1174780906 T * Bertl http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc2, 2.2.0-rc20, devel 2.3.0.11, stable+grsec 2.0.2.1, 2.2.0-rc19 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1174781353 M * daniel_hozac ok, wiki updated. 1174781364 M * Wonka .oO( wake up, harry... ) 1174781367 M * daniel_hozac (why doesn't it insist on logging me out every once in a while?) 1174781375 M * daniel_hozac s/doesn't/does/ 1174783945 Q * ensc Remote host closed the connection 1174784311 A * harry will wake up 1174784325 A * harry will interdiff tomorrow 1174784331 M * harry and patch again 1174784735 Q * DavidS Quit: Leaving. 1174787391 Q * virtuoso_ Ping timeout: 480 seconds 1174787669 M * Bertl okay, off to bed now ... have a good one everyone! cya! 1174787675 N * Bertl Bertl_zZ 1174788049 Q * meebey_ Remote host closed the connection 1174788057 J * meebey meebey@booster.qnetp.net 1174790914 Q * FireEgl Quit: ... 1174791886 Q * softi42 Ping timeout: 480 seconds 1174792497 J * softi42 ~softi@p549D7601.dip.t-dialin.net 1174796087 J * lylix ~eric@dynamic-acs-24-154-33-9.zoominternet.net 1174810660 J * boci^ ~boci@pool-8151.adsl.interware.hu 1174810823 M * Hollow daniel_hozac: ping? 1174811897 J * bonbons ~bonbons@83.222.39.201 1174812108 Q * besonen_mobile_ Read error: Connection reset by peer 1174812109 J * besonen_mobile ~besonen_m@71-220-225-182.eugn.qwest.net 1174812292 M * daniel_hozac Hollow: pong 1174812367 M * Hollow daniel_hozac: i just tried to compile rc5, and got that error: http://paste.linux-vserver.org/1352 however, i'm not able to reproduce it anymore :) 1174812377 M * Hollow tried like 10 times now, but it always works 1174812444 M * daniel_hozac hmm, missing dependency? 1174812487 M * Hollow no.. i had 0.30.212 installed before, so all deps were already installed 1174812505 M * Hollow it seems like on the first run one run of sed was missing 1174812519 M * daniel_hozac well, i meant in the Makefile. 1174812526 M * Hollow i somehow have the feeling -j3 was causing it 1174812535 M * Hollow ah 1174812579 M * bonbons daniel_hozac: on Gentoo util-vserver...rc5 looks for nice in /bin/ but it's located in /usr/bin/ ... 1174812596 M * daniel_hozac strange though, as it seems to be generated. 1174812612 M * daniel_hozac bonbons: hmm? 1174812640 M * daniel_hozac the configure script looks for the binaries in PATH. 1174812655 M * Hollow bonbons: my util-vserver installation found nice in /usr/bin 1174812664 M * bonbons maybe it was symlinked to /bin when I updated util-vserver and the system update made it move? 1174812676 M * daniel_hozac probably. 1174812682 M * daniel_hozac it'll take the first one that isn't a symlink. 1174812697 M * daniel_hozac or, uh, no. 1174812707 M * Hollow btw, i made some new stages with baselayout-1.13.0_alpha12 1174812707 M * daniel_hozac it resolves the symlink and uses that. 1174812833 M * bonbons Hollow, daniel_hozac: coreutils-6.4 -> coreutils-6.7-r1 ... let's see what else got moved/dropped 1174812875 J * virtuoso ~s0t0na@80.253.205.251 1174813198 M * bonbons here is the diff of the binaries in both coreutils versions: http://paste.linux-vserver.org/1353 1174813350 M * bonbons I guess that kind of moves will break all the software that hardcodes paths to binaries... (Hollow, probably you updated coreutils before updating util-vserver) 1174813375 M * Hollow no, i wouldn't even think of touching coreutils ;) 1174813584 J * dna ~naucki@p54bcd66c.dip.t-dialin.net 1174813629 J * FireEgl ~FireEgl@adsl-61-136-122.bhm.bellsouth.net 1174814856 M * bonbons daniel_hozac: are there some default context limits set? 1174814982 M * bonbons I have one with apache that's often "locked down", very probably because of total open files in the context (there are about 1000-1020 file descriptors) 1174815393 M * daniel_hozac util-vserver 0.30.212+ should reset all limits. 1174815422 M * daniel_hozac however, it's possible that you're running into limits set by the guest, e.g. in /etc/security/limits.conf. 1174815573 M * bonbons I have no /etc/security/limits, just a /etc/limits with just commented lines inside 1174815649 M * bonbons is there a place I can check what current limits are (reading /proc/ as I can't login to that guest) 1174815687 M * daniel_hozac /proc/virtual/xid/limits shows the context limits. 1174815728 M * daniel_hozac i don't know if the ulimits are exported anywhere. 1174815902 M * bonbons in /proc/virtual/xid/limits soft/hard == -1, hit == 0 1174816027 M * daniel_hozac so that's not what's causing it. 1174816037 M * daniel_hozac probably the ulimits then. 1174816151 M * bonbons what's weird is that I can vserver guest enter, but login on agetty for the guest does not work, respawned sshd does not listen, respawned oftpd's are not listening 1174816174 M * daniel_hozac vserver guest enter probably avoids the ulimits. 1174816202 M * bonbons and I have a few sendmail (ssmtp) instances called by apache that are sleeping as well as a few apache children sleeping 1174816212 M * bonbons but do ulimits apply to root as well? 1174816260 M * daniel_hozac yes, i think so. 1174816488 M * bonbons does sysvinit set some limits without telling about it? 1174816628 M * bonbons or how can I find out what exactly is causing the trouble? 1174816664 J * ensc ~irc-ensc@p54b4d3d8.dip.t-dialin.net 1174816770 M * daniel_hozac have one of your problematic processes run ulimit -a. 1174816788 M * daniel_hozac (after restarting the guest, i guess) 1174817087 M * bonbons I tried and that one looks fine (in a script started from init), content is same as on host, and nearly same as on another box 1174817143 M * bonbons just "pending signals" and "max user processes" which are a bit higher (4095 in the guest instead of 3xxx on the other machine) 1174817241 M * bonbons even the init in that guest is now deeply asleep, 4 signals pending (a few zombies), that after a 'telinit q'! 1174817369 M * daniel_hozac this is with util-vserver 0.30.212+, right? 1174817577 M * bonbons yes 1174817606 M * bonbons 213-rc5 to be precise 1174817654 M * bonbons but this far it's only that one guest that's affected (and that's also the only one with really trimmed-down init... all started from inittab without gentoo rc-scripts) 1174817736 M * daniel_hozac interesting. 1174817763 M * daniel_hozac there should be no limits set by util-vserver then, unless you've configured them in /etc/vservers//ulimits. 