1453431381 J * derjohn_mobi ~aj@x4db004df.dyn.telefonica.de
1453431822 Q * derjohn_mob Ping timeout: 480 seconds
1453435985 N * Bertl_zZ Bertl
1453435987 M * Bertl morning folks!
1453436166 M * gnarface 'morning Bertl 
1453447091 J * Ghislain ~aqueos@adsl1.aqueos.com
1453447964 J * thierryp ~thierry@zeta.inria.fr
1453449186 Q * derjohn_mobi Ping timeout: 480 seconds
1453450897 J * derjohn_mobi ~aj@2001:6f8:1337:0:c1dd:c388:a6f3:c9d6
1453451307 J * nikolay ~Nikolay@199.91.137.248
1453451324 Q * nikolay Remote host closed the connection
1453452056 J * nikolay ~Nikolay@199.91.137.248
1453457483 Q * eyck_ Ping timeout: 480 seconds
1453461373 Q * transacid Remote host closed the connection
1453461388 J * transacid ~transacid@transacid.de
1453463456 Q * AndrewLe1 Ping timeout: 480 seconds
1453464578 J * Ghislain1 ~aqueos@adsl1.aqueos.com
1453464578 Q * Ghislain Read error: Connection reset by peer
1453464807 Q * arekm Remote host closed the connection
1453465028 J * arekm ~arekm@phobos.pld-linux.org
1453471654 J * AndrewLee ~andrew@210.240.39.201
1453472369 M * gnarface hey uh, vservers have swap access, don't they?
1453472371 M * gnarface or do they not?
1453472379 M * gnarface are they not allowed to actually use the host's swap partition?
1453472487 M * Guy- gnarface: I suppose you could set up resource limits that would prevent vserver processes from being swapped out, using the swap control group
1453472498 M * Guy- gnarface: but by default, there is no such limit
1453472558 M * gnarface Guy-: ok i was just having an issue (intermittent server silent i/o lock) that i wondered could be related to the server running out of ram despite there being a giant unused swap partition.  
1453472669 M * gnarface Guy-: but if vservers can actually use it by default, that's ok, that's what i want actually
1453472712 M * Guy- gnarface: I think you may have the wrong idea, based on your syntax
1453472725 M * gnarface oh?
1453472731 M * Guy- it's not like "vservers can use swap"
1453472736 M * gnarface oh
1453472738 M * Guy- vservers are just glorified chroots
1453472747 M * gnarface so they *can't* use swap?
1453472751 M * Guy- so there is only one kernel, which schedules all processes, including the ones in vservers
1453472770 M * Guy- if the kernel decides to swap out a process, it will do so, whether the process is running inside a vserver or not
1453472784 M * Guy- it's the kernel that uses the swap, not the vserver
1453472798 M * Guy- the vserver has no mechanism to use swap, because it's just a bunch of userspace processes
1453472807 M * gnarface so uh... they CAN use swap?
1453472811 M * Ghislain1 you can use cgroups to limit memory and swap
1453472814 M * Ghislain1 yes they can
1453472824 M * Ghislain1 and they do unless you limit them
1453472828 M * Guy- gnarface: I think you'll be happy with a "yes", but it's not the technically correct answer
1453472838 M * Ghislain1 if you limit memory i advise you limit swap also
1453472847 M * gnarface Guy-: i get your meaning
1453472847 M * Guy- but in the sense you have in mind, yes they can
1453472881 M * Ghislain1 yeah the swap is not for the guest this is a shared ressource of the host htat can be limited per guest
1453472881 M * gnarface i just wanted to make sure vservers don't all require their own swap partitions to keep from being able to OOM the host
