1192579208 M * daniel_hozac well, it just means you have to update it in more places should the IP address change. 1192579313 M * raa Good point. I only have around 25-30 guests on 5 hosts but I keep trying to convert the world to Linux-Vservers so more keep coming. 1192579485 M * raa Well I'm going to look at some more logs and watch the build continue. Later 1192579496 Q * raa Quit: Leaving 1192583174 J * friendly12345 ~friendly@ppp59-167-69-153.lns1.mel4.internode.on.net 1192583319 N * phedny Guest1927 1192583327 J * phedny ~mark@ip56538143.direct-adsl.nl 1192583725 Q * Guest1927 Ping timeout: 480 seconds 1192583843 N * phedny Guest1928 1192583851 J * phedny ~mark@ip56538143.direct-adsl.nl 1192584250 Q * Guest1928 Ping timeout: 480 seconds 1192584689 J * MJsHEEROW ~sfmualmn@66.79.40.129 1192584694 J * Tenchu ~ddmrulz@c-68-62-47-157.hsd1.mi.comcast.net 1192584695 J * RedShirt RedShirt@dyn-170-229-151.myactv.net 1192584698 M * MJsHEEROW :\ 1192584701 P * MJsHEEROW 1192584709 P * RedShirt 1192584713 P * Tenchu 1192584722 J * RedShirt RedShirt@dyn-170-229-151.myactv.net 1192584725 P * RedShirt 1192585223 Q * FireEgl Quit: Bye... 1192585529 N * phedny Guest1930 1192585537 J * phedny ~mark@ip56538143.direct-adsl.nl 1192585940 Q * Guest1930 Ping timeout: 480 seconds 1192587371 Q * southtel Quit: using sirc version 2.211+KSIRC/1.3.12 1192588069 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1192588250 M * m_stone Bertl_zZ: heya! when you get back - have you gotten all the help you need to proceed with the tinderbox integration? 1192588276 M * m_stone Bertl_zZ: (if not, we're having a nice little test-process sprint tomorrow so there should definitely be help available then) 1192592686 J * Mitch_Bradley ~chatzilla@user-10cm75o.cable.mindspring.com 1192592726 M * Mitch_Bradley Hello, Mitch Bradley from the OLPC project here - with a question about COW link breaking 1192592760 A * Supaplex waves to the OLPC project 1192592782 M * Supaplex Bertl_zZ might not answer, but you can ask anyway. 1192592822 M * Mitch_Bradley I am debugging a nasty filesystem corruption in JFFS2, and I have tracked it down to what appears to be cow_break_link() 1192592871 M * Mitch_Bradley The syndome, based on analysis of JFFS2 log records on the storage media, is that the file "joydev.ko\251" is created, then renamed, but 1192592893 M * Mitch_Bradley instead of being renamed to "joydev.ko", it is renamed to "joydev.ko\0" 1192592906 M * Mitch_Bradley where the null character is included in the length. 1192592962 M * Mitch_Bradley In most cases, the rename is correct, i.e. the \251 is removed from the name, decreasing the length by 1, but sometimes the \251 gets replaced by an included 1192592974 M * Mitch_Bradley null, rather than removed. 1192593060 M * Mitch_Bradley I have 2 questions at the moment: 1192593070 M * Mitch_Bradley a) Does this ring any bells 1192593145 M * Mitch_Bradley b) Why is joydev.ko, which is a kernel module, being "touched" to the extent that a cow operation needs to be performed. this is happening in early initscripts, when a few kernel modules are being loaded, not as a result of explicit modification of that file. 1192594722 Q * rorem- Ping timeout: 480 seconds 1192595705 J * rorem- ~roremtank@bzq-219-46-202.isdn.bezeqint.net 1192595930 Q * Hollow Remote host closed the connection 1192595942 J * Hollow ~hollow@proteus.croup.de 1192599444 J * Julius ~julius@p57B2746E.dip.t-dialin.net 1192600536 J * DavidS ~david@vpn.uni-ak.ac.at 1192600541 J * larsivi ~larsivi@101.84-48-201.nextgentel.com 1192601690 J * virtuoso ~s0t0na@ppp91-122-24-100.pppoe.avangard-dsl.ru 1192602100 Q * virtuoso_ Ping timeout: 480 seconds 1192602237 J * ntrs_ ~ntrs@79.125.230.44 1192602440 Q * transacid Ping timeout: 480 seconds 1192602616 Q * larsivi Quit: Konversation terminated! 1192602842 J * transacid ~transacid@transacid.de 1192603787 N * ensc Guest1952 1192603796 J * ensc ~irc-ensc@p54B4FDAA.dip.t-dialin.net 1192603905 Q * Guest1952 Ping timeout: 480 seconds 1192604230 J * balbir ~balbir@59.178.34.242 1192604714 Q * DavidS Quit: Leaving. 1192604793 N * Bertl_zZ Bertl 1192604797 M * Bertl morning folks! 1192604813 M * Bertl Mitch_Bradley: interesting ... 1192604844 M * Mitch_Bradley Bertl: we think there is a race in cow_break_link() 1192604858 M * Bertl let's hear ... 1192604869 M * neuralis Mitch_Bradley: it might be better for bertl to read the scrollback first 1192604878 M * Mitch_Bradley best guess is that two threads are trying to break the same link at the same time 1192604890 M * Mitch_Bradley Bertl: do you have scrollback on #olpc? 1192604901 M * Bertl yep :) 1192604922 M * Bertl but actually it won't hurt to paste the essential here too 1192604937 M * Bertl because this way, other folks (like daniel_hozac) can get the idea faster 1192604985 M * Bertl despite that, I think we might not handle \0 characters correctly 1192604998 M * Bertl still have to check if they are allowed in filenames 1192605010 M * neuralis well, the question is how the \0 winds up there 1192605010 M * Mitch_Bradley okay, jffs2 log records show quite clearly that the file joydev.ko is copied to joydev.ko\251 and then renamed back to joydev.ko 1192605018 M * Mitch_Bradley so far so good. But then 1192605037 M * Mitch_Bradley very soon thereafter, i.e. within the same 1-second timestamp, 1192605040 M * neuralis we see two entries in the fs log, with the same timestamp, of a rename attempting to occur on a CoW file; the first rename is joydev.ko\251 -> joydev.ko, but the second is joydev.ko\251 -> joydev.ko\0 1192605073 M * Mitch_Bradley joydev.ko is again copied to joydev.ko\251 and then renamed to joydev.ko\0 1192605087 M * Bertl yeah, that sounds like a race 1192605101 M * Bertl probably another copy when the splice is still in flight 1192605106 M * neuralis Bertl: solving the race isn't too hard, i think, but i want to track down the \0 1192605106 M * Mitch_Bradley the only way that two cow's on the same file could happen, I think, is if two processes 1192605121 M * Mitch_Bradley are trying to touch the file simultaneously 1192605144 M * Bertl taking the inode lock (probably dir) before the cow break should suffice 1192605156 M * Mitch_Bradley the only way I can see for the \0 to get there is for old_dirent to have its d_name.length field corrupted 1192605182 M * Bertl do you have the cow_break_link() at hand? 1192605198 M * Mitch_Bradley I am looking at the source, if that is what you mean 1192605204 M * Bertl I think one potential problem there is the pathlen = strlen(to); 1192605235 M * Mitch_Bradley but how would the "to" get corrupted. 1192605260 M * Bertl well, that depends on the question if \0 characters are allowed or not 1192605295 M * Mitch_Bradley postulate for the sake of argument that the input pathname does not have a spurious \0 1192605334 M * Bertl okay, then nothing evil should happen, we get the pathlen with the actual length 1192605343 M * Bertl we have a reentrant 'local' copy of that 1192605357 M * Mitch_Bradley note that this problem does not happen on the first rename 1192605361 M * Bertl worst thing that could happen IMHO is a double \251 1192605378 M * Mitch_Bradley it only happens in the case where there are two "simultaneous" renames of the same file 1192605394 M * neuralis Bertl: Mitch_Bradley and i no longer think it's a vserver bug, but we'd still like any help you can give us of tracking down how that \0 gets in there 1192605425 M * Bertl yes, of course, do you have a test case which triggers this? 1192605432 M * neuralis s/us of/us with/ 1192605434 M * Bertl if not, I'm going to create one 1192605435 M * Mitch_Bradley well, to the extent that the locking is wrong, that is probably something that should get fixed in the vserver fix 1192605440 M * Mitch_Bradley s/patch/fix/ 1192605457 M * Mitch_Bradley or vice versa :-) 1192605468 M * Bertl Mitch_Bradley: yes, the locking will be fixed shortly 1192605499 M * Mitch_Bradley I know in principle how to reproduce it, but it requires some build magic that I can't do quickly 1192605512 M * Mitch_Bradley I need help from c_scott and m_stone 1192605528 M * Bertl okay, if it is the simultanious rename, it should be relatively simple to recreate 1192605559 M * Bertl give me a few mninutes to try something, but I need to extend the debug output to show more data 1192605577 Q * hparker Quit: g'nite 1192605597 M * Mitch_Bradley in the jffs2 log, there is on other rename - of a different file - that sneaks in between the two offending ones 1192605624 M * neuralis i'll leave you guys to it and go back to the warmth of this python codebase. 1192605642 M * Mitch_Bradley but the fact that the same file has its link broken twice makes me think that the simultaneous rename scenario is happening. 1192605650 M * Bertl btw, to answer your second question, I think that might be depmod running in startup? 1192605667 M * Mitch_Bradley it could be. 1192605668 J * larsivi ~larsivi@85.221.53.194 1192605673 M * Bertl neuralis: make that ... 1192605696 M * Mitch_Bradley the combination of udev + all the cruft in rc.sysinit make it hard for me to grok the exact sequence 1192605708 M * neuralis Bertl: ;) i'll be here, so let me know if you need another pair of eyes on something 1192605710 M * Bertl Mitch_Bradley: hehe, you're not the only one :) 1192605719 M * Bertl neuralis: okay, thanks! 1192605719 M * neuralis Mitch_Bradley: you and the rest of the world :/ 1192605759 M * Mitch_Bradley I have been wanting to de-clutter that code for months. Maybe I'll have time soon. 1192605799 M * Bertl Mitch_Bradley: at the time we 'open' the file, the pathname (by definition) cannot contain any \0 1192605808 M * Bertl (in open_namei()) 1192605815 M * Mitch_Bradley I believe that 1192605853 M * Bertl we then pass it unmodified to cow_break_link() 1192605856 M * Mitch_Bradley the argument being a char *, after all 1192605874 M * Bertl yeah, well, char* and len would make that possible :) 1192605905 M * Mitch_Bradley the len gets introduced by the dentry representation 1192605931 M * Bertl yes, but as I said, at the time cow_break_link() is called, we have a 'pure' char * 1192605954 M * Mitch_Bradley and somehow the length is +1 on the second call to jffs2_rename 1192605960 M * Bertl so the pathlen = strlen(to) is correct 1192605976 M * Mitch_Bradley so I wonder if the dentry is getting polluted somehow 1192606007 M * Bertl to[pathlen+1] = 0; will leave exactly one space at the end 1192606014 M * Bertl to[pathlen] = pad--; 1192606027 M * Bertl will fill in the \251 (- \240) 1192606029 M * Mitch_Bradley yeah, but it's not new_dentry that is the problem 1192606048 M * Mitch_Bradley the problem is old_dentry, which is the name for the final copy 1192606049 M * neuralis Bertl: either that first path lookup (for the old dentry) returns wrong information, or it somehow gets corrupted within cow_break_link before vfs_rename 1192606053 M * neuralis the former seems more likely 1192606061 M * neuralis and by "wrong" i mean " 1192606070 M * neuralis "\0-containing filename" 1192606085 M * Mitch_Bradley old_dentry is correct for the first vfs_rename 1192606102 M * Mitch_Bradley because the first rename works correctly. 1192606106 M * Bertl do we have debug output showing the dentry names in the process? 1192606117 M * Mitch_Bradley It is the second rename where the destination name is wrong. 1192606143 M * Mitch_Bradley Bertl: no, all I have is post-mortem info from forensics on the JFFS2 filesystem. 1192606147 Q * balbir Read error: Operation timed out 1192606176 M * Mitch_Bradley Only recently did I form a complete enough picture to understand when this happened. 1192606206 M * Bertl okay, let me create a small debug patch to test with (and let me try to recreate the issue itself) 1192606214 M * Mitch_Bradley And I don't have the wherewithal to duplicate it. I know how in principle, but I need some help to set up the shallow copy scenario. 1192606227 M * Bertl that's trivial 1192606238 M * Bertl either do 'cp -la' 1192606243 M * Mitch_Bradley everything is trivial when you know everything. 1192606250 M * Bertl or ln a b 1192606309 M * Bertl then use setattr --iunlink on the files (optionally -R) 1192606334 M * Bertl this will give you a potential candidate for CoW link breaking 1192606370 M * Bertl (if you don't have setattr, you can use vcmd too, but that's a little trickier) 1192606442 M * Mitch_Bradley I don't know what I have or don't. Ever since c_scott started doing this magic, I lost track of what is what. I have been doing the forensics by dumping jffs2 nodes from Open Firmware. 1192606466 M * Bertl right, should have expected that :) 1192606495 M * Bertl Mitch_Bradley: no worries, should have something shortly 1192606496 M * Mitch_Bradley You can't see the obsoleted nodes with Linux tools. 1192606862 M * Bertl I'm using the Linux-VServer debug information 1192606897 M * Bertl so I can see what happens at that layer .. and if everything looks fine there, even in 'racy' cases, we'll add debug to the jffs2 code 1192607545 Q * pusling Ping timeout: 480 seconds 1192607722 J * dna ~dna@29-202-dsl.kielnet.net 1192607798 J * JonB ~NoSuchUse@0x5739c8b4.roennqu1.broadband.tele.dk 1192607980 Q * ntrs_ Ping timeout: 480 seconds 1192607988 J * transaci1 ~transacid@transacid.de 1192608085 Q * transacid Ping timeout: 480 seconds 1192608151 J * speedy ~speedy@194.126.63.191 1192608346 J * gebura ~gebura@173.201.101-84.rev.gaoland.net 1192608377 M * gebura hi 1192608489 M * Bertl wb gebura! 1192608545 M * gebura hello :) 1192609209 Q * JonB Quit: This computer has gone to sleep 1192609420 M * Bertl Mitch_Bradley: there is definitely something strange going on, should have a debug dump in a few minutes 1192609440 M * Mitch_Bradley looking forward ... 1192609571 J * Fire_Egl FireEgl@2001:5c0:84dc:1:7d36:48d9:e007:f57d 1192609946 J * Piet ~piet@tor.noreply.org 1192610182 M * Bertl Mitch_Bradley: http://paste.linux-vserver.org/6989 1192610201 M * Bertl (note that a,b,c and d are linked) 1192610214 A * Mitch_Bradley stares 1192610227 M * Bertl see the ' c':2 at the end? 1192610245 M * Mitch_Bradley yes 1192610261 M * Bertl I have not the slightest idea how that one is generated 1192610299 M * Bertl well, hmm, actually I guess I know what happens 1192610382 M * Mitch_Bradley is this on a jffs2 FS, or a different FS? 1192610391 M * Bertl that's on ext3 1192610437 M * Bertl line 27 - is the interesting stuff 1192610608 M * Mitch_Bradley it appears that a space character got inserted at the beginning of the name on line 49. Am I interpreting the data correctly? 1192610635 M * Bertl well, yes, actually the dentry got modified somehow 1192610651 M * Bertl we are outputting the dentry data there, like this: 1192610673 M * Bertl "[»%*s«:%d]", old_dentry->d_name.len, old_dentry->d_name.name, old_dentry->d_name.len 1192610705 M * Bertl so, somehow, the old dentry changed from 'c':1 to ' c':2 1192610708 M * Mitch_Bradley maybe the dentry got freed and reused from the slab allocator, but somebody was still holding a reference to it. 1192610733 M * Bertl that would make sense, if we wouldn't hold a reference to the dentry in our code? 1192610749 M * Mitch_Bradley I'm just guessing wildly... 