1189555426 J * michal` ~michal@www.rsbac.org 1189555658 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1189555874 Q * dna Quit: Verlassend 1189556007 Q * yarihm Quit: This computer has gone to sleep 1189558924 M * dennis ahh! i've a problem: my remote console prints any chars to screen (endless!): http://img386.imageshack.us/img386/6047/snapshot3st8.png 1189559035 M * Bertl and you are not sitting _on_ your keyboard, I presume? 1189559047 M * dennis lool. no! ;) 1189559072 M * Bertl well, probably the kernel tried to use acpi to reboot and for some reason that failed 1189559073 M * dennis the entering of my password to log in works 1189559113 M * Bertl is this over some remote console? 1189559130 M * dennis yes 1189559149 M * dennis its not a new installed system 1189559160 M * Bertl could be that the RC is confused too, try to reset it 1189559223 M * dennis ohh... the providers admin panel says: Server: Serial Console: Function currently unavailable. Your server is not completely configured. 1189559226 M * dennis wtf. :S 1189559291 M * dennis crazy! now the message is away. :-/ 1189559332 M * dennis and the login to the remote console doesn't work: permission denied. -- well, i think the remote console is in trouble. ;) 1189559399 M * Bertl yeah, it's really funny, most systems have specialized processors and are quite cost intensive, and still, they do not provide the simplest serial console function properly 1189559417 M * Bertl another thing where we can thank Micro$oft :) 1189559470 M * dennis hehe. yeah, thats really true! ;) 1189559698 M * dennis oh. login works again, but the chars already appear to display. :-/ 1189559809 M * Bertl well, it might sched some light if you could figure what char that actually is 1189559814 M * dennis a server restart (from admin panel) doesn't resolve the problem. 1189559849 M * Bertl I see several possible causes for this behaviour 1189559883 M * Bertl the most likely one is that the RC is actually inputting the keys, and the machine is just echoing them back 1189559929 M * dennis mh. okay. i understand, but a restart could resolve this trouble, thats right? 1189559945 M * Bertl a restart of the remote console, yes 1189559985 M * dennis so, i try to start the server rescue system 1189560001 M * dennis and login to the remote-console again. 1189560063 M * dennis mh. the provider (strato) doesn't offers any solution to restart the remote-console. 1189560105 M * Bertl time for a call? 1189560125 M * dennis yes. :) 1189560178 M * dennis where are you come from? 1189560188 M * Bertl Austria, Europe 1189560227 M * dennis ohh... a neighbor ;) 1189560237 M * dennis i'm living in frankfurt. ;) 1189560275 M * Bertl congrats! :) 1189560368 M * dennis okay. the login (ssh AND remote console) to the rescue system works! 1189560377 M * dennis without any crazy chars. ;) 1189560434 J * friendly12345 ~friendly@ppp59-167-90-160.lns1.mel6.internode.on.net 1189560838 M * dennis i'm confused! 1189560839 M * dennis :-/ 1189560899 M * Supaplex but you're dennis. 1189560931 M * dennis lol :) 1189561273 M * dennis anybody an idea? 1189561332 A * Supaplex 's lost 1189561408 M * dennis the support hotline is only available from 8am to 8pm. :-/ 1189561416 M * Supaplex ouch 1189561451 M * dennis 4 hours to wait. :-/ 1189561470 M * Supaplex that's one mean hold time 1189561483 M * Bertl that's service in germany :) 1189561619 M * dennis yes! :( 1189562319 M * friendly12345 Bertl: Can I ask you a quick question before you head off to sleep? 1189562348 M * Bertl sure 1189562371 M * friendly12345 Bertl: Offhand, what would be the most elegant way of doing network traffic accounting eg. log exactly how much bandwidth each vserver is using? 1189562396 M * Bertl a simple iptables rule for each guest will do 1189562413 M * friendly12345 As simple as that? 1189562424 M * Bertl (rules can account traffic flow, and based on guest ips, that should do the trick) 1189562465 M * friendly12345 Thanks 1189562485 M * Bertl np 1189562721 M * Bertl in addition to that, you can get pure data accounting from the network context 1189562737 M * Bertl i.e. it will do socket data and packet accounting for you 1189563477 J * daniel_hozac_ ~daniel@c-051472d5.08-230-73746f22.cust.bredbandsbolaget.se 1189563611 Q * daniel_hozac charon.oftc.net panulirus.oftc.net 1189563881 Q * yang Ping timeout: 480 seconds 1189564174 J * virtuoso_ ~s0t0na@pppoe-53.58.110.89-adsl.spbnit.ru 1189564292 Q * virtuoso Read error: Connection reset by peer 1189564355 M * dennis yeah! my server works again! :) 1189564413 M * Supaplex yay! 1189564488 M * dennis i think it was a little mistake of myself in /boot/grub/menu.lst - a wrong baud rate of remote console. :-/ 1189564505 M * Supaplex heh ewps 1189564559 M * dennis i removed the last 0 from 57600, the default baud rate. 1189564572 M * dennis *plonk* :D 1189567357 M * dennis i hate networks. ;) 1189567369 J * Catas ~poultryge@cpe-76-174-226-33.socal.res.rr.com 1189567374 P * Catas 1189567379 M * Supaplex typos bite back. 1189567381 M * dennis anybody an idea how i detect my network gateway? 1189567397 M * Bertl hmm? 1189567410 M * dennis dhcp views: SIOCADDRT: Network is unreachable 1189567427 M * Supaplex put one foot in front of the other until you're at the feet of the network admin. ask him/her. 1189567441 M * Bertl lol, yeah 1189567441 M * dennis in internet i read, the default gateway must be setting. 1189567463 M * dennis lool 1189567514 M * dennis the old dhcp version on gentoo configures the network correctly. =) 1189567554 M * Bertl so why did you switch to a 'new' one? 1189567572 M * dennis i upgrade to debian etch. ;) 1189567596 M * dennis i migrate from gentoo to debian. 1189567610 M * Bertl gentoo folks will debate about calling that an 'upgrade' :) 1189567660 M * Bertl maybe the interface is not up and thus dhclient (or whatever you use) cannot send packets? 