1331514016 J * puck ~puck@leibniz.catalyst.net.nz 1331515329 J * mastermin ~stuff@S01060023bee96928.vs.shawcable.net 1331515437 Q * mastermin autokilled: This host violated network policy. Mail support@oftc.net if you think this in error. (2012-03-12 01:23:56) 1331522100 M * Bertl off to bed now ... have a good one everyone! 1331522106 N * Bertl Bertl_zZ 1331523400 N * AndrewLe1 AndrewLee 1331528257 J * voegelas ~voegelas@HSI-KBW-109-192-051-187.hsi6.kabel-badenwuerttemberg.de 1331528774 J * kephra ~kraehe@port-83-236-58-4.dynamic.qsc.de 1331528826 M * kephra moin - i tried vserver and wonder, if its possible to hide the real host routing table from the client, and to give the client a different routing? 1331529655 Q * clopez Ping timeout: 480 seconds 1331529669 Q * grobie Ping timeout: 480 seconds 1331529877 J * grobie ~grobie@78.47.105.20 1331531346 Q * click Read error: Connection reset by peer 1331531506 M * kephra and related, it looks as if I can not start a service on same port as the host - doing an ssh guest from host, results in a login on host, not on guest, and the guest does not even start ssh server 1331531714 M * kephra tryied both eth0 and dummy0 - kernel is 3.2.9, util-vserver is 0.30.216-pre3029, .config is http://pastebin.com/tTbWVWjm 1331531899 Q * grobie Ping timeout: 480 seconds 1331532072 M * Wonka kephra: you need to make the host's sshd only listen on the host's IP, not on 0.0.0.0 1331532169 M * kephra Wonka, so each service needs its special config? 1331532179 M * kephra and I can not just clone a xen system to vserver? 1331532249 J * grobie ~grobie@78.47.105.20 1331532414 M * kephra and well - resticting the guess ssh to one IP wont work, if the host listens to 0.0.0.0, Wonka ? 1331535320 Q * grobie Ping timeout: 480 seconds 1331535688 J * grobie ~grobie@78.47.105.20 1331537508 J * jeroen__ ~jeroen@095-097-051-172.static.chello.nl 1331537947 M * Wonka kephra: not each service, only those on the host. 1331537967 M * Wonka kephra: and on the host there should only be ssh and ntp. 1331537999 M * Wonka kephra: and you don't need to touch ntp, because there should be no ntp on the guests anyway - they won't be able to modify the clock. 1331538010 M * kephra so vserver restricts itself to a very narrow usage scenario, Wonka ;-( 1331538018 M * Wonka nope. 1331538037 M * Wonka on guests, services can bind to 0.0.0.0 without damage 1331538070 J * ghislain ~AQUEOS@adsl2.aqueos.com 1331538120 M * Wonka I'm running DNS, web, ssh, jabber servers, all in vservers. 1331538142 M * Wonka mail, databases... 1331538153 M * kephra well - compare it to uml or xen where a guest has a real virtual network interface 1331538164 M * Wonka VPN is a bit more complicated... 1331538198 M * kephra i joped that vserver has similar goal as solaris /zones 1331538212 M * kephra a zone has its own interfaces, its own routing 1331538668 M * Wonka vservers are a bit more lightweight... 1331538720 M * Wonka they're more like enhanced chroots 1331538736 M * Wonka but that way, they are more memory and cpu efficient than xen domUs, for example 1331539080 M * kephra is there any alternate to this over simple network? so independend virtual interfaces, and independent guess routing 1331539093 M * kephra else I fear, vserver has no use (for me) 1331539600 J * urbee ~urbee@93-103-199-233.dynamic.t-2.net 1331539603 M * urbee Morning guys 1331539633 M * urbee I've added a new ip to a guest in interfaces and vserver just takes it as its primary ip - even though the IP's dev file is set to eth0:3 1331539636 M * urbee how come? 1331539886 N * Bertl_zZ Bertl 1331539891 M * Bertl morning folks! 