1192610782 M * Bertl yeah, guess on, I'm open for weird ideas :) 1192610791 M * eyck_ well, what about aliens? 1192610799 M * eyck_ isn't that a weird idea? 1192610819 M * Mitch_Bradley aliens must register at the nearest government office 1192610827 M * Bertl eyck_: you sould know, are your little green friends involved or not? 1192610987 M * Mitch_Bradley Bertl: you could print the dirent in a lot more places, including the address of d_name, to narrow down where it goes bad. 1192611044 M * Bertl will do so, good old printf/k debugging :) 1192611112 M * Mitch_Bradley Bertl: perhaps the char * that is getting passed in is not distinct in the two cases, so that is what is getting overwritten. 1192611121 M * Mitch_Bradley or something. 1192611150 M * Mitch_Bradley Anyway, enough printks should eventually yield the answer, now that you have a test case. 1192611179 M * Bertl not even sure this test case is the one we are looking for 1192611187 M * Bertl but it is definitely something to look into 1192611195 M * Mitch_Bradley yep 1192611206 M * Mitch_Bradley thanks for the help. I need to sleep now. 1192611215 M * Bertl have a good one, cya later 1192611363 J * JonB ~NoSuchUse@0x5739c8b4.roennqu1.broadband.tele.dk 1192611734 Q * eyck_ Quit: leaving 1192611748 J * eyck ~eyck@nat.nowanet.pl 1192611760 M * Bertl wb eyck! 1192612431 Q * Fire_Egl Read error: Connection reset by peer 1192612450 Q * FireEgl Read error: Connection reset by peer 1192612957 J * lilalinux ~plasma@dslb-084-058-210-024.pools.arcor-ip.net 1192612962 Q * JonB Quit: This computer has gone to sleep 1192613109 M * speedy i've added new virtual server, and when i login to that server via ssh i appear to be in the host system 1192613132 M * Bertl probably because you are logging into the host system :) 1192613149 Q * larsivi Quit: Konversation terminated! 1192613150 M * Bertl speedy: did you restrict your host sshd to host IPs? 1192613177 M * Bertl speedy: if not, then the guest sshd failed to start because the guest IP was already bound by the host's sshd 1192613212 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1192613212 M * speedy do i have to install sshd on VPS ? 1192613218 M * Bertl no 1192613221 J * Fire_Egl FireEgl@2001:5c0:84dc:1:7d36:48d9:e007:f57d 1192613296 J * larsivi ~larsivi@85.221.53.194 1192613316 M * speedy i bound ssh to the host ip 1192613333 M * speedy and i cannot connect to the vps ssh port now 1192613345 M * Bertl restart the guest (or at least the sshd inside) 1192613406 M * speedy same thing, i'm afraid sshd is not installed by default 1192613424 M * Bertl well, that is possible, what distro do you use? 1192613424 M * speedy when i restarted the guest i got this error 1192613425 M * speedy cat: /proc/cmdline: No such file or directory 1192613430 M * speedy mountie: permission denied 1192613442 M * speedy mount 1192613454 M * speedy debian etch 1192613458 M * Bertl that sounds strange, properly created guests should not do that 1192613476 M * Bertl how did you create the guest, and what util-vserver version do you use? 1192613552 M * speedy newvserver --vsroot /var/lib/vservers/ --hostname test1 --domain example.com --ip 10.1.1.7/8 --dist etch --mirror http://ftp.au.debian.org/debian/ 1192613577 M * Bertl ah, no wonder, please remove the newvserver/debiantools 1192613581 M * speedy util-vserver 0.30.212-1 1192613593 M * Bertl and avoid it in the future, also update to 0.30.214 from backports 1192613610 M * Bertl newvserver is deprecated and does funny things 1192613633 M * Bertl and you can do the same and much more with util-vserver 1192613690 M * speedy alright 1192613712 M * speedy shall i reinstall guest os ? 1192613733 M * Bertl you can fix it up manually, but doing with with util-vserver is probably easier 1192613753 M * Bertl (unless you have a slow connection) 1192613771 M * gebura speedy, there is a special debian vserver tool 1192613808 M * gebura i've added new virtual server, and when i login to that server via ssh i appear to be in the host system 1192613813 M * Bertl gebura: if you are referring to newvserver, yes, and it should be avoided at all cost 1192613819 M * gebura it is a common problem 1192613851 M * gebura just a minute , i search something 1192613873 M * Bertl speedy: your newvserver line would look like this with util-vserver: 1192613885 M * gebura you should edit /etc/ssh/sshd_config 1192613895 M * gebura and use listen directive 1192613904 M * gebura to bind the host ssh only on 1 ip 1192613949 M * Bertl vserver test1 build -m debootstrap --context 42 --hostname test1.example.com --interface eth0:10.1.1.7/8 -- -d etch -m http://ftp.au.debian.org/debian/ 1192613952 M * speedy i did that it didnt work 1192613959 M * speedy geubra 1192613967 M * speedy i'm reinstalling with vserver tools 1192613970 M * Bertl add an optional -- --arch i386 (if you are on amd64 and want a 32bit guest) 1192613993 M * gebura speedy, you should also redirect via iptables 1192614049 M * gebura like "-A PREROUTING -s ! 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.0.2:22" 1192614089 M * Bertl hmm? 1192614089 M * speedy why do i have to do that? 1192614105 M * speedy its already on different IP 1192614112 M * Bertl no idea, only makes sense if you want to DNAT from a different ip 1192614118 M * speedy exactly 1192614120 M * gebura http://linux-vserver.org/Networking_vserver_guests 1192614146 M * Bertl speedy: better forget about that for now :) 1192614356 M * speedy worked 1192614360 M * speedy thanks 1192614365 M * speedy i had to install ssh on the host system 1192614370 M * speedy i mean guest system 1192614411 M * Bertl yes, but you should not see any of the beforementioned errors on a properly installed guest 1192614426 M * speedy there was no errors 1192614430 M * speedy everything went fine 1192614432 M * Bertl excellent! 1192614446 M * speedy memory is shared between guest systems? 1192614460 M * Bertl yes and no 1192614481 M * speedy by default? 1192614487 M * Bertl by default, the available memory is available for all guest 1192614500 M * Bertl mapping (exec and read only) of hardlinked files are shared 1192614524 M * Bertl anonymous and shared memory is not shared :) 1192614541 M * speedy how can i duplicate a virtual server? 1192614554 M * Bertl check out 'vserver - build --help' 1192614565 M * Bertl you will find the rsync and clone build method 1192614654 M * speedy i tried to stop vps, and got errors again 1192614665 M * speedy cat: /proc/cmdline: No such file or directory 1192614672 M * speedy Unmounting temporary filesystems...umount: none: not found 1192614677 M * speedy umount: /tmp: must be superuser to umount 1192614681 M * speedy umount: none: not found 1192614688 M * Bertl you sure you are using 0.30.214? 1192614707 M * speedy 0.30.212-1 1192614712 J * lolcakes nubcake@PWN3R.rl-dorms.osu-okmulgee.edu 1192614720 M * Bertl as I said, upgrade to 0.30.214 from backports 1192614730 M * lolcakes Hi 1192614734 M * Bertl welcome lolcakes! 1192614742 M * Bertl speedy: and complain to the debian folks :) 1192614746 M * lolcakes Hellow bertl 1192614750 M * speedy i will 1192614764 M * lolcakes I am looking for professionals in the IT industry 1192614779 M * lolcakes and I was wondering if anyone was willing to be interviewed in here 1192614800 M * Bertl so you consider us professionals in the IT industry? 1192614815 M * alex__ Bertl, morning :) 1192614821 M * Bertl morning alex__! 1192614831 M * lolcakes If you have had a job in the IT field 1192614840 M * lolcakes and have an educational background then yes 1192614850 M * Bertl okay, guess that applies :) 1192614866 M * Bertl so let's hear your questions then ... 1192614874 M * lolcakes Can I pm you? 1192614893 M * Bertl why not 1192614917 M * Bertl ah, and definitely have a look at Linux-VServer, will you? 1192614924 J * Yvo ~yvonne@91.64.217.106 1192614929 M * Bertl welcome Yvo! 1192614945 M * Yvo hi Bertl! 1192615046 M * speedy bertl the latest version of util-vserver for amd64 arch in backports is 0.30.213 1192615051 M * speedy is that ok? 1192615067 M * Bertl better than nothing, but 0.30.214 should be somewhere 1192615086 M * speedy only available for i386 arch 1192615099 M * Yvo my (v)server drives me crazy :-/ 1192615116 M * Yvo currently I have two big problems 1192615177 M * Yvo it has kernel panics very often, last reboot was this morning at 3.42 1192615259 M * alex__ last night i tried to boot 2.6.22 with vserver patch , the server monkeys said that it didnt boot cause of this error: 1192615264 M * alex__ check root=bootarg cat /proc/cmdline for missing modules, devices: cat /proc/dev 1192615264 M * alex__ ALERT! /dev/md0 does not exist. 1192615302 M * Yvo the other prob is with clamAV on the virtual system, the rights of var/run/clamav/clamav-milter.ctl change from time to time, I do nothing, but the "w" in group rights is lost 1192615319 M * Bertl alex__: somebody (probably a script in initramfs) has to create it (with udev) 1192615344 M * Yvo I've got a cron job now which sets this right every 5 minutes 1192615366 M * Bertl Yvo: if you are using a recent Linux-VServer kernel, then the kernel panics are very likely not Linux-VServer related (I would opt for the hardware) 1192615376 M * Bertl Yvo: do you have any of those panics to look at? 1192615425 Q * lolcakes 1192615432 M * bzed speedy: from when is the upload in backports? 1192615450 M * bzed there's still that dumb dietlibc bug, not sure if that was fiex in bpo 1192615495 M * Yvo Bertl: I'm using debian lenny, so it should be up to date... 1192615516 M * Bertl Yvo: no idea, what does `uname -a` tell you? 1192615563 M * speedy bzed i have no idea, i've just upgraded util-vserver from backports, i dont if i should also get linux-image-vserver from backports as well 1192615586 M * Yvo bertl: Linux marc1 2.6.22-2-vserver-amd64 #1 SMP Fri Aug 31 00:21:18 UTC 2007 x86_64 GNU/Linux 1192615615 M * Bertl Yvo: so that let's us hope for the best, be we do not know which patch they actually used ... 1192615634 M * Bertl -' 1192615638 M * speedy Bertl: upgrading to 0.30.213 fixed my problem, thanks! 1192615667 M * Bertl speedy: you're welcome! look out for 0.30.214 when it gets into backports 1192615670 M * alex__ Bertl, hmm im not sure how to go about it, im stumped, my kernelling skills isnt too sharp unfortunatly 1192615693 M * alex__ Bertl, any clues? 1192615703 M * Bertl alex__: it doesn't look like a kernel problem to me 1192615717 M * Bertl alex__: IMHO your initramfs is not working properly 1192615737 M * Bertl alex__: note that you need to create one for each kernel (or your tools should do that for you) 1192615744 M * alex__ yeah it did 1192615766 M * alex__ i used apt-get via backports and got the 2.6.22 kernel with vserver 1192615776 M * alex__ my normal 2.6.22-k7 kernel works fine 1192615780 M * Bertl and that one didn't boot for you? 1192615787 M * alex__ nah it didnt 1192615800 M * Bertl then I would go directly to #debian and tell them 1192615816 M * bzed hmm 1192615828 M * bzed the 2.6.22 from bpo runs at least on sparc 1192615862 M * Bertl there is no reason why a Linux-VServer kernel compiled with the same config as a normal kernel should not boot (when the unpatched one boots) 1192615924 M * alex__ exactly 1192615955 M * alex__ this is what i pasted in #debian on freenode: 1192615955 M * alex__ i was using apt-get via backports to get vmlinuz-2.6.22-2-vserver-k7 -> when i boot the kernel, it errors on me saying: check root=bootarg cat /proc/cmdline for missing modules, devices: cat /proc/dev ALERT! /dev/md0 does not exist. ..... however my normal 2.6.22-2-k7 kernel works fine, can anyone help me whats going on here? 1192616017 M * alex__ hmmm 1192616022 M * Bertl my suggestion would be this: (but it would help if you had a remote console) 1192616046 M * Bertl build the debian kernel (unpatched) yoursel, and install it (until it boots) 1192616052 M * Bertl *yourself 1192616058 M * alex__ when i check /proc/cmdline, and /proc/devices ..... /dev/md0 isnt in /proc/devices 1192616094 M * alex__ hmm ok 1192616100 M * Bertl that is perfectly fine, I would be surprised if you found that in /proc/devices 1192616130 M * Bertl it should contain: 9 md though 1192616169 M * Bertl alex__: but, I probably have a simpler way to check what's going wrong for you :) 1192616187 M * Bertl could you upload the initramfs for both kernels somewhere? 1192616196 M * alex__ Bertl, i was using apt-get via backports to get vmlinuz-2.6.22-2-vserver-k7 -> when i boot the kernel, it errors on me saying: check root=bootarg cat /proc/cmdline for missing modules, devices: cat /proc/dev ALERT! /dev/md0 does not exist. ..... however my normal 2.6.22-2-k7 kernel works fine, can anyone help me whats going on here? 1192616200 M * alex__ opps 1192616210 M * alex__ Bertl, http://pastebin.com/m4e64fac9 1192616222 M * alex__ ok 1192616223 M * alex__ 1min 1192616248 M * alex__ initrd.img-2.6.22-2-vserver-k7 1192616249 M * alex__ this? 1192616255 M * alex__ and initrd.img-2.6.22-2-k7 ? 1192616258 M * Bertl yep 1192616264 M * alex__ 1min 1192616296 M * bzed alex__: are you using scsi devices? 1192616315 M * alex__ bzed, how do i check on this box 1192616322 M * bzed alex__: can you get the output from the boot somewhere in the net? like... take a photo? 1192616324 M * alex__ im not sure if its sata or scsi to be honest 1192616335 M * alex__ bzed, cant, server in another country 1192616338 M * bzed oh 1192616347 M * alex__ i have to get the monkeys to tell me what the error was 1192616404 M * speedy can i run iptables in VPS ? 1192616439 M * Bertl speedy: no, but you can relay iptable commands to a policy daemon on the host 1192616474 M * speedy thats better 1192616614 M * alex__ Bertl, sent you links via pm :) 1192616649 M * Bertl sure? 1192616654 M * bzed no, you sent them to me 1192616657 M * alex__ oh 1192616658 M * alex__ heh 1192616673 M * alex__ bzed, feel free to look at them too :) 1192616808 M * bzed alex__: you could dissect them ;) 1192616820 M * alex__ dissect? :) 1192616832 M * bzed but try dmesg | less and search for sda 1192616840 M * bzed and look which kind of disk you ahve 1192616858 M * bzed if it's scsi I have something for you, I guess 1192616966 M * alex__ check pm 1192616968 M * alex__ thats what i found 1192616975 M * bzed that's sata 1192616992 M * alex__ ok =/ 1192617038 M * alex__ is there anyway too see in logs somewhere what happend on the previous bootup? 