1189817167 J * besonen_mobile ~besonen_m@71-220-234-148.eugn.qwest.net 1189817413 Q * julius_ Ping timeout: 480 seconds 1189817729 M * matti :) 1189818331 Q * yarihm Quit: Leaving 1189818764 J * Johnnie ~jdlewis@c-67-163-142-234.hsd1.pa.comcast.net 1189818764 Q * Johnsie Read error: Connection reset by peer 1189818802 J * Piet hiddenserv@tor.noreply.org 1189819534 N * Bertl_zZ Bertl 1189819543 M * Bertl much better now ... 1189819918 Q * balbir Ping timeout: 480 seconds 1189820603 J * balbir ~balbir@122.167.75.243 1189820642 Q * Piet Remote host closed the connection 1189820794 J * Piet hiddenserv@tor.noreply.org 1189824142 Q * Piet Quit: Piet 1189824379 J * esa ~esa@ip-87-238-2-45.adsl.cheapnet.it 1189824453 Q * eSa| Ping timeout: 480 seconds 1189824923 Q * dennis__ Read error: Connection reset by peer 1189824957 J * dennis__ ~dennis@dslb-088-068-222-124.pools.arcor-ip.net 1189825075 Q * hardwire Ping timeout: 480 seconds 1189829297 J * _Hunger Hunger.hu@Hunger.hu 1189829431 Q * Hunger Ping timeout: 480 seconds 1189833521 Q * mattzerah resistance.oftc.net saturn.oftc.net 1189833521 Q * puck resistance.oftc.net saturn.oftc.net 1189833770 J * puck ~puck@leibniz.catalyst.net.nz 1189833770 J * mattzerah ~matt@121.50.222.55 1189833912 J * Aiken_ ~james@ppp121-45-250-174.lns2.bne4.internode.on.net 1189834231 Q * Aiken Ping timeout: 480 seconds 1189834450 Q * Aiken_ Quit: Leaving 1189834537 J * jmcaricand ~jmcarican@d83-179-239-52.cust.tele2.fr 1189837025 M * Bertl okay, off to bed now ... have a good one everyone! cya! 1189837030 N * Bertl Bertl_zZ 1189837253 M * Supaplex lllater 1189839590 J * dna ~dna@232-220-dsl.kielnet.net 1189840246 M * Hollow Bertl_zZ, daniel_hozac: i just got a mail why CONFIG_KEYS can't be used together with VSERVER_SECURITY (needed for ecryptfs), but i have no idea :) 1189840588 J * meandtheshell ~markus@85.127.103.10 1189840670 A * Supaplex wonders why 1189844094 J * Julius ~julius@p57B26667.dip.t-dialin.net 1189847569 J * friendly12345 ~friendly@ppp59-167-90-160.lns1.mel6.internode.on.net 1189847873 J * bonbons ~bonbons@2001:960:7ab:0:20b:5dff:fec7:6b33 1189848430 Q * hijacker_ Quit: Leaving 1189848433 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1189849795 M * daniel_hozac Hollow: it's not isolated. 1189849814 M * Hollow ecryptfs? 1189849816 M * daniel_hozac Hollow: and you most definitely don't want different guests having access to the same keys... 1189849824 M * Hollow ah 1189849825 M * Hollow ok 1189850286 J * Aiken ~james@ppp121-45-250-174.lns2.bne4.internode.on.net 1189850286 Q * Aiken 1189850617 Q * dna Quit: Verlassend 1189850854 N * esa eSa| 1189852237 J * jmcaricand ~jmcarican@d83-179-239-52.cust.tele2.fr 1189852725 M * nox i have a problem with one of my scripts which execute a command on all vservers: http://paste.linux-vserver.org/6580 1189852771 M * nox so an idea how to make it better (without stdin: is not a tty error)? 1189852804 M * daniel_hozac use vserver ... exec. 1189852820 M * nox well this doesn?t work with pipes 1189852846 M * daniel_hozac it's not like you're doing the pipe in the guest anyway. 1189852882 M * daniel_hozac of course, you could use vsomething vserver --running -- exec ... too. 1189852899 M * daniel_hozac (or maybe vsomething only supports --all.... i never remember) 1189852935 M * nox for that purpose i made this script, otherwise the pipe where taken by the executing shell and i didn?t manage 2 escape it 1189852976 M * daniel_hozac well, the way you're running the script it's still executing the pipe on the host :) 1189853027 M * nox doesn?t think so since it shows correct results 1189853059 M * daniel_hozac eh? of course it does. 1189853068 M * daniel_hozac it doesn't matter where you grep, the results will be the same regardless. 1189853069 M * nox only without showing the vserver it where executed on 1189853176 M * nox ah got you 1189853183 M * nox 2 early :D 1189853615 J * bragon_ ~bragon@2001:7a8:aa58::1 1189853732 Q * bragon Ping timeout: 480 seconds 1189854846 J * ema ~ema@fw.galliera.it 1189855518 Q * zLinux Ping timeout: 480 seconds 1189857426 Q * ray6 Ping timeout: 480 seconds 1189858619 J * zLinux ~zLinux@88.213.37.243 1189860102 J * Cerel Perce@213.173.176.6 1189860135 M * Cerel hello 1189860152 M * daniel_hozac hi 1189860214 M * Cerel i'm looking for some kind of "how-to" to setup a X server in a vserver 1189860251 M * Cerel i've already found the info in the wiki, but still stuck :/ 1189860265 M * Cerel +i'm 1189860841 Q * zLinux Ping timeout: 480 seconds 1189861342 M * daniel_hozac what's the problem? 