1265068961 Q * dowdle Remote host closed the connection
1265073778 Q * auntieNeo Ping timeout: 480 seconds
1265073982 J * auntieNeo ~rewt@97-121-39-78.bois.qwest.net
1265074495 J * auntieNe1 ~rewt@97-121-39-78.bois.qwest.net
1265074592 Q * auntieNeo Ping timeout: 480 seconds
1265087566 Q * balbir Ping timeout: 480 seconds
1265088563 M * Bertl off to bed now ... have a good one everyone!
1265088567 N * Bertl Bertl_zZ
1265090780 Q * niki Quit: Leaving
1265092171 Q * nkukard Ping timeout: 480 seconds
1265092171 Q * auntieNe1 Read error: Connection reset by peer
1265093278 J * nkukard ~nkukard@196.212.73.74
1265093623 J * geos_one ~chatzilla@chello084115149052.4.graz.surfer.at
1265093840 Q * nkukard Ping timeout: 480 seconds
1265094144 J * balbir ~balbir@122.248.163.1
1265094287 J * sharkjaw ~gab@90.149.121.45
1265094899 Q * geos_one Quit: ChatZilla 0.9.86 [Firefox 3.6/20100129051549]
1265095055 J * nkukard ~nkukard@196.212.73.74
1265095167 J * ghislain ~AQUEOS@adsl2.aqueos.com
1265095322 Q * derjohn_foo Ping timeout: 480 seconds
1265096326 Q * nkukard Read error: Operation timed out
1265096855 J * thierryp ~thierry@roc154s.vpn.inria.fr
1265096869 J * ruskie ruskie@ruskie.user.oftc.net
1265097006 J * nkukard ~nkukard@196.212.73.74
1265097294 J * niki ~niki@cpe.fe4-0-120.0x50a6de52.kdnxd4.customer.tele.dk
1265098928 J * lownoize_ ~lownoize@swt32.informatik.uni-mannheim.de
1265098940 Q * Radiance Quit: changing servers
1265098940 Q * lownoize Read error: Connection reset by peer
1265098945 J * Radiance ~Radiance@193.16.154.187
1265098987 Q * arekm joule.oftc.net kilo.oftc.net
1265098987 Q * fback joule.oftc.net kilo.oftc.net
1265098987 Q * zbyniu joule.oftc.net kilo.oftc.net
1265098987 Q * PowerKe joule.oftc.net kilo.oftc.net
1265098987 Q * sladen joule.oftc.net kilo.oftc.net
1265098996 J * arekm arekm@carme.pld-linux.org
1265098996 J * fback fback@red.fback.net
1265098996 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl
1265098996 J * PowerKe ~tom@94-224-78-36.access.telenet.be
1265098996 J * sladen ~paul@starsky.19inch.net
1265099244 J * barismetin ~barismeti@zanzibar.inria.fr
1265101352 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1265101485 J * ncopa ~ncopa@245.39.189.109.customer.cdi.no
1265102323 J * mcp ~mcp@wolk-project.de
1265103152 J * derjohn_foo ~aj@213.238.45.2
1265103472 Q * balbir Ping timeout: 480 seconds
1265103824 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net
1265104823 J * balbir ~balbir@122.248.163.1
1265105469 J * petzsch ~markus@dslb-092-078-238-171.pools.arcor-ip.net
1265106169 M * mnemoc ./scrby
1265106170 M * mnemoc err
1265106174 M * mnemoc sorry
1265108140 Q * balbir Ping timeout: 480 seconds
1265108197 M * swen hi
1265108204 M * swen I have an interesting situation
1265108209 M * petzsch hi@swen
1265108212 M * swen with Cgroups
1265108232 M * petzsch i'm all ears /me currently has an open issue with cgroups too
1265108302 M * swen if I leave default configuration (i.e. no explicit cgroups config) every new guest creates 3 level deep cgroup directory
1265108351 M * swen i.e. /dev/cgroup/1708/1833/1833/
1265108366 M * petzsch what distribution/kernel-version/util-vserver version?
1265108367 M * daniel_hozac don't use CONFIG_CGROUP_NS
1265108376 J * geos_one ~chatzilla@chello084115149052.4.graz.surfer.at
1265108425 M * daniel_hozac CONFIG_CGROUP_NS does not work with util-vserver's usage of namespaces.
1265108428 M * swen patch: vs2.3.0.36.24 ; utils0.30.216-pre2864
1265108440 M * swen oh
1265108455 M * swen is that a kernel parameter?
1265108458 M * daniel_hozac yes.
1265108461 J * bobnormal ~irc@87-194-70-98.bethere.co.uk
1265108502 M * swen is it that also why "configured" cgroups doesn't work
1265108506 M * daniel_hozac yes.
1265108555 M * swen thankyou very much daniel_hozac
1265108581 M * petzsch @daniel_hozac: do you have an idea what this error is related to? /usr/lib/util-vserver/vserver.functions: Zeile 1490: /dev/cgroup/vserver1/cpu.cfs_hard_limit: Keine Berechtigung
1265108593 M * petzsch related to: http://list.linux-vserver.org/archive?mss:3533:201001:bmopnaabhkkmhfehmbei
1265108598 M * bobnormal hi all, i'm trying to build a vserver+grsecurity kernel with a kernel release newer than the current stable vserver rlease, could someone recommend an experimental/development release that works for them?
