[00:00] but it produces two unnecessary error messages on startup, when the alias cr5eation fails ... [00:00] ah so thats where they come from ;) [00:00] lol [00:00] hhm so I need no settings in my config? kinda strange :) [00:01] empty config [00:01] (for testing..) [00:01] you need to specify the IPROOT="10.1.0.100" otherwise you won't be allowed to use this ip ;) [00:01] bullfrog:/etc/vservers# vserver ine exec id [00:01] Can't set the ipv4 root (Bad address) [00:01] I tried now 10.1.0.102 [00:01] (unused IP) [00:01] unused means? [00:01] not assigned I mean [00:02] on the main host [00:02] or do I need to specify existing IPs [00:02] well, that won't work .. in that case, you have to let the start script create an alias, specify eth0:10.1.0.102 to do that [00:02] btw I read "http://www.solucorp.qc.ca/miscprj/s_context.hc?s1=4&s2=3&s3=0&s4=0&full=0&prjstate=1&nodoc=0" but it does explain very good :) [00:02] ok I try eth0:newIP the [00:03] then [00:03] hhmm [00:03] still [00:03] bullfrog:/etc/vservers# vserver ine exec id [00:03] Can't set the ipv4 root (Bad address) [00:03] this might help ... http://vserver.13thfloor.at/Stuff/VServer-IP-Setup-0.1.txt [00:03] IPROOT="eth0:10.1.0.102" [00:03] Bertl: ok I will read that [00:03] but if you are talking about 2.6, then this doesn't apply, as network support isn't implemented yet ;) [00:04] lol [00:04] waahh [00:04] wtf [00:04] so what can I do then with the vserver? : [00:04] Action: Tamama pokes fun at meebey ;) [00:04] no network == useless? [00:04] I'm working on it ... but we are not there yet :( [00:04] hhmm ic [00:04] hence his suggestion to use 2.4.23/vs 1.22 :) [00:04] what can I test without network [00:05] so no IPROOT setting [00:05] hmm, well no network restrictions apply either, so basically you can use all ips ;) [00:05] lol [00:05] wtf even with no IPROOT [00:05] I get that error [00:05] bullfrog:/etc/vservers# vserver ine exec id [00:05] Can't set the ipv4 root (Bad address) [00:05] or should I ignore it? [00:05] yup [00:06] try restarting the server [00:06] hhmm [00:06] bullfrog:/etc/vservers# vserver ine start [00:06] Starting the virtual server ine [00:06] Server ine is not running [00:06] geh [00:07] Bertl any idea how i can get a vserver to run through the normal config files? [00:07] instead of just /etc/rc.d/rc ? [00:07] or should i just stuff all in rc ? [00:08] vserver only starts /etc/rc.d/rc ? [00:08] I dont have that... only rcS.d [00:08] er rc$runlevel.d [00:12] usually (systemv init style) the rc script in /etc/rc.d/rc or /etc/init.d/rc executes the runlevel scripts linked in /etc/rc.d [00:13] my rc was empty... [00:14] *checking* [00:14] hhmm init.d/rc is there, its a debian sarge system [00:15] bullfrog:/vservers/ine/etc/init.d# vserver ine start [00:15] Starting the virtual server ine [00:15] Server ine is not running [00:15] Can't set the ipv4 root (Bad address) [00:15] bullfrog:/vservers/ine/etc/init.d# [00:15] :( straneg [00:17] Action: Tamama builds apache/suexec [00:17] plug [00:17] pluh even [00:22] hhmm [00:23] looks like back to wolk4.9 :) [00:24] heh [00:24] stubbsd (~stubbsd@public2-birk1-6-cust242.manc.broadband.ntl.com) joined #vserver. [00:24] oh and #iprootdev fixed my startup errors.. :) [00:24] hehe [00:24] strange though that I cant start the vserver [00:24] hrm [00:24] wolk4.0 hmm why? what? how? [00:24] meebey: please elaborate ... [00:24] how can i prevent user1 from ever reading user2's files when using apache... .. they are in the same group.. so.. that would be kinda hard to do? [00:24] Bertl: i think that is his server name :) [00:25] lol [00:25] WOLK [00:25] Working Overloaded Linux Kernel [00:26] kernel patchset [00:26] base is 2.4.20 but it has all goodies of 2.6 (tons of backports) [00:26] includes ctx17 patch for vserver [00:26] and