[00:10] Hello [00:10] hi ftp21! [00:10] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) joined #vserver. [00:11] hi on! [00:11] +J [00:11] hey Bertl [00:11] vat: try this instead: [00:11] Bertl: missed me ? [00:11] mkdir -p '"><' [00:15] AHTOH (~Anton@212.1.230.115) joined #vserver. [00:15] hi ppl [00:16] hi anton! [00:16] JonB: sure, always miss the members lost for some time ... [00:17] Whocares (~aaa@62.29.118.175) left irc: Quit: sssssssss [00:17] Bertl: thanks, but--- i never actualy did anyhting usefull [00:18] that's what you think! [00:18] bertl i have couple questions [00:18] go ahead, ask! [00:18] 1 -- no quota release for devel vserver yet? [00:19] hmm, good point, we should do one, right? [00:19] but right now i cant use quota with 1.3.6 version [00:19] anyhow i have a trouble with 1.3.6 also: [00:19] stupid but [00:19] [00:20] Last message repeated 1 time(s). [00:20] [root@oxygen root]# vserver-stat [00:20] open(): No such file or directory [00:20] hmm, did you 'enable' some minimal proc entries? [00:20] ? whats that ? i ve just moved from 1.24 to 1.3.6 -- changed kernel and new utils [00:21] okay, there is a tool called vproc ... [00:21] it allows you to modify the visibility of static proc entries [00:21] i havent installed vproc? is that needed for devel? [00:21] one difference between stable and latest devel release is, that in devel the entries are disabled (secure) per default ... [00:22] so i need vproc to make devel work, right? [00:22] the latest util-vserver should include vproc [00:22] /util-vserver-0.27.199 ? [00:22] but you can download a separate version from www.13thfloor.at/vserver [00:22] only the alpha branch, and it is called setattr there [00:22] Bertl: so, what usefull did i do ? [00:22] latest is 0.28.193 [00:23] or enrico, i have a mysterios problem with sshd on stable version [00:23] JonB: well, first you made me think about some things ... [00:23] do you want tyo listen to that? [00:23] AHTOH: which one? [00:23] Bertl: okay [00:24] JonB: and then we had some fun, didn't we, so my work was funnier with you, than without ... [00:24] if i start sshd from init scripts -- at moment of trying logging in through sshd it requires nice capability( if no CAP_NICE sshd closes connection) [00:24] but when i manually start sshd all works fine [00:24] Bertl: good [00:24] AHTOH: some strange pam modules? [00:24] Bertl: remember i promised that dual p5... would you use it if i boxed it up and mailed it to you ? [00:25] sure, but mailing that would cost a lot I guess? wouldn't it ... [00:25] no, standart fedora core 1 [00:26] mmh, I am using lots of FC1 vservers and do not have these problems... [00:26] Bertl: dunno, i guess [00:26] JonB: IIRC you said something about putting it to work on your site? [00:26] with remote conenction and serial line or something like this? [00:27] or did I confuse that? [00:27] Bertl: what should i do with setattr to get devel version work? [00:27] Bertl: yes i did say that [00:27] Bertl: but... i think it would be more work than mailing it to you [00:27] hmm, for you probably, for me, probably not ;) [00:28] frz (~frz@213.235.213.90) joined #vserver. [00:28] hi frz! [00:28] hi Bertl [00:28] ensc: strange is that it depends on when do i start sshd service [00:28] Bertl: well, turning it on in your end ? [00:29] Bertl: how much does a computer weigh ? [00:29] hmm, yes, but if it would be 'maintained' by you for example, we could allow enrico and other developers to access it too, not possible at my site ... [00:29] Bertl: it would cost 40? to ship it i guess [00:29] Bertl: hmm [00:30] Bertl: maybe i should mail it to enrico ? [00:30] ensc: and where can i have latest version, i dont see it on 13thfloor site [00:31] hmm, if he has a way to put it online somewhere, that would be a solution too, if he wants to ... (guess you have to ask him) [00:31] don't get me wrong, I'll take it, no question ... [00:31] AHTOH: the download link at the savannah page should redirect you to the download area [00:31] Bertl: well, the big problem is that i dont have a soldering iron [00:32] you mean your only issue is the remote serial and reset thingy? [00:33] if that is your problem, then I can make one for you, next time I build one, and send it to you ... [00:33] JonB: my student room has very old electrical cables... I am not sure if it would survive another computer ;) [00:33] on http://www.linux-vserver.org/ i cant find any savannah pages links [00:33] Action: ensc is glad to have an UPS [00:33] Bertl: yeah, putting a HD in the computer, and installing debian/linux vserver kernel is not a problem [00:33] so that would be a good solution then? [00:33] AHTOH: http://savannah.nongnu.org/projects/util-vserver/ [00:34] Bertl: i never tried console on serial port either [00:34] http://www-user.tu-chemnitz.de/~ensc/util-vserver/ [00:34] ensc: thanks [00:35] JonB: well, all you have to provide is some account on another machine, which has that serial line to that machine ... and the permissions to start minicom and execute a simple binary (which toggles the parport) [00:36] or you could even setup a web interface to do that ... [00:36] Bertl: that is also part of the problem... i dont like allowing you people in on my main computer, even in a vserver [00:36] Bertl: how ? [00:37] well, the serial line might be a little trickier, needs some java, but I'm sure there is a solution ... [00:37] Bertl: i was thinking of a telnet thingy [00:38] Bertl: you telnet into a port and that is turned into a serial line [00:38] ensc: 0.28 is working, cool, real thank [00:38] JonB: yeah, that would work too ... [00:39] AHTOH: regarding your problem, there should be no difference to 0.27 [00:39] JonB: could be even done with cu ... I guess [00:39] Bertl: cu ? [00:39] ensc: have another problem -- i cant stop my vserver [00:39] it says something about proc but i have it mounted [00:42] Bertl: gadvide om jeg kan bruge netcat [00:42] ?? [00:42] Bertl: i wonder if i can use netcat [00:43] Action: Bertl is looking ... [00:43] ensc : i changed nothing -- just utils from 0.27.199 to 0.28 and it is starting but no stopping [00:45] Bertl, Thanks for your help the other night! [00:45] Anton, get the vproc utility from my page, and just do 'vproc -e /proc/* /prco/*/*' [00:45] ftp21: don't mention it ... [00:46] Bertl; So, now I have it installed.. I would like to create a "test" vserver or something so I can see what it looks like, play with it, etc. How do I do that? [00:47] hmm, another netsplit? [00:48] vproc 0.01? [00:48] AHTOH: 0.27.199 and 0.28 are different tools ;) vservers which are created with 0.27.199 can not be managed with 0.28 [00:48] AHTOH: yes, that should do the trick .... [00:48] ensc: and vserver created with 0.27 ( for stable) [00:48] ftp21: did you run the testme.sh script, just to make sure everything works now? [00:49] yes [00:49] I pasted it to you ;-) [00:49] AHTOH: can be managed with both versions [00:49] You said it looked great [00:50] ftp21: okay, perfect, well, get some 'test' server, either by copying and adapting your host server (there is a howto soemwhere) or by 'creating' it from sources or by installing a test image ... [00:50] hmm. ok. I will search out that howto :-) Thanks! [00:50] ensc: fact is that 0.27.199 fails to work with old servers, even vserver-stat wasnt working [00:51] AHTOH: did you do the proc stuff? [00:51] AHTOH: vserver-stat will not show vserver-names, that's right. But start/stop should work there [00:51] Bertl : it has written some ioctl unable , but now stop works [00:52] see, that probably was the 'only' real issue ... [00:53] it will get a 'sane' default in one of the next devel releases ... [00:53] ensc: but with 0.28 all works fine , stat shows all ok [00:54] Nick change: cdub -> cmtg [00:54] 0.28 does not support the new api, is missing lots of new tools and features, is insecure and is freezed [00:54] what should i use? 0.28.193? [00:54] cmtg: what does cdub and cmtg mean? [00:55] ah, cdub == short for c double-u (cw are my initials) [00:55] the most missing feature (at least) for me is an initscript for the vservers; else it is stable (when disabling v13 API) [00:55] Bertl: and cmtg == me in a meeting ;-) [00:55] ciao [00:55] all: how can i find out which vserver version is in curretn loaded kernel? [00:55] AHTOH: with new tools: vserver-info - APIVER [00:56] gives atleast the vserver API... [00:56] ftp21: if you want to test new stuff, ask enrico about his alpha branch ... it should allow you to create vserver out of thin air ;) [00:57] ensc: i have nt got clear, which one tools are new? [00:58] ftp21: 'vserver test2 build --hostname test2.ultra.csn.tu-chemnitz.de --netdev eth0 --interface 192.168.5.129 --netbcast 192.168.5.255 -m apt-rpm -- -d fc1' creates a fedora core 1 vserver; 'vserver test1 build -m debootstrap -- -d sarge' a Debian sarge vserver [00:59] AHTOH: tools with micro-number >100 are experimental; near, but <100 are release candidates, shortly >.0 are development releases [00:59] what it makes except simple copy? [00:59] copy is not implemented yet [00:59] as i got build copied directories nothing more? [00:59] but 'vserver ... build -m skeleton ...' can be used to create a skeleton [00:59] JonB: hmm, well guess xinetd would be easier than netcat, combined with cu it could do the trick ... [00:59] what is cu ? [01:00] (skeleton == /dev entries) [01:00] + configuration [01:00] and what is the simple way to configure vserver -- take ordinary installation and delete files and services? [01:00] AHTOH: no [01:00] AHTOH: which distribution ? [01:00] AHTOH: what is 'configure vserver'? [01:00] fc1 or rh9 -- i will use voth [01:01] JonB: http://this.is/tpg/products/unwinder/tech/serial/ [01:01] AHTOH: hrmf, whats wrong with debian ? [01:01] to create a new vserver directory in /vservers [01:01] AHTOH: either try to read doc/configuration.xml, or ask me about specific problems [01:01] nothing wrong -- i dont jnow debian, but i know rh [01:02] AHTOH: this debootstrap thing works on redhat hosts too ;) [01:02] .oO(debian seems to be developed for assimilation...) [01:02] but RH/FC bootstrapping is faster [01:03] JonB: http://www.idevelopment.info/data/Unix/Linux/LINUX_UsingSerialConsoles.shtml [01:03] Bertl: seems usefull [01:03] i dont understand what do you mean under debootstrap -- where can i read it? [01:04] AHTOH: try 'vserver test1 build -m debootstrap -- -d sarge' with 0.28.193... [01:04] but i have an fc1 root server [01:04] is that ok? [01:04] (please substitute @WGET@ in /usr/lib/util-vserver/util-vserver-vars manually; I forgot in the release) [01:04] AHTOH: yep [01:04] ok i try now, just compile 193 [01:05] making it [01:05] AHTOH: you have a good internet connection? [01:05] [root@oxygen util-vserver-0.28.193]# vserver-info - APIVER [01:05] 0x00010010 [01:05] year good, but how much will it download? [01:05] yes, probably 1.3.6 or vs0.0[56]... [01:06] and how can i bootstrap rh9 or fc1 ? [01:06] I have not measured it... any Debian people here who can tell how much bytes will be downloaded by debootstrap? [01:06] guess about 100-200 MB ... [01:07] 'vserver test2 build -m apt-rpm -- -d fc1' [01:07] but you have to configure your mirror in /etc/vservers/.distributions/fc1/apt/sources.list [01:07] (and you need apt; e.g. from fedora.us) [01:08] enrico, could you put that magic lines/comments somewhere on the