1265108615 M * daniel_hozac petzsch: try LANG=C
1265108632 M * daniel_hozac petzsch: but that sounds like the same issue. disable CONFIG_CGROUP_NS
1265108746 M * swen another question: is it possible to monitor cumulative load of all guests?
1265108773 M * swen ....when using virt_load....
1265108855 J * balbir ~balbir@122.248.163.1
1265108885 M * petzsch can i integrate cgroup into my debian udev setup? kind of messy having to mount cgroup by hand after every reboot
1265109117 M * daniel_hozac swen: on the host
1265109131 M * daniel_hozac petzsch: umm, the util-vserver initscript takes care of that.
1265109165 M * swen daniel_hozac: but host reports less load than one single(loaded) guest 
1265109321 Q * thierryp Remote host closed the connection
1265109440 J * vserver_guy ~vserver@host90-152-15-246.ipv4.regusnet.com
1265109518 M * swen another interesting thing:
1265109521 M * swen vs001 ~ $ vserver-stat
1265109521 M * swen CTX   PROC    VSZ    RSS  userTIME   sysTIME    UPTIME NAME
1265109521 M * swen 22105  163  92.5G   6.2G   9d02h33   2d00h00   5d01h56 seagull005
1265109543 M * swen guest has more userTIME then sysUPTIME
1265109606 M * petzsch debian seems to use some strange init script version... in /etc/init.d/util-vserver not one word about "cgroup" using 0.30.216-pre2864-1 in debian testing/squeeze
1265109716 M * daniel_hozac swen: multiple CPUs?
1265109738 M * daniel_hozac petzsch: yeah, Debian is special. ask micah how you do cgroups.
1265110041 Q * vserver_guy Remote host closed the connection
1265110536 J * thierryp ~thierry@roc152s.vpn.inria.fr
1265110571 J * dna ~dna@170-198-103-86.dynamic.dsl.tng.de
1265110657 Q * thierryp Remote host closed the connection
1265112775 M * yang Can this error be avoided on guests - sshd[15006]: error writing /proc/self/oom_adj: Permission denied
1265113083 M * bobnormal whats oom_adj?  to my untrained eye, oom looks suspiciously like out of memory
1265113086 M * bobnormal google confirms
1265113090 M * bobnormal add more memory :P
1265113792 M * BenG yang, there's no problem with memory on your setup
1265113809 M * BenG sshd is trying to set a limit and isn't being allowed to, it's fine
1265113836 M * yang but, can the error be discarded, its being repeated
1265114152 Q * balbir Ping timeout: 480 seconds
1265114286 M * sid3windr you can have it not set it
1265114297 M * sid3windr I think /etc/default/sshd or so
1265114300 M * sid3windr (on debian)
1265114741 Q * julius_ Remote host closed the connection
1265115190 M * swen daniel_hozac: yes, multiple CPUs
1265115617 J * julius ~julius@217.20.127.15
1265115972 Q * mcp Quit: ZNC - http://znc.sourceforge.net
1265116047 M * bobnormal regarding 'automatically assign loopback ip', the kernel option comment states that 'such guests do not allow to change the ip on the fly and do not show loopback addresses'
1265116055 M * bobnormal does this mean that lo0 will not exist or what?
1265116062 M * bobnormal i am concerned about incompatibility
1265118545 Q * BenG Quit: I Leave
1265120485 Q * mnemoc Server closed connection
1265120486 J * mnemoc ~amery@shell.opensde.net
1265121002 Q * sharkjaw Remote host closed the connection
1265123264 Q * Loki|muh Server closed connection
1265123265 J * Loki|muh ~loki@satanix.de
1265123569 Q * padde Server closed connection
1265123573 J * padde ~padde@patrick-nagel.net
1265123789 N * Bertl_zZ Bertl
1265123795 M * Bertl morning folks!
1265123967 M * Bertl bobnormal: really? (regarding the kernel info)
1265124022 M * bobnormal bertl; thats what it says .. 
1265124043 M * bobnormal bertl, i have to restart x for some weird loss of shift and control bug .. maybe compiz related .. brb
1265124047 Q * bobnormal Remote host closed the connection
1265124206 J * bornormal ~irc@87-194-70-98.bethere.co.uk
1265124260 M * bornormal bertl, im using linux-2.6.31.11, vserver 2.3.0.36.28, grsec 2.1.14-20100117
1265124294 M * Bertl well, I'm looking at the 2.6.31 kernel messages here, and all it says is:
1265124316 M * Bertl Automatically assign a guest specific loopback IP and add it to the kernel network stack on startup.
