1179446568 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1179447945 J * nou Chaton@causse.larzac.fr.eu.org 1179449392 Q * gerrit Ping timeout: 480 seconds 1179449474 P * click [IRSSI] 1179450092 J * click click@ti511110a080-0476.bb.online.no 1179452056 Q * bzed Quit: Leaving 1179455438 J * edeschen ~edeschen@proxy-sjc-1.cisco.com 1179455683 N * ensc Guest61 1179455693 J * ensc ~irc-ensc@p54B4FC49.dip.t-dialin.net 1179455803 Q * Guest61 Ping timeout: 480 seconds 1179463716 N * Bertl_zZ Bertl_oO 1179467224 P * click [IRSSI] 1179468003 Q * edeschen Remote host closed the connection 1179468013 J * edeschen ~edeschen@proxy-sjc-1.cisco.com 1179469722 Q * Guy- Ping timeout: 480 seconds 1179471365 J * dna ~naucki@204-243-dsl.kielnet.net 1179474878 Q * virtuoso Ping timeout: 480 seconds 1179476519 J * Guy- YmmNILFKqs@chardonnay.math.bme.hu 1179477871 M * Guy- hi 1179477898 M * Guy- is there a common reason for some/many vserver interface aliases to just go down, apparently without reason? 1179477916 M * Guy- like a default cronjob or anything? 1179478087 M * waldi hae? 1179478125 M * Guy- yes, that's approximately the same sound I made when I noticed :) 1179478161 M * Guy- I have a number of interface aliases like this one: 1179478161 M * Guy- eth0:plon Link encap:Ethernet HWaddr 00:1A:92:15:5F:27 inet addr:172.18.16.3 Bcast:172.18.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:22 Base address:0x4000 1179478174 M * Guy- and by this morning, all but two were gone 1179478193 M * Guy- (and the associated vservers couldn't reach the network, obviously) 1179478664 J * wibble ~wibble@office.noc.uksolutions.net 1179478843 M * waldi aliases are deprecated, don't even think about using it 1179478960 M * Guy- OK, so I just delete 'name' from interfaces/0? 1179479026 M * wibble i've just upgraded to util-vserver-0.30.213 and now the 'root server' has now disappeared from vserver-stat 1179479124 M * wibble does anyone have a debian package for util-vserver-0.30.213 ? 1179479135 M * Guy- waldi: so "inet 172.18.16.2/16 brd 172.18.255.255 scope global secondary eth0" instead of "inet 172.18.16.2/16 brd 172.18.255.255 scope global secondary eth0:domino" is a huge difference? 1179480707 J * bzed ~bzed@dslb-084-059-107-234.pools.arcor-ip.net 1179482929 J * KBrown ~sandino@200.53.86.95 1179483178 Q * KBrown 1179483326 M * mjt heh. another "to be or not to be" discussion for network "aliases" :) 1179484868 M * Guy- it's not a discussion, I was just asking :) 1179485092 M * Guy- I was thinking aliases might make it easier to write firewall rules 1179486207 Q * Aiken Quit: Leaving 1179486877 Q * FireEgl Ping timeout: 480 seconds 1179487150 J * virtuoso ~s0t0na@80.253.205.251 1179487165 J * lilalinux ~plasma@dslb-084-058-203-184.pools.arcor-ip.net 1179487938 J * ldng ~ldng@84.77.98.59 1179487943 M * mjt Guy-: re firewall rules: the rules are talking about *interfaces*. 1179487993 M * mjt a common misconception -- "i give this IP an alias, and will use that alias in firewall rules" - it wont work 1179488488 M * Guy- no, that won't 1179488513 M * Guy- but I have a get_ip_of_interface() style shell function I use in firewall scripts 1179488538 M * Guy- so instead of that I'll have to write a get_ip_of_vserver() (which isn't hard as long as they only have one each) 1179488692 J * oliwel ~chatzilla@ppp-82-135-73-234.dynamic.mnet-online.de 1179488713 M * oliwel Hi Folks 1179488731 M * oliwel anybody in ? 1179488830 M * oliwel I am wondering if the mailinglist is working -there is nearly no traffic 1179488860 M * daniel_hozac are you expecting traffic? 1179488965 J * the_hydra ~a_mulyadi@125.164.98.16 1179488969 M * the_hydra hi all 1179488993 M * daniel_hozac hello 1179489217 M * oliwel Hi daniel_hozac 1179489240 M * meandtheshell oliwel: it's working - there have been at least 2 posts since now for today 1179489245 M * oliwel at least I have posted a question and did not receive any answers and usually there are at leat some messages on the list each day 1179489246 M * daniel_hozac Guy-: were they all secondaries, and did the primary vanish somehow? 1179489283 M * oliwel meandtheshell: yes I saw these - but overall its very low traffic - guess some people are on holiday 1179489289 M * Guy- daniel_hozac: I have "inet 172.18.16.7/16 brd 172.18.255.255 scope global eth0:havocnotes", but I don't know whether this was the primary to begin with (it's certainly the one I activated latest) 1179489319 M * oliwel perhaps someone has an idea on my problem - I have a guest with multiple IP adresses and get "NETLNIK. invalid numeric result" on the last one 1179489320 M * daniel_hozac are they all on the same network? 1179489329 M * meandtheshell oliwel: well, if find there's not enough to read try lkml :) 1179489368 M * oliwel meandtheshell: rotfl ;) 1179489398 M * oliwel if i am bored i just have to open my Spam folder - plenty of interesting news there.... 1179489418 M * daniel_hozac Guy-: you might want to try enabling the promotion of secondaries with echo 1 > /proc/sys/net/ipv4/conf/all/promote_secondaries 1179489443 M * daniel_hozac oliwel: or people just aren't having problems. 1179489474 M * Guy- daniel_hozac: thanks 1179489535 M * oliwel daniel_hozac: so I have one ;) 1179489578 M * oliwel any ideas on this ß 1179489846 Q * mjt Remote host closed the connection 1179490337 M * daniel_hozac oliwel: and, what's the address? 1179490390 Q * hardwire Ping timeout: 480 seconds 1179490606 M * oliwel daniel_hozac: eh what exactly do you mean 1179490626 M * oliwel the szenario is as follows: 6 ips for the guest where 4 on the same devices (vlan3) 1179490643 M * oliwel the frist three work, the forth creates the error 1179490653 M * oliwel config worked before the update.... 1179490657 M * daniel_hozac what does tail /etc/vservers//interfaces//* show? 1179490666 M * daniel_hozac before what update? 1179490679 M * oliwel I updated kernel and utils 1179490685 M * oliwel 2.615 > 2.6.20 1179490691 M * oliwel 0.30.210 > .212 1179490706 M * oliwel config in interfaces is fine 1179491078 M * daniel_hozac well, without knowing what fails, i can only guess. 1179491100 M * oliwel wait - I will post the output of a startup cyclew 1179491223 M * oliwel http://paste.linux-vserver.org/1939 1179491268 M * oliwel if I swap the order of the interfaces everytime the last one fails - so it seems not to be a matter of the config 1179491346 M * daniel_hozac that looks more like it's generated by your own scritps. 1179491360 M * oliwel hm 1179491378 M * daniel_hozac (note that --debug would tell you that for sure...) 1179491390 M * oliwel I guess you are right.... 1179491413 M * oliwel there is an ARP script 1179491427 M * oliwel I will investigate that further 1179491530 Q * the_hydra Quit: gotta go 1179491703 M * oliwel daniel_hozac: can you tell me how the "nodev" flag works ? 1179491710 M * oliwel i cant fid any good hints in this 1179491734 M * Guy- oliwel: you mean the nodev mount option? 1179491736 M * daniel_hozac from the flower page: 1179491736 M * daniel_hozac # nodev 1179491736 M * daniel_hozac When this file exists, the interface will be assumed to exist already. This can be used to assign primary interfaces which are created by the host or another vserver. 