1178755234 M * hellekin what about fill-rate:1, fill-rate2:5, interval:5, interval2:10, tokens:1500, tokens-max:4000, tokens-min:1000 (hold time 5s) 1178755398 M * hellekin Bertl: are you going to the CCC summer camp , 1178755399 M * hellekin ? 1178755418 M * Bertl probably not, but not decided yet 1178755477 M * hellekin Your appearance at WTH was really neat :) 1178755484 Q * bzed Quit: Leaving 1178755502 M * Bertl yeah, was nice for me too (except for the flood like rain :) 1178755559 M * hellekin CCC was in a swamp. I wouldn't have liked to wake up in a pool :) 1178755568 M * hellekin waking up 1178755933 M * mstrobert Good evening gentlemen. Thanks for the help. 1178756099 M * Bertl evening mstrobert! 1178758879 Q * kir Ping timeout: 480 seconds 1178759363 Q * cehteh Ping timeout: 480 seconds 1178759409 J * h_ll_k_n ~hellekin@mar92-4-82-224-213-198.fbx.proxad.net 1178759492 Q * hellekin Ping timeout: 480 seconds 1178759672 J * cehteh ~ct@pipapo.org 1178759804 Q * SoftIce Read error: Connection reset by peer 1178759827 Q * h_ll_k_n Quit: Lost terminal 1178760986 J * kir ~kir@swsoft-mipt-nat.sw.ru 1178761032 M * Bertl wb kir! cehteh! 1178761055 M * cehteh ;) .. dsl hickup 1178761437 M * blizz damn it's late. 1178761529 M * s0undt3ch for all of you interested -> http://blog.ufsoft.org/index.php/2007/05/10/irssi-notification/ 1178761969 M * Bertl s0undt3ch: I don't get it, what's the purpose? 1178762027 M * s0undt3ch Bertl: get notified if you're working on something else, and your system does not beep, I made that as an alternative to fnotify.pl :) 1178762058 M * Bertl okay, how is it going to notify me? 1178762073 M * s0undt3ch Bertl: http://blog.ufsoft.org/wp-content/uploads/2007/05/irc-notification2.thumbnail.png 1178762088 M * s0undt3ch dam, not that one 1178762100 M * s0undt3ch http://blog.ufsoft.org/wp-content/uploads/2007/05/irc-notification2.png 1178762138 M * Bertl hmm, I guess that won't work :) 1178762148 M * doener hm, 0.5 seconds delay? Does that thing spawn a python process for each notification? 1178762153 M * s0undt3ch nah 1178762178 M * s0undt3ch same python process, the actuall magic hapens on libnotify 1178762194 M * s0undt3ch Bertl: won't work? your're a cli only gui? 1178762196 M * doener because that's about the time that the remote control script for my jabber client takes to start up, while python happily burns 100% cpu 1178762225 M * s0undt3ch doener: python burns 100% for what? 1178762238 M * Bertl s0undt3ch: no, but the irssi process is running remote in a screen, I doubt that the notification will pop up over ssh :) 1178762259 M * doener reading all the stuff required to run that program... i.e. startup time is about 50000 times the actual time the program does anything ;) 1178762262 M * s0undt3ch Bertl: yep, that's the way I use it, tunnel trough ssh ;) 1178762273 M * s0undt3ch doener: my prog only loads once 1178762294 M * doener s0undt3ch: yeah, the 0.5 seconds are just coincidence, got that ;) 1178762320 M * s0undt3ch doener: that wasn't actually timed, but 1sec is not for sure; ) 1178762328 M * Bertl s0undt3ch: how will it send notifications through, let's say 2-3 ssh connections? 1178762328 A * doener was still talking about the gajim remote thing 1178762337 M * s0undt3ch so .5 seemed reasonable guess 1178762350 M * Bertl s0undt3ch: I mean 2-3 different ones to the same screen 1178762458 M * s0undt3ch Bertl: my app uses irssi's proxy support, that's where it connects, so if you don't have a copr restrictive firewall, you can just connect my app directly to irssi's proxe, else, ssh tunnel it 1178762471 M * s0undt3ch *proxy 1178762521 M * Bertl ah, so I need to 'tunnel' the notification app to the irssi process, and it will attach there, yes? 1178762531 M * s0undt3ch nope 1178762537 M * s0undt3ch well, more or less 1178762541 M * s0undt3ch I'll explain 1178762560 M * s0undt3ch you just create a tunnel to be able to access irssi's proxy 1178762562 M * s0undt3ch ie 1178762592 M * s0undt3ch ssh -L :localhost: user@remote 1178762601 M * s0undt3ch for example 1178762614 M * s0undt3ch ssh -L 55555:localhost:55555 user@remote 1178762633 M * s0undt3ch that tunnels localhost's 55555 port to remote's 55555 port 1178762659 M * s0undt3ch my app connect's to the local port, which get's tunneled, and then connects to proxy 1178762671 M * s0undt3ch so, (I'm stupid) and the answer to your question is yes ;) 1178762676 M * s0undt3ch lol 1178762744 M * s0undt3ch Bertl: did I explained myself? 1178762820 M * Bertl yep, tx 1178762826 M * s0undt3ch Bertl: np :) 1178762970 M * mattzerah daniel_hozac: thanx for the tip about centos installation - i know its very specific at the moment, i'm going to generalize it as i get a bit more familare with things. I'll work out the dietlib and update the util-vserver on the w/e :) 1178763299 M * Bertl daniel_hozac: ntrs just notified me that he gets the following message logged 4 times on a 2.6.21 based system: 1178763307 M * Bertl can not change context: migrate kernel feature missing and 'compat' API disabled: Function not implemented. 1178763328 M * Bertl daniel_hozac: this is with 0.30.212 and everything else seems fine 1178763348 M * Bertl http://paste.linux-vserver.org/1692 1178763353 M * Bertl any ideas? 1178764129 Q * infowolfe_ Read error: Connection reset by peer 1178764170 J * infowolfe ~infowolfe@c-67-164-195-129.hsd1.ut.comcast.net 1178764597 Q * ensc Ping timeout: 480 seconds 1178766460 J * JW ~JW@cvs.claborn.net 1178766487 M * JW Can anyone help me with some routing problems? 1178766560 M * Bertl welcome JW! maybe, let's hear ... 1178766582 M * JW Bertl: unfortunately for you, you already heard from me last week (I think) :-D but I'll try again 1178766597 M * JW I have a server with Linux-VServer installed. 1178766618 M * JW On this server, there are two NICs: eth0 is the external Internet, with a gateway. 1178766629 M * JW eth1 provides access to our 192.168.0.* LAN 1178766657 M * JW /most/ of our comptuers are only on the LAN, so the LAN has a NAT device for a gateway 1178766666 M * Bertl I think I remember the setup :) 1178766669 M * JW ok. 1178766681 M * JW Now if you also remember, I was trying to not use iptables, 1178766692 M * JW which is what you, and the FAQ-Wiki, suggested I do. 1178766704 M * JW But, I gave up and tried the iptables (too much wasted time) 1178766706 M * Bertl yes, although I didn't understand your motivations for doing so :) 1178766717 M * JW I don't either :-) 1178766735 M * Bertl okay, so you are using SNAT now? 1178766743 M * JW I guess becase I'm familiar with editing network/interfaces and not familiar with iptables 1178766765 M * JW also, there's less chance someone will come fry my route, and more chance some other admin will come "adjust" my iptables rules. 1178766768 M * JW But, anway: 1178766777 M * JW I did try just using SNAT, however, even that is not working for me. 1178766791 M * Bertl how so? 1178766794 M * JW The documentation says to use this: 1178766796 M * JW iptables -t nat -I POSTROUTING -s $VSERVER_NETZ ! -d $VSERVER_NETZ -j SNAT --to $EXT_IP 1178766806 M * JW and to replace the Vars with the right thing 1178766808 M * JW So I did this: 1178766816 M * JW iptables -t nat -I POSTROUTING -s 192.168.0.0 ! -d 192.168.0.0 -j SNAT --to 12.171.179.96 1178766829 M * JW But I really don't know if that's right. I do know it doesn't work, 1178766839 M * Bertl close, but no no banana :) 1178766849 M * Bertl you actually want something like: 1178766851 M * JW because ping -I eth1 www.google.com still does not work. 1178766889 M * Bertl iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j SNAT --to 12.171.179.96 1178766925 M * JW ah 1178766928 M * Bertl and to test, you want to do: 1178766930 M * JW trying now . . . 1178766940 M * Bertl ping -I 192.168.0.42 www.google.com 1178766952 M * Bertl adjust 192.168.0.42 to match your guest's ip 1178767018 M * JW Still doesn't work, with or without the guest running. 1178767068 M * JW Does not ping if I use -I eth1 or eth1's address, or the guest's address. 