1229644840 M * whuji well now I have a 1229644841 M * whuji creaktifserver:/# ping google.com 1229644841 M * whuji ping: icmp open socket: Operation not permitted 1229644877 M * whuji of course with nodev... 1229644897 M * whuji I think I'll do the D-nat tomorrow. Thanks for all. 1229645062 Q * whuji Quit: Leaving. 1229645165 Q * cga Quit: WeeChat 0.2.6 1229647947 Q * bonbons Quit: Leaving 1229652366 Q * ghislainocfs2 Read error: Connection reset by peer 1229656455 J * balbir_ ~balbir@122.167.204.221 1229661464 Q * derjohn_mob Ping timeout: 480 seconds 1229665018 Q * balbir_ Ping timeout: 480 seconds 1229665703 Q * brc Ping timeout: 480 seconds 1229666302 J * dna ~dna@77-207-103-86.dynamic.dsl.tng.de 1229666552 J * balbir_ ~balbir@122.167.219.75 1229667091 Q * dna Quit: Verlassend 1229669493 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1229670597 Q * doener Read error: Connection reset by peer 1229670666 J * doener ~doener@i577BAE13.versanet.de 1229671315 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1229671385 Q * sharkjaw Remote host closed the connection 1229671403 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1229672236 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1229672685 M * micah Bertl_zZ: I didn't get a response to what I wrote the other day, might I have missed it while I was traveling? 1229672844 Q * sharkjaw Quit: Leaving 1229672858 J * sharkjaw ~gab@149-67-194.231210.adsl.tele2.no 1229672888 M * tokkee Hrm ... does util-vserver skip rcS when starting a guest? 1229673213 Q * transacid_home Quit: leaving 1229673407 J * derjohn_mob ~aj@e180211245.adsl.alicedsl.de 1229673690 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net 1229675183 Q * mtg Ping timeout: 480 seconds 1229675434 J * chi6IT41 ~chigital@services.mivitec.net 1229675480 J * mtg ~mtg@dialbs-088-079-143-204.static.arcor-ip.net 1229678270 M * mnemoc hi, can one restrict non-userspace usage of a guest? 1229678310 Q * derjohn_mob Ping timeout: 480 seconds 1229678337 M * mnemoc I have an sshd which is been used for a tunnel which has a TIME+ of 32h just after 4h from starting it :| 1229678358 M * mnemoc %CPU has never passed from 0.2% 1229678401 M * pmjdebruijn mnemoc: non-userspace isn't really part of the vserver 1229678410 M * pmjdebruijn mnemoc: the whole point of vserver is to virtualize userland 1229678413 M * pmjdebruijn not the kernel 1229678438 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1229678468 M * mnemoc pmjdebruijn: but how can I avoid him to burn all my CPU then? 1229678487 M * pmjdebruijn mnemoc: is it really burning your CPU time? 1229678487 M * mnemoc I have had peaks for 50+ of load 1229678490 M * pmjdebruijn oh 1229678492 M * pmjdebruijn by SSHd? 1229678504 M * mnemoc i think so 1229678519 M * mnemoc cpu usage has never been more than 3% 1229678521 M * pmjdebruijn mnemoc: that's plain weird... are you sure your sshd isn't broken? 1229678533 M * pmjdebruijn mnemoc: load = processes waiting for io 1229678538 M * mnemoc i was blaming the tunnel and some abuse there 1229678546 M * mnemoc uhm, io 1229678554 M * pmjdebruijn mnemoc: a single process can never increase your load by more than 1 1229678576 M * pmjdebruijn mnemoc: there probably something else going on 1229678608 M * mnemoc it's an stock 2.6.22.15-vs2.2.0.5-dist over ext3 ... 