[00:03] Nick change: shu_off -> shuri [00:04] Maybe I should read the ML archives first... but still, did anyone try to break out of a vserver already? [00:05] the chroot is safe if you use the 000 permission trick ... [00:08] and and if you do not give any additional capabilities you should be on the secure side ... but if you find anything, let me know ;) [00:08] 000 permission on the /vserver mount point, IIRC? [00:09] yup ... (/vservers to be precise) [00:09] or wherever you vservers root is ... [00:10] ok... [00:45] loger joined #vserver. [00:46] humm [00:46] got realy a problem with mrtg / snmpd and vserver [00:55] hmm, why don't you use the host snmpd and mrtg? [01:02] it could be nice to get mrtg / vserver [01:03] i really think the virtual network thing is a priority [01:03] well what information do you expect (which can not be retrieved from the host)? [01:04] and yes, virtual network _is_ a priority ;) [01:04] virtual network? [01:05] to be more precise, a virtualized network interface ... [01:05] yes [01:07] hmm. [01:07] Well, the current way is just what i need :) [01:07] not me [01:08] well vserver is very nice like this [01:09] but i dream of someting better:P [01:09] well, I suspect you are volunteering to test it then ... [01:09] of course [01:09] is the only thing i can do for vserver [01:09] shuri: I lack visions, so tell me :) [01:10] i dont know coding [01:10] so i cannot write it:( [01:12] i am testing alpha of ensc [01:12] but there a lack of doc [01:29] Nick change: riel -> unriel [02:18] dakol (~dakol@82.67.179.120) got netsplit. [02:18] shadow (~umka@212.86.233.226) got netsplit. [02:18] kestrel_ (~athomas@192.65.90.92) got netsplit. [02:18] sladen (paul@80.1.73.116) got netsplit. [02:18] linas (~linas@67.100.217.179) got netsplit. [02:18] ensc (~ircensc@134.109.116.202) got netsplit. [02:18] Zoiah (Zoiah@81.17.52.139) got netsplit. [02:18] kestrel (~athomas@202.139.83.4) got netsplit. [02:18] unriel (~riel@riel.netop.oftc.net) got netsplit. [02:18] unriel (~riel@riel.netop.oftc.net) returned to #vserver. [02:18] #vserver: mode change '+o unriel ' by kinetic.oftc.net [02:18] dakol (~dakol@82.67.179.120) returned to #vserver. [02:18] shadow (~umka@212.86.233.226) returned to #vserver. [02:18] kestrel_ (~athomas@192.65.90.92) returned to #vserver. [02:18] sladen (paul@80.1.73.116) returned to #vserver. [02:18] kestrel (~athomas@202.139.83.4) returned to #vserver. [02:18] Zoiah (Zoiah@81.17.52.139) returned to #vserver. [02:18] ensc (~ircensc@134.109.116.202) returned to #vserver. [02:18] linas (~linas@67.100.217.179) returned to #vserver. [02:19] weeeeeeeeeee [02:19] #vserver: mode change '-o unriel' by ChanServ!services@services.oftc.net [03:19] linas (~linas@67.100.217.179) got netsplit. [03:19] ensc (~ircensc@134.109.116.202) got netsplit. [03:19] Zoiah (Zoiah@81.17.52.139) got netsplit. [03:19] kestrel (~athomas@202.139.83.4) got netsplit. [03:19] sladen (paul@80.1.73.116) got netsplit. [03:19] kestrel_ (~athomas@192.65.90.92) got netsplit. [03:19] shadow (~umka@212.86.233.226) got netsplit. [03:19] dakol (~dakol@82.67.179.120) got netsplit. [03:19] unriel (~riel@riel.netop.oftc.net) got netsplit. [03:19] unriel (~riel@riel.netop.oftc.net) returned to #vserver. [03:19] dakol (~dakol@82.67.179.120) returned to #vserver. [03:19] shadow (~umka@212.86.233.226) returned to #vserver. [03:19] kestrel_ (~athomas@192.65.90.92) returned to #vserver. [03:19] sladen (paul@80.1.73.116) returned to #vserver. [03:19] kestrel (~athomas@202.139.83.4) returned to #vserver. [03:19] Zoiah (Zoiah@81.17.52.139) returned to #vserver. [03:19] ensc (~ircensc@134.109.116.202) returned to #vserver. [03:19] linas (~linas@67.100.217.179) returned to #vserver. [03:33] Oual (~val@81.56.199.207) left irc: Quit: kernel test [03:43] Val (~val@81.56.199.207) joined #vserver. [11:01] loger joined #vserver. [12:24] good evening [12:27] cliu (~icechat5@203.218.135.14) joined #vserver. [13:10] alekibango (~john@62.245.97.59) joined #vserver. [13:44] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [14:00] serving (~serving@213.186.190.47) left irc: Ping timeout: 492 seconds [14:17] JonB (~jon@129.142.112.33) joined #vserver. [14:48] say-out (~say@212.86.243.154) joined #vserver. [15:00] AGoe (~agoeres@80.184.144.197) joined #vserver. [15:08] AGoe (~agoeres@80.184.144.197) left irc: Quit: de cetero censeo aliquem necesse dormire [15:12] alekibango (~john@62.245.97.59) left irc: Quit: Client killed by consultant [15:27] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Quit: Tak ja padaaaaM [15:28] mhepp (~mhepp@213.211.38.19) joined #vserver. [15:30] serving (~serving@213.186.191.48) joined #vserver. [15:43] AGoe (~agoeres@80.184.144.197) joined #vserver. [15:44] AGoe (~agoeres@80.184.144.197) left irc: Client Quit [15:49] dakol (~dakol@82.67.179.120) left irc: Quit: User abort with 5 Ctrl-C's [16:16] AGoe (~agoeres@80.184.144.197) joined #vserver. [16:16] AGoe (~agoeres@80.184.144.197) left