wiki? [01:09] and Anton, could you add some comments to that magic lines, what you needed to do to make them work, how long they took, etc ... [01:09] hmmm 1 question -- where can i read about all that bootstrap -- its just new for me [01:09] 2 question -- i dont have util-vserver dir in /usr/lib/ [01:09] AHTOH: installed to /usr/local/lib? [01:10] oh yea :( [01:11] [root@oxygen util-vserver]# vserver debian build -m debootstrap -- -d sarge [01:11] vserver-topdirectory and/or configuration exist already; [01:11] please try to use '--force', or remove them manually [01:11] what is the problem? why dont it likes my old vservers dir with my two servers [01:12] AHTOH: yes, 'debian' vserver exists probably; either use '--force' or choose another name [01:12] the vserver will be created from scratch [01:12] [root@oxygen /]# vserver debian build -m debootstrap -- -d sarge [01:12] vserver-topdirectory and/or configuration exist already; [01:12] please try to use '--force', or remove them manually [01:12] [root@oxygen /]# ls /vservers/ [01:12] test1 test2 [01:12] [root@oxygen /]# [01:13] hmm, shouldn't that be ./vserver if you changed into the util-vserver dir? [01:13] no i am runnig from / [01:13] AHTOH: and /usr/local/etc/vservers? [01:14] or /etc/vservers? (I do not know your paths) [01:14] 1-16 started work [01:18] serving (~serving@213.186.188.205) joined #vserver. [01:28] Bertl: http://www.linux-vserver.org/index.php?page=alpha+util-vserver [01:28] formatting rules are currently offline ;) [01:28] hey great ... thanks a lot ... [01:29] klasse [01:30] question [01:30] if i have rh9 or fc1 on my ftp near it -- can i use this as a mirror? [01:31] ah, my digicamcorder arrives me at friday :) [01:31] AHTOH: this mirror must have an apt repository [01:32] hmmm , i see [01:32] AHTOH: you can create it yourself; see points 4.4 & 4.5 in http://www-user.tu-chemnitz.de/~ensc/minit-fedora/ [01:33] one more question -- am i correct that i cant have an gre iptunnel inside? [01:33] never tried it... but when it is supported by 'iproute', it should work [01:34] probably you will need sender-based routing too [01:34] 20min took debian downloading [01:36] I: Base system installed successfully. [01:36] umount: /usr/local/etc/vservers/.defaults/vdirbase/debian/dev/pts: not mounted [01:36] umount: /usr/local/etc/vservers/.defaults/vdirbase/debian/proc/bus/usb: not found [01:36] 22min total time [01:37] 134M -- total sizwe [01:37] just warnings; do not matter... [01:37] 'vserver debian start' should start it now [01:38] [root@oxygen /]# vserver debian start [01:38] vc_get_task_xid(): Function not implemented [01:38] okay, okay, I'm working on it ;) [01:38] ah yes, the v13 API is not working [01:38] I posted some time ago how it can be turned off [01:38] hey Anton, got a few minutes? [01:39] yes [01:39] I'll fix that interface really quick and you re-compile the kernel? [01:39] possible [01:39] would that be an option? [01:39] ('--enable-apis=legacy,compat,v11,fscompat' switch at [01:39] ./configure). [01:40] the only problem will be if kernel will refuse booting cause the server is not near me :) [01:40] Bertl: I guess, other things are still broken there. But a new kernel patch would be nice so that I can fix it [01:40] so lets try [01:40] (before I break it again with the create/merge thing) [01:40] hehe ;) [01:41] okay, I'm on it will take about 5 minutes ... [01:42] hmm, what if I make it 15 minutes, and you get an additional quota patch? [01:42] wau [01:42] that will be super [01:49] JonB (~NoSuchUse@kg203.kollegiegaarden.dk) left irc: Quit: zzzzzzzz [01:49] what patch version do you currently use? [01:49] what are the real difference between 0.27 created vservers and 0.27.193 created vservers? if i want to install some 1.24/0.27 stable vserver-- what should i do to migrate to new releases in future? [01:49] mm, let s have a look [01:50] 2.4.25-pre7-1.3.6 on a 2.4.25-pre8 kernel [01:52] okay, patches will be for pre8 ... [01:54] enrico, is 0 for surrent task okay in vc_task_xid()? [01:54] s/surrent/current/ [01:54] yes [01:54] I am using this already ;) [01:55] AHTOH: alpha branch has a completely new configuration scheme [01:55] doc/configuration.xml describes it [01:55] so? [01:55] so the /vserver/test1 shouldnt be changed [01:55] there is no /etc/vservers/XXX.conf file anymore [01:55] it is now a /etc/vservers/XXX directory with lots of files and subdirectories [01:55] and only /etc/test1.conf should be replaced with /usr/local/.... directiry? [01:56] /usr/local is just because you installed it manually; the rpm uses /etc [01:56] that doesnt make differences [01:57] old, stable vservers should work too since the legacy 'vserver' script will be called for them. But this will not have all the new 2.6 features [01:57] and what can you say about possibility of internal/external crashes of devel version? [01:58] crashes? what's this? ;) [01:58] look [01:58] i need to move some important servers into vserver : irc, secondary dns, etc [01:58] stability is important [01:59] and just for now i dont know what to do -- use 1.24 for that or new alpha-devel-etc [01:59] anyway i like that new alpha very much -- so i will continue to play with it [01:59] well, stable is stable, development bears always some risk ... [02:00] but I guess, if it is running for a few hours, it won't crash the next day ... [02:01] yep i think similar [02:01] AHTOH: when the vserver is running, the util-vserver are out-of-the-game. It does not influence the stability of vserver services [02:01] and you should be able to go back to stable, when the vserver is working, or are there any issues enrico? [02:02] be carefully with the new 'vunify' tool, and watch 'vserver ... start/stop'. [02:02] guess he won't use unification on a nameserver ... [02:02] Bertl: why? /var is excluded by default [02:03] well just my guess ... no special reason for that ... [02:03] another issue might be the new fstab support and mtab creation [02:04] by the way, how is that done? [02:04] but ? what can you say -- migration of configuration -- should be done manually? [02:04] /etc/vservers/XXX/fstab is used like an ordinary /etc/fstab file [02:04] AHTOH: at the moment: yes [02:05] ah I see, so you specify something there and it is ounted? [02:05] Bertl: I wrote a tool which mounts the directories in a secure way; at first I tried to use mount(2) natively, but NFS requires more work so I call the host 'mount' util [02:06] Bertl: yes; mount will be called with 'chbind --ip ...' so local NFS mounts should work [02:06] hmm, what about the 'fake' stuff for mtab? [02:06] but multiple IPs are causing problems [02:06] xfs is also unstble in 2.4 [02:06] my tool writes the 'mtab' file [02:06] i had a real race with it [02:06] Nick change: cmtg -> cdub [02:07] enrico, okay, what about ufs/usrquota/grpquota entries there? [02:07] Bertl: quota is not supported yet [02:08] hmm, hwo do I add this then? [02:08] lol :) [02:09] guess anton would not want to have quota patches, and no quota, right? [02:09] i think anyhow quota is not urgent for me this week [02:09] Bert: how is it used currently? [02:10] well, you do echo "/dev/hdv1 ufs rw,usrquota,grpquota /" >/vservers//etc/mtab ... [02:10] usrquota and grpquota should work; the ext[23] -> ufs rewritting should be easy [02:10] that's it for shared quota ... [02:11] mmh, mount is called as 'mount -t ufs ...' then... [02:11] better would be when you say 'ext3' there and I would rewrite it to 'ufs', or when a pre-scriptlet would do it [02:11] well in your automount case ... not normally as the root partition for a shared install is already mounted?! [02:12] you do not mount the / anyway, or do you? [02:12] no, / should be mounted by host fstab [02:13] or a pre-pre script [02:13] okay, but you need a mtab entry for that? [02:14] ok, will make default mtab configurable on a per-vserver base [02:15] http://vserver.13thfloor.at/Experimental/patch-2.4.25-pre8-vs1.3.6.1.diff [02:15] ensc: how do you read that .xml ? without style its difficult to read it [02:15] currently it is a system default and initialized with '/dev/hdv1 / ext2 defaults 0 0' [02:16] AHTOH: I know ;) I need somebody who wants to trains his/her XSLT skills ;? [02:16] ufs and rw,usrquota,grpquota would be a better default ... [02:16] Bertl: ok, will change it. In the meantime, edit /etc/vservers/.defaults/init/mtab [02:17] oh wait... it can be configured on a per-vserver base already... [02:17] I have to bug Honza to add a check, which if direct block access with ext2/ext3 isn't possible makes the tools fall back to 'normal' access ... [02:19] ok -- i ve patched kernel ok [02:20] I hope it does, what enrico expects from the API ;) [02:20] Bertl: probably not... chcontext --hsotname will fail probably [02:21] hmm, inside a vserver? or on the host? [02:21] Bertl: are you working on a 2.6.2 patch? [02:21] ftp21 (~mree3@c-24-21-172-172.client.comcast.net) left irc: [02:21] yup ... [02:21] Bertl: I will revert the changes and call sethostname(2) [02:21] hmm, okay .... [02:23] Tamama (Pluh@a62-216-20-152.adsl.cistron.nl) joined #vserver. [02:23] ensc: you made a mount halper program to replace mount inside of vservers ? [02:24] 'lo [02:24] hi talon!, hi Tamama! [02:24] I think i stumbled upon a little problem [02:24] heh [02:24] talon: the mount will be executed outside of the vserver but mounts directories into the vsever [02:24] did 1.24 have altered network handling over 1.22? [02:24] ensc: at boot time or when anyone uses the mount command? [02:25] talon: at 'vserver ... start' time [02:25] ok. [02:25] i was actually considering a helper daemon similar ot rebootmgr for doing nfs mounts. [02:25] Tamama: not that I know of?! [02:25] NFS is really complicated... I do not get the mountpoints clearly unmounted :( [02:26] how is the new config system going to work out? i heard XML mentioned and got kind of worried. [02:26] ensc: what about /init.d/vservers -- is it installed by 193 utils? i had in init.d some old scripts from 0.27stable [02:26] AHTOH: this is the piece which stops me from labeling it 'beta-branch' [02:26] Bertl: hm, i have a setup now with a remote server, it works. If i move the server local, and thus it uses 'lo'.. i get really weird stalls [02:27] in the end it still seems to work, it just has that weird stall heh [02:27] lo? stalls? [02:27] AHTOH: I am about a script which starts vservers in parallel with honoring of inter-vserver dependencies [02:27] ensc: so i should delete old scripts (v_xinetd, v_httpd,vservers from init.d0? [02:28] AHTOH: they should not hurd... 