1189567687 M * Bertl best check with #debian or so ... 1189567710 M * dennis gentoo will run as an vserver. ;) 1189567723 M * dennis mh. okay. i go to #debian. =) 1189568575 M * dennis okay. it works. without any help! :D 1189568585 M * Bertl excellent! 1189569541 M * Ashsong|away Bertl: ping 1189569545 N * Ashsong|away Ashsong 1189569549 M * Bertl Ashsong: pong! 1189569612 M * Ashsong heya. I'm trying to fill out the vcmd_net_addr_ipv?_v1 structs. 1189569629 M * Ashsong Do I need to specify any particular values for the mask and prefix fields? 1189569642 M * Ashsong (i.e. is 0 okay so long as I'm only adding a single address in the call?) 1189569673 M * Ashsong also, are appropriate types VXA_TYPE_ADDR | VXA_TYPE_IPV? and flags=0 likely to be okay? 1189569675 M * Bertl well, /32 or 0 is fine if you do not need network related stuff 1189569685 M * Bertl i.e. for a single ip it should be fine 1189569737 M * Ashsong am I correct that /32 (or /128) is, in binary, 0xFFFF..FF ? 1189569765 M * Ashsong (As I understood the code, masks were only used to assign an entire network of IPs to a net-context. 1189569769 M * Ashsong ) 1189569771 M * Bertl yep, as /24 is 255.255.255.0 1189569798 M * Ashsong (therefore, it didn't actually matter what I specified for the field since none of the codepaths I intend to exercise will be using it) 1189569909 M * Bertl yeah, I think so 1189569925 A * Ashsong is now attempting to run the code... 1189569927 M * Ashsong :) 1189571631 J * hparker ~hparker@linux.homershut.net 1189571661 Q * Adrinael Ping timeout: 480 seconds 1189571667 M * Bertl wb hparker! 1189571681 M * hparker heya Bertl, how goes? 1189571692 M * Bertl fine, thanks, and you? 1189571737 M * hparker Long day... Left the house at 06:30, getting in at 23:15.. 3 hour drive each way 1189571864 J * Adrinael adrinael@rid7.kyla.fi 1189571882 M * Ashsong Bertl: thanks for the help. vc_net_add_ipv? is unhappy because I'm giving it invalid arguments, but the create() and run() calls appear to work fine. I'll investigate further tomorrow. 1189571887 M * Ashsong 'night! 1189571888 M * Ashsong :) 1189571893 N * Ashsong Ashsong|sleep 1189571896 M * Bertl have a good one! 1189573106 J * bhoot ~weechat@tor-irc.dnsbl.oftc.net 1189573114 M * Bertl welcome bhoot! 1189573155 M * bhoot im totally confused about vserver networking :-( 1189573194 M * Bertl maybe you used to use UML or QEMU or something like that? 1189573205 M * bhoot youve guessed it! 1189573223 M * Bertl okay, then simply forget everything you learned there about networking :) 1189573238 M * bhoot can I get similar features with vserver? 1189573240 M * Bertl focus on what you learned about Linux networking 1189573263 M * Bertl and remember that Linux-VServer does IP isolation 1189573279 M * Bertl i.e. it will you allow to 'assign' certain IPs to specific guests 1189573293 M * Bertl which in turn, will be 'allowed' to bind to those IPs 1189573317 M * Bertl everything else (regarding networking) is done on the host 1189573375 M * bhoot how do i prevent any connections from vserver to servers on the host that only listen on 127.0.0.1 1189573408 M * Bertl 127.0.0.1 is a little bit special, by default, it is not given to any guest 1189573420 M * Bertl (instead the 127.0.0.1 is remapped to the first assigned ip) 1189573442 M * Bertl recent devel versions do an auto mapping to 127.x.y.1 ... 1189573481 M * Bertl but except for broken apps, you do not need 127.0.0.1 at all 1189573483 M * bhoot looks like if I assign *no* entries in the interfaces directory then *all* outgoing connections are allowed as if the programs were running in the host context. 1189573547 M * Bertl actually if you assign no entries, then there should be no networking inside the guest (but I think certain tool versions did interpret that as allow any) 1189573619 M * bhoot i shouldve mentioned. im running debian etch kernel with vserver. 1189573702 M * bhoot so there must be some cap/flag entries to set in order to prevent all networking. 1189573817 M * bhoot ah. i got your remark about 127.0.0.1 being mapped to the first ip. that explains some other confusion that I had. 1189573921 M * bhoot Bertl: so one way to prevent all outgoing network connections is to define an interface with dummy and then not allow any forwarding? 1189573973 M * Bertl sorry, had a power outage ... back now 1189573991 M * bhoot should I repeat my question? 1189574004 M * Bertl nah, I have a backlog 1189574125 M * Bertl first, if you are with debian, update :) 1189574142 M * Bertl i.e. get a recent kernel and tools (from backports or sid) 1189574176 M * Bertl second, you can easily check _what_ got assigned via /proc/virtnet//* 1189574213 M * Bertl third, you are not preventing any traffic, you are preventing or restricting the ability to bind to certain IPs 1189574216 M * bhoot Bertl: the update part is tricky. the proc hint is really useful. 