1189861753 J * zLinux ~zLinux@88.213.29.156 1189861840 M * Cerel when I try to start X with startx, X tells me it didn't find any free vt, but if I start X with xdm, then X seems to start (well, some errors in the xorg prevent it) 1189861899 M * daniel_hozac and you did copy a /dev/ttyX into the guest? 1189861912 M * Cerel yes 1189861935 M * Cerel what i don't understand, is the difference between startx and xdm 1189862040 M * Cerel just in case, I use debian as the host and as the guest 1189862104 M * Cerel I tried the "dpkg-reconfigure xserver-xorg" to create the initial xorg.conf, but it seems some files are missing (maybe /dev/bus, or something like that), that prevent dpkg to detect my card 1189862636 M * ard Actually you should start with X 1189862673 M * ard If you get X to run in your vserver than that's ok. Everything else should be easy 1189862741 M * ard startx starts the X-server if you have the right to do that. Wait until it's up, and then starts some client (.Xsession or so) that connects to it. 1189862812 M * ard xdm starts an x-server (if configured to do so), and then connects to that server and presents a login window. After authentication it will start some sort of session (hopefully .Xsession) 1189862876 M * ard to connect to the x-server you need the right to connect to it, either by having no access-restrictions on your X-server or by having the right authentication cookies in your .Xauthority. 1189862981 M * ard If you start X by hand (just type X as r00t) it usually has no access-restrictions, and everybody is allowed to connect to the X-server. 1189863046 M * ard Hmmmz (reading further: it already works)... 1189863106 M * ard startx is started as a user, and starts the X-server (a root process with a lot of privileges), as such it will screen your console to check if you are allowed to start an X-server 1189863221 M * ard you should check /etc/X11/Xwrapper.config 1189863806 M * Cerel it seems I finally managed to make it work 1189863813 M * Cerel here what I did : 1189863833 M * Cerel i deleted the previous tty0 and tty7 files I copied from host 1189863882 M * Cerel then, i used mknod to create /dev/mem, /dev/tty0, /dev/tt7, changed their groups and rights 1189863934 M * Cerel then i created the dir & file : vprocunhide/files in the host, to unhide the following directories : /proc/bus/, /proc/mtrr 1189863987 M * Cerel after restarting the guest, the server xorg seems to work (seems, because I'm not near the machine to check), but at least X seems to run 1189864114 M * Cerel to sum up, I've used theese pages : http://oldwiki.linux-vserver.org/Vservers+and+X, http://www.debian.org.tw/index.php/VServer (I don't speak tw, but the commands helped me) and finally : http://eyck.forumakad.pl/log/ (the comment from Sat, 04 Aug 2007) 1189864151 M * Cerel as I use debian as the host and the guest, some info may be specific to debian 1189864296 J * arachnist_ arachnist@088156189068.who.vectranet.pl 1189864296 Q * arachnist Read error: Connection reset by peer 1189864297 M * Cerel on a side note, dpkg-reconfigure still cannot detect my hardware, I have an onboard ATI graphic card, so I don't know if it's because ATI, onboard, or maybe there's still some customization required to the vserver 1189864395 J * Piet hiddenserv@tor.noreply.org 1189864922 P * friendly12345 1189865045 J * roym ~user@adsl-065-006-164-142.sip.mia.bellsouth.net 1189865066 M * roym folks - my host vserver comes up with eth1 (not eth0) and so I can't 1189865066 M * roym bring up dummy0 on any of the VPS's since they expect to see eth0; I 1189865066 M * roym get messages of the form: 1189865066 M * roym Cannot find device "eth0" 1189865070 M * roym How do I get around this? 1189865074 N * Bertl_zZ Bertl 1189865078 M * Bertl morning folks! 1189865107 M * Bertl roym: you have been using UML or QEMU or something like that before? 1189865167 M * roym bertl: are you saying that it looks like I've been using those, based on my message? 