[00:13] Bertl : what i sup with the 17g stuff? :> any goodies? [00:13] 17g is the new syscall switch .. which allows future enhancements ;) [00:22] bye to all [00:23] by alex! [00:23] i want to sleep :) [00:23] maybe we talk about the syscall switch tomorrow ... [00:23] okey :) [00:23] shadow (~umka@212.86.233.226) left irc: Quit: bye to all [00:23] sleep well ... [01:15] Nick change: riel -> unriel [02:07] Bertl :D [02:08] hi simon! [02:13] I had some trouble with those rmap patches still... [02:13] lets hear ... [02:14] Nick change: surriel -> riel [02:15] maybe rik can provide some infos too ;) [02:18] ok, with patch-2.4.22-c17e-rmap15k-mq0.11.diff and patch-2.4.22-c17e-rmap15k.diff I get some compile errors... one moment [02:18] this is with patch-2.4.22-c17f.diff which works fine [02:19] gcc -D__KERNEL__ -I/usr/src/linux-2.4.22-ctx-test/include -Wall -Wstrict-prototypes -Wno-trigraphs -O2 -fno-strict-aliasing -fno-common -fomit-frame-pointer -mno-red-zone -mcmodel=kernel -pipe -fno-reorder-blocks -finline-limit=2000 -fno-strength-reduce -Wno-sign-compare -fno-asynchronous-unwind-tables -nostdinc -iwithprefix include -DKBUILD_BASENAME=init -c -o init.o init.c [02:19] init.c:44: error: syntax error before numeric constant [02:19] init.c:47: warning: type defaults to `int' in declaration of `ret__' [02:19] init.c:47: warning: data definition has no type or storage class [02:19] init.c:47: warning: type defaults to `int' in declaration of `ret__' [02:19] init.c:47: warning: data definition has no type or storage class [02:19] init.c:47: error: syntax error before '}' token [02:19] that's repeated several times, for lines 47, 49, 53, 57 and 61 [02:20] okay, this is now what kernel, and what patches exactly? [02:20] see above... 2.4.22 vanilla with 3 vs patches [02:20] 01patch-2.4.22-c17f.diff + patch-2.4.22-c17e-rmap15k-mq0.11.diff + 01patch-2.4.22-c17e-rmap15k.diff [02:20] 2.4.22, patch-2.4.22-c17e-rmap15k.diff, patch-2.4.22-c17f.diff, and patch-2.4.22-c17e-rmap15k-mq0.11.diff ? [02:20] yup ;) [02:21] all patches apply cleanly [02:21] okay, just a few minutes, I'll have a look at it, could you provide your kernel config somewhere? [02:22] okey [02:22] http://www.expio.co.nz/~sgarner/terra/.config [02:34] hmm, that is the config you used? [02:35] what platform is this? [02:35] x86_64... [02:36] (opteron) [02:36] hmm okay ... [02:36] did you try without the patch-2.4.22-c17e-rmap15k-mq0.11.diff [02:37] ok I'll try [02:37] I assume the problem is with the rmap15k ... but .. [02:39] by the way, did you find some time to test the c17g on x86_64 ? [02:40] I get the same problem without mq0.11 [02:40] where can I get c17g? [02:41] http://vserver.13thfloor.at/Experimental/patch-2.4.23-pre7-c17g.diff.bz2 [02:41] it would be interesting, because this uses the new syscall switch, and I would like to make sure it works on x86_64 ... [02:42] you'll need the http://vserver.13thfloor.at/Experimental/util-vserver-0.23.90.2.tar.bz2 tools, except for that, it should be equivalent to c17f ... [02:46] okay you have to help me with that, as I don't get this error (it seems x86_64 specific) ... [02:48] probably :) [02:48] hi [02:48] any news? [02:48] do a make clean on the rmap15k patched kernel and save the output of make bzImage to some file ... [02:48] oh, that c17g is 2.4.23... :( [02:48] it can be 2.4.22 too, any problems with 2.4.23? [02:49] nah I'll just have to go grab the patch-2.4.23 :) [02:49] hi matt! [02:49] I avoided it because it's still -test [02:49] er, -pre even [02:49] well, you don't have to use it, just verify that it works ;) [02:50] will do :) [02:50] thanks in advance ... [02:50] let me know when/where I can grab the compile output of the rmap15k run .. okay? [02:51] one moment [02:52] what compiler is this by the way (version?) [02:52] 3.3.1? [02:52] hmm, I avoided 3.x for kernel compiles, but this should not be the issue ... [03:01] http://www.expio.co.nz/~sgarner/terra/make.txt [03:08] okay try to modify the line 44 in arch/x86_64/mm/init.c ... use some other name for the function and the arguments (one change after the other) and see if the error changes ... [03:10] hmm [03:10] init.c: In function `do_check_pgt_cache_blah': [03:10] init.c:50: warning: implicit declaration of function `pgd_free_slow' [03:10] init.c:50: warning: implicit declaration of function `pgd_alloc_one_fast' [03:10] init.c:54: warning: implicit declaration of function `pmd_free_slow' [03:10] init.c:58: warning: implicit declaration of function `pte_free_slow' [03:10] then it's continuing... [03:10] okay so some include overrides the name ;) [03:11] ah [03:11] arch/x86_64/mm/mm.o(.text+0x33): In function `do_check_pgt_cache_blah': [03:11] : undefined reference to `pgd_alloc_one_fast' [03:11] arch/x86_64/mm/mm.o(.text+0x3c): In function `do_check_pgt_cache_blah': [03:11] : undefined reference to `pgd_free_slow' [03:11] arch/x86_64/mm/mm.o(.text+0x55): In function `do_check_pgt_cache_blah': [03:11] : undefined reference to `pmd_free_slow' [03:11] arch/x86_64/mm/mm.o(.text+0x6e): In function `do_check_pgt_cache_blah': [03:11] : undefined reference to `pte_free_slow' [03:11] make: *** [vmlinux] Error 1 [03:11] that is okay ... [03:11] was just a check ... [03:11] yup, now try changing the args? [03:12] guess this should not be necessary ... [03:12] linux-2.4.22-c17f-rmap15k/include/asm-x86_64/pgalloc.h:#define do_check_pgt_cache(x,y)(0) [03:12] that is the bad definition .. just try to remove it ... [03:13] hmm better replace it by [03:13] extern int do_check_pgt_cache(int, int); [03:13] put the other line back? [03:13] yeah, sorry ... [03:14] it seems that the rmap patch added this function, but didn't remove the dummy macro .... [03:14] ah okay [03:15] so this line in pgalloc.h [03:15] #define do_check_pgt_cache(x,y) (0) [03:15] I change to [03:15] 01extern int do_check_pgt_cache(int, int); [03:15] ? [03:15] extern int do_check_pgt_cache(int, int); [03:16] ok if you say so ;) [03:16] arch/x86_64/mm/mm.o(.text+0x33): In function `do_check_pgt_cache': [03:16] : undefined reference to `pgd_alloc_one_fast' [03:16] arch/x86_64/mm/mm.o(.text+0x3c): In function `do_check_pgt_cache': [03:16] : undefined reference to `pgd_free_slow' [03:16] arch/x86_64/mm/mm.o(.text+0x55): In function `do_check_pgt_cache': [03:16] : undefined reference to `pmd_free_slow' [03:16] arch/x86_64/mm/mm.o(.text+0x6e): In function `do_check_pgt_cache': [03:16] : undefined reference to `pte_free_slow' [03:16] make: *** [vmlinux] Error 1 [03:17] okay .. guess this is because rmap15k doesn't support x86_64 ... give me a few minutes ... [03:18] sure [03:19] ok, I suspect I need to move some stuff from another taroon patch into the -rmap tree [03:19] I'm not running taroon any more [03:20] this is with Mandrake 9.2 [03:20] dont worry, it's a problem that is rmap specific ... [03:20] yeah, but part of the amd64 -rmap support is in a different patch inside Taroon [03:20] I just need to copy those changes into -rmap [03:20] that's all [03:21] ok :) [03:22] will take some time, just leave rmap out for the moment, if possible ... [03:22] remind me of this on monday ;) [03:32] ok, testing c17g now [03:32] great! [03:35] hmm I get a [03:35] include/linux/virtual.h:26:1: warning: "VC_VERSION" redefined [03:35] for every file compiled... [03:35] okay, I'll look into that ... [03:36] that was with the pre patch and c17g only correct? [03:36] yes [03:38] bah I keep getting acpi errors [03:38] and I've disabled acpi :/ [03:38] with acpi=noacpi or in the