1189574247 M * Bertl and there is nothing forwarded in a setup where you allow a guest to reach the outside 1189574267 M * Bertl i.e. you get the direct connection there, no overhead of a virtual network stack 1189574422 M * bhoot Bertl: so if assign an ip that is not on a public interface then this guest is locked in? 1189574522 M * Bertl if that ip cannot reach the outside on the host, then yes 1189574541 M * Bertl all network related questions can be reduced to the host view 1189574570 M * Bertl i.e. if any ip can do this or that _on_the_host_ then you can assign it to the guest and the guest can do exactly that :) 1189574604 M * bhoot ok. so if i want the guest to have the ability to connect to its assigned ip then i need to allow incoming connections to that ip on the host. 1189574641 M * Bertl not exactly, but close ... let me break it down: 1189574671 M * Bertl - if you want the guest to have the ability to connect to its assigned ip, then you 'assign' that ip to the guest :) 1189574699 M * Bertl - if you want the guest IP to be reachable from the outside, then you ahve to make sure that it is reachable 1189574715 M * Bertl (the latter one is identical to making a host ip reachable) 1189574753 M * bhoot i'm running netfilter so I suppose an INPUT rule is needed for the the assigned ip as well. 1189574772 M * Bertl as would be if it was a purely host ip :) 1189574844 M * bhoot ok. im getting it. i was wondering at the guest not being able to connect to its own loopback address. but that is now its assigned ip! 1189574882 M * Bertl right, unless you are using vs2.3.x, you simply consider 'localhost' identical with the first assigned ip 1189574898 M * Bertl (and it usually helps to put that into /etc/hosts too) 1189574930 M * Bertl also note that traffic between host and guest as well as between guests (on the same host) goes via 'lo' 1189574980 M * bhoot so is should be enough to put a rule like "iptables -A INPUT -i lo -j ACCEPT"? 1189575011 M * bhoot ^s/is/it/ 1189575026 M * Bertl well, I'd assume you have a similar rule already, otherwise no service would be able to connect to localhost 1189575087 M * bhoot actually, i seem to have "iptables -A INPUT -d 127.0.0.1 -i lo -j ACCEPT" which would not work! 1189575120 M * Bertl okay, in this case you want to extend that to guest and host IPs 1189575151 M * Bertl (otherwise pinging your IPs on the host would fail either) 1189575267 M * bhoot Bertl: thanks for all the help. youve given me a lot to ponder over and experiment with. i'll try figuring it out some more on my own now. 1189575326 M * Bertl you're welcome! 1189575430 J * hallyn_ ~xa@adsl-75-0-151-253.dsl.chcgil.sbcglobal.net 1189575451 Q * hallyn Read error: Connection reset by peer 1189575698 Q * hparker Quit: g'nite 1189575744 J * duckx ~Duck@tox.dyndns.org 1189575759 M * Bertl wb duckx! 1189575787 Q * bhoot Ping timeout: 480 seconds 1189576388 Q * sharkjaw Quit: Leaving 1189576402 J * sharkjaw ~gab@158.36.44.106 1189577104 N * wilmer_ phedny 1189577697 M * duckx Hy Bertl ! 1189577709 M * duckx Need to rush to go to work ,) 1189577713 M * duckx See ya ! 1189577715 M * Bertl cya 1189577721 J * DavidS ~david@vpn.uni-ak.ac.at 1189577729 M * Bertl morning DavidS! 1189577845 M * dennis exists any way to use multiple gentoo guests without a shared distfiles dir? 1189577860 M * dennis any params or so =) 1189577962 M * Bertl not sure what you are asking :) 1189578119 M * dennis i need 2 gentoo guests. the first one is already created. on creating the second one the followed message will show: "Cannot find distfiles directory! You should definitely use a shared distfiles directory if you have multiple Gentoo guests!" 1189578143 M * DavidS hey bertl! 1189578151 M * Bertl dennis: aha, interesting :) 1189578175 M * Bertl dennis: better ask Hollow here, he should be the specialist in this area 1189578212 M * dennis okay, i will ask him... 1189578214 M * dennis http://gentoo-wiki.com/HOWTO_Setup_local_Portage_and_Package_Mirror 1189578219 M * dennis "Please select an appropriate server from the Gentoo Mirror List for retrieving the distfile directory - it is about 50 gigabytes and will take a minimum of several days to download." 1189578234 M * dennis wow :-S 1189578242 M * Hollow dennis: if your host is not gentoo, the preinst script cannot automatically find a shared portage tree, but your also not forced to use one 1189578246 M * dennis to much for 2 guests ;) 1189578275 M * Hollow but it is really recommended to do so :) 1189578292 M * Hollow you don't want to sync 12000 files in each guest, do you? 1189578301 M * Hollow same for distfiles .. 1189578367 M * dennis mh. i understand the problem. i'm using gentoo since a few years. 1189578381 M * dennis the problem is, on the server are only 80gb available. 1189578400 M * Hollow well, you don't have to download all 50G of distfiles :) 1189578417 M * Hollow is the host gentoo? 1189578431 M * dennis its a leased webserver - without hardware access. 1189578436 M * dennis no, its debian etch. 1189578462 M * Hollow ok, sec 1189578485 M * dennis okay. :) 1189578507 M * Hollow dennis: http://paste.linux-vserver.org/6554 1189578526 M * Hollow if you use this on the host, you should be fine and automatically get shared portage/distfile 1189578636 M * dennis i'll try it. 1189578695 M * dennis how many gb are downloading? 1189578774 M * dennis all the 50gbs, too? 1189578830 M * dennis ah. its ready! :) 1189578918 M * dennis while creating the new gentoo guest, the same error occurred: Cannot find distfiles directory! You should definitely use a... 1189579027 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch 1189579260 M * friendly12345 dennis: have you checked the Gentoo vserver docs? 1189579268 M * Hollow dennis: mkdir /usr/portage/distfiles 1189579271 M * Hollow it does not get synced 1189579280 M * Hollow you will download distfiles on demand 1189579289 M * Hollow and you can also remove them from time to time 1189579355 M * dennis Hollow: oh. i forget to create the dir. ;) 1189579360 Q * balbir Ping timeout: 480 seconds 1189579365 M * Hollow i forgot to tell you :) 1189579391 M * dennis yeah haaa... it works! :) 1189579410 M * Hollow :) 1189579418 M * dennis thanks for your help! :) 1189579425 M * Hollow you're welcome 1189579855 Q * zLinux Ping timeout: 480 seconds 1189580026 Q * dilinger Remote host closed the connection 1189580042 J * dilinger ~dilinger@mail.queued.net 1189580065 M * dennis its possible to move an already installed gentoo-installation to an vserver-guest? (like this: http://linux-vserver.org/util-vserver:Howto_virtualize_an_exisiting_Linux_server) 1189580181 M * Hollow yes, it is possible, but depending on your version of baselayout it might be a bit tricky 1189580245 M * dennis can i compile the new version of baselayout in chroot? 