1306111428 M * Bertl off to bed now ... have a good one everyone! 1306111432 N * Bertl Bertl_zZ 1306111689 M * VirMan me too - see you :) 1306111695 Q * VirMan Quit: http://www.mibbit.com ajax IRC Client 1306112482 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1306113343 Q * Piet Ping timeout: 480 seconds 1306115519 Q * hparker Quit: Quit 1306116587 Q * FireEgl Quit: Leaving... 1306121805 J * FireEgl ~FireEgl@173-16-9-3.client.mchsi.com 1306123187 J * kyv ~kev@187.141.102.198 1306123198 M * kyv hi 1306123952 Q * FireEgl Remote host closed the connection 1306124118 J * FireEgl FireEgl@2001:470:e056:1:dd53:83f4:57ce:9b56 1306124228 Q * FireEgl 1306125007 J * FireEgl FireEgl@2001:470:e056:1:6d2e:bc6f:f3bc:49dc 1306126992 J * kyv_ ~kev@187.141.102.198 1306127091 Q * kyv Ping timeout: 480 seconds 1306128711 Q * FireEgl Ping timeout: 480 seconds 1306129271 J * FireEgl FireEgl@2001:470:e056:1:7d2a:3a:100f:f47a 1306129994 J * petzsch ~markus@dslb-088-075-160-058.pools.arcor-ip.net 1306130675 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1306130984 J * manana ~mayday090@84.17.25.149 1306131491 Q * FireEgl Ping timeout: 480 seconds 1306131547 Q * derjohn_mob Ping timeout: 480 seconds 1306132133 J * kyv ~kev@187.141.102.198 1306132188 Q * kyv_ Ping timeout: 480 seconds 1306133752 J * derjohn_mob ~aj@213.238.45.2 1306136700 J * Piet ~Piet__@04ZAABUZX.tor-irc.dnsbl.oftc.net 1306136855 J * harobed ~harobed@pda57-1-82-231-115-1.fbx.proxad.net 1306137812 J * _nono_ ~gomes@licencieux.ircam.fr 1306138740 Q * petzsch Quit: Leaving. 1306139004 J * ghislain ~AQUEOS@adsl2.aqueos.com 1306140120 J * hijacker_ ~hijacker@87-126-142-51.btc-net.bg 1306141249 N * Bertl_zZ Bertl 1306141253 M * Bertl morning folks! 1306141270 M * Mr_Smoke mo'in :) 1306141418 M * josef_ Morning! 1306141552 M * josef_ So I got read-only filesystem working, though I had to go over nfs, to make it actually be read-only ;) I followed daniel_hozac advise, and put the root-system inside /etc/vservers//fstab. I have a question regarding this though, if I put a local path (read-write) in the fstab, and define it as read-only, it will be read-only during the boot, but writeable when booted. Is this by design? 1306141935 M * Bertl hmm, so ro bind mounts do not work on your system? 1306142015 M * Bertl what util-vserver/kernel/patch version do you use? 1306142490 J * bsingh ~balbir@122.248.161.59 1306143610 M * josef_ util-vserver: 0.30.216-pre2966 and 2.6.32-5-vserver-amd64 1306143670 M * Bertl well, that looks like the debian kernel, but still, ro bind mounts should be fine with that 1306143755 M * josef_ Is there some way I could find out which vserver-patch it's running? command-wise that is. 1306143771 M * daniel_hozac uname -r, whenever it's not a Debian kernel. 1306143822 M * daniel_hozac your problem is from the mainline bind mount extensions. you need to remount the root file system ro from pre-start. 1306144002 M * josef_ echo "mount -o remount=ro /" >> /etc/vservers//scripts/pre-start 1306144004 M * josef_ that is 1306144031 M * daniel_hozac no 1306144061 M * daniel_hozac ., not / 1306144083 M * daniel_hozac and it's a comma between remount and ro. 1306144181 M * Bertl and of course, the guest root needs to be a bind or real mount 1306144273 M * daniel_hozac unless you are using not namespaces, it will at least be a bind mount at that point. 1306144463 M * josef_ Well, I have '/var/lib/vservers/vs008 / ext3 bind,ro,dev 0 0' in fstab and 'mount -o remount,ro .', mount complains about '.' not existing in fstab. 1306144488 M * josef_ The guest root is a real path. 1306144502 M * daniel_hozac well, either tell it to ignore it, or use secure-mount. 1306144539 M * josef_ as in $_SECURE_MOUNT -o remount,ro . ? 1306144572 M * josef_ Oh, I'll have a look in the vserver.functions. 1306144733 M * Bertl daniel_hozac: btw, shouldn't it work with an fstab entry as well, now that it supports bind mounts? (with the remount,ro options that is) 1306144801 M * daniel_hozac it does work, but it then gets --rbinded to the real root, which loses all attributes... 1306144816 M * daniel_hozac since every bind mount needs to specify them... 1306144840 M * Bertl a pity that this design was chosen ... 