kernel compile? [03:38] in the compile [03:39] it's an SMP system, correct? [03:39] yes [03:39] there you can't disable some parts of ACPI (for enumeration, etc IIRC) [03:40] yeah... I get errors with acpi enabled as well though... *shrug* [03:40] in 2.4.22 I had to compile with ACPI enabled and only "CPU Enumeration Only" (or somesuch), but that's not an option now [03:41] yeah, they're still discussing where that option should go ;) [03:42] serving (~serving@213.186.191.131) left irc: Ping timeout: 480 seconds [03:43] they could have discussed it without removing it... :/ [03:47] hmm, just enabling ACPI and no button, fan, processor etc worked [03:47] and the c17g caused no problems ;) [03:47] so far... [03:47] up and running? [03:47] installing now [03:48] okay, the VC_VERSION issue will be resolved in the next version ... [03:48] rebooting... [03:48] ok :) [03:50] booted! [03:50] even better ... ;) [03:50] # tail /proc/self/status [03:50] CapInh: 0000000000000000 [03:50] CapPrm: 00000000fffffeff [03:50] CapEff: 00000000fffffeff [03:50] CapBset: 00000000fffffeff [03:50] s_context: 0 [03:50] ctxticks: none [03:50] ctxflags: none [03:50] initpid: none [03:50] ipv4root: 0 [03:50] ipv4root_bcast: 0 [03:51] looks good, now the tools? [03:51] Im using util-vserver-0.23.90.2 [03:52] okay, please try chcontext and chbind ... [03:52] or simply start a vserver ;) [03:52] vserver .. build doesn't seem to work too well any more [03:52] it doesnt copy bin, lib or usr [03:53] I guess this isn't kernel related ... [03:54] well no ;) [03:54] how do I delete the proc directory in a vs? (to delete the vs) [03:55] umount usually ... [03:55] yes, 'vserver .. build' does not copy the root filesystem anymore [03:55] oh yep [03:55] this is indentionally [03:55] hmm, so I have to build the vserver manually? [03:56] new versions of will have improved methods using apt-get, but this is still in alpha state [03:57] what's an easy way to test chcontext and chbind without making a vs then? [03:57] chcontext --ctx 999 cat /proc/self/status [03:58] chbind --ip 192.168.0.1 true [03:58] New security context is 999 [03:58] ... [03:58] ipv4root: 0 [03:58] ipv4root_bcast: 0 [03:58] ipv4root is now 192.168.1.10 [03:58] so it works ;D [03:58] looks good yes ... [03:59] thanks for testing ... [03:59] no problem [03:59] which patches would you suggest for 'production' use? [03:59] c17f [03:59] and quotas? [03:59] if you need quota/disk limits then the latest ... [04:00] which are? [04:00] mq0.11, cx0.06, cq0.11, dl0.05 [04:01] VM limits should be okay too ... [04:01] vr0.13 for security ... [04:03] and some of the fixes in my patchsets ... [04:12] serving (~serving@213.186.190.120) joined #vserver. [04:20] which patch is vr0.13? [04:20] you mean what it does, or where it is? [04:21] yes [04:21] where it is ;) [04:21] http://vserver.13thfloor.at/Experimental/patch-2.4.22-ctx17a-vr0.13.diff.bz2 [04:23] ok, so Im going to use 2.4.22 with: [04:23] patch-2.4.22-c17f.diff [04:23] patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11-dl0.05.diff [04:23] patch-2.4.22-ctx17a-vr0.13.diff [04:24] well you need mq0.11, cx0.06 and cq0.11 for dl to work ... [04:24] oh I see [04:24] hmm, strictly speaking cq0.11 isn't required ... [04:25] what is cq again? [04:25] cq is context quota ... [04:26] so if I want quotas... I'd need that surely? [04:26] if you want per context quota or the disk limits ... yes ... [04:27] I could make a dl version which doesn't require most parts of mq0.11 and cq0.11 but I don't see any reason for that at the moment ... [04:28] i'll just use them all [04:28] your vservers are on a separate partition? [04:28] yes [04:29] good, you should be avare that the cx patch modifies UID/GID values of files stored on partitions mounted with tagctx ... [04:29] I know ;) [04:29] just wanted to mention it ;) [04:30] the patch naming is very confusing :( [04:30] any better suggestions? [04:30] I guess it just needs a web page explaining them [04:31] that's right ... will do with the vserver-1.0.0 release ... [04:31] cool... how far away is that? [04:31] if possible at the end of this month ... [04:32] I still need some platform feedback for sparc/ppc .. [04:32] ok, well let me know if I can do anything to help [04:32] you already did ... by testing on x86_64 ;) [04:32] ;) [04:34] actually, one easy way you could tidy up the patches would be to put them in different directories... e.g. 2.4.22, 2.4.23, 2.6 etc, then have an 'old' and 'latest' under that for each [04:34] Im getting a headache trying to figure out which is which ;) [04:35] suggestion noted ... [04:36] there is no mq0.11-cx0.06? [04:37] yes, because the mq0.10-cx0.06 is up to date and applies ;) [04:37] oh good ;) [04:51] uhoh [04:51] Can't set the ipv4 root (Invalid argument) [04:52] what kernel, what patches, which tools .. [04:52] oh, wrong tools probably? [04:52] the new ones? [04:52] yeah, with c17f [04:52] they should work ... [04:54] weird because I thought c17f worked by itself... [04:55] try with the older tools, maybe it's a bug in the new ones ... [04:56] which version? [04:57] either the util-vserver-0.23 (no 90) or the vserver-0.24 from jacques ... [04:59] ok, 0.23.6 works :D [05:00] okay, please send a bugreport to enrico ... [05:00] do c17f and c17g use different syscall? [05:00] yes c17g introduces the syscall switch ... [05:00] Simon: what shows strace? [05:01] strace what? [05:01] ahh still awake, good ;) [05:01] Simon: strace [05:02] @enrico this is on x86_64 ... JFYI ... [05:02] ooh... [05:02] but strace should give some hints [05:03] anything in particular to look for, or shall I upload it somewhere [05:03] yes, c17g works with the tools ... [05:03] Simon: what was your command? 'chbind ...'? [05:03] chcontext [05:03] chcontext --ctx 999 cat /proc/self/status [05:03] even [05:04] the ipv4root isn't working ... [05:04] Simon: try 'strace chcontext --ctx -2 true' [05:05] @simon with the 'new' tools on c17f ... [05:05] strace can not follow context-changes in other ctx's [05:05] Simon: s!strace!strace -f! [05:07] http://www.expio.co.nz/~sgarner/terra/util-vserver.txt [05:09] Bertl: the returned version number looks strange [05:09] (0xffffffea) [05:10] well, this is an error code .. c17f doesn't implement the syscall switch ;) [05:10] this is with 0.23.90.2 on c17f [05:13] more precisely it's -EINVAL ... [05:14] hmm, I am checking for ENOSYS [05:14] is 273 used for anything else on x86_64? [05:14] not true, because c17f uses same syscall number ... [05:15] but that explains it ... [05:15] anyway, a negative return value should considered as 'not implemented' for the syscall switch ... [05:16] ok, not nice, but I can change it in this way [05:17] well, just check for -ENOSYS first, then throw an error okay? [05:17] I am throwing an error in the current version [05:17] I agree that it should not happen, and it will not happen except for c17f (warning sorry) [05:18] is 273 a syscall on x86_64? Or do we have a vserver-syscall on this architecture? [05:18] well if you want to keep it this way, I can live with that, so it's up to you ... [05:18] we have the first vserver syscall on this number ... [05:19] was my fault, was a bad idea ... [05:19] ah, I understand the problem now [05:19] I moved both syscalls to 273/274 ... [05:22] this can cause real problems; depending on stack, this function may succeed and switch to a new context [05:23] hmm, should not the 'new' syscall have a larger stack footprint than the old one? [05:25] I have to go for