1198368526 J * friendly12345 ~friendly@ppp121-44-206-97.lns3.mel4.internode.on.net 1198368746 Q * ema Quit: leaving 1198369176 Q * dna Quit: Verlassend 1198370684 M * Hollow daniel_hozac: around? 1198371348 J * cryptnix ~andrew@fw.levelsync.com 1198371403 M * daniel_hozac Hollow: on and off. 1198371415 M * daniel_hozac what's up? 1198371766 Q * Abaddon Quit: leaving 1198372764 J * Supaplex supaplex@166-70-62-194.ip.xmission.com 1198372806 M * Supaplex are there any software limits on vserver instances? 1198372823 M * Supaplex eg, how many guests at a time? That's only limited by hardware, right? 1198372829 M * daniel_hozac no. 1198372839 M * daniel_hozac you can't create more than 65533 contexts. 1198372851 M * Supaplex oh ok. 1198372891 M * Supaplex the day I run into that limit ... is a good day actually. I could tollerate 65K more accounts. ;) I doubt it'll be running on the same box tho. hah. anyway cool :) 1198372911 M * daniel_hozac hehe 1198373010 M * Supaplex what's the filesystem sharing option that allows guests r/w access, but only uses disk space when changes are made? I'd like to setup dozens of guests, w/o gobbling up gb's of space for a default install. 1198373072 M * daniel_hozac find /vservers/template -type f -print0 | xargs setattr --iunlink 1198373080 M * daniel_hozac then use vserver ... build -m clone. 1198373083 M * daniel_hozac and set disk limits. 1198373111 M * Supaplex can guests delete their instance of the file? is it like a hardlink or something? 1198373120 M * daniel_hozac yes. 1198373123 M * daniel_hozac it's a hardlink. 1198373136 M * daniel_hozac the file is immutable, but can be unlinked. 1198373146 M * Supaplex wicked cool :) 1198373170 M * daniel_hozac and on 2.1+, the links will be COW-broken. 1198373178 M * Supaplex so guests that modify those files, silently replaced? 1198373192 M * daniel_hozac on 2.1+, yes. 1198373213 M * Supaplex I was thinking of using a gentoo box for the host. but mostly all debian guests 1198373224 M * daniel_hozac on 2.0, the software modifiying the file would need to take care to unlink first, write the new one, etc. 1198373233 M * Supaplex I see 1198373254 M * Supaplex unless I can get away with a backport on debian :) 1198373260 M * Supaplex then I'll keep the host debian 1198378171 J * kernelnewbies ~Administr@123.118.2.153 1198378174 P * kernelnewbies 1198382875 Q * derjohn Ping timeout: 480 seconds 1198382884 J * derjohn ~derjohn@dslb-084-058-215-154.pools.arcor-ip.net 1198386204 Q * shuri Quit: Leaving 1198387706 Q * hparker Ping timeout: 480 seconds 1198388264 J * hparker ~hparker@linux.homershut.net 1198389263 Q * phedny Ping timeout: 480 seconds 1198390896 J * cryptnix- ~andrew@fw.levelsync.com 1198390896 Q * cryptnix Read error: Connection reset by peer 1198392236 Q * hparker Remote host closed the connection 1198392643 J * hparker ~hparker@linux.homershut.net 1198394118 Q * softi42 Ping timeout: 480 seconds 1198394643 J * softi42 ~softi@p549D4F76.dip.t-dialin.net 1198394731 Q * hparker Quit: g'nite 1198398041 J * JonB ~NoSuchUse@0x535f65c3.kjnxx7.adsl-dhcp.tele.dk 1198399681 Q * JonB Quit: This computer has gone to sleep 1198402670 J * JonB ~NoSuchUse@0x535f65c3.kjnxx7.adsl-dhcp.tele.dk 1198403090 Q * JonB Quit: This computer has gone to sleep 1198403251 Q * Aiken Quit: Leaving 1198403309 J * Aiken ~james@ppp121-45-246-228.lns2.bne4.internode.on.net 1198403376 J * JonB ~NoSuchUse@0x535f65c3.kjnxx7.adsl-dhcp.tele.dk 1198403795 J * phedny ~mark@ip56538143.direct-adsl.nl 1198403860 J * dna ~dna@p54BCF874.dip.t-dialin.net 1198404494 J * rgl ~rgl@84.90.10.245 1198404499 A * rgl waves 1198404516 J * pmenier ~pmenier@ACaen-152-1-19-110.w83-115.abo.wanadoo.fr 1198405967 Q * Aiken Remote host closed the connection 1198405998 J * Aiken ~james@ppp121-45-246-228.lns2.bne4.internode.on.net 1198406929 J * fluor ~vegenero@vol21-3-82-244-46-47.fbx.proxad.net 1198406936 M * fluor hey there 1198406944 J * ema ~ema@rtfm.galliera.it 1198406967 M * fluor I got freezed vservers on a machine with a load or 328 (caused by what's running within the vservers) 1198406990 M * fluor and I can't stop the vservers using vserver stop 1198407000 M * fluor how can I kill them? 1198407055 J * marv ~marv@modemcable128.145-80-70.mc.videotron.ca 1198407060 M * daniel_hozac are the processes stuck in state D? 1198407070 N * marv _marv 1198407083 M * _marv hi daniel 1198407103 M * daniel_hozac hello 1198407135 M * fluor daniel_hozac: there's just three processes with "vserver" in them, and two of them are the stop commands I issued 1198407139 M * fluor and they're in S+ 1198407171 M * daniel_hozac i meant the ones in the guests, causing the load. 1198407242 M * fluor I can't check, cause I can't enter any vserver anymore 1198407248 M * fluor and vtop doesn't seem to report them 1198407257 M * _marv vps 1198407261 M * _marv vtop 1198407270 M * _marv oh vtop doesnt work? 1198407274 M * _marv n/m 1198407316 M * _marv i gotta fix this enter button... 