1453473033 M * Guy- gnarface: they can cause oom unless you limit their memory usage (including swap)
1453473050 M * gnarface hmm. Guy- would that cause an i/o lock?
1453473074 M * Guy- you mean a deadlock?
1453473081 M * Guy- I don't think so
1453473085 M * gnarface maybe?  so far at the point of the lockup though, and actually at basically all times munin graphs are reporting ZERO swap usage
1453473110 M * Guy- gnarface: I think you should try to obtain a kernel stacktrace when this happens
1453473115 M * gnarface hmm
1453473189 M * gnarface i was considering maybe just upgrading from 3.14.17-vs2.3.6.13 to 3.14.52-vs2.3.6.15 first in hopes that someone has already fixed it without me having to diagnose it
1453473238 M * Guy- that's certainly something you could try
1453473248 M * Guy- while you are at it, make sure to enable the various watchdog features of the kernel
1453473258 M * Guy- soft and hard lockup detection, mainly
1453473342 M * gnarface just trying to remember how i did it the last time
1453473354 M * gnarface and trying to figure out if i can start from the same kernel config safely
1453473359 M * Ghislain1 longterm:3.14.58 is the last kernel
1453473380 M * Ghislain1 i mean in 3.14
1453473384 M * gnarface oh? i was just going off what was linked on the website, Ghislain1 
1453473412 M * gnarface here: http://linux-vserver.org/Welcome_to_Linux-VServer.org
1453473436 M * Ghislain1 the patch is for 52 but the latest linux kernel is 58 dont know if the patch apply without error to 58
1453473457 M * gnarface ah i see.  yes i remember someone recently saying it worked for them at least
1453473465 M * gnarface ok good to remember
1453473486 M * gnarface it could be unrelated but i'm also getting apache logs missing in one of the vservers
1453473498 M * gnarface the logs get rotated, and the new log gets created and apache gets restarted presumably
1453473509 M * gnarface but the old log just disappears
1453473544 M * gnarface i'm assuming its an unrelated configuration error on my part, but its also possible that they're disappearing because its during the rotation that its crashing every time
1453473595 M * gnarface (i guess technically during the "compression" phase, since the existing already-compressed files are still getting their numbers iterated, so i have now the first log, and 5-53, but i'm missing 2,3, and 4
1453473603 M * gnarface )
1453474459 J * eyck ~eyck@u28n61.nowanet.pl
1453475097 M * gnarface hmm. actually maybe they're not going missing, maybe the main file is just never being rotated off... that's weird
1453475155 M * Ghislain1 in lenny i have issue in logrotate that try to /etc/init.d/rsyslog rotate but launch that with the apache user or the dovecot user
1453475161 M * Ghislain1 that fails completly
1453475171 M * Ghislain1 sorry i meant jessie
1453475192 M * gnarface well this was all working, until i tried to add in awstats and make it run as its own user, which required changing the permission of the apache logs
1453475199 M * gnarface apparently i've misunderstood something
1453475212 M * gnarface (or found a bug, but probably misunderstood something)
1453475258 M * Ghislain1 permission are tricky, just chmod -R 777 / that solves everything ! :p
1453475282 M * gnarface heh, well i'm not gonna be doing that
1453475282 M * Ghislain1 this is a joke dfo not ever do that
1453475291 M * Ghislain1 :p
1453475291 M * gnarface i actually understand unix permissions pretty well
1453475305 M * gnarface so the misunderstanding here is more about wtf apache or logrotate is mad about
1453475317 M * Bertl yeah, also use 03777 instead
1453475344 M * gnarface so the logs are awstats:adm 0640
1453475347 M * Ghislain1 lol
1453475368 M * gnarface and the log directory (/var/log/apache2) is awstats:adm 0750 
1453475441 M * gnarface but files like mydomain.com-access.log.4.gz get renamed to mydomain.com-access.log.5.gz without the replacement #4 being put in its place
1453475473 M * gnarface i thought it was disappearing, but the main "mydomain.com-access.log" file has entries old enough to suggest its just never getting rotated
1453475553 M * gnarface apache is running as www-data as per debian default, but it should create logs as root, i thought
1453475573 M * gnarface so i don't understand how it could be continuing to log and rotation continues to happen for the old files but not new ones
1453475631 M * gnarface unless i've run into some rule i was unaware about like logrotate refuses to create new files if the /var/log/apache2 directory isn't owned by root or something weird?