1306144848 M * daniel_hozac yeah. 1306144880 M * Bertl but at least for Linux-VServer we could improve that 1306144912 Q * manana Remote host closed the connection 1306145003 M * josef_ sucess. 1306145019 M * josef_ s/c/cc/ 1306145101 M * josef_ missed the fact that, without the fstab-line corresponding to '.' I had to specify the whole mount-command. 'mount -o bind,dev,remount,ro -t ext3 /etc/vservers/.defaults/vdirbase/vs008 .' 1306145138 M * daniel_hozac you don't actually want to specify the path, but i guess that works... 1306145167 M * josef_ It feels as I'm circumventing the secure-mount, is it something hidden and bad with this? 1306145199 M * daniel_hozac no 1306145342 M * josef_ Good. I also used the vdir-symlink in every step. So I'll put all this in the wiki, should I put it somewhere special, or will the FAQ do? I also updated the missing squeeze-symlink on known issues with util-vserver and debian squeeze. 1306145384 M * daniel_hozac you shouldn't use any symlink. 1306145385 M * daniel_hozac just . 1306145445 M * josef_ Hm, If I just use '.', mount complains. Now I'm using 'mount -o bind,dev,remount,ro -t ext3 /etc/vservers/vs008/vdir .' though, so I'm still using '.'. 1306145474 M * daniel_hozac you want . . 1306145552 M * josef_ Works. 1306145558 M * josef_ Much cleaner also. 1306145574 Q * bsingh Ping timeout: 480 seconds 1306145756 Q * ghislain Ping timeout: 480 seconds 1306146753 M * josef_ http://linux-vserver.org/Read-only_RootFS, seems to work farliy well. Now it's time for lunch! 1306146833 M * Bertl off for now ... bbl 1306146838 N * Bertl Bertl_oO 1306146866 J * petzsch ~markus@dslb-088-075-160-058.pools.arcor-ip.net 1306147712 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1306148325 J * ghislain ~AQUEOS@adsl2.aqueos.com 1306150313 J * lvpvpl1 ~blagoj@193.104.33.10 1306150324 M * lvpvpl1 Hi all. 1306150332 M * lvpvpl1 I try to start my VPS but I get this error. 1306150340 M * lvpvpl1 vcontext: pivot_root(): No such file or directory 1306150343 M * lvpvpl1 Any help? 1306151245 J * ccxCZ ~ccxCZ@193.209.forpsi.net 1306151564 M * josef_ lvpvpl1, where does /etc/vservers//vdir point? 1306151626 M * josef_ and does that directory contain your root-directory? It's quite easy to miss, that while cloning a vserver, you should point the clone-device towards the data-dir and not the configuration-dir. 1306151650 M * josef_ s/clone-device/clone-path/ 1306151747 M * lvpvpl1 It is pointed to the correct place. 1306151766 M * lvpvpl1 Yes, it is containt the root directory. 1306151788 M * lvpvpl1 The other error I get is : 1306151789 M * lvpvpl1 vsysctl: open("."): Permission denied 1306151958 M * josef_ So, you're getting the error when 'pivot_root . ./oldroot' is runned at the vserver-path. 1306151979 M * josef_ the first error that is 1306152023 M * josef_ and the other error should be that pivot_root couldn't open that dir. 1306152043 M * josef_ Have you checked that the permissions are correct on the directory? 1306152054 M * josef_ (the vdir-path) 1306152320 P * lvpvpl1 1306152708 Q * Piet Ping timeout: 480 seconds 1306153333 J * Piet ~Piet__@04ZAABU4M.tor-irc.dnsbl.oftc.net 1306153348 J * ksn ~ksn@41.48.27.6 1306153874 Q * ncopa Quit: Leaving 1306154090 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1306154246 J * bsingh ~balbir@122.172.13.50 1306155263 J * lvpvpl1 ~blagoj@193.104.33.10 1306155283 M * lvpvpl1 Those were openvz templates before if anything means. 1306155568 M * josef_ Have you followed http://linux-vserver.org/Migrating_from_OpenVZ_to_Linux-Vserver ? 1306155766 M * daniel_hozac lvpvpl1: you probably set the barrier on the wrong directory. 1306155811 M * daniel_hozac lvpvpl1: showattr /etc/vservers/ /etc/vservers//vdir/ 1306156207 Q * ncopa Quit: Leaving 1306156229 Q * ksn Ping timeout: 480 seconds 1306156333 J * ncopa ~ncopa@3.203.202.84.customer.cdi.no 1306156766 M * josef_ Does anyone know if there's any meaning in that the debian-vserver-kernel does not have support for hard limits on cpu or cgroup memory capping? 1306156905 M * BenG which debian vserver kernel are you talking about? 