1247880227 J * Abraxas_ ~Abraxas@94-224-69-84.access.telenet.be 1247880338 Q * Abraxas Ping timeout: 480 seconds 1247880392 Q * geb Ping timeout: 480 seconds 1247880567 J * ktwilight_ ~keliew@186.71-65-87.adsl-dyn.isp.belgacom.be 1247880842 Q * ktwilight Ping timeout: 480 seconds 1247881795 J * ousado_ ~johnny@p5B3C041A.dip0.t-ipconnect.de 1247882227 Q * ousado Ping timeout: 480 seconds 1247883156 Q * imcsk8 Quit: This computer has gone to sleep 1247886028 J * saulus_ ~saulus@c193183.adsl.hansenet.de 1247886297 Q * FIChTe Ping timeout: 480 seconds 1247886437 Q * SauLus Ping timeout: 480 seconds 1247886443 N * saulus_ SauLus 1247886516 J * FIChTe fichte@bashpipe.de 1247888458 J * tdjacr a253faf4@webchat.mibbit.com 1247888471 N * tdjacr tdjacr2 1247888474 M * tdjacr2 Hi 1247888501 M * tdjacr2 I used shutdown -h now on a vserver, and now I can't get it to allow ssh logins. 1247888515 M * tdjacr2 It keeps saying that the system is going down. 1247888519 M * tdjacr2 But it isn't 1247888596 M * tdjacr2 Any ideas? 1247888639 J * doener ~doener@i59F576C3.versanet.de 1247888717 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1247888728 M * cehteh tdjacr2: you have access to the root server? 1247888745 M * cehteh vserver $vservername stop ... will list processes which keep it running 1247888752 M * cehteh fix that 1247888772 M * tdjacr2 yeah. 1247888774 M * tdjacr2 Hold on 1247888841 M * tdjacr2 cehteh: Including .. 1247888843 M * tdjacr2 . 1247888883 M * tdjacr2 No 1247888886 M * cehteh there was also something to be set up for making shutdown -h more sane 1247888896 M * cehteh forgot what .. moment i try to figure out 1247888925 M * tdjacr2 I have stoped and started the vserver with the vserver mangement program, and it still shows the same message 1247888932 M * cehteh ah 1247888934 M * cehteh # 1247888935 M * cehteh * 1247888935 M * cehteh # shutting down vservers gracefully requires that they call 'halt -f' finally, I've added 1247888935 M * cehteh * 1247888935 M * cehteh 99 0 - /etc/init.d/halt or the respective rc0.d/K99halt symlink everywhere 1247888958 N * Bertl_oO Bertl 1247888976 M * Bertl tdjacr2: what is saying that the system is going down? 1247888986 M * tdjacr2 SSH 1247888993 M * tdjacr2 I can't ssh in 1247889009 M * Bertl into the guest? 1247889017 M * tdjacr2 Yeah 1247889018 M * cehteh you bound a ip? 1247889033 M * Bertl tdjacr2: what distro is that? (the guest) 1247889037 M * tdjacr2 .10 is the vserver and .11 is the master 1247889044 M * tdjacr2 The guest is Ubuntu Server 1247889050 M * tdjacr2 Host is Debian 1247889063 M * cehteh dreamteam :P 1247889069 M * tdjacr2 ? 1247889071 M * Bertl tdjacr2: and you did restart that guest already, yes? 1247889072 M * cehteh jk 1247889114 M * tdjacr2 Yes Bertl. 1247889116 M * cehteh debians way packaging the vserver utils is a bit strange (ot at least was last time i looked) but i building them by myself since ages 1247889144 M * cehteh Bertl: the halt -f is still required orß 1247889184 M * Bertl tdjacr2: okay, then the 'shutdown' touched some file, most likely in / or in /tmp or /etc, which tells sshd that the system is going down (which isn't true anymore, but nobody cleaned it up) 1247889195 M * tdjacr2 Okay 1247889210 M * tdjacr2 Which would those be :p 1247889253 M * Bertl I'd suggest to execute the shutdown command once again (via vserver .. enter) but this time with strace -fF, to see what it does, and to find that file :) 1247889269 M * tdjacr2 When I try init, shutdown or reboot, I get shutdown: Unable to send message: Connection refused 1247889279 M * Bertl yes, that is expected 1247889305 M * Bertl your guest uses sysv init style, where it doesn't have a separate init process running 1247889331 M * Bertl init/telinit/shutdown/reboot just try to contact init, which