1198407344 M * fluor vps aux stalls as well 1198407367 Q * softi42 Remote host closed the connection 1198407378 M * fluor can't I just kill all vservers somehow? 1198407387 M * fluor I just don't see any process that I could shut down 1198407391 M * _marv reboot the host 1198407395 M * fluor arhgh. 1198407397 M * _marv that'll kill them :P 1198407425 M * fluor problem is: I don't have physical access to that box, and if smthg goes wrong.. 1198407446 M * _marv true it might not got threw the reboot process 1198407644 J * larsivi ~larsivi@144.84-48-50.nextgentel.com 1198407655 M * fluor daniel_hozac: any alternative to rebooting the host? 1198407707 M * daniel_hozac get the output of dmesg before you do. 1198407722 M * daniel_hozac i'd be willing to bet you have at least one BUG/oops in there. 1198407859 J * Abaddon abaddon@68-71.is.net.pl 1198407922 M * fluor daniel_hozac: so it has to go through rebooting, right? 1198407941 M * daniel_hozac since you can't do anything, i'd say so. 1198409326 Q * Aiken Quit: Leaving 1198409734 M * rgl fluor, I'm +- in your situation ("fear" of rebooting with a broken box), so I decided to install a IPMI board on the box in january *G* 1198409785 M * rgl fluor, have you tried the vkill command? 1198409913 M * fluor :) 1198409935 M * fluor rgl: no, because I can't see which process is going wild in the vserver 1198409942 M * fluor in addition to that, it appears the box is having disk problems, 1198409949 M * fluor so I'm not too keen on rebooting for that matter 1198409994 M * rgl fluor, try to kill them all with vkill --xid guest_xid -1 1198410045 M * rgl (though, here, mysql wasn't killed, I had to vkill it individually, but I was able to use vps) 1198410087 M * rgl fluor, hope you are using raid1+ (I wasn't till recently :() 1198410161 M * fluor yes 1198410170 M * fluor (for RAID) 1198410175 M * fluor where do I get the xid from? 1198410222 M * rgl you didn't explicly assign a XID to the guest? you can get them from vserver-stat output, or ls -l /proc/virtual 1198410243 M * fluor ah, is it the first column in vserver-stat? 1198410254 M * fluor it's called CTX in there 1198410254 M * rgl (or even cat /etc/vserver/GUEST/context) 1198410271 M * fluor ok 1198410272 M * rgl yes, use that. 1198410285 M * fluor if it's the same as context, I got them all assigned 1198410295 M * _marv C is for Context (the #) X is the name of the guest... from what i get it... correct me if i'm rong ppl i'd like to know 1198410300 M * _marv the xid cid things 1198410661 M * rgl _marv, I'm not sure. but yes, you can also use the guest name in the --xid argument. 1198410853 P * friendly12345 1198411052 Q * JonB Quit: This computer has gone to sleep 1198411080 M * _marv any suggestions on how i could setup my firewall to isolate each vserver from the others? i'm ok with incoming trafic from the outside world... kinda scratching my head on howto do it internaly on the box 1198411220 M * rgl _marv, why you want that? 1198411273 M * _marv well my limiting/banning connection rate limiting... say a vserver's php gets injected with an evil bot... i dont want it to be able to attack an internal box 1198411282 M * _marv i'm kinda paranoid about security 1198411332 M * rgl you don't want to to establish connections with the host? 1198411346 M * _marv ? 1198411367 M * _marv i dont get your question 1198411392 M * rgl you want to prevent the guests from connecting to the host using IP? 1198411402 M * _marv to each other 1198411422 M * _marv the host isnt running anything but SSH and its behind port knocking 1198411440 M * _marv u need to hit 3 ports in a specific order to open up ssh for you :P 1198411453 M * rgl woah *G* 1198411516 M * rgl whats stopping you from using iptables? 1198411521 M * _marv i am 1198411530 M * _marv mmm 1198411537 M * _marv imma try something 1198411974 M * rgl whats the problem then? 1198411987 M * _marv 2s 1198412000 M * _marv i may be babelling for nothing 1198412001 Q * infowolfe Ping timeout: 480 seconds 1198412668 M * _marv ah ok disallowing lo and making it go threw the filter was my probleme... 1198412681 M * _marv i was allowing lo by default in the 1st lines of the firewall 1198412794 N * Bertl_zZ Bertl 1198412798 M * Bertl morning folks! 