1306156971 M * Bertl_oO lvpvpl1: double check permissions and flags on the guest filesystem 1306156975 N * Bertl_oO Bertl 1306157057 M * josef_ BenG, 2.6.32-5-vserver-amd64, default in squeeze. 1306157122 M * BenG there are definite improvements in the latter kernels and util-vserver versions 1306157134 M * BenG together with extra features in the cgroups too 1306157142 M * BenG I can't remember the details 1306157182 M * josef_ Seems like the vserver-kernel hasn't been done yet for wheeze, or is the vserver now incorporated mainline? 1306157239 M * daniel_hozac it's been dropped for wheezy i thought. 1306157254 M * josef_ How you mean dropped? 1306157313 M * josef_ It's not there anyhow :p 1306157336 M * daniel_hozac that is what dropped means. 1306157382 M * josef_ Well, as in, debian does not support it? 1306157385 M * josef_ at all? 1306157417 M * Bertl as in debian did screw up so often with Linux-VServer that they decided to give up now and promote LXC instead 1306157422 M * josef_ the patch is not in wheeze kernel 1306157431 M * josef_ oh 1306157455 M * Bertl which isn't the worst of ideas, as it is quite simple to build your own kernel and working util-vserver on debian 1306157505 M * daniel_hozac better than the crap that has been there... 1306157922 M * josef_ Is there some kernel with vserver-support that you guys recommend for production environments now a days? 1306157996 M * Bertl 2.6.38.x is fine and IMHO suited for production 1306158362 Q * bsingh Ping timeout: 480 seconds 1306158539 M * _are_ Bertl: they dropped openvz as well for debian wheezy. Not that I would personally care. 1306158588 M * Bertl well, OVZ is already broken most of the time, but I presume the debian version was problematic as well 1306158649 M * _are_ I am not qualified to state which of these thinsg are broken, however, I really dislike tap-devices unless it is in OpenVPN. 1306158743 Q * BenG Quit: I Leave 1306158761 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1306158836 J * bsingh ~balbir@122.172.43.241 1306158839 M * josef_ Bertl, my question was rather, if there's a vserver patched kernel that's maintained for production-use 1306158948 M * Bertl yes, we do maintain all long term kernel patches for production use (at least for a long time) 1306159057 M * Bertl and 2.6.38.x will be long term as well 1306159571 Q * BenG Quit: I Leave 1306160382 Q * bsingh Ping timeout: 480 seconds 1306160593 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647 1306161249 Q * petzsch Ping timeout: 480 seconds 1306161584 J * dowdle ~dowdle@scott.coe.montana.edu 1306161663 J * bsingh ~balbir@122.172.3.45 1306161911 P * lvpvpl1 1306163609 Q * bsingh Ping timeout: 480 seconds 1306163736 Q * harobed Quit: Ex-Chat 1306163868 Q * kyv Quit: leaving 1306166120 Q * derjohn_mob Ping timeout: 480 seconds 1306166923 J * bonbons ~bonbons@2001:960:7ab:0:89cb:b502:b68c:93ec 1306167741 J * petzsch ~markus@dslb-088-075-160-058.pools.arcor-ip.net 1306168304 M * ard I would like to add that you need 2.6.38.latest... 1306168330 M * ard I had a server crashing on my with 2.6.38.2 and working with 2.6.38.4 (which had a fix for the bug ;-) ) 1306168444 M * ard But then again, the case I was using it for was that rare that it took a few releases before somebody found it. 1306168462 M * ard And I already had to fix some of the bugs. 1306168554 M * ard (the case is ethernet bridges on vlans on ether-gre tunnels, with a side case of the ethernet bridge going to a veth device to a vserver in a seperate network namespace, but vserver was not the problem ;-) ) 1306168605 M * Bertl *phew* glad to hear that :) 1306169977 J * bsingh ~balbir@122.172.13.167 1306169989 M * ard :-) 1306170038 M * ard actually it's a very nice setup to deliver roaming wifi to the campus 1306170157 M * ard Using a very large softbridge to limit traffic. and a vserver in a seperate network namespace with veth for dhcp. The machine itself doesn't touch the wifi network on ip level. 1306170545 J * FireEgl ~FireEgl@173-16-9-3.client.mchsi.com 1306172675 J * VirMan c113a53b@ircip1.mibbit.com 1306172935 M * VirMan hi i got kernel 2.6.35-vs2.3.0.36.32-gentoo with default util-vserver 0.30.216-pre2910 and when i list guests with vserver-stat rss and proc are zeros... how to get latest sources as are in topic ? 