1179491740 M * Guy- ah 1179491744 M * oliwel ahh ok 1179491763 M * oliwel so i just have to touch an empty file named "nodev" in the interface directory ? 1179491775 M * oliwel and keept the rest of the config 1179491778 M * Guy- daniel_hozac: would it be possible to run openvpn in a vserver this way? pre-create the tap device? 1179491799 M * daniel_hozac yes. 1179491808 M * daniel_hozac oliwel: sure. 1179491820 M * oliwel daniel_hozac: does vserver assign the IP ? 1179491829 M * oliwel daniel_hozac: or must I do this on my own 1179491847 M * daniel_hozac the utils don't touch it. 1179491852 M * daniel_hozac that's what nodev means. 1179491870 M * oliwel ok so I must assign the ip bevor running the vserver 1179491889 M * oliwel and the config just enables routng of the ip into the vservers namespace 1179491907 M * oliwel I guess I got it then.... 1179492718 J * mjt ~mjt@nat.corpit.ru 1179492744 Q * shedi Quit: Leaving 1179492815 J * BenG ~ben@195.10.248.18 1179492894 M * BenG hi all 1179492895 Q * oliwel Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.3/2007030916] 1179492910 M * BenG having trouble today with using LTSP from inside a vserver 1179492922 M * BenG trouble is with local devices not mounting 1179492944 M * BenG result of $/usr/sbin/lbus_event_handler.sh add block /tmp 1024 Temp 1179492944 M * BenG fusermount: mount failed: Operation not permitted 1179493102 M * BenG I have changed some capabilities in the server, adding some stuff to the guests bcapabilties and ccapabilities 1179493117 J * ema ~ema@rtfm.galliera.it 1179493142 M * BenG but not sure they are appropriate, can anyone help? 1179493298 J * Punkie ~punkie@235-105-207-85.bluetone.cz 1179493716 M * Punkie Hallo, please, what am I doing wrong? 1179493716 M * Punkie root@ x :/var/log# mount 1179493716 M * Punkie ... 1179493716 M * Punkie /dev/md3 on /b type ext3 (rw) 1179493716 M * Punkie root@ x :/etc/vservers/vphp1/scripts# cat pre-start 1179493721 M * Punkie #! /bin/bash 1179493723 M * Punkie mount --bind /b/vservers-data/www /a/vservers/vphp1/var/www/ 1179493725 M * Punkie root@ x :/etc/vservers/vphp1/scripts# vserver vphp1 start 1179493727 M * Punkie mount: special device /b/vservers-data/www does not exist 1179493729 M * Punkie Failed to start vserver 'vphp1' 1179493731 M * Punkie root@ x :/etc/vservers/vphp1/scripts# mount --bind /b/vservers-data/www /a/vservers/vphp1/var/www/ 1179493733 M * Punkie root@ nagato :/etc/vservers/vphp1/scripts# mount 1179493735 M * Punkie ... 1179493737 M * Punkie /dev/md3 on /b type ext3 (rw) 1179493739 M * Punkie Directories on /b exist of course. 1179493741 M * Punkie If I mount vservers-data/www from other partition that md3 in pre-start script, it works. 1179493981 M * mjt how about adding `ls -l /b/vservers-data/www /a/vservers/vphp1/var/www/' into that pre-start script? 1179494029 M * mjt i *think* (but unsure) that pre-start executes in a cleaned up namespace 1179494051 M * mjt that is, where all the 'unneeded' filesystems are already umounted 1179494066 M * Punkie I'll try it 1179494074 M * mjt in any way, such mounting is best to be done in vserver-specific fstab, not in a script 1179494097 M * mjt /etc/vservers/$foo/fstab i mean 1179494225 M * Punkie Can I use this fstab for mounting of sharing files between vservers..? I need to "mount --bind" this directory to more vservers 1179494244 M * mjt yes 1179494276 M * mjt use any value in "fstype" field (i use "none"), and use bind in "options" field 1179494305 M * mjt /var/log/ntpstats /var/log/ntpstats none bind,rw 0 0 1179494334 M * mjt looks a bit funny - both "from" and "to" are the same 1179494350 M * Punkie the vservers for some reason dont see this device 1179494351 M * mjt but the 2nd field refers to /vservers/$foo/var/log/ntpstats really 1179494355 M * Punkie vserver vphp1 start 1179494355 M * Punkie ls: /b/vservers-data/www: No such file or directory 1179494355 M * Punkie total 0 1179494393 M * mjt see above -- "i *think*..." :) 1179494406 M * Punkie thank I'll try it ;) 1179494410 M * Punkie thanks* 1179494450 M * mjt note fstab is processed by "secure-mount", not regular mount, and by default it adds some ro's in there 1179494460 M * mjt (= readonly) 1179494478 M * mjt hence i added ",rw" in my mount line 1179494479 M * Punkie but it is strange, If I e.g.mount it from md1, it is OK, vservers are on md2 1179494496 M * mjt not strange at al 1179494498 M * mjt all 1179494524 M * mjt as i mentioned before, vserver-start does quite some cleanup on the guest namespace 1179494535 M * mjt it umounts all the "unneeded" filesystems 1179494560 M * mjt for example if your vserver is /v/a, and you've /usr - /usr isn't needed and gets umounted. 1179494601 M * mjt but if something's mounted in /v/a/usr, it IS needed obviously 1179494659 M * Punkie thanks, I'll try it in other way 1179494734 M * mjt there are so many tiny scripts executed at different stages - that's one of the reasons i dislike the whole util-vserver approach, you can never be sure what you really did... ;) 1179494754 M * Punkie :) 1179494808 M * BenG right, I can phrase my question in a simpler way now, what changes do I need to make to standard vserver guest to allow fusermount to run successfully? 1179494943 A * mjt doesn't know, and thinks he'll never try that... 1179494944 M * mjt ;) 1179494954 M * BenG :/ 1179494987 M * mjt there's a guest capability to do mounts 1179494995 M * mjt but it's too dangerous to my taste 1179495005 M * mjt and it allows more than fusermount 1179495023 M * BenG indeed, SECURE_MOUNT I have set, but no joy 1179495035 M * mjt try binary_mount too 1179495047 M * BenG cool, cheers 1179495054 A * BenG head for the docs again... 1179495058 A * BenG heads for the docs again... 1179495065 M * mjt but that's something i'll never allow to my guests ;) 1179495091 M * BenG "Allow binary/network mounts" 1179495097 M * BenG well, yes, that is very sensible 1179495104 M * mjt neither SECURE_MOUNT (which is misnamed - it should be SIMPLE_MOUNT instead) nor (and especially) BINARY_MOUNT 1179495112 M * BenG but I need to try 1179495123 J * Piet hiddenserv@tor.noreply.org 1179495136 M * BenG fusermount is essential for my LTSP set up 1179495163 M * mjt well it really depends on the usage scenario 1179495183 M * mjt i'm using vserver as a form of "jails", to increase security of the system 1179495208 M * mjt in this context, allowing mount in a guest basically means the guest is able to control the kernel 1179495257 M * mjt because from a guest it will be possible to mount, say, some especially crafted ISO image to trigger some kernel-mode vulnerability 1179495312 M * mjt (there was several bugs in isofs discovered recently, and many other filesystems are buggy, it's just that not many people are trying to exploit systems this way) 1179495615 Q * lilalinux Remote host closed the connection 1179495940 M * matti Hi :) 1179496005 J * Piet_ hiddenserv@tor.noreply.org 1179496028 M * BenG if you google mjt, you'll see a post http://www.paul.sladen.org/vserver/archives/200608/0086.html 1179496041 M * BenG which lists some security concerns 1179496088 M * Punkie when I write it to fstab file, I see in vserver 1179496093 M * Punkie vphp1:/# mount 1179496093 M * Punkie /dev/hdv1 on / type ufs (defaults) 1179496093 M * Punkie none on /proc type proc (0) 1179496093 M * Punkie none on /tmp type tmpfs (size=256m,mode=1777) 1179496093 M * Punkie none on /dev/pts type devpts (gid=5,mode=620) 1179496112 M * Punkie . 