1198412844 M * _marv g'morn 1198412927 J * Infinito ~argos@200-140-69-91.gnace701.dsl.brasiltelecom.net.br 1198412962 M * _marv anybody here really know iptables? more specificly the ipt_recent module... i'd like to know if it can be used with the MAC address instead of IP based... most attacks i see are spoofed tcp headers on the source ip... but the mac is always the same... 1198413300 M * Bertl because the mac is the one of your router/next hop? 1198413323 M * _marv ohhh 1198413353 M * _marv mmm no... my firewall logs show always diff mac according to ip 1198413419 Q * Infinito Remote host closed the connection 1198413424 M * Bertl only directly connected machines (ethernet segment) will show different macs, the machines behind a router will have the router mac 1198413452 M * _marv they all have public ip's 1198413455 M * _marv there not lan ip's 1198413467 M * _marv i'm getting the correct MAC 1198413472 M * _marv spoofed src ip 1198413476 M * derjohn _marv, you can use arptables to block traffic from a special mac (as a test, ib Bertl is right ...() 1198413497 M * _marv derjohn, yes but its uncompatible with the apt_recent modules witch is the "counter" for my limiting 1198413524 M * rgl thats odd _marv. you should only see a few MAC addresses reaching your box (because normally you are behind a switch/router) 1198413524 M * _marv cuz i do limiting that drops ip's 1198413532 M * _marv if the ip gets droped 5 times its banned for 24h 1198413564 M * derjohn _marv, nice idea. but someone seems to send pakets with spoofed ip. 1198413573 M * Bertl _marv: what is the mac of www.google.com? 1198413574 M * _marv thats my probleme 1198413588 M * _marv Bertl, i can't get google to activate my firewall 1198413589 M * derjohn _marv, thats why there is a mac with an "foreign" ip . 1198413594 M * _marv well maby with the translate page 1198413618 M * rgl _marv, maybe you have some multicast (actually ethernet broadcast) reaching in your box? 1198413619 M * _marv but evean then they have so many routers/boxes/switches going at it... it wouldnt be a conclusif test 1198413625 M * Bertl if you do: 'ping www.google.com' then google will send you and reply 1198413629 M * derjohn _marv, check with machine has that mac in question. tcpdump on that machine if possible. 1198413643 M * _marv ok 1198413646 M * Bertl _marv: just look at that reply package with tcpdump, and check the mac 1198413655 M * Bertl *packet 1198413714 M * _marv example: udp.pl attack... my firewall shows logs of all the same mac, spoofed diff ip's, its banning all the ip's with the ipt_recent module, but thats stupid there spoofed, the firewall logs also reveal that when connecting from multiple boxes the mac address ALWAYS changes according to the source ip 1198413728 M * _marv so my switches routers arnt the issue 1198413733 M * _marv the issue is ipt_recent is ip based 1198413735 M * _marv i want MAC 1198413761 M * Bertl _marv: try what I suggested 1198413809 M * _marv oh 1198413816 M * _marv no 1198413817 M * _marv i could do the limiting via ip base 1198413829 M * _marv all the counting 1198413833 M * _marv but ban the MAC's 1198413840 M * _marv that would be a work around 1198413884 M * rgl _marv, but how can you block a MAC when you are behind a switch? wouldn't that cut your box of the net? 1198413890 M * Bertl _marv: are you chatting from that machine? 1198413895 M * _marv Bertl, no 1198413910 M * _marv rgl, maby :P going to try it neways 1198413916 M * Bertl _marv: then please try what I suggested 1198413940 M * _marv Bertl, what do you want me to look for in tcp dump? scan the mac addresses and analyse it? 1198413968 M * Bertl _marv: or if you prefer, add a log target for icmp echo reply to your firewall 1198413980 M * _marv there already is 1198413999 M * Bertl so then the icmp reply from google should be already logged 1198414011 M * _marv ah 1198414018 M * Bertl then compare it to the one from slashdot 1198414018 M * _marv i'm not logging if its not limited 1198414023 M * _marv yeah that would work 1198414050 M * _marv great idea thx 1198414333 M * derjohn _marv, if I were you I would follow Bertl's advice. Keep in mind that the ipt_recent stuff doesnt probably fix the source of the problem. 1198414348 M * _marv yeah the source is all them black hats 1198414463 M * derjohn oh, I didnt follow the whole discussion. I was of the oppinion that a differnet host on the same switch might be exploited. If that alien pestillence comes from the outer world, then you probaly not gonna fix it :) 1198415024 M * Bertl have to leave now ... but sure it looks like it's going to be interesting and entertaining ... bbl 1198415029 N * Bertl Bertl_oO 1198415990 Q * Abaddon Quit: leaving 1198416216 Q * larsivi Quit: Konversation terminated! 