1265124323 M * bornormal there's a note underneath
1265124331 M * bornormal under 'help' for that option
1265124357 M * bornormal (i was using make oldconfig, not make menuconfig, if that makes any diff)
1265124365 M * Bertl that is the help or at least it should be ... let me check
1265124411 M * bornormal i downloaded direct from ~harry
1265124427 M * bornormal as i need a newer kernel than is available on the main page
1265124450 M * Bertl hmm?
1265124500 M * bornormal http://people.linux-vserver.org/~harry/patch-2.6.31.11-vs2.3.0.36.28-grsec2.1.14-20100117.diff <-- this one
1265124565 M * Bertl that one is linked on the Linux-VServer wiki frontpage
1265124581 M * bornormal ahh ok maybe i missed it at the bottom, sorry
1265124582 M * Bertl btw, here is what I get: http://paste.linux-vserver.org/14227
1265124621 M * Bertl (with 2.6.31.x not with the grsec patch though)
1265124646 M * Bertl so, if your kernel reports other stuff there too, please notify harry of the breakage
1265124648 M * bornormal CONFIG_VSERVER_AUTO_SINGLE not VSERVER_AUTO_LBACK
1265124665 M * Bertl ah, that's something different
1265124698 M * bornormal i had issues around 0.0.0.0 bindings on my older vserver setup
1265124703 M * bornormal so i thought i would enable it
1265124707 M * bornormal but im unsure about the note
1265124712 M * Bertl and it means, that the guest will only use a single IP and remap that at bind time
1265124718 J * dowdle ~dowdle@scott.coe.montana.edu
1265124724 M * bornormal can you clarify exactly what 'does not show' about loopback addresses then?
1265124731 M * bornormal thats the part im fuzzy on
1265124732 M * Bertl (unless you give more than one IP to the guest, which disables it)
1265124758 M * Bertl well, with a single IP, the guest has no loopback address (except for that single IP)
1265124769 M * bornormal no 127.0.0.1?
1265124776 M * Bertl correct
1265124779 M * bornormal this could have weird connotations for, eg: mysql access control lists
1265124782 M * bornormal how does it appear to userland
1265124798 M * Bertl depends on how you configure the rest of the guest
1265124837 M * bornormal without this option, it is impossible to prevent 0.0.0.0 bindings from interfering with the host and/or other vservers, or not?
1265124854 Q * niki Quit: Leaving
1265124864 M * Bertl no, not related, just an optimization to speed up things
1265124866 M * bornormal the issue i had (with an old release, and i dont really understand why) was that vservers binding to say 0.0.0.0:80 would block the host and vice versa
1265124892 M * Bertl sounds broken to me
1265124903 M * bornormal ok well i'll try this release without the single ip special casing then
1265124907 M * bornormal thanks a lot for your help :)
1265124921 M * Bertl btw, you can en/disable it at runtime for each guest
1265124929 M * Bertl (the single ip special casing)
1265124940 M * bornormal cool
1265125030 M * Bertl you're welcome!
1265125093 M * Bertl regarding 'blocking', note that the host binding to '0.0.0.0' will block _any_ guest from binding that same port (e.g. sshd) regardless of the assigned IPs
1265125119 M * bornormal ok
1265125137 M * Bertl so, you usually want to restrict host services to host-only IPs
1265125145 M * bornormal as i need a newer kernel than is available on the main pageyep, makes sense
1265125152 M * bornormal erp sorry weird irciiness
1265125159 M * bornormal new machine + funky keyboard in new country
1265125163 M * bornormal life is not kind :)
1265125277 M * bornormal nice!  kernel worked first time
1265125278 M * bornormal i lie
1265125280 M * bornormal life is grand :)
1265125342 M * fback Bertl: morning :)
1265125383 M * fback Bertl: for come unknown reason, I'm unable to reproduce this strange sshd-binding issue :-/
1265125390 M * fback *some
1265125613 M * fback Bertl: and the other host, that exhausted memory last week, works stable since, nothing on the console, memory usage is more-or-less stable
1265125640 M * Bertl sounds good!
1265125805 M * fback (it raises with more streams served, and drops with less, as expected -- so I don't think there was some memory leak in action)
1265125834 M * fback but I'll keep an eye on this :-)
1265125840 M * bornormal fback: what kind of streams are you serving? we do video as well
1265125874 M * fback bornormal: radio streams with icecast
1265125887 M * bornormal fback: ahh ok, audio only... lucky you ;)
1265125957 M * bornormal fback: you might know, are there any detection mechanisms in standard icecast or common patches against stream-ripping tools with id3-based file splitting these days?