'vservers' does not know the new vservers, and the other ones should still work [02:28] hehe, hurd ;) [02:28] Bertl: no idea what causes it yet.. [02:29] Tamama: when does it stall, what do you 'call' a stall? [02:29] it waits a period of time before it does anything ? [02:29] that is a stall :) [02:29] Action: AHTOH still kernel compiling [02:29] Bertl: looks like access to that box will have to wait til he gets back form NYC. his workstation he was going to set up a private segment on doesnt have teh right kernel mods and he didnt feel like doing that remotely. [02:29] that might be about a week or dso. [02:30] Tamama: yeah, but does it wait on ps for example or does it stall on dns lookups ... [02:30] hm might be something in mysqld.. but i doubt it [02:30] hm i was running tcpdump in lo to see what happened.. [02:30] talon: no problem ... if you find some time, you can test a little, if not, we will wait ... [02:30] data send to mysqld, wait wait wait wait wait wait ... og right it did something :) [02:31] riel (~riel@riel.netop.oftc.net) left irc: Ping timeout: 501 seconds [02:31] so actually mysql is stalling? [02:31] Bertl: id sure like to find out why teh ustil-vserver package doesnt compile on sparc64 linux. but getting that running on sparc isnt a priority for me right now. [02:32] well i dont know if it is mysql or soemthing else.. [02:32] more interested in testing out those new quota patches with the auto added hash for ctx 0. [02:32] as i said, i dont have the same from remote [02:32] which is still a pretty fast connection (20ms latency) [02:33] talon: it would be useful to test the q0.13pre2 first ... [02:34] talon: I have some fixes in CVS whcih *can* fix sparc builds... [02:34] (I suspect the __syscall macros) [02:34] Bertl: ok iw ill do that now then. [02:34] ensc: did you see the output then? [02:35] jsut because the auto xid=0 quota stuff might hide some issues ... [02:35] if you have a snapshot i could fire teh sparc back up and tell you if it builds or not. [02:35] I saw something in the irc-log from some hours ago. Do you mean that? [02:35] yeah. [02:36] fingers.shocking.com/~talon/build.txt [02:37] Bertl: yeah makes sense. i will bang on it. [02:38] Action: AHTOH rebooting with new Bertl patch [02:39] setting upa clean kernel tree for patching now. [02:40] i havent used clean tree -- i unpatched old kernel [02:40] ensc: you want me to try to build teh lateist cvs on sparc64? [02:40] talon: one moment please... savannah CVS is ... aeeh... a little bit slow [02:43] hm [02:45] talon: try 0.28.194 at http://www-user.tu-chemnitz.de/~ensc/util-vserver/alpha/ [02:45] but this is really a snapshot only, and .193 might be better for general use... [02:49] Bertl : seems a kernel is not up :( [02:49] dont know what happened -- will look 2moro [02:50] hmm, that sounds strange ... [02:50] maybe you forgot to update the modules? [02:50] possible i missed something [02:50] no, i dont use modules (all inside kernel) [02:51] hmm, okay, will verify that patch again ... [02:51] i will have a look 2moro [02:51] now i have 3oclock at moscow -- i go to sleep [02:52] thanks everybody for help , cu later [02:52] okay, have a good sleep ... [02:55] ensc: ok just have to reboot the sparc into the vserver patched kernel. and build it. [02:56] talon: it is not really necessarily to build with a vserver patched kernel [02:56] ensc: no but im going to want to play with it if it builds. [02:56] ah, ok [02:58] nope doesnt build. [03:01] same error? [03:02] talon: what says the ./configure notice at 'syscall(2) invocation:'? [03:09] want the config.log file ? [03:10] Frank00Polo (~noname@4.13.67.211) joined #vserver. [03:10] or both the config.log file and a typescript of the build? [03:13] syscall(2) invocation: fast [03:13] talon: please try the '--with-syscall=traditional' option at ./configure [03:14] doing that now. [03:15] stilling getting complaints from teh asembler. [03:16] AHTOH (~Anton@212.1.230.115) left irc: Remote host closed the connection [03:19] you can play with it yourself first hand when i get it patched in eventually. [03:20] hmm, talon is it on local network? [03:20] yeah our internal network. [03:20] which is why i want ot set up a private segment for it. [03:20] talon: the same complaints? I just saw that I missed a piece of old code... [03:20] do you have some server outside that network? [03:20] ensc: yeah. [03:21] Bertl: no not really. other than our production web server and that will alwasy run solaris anyway. [03:21] just have ot wait til rob get sback from NYC. [03:21] np, that would be sufficient to do ssh port forwarding ... [03:22] example: you have machine A inside your internal network [03:22] and machine B reachable from outside [03:22] talon: can you replace lib/syscall-legacy.hc:95 with '#ifdef ENSC_SYSCALL_TRADITIONAL [03:22] ? [03:22] talon: and the sparc in question is C [03:22] ensc when i get back i have to go out for a bit. [03:23] talon: old line should be '#if defined(__pic__) && defined(__i386)' [03:23] doing 'ssh -R 50000:C:22 wossname@B' on A would allow enrico to logon to that sparc ;) [03:24] Bertl: or admin wants to set up up so it can reach the internet but not access our internal network. [03:24] okay, was just a hint ... [03:24] yeah i thoguht of that.not that i dont trust you guys but thats just the security policy. [03:24] guess it can wait until that is done ... [03:26] I wouldn't trust myself either, because I don#t trust people who do something for free ;) [03:38] hm [03:39] damn, I know what took Antons kernel down ... my fault ... [03:40] lol [03:47] ensc: is this the behaviour you'd expect? http://vserver.13thfloor.at/Experimental/delta-vs1.3.6-vs1.3.6.1-task_xid.diff [03:47] Bertl: the VX_ADMIN check should go to the default: case [03:48] okay [03:48] -1 doesn make sense/no use, right? [03:48] and perhaps EACCESS instead of ENOSYS [03:48] EPERM [03:48] I do not know a semantic for it [03:49] ok [03:49] Bertl: btw, I see kernel debug messages regarding a misplaced sleep in vs0.05 [03:50] known/solved in later patches? [03:50] hmm, maybe there was some spinlock debug issue solved in 0.06 ... IIRC [03:53] ok im back [03:53] Action: talon scroolls up for the line to change. [03:57] ok that seemed to do teh trick. the compile isnt done yet but ti got furtehr than before. [03:57] hopefully it will all finish. [03:59] yep looks liek it all compiler [03:59] compiled even. [04:00] vserver-dev util-vserver-0.28.194 # /usr/local/sbin/chcontext /bin/sh [04:00] New security context is 49152 [04:00] vserver-dev util-vserver-0.28.194 # ps -ef [04:00] UID PID PPID C STIME TTY TIME CMD [04:00] root 1 0 0 18:48 ? 00:00:07 init [3] [04:00] root 29292 1011 0 19:53 pty/s0 00:00:00 /bin/sh [04:00] root 29293 29292 0 19:54 pty/s0 00:00:00 ps -ef [04:00] looks good. [04:01] heya, this is on sparc now? [04:01] wheres that test script you normally have people run. [04:01] yeah. [04:01] tried the code change ensc sugeted to make the utils compile. [04:01] http://vserver.13thfloor.at/Stuff/testme.sh [04:03] surriel (~riel@imladris.surriel.com) joined #vserver. [04:03] vserver-dev util-vserver-0.28.194 # ./testme.sh [04:03] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [04:03] New security context is 1 [04:03] chcontext is working. [04:03] chbind is working. [04:03] Linux 2.4.25-pre8 sparc64//chbind 0.28.194 [J] [04:03] --- [04:03] [001]# succeeded. [04:03] [011]# succeeded. [04:03] [031]# succeeded. [04:03] [101]# succeeded. [04:03] [102]# succeeded. [04:03] [201]# succeeded. [04:03] [202]# succeeded. [04:03] looks good, except for the J [04:04] ensc: did the path stuff change again? [04:04] what does the J mean ? [04:04] J usually means Jack ... [04:04] Nick change: surriel -> riel [04:04] util-vserver-vars is now in /usr/lib/util-vserver/ only [04:04] great ... we should adapt that, what do you think? [04:04] (or whatever you configured as pkglibdir) [04:05] Bertl: well i did compile the toiols with the traditonal syscall option to make it build. [04:05] ensc: could you provide a reasonable reliable check for newer utils in sh? [04:05] tools even. [04:06] ensc: will that code change work on 0.27 too? [04:06] no, it is since 0.28.190 [04:06] stable is not affected by it [04:06] i meant getting it to compile with teh ifdef. [04:08] talon: should be doable. But I want to get the autodetection work... [04:08] 'fast' is the wrong answer for 'syscall(2) invocation' [04:10] okay, who is still awake on the channel? [04:11] Action: mids [04:11] do I win? [04:12] sure, you get a patch ;) [04:12] I was hoping for a free 2h of sleep [04:12] hmm, okay, but in your worktime. [04:12] im still awake obviously. [04:13] but i hevtn even gotten around to the quota patch. [04:13] talon: can you place your config.log *without* '--with-syscall=traditional' somewhere? [04:13] yeah, just trying to find out if an opinion poll makes sense ... [04:13] ensc: will do. [04:13] you want both teh stable and cvs snapshot or just the snapshot? [04:14] just the snapshot [04:15] fingers.shocking.com/~talon/config.log [04:16] enjoy. [04:16] ensc: changed the vc_task_xid once again ... http://vserver.13thfloor.at/Experimental/context.c (please verify the API) [04:17] Bertl: i dont have a lot fo time to dedicate to testing sparc stuff. but until i get it on the net for you guys if you have any scripted tests you want to run to exercise it id be glad to run them for you and post the reports someplace. [04:17] well, basically you already did all test we currently have :( [04:17] Bertl: ah... what is with ctx 1? [04:17] im sure you could probably come up wiht a more intensive test. [04:18] do you guys have a stress test quite? [04:18] suite i mean. [04:18] Bertl: or is ctx 1 covered by VX_ADMIN? [04:18] http://yagma.com/online/catalog/pics/1263720066_det.jpg [04:18] buyed it [04:18] :) [04:18] talon: nope not yet, there are some tools for testing various parts, but nothing automated ... [04:18] ensc: nope, I'll add VX_WATCH okay? [04:19] ok [04:20] okay, is updated .. [04:20] well im off to have dinner, fix our backup scripts and test teh quota patch on i386 for you. if you have anything youd like me to try on teh sparc just email it to me at talon@amoebasoft.com and i will try to get around to it when i have free time. [04:21] thank you very much for doing this, we appreciate it, have a good dinner ... [04:21] that should be enjoy your dinner! [04:22] talon: can you try to compile http://www-user.tu-chemnitz.de/~ensc/syscall-test.c with 'gcc -c -g -O2 -std=c99 -Wall -pedantic -W syscall-test.c'? [04:26] when im done eating yes. [04:29] hotwings and keyboards dont mix. [04:30] on the contrary, they do mix too easily ;) [04:31] bertl: btw, why didn't you start the channel on ircnet? [04:32] hmm, probably the same reason why I didn't start it on oftc ;) [04:32] youam (~youam@sc-gw.scientific.de) left irc: Ping timeout: 480 seconds [04:33] youam (~youam@sc-gw.scientific.de) joined #vserver. [04:34] if anybody sees AHTOH, please let him know that I'm sorry, and that a working version of that patch is available at http://vserver.13thfloor.at/Experimental/patch-2.4.25-pre8-vs1.3.6.2.diff [04:35] Tamama (Pluh@a62-216-20-152.adsl.cistron.nl) left irc: Quit: one little two little three little piggies OINK! OINK! OINK! [04:37] maharaja: because I did not expect so much interest in that channel ... [04:40] Nick change: cdub -> cgone [04:40] hmm, cdub did end his meeting? guess I missed that ... [04:40] heh, yeah, few hours ago ;-) [04:42] hmm, looks like I'm tired, I'll go to bed for now ... [04:43] me too [04:43] and il be up in 2hrs [04:45] okay, have a nice wossname everyone ... cu 2morrow ... [04:46] Nick change: Bertl -> Bertl_zZz [04:48] berrl: that is what `/away', not `/nick' :) [04:50] bertl: that is what `/away' is for, not `/nick' :) [05:19] ensc: compiles cleanly. [05:20] mmmh... strange... why does it fail later then? [05:21] talon: can you add '-I/lib/modules/2.4.25-pre8/build/include' please? [05:22] when i run it it returns 1 [05:22] yeah just a mo. [05:23] running is not needed/wanted... it calls random syscalls [05:23] fails. [05:24] ok... this is good [05:24] want the output. more of the same asembler bitching. [05:27] no