1227225946 J * Piet ~piet@86.59.118.153 1227227499 Q * pisco Ping timeout: 480 seconds 1227227537 J * pisco ~pisco@86.59.118.153 1227227934 Q * Piet Quit: Piet 1227228332 M * Bertl okay, off to bed now too .. have a good one everyone! 1227228345 N * Bertl Bertl_zZ 1227228425 J * ntrs__ ~ntrs@77.29.15.194 1227228857 Q * ntrs__ Ping timeout: 480 seconds 1227229882 Q * dowdle Remote host closed the connection 1227231084 Q * geb Remote host closed the connection 1227232754 J * derjohn_mob ~aj@e180208184.adsl.alicedsl.de 1227233243 J * a[u]stin ~austin@hil-100-168.ResHall.Berkeley.EDU 1227233301 M * a[u]stin what more do i have to do after i clone a guest to make the cloned system runnable? 1227233348 M * cehteh setup ip, fstab etc if you didnt yet (with the clone?) 1227233361 M * cehteh add the mark for automatic startup 1227233371 M * a[u]stin okay 1227233375 M * a[u]stin so say i am on debian lenny 1227233384 M * a[u]stin and i build a system with debootstrap 1227233399 M * a[u]stin then clone that system 1227233437 M * a[u]stin why does /etc/vserver//vdir point to the /etc/vserver/ of the cloned system 1227233451 M * daniel_hozac how did you clone it? 1227233484 M * a[u]stin vserver my-clone build -m clone -- --source /etc/vserver/system-to-clone 1227233494 M * daniel_hozac well, that'd be why :) 1227233498 M * a[u]stin oh 1227233503 M * a[u]stin i must be misunderstanding then 1227233512 M * daniel_hozac --source should be the name of a guest, or /vservers/ 1227233513 M * a[u]stin i've tried looking for documentation 1227233524 M * a[u]stin oooh 1227233536 M * daniel_hozac such as http://linux-vserver.org/Building_Guest_Systems? 1227233556 M * a[u]stin i know 1227233557 M * a[u]stin is aw that 1227233562 M * a[u]stin and isn't that what i am doing 1227233570 M * a[u]stin my directory is just different 1227233619 M * daniel_hozac you're telling it to clone a configuration directory. 1227233635 M * a[u]stin i don't have a /vservers though 1227233637 M * a[u]stin would that be 1227233652 M * a[u]stin the /var/lib/vservers 1227233664 M * daniel_hozac if you're no Debian, sure. 1227233668 M * a[u]stin okay 1227233670 M * daniel_hozac s/no/on/ 1227233685 M * a[u]stin one more question 1227233694 M * a[u]stin can i mount the / directory of the quest read only? 1227233700 M * a[u]stin *guest 1227233707 M * daniel_hozac yes. 1227233720 M * a[u]stin i get problems with /etc/mtab though 1227233781 M * daniel_hozac as expected. 1227233813 M * a[u]stin i'm assuming that is because everything that is mounted attempts to write to it 1227233821 M * a[u]stin can i disable this, or what is a workaround? 1227233827 M * daniel_hozac just ignore it. 1227233831 M * a[u]stin ok 1227233832 M * a[u]stin haha 1227233835 M * a[u]stin easy enough 1227233845 M * a[u]stin thanks a bunch 1227233848 M * a[u]stin i may be back 1227233849 M * daniel_hozac so what class are you taking? 1227233859 M * a[u]stin advanced unix systems administration 1227233863 M * a[u]stin how did you know? 1227233876 M * daniel_hozac a class mate of yours i gues was here earlier . 1227233884 M * a[u]stin probably my partner 1227233888 M * a[u]stin haha 1227233905 M * a[u]stin we've been messing with vservers for the past day or so 1227233962 M * a[u]stin we are having a hard time finding documentation 1227234001 M * daniel_hozac most commands have sufficiently verbose --helps. 1227234036 M * a[u]stin ah 1227234042 M * a[u]stin well 1227234058 M * a[u]stin i feel like the explanation for what the different build methods do is pretty sparse 1227234067 M * a[u]stin a sentence or so 1227234073 M * a[u]stin but i can always look at the scripts 1227234079 M * a[u]stin so i guess its no big deal 1227234084 M * daniel_hozac it builds a guest. if you want details, read the source. 1227234121 M * a[u]stin i just wanted to avoid that :P 1227234124 M * a[u]stin oh well 1227234128 M * a[u]stin thanks for your help 1227234143 Q * a[u]stin Quit: a[u]stin 1227236357 M * bliz42 on a gentoo system, trying to use vemerge.. and it keeps bombing from a read only filesystem error.. any advice here? seems the gentoo specific documentation is from 2006, but I can't find anything really any more recent 1227236760 J * fb_ fback@red.fback.net 1227236796 J * _Hunger Hunger.hu@Hunger.hu 1227236810 Q * fb synthon.oftc.net larich.oftc.net 1227236810 Q * Hunger synthon.oftc.net larich.oftc.net 1227236810 Q * brc synthon.oftc.net larich.oftc.net 1227236860 M * bliz42 ok, got around the issue by adding a shared packages folder.. which is good anyway, so meh 1227239239 J * dowdle ~dowdle@71-221-8-241.blng.qwest.net 1227240618 Q * hparker Quit: Quit 1227241209 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1227241275 Q * dowdle Remote host closed the connection 1227241406 J * testo ~some@202.180.115.27 1227241506 M * testo Where to fina a good documentation about CPU limits? 1227241537 M * daniel_hozac http://linux-vserver.org/CPU_Scheduler 1227241595 M * testo Yes I've seen it but where are examples? 1227241609 J * cybergirl ~cybergirl@212-198-248-34.rev.numericable.fr 1227241722 M * daniel_hozac at the bottom. 1227241744 Q * cybergirl 1227242006 M * testo i'm idot but can't find a good example, for example to run 1 vserver at 10% cpu and using only 2CPU from 4 ? 1227242256 Q * derjohn_mob Ping timeout: 480 seconds 1227243275 M * daniel_hozac 10% of each CPU? 1227243651 Q * bliz42 Quit: leaving 1227243931 J * brc bruce@72.20.27.65 1227246051 Q * esa Ping timeout: 480 seconds 1227248147 J * derjohn_mob ~aj@e180193191.adsl.alicedsl.de 1227248756 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1227249864 J * ntrs__ ~ntrs@77.29.22.25 1227250559 J * ghislainocfs2 ~Ghislain@adsl2.aqueos.com 1227250684 Q * derjohn_mob Ping timeout: 480 seconds 1227250885 M * arekm hm, ipv6 fix wasn't merged into .36? 