1189865182 M * Bertl exactly :) 1189865213 M * roym I don't think so - this is a fresh install of vserver (in a vmware VM) 1189865228 M * Bertl the thing is, it doesn't matter if your host uses eth0 or eth1, and that detail does not affect dummy0 at all 1189865235 M * roym hmm... 1189865249 M * Bertl Linux-VServer is IP based, so your guest will be using the interfaces your host has 1189865271 M * Bertl only with a limited IP subset (and thus limited interface visibility) 1189865289 M * Bertl so, if you vmware has eth1 instead of eth0 1189865302 M * Bertl just assign IPs on eth1 to your guests 1189865345 M * Bertl for the dummy0 part, if you really want to use that one for a guest, make sure that you did load the module and bring up/assign that interface an ip 1189865353 M * roym ok - thanks. 1189865394 M * roym my eth1 is a bridged connection, and I want the guests to use dummy0 (so they on a private subnet) 1189865442 M * Bertl as I said, you can do that ... 1189865450 J * julius_ ~julius@p57B26667.dip.t-dialin.net 1189865477 M * Bertl just make sure dummy0 is loaded/available (see ip link ls) 1189865494 M * Bertl and put dummy0 in /etc/vservers//interfaces/0/dev 1189865518 Q * Julius Ping timeout: 480 seconds 1189865734 M * Bertl roym: as you are using vmware(tm), note that there is no forwarding between host and guests (or between guests) in Linux-VServer (i.e. the guest IPs remain on the host) 1189865792 M * roym bertl: there is a bridged mode (that I am using) and I plan to set up DNAT to make guest-servers visible to the outside. 1189865826 M * roym just curious: can I make the host come up with eth0 instead of eth1? 1189865852 M * Bertl I'd say so, I presume this is just an interface naming, what distro do you use? 1189865864 M * roym debian 1189865885 M * Bertl try 'grep eth1 /etc/udev/rules.d/*' 1189865893 M * roym cool 1189865914 M * Bertl if that lists your device, then change the name there to eth0 1189865938 M * Bertl (the mapping is done from MAC to netif name) 1189865952 M * roym hmm I have 1189865965 M * roym # PCI device 0x1022:0x2000 (pcnet32) 1189865966 M * roym SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:22:91:c3", NAME="eth0" 1189865966 M * roym 1189865966 M * roym # PCI device 0x1022:0x2000 (pcnet32) 1189865969 M * roym SUBSYSTEM=="net", DRIVERS=="?*", ATTRS{address}=="00:0c:29:ed:65:c5", NAME="eth1" 1189865971 M * roym 1189865977 M * roym not sure why it skipped eth0 1189865987 M * Bertl because it has a different MAC 1189866008 M * Bertl probably you will get an eth2 on the next vmware reconfig :) 1189866015 M * roym ah; excellent - I had copied the vm from linux to a mac 1189866017 M * roym thanks! 1189866042 M * Bertl in this case, remove the entire eth1 line, and put the eth1 MAC into the eth0 one 1189866061 M * roym indeed ... 1189866079 M * Bertl Cerel: the probing (hardware part) requires full memory and io port access 1189866124 M * Bertl Cerel: you might need to give at least IO access to the guest for X to run properly, unless you have a true FB based video driver 1189866153 M * Cerel Bertl, I gave it the CAP_RAW_IO capability 1189866185 M * Bertl ah, okay, that should do the trick then 1189866210 M * Cerel for the "memory" part, i created the /dev/mem node, don't know if that's all/enough 1189866225 M * Bertl yeah, that is sufficient 1189866249 M * Bertl but do not consider that guest really 'secure' 1189866287 M * Bertl i.e. it is a _lot_ securer than a normal box running X, but still that guest can blow away your host system easily 1189866291 M * Cerel I think i narrowed down the problem of dpkg/lspci to /proc/bus/pci beeing not present in the guest 1189866315 M * Cerel Bertl, hmm, ok, i'll remember that :P 1189866365 M * Bertl there are ways to make it more secure, but for that, you to make certain kernel side modifications ... 1189866384 M * Cerel for the /proc/bus/pci part, I added that path to the vprocunhide/files , but it seems it didn't work ... 1189866407 M * Bertl did you run vprocunhide after that? 1189866416 M * Cerel hmmm, no ... :P 1189866422 M * Cerel i just restared the guest ... 1189866431 M * Bertl try that and check with cat inside the guest 1189866448 M * Bertl also note: all guests will now see your hardware 1189866600 M * Bertl basically it all depends on what you do with Linux-VServer on that machine ... i.e. if the sole purpose is to improve security on X (or to run more than one X client on that machine) then you should not worry about that 1189866651 M * ard It will never be really secure unless the hardware supports MMU for graphics :-) 1189866690 M * Bertl well, yes and no, restricting IO to just the graphic card is an option in the kernel 1189866691 M * ard BTW: one way to improve security is to run the X-server in another context... 