1218413130 J * FireEgl FireEgl@adsl-17-169-34.bhm.bellsouth.net 1218413261 J * mattzerah ~matt@pool2-14.dyn.winshop.com.au 1218413324 Q * mattzerah Remote host closed the connection 1218414599 J * doener ~doener@i577BABD6.versanet.de 1218414702 Q * doener_ Ping timeout: 480 seconds 1218416675 Q * xdr Ping timeout: 480 seconds 1218417278 M * Bertl_oO off to bed now ... have a good one everyone! 1218417284 N * Bertl_oO Bertl_zZ 1218422462 J * derjohn_foo ~aj@p5B23D672.dip.t-dialin.net 1218422896 Q * derjohn_mob Ping timeout: 480 seconds 1218426500 Q * x_ Ping timeout: 480 seconds 1218426583 J * x_ ~x@91-113-31-93.adsl.highway.telekom.at 1218431686 J * ntrs ~ntrs@77.29.79.166 1218433490 J * cryptronic ~oli@p54A383C3.dip0.t-ipconnect.de 1218435634 Q * larsivi Quit: Konversation terminated! 1218436115 Q * SpComb Ping timeout: 480 seconds 1218437368 M * padde nice propaganda :) http://www.slideshare.net/bligneri/comparison-of-open-source-virtualization-technology/ 1218437490 J * SpComb terom@zapotek.paivola.fi 1218438312 J * larsivi ~larsivi@85.221.53.194 1218439648 J * ntrs_ ~ntrs@77.29.70.241 1218440096 Q * ntrs Ping timeout: 480 seconds 1218440227 Q * derjohn_foo Ping timeout: 480 seconds 1218440883 J * wibble wibble@vortex.ukshells.co.uk 1218441342 J * infowolfe ~infowolfe@c-67-160-149-42.hsd1.or.comcast.net 1218441361 J * loddafnir ~mike@193.170.48.107 1218441768 J * pisco_ ~pisco@tor.noreply.org 1218442220 J * dna ~dna@193-214-dsl.kielnet.net 1218442856 Q * ntrs_ Ping timeout: 480 seconds 1218446085 J * xdr ~xdr@gote2.245.cust.blixtvik.net 1218446317 N * DoberMann[ZZZzzz] DoberMann 1218447006 J * dna_ ~dna@215-234-dsl.kielnet.net 1218447345 Q * dna Ping timeout: 480 seconds 1218448351 J * balbir ~balbir@59.145.136.1 1218450212 J * Blissex ~Blissex@82-69-39-138.dsl.in-addr.zen.co.uk 1218450484 J * pisco__ ~pisco@tor.noreply.org 1218450795 Q * pisco_ Ping timeout: 480 seconds 1218450904 J * friendly ~friendly@ppp59-167-89-100.lns2.mel6.internode.on.net 1218452486 Q * pmenier Ping timeout: 480 seconds 1218452513 J * pmenier ~pmenier@ACaen-152-1-104-233.w83-115.abo.wanadoo.fr 1218455126 Q * x_ Read error: Connection reset by peer 1218455511 Q * mcp Read error: Connection reset by peer 1218455817 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1218456638 N * Bertl_zZ Bertl 1218456642 M * Bertl morning folks! 1218456736 Q * dna_ Ping timeout: 480 seconds 1218456759 Q * Aiken Remote host closed the connection 1218456790 M * Bertl padde: yep 1218456848 J * yarihm ~yarihm@guest-docking-nat-1-056.ethz.ch 1218457188 J * docelic ~docelic@78.134.197.71 1218457206 Q * friendly Ping timeout: 480 seconds 1218458103 N * ensc Guest1216 1218458103 Q * Guest1216 Remote host closed the connection 1218458113 J * ensc ~irc-ensc@77.235.182.26 1218458307 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1218459443 J * mcp ~hightower@wolk-project.de 1218460402 Q * sharkjaw Remote host closed the connection 1218460595 J * docelic_ ~docelic@78.134.202.151 1218461006 Q * docelic Ping timeout: 480 seconds 1218461588 Q * docelic_ Quit: http://www.spinlocksolutions.com/ 1218461616 J * docelic ~docelic@78.134.202.151 1218462347 J * weeble ~weeble@81.52.144.1 1218462380 M * weeble Hey all. Had a couple of kernel panics, and wondering if anyone can help me find out what is causing them. :) 1218462398 M * daniel_hozac do you have the traces? 1218462413 M * weeble I have the junk that got spat out in the logs.... 1218462416 M * weeble EIP, and all that 1218462429 M * weeble Is that any good? 1218462553 M * weeble What's the paste place here? 1218462577 M * daniel_hozac paste.linux-vserver.org 1218462606 M * weeble http://paste.linux-vserver.org/12354 1218462612 M * weeble (Damn, so close to 12345) 1218462745 M * daniel_hozac that looks a lot like a bug we fixed a long time ago. 1218462752 M * daniel_hozac try a recent kernel. 1218462818 M * weeble I've been running that kernel for ages with no problems, and then 2 oopses in 1 day? 1218462822 M * weeble I'll grab a new one though 1218462827 M * Bertl yep, indeed .. looks like an older one 1218462881 Q * larsivi Ping timeout: 480 seconds 1218462916 M * weeble What causes it, out of interest? 1218462964 M * Bertl do you have your kernel source at hand 1218462968 M * weeble My current kernel is 2.6.20-vs2.2.0, but the "newest" Gentoo one is sys-kernel/vserver-sources-2.2.0.6? 1218462973 M * weeble Yep 1218462974 M * weeble I do 1218462985 M * Bertl check line 200 in kernel/vserver/context.c 1218462993 M * Bertl (as indicated by the trace) 1218463066 M * Bertl it is obviously triggered by the vshelper/kernel helper which is invoked as response to a shutdown/restart/reboot 1218463096 M * Bertl (or to be precise, at the same time :) 1218463326 M * rcatwood :-( 1218463346 M * Bertl rcatwood: hmm? 1218463353 M * rcatwood whats the syntax to delete vserver whose rootdir is in a directory other than /vservers ? 1218463367 M * daniel_hozac vserver delete, just like any other. 