1192617120 M * alex__ Bertl, any luck? :S 1192617171 M * Bertl double check that you are actually using the right initrd for the vserver kernel 1192617241 M * alex__ Bertl, pm :) 1192617979 J * julius_ ~julius@p57B2746E.dip.t-dialin.net 1192618202 Q * Julius Ping timeout: 480 seconds 1192618910 M * alex__ bzed, working now :) 1192619665 M * speedy for some reason this iptables rule not working for me, iptables -t nat -A PREROUTING -p tcp --destination 69.61.36.240 --dport 80 -j REDIRECT --to-ports 12272 1192619706 M * speedy i used to have it working on real servers 1192619719 M * Bertl what do you expect it to do? 1192619732 M * speedy 69.61.36.240 is the ip of the VPS, and this rule is set on the host system 1192619767 M * speedy i expect it to redirect traffic to destination 69.61.36.240 port 80 to port 12272 1192619799 M * Bertl an that works on a different system? 1192619804 M * speedy yes 1192619813 M * Bertl with the host IP as destination? 1192619824 M * speedy yes 1192619865 M * Bertl well, I'm somewhat suprised that it works, but if it works, there is no reason why it shouldn't work on the same, but Linux-VServer patched kernel 1192619920 M * daniel_hozac try DNAT instead... 1192620017 A * baggins just killed his server with bind(2) 1192620034 M * Bertl baggins: how so? 1192620052 M * Bertl daniel_hozac: hey, we have a race issue in cow link breaking 1192620054 Q * danman Read error: Connection reset by peer 1192620059 J * danman danman@eliza.wigner.bme.hu 1192620060 M * daniel_hozac Bertl: yeah, i saw. 1192620073 M * Bertl daniel_hozac: let me upload some debug patches 1192620079 M * daniel_hozac what's the problem exactly? don't we down the directory sem? 1192620088 M * Bertl that is not possible 1192620104 M * Bertl gives a circular dependancy 1192620105 M * baggins daniel_hozac: seems you were right yesterday, I'll do one more test 1192620116 M * daniel_hozac baggins: you managed to crash the new kernel? 1192620131 M * daniel_hozac i.e. the one with the fix? 1192620133 M * baggins daniel_hozac: the old one with simple test 1192620145 M * baggins I'll test with the fix in a moment 1192620208 M * daniel_hozac okay, keep us posted... 1192620209 M * speedy daniel_hozac tried DNAT without luck 1192620235 M * Bertl speedy: verify that it actually works with an unpatched kernel 1192620235 M * speedy iptables -t nat -A PREROUTING -m tcp -p tcp --destination 69.61.36.240 --dport 80 -j DNAT --to-destination 69.61.36.240:12272 1192620263 M * daniel_hozac and how exactly are you testing it? 1192620274 M * speedy telnet 69.61.36.240 80 1192620300 M * daniel_hozac from a completely different location, right? 1192620327 M * speedy i was testing from host server 1192620333 M * daniel_hozac just to make sure, you _do_ have something listening there too? 1192620351 M * daniel_hozac i.e. using 12272 works fine? 1192620357 M * speedy yes 1192620368 M * Bertl speedy: from the very same machine you do the REDIRECT on? 1192620377 M * speedy daniel_hozac i was wrong, DNAT works now, REDIRECT doesnt 1192620384 M * Bertl speedy: and that works on a different machine? 1192620387 M * speedy i tested from different location it works fine with DNAT 1192620441 M * speedy Bertl all my servers have the same rules, i'm testing virtual server and am gonna switch if i find it stable 1192620459 M * Bertl speedy: what I'm trying to figure is the following: 1192620476 M * Bertl speedy: - you are testing the rule _on_ the host, _to_ the host 1192620485 M * daniel_hozac i would not really expect REDIRECT to work from the same machine. 1192620502 M * Bertl speedy: - it works on a different machine if you do it _on_ the other machine _to_ the other machine 1192620514 M * speedy Bertl i was testing REDIRECT from different host as well 1192620532 M * Bertl speedy: and in no case a forwarding is involved 1192620547 M * speedy daniel_hozac even from different machine it doesnt work on my host system 1192620569 M * speedy Bertl net.ipv4.ip_forward is enabled 1192620571 M * Bertl speedy: if that is true, I would ask you to do the same test with and without the Linux-VServer patch (identical kernel) 1192620574 M * baggins daniel_hozac: look like s/ipv6_only_sock/inet_v6_ipv6only/ fixes the problem 1192620605 M * daniel_hozac baggins: good, thanks! 1192620609 M * Bertl speedy: as there is no difference to be expected in the network stack, and if there actually is a difference, we are dealing with a bug 1192620625 M * speedy Bertl I will do that shortly 1192620776 M * daniel_hozac Bertl: http://people.linux-vserver.org/~dhozac/p/k/delta-v6tw-fix01.diff 1192620820 M * Bertl ah, nice 1192620882 A * baggins is happy, no more mysterious net oopses :) 1192620958 J * ntrs_ ~ntrs@79.125.230.44 1192621085 M * daniel_hozac Bertl: 2.3.0.27 is missing http://vserver.13thfloor.at/Experimental/delta-cow-fix14.diff? 1192621094 J * Federico2 ~fede@tor-irc.dnsbl.oftc.net 1192621097 P * Federico2 1192621152 M * Bertl is it? 1192621168 M * daniel_hozac AFAICT, at least. 1192621191 M * Bertl yeah, seems so, will add it too 1192621192 M * Bertl tx 1192621783 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1192621845 M * Bertl daniel_hozac: usual place, three debug deltas 1192621885 M * Bertl http://paste.linux-vserver.org/6990 (test sequence) 1192621918 M * julius_ http://phpfi.com/269489 <- is that the proper way to use iptables with vservers? 1192622039 M * Bertl julius_: quite a number of rules :) 1192622059 M * julius_ i have just started 1192622139 M * Bertl but I don't see anything Linux-VServer specific .. 1192622177 M * julius_ iptables -A INPUT -d www -j www_input 1192622180 M * Bertl daniel_hozac: I'm going to implement the lock/lookup used in do_rename() for the cow link breaking rename now) 1192622192 Q * ntrs_ Ping timeout: 480 seconds 1192622208 M * julius_ i split the traffic by destination/source ip 1192622236 M * julius_ is there anything special i have to consider when firewalling vservers? 1192622257 M * Bertl no, nothing unusual there (just keep in mind, no forwarding is involved) 1192622309 M * julius_ so i can disable forwarding 1192622337 M * Bertl if you do not forward anything on the host, yes 1192622359 M * julius_ not yet :) 1192623397 J * ema ~ema@rtfm.galliera.it 1192623898 J * infowolfe ~infowolfe@home.dsl.hardcore-linux.net 1192624193 Q * mugwump Remote host closed the connection 1192624667 M * speedy Bertl, i've tested the redirect rule on two systems, 2.6.18-5-vserver-amd64, 2.6.18-5-amd64, it only works on latter 1192624688 M * infowolfe speedy, got a diff of their .configs? 1192624723 M * Bertl was going to ask the same :) 1192624734 M * infowolfe how goes, Bertl? 1192624743 M * Bertl fine, thanks! and for you? 1192624749 M * infowolfe not terrible ;-) 1192624780 M * infowolfe there is software i don't trust having root on my box that i'm going to convert for vserver use ;-) 1192624792 M * infowolfe ever heard of trixbox? 1192624808 M * speedy http://paste.linux-vserver.org/6993 1192624826 M * Bertl infowolfe: isn't that asterisk relatedß 1192624832 M * infowolfe Bertl, yup 1192624854 M * infowolfe speedy, -Nur is usually more readable ;-) 1192624855 M * Bertl speedy: okay, and what is your test case? 1192624913 M * speedy in the vserver host system, i'm redirecting traffic coming to the VPS IP on port 80 to port 12272 1192624919 M * Bertl speedy: also note tht those are two debian kernels, so we do not know what patches they include 1192624926 Q * FireEgl Read error: Connection reset by peer 1192624964 M * Bertl speedy: and the VPS ip is assigned on both kernels? 1192624969 M * speedy and in the real server, i'm redirecting traffic coming to the server IP on port 80 to port 12272 1192624990 M * Bertl then try that for the server IP on the vserver kernel too 1192625003 M * Bertl i.e. do not change _what_ you are testing 1192625031 M * speedy test on the host system it self? 1192625039 M * speedy without the VPS 1192625040 M * daniel_hozac same method. 1192625046 M * Bertl yes, all networking happens on the host system anyways 1192625054 M * speedy i'll do that 1192625074 M * Bertl so you can test with the host IP or alternatively with the guest IP (after assigning it on the host) 1192625095 M * Bertl in both cases, do not bother to start the guest, it has nothing to do with the setup/test 1192625116 P * friendly12345 1192625123 M * infowolfe Bertl, do you have any pre-existing trixbox images? 1192625135 M * Bertl infowolfe: nope, never used it 1192625139 M * infowolfe if not, perhaps i'll have to publish a couple 1192625165 M * infowolfe it'll be interesting to see how well vserver reacts while doing voip ;-) 1192625222 M * Bertl daniel_hozac: can you remind me why we dput the new dentry but not the old one? 1192625279 M * daniel_hozac aren't we missing mntputs too? 1192625316 M * Bertl I'm more thinking in the direction that we are dputing one we shouldn't 1192625344 M * Bertl the path_release()es are supposed to do that, IMHO 1192625360 M * daniel_hozac well, we have an additional mntget/dget for both old and new. 1192625384 M * daniel_hozac unless path_lookup isn't get'ing them as i'd expect. 1192625429 M * Bertl okay, I'm going through them again and add a comment what each of them does 1192625683 J * mugwump ~samv@watts.utsl.gen.nz 1192625732 J * FireEgl FireEgl@4.0.0.0.1.0.0.0.c.d.4.8.0.c.5.0.1.0.0.2.ip6.arpa 1192625813 Q * pmenier Remote host closed the connection 1192625817 M * Bertl okay, path_lookup() will get us a working nameidata which is holding references to the dentry and mnt 1192625843 M * Bertl those will get released on path_release() 1192625862 M * daniel_hozac right. 1192625907 M * Bertl we create the new_dentry on our own 1192625916 M * Bertl so that should have a reference too 1192625941 M * julius_ i simply hate the combination of linux-vserver and openvpn 1192625968 M * julius_ there is no error but i doesn't work either :) 1192625997 M * Bertl daniel_hozac: we need the deg/mntget for the dentry_open() 1192626002 M * Bertl *dget 1192626041 M * daniel_hozac ah, so new/old_file own those references, okay. 1192626052 M * Bertl yep, and they get released on error 1192626064 M * daniel_hozac yeah 1192626077 M * Bertl I remember that this confused the hell out of me when I first figured it :) 1192626078 J * pusling pusling@77.75.162.71 1192626081 M * daniel_hozac now that comment makes sense :) 1192626135 M * Bertl I changed that from dentry to dentry/mnt :) 1192626141 M * daniel_hozac heh, good. 1192626174 M * Bertl so still leaves us with the strange dput(new_dentry); at the end 1192626198 M * Bertl which is most likely paired with the create 1192626213 M * daniel_hozac yeah. 1192626217 M * alex__ hmm i need to get a block of ip addresses, cause my host is being a bastard and wont assign me more ip's, anyone know where i get myself 4or5 ipaddresses for cheap? 1192626227 M * sid3windr ehh 1192626233 M * sid3windr you won't be able to use them at your current host then 1192626247 M * sid3windr (unless you tunnel them back to where you're getting them from) 1192626253 M * Bertl alex__: yep, no routing, no luck 1192626279 M * alex__ he said i could attach the ip addresses to his network 1192626285 M * daniel_hozac Bertl: we'd have to dput after the create, no? i mean, otherwise that reference will never die? 1192626293 M * neuralis Bertl: did you and mitch have any luck? 1192626302 M * sid3windr alex__: that would work, if you got a /24 or more 1192626319 M * Bertl neuralis: I think I identified a definitive race, not sure that is related to your observations 1192626326 M * alex__ sid3windr, but to find a cheap /24 is the problem 1192626328 M * alex__ any clues? 1192626329 M * neuralis Bertl: interesting, what was racing? 1192626335 M * sid3windr alex__: yes, no. :] 1192626340 M * Bertl neuralis: I have a few test cases, which would be nice to see if they cause what you saw 1192626366 M * Bertl neuralis: it seems to me that we need some more protection around the actual rename in the link breaking case 1192626381 M * Bertl neuralis: I'm adding that as we speak 1192626387 Q * larsivi Quit: Konversation terminated! 1192626410 M * Bertl neuralis: if all else fails, we can put the entire CoW operation under a global mutex 1192626448 M * Bertl neuralis: but I'm positive that this will not be required 1192626469 M * Bertl s/positive/confident/ :) 1192626496 M * daniel_hozac shouldn't we lock old rather early? 1192626503 M * alex__ sid3windr, ;) 1192626506 M * daniel_hozac like, as early as possible? 1192626521 M * Bertl daniel_hozac: the thing is, we cannot lock any of the involved inodes 1192626539 M * Bertl not the old one, not the copy, and definitely not the directory 1192626542 M * neuralis Bertl: cool 1192626571 M * Bertl daniel_hozac: so all we can do is recreate the tricky locking the do_rename() does 1192626575 M * daniel_hozac so two threads entering cow_break_link for the same file will cause two copies? 1192626593 M * Bertl yes, and one will replace the other 1192626597 M * daniel_hozac right. 1192626633 M * Bertl the only way I see to prevent that is a filesystem wide lock/mutex 1192626665 M * daniel_hozac locking the superblock? 1192626670 M * Bertl or we add another mutex to the inode struckt 1192626675 M * daniel_hozac that seems... very excessive. 1192626675 M * Bertl *struct 1192626703 M * speedy bertl, using redirect on the vserver host system for the vserver host ip works fine 1192626714 M * Bertl daniel_hozac: so I think we should be fine with the 'replace' semantic above 1192626716 M * speedy but redirecting to VPS IP doesnt work 1192626723 M * daniel_hozac yeah, sure. 1192626738 M * daniel_hozac it'll be fine, but it might not be the most performant... 1192626740 M * Bertl speedy: okay, and I guess the same happens on both kernels 1192626777 M * Bertl daniel_hozac: it might be that locking the filesystem is actually better 1192626801 M * Bertl daniel_hozac: because it doesn't make too much sense to have two concurrent link breakings going on 1192626802 M * speedy Bertl, what could be the reason? 1192626809 M * daniel_hozac Bertl: why not? 1192626823 M * daniel_hozac Bertl: i mean, for two entirely separate files. 1192626828 M * Bertl speedy: maybe primary vs. secondary? 1192626845 M * Bertl daniel_hozac: the CoW link breaking means ongoing splice 1192626845 M * speedy Bertl i dont understand 1192626865 M * Bertl daniel_hozac: not sure that it makes sense to have two of them running 1192626894 M * Bertl daniel_hozac: alternatively we could flag the inode at the beginning 1192626927 M * Bertl speedy: check with 'ip addr ls' 1192626939 M * Bertl speedy: compare the two IPs against eachother 1192626960 M * daniel_hozac Bertl: yeah, something like adding an atomic_t to the inode would work... 1192626994 M * Bertl I thought more of an existing flag, but yes :) 1192627072 M * speedy Bertl, yes the VPS IP is secondary eth0 1192627094 M * daniel_hozac speedy: Bertl's right, -j REDIRECT will get the primary address of the incoming interface and redirect the traffic there. 1192627165 M * speedy make sense 1192627204 M * speedy i'll use DNAT then 1192627212 M * Bertl should do the trick :) 1192627288 M * daniel_hozac Bertl: yeah, i guess test_and_set_bit would work too... 1192627538 M * alex__ whilist setting up a vserver 1192627543 M * alex__ on the -interface string 1192627567 M * alex__ can i define an already exsisting interface such as eth3:4 which is a internet accessible ip address? 