1520823821 M * Bertl_oO off to bed now ... have a good one everyone! 1520823823 N * Bertl_oO Bertl_zZ 1520843321 J * nikolay ~nikolay@149.235.255.3 1520844473 J * Le_Coyote ~smokey@253.242.118.78.rev.sfr.net 1520844480 M * Le_Coyote 'Morning 1520852862 N * Bertl_zZ Bertl 1520852865 M * Bertl morning folks! 1520852872 M * Le_Coyote Mo'in 1520852892 M * Bertl how's going? 1520852917 M * Le_Coyote Happily running 4.9.86 + vs :) 1520852929 M * Bertl glad to hear! 1520852962 M * Le_Coyote I must admin I was on the verge of starting the move to LXC 1520852964 M * Le_Coyote admit* 1520853011 M * Bertl well, LXC has become quite useful over the years 1520853098 M * Le_Coyote You are a (much-revered) one-man army :/ Meaning it's harder for you to maintain vserver patches than it is to get an up-to-date LXC. No fingerpointing here, just stating the obvious 1520853163 M * Bertl LXC is definitely the future ... the main problem there is that it is evolving quite slowly nowadays 1520853189 M * Le_Coyote I guess you've tried submitting vserver stuff there? 1520853261 M * Bertl there is no real point in doing so, back then we had a good chance to get Linux-VServer (the functionality) into mainline, but unfortunately there was the ugly OpenVZ implementation pushing towards mainline as well 1520853314 M * Bertl as so often, for political reasons, this resulted in mainline doing 'their own thing' 1520853319 M * Le_Coyote What I meant is, perhaps there are atomic changes that would port some of the vserver features onto LXC? 1520853350 M * Le_Coyote e.g. VIRT_MEM/CPU/LOAD ? (not sure if it's there already) 1520853357 M * Bertl what's mainly missing in LXC is virtualization 1520853373 M * Bertl and that's exactly what the maintainer(s) do not want to do in LXC 1520853417 M * Le_Coyote Why is that? 1520853444 M * Bertl IIRC the main argument is: "if you want that, go fo KVM" 1520853493 M * Bertl but if you feel like trying, the VIRTMEM stuff is fairly independant from Linux-VServer ... 1520853619 M * Le_Coyote I don't think I'm anywhere near capable of doing that 1520854080 M * Le_Coyote Bertl: apart from VIRT*, what's vserver doing that LXC isn't, in terms of virtualization? 1520854208 M * Bertl network isolation and disk limits 1520854209 M * AlexanderS The network stuff... 1520854246 M * Bertl as well as some other useful limits to prevent a guest from starving the host 1520854258 M * Bertl (not really virtualization though) 1520854274 J * FireEgl Fire_OFTC@2001:470:e56c:1:8cdb:ad46:a830:4815 1520854293 M * AlexanderS Securing the networking with lxc is a real pain. 1520854298 M * Le_Coyote Ha. 1520854299 M * Le_Coyote Shame. 1520854324 M * Le_Coyote So basically, if you want relatively easy isolation, there's VServer, and then there's KVM? 1520855381 M * Bertl kind of, yes ... 1520855733 M * Le_Coyote :/ 1520855784 M * Ghislain or go freebsd jail ( #gotyou !) 1520855806 M * Le_Coyote That too. 1520855828 M * Le_Coyote I should be getting my hands on a couple of FreeBSD servers sometime this yeah if all goes well 1520855840 M * Le_Coyote It will be a good opportunity to experiment 1520855868 M * Le_Coyote OTOH, last time I checked, FBSD still didn't have mitigation against spectre/meltdown 1520855885 M * Ghislain ;), freebsd is a lot of changes so be prepared, i was trolling mostly. I loved freebsd but now i have too much invested in linux 1520855894 M * Ghislain it has now 1520855948 M * Le_Coyote It does? 1520855969 M * Ghislain even netbsd has it now 1520855993 M * Le_Coyote Sure, lots of changes. But this project is merely about moving a website (classic LAMP stack), so I don't expect much in terms of migration 1520856279 M * Bertl Ghislain: how good is the virtualization part on BSD jails nowadays? 1520856350 M * Ghislain tey catch up with some cgroup, you can limit ram and cpu but there is not a lot more. The great part is their integration with zfs where you can give right to a sub tree to a jail 1520856369 M * Ghislain but they can virtualize network like vserver, this is why i keep them on the radar 1520856383 M * Ghislain they do not have yet i think limits on disk bandwidth 1520856418 M * Bertl is memory properly shown in a 'guest'? 