1178330633 Q * doener Read error: Operation timed out
1178332148 Q * bzed Quit: Leaving
1178332512 N * DoberMann_ DoberMann[ZZZzzz]
1178332546 Q * ensc Ping timeout: 480 seconds
1178332895 J * DoberMann_ ~james@AToulouse-156-1-22-220.w86-196.abo.wanadoo.fr
1178333004 Q * DoberMann[ZZZzzz] Ping timeout: 480 seconds
1178333435 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1178333635 J * ensc ~irc-ensc@p54b4e6c4.dip.t-dialin.net
1178334819 Q * borgfish Read error: Connection reset by peer
1178341250 J * tudenbart ~willi@xdsl-213-196-252-31.netcologne.de
1178341503 Q * dothebart Read error: Connection reset by peer
1178343466 Q * fatgoose Quit: fatgoose
1178344452 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178344543 Q * fatgoose 
1178344670 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178345068 Q * fatgoose Quit: fatgoose
1178345396 Q * transacid Ping timeout: 480 seconds
1178345659 J * dna ~naucki@212-204-dsl.kielnet.net
1178348466 Q * FireEgl Ping timeout: 480 seconds
1178348795 J * phreak`` ~phreak``@deimos.barfoo.org
1178354748 J * bonbons ~bonbons@ppp-111-190.adsl.restena.lu
1178356153 Q * toidinamai_ Ping timeout: 480 seconds
1178358584 J * meandtheshell ~markus@85-124-233-226.work.xdsl-line.inode.at
1178359445 Q * DavidS Quit: Leaving.
1178359511 J * bzed ~bzed@dslb-084-059-098-177.pools.arcor-ip.net
1178361072 Q * dna Quit: Verlassend
1178362153 Q * meandtheshell Quit: Leaving.
1178362344 J * meandtheshell ~markus@85-125-192-200.dynamic.xdsl-line.inode.at
1178362428 N * DoberMann_ DoberMann
1178362848 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk
1178363550 J * FireEgl FireEgl@2001:5c0:84dc:0:8ce5:ceb2:16cd:6750
1178363872 Q * Guy- Ping timeout: 480 seconds
1178366784 Q * Aiken Quit: Leaving
1178367642 Q * gerrit Ping timeout: 480 seconds
1178368386 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1178369974 J * phedny_ ~mark@ip56538143.direct-adsl.nl
