[00:10] tanjix (ViRu_@pD9049C46.dip.t-dialin.net) left irc: [00:14] serving- (~serving@213.186.189.38) left irc: Ping timeout: 499 seconds [01:06] Nick change: BobR_oO -> BobR [01:30] stubbsd (~stubbsd@public2-birk1-6-cust176.manc.broadband.ntl.com) joined #vserver. [01:30] BobR (~georg@MAIL.13thfloor.at) left #vserver. [01:30] hi, anybody know it there should be any problem running nss_ldap on vservers? [01:32] I can't see any reason you would have a problem [01:32] thanks, must be something else then, I will keep on looking. [01:33] heh [01:33] I'm no expert [01:33] so take my answer as final [01:33] but, I can't see any reason why it wouldn't work in a vserver [01:33] what's wrong [01:33] ? [01:34] *don't take [01:34] gotta go [01:34] Just doesn't work, [01:35] Nick change: WSU -> WSU_away [01:36] sorted, dan reverse lookup :-), sorry all. [01:46] Doener (~doener@p5082DF3B.dip.t-dialin.net) joined #vserver. [01:57] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Quit: Terminated with extreme prejudice - dircproxy 1.0.5 [01:57] hi Doener! [01:58] hi bertl [02:00] DazeDark (~chris@82-32-130-79.cable.ubr05.hawk.blueyonder.co.uk) left irc: Ping timeout: 499 seconds [02:06] serving (~serving@213.186.189.38) joined #vserver. [02:06] hi serving! [02:07] HI Bertl [02:07] that was an automatic signup but this time i caught your greeting :) [02:08] cool! [02:08] I could not solve that socket.c1111 problem of this morning [02:08] hmm, it is still there? [02:09] yep. [02:23] well, IIRC we found the following true: your command triggers the modules loader, but that tool isn't able to find/load that module ... [02:24] an educated guess would be: either you didn't install those modules properly or they are broken ... [02:24] rmoriz (rmoriz@rmoriz.cpan.de) joined #vserver. [02:24] hi [02:24] hi rmoriz, are you working with perl? [02:24] is there a quota/limit patch available for 1.3.4/2.4.24 ? [02:24] Bertl: yes [02:25] no, there is no patch available, would you like to test one? [02:25] Bertl: it's my fav. programming language ;-) [02:25] it would be nice. [02:29] Bertl: I did a standard make modules [02:30] when installing a fresh kernel [02:31] how can I find out which module loader is doing this ? [02:32] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [02:32] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [02:32] lp (~lpressl@interner.SerNet.DE) got netsplit. [02:32] infowolfe (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) got netsplit. [02:32] micah (micah@micha.hampshire.edu) got netsplit. [02:32] CosmicRay (~jgoerzen@glockenspiel.complete.org) got netsplit. [02:32] deadguy (deadguy@bananajoe.big.du.se) got netsplit. [02:32] maharaja (maharaja@ipax.tk) got netsplit. [02:32] Medivh (ck@62.93.217.199) got netsplit. [02:33] Medivh (ck@62.93.217.199) returned to #vserver. [02:33] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [02:33] maharaja (maharaja@ipax.tk) returned to #vserver. [02:33] ah, another split .. what did I miss? [02:34] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [02:34] micah (micah@micha.hampshire.edu) returned to #vserver. [02:34] [N] Join synched in 23170.658 seconds. [02:34] now that took long :p [02:34] damn client hehe [02:36] you only been gone for 2 minutes [02:36] i know ;) [02:36] deadguy (deadguy@bananajoe.big.du.se) returned to #vserver. [02:36] looks like some silly bug in my client [02:36] Bertl: you don't like the idea of running vserver contexts on filesystem images? [02:36] hmm, how would you do that? [02:37] put the vserver stuff on a mounted filesystem loop [02:37] hmm, you mean using aloop device for the vserver root fs, right? [02:37] i head that some major german "vserver" companies do that instead of using the quota patches [02:37] CosmicRay (~jgoerzen@glockenspiel.complete.org) returned to #vserver. [02:37] i got it running like that on one machine, works really nice [02:37] Bertl: yes [02:37] s/head/read/ [02:38] JonB (~jon@129.142.112.33) left irc: Quit: Client exiting [02:38] well, if they want, probably the best way to get rid of your resources ;) [02:39] does it use a lot of resources? [02:39] you know vd-server.de? [02:39] didn't notice any performance impact at all [02:39] (okay that's a UML based service) [02:39] well, look at it this way: what do you want to gain with a loop mounted root fs? [02:39] i know FastIT GmbH in Germany uses "our" patch [02:40] Medivh: defined "our" patch? [02:40] well linux-vserver ;) [02:40] Bertl: hard size limits [02:40] Medivh: also smart-applications [02:40] smart-weblications or how the companie is called [02:40] never heard of [02:40] not sure what 1st-housing uses. [02:40] Medivh: it's a pricebreaker on webhostlist.de [02:40] i used to work for FastIT years ago, so I'm keeping myself updated on what they're doing now ;) [02:41] http://vserver.13thfloor.at/Experimental/patch-2.4.24-vs1.3.4-q0.12.diff [02:41] http://www.webhostlist.de/host/data/pf2.php4?virtuell=1&hd=&managed=&standort=1 [02:41] Bertl: thanks :) [02:41] okay hard size limits, fine, why not use lvm partitions? [02:41] on a shared device? [02:42] maybe because noone really uses LVM ;) [02:42] well, you can't consider a loop file a shared device, do you? [02:42] omfg, 50 euros including 250 gigs of traffic [02:42] wonder how they finance such offers if people go use their included traffic [02:42] Medivh: the can't [02:42] +y [02:42] and putting files on a disk partition and mounting it via a loop device, actually means that you get the I/O twice ... [02:43] infowolfe (~infowolfe@pcp04891550pcs.frnkmd01.md.comcast.net) got lost in the net-split. [02:43] lp (~lpressl@interner.SerNet.DE) got lost in the net-split. [02:43] hm... [02:43] can i make 250 LVM partitions? [02:43] sure, why