1192627578 M * alex__ or to i first have to get rid of it in /etc/network/interfaces 1192627592 M * matti Hi Bertl 1192627593 M * alex__ and then proceed to assign the vserver the ip? 1192627598 M * Bertl if you want to use just the ip address, do not specify any interface 1192627600 M * matti Hi speedy 1192627609 M * matti :) 1192627630 M * alex__ 255.255.255.224 1192627633 M * alex__ thats a /29? 1192627660 M * epicbjorn /29 is 248 1192627692 M * sid3windr apt-get install ipcalc ;) 1192627741 M * speedy hi matti 1192627795 M * infowolfe matti, /27 1192627810 M * matti ? :) 1192627822 M * infowolfe you lose 2^1 for every / 1192627826 M * sid3windr MATTI: SLASH TWENTYSEVEN. 1192627830 M * sid3windr and don't you forget it 1192627832 M * infowolfe sorry, that was alex__ that wanted it 1192627837 M * matti sid3windr: Sir yes sir! 1192627843 M * matti :) 1192627845 M * matti infowolfe: No worries. 1192628537 M * alex__ :D 1192628870 J * yarihm ~yarihm@84-75-130-73.dclient.hispeed.ch 1192628881 M * alex__ okay ive configure my vserver with eth3:4's ip address and i can ping google with it 1192628896 M * alex__ now when im externel coming to the server with ssh on that same ip address 1192628905 M * alex__ its going to the main server instead of the vserver 1192628923 M * alex__ is this when i need iptables or something? 1192628944 M * alex__ my server has 4 ip addresses, i want to assign eth3:4's ip address to the vserver and have all traffic going to that :) 1192628953 Q * Aiken Remote host closed the connection 1192628979 M * daniel_hozac no, just limit the host's sshd to the host's IP addresses. 1192629007 M * alex__ what about other traffic such as http and pop etc 1192629028 M * daniel_hozac same. 1192629034 M * daniel_hozac in general, don't run services on the host. 1192629051 M * alex__ what do you mean by limit? 1192629066 M * daniel_hozac ListenAddress in sshd_config. 1192629068 M * alex__ like deny the host ssh from connecting via eth3:4's ip? 1192629077 M * alex__ right 1192629148 M * alex__ nope it says connection refused 1192629160 M * alex__ km31919:~# vserver hex1 build -m debootstrap --hostname hex.naturalservers.com --interface 84.19.178.6/27 -- -d etch -m http://sunsite.informatik.rwth-aachen.de/ftp/pub/Linux/debian/ -- --resolve-deps --arch i386 1192629176 M * alex__ and this is my eth3:4 config: 1192629177 M * alex__ eth3:4 Link encap:Ethernet HWaddr 00:11:6B:94:C2:50 1192629178 M * alex__ inet addr:84.19.178.6 Bcast:84.19.178.31 Mask:255.255.255.224 1192629178 M * alex__ UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1192629178 M * alex__ Interrupt:18 Base address:0xe800 1192629208 M * daniel_hozac and, did you start sshd in the guest? 1192629258 M * alex__ ahh heh 1192629260 M * alex__ ok works :) 1192629266 A * epicbjorn whispers something about people still using ifconfig 1192629429 M * alex__ is there anyway of me locking in this vserver into the ip: 84.19.178.6 on a special eth or virtual eth, so i dont have to configure around settings for services etC? 1192629444 M * alex__ ie 84.19.178.6 goes straight to the vserver, and nothing else ;) 1192629445 M * daniel_hozac hmm? 1192629458 M * daniel_hozac just don't run services on the host. 1192629496 M * alex__ right .. :D 1192629514 M * alex__ thx 1192629632 M * alex__ wooteh 1192629639 M * alex__ i is happy :) 1192629666 J * JonB ~NoSuchUse@0x5739c8b4.roennqu1.broadband.tele.dk 1192629671 M * Bertl alex__: hehe 1192629736 M * alex__ now to limit the guests 1192629743 M * alex__ just to rescrape: 1192629747 M * JonB hey alex__ 1192629754 M * alex__ i can limit cpu usage ? and also memory / disk usage? 1192629761 M * daniel_hozac yes. 1192629782 M * alex__ hi JonB :) 1192629865 M * alex__ daniel_hozac, is that easily done via the virtual dameon? 1192629875 M * daniel_hozac huh? 1192629917 M * alex__ VServer Control Daemon 1192629931 M * daniel_hozac well, uh, i guess so. 1192629943 M * daniel_hozac but you're using util-vserver, no? 1192629943 M * alex__ cool, does anyone here use it? 1192629964 M * alex__ yeah i am, 1192629964 M * daniel_hozac vcd and util-vserver are pretty much the same thing, just different. 1192629981 M * Bertl I would assume Hollow is doing so ... 1192630013 M * daniel_hozac alex__: what do you think vcd is? 1192630070 Q * JonB Quit: This computer has gone to sleep 1192630071 M * alex__ ah,, hmm i think it was something along the line of a webfrontend? 1192630081 M * daniel_hozac no... 1192630096 M * alex__ gah ok 1192630125 M * alex__ anything out there that is ? 1192630147 M * daniel_hozac OpenVCP, OpenVPS... 1192630185 M * alex__ excellent thanks mate :) 1192630196 M * alex__ hmm im not sure if my vserver-utils is up to date 1192630207 M * alex__ km31919:/# vserver --version 1192630207 M * alex__ vserver 0.30.214 -- manages the state of vservers 1192630212 M * alex__ o_O? 1192630283 M * daniel_hozac topic says that's the latest... 1192630355 J * JonB ~NoSuchUse@0x5739c8b4.roennqu1.broadband.tele.dk 1192630426 M * alex__ hmm 1192630432 M * alex__ ok thanks :) 1192630623 M * alex__ wb Johnsie 1192630627 M * alex__ JonB :) 1192630830 M * JonB alex__: did you get it working? 1192630895 M * alex__ JonB, yes !! :D :D 1192630908 M * alex__ with the awesome help of Bertl and daniel_hozac and friends 1192631024 M * Bertl a good time to bring up http://linux-vserver.org/Donations I guess :) 1192631198 M * JonB Bertl: hahahaha 1192631212 M * JonB Bertl: it's the best time 1192631255 M * daniel_hozac Bertl: so back to COW, what is your theory, and how would the renaming locking solve it? 1192631269 M * Bertl my theory is that the dentries get stale 1192631302 M * Bertl i.e. the rename of the first process invalidates the dentry 1192631324 M * Bertl then the second one uses the 'wrong' entry 1192631344 M * daniel_hozac ah... 1192631354 M * Bertl keeping a reference on the dentry doesn't help much there 1192631374 M * Bertl btw, it might be interesting to lock on the parent dentry somehow 1192631386 M * Bertl (as alternative to the filesystem locking) 1192631423 M * daniel_hozac wouldn't that be equivalent to grabbing the directory's sem? 1192631431 M * daniel_hozac or, mutex rather. 1192631472 M * Bertl well, yes 1192631607 M * speedy how do you compare openvz to vserver? 1192631621 M * Bertl usually not at all :) 1192631633 M * speedy today i got rid of openvz 1192631647 M * speedy i had 4 of my servers kernel panic'ed! 1192631675 M * speedy some of them were idle 1192631692 M * speedy doing nothing with no VPS's 1192631882 Q * speedy Quit: lunch time 1192632235 M * ay I've never had vserver die on me. But Somethimes they are quite hard to get rid of. 1192632247 M * Bertl lol 1192632412 M * harry wiiiiii... /me will start on a new grsec+vserver patch :) 1192632419 M * harry for 2.6.23 series 1192632426 M * harry i hope that kernel is any good... 1192632429 M * harry really do... 1192632446 M * daniel_hozac you're aware that vserver for 2.6.23 is nowhere near ready, right? 1192632468 M * Bertl and it doesn't have a high priority right now :) 1192632480 M * epicbjorn :( 1192632483 M * harry ah 1192632486 M * harry i wasn't 1192632487 M * JonB Bertl: what does have a high priority for you then? 1192632493 M * harry so i should stick to 2.6.22 then 1192632504 M * harry just upgrade to 2.2.0.4 1192632509 M * Bertl JonB: atm, fixing the CoW issues 1192632688 J * pmenier ~pmenier@LNeuilly-152-22-72-5.w193-251.abo.wanadoo.fr 1192632688 M * harry daniel_hozac: i don't remember: do you have an interdiff for 2.2.0.3 - 2.2.0.4 ? 1192632700 M * daniel_hozac yep. 1192632716 M * alex__ anyone use openvcp? 1192632720 M * harry for 2.6.22? ;) 1192632738 M * daniel_hozac for all 2.2.0.4s. 1192632759 M * Bertl JonB: also very high priority for me has all the stuff OLPC requires (regarding Linux-VServer) 1192632782 M * harry super 1192632784 M * harry url? 1192632798 A * ay played with one of those One Laptop Per Child thingys. 1192632799 J * dowdle ~dowdle@scott.coe.montana.edu 1192632803 M * JonB Bertl: you get paied for that part, right? 1192632809 M * Bertl JonB: yep 1192632828 M * dowdle Good morning/evening. What's new? 1192632845 M * Bertl a tricky CoW Link breaking race 1192632880 M * dowdle Races (conditions) aren't fun especially if they are tricky. 1192632885 M * daniel_hozac harry: http://people.linux-vserver.org/~dhozac/p/k/delta-2.6.22-vs2.2.0.3-vs2.2.0.4.diff 1192632886 M * Bertl well, actually it's not new, but that we know about it is 1192632932 J * speedy ~speedy@home.speedy.org 1192632947 M * Bertl wb speedy! 1192632965 M * speedy thanks bertl 1192632994 M * alex__ how long has vserver project been alive for? 1192633012 M * Bertl more than four years now 1192633019 M * mnemoc just 4 yours? 1192633024 M * mnemoc err, years* 1192633033 M * alex__ cool, Bertl you found her? 1192633037 M * alex__ founded 1192633042 M * Bertl well, if the early jail attemts are counted too, then probably longer 1192633061 M * Bertl the basic idea and work was done by Jacques Gelinas 1192633122 M * mnemoc Bertl: at least eh mail archives has mails from 2001 1192633144 M * Bertl time flies by ... 1192633149 M * mnemoc yup 1192633156 A * mnemoc feels old :( 1192633171 M * alex__ replace old with young 1192633178 M * alex__ feel much better :) 1192633183 M * mnemoc :) 1192633220 M * mnemoc when i take my daughters to school i feel happy, but not young :p 1192633241 M * JonB Bertl: didnt jacques copy the idea from someone else? 1192633261 M * Bertl yes, from BSD jails, AFAIK :) 1192633274 M * JonB Bertl: and where did they copy it from? 1192633295 M * Bertl no idea, you investigate and tell us ... 1192633342 M * JonB Bertl: okay, i'll try to ask PHK next time i see him 1192633861 M * alex__ newb question: what is the GnuTLS PHP Module: modphp-gnutls-0.3-rc1.tar.gz - part of openvcp ? 1192633875 M * alex__ not sure that gnutls is... >< 1192633906 M * alex__ some sort of security layer 1192633925 M * speedy do i have to stop VPS before copying? 1192633954 M * speedy i'm going to duplicate a VPS 1192633978 M * Bertl daniel_hozac: okay, I'm going to upload my attempts so far, and try a different approach, please have a look at it nevertheless, maybe you get a good idea :) 1192633990 M * Bertl daniel_hozac: i.e. this approach didn't work out for me :) 1192634192 M * dowdle speedy: You can rsync it while running, then shut it down do a second rsync (which is much faster), and then start it back up again... to minimize downtime. 1192634464 M * alex__ hmm is there anyway via debian to downgrade to a previous version of a package, i need to downgrad util-vserver from 0.30.214 too 0.30.213 1192634470 M * alex__ via apt-get 1192634575 M * Bertl daniel_hozac: http://vserver.13thfloor.at/Experimental/delta-cow-test01.diff 1192634652 M * speedy dowdle, you are here too! thanks 1192634677 M * ema alex__: http://packages.debian.org/etch-backports/util-vserver 1192634722 M * speedy alex__ which version of debian you're running 1192634780 Q * hardwire Quit: Coyote finally caught me 1192634817 M * speedy dowdle, its in the same server, i did vserver vs2-lsm3 build -m skeleton --hostname myhost.domain.com --interface eth0:69.61.36.241/26 1192634847 M * speedy then cp -ru /var/lib/vservers/vs1-lsm3 /var/lib/vservers/vs2-lsm3 1192634856 M * alex__ speedy, etch 1192634877 M * speedy alex__ how did you get 0.30.214 with etch? 1192634889 M * speedy backports? 1192634896 M * Bertl speedy: you should be able to use the rsync or clone build method 1192634901 M * alex__ speedy, ya 1192634918 M * harry Bertl: there? 1192634932 J * hardwire ~bip@rdbck-3588.palmer.mtaonline.net 1192634940 M * harry small performance patch if you want.. 1192634957 M * harry in mm/mmap.c 1192634961 J * hparker ~hparker@linux.homershut.net 1192634961 M * Bertl let's see ... 1192634966 M * harry there is this "patch piece" 1192634970 M * harry + if (security_vm_enough_memory(len >> PAGE_SHIFT) || 1192634970 M * harry + !vx_vmpages_avail(mm, len >> PAGE_SHIFT)) 1192634985 M * harry it's better to not use len >> PAGE_SHIFT three 1192634989 M * harry but charged instead 1192635009 M * speedy alex__ you must be on i386 arch, i got 0.30.213 for amd64 from backports, i'm not sure how to downgrade, maybe you can remove the package and manually download the version you want and install 1192635018 Q * JonB Quit: This computer has gone to sleep 1192635047 M * harry if (!vx_vmlocked_avail(mm, len >> PAGE_SHIFT)) return -ENOMEM; 1192635054 M * harry in the same function should be changed 1192635088 M * harry saves you bit shifting every time do_brk gets called (which is a lot ;)) 1192635100 M * harry charged = len >> PAGE_SHIFT; 1192635100 M * speedy Bertl whats clone build method? 1192635106 M * harry is defined before :) 1192635122 M * Bertl harry: okay, will look into that .. tx 1192635203 M * alex__ speedy, im just compiling from source :) 1192635212 M * ema alex__: just download the .deb at the end of the link I gave you and install it with dpkg -i 1192635248 M * Bertl speedy: it 'clones' an existing guest 1192635257 M * harry np 1192635289 M * alex__ ema, looked for it, couldnt find the i386 for it =/ 1192635303 Q * amax 1192635354 J * JonB ~NoSuchUse@0x5739c8b4.roennqu1.broadband.tele.dk 1192635354 M * ema alex__: uh, you're right, for i386 it's at version .214 1192635423 A * harry off for now 1192635445 M * ema alex__: Out of curiosity, why do you need to downgrade? 1192635453 M * alex__ openvcp 1192635476 M * alex__ hmmm while im compiling her im getting: config.status: WARNING: Makefile.in seems to ignore the --datarootdir setting 1192635544 M * alex__ ah well 1192635549 M * alex__ it seems to be ok making it :) 1192635592 J * ntrs_ ~ntrs@79.125.230.44 1192635695 M * Bertl wb ntrs_! 1192635789 M * dowdle speedy: You are correct... I guess the -ru option of cp will help with the unification stuff. 1192635865 M * dowdle speedy: I'm just so used to using rsync for backups and use with other systems. 1192635904 M * speedy dowdle after copying the files, i tried to run the copied vserver but got some errors 1192635923 M * speedy secure-mount: chdir("/tmp"): No such file or directory 1192635941 M * speedy /etc/vservers/vs2-lsm3/fstab:2:1: failed to mount fstab-entry 1192635957 M * Bertl seems that some parts didn't get copied properly 1192635974 M * dowdle speedy: I knowledge of Linux-VServer is somewhat limited... but I've done the copy method myself and if you copy the config dir, there are quite a few files you have to change values in... which is probably why they came with the clone build method... to automate the process. 1192636040 M * speedy dowdle i made the changes with vserver build -m skeleton --hostname ... --interface ... 1192636042 M * dowdle speedy: Let me redo that... I used rsync... and that was before I did unification stuff. I don't know if the unificiation (or perhaps the preferred word, hashify) stuff is involved for you or not. 1192636067 M * dowdle speedy: I've only used the yum build method myself... so you are more advanced than me. :) 1192636082 M * speedy i followed this post http://www.paul.sladen.org/vserver/archives/200610/0060.html 1192636116 M * dowdle speedy: Oh, and I'm half asleep this morning. 