1334621603 Q * _nono_ Read error: Operation timed out
1334621740 J * _nono_ ~gomes@licencieux.ircam.fr
1334622644 Q * clopez Ping timeout: 480 seconds
1334623097 M * Bertl off to bed now ... have a good one everyone!
1334623103 N * Bertl Bertl_zZ
1334629765 Q * brambles Remote host closed the connection
1334629804 J * brambles brambles@79.133.200.49
1334635945 N * ensc Guest623
1334635954 J * ensc ~irc-ensc@p54ADE24A.dip.t-dialin.net
1334636366 Q * Guest623 Ping timeout: 480 seconds
1334637151 Q * _nono_ Ping timeout: 480 seconds
1334637362 J * _nono_ ~gomes@licencieux.ircam.fr
1334639702 Q * ccxCZ Ping timeout: 480 seconds
1334639792 J * ccxCZ ~ccxCZ@new.webprojekty.cz
1334642964 Q * jeroen__ Quit: Ex-Chat
1334644993 J * ghislain ~AQUEOS@adsl2.aqueos.com
1334647573 J * clopez ~clopez@fanzine.igalia.com
1334650341 Q * FireEgl Quit: Leaving...
1334651533 N * Bertl_zZ Bertl
1334651538 M * Bertl morning folks!
1334651839 Q * A5fa3237b Remote host closed the connection
1334652261 M * fback morning Bertl
1334652425 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com
1334652995 M * fback Bertl: having deep knowledge on network separation, how would you do this. You have bunch of guests behind a *NAT, that's done on separate device (so networking on host and guests is trivial). What if you could get additional public IP to assign to a host your services are running on? I can see two possibilities, assingn this ip to all the guests, or leave them on private addresses, then do some magic with iptables so they are public outside. First one is trivi
1334653079 J * petzsch ~markus@dslb-088-075-172-224.pools.arcor-ip.net
1334653155 M * Bertl not sure what the public IP is for and why you would to assign it to all guests?
1334653164 M * Bertl *would want*
1334653201 M * fback Bertl: to offload the nat
1334653226 M * Bertl but for example, if you use that public IP for https, then I'd use SNAT to map it to that specific guest running the httpd
1334653285 M * fback guests separate services, so theres one for mail, another for dns, web, etc
1334653286 M * Bertl if you want all guests to use that IP, then it is again nat, just with a different IP
1334653318 M * Bertl do they have separate IPs?
1334653318 M * fback yup, but dome on separate device
1334653332 M * Bertl mail, dns, web?
1334653388 M * fback now they are behind single public ip, but each one has different private ip
1334653423 M * fback so there are rules to forward traffic to specific guest on the nating gear
1334653555 M * Bertl okay, those simply need to be changed to use the new public IP
1334653582 M * Bertl and you probably want to masquerade all outgoing traffic with that new IP as well
1334653590 M * fback there are two boxes, one simple wifi, that's doing the nat
1334653615 M * Bertl on the same network or on different networks?
1334653619 M * fback since my isp upgraded uplink to 100M, to much traffic just kills the device :>
1334653635 J * ksn ~ksn@8ta-151-168-40.telkomadsl.co.za
1334653684 M * fback on the same network
1334653728 M * fback now, i can ask for second ip, assign it to the host and:
1334653787 M * fback do another nat on host, or simply assign it to all the guests, that need to be available from outside.
1334654032 M * fback second solution seems trivial to implement, but one have to care not to bind to the same port from two guests. 
1334654072 M * Bertl for me your setup is still unclear, you are talking about a 'second' public IP, but suddenly want to assign it to a host behind a nat?
1334654096 M * Bertl as far as I understood, you have two different routers
1334654114 M * Bertl one currently doing the nat for all hosts/guests
1334654126 M * Bertl and a new? one for the new? public IP?
1334654138 M * fback that device, where's nat now being done, has internal switch
1334654161 M * fback i can configure it, so both lan and wan is available on the host
1334654251 M * Bertl why not configure it to map the wan IPs to the corresponding host/guest (private) IPs and vice versa?