1198417676 J * virtuoso ~s0t0na@ppp91-122-170-66.pppoe.avangard-dsl.ru 1198417802 J * JonB ~NoSuchUse@0x5739c847.roennqu1.broadband.tele.dk 1198418014 Q * nkukard Ping timeout: 480 seconds 1198418103 Q * virtuoso_ Ping timeout: 480 seconds 1198418565 Q * JonB Quit: This computer has gone to sleep 1198419348 J * balbir ~balbir@122.167.196.255 1198419880 J * doener_ ~doener@i577AE5F9.versanet.de 1198420038 Q * fluor Ping timeout: 480 seconds 1198420293 Q * doener Ping timeout: 480 seconds 1198420716 J * JonB ~NoSuchUse@0x5739c847.roennqu1.broadband.tele.dk 1198422072 J * Abaddon abaddon@68-71.is.net.pl 1198422572 J * yarihm ~yarihm@196-46-239-77-pool.cable.fcom.ch 1198423351 Q * Abaddon Quit: leaving 1198423449 N * DoberMann[ZZZzzz] DoberMann 1198423646 J * hparker ~hparker@linux.homershut.net 1198424728 Q * Guy- Read error: Connection reset by peer 1198425854 J * nysis ~nysis@dslb-088-073-017-219.pools.arcor-ip.net 1198425963 J * Guy- ~korn@elan.rulez.org 1198425998 Q * nysis 1198426022 J * nysis ~nysis@dslb-088-073-017-219.pools.arcor-ip.net 1198427077 Q * dna Read error: Connection reset by peer 1198427215 J * dna ~dna@p54BCF874.dip.t-dialin.net 1198427238 J * Abaddon abaddon@68-71.is.net.pl 1198428503 Q * JonB Quit: This computer has gone to sleep 1198429759 J * larsivi ~larsivi@144.84-48-50.nextgentel.com 1198430552 J * Infinito argos@200-140-69-91.gnace701.dsl.brasiltelecom.net.br 1198431727 Q * Abaddon Quit: leaving 1198433232 J * JonB ~NoSuchUse@0x5739c847.roennqu1.broadband.tele.dk 1198433368 Q * JonB 1198434070 Q * rgl Quit: Enough 1198434674 Q * pmenier Quit: Konversation terminated! 1198434757 J * ViRUS ~mp@p57A6F721.dip.t-dialin.net 1198435426 J * JonB ~NoSuchUse@0x5739c847.roennqu1.broadband.tele.dk 1198435984 Q * JonB Quit: This computer has gone to sleep 1198436639 Q * transacid Remote host closed the connection 1198437278 Q * larsivi Ping timeout: 480 seconds 1198437900 J * kwowt ~kwowt@BSN-61-30-17.dial-up.dsl.siol.net 1198438058 J * larsivi ~larsivi@144.84-48-50.nextgentel.com 1198438108 M * yarihm has anyone ever seen something like this: i recompiled bind as suggested by the wiki (--disable-caps --disable-threads), when starting the server (/usr/sbin/named -u bind) no error is displayed, neither on the console nor on the logs, it just returns 1. when using strace -f it won't exit but strace will hang ... 1198438148 M * yarihm in short: is there a distro where bind does not make problems in a vserver? it's not a requirement that this be debian or ubuntu, i'll gladly look at something else 1198438228 Q * quote Ping timeout: 480 seconds 1198438302 J * transacid ~transacid@transacid.de 1198438478 J * Aiken ~james@ppp121-45-246-228.lns2.bne4.internode.on.net 1198439813 J * mick_work ~clamwin@adsl-068-157-089-099.sip.bct.bellsouth.net 1198439861 M * daniel_hozac why don't you just use a recent kernel? 1198439937 M * AStorm daniel_hozac: btw, is there a patch for vserver which I can use for 2.6.24? 1198439952 M * AStorm or any other recent kernel? anything new in experimental dir? 1198439954 M * daniel_hozac there's a preprepatch. 1198439965 M * Bertl_oO is 2.6.24 already out? 1198439971 N * Bertl_oO Bertl 1198439976 M * daniel_hozac no. 1198439978 M * AStorm Bertl: due in January 1198439983 M * AStorm it's at rc6 1198439997 M * Bertl so why do folks keep asking for a patch against it then :) 1198440005 M * AStorm because it's so much better :> 1198440017 M * AStorm like 2.6.23 w/o the bugs 1198440036 M * Bertl yeah, you can give the prepatch a try .. let me know how it does 1198440069 J * JonB ~NoSuchUse@0x5739c847.roennqu1.broadband.tele.dk 1198440084 M * AStorm I'll check it out. You could try porting vserver to the "containers" framework, why not :> 1198440106 M * AStorm esp. cgroups scheduler stuff could be useful to be managed by util-vserver 1198440172 M * AStorm I'll check whether these can finally allow CPU limiting 1198440183 J * Abaddon abaddon@68-71.is.net.pl 1198440367 J * bastiaan ~bastiaan@sh.welmers.net 1198440397 M * bastiaan hi 1198440425 M * bastiaan someone knows if one can mount a (--bind) file system into a running vserver? 1198440428 M * daniel_hozac yes. 1198440445 M * AStorm sure you can 1198440453 M * bastiaan okay nice 1198440453 M * daniel_hozac just use vnamespace -e mount... 1198440459 M * bastiaan okay thanks 1198440486 M * Bertl AStorm: had a look at them, but doesn't look very useful for Linux-VServer 1198440497 M * AStorm daniel_hozac: I wonder if I should try extending/converting vserver-utils to container stuff 1198440512 M * AStorm well, it should be 1198440513 M * Bertl AStorm: as far as I can tell, all you can achieve with that is a fair scheduling (with some priority) between guests 1198440519 M * AStorm just make a per-xid cgroup 1198440526 M * AStorm and there you have your limiting 1198440536 M * daniel_hozac it is nowhere near as flexible as our scheduling. 