1311383282 Q * ghislain Quit: Leaving.
1311384240 N * Bertl_oO Bertl
1311384689 M * Bertl arekm: still around?
1311385203 M * Bertl arekm: I've uploaded a pre6 patch for 3.0 which should address the uts settings for host and domain name, please check and let me know if that makes it work for you, there are some other similar checks which I will address in the next pre if that one works as expected for host/domain
1311385244 M * Bertl (this patch should also incorporate the 'missing' change you mentioned)
1311390233 Q * hparker Quit: Quit
1311393667 Q * ircuser-1 Quit: ircuser-1
1311393685 J * ircuser-1 ~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net
1311393729 Q * ircuser-1 
1311393744 J * ircuser-1 ~ircuser-1@025.205-93-216-nokia-dsl.dynamic.surewest.net
1311393768 M * Bertl off to bed now ... have a good one everyone!
1311393772 N * Bertl Bertl_zZ
1311406094 M * arekm Bertl_zZ: works now, thanks
1311409069 J * bonbons ~bonbons@2001:960:7ab:0:8851:5cfc:c76e:9081
1311410976 J * sannes ~ace@cm-84.209.106.118.getinternet.no
1311411215 J * ghislain ~AQUEOS@adsl2.aqueos.com
1311412696 J * derjohn_mob ~aj@p4FFD0F0F.dip.t-dialin.net
1311420354 J * arthus ~arthus@reverse-232.fdn.fr
1311420474 M * arthus hi all
1311420935 M * Guy- Bertl_zZ: the pre6 patch still says pre5 in the Makefile
1311423985 N * Bertl_zZ Bertl
1311423989 M * Bertl morning folks!
1311423993 M * Bertl Guy-: sure?
1311424608 M * Bertl arekm: okay, will add the other changed then
1311424620 M * Bertl *changes
1311424779 Q * C14r Remote host closed the connection
1311427023 J * alpha_one_x86 ~kvirc@72.pool62-37-174.dynamic.orange.es
1311427030 M * alpha_one_x86 Re with my problem:
1311427031 M * alpha_one_x86 http://files.first-world.info/temp/memory-day.png
1311427043 M * alpha_one_x86 It swap with 14GB of free memory
1311427064 M * alpha_one_x86 and disable swap = close of application for out of memory
1311427479 M * Guy- Bertl: well, either that or I'm dumber than usual; let me recheck
1311427721 J * hparker ~hparker@2001:470:1f0f:32c:beae:c5ff:fe01:b647
1311427748 M * Bertl alpha_one_x86: so, your host (or guest?) did use a lot of swap space, yes?
1311427795 M * alpha_one_x86 yes, and before with the kernel 2.6.32 + vserver and exactly the same file I had no problem
1311427827 M * Bertl okay, so something seems to be leaking memory?
1311427860 M * Bertl it is not surprising that when you disable swap that OOM starts killing apps
1311427920 M * Bertl what was the kernel you used before? (exact version and patch) and what kernel do you use now?
1311428109 M * alpha_one_x86 vs2.3.0.36.29.7 + 2.6.32.41
1311428113 M * alpha_one_x86 now:
1311428124 M * alpha_one_x86 2.6.38.8 + vs2.3.0.37-rc17
1311428147 M * Guy- Bertl: OK, it was my bad, sorry about the noise
1311428148 M * alpha_one_x86 The strange it's I have free memory (see on top)
1311428216 M * Bertl well, if the memory limit of the guest is low, like 2G, then everything above that memory limit will be swapped out (according to the swap limit of course)
1311428352 M * alpha_one_x86 It's seam right
1311428410 M * alpha_one_x86 them in this case, how detect when VM is out of memory and swap?
1311428628 M * Bertl well, you can monitor the values for each guest and take measures _before_ you reach the hard limit
1311428649 M * Bertl once you reach the hard limits, OOM will strike down some processes 
1311428697 M * alpha_one_x86 If I see swap used, how determin the guest out of memory? (I'm noob into cgroup)
1311428737 M * Bertl check the the memory accounting, if it is above a certain treshold, e.g. 95% of the maximum allowed, you're out of memory