1265125971 M * bornormal fback: the ones i used a few years ago worked wonders
1265126009 M * bornormal fback: i'd imagine someone's implemented useragent-based detection at least
1265126088 J * unctious ~biella@user-12lc0o4.cable.mindspring.com
1265126240 M * unctious i have a vserver networking question. my host has eth0 configured with 212.252.153.28/24, default route as 212.252.153.1. if I configure a vserver guest to have 203.142.212.22/32 (which is a valid IP that my ISP routes)
1265126265 M * unctious when i enter that guest, I can not perform any networking to the internet
1265126315 M * unctious my vserver host doesn't have any 203.142.212.0/24 addresses configured on its eth0 until this guest is started
1265126345 M * unctious shouldn't the default route on the host work?
1265126376 M * theocrit1 10
1265126390 M * unctious 10?
1265126396 M * Bertl unctious: usually this is a networking issue outside Linux-VServer, let's do some tests first
1265126419 M * Bertl try ping -I 203.142.212.22 www.google.com (on the host)
1265126539 M * unctious Bertl: I get the following: bind: Cannot assign requested address
1265126566 M * Bertl okay, guest is started?
1265126580 M * unctious no
1265126586 M * Bertl then do that first :)
1265126595 M * unctious ok
1265126636 M * unctious ok, when I start it I no longer get that error, but I do not get any results back
1265126648 M * unctious PING www.l.google.com (72.14.213.106) from 203.142.212.22 : 56(84) bytes of data.
1265126651 M * unctious and nothing else
1265126662 M * Bertl that means, despite telling you that it works, the provider does not route that IP for you :)
1265126677 M * unctious here is the interesting thign
1265126699 M * unctious if I configure another 203.142.212.0/24 address on the host's eth0, then it works
1265126714 M * Bertl (or your network config prevents it from working )
1265126787 M * Bertl the ping on the host (with -I) is the same as on any unpatched Linux, so, as long as this doesn't work as expected, no chance for Linux-VServer to work
1265126815 Q * swen Read error: No route to host
1265126889 M * unctious ok, i understand. now I just have to understand why that doesn't work on the host
1265126918 M * Bertl let's try with 'tcpdump -vvnei eth0 icmp' and the ping again
1265126935 M * Bertl upload the output to a pastebin (e.g. paste.linux-vserver.org)
1265126966 M * bornormal bertl: know offhand how to store extended attributes (ie: barrier) in a tarfile or similar archive format?
1265127022 M * Bertl extended attributes (EA) are different from xattrs (like barrier or immutable flag)
1265127022 M * unctious Bertl: I think there is something I do not understand about iproute2 tools, because I can get it to work by using ifconfig eth0:1, but not 'ip addr add'
1265127039 M * bornormal bertl: ok, is there any way to store xattr in a tar?
1265127051 M * unctious perhaps it is a missing broadcast
1265127057 M * Bertl unctious: why do you 'configure' it in the first place?
1265127077 M * Bertl unctious: and why does it have no prefix/netmask assigned?
1265127414 M * unctious Bertl: i set the netmask to 32 in the prefix file
1265127429 Q * DelTree Server closed connection
1265127441 J * DelTree ~deplagne@goldorak3.eric.deplagne.name
1265127448 M * Bertl unctious: for what reason?
1265127679 M * unctious if, on the host, I do: ip addr add 203.142.212.21/24 dev eth0, then when I start the guest with the .21 address, I can ping out. 
1265127697 M * unctious sorry, a mistake there
1265127734 M * unctious s/start the guest with the .21/start the guest with the .22/
1265127754 M * unctious so it seems that the host must have an address in that network already configured
1265127769 M * Bertl that depends on your guest config
1265127787 M * unctious Bertl: that is the answer to your question about why I configure it in the first place, sorry if i was not so clear
1265127795 M * Bertl if you have a 'dev' entry in interfaces/* then util-vserver will configure it for you
1265127823 M * Bertl if you have a nodev entry (or none, but util-vserver will complain about that) you have to configure it on the host
1265127867 M * unctious i think I have confused you. I meant to say that I configured a *different* ip on the host, but in the same network as the guest, and then the guest's IP works. (i do have a 'dev' entry in the guest config and util-vserver does configure that)
1265127886 M * unctious if I do not configure that ip on the host, then the guest networking doesn't work
1265127904 M * Bertl okay, did you configure the netmask/prefix to match the network?
1265127941 M * unctious i was configuring it with /32, but perhaps that is too narrow?
1265127970 M * mnemoc perhaps :)
1265127981 M * Bertl well, you configure it on the host with /24, so why as /32 in the guest?
1265127985 M * unctious since my host is configured with 212.252.153.28/24, maybe the problem is configuring my guest to have 203.142.212.22/32 is not going to work?