1178370053 Q * svenk Ping timeout: 480 seconds
1178370373 Q * phedny Ping timeout: 480 seconds
1178372981 N * Bertl_zZ Bertl
1178373003 M * Bertl morning folks!
1178373712 J * svenk ~sven@pulsar.digital.udk-berlin.de
1178373803 M * brcc_ good morning bertl!
1178373815 M * Bertl welcome svenk!
1178374398 Q * gerrit Ping timeout: 480 seconds
1178374471 J * Piet hiddenserv@tor.noreply.org
1178375498 J * gerrit ~gerrit@c-67-160-146-170.hsd1.or.comcast.net
1178378816 Q * duckx Remote host closed the connection
1178379515 J * duckx ~Duck@tox.dyndns.org
1178379817 Q * duckx Remote host closed the connection
1178379975 J * duckx ~Duck@tox.dyndns.org
1178380833 M * brcc_ Bertl, i have one box running 2.6.17.10-vs2.0.2-rc29
1178380844 M * brcc_ and another running 2.6.20.4-vs2.2.0-rc21
1178380868 M * brcc_ i cloned a vserver from the 2.6.17.10-vs2.0.2-rc29  to the 2.6.20.4-vs2.2.0-rc21
1178380891 M * brcc_ and the jave proccess uses all memory at 2.6.20.4-vs2.2.0-rc21 but not on 2.6.17.10-vs2.0.2-rc29
1178380930 M * brcc_ Is there any flag to be set that can make the new version behaves like the old one?
1178380989 Q * Koffa Remote host closed the connection
1178381295 M * Bertl brcc_: maybe the java checks the kernel version?
1178381318 M * Bertl brcc_: in which case you can probably simply 'fake' the version ...
1178381380 M * brcc_ I though that something was changed in memory management
1178381381 M * brcc_ hehe
1178381391 M * brcc_ Is it easy to fake the version?
1178381467 J * transacid ~transacid@transacid.de
1178381753 M * brcc_ Bertl, if you are not to busy , would  you mind looking at http://paste.uni.cc/15223
1178382190 Q * FireEgl Ping timeout: 480 seconds
1178382249 M * Bertl brcc_: well, are you sure that the RSS limit isn't too low for java?
1178382368 M * Bertl brcc_: try using twice the RSS size
1178382994 M * brcc_ hmm
1178383013 M * brcc_ but the rss limit was fine on 2.6.17.10-vs2.0.2-rc29
1178383024 M * brcc_ there are lot of vservers here running java
1178383037 M * Bertl the accounting changed between 2.0.2 and 2.2.x
1178383053 M * Bertl as you can see, there are other (new) limits for the memory 
1178383072 M * brcc_ that's what kills me :(
1178383080 M * Bertl basically RMAP is what RSS was
1178383090 M * Bertl now RSS = RMAP+ANON
1178383112 M * Bertl (which is more correct)
1178383176 M * Bertl so your previous setup used 12303+24431 (max)
1178383502 M * brcc_ got it
1178383531 M * brcc_ But the output of the free command relies just on the rss limit, right ?
1178383827 M * brcc_ Is there documentation about that ? I am reading http://linux-vserver.org/Memory_Limits and i dont find anything about ANOM and rmap
1178383981 M * Bertl probably because it wasn't updated yet
1178383987 M * Bertl (feel free to do so :)
1178384114 M * brcc_ i cant because i did not understand it yet :)
1178384115 M * brcc_ hehehe
1178384155 M * Bertl check the source, ask folks around here ... you'll understand
1178384170 M * Bertl btw, that is the most common excuse for _not_ updating wikis :)
1178384372 M * brcc_ first of all i need to get it working as it used to in the older versions
1178384377 M * brcc_ then i can update the wiki
1178384385 M * brcc_ But it is saturday
1178384390 M * brcc_ i plan to do it on monday 
1178384391 M * brcc_ :)
1178384618 M * brcc_ i was planning on working on the iptables stuff which is almost finished
1178384631 M * brcc_ so much stuff stuff i am getting crazy
1178384744 M * newz2000 man, I'm getting myself in trouble... I can see this being a big headache later on...
1178384759 M * newz2000 I have four hosts, each with numerous guests...
1178384782 M * newz2000 there are three of us who will sysadmin these. I'm having to create the user accounts for us three on all the guests and the hosts.
1178384791 M * sid3windr ldap++
1178384793 M * newz2000 There must be an easy way to do this...  
1178384835 M * sid3windr ldap, pam_mysql, nis, copying of /etc/shadow&password.. :p
1178384887 M * Bertl newz2000: why the guests?
1178384909 M * newz2000 Bertl: so that you can just log directly into the host you want to manage
1178384923 M * Bertl from the geust?
1178384941 M * newz2000 sorry, mixed up my terms... so you can log directly into the guest you want to manage
1178384972 M * Bertl why not use a key/rsa/dsa from the host to the guest?
1178384989 M * Bertl (no account required, just logon as root?)
1178384995 M * sid3windr vserver enter ;)
1178384997 M * newz2000 oh, I see.
1178385012 M * newz2000 yeah, the vserver enter idea would work, its just an extra step
1178385016 M * newz2000 let me ponder for a minute
1178385064 M * newz2000 I've just kind of trained myself off of using root, which is why I was starting to create the user accounts.
1178385080 M * newz2000 It just opens up so many opportunities for errors, and you can't go back and see who did what
1178385215 M * Bertl well, you can do the same with 3 separate accounts
1178385251 M * newz2000 Bertl: I've not heard of this, how do you do that?
1178385285 M * Bertl just create 3 accounts in a guest, and put the appropriate public keys from your three host accounts into them
1178385299 M * Bertl then use that guest as template for further guest creation
1178385427 M * newz2000 Yeah, that's a good idea, however I'm still a bit concerned with long-term management tasks.
1178385473 M * newz2000 Here's a catch, if I use something like ldap or link /etc/shadow/password, can some of the hosts have additional user accounts without them being on all the hosts?
1178385496 M * daniel_hozac sure, just put those users in /etc/passwd/shadow.
1178385525 M * daniel_hozac (if you use LDAP or NIS or similar)
1178385546 M * Bertl newz2000: what kind of long term management do you ahve in mind?
1178385582 M * newz2000 Bertl: changing passwords, ssh keys, adding another admin or removing one
1178385598 M * Bertl changing passwords is no problem
1178385623 M * Bertl changing the ssh keys shouldn't be a problem either, but why would you do that?
1178385654 M * newz2000 I don't know, the only thing I can think of is if someone's laptop gets stolen or something along those lines