1189866706 M * Bertl that is, what Cerel is doing 1189866745 M * ard am I that blind? (/me reads back ... Again ... :-) ) 1189866788 M * Cerel the only purpose of the X server is to run iceweasel, there will be no user interaction 1189866802 M * ard ah 1189866814 M * ard But what I meant: x-server in context 1, iceweasel in context 2 :-) 1189866831 M * Bertl Cerel: hmmm ... please elaborate? 1189866847 M * ard You will have to have /tmp/.X11-unix/ shared to use unix-sockets 1189866849 M * Cerel the system will just have a screen pluged, it's some sort of screen to show clients information 1189866880 M * Bertl ah, so some kind of 'advanced' status display? 1189866890 M * Cerel hehe, yeah :P 1189866911 M * Bertl okay, is that a one time solution, or do you plan to do that at larger scale? 1189866955 M * Cerel by larger scale you mean what exactly ? 1189866975 M * Bertl 5,10, or 100 machines with this config :) 1189866976 M * Cerel I only plan to have one screen pluged into, and only one setup like that one 1189867018 M * Bertl okay, and you will have 'normal' customer like guest on that machine too (which get 'monitored' on that screen) 1189867021 M * Cerel but well, i'm still concerned about the security, and the stability :P 1189867037 M * Cerel the computer is basically a "server" with a screen 1189867051 M * Cerel i'm the only one having acces to the host 1189867061 M * Cerel and maybe 1 more person but only for the guests 1189867066 M * Bertl let me hear about your security & stability concerns 1189867080 A * ard is also wondering that :-) 1189867201 M * Cerel well, i don't care if X or iceweasel crash 1189867214 M * Cerel but I hope to prevent the whole system to crash 1189867224 M * Cerel (yeah, i know, i'm dreaming :P) 1189867273 M * Bertl well, let me put it this way: when was the last time that X/iceweasel crashed and that caused your machine to reboot? 1189867279 M * Cerel and for the security, even if i'm the "only" user, I don't want to have a open computer 1189867304 M * Cerel erm, 2 weeks ago :P 1189867315 M * Cerel but ok, it's mainly a hardware problem 1189867328 M * Bertl really? it took the whole machine? 1189867333 M * Cerel that's why i'm building this computer, it's going to replace a realy old machine 1189867336 M * Cerel yup 1189867340 M * Cerel but don't worry 1189867347 M * Cerel the harddisk is dying 1189867364 M * Cerel and the whole machine just crashes on a regular basis 1189867379 M * Bertl ah, so that might have been unrelated after all 1189867384 M * Cerel yeah :P 1189867409 M * Bertl okay, let me put it this way: if you 'just' want to have a display there (to monitor activities or so) 1189867426 M * Bertl and your main focus is on providing Linux-VServer guests? 1189867447 M * Cerel but well, this machine is going to stay running 24h, and i'm just worried by iceweasel and it's "memory leaks" 1189867489 M * Cerel well, as I managed to get a quite good computer, i wanted to replace all the old servers lying around, so that's why i decided to use vservers guest, to "separate" things 1189867517 M * Bertl then I would try hard not to change anything which affects those guests (e.g. the vprocunhide stuff) and put X in a separate context (as ard suggested) with the required capabilities .. and run the X session as user in a different context 1189867563 M * Bertl this way you can control both, the X and iceweasel memory separately and take actions if necessary 1189867583 M * Bertl btw, there are lightweight browsers available too (without too many memory leaks :) 1189867594 M * Cerel I didn't thought of having two contexts, maybe I should try that 1189867614 M * Cerel which one do you recommend ? 1189867651 M * Cerel btw, i plan to use fluxbox as the window manager, ideally the browser gui should not be visible 1189867653 M * Bertl personally I'm quite happy with galeon (which isn't that light weight), but there are others ... 