not? [02:43] hm never tried it. [02:43] it's even simpler to extend ... [02:43] if you decide to add another disk, just add it to the vg ... [02:43] 20 cents/gb ... that's a price i'd dream of buying my traffic for heh [02:44] heh [02:44] Medivh: your dream, my reality ;) [02:44] rmoriz: I would suggest to add a fix to vs1.3.4, otherwise you will get fork() issues ... [02:44] http://vserver.13thfloor.at/Experimental/patch-vs1.3.4-fix01.diff [02:44] rmoriz, i'm sure you buy a large amount of bandwidth though, and not on per-gb basis then? ;) [02:45] Bertl: ok thanks [02:45] Medivh: on GB base [02:45] but there is no need to pricedump anyway. [02:45] why should i shell too cheap? i like small business customers paying 1-2 eur/GB [02:45] and they like me. [02:45] i buy my bandwith by the Mbit [02:45] =0) [02:46] i can decide to do that. [02:46] but i only make a few GB...i'm a very small one :) [02:46] rmoriz, same here, my customers pay 1-2 eur/gb also ... and they're satisfied, what else can i ask for ;) [02:47] GB/month is usually used with hosting [02:47] mugwump (~sv@202-0-63-138.adsl.paradise.net.nz) joined #vserver. [02:47] hey sam! [02:47] 95th percentile is usually used with real links [02:47] eeeppp... it's the scary sam person [02:48] Hey Herb. Sorry I've been a little disconnected of late. A collegue says you're after me.. [02:48] oh, there he is [02:48] yeah, that is right ... [02:48] btw, Bertl, any news on the vnet stuff? ;) [02:48] no unfortunately nothing ... [02:49] he hasn't been asking for support on the hairy custom merge has he ? :) [02:49] btw Bertl, if anyone needs IPv6 peering, i can get tunnels setup for y'all [02:49] kungfuftr: we'll come back to that, I'm sure ... [02:49] and you'll only be sharing an ADSL line with the rest of asia? :) [02:49] mugwump: nah... uunet bandwidth [02:49] i can provide ipv6 upstream too if needed ;) [02:49] mugwump: ipv6.xede.org =0) [02:50] okay, give Sam and me a few minutes to talk ... then you can eat him ;) [02:50] i route most of europe and asia to the UK... east coast US too [02:50] uk6x? [02:50] mugwump: a mate of mine from back home is the OFTC chairman... [02:50] Medivh: nah... glbx [02:51] Action: mugwump sends kungfuftr SIGPIPE [02:51] mugwump: so i'm already on here, so was handy that vserver was here... i bloody hate freenode [02:52] Funny, here was the channel that FreeNode vs OFTC ``debate'' was being held [02:52] okay, Sam,the following issues are to be discussed: ILI, ILI, ILI, and a little Scheduler ... [02:52] bertl: ok, let me guess. You want me to look over recent ILI changes? Or actually get around to porting the Scheduler... [02:52] heh [02:52] neither nor ... [02:53] ok. ILI first. [02:53] okay, I decided to rename that stuff to Immutable Unlink [02:53] Sufficiently vague to encompass it's double meaning. Nice. [02:54] done that, I removed the IMMUTABLE_FILE and replaced IMMUTABLE_LINK by IUNLINK [02:54] this is just cosmetics, but I would like to know what you think of that [02:55] I also modified the IS_IUNLINK to check for Immutable and IUNLINK [02:55] insted of xoring them [02:55] My gut feeling is that "I" is an over-zealous contraction of IMMUTABLE. [02:56] yeah, sure ... [02:56] you've canned the XOR ? But that leaves one unreachable condition... [02:56] ie, mutable file, immutable link [02:57] now that doesn't lead to any issues I guess ... [02:57] or what is that combo be supposed to do? [02:57] just that. Files you can change the contents of, but cannot unlink/rename/link [02:58] hmm, did this actually work? [02:58] Yes [02:58] *rebooting testbox* [02:58] hrm, if i may ask an offtopic question, is there a way to tell rpmbuild to look for includes in another path except for modifying the spec file? [02:58] At one point, anyway. [02:58] okay, we do not want to loose any features, so I'll try to add this back ... if it worked ;) [02:58] medivh: try setting CCOPT=-Ifoo [02:58] thanks, gonna try right away :) [02:59] but, fwhat I suspected for a long time, now happened, namely the ILI flag is used by some distro for the lilo files ... [03:00] and guess what, lilo isn't able to update that file ... [03:00] lilo files? I thought that the "notail" option one took that bit [03:00] oh, nasty [03:00] app-103:~# uname -ar [03:00] Linux app-103 2.4.24-vs1.3.4 #2 Thu Jan 8 00:51:46 CET 2004 i686 GNU/Linux [03:00] yeah, so we probably have to move to another bit ... [03:00] but we have to do it without breaking existing server installations ... [03:01] This is silly. This whole ILI thing is a good feature that would be useful to many users, but unless we start it as its own little project it'll never get in. [03:01] Meanwhile the FreeBSD guy in the corner is laughing at us [03:01] Action: kungfuftr whistles [03:01] New security context is 49158 [03:01] Can't exec /usr/lib/vserver/save_s_context (Permission denied) [03:01] hm [03:02] well, the ili stuff is pretty separated in my splits, so there is no problem in 'submitting' it ... [03:02] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [03:02] OK, now we've really hit on a harder problem then. Migrating the bits on existing filesystems. [03:02] enrico? is this a real join? [03:03] yes, I swapped my harddrives and thought it would be safer to turn of the machine... ;) [03:03] okay, I just wasn't sure, because we had another netsplit a few minutes ago ... [03:03] since this was an NFS server, I had to reboot some clients too... [03:03] (inclusive the router) [03:04] okay, short info for you, some distro uses the notail flag for lilo .. this causes trouble with the ili stuff ... [03:04] netsplit was due to kernel upgrade... apparently [03:05] which distribution is using lilo today? [03:05] mugwump, CCOPT didn't work ... any