1331539897 M * urbee Morning bergerx 1331539899 M * urbee Bertl* 1331539905 M * Bertl urbee: because eth0:3 in 'dev' is just plain wrong :) 1331539921 M * urbee Umm :) where am i supposed to specify it then ?:P 1331539983 M * Bertl http://www.nongnu.org/util-vserver/doc/conf/configuration.html 1331540028 M * Bertl if you want util-vserver to create an alias, you need to specify the 'name' entry with e.g. '3' 1331540041 M * urbee oh 1331540073 M * urbee gotta bookmark this 1331540122 M * urbee ok 1331540125 M * urbee i did the name thing 1331540128 M * urbee 1 2 3 1331540131 M * urbee but its still 1331540133 M * urbee the same 1331540184 M * Bertl well, you most likely did the chage while the guest/ip was configured 1331540196 M * urbee yeah.. 1331540202 M * urbee what now? 1331540204 M * Bertl which means that util-vserver couldn't remove the configured IP 1331540204 M * urbee :/ 1331540214 M * urbee remove the names 1331540214 M * Bertl (and complained about that) 1331540215 M * urbee stop 1331540216 M * urbee re-add 1331540217 M * urbee start? 1331540232 M * Bertl and now it is complaining that the IP already exists on startup :) 1331540257 M * Bertl so, make another note: do not change guest configs while guest is running :) 1331540269 M * urbee yeah :) 1331540289 M * Bertl you can remove the IP(s) with 'ip a del ...' 1331540344 M * urbee it tells me this when i boot the guest 1331540345 M * urbee IP 91.185.202.35 already exists on eth0 1331540346 M * urbee SIOCADDRT: Operation not permitted 1331540346 M * urbee IP 91.185.209.60 already exists on eth0 1331540346 M * urbee IP 91.185.209.61 already exists on eth0 1331540349 M * urbee but 1331540359 M * urbee the IP's are not there when i stop it 1331540366 M * urbee so thats fine? 1331540998 M * Bertl aren't they? or are you just using 'ifconfig' instead of 'ip' ? 1331541572 M * urbee no 1331541573 M * urbee i'm using ip 1331541582 M * urbee and they're not there when i stop the guest 1331541590 M * Bertl so 'ip a l' doesn't show the IPs ? 1331541592 M * urbee when i start it i get the message i pasted 1331541606 M * urbee nope 1331541622 M * Bertl then you have the same IP twice in your guest config 1331541633 P * kephra Leaving 1331541649 M * urbee Oh..yeah..maybe the system is trying to start it again 1331541651 M * urbee from inside 1331541662 M * urbee I'm using Directadmin control panel 1331541666 M * urbee could be the case 1331541717 A * DelTree change de mains... 1331541719 M * DelTree oops... 1331541889 J * ViruSzZ ~Educated@nimitz.rosehosting.com 1331541917 M * Bertl interesting name :) 1331541933 M * ViruSzZ Hi there gurus 1331541970 M * ViruSzZ the question I have is kind of obvious for me but I thought someone can shedlight it for me 1331541989 M * ViruSzZ I have an arch linux quest and I'm getting the following in the logs 1331541990 M * ViruSzZ kernel: vxW: [»sshd«,21059:#108|108] messing with the procfs. 1331542016 M * ViruSzZ So the ssh daemon is trying to mess with the procfs but how can I fix this? 1331542056 M * Bertl probably by recompiling the sshd and removing whatever manipulation it is trying there ... 1331542083 M * Bertl (or maybe there is an option which avoids it) 1331542122 M * ViruSzZ of course ... and the specific question is: can it make some damage to the host by any way? 1331542137 M * Bertl nope, it was blocked by Linux-VServer 1331542145 M * ViruSzZ Yeah, I thought so. 1331542150 M * ViruSzZ Thank you bertl . 1331542169 M * Bertl you're welcome! 