1297814459 Q * cokolwiek Ping timeout: 480 seconds
1297815453 Q * bonbons Quit: Leaving
1297815459 J * Chlorek ~cokolwiek@c.sed.pl
1297815467 N * Chlorek cokolwiek
1297815518 J * Chlorek ~nobody@jail.c.sed.pl
1297817862 Q * dowdle Remote host closed the connection
1297821633 J * bsingh ~balbir@122.172.12.41
1297822011 Q * ryker Quit: Leaving.
1297827759 Q * manana Remote host closed the connection
1297828027 J * ryker ~ryker@c-76-16-115-27.hsd1.in.comcast.net
1297830056 N * Bertl_zZ Bertl
1297830062 M * Bertl morning folks!
1297833018 Q * neofutur Remote host closed the connection
1297833020 J * neofutur ~neofutur@xena.ww7.be
1297834083 Q * Piet Remote host closed the connection
1297834130 J * Piet ~Piet__@04ZAACP3E.tor-irc.dnsbl.oftc.net
1297838749 J * petzsch ~markus@dslb-088-075-164-170.pools.arcor-ip.net
1297839540 Q * hparker Quit: Quit
1297839753 Q * petzsch Quit: Leaving.
1297844528 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1297845126 J * thierryp ~thierry@zankai.inria.fr
1297846287 Q * BenG Quit: I Leave
1297846577 M * swenTjuln hi Bertl! I've a question: Is it possible(planed) to implement some kind of "live migration" in VServer?
1297846748 M * Bertl possible sure, planned as part of Linux-VServer no, mainly because I consider it a marketing feature with little actual benefit (and lot of maintainance work)
1297847007 M * DelTree "marketting feature"... not so sure...
1297847054 M * Bertl well, give me a real-world case where you need live migration and cannot achieve that by wraping the entire host in xen or kvm?
1297847086 M * DelTree why should I need xen or kvm ?
1297847124 M * Bertl for example to 'live migrate' a complete host when there is hardware maintainance
1297847168 M * DelTree why should I need xen or kvm to do live migration...
1297847170 M * swenTjuln Bertl: well, I mainly use vserver becouse of no overhead benifit
1297847193 M * swenTjuln and so if I were to virualize VServer host I lose this advantage
1297847220 M * Bertl not really
1297847228 M * swenTjuln no?
1297847268 M * Bertl you add the overhead of a single virtualization layer, but the main advantage of OS level isolation solutions (the scaleability and the sharing) remains
1297847305 M * Bertl but if you do not need live migration or some kind of snapshoting, then you can easily do without that layer of course
1297847380 M * swenTjuln Bertl: "the overhead of a virtualization layer" is what im trying to avoid :D
1297847425 M * swenTjuln but i agree with you - it's a lot of work and it's not so VServer-ish :D But it would come very handy sometimes
1297847446 M * Bertl still waiting for the real-world example :)
1297847530 M * DelTree Bertl: it will be hiding in xen as long as it has no room in vserver...
1297847531 M * swenTjuln OK: lets say i like to "contextualize" a low latency service and I would like to do a hardware maintenance
1297847563 M * Bertl DelTree: no idea what you are trying to communicate
1297847599 M * swenTjuln every hw virtualization technology has quite a bit of overhead (despite of what they claim)
1297847605 N * ensc Guest1553
1297847615 J * ensc ~irc-ensc@p5DF2F202.dip.t-dialin.net
1297847615 M * swenTjuln esspecially when you run lots of guests on same hardware
1297847616 M * DelTree Bertl: maybe you're waiting for the real-world example because it's using xen and you can't see it...
1297847629 M * Bertl swenTjuln: you need a shared filesystem to get low latency switchover in a failure case, so that's already available ... stopping and starting the guest should be quick and simple
1297847678 M * Bertl if the service is designed for failover, you can even 'migrate' to the other machine without losing any connections
1297847708 M * swenTjuln Bertl: container itself can stop and start quickly but sevices within mignt not
1297847739 M * swenTjuln *might*
1297847773 Q * Guest1553 Ping timeout: 480 seconds
1297847830 M * Bertl so instead, you basically slow the service down to a crawl to 'live migrate' it over (which requires special shared data/network environment anyway) just to keep a service alive, which in case of a hardware failure will require a restart anyway
1297847883 M * Bertl OTOH, if you prepared your setup for high availability, a service with slow startup and no failover is a no-no anyway
1297847957 M * Bertl DelTree: once mainline implements proper live migration (e.g. via the freezer stuff) Linux-VServer will support/use that as well ...