1189580273 M * Hollow best would be to upgrade to baselayout-2 first 1189580273 J * zLinux ~zLinux@88.213.32.19 1189580290 M * dennis the already installed gentoo version uses gcc 3.4 1189580307 M * Hollow just baselayout matters 1189580613 M * dennis in portage, i see sys-apps/baselayout-vserver 1189580636 M * Hollow do not use it :) 1189580653 M * Hollow >=sys-apps/baselayout-2 supports vservers out of the box 1189580660 M * Hollow baselayout-vserver has been deprecated 1189580859 M * dennis cool! okay! :) 1189581046 M * dennis echo "=sys-apps/baselayout-2.0.0_rc4-r1" >> /etc/portage/package.unmask -- package.unmask is the right filename? 1189581237 M * dennis baselayout-2 is compiled! 1189582003 M * Hollow dennis: good, now you can use / and move it to a vserver :) 1189582021 M * Hollow better copy ;) 1189582140 M * dennis i'm alrady logged in... =) 1189582148 M * dennis but many services are not running 1189582155 M * dennis mysql, postfix, usw. 1189582157 M * dennis apache works! :D 1189582332 Q * yarihm Quit: This computer has gone to sleep 1189582505 M * dennis mysql breaks down without any error in logfile 1189582511 M * dennis :( 1189582522 M * dennis * start-stop-daemon: caught an interupt 1189582522 M * dennis * start-stop-daemon: /usr/sbin/mysqld died 1189582546 M * Hollow which version of mysql? 1189582547 M * dennis the error logs are empty 1189582570 M * dennis mysql Ver 14.12 Distrib 5.0.44, for pc-linux-gnu (x86_64) using readline 5.2 1189582578 M * dennis 5.0.44 1189582614 M * Hollow hm, pretty up to date ... try upgrading/remerging dev-db/mysql-init-scripts 1189582616 M * Bertl and your guest is 64 bit, yes? 1189582626 M * dennis yes, host and guest. 1189582640 M * Bertl just checking :) 1189582658 M * Bertl maybe try with strace -fF 1189582736 M * dennis haha... on compiling strace: 1189582737 M * dennis ./configure: line 3084: cannot create temp file for here document: No space left on device 1189582775 M * Bertl so maybe extend tmpfs or so? 1189582778 M * dennis none 16M 16M 0 100% /tmp 1189582786 M * dennis yes... is used to 100%. :-/ 1189582791 M * Hollow looks like clamav :) 1189582799 M * dennis hihi 1189582808 M * Hollow do have clamav running? 1189582812 M * dennis yes 1189582822 M * Hollow change it's tmp path in /etc/clamd.conf 1189582826 M * Hollow sth like /var/tmp 1189582826 J * meandtheshell ~markus@85-127-116-52.dynamic.xdsl-line.inode.at 1189582827 M * dennis but it was "df -h" 1189582840 M * Hollow 16M is too little for clamav database 1189582850 M * dennis its to little for mysql, too 1189582854 M * dennis ;) 1189582862 M * Hollow but mysql doesn't store it's files in /tmp 1189582868 M * Hollow *its 1189582875 M * Bertl which is good :) 1189582882 M * dennis mh. yes. thats rights. :/ 1189582903 M * dennis how i can extend /tmp? 1189582915 M * Bertl change the line in fstab (config) 1189582930 M * dennis on host /etc/vservers/...? 1189582934 M * Bertl yep 1189582950 M * Hollow but i'd really recommend to ue another tmp dir for clamav :) 1189582963 M * Bertl yes, indeed 1189583021 M * dennis okay, i'll change it! :) 1189583027 M * dennis thanks for the note 1189583075 J * dna ~dna@201-231-dsl.kielnet.net 1189583245 M * dennis mh. i recompile mysql 1189583409 M * dennis or better: i restart the server and boot the old gentoo... and today evening / night, i'll install a new clean system (vserver). :) 1189583474 M * Bertl make that, no need to hurry ... 1189583570 Q * hijacker Read error: Connection timed out 1189583583 M * dennis the servers downtime is to long. :/ i haven't a fall back server at the moment so i'm working on night. :-| 1189583610 M * Bertl see, that will soon be over with Linux-VServer 1189583628 M * Bertl you can always keep a fall back guest then ... 1189583648 M * Hollow :) 1189583650 M * dennis yes, thats right! thats one reason to change from a single-system to vserver. :) 1189583728 M * eyck yes, if only vserver would do checkpointing 1189583753 M * Bertl then you could do what exactly? 1189583756 M * eyck there's an article on state of 'containers' on lwn, and they won't let me read it. 1189583784 M * eyck Bertl: move guest to another server without interrupting service 1189583806 M * Bertl eyck: you can do that with Xen already 1189583827 M * eyck and with vmware, but not with vserver 1189583843 M * Bertl yes, and there is a good reason for that :) 1189583854 M * eyck what? 1189583858 M * Bertl performance 1189583863 M * eyck uh? 1189583867 M * Bertl well, actually there are several reasons 1189583877 M * Bertl limited use is another one 1189583881 M * eyck uh? 1189583895 M * dennis Bertl: Hollow: thanks for your help! :) i'll go to bed. at evening i'm here again. have a nice day! :) 1189583909 M * dennis cul 1189583909 M * Bertl dennis: u2! cya 1189583918 M * Hollow night 1189583937 M * eyck so it's just like any other feature, like vhashify, cow, and quota 1189583972 Q * dennis Remote host closed the connection 1189583987 M * Bertl hmm? 1189583992 M * eyck that I understand, what I don't understand is 'performance reasons for avoiding checkpointing' ? 1189584036 M * Bertl well, to allow for migration, you have to use virtualization in all places (not just isolation) or at least all existing solutions do that 1189584062 M * Bertl you cannot (easily) for example share a filesystem or so 1189584082 M * eyck hmm, I know of ~7 different checkpointing solutions, and they all do checkpointing without virtualization 1189584099 M * Bertl really? let's hear ... 