1179496119 M * BenG I guess for LTSP I could make access to fusermount limited through sudoers or some such 1179496133 M * Punkie I cant send the last row :-/ 1179496151 M * Punkie /b/vservers-data/www on /var/www type none 1179496156 M * Punkie (0) 1179496171 M * Punkie it is not so good solution :( 1179496267 M * mjt what's not good with it? 1179496313 M * mjt i wonder... 1179496333 Q * Piet Ping timeout: 480 seconds 1179496354 M * mjt # vserver ntp enter 1179496356 M * mjt # mount 1179496359 M * mjt sh: mount: command not found 1179496361 M * mjt ;) 1179496365 M * Punkie when I mount it normaly by pre-start script from other partition, the vserver-user doesnt see, when on root-server vserver-data are 1179496370 M * BenG are you able to see the content of /b/vserver-data/www now Punkie? 1179496398 M * mjt Punkie: look into /proc/mounts 1179496409 M * mjt Punkie: it will be the same in both cases 1179496421 M * mjt it's just that your script doesn't modify /etc/mtab 1179496429 M * mjt or it does, but the wrong one. 1179496462 M * mjt here's my /proc/mounts line: 1179496462 M * mjt /dev/md3 /var/log/ntpstats ext3 rw,nodev,data=ordered,usrquota,grpquota 0 0 1179496467 M * mjt (in guest) 1179496498 M * mjt by the way, you can mount it on host once for all 1179496545 M * Punkie ok, but I really dont understand, why from every directory on md1 or md2 it is posible to mount anything to vserver, and from md3 is this not able 1179496619 M * mjt probably because md1 and md2 are used in your guest, so are not removed in namespace-cleanup part of `vserver start', while md3 is not used and hence gets umounnted. 1179496678 M * daniel_hozac also note that it's not devices that matter, just the mount points. 1179496693 M * mjt filesystems 1179496785 M * mjt if you have a reference to filesystem on md1 from within your guest at the time it's about to start, md1 will not be umounted, while other unreferenced filesystems will. 1179496823 M * daniel_hozac again, devices don't matter. 1179496836 M * daniel_hozac it's all mount point based. 1179496877 M * Punkie so only way for me is write it to /etc/vservers/NAME/fstab? 1179496891 M * daniel_hozac "only" way? no. 1179496893 M * mjt no - there are other knobs for that :) 1179496897 M * daniel_hozac but certainly the most correct way. 1179496949 M * mjt something that's executed befor namespace cleanup but after other mounts.. ;) 1179497038 M * mjt you can also put your md3 into /etc/vservers/$foo/namespace-cleanup-skip 1179497049 M * mjt the mountpoint of it really 1179497060 M * daniel_hozac that's just an ugly hack. 1179497078 M * mjt the whole util-vserver thing is an ugly hack ;) 1179497078 M * daniel_hozac especially in this case, when you already have a way of doing it correctly. 1179497089 M * daniel_hozac that's your opinion. 1179497098 M * mjt sure ;) 1179497106 M * mjt with a big smile, too ;) 1179497111 M * daniel_hozac i see it more as a complete userspace implementation for Linux-VServer. 1179497168 A * mjt is studying _namespaceCleanup() function in vserver.functions... 1179497212 M * Punkie corectly but I dont want to have visible this mount for vserver-user, but I want to they have rights on mount command 1179497213 Q * BenG Remote host closed the connection 1179497237 M * mjt it will be visible in any way 1179497252 M * daniel_hozac /proc/mounts doesn't lie like /etc/mtab. 1179497263 M * daniel_hozac there's no way to have it completely invisible. 1179497284 M * mjt there is - make it a separate filesystem. 1179497300 M * mjt but hmm 1179497318 M * mjt /proc/mounts thing looks like it's a separate filesystem 1179497352 M * mjt it lists the device where the original fs is mounted from, and the bind-mount-point 1179497370 M * mjt instead of the original directory 1179497382 M * daniel_hozac yes, that's the way it shows bind moutns. 1179497407 M * mjt so that's probably better than having actual directory in mounts list 1179497413 J * BenG ~ben@195.10.248.18 1179497431 M * mjt why i read this as BenQ ? :) 1179497461 M * Punkie so oki, thanks for you help ;) I do it by this way 1179497476 M * mjt you can just remove /etc/mtab 1179497495 M * mjt after vserver startup 1179497516 M * mjt or you can put whatever you like in there 1179497542 M * mjt (removing it means some utils will stop working - like df for example) 1179497546 M * Punkie /etc/mtab is ok 1179497549 M * BenG mjt, you where right BINARY_MOUNT was the one, fuse now works 1179497568 M * Punkie but /proc/mouts see /dev/md3 ;) 1179497572 M * BenG if I add any security measures, I will document it somewhere 1179497573 M * mjt BenG: you probably don' need SECURE_MOUNTS 1179497586 M * mjt Punkie: and so what? 1179497595 M * BenG okay mjt, will try when the LTSP is less err... online 1179497606 M * Punkie I said so oki, thanks for you help ;) I do it by this way 1179497609 M * mjt Punkie: it has no meaning inside the guest, UNLESS you export /dev/md3 too ;) 1179497635 M * mjt (which will be a very bad idea ;) 1179497669 M * mjt after all, you can hide /proc/mounts and create fake /etc/mtab 1179497683 M * daniel_hozac you can't hide /proc/mounts. 1179497684 M * mjt this way NO of your mounts will be visible 1179497688 M * mjt why not/ 1179497689 M * mjt ? 1179497702 M * daniel_hozac because /proc//* don't have the hide/watch/etc. flags. 1179497707 M * mjt aha 1179497720 M * mjt Not Implemented Yet (tm) :) 1179497803 M * mjt BenG: by the way, why fusermount is necessary for LTSP? 1179497822 M * mjt hmm i guess i know the answer 1179497858 M * mjt it's to talk to clients, to share things like printers, sound devices or somesuch 1179497873 M * daniel_hozac i hope not. 1179497887 M * daniel_hozac FUSE doesn't let other users (not even root) access the mount point. 1179497890 M * mjt usb filesystems 1179497904 M * mjt ltsp client is running as root 1179497906 M * Guy- daniel_hozac: actually, it does (there is a mount option for that) 1179497924 M * mjt "it" does? 1179497947 M * Guy- mjt: 'it' being the kernel, I guess 1179497958 M * mjt ahh.. to access fuse mounts 1179497961 M * mjt yeah 1179497977 M * mjt with a --dangerous-do-what-i-mean-and-i-really-mean-it option.. ;) 1179497991 M * mjt (j/k) 1179498037 M * mjt "not even root" should really be "especially root" 1179498077 M * Punkie It would be good, if there would be something like pre-pre-start skript ...something what would be happend before every security thinks 1179498096 M * mjt . o O { before every security thinks } 1179498097 M * mjt heh 1179498098 M * daniel_hozac you realize there _is_ a prepre-start script, right? 1179498114 M * Punkie there is? 1179498129 M * daniel_hozac as well as an initialize script, which is before that... 1179498130 M * mjt there's no.. on your system :) 1179498208 M * mjt there's just so many tiny knobs at various stages in various places... 1179498220 M * daniel_hozac yes, it's called configurability. 1179498226 M * daniel_hozac so people can do what they want. 1179498247 Q * jordi Ping timeout: 480 seconds 1179498272 M * Punkie /etc/vservers/vserver-name/scripts/prepre-start.d 1179498272 M * Punkie * 1179498272 M * Punkie o Repository of prepre-start like scripts. Before executing the script, the configuration directory will be made the working directory. 