1259712646 J * jrklein ~jrklein@ppp-70-130-46-49.dsl.wchtks.swbell.net 1259713321 Q * barismetin Quit: Leaving... 1259714311 J * blues_ ~blues@dqq143.neoplus.adsl.tpnet.pl 1259714433 Q * blues Ping timeout: 480 seconds 1259714644 Q * geb Quit: / 1259714966 Q * Dinde Quit: vserver ftw 1259715057 Q * AmokPaule Remote host closed the connection 1259716174 Q * dowdle Remote host closed the connection 1259716617 Q * imcsk8 Quit: Leaving 1259717995 Q * judasbelt Quit: Leaving 1259718114 Q * gavbaa Quit: gavbaa 1259718718 N * infowolfe_ infowolfe 1259721188 Q * thierryp Remote host closed the connection 1259721835 J * AmokPaule ~amokpaule@brsg-4dbbb260.pool.mediaWays.net 1259721887 Q * AmokPaule 1259726203 J * saulus_ ~saulus@c152224.adsl.hansenet.de 1259726414 J * saulus__ ~saulus@c207012.adsl.hansenet.de 1259726612 Q * SauLus Ping timeout: 480 seconds 1259726612 N * saulus__ SauLus 1259726878 Q * saulus_ Ping timeout: 480 seconds 1259726944 J * scientes ~scientes@174-21-140-29.tukw.qwest.net 1259727427 Q * scientes Ping timeout: 480 seconds 1259727949 J * scientes ~scientes@174-21-140-29.tukw.qwest.net 1259728562 J * fback_ fback@red.fback.net 1259728562 Q * fback Remote host closed the connection 1259729472 Q * balbir Ping timeout: 480 seconds 1259731617 M * Bertl off to bed now ... have a good one everyone! 1259731624 N * Bertl Bertl_zZ 1259733745 J * Hollow_ ~bene@shiva.xnull.de 1259733745 J * _Shiva_ shiva@whatcha.looking.at 1259733745 Q * Hollow Read error: Connection reset by peer 1259733752 J * n01101111x ~nox@host.noxlux.de 1259733843 Q * _Shiva__ Read error: Connection reset by peer 1259733848 Q * nox Remote host closed the connection 1259733848 N * n01101111x nox 1259734810 Q * scientes Ping timeout: 480 seconds 1259735327 J * balbir ~balbir@122.181.150.106 1259735390 J * scientes ~scientes@174-21-140-29.tukw.qwest.net 1259736758 J * ntrs__ ~ntrs@77.28.0.177 1259737598 J * swen ~quassel@217.72.66.253 1259738220 J * geb ~geb@79.82.4.199 1259738592 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1259739149 J * ghislain1 ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1259739181 Q * ghislain1 1259739312 Q * derjohn_mob Ping timeout: 480 seconds 1259739431 J * ghislain1 ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1259739433 Q * ghislain Ping timeout: 480 seconds 1259739817 J * ghislain ~AQUEOS@LPuteaux-151-41-11-129.w217-128.abo.wanadoo.fr 1259740183 Q * ghislain1 Ping timeout: 480 seconds 1259740316 Q * balbir Ping timeout: 480 seconds 1259740937 Q * scientes Ping timeout: 480 seconds 1259740968 Q * geb Ping timeout: 480 seconds 1259740978 J * geb ~geb@earth.gebura.eu.org 1259741175 J * friendly ~friendly@ppp118-209-31-140.lns20.mel4.internode.on.net 1259741469 Q * friendly Remote host closed the connection 1259741496 J * scientes ~scientes@174-21-140-29.tukw.qwest.net 1259742627 M * badiane I think that this is what swen: was trying to accomplish http://allmybrain.com/2007/10/02/using-linux-ha-for-high-availability-with-gentoo-and-linux-vserver/ 1259742710 J * ntrs_ ~ntrs@77.29.5.20 1259742720 Q * ntrs__ Read error: Connection reset by peer 1259743078 M * swen badiane: let me try it :D 1259743082 M * swen tnx 1259743163 M * badiane not a problem. 1259743217 M * badiane this method is used by many load balancers or systems where redundancy is needed like carp setup on bsd or ucarp setup on linux 1259743237 M * badiane also netscaler from citrix does the same and another product by ibm. 1259743241 M * badiane :-) 1259743307 J * rush2end_ ~rush2end@114-45-233-150.dynamic.hinet.net 1259743330 Q * rush2end_ 1259743345 J * rush2end ~rush2end@114-45-233-150.dynamic.hinet.net 1259743361 J * shedi ~siggi@host90-152-67-100.ipv4.regusnet.com 1259743634 M * swen badiane: yes well, he is not trying to assign same IP to different vserver guests - he is just passing it back and forth 1259743688 M * swen maybe I'll just go with Gateway mode 1259743699 M * swen tnx anyway 1259743713 M * swen it's nice to know somebody else is taking interest :D 1259743729 M * daniel_hozac what are you trying to accomplish? 1259743793 Q * rush2end Quit: leaving 1259743795 M * swen I'm trying to assign -same- IP to different vserver guests (same IP being on different interfaces) 1259743820 M * swen I.e.: 1259743820 M * swen * ip 1.1.1.1 on dummy0 interface to guest1 1259743820 M * swen * ip 1.1.1.1 on dummy1 interface to guest2 1259743841 M * badiane yes but you're trying to load balance right 1259743845 M * badiane that's what the vps is for 1259743847 M * daniel_hozac i'm not sure what the purpose of that would be. 1259743864 M * swen But as soon I create another interface with same IP it gets shown in currently running host which already has this IP on different interface 1259743869 M * badiane vps uses a mix of arp and vip 1259743884 M * daniel_hozac yes. 1259743888 M * daniel_hozac as it should. 