1297847960 M * swenTjuln Bertl: you defenitely have a point there, but sometimes slow service is better than no service. 
1297848003 M * swenTjuln anyhow - VServer is a great project and I love it. One can wish for "cherry on a top", no?
1297848338 M * Bertl sure you can wish :)
1297848615 M * swenTjuln Bertl: once I noticed you've said that 2.6.36 is first 'good' kernel since 2.6.22(or sth). Care to outline why? Is it regarding VServer?
1297848636 M * Bertl no, completely Linux-VServer unrelated
1297848641 J * bonbons ~bonbons@2001:960:7ab:0:2c0:9fff:fe2d:39d
1297848663 M * Bertl the I/O performance and response time for typical server setups degraded after 2.6.22
1297848678 M * Bertl and reached an all time low around 2.6.25 or so
1297848703 M * Bertl 2.6.36 is the first mainline kernel which has reasonable performance with good server latency
1297848711 M * Bertl (after 2.6.22 :)
1297848794 M * swenTjuln thank you
1297848879 M * Wonka are the debian 2.6.35 vserver kernels fixed or do they still not have both reasonable performance with good server latency?
1297848911 M * Bertl no idea, I do not test/use the debian kernels
1297848930 M * Wonka mh :/
1297848938 M * Wonka they're quite easy to use ;)
1297849034 M * Bertl really? last time I checked, I wasn't even able to figure out what patches they use :)
1297849272 M * daniel_hozac and they tend to be broken in more ways than they work...
1297849867 M * swenTjuln and Ubuntu kernels...are those any better?
1297850530 Q * bsingh Ping timeout: 480 seconds
1297850530 Q * bsarora Ping timeout: 480 seconds
1297851070 J * bsarora ~balbir@122.172.11.78
1297851094 J * bsingh ~balbir@122.172.11.78
1297851548 J * lllvvvlllvvv ~blagoj@89.205.105.228
1297851702 J * manana ~mayday090@84.17.25.149
1297851991 Q * lllvvvlllvvv1 Ping timeout: 480 seconds
1297852190 J * harobed ~stephane@pda57-1-82-231-115-1.fbx.proxad.net
1297853263 M * harobed hi, an idea about http://thread.gmane.org/gmane.linux.vserver/18962 ?
1297853294 M * harobed Subject : « If I start guest3 after guest1 and guest2, guest1 and guest2 lose their Internet access »
1297853704 M * Bertl harobed: kernel/patch/util-vserver version and the guest configs?
1297853728 M * harobed what ? 
1297853738 M * harobed Bertl, where can I see that ?
1297853744 M * harobed ha
1297853745 M * harobed ok
1297853755 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines)