its ~2.4.23 [00:26] I know wolk ... [00:27] at least 4.10pre is about ~2.4.23 [00:27] but I know that mcp isn't updating the vserver patches, so I cannot consider this a good thing if you want to run vservers ;) [00:28] hhhmm [00:28] whats the current patch? [00:28] vs1.22 [00:28] http://www.linux-vserver.org/index.php?page=ChangeLog [00:29] hhmm you are right [00:29] he has only old patches [00:29] last patch update was in 4.0rcX [00:30] if you want something working, and 2.6 like, you could use the ck1 patchset from Con Kolivas .. [00:30] do you know why he is not updating? [00:30] problems with the patches or so? [00:31] guess he is just lazy ... [00:31] updating vserver would be not too hard, as there are incremental patches ... [00:31] hehe [00:34] hhmmmm no 2.6, no wolk, omg what a world, vanialla? eeks [00:35] checking ck1 [00:36] where do I get it? [00:36] http://www.plumlocosoft.com/kernel/ [00:38] Hi folks, is it posible to limit the amount of memory,cpu etc, that a vserver can use? [00:40] lol this is funny [00:40] "[PATCH] USB: Add Lego USB Infrared Tower driver" [00:44] stubbsd: yes, but the kind of limitations differ depending on the patches and the limitations ... [00:45] Bertl: were can I find the info? [00:45] here on the channel ;) [00:46] lol [00:48] hm i was just thinking... [00:48] (yes it hurt) [00:48] nah cant be done [00:49] would require a big fat redir webserver [00:49] (and also for ftp :S) [00:55] i guess i'll keep that option though just in case some site gets a lot of hits and it is better to run it as module :D [00:58] vserver with hardlinked files (can't be that big on the file system.. right? :) [00:59] probably I'm missing a lot ... but if you need something, just let me know .. [01:00] just brainstorming :) [01:00] So then, if this is the place where I can get the infomation about limiting proccers and memory of a vserver what can I do with the 1.22 standard? [01:01] you can enable nproc, which will propagate the ulimit for number of processes to the entire context [01:01] so the context is limited to ulimit -u processes in total [01:02] you can enable 'sched', which will account the entire context as one process for the scheduler ... [01:03] where can I find doc about ulimit ? [01:04] #vserver :P [01:05] lol [01:05] and the vserver config file has some info on it too [01:05] actually it has a line that does that.. its just commented out i think [01:05] and you can apply memory limit patches (not in vs1.22 per default) to limit the virtual memory ... [01:05] just number of proccess [01:06] man bash ( give explanation regarding ulimit) or man setrlimit (the actual function behind ulimit) [01:08] i thought those functions were 'empty'.. [01:13] CRAP [01:13] i just killed my web vserver [01:14] removed all libs lol [01:14] oh well [01:15] nothing serious [01:17] thought i was in another dir ;) [01:22] ulimit has -v that sets the maximum amount of virtual memory so why does 1.22 nead a patch? [01:23] because all ulimits are per task ... and you probably want a limit per context (vserver) [01:23] what about nproc? [01:24] this is a 'special' flag, which 'uses' the per task value for the entire context ... [01:24] we have a new interface for those limits in the devel branch, but it will take a few weeks, until it is in userspace and tested ... [01:25] so if I use nproc and let -a with ulimit it will limit the vserver to that amount of memory? [01:26] hm [01:26] New security context is 10004 [01:26] Can't chroot to directory . (Permission denied) [01:26] root@powerhouse:/vservers# [01:26] heh [01:26] (it cant enter the vserver ;) [01:26] s/let/use/ [01:28] stubbsd: if you use S_FLAGS="nproc" and S_ULIMIT="-HS -u 100 -v 10240" you will limit the entire context (vserver) to 100 processes, each limited to 10MB of