1192636125 M * Bertl speedy: is there a reasy why you do not want to use the proper build methods for this purpose? 1192636162 M * Bertl speedy: just curious, I'm always for experimenting :) 1192636172 M * dowdle Bertl: I think it is just an information thing. newbs like us either don't spend enough time reading the docs, or we just haven't found them. 1192636200 M * dowdle found them = the exact pieces we were looking for to do what we wanted to do. 1192636233 J * Julius ~julius@p57B249B9.dip.t-dialin.net 1192636242 M * speedy Bertl i'm installing custom packages, and i want to duplicate that. 1192636242 M * speedy i dont want to go thru the process of installing every time 1192636246 M * dowdle Bertl: So we aren't as familiar with the beauty and eligant design that looms under some of the command line tools. :) 1192636264 M * Bertl speedy: once and again, that is what both, the clone and rsync methods are for 1192636281 M * dowdle speedy: I think you are proving our ignorance for me. hehe 1192636281 M * Bertl speedy: see 'verver - build --help' 1192636316 M * speedy dowdle sorry, i'm not ignoring you i was focused on this issue 1192636345 A * Bertl .o( hmm, this communication is going wrong on so many levels ) 1192636345 M * dowdle speedy: Oh, please ignor me. I'm mostly noise compared to the developers here. 1192636385 M * dowdle Bertl: It's all good. I've run into speedy on the OpenVZ channel so I don't think I'm offending him. 1192636439 A * speedy loves openvz kernel panics 1192636453 M * Bertl hehe 1192636476 Q * gebura Quit: Quitte 1192636495 M * dowdle speedy: If you aren't able to see the F1 virtual console output... on both OpenVZ and Linux-VServer there are a lot of innocuous warnings and error messages... that can be scarey to look at but seemingly of little consequence. 1192636525 M * dowdle speedy: But since you said kernel panic... that usually is a bit more than that, eh? 1192636592 M * speedy dowdle come on, i had 4 openvz host servers crashed today, some of them are idle, and nothing shows in the logs 1192636660 Q * julius_ Ping timeout: 480 seconds 1192636682 M * speedy and openvz is not officially supported with debian 1192636710 M * dowdle speedy: First off, I'm not here to defend OpenVZ (and I'm not saying you said I was)... but just to do so... I've been using it in production for over 1.5 years and I haven't had any problems (except with one kernel build once that was quickly updated and fixed the problem)... and the vast majority of people I've talked to haven't either. But I have run into a handful of folks, usually in environments a lot different than my own, who have had all 1192636710 M * dowdle kinds of problems. 1192636764 M * Bertl I think the clue there is, that OVZ kernels are only tested in the 'binary' configuration on a few system setups 1192636766 M * dowdle speedy: Now having said that, I like Linux-VServer very much too. 1192636787 M * Bertl once you deviate from that configuration, it starts to fall apart ... 1192636818 M * dowdle Bertl: I'm not sure but it sounds like a reasonable deduction. I do know that they have a very large number of people testing stuff... but perhaps they only test certain things. 1192636869 M * speedy dowdle, you were lucky with your distro, and i'm not :) 1192636880 M * Bertl dowdle: a simple test you can do is the follwing: get a recent gcc and the kernel source for OVZ (choose your version) 1192636891 M * dowdle Bertl: Another potential factor, and I don't mean to be inflamatory... is that not everyone is as good as configuring a kernel build as they should be. 1192636907 M * Bertl dowdle: then do 'make allnoconfig' and build the kernel, repeat with 'make allyesconfig' 1192636927 M * dowdle speedy: I stick close to the norm since I'm a RHEL/CentOS user and that seems to be more of their focus. 1192636991 M * dowdle I'd fancy to say, even with daniel_hozac hard work with CentOS/Ferdora stuff (which I only recently learned of), that Linux-VServer is predominantly used by Debian users... and people who prefer to compile things from source. 1192637021 M * dowdle Bertl: I appreciate your comments... but I won't be doing that any time soon. 1192637027 M * speedy great, i'm in the right track 1192637092 M * Bertl dowdle: note that most of the developers are _not_ using debian though :) 1192637128 Q * ag- Remote host closed the connection 1192637142 J * ag- ~ag@fedaykin.roxor.cx 1192637153 M * speedy gentoo i believe ? 1192637157 M * dowdle Bertl: Both have their advantages and disadvantages. I ran into several people who wouldn't even consider OpenVZ binary packages because they are too afraid to stray from stock binary packages offered by the distro. Compiling something from source, especially not produced by the distro makers... would be even a deep level of hell for them. 1192637188 M * Bertl speedy: daniel_hozac is Fedora, Hollow uses Gentoo, I myself use Mandriva 1192637188 M * dowdle Bertl: Gentoo? Or what? (feel free to add that to my questions... oh, did I mention questions? :)) 1192637236 M * dowdle Bertl: Cool. I had no idea. I like diversity! :) 1192637246 M * Bertl we like it too :) 1192637259 J * bonbons ~bonbons@2001:5c0:85e2:0:20b:5dff:fec7:6b33 1192637290 M * dowdle That diversity obviously helps (assuming everyone can gets beyond the added complexity) for a more well rounded and compatible Linux-VServer. dowdle states the obvious. 1192637374 M * dowdle I think if the OpenVZ folks had a few hard core separate from SWsoft developers, it would definitely improve it on its less targeted areas. 1192637416 M * Bertl sure, but who wants to spend time on unreadable code :) 1192637420 M * dowdle I don't really see that happening though. 1192637461 M * dowdle Bertl: You are SO funny... but I don't know any different to refute... and hey, you work hard enough are knowledgable enough to be taken at face value. 1192637475 M * dowdle Bertl: Although I would be surprised to hear that you have looked at it yourself. 1192637502 M * Bertl yes, I have looked at OVZ code and I do look at it every now and then 1192637514 M * dowdle Man, English is my native tough and I'm speaking broken English today. ARGH. Must drink more coffee. 1192637549 M * dowdle Bertl: I'm glad to see that. Once, before I knew who you were... I mentioned to you that rather than asking questions, you should install it and try it out and that would be the best way to learn about it... but you weren't interested. 1192637571 M * dowdle That was a very brief period of time... so I don't think I got a good picture. 1192637573 M * Bertl I know the code, I'm not going to run it :) 1192637591 M * speedy vserver vs2-lsm3 build -m clone -d etch --source vs1-lsm3 --hostname myhost.mydomain.com --interface eth0:69.61.36.241/26 1192637597 M * speedy is that correct? 1192637613 M * dowdle Bertl: Well, shame on you. Operation and functionality and documentation are a big part... from us lowly users... and it would be a good idea to check out those factors too. 1192637613 M * daniel_hozac no. 1192637618 M * speedy i want to make a copy of vs1-lsm3 to vs2-lsm3 1192637646 M * dowdle Bertl: But shame on me for not compiling my own kernel yet... and not having found time to get deeper into Linux-VServer. 1192637650 M * daniel_hozac speedy: move -d etch and --source to the end, and prepend that with a --. 1192637664 M * Bertl dowdle: maybe to end the OVZ discussion for today, a detail you probably do not know yet (although you had a chat with the maintainer :) 1192637690 A * dowdle listens/reads 1192637721 M * speedy thanks daniel_hozac 1192637730 M * Bertl dowdle: SWsoft came visiting me (half a year or more) before OVZ was released, and asked me if I wouldn't be interested in maintaining OVZ for them (of course, I would have had to stop working on Linux-VServer :) 1192637756 M * dowdle Bertl: Did you go for it? (asking stupid question) 1192637774 M * Bertl dowdle: well, you can figure the answer for that yourself :) 1192637782 M * dowdle Bertl: Hey, looks like they go for the best. Kinda reminds me when Steve Jobs went after Linus. 1192637809 M * Bertl dowdle: yes, I still consider it an honor that they came 1192637823 M * dowdle Bertl: I think that would have been interesting though... because you could have forked the code base and turned OpenVZ into Linux-VServer ++. :) 1192637868 M * Bertl in my opinion Linux-VServer is much better than OVZ++, but hey, diffent purpose ... 1192637880 M * dowdle Bertl: Oh, and maybe their code makes perfect sense to them. I know your own code makes a lot more sense to you, right? 1192637905 M * Bertl dowdle: I'm used to reading kernel code (not written by myself) 1192637918 M * dowdle Bertl: It's kinda like evaluating chilidren of girl friends. One isn't really better or worse than another (although that isn't always true in the real world with crazy people), but they are just different. 1192637953 M * dowdle Bertl: Sorry to drag out the discussion but you keep pulling me deeper in. 1192637956 A * speedy is happy with linux-vserver 1192637996 M * JonB Bertl: does openvz have copy on write? files? 1192637997 M * dowdle Bertl: I don't know if you've noticed but I have been bringing up Linux-VServer as an option in the #openvz channel (on freenode) some. 1192638010 M * dowdle JonB: No. 1192638015 M * daniel_hozac Bertl: what did the OUT_DENTRY outputs show? 1192638027 M * JonB dowdle: okay, but that checkpointing does look nice 1192638030 M * Bertl dowdle: don't let the maintainers catch you ... 1192638031 M * daniel_hozac Bertl: i mean, was it obvious that at some point, the dentry got incorrect? 1192638045 M * Bertl yes, let me upload the data 1192638082 M * dowdle Bertl: Hey, I haven't heard them say anything bad about Linux-VServer nor anything much when it is mentioned... so I don't think that'll be a problem... but if ever so, I'll deal with it. 1192638092 M * Bertl daniel_hozac: hm, didn't I already do that? 1192638114 M * daniel_hozac not that i saw... might've missed it. 1192638126 M * Bertl ah, no, that was before them, sec 1192638127 M * dowdle Bertl: And of course, I'm just so happy to provide some content for my site about Linux-VServer real soon now. :) 1192638150 M * dowdle But it is like code... its done when it is done. 1192638163 M * Bertl daniel_hozac: http://paste.linux-vserver.org/6994 1192638184 M * Bertl dowdle: exactly, and as sorry as I am, currently the code has priority 1192638189 M * JonB Bertl: do you know if OLPC considered openvz as well as your vserver? 1192638213 M * Bertl JonB: don't know, you have to ask neuralis for that 1192638223 M * JonB Bertl: okay 1192638223 M * dowdle Bertl: No need to be sorry. I'm just happy to have your consideration. 1192638242 M * Bertl dowdle: it's definitely on my todo, no worries 1192638293 M * daniel_hozac Bertl: okay... do we know what's changing the name yet? 1192638302 M * ntrs_ Bertl, sorry I missed the discussion. What's on your todo list? 1192638303 M * daniel_hozac i remember reading the code that does it, i just cannot for the life of me remember where. 1192638319 M * Bertl daniel_hozac: no, but I assume the dentry is just disposed, but nothing definitive there 1192638331 M * dowdle Bertl: I hope you are better at your todo list than I am. Or else I'm in trouble. :) I should have also asked... how do you guys spend so much time in IRC and active... don't have you have to make a living or is someone paying you... and Linux-VServer is part of your job? Or are you independently wealthy/middleclass? 1192638339 M * Bertl ntrs_: answering dowdle's questionaire ... 1192638358 M * ntrs_ I see. Thanks. 1192638400 M * dowdle ntrs_: I would share the URL with you but I don't want to spoil the surprise. Of course there are those IRC logs from a while ago. 1192638471 M * ntrs_ dowdle, I have no idea what you are talking about, but ok. I will enjoy the surprise when it happens. 1192638481 M * dowdle I believe I'm getting in the way of your development today... so I'll step aside... and drink more coffee. You know how tired people are... they can have diarea(sp?) of the mouth. 1192638491 M * JonB Bertl: http://209.85.135.104/search?q=cache:-nJlltHXXtYJ:www.fsfe.org/it/fellows/rca/from_out_there/(tag)/openvz%2520linux-vserver%2520virtualization+openvz+linux-vserver&hl=en&ct=clnk&cd=2&client=firefox-a 1192638522 M * Bertl dowdle: neither nor I'd say, but a) luckily I can do more than one thing at a time, and b) I'm working as IT consultant, so I can (to some extend) make Linux-VServer my 'work' :) 1192638529 M * daniel_hozac Bertl: i guess it doesn't matter. it's obvious we need some kind of locking... 1192638548 M * speedy i'm going to stress test vserver this week 1192638559 M * Bertl daniel_hozac: yep, I'm currently trying to do what the rename does (just adjusted to our case) 1192638620 M * dowdle Bertl: I plan on writing up my own take on Linux-VServer vs. OpenVZ a week or so after the interview comes out... and discuss mainly what I've learned about both of them. It won't be a one is better than the other kinda thing... but basically how they differ in features... and somewhat in focus and community... and that picking either would be a good idea. 1192638654 M * daniel_hozac Bertl: a separate superblock-wide lock, or reusing the same one? 1192638666 M * speedy dowdle wait for my review :) 1192638672 M * dowdle "Developers Funny Austrians Creepy Russians" FUNNY. 1192638682 M * Bertl daniel_hozac: reusing the same one for the rename, but trying to get away with locking for the splice 1192638697 M * dowdle speedy: You wanna write one up... I'd love to slap it on my site. 1192638722 M * daniel_hozac Bertl: is the splice the problem? i thought vfs_rename was our problem. 1192638732 M * daniel_hozac i.e. i don't see how locking around splice protects the dentries. 1192638742 M * speedy dowdle i wish i have the time to write one 1192638749 M * alex__ can someone download test this for me and tell me what speeds they get: http://87.118.112.90/apache2-default/test.iso 1192638755 M * alex__ mainly interested in USA speeds 1192638774 M * dowdle speedy: Do a google search for the source code to time, and then make it... after you configure it of course. 1192638788 M * daniel_hozac alex__: i got about 9 MiBps top. 1192638795 M * daniel_hozac (from Sweden) 1192638799 M * speedy if i'm gonna write, i'm gonna write a story about deploying vserver to serve online gaming application 1192638811 M * alex__ 9megs /secs? 1192638816 M * alex__ or 9 megabit?:) 1192638823 M * daniel_hozac mebibytes. 1192638826 M * dowdle speedy: Argh... online gaming. Gaming being the nice word for gambling, right? 1192638827 M * alex__ coolies 1192638841 M * speedy dowdle not true 1192638848 M * dowdle speedy: Glad to hear. 1192638861 M * dowdle speedy: I had a brain fart there for a second. 