1265328030 M * Bertl c) something overrides the cached 1265328050 M * fzylogic I don't believe it's c because your method is very close to mine which worked 1265328059 M * Bertl I think I can rule out c) which leaves us with a/b, so we add a printk to vx_vsi_cached() 1265328079 M * Bertl i.e. please change the return ... part to 1265328093 M * Bertl an assignment + printk + return value 1265328513 Q * yarihm Quit: This computer has gone to sleep 1265328517 M * fzylogic ok 1265328922 J * yarihm ~yarihm@77-58-27-9.dclient.hispeed.ch 1265329136 M * fzylogic printk(KERN_WARNING "vx_vsi_cached cache %llu",cache); 1265329149 M * fzylogic it's only ever printing 0 or 1 1265329177 M * fzylogic think the return of mem_cgroup_stat_read_cache is already shifted? 1265329676 M * Bertl the shift is a page size, i.e. 12 bits 1265329688 M * Bertl that equals a division by 4096 1265329707 M * Bertl so, even if that was the case, 815104 would be visible 1265329758 M * fzylogic right.. 1265329762 M * fzylogic it's even larger now 1265329775 M * fzylogic up to 23M and the function still returns 1 1265329845 M * Bertl you sure you are looking at the right stat info? 1265329858 M * fzylogic yep 1265329862 M * fzylogic I'm sitting inside /dev/cgroup/ps19512 1265329869 M * fzylogic netboot-testy-vserverhost:/dev/cgroup/ps19512# cat memory.stat 1265329869 M * fzylogic cache 23187456 1265330005 Q * yarihm Quit: This computer has gone to sleep 1265330058 M * Bertl hmm, well, let's see how the cgroup fs calculates that value 1265330112 M * fzylogic that's the code I used in my patch :) 1265330137 M * fzylogic precisely how I found it 1265330422 M * Bertl well, it seems to be correct that the accounting is done in pages 1265330428 M * Bertl so we are off by that shift 1265330480 M * Bertl the 'local' stat doesn't really make sense to me, as it only uses the local cpu 1265330503 M * Bertl (as far as I understand the code :) 1265330576 M * Bertl but maybe the stat implementation is even more distributed as the accounting and limits 1265330845 M * Bertl i.e. remove the >> PAGE_SHIFT part from vx_vsi_cached 1265331042 M * Bertl AFAICT, that should give us the same result as the memory.stat (given the cgroup is the same :) 1265331231 M * fzylogic ok 1265331415 Q * dowdle Remote host closed the connection 1265331509 M * fzylogic numbers line up perfectly now 1265331597 M * Bertl excellent then .. no idea where we had the 0 in the first run 1265331640 M * Bertl okay, this still needs some cleanups and checks, I guess 1265331673 M * Bertl specifically I think a guest without cgroups might cause some confusion or even kernel panic 1265331719 M * Bertl and of course we should also test with the current page accounting framework removed ... are you still interested in helping out there? 1265331720 M * fzylogic well for my specific case that's an impossibility so you can take your time with that :) 1265331740 M * fzylogic yeah, I can help with whatever you need 1265331766 M * Bertl good, then give the current version a good shakedown with all kind of 'good' and 'bad' setups for now 1265331788 M * Bertl I'll start with ripping out the old framework and cleaning up the new code 1265333742 N * fzylogic fzylogic_home 1265338993 M * Bertl off to bed now ... have a good one everyone! 1265338997 N * Bertl Bertl_zZ 1265340545 Q * Chlorek Ping timeout: 480 seconds 1265348798 Q * niki Quit: Leaving 1265349039 J * yarihm ~yarihm@77-58-27-9.dclient.hispeed.ch 1265350319 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com 1265350925 J * ktwilight_ ~keliew@189.15-240-81.adsl-dyn.isp.belgacom.be 1265351280 Q * ktwilight Ping timeout: 480 seconds 1265352711 Q * balbir Ping timeout: 480 seconds 1265352723 J * ghislain ~AQUEOS@adsl2.aqueos.com 1265354559 Q * derjohn_mob Ping timeout: 480 seconds 1265354982 J * petzsch ~markus@dslb-094-222-178-229.pools.arcor-ip.net 1265355935 Q * yarihm Quit: This computer has gone to sleep 1265357041 J * yarihm ~yarihm@217-162-53-251.dclient.hispeed.ch 1265357787 Q * geb Quit: ZNC - http://znc.sourceforge.net 1265357881 J * geb ~geb@mars.gebura.eu.org 1265358356 J * yarihm_ ~yarihm@217-162-53-251.dclient.hispeed.ch 1265358442 Q * yarihm Ping timeout: 480 seconds 1265362067 J * dna ~dna@170-198-103-86.dynamic.dsl.tng.de 1265362309 J * barismetin ~barismeti@zanzibar.inria.fr 1265362760 Q * yarihm_ Quit: This computer has gone to sleep 1265364421 J * thierryp ~thierry@zankai.inria.fr 1265365091 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1265365567 Q * Marillion Remote host closed the connection 1265365646 J * Marillion ~dirk@hetzner4.127011.net 1265365793 Q * padde Remote host closed the connection 1265365802 J * padde ~padde@patrick-nagel.net 1265368761 J * kir ~kir@swsoft-msk-nat.sw.ru 1265369006 Q * BenG Quit: I Leave 1265371038 J * bobnormal ~irc@87-194-32-179.bethere.co.uk 1265371051 M * bobnormal hey all 1265371094 M * bobnormal anyone know off-hand if there's a vserver instatiation script like vserver build ... that also handles network connectivity preferences (>1 ethernet interface, bridged/static/dhcp preference, etc) 1265371106 M * bobnormal ie: also handles netfilter/iptables on the host machine 1265371202 M * Mr_Smoke Hm 1265371213 M * Mr_Smoke The guest shouldn't meddle with the host's filtering 1265371218 M * Mr_Smoke In practice, it doesn't 1265371243 M * Mr_Smoke Unless you create some kind of cron script that reads a file from the guest and then applies it to the host, which is convoluted but could work 1265371415 M * bobnormal i mean when generating guests on the host 1265371439 M * bobnormal to simplify having to write/remember netfilter/iptables rules all the time and set them up for every guest... 1265371456 M * Mr_Smoke Oh I see 1265371464 M * bobnormal eg: right now i have a case where i want two network interfaces in the guest, one routing to one of the host's physical NICs and one routing to the other... 1265371465 M * bobnormal so two IPs 1265371467 M * Mr_Smoke Well I don't know of any such thing, but that's a good idea :) 1265371474 M * Mr_Smoke Go and write that script, then share :) 1265371478 M * bobnormal will do ;) 1265371483 M * bobnormal im looking at vmware for reference 1265371492 M * bobnormal how it handles 'private networks', 'bridged' and 'NAT' mode 1265371531 M * bobnormal will post a doc later once i've fleshed out requirements a bit more, maybe you can suggest changes in scope before i get too far in to implementation 1265371562 M * bobnormal one thing that would be nice is distribution-specific hooks to manipulate the guest environment as network settings are changed 1265371573 M * bobnormal i will write those for gentoo only 1265371586 M * bobnormal but leave an API for others 1265371605 M * Mr_Smoke Sounds lovely :) 1265371623 M * bobnormal i have to say vServers are really cool 1265371650 M * bobnormal its such a shame there's no really dumbed-down interface to make the whole system more popular 1265371751 M * petzsch by interface you mean webinterface? looked at openvcp.org ? 1265371813 M * bobnormal yeah i checked it out .. seems functional but too oriented towards vps-style hosting and not particularly polished 1265371832 M * bobnormal looks good for those scenarios but not for everyone 1265373870 M * geb Bertl_zZ, will you come to the fosdem ? 1265373990 A * pmjdebruijn wakes up 1265376215 Q * julius Remote host closed the connection 1265376516 N * Bertl_zZ Bertl 1265376520 M * Bertl morning folks! 1265376770 J * niki_work ~niki@cpe.fe4-0-120.0x50a6de52.kdnxd4.customer.tele.dk 1265376981 M * Bertl geb: unlikely 1265377082 M * geb :( 1265377229 J * julius ~julius@217.20.127.15 1265378087 M * Bertl geb: well, it's simple, if somebody invites me there, pays for transport and accomodation, I'm glad to come and, if desired, give a talk :) 1265379156 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com 1265379710 M * daniel_hozac bobnormal: you do realize that Linux-VServer networking is nothing like VMWare networking, right? 1265379735 J * balbir ~balbir@122.172.108.117 1265379849 J * jrdnyquist ~jrdnyquis@slayer.caro.net 1265380069 M * Bertl well, for example, util-vserver could use some kind of rt table management similar to the cgroups, no? 1265380092 M * Bertl i.e. copy routing info to private table, add rules for guest IPs and such 1265380218 M * urbee ok 1265380222 M * urbee my load just went up to 344 1265380239 M * urbee wtf? 1265380245 M * urbee which logs should i check 1265380247 M * urbee messages? 