1218463384 M * rcatwood Root-directory '/vservers' does not exist or is invalid 1218463416 M * rcatwood is what I get, it did not completely install though something wrong (that I may also ask about once I've got rid of it and try again) 1218463438 M * Bertl util-vserver version? 1218463467 M * rcatwood This program is part of util-vserver 0.30.214 1218463481 M * daniel_hozac why did you configure the utils to use /vservers, if you're not going to keep any guests there? 1218463533 M * rcatwood daniel_hozac: I jsut follow instructions! 1218463551 M * Bertl guess it was installed by a distro manager or so 1218463565 M * daniel_hozac then the directory would've been created. 1218463583 M * Bertl hmm, true ... 1218463613 M * weeble Bertl/daniel_hozac - In Gentoo, I've got the choice of 2.2.0.6, 2.2.0.7, 2.3.0.29 and 2.3.0.34 - is there a preferred version? Or is it safer to get a vanilla kernel, and patch manually? 1218463663 M * daniel_hozac 2.2.0.7 or 2.3.0.34. 1218463692 M * weeble I'll be prudent, and go for 2.2.0.7 1218463693 M * weeble :) 1218463704 M * rcatwood http://linux-vserver.org/Installation_on_Linux_2.6 <-- just followed the instructions :-( 1218463719 M * daniel_hozac rcatwood: obviously not, as make install of util-vserver creates /vservers... 1218463818 M * daniel_hozac or well, make install-distribution, which make install outputs a lot of messages about... 1218463847 M * rcatwood http://linux-vserver.org/Installing_Ubuntu_on_Debian#Build_32-bit_guest_on_64-bit_host 1218463890 M * Bertl rcatwood: to make it short, util-vserver needs a root dir, so your options are: 1218463905 M * Bertl - create the /vservers dir (you can still place the guests somewhere else) 1218463917 M * Bertl - reconfigure the utils to use a different path 1218463948 M * Bertl in any case, make sure to install the runlevel scripts (make install-distribution) and friends, otherwise it won't work next time you bootup 1218463962 M * weeble - or just symlink /vservers to somewhere else? 1218463972 M * weeble Or does that break the barriers? 1218464007 A * weeble didn't read the question - sorry 1218464007 M * Bertl barrier has to be on /path/to/guest/.. ('..' literally) 1218464111 M * weeble I never understood why that was, but hey. :) 1218464139 M * Bertl it is quite simple, the guest sees the /path/to/guest as /, right? 1218464145 M * weeble Yep 1218464161 M * Bertl and the barrier has to be _right_ above that, to block moving outside 1218464184 M * Bertl and the best way to get there is the beforementioned .. 1218464235 M * weeble So if my structure is /home/vservers/vserver1, why can't I just set it on /home/vservers/, rather than /home/vservers/guest/.. ? 1218464239 M * rcatwood ok, the actaul problem now ... never mind , I figured out. 1218464297 M * Bertl weeble: you can, but what if /home/vservers is a link somewhere? or a separate mount or some vfs magic? 1218464317 M * weeble Then it's my own stupid fault :) 1218464328 M * Bertl weeble: entering the guest dir, and moving one up again will ensure that you get the right one :) 1218464333 M * weeble OK 1218464339 M * weeble Actually, it is a mount 1218464339 M * rcatwood --arch needed to be specified even when not wanting i386, it did not default to 64 bits 1218464349 M * weeble So that means I haven't been protecting it? 1218464351 M * rcatwood I am nto sure what it was trying to do though ... 1218464489 Q * Blissex Remote host closed the connection 1218464517 M * rcatwood I think because uname -m returns x86_64 but some layer of building wants the specifier amd64 instead ? 1218464605 M * Bertl rcatwood: you are trying to setup a debian/ubuntu guest, yes? 1218464624 M * rcatwood Bertl: correct, debian on a redhat host :-/ 1218464660 M * Bertl okay, yes, then better always specify the arch, as debian uses amd64 instead of the more common x86_64 1218464671 M * rcatwood Bertl: seems to be running now, I only setup a 32 bits one before and it worked , when altering the command to NOT specify --arch it didnt work :-( 1218464717 M * rcatwood Bertl: Ok .. it seems to work now :-) 1218464739 M * Bertl excellent! might want to add that to the debian/ubuntu guest pages 1218465016 J * ntrs_ ~ntrs@77.29.66.227 1218465077 M * rcatwood sorry .. does vapt-get require that the guest be able to connect to internet? 1218465098 M * daniel_hozac yes. 1218465137 M * weeble OK, am on 2.2.0.7 now. Hopefully that's sorted that. :) 1218465313 M * rcatwood aha 1218465339 M * Bertl rcatwood: but you can use iptables and SNAT to give temporary access 1218465381 M * rcatwood Bertl: yes I jsut thought maybe there was a way to do it from the host without requirng that. 1218465431 M * Bertl if you know that no scripts will be run (which schould be executed inside the guest) you can use apt-get and specify the chroot dir 1218465462 M * rcatwood Bertl:probably more trouble (on readhat host) than doign iptables! 1218465596 Q * ntrs_ Ping timeout: 480 seconds 1218465884 M * rcatwood Wheee! 