1174817808 M * daniel_hozac or, hmm. you were looking at the soft limit, i think util-vserver only resets the hard one. 1174817812 M * daniel_hozac try ulimit -Ha 1174817870 M * bonbons here is the inittab: http://paste.linux-vserver.org/1354 1174817965 M * bonbons ulimit -Ha hosw unlimited stack size and core file size, but that's the only difference 1174818009 M * bonbons that was on the host 1174818086 M * bonbons on the guest there are a few more differences: unlimited locked memory, 1024 times more file descriptors, and unlimited process count 1174818174 M * bonbons and the guest has no limits configured (none of my guests has /etc/vserver//ulimits) 1174818257 M * bonbons it's 2.6.20.1-vs2.2.0.ipv6-pre4 kernel 1174820410 Q * DreamerC_ Quit: leaving 1174820427 J * DreamerC ~dreamerc@125-225-97-143.dynamic.hinet.net 1174820776 Q * ||Cobra|| Ping timeout: 480 seconds 1174821240 Q * sid3windr Ping timeout: 480 seconds 1174821330 M * bonbons daniel_hozac: seems like it's triggered by lots connections to oftpd, but still don't know what is locking things up 1174821509 J * ||Cobra|| ~cob@pc-csa01.science.uva.nl 1174821570 J * sid3windr luser@bastard-operator.from-hell.be 1174822965 Q * yarihm Read error: No route to host 1174823156 J * yarihm ~yarihm@84-74-16-109.dclient.hispeed.ch 1174823388 Q * Aiken Quit: Leaving 1174824012 Q * dev-zero Remote host closed the connection 1174824531 T * harry http://linux-vserver.org/ | latest stable 2.0.2.1, 2.0.3-rc2, 2.2.0-rc20, devel 2.3.0.11, stable+grsec 2.0.2.1, 2.2.0-rc20 | util-vserver-0.30.212 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1174824536 M * harry patch updates 1174824536 M * harry updated 1174824548 M * harry looks like a revert to what it was 1174824607 M * matti Hi harry :) 1174824610 M * matti How are you? 1174824788 M * harry goooooooooooooood 1174824793 M * harry working... as usual 1174824797 M * harry on a sunday afternoon :( 1174824815 M * harry so!... /me stops doing that, and is off!!!!!! ;) 1174826497 J * benbalbo ~benbalbo@210-84-4-155.dyn.iinet.net.au 1174827231 Q * trippeh Quit: Weee! 1174827888 M * benbalbo Hi all! I'm about to install debian etch with vserver support and intend to run ubuntu as a vserver and want to use this vserver's x session by default. I've found a few howtos and understand it's best to run x in the host and connect to the xdm on the vserver. How well will this setup work with twinview on an nvidia card? 1174828907 J * Asmodeo ~chatzilla@151.66.0.89 1174829027 M * daniel_hozac benbalbo: should be fine, i guess. 1174829066 M * benbalbo thanks daniel! I'll be documenting the process anyway and will note any issues I have - possibly asking here again for help :-) 1174829076 M * daniel_hozac sounds good. 1174829111 M * daniel_hozac bonbons: yeah, i guess you might need to raise the file descriptor soft ulimit. 1174829128 J * trippeh atomt@uff.ugh.no 1174829132 M * daniel_hozac bonbons: btw, any more results with the reboot "fix"? 1174829199 M * trippeh The init fix in -rc20, what does it take to trigger it? 1174829216 M * bonbons not tried much more for the reboot "fix" 1174829230 M * trippeh That is, trigger the bug 1174829246 A * trippeh JUST rebooted into -rc19 :-P 1174829266 M * bonbons the "half-freezing" guest does not want to happen again right now, not sure if it's really a limit or not 1174829411 Q * nou Ping timeout: 480 seconds 1174829547 M * daniel_hozac trippeh: vserver start; vserver exec ps faux; vps faux 1174829617 M * trippeh I guess I can live with that 1174829619 M * harry daniel_hozac: that should trigger it? 1174829630 M * daniel_hozac harry: yes, that shows the problem. 1174829648 M * harry nice :) 1174829662 M * daniel_hozac note: _not_ the tty->driver issue, but that might also be fixed by this. 1174829683 M * trippeh Will it crash the host? 1174829690 M * daniel_hozac no, just show the wrong values in xid 1. 1174829703 A * trippeh still didn't find a serial cable ;) 1174829713 M * daniel_hozac the tty->driver issue might crash the host though. 1174829722 M * trippeh Okay 1174829738 M * daniel_hozac (IIRC that caused the process to die with some rather important locks held) 1174829740 Q * meandtheshell Quit: Leaving. 1174829752 M * trippeh I'll prepare rc20 then, and just have it ready in case some other opportunity to reboot passes by. 1174830409 J * meandtheshel1 ~markus@85-124-233-7.work.xdsl-line.inode.at 1174830476 J * nou Chaton@causse.larzac.fr.eu.org 1174830574 M * Asmodeo hello 1174830604 M * Asmodeo I'm really new to vserver and I have some issues. Can I ask for help here? 1174830818 M * daniel_hozac that's the idea. 1174830902 M * Asmodeo Thanks 1174830961 M * Asmodeo I have tried to create a gentoo guest following the veserver gentoo howto and using the stage3 from gentoo mirrors 1174831024 M * Asmodeo when the guest is running I tried to run vupdateworld but it doesn't work 1174831047 M * Asmodeo it teel me that there are no digest available 1174831086 M * daniel_hozac hmm, Hollow? 1174831684 M * Hollow Asmodeo: you have to update portage manually (best is to create a binpkg), there will be new stages really soon.. they are already compiling ;) 1174831779 M * Asmodeo I tried to update portage manually with a binpkg, but after that the vupdateworld still do not wrok 1174831814 M * Asmodeo It's great to know that new stages will be available soon 1174831956 M * Asmodeo I think that I will wait :-) Thanks 1174832539 N * Bertl_zZ Bertl 1174832545 M * daniel_hozac morning Bertl! 1174832546 M * Bertl morning folks! 1174832913 Q * benbalbo Quit: Leaving 1174834145 M * Bertl so how is rc20 going? 1174834370 M * harry will see if we can reboot some servers tomorrow 1174834377 M * harry can't test until the 1174834377 M * harry n 1174834437 M * Hollow don't know about rc20 yet, bur rc5 works fine :) 1174834627 M * Asmodeo do you suggest to use the latest stable or some other versions? 1174834646 M * matti Bertl: :)) 1174834648 M * matti Hollow: :) 1174834716 M * matti harry: I am still trying to convice my company to make a hardware donation for us. And maybe some space in our server room - 1U or so... Then, you can test whatever you want :) 1174834794 M * Hollow Asmodeo: do you run amd64 by chance? 1174834802 M * Asmodeo no 1174834810 M * Hollow ok, then you have to wait a little longer :) 1174834822 M * matti Hollow: How are ya? 1174834837 M * Hollow matti: fine.. spent today building stages :) 1174834844 M * matti Heheh. 1174834858 M * Asmodeo how longer? :-) 1174834862 M * matti Hollow: Go outside! Meet some people. 1174834868 M * daniel_hozac Asmodeo: 2.2.0-rc20 is recommended at this point. 1174834870 M * Hollow we even have a stage4 now, and i will write a quick howto for creating custom stage4 1174834872 M * matti Hollow: I don't know... take some pictures maybe :) 1174834910 M * Hollow Asmodeo: ask phreak``, he's building them 1174834932 M * matti Hollow: Do _NOT_ work all your sunday... :( 1174834975 M * Hollow matti: well, i watched enough simpsons and scrubs episodes .. ;) 1174834983 M * matti ROTFL 1174834990 M * matti Hollow: :D 1174835015 M * Bertl matti: ah, it's sunday? 