1227250970 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net 1227251449 Q * ntrs__ Ping timeout: 480 seconds 1227252537 Q * arekm Quit: leaving 1227252976 J * arekm arekm@carme.pld-linux.org 1227252979 M * arekm [arekm@carme-pld ~]$ LC_ALL=C sudo ls -l /proc 1227252981 M * arekm ls: cannot open directory /proc: Permission denied 1227252999 M * arekm is this known? (26.7 + vserver 2.3...36) 1227253022 M * arekm 2.6.27.7 of course 1227253078 M * arekm [ 47.521257] vxW: [pidof,3064:#100|100|100] denied 24 access to proc:ffff88015f410030[#0,1] 1227253362 M * arekm previous working ver was vs2.3.0.35.7 1227253444 M * testo how to set CPU limit? what command to use or where is config files? 1227253466 Q * larsivi Ping timeout: 480 seconds 1227253761 J * derjohn_mob ~aj@p57A6F732.dip.t-dialin.net 1227253761 Q * arekm Quit: leaving 1227253932 N * quinq qzqy 1227254362 J * arekm arekm@carme.pld-linux.org 1227254371 M * arekm back on old vs 1227254504 M * daniel_hozac testo: vsched, /etc/vservers//sched 1227254544 M * arekm Hawq: you had the /proc problem, right? 1227254915 M * arekm hm, delta-proc-fix03.diff is applied in .36 1227255133 M * testo what should I put there? vsched, /etc/vservers//sched ? any docs? 1227255284 M * arekm use google, there are docs 1227255444 M * arekm "you can't use the plain initstyle without the pid virtualization." hm, do plain no longer works in vs2.3? 1227255451 J * dna ~dna@52-200-103-86.dynamic.dsl.tng.de 1227257031 Q * mtg Ping timeout: 480 seconds 1227257344 J * larsivi ~larsivi@85.221.53.194 1227257906 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net 1227259125 J * davidkarban ~david@193.85.217.71 1227259151 J * ntrs__ ~ntrs@77.29.14.75 1227260666 J * Mojo1978 ~Mojo1978@ip-88-152-50-100.unitymediagroup.de 1227262292 Q * gnuk Remote host closed the connection 1227262539 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1227262603 J * ghislainocfs21 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1227262664 Q * dna Quit: Verlassend 1227262728 J * seldgehammer a8ac01f7@webchat.mibbit.com 1227262744 Q * ghislainocfs2 Ping timeout: 480 seconds 1227262829 Q * seldgehammer 1227264988 Q * mtg Quit: Verlassend 1227265300 J * baggins ~baggins@kenny.mimuw.edu.pl 1227265719 Q * derjohn_mob Ping timeout: 480 seconds 1227266153 J * tramjoe_merin ~tramjoe@193.41.238.151 1227266988 Q * ntrs__ Ping timeout: 480 seconds 1227267131 Q * hparker Ping timeout: 480 seconds 1227267211 J * hparker ~hparker@linux.homershut.net 1227268550 N * Bertl_zZ Bertl 1227268553 M * Bertl morning folks! 1227268631 M * baggins hi! 1227268681 M * baggins there is a problem with patch-2.6.27.6-vs2.3.0.36.diff 1227268690 M * baggins vserver nstest exec ls /proc 1227268694 M * baggins ls: cannot open directory /proc: Permission denied 1227268707 M * baggins dmesg: 1227268709 M * baggins [40122.149314] vxW: [�ls�,5752:#100|100|100] denied 24 access to proc:f742401c[#0,1] 1227268710 A * ard was just about to compile it :-) 1227268729 M * baggins but: 1227268731 M * baggins vserver nstest exec ls /proc/cpuinfo 1227268734 M * baggins /proc/cpuinfo 1227268748 M * baggins weird 1227268911 M * Bertl what distro are you using? 1227268981 M * baggins pld 1227269001 M * Bertl IIRC, that one is doing a malicious setattr --hide /proc in their scripts 1227269014 M * Bertl get rid of that and it should work fine 1227269061 A * arekm dropped that from latest version of script 1227269076 M * Bertl so an update should be fine too then :) 1227269082 M * baggins arekm: yeah, but did you rebuild the package? 1227269094 M * baggins arekm: answer is no ;) 1227269170 M * baggins Bertl: thanks, removing setattr fixed it :) 1227269187 M * Bertl np 1227269275 M * arekm baggins: "removing" + reboot fixed it? or no reboot? 1227269335 M * baggins setattr -Rx --~hide /proc 1227269360 M * baggins no reboot 1227269375 M * arekm ah, I used the command from "stop" 1227269395 M * arekm which was broken anyway it seems heh 1227269541 Q * hparker Remote host closed the connection 1227269725 M * arekm Bertl: btw. please merge ipv6 fix for .37 1227269739 J * hparker ~hparker@2001:470:1f0f:32c:215:f2ff:fe60:79d4 1227269784 M * Bertl ah, do we have something working/tested? probably missed that? 1227269804 M * arekm http://people.linux-vserver.org/~bonbons/vs2.3.0.35.10-ipv6-saddr-breakout-fix.diff 1227269836 M * Bertl excellent, you tested it? 1227269958 M * arekm yes, on one machine. Doing reboot now and I'll tell you how it looks on second machine with slightly different env 1227270002 Q * arekm Quit: reboot 1227270344 J * arekm arekm@carme.pld-linux.org 1227270644 M * arekm Bertl: on second machines also works fine 1227270648 M * arekm s/es/e/ 1227270926 M * Bertl okay, just uploaded vs2.3.0.36.1 with that patch added 1227271441 M * pmjdebruijn does that one already include the XFS juju? 1227271464 M * Bertl xfs should be fine again, but not much tested 1227271467 M * pmjdebruijn ok 1227271907 M * pmjdebruijn cool 1227271959 M * ktwilight__ Bertl, but i guess testfs runs fine for xfs? 1227271975 Q * hparker Ping timeout: 480 seconds 1227271988 M * Bertl yep, except for one test case, which currently fails on all filesystems 1227271998 M * ktwilight__ awesome :) 1227272165 M * ktwilight__ Bertl, mind if i modify the frontpage to include the experimental patches? :) 1227272196 M * Bertl well, they are linked there, IIRC, do you plan to update and list the latest or what? 1227272211 M * Bertl (i.e. do you plan to maintain this?) 1227272222 M * ktwilight__ sure, i don't mind maintaining the list 1227272235 M * Bertl then go ahead, but make it a separate table 1227272266 M * ktwilight__ could i just put it in the same table, but don't link in 2.2 stable? 