irc: Client Quit [16:37] AGoe (~agoeres@D90c5.d.pppool.de) joined #vserver. [16:37] AGoe (~agoeres@D90c5.d.pppool.de) left irc: Client Quit [16:44] Nick change: unriel -> riel [16:50] say-out (~say@212.86.243.154) left irc: Ping timeout: 492 seconds [16:52] say-out (~say@212.86.243.154) joined #vserver. [16:56] mugwump (~sv@81.3.107.58) joined #vserver. [17:10] Medivh (ck@server1.shell-express.de) left irc: Ping timeout: 492 seconds [17:16] yes, yes it is [17:17] kestrel_ are you sure ? [17:17] yes, yes i am [17:17] :) [17:17] quiet in here today... [17:17] Action: kestrel_ drops a pin [17:18] PICK THAT UP [17:18] people might step on it [17:21] Action: kestrel_ apologises profusely [17:21] kestrel_ thank you [17:34] JonB (~jon@129.142.112.33) left irc: Quit: Client exiting [17:49] Nick change: Bertl_zZ -> Bertl [17:49] hi all! [17:53] Hi Herbert [17:53] hi alex! [17:54] in current i have 2 to logs jbd with debug level 100 and deadlock on end. [17:54] it interested for you ? [17:54] sure ... [17:55] hi herbert [17:55] hi alec! [17:57] how are you doing? [17:57] fine thanks, currently publishing the vroot for stable ... how are you? [17:57] ok. herbert i cc to you my Honzas mail . [17:58] @alex tx [17:59] vroot for stable? Are there any important differences to patch-2.4.22-ctx17a-vr0.13.diff? [18:00] @Hurga not really, only if you use 2.4.20 ... [18:00] i'm also good [18:00] what is vroot? [18:00] good, I'd hate to recompile again :) [18:01] @Hurga in such cases, you could always revert the old vroot patch, and apply the new one, then 'make dep bzImage modules' and everything should be fine ... [18:02] @alec vroot is a device proxy to make quota in vservers secure ... [18:02] okay [18:05] dmistry (~dmistry@64.106.131.10) joined #vserver. [18:05] hi hi [18:06] hi! [18:06] hi herbert [18:06] hi cliu! [18:07] i'm playing with the "Per Context Quota"... however [18:08] it complains: quotaoff: quotactl on /dev/hdv1 [/]: No such process [18:08] any idea? [18:09] hi bert ltns [18:09] @cliu just a moment ... [18:09] i'm using 2.4.22c17e followed http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Quota [18:10] @cliu everything including the qhadd and quotacheck/quotaon works? [18:11] quotacheck is ok, cqhadd is ok, but quotaon complains quotaon: using //aquota.group on /dev/hdv1 [/]: Operation not permitted [18:11] ahh, thought that ... [18:14] did you add the CAP_QUOTACTL? [18:14] i don't think so... to where? [18:15] just try to add CAP_QUOTACTL to the config file of the vserver ... [18:15] what tools do you use? [18:15] and which version? [18:15] util-vserver 0.24 [18:16] okay, they should be fine with CAP_QUOTACTL ... [18:16] just CAP_QUOTACTL=""? [18:16] no there is a S_CAPS section , IIRC ... [18:16] S_CAPS="CAP_QUOTACTL" [18:16] exactly ... [18:19] not okay :( [18:19] okay let us verify it step by step ... [18:19] you are using vroot? [18:19] that's right. [18:20] your partition for the vserver is? [18:20] mount -o tagctx,usrquota,grpquota /dev/vs_group/vs13 /vservers/test3 [18:20] using lvm [18:20] okay, that looks good ... [18:21] your vroot setup? [18:21] ... [18:22] vrsetup /dev/vroot/0 /dev_vs_group/vs13 [18:23] before that i did: mknod /dev/vroot/0 b 4 0 [18:23] okay now a check for the hdv1, [P] ls -la /vservers/test3/dev/hdv1 [18:23] brw-r--r-- 1 root root 4, 0 Nov 7 12:57 /vservers/test3/dev/hdv1 [18:24] okay, now the mtab file inside the vserver ... [18:24] is /dev/hdv1 / ufs rw,usrquota,grpquota 0 0 [18:25] okay now lets remove the quota hash cqhrem ... [18:25] cqhrem -v -x 13 /dev/vroot/0 ? [18:25] for example ... [18:26] removing quota hash for /dev/vroot/0 ... succeeded. [18:26] 13 is the ctx no. [18:26] okay now we add it again ... [18:26] cqhadd -v -x 13 /dev/vroot/0 [18:26] adding quota hash for /dev/vroot/0 ... succeeded. [18:27] fine, now enter the context ... vserver vs13 enter [18:27] done. [18:28] [V] quotacheck -Fvfsv0 -augm [18:28] i'm using quota-3.06, is it okay? [18:28] quotacheck, done. [18:28] hmm I suggest to use 3.07 min, but we'll see ... [18:29] quotacheck is done without message. [18:29] [V] quotaon -Fvfsv0 -augm [18:29] [V] quotaon -Fvfsv0 -aug [18:29] quotaon: using //aquota.group on /dev/hdv1 [/]: Operation not permitted [18:29] quotaon: using //aquota.user on /dev/hdv1 [/]: Operation not permitted [18:30] okay, do you have strace installed? [18:30] inside the vserver? [18:30] i don't think so. [18:30] could you get strace-4.5 and compile it for the vserver? [18:30] linas (~linas@67.100.217.179) got netsplit. [18:30] ensc (~ircensc@134.109.116.202) got netsplit. [18:30] Zoiah (Zoiah@81.17.52.139) got netsplit. [18:30] kestrel (~athomas@202.139.83.4) got netsplit. [18:30] sladen (paul@80.1.73.116) got netsplit. [18:30] kestrel_ (~athomas@192.65.90.92) got netsplit. [18:30] shadow (~umka@212.86.233.226) got netsplit. [18:30] riel (~riel@riel.netop.oftc.net) got netsplit. [18:31] okay, but pls wait for a moment... [18:31] Zoiah (Zoiah@81.17.52.139) returned