ftth-237-144.hive.is