1297853791 M * harobed # uname --all
1297853792 M * harobed Linux hosting11 2.6.26-1-vserver-686 #1 SMP Fri Mar 13 21:04:35 UTC 2009 i686 GNU/Linux
1297853817 M * Bertl that looks very much like the 'known broken' debian kernel :)
1297853823 M * harobed util-vserver : 0.30.216~r2772-6
1297853861 M * Bertl okay, and the guest config(s)?
1297853895 M * harobed how can I get guest config ?
1297853934 M * Bertl they are stored in /etc/vservers/<name>
1297853957 M * Bertl either pack up the entire directory or traverse it and list the files and their contents
1297853980 M * harobed apps  cache  context  cpuset  fstab  interfaces  name  run  uts  vdir
1297853995 M * Bertl (recursively)
1297853997 M * harobed ok
1297854053 M * harobed http://pastebin.com/hG1vauxf
1297854093 M * harobed http://pastebin.com/9a9mr6mF
1297854104 M * harobed first is guest1, second is guest3
1297854122 M * Bertl k, what's in 0/{dev,ip,prefix} ?
1297854194 M * harobed eth0,10.0.0.101,8
1297854216 M * Bertl and similar for the guest2/3 ?
1297854221 M * harobed and eth0,10.0.0.110,8
1297854252 M * Bertl okay, is promote secondaries enabled?
1297854268 M * harobed what ?
1297854287 M * harobed net.ipv4.conf.all.promote_secondaries=1 ?
1297854294 M * harobed it's that ?
1297854311 M * harobed I've append this line, but I haven't rebooted
1297854311 M * Bertl yep, also enabled for eth0?
1297854333 M * harobed what ? enabled for eth0
1297854333 M * Bertl appended means?
1297854361 M * Bertl what does 'sysctl -a | grep promote' give?
1297854391 M * harobed http://pastebin.com/KaRrGRzH
1297854411 M * harobed ok, it's this problem ?
1297854413 M * Bertl so disabled, that's your problem
1297854419 M * harobed thanks
1297854421 M * Bertl http://linux-vserver.org/Frequently_Asked_Questions#If_I_shut_down_my_vserver_guest.2C_the_whole_Internet_interface_ethX_on_the_host_is_shut_down.__What_happened.3F
1297854435 M * Bertl basically this happens, just withing the 10.x range
1297854440 M * harobed thanks
1297854447 M * Bertl you're welcome!
1297854458 M * harobed I need to going to swimming pool now :)
1297854461 M * Bertl and you should consider upgrading that broken kernel of yours
1297854465 M * harobed ok
1297854467 M * harobed thanks
1297854473 M * Bertl have fun!
1297854955 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1297855577 J * ktwilight_ ~keliew@91.176.209.24
1297855833 M * Mr_Smoke Hello here :)
1297855855 M * Bertl Hello there :)
1297855865 Q * ktwilight__ Ping timeout: 480 seconds
1297855871 M * Mr_Smoke Hey there Bertl, quick question. You wrote a mail a couple of months ago about stabilization. Do you think that will happen sometime during spring ?
1297855921 M * Bertl yes, I presume so
1297855936 M * Bertl but not sure how fast we can go there
1297855979 M * Mr_Smoke It's gonna be base on one of the .37 or .38 then ?
1297856086 M * Bertl we'll start with .38 I guess
1297856521 Q * BenG Quit: I Leave
1297856525 M * Mr_Smoke What can one do to help ? My c0d1nG Sk1ll$ are limited :)
1297856647 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1297856680 Q * BenG 
1297856720 M * Bertl well, you can test the hell out of 2.6.38 patches and report everything which isn't perfect here ...
1297856768 M * Mr_Smoke Okay :)
1297856777 M * Mr_Smoke Will setup a test machine @home as soon as I can find some time
1297856804 M * Mr_Smoke BTW, vserver is giving me *great* flexibility ATM as I have to move them across physical servers :)
1297856849 Q * cokolwiek Ping timeout: 480 seconds
1297856850 Q * Chlorek Ping timeout: 480 seconds
1297857125 M * Bertl glad to hear!
1297857363 M * Mr_Smoke Apart from the part where I was being silly and tried to move to a host with an older kernel version and it gave me hell :p
1297857449 M * Bertl should be fine, just the config needs to be adjusted to the kernel version(s)
1297857697 M * daniel_hozac which is unfortunate...
1297857728 M * Mr_Smoke Yeah, I think the main problem must have been that newer util-vserver accepts ip/prefix notation, while the older one doesn't
1297857755 M * Mr_Smoke .38-rc5 is out
1297857757 M * daniel_hozac hmm?
1297857811 M * Mr_Smoke kernel.org I mean
1297857818 J * PiousMinion ~clay@cpe-24-160-86-84.tampabay.res.rr.com
1297857843 M * Mr_Smoke I'm running -rc4 myself, with the (also) -rc4 vserver
1297857846 M * PiousMinion nice topic. :)
1297857858 M * Mr_Smoke And so true :)
1297858089 M * daniel_hozac Bertl: do you remember when the bind mount extensions were dropped in favor of the mainline support?