1334654291 M * fback that's exactly one of options I mentioned
1334654309 M * Bertl okay, then that's what I'd do :)
1334654333 M * Bertl doesn't require any magic or changes on the guests/hosts
1334654336 M * fback and another, to simply assign public ip to all the guests that needs to be available from the Internet
1334654350 M * Bertl doesn't make sense IMHO
1334654382 M * Bertl first you lose flexibility in the assignment guest/public ip
1334654405 M * Bertl second you mix public IPs with lan traffic
1334654421 M * Bertl neither is good for administration
1334654482 M * fback okay, another question then
1334654502 M * fback guests can only see lan side of the network
1334654546 M * fback how (technically) it can get to default route?
1334654687 M * fback the only soultion comes to my mind is with two tables, one for lan with its own default route, that points to "old" nat, and second with direct connection
1334654730 M * fback then rules that redirects / nats traffic from specified guests to a direct nat
1334654767 M * fback but this may be because I don't understand how network separation in vserver works
1334654858 M * fback simply changing default route on the host to direct one would render all the guests without default route?
1334655094 M * Bertl if the 'router' for the lan has one IP (the switch/router thingy you mentioned) then you do not need separate routing tables
1334655116 M * Bertl if you have two routers, you simply setup source based routing on the host(s)
1334655141 M * Bertl (identical to the multiple provider setup known in linux)
1334655347 M * fback Bertl: it has single (public) ip, wan vlan is simply assigned to the port host is connected, in addition to uplink port and internal (ie to the device) port.
1334655491 M * fback (so if public ip is assigned to correct vlan interface on host, packets to the Internet are just switched by "that router/switch thingy", and spikes in the traffic are not an issue anymore)
1334655536 M * Bertl again confusing, maybe you want to draw a diagram if you still need more input
1334655574 M * fback the one thing I still don't understand, how guest is going to know about default route after the change
1334655586 M * Bertl after what change?
1334655679 M * Bertl IMHO there are two cases, a) single gateway for both public IPs
1334655689 M * Bertl and b) separate gateways for each IP
1334655723 M * Bertl in case a) no routing tables are required, the single gateway is the default route which decides based on lan/public IP
1334655742 M * Bertl in case b) you need separate routing tables on dual homed hosts
1334655823 Q * ksn Quit: leaving
1334655827 M * Bertl i.e. hosts with IPs (guest or not) to be routed through both gateways
1334656058 M * fback http://paste.linux-vserver.org/20794
1334656248 M * Bertl well, you can do all kind of strange things, but I'm not sure what the purpose of the tp-link is when you get vlans routed to the wan port?
1334656403 M * fback to keep the traffic from other devices (eg. my laptop) away from the host
1334656446 M * fback and note, there's onlu one vlan on the wan port, vlan2
1334656496 M * Bertl so what's the point then?
1334656539 M * Bertl sounds to me like you are adding a device in hope that it will give you better performance when it does some nat-ing? or what?