1178385675 M * newz2000 that's not too likely so isn't that high of a priority
1178385689 M * Bertl laptop? you are hosting the guests on laptops?
1178385708 M * newz2000 no, but if they're laptop gets stollen, their private key is compromised and we need to replace it
1178385721 M * Bertl but not the private key from the host :)
1178385739 M * Bertl which is the one matching the public key in the guests :)
1178385742 M * newz2000 yeah, I was meaning if user x needs to change their ssh key on 20 hosts it could be a pain
1178385759 M * newz2000 but that's not too likely to happen, so isn't a big deal
1178385775 M * Bertl and there is rsync and scp :)
1178385793 M * newz2000 I think I'll try out the ldap users
1178385841 M * newz2000 I've been wanting to do that for a while, so this will give me an excuse I think
1178385877 M * Bertl good, just make sure that you have local accounts too, otherwise you will not be able to use them when networking is off/failing/whatever
1178385921 M * Bertl I'm off now ... probably back later ... cya
1178385925 N * Bertl Bertl_oO
1178385927 M * newz2000 thanks for the advice Bertl_oO
1178385931 M * newz2000 and all
1178385933 M * brcc_ bertl
1178385939 M * brcc_ i am back i need to ask some qwuestions
1178385940 M * brcc_ hehe
1178385943 M * brcc_ who can help me with the memory stuff ?
1178385949 M * brcc_ I can do some updates on the wiki..
1178386341 M * mnemoc memory stuff? limits?
1178386370 M * brcc_ yes
1178386388 M * brcc_ i need help with which has changed from 2.6.17.10-vs2.0.2-rc29
1178386543 J * dothebart ~willi@xdsl-81-173-174-67.netcologne.de
1178386543 Q * tudenbart Read error: Connection reset by peer
1178387790 J * ema ~ema@rtfm.galliera.it
1178388096 J * dna ~naucki@90-193-dsl.kielnet.net
1178388736 J * toidinamai ~frank@i59F76DFF.versanet.de
1178389848 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178390375 Q * transacid Ping timeout: 480 seconds
1178390410 J * oliwel ~mail-at-o@ppp-82-135-73-48.dynamic.mnet-online.de
1178390761 J * Piet_ hiddenserv@tor.noreply.org
1178390820 Q * oliwel Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.3/2007032706]
1178391045 Q * Piet Remote host closed the connection
1178391472 Q * Piet_ Ping timeout: 480 seconds
1178392393 J * er ~sapan@pool-71-168-215-87.cmdnnj.fios.verizon.net
1178392645 J * yarihm ~yarihm@84-74-20-183.dclient.hispeed.ch
1178395194 Q * fatgoose Quit: fatgoose
1178395530 Q * ema Quit: leaving
1178395907 Q * yarihm Remote host closed the connection
1178395982 J * yarihm ~yarihm@84-74-20-183.dclient.hispeed.ch
1178396894 Q * er Quit: er
1178398251 J * xcarioca xcarioca@200.103.128.24
1178398467 N * Bertl_oO Bertl
1178398477 M * Bertl back now ...
1178398866 Q * yarihm Remote host closed the connection
1178398868 J * yarihm ~yarihm@84-74-20-183.dclient.hispeed.ch
1178399446 Q * Blissex Remote host closed the connection
1178400915 Q * xcarioca 
1178401603 J * Aiken ~james@121.45.222.137
1178402350 J * fatgoose ~samuel@206-248-175-36.dsl.teksavvy.com
1178403793 J * er ~sapan@pool-71-168-215-87.cmdnnj.fios.verizon.net
1178404738 Q * meandtheshell Quit: Leaving.
1178404844 M * er Hi
1178404908 M * daniel_hozac hello
1178404983 M * er question, if I write a new iptables target, SETXID, which sets sk->sk_xid to a guest id, and use it for a set of packets, should the marked packets show up in that guest?
1178404986 M * er hi daniel
1178405073 M * daniel_hozac sk or skb?
1178405917 Q * cehteh Ping timeout: 480 seconds
1178405925 M * er oops, didn't see your message
1178405929 M * er daniel_hozac: sk
1178405940 Q * bonbons Quit: Leaving
1178405973 J * cehteh ~ct@pipapo.org
1178405974 M * er does the skb have a xid field? 
1178406016 M * er (don't see one)
1178406196 M * daniel_hozac i'm not sure how setting sk->sk_nid (which i guess is what you actually want), but i'm not seeing that either.