1331542196 J * petzsch ~markus@dslb-092-078-225-230.pools.arcor-ip.net 1331542253 M * urbee Thanks from me also :P 1331542461 M * Bertl you're welcome as well! :) 1331543745 M * Wonka it's probably "messing" by trying to increase it's oom_adj 1331544310 Q * nkukard Quit: Leaving 1331544450 J * fleischergesell ~fleischer@p4FDF0D02.dip.t-dialin.net 1331544815 M * fleischergesell How can I enter the spectator context? vnamespace --enter 1 -- /bin/bash does not work 1331544838 M * Bertl try vcontext instead 1331544868 M * Bertl (there is no namespace setup for spectator, and even it there was one, you wouldn't want it anyway) 1331544946 M * fleischergesell Okay - could you elaborate about how I use vcontext to enter spectator mode? I do not get it from the help :/ 1331545004 M * ghislain look at the source of vtop, it is a bash script and it use the spectator context 1331545016 M * Bertl vcontext --migrate --xid 1 -- 1331545029 M * daniel_hozac or just chcontext --xid 1 -- 1331545204 M * fleischergesell Okay, Thanks. But, iotop wont work from this context (I need to see which processes in the guests use up I/O) 1331545222 M * fleischergesell I get this error (which I do not get when running the command from the host context itself): 1331545224 M * fleischergesell Could not run iotop as some of the requirements are not met: 1331545224 M * fleischergesell - Linux >= 2.6.20 with 1331545224 M * fleischergesell - VM event counters (CONFIG_VM_EVENT_COUNTERS) 1331545387 M * ViruSzZ I think iotop is using /proc/vmstat so it is not present withing the guest. Just a guess? 1331545402 M * ViruSzZ s/withing/within 1331545409 M * Bertl you need to unhide it for the context 1331545477 M * fleischergesell But what security implications are there when unhiding proc? 1331545501 M * daniel_hozac it's a separate flag for the spectator context. 1331545510 M * daniel_hozac guests still won't be able to see it. 1331545557 M * fleischergesell Where can I set this flag for the spectator context? 1331545581 M * daniel_hozac setattr --watch /proc/ 1331545596 M * fleischergesell and permanently? 1331545629 M * daniel_hozac edit your vprocunhide configuration. 1331545728 M * fleischergesell Okay thanks, will try this now 1331546536 M * ViruSzZ So, the 'vxW: [sshd, 12572:#108|108] messing with the procfs.' only appears to be happening when I access the guest via ssh so this is the process: 1331546537 M * ViruSzZ root 12572 0.3 0.5 9440 2992 ? Ss 10:56 0:00 sshd: root@pts/1 1331546559 M * ViruSzZ how can I debug this to see what exactly is trying to access it so I can narrow the issue down? 1331546583 M * daniel_hozac strace -fF -p 1331546595 M * ViruSzZ Thanks. Let me check that 1331547408 P * fleischergesell 1331547868 J * kir ~kir@swsoft-msk-nat.sw.ru 1331548374 M * ghislain using the cgroup unearthed another issue for me 1331548400 M * ghislain when a server hit the limit even me in the host cannot enter it as the limit are met 1331548451 M * ghislain i guess instead of entering the guest i need then just to chcontext , got to test if changing context put me in the cgroup or not 1331548546 J * ferminter 4d6f0224@ircip1.mibbit.com 1331548590 N * ferminter Bl4ckB1rD 1331548676 M * ViruSzZ nah ... I don't think I can somehow get useful info by stracing the pid ... all I get is => http://pastie.org/3576671 this in a loop and the shell gets non-responsive after some time. Since, it's not harmful to the host server itself I think I'll leave it for future investigation. 1331548814 M * Bl4ckB1rD we are having issues with some of our servers. Server freezes on regular basis, usually it works for like 2 months, then it freezes. I have set up remote syslog-ng server to grab errors but it didnt show up anything. Could you help me with some tips on how to configure syslog-ng to actually get the bug that's crashing our servers? 1331548889 M * Bl4ckB1rD usually this happens on heavy loaded servers (database or monitoring servers) after they have run for a while. They do respond to ping, but they dont give any other response. New connections are not responding, but existing do stay and work. 1331548914 M * Bl4ckB1rD seems like a network driver issue or something... 1331548953 M * Bl4ckB1rD of course after restart i dont get any info about the oops or kernel panic in syslog. 1331548976 M * Bl4ckB1rD any detailed guide on how to debug such issues ? 