1259743897 M * badiane the idea is that you create a virtual ip 1259743908 M * swen yes 1259743910 M * badiane and the real ips are on the machine 1259743932 M * swen and this virtual IP must be present on every real host 1259743939 M * badiane the vip moves to the real machine depending on whatever factors you've chosen (load, time, etc) 1259743945 M * badiane no 1259743951 M * swen no no 1259743968 M * swen vip is accessed through loadbalancer 1259743971 M * badiane ok let me refer to my experience with a load balancer 1259743974 M * badiane yes 1259743984 M * badiane the load balancer then directs 1259743998 M * badiane the requests based on whatever factor you choose 1259744004 M * badiane to the real server in the back end 1259744017 M * badiane it's a form of reverse proxy 1259744020 M * swen I tried to setup LVS with DirectRouting method 1259744059 M * swen which means that only initial packet gets forwarded through loadbalancer 1259744116 M * swen AFAIK the TCP session gets established between real server and client (bypassing loadbalancer) 1259744131 M * badiane yes 1259744136 J * friendly ~friendly@ppp118-209-31-140.lns20.mel4.internode.on.net 1259744143 M * swen and that is why virtual ip must be present on all real servers 1259744145 M * badiane but I think, if I remember well it has to do with arps 1259744176 M * badiane yes I think I remember where I had to deal with that 1259744187 M * badiane it was a system from IBM 1259744200 M * swen you must disable ARP announce for VirtualIP on real hosts 1259744208 M * badiane don't recall the details but I remember who was in charge of it. 1259744225 M * badiane as it states in the gentoo example 1259744298 M * swen badiane: yes - but this guy isn't using -same- IP on more than one gusts 1259744316 M * swen at the begining he states he has 2 phisical machines 1259744336 M * badiane I noticed that; was rereading 1259744358 M * badiane he's more interested in HA. 1259744826 J * rush2end ~rush2end@114-45-233-150.dynamic.hinet.net 1259744877 Q * rush2end 1259745004 J * rush2end ~rush2end@114-45-233-150.dynamic.hinet.net 1259745222 Q * ntrs_ Ping timeout: 480 seconds 1259745348 M * shedi Greetings 1259745356 M * shedi I've had endless kernel problems, most of them have nothing to do with vserver, excluding the problem I had with the latest lenny linux vserver image. 1259745369 M * shedi Because of my problems, I have to use the latest stable kernel with the latest development vserver patch. Which seem to work ok. 1259745382 M * shedi Even though everything seems to be running fine, I notice my dmesg is filling up with puke, and that worries me. 1259745394 M * shedi Here is a link to the dmesg puke http://pastebin.com/d4e3fe10b 1259745429 M * shedi Is this normal? 1259745595 M * daniel_hozac you're out of memory. 1259745609 M * shedi that's it 1259745626 M * shedi the context is bumping it's head against the limit 1259745763 M * blathijs swen: I've discussed your setup with Bertl a bit last night, and we concluded that it's probably not the right way to use with vservers. 1259745777 J * thierryp ~thierry@home.parmentelat.net 1259745788 M * swen blathijs: yes, It would seem so 1259745824 M * blathijs swen: There's really no way to bind the same port on the same ip multiple times on the same host (unless perhaps you do network device or stack virtualization, which vserver doesn't) 1259745849 M * daniel_hozac swen: what exactly are you trying to accomplish? 1259745895 M * blathijs swen: But I still think DNAT works just as well for what you want to achieve. You can even DNAT to a range of addresses (vservers), which will achieve some loadbalancing. 1259745920 M * swen daniel_hozac: I'm trying to create a LVS-DR setup vith vserver 1259745948 M * blathijs swen: And if you want to have multiple real hosts with multiple vservers each, you can probably use direct routing lvs for balancing between the real hosts and DNAT for balancing between the vservers per host. 1259746035 M * swen blathijs: yes I know that - it's just that then this service is not available on same network with real servers (at least not without some network magic on gateway) and secondly - loadbalancing software must run on gateway 1259746081 M * blathijs it's just that then this service is not available on same network with real servers (at least not without some network magic on gateway) <-- Huh? 1259746108 M * blathijs loadbalancing software must run on gateway <-- Is the loadbalancing more complicated than just doing round-robin over the servers? 1259746150 M * swen well, you can configure it 3 different ways 1259746183 M * daniel_hozac swen: and the problem is what, exactly? 1259746223 M * swen with direct routing (what im trying to accomplish), witn NAT-ing (gateway) or tunneling (haven't tried it yet) 1259746285 M * swen daniel_hozac: direct routing to work, one must configure virtual IP on every so called "real host" 1259746308 M * daniel_hozac yes, so? 1259746333 M * swen daniel_hozac: so if I want to run multiple "real hosts" whitin same vserver host I must configure -same- IP to different vserver guests 1259746351 M * daniel_hozac yes. 1259746363 M * swen daniel_hozac: and vserver does not handle that well 1259746369 M * daniel_hozac uh, yeah, it does. 1259746380 M * swen really? 