1271206261 J * ntrs ~ntrs@77.28.30.63 1271206577 Q * imcsk8 Quit: Leaving 1271206743 Q * ntrs Ping timeout: 480 seconds 1271210953 J * jrklein ~jrklein@2001:0:53aa:64c:0:50a4:b97d:df43 1271213641 Q * Wonka Ping timeout: 480 seconds 1271213819 J * Wonka ~produzier@chaos.in-kiel.de 1271214050 J * SauLus_ ~SauLus@c207237.adsl.hansenet.de 1271214426 Q * SauLus Ping timeout: 480 seconds 1271214426 N * SauLus_ SauLus 1271216917 Q * jrklein Quit: jrklein 1271218823 J * MeCooL ~mecool@94.129.137.74 1271220015 A * MeCooL Brb Working 1271222713 J * petzsch ~markus@dslb-092-078-117-069.pools.arcor-ip.net 1271223472 Q * balbir Ping timeout: 480 seconds 1271223493 Q * bsarora Ping timeout: 480 seconds 1271223871 P * petzsch 1271224063 J * bsarora ~balbir@122.172.165.218 1271224080 J * balbir ~balbir@122.172.165.218 1271225307 J * sharkjaw ~gab@90.149.121.45 1271225735 M * Bertl off to bed now ... have a good one everyone! 1271225768 N * Bertl Bertl_zZ 1271226055 Q * derjohn_foo Ping timeout: 480 seconds 1271227392 J * ntrs ~ntrs@77.29.85.100 1271228092 J * ghislain ~AQUEOS@adsl2.aqueos.com 1271228755 J * derjohn_foo ~aj@213.238.45.2 1271229192 J * _WildPIkachu_ ~nkukard@196-210-182-57-wrbs-esr-2.dynamic.isadsl.co.za 1271229242 Q * nkukard_ Ping timeout: 480 seconds 1271229781 Q * MeCooL Ping timeout: 480 seconds 1271231803 Q * ntrs Ping timeout: 480 seconds 1271232563 J * barismetin ~barismeti@zanzibar.inria.fr 1271232650 J * CR ~christo.r@194-188-140-250.inga.fi 1271232845 M * CR I'm running ubuntu-desktop in a VServer. I'd like to be able to shut down the computer when I push the "Shut down" button in the guest.. 1271234800 M * CR I'm running ubuntu-desktop in a VServer. I'd like to be able to shut down the computer when I push the "Shut down" button in the guest... 1271234809 M * hijacker how do you push the "shut down" button in a guest?! 1271234817 M * hijacker ;-) 1271234826 M * hijacker also please, do not repeat yourself. 1271234992 M * CR hijacker: I'm running X 1271235071 M * hijacker ah, right, you mean you execute a shutdown command within a guest? 1271235102 Q * ktwilight Read error: Connection reset by peer 1271235132 J * MeCooL mecool@94.128.75.113 1271235136 J * ktwilight ~keliew@91.180.51.13 1271235951 M * CR If I press "Shut down" from inside the guest I'm returning to the "login to host" console screen 1271235973 M * CR hijacker: yep, that is what I meant 1271236018 M * speed47 adding the possibility of shutting down the host from inside a guest sort of defeats the very purpose of vservers... which is probably why it's not easy to do it... 1271236058 M * speed47 maybe there's a capability or flag that allows this ? 1271236166 M * speed47 http://linux-vserver.org/Capabilities_and_Flags 1271236210 M * CR yep, that's probably why it's seems hard to accomplish.. 1271236228 M * CR thanks, Ill check the page. 1271236381 J * ktwilight_ ~keliew@232.253-64-87.adsl-dyn.isp.belgacom.be 1271236388 Q * ktwilight Read error: Connection reset by peer 1271237144 M * CR I've now tried the SYS_BOOT capability..no luck 1271237175 M * CR I know that this is a bit off-topic, but could you guys give me some ideas on this: 1271237346 M * PowerKe not the most elegant solution probably, but you could create a script that uses ssh to call shutdown on the host 1271237460 J * BenG ~bengreen@cpc2-aztw22-2-0-cust521.aztw.cable.virginmedia.com 1271237543 M * CR I'm setting up a few computers for a local library. They've had a few computers there, but the those were filled with files/software/crap that the library guests put there, so the OS:es were running slow etc. SO, they want me to fix up a couple of new computers with a better system. The OS is going to be Linux/Ubuntu. a) I'd like to jail the users in a container so that they cant do stupid stuff to the system. b) I'd like the "container" system to b 1271237642 M * CR PowerKe: Thanks for the idea 1271237721 M * PowerKe you could re-image the system on boot (over the network or from a second partition) or use a read-only base filesystem with a read-write layer on top of it that gets wiped on boot. 1271237789 M * CR PowerKe: Aa.. thanks for the tip. 1271237824 M * CR How would you meet the "user jail/lock" requirement? 