1178767079 M * Bertl check with tcpdump -vvnei eth0 icmp 1178767098 M * Bertl look what packets leave the interface if at all 1178767117 M * JW Shoudl I be able to see that rul in iptables --list? 1178767123 M * JW Because I don't. 1178767141 M * Bertl if you do, 'iptables -t nat -L' it should show up 1178767194 M * Bertl you can do an 'iptables -t nat -F' and then redo the one above, if you have more than this rule there 1178767216 M * JW The only rules stuck in there are my various attempts to do this :-) 1178767223 M * JW there's 3 in there, no supprise it's not working. 1178767280 M * JW Ok I cleared them out and started over but it still doesn't work. 1178767293 M * JW Let me ask another question before we go further 1178767301 M * Bertl k 1178767314 M * JW when the guest is running, 1178767329 M * JW it has an address, and I can ping that address from any other computer onthe LAN< so I know it's working, 1178767339 M * JW but on the host, I don't see that address in "ifconfig' - is that normal? 1178767345 M * Bertl yes 1178767351 M * JW ok 1178767370 M * JW I see things in tcpdump when I test it, but I can't make much out of it 1178767374 M * Bertl ifconfig was replaced something like 5 years ago, by 'ip' from 'ip route 2' 1178767387 A * JW blushes 1178767391 M * JW um - really? 1178767396 M * Bertl ifconfig doesn't see everything, 'ip addr ls' will 1178767396 M * JW I never heard that. 1178767414 M * Bertl btw, that's not Linux-VServer related .. :) 1178767433 M * JW What, the ip > ipconfig part? 1178767452 M * Bertl that ip replaced ifconfig, yes :) 1178767457 M * JW :-) 1178767493 M * Bertl is the guest started when you try the ping? 1178767493 M * JW Well I did learn to use linkx about 8 years ago . . . guess ip wasn't around back then. 1178767499 M * JW I never heard of it anyway :-) 1178767503 M * JW in this case, yes 1178767509 M * JW I can shut if off for test thought 1178767572 M * Bertl no, it's fine if it is up 1178767579 M * JW about the tcpdump: what am I looking for? I see a timestamp, 2 MAC addresses, ethertype, length, a bunch of other stuff, "12.171.179.112 > 58.233.122.132: ICMP echo reply" 1178767610 M * Bertl you are pinging the host? 1178767641 M * Bertl or why is the host sending replies to 58.233.122.132? 1178767659 M * JW ok, that TCPdump was, I had a shell on the host, running "ping -I 192.168.0.42 www.google.com" 1178767670 M * JW 58.233.122.132 was google,com I guess 1178767685 M * JW do you want me to ping from inside the guest? 1178767691 M * Bertl nah, that would be the other way round 1178767706 M * Bertl ping sends echo requests and receives echo replies 1178767717 M * JW When I do try pinging from inside the client, I get "connect: Invalid argument" 1178767726 M * Bertl so the echo reply you mentioned above was from 12.171.179.112 sent to 58.233.122.132 1178767733 M * JW I can ping anything on the LAN from inside the guest though 1178767748 M * JW yes 1178767757 M * JW the first address being eth0's IP. 1178767769 Q * bored2sleep Ping timeout: 480 seconds 1178767779 M * Bertl look, you want to figure where the echo request from the ping you are running ends up 1178767798 M * JW looking at tcpdump I see some from the eth0 ip and some from the gateway IP. 1178767803 M * JW ok, right? 1178767811 M * Bertl most likely, the ping is leaving on eth1 to your local network 1178767828 M * Bertl (no idea why, if the SNAT is working though) 1178767847 M * Bertl i.e. your default route should point to eth0, no? 1178767852 M * JW yes, and it does. 1178767855 M * JW So that on the host, 1178767866 M * JW any traffic to the Internet goes through eth0 1178767878 M * JW and it's gateway is 12.171.179.96 1178767939 M * JW for traffic coming from the guest, I need it to either get sent to eth0 and 12.171.179.96, or, go ahead and go out of eth1 and go through the LAN gateway .23 1178768007 M * Bertl well, you must have done something with the routing (except for the defaults) that a packet to a host like www.google.com is sent to eth1, no? 1178768057 M * Bertl I would suggest you undo that first, then a simple ping (with whatever source address you choose) should leave through eth0 1178768063 M * JW sorry I don't quite understand 1178768071 M * JW oh 1178768079 M * JW er, you might be right, hold on. 1178768084 M * Bertl what does 'ip route ls' show on the host? 1178768104 M * Bertl (use paste.linux-vserver.org for more than 3 lines) 1178768123 M * JW 12.171.179.96/27 dev eth0 proto kernel scope link src 12.171.179.112 1178768131 M * JW 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.127 1178768138 M * JW default via 12.171.179.97 dev eth0 1178768144 M * JW that's all 1178768282 M * Bertl that looks good 1178768310 M * Bertl but still doesn't answer why a ping to www.google.com leaves through eth1, no? 1178768323 M * JW Ok . . . 1178768335 M * Bertl the routes as far as I can tell, would send it through eth0, no? 1178768341 M * JW unless one of tham many thing I tried to make work actually did work. 1178768358 M * JW where did you get the idea that the ping goest through eth0, from the TCPdump? 1178768374 M * JW I /was/ using ping -I - you saw that, right? 1178768391 M * JW ping -I 192.168.0.141 www.google.com 1178768401 M * JW and in the config for thie guest, the "dev" is set to eth1 1178768423 M * Bertl doesn't matter, there is no way from eth1 to www.google.com 1178768453 M * Bertl i.e. the packet cannot reach the destination (at least from what your host should know) 1178768486 M * JW unless we change the route accordingly, right? 1178768497 M * JW do you want me to reboot this machin just to make sure w have a fresh start? 1178768503 M * JW sorry - can't type tonight. 1178768522 M * Bertl no, I assume your ping version is jumping to conclusions based on the source IP 1178768557 M * Bertl let's use something more relevant than ping, which is wrong in so many versions :) 1178768571 M * JW Ok, for example apt-get update inside the guest won't work. 1178768587 M * JW which is the /real/ reason why I need this to work at all. 1178768588 M * Bertl that is too complex to verify via tcpdump 1178768596 M * Bertl let's try something like: 1178768618 M * Bertl lynx http://www.google.com (inside the guest) with the iptables rule from above 1178768654 M * Bertl and attach two tcpdump -vvnei ethX to both eth0 and eth1 (different terminals) 1178768656 M * JW lynx: command not found 1178768670 M * JW The whole reason I'm going through this is that almost nothing is installed 1178768678 M * Bertl well, you know the routine :) apt-get install lynx :) 1178768686 M * JW In fact, I have a vauge suspicion that the installation didn't even work 1178768700 M * JW RIght, but I can't apt-get install lynx because the nework isn't working. Catch-22 1178768712 M * Bertl your host is debian too, no? 1178768725 M * JW I say "installation didn't even work" but I mean I think it was trying to install a few more things that it couldn't 1178768729 M * JW yes, same versino of Debian 1178768740 M * Bertl so you have two options 1178768749 M * Bertl a) install it on the host and copy it over 1178768772 M * Bertl b) assign a public ip to the guest and do the install inside 1178768777 M * Bertl actually you can also do: 1178768789 M * Bertl c) chroot to the guest and install it there 1178768815 M * JW 1) failed. 1178768827 M * JW I try c) 1178768869 A * JW sees light shining down 1178768892 M * JW As a temporary solution I could do all my installing with chroot, I guess. Why didn't I ever think of that before 1178768902 M * JW Oh well. I would still like to know how to make it work properly :-) 1178768946 M * JW ah, copy failed because lynx was a symlink on the host. 1178768959 M * JW chroot running 1178768964 M * Bertl do you have reverse path filtering enabled on your host? 1178769022 M * JW I don't think so - I don't know what that means 1178769054 M * JW ok, so lynx is now install and I ran it 1178769060 M * JW Looking up www.google.com 1178769065 M * JW Alert!: Unable to connect to remote host. 1178769071 M * JW Failed 1178769085 M * Bertl what do the tcpdumps show? 1178769090 M * JW tcpdump is still running in another window, and it shows nothing 1178769093 M * JW at all 1178769100 M * Bertl on both interfaces? 