1189867712 M * Bertl dillo, IIRC 1189867721 M * Cerel hmmm 1189867743 M * daniel_hozac if it's just meant to run a webbrowser, why would you run a window manager at all? 1189867749 M * doener if you're a vim user, there's the vimperator extension for firefox 1189867762 M * Bertl doener: lol, and LTNS! 1189867807 M * Bertl daniel_hozac: yeah, good question, whatever-browser in full screen X should do better then 1189867813 M * doener yeah, quite a long time... too busy with all kinds of stuff :-( 1189867816 M * Cerel daniel_hozac, erm .. that's a good question :P 1189867882 M * doener but seriously, vimperator rocks 1189867937 M * Cerel you gave me good suggestions, i'm going to try them 1189867956 M * Cerel thank you guys 1189867967 M * roym hi all - I am trying to shut down a guest w/halt and get: 1189867967 M * roym barry2007:~# halt 1189867967 M * roym Broadcast message from root@barry2007 (pts/4) (Fri Sep 14 11:13:13 2007): 1189867967 M * roym The system is going down for system halt NOW! 1189867971 M * roym shutdown: /dev/initctl: No such file or directory 1189867973 M * roym init: /dev/initctl: No such file or directory 1189867977 M * roym What gives? 1189868012 M * Bertl this simply means that you guest isn't running an init 1189868019 M * Bertl (which is most likely intentional :) 1189868033 M * daniel_hozac use halt -f 1189868038 M * Bertl you can get it to shut down from outside too (host) 1189868045 M * roym should I be running an init? 1189868056 M * Bertl if you want/need that, yes :) 1189868071 M * Bertl normally you are fine with one less process using up resources :) 1189868083 M * roym ah - gotcha. 1189868592 M * Bertl doener: how's life? (besides busy :) 1189868946 M * roym I can ping outside addresses from the VPS host, but not the guests... which 1189868946 M * roym is understandable cos my guests are on a private 10.1.1.0 subnet. 1189868946 M * roym 1. What confuses me is the the output of "route" looks the same from host 1189868946 M * roym and guest (implying that I should be able to reach the outside web). 1189868950 M * roym 2. Do I have to manually set up NAT? If so, can you help me here. 1189868952 M * roym (Apologies if this is not a vserver specific 1189868956 M * roym question, but I figured this is something you guys do in your sleep :) 1189868958 M * roym 1189868962 M * roym # route 1189868964 M * roym Destination Gateway Genmask Flags Metric Ref Use Iface 1189868968 M * roym 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 1189868970 M * roym 10.1.1.0 * 255.255.255.0 U 0 0 0 dummy0 1189868974 M * roym default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 1189868992 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1189869003 M * roym sorry ... 1189869013 M * Bertl np, just for the future ... 1189869038 M * Bertl your guest has an IP in a different network than the host, yes? 1189869048 M * roym yes. 10.1.1.7 1189869057 M * doener Bertl: quite good, finally a new screen that actually remembers its settings, random encounters of interesting stuff on lkml, healthy, nice weather, can't complain :-) 1189869064 M * doener Bertl: what about you? 1189869075 M * Bertl roym: so it _will_ reach the network quite fine, but with the wrong ip :) 1189869109 M * roym not sure what that means :( 1189869161 M * Bertl roym: it means, that your default gateway will not handle 10.1.1.7 properly, I guess 1189869186 M * roym ah - I am thinking there is a common "ip route" command to solve this, no? 1189869219 M * Bertl roym: your options there are: a) make that default gateway handle that or b) use an ip in the range which is handled by the default gw, or c) use SNAT to map to such an ip (which can be the host ip) 1189869294 M * roym is there a vserver script that sets up SNAT? 1189869300 J * cl4sh ~cl4sh@qik.ds.pg.gda.pl 1189869315 M * cl4sh hi all 1189869335 M * Bertl welcome cl4sh! 1189869343 M * cl4sh ive got little problem with update my guest using binary packages 1189869388 N * arachnist_ arachnist 1189869389 M * Bertl roym: no, but something like this should work: iptables -t nat -A POSTROUTING -s 10.1.1.7 -o eth0 -j SNAT --to ' 1189869400 M * Bertl cl4sh: how so? 1189869428 M * cl4sh Bertl ; i was fallo by this instructions http://www.gentoo.org/proj/en/vps/vserver-howto.xml#doc_chap2 1189869464 M * cl4sh Bertl ; and when i try to vupdateworld myguest -- -k 1189869487 M * cl4sh Bertl ; ive got something like that 1189869500 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1189869514 M * cl4sh Bertl ; No package digest file found: /usr/portage/virtual/libiconv/files/digest-libiconv-0 1189869530 M * cl4sh Bertl ; sorry 1189869553 M * Hollow upgrade portage 1189869569 M * roym Berl: thanks very much (again!) 1189869576 M * Bertl roym: you're welcome! 1189869582 M * cl4sh Bertl : http://paste.linux-vserver.org/6583 1189869589 M * Bertl cl4sh: here is the expert ... (Hollow) 1189869597 M * Hollow you have synced with a testing version it seems, and want to emerge with a stable version 1189869646 M * cl4sh Hollow ; yes 1189869658 M * Hollow won't work 1189869659 M * cl4sh Hollow ; i think so 1189869668 M * Bertl doener: sounds good, except for (too) busy, it looks quite similar here ... 