1227272313 M * ktwilight__ i mean, only add the entry for the Linux kernel and 2.3 Development column. 1227272325 M * Bertl nah, leave the main table as is 1227272351 M * ktwilight__ hm, k, i'll add another table underneath :) 1227272353 J * hparker ~hparker@linux.homershut.net 1227273003 M * ktwilight__ doh, i've no rights to edit it Bertl. but i have prepared the template http://linux-vserver.org/Template:ExperimentalPatchTableMatrix 1227273034 M * ktwilight__ gimme a mo. 1227273164 M * ktwilight__ Bertl, ok, it's done, http://linux-vserver.org/Template:ExperimentalPatchTableMatrix as long as i can modify that template, it's all good. what's needed to do is modify the frontpage to include the template :) 1227273176 J * bliz42 ~ksmith@c-98-193-150-250.hsd1.tn.comcast.net 1227273203 M * ktwilight__ ah sweet! it's done :) 1227273210 M * ktwilight__ but can you please remove "also check out the latest Experimental Releases and let us know if something is broken." since it's repeated actually. 1227273241 M * ktwilight__ i'll monitor Experimental from time to time to include the latest :) 1227273262 M * Bertl yes, but please make the Experimental Releases a link, and avoid the 'here' and 'there' links :) 1227273280 M * ktwilight__ aight :) 1227273368 M * ktwilight__ ok, done. 1227273392 M * Bertl no, actually I prefer to do that in the main page, i.e. please remove any additional text and stuff, just leave the matrix 1227273436 M * ktwilight__ so just the matrix? 1227273441 M * Bertl yep, please 1227273448 M * ktwilight__ should i remove hte headers as well? 1227273463 M * ktwilight__ uh, header, where it says "Experimental Releases" 1227273468 M * Bertl nah, matrix with headers is fine 1227273472 M * ktwilight__ aight 1227273476 M * Bertl yeah, those too, please 1227273486 M * Bertl I meant the headers of the matrix, not the text stuff 1227273502 M * Bertl i.e. like you had it at the beginning :) 1227273509 M * ktwilight__ ok, refresh please, i hope this is ok :) 1227273529 M * Bertl not yet, remove the Experimental Releases 1227273538 M * ktwilight__ ah right, ya meant that. 1227273544 M * ktwilight__ done. 1227273559 M * Bertl k, tx 1227273562 M * ktwilight__ np :) 1227273687 Q * nkukard Quit: Leaving 1227274113 Q * hparker Quit: Quit 1227275996 Q * independence Ping timeout: 480 seconds 1227276087 J * independence independen@titan.blinkenshell.org 1227276197 J * ntrs__ ~ntrs@77.29.14.75 1227276258 J * whuji ~huji@jem75-8-88-170-103-188.fbx.proxad.net 1227276264 M * whuji hello 1227276276 M * Bertl hey 1227276308 M * whuji I have a problem with vserver 1227276359 J * hparker ~hparker@linux.homershut.net 1227276361 M * Bertl well, if you tell us what problem, we might even be able to help :) 1227276378 M * whuji I have a debian with vserver, no vm for the moment, but vserver doesn't see my first NICs (I have 2 NICs : eth0 and eth1) it just sees eth1. How could I tell to vserver that I have 2 NICs ? 1227276388 M * whuji (yes I was writing the message :) ) 1227276423 M * Bertl well, Linux-VServer does not care about your NICs, it's also no VM or so ... 1227276457 M * Bertl you assign IPs to a guest, and then Linux-VServer will show you all interfaces with those IPs on 1227276474 M * whuji so why I don't see eth0 ? When I boot to a normal kernel (without the vserver patch) it works perfectly (I have eth0 and eth1) 1227276494 M * Bertl are you talking about the host? 1227276523 M * whuji yes 1227276529 M * whuji I don't have guest for now 1227276536 M * Bertl well, then it is most likely that you are missing a driver 1227276547 M * whuji the 2 NICs are the same 1227276576 M * Bertl what kernels are we talking about and what NIC/driver? 1227276679 Q * ntrs__ Ping timeout: 480 seconds 1227276768 M * whuji well. I have 2 kernels installed : a linux-image 2.6.18 (I use debian etch) and a linux-image-vserver 2.18 (with vserver patch so). When I boot on the first kernel, everything is ok, eth0 and eth1 works. When I boot to the second kernel (vserver) eth0 doesn't work. The 2 NICs are both intel chipset. 1227276808 M * Bertl sounds weird, but more like a debian issue ... 1227276815 M * whuji ok 1227276816 Q * independence Ping timeout: 480 seconds 1227276825 Q * sharkjaw Remote host closed the connection 1227276828 M * Bertl in general, I'd try a newer kernel, e.g. at least 2.6.22 1227276843 M * whuji I've already written to debian mailing list. Waiting for replies. 1227276861 M * whuji ok I will try with a newer kernel from backports 1227276863 M * whuji thanks. 1227276864 M * Bertl Linux-VServer does not change anything in the way the network drivers work 1227276881 M * Bertl so I would be surprised if the Linux-VServer patches would affect this 1227276909 M * Bertl but, if you like to make sure, get a kernel.org 2.6.18 kernel, compile and test this (without patches) 1227276923 M * Bertl and then apply the Linux-VServer patch, and see if anything changes 1227276936 M * Bertl (I'm pretty sure it will not :) 1227276949 M * whuji I will try with a newer kernel first 1227276972 M * Bertl let us know how it goes ... 1227276979 M * whuji yep. I stay here 1227276995 M * whuji thanks a lot 1227276998 M * Bertl yeah, no problem, feel free to hang around as long as you like 1227277233 M * pmjdebruijn hmm cool 1227277244 M * pmjdebruijn I've built 2.3.0.36.1 against 2.6.27.7 (instead of .6) 1227277247 M * pmjdebruijn works just fine 1227277470 M * Bertl okay, off to grab some groceries .. bbl 1227277479 N * Bertl Bertl_oO 1227277640 M * pmjdebruijn btw, this is an excellent patch as well (unrelated to vserver): http://jengelh.medozas.de/files/kernel/linux-2.6.25.8-jen67/vt-colored-kernel-message-outp-1.txt 1227277667 Q * Mojo1978 Read error: Connection reset by peer 1227277732 J * independence ~independe@titan.blinkenshell.org 1227277782 M * whuji Bertl > it works with 2.6.26 from backports ! thank you !! 