1174435219 M * lylix if public, jsut assign them to the vserver and your ready to rock and roll... no need for iptables/service proxying 1174435265 M * slack101 serious? 1174435297 M * slack101 some guy is trying to tell me he to do iptables to forward this n that 1174435298 M * slack101 he said 1174435304 M * slack101 vservers cant havee external ip's 1174435306 M * slack101 just internal 1174435313 M * slack101 so you have to redirect external to internal 1174435355 M * slack101 lylix: ^^ 1174435721 M * slack101 anyone 1174435993 Q * PowerKe Ping timeout: 480 seconds 1174436121 J * Aiken ~james@ppp250-73.lns2.bne4.internode.on.net 1174436214 Q * meandtheshel1 Quit: Leaving. 1174437206 Q * pcdog Quit: This computer has gone to sleep 1174437673 J * xp_prg ~xp_prg@ftp.microvu.com 1174437762 M * xp_prg I need help understanding iptables in vservers, I want to block communication between two guest os's on the same host, anyone know how to do that? 1174439228 Q * Medivh Ping timeout: 480 seconds 1174439312 Q * boci^ Quit: Távozom 1174439404 Q * gerrit Ping timeout: 480 seconds 1174439429 J * Medivh ck@paradise.by.the.dashboardlight.de 1174441152 M * xp_prg hello anyone here? 1174441968 Q * bored2sleep Ping timeout: 480 seconds 1174442042 J * bored2sleep ~bored2sle@66.111.53.150 1174442886 J * PowerKe ~tom@d54C13E4B.access.telenet.be 1174443151 M * slack101 is any kind of forwaring or anything needed to gt vservers working if i give each person a external ip ? 1174443249 N * Bertl_zZ Bertl 1174443257 M * Bertl xp_prg: yes :) 1174443280 M * Bertl slack101: no, all networking happens on the host ... no forwarding, no special guest routing etc 1174443296 M * slack101 wait wait 1174443300 M * slack101 i have 8 external ip's 1174443304 M * Bertl slack101: the only thing you have to take care of is that your public ips actually can reach the internet 1174443328 M * slack101 i have 8 ip's assigned to an inerface 1174443339 M * Bertl slack101: you can test that with e.g. 'ping -I www.google.com' on the host 1174443366 M * slack101 once i have the ip addded ot inerface can i just add to the vserver 1174443402 M * Bertl yes, you can do it this way, or you can let the tools assign the ip for you (on guest startup) 1174443508 M * slack101 well this dude that is suppose to be setting me up a vserver seeem to think that the ip for your server can just be local 1174443527 M * Bertl nope, completely wrong 1174443537 M * slack101 i have 8 external ip's 1174443548 M * Bertl it can be _everything_ you can do on the host 1174443553 M * slack101 i can get more 1174443556 M * slack101 yea 1174443557 M * slack101 hm 1174443559 M * slack101 i mean 1174443568 M * slack101 so i have 8 ip's added to my eth1 1174443590 M * Bertl okay, try if they work in your setup (with the ping above) 1174443609 M * slack101 now cna i just assign one to a vserver when i am making / settting a guet up ? 1174443624 M * Bertl yes 1174443648 M * Bertl you just specify --interface / on creation 1174443671 M * slack101 no need for iptables forwarding or nothing ? 1174443674 M * Bertl this will assume that you always set up the ip on the host, and the tools do not handle that 1174443682 M * slack101 i wudnt think so but this guy seems to think 1174443689 M * Bertl slack101: no, no forwarding or masquerading or whatever 1174443706 M * lylix Bertl: hiya, back from ur nap? :) 1174443711 M * Bertl lylix: yep 1174443721 M * slack101 so just add ip's to eth1 .......then i can assign to a guest and it will work ? 1174443727 M * lylix heh... me go nap soon :( 1174443771 M * Bertl slack101: yep. if you want to share an ip between guests, using private ips for the guests and some S/DNAT rules is an option ... maybe your 'guy' is referring to that? 1174443788 M * Bertl lylix: np, recreating the issue is on my todo list 1174443813 M * lylix great... its rather interesting 1174443830 M * slack101 Bertl: no he thinks this ...........give every user a local ip and have iptables forward the incoming REAL ip to the local one 1174443832 M * lylix i had made an initial assumption that it had to do w/ udp sockets 1174443856 M * lylix but apps like bind seem to work fine in the situations where ast* , et. al are failing 1174443866 M * Bertl slack101: works too 1174443886 M * Bertl slack101: except for the 'forward' part, which has to be a NAT 1174443911 M * Bertl slack101: there is a lot of options with Linux-VServer :) 1174443916 M * slack101 stilll 1174443922 M * lylix do you want me to post up the chan_iax/sip.c files to that file repo, or you just gg to grab them from upstream? 1174443928 M * slack101 wouldnt it be better to give them the gues the real ip 1174443940 M * Bertl lylix: yeah, I'd appreciate that 1174443955 M * Bertl slack101: each approach has advantages over the other 1174443957 M * lylix n/p, ill post files from the 1.2 tree 1174443987 M * Bertl slack101: e.g. with a private IP per guest, you can easily change the public one without the guest noticing 1174444016 J * fosco_ ~fosco@konoha.devnullteam.org 1174444020 M * Bertl slack101: with a public ip assigned to the guest, it looks more like a real machine ... 1174444040 M * slack101 thats what i want 1174444083 M * slack101 he just seeems to think guest get local ip's ad you NAT incoming ip to their right local 1174444089 J * jkl O31dtEoo7C@c-67-173-253-237.hsd1.co.comcast.net 1174444089 Q * fosco Remote host closed the connection 1174444100 M * Bertl slack101: as I said, it is an option :) 1174444174 M * slack101 what is better? 1174444227 M * Bertl slack101: what do you prefer? chocolate or vanilla? 1174444231 M * slack101 Bertl: what do you recomend ? 1174444233 M * slack101 i mean 1174444238 M * slack101 what is a better method ? 1174444248 M * jkl chocolate-vanilla swirl! 1174444288 M * Bertl slack101: there is no better, it depends on your preference and the actual setup 1174444303 M * slack101 lol 1174444307 M * slack101 what would you do ? 1174444313 M * slack101 give user the external ip's 1174444314 M * slack101 or 1174444315 M * Bertl if you have fixed ips available, I'd use them 1174444320 M * slack101 fixed? 1174444332 M * Bertl public ips which will not go away tomorrow 1174444397 M * slack101 yes i have like 8 1174444417 M * slack101 is it ok giving them a whole network though ? 1174444418 M * Bertl so you will be able to set up 8 (or 7) guests 1174444424 M * slack101 i cna add more 1174444429 M * slack101 ip's 1174444435 M * Bertl then you can have more guests :) 1174444444 M * slack101 so this is the best way to do it ? 1174444467 M * Bertl once again, there is no general 'best' way, there are options 1174444472 M * slack101 i know 1174444472 M * slack101 \ 1174444474 M * slack101 buut 1174444477 M * slack101 theres the most 1174444479 M * slack101 ecoomical 1174444498 M * Bertl I can give you arguments for one over the other 1174444511 M * Bertl you have to check them against your requirements/preference 1174444527 M * slack101 give me a reason why i shouldnt use fixed ip's direct to the vserver? 1174444560 M * Bertl because you cannot move that guest easily without moving the ip with it 1174444582 M * slack101 thats not a problem 1174444611 M * Bertl because you might not get enough ips to have one per guest? 1174444631 M * slack101 i can get many as neeeded 1174444657 M * Bertl because you might want to have two versions of a guest running and switch between them on the fly (change the NAT)? 1174444765 M * Bertl ah, that must have been a good one :) 1174444849 M * jkl hehe 1174444877 M * jkl Bertl: On the topic of networking ... 1174444927 M * jkl I have public addresses assigned to guests, but I was hoping to only have a private non-nat'd IP on the host 1174444956 M * slack101 so should i give guest a public or local ip ? 1174444962 M * Bertl jkl: should work 1174444966 M * slack101 i want to do public 1174444971 M * Bertl slack101: go ahead with it 1174444975 M * slack101 but someone is saying do local but has no reaosns behind it 1174445002 M * Bertl slack101: well, I have both in use, local guests and guests with public ips 1174445032 M * Bertl slack101: maybe try public first, and switch to local if you feel like :) 1174445071 M * jkl Bertl: I imagine I would have to employ some sort of source routing magic on the host to get the traffic from the guests out to the correct default gw 1174445073 M * slack101 but 1174445075 M * slack101 hmmm 1174445100 M * Bertl jkl: no, you just set a default route as usual 1174445111 M * Bertl jkl: doesn't matter if the host is using it or not 1174445161 M * jkl Bertl: when i took the public ip down the default gw went with it. Obviously when i tried to add it back in I got "network unreachable" 1174445208 M * slack101 i think public ip would b better in this area 1174445211 M * jkl if the interface doesn't have an IP I don't understand how it can have a default gw on a network it doesn't belong to 1174445215 M * Bertl jkl: you want to have at least one public ip assigned on the host 1174445222 M * Bertl jkl: even if it is a guest ip 1174445262 M * jkl Bertl: oh, ok. That makes sense then. I was trying to have *no* public ips on the host ... but realized that it might be short of impossible 1174445266 M * slack101 also whats the best way to give a user a base system ? 1174445286 M * Bertl slack101: what's a base system? 1174445292 M * slack101 like a base gentoo 1174445297 M * jkl slack101: depends on what distro you are using afaic 1174445304 M * slack101 how would i go about taring it 1174445306 M * slack101 or w/e 1174445310 M * slack101 or is their premade ones ? 1174445322 M * Bertl gentoo is isntalled from the stage3 tars, IIRC 1174445336 M * slack101 ? 1174445342 M * slack101 what do you mean ? 1174445343 M * Bertl the tools handle that for you, you just have to download the tarball 1174445357 M * slack101 would it be better to compile it myself ? 1174445365 M * lylix Bertl: http://lx-vs.net/vserver/asterisk/ 1174445369 M * slack101 also i got gentoo on the server now ...........couldt i just tar that system ? 1174445380 M * Bertl slack101: you can do that as well (compile/tar) 1174445382 M * lylix hopefully that covers the relevant socket operations 1174445410 M * Bertl slack101: you want to cleanup the guest afterwards though, as you do not want the hardware specific stuff to be run 1174445429 M * slack101 what thw quickest way ? 1174445451 M * lylix opted for the 1.0.X sources... 1.2+ get crazy w/ includes, but the behavior is exactly the same 1174445464 M * Bertl slack101: http://www.gentoo.org/proj/en/vps/vserver-howto.xml#doc_chap3 1174445542 Q * softi42 Ping timeout: 480 seconds 1174445644 M * jkl slack101: http://www.gentoo.org/proj/en/vps/vserver-howto.xml 1174445644 M * jkl that's what I followed 1174445644 M * jkl what you end up with is a "base gentoo vserver" 1174445644 M * jkl which you can then copy as many times as you want, and modify to your liking 1174445644 M * jkl i have a cron job that starts up my original gentoo vserver and performs an emerge -u world every week, then shuts it off 1174445644 M * jkl that way it's always updated and ready to go 1174445645 M * jkl there are some neat vserverized gentoo commands you can use too like vemerge and 'vupdateworld --all' 1174445669 M * Bertl hmm, didn't I paste that? 1174445676 M * jkl woha, I'm desync'd 1174445688 M * slack101 jkl: well did you compile the tars yourself ? 1174445751 M * jkl slack101: don't bother trying to make an image of your running host 1174445761 M * jkl just get a stage3/4 tarball and follow the guide 1174445781 M * slack101 wouldnt i be loosing the fact of compiling it and having it optimized ? :) 1174445782 M * lylix yeah, but there are some caveats to gentoo guests... ie. use a specific vserver profile, baselayout-vserver instead of baselayout 1174445793 M * lylix unless you intend to run the alpha baselayout 1174445843 M * jkl lylix: yeah, agreed. unless you know what you're doing, using a host as a guest can be problematic with regard to the layouts, and device specific stuff as bertl mentioned 1174445874 M * slack101 but still isnt the whole point of using gentoo for it to be optimzied or w/ 1174445875 M * slack101 e 1174445878 M * jkl slack101: with regard to optimization ... once the guest is built, you can copy over your CFLAGS and make.conf stuff to the guest 1174445904 M * slack101 stage 3 is already compiled though right ? 1174445905 M * jkl slack101: then re-merge the system if you want, chances are you'll have to re-merge everything from scratch in a week anyway :P 1174445922 M * slack101 i didnt built he original system with gentoo 1174445923 M * lylix yep, and just have a compile fest in the guest, tar it, and run ;) 1174445924 M * slack101 someone else did 1174445953 M * slack101 but wouldnt i have the same problem if i compiled gentoo in th guest ? hardware ? 1174445979 M * lylix honestly... what is your goal for running gentoo? optimization? familiarity? 1174445987 M * slack101 wasnt my idea lol 1174445990 M * slack101 this other guys 1174445994 M * slack101 and he said optmization 1174446004 M * slack101 said thngs will run better 1174446006 M * slack101 ./ faster 1174446012 Q * neuralis Remote host closed the connection 1174446014 J * neuralis ~krstic@solarsail.hcs.harvard.edu 1174446015 M * lylix well, to be honest... your prob not going to see show-stopping results 1174446026 M * slack101 huh? 1174446047 M * lylix and your overall maintenance will be far lesss w/ a binary based distro 1174446060 M * slack101 thats what i was saying 1174446066 M * slack101 but hes like OH NO 1174446067 M * slack101 gentoo 1174446070 M * slack101 all newest shti 1174446075 M * slack101 shit run 30 % faster 1174446093 M * Bertl slack101: if you tune your kernel to contain only actually needed stuff the overall system will be quite a lot faster too :) 1174446120 M * slack101 so what should i do ? 1174446133 M * slack101 what the best binary based distro ? 1174446149 M * lylix are these gg to be hosting based distros? ie web, mail, blah 1174446153 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174446159 M * slack101 yes 1174446159 M * lylix s/distros/vservers 1174446169 M * lylix go for debian, fedora, or centos 1174446179 M * slack101 which one is light ? 