1189869676 M * cl4sh Hollow ; what i should do? 1189869681 M * Hollow sync with a stable version 1189869762 M * Bertl cl4sh: just out of curiosity, what IRC client do you use? 1189869775 M * cl4sh Bertl : bitchx 1189869810 J * DavidS ~david@p54812303.dip0.t-ipconnect.de 1189869818 M * cl4sh sorry im a noob and my english is not very well 1189869851 M * Bertl cl4sh: your english is fine, we have seen worse :) 1189869880 M * Bertl cl4sh: I was just wondering about the 'unusual' ' ;' and ' :' markings :) 1189869883 M * cl4sh Bertl : :) thanks 1189869970 M * cl4sh Bertl ; it's not bitchx but my keyboard it full of strage pieces 1189870014 M * Bertl don't eat your cookes over the keyboard :) 1189870019 M * Bertl *cookies 1189870020 M * cl4sh :) 1189870337 M * roym this may be a very naiive question, sure - but my understanding is that I will never need iproute installed on VPSs - ie: all routing can be done on the host. correct? 1189870739 M * Bertl correct, even more, you will not be able to use iptables or iproute from _inside_ a guest 1189870762 M * Bertl (well, the ip/query part will work inside too, but not changing anything) 1189871106 N * ensc Guest343 1189871116 J * ensc ~irc-ensc@p54B4F7F7.dip.t-dialin.net 1189871213 Q * Guest343 Ping timeout: 480 seconds 1189871437 J * renihs_ ~narf@86.59.52.212 1189871472 J * matled ~matled@85.131.246.184 1189871492 M * Bertl wb matled! renihs_! 1189871501 M * renihs_ hey Bertl ! :) 1189871600 M * renihs_ dunno if its of any use to you guys, but now i finished my vserver livecd (virtualbox/qemu/vmware/other stuff on there too) based on gentoo with one ready to run template 1189871603 M * renihs_ http://dev.gentooexperimental.org/~renihs/ 1189871639 M * Bertl ah, nice .. we should definitely link that from the wiki 1189871684 M * renihs_ i dont mind, but its still experimental as the server somehow states 1189871693 M * renihs_ but should work fine though :) 1189871705 M * renihs_ 22mb ram used with minimal fluxbox running & vserver running :) 1189872615 Q * Cerel Quit: Quitte 1189872720 Q * DavidS Quit: Leaving. 1189873580 J * DavidS ~david@vpn.uni-ak.ac.at 1189873589 M * Bertl wb DavidS! 1189873613 M * DavidS hi bertl! I was just testing something with my !"§$%§" XServer ... 1189873654 M * Bertl the magic word is irc bouncer :) 1189873675 M * DavidS so much software to use, so little time! 1189873678 Q * Piet Ping timeout: 480 seconds 1189874509 J * Piet hiddenserv@tor.noreply.org 1189874533 J * yang yang@yang.sponsor.oftc.net 1189875041 J * onox ~onox@kalfjeslab.demon.nl 1189875541 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1189875600 M * Pazzo hi @ll! anyone running linux-vserver within xen (live systems)? 1189875719 M * Bertl AFAIK, ray6 was doing that 1189875721 M * DavidS yea 1189875730 M * Pazzo There is a "two hosts, one large drbd, on xen 'vhost' running muliple linux-vservers, live migration" thingy rumoring in my head :-) 1189875735 M * Pazzo Hi Bertl! 1189875757 M * Pazzo ltns, as usual ;-) how are you? 1189875761 M * Pazzo hi DavidS! 1189875770 M * renihs_ hah, i have xen ommitted yet :( 1189875775 M * Pazzo would that idea make sense? 1189875775 M * renihs_ wanted to add, but lacked time 1189875776 M * DavidS Hey Pazzo! 1189875822 M * Bertl Pazzo: yes, one Xen domain with many Linux-VServer guests makes perfect sense 1189875838 M * Pazzo with drbd 8.0.6 live migrating xen hosts should be possible (even without SAN's, iSCSI, whatever...) 1189875845 M * Pazzo Bertl: great! :o) 1189875858 M * renihs_ ya but iscsi eats cpu :( 1189875902 M * Pazzo renihs_: therefore (and for some other issues) I wouldn't use it - but drbd is an option, isn't it? 1189875914 M * renihs_ hmm drbd i have only 8.0.5 1189875918 M * renihs_ wats new in .6? 