1189584110 M * eyck and have no problems with sharing a filesystem 1189584232 M * Bertl please share at least a few of them with us :) 1189584235 M * eyck epckpt, condor, crak etc.. 1189584317 M * Bertl crak is 2.2/2.4 only and operates on processes 1189584325 M * eyck correct. 1189584359 M * Bertl but yes, that might be applicable to guests to some extend 1189584383 M * eyck I know only one feasible checkpointing solution for current kernels, 1189584385 M * Bertl nevertheless, you have to preserve things like pid or so across systems, which is nontrivial 1189584415 M * eyck well, you're already virtualising pids, so it seems like that shouldn't be that hard 1189584428 M * Bertl ah, no, actually we are not :) 1189584433 M * eyck hmm 1189584437 M * Bertl we are just isolating them 1189584443 M * eyck wait a moment. 1189584455 M * eyck uuh, right. 1189584470 J * hijacker ~hijacker@213.91.163.5 1189584476 M * Bertl wb hijacker! 1189584477 M * eyck I was fooled by fakeinit flag 1189584490 M * Bertl yeah, that is some kind of special case virtualization 1189584547 M * Bertl and if there weren't stupid programs depending on pid=1 being init, we wouldn't need that hack 1189584584 M * eyck hmm, pid virtualisation is non-trivial? 1189584612 M * Bertl but basically you are right, I think it is doable without virtualizing everything away, but you have to do it really smart 1189584615 M * eyck it seems trivial in comparision to other tricks that vserver is playing 1189584688 M * Bertl but as mainline is heading towards heavier virtualization, I think we should simply wait the few months ... and then we have checkpointing for heavy weigth guests and the usual stuff for lightweight ones 1189584732 M * eyck then you'd have to do the same to tcp/ip sockets and IPC, and then you've got something that makes xen/vmware solutions look like overweight baboons 1189584748 M * eyck I can do that, 1189584753 M * Bertl my personal opinion is that a mosix like approach will be the future for Linux-VServer at some point 1189584783 J * esa ~esa@ip-87-238-2-45.adsl.cheapnet.it 1189584789 M * eyck hmm, I believe you would need much more virtualisation for mosix-like then for simple checkpointing 1189584793 Q * eSa| Ping timeout: 480 seconds 1189584833 M * Bertl not necessarily, and you can assume certain setups across the farm 1189584864 M * Bertl and something like that would be really useful for expanding and maintaining larger setups 1189584932 M * eyck I do believe checkpointing would be first logical step towards that end 1189584940 M * DavidS a simple case might be something like 2-pc heartbeat failover scenario 1189584954 M * Bertl e.g. a cluster farm could configure IPs in a synchronous mode 1189584966 M * DavidS you could solve the pid virtualisation there by partitioning pid space 1189584986 M * Bertl thus, port bindings can be moved around without need for further virtualization 1189585005 M * eyck DavidS: oh, I'm thinking of something more, let's say you've got ~12 different servers, with checkpointing, you can load-balance their load, and load-match vserver requirements to available hardware 1189585023 M * Bertl eyck: only very non-realtime 1189585041 M * eyck Bertl: sub-second delay in migration would be achievable 1189585042 M * Bertl otherwise you end up creating much more load than you are trying to balance out 1189585062 M * DavidS recent research on self-configuring services show that already 5-minute configuration intervals bring better performance overall 1189585078 N * esa eSa| 1189585084 M * eyck Bertl: I'm not talking about handling one-second peaks, just handling multi-hour differences in load 1189585138 M * Bertl you can do that with Xen right now, has anybody actually done that so far? 1189585187 M * eyck Bertl: Xen is very heavy-weight, needs way more resources, requires RAM separation etc.. 1189585209 M * Bertl so? even more reason to balance it out, no? 1189585242 M * eyck hehe 1189585284 M * eyck I'm just saying, I would like to see that in vserver 1189585291 M * Bertl what I mean is, yeah, would be nice to have sub second load balancing of guests across a 'mosix' farm or so ... but is it worth the efford? probably not 1189585317 M * eyck I'm not forcing anyone to write code, as daniel said he's feeling when handling bug requests with 'will not fix' 1189585353 M * eyck well, if you've got one big server and that's it.. probably not. 1189585358 M * Bertl 'bug requests' I have to memorize that :) 1189585387 M * eyck this is not bug requests, this is feature query 1189585482 M * eyck btw, I already tried checkpointing with vserver some time ago 1189585492 M * eyck >1year ago, 1189585499 M * Bertl and? how was it? 1189585521 M * eyck I would use userspace solution, freeze all the processes, transfser to another machine, and unfreeze there 1189585525 M * eyck so so, 1189585543 M * eyck most things wouldn't work, any networking would die etc.. 1189585564 M * eyck but I was under an impression that it's pretty close to working nicely. 1189585587 M * eyck (ie, move to another machine, start empty guest, unfreeze processes ) 1189585744 M * Bertl ah, well, devil's in the detail :) 1189585762 M * Bertl anyway ... off to bed for today ... have a good one everyone! 1189585768 M * eyck g'night. 1189585772 N * Bertl Bertl_zZ 1189586018 M * hijacker cheers 1189586098 N * virtuoso_ virtuoso 1189586290 J * dsoul_ darksoul@vice.ii.uj.edu.pl 1189586597 P * friendly12345 1189586688 Q * dsoul Ping timeout: 480 seconds 1189586753 J * yarihm ~yarihm@whitehead2.nine.ch 1189587126 J * lilalinux ~plasma@dslb-084-058-199-180.pools.arcor-ip.net 1189587527 Q * ex Ping timeout: 480 seconds 1189587649 M * igraltist hi 1189587699 M * igraltist can i the graficcard in a vguest? 