1174446190 M * slack101 ./ not bloated 1174446194 M * Bertl slack101: those are questions your have ... "what is my better toe, the big one or the tiny one?" 1174446202 M * slack101 still 1174446206 M * lylix debian and centos can be stripped down to 80-100MB 1174446207 M * slack101 theres an overall kinda thing 1174446212 M * lylix then add your apps 1174446220 M * slack101 what is a centos base 1174446221 M * slack101 plus 1174446234 M * slack101 i didnt really want to build the tar .............if so i would just use gentoo 1174446273 M * slack101 i dont want ot give users access to some shit that might cmpermise the server 1174446286 M * slack101 certain hardware for one 1174446357 M * Bertl slack101: by default, Linux-VServer guests are considered secure 1174446381 M * slack101 i mean ........if i tar my current system and give them that 1174446384 M * Bertl slack101: if you add devices and/or capabilities, the guests will be able to mess with the hardware and such 1174446385 M * slack101 that would be bad right ? 1174446410 M * slack101 what kind of devices ? 1174446421 M * Bertl slack101: if you install it with the template method, /dev will be cleaned up and contain only a few devices 1174446437 M * slack101 will i still be able to compile ? 1174446451 M * Bertl you can do similar with the skeleton method, and populate that later .... and yes, you will be able to compile :) 1174446464 M * slack101 how does template method work ? 1174446485 M * Bertl it untars a tar, and replaces the dev and proc entries, IIRC 1174446510 M * slack101 im sorry .........ok per say i want the template method how would i go about doing it ? 1174446519 M * slack101 sorry this is my first time doing this 1174446554 M * Bertl np 1174446568 M * slack101 and is Vserver the most lightest when it comes to vserver ? cmpared ot virtuzzo and all ? 1174446570 M * Bertl did you look at the url jkl and I posted? 1174446576 M * slack101 yes 1174446589 M * slack101 it ants me to download a stage 3 1174446589 M * Bertl the template method is used there 1174446598 M * slack101 whcih i thught was already compiled 1174446639 M * slack101 how big will a gentoo base be ? 1174446642 M * Bertl the stage 3 mentioned there is specially suited for guest systems 1174446656 M * Bertl i.e. it will not contain stuff you do not need/want 1174446662 M * slack101 ahh 1174446669 M * slack101 but it still still compile it or w/e ? 1174446687 Q * hardwire Quit: Coyote finally caught me 1174446690 M * Bertl I'm pretty configdent, although I'm not a gentoo person :) 1174446699 M * Bertl *confident 1174446700 M * slack101 i eee 1174446700 M * lylix Bertl: ttyl, gg down now. if you have a chance to look at that bind issue, ill chat w/ you later about it 1174446712 M * Bertl lylix: will do so, cya! 1174446723 M * slack101 im wondering if its smart to use gentoo in the first place 1174446740 M * slack101 i can just see people with little know of linux compiling and installing stuff 1174446744 M * Bertl you have to ask that yourself and/or the gentoo folks :) 1174446762 M * slack101 i dont think my custmomers know to much about it 1174446778 M * Bertl what do they know much about? 1174446789 M * slack101 prolly just want a web server 1174446800 M * slack101 and have hard they need a vp for cetain things i dunno 1174446815 M * slack101 also i cna see lao of system perfroamnce being used by them compiling software 1174446938 M * Bertl that is a good point for package based distros 1174446951 M * Bertl OTOH, gentoo allows for binary packages too 1174446961 M * slack101 on some 1174446979 M * slack101 ifi had it my way i would use slackware 1174446980 M * slack101 but 1174446984 M * slack101 no package system there 1174446991 M * slack101 and ubuntu was very bloated 1174446996 M * slack101 and i necver liked debian 1174447000 M * slack101 becasue of that 1174447014 M * slack101 plus i dont like the name debian 1174447021 M * slack101 or its logo 1174447078 M * Bertl you can run slackware in a Linux-VServer too :) 1174447115 M * slack101 no package management system 1174447122 M * slack101 == prolly a nightmare 1174447144 M * slack101 ./ i would have to figure out what crap to take out hardware wise n stuff 1174447165 M * Bertl as I said, it's up to you ... Linux-VServer provides the isolation, the rest is your policy decision 1174447189 M * jkl slack101: with the template method on that guide, the resulting vserver will have all the gcc/toolchain components necessary to compile apps 1174447190 M * jkl slack101: a base gentoo system (that isn't binary) always needs a complete toolchain 1174447190 Q * jkl cation.oftc.net unununium.oftc.net 1174447190 Q * pflanze cation.oftc.net unununium.oftc.net 1174447190 Q * zLinux cation.oftc.net unununium.oftc.net 1174447190 Q * doener cation.oftc.net unununium.oftc.net 1174447190 Q * renihs cation.oftc.net unununium.oftc.net 1174447190 Q * brcc_ cation.oftc.net unununium.oftc.net 1174447190 Q * virtuoso cation.oftc.net unununium.oftc.net 1174447190 Q * Hollow cation.oftc.net unununium.oftc.net 1174447190 Q * TrueBrain cation.oftc.net unununium.oftc.net 1174447190 Q * cohan_ cation.oftc.net unununium.oftc.net 1174447190 Q * ex cation.oftc.net unununium.oftc.net 1174447227 M * slack101 but the thing is gentoo a smart choice for a server hmmm 1174447278 J * jkl LAgTIEmpcR@c-67-173-253-237.hsd1.co.comcast.net 1174447283 M * jkl ugh, freaking netsplits 1174447288 M * slack101 i mean 1174447304 M * slack101 i mean should i used a compile based distro for my users hmmmm 1174447305 M * jkl sorry, I may have missed what you said, slack101 1174447314 M * slack101 80 percent prolly will be linux stupid 1174447324 M * Bertl nice, creating 10k contexts took about 7 seconds here :) 1174447338 M * jkl slack101: having a toolchain around gives people the ability to build their own software, and some admins feel that this is a security risk 1174447349 J * pflanze ~chris@84-73-56-197.dclient.hispeed.ch 1174447349 J * zLinux ~zLinux@88.213.58.16 1174447349 J * doener ~doener@host.magicwars.de 1174447349 J * brcc_ bruce@i.am.someasshole.com 1174447349 J * virtuoso ~s0t0na@80.253.205.251 1174447349 J * Hollow ~hollow@styx.xnull.de 1174447349 J * TrueBrain truelight@openttd.org 1174447349 J * cohan_ ~cohan@koniczek.de 1174447349 J * ex ex@81.219.196.129 1174447355 M * slack101 is it ? 1174447355 M * jkl Bertl: that's impressive! 1174447378 M * jkl slack101: I believe it can be 1174447388 M * slack101 it is thier virtual server so it owuldnt affect me would it ? 1174447397 M * jkl slack101: the current vserver system I am building lacks gcc on all the guests for that reason 1174447412 M * slack101 what exactly could happen ? 1174447425 M * jkl slack101: it would if it got broken into, and someone built nasty code that ended up taking your whole box down 1174447437 J * renihs ~penguin@83-65-34-34.arsenal.xdsl-line.inode.at 1174447437 M * jkl slack101: but that shouldn't happen if you use cpu and memory limits 1174447445 M * slack101 i do 1174447470 M * Bertl yes, that is always a good argument against gcc/toolchain on a guest (I avoid that too wherever possible) 1174447489 M * jkl slack101: if you're using gentoo, there is little you can do to avoid having gcc on the guests 1174447513 M * jkl debian offers an excellent alternative in a binary oriented distro 1174447542 M * jkl (gentoo can be a binary distro too, but that is not it's native behavior) 1174447556 M * jkl (as debian can be a source distro, but that isn't native either) 1174447604 M * slack101 whats another good binary based distro besides debian ? 1174447606 M * jkl slack101: Hollow may know more about that though ... he is the guy who works mostly on gentoo-vserver stuff 1174447630 M * jkl slack101: in my opinion, something based on debian :P 1174447641 M * slack101 i really dislike debian 1174447643 M * slack101 i hated ubuntu 1174447645 M * jkl why? 1174447651 M * Bertl slack101: I use mandriva 1174447655 M * slack101 i didnt like my expericne with ubuntu 1174447726 M * jkl slack101: how long have you used gentoo? 1174447735 M * slack101 never 1174447738 M * jkl hehe 1174447744 M * slack101 thi dude that was gong o setup my server 1174447746 M * slack101 put it on there 1174447764 M * slack101 he said with gentoo things will run real fast 1174447774 M * jkl as others have said, these performance gains and optimizations will rarely be seen in day to day use 1174447790 M * slack101 he said that bullshit 1174447800 M * slack101 he said 30 percent increase 1174447823 M * jkl well, there are many arguments that I have read that support either side 1174447840 M * jkl I'm a gentoo user myself 1174447848 M * slack101 well i like iti for desktop use 1174447862 M * slack101 but i can just se e 20 users 1174447870 M * slack101 18 not knwoing crap about linux 1174447874 M * slack101 compiling new programs 1174447883 M * jkl then don't give them root 1174447889 M * slack101 huh? 1174447892 M * jkl hehe 1174447894 M * slack101 its their vps 1174447923 M * Bertl how about letting them choose the distro too? 1174447927 M * jkl well, you don't have to use gentoo vservers on a gentoo host 1174447927 M * slack101 yea 1174447936 M * slack101 yea i know 1174447936 M * jkl you can build a debian vserver that runs under a gentoo host 1174447944 M * Bertl probably will opt for redhat, as they know the name :) 1174447949 M * slack101 i will keep using gentoo here 1174447957 M * slack101 lol 1174447965 M * slack101 red hat cost money ? 1174447969 M * Bertl then you install fedora core 6 which is quite easy 1174447989 M * jkl fedora is free afaik 1174448000 M * jkl RedHat Enterprise Linux is not 1174448009 M * slack101 i was looking for somethig more minimal those are like 2 gb base distros :) 1174448028 M * jkl they can be. they can also be smaller 1174448042 M * slack101 hmmmmmmmmmmmmmm 1174448046 M * slack101 jeeeeeese 1174448046 M * Bertl slack101: by default, Linux-VServer does a minimal install 1174448079 M * Bertl so guests are typically between 100 and 400MB 1174448094 M * slack101 should i jus keep gentoo on the guest 1174448095 M * slack101 hmmmm 1174448145 M * jkl my base gentoo vserver is 499M 1174448151 M * slack101 damn 1174448155 M * jkl that's w/o portage 1174448159 M * slack101 ooo 1174448160 M * Bertl and if you have a binary distro (or use templates) then you can reduce the space and resource consumption further by unifying the guests 1174448162 M * slack101 kinda large 1174448168 M * jkl i have no idea why it's that big though! 1174448185 M * slack101 cent os any good ? 1174448209 M * jkl 253MB of libraries 1174448219 M * slack101 i would like to put a nice slackware right on there 1174448221 M * slack101 but 1174448222 M * jkl that's the cost of having a source based distro 1174448227 M * slack101 o package system 1174448264 A * jkl thinks to himself that it might be a good idea to share /usr/lib between guests ... 1174448284 M * lylix slack no package system?!? 1174448285 M * slack101 i really dont want to share nothing 1174448290 M * lylix might wanna check out slapt-get 1174448298 M * lylix works fine in slackware guests 1174448301 M * slack101 slapt-get and what repos ? 1174448304 M * slack101 updatd one ? 1174448313 M * lylix yes, based on the distro release 1174448319 M * lylix even 11.0 1174448324 M * lylix or whatever is recent 1174448346 M * slack101 doesnt gentoo add new stuff all the time ? 1174448349 M * slack101 along with other stuff ? 1174448390 M * slack101 i have used slackware for years 1174448430 M * jkl slack101: if you mean adding new packages and apps to portage, then the answer is yes 1174448456 M * slack101 anyone here ever use cent os ? 1174448463 M * jkl slack101: as far as in relation to other distros, that's something I am not up to speed on 1174448472 M * slack101 i want a base below 200 mb 1174448478 M * slack101 then i will add from there 1174448484 M * jkl I'm sure etch contrib/non-free gets a lot of new stuff 1174448519 A * slack101 really doesnt want to use debian :) 1174448578 M * jkl slack101: I would experiment with building several types of vservers using different distros then until you find something you like 1174448585 M * slack101 lol 1174448592 M * slack101 i just want to decide now and stick to it 1174448615 M * Bertl then do that :) 1174448618 M * slack101 ideally slackware would be perfect ............but i need better package management 1174448635 M * slack101 and RH and fedora and all that seeeem bloooooated 1174448658 M * slack101 i have heard tha gentoo is 10x better speed wise but i don' think its worth the compiling and extra space 1174448662 M * jkl agreed. Bertl mentioned that building a fedora vserver starts out with a very base system 1174448677 M * slack101 a very base system ? 1174448680 M * jkl unlike installing rh/fedora from cd 1174448694 M * slack101 small ? 1174448694 M * jkl slack101: stripped down 1174448698 M * slack101 fedora might be good 1174448706 M * slack101 whats the difference between fedora and centos ? 1174448736 M * jkl not sure. My experience with both is limited 1174448747 M * slack101 both free versions of RH 1174448748 M * Bertl centos is not that updated, but longer maintained (in theory) 1174448763 M * slack101 fedora is a winner there then ? 1174448768 M * slack101 might just use fedora 1174448776 M * jkl in what sense would it be a winner? 1174448777 M * slack101 how msall is the base ? 1174448866 M * Bertl will get to that in an hour or so :) 1174448887 M * slack101 :P 1174448888 M * slack101 also 1174448904 M * slack101 vserver-stat 1174448904 M * slack101 CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME 1174448904 M * slack101 0 51 53.8M 20.2M 0m48s59 0m16s84 1d03h30 root server 1174448904 M * slack101 1253 1 1.3M 488K 0m00s26 0m00s19 30m29s31 guestuser 1174448909 M * Bertl currently finished ubuntu and debian test installs ... 1174448912 M * slack101 what are these ? 1174448919 M * slack101 are these vps 1174448924 M * slack101 or daemons for them 1174448927 M * slack101 or what ? 1174448938 M * Bertl that is an overview of your system 1174448946 M * jkl you have a vserver running called "guestuser" 1174448948 M * Bertl root is the 'root or host server' 1174448962 M * Bertl guestuser is a guest with a single process 1174448971 M * slack101 ahh 1174448977 M * slack101 so theres 1 vps running right now ? 1174448988 M * jkl slack101: yep. 1174448991 M * Bertl looks like 1174448995 M * slack101 also how do i stop / delete it ? 1174449010 M * Bertl vserver --help 1174449034 M * Bertl vserver - --help 1174449048 M * slack101 huh? 1174449063 M * Bertl should tell you everything you want to know 1174449107 M * slack101 also how big wa your debian instal ? 