1189875931 M * renihs_ active-active? :) 1189875950 M * roym hi - is the size of tmpfs limited by available memory or available disk? 1189875953 M * Pazzo http://fghaas.wordpress.com/2007/09/03/drbd-806-brings-full-live-migration-for-xen-on-drbd/ 1189875959 M * renihs_ memory afaik 1189875976 M * renihs_ nice 1189875983 M * renihs_ mkay will add xen tomorow :) 1189875986 M * renihs_ and update drbd 1189875988 M * Pazzo renihs_: no, active-active has been there since 8.0 1189875990 M * renihs_ or monday :) 1189875999 M * renihs_ ya but i red abit in the split brain discussions 1189876006 M * renihs_ and dunno, didn feel safe :) 1189876069 J * ktwilight ~ktwilight@253.112-66-87.adsl-dyn.isp.belgacom.be 1189876113 M * Pazzo renihs_: split brain "should" be addressed in 8.0 (in 7.0 you have been able to overwrite your data with an older copy) - but it seems that they had a lot of issues with 2.6.22 (should be fixed with 8.0.6) 1189876135 M * renihs_ hmm 1189876169 M * Pazzo Bertl: such a config would really be cute: 2 hosts, drbd, on xen host, many vservers - live migration... let's sell the five nines ;-) 1189876190 M * Pazzo any performance-related concerns? 1189876348 Q * ktwilight_ Ping timeout: 480 seconds 1189876500 M * Bertl no, a single Xen domU should be almost as fast as the real thing 1189876512 M * onox xen is fast? 1189876514 M * Pazzo great! 1189876529 M * Bertl onox: if you have only one guest, why not? 1189876557 M * onox i guess it doesn't give you native performance like linux-vserver does, right? 1189876559 M * Pazzo onox: should be fast, yes. and running just one of them there is nearly no memory waste 1189876568 M * Bertl especially if you have VT/Pacifica 1189876583 M * onox what if you don't have VT/Pacifica? :) 1189876594 M * Bertl onox: no, that's why I said 'almost' 1189876594 M * matti Bertl: ;) 1189876647 M * matti Wohhoo. Full live migration. 1189876650 M * matti Awesome. 1189876662 M * onox can you run directx with a win xen guest? 1189876684 M * matti No. 1189876718 M * Bertl hmm, probably yes, if you find a machine with a complete IO MMU :) 1189876742 M * matti I didn't manage to get even a tinest bit 3D acceleration running. 1189876876 M * arachnist i got vmgl working 1189876885 M * matti onox: Search Xen mail archives. 1189876892 M * arachnist but vmgl being vmgl is *nix only 1189876949 M * matti arachnist: http://lists.xensource.com/archives/html/xen-users/2006-02/msg00875.html 1189876976 M * Pazzo did anyone ever seriously try out AoE? 1189876997 M * daniel_hozac i think Aiken was playing with AoE. 1189877009 M * Pazzo hi daniel_hozac!! 1189877020 M * matti :) 1189877020 M * daniel_hozac hello 1189877028 M * Pazzo did it make him happy? 1189877033 M * matti Hehe. 1189877063 M * Bertl IIRC, he is still using it 1189877146 M * Pazzo Any ideas about performance with many little files? does he use it together with some cluster file system like gfs? 1189877306 M * Pazzo Why is it thaaaat difficult to get high availability, redundancy, failover, backup, disaster recovery AND performance alltogether? 1189877315 M * Pazzo :-) 1189877332 M * matti It is not. 1189877343 M * renihs_ no? 1189877362 M * matti It just depends on few variables in the equation. 1189877373 M * Pazzo matti: budget? 1189877387 M * matti Like - how much time you have, how much money you have, and how much money you want to spent :) 1189877393 M * matti Pazzo: Yes, pretty much ;p 1189877414 M * renihs_ :) 1189877440 M * Pazzo I thought so :-) 1189877450 M * Bertl okay, off for now .. back a little later ... 1189877454 N * Bertl Bertl_oO 1189877457 M * Pazzo cya Bertl! 1189877462 M * renihs_ me too, cu Bertl_oO 1189877482 M * Pazzo Currently HP people are trying to sell us their EVA SAN ... and I really don't want to make their sales people happy ;-) 1189877488 M * matti Pazzo: I was asking Bertl about few things last week about similar things. 1189878023 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch 1189879080 Q * cl4sh Quit: BitchX Official IRC Channel -- #BitchX on EFNet 1189879115 J * dna ~dna@232-220-dsl.kielnet.net 1189880343 M * Pazzo bye matti, Bertl, daniel, renihs_, @ll! 1189880368 Q * Pazzo Quit: gone... 1189880424 M * matti Bye P. 1189880425 M * matti :) 1189880461 M * renihs_ narf :) 1189880466 M * renihs_ me gotta go too, bbl 1189880491 Q * arachnist Quit: Leaving 1189880497 J * arachnist ~arachnist@088156189068.who.vectranet.pl 1189881442 Q * DavidS Quit: Leaving. 1189881560 J * dennis_ ~dennis@dslb-084-059-107-202.pools.arcor-ip.net 1189881728 Q * Piet Ping timeout: 480 seconds 1189881798 Q * dennis__ Ping timeout: 480 seconds 1189882200 J * DavidS ~david@vpn.uni-ak.ac.at 1189882812 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1189883378 Q * Vudu Ping timeout: 480 seconds 1189883761 J * Vudumen 2be48b5c50@perverz.hu 1189883807 Q * meandtheshell Quit: Leaving. 