1189587774 M * sid3windr exqueeze me? 1189587981 M * eyck let me translate, 1189587995 M * eyck igraltist: yes, you can use your graphic card in a vserver guest, 1189588040 M * eyck but Xorg requires special permissions, some of which (like /dev/mem access) brake the security of vserver 1189588050 M * eyck there's a wiki about that I think 1189588084 M * igraltist ah ok 1189588154 M * eyck I'm using Xorg in vservers, but only on personal workstations ( as I don't require protection from xorg's vserver there ) 1189588161 M * igraltist is it for me desktop, i moment i have gentoo hardend and some wine apps not really work good, so for this i was think mayby in a vguest put a normal gentoo 1189588233 M * igraltist so display from a vserver guest can it use on the vt8? 1189588271 M * eyck yes, that's one possibility. normal xorg on vt7, vserver xorg on vt8 or some other 1189588317 M * igraltist ok 1189588322 M * igraltist thanks 1189588404 M * eyck hmm, but if you're just thinking on moving few apps to vserver, why not ssh to it and use X11-forwarding? 1189588429 M * eyck try http://linux-vserver.org/Vservers+and+X 1189588433 M * eyck bye. 1189588791 M * ard X11 forwarding over ssh is slower dan /tmp/.X0 1189588823 M * ard and it will definitely not give you GL :-) 1189588923 M * ard putting /tmp/.X11-unix/ as a bind in /etc/vservers//fstab gives at least a unix socket 1189588955 M * ard the next problem is that you have to have the magic-cookie 1189589300 N * daniel_hozac_ daniel_hozac 1189590168 M * igraltist so not so easy or ? 1189591402 J * ex ex@81.219.196.129 1189592006 Q * igraltist Ping timeout: 480 seconds 1189592451 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1189593044 M * ard xauth nextract $DISPLAY|xauth nmerge - 1189594231 N * pmenier pmenier_off 1189594423 J * Julius ~julius@p57B2614B.dip.t-dialin.net 1189594451 M * Julius hiho 1189594876 Q * yarihm Quit: This computer has gone to sleep 1189595102 Q * rorem- Quit: using sirc version 2.211 1189595198 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1189596505 J * rorem- ~roremtank@bzq-219-46-202.isdn.bezeqint.net 1189596619 J * pi06jw9 pi06jw9@hacke-6.student.lth.se 1189596621 Q * Baby Read error: Connection reset by peer 1189596658 Q * nebuchadnezzar Read error: Connection reset by peer 1189596680 J * Baby ~miry@195.37.62.208 1189597582 J * yarihm ~yarihm@vpn-global-dhcp3-022.ethz.ch 1189598122 N * pmenier_off pmenier 1189599362 M * bXi i have some obscure linux installation here which needs to be converted into a vserver guest 1189599368 M * bXi whats the best way to do this? 1189599378 M * bXi (i've installed the install inside vmware now) 1189599867 M * Julius hehe 1189599889 M * Julius you could try and copy the entire filesystem into a vserver 1189599921 M * bXi i figured that much but what about the config 1189600211 M * epicbjorn you build it as a skeleton 1189600224 M * epicbjorn (vserver crackhead build -m skeleton .. ) 1189600232 M * epicbjorn and then copy the rest of the file system over 1189600237 M * bXi hmmm interesting 1189600301 A * ard starts to cry 1189600339 M * ard The best way to learn about vserver is to keep reading #vserver 1189600347 A * ard didn't know about -m skeleton ;-) 1189600356 M * bXi and what would the smartest way of copying the data ? 1189600371 M * ard start the vmware instance 1189600375 M * ard and rsync it? 1189600403 Q * lilalinux Remote host closed the connection 1189600497 M * bXi hmmm 1189600507 M * bXi and with what rsync command? :p 1189600529 A * bXi == rsync n00b :P 1189600565 M * ard from the instance: rsync -va --progress --exclude /proc --exclude /sys --exclude /dev / :/var/lib/vservers/ 1189600566 M * ard eh 1189600568 M * ard from the instance: rsync -va --progress --exclude /proc --exclude /sys --exclude /dev / :/var/lib/vservers// 1189600584 M * ard or even: 1189600589 M * ard from the instance: rsync -vaH --progress --exclude /proc --exclude /sys --exclude /dev / :/var/lib/vservers// 1189600677 J * lilalinux ~plasma@dslb-084-058-199-180.pools.arcor-ip.net 1189600698 Q * hijacker Read error: Connection reset by peer 1189600753 J * hijacker ~hijacker@213.91.163.5 1189600782 M * bXi crappy 1189600789 M * bXi cant start ssh on the targethost 1189600798 M * daniel_hozac so, do it on the source host. 1189600801 M * bXi port 22 is in use already and i cant shut it down 1189600832 M * bXi does rsync work like scp ? 1189600842 M * daniel_hozac hmm? 1189600855 M * ard the targethost in the example is the rootserver... 1189600880 M * bXi yeah 1189600891 J * jmcaricand ~user@d83-179-189-134.cust.tele2.fr 1189601008 M * bXi in this case you rsync / :/bla 1189601018 M * bXi but does rsync no 1189614060 M * dennis_ verserver can connect directly to any other vserver guest. would like to connect any guest to any other guest the iptables on host allows (or disallowed) the routing. its possible to realize that? What do you think about it? 1189614115 M * daniel_hozac what? 1189614197 M * sid3windr grin 1189614277 M * dennis_ okay, short: i'm searching for a solution so only selected vserver guests connect to services/ports on any other vserver. 1189614306 M * daniel_hozac so, use iptables. 1189614320 M * daniel_hozac just remember that any host<->guest or guest<->guest traffic will use lo. 1189614468 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1189614490 M * dennis_ ah. okay! i'm thinking to complicated. ;) 1189614562 M * bXi is it possible to let someone hop from vserver a to b without using ssh or something? 1189614595 M * daniel_hozac hmm? 1189614603 M * daniel_hozac like, to migrate between contexts? 1189614618 M * bXi well from the host i can vserver $name enter 1189614646 M * bXi i'd let a mate of mine do the same without giving him access to the host server 1189614665 M * daniel_hozac yeah, uh, that would be a huge security risk, so no. 1189614906 M * bXi and what if you'd do it controlled 1189614921 M * bXi like using the idea between groups and rights? 