1259746382 M * swen how? 1259746389 M * swen please help 1259746394 M * daniel_hozac PlanetLab operates hundreds of nodes with every guest using the same IP. 1259746414 M * swen how can you achieve that? 1259746431 M * daniel_hozac just assign the same IP to them all. 1259746452 M * daniel_hozac there's nothing more to it... 1259746516 M * daniel_hozac so that's not your issue. 1259746522 M * swen but can you then bind services from different vserver guests to the same port? 1259746531 M * daniel_hozac you can't. 1259746590 M * daniel_hozac is there a reason you're trying to use DR? 1259746602 M * swen yup - few of them 1259746605 M * daniel_hozac for DR to work, you need at the very least different MAC addresses. 1259746631 M * daniel_hozac which you won't get using a single interface on the host, unless you do some macvlan trickery. 1259746644 M * swen no 1259746663 M * swen i tried to create separated dummy devices for each guest 1259746667 M * daniel_hozac that won't help. 1259746675 M * daniel_hozac you just need one interface. 1259746687 M * daniel_hozac that's just to make the host accept the packets. 1259746695 M * swen yes I know 1259746705 M * daniel_hozac your issue is distinguishing traffic to one guest from the other. 1259746723 M * daniel_hozac since you only have one MAC address, you'll get packets that are identical.. 1259746748 M * swen huh? 1259746749 M * daniel_hozac you could use macvlan and put the real IPs on there. 1259746776 J * derjohn_mob ~aj@tmo-100-227.customers.d1-online.com 1259746785 M * swen i do have different real ips and same virtual IP 1259746794 M * daniel_hozac yes. 1259746801 M * daniel_hozac but the real IP is only used for the ARP lookup. 1259746804 M * daniel_hozac it doesn't make it into the packet. 1259746870 M * daniel_hozac so there is absolutely no way for your host to tell packets for one guest apart from the other. 1259746883 M * yang hello daniel_hozac I am looking at Installation manual for CentOS guest systems, but I have debian on host, how do I proceed ? 1259746884 M * swen o I see 1259746904 M * daniel_hozac yang: same. just apt-get install yum first. 1259746931 M * swen daniel_hozac: thanks for explanation 1259746939 M * yang ok 1259746946 M * daniel_hozac swen: with macvlan, you could at least get different MAC addresses, which you could then use to direct the packets to different guests. 1259747027 M * swen daniel_hozac: maybe - but still (balancing asside) I'd have a problem assigning same ip on different interfaces to different hosts 1259747038 M * daniel_hozac you don't need that. 1259747045 M * daniel_hozac you only need one interface with the virtual IP. 1259747073 M * daniel_hozac well, actually, since you'd have to NAT it to the guests' real IPs anyway, you wouldn't even need that. 1259747078 M * swen so you are saying I don't need to bind service to virtual IP? 1259747082 M * daniel_hozac no. 1259747091 M * daniel_hozac you, in fact, shouldn't. 1259747158 M * swen hmmm.... 1259747163 M * swen let me try it 1259747191 M * daniel_hozac basically, you'd need something like iptables -t nat -A PREROUTING -i macvlan0 -j DNAT --to 1259747203 M * daniel_hozac (along with creating macvlan0, of course) 1259747335 M * swen and how would I involve guest2 into this config? 1259747352 M * daniel_hozac add macvlan1, and add another rule like that. 1259747405 M * swen but you said I'd need only one interface with virtual IP 1259747411 M * daniel_hozac yes. 1259747418 M * daniel_hozac then i took that back. 1259747423 M * daniel_hozac you won't need it at all :-) 1259747445 M * daniel_hozac your macvlan* interfaces could use your guests' real IP. 1259747478 M * swen damn....now you lost me 1259747532 M * swen where do I assign virtual IP then? 1259747599 M * daniel_hozac you don't. 1259747613 M * daniel_hozac i mean, you can. 1259747620 M * daniel_hozac it's probably safer to do so. 1259747633 M * daniel_hozac it would require less setup that way. 1259747641 M * daniel_hozac but it is not a strict requirement. 1259747652 M * daniel_hozac so just setup a dummy0 with your virtual IP. 1259747680 M * yang daniel_hozac: when building guests , -d centos5 (is the latest centos version) ? 1259747685 M * daniel_hozac yes. 1259747767 M * yang daniel_hozac: ok, when proceeding with (debian) yum install I get - mount: mount point /etc/rpm does not exist 1259747793 M * daniel_hozac swen: okay, so like this. you setup dummy0 with the virtual IP. you create macvlan[0-n] for each of your guests, with their real IP assigned. you create an iptables rule for each guest, redirecting traffic coming in on their macvlan interface to their real IP. 1259747823 M * daniel_hozac yang: yeah, the rpm package is broken. you have to mkdir /etc/rpm yourself. 