1174835020 M * Hollow seems so 1174835038 M * Hollow at least in CET :) 1174835058 M * matti I don't have BET unfortunately :< 1174835064 M * Bertl Hollow: CEST, no? :) 1174835068 M * matti s/BET/BUT/ 1174835069 M * Hollow erm, yeah. 1174835070 M * Hollow :) 1174835087 M * Hollow i switched my clock live tonight 1174835088 M * Hollow :P 1174835091 M * Bertl those bastards stole another hour from us :) 1174835096 M * Hollow was out, and exactly switched it at 2am 1174835103 M * phreak`` I'm still building the stages, yes 1174835142 M * Hollow the amd64 ones can already be found at http://people.linux-vserver.org/~hollow/stages/ 1174835148 M * Asmodeo phreak: are you building new stages also for x86 1174835156 M * Hollow only for x86 :) 1174835182 M * Asmodeo ok :_) 1174835194 M * Asmodeo ok :-) 1174835203 M * matti Bertl: What time and day is in BUT right now? 1174835217 M * Hollow NULL 1174835246 M * Bertl matti: 10:07am 1174835247 M * phreak`` Hollow: its always NULL in your TZ ;P 1174835254 M * matti Bertl: Hehehe. 1174835255 M * Hollow :) 1174835285 M * Hollow it's like 31:07 here 1174835298 M * Bertl you're still up? 1174835309 M * Hollow well, i took a short nap .. but that doesn't really count ;) 1174835326 M * matti Hollow: Go to sleep! 1174835333 M * matti Hollow: You crazy silly boy. 1174835333 M * matti :) 1174835346 A * Hollow looks behind himself 1174835352 M * Hollow *shrug* 1174835355 M * matti Hehehe. 1174835370 M * Hollow matti: nobody there 1174835371 M * Hollow ;) 1174835381 M * matti Hollow: I am under your bed! 1174835381 M * matti ;p 1174835387 M * matti Hollow: Not behind you. 1174835388 M * matti ;D 1174835420 M * Asmodeo phreak: where the new x86 stages will be available when ready? 1174835433 M * Hollow poor you, since i have no "under my bed", since my mattres lies on the floor :P 1174835441 M * phreak`` Asmodeo: haven't decided yet 1174835444 M * matti Hollow: Oh crap. 1174835446 M * matti ;D 1174835446 M * Hollow Asmodeo: same url ;) 1174835465 M * phreak`` daniel_hozac: hrm, the vserver-functions seems to be a bit wanky 1174835471 M * phreak`` /usr/lib/util-vserver/vserver.functions: line 122: /bin/nice: No such file or directory 1174835471 M * daniel_hozac phreak``: hmm? 1174835474 M * phreak`` /usr/lib/util-vserver/vserver.functions: line 126: let: nice=0-: syntax error: operand expected (error token is "-") 1174835480 M * Hollow heh. 1174835484 M * daniel_hozac phreak``: well, do you have /bin/nice? :) 1174835501 M * Hollow didn't we have that about 7 hours earlier already? 1174835504 M * daniel_hozac yep 1174835506 M * phreak`` daniel_hozac: yeah, in /usr/bin :P 1174835523 M * Asmodeo it's le last coreutils update :-) 1174835530 M * Hollow deja-vu 1174835548 M * Hollow did it move binaries? i didn't pay attention at -7h :) 1174835555 M * daniel_hozac yep. 1174835560 M * Hollow ugly 1174835569 M * daniel_hozac indeed. 1174835603 M * matti Bleh. 1174835871 M * matti Hm. 1174835885 M * matti Maybe I should upload my new photos from Spain. 1174835899 A * matti is a bit lazy today. 1174836112 M * tokkee Is there going to be a Linux-VServer booth at Linuxtag 2007 in Berlin? 1174836130 M * Hollow o.O 1174836133 M * Hollow berlin? 1174836193 M * Hollow nice .. :) 1174836222 M * tokkee Well... depends... ;-) 1174836285 M * Hollow well, like 15 minutes away from here, so.. quite nice actually ;) 1174836318 M * matti Hollow: Pfff ;p 1174836342 M * Hollow so.. where do we register? ;) 1174836354 M * tokkee Dunno. 1174836392 M * tokkee Hollow: I got about 4.5 hours... :-/ 1174836474 M * Hollow well, we're too late for a booth, but nevertheless we can meet 1174836490 M * tokkee I guess I'll be around ;-) 1174836666 M * Hollow Bertl: you around at linuxtag? 1174836671 M * Bertl Hollow: if you want to do it, it might still be possible 1174836678 M * Hollow yeah, i would 1174836782 M * Bertl Hollow: then I would send an inquiry with apologies for the missed deadline ... 1174836792 M * Hollow yeah, i'm already at it ;) 1174836796 M * matti :> 1174836807 M * matti Hollow: Go tiger! 1174836808 M * matti ;] 1174837024 M * Hollow sent 1174837096 Q * m`m`h Ping timeout: 480 seconds 1174837097 M * matti OK, I know, what I want for my birthday. 1174837097 M * matti ;] 1174837102 M * matti 80-200 mm from Nikon. 1174837111 M * matti Amazing lens. 1174837265 A * tokkee prefers Canon lenses ;-D 1174837277 M * matti tokkee: I like my D80 ;] 1174837318 M * tokkee matti: I'd guess so ;-) 1174837321 M * matti ;] 1174837337 M * tokkee matti: My 30D isn't bad though either ;-) 1174837339 M * matti D80 + SCCD from Fuji... 1174837348 M * matti And you have perfect DSLR ;) 1174837366 M * matti tokkee: It's good indeed. 1174837428 M * matti tokkee: I don't like Canon just because I don't like the way how they feel in hand. But lenses are indeed fine. IIRC one lens from from some kit is amazing tho 1174837433 M * matti Ops. 1174837436 M * matti To much from. 1174837441 M * matti Too. 1174837497 M * tokkee matti: Well... the 3XX and 4XX series is way too small, but the 30D feels just fine :-) 1174837507 M * matti :) 1174837512 M * matti Oh, so you know what I mean ;] 1174837514 M * matti Cool. 1174837563 M * tokkee I'm currently looking for some tele lenses as well... 1174837587 M * tokkee The 70-200mm f/2.8 is just somewhat too expensiv ;-) 1174837606 M * matti Yeah. 1174837611 M * matti 800 GBP or so in UK. 1174837632 M * matti That's why this is only my birthday wish ;p 1174837687 J * jolly user@pD955D414.dip.t-dialin.net 1174837690 M * matti Holy crap. 1174837702 M * matti 70-200 mm 1129GBP 1174837707 M * matti That's a lot ;] 1174837722 M * jolly Hi guys. I need help. I want to copy a vserver to another host. How do I do that? I'm getting tar-errors all the time 1174837723 M * tokkee Yap... if you want an image stabilizer it's around 2000 Euros... 1174837742 M * jolly thyx 1174837783 M * Bertl jolly: first, get rid of the colot stuff :) 1174837788 M * matti Hehe. 1174837789 M * Bertl *color 1174837800 M * matti Testing... 1174837802 M * matti ;D 1174837803 M * jolly what do you mean? 1174837808 M * Bertl jolly: then, make sure that you use --numeric-user and such 1174837824 M * jolly are you kidding? 1174837831 M * Bertl jolly: you are using (mirc?) color codes or such 1174837833 J * m`m`h ~simba@deb30.mgts.by 1174837838 M * jolly Trillian ;-) 1174837854 M * Bertl jolly: so get rid of them :) 1174837876 M * matti jolly: Your text colour is blue ;] 1174837879 M * jolly it says color: black 1174837893 M * Bertl that looks much better now :) 1174837897 M * matti Yep. 1174837899 M * matti ;] 1174837901 M * jolly thanks 1174837906 M * matti jolly: Thanks. 1174837908 M * jolly Ok now back to the problem ;-) 1174837912 M * matti LOL 1174837917 M * jolly the real one 1174837921 M * matti Blue again. 