thx, I know what to check now... [05:35] vat (vat@pD9E37174.dip0.t-ipconnect.de) left irc: Ping timeout: 492 seconds [05:36] vat (vat@pD9E37617.dip0.t-ipconnect.de) joined #vserver. [05:51] vat (vat@pD9E37617.dip0.t-ipconnect.de) left irc: Ping timeout: 501 seconds [05:51] vat (vat@pD9E3763B.dip0.t-ipconnect.de) joined #vserver. [06:21] quick q... any known problems with vs1.24, quota patch, 2.4.24 and md drivers? compilation is good, but rebooting with lilo or grub fail to access the root device (/dev/md0)... [06:31] hmm havent tried that. too bad bertl went to sleep. sounds interesting. [06:33] does teh kernel boot and fail to mount /dev/md0? [06:33] or does it not even boot. [06:56] talon: does 0.28.1 from http://www-user.tu-chemnitz.de/~ensc/util-vserver/pre/ compile on sparc64? [07:00] let me give it a shot. [07:02] appears to. [07:03] gets well past teh syscall bit. [07:03] yep compiles all the way through. [07:04] checking for syscall(2) invocation method... auto [07:06] vserver-dev util-vserver-0.28.1 # ./testme.sh [07:06] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [07:06] chcontext is working. [07:06] chbind is working. [07:06] Linux 2.4.25-pre8 sparc64/chcontext 0.28.1/chbind 0.28.1 [E] [07:06] --- [07:06] [001]# succeeded. [07:06] [011]# succeeded. [07:06] [031]# succeeded. [07:06] [101]# succeeded. [07:06] [102]# succeeded. [07:06] [201]# succeeded. [07:06] [202]# succeeded. [07:06] ok, but I will not make it 0.29 for this small change ;) [07:07] thanks for testing it [07:09] np. although im not targeting sparc for what im doing with vserver it would be nice to be able to use it under sparclinux. and its nice to put spare hardware to good use. [07:43] talon: got distracted there for a sec... kernel boots but is not able to see /dev/md0.. goes into panic... [07:43] i was able to get vs1.22 w/ 2.4.23 kern, no quota working with md driver.... [07:44] .. i'll go piecemeal when i get chance... i guess baby steps don't hurt, eh? [07:45] id see i fi can catch bertl when he gets on again and tell him about it. or hit the mailing list. [07:46] thx [07:46] chances are he would be able to help you get it running. if you can do lots of testing and patching. [07:48] don't mind getting hands dirty.. i need to do a bit more debuggin, though.. figure i ask here if anyone had seen something like this... [08:02] Frank00Polo (~noname@4.13.67.211) left irc: Quit: Frank00Polo [08:29] noel (~noel@pD9FFAAB4.dip.t-dialin.net) left irc: Ping timeout: 504 seconds [10:44] kestrel (athomas@home.swapoff.org) left irc: Ping timeout: 501 seconds [11:36] kestrel (athomas@home.swapoff.org) joined #vserver. [11:43] re [12:20] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [12:28] re [12:29] hey virtuoso [12:30] hi [12:31] Do you remeber about linux summit? [12:35] yes, i cant come [12:36] Bad. :( [12:36] Though I think I won't come too. [12:43] virtuoso: oh? how come ? [12:43] virtuoso: we have our local linux thingy in copenhagen soon. www.linuxforum.dk [12:44] JonB: Can't find time to get my external passport. :( [12:44] virtuoso: you need a passport to leave your contry ? [12:45] JonB: I'm in Russia. And the summit is in Finland. I need to have an external passport to travel abroad. [12:45] JonB: But you're right, to live here I also need a passport. [12:46] virtuoso: oh, well maybe you should move [12:47] JonB: A good point. But where? :) [12:47] virtuoso: well, i dont know, i suppose you are a guy, right ? [12:47] JonB: Bingo. :) [12:48] virtuoso: dammit, because if you were a girl, i'd might be interested ;-P [12:48] lol [12:49] virtuoso: a girl that does computer stuff [12:49] that would be great [12:49] He-he. Can't imagine. [12:49] Even more, linux and virtual servers. :) [12:50] yeah [12:50] If you meet a couple of such, please mail me. :) [12:51] virtuoso: forget, i'm keeping them for my self *grin* [12:52] Hm. And what do you do with them? :) [12:52] unspeakable things :) [12:53] Monster. :) [12:54] hehe [13:15] loger joined #vserver. [13:19] frz (~frz@213.235.213.90) left #vserver. [13:24] frz (~frz@213.235.213.90) joined #vserver. [13:24] frz (~frz@213.235.213.90) left #vserver. [13:40] frz (~frz@213.235.213.90) joined #vserver. [13:44] evening [13:54] morning ;) [13:57] AHTOH (~Anton@212.1.230.115) joined #vserver. [13:57] hi [14:07] phlex (~phlex@pD9E108D8.dip.t-dialin.net) joined #vserver. [14:10] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: Leaving [14:35] AHTOH (~Anton@212.1.230.115) left irc: Quit: Client exiting [14:43] Whocares (~aaa@62.29.118.189) joined #vserver. [14:44] helbert ? [14:44] hello [14:44] anyone here who will help me vserver [14:44] ? [14:45] hey * [14:47] hey [14:47] where are you ? [14:47] phlex (~phlex@pD9E108D8.dip.t-dialin.net) left #vserver (Leaving). [14:48] AHTOH (~Anton@212.1.230.115) joined #vserver. [14:48] AHTOH [14:48] , help me [14:49] hi [14:49] im not a wizard -- but what a problem do you have? [14:49] SPECIAL! [14:49] how can i start vserver ? [14:49] do you have one build already? [14:50] do you have kernel patched and utilities compiled? [14:50] what ! ? [14:50] yes [14:50] which version [14:50] yes [14:50] util-vserver-0.27.199 [14:51] starting a constructed vserver should be done by giving 'vserver name start' [14:51] btw try 0.28.193 [14:51] for me 0.27.199 was bad [14:51] or 0.28 -- they are reliable and stable [14:51] [root@sm1279 root]# uname -a [14:51] Linux sm1279.hostcentric.net 2.4.25-pre8-vs1.3.6 #1 Wed Feb 4 17:42:05 EST 2004 i686 i686 i386 GNU/Linux [14:51] [root@sm1279 root]# vserver name start [14:51] -bash: vserver: command not found [14:51] [root@sm1279 root]# [14:52] hmm [14:52] that easy problem you dont have utilities installed [14:52] have you done make install in util-vserver directory? [14:52] name -- is a name of your vserver [14:53] what is 'ls /vservers' for you? [14:53] [root@sm1279 root]# ./testme.sh [14:53] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [14:53] chcontext is working. [14:53] chbind is working. [14:53] which: no vserver in (/usr/lib/courier-imap/sbin:/usr/lib/courier-imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin) [14:53] Linux 2.4.25-pre8-vs1.3.6 i686/chcontext 0.27.199/chbind 0.27.199 [E] [14:53] --- [14:53] [001]# succeeded. [14:54] [011]# succeeded. [14:54] [031]# succeeded. [14:54] [101]# succeeded. [14:54] [102]# succeeded. [14:54] [201]# succeeded. [14:54] [202]# succeeded. [14:54] you dont have an utilities .... [14:54] 'make install' them [14:54] hmmm [14:54] but you do have chbind etc [14:54] strange [14:57] btw where have you find and test.sh ? [14:57] i want to try it also [14:57] bertl installed it on my server [14:59] AHTOH [14:59] please help me [15:01] ? [15:02] i need "vserver-admin-0.23-1.i386.rpm" ? [15:03] AHTOH ? [15:03] i dont know about rpm [15:04] i used src of kernel patch and utilities [15:04] try using 0.28.193 [15:04] or 0.28 [15:04] 0.28 are more workable IMHO [15:04] what must i do _ [15:04] * [15:04] download util-vserver-0.28.tar.bz2 [15:05] bunzip and compile and install [15:06] [root@sm1279 root]# ls [15:06] anaconda-ks.cfg testme.sh [15:06] e2fsprogs-devel-1.32-6.i386.rpm util-vserver-0.27.199-1mdk.src.rpm [15:06] install.log util-vserver-0.27.199.tar.bz2 [15:06] install.log.syslog util-vserver-0.27-1mdk.src.rpm [15:06] linux-vserver-1.3.6.tar.gz vserver-0.27-1.i386.rpm [15:06] patch-2.4.25-pre7-vs1.3.6.diff vserver-admin-0.23-1.i386.rpm [15:06] split-2.4.24-vs1.24 webmin-1.130-1.noarch.rpm [15:06] split-2.4.24-vs1.24.tar.gz [15:06] http://www-user.tu-chemnitz.de/~ensc/util-vserver/util-vserver-0.28.tar.bz2 [15:07] how can i unzip it ? [15:07] command ? [15:08] tar xfj util-.... [15:09] Whocares: I know it's off-topic, but if you don't even know how to untar something then I don't think you should mess with something like vserver. But that's just MHO. [15:09] :) [15:09] right [15:10] yeah any case if you dont dig linux deep dont use anything experimental [15:11] this case two unresolved variables you do have :( [15:20] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [15:25] debian:/# mount [15:25] none on /proc type proc (defaults) [15:25] none on /dev/pts type devpts (gid=5,mode=620) [15:26] strange -- why i dont have root monted? [15:27] inside a vserver? [15:27] yeah [15:27] :) [15:28] cat /etc/fstab [15:28] that was bootstrapped debian under alpha-utils [15:28] but now i work with non-alpha utilities [15:28] becasue alpha utilities dont work [15:28] debian:/# cat /etc/fstab [15:28] # UNCONFIGURED FSTAB FOR BASE SYSTEM [15:28] lol [15:29] He-he. [15:30] but anyhow it works [15:35] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 501 seconds [15:39] debian:/# cat /etc/mtab [15:39] none /proc proc defaults 0 0 [15:39] none /dev/pts devpts gid=5,mode=620 0 0 [15:39] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: Leaving [15:42] hey ppl, where can we change /vservers location -- i want them to be in /data/vservers ? [15:42] simple softlink will do? [15:52] AHTOH: yes [15:53] oh , ive already found that i can reconfigure utilities [15:56] kestrel (athomas@home.swapoff.org) left irc: Quit: Reconnecting [15:56] kestrel (athomas@home.swapoff.org) joined #vserver. [15:58] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [16:09] ensc hi [16:14] bertls nights patched failed to load -- kernel page error on first init script setsysfnt or smth [16:15] so i use 1.3.6 and 0.28 utilities but with debian spawned with alpha-utils [16:16] i have 2 questions about that debian : why ssh is not included, and maybe i should configure it further, cuse my fstab is empty [16:20] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 501 seconds [16:21] phlex (~phlex@pD9E108D8.dip.t-dialin.net) joined #vserver. [16:25] Bertl_zZz: did you see the picture of the webpage with white background? [16:28] miller7 (none@213.239.180.106) joined #vserver. [16:28] hi ppl [16:28] Anyone know how to really _kill_ a vserver without name (only by using the contextid)? [16:28] hi phlex [16:28] hi mids :) [16:28] after 315 days I have to stop my vserver box :( [16:30] chcontext --ctx 99 killall5 -9 [16:31] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [16:31] hi ensc [16:32] tried that chcontext before, tried vkill. Server keeps running with init. [16:33] phlex: the init in a vserver isn't 'real'. [16:33] but this is the process left :) [16:33] phlex: it's not. [16:34] phlex: it's a virtualized process, it's not a real one, you can't kill it. [16:34] how can I get rid of it (and the vserver associated?) [16:34] phlex: if all other processes in the ctx are gone, it's gone. [16:34] can i kill a specified contesxt? [16:34] AHTOH: that's just what phlex asked. :) [16:34] no stop but kill all processes in that context [16:35] Zoiah: This is what vps says: root 30569 49172 UNKNOWN 0.0 0.1 1504 936 ? S Feb04 0:00 init [16:35] AHTOH: [14:32:11] chcontext --ctx 99 killall5 -9 [16:35] yeah thanks [16:35] phlex: that's odd... you have more than one init in your vps? [16:36] Zoiah: The only thing that has been left. vserver-stat is "49172 1 2MB 234B m00.92 m00.21 15h03m22". [16:37] And you can't "chcontext --ctx 49172 kill -9 30569"? [16:37] I can. But it doesn't have any effect :( [16:37] phlex: that's very odd... which vserver version? [16:38] 1.24 [16:39] So I need to reboot to get rid of it? [16:39] vserver 1.24 with grsecurity. [16:39] what is grsecurity? [16:40] www.grsecurity.net