1179498272 M * Punkie * script 1179498272 M * Punkie o See prepre-start. 1179498279 M * Punkie ok, I am stupid 1179498310 M * mjt you'd better see description of prepre-start, not prepre-start.d ;) 1179498374 M * mjt daniel_hozac: that "configurability" - is there any reason why there are both pre-start and prepre-start? I mean, why prepre-start alone isn't sufficient? 1179498409 M * daniel_hozac because you may want to do some things after network has been setup? 1179498425 M * Guy- mjt: that "--dangerous-do-what-i-mean-and-i-really-mean-it option" would be "-o allow_other" :) (and there is also "-o allow_root", to be sure) 1179498437 M * mjt Guy-: as i said: j/k ;) 1179498442 M * mjt (= just kidding ;) 1179498465 M * Guy- wow, haven't come across that one before 1179498516 M * Guy- and I thought I'd seen all common and not-so-common english phrases abbreviated to the point of unintelligibility... :) 1179498519 M * mjt daniel_hozac: how about setting up all "standard mounts", setting up network, run pre-start (it's now called prepre-start), do cleanup, and process further -- without the second script? Or am i missing something? 1179498536 M * Punkie my mount is working in this prepre-start ;) 1179498548 M * daniel_hozac mjt: what if you want to do something before you setup the network? 1179498549 M * mjt Punkie: don't forget to add -n option 1179498555 M * daniel_hozac like, say, routes, iptables, etc. 1179498567 M * Punkie -n options? 1179498582 M * mjt option (singular) -- to mount 1179498589 M * mjt to stop it from writing to host's /etc/mtab 1179498603 M * CHTEKK hi all... anyone experience with cpusets? can't get a task to be assigned to one of them :S mounts /dev/cpuset ok, creating a dir in there works, I then echo 0 > cpus, taht works, but echo $$ > tasks returns with "no space left on device" and it's not assigned... any ideas? 1179498616 M * Guy- daniel_hozac: maybe these stages could have more intuitive names though, like 'before-network.d'? 1179498628 M * daniel_hozac Guy-: it's all described on the flower page. 1179498640 M * Guy- I'm sure it is 1179498666 M * daniel_hozac and while it's still called alpha, i don't like breaking compat just for the sake of doing so, 1179498713 M * Guy- oh, you don't need to break anything - just use both, or have one override the other if it exists; there are many ways to deal with this 1179498719 J * cruser ~chatzilla@72.242.194.162 1179498719 M * daniel_hozac CHTEKK: you have to set mems too. 1179498727 M * daniel_hozac Guy-: that's even uglier. 1179498743 M * Guy- the "prepre" is not a good name though 1179498750 M * daniel_hozac why not? 1179498756 M * daniel_hozac it's before pre-start. 1179498763 A * mjt nods - several names for the same thing is just wrong 1179498782 M * Guy- because the name does not immediately tell you what stage this takes place at 1179498782 M * mjt (in this context anyway) 1179498789 M * CHTEKK daniel_hozac, ok I tried setting that to 0 already, but that din't work at all... how should mems be set? 1179498793 M * daniel_hozac Guy-: does pre-start tell you that? 1179498801 M * Guy- no, so that's not a good name either 1179498823 M * daniel_hozac so before-network-but-after-mounts-before-cleanup.d is a good name? 1179498833 M * Guy- no, because it's too long 1179498845 M * daniel_hozac but that's how long it would have to be. 1179498850 M * Guy- not necessarily 1179498852 M * daniel_hozac yes. 1179498873 M * daniel_hozac in order to accurately describe them, you need to at least have the three stages described. 1179498876 M * Guy- you could have 01-before-network.d, 02-before-mounts.d or whatever 1179498888 M * Guy- that implies the order and also what gets done between the stages 1179498898 M * Guy- and it's not long 1179498918 M * daniel_hozac and what happens when another script is introduced at the first level? 1179498925 M * mjt this somehow reminds me about init runlevels 1179498927 M * daniel_hozac they all get renamed? 1179498940 M * Guy- daniel_hozac: huh? these are .d directories, you put scripts into them 1179498947 M * mjt heh 1179498951 M * daniel_hozac i am well aware of that. 1179498958 M * daniel_hozac but the initalize script was just added. 1179498969 M * daniel_hozac how would you handle that in your setup? 1179498973 M * Guy- daniel_hozac: if you expect a new stage to be introduced, you can always number them like 100, 200, 300 and so on, there is plenty of room between any two then 1179498977 M * mjt the question is where to place something-after-network-but-before-cleanup 1179498988 M * mjt wug 1179498989 M * Guy- probably even 10-20-30 would suffice 1179499016 M * mjt what people place in before-network? 1179499019 M * CHTEKK daniel_hozac, hmm it works now.. wth, didn't work tonight... maybe I did something else wrong.. thanks a lot! :) 1179499036 M * daniel_hozac and numbers are better than text? 1179499048 M * Punkie text is better ;) 1179499103 M * mjt if i'd do it this way (i wont), i'd create a directory similar to /etc/rcS.d/, put standard scripts in there, and allow placing user-defined scripts in there too 1179499134 Q * bragon Ping timeout: 480 seconds 1179499143 M * mjt standard scripts are named 10-namespace, 20-network, 30-cleanup etc, 1179499145 M * Guy- daniel_hozac: not _just_ numbers. the numbers are there for ordering. of course the stages would/should have names as well 1179499159 M * Guy- 100-before-network.d or what have you. 1179499163 M * mjt and one is able to add 15-pre-network-name-does-not-matter 1179499193 M * Guy- mjt: yes, that's also an option 1179499264 M * Guy- daniel_hozac: but in the current scheme, if you add a new stage, will it be called prepreprestart, or preprepostprestart? :) 1179499280 M * daniel_hozac initialized. 1179499282 M * daniel_hozac -d 1179499291 M * mjt this way we're shooting two birds with one stone: it becomes clear what's being done in the first place, by standard stuff, and in what order, and it becomes trivial to add custom "stages" 1179499293 M * daniel_hozac e.g. 1179499336 M * Guy- daniel_hozac: and that's better than ordering by numbers, yes? 1179499366 M * Guy- daniel_hozac: because "initialize" _obviously_ comes before preprestart. or wait. was it the other way round? :) 1179499367 M * daniel_hozac yes, i don't think filenames is the place to describe the exact function of things. 1179499389 M * mjt hmm 1179499401 M * mjt i don't think my idea is bad... 1179499410 M * Guy- daniel_hozac: I agree with you there. this is exactly what preprestart doesn't do 1179499420 M * Guy- (and neither does initialize, btw) 1179499420 M * daniel_hozac that's why there are docs. 1179499445 M * Guy- docs are fine, but in my experience it is worthwhile to strive for intuitiveness 1179499480 M * Punkie thanks to all for help...I must go..have a nice weekend...bye 1179499489 M * mjt anything immediately wrong with a startup sequence a-la /etc/rcX.d/ ? 1179499499 M * Guy- mjt: no, it's splendid 1179499512 M * daniel_hozac other than the fact that it would have to be duplicated for every guest? 