to #vserver. [18:31] what you are not done yet? ;) [18:33] i'm downloading the strace... [18:38] hi [18:38] hi shuri! [18:41] linas (~linas@67.100.217.179) got lost in the net-split. [18:41] ensc (~ircensc@134.109.116.202) got lost in the net-split. [18:41] kestrel (~athomas@202.139.83.4) got lost in the net-split. [18:41] sladen (paul@80.1.73.116) got lost in the net-split. [18:41] kestrel_ (~athomas@192.65.90.92) got lost in the net-split. [18:41] shadow (~umka@212.86.233.226) got lost in the net-split. [18:41] riel (~riel@riel.netop.oftc.net) got lost in the net-split. [18:43] riel (~riel@nat-pool-bos.redhat.com) joined #vserver. [18:43] hi rik! [18:44] linas (~linas@67.100.217.179) joined #vserver. [18:44] hi linas! [18:44] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [18:44] hi enrico! [18:45] isn't netsplit fun? [18:46] shadow (~umka@212.86.233.226) joined #vserver. [18:47] is this a netsplit or a local problem of me? afair, people are working today on my network so lost connections can be caused by them [18:47] nope we had a netsplit, again ... [18:48] 16:30 -!- Netsplit uranium.oftc.net <-> quark.oftc.net quits: riel, linas, [18:48] ensc, kestrel, Zoiah, sladen, kestrel_, shadow [18:49] aha, got lost somehow. and since I am on a BNC ethernet, I do not trust very much in my local network [18:51] hi again :) [18:52] hehe [18:52] hi ensc [18:54] hi herbert, strace is installed finally in the vserver, using my ancient pc. [18:54] perfect ... [18:54] now do the following: [18:55] [V] strace -fF quotaon -Fvfsv0 -aug >/tmp/strace.log 2>&1 [18:56] kestrel (~athomas@o2rosock0a.optus.net.au) joined #vserver. [18:56] done and file strace.log was created. [18:56] okay, can you provide/send it for/to me, either web or DCC or mail? [18:57] sure. [19:00] email to u, thanks a lot! [19:00] dmistry (~dmistry@64.106.131.10) left irc: Ping timeout: 492 seconds [19:02] @cliu could you name the exact version of the mq/cx/cq patches you used for the kernel? [19:04] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11.diff.bz2 [19:05] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.10-cx0.06.diff.bz2 [19:05] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11.diff.bz2 [19:05] http://vserver.13thfloor.at/Experimental/patch-2.4.22-ctx17a-vr0.13.diff.bz2 [19:05] okay, try to add CAP_SYS_ADMIN to the S_CAPS, so S_CAPS="CAP_SYS_ADMIN CAP_QUOTACTL" [19:06] ok and i am restarting the vserver [19:06] yes .. [19:07] should i run vrsetup and chqadd everything after mounting? [19:07] did you remove/delete them? [19:08] yes [19:08] okay, then you have to vrsetup and cqhadd ... [19:09] yes, i did. [19:09] Hurga (ident@217.231.171.196) left irc: Ping timeout: 492 seconds [19:09] as i included them in the script [19:09] okay run everything as before and look what quotaon reports this time ... [19:10] oh wonderful, no more complaint! [19:10] funny ... [19:11] thks herbert! really funny! and i will continue playing it! [19:11] AGoe (~agoeres@D90c5.d.pppool.de) joined #vserver. [19:11] @enrico ... maybe I'm blind, maybe something with CAP_QUOTACTL is wrong ... [19:11] @cliu if you ahve any trouble, just ask ... [19:11] sure! thank you very much! [19:11] hi folks [19:12] ask? great: [19:12] btw, is it the latest version? [19:12] nope, but you'll have to wait 1-2 days, until the latest is released ... [19:12] no problem! looking forward :) [19:13] hi AGoe! [19:13] hi herbert.. still din't succeed, but i tried to trap the problem.. [19:14] @cliu okay, it seems I've found the reason, if you upgrade the quota tools, you should not require the CAP_SYS_ADMIN anymore ... [19:14] @cliu but this is a mistake on my side ... I didn't modify the compat quota calls ... [19:14] herbert, does it work with your machines to set scontext in v1.00 and have the vservers start up with fakeinit? [19:15] nope I don't use fakeinit ... [19:15] ic [19:15] herbert, so how do you start services on a vservers startup? [19:16] the apropriate init scripts are started automatically by the vserver script ... (Mandrake) [19:16] I jsut select them via vserver chconfig ... [19:16] that's from the host's side..? [19:17] yup ... [19:17] but it also works with chkconfig from inside a vserver ... [19:17] so within the vservers there are no init-scripts on automatic startup? [19:18] one more question, if i am going to use "Per Context Quota" + "Per Context Disk Limits", should i apply ALL patches? [19:18] AGoe no, there are init scripts, but they are started from the vserver script ... [19:18] cliu: yes and tell me if you succeede..:-) [19:18] @cliu what do you mean by all patches? [19:19] from http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Quota and http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits [19:19] qh(was mq), cx, cq, dl, vr ... that's what you need ... [19:20] ?? sorry. [19:20] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e.diff.bz2 [19:20] herbert, i dont know about mandrake starting services, in