1265128030 M * unctious well 203.142.212 and 212.252.153 are on different networks
1265128056 M * Bertl okay?
1265128079 M * Bertl didn't stop you from using /24 on the host, did it?
1265128151 J * biz ~biz@node2.cluster1.pyrox.eu
1265128175 M * unctious but if I have 212.252.153.28/24 on the host, and 203.142.212.22/24 on the guest, that does not work either
1265128201 M * unctious (it *does* work if I configure some other 203.142.212.0/24 ip on the host first though)
1265128389 M * Bertl first, you cannot have one IP on the host and the other one on the guest
1265128426 M * Bertl in Linux-VServer, guests get a subset of the host IPs assigned, so _all_ IPs are on the host, some of them are also accessible in a guest
1265128475 M * Bertl second, there is no difference if you assign an IP manually to the host or via util-vserver (as long as you configure it the same way)
1265128550 M * unctious yes I understand that. however the 'second' part of what you say is where I am seeing a difference
1265128577 M * unctious if I assign the .21 IP manually to the host before starting the guest (which has .22), then the guest networking works
1265128609 M * unctious the assignment of .21 IP to the host is not part of a guest config, either manually or via util-vserver
1265128623 M * Bertl remove all the 203.142.212.x IPs, assign _only_ the .22 IP on the host
1265128639 M * Bertl try the ping -I above, and see if that works
1265128670 M * Bertl if that works fine (i.e. the IP is routed properly), record the settings with 'ip a ls'
1265128695 M * Bertl then assign that very same IP/prefix to the guest, remove it on the host and start the guest (which then should work)
1265128698 M * unctious if I remove all the 203.142.212.x IPs, assign only the .22 IP on the host (manually), and then do the ping -I, it works
1265128720 M * Bertl if it doesn't, then run the 'ip a ls' again (on the host) and look for differences
1265128726 M * unctious ok
1265128874 M * unctious omg
1265128878 M * unctious its a typo
1265128886 M * unctious i'm sorry to waste your time Bertl
1265128887 M * Bertl :)
1265128890 A * unctious puts head on desk
1265128893 M * Bertl no problem, have fun!
1265128905 M * unctious thanks for the razor sharp debugging skills
1265128913 M * Bertl you're not the first one with a type in their network setup :)
1265128933 M * unctious hehe
1265128945 M * unctious its always the single character differences that KILL you
1265129175 M * petzsch still stuck with my cgroup problem... /dev/cgroup is mounted, CONFIG_CGROUP_NS is not set and i'm still getting this every second time i start a vserver: /usr/lib/util-vserver/vserver.functions: line 1490: /dev/cgroup/vserver1/cpu.cfs_hard_limit: Permission denied
1265129178 M * petzsch any ideas?
1265129219 M * petzsch kernel/patch version: 2.6.32.6-vs2.3.0.36.28
1265129254 M * Bertl and what util-vserver version?
1265129314 M * petzsch util-vserver: 0.30.216-pre2864-1 (as found in debian testing/squeeze)
1265129416 M * Bertl that one should be fine, please check with daniel_hozac 
1265129530 M * petzsch talked to him this morning... there is also an issue with /dev/cgroup not beeing mounted in the debian init script from util-vserver... for that he recomended consulting micah
1265129556 M * Bertl yeah, for whatever reason, they do their own statup scripts
1265129668 M * petzsch could there be something else wrong configured in my kernel? i've quoted some .config lines related to vserver and cgroup in my mailinglist posting a couple of days ago
1265129803 M * Bertl well, if you want to test, I'd suggest to remove the debian version, build your own (from the source) and test with that, if everything works as expected, file a bug report to debian, if not, file one to daniel_hozac (against util-vserver)
1265129866 M * Bertl I doubt that your kernel config is to blame, IIRC, the CGROUP_NS is the only option which might clash
1265129892 M * Bertl of course, you need to enable e.g. hard cfs and similar to be able to use it, but that's a different issues
1265129895 M * Bertl *issue
1265129956 M * petzsch ok, then i'll start with a clean kernel config (till now i've used a vanilla kernel and the old config file from debian together with some config adjustments)
1265130370 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1265130653 J * imcsk8 ~ichavero@148.229.1.11
1265131128 Q * barismetin Quit: Leaving...
1265131908 J * niki ~niki@94.145.207.11
1265131971 Q * sardyno Read error: Connection reset by peer
1265133544 Q * unctious Quit: leaving
1265134292 J * balbir ~balbir@122.172.62.68
1265135159 N * DoberMann[ZZZzzz] DoberMann[PullA]
1265135317 J * petzsch1 ~markus@dslb-092-078-238-171.pools.arcor-ip.net
1265135463 J * mcp ~mcp@wolk-project.de
1265135572 Q * petzsch Ping timeout: 480 seconds
1265135844 Q * gnuk Quit: NoFeature
1265135980 J * hijacker ~hijacker@87-126-142-51.btc-net.bg
1265137284 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1265137388 Q * derjohn_foo Remote host closed the connection