1297858126 M * Bertl hmm, no, but I can check with the patches, if you want me to?
1297858145 M * daniel_hozac hehe, that's okay, i can do that too :-)
1297858164 M * daniel_hozac i was just curious if you remembered off the top of your head.
1297858215 M * Mr_Smoke Hm what's the cause of vxW: [»sshd«,8275:#183|183] messing with the procfs.
1297858215 M * Bertl nope, sorry, too long ago :)
1297858250 M * daniel_hozac Mr_Smoke: probably oom_adjust...
1297858257 M * Bertl Mr_Smoke: some process is trying to access/manipulate procfs entries
1297858316 M * Mr_Smoke Hm, is this to be expected with ssh ? I had never noticed that before (this is the old, stable kernel, 2.6.22.19)
1297858319 M * Bertl (the fact that it is sshd suggests that it is trying to change the oom stuff)
1297858346 M * Bertl well, at some point somebody figured sshd should make itself unkillable :)
1297858505 M * Mr_Smoke Huh
1297858509 M * Mr_Smoke That's strange
1297858519 M * Mr_Smoke It seems to happen every time there's a login in that guest
1297858527 M * Mr_Smoke Let's restart sshd, see if it changes anything
1297858606 M * daniel_hozac sounds as expected.
1297858715 M * Mr_Smoke Oh ? well ok then
1297858764 M * Bertl what I'm not sure is, who had this great idea? was it somebody from debian or from openssh?
1297858911 J * Chlorek ~cokolwiek@2001:6a0:183:f002::1
1297858915 N * Chlorek cokolwiek
1297858921 J * Chlorek nobody@2001:6a0:183:f002::3
1297859756 M * PiousMinion I'm trying to start my first guest and it's failing, linking me to:  http://oldwiki.linux-vserver.org/Proc-Security
1297859761 M * PiousMinion This however, is greek to me.
1297859851 M * PiousMinion hey look, an FAQ.
1297860110 M * Bertl what's the kernel/util-vserver you installed?
1297860190 M * PiousMinion FAQ fixed it. :P  Using kernel26-vserver from archlinux AUR.
1297860220 M * PiousMinion util-vserver 0.30.216_pre2926-1
1297860390 M * Bertl k
1297860631 M * Mr_Smoke Ahahaha : http://www.linuxatemyram.com/index.html
1297860636 M * Mr_Smoke Nicely done :)
1297860670 M * PiousMinion I keep getting "vcontext: vc_ctx_create(): Invalid argument". Tips?
1297860685 M * daniel_hozac what context did you assign your guest?
1297860709 M * PiousMinion "1"
1297860747 M * daniel_hozac that'd be why.
1297860751 M * daniel_hozac 0 and 1 are reserved.
1297860757 M * PiousMinion daniel_hozac: ahh
1297860854 M * PiousMinion Can context only be numerical?
1297860875 M * daniel_hozac yes.
1297860878 M * daniel_hozac less than 65535
1297860887 M * daniel_hozac it is your guest's uid.
1297860903 M * daniel_hozac thus why it's called the xid.
1297860913 M * daniel_hozac (or tag, or nid, depending on context)
1297860924 M * PiousMinion Didn't know. total vserver noob.
1297860983 M * Mr_Smoke Welcome aboard then :)
1297861634 M * PiousMinion Hit another snag. I moved /etc/vservers/[guestname] and /vservers/[guestname] to another location to be used as a template.  I copied it back into place renaming it and checking to make sure all files had the name change. Now I get this error when starting.
1297861638 M * PiousMinion /usr/lib/util-vserver/vserver.functions: line 952: pushd: /etc/vservers/mckay/vdir: No such file or directory
1297861706 M * Bertl most likely that dir doesn't exist
1297861749 M * Bertl but you should not 'create' a guest by 'adjusting' the config of another guest, it's better to 'clone' it from a template (if you like templates)