1453476361 Q * AndrewLee Ping timeout: 480 seconds
1453478102 J * AndrewLee ~andrew@210.240.39.201
1453479290 M * gnarface ah, i may have discovered the issue
1453479302 M * gnarface not the lockup, but the logrotation issue
1453479329 M * gnarface real dumb, prerotate script was returning non-zero status because awstats user's home directory was /nonexistant 
1453479676 Q * thierryp Remote host closed the connection
1453481273 Q * derjohn_mobi Ping timeout: 480 seconds
1453482155 Q * nikolay Remote host closed the connection
1453483223 M * Bertl off for a nap ... bbl
1453483243 N * Bertl Bertl_zZ
1453486551 M * gnarface you guys still recommend NOT compiling KVM in to the linux-vservers kernel right?
1453486639 M * gnarface so i should just uncheck this entire thing, right?  [*] Virtualization  --->   
1453487268 M * daniel_hozac_ no, that's fine.
1453487275 M * daniel_hozac_ i run both kvm and vserver on the same host.
1453487516 M * gnarface daniel_hozac_: ok, so its safe, but definitely not required?
1453487720 M * daniel_hozac_ sure
1453487747 M * gnarface k, thanks
1453490576 M * gnarface alright, building 3.14.58-vs2.3.6.15 now
1453490616 M * gnarface the patch for 3.14.52 only needed one edit to apply to 3.14.58
1453491504 M * arekm daniel_hozac_: hi, probably something is still problematic, that's 4.1.15+vs+delta patch - http://sprunge.us/ZJdA ... pid_revalidate thing inside
1453493156 M * arekm daniel_hozac_: reproduced by sshing into guest, strace -f -F -s 200 -p XYZ (some running process; in my case it was "less"); then ssh second session and sudo killall -9 strace
1453493191 M * arekm (strace 4.11 in my case, not sure if that matters)
1453494589 M * daniel_hozac_ arekm: can you addr2line that?
1453494598 M * daniel_hozac_ killall and strace anyway
1453494750 J * derjohn_mob ~aj@x4db004df.dyn.telefonica.de
1453494929 M * daniel_hozac_ the strace doesn't work, right?
1453494961 M * arekm seems so, doesn't print anything
1453494979 M * arekm and can't quit straced 'less'
1453494995 M * daniel_hozac_ it looks like it's in yama
1453494998 M * arekm so killall not needed
1453495057 M * arekm (addr2line pending, getting vmlinux first)
1453495229 M * daniel_hozac_ which is probably why we haven't seen it before.
1453495252 M * daniel_hozac_ (honestly i hadn't even heard of yama... but i'm kind of out of the loop)
1453495429 M * arekm yama are bunch of some security protections gathered from other projects (or other ideas)
1453495437 M * arekm seems like one feature actually, https://www.kernel.org/doc/Documentation/security/Yama.txt
1453495449 M * daniel_hozac_ yeah, i read up on it now
1453495743 M * arekm linux-4.1/security/yama/yama_lsm.c:302
1453495774 M * arekm http://sprunge.us/iMdT
1453496071 M * daniel_hozac_ is that RIP?
1453496075 M * daniel_hozac_ or the first in the trace?
1453496130 M * arekm  [<ffffffff812eb0e8>] yama_ptrace_access_check+0x148/0x1c0
1453496146 M * daniel_hozac_ [53400.638059]  [<ffffffff812eae0a>] task_is_descendant.part.1+0x2a/0x70 would be good too
1453496182 M * arekm ffffffff812eae0a is yama/yama_lsm.c:226 which is http://sprunge.us/DRPb
1453496290 M * daniel_hozac_ could you also get objdump -D ./vmlinux | grep -A 1000 ' <task_is_descendant>:'?
1453496415 M * arekm yes. rebooting, so a sec...
1453496466 M * daniel_hozac_ i'm still building a new kitchen sink kernel with yama enabled so i can test some myself... it could use some config cleaning.
1453499807 M * arekm  objdump -D ./vmlinux | grep -A 1000 ' <task_is_descendant.*>:' -> http://sprunge.us/CjWW (grep -A 1000 ' <task_is_descendant>:' found nothing)
1453500290 Q * Defaultti Quit: Quitting.
1453500376 Q * Ghislain1 Quit: Leaving.
1453500440 J * Defaultti defaultti@lakka.kapsi.fi
1453504136 M * daniel_hozac_ arekm: are you using a fake init?
1453504613 M * arekm daniel_hozac_: style plain so real init
1453505033 M * daniel_hozac_ right, well, that's fake init ;)
1453505067 M * daniel_hozac_ okay. this is probably due to the same issue Guy- observed with vps faux not listing guest processes, because the guest init is its own parent
1453505101 M * daniel_hozac_ i haven't had time to look at it yet, planning on doing that this weekend though.
1453506293 M * arekm ok
1453506294 M * arekm sleep time