other clue? [03:06] -ILIB /some/path ? [03:06] hrm looks like i can only start one vserver [03:06] rmoriz: hold on! [03:07] I hope you didn't mount the rootfs with tagctx option? [03:07] no. [03:07] stubbsd (~stubbsd@public2-birk1-6-cust176.manc.broadband.ntl.com) left irc: Remote host closed the connection [03:07] medivh: no, unless it's COPT, COPTS, or CCOPTS. It might be up to the contents of the Spec file... [03:09] bertl: would requiring users to run a quick `chattr -R' analogue after rebooting into the new vserver kernel be OK ? [03:09] Sam, I guess we should move to 0x08000000 for now ... [03:09] yeah something which scans the vserver, and if IMMUTABLE and IUNLINK(old) is set then set the new bit, and clear IU(old) [03:10] yep, that's what I was thinking. [03:10] nathan_ (~nathan@209-6-130-26.c3-0.sbo-ubr1.sbo-ubr.ma.cable.rcn.com) joined #vserver. [03:10] hello everyone [03:10] hi nathan_, have a stabilized 1.2.2.2 for testing here, wanna try? [03:11] thats quite the number of twos [03:11] sure ill give it a spin [03:11] how was the back rubbing yesterday? [03:11] tiresome [03:11] damn women [03:12] :) [03:12] I reckon, backrubs seem to be a one way street [03:12] http://vserver.13thfloor.at/Experimental/delta-2.4.24-vs1.22-vs1.2.2.2.diff [03:13] okay, the other thing is, that we should discuss some tools for the scheduler tuning .... [03:13] mugwump, nod [03:13] Bertl, hows the proc issue coming along? [03:13] mugwump, CPPFLAGS did the trick ;-) [03:13] well, the 1.2.2.2 version is a fix of the 'old' proc interface ... [03:14] the new interface is in development ... [03:14] Bertl, old being race condition or being security issue? [03:14] or both :) [03:14] apparently redhat got $400 million USD in more investment yesterday... argh [03:14] the race issues, the security stuff is solved in my opinion ... [03:14] Bertl, how was that solved? mount bind point or something else? [03:15] well, actually we came to the conclusion, that we simply will disable some proc entries not required for vservers on vservers [03:15] ah [03:15] so the entire directory tree will be masked ... [03:16] doesn't help for such special issues like sysrq-trigger, but they can be solved separately ... [03:16] and we'll probably include the ro --bind mount stuff too ... [03:16] Bertl: looks like the vserver tools don't do with 1.3.4 [03:16] So, is there a new type of procfs for vservers? Or a mount option? [03:17] well, mount options don't work SINGLE fs [03:17] I always thought that controlling visibility of proc via capabilities was the right way [03:17] rmoriz: what tools are you using [03:17] 0.29 [03:17] mugwump: yes, basically it will be something like that ... [03:17] mugwump, kernel maintainers dont seem to be following that though [03:18] rmoriz: do I mention them on the download page? [03:18] no ;) [03:18] what conclusion do you draw? [03:19] i should migrate my debian system to redhat so that i can use util-vserver ;) [03:19] enrico! help! [03:19] migration to redhat/fedora is really easy... ;) [03:19] hrm ;) [03:19] okay sam, any great ideas regarding procfs, by the way? [03:20] in short the issue is the write-ability within vservers ;) [03:20] no, just some old ideas regurgitated :) [03:20] well lets hear ... [03:21] one idea was a special type of procfs for vservers that only let you use specific nodes [03:21] but otherwise used the procfs code [03:21] something like a mask? [03:21] another idea was filtering just /proc with a userland-pokable regex [03:21] inside the kernel? [03:21] sure, why not. regex libraries are stable ... :) [03:22] Action: mugwump issues modprobe pcre [03:22] Action: Bertl bertl just lost his mind ... now searching ... [03:23] is there really a pcre module? [03:23] seriously though, you could have a "white list" of nodes that are allowed through [03:23] nathan_: sure. just pipe it out of /dev/crack [03:23] :) [03:24] ie, all the PID dirs, and simple things like `uptime', ... `stat', `version' [03:24] okay, that is pretty much what I had in mind, although I think we can replace the configurable whitelist by some hard coded defaults ... [03:25] s/defaults/behaviour/ ? [03:25] yeah ... [03:25] I suppose it's fair enough to make it a recompile offence if you want to potentially open up a massive security hole [03:26] I'm sure paul will complain in the minute we do that, that he has a software watchdog running in one vserver which needs access to the /proc/junk/reboot entries ... [03:27] So don't mount procfs with the vserver mount options for that server [03:27] not an option, mount options for procfs are for every procfs mount :( [03:27] oh. well, how do we stop them having effect in the root server then ? [03:28] by using a smart logic to figure that out (xid ?= 0) [03:28] for some definition of smart :) [03:28] Maybe the whitelist code could go in the bind mount code [03:30] So, mount --bind -o rootvfsfilter='^([0-9]*|uptime|version|loadavg)$' /proc /vservers/foo/proc [03:30] hmm, I guess you didn't check how the bind mounts work ... [03:31] you're right [03:31] point me at a file, maestro [03:31] # mkdir A [03:31] # mkdir B [03:31] # mount --bind /tmp/A /tmp/B [03:31] bertl: did you get my message about udp6.c? [03:31] touch A/1 [03:31] ls B [03:31] 1 [03:32] My understanding was they were like a directory hardlink. [03:32] maharaja: I got something ... [03:32] But then, what of the guy who managed to hack in RO bind mount support? [03:32] 08:47 @@ -744,6 +748,9 @@ struct sock { [03:32] bertl: did it make sence :) [03:33] well, yes, actually it was a mistake (on my side), but ipv6 doesn't work anyway ... at least not as expected ... [03:33] hm [03:34] util-vserver is nearly unbuildable on debian [03:34] rmoriz: why? [03:34] bertl: i