virtual memory, does this explain it for you? [01:29] Bertl: Sorry, clear as day, thanks.. [01:29] nothing to be sorry about .. UR welcome ... [01:39] hm [01:39] root@powerhouse:~# /vservers/vs boot skel 1000 [01:39] adding quota hash for /dev/vroot0 ... succeeded. [01:39] ipv4root is now 10.0.0.1 [01:39] chgrp: invalid group name `utmp' [01:39] Server skel is not running [01:39] Starting the virtual server skel [01:40] the chgrp thing.. [01:41] obviously somebody is doing chgrp, with group utmp, in a context, where this isn't defined .... which tools are those? [01:41] basically its a vserver skel enter [01:41] boot just sets it up for at boot (ie adds quota hashes) [01:41] I meant, enrico/jacques and version 0.xy? [01:41] dunno, util-vserver 0.26 i guess [01:42] hmm, you don't know? hows that? [01:43] i just use vserver :D [01:43] what did you install? [01:44] util-vserver0.26 [01:44] but i guess these are for use inside the vserver? [01:45] dunno, i thought it worked pretty well without anything installed :P [01:45] nope, that are the tools you use (vserver start for example) [01:46] well, lets test for them, on the host execute the folowing script : http://vserver.13thfloor.at/Stuff/testme.sh [01:47] ok done that.. what part would you like to know? lo [01:48] [011]# chcontext --secure --ctx 100 mknod /tmp/x c 0 0 [01:48] New security context is 100 [01:48] [011]# succeeded. [01:48] mknod: `/tmp/x': Operation not permitted [01:48] i guess that was expected.. heh [01:48] yup [01:49] root@powerhouse:/vservers# ./testme.sh [01:49] what does the version info give, or testme.sh -q [01:49] Linux-VServer Test [V0.03] (C) 2003 H.Poetzl [01:49] Linux 2.4.23-vs1.22 i686/chcontext 0.26/chbind 0.26 [E] [01:49] ipv4root: 0100007f/00ffffff ipv4root_bcast: ffffffff ipv4root_refcnt: 1 [01:49] chbind is working. [01:49] chcontext is working. [01:49] okay, those are enrico's 'E' util-vserver 0.26 tools ;) [01:50] scripts/vserver:chgrp ${UTMP_GROUP:-utmp} var/run/utmp [01:51] so you have to either specify the right group via UTMP_GROUP, or define group utmp in the hosts /etc/groups [01:51] what is that dir for anyway [01:52] which dir? [01:52] /var/run/utmp [01:53] that is a file, and it usually contains the login records .. see man utmp [01:55] hm it didnt hurt me to not have it :P [01:55] hm.. [01:56] something i noticed [01:56] when i copy a file with context 0 to a vserver.. [01:56] the vserver can use it [01:56] right [01:56] shouldnt that be disallowed? [01:56] since the s_context is different on that file? (or should be) [01:56] if disallowed, it would intantly render any unification useless ... [01:57] which i dont use.. [01:57] and probably no 'newly' created vserver would start ... [01:57] utility detail [01:57] (without explicitely assigning a context) [01:57] right [01:57] but I guess there will be some options in the future .... [01:58] my initial approach/idea was to auto migrate from any context to the current context ... [02:00] then I did an opinion poll, and the majority decided to consider any other context, except context 0, a permission mismatch ... which is now implemented [02:00] well it has its uses :) [02:01] *touch /dev* [02:01] heh [02:01] although I think that handling ctx 0 as a fault/permission issue, would not allow to use a virtual server at all ... [02:01] why so? [02:02] you would not be able to access any file below /vservers for example, because that is owned by ctx 0 ;) [02:02] which if you dont use unification is bad... whatfor? :) [02:06] okay, accessing any file below / would be a problem, because / is probably owned by context 0 ;) [02:06] well a vserver is not allowed to do that anyway... [02:06] huh? [02:06] uh.. [02:07] you mean the vserver / [02:07] I mean the host / [02:07] chmod 777 /usr/home/tamama/somedir [02:07] change to other [02:08] cd /usr/home/tamama/somedir .. should just work [02:08] 'change to other' means context change? [02:08] user change [02:09] so if the vserver / dir is context of the vserver.. shouldnt it just work? [02:09] yeah sure, but we where talking about disallowing access to context 0 inodes, wheren't we? [02:09] Bertl: you said that changes in 1.3 allow you to spesify the memory and procesor usage of an entire context, [02:09] Bertl: will it be easy to pull out memory & processor usage about each context ? [02:10] that can be done already ... with vserver-stat [02:10] cool! [02:10] but yes, a proc overview will be added somewhere in 1.3.x too, I guess ... [02:11] we have the interface there, still needs some work and a lot of testing ... [02:11] proc per vserver i assume [02:11] so like a 'top' where you can change contexts ? ;) [02:12] 1.3.2 will have per context proc info on the host ... [02:12] well, it actually has ;) [02:31] heh [03:25] stubbsd (~stubbsd@public2-birk1-6-cust242.manc.broadband.ntl.com) left irc: Quit: Leaving [05:37] netrose (john877@CC3-24.171.21.47.charter-stl.com) joined #vserver. [06:03] kestrel (~athomas@dialup51.optus.net.au) left irc: Quit: reinstall time [07:35] Nick change: _Zoiah -> Zoiah [07:55] case: no httpd running on host ip, several vservers without httpd too and one vserver with apache2 [07:55] now that one apache2 binds all other port 80s [07:55] how can i prevent this? i use vs1.22 on debian [07:55] debian patches or vanilla kernel? [07:56] (changing the apache configuration to bind a specifig ip is not the solution because an $evil_customer don't "need" to do that) [07:56] 2.4.23 vanilla + vs1.22 + vquota [07:57] hmm, please show me your server config for that vserver (the one running apahce) [07:58] http://www.rafb.net/efnet_cpp/paste/results/G2187199.html [07:59] (a nopaste service) [08:00] do you have ipv6 enabled in the kernel? [08:00] yes [08:00] i can upload the .config somewhere if you're interested [08:00] hmm, probably that's the problem, I guess apache bind to ipv6:0.0.0.0 [08:01] but i use ipv4 to connect [08:01] this is a known issue, I usually suggest to disable ipv6 if possible ... [08:01] hm ok [08:01] yeah, but apache uses ipv6 to bind ;) [08:01] i like ipv6 [08:01] i don't really need ipv6....it just...year you see menuconfig and then...you add stuff you'll never need because it's kind of "free" ;) [08:02] damn typos [08:02] RoMo: I would ask you to try to disable it, if this doesn't solve your problems, please ask me again ... [08:02] Bertl-> no IPv6 support!? [08:03] ipv6 isn't supported by vserver yet, and I hope, that we can avoid the support by adding the virtual network device ... [08:03] Bertl: building new kernel is already in build process :) [08:03] good ;) [08:04] you could try to strace (with strace >= 4.5) apache in startup, but I'm pretty sure, that's the issue ... [08:04] Bertl-> well, if you need an IPv6 testing ground... i am one of europes largest iv6 peering points [08:05] yeah, but what I would need more, is some basic understanding of ipv6 ... :( [08:05] Bertl: another thing. there was someone appearing on a german webhoster webboard talking about "bad security issues" of ctx without telling details... [08:05] http://www.webhostlist.de/active/thread.jspa?threadID=28376&tstart=0 [08:08] hmm, didn't receive any mail yet ;) [08:08] me neither [08:10] but thanks for pointing out how to proceed ;) [08:10] ;) [08:11] i hate that board. it's just 90% bullsh... :) [08:12] ok. box is rebooting. [08:13] nice. works now. [08:13] online available on the vserver's ip address [08:13] thank you :) [08:13] okay, that has something todo with the way ipv6 enabled tdaemons connect, I'll try to find the 'critical' places soon, and hopefully fix them ... [08:14] kungfuftr: could you suggest a good introduction into ipv6? [08:14] 2 secs [08:15] http://cr.yp.to/djbdns/ipv6mess.html [08:15] :) [08:15] http://www.ipv6.org/howtos.html - you should also research http://www.kame.net and whatever the link is for the usagi project [08:16] okay, thanks ... [08:19] np [08:25] kungfuftr: are you interested in getting ipv6 working for vserver? I mean would you do some testing if I try to 'hack' something together? [08:26] i really wouldn't have the time at the moment i'm afraid... got a product launch in 3-4 weeks [08:27] ah okay, just asking ... [08:27] i'd be happy to sort out ipv6 peering, etc. should you need it [08:32] nathan_ (~nathan@207.44.202.162) joined #vserver. [08:33] hey bert [08:33] hi nathan? any results from last year? ;) [08:33] Bertl, deadlock on a semaphore when running a non-infinite forking version of killer.c with a while true cat /proc/*/status [08:34] okay, you know which one? and you did the patch I suggested? [08:34] yes i did the patch you suggested [08:34] what do you mean by which one? [08:35] which semaphore? [08:35] i dont know, i imagine its one that is done via task_lock since your code doesnt use any i dont think. [08:36] okay, you did the task_lock/unlock patch I suggest last time on irc, or did you miss that one? [08:36] i did that one [08:36] okay, and the lock was with that one, and in /proc//status ... right? [08:37] yep [08:37] killer.c runs fine without the cat [08:37] cat kills it good and quick [08:37] im trying to get my hands on a local dual so i can do some testing and get your better information [08:37] no luck as of yet [08:38] yeah, I'm pretty confident, that the only races left are in the procfs part ... [08:38] that also explains why some folks hit it and others not, those with some scripts gathering status information, will hit it sooner or later :( [08:39] yea [08:39] or those running vtop or something [08:39] vps -auxw will kill it just the same iirc [08:39] how long will you be around? [08:39] (today I mean ;) [08:40] tonight? not too long, anniversary with gf :) [08:40] okay, I'll hunt it down tomorrow then ;) expect some patches or a new release ...(devel) [08:40] i wonder if a softdog will keep this rebooting after the semaphore deadlock [08:41] nmi watchdog should break a race lock ... [08:41] but the cpus are still running afaik [08:42] issue seems to come along with spawning new processes [08:42] kernel still responds to ping and what not [08:42] not sure if anything in user space is ever running [08:51] ill check tomorrow for updates to devel and give them a spin and email you or check on irc [08:51] great, thanks nathan ... [08:52] thank you :) [08:52] ttyl [08:52] nathan_ (~nathan@207.44.202.162) left irc: Quit: [BX] Uh oh... I'm getting a blip on the gaydar. Richard Simons is coming! [09:58] good night everyone ... cu l8er [09:59] cu [09:59] Nick change: Bertl -> Bertl_zZ [10:29] MedivhWrk (ck@netops.multimedia-centrum.de) left irc: Ping timeout: 512 seconds [10:30] MedivhWrk (ck@netops.multimedia-centrum.de) joined #vserver. [10:33] noel- (~noel@pD9E0934E.dip.t-dialin.net) joined #vserver. [10:41] noel (~noel@pD952C93F.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [11:22] MedivhWrk (ck@netops.multimedia-centrum.de) left irc: Ping timeout: 480 seconds [11:22] MedivhWrk (ck@netops.multimedia-centrum.de) joined #vserver. [12:18] mcp (~hightower@wolk-project.de) left irc: Ping timeout: 480 seconds [12:27] mcp (~hightower@wolk-project.de) joined #vserver. [12:40] Tamama (~Tamama@a62-216-20-152.adsl.cistron.nl) left irc: Read error: Connection reset by peer [13:14] stubbsd (~stubbsd@217.206.216.194) joined #vserver. [13:14] morning all, [13:17] whats the "standard" for /dev/ in a vserver ? ie can I mount devfs? [13:18] Standard is MAKEDEV I guess