1174449184 M * Bertl which one? Potato, Woody, Sarge, or Etch? and 32 or 64bit? 1174449201 M * slack101 Etch 1174449214 M * Bertl 153472 /vservers/etch01 1174449214 M * Bertl 150445 /vservers/etch64 1174449232 M * Bertl second one is the 64bit guest 1174449237 M * slack101 153 mb ? 1174449251 M * slack101 what else you got installed ? 1174449251 M * Bertl yup 1174449280 M * Bertl as I said, I finished testing ubuntu and debian, and I have a mandriva guest here too 1174449307 M * slack101 mandrivia i always thought of a windows style nix 1174449326 M * slack101 maybe i will just use debian 1174449326 M * Bertl which means? 1174449333 M * slack101 bloated :) 1174449352 M * Bertl 151841/vservers/mdv001 1174449369 M * Bertl that is with apache, postgresql and postfix installed 1174449457 M * jkl geez, my smallest debian vserver is 223M 1174449481 M * jkl I'm glad i'm not concerned with size 1174449591 M * slack101 i got like 70 GB 1174449596 M * slack101 and thats it atm 1174449598 M * slack101 i will buy more 1174449603 M * slack101 but trying to work with what i got 1174449669 M * Bertl well, let me do some math here, 4GB for system, 200MB for each guest (system) + 300MB for the userdata 1174449697 M * Bertl that makes roughly 130 guests ... probably enough for a start 1174449703 M * slack101 lol 1174449721 M * slack101 i willl just use debian 1174449729 M * slack101 sounds like the most simple 1174449809 M * Bertl debian is definitely something simple to install and widely accepted 1174449816 M * slack101 yea 1174449819 M * slack101 i will offer 1174449825 M * slack101 gentoo and slackware maybe down the road 1174449831 M * slack101 just start with debian for now 1174450062 M * Bertl daniel_hozac: ping? 1174450133 Q * ensc Ping timeout: 480 seconds 1174450147 M * slack101 having a hard time fnding out how to work vserver 1174450158 M * Bertl how so? 1174450183 M * jkl it's only been 5 minutes! 1174450422 J * phreak``_ ~phreak``@deimos.barfoo.org 1174450446 M * slack101 like 1174450453 M * slack101 vserver stop guestuser 1174450457 Q * phreak`` Read error: Connection reset by peer 1174450499 M * Bertl vserver --help 1174450519 M * jkl slack101: that's _really_ close 1174450521 M * slack101 yea got it 1174450529 M * slack101 vserver guestuser stop 1174450535 M * Bertl bingo! 1174450547 M * slack101 pays to read instructions 1174450559 M * jkl instructions can be confusing 1174450597 M * slack101 buut 1174450604 M * slack101 i dont seee anything how cna i list ? 1174450609 M * slack101 like list vservers i have 1174450613 M * slack101 dont have ot be running 1174450625 M * Bertl ls /etc/vservers 1174450696 M * slack101 thanks 1174450699 M * slack101 really cool 1174450700 M * slack101 cool stuff 1174450702 M * slack101 i like 1174450729 M * slack101 the hostname 1174450735 M * slack101 should that be their hostname 1174450739 M * slack101 or one i give them ? 1174450756 M * slack101 or is that basically a reverse ip or something ? 1174450763 M * slack101 reverse address 1174450766 M * Bertl what exactly is the difference? 1174450797 M * slack101 it ask for hostname 1174450801 M * Bertl it is the name you will get (by default) if you do 'hostname' 1174450825 M * slack101 im lost 1174450828 M * slack101 hostname like 1174450832 M * slack101 myserver.dfdd.com 1174450840 M * Bertl type 'hostname' 1174450849 Q * phreak``_ Remote host closed the connection 1174450851 M * slack101 ahhhh 1174450859 M * slack101 so it has nothing to do with anything network wise 1174450861 M * slack101 just a name 1174450864 J * phreak`` ~phreak``@deimos.barfoo.org 1174450879 M * Bertl it is identical to the uts setting shown by the command 'hostname' on the host 1174450892 M * Bertl (just for the guest) 1174450910 M * Bertl typically distros will use that name to lookup the guest ip and such 1174450948 M * slack101 does the hostname mean anything ? 1174450961 M * slack101 mine said 1174450963 M * slack101 slackware 1174450992 M * slack101 # newvserver --vsroot /var/lib/vservers/ --hostname test1 --domain example.com --ip 10.1.1.7/8 --dist etch --mirror http://ftp.au.debian.org/debian/ --interface eth1 1174451000 M * slack101 is this the best way to install a distro ? 1174451003 M * Bertl nope 1174451008 M * slack101 will it install all that hardware crap ? 1174451017 M * slack101 also i meant domain 1174451025 M * slack101 whos domain is that ? 1174451030 M * slack101 one i give them ? 1174451032 M * Bertl vserver etch01 build -m debootstrap --context 10104 --hostname etch01.debian.org --interface eth1:10.1.4.1/24 -- -d etch -m http://ftp.debian.org/debian -- --arch i386 1174451059 M * Bertl adjust the context number, host name and ip 1174451082 M * slack101 will that take out the hardware stuff ? 1174451091 M * slack101 and stuff so they cant mess up with ther things on the actual server? 1174451097 M * Bertl that will give you a minimal install which is safe 1174451103 M * slack101 ah 1174451104 M * slack101 ok 1174451108 M * slack101 now doamin 1174451110 M * slack101 whos is that ? 1174451129 M * Bertl there is no domain in my example :) 1174451136 M * slack101 ah 1174451142 M * slack101 but if there was whos would it be :P 1174451147 M * slack101 one i give them 1174451149 M * slack101 ? 1174451186 M * Bertl if there was, it would be a syntax error :) 1174451199 M * slack101 huh? 1174451208 M * slack101 also you have arch as i386 ? 1174451216 M * Bertl vserver - build does not know --domain 1174451263 M * Bertl (see vserver - build --help) 1174451296 M * Bertl the arch part is because debian uses i386 instead of i586 or i686 1174451328 M * slack101 it does ? 1174451345 M * Bertl http://ftp.debian.org/debian/pool/main/d/debootstrap/ 1174451397 M * slack101 whats the context number ? 1174451417 M * Bertl a supposed to be unique number between 2 and 49151 1174451437 M * Bertl it is the handle for your guest (at least for the kernel) 1174451511 M * slack101 so it doesnt really matter? 1174451547 M * Bertl no, as long as it is unique 1174451568 M * slack101 alright cool cool 1174451578 M * slack101 the guest will never see it though right ? 1174451588 M * Bertl nope, only the host 1174451687 M * slack101 for every new ip do i have a new interface ? 1174451694 M * slack101 eth1 th0 ? 1174451696 M * slack101 e 1174451739 M * slack101 Bertl: or does 1 interface have multiple ip's ? 1174451740 M * Bertl the --interface eth1:10.1.4.1/24 means, that the tools should assign the ip for the guest to eth1 1174451749 M * slack101 i mean i got one ip 1174451752 M * slack101 on eth0 1174451758 M * slack101 and another on eth1 1174451765 M * slack101 and eth2 so on 1174451767 M * Bertl so when the guest is started, it will assign 10.1.4.1/24 to eth1 1174451773 M * slack101 is that the right way to do it ?? 1174451788 M * Bertl the ethX is the interface on the host 1174451800 M * slack101 im sorry 1174451802 M * slack101 nevermind 1174451807 M * Bertl so assumed that you will put all the public ips on eth0 then this would be eth0 1174451808 M * slack101 eth0:1 1174451816 M * slack101 i mis read 1174451836 M * Bertl you do not need to use aliases (e.g. eth0:1) but you can do that as well :) 1174451854 M * slack101 do you know a good way to add ip's to the nterface ? 1174451861 M * slack101 do i need to use that ? 1174451880 M * Bertl with the example given above, the tools will do the adding for you 1174451894 M * slack101 the guy that was setting up the server before added the ip to the interface 1174451900 M * slack101 i need to add like 5 more 1174451900 M * Bertl if you add them manually, ip (from iproute2) is the tools of your choice 1174451922 Q * Aiken Read error: Connection reset by peer 1174451924 M * Bertl but as I said, no need to do so, the tools will do that if told to 1174451944 M * slack101 i still need ot add it to my interface first though right ? 1174451952 M * Bertl nope 1174451969 M * Bertl if you specify eth0:/ 1174451983 M * Bertl then this means that the tools will add it to eth0 on guest startup 1174451998 M * Bertl if you specify hansi=eth0:/ 1174452012 M * Bertl then this means that you want the tools to create an alias (eth0:hansi) 1174452012 M * slack101 no i meant add the ip to the host interfac 1174452012 M * slack101 e 1174452016 M * slack101 to make it accessible 1174452022 M * jkl Bertl: Here's an interesting one. Creating an etch vserver, using newvserver, edits /etc/motd on the _host_ with the hostname of the guest i created! 1174452036 M * Bertl if you specify / (without any ethX) 1174452045 M * slack101 vserver etch01 build -m debootstrap --context 1001 --hostname etch01.debian.org --interface eth0:6x.64.5x.24x/24 -- -d etch -m http://ftp.debian.org/debian -- --arch i386 1174452049 M * slack101 this look right 1174452051 M * slack101 ? 1174452054 M * Bertl then this means that the ip will only be used and has to be setup before the start 1174452081 M * Bertl yes, looks good 1174452094 A * slack101 crosses fingers 1174452099 M * Bertl although you might want to change the etch01.debian.org to your guest hostname 1174452115 M * Bertl i.e. if it will be www.lamers.org then use that there 1174452130 M * slack101 can i chnage the hostname ? 1174452144 M * slack101 what do you mean 1174452145 M * slack101 my site ? 1174452146 M * Bertl sure, all config is in /etc/vservers/ 1174452216 M * Bertl (including the hostname) 1174452218 M * slack101 whats the host name for ? 1174452220 M * slack101 i mean 1174452231 M * slack101 does it have any other useful then just a name ? 1174452279 M * slack101 and right after vserver 1174452287 M * slack101 i can change that name too right ? 1174452321 M * Bertl what's in a name? that which we call a rose By any other name would smell as sweet 1174452349 M * slack101 just checking if hoost name had any other significance 1174452367 M * Bertl if you log into the guest, the first part of the name will be used by most shells 1174452388 M * Bertl many apps do a lookup hostname->ip 1174452408 M * Bertl to know what the canonical ip/name is 1174452433 M * slack101 vserver test101 build -m debootstrap --context 1001 --hostname tessster --interface eth0:69.6x.5x.2xx/24 -- -d etch -m http://ftp.debian.org/debian -- --arch i386 1174452436 M * slack101 this work ? 1174452440 M * slack101 ./ look good ? 1174452459 M * Bertl looks good 1174452467 M * slack101 lets give it a try 1174452514 M * slack101 Could not find local version of 'debootstrap'; downloading it from 1174452557 M * slack101 i am on gentoo atm btw 1174452561 M * Bertl please do not copy paste the following 200 lines of output :) 1174452569 M * slack101 im not ;) 1174452577 M * slack101 but hwat does this mean 1174452589 M * slack101 or gotta do 1174452604 M * Bertl it means that it could not find a local version of 'debootstrap' and now it is downloading it from ... 1174452632 M * slack101 dont i have to be on debian though ? 1174452645 M * slack101 ERROR: Could not download the debootstrap package from 1174452657 M * slack101 is debootstrap needed ? :P 1174452684 M * Bertl yes 1174452689 M * slack101 o btw where do i set ram and disk quota ? 1174452692 M * slack101 grrrrrrrrrrrrr 1174452692 M * Bertl probably your tools are a little older 1174452696 M * slack101 tools ? 1174452701 M * slack101 im not on debian 1174452714 M * slack101 the server i gentoo 1174452714 M * jkl you may want to get sys-apps/debianutils 1174452723 M * slack101 lol 1174452730 M * Bertl add this: 1174452730 A * slack101 's server is on gentoo 1174452732 M * Bertl http://ftp.debian.org/debian/pool/main/d/debootstrap/debootstrap_0.3.3.2_all.deb 1174452739 M * Bertl to the file /lib/util-vserver/defaults/debootstrap.uri 1174452750 M * Bertl (or better, replace the contents there) 1174452754 A * slack101 's server is gentoo 1174452818 M * Bertl make sure to 'delete' the guest or add --force on the next try 1174452874 M * slack101 Bertl: dont i need to be on debian to do this in the first place ? 1174452957 M * Bertl nope 1174452978 M * Bertl just adjust the uri file as I said 1174452994 M * slack101 i dont have no debootstrap folder in that dir 1174453006 M * slack101 apps # ls 1174453006 M * slack101 vunify 1174453025 M * slack101 /etc/vservers/.defaults/apps/debootstrap/uri 1174453031 M * slack101 maybe create it ? 1174453054 M * Bertl vserver-info - SYSINFO | grep prefix: 1174453082 M * slack101 ./usr 1174453093 M * Bertl then it is in /usr/lib/util-vserver/defaults/debootstrap.uri 1174453133 M * Bertl but you can put it in /etc/vservers/.defaults/apps/debootstrap/uri as well 1174453133 M * slack101 http://ftp.debian.org/debian/pool/main/d/debootstrap/debootstrap_0.3.3_all.deb 1174453146 M * Bertl see, they updated to 0.3.3.2 1174453182 M * Bertl (and smart as debian folks are, removed the old one :) 1174453216 M * slack101 lol 1174453218 M * slack101 also 1174453227 M * slack101 how do i add ram limits 1174453230 M * slack101 do i do that now ? 1174453232 M * slack101 or later? 1174453236 M * slack101 and disk quota 1174453244 M * Bertl typically later ... 1174453265 J * gerrit ~gerrit@mobile-166-214-026-033.mycingular.net 1174453295 M * Bertl nevertheless, for disk limits (on a shared partition), you should make sure that the guests are on a partition different from the host 1174453319 M * slack101 its working 1174453327 M * slack101 i am aying does vserver do disk quota and ram ? 1174453382 M * Bertl http://linux-vserver.org/Resource_Limits 1174453399 M * Bertl http://linux-vserver.org/Memory_Limits 1174453431 M * Bertl http://oldwiki.linux-vserver.org/Disk+Limits 1174453624 J * hardwire ~bip@rdbck-1277.palmer.mtaonline.net 1174453656 M * slack101 btw 1174453666 M * slack101 how am i going ot give users access to their server ? 1174453673 M * slack101 like through ssh ? 1174453683 M * slack101 like make them a ssh and start it ? 1174453693 M * slack101 yea dumb question 1174453749 M * Bertl yes, via sshd# 1174453762 M * Bertl i.e. you install sshd into each guest and make sure it is running 1174453776 M * Bertl your 'customers' can then ssh into their 'guest' 1174453843 M * slack101 yea 1174453849 M * slack101 jus did that 1174453862 M * slack101 but uder what unmae do they use root ? 1174453881 M * slack101 casue i had the hostname to be tessster 1174453910 M * Bertl well, they can use whatever user is configured inside the guest 1174453923 M * slack101 i mean 1174453928 M * slack101 is there a root ? 1174453932 M * slack101 or would i have ot make that ? 