1229678616 M * pmjdebruijn mnemoc: that's ancient :p 1229678620 M * mnemoc an no problem on ctx0's dmesg logged 1229678628 M * pmjdebruijn mnemoc: 2.6.22.19-vs2.2.0.7 has been out for a long time 1229678632 M * mnemoc yes, i'm preparing to roll .27 + 2.3 1229678653 M * pmjdebruijn mnemoc: i'm not even convinced your problem is with vserver 1229678686 M * mnemoc i'm not blaming vserver, i had the hope that vserver cold block the basterd 1229678688 M * mnemoc bastard 1229678693 M * mnemoc could* 1229678717 M * pmjdebruijn mnemoc: load is based on processed... if a vserver has 50 deadlocked processes your load will be 50 1229678722 M * pmjdebruijn mnemoc: without your CPU getting burned 1229678761 M * mnemoc uhm 1229678776 M * mnemoc broken sshd instead of kernel io bug? 1229678811 M * pmjdebruijn mnemoc: how do you figure it's a kernel io bug? 1229678823 M * pmjdebruijn mnemoc: I mean it's possible... it's just not very likely 1229678829 M * mnemoc discarding 1229678843 M * pmjdebruijn mnemoc: you don't have any deadlocking processes 1229678980 M * pmjdebruijn ? 1229679041 Q * FireEgl Remote host closed the connection 1229679133 M * mnemoc pmjdebruijn: http://rafb.net/p/Za7mt219.html 1229679165 M * mnemoc pmjdebruijn: no load peak currently... and beside an idiot doing a dictionary attack there is nothing wrong I can see 1229679256 M * ktwilight_ mnemoc, maybe limit that guest http://linux-vserver.org/Resource_Limits 1229679382 M * mnemoc pmjdebruijn: my "analysis" was pretty naive, CPU and MEM always below 10%, peaks for 10-30m with load over 50, and according to top a cumulated TIME+ of that sshd 100 larger than the following daemon. nothing in dmesg... so I "assumed" it was something in the kernel 1229679452 M * pmjdebruijn mnemoc: does that dictionary attack by any chance spawn 50 sshd's? 1229679541 J * kir ~kir@swsoft-msk-nat.sw.ru 1229679570 M * mnemoc pmjdebruijn: i'll look on the next peak, but i doubt... i see at most 2 connections per second in the logs 1229679644 M * hijacker__ mnemoc, maybe have a look at the processes with htop ? 1229679674 M * hijacker__ also, it is a good idea if you run an open ssh server 1229679707 M * hijacker__ to limit and block connection attempts per single ip if they reach count of more than 2 or 3 per certain limit... 1229679734 M * hijacker__ *last limit = time limit 1229679770 M * mnemoc thanks for the hint :) 1229679833 M * hijacker__ sure 1229679846 M * hijacker__ or even tarpit it;-) 1229679852 M * hijacker__ $IPT -t filter -A INPUT -i $EXT_IF -p tcp --dport 22 \ 1229679852 M * hijacker__ -m hashlimit --hashlimit 1/m --hashlimit-burst 2 --hashlimit-mode srcip --hashlimit-name ssh --hashlimit-htable-expire 120000 \ 1229679852 M * hijacker__ -m state --state NEW -j ACCEPT 1229679852 M * hijacker__ $IPT -t filter -A INPUT -i $EXT_IF -p tcp --dport 22 -j TARPIT 1229679853 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1229679864 M * hijacker__ ;-) 1229679868 M * hijacker__ works like a charm... 1229679988 M * mnemoc :D 1229680108 M * pmjdebruijn mnemoc: if connections stay open, they will increase your load 1229680189 M * mnemoc ic 1229680230 M * pmjdebruijn mnemoc: load does is direct tied to your cpu usage! 1229680234 M * pmjdebruijn is not* 1229680550 Q * larsivi_ Remote host closed the connection 1229680579 M * pmjdebruijn hmmm 1229680586 M * pmjdebruijn I read about a vroot proxy device 1229680590 M * pmjdebruijn any documentation on that 1229680910 J * er ~sapanbhat@adsl-dyn141.78-99-126.t-com.sk 1229681081 P * er 1229681387 N * Bertl_zZ Bertl 1229681395 M * Bertl morning folks! 