naturally fails in such a setup 1247889351 M * tdjacr2 Ubuntu doesn't use sysv iirc 1247889369 M * Bertl you can either use 'shutdown/reboot -f' or switch to 'plain' init style (which gives your guest a separate init process) 1247889402 M * Bertl it's util-vserver who uses that init style, not the distribution :) 1247889409 M * tdjacr2 ps aux shows init [2] 1247889438 M * Bertl which is a blend-through version of the host's init process 1247889443 M * Bertl (mostly to make stuff like pstree happy :) 1247889509 M * tdjacr2 I did reboot -f, the system remained on. 1247889560 M * Bertl well, you said you are using debian, so I presume, you are also using the 'known-to-be-broken' debian packages for util-vserver and the kernel, yes? 1247889580 M * tdjacr2 I guess so. 1247889602 M * Bertl anyway, your main problem atm is not to fix reboot (with or without -f) but to find that file which blocks your ssh 1247889622 M * tdjacr2 Yeah 1247889646 M * Bertl so, either talk to the ubuntu folks (maybe they know which file and where) or run the strafce -fF :) 1247889669 M * Bertl note, you could also strace the sshd, if you prefer that 1247889695 M * Bertl I would opt for a .nologin or nologin file 1247889695 M * tdjacr2 I am trying that 1247889794 M * tdjacr2 /etc/nologin 1247889797 M * tdjacr2 Thanks! 1247889798 M * Bertl cehteh: on a sysv guest, yes, unless somebody improved on init 1247889814 M * Bertl tdjacr2: you're welcome! 1247889840 M * Bertl cehteh: if you use 'plain' init style, the reboot/halt will do (as init can be contacted) 1247889845 A * cehteh uses normal sysv init but rc-file instead the symlink farm, i am quite happy with that 1247889870 M * tdjacr2 I thought Ubuntu didn't use sysv 1247889875 M * cehteh yes plain init 1247889886 M * cehteh not? 1247889889 J * balbir_ ~balbir@122.172.37.7 1247889959 M * Bertl tdjacr2: what does you /etc/vservers//apps/init/style contain? 1247889993 M * Bertl (or is that file missing?) 1247890020 M * tdjacr2 Missing 1247890058 M * Bertl then your guest is using sysv init style (which is the default), regardless whether ubuntu uses sysv or not :) 1247890070 M * tdjacr2 Ah okay 1247890078 M * tdjacr2 Which is better? 1247890100 M * Bertl that really depends on what your setup is 1247890108 M * tdjacr2 Okay 1247890120 M * Bertl for example, if you want to run init based services, you need an init process 1247890127 M * tdjacr2 I have a few errors on stopping the vserver. 1247890140 M * tdjacr2 Bertl: What is an example of that 1247890156 M * Bertl anything which is in /etc/inittab 1247890167 M * tdjacr2 * Deconfiguring network interfaces... [fail] * Unmounting temporary filesystems... umount: /var/lib/vservers/vserver1/tmp: not found umount: none: not found umount: /tmp: must be superuser to umount umount: none: not found umount: /tmp: must be superuser to umount 1247890202 M * tdjacr2 Bertl: nmap doesn't seem to work from the vserver, either. 1247890218 M * Bertl that is stuff your guest isn't supposed to do (i.e. the distro running inside the guest), and with proper util-vserver (not the debian default one) your guests would be cleaned up properly, and those commands not executed 1247890249 M * tdjacr2 Okay 1247890256 M * tdjacr2 Should I go compile it then? 1247890257 M * Bertl nmap is working below the IP layer, it crafts (sometimes quite strange) packets, and thus is is not allowed inside a guest (which uses IP isolation) 1247890258 A * cehteh has a extra vserver with elevated privileges to run such hardware related things 1247890270 M * cehteh ntop ntp .. 1247890288 M * tdjacr2 So there is no way of getting nmap working? 