1174453933 M * Bertl yes, of course 1174453943 M * slack101 i never set a root pass though ? 1174453962 M * Bertl root is there, but by default, sshd doesn't allow root to logon 1174453974 M * slack101 what the pass then ? 1174453975 M * Bertl you can 'enter' the guest and set one with 'passwd' 1174454001 M * Bertl (there is no default root passwd) 1174454020 M * slack101 ah 1174454033 M * slack101 you said ssh doesnt allow root login ? 1174454095 M * Bertl IIRC, it needs to be enabled in the config 1174454131 M * Bertl see 'man sshd_config' for details 1174454219 M * slack101 also 1174454227 M * slack101 since i have the sshd installed now 1174454237 M * slack101 will it start everytime the server is 1174454238 M * slack101 i mean 1174454240 M * slack101 the gues is 1174454267 M * Bertl that depends on the guest config (inside the guest) 1174454286 M * Bertl but usually yes 1174454299 J * DoberMann_ ~james@AToulouse-156-1-94-78.w90-30.abo.wanadoo.fr 1174454314 M * Bertl note: you have to restrict the sshd on the host to allow guest sshds to bind 1174454335 M * slack101 PermitRootLogin yes 1174454338 M * Bertl (i.e. you set the ListenAddress to a host only ip) 1174454338 M * slack101 it already said yes 1174454364 M * slack101 what do you mean ? 1174454380 M * slack101 #ListenAddress :: 1174454380 M * slack101 #ListenAddress 0.0.0.0 1174454385 M * Bertl on the host 1174454405 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds 1174454411 M * Bertl default is 0.0.0.0, which will bind _all_ ips, even those you want to use for guests 1174454432 M * slack101 i dont get it 1174454434 M * Bertl so you have to reduce that to IPs reserved for the host 1174454436 M * slack101 sint the networks islotated 1174454453 M * slack101 so having port 22 open 1174454456 M * Bertl guest networks/ips are isolated, but that is not true for the host 1174454457 M * slack101 affects all ip's ? 1174454467 M * Bertl the host can use _all_ ips 1174454473 M * slack101 ah 1174454474 M * slack101 yea 1174454474 M * slack101 ok 1174454475 M * slack101 so 1174454484 M * slack101 chage the host ? 1174454495 M * Bertl so, on the host, you want a ListenAddress 1174454504 M * slack101 like the main server ip ? 1174454511 M * Bertl inside the guest, the default is fine 1174454513 M * Bertl yes 1174454523 M * slack101 ok good 1174454524 M * slack101 and 1174454539 M * slack101 willl ssh start once booted now ? 1174454541 M * slack101 for the guest 1174454545 M * slack101 or do i have to add that too 1174454713 M * Bertl guest sshd should work fine, once the host sshd was restarted 1174454713 M * slack101 will it boot once the guest vserver is booted? 1174454749 M * slack101 CheckHostIP yes 1174454791 M * Bertl what will boot? 1174454806 M * slack101 when the guest vserver is booted 1174454811 J * ntrs_ ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1174454816 M * slack101 will sshd server boo automaically now since i have it installed? 1174454866 M * Bertl probably, if it is configured to do so (which is the default, IIRC) 1174454866 M * slack101 good good 1174454866 M * slack101 i think its all good to go 1174454866 M * slack101 for a test anyways 1174454885 M * slack101 once i get this how i want it ............can copy it for multiple ? 1174454942 M * Bertl yes, either with vserver build -m clone 1174454958 M * Bertl or by tar-ing up the guest and using the -m template method 1174454992 M * slack101 how do i go about taring it ? 1174454999 M * slack101 any special ways ? 1174455012 M * Bertl you probably want to specify --numeric-user 1174455029 M * Bertl as the guest distro will use different uid/gid than the host 1174455044 M * Bertl (and you don't want them to get mixed up :) 1174455050 M * slack101 i would tar up the guest one i just put on there 1174455184 M * slack101 ah crap 1174455190 M * slack101 i cant connect to the ip 1174455193 M * slack101 but 1174455198 M * slack101 the ip can connect ot the internet 1174455227 Q * ntrs Ping timeout: 480 seconds 1174455231 M * slack101 thats crap 1174455264 M * Bertl means? 1174455299 M * slack101 means i cant ping my server 1174455302 Q * softi42 Ping timeout: 480 seconds 1174455308 M * Bertl did you start it? 1174455309 M * slack101 ./ dont know why 1174455312 M * slack101 whihc ? 1174455313 M * slack101 the guest 1174455314 M * slack101 ? 1174455317 M * slack101 yea its running 1174455324 M * slack101 and it can connect to the nternet just fine 1174455325 M * Bertl I assume you are talking about the guest :) 1174455329 M * slack101 yea 1174455330 M * slack101 lol 1174455343 M * Bertl so the guest can reach the internet fine? 1174455348 M * slack101 yea 1174455349 M * slack101 well 1174455353 M * slack101 apt-get worked :)_ 1174455360 M * Bertl that is a good indication 1174455366 M * slack101 installed ssh 1174455368 M * slack101 :) 1174455381 M * Bertl but you cannot reach the guest with ping? 1174455391 M * slack101 nope 1174455400 M * Bertl firewall? 1174455417 M * slack101 i dont know 1174455425 M * slack101 i ave never used iptabes honslty 1174455431 M * slack101 this is my first server expeince sorta 1174455440 M * slack101 its all fine and dandy excpet for this 1174455469 M * Bertl well, what about ssh-ing to the guest? 1174455485 M * slack101 didnt connect 1174455490 M * slack101 is not reachable 1174455494 M * slack101 and ping doesnt wrk 1174455501 M * Bertl sounds like a firewall to me then 1174455513 M * slack101 how could i just disable real quick ? 1174455518 M * jkl Bertl: what is the quick and drity way to add an IP to a running vserver? 1174455543 M * Bertl jkl: naddress --add 1174455548 M * slack101 also doesnt this vps gets it own iptables .........i didnt configure nothing 1174455568 M * Bertl nope, Linux-VServer guests do not have iptables or routing tables 1174455578 M * Bertl the networking happens on the host 1174455589 M * slack101 ah 1174455600 M * slack101 each habve htier own ports though right ? 1174455610 M * Bertl on mandriva I would do /etc/init.d/iptables stop 1174455618 M * jkl Bertl: is that run on the host or in the guest 1174455634 M * Bertl slack101: they have their ips to bind to (it is isolation not virtualization) 1174455638 M * Bertl jkl: host 1174455743 M * slack101 hmmmm shit 1174455745 M * slack101 ok 1174455750 M * slack101 firewall was the problem 1174455760 M * slack101 but 1174455773 M * slack101 i went to the other ip and it took me to my real host 1174455800 M * Bertl via ssh? 1174455821 M * jkl Bertl: hmm, syntax is getting me down ... naddress --add --ip 1.2.3.4 vservername ?? 1174455830 M * Bertl naddress --help 1174455847 M * jkl haha, been there already. I'll do it the long way 1174455910 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174455929 M * slack101 Bertl: yea 1174455955 M * slack101 Bertl: i think i need to bind my real host ssh to my main ip 1174456005 M * Bertl slack101: and I would have sworn that I had mentioned that :) 1174456118 M * slack101 i dont have crap in the config on it though 1174456150 M * Bertl hmm? 1174456259 M * slack101 grrrr 1174456267 M * slack101 i need ot restart ssh dont i ? 1174456286 M * Bertl as I said half an hour ago :) 1174456324 J * ensc ~irc-ensc@p54b4da9d.dip.t-dialin.net 1174456377 M * slack101 lol 1174456384 M * Bertl ensc: ping? 1174456546 M * slack101 /etc/ssh/ssh_config: line 19: Bad configuration option: ListenAddress 1174456546 M * slack101 /etc/ssh/ssh_config: line 43: Bad configuration option: PermitRootLogin 1174456550 M * slack101 grrr 1174456577 M * jkl *sigh* enough for tonight. Goodnight. 1174456687 M * Bertl slack101: sshd not ssh :) 1174456703 M * slack101 huh? 1174456705 M * slack101 ooooooooo 1174456712 M * slack101 did i mess up something ? 1174456848 M * slack101 i dont have no sshd 1174457089 M * slack101 ssh: :69.64..6: Name or service not known 1174457098 M * slack101 damn 1174457312 M * Bertl are we talking about the guest now? 1174457341 M * Bertl did you restart it after restricting the host sshd? 1174457383 J * Aiken ~james@ppp250-73.lns2.bne4.internode.on.net 1174457388 M * slack101 yea 1174457392 M * slack101 and yes thats the guest 1174457403 M * slack101 i restricted\ 1174457407 M * slack101 and thats what i got ;) 1174457413 M * slack101 proof the restriction worked 1174457430 M * Bertl on guest startup, what was the output? 1174457442 M * slack101 letm e make sure its running 1174457444 Q * gerrit Ping timeout: 480 seconds 1174457466 M * slack101 ssh is not running 1174457488 Q * softi42 Ping timeout: 480 seconds 1174457550 M * Bertl check the logs, check if it was started and failed 1174457567 M * slack101 it said it started 1174457573 M * slack101 but when i go into top 1174457576 M * slack101 nothing is there 1174457581 M * slack101 well no ssh 1174457586 M * Bertl did you check the logs? 1174457593 M * slack101 where are they :) 1174457608 M * Bertl inside the guest in /var/log usually? 1174457631 M * Bertl a good start is /var/log/messages 1174457664 M * slack101 no errors 1174457725 M * slack101 this is interesting 1174457732 M * Bertl try to enter the guest and start it manually 1174457740 M * slack101 thats what im trying to do 1174457748 M * slack101 but i cant figure how t do it it in debian 1174457780 M * Bertl /etc/init.d/ssh start 1174457805 M * slack101 Starting OpenBSD Secure Shell server: sshd. 1174457809 M * Bertl isn't slackware also based on sysv? 1174457822 M * slack101 i never use ssh ;) 1174457831 M * Bertl i.c. ... 1174457835 M * slack101 :P 1174457838 M * slack101 i mean 1174457846 M * slack101 i do top and it still doesnt show it 1174457855 M * Bertl then it didn't start 1174457871 M * slack101 it didn't give me no error 1174457871 M * Bertl and it probably logged something to some log file 1174457890 M * Bertl debian's ssh script always says it started 1174457899 M * Bertl regardless of what error sshd encounters 1174457905 M * slack101 hmmm 1174457933 M * slack101 wonder what kind of error it could be :\ 1174457948 M * Bertl the typical one is that the ip is already used by the host 1174457955 M * Bertl (which should not be the case now) 1174457972 M * Bertl and as it works out of the box here, no idea ... 1174457981 M * slack101 where should i look for logs at ? 1174457987 M * Bertl /var/log 1174458061 M * Bertl okay, off for tonight ... have a good one everyone! 1174458067 N * Bertl Bertl_zZ 1174458072 M * slack101 yea man thinak s for your help 1174458082 M * slack101 your very helpful person :) 1174458097 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174458109 M * slack101 thanks alot 1174458658 J * gerrit ~gerrit@mobile-166-214-151-013.mycingular.net 1174459197 Q * softi42 Ping timeout: 480 seconds 1174459537 M * slack101 Bertl_zZ: i am going to bed ut it was 1174459537 M * slack101 Mar 21 06:39:06 tessster sshd[22760]: error: Bind to port 22 on 69.64.59.246 failed: Addr$ 1174459537 M * slack101 Mar 21 06:39:06 tessster sshd[22760]: fatal: Cannot bind any address. 1174459799 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174460576 M * daniel_hozac Bertl_zZ: you shouldn't configure stuff in the lib directory, that'll be overwritten when you upgrade. 1174461246 M * slack101 i reallly casnt get this ssh to start i have tried everything 1174461403 M * arachnist slack101: are you sure you've assigned 69.64.59.246 to vserver? 1174461404 M * daniel_hozac except bind the sshd on the host to the host's IP address, apparently. 1174461444 M * arachnist slack101: you need to make it listen on the address you've given it 1174461492 M * arachnist slack101: for example, if your vserver ip is 192.168.17.2 make it listen on 192.168.17.2 and redirect ports (hint: iptables) from host 1174461493 M * daniel_hozac no, you don't. 1174461498 M * arachnist no? 1174461505 M * daniel_hozac a guest is automatically limited to the addresses it is assigned. 1174461508 M * daniel_hozac that's kind of the point 1174461528 M * slack101 the guest is asinged a external ip 1174461557 M * slack101 i just dont get why it cant bind 1174461655 M * slack101 arachnist: that ip above is linked to the vserver a httpd server works ......and this ssh just wont bind 1174462017 J * sharkjaw ~gab@158.36.45.236 1174462079 Q * cdrx Ping timeout: 480 seconds 1174462151 Q * phreak`` Quit: leaving 1174462199 J * phreak`` ~phreak``@deimos.barfoo.org 1174462233 M * arachnist huh, lighttpd ftw! ;> 1174462292 M * daniel_hozac slack101: you're not running httpd on the host, right? 1174462454 J * ema ~ema@rtfm.galliera.it 1174463560 N * DoberMann_ DoberMann 1174464492 Q * softi42 Ping timeout: 480 seconds 1174465128 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174465223 N * DoberMann DoberMann[PullA] 1174465697 J * prae ~benjamin@foxhound.sherpadown.net 1174465827 J * cdrx ~legoater@blueice3n1.uk.ibm.com 1174466012 Q * softi42 Ping timeout: 480 seconds 1174466617 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174466883 Q * Aiken Remote host closed the connection 1174466923 N * DoberMann[PullA] DoberMann 1174466942 J * Aiken ~james@ppp250-73.lns2.bne4.internode.on.net 1174466999 Q * Aiken 1174467283 J * dna ~naucki@p54bcd961.dip.t-dialin.net 1174467897 Q * prae Quit: Pwet 1174468195 J * bonbons ~bonbons@83.222.39.9 1174468798 J * Aiken ~james@ppp250-73.lns2.bne4.internode.on.net 1174471267 J * meandtheshell ~markus@85-125-231-250.dynamic.xdsl-line.inode.at 1174471877 Q * ard Quit: My damn controlling terminal disappeared! 1174472050 J * lilalinux ~plasma@dslb-084-058-193-217.pools.arcor-ip.net 1174472105 Q * gerrit Ping timeout: 480 seconds 1174472129 J * ard ~ard@goatse.kwaak.net 1174472151 Q * cdrx Read error: Connection reset by peer 1174472962 Q * bon Quit: stfu&rtfm 1174473162 J * DavidS ~david@chello062178045213.16.11.tuwien.teleweb.at 1174473169 J * gerrit ~gerrit@mobile-166-214-043-069.mycingular.net 1174473579 J * kadeline ~agilles1@195.83.225.167 1174473581 M * kadeline hi 1174473875 J * chand ~chand@212.99.51.254 1174473895 M * kadeline I have a server with 4 CPU Intel(R) Xeon(TM) MP CPU 3.16GHz and 16G of RAM. In order to enjoy all the ram it has, i have to install the kernel-PAE.But the one patched with vserver just hangs after the message: Decompressing kernel ... OK Booting. 1174473912 M * kadeline Nothing happens next. 1174473937 M * kadeline i forgot to say it runs under fedora core 6. 