1331548981 M * Bl4ckB1rD or at least a tip 1331549072 M * Bertl well, first, make sure to have some way to log kernel traces 1331549095 M * Bertl usually a serial console is a good start, although there are more complicated procedures to get away without it 1331549122 M * Bertl then, make sure your kernel is recent and compiled with debug info enabled (no point in hunting bugs already fixed upstream) 1331549227 M * Bertl ViruSzZ: you are interested in 'stat' and 'open' calls, so you might limit the output to those and/or grep for them 1331549406 M * ViruSzZ yes, Bertl is not worth trying to fix this as the kernel is too old (2.6.22.16 - util-vserver: 0.30.214; Apr 21 2008) and I haven't tested this on some recent kernel if it will be still happening. 1331549444 M * ViruSzZ I'm just curious and am hardworked and am not giving up that quickly ;) 1331549456 M * ViruSzZ s/hardworked/hardworker/ 1331549479 M * ViruSzZ anyhow, thank you for your inputs specially you and hozac. 1331549495 M * Bertl np 1331550185 M * Bl4ckB1rD Berti the problem is we are using hozac's prebuilt rpm's for rhel 6. You suggest us to compile kernel out of scratch with latest experimental release ? We are thinking actually to port back from 2.3 version to 2.2 if that one is stable, cause these freezes are really annoying for databases. They usually crash and we have to fix replication issues afterwards. 1331550234 M * Bertl good luck with backporting then :) 1331550821 M * Bl4ckB1rD Berti do you know for any repository that has precompiled kernel for centos 6/ubuntu that you are aware of ? 1331550843 M * Bl4ckB1rD besides dhozac which seems to be buggy 1331551029 M * Bertl in what way is daniel_hozac's repository buggy? 1331551190 M * Bl4ckB1rD it's buggy in a way that his kernel doesnt help fixing the freezing problem we are facing on our servers. There are 15 different servers and randomly 4 of them that are one of most important seem to be freezing from time to time. If it was only one server i would say it's hardware problem, either ram or something else. 1331551267 M * Bl4ckB1rD so it has to be kernel related problem... i would say. maybe i'm wrong, that's why i would like to catch the crash message / oops or something like that to make sure it's true before i accuse anyone. 1331551369 M * Bl4ckB1rD the funny part is, we actually run one vserver instance in kvm, and host that has this kvm is fine, but vserver freezes and needs to be shutdown and rebooted. 1331551426 M * Bertl well, a kernel problem is very likely if everything 'freezes', I'd suggest to try with a recent kernel instead 1331551461 M * Bl4ckB1rD maybe that would be answer to our problems yes. 1331551479 M * Bl4ckB1rD i'll try to recompile latest kernel with latest patch and see how this works out. 1331551577 M * Bl4ckB1rD is there a fast way to make "oldconfig" of current daniel's kernel? 1331551589 M * Bl4ckB1rD and port it out to latest 1331551633 M * Bertl you want to use the .config from daniel_hozac's packages? 1331551669 M * Bl4ckB1rD i guess so, since it's made for centos 6 / rhel 6 1331551696 M * Bertl well, it matches the kernel used there, so you will have to adjust it to a newer kernel 1331551901 M * Bl4ckB1rD sure thing 1331551911 M * Bl4ckB1rD but only the "new" features 1331551913 M * Bl4ckB1rD imho 1331551949 M * Bertl yeah, although I would suggest to build a .config tailored to your hardware and not a kitchen-sink one 1331552155 M * Bl4ckB1rD meaning i'd have to pick each option myself and most likely break it :) 1331552168 M * Bl4ckB1rD or is there another option 1331552199 M * Bl4ckB1rD like "make me nice kernel that suits current hardware" command :) 1331552212 M * Bertl there is something similar 1331552238 M * Bertl make localmodconfig 1331552256 M * Bertl (see 