1311428749 M * alpha_one_x86 and I need remake my munin script to detect how check the real guest memory consumption
1311428758 M * alpha_one_x86 how?
1311428769 J * gcj ~chris@cpc30-cmbg15-2-0-cust86.5-4.cable.virginmedia.com
1311428771 M * Bertl it is part of the cgroup filesystem
1311428787 M * Bertl i.e. you find the limits there as well as the current usage
1311428821 M * alpha_one_x86 then I don't know where is the current usage into cgroup...
1311428832 M * gcj Hi all, I was forced to upgrade my kernel on my gentoo system, and now I can't start any vservers. I get errors like "vc_set_rlimit(): Invalid argument" and "vsched: vc_set_sched(): Function not implemented". Please can someone help me?
1311428860 M * Bertl who forced you? :)
1311428870 M * gcj Gentoo did
1311428877 M * Bertl anyway, what kernel/patch/util-vserver version do we talk about?
1311428877 M * gcj by deprecating everything in baselayout 1
1311428880 M * gcj 2.6.38.8-vs2.3.0.37-rc17
1311428890 M * Bertl sounds good, and util-vserver?
1311428901 M * gcj util-vserver-0.30.216_pre2955.ebuild
1311428913 M * Bertl that is a little old for that kernel
1311428923 M * gcj unfortunately it's the newest packaged by gentoo
1311428936 M * gcj so I guess i'll have to build it from source?
1311428937 M * Bertl well, so the gentoo maintainer sucks ...
1311428952 M * Bertl yep, shouldn't be too hard though
1311428956 M * gcj is there a recommended utils to use with that kernel?
1311428964 M * Bertl the most recent one
1311428975 M * Bertl (linked on the main page)
1311428982 M * gcj 0.30.215?
1311429002 M * gcj ah no
1311429009 M * gcj util-vserver-0.30.216-pre2982.tar.bz2?
1311429015 M * Bertl yep, that one
1311429127 M * gcj ok, i'm building now, thanks :)
1311429193 M * gcj same problem i'm afraid
1311429203 M * gcj perhaps I made a mistake with the kernel config
1311429204 M * gcj ?
1311429264 M * Bertl upload the output of 'vserver-info - SYSINFO' to a pastebin
1311429333 M * gcj http://pastebin.com/MLQ22skr
1311429533 M * gcj [pid 26461] vserver(0x3c020000, 0xaf, 0xbf9546b8, 0x1, 0x5) = -1 EINVAL (Invalid argument)
1311429591 P * arthus 
1311429595 J * arthus ~arthus@reverse-232.fdn.fr
1311429627 M * arthus Hi all,
1311429663 M * gcj this is the strace of trying to start a vserver: http://pastebin.com/BUuMvH2V
1311429679 M * arthus I have some questions regarding networking of vservers, can someone help me ? 
1311429683 M * gcj some vserver syscalls are working, so the kernel has support
1311429691 M * gcj arthus, i'll try, what's the question?
1311429703 M * Bertl arthus: if you ask, probably
1311429736 M * arthus :-) Okay, let's say I have two vservers on a host, running an http server
1311429743 M * Bertl gcj: you definitely want to enable cgroups and cgroup related accounting
1311429760 M * Bertl gcj: the scheduler was removed some time ago, and replaced with cgroups
1311429769 M * arthus I already configured my iptables on the host so that I can access both vservers on 80
1311429809 M * Bertl gcj: for the rlimit part, it's not obvious to me what is missing, i.e. dentry limits should be fine, but of course, memory limits are not
1311429815 M * arthus but the connection on my host is made on 801 for guest1:80 and 802 for guest2:80
1311429821 M * Bertl gcj: (they are also handled by cgroups now)
1311429827 M * arthus *port 801
1311429839 M * gcj i have some cgroups enabled, what did I miss? http://pastebin.com/WNYPJXE1
1311429872 M * Bertl gcj: you need to adjust the config to use them
1311429877 Q * arthus Remote host closed the connection
1311429887 J * arthus ~arthus@reverse-232.fdn.fr
1311429906 M * gcj ah, that wasn't at all obvious
1311429909 M * Bertl gcj: i.e. remove sched and memory related rlimits, replace them with cgroup entries (see great flower page)