see [03:35] mugwump: that was actually me, that guy with the ro --bind stuff ... [03:35] rmoriz: sometime ago I tested it with Debian 2.0 and it build without problems [03:35] stcace01:~# dpkg -s util-vserver [03:35] Package: util-vserver [03:35] Status: install ok installed [03:35] Priority: optional [03:35] Section: unknown [03:35] Installed-Size: 815 [03:35] Maintainer: Sam Vilain [03:35] Version: 0.23.96-1 [03:35] Depends: libc6 (>= 2.2.4-4), libstdc++2.10-glibc2.2 (>= 1:2.95.4-0.010810) [03:35] Recommends: debootstrap [03:35] etc [03:36] version 0.23.96 is a little bit old... [03:36] works for me ;) [03:37] i run 0.25.90 without any problems on debian [03:38] well, what I don't understand, how is compiling a deb package different from compiling a source tar? [03:40] Well, dpkg --remove works for a start :) [03:41] is there no rpm -tb for debian? [03:41] debootstrap-- [03:41] dh_make is close [03:43] okay, ad scheduler, enrico, sam? can we find some userspace interface and tool to set/configure this easily? [03:43] mugwump: any idea how do make a dependency spider based on 'Packages'? [03:45] The Scheduling options, I presume you mean. [03:45] yeah, those 'magic' values you assign via the tuning syscall command ... [03:46] what are we deciding? syntax? [03:46] Bertl: it should be no problem to set this atomic values... [03:47] hmm, I would like to have something I can explain somebody, who is asking, how do I configure my O(1) sheduler ... [03:47] s/sheduler/scheduler/ [03:47] but to adjust multiple vservers need more work [03:48] some basic concepts like 10% of the CPU in average or something like that ... [03:49] or, even weighting like A,B,C is 5 and D,E is 2 [03:49] "in average" means that I have to know what the other settings are... [03:49] No, 10% of the CPU is constant [03:49] means that on a balanced system total = 3*5+2*2 and each server will get the N/total fraction [03:49] without at statistic interface, this becomes ugly [03:49] you only need to know what the other settings are to make sure that you haven't over or under-allocated it [03:51] Weighting would definitely avoid that problem. You don't even need to do much math - just add up the weightings, that's the divisor. Then each server gets its weighting as their allocation. [03:52] so, with your example, A,B,C get 5/19, D,E get 2/19. [03:52] so basically we should do that in the kernel, right? [03:52] The scheduling patch I wrote works like that. [03:53] Gives you 5 tokens every 19 cycles (or whatever) [03:53] okay, we are talking about that patch, right? [03:54] Unless you're going to design & implement it for the (non-O1) solution in 1.3.2+, yes :) [03:54] + int32_t fill_rate; [03:54] + int32_t period; [03:54] + int32_t fill_level; [03:54] + int32_t bucket_size; [03:54] aye [03:55] those are the values, how to configure them? [03:55] are they _all_ useful in userspace? [03:55] fill_rate and period, absolutely. [03:56] okay, bucket size is an upper limit right? [03:56] and fill_level is the current value? [03:56] yep [03:56] fill rate is how often a token is kicked into the bucket? [03:56] having a smaller bucket_size will give quicker scheduling results [03:57] quicker means shorter scheduling periods ... [03:57] no, period is how often fill_rate tokens are tossed in the bucket [03:57] okay, period 1 means? [03:58] hmm, 2 questions... [03:58] "quicker" actually means that it takes less time for a context which is over- or under-using its tokens to get scheduling *bonuses* [03:59] To get 5/19 of a CPU, you would have a fill_rate of 5, and a period of 19. [03:59] period 1 would only be useful on SMP, eg fill_rate = 1 also, to give one entire CPU [04:00] hmm, so this means, give every 19, interrupt cycles 5 tokens into the bucket, right? [04:00] the correct term is "jiffies" :). Yes. [04:00] okay, jiffies it is ;) [04:01] so having sum(fill_rates) > or < period doesn't make snese, right? [04:01] for a constant period value for all contexts ... [04:02] Well, consider this. You have a system with 32 vservers on it, but you give each 1/16 of the system, because you know that usually most of your customers don't use all their CPU [04:03] default vs. specific [04:03] Or, you have a system capable of having 32 vservers on it, but have only sold 5 so far, so still only give the 5 you have already 1/32 of the CPU [04:04] hmm, would that actually lead to 27/32 idle time? [04:05] no, they would just get very low priorities. [04:05] hmm, so what is the sense in that then? [04:06] maybe it would make more sense if it could be 'hard' scheduling. [04:06] is this possible? [04:06] and what about the 'host' context? [04:07] it doesn't have a s_context structure, does it? [04:07] or whatever that structure's called now :) [04:07] yes, currently hasn't ... [04:08] So, the host context just gets all it can eat, though it won't get the bonuses that being in a token rich context would give it [04:09] Though of course you can override that for individual process groups with `nice -19' :) [04:10] So, having a deficiency only makes "real" sense if you allow for the root server, or if "hard" scheduling is implements. [04:11] okay, what I think is, that this needs some business logic to make it work on the average vserver setup ... [04:11] Having a surplus (of weightings) only makes sense if you explicitly want it. [04:12] I don't think that it's a good idea to tell the vserver users, to update some magic values for every vserver, when they start a new one .. do you? [04:12] and I don't think it's a good idea to use default values for those magic values either ... [04:13] oh come on, they're not all that magic :) [04:13] anyway, I think that this can easily be solved with a couple of switches. [04:14] If