a bit, back in an hour [05:25] both are _syscall3 taking parameters with same size (at least on ia32) [05:25] thanks for the help :) [05:25] thank you simon ... [05:26] @enrico so we will call it with 0,0,0 then ... [05:27] which should not be a problem, right? [05:29] what happens when I call the old syscall for ctx==0? [05:30] Does it fail with -EINVAL? [05:30] -EINVAL I guess ... [05:30] let me check ... [05:30] ok, then it should be enough to "succeed" on it [05:30] I thought, '0' had a special meaning [05:31] } else if (ctx <= 0 || ctx > MAX_S_CONTEXT) { [05:31] ret = -EINVAL; [05:32] ok, it is not a problem then [05:33] good ... sorry for that 'special' case ... [05:39] it's uploaded to savannah... http://savannah.nongnu.org/files/?group=util-vserver [05:39] thanks enrico ... [06:06] ChuckD (~bug@144.137.122.238) joined #vserver. [06:12] how can I test the quota stuff? [06:12] http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Quota [06:13] ooh [06:13] but the tagctx is required ... [06:13] I have to update that one too ... [06:13] i have uid24/gid24 [06:13] good choice ;) [06:13] ;) [06:16] eek [06:17] # make [06:17] cc -g -Wall -O2 -c -o vrsetup.o vrsetup.c [06:17] cc -g -Wall -O2 vrsetup.o -o vrsetup [06:17] vrsetup.o(.text+0x1ea): In function `main': [06:17] vrsetup.o(.text+0x25e):/usr/stor/vserver/vr-tools-0.13/vrsetup.c:142: undefined reference to `errno' [06:17] collect2: ld returned 1 exit status [06:17] make: *** [vrsetup] Error 1 [06:17] is fixed in a later version ... [06:17] this is 0.13... [06:18] yeah, fixed in 0.14 ... [06:18] http://vserver.13thfloor.at/Experimental/vr-tools-0.14.tar.bz2 [06:19] ahh [06:20] I have no /dev/vroot... [06:21] you have no devfs .. I assume ;) [06:21] nope :) [06:21] should I? [06:21] in this case, you have to create the nodes with mknod yourself ... [06:21] I thought that was experimental [06:21] well, regarding to lkml it's already obsolote ;) [06:22] I can't mknod /dev/vroot/0 because there's no /dev/vroot [06:22] mkdir /dev/vroot will help there ;) [06:22] oh. ok... didnt think you could do that ;) [06:22] but you can name the devices just as you want ... [06:23] what is vrsetup for? [06:23] setting up the vroot device ... [06:23] this device proxies quota calls, but blocks everything else ... [06:23] it doesn't say to run it in the INSTALL or on that page ;) [06:24] oh wait [06:24] * setup one vroot device for all vservers on a shared partition [06:24] nevermind ;) [06:24] (as described in the INSTALL and on my pages) [06:27] # ./cqhadd -v -x 2 /dev/vroot/0 [06:27] adding quota hash for /dev/vroot/0 ... failed: No such device [06:27] # ls -l /dev/vroot/0 [06:27] brw-r--r-- 1 root root 4, 0 Oct 18 15:24 /dev/vroot/0 [06:27] oh [06:27] you have to setup the device first ... [06:27] like losetup ... [06:28] vrsetup /dev/vroot/1 /dev/real/device [06:28] # ./vrsetup /dev/vroot/0 /dev/sda6 [06:28] ./vrsetup: can't open device /dev/vroot/0: No such device or address [06:28] :( [06:29] you did enable the vroot device? [06:29] on make menuconfig ... [06:30] yes :) [06:30] CONFIG_BLK_DEV_VROOT=y [06:31] hold on... [06:32] yes :P [06:36] resolved? [06:36] nope... [06:37] look in dmesg for some vroot message ... [06:37] nothing there... [06:38] did you compile it as module? [06:38] no - no modules [06:38] there should be a message stating that there are 4 vroot devices ... [06:39] but let me verify that one ... [06:41] vroot: loaded (max 4 devices) [06:41] if you don't get this message, either vroot is not patched, or not enabled in the kernel ... [06:41] dmesg | grep -i vroot [06:41] I get nothing... [06:41] :( [06:42] I know this sounds stupid, but did you recompile the kernel, did you install the new one, did you boot it? [06:43] well I thought I did... let me try it all again [06:43] woohoo! I can't believe this is working - I'm migrating my main hosting server (RH6.2) to a new (RH9) server. I've rsynced the old server -> /vservers/old/ on the new box, till now sshd, inetd & syslog are working well, going to try the rest now [06:43] vserver rocks, big big rocks [06:43] if it still doesn't show up, compile it as module ... we can make some tests then ... [06:45] hi chuck! [06:45] hi herbert! [06:46] mysql's working... strange, because I had to add a bind-address=$IPROOT line to /etc/my.cnf on another server [06:47] might be because this is MySQL 3.23, it was 4 that had problems yesterday [06:48] herbert are you maintaining the vserver tools now or jack? just they could do with a patch to the install- scripts to copy resolv.conf [06:48] also the RedHat 9 minimum package list is wrong (e.g. sh-utils/textutils/etc have all been merged to coreutils) [06:49] I've got a working one if it's useful to send to anyone [06:49] I'm not maintaining the vserver tools, as long as enrico does a good job ;) [06:50] ok cool, so you recommend using enrico's tools? I tried them first but then saw jack had put out 0.25 so thought they might be better... maybe I'll switch back [06:51] they will be the default tools for vserver-1.0.0 .. any improvements jack adds, will be verified and added to util-vserver if it makes sense ... [06:51] k great, will run with them then [06:52] Action: Simon feels like an idiot [06:52] it works now Bertl ;) [06:53] dunno how that happened [06:53] what was the problem? [06:53] ChuckD: building new vservers will be done in a new, more customizable way in future util-vserver versions. See http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/scripts/vserver-build?rev=1.1&content-type=text/vnd.viewcvs-markup for the targeted interface [06:53] I just reinstalled the kernel [06:53] the apt-get method is in http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/scripts/vserver-init?rev=1.5&content-type=text/vnd.viewcvs-markup [06:54] well, if it comforts you, it happened to me too ... [06:54] oh good ;) [06:54] I even ran a whole debugging session on the wrong kernel once ;) [06:55] heheh [06:55] uh oh [06:55] ./cqhadd -v -x 2 /dev/vroot/0 [06:55] adding quota hash for /dev/vroot/0 ... failed: Function not implemented [06:55] more x86_64 woes? [06:55] mounted with tagctx? [06:56] mounted? [06:56] k excellent enrico, thought it was a bit hacked together as it is. I like Jack's install-rh9.0 script at the moment though, works well for me [06:56] lunch time, cya guys [06:56] you have to add the tagctx option for the vserver partition ... [06:56] Oh. well it doesn't say that anywhere... :P [06:57] but I mentioned it a few minutes (hours?) ago ;) [06:57] opps [06:58] just tagctx, dont need usrquota/grpquota? [06:59] well, those flags are actually ignored, only read by the quota tools ;) so you need it inside the vserver but not outside, anyway they do no harm ... [07:00] gotcha [07:03] adding quota hash for /dev/vroot/0 ... succeeded. :D [07:04] btw @ensc, on amd64 platforms you need /lib64 as well as /lib [07:04] in a vserver [07:07] Simon: Am I doing something with /lib? These directories are filled/created by doing 'rpm -U' (or 'apt-get install') [07:07] no not any more, just something I found with the old tools [07:07] how is making a vserver going to work with the new tools? [07:10] with alpha branch (CVS HEAD), you can do 'vserver-init ', fill '/etc/vservers//' with corresponding values, and call 'vserver start' [07:10] the "corresponding values" part is undocumented currently [07:10] ;) [07:11] most interesting might be the 'fstab' file and the interfaces// directories with dev,bcast,mask files [07:13] Simon: http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/scripts/vserver.functions?rev=1.3&content-type=text/vnd.viewcvs-markup should answer most questions [07:14] and http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/scripts/vserver.start?rev=1.4&content-type=text/vnd.viewcvs-markup also [07:14] ok, ta [07:17] Bertl, is this expected? [07:17] - from in the vserver:# quotacheck -vaug [07:17] quotacheck: Cannot remount filesystem mounted on / read-only so counted values might not be right. [07:17] Please stop all programs writing to filesystem or use -m flag to force checking. [07:17] so do it (using the -m flag ;) [07:17] just checking ;) [07:18] well that all seems to work... now it should just work like normal quotas? [07:19] yes ... [07:19] just keep in mind that: [07:19] a) the context id is now important (e.g. should be fixed/constant) [07:20] b) inter context changes/file data moves will give strange results ... [07:20] c) if you want to verify context tags/change/go back to non context tagged you should use the modified ext2 tools ... [07:21] understood.. :) [07:22] and if you observe something unusual, just report it to me ... [07:27] gotta go now, thanks again! [07:27] Simon (~sgarner@210.54.177.190) left irc: Quit: so long, and thanks for all the fish [07:33] Action: ensc disappears till monday [07:34] ensc (~ensc@134.109.116.202) left #vserver (Client exiting). [07:57] mdaur_ (mdaur@80.145.94.23) joined #vserver. [08:04] mdaur__ (mdaur@p50915775.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [08:09] hey there, any ideas which capability would root in a vserver read all directories, even chmod 0 dirs? [08:10] I'm getting permission denied in the vserver on trying to access a dir with permissions 0 [08:10] e.g. I do "chmod 0 dir", then "ls dir", ls: t: Permission denied [08:10] man capabilities ... [08:10] I've looked in capability.h, couldn't find it [08:10] will look again [08:12] hmm don't have a "capabilities" man page, where does that come from? [08:14] http://www.catfive.org/cgi-bin/man2web?program=capabilities§ion=7 [08:15] cheers, looks like CAP_DAC_OVERRIDE might be it, trying [08:20] hmm nup, CAP_FOWNER isn't it either, but doesn't matter too much for the moment, just have to set proper permissions [08:21] don't forget a chmod 000 file _is_ special in vserver ... [08:22] ah, cause it's a block to chroot breakoutage right? [08:22] correct ... [08:23] fine no problem then [08:36] okay, will go to bed now ... [08:36] wish you a good whatever ... [08:36] sleep well :) [08:36] Nick change: Bertl -> Bertl_zZ [10:05] alekibango (~john@b59.brno.mistral.cz) left irc: Remote host closed the connection [11:24] ChuckD (~bug@144.137.122.238) left irc: [12:20] ChuckD (~bug@144.137.122.238) joined #vserver. [12:40] JonB (~jon@194.239.210.173) joined #vserver. [13:10] LL0rd (~dr@217.80.126.214) left irc: Ping timeout: 513 seconds [13:42] kloo (~kloo@213-84-79-23.adsl.xs4all.nl) left irc: Ping timeout: 480 seconds [15:03] LL0rd (~dr@217.80.126.211) joined #vserver. [15:14] ChuckD (~bug@144.137.122.238) left irc: [15:32] LL0rd (~dr@217.80.126.211) left irc: Quit: 12( www.nnscript.de 12:: NoNameScript 3.73 12:: www.XLhost.de 12) [16:11] RH (~john877@24.171.20.14) joined #vserver. [16:53] shadow (~umka@212.86.233.226) joined #vserver. [16:53] Hi all [16:54] JonB (~jon@194.239.210.173) left irc: Excess Flood [16:54] JonB (~jon@kg173.kollegiegaarden.dk) joined #vserver. [17:09] JonB (~jon@kg173.kollegiegaarden.dk) left irc: Ping timeout: 483 seconds [17:43] JonB (~jon@kg173.kollegiegaarden.dk) joined #vserver. [18:42] Nick change: Bertl_zZ -> Bertl [18:42] hi all! [18:42] hey Bertl [18:42] any news? [18:43] Bertl: dunno, i've been busy [18:43] hmm, doing what? vserver stuff? [18:43] real life stuff ;-P [18:43] work [18:44] eeek! ;) [18:44] Hi herbert [18:44] Bertl: yeah [18:44] hi alex! [18:44] Bertl: dont come to close, it might infect you too [18:44] unfortunately it already got me :( [18:45] Bertl: damn [18:48] @alex please have a look at http://vserver.13thfloor.at/Stuff/virtual.[hc] [18:49] that is the current version of the syscall switch ... [18:49] doooooh, i just tried to run dhcp on the wrong network card at my vserver :/ [18:50] @jon no big deal, unless you try to assign an address to yourself ;) [18:51] Herbert it`s correct url ? [18:51] Object not found! [18:52] test? [18:52] ok. found :) [18:53] take your time to read it, and ask if you have some questions, I'll try to explain how it should be used ... [18:54] first - you not have use virtual devices in vserver ? or vcmd_set_ipv4root_v3 used for compatibile ? [18:54] if second - i think _v2 more correctly. [18:55] there is _one_ syscall, and the switch, all 'compatibility' commands (or the latest version of them) is in VC_CAT_COMPAT ... [18:55] the last version jack used was 3 for ipv4root ... [18:56] hm.. okey... i think v2 last Jacks.. [18:57] __NR_new_s_context: 259 [18:57] __NR_set_ipv4root: 260 rev3 [18:57] ok. [18:57] but it doesn't matter at all, because it will not be used anymore ... [18:58] the numberation scheme .. just the offset is important ... [18:58] the syscall/version output in /proc is gone with this version ... [18:59] syscall is fixed at 273 (sys_virtual_context) version is obtained by command VCMD_get_version [19:00] Bertl: well, i still had to walk down to the basement and make it use it's real ip [19:00] no remote console? [19:00] Bertl: the ip was different [19:00] serial line of course ... [19:00] Bertl: 8 floors down ? [19:01] sure ... 50 meters no problem ... [19:01] Bertl: i still have to pull the line [19:01] Bertl> offsets is nortmal i think we not have up to 2^16 commands :) [19:01] normal. [19:02] hmm, currently it allos 2^8 commands in 2^6 categories ... [19:02] should read 2^8 commands in every of the 2^6 categories ;) [19:03] and each command can have a version between 0 and 2^12 [19:03] 2^12-1 precisely [19:03] when did pci 2.1 arrive ? [19:04] #define VC_COMMAND(c)(((c) >> 16) & 0xFF) [19:04] mask 0xFF = 2^16-1 [19:05] nope, & 0xFF is one byte ;) [19:05] 0x100 = 256 = 2^8 [19:06] oh.. sorry :) [19:07] @jon well the PCI handbook (1997) does describe PCI 2.1 ;) [19:07] Then it it is not enough. [19:07] it is enough, you have the categories ... [19:08] what categories you plain ? [19:08] the idea is to separate into logically different categories ... like VC_CAT_PROCESS, VC_CAT_MEMORY, VC_CAT_NETWORK ... [19:08] see virtual.h for some examples ... [19:09] three categories are reserved, VC_CAT_VERSION, VC_CAT_OTHER and VC_CAT_COMPAT [19:10] the version command will allow to get the version per category and per command or for the complete system ... [19:10] "VC_CAT_MEMORY" it`s for limits ? [19:11] look 5 lines below ;) [19:11] sorry only 3 lines ;) [19:11] ok. not. [19:12] but that is the question we should discuss in more detail ... [19:12] what is funcionality VC_CAT_MEMORY ? [19:12] because this is just a suggestion ... [19:13] for example we can have syscalls to retrieve current memory usage or set some memory performance parameters ... [19:13] for define offests - my must define catigories and commands first [19:13] not everything we can do will make sense ... but we should leave some options open ... [19:13] i think it statistic command. [19:14] ChuckD (~bug@144.137.122.238) joined #vserver. [19:14] hi ppl [19:14] if we would have implemented the switch earlier .. then the VCMD_set_ipv4root would have been VC_CMD(NETWORK, 1, 2) [19:14] hi chuck! [19:15] any idea what happened