1174837921 M * jolly can you help me with that? 1174837924 M * jolly shit 1174837930 M * jolly shit 1174837931 M * jolly shit 1174837932 M * jolly LOL 1174837968 M * jolly damn Trillian. Can you help me with the moving problem? I want to move a vserver to another hostmachine. How would you do that? 1174837972 M * Bertl the easiest way to move a guest is with rsync 1174837995 M * Bertl something like: 1174838029 M * Bertl rsync -azxHP --numeric-ids /vservers/guest/ root@destination:/vservers/copy/ 1174838046 M * Bertl but you can also use dump/restore (if on ext2/3) 1174838047 M * jolly thanks! I'll try that 1174838064 M * Bertl or a tar (again with --numeric-users) 1174838212 M * jolly well, but than I get errors with dev/null etc. 1174838218 M * jolly well, but than I get errors with dev/null etc. 1174838224 M * jolly blue again.. sorry 1174838370 M * Bertl with rsync? 1174838444 M * jolly nono... with tar 1174838450 M * jolly I'm trying rsync for now 1174838451 M * jolly thanks 1174838451 P * jolly 1174839305 J * b0c1 ~boci@pool-2705.adsl.interware.hu 1174839745 Q * boci^ Ping timeout: 480 seconds 1174841352 M * Hollow Bertl: we still have a chance for a booth.. i will submit our application to their website.. 1174841634 M * tokkee Hollow: Nice :-) 1174842111 Q * dna Read error: Connection reset by peer 1174842186 Q * wenchien Ping timeout: 480 seconds 1174842227 J * pmenier ~pmenier@ACaen-152-1-74-223.w83-115.abo.wanadoo.fr 1174842329 M * pmenier hi all 1174842352 M * daniel_hozac hello 1174842433 M * pmenier Bertl : foi just wanted to inform Bertl and C° about my last problems paste.linux-vserver.org/1275 and 1329 that it's ok now 1174842466 M * daniel_hozac with 2.2.0-rc20? 1174842467 Q * pmenier 1174842549 J * pmenier ~pmenier@ACaen-152-1-74-223.w83-115.abo.wanadoo.fr 1174842552 M * pmenier RE 1174842577 M * pmenier about paste.linux-vserver.org/1275 and 1329 : it's ok now 1174842588 M * daniel_hozac why? with what version? what was wrong? 1174842592 M * pmenier it was just a defective ram 1174842598 M * pmenier sorry for the noise.... 1174842615 M * Bertl hmm, actually I doubt that :) 1174842620 M * daniel_hozac yeah, me too. 1174842641 M * Bertl pmenier: we have seen that on too many systems recently 1174842653 M * pmenier i've tried 2.6.20.3 and this morning 2 1174842684 M * pmenier irun 2.6.20.4 since this morning and for the moment it's ok... 1174842691 M * Bertl pmenier: but we _think_ we might have removed it with rc20 1174842713 M * daniel_hozac pmenier: so you were able to reproduce it consistently before? 1174842725 M * pmenier no not really 1174842750 M * pmenier i try the same patch and same kernel on another machine and never got any problem 1174842862 M * daniel_hozac this issue doesn't seem to be very reproducible. do you have the same guests on the other system? 1174842902 M * pmenier no on the other systeme it's an AMD 1174842938 M * pmenier oops, the guest is nearly the same on the amd 1174843064 M * pmenier i change my term. i see nothing with this one.. 1174843066 Q * pmenier Quit: leaving 1174843091 J * pmenier ~pmenier@ACaen-152-1-74-223.w83-115.abo.wanadoo.fr 1174843403 M * pmenier ok you're right : it just come to hang :( 1174843422 M * pmenier always the same message about tty_dev_num 1174843487 M * Bertl okay, what version? 1174843501 M * Bertl (kernel and patch) 1174843529 M * pmenier kernel 2.6.20.4 patch vs2.2.0-rc20 1174843538 M * Bertl that is bad 1174843562 M * Bertl please upload the trace for us 1174843590 M * pmenier ok just a minute , i reboot hard 1174843610 M * doener Bertl: hm, seems that Andrew is getting even more tired of containers/vservers/foo... I still remember him saying that he doesn't _want_ to care about it back at LinuxTag last year 1174843629 M * Bertl doener: well, no really my problem ... 1174843633 M * Bertl *not 1174843807 M * pmenier it's on paste../1356 1174843869 M * Bertl pmenier: do you have your kernel build tree? 1174843879 M * pmenier yes 1174843918 M * Bertl pmenier: okay, could you do 'make 1174843922 M * Bertl fs/proc/array.s 1174843926 M * Bertl *grr* 1174843929 M * Bertl make fs/proc/array.s 1174843935 M * Bertl and upload that somewhere? 1174843945 M * pmenier ok i go 1174844013 M * Bertl pmenier: how long did it take until it happened, and what was the last thing you did? the vserver-stat? 1174844026 M * pmenier it tels me : nothing to do for fs/proc/array.c 1174844036 M * Bertl .s not .c 1174844050 M * pmenier i haven't this file 1174844069 M * doener it will be generated 1174844079 M * pmenier i was not doing something special when it hangs. i just do a : ps ax on the master 1174844081 M * doener you want to "make" that file ;) 1174844118 M * pmenier oki understand 1174844180 M * pmenier paste/1357 1174844210 M * Bertl nice, but we actually want the file fs/proc/array.s :) 1174844224 M * Bertl (i.e. we want to look at it :) 1174844227 M * pmenier pffuu i must be tired today :-) 1174844231 M * pmenier ok it comes 1174844250 M * Bertl to save you further trouble, it's probably too large for the pastebin 1174844297 M * pmenier http://www.pmenier.net/pb/array.s 1174844313 M * Bertl tx 1174844362 M * Bertl interesting .. here it as actually a call ... 1174844375 M * Bertl sec, we probably need another file ... 1174844453 M * daniel_hozac 2.6.20 has it as a separate function. 1174844461 M * daniel_hozac in drivers/char/tty_io.c 1174844468 M * Bertl ah, tx, so that would be: 1174844477 M * Bertl make drivers/char/tty_io.s 1174844489 M * pmenier ok i go 1174844562 M * pmenier pmenier.net/pb/tty_io.s 1174844574 M * Bertl tx 1174844636 M * daniel_hozac has to be the movl 108(%ecx), %edx, right? 1174844648 M * Bertl yep, %ecx is already wrong 1174844670 M * Bertl again the driver vanished and was replaced by some dirt 1174844706 M * Bertl I think there might be a chance to work around that, but that is merely a bandain not a real fix of the issue 1174844720 Q * Johnnie Remote host closed the connection 1174844820 M * Bertl hmm, this looks interesting ... 1174844823 M * Bertl http://www.ussg.iu.edu/hypermail/linux/kernel/0403.1/0570.html 1174844925 M * daniel_hozac indeed. 1174844944 M * Bertl http://www.ussg.iu.edu/hypermail/linux/kernel/0403.3/1279.html 1174845002 M * Bertl but in our case tty is not zero, and neither is driver 1174845053 M * doener hm, I was looking into that direction, but gave up, when there were about 600(?) calls to close() functions... 1174845080 M * doener (coming from pty_close which is called "close" in pty_operations or sth. like that) 1174845147 M * Bertl Some place doesn't take the any lock for ->tty. I think we need to 1174845148 M * Bertl take the lock for ->tty. 1174845160 M * Bertl -- OGAWA Hirofumi 1174845201 Q * bronson Read error: Operation timed out 1174845246 M * Bertl last time I checked, the mutex was used in all but one place 1174845262 M * Bertl which explicitely asks if it shouldn't take that mutex 1174845294 M * doener somewhere in tty_io.c IIRC, seen that too 1174845368 M * Bertl I think we should try to poison the tty struct on disposal 1174845393 M * Bertl pmenier: that machine is in production? 