1218466303 J * geb ~geb@AOrleans-151-1-86-76.w90-21.abo.wanadoo.fr 1218466478 M * weeble Does anyone else find it retarded that you can't bind <1024 unless you're root? 1218466491 M * weeble That's probably the cause of more problems security-wise 1218466502 A * weeble hatesss it, my precious. 1218466525 M * daniel_hozac unless you have CAP_NET_BIND_SERVICE, you mean. 1218466528 M * Bertl well, it's a good idea to know that ports below 1024 do not belong to an arbitrary user :) 1218466560 M * Bertl (and thus, cannot be stolen or such) 1218466572 M * weeble But in this day and age of GRSec/Selinux, and it being very easy to run a box yourself, why is it "a good idea"? 1218466599 M * weeble If I see userx is bound to tcp/80, I kill their process, and start Apache, and tell them not to do it again 1218466618 M * weeble If I really want to make sure, I use GRsec, or some RBAC 1218466622 M * Bertl weeble: consider you open your box for user joe, and user joe sets up a program to wait till your sshd is restarted, then binds port 22 :) 1218466627 M * geb hi 1218466632 M * weeble (This is a general rant, not vserver related btw) 1218466645 M * weeble Bertl, that's a tiny window of opportunity 1218466654 M * weeble And I'd kick joe's ass. 1218466666 M * Bertl once you got back control over the host, that is :) 1218466675 M * weeble Either you've got trusted users, or you use GRSec or something like that. 1218466704 M * Bertl so you would configure grsec to deny binding ports below 1024 for users, what would be the advantage? :) 1218466711 J * dowdle ~dowdle@scott.coe.montana.edu 1218466719 M * Bertl hey geb! 1218466720 M * weeble I just think that requiring programmers to run as root (blech) just to drop privs is more hassle than it's worth 1218466741 M * Bertl well, you don't need that on linux 1218466762 M * geb hello Bertl 1218466771 M * weeble Bertl, if I had a box with untrusted users, I'd use GRSec, sure. If I trust my users (i.e. they're colleagues, friends, etc), then they shouldn't be arsing around. 1218466784 Q * balbir Ping timeout: 480 seconds 1218466792 M * daniel_hozac you don't know they're the one using the account. 1218466823 M * weeble I run SSH on ports >1024 anyway, so that doesn't help me. 1218466884 M * weeble I hear what you're saying, but it's a tiny window of opportunity 1218466927 M * daniel_hozac not really. 1218466949 M * Bertl no idea why you would do that, but yeah, bad idea unless you prevent stealing that port via grsec or so 1218467291 M * rcatwood Bertl: daniel_hozac: Thanks! its all working now! :-) 1218467711 M * rcatwood except .... 1218467743 M * Bertl yep? 1218467794 M * rcatwood I put /dev/shm in the host /etc/vservers//fstab just like on the 32 bit guest, but it seems not to be mounted in the new guest 1218467855 M * rcatwood o wait, maybe the mount poitn was not created ... 1218467879 J * derjohn_mob ~aj@80.69.42.218 1218467904 M * rcatwood yes, thats it ... 1218467926 M * Bertl good! so everything fine now? 1218467938 M * Bertl and, how is Linux-VServer for you? 1218467944 M * rcatwood seems to be 1218467983 M * rcatwood It is doign the trick , enabling clean build of software on fast machine to run on slow machine :-) 1218468067 M * rcatwood building 'ardour' audio studio takes 2m26s instead of hour or so on my laptop , but it runs on debian 32 bits laptop... 1218468164 M * rcatwood I am sure it will be useful for some ohter things too. 1218468267 N * DoberMann DoberMann[PullA] 1218468268 J * hparker hparker@linux.homershut.net 1218468273 M * rcatwood the application works within the vserver also, but sofar only using 'dummy' audio driver ;-) 1218468389 M * Bertl well, if you have an actual audio device, you might be able to copy it into the guest (or bind mount the alsa trr) 1218468439 M * rcatwood Bertl: well, not really, nobody's listening up in teh server room ;-) any problems with the laptop hardware could probably not be debugged on server as it has different hardware I think. 1218468585 M * Bertl hmm, okay, what's the pupose of the audio then anyways? 1218468750 M * rcatwood Bertl: well the application is audio specific, just want to chekc that it actually runs after building, before downloading. If no audio is activated the application refuses to start 1218468773 M * Bertl ah, smart application :) 1218468797 M * Bertl okay, have to grab some groceries ... bbl 1218468799 M * rcatwood so just for testing you see, once downloaded to a mahcine with real audio it then works so far 1218468804 N * Bertl Bertl_oO 1218468814 M * rcatwood Thanks again! by for now. 1218469246 J * fatgoose ~samuel@98.80.modemcable.oricom.ca 1218470291 Q * ktwilight Quit: dead 1218470415 J * ktwilight ~ktwilight@180.98-66-87.adsl-dyn.isp.belgacom.be 1218471010 Q * phedny_ Ping timeout: 480 seconds 1218471384 N * phedny Guest1245 1218471389 J * phedny ~mark@2001:610:656::115 1218471732 J * ntrs ~ntrs@77.29.68.224 1218471761 J * jeringa ~jeringa@nat-124-249.guardian.co.uk 1218471846 M * jeringa Could some kind soul please point me in the direction of some docs on how to build a SPARC vsersion of linux-image-2.6.25-2-vserver-686 1218471861 Q * geb Ping timeout: 480 seconds 1218471922 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1218472082 Q * derjohn_mob Ping timeout: 480 seconds 1218472690 J * nebuchadnezzar ~dad@zion.asgardr.info 1218472694 M * nebuchadnezzar hello 1218472790 M * nebuchadnezzar I try to put some vserver in a kvm machine, I got the following error: vc_migrate_context(): Function not implemented 1218472790 M * nebuchadnezzar /proc/uptime can not be accessed 1218472887 M * nebuchadnezzar http://pastebin.com/m11864d6 <-- some more informations 1218473019 Q * yarihm Quit: Leaving 1218473040 M * daniel_hozac and you sure you patched the kernel right? 