1174473974 M * kadeline i tried the kernel-PAE which is not patched vserver and it boots well and detects the RAM. 1174474001 Q * shedi Quit: Leaving 1174474052 Q * softi42 Ping timeout: 480 seconds 1174474080 M * kadeline I saw that they have a different version. kernel not patched is kernel-PAE-2.6.19-1.2925.fc6 whereas patched kernel is kernel-PAE-2.6.19.2908.fc6.v2 . 1174474092 M * kadeline did anyone tried it? 1174474136 M * kadeline is there a patch i could apply to kernel-PAE-2.6.19-1.2925? 1174474424 M * kadeline i ll be back later.. 1174474430 J * cdrx ~legoater@cap31-3-82-227-199-249.fbx.proxad.net 1174474471 Q * lilalinux Remote host closed the connection 1174474663 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174475123 M * daniel_hozac kadeline: why doesn't the patched kernel-PAE work? 1174475135 M * mjt kadeline: does your server support 64bits? 1174475144 M * mjt that might be easier route... 1174475150 M * daniel_hozac i know i'm a bit behind on the kernels. 1174475198 M * mjt all that PAE etc stuff is just horrible... like himem/vcpi/younameit in old ms-dog days... 1174475206 M * daniel_hozac yep. 1174475271 M * mjt 64bits kernel works just fine with 32bits userland (and sometimes faster than 32bits kernel, too), and does not have all that crap. 1174475287 M * daniel_hozac it should be faster on x86_64. 1174475384 M * sid3windr dpmi ! 1174475393 M * sid3windr emm386 ! 1174475395 M * sid3windr dos4gw ! 1174475397 M * mjt yay! ;) 1174475399 M * sid3windr ms-dos rocked. 1174475403 M * mjt qemm386 1174475408 M * sid3windr now now 1174475410 M * sid3windr that was advanced :p 1174475418 M * sid3windr like desqview;) 1174475427 M * mjt i used it somewhat 1174475448 M * mjt heh 1174475460 M * mjt desqview is somehow similar with vserver 1174475488 M * sid3windr true =) 1174476209 Q * nou Ping timeout: 480 seconds 1174476868 Q * chand Ping timeout: 480 seconds 1174477040 J * shedi ~siggi@tolvudeild-195.lhi.is 1174478113 M * kadeline mjt: i m back.. 1174478224 M * kadeline daniel_hozac: : i don't know why the kernel doesn't boot 1174478226 A * DavidS notes the very small hamming distance between "rocks" and "sucks" (see also "DOS" vs. "DDoS" ;)) 1174478239 M * kadeline how could i know what happens? 1174478368 M * mjt kadeline: so, does your CPU support 64bit mode? If yes, that'd be the best way to solve all your PAE stuff. 1174478373 M * mjt but i repeat myself 1174478404 M * mjt (just in case -- 'lm' flag in /proc/cpuinfo means "long mode", i.e. x86-64) 1174478480 M * kadeline indeed i ve got lm flag 1174478494 M * kadeline so i can install a 64 bit kernel? 1174478501 M * mjt yes 1174478510 M * kadeline cool 1174478520 M * kadeline i ll try so 1174478527 M * mjt just don't forget to enable 32bit compat code in kernel config 1174478554 M * kadeline ok 1174478590 M * kadeline thanks for your help. 1174478940 M * mjt by the way 1174478941 M * mjt heh 1174478965 M * mjt anyone know if there are any issues with 32bits util-vserver and 64bits kernel? 1174478993 Q * ema Quit: leaving 1174479030 M * mjt (even if there are, it's definitely mych easier to find/fix than PAE stuff) 1174479254 M * kadeline (ok) :) 1174479986 M * daniel_hozac mjt: we tried it a while ago, it worked fine then. 1174480357 M * matti :) 1174480527 Q * softi42 Ping timeout: 480 seconds 1174480760 Q * gerrit Ping timeout: 480 seconds 1174481130 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174481375 J * gerrit ~gerrit@mobile-166-214-043-069.mycingular.net 1174481620 Q * Aiken Quit: Leaving 1174482137 Q * softi42 Ping timeout: 480 seconds 1174482397 Q * gerrit Ping timeout: 480 seconds 1174482752 J * softi42 ~softi@p549d5218.dip.t-dialin.net 1174482969 J * chand ~chand@212.99.51.254 1174483058 J * gerrit ~gerrit@mobile-166-214-043-069.mycingular.net 1174483888 Q * gerrit Ping timeout: 480 seconds 1174484638 N * Bertl_zZ Bertl 1174484842 J * nou Chaton@causse.larzac.fr.eu.org 1174485049 J * gerrit ~gerrit@mobile-166-214-043-069.mycingular.net 1174485690 Q * gerrit Ping timeout: 480 seconds 1174485970 P * kadeline 1174486110 J * Hargon ~derdritte@pd9eb1831.dip0.t-ipconnect.de 1174486141 Q * Hargon 1174487176 M * Bertl morning folks! 1174487184 M * Bertl daniel_hozac: ping? 1174487235 J * gerrit ~gerrit@mobile-166-214-062-223.mycingular.net 1174487254 M * Bertl welcome nou! 1174487377 M * DavidS hey Bertl! 1174487402 M * Bertl hey DavidS! how's going? 1174487560 M * DavidS I'm currently at home nursing a cold X-| 1174487575 M * Bertl eek, was that necessary? 1174487763 M * DavidS yeah .. it already started yesterday, but i had to go to my server who didn't come back after a reboot ... *shrug* life sucks and the you die :) 1174487773 M * DavidS how's your life at the moment? 1174487825 M * Bertl quite busy ... but otherwise fine ... 1174487865 M * Bertl Linuxsymposium accepted my paper, and now I have to finish it/find a way to actually get there :) 1174487889 M * DavidS ah, i usually equate busy with money or fun .. nothing bad ther :) 1174487933 M * Bertl yes, indeed ... 1174487948 M * DavidS http://www.linuxsymposium.org/2007/ ? 1174487967 M * Bertl yep 1174488171 M * DavidS nice ... 1174488249 M * Bertl indeed 1174488256 M * DavidS crazy question of the day: could vserver be used as a "paravirt" layer for e.g. KVM ? 1174488273 M * DavidS (and that without any drugs ;) 1174488281 M * Bertl like in a domU? 1174488327 M * Bertl (i.e. in case of doubt, please rephrase the question :) 1174488398 M * DavidS yes, but I guess it'd need too much in the way of deeper virtualization (especially network) and support for suspend/migrate to be really workable 1174488401 M * sid3windr never say no, always say why? 1174488453 M * Bertl DavidS: a Linux-VServer kernel works quite fine in a domU 1174488464 M * DavidS o, let me rephrase 1174488468 M * DavidS +k 1174488502 M * Bertl if the question is, can Linux-VServer benefit from KVM, then the answer is no 1174488532 M * Bertl we are not emulating or paravirtualizing any machines, so we do not have the problem VMMs have 1174488568 M * Bertl the Linux-VServer layer is between Kernel and Userspace (not between Kernel and Hardware) 1174488587 M * daniel_hozac Bertl: semi-pong. 1174488603 M * Bertl daniel_hozac: I have a serious issue with FC guest install here 1174488609 M * daniel_hozac oh? 1174488637 M * Bertl No dynamically linked rpm binary found; exiting... 1174488666 M * daniel_hozac and, do you have a dynamically linked rpm binary in your PATH? 1174488693 M * Bertl nope, I do not have one 1174488699 M * DavidS Let me start with basics: What is the difference between running a xen-paravirt-domU and a VServer compartment from the functional/management perspective? one of the few things that come to my mind is that the VServers can share IPs, and domUs are much less restricted (capabilities) 1174488716 M * DavidS and of course suspend/migrate 1174488736 M * Bertl DavidS: suspend/migrate is not a problem per se ... 1174488856 M * Bertl from the functional/management perspective there is not too much difference 1174488873 M * Bertl (at least from the user perspective) 1174488883 M * Bertl but the mechanisms are completely different 1174488944 M * Bertl Xen provides a 'virtual' machine (thus called virtual machine monitor) which can run an operating system on a hardware/software partition 1174488945 Q * sharkjaw Quit: Leaving 1174488960 M * DavidS true, my point now is, that it'd be really nifty to convince the kvm people to drop hunting true paravirt and instead integrate vserver into their tool set 1174488993 M * Bertl ahem, well, the kvm stuff is for running different operating systems on a machine 1174489013 M * DavidS _currently_ kvm can only do hardware virtualisation 1174489025 M * DavidS http://udrepper.livejournal.com/15795.html 1174489042 M * Bertl there is no real point in running the same Linux kernel over and over again, if all you want is running different userspaces 1174489045 M * DavidS but in the end they also aim to provide a full range of virtualisation 1174489069 M * Bertl that is new to me 1174489195 M * Bertl as far as I can tell, from patches, discussions and the API itself, KVM is for partitioning and support on the hardware layer 1174489213 M * Bertl (which is the other side of the kernel we are :) 1174489258 M * Bertl DavidS: where would I get one? and more important, why do I need one? 1174489276 M * Bertl s/DavidS/daniel_hozac/ *sorry* 1174489483 Q * shedi Quit: Leaving 1174489768 M * Bertl daniel_hozac: where would I get one? and more important, why do I need one? (in case you missed that) 1174489916 M * daniel_hozac Bertl: most rpm's should be dynamically linked. 1174489999 M * Bertl well, mine is not :) 1174490041 M * Bertl daniel_hozac: so do I really have to install a special rpm on an rpm based distro to install rpm based guests? 1174490278 M * daniel_hozac yes. 1174490307 M * daniel_hozac otherwise rpm-fake.so can't add its hooks to trap execve and similar. 1174490316 M * daniel_hozac so scriptlets would be run on the host. 1174490336 M * Bertl and that works for debootstrap? 1174490344 M * harry how can i mount /dev/shm in a running vserver? 1174490358 M * harry i get an error since last kernel update 1174490360 M * Bertl harry: enter the namespace, do it there 1174490370 M * daniel_hozac i guess debootstrap just does its thing inside the guest. 1174490374 M * harry invalid argument at ... 1174490384 M * daniel_hozac harry: at? 1174490411 M * harry luditapp1:/# mount -t tmpfs tmpfs /dev/shm/ 1174490411 M * harry mount: permission denied 1174490418 M * harry daniel_hozac: something otrs 1174490423 M * harry Log.pm line 153 1174490428 M * harry it's a shmwrite 1174490495 Q * gerrit Ping timeout: 480 seconds 1174490510 M * Bertl daniel_hozac: and what's thre problem with having a preload library for static executables? 1174490519 M * daniel_hozac Bertl: umm, they don't work? : 1174490520 M * daniel_hozac ) 1174490539 M * Bertl hmm, right... 1174490566 M * Bertl I see a big problem coming up ... 1174490600 M * Bertl yum, apt-rpm, rpm based distros not working soon ... 1174490617 M * daniel_hozac hmm? 1174490631 M * Bertl well, the static rpm is something new 1174490653 M * Bertl but I doubt it comes out of nowhere ... i.e. there is probably a good reason for it 1174490679 M * daniel_hozac well, rpm is rather crucial to system recovery. 1174490701 M * daniel_hozac i guess someone thought it was wise to link it against libraries in /usr without moving the libraries to /lib :) 1174490718 M * mjt it isn't only that 1174490757 M * mjt i once tried to recover a redhat install (rh 6.2 if memory serves me right) where a friend of mine did an upgrade of glibc, which failed half way. 1174490778 M * mjt there was no /lib/ld-linux.so 1174490796 M * Bertl daniel_hozac: so I see that as early warning (although mandriva uses a static rpm since 2007.0, now 2007.1) ... and I think we have to prepare for that (i.e. find a workaround) 1174490823 M * daniel_hozac well, i'm not sure what that workaround would be. 1174490834 M * harry workaround??? fix! :) 1174490835 M * daniel_hozac unless we add rootkit stuff :) 1174490836 M * mjt . o O { ptrace } 1174490838 M * Bertl daniel_hozac: back to my original question, why do we need the changes for rpm but not for debootstrap? 1174490855 M * daniel_hozac probably because nobody has done it for debootstrap. 1174490875 M * daniel_hozac i.e. since Enrico uses rpm-based guests, that's what has gotten the most attention :) 1174490875 M * Bertl ahem? but obviously it works there? 1174490889 M * daniel_hozac does it? do scriptlets run in the guest context? 1174490905 Q * michal` Ping timeout: 480 seconds 1174490968 M * harry any ideas why i cant do a shmwrite inside a vserver? 1174490990 M * mjt because you don't have shmfs mounted? 1174490995 M * Bertl daniel_hozac: no idea, but the guest do get installed and up to now, they didn't hurt the host 1174491005 M * harry and how do i mount that in a running vserver? 1174491008 J * shedi ~siggi@ftth-237-144.hive.is 1174491010 M * daniel_hozac Bertl: but isn't it possible that they do? 1174491011 M * harry legolas:/proc# vserver luditapp1 exec mount -t tmpfs tmpfs /dev/shm/ 1174491011 M * harry mount: permission denied 1174491022 M * Bertl daniel_hozac: maybe, you (or ensc) tell me 1174491032 M * mjt mount *inside* a vserver is forbidden, for a good reason 1174491035 M * Bertl daniel_hozac: but if, then I do not understand why 1174491041 M * daniel_hozac Bertl: also note that vrpm is used for external package management, and not only install. 1174491058 M * harry mkay, so HOW do i do that then? 1174491065 M * Bertl daniel_hozac: it should not pose any problem to enter the guest context, even the guest namespace and do the work there 1174491069 M * harry chbind is for network stuff iirc 1174491090 M * daniel_hozac harry: vnamespace. 1174491094 M * mjt 18:19 < Bertl> harry: enter the namespace, do it there 1174491109 M * daniel_hozac Bertl: ok, true enough. 1174491111 M * Bertl daniel_hozac: you probably want to do that for rpm too, otherwise you will miss the network space/bindings on e.g. apache restart 1174491124 M * daniel_hozac Bertl: vrpm already does chbind. 1174491146 M * daniel_hozac i guess i'll have to revisit it to see what it does that we can't do by simply entering the contexts/namespaces earlier. 1174491171 M * DavidS harry: and add it to the fstab in /etc/vserver/$name 1174491176 M * Bertl please do that, otherwise I see Linux-VServer going back to template and debian installs RSN :) 1174491191 M * Bertl (which would be a real shame :) 1174491199 M * harry http://pastebin.ca/405157 1174491222 M * harry i want to test it first, off course :) 1174491231 M * Bertl daniel_hozac: maybe ensc is around at some point and can shed some more light on it 1174491262 M * harry ==> not visible in namespace 1174491291 M * DavidS mount reads /etc/mtab 1174491303 M * Bertl harry: you have been deceived :) 1174491312 M * Bertl harry: use cat /proc/mounts 1174491341 M * Bertl (or hand edit /etc/mtab to your likings :) 1174491407 M * mjt anyone know how scalable linux mount, namespaces etc stuff is? I mean, if I have LOTS of filesystems with lots of bind-mounts and whatnot... 1174491452 M * mjt ie, to the level of: it hurts, it hurts a bit, or it doesn't matter? 1174491471 J * michal` ~michal@www.rsbac.org 1174491472 M * Bertl well, for every bind mount, you will get a struct vfsmount in the kernel 1174491500 M * Bertl and one additional step when looking up pathes 1174491537 M * mjt struct vfsmount is always in memory (unlike directories/inodes on a disk-based filesystem) 1174491747 M * mjt for example. Suppose i'm running squid cache (which means alot of filesystem access). I can mount its cache from disk inside the vserver, or i can mount it on host and bind-mount it in vserver. 