1271237971 M * CR ..at one time I even considered putting a Live Ubuntu CD in a "hidden" optical station (inside the computer case somewhere....)..thus the users could make all the changes in the world (that's possible with a live CD distro) but the system would reset on every boot. 1271238044 Q * BenG Quit: I Leave 1271238182 M * CR PowerKe: aa..sorry, now I see that your idea covers both requirements 1271238276 J * ghislain1 ~AQUEOS@adsl2.aqueos.com 1271238533 Q * ghislain Read error: Operation timed out 1271238868 J * dna ~dna@65-197-103-86.dynamic.dsl.tng.de 1271239322 Q * _WildPIkachu_ Ping timeout: 480 seconds 1271239349 J * _WildPIkachu_ ~nkukard@196-210-182-57-wrbs-esr-2.dynamic.isadsl.co.za 1271241242 J * gnuk ~F404ror@pla93-3-82-240-11-251.fbx.proxad.net 1271242347 M * Guy- CR: you could even make it all netbootable 1271243634 J * Pazzo ~ugelt@host156-36-static.14-79-b.business.telecomitalia.it 1271243903 Q * balbir Ping timeout: 480 seconds 1271247015 J * thierryp ~thierry@zankai.inria.fr 1271247125 Q * C14r Remote host closed the connection 1271247822 J * ntrs ~ntrs@77.29.112.222 1271248099 J * jrklein ~jrklein@2001:0:53aa:64c:0:65f0:b97d:df43 1271248265 J * balbir ~balbir@122.172.165.218 1271250290 Q * balbir Ping timeout: 480 seconds 1271250377 Q * bsarora Ping timeout: 480 seconds 1271250719 J * jrklein_ ~jrklein@2001:0:53aa:64c:0:7f42:b97d:df43 1271250736 Q * jrklein Ping timeout: 480 seconds 1271250736 N * jrklein_ jrklein 1271252628 Q * MeCooL Ping timeout: 480 seconds 1271252696 Q * FireEgl Ping timeout: 480 seconds 1271254324 J * ntrs_ ~ntrs@77.29.85.100 1271254651 J * balbir ~balbir@122.172.165.218 1271254702 Q * cehteh Quit: Coyote finally caught me 1271254765 Q * ntrs Ping timeout: 480 seconds 1271254995 J * cehteh ~ct@pipapo.org 1271255275 J * bsarora ~balbir@122.172.165.218 1271255721 Q * bsarora Read error: Connection reset by peer 1271255734 Q * balbir Read error: Connection reset by peer 1271256253 N * Bertl_zZ Bertl 1271256256 M * Bertl morning folks! 1271256332 J * balbir ~balbir@122.167.250.55 1271256353 J * bsarora ~balbir@122.167.250.55 1271257200 Q * sharkjaw Remote host closed the connection 1271257924 Q * bsarora Remote host closed the connection 1271257924 Q * Romster Write error: connection closed 1271258107 Q * balbir Ping timeout: 480 seconds 1271258204 N * DoberMann[ZZZzzz] DoberMann[PullA] 1271258325 Q * Pazzo Quit: Bye! 1271258330 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1271258869 J * FireEgl FireEgl@2001:470:e056:1:223:54ff:fe89:b207 1271259127 Q * Romster Ping timeout: 480 seconds 1271259342 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1271259378 J * Pazzo ~ugelt@host156-36-static.14-79-b.business.telecomitalia.it 1271259386 Q * dna Quit: Verlassend 1271259615 Q * ntrs_ Read error: Connection reset by peer 1271259626 J * ntrs_ ~ntrs@77.28.12.153 1271259795 Q * Pazzo Quit: Bye! 1271260162 J * Romster ~romster@202.168.100.149.dynamic.rev.eftel.com 1271260200 M * Bertl off to grab some groceries ... bbl 1271260203 N * Bertl Bertl_oO 1271260925 Q * thierryp Quit: ciao folks 1271261039 Q * _WildPIkachu_ Quit: Leaving 1271261610 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1271262283 J * imcsk8 ~ichavero@148.229.1.11 1271262852 J * balbir ~balbir@122.167.250.55 1271263291 J * petzsch ~markus@dslb-092-078-117-069.pools.arcor-ip.net 1271264894 Q * barismetin Remote host closed the connection 1271265353 Q * gnuk Quit: NoFeature 1271265427 N * Bertl_oO Bertl 1271265430 M * Bertl back now ... 