1265137426 J * cluk ~cluk@p5B17DD7A.dip.t-dialin.net
1265137441 Q * BenG 
1265137572 J * vserver_guy_2 ~vserver@host90-152-15-246.ipv4.regusnet.com
1265138700 J * derjohn_mob ~aj@c140236.adsl.hansenet.de
1265139402 J * tolkor ~rj@tdream.lly.earlham.edu
1265139497 N * vserver_guy_2 vServer_User_Zz
1265140096 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com
1265140374 M * Bertl welcome tolkor!
1265140915 M * tolkor howdy
1265141019 M * daniel_hozac petzsch1: as i said, don't use CONFIG_CGROUP_NS.
1265141042 N * petzsch1 petzsch
1265141061 M * Bertl IIRC, CONFIG_CGROUP_NS was off
1265141087 M * petzsch vhost1:/boot# grep -i cgroup_ns config-2.6.32.6-vs2.3.0.36.28
1265141087 M * petzsch # CONFIG_CGROUP_NS is not set
1265141112 M * Bertl petzsch: I'd double check with /proc/config*
1265141114 M * daniel_hozac so did you mount it with all the subsystems enabled?
1265141137 M * daniel_hozac specifically the cpu one?
1265141137 M * Bertl that's probably the issue here, see debian init script :)
1265141164 M * petzsch used this mount comand from the wiki prior testing: mount -t cgroup -ocpu none /dev/cgroup
1265141213 M * daniel_hozac so /dev/cgroup/cpu.cfs_hard_limit exists?
1265141226 M * petzsch hmm: /proc/config* doesn't exist, will compile it in the kernel to make you happy :-)
1265141256 M * petzsch in /dev/cgroup i have: cgroup.procs       cpu.cfs_runtime_us  notify_on_release  tasks cpu.cfs_period_us  cpu.shares          release_agent      vserver1
1265141279 M * Bertl @/proc/config it is adviseable, as it reflects the actual kernel settings ... no margin for error there :)
1265141300 Q * BenG Quit: I Leave
1265141438 M * daniel_hozac petzsch: right... so you don't have that subsystem.
1265141443 M * daniel_hozac enable the hard limits.
1265141523 M * petzsch just don't get it ... it say "CONFIG_CFS_HARD_LIMITS=y" in the .config file in /usr/src/linux/ and i thought that that's what i compiled... will double check once i got /proc/config compiled in
1265141641 M * petzsch make-kpkg --initrd kernel_image is running... may take 10 to 20 minutes, i'll give you feedback once /proc/config is running
1265142113 M * petzsch vhost1 rebooting with new kernel
1265142236 M * petzsch vhost1:/proc# zcat /proc/config.gz | grep -i hard_limit    ->     CONFIG_CFS_HARD_LIMITS=y
1265142298 M * Bertl looks good
1265142317 M * petzsch other cgroup/vserver parameters: http://pastebin.de/3691
1265142410 M * daniel_hozac i don't see cfs_hard_limit as a valid option in the kernel.
1265142476 M * petzsch is that what it says in pastebin line 2?
1265142511 M * daniel_hozac i mean as a runtime cgroup configuration option.
1265142523 M * daniel_hozac i.e. not a valid file to have in /etc/vservers/<guest>/cgroup
1265142554 M * petzsch so should i downgrade to another kernel version?
1265142562 M * Bertl kernel is fine
1265142610 M * petzsch if temporary root access would help debugging, this machine is not productive yet ... if then, only by mail of course
1265142643 M * Bertl no need I guess, what's in your /etc/vservers/<guest>/cgroup (use pastebin)
1265142685 Q * cluk Quit: Ex-Chat
1265142720 M * petzsch ad described in the wiki: http://pastebin.de/3692
1265142754 M * daniel_hozac remove cfs_hard_limit
1265142793 M * petzsch wouldn't that disable hard_limiting?
1265142853 M * daniel_hozac no
1265142897 M * petzsch ad expected, no error at starting anymore... in /dev/cgroup/vserver1 i now have the following: cpu.cfs_period_us  cpu.cfs_runtime_us  tasks
1265142922 M * petzsch just testing with md5sum /dev/urandom if any limits are enforced
1265142998 M * Bertl please update the wiki page once you verified functionality
1265143068 M * petzsch doesn't look like what i wanted it to do: got 8 md5sum process running (quad-core with HT) and it's 0% cpu idle on the vserver and 0% idle on the host
1265143111 M * Bertl what do the two config files contain?
1265143190 M * petzsch cpu.cfs_period_us: 500000 AND cpu.cfs_runtime_us: 250000
1265143256 M * petzsch i wanted to run 2 vserves each with a cpu hard limit of 50%
1265143288 M * petzsch even better (once this is working) 2 cores (+ht) for the first and 2 cores (+ht) for the second
1265143360 M * daniel_hozac you can already do core assignment easily.
1265143373 M * daniel_hozac do you want 50% of the two cores?
1265143410 M * Bertl anyway, the hard limits should work too ...
1265143460 M * daniel_hozac of course.
1265143465 M * petzsch it's a intel core-i7 (8 virtual cores / 4 real ones) ... for the first setup 50/50 would do... on the second machine i'm planing per core ressource limiting would be more important
1265143662 M * petzsch i've got the following flags set... do they have any impact on cgroup limits? VIRT_MEM VIRT_UPTIME VIRT_CPU VIRT_LOAD
1265143684 M * daniel_hozac no
1265143972 Q * balbir Ping timeout: 480 seconds
1265144634 J * balbir ~balbir@122.172.58.86
1265145251 M * petzsch question about the per-core virtualisation... is there a differnce which 4 of my 8 shown cores i assaign to my guests? i'm not shure about how ht works, but does it seperate cpu power equaly around my 8 assignable cores?