1259747831 M * blathijs daniel_hozac: That's actually quite clever :-) 1259747866 M * swen daniel_hozac: oh I get it now - dummy interface is actually hidden from guests 1259747876 M * daniel_hozac yes. 1259747897 M * swen allright - will try that! 1259747927 M * swen another topic: what is by your opinion best distro to use as vserver host? 1259747942 M * yang daniel_hozac: thanks, its proceeding with some "warnings" 1259747980 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1259748208 Q * friendly Quit: Leaving. 1259748357 M * yang daniel_hozac: I guess these errors can be silently ignored - http://pastebin.ca/1698094 1259748374 M * daniel_hozac usually. 1259748462 J * taenzerme ~Adium@static-87-79-237-223.netcologne.de 1259748519 M * yang yeah, it seems to be working :) 1259748681 M * yang daniel_hozac: not quite - http://pastebin.ca/1698099 1259748711 M * yang i did vserver vserver2 exec bash -c "rm -f /var/lib/rpm/__db*; rpm --rebuilddb" 1259748717 M * yang on a running guest 1259748734 M * daniel_hozac and you internalized package management before that? 1259748737 M * yang yes 1259748755 M * daniel_hozac well, looks like your rpm on the host is new and shiny. 1259748804 M * yang yes, its brand new, I havent proceeded with any other steps 1259748865 M * yang so, what I need to do is to place yum in the proper value, and install sshd 1259748921 M * yang bash: passwd: command not found 1259748930 M * yang hm strange 1259748963 Q * derjohn_mob Ping timeout: 480 seconds 1259749051 M * yang if you don't mind helping me in a query ? 1259749068 M * daniel_hozac you have to install passwd, and run pwconv. 1259749120 M * daniel_hozac i'm not sure how to work around the database issue... possibly just yum'ing everything again with it only modifying the database. 1259749125 M * daniel_hozac (after removing the old one) 1259749303 Q * Piet Remote host closed the connection 1259749391 J * Piet ~Piet__@04ZAACOP6.tor-irc.dnsbl.oftc.net 1259749401 M * yang vyum vserver2 -- install yum --justdb (performed on host, with a running guest)? 1259749462 M * daniel_hozac no, rm -fr /var/lib/rpm/* on the guest, and yum install coreutils initscripts setup 1259749473 M * daniel_hozac or, maybe mv /var/lib/rpm{,.bak} 1259749490 M * daniel_hozac well, you need an rpm --initdb after that. 1259749522 M * swen daniel_hozac: I just wanted to tell you that this macvlan trick is working beutifully 1259749531 M * daniel_hozac swen: great. 1259749537 M * swen thank you very much 1259749539 M * yang I am such a CentOS dumbhead - http://pastebin.ca/1698109 1259749557 M * daniel_hozac do you have /etc/resolv.conf in the guest? 1259749571 M * yang ok DNS issue, a moment 1259749598 M * yang what is the default editor? 1259749604 M * yang vi/vim doesnt work 1259749631 M * daniel_hozac there isn't one. 1259749643 M * daniel_hozac it's a minimal guest. 1259749651 M * yang heh, so ... 1259749655 M * yang I will echo 1259749660 M * yang ok 1259749723 M * yang http://pastebin.ca/1698111 1259749788 M * daniel_hozac ah, right. you'll want to copy /usr/lib*/util-vserver/distributions/centos5/yum.repos.d/* to /etc/yum.repos.d on the guest. 1259749811 M * yang daniel_hozac: I am just not used to not having editors/passwd commands in the minimum base, since these are provided with debian. 1259749930 M * yang daniel_hozac: there doesn't seem to be util-vserver directory in /usr/lib or /usr/libexec 1259750017 M * yang but such directory exists on host 1259750026 M * daniel_hozac yes, from the host. 1259750037 M * yang ok 1259750046 J * derjohn_mob ~aj@tmo-108-154.customers.d1-online.com 1259750217 M * yang daniel_hozac: ok, yum works now...maybe you should add this info to Building guests (CentOS) what do you think... ? 1259750281 M * yang wiki I mean 1259750282 M * daniel_hozac i'll add something to the yum build method instead. 1259750358 J * ntrs ~ntrs@77.29.5.20 1259751198 M * mnemoc daniel_hozac: hi, may I extend secure_mount to -n if read-only or mtab symlinks /proc/mounts ? or the checks at vserver.functions are preferred? 1259751291 M * mnemoc (vserver.functions currently makes test -w, which doesn't cover the symlink care and whines a lot when starting guests that use that symlink) 1259751301 M * mnemoc case* 1259751313 M * daniel_hozac why doesn't test -w work? 1259751321 M * daniel_hozac /proc/mounts can't be written to. 1259751479 M * mnemoc test doesn't dereference the symlinks 1259751484 M * daniel_hozac yeah it does. 1259751550 M * daniel_hozac well, hmm. 1259751570 M * daniel_hozac apparently you can even open /proc/mounts for writing. 1259751606 M * mnemoc uhm 1259751668 M * daniel_hozac i would say that's a... peculiarity. 1259751743 M * daniel_hozac but i guess a test -h etc/mtab wouldn't hurt as well. 1259751784 M * mnemoc assuming that if it's a symlink it points to /proc/mounts? 1259751795 M * mnemoc or adding the $(readlink) ? 1259751841 M * daniel_hozac well, IIRC, the way we and mount write it, a symlink wouldn't work anwyay. 1259751862 M * daniel_hozac might just be mount. 1259751897 M * mnemoc the symlink works fine unless you want quotas or other funny things 1259751911 M * daniel_hozac i mean, a symlink to a file. 1259751924 M * daniel_hozac symlink to /proc/mounts is a different case. 1259751982 M * daniel_hozac i think it's a fair assumption though. 