1361923750 Q * Ghislain Quit: Leaving. 1361923960 Q * BenG Quit: I Leave 1361924330 M * Bertl off to bed now, have a good one everyone! 1361924335 N * Bertl Bertl_zZ 1361941771 J * _urbee ~urbee@93-103-225-35.dynamic.t-2.net 1361942096 Q * urbee Ping timeout: 480 seconds 1361944532 Q * clopez Ping timeout: 480 seconds 1361946239 J * Ghislain ~aqueos@adsl1.aqueos.com 1361951739 N * Bertl_zZ Bertl 1361951744 M * Bertl morning folks! 1361952060 M * hijacker morning 1361954087 M * arekm bum 1361958713 J * BenG ~bengreen@194.164.97.178 1361962038 Q * BenG Quit: I Leave 1361963848 J * clopez ~clopez@fanzine.igalia.com 1361968259 Q * ircuser-1 Ping timeout: 480 seconds 1361969925 J * mib_q6u2r2 55ddb4fd@ircip1.mibbit.com 1361969936 M * mib_q6u2r2 hi 1361969963 M * mib_q6u2r2 I have problem with vserver :) 1361969975 Q * Aiken Remote host closed the connection 1361970005 M * mib_q6u2r2 I have configured vserver with apache2 and some domains 1361970033 M * mib_q6u2r2 I made prerouting iptables -t nat -I PREROUTING --protocol tcp --destination-port 80 -j DNAT --to-destination 192.168.1.101:80 and everithing works fine (via remot) 1361970055 M * mib_q6u2r2 but when I want to connect to port 80 from host or guest I can't it:( 1361970094 M * mib_q6u2r2 telnet 56.xx.xx.xx 80 Trying 56.xx.xx.xx... telnet: Unable to connect to remote host: Connection refused 1361970107 M * mib_q6u2r2 but: 1361970108 M * mib_q6u2r2 telnet 192.168.1.101 80 1361970109 M * daniel_hozac use the OUTPUT chain in -t nat 1361970111 M * mib_q6u2r2 Trying 192.168.1.101... 1361970139 M * mib_q6u2r2 can you show me example ? 1361970876 Q * ensc Remote host closed the connection 1361970974 M * Bertl hey mib_q6u2r2! I presume you are Dawid? 1361970987 M * mib_q6u2r2 yes 1361971001 M * mib_q6u2r2 so ? 1361971003 M * Bertl okay, good that you found your way here, much easier than with email 1361971028 M * mib_q6u2r2 can you help me ? 1361971033 M * Bertl well, connection refused usually means that something prevents the connection from happening 1361971073 M * mib_q6u2r2 firewall is clear 1361971128 M * Bertl as the traffic is local, the nat won't work in PREROUTING/POSTROUTING 1361971153 M * Bertl check with tcpdump on the host what happens to the packets 1361971166 M * Bertl note: local traffic always uses 'lo' as interface 1361971188 J * ensc ~irc-ensc@p54ADE8EC.dip.t-dialin.net 1361971239 M * Bertl so, what you want is something like a local port redirect (similar to what is done for transparent proxies) 1361971260 M * Bertl but IMHO, it's a lot easier to use the local IP (internally) 1361971280 M * Bertl doesn't mean that you have to avoid domain names 1361971294 M * Bertl (just make them resolve to the local/private IP as well) 1361971673 J * ircuser-1 ~ircuser-1@35.222-62-69.ftth.swbr.surewest.net 1361971914 M * mib_q6u2r2 tcpdump -i lo |grep -v "c180" 1361971922 M * mib_q6u2r2 verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes 1361971926 M * mib_q6u2r2 it's clear.... 1361971935 M * mib_q6u2r2 telnet 127.0.0.1 80 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused 1361972047 M * mib_q6u2r2 I suppose, that my connect to vserver from host avoid to PREROUTING rules 1361972667 M * Bertl the 127.0.0.1 is that from the guest or host? 1361972676 M * Bertl i.e. the telnet 127.0.0.1 80 1361972721 M * Bertl and just to make sure we are on the same page, what kernel/patch/util-vserver version and what networking flags has the guest set? 1361972886 M * mib_q6u2r2 i made test from guest and host (guest has 127.0.0.1 and 192.168.1.101) ( host has 127.0.0.1 and 37.59.xx.xx) 1361973796 M * Bertl okay, single IP special casing is on or off inside the guest? 