to the vserver.strahlungsfrei.de wiki? [19:15] @alex for example ... [19:15] http://vserver.strahlungsfrei.de/tiki-index.php [19:16] vserver.strahlungsfrei.de doesn't resolve here [19:16] hasn't done for days [19:16] Bertl> first switch must be for separate to categories - and call function where e switched to commands. [19:16] 62.75.138.27 [19:17] @alex not necessary, you define your command, put it into a category, and write a function to handle func(id, data) ... thats it ... [19:17] hmm, 404 ... [19:17] @chuck you have to put it into your hosts file ;) [19:18] @chuck this is a virtual apache space ... [19:18] duh! doing that now... [19:18] @alex give me some syscall of yours you want to implement, I make an example ... [19:19] Bertl> it need one BIG switch.. i think it uncorrectly. [19:20] no it doesn't need one ... it just uses one for the moment ... [19:20] switch (VC_CATEGORY(cmd)) [19:20] { [19:20] is an option ... as would be a binary tree ;) [19:20] case VC_CATEGORY(c): [19:20] or a call table ;) [19:20] do_category(VC_COMMAND(c), id, data) [19:20] break; [19:21] } [19:21] not required at all ... [19:21] give me a syscall of yours, you want to implement, and let me provide the example ... [19:21] sorry "case VC_CAT_VERSION" [19:22] i not work on this :) [19:23] last work - fix problem with procfs and "linux-2.4.17-lowlatency.patch" [19:23] okay lets take your int sys_set_s_context_limit (int ctx, int cmd, void *data); for example ... [19:23] okey. [19:24] I assume that the cmd specifies the type of limit, correct? [19:24] it`s one of you category. [19:24] yes. cmd one on of you commands. [19:24] the straight forward port of this syscall would be: [19:25] case VC_CAT_LIMITS: [19:25] either put the ctx and cmd in the id field, or make one of them (or both) part of the *data struct ... [19:26] return sys_set_s_context_limit(VC_COMMAND(cmd), id, data); [19:26] then change sys_set_s_context_limit to vc_set_s_context_limit(id, *data) [19:26] and define VCMD_set_s_context_limit as VC_CMD(COMPAT, 3, ?) [19:27] add the call to the switch, and you are done ... [19:27] that is the way to handle compatibility calls ... [19:27] Bertl: hmm, well i found another nic that works [19:27] now for the 'new' definition of those commands ... [19:27] this a common way. [19:28] new command for work with limits - added inside vc_set_s_context_limit [19:28] in the near future, we should agree on a set of features ... like setting the PROCESS limit ... [19:28] or MEMORY limits ... or whatever ... [19:28] define a _common_ interface, which can be used from userspace independant from the kernel ... [19:29] in this case it would probably end up in CAT_LIMITS and get a fixed command number lets say CMD_PROCESS 6 or CMD_MEMORY 9 .... [19:30] or CMD_RSS_MAX 17 and CMD_RSS_GRANT 18 ... [19:30] that is what we have to define ... [19:31] then you split up your current limits syscall into smaller pieces, and probably move it to the virtual.c or nearby ... where those pieces are called if selected by the switch ... [19:32] you start with version 0 for each command, and whenever interface or semantic changes, you increment up to 2^12 (4096) ... [19:33] noel- (~noel@80.142.169.165) joined #vserver. [19:33] hi noel! [19:34] @alex so basically your case statements are moved to the syscall switch lateron ... [19:36] we should take our time defining those categories and commands, so I would suggest to simply wrap the existing syscalls into the COMPAT category as in the first example, or stay with the current 4 syscall scheme for the moment, as you prefer ... [19:40] herbert - What to avoid mistakes - we should at first do design categories (functional groups) and reserved some number his for future expansion [19:41] noel (~noel@80.142.171.36) left irc: Ping timeout: 483 seconds [19:41] agreed ... we will have some troubles assigning some commands to those groups, so we should make a kind of brainstorming to find 90% of the possible commands ;) [19:42] then we splitup the categories ... and assign the useful/used commands ... [19:44] only version, other and compat are fixed ... everything else is not yet done ... [19:46] but for me it`s first stage design. [19:47] no problem, I just want to miss some category, or have overlapping ones .. like the MEMORY and LIMITS for example ... [19:48] one way - in memory include all operation with memory limits and static - second one category for statistic and second for limits. [19:49] statistics is a good one for category ... [19:49] It is equal for me [19:50] let us have a look at the Linux2.6 wiki ... there are some features not present in 2.4 vservers yet ... [19:50] http://vserver.13thfloor.at/Linux2.6/ [19:51] we should have a SECURITY or STEALTH (maybe both?) category ... [19:52] and a SCHEDULER category ... [19:53] what is a funcionality for SECURITY and STEALTHit group ? [19:54] scheduler is a good category for seting CPU QoS. [19:54] for example the proc limitations or system identification could go into STEALTH ... [19:56] hm.. I do not think that it is necessary [19:57] :-\ [19:58] Security as set max capablites and some permision is good category... [20:03] herbert you have other offers for category ? [20:16] Hest (~jon@129.142.112.33) joined #vserver. [20:17] @alex well we should find a superset not a subset of what is possible ;) [20:18] basically we have to deal with the superset of both implementations and define a reasonable large subset where possible ... [20:18] Bertl: Ø ? [20:19] hi hest! please elaborate! [20:19] Bertl: you know the mathematical sign for an empty set ? [20:19] Nick change: Hest -> JonB_ [20:20] yes, so you mean we have nothing in common? wrong! [20:20] Bertl: i do, but... is it worth it to make the efford to make that subset ? [20:21] for the user anytime ... [20:21] just think about a fancy tool setting the limits for memory, processes .. etc ... [20:21] Bertl> my variant is a superset above Jack`s commands and category. [20:21] Bertl: GUI tool ? [20:22] if we agree on a common interface for those settings, you can use _one_ tool on both platforms ... each only supporting the limits available (which can be easily checked) [20:22] @jon whatever tool ... [20:22] @alex yes, but it is not a superset of _my_ commands and categories yet ;) [20:23] Bertl: agreeing on such an interface might be a burden [20:23] @jon why, you can always add separate stuff ... with the syscall switch ... [20:23] i think we have 6 categoryes.. [20:23] we have three now .. so I doubt that ... [20:23] 1) network module [20:24] 2) statistic module [20:24] 3) limits module [20:24] 4) proccessor module [20:24] 5) filesystems module [20:24] 6) process control module [20:24] JonB (~jon@kg173.kollegiegaarden.dk) left irc: Ping timeout: 483 seconds [20:24] Bertl: okay, it appears like you have your arguments in order, so i'll stop poking more at this subject [20:24] Nick change: JonB_ -> JonB [20:24] but network module can be diveded to ipv4 [20:24] ip6 and other protocols [20:24] and managment virtual devices. [20:25] I would add STEALTH for settings only hiding the fact that vservers are used/active ... [20:25] statistic module represent interface for geting some info about contexts. [20:25] and I would add SECURITY to turn on special paranoid security features ... [20:26] ok. security is missed. [20:26] and of course there is VERSION, COMPAT and OTHER ... [20:26] compat - can be. but version part of Other. [20:26] how was it, could vserver support more than one ip ? [20:27] the difference between SECURITY and STEALTH is that stealth only addresses cosmetic issues ... [20:27] @jon huh? [20:27] nope version has to be unique, to identify the syscall switch ... [20:28] Bertl: i have gotten an extra line, with a new ip, and i would prefer if it could run on both the old and the new [20:28] what about NETWORK, IPV4 and IPV6 as categories? [20:29] @jon well two nics are common on vserver hosts ... so what is your concern? [20:29] Bertl> can be merge work with protocols to one category ? [20:29] @alex hmm, please rephrase! [20:29] with commands - add/remove address [20:29] Bertl: how i should set it up ;-P [20:29] @jon ifconfig ;) [20:30] Bertl: inside a vserver ? [20:30] @jon depends ... on alex version yes .. for example [20:30] Bertl: ctx17 [20:30] @jon what _is_ the problem? [20:31] Bertl> not define category for each network protocol - but define one category NETWORK_PROTOCOL for work with it. [20:31] serving (~serving@213.186.190.120) left irc: Read error: Connection reset by peer [20:31] @alex and what commands would you like to put there then? [20:31] Bertl: what to write in the .conf file. But i'll go and look in the documentation first, i just wanted to know if i waisted my time or not doing that [20:32] Bertl> add/remove addresses from virtual devices. [20:32] @jon just add an additional definition like IPROOT="eth0:192.168.0.1 eth1:10.0.0.1" [20:32] Bertl: thanks [20:33] @alex as I said, maybe we should look at the commands to form the categories ... [20:33] Bertl: in one line, or in 2 ? [20:34] @jon one line, separated by spaces [20:34] Bertl> it`s bad commands ? [20:34] IPROOT="eth0:10.0.0.1/255.255.255.0 eth1:192.168.0.1/255.255.255.0" [20:35] @alex no, but this might become more (or less) complex than we expect ... [20:36] I would suggest the following, we make a list of all commands (functions) to change something via syscall or to retrieve data from the system ... and put them on a list ... [20:36] with some rough ideas about the data structures used ... [20:37] keep in mind the uint32_t id field is available for use ... [20:38] then we try to synchronize those commands where possible ... and build some superset .. which we separate into categories ... [20:39] if we find some categories unused, or some commands not fitting into the categories, we simply change them ... [20:40] for example for the virtual network, I would prefer the following commands: [20:41] create_network_device, add/remove_ip(v4/v6)_range/device, get/set_network_stats, and some control functions allowing/denying features ... [20:41] create/destroy of course ... [20:42] i think another [20:43] create\destroy\attach to real\change baundwith [20:43] it`s on NETWORK [20:44] add\remove addreess allowned for used at virtual device - NETWORK_PROTOCOL [20:45] the QoS is a good point ... I would have put them into LIMITS ... but that is a general question ... [20:46] limits for unstrutured limits. [20:50] Nick change: ChuckD -> ChuckD_zzz [20:57] I guess we have a two dimensional array where CPU, PROCESS, FILES, NETWORK (short RESOURCES) is on one axis and (CREATE, DESTROY, MODIFY, STAT, ...) on the other ... [20:58] hm.. sounds good.. [20:58] the question now is, do we implement this in the category or just keep it as model and assign numbers ... ;) [20:59] for example 0-7 could be general resource commands [21:00] 8-15 could be CPU related commands with 8 being general CPU retalted commands ;) [21:01] we must be define max count commands in group. [21:01] 1 would be create/destroy commands, and consequently 9 would be CPU related create/destroy commands ... [21:01] for CPU - extra commands - set scheduling politic [21:02] well we will have empty places in this matrix anyway ... [21:03] we can change the fields for category and command for example, so we would get 256 categories with 64 commands each, which would allow an easy 8x8 matrix ... [21:04] hmm 16x16 I mean ... [21:04] also command 0 in category - reserved - GET_VERSION [21:05] version is fixed to 0-0-0-0 regardless of this scheme ... [21:05] this is important to keep compatibility ... [21:06] so 14x16 would be available for use ... [21:07] 0 reserved for version, 15 reserved for compat and other ... [21:07] version of category, not a global patch version. [21:08] the basic version command is 0, we can define further versioning commands or just pass the category/command number in 'id' and return a category/command specific version too ... [21:09] I would prefer the latter ... because it is more consistent ... [21:10] we can for example to simplify the calling/query decide to use version command 0/0/0 for version as requested in id, 0/1/0 for version of category specified in id, and 0/2/0 for version of command as specified in id ... [21:10] JonB (~jon@129.142.112.33) left irc: Read error: Connection reset by peer [21:11] JonB (~jon@129.142.112.33) joined #vserver. [21:11] anyway, the 0/0/0 version call would return the patch version ... where I allowed to reserver 0x00010000 as base [21:25] good. [21:26] so lets define the RESOURCES first ... oaky? [21:27] okey. [21:27] CPU, MEMORY, NETWORK, DISKSPACE, FILES, PROCESSES anything else? [21:27] of course OTHER will be added for everything else ;) [21:29] can be change DISKSPACE for VFS ? [21:29] and add to this vroot related commands. [21:29] yes, my disk limit patches do that ... [21:30] I would say we should not leave a category out, just because we do not use it for now ... [21:31] but we must reorder current used commands into category. [21:32] COMPAT will not be reordered, new commands will go into the categories ... [21:32] hopefully the COMPAT category will be obsoleted soon ... [21:33] #define RLIMIT_CPU 0 /* CPU time in ms */ [21:33] #define RLIMIT_FSIZE 1 /* Maximum filesize */ [21:33] #define RLIMIT_DATA 2 /* max data size */ [21:33] #define RLIMIT_STACK 3 /* max stack size */ [21:33] #define RLIMIT_CORE 4 /* max core file size */ [21:33] #define RLIMIT_RSS 5 /* max resident set size */ [21:33] #define RLIMIT_NPROC 6 /* max number of processes */ [21:33] #define RLIMIT_NOFILE 7 /* max number of open files */ [21:33] #define RLIMIT_MEMLOCK 8 /* max locked-in-memory address space */ [21:33] #define RLIMIT_AS 9 /* address space limit */ [21:33] #define RLIMIT_LOCKS 10 /* maximum file locks held */ [21:33] just to get some ideas ... [21:35] i think we should not adhere RLIMITS. [21:35] CPU, MEM, NET, DISK, FILE, SCHED then? [21:37] cpu == sched [21:37] okay no problem with that ... [21:38] other correct. [21:38] in that case we could keep the current splitting and use a 8 by 8 matrix ... [21:39] with 0 == version, and 7 = other/compat ... [21:39] CPU=1, MEM=2, NET=3 DISK=4 FILE=5 6=UNUSED ... [21:40] i think need reserved some categories for future. Let will be 16 categories. [21:40] no problem, but what 'other' resources can you imagine? [21:41] I guess we can be safe with one unused resource and the OTHER RESOURCE category ... [21:41] hm.. We have forgotten - securty. [21:42] hmm is this a resource? [21:42] hm.. not.. I already have got confused :) [21:43] well it's not perfect, but maybe we should make a CONTROL category and put such things there ... [21:44] maybe FILE should be VFS ... [21:45] ahh, I have an idea ... [21:46] what about HOST, CPU, MEM, NET, DISK, VFS, OTHER ... [21:46] files - more correctly - handles. [21:46] what is HOST ? [21:46] something affecting the HOST system like security issues ... and stealth ... [21:47] maybe the name isn't