1229681778 M * mnemoc morning Bertl! 1229683648 J * derjohn_mob ~aj@80.69.42.51 1229683669 J * mrfree ~mrfree@host1-89-static.40-88-b.business.telecomitalia.it 1229683988 M * mnemoc Bertl: do you have time to look at 2.6.27.10 soon? the fist hunk of fs/fcntl.c fails to apply 1229684259 M * mnemoc Bertl: they added #include 1229684391 M * Bertl evil trickery! 1229684483 M * Bertl let me take a look, sec ... 1229684631 M * pmjdebruijn does the vroot proxy device still exist on recent vserver? 1229684637 M * Bertl yep 1229684758 M * pmjdebruijn are there any docs on that? 1229684767 M * pmjdebruijn how can I mknod that? 1229684839 M * Bertl make sure that you have VROOT enabled in the ekrnel config 1229684981 A * pmjdebruijn has to check that 1229684986 M * pmjdebruijn but what exactly does the vroot do? 1229685041 M * pmjdebruijn uhm 1229685083 M * Bertl it is a block device, like many others, which only allows quota ioctls to pass through 1229685095 M * Bertl securing the original device 1229685125 M * pmjdebruijn does it dynamically point to the vserver's root device? even if it changes during reboots? 1229685164 M * Bertl nope 1229685175 M * Bertl you configure it similar to a loop device 1229685184 M * Bertl with rsetup (similar to losetup) 1229685188 M * pmjdebruijn oh 1229685196 M * pmjdebruijn I think I noticed some docs on that 1229685305 M * pmjdebruijn Bertl: so if we want to make sure it quota tools keep working, we need to dynamically set it up from a script or something 1229685341 M * Bertl preferably in the guest startup scripts 1229685357 M * Bertl i.e. initialize or so 1229686526 M * Bertl mnemoc: check the experimental releases (the folder) 1229686899 Q * mrfree Quit: Leaving 1229687176 M * mnemoc Bertl: thanks! 1229687627 M * Bertl let me know how it goes, I couldn't run test it, but the changes were minimal 1229687681 M * mnemoc it's compiling 1229687689 Q * hparker Ping timeout: 480 seconds 1229687693 M * Bertl yeah, it is compile tested :) 1229687705 M * mnemoc i'll try it in run-time in an hour 1229687721 M * Bertl excellent! drop me a note, I won't be around then ... 1229687898 M * mnemoc ok 1229688057 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1229689439 Q * hparker Ping timeout: 480 seconds 1229689448 M * Bertl okay, off for now .. bbl 1229689454 N * Bertl Bertl_oO 1229689718 J * JonB ~NoSuchUse@130.227.63.19 1229690209 Q * Aiken Remote host closed the connection 1229690468 J * whuji ~huji@bgl93-2-82-226-41-76.fbx.proxad.net 1229690488 M * whuji hello :) 1229690702 M * whuji still have some questions 1229690715 M * whuji about guest with nodev option 1229690750 M * whuji the guest can be reached but it can't ping... 1229690771 M * whuji but I can use wget or apt 1229690835 M * ard for icmp you need special privilegs 1229690960 M * whuji ok. 1229690965 M * ard if you install the iputils ping variant, it should work 1229690981 M * whuji and mysql gives me an error : (see pastebin) 1229690983 M * ard (there is ping from netkit, and ping from iputils) 1229691004 M * whuji ok thank you ! 1229691108 M * ard ah 1229691109 M * ard debian 1229691117 M * ard iputils-ping works for me :-) 1229691127 M * ard dunno about the mysql errors though 1229691198 M * ard it's especially weird, since it's stopping mysql twice... 