1361974321 Q * arekm Read error: Connection reset by peer 1361974889 M * mib_q6u2r2 sorry,... 1361974903 M * mib_q6u2r2 what do you mind as special casting ? 1361974907 M * mib_q6u2r2 casing :) 1361975042 M * mib_q6u2r2 my guest has: 1361975043 M * mib_q6u2r2 root@www:/# ifconfig |grep inet 1361975046 M * mib_q6u2r2 inet addr:192.168.1.101 Bcast:0.0.0.0 Mask:255.255.255.255 1361975049 M * mib_q6u2r2 inet addr:127.0.0.1 Mask:255.0.0.0 1361975102 M * mib_q6u2r2 my host has: 1361975103 M * mib_q6u2r2 ifconfig |grep inet 1361975108 M * mib_q6u2r2 inet addr:37.xx.xx.xx Bcast:37.xx.xx.xxx Mask:255.255.255.0 1361975111 M * mib_q6u2r2 inet addr:127.0.0.1 Mask:255.0.0.0 1361975147 M * mib_q6u2r2 netstat -rn 1361975176 M * mib_q6u2r2 Kernel IP routing table 1361975180 M * mib_q6u2r2 Destination Gateway Genmask Flags MSS Window irtt Iface 1361975185 M * mib_q6u2r2 37.xx.xx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 1361975188 M * mib_q6u2r2 0.0.0.0 37.xx.xx.254 0.0.0.0 UG 0 0 0 eth0 1361975313 M * Bertl nattribute --get --nid 1361975345 M * mib_q6u2r2 ncapabilities: 1361975348 M * mib_q6u2r2 raw_icmp 1361975351 M * mib_q6u2r2 nflags: 1361975356 M * mib_q6u2r2 lback_remap,hide_netif,hide_lback,state_admin 1361975378 M * Bertl okay, so single ip special casing is off 1361975408 M * Bertl what IPs did you assign to the guest? i.e. what is in /etc/vservers//interfaces/* 1361975477 M * Bertl (please use paste.linux-vserver.org for everything longer than 3 lines) 1361975517 M * mib_q6u2r2 one ip in dir name as 0 192.168.1.101 1361975533 M * mib_q6u2r2 (sorry, I will use paste...) 1361975541 M * Bertl nah, that's fine 1361975554 M * Bertl okay, so inside the guest, apache ist bound to *? 1361975566 M * Bertl (check with lsof -ni) 1361975584 M * mib_q6u2r2 192.168.1.101 1361975609 M * Bertl so it is explicitely bound to the private IP, yes? 1361975617 M * mib_q6u2r2 I tried as 127.0.0.1, 192.168.1.101 and * 1361975636 M * Bertl well, if you use '*' it will also respond on 127.0.0.1 from the guest 1361975641 M * mib_q6u2r2 yes, 192.168.1.101 is private 1361975667 M * Bertl i.e. that explains, why it won't work with localhost or 127.0.0.1 1361975718 M * mib_q6u2r2 Should I change it to ... ? 1361975760 M * Bertl depends on what you want :) if you want it to respond to 127.0.0.1 inside the guest, then yes 1361975782 M * Bertl otherwise, it's fine (i.e. if you want it to respond to 192.168.1.101 only 1361975805 M * mib_q6u2r2 hmmm... 1361975815 Q * clopez Quit: Leaving 1361975822 M * Bertl the problem, as far as I understood, is, that you have some wget script inside the guest, which uses the public IP, yes? 1361975845 M * mib_q6u2r2 the script use connect to domain 1361975855 M * Bertl ah, so it uses a name, yes? 1361975858 M * mib_q6u2r2 but it is the same problem as ip 1361975868 M * Bertl no, that's a subtle difference 1361975892 M * Bertl you can, for example, put the 'name' in /etc/hosts (inside the guest) with the private IP 1361975909 M * mib_q6u2r2 yes, than will be work ok 1361975926 M * mib_q6u2r2 but I have aboive 100 domains in this server :) 1361975949 M * Bertl /etc/hosts will work with more than 100 domains :) 1361975977 M * mib_q6u2r2 it is no perfect way 1361975983 M * Bertl but I'm not saying that this is the only way to do it 1361975997 M * Bertl I'm just saying, this is probably the simplest way to do it 1361976011 M * mib_q6u2r2 I thought about it :) 1361976021 M * Bertl I presume the public IP is assigned on the host, yes? 1361976043 M * mib_q6u2r2 yes - on the host 1361976066 M * mib_q6u2r2 i have prerouting port 80 to guest 1361976067 M * Bertl and all domains using this public IP are on the same guest? 