1259751992 M * daniel_hozac or... hmm. 1259752009 M * daniel_hozac i guess the readlink won't hurt. 1259752096 M * mnemoc daniel_hozac: http://dpaste.com/127886/ <--- like this ? 1259752129 M * mnemoc that is the change i'm using... but it looks somehow.... weird 1259752160 M * mnemoc well... using test instead of [ looks weird :) 1259752182 M * daniel_hozac http://paste.linux-vserver.org/14066 1259752189 M * daniel_hozac is what i was thinking. 1259752344 M * mnemoc yours handle the /etc/mtab -> /proc/self/mounts case 1259752349 M * daniel_hozac yes. 1259752401 M * mnemoc ok, i'll take your diff as "upstream patch" :) thanks! 1259752469 M * mnemoc btw.... any plan to release a 0.30.215.1 anytime soon? I gave up in waiting for .216 :) 1259752562 M * daniel_hozac 1.0 is just around the corner! 1259752584 M * daniel_hozac nah, seriously, 0.30.216 just needs a few more things and a lot of testing first. 1259752631 M * daniel_hozac there's been changes in the way you have to build Fedora/CentOS reliably, so that needs to be taken care of. 1259752653 M * mnemoc ic 1259752686 M * daniel_hozac i'd also like to get the pid spaces working first. 1259752739 M * mnemoc that's why I was wondering about a "maintainanace release" for .215.... including all the changes that don't need "a lot of testing" 1259752760 M * daniel_hozac well, the pre-releases for 0.30.216 are what i'd recommend. 1259752764 M * daniel_hozac that sort of helps both causes. 1259752821 M * daniel_hozac the pre-releases do get some testing. 1259752835 M * daniel_hozac and have definitely gotten more testing than such a maintenance release would have received. 1259752873 M * mnemoc where are those again? 1259752905 M * daniel_hozac http://people.linux-vserver.org/~dhozac/t/uv-testing/ 1259752925 M * mnemoc ok, i'll switch to that 1259752966 J * kir ~kir@swsoft-msk-nat.sw.ru 1259753105 Q * scientes Ping timeout: 480 seconds 1259753257 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com 1259753674 J * scientes ~scientes@174-21-130-99.tukw.qwest.net 1259754210 M * yang daniel_hozac: I am looking at http://www.linux-vserver.org/Resource_Limits, is there a trick to limit one guest to use maximum 50% CPU ? 1259754225 M * daniel_hozac depends on your kernel. 1259754242 M * yang 2.6.27.39-vs2.3.0.36.7 1259754265 M * daniel_hozac you can't limit it to that, but you can setup fair sharing between guests, with some guests getting priority. 1259754301 M * daniel_hozac (somewhat dependent on your kernel settings) 1259754320 M * daniel_hozac see linux-vserver.org/util-vserver:Cgroups 1259754323 M * yang ok 1259754562 Q * ntrs Ping timeout: 480 seconds 1259754736 J * ntrs ~ntrs@77.28.0.177 1259754841 M * yang daniel_hozac: What is a NUMA node ? 1259754930 M * daniel_hozac memory nodes. 1259754957 M * daniel_hozac e.g. dual-processor AMD systems have two. 1259755018 A * yang notices he doesn't have /dev/cgroup directory 1259755032 M * daniel_hozac did you create /etc/vservers/.defaults/cgroup and reboot? 1259755037 M * yang ah 1259755039 M * yang reboot 1259755040 M * yang :) 1259755066 M * daniel_hozac well, restarting the util-vserver initscript works too. 1259755071 M * daniel_hozac but it will stop all your running guests. 1259755089 M * daniel_hozac (assuming you're not using a Debian-packaged util-vserver, in which case i don't think that will work) 1259755307 M * yang well 1259755309 M * yang rebooted 1259755315 M * yang and still no /dev/cgroup 1259755370 M * daniel_hozac so you created the /etc/vservers/.defaults/cgroup directory too? 1259755376 M * yang yes 1259755386 M * daniel_hozac and you're not using the Debian util-vserver package? 1259755421 M * yang ii util-vserver 0.30.216~r2855-1 (debian) 1259755427 M * yang ok 1259755430 M * yang It won't work 1259755449 M * yang i should replace util-vserver 1259755472 M * yang maybe debian will ship an updated script eventually 1259755492 M * mnemoc vcontext: pivot_root(): Invalid argument 1259755505 M * mnemoc it seems it was a bad idea to switch to .216pre :( 1259755507 M * daniel_hozac mnemoc: what kernel? 1259755517 M * mnemoc .27 1259755525 M * daniel_hozac which patch? 1259755534 M * mnemoc 2.6.27.21-vs2.3.0.36.4 1259755541 M * daniel_hozac hmm, that should have the fix 1259755560 M * daniel_hozac http://vserver.13thfloor.at/Experimental/delta-pivot-fix01.diff 1259755576 M * daniel_hozac ah, that's the version right before the fix. 1259755577 M * daniel_hozac he. 1259755584 M * mnemoc narf 1259755589 M * mnemoc ok, so kernel upgrade 1259755633 M * yang daniel_hozac: does the memory limits work with the debian's util-vserver ? 1259755652 M * daniel_hozac yes. 1259755654 M * yang ok 1259755699 Q * BenG Quit: I Leave 1259755704 M * yang I will wait for Micahs new linux image, it will probably update all vserver dependancies, when made. 1259755882 M * yang daniel_hozac: another Q: Can I limit CPU from within the VPS using limits.conf? 1259755913 M * daniel_hozac as far as that's able to, sure.. 1259755920 M * daniel_hozac you do realize that is a limit in seconds, right? 