1198440538 M * AStorm *if* it supports that :> 1198440543 M * Bertl AStorm: and how can I actually limit the cpu amount with cgroups? 1198440551 M * AStorm otherwise, per-xid fair scheduling 1198440576 M * AStorm checking, there was some discussion 1198440616 M * Bertl for example, the 'out-of-the-box' example Linux-VServer has configured (25% cpu) 1198440617 M * bastiaan is there some documentation wiki page about vnamespace ? 1198440631 M * Bertl bastiaan: vnamespace --help (for the usage) 1198440639 M * bastiaan okay (theres no man page) 1198440648 M * daniel_hozac namespaces are a vanilla feature. 1198440652 M * AStorm bastiaan: write one while you're at it 1198440653 M * AStorm :-) 1198440669 M * AStorm daniel_hozac: yes 1198440689 M * AStorm I'm just wondering if they finally added some kind of throttling to CFS 1198440707 M * daniel_hozac nice values. 1198440717 M * AStorm fair throttling to add (your isn't - it tends to give long burst to one server, then long burst to another :> ) 1198440738 M * AStorm daniel_hozac: hehe, no, that's not it 1198440747 M * AStorm these don't limit the percentage, just priority 1198440773 M * AStorm but, should work 1198440774 M * AStorm hmm, that gave me a funny idea 1198440775 M * AStorm if a cgroup with forced nice value is ok 1198440777 M * AStorm :-) 1198440791 M * Bertl AStorm: so switching to cgroups would effectively eliminate: hard scheduling, idle scheduling and most of the actual TB fair scheduling :) 1198440792 M * AStorm now, that the scheduler is fair, it could work 1198440848 M * Bertl do you know how the CFS can be configured to 'not-schedule' a task? 1198440849 M * AStorm hard scheduling I'm after 1198440856 M * AStorm I'll ask about that on LKML, why not 1198440873 M * AStorm by putting it at the end of the queue in inactive state 1198440873 M * Bertl okay, please keep me updated ... 1198440885 M * AStorm this means "I'm sleeping" 1198440888 A * bastiaan installs new disk (to mount it in a running vserver ...) 1198440897 M * AStorm much like old sched_yield 1198440920 M * Bertl AStorm: yes, but we cannot change the running state of a process arbitrarily 1198440925 M * AStorm but, since it's inactive 1198440930 M * AStorm it won't be woken up 1198440942 M * AStorm you can :> 1198440947 M * daniel_hozac there's also no queue... 1198440960 M * AStorm daniel_hozac: yeah, that was a simplification, it's an RBtree 1198440964 M * Bertl hehe, right :) 1198440979 M * AStorm a priority queue on top of one 1198441027 M * Bertl daniel_hozac: btw, how did the prepatch go for you? 1198441027 M * AStorm I've tried once to do that when porting vserver to 2.6.24 myself 1198441037 M * AStorm it fairly worked, but didn't kill the task totally 1198441043 M * daniel_hozac Bertl: i haven't gotten around to testing it yet... been too busy with pre-christmas preparations and such. 1198441046 M * AStorm instead just making it almost zilch 1198441055 M * AStorm *it have almost zilch runtime 1198441084 M * Bertl daniel_hozac: same here, I can understand that perfectly ... 1198441090 M * AStorm this means it was scheduled once in a long time, then put back to sleep forcibly again 1198441091 M * daniel_hozac Bertl: i'll definitely have some time next week though... 1198441111 M * AStorm you could throttle it more often than I did (that is, on every sched tick) 1198441114 M * daniel_hozac Bertl: how's the move going? 1198441130 M * AStorm I only throttled it when it reached the top of the queue 1198441136 M * AStorm to keep O(1) semantics 1198441148 M * Bertl so far so good, unfortunately we had a lot of ice the last week, so it was somewhat dangerous 1198441155 M * AStorm hmm 1198441167 M * AStorm moving is always tricky 1198441523 J * user2008 irc_by_use@port-5-pool-91-187-11.infonet.by 1198441573 M * Bertl welcome user2008! 1198441588 M * user2008 hello. can anyone tell me the right URI for repository for Fedora 7 ? 1198441621 M * daniel_hozac util-vserver is in the tree already. 1198441629 M * user2008 i need kernel-smp for FC7 1198441660 M * daniel_hozac hmm, kernel-smp hasn't existed since FC5, IIRC... 1198441768 M * daniel_hozac Bertl: so when are you expecting to leave the current house? 1198441772 M * user2008 i am not a proxy. i have dual core processor at server 1198441789 M * user2008 which kernel i should install for using vserver? 1198441818 M * user2008 sorry. "i am not a proxy" should be "i am not a profy" 1198441818 M * daniel_hozac you'll have to build your own, see http://linux-vserver.org/Installation_on_Linux_2.6 1198441877 M * user2008 ok, i'll try 1198441895 M * yarihm daniel_hozac: using a recent kernel helps with the bind9-debian-issue? 