1218473065 M * nebuchadnezzar sure, I have the linux-vserver configuration option in make menuconfig 1218473115 M * nebuchadnezzar it's a kvm with virtio support, so no network card, no block device 1218473130 M * daniel_hozac virtio is still a network card and a block device. 1218473164 M * nebuchadnezzar ok 1218473178 M * daniel_hozac so it's just 2.6.25.11 with 2.3.0.34.14, right? 1218473182 M * daniel_hozac nothing else? 1218473199 M * nebuchadnezzar nothing else 1218473206 M * nebuchadnezzar upstream 2.6.25.11 1218473226 M * nebuchadnezzar util-vserver 0.30.216~r2750-3 from sid 1218473251 M * daniel_hozac ah, well, you want 0.30.215. 1218473272 M * nebuchadnezzar ok 1218473413 M * nebuchadnezzar it's not on debian archive any more :-/ 1218473415 J * larsivi ~larsivi@221.80-202-217.nextgentel.com 1218473547 M * nebuchadnezzar daniel_hozac: 0.30.214 is ok ? 1218473558 M * daniel_hozac no 1218473681 J * dna ~dna@227-204-dsl.kielnet.net 1218474534 J * geb ~geb@AOrleans-151-1-86-76.w90-21.abo.wanadoo.fr 1218474572 M * nebuchadnezzar daniel_hozac: ok, with 0.30.215 it works fine 1218474627 J * balbir ~balbir@122.167.246.62 1218474636 M * john hi, is it possible for a vserver to disable a NIC ? 1218474688 M * daniel_hozac not unless you've given it way too many capabilities, or configured the guest wrong. 1218474714 M * john I may have configured the guest wrong 1218474728 N * Bertl_oO Bertl 1218474733 M * Bertl back now .. 1218474738 M * nebuchadnezzar hi Bertl 1218474739 M * john hi Bertl 1218474740 M * Bertl john: what do you observe? 1218474820 M * john Bertl: I'll do it now and paste it wait a sec 1218474844 M * Bertl daniel_hozac: what is the problem with 0.30.216~r* 1218474853 M * john http://pastebin.com/m40e29b1a 1218474865 M * john Bertl: then it just freezes, the host is unreachable 1218474893 M * john Bertl: I don't have physical access to the server so I don't know if it really is frozen or if the NIC is down or something else 1218474894 M * daniel_hozac Bertl: it uses pid namespaces if VS-API >= 0x00020303. 1218474911 M * john Bertl: all I know is that the host is only reachable after a reboot 1218474912 Q * Pazzo Quit: Ex-Chat 1218474921 M * Bertl daniel_hozac: hmm, shouldn't that be > 0x00020303 ? 1218474939 M * Bertl daniel_hozac: IIRC, we agreed to make the pid space switch 020304, no? 1218474958 M * daniel_hozac that was after i added the support to util-vserver. 1218474971 M * daniel_hozac and since you said it'd get merged soon enough, i figured i'd just leave it for now. 1218474983 M * daniel_hozac john: # 1218474985 M * daniel_hozac RTNETLINK answers: File exists 1218474989 M * Bertl john: well, first of all, you want to disable a bunch of init scripts you don'T need 1218474991 M * daniel_hozac your guest is using the host's IP address 1218475005 M * john daniel_hozac: yes that is what I want 1218475012 M * daniel_hozac then set nodev. 1218475021 M * Bertl john: fine, but you also configured a device 1218475045 M * Bertl which means, bring that ip up when the guest is started, and down on shutdown 1218475055 M * Bertl (which is exactly what happens) 1218475064 M * john ah ... 1218475071 M * john thought it might be that ;) 1218475081 M * john where can I set the nodev option ? 1218475088 M * john I'm totally new to vserver 1218475098 M * Bertl remove the 'dev' file, and touch a file 'nodev' there instead 1218475119 M * Bertl /etc/vservers//interfaces/0 1218475133 M * john rebooting the host now ;) 1218475164 M * jeringa Could someone please tell me where the 2.6.25 vserver patches are? 1218475170 M * jeringa pretty please? 1218475171 M * Bertl on a sidenote: you are sure you want to assign the address to the guest, and not just use it via SNAT? 1218475194 M * daniel_hozac jeringa: same as always, http://vserver.13thfloor.at/Experimental/ 1218475217 M * jeringa daniel_hozac: Cheers mate 1218475221 M * john the vserver will eventually have it's own IP so I'd like to avoid configuring services based on a specific ip address 1218475230 M * john I let the services in the vserver bind to all interfaces 1218475267 M * daniel_hozac and you wouldn't do it any differently. 1218475317 M * john daniel_hozac: do you have a link that I could read explaining all this ? the differences between the 2 solutions ? 