1271265651 J * MeCooL mecool@94.128.74.35 1271265845 Q * derjohn_foo Ping timeout: 480 seconds 1271266441 Q * bonbons Quit: Leaving 1271266829 J * derjohn_foo ~aj@c193120.adsl.hansenet.de 1271268735 Q * balbir Ping timeout: 480 seconds 1271268908 Q * petzsch Ping timeout: 480 seconds 1271269732 Q * ncopa Quit: Ex-Chat 1271270361 Q * Loki|muh Remote host closed the connection 1271270364 J * Loki|muh ~loki@satanix.de 1271270425 Q * ntrs_ Ping timeout: 480 seconds 1271272360 Q * MeCooL Ping timeout: 480 seconds 1271272458 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d 1271272513 J * petzsch ~markus@dslb-092-078-117-069.pools.arcor-ip.net 1271272827 Q * jrklein Quit: jrklein 1271273670 J * nkukard ~nkukard@196-210-182-57-wrbs-esr-2.dynamic.isadsl.co.za 1271274651 J * ntrs ~ntrs@77.28.162.77 1271275303 Q * derjohn_foo Ping timeout: 480 seconds 1271275872 J * derjohn_foo ~aj@c193120.adsl.hansenet.de 1271275945 J * ntrs_ ~ntrs@77.29.114.233 1271276373 Q * ntrs Ping timeout: 480 seconds 1271277463 J * nkukard_ ~nkukard@196-210-182-57-wrbs-esr-2.dynamic.isadsl.co.za 1271277970 J * nimmersatt ~chatzilla@HSI-KBW-095-208-000-203.hsi5.kabel-badenwuerttemberg.de 1271278055 M * nimmersatt hi Bertl, hi #vserver 1271278078 M * Bertl hi nimmersatt! :) 1271278411 M * nimmersatt i have some problems regardig per vserver routing - i am testing a mysql conection - everythig works great - then after ~5min the connection on the vserver is lost for 1-4mins after that it is working again for a few minutes - the vserver is able to ping the destionation box (a vserver on another physical server) when it is not possible to connect to the mysql server @ the same time. the... 1271278412 M * nimmersatt ...host on the other hand is able to connet to the mysql server @ any time - do you have any ideas? 1271278461 M * Bertl sounds like a router or switch having problems with either STP or arp caches 1271278518 M * nimmersatt it is one hop - just a switch - in between 1271278547 M * Bertl what does tcpdump (or wireshark) record when this happens? 1271278557 M * Bertl could also be a rate limit? 1271278563 M * nimmersatt it seems the connection just hangs 1271278568 M * nimmersatt no rate limit enabled 1271278573 Q * bonbons Quit: Leaving 1271278581 M * nimmersatt iptables also disabled 1271278585 M * nimmersatt i will do a pastebn 1271278695 M * nimmersatt maybe it is the debian kernel ;) http://pastebin.org/151345 1271278712 M * nimmersatt 2.6.32-4-vserver-amd64 1271278786 M * nimmersatt the solid block is the -no connection possible- timeframe 1271278849 M * Bertl so no reply is recorded? 1271278863 M * nimmersatt yes - bur icmp is possible 1271278865 M * Bertl do you tcpdump on the mysql server or the client? 1271278867 M * nimmersatt on the vserver 1271278874 M * nimmersatt and mysql on the hostbox 1271278880 M * nimmersatt (connection) 1271278886 M * Bertl so you tcpdump on the host? 1271278895 M * nimmersatt on the client 1271278914 M * nimmersatt i will look if the server 1271278923 M * nimmersatt recieves the request 1271278932 M * nimmersatt one sec 1271279400 J * jrklein ~jrklein@2001:0:53aa:64c:0:373a:63e5:f73e 1271279401 M * nimmersatt tcpdump -i eth1 src or dst 10.3.253.10 // no output 1271279436 M * Bertl maybe it leaves via eth0 or different interface? 1271279440 M * nimmersatt on the mysql vserver 1271279456 M * nimmersatt out output either 1271279460 M * nimmersatt no 1271279480 M * nimmersatt with eth0 1271279502 N * DoberMann[PullA] DoberMann[ZZZzzz] 1271279539 M * nimmersatt ok the connection is working again - and ow i get output on eth1 on the mysql vserver 1271279570 M * Bertl so for whatever reason, mysql or the network stack decides that there is nothing to do 1271279575 M * nimmersatt so the packets are not reaching the other box 1271279585 M * Bertl ah, so no input either? 