1179499519 M * mjt symlinked 1179499524 M * Guy- exactly 1179499532 M * daniel_hozac still, duplicated. 1179499534 M * mjt i know at least one wrong 1179499553 M * mjt in case some new script comes on upgrade 1179499577 M * Guy- I don't see why this kind of "duplication" is bad 1179499590 M * mjt well, it can trivially be worked around - both upgrade and duplication probs 1179499637 M * daniel_hozac it would also require the utils be split into 120239 more files... 1179499653 M * Guy- why? 1179499659 M * mjt sorta 1179499668 M * daniel_hozac Guy-: because that's the idea?! 1179499692 M * Guy- hey, don't get so worked up :) 1179499696 M * mjt currently it's a bit like this anyway - all those pre-pre-start and dlimits/ and stuff like that - not scripts but the config items 1179499701 M * Guy- we're apparently talking about different things 1179499726 M * Guy- I was just suggesting that the current initialization stages should be renamed, really 1179499727 M * daniel_hozac mjt: what? 1179499770 M * mjt daniel_hozac: you mentioning splitting scripts into alot of pieces. Currently, number of scripts is small, but number of config items is large - so we've alot of files *already*. 1179499778 M * daniel_hozac well, yes. 1179499783 M * daniel_hozac that's the way it's supposed to be. 1179499785 Q * Punkie Quit: Leaving 1179499792 M * mjt i for one prefer setting limits on command line, not read from files 1179499800 M * daniel_hozac configurability with a one-value-per-file scheme means you'll have quite a few files. 1179499843 M * mjt one var per file is good for "machine-parsing" 1179499867 M * mjt but it's quite difficult to configure - better to have a config file with comments 1179499868 J * Piet__ hiddenserv@tor.noreply.org 1179499878 M * daniel_hozac that's what the flower page is for. 1179499878 M * mjt IMHO again 1179499936 M * Guy- it's actually not hard to combine the two. get the 'one value' items from environment variables, and the config file can be a shell script fragment that sets them 1179499992 P * BenG 1179500098 M * mjt what come as a big surprize for me is files-as-arrays like vservers/$foo/apps/init/cmd 1179500133 M * mjt ie, some things are scripts, but some are... strange beasts. and some are values for limits. 1179500176 M * mjt i'm not arguing, or blaming, or something like that - i'm just trying to come to a ... better solution 1179500224 M * mjt what i understand is that it'll be a nightmare to maintain a setup like i want to implement using standard util-vserver scripts 1179500234 M * daniel_hozac oh? why's that? 1179500260 M * daniel_hozac hopefully i'll get around to the configuration frontend stuff RSN so that people can stop whining :) 1179500273 Q * Piet_ Ping timeout: 480 seconds 1179500275 M * mjt configuration frontend isn't interesting for me 1179500304 M * daniel_hozac well, it would mean you can change the underlying backend. 1179500320 M * mjt suppose i have several services each running in a vserver - they all share common root filesystem (read-only) but each has it's own small set of bind-mounts 1179500336 M * mjt like /var/lib/ntp for ntpd 1179500356 M * mjt or /etc/bind (with rndc.key) for named 1179500390 M * mjt so i'll have tons of almost-identical /etc/vservers/$foo/fstab files 1179500418 J * tam ~tam@gw.nettam.com 1179500457 M * daniel_hozac yes, it's too bad the fstab isn't a directory too. 1179500477 M * mjt instead, i'd use a shell script that'll mount common filesystems, and either a case $foo..esac or a bunch of small shell scripts (or even a subdir with symlinks for each vserver, pointing to necessary mounts) to do specific mounts 1179500509 M * daniel_hozac so, do that? 1179500511 M * mjt having fstab as a directory looks even uglier for me ;) 1179500612 M * mjt currently util-vserver is a large black box. Scripts are too complex to follow (sh -x helps somewhat, but i'm not sure i've got everything necessary), so i'm not sure that by replacing something with my version i'll not forget something 1179500641 M * mjt that's why all those my numerous questions about how the guest gets set up 1179500669 M * tam [root@vhost02 ~]# chbind 1179500670 M * tam ncontext: vc_net_create(): Invalid argument 1179500678 M * tam testme.sh says everything is ok though 1179500687 M * daniel_hozac tam: your kernel doesn't have dynamic context support, so you have to specify one. 1179500687 M * mjt in order to be able to replace some stuff and to do the right thing (not missing some --secure flag or barrier or whatnot) 1179500701 M * tam daniel- Is that a compile time option? 1179500707 M * daniel_hozac yes. 1179500713 M * tam I'm off to rebuild :) 1179500716 M * tam thank you! 1179500716 M * daniel_hozac but dynamic contexts are deprecated for years now. 1179500719 M * daniel_hozac you really should use static ones 1179500719 M * mjt sure you need it?? 1179500719 M * tam oh. 1179500734 M * tam so I just need to feed it a context 1179500737 M * tam that's even easier 1179500772 M * mjt definitely easier than to recompile the kernel :) 1179500945 J * BenG ~ben@195.10.248.18 1179501006 M * mjt i'm trying to start a guest manually (but slowly) - so far i managed to do it (executing vcontext, ncontext, etc things), now to check if everything's ok, and to write something to be able to do it again (and document it, too) 1179501056 M * cruser Hi. Anyone know if vserver can handle cifs filesystem so I can mount a drive using samba client? 1179501062 M * mjt looks like it will be another util-vserver package - provided i'll have the time to complete it. 1179501073 M * daniel_hozac cruser: from the inside? 1179501086 M * cruser from a guest. 1179501093 M * daniel_hozac that doesn't work. 1179501102 M * daniel_hozac it tries to spawn a kernel thread. 1179501120 M * cruser how about from the vserver host? 1179501130 M * daniel_hozac that's fine. 1179501136 M * mjt your host has a normal kernel 1179501157 M * mjt everything regular kernel is able to do your vserver-enabled kernel can do, too 1179501161 M * Guy- mjt: please put your documentation on the vserver wiki :) 1179501186 M * daniel_hozac mjt: something wrong with vcd? 1179501191 M * mjt Guy-: that's my intention ;) 1179501201 M * mjt daniel_hozac: i *detest* xml ;) 1179501214 M * cruser mjt: on the host /proc/filesystem does show cifs 1179501224 M * Guy- xml is like violence. If it doesn't solve your problem, just use more. 1179501271 A * mjt , being a non-native english speaker, wonders what "violence" is - a new word... 1179501275 M * mjt ;) 1179501295 M * mjt aha. got it ;) 1179501334 M * mjt strange i didn't come to it before 1179501340 M * cruser daniel_hozac: How do I get cifs into my host kernel? Thanks. 1179501349 M * mjt the usual way? 1179501357 M * Guy- cruser: um, turn it on in the kernel config? 1179501364 M * mjt mount -t cifs ...? 1179501382 M * mjt Guy-: it's already in his kernel 1179501385 M * Guy- ah 1179501390 Q * FloodServ Service unloaded 1179501397 M * Guy- then yes, just mount 1179501414 M * cruser My kernel came via yum and the hozac repos. 1179501442 M * mjt yum 1179501455 M * mjt a funny name of an utility 1179501502 M * cruser mijt: came from yellow dog distro that is what the 'y' at least stands for. 1179501515 M * mjt heh 1179501530 M * mjt you already told us cifs is in your kernel 1179501555 M * mjt what's your question? How to mount a cifs filesystem? 