1178769132 M * JW no I was running the eth0 command you gave me 1178769135 M * JW I'll try both 1178769213 M * JW tons of noise on eth1 1178769216 M * JW traffic 1178769264 M * JW I'm going to reboot this server just to be sure it's not messed up 1178769639 M * daniel_hozac Bertl: strace? (re: ntrs issue) 1178769712 M * Bertl ntrs: ping? 1178769716 M * daniel_hozac Bertl: and which command generates that? 1178769807 J * stefani ~stefani@c-24-19-46-211.hsd1.wa.comcast.net 1178769827 M * JW Bertl: now that I have restarted the host server, the guest image will not start: 1178769845 M * JW vc_new_s_context(): Function not implemented 1178769869 M * JW /proc/uptime can not be accessed. Usually, this is caused by procfs-security. Please read the FAQ for more details 1178769916 M * Bertl probably a (debian) issue with the tools ... daniel_hozac? 1178769946 M * mattzerah maybe silly question - did you vprocunhide 1178769962 M * mattzerah i had those issues until i vprocunhide after a reboot 1178769974 M * Bertl well, it should be run by the init scripts :) 1178769994 M * Bertl of course, in debian that might not be the case ... 1178770002 M * mattzerah yup - i had to manually set it to start (all inits were set to off) 1178770008 M * mattzerah (i use centos) 1178770173 M * mattzerah if that does fix it, maybe we could but that message (in its entirety) in the FAQ ? 1178770190 M * mattzerah just my 2 (very small) cents worth :) 1178770353 A * mattzerah thinks he broke the channel - all dialog has stopped - oooops 1178770365 M * JW :-) 1178770397 M * JW just tired admins cogitating. 1178770398 M * Bertl mattzerah: nah, just waiting for daniel_hozac to get back :) 1178770406 M * mattzerah :) 1178770412 A * mattzerah sighs of releief 1178770418 M * mattzerah relief even 1178770429 M * Bertl I'm not that good in interpreting the tools :) 1178770439 M * JW Bertl: any ideas about the procfs error? 1178770446 M * JW I didn't change or upgrade anything. 1178770465 M * JW Prov is set to defaults in fstab 1178770471 M * JW /proc I mean 1178770499 M * mattzerah JW: did you vprocunhide (or can you check if the vprocunhide is set to autostart on boot?) 1178770516 M * Bertl JW: I'd say the tools were upgraded (somehow) and that broke it 1178770533 M * JW mattzerah: I don't have a vprocunhide 1178770551 M * Bertl JW: it is part of util-vserver 1178770565 M * mattzerah Bertl: could that be the issue - it was my understanding that vprocunhide was essential after a reboot ? 1178770589 M * Bertl it kind of is ... 1178770602 M * JW ah, it's not in $APTH in Debian . . . 1178770617 M * JW er, PATH 1178770624 M * JW tons of errors when I try to run it 1178770638 M * JW and I still can't start. 1178770643 M * Bertl are you sure you did boot a vserver kernel? 1178770653 M * JW oh, brother . . . 1178770668 M * JW Now that you mention it, I forgot that's not the default kernel. So sorry 1178770676 M * Bertl :) 1178770676 M * mattzerah sounds like your having a great day JW 1178770689 M * JW mattzerah: great week, actually :-D 1178770693 M * Bertl mattzerah: feel free to add it to the FAQ 1178770721 M * mattzerah cool :) 1178770743 M * mattzerah i might be only starting out seriously with vserver but i hope to contribute a bit :) 1178770883 M * mattzerah mmmm, do i need access to modify the faq ? 1178770891 M * mattzerah i cant find an edit button anywhere 1178770901 M * Bertl you need to register, IIRC 1178770908 M * mattzerah oh, up the top 1178770921 M * mattzerah i'm so used to seing the edit button inline :) 1178771224 M * JW ok, rebooted with the vserver kernel, 1178771230 M * JW and still can't lynx out. 1178771236 P * stefani parting (is such sweet sorrow) 1178771237 M * JW (redid the iptables line) 1178771263 M * Bertl check cat /proc/sys/net/ipv4/conf/eth*/rp_filter 1178771285 M * JW they both say "0" 1178771448 M * JW Bertl: I'm sleepy, talk to you tomorrow or later. Thanks for your help 1178771508 Q * JW Quit: Thanks - later 1178771517 M * Bertl okay :) 1178771758 M * mattzerah Bertl: added that faq 1178771778 M * Bertl okay, tx ... I'm off to bed now too 1178771790 M * Bertl night everyone ... cya tomorrow! 1178771793 M * mattzerah its not down the bottom cause i couldn't work out the wikiscript (it added it as part of faq 53) so its second last 1178771801 M * mattzerah gnight Bertl 1178771803 N * Bertl Bertl_zZ 1178771807 M * daniel_hozac good night Bertl_zZ! 1178771807 A * mattzerah still has 3 hours work left :/ 1178771885 M * mattzerah hey daniel_hozac: was thinking about what you were saying about the util-vserver version numbrs..... 1178771928 M * mattzerah in the documentation would you think it wise to have a "install kernel in {X} dist"... similar to whatthere is now 1178771948 M * mattzerah and then have a section below saying "install util-vserver with [y] method" 1178771957 M * mattzerah y = yum/apt/src 1178771962 M * daniel_hozac yeah. 1178771984 M * mattzerah that way fedora/centos/redhat/etc can have installation, then all link to the yum method for util-vserver 1178771986 M * daniel_hozac that's one of the things i've been wanting to do on the wiki. 1178772039 M * mattzerah cools - perhaps i could look at that on the w/e as well ? 1178772072 M * mattzerah i could consult with you (or the list) first 1178772105 M * daniel_hozac sure, if i don't get to that today. 1178772181 M * mattzerah no dramas - i'm looking at writing some entries to give the guest a working X setup (viagdm/ xdmcp) - thats hopefully going to happen on the w/e - so i could organise a bit of the wiki too if you need to palm some of it off to me :) 1178772301 M * mattzerah work calls ....... 1178776583 J * virtuoso ~s0t0na@80.253.205.251 1178780699 J * dna ~naucki@239-238-dsl.kielnet.net 1178781461 J * SoftIce ~psmith@dsl-242-108-132.telkomadsl.co.za 1178781564 M * SoftIce good day 1178781570 M * daniel_hozac hello 1178781573 M * SoftIce please when somebody has a second to look at this paste 1178781576 M * SoftIce http://www.pastebin.ca/480350 1178781579 M * SoftIce many thnaks 1178781692 M * daniel_hozac why are you using newvserver? 1178781709 M * daniel_hozac and you are running it on a Linux-VServer kernel, right? 1178781787 N * phedny_ phedny 1178782029 M * SoftIce I wasn't sure that running 'newvserver' was incorrect. it's a ubuntu machine. And with regards to Linux-VServer kernel it's still the old kernel-patch... 1178782068 M * daniel_hozac so uname -r outputs what? 1178782111 M * SoftIce I guess not what its supposed to show, 2.6.15-28-server 1178782115 M * daniel_hozac or more interesting, what does testme.sh output? 1178782176 M * SoftIce sec 1178782192 M * SoftIce waiting for this slow pastebin.ca to open 1178782203 M * daniel_hozac use paste.linux-vserver.org instead? 1178782289 M * SoftIce heh thats a bit quicker :) 1178782341 M * SoftIce http://paste.linux-vserver.org/1697 1178782413 M * daniel_hozac yeah, you don't have a Linux-VServer kernel. 1178782713 M * SoftIce so this patch then I gather doesn't work anymore 1178782807 M * daniel_hozac i don't even know what patch you're talking about. 1178782814 Q * ktwilight_ Ping timeout: 480 seconds 1178782847 M * SoftIce kernel-patch-vserer :) 1178782875 M * daniel_hozac kernel-patch-vserver has never contained patches for Ubuntu, AFAIK. 1178782917 M * SoftIce well i'm just so sick of ubuntu :) 1178782941 M * SoftIce the linux OS that caused the least shit in my life was fedora 1178783386 M * SoftIce i'm so tempted to run that script I showed you yesterday 1178783413 M * SoftIce and just migrate across to debian 1178783541 M * daniel_hozac i wouldn't use that if i were you 1178783815 M * SoftIce :D 1178786235 J * eyck ~eyck@nat.nowanet.pl 1178786288 J * DavidS david@chello062178045213.16.11.tuwien.teleweb.at 1178786299 M * eyck am i back? 1178786318 M * daniel_hozac yes. 1178786325 J * bzed ~bzed@dslb-084-059-097-116.pools.arcor-ip.net 1178786338 M * eyck good, thanks, hi, time to get some sleep 1178786411 M * daniel_hozac hehe, hey, good night ;) 1178786678 J * chand ~chand@212.99.51.254 1178786938 J * ntrs_ ntrs@68-188-55-120.dhcp.stls.mo.charter.com 1178786938 Q * ntrs Read error: Connection reset by peer 1178787589 J * ensc ~irc-ensc@p54B4D175.dip.t-dialin.net 1178788419 Q * mire Quit: Leaving 1178788796 M * SoftIce daniel_hozac: hmm, how dangerous would it be to use the latest debian kernel on ubuntu ? eg: just download the .deb file and install it? 1178788813 M * daniel_hozac i have no idea. i'm a Fedora person. 1178788818 M * SoftIce :) 1178788825 M * SoftIce it shouldn't have to much issues ? 