1227277850 M * daniel_hozac pmjdebruijn: i don't see why you would want that in the kenrel. 1227277899 M * pmjdebruijn daniel_hozac: makes seperating kernel messages from userland messages really easy 1227277910 M * pmjdebruijn daniel_hozac: it's definately not critical... 1227277915 M * pmjdebruijn daniel_hozac: but convenient 1227277991 M * daniel_hozac you could just have klogd do that. 1227278484 Q * independence Remote host closed the connection 1227278628 J * ncopa ~ncopa@149-13-151.oke2-bras2.adsl.tele2.no 1227278644 M * ncopa hi 1227278692 M * daniel_hozac hello 1227278852 J * independence independen@titan.blinkenshell.org 1227278929 M * whuji with the command 'newvserver', in the '--interface' arg, I must specify a virtual interface ? or a real one ? 1227278942 M * daniel_hozac don't use newvservre. 1227278959 M * daniel_hozac use vserver ... build. 1227278966 Q * larsivi Remote host closed the connection 1227278988 M * whuji why ? 1227279103 M * whuji there is no method for debian 1227279109 M * whuji oh 1227279114 M * whuji sorry, there is one 1227279397 M * whuji what's mean 'ncontext: vc_net_create(): Invalid argument' I've configured my guest to use eth1 interface (which is a physical interface). Is that a wrong way ? 1227279436 M * daniel_hozac it means you're using really old utils and you didn't specify a context id. 1227279578 M * whuji and the context id is always '42' ? 1227279832 M * daniel_hozac the context id is the numerical identifier of your guest. 1227279848 M * daniel_hozac like uids and usernames. 1227279849 M * ard vserver build -m debootstrap --interfac lo:10.10.10.10/32 --context 1234 -- -d etch 1227279862 M * ard is the preferred debian way :-) 1227279877 Q * matti Remote host closed the connection 1227279896 M * daniel_hozac assuming you spell --interface correctly :) 1227279913 M * ard yeah, well, I have problems with my keyboard. Really! 1227279962 M * whuji okey, thank you I've already created my guest on debian with 42 and id. thanks you ! 1227279992 M * whuji now I have to read documentation to understand how vserver handle the network 1227280032 M * whuji but I don't see anything about that :/ 1227280078 M * daniel_hozac it's simple. guests get a subset of the IP addresses. 1227280090 M * daniel_hozac those are all they can use. 1227280143 Q * davidkarban Quit: Ex-Chat 1227280222 M * whuji I see that. I can't give public ip to guest ? 1227280245 M * whuji oh ok, I think I must create a new route 1227280257 M * whuji and assign ips to physical iface on the host 1227280271 M * ard the host can give any address to the guest to use 1227280284 M * ard but the host chooses which addresses, the guest is not allowed to 1227280294 M * daniel_hozac anything the host can use, the guest can use too. 1227280309 M * daniel_hozac iff the IP has been assigned to the context. 1227280368 M * whuji ok, and when I shutdown a guest, vserver can't umount because 'must be superuser to umount' is that a problem ? 1227280393 M * ard no :-)... 1227280426 M * ard guests are not allowed to mount or umount, the host will take care of that, you are seeing the remains of an rc script that does not have to run 1227280452 M * whuji ok 1227280773 M * whuji so ips of guests are alias on host's NICs 1227280823 M * whuji hm. I don't have internet on guest. 1227280842 M * daniel_hozac if you assigned that IP to the host, would it work? 1227280855 M * daniel_hozac and, does ping -I google.com on the host work? 1227280869 M * whuji yes 1227280903 M * whuji oh I can't ping google.com 1227280911 M * whuji sorry i can 1227280936 M * whuji but not from the guest 1227280961 M * daniel_hozac did you setup /etc/resolv.conf? 1227280990 M * whuji yes 1227281018 M * whuji ping: icmp open socket: Operation not permitted 1227281024 M * whuji when I ping an IP 1227281237 Q * independence Remote host closed the connection 1227281238 J * independence independen@titan.blinkenshell.org 1227281270 M * daniel_hozac what IP did you give the guest? 1227281341 M * whuji 88.191.91.19 1227281387 M * daniel_hozac and the host? 1227281469 M * whuji 88.191.89.19 1227281532 M * ard 88.191.89.19 is routable with traceroute, but 88.191.91.19 not 1227281532 M * daniel_hozac so it's a /22? 1227281556 M * ard Hmmm, /22 is very big ;-) 1227281577 M * daniel_hozac not really. 1227281610 M * daniel_hozac especially not for a network where you're expecting a lot of virtualization to be going on. 1227281617 M * whuji it's 2 public ip 1227281640 M * daniel_hozac sure, but are they on the same network? 1227281643 M * whuji no 1227281656 M * whuji the netmask is 24 1227281676 M * daniel_hozac then you'll have to setup the guest to use whatever gateway the 88.191.91 network needs. 1227281677 M * ard heh, here in holland most companies start with a /23, unless you are really able to fill out more 1227281704 M * daniel_hozac i'd expect any datacenter to have more than one /23. 1227281706 M * ard (we got a /20 ) 1227281717 M * whuji ok so I can do this using /etc/network/interface of the guest as usal ? 1227281721 M * whuji usual 1227281724 M * daniel_hozac no. 1227281730 M * daniel_hozac the guest cannot mess with networking at all. 1227281743 M * ard /etc/vservers/guestname/interfaces/*/ip 1227281778 M * ard the host will setup the networking before it starts the guest 1227281861 M * whuji and what do I write into /etc/vservers/guestname/interfaces/0/ip ? 1227281883 M * ard change it to an ip address belonging to your network after shutting down the running guest 1227281943 M * whuji oh ok. But I can't choose my IPs. I rent a server from a datacenter and they give me just this 2 IPs. 1227281967 M * ard ah, ok 1227281984 M * ard so you just got those 2. 