1218475366 M * Bertl john: binding to 0.0.0.0 (IP_ADDR_ANY) inside a guest will automatically be mapped to the _assigned_ IPs 1218475391 M * Bertl john: if that, for example, is a private IP, that binding is what you'll get 1218475394 M * john but I'd need to specify a private ip 1218475400 M * john and setup nat on the host 1218475405 M * daniel_hozac in the _guest's_ configuration. 1218475408 M * daniel_hozac not on the guest. 1218475410 M * Bertl in the guest config yes, and on the host, too 1218475417 M * Bertl not inside the guest 1218475430 M * john I decided to tryout vserver instead of vmware because I could share the network device 1218475453 M * Bertl feel free to do so, it works perfectly fine 1218475479 M * Bertl the drawback is not from the solution per se, but from the fact that the host and guest might compete about ports 1218475499 M * john the server hosting company I use don't allow vmware bridging which is why I decided to try out vserver 1218475499 M * Bertl i.e. guest waits for host sshd to restart, and then binds port 22 1218475537 M * john I'm conscious of the disadvantages as far as port sharing is concerned. I should have an extra 5 ips on the host by the end of august 1218475558 M * john 'till then I was thinking of sticking to the vserver serverX enter command 1218475566 M * Bertl an alternative setup, which would handle all that (current and future setup) is 1218475582 M * Bertl - give a private ip to each guest, e.g. 192.168.42.1-5 1218475594 M * Bertl - have a SNAT rule convering all outgoing traffic 1218475612 M * Bertl - have a DNAT rule from the public ip/port to the private ip/port for incoming 1218475640 M * Bertl when a guest gets a public ip different from the host, all you need to change are the DNAT rule(S) 1218475663 M * Bertl and as additional benefit, you have complete controlover open ports 1218475711 M * Bertl note: there is no preferred way to do it, whatevery suits you best is the way to go :) 1218475719 M * Bertl -y 1218475801 A * john thinks :) 1218475842 M * john I was thinking of adding an extra interface to each guest anyway with private ips so I could access them all via a site to site vpn from home 1218475892 M * john I suppose I can set up different network configs for different needs anyway 1218475917 M * john I intend running among other things an asterisk server which I definitly want to avoid nat with 1218476325 M * john Bertl: I set nodev and I can now turn off vservers. thanks ! :) 1218476333 M * Bertl you're welcome! 1218476349 M * john I'm going to think a bit more before I go ahead with changing the way I intend to network the vservers 1218476377 M * john Bertl: you mentionned that I should clean up my init scripts, what made you say that ? 1218476396 M * Bertl lines 10-26 1218476432 M * john guess that would be a good enough reason :p 1218476436 M * john I'll take a look at it 1218476441 M * Bertl you are startng syslog, klogd (unnecessary), and crond 1218476454 M * john whats wrong with crond ? 1218476455 M * Bertl those are the only scripts you want to shutdown 1218476476 M * Bertl no network down, no hwclock saving, no filesystem unmount, etc 1218476495 M * Bertl not to speak of swap and similar 1218476505 P * jeringa Kopete 0.12.7 : http://kopete.kde.org 1218476519 M * Bertl (all those things fail anyways, so they are just noise and delay) 1218476675 M * john ok 1218476767 M * john is it easy to setup a private lan on a host for vservers ? 1218476839 M * geb there is a doc on the wiki 1218476841 M * Bertl it's in no way different from setting up a private lan on a host 1218476876 M * john geb: thanks I'll check it out 1218476885 M * geb http://linux-vserver.org/Networking_vserver_guests 1218476935 Q * mcp Remote host closed the connection 1218476943 M * john ah ok it uses a dummy interface 1218476953 J * mcp ~hightower@wolk-project.de 1218476996 M * Bertl john: not necessarily, you can put them on eth0 as well 1218477108 M * john and end with eth0:0 device names ? 1218477158 M * Bertl if you prefer that, of course 1218477189 M * Bertl normally aliases are not used anymore 1218477208 M * john I use openwrt so I have bad habits :p 1218478260 J * docelic_ ~docelic@78.134.204.86 1218478371 Q * docelic Ping timeout: 480 seconds 1218479946 Q * hparker Ping timeout: 480 seconds 1218480565 Q * dna Quit: Verlassend 1218483103 J * hparker hparker@linux.homershut.net 1218483265 Q * pisco__ Ping timeout: 480 seconds 1218483594 M * fluor any news on the potential inclusion of vserver in Debian Lenny? 1218483956 M * Bertl did you test the patches? 1218484035 J * pisco ~pisco@tor.noreply.org 1218484437 M * fluor Bertl: no, where are they? 1218484450 M * fluor Bertl: I'd be more than happy to help, if there's anything to do 1218484453 M * Bertl http://vserver.13thfloor.at/Experimental/ 1218484471 M * Bertl take the pre3-donotuse for debian 2.6.26 kernels 1218484483 M * Bertl xfs and ext4 needs to be disabled for now 1218484819 M * fluor Bertl: ok, thank you 1218484842 M * fluor Bertl: is it somehow "safe", or totally experimental still? 