1297861759 M * PiousMinion ahh, bad symlinks. Is there an easier way to duplicate guests?
1297861793 M * Bertl yes, you can use the 'clone' build method for that
1297861806 M * PiousMinion hmm, interesting.
1297861816 M * Bertl vserver - build --help
1297861830 M * Bertl will list all the possible build methods and most arguments
1297861838 M * PiousMinion Is there a way to tell the init script to not start my template?
1297861857 M * Bertl hmm?
1297861872 M * Wonka there are templates of complete vservers?
1297861878 M * Wonka how?
1297861892 M * Bertl if you create one, or download one, sure?
1297861911 M * Wonka is there any fundamental difference to a runnable vserver?
1297861918 M * Wonka anything that makes it a template?
1297861936 M * Bertl not really
1297861945 M * Wonka I got some self-made "template" system...
1297861951 M * Wonka vserver - create
1297861957 M * Wonka untar an archive
1297861963 M * PiousMinion I just made a vserver and want to clone it when I need to. I don't want to actually run it.
1297861971 M * Wonka run some scripts creating /etc/hostname and stuff
1297861993 M * Mr_Smoke I usually make a stage4 of a lean Gentoo
1297861996 M * Bertl Wonka: basically what the template build method can do, no?
1297861997 M * Wonka run more scripts doing vserver $name exec passwd
1297862004 M * Mr_Smoke And I update it regularly
1297862019 M * Wonka Bertl: looks like it - wasn't documented too well back then, maybe?
1297862056 M * Bertl PiousMinion: that's fine, just don't start it (and do not mark it for automated startup either :)
1297862076 M * Wonka :)
1297862109 M * PiousMinion Bertl: ok, so there's a way to mark it for autostart or not. That's what I needed to know. :)
1297862158 M * Bertl yes, that's what the 'mark' entry is for :)
1297862174 M * PiousMinion default = autostart ?
1297862181 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html
1297862239 M * PiousMinion So to not start it I just remove "default"?
1297862320 M * Bertl you just do not add the 'mark' entry at all
1297862380 M * PiousMinion kk
1297862401 M * swenTjuln PiousMinion: rm -f /etc/vserver/<guest>/apps/mark will remove it from autostart
1297862405 M * PiousMinion This is odd. sshing to the guest's IP get's me the host system.
1297862429 M * swenTjuln PiousMinion: that is becouse your vserver host is listenning to ALL interfaces
1297862437 M * swenTjuln ALL ips even
1297862447 M * Bertl PiousMinion: read the FAQ :)
1297862481 M * swenTjuln PiousMinion: and/or edit /etc/ssh/sshd_config ListenAddress parameter to match your VServer host IP
1297862529 M * swenTjuln Bertl: for me it was quite a struggle when I 1st started using VServer
1297862540 M * swenTjuln even now I sometimes have problems :D
1297862551 M * swenTjuln (mostly with upstart...grrrr)
1297862601 M * PiousMinion Is there a way to fix the IP issue outside the guest?
1297862727 M * Bertl there is no IP issue
1297862739 M * Bertl Linux-VServer by default uses IP isolation
1297862777 M * Bertl the host holds all IPs (and other resources), while the guests are assigned a subset of those resources
1297862820 M * Bertl binding a port on the host (without any restriction in place) will bind all available IPs, including those assigned/shared with a guest
1297862874 M * PiousMinion You say there is nop IP issue, then you very clearly define an IP issue. heh
1297862906 M * PiousMinion So I have to configure every service on the host and guests to use a specific IP?
1297862929 M * Bertl no
1297862949 M * Bertl you do not need to configure any guest service, they are restricted to guest assigned IPs
1297862957 M * Bertl (that's the isolation part)
1297862980 M * Bertl if you also want to run services on the host, then you need to either restrict them or put them into a network context
1297862980 M * PiousMinion so just configure every service on the host to use a single IP?
1297863003 M * PiousMinion not sure what you mean by that.
1297863101 M * Bertl Linux-VServer uses a modular design, each isolation area is separately available
1297863121 M * Bertl i.e. you can use the network isolation without the process isolation and vice versa
1297863157 M * PiousMinion by restrict I can only assume you mean iptables rules. idk what you mean by "put them into a network context".