perfect ... [21:47] BASE, SYSTEM, GENERAL ... [21:47] what would you prefer ... [21:47] but it not resource ? [21:48] well, it's kind of placeholder for not resource specific issues ... [21:48] this will be outside the matrix ... [21:48] first sub-category could be SECURITY, second STEALTH ... for example ... [21:49] well. in resouce category we have some classes - CPU, MEM, NET, DISK, VFS ... etc [21:49] so basicall VERSION and SYSTEM (or whatever the anme is) will be outside the resource matrix ... [21:50] cpu class we have command to set CPU QoS and Scheduling politics. it`s correct ? [21:52] for first not define commands - only define funcionality for this group. [21:55] http://vserver.13thfloor.at/Stuff/Matrix.txt [21:56] except that the numbers are wrong ... but I guess you get the idea ... [21:58] for CPU we can`t say - create\destroy\modify. [21:58] for mem similarly. [21:58] well, either we leave it out (blank) or we find a more general description ... [21:59] I would prefer leaving it blank if it doesn't apply ... [21:59] we have a lot of commands in each field of the matrix ... [22:02] we should give it some time ... lets talk about that tomorrow ... maybe we have new input or some other ideas ... [22:06] okey. i try write my ideas about categories and commands and send to you. [22:07] test [22:15] whell. i go to home... [22:15] okay, have a nice evening ... [22:16] thanks! [22:16] and for you too :) [22:16] Bertl: is there anything newer than ctx17 ? [22:16] yes ctx17a,b,c, e,f,g, and g2 ;) [22:17] and an experimental 18pre1 which I would not recommend ... [22:17] hmm [22:19] shadow (~umka@212.86.233.226) left irc: Quit: bye to all [22:21] test [22:21] Bertl: what do i do when i've got context's running that i cant stop, and cant enter ? [22:22] write a thesis about htat phenomenon ... because you should always be able to kill the processes ... [22:23] Bertl: aha, well, how do i do that, i dont even know the context number [22:23] vps auxwww [22:25] Bertl: i've got alot whichs says UNKNOWN [22:26] unknown what? [22:26] root 14927 11 UNKNOWN 0.0 0.3 1652 680 ? S 19:10 0:00 /usr/sbin/cron [22:27] the vserver is not named [22:27] yes but it is context 11 then ;) [22:27] chcontext --ctx 11 killall5 -TERM [22:27] daemon 8878 5 UNKNOWN 0.0 0.2 1388 504 ? S 18:39 0:00 /usr/sbin/atd [22:27] and 6 and 7 and ... [22:28] probably dynamic contexts .. you should not use them ... [22:28] i dont think i so [22:28] hmm, able was I ere I saw elba? [22:28] they are left overs from a vserver i started earlier, but it never got up, so i changed the config a little and tried again [22:29] could happen ... just kill them ... [22:29] newz (~newz@65.34.52.169) joined #vserver. [22:30] Hey guys, is the mailing list working? It seems weird not to have received any messages since yesterday. [22:30] hmm, hello and good point, just send a message then ;) [22:31] Nah... That's a waste of bandwidth. If you guys aren't worried, I'm not. [22:31] Hey Bertl, did you get the screen shot I sent you on thursday? [22:31] yes ... [22:32] Any chance to look at it yet? [22:32] yep ... [22:34] What do you think of the logo? [22:34] I don't like it :( [22:34] Well, I had a 50/50 chance. Either you'd like it or not. [22:35] I'll have to admit, when it comes to illustration and the such, I'm not qualified. [22:35] first I liked the idea of something coming out of that blue field ... [22:35] I may not be the one to make a logo. [22:35] I can certainly make websites (some people think), but I've never been good at logos. [22:35] your last drawing (proposal) was _much_ better IMHO ... [22:35] The server sketch? Well, I took it one step further, so that it had cubicals and etc. [22:36] I can try to send it real quick if you want to see it. However it's not perfect and I can't tell what it needs. [22:36] show me! [22:36] It needs something though... OK, just a sec. [22:40] I should've said, a momment, cause this is way longer than a "sec." [22:41] http://newz.gotdns.com/vserver-with-cube-logo.png [22:41] I used the 'sec' to draw a concept of what I had in mind ... [22:41] It's rough. Still concept needing tidying. [22:41] http://vserver.13thfloor.at/Stuff/concept01.gif [22:42] Oh, this is different. [22:42] I'm not that good. [22:42] I have to start with an image, I can't draw from scratch. [22:42] hey that was 1 minute with gimp ;) [22:42] It's good. Maybe we can find a true artist who can do it. I like it. [22:43] Well, I could try doing it in visio. It might work [22:43] the idea would be to get the broken out edge under the magnifying glass ... [22:43] Yeah, I liked that when the first logo where the magnifying glass hung over the black bar [22:43] maybe we should also think about making a 3D model ... that would allow fancy shading/lighting ... [22:44] I don't know 1 thing about doing 3d. [22:44] 3d would be nice, cause then you can rotate it to get the perspective you want. [22:44] I know people who use alias and 3d studio, but they're not cheap. [22:45] and you could do the broken out part transparent too , for example ... [22:45] Bertl: what gives SIOCSIFBRDADDR: Cannot assign requested address + SIOCSIFFLAGS: Cannot assign requested address [22:45] [22:45] well I used BMRT and RenderMan(tm) for a while but blender and such should do the job ... [22:46] @jon I assume your interface (eth0/eth1) isn't up, but you assign vserver addresses on that interface ;) [22:46] Would you like me to make the website using the first logo and when we get the new logo, replace that part of the site? [22:47] well we (read you ;) should/could think about a smart wiki/page integration ... [22:47] You mean, this new design graphted onto the wiki site? [22:47] or the other way round, I would love to have a page/wiki system tailored to the vserver use/design ... [22:48] Sure. I've done that. [22:48] Does the wiki use PHP? [22:48] yep! [22:48] What wiki are you using? [22:48] tavi ... with some modifications ... [22:49] I was just going to ask that. ANy modifications that would change the way I apply a template to it? [22:49] but it doesn't depend on that wiki .. [22:49] JonB_ (~jon@kg173.kollegiegaarden.dk) joined #vserver. [22:49] Bertl: no, the interface is running [22:49] if we have a reasonably good description language ... [22:49] Well, I can download tavi and create the template for it. [22:50] I don't see any reason to switch wikis if that one works. [22:50] I'm firmly belive in "If it's not broke, don't fix it!" [22:50] agreed, maybe later we can extend this wiki ... [22:50] for example I would like to allow the menu to be edited easily ... [22:51] but maybe we could do this with a trick .. [22:51] Well, you'll see that it's probably not going to be too hard to do that. Edit it one place and it's done. [22:51] @jon show me your setup/config ... [22:51] Also, there's the PHP Layers Menu. You can keep the nav in a single text file or SQL database. [22:51] yeah, but I would like to edit it via the wiki interface for example ... [22:52] I'm talking about the stuff on the left side ... [22:52] Sure. Well, wikis are typically pretty simple beasts. It shouldn't be hard to grab something from the wiki and use it there. [22:52] but maybe we can do this by assigning a special Menu page .. and you can retrieve it for the menu space ... [22:52] Yeah. [22:52] Just what I was thinking. [22:53] that should work ... [22:53] Do you want me to use the first logo, the one with the magnifying glass, or the second one, arrows pointing in? [22:53] I