1265380249 M * Bertl congrats! high score! :) 1265380261 M * Bertl which kernel is that? 1265380273 M * urbee Linux box2 2.6.31-vs2.3.0.36.23-gentoo 1265380278 M * urbee i run like 8 vps 1265380282 M * Mr_Smoke Bad day for kernels 1265380290 M * Mr_Smoke Mine oopsed 4or 5 times today 1265380295 M * urbee huh? 1265380296 M * Mr_Smoke Faulty mainboard, apparently 1265380306 M * Bertl urbee: most likely you got an OOM situation, and one of the guest is spawning and getting killed 1265380333 M * Bertl check with /proc/virtual/*/limits for hits first 1265380382 M * urbee what exactly am i looking at 1265380384 M * urbee i mean 1265380387 M * urbee searching 1265380392 Q * ktwilight_ Ping timeout: 480 seconds 1265380424 M * Bertl usually RSS hard limit hits, if it is what I suspect it to be 1265380461 M * Bertl daniel_hozac: btw, do you see any problem with removing the RSS rlimit and accounting? 1265380468 M * urbee Bertl: all hits on 0 1265380476 M * urbee but i'm notl imiting any rss 1265380477 M * daniel_hozac Bertl: no 1265380485 M * urbee Bertl: htop shows like 700mb used out of 2gb 1265380489 M * urbee +1gb swap 1265380499 M * Bertl daniel_hozac: I was worried about vserver-stat or similar using the memory info? 1265380503 M * daniel_hozac Bertl: as long as there's a VCI bit or bump 1265380506 M * daniel_hozac right, it does. 1265380534 M * Bertl okay, so that needs some work on your side then to switch to cgroups as alternative? 1265380536 M * daniel_hozac it would need to use some other means of acquiring that data. 1265380538 M * daniel_hozac yeah. 1265380543 M * daniel_hozac and make cgroups required. 1265380554 M * bobnormal daniel_hozac: true but the concepts are similar .. basically a nice interface would be a godsend for less technical users and help improve the userbase 1265380558 M * daniel_hozac since right now they're not even used by default. 1265380623 M * urbee 16:38:16 up 43 days, 6:09, 2 users, load average: 0.01, 7.27, 113.73 1265380661 M * Bertl daniel_hozac: okay, any ideas how to leverage that for cases where we do not use cgroups as there is no memory limiting for example? can we get the required info as in old times by summing up the process info? 1265380693 M * Bertl (maybe with an option or flag or so) 1265380718 M * daniel_hozac sure, we can revert to that API... 1265380729 M * daniel_hozac it's really inaccurate though. 1265380760 M * daniel_hozac sorry, i need to run, i'll bbl. 1265380765 M * Bertl yes, I remember, I'm not saying that should be the default ... just as fallback or so ... 1265380770 M * Bertl np, cya later 1265380846 M * urbee Bertl: any idea bout my issue? 1265380864 M * Bertl sure, first, check with 'vps auxwww' 1265380907 M * Bertl do you see anything out of the usual? i.e. processes being listed 100+ times or so? 1265380919 M * urbee no 1265380925 M * urbee everything seems normal, thats the thing 1265380929 M * urbee this happened twice today 1265380940 M * urbee load up to 340 - cant access machine - in a few minutes all ok 1265380958 M * Bertl what does /proc/meminfo say? (pastebin) 1265380964 M * urbee the host machine has very few clients, with not alot of usage 1265380966 M * urbee sec 1265380977 M * bobnormal whats the name of the netfilter match module that can match on vserver network context id, and is that preferable to just using source address matching 1265381002 M * urbee http://pastebin.com/m745942b2 1265381017 M * Bertl bobnormal: there is none in vanilla patches, there is one on the planet lab kernels though 1265381076 M * Bertl urbee: looks good so far, any unusual messages in dmesg? 1265381083 M * bobnormal bertl: i am using 2.6.31.11-grsec2.1.14-vs2.3.0.36.28 1265381091 M * bobnormal bertl: wont be available? 1265381144 M * Bertl not that I know of .. but no problem there, as Linux-VServer is IP based, so you can easily use IP based matching 1265381145 M * urbee Bertl: nope 1265381163 M * Bertl urbee: do you have process limits on your guests? 1265381175 M * urbee Bertl: no.. 1265381175 M * bobnormal bertl: ok will do 1265381228 M * Bertl urbee: could you upload the output of 'grep PROC /proc/virtual/*/limit' ? 