debian the to be startet scripts are links in an /etc/rcNUMBER.d/ directory [19:20] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11.diff.bz2 [19:21] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.10-cx0.06.diff.bz2 [19:21] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11.diff.bz2 [19:21] http://vserver.13thfloor.at/Experimental/patch-2.4.22-c17e-mq0.11-cx0.06-cq0.11-dl0.05.diff.bz2 [19:21] http://vserver.13thfloor.at/Experimental/patch-2.4.22-ctx17a-vr0.13.diff.bz2 [19:21] okay? [19:21] ic. will try it and tell you the reason, thanks again herbert! [19:22] @AGoe yes, exactly the same as in Mandrake ... [19:22] What's our syscall number? [19:22] is it 273? [19:22] yup! [19:23] Hurga (ident@pD9E7A8DE.dip.t-dialin.net) joined #vserver. [19:23] heh, CKRM are trying to use that too :-) [19:23] http://vserver.13thfloor.at/Stuff/syscall2.2.txt [19:23] well it was reserved, wasn't it? [19:23] herbert, but there's no such thing as chkonfig.. [19:23] on debian ... yes ... [19:24] but basically the chkconfig only modifies the links in the runlevel directories to the init scripts ... [19:24] don't know what debian uses for this ... [19:25] update-rc.d [19:26] herbert.. well i use typing, but there should be a more confy tool, even in debian.. [19:26] sam says: update-rc.d, this might be the tool ... [19:28] herbert, but i have some other probs with the a "limit"-patched system [19:28] update-rc.d? found that and will test it [19:29] cliu (~icechat5@203.218.135.14) left irc: Quit: Make it idiot proof and someone will make a better idiot. [19:29] start with fakeinit and without scontext set works only for the first time [19:30] when such a vserver is stopped and startet again it's stuck in an init [S] [19:30] when entreing ist there are lots of msgs like: bash.login Permission denied.. [19:31] as I said, personally I don't use fakeinit, and IIRC, it is not required for debian ... [19:32] @AGoe the permission denied issues are from the dynamic context .. if you like I can explain it in more detail ... [19:32] herbert.. when will you "official" and "stable" and "idiot-proof" version of these limits be part of vservers? [19:32] hmm, I guess when they are 'stable' and 'idiot-proof' ;) [19:32] herbert, i'm the proof, that they're not really idiot-proof.. [19:33] that's why they are not considered 'stable' and 'idiot-proof' yet ;) [19:34] herbert, i made some "lsctx" on the vservers files and fount, that after first startup, files like /dev/random oder /dev/initctl have context 2 (first choice i guess) [19:34] yes, this _is_ intentional ... [19:35] after second startup these files still had the same context.. the vserver chose 3 as context for its second start.. [19:35] and expected too ... if you context would be always 2, there whould be no problem with that ... [19:35] that is the reason why you get the permission denied messages ... [19:36] herbert.. well.. and how do i get rid of this?:-) [19:36] USE STATIC CONTEXT IDs ... [19:37] herbert i'll try my very best.. [19:38] Action: Hurga hmms and didn't use static context IDs yet. Got to look into it... [19:38] look, maybe you've found a debian specific issue with static contexts, maybe you've found a bug in the vserver script, maybe you just try the wrong things, I really don't know, because I don't use debian ... [19:38] I have no problem to help you find the real reason and fix it ... [19:39] but you ahve to cooperate ... and this includes systematically analyzing and tracking down the real issue, which is not possible if you appear, shout/ask around and disappear again ... [19:40] there are 3 ways we can do this: [19:40] this static context issue might really be a debian prob, course it doent enven work with the server we have runninge since june.. [19:40] 1) forget about it, don't use it until it is considered stable [19:41] 2) keep trying/asking/disappearing and maybe after some month of hard work you'll find the solution, by accident ... [19:41] 3) lets analyze this and try to understand and fix the real reason .. with our help [19:42] that's my opinion, and I do not speek for the community ;) [19:42] 1) obviously i have to [19:42] 2) i'll do that [19:44] 3) i'll accept any advice/help/idea i can understand.. [19:44] bertl: I've sent a message to CKRM about the syscall. cc: vserver-list [19:44] @sam oki, thanks ... [19:45] Bertl: quick question re: context number. If I shut down and start a vserver again, it incremented the context number. Is that normal? [19:46] yes [19:46] @Hurga for dynamic contexts yes, if you specify a S_CONTEXT= in the config file, this number is always used ... [19:47] if you want to use context disk limits or context quota, this is mandatory ... [19:47] Bertl: which problems? './chcontext --cap \!CAP_QUOTACTL sh' works fine; at least 'reducecap --show' shows the correct line ;) [19:48] @enrico sorry, already found it ... the kernel patch doesn't add the CAP_QUOTACTL cehck to the compat version of