1265145470 M * Bertl no, HT siblings share most of the cpu architecture
1265145489 M * Bertl often it is adviseable to deactivate HT completele to improve overall performance
1265145511 M * Bertl so, at least it would be a good idea to assign siblings to the same guest
1265145549 M * petzsch how do i know which 2 cpu-ids belong together? or are they just simple paires 0+1 2+3 ...
1265145640 M * Bertl what does your /proc/cpuinfo show?
1265145703 M * petzsch 8 "cpu" entries each with siblings        : 8 ... i'll make a paste bin... just a sec
1265145893 M * petzsch http://pastebin.de/3693
1265145966 M * Bertl see the core id?
1265145991 M * Bertl same core id means that they are HT siblings
1265146065 M * petzsch aha and they 'd share one certain registers in the CPU etc. so it makes sense to keep them together when "breaking" the cpu apart ;-)
1265146108 M * Bertl they share certain units of the cpu (like cache and alu)
1265146377 M * petzsch but beside that they are all equal... so asuming i'd want to run 32 guests on that host i could go ahead and split each of the 8 cpu's in 4 quarters giving each all of the 32 quests the same power by alocation 1/4 of half a cpu core per guest
1265146474 M * Bertl yes, but it will probably result in a suboptimal setup
1265146517 M * Bertl e.g. there could be 8 processes in 8 guest hogging a single core
1265146537 M * Bertl (while the other three cores are idle :)
1265146678 M * petzsch so that's the main downside from a hard_limited setup, but it garantees every guest the same performance no matter if others customer guests are going creazy
1265146713 M * Bertl no, the hard limit itself has none of those downsides
1265146731 M * Bertl partitioning the cores and assigning them to the guests has
1265147171 M * petzsch so not dealing with cpu splitting and just giving each 1/32 of the overall cpu time ( would help me gain fair shares without that downside?
1265147581 M * Bertl yes, it would at least utilize the cpus better
1265147587 Q * bonbons Quit: Leaving
1265147775 M * petzsch why does http://linux-vserver.org/util-vserver:Cgroups#cgroup_and_CFS_based_CPU_hard_limiting_that_replaces_sched_hard say i should set cpu.cfs_hard_limit for the vserver, when that seems to break util-vserver? or the other way around: why should hard_limits work without settings this? as for now i still don't see any cpu limiting on my single guest setup... sorry to bring it up again, but may deadline for confixx migration is end 
1265147886 M * daniel_hozac it's for an older version.
1265147899 M * Bertl i.e. it was not updated since
1265147919 M * Bertl (that's why I asked you to update the wiki once you're done testing)
1265148168 Q * vServer_User_Zz 
1265148372 Q * hijacker Quit: Leaving
1265148718 M * petzsch ok, must have overread that... well the tests are still not what i would expect.. the hosts sys load on 100% and the guest's 8 md5 processes each having 100% cpu usage... what i did on the guest: open screen with 9 terms: top|8x md5sum /dev/urandom ... top in the host claims 99,7% sy usage and the guest consumes all cpu ressources 99,5% sy also
1265148767 M * petzsch load at 7.78
1265148778 M * Bertl what was the share you gave to each guest?
1265148842 M * petzsch there is only one guest ... i assumed 50% of the total cpu power (cpu.cfs_runtime_us 250000 cpu.cfs_period_us 500000)
1265148875 M * Bertl well, 50% is in your case roughly 4 virtual cpus, right?
1265148928 Q * ^Willie^ Ping timeout: 480 seconds
1265148979 M * petzsch guess so... when expanding top on a per-cpu view (seeing all 8 virtual cores) i see for very short moments a 25% idle on one core (very sledem on 2 or 3 cores)
1265149013 M * Bertl all how much is the system time?
1265149043 Q * geos_one Quit: ChatZilla 0.9.86 [Firefox 3.6/20100129051549]
1265149046 M * Bertl -all
1265149112 M * petzsch 99,7%sy (on the guest, as well as on the host) - the value in the second column, right?
1265149213 M * Bertl see, so there is your problem, test with a cpu hog which doesn't consume sys but user time
1265149249 M * Bertl note, if that is the real reason, I'd consider it a bug in the hardlimit cfs, which might be fixed in the latest version (which we can try :)
1265149280 M * petzsch guess sys load wouldn't be the expected use case for mainly lamp machines
1265149294 M * petzsch any idea for a quick test tool i could use?
1265149310 M * petzsch so used to making md5sums of useless things for generating load *g*
1265149337 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog-0.02.c
1265149431 Q * balbir Ping timeout: 480 seconds
1265149530 J * ^Willie^ ~kvirc@53575CA4.cable.casema.nl
1265149715 M * petzsch won't compile with libc6-dev and gcc installed: cc -o cpuhog cpuhog-0.02.c cpuhog-0.02.c:(.text+0x18f): undefined reference to `pthread_create'