1192638875 M * speedy lol 1192638875 Q * lilalinux Remote host closed the connection 1192638875 A * dowdle wonders if there should be a #vserver-social channel? 1192638910 M * Bertl daniel_hozac: I'm pretty sure that we are only seeing one race here, so I try to extend the locking as far as possible 1192638925 M * Bertl daniel_hozac: after all, we somewhat consider the cow link breaking atomic 1192638939 M * dowdle That article about Linux-VServer vs. OpenVZ is hysterical... to me anyway. 1192638981 M * daniel_hozac yeah... if we could down the old's i_mutex right after looking it up, i think that would be the right thing to do. 1192639011 M * daniel_hozac so doing a variation thereof would be fine. 1192639063 M * Bertl dowdle, JonB: lol @ article 1192639095 M * dowdle JonB: Here's the direct link to the article rather than a google cached version: http://www.fsfe.org/it/fellows/rca/from_out_there/from_zero_to_virtualization_linux_vserver_vs_openvz 1192639122 M * fb alex__: 11.23M/s 1192639164 M * Bertl I had a good laugh at the debian part :) 1192639189 A * hparker peers around for creepy Russians 1192639225 M * Bertl and they are definitely right about the documentation, I wish somebody would put serious work into that (besides daniel_hozac and myself) 1192639256 M * hparker mmmmkay, no spies hanging out here 1192639264 M * alex__ where you from fb? 1192639266 M * speedy glad that i got rid of my enemy 1192639271 M * dowdle I think they are right on on the documentation... and I blame people like myself who haven't given you developers the backup and help the website needs. You developers have been pulling all the weight... although not being too familiar with others in your development community, perhaps there is someone I could blame. 1192639318 M * dowdle Oh, and OpenVZ documentation has a ways to go too. 1192639328 M * fb alex__: the matter is where's the host located ;) 1192639334 M * fb alex__: it's in poland 1192639356 M * alex__ host is in germany 1192639360 M * JonB Bertl: how different are the 2 approaches? 1192639367 M * speedy Bertl i will be happy to help 1192639386 M * dowdle To reword, the documentation you have is great at what it documents... but new users are whiney babies who want their hand held and a free meal. 1192639442 M * fb alex__: full 100Mbit, nice throughput 1192639452 M * alex__ fb, thanks :) 1192639462 M * dowdle I'm not sure I want an illustrated swimsuit edition... although from behind, with all that hair Bertl might be confused for babe. 1192639467 A * dowdle has long hair too. 1192639483 M * JonB dowdle: some people are into that kind of stuff 1192639486 M * daniel_hozac we have the ideas for how to write the documentation, but nobody has acted on it yet... myself included. 1192639512 A * dowdle ads... from a distance that is 1192639518 M * dowdle errr adds 1192639539 M * fb alex__: today we upgraded first of our uplinks to 10G :D 1192639561 M * alex__ fb, nice :) 1192639569 M * alex__ fb, how about some ssh loving for me? 1192639572 M * alex__ :P 1192639639 M * dowdle Well, I haven't gotten kicked so I'm ok I guess. 1192639653 M * dowdle Hmmm, getting kicked is fine... just not banned. 1192639837 M * fb anybody knows where to find quick-and-painless introduction to subversion? for very impatient, preferably ;) 1192639860 M * JonB fb: read their book 1192639931 M * daniel_hozac svn co ; svn ci; svn add; svn rm; svn cp... 1192639960 M * dowdle fb: I don't know about quick... but the subversion people have a free book. 1192639986 M * dowdle fb: What aspecked of subversion are you wanting to quickly learn? Using it as a developer or setting it up as a server admin? Or integration with Apache? 1192640250 Q * JonB Quit: This computer has gone to sleep 1192640290 M * fb dowdle: http://gentoo-wiki.com/HOWTO_Subversion <-- i'm not gentoo user, but i think there's everything i needed :) 1192640295 M * fb dowdle: thank you! 1192640371 Q * pmenier Quit: pmenier 1192640441 A * dowdle drinks coffee and shuts up. 1192640543 M * fb dowdle: generally, i misunderstood what trac is for 1192640977 M * speedy for having correct time on all host/guests systems? shall install ntpd for every guest server or just 1 ntpd on host system, and tzconfig on guests? 1192640996 Q * Piet Quit: Piet 1192641004 M * daniel_hozac the latter. 1192641031 M * speedy thanks daniel_hozac 1192641065 M * dowdle speedy: As the other way won't work without some permission grants to the VPS I think. 1192641103 M * daniel_hozac and CONFIG_VSERVER_VTIME. 1192641112 M * Bertl dowdle, sppedy: there is time virtualization, which allows you to adjust the time separately, but it doesn't make sense if you want just the 'right' time 1192641150 M * dowdle Bertl: Are you familiar with how broken time is (or maybe that pain is gone with updates) in VMware. 1192641168 M * dowdle Opps, nevermind. I'm not going to open up another can of worms. (more coffee) 1192641212 M * speedy Bertl great 1192641285 M * Bertl dowdle: I've heard that VMware(tm) does all kind of funny things .. never used it though, as they didn't provide the source code :) 1192641356 M * dowdle Bertl: If you compare it to Parallels, you'd think they got the source code to VMware. :) 1192641370 M * dowdle Bertl: There's always VirtualBox... I think that's the name of it. 1192641393 M * daniel_hozac qemu rul3z! 1192641398 M * Bertl second that! 1192641473 M * dowdle daniel_hozac: And you actually use qemu in production for virtual machines? 1192641479 M * fb dowdle: i used to use rcs for my projects, but now with more devs this would be, erm, rather unpractical ;) 1192641487 M * Bertl dowdle: I use it for kernel debugging, right now 1192641490 M * dowdle Being open source I'm sure it's source code is well massaged. 1192641490 M * daniel_hozac no, i use qemu for testing. 1192641509 M * daniel_hozac for production i use nothing but Linux-VServer. 1192641517 M * Bertl second that! 1192641521 M * dowdle fb: All of the kernelie guys seem to use git. 1192641532 M * speedy virtual box is based on qemu 1192641540 M * dowdle I third that. Wait... no I don't. 1192641543 M * Bertl except for a small town in Austria ... 1192641551 M * dowdle I use nothing but... lots of things. 1192641577 M * dowdle Source to VirtualBox is available... as I understand it. 1192641630 M * dowdle daniel_hozac: So there's a Windows version of Linux-VServer? 1192641633 A * dowdle ducks 1192641648 J * JonB ~NoSuchUse@0x5739c8b4.roennqu1.broadband.tele.dk 1192641709 M * daniel_hozac dowdle: why would i want to emulate games? 1192641732 M * daniel_hozac or rather, virtualize them. 1192641739 M * daniel_hozac i can only focus of one of them at a time any way. 1192641916 M * Bertl daniel_hozac: okay, making some progress here 1192641921 M * daniel_hozac yeah? 1192641943 M * Bertl daniel_hozac: putting the rename mutex around the splice to rename area fixes it 1192641956 M * daniel_hozac so splice is needed too? 1192641959 Q * ema Quit: leaving 1192641966 M * Bertl that is what I'm going to test now 1192641977 M * Bertl definitely the 'rename' itself is not enough 1192641997 M * Bertl btw, I'm a little confused regarding the inode locks 1192642014 M * Bertl it seems we are already holding a lock on the 'original' 1192642043 M * daniel_hozac oh really? 1192642064 M * Bertl well, all attempts to lock the inode, resulted in recursive locking warnings/hangs 1192642108 M * Bertl was hoping for a nested locking option 1192642112 M * daniel_hozac i_mutex of i_lock? 1192642117 M * daniel_hozac s/of/or/ 1192642122 M * Bertl the mutex 1192642201 M * Bertl maybe we should try again to lock the dir 1192642218 M * Bertl I have the feeling that should be possible 1192642238 M * Bertl s/lock/mutex/ 1192642310 M * Bertl nope, excluding the splice gives the same result 1192642327 M * Bertl so I think the splice is actually the cause for the dentry change 1192642396 M * daniel_hozac i'm more inclined to believe that splice just happens to might_sleep() a lot, or something along those lines. 1192642446 M * daniel_hozac i.e. the likelyhood might decrease, but i think the problem would still be there. 1192642702 M * Bertl could be 1192642729 M * Bertl but for my test, 5 chars are unlikely to take long 1192642824 M * daniel_hozac yeah... 1192644016 J * balbir ~balbir@59.178.39.4 1192644313 J * coderanger_ ~coderange@taz-10.dynamic2.rpi.edu 1192644493 M * Bertl wb coderanger_! 1192644502 M * coderanger_ Alo 1192644511 M * speedy vserver is wonderful! i'm running 3 VPS each with java game server all of them taking total of 1.6GB RAM, while when i run it in standalone server it takes 815MB of ram multiplying that by 3 is 2.4G 1192644557 M * dowdle speedy: That's OS vs machine virtualization in action. 1192644593 M * ruskie hmm couldn't you compile those java game servers with gcj into something that would possibly use less mem as well? 1192644596 M * speedy i'm saving 800MB 1192644599 M * daniel_hozac Bertl: i don't see what would lock i_mutex. i've been through the splice code, and i don't see what could change the dentry... so either i've gone blind, or the issues are elsewhere :) 1192644632 Q * rorem- Ping timeout: 480 seconds 1192644646 M * speedy ruskie I havent tried, how much ram i'm gonna save by compiling with gcj? 1192644664 M * ruskie speedy, considering it compiles into native code... 1192644671 M * ruskie you should give it a try 1192644676 M * ruskie it might of course completly not work 1192644685 M * ruskie but it's worth a try if it can improve 1192644707 M * speedy i will try that ruskie, thanks for the tip 1192644709 M * dowdle ruskie: Isn't most of GJC mostly dead now (other than the libraries) because of OpenJDK? 1192644713 M * ruskie no 1192644722 M * ruskie it's still proprely developed 1192644732 M * ruskie and last I checked there was no true openjdk... 1192644737 M * ruskie only some bits 1192644741 M * dowdle ruskie: Yes, but the writing is on the wall. 1192644746 M * daniel_hozac that also doesn't support ppc. 1192644756 M * ruskie also openjdk doesn't compile native code 1192644774 M * ruskie I've been having more and more success lately with gcj... 1192644782 M * dowdle ruskie: Good to hear. 1192644794 M * ruskie with gcj 4.3 there most likely won't be much need for any java vm... 1192644804 M * ruskie other than java applets and proprietary stuff 1192644883 M * daniel_hozac why would anyone use Java for anything else? :) 1192645059 M * ruskie daniel_hozac, I use it for me college coding classes 1192645067 M * ruskie since that's the only thing we have available 1192645097 M * ruskie so gcj is a good solution 1192645124 M * ruskie and the professor at the first class asked me... we said java not c... so I show him the source and how to compile :) 1192645140 M * ruskie needles to say I passed that class by being half asleep most of the time :) 1192645166 J * rorem- ~roremtank@bzq-219-46-202.isdn.bezeqint.net 1192645181 J * ntrs__ ~ntrs@79.125.254.248 1192645182 M * ruskie java still has buzzword status around here... 1192645200 M * ruskie so they teach it to people who don't even hav a clue what a command prompt is etc... 1192645380 M * speedy what happens if one of the vps servers is crashes? 1192645400 M * speedy while having 3 servers with shared libraries 1192645471 M * daniel_hozac crashes the kernel, or in userspace? 1192645489 M * ruskie hmm what's the status of .23 support? working or highly testing? 1192645504 M * daniel_hozac no. 1192645505 M * daniel_hozac :) 1192645519 M * ruskie erm... no? 1192645522 M * speedy kernel crash will have all servers down, userspace? 1192645527 M * ruskie no for both I take it then :) 1192645543 M * daniel_hozac it's missing features, and the most recent patch won't compile (trivial fixes though). 1192645550 M * ruskie ahh 1192645559 M * ruskie I guess I'll wait a little longer then :) 1192645561 M * daniel_hozac and add to that that it's completely untested :) 1192645578 M * ruskie well I don't rely on it 1192645597 M * daniel_hozac speedy: that process will crash, nothing else. why? 1192645613 M * ruskie still only testing it here and there with various chroots and stuff... 1192645620 Q * ntrs_ Ping timeout: 480 seconds 1192645658 M * daniel_hozac speedy: what were you expecting? 1192645698 M * speedy i just wanted to know what could happen to other servers 1192645945 M * speedy is there a vlsof? :) 1192645980 M * daniel_hozac nope. 1192645982 M * Bertl note yet 1192645985 M * Bertl *not 1192645986 M * daniel_hozac chcontext --xid 1 lsof 1192646103 M * JonB daniel_hozac: what about chcontext --xid 1 netstat ? 1192646110 M * daniel_hozac no. 1192646117 M * daniel_hozac chbind --nid 1 netstat. 1192646124 M * JonB okay 1192646162 Q * matled Quit: leaving 1192646217 Q * duckx Remote host closed the connection 1192646244 J * duckx ~Duck@tox.dyndns.org 1192646389 M * dowdle Maybe this is old news... but just learned of "Thinstall" which appears to be wine packaged up for use on Windows, Linux and Macs... in such a way where an application can be packaged up as a single .exe which includes a complete wine environment and data sandbox. They call it "Application Virtualization". The application package contains the complete environment it needs to run without installing anything. 1192646970 Q * JonB Quit: This computer has gone to sleep 1192647726 J * Piet ~piet@tor.noreply.org 1192647911 M * ruskie dowdle, sounds fun... to bad most people I know really don't care to run win apps on a regular basis :) 1192647947 M * Bertl yeah, no idea why somebody would want that ... 1192647989 M * ruskie virtual turnkey appliance I can actually understand... but apps packaged that way... seriously... 1192648200 M * ruskie though with the stability and security of windows... it could improve it... ;) 1192648230 M * dowdle ruskie: It also helps windows users. Imagine being able to use Wine to run non-Vista compatible apps on Vista. :) 1192648238 M * dowdle Poor Windows users. 1192648246 M * ruskie if you could run wine in the first place :) 1192648434 J * meebey meebey@booster.qnetp.net 1192649805 M * Bertl daniel_hozac: the best I can come up with atm: http://vserver.13thfloor.at/Experimental/delta-cow-fix16.diff 1192649821 M * brc Hello Bertl! Regarding those bug i found. Is the only way to get another vps up rebooting ? Any other working? This is a productin server :( 1192649865 M * Bertl brc: care to remind me which bug that was? 1192649921 Q * balbir Ping timeout: 480 seconds 1192649962 M * brc Bertl: vcontext: vc_ctx_create(): Cannot allocate memory 1192650036 M * Bertl well, probably you are fine if you shut down another guest 1192650046 M * Bertl (should free up the resources) 1192650072 M * brc Does it have to do with the number of guests or mrmory? 1192650122 M * Bertl if it is, what we concluded so far (per CPU room exhaustion) 1192650132 M * Bertl then it is directly related to the number of guests 1192650403 M * brc hmm so i cant exceed 45 guests. is that it ? 