1259756028 M * yang ok 1259756338 Q * taenzerme Quit: Leaving. 1259757430 P * uva Leaving 1259757500 J * taenzerme ~Adium@static-87-79-237-223.netcologne.de 1259757970 J * ntrs_ ~ntrs@77.28.14.24 1259758402 Q * ntrs Ping timeout: 480 seconds 1259759289 Q * thierryp Remote host closed the connection 1259760780 M * mnemoc daniel_hozac: updating the kernel to 2.6.27.39-vs2.3.0.36.8 solved the issue :) 1259760792 M * daniel_hozac mnemoc: awesome 1259760998 M * mnemoc well... it was probably expected :) 1259761286 M * mnemoc daniel_hozac: will .31 be long-time-supported by vserver like .27? 1259761320 M * daniel_hozac .31 has no mainline long-term support, so i would say no. 1259761531 M * mnemoc there is any after .27 with mainline long-term support yet? 1259761645 M * daniel_hozac no 1259761675 M * mnemoc :) 1259761709 M * arekm mnemoc: you have to wait for something like .37 1259762514 Q * shedi Quit: Leaving 1259762761 Q * ntrs_ Quit: Leaving 1259763419 M * mnemoc arekm: :p 1259763520 J * AmokPaule ~amokpaule@brsg-4dbbd87b.pool.mediaWays.net 1259764129 M * arekm mnemoc: realy. previous was .16, now .27 so next is something like .38 1259764248 N * Bertl_zZ Bertl 1259764251 M * Bertl morning folks! 1259764304 M * mnemoc good morning Bertl 1259764416 M * Bertl my guess would be 2.6.32 is a good candidate for long term maintainance, unless something goes terribly wrong :) 1259765022 M * Bertl kir: ascii is looking for you ... 1259765061 M * kir Bertl: thanks for noting, he found me already 1259765074 M * Bertl excellent! 1259765079 M * ascii yup thanks :) 1259765092 M * Bertl np 1259765612 J * thierryp ~thierry@ANice-256-1-11-77.w90-0.abo.wanadoo.fr 1259765829 J * barismetin ~barismeti@tvwna-ip-c-14.princeton.org 1259767929 Q * jrklein Quit: Computer has gone to sleep 1259768363 Q * barismetin Remote host closed the connection 1259768461 J * barismet_ ~barismeti@tvwna-ip-c-14.princeton.org 1259769939 Q * thierryp Remote host closed the connection 1259770825 Q * taenzerme Quit: Leaving. 1259772173 Q * barismet_ Remote host closed the connection 1259773708 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1259773809 J * dowdle ~dowdle@scott.coe.montana.edu 1259775604 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1259776437 Q * Piet Quit: Piet 1259777324 J * Piet ~Piet__@04ZAACO0C.tor-irc.dnsbl.oftc.net 1259777384 Q * bonbons Quit: Leaving 1259777670 J * barismetin ~barismeti@tvwna-ip-c-14.princeton.org 1259778304 Q * gnuk Quit: NoFeature 1259779010 Q * barismetin resistance.oftc.net osmotic.oftc.net 1259779010 Q * dowdle resistance.oftc.net osmotic.oftc.net 1259779010 Q * badiane resistance.oftc.net osmotic.oftc.net 1259779010 Q * agaffney resistance.oftc.net osmotic.oftc.net 1259779010 Q * carnage resistance.oftc.net osmotic.oftc.net 1259779010 Q * Snow-Man resistance.oftc.net osmotic.oftc.net 1259779042 Q * jrdnyquist resistance.oftc.net charm.oftc.net 1259779042 Q * DreamerC resistance.oftc.net charm.oftc.net 1259779042 Q * padde resistance.oftc.net charm.oftc.net 1259779042 Q * kjj resistance.oftc.net charm.oftc.net 1259779042 Q * gdm resistance.oftc.net charm.oftc.net 1259779042 Q * smash resistance.oftc.net charm.oftc.net 1259779042 Q * nkukard resistance.oftc.net charm.oftc.net 1259779042 Q * blathijs resistance.oftc.net charm.oftc.net 1259779137 J * barismetin ~barismeti@tvwna-ip-c-14.princeton.org 1259779137 J * dowdle ~dowdle@scott.coe.montana.edu 1259779137 J * badiane ~badiane@cpe-72-229-37-2.nyc.res.rr.com 1259779137 J * agaffney ~agaffney@71-81-81-131.dhcp.stls.mo.charter.com 1259779137 J * carnage ~carnage@voip-colo-74-86-148-74.link2voip.com 1259779137 J * Snow-Man ~sfrost@tamriel.snowman.net 1259779170 Q * rush2end resistance.oftc.net larich.oftc.net 1259779170 Q * quasisane resistance.oftc.net larich.oftc.net 1259779170 Q * puck resistance.oftc.net larich.oftc.net 1259779170 Q * infowolfe resistance.oftc.net larich.oftc.net 1259779170 Q * evilhackerdude resistance.oftc.net larich.oftc.net 1259779170 Q * micah resistance.oftc.net larich.oftc.net 1259779170 Q * mEDI_S resistance.oftc.net larich.oftc.net 1259779170 Q * karasz resistance.oftc.net larich.oftc.net 1259779170 Q * tam resistance.oftc.net larich.oftc.net 1259779170 Q * faheem resistance.oftc.net larich.oftc.net 1259779170 Q * gerrit resistance.oftc.net larich.oftc.net 1259779170 Q * sardyno charon.oftc.net resistance.oftc.net 1259779170 Q * ryker charon.oftc.net resistance.oftc.net 1259779170 Q * MooingLemur charon.oftc.net resistance.oftc.net 1259779401 J * rush2end ~rush2end@114-45-233-150.dynamic.hinet.net 1259779401 J * quasisane ~sanep@c-75-67-251-206.hsd1.nh.comcast.net 1259779401 J * puck ~puck@leibniz.catalyst.net.nz 1259779401 J * infowolfe ~infowolfe@c-71-236-152-35.hsd1.or.comcast.net 1259779401 J * evilhackerdude ~stephan@78.46.203.42 1259779401 J * gerrit ~gerrit@ionscale.com 1259779401 J * micah ~micah@micah.riseup.net 1259779401 J * mEDI_S ~medi@255.255.255.255.li 1259779401 J * karasz ~karasz@shell.opensde.net 1259779401 J * faheem ~faheem@rrcs-70-63-128-198.midsouth.biz.rr.com 1259779401 J * tam ~tam@gw.nettam.com 1259779572 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1259779572 J * DreamerC ~DreamerC@122-116-181-118.HINET-IP.hinet.net 1259779572 J * padde ~padde@patrick-nagel.net 1259779572 J * kjj ~kjj@pool-74-107-128-126.ptldor.fios.verizon.net 1259779572 J * gdm ~gdm@pistol.redetoile.net 1259779572 J * smash smash@newton.uk.to 1259779572 J * nkukard ~nkukard@196.212.73.74 1259779572 J * blathijs ~matthijs@drsnuggles.stderr.nl 1259779623 Q * derjohn_mob Ping timeout: 480 seconds 1259780154 J * sardyno ~me@pool-173-75-5-88.pitbpa.fios.verizon.net 1259780154 J * ryker jalberts@199.117.46.145 1259780154 J * MooingLemur ~troy@shells195.pinchaser.com 1259780323 J * imcsk8 ~ichavero@207.83.210.126 1259780898 J * fzylogic ~fzylogic@dsl081-243-128.sfo1.dsl.speakeasy.net 1259780908 J * kbad1 ~kyle@ip-66-33-206-8.dreamhost.com 1259780928 Q * geb Ping timeout: 480 seconds 1259780946 M * kbad1 Bertl: Hiya! 1259781111 M * kbad1 any ideas on why a guest won't start when /dev/cgroup is mounted? 1259781113 M * kbad1 http://paste.linux-vserver.org/14067 1259781158 M * kbad1 from what I can tell when the guest stops the cgroup goes away, and util-vserver doesn't create the cgroup or add the guests init to the cgroup tasks 1259781162 M * daniel_hozac kbad1: what cgroups do you have? 1259781178 M * daniel_hozac and does your kernel have CONFIG_CGROUP_NS? 1259781200 M * kbad1 cpu.shares, memory.limit_in_bytes 1259781239 M * kbad1 CONFIG_CGROUP_NS=y 1259781244 M * daniel_hozac that's your problem. 1259781258 M * daniel_hozac CONFIG_CGROUP_NS conflicts with using cgroups with util-vserver. 1259781368 M * kbad1 are there any other caveats I should be aware of? 1259781378 M * daniel_hozac that's basically it. 1259781412 M * fzylogic is there any way to adjust the value of a guest's /proc//oom_adj? I've tried doing it from the guest and from context 1 on the host with no luck. 1259781431 M * fzylogic I'm trying to track down a bug in the OOM killer, but I need to make it think there's nothing left to kill in a guest 1259781492 M * Bertl fzylogic: VXC_OOM_ADJUST in recent kernels 1259781495 M * daniel_hozac you can set the oom bias for the guest. 1259781544 M * Bertl but from inside the guest, you cannot _disable_ the oom killer 1259781570 M * kbad1 should I add the note about CONFIG_CGROUP_NS to http://linux-vserver.org/util-vserver:Cgroups ? 1259781572 M * fzylogic doesn't need to be from inside the guest. I'm perfectly happy doing it from the host 1259781595 M * Bertl try the spectator context then 1259781603 M * fzylogic that's context 1? 1259781607 M * daniel_hozac will have the same problem. 1259781656 M * fzylogic yeah, that's what I tried first 1259782076 J * geb ~geb@199.4.82-79.rev.gaoland.net 1259782544 M * Bertl hmm, maybe we should allow that in the spectator context 1259782566 M * Bertl (and similar /proc related settings) 1259782604 M * Bertl kbad1: yep, please do so 1259782642 M * Bertl fzylogic: well, for a test, you could disable the check completely (in the kernel) 1259782696 M * fzylogic which check? 1259782729 M * fzylogic what I think I'm seeing is the OOM killer getting triggered for a guest context and then calling panic() within the host context if there's nothing to kill 1259782743 M * fzylogic just trying to verify that by forcing the killer into such a state 1259782909 M * kbad1 Bertl: how's that? http://linux-vserver.org/util-vserver:Cgroups 1259783096 M * Bertl change the 'vserver' to 'util-vserver' and add a 'for now' 1259783141 M * Bertl fzylogic: what kernel/patch 1259783167 M * Bertl fzylogic: and kind of expected, if you make the guest processes unkillable 1259783194 M * fzylogic 2.6.31.5-vs2.3.0.36.21 1259783214 M * fzylogic it's been happening under normal circumstances, without any oom_adj changes 1259783219 M * kbad1 although we've seen it on others too 1259783221 M * kbad1 even 2.6.29.6 1259783232 M * fzylogic I'm just trying to figure out a way to trigger it under controlled circumstances 1259783266 M * fzylogic had one host crash last night with 800MB of _free_ memory and another 8GB of cached ram 1259783300 M * fzylogic still died with "Kernel panic - not syncing: Out of memory and no killable processes" 1259783539 M * Bertl do you have the full panic/dump? 1259783815 M * fzylogic Out of memory: kill process sshd(15155:#18637) score 214528 or a child 1259783815 M * fzylogic Killed process sshd(15155:#18637) 1259783816 M * fzylogic Kernel panic - not syncing: Out of memory and no killable processes... 1259783816 M * fzylogic homie-vserver119 Kernel panic - not syncing: Out of memory and no killable processes... 