It's set of patches to increase your systems security [16:40] phlex: probably, I don't know what this init came from. [16:40] at least giving you the possibility. [16:40] phlex: init is always PID #1 in a vserver. [16:41] ahhh!!! [16:41] Yes? [16:41] I forced unmount on all filesystems within the vserver. Then did the kill again. That works :) [16:41] hopefully my filesystems are ok... [16:42] Strange, it was having on a broken fs or something? [16:42] Let me check that. [16:42] No. filesystems seems to be ok. [16:42] Whatever, problem "solved". [16:43] thanks Zoiah, sladen, mids [16:43] dont forget to donate some e-gold! [16:43] :P [16:45] chcontext --ctx 49165 killall5 -9 [16:45] New security context is 49165 [16:45] vserver-stat [16:45] CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME DESCRIPTION [16:45] 0 74 445MB 41kB 11m26.04 10m09.08 13h47m18 root server [16:45] 49165 8 35MB 1kB m00.04 m00.02 17m20.87 [16:45] why not killed? [16:46] My donation: E-GOLD_0.0100_20050204_rl34mt6og/I4krImf3Q+p0qLIRQ_s4ySsTXCbYNj9LOJvfzQLk9yHyk [16:47] hehe [16:48] ensc (~ircensc@ultra.csn.tu-chemnitz.de) left irc: Ping timeout: 501 seconds [16:49] phlex: ok, exchange it for them [16:49] AHTOH: because some of the processes do not respond to a SIGKILL. [16:49] it seems that linux 2.4.24+grsecurity+vserver 1.24 holds some surprises. Yesterday I ran that "testme.sh" script. And the maschine said goodbye :) [16:50] anyway thanks@all. [16:50] grsec is too intrusive/conflicty with vserver to me. [16:50] I'm using 2.4.24-ow1-vs1.24 in production for a few weeks now. [16:51] hmm. perhaps I should switch... [16:51] That's openwall. [16:54] ensc (~ircensc@ultra.csn.tu-chemnitz.de) joined #vserver. [17:11] BobR (~georg@chello080109062083.15.14.vie.surfer.at) joined #vserver. [17:12] BobR (~georg@chello080109062083.15.14.vie.surfer.at) left #vserver. [17:15] kramer (~kramer@80.86.103.47) joined #vserver. [17:16] hi all [17:16] hi [17:16] btw what is a grsecurity? [17:16] AHTOH: it's a set of kernel patches. [17:16] what are they for? [17:16] who made the,? [17:17] it [17:17] AHTOH: security-related stuff. [17:17] AHTOH: google for your other question. :) [17:17] I've got this little problem with 2.4.24-vs1.24, running util-vserver-0.27 [17:17] btw will iptunnel or vtunnel work inside a vserver? [17:18] AHTOH: the device will work like any other device, but you will probably have to start the tunnel itself on the host. [17:18] hmm that case an iproot will be a tuun0? [17:18] AHTOH: yeah. [17:18] i started on two different vservers, two copies on burncpu, to see how they are scheduled... [17:19] this is the result: 32432 root 15 0 12 12 4 R 72.4 0.0 148:30 0 burnP6 [17:19] 31283 root 14 0 12 12 4 R 27.7 0.0 1229m 0 burnP6 [17:20] in other words, one is eating ~70% of the cpu, the other 30% [17:20] Then how come the 30% eating one has done far more CPU time? [17:20] Are the vservers doing anything else besides running the burnP6 process? [17:20] it was started a day sooner [17:21] no, only another one is running an apache [17:21] UP or SMP? [17:21] the /etc/vservers/*.conf files are almost identical, put aside the ip/host settings [17:22] it's a single-processor machine, P4/2GHz [17:22] Hmm... that one doesn't support HT, right? [17:22] not sure... it's not enabled, that's for sure [17:22] So you only see one CPU in /proc/cpuinfo ? [17:23] on the host? [17:23] Yeah. [17:24] yeah, HT is not enabled, if the proc supports it (can't reboot right now, the machine is in a datacenter somewhere) [17:25] bye and thanks again :) [17:25] phlex (~phlex@pD9E108D8.dip.t-dialin.net) left irc: Quit: Leaving [17:25] should i get that this is not common? [17:25] kramer: and if you run two burnP6s inside the same vserver or on the host they are properly scheduled? [17:28] Winkie (~paul@cpc1-stre1-6-0-cust47.bagu.cable.ntl.com) joined #vserver. [17:28] Zoiah: it's a bit better, 55 / 45 % [17:28] hey guys, uh, anyone managed to get vservers working on gentoo? [17:29] Winkie: sure, why not? [17:30] Zoiah, well the vserver ebuild seems to have vanished [17:30] and i've found little information non getting it working fully [17:31] Was there any vserver ebuild? My first contact with vservers was about a week ago... [17:32] util-vserver, http://bugs.gentoo.org/show_bug.cgi?id=33906 [17:32] thanx [17:34] Winkie: it's been a few months since I tested, but I just build a ctx kernel, installed the regular utils and it worked swell. [17:34] Zoiah, on gentoo? [17:34] Winkie: that's on gentoo, yes. [17:35] what about all the problems with the rc scripts? [17:35] brb I should really get some clothes on [17:36] Winkie: rc scripts? [17:36] Winkie: and yes, you should. ;) [17:36] Whocares (~aaa@62.29.118.189) left irc: Ping timeout: 492 seconds [17:37] Zoiah, there's lots of documentation suggesting the vservers won't start/shutdown properly because of the way the rc scripts work [17:39] Winkie: dunno, it worked for me. [17:41] Winkie: that's gentoo as host and redhat as guest btw. [17:41] Winkie: afaik gentoo as guest doesn't work fine by default, but it's fine as a host. [17:43] No, it doesn't :) I tried to install gentoo inside a test vserver, and it run well for about 2-3 days [17:44] After a vserver restart, it said that it couldn't find the root partition.... [17:45] ok, i entered the root password, i could see everything mounted by the host ok, no problems... However, it wouldn't start any services, etc. [17:46] kramer: that's what I said. [17:46] kramer: gentoo as host works, gentoo as guest (vserver) doesn't. :) [17:47] Zoiah, so you used gentoo as the vserver host, what did you use as the vserver guest? [17:47] Winkie: redhat [17:47] ah [17:47] now this sounds like an interesting plan [17:47] because I hate redhat like I hate being shot [17:47] but I don't care about the vservers [17:47] how exactly do you set it up? [17:49] Winkie: with the provided scripts of vserver. [17:50] Zoiah, i'm somewhat of a vserver newbie [17:50] so you installed a normal gentoo installation [17:50] patched the kernel? I take it vanilla-sources? [17:51] Winkie: I just took a vanilla kernel from www.kernel.org [17:55] maharaja (maharaja@ipax.tk) left irc: Read error: Connection reset by peer [17:57] maharaja (maharaja@ipax.tk) joined #vserver. [18:15] dasd (~aaa@62.29.125.175) joined #vserver. [18:17] what's a nice program to transfer files that are > 2GB? [18:17] ftp ? [18:17] no :( [18:17] why [18:17] does not see my 4GB file [18:17] bad ftp [18:17] dunno why [18:18] is there a limit on older kernels? I don't know [18:19] scp? [18:20] limit can be on a filesystem [18:22] where will i download kernel for vserveR ? [18:23] miller7: there was a previous limit in linux that limited files to 2GB. Only programs compiled with LFS (LargeFileSupport) support files >2G [18:24] Zoiah: :((( [18:25] where will i download kernel for vserveR ? [18:25] where can I find the LFS support? [18:25] miller7: any recent distro has it's programs compiled with LFS . [18:25] dasd: just build your own kernel with vserver support. If you're uncapable of doing this, I wouldn't advise you bothering with vserver yet. [18:26] Zoiah: I don't use a recent distro, that's my problem [18:26] ? [18:26] dasd: vserver isn't mature enough to be newbie-friendly. [18:26] miller7: hmm, then your split probably doesn't support 2GB files either.. otherwise you could just split it. :) [18:27] sigh [18:27] I am really pissed on that [18:27] miller7: how did you create the file? [18:28] dd? [18:28] miller7: you could build an ftp statically on a machine that does support lfs and move it to there. [18:28] good idea [18:28] I'll build a simple httpd [18:29] miller7: if you'll build it on that machine it probably wont support LFS either. [18:30] on another machien [18:30] hmm... how can I define it to be statically built? [18:31] miller7: -static [18:31] dasd: please don't msg me directly. [18:34] sigh [18:34] how can i run *.diff files ? [18:35] dasd: you don't run those files and if you don't know how to apply a patch, don't bother with vserver. [18:36] where should I give this -static? in the makefile in cflags? [18:36] i dont know, but i want to learn.. [18:37] miller7: ldflags if you have that, or otherwise cflags. [18:37] sigh [18:37] dasd: when you wanted to learn how to drive a car, did you begin with building your own engine from scratch? [18:37] I give it on cflags but still it gives me the same file size [18:37] Zoiah , could you install vserver on my server for me .. [18:37] dasd: no, sorry. [18:38] dasd: how old are you? [18:39] miller7: my question was a subtle way to guess his age. ;) [18:39] 17 [18:39] Zoiah: no subtle way here :) [18:40] Action: miller7 is about to throw his computer out of the window [18:40] miller7: what type/brand and where do you live? ;) [18:40] Toshiba Satellite 5205/S703 and I'm currently in Amsterdam [18:41] Bah, that's 200km or so away from me. :) [18:41] Zoiah, it is too difficult to help me [18:41] dasd: yes it is [18:41] you have to learn the basics [18:41] and then come back so we can help you with vserver [18:42] sorry to be brute but that's the truth (in my point of view) [18:42] btw, google is your friend [18:42] which site ? [18:42] http://www.google.com/ [18:42] :D [18:42] http://www.deja.com/ [18:42] try these there [18:43] lots of your Linux answers regarding diff and such will definately be there [18:43] then you can come back with specific questions and I will help you myself [18:43] ok? [18:43] (in the things that I can help you that is :-)) [18:45] Nick change: Bertl_zZz -> Bertl [18:46] hi all! [18:46] hey bert [18:48] Bertl: I'd just like to re-confirm if you ever feel like hacking up something with ipv6 like I proposed yesterday I'm more than willing to test it. :) [18:48] It's just that, I'd like to do it myself, but I'm not really into kernel hacking and I'm sure to forget important stuff. :) [18:50] Zoiah: I appreciate that, and I will accept that offer, as soon as I'm sure that my options for 'catch 'em all' solutions are depleted ;) [18:51] Bertl: would that take a day, a week, a month? Otherwise I might just try to whip up something myself tonight. :) [18:51] hmm, okay then start hacking if you feel like, I'll help where I can ... [18:52] Ok, great... I should probably build ipv6 support as a module to ease the hacking? [18:56] well, whatever you prefer, it's your hack ... [18:58] Bertl: hi [18:59] so that kernel failed to boot [18:59] hi Anton, I'm sorry that was my fault ... [18:59] ah [18:59] I tested the kernel patch for you, but only until it booted [18:59] so you have another patch? [18:59] didnt issue a vserver command ... [19:00] kernel failed on first init script -- some sesysfont [19:00] after you reported the failure, I checked it again, and saw the oops ... [19:00] okey -- do you have a new patch? [19:00] I'm really sorry, an updated patch is available [19:00] np [19:00] thats experimental i understand :) [19:00] http://vserver.13thfloor.at/Experimental/patch-2.4.25-pre8-vs1.3.6.2.diff [19:02] thanks -- trying now [19:03] with that alpha utilities shall work? [19:03] the quota patch is available too [19:03] yet now i use 1.3.6 with 0.28stable [19:03] wau, thats cool -- can u give a link also [19:03] ad tools, I added what enrico said he would require ... [19:04] ad patch, just a moment I have to upload it ... [19:04] but the quota stuff