1271279590 M * nimmersatt mysql is working 1271279596 M * nimmersatt on the same time 1271279615 M * nimmersatt i just need to connect from another box or the host 1271279615 M * Bertl that means, that your 'switch' doesn't know where to send them, check that the box replies to arp requests 1271279626 M * nimmersatt ok 1271279662 M * nimmersatt the strange thing is that icmp ping is working 1271279672 M * nimmersatt inside client to mysql server 1271279739 M * Bertl not necessary 1271279751 M * nimmersatt ARPING 10.3.253.2 1271279751 M * Bertl icmp can be answered by any device on the route 1271279753 M * nimmersatt 60 bytes from 00:e0:81:4c:e2:4d (10.3.253.2): index=0 time=35.048 usec 1271279754 M * nimmersatt 60 bytes from 00:e0:81:4c:e2:4d (10.3.253.2): index=1 time=32.902 usec 1271279759 Q * hijacker_ Quit: Leaving 1271279782 M * nimmersatt but i can only arping on the host 1271279791 M * nimmersatt or i need to add caps 1271279810 M * Bertl no need to do anything on the guest 1271279829 M * nimmersatt it working on the host all the time 1271279831 M * Bertl networking happens on the host anyway 1271279840 M * nimmersatt i am using per vserver routing 1271279846 M * nimmersatt ip add rule 1271279857 M * Bertl you can't 'route' per guest, only per IP(s) 1271279864 M * Bertl which again happens on the host 1271279869 M * nimmersatt hmm 1271279872 M * nimmersatt thats right 1271279890 M * nimmersatt but the host has 2 new routing tables 201 & 201 1271279904 M * nimmersatt with are using a different gw 1271279929 M * nimmersatt than i use ip rule add & ip route add to use the new table 1271279942 M * Bertl that is fine, but also affects the host, if you use one of the IPs in the rule 1271279943 M * nimmersatt and it *seems* to work 1271279950 M * nimmersatt except the outages 1271279951 M * Bertl i.e. you can test that on the host as well 1271279975 M * Bertl IMHO the packet is either dropped or routed to the wrong destination 1271279990 M * nimmersatt hmm - but what if the connection on the host is working always and the inside the vserver not? 1271280009 M * Bertl you are not use the guest IP _on_the_host_ :) 1271280021 M * nimmersatt nooo ;) 1271280034 M * nimmersatt but one nic is on the same /16 subet 1271280035 M * Bertl anyway, if there really is just a switch between those machines 1271280037 Q * ghislain1 Quit: Leaving. 1271280050 M * nimmersatt just a Gbit switch 1271280053 M * nimmersatt no router 1271280073 M * Bertl my money would be on a different host (on the same switch) using the guest IP (or at least _a_ guest IP) 1271280105 M * Bertl this setup usually results in the switch bouncing between both hosts 1271280153 J * aj__ ~aj@c135068.adsl.hansenet.de 1271280201 M * nimmersatt is there a way to get around this? 1271280213 M * nimmersatt the ip is unique 1271280221 M * Bertl sure about that? 1271280254 M * nimmersatt if i shutdown the vserver i am not able to ping the ip anymore 1271280270 M * nimmersatt on a flat network - i guess yes ;) 1271280276 M * Bertl which, again, isn't a very good test :) 1271280283 M * nimmersatt maybe my switch is broken 1271280309 M * Bertl nowadays (maybe except for debian :) linux machines do not answer pings by default 1271280342 M * nimmersatt there are just 14 boxes 1271280350 M * nimmersatt i can double check the ps 1271280352 M * nimmersatt ips 1271280361 M * Bertl then run 'ip a ls' on each of them, just to make sure 1271280366 M * nimmersatt yes 1271280557 Q * derjohn_foo Ping timeout: 480 seconds 1271280636 M * nimmersatt the ip only bound to the vserver - that is super strange 1271280649 M * Bertl means? 1271280659 M * nimmersatt it is unique 1271280689 M * Bertl okay, check the arp entries (with arp) on the client, when this happens 1271280702 M * Bertl compare them between before it happens and when it happens 1271280732 M * Bertl and yeah, checking with a different switch would be a good idea too 1271280738 M * Bertl (just to make sure :) 1271280791 M * nimmersatt i have a backup switch here in my office - i will go to the DC tomorrow 1271280821 M * nimmersatt now rerunning the test - i did do a arp -an > lala before 1271281990 M * nimmersatt the arp entry is there - before, during & after the problem 1271282017 M * Bertl and the packet leaves the interface on the client, but doesn't reach the other host 1271282028 M * Bertl so IMHO the switch is doing something wrong here :) 1271282033 M * nimmersatt yes 1271282046 M * nimmersatt so it seems the switch is responsible 1271282054 M * nimmersatt yes 1271283161 M * PowerKe unless it's a layer 3 switch, it shouldn't care about IP's and there'd be no difference between guest and host packets to the switch 1271283226 M * PowerKe are you sure it's not a dns problem when mysql tries to reverse the IP to get the hostname to check security? 