1361976114 M * mib_q6u2r2 nameserver indicate to this IP 1361976264 M * mib_q6u2r2 all domains are on the oe guest 1361976327 M * Bertl okay, try to add the same DNAT rule you have in PREROUTING to OUTPUT 1361976330 M * mib_q6u2r2 second guest is as mysql, third guest is as svn 1361976357 M * Bertl still don't know your kernel/patch version, so it's try for now :) 1361976407 M * Bertl more precisely something like this should work: 1361976448 M * mib_q6u2r2 2.6.32-5-vserver-amd64 1361976453 M * mib_q6u2r2 from debian repositories 1361976461 M * Bertl iptables -t nat -A OUTPUT -p tcp -o lo --dport 80 -d -j DNAT --to 192.168.1.101:80 1361976484 M * Bertl yeah, well, you also might consider updating that 1361976557 M * mib_q6u2r2 You are my Hero! 1361976575 M * Bertl you're welcome! 1361976595 M * mib_q6u2r2 uffff 1361976608 M * mib_q6u2r2 I struggled in two days 1361976666 M * Bertl in this case, probably time to dig out the o'l donations page (http://linux-vserver.org/Donations) 1361976706 M * mib_q6u2r2 ok, I will donate 1361976711 M * mib_q6u2r2 Thank You 1361976725 M * Bertl again, you're welcome! and feel free to hang around! 1361976783 M * mib_q6u2r2 Ok, I will make any solutions with vservers... I will send you information about it, maybe you can show in your page. 1361976834 M * Bertl sure, we have pages on the wiki for commercial as well as for 'other' (educational, hobbyist, private) users 1361976883 M * mib_q6u2r2 I have not paypal, please give me full data to donations 1361976973 M * mib_q6u2r2 sorry, I have it :) I remind my password :) 1361976986 M * Bertl excellent! :) 1361977056 M * Bertl btw, you might really want to consider upgrading kernel and util-vserver on debian if you want to use it for a production environment 1361977195 M * mib_q6u2r2 Yes, I will upgrade it 1361977200 M * click bertl: i refuse to upgrade! 1361977210 M * click and hi btw, been a while since i was active here 1361977220 M * Bertl hey click! wb! 1361977220 M * mib_q6u2r2 Now I haven't problem with vserver and I can think about rest of system 1361977240 M * Bertl good! we are always here to solve Linux-VServer related problems 1361977273 M * mib_q6u2r2 thank you 1361977297 M * Bertl my pleaseure! 1361977394 M * Bertl *pleasure even 1361977403 M * click bertl: any issues with vserver and grsec lately? i haven't paid attention to vserver for quite some time due to running a lot of standard VMs at work - thought about kicking up one of my servers and testing vserver+grsec again 1361977443 M * Bertl no problems, not really, AFAIK, there are no up-to-date patches ... 1361977478 M * click ok, i'll throw an install up and see how it pans out :) 1361977490 M * click jeez, i just saw the changelog for vserver 1361977499 M * click you've been busy o.O 1361977538 M * Bertl we have a changelog? 1361977613 M * click nah, was relating to the wiki docs 1361977661 M * Bertl ah, okay, yes, we added a few things, and of course, we incorporated as much of mainline as possible 1361977662 J * ivanhoe ~ivanhoe@ip-36-106.sn2.eutelia.it 1361977679 M * ivanhoe Bertl: FYI https://bugs.gentoo.org/show_bug.cgi?id=458480 1361977701 M * ivanhoe ( o/ ) 1361977761 M * Bertl hmm, interesting, the gentoo bugtracker uses an invalid certificate? 