1174845409 M * doener yup, in tty_io.c it takes the task_lock when setting signal->tty to NULL 1174845449 M * Bertl yeah, but signal->tty is != NULL 1174845450 M * pmenier yes... but it's for my personal use 1174845458 M * doener yup 1174845465 M * Bertl pmenier: I have a favor to ask from you then ... 1174845472 M * pmenier ok 1174845477 M * Bertl pmenier: assumed that you want to hunt that down ASAP 1174845496 M * pmenier yes 1174845525 M * Bertl pmenier: I'll provide a little debug/info patch, and you try to do funny things to trigger it 1174845546 M * pmenier ok 1174845549 M * doener Bertl: hm... do_each_task_pid... what does the vx_check mean there? 1174845564 M * Bertl pmenier: IMHO good candidates are pidof, vserver-stat and screen/ssh logins 1174845601 M * pmenier all is installed 1174845619 M * Bertl doener: that is will only be executed for matching xid tasks 1174845634 M * Bertl doener: you think we are not clearing ttys proeprly? 1174845648 M * pmenier but to-morrow i'll be at work. I've a remote access but if the machine hangs.... 1174845681 M * Bertl pmenier: well, let's try to get as much data as possible today then? 1174845695 M * pmenier yes 1174845722 M * doener Bertl: not sure, thus I'm asking... Maybe vlogin is "helping" to trigger it. 1174845745 M * doener if the pty is closed from the "wrong side", maybe we never clear the tty? 1174845746 M * Bertl doener: yes, IMHO we should have some do_each_task_pid_real() or something too 1174845766 M * Bertl doener: or alternatively add the vx_check() explicitely 1174845793 M * doener basically in the case of disassociate_ctty, we shouldn't care about the xid at all, the tty _is_ gone for all processes 1174845796 M * Bertl pmenier: start doing funny things right now, I'll prepare the patch in the meantime 1174845816 M * pmenier ok ok 1174845821 M * Bertl doener: yes, sounds fine ... 1174845828 M * Bertl pmenier: and thanks a lot for your help! 1174845848 M * pmenier it's YOUR help which is appreciated :-) 1174845863 J * gabro ~mggabro@catv-566538d1.catv.broadband.hu 1174845873 M * gabro hi all 1174845878 M * Bertl welcome gabro! 1174845891 M * Bertl daniel_hozac, doener: my suggestion for the do_each_task_pid() 1174845942 M * Bertl as it is used almost exclusively in tty_io, I'd suggest to rever that change and have the vx_check() explicitely in ioprio() 1174845954 M * Bertl and capability if appropriate 1174845981 M * Bertl can one of you prepare a patch for that while I do the poisoning stuff? 1174846020 M * Bertl (or if preferred, have two versions of the macro) 1174846025 M * doener sounds good. If we get more users that need the vx_check, maybe add vx_do_each_task_pid, which is just do_each_task_pid + vx_check? 1174846044 M * doener heh :) "2 Dumme 1 Gedanke" :) 1174846049 M * Bertl doener: yep, is fine with me 1174846107 M * doener patch against .20 -rc20? 1174846129 M * Bertl preferable both 19 and 20, but we can do that later 1174846144 M * Bertl 2.6.19 and 2.6.20 that is :) 1174846259 Q * gabro 1174846283 Q * yarihm Quit: Leaving 1174846780 M * doener Bertl: can process groups cross context boundaries? 1174846829 M * Bertl I think yes, not sure though 1174846922 J * Johnnie ~jdlewis@jdlewis.org 1174847992 M * Bertl pmenier: okay, here is the poisoning stuff: http://vserver.13thfloor.at/Experimental/delta-tty-poison.diff 1174848018 M * Bertl doener: how's going? 1174848127 M * pmenier i apply it in the same way than the patch ? 1174848155 M * Bertl yep, depending on doener's status, either test with just that or add his one too 1174848210 M * pmenier so i do a "make claen", apply the delta-patch and recompile right ? 1174848220 M * Bertl no need for a 'make clean' 1174848239 M * Bertl just do 'patch -p1 --dry-run <../delta-tty-poison.diff 1174848245 M * Bertl to see if the patch would apply cleanly 1174848255 M * Bertl then, if it does, remove the --dry-run 1174848284 M * Bertl after that, make and make modules_install, then install the kernel 1174848392 M * pmenier ok it's gone. I will have to leave during 1 hour if i don't want my wife to be angry :-) 1174848411 M * pmenier so i compile install and come back at 22h00 ok ? 1174848420 J * Asmodeo_ ~chatzilla@151.66.3.241 1174848422 M * Bertl np, just bash on it every now and then 1174848431 M * Bertl wb Asmodeo_! 1174848565 M * pmenier ok it's done. I will reboot now 1174848588 M * pmenier i see wome warns during make : drivers/char/tty_io.c:3801: attention : comparaison entre un pointeur et un entier 1174848607 M * Bertl hmm, sec 1174848634 M * Bertl okay, should be fine 1174848725 Q * Asmodeo Ping timeout: 480 seconds 1174848732 N * Asmodeo_ Asmodeo 1174848967 M * pmenier the host is up and the vservers are started 1174848980 M * Bertl excellent, tx 1174849152 Q * q\ Quit: BRB 1174849264 M * pmenier i must leave for 1 hour now. I come back soon... 1174849502 M * doener had to get some food first. my body had switched into low power mode. 1174849630 M * Bertl np 1174849799 M * doener test compiling now 1174850084 J * franzel ~knoppix@p5087ec2e.dip.t-dialin.net 1174850095 M * Bertl welcome franzel! 1174850100 M * franzel hi 1174850127 M * franzel help listen 1174850142 M * doener http://people.linux-vserver.org/~doener/do_each_task_pid.diff 1174850195 M * tokkee Somebody told me that Xen (+ hardware virtualization) does not introduce a lot more overhead than vserver does. 1174850203 M * tokkee Are there any good benchmarks? 1174850214 M * Bertl tokkee: must have been a Xen advertizement guy :) 1174850244 M * Bertl http://oldwiki.linux-vserver.org/Documentation 1174850246 M * tokkee Bertl: Well... it was a Xen user during a Xen talk... 1174850275 M * Bertl Papers/Comparison (Princeton) 1174850315 M * Bertl tokkee: there is not really more overhead in xen if you are computing large prime numbers for example 1174850334 M * tokkee Bertl: Thx... I'll have a look at it. 1174850335 M * Bertl tokkee: i.e. in cases where you are 100% cpu bound and do not have to switch tasks 1174850346 J * bronson ~bronson@adsl-76-202-197-80.dsl.pltn13.sbcglobal.net 1174850361 M * tokkee Bertl: Sounds pretty intuitive... 1174850385 M * Bertl the problem starts when you either want many guests 1174850401 M * Bertl (Xen always needs the full kernel and doesn't allow for any sharing) 1174850414 M * Bertl or when you have a lot of task/system switches 1174850429 M * Bertl (or anything related to I/O) 1174850431 Q * franzel Quit: *tiered* sy... 1174850465 M * tokkee Afaik paging is quite expensive using hardware virtualization stuff... 