1178406208 M * daniel_hozac umm, i'm not sure how that would work, i mean
1178406277 M * daniel_hozac IMHO you'd want to change the associated socket entirely for the skb.
1178406321 M * daniel_hozac (but i don't really know how it all works, so don't take my word for it ;))
1178406324 M * er daniel_hozac: yes, that's what i'd like to do, shove the whole connection into the new vserver
1178406405 J * FireEgl FireEgl@2001:5c0:84dc:0:81bf:9202:bf7b:c83f
1178406414 M * daniel_hozac what exactly are you trying to accomplish with this target?
1178406605 M * er daniel_hozac: that's ok:) i'll hack around and see
1178406614 M * brcc_ BERTl
1178406616 M * er daniel_hozac: to forward an active connection
1178406634 M * er er: from once slice to another
1178406649 M * brcc_ How could i have the memory limits set with vs2.2 the same way it was done before ? Any math there ?
1178406742 M * daniel_hozac er: you want to move an active connection between guests? how do you see that working?
1178406757 Q * cehteh Ping timeout: 480 seconds
1178406797 M * daniel_hozac brcc_: use the same technique as always, run the guest unlimited for a little while, do what it's supposed to, grab the current usage and add a safety margin, voila?
1178406832 J * cehteh ~ct@pipapo.org
1178407231 M * er daniel_hozac: (i) N guests bind to port 80 (ii) I write an iptables rule that decides which of the N guests an accepted connection is to go to based on the packet header and sets the connectoin xid accordingly (iii) the connection passes the vx_checks for established_get_connections for that host 
1178407267 M * brcc_ I was talking with bertl about the changes from vs2.0 to vs2.2. On vs 2.0 java worked well with 100MB rss. The same vs (cloned) does not work well on 128MB rss.
1178407292 M * brcc_ http://paste.uni.cc/15223
1178407332 Q * dna Quit: Verlassend
1178407355 N * er er_rand
1178407587 J * toidinamai_ ~frank@i59F7192E.versanet.de
1178407630 M * daniel_hozac brcc_: and as Bertl told you, that's because 2.2 does it right and counts the anonymous pages too.
1178407653 M * daniel_hozac er_rand: sounds like it'd be easier to just assign the guests different IP addresses...
1178407667 M * er_rand daniel_hozac: :) tell me about it
1178407696 M * daniel_hozac er_rand: changing an established connection really seems like a bad idea to me.
1178407700 M * er_rand daniel_hozac: i know, bertl thinks the same
1178407722 M * daniel_hozac how is userspace even supposed to know what to do about it?
1178407780 M * brcc_ daniel_hozac: So when we gave 128MB to a guest on 2.0 he could use much more. Is that it ?
1178407791 M * daniel_hozac yes.
1178407850 M * brcc_ So if i want to bring a vserver from vs2.0 to vs2.2 and make sure he will not hit his memory limit, i should sum his (OLD) rss with anon which will result in his "new" rss. Is that it ?
1178407929 M * daniel_hozac yep.
1178407951 Q * toidinamai Ping timeout: 480 seconds
1178408008 M * brcc_ great
1178408077 M * brcc_ now 90% is clear on my mind. :) So if i had the total server memory splited into 10 vs for example, on vs2.0, i would be selling more than i have. With vs2.2 this wont happen. Is that right too ?
1178408083 N * DoberMann DoberMann[ZZZzzz]
1178408183 M * daniel_hozac i suppose
1178408216 M * brcc_ And last thing. If i set RSS limit on vs2.4 for all vservers as RSS+ANON (from vs2.0) i wontuse mor ememory than before so i wont cause a constant swapping and slowness
1178408235 M * brcc_ ?
1178408251 M * daniel_hozac s/vs2.4/vs2.2/?
1178408262 M * brcc_ sorry .. that's it
1178408276 M * brcc_ s/vs2.4/vs2.2/
1178408295 M * daniel_hozac the memory limit doesn't affect how much you're using at all.
1178408303 M * daniel_hozac it's a limit, not a guarantee.
1178408323 M * brcc_ Since it is a limit, can't we guarantee that this guest wont exceed it?
1178408333 M * daniel_hozac yes.
1178408369 M * daniel_hozac but guarantees in this context means "this much is reserved for this guest".
1178408374 M * brcc_ My prupose is guarantee that the host will not start swapping 
1178408388 M * brcc_ (i mean swapping after using all memory)
1178408448 M * daniel_hozac well, if you divide the available memory evenly between the guests, i don't see a problem.
1178408498 M * brcc_ Great.
1178408500 M * brcc_ :)
1178408593 M * brcc_ Bertl asked me to help updating memory limits on the wiki but i think that i don't have enough knowlodge to do that. If it is just to write what we just discuseed (what has changed) then it is fine
1178408625 M * brcc_ But i bet he wants much more, explanation about RMAP and ANON, etc, Which i would also be interested to know
1178408958 J * meandtheshell ~markus@85-124-37-4.dynamic.xdsl-line.inode.at
1178408998 Q * er_rand Quit: er_rand