is untested for now ... should work but untested ... [19:05] so i will test :) [19:05] great! [19:06] about bootsptrapped debian i should ask enrico? [19:06] would be best, should be around I guess ... [19:08] http://vserver.13thfloor.at/Experimental/patch-2.4.25-pre8-vs1.3.6-q0.13pre2.diff [19:08] that is the quota patch ... [19:08] i got debian worked unedr stble utils [19:08] but fstab is empty [19:08] looks i have to finished configuring -- dselect or smth -- i wanted to ask how [19:09] enrico, are you around? [19:09] Persistent Context ID for files (Disabled, UID32/GID16, UID24/GID24, UID32/GID32) -- which one to choose? [19:10] well depends on your preference ... [19:10] I would suggest UID24/GID24 for the first try ... [19:10] basically the context id (xid) needs to be stored somewhere on the disk [19:11] UID32/GID16 stores it in the upper part of the group id [19:11] UID24/GID24 stores it in the upper quarter of uid and gid [19:11] oh yes i see now whats that up for [19:11] the last one UID32/GID32 stores it in an unused place of the inode (only works for ext2/ext3) [19:12] but i have ext3 [19:12] btw which kernelconfig sections should i look about vserver? [19:12] it's up to you, make sure that the vservers are on a separate partition ... [19:12] to check if i have everything enabled [19:13] and if not on a separated? [19:13] there is nothing to enable, only the vroot device and the tagging atm [19:13] if /var and /vservers is on the same partition, you will run into big troubles ... [19:13] why? [19:14] i have read about it in docs [19:14] habvent [19:15] what will be the problem? [19:15] simple, [19:16] the vserver start/stop scripts switch into the new context, and then store that context information ... [19:16] (in /var/run/vservers) [19:16] this will change the directory into that context, which will disallow the next start/stop to access it ... [19:17] but at me all is ok? [19:19] you should put the /vservers (wherever it is) on a separate partition, that's much easier ... [19:35] куищщештп Ж) [19:35] rebooting :) [19:36] hey even the smile is cyrillic? [19:38] juxt forgot to switch [19:38] i wrote in enflish [19:39] uff! this tyme kernel up [19:39] Bertl after every reboot i have proc problem? [19:39] should i run vproc in rc.local ? [19:39] yup, you have to use vproc again ... [19:40] vproc: ioctl not supported on /proc/virtual/info -- such warnings are ok? [19:41] yup, those are protected separately .. [19:41] you should make some tests what proc entries you 'really' need [19:41] I would say, they are /proc/*info and /proc/stat* [19:42] so doing vproc -d /proc/* [19:42] and vproc -e /proc/*info /proc/stat* [19:42] should be sufficient now, and the latter one for rc.local ... [19:44] vproc -d /proc/* -- one time only? [19:44] vproc -e /proc/*info /proc/stat* - every reboot? [19:44] yup, the -d is 'just' to get the 'startup' default for now [19:45] it undoes the vproc -e /proc/* you just did ... [19:45] ok just moving vservers to another partition [19:45] after that will try proc [19:56] okay, dinnertime ... back in 20min [19:56] dasd (~aaa@62.29.125.175) left irc: Quit: sssssssss [19:57] Nick change: Bertl -> Bertl_oO [20:06] /usr/src/vproc-0.01/vproc -e /proc/*info /proc/stat* -- dont helps [20:12] noel (~noel@pD952CD53.dip.t-dialin.net) joined #vserver. [20:14] Nick change: Bertl_oO -> Bertl [20:14] so [20:14] AHTOH: okay, let's see what we need in addition to that ... [20:14] i should do now a vproc -d /proc/* ? [20:14] btw thanks -- new alpha utils work fine [20:15] but i dont understand how to configure it now [20:15] so we managed to get the API working ;) [20:15] need to readm an xml [20:15] enrico added the wiki page, you read that? [20:15] (it's located under development) [20:16] searching [20:16] AHTOH: try to add vproc -e /proc/uptime [20:16] http://vserver.strahlungsfrei.de/tiki-index.php ? here [20:17] nope on linux-vserver.org ... [20:17] http://www.linux-vserver.org/index.php?page=alpha+util-vserver [20:17] Nick change: cgone -> cdub [20:18] hey CW! [20:18] ah [20:18] a have seen that yesterday [20:18] Bertl: mornin' ;-) (err, afternoon) [20:19] AHTOH: if /proc/uptime isn't sufficient, try /proc/loadavg too ... [20:20] AHTOH: a lot/most options can be given already at 'vserver ... build' time; what do you want to configure exactly? [20:23] [root@oxygen vproc-0.01]# vserver rh9 build -m apt-rpm -- -d rh9 pkgcfgbase-dir '/vservers/.pkg' does not exists or is invalid [20:23] if i forgot to do that options [20:23] i want 1) network(ip, host etc) 2) quotas,limits- memory, caps [20:24] hi ensc [20:24] a have new api working [20:24] quotas is not implemented yet [20:24] and must be conifgued in scriptlets [20:24] hi enrico, we have scriptlets? [20:24] all other limits - nice,sched,flags,caps,memory,process, whatever else? [20:25] for the interface, create an interfaces/0/ directory with an 'ip' file (with the ip), 'dev' (with the devicename), 'prefix' or 'mask', and optionally 'name' [20:26] name - hostname? [20:26] no, the interface name [20:26] i have /etc/vservers/.distributions//apt/sources.list configured(uncommented all) and apt installed , and rh9 bootstrap dont works [20:26] in the new tools, the interface is anonymously by default [20:26] what a difference between dev and name> [20:26] both eth0? [20:27] pkgcfgbase-dir '/vservers/.pkg' does not exists or is invalid [20:27] ensc: hmm anonymously? like working without a separate alias name? [20:27] when name 'xx' is configured for dev eth0, the interface is named eth0.xx [20:27] .xx ? [20:27] like vlan? [20:28] AHTOH: yes, this directory must be created manually [20:28] mkdir /vservers/.pkg ? nothing more? [20:28] can not do it in 'make install' since it violates the FHS too much... [20:28] nothing more... [20:28] Bertl: no, xx can be 'ftp' or 'www' or ... [20:29] yeah, but '.' not ':' ? [20:29] ok, : [20:29] vlan is supported too, but untested [20:29] okay, was worried that this would break the eth0.253:xy stuff ... [20:30] ensc: vserver rh9 build -m apt-rpm -- -d rh9 worked to quick [20:30] hell, why I'm worried, guess most folks never use that anyway, probably haven't even seen this before ;) [20:30] Bertl: why? [20:30] I never tested it but it should work there too (when iproute understands it) [20:31] should work, interface names ar 'just' names ... [20:31] AHTOH: which mirror do you have selected? The first one will not work... ;) [20:32] enrico, is there sa small chance to get 'basic' support for quota and maybe even disk limits in your tools, without including the q0.xx patch in the default release? [20:33] you have vrsetup and lsxid/chxid [20:34] and I'm grateful for that, what I mean is the setup/start/stop ... [20:34] what have I to do there? [20:35] proc/dev/net is needed [20:35] ensc: well, it would be very nice to save the current limits at vserver shutdown, and restore them on vserver start for example ... [20:35] or to calculate them based on the inodes/diskspace used in the vserver dir, and set the limits configured somewhere for the server ... [20:36] (this is disk limit stuff) [20:36] for quota it would be nice to add the quota hashes for the context ... [20:36] and remove them on shutdown (maybe also update/activate quota) [20:36] sorry, sounds complicated and will have to wait... [20:36] I just copied a vserver from one box to another and the apache does not run now... says address is already in use... any ideas? [20:37] probably the address is already in use ;) [20:37] not really [20:37] I rebooted the server and I just ran this vserver [20:37] and netstat does not show any other thing running [20:37] chcontext --ctx 1 lsof [20:37] chcontext --ctx 1 netstat [20:38] groupadd: unable to lock group file [20:38] ошибка: %pre(initscripts-7.14-1) ошибка выполнения сценария, код возврата 10 [20:38] ошибка: install: %pre ошибка сценария (2), пропускается initscripts-7.14-1 [20:38] ensc: Подпроцесс /usr/local/lib/util-vserver/vrpm-preload завершился с ошибкой (38). [20:38] sorry for cyrillic :) [20:38] nope... no port 80 is in use [20:39] hmmm [20:39] maybe https 443? [20:39] AHTOH: strange... are you using quotas? [20:39] initscipts -- script executing error code return 10 [20:39] i compiled quota patch but nothing more [20:39] there is one running bound at 0.0.0.0:80 [20:39] how can I see which ctx it is in? [20:39] bingo! [20:39] vps [20:40] search for httpd .. [20:40] AHTOH: can you build the vserver with '--context='? [20:40] (after the -m ...) [20:41] I stopped all VDS httpds and now again the same error [20:41] ctx1 does not show www now [20:41] ensc: ad quota/dlimit support, basic support would only require to save the limits on shutdown, which would be a nice thing for 'all' limits by the way ... [20:42] and restore them on vserver start (maybe with some option --restore)? [20:43] and basic quota support would be to setup the vroot device, which should be done anyway, and add a quota hash if configured ... [20:43] ensc ; just now trying fc1 [20:43] ensc: after it will try rh9 with context [20:44] ensc: fc1 the same [20:44] trying context [20:45] I don't understand what is going on [20:45] vserver rh9-2 build -m --context=101 apt-rpm -- -d rh9 - smth bad [20:46] AHTOH: no... --context after the '-m apt-rpm'. sorry... [20:46] ok [20:47] miller7: first, test with testme.sh ... [20:48] bert: the other 2 vds on this server run fine [20:48] I just rebooted [20:48] started the one with the problem [20:48] and still the same [20:48] it's very strange [20:48] okay, how many vserver are started atm? [20:48] none [20:48] sure? [20:48] I am currently installing lsof [20:48] yep [20:48] none is started automatically [20:48] okay, start the vserver which fails [20:49] just did [20:49] enter it and do grep ipv4root /proc/self/status [20:49] ok [20:49] it shows some things [20:49] show me that output if it dowsn't violate your security ... [20:50] sure [20:50] okay, this server has 8 ips [20:50] 8? [20:50] it has 7 [20:50] okay, can't count ;) [20:50] :D [20:51] should go back to elementary school ... ;) [20:51] this server was working as is (copy/paste) [20:51] on another bxo [20:51] box [20:51] okay, now let's check with ifconfig -a on the host ... [20:51] ensc: context helped [20:52] miller7: are those seven ips visible there? [20:52] yep [20:52] can this be any permission issue? [20:52] okay, what ips/ports are configured for this apache ... (unlikely) [20:53] bindaddress and listen [20:53] hmmm [20:54] perhaps there is the issue? [20:54] on newer kernels? [20:54] guess not, please show me that setup (in private) [20:54] yep [20:54] hmmm [20:54] bloody config [20:55] the new kernel (2.4.24) has some change or something [20:55] so my conf does not work [20:55] I left only one IP there and it works now [20:55] I have to assign the rest [20:55] THANKS Bert [20:55] hmm, np, but it is the apache config? [20:55] I hope so :) [20:56] the apache runs now [20:56] so... [20:56] I guess it was that [20:56] I have to check the other vservers and see their config [20:56] this config is really old [20:56] I wonder how it worked [20:56] well, I'm not convinced yet [20:56] previous kernel was 2.4.19ctx-13 [20:56] my assumption would be, that you specify an address which is now unused [20:57] changing that address to the one in use might get you the same error ... [20:57] what do you mean? [20:57] address=IP? [20:58] I can't assign a used IP cause this vserver is just copy of the data of the vserver on the old box [20:58] so no IP is messed (I hope) [20:58] anyway, I'm now rebooting and try to start the 3 vservers so I can see [20:59] are you sure no bind change has done since ctx-13? [20:59] yup address means ip/port [20:59] ok [21:01] seems to work nicely now after the reboot [21:01] Apache didn't like the directives [21:01] sigh [21:01] okay, I'll accept that ... [21:01] Action: miller7 thanks Bert again [21:01] I shouldn't have left this box on ctx-13 anyways... 