1227281989 M * whuji yes. 1227281999 M * ard That means that 88.191.91.19 should be as pingable as 88.191.89.19 1227282019 M * ard do me a favor: 1227282025 M * whuji yes ? 1227282025 M * ard shutdown the guest, and do: 1227282037 M * ard ip a add 88.191.91.19/32 dev lo 1227282057 M * ard on the host 1227282071 M * whuji done 1227282090 M * ard 88.191.89.19 is reachable and 88.191.91.19 is not 1227282099 M * ard try: 1227282111 M * ard tcpdump -n -i eth0 -c 100 host 88.191.91.19 1227282125 M * whuji u add it on lo not on eth0, is it ok ? 1227282125 M * ard if eth0 is your public interface 1227282131 M * ard it's ok ;-) 1227282156 M * whuji ok 1227282167 M * ard do you see anything? 1227282176 M * whuji no : my NIC is not in prom 1227282195 M * ard that's ok.. 1227282222 M * ard if 88.191.91.19 belongs to you according to the routers of your provider, you should have seen an arp for that address 1227282266 M * ard if you change the "host 88.191.91.19" to "host 217.196.45.116" 1227282273 M * ard do you see any icmp traffic? 1227282282 M * ard (the latter is my office ip) 1227282293 M * whuji no 1227282307 N * Bertl_oO Bertl 1227282310 M * Bertl back now ... 1227282315 M * ard is eth0 your public interface? 1227282321 M * whuji yes 1227282327 M * Bertl what ard is trying to tell you, is that the provider lied to you :) 1227282329 M * whuji eth0 : 88.191.89.19 1227282343 M * ard that's weird: 1227282348 M * Bertl (or you got the second ip wrong in some way) 1227282352 M * ard tcpdump -n -i eth0 -c 100 host 217.196.45.116 1227282364 M * ard should definitely show something ;-) 1227282372 M * whuji 16:46:09.353862 IP 88.191.89.19 > 217.196.45.116: ICMP echo reply, id 24447, seq 3, length 64 1227282372 M * ard 64 bytes from 88.191.89.19: icmp_seq=2 ttl=56 time=16.5 ms 1227282375 M * ard yes! 1227282379 M * ard that's it :-) 1227282398 M * whuji I'm very sorry I've written host 217.196.45.11 :/ 1227282407 M * whuji instead of 116 1227282419 M * ard once in a while you will see an arp for 88.191.89.19, that's a way for the provider to know where your server is 1227282436 M * ard you should see an arp for 88.191.91.19 too... 1227282440 M * ard try: 1227282447 M * ard tcpdump -n -i eth0 -c 100 arp 1227282454 M * whuji done 1227282471 M * ard do you see anything? 1227282479 M * whuji yep 1227282480 M * whuji 16:47:36.389690 arp who-has 88.191.89.131 tell 88.191.89.1 1227282480 M * whuji 16:47:37.499457 arp who-has 88.191.89.205 tell 88.191.89.1 1227282480 M * whuji 16:47:48.880143 arp who-has 88.191.89.1 tell 88.191.89.95 1227282480 M * whuji 16:47:53.857544 arp who-has 88.191.89.252 tell 88.191.89.1 1227282489 M * whuji and some more 1227282516 J * geb ~geb@4.4.82-79.rev.gaoland.net 1227282527 M * ard if you watch that, and everything stays within: 88.191.89.0/24, your provider lied to you ;-) 1227282545 M * whuji lied about what ? 1227282547 M * ard and they should give you an ip within 88.191.89.0/24 1227282560 M * whuji 'cause everything stays within 88.191.89.0/24 -_- 1227282560 M * ard about 88.191.91.19 being your second ip 1227282587 M * Bertl double check that it actually is .91. and not .89 1227282596 M * ard exactly ;-)... 1227282605 M * daniel_hozac and that you have the correct interface. 1227282606 M * Bertl looks very much like a typo, i.e. 191.91 (repeated 91) 1227282612 M * whuji I give u my provider's configuration : 1227282616 M * whuji auto eth0 1227282616 M * whuji iface eth0 inet static 1227282616 M * whuji address 88.191.89.19 1227282616 M * whuji netmask 255.255.255.0 1227282616 M * whuji network 88.191.89.0 1227282616 M * whuji broadcast 88.191.89.255 1227282616 M * whuji gateway 88.191.89.1 1227282626 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1227282629 M * whuji #auto eth1 1227282629 M * whuji iface eth1 inet static 1227282629 M * whuji address 88.191.91.19 1227282629 M * whuji netmask 255.255.255.0 1227282629 M * whuji network 88.191.91.0 1227282630 M * whuji broadcast 88.191.91.255 1227282630 M * whuji gateway 88.191.91.1 1227282689 M * whuji sorry. used paste.linux-vserver.org 1227282689 M * daniel_hozac there you go. 1227282756 M * ard aaarghhh 1227282773 M * ard multi-homed *and* multi routed *and* multi-nic-d 1227282797 M * whuji meaning ? 1227282832 M * ard if that's your providers configuration, it means they gave you a second cable to your computer 1227282860 M * ard do you lease or rent a server that you have never seen, or how is this construction possible? 1227282884 M * whuji I rent a server that I've never seen 1227282890 M * whuji it's a dedibox 1227282892 M * ard Ok, clear, than it's possible 1227282911 M * ard try doing the tcpdumps on eth1 instead of eth0 1227282934 M * ard if eth1 is not up, ifup it first, *after* you have made sure you can log in from a console 1227282954 J * dowdle ~dowdle@scott.coe.montana.edu 1227283003 M * ard but now I have to leave you in the hands of Bertl and daniel_hozac because somebody forced social commitments on me :-( 1227283007 M * whuji ok. eth1 is up now. do I start my guest ? 