anyone wants anything more specific, they can write their own tools. [04:14] I'm all ears ... [04:14] a default --balance switch that makes the usage 100% across all the vservers. views the fill_rate as the weighting. [04:14] but this has to be in the kernel ... [04:15] no, the existing flags are flexible enough [04:15] hmm, so you want to change every context? [04:15] setting --balance would have that effect, yes. [04:16] okay, I'll just listen, try to explain the interface to me ... [04:16] most users would use `ctxcpu --ctx N --weighting FOO' [04:17] This goes through all the contexts running, and adds up the fill_rates of all of them [04:18] then sets the `period' to be that total, divided by the number of CPUs in the system [04:19] Otherwise, if you use `ctxcpu --nobalance', you could conceivably set all of the flags for an individual context unhindered [04:19] Of course, there is the problem that something needs to keep track of whether an individual context was supposed to be balanced or not... [04:19] okay, but I guess it would be _much_ better to do that 'simple' summing in the kernel ... [04:20] could even be based on a flag ... [04:21] yes, something like that. I don't think many users would have such fine grained requirements that the period needs to be able to be set on a per-context basis, come to think of it [04:21] the kernel has a lsit of all contexts ... and quick access to that data ... no need for special math, and no problems in userspace ... [04:22] so we allow to 'set' the fill_rate (amount) for each server and calc/update the period ... [04:22] what about the bucket size? [04:23] A more advanced scheduler would want to be able to set that on a per-vserver basis. [04:23] this should be quite independant, right? [04:23] "Batch" vservers would probably want very large bucket sizes [04:24] okay, so basically filling up their buckets, and bursting CPU later ... [04:25] the fill level is only of interest if you wanted to give some start credits or something like that, right? [04:25] essentially. Also, an "active" scheduler might want to meddle with bucket levels every N seconds or something like that. [04:26] hmm, okay but we could hide that from the user for now, right? [04:26] lp (~lpressl@interner.SerNet.DE) joined #vserver. [04:26] oh yes of course [04:27] good, so the user interface would actually consist of a vsched --xid 100 --weight 5 --size 20 [04:28] and done for every vserver, it would balance similar to vsched --xid 100 --weight 1 --size 10 [04:30] `size' is `period', no? [04:31] or bucket size? [04:31] hmm, actually bucket size ;) [04:31] ok, `period' is automatic. cool. [04:31] but the name doesn't matter ... [04:31] but, if --period or --divisor is given, the auto-balance should be avoided [04:32] most users won't care about --size or --level, but may as well support them... [04:33] the question is, how to balance over individually configured vservers? [04:33] either we add a flag like the NPROC, which says, this is an un-balanced server ... [04:34] and just exclude those from the calculations ... [04:34] I don't think you'd exclude them. You'd add up their fractions with reals, and make that an offset to the the `fudge' factor [04:34] or we define two different syscall commands, one which autobalances, and the other which doesn't ... [04:34] Oh, I forgot the --fudge switch [04:35] vsched --fudge 10 ... means to pretend that there is another context with a weighting of 10 [04:35] okay, what is the fudge factor? [04:35] is this the 'host' simulation? [04:36] yes, or over/under selling [04:36] vsched --fudge -10 would mean to over-stock fill rates by a weighting of 10 [04:37] So, any contexts that have this SCHED_MANUAL (or whatever) flag set, that gets converted to a fudge factor [04:38] or, rather, a percentage of CPU considered unavailable [04:38] But, that SCHED_MANUAL flag could be set in user space as well, of course. [04:39] I guess I lost you ... [04:39] okay, how do we proceed? the arguments to your syscall command make sense to me now ... [04:40] Do you want me to port the patch to 1.3.4 ? [04:40] I'll add a syscall command, which does the balance ... [04:40] the patch is in 1.3.4 ;) [04:41] in the ck1 version actually ... [04:41] Oh, the one I saw didn't have the full scheduler changes [04:41] if you find something missing, please send me a diff ... [04:42] I modified your syscall command a little, because passing the xid twice didn't make sense to me ... [04:42] no, that was my ignorance of the syscall structure [04:43] ok, here's something missing. there are no token structures at all in 1.3.4 :) [04:43] the scheduling patch looks to be a basic `loop over all processes at resched time' approach to balancing [04:43] as I said, or tried to explain, there are two versions of 1.3.4 one for the vanilla kernel, and the other for the ck1 kernel ... [04:44] oh right [04:44] ck1 has O(1) scheduler, so your stuff is in ... [04:44] duh, it needs a new scheduler... [04:44] who is ck? [04:44] Con Kolivas ... [04:45] also has Preemption and Lowlat, both I patched in for some time ... [04:45] and actually found quite useful for vservers ... [04:46] yuck, who needs 64 bit jiffies [04:46] those 64bit jiffy hunters for sure ... [04:47] XFS file system v1.3.1: This is possibly safer with preempt disabled. heh... [04:48] well, you can do your own scheduler patch for vanilla, no problem there ,) [04:49] You know I chose that algorithm to make the implementation simple :) [04:49] I'd hate to try on the old scheduler [04:49] well, I did the aa-O(1) port for 2.4.22 IIRC ;) [04:50] Action: mugwump tips his hat [04:50] that's some feat alright [04:53] well, I just figured it would be easier to use a maintained kernel patchset, which