1178788880 M * daniel_hozac i don't think so. 1178789075 M * waldi SoftIce: try it 1178789088 M * SoftIce waldi: I don't mind trying anything locally, just not remotly :( 1178789099 M * waldi the initramfs-tools dependency may be unavailable 1178789121 M * SoftIce that is dependant on ubuntu ? 1178789140 M * SoftIce ahh, I see what you mean 1178789208 M * SoftIce hmf! 1178789212 Q * DavidS Quit: Leaving. 1178789235 M * SoftIce it doesn't help me upgrading to a later ubuntu due to the fact that even the later versions don't have any support what so ever 1178789255 M * SoftIce linux-vserver-image-2.6.17-11-vserver-generic 1178789262 M * SoftIce this kernel is available for ubuntu 1178789272 M * SoftIce but thing is it doesn't look like its been patched at all 1178789278 M * SoftIce would it at all be safe to use in production ? 1178789307 M * SoftIce my gawd, if you guys could actually see what the wind is doing here right now! never seen it blow this hard where I live! 1178789332 M * Loki|muh we use debian for the host-system and ubuntu for the guests 1178789391 M * SoftIce well I wish I had gone that route 1178789433 M * Loki|muh we changed half a your ago, before that I was compiling new kernels every few weeks ;) 1178789437 M * SoftIce i'm wondering using this kernel shouldn't make to much of an issue right now untill they sort their act together and somebody takes resposability for the support of vserver 1178789441 M * Loki|muh -your+year 1178789470 M * SoftIce I dont know of any remote kernel exploits out :) 1178789530 M * SoftIce if I could just a correct seeded file I could do a remote installation but i dont trust my ability that much :D 1178789621 M * SoftIce and asking anything in #ubuntu on freenode is a waste of time 1178789633 M * SoftIce anything slightly technical and nobody replies :P 1178789640 M * SoftIce its all desktop sh2t 1178789665 J * ktwilight ~ktwilight@102.118-66-87.adsl-dyn.isp.belgacom.be 1178789997 J * mire ~mire@23-168-222-85.adsl.verat.net 1178790596 J * lilalinux ~plasma@80.69.41.3 1178791484 M * meandtheshell SoftIce: what did you expect - the random guy on #ubuntu is away from windows for about 3 month or so and of course flattered and turned head up down by ubuntu :) 1178791496 M * meandtheshell SoftIce: why do you use ubuntu at all? 1178791509 M * meandtheshell why not plain DebianGNU/Linux ? 1178791527 M * ruskie :) 1178792207 Q * daniel_hozac Ping timeout: 480 seconds 1178792397 J * thom_ ~thomas@e179192137.adsl.alicedsl.de 1178792450 M * thom_ hello is it a good idea to put each vserver guest on a seperate partition? Does it increase the security? 1178792567 M * SoftIce meandtheshell because im an idiot 1178792608 M * meandtheshell SoftIce: not too late budy :) just switch now 1178792617 M * meandtheshell s/too/to/ 1178792704 M * SoftIce no it is 1178792712 M * meandtheshell thom_: well, yes but you may run into problems after you may notice you're running out of space on a partition 1178792714 M * SoftIce its a dam remote hosted box and they charge quite a bit to re-format 1178792728 M * SoftIce also if I created a seeded file for a automated re-install things could go wrong 1178792734 M * SoftIce so i'm in a dizmile state at the moment 1178792789 M * meandtheshell well, having dinner things could go wrong - "having dinner" still exists 1178792817 M * meandtheshell I'd say your problem only gets bigger the longer you wait 1178792835 M * thom_ meandtheshell: ok thats right, but i think i can manage that. What kind of security i get when each guest have a own partition? 1178792956 M * meandtheshell thom_: well, in essence there should not be a difference but to feel good and sleep well some prefer the "one partition per guest" approach 1178793019 M * meandtheshell if you're new to Linux-VServer I'd say you go for the one partition for many guest approach 1178793202 M * thom_ ok i must admit l-vserver is really great, thanks to all dev and supporter 1178793316 Q * thom_ Quit: leaving 1178794012 M * meandtheshell SoftIce: by the way - by "go wrong" you mean your server doesn't reboot anymore? 1178794033 M * meandtheshell (after you uploaded a new kernel for example) 1178794647 J * Piet hiddenserv@tor.noreply.org 1178797421 Q * chand Quit: chand 1178798298 J * chand ~chand@212.99.51.254 1178798862 M * TrueBrain Hi! Lately I have a very strange problem: when I do: 'vserver enter', I end up in an other VPS then I defined 1178798865 M * TrueBrain when I try again, it does work fine 1178798878 M * TrueBrain is this a known problem or? 1178798888 M * TrueBrain 2.6.19-vs2.2.0-rc11-gentoo 1178798926 M * TrueBrain util-vserver-0.30.212-r2 1178798968 M * TrueBrain (bbl) 1178800294 J * DavidS david@chello062178045213.16.11.tuwien.teleweb.at 1178801620 J * SadMan sadman@sadman.net 1178802727 J * ema ~ema@rtfm.galliera.it 1178803298 M * Loki|muh anyone expirience with a nx server in a vserver guest? 1178804510 N * Bertl_zZ Bertl 1178804519 M * Bertl morning folks! 1178804861 M * TrueBrain hi Bertl! Can you help me out with the problem above? It starts to get annoying ;) 1178804877 Q * kir Quit: Leaving 1178804958 M * Bertl TrueBrain: sounds weird ... 1178804972 M * TrueBrain Bertl: it is, and very inconsitent... it does it one out of the 100 times or something 1178804979 M * TrueBrain and it seems it only uses the wrong disk.. 1178805004 M * TrueBrain (so 'ls' shows the content of an other vps) 1178805010 M * Bertl TrueBrain: but the person you want to contact is probably Hollow and then daniel_hozac 1178805025 M * TrueBrain will do :) I was just kind of hoping it was a known bug.... :p 1178805058 M * Hollow pong? 1178805067 M * Hollow what problem? 1178805084 M * TrueBrain you have a backlog? Like 10 lines above :) 1178805088 M * TrueBrain (2 hours ago) 1178805103 M * Hollow just came home :) 1178805260 M * Bertl TrueBrain: not known with mainline kernel/tools yet ... 1178805270 M * TrueBrain Bertl: bah 1178805756 J * jt ~till@pD9509AE9.dip0.t-ipconnect.de 1178805765 M * Bertl welcome jt! 1178805773 M * jt Hej 1178805809 M * jt \leave 1178805820 M * Bertl hmm ... 1178805839 M * jt Hey, I'm completely new to this! 1178805859 M * Bertl so why do you want to leave already then? :) 1178805887 M * jt Just trying things out... 1178805901 M * jt How the heck do I leave a channel? 1178805923 M * Bertl leave is fine, but usually you use / instead of \ 1178805938 M * jt Tried that as well... 1178805955 M * jt It tells me: LEAVE: Unknown command 1178805963 M * Bertl then try /HELP 1178805979 M * jt Yeah, LEAVE is not in the list! 1178805987 M * Bertl what about part? 1178805994 P * jt 1178806001 J * jt ~till@pD9509AE9.dip0.t-ipconnect.de 1178806011 M * jt Nice one! 1178806024 M * jt ... has parted ... 1178806027 M * jt funny 1178806064 M * jt Sounds like: Has passed away. 1178806080 M * jt Anyhow, thanks for helping me out on this one! 1178806089 M * Bertl you're welcome! 1178806135 M * jt Well, back to work then; just needed a small distraction :-) 1178806141 M * jt Seeya! 1178806145 Q * Piet Quit: Piet 1178806160 Q * jt Quit: jt 1178806410 M * DavidS interesting times we live in... 1178806436 M * Bertl indeed 1178806683 M * derjohn Hey, if I limit all 10 guests RSS to e.g. 512 MB on a host with 2GB. If one guest uses all RSS up, the host will begin to swap even if there is mem available? 1178806701 M * Bertl nope 1178806801 M * derjohn that is fine to hear, but why? does this limit only work if there is concurrency about the resource "memory"? 1178806827 M * derjohn but its right that RSS = physical memory? 1178806931 M * Bertl no, that is wrong, but I keep explaining this (not only to you :) for some time now :) 1178806945 M * Bertl RSS is pages mapped into physical RAM 1178806965 M * derjohn yes ! 1178806975 M * derjohn hm .. 1178806978 M * Bertl i.e. a guest has no physical ram assigned 1178807006 M * Bertl mainly for resource sharing and performance reasons 1178807090 M * derjohn ok, well, the guest itself does not request RAM, but the processes within the context do. They do "alloc" or "malloc", or ... ? 1178807123 M * Bertl yep, but that is not physical memory related either 1178807133 M * derjohn can the process decide what kind of RAM (RSS / AS) it gets? 1178807136 M * Bertl at least not since linux 1.0 or so :) 1178807145 M * derjohn of is it the gblic that decides that? 1178807149 M * derjohn oh 1178807170 M * Bertl no, sorry, glibc is involved in distributing the memory, but it is not physical memory 1178807184 M * derjohn %confused :) 1178807213 M * derjohn ok, the process wantsa memory, first he tries to allocate, right ? 