1361977772 M * click seems like it 1361977786 M * click selfsigned most probably 1361977893 M * Bertl ivanhoe: ah, drop a mail to daniel_hozac, or contact him here, I'm sure something can be arranged 1361977946 M * ivanhoe Bertl: I think am update in the howto page of the wiki will suffice. 1361977999 M * ivanhoe http://linux-vserver.org/Installation_on_Gentoo <- here 1361978001 M * Bertl please go ahead 1361978035 M * ivanhoe Mmmm... 1361978037 M * ivanhoe But... 1361978063 M * ivanhoe Is it not something related to ALL cgroups enabled distros? 1361978177 M * ivanhoe Maybe it should be here that the info on configuring cgroups default values should go: http://linux-vserver.org/util-vserver:Cgroups 1361978244 M * ivanhoe Bertl: what do you think about it? 1361978259 Q * mib_q6u2r2 Quit: http://www.mibbit.com ajax IRC Client 1361978271 M * Bertl ivanhoe: best check with daniel_hozac! 1361978427 M * ivanhoe Ok, thanks. 1361978448 M * ivanhoe Isn't daniel_hozac here? 1361978531 M * Bertl well, I presume, not right at the moment, otherwise he would have answered already 1361979084 Q * tokkee Quit: segmentation fault ;-) 1361979464 J * tokkee tokkee@osprey.tokkee.org 1361980212 J * ryker ~ryker@c-67-176-243-86.hsd1.in.comcast.net 1361980292 M * ryker hi. i'm having strange memory issues with a guest. It seems to be running out of memory, though there is plenty of memory available. I'm using cgroups to limit memory and swap space. 1361980307 M * ryker I see this message on the host. kernel: vxW: [xid #40004] !!! limit: ffff8818118d5098[SHMEM,19] = 11 on exit. 1361980315 M * ryker any ideas what this might mean? 1361980326 M * Bertl shared memory limits? 1361980363 M * Bertl the message means that shared memory was still allocated when the guest did exit 1361980401 M * ryker ah, so that's a message that can be ignored, or it's saying that some shared memory is not being freed? 1361980419 M * Bertl probably it wasn't freed 1361980451 M * ryker i believe that message was shown when the guest was rebooted. Is it something that I should be worried about? 1361980478 M * Bertl maybe 1361980512 M * Bertl shared memory can outlive processes (and usually does) 1361980518 M * ryker i have other people telling me there is a vserver memory issue, but i'm not 100% convinced that it's just not a problem with the software running inside the guest. 1361980527 M * ryker it's running oracle. 1361980548 M * Bertl hehe, I know for sure that oracle works fine inside a Linux-VServer guest :) 1361980573 M * ryker yeah, we run it all over 1361980608 M * ryker just this guest seems to be having some odd issues, though, I don't know that they are issue with the guest itself or the software running in the guest 1361980621 M * ryker I do have IPC_LOCK set in bcapabilities 1361980641 M * ryker I know that was required for Oracle to run properly 1361980649 M * ryker at least for our use case 1361980805 M * Bertl well, what is the exact error you get? 1361980917 M * ryker well, the oom-killer on the host was killing off process for the guest, but at the time, my memory stats for the guest in monitoring are telling me only 4G of RAM was in use and almost no swap 1361980929 M * ryker and the guest was allocated 8G RAM 1361980933 M * ryker and 8G swap 1361980949 M * ryker and the host also has plenty of RAM and SWAP 1361980973 M * daniel_hozac did your host run out of memory? 