1311429914 Q * arthus Remote host closed the connection
1311429920 J * arthus ~arthus@reverse-232.fdn.fr
1311429931 M * Bertl arthus: problem with your irc client?
1311429932 M * gcj what's the minimum kernel and patchset that supports cgroups?
1311429940 M * arthus :-)
1311429945 M * arthus Yeah, segmentation fault
1311429957 M * Bertl doesn't sound healthy :)
1311429973 M * gcj can i just disable those limits temporarily to get the vservers up and running?
1311429983 M * arthus Now, my problem is : the host is behind a modem/router
1311430016 M * Bertl gcj: 2.6.35.x
1311430050 M * arthus So first, I nat requests on $WAN_IP:80 to guet to my host
1311430050 M * Bertl gcj: yes, just remove/rename the sched dir and the rlimits
1311430055 M * gcj ok
1311430079 M * arthus but then, how do I route requests to my vservers, since I'm not using regular ports ?
1311430087 M * Bertl arthus: there are no requests to your guests if I understood your setup correctly
1311430100 M * Bertl all requests go to your host IP, no?
1311430140 M * arthus yes, but on port 80
1311430143 M * gcj ok, that seems to work, thanks :)
1311430179 M * Bertl arthus: I thought on port 801 and 802 ?
1311430186 M * Bertl gcj: you're welcome!
1311430196 M * arthus :-) not easy to explain, sorry
1311430215 M * Bertl well, two guests, each running an httpd, yes?
1311430226 M * Bertl I presume you assigned private IPs to each guest, no?
1311430248 M * arthus Lets say my wan ip is 1.2.3.4
1311430270 M * Bertl okay, but that's the 'outside' of your router, yes?
1311430283 M * Bertl or does the host carry that IP?
1311430304 M * arthus my router translate requests on 80 so that it goes to my pysical server 192.168.1.10
1311430311 M * arthus Bertl:yes, outside
1311430322 M * Bertl so as expected, the host has a private IP behind the router
1311430328 M * arthus yes
1311430335 M * Bertl that's the 192.168.1.10
1311430341 M * arthus yes 
1311430359 M * Bertl now you've also got two guests, with private IPs as well, I presume?
1311430364 M * arthus my vlan on this host is on 192.168.2.0/24
1311430378 M * Bertl how is the 'vlan' involved?
1311430379 M * arthus (don't know if thats a good thing)
1311430396 M * gcj bertl, the flower page says "See your kernel documentation for what settings are valid with your configuration." which is not very helpful, any ideas where to find out what I can put in that directory?
1311430399 M * arthus maybe I m not using the word right :-)
1311430420 M * Bertl gcj: the kernel documentation is in the kernel source under Documentation
1311430431 M * Bertl there is a cgroup folder and that contains all the values
1311430436 M * arthus on my host, I have two guests with ips 192.168.2.1 and 192.168.2.2
1311430453 M * Bertl okay, so you did put the guests in a different network, fine
1311430478 M * Bertl now what is what you want to achieve?
1311430482 M * arthus I followed this to network guests : http://linux-vserver.org/Networking_vserver_guests#Host_as_router
1311430509 M * arthus So iptables on the host redirects requests to the guests
1311430566 M * arthus I configured it so that if I do : 192.168.1.10:801 it goes to 192.168.2.1:80
1311430574 M * Bertl the 'router' part on this wiki page is confusing, as nothing is routed, but let's ignore that for now