1265381238 M * urbee ye 1265381267 M * urbee http://pastebin.com/m52767b5c 1265381269 M * Bertl bobnormal: the main reason for not having such a target/module is that we could only tag outgoing traffic reliably 1265381320 M * Bertl urbee: so it seems there are times where some of your guests actually have 400+ processes 1265381365 M * Bertl if those times overlap, e.g. 4 am for example is used by many distros to do cleanup and security tasks 1265381366 M * urbee could that happen cause of one client? 1265381390 M * urbee i never had this kind of issue 1265381415 M * Bertl well, it would be beneficial to do some graphing 1265381434 M * urbee is it possible to somehow limit the cpu and ram 1265381448 M * urbee so the clients have a "fair share" of lets say 70% resources 1265381452 M * urbee the rest is reserved for the host machine 1265381452 M * Bertl i.e. record the number of processes, memory and load values every 10 seconds or so 1265381469 M * urbee so when something happens, i can still access the machine 1265381474 M * urbee and check whats happening 1265381502 M * Bertl sure you can do that, you have all the different limits at hand, for cpu, the best choice is the hard cfs, for memory, the RSS limits (we are working on proper cgroup support for that atm) 1265381566 M * urbee that would work then, wouldnt it? it would probably kill user processes but host machine would stay available? 1265381586 M * Bertl well, depends on what really happens 1265381604 M * urbee i doubt there is something on the host machine, since i dont run anything 1265381608 M * urbee the server is 6months old 1265381615 M * urbee its a fsckin HP machine nto some noname crap 1265381624 M * urbee so i doubt there is hardware 1265381630 M * urbee probably some guest is making problems 1265381643 M * Mr_Smoke Well new hardware can be faulty too 1265381648 M * urbee i have checked the processes of all guests but there's nothing strange 1265381663 M * Mr_Smoke Hell, I just had a mobo replaced on a shiny core2quad server 1265381676 M * urbee Mr_Smoke yea i know but usualy the server tells there's something wrong 1265381677 M * urbee :/ 1265381682 M * urbee its a dl380 g5 machine 1265381685 M * urbee it should! 1265381705 M * Mr_Smoke Well, maybe the enormous load is its way of telling you :) nothing worth of interest in your kernel log ? 1265381758 M * urbee kernel log? 1265381759 M * urbee dmesg ? 1265381808 M * urbee dont run kernel log 1265381811 M * urbee maybe i should :) 1265381817 M * Bertl usually high load is caused by processes which want to run, but, for whatever reason cannot 1265381819 M * urbee or am i? 1265381838 M * Mr_Smoke urbee: you probably are ... syslog-ng puts this in /var/log/messages 1265381855 M * Mr_Smoke metalog would put that into /var/log/kernel/current 1265381868 M * urbee um how do i check the last 200 lines 1265381869 M * urbee only 1265381880 M * Bertl tail 1265381885 M * urbee tail -n 1265381887 M * urbee i guess :p 1265381934 M * urbee hhuhu 1265381947 M * urbee http://pastebin.com/md47e314 1265381953 M * urbee alot of this :) 1265381972 Q * opuk Ping timeout: 480 seconds 1265381983 M * Bertl urbee: there you go 1265381986 M * Mr_Smoke yup 1265381997 M * urbee eb 5 14:18:23 box2 kernel: [3728993.149575] vxW: [ps,31147:#1004|1004|1004] did lookup hidden devpts:ffff88007f7e5c20[#0,4] /dev/pts/1. 1265382000 M * urbee and this 1265382013 M * Bertl that was probably you :) 1265382022 M * urbee Feb 5 16:39:11 box2 sshd[1253]: Invalid user alias from 92.46.123.11 1265382027 M * urbee that aint me :P 1265382034 M * urbee someone trying to login, i guess some bots?:) 1265382040 M * urbee but that 1265382043 M * urbee exim was the issue i guess 1265382046 M * urbee how do i find out which server 1265382048 M * urbee which guest 1265382050 M * urbee is causing 1265382092 M * Bertl that's a little tricky, you can do that with a simple kernel modification though 1265382112 M * Bertl otherwise monitoring the number of processes in a guest is your best chance 1265382123 M * urbee shouldnt it show in guest log 1265382124 M * urbee inside? 