1306173111 M * daniel_hozac download them from http://linux-vserver.org 1306173169 M * VirMan are there ebuilds? - i cannot find ones 1306173298 M * VirMan this requires manually making patches ? there are no ebuilds. 1306173301 M * daniel_hozac i wouldn't know. 1306173523 Q * bsingh Read error: Operation timed out 1306174597 M * VirMan ok - i ask in different way :) what util-vserver are best for this kernel? 2.6.35-vs2.3.0.36.32-gentoo 1306174606 M * VirMan i don't want to reboot this machine.. 1306174667 M * daniel_hozac latest is always the best choice 1306174780 M * VirMan mhm - then i'll try masked ones - maybe it will do 1306174839 M * VirMan i got here util-vserver-0.30.216_pre2955.ebuild 1306175043 M * VirMan (.text+0x1f): undefined reference to `__builtin_stdarg_start' collect2: ld returned 1 exit status 1306175048 M * VirMan :/ 1306175057 M * Bertl broken toolchain 1306175094 M * VirMan easy fixable ( in my comprehension) ? 1306175124 M * Bertl no idea, get a working gcc/binutils/dietlibc 1306175161 M * VirMan well everything else compiles fine.. older version of util-vserver also 1306175204 M * Bertl well pre2955 and newer releases build fine here as well 1306175245 M * Bertl and __builtin is a gcc builtin which should not be present in the linkable object files 1306175249 M * VirMan maybe it's something with my ebuild or so.. 1306175277 M * VirMan i'll look for ebuild for 2914 1306175293 M * VirMan i have 2910 or 2935 and 2955 1306175396 M * Bertl well, I currently have pre2966 here from my distro 1306175408 M * VirMan http://packages.gentoo.org/package/sys-cluster/util-vserver here only 2910 is marked as ok. 1306175683 Q * Piet Quit: Piet 1306175691 J * ksn ~ksn@197.107.122.38 1306175700 M * VirMan well it should work imho.. 1306175719 M * VirMan i checked this combination - i have the same versions on two more machines 1306175728 M * VirMan and it works.. 1306175794 M * Bertl so everything fine then, no? 1306175812 M * VirMan not on this one server.. 1306175821 M * VirMan every guest shows different werid ip 1306175836 J * Piet ~Piet__@04ZAABVCP.tor-irc.dnsbl.oftc.net 1306175883 M * VirMan i'll search for more clues. 1306175942 M * hparker I run ~ kernel, util-vserver, and dietlibc.. ~dietlibs needed to compile util-vserver 1306175987 P * ksn 1306176017 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1306176355 M * VirMan orion / # vserver-stat CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME 6013 90 0 0 2m58s91 1m08s34 1d01h38 vs6013 6014 105 0 0 2m24s23 1m25s85 1d01h37 vs6014 1306176359 M * VirMan still getting zeros.. 1306176602 J * manana ~mayday090@84.17.25.149 1306177068 M * Bertl you have to talk to the gentoo folks then, no? 1306177101 M * Bertl alternatively, just compile the recent util-vserver yourself and see if the issue remains, if so, upgrade to a recent kernel and check again 1306177154 M * VirMan i will - probably recompile current. (don't know why it has these problems. ) 1306177183 M * VirMan interesting thin is that if i enter any guest i see general system load , and no memory limits.. 1306177196 M * VirMan but processes are isolated 1306177203 N * ensc Guest1936 1306177212 J * ensc ~irc-ensc@p5DF2D5D1.dip.t-dialin.net 1306177319 Q * Guest1936 Ping timeout: 480 seconds 1306178191 Q * BenG Quit: I Leave 1306179981 Q * Piet Remote host closed the connection 1306180068 J * Piet ~Piet__@04ZAABVEM.tor-irc.dnsbl.oftc.net 1306180954 J * BenG ~bengreen@cpc12-aztw24-2-0-cust146.aztw.cable.virginmedia.com 1306181011 Q * BenG 1306181772 Q * manana Remote host closed the connection 1306182502 Q * VirMan Quit: http://www.mibbit.com ajax IRC Client 1306182640 Q * hijacker_ Quit: Leaving 1306183937 Q * bonbons Quit: Leaving 1306184060 J * derjohn_mob ~aj@d162061.adsl.hansenet.de 1306185203 Q * Piet Ping timeout: 480 seconds 1306185890 Q * petzsch Quit: Leaving. 1306185918 J * Piet ~Piet__@04ZAABVGV.tor-irc.dnsbl.oftc.net 1306190361 Q * ghislain Quit: Leaving. 1306191292 Q * dowdle Remote host closed the connection 1306194583 Q * Piet Ping timeout: 480 seconds