1189614929 M * bXi chmod 775 $vserver 1189614932 M * bXi something like that 1189614942 M * bXi and then that users of group $vserver can enter it 1189614960 M * daniel_hozac they'd still need access to the host. 1189614970 M * eyck you can have shared directory between vservers, if that's what you want 1189614988 Q * yarihm Read error: Connection reset by peer 1189615061 M * daniel_hozac what you're asking essentially boils down to "can i escape from a guest". if the answer would be yes, we'd be doing something wrong... 1189615305 M * eyck well, I imagine that giving someone access to a set of hosts would be nice, and hopping from one to another wouldn't be wrong 1189615407 M * matti Hi eyck daniel_hozac bXi * 1189615409 M * daniel_hozac you should never be able to go up/to the side of the chain of contexts. 1189615413 M * daniel_hozac hello matti 1189615443 M * dennis_ daniel_hozac: i hope so! ;) 1189615466 M * bXi daniel_hozac: if this is properly designed i dont see problems 1189615475 M * daniel_hozac "this"? 1189615477 J * jmcaricand ~jmcarican@d90-144-123-77.cust.tele2.fr 1189615485 M * eyck "going sideways" 1189615490 M * bXi that yeah 1189615500 M * daniel_hozac that would be going up and then down again. 1189615526 M * bXi i'm no c++/kernel programmer but i think that if you take proper precautions that it should theoretically work 1189615531 M * daniel_hozac the kernel is C. 1189615549 M * eyck mostly C 1189615562 M * bXi i do perl/php 1189615564 M * eyck anyone can play anal-retentive game ;) 1189615564 M * daniel_hozac except... you don't have any way to say "this context can migrate to these contexts". 1189615689 M * eyck there wasn't a way to change euid untill sudo-style solutions came along.. 1189615723 M * bXi where there is a will theres a way i always say :p 1189615733 M * daniel_hozac you think having a setxid bit that would give the binary xid 0 privileges is a sane solution? 1189615770 M * daniel_hozac being able to go sideways in the hierarchy would mean creating a way out of guests. 1189615798 M * eyck same goes for euid 1189615817 M * daniel_hozac now, _if_ we had a hierarchy, you could easily achieve your end goal by having a "host-guest" that you give access to. 1189615827 Q * pmenier Quit: pmenier 1189615852 M * bXi isnt Bertl one of the guys who knows about this as well? 1189615858 M * eyck and you think hierarchies are bad? 1189615864 M * daniel_hozac i don't. 1189615870 M * daniel_hozac i'm just saying we don't have them. 1189615879 M * daniel_hozac (yet) 1189615915 M * eyck hmm, I would say 'exactly', but I just a read a dilbert where it was implied that guys sayin' "exactly!" are stupid. 1189615983 M * daniel_hozac i'm not sure i see what "exactly" would mean in this context. 1189616170 N * Bertl_zZ Bertl 1189616239 Q * meandtheshell Quit: Leaving. 1189616254 M * daniel_hozac morning Bertl! 1189616374 M * dennis_ hi Bertl! 1189616387 Q * lilalinux Remote host closed the connection 1189616387 M * Bertl morning folks! 1189616661 M * Bertl daniel_hozac: how does this look for you? http://vserver.13thfloor.at/Experimental/delta-splice-clean01.diff 1189616690 N * esa` eSa| 1189616731 M * daniel_hozac the fs/read_write.c hunks, are those reverts? 1189616738 M * Bertl yep 1189616752 M * daniel_hozac looks nice then. 1189616785 M * Bertl I tested it somewhat yesterday, but got some failed tests in my setup, not sure they are related though 1189616794 M * Bertl (mainly in the disk accounting area) 1189616866 M * daniel_hozac okay, will give it a spin. 1189616890 M * Bertl thanks! will do a before/after comparison here shortly 1189616915 M * Bertl btw, the xfs 'warnings' remain ... so splice causes that too 1189616928 M * daniel_hozac the recursive locking? 1189616933 M * Bertl yep 1189616938 M * daniel_hozac okay, nice. 1189616956 M * daniel_hozac (in the at-least-it's-not-our-fault sense) 1189616961 M * Bertl I thought, maybe running the splice test suite could be made trigger that in xfs? 1189616974 M * daniel_hozac got a link? 1189616985 M * Bertl in which case, we could simply bounce it back to the xfs folks :) ... sec 1189617000 Q * coderanger Quit: coderanger 1189617014 J * coderanger ~coderange@kantrn.stu.rpi.edu 1189617035 M * Bertl http://lwn.net/Articles/181170/ 1189617085 P * coderanger 1189617107 M * daniel_hozac thanks 1189617112 M * Bertl np 1189617386 M * dennis_ all vserver guests have their own ip (192.168.1.x/24) so that no services listen on the public host ip. now the problem no guest can connect to internet. what can i do? 1189617408 M * daniel_hozac NAT 1189617551 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1189617805 M * Bertl dennis_: it's quite simple, just add something like: 1189617839 M * Bertl iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to 1189617906 M * daniel_hozac Bertl: i'm getting testfs failures in the xid and disk limit sections, for both ext2 and ext3. (on 2.3.0.20) 1189617912 M * dennis_ hui. cool. it works! :) 1189617921 M * dennis_ thank you. =) 1189617925 M * daniel_hozac that's after modifying it to use -o tag instead of tagxid. 1189618193 M * Bertl daniel_hozac: the latest version should have all that modifications, no? 1189618300 M * daniel_hozac ah, the testfs.sh symlink isn't updated. 1189618322 M * Bertl oh, let me fix that ... 1189618388 M * daniel_hozac nice, fixed all the xid tests. 