316 days uptime :P [21:04] ensc: but how can i add packages to bootstrapped redhat? [21:04] with 'vapt-get -- install ' or 'vserver ... pkg install ' [21:04] vrpm exists too [21:05] is a package-name accepted by apt-get (e.g. 'XFree86') [21:05] vrpm name -qa -- how make that? [21:06] vrpm name -- -qa [21:06] no glic there is that ok? [21:06] glibc [21:07] kramer (~kramer@80.86.103.47) left irc: Quit: Leaving [21:07] sure? there should be around 50 pacakges [21:09] 43 packages [21:09] only glic-common and no glibc [21:11] do we have an vrpm on stable util-vserver? [21:12] oh sorry there is an glibc [21:12] strange... I have 43 packages too but glibc is one of them... [21:12] yes [21:12] you are right [21:12] vrpm in stable is not working/is very unsecure (like the entire stable branch) [21:12] i missed [21:18] ensc : what distr preferable for host server rh9 or fc1? [21:18] on production systems I have rh9, here I am using Fedora Devel (rawhide) [21:19] and where in config to set nice, hostname? [21:20] in /etc/vservers/.../{hostname,nice} [21:20] you can give it at 'vserver ... build' time too [21:21] see 'vserver - build --help' output [21:21] will vserver apt-rpm work on rh9 host ? [21:21] yes [21:23] but hostname will not work with 0.28.193 and experimental kernel patches [21:23] use 195 for that [21:23] hmm and wat else dont works with latest alpha patches [21:24] the new showattr/lsattr is not tested [21:25] ensc: no passwd in there? [21:26] no... I should perhaps set it in a post-scriptlet [21:26] and i had to get installed ssh stuff [21:26] vserver ... pkg install openssh-server [21:27] where's the problem? ;) [21:27] already [21:27] I am installing a really minimal RH system only [21:27] wah, passwd rewuired a ten packets [21:27] cyrus-sasl cyrus-sasl-md5 gdbm glib2 libuser openldap passwd [21:28] yeah -- you are right [21:28] minimal is better [21:29] ok, how to set memory limit and processes limit and set a sched in new utils? [21:30] AHTOH: when you want it by default, you can create your own distribution; copy existing /etc/vservers/.distributions/... to a new name and configure the additional packages [21:30] yeah i got the idea [21:31] create /etc/vservers/.../ulimits directory and create or .{hard,soft} files there [21:31] you can use 'inf' as a special word [21:31] virtuoso (~shisha@ip114-115.adsl.wplus.ru) left irc: Ping timeout: 492 seconds [21:32] is cpu,data,fsize,locks,memlock,nofile,nproc,rss and/or stack [21:33] a can read it in a xml file? [21:33] the first part; the resources are not enumerated yet [21:33] where is onboot control? [21:33] what are hard or soft? [21:33] as said already... the initscript does not exist yet [21:34] ahaaa [21:34] i can run vserver myserver start from /etc/rc.local ? [21:34] when soft is reached -> process gets a signal, hard -> is the real limit [21:34] yes [21:34] virtuoso (~shisha@ip114-115.adsl.wplus.ru) joined #vserver. [21:35] how to solve vproc problem? [21:35] setattr should do the same [21:36] currently it would be the best when you are assigning the flags manually; perhaps later, the kernelpatch has a white-list [21:38] yes, we will do a sane default, selectable per kconfig [21:38] but I didn't get much feedback what is considered 'sane' yet ... [21:38] or what is required for each distro, maybe Anton could check that out? [21:40] i can if you will say how :) [21:40] simple, there are a bunch of /proc entries which can be modified with vproc [21:41] vproc is the better choice for that test than setattr, because it a) supports the shortcuts for the visibility, and b) only affects the correct entries ... [21:42] you have to start with all enabled or all disabled and disable or enable one entry after the other, until the vserver works ... [21:42] strace could be used to detect some issues/requirements but we could also do something smarter ... [21:43] /usr/src/vproc-0.01/vproc -e /proc/*info /proc/stat* /proc/dev/* /proc/uptime /proc/loadavg -- will try now [21:43] what would you say to a patch, which simply logs all thos /proc accesses in the kernel log? [21:43] that would allow to run it with all entries enabled, and see what is actually used ... [21:45] what do you think AHTOH? [21:46] Bertl: strace? :) [21:46] yup strace, why not? [21:46] good idea [21:47] okay, I add a feature, where you can set a 'trigger' for each entry, and if that entry is accessed, a message is logged (once) [21:47] so you get all the required entries ... [21:56] ensc: is there a chance to add the -e -d -E -D (and maybe a -H) flags to the setattr? [21:57] not right now, just in the next release ... [22:08] strange i wrote vserver name start to rc.local [22:08] and it doesnt works [22:08] '-d' is already in use by this tool-family [22:09] AHTOH: bad paths? [22:10] likely -- alredy trying [22:11] ensc: is cpu,data,fsize,locks,memlock,nofile,nproc,rss and/or stack [22:11] what is that can you explain [22:11] cpu? [22:11] i didnt find that in a xml file [22:11] 'man setrlimit' should explain them [22:12] ok [22:12] 19:35 < ensc> the first part; the resources are not enumerated yet [22:12] dont understand [22:13] 'the first part' -> the general description; 'the resources are not enumerated yet' -> the possible values are (were) not described yet [22:14] there are no examples in man? [22:16] Action: miller7 is off for tonight. talk to you tomorrow guys [22:16] -bash-2.05b# df -h [22:16] Filesystem Size Used Avail Use% Mounted on [22:16] none 16M 0 16M 0% /tmp [22:16] -bash-2.05b# mount [22:16] none on /proc type proc (defaults) [22:16] none on /tmp type tmpfs (size=16m,mode=1777) [22:16] none on /dev/pts type devpts (gid=5,mode=620) [22:16] -bash-2.05b# [22:16] where is root? [22:16] night miller! [22:16] night Bert, thanks again for pointing out the problem before :) [22:18] ok CPU - RLIMIT_CPU [22:18] CPU time limit in seconds. [22:18] what ca i do is not clear [22:19] lets enumerate :) [22:20] currently supproted limts are NPROC, VM, LOCKED (useless) and RSS [22:20] where RSS isn't enforced on 2.4.x [22:21] nproc -- is simply number of processes - right? [22:21] 100 - 100 processes maximum [22:21] but what is vm [22:22] is that memory? [22:22] AHTOH: '/' is missing in 193; CVS (or 195) should have it [22:22] ok got it will upgrade [22:22] VM is virtual memory ... [22:23] RSS is Resident Set Size (physical memory used) [22:23] LOCKED is range locked in memory ... [22:24] so if i say VM -- i limit context with the memory? [22:24] what should i write in vm file [22:25] you limit the virtual memory, which is on a 'normal' server unlimited ;) [22:25] can i limit physical memry usage? [22:25] only on 2.6? [22:26] miller7 (none@213.239.180.106) left irc: Ping timeout: 492 seconds [22:29] there will be a limit for 2.6 but RSS is not physical memory per se ... [22:29] hmm seems 195 dont stops vserver [22:29] okay in 2.4 all i can limit is nice and number of processes and quota(not now) ? [22:30] but i can limit vm [22:30] thats good [22:30] and virtual memory, which protects against Dos [22:30] what should write into vm [22:30] number of bytes? [22:31] IIRC that was kbyte or pages ... [22:31] pags would be 8k [22:31] page=4096? am i owrong? [22:32] hmm, lets see ... [22:33] ensc: need help 195 fails to do anything [22:33] [root@oxygen root]# vserver rh9-2 start [22:33] [root@oxygen root]# [22:33] no [22:33] my fault [22:33] maybe wrong in config [22:33] but why it says nothing [22:34] current setup is in pages, and pages are between 4k and 64k atm (depending on the arch) [22:34] [root@oxygen rh9-2]# ls [22:34] apps fstab interfaces nice run.rev vdir [22:34] context hostname name run ulimits [22:37] [root@oxygen rh9-2]# vserver rh9-2 start [22:37] mount: none already mounted or . busy [22:37] Failed to mount fstab-line beginning with 'none' [22:37] mount: none already mounted or . busy [22:37] Failed to mount fstab-line beginning with 'none' [22:37] execvp(): Permission denied [22:39] starting 'rh9-2' from inside rh9-2? [22:39] no [22:39] that dir name [22:39] run is bad link is that ok? [22:39] yes [22:39] try 'stop' first [22:40] [root@oxygen rh9-2]# vserver-stat [22:40] CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME [22:40] 0 28 33M 2.7K 0m07s04 0m10s58 8m50s31 root server [22:40] [root@oxygen rh9-2]# vserver rh9-2 start [22:40] execvp(): Permission denied [22:40] stop dont helps [22:41] http://vserver.13thfloor.at/Experimental/delta-vs1.3.6.2-vs1.3.6.3-debug.diff [22:41] vserver --debug rh9-2 start [22:41] Bertl -- what are changes? [22:41] AHTOH: that patch will allow you to configure a 'trigger' for each proc entry ... [22:41] AHTOH: are you using the util-vserver rpms, or are you installing it manually? [22:42] from src [22:42] configure etc [22:43] do you need whole log? [22:43] comes the execvp() error after the 'chbind ... rc 3' line? [22:44] ++ /usr/local/sbin/chbind --silent --ip 212.xxx.xxx.xxx/26 /usr/local/lib/util-vserver/exec-ulimit /usr/local/etc/vservers/rh9-2/ulimits /usr/local/sbin/chcontext --silent --secure --ctx 101 /usr/local/lib/util-vserver/save_ctxinfo /usr/local/etc/vservers/rh9-2 /usr/local/lib/util-vserver/capchroot . /etc/rc.d/rc 3 [22:44] execvp(): Permission denied [22:44] yes [22:45] lets resolve this before i reboot with Bertls patch [22:45] execute flag on /etc/rc.d/rc maybe? [22:46] -rwxr-xr-x 1 root root 2310 Окт 22 20:24 rc [22:46] that was ok [22:46] i only changed 193 to 195 [22:47] what is 193 to 195? sorry didn't follow the discussions? [22:49] another idea, does /etc/rc.d/rc contain an interpreter, and is that available/executable? [22:49] (first line #!