1179501574 M * cruser mijt: I said cifs does not show up in /proc/filesystem 1179501583 M * daniel_hozac just mount -t cifs. 1179501586 M * daniel_hozac it will get automatically loaded. 1179501587 M * mjt < cruser> mjt: on the host /proc/filesystem does show cifs 1179501633 M * mjt ..so either it is here, or not... ;) 1179501636 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1179501648 J * Punkie ~Punkie@home.pekelny.net 1179501654 M * cruser ~ # cat /proc/filesystems 1179501656 M * cruser nodev sysfs 1179501657 M * cruser nodev rootfs 1179501659 M * cruser nodev bdev 1179501660 M * cruser nodev proc 1179501662 M * cruser nodev cpuset 1179501663 M * cruser nodev binfmt_misc 1179501665 M * cruser nodev debugfs 1179501667 M * cruser nodev securityfs 1179501668 M * mjt ... 1179501668 M * cruser nodev sockfs 1179501670 M * cruser nodev usbfs 1179501670 M * Guy- noooooooooooooo 1179501671 M * cruser nodev pipefs 1179501673 M * cruser nodev futexfs 1179501674 M * cruser nodev tmpfs 1179501674 M * daniel_hozac please use the pastebin for anything longer than 3 lines. 1179501676 M * cruser nodev inotifyfs 1179501677 M * cruser nodev eventpollfs 1179501679 M * cruser nodev devpts 1179501680 M * cruser ext2 1179501682 M * cruser nodev ramfs 1179501683 M * cruser nodev hugetlbfs 1179501685 M * cruser iso9660 1179501686 M * cruser nodev mqueue 1179501687 M * Guy- too late, it's already in his buffer 1179501688 M * cruser ext3 1179501689 M * cruser Okay 1179501760 M * mjt as much as i dislike long pastes.. even more bad when each next line comes with quite some delay like this - stupid IRC clients trying to work around flood detection... 1179501814 J * stefani ~stefani@tsipoor.banerian.org 1179501826 M * tam I hate to bug you guys so much... but... 1179501827 M * tam rpm-fake-resolver: vc_ctx_migrate(): No such process 1179501828 M * tam rpm-fake.so: failed to initialize communication with resolver 1179501837 M * tam What might be causing that headache? 1179501841 M * daniel_hozac when do you get it? 1179501848 M * tam when trying to build a new vserver 1179501856 M * tam if i run the build command a few times it eventually works 1179501857 M * daniel_hozac and did you specify --context xyz? 1179501860 M * tam yes 1179501870 M * daniel_hozac what distro is that on? 1179501874 M * tam centos4 1179501894 J * FloodServ services@services.oftc.net 1179501956 M * daniel_hozac what kernel? 1179501987 M * tam 2.6.20.4-vs2.2.0 1179502060 M * tam the weirdest thing is that sometimes it works on the first try, and other times I have to rerun the vserver build line half a dozen times. 1179502094 M * daniel_hozac that's weird. 1179502148 M * mjt a race somewhere? 1179502194 M * tam it sure seems like a race 1179502406 P * BenG 1179502509 M * cruser daniel_hozac: Is it possible for me to recompile the rpm'ed kernel (CONFIG_CIFS=y) to get cifs? 1179502532 M * Guy- daniel_hozac: is vserver build -m clone supposed to copy filesystem POSIX ACLs? 1179502532 M * daniel_hozac you already have CIFS. 1179502535 M * mjt are you sure you don't have it already? 1179502537 M * daniel_hozac Guy-: no. 1179502557 M * Guy- daniel_hozac: what way does it copy the files it doesn't hardlink? 1179502573 M * daniel_hozac same way hashify/unify does it. 1179502592 M * daniel_hozac copies permissions and ownership, basically. 1179502613 M * Guy- OK, so you're not calling cp -a or rsync or anything 1179502619 M * Guy- it's implemented internally 1179502653 M * daniel_hozac yep. 1179503041 M * mjt hmm 1179503088 M * mjt an idea just come to me. I use readonly root in guests. It probably makes some sense to make it rw instead, in a means of unionfs - as an.. forensic(sp) tool 1179503140 M * mjt normally it should be empty. but if something's happening, some writes will be done and will be immediately seen. 1179503292 M * cruser daniel_hozac: looking again...yes I do have cifs. Thanks. 1179504121 M * tam Is there any best-practice when defining your own contexts? 1179504231 M * mjt it depends on what you want to get.. In terms of util-vserver, default config IS the "best practice" 1179504249 M * tam Well, can I pick high random numbers and be ok? 1179504271 M * mjt context NUMBER you mean? 1179504273 M * tam yes 1179504274 M * tam sorry 1179504290 M * mjt any of your choice, does not matter, but has to be >2 1179504304 M * tam I can't have 2 vservers with the same context though, right? 1179504305 M * mjt or >1 - don't remember 1179504308 M * mjt no 1179504310 M * mjt er 1179504311 M * tam so I need to watch for that.... 1179504346 M * tam How large a number can I define? 1179504348 M * daniel_hozac how do you assign IP addresses? 1179504349 M * daniel_hozac 49151. 1179504350 M * mjt you can use sequential number, or random, or number them after their ip addresses, ... 1179504369 M * mjt 49151 - where this number come from? 1179504377 M * mjt quite a.. nice number ;) 1179504716 M * tam 49151 is the maximum? 1179504748 M * tam I understand ip address limits, but not context number limits :) 1179504761 M * tam My old vserver hosts used dymanic, so I never had to think about it 1179504784 M * daniel_hozac well, you have to assign the addresses somehow, no? 1179504801 M * tam correct 1179504803 M * daniel_hozac i.e. guest xy gets address yz. 1179504819 M * daniel_hozac i just use that for the context. 1179504828 M * tam ok 1179504847 M * tam That's one option 1179504861 M * tam Could I use the date and year like a DNS zone serial number? 1179504861 M * tam 2007051800 for example? 1179504861 Q * dna Quit: Verlassend 1179504861 M * daniel_hozac is that less than 49151? 1179504861 M * tam no :) ok 1179504867 M * tam so 49151 is the maximum 1179504870 M * tam that's what i needed to know 1179504876 M * tam thank you! 1179505722 Q * gerrit Ping timeout: 480 seconds 1179505949 Q * Punkie Quit: ChatZilla 0.9.78.1 [Firefox 2.0.0.3/2007030919] 1179506510 J * ahuman ~oem@ool-43557e7c.dyn.optonline.net 1179506874 J * hardwire ~bip@rdbck-6480.palmer.mtaonline.net 1179507220 J * gerrit ~gerrit@bi01p1.co.us.ibm.com 1179509160 Q * hardwire Ping timeout: 480 seconds 1179510379 M * Guy- is there a good way to increase the size of the fs on an LVM volume mounted in a guest without restarting the guest? 1179510390 M * Guy- I was experimenting with vnamespace enter xfs_growfs 1179510398 M * Guy- but it doesn't appear to do anything 1179510815 M * daniel_hozac you shouldn't need to enter the namespace for that. 1179510834 M * Guy- xfs_growfs wants a mountpoint 1179510838 M * Guy- the fs is only mounted in the guest 1179510846 M * Guy- what other way is there? 1179510854 M * daniel_hozac well, then you do ;) 1179510894 M * Guy- I think maybe it's better to create the block device of the LV in the guest, and run xfs_growfs there 1179510897 M * Guy- I'll try this next time 1179511204 Q * edeschen Remote host closed the connection 1179511215 J * edeschen ~edeschen@proxy-sjc-1.cisco.com 1179512165 Q * Johnnie Remote host closed the connection 1179512416 J * Johnnie ~jdlewis@c-67-163-247-109.hsd1.pa.comcast.net 1179512503 Q * ema Quit: leaving 1179513393 Q * ldng Quit: Leaving 1179515292 J * hardwire ~bip@rdbck-3412.palmer.mtaonline.net 1179515660 Q * soltesz Quit: using sirc version 2.211+KSIRC/1.3.12 1179515730 J * ruskie ruskie@ruskie.user.oftc.net 1179517035 Q * hardwire Ping timeout: 480 seconds 1179517105 P * cruser 1179517843 J * bonbons ~bonbons@158.64.111.106 1179518392 J * click click@ti511110a080-0476.bb.online.no 1179518910 J * Vesa_ ~chatzilla@dsl-hkigw8-feeaf900-105.dhcp.inet.fi 1179519008 M * Vesa_ Is the VServer project still actively maintained? I just read the web pages, and the last news are from 06/2006... 