1227283016 M * ard 64 bytes from 88.191.91.19: icmp_seq=2 ttl=56 time=16.9 ms 1227283021 M * ard it works ;-) 1227283027 M * whuji ha :) ok thank you a lot 1227283033 M * ard well, daniel_hozac will probably explain some things ;-) 1227283042 M * Bertl you want to setup multiple routing tables to make that work 1227283049 M * whuji yep. But if I do a ssh on this ip I'm in the host, not in the guest 1227283054 M * ard depends on the route filtering done by his provider 1227283060 M * geb hi 1227283071 M * Bertl whuji: yes, that is expected, your host's sshd is not restricted yet 1227283079 M * ard but yes, you have a challenge ;-) 1227283081 M * ard O/~ 1227283108 M * Bertl whuji: http://linux-vserver.org/Frequently_Asked_Questions#When_I_try_to_ssh_to_the_guest.2C_I_log_into_the_host.2C_even_if_I_installed_sshd_on_the_guest._What.27s_wrong_here.3F 1227283120 M * whuji ok... So I don't understand where vserver handle packets 1227283145 M * Bertl networking happens on the host, nothing virtual, no bridging no additional network stack 1227283156 M * Bertl Linux-VServer uses IP isolation, which is fast and lean 1227283184 M * Bertl i.e. you assign a bunch of IPs to a guest (or a single one), and the guest apps are only allowed to use that set of IPs 1227283184 N * qzqy quinq 1227283203 M * Bertl the host is not restricted and can use all IPs 1227283213 M * whuji yep. But packets are received by the host, who does the routing ? vserver ? 1227283260 M * Bertl the host does all the routing 1227283275 M * Bertl there is no routing between host and guest 1227283321 M * Bertl so, to make your guest work as expected, you basically start on the host 1227283327 M * whuji so when I do a ping on 88.191.91.19, who respond ? host or guest ? 1227283335 M * Bertl always the host 1227283370 M * Bertl you should start (on the host) to make e.g. the following work: 1227283373 M * whuji ok (sorry, I use to use xen, so I must handle vserver system) 1227283380 M * Bertl ping -I 88.191.91.19 www.google.com 1227283408 M * Bertl whuji: yes, I expected something VM like :) just forget all about routing and bridging and network stacks you learned there :) 1227283449 M * whuji I see that :) 1227283452 M * Bertl just see the host and guests as a single entity, with certain restrictions on the guests (i.e. subset of host IPs) 1227283459 M * whuji but now, when I ping on the guest I have a ping: icmp open socket: Operation not permitted 1227283493 M * Bertl what kernel are we on now? 1227283503 M * whuji 2.6.26 1227283510 M * whuji you were right Bertl :) 1227283546 M * Bertl did you configure something in ccapabilities? 1227283548 M * whuji (so where does 1227283557 M * whuji capabilities ? 1227283605 M * Bertl can you upload the output of 'ip addr ls' inside the guest, and the ping command you are currently using? 1227283619 M * Bertl (the command line I mean :) 1227283758 M * whuji the ping command I use in the guest ? 1227283782 M * daniel_hozac whuji: upgrade your utils. 1227283782 M * Bertl yep 1227283783 M * whuji oups 1227283787 M * whuji inside the guest 1227283806 M * whuji do u received ? 1227283816 M * whuji (I've used paste.linux-vserver.org) 1227283823 M * Bertl yep, tx 1227283857 M * Bertl whuji: what util-vserver version? 1227283877 M * whuji ‪0.30.212-1 1227283910 M * Bertl yep, I guess you want to update that, but not to the pre2772 version, which is 'known broken' :) 1227283921 M * Bertl daniel_hozac: what in detail is the problem here? 1227283939 M * daniel_hozac it's using the first pid namespace API. 1227283949 M * daniel_hozac the one with new vc_ctx_create/migrate versions. 1227283958 M * whuji I have the 0.30.216~r2772-4~bpo40+2 0 in backports 1227283968 M * Bertl yep, avoid that one :) 1227283972 M * daniel_hozac if the VS-API is >= 0x00020304 1227283980 M * daniel_hozac should be fine on the old kerenel whuji is runnig. 1227283982 M * daniel_hozac +n 1227283984 M * Bertl daniel_hozac: okay, and how does that affect ping? 1227283990 M * daniel_hozac it doesn't. 1227284003 M * Bertl hmm, so how is that related? 1227284005 M * daniel_hozac i was talking about the known brokenness. 1227284033 M * Bertl ah, okay, well, if we talk about that, a 2.6.27 or 2.6.22 kernel would be better too 1227284034 M * daniel_hozac default ncaps weren't added until 0.30.214, i think 1227284082 M * whuji I've upgraded my utils-vserver 1227284101 M * whuji I must delete and create again my guest ? 1227284108 M * Bertl nope 1227284114 M * Bertl just restart it 1227284129 M * whuji done 1227284145 M * whuji it works ! 1227284177 M * Bertl let's see if you can reach the outside now (from the guest) 1227284183 M * whuji yep I can 1227284198 M * Bertl excellent, then restrict the sshd (if not already done) _on_the_host_ 1227284201 M * whuji and I can connect by ssh on the guest too 1227284206 M * whuji it's ok 1227284211 M * Bertl great so, you're done :) 1227284217 M * whuji thanks a lot u 2 :) 1227284225 M * Bertl you're welcome! 1227284244 M * whuji the new release of debian will correct this issues 1227284248 M * whuji those issues 1227284303 M * whuji ahh great. 1227284384 M * whuji because etch have too old packets of vserver to work fine 1227284464 M * whuji so for the firewall, I must do this on the host 1227284469 M * Bertl yep 1227284492 M * Bertl if you want logical separation, just make a separate table for each guest 1227284502 M * whuji yep thanks ;) 1227284521 M * whuji so when vserver is a virtualisation ? 1227284535 M * Bertl it is more an isolation technology 1227284551 M * Bertl but nowadays it is called 'OS level virtualization' 1227284571 M * Bertl mainly because the interface to userspace (between OS and apps) is virtualized 1227284650 M * whuji ok 1227284679 M * whuji so I can mirgate my guests without any hardware constraints ? 1227284709 M * Bertl within binary compatibility 1227284712 M * whuji I just copy my guest from a server to another with its config file and 'hop' 1227284726 M * Bertl e.g. from i586 to a x86_64 1227284732 M * whuji sure 1227284745 M * whuji as guests share the kernel with host 1227284752 M * Bertl correct 1227284766 M * whuji ok. I do understand vserver better now. 1227284782 M * Bertl it is like a chroot (or bsd jail) on steroids 1227284790 M * whuji so it's radically different from xen 1227284809 M * Bertl not just filesystem is isolated, but also pids, users, networking ... 