and then rm what you don't need. :) [13:19] Devfs is obsolete afaik. [13:19] thanks [13:21] serving (~serving@213.186.191.84) left irc: Ping timeout: 480 seconds [13:33] sorry all but, how do people take care of the mtab file in a vserver? [13:37] tanjix (~tanjix@p5091E39B.dip.t-dialin.net) joined #vserver. [13:57] tanjix (~tanjix@p5091E39B.dip.t-dialin.net) left irc: [15:14] serving (~serving@213.186.191.23) joined #vserver. [15:24] noelk (~noel@p509276FA.dip.t-dialin.net) joined #vserver. [15:46] anybody here tryed to use afs in a vserver? [16:25] Doener_zZz (~doener@pD95881A3.dip.t-dialin.net) joined #vserver. [16:33] Doener_aw (~doener@p5082DE9D.dip.t-dialin.net) left irc: Ping timeout: 512 seconds [16:44] kestrel (~athomas@dialup51.optus.net.au) joined #vserver. [16:44] hi there [16:47] hello prakash [16:47] erm [17:14] stubbsd (~stubbsd@217.206.216.194) left irc: Quit: Leaving [17:39] serving (~serving@213.186.191.23) left irc: Ping timeout: 512 seconds [18:08] noelk (~noel@p509276FA.dip.t-dialin.net) left #vserver (Client exiting). [18:57] Nick change: Bertl_zZ -> Bertl [18:57] hi everyone! [18:59] Bertl: Hi. [19:00] hi virtuoso, how are you? [19:00] Bertl: Normal fight. :) Celebrating the rest of new year. :) [19:01] you mean the 'first' of new year ;) [19:02] I actually mean 'the rest of n.y. holidays'. :) [19:03] Starting to prepare for university exams from tomorrow. :( [19:50] loger joined #vserver. [20:16] serving (~serving@213.186.191.23) joined #vserver. [20:19] tanjix (ViRu_@pD9049FE1.dip.t-dialin.net) joined #vserver. [20:19] hi @ll [20:19] hi tanjix! [20:20] everything alright, Bertl ? [20:20] yup, so far so good ... [20:20] nice [20:20] could you solve your vserver issues? [20:21] nearly all of them [20:28] nathan_ (~nathan@209-6-130-26.c3-0.sbo-ubr1.sbo-ubr.ma.cable.rcn.com) joined #vserver. [20:41] hey bert any devels ready for testing? [20:42] almost .. in a few minutes ... wasn't sure you are back, because of the '_' ;) [20:42] i set my ircnick to nathan and bitchx gives me what it can, seems to be another nathan :) [20:43] oki ... yeah, compile works, I'll make a diff ... [20:43] k [20:44] the xeon that i gave to my friend to borrow seems to have changed hands so i cant get ahold of it. [20:44] he gave it away :/ [20:44] can't believe it .... [20:45] im wondering if i can get access to a local dual via my university [20:45] still in active pursuit though [20:45] dual xeon or dual PIII [20:46] im trying to get my hands on either. just something to make debugging this and testing easier. [20:47] with a little luck, I should be able to do some testing on a dual Xeon amchine in february ... [20:48] and I'm reviving bochs, because bochs is able to do SMP emulation ... [20:48] http://vserver.13thfloor.at/Experimental/delta-2.4.23-vs1.3.2-vs1.3.2.1.diff [20:48] i wonder, what if i installed vmware on this box [20:49] hrm, I should get my dual p2 up [20:49] AFAIK vmware doesn't do SMP emulation, or am I wrong? [20:49] Bertl, ah but it wouldnt be emulation [20:49] i dont believe it does emulation of SMP, but the cpus are really there in my case. [20:49] and it would give me access to a console [20:50] Action: nathan_ ponders [20:50] vnc x servers with vmware sitting inside [20:50] but it would not help ... because vmware would run on 'one' cpu only :( [20:50] Bertl, oh i was counting on it using multiple ones, for some reason i thought it did. googling. [20:50] you don't get any issues this way ... [20:50] it has to do 'SMP' emulation to produce race issues ... [20:51] so cat /proc/cpuinfo inside vmware on a linux system has to show more than one CPU ... [20:51] yea [20:53] hmm "Virtual SMP" [20:53] hi dan! are you planning to do some testing too? [20:53] seems to be on ESX server [20:53] nah [20:53] Bertl: I could dedicate that