1311430599 M * arthus and 192.168.1.10:801 it goes to 192.168.2.2:80
1311430610 M * Bertl s/801/802/
1311430654 M * Bertl at least I hope you don't use 801 twice
1311430665 M * arthus sorry my mistake
1311430681 M * arthus ( new to IRC syntax )
1311430712 M * Bertl np, so that works I presume?
1311430721 M * arthus so far yes
1311430734 M * Bertl good, so we are back to 'what do you want to achieve?'
1311430740 M * arthus yes :-)
1311430767 M * arthus I don"t want to have to type ip:801 or ip:802 to access my vservers
1311430793 M * arthus so how do I do :-)
1311430800 M * Bertl okay, what _do_ you want to type instead?
1311430821 M * Bertl obviously you have to type something which differentiates between them
1311430829 M * Bertl otherwise they would be one and the same
1311430830 M * arthus domainname.com > guest1 anotherdomainname.com > guest2
1311430850 M * arthus is that possible ?
1311430869 M * Bertl yes, but that's a little trickier unless you have more than one WAN IP
1311430890 M * arthus I think I can have that
1311430908 M * Bertl the thing is, that the domainname.com resolves to an IP, and if you point two different names to the same IP, it ends up on the same host
1311430935 M * Bertl now, that doesn't mean that you cannot discriminate them by name
1311430948 M * Bertl but it requires something which is aware of the http protocol
1311430957 M * Bertl (for http that is)
1311430962 M * arthus yes
1311430972 M * Bertl you can, for example, install a proxy server on the host
1311430998 M * Bertl simply listening on port 80, and redirecting the requests to the guest IPs (also port 80)
1311431006 M * Bertl based on the uri
1311431022 M * arthus yeah that would be nice
1311431037 M * Bertl then you can point more than one domain to the same WAN IP
1311431076 M * arthus That's what I had in mind but could'nt put a name on it
1311431079 M * Bertl good choice IMHO are lighttp, apache and probably tinyproxy or squid
1311431096 M * arthus I'm using lighttp
1311431115 M * Bertl well, then check the documentation on forwarding and proxying
1311431131 M * Bertl and use a typical setup where you delegate certain domains to the guest IPs
1311431145 M * Bertl you can remove the iptables rules for the port mapping
1311431161 M * arthus So I would have to install lighttp on the host ?
1311431193 M * Bertl not necessarily, could be a third guest
1311431205 M * arthus or lighttp on guests and tinyproxy on host ?
1311431219 M * Bertl but you need one point where all the requests end up and get distributed
1311431244 M * Bertl it's like this:
1311431272 M * Bertl domain1, domain2, domain3 -> WAN IP -> proxy -> http1, http2, http3
1311431290 M * Bertl the proxy can be inside one of those guests, or on the host
1311431304 M * arthus Ok
1311431313 M * arthus so proxy is what I need
1311431343 M * Bertl or whatever application which understands the http protocol so far that it can select the guest IP based on the uri name
1311431377 M * arthus Does proxy only work with http ? 
1311431404 M * Bertl there are proxies for all kind of protocols, but there are protocols which cannot work in this way, for example ssh
1311431417 M * arthus ok
1311431418 M * Bertl (or ssl based protocols in general)
1311431427 M * arthus So no https ? 
1311431435 M * Bertl not with separate certificates
1311431458 M * Bertl but you can terminate https on the proxy, and use http to the guests
1311431467 M * trippeh With a recent client, and a recent openssl, virtual hosting on ssl is possible.
1311431478 M * Bertl trippeh: how so?
1311431488 M * trippeh New SSL extensions
1311431503 M * Bertl interesting, so they send an additional domain or so?
1311431505 M * trippeh Of course, tons of clients cannot handle it yet ;)
1311431526 M * Bertl yeah, thought so, i.e. most clients will simply fail, I guess
1311431540 M * trippeh Look up SNI
1311431567 M * Bertl ah nice, tx for the input
1311431605 M * arthus Using alpinelinux vserver here, got openssl 1.0.0d
1311431614 M * arthus is that recent ? 
1311431631 M * trippeh "The solution is an extension to the SSL protocol called Server Name Indication (RFC 4366), which allows the client to include the requested hostname in the first message of its SSL handshake (connection setup)"
1311431636 M * Bertl arthus: it's not so much your end which would worry me
1311431652 M * Bertl arthus: i.e. you need to make sure that each web browser handles that as well
1311431669 M * trippeh http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
1311431686 M * arthus I guess so
1311431697 M * Bertl arthus: http://en.wikipedia.org/wiki/Server_Name_Indication scroll down to 'No support'
1311431742 M * trippeh IE7+, Firefox 2+, Opera 8+, Chrome, Safari 3.2.1+ seems to support it. So coverage is not disasterously bad.