the quotactl ... my fault ... [19:49] I'll fix it in the next release ... [19:51] @sam nice email ;) but I doubt it is doable .... [19:55] AGoe (~agoeres@D90c5.d.pppool.de) left irc: Quit: de cetero censeo aliquem necesse dormire [19:58] @enrico I would like to work/test the limit and per context capabilities on the weekend, could you provide some experimental tools to set/get/config that? [19:58] Bertl: do we have an interface? [19:58] well, we can agree on one fast ;) [19:59] @all new vroot patches/tools ... http://www.13thfloor.at/vserver/s_addons/vroot/ [20:00] @enrico, @alex IIRC we agreed that min/soft/max is useful, further we agreed on a set/modify mask for them, also we found that we won't need more than 32 different limits, right? [20:01] yes [20:02] alex is currently away ... but let us define a possible interface in the meantime [20:03] struct { uint16 id,mask, uint64 min,soft,max } is this sound for set? [20:03] yes [20:04] struct { uint64 min,soft,max } is this sound for get? [20:04] (I am not a kernel designer, but is uint16 instead of short really ok?) [20:04] well, we don't face the short isn't short problem with that on 'strange' architectures ... [20:05] okay brb ... (5-10 min) [20:05] would it be better to use 'lim_t' instead of uint64? [20:06] ah ok, does not exist in the kernel... [20:08] Bertl: what is with architectures, where uint16 is not supported very well? (e.g. on these where 1 bytes consists of 9 bits?) [20:08] kernel seems to use 'long' or 'short' instead of fixed-sized types [20:20] okay, back again ... [20:20] @enrico we don't want to handle those fields differently on 32/64 architectures ... [20:22] @enrico we stay with the C99 types as used in the vcmd_new_s_context_v1 and vcmd_set_ipv4root_v3 okay? [20:23] okay; I just wondered about the 'long' usage in regular kernel vs. the strongly specified types in the vserver patch [20:24] well 2.4 is not C99 and long is sufficient if there is sys_xy and sys_xy64 ;) [20:27] okay I would suggest to add a third call, which returns two 32 bit masks (maybe 64 bit?, maybe more masks?) which contain information about the available limits and weather soft is available or not (maybe for min/max too?) ... what do you think about that? [20:31] what are "information" about the available limits? [20:32] one mask could state 'limit is available' [20:32] the other could state 'limit does support softlimit' [20:33] a third could say 'limit does support minimum' [20:33] when using three masks (min,soft,hard), "limit is not available" would mean that corresponding bits is not set in all three masks [20:33] AGoe (~agoeres@D90c5.d.pppool.de) joined #vserver. [20:33] for example ... [20:34] mhepp (~mhepp@213.211.38.19) left irc: Remote host closed the connection [20:34] we could also define a MAX_VRLIMIT and have an array ... [20:34] was just an idea ... [20:34] I would use the three mask variant [20:34] ;) [20:34] sladen (paul@80.1.73.116) joined #vserver. [20:34] hey paul [20:35] I would like to extend the get limit by a flag filed too ... to signal what fields are valid, and how do we set unlimited? [20:35] s/filed/field/ [20:35] kestrel_ (~athomas@192.65.90.92) joined #vserver. [20:37] and we need the id of the limit in any case ... maybe we should use the same struct? [20:37] unlimited would be (uint64_t)(-1) [20:38] agreed, but as #define ... [20:38] or ~0UL [20:38] ./resource.h:#define RLIM_INFINITY (~0UL) [20:38] perfect ... [20:38] vserver phmobak enter [20:38] sorry [20:39] we need to pass the id on get and set, and we could pass the mask for get too ... [20:39] for what do we want the mask in get? [20:40] well, we don't need it, but we could only return the min/soft/max if selected/requested ... well never mind ... [20:41] would it be very much overhead to fill all three values? [20:41] nope, forget it ... [20:41] what about adding ~1UL for don't change? [20:42] sounds like a hack... but will work [20:42] this way we could use the folowing struct for all purposes ... [20:43] struct vcmd_get_rlimit_v0 { [20:43] uint32_t id; [20:43] }; [20:43] hrm... [20:43] uint64_t minimum; [20:43] uint64_t softlimit; [20:43] uint64_t maximum; [20:44] sounds good for me... [20:44] would be used for get and set ... [20:44] on get, you have to fill in the id, on set all fields, where you could use DONT_CHANGE and RLIM_INFINITY ;) [20:46] hmm, another idea .. what if we use the mask (3 mask values to report existance of limit) to actually enable/disable the limits (on set) ? [20:47] we could even use the same struct ;) [20:48] what is "enable/disable the limits"? [20:48] setting RLIM_INFINITY? [20:49] I mentioned the 2/3 masks to retrieve the implemented limits, right? [20:49] yes [20:49] we had one saying enable/disable, a second for minimum and a third for soft, right? [20:50] so those 3 32 or 64 bit values will be returned from a syscall, right? [20:50] ah, you have a seperate enable-disable flag... [20:50] I thought you mean RLIM_INFINITY