1265382128 M * urbee the same error 1265382129 M * urbee or something 1265382133 M * urbee or maybe exim log? 1265382144 M * Bertl no, that's a kernel message, but you can check the exim logs, yes 1265382146 M * urbee i got 10 users here so theres no problem in checking 1265382157 M * urbee but this is a software error right' 1265382159 M * urbee not hardware 1265382178 M * Bertl most likely a remote exploit being exercised 1265382183 M * urbee 2010-02-05 16:04:17 queue run: process 2522 crashed with signal 11 while delivering 1NI8hw-0007xq-76 1265382189 M * urbee this is in the first guest i checked :p 1265382195 M * urbee alot of it 1265382202 M * Bertl (or an unfortunate misconfiguration of exim) 1265382223 M * Bertl your guests are 32bit? 1265382235 M * urbee yes 1265382236 J * opuk ~kupo@pipe.intertubez.net 1265382245 M * Bertl host maybe 64bit? 1265382248 M * urbee yes 1265382254 M * urbee mixed 64/32 1265382255 M * urbee i guess 1265382262 M * Bertl do you have the personality set for the 32bit guests? 1265382265 M * urbee not on all of them 1265382277 M * urbee i'm running directadmin for quite a while 1265382281 M * urbee remember when i had the issue with it 1265382289 M * urbee i guess they changed something in their install 1265382292 M * Bertl that could be causing this too, although it is rather unusual 1265382308 M * urbee i'll just go reinstall the whole system and enable personality first 1265382314 M * urbee i got a feeling this guest is hacked anyway 1265382346 M * Bertl that would be my first guess (that it was a possibly successful remote exploit) 1265382388 J * derjohn_mob ~aj@tmo-108-32.customers.d1-online.com 1265382521 M * urbee thanks to both of u for helping diagnose the issue :p 1265382539 M * Mr_Smoke didn't do much :) 1265383240 M * Bertl np 1265383332 M * bobnormal urbee: if worried about attacks try grsec patch :) 1265383378 M * urbee grsecurity 1265383390 M * bobnormal yep 1265383396 M * urbee had that before but never with a vserver kernel 1265383429 M * bobnormal i successfully applied it for the first time just a few days ago, used 2.6.31.11-grsec2.1.14-vs2.3.0.36.28 1265383439 M * bobnormal seems to work fine so far 1265383501 M * bobnormal just find the vanilla linux source matching the kernel version on kernel.org, extract to /usr/src/linux-blah then cd linux-blah;wget http://that-patch-from/~harry/whatever;patch -p1 /interfaces/0/rules ? 1265390609 M * Bertl something like that 1265390622 M * Bertl maybe have a chat with daniel_hozac (when he is back) 1265390722 M * bobnormal ok 1265390767 M * bobnormal potential issue around iptables rule spec ... SNAT which is a common case requires '.... --to $myip'. setting this statically hurts vserver portability as it is host configuration specific. 1265391226 Q * kir Quit: Leaving. 1265391494 Q * thierryp Ping timeout: 480 seconds 1265391958 M * bobnormal gotta go, back monday ;) 1265391961 Q * bobnormal Quit: ! 1265392493 J * Chlorek ~cokolwiek@c.sed.pl 1265392703 Q * imcsk8 Quit: Leaving 1265392826 Q * derjohn_mob Ping timeout: 480 seconds 1265393729 Q * barismetin Quit: Leaving... 1265394338 N * fzylogic_home fzylogic 1265396589 J * hijacker ~hijacker@87-126-142-51.btc-net.bg 1265396734 J * niki ~niki@94.145.207.11 1265397013 Q * gnuk Quit: NoFeature 1265397347 J * derjohn_mob ~aj@e180193011.adsl.alicedsl.de 1265398361 P * petzsch 1265398800 J * ktwilight ~keliew@189.15-240-81.adsl-dyn.isp.belgacom.be 1265400431 Q * Mr_Smoke Read error: Connection reset by peer 1265400476 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com 1265400510 J * Mr_Smoke smokey@layla.lecoyote.org 1265401055 J * thierryp ~thierry@home.parmentelat.net 1265402061 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1265403554 Q * BenG Quit: I Leave 1265403717 Q * nkukard Quit: Leaving 1265404119 M * Bertl off to bed now ... have a good one everyone! 1265404124 N * Bertl Bertl_zZ 1265406301 Q * fleischergesell Ping timeout: 480 seconds 1265406302 Q * hijacker Quit: Leaving 1265408054 Q * bonbons Quit: Leaving 1265409099 J * petzsch ~markus@dslb-094-222-178-229.pools.arcor-ip.net 1265410015 J * imcsk8 ~ichavero@148.229.1.11 1265410566 M * urbee how safe is running openvcp webinterface 1265410574 M * urbee on a guest vserver 1265410579 M * urbee with shared hostings? 1265410596 M * urbee if someone hacks in, that would mean he gets full access to all the nodes? 1265412206 M * dowdle urbee: What are you concerned about getting hacked? vserver or openvcp? 1265413520 J * ghislain1 ~AQUEOS@adsl2.aqueos.com 1265413597 Q * dna Quit: Verlassend 1265413839 Q * ghislain Ping timeout: 480 seconds 1265413993 J * nkukard ~nkukard@196.212.73.74 1265414067 Q * imcsk8 Quit: Leaving