1361981001 M * daniel_hozac ivanhoe: yeah, generic seems fine. 1361981002 M * ryker I actually didn't check the graphs for it, but I'll do that now. 1361981016 M * ryker i know the host has 96G of RAM, with only 48G allocated to guests 1361981063 M * ryker no. host memory is fine. total usage never goes over 20G 1361981085 M * ryker and the other guests are fine 1361981093 M * ryker just this guest has the memory issues. 1361981127 M * ryker again, maybe this is an oracle configuration issue. but i was asked to rule out any vserver related issues or hardware issues. 1361981134 M * ryker i've ruled out hardware issues 1361981162 M * ryker i just saw that one message i posted above about the limit, and wasn't sure what it meant and if it indicated an issue 1361981170 M * ryker it's sounding like it's not an issue 1361982411 M * Bertl it shouldn't be an issue, but it might be an indication of a problem 1361982611 J * clopez ~clopez@108.30.165.83.dynamic.mundo-r.com 1361982640 M * ryker ok. thank you both for your help. I really don't think this is a vserver issue at all. 1361983310 J * arekm ~arekm@ixion.pld-linux.org 1361986264 Q * clopez Remote host closed the connection 1361986345 J * bonbons ~bonbons@2001:a18:20a:1601:69b7:2c50:5b5d:6833 1361988650 J * clopez ~clopez@108.30.165.83.dynamic.mundo-r.com 1361991042 Q * imcsk8 Remote host closed the connection 1361991750 J * hijacker_ ~hijacker@cable-84-43-134-121.mnet.bg 1361992078 Q * clopez Remote host closed the connection 1361992807 Q * ivanhoe Quit: WeeChat 0.4.0 1361993247 J * clopez ~clopez@108.30.165.83.dynamic.mundo-r.com 1361994232 M * ccxCZ daniel_hozac: hi, just found out ansible. is there a plugin to run manage vservers directly via the cli tool, instead of connecting via ssh? 1361994267 M * ccxCZ or even better a way to manage the vserver while down directly on the fs too, like it was live 1361994285 M * daniel_hozac ccxCZ: not completely vserverized, but you can connect to chroots as if they were machines. 1361994341 M * ccxCZ cool, will check it out then 1361994491 M * ccxCZ so far most conf management suites seemed awry to me, when I can reimplement most of it with pure posix tools like awk. but there is little point to reinventing existing stuff 1361995685 M * arekm uhh, 3.7.10 released - last in 3.7 series :-/ 1361996754 J * quasisan1 ~sanep@c-24-218-184-186.hsd1.nh.comcast.net 1361996990 N * quasisane Guest468 1361996990 N * quasisan1 quasisane 1361997014 Q * Guest468 Ping timeout: 480 seconds 1361997195 M * Bertl quick, somebody port the Linux-VServer patch! 1361997881 M * arekm exactly 1361998110 M * Wonka waiting for 3.8.1 1361998119 M * Wonka because of the netlink stuff 1361998395 M * arekm it's 2 lines patch 1361998743 Q * hijacker_ Quit: Leaving 1361998855 Q * neofutur Ping timeout: 480 seconds 1361999805 J * Aiken ~Aiken@2001:44b8:2168:1000:21f:d0ff:fed6:d63f 1362000338 M * clopez anyone uses selinux in enforce mode with vserver? 1362002494 Q * Aiken Quit: Leaving 1362002540 Q * bonbons Quit: Leaving 1362005524 J * BenG ~bengreen@cpc35-aztw23-2-0-cust207.18-1.cable.virginmedia.com 1362006329 Q * ryker Quit: WeeChat 0.3.9.2 1362006427 Q * transacid Ping timeout: 480 seconds 1362006682 J * transacid ~transacid@transacid.de 1362007495 M * Bertl off to bed now ... have a good one everyone! 1362007500 N * Bertl Bertl_zZ 1362008408 Q * Ghislain Quit: Leaving.