1189883866 Q * arachnist Ping timeout: 480 seconds 1189885459 J * Pazzo ~ugelt@sadsl-246059.rol.raiffeisen.net 1189885775 J * sharkjaw ~gab@193.216.158.166 1189886082 Q * DavidS Quit: Leaving. 1189886560 Q * Pazzo Quit: ... 1189887538 J * jmcaricand ~jmcarican@d83-179-239-52.cust.tele2.fr 1189888433 J * ktwilight_ ~ktwilight@185.84-66-87.adsl-dyn.isp.belgacom.be 1189888433 Q * ktwilight Read error: Connection reset by peer 1189888666 Q * julius_ Remote host closed the connection 1189890144 Q * sharkjaw Quit: Leaving 1189890410 Q * dennis_ Remote host closed the connection 1189890744 M * ktwilight_ netstat on host doesn't display all connections including guests, any possibility to do that? 1189890747 Q * jmcaricand Quit: KVIrc 3.2.4 Anomalies http://www.kvirc.net/ 1189890771 M * Bertl_oO ktwilight_: network context 1 (spectator) 1189890929 A * ktwilight_ is lost 1189890962 M * ktwilight_ in http://linux-vserver.org/Capabilities_and_Flags, there isn't such a flag 1189891011 M * Bertl_oO you know there are things called contexts, yes? 1189891046 M * Bertl_oO we have several types of them, e.g. one type for processes (grouping them) others for the network isolation 1189891072 M * Bertl_oO if you want to look at all processes, you use the process context 1 (aka. spectator context) 1189891087 M * Bertl_oO e.g. like: chcontext --xid 1 -- ps auxwww 1189891114 M * Bertl_oO similar works for the network context to, but you need ncontext for this one 1189891238 J * virtuoso ~s0t0na@pppoe-211.58.110.89-adsl.spbnit.ru 1189891269 Q * dna Quit: Verlassend 1189891292 J * Aiken ~james@ppp121-45-250-174.lns2.bne4.internode.on.net 1189891536 Q * FireEgl Read error: Connection reset by peer 1189892420 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1189892931 M * ktwilight_ Bertl_oO, ah yes, i see. will try to dig more on the site to find that, which so far i couldn't find it. but i just tried out your example, and it somewhat makes sense :) thanks! 1189893080 M * daniel_hozac ncontext --nid 1 --migrate -- netstat ... 1189895833 Q * bonbons Quit: Leaving 1189898567 Q * Baby Quit: KVIrc 3.2.0 'Realia' 1189898862 J * Baby ~miry@195.37.62.208 1189899361 J * tzafrir ~tzafrir@62.90.10.53 1189899387 M * tzafrir I get a "permission denied" from attempting to mount /sys 1189899402 M * tzafrir (in a vserver guest) 1189899439 M * tzafrir I did grant that guest SECURE_MOUNT and SECURE_REMOUNT 1189899557 M * Bertl_oO hmm, why do you want to mount /sys? 1189899589 M * tzafrir I'm trying to run pbuilder (a Debian chroot builder) there 1189899645 M * Bertl_oO well, /sys is not secure nor required in a guest for that 1189899663 M * Bertl_oO but if you really want to do that, put the /sys in fstab 1189899664 M * tzafrir How can I check what are the capabilities of the running system? 1189899678 M * tzafrir Bertl_oO, the full commaand is: 1189899679 M * Bertl_oO /proc/virtual//status 1189899696 M * tzafrir chroot /var/cache/pbuilder/build/17092/. mount -t sysfs sysfs /sys 1189899786 M * Bertl_oO okay, and what is the purpose of that mount? 1189899811 M * Bertl_oO I mean, surely pbuider will not require /sys to do its work, no? 1189899854 M * tzafrir It's starting a standard system 1189899899 M * tzafrir BCaps: 000000003c4c04ff 1189899922 M * tzafrir any simple command to make sense of that? Other that looking it up in the wiki? 1189899950 M * Bertl_oO there was a perl script somewhere, but no idea where 1189900030 M * tzafrir So if I read correctly, SECURE_MOUNT and SECURE_REMOUNT are not set there 1189900043 M * tzafrir from ccaps in http://linux-vserver.org/Capabilities_and_Flags 1189900063 M * daniel_hozac well, you pasted the bcaps, so... :) 1189900079 M * Bertl_oO those are ccaps 1189900094 M * tzafrir CCaps: 0000000000030101 1189900102 M * tzafrir those two bits are set there 1189900142 M * tzafrir I verified that the error is not from the chroot command 1189900194 M * tzafrir mount -t sysfs sysfs /var/cache/pbuilder/build/17092/sys 1189900197 M * tzafrir fails as well 1189900229 M * tzafrir The host and guest are both Debian Etch, BTW 1189900254 M * tzafrir With a newer version of vserver-utils 1189900321 M * daniel_hozac well, it should fail. 1189900350 M * tzafrir why? 1189900364 M * tzafrir (I can mount proc, but not sysfs) 1189900376 M * daniel_hozac because you'll need binary_mount too. 1189900402 M * tzafrir Any way to add a capability without rebooting the guest? 1189900627 M * daniel_hozac sure, use vattribute. 1189900686 Q * balbir Ping timeout: 480 seconds