1271283346 M * nimmersatt it is working 85% of the time 1271283367 M * nimmersatt i dont think that is triggered by a mysql security check 1271283376 M * nimmersatt http://pastebin.org/151486 1271283400 M * nimmersatt 10.3.0.6 is the host of the vserver mysql-client 1271283412 M * nimmersatt 10.3.253.2 is the mysql vserver 1271283434 M * nimmersatt 10.3.253.10 is the mysql-client vserver 1271283456 M * nimmersatt Bertl: as you can see the host is able to connect 1271283503 M * nimmersatt arping is also working while the vserver is unable to connect as the packets dont reach the dst 1271283526 M * Bertl when you 'connect' from the host, use the guest IP 1271283550 M * Bertl i.e. either specify the source IP or use ncontext 1271283550 M * nimmersatt i did use telnet on the mysql port 1271283550 M * PowerKe the dump was made on the 10.3.0.6 / 10.3.253.10 machine? 1271283563 M * nimmersatt how can i use the guest ip from the host 1271283568 M * nimmersatt yes 1271283576 Q * petzsch Quit: Leaving. 1271283600 Q * jrklein Quit: jrklein 1271283615 M * nimmersatt the dump on the mysql server is empty - while the vserver tries to connect 1271283698 M * PowerKe it's strange that the switch would sometimes give problems when connecting from the guest-ip and never from the host-ip 1271283742 M * PowerKe the only difference on those packets is in the payload that the switch should not inspect, but the ethernet headers of those packets should be exactly the same 1271283835 M * nimmersatt i wait for the next problem timeframe - then i use the telnet with -b to bind to the guest ip 1271283843 M * nimmersatt just a matter of minutes 1271283846 M * nimmersatt ;) 1271283932 M * PowerKe maybe add -e to the tcpdump to confirm the ethernet adresses 1271283974 M * nimmersatt done 1271284038 M * nimmersatt same situaltion - i will prepare a new pastebin 1271284137 M * nimmersatt http://pastebin.org/151511 1271284211 M * nimmersatt hmm not the same situation 1271284227 M * nimmersatt it seems the packets using the .10 ip are now reaching the server 1271284253 M * nimmersatt the 0.6 ip is not used - so the -b option works 1271284269 M * nimmersatt witch makes everthing even stranger to me 1271284308 M * nimmersatt why can the host reach the dst with the same IP as the vserver 1271284322 M * nimmersatt while the vserver cannot reach the dst.... 1271284356 M * PowerKe the mysql server is not replying from the same interface as it receives the requests 1271284532 M * Bertl which confuses the switch, and leads to repeated arp table drops 1271284602 M * nimmersatt ok - i will recheck the tcpdump on the mysql-server 1271284671 M * PowerKe check to which interfaces the mac addresses belong and find out why the replies come from another interface 1271284685 M * nimmersatt thank you very much :) 1271284696 M * nimmersatt i am on the right track now - i guess 1271284733 M * nimmersatt i will disable a interface on the mysql server for testing 1271284755 M * nimmersatt i just need to ensure that my serial connection is working 1271284855 M * PowerKe the switch should not be confused as it only cares about the mac addresses and not the ip's. 1271284882 M * PowerKe arp tables on the computers will get messed up though 1271284918 J * C14r ~C14r@mail.cipworx.de 1271285735 Q * ntrs_ Ping timeout: 480 seconds 1271286540 Q * urbee Ping timeout: 480 seconds 1271286926 J * urbee ~urbee@93-103-199-233.dynamic.dsl.t-2.net