means disable and any other value 'enable' [20:50] what if we use a similar syscall to SET those flags, if available ... [20:51] so there could be a simple check if the limit is disabled, or the min/soft is not active ... [20:52] what would be the difference between the existence of a enable/disable flag, and an implemention through RLIM_INFINITY? [20:52] dmistry (~dmistry@su-nat.datapipe.net) joined #vserver. [20:52] hmm, probably none, guess you are right .. [20:53] okay scratch that ... [20:53] min could be disabled by 0 and soft/max by RLIM_INFINITY ... although soft could check for <= max, right? [20:54] yes [20:55] okay, shall we put those syscalls on a fixed place or play around in the SYSTEST category? [20:58] for userspace, this does not really matter... [20:58] and I am not uptodate with the kernel related aspects of the category [21:04] http://vserver.13thfloor.at/Stuff/syscall2.2.txt (is the latest version) [21:05] the funny thing is, we don't have the perfect place for it ... [21:06] @enrico, could you answer the mail from Lyn St George on the list, regarding the differences? [21:08] ok, I will do it [21:10] okay, so as soon as alex reappears, we'll fix the interface/syscall, when will you have some test tools ready? (just asking) [21:12] should not take more than a hour when kernel interface is defined [21:12] hmm, you _are_ fast ;) [21:12] Enrico, you need to make your rebootmgr daemonize properly [21:12] mugwump: I have not touched rebootmgr; it is still Jacques' version [21:12] @sam hmm, not sure we should spend time on that ... [21:13] hopefully we'll soon replace the rebootmgr by a userspace helper ... as paul suggested ... [21:13] I've done it already, it's simple. You just need to fork && exit, close your STDIN/OUT/etc, and then call setsid() [21:14] @sam what do you think of such an approach? [21:14] mugwump: I will take a look at it and it will be probably in next stable release [21:16] cool ... also, what's your opinion on moving the functionality provided by util-vserver-vars wholly into /etc/vservers.conf ? [21:17] @sam uh oh ... [21:19] with reasonable fallbacks if the vars aren't set of course. I just think it's an unnecessary complication. [21:19] mugwump: values in util-vservers-vars are fixed values and should not need modifications by the local administrator. Since I am not sure about the future of /etc/vservers.conf yet, I will keep util-vservers-var a while [21:19] Is there an open question with /etc/vservers.conf ? [21:20] it's part of the old toolset; the init-related part will be moved to /etc/sysconfig/vserver and there are no other values currently in it [21:21] (and I can not imagine values which should be in it) [21:21] /etc/sysconfig is not FHS [21:22] and the old toolset is not maintained. Let's make it as easy as possible for people to upgrade by not changing the locations. [21:22] /etc/sysconfig/vserver will not be installed per default ;) [21:22] (like /etc/init.d/vservers) [21:23] (which is not LSB, btw) [21:23] /etc/init.d isn't LSB ? what is? [21:23] hmm, what is not LSB? [21:24] is the SysV initstuff working on other systems than RH? [21:24] linux standard base [21:24] btw, all my changes to util-vserver that were necessary for Debian are at http://www.vilain.net/linux/ctx/util-vserver_0.23.96-1.diff.gz [21:24] it defines how init-scripts shall be constructed [21:25] yeah we know, but you mean /etc/init.d/vservers isn't LSB conform, right? [21:25] There are some good things in there that olag put in - eg, supporting passing /vservers location to C programs via environment [21:25] What is the correct LSB location for init scripts? [21:25] Bertl: yes, it is not conforming [21:25] mugwump: /etc/init.d [21:26] mugwump: /vservers location is customizable with ./configure option; and alpha tools are handling it completely different [21:28] the configure option should really just install a different /etc/vservers.conf [21:28] perhaps it can change the default in the executables, but it should be possible to change it post-compile [21:29] okay, why not change it? [21:30] mugwump: I do not want to spent much work into the old toolset; in the new one, the vserverdir is /etc/vservers//vdir/ [21:30] tools are allowing to specify vservers by name (which will be searched in /etc/vservers/), or by full cfg-dir path [21:37] so, /etc/vservers/foo/vdir is a symlink ? [21:39] I think that the Debian guy had the right physical path for LSB - /var/lib/vservers [21:39] but a symlink is definitely a good idea [21:41] mugwump: yes, by default, /etc/vservers//vdir is a symlink to /etc/vservers/.defaults/vdirbase/ [21:41] ... which is a symlink to /vservers [21:42] perhaps splitting /etc/vservers into /etc/vservers.d/ and /etc/vservers/ would be a good idea... [21:44] mugwump: btw, there is a resource leak in your daemonize() code. fh will not be closed [21:45] hmm, what would you put into /etc/vservers.d ? [21:45] Bertl: subdirectories with vserver-configurations [21:46] like for example? [21:46] /etc/vservers contains e.g. defaults/ or distributions/ (which are prefixed by '.' currently) [21:46] e.g. /etc/vservers.d/ftp/ or /etc/vservers.d/httpd/ [21:46] for ftp and httpd vservers [21:47] okay and what will be put into that? [21:47] vdir symlink, the 'hostname' file, interface definitions, ulimits, ... [21:48] hmm, in the one value per file style you want to use, right? [21:48] someone been using djb tools recently or something ? :-) [21:48] it is just a renaming of current /etc/vservers into vservers.d to avoid the '.'