1334656578 M * fback I'm adding vlan2 to the port host is connected to, that's all
1334656608 M * Bertl okay, so be it, what is the gain?
1334656636 M * Bertl and what is the purpose of the tp-link in the first place? or is it just legacy going away now?
1334656686 M * fback traffic to the host (and guests on it) need not to be nated by this tp-link
1334656729 M * fback tp-link is still needed, to provide wireless connectivity.
1334656739 M * Bertl so why is it connected to the tp-link at all?
1334656827 M * fback you mean the host?
1334656833 M * Bertl yup
1334656927 M * fback because I need l2 connectivity
1334656950 M * Bertl huh?
1334656967 M * fback tp-link has built-in 6 port switch
1334656975 M * fback that supports vlans
1334657038 M * Bertl okay, how is that related to your drawing and the VLAN2-LAN4 connection?
1334657088 M * fback in simple (current) setup theres one wan port (vlan2), and 4 lan ports (vlan1)
1334657157 M * Bertl either your drawing is wrong, and LAN4 is actually conencted to the switch (in the tp-link)
1334657168 M * fback (of course there's also 6th, internal port, to which the device itself is connected to)
1334657174 M * Bertl in which case, all traffic _always_ goes through the tp-link
1334657187 M * Bertl which makes the tp-link the one and only gateway/router
1334657221 M * fback Bertl: but if it goes from vlan1 to vlan2, tp-link has to nat that traffic
1334657227 M * Bertl or the drawing is right, and there is an independant connection from VLAN2 (wan) to LAN4
1334657230 M * fback so it utilizes its cpu power
1334657234 J * derjohn_mob ~aj@87.253.171.194
1334657257 M * fback if it goes from vlan2 to vlan2, then it's just switched
1334657260 M * Bertl so the drawing is wrong, yes?
1334657301 M * Bertl okay, in this case, why not pass through the vlan2 on the port lan4 is connected to, and do S/DNAT on the host (LAN4)
1334657342 M * Bertl again, single gateway, multiple private (not necessary vlan1) IPs for the guests
1334657401 M * Bertl if you want to have those guests reachable from vlan1 without interaction of the tp-link, you can use the same vlan1 IPs and have a separate network interface (or some magic on the tp-link) to connect them
1334657407 M * fback I asked on your opinion on that, yes
1334657419 M * Bertl (latter of course adds more work for the tp-link)
1334657446 M * fback if it's better to keep private ips for guests, and do s/dnat on the host
1334657473 M * fback or assign this public ip to all guests that needs to be available from outside :-)
1334657473 M * Bertl it's definitely more flexible and gives you fine grained control
1334657507 M * fback now, the question on default route is not directly connected to this
1334657508 M * Bertl just think when you update a web server for example
1334657528 M * Bertl you can start both guests, old and new, with different IPs (private)
1334657534 M * fback i'm just curious, how guest is going to find default route
1334657538 M * Bertl and just change the DNAT rule
1334657555 M * Bertl the default route is always the router in VLAN2
1334657573 M * Bertl there is no 'finding out the default route' in your case
1334657630 M * Bertl traffic to the VLAN1 devices will be done via the interface (real or vlan) connected to this network (with a network specific route)
1334657643 M * Bertl traffic to everything else will use the VLAN2 gateway
1334657663 M * fback but guest don't know anything about vlan2
1334657683 M * Bertl the host knows, and routing is done on the host
1334657743 M * Bertl no special setup required
1334657746 M * fback so all is done, is that when guest binds to 0.0.0.0, it binds to what is allowed for the guest in real (or rather host-wise)?
1334657775 M * Bertl yep, and source addresses are limited to those IPs as well
1334657799 M * fback and all I need, is to nat those private ips to the public one
1334657827 M * Bertl the one on VLAN2, yes, and route generic traffic through the gateway in VLAN2
1334657885 M * fback masquerading all outgoing traffic is also an option, no?
1334657948 M * fback (ie. -t nat ... -s source_ip_of_specific_guest -o vlan2 -j MASQUERADE)
1334657973 M * Bertl sure
1334658139 M * fback Bertl: the gain you've asked, next DoS should kill the host, but not the rest
1334658178 M * fback (unless it's pointed to tp-link and not some service, of course)
1334658444 M * fback second, emails with big attachments won't kill this tp-link anymore
1334658790 M * fback I thought it's caused by going out of memory to keep track of connections, but it seems even one big enough stream can kill it :(
1334661216 Q * BenG Quit: I Leave
1334661344 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com
1334661598 Q * ensc|w Remote host closed the connection
1334661610 J * ensc|w ~ensc@www.sigma-chemnitz.de
1334663586 Q * _nono_ Ping timeout: 480 seconds
1334663841 J * _nono_ ~gomes@licencieux.ircam.fr
1334663876 Q * derjohn_mob Ping timeout: 480 seconds
1334664498 Q * BenG Quit: I Leave
1334664613 J * derjohn_mob ~aj@87.253.171.203
1334664652 J * FireEgl FireEgl@2001:470:e056:1:a11f:34b6:7384:9f0a
1334665499 Q * derjohn_mob Ping timeout: 480 seconds
1334665583 J * glen ~glen@scratchy.delfi.ee
1334665592 M * glen hey, i get such error: vspace: clone(): Invalid argument
1334665600 M * glen 2.6.25.16-1
1334665613 M * glen i wonder, what is requirement for that, any kernel version? or util-vserver?
1334665619 M * glen i just want to fix dependencies in distro
1334665702 M * daniel_hozac did 2.6.25 ever get Linux-VServer patches?
1334665732 M * glen yes of course
1334665741 M * daniel_hozac that kernel was broken beyond belief.
1334665744 J * thierryp ~thierry@zankai.inria.fr
1334665763 M * glen anyway, it was running, it got broken when i upgraded userspace, and got recivered when downgraded userspace again