1259783817 M * fzylogic homie-vserver119 1259783817 M * fzylogic Pid: 22666, comm: php5.cgi Not tainted 2.6.31.5-vs2.3.0.36.21-aufs2-vserver-1.0-x86_64-xeon #4 1259783817 M * fzylogic Call Trace: 1259783819 M * fzylogic [] panic+0xb2/0x170 1259783819 M * fzylogic [] ? select_bad_process+0xc6/0x1c0 1259783821 M * fzylogic [] __out_of_memory+0xb8/0xc0 1259783821 M * fzylogic [] pagefault_out_of_memory+0x81/0xc0 1259783823 M * fzylogic [] mm_fault_error+0x5e/0x120 1259783823 M * fzylogic [] ? handle_mm_fault+0x765/0xa10 1259783825 M * fzylogic [] ? __down_read_trylock+0x46/0x80 1259783825 M * fzylogic [] do_page_fault+0x296/0x2a0 1259783898 M * Bertl what does 'addr2line -e vmlinux ffffffff810a2396' give you (in the kernel build tree) 1259784156 Q * imcsk8 Ping timeout: 480 seconds 1259784472 J * imcsk8 ~ichavero@189.135.88.160 1259784608 M * fzylogic page_alloc.c:0 1259784675 M * Bertl hmm, your kernel is built without DEBUG_INFO? 1259784749 M * kbad1 it does not have DEBUG_INFO 1259784763 M * daniel_hozac well, that panic only comes from one place. 1259784782 M * daniel_hozac so my crystal ball says mm/oom_kill.c:557 :) 1259784871 M * kbad1 552 /* Found nothing?!?! Either we hang forever, or we panic. */ 1259784871 M * kbad1 553 if (!p) { 1259784871 M * kbad1 554 read_unlock(&tasklist_lock); 1259784871 M * kbad1 555 panic("Out of memory and no killable processes...\n"); 1259784871 M * kbad1 556 } 1259785407 M * Bertl leaves the question why nothing could be found 1259785440 M * Bertl when there obviously is php5.cgi causing the issue 1259785468 M * Bertl you might want to add the oom debug patch: http://vserver.13thfloor.at/ExperimentalT/delta-oom-debug01.diff 1259785499 M * Bertl if you actually can trigger it (without making all guest processes unkillable) 1259785579 M * Bertl because I don't think we have that many options here, if the guest processes are all unkillable for whatever reason, what should the kernel do? 1259785581 M * daniel_hozac hmm. 1259785590 M * daniel_hozac other memory cgroups are completely ignored. 1259785607 M * daniel_hozac that seems incorrect to me. 1259785674 M * daniel_hozac so a guest with a single process and a memory cgroup can cause the host to panic. 1259785705 M * kbad1 we don't have cgroups active on the machines that those panics are from 1259785716 M * Bertl daniel_hozac: how so? 1259785738 M * Bertl daniel_hozac: you mean, when that process acts as init? 1259785744 M * daniel_hozac yeah. 1259785754 M * Bertl well, the same is true if you ignore the cgroups 1259785788 M * Bertl init must not cause an OOM inside a guest with the current implementation 1259785817 J * derjohn_mob ~aj@d045238.adsl.hansenet.de 1259785819 M * daniel_hozac we kill processes in another guest or the host though, don't we? 1259785838 M * Bertl not with recent OOM code 1259785851 M * Bertl and it wouldn't really help either 1259785897 M * Bertl IMHO we need to decide what we do when we get to a guest side OOM (over limit) with no killable (for whatever reason) processes 1259785923 M * Bertl options seem to be: 1259785935 M * Bertl - log something in the kernel log and simply go on 1259785952 M * Bertl - force-kill all processes inside the guest, shutdown the context 1259785988 M * Bertl - try to kill unkillable processes 1259786023 M * daniel_hozac so this changed in .26? 1259786044 M * fzylogic I think the second option is closest to what I'd expect to see happen 1259786064 M * Bertl daniel_hozac: I adjusted it a little, i.e. limited the selection to a context 1259786086 J * thierryp ~thierry@home.parmentelat.net 1259786093 M * daniel_hozac it still looks like a /= 16 for other contexts in .32 at least. 1259786229 M * Bertl right, it seems I reverted that when we had the first issues 1259786280 M * Bertl http://vserver.13thfloor.at/ExperimentalT/delta-oomadj-feat01.diff contains the code I considered active 1259786343 M * Bertl but the problem is the same, with the current code, a guest with init going over limit and causing OOM will kill random processes 1259786488 M * Bertl probably the same is true for a cgroup with an unkillable process going over limit, no? 1259786917 M * kbad1 I haven't seen it but we didn't leave cgroups active very long because of the not being able to restart problem (due to the cgroup namespace kernel option) 1259787395 J * mugwump ~samv@watts.utsl.gen.nz 1259787403 P * mugwump 1259788206 Q * ryker Ping timeout: 480 seconds 1259788303 Q * hijacker_ Quit: Leaving 1259788354 Q * geb Quit: / 1259788435 J * dna ~dna@p54BCA639.dip0.t-ipconnect.de 1259788504 Q * thierryp Remote host closed the connection 1259789541 J * dna_ ~dna@p54BCA639.dip0.t-ipconnect.de 1259789648 Q * scientes Remote host closed the connection 1259789720 Q * dna_ Read error: No route to host 1259789734 J * dna_ ~dna@p54BCA639.dip0.t-ipconnect.de 1259789762 Q * dna_ 1259789933 Q * dna Ping timeout: 480 seconds 1259790725 Q * imcsk8 Quit: This computer has gone to sleep 1259790826 Q * FireEgl Ping timeout: 480 seconds 1259791625 J * yarihm ~yarihm@80-219-168-179.dclient.hispeed.ch 1259791849 J * FireEgl FireEgl@173-16-9-10.client.mchsi.com 1259791966 Q * barismetin Quit: Leaving... 1259792367 Q * jrdnyquist Quit: Leaving 1259792997 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1259794005 Q * kbad1 Quit: Leaving. 1259796417 Q * yarihm Quit: Leaving