1297863179 M * Bertl for host services, you can either 'configure' the service to use a subset of IPs (the host only IPs) or use the network isolation mechanism to prevent the service from binding other IPs
1297863217 M * Bertl of course, you do not want to use a network context for the host sshd
1297863285 M * PiousMinion I appreciate your willingness to help, but you're actually confusing me more. heh
1297863329 M * Mr_Smoke Perhaps it'd be simpler if you gave us a rough idea of what you're trying to achieve
1297863330 M * Bertl well, you might want to read the paper or ask specific questions then ...
1297863337 M * Mr_Smoke Hehe
1297863361 M * PiousMinion Mr_Smoke: I want the host to only answer on it's own IP.
1297863382 M * PiousMinion I'm currently searching for "the network isoltion mechanism", but lucking out.
1297863386 M * PiousMinion not*
1297863393 M * Mr_Smoke answer to what ?
1297863399 M * Mr_Smoke ssh ? ntp ? smtp ?
1297863404 M * PiousMinion anything
1297863406 M * Mr_Smoke NTP is a b*tch for example
1297863410 M * PiousMinion all of the above
1297863412 M * Mr_Smoke It binds to anything
1297863434 M * Mr_Smoke ssh can be told to Listen to a particular IP, and this is what you *need* if you intend to have SSH BOth on the host and in the guests
1297863434 M * PiousMinion There's no way to make it not do that?
1297863439 M * Mr_Smoke not for ntp no
1297863442 M * Mr_Smoke But that's not really an issue
1297863450 M * Mr_Smoke Since you wouldn't want guests to start messing with the clock
1297863455 M * Mr_Smoke just sync the host.
1297863461 M * Bertl PiousMinion: the host only answers to it's own IPs
1297863477 M * Bertl but all guest IPs are also host IPs :)
1297863479 M * PiousMinion So I do have to configure each host serivce to bind to a specific IP, yes?
1297863486 M * Mr_Smoke Yes.
1297863518 M * PiousMinion ok, that's the simple answer I was looking for. hehe
1297863553 M * Mr_Smoke :)
1297863568 M * Mr_Smoke Bertl said something important you might want to remember
1297863574 M * Mr_Smoke "All guests IP are also hosts IP"
1297863585 M * Mr_Smoke Hence the need to be specific when setting up services on the host
1297863587 M * Bertl but strictly speaking not correct (the simple answer)
1297863619 M * Bertl i.e. you do not have to configure each host service to bind to a specific IP, you could also put them in a network context instead
1297863637 M * Mr_Smoke Ah
1297863645 M * Mr_Smoke That'd be something I'd like to hear about
1297863686 M * Bertl that's what the v_* wrappers do/did 
1297863758 M * PiousMinion What is a "network context" ?
1297863762 M * Bertl basically put an ncontext with IPs you 'consider' to be host only, around each service, automagically restricting those services to the specified IPs
1297863792 M * Bertl PiousMinion: an isolation domain, in this case, for the IPs
1297863838 A * PiousMinion brain turns to goop and drains out his ear.
1297863838 M * Bertl processes in a specific network context will not be able to bind IPs outside the network context
1297863867 M * Bertl and bindings to 0.0.0.0 (any address) will be restricted at runtime to the subset of assigned IPs
1297863883 M * PiousMinion You have a way of answering questions that don't answer the question. lol
1297863886 M * Bertl (there is also a context specific mapping for 127.x)
1297863944 M * Bertl PiousMinion: it might help if you get an idea what Linux-VServer is ... it seems to me that you come from a full virtualization background
1297863961 M * PiousMinion I do and I do.
1297863988 M * Bertl so, you know how chroot works, and what it does on a filesystem?
1297863989 M * PiousMinion From my understanding it's basicly a chroot at the kernel level.
1297863996 M * PiousMinion aye
1297864014 M * Bertl now map that to networking, where the IPs are subdirectories
1297864023 M * swenTjuln PiousMinion: its so much morte....and nicelly equiped with handy scripts :D
1297864132 M * PiousMinion Just seemed that you were answering my questions about terminology with more vserver specific terminology... of which I am obviously unfamiliar.