1178807217 M * Bertl the only way to make sure that you get physical memory would be to lock pages in memory (VML) but you will not know where those pages are ... 1178807220 M * derjohn (e.g. 500MB ....) 1178807245 M * Bertl yes, a process might request 500MB of memory 1178807263 M * Bertl and on a typical linux system, it will get it (almost immediately) 1178807276 M * Bertl even if your system has only 256MB of RAM :) 1178807279 M * derjohn are those 500MB reserved "by hard" ? or does the kernel just say .... heya, I'll kepe that in mind ? 1178807316 M * Bertl well, actually it' more like: heya, I don't care that much .. here you go :) 1178807320 M * derjohn ah, so its mapped into the cpus virtual address space ? 1178807347 M * derjohn (i.e. 32 bit * 4 or 64 bit * 4 . i rememer that to be organized in nibbles ?) 1178807372 M * derjohn *remember ... but I might be terribly wrong though ! 1178807384 M * Bertl sounds interesting :) 1178807402 M * meandtheshell hi folks - I am looking for the reasoning why iproute2 isn't yet default in debian - so far, I skimmed through numerous mailing lists and consulted google as well but that wasn't quite verbose - any pointers? 1178807415 M * meandtheshell DavidS: you know that, don't you? 1178807421 M * derjohn meandtheshell, why should it be default? 1178807427 M * Bertl meandtheshell: because debian sticks to outdated stuff? 1178807442 M * derjohn meandtheshell, many ppl still use ifconfig ( -> BSD....) 1178807465 M * derjohn Bertl, s/outdated/proven/ :) ... but well ... 1178807482 M * Bertl derjohn: yeah, sorry, proven buggy :) 1178807482 M * derjohn but well, one could ask why nmap and screen are still missing ? 1178807483 M * meandtheshell derjohn: yep - but iproute2 has advantages over the ifconfig stuff so ... 1178807513 M * derjohn meandtheshell, yes, sure .... von IPSEC, NAT, secondary IPs etc. 1178807564 M * derjohn meandtheshell, but I miss many tools in a "bare minimum setup". Stuff I use everyday. Create a .deb metapackage will a dependency to all you like to have ... 1178807629 M * meandtheshell derjohn: good idea 1178807657 M * meandtheshell Bertl: and NEVER ever make bad jokes about debian 8-] 1178807671 M * derjohn dpkg -i meandtheshell 1178807673 M * derjohn :) 1178807691 M * meandtheshell 15:29:07) gsimmons: meandtheshell: There's a wishlist bug filed for its inclusion, take a look at #414086. <--- fine 1178807696 M * derjohn Bertl, ok, so the processs did allocate memory, the kernel says: here we go. 1178807722 M * Bertl derjohn: yep, but virtual address space (i.e. VM/AS) 1178807758 M * derjohn Bertl, ok, thats where the AS limit comes into play? 1178807786 M * Bertl yep, if you hit that, the kernel says 'no, sorry, no space left' 1178807814 M * derjohn Bertl, is there any reason to limit that? I mean allocating AS doesnt mean anythign is used up ... ? 1178807867 M * derjohn BTW: On some guests I get that "cannot allocate" from the glibc. strange is that you have to stop/start the guest, I wont self-heal from that situation. I use a 1:4 RSS:AS Quota. 1178807923 M * Bertl well, memory allocated (AS) has a good chance that it will be used at some point too, no? (unless it is java :) 1178808086 M * derjohn Bertl, pk, with well-crafted software: yes 1178808130 M * derjohn Bertl, what would be your recommendation for such a limit ? 1178808192 M * derjohn And: What happens if a processes uses the memory but RAM and SWAP are already used up? 1178808213 M * Bertl that is where the OOM killer comes into play 1178808257 M * derjohn well, so noch much differnce from "cannot allocate" to "OOM killer"? (from a users perspective) 1178808287 M * derjohn s/noch/not 1178808342 M * Bertl I think there is a big difference 1178808382 M * derjohn Bertl, well I trust you ! So, a "cannot allocate" is "better" than "OOM killer"! 1178808482 M * Bertl let me make up an analogy for you ... 1178808505 M * Bertl let's assume you are hiking in the mountains ... 1178808531 M * derjohn yes, nit many here in FFM, but on holidays i do :-) 1178808531 M * Bertl and you walk towards an edge ... 1178808537 M * derjohn *not 1178808574 M * Bertl now the 'cannot allocate' can be compared with a sign saying 'stop, don't go any further' and a few guys keeping you from falling over the edge 1178808615 M * Bertl while the OOM can be compared to an invisible (think roger rabbit) way past the edge ... which suddenly disappears :) 1178808656 M * derjohn Bertl, but writes a log message and guest keeps on running! On a cannot allocate it is "stuck": 1178808679 M * Bertl no, a cannot allocate can be handled in userspace 1178808684 M * derjohn Bertl, but, well, that might be a problem with the software in use ... 1178808693 M * Bertl i.e. release memory and try again will work 1178808708 M * Bertl (only memory leaking apps will get stuck) 1178808809 M * derjohn OK, so it sounds like ASS Limit should be a "sane limit" like 4GB on a 1GB-RAM system ? 1178808849 M * Bertl if you are talking about 32bit systems, then 4GB is pointless 1178808858 M * Bertl (your entire address space will be 3GB or so) 1178808883 M * Bertl but e.g. 2GB would already make sense on such a system 1178808924 M * Bertl note that the accounting is done by summing up the address spaces of all processes 1178808945 M * Bertl i.e. if your process limit is like 100 processes 1178808957 M * Bertl and you consider 256MB per process as sufficient 1178808970 M * Bertl then you would want to set the limit to 100*256MB 1178808989 M * derjohn thats much ! 1178809083 M * derjohn ok, assume I have 10 guests with a 2 GB AS limit _each_. All those guests allocate soemthing like that say 1 GB. hm, thats more than 3GB. wont work on 32 bit ? 1178809125 M * derjohn *let's say 1GB. 1178809140 P * Darkglow Konversation terminated! 1178809152 M * derjohn Or would that be an unusual behavior for guests? 1178809191 J * soltesz ~soltesz@aegis.CS.Princeton.EDU 1178809319 M * derjohn I just rescanned the last lines: the "4GB is pointless" will be true for RSS, not AS ? 1178809351 J * lilalinux_ ~plasma@dslb-084-058-215-235.pools.arcor-ip.net 1178809748 M * Bertl derjohn: 4GB for AS per process is pointless 1178809756 M * Bertl (on a 32bit system) 1178809787 Q * lilalinux Ping timeout: 480 seconds 1178809792 M * derjohn AS _per process_ ? The vserver AS limits are per guest or per process ? 1178809821 M * Bertl the limit is per guest, but for each process it's a new game 1178809887 M * derjohn ok, means: I can set the limit as a global config per guest, but on runtime it is used _per process_ ? 1178809891 M * Bertl derjohn: you should read up on memory management and overcommitment (VM/RSS) 1178809919 M * derjohn Bertl, ok. 1178809933 M * Bertl the thing is, linux is mostly based on the assumption that no process will use all the memory it allocates 1178809952 M * derjohn Bertl, yes, overcommitment, true. 1178809970 M * Bertl so you basically have to either live that or turn it off 1178809996 M * Bertl if you turn it off, everything becomes really simple (from the accounting/limit PoV) 1178810017 M * Bertl the sum of all AS limits should be smaller than the total RAM+SWAP 1178810030 M * derjohn in the vsever case I usually dont want a single guest eat up all RAM in situation where other guests want RAM, too. 1178810049 M * Bertl now you are talking about RAM not memory 1178810066 M * Bertl RAM is addressed with the RSS limits 1178810072 M * derjohn well, I wrote that in the tutorial/FAQ SUM(AS) < RAM+SWAP 1178810132 M * derjohn But if you have a hist with 1 GB and 1 GB swap ... you have to set a pretty low number for AS (which leads very quickly to cannot alloacte situations) 1178810138 Q * FireEgl Ping timeout: 480 seconds 1178810138 M * derjohn *host 1178810223 M * derjohn at least on my machines ( 10 guests per host, RAM+SWAP=2GB ) that would be 200MB AS per guest ? 1178810299 M * Bertl yep, if you turn off overcommitment, that is what you will need 1178810322 M * Bertl alternatively, you could add 200GB of swap space 1178810327 M * derjohn ahh, you mean thats waht I had to do without overcommitment. 