1227284833 M * whuji ok. I just through it was a real virtualization but with a sharing system for the kernel 1227284843 M * whuji ok 1227284863 M * Bertl you won't get that performance with virtualization :) 1227284872 M * whuji sure :) 1227284884 M * Bertl another advantage is resource sharing 1227284890 M * whuji and vserver is stable enough to be used in prod ? 1227284905 M * Bertl it is used in production since 2002 1227284926 M * whuji well ok :D 1227284953 M * whuji so just another question 1227284958 M * whuji about networking again 1227284982 M * whuji if I want to do some nat, from the host to a guest, can I ? 1227284997 M * Bertl sure 1227284998 M * whuji for example I want to nat the port 80 to an guest 1227285007 M * whuji and the port 25 to another etc... 1227285017 M * whuji so I give my guest a private ip 1227285018 M * whuji ok 1227285020 M * Bertl just add the proper S/DNAT rules to the proper chains 1227285020 M * whuji stupid question 1227285034 M * whuji of course 1227285058 M * whuji so is there a real booting process on guest ? 1227285080 M * Bertl no kernel boot, just userspace 1227285088 M * whuji ok 1227285096 M * Bertl i.e. runlevel scripts get executed 1227285097 M * whuji no kernel, no initrd 1227285101 M * whuji ok 1227285105 M * Bertl (or init is started, and takes over) 1227285126 M * whuji so I can delete /boot safely 1227285132 M * Bertl yep 1227285169 M * daniel_hozac upgrading the kernel/boot loader packages might get sort of upset though. 1227285234 J * doener ~doener@i577B8A1D.versanet.de 1227285235 M * whuji sure. 1227285258 Q * independence Ping timeout: 480 seconds 1227285320 M * whuji and I can remove every mount* scripts in init.d too ? 1227285329 M * Bertl yep 1227285329 M * whuji and umount* 1227285331 M * whuji ok 1227285337 M * Bertl and everything hardware related 1227285341 Q * doener_ Ping timeout: 480 seconds 1227285352 M * whuji networking too ? 1227285364 M * Bertl yep 1227285394 M * whuji hostname too ? 1227285432 M * Bertl that one is virtualized, but you could live without 1227285439 M * Bertl i.e. you can set a default outside 1227285456 M * whuji ok 1227285503 M * whuji but I can't have different kernel modules in my guest 1227285518 M * Bertl you can't have kernel modules in guests at all 1227285535 M * whuji ok 1227285639 M * bliz42 hey Bertl, what linux dist do you use vserver on? 1227285660 M * Bertl mostly a customized mandriva 1227285750 J * independence independen@titan.blinkenshell.org 1227285760 M * Bertl welcome independence! 1227286106 M * whuji just for theory, I can't make partitions on guest, right ? 1227286126 M * Bertl partitions as in disk slices? 1227286126 M * whuji I must do it on host ok 1227286129 M * whuji thanks !d 1227286136 M * whuji yep 1227286144 M * whuji we don't say partition in english ? 1227286149 M * Bertl well, in theory, you can give access to the disk to a guest 1227286166 M * Bertl but usually you want to avoid that for security reasons 1227286187 M * whuji of course, yes 1227286208 M * Bertl and yes, partition is correct, just ambiguous 1227286232 M * whuji ok 1227286250 M * whuji what's the other meaning ? 1227286278 M * Bertl hardware virtualization is called 'partitioning' too 1227286299 M * Bertl (in the sense of older IBM mainframe, not VT) 1227286321 M * whuji oh, ok 1227286334 M * independence Bertl: hehe, thanks :) 1227286350 M * independence my shell got DDoSed :/ 1227286358 J * JonB ~NoSuchUse@130.227.63.19 1227286360 M * Bertl ouch :) 1227286375 M * JonB hey Bertl 1227286428 M * Bertl hey JonB! how's going? 1227286486 M * JonB Bertl: doing great, i defend my master thesis monday 1227286497 M * whuji If I want to compile something which need kernel header sources in my guest, I need to install kernel header sources, right ? 1227286505 M * Bertl JonB: congrats! 1227286517 M * Bertl whuji: yep 1227286527 M * whuji so I must have the vserver patched one ? 1227286531 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1227286533 M * JonB Bertl: thanks 1227286548 M * Bertl whuji: no, not really, whatever sources you need for the compiled result 1227286583 M * whuji but it will always work with the patched one 1227286679 M * Bertl userspace should not depend on real kernel headers, only on API (sanitized) headers (like glibc) 1227286691 M * Bertl unless you are compiling kernel modules, you should be fine 1227286712 M * whuji ah ok. thanks again :) 1227286775 M * whuji and I can 'virtualize" a centOS on a debian 1227286792 M * Bertl sure, all kinds of distros 1227286928 M * whuji ok so it's a distribution level virtualization. 1227286933 M * whuji everything clear now 1227286943 M * Bertl OS level to be precise :) 1227286944 M * whuji thanks to everybody :) 1227286977 M * whuji the kernel is a part of the os, no ? 1227286998 M * daniel_hozac the kernel is the OS. 1227287019 A * mnemoc disagrees 1227287021 M * whuji and vserver doesn't virtualize the kernel 1227287039 M * Bertl it 'virtualizes' the kernel/userspace interface 1227287117 M * whuji ok 1227287343 Q * tramjoe_merin Quit: using sirc version 2.211+KSIRC/1.3.12 1227287438 J * Pazzo ~ugelt@reserved-225136.rol.raiffeisen.net 1227287647 Q * JonB Quit: Leaving 1227287730 M * whuji an last thing and I must go. 1227287768 M * whuji hmm, actualy no :) 1227287770 M * whuji it's ok 1227287784 M * whuji thank you ! 1227287860 M * whuji good evening ! 1227287864 M * Bertl cya! 1227287876 M * whuji (it's evening in France) 1227287905 Q * whuji Quit: Leaving. 1227289124 Q * kir Quit: Leaving. 1227290378 M * bliz42 anyone famliar with the vserver gentoo portage setup? 