1174850537 M * Bertl tokkee: this might also be interesting: http://lkml.org/lkml/2007/3/23/268 1174850682 M * tokkee Bertl: Sounds interesting - thx. 1174850816 M * tokkee Is there any work going on regarding live migration of guests? 1174850949 M * Bertl mainline is very much interested in this 1174850973 M * Bertl and not only the IBM folks are pushing this too .. so I guess that will come sooner or later 1174850999 M * Bertl personally I do not consider it really useful (granted it is a nice an funky feature) 1174851038 M * tokkee Well... it's a quite useful feature in high availability systems. 1174851047 M * Bertl for what? 1174851151 M * tokkee E.g. to avoid downtimes when moving systems to different hardware. 1174851156 J * dna ~naucki@p54bccdeb.dip.t-dialin.net 1174851173 M * Bertl tokkee: you can do that with Xen and a single Linux-VServer domU 1174851188 M * tokkee Bertl: Thats a good point. 1174851454 M * Bertl doener: looks good, tx 1174851466 M * Bertl daniel_hozac: what's your opinion? 1174851592 J * daveh dghill@office.mel.illuminate.com.au 1174851592 Q * dghill Read error: Connection reset by peer 1174851610 M * tokkee Is there still any active work to get VServer in the Vanilla kernel? 1174851630 M * daniel_hozac Bertl: yeah, looks fine. 1174851684 M * Bertl tokkee: yes and no ... yes, virtualization is going mainline (finally), no, I doubt that Linux-VServer will be the result ... 1174851725 M * tokkee Bertl: Too bad :-( What do you think is going to go in instead? 1174851754 M * Bertl tokkee: a basic framework and a mixture of all existing approaches plus a few new ideas 1174851826 M * tokkee Bertl: Well... if the best of all existing approaches is used this sounds like a good idea ;-) 1174851857 M * Bertl we think so too 1174851881 J * Aiken ~james@ppp250-73.lns2.bne4.internode.on.net 1174851895 M * Bertl welcome daveh! morning Aiken! 1174851909 M * Aiken I surpose you could say it is morning 1174851912 M * Aiken hi 1174852185 J * mire ~mire@7-167-222-85.adsl.verat.net 1174852897 J * mikeyy ~mikeyyy@nv-71-50-92-55.dhcp.embarqhsd.net 1174852996 M * Bertl wb mire! welcome mikeyy! 1174853330 J * DoberMann_ ~james@AToulouse-156-1-18-115.w86-196.abo.wanadoo.fr 1174853438 Q * DoberMann Ping timeout: 480 seconds 1174853476 M * pmenier back...and alive 1174853555 M * Bertl good, but we still want to crash it :) 1174853575 M * pmenier no no thanks :-) 1174853614 M * Bertl yes yes please! :) 1174853665 M * pmenier i nedd to sleep.. work tomorrow :-) 1174853678 Q * Johnnie Remote host closed the connection 1174853733 M * Bertl pmenier: okay, you might want to upgrade to rc21 though 1174853765 M * pmenier why not ? IT's ready i'm sure 1174853854 M * mikeyy thanks 1174854195 M * Aiken Bertl is there a 2.2.0-rc21 somewhere? 1174854348 M * Bertl Aiken: yes, now there is :) 1174854388 M * Wonka .oO( when will there be a 2.2.0? ) 1174854389 M * Aiken 9 minutes after I download -rc20 :) 1174854737 M * pmenier bertl : ok it's gone 1174854796 Q * Asmodeo Quit: Chatzilla 0.9.77 [Firefox 2.0.0.2/2007032112] 1174855035 Q * bonbons Quit: Leaving 1174855036 P * mikeyy 1174855229 Q * shedi Quit: Leaving 1174855279 M * jkl Bertl: ping? 1174855287 M * Bertl jkl: pong! 1174855305 M * jkl Bertl: how is it going today? 1174855391 M * jkl Bertl: I'm having a peculiar problem today 1174855406 M * jkl (to me at least!) 1174855426 M * Bertl fine, thanks! let's hear ... 1174855444 Q * dna Quit: Verlassend 1174855466 M * jkl my host and my vserver are setup on two separate networks 1174855477 M * jkl say 1.2.0.0 and 3.4.0.0 1174855502 M * jkl the host has a default gw 1.2.0.1 1174855536 M * jkl the problem is traffic seems to be going out the wrong interfaces/routes 1174855551 M * jkl switching the order in which the vserver loads the interface reverses the problem 1174855587 M * jkl you may need to see specific 'ip route show' and ifconfig outputs 1174855589 M * jkl ? 1174855635 M * daniel_hozac probably, but it sounds like you just need some policy routing. 1174855711 M * jkl daniel_hozac: ah, ok. I would have thought that the regular routing table on the host would have taken care of this ok 1174855818 M * daniel_hozac you can't have multiple default routes based on source address without policy routing. 1174855881 M * jkl well, I have a route: 3.4.0.0/16 dev eth1 scope link 1174855896 M * jkl but vservers with a 3.4.x.x don't seem to use that 1174855928 M * daniel_hozac is the destination 3.4.0.0/16? 1174855933 M * jkl yep 1174855967 M * daniel_hozac that should work fine then. 1174855977 M * jkl doing an 'ip route get 3.4.0.1' within the vserver is fine, but when I look at tcpdump on the host 1174855985 M * jkl it goes out the other interface 1174856036 M * daniel_hozac so i guess we'll need the ip route output then. 1174856064 M * jkl ok, hold on a sec 1174856342 J * pmenier_ ~pmenier@ACaen-152-1-55-172.w83-115.abo.wanadoo.fr 1174856564 M * jkl http://paste.linux-vserver.org/1358 1174856648 M * pmenier_ bertl: ping ? 1174856750 Q * pmenier Ping timeout: 480 seconds 1174856770 Q * pmenier_ Quit: Lost terminal 1174856817 J * pmenier ~pmenier@ACaen-152-1-55-172.w83-115.abo.wanadoo.fr 1174857092 M * doener jkl: hm, that's not the wrong route, just the wrong source address 1174857104 M * jkl yeah, exactly. 1174857123 M * Bertl pmenier: pong! 1174857126 M * jkl I believe that is really screwing things up 1174857232 M * jkl does anyone have an idea why that is happening? 1174857328 M * pmenier host is up and running-2.6.20.4-vs2.2.0-rc21 1174857360 M * Bertl jkl: what's the probelm? 1174857391 M * jkl the source address on packets originating from a vserver are incorrect 1174857404 M * Bertl hmm, no, not necessary 1174857409 M * Bertl *necessarily 1174857423 M * jkl rather, something I did - has caused them to be incorrect! 1174857440 M * Bertl guest ip is what? 1174857477 M * Bertl (and could you upload an 'ip addr ls' output on the host too? 1174857478 M * jkl 1.2.207.204 and 3.4.100.222 1174857544 M * Bertl what is the default route for 1.2.207.204 and for 3.4.100.222 ? 1174857562 M * jkl http://paste.linux-vserver.org/1359 1174857568 M * Bertl and you are trying to reach one network from the other network's guest ip, yes? 1174857611 M * Bertl what does 'ip route ls' show? 1174857661 M * jkl ip route ls is in this paste: http://paste.linux-vserver.org/1358 1174857667 M * pmenier bertl: i leave now. Keep you informed tomorrow okay ? 1174857673 M * Bertl pmenier: okay, tx! 1174857681 Q * pmenier Quit: KVIrc 3.2.0 'Realia' 1174857731 M * Bertl jkl: hmm? would seem like you are missing a lot of routes then 1174857758 M * jkl i deleted a few to try and make this a bit less complicated 1174857764 M * Bertl jkl: are you sure that contains the 'ip route ls' output? 