1334665767 M * WMP daniel_hozac: is possible to make disc limit on quest without tag optiom on root?
1334665777 M * glen util-vserver-0.30.214-5.amd64 - works with that kernel
1334665786 M * glen broken with that kernel: util-vserver-0.30.216-1.pre2981.1.amd64.rpm
1334665787 M * daniel_hozac WMP: no.
1334665806 M * glen i mean that clone() is new thing from some 2.6.27+ or sth?
1334665811 M * daniel_hozac no
1334665818 M * daniel_hozac clone has been around since 2.4.
1334665823 M * daniel_hozac at least
1334665833 M * WMP daniel_hozac: maybe make ext4 on file with size eq. 40GB and mount this to this guest?
1334665864 M * glen i want to put something to util-vserver package to Conflict: uname<2.6.27 so i won't broke some other system similarily :)
1334666036 M * daniel_hozac no, util-vserver works fine on every kernel that's supported down to 2.4.
1334666082 M * daniel_hozac kernels like 2.6.25 which were just too broken to be used just aren't expected to be used.
1334666103 M * glen so what explains that 0.30.214-5 and 0.30.216-1.pre2981.1 difference? (.216 gave that clone error and failed to start vserver)
1334666105 M * daniel_hozac (especially 4 years later)
1334666130 M * daniel_hozac 0.30.214 is an ancient util-vserver. it probably doesn't know how to setup a guest on that kernel.
1334666146 M * glen nono, the opposite
1334666150 J * derjohn_mob ~aj@88.128.79.39
1334666152 M * glen 0.30.214 was ok
1334666154 M * daniel_hozac no, i mean what i said.
1334666166 M * glen 0.30.216 failed
1334666166 M * daniel_hozac it was probably okay because it didn't try to actually setup a fully functioning guest.
1334666195 M * glen like i could get out of jail?
1334668748 Q * Aiken Remote host closed the connection
1334670564 Q * clopez Ping timeout: 480 seconds
1334670940 J * clopez ~clopez@fanzine.igalia.com
1334671083 M * Bertl glen: yep, old util-vserver does not know about namespaces and similar stuff
1334671103 M * Bertl on (somewhat) recent kernels it will create incomplete isolation 
1334671149 M * Bertl so basically the guests are not properly isolated, various settings (for example uts) leak to the host/other guests and so on
1334671717 M * Bertl off for now ... bbl
1334671724 N * Bertl Bertl_oO
1334672237 Q * _nono_ Ping timeout: 480 seconds
1334672496 J * _nono_ ~gomes@licencieux.ircam.fr
1334672742 M * glen which reminds me, some incompatible combination of kernel/userspace made uts change appear in host as well :)
1334672757 M * glen i.e that was not the case earlier, but something changed (likely userspace upgrade) made it happen
1334674934 J * dowdle ~dowdle@scott.coe.montana.edu
1334674935 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com
1334674940 Q * BenG 
1334674961 J * BenG ~bengreen@cpc10-aztw24-2-0-cust114.aztw.cable.virginmedia.com
1334676686 Q * clopez Ping timeout: 480 seconds
1334677126 Q * petzsch Quit: Leaving.
1334677166 J * clopez ~clopez@fanzine.igalia.com
1334678774 Q * derjohn_mob Ping timeout: 480 seconds
1334678851 J * bonbons ~bonbons@2001:960:7ab:0:8895:872c:b349:24c2
1334679519 J * petzsch ~markus@dslb-088-075-172-224.pools.arcor-ip.net
1334679544 Q * clopez Ping timeout: 480 seconds
1334680309 Q * thierryp Remote host closed the connection
1334683146 Q * nkukard Ping timeout: 480 seconds
1334684583 J * thierryp ~thierry@home.parmentelat.net
1334684624 Q * ghislain Quit: Leaving.
1334684696 J * nkukard ~nkukard@41-133-138-246.dsl.mweb.co.za
1334685972 Q * thierryp Remote host closed the connection
1334686301 Q * BenG Quit: I Leave
1334687843 J * jazzanova1 ~boris@173.242.119.177
1334687878 M * jazzanova1 hi, my server running three server hosts stopped responding, and I had to reboot. How can I inspect what was the problem ?   How can I isolate on which guest the problem was that crashed the host ?