1247890292 M * cehteh generally you dont want that in a normal vserver 1247890307 M * tdjacr2 socket troubles in Init: Operation not permitted (1) 1247890313 M * tdjacr2 cehteh: Why not? 1247890323 M * Bertl sure, you can give the necessary capabilities to your guest, opening up a potential security leak 1247890328 M * cehteh you need to give the vserver permissions which it better shall not have 1247890339 M * tdjacr2 Okay 1247890349 M * cehteh well you dont want those programms on the root server either 1247890359 M * tdjacr2 why not...? 1247890369 M * cehteh so make an extra vserver for that with the necessary capabilities 1247890397 M * tdjacr2 well you dont want those programms on the root server either 1247890398 M * tdjacr2 ? 1247890404 M * cehteh the root server should only contain the bare minimum of things 1247890432 M * tdjacr2 Okay 1247890433 M * cehteh here that means an sshd, no user accounts and vserver utils, firewalling, tools to build the kernel 1247890448 M * Bertl actually that is up to you, although it is common practice to keep the host apps low 1247890449 M * tdjacr2 So I should compile the utils 1247890450 M * cehteh but nothing more, at least no other daemons 1247890473 M * cehteh ah yes and i have AIDE running on the root supervising all vservers 1247890485 M * Bertl you should probably switch to recent util-vserver and a recent kernel, yes 1247890492 M * cehteh but nothing which does networking except the sshd 1247890504 M * Bertl (you might find precompiled packages for debian too, just not in stable :) 1247890512 M * cehteh hehe 1247890547 M * Bertl so, I'm off to bed now .. have fun everyone! 1247890551 M * tdjacr2 Is 2.6.26-2-vserver-686 a good kernel? 1247890553 N * Bertl Bertl_zZ 1247890560 M * tdjacr2 Thanks Bertl_zZ 1247890560 M * Bertl_zZ tdjacr2: nope 1247890568 M * cehteh tdjacr2: http://www.pipapo.org/pipawiki/RootServerSetup how our vserver is set up, bit personal touch, but maybe inspiring 1247890590 M * tdjacr2 OOkay 1247890606 M * cehteh distribute the crontab hourly/daily/monthly runners is also important 1247890623 M * cehteh you dont want to start all hourly jobs at exact the same time from a dozen vservers 1247891003 M * tdjacr2 How does vserver compare to openvz? 1247891076 M * cehteh bit similar, vserver is the older community project, while openvz is commercial 1247891131 M * cehteh they share no code and features are bit different 1247891162 M * tdjacr2 Which performs nicer? 1247891179 M * cehteh dunno, you hardly find anyone who has both in production 1247891198 M * tdjacr2 True. 1247891206 M * cehteh can openvz do hardlinking and cow linking? 1247891207 M * tdjacr2 I may go and try OpenVZ 1247891215 M * tdjacr2 I'm unaware. 1247891225 M * cehteh i think the performance will not really differ much 1247891253 M * cehteh and vserver/openvz are not virtual machines, you are really close to native perfomance 1247891313 M * cehteh vservers hardlinking is extremely cool because you save disk space first, and more importantly gross ram space when you run similar distris in the vservers 1247891323 M * cehteh since the kernel needs to map libs only once into memory 1247891339 M * tdjacr2 Maybe I'll just stick with vserver 1247891355 M * cehteh i wont recommend anything else :) 1247891394 M * cehteh openvz has some other featuresm when you need those maybe then you look at it .. like life.migration to another machine 1247891421 M * tdjacr2 But it has an older kernel too. 1247891428 M * cehteh so basically look what you really need 1247891433 M * tdjacr2 When I have a better machine, I might use Xen. 1247891449 M * cehteh i intentionally dont use xen 1247891457 M * tdjacr2 I use this as a jail, which certain friends are allowed to log into. 1247891464 M * cehteh vserver has much better performance 1247891478 M * cehteh and resources are shared while for xen you need to divide them through the instances 1247891497 M * tdjacr2 I know. 1247891506 M * tdjacr2 But I belive xen kernels are newer 1247891508 M * cehteh xen makes sense when you need to run another kernel 1247891513 M * cehteh huh 1247891532 M * cehteh i think there are patches for almost the most recent kernel for vserver 1247891563 M * cehteh dunno .. sometimes bertl is one or 2 revisions behind 1247891574 M * cehteh and 2.6.29 was utterly crap anyways 1247891578 M * tdjacr2 30.1? 