-prefix hack of special directories [21:48] Bertl: s!want to use!are using! [21:48] I have no problem with that, we just need good docu ... [21:49] and a tool which processes a sane vserver.conf and splits it into that mess, of course ,) [21:49] Bertl: I have an XML file describing the settings... ;) [21:49] Bertl: legacy support is implemented [21:49] but conversation tools would be good, indeed [21:58] okay, here the proposed include http://vserver.13thfloor.at/Stuff/rlimit_virtual.h [22:02] Bertl: you want to use the same struct for the information and set/get syscall? [22:03] yup, any reason against it? [22:03] seems to be hackish... (information does not need id, and works with uint32_t also) [22:04] then, I would like to have #define's for the special INFINITY and IGNORE values [22:05] okay, one minute ... [22:07] when I think about it... representation of IGNORE through ~1UL is not good. When there are problems in userspace and 'unsigned long' (instead of long long) is used, you set a wrong value [22:08] ~1ULL [22:08] we need ~0ULL anyway, right? [22:08] which version compiles? ;) [22:09] yes ULL [22:10] http://vserver.13thfloor.at/Stuff/rlimit_virtual.h [22:10] update, does this look good? [22:11] AGoe (~agoeres@D90c5.d.pppool.de) left irc: Quit: de cetero censeo aliquem necesse dormire [22:12] I would parenthesize the macros [22:12] the ~0 and ~1? [22:13] yes (inclusive the ULL) [22:13] okay, can't hurt, although I don't see a reason for doing so ... [22:20] ensc: would you mind including the debian build files in the new util-vserver distribution, as you do the RedHat .spec ? I'll do the testing etc. [22:20] Action: shadow returnrd [22:20] Action: shadow returned [22:21] @alex http://vserver.13thfloor.at/Stuff/rlimit_virtual.h [22:21] ok. [22:21] the part below /* rlimit vserver commands */ do you agree? [22:23] hmm maybe I should explain it a little ;) right? [22:23] herbert : for first we be finish composite resouce list ? [22:24] we can do later, it isn't relevant for enrico .. so I would like to finalize the interface first ... [22:24] hrm [22:24] so whats news? :) [22:25] the idea is to retrieve a mask which limits are available with VCMD_get_rlimit_mask [22:25] hi matt! [22:25] Hi Matt [22:25] and the kernel uses 3 bit for each limit, one for min, one for soft and one for max ... [22:26] if all bits are cleared, there is no such limit ... [22:26] the limit itself is get/set via VCMD_get/set_rlimit ... [22:27] we do not need the statistical/query part yet ... and it's generalized for all resource limits (max 32) [22:27] @matt vr0.14 is new ... [22:28] matta> Honza accept my bugreport about deadlock.. [22:28] good ... [22:29] you have memory soft limits working? [22:29] Bertl: vr0.14 fixes quota accounting errors? [22:29] shadow: so it's kernel problem, not yours? [22:29] @matt what accounting problem? [22:30] ahh you mean the statistics, right? [22:30] matta> Ões. [22:31] no, they are fixed by honza's patch ;) [22:31] matta> i send to Honza debug logs from jbd but not not have answer. [22:32] Bertl: what is new in vr0.14? [22:33] the include is fixed, and the default vroot number raised to 8 (which is equiv to loop default) [22:33] ah [22:33] gotcha [22:39] mugwump (~sv@81.3.107.58) left irc: Quit: Hardcore coding time [22:40] Herbert please explain me: who used vcmd_ctx_rlimit_mask_v0 and who vcmd_ctx_rlimit_v0... [22:41] vcmd_ctx_rlimit_mask_v0 used for returnd info about what is limits supported for resource ? [22:41] what limits are supported, period. [22:45] vcmd_ctx_rlimit_v0 used for get/set limits ? [22:45] yes [22:46] ok. [22:47] do you see any issues with that approach? [22:48] i elaborate it. [22:50] okay, how much time will you need? [22:50] but vcmd_ctx_rlimit_mask_v0 can be used for directly set resouce limits. [22:51] no, you can't set anything with vcmd_ctx_rlimit_mask_v0, this is only a query ... [22:51] ok. [22:51] you answer to my questions.. [22:52] if you want to set for example disk limits, and the id for disk limits is 5 you would use get/set with id=5 ... [22:52] okay .. go ahead ... [22:54] but if from userland send structure when unused fileds be filled - kernelel must be ignore it - or signalize about error ? [22:55] s/kernelel/kernel/ [22:55] if for example the rlimit_mask returns a 0 bit for the disk limit 'soft' limit ... then the syscall will either ignore or return -EINVAL ... [22:56] we can finalize this behaviour later ... [22:56] ok. [22:57] if the limit isn't supported at all, a -ENOSYS or something like this should be returned ... [22:57] maybe -EINVAL is better ... [22:58] or we can add error code -EUNSUP [22:59] yes, maybe ... [23:00] -EINVAL - if incorrect value posted to function... [23:01] okay, so any questions regarding the syscall interface itself? [23:03] okey. [23:03] what about -ENOENT for unsupported limits? [23:04] @enrico, okay seems we can agree on that interface? [23:04] ENOENT 2 /* No such file or directory */ [23:04] hm.... [23:04] NO Entry.. hm.. so so.. [23:05] well, basically we could return EINVAL or ENOSYS, because this should not happen at all ... [23:05] if the user space tool checks the mask first, no such error should be required ... [23:06] Bertl: no problem with me... [23:08] okay, could you draft up some tools, where the limit can be given by something like --limit and the three values can be get/set, then? [23:08] yes [23:08] and later we can move to more descriptive values like --memory or --limit memory or something like this ... [23:11] but can be tools_name --ctx id --type [min|soft|hard] --name value ? [23:14] WRITE_MSG(fd, "Usage: "); [23:14] WRITE_STR(fd, cmd); [23:14] WRITE_MSG(fd, [23:14] Bertl: " [-c|--ctx ] [-a|--all] [-MSH] [+|--limit + [--] ]\n" [23:15] ensc> when you plain code type limit ? [23:15] [-MSH] ? [23:15] hmm, how would a min/hard set look like for limit 7 ? [23:15] shadow: Minimum, Soft, Hard [23:16] ok. [23:16] Bertl: setctxlimit -MH --limit 7 [23:17] hmm, what if -M should be 10 and -H should be 100 ? [23:17] the cases where M/S/H are the same are very limited ;) [23:19] Bertl for it need 2 commands or support more one --limit in command line [23:19] setctxlimit -M --limit 7 10 -H --limit 100 [23:20] enrico? [23:20] Bertl: I am thinking about a possible implementation... [23:20] but for we easy use limits name but not limits i [23:20] ensc> in my varian it easy [23:21] yes, but for the moment, and in general a numeric alternative is useful (for testing/extension) [23:21] ensc> you must do syscall after decode --limits [23:22] Bertl> use --limit7 but not --limit 7 .... [23:22] shadow: I want to support multiple limits; and had to implement a sequencepoint at '-HMS'... [23:22] what about --limit 7 -M 10 -H 100 ? [23:23] ensc> see my tools. i support many commands at one command line. [23:23] vifconfig --attach eth0 --device eth0 --addipv4 .... [23:23] as example.. [23:24] ensc> you must only chane internal state and do syscall only in decoding limit. [23:24] ensc> you must only chane internal state and do syscall only in decoding "limit". [23:25] is getopt(3) allowing parameter reordering? [23:26] mugwump (~sv@stc.surreytech.co.uk) joined #vserver. [23:27] @enrico IIRC, only the non arguments are moved to the back ... [23:27] i write simple analog for getopt... [23:28] but it can be writeln and with getoptlong [23:29] because getoptlong scan line from start and support more one equal tolken in line [23:30] bertl: what resource limit things have you/others implemented? there's disk quota, and memory limits, anything else? [23:31] @sam disk limit, quota inside, memory limit, process limit ... [23:31] Îmugwump> send to you private list of resorce ? [23:32] What's the most recent ML patch? [23:33] there are 2 versions 0.04 without rmap, and 0.06 with ... [23:33] rmap gives you RSS limits, eh? [23:34] yes ... [23:48] ensc what you think about named numerical limits as --limit7 but not --limit 7 [23:48] ? [23:49] @alex this is nonsense ... nobody needs this ... for testing --limit is much simpler ... [23:49] shadow: yes, I will go this way (but only --7) [23:49] Bertl: but you can not give an argument/the limit [23:50] Bertl> more difficult decode 2 arguments for one commands. [23:50] well, personally I don't care how it is implemented, if it works ;) [23:51] but please, allow to set _all_ values (M/S/H) for one limit at once ... [23:51] okey. [23:52] and I mean to different values of course ;) [23:52] if enrico need example who it do - i can create it with getopt.. [23:53] shadow: thx, but I know how to solve it [23:53] now this is odd [23:53] with 2.4.23-pre8-c17h [23:53] the main server stopped responding [23:53] but all vservers are functioning fine [23:54] and the main ip doesn't ping, but an alias on the main server does [23:54] hmm ... sounds weird ... [23:54] yeah, very weird [23:54] hm.. problem in routing ? [23:54] vservers are all running fine [23:55] Matt - host answer on arp requests about main server ip ? [23:56] @matt I would check the switch/router ... [23:58] yeah, it's really weird [23:58] check this out [23:58] I can't even ping 69.10.150.194 [23:58] which is the main IP [23:58] but I can ssh into my own VDS at 69.10.150.254 [23:58] and from the VDS I can ssh into .194 [23:59] heh [23:59] hmm, check the arp table of the next hop router ... [23:59] whack [00:00] --- Sat Nov 8 2003