guess the first one is the better one ... I would love to see minor enhancements on the wiki, if you want to add some stuff ... [22:54] I may not be able to do that. I have a contractual agreement not to work on any software that is a "CMS". [22:54] Bertl: i've got 2 ip adresses and 2 NIC's [22:54] Since my company designs CMS software. [22:54] ahh okay ... no problem ... [22:54] Bertl: and a vserver called irc, which is configured to one NIC and has the same ip [22:55] @jon same ip as what? [22:55] JonB (~jon@129.142.112.33) left irc: Ping timeout: 513 seconds [22:55] Bertl: the nic [22:55] that won't work ;) [22:55] :-D [22:55] That would be nice though. [22:56] well basically it would work, but the vserver script prohibits that ... [22:56] Bertl: were you talking to me or to newz? [22:56] the first step of the vserver script creates an alias for that interface, which could not be the same ip ... [22:57] Bertl: why not ? [22:57] Bertl: i used that in the old setup [22:57] nope ... [22:58] pony:/etc/vservers# cat smb.conf [22:58] you can't assign an aliased interface the same address as the base interface, just doesn't make sense ... [22:58] IPROOT="eth0:194.239.210.28" [22:58] IPROOTDEV=eth0 [22:58] ONBOOT=yes [22:58] S_HOSTNAME=smb [22:58] S_FLAGS=fakeinit [22:58] this one works [22:58] will create eth=:smb with ip=194.239.210.28 ... [22:59] eth0:smb ... [22:59] Bertl: that doesnt show up in the root server ifconfig [22:59] if you have eth0 at 194.239.210.28 this would be ambigous ... [22:59] in this case you would just use "eth0" in the IPROOT line ... [23:00] Bertl: aahh [23:00] Bertl: then the trouble some [23:00] S_HOSTNAME="irc" [23:00] but what is your intention anyway ... I'm a little confused here ... [23:01] #IPROOT="eth0:194.239.210.28/255.255.255.0 eth1:129.142.112.33/255.255.240.0" [23:01] Bertl: to keep both internet connections [23:01] Bertl: the 194 as a backup [23:01] that is again impossible, because you cannot connect from two vservers to the same ip?! [23:02] which server should get the incoming packages? [23:02] Bertl: and run the vservers so i can access daemons running at different ports but using both ip adresses [23:02] Bertl: the one running a daemon on that port [23:03] what you want is to share both networks across the vservers .. right? [23:03] Bertl: yes [23:03] but what is the reason for this? [23:03] you've got a rationale? [23:04] the reason is to have a backup way into the vservers should the internet connection be down [23:04] what about a simple port proxy then? [23:05] or just ssh between both servers? [23:05] maybe also to the host? [23:06] Bertl: a port forward might be an idea [23:06] Bertl: but so far i cant even get the vserver called irc to run on the new NIC [23:06] well probably you could use "eth0 eth1" for both servers, this could work, but I would not recommend it ... [23:07] IPROOT="eth1:129.142.112.33" IPROOTDEV=eth1 should work ... [23:08] Bertl: but the "root" server also uses eth1 and 129.142.112.33 [23:12] Bertl: when i type vserver irc start, it says those 2 error lines, and then starts the services, however, the name is "UNKNOWN" in vps, and vserver irc status says it isnt running [23:13] Bertl: it does mount prov and dev/pts though [23:15] in that case you should use eth1 only ... [23:15] but you are out for troubles ... because now you have three units sharing two addresses ... [23:16] Bertl: i only run a few daemons in each, and i have moved ssh off to non default [23:18] S_HOSTNAME="irc" [23:18] IPROOTDEV=eth1 [23:18] IPROOT=129.142.112.33 [23:18] ONBOOT="yes" [23:18] S_NICE="" [23:18] S_FLAGS="lock nproc" [23:18] ULIMIT="-H -u 256 -n 1024" [23:18] S_CAPS="CAP_NET_RAW" [23:18] # *NOT* DNS domain name, for NIS only [23:18] S_DOMAINNAME="" [23:18] pony:/etc/vservers# vserver irc start [23:18] Starting the virtual server irc [23:18] Server irc is not running [23:18] SIOCSIFBRDADDR: Cannot assign requested address [23:18] SIOCSIFFLAGS: Cannot assign requested address [23:18] ipv4root is now 129.142.112.33 [23:18] IPROOT=eth1 [23:19] /usr/lib/vserver/save_s_context: /var/run/vservers/irc.ctx: Operation not permitted [23:19] Server irc is not running [23:19] do you use tagctx= [23:19] do you use tagctx? [23:19] and vps shows UNKNOWN in the name column [23:19] Bertl: how do i know if i do that [23:20] did you add tagctx as mount option? [23:20] Bertl: /dev/raid1/irc on /vservers/irc type ext3 (rw,errors=remount-ro) [23:21] ls -lda /var /var/run /var/run/vservers gives? [23:22] drwx------ 2 root root 1024 Oct 18 20:46 /var/run/vservers [23:22] heh [23:23] pony:/etc/vservers# ls -lda /var /var/run /var/run/vservers [23:23] drwxr-xr-x 12 root root 1024 Aug 8 2002 /var [23:23] drwxr-xr-x 6 root root 1024 Oct 18 20:50 /var/run [23:23] drwx------ 2 root root 1024 Oct 18 20:46 /var/run/vservers [23:23] what was the effect of IPROOT=eth1 ? [23:25] Bertl: SIOCSIFBRDADDR and SIOCSIFFLAGS are gone [23:25] Bertl: however, /usr/lib/vserver/save_s_context: /var/run/vservers/irc.ctx: Operation not permitted [23:25] Bertl: and vps still doesnt report a irc running [23:26] Bertl: New security context is 8 [23:26] that is the weird part ... [23:26] root 1272 8 UNKNOWN 1.5 0.3 1344 600 ? S 21:23 0:00 /sbin/syslogd [23:26] I understand why the server doesn't start ... [23:26] but I do not understand why save_s_context fails, yet ... [23:27] try to change the permissions of /var/run/vservers to world writeable ... [23:27] or better remove the irc.ctx lying around there ,... [23:28] Starting system log daemon: syslogdchmod: changing permissions of `/dev/xconsole': Operation not permitted [23:28] it didnt do that the last time [23:28] you are sure you do not use any of the context tagging stuff? [23:29] it would be a perfect match ... [23:29] Bertl: not 100% [23:29] okay what patches did you use ... for the kernel ... [23:29] i dont remember [23:29] harhar *sigh* [23:30] Bertl: sorry, but i think it is linux-2.4.21-ctx17-vquota-0.10.diff.bz2 patch-2.4.21-ctx17.diff.bz2 [23:30] i dont know if both is applied [23:30] it's been a long time [23:31] hmm, well, I would _strongly_ advise to upgrade to a recent version then ... asap! [23:31] well, thats the problem... i also use PPDD, and then i need patches for that too [23:31] what is the ppdd stuff? [23:31] i have considered going away from having my stuff encrypted [23:31] blocklevel encryption [23:32] like crypto api and such ... [23:32] okay where are the patches for this? [23:32] yes [23:32] google for PPDD + lucky [23:33] however, you need more patches like [23:33] some kerneli stuff [23:34] the kerneli where in my patchsets for a long time ... [23:35] say_ (~say@212.86.243.154) joined #vserver. [23:35] say (~say@212.86.243.154) left irc: Read error: Connection reset by peer [23:38] strange, now i dont even have DNS :( [23:39] your system is locking itself out ... [23:39] that is because you use dynamic contexts with context tagged files (IMHO) [23:39] okay [23:40] i'll look into it tomorrow, thanks for the help [23:40] JonB_ (~jon@kg173.kollegiegaarden.dk) left #vserver (Client exiting). [23:40] Bertl (~herbert@MAIL.13thfloor.at) left irc: Quit: Bertl has no reason [23:40] Bertl (~herbert@MAIL.13thfloor.at) joined #vserver. [23:41] test [23:42] Bertl (~herbert@MAIL.13thfloor.at) left irc: Client Quit [23:44] Bertl (~herbert@MAIL.13thfloor.at) joined #vserver. [23:47] Bertl (~herbert@MAIL.13thfloor.at) left irc: Quit: [23:51] Bertl (~herbert@212.16.62.51) joined #vserver. [00:00] --- Sun Oct 19 2003