1247891597 M * cehteh i am running 2.6.28 and dont upgrade soon 1247891620 M * cehteh i think there are patches for .30 1247891631 M * cehteh didnt checked and i dont know if they are complete/useable yet 1247891662 M * cehteh there where some changes on the kernel interfaces which made porting a bit pita afaik 1247891769 M * cehteh http://vserver.13thfloor.at/Experimental/ 1247892142 J * doener_ ~doener@i59F56D72.versanet.de 1247892247 Q * doener Ping timeout: 480 seconds 1247892795 Q * tdjacr2 Quit: http://www.mibbit.com ajax IRC Client 1247892948 J * scientes_ ~scientes@174-21-105-2.tukw.qwest.net 1247894082 J * the-vava ~vava@p5496C687.dip.t-dialin.net 1247894481 Q * VavaR Ping timeout: 480 seconds 1247899869 J * docelic ~docelic@78.134.200.176 1247899874 Q * allquixotic Remote host closed the connection 1247899937 J * allquixotic ~sean@pool-70-17-238-89.balt.east.verizon.net 1247904420 J * esa bip@62.123.79.213 1247904883 J * esa` bip@ppp-62-123-66-204.dial.atlanet.it 1247904901 Q * esa Ping timeout: 480 seconds 1247905357 J * esa bip@62.123.13.223 1247905366 Q * esa` Ping timeout: 480 seconds 1247906472 Q * docelic Quit: http://www.spinlocksolutions.com/ 1247906997 J * esa` bip@62.123.64.158 1247907016 Q * esa Ping timeout: 480 seconds 1247907644 J * esa bip@62.123.13.223 1247907662 Q * esa` Ping timeout: 480 seconds 1247908287 J * esa` bip@62.123.12.36 1247908307 Q * esa Ping timeout: 480 seconds 1247908782 J * pmenier ~pmenier@ACaen-152-1-13-236.w83-115.abo.wanadoo.fr 1247908951 Q * esa` Ping timeout: 480 seconds 1247909466 J * ekle ~andreas@p54A218F5.dip0.t-ipconnect.de 1247910409 J * dna ~dna@128-205-103-86.dynamic.dsl.tng.de 1247911026 M * ekle hi, i have installed mysql 5 in a vserver and i get very often a "connection lost". is der any known problem with mysql5 ? 1247911388 M * pmenier ekle: i run a mysql5 server in a vserver since several months.. no problem 1247911460 M * pmenier in my.cnf i added bind-address= ip-vserver 1247911509 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1247911546 M * pmenier but it's a personal choice, bind-address=127.0.0.1 works, too 1247911779 M * ekle i connect to the mysql on the vserver from different other vserver including the host, but the longer the connection takes the more often the connection get lost 1247911828 M * ekle ist there some kind of connections limit ? 1247911976 M * ekle a remotely connectet mtop also gets a connection lost some times. 1247911980 M * trippeh There is idle timeout in mysql that can be tuned 1247912065 M * trippeh Anyway, the application connecting should handle a disconnect due to idling. 1247912270 M * ekle i mean a max connections from the kernel or something like that 1247912301 M * ekle is there anything that can be reached on a heavily used server ? 1247916287 N * Bertl_zZ Bertl 1247916293 M * Bertl morning folks! 1247916368 M * Bertl ekle: first, what kernel/patch version, second, what limits do you have set on your guest, third, what does dmesg show on the host? 1247918263 Q * bonbons Quit: Leaving 1247918650 M * ekle 1. its the debian lenny vserver kernel: linux-image-2.6.26-2-vserver-amd64 1247918669 M * ekle 2. i have not set any limits, all is on default 1247918698 M * ekle 3. dmesg show a much of: [109155.285141] vxW: [�ps�,12205:#40002|40002|40002] did lookup hidden ffff8102370e3b68[#0,4] �/dev/pts�. 