1311431787 Q * alpha_one_x86 Quit: KVIrc KVIrc Equilibrium 4.1.1, revision: 5816, sources date: 20110403, built on: 2011-06-11 13:01:00 UTC http://www.kvirc.net/
1311431811 M * arthus plus lighttp supports it natively from 1.4.24
1311431831 M * arthus from what can be read
1311431901 M * trippeh Note that non-SNI SSL virtual hosting is possible if all your sites can be covered under a wildcard certificate.
1311431923 M * trippeh eg. *.something.com
1311432035 M * arthus nice
1311432119 M * arthus This setup is meant to be used for my personnal websites so https is not a "that big" issue
1311432223 M * arthus I'v got two last questions : Does using a proxy on the host leads to a possible security leak ?
1311432270 M * Bertl personally I'd avoid putting any services on the host, so I'd put it in a separate guest
1311432288 M * arthus And tht last one : If I do get multiple Ips from my ISP, how do I route them to my guests ?
1311432289 M * Bertl but it's not more a security risk than running a proxy or httpd on the host
1311432341 M * Bertl you have several options there, if you get guest specific IPs and you want to use them for one guest only, then just assign the IP on the host (and to the guest) and be done with that
1311432353 M * Bertl (assuming the router can handle that)
1311432395 M * Bertl otherwise have separate private IPs for each public IP and/or S/DNAT the IPs to the guest IPs based on the port
1311432402 M * gcj arthus, you can also get certificates with multiple alternate names, e.g. 10 names, from godaddy more cheaply than a wildcard
1311432474 M * arthus Bertl : Could putting the server in the DMZ help with routing in that case ? Gcj : I'll have a look at that
1311432532 M * Bertl between host and guest, there is no routing involved, so no DMZ there
1311432609 M * arthus No I meant for the case I'm using one public IP by guest
1311432642 M * Bertl no idea what that means ...
1311432703 M * Guy- I get vcontext: vc_ctx_create(): Function not implemented with 0.30.216-pre2982-1 on 3.0.0-vs2.3.1-pre6 when attempting to start any guest
1311432708 M * Guy- what could be wrong?
1311432737 M * Bertl you enabled USER namespaces (or rather, you didn't disable them)
1311432742 M * arthus Sorry :-) If my ISP gives me two IPs, and I want ISP_IP1 to go to guest1 and so on
1311432749 M * Guy- Bertl: ah, OK
1311432842 M * Bertl arthus: yes, and?
1311432874 M * arthus For example, with my Isp ip 1.2.3.4 , would it be something like : 1.2.3.4 > 192.168.1.10 (host) > 1.2.3.4 (guest1) ?
1311432970 M * Guy- Bertl: re SNI, in my experience almost all current browsers support it
1311433000 M * Bertl arthus: that won't work
1311433017 M * Bertl either 1.2.3.4 is outside or inside, it cannot sanely be both
1311433033 M * Guy- Bertl: however, support is often subtly broken (for example, in some versions of firefox it worked, _except_ when the browser got restarted and restored the session AND the server was using apache mod_gnutls)
1311433222 M * arthus Bertl : You said earlier "...Just assign the Ips (1.2.3.4 in that example ?) on the host (and to the guest)..." Thats where I got stuck...
1311433323 M * Guy- arthus: the idea is to make the host have all the IPs that any guest will have
1311433344 M * Guy- arthus: guests always have a subset of the IPs of the host
1311433349 M * Bertl arthus: in this case, the router would directly route the IP to the host
1311433614 M * arthus so how do I tell the host which guest to route to ? proxy ?
1311433704 M * Guy- arthus: you don't
1311433713 M * Guy- arthus: the guest and the host kernel is the same
1311433730 M * Guy- arthus: if you just bind a guest service to a specific IP, it will get the relevant connections
1311433738 M * Guy- arthus: there is no routing between the host and the guest
1311433749 M * arthus Oooook
1311433753 M * Guy- arthus: you can think of a guest as a chroot on steroids
1311433755 M * arthus get it now
1311433783 M * Guy- arthus: it's up to you to partition up the IPs of the hosts among guests - it doesn't have to be a 1:1 mapping