1174491766 M * harry tnx all! 1174491813 M * Bertl yes, like dentries 1174491813 M * Bertl but it is only a bunch of bytes, so not _that_ much actually 1174491813 M * Bertl of course, bind mounting single files (of a guest for example) sums up quite fast 1174491813 M * Bertl mjt: both will have the same result 1174491813 M * Bertl mjt: you get a new vfsmnt entry and that's it 1174491814 M * Bertl mjt: it would be different if you --bind mounted each file squid has created so far :) 1174492016 M * mjt aha 1174492016 Q * baldy_ Read error: Connection reset by peer 1174492027 Q * softi42 Ping timeout: 480 seconds 1174492027 M * mjt damn laggy network.. :) 1174492040 M * mjt thanks 1174492044 M * Bertl np 1174492093 Q * er Read error: Connection reset by peer 1174492121 J * er ~yakker@aegis.CS.Princeton.EDU 1174492155 M * mjt is there some umm... documentation somewhere about how vserver command works? I mean, what steps are done to start new vserver and to enter it, stuff like that... The script itself is waay too complex ;) 1174492186 Q * pflanze Remote host closed the connection 1174492198 M * mjt (i tried bash -x on it, that helps a bit, but still too much stuff to browse ;) 1174492519 Q * s0undt3ch Quit: leaving 1174492639 J * softi42 ~softi@p549D5218.dip.t-dialin.net 1174492938 M * mjt or maybe... how about an option to have a script in, say, /etc/vservers/$foo/scripts/start, which, if exists, will be exec'ed instead of all the other stuff being done? 1174493044 M * mjt all this configuration become too complex (to my taste anyway). For me, it's much simpler and understandable to have a series of commands (vnamespace, mount+, chbind, setcaps, and finally exec /sbin/init[whatever]) 1174493116 M * Bertl you can do it that way if you like 1174493126 M * mjt sure 1174493133 M * Bertl you can even get away with a single tool (vcmd) 1174493133 M * mjt the only prob is to know WHAT to do ;) 1174493268 M * mjt i'm reading output of `bash -x vserver start' now 1174493279 M * slack101 Bertl: you up :) 1174493279 M * Bertl run the vserver command with --debug, check the very long line at the end 1174493279 M * Bertl slack101: nope, I'm sleeping :) 1174493279 M * Bertl slack101: what's up? 1174493279 M * slack101 i got alot of stuff working 1174493279 M * slack101 httpd 1174493279 M * slack101 etc 1174493279 M * slack101 but ssh 1174493292 M * slack101 i found the error ..........says cannot bind address 1174493310 M * Bertl they you still have an sshd running somehwere else 1174493320 M * Bertl (probably on the host) binding that ip/port 1174493367 M * mjt /usr/bin/nice -n 0 /usr/sbin/chbind --silent --secure --nid 101 --ip 192.168.11.5/32 -- /usr/lib/util-vserver/exec-ulimit /etc/vservers/squid/ulimits /usr/sbin/vcontext --create --silent --xid 101 -- /usr/sbin/vnamespace --set -- /usr/sbin/vlimit --dir /etc/vservers/squid/rlimits --missingok -- /usr/sbin/vsched --xid self --force -- /usr/sbin/vuname --xid self --dir /etc/vservers/squid/uts --missingok -- /usr/sbin/vuname --xid self --set -t context=/etc/vservers/s 1174493374 M * mjt oops 1174493377 M * mjt sorry about that. wrong window 1174493403 M * Bertl slack101: check with 'lsof -i :22' (on the host 1174493419 M * slack101 well yea the host does have sshd 1174493427 M * Bertl mjt: but yes, that is what you want to do (roughly) 1174493442 M * Bertl slack101: yeah, but we are interested in the (LISTEN) line 1174493466 M * Bertl slack101: if it shows *:ssh then you are still binding _all_ ips 1174493502 M * Bertl (which will keep any guest from using their ip for sshd) 1174493542 J * gab ~gab@c51008D71.inet.catch.no 1174493558 M * Bertl wb gab! 1174493589 M * slack101 actually 1174493590 M * slack101 lol 1174493602 M * slack101 i was running that on my desktop system .......ooops 1174493608 M * slack101 but command not found on the host ;) 1174493622 M * Bertl then you want to install it :) 1174493637 M * slack101 is it called lsof ? 1174493676 M * Bertl it's your distro .. no idea how the package is called there ... (if the distro uses packages at all) the tool is called lsof 1174493716 M * slack101 yea i installed 1174493723 M * slack101 emerge lsof :) 1174493763 M * slack101 sshd 4347 root 3u IPv6 7762 TCP *:ssh (LISTEN) 1174493763 M * slack101 sshd 4595 root 3u IPv6 8075 TCP dfdfdd.net:ssh->cpe-71-65-58- 1174493784 M * mjt netstat is useful for that too 1174493787 M * mjt netstat -tlp 1174493811 M * mjt but the thing is that your sshd is listening on a wildcard address 1174493813 M * Bertl slack101: see, so you still haven't restricted the host sshd 1174493827 M * slack101 i thought i did 1174493907 M * slack101 oops had a # in front of it 1174493952 M * slack101 rebooting server 1174493962 M * mjt heh 1174493962 J * gerrit ~gerrit@mobile-166-214-138-220.mycingular.net 1174493975 M * Bertl slack101: actually do a restart of the host sshd would suffice 1174493977 M * mjt that's quite a... large hammer ;) 1174493978 M * slack101 havent rebooted in a while anyways 1174493989 M * slack101 like weeks ish 1174494018 M * Bertl 17:20:09 up 42 days, 15:17, 20 users, load average: 0.00, 0.02, 0.01 1174494023 M * Bertl (my laptop :) 1174494041 M * slack101 lol 1174494043 J * pcdog ~pcdog@82.197.169.75 1174494052 M * Bertl welcome pcdog! 1174494084 Q * pcdog 1174494086 M * mjt 19:21 up 253 days, 5:12, 1 user, load averages: 0,17 0,19 0,22 1174494096 M * mjt FreeBSD minesweeper.caravan.ru 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #0: Wed Sep 17 02:12:06 MSD 2003 1174494101 M * mjt ;) 1174494121 M * Bertl your lapop? 1174494127 Q * gab Ping timeout: 480 seconds 1174494131 M * slack101 sshd 4340 root 3u IPv4 7837 TCP baxxxxx.serxxxxxxnet:ssh (LISTEN) 1174494131 M * slack101 sshd 4600 root 3r IPv4 8152 TCP xxxxxxx.serverxxxxxu.net:ssh->cpe-7x-65-x8-2x.insig 1174494140 M * slack101 i think its goo to go now 1174494149 M * Bertl yep 1174494152 M * mjt they turned it off 253 days ago, briefly -- because they unplugged the power plug. It had about 500days uptime before 1174494197 M * slack101 lol 1174494201 M * slack101 still no ssh in the top 1174494205 M * mjt (it urgently needs upgrading - that kernel is BUGGY) 1174494235 M * slack101 Mar 21 16:22:32 tessster sshd[4716]: fatal: Cannot bind any address. 1174494246 M * slack101 should i speeicify the address to bind ? 1174494267 M * Bertl nope, inside the guest, you leave it at defaults 1174494285 M * slack101 yea i already messed with it alot though 1174494287 M * Bertl but restart the guest or the sshd inside 1174494300 M * slack101 should i just re install ? 1174494302 M * Bertl you might want to uninstall and reinstall it them 1174494308 M * mjt will it be difficult to "hide" vserver-specific IP addresses from host, so that wildcard listeners will skip vserver-specific addresses? 1174494318 M * Bertl slack101: make sure to remove the config files in etc 1174494324 M * slack101 apt-get uninstall ssh ? 1174494335 M * DavidS apt-get --purge remove ssh 1174494343 M * Bertl mjt: it is not practicable from the isolation PoV 1174494344 M * DavidS will remove ssh with all(!) configuration 1174494345 M * mjt it's remove, not uninstall 1174494372 M * slack101 so now all configuration is gone ? 1174494396 M * mjt you have no /etc anymore! ;) 1174494458 M * slack101 still didnt work 1174494459 M * slack101 hmmmmm 1174494494 M * slack101 still cant bind address 1174494525 M * Bertl what does ifconfig show inside the guest? (use paste.linux-vserver.org) 1174494534 M * slack101 i think i know why 1174494550 M * slack101 all my ips are using the same reverse address 1174494561 M * Bertl hmm? 1174494562 M * slack101 dfsdfds.dfdfsd.net 1174494565 M * mjt reverse address? 1174494588 M * slack101 sshd 4340 root 3u IPv4 7837 TCP balder263.serxxxxxxx.net:ssh (LISTEN) 1174494598 M * slack101 all using that 1174494606 M * mjt and so? 1174494613 M * slack101 i mean ? 1174494618 M * slack101 they are all using the same thing 1174494633 M * mjt how about netstat -tln? 1174494658 M * slack101 yep 1174494668 M * slack101 the ip i am trying to bind is not there though 1174494706 M * mjt . o O { netstat should NOT resolve addresses to names by default. But oh well.. } 1174494741 M * slack101 all my ip's are using the same damn reverse address 1174494744 M * slack101 i think thats a problem 1174494748 M * mjt it's not 1174494757 M * slack101 o? 1174494772 M * slack101 casue it says its listening in 1174494779 M * slack101 reverseaddress.dddd.net 1174494781 M * harry 17:32:59 up 318 days, 20:48, 5 users, load average: 0.08, 0.04, 0.01 1174494784 M * harry bling! :) 1174494788 M * slack101 and all the ip';s are ysing that 1174494810 M * mjt ugh 1174494820 J * gab ~gab@c51008D71.inet.catch.no 1174494825 M * mjt but are they different (the addresses), or is it the same IP? 1174494835 M * mjt how you named them is irrelevant 1174494840 M * slack101 o? 1174494887 Q * gab 1174494888 M * mjt just forget about names, and use IP addresses everywhere for now. netstat -n 1174494895 M * Bertl slack101: fact is, something (either the host or some other guest) is either using the ip you assigned to the guest in question (for sshd) or the ip you want the sshd to bind to is not assigned to the guest at all (depends on the actual error) 1174494902 J * gab ~gab@c51008D71.inet.catch.no 1174494942 M * mjt slack101: that stuff - balder263.serxxxxxxx.net - is a name assigned to some IP address in your DNS (it's called "PTR record", or reverse DNS) 1174494950 M * slack101 yes 1174494958 M * slack101 but it resolves to that 1174494967 M * slack101 when i so lsof 1174494968 M * mjt having a name for every IP address is easy sometimes 1174494973 M * slack101 it says its listenign n that address 1174494985 M * mjt but the main thing is the ADDRESS ITSELF, not the name you assigned to it in DNS 1174495006 M * mjt tell "it" to show the actual address, instead of that name 1174495006 M * Bertl slack101: try lsof -ni 1174495037 M * mjt wug. 1174495038 M * slack101 yes that correct 1174495046 M * slack101 the ip i want 1174495057 M * mjt sug. 1174495057 M * slack101 im saying 1174495061 M * slack101 no guest ip there 1174495068 M * slack101 just the host one i assgined 1174495072 M * mjt aha 1174495109 M * mjt so now look which addresses are available inside the vserver (ifconfig inside vserver) 1174495114 M * slack101 but i was saying since they are all using the same reverse address then that could be a problem 1174495131 M * Bertl slack101: which is wrong. period. 1174495137 M * slack101 WTF 1174495141 M * slack101 my other IP is not there 1174495142 M * slack101 !!!!!!!!!!!! 1174495144 M * slack101 WTF 1174495147 M * slack101 it was there yeterday 1174495148 M * mjt it's not "reverse address". Please don't invent the wrong terms 1174495154 M * slack101 sorry 1174495163 M * mjt because it's not Address at all 1174495174 M * slack101 ah 1174495179 M * mjt it's a name. Address is like 1.2.3.4 1174495183 M * slack101 yea 1174495188 M * slack101 welll the ip is not there 1174495191 M * slack101 just my main host ip 1174495200 M * slack101 but the other ip was there yesterday 1174495200 M * Bertl inside the guest? 1174495206 M * slack101 no this is on host 1174495218 M * mjt in dns terms it's a PTR record. Many people refers to that stuff as "reverse DNS", or just a "name for that IP" 1174495238 M * Bertl ah, okay, then configure the ip (or add the interface to the config, so that the tools will configure it for you) 1174495238 M * slack101 but its goo ot have them diffeent for each ip right ? 1174495270 M * mjt it depends 1174495276 M * Bertl I guess google.com thinks different :) 1174495279 M * mjt and doesn't usually matter 1174495306 M * mjt kernel who does the TCP/IP things doesn't even know ANYTHING about names 1174495337 M * mjt sshd may be interested to resolve a name to an IP, if you told it to listen on somethig referring to it by name 1174495353 M * mjt ditto for ifconfig 1174495382 M * Bertl (or for the logs) 1174495464 M * mjt that's different. to say, reverse name isn't relevant for bind() call 1174495469 M * mjt usually anyway ;) 1174495478 M * slack101 yea 1174496045 Q * dhansen Ping timeout: 480 seconds 1174496217 M * slack101 how did the ip remove itelf ? 1174496245 M * slack101 wtf 1174496247 M * slack101 nevermind 1174496254 M * slack101 when i do in the guest 1174496261 M * slack101 and do a ifconfig the ip is there 1174496289 M * Bertl Q: 'how did the ip remove itelf ?' A: it didn't :) 1174496298 M * Bertl slack101: good, now try with the sshd 1174496334 M * slack101 but when i do ifconfig in the host it doenst show it 1174496341 M * Bertl that's okay 1174496343 M * slack101 just the main ip of the server 1174496349 M * slack101 before it showed both 1174496355 M * Bertl ifconfig is old and somewhat blind 1174496358 J * s0undt3ch ~s0undt3ch@80.69.34.154 1174496362 M * Bertl use 'ip addr ls' 1174496374 M * slack101 http://phpfi.com/218062 1174496410 M * Bertl ah, now we finally know your ip :) 1174496433 M * slack101 it shows it there 1174496456 M * slack101 lol damn 1174496551 M * slack101 so what should i do ? 1174496563 M * Bertl nothing, everything is fine 1174496575 M * Bertl as I said, use 'ip addr ls' to see more 1174496576 M * mjt 6x.6x.59.x55 1174496580 M * slack101 lol 1174496657 M * slack101 stillllll nothing 1174496672 M * slack101 this just keeps getting better 1174496721 M * slack101 Bertl: anymore ideas? 1174496741 M * Bertl what nothing? 1174496767 M * Bertl upload the output of 'ip addr ls' on the host 1174496776 M * mjt and the same on the guest 1174496779 M * Bertl and inside the guest (ifconfig for the guest will do) 1174496782 M * slack101 btw do you know the restart script for debian ? 1174496792 M * mjt shutdown -r? 1174496800 M * lylix Bertl: g/a 1174496802 M * slack101 sorry 1174496806 M * slack101 for sshd 1174496818 M * mjt /etc/init.d/sshd 1174496820 M * lylix maybe give you an acedemic break for a minute :) 1174496833 M * Bertl lylix: sure ... 