1178810351 M * Bertl with overcommitment, you are basically handing out memory which doesn't exist 1178810358 M * derjohn well, from my experience: If a host really uses a full GB of swap it gets really slow. 1178810359 M * Bertl neither as RAM nor as SWAP 1178810372 M * derjohn yes, understood. 1178810379 M * derjohn now, when comes RSS into play ? 1178810395 M * Bertl whenever a virtual memory address needs to be accessed 1178810402 M * derjohn I.e. when will the kernel but something into the RSS "Range "? 1178810414 M * Bertl then the coresponding page has to be manifested in RAM 1178810440 M * Bertl so either a new page is allocated, or some file is mapped into it 1178810470 M * Bertl so the RSS is the number of pages present in RAM 1178810487 M * mstrobert Good morning, virtual gentlemen. 1178810517 M * derjohn how does that correspond to swap? RSS + SWAP is still < AS ,right ? How is the gap between woth called? 1178810519 M * derjohn *both 1178810537 M * derjohn weclome mstrobert! 1178810556 M * DavidS good morning, mstrobert. (although i'd like to note that we are _actual_ gentle men (except for the women amongst us who are actually ladies ;) ;) ;) 1178810812 J * daniel_hozac ~daniel@c-2f1472d5.08-230-73746f22.cust.bredbandsbolaget.se 1178810826 M * derjohn welcome daniel_hozac :) ! 1178810851 M * daniel_hozac hey. 1178810876 M * mstrobert and good morning daniel_hozac 1178810970 M * Bertl derjohn: no (sorry for the delays ... I'm cooking dinner :) 1178811080 M * Bertl derjohn: with overcommitment, you have: RAM, SWAP and VOID 1178811098 M * Bertl and RAM+SWAP+VOID = Sum of AS 1178811369 J * stefani ~stefani@tsipoor.banerian.org 1178812331 M * Bertl welcome stefani! 1178812346 M * stefani hola . 1178813284 Q * zLinux Ping timeout: 480 seconds 1178813606 M * mstrobert My goal today is to get a Fedora vserver installed on my Debian host. 1178813765 J * yoh_ ~yoh@ravana.rutgers.edu 1178813810 M * yoh_ Hi VSERVER People! Thanks once again for the product... 1178813896 M * daniel_hozac mstrobert: what's the problem with that? 1178814031 M * sid3windr I managed it once :) 1178814037 M * mstrobert daniel_hozac: well, right now I'm trying to overcome the error: "Cannot find a valid baseurl for repo: core" 1178814091 M * mstrobert sid3windr: that's encouraging :D 1178814104 M * daniel_hozac and you're trying to install FC6? 1178814110 M * yoh_ I have a slight problem: I have vserver running apache (port 80) and after a while intensive IO (lots of connections or just relatively large transfers) requests to the server stall... Restart of the vserver helps. That happens on Debian GNU/Linux running either on ia64 (2.6.16 with 2.0.1-4 patch) or i386 (2.6.18-4-vserver-686 Debian stock kernel).... I just wonder how can I help to troubleshoot it since currently one of the system in such 'degraded' mode 1178814145 M * mstrobert daniel_hozac: yes, FC6 guest on Debian Etch host. 1178814161 M * daniel_hozac yoh_: ia64? 1178814170 M * daniel_hozac yoh_: and why such an ancient kernel? 1178814172 M * sid3windr mine was fc4 on sarge though 1178814198 M * mstrobert daniel_hozac: Actually, in this particular instance, it's FC6-32bit on Debian Etch 64-bit host, but I can try a 64-bit FC6 if that's significant. (I was able to successfully install Debian Etch 32-bin on my 64-bit host, tho.) 1178814235 M * daniel_hozac how are you specifying it to be a 32-bit guest? 1178814236 M * yoh_ daniel_hozac, ia64... it is a nice box ;-) and we got it for free ;-) kernel will be updated shortly -- problem persists on i686 with newer kernel though... 1178814275 M * daniel_hozac i thought itanium was dead. 1178814283 M * yoh_ interesting part is that if I run tcpdump on the server while client fetches data -- it doesn't stall, but client (apt-get) coomplains that the tarball it got is broken 1178814313 M * yoh_ daniel_hozac, that is why server is named 'itanic' ;-) 1178814335 M * mstrobert daniel_hozac: Hmm. I guess I'm not specifying arch here. Previously I used --arch i386 to get Etch in install as 32-bit (with newvserver). 1178814392 M * Bertl mstrobert: well, you do the same now with vserver :) 1178814400 M * daniel_hozac but not with yum. 1178814449 M * mstrobert Bertl: I can't seem to. /usr/sbin/vserver: unrecognized option `--arch' 1178814472 M * Bertl at the end of the command, add -- --arch i386 1178814473 M * daniel_hozac you're missing the final -- before. 1178814498 M * Bertl the vserver command is more structured than the newvserver script 1178814499 J * zLinux ~zLinux@88.213.63.82 1178814502 J * jmcaricand ~kvirc@d83-179-235-253.cust.tele2.fr 1178814510 M * Bertl wb zLinux! jmcaricand! 1178814525 M * jmcaricand thank 1178814618 M * mstrobert ... -- --arch i386 -d fc6 results in: /usr/lib/util-vserver/vserver-build: unrecognized option `--arch' 1178814640 J * bonbons ~bonbons@ppp-110-20.adsl.restena.lu 1178814656 M * Bertl mstrobert: did I say at the beginning? I meant at the end of course :) 1178814696 M * mstrobert Bertl: wow. Is this documented anywhere? 1178814715 M * Bertl yes, the command itself has the docu 1178814721 M * daniel_hozac vserver ... build --help 1178814724 M * Bertl check vserver - build --help 1178814822 M * mstrobert okay.. kind of. 1178814850 M * yoh_ any idea what I could look after to figure out why connection stalls? I just wander what parts of network stack vserver touched... and may be it is not vserver's fault but rather a bug in the kernel... 1178814898 M * Bertl yoh_: basically Linux-VServer does not change the network stack at all 1178814902 M * zLinux Bertl, thx 1178814922 M * Bertl yoh_: it just limits certain checks to a network context and/or re-mapps certain ips 1178814944 M * Bertl yoh_: which connection are you referring to and how does it stall? 1178815079 J * opuk_ ~kupo@c213-100-138-228.swipnet.se 1178815107 Q * opuk Ping timeout: 480 seconds 1178815145 M * yoh_ I am talking about HTTP (so I guess TCP/IP) -- client just sits waiting for data to arrive -- I didn't look at the packet dump since I am not sure what to look for... 1178815196 M * mstrobert On Debian Etch64, "yum info" reports a bunch of info, so I assume I must have set up my yum.conf semi-okay. But "vserver .. build -m yum .. -- -d fc6 -- --arch i386" reports: Cannot find a valid baseurl for repo: core. Am I lacking something in my yum.conf? 1178815231 M * Bertl yoh_: sounds like packet loss to me (first impression) but what kernel/patch do you use? 1178815245 M * daniel_hozac mstrobert: you realize /etc/yum* aren't used at all by vserver ... build? 1178815256 N * opuk_ opuk 1178815259 M * mstrobert daniel_hozac: I do now. What should I use instead? 1178815286 M * daniel_hozac util-vserver comes with everything you should need. 1178815340 M * daniel_hozac if you have a recent yum version, you should be able to get some more info. 1178815344 Q * chand Quit: chand 1178815348 M * yoh_ Bertl, seems to me too... Debian GNU/Linux running either on ia64 (2.6.16 with 2.0.1-4 patch) or i386 (2.6.18-4-vserver-686 Debian stock kernel) -- I am yet to discover which patch version for 2.6.18 1178815367 M * daniel_hozac 2.0.2.2-rc9 1178815404 M * Bertl I would update to 2.6.19/20 and vs2.2.0 1178815408 M * yoh_ 2.0.2.2-rc9. 1178815415 M * yoh_ daniel_hozac, you were faster ;-) 1178815476 M * yoh_ Bertl, ok - will do that on i386... and will try to accomplish that on ia64 for which I don't see any vserver kernel... I guess vserver doesn't support ia64 past 2.6.16? 1178815518 M * daniel_hozac vserver supports pretty much every architecture the kernel supports. 1178815693 M * Bertl yoh_: how did you arrive at that conclusion? 1178815706 M * daniel_hozac Debian, i guess... 1178815781 M * yoh_ Debian... and I just wonder why I didn't apply patch manually past 2.6.16 ;-) can't recall now... 1178815801 M * yoh_ daniel_hozac, ok then - will do manual patching and see if that helps... 1178815804 M * yoh_ Thank you guys 1178815813 M * Bertl yoh_: you're welcome! 1178815910 M * yoh_ that is sad that Debian has only 2.0.2.2-rc9 even on 2.6.20 kernel... 1178815946 M * Bertl yoh_: well, best complain to the debian folks about that 1178815968 M * daniel_hozac i really doubt they have 2.0.2.2-rc9 on 2.6.20. 1178815981 M * daniel_hozac it doesn't apply. 