1229691413 M * whuji it says that the file 'host' has an incorrect format... /etc/hosts is ok 1229691430 M * whuji I use this guest on another server and it works well 1229691439 M * whuji yesterday I tried to migrate this guest 1229691448 M * whuji now it's ok but mysql doesn't work 1229691601 M * whuji arf, I'm sorry 1229691611 M * whuji after some searches I've found the solution. 1229692510 M * ard what? what? what? 1229692537 M * whuji yes ? 1229693347 J * esa ~esa@ip-87-238-2-45.static.adsl.cheapnet.it 1229694026 M * mnemoc whuji: what was the solution? :) 1229694173 M * whuji to delete files in /var/lib/mysql/mysql and do mysql_install_db 1229694317 M * mnemoc *G* 1229695381 J * arekm_ arekm@carme.pld-linux.org 1229695426 Q * arekm Remote host closed the connection 1229696015 Q * sharkjaw Remote host closed the connection 1229696402 N * arekm_ arekm 1229697282 P * ghislainocfs2 1229697303 J * ghislainocfs2 ~Ghislain@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1229698380 Q * chi6IT41 Remote host closed the connection 1229698385 Q * JonB Quit: Leaving 1229699143 Q * hijacker__ Remote host closed the connection 1229699207 M * ard [14:00] after some searches I've found the solution. 1229699213 M * ard ah 1229699214 M * ard ok 1229699219 M * ard answered it... 1229699252 M * ard the weird thing is: why was /var/lib/mysq/mysql/hosts.* corrupt? 1229699259 M * whuji yes 1229699579 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1229699816 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1229700549 Q * FaUl Ping timeout: 480 seconds 1229701192 J * chi6IT41 ~chigital@services.mivitec.net 1229702415 Q * opuk Ping timeout: 480 seconds 1229703395 Q * derjohn_mob Ping timeout: 480 seconds 1229703969 Q * chi6IT41 Ping timeout: 480 seconds 1229704358 J * pmenier ~pmenier@ACaen-152-1-4-250.w83-115.abo.wanadoo.fr 1229705344 Q * larsivi Remote host closed the connection 1229705378 J * larsivi ~larsivi@9.80-202-30.nextgentel.com 1229706163 Q * kir Quit: Leaving. 1229706401 N * Bertl_oO Bertl 1229707130 M * Bertl mnemoc: so, how is the kernel? 1229707265 M * mnemoc Bertl: seems fine :) booted and got the devices... i'm preparing a new "system" to install remotely by vserver-host linux so I haven't tested deeper yet 1229707277 M * mnemoc s/by/my/ 1229707314 M * Bertl k, tx! 1229707352 M * mnemoc i hope to have a functional host tomorrow morning 1229707361 M * mnemoc until now, no problem at all :) 1229707731 M * Bertl okay, off again .. bbl 1229707736 N * Bertl Bertl_oO 1229708295 Q * _gh_ Ping timeout: 480 seconds 1229710339 Q * mtg Quit: Verlassend 1229710673 J * _gh_ ~gerrit@32.97.110.56 1229711691 N * pmenier pmenier_off 1229713892 Q * gnuk Quit: NoFeature 1229714868 J * ntrs ~ntrs@77.29.21.97 1229715702 J * cga ~weechat@94.36.80.137 1229715833 M * mnemoc was ext4 only renamed in .28 or also fixed? 1229715833 Q * ktwilight_ Read error: Connection reset by peer 1229715942 J * ktwilight ~ktwilight@72.107-66-87.adsl-dyn.isp.belgacom.be 1229716140 M * mnemoc thanks, found the answer. fixes were backported to .27.X 1229716653 Q * _gh_ Ping timeout: 480 seconds 1229717838 J * opuk ~kupo@c83-251-254-12.bredband.comhem.se 1229719757 J * Aiken ~Aiken@ppp118-208-39-59.lns3.bne1.internode.on.net 1229723993 Q * ntrs Ping timeout: 480 seconds 1229725120 J * hparker ~hparker@2001:470:1f0f:32c:212:f0ff:fe0f:6f86 1229725814 Q * rangaparmastan Ping timeout: 480 seconds 1229726444 J * rangaparmastan ~bihar@84.78.128.255 1229727569 Q * cga Quit: WeeChat 0.2.6 1229729361 J * _gh_ ~gerrit@c-71-193-204-84.hsd1.or.comcast.net