1174496837 M * lylix http://lx-vs.net/vserver/ 1174496844 M * lylix checkout server_udp.c 1174496848 M * slack101 mjt: no uch file 1174496868 M * slack101 just ssh 1174496871 M * slack101 no sshd 1174496887 M * mjt well it's in /etc/init.d/ssh 1174496893 M * lylix if you run `nc -l -u -p 4569` in one vserver 1174496894 M * slack101 ./etc/init.d/ssh 1174496906 M * mjt lol 1174496933 M * lylix and then run this C server as `a.out 4569`, and the bind will fail 1174496933 M * mjt it really depends on where your current dir is.. ;) 1174496945 M * lylix in another vserver w/ 2+ IPs that is 1174496962 M * Bertl lylix: okay, will look into it in a few minutes 1174496975 M * Bertl lylix: sounds like we finally can recreate it ... 1174496998 M * slack101 stillll cannot bind addresss 1174497034 M * mjt whois lx-vs.net 1174497037 M * mjt oops 1174497044 M * mjt wrong window again 1174497093 M * lylix jsut a domain i have :) 1174497112 M * slack101 Bertl: theres that 1174497114 M * slack101 http://phpfi.com/218064 1174497256 M * mjt slack101: that looks ok 1174497266 M * mjt now, where's your sshd (on host) listening? 1174497274 M * mjt on .10 ? 1174497289 M * slack101 no 1174497292 M * slack101 thats host 1174497296 M * slack101 .246 1174497305 Q * andres 1174497312 M * mjt you've 'host' and 'guest' or 'vserver' 1174497316 Q * meandtheshell Remote host closed the connection 1174497323 M * slack101 huh? 1174497343 M * mjt see your last paste - you refer to them as "guest >>" and "host >>" 1174497377 M * mjt .246 is your guest IP, where your guest sshd should be listening 1174497385 M * mjt so your host sshd should be listening on .10 1174497409 M * slack101 yes 1174497410 M * mjt and definitely not on .246 1174497411 M * slack101 right now 1174497421 M * slack101 theres ony one sshd running 1174497424 M * slack101 on host 1174497425 M * slack101 .10 1174497431 M * slack101 the .256 wont start 1174497451 M * mjt ok 1174497466 M * mjt so the IP config looks correct at least, and host sshd config too 1174497470 M * Bertl .256? 1174497476 M * mjt 246 1174497482 J * meandtheshell ~markus@85-124-175-23.dynamic.xdsl-line.inode.at 1174497490 M * mjt typo? 1174497516 M * mjt well, x.x.x.256 is not a valid ip address anyway - inet_aton() will barf 1174497553 M * mjt or _pton() for that matter 1174497598 M * mjt ok 1174497613 M * mjt how about `strace -e bind sshd -D' on guest? 1174497644 M * Bertl yes, that would be interesting to get the exact error 1174497658 M * slack101 huh? 1174497662 M * slack101 its not running though ? 1174497662 M * mjt and the actual arguments 1174497690 M * mjt is it a question? 1174497697 M * mjt we've no idea if it's running or not 1174497698 M * Bertl actually you want to do strace -fF -o ssh.trace /etc/init.d/ssh start 1174497708 M * mjt that's overkill Bertl 1174497730 M * Bertl mjt: do I know where debian puts the sshd :) 1174497742 M * mjt strace will find it in $PATH 1174497767 M * Bertl okay, assumed that is true, then do 'strace -fF -o ssh.trace sshd 1174497774 M * mjt it's in /usr/sbin/ 1174497866 M * mjt it was a slow evening... 1174497873 A * mjt goes home... 1174497884 M * Bertl mjt: k, cya! 1174497912 M * mjt it's 20:25 here now, and i'm still in office!.. ;) 1174497919 M * Bertl OMG! 1174497950 M * mjt i still have a chance to meet kids before they will go to bed... 1174497988 M * slack101 great 1174497994 M * slack101 i dont have strace either 1174497996 M * Bertl mjt: then do that! 1174498026 A * slack101 has no kid 1174498030 M * slack101 kids* 1174498137 M * slack101 sshd re-exec requires execution with an absolute path 1174498137 M * slack101 Process 10582 detached 1174498195 M * Bertl hehe, so much for path ... 1174498206 M * Bertl 'strace -fF -o ssh.trace /usr/sbin/sshd 1174498219 M * slack101 ok 1174498222 M * slack101 didnt do anything 1174498232 M * Bertl oh yes, it did write the ssh.trace file 1174498240 M * Bertl which you now can upload somewhere 1174498243 M * slack101 in the dir i am in 1174498249 M * Bertl I'd say so 1174498306 M * slack101 do you know how to select all in nano :) 1174498348 M * Bertl I don't use nano ... but better upload the entire file somewhere 1174498357 M * Bertl most pastebins will reject so much data 1174498525 M * slack101 grrrrr 1174498533 M * slack101 tryin to transfer the file with limited toooools 1174498544 M * Bertl hmm, scp? 1174498549 M * slack101 scp? 1174498550 M * slack101 :P 1174498566 J * dreamind ~dreamind@p54A7A423.dip0.t-ipconnect.de 1174498639 M * slack101 go it with sftp 1174498683 Q * Johnnie Ping timeout: 480 seconds 1174498698 Q * chand Quit: chand 1174498731 M * Bertl lylix: ping? 1174498790 M * lylix yep 1174498798 M * Bertl http://paste.linux-vserver.org/1337 1174498808 M * slack101 http://phpfi.com/218079 1174498815 M * slack101 Bertl: ^^ 1174498818 M * Bertl lylix: a quite leet posting ... glad I made it :) 1174498853 M * Bertl lylix: this works perfectly fine here with 2.6.19.7-vs2.2.0-rc19 and util-vserver 0.30.213-rc4 1174498862 M * Bertl lylix: what am I missing? 1174498951 M * Bertl slack101: 6x.6x.5x.10 is your host, right? 1174498959 M * slack101 ye 1174498968 M * Bertl so why is the guest trying to bind to that? 1174499003 M * slack101 OMFG 1174499007 M * slack101 i didit in host 1174499008 M * Bertl more important, why does it say EADDRINUSE, which would suggest that you did assign that ip to the guest? 1174499019 M * slack101 i did it in host 1174499021 M * slack101 man im stupi 1174499021 M * Bertl okay, then redo inside the guest please :) 1174499083 J * jmcaricand ~kvirc@d90-144-70-86.cust.tele2.fr 1174499089 M * Bertl wb jmcaricand! 1174499099 M * jmcaricand Hello 1174499163 M * slack101 where are all the vserver files stored? 1174499168 M * slack101 so i can just go grab the file 1174499240 M * Bertl usually /vservers/ 1174499267 M * jmcaricand slack101: /var/lib/vservers in debian 1174499363 M * lylix Bertl: with you in a minute 1174499417 M * slack101 http://phpfi.com/218082 1174499429 M * slack101 it was /vservers 1174499554 M * Bertl slack101: you sure that is complete? 1174499573 M * Bertl (and with -fF ?) 1174499605 M * Bertl because it didn't even try to bind anything ... 1174499639 M * Bertl (it did write a log message though) 1174499742 M * slack101 yea man 1174499789 M * slack101 strace -fF -o ssh.trace /usr/sbin/sshd 1174499794 M * slack101 Bertl: thats what i did 1174499819 M * slack101 a ssh server running on the host is not a problem is it ? 1174499873 M * Bertl nope, when it is restricted to the host ips, it will not affect guests with non-host ips 1174499899 M * slack101 ok 1174499902 A * slack101 crys 1174499948 M * slack101 i am just in a predicate now arent i 1174499980 M * Bertl what does 'ip addr ls' (on host and guest) show? 1174499992 M * Bertl (please upload that to a pastebin) 1174499999 M * slack101 i did remember 1174500010 M * slack101 one was ip addr 1174500014 M * slack101 and the other was ifconfig 1174500037 M * Bertl can't hurt to install 'iproute2' inside the guest too 1174500066 M * slack101 i have to install this stuff 1174500106 M * slack101 do you know what thier main packae names are ? 1174500128 M * Bertl iproute2 IIRC 1174500153 M * slack101 not there 1174500207 M * slack101 i installed 1174500209 M * slack101 just 1174500211 M * slack101 iproute 1174500221 M * slack101 bad? 1174500221 N * DoberMann DoberMann[PullA] 1174500229 M * Bertl probably fine 1174500241 M * slack101 what the comand ? 1174500243 M * slack101 iproute ? 1174500253 M * Bertl 'ip addr ls' 1174500309 M * slack101 can i pm it to you ? 1174500311 M * slack101 not that long 1174500352 M * slack101 http://phpfi.com/218087 1174500409 M * Bertl that's on the guest, yes? 1174500429 M * slack101 yes 1174500449 M * Bertl and for the host? and what does 'lsof -ni :22' return on the guest 1174500453 M * lylix Bertl: following your exact test case, when i run the second onvocation of chbind (chbind --nid 1112 --ip 10.0.0.11/24 --ip 10.0.0.12/24 -- /tmp/server_udp 1000 &): 1174500459 M * lylix binding: Address already in use 1174500467 M * Bertl lylix: what kernel again? 1174500469 M * daniel_hozac lylix: do you also get that with the latest version? 1174500469 M * lylix so there is something not right here... 1174500491 M * slack101 Bertl: did nothing 1174500494 M * lylix 2.6.19-vs2.3.0.6 on this system, i will test elsewhere on a 2.2.0 system 1174500501 M * daniel_hozac we fixed a UDP socket binding bug in 2.2.0-rc13 according to the ChangeLog. 1174500515 M * Bertl yep, and the 2.3 branch is not updated yet 1174500531 M * lylix are you kidding!! 1174500532 M * lylix lol 1174500541 M * slack101 http://phpfi.com/218088 Bertl < host 1174500555 M * daniel_hozac lylix: there's a reason we ask you to test with the most recent version, you know :) 1174500589 M * Bertl slack101: you are using different/overlaping ip ranges? 1174500619 M * lylix understood... :/ 1174500634 M * slack101 Bertl: i dont know ............this guy addeed the ip 1174500637 M * Bertl slack101: 1174500637 M * Bertl 6x.6x.58.10/23 1174500637 M * Bertl 6x.6x.59.246/24 1174500647 M * Bertl 58.10 and 59.246? 1174500651 M * slack101 no 1174500655 M * slack101 just the 246 1174500657 J * dhansen ~dave@bi01p1.co.us.ibm.com 1174500663 M * slack101 welll maybe the other 23 1174500679 M * Bertl slack101: yes, but the ranges are overlaping one is /23 and the other /24 1174500687 J * yarihm ~yarihm@whitehead2.nine.ch 1174500705 M * Bertl wb dhansen! yarihm! 1174500717 M * lylix k, i see 2.2.0_rc16 in portage... so based on the above should have the UDP fix... 1174500722 M * lylix ill give a wack now 1174500737 M * Bertl lylix: better whack rc19 instead :) 1174500760 Q * michal` Ping timeout: 480 seconds 1174500793 M * slack101 Bertl: outoing internet still works 1174500817 M * slack101 so basically the ip is not setup right 1174500818 M * slack101 ? 1174500873 M * Bertl well, that is probably not the actual issue, but it definitely looks weird and might cause all kind of other issues 1174500883 M * slack101 o boy 1174500898 M * slack101 well how do i go about fixing this ?. 1174500900 M * Bertl what about the 'lsof -ni :22' inside the guest? 1174500909 M * slack101 does nothng 1174500924 M * Bertl okay, then let's try the following on the host: 1174500934 M * slack101 ok 1174500953 M * lylix Bertl: is chbind in your file repo? 1174500973 M * slack101 sshd 4340 root 3u IPv4 7837 TCP 69.6x.58.x0:ssh (LISTEN) 1174500973 M * slack101 sshd 4600 root 3u IPv4 8152 TCP 6x.64.5x.10:ssh->71.6x.58.x5:52572 (ESTABLISHED) 1174501038 M * Bertl lylix: means? 1174501046 M * lylix hmm, n/m, think i found the vcc equlivalent 1174501069 M * Bertl lylix: chbind is part of util-vserver ... 1174501082 M * slack101 this seeems like a bad problem to have 1174501115 M * slack101 the http sver wokrs though Bertl 1174501137 M * lylix yep, looks like `nx` will do the same 1174501151 M * Bertl slack101: yes, IMHO everything is working and some server is still listening on the guest ip 1174501164 M * slack101 how? 1174501173 M * slack101 lsof shows nothing 1174501188 M * Bertl slack101: no idea ... 1174501201 M * slack101 :( 1174501211 J * michal` ~michal@www.rsbac.org 1174501219 M * Bertl daniel_hozac: is chbind --nid 1 supposed to do the right thing? 1174501230 M * daniel_hozac i think so. doesn't it? 1174501231 M * Bertl wb michal`! LTNS! 1174501239 M * slack101 as i said this is a bad problem to have 1174501247 M * Bertl daniel_hozac: not sure, maybe a kernel issue? 1174501274 M * daniel_hozac chbind --nid 1 does the same thing as ncontext --nid 1 --migrate here. 1174501316 M * Bertl hmm, I would expect ncontext --nid 1 --migrate -- lsof -ni to show something, no? 1174501319 M * slack101 maybe the ip's are setup bad 1174501344 M * daniel_hozac yep. 1174501353 M * Bertl well, seems it doesn't ... 1174501368 M * daniel_hozac maybe lsof is strange? 1174501449 M * Bertl ncontext --nid 1 --migrate -- cat /proc/net/tcp 1174501453 M * Bertl and cat too? 1174501467 M * Bertl well, cats are strange indeed :) 1174501474 M * daniel_hozac sounds like a kernel issue then. 1174501480 J * boci^ boci@pool-4774.adsl.interware.hu 1174501482 M * Bertl yep 1174501491 M * slack101 Bertl: should i just delete the guest ip and re add .........hopefully the right way 1174501514 M * Bertl slack101: you can try that 1174501543 M * slack101 know any place i could go to fin out how to do that ? 1174501547 M * daniel_hozac Bertl: what kernel is that? works fine here on 2.6.20.3-vs2.2.0-rc18. 1174501570 M * Bertl 2.6.19.7-vs2.2.0-rc18 1174501582 M * daniel_hozac interesting... 1174501737 M * daniel_hozac hmm, doesn't that lack the special-case of nid 1 migration? 1174501753 M * daniel_hozac or is it me that sucks and just can't find it? 1174501783 M * Bertl daniel_hozac: you don't suck. period. :) 1174501800 M * daniel_hozac ah, there it is. 1174501807 M * daniel_hozac helps if you're searching for the right thing though ;) 1174501888 A * slack101 cries 1174502063 M * Bertl slack101: again? 1174502078 M * slack101 yes mann 1174502083 M * slack101 this is the only little thing 1174502086 M * Bertl slack101: install 'nc' the 'netcat' tool on the host and inside the guest 1174502110 M * Bertl slack101: we'll use that to find the issue ... 1174502111 M * daniel_hozac Bertl: i really don't see anything drastically different between 2.6.19 and 2.6.20 in this regard. i'll build a 2.6.19 kernel myself. 1174502120 J * lost_bot ~lost_bot@cust.dyn.83-173-254-22.cybernet.ch 1174502130 M * Bertl daniel_hozac: me neither ... but you can observer it in princeton 1174502135 M * Bertl -r 1174502139 M * Bertl welcome lost_bot! 1174502143 M * lost_bot =) 1174502157 M * Bertl slack101: try to change the port numer inside the guest to e.g. 2222 1174502194 M * slack101 of? 1174502198 M * Bertl for the sshd 1174502252 N * DoberMann[PullA] DoberMann 1174502319 M * daniel_hozac Bertl: that's weird. same thing with vcmd? 1174502332 M * slack101 http://phpfi.com/218106 1174502334 M * slack101 lol 1174502339 M * slack101 i just looked at the config 1174502342 M * slack101 its the old one 1174502351 M * slack101 Bertl: look at that 1174502362 Q * s0undt3ch Remote host closed the connection 1174502387 M * Bertl slack101: so you are binding to the wrong port, which _is_ used on the host? 1174502399 M * slack101 23 is used? 1174502407 J * s0undt3ch ~s0undt3ch@80.69.34.154 1174502422 M * slack101 this is on the guest 1174502423 M * Bertl slack101: well, it could be ... check with lsof -ni :23 :) 1174502445 M * slack101 nothing 1174502447 M * daniel_hozac Bertl: and this is a vanilla 2.6.19.7-vs2.2.0-rc18 tree? 1174502450 M * slack101 what abotu the ip part 1174502455 M * Bertl daniel_hozac: it fails for me with both 2.6.20.3 and 2.6.19.7 1174502480 M * Bertl slack101: the listen is fine, it binds to 0.0.0.0 by default 1174502505 M * Bertl slack101: maybe comment out the ListenAddress :: 1174502514 M * daniel_hozac Bertl: oh hey, CONFIG_VSERVER_PRIVACY? 