1297864158 M * PiousMinion I think before I go any firther I need to find a good guide to give a read.
1297864173 M * Bertl (like the paper for example :)
1297864195 M * PiousMinion you mentioned "the paper" but I have no clue what that refers to.
1297864202 M * Bertl http://linux-vserver.org/Paper
1297864250 M * PiousMinion Now, that looks like it might provide some insight. hehe
1297864265 M * Bertl that's why it is on the wiki :)
1297864299 M * PiousMinion I've got that bookmarked. Now for sleep. thanks for dealing with my extreme noobness. hehe
1297864362 M * Bertl you're welcome!
1297864652 M * Mr_Smoke Bertl: how do you set up a network context for the host ?
1297864810 M * Bertl not for the host, but for host services
1297864872 M * Bertl simplest way for example would be to run chbind --nid 666 --ip 192.168.0.1 -- /bin/bash
1297864896 M * Bertl then the resulting bash would end up in a network context (666) restricted to 192.168.0.1
1297865206 M * Mr_Smoke Yes sorry that's what I meant (host services)
1297865224 M * Mr_Smoke chbind bash :) now that's an idea :)
1297865337 M * swenTjuln Bertl: nice! So, where can I see all network contexts. i.e. lsbind
1297865340 M * swenTjuln ?
1297865383 M * swenTjuln fount it!
1297865392 M * swenTjuln ls /proc/virtnet/
1297865393 M * swenTjuln :D
1297865442 M * swenTjuln and i had to do 'ls' from outside the context :D nice
1297865444 M * Mr_Smoke Bertl: oh also, is there an existing solution that would monitor (ala mrtg/munin/other) virt network from the host ?
1297865462 M * swenTjuln collectd has vserver plugin
1297865559 M * Mr_Smoke that's cacti, right ?
1297865601 M * Mr_Smoke Oh nvm
1297865868 M * Bertl if you want to account network traffic, you best do that via iptables
1297865876 M * Bertl nap attack ... bbl
1297865891 N * Bertl Bertl_zZ
1297865903 M * Mr_Smoke Bertl_zZ: iptables better than /proc?
1297865912 M * Mr_Smoke Why is that ?
1297865988 M * swenTjuln Mr_Smoke: i guess you won't get accounting info from /proc
1297866069 M * Mr_Smoke Oo
1297866071 M * swenTjuln so if you are to for example charge for networt traffic per guest you should use iptables
1297866128 M * Mr_Smoke cat /proc/virtual/<xid>/cacct yields plenty of accounting data, from where I stand
1297866242 M * swenTjuln guess you are right :D
1297866284 M * Mr_Smoke Hm
1297866286 M * Mr_Smoke Maybe not
1297866302 M * Mr_Smoke ping isn't accounted for for example
1297866305 M * Mr_Smoke It's answered by the host
1297866353 M * Mr_Smoke But the rest looks ok
1297866401 M * daniel_hozac cacct doesn't account for retransmits etc.
1297866460 M * Mr_Smoke daniel_hozac: erm, meaning ?
1297866465 M * Mr_Smoke (retransmits ?)
1297866526 M * daniel_hozac if a TCP packet doesn't get an ACK, the packet is retransmitted.
1297866557 M * Mr_Smoke I see.
1297866567 M * Mr_Smoke So you're saying iptables too then ?
1297866571 M * daniel_hozac yes.
1297866574 M * Mr_Smoke OK
1297866587 M * Mr_Smoke 1 rule per guest, just to account for traffic, at a minmum
1297866607 M * Mr_Smoke swenTjuln: do you happen to know what the collectd vserver plugin actually polls ?
1297866614 M * daniel_hozac i personally do a chain per built-in chain per guest, putting all guest rules in that chain.
1297866635 M * daniel_hozac (thus also getting accounting from the jump to the guest chai)
1297866644 M * Mr_Smoke eg. in OUTPUT you have N <vs>-output chains ?
1297866713 M * daniel_hozac yes.
1297866813 M * swenTjuln Mr_Smoke: no i don't. But it works without iptables, so I guess it uses cacct
1297866859 N * swenTjuln swen_away
1297867207 M * Mr_Smoke swen_away: ok that's what I was after. Thanks.
1297867236 M * Mr_Smoke daniel_hozac: and just out of curiosity, what do you use to "read" that ?
1297867272 M * Mr_Smoke I'm assuming it needs to run as roor, too
1297867721 M * Mr_Smoke just parsing the output of iptables could do huh
1297867951 M * Mr_Smoke Hooray, there's a munin plugin for that.
1297869289 N * ensc Guest1593
1297869298 J * ensc ~irc-ensc@p5DF2C098.dip.t-dialin.net
1297869698 Q * Guest1593 Ping timeout: 480 seconds
1297870515 J * dowdle ~dowdle@scott.coe.montana.edu
1297871244 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1297871303 Q * BenG 
1297871388 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1297871822 Q * ryker Quit: Leaving.