already includes the features I was looking for, instead of patching everything myself ... YMMV [04:54] That's why I started with AC [04:55] Ooo, I want a kernel with CRAK [04:55] http://www.ncl.cs.columbia.edu/research/migrate/crak.html [04:57] yeah, we where discussing similar stuff a while ago ... [04:58] okay, so is the ck1-vs1.3.4 scheduler up to date? [04:58] and your TBF stuff in particular? [05:00] looks like it contains everything I wrote... you said you were going to take care of the sysctl [05:00] yeah, the balancing stuff ... [05:01] actually I would say, an additional balance command should suffice ... [05:01] or do we need a special set, and balance command? [05:01] I still think it would be better in user-space, but you're the one coding it :) [05:02] well, in userspace you have to face two issues: [05:02] a) contexts may die and be created while you do your math [05:02] b) you ened a good way to get all contexts and their values ... [05:02] s/ened/need/ [05:03] any 'good' solutions for that? [05:03] sure, seperate sysctls :) [05:04] OK, I can see why you'd want to keep the balancing kernel side. [05:04] So long as I can turn it off for a user-space active scheduler [05:05] hey no problem with that, I don't want to lose any features, as I said, I'll restore the ILI special behaviour too .. didn't know it was intentional ;) [05:06] what is the idea behind the flag (Enable/Disable)? [05:06] (in the scheduler tuning syscall) [05:07] oh, that was just to turn on and off the scheduling entirely. I think we decided to move that into a generic set flags sysctl [05:07] okay, so we can get rid of that ... [05:07] sure [05:08] then we do two different syscall commands, one with the full set, and another with 'just' rate and size, + autobalance, right? [05:09] and we add a global value for the host context (fudge stuff) [05:09] does this make sense to you? [05:10] sure, sounds great. do you need two syscalls? Couldn't you get away with one, and autobalance if no `period' is given? [05:11] hmm, well period 0 doesn't make sense otherwise, right? [05:11] so why not, one syscall _command_ and (period == 0) means autobalance ... [05:13] I'll buy that for a dollar [05:13] Actually, any time that the number of balanced contexts in existance changes you'll need to rebalance [05:14] yeah, I know that, but thanks for mentioning that anyway ... [05:14] hey np :) [05:15] seems like you've got it waxed ... I'd better return to Perl mode for a bit and do that whole day job thing [05:15] you're doing a smashing job Herb! [05:16] A pity it was Jacques who got the £500 gift from Easyspace for writing a useful feature :) [05:16] well, he has other problems .. I guess ... [05:17] I know what it's like. You take on so many OSS projects ... some have to fall by the weyside, until they get adopted or simply die of starvation [05:17] okay, so you'll write a tool to setup this stuff ... and enrico, we get one in plain C too? [05:18] like the vkill? [05:19] Action: mugwump & # work [05:19] ok, but I have not followed your discussion entirely. Do I really need to give 2 values to the kernel which does balanching? [05:20] okay, be basically agreed on the 'current' interface (see vs1.3.4 ck version) [05:20] minus the obsolete flags ... [05:20] fill_level and bucket_size? [05:21] we have period, fill_rate, level and bucket_size [05:21] which are the obsolete flags? [05:21] the ones in this struct (enable/disable) [05:22] I'll upload an updated .h soon ... [05:22] ok [05:22] basically it should be possible to set all those values (4) [05:22] setting level to a special value (LEVEL_SAME or something like this) [05:22] doesn't change that value ... [05:23] setting period to zero, activates the auto balancing ... [05:23] which is done on every start/stop context for all 'autobalanced' contexts [05:23] (this can be set with a flag like nproc ... [05:24] does this make sense to you? [05:25] yes, but I do not know if will make it a flag... [05:26] hmm, please elaborate? [05:26] when I have settings for the scheduler, the 'autobalaned' attribute should be stored there [05:27] well, we will move all those flags in the flagword we discussed ... [05:28] no need to split it over the syscall commands, right? [05:29] I will have to get the value for 'fill_value' from somewhere, so why not for 'period' also (inclusive 'autobalanced' special-value)? [05:29] hum, well you can 'read' all values, but, they are there regardless of the 'autobalance' or not ... [05:31] ah, autobalance means equal priority for all vservers, but not adjusting period to sum(fill_value)? [05:33] no, the contrary, auto_balance means that the period is auto calculated ... [05:35] but 'fill_value' will be needed for balanced vservers then [05:36] so I would configure it as /etc/vservers//scheduler/{fill_value,period,fill_level,bucket_size} and give these values to the vsched tool [05:36] for 'period' I will accept special value 'AUTO' [05:37] struct vcmd_set_sched_v1 { [05:37] uint32_t options; [05:37] int32_t fill_rate; [05:37] int32_t period; [05:37] int32_t fill_level; [05:37] int32_t bucket_size; [05:37] }; [05:37] this is the current interface ... [05:37] struct vcmd_set_sched_v1 { [05:37] what are the options? [05:37] int32_t fill_rate; [05:37] int32_t period; [05:37] int32_t fill_level; [05:37] int32_t bucket_size; [05:37] }; [05:37] this is how it will look like ... [05:38] special values for fill_level: -1 means keep it [05:38] special values for period: 0 means recalc balance [05:38] when can 'vsched' be called? Before create, between create and migrate, or after migrate? [05:39] it requires a 'running context ... [05:39] running? so after migrate... [05:39] so after migrate, maybe with the option as default setting before migrate [05:40] but for sure after create ,,, [05:40] a flag from the flagword 'disables' the autocalc for this particular context ... [05:41] that flag must be configurable at runtime ... [06:28] serving (~serving@213.186.189.38) left irc: Ping timeout: 499 seconds [06:42] Topic changed on #vserver by Bertl!