[00:18] Nick change: Bertl_oO -> Bertl [00:25] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [00:31] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [00:31] maharaja (maja@ipax.tk) got netsplit. [00:31] deadguy (deadguy@bananajoe.big.du.se) got netsplit. [00:31] pollar (bc3@dievai.net) got netsplit. [00:31] _Axu_ (~axu@mail.mcmarketing.at) got netsplit. [00:31] Doener_zZz (~doener@p5082DA83.dip.t-dialin.net) got netsplit. [00:31] riel (~riel@riel.netop.oftc.net) got netsplit. [00:31] talon (talon@host-63-149-223-100.irwinresearch.com) got netsplit. [00:31] mcp (~hightower@wolk-project.de) got netsplit. [00:31] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [00:33] maharaja (maja@ipax.tk) returned to #vserver. [00:33] deadguy (deadguy@bananajoe.big.du.se) returned to #vserver. [00:33] pollar (bc3@dievai.net) returned to #vserver. [00:33] _Axu_ (~axu@mail.mcmarketing.at) returned to #vserver. [00:33] mcp (~hightower@wolk-project.de) returned to #vserver. [00:33] Doener_zZz (~doener@p5082DA83.dip.t-dialin.net) returned to #vserver. [00:33] riel (~riel@riel.netop.oftc.net) joined #vserver. [00:33] talon (talon@host-63-149-223-100.irwinresearch.com) returned to #vserver. [00:33] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [00:34] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [00:56] Doener_aw (~doener@p5082DBF5.dip.t-dialin.net) joined #vserver. [00:56] hi Doener! [00:56] hi! [00:56] Nick change: Doener_aw -> Doener [00:56] i wonder when my isp will have solved this... [00:57] the minute you change your isp ;) [00:57] solved what ? [00:57] i guess in the last two weeks i've been unable to connect for about one day in total... [00:57] whatever murphy doesn't care that much ;) [00:58] don't know what exactly is the problem... whenever i call them they have a different issue... [01:00] Doener_zZz (~doener@p5082DA83.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [01:00] I had this once, the company fired their best man, and nobody knew how the stuff actually worked before ... [01:00] explanations ranged from defective UPS to bad firmware in switch ... [01:01] Bertl: sorry you got fired [01:01] hehe [01:02] ;) [01:03] JonB, so let's talk about one of your many projects %-) [01:04] Bertl: well, it seems like i almost have 2 projects closed [01:05] Bertl: one is with a friend, the other alone [01:05] the alone one is making linux run on a embedded vr4133 board [01:06] which hasn't been done before, right? [01:06] and making a bootloader that can choose between 2 kernel + file systems, so it can be updated [01:07] like grub? [01:07] and possibly adding support in the kernel for using the cryptografic stuff in the cpu [01:07] Bertl: possibly, but i was thinking of assembler, since they want to save flash space [01:08] Bertl: the other is a blind reverse engineering project with a friend [01:08] i read the freebsd GEOM-GDBE driver, and write a documentation specs. [01:08] then my friend read what i created, and create a linux driver [01:09] hmm sounds interesting ... [01:10] we want to try how hard reverse engineering is [01:10] I would suggest 'Paycheck' for educational purposes ;) [01:11] paycheck =? [01:11] movie about reverse engineering ... [01:13] but it is with ben affleck :( [01:14] and?, and? ... [01:15] i've seen better acting at goatse.cx [01:16] the only good movies he's in, are movies where matt daemon is as well [01:17] you missed the Uma Thurman part, but whatever you say ... [01:17] Bertl: too old :/ [01:18] hrmpf, she is my age ... am I too old too? [01:18] i'm not into guys [01:18] hehe okay, you win! [01:18] wooohoo [01:18] what do i get ? [01:19] a shrubbery! [01:19] actually somebody owes me two shrubberies IIRC, so he now owes you one ... [01:19] cool :) [01:20] but you have to collect it yourself ... [01:20] hmm :( [01:24] Bertl: how old are you anyway ? [01:25] well, it's very close to Uma ... [01:25] then you are my age [01:27] and thats not old ;-P [01:27] but i still find uma too old [01:29] Nick change: riel -> unriel [01:46] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) left irc: Quit: Leaving [02:27] paul (~irssi@195.202.59.212) left irc: Quit: leaving [02:54] butonic (~butonic@port-212-202-25-66.reverse.qsc.de) joined #vserver. [02:54] hi butonic! [02:55] hi everybody [02:57] I want to set up three firewalls each in its own vserver. However, I dont know