1311433851 M * arthus so all I have to do is to tell lighttp to listen on adress 1.2.3.4, and then configure router
1311433865 M * Bertl arekm, Guy-: uploaded more steroids (i.e. pre7 :)
1311433902 M * Bertl daniel_hozac: do you think you could find some time to look into the CoW link breaking?
1311433987 M * Guy- arthus: and make sure the host has 1.2.3.4 configured on any interface
1311434002 M * Guy- Bertl: just when I was done compiling the previous version! :)
1311434026 M * Bertl make an interdiff, apply that, recompile should be a only few seconds
1311434067 M * Guy- yes
1311434167 M * arthus So I can't use DHCP ? or is it irrelevant ?
1311434176 M * Guy- arthus: you can use dhcp, but only on the host
1311434188 M * arekm uhm, /* FIXME: check dx permission */
1311434219 M * Guy- arthus: and you'll have to write some scripts, I think, to get the guests to use the IP(s) you obtain via DHCP
1311434228 M * Guy- (shouldn't be hard)
1311434312 M * arthus But on my lan I have two other working stations, so I just set them with static ips ?
1311434365 M * Guy- arthus: what do the two other stations have to do with anything?
1311434387 M * Guy- arthus: the easiest way would be to use static IPs on your server and DHCP on the workstations, probably
1311434411 M * arthus :-) I guess I don't understand what you meant
1311434414 M * Guy- arthus: just make sure your dhcp server doesn't hand out any of your server IPs to DHCP clients
1311434438 M * arthus ok
1311434481 M * arthus Well I'll check with my ISP for IPs, and will try the proxy solution first
1311434522 M * arthus I want to THANK YOU all for your time, and patience, and understanding
1311434561 M * arthus You've made it clearer to me, and it's nice having someone answering questions.
1311434574 M * Guy- arthus: maybe I misunderstood you, but I don't currently see how a proxy is needed at all
1311434644 M * arthus Guy-: It's a solution I discussed earlier with Bertl in case I have only one IP from my ISP and several vservers
1311435109 P * arthus 
1311435122 J * arthus ~arthus@reverse-232.fdn.fr
1311435622 M * Guy- arthus: you could share that IP among the vservers, but if you want name based virtual webhosting, you'll need a reverse proxy, true
1311438282 Q * gcj Ping timeout: 480 seconds
1311438292 J * gcj ~chris@cpc30-cmbg15-2-0-cust86.5-4.cable.virginmedia.com
1311439411 M * arthus re
1311439479 M * arthus Guy-: Allright, I checked for a reverse proxy and found haproxy > http://haproxy.1wt.eu/ I guess that would work ? 
1311439680 M * arthus 3. in this document seems to describe that kind of architecture : http://haproxy.1wt.eu/download/1.2/doc/architecture.txt
1311439719 M * Bertl whatever solution works for you is fine, note that this is not Linux-VServer related :)
1311439780 M * arthus that's right :-) sorry about massive off-topic today
1311441718 M * hparker I use squid for my reverse, though I kmay look into nginx
1311442443 M * gcj hi bertl, any idea why util-vserver is not mounting /dev/cgroup with the memory subsystem enabled? I can't figure out its logic
1311442476 M * gcj mount says: "vserver on /dev/cgroup type cgroup (rw,cpu)"
1311442854 M * Bertl by default, all enabled cgroups are mounted IIRC
1311442871 M * gcj that's what i thought it should do
1311442887 M * Bertl can you upload your kernel .config?
1311442897 M * gcj /proc/cgroups shows memory
1311442902 M * gcj sure, one sec
1311442981 M * gcj http://pastebin.com/8M4PaKdE
1311443050 M * Bertl what util-vserver version?
1311443185 M * gcj util-vserver-0.30.216-pre2982
1311443240 M * Bertl what does 'grep cgroup /proc/mounts' report?
1311443282 M * gcj vserver /dev/cgroup cgroup rw,relatime,cpu 0 0
1311443320 M * Bertl and you're sure that was mounted by this util-vserver version?
1311443338 M * gcj pretty certain, it was installed when i last rebooted
1311443346 M * gcj and it's not in fstab
1311443382 M * Bertl okay, please contact daniel_hozac, no idea why it wouldn't mount the other cgroup subsystems
1311443404 M * gcj ok, thanks
1311443432 M * gcj I guess if I unmount and remount /dev/cgroup it will remove all the cgroup configuration and I'll have to restart my vservers?