1198441920 M * daniel_hozac yarihm: yes, it's worked around in 2.1.1-rc18+, IIRC. 1198441953 M * Bertl daniel_hozac: still problems with the networking there, otherwise we would have moved already 1198441994 M * daniel_hozac Bertl: ah, nice. 1198442001 M * yarihm hmm ... well, if nothing else works, i'll try that one. but given the fact that the machine is productive, i'd rather go for the stock-kernel if possible. 1198442052 Q * JonB Quit: This computer has gone to sleep 1198442082 M * yarihm however, does bind9 work in a vserver running e.g. fedora 7? or centos 5? I'd gladly move to fedora for this, it's mere habit that i'm trying to get that done using debian or ubuntu 1198442091 Q * user2008 Quit: Я пользуюсь mIRC 6.17 IRC.BY. Скачать ее можно на сайте http://www.irc.by 1198442122 M * Bertl yarihm: bind9 works quite fine with recent kernels 1198442178 M * daniel_hozac AFAIK, no distribution has picked up my patch for it, nor has ISC. 1198442267 M * yarihm Bertl: how recent is recent? 1198442280 M * daniel_hozac anything more recent than 2.1.1-rc18. 1198442307 M * Bertl so the stable 2.2.x branch should be fine 1198442378 M * Bertl does anybody know where the AOE stuff got moved in recent kernels? 1198442412 J * user2008 irc_by_use@port-5-pool-91-187-11.infonet.by 1198442441 M * daniel_hozac drivers/block/aoe? 1198442470 M * Bertl can't find it in the config ... 1198442488 M * user2008 when i trie to "make config" i got an error - make[1]: *** [scripts/kconfig/lxdialog/checklist.o] Error 1 1198442525 M * daniel_hozac hmm, you're right... it's not in Kconfig or the Makefile. 1198442544 M * user2008 what should i do? 1198442555 M * user2008 i do a wroted in link that you gave 1198442558 M * Bertl install cdialog, I would guess 1198442572 M * daniel_hozac user2008: what's the error above that? 1198442614 M * user2008 undeclared KEY_RESIZE, KEY_LEFT, KEY_RIGHT 1198442625 M * Bertl daniel_hozac: ah, it's called ATA_OVER_ETH 1198442659 M * daniel_hozac ah, yes, there we go. 1198442669 M * daniel_hozac user2008: install ncurses-devel. 1198442684 M * user2008 ok 1198442727 M * user2008 yeah, it helps 1198442853 Q * _marv Remote host closed the connection 1198443443 M * AStorm yarihm: I'm not a fan of badly designed software, i.e. bind9 1198443446 M * AStorm :> 1198443493 M * user2008 how do you think how much time kernel will be making on dual core 2.66 with 1gb ram? 1198443523 M * daniel_hozac depends on your config. 1198443532 M * user2008 config of what? 1198443539 M * daniel_hozac the kernel? 1198443570 M * user2008 all as described at http://linux-vserver.org/Installation_on_Linux_2.6 1198443582 M * daniel_hozac that doesn't say anything about the configuration. 1198443583 M * user2008 2.6.22.9 1198443605 M * daniel_hozac or well, it describes the Linux-VServer options, but nothing more. 1198443630 M * user2008 there are example screen there. i make as described there 1198443760 M * user2008 i don't need clearly to seconds... :) 5 mins, 30 mins or 2 hours... just like that 1198443824 M * daniel_hozac probably 1-30 minutes. 1198443831 M * user2008 ok 1198443891 M * yarihm AStorm: well, for external things i'm using pdns but for internal things consider bind very handy and easy to set up. what is your recommendation then? 1198443973 M * bastiaan hi 1198443986 M * bastiaan how can I mount --bind something from the host into a vserver? 1198443997 M * bastiaan I tried 1198443999 M * bastiaan # vnamespace -e sh mount -t ext3 -obind /home/backup /var/lib/vservers/sh/home/backup 1198444019 M * bastiaan but it can't find /home/backup ... (present on the host) 1198444055 M * daniel_hozac because you just mounted it on the host, no? 1198444060 M * bastiaan yes 1198444087 M * bastiaan but it would be nice if it's on the host, and can be mounted several times in multiple vservers 1198444109 M * AStorm yarihm: maradns personally 1198444114 M * AStorm pdns failed me a few times 1198444117 M * bastiaan or should I just do # vnamespace -e sh mount /dev/mapper/vg00-lv05 /var/lib/vservers/sh/home/backup 1198444134 M * daniel_hozac that'd be the easiest. 