system to testing if you'd like access to it [20:54] I need to swap out the power supply first [20:54] hmm, would require a remote (serial) console to be useful ... would that be possible? [20:54] yeah [20:54] serial wouldn't be a problem [20:54] Bertl, is this patch clean against 2.4.23? [20:54] nathan_: no, it's a delta ... from vs1.3.2 to vs1.3.2.1 [20:54] k [20:55] MrBawb: well, that would be very useful I guess ... [20:55] machine is sitting there powered off, so might as well give it something to do :) [20:56] well, such a machine could easily gather some karma points each day ... ;) [20:56] heh [21:04] argh! [21:04] won't work ... sec [21:08] Bertl, so you said you thought the nmi watchdog should be panic'ing this box? [21:08] hmm, no it should panic a locked box ... [21:09] if only one cpu is 'hanging' nmi will continue ... I guess ... [21:09] hmm im going to do a softdog with nowayout on a cron and hopefully that will take care of it [21:09] should do the trick ... [21:10] but the current patch is flawed .. wait for 1.3.2.2 [21:10] oh [21:10] ok, holding for a new one. [22:01] hmm, still searching for the bug I introduced :( [22:08] ahh, stupid copy paste bug again!!! [22:09] oh sure just as i place the order for these snowboard boots they give me a 10% coupon off my next purchase [22:09] Action: nathan_ sighs [22:10] using context limit I have to calculate the diskspace myself and set it with cqdlim, right? [22:10] yeah, right [22:10] next generation tools will do that for you, I guess ... [22:10] ok. now I understand it. thx. [22:11] Nick change: noel- -> noel [22:13] nathan_: http://vserver.13thfloor.at/Experimental/delta-2.4.23-vs1.3.2.1-vs1.3.2.2.diff [22:13] k [22:13] this is ontop of the last one ... [22:14] MrBawb (abob@swordfish.drown.org) left irc: Ping timeout: 512 seconds [22:14] noel: you could use du -skx for example ... [22:14] .. or find -type f | wc (for the inode count) [22:16] Bertl: yes. I'm using du for calculation. I'm think what is best: 1. calculating all vserver with du and then start them (takes long when booting) or 2. starting vserver and using du then with losing exact disk usage. [22:17] you can always 'correct' the value later on, so I would suggest starting it, and spawning a calculation thread, which, when completed, corrects the current values ... [22:18] and you could save the 'current' usage when you stop the vserver somewhere in a 'state' dir ... [22:21] MrBawb (abob@swordfish.drown.org) joined #vserver. [22:26] Bertl: yes. good idea. [22:26] k booting the new one [22:42] Bertl, hitting resource limits [22:42] err [22:42] strange [22:42] hmm? what's up? [22:43] chcontext --ctx bash is failing on forks [22:43] root@plain [~]# chcontext --ctx 1 bash [22:43] New security context is 1 [22:44] am i overlooking something dumb or is there something wrong? [22:45] it might be, I tried to switch to the new rlimit code, but stopped on half way ... so it might be some erroneous code paths there .. you could just comment out the check in do_fork() [22:46] but you might also hit the total number of forks case .. with a fork bomb ;) [22:46] or even out of memory limits ... [22:47] Bertl, this is before i do any of the tests, machine boots and i do the chcontext [22:47] hmm, that _is_ weird ... didn't happen here ... [22:48] hmm [22:48] well, I'm going to fix the resource issue anyway, in a few minutes ... [22:48] Action: nathan_ scratches head [22:49] do you think commenting out the rlimit check in do_fork will allow me to test or are there other things that may break? [22:50] sure, it is a check, in the previous release only activated if VX_INFO_NPROC (the nproc flag) is given .. [22:50] so commenting out, will not harm anything if you did not use nproc in your tests ... [22:51] giving it a spin [22:55] Bertl, box