1520856433 M * Ghislain i think yes 1520856482 M * Bertl don't they have some level of Linux binary compatibility as well? 1520856496 M * Le_Coyote Ghislain: they *can* virtualize the network? Meaning a jail is isolated with its own IP address? 1520856499 M * Bertl probably not enough for a full Linux guest ... 1520856533 M * Ghislain no jails is paravirt you will not run linux inside a jail 1520856540 M * Ghislain you will run a freebsd guest 1520856563 M * Ghislain yes they have some but it is not really maintened as i recall 1520856610 M * Ghislain running a debian guest inside a jails should not work i think 1520856645 M * Bertl yeah, I thought so, but I remember that they 'claimed' at some point that Linux binaries can be executed 1520856661 M * Ghislain Le_Coyote: they can share ip of the host like vserver or give a specific one 1520856709 M * Ghislain bertl: yes but the 64bit is recently added, i will not trust it, even more because the bsd people i listen to are quite smug toward linux things 1520856727 M * Bertl yeah, as usual :) 1520856736 M * Ghislain so i dont feel this is a "state of the art" compatibility thing 1520856763 M * Ghislain illumos stack is more robust for that because they have a loooot of customer on linux jails 1520856769 M * Le_Coyote Ghislain: Is a jail's root able to sniff the host's network for example? 1520856782 M * Ghislain i dont think but never tried 1520859393 Q * Aiken Remote host closed the connection 1520864538 J * obeardly ~obeardly@12.153.3.33 1520865721 Q * FireEgl Ping timeout: 480 seconds 1520866483 J * FireEgl Fire_OFTC@2001:470:e56c:1:8cdb:ad46:a830:4815 1520868571 M * obeardly Hey, I'm having issues keeping my ulimit set on my guest machines. I need a ulimit of 8192 for apache, however, it keeps defaulting back to 1024. Anyone have any suggestions? 1520868916 M * Bertl first, there are a bunch of ulimits (rlimits) so you definitely need to specify which one 1520868922 M * obeardly apache 1520868934 M * Bertl assuming, that you are referring to the file handle limit 1520868966 M * Bertl it is very likely that your guest has a config file for that which lowers the number of file handles 1520868999 M * Bertl check /etc/limits.conf or /etc/security/limits.conf 1520869025 M * Bertl (inside the guest) 1520869113 M * obeardly I have them set to 8192 in /etc/security/limits.conf, but every time it reboots, it reverts to 1024 1520869169 M * Bertl what's the limit on the host? 1520869183 M * obeardly 16000 1520869195 M * Bertl and did you set a ulimit for the guest (in the guest config) 1520869249 M * Bertl i.e. in /etc/vservers//ulimits ? 1520869277 M * obeardly yes, it's set to 8192 1520869301 M * Bertl then something in your guest decides to lower it 1520869316 M * Bertl maybe some startup scripts or so 1520869319 M * obeardly Okay, thank you. I'll continue to try to hunt it down. 1520869376 M * Bertl how do you test the limit for apache? 1520869478 M * obeardly I just check it at the command line. ulimit -n 1520869551 M * Bertl you are aware that those limits are per user process 1520869586 M * obeardly Yes, but apache recommends 8192. I don't know why. I've actually never looked into it. 1520869596 M * Bertl so if you login via ssh or use enter/su or similar, the limits might be quite different to what the apache process sees 1520869755 M * Bertl off for now ... bbl 1520869762 N * Bertl Bertl_oO 1520869844 M * obeardly Bertl_oO: As usual, you're right sir. Thank you. I check the /proc/{apache_process}/limits and it's showing the proper setting. 1520869959 M * obeardly I should have known that. It just slipped my mind. Working in big data the last 3 years has made me lazy. 1520870411 J * Ghislain1 ~ghislain@adsl1.aqueos.com 1520870420 Q * Ghislain Read error: Connection reset by peer 1520873498 Q * nikolay Quit: Leaving 1520879791 M * Bertl_oO obeardly: no problem, you're welcome! 1520886945 J * Aiken ~Aiken@2001:44b8:2168:1000:b26e:bfff:fe2a:b951