1174857770 M * jkl (ones that i had previously added ) 1174857782 M * jkl yeah, there are only two routes 1174857792 M * Bertl how did you manage to do that? 1174857799 M * jkl i know that seems crazy 1174857826 M * doener Bertl: a lot? I just see one IPv4 route missing (for 1.2.207.0/24 on eth0) 1174857827 M * jkl Bertl: manage to delete the routes? 1174857831 M * Bertl well, if you add the missing network routes, including the local ones :) you should be fine if you use 'src 1174857882 M * Bertl doener: ah, right, local routes have their own table 1174857896 M * Bertl jkl: let's try the following 1174857905 M * jkl ok 1174857913 M * Bertl ip route add 1.2.207.0/24 dev eth0 src 1.2.207.204 1174857950 M * jkl 1.2.207.204 is a vserver IP 1174857955 M * jkl is that correct? 1174857970 M * Bertl okay, make that 211 then 1174857984 M * jkl got it. 1174858048 M * Bertl and do you have reverse path filtering enabled? 1174858069 M * jkl hmmm,,, /proc/net/ ... 1174858080 M * Bertl sysctl -a | grep rp_filter 1174858117 M * jkl it's off 1174858120 M * blizz is there a significant difference between a util-vserver build which is not linked to dietlibc and one that is? 1174858120 M * Bertl sysctl -a | fgrep .rp_filter (better) 1174858138 M * Bertl blizz: yes, the latter one is supposed to work 1174858154 M * blizz it doesnt work at all without dietlibc? 1174858165 M * Bertl not very well, for different reasons 1174858188 M * Bertl blizz: one being that dynamic glibc stuff will be mixed between host and guest 1174858218 M * blizz hmm, i'm justing having issues with compiling dietlibc 0.30 with gcc 4.1.2 (stack protector related, i guess.) 1174858228 M * Bertl jkl: turn it on for eth0 and eth1 1174858232 M * Bertl blizz: ubuntu? 1174858239 M * blizz crux linux 2.3 1174858243 M * blizz didnt try it on ubuntu yet 1174858253 M * Bertl ah, new one ... gcc3.3 works on ubuntu 1174858275 M * Bertl but a gcc 4.x with a working switch to disable the protector stuff should work too 1174858288 M * Bertl (the one ubuntu uses is broken) 1174858306 M * blizz yeah, i thought -fno-stack-protector should work 1174858309 M * doener Bertl: hm, source address selection looks funny to me... we let the usual selection kick in (select address from route or first matching) and then, if the vserver doesn't have that address, we fall back to the first assigned address 1174858310 M * blizz a broken switch? wtf :) 1174858320 M * Bertl blizz: best contact daniel_hozac, he should have the magic incantations at hand 1174858336 M * daniel_hozac i can never remember which it is that makes it work. 1174858347 M * doener doesn't that basically break the whole thing if the address we happen to get as source is not in the vserver? 1174858353 M * daniel_hozac IIRC you need to edit dietfeatures.h too. 1174858357 M * Bertl doener: which IMHO isn't that bad, no? 1174858386 M * jkl Bertl: ok they're on 1174858393 M * Bertl doener: i.e. we don't want a guest to use arbitrary ips? 1174858406 M * jkl hmm, the source is still wrong 1174858417 M * Bertl jkl: that is okay 1174858420 M * blizz daniel_hozac, talking about WANT_SSP in dietfeatures.h? 1174858426 M * doener Bertl: sure, but it isn't ideal either. Couldn't we fix up inet_select_addr to return the first _available_ address? 1174858427 M * daniel_hozac blizz: i think so. 1174858439 M * Bertl jkl: you want to do SNAT on packets going out on the eth0 now for that ip 1174858459 M * daniel_hozac doener: what if there is none? 1174858463 M * Bertl doener: probably, patch? :) 1174858490 M * Bertl daniel_hozac: we could still fall back to the primary then 1174858492 M * doener daniel_hozac: there's a fallback for that case in ip_find_src already 1174858543 M * jkl Bertl: ?? really? why does it need to be snat'd ? it is a public address 1174858581 M * daniel_hozac jkl: so what's the problem then? 1174858595 M * Bertl you have to decide 1174858612 M * Bertl jkl: either you _want_ that public ip to be seen on that interface or not :) 1174858643 M * Bertl if the former is true, adjust your firewall 1174858650 M * Bertl if the latter is true, you have to NAT it 1174858680 M * jkl yeah i may not be explaining this perfectly and I apologize 1174858706 M * jkl i think I may need policy routing 1174858798 M * jkl so the former is true 1174858803 M * jkl and I'll adjust the firewall. 1174858825 M * jkl but the exception i'm going to add doesn't make logical sense 1174858836 M * jkl a packet is going out on the right interface 1174858838 M * doener how would policy routing help there? 1174858840 M * jkl but with the wrong ip address 1174858851 M * jkl (source address) 1174858861 M * doener only the destination is known and that can be used from everywhere 1174858875 M * doener so it can't affect the source selection in the requested way 1174858926 M * Bertl jkl: why do you think the ip is wrong? 1174858952 M * Bertl jkl: what if the Guest was running in an UML with that ip 1174858972 M * Bertl jkl: and the packet would be forwared to that interface 1174858984 M * Bertl jkl: what ip would you expect to see as source? 1174859002 M * jkl if I am going to 1.2.3.4, and I have two interfaces to get there from (1.2.3.5 and 5.3.2.1) it should go out over 1.2.3.5 - but it's going out over the other one 1174859047 M * jkl Bertl: i would expect to see the source of the host? 1174859133 M * blizz daniel_hozac, hooray, disabling that flag worked. 1174859143 M * doener hm, what's ifa_local? 1174859150 J * Mark17 ~scholten@217.120.225.16 1174859156 M * Bertl welcome Mark17! 1174859159 M * Mark17 hello 1174859172 M * blizz funny thing, noone using crux 2.3 is able build it (just asked in the channel). someone didnt test :) 1174859177 M * Mark17 is there a way i can increase the maximum number off ips for a single vps? 1174859192 M * Bertl Mark17: above 16? 1174859195 M * Mark17 it is now 16 and i need to be able to give a vps more ips 1174859197 M * Mark17 yes 1174859209 M * Bertl yes, there is a patch, but it isn't really advised 1174859211 M * Mark17 i need it for https 1174859217 M * jkl Bertl: is there something I can read to try and understand this better? 1174859239 M * Bertl derjohn: ping? 1174859254 M * Mark17 Bertl: why isn't it advised? 1174859260 M * daniel_hozac jkl: you want the guest to use the host's IP address(es)? 1174859269 M * daniel_hozac Mark17: because it degrades performance. 1174859282 M * jkl daniel_hozac: no. I'd like the guest to have it's own addresses 1174859314 M * Bertl jkl: ah, now I understand, you have two ips for that guest, right? 1174859319 M * jkl yes 1174859326 M * jkl one is private 1174859327 M * jkl one is public 1174859333 M * Bertl okay, I didn't get that part until now 1174859338 M * daniel_hozac me neither. 1174859340 M * jkl oh, ok sorry :) 1174859358 M * Mark17 Bertl: how can i change it (where can i find the patch?)? 1174859371 M * Bertl jkl, daniel_hozac: now I see why doner suggest the modification ... 