1174502516 M * Bertl (because it looks very ipv6-ish to me) 1174502524 M * slack101 ok 1174502529 M * Bertl daniel_hozac: excellent point! sec 1174502544 M * slack101 change it back to port 22 ? 1174502574 M * Bertl daniel_hozac: yep, enabled here in both cases, disabled for you? 1174502779 M * Bertl lost_bot: can we do something for you? if not, feel free to hang around :) 1174503153 M * lost_bot =) sry.. i was reading something.. :) 1174503178 J * Johnnie ~jdlewis@jdlewis.org 1174503193 M * Bertl lost_bot: np ... 1174503197 M * Bertl Johnnie: wb! 1174503201 M * lost_bot well... in fact for the moment ive no questions... even this will make me a fool forever... vserver works like a charm =) 1174503232 M * slack101 Mar 21 18:49:14 tessster sshd[31348]: Server listening on 0.0.0.0 port 22. 1174503237 M * Bertl lost_bot: that's the way it should be ... 1174503249 M * lost_bot i sure come back when try put vserver under heartbeat.. :) 1174503251 M * Bertl slack101: looks better now :) 1174503260 M * slack101 what is it lsof 1174503267 M * slack101 lsof | 22 ? 1174503271 M * Bertl lsof -ni :22 1174503295 M * slack101 HOLY shit 1174503301 M * lost_bot =) 1174503303 M * slack101 all becasue of a stupid 1 thing in a config file 1174503321 M * Bertl slack101: yeah, users do strange things :) 1174503397 M * lost_bot =) ok.. byez... 1174503400 M * lost_bot cya soon 1174503416 P * lost_bot ...byez... 1174503454 M * slack101 Bertl: works 1174503457 M * slack101 hollllllly crap 1174503462 M * slack101 3 things yesterday 2 thing morning 1174503465 M * slack101 becasue of one thing 1174503564 M * daniel_hozac Bertl: yeah, i wanted to check something in xid 1 and noticed that wasn't possible ;) 1174503603 M * Bertl okay, double checking now with changed options 1174503613 M * sannes possible to mount a tmfs inside a vserver, or is the risk too high? 1174503631 M * Bertl sannes: actually that is done by default for /tmp :) 1174503635 M * sannes s/tmfs/tmpfs/ 1174503655 M * Bertl daniel_hozac: yep, works fine now 1174503655 Q * dna Ping timeout: 480 seconds 1174503669 M * daniel_hozac Bertl: heh, good. you really scared me there ;) 1174503678 M * sannes Bertl: got permission denied when I tried (I have SECURE_MOUNT enabled) .. hm 1174503682 M * Bertl daniel_hozac: I scared the hell out of myself :) 1174503701 M * Bertl sannes: why not mount it via the config fstab? 1174503721 M * Bertl sannes: like the default /tmp is mounted :) 1174503743 M * sannes Bertl: ah, well, it is for dynamically mounted .. 1174503776 M * Bertl daniel_hozac: okay, I'm going to bang on the procfs issues now ... until I find a way to recompile the rpm :) 1174503780 M * sannes Bertl: what I'm trying to achive is hiding other users directories so that /home only shows what directories you actually have access to (just writing a small pam module) 1174503794 M * Bertl OMG 1174503806 M * daniel_hozac Bertl: hehe, okay. i've been unable to figure something out about the proc stuff. 1174503807 Q * ntrs_ Read error: Connection reset by peer 1174503824 M * slack101 ok 1174503837 M * sannes Bertl: so, I have two options, one is to make a temporary directory one for each namespace I make .. or one tmpfs that will disappear .. 1174503838 M * slack101 got bind postfix httpd hmmmmmm anything else hmmm 1174503851 M * slack101 i will just use a shared mysql server 1174503858 M * Bertl do that 1174503861 M * sannes Bertl: when the namespace exits .. 1174503878 M * slack101 Bertl: talking to me ? 1174503895 M * Bertl slack101: since yesterday, yes :) 1174503910 M * slack101 mysql can get reaoruce hungry 1174503936 M * Bertl sannes: can't follow your tmps stuff ... 1174503943 M * Bertl *tmpfs even 1174503960 M * slack101 if they need to they can install their own mysql i wont stop them but using shared one will be recomended 1174503993 M * daniel_hozac sannes: what would the point be? 1174504024 M * sannes Bertl: "newnamespace" mount -o bind /home /mnt/tmphome ; mount -t tmpfs none /home ; mount -o bind /mnt/tmphome/user /home/user ; umount /mnt/tmphome 1174504063 M * sannes daniel_hozac: some users are not that good with permissions, isolating them a little bit more makes sense for my setup :P 1174504067 M * slack101 Bertl: Mem: 504152 145116 << isnt that alot ? 1174504078 M * daniel_hozac sannes: give them separate guests? 1174504230 M * sannes daniel_hozac: how will that work if a user su's from one user to the next? 1174504242 M * daniel_hozac sannes: it won't :) 1174504260 M * sannes daniel_hozac: and then I'd have to run the same services (ssh and such) for each user .. 1174504322 M * Bertl slack101: compared to what? and for what? 1174504325 M * daniel_hozac sannes: so you'd rather unshare the filesystem namespace and do some mounting? 1174504337 M * slack101 Bertl: thats inside of a vserver 1174504344 M * sannes daniel_hozac: yip :) 1174504412 M * daniel_hozac sannes: so, secure_mount doesn't enable mounting tmpfs? 1174504418 M * slack101 Bertl: how do i get the exact ram useage of a vserver? 1174504437 M * slack101 when i do free inside of a guest it show me host ram too 1174504455 M * sannes daniel_hozac: I was just wondering if I was missing something when I couldn't mount tmpfs, if I can't I can work around it :) 1174504463 M * daniel_hozac slack101: vserver-stat with recent util-vserver, or grep RSS /proc/virtual//limit 1174504481 M * slack101 they can also see my hd 1174504485 M * slack101 with df -h 1174504518 M * Bertl slack101: http://linux-vserver.org/Capabilities_and_Flags (see VIRT_*) 1174504539 M * daniel_hozac sannes: well, i'm not quite clear on what the correct semantics are for *mount. 1174504544 M * Bertl slack101: for the disk, you want to read up on the Disk Limit url I pasted yesterday 1174504575 A * slack101 checks logs 1174504577 M * sannes daniel_hozac: what do you mean? 1174504595 M * slack101 Bertl: but it is possible they dont havee access to see my hd right ? :) 1174504605 M * daniel_hozac sannes: what each of them is supposed to enable, etc. 1174504623 M * slack101 and how cna i get real ram useage like wihout cache n stuff 1174504664 M * sannes daniel_hozac: (just for the record, I don't have any outstanding isssues or anything) *mount, what do you mean by that? system calls? 1174504692 M * daniel_hozac secure_mount, binary_mount, secure_remount 1174504756 M * sannes what is binary_mount? 1174504766 M * daniel_hozac try adding that. i think that'll make it work. 1174504776 Q * yarihm Quit: Leaving 1174504781 M * daniel_hozac see http://linux-vserver.org/Capabilities_and_Flags 1174504818 M * sannes ah, I'll try thanks :) 1174504890 Q * michal` Ping timeout: 480 seconds 1174504909 M * Bertl slack101: information about the guest itself can be retrieved on the host via /proc/virtual/* 1174504940 J * stefani ~stefani@flute.radonc.washington.edu 1174505022 M * slack101 well according to this my whoole server is using 22 mb of mem 1174505040 M * matti Hi Bertl 1174505142 M * Bertl morning stefani! hey matti! 1174505151 M * Bertl slack101: could be ... 1174505165 M * stefani time for knoppix and ubuntu vserver-enabled disks. 1174505166 M * slack101 hmmmmm 1174505187 M * slack101 Bertl: 169 mb are used but minus the cache n stuff it says its only 22 mb 1174505444 J * michal` ~michal@www.rsbac.org 1174505824 M * slack101 also done setting it up 1174505832 M * slack101 Bertl: then i can tar it right :) 1174505860 M * daniel_hozac sannes: any luck? 1174505870 M * Bertl slack101: sure, and use it as template ... 1174505954 M * slack101 so does bind just resolve all ip's that come in ? 1174506015 M * daniel_hozac might want to read some BIND docs... 1174506036 A * slack101 is nw 1174506038 M * slack101 now 1174506095 M * Bertl daniel_hozac: sorry for bothering you again, but is the Jarek Dylag issue now resolved? 1174506105 J * prae ~benjamin@foxhound.sherpadown.net 1174506122 M * daniel_hozac Bertl: well, i think so. 1174506138 M * Bertl could you send a short reply and let him test? 1174506235 M * slack101 this vserver is pretty cool 1174506256 M * Bertl slack101: we think so too :) 1174506276 M * slack101 i didnt even think stuff like this was really possible 1174506285 M * slack101 well i knew about vmware 1174506292 M * slack101 but thats not pratical 1174506315 M * daniel_hozac Bertl: done. 1174506329 M * Bertl daniel_hozac: tx! 1174506344 M * slack101 how old arre you guys ? 1174506422 M * Bertl slack101: I bet I'm older than you :) 1174506457 M * slack101 << 19 1174506480 Q * dhansen Ping timeout: 480 seconds 1174506483 M * daniel_hozac hah, even i am older! 1174506495 M * slack101 :\ 1174506496 M * slack101 :P 1174506515 J * ema ~ema@rtfm.galliera.it 1174506643 M * slack101 basically i had a shred hosting comapny .......with like 70 custmers ........and i paid a guy to set it up ........ but now i wanted to do virtual hosting and do away with the shared .......i am selling the shared customers wel ll pratically giving to another small compay and i got like 20 or so people all lined up for VPS .....as in ready to charge credit card 50.00 ........but the other guy was setting it up and was takkkkkkkking 1174506643 M * slack101 forever .....and i just got almosy everytinng up in one night and this moring 1174506671 M * slack101 if everything goes smooth in 2 months i will do dedicated 1174506718 M * slack101 if you guys were wondering :P 1174506721 M * DavidS linux vserver: licensed to print money :) 1174506755 M * slack101 he wasted 3 weeek of my time already 1174506761 M * Bertl slack101: well, let me mention the donations page at this point :) 1174506772 M * slack101 Bertl: paypal ? 1174506779 M * Bertl yup 1174506784 M * slack101 what is your paypal ? 1174506824 M * Bertl http://www.13thfloor.at/vserver/donate/ 1174506851 M * Bertl (just click on the paypal logo, should work) 1174506865 M * slack101 is this your paypal or a vserver one ? 1174506891 M * Bertl this is my paypal account for Linux-VServer stuff ... 1174506908 M * slack101 i will be happy to give a nice contribution 1174506917 M * slack101 i am suppose to give this guy 3,500 usd 1174506921 M * slack101 for setting it up 1174506932 M * Bertl we will appreciate it and list you on our Hall'o'Fame 1174506968 M * Bertl http://linux-vserver.org/Hall_of_Fame 1174507007 M * slack101 my paypal is dry becasue i just emptied well 8.00 but i will send a few hundred in a week or so 1174507010 M * slack101 promise :) 1174507025 M * Bertl whatever you consider appropriate ... 1174507063 M * slack101 more then 8.00 obvously :) 1174507147 N * DoberMann DoberMann[Flim] 1174507318 M * Bertl DoberMann[Flim]: is Flim a typo or something fancy? 1174507658 M * Bertl daniel_hozac: you have pa-riscs? 1174507690 M * daniel_hozac Bertl: yeah, i've got a really ancient one. 1174507697 M * daniel_hozac 80 MHz and 32 MiB RAM, IIRC :) 1174507706 M * Bertl nice, nice ... 1174507750 M * daniel_hozac why do you ask? 1174507775 M * Bertl ah, just stubled over your 'about.php' 1174507800 M * daniel_hozac oh, hehe. 1174507848 M * daniel_hozac the sparcs are more useful, 440 MHz with 512 MiB RAM. 1174507861 M * Bertl 64 or 32bit? 1174507864 M * daniel_hozac 64. 1174507880 M * Bertl Linux? 1174507880 M * daniel_hozac UltraSPARC IIe, if i'm not mistaken. 1174507883 M * daniel_hozac yeah. 1174507897 M * Bertl Linux-VServer every now and then? 1174507909 M * daniel_hozac currently neither of them is hooked up though, and i'm lacking power outlets right now... 1174508286 M * hardwire I just got rid of a mipsel machine 1174508293 M * hardwire 64 megs of ram. 250mhz 1174508298 M * hardwire sniff 1174508307 M * hardwire it was just sitting there unused, I had to get rid of it. 1174508319 M * hardwire cobalt qube2 1174508361 M * Bertl linux capable? 1174508367 M * sid3windr tisk tisk 1174508368 J * dna ~naucki@p54bcd961.dip.t-dialin.net 1174508405 Q * dreamind Quit: dreamind 1174508464 Q * ema Quit: leaving 1174508471 Q * shedi Ping timeout: 480 seconds 1174508917 Q * slack101 Remote host closed the connection 1174509047 Q * transacid Remote host closed the connection 1174509065 J * transacid ~transacid@transacid.de 1174509069 J * shedi ~siggi@ftth-237-144.hive.is 1174509085 Q * Guy- Remote host closed the connection 1174509090 J * Guy- rqmM5Mz3Jl@chardonnay.math.bme.hu 1174509112 J * slack101 ~root@cpe-71-65-58-25.insight.res.rr.com 1174509214 M * Bertl okay, off for now ... back a little later ... 1174509218 N * Bertl Bertl_oO 1174509252 Q * derjohn Ping timeout: 480 seconds 1174509936 J * derjohn ~derjohn@80.69.41.3 1174510111 Q * gab Ping timeout: 480 seconds 1174510201 J * yarihm ~yarihm@84-75-132-210.dclient.hispeed.ch 1174511140 Q * dna Ping timeout: 480 seconds 1174511153 J * dna ~naucki@p54bcd961.dip.t-dialin.net 1174511595 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1174511626 Q * DavidS Quit: Leaving. 1174512066 M * slack101 Bertl_oO: thanks again for al ur help 1174512482 J * Aiken ~james@ppp250-73.lns2.bne4.internode.on.net 1174512803 Q * sladen Ping timeout: 480 seconds 1174512975 J * sladen paul@starsky.19inch.net 1174514171 M * DoberMann[Flim] Bertl_oO: it's a play on word used (film) in a french film called "la cité de la peur" 1174514744 N * DoberMann[Flim] DoberMann 1174515229 P * stefani I'm Parting (the water) 1174515311 M * slack101 for my VPS what should i do with the iptables stuff ? 1174515325 M * slack101 i cant stop them from opening ports on thier network 1174515331 M * slack101 what should i use it for ? 1174515943 Q * mire Ping timeout: 480 seconds 1174517112 Q * s0undt3ch Remote host closed the connection 1174517263 J * s0undt3ch ~s0undt3ch@80.69.34.154 1174517309 Q * s0undt3ch Remote host closed the connection 1174517466 J * s0undt3ch ~s0undt3ch@80.69.34.154 1174517810 Q * yarihm Ping timeout: 480 seconds 1174518666 J * yarihm ~yarihm@84-75-132-210.dclient.hispeed.ch 1174518674 Q * yarihm 1174518684 Q * bonbons Quit: Leaving 1174518867 N * DoberMann DoberMann[ZZZzzz] 1174518988 Q * prae Quit: Pwet 1174519305 J * cuscus ~jesus@199.Red-83-37-185.dynamicIP.rima-tde.net 1174519340 J * FireEgl ~FireEgl@adsl-61-136-122.bhm.bellsouth.net 1174519494 Q * cuscus 1174520166 Q * dna Quit: Verlassend 1174520535 Q * gerrit Ping timeout: 480 seconds