1189618533 M * daniel_hozac and after an s/go_xid/go_tag/ on the disk limit tests, they succeed too. 1189618552 M * Bertl ah, okay, so we forgot that one (at least in the uploaded version) 1189618565 M * Bertl we = michal and myself 1189618766 Q * dsoul_ Ping timeout: 480 seconds 1189618815 J * dsoul darksoul@vice.ii.uj.edu.pl 1189619247 M * Bertl daniel_hozac: can you uplo9ad the 0.18 version for me? 1189619342 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/testfs.sh-0.18 1189619347 M * Bertl tx 1189619433 J * coderanger_ ~coderange@x-24b-10.dynamic2.rpi.edu 1189619954 Q * coderanger_ Quit: coderanger_ 1189620305 J * coderanger_ ~coderange@taz-26.dynamic2.rpi.edu 1189620405 Q * Ashsong|sleep Ping timeout: 480 seconds 1189620434 J * fb_ ~fback@red.fback.net 1189620479 Q * fb Read error: Connection reset by peer 1189620483 J * arachnist_ arachnist@088156189068.who.vectranet.pl 1189620522 Q * arachnist Read error: Connection reset by peer 1189620541 Q * dsoul Ping timeout: 480 seconds 1189620579 J * dsoul darksoul@vice.ii.uj.edu.pl 1189620912 M * Bertl okay, off for now .. back a little later .. 1189620917 N * Bertl Bertl_oO 1189620987 Q * coderanger_ Quit: coderanger_ 1189621005 J * coderanger_ ~coderange@taz-26.dynamic2.rpi.edu 1189621440 Q * ema Quit: leaving 1189621818 Q * dsoul Ping timeout: 480 seconds 1189621861 J * dsoul darksoul@vice.ii.uj.edu.pl 1189621880 J * meandtheshell ~markus@85.127.108.176 1189622351 J * dennis__ ~dennis@dslb-084-059-105-077.pools.arcor-ip.net 1189622586 Q * dennis_ Ping timeout: 480 seconds 1189624233 Q * meandtheshell Quit: Leaving. 1189625315 M * dennis__ i tried to forward all requests on tcp-port 80 (on eth0) forward to the vserver (lo): 1189625316 M * dennis__ iptables -t filter -A FORWARD --in-interface eth0 --out-interface lo -p tcp --source-port 80 --destination-port 80 --destination 192.168.1.1/24 -j ACCEPT 1189625336 M * dennis__ but, iptables -L: 1189625343 M * dennis__ ACCEPT tcp -- anywhere localhost/24 tcp spt:www dpt:www 1189625362 M * dennis__ the forwarding doesn't works 1189625386 M * dennis__ is 'localhost' on iptable -L a mistake? 1189625404 M * Bertl_oO there is no 'forwarding' to guests 1189625422 M * Bertl_oO you can use DNAT to 'map' to the guest ip 1189625735 Q * DavidS Quit: Leaving. 1189625789 M * dennis__ ahh. okay. =) 1189625807 M * daniel_hozac Bertl_oO: btw, having a tag that's different from the xid messes up /proc pretty bad. 1189625835 M * Bertl_oO hmm, proc should be still xid tagged, no? 1189625855 M * daniel_hozac right. 1189625860 M * daniel_hozac but you can't access those. 1189625861 M * daniel_hozac ;) 1189625884 M * Bertl_oO ah, hmm, we need separate check for them then, good point! 1189625980 M * daniel_hozac i'm running the splice kernel now, but testfs seems to hang on one of the COW-tests. 1189626026 M * daniel_hozac interestingly enough, it's not the first COW-test, and the previous ones worked fine, so i'm not sure what the deal is here. 1189626213 M * daniel_hozac and the kernel doesn't really appear to be stuck, it's just one of the touch processes that consumes 100% CPU and is unkillable (even though it's in R state) 1189626243 M * dennis__ iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.1:80 -- it works! :) 1189627403 M * Bertl_oO daniel_hozac: haven't looked at the splice flags yet, maybe one of them applies 1189627801 M * daniel_hozac seems to be completely reproducible at least. 1189627824 M * daniel_hozac as for the splice flags, none of them seem relevant to me. 1189627975 J * emtt1 ~eric@dynamic-acs-24-154-85-144.zoominternet.net 1189628077 M * daniel_hozac on a completely unrelated note, i noticed this when writing the changelog for 2.3: http://people.linux-vserver.org/~dhozac/p/k/delta-ninfo-fix01.diff 1189628771 M * Bertl_oO did I miss that or is that unrelated 1189628829 M * daniel_hozac hmm? 1189628877 M * Bertl_oO I mean, is that an old patch or a new one 1189628884 M * daniel_hozac new one. 1189628891 M * Bertl_oO ah, okay :) 1189628903 M * daniel_hozac i only noticed it earlier today :) 1189628921 M * Bertl_oO excellent 1189628965 M * daniel_hozac hmm, i think i know what the problem is. 1189628983 M * daniel_hozac this is the first COW-test for the disk limits that is trying to go over the limit. 1189629264 Q * dna Quit: Verlassend 1189629775 Q * Julius Remote host closed the connection 1189629839 Q * rhodes Quit: rhodes 1189630244 J * Aiken ~james@ppp121-45-250-174.lns2.bne4.internode.on.net 1189631083 Q * emtt1 Read error: Operation timed out 1189631352 Q * bonbons Quit: Leaving 1189635003 Q * coderanger_ Quit: coderanger_ 1189635103 J * coderanger_ ~coderange@taz-26.dynamic2.rpi.edu 1189635244 Q * coderanger_ 1189635406 Q * fs Ping timeout: 480 seconds 1189637078 Q * nou Ping timeout: 480 seconds 1189637253 J * nou Chaton@causse.larzac.fr.eu.org 1189637548 M * Bertl_oO daniel_hozac: would be interesting to know how the 'normal' splice behaves on limited disk space (small/full disk) 1189637566 N * Bertl_oO Bertl 1189637588 M * Bertl I could imagine that it 'waits' for more disk space instead of returning with an error code 1189637605 M * Bertl (could also be related to space being below page size) 1189637646 M * daniel_hozac consuming 100% CPU while "waiting" doesn't seem sane ;) 1189637703 M * daniel_hozac (especially in a non-killable way) 1189637725 M * Bertl yes, I completely agree, but splice is very new and mostly untested 1189637727 M * daniel_hozac but yes, i'm trying to test splice right now. 1189638001 J * hparker ~hparker@linux.homershut.net 1189638197 M * daniel_hozac sys_splice seems to just return with a short write when it runs out of space. 1189638211 M * daniel_hozac which is to be expected, i suppose. 1189638230 M * Bertl yep 1189638254 M * Bertl is this true for sub space requirements too? 1189638260 M * Bertl sub page 1189638420 M * daniel_hozac yeah, seems that way. 1189638483 M * daniel_hozac sys_splice uses a mostly different path though, requiring at least one of the fds to be a pipe. 1189638520 M * Bertl splice_direct builds the pipe internal 1189638528 M * daniel_hozac right. 1189640207 Q * michal` Ping timeout: 480 seconds 1189640556 J * michal` ~michal@www.rsbac.org