1179519122 M * Guy- Vesa_: yes 1179519170 M * Vesa_ Guy-: Thanks. The links to mailing lists are gone too and I began wonderin... 1179519289 M * harry sure it is. 1179519326 M * daniel_hozac they're from november 06. 1179519354 M * daniel_hozac in addition to patches being available for kernels released just a week or so ago. 1179519408 M * meandtheshell Vesa_: well, Linux-VServer has got a "new" website - you know that? 1179519450 M * Vesa_ Thanks for all who answered, that vserver is still alive :). I started to wonder since mailing address mentioned at the website refers to http://list.linux-vserver.org/, which does not work for me. Does it work for others? 1179519451 M * meandtheshell Vesa_: check the topic ... 1179519482 A * meandtheshell gets I/O via Gmane so ... 1179519484 M * daniel_hozac the mailing list maintainer isn't responding to our requests to bring the webserver back to life. 1179519515 M * Vesa_ meandtheshell: OK. where do I then ask something, if mailing list subscription does not work? 1179519531 M * meandtheshell Vesa_: right here :) 1179519531 M * daniel_hozac here? 1179519551 M * daniel_hozac mailto:vserver-request@list.linux-vserver.org?subject=subscribe works to subscribe as well. 1179519556 M * Vesa_ OK, I was just being sent private messages that "check the topic" :) 1179519688 M * Vesa_ Thanks daniel. Did just that. 1179519769 M * meandtheshell Vesa_: regarding ml --> gnus+gmane here works like charm http://img521.imageshack.us/img521/1634/gnusgmanesr9.png 1179519856 M * Vesa_ Is it OK to ask general questions here? I am totally new to VServer (first time on channel, and visited VServer page for the first time today) 1179520057 M * harry sure is 1179520064 M * harry that 's what we're here for :) 1179520065 M * meandtheshell Vesa_: ok - let's continue here instead via pm ... 1179520074 M * meandtheshell Vesa_: just type /topic RET 1179520083 T * Vesa_ RET 1179520092 M * harry lol 1179520093 M * meandtheshell oops 1179520095 M * Vesa_ :) 1179520098 M * meandtheshell fuck sorry! 1179520107 M * Vesa_ Somebody undo it :) 1179520115 T * meandtheshell http://linux-vserver.org/ | latest stable 2.2.0, 2.0.3-rc2, devel 2.3.0.12, stable+grsec 2.0.2.1, 2.2.0 | util-vserver-0.30.213 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1179520129 T * daniel_hozac http://linux-vserver.org/ | latest stable 2.2.0, 2.0.3-rc2, devel 2.3.0.12, stable+grsec 2.0.2.1, 2.2.0 | util-vserver-0.30.213 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1179520135 M * meandtheshell oh my god :) 1179520158 A * arachnist joins teh phun 1179520166 M * arachnist /topic http://linux-vserver.org/ | latest stable 2.2.0, 2.0.3-rc2, devel 2.3.0.12, stable+grsec 2.0.2.1, 2.2.0 | util-vserver-0.30.213 | libvserver-1.0.2 & vserver-utils-1.0.3 | He who asks a question is a fool for a minute; he who doesn't ask is a fool for a lifetime -- share the gained knowledge on the Wiki, and we'll forget about the minute ;) 1179520171 M * Vesa_ OK, it seems I got some action here :) 1179520171 M * arachnist ;> 1179520193 M * Vesa_ I was about to ask if it possible to clone a quest, while the quest is running? 1179520198 M * meandtheshell Vesa_: you're the culprit :) 1179520223 M * daniel_hozac arachnist: how is that different from mine? 1179520245 M * arachnist daniel_hozac: not at all 1179520289 M * daniel_hozac Vesa_: possible, yes, but not ideal. 1179520442 M * Guy- Vesa_: we don't normally deal with quests. (guests, now... that's different :) 1179520506 M * Vesa_ OK, G and Q are always too similar for me. I meant guest though :) 1179520523 M * Vesa_ The reason I was hoping to use VServer was that I would not need to install the basic stuff (Ruby, rails, MySQL, Emacs, ImageMagic, 1000 gems) to all servers I am using... 1179520527 M * mjt . o O { BenG vs BenQ } 1179520581 M * Vesa_ ...And if it is not advisable to clone a running _g_uest, the should I keep one "master" guest and copy that on demand. Any ideas? 1179520601 M * mjt Vesa_: you install once, copy/clone as many times as you wish. It's the upgrade thing which you do to all servers ;) 1179520605 J * hardwire ~bip@rdbck-6274.palmer.mtaonline.net 1179520765 M * Vesa_ mjt: Yes, but if all my servers are almost identical, I need to update only the master one, and then say to different guests that "you are the DB, you are the web server1, you are the webserver2 and so on" and thats it, right? 1179520799 M * mjt it's not that simple 1179520805 M * Vesa_ mjt: why? 1179520844 M * mjt you cloned (basically copied, hardlinked, whatever) an image into two guests - A and B. 1179520853 M * Vesa_ If I have mysql on all hosts and all the other relevant host as well. When I upgrade the master, I just copy the DB files from the old DB guest to the new DB? 1179520865 M * mjt next you changed something - different, or differently - on both 1179520887 M * mjt next you want to "upgrade" some software (due to security fixes etc) 1179520902 M * mjt now you basically have to do that on *every* server 1179520927 M * mjt or figure out what the upgrade procedure does with configs, to apply only that config change to all 1179520961 J * tuxmania ~bonbons@158.64.110.35 1179520964 M * mjt eg, you configured httpd.conf on your webserver 1179520977 M * mjt this file is now different on you vserver and on your master image 1179521016 M * mjt if you apply the upgrade to master image only, AND that upgrade does some stuff with httpd.conf (fixing something) -- it will not be applied to webserver, where it's needed 1179521023 M * Vesa_ mjt: But I do only update the master, and then let a script to give "identity" to all guests. E.g. setting of sshd_config.. I keep all the servers as similar as possible. It does not matter if I have apache on every host. FW anyway blocks access to the wong guests. 1179521058 M * mjt so every vserver is running *all* the services?? 1179521075 M * mjt even if only one service is needed on each? 1179521076 M * Vesa_ mjt: Why not? They are pretty idle 1179521101 M * mjt well, there are definitely better ways... ;) 1179521101 M * Vesa_ mjt: and I can disable them easilly so that they do not take resources... 