1192650409 M * brc That makes sense 1192650424 M * brc thats why changing memory settings (limits) do not make any difference but stopping one and starting another makes it work 1192650436 M * Bertl it would appear like that, note that you seem to be the only one with this limit atm :) 1192650450 M * brc hehehe consider me i am a HEAVY USER 1192650465 M * brc So i am always finding stuff :) 1192650482 M * Bertl which is considered very good and appreciated 1192650508 M * Mitch_Bradley Bertl: did you discover the mechanism for the filename corruption? I see that you have a proposed patch. 1192650537 M * Bertl Mitch_Bradley: well, I know how to prevent it, and I have a good idea what actually happens 1192650556 M * Bertl Mitch_Bradley: but I'm not sure it is related to what you folks have been seeing 1192650568 M * Mitch_Bradley I would be very interested to know what you think is happening 1192650584 M * Bertl Mitch_Bradley: I think the best approach is to give the patch a spin, and see if it fixes it for you 1192650615 M * Bertl what we figured so far is that the CoW link breaking, which uses splice and then rename 1192650652 M * Mitch_Bradley Bertl: unfortunately, the issue is not 100% reproducible. I tried a fresh reload of the OS image - clean wipe - twice today, and neither time did the problem show up. 1192650655 M * Bertl when executed more than once on the same dentry (end of the link) will use an already obsoleted dentry for the second move 1192650680 M * Mitch_Bradley Bertl: where does the dentry get obsoleted? In rename? 1192650688 M * Bertl which at least here, results in an error (not filesystem corruption) 1192650718 M * Bertl no, actually the splice seems to be the one obsoleting the dentry 1192650755 M * Mitch_Bradley do you know where in splice? I looked through do_splice_direct and didn't see anything that would invalidate a dentry 1192650780 M * Bertl no haven't goten to identify the exact location 1192650787 M * Mitch_Bradley I can see why rename might invalidate a dentry, but splice, I'm not sure. 1192650815 M * Bertl the thing is, I did put the rename under a mutex 1192650829 M * Bertl but that didn't fix it 1192650851 M * Mitch_Bradley but it could be a subtle interaction between memory usage of splice and the timing of dentry invalidation. 1192650870 M * Bertl sure, as I said, I haven't figured the exact details yet 1192650903 M * Mitch_Bradley when you say "error (not filesystem corruption)", what exactly do you mean? How does the error manifest? 1192650930 M * Bertl the rename with the 'invalid' dentry fails on ext2/3 1192650942 M * Mitch_Bradley Oh, okay. 1192650954 M * Bertl it might cause some corruption on jffs2 1192650972 M * Mitch_Bradley but that is not predictable, because the filename might happened to be changed to some string that is syntactically valid 1192651002 M * Bertl yep, the proposed fix is correct in any case, as we consider the CoW link breaking somewhat atomic 1192651035 M * Bertl I'm not sure about the performance implications on 'heavy linkbreaking' 1192651049 M * Mitch_Bradley if the filename is getting munged in random ways, the final result can be many different things. If nulls get inserted, jffs2 goes nuts. if junk that ext2/3 notices gets inserted, the rename fails. If "valid" junk gets inserted, the name changes to something goofy. 1192651118 M * Mitch_Bradley So I'm of the opinion that this is the root cause of what we are seeing, it just shows up in different ways depending on what happens to be in the bogus memory. 1192651156 M * Bertl yes, could be, still the question holds, why are multiple processes breaking the very same link? 1192651209 M * Mitch_Bradley I'm not surprised that a mutex around just the rename is ineffective, because the second process could already be holding the dentry before the first one gets to the rename step. 1192651220 M * daniel_hozac i agree. 1192651257 J * CWC ~CWC@89-215-37-177.2073053861.ddns-lan.pl.ekk.bg 1192651258 M * Mitch_Bradley re why multiple processes are breaking the same link, that is a good question. 1192651262 M * Bertl well, for the rename case it _is_ sufficient 1192651306 M * Mitch_Bradley suppose that process 2 gets to may_open() before process 1 has succeeded in renaming. 1192651330 M * Mitch_Bradley I have been looking at the modprobe source code. 1192651366 M * Mitch_Bradley It opens the .ko file R/W, in case it needs to do --force to overwrite version information in the file. 1192651398 M * Bertl okay, that will break the link 1192651431 M * daniel_hozac i'm kinda curious as to why kernel modules are linked at all :) 1192651450 M * Bertl but what is the second process opening the same file for write? 1192651458 M * Mitch_Bradley It then gets a write lock via fcntl(fd, F_SETLKW...), but there is a window during which another instance of modprobe might also open the file. 1192651501 M * Mitch_Bradley Bertl: I'm not sure. I'm having a really hard time discovering where the joydev.ko dependency comes from. 1192651549 M * Mitch_Bradley I suppose that there could be two different other modules that both depend on joydev.ko 1192651590 M * Bertl but wouldn't that mean that two modprobes are running? 1192651596 M * Mitch_Bradley the dependency could be coming from the kernel modload, or from udev, or from explicit modprobing in rc.sysinit 1192651626 M * Mitch_Bradley Bertl: I suppose that two modprobes could be running. modprobing happens all over the damn place. 1192651641 M * Mitch_Bradley I long for the predictability of BSD startup scripts. 1192651667 M * Mitch_Bradley There was a time when I actually understood how Unix worked, in gory detail. 1192651678 M * Bertl IMHO udev should be reduced to handling hot-plugged devices in the OLPC case, but that is a different issue :) 1192651688 M * Mitch_Bradley Bertl: I entirely agree. 1192651696 M * Mitch_Bradley and so does dilinger. 1192651733 M * Mitch_Bradley And I opened a trac ticket for that and similar cleanups a few minutes ago. 1192651769 M * Bertl okay, back on topic, I will push the fix to dilinger, and we do some testing ... I will also continue to investigate where exactly the dentry gets invalidated ... feel free to help there 1192651792 M * daniel_hozac i know i've read code that changes the name of dentries which are removed. 1192651796 M * Mitch_Bradley regarding the two modprobes - I need to track that down, in case it is not a simple case of concurrency, but rather some insidious problem. 1192651830 M * Bertl feel free to use the debug stuff we added, it might sched some light on it 1192651867 M * Bertl (should be trivial to print more task info with it) 1192651897 J * larsivi ~larsivi@101.84-48-201.nextgentel.com 1192651902 M * Mitch_Bradley daniel_hozac: the reason why kernel modules are linked is because we are creating one or more complete virtual roots by shallow-copying from a pristine master. 1192651955 M * brc bertl, it is getting worst. i stopped a vserver so i could start another. it started fine but when i tried to restart it, it crashed 1192651966 M * brc I mean 1192651971 M * brc vcontext: vc_ctx_create(): Cannot allocate memory 1192651973 M * Mitch_Bradley does that make sense? Perhaps there is some subtlety in your question that is going over my head. I am a total vserver n00b. 1192651987 M * Bertl brc: hmm, that is valuable information 1192652009 M * brc There are more XIDs in /proc/virtual then active servers 1192652062 M * Bertl brc: any dmesg output? 1192652070 M * speedy is there any special things to do to have openvpn running on vserver guest? 1192652081 M * daniel_hozac speedy: yes, quite a few. 1192652096 M * Bertl Mitch_Bradley: doesn't make sense, because only one copy is able to pull kernel modules 1192652096 M * speedy creating device ? 1192652115 M * speedy and netfilter? 1192652129 M * Bertl Mitch_Bradley: and even if two of them would run the modprobe, it would not interfere, as we are talking dentries and not inodes 1192652166 A * Mitch_Bradley mulls 1192652194 M * brc Bertl: Sorry wrong information, the xids in /proc/virtual are the exact number of active servers. 1192652207 M * brc i accidentlaly did a ls -la | | wc -l and not ls | wc -l 1192652224 M * daniel_hozac speedy: http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F 1192652237 M * brc Bertl: Anyway to free this memory up without rebooting? 1192652237 M * Bertl daniel_hozac: did we at any point 'forget' to free up per cpu space? 1192652248 M * Bertl brc: probably no chance 1192652257 M * Mitch_Bradley Bertl: but the initscripts run in the chrooted "jail", so the modules have to be visible therein. 1192652278 M * brc ok 1192652281 M * daniel_hozac Bertl: i don't see how that would happen. 1192652292 M * Bertl Mitch_Bradley: and hopefully no modules are loaded from there 1192652304 M * Bertl Mitch_Bradley: because if, then the entire security is pointless 1192652329 Q * CWC Quit: Client exiting 1192652385 M * Mitch_Bradley Bertl: I think it depends on whether you believe that the user cannot get permission to write new module files there. 1192652423 M * Bertl well, if the user can _load_ arbitrary modules into the kernel, then the kernel is compromised 1192652426 M * Mitch_Bradley Bertl: but I agree that loading kernel modules is dubious. 1192652472 M * Bertl that was one thing I was explaining to c_scott back then, that he has to make sure that modules are only loaded and loadable from the host 1192652500 M * Mitch_Bradley Bertl: The topic of modloading did come up in the security telecon yesterday, but I wasn't entirely paying attention, because I was more interested in the JFFS2 forensics :-) 1192652516 M * Bertl hehe :) 1192652549 M * Mitch_Bradley I shall push harder to get the necessary drivers compiled-in, which seems like a good idea in any case. 1192652577 M * Bertl definitely, but you will hit on hard ground there ... 1192652597 M * Bertl because some folks still want to allow drivers for arbitrary devices 1192652607 M * Mitch_Bradley at least we can compile in the drivers we are sure that we need 1192652616 M * Bertl (like those attachable via USB) which is somewhat understandable 1192652645 M * Mitch_Bradley so that modloading new ones becomes an exception rather than the usual case 1192652685 M * Bertl IMHO the modloading is fine, if done properly 1192652704 M * Bertl kernel thread, running on the host, pulling in signed modules 1192652710 M * Bertl (no harm done there) 1192652726 M * Mitch_Bradley if the driver is always going to be loaded, might as well compile it in. Makes startup more predictable. 1192652737 M * Bertl sure, I totally agree on that 1192652746 M * daniel_hozac brc: grep CONFIG_VSERVER_HISTORY .config 1192652752 M * Bertl Mitch_Bradley: actually I suggested to do so twice already 1192652769 M * brc daniel_hozac: Nothing found 1192652787 M * daniel_hozac so it's not that either... 1192652796 M * Mitch_Bradley We have made progress in that direction - many things have gone from 'm' to 'y' in the config file. 1192652863 M * Mitch_Bradley the remaining "necessary" modules are mostly things that are still undergoing some development 1192652997 M * brc Daniel, i dont know if it has something to do... but i think that if i stop/start a vserver i dont get a problem. if i use restart i get the problem 1192653008 M * daniel_hozac brc: really? 1192653020 M * brc i cant confirm that right now just when i get ready to reboot 1192653031 M * daniel_hozac brc: what utils again? 1192653048 M * Bertl brc: does 'vps auxwww' s 1192653058 M * Bertl +show something unusual like helpers? 1192653105 M * brc i installed the lastest utils the day we found the problem (was it yestrday or the day before yesterday?? not sufre) 1192653112 M * brc lemme check 1192653137 M * daniel_hozac 0.30.214 should be fine... 1192653143 M * brc vps auxwww | grep -i help 1192653143 M * brc root 9 0 MAIN 0.0 0.0 0 0 ? S< Oct11 0:01 [khelper] 1192653143 M * brc root 16094 0 MAIN 0.0 0.0 60220 696 pts/2 S+ 17:30 0:00 grep -i help 1192653143 M * brc root 16106 ERR 0.0 0.0 0 0 ? S< 17:30 0:00 [khelper] 1192653157 M * brc daniel_hozac: Yes util-vserver-0.30.214 1192653226 M * brc btw before getting the limit down (i could have 45, now just 44 vps) i got this on dmesg which is pretty usual: 1192653232 M * brc /sbin/vshelper: (restart 40000) returned async with -2 1192653237 M * brc /sbin/vshelper: (shutdown 40000) returned sync with -2 1192653443 M * Bertl if you are going to reboot 1192653452 M * Bertl make sure that you use the latest kernel version 1192653465 M * Bertl s/kernel/patch& 1192653472 M * daniel_hozac wasn't it already the latest? 1192653487 M * Bertl honestly, I don't remeber 1192653533 M * brc It is the lastest 1192653543 M * brc 2.6.22.9-vs2.2.0.4 1192653552 M * brc At least it was some days ago 1192653559 M * daniel_hozac still is. 1192653571 M * Bertl okay, the helper stuff sounds like a hint to me 1192653629 M * daniel_hozac indeed. 1192653682 M * Bertl brc: is CONFIG_VSERVER_LEGACY enabled? 1192653826 M * brc CONFIG_VSERVER_LEGACY=y 1192653826 M * brc # CONFIG_VSERVER_LEGACY_VERSION is not set 1192653826 M * brc CONFIG_VSERVER_LEGACYNET=y 1192654279 M * Bertl for me, that doesn't make sense, we do not have any async case with CONFIG_VSERVER_LEGACY, no? 1192654304 M * Bertl ah, no, actually we have 1192654366 M * daniel_hozac we _only_ have async cases for CONFIG_VSERVER_LEGACY. 1192654404 M * Bertl yeah, I read #ifdef where it is #ifndef 1192655072 J * Aiken ~james@ppp121-45-206-11.lns1.bne1.internode.on.net 1192655212 M * Bertl welcome Aiken! 1192655234 M * Aiken hi 1192656000 A * ay wonders if the debian-vserver kerneles in debian etch are any good.. Which version of vserver are they? 1192656023 M * ay And what fluffy features are they missing compared to the newest ones.. 1192656036 M * Bertl we don't know exactly :) 1192656047 M * Bertl but yes, I think most of them are fine 1192656160 M * daniel_hozac etch is old. 1192656168 M * daniel_hozac 2.6.18-vs2.2.0.2-rc9, IIRC. 1192656175 Q * bragon Ping timeout: 480 seconds 1192656180 M * ay There isn't anything newer... 1192656185 Q * ntrs__ Ping timeout: 480 seconds 1192656196 M * ay Maybe at backports.org 1192656196 M * daniel_hozac backports and testing should have recent packages. 1192656202 M * ay testing is no-no. 1192656266 M * ay Last time i tried a kernel from backports.org (Going from 2.6.18 to 2.6.22) my sw-raids started to misbehave. 1192656293 M * ay Hihi. download.openvz.org is listed in moblock. 1192656324 M * ay Blocked OUT: SWsoft, Inc,hits: 5,DST: 64.131.90.11 1192656462 M * ay daniel_hozac: vs2.2.0.2-rc9.. What bugs do I meet? Or what features do I miss out on. 1192656475 M * daniel_hozac http://linux-vserver.org/Feature_Matrix 1192656497 M * daniel_hozac there are a number of bugs too, that's why the latest 2.6.18 kernel is 2.0.3-rc1 :) 1192656535 M * ay per-guest isolated loopback. That seems to be the big one. 1192656544 M * Bertl brc: did you already reboot? 1192656555 J * alex^^ ~email@78-86-117-217.zone2.bethere.co.uk 1192656559 M * ay Had some trouble with that one during the recent years. 