'make help' for more details and options) 1331552260 M * Bl4ckB1rD aha okay 1331552261 M * Bl4ckB1rD thanks 1331552264 M * Bl4ckB1rD i'll check it out 1331552453 J * clopez ~clopez@82.25.60.213.dynamic.mundo-r.com 1331552941 J * derjohn_mob ~aj@87.253.171.220 1331553861 M * daniel_hozac Bl4ckB1rD: do your freezes last? mine only occur for a few seconds at a time. 1331553893 M * daniel_hozac (and i have issues opened with RH for those, but have yet to see any progress) 1331553933 M * Bertl I think the problem with those kernels is that the 'freeze' (IMHO a scheduler issue) causes I/O to pile up, and if there is enough, it really gets messy 1331554024 M * daniel_hozac yeah. 1331554051 M * daniel_hozac booting with nodelayacct makes it somewhat better, but not 100%. 1331554076 M * daniel_hozac i've been considering turning off HPET, but haven't had time to test that yet. 1331554103 Q * ensc|w Remote host closed the connection 1331554112 J * ensc|w ~ensc@www.sigma-chemnitz.de 1331554329 Q * Aiken Remote host closed the connection 1331554856 Q * ViruSzZ Quit: Leaving 1331555507 M * Bl4ckB1rD daniel_hozac yes they unfortunately last longer... machine reponds to pings though, but new connections are not accepted. 1331555618 M * Bl4ckB1rD seems like server stays responsive, but network freezes... i'll go try and see if i can catch something on monitor in datacenter, when i plug it in, but most likely i'll just see black screen and nothing on it. 1331555649 M * daniel_hozac for me it's anything using IO freezes. 1331555694 M * daniel_hozac you can try setting the hung task timeout to 2 or so, and you should be able to get a kernel stack trace showing where they're stuck. 1331555715 M * daniel_hozac (when/if the machine regains consciousness) 1331555724 M * Bl4ckB1rD aha, that's a good idea 1331555724 M * daniel_hozac and on a serial console. 1331555768 M * daniel_hozac a echo 2 > /proc/sys/kernel/hung_task_timeout_secs should do the trick. 1331555780 M * Bl4ckB1rD thanks i'll do that right a way 1331555810 M * Bl4ckB1rD can this break something on production enviroment actually ? 1331555815 M * daniel_hozac no. 1331555838 M * Bl4ckB1rD okay. default is 120 as i see. 1331555839 M * daniel_hozac at most it will log kernel stack traces when you're under a lot of load causing processes to hang in the same spot for 2 seconds. 1331555874 M * daniel_hozac just make sure you have a serial console or some non-network non-IO means of getting them. 1331555935 M * Bertl (for example a crash dump kernel and some way to trigger a sysrq) 1331556087 M * Bl4ckB1rD sure i have tty's spawned and monitor should be plugged in 1331556093 M * Bl4ckB1rD so it should do the trick 1331556099 M * Bl4ckB1rD hopefully i get something useful 1331556121 M * Bl4ckB1rD the funny part is, the idle machines dont freeze at all... they run for longer periods of time actually very stable 1331556143 M * Bl4ckB1rD 13:42:13 up 159 days, 4:58, 1 user, load average: 0.49, 0.66, 0.76 1331556146 M * Bl4ckB1rD example 1331556147 M * daniel_hozac right, it appears to only happen at times of congestion. 1331556218 M * Bl4ckB1rD this one 159 days of uptime runs 2.6.32-131.12.1.el6.vs2.3.0.36.29.6.18.x86_64 kernel very well 1331556256 M * Bl4ckB1rD o well we'll see. 1331556276 M * daniel_hozac i chased the bug myself for a few weeks back when 6.0 was current, but eventually had to punt on it. 1331556285 M * daniel_hozac (on non-vserver systems) 1331556310 M * Bl4ckB1rD dont worry dani, this very same problem happens on debian systems also... 1331556323 M * Bl4ckB1rD not using your repository. 1331556341 M * Bl4ckB1rD so it must be some general problem 1331556348 M * Bl4ckB1rD with vserver patch 1331556354 M * Bl4ckB1rD not rly sure though 1331556367 M * Bl4ckB1rD i'll debug a bit more. 1331556370 M * daniel_hozac no, it's not vserver related. 