1178816110 M * yoh_ changelog.Debian latest vserver mentioned is 2.0.2.2-rc9... they might have forgotten to update the entry ;-) 1178816111 A * Bertl wonders if that would be a good reason :) 1178816150 M * Bertl daniel_hozac: well, it might not apply, but it is a known good version *G* :) 1178816180 M * daniel_hozac hehe 1178816225 M * yoh_ now even restart of vserver doesn't help -- weirdo... definetly need to upgrade 1178817024 M * yoh_ indeed -- source of the kernel package carries vs2.2.0.patch ;-) no manual packaging is necessary for i386 -- yeay! ;-) 1178817110 Q * lilalinux_ Remote host closed the connection 1178817311 Q * ema Quit: leaving 1178818938 M * yoh_ I guess I should file a bug against debian kernel package of vserver since in 2.2.0 you deprecated dynamic vcontext and nothing warned me while installing that package and after reboot none server started up automatically... had to google it up 1178819185 M * Bertl well, it is deprecated since vs2.0 or so :) at least for a year now :) 1178819252 M * yoh_ interesting... is there a way to discover what patch version was used for current kernel -- I just want to make sure that I have 2.2 1178819326 M * Bertl you can ask the debian folks for that, no idea what patch was used for what release 1178819352 M * Bertl waldi probably has the details ... 1178819610 M * yoh_ as I said -- I found 2.2 patch in the source of it... I thought there is versioning available at runtime... but ok 1178819637 M * Bertl well, on mainline there is, it is coded in the kernel version 1178819657 M * Bertl but that version is removed by debian folks, and replaced with _their_ version 1178819697 M * Bertl okay, off for now .. probably back later ... 1178819703 N * Bertl Bertl_oO 1178820054 M * yoh_ Bertl_oO, thanks! and good luck! 1178820072 M * yoh_ me taking off too -- thanks everyone 1178820076 Q * yoh_ Quit: Leaving 1178820383 M * micah i'm having a networking problem on a vserver, and I'm stumped 1178820431 M * micah two interfaces, interface 0 has the ip of the host configured, with nodev. interface 1 has 10.0.1.41 configured on eth1 1178820458 M * micah with prefix 32 1178820469 M * micah on the host, i can ping 10.0.1.1 fine, but not within the vserver 1178820580 M * nebuchadnezzar daniel_hozac: the problem with my GCC seems to come from my kernel, a debian on (without vserver) seems ok 1178820633 M * nebuchadnezzar I'll build two kernel, one with and one without vserver patch to see if it comes from there 1178820868 J * phedny_ ~mark@ip56538143.direct-adsl.nl 1178821120 M * daniel_hozac okay. 1178821153 M * daniel_hozac micah: ping -I 10.0.1.41 10.0.1.1 works? 1178821269 Q * phedny Ping timeout: 480 seconds 1178821385 M * micah daniel_hozac: I just fixed it... although I dont really understand why. What I did was add a 3rd interface with ip=127.0.0.1 and nodev. I also removed the 'prefix' files from interface 0 and 1 and restarted it 1178821588 M * daniel_hozac that's... odd. 1178821673 M * micah indeed it is, there isn't anything particularly interesting about the host networking config either 1178821710 M * micah one public interface on /24, and a private interface on /16 1178821756 M * micah i'll see if i can isolate it later, when I can afford that vserver down :d 1178822251 J * phedny ~mark@ip56538143.direct-adsl.nl 1178822653 Q * phedny_ Ping timeout: 480 seconds 1178823701 Q * dna Quit: Verlassend 1178824150 J * dna ~naucki@239-238-dsl.kielnet.net 1178824756 J * comfrey ~comfrey@adsl-065-013-221-124.sip.rdu.bellsouth.net 1178825300 M * mstrobert My vserver build can now successfully make yum see the FC6 repository. But when it tries to download the public Fedora GPG key, it gets a Connection refused. I believe the solution is for it to use the proxy, but I can't see where to specify that. How to I get the vserver build to use my proxy? 1178825365 M * mstrobert I specified the proxy in /usr/lib/util-vserver/distributions/fc6/yum/yum.conf, and yum seems fine with it. I suppose it must be trying to download the GPG key via another method (such as wget). 1178826025 M * PowerKe mstrobert: did you try setting the environment variable http_proxy (and ftp_proxy if you also use wget for ftp)? 1178826341 J * ema ~ema@rtfm.galliera.it 1178826955 M * mstrobert PowerKe: Thank you :-D. I wouldn't think that would propagate, but I'm glad it does. 1178828276 Q * meandtheshell Quit: Leaving. 1178828490 J * marcfiu ~mef@aegis.CS.Princeton.EDU 1178829748 J * FaUl immo@shell.chaostreff-dortmund.de 1178829799 M * nebuchadnezzar back agin 1178829826 M * nebuchadnezzar I'have a strange error when I try to unbzip2 a quit huge bzip2 file 1178829838 M * nebuchadnezzar like the patch-2.6.21.bz2 1178829845 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1178829855 M * nebuchadnezzar I got "patch: **** write error : No space left on device" 1178829885 M * daniel_hozac means what it says, i guess? 1178829922 M * nebuchadnezzar no 1178829931 M * nebuchadnezzar there is full space on the device 1178829938 M * nebuchadnezzar the problem appear in a guest 1178829955 M * FaUl quota-problem? 1178829967 M * nebuchadnezzar and in fact, it's not a bzip2 problem 1178829972 J * duckx ~Duck@tox.dyndns.org 1178829973 M * nebuchadnezzar it's a problem with the patch 1178829976 M * daniel_hozac tried removing the /tmp mount? 1178829983 M * nebuchadnezzar no 1178829987 M * nebuchadnezzar ok 1178830059 Q * bonbons Quit: Leaving 1178830074 M * nebuchadnezzar well, how can I unmount it ? 1178830114 M * daniel_hozac vnamespace -e umount /vservers//tmp 1178830120 M * nebuchadnezzar ok 1178830205 M * nebuchadnezzar that was the problem 1178830295 M * nebuchadnezzar I'll increase the size of the tmpfs 1178831256 M * nebuchadnezzar daniel_hozac: seems that my problem comes from the kernel 1178831273 M * nebuchadnezzar (about gcc hoging the CPU) 1178831286 M * nebuchadnezzar with a 2.6.20.11-vs2.3.0.12 it's fine 1178831382 M * daniel_hozac where wasn't it fine? 1178831471 M * nebuchadnezzar with a 2.6.20.4-vs2.3.0.12 1178831503 M * nebuchadnezzar on sparc64 1178831507 M * daniel_hozac ah, okay. 1178831519 M * nebuchadnezzar not sure to want to know why ;-) 1178831529 M * daniel_hozac guess whatever the problem was has been fixed in mainline. 1178831545 M * nebuchadnezzar yes 1178831549 M * nebuchadnezzar not vserver related 1178831563 M * nebuchadnezzar since the problem arise even on the host 1178831591 M * daniel_hozac right. 1178833042 J * nebuchad` ~nebu@zion.asgardr.info 1178833373 Q * nebuchadnezzar Ping timeout: 480 seconds 1178833505 Q * duckx Remote host closed the connection 1178833780 M * soltesz hello. I see that vserver supports private guest IP addresses. Does it support guest IP addresses that are on the same subnet as the host? 1178833903 M * derjohn soltesz, sure ! 1178833919 M * derjohn soltesz, you could specify what you think thats not possible? 1178834056 M * soltesz derjohn, I guess I'm fuzzy on local network configuration like this. Would there need to be any special iptable rules. My host gets its IP from DHCP. and, my understanding is that the guest would need a hard-coded IP, right? 1178834105 M * soltesz so, it's not that I think it's not possible; I'm concerned that there are details that I am missing. 1178834140 M * derjohn soltesz, well, a hard-coded ip is the default way. I remember the ppl of openQRM solving the DHCP per guest issue with DHCP Client IDs 1178834228 M * derjohn But you can set an hard IP for the guest, while the host gets a dynamic IP from DHCP ... 1178834239 P * stefani I'm Parting (the water) 1178834293 M * soltesz derjohn, I like the DHCP using client-ids idea. 1178834355 M * soltesz maybe my confusion is just how network aliases work in general, which makes this not a vserver-specific question. Is it the case that vserver networking is leveraging native-linux network aliasing plus all the additional isolation provided by vserver? 1178834419 M * derjohn if you trust all your clients I bet you can give them CAP_NET_RAW capabilty (check wiki fot that) and run a dhcp client within the guest. But each guest need an own client ID, because DHCP would give all guests the same IP, as they have the same NIC and thus the same MAC Address. 1178834954 J * awk ~bongo@vc-196-207-45-253.3g.vodacom.co.za 1178834958 M * awk daniel_hozac: there? 