1192656561 M * Bertl wb alex^^! 1192656570 M * alex^^ hihi :D 1192656573 M * alex^^ thanks :) 1192656628 A * alex^^ proceeds to configure openvcp 1192656693 J * bragon ~bragon@2001:7a8:aa58::1 1192657236 Q * bragon Read error: Connection reset by peer 1192657237 J * bragon ~bragon@2001:7a8:aa58::1 1192657436 M * ay Crap. 1192657454 J * yarihm_ ~yarihm@vpn-global-dhcp3-041.ethz.ch 1192657515 M * ay poweredge:~# uname -a 1192657515 M * ay Linux poweredge 2.6.22-2-vserver-686 #1 SMP Fri Sep 21 15:20:55 UTC 2007 i686 GNU/Linux 1192657531 M * ay No versioning av vserver in the backports.org kernel either. 1192657542 J * yarihm__ ~yarihm@84-75-130-73.dclient.hispeed.ch 1192657557 M * Bertl ay: maybe somebody should suggest the debian folks to put a note somewhere? 1192657575 Q * yarihm Read error: Connection reset by peer 1192657616 M * ay How is it supposed to look? 1192657625 Q * yarihm__ 1192657674 M * Bertl ay: well, I thin something like VSERVER.version or so inside the kernel source tree would suffice 1192657700 M * Bertl ay: of course, using the proper versioning would be better, but I can see that distributions don't want to do that 1192657722 M * Julius is there something that could prevent a vhost from writing anything to a tun device? 1192657746 M * Bertl yes, permissions 1192657756 M * Julius iptables logs show that ping requests are recieved and answered 1192657782 M * Julius but the answers don't seem to reach the daemon 1192657805 M * alex^^ Bertl: you in usa? 1192657810 M * Bertl Julius: how did you create the tun device 1192657813 M * Bertl alex^^: nope 1192657821 M * Julius mknod 1192657829 M * Julius in the guests dev dir 1192657832 M * alex^^ Bertl: euro? 1192657841 M * Bertl Julius: ahem, okay, that is the multiplexor 1192657853 M * Bertl Julius: I mean the actual 'tun0' or so? 1192657858 M * Bertl alex^^: yep 1192657870 M * Julius ifconfig and route are executed by the initialize and post... scripts 1192657899 M * Bertl Julius: so the tun0 is made persistant and configured outside, yes? 1192657920 M * Bertl Julius: is your openvpn aware of that and does it use the correct device? 1192657920 Q * bonbons Quit: Leaving 1192657950 M * Julius openvpn runs with ifconfig-noexec and route-noexec 1192657983 M * Julius and yes it is created persistent on the host system on vhost startup 1192657984 Q * yarihm_ Ping timeout: 480 seconds 1192657991 M * Bertl and 'dev tun0' and 'persist-tun' yes? 1192658005 M * Julius persist not yet :) 1192658175 M * speedy Julius how do you grant the guest host access to tun device? 1192658216 M * Julius created /dev/tun and /dev/net/tun in the guests root 1192658220 M * Julius via mknod 1192658249 M * Julius and added it as a regular interface to /etc/vservers/.../interfaces/ 1192658274 M * Julius hey, ifconfig shows some dropped packages 1192658286 M * Bertl s/packages/packets/ :) 1192658297 M * Julius ^^ 1192658325 M * Bertl don't worry, I did mix that up on a regular basis :) 1192658361 M * Julius ifconfig shows 14 rx packets 1192658379 M * Julius and 14 dropped tx packets 1192658392 M * Julius seems to be the number of pings 1192658402 M * Bertl so the device is somewhat working, now check the ips used 1192658439 M * daniel_hozac actually, that means your openvpn hasn't attached itself to the interface. 1192658469 P * Yvo 1192658525 M * Julius the only error message is: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1) 1192658574 M * Julius what ip's should i check? 1192658591 M * Bertl the ones openvpn is using on that tun device 1192658605 M * Julius the pointopoint address is wrong 1192658633 M * Julius though it was defined correctly in the initialize script 1192658655 M * Julius i copied the ifconfig and route calls from openvpn's startup log on the host 1192658657 M * Bertl double check that, because the guest should not be able to change it 1192658697 M * Julius looks the same on vserver and host 1192658753 M * Bertl how do you create the tun device? can you upload your scripts? 1192658763 M * Julius i did once :) 1192658771 M * Julius mom 1192658789 M * Bertl the old url should do, if you find it :) 1192658853 M * Julius phpfi.com/269638? 1192658861 M * Julius new one :) 1192658909 M * Bertl looks fine 1192659002 M * Julius funny 1192659016 M * Julius the pointopoint address gets changed on vserver startup 1192659033 M * Julius i just executed the scripts manually before starting up the vserver 1192659050 M * Julius http://phpfi.com/269639 1192659050 M * Bertl ah, hmm, yeah, that could be 1192659067 M * Bertl make sure to use 'nodev' for the ip entry 1192659079 M * Bertl (instead of tun0) 1192659095 M * Bertl i.e. 'nodev' instead of a 'dev' with tun0 1192659116 M * Julius okay 1192659131 M * Bertl daniel_hozac: maybe you could add ptp support to the tools at some point? or is that already done? 1192659156 M * daniel_hozac i also intend to add a way to have util-vserver create the tun-devices... it's on the list, but not done yet. 1192659163 M * Julius mv dev nodev && echo "" > nodev 1192659182 M * Julius that yould be very useful :) 1192659185 M * Bertl I guess you can leave the contents 1192659202 M * Bertl just to remind you which device you are _not_ initializing :) 1192659291 M * Julius na, everything gets dropped 1192659313 M * daniel_hozac as i said, that means openvpn hasn't attached itself to the interface. 1192659324 M * daniel_hozac look in the openvpn logs to figure out why (or use strace...). 1192659364 M * Julius the logs don't show anything useful 1192659382 M * daniel_hozac and just to make sure, you don't have a tun1 on the host now? 1192659389 Q * larsivi Quit: Konversation terminated! 1192659417 M * Julius i do have :) 1192659434 M * Julius i guess that makes everything much more complicating :) 1192659449 M * daniel_hozac in your openvpn.conf, you have dev tun0, right? 1192659455 M * Julius yeah 1192659465 M * Julius i have tun1 for the server's vpn 1192659471 M * Julius and tun0 for the vhosts 1192659487 M * Julius vhost's 1192659495 M * daniel_hozac oh, so you should have two tuns= 1192659499 M * daniel_hozac s/=/?/ 1192659525 M * daniel_hozac i guess an strace of openvpn is going to be required... 1192659569 M * Julius ifconfig shows two tun interfaces 1192659573 M * Julius proper configured 1192659582 M * daniel_hozac use ip a s 1192659618 M * Julius a s? 1192659625 M * daniel_hozac addr show :) 1192659627 M * Bertl 'ip a s' 1192659664 M * daniel_hozac ifconfig is awful and needs to die a horrible flaming death. 1192659703 M * Julius 47: tun0 mtu 1500 qdisc noqueue 1192659712 M * Bertl I think it already did .... and was resurrected :) 1192659720 M * Julius link/[65534] 1192659728 M * mnemoc how old is netlink? 8y? 1192659743 M * daniel_hozac well, i'm more interested in whether you have any _extra_ tun interfaces that shouldn't be there. 1192659743 M * Julius inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0 1192659751 M * Julius oh^^ 1192659753 M * Julius kay 1192659780 M * daniel_hozac since openvpn obviously didn't bind to the interface you were hoping for... i'm curious what it's listening on. 1192659826 M * Julius http://phpfi.com/269640? 1192659868 M * Julius I'll check the strace logfile and upload it in the next couple of minutes 1192660082 M * Julius ftp://exampleuser:secret@gempai.de/test.log 1192660205 M * mnemoc O_O 1192660297 Q * Piet Quit: Piet 1192660329 M * alex^^ anyone here use openvcp? 1192660339 M * alex^^ having some annyonig problems configurign her 1192660383 M * Bertl I think we even had the/a maintainer hanging around here 1192660415 M * daniel_hozac and if not, there's always #openvcp. 1192660450 M * alex^^ daniel_hozac: thanks :) 1192660463 M * alex^^ for some reason my browser is redirecting me to http://openvcp/auth 1192660625 M * Julius did the logfile show anything? 1192660652 M * alex^^ ahh i think i know why 1192660661 M * alex^^ openvcpd daemon not starting 1192660664 M * alex^^ getting this error: 1192660669 M * alex^^ km31919:/var/www# openvcpd 1192660669 M * alex^^ ERROR: Root Directory does not exist 1192660693 M * alex^^ km31919:/var/www# openvcpd -v 1192660693 M * alex^^ openvcpd[32455]: OpenVCP Daemon 0.3 rc2 started 1192660693 M * alex^^ ERROR: Root Directory does not exist 1192660698 M * alex^^ hmmm not very helpful 1192660724 Q * dna Quit: Verlassend 1192660767 M * alex^^ ah 1192660772 A * alex^^ checks config 1192660779 M * mnemoc *G* 1192660843 M * daniel_hozac Julius: i don't see anything obvious, i.e. it looks fine to me... i don't know why it would fail. 1192661070 M * Julius ^^ 1192661089 M * Julius maybe it's because i use debian precompiled packages 1192661124 M * daniel_hozac shouldn't be. 1192661225 M * Bertl daniel_hozac: btw, does 2.3.0.27+ have a problem with the missing proc xid checks or don't we know yet? 1192661263 M * daniel_hozac i.e. can guest access eachother pids? 1192661265 M * daniel_hozac +english 1192661320 M * Bertl yes, I guess that is the only relevant case, no? 1192661361 M * daniel_hozac it seems fine now, and my guests can now access /proc/mounts :) 1192661385 M * alex^^ hmmm 1192661391 M * daniel_hozac looking up a pid from another guest returns ENOENT as expected. 1192661400 M * alex^^ for some reason my apache isnt loading some php files =/ 1192661406 M * Bertl daniel_hozac: okay, so we should be safe, I guess 1192661414 M * alex^^ cant seem to find the addhandlers for anything in apache conf's 1192661519 M * daniel_hozac devpts has some oddities though... 1192661550 M * Bertl let's hear ... 1192661555 M * daniel_hozac http://paste.linux-vserver.org/6995 1192661588 M * daniel_hozac access is denied, but lookup succeeds. i thought we still had that code? 1192661604 M * Bertl so that is readdir vs. lookup, sec 1192661620 M * daniel_hozac ah, it's the DX_HOSTID in the devpts check. 1192661632 M * daniel_hozac (in do_lookup) 1192661662 M * daniel_hozac should probably be VS_WATCH_P | VS_IDENT as in devpts_permission. 1192661706 M * Bertl yep, the DX flags are definitely wrong there 1192661775 M * speedy Julius , how did you create tun device i'm getting operation not permitted on guest root 1192661788 M * daniel_hozac speedy: you need to set it up on the host. 1192661799 M * Bertl daniel_hozac: yep, sounds good, will add that 1192661804 M * daniel_hozac Bertl: looking at devpts_permission, why don't we pass the nd to generic_permission? 1192661852 M * speedy daniel_hozac /dev/net/tun already exists on host node 1192661871 M * daniel_hozac speedy: yes, and you need to copy that to the guest. 1192661875 M * Bertl daniel_hozac: good point, should be fine to do that 1192661933 M * Bertl ah, no, because the last argument is something different :) 1192661936 M * speedy copy the device? 1192661951 M * speedy cp /dev/net/tun /var/lib/vservers/vs1-rsm2/dev/net/tun ? 1192661976 M * daniel_hozac Bertl: oh, right, generic_permission != permission... 1192661986 M * daniel_hozac speedy: with -a 1192662010 M * speedy ok 1192662113 Q * coderanger_ Quit: coderanger_ 1192662133 M * speedy what do i have to place in /etc/vservers/.../interfaces/1/dev ? tun0 ? 1192662202 M * daniel_hozac nothing, touch ..../nodev. 1192662273 M * Julius i wonder what i did wring 1192662277 M * Julius i wonder what i did wrong 1192662371 M * speedy ovpn-server[16646]: Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1) 1192662391 M * daniel_hozac that's... odd. 1192662395 M * daniel_hozac what kernel? 1192662418 M * speedy 2.6.18-5-vserver-amd64 1192662477 M * daniel_hozac and you did already create the interface on the host, right? 1192662510 M * Bertl speedy: that sounds like running openvpn as user, but trying to configure interfaces 1192662511 M * speedy i followed the steps in the FAQ 1192662538 M * speedy http://linux-vserver.org/Frequently_Asked_Questions#Can_I_run_an_OpenVPN_Server_in_a_guest.3F 1192662556 M * Bertl I also think it is just a warning 1192662598 M * daniel_hozac well, that's the ioctl that sets up the file descriptor to receive/transmit packets from/to the tun interface. 1192662621 M * speedy Bertl it is exiting 1192662637 M * Bertl nevermind, I misread that one too ... 1192662646 M * speedy Note: Attempting fallback to kernel 2.2 TUN/TAP interface 1192662654 M * speedy Cannot allocate TUN/TAP dev dynamically 1192662713 M * daniel_hozac speedy: so in your openvpn.conf you have dev , yes? 1192662741 M * speedy dev tun 1192662752 M * Bertl make that 'dev tun0' 1192662755 M * daniel_hozac that's not gonna work. you need to use the interface name you've created. 1192662808 M * speedy Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2) 1192662831 J * coderanger_ ~coderange@sylvester-68.dynamic2.rpi.edu 1192662850 M * daniel_hozac and that is the first error you get? 1192662873 M * speedy thats the first Note: Cannot ioctl TUNSETIFF tun0: Operation not permitted (errno=1) 1192662913 M * Bertl speedy: upload the openvpn.conf and the output of 'ip addr ls' on the host please 1192663078 M * alex^^ any openvcp users around? need quick help with apache2 1192663153 M * speedy Bertl http://paste.linux-vserver.org/6996 1192663188 M * Julius is there anything openvcp specific about apache2? 1192663206 M * alex^^ well for some reason the .htaccess file is being wierd to me 1192663214 M * alex^^ and isnt redirecting to the propoer php files 1192663219 M * speedy bertl and http://paste.linux-vserver.org/6997 1192663241 M * daniel_hozac speedy: well, that shows tap0. 1192663241 M * Bertl speedy: you created a tap0 1192663295 M * Bertl openvpn --mktun --dev tun0 1192663309 M * speedy on host? 1192663317 M * Bertl yes, you can use the guest binary 1192663447 M * alex^^ i got a wierd problem with my apache and openvcp, it seems to want to goto new directorie paths, instead of modules within php files.... anyone seen this before? 1192663486 M * alex^^ for example 1192663487 M * alex^^ http://87.118.112.90/ovcp_webinterface/openvcp/auth/ 1192663491 M * alex^^ click on submit here 1192663495 M * speedy great its running thanks alot! 1192663502 M * alex^^ and itll goto a path rather than a module? 1192663523 M * Julius -.- 1192663524 M * daniel_hozac AcceptPathInfo on 1192663540 M * daniel_hozac (just a guess...) 1192663552 Q * speedy Quit: testing vpn 1192663577 M * Bertl daniel_hozac: is the delta-v6tw-fix01.diff the only case which requires the tw check? 1192663588 M * daniel_hozac are there others? 1192663601 M * Bertl that's what I'm asking :) 1192663632 M * daniel_hozac that's the only one we touch, at least. 1192663642 M * Bertl okay, tx 1192663805 M * brc Bertl: have not rebooted yet 1192663836 M * Bertl brc: okay, before you reboot, please enable some of the debugging for the kernel 1192663866 M * Bertl brc: so that we can track whatever you are seeing when it happens again (maybe before it happens) 1192664285 Q * Julius Ping timeout: 480 seconds 1192664379 Q * alex^^ Quit: ircN 8.00 for mIRC (20070730) 1192664417 J * speedy ~speedy@home.speedy.org 1192664990 Q * speedy Quit: [BX] Time to make the donuts