1247918720 M * ekle and one line: [109219.650288] vxW: [xid #40002] !!! limit: ffff8101e7f96078[LOCKS,10] = -31 on exit. 1247918979 M * Bertl well, the debian 2.6.26 kernel is known to be broken, don't use it 1247919035 M * Bertl I'd suggest to update to a recent kernel and util-vserver version and try again (no point in testing with an outdated and broken version :) 1247919079 M * Bertl off for now .. bbl 1247919083 N * Bertl Bertl_oO 1247919381 Q * Abraxas_ Remote host closed the connection 1247919469 J * Abraxas ~Abraxas@94-224-69-84.access.telenet.be 1247919535 Q * Abraxas Remote host closed the connection 1247919597 J * Abraxas ~Abraxas@94-224-69-84.access.telenet.be 1247921614 J * docelic ~docelic@78.134.196.35 1247923715 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1247926094 N * Bertl_oO Bertl 1247926100 M * Bertl back now ... 1247926387 Q * dowdle Remote host closed the connection 1247928106 Q * dna Quit: Verlassend 1247930023 J * mxs mxs@p4FCCABE9.dip.t-dialin.net 1247930372 Q * mxs_ Ping timeout: 480 seconds 1247930960 J * geb ~geb@AOrleans-253-1-42-146.w92-140.abo.wanadoo.fr 1247931477 M * geb hi 1247933294 Q * ekle Quit: Leaving. 1247934440 Q * scientes_ Remote host closed the connection 1247934498 J * scientes ~scientes@174-21-105-2.tukw.qwest.net 1247934677 Q * geb Ping timeout: 480 seconds 1247936854 J * larsivi ~larsivi@70.84-48-63.nextgentel.com 1247944264 Q * pmenier Quit: Konversation terminated! 1247944711 J * imcsk8 ~ichavero@189.155.135.32 1247947301 J * hparker ~hparker@2001:470:1f0f:32c:290:96ff:fe50:40fa 1247947983 J * scientes_ ~scientes@174-21-105-34.tukw.qwest.net 1247948184 Q * ghislainocfs2 Quit: Leaving. 1247948248 Q * scientes Ping timeout: 480 seconds 1247949582 M * Mr_Smoke Hm hi 1247949593 M * Mr_Smoke I tried VIRT_CPU and VIRT_LOAD recently 1247949618 M * Mr_Smoke But for some reason htop still "saw" all cores happily grinding at some compilation that happened in another context 1247949624 M * Mr_Smoke Is this "normal" ? 1247949886 M * Bertl depends on the kernel/patch version :) 1247951236 M * Mr_Smoke hm 1247951253 M * Mr_Smoke 2.6.22.19-vs2.2.0.7 1247951322 M * Mr_Smoke +grsec+ipv6 1247951531 M * Bertl VIRT_LOAD should be working there, VIRT_CPU is not implemented in this patch 1247952016 Q * hparker Quit: Read error: 104 (Peer reset by connection) 1247952641 Q * scientes_ Ping timeout: 480 seconds 1247953228 M * Mr_Smoke Bertl: ok, maybe I got it wrong then. I was under the impression that it would prevent the container from getting info regarding the global load 1247953235 M * Mr_Smoke (which doesn't work , apparently) 1247953461 M * Bertl it provides a guest specific view to the load average 1247953722 M * Mr_Smoke hm 1247953723 M * Mr_Smoke Ah ok 1247953739 M * Mr_Smoke I thought the instant cpu load was virtualized too 1247953777 M * Bertl there is no such thing :) there is load, and cpu usage :) 1247953800 M * Bertl the load (and load average) is the number of processes (and the average over time) 1247953838 M * Bertl this is virtualized via the VIRT_LOAD, the cpu usage is virtualized via the VIRT_CPU (which isn't implemented in this patch) 1247954722 J * alaska ~alaska@189-19-126-97.dsl.telesp.net.br 1247954733 P * alaska 1247954886 M * Mr_Smoke Yeap, I mean CPU usage, my bad (long day) :p 1247954896 M * Bertl np 1247954915 M * Mr_Smoke Oh well, I'll live without it until the next unavoidable reboot :) 1247954978 M * Mr_Smoke Nighty nite 1247956422 Q * docelic Quit: http://www.spinlocksolutions.com/ 1247956533 Q * bonbons Quit: Leaving 1247957900 Q * imcsk8 Quit: This computer has gone to sleep 1247960122 Q * PowerKe Read error: Connection reset by peer 1247960205 J * PowerKe ~tom@d5153A5EC.access.telenet.be 1247960405 Q * PowerKe 1247960418 J * PowerKe ~tom@d5153A5EC.access.telenet.be 1247961264 Q * allquixotic Quit: Ex-Chat