~herbert@MAIL.13thfloor.at: http://linux-vserver.org/ || latest stable 1.22, devel 1.3.4, exp 0.04 [08:19] You_Wish (~You_Wish@adsl-068-209-131-003.sip.jax.bellsouth.net) joined #vserver. [08:19] You_Wish (~You_Wish@adsl-068-209-131-003.sip.jax.bellsouth.net) left #vserver. [08:20] serving (~serving@213.186.189.86) joined #vserver. [09:50] Nick change: Bertl -> Bertl_zZ [10:20] Tamama (Pluh@a62-216-20-152.adsl.cistron.nl) left irc: Quit: one little two little three little piggies OINK! OINK! OINK! [11:15] loger joined #vserver. [11:46] morning [11:47] how do I manage 2 sshs on one machine with one IP [11:48] I startet them on different ports (different vservers also) [11:48] but I get host key middle-man-attack warnings :) [11:48] same IP/name, diff key -> something wron [11:48] ssh client doesnt save the port :( [11:48] how can I handle this? [11:58] hm [11:58] i never had that problem using putty [11:58] the openssl client has this problem but I read a solution for it [11:58] putting aliases in the config file of the ssh client [12:05] dunno, it just 'worked' here [12:06] then again, maybe i had the same key in the vhost and the non-vhost ssh... [12:06] since it was a copy after all :D [12:06] hehe probably :) [12:06] I dont like to copy the hostkey [12:07] i never really thought about it ... till now [12:07] heh [12:07] i still need to clean my vserver config a tad [12:08] ;) [12:09] if someone breach in a vserver, you have have to change all hostkeys included main server [12:09] then again, my vservers do not even HAVE ssh :D [12:11] hehe [12:12] I need it in a vserver [12:12] i just vserver enter [12:12] :) [12:13] (away [12:13] re [12:24] TamaPanda: hehe the developers dont get root ;) [12:24] the software developers here [12:25] right [12:29] I dont use it for that :) [12:29] for me it is just a luxory chroot :D [12:30] all the java stuff I dont trust and put it into vservers [12:33] i have most critical processes in different vservers [12:33] (which can be a pain if they need to cooperate somehow heh) [12:41] jep [12:41] but I know a cheat I think [12:41] do you know mount -o bind? [12:42] mount -o bind /vservers/share /vserver/server1/share [12:42] mount -o bind /vservers/share /vserver/server2/share [12:42] both servers have then the same directory [12:43] hm [12:43] read/write or .. i guess you can specify that [12:45] specify by file modes [12:45] but root .... [12:45] you know :) [12:45] but all my vservers have root :D [12:45] oh [12:45] you are right [12:45] bind read only [12:45] should work [12:45] true [12:45] or may work, never tried it [12:45] lol i just read a mount -o bind exploit :D [12:46] crash really [12:46] so even root then cant write [12:46] lol [12:46] first hit i saw :) [12:46] but, it applies to the mount itself [12:46] and vservers cant mount [12:46] ups [12:46] they cant? [12:47] hhmm no its ok [12:47] the mount bind has to be done in main server [12:47] so no prob there [12:47] hm guess that helps a tad [12:47] nice is the bind is really deep in the kernel :) [12:47] makes my source install faster yet again ;) [12:48] I used that cheat already for my chroots [12:48] I dont wanna copy for every java program the java vm [12:48] lol [12:48] I just bind it into different places :) [12:48] true [12:48] hm.. [12:48] hm no cant use it for /bin etc [12:48] hhhmmm [12:49] try it :) [12:49] then they could not install their own stuff [12:49] heh [12:49] true [12:49] (which might be what i want actually...) [12:49] its only good for sharing 1:1 [12:50] but it can be that the bind is always read/write, I am not sure [12:50] if you can make it read only then it sure helps in avoiding a LOT of hardlinks lol [12:51] i'll try that this evening [12:53] what a day to have my server down.. gah [14:07] mugwump (~sv@202-0-63-138.adsl.paradise.net.nz) left irc: Quit: User sunk by torpedo [15:17] loger joined #vserver. [15:50] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [16:25] Doener_zZz (~doener@pD9E12B97.dip.t-dialin.net) joined #vserver. [16:33] mcp (~hightower@www.c-tera.de) left irc: Ping timeout: 492 seconds [16:33] Doener (~doener@p5082DF3B.dip.t-dialin.net) left irc: Ping timeout: 492 seconds [16:42] mcp (~hightower@wolk-project.de) joined #vserver. [17:27] youam (~youam@sc-gw.scientific.de) joined #vserver. [18:12] irmin (~irmin@lake.ptc.spbu.ru) left irc: Quit: leaving [18:57] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Quit: Tak ja padaaaaM [19:22] squirt (uob@bb220-255-104-186.singnet.com.sg) joined #vserver. [19:22] squirt (uob@bb220-255-104-186.singnet.com.sg) left #vserver. [19:22] squirt (uob@bb220-255-104-186.singnet.com.sg) joined #vserver. [19:25] what's the difference between vserver and util-vserver? i don't need both do i? [19:25] one requires a patch, the other doesnt [19:26] TamaPanda (~a@193.173.84.237) left irc: [19:41] say (~say@212.86.243.154) joined #vserver. [20:26] deadguy (deadguy@bananajoe.big.du.se) left irc: Ping timeout: 480 seconds [21:07] Nick change: Bertl_zZ -> Bertl [21:07] hi everybody! [21:07] hi say?! [21:09] hi Bertl [21:16] hi dan, testing vserver or 'just' hanging around? ;) [21:20] just hanging about :) [21:59] Hi Bert [21:59] I have a problem [22:02] Nick change: WSU_away -> WSU [22:07] damn. xfree86 in a vserver ctx isn't really a good idea :-/ [22:10] doesn't work? [22:10] it does, but i had to create a /dev/mem inside the vs [22:11] and now it looks