1297872004 J * petzsch ~markus@dslb-088-075-164-170.pools.arcor-ip.net
1297872307 Q * Chlorek Ping timeout: 480 seconds
1297872307 Q * cokolwiek Ping timeout: 480 seconds
1297872551 Q * BenG Quit: I Leave
1297872844 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com
1297874344 J * alpha_one_x86 ~kvirc@212.169.195.75
1297874349 Q * BenG Quit: I Leave
1297874369 M * alpha_one_x86 Hello, I not found on the wiki which key I need disable for the patch vserver + grsec
1297874506 Q * thierryp Remote host closed the connection
1297875490 Q * bsingh Ping timeout: 480 seconds
1297875501 Q * bsarora Ping timeout: 480 seconds
1297875991 J * Chlorek tymczas@2001:1418:1d4::3ffe
1297876024 J * bsingh ~balbir@122.172.47.159
1297876037 J * bsarora ~balbir@122.172.47.159
1297876114 Q * Chlorek 
1297876187 J * Chlorek tymczas@2001:1418:1d4::3ffe
1297876364 Q * harobed Quit: Ex-Chat
1297877731 M * geb hi
1297878396 Q * Chlorek Quit: Reconnecting
1297878397 J * Chlorek tymczas@2001:1418:1d4::3ffe
1297878458 Q * Chlorek 
1297878617 J * Chlorek tymczas@2001:1418:1d4::3ffe
1297878808 Q * alpha_one_x86 Quit: KVIrc Equilibrium 4.1.1, revision: 5206, sources date: 20101102, built on: 2010-12-29 12:21:01 UTC http://www.kvirc.net/
1297879227 P * lllvvvlllvvv 
1297879398 J * imcsk8 ~ichavero@148.229.1.11
1297879710 J * ViRUS ~mp@p579B51A9.dip.t-dialin.net
1297879891 Q * Chlorek Quit: Reconnecting
1297879892 J * Chlorek tymczas@2001:1418:1d4::3ffe
1297882439 Q * jordi Read error: Connection reset by peer
1297882501 J * jordi ~jordi@115.Red-213-96-69.staticIP.rima-tde.net
1297882726 J * ghislain ~AQUEOS@adsl2.aqueos.com
1297883140 Q * ghislain1 Ping timeout: 480 seconds
1297884064 Q * ViRUS Quit: If there is Artificial Intelligence, then there's bound to be some artificial stupidity. (Thomas Edison)
1297886032 J * thierryp ~thierry@home.parmentelat.net
1297886110 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1297886275 N * Bertl_zZ Bertl
1297886275 Q * manana Read error: Connection reset by peer
1297886280 M * Bertl back now ...
1297886351 M * Bertl Mr_Smoke: the network context accounts data to/from sockets associated with it, not actual network (on wire) traffic
1297886404 M * Bertl e.g. if you send 500 bytes of payload, the accounting will increase by 500 bytes, but the network stack might actually send 600 bytes several times because something causes a retransmit for example
1297886461 M * Bertl also data directed 'at a guest IP' but not received by any socket will be missed completely
1297886495 M * Bertl (but if socket accounting is what you want, then the proc entries are fine of course)
1297886496 J * manana ~mayday090@84.17.25.149
1297886756 Q * thierryp Remote host closed the connection
1297886785 J * thierryp ~thierry@home.parmentelat.net
1297886863 Q * thierryp Remote host closed the connection
1297889206 M * Mr_Smoke Bertl: duly noted :)
1297891863 Q * s0undt3ch Ping timeout: 480 seconds
1297893178 Q * petzsch Quit: Leaving.
1297893627 J * s0undt3ch quasselcor@80.69.34.153
1297894295 Q * s0undt3ch Ping timeout: 480 seconds
1297898981 J * s0undt3ch quasselcor@80.69.34.153
1297899383 M * s0undt3ch I recently upgraded my vserver host and found out that now the guest have a lo interface
1297899399 M * s0undt3ch are there any issues with several guests having the lo interface?
1297899412 M * s0undt3ch they're all independed of each other right?
1297899500 M * daniel_hozac yes
1297899832 Q * FireEgl Quit: Leaving...