1179521123 M * mjt looks like i use vserver for similar thing here 1179521131 M * mjt (to isolate services) 1179521153 M * Vesa_ mjt: Please tell me why there are better ways. I just want to upgrade once... 1179521197 M * mjt i've a common "guest" system installed - /vservers/common. Each guest mounts this directory at /vservers/$foo - mounts it *read-only* 1179521235 J * Aiken ~james@121.45.222.137 1179521237 M * mjt and i've a setup similar to /etc/rc?.d/ dirs but specific for each server 1179521254 M * mjt /etc/vserver/$foo/start.d inside /vservers/common 1179521279 Q * bonbons Ping timeout: 480 seconds 1179521285 M * mjt with symlinks to actual services needed - like in rc?.d - for this particular server only 1179521313 M * Vesa_ OK, but I would like to keep the "guest images" (I know you can not officially use that term with VServer) as self contained as possible, so that If I need to move them to another hosts it would be easy... 1179521328 M * mjt it IS self-contained 1179521330 M * mjt 100% 1179521363 M * mjt you can boot off it and all the services will be running there ;) 1179521402 M * Vesa_ And when you want to copy an image to completely another host, you just tar the guest you want to move? 1179521419 M * mjt aha 1179521435 M * mjt well. the "image" contains *all* guests in one place 1179521457 M * mjt so yes, each "small" guest is NOT self-contained, not at all 1179521492 M * mjt but provided you've similar common image on another machine, things becomes much simpler. 1179521521 M * Vesa_ yeah. Your approach might be better. 1179521529 M * harry my approach would be... 1179521545 M * harry make a "minimal image" with all "normal tools" needed 1179521552 M * harry bindmount ro 1179521567 M * harry and then, for guest-specific stuff, mount a rw /usr/local 1179521589 M * harry from your /etc/init.d, start all services listed in /usr/local/etc/init.d 1179521593 M * mjt (there's no need to bindmount it really - referring to /vservers/common directly works too) 1179521605 M * harry makes the "common" server easy to upgrade 1179521613 M * harry all guests upgraded at the same tine 1179521614 M * harry time 1179521615 M * mjt harry: that doesn't work with normal distributions 1179521621 M * daniel_hozac sure it does. 1179521627 M * harry sure... 1179521631 M * mjt you'll have to compile all the tools yourself 1179521631 M * harry hm... daniel_hozac 's right :) 1179521638 M * harry mjt: not really 1179521645 M * harry you can allways install to /usr/local ;) 1179521652 M * harry use /usr/local as your "root" 1179521675 M * harry all your servers are the same... but unique in what you put in /usr/local 1179521682 M * mjt and things will be trying to find their libs and configs in /etc/ while they're in /usr/local/etc/... 1179521707 M * harry not if they are built decently ;) 1179521710 M * Vesa_ Please explain, what bindmount is? Is it hard to do? 1179521716 M * mjt (union-mounting that stuff might work) 1179521734 M * harry Vesa_: mount -o bind /home/you /home/notyou ;) 1179521738 M * mjt lol 1179521747 M * mjt that's the best explanation i've seen ;) 1179521766 M * Vesa_ I'll try that on a VServer sandbox :) 1179521767 M * harry or... mount /etc /var/www -o bind,rw 1179521782 M * harry moehaha 1179521784 A * harry evil 1179521825 P * stefani I'm Parting (the water) 1179521838 A * harry shower 1179521946 M * Vesa_ So was the consensus to use, bindmount or mjt:s common hard linked /vserver/common approach? 1179522002 M * Vesa_ Compiling custom built tools does not seem very compelling (If I understood correctly, that would require me to study configure options for --prefix etc...) 1179522051 M * daniel_hozac bind mounts are probably the simplest way to get it. 1179522127 M * mjt Vesa_: by the way, by default you can't do mount/umount inside a guest 1179522164 M * Vesa_ daniel: but it requires you to compile everything yourself? 1179522206 M * daniel_hozac why would it? 1179522234 M * daniel_hozac personally, if my guests were all identical, i'd just go with a ro / bind mount, and a rw /etc. 1179522259 M * Vesa_ daniel; To get everything related to one server to be under /usr/local sounds guite hard. 1179522276 Q * tuxmania Quit: Leaving 1179522337 J * none ~chatzilla@h081217143251.dyn.cm.kabsi.at 1179522360 N * none dapain 1179522384 M * daniel_hozac Vesa_: you don't have to do that. 1179522425 M * Vesa_ OK. Then I fully do not understand yet, how this bindmount approach works. Are there somewhere a text I could read about it? 1179522462 M * daniel_hozac a bind mount just makes a directory accessible from another location in the filesystem. 1179522539 M * daniel_hozac if you bind mount the root filesystem from a common location, you just need to have a few per-vserver directories which you bind mount from somewhere else. 1179522604 M * daniel_hozac i.e. having /vservers/common bind mounted to /vservers/, and then /vservers/per-guest//etc to /vservers//etc, would give each guest an individual /etc directory tree. 1179522676 M * Vesa_ OK, Now I get it... 1179522706 M * Vesa_ I just need to sudy the bind mount, to do the above... 1179522772 M * mjt that's all tricky 1179522783 M * Vesa_ (This is probably more performance wise, than having completely separate guests, even though I like the self-contained image approach) 1179522792 M * mjt bind-mounting the whole /etc means the common part will not work anymore 1179522812 M * daniel_hozac not entirely, that's true. 1179522907 M * Vesa_ Thanks all, I must go to sleep. Mind if I come back tomorrow, asking more questions :) 1179522910 M * mjt bind-mounting only certain parts - one have to know those parts and list them somewhere. it becomes difficult to maintain 1179522922 M * daniel_hozac on the other hand, you'll always have to take care of the configuration files when you're using a shared image. 1179522930 M * mjt even simple things like /etc/password becomes.. tricky 1179522943 M * mjt passwd even 1179522972 J * wibble_ ~wibble@office.noc.uksolutions.net 1179522987 M * daniel_hozac that's true for every solution though. 1179523003 M * mjt config files aren't of a big concern when using completely-shared tree (as i do). Yes they show unnecessary info to "other" guests, but that's all. 1179523013 M * mjt what bothers me here is really private information 1179523029 M * mjt like /etc/bind/rndc.key for example 1179523048 M * mjt which should only be visible on a vserver doing dns, and not anywhere else 1179523148 M * daniel_hozac this is one of the reasons i don't really think a shared image scales. 1179523151 M * mjt so i use bind-mounts for this stuff - sometimes a single file, sometimes the whole dir 1179523165 M * mjt well, separate images scales even worse ;) 1179523173 M * daniel_hozac how so? 1179523219 M * mjt more memore. more. More. MORE!!! :) 1179523244 M * daniel_hozac hashification gets you all of the disk/memory benefits, without any of the hassle. 1179523248 M * mjt (and more upgrade work.. but upgrades costs someting in my case as well) 1179523272 M * daniel_hozac vyum --all -- update doesn't really make fingers ache :) 1179523283 M * daniel_hozac +my 1179523341 M * mjt well yes 1179523354 M * mjt probably - i haven't tried ;) 1179523369 Q * gerrit Ping timeout: 480 seconds 1179523372 M * mjt looks quite scary - one simple command to crash them all :) 1179523391 M * mjt (not that it's different in my case) 1179523407 Q * wibble Ping timeout: 480 seconds 1179523556 M * mjt here, i actually run that "common" image sometimes - it's built from all the small pieces of all the guests, taken together. For exactly this purpuse - for upgrades to work correctly 1179523562 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1179523599 P * dapain 1179523841 P * edeschen Leaving 1179524224 Q * meandtheshell Ping timeout: 480 seconds 1179525953 J * meandtheshell ~markus@85-124-233-31.work.xdsl-line.inode.at