1334687886 M * jazzanova1 i mean, vhosts
1334687895 M * jazzanova1 guests
1334688621 M * daniel_hozac check the logs?
1334688755 M * jazzanova1 nothing in the logs of the host. 
1334688782 M * daniel_hozac do you have sar enabled?
1334688785 M * jazzanova1 the sypmptom is that ping didn't respond, and ssh also.
1334688801 M * jazzanova1 whats that and how do I check ?
1334688921 M * daniel_hozac run sar
1334688942 M * jazzanova1 command not found
1334688953 J * thierryp ~thierry@home.parmentelat.net
1334688954 M * daniel_hozac then you don't have it.
1334688957 M * jazzanova1 :)
1334689032 M * jazzanova1 i didn't install vserver from source, but installed a debian package kernel with vserver support. everything seemed to work for a while, and vservers were fine. do you think the crash could be because of that ?
1334689048 M * jazzanova1 I did load the vservers starting from yesterday
1334689057 M * jazzanova1 and it crashed.
1334689282 M * jazzanova1 Apr 17 04:38:44 vserver2 kernel: imklog: Cannot open proc file system, 1.
1334689290 M * jazzanova1 seeing this on one of the guests
1334689365 M * jazzanova1 seething this also: Apr 17 09:10:01 francisco /usr/sbin/cron[4744]: (CRON) error (can't fork)
1334689569 P * glen 
1334690047 Q * thierryp Remote host closed the connection
1334690122 J * clopez ~clopez@44.18.165.83.dynamic.mundo-r.com
1334690249 M * jazzanova1 how can I monitor how much RAM each vserver is using ?
1334690809 J * A629e6b1b ~A629e6b1b@cho94-8-88-178-12-119.fbx.proxad.net
1334691136 M * daniel_hozac vserver-stat
1334691156 M * daniel_hozac the Debian kernels are broken in many ways.
1334691644 J * nuba ~nuba@pauleira.com
1334691910 Q * fback Quit: leaving
1334691998 M * nuba hi folks, not having much success with google, the faq or the documentation, so I'm asking here: how can I make /usr/sbin/vserver available to another user via sudo?
1334692032 M * nuba in this case, i'm writing a nagios handler to restart a service inside a vserver context
1334692156 M * nuba i'd rather do it with vserver exec than with ssh, but even for a highly permissive sudo setting: "nagios  ALL=(root) ALL" it's not working, and giving me "can not change context: migrate kernel feature missing and 'compat' API disabled: Function not implemented"
1334692211 J * fb fback@red.fback.net
1334692409 M * daniel_hozac and it works as root?
1334692546 M * nuba yep
1334692575 M * nuba perfectly, and btw vserver rocks :)
1334692595 M * daniel_hozac what does sudo cat /proc/self/status yield?
1334692862 M * nuba holy crap, i forgot i had to do sudo /usr/sbin/vserver 
1334692882 A * nuba fool
1334692901 M * nuba daniel_hozac: not a problem anymore, but here's http://pastie.org/3806381
1334693035 M * nuba daniel_hozac: thank you
1334693140 M * daniel_hozac hehe
1334694076 J * hijacker_ ~hijacker@cable-84-43-134-121.mnet.bg
1334694769 Q * hijacker_ Quit: Leaving
1334696055 M * jazzanova1 whats the meaning of number of pages, vs RSS ? should I be concerned with those pages being 5 times more than RSS ?
1334696419 M * daniel_hozac what?
1334697060 M * jazzanova1 i mean, the output of vserver-stat
1334697110 M * jazzanova1 40004   36   1.4G 147.2M   1h50m28   2m16s57   1h53m38 francisco
1334697117 M * jazzanova1 such a big difference in values.
1334697145 M * jazzanova1 1.4g vs 147megs. is that ok ?
1334697149 Q * petzsch Quit: Leaving.
1334697758 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f
1334698064 Q * bonbons Quit: Leaving
1334698331 M * daniel_hozac sure
1334698573 M * jazzanova1 does this mean that 1.4g of swap is used, but there are only 147megs loaded in RAM ? 
1334698611 M * jazzanova1 i'm puzzled why it needs to load so much, cause I don't do much on those vhosts.
1334699024 N * Bertl_oO Bertl
1334699070 M * Bertl jazzanova1: if you run 'hello world' in java, it will allocate 3GB of memory, and actually use a few pages 
1334699247 J * ghislain ~AQUEOS@adsl2.aqueos.com
1334699523 Q * ghislain 
1334701651 Q * A629e6b1b Remote host closed the connection
1334703425 Q * dowdle 
1334706671 Q * jazzanova1 Quit: Leaving