1198444153 M * daniel_hozac (and the kernel should keep anything bad from happening) 1198444177 M * bastiaan okay 1198444178 M * AStorm read only bind mounts rock, btw 1198444181 M * AStorm :-) 1198444231 M * bastiaan works now :) 1198444232 M * bastiaan bastiaan@sh:/home/backup$ df -h ./ 1198444232 M * bastiaan Bestandssysteem Grtte Gebr Besch Geb% Aangekoppeld op 1198444234 M * bastiaan - 18G 173M 17G 2% /home/backup 1198444238 M * bastiaan damn paste 1198444391 M * AStorm yarihm: and bind9 is a huge hog 1198444397 M * AStorm takes 25 MB to do nothing :> 1198444423 M * AStorm maradns on the other hand is threaded and each thread can take quite a lot of memory 1198444745 M * AStorm but, it is much smaller still 1198444788 M * AStorm bind with a lot of data cached takes horrible amount of space 1198445024 M * AStorm I wonder if vserver could limit total memory use of the context 1198445047 M * AStorm do rlimits work context-wide finally? 1198445480 M * Bertl they always did, why? 1198445524 M * AStorm heh, so I always failed to use them? where do I specify these? 1198445576 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1198445650 A * AStorm bashes his head on keyboard 1198445656 M * AStorm yes, I used that once even ;P 1198446226 M * user2008 is it serious? - "WARNING: vmlinux(.text+0xc1210e01): Section mismatch: reference to .init.text: (between 'iret_exc' and '_etext')" 1198446530 M * Bertl that's pretty normal 1198446583 M * user2008 dman 1198446586 M * user2008 damn 1198446596 M * user2008 20-25 minutes of making and got error 1198446608 M * user2008 sh /root/linux-2.6.22.9-vs2.2.0.4/arch/i386/boot/install.sh 2.6.22.9-vs2.2.0.4 arch/i386/boot/bzImage System.map "/boot" 1198446614 M * user2008 WARNING: Couldn't open directory /lib/modules/2.6.22.9-vs2.2.0.4: No such file or directory 1198446620 M * user2008 FATAL: Could not open /lib/modules/2.6.22.9-vs2.2.0.4/modules.dep.temp for writing: No such file or directory 1198446620 M * user2008 No modules available for kernel "2.6.22.9-vs2.2.0.4". 1198446620 M * user2008 mkinitrd failed 1198446620 M * user2008 make[1]: *** [install] Error 1 1198446620 M * user2008 make: *** [install] Error 2 1198446641 M * Bertl try 'make modules_install' 1198446682 M * user2008 should i use then "make clean" or just re-execute "make & make install"? 1198446832 M * Bertl if you do 'make clean' you have to start over 1198446844 M * Bertl 'make modules_install' should be fine 1198446877 M * Bertl then repeat the install 1198447014 M * user2008 ok 1198447063 N * BobR_zZ BobR 1198447737 Q * ViRUS Quit: Leaving 1198447829 Q * ema Quit: leaving 1198448522 M * user2008 vtop produce error - chcontext: tools were built without legacy API support; can not continue 1198448563 Q * dna Quit: Verlassend 1198448656 M * user2008 how should i fix this error? 1198448726 M * Bertl did you configure legacy stuff for your kernel? 1198448748 M * user2008 i suppose yes. i will check right now 1198448765 M * user2008 enable kernel legacy api is ON 1198448801 M * Bertl so you probably want to turn that off (or recompile util-vserver with legacy support) 1198448860 M * user2008 i install util-vserver with yum . but before kernel was maked 1198448899 M * user2008 should i turn off "kernel legacy api" and make kernel again? 1198448903 M * Bertl the legacy kernel option is only used for _very_ old tools 1198448913 M * Bertl (check out the help text there) 1198448947 M * user2008 ok. gor it 1198448952 M * user2008 got it 1198449510 Q * Infinito Quit: Quitte 1198451011 M * AStorm it seems the prepatch applies almost cleanly to 2.6.24-rc7-pre ;> 1198451028 M * AStorm only minor rejects 1198451316 M * AStorm why the long version number of 2.2.0.5.0.2? 1198451611 M * Bertl that is the pre identifier 1198451627 M * user2008 Bertl, I remake kernel 1198451635 M * user2008 with turned off api 1198451641 M * user2008 reboot machine 1198451645 M * AStorm Bertl: hehe 1198451650 M * user2008 and vtop is not working 1198451654 M * user2008 the same mistake 1198451659 M * AStorm I wonder, why the CLONE_KTHREAD flag was added 1198451673 M * AStorm user2008: and you forgot to mount /boot after you made the kernel? :> 1198451682 M * user2008 not 1198451718 M * user2008 kernel /boot/vmlinuz-2.6.22.9-vs2.2.0.4 1198451724 M * user2008 initrd /boot/initrd-2.6.22.9-vs2.2.0.4.img 1198451728 M * user2008 all files are there 1198451781 M * AStorm and dates are correct? 1198451809 M * AStorm Bertl: someone should push to the Linus some capability split :-) 1198451821 M * AStorm because some of the VX caps are really good 1198451835 M * user2008 yes, dates are correct 1198451882 M * user2008 when i turn off api in menuconfig i directly type "make && make config" 1198451903 M * user2008 after all stuff had been processed it wrotes new files to /boot 1198451920 M * user2008 i check if grub conf is ok and rebooted server 1198451941 M * AStorm hmm 1198451945 M * user2008 maybe util-vserver re-install? 