1218484866 M * fluor Bertl: also, in what areas are regressions/weird things expected? 1218484936 M * Bertl it is experimental, but it looked good so far 1218484953 M * Bertl needs some cleanups, and I'm still waiting for some comments from daniel_hozac 1218485227 M * fluor Bertl: thanks, I'll give it a shot 1218485232 M * micah where does kernel console messages go in a guest? 1218485241 M * Bertl fluor: thank you for testing! 1218485251 M * Bertl micah: define console messages 1218485267 M * micah for example, input and output of the init process... spits out an error message, usually goes to the kernel console 1218485286 M * daniel_hozac nowhere. 1218485289 M * micah what happens to the stdio for the child inits? 1218485307 M * fluor Bertl: I'm afraid it'll take me a bit to adapt, though, since latest patchset I've used is the one provided with Debian kernel 2.6.22-3, and 2.6.25 has brought in the 2.3 branch AFAIK 1218485310 M * micah nowhere? is that a good thing? :) 1218485397 M * Bertl well, it really depends on how init logs 1218485460 M * micah i dont know how the 'fakeinit' or 'plain' initstyles in vserver log 1218485576 M * Bertl we need to define fakeinit there 1218485589 M * Bertl but plain init logging depends on the init process 1218485606 M * Bertl if that process writes to /some/place/init.log, that will be the log 1218485615 M * micah i assumed that 'fakeinit' was the init that you got when you did not specify one in apps/init/style 1218485661 M * Bertl there is sysv and plain init (there is also the gentoo init style) 1218485673 M * Bertl sysv 'just' executes the scripts 1218485681 M * micah right, got it 1218485685 M * Bertl plain 'just' starts init inside the guest 1218485705 M * Bertl stdin/out is not connected on the plain init style AFAIK 1218485839 M * micah ok 1218485886 Q * pisco Remote host closed the connection 1218485905 M * micah now I have my terms straight 1218486753 J * pisco ~pisco@tor.noreply.org 1218486829 J * ViRUS ~mp@p579B4FA9.dip.t-dialin.net 1218486850 M * Bertl micah: to debug your init ... you probably best use strace -fF -o init.trace for that 1218486923 M * micah yeah 1218486990 M * SpComb micah: if you do `vserver foo start` from a console, then the init's stdin/out/err is inherited from the vserver command 1218486997 M * SpComb so it's your console's stdin/out/err 1218487524 M * john hi again, I don't seem to be able to install a 32bit etch in a vserver on my 64bit host. here is the installation command I used : vserver zimbra1 build -m debootstrap --hostname zimbra1.nurvnet.org --interface dummy0:10.1.0.3/16 -- -d etch -m http://ftp.fr.debian.org/debian -- --arch i386 1218487529 M * john is it wrong ? 1218487553 M * john the installed vserver is running 64 bit 1218487567 M * daniel_hozac what makes you say that? 1218487609 M * micah SpComb: thanks, yeah 1218487611 M * john I just tried installing zimbra and here is part of the message I got : 1218487613 M * john You appear to be installing packages on a platform different 1218487613 M * john than the platform for which they were built. 1218487613 M * john This platform is DEBIAN4.0_64 1218487613 M * john Packages found: DEBIAN4.0 1218487618 J * Alteisen alteisen@shell.chaostreff-dortmund.de 1218487670 M * daniel_hozac did you set the linux32 personality, or set uts/machine to the appropriate value? 1218487697 M * Alteisen hi @all 1218487702 M * john if you look at the very end of my debootstrap command you can see that I set "--arch i386" 1218487710 M * john I thought that was enough 1218487722 M * daniel_hozac no, that just tells debootstrap to get i386 packages. 1218487737 M * Bertl Alteisen: hi 1218487764 M * john so I'm not running a 32bit debian guest then ? 1218487875 M * john is it possible to do what I want ? 1218487918 M * john or would that require running a seperate kernel which I guess would mean using some other solution then vserver 1218487955 M * daniel_hozac what do you want? 1218487962 M * daniel_hozac you already have a guest with 32-bit binaries. 1218487963 M * Alteisen does vserver patch 2.2.0.7 also work with linux kernel newer than 2.6.22.19? 1218487972 M * daniel_hozac Alteisen: newer 2.6.22 kernels, sure. 1218487978 M * john daniel_hozac: so why does zimbra say that it is running on a 64bit host 1218487990 M * daniel_hozac because uname still says it's 64-bit. 1218487996 M * john ok 1218487999 M * daniel_hozac set the personality to linux32, and it won't be able to tell. 1218488039 J * lilalinux ~plasma@80.69.41.3 1218488050 M * Alteisen daniel_hozac: hmhm, my question was more into direction of kernel 2.6.24 or higher... 1218488067 M * daniel_hozac that requires different patches. 1218488071 M * daniel_hozac http://vserver.13thfloor.at/Experimental/ 1218488214 A * john digs vserver, liking it more and more ! 