1265149730 M * daniel_hozac -lpthread
1265149746 Q * tolkor Remote host closed the connection
1265149804 M * Bertl http://vserver.13thfloor.at/Experimental/TOOLS/cpuhog.c
1265149813 M * Bertl the 'simpler' version
1265149822 M * petzsch got it compiled
1265149891 M * petzsch should i run multiple instances of it?
1265149891 M * petzsch with one instance i gut 100.0% us on CPU4 (others are idle)
1265149918 M * Bertl depends, the pthread version can launch n threads
1265149929 M * Bertl i.e. you can run it once with 8 threads
1265150013 Q * ^Willie^ Ping timeout: 480 seconds
1265150013 M * petzsch just started 8 instances of it... but still very unfriendly picute: 8 processes each 100% cpu ... host says: 100%us and guest also: 100.0%us
1265150033 M * petzsch all 8 cpu with full 100% cpu usage
1265150052 M * Bertl then definitely something is not working as expected ...
1265150072 J * balbir ~balbir@122.172.53.123
1265150123 M * Bertl check in the cgroup dir you should get some statistical data and info
1265150233 M * Bertl also some info in /proc/sched_debug (if scheduler debugging is enabled)
1265150235 M * petzsch can't hit myself hard enough: since the last reboot for /proc/config.gz /dev/cgroup wasn't mounted
1265150258 M * petzsch i'll shoot that debian init script creator *g*
1265150278 M * Bertl hehe :)
1265150615 M * petzsch finally looking better :-) 8 cpuhog process runing at somewhere between 23% and 48 %CPU usage ... guest at 68 - 75% id
1265150637 M * petzsch host also varying between 55 and 85% idle
1265150642 M * Bertl please also check with your md5sums (if not done so already)
1265150668 M * Bertl if you want better averages, change the check interval (top) or reduce the period
1265150838 M * petzsch idle varying between 77% and 64% on the guest
1265150850 M * petzsch any sideaffects of reducing the period?
1265150860 M * Bertl more scheduling overhead
1265150883 M * Bertl i.e. more task switches, thus more non work related cpu overhead
1265151054 M * petzsch i've set the delay in top to 10 and looks like what i wanted: 8 processes of md5sum each having 2 %CPU
1265151210 M * petzsch or with cpuhog 27% per process
1265151257 M * petzsch guess the 75% idle is a misintepretation of top, as 8 process each about 25% would make sense to mee cause of ht
1265151265 Q * ghislain Quit: Leaving.
1265151558 M * Bertl 25% * 8 = 200% with 800% total
1265151580 M * Bertl which leaves 75% idle (whole system)
1265151745 M * petzsch so not exactly what i intended to do with my configuration :-/
1265151964 M * Bertl so, does 8x md5sum behave differently from 8-threads cpuhog?
1265152188 M * petzsch on beeing displayed in %sy and the other in %us... but both 72 - 74,8% idle (top delay: 20)
1265152238 M * petzsch on = one
1265152277 M * Bertl okay, good, so no bug there then!
1265152436 M * petzsch yep... so far only one uncertinity: why does cpu.cfs_period_us 500000 AND cpu.cfs_runtime_us 250000 not result in an overall 50% share (maybe only on ht machines) and for the debian team: messed up default vserver config cfs_NS enabled, no initscript support for cgroup
1265152514 M * Bertl please contact micah for the debian part, for the hardlimit part, did you enable SMT scheduling?
1265152584 M * petzsch i would have just filled a bugreport @debian.org (maybe there is allready one, will check tomorrow)
1265152591 M * petzsch (later today)
1265152614 M * petzsch @SMT: CONFIG_SCHED_SMT=y
1265152662 M * Bertl might be interesting to see if turning that off will change things .. if so, the maybe SMT scheduling is not handled in v4
1265152733 M * Bertl *then
1265152962 M * petzsch i'll give CONFIG_SCHED_SMT unset a try... just a sec for recompilation
1265153149 M * petzsch i'll make the wiki update, to keep legacy users informed: beginning from which util-vserver version should cpu.cfs_hard_limit not be set?
1265153185 M * Bertl not util-vserver related, so it can be ignore, all recent kernels are updated
1265153252 M * petzsch ok, so as hopefully no one is still using a devlopement version a bit older, there is no need for keeping old info
1265153276 M * Bertl there is always the history, but I guess it can go, daniel_hozac?
1265153354 M * petzsch just commented it out and extended the comment
1265153377 M * petzsch don't know which patch version some distributoers may have included
1265153395 M * petzsch so as long as there is no major new release, it may be usefull information for some
1265153549 M * Bertl no problem with that, but I guess it's unnecessary, AFAICT, only v1 of the hardlimit cfs extension used that flag, and it was only included in some highly experimental patches
1265153574 M * Bertl we are at v4 for all recent kernels and I'm going to update to v5 really soon
1265153706 Q * dna Quit: Verlassend
1265153908 Q * mcp Ping timeout: 480 seconds
1265154155 J * mcp ~mcp@wolk-project.de
1265154771 M * petzsch building a distribution kernel is allways so delightfull ... those many usefull modules ;-) SMT seemed to have a bigger impact on the binaries than enabling /proc/config ... at least it didn't take that long
1265154834 M * Bertl the scheduler is very closely related to the task structures, which in turn is used all over the places
1265154988 M * Bertl okay, off to bed now ... please drop me a note about the results ...
1265154996 M * Bertl have a good one everyone! 
1265155000 N * Bertl Bertl_zZ
1265155008 M * petzsch good night Bertl