is still up after killer.c + while cat [22:55] sounds good ... [22:56] ack [22:56] lost it after kicking killer.c up a notch :-/ [22:57] ill test it without the loop in a sec after the box comes back up [22:57] just to make sure im not fork bombing it and killing the thing [22:57] softdog got it though [22:57] okay ... [22:58] you could use the 'limited' kilelr2 version ... [22:58] or are you already doing that? [22:59] i hacked up my own, ill try the kilelr2 [22:59] is that on jonathans website? [23:00] if yours is working, no need to do so ... I didn't even test it, just a simple aptch on my side ... [23:00] ah [23:00] http://vserver.13thfloor.at/Experimental/killer-fix.diff [23:00] im about to try mine without the cat so that will tell us if i blew it away with a fork bomb or if there is still a deadlock [23:00] okay ... [23:01] you are the killer expert ;) [23:01] Bertl, are you a bochs developer as well or were you just going to try to test with bochs? [23:02] no bochs developer, I 'just' used bochs before I switched to QEMU (because bochs is dog-slow;) but IIRC, it is SMP emulation capable ... [23:03] ah i see [23:04] it's funny, the nproc feature seems to be there since ages, but I can't find any version, which looks like working to me :( [23:04] well bert once again im a dope and it seems i am infact blowing the box away myself with the killer.c [23:04] lets try yours :) [23:05] it might be necessary to set a longer watchdog timeout ... what is your current span? [23:06] 60s [23:06] thats whats strange [23:07] the box seems to go dead immedietly [23:07] pings stop responding the minute i stop getting output from killer [23:07] and surely the watchdog hasnt kicked in yet [23:07] hmm, but the machine reboots after 60secs? [23:07] yep it did last time, waiting for it right now [23:08] yep its back with the stable kernel [23:08] okay, you might try to add panic=10 and set the watchdog timeout to 100 secs [23:09] this way, you 'know' when the kernel 'just' paniced ... [23:09] yea ive got panic=10 with wd set to 60 right now [23:09] hmm, okay, so was it like 10secs + reboot or like 60+ ? [23:10] hmm hard to guesstimate, wasnt paying close enough attention [23:10] box stopped responding to pings the minute i stopped getting responses, leads me to point at a panic [23:10] that's why I would suggest to extend the wd time ... [23:11] ok [23:11] ill set the wd timeout to 5m, then we know for sure [23:11] a boot usually takes about 30 secs ... [23:11] 120s for the watchdog should be enough to differentiate ... [23:11] k [23:18] booted in 2m from time of crash [23:18] wd was set to 4m [23:18] so should have been a panic [23:18] hmm, looks like it ... [23:18] would be cool to know what panic ... [23:24] cant really get that info with the current setup :/ [23:25] http://lwn.net/Articles/48474/ [23:26] hmm, I guess netconsole is better than I supposed ... [23:27] dont look like i can traverse a gateway with it though [23:28] not sure, you could use the mac of the gateway, and an external target ip ... that should work ... I guess [23:28] hmm [23:28] but the article is 2.6 [23:31] hmm i see references to one against 2.4.10 [23:32] me too, but still ahven't found the code .-.. [23:33] http://people.redhat.com/mingo/netconsole-patches/ [23:34] ccooke (~ccooke@80.1.164.238) left irc: Read error: Connection reset by peer [23:34] one bad hunk but its in Configure.help so lets give it a spin [23:51] netconsole: eth0's network driver does not implement netlogging yet, aborting. [23:51] ugh [23:51] hmm ... [23:52] ahh, yes I remember ... there where patches for specific network cards ... [23:54] hmm i have a eepro100 [23:55] actually its an E1000 my mistake [23:58] JonB (~Jon@0x503e0319.kjnxx7.adsl.tele.dk) joined #vserver. [00:00] --- Sat Jan 3 2004