1174859398 M * daniel_hozac Bertl: indeed. makes so much more sense now :) 1174859405 M * Bertl but actually, the current setup should take care of that too 1174859411 M * daniel_hozac Mark17: include/linux/vserver/network.h:NB_IPV4ROOT. 1174859418 M * Bertl as there should be a source route 1174859435 M * Bertl Mark17: IIRC, derjohn has patches somewhere 1174859436 Q * derjohn Read error: Connection reset by peer 1174859466 J * derjohn ~derjohn@80.69.41.3 1174859467 M * jkl so perhaps I just need to add the correct source routes on the host 1174859524 M * Bertl no, actually the rp_filter should take care of that 1174859535 M * Bertl jkl: maybe flush the routing cache and try again? 1174859536 M * jkl ok, so I'll leave that on. 1174859541 M * doener Bertl, jkl: hm, actually the suggested modification won't work either, as jkl is using a /32 address. That will never match the target address' network 1174859566 M * Bertl jkl: ah, so don't use /32 use the proper network :) 1174859584 M * daniel_hozac doener: ifa_local is the local address. 1174859587 M * Mark17 daniel_hozac: where can i download that file? 1174859595 M * daniel_hozac Mark17: it's in the kernel. 1174859602 M * jkl Bertl: ok, i'll change the masks and restart the verver 1174859624 M * doener Bertl: won't work either AFAICT. Because that would be a secondary address and thus never be selected. But in that case, the patch I'm working on should help. 1174859727 M * Mark17 is it possible to reload linux vserver after i've changed that setting? 1174859750 M * Bertl Mark17: you have to recompile the modified kernel and install it 1174859751 M * daniel_hozac Mark17: rebuild the kernel and reboot. 1174859765 M * Mark17 :( 1174859779 M * Mark17 that is not a really great option 1174859801 M * daniel_hozac which is why you're not really advised to change it :) 1174859806 M * lylix have to patch util-vserver as well, iirc 1174859816 M * daniel_hozac lylix: shouldn't be necessary as of 0.30.212. 1174859821 M * Mark17 so there isn't an option in a config file? 1174859829 M * Mark17 without recompiling 1174859831 M * daniel_hozac Mark17: no. 1174859924 M * doener daniel_hozac: "local" opposed to what? i.e. what's the difference to ifa_address? 1174859933 M * blizz is there a way to tell the util-vserver configure script that dietlibc resides in /usr/dietlibc? maybe --with-dietlibc=/usr/dietlibc? 1174859935 M * jkl doener: what does your patch provide? 1174859947 M * daniel_hozac doener: ip addr add a.b.c.d/32 dev ethX peer a.b.c.e 1174859961 M * daniel_hozac blizz: DIET=/usr/dietlibc/bin/diet ./configure... 1174859969 M * daniel_hozac doener: the peer is the ifa_address. 1174859984 M * blizz daniel_hozac, nice, thanks! 1174859984 M * doener jkl: enhanced source address selection that will also consider secondary addresses 1174860025 M * jkl doener: that would explain the problem i'm having then - the primary address gets selected, right? 1174860065 M * doener jkl: in the /32 case, the problem is that there's obviously no other address in that network, so it can't be select as a source address 1174860099 M * doener but for the /24 case, yeah, the vserver has a secondary address and that's never the selected 1174860112 M * jkl hmm, well i changed the netmasks 1174860126 M * jkl it seems that I might be in a bit better shape now 1174860150 M * Bertl doener: sure about that? 1174860184 M * doener Bertl: at least for inet_select_addr, as it loops using for_primary_ifa 1174860196 M * Bertl okay, good argument 1174860238 M * Bertl Mark17: this limitation will fall in future versions 1174860260 M * Bertl Mark17: what about breaking down the sites in several guests? 1174860261 M * Mark17 that would be nice 1174860280 M * Bertl Mark17: or do you have one site with 16+ https ips? 1174860306 M * Mark17 Bertl: besides the ssl part i would also use it for bouncers (besides that it is 1 site with many subdomains with https) 1174860323 M * Mark17 that site has around 60 subdomains with https 1174860333 M * Mark17 besides 200 subdomains without https 1174860344 M * Bertl not too shabby, a recompile may pay off then indeed 1174860370 M * Wonka 60 domains on one IP? needs to be a quite big certificate file then :) 1174860392 M * Mark17 Wonka: every https site comes with it's own ip 1174860406 M * Mark17 so it isn't really big 1174860414 A * Wonka has several Subject 1174860419 A * Wonka has several SubjectAltNames 1174860426 M * Wonka and too big fingers 1174860439 M * blizz lol 1174860498 M * Wonka cert signed by CAcert.org... 1174860520 M * doener Bertl: even if not, primary addresses comes first in the address list, and for a matching secondary address, there must be a primary one, too. So the secondaries wouldn't be touched _if_ there is a match anyway. The for_primary_ifa is just an optimization for the non-matching case 1174860538 M * doener s/if/even if/ 1174860558 M * Bertl doener: agreed 1174860621 M * blizz is cacert going to be included in mainstream browsers some day? 1174860827 M * Bertl http://wiki.cacert.org/wiki/InclusionStatus 1174860852 M * jkl Bertl, doener, daniel_hozac: after making the netmask changes things have improved dramatically. 1174860866 M * jkl everything that was broken before is working acceptably now 1174860955 M * doener Bertl: *lol* I just found the code that already does what I suggested 1174860957 J * Johnnie ~jdlewis@216.98.130.76 1174861000 M * doener it's just not using the same functions as the rest of the kernel uses for that task (due to not using ifas, but nx_info) 1174861001 M * jkl doener: so the patch you're working on already exists? 1174861009 M * doener jkl: yeah, I just didn't see it 1174861018 M * jkl hehe, well that's good news for me =) 1174861046 M * Bertl jkl: we traveled back in time and added it .. so it's already there now ... see what we do for you :) 1174861067 M * Wonka blizz: cacert is in some debian package since some days 1174861070 M * jkl absolutely amazing 1174861203 Q * Johnnie Remote host closed the connection 1174861323 J * Johnnie ~jdlewis@216.98.130.76 1174861420 Q * meandtheshel1 Quit: Leaving. 1174861453 Q * doener Read error: Connection reset by peer 1174861463 J * doener ~doener@host.magicwars.de 1174861616 M * Bertl okay, quite tired today ... so I'm off to bed now ... have a good one everyone! 1174861627 N * Bertl Bertl_zZ 1174861634 M * jkl Bertl_zZ: goodnight, thanks for the help! 1174862863 N * DoberMann_ DoberMann[ZZZzzz] 1174862913 J * besonen ~besonen@209-180-234-92.eugn.qwest.net 1174862969 Q * besonen_ Read error: Connection reset by peer 1174863032 Q * Mark17 Remote host closed the connection 1174865150 Q * b0c1 Ping timeout: 480 seconds 1174865660 J * CreamCracker ~kurumin@89-180-71-253.net.novis.pt 1174865782 Q * CreamCracker Quit: Leaving