1218488215 Q * fatgoose Quit: fatgoose 1218488408 M * Alteisen daniel_hozac: there are only vserver patches for current kernels with vs-2.3., but not with the stable vs-patch :-/ 1218488425 M * daniel_hozac because the patches are far from stable 1218488455 Q * lilalinux Remote host closed the connection 1218488480 M * Alteisen /Experimental is understandable for me ;-) 1218488482 M * Bertl Alteisen: 'Stable' means well tested (besides other things) 1218488506 M * Bertl patches for a kernel which changed a lot of things recently, cannot be stable yet 1218488520 M * Alteisen i had the hope, that someone provides stable vs patches to current kernels 1218488546 Q * bonbons Quit: Leaving 1218488626 M * Bertl Alteisen: how should that work/be possible? 1218488635 M * Bertl (I mean, without time travelling :) 1218488701 M * Alteisen don't know 1218488749 M * Alteisen 'current kernel' is perhaps to narrow from its meaning 1218488779 M * Alteisen i was thinking of 2.6.24 or .25 1218488834 M * Bertl 2.6.24 was completely broken in regard of virtualization 1218488849 M * Bertl 2.6.25 improved on that, and devel patches are available for that 1218488939 M * Alteisen i read between the lines that it would be better to stay with 2.6.22.x and the current vs-2.2.0.7 patch, as only vs-2.3.x is available for 2.6.25 kernels? 1218489033 J * Aiken ~Aiken@ppp118-208-125-138.lns4.bne4.internode.on.net 1218490141 J * derjohn_mob ~aj@e180202057.adsl.alicedsl.de 1218490270 M * Bertl Alteisen: if you want 'stable' then yes 1218490311 M * Alteisen i am just reading http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.25-7/changelog 1218490324 M * Alteisen vs-2.2.0.5 is included 1218490348 M * Alteisen but i am not quite sure if i want that packages 1218490357 M * daniel_hozac eh... it's not. 1218490418 M * Alteisen "* Update vserver patch to 2.2.0.5." 1218490515 M * daniel_hozac you see that's for 2.6.22-6, right? 1218490522 M * daniel_hozac i.e. it has absolutely nothing to do with 2.6.25... 1218490653 M * Alteisen now you are mentioning it... 1218490657 J * ntrs_ ~ntrs@77.29.77.245 1218490668 M * Alteisen i followed the changelog link on http://packages.debian.org/lenny/linux-image-2.6.25-2-vserver-686 1218490720 M * Alteisen why can't those debian people just use more verbose package names 1218490740 M * Bertl yeah, that would be nice, wouldn't it? 1218491031 Q * ntrs Ping timeout: 480 seconds 1218491205 Q * Alteisen Ping timeout: 480 seconds 1218491220 Q * FaUl Ping timeout: 480 seconds 1218491260 M * micah nenolod: see #debian-kernel 1218491285 M * nenolod i wasn't on -kernel :S 1218491295 J * Alteisen_ ~daniel@dtmd-4db258fc.pool.einsundeins.de 1218491314 M * micah Bertl: is it true that the most current 2.6.26 vserver patch is marked as 'dontuse'? 1218491323 M * Alteisen_ argh - my shell server is down 1218491356 M * Alteisen_ can someone please ping sh.ctdo.de? 1218491388 M * micah Alteisen_: From 208.99.192.58 icmp_seq=2 Time to live exceeded 1218491402 M * Alteisen_ sounds bad 1218491540 M * Alteisen_ it looks like a network breakdown... 1218491709 M * Alteisen_ ok folks - good night 1218491771 P * Alteisen_ ( falling of the cloud ) 1218491800 M * Bertl micah: yep, for now, we need some more feedback 1218491895 M * micah nenolod: so it sounds like some testing is in order, if its going to have a chance to get into debian 1218491931 M * Bertl it should get out of pre shortly, I guess 1218492801 M * fluor micah: how's that chance? 1218492838 M * fluor micah: any pointer for recent discussions on the matter on the debian side? 1218492910 M * micah fluor: the debian kernel people wont include it until it is at least out of 'dotuse' status 1218492941 J * fatgoose ~samuel@98.80.modemcable.oricom.ca 1218493538 M * nenolod micah, sounds fine 1218493887 M * fluor http://www.nabble.com/Bug-489387%3A-Please-do-not-replace-vserver-with-openvz.-to18899432.html#a18899432 1218494050 M * hparker o.O 1218494068 M * Bertl fluor: so bastian tested the pre3 and found that it doesn't work, or did I get that wrong? 1218494252 Q * cryptronic Quit: Leaving. 1218494305 Q * ntrs_ Ping timeout: 480 seconds 1218494655 M * fluor Bertl: I don't know, really, but as micah states, I'd rather think that the DONTUSE mention made him stay at a safe distance, when it comes to shipping the patch with the next 'stable' release 1218494674 M * Bertl as I said, will be gone shortly (working on it atm) 1218494684 M * fluor Bertl: that's great news - best of luck! 1218494722 M * fluor Bertl: I'm migrating back from OpenVZ to Linux-Vserver using 2.6.25, and I'll test the new patch when I'm done 1218494734 M * fluor (I tried OVZ for a week, and I'm done) 1218494764 M * fluor s/I'm done/I've had enough already 1218494801 M * Bertl interesting .. care to mention the differences you saw? 1218494862 M * Bertl after all, it's advertised as does everything and much more 1218494873 M * john does anyone here run openvpn in a vserver ? 1218494879 M * Bertl yep 1218494887 M * john how did you manage the tun/tap issue ? 1218494909 M * Bertl there is none, use persistant tun devices and fixed sets of IPs 1218494922 Q * xdr Read error: Connection reset by peer 1218494939 M * john Bertl: will vserver allow the guest to create the tun/tap device ? 