1227291690 J * chI6iT41 ~chigital@tmo-100-114.customers.d1-online.com 1227293974 Q * chI6iT41 Ping timeout: 480 seconds 1227295468 J * chI6iT41 ~chigital@tmo-100-63.customers.d1-online.com 1227295771 M * Bertl bliz42: Hollow definitely is 1227295951 J * DavidS ~david@85.125.165.34 1227296870 Q * DavidS Quit: Leaving. 1227297306 Q * arthur Ping timeout: 480 seconds 1227297914 Q * FireEgl Ping timeout: 480 seconds 1227298505 Q * gnuk Quit: NoFeature 1227298570 J * arthur ~arthur@pan.madism.org 1227300180 Q * Pazzo Quit: Ex-Chat 1227301909 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1227302138 Q * chI6iT41 Ping timeout: 480 seconds 1227302806 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1227302985 M * Hawq hello 1227303024 M * Hawq sorry for being so late Bertl. 1227303459 M * PowerKe bliz42: What do you want to know? 1227303652 J * nkukard ~nkukard@196.212.73.74 1227303807 M * bliz42 just had some issues with some permissions within the vservers when emerging with the shared portage tree being read-only.. worked through some of the issues, but others are still a problem 1227303831 M * PowerKe the tree should be read-only, but distfiles read-write 1227303891 M * bliz42 well, using the guide on the system the portage tree was read only, but mounted a shared packages folder read-write to save binaries into once built once 1227303901 M * bliz42 that made things work nicely for most builds i've tried 1227303915 M * bliz42 but when trying to build coreutils, it wants to write '/usr/portage/sys-apps/coreutils/Manifest' -- which it doesn't have access to do 1227303934 M * bliz42 and this is using the vemerge util 1227303956 M * PowerKe Hmm, it's odd that it wants to write there if you didn't change anything in the ebuild 1227303995 M * bliz42 ya.. so updated main portage and sync'd and even went through a local emerge on the host hoping it would fill out anything it needed in the shared portage tree, then tried again but same error 1227304069 M * bliz42 figured it might be something odd about the setup within the vserver template image i was using, got it off another site, so rebuilding my host right now, then i'll try to build my own template image and see if i can get things to work any cleaner 1227304071 M * PowerKe Maybe you can try: ebuild /usr/portage/sys-apps/coreutils/coreutils-6.10-r2 manifest 1227304093 M * PowerKe and: ebuild /usr/portage/sys-apps/coreutils/coreutils-6.10-r2.ebuild digest 1227304107 M * bliz42 on the host or the guest? 1227304108 M * PowerKe (also add .ebuild on the previous one) But that shouldn't happen on a properly synced tree 1227304116 M * PowerKe host, guest is read-only 1227304123 M * bliz42 ya, ok 1227304130 M * bliz42 when i get things setup i'll try that and see what happens 1227305438 J * Walex ~Walex@82-69-39-138.dsl.in-addr.zen.co.uk 1227305683 M * Bertl welcome Walex! 1227305824 M * Hawq Bertl: any patches to test? :) 1227305910 M * Bertl yep 1227305941 M * Bertl but we have to put them together, I haven't compile tested anything yet, just prepared the pieces 1227305978 M * Bertl the first thing I'd like you to try is to start with your 'working' version and the following patches 1227305983 J * ntrs ~ntrs@77.29.199.52 1227306068 M * Bertl http://paste.linux-vserver.org/12620 1227306082 M * Bertl i.e. you want to revert them (-R) 1227306477 Q * Walex Read error: Connection reset by peer 1227306627 M * Hawq Bertl: kernel/signal.c:1164: error: 'struct vx_info' has no member named 'vx_initpid' 1227306641 M * Hawq after reverting the part from link 1227306678 J * chI6iT41 ~chigital@tmo-100-164.customers.d1-online.com 1227306683 M * Bertl okay, leave the last part, the initpid thingy out 1227306692 M * Bertl i.e. make that 1227306697 M * Bertl if (vx_check(vx_task_xid(p), VS_ADMIN|VS_IDENT) && 1227306710 M * Bertl ->pid > 1 && !same_thread_group(p, current)) { 1227306728 M * Bertl (missing p) 1227307165 M * Hawq it will take a while. its recompiling whole tree 1227307180 M * Bertl okay 1227307350 Q * bonbons Quit: Leaving 1227308567 Q * ntrs Ping timeout: 480 seconds 1227309084 J * cga ~weechat@94.36.113.17 1227309171 J * Radiance ~Radiance@193.16.154.187 1227309767 Q * cga Quit: WeeChat 0.2.6 1227310226 M * Hawq Bertl: booted kernel. switching stoppped working 1227310274 M * Bertl good :) 1227310322 M * Bertl now we do the crosscheck, get the Linux-VServer version and apply the patch you just reverted 1227310425 M * Hawq you mean, untouched vanilla + vs and apply the patch? 1227310457 M * Bertl kernel.org kernel, with normal Linux-VServer patch, but those two hunks (from the pastebin) applied 1227310496 M * Bertl that will give you full proc isolation, but no signalling isolation 1227310520 M * Bertl the next step is to add a bunch of debug messages to those signalling checks, and see which signal is the critical one 1227311138 M * Hawq its recompiling whole tree again. it usually takes ~45 minutes so I guess its better to finish checks tomorrow. You'll be online? 1227311170 M * Bertl yep, I should be (at least in the evening) 1227311184 M * Hawq err... finish checks today but later as its after midnight :) 1227311189 M * Hawq at least here 1227311195 M * Bertl hehe, yeah, fine :) 1227311292 M * Hawq what exactly should I change in next step? I'd check as much as I can before evening. 1227311330 M * Bertl I presume applying the hunks will make it work 1227311362 M * Bertl if that is true, we need some debug messages there to see _what_ signals from _where_ exactly get rejected 1227311410 M * Hawq in signal.c? 1227311441 M * Bertl yep 1227311591 M * Hawq hm. I just realized that just bzImage is needed for our tests. I should get one a lot faster than full rebuild 1227311595 M * Hawq :) 1227311661 M * Hawq heh. already have one. booting 1227311898 M * Hawq it works properly 1227311999 M * Hawq so... time for debug messages :)