like i get hickups on the contexts [22:11] hmm [22:11] I'm no help [22:11] i just stopped the second of three, and the third got down, too [22:11] and on entering the second, i get the hostname of the third &-) [22:11] but /etc/hostname of the second [22:12] Action: youam thinks letting a ctx write to /dev/mem isn't such a good idea [22:14] well, what would be the benefit of X running inside a vserver? [22:16] Bert, I have a problem. [22:16] Nick change: Doener_zZz -> Doener [22:17] hi [22:17] I compile a sotck 2.4.23 kernel [22:17] no problems [22:17] modules make and install [22:17] I copy that .config [22:17] to a 2.4.23 patched with patch-2.4.23-vs1.22.diff [22:17] do a make oldconfig [22:18] hi Doener! [22:18] thi is the diff [22:18] [root@localhost linux-2.4.23-vs]# diff .config ../linux-2.4.23/.config [22:18] 106a107 [22:18] > # CONFIG_HOTPLUG_PCI_IBM is not set [22:18] 202d202 [22:18] < CONFIG_BLK_DEV_VROOT=y [22:18] 1465,1468d1464 [22:18] < # CONFIG_INOXID_NONE is not set [22:18] < # CONFIG_INOXID_GID16 is not set [22:18] < # CONFIG_INOXID_GID24 is not set [22:18] < CONFIG_INOXID_GID32=y [22:18] compiles fine [22:18] but on make modules_install [22:18] I get depmod: *** Unresolved symbols in /lib/modules/2.4.23-vs1.22/kernel/fs/ext3/ext3.o [22:18] depmod: get_dqhash [22:18] depmod: dlimit_transfer [22:18] depmod: dqhash_transfer [22:18] depmod: destroy_dqhash [22:19] hmm, that is not in vs1.22 yet, you patched q0.12 too, right? [22:19] yes [22:19] that also [22:19] what else? [22:19] nothing [22:19] just the 2 [22:19] okay, you tried to make quota as modules, right? [22:19] I didn't check [22:19] probably [22:20] that would cause it? [22:20] well, that doesn't work for now ... [22:20] -k- [22:20] (it's an issue of the q0.12 patch, not hte vs1.22) [22:20] you should document it. [22:21] either in the wiki, or you site [22:21] I was hoping that I have fixed it, before somebody notices ;) [22:26] deadguy (deadguy@bananajoe.big.du.se) joined #vserver. [22:26] are you deadguy? [22:33] suhcoolbro (~Suh@216-161-89-24.ptld.qwest.net) joined #vserver. [22:39] Bertl: [why x in a vserver?] symmetry: i'd have only a few dozen mb in on my root context system and all the rest would be split up in different vservers, one for each task (mailer, filer, build systems, workplace) [22:39] s/in// [22:41] hmm, well you can put the X stuff on your vserver partition and --bind mount it in palce ... [22:41] i think i'm going an other way: running the x server outside and using xdmcp to connect to the inside x session [22:43] anyway: i compiled my first vserver kernel just tuesday and so far it runs really great! [22:43] good to hear ... [22:43] . o O ( with the exception of IPv6, but... ) [22:44] yeah, ipv6 isn't fixed, but I guess we attack this soon ... [22:44] well actually the ipv6 vserver part isn't implemented at all ;) [22:46] hm. with split-2.4.23-vs1.3.2/07_2.4.23_net.diff being only 19kbyte, it can't be that complicated, is it? [22:47] well, fact is I know diddly about ipv6 yet, and the former maintainer Jacques didn't care about ipv6 or didn't know either ;) [22:48] well, patches are always welcome, so if you want to add ipv6 support, go ahead! [22:49] JonB (~jon@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [22:49] i will take a look, but i doubt i will bring up something usefull before somebody else does [23:16] loger joined #vserver. [23:18] hi Simon! [23:22] Bertl: hiya, I like your work ;) [23:22] now we have productive system running with vservers [23:22] great, and thanks! [23:22] Hats off. [23:22] :) [23:22] Evening everyone. [23:24] evening virtuoso! [23:30] How's 2.6 experimental patch doing? [23:30] And utils accordingly.. [23:43] Simon, are you the guy that did the vskel script? [23:45] yes, he is, but I guess he isn't really here ... [23:45] I am just looking for the best method to delete a skel. [23:46] Action: Bertl prods simon ... [23:46] Any ideas Bert? [23:46] rm: cannot remove `/vservers/.skel/skel1//global/usr/lib/locale/ar_TN/LC_PAPER': Permission denied [23:46] basically I assume it is because of the immutable attributes and what noe [23:47] *not [23:47] I just don't want to break my root server while removing a skel [23:48] ----i------t- /vservers/.skel/skel1//global/usr/lib/locale/ar_TN/LC_NAME [23:50] Hi WSU [23:50] I presume you have no vservers using this skel [23:50] nope [23:50] none [23:51] chattr -R -it /vservers/.skel/skel1/global [23:51] should do the trick [23:51] by the way, does your script use the -t flag? [23:51] and then just do a rm -rf /vservers/.skel/skel1 ? [23:52] cool, thanks [23:52] yep [23:53] +it is ili... [23:53] yeah, we are going to change that ... [23:53] hmm ok [23:53] actually the -t was an accident ... [23:53] working from context tags instead, right? [23:53] well Sam had to take some flag ... [23:54] nope we'll move the flag, because t actually means notail [23:54] and some distros seem to 'rightfully' use it for lilo data ... [23:54] ok [23:54] wehere tail merging should be disabled ;) [23:54] Note: As of this writing, the ext2 or ext3 filesys- [23:54] tems do not (yet, except in very experimental patches) support tail- [23:54] merging. [23:55] we know, the distros don't ;) [23:55] oky :) [23:55] I thought you were going to get rid of ili entirely [23:55] or is that more in the future :) [23:55] yeah, but that won't be in the stable series and not in the next few releases ... [23:56] was the setattr tools shipped with the vserver tools not appropriate for that task, or what was the reason for using chattr? [23:59] it didn't support -R for setting recursively [23:59] okay, I supsected a reason like this, guess we'll have to write some 'advanced' vserver flag tools ... [00:00] --- Fri Jan 9 2004