1198451947 M * AStorm which v. of util-linux do you have? 1198451953 M * AStorm *util-vserver obviously 1198451954 M * AStorm ;P 1198451954 M * user2008 or try to clean all 1198451970 M * user2008 make clean in kernel install dir 1198451981 M * user2008 util-vserver i386 0.30.212-3.fc7 1198451989 M * user2008 installed via yum 1198451990 M * AStorm hm, current 1198452002 M * user2008 but it was installed BEFORE kernel 1198452102 M * Bertl AStorm: feel free to do so :) 1198452135 M * Bertl user2008: you might want to update to 0.30.214 1198452207 M * Bertl user2008: also check that you booted the new kernel (should have a # larger than the one before) 1198452210 M * user2008 where did i get it? yum install 212 1198452212 M * AStorm Bertl: I'll do so, because I'm fan of POSIX(-like) capabilities and their use 1198452296 M * user2008 right now it is #2 1198452323 M * user2008 1st time i compiled kernek with api on and right now with "off". 1198452330 M * Bertl grep LEGACY .config 1198452331 M * user2008 i suppose this number is right 1198452346 J * friendly12345 ~friendly@ppp121-44-206-97.lns3.mel4.internode.on.net 1198452348 M * AStorm or better: zgrep LEGACY /proc/config.gz 1198452348 M * Bertl (you should not get any results there, in the kernel source tree) 1198452369 Q * yarihm Quit: Leaving 1198452381 M * user2008 # zgrep LEGACY /proc/config.gz 1198452381 M * user2008 gzip: /proc/config.gz: No such file or directory 1198452423 M * user2008 there are two config-* files in /boot 1198452437 M * user2008 but noone of them are for 2.6.22.9 1198452456 M * AStorm user2008: and what about /proc/config 1198452474 M * AStorm weird, someone not enabling config store option :> 1198452486 M * user2008 maybe i am 1198452497 M * user2008 should i enable it? 1198452509 M * user2008 no such file - /proc/config 1198452512 Q * kwowt 1198452599 M * user2008 so, what's next 1198452660 J * yarihm ~yarihm@196-46-239-77-pool.cable.fcom.ch 1198452709 M * AStorm user2008: yes, enable that, it's a good debugging tool 1198452718 M * user2008 ok 1198452764 M * AStorm should be in General Setup 1198452771 M * user2008 hm 1198452786 M * user2008 kernel .config support - it is ON 1198452802 M * user2008 Enable access to .config through /proc/config.gz - also ON 1198452819 N * BobR BobR_oO 1198452858 M * AStorm hmm, so /proc/config.gz should be available 1198452866 M * AStorm then... wtf? 1198452890 M * user2008 i will try to clean all 1198452896 M * user2008 and start from 0 1198452906 M * daniel_hozac uname -a does show 2.6.22.9..., right? 1198452951 M * user2008 sorry 1198452953 M * user2008 i was wrong 1198452982 M * user2008 i've looked at wrong kernel source 1198452998 M * AStorm exactly, might be an ID10T problem 1198453010 M * AStorm sometimes happens 1198453424 M * Hollow daniel_hozac: do you have something to look at fpr the config library? iirc you mentioned a patch? 1198453441 M * daniel_hozac the config library is still vaporware. 1198453454 M * daniel_hozac i wrote a vserver ... config thing a long time ago, that has a patch. 1198453456 M * Hollow ok .. i was thinking about how the api could look the other day 1198453495 M * daniel_hozac oh? what was your conclusion? 1198453537 M * Hollow well .. no real conclusion .. :) 1198453559 M * Hollow my main point was how the nesting could be done in a sane way 1198453573 M * Hollow especially with backends like sql or so 1198453678 M * daniel_hozac and what did you come up with? 1198453746 M * Hollow i think either do it like vcd (provide a method for every possible configuration option), but this would break SONAME pretty soon i guess 1198453807 M * Hollow otoh, if the api would be more general i see problems with database backends 1198453822 M * daniel_hozac how so+ 1198453867 M * Hollow maybe i just think too complicated ;) 1198453891 M * Hollow but you somehow have to "flatten" the config tree for a database 1198453896 M * daniel_hozac right. 1198453916 M * daniel_hozac my plan was essentially to just have the name be /rlimits/rss.hard or whatever. 1198453939 M * daniel_hozac then the backend can do what it wants with it, so e.g. SQL backends would just use that as the key. 1198454014 M * Hollow yeah .. probably the best idea .. it's too complicated to convert that into a "real" RDBM schema 1198454028 M * Hollow just use dbm like storage for sql backend or so 1198454045 M * Hollow key<->value in one table or sth like that 1198454053 M * daniel_hozac yeah. 1198454070 M * daniel_hozac for LDAP, it might be interesting to actually parse the structure. 1198454112 M * Hollow that shouldn't be too hard i think .. 1198454220 M * Hollow so the api is basically a simple get/set wrapper for the backends 1198454337 M * AStorm I wonder just how well unionfs plays w/ CoW 1198454351 M * AStorm or, whether squashfs supports that