1218494940 M * Bertl IIRC, recent util-vserver (svn?) has some kind of tun setup support too 1218494951 M * Bertl john: nope, not by default 1218494951 M * daniel_hozac the host creates it. 1218494956 M * daniel_hozac the guest just uses it. 1218494988 M * john ok I'll try it out, I'm sort of expecting to run in to an issue 1218494991 M * daniel_hozac 0.30.215+ supports tun/taps. 1218495011 M * fluor Bertl: I've had issues with the network isolation (venet) from the start 1218495027 M * daniel_hozac it's not isolation, it's virtualization. 1218495038 M * john daniel_hozac: damn I'm using 0.30.214.... 1218495040 M * fluor daniel_hozac: no, there's actually two options 1218495048 M * fluor daniel_hozac: you can either use venet or veth 1218495077 M * fluor veth brings virtualization, while I believe venet to be closer to what vserver does 1218495082 M * fluor only it doesn't work so well 1218495087 M * fluor and is nearly not documented at all, 1218495113 M * Bertl interesting ... 1218495117 M * fluor for everyone seems to use veth to do some funky mutualized hosting 1218495130 Q * _gh_ Quit: Client exiting 1218495132 M * fluor just like xen, w/o the overhead 1218495148 M * fluor so, first, it wouldn't let bind9 run properly, 1218495149 M * Bertl without the kernel overhead :) 1218495166 M * fluor or maybe the issue lies with bind, I couldn't really figure out 1218495200 M * fluor but it wouldn't act by the defaults, like allowing any query 1218495206 M * Bertl (you still have the network overhead) 1218495231 M * fluor instead, it would allow none, and one had to manually override everything to get the DNS server to actually serve any client 1218495256 M * fluor then, some VPS would not ping anymore, and would ping again once restarted, 1218495279 M * fluor then, I wouldn't be able to do reverse DNS lookups on my IPs, 1218495289 M * fluor for the requests would actually never come out of the VPS 1218495294 M * fluor (I checked with tcpdump) 1218495296 M * fluor etc. 1218495334 M * fluor plus it doesn't have vapt-get, vhashify and the most welcoming IRC channel 1218495336 M * Bertl the beauty of virtualized networking :) 1218495363 M * Bertl IIRC, dowdle is doing a good job at the OVZ channel (for whatever reason :) 1218495378 M * fluor so hell, I just decided to stick to here :) 1218495379 M * dowdle Bertl: Thank you. I'm trying to keep my mouth shut here. :) 1218495382 M * fluor yes, dowdle is very cool 1218495400 M * fluor dowdle: but the usecase for OVZ doesn't seem to meet mine 1218495403 J * xdr ~xdr@gote2.245.cust.blixtvik.net 1218495411 M * fluor I really think it's suited for mutualized hosting 1218495416 M * dowdle fluor: Yes. I'm glad both exist... and recommend both. 1218495421 M * micah what does that term mean "mutualized hosting"? 1218495444 M * dowdle I did actually mention Linux-VServer quite a bit at the OpenVZ booth at LWCE last week... but then again I also answered a lot of Xen, KVM, and VMware questions too. 1218495445 M * fluor when one wants to setup lots of different distribs underneath a common kernel 1218495462 M * Bertl micah: nothing for native speakers I guess :) 1218495479 M * fluor micah: shared hosting might work better 1218495508 M * fluor micah: it's about selling/buying portions of a server, or 'Virtual Private Systems', rather than the whole thing 1218495549 M * fluor dowdle: btw, I really did enjoy your OVZ video :) 1218495592 M * Bertl if you don't want to bother, and just want to sell VPS to customers, then Virtuozzo(tm) is probably a good choice (if money doesn't matter) 1218495604 J * FaUl immo@shell.chaostreff-dortmund.de 1218495642 J * Alteisen alteisen@shell.chaostreff-dortmund.de 1218495678 M * dowdle The only problem I have with bought VPSes is that usually most hosting providers have only a few number of plans... so you get a cookie made by a cookie cutter... and if you need customized resources values for your particular load... they usually don't want to help you... other than selling you up to more than you use. 1218495681 Q * Aiken Remote host closed the connection 1218495738 M * Bertl dowdle: that's the idea behind 'don't bother, just sell' :) 1218495742 M * dowdle fluor: There are a few problems with what the OpenVZ project provides but we do try to improve it. 1218495807 M * dowdle fluor: If you ever want to discuss them, you know where to find me... but I would prefer to not annoy people by talking about it here. :) 1218495873 M * Bertl it's my fault, I asked :) 1218495925 M * fluor dowdle: sure! 1218495950 N * DoberMann[PullA] DoberMann 1218495952 M * dowdle Egads time for me to catch a bus. Isn't that convenient(sp?)? :) 1218496013 M * dowdle No wait... brainfart... my wife said she would pick me up today. 1218496076 N * DoberMann DoberMann[ZZZzzz] 1218496080 M * Bertl lucky bus then 1218496095 M * Bertl got away this time ... 1218497953 Q * dowdle Remote host closed the connection