1311443463 M * Bertl I guess you won't be able to unmount it in the first place
1311443696 M * gcj where does the script actually mount /dev/cgroup? I can't find it
1311444082 M * gcj ah okay, I found it
1311445071 M * gcj i fixed the problem, should I just email daniel_hozac with the patch?
1311446099 M * Guy- arthus: probably; personally, I mostly use apache
1311446186 M * Guy- Bertl: I'm having DNS issues with 3.0.0-vs2.3.1-pre7 in guests. The host runs a dnscache at 192.168.0.254. The primary IP of the host is 192.168.0.4. I have a guest that only has 192.168.0.254, but its DNS requests appear to come from 192.168.0.4, so that's where the replies go, and the guest never sees them
1311446210 M * Guy- Bertl: I made no changes to this part of the setup, so I'm fairly certain it's a kernel regression
1311446634 M * Guy- Bertl: OK, looking further, it appears that all guest dns queries use the primary IP of the host as their source address, irrespective of what the guest's IP is
1311446642 M * Guy- Bertl: I have single IP special casing turned off, fwiw
1311446668 M * Bertl Guy-: yep, the source IP selection isn't working correctly yet
1311446720 M * Bertl i.e. it is 'unlimited' atm
1311446730 M * Guy- OK, that explains it :)
1311446746 M * Guy- I've been trying to workaround it using NAT, but that doesn't seem to help
1311446758 M * Guy- the source address is rewritten (according to tcpdump -i lo)
1311446765 M * Guy- but the replies still go to the primary host IP :o
1311446819 M * Guy- is it worth trying to workaround using ip rules and routes with specific source addresses in alternative tables?
1311446854 M * Guy- (I don't think I actually need the latest kernel :)
1311447009 M * Bertl well, separate networks for the guests together with nat should work
1311447026 M * Guy- nah, too much hassle
1311447037 M * Guy- I suppose I'll just downgrade for now :)
1311447118 M * Guy- that probably means patch-2.6.38.8-vs2.3.0.37-rc17.diff 
1311447290 M * Bertl whatever rows your boat :)
1311447384 Q * arthus Remote host closed the connection
1311447402 M * Guy- btw, any news about the fuse+supplementary group memberships issue?
1311447707 M * Bertl nope, didn't have any time to investigate further (low priority)
1311447772 M * Guy- I hope you don't mind if I ask about it occasionally
1311447789 M * Bertl no problem at all
1311448524 Q * ryker Quit: Leaving.
1311450641 M * gcj Hi again, one of my vserver users has apache configured with a passphrase on their certificate, and this causes the vserver startup process to hang forever. Is it possible to background the vserver startup process to allow the host to boot normally?
1311453291 M * Bertl you could make it depend on all the other guests :)
1311453463 M * gcj how would that help? surely it would still block the host's boot process?
1311454001 M * gcj also, which old resource limit better corresponds to the new memory.limit_in_bytes: rss or as?
1311455977 Q * fback Remote host closed the connection
1311455979 J * fback fback@red.fback.net
1311456394 Q * cehteh Quit: Coyote finally caught me
1311456416 J * cehteh ~ct@pipapo.org
1311457084 J * cuba33ci_ ~cuba33ci@111-240-164-228.dynamic.hinet.net
1311457438 Q * cuba33ci Ping timeout: 480 seconds
1311457439 N * cuba33ci_ cuba33ci
1311459080 N * ensc Guest3352
1311459089 J * ensc ~irc-ensc@p4FEC5FD4.dip.t-dialin.net
1311459498 Q * Guest3352 Ping timeout: 480 seconds
1311460441 Q * sannes Remote host closed the connection
1311462914 N * BobR_afk BobR
1311463207 Q * bonbons Quit: Leaving
1311464950 N * BobR BobR_zZ