/... [22:49] 195 and 193 is util-vserver0.28 subversion [22:49] i changed them and everything got broken [22:49] this error comes propably from chcontext calling save_ctxinfo [22:49] ah okay, so it worked before, right? [22:49] yeah with 193's version [22:50] Bertl is it ok to use your latest patch with 0.28stable ? [22:51] AHTOH: works '/usr/local/sbin/chcontext --silent --secure --ctx 101 /bin/bash'? [22:51] I don't know ;) well from my side, anyways ... [22:51] ensc shouldn't that be tested with testme.sh? [22:52] ok, then use testme.sh [22:52] it says nothing [22:52] ensc: by the way, I'm fixing up vc_vx_info() atm ... [22:52] where should i take that testme [22:52] AHTOH: and '/usr/local/sbin/chcontext --silent --secure --ctx 101 /usr/local/lib/util-vserver/save_ctxinfo''? [22:52] http://vserver.13thfloor.at/Stuff/testme.sh [22:52] [root@oxygen src]# /usr/local/sbin/chcontext --silent --secure --ctx 101 /usr/local/lib/util-vserver/save_ctxinfo [22:52] vc_new_s_context(): Operation not permitted [22:53] [root@oxygen src]# ./testme.sh [22:53] hum, interesting?! [22:53] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [22:53] vc_new_s_context(): Operation not permitted [22:53] chcontext failed! [22:53] chbind is working. [22:53] Linux 2.4.25-pre8-vs1.3.6.2 i686//chbind 0.28.195 [E] [22:53] --- [22:53] vat (vat@pD9E3763B.dip0.t-ipconnect.de) left irc: Quit: Leaving [22:53] Bertl: perhaps I am missing something but your locking seems to be insufficiently [22:53] AHTOH: are you in host-ctx? [22:53] yeah [22:53] ensc: you mean for the vc_vx_info? [22:53] btw debian vserver is spawning good [22:54] [root@oxygen src]# vserver-stat [22:54] vc_new_s_context(): Operation not permitted [22:54] AHTOH: are you having strange ulimits? [22:54] aaa [22:54] your first bash was ok [22:54] which said nothing it worked [22:54] hehe [22:54] i havent noticed [22:55] so you where inside a context ;) [22:55] [root@oxygen src]# ./testme.sh [22:55] Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl [22:55] New security context is 1 [22:55] chcontext is working. [22:55] chbind is working. [22:55] Linux 2.4.25-pre8-vs1.3.6.2 i686//chbind 0.28.195 [E] [22:55] --- [22:55] [001]# succeeded. [22:55] [011]# succeeded. [22:55] [031]# succeeded. [22:55] [101]# succeeded. [22:55] [102]# succeeded. [22:55] Bertl: can you point me to a URL of your recent patch? I can not remember exactly what I saw yesterday [22:55] [201]# succeeded. [22:55] [202]# succeeded. [22:55] [root@oxygen src]# /usr/local/sbin/chcontext --silent --secure --ctx 101 /usr/local/lib/util-vserver/save_ctxinfo [22:55] execvp(): Permission denied [22:56] thats the problem [22:56] ensc: give me a few minutes, and I'll update that for you, then we talk about it okay? [22:56] AHTOH: is there a 000 barrier somewhere? [22:56] ok [22:56] what is 000 barrier? [22:56] chmod'ed 000 directory [22:56] dont know [22:56] TheSeer (~theseer@border.office.salesemotion.net) joined #vserver. [22:56] i havent chmoded anything [22:56] heya :) [22:56] drwxr-xr-x 9 root root 216 Фев 5 20:55 vservers [22:56] AHTOH: can you execute /usr/local/lib/util-vserver/save_ctxinfo from host-ctx? [22:57] [root@oxygen src]# /usr/local/lib/util-vserver/save_ctxinfo [22:57] Usage: save_ctxinfo * [22:57] AHTOH: must be somewhere on the path to save_ctxinfo [22:57] what parameters should i enter? [22:58] AHTOH: what's the mode of /usr/local/lib/util-vserver ? [22:58] drwxr-xr-x 5 root root 4096 Фев 5 22:29 util-vserver [22:58] strange... and /usr/local/lib? [22:59] drwxr-xr-x 4 root root 4096 Фев 5 22:29 lib [22:59] drwxr-xr-x 13 root root 4096 Янв 21 16:35 local [22:59] drwxr-xr-x 17 root root 4096 Янв 26 15:07 usr [23:00] ensc: http://vserver.13thfloor.at/Experimental/context.c but no need to hurry ... [23:00] is this filesystem quota enabled? [23:00] (requires tagxid/tagctx option) [23:01] but faulty context information could influence permissions ... [23:01] hi TheSeer! [23:02] didn't see you join ;) [23:02] Bertl: e.g. in find_vx_info(); when vc_vx_info() calls it with 'vxi = find_vx_info(id);' there is a race with the later 'vc_data.xid = vxi->vx_id;'. In the meantime another process could invalidate the vxi [23:03] find .. is supposed to return a locked version (ref count) but let me check ... [23:04] spin_lock(&vxlist_lock); [23:04] if ((vxi = __find_vx_info(id))) [23:04] get_vx_info(vxi); [23:04] ah you mean the get_vx_info()? ok... then I missed something. sorry [23:04] spin_unlock(&vxlist_lock); [23:04] np [23:04] bewtter to check twice ;) [23:06] I appreciate any race reports by the way, I don't want to add new races, now that we got race clean (or at least think we did ;) [23:08] AHTOH: sorry; I can not explain this. [23:08] ensc,Anton: please try to explain what happens to me once again? [23:09] 20:57 < AHTOH> [root@oxygen src]# /usr/local/sbin/chcontext --silent --secure --ctx 101 /usr/local/lib/util-vserver/save_ctxinfo [23:09] 20:57 < AHTOH> execvp(): Permission denied [23:09] okay and save_ctxinfo is what exactly? [23:09] or does what? [23:09] (well I know what is is in Jacks tools) [23:10] its executing triggers the error message [23:10] AHTOH: can you try 'filetime' instead of save_ctxinfo? [23:10] and save_ctxinfo doesn't execute an interpreter or something? [23:11] it happens at 'execvp("....save_ctxinfo"...)' [23:11] ufff [23:11] ok [23:11] what should i try [23:12] 21:12 < ensc> AHTOH: can you try 'filetime' instead of save_ctxinfo? [23:12] [root@oxygen src]# /usr/local/sbin/chcontext --silent --secure --ctx 101 /usr/local/lib/util-vserver/filetime [23:12] filetime version 0.28.195 [23:12] filetime file [23:12] [23:12] Prints the age of a file [23:12] (how long since it was created or modified) [23:12] so that works ;) [23:12] what are the perms of save_ctxinfo? [23:13] -rwxr-xr-x 1 root root 34310 Фев 5 22:29 /usr/local/lib/util-vserver/save_ctxinfo [23:13] check with lsxid too please ... [23:13] what? [23:13] lsxid /usr/local/lib/util-vserver/save_ctxinfo [23:14] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [23:14] hi Jon! [23:14] hey Bertl [23:14] TheSeer: do you see us? [23:15] AHTOH: what says 'ldd /usr/local/lib/util-vserver/save_ctxinfo' [23:15] [root@oxygen src]# ldd /usr/local/lib/util-vserver/save_ctxinfo [23:15] libvserver.so.0 => /usr/local/lib/libvserver.so.0 (0x40017000) [23:15] libc.so.6 => /lib/i686/libc.so.6 (0x40022000) [23:15] /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) [23:16] has the first library the correct rights? [23:16] was there a result for lsxid? [23:16] [root@oxygen src]# lsxid /usr/local/lib/util-vserver/save_ctxinfo [23:16] /usr/local/var/run/vservers.rev/49152 /usr/local/lib/util-vserver/save_ctxinfo [23:17] 49152? [23:17] lrwxrwxrwx 1 root root 19 Фев 5 22:29 /usr/local/lib/libvserver.so.0 -> libvserver.so.0.0.0 [23:17] that was someones context id [23:17] hmm, you have context tagging without tagxid? [23:17] sounds interesting ... [23:18] ok reboot -- will try uyour patch [23:18] hmm, yes that is possible ... [23:18] nope [23:18] no reboot [23:18] late :( [23:19] oaky, anyway, it will be there after the reboot ;) [23:19] hope [23:19] ensc: it is possible to have xid info on filesystems without tagxid .. if they where created with tagxid enabled ... [23:20] but what I do not understand is, that files should be on a partition without xid tagging anyway ... [23:20] Bertl: but that's not my fault, is it? [23:20] serving (~serving@213.186.188.205) left irc: Read error: Connection reset by peer [23:21] Doener_aw (~doener@pD9E12286.dip.t-dialin.net) joined #vserver. [23:21] hmm, don't know, the xid was set somehow ... maybe by executing that file/or writing that file from within the context ... [23:21] maybe it's just a kernel bug ;) [23:21] oh [23:21] i have reiserfs [23:21] is that ok? [23:22] for /vservers partition [23:22] hmm, which tagxid method did you enable? [23:22] 24 24 [23:22] likely [23:22] Nick change: Doener_aw -> Doener [23:22] okay, that is safe on reiser ... [23:22] hi Doener! [23:22] hi [23:22] hmmm [23:22] strange after reboot all ok [23:23] try some things please, first lsxid on that file [23:23] really [23:23] on which file [23:23] /usr/local/lib/util-vserver/save_ctxinfo [23:24] does it report 0 or 49152 or something else? [23:24] [root@oxygen /]# lsxid /usr/local/lib/util-vserver/save_ctxinfo [23:24] /usr/local/var/run/vservers.rev/101 /usr/local/lib/util-vserver/save_ctxinfo [23:24] BTW rh9-2 is built with fixe ctxid=101 [23:24] okay definitely a bug! [23:24] without it rh or fc refused to build [23:24] let's see where it is ... [23:25] just now everything works [23:25] yeah for five minutes, then, when you want to start ctx 102, everything fails ;) [23:26] and should i put a hostname and nice into /usr/local/etc/vservers/rh9-2? [23:26] Anton, you have a basic issue here, don't know why, but the xid tagging is messing up your rootfs ... or at least /usr/local/lib/util-vserver/* [23:27] oops i put hostname,nice and ulimits/vm ulimits/nproc and now it fails to work [23:27] that should not happen in any case ... so we should investigate that NOW! [23:27] five minutes over -- not working again -- thats good [23:27] :) [23:28] just now vserver start says nothing [23:28] but if i remove hostname,nice, ulimits/vm,nproc it will say a fail [23:28] Doener_zZz (~doener@pD9588A03.dip.t-dialin.net) left irc: Ping timeout: 501 seconds [23:30] AHTOH: could you show me the output of cat /proc/mounts on the host? [23:31] [root@oxygen rh9-2]# cat /proc/mounts [23:31] rootfs / rootfs rw 0 0 [23:31] /dev/root / ext3 rw,noatime 0 0 [23:31] /dev/pts /dev/pts devpts rw 0 0 [23:31] /dev/sdb2 /vservers reiserfs rw,noatime 0 0 [23:32] what a [23:32] what rootfs -- i dont understand [23:32] /dev/sda1 / ext3 noatime 1 1 [23:32] that is okay ... [23:32] thats in fstab [23:32] fstab is ignored for / [23:33] ok [23:34] could you try the following pleas: [23:34] +e [23:34] chcontext --ctx 200 touch /tmp/x [23:34] chcontext --ctx 300 touch /tmp/y [23:35] lsxid /tmp/[xy] [23:37] ok [23:37] but what is +e [23:37] the missing letter for the pleasE ;) [23:37] *burp* i ate it [23:37] [root@oxygen rh9-2]# chcontext --ctx 200 touch /tmp/x [23:37] New security context is 200 [23:37] [root@oxygen rh9-2]# chcontext --ctx 300 touch /tmp/y [23:37] New security context is 300 [23:37] [root@oxygen rh9-2]# lsxid /tmp/[xy] [23:37] 200 /tmp/x [23:37] 300 /tmp/y [23:37] [root@oxygen rh9-2]# [23:38] fascinating ... [23:38] yep [23:38] okay, now could you reboot that machine once again? [23:38] and repeat the lsxid only? [23:39] without chcontext? [23:39] yup [23:39] only the lsxid part ... [23:39] /usr/src/vproc-0.01/vproc -e /proc/* /proc/*/* [23:39] /usr/local/sbin/vserver rh9-2 start [23:39] that is in rc.local [23:39] no problem with that ... [23:39] is that ok that after reboot this lines will be excuted [23:39] ok reboot [23:40] I'd say, they now belong to xid=0 ... [23:41] deadguy (deadguy@bananajoe.big.du.se) left irc: Ping timeout: 492 seconds [23:42] [HvD] (~guess@62.99.252.14) left irc: Read error: Connection reset by peer [23:45] [root@oxygen root]# lsxid /tmp/[xy] [23:45] 0 /tmp/x [23:45] 0 /tmp/y [23:46] you are right [23:46] okay, you have to change a line in the kernel ... [23:46] whatever [23:46] fs/inode.c 122 [23:46] which one [23:46] inode->i_xid = vx_current_xid(); [23:46] just comment it out ... [23:47] // inode->i_xid = vx_current_xid(); [23:47] how in vim to jump to that line [23:47] 122G [23:47] can i not make dep but delete inode.o and then make install? [23:48] you just make bzImage that's all [23:48] no need to make anything else ... [23:48] make install will install it then ... [23:50] done reboot [23:51] when the machine is up again, repeat the test, including the chcontext, but remove the files first ... [23:51] and then again reboot? [23:52] no, should work now ;) [23:54] [root@oxygen root]# chcontext --ctx 200 touch /tmp/x [23:54] New security context is 200 [23:54] [root@oxygen root]# chcontext --ctx 300 touch /tmp/y [23:54] New security context is 300 [23:54] [root@oxygen root]# lsxid /tmp/[xy] [23:54] 0 /tmp/x [23:54] 0 /tmp/y [23:54] okay, now the rest should work as expected ... [23:54] no [23:55] ah [23:55] but when i put some config it fails [23:55] hmmm [23:55] will find which one [23:58] nice was wrong [23:58] where to put it? [23:58] enrico, you are on now ;) [23:59] what fails? [23:59] xxsearchxx (dbox3@81.92.166.46) joined #vserver. [23:59] hi xxsearchxx! [23:59] where to put nice ? [23:59] Hi. Working exploit to the real root dir @ http://priv.de/vserver_exploit/bla.c [23:59] AHTOH: into a /etc/vservers/.../nice file [00:00] --- Fri Feb 6 2004