1178834959 M * awk :) 1178834996 M * awk that ubuntu migration worked 1178835001 M * awk now using debian etch 1178835012 M * awk took some time but finally got all the packages migrated :) 1178835018 M * awk im pretty chuffed! 1178835044 M * mstrobert awk: wow. congratulations :) 1178835087 M * awk ye thank gawd! now I can at least have kernel-vserver through apt and have them keep my kernel up to date :) 1178835110 M * mstrobert awk: oh no, does ubuntu not do that? 1178835163 M * mstrobert hm, I don't see such an ubuntu package. :-( 1178835219 M * soltesz derjohn, thank you for your ideas. this has helped. 1178835220 M * derjohn no, Ubuntu didnt provide our kernel patches. 1178835233 M * derjohn soltesz, fine :) 1178835255 Q * ema Quit: leaving 1178835273 M * derjohn mstrobert, I did even mail ben and mark, but for them it seemed no option ... they went fo Xen only. 1178835279 M * derjohn (AFAIK) 1178835338 M * derjohn soltesz, did you need that Capa and the client ID ? 1178835368 Q * dna Quit: Verlassend 1178835468 M * soltesz derjohn, I won't be able to test right away, but the client id sounds more flexible than what I was thinking before. 1178835517 M * awk im still quite impressed 1178835523 J * mugwump ~samv@watts.utsl.gen.nz 1178835526 M * awk debian guys said you cant migrate an ubuntu machine to debian 1178835531 M * awk took alot of swet but it worked! 1178835537 M * awk linux-image-2.6.18-4-vserver-686 1178835543 M * awk is this the latest patch for debian 1178835572 M * awk linux-image-vserver-686 or linux-image-2.6-vserver-686 1178835574 M * awk thats strange 1178835584 M * awk i wonder what version linux-image-vserver-686 is 1178835865 M * doener vserver-686 depends on 2.6-vserver-686 which depends on 2.6.18-4-vserver-686 1178835875 M * marcfiu derjohn: does openQRM support vserver? 1178835917 M * awk doener: well thank goodness i just took a look at /proc/cpuinfo and realised this was an amd 1178835929 M * awk and decided to use the k7 kernel 1178835935 M * doener the first one always depends on the latest kernel, the second one on the latest 2.6 kernel 1178835955 M * awk I see 1178836335 M * derjohn marcfiu, i should, at least matt from openQRM told us so. the asked about the dhcp stuff. there is even a press release on the openqrm site IIRC. 1178836437 Q * awk Ping timeout: 480 seconds 1178836871 M * mstrobert vserver build is not honoring my --arch specification. It still wants to use 64-bit despite my command: vserver fedora-zod-32-sandbox7 build -m yum --hostname=fedora-zod-32-sandbox7 --interface dummy1=eth0:10.0.0.9/8 --rootdir /var/lib/vservers -- -d fc6 -- --arch i386 1178837013 M * derjohn mstrobert, try export $ARCH=i386 1178837121 M * mnemoc without the $ :) 1178837236 M * derjohn ehh mnemoc , yes bash :) 1178837260 M * derjohn does anyone know whats the status with multiple 127.0.0.1 ... one per guest ? 1178837492 M * mugwump network namespaces is the chic new term for that, derjohn 1178837544 M * Bertl_oO not exactly ... 1178837555 M * derjohn mugwump, ah, so whats the staus of the chic feature? 1178837558 M * derjohn *status 1178837565 Q * comfrey Ping timeout: 480 seconds 1178837576 M * Bertl_oO network namespaces will give you layer 2 virtualization including the overhead 1178837604 M * derjohn will -> future ? 1178837605 M * Bertl_oO layer 3 isolation has separate loopback ips in 2.3.x too (without the overhead) 1178837615 M * mugwump ooo 1178837623 M * mugwump how'd you manage that? 1178837661 M * Bertl_oO simple, by assigning a separate ip (127.x.y.1) to each guest and remapping 1178837691 M * mugwump wicked 1178837697 M * mugwump does it work well? 1178837708 M * Bertl_oO well, it seems to work :) 1178837796 P * marcfiu 1178838134 Q * bzed Quit: Leaving 1178838598 M * derjohn thats a devel feature ? 1178838660 M * derjohn and: does devel support network namespace? does that include own routing table per guest ? 1178838849 M * derjohn Bertl_oO, if i assign 127.0.0.x | x > 1 to lo within a guest .. then a guest would remap 127.0.0.1 to that IP even in stable. What the advantage in devel ? is the "pseudo loopback ip" invisible to the guest, i.e. some masking ? 1178838972 M * Bertl_oO first, yes, it is a devel feature 1178839011 M * Bertl_oO second, no, network namespaces are developed for mainline, but there are test integrations with Linux-VServer and once it _is_ in mainline, it will be supported on a per guest basis 1178839055 M * Bertl_oO finally, the remapping is done between 127.x.y.1 and 127.0.0.1, which _looks_ like 127.0.0.1 inside each guest, while it actually is 127.x.y.1 :) 1178839214 M * derjohn so, the ips are visible on the host, but the guest gets a illusion of 127.0.0.1 ? That would solve some trouble in guest config. How to you isolate two guest from each other when accessing 127.x.y.1 ? 1178839236 M * mstrobert derjohn: thank you, I think ARCH is working :D 1178839247 M * mugwump derjohn, they're different addresses, so already isolated 1178839273 M * Bertl_oO derjohn: yes, the host sees 127.x.y.1, the guest 127.0.0.1, the isolation, as mugwump just stated, is already there :) 1178839281 M * mugwump you'd need to use iptables as normal to stop them talking to each other I'm guessing 1178839295 M * mugwump eg, to stop one guest connecting to 127.x.x.1 1178839303 M * derjohn mugwump, nah, I mean guest a binds on 127.0.0.1 and thinks its isolated from all the rest. but guest b can access it via lo. 1178839355 M * derjohn Bertl_oO, mugwump : so use iptables to block that? Or is there a "perfect lo privacy" in VS (planned) ? 1178839373 M * derjohn mstrobert, dont forget to unset ARCH :) 1178839397 M * derjohn mstrobert, or your host might complile 32 bit stuff in that shell from now on. 1178839413 M * mugwump I'm guessing you'd need an iptables rule for each guest, unless the IP remapping happens in iptables 1178839535 J * toidinamai__ ~frank@i59F7465C.versanet.de 1178839544 M * derjohn mugwump, sure, that works, but complicates the setup somewhat. I bet a large part of the userbase would not like the access. but if its time, maybe i'll ask the userland ppl (daniel ;)) to create an "auto-iptables-lo-block" when starting a guest ;) 1178839571 M * derjohn *the access between guests over lo. 1178839644 M * mstrobert derjohn: Oh. Thank you! 1178839733 M * Bertl_oO derjohn: I guess, if that doesn't already exist, we could simply add a match rule for source != dst (in range 127.x.y.z :) 1178839809 M * mugwump yeah. I guess *never* allowing traffic from one remapped 127.1 to another is almost part of the definition of its intended behaviour 1178839816 M * mugwump speaking of remapping 1178839840 M * mugwump what about binding to 0.0.0.0 in vservers with multiple ips 1178839875 M * Bertl_oO works fine .. why? 1178839876 M * mugwump right now that always returns EADDRINUSE 1178839893 M * Bertl_oO not really 1178839905 M * mugwump er, where "right now" ~~ vs2.0.2-rc14 1178839906 M * Bertl_oO only if you have overlapping ips 1178839920 M * mugwump overlapping? 1178839923 M * mugwump you mean, between guests? 1178839941 M * Bertl_oO between guests or between guest and host (bindings) 1178839957 M * mugwump was that added in 2.2? 1178839967 Q * toidinamai_ Ping timeout: 480 seconds 1178839967 M * Bertl_oO no, was added in 1.0 :) 1178839985 M * mugwump how does that work? 1178840016 M * Bertl_oO what do you mean? 1178840020 M * mugwump it just wasn't the behaviour I was seeing. I set up a vserver with multiple ips and binding to a port that should have been free with netcat gave me that error 1178840031 M * mugwump also, I thought that each socket could only have one associated address 1178840038 M * mugwump (on each end) 1178840048 M * Bertl_oO no, sockets can be bound to IP_ADDR_ANY 1178840066 M * Bertl_oO and this is mapped to the ip subset assigned to the guest 1178840094 M * mstrobert Today was a successful day. On Debian Etch 64 I got vservers of both Fedora Zod 32 and Fedora Zod 64 installed. Yay! Have a good evening, gentlemen. 1178840189 M * Bertl_oO daniel_hozac: just had one of those rare revelations ... i.e. I found something I think I have to look into (http://ipset.netfilter.org/) 1178840232 M * mugwump so, internally, the socket has the 0 there, but there is another check later when the incoming connection is accepted that checks the per-vserver ip address list? 1178840555 M * Bertl_oO something like that ..