1331556379 M * Bl4ckB1rD u sure ? 1331556383 M * daniel_hozac yes. 1331556386 M * Bertl yes, it seems to be a mainline issue 1331556397 M * daniel_hozac i was chasing it on systems running just the plain RHEL kernel 1331556407 M * Bl4ckB1rD oh! -.- i see 1331556488 M * daniel_hozac Bertl: do you see it on recent kernels at all? i have minimized my servers to just one physical machine now, so i have limited testing resources that aren't kvm... 1331556564 M * Bertl 2.6.38.x is behaving fine in this regard, although it has some other I/O issues 1331556574 M * Bertl I haven't seen it on 3.x kernels yet 1331556789 M * Bl4ckB1rD Linux vs004 2.6.38.8-vs2.3.0.37-rc17-tba #1 SMP Thu Jul 28 16:02:32 UTC 2011 x86_64 GNU/Linux --> this one freezes on debian for me. (self compiled kernel) 1331556882 M * Bl4ckB1rD i seem to be having more problems with ubuntu/debian kernel ports than rh/centos ones. 1331556960 M * pmjdebruijn Bl4ckB1rD: I highly recommend one of the -stable trees 1331556963 M * pmjdebruijn 2.6.32.x 3.0.x 1331556977 M * daniel_hozac 2.6.32 is the one with the problem at hand... 1331556987 M * pmjdebruijn well 3.0 then 1331556994 A * pmjdebruijn meant in general 1331557016 M * pmjdebruijn the rhel 2.6.32 kernels are hardly 2.6.32 btw 1331557025 M * pmjdebruijn patchomundo 1331557243 M * Bl4ckB1rD didnt try 3.x kernel with vserver yet though, mainly cause there are no rpm's / .deb packages of it... i'll try and make one i guess. btw is there any changelog for these kernel patches ? 17 Mar 2008 is the last one -.- 1331557477 M * Bertl nope 1331557525 M * Bl4ckB1rD okay. 1331557575 M * Bl4ckB1rD dani you mentioned nodelayacct ... do you mean i should add this in grub.cfg when booting kernel ? 1331558070 M * Bl4ckB1rD or anyone else... :) 1331558296 M * daniel_hozac yes 1331558848 P * kir PING 1331558848 1331560420 J * kir ~kir@swsoft-msk-nat.sw.ru 1331560455 Q * clopez Ping timeout: 480 seconds 1331560540 P * kir 1331562971 Q * petzsch Quit: Leaving. 1331564407 J * dowdle ~dowdle@scott.coe.montana.edu 1331566620 J * clopez ~clopez@155.99.117.91.static.mundo-r.com 1331567375 J * petzsch ~markus@dslb-092-078-225-230.pools.arcor-ip.net 1331568648 Q * ncopa_ Quit: Leaving 1331571842 Q * derjohn_mob Ping timeout: 480 seconds 1331571852 M * Bertl off for a nap ... bbl 1331571857 N * Bertl Bertl_zZ 1331572210 Q * clopez Quit: Leaving 1331572326 J * clopez ~clopez@155.99.117.91.static.mundo-r.com 1331572377 J * nkukard ~nkukard@41-133-198-167.dsl.mweb.co.za 1331575149 J * click ~click@118.84-49-174.nextgentel.com 1331577328 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com 1331577362 Q * BenG 1331577938 J * sweil ~stefan@p54ADAF87.dip.t-dialin.net 1331579411 Q * voegelas Quit: Leaving. 1331580409 N * Bertl_zZ Bertl 1331580418 M * Bertl back now ... 1331581360 J * hijacker_ ~hijacker@cable-84-43-136-96.mnet.bg 1331582523 Q * brambles Remote host closed the connection 1331582821 J * brambles brambles@79.133.200.49 1331584128 Q * clopez Ping timeout: 480 seconds 1331584652 J * cuba33ci_ ~cuba33ci@114-36-245-37.dynamic.hinet.net 1331585002 Q * cuba33ci Ping timeout: 480 seconds 1331585006 N * cuba33ci_ cuba33ci 1331585762 J * clopez ~clopez@82.25.60.213.dynamic.mundo-r.com 1331586642 Q * hijacker_ Quit: Leaving 1331588540 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1331588582 Q * ghislain Quit: Leaving. 1331588614 Q * petzsch Quit: Leaving. 1331588873 Q * sweil Remote host closed the connection 1331589071 Q * bergerx Ping timeout: 480 seconds 1331589139 J * bergerx ~bergerx@46.196.249.86 1331590670 Q * zbyniu Ping timeout: 480 seconds 1331593831 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl 1331593930 Q * dowdle 1331595860 Q * zbyniu Ping timeout: 480 seconds 1331596397 J * zbyniu ~zbyniu@ip-62.181.188.13.static.crowley.pl