how to set the filter rules for each of them ... well I do not even know whether this is possible with vlinux. Any suggestions? [02:57] err vserver that is [02:58] well, you have to put all rules on the host, but besides this, it should not be a problem ... [02:58] it will be a good idea to ahve separate routing tables for them ... [02:59] Doener_zZz (~doener@pD9E12F9E.dip.t-dialin.net) joined #vserver. [03:00] so it should suffice to set up three subnets? I had prefered to seperate the firewall setup for each vserver, but i assume everything has to be configured on the host, hasn't it? [03:01] as I said, yes, unless you use FreeVPS which has per vserver iptables (but I do not know how secure this is) [03:01] Nick change: Doener_zZz -> Doener_ [03:01] Doener (~doener@p5082DBF5.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [03:02] hmm, ok thx a lot! [03:02] np [03:02] ill report to the wiki when i got my DMZ on a vserver-host ;) - n8 [03:02] butonic (~butonic@port-212-202-25-66.reverse.qsc.de) left #vserver. [03:07] Zoiah (Zoiah@matryoshka.zoiah.net) got netsplit. [03:07] talon (talon@host-63-149-223-100.irwinresearch.com) got netsplit. [03:07] _Axu_ (~axu@mail.mcmarketing.at) got netsplit. [03:07] pollar (bc3@dievai.net) got netsplit. [03:07] deadguy (deadguy@bananajoe.big.du.se) got netsplit. [03:07] maharaja (maja@ipax.tk) got netsplit. [03:07] unriel (~riel@riel.netop.oftc.net) got netsplit. [03:07] mcp (~hightower@wolk-project.de) got netsplit. [03:07] Bertl (~herbert@MAIL.13thfloor.at) got netsplit. [03:07] youam (~youam@ciara.youam.de) got netsplit. [03:07] Doener_ (~doener@pD9E12F9E.dip.t-dialin.net) got netsplit. [03:07] kestrel (athomas@home.swapoff.org) got netsplit. [03:07] eyck (~eyck@62.233.189.138) got netsplit. [03:07] ccooke (~ccooke@spc1-walt1-4-0-cust238.lond.broadband.ntl.com) got netsplit. [03:07] sladen (paul@starsky.19inch.net) got netsplit. [03:07] Medivh (ck@62.93.217.199) got netsplit. [03:07] kestrelw (~athomas@o2rosock0a.optus.net.au) got netsplit. [03:07] cdub (~chrisw@fw.osdl.org) got netsplit. [03:07] lilo (levin@lilo.usercloak.oftc.net) got netsplit. [03:07] Doener_ (~doener@pD9E12F9E.dip.t-dialin.net) returned to #vserver. [03:07] kestrel (athomas@home.swapoff.org) returned to #vserver. [03:07] eyck (~eyck@62.233.189.138) returned to #vserver. [03:07] ccooke (~ccooke@spc1-walt1-4-0-cust238.lond.broadband.ntl.com) returned to #vserver. [03:07] sladen (paul@starsky.19inch.net) returned to #vserver. [03:07] lilo (levin@lilo.usercloak.oftc.net) returned to #vserver. [03:07] kestrelw (~athomas@o2rosock0a.optus.net.au) returned to #vserver. [03:07] cdub (~chrisw@fw.osdl.org) returned to #vserver. [03:07] Medivh (ck@62.93.217.199) returned to #vserver. [03:08] Bertl (~herbert@MAIL.13thfloor.at) returned to #vserver. [03:08] maharaja (maja@ipax.tk) returned to #vserver. [03:08] deadguy (deadguy@bananajoe.big.du.se) returned to #vserver. [03:08] pollar (bc3@dievai.net) returned to #vserver. [03:08] _Axu_ (~axu@mail.mcmarketing.at) returned to #vserver. [03:08] mcp (~hightower@wolk-project.de) returned to #vserver. [03:08] unriel (~riel@riel.netop.oftc.net) returned to #vserver. [03:08] talon (talon@host-63-149-223-100.irwinresearch.com) returned to #vserver. [03:08] Zoiah (Zoiah@matryoshka.zoiah.net) returned to #vserver. [03:08] youam (~youam@ciara.youam.de) returned to #vserver. [03:51] Mister_A_ (~mab@nat01-clo-ext.Rutgers.EDU) joined #vserver. [04:09] Mister_A_ (~mab@nat01-clo-ext.Rutgers.EDU) left irc: [04:38] polarfox (bc3@dievai.net) joined #vserver. [04:39] pollar (bc3@dievai.net) left irc: Read error: Connection reset by peer [05:00] impact (impact@z10n.tech.us.edu.pl) joined #vserver. [05:00] hi impact! [05:01] hi :) [05:16] soor (as@pD951AABC.dip.t-dialin.net) joined #vserver. [05:16] hi soor! [05:18] soor_ (as@217.81.171.67) left irc: Ping timeout: 499 seconds [05:23] impact (impact@z10n.tech.us.edu.pl) left irc: Quit: Lost terminal [05:26] Nick change: cdub -> cgone [05:53] ben_ (ben@bengrimm-host229.dsl.visi.com) joined #vserver. [05:54] kestrel (athomas@home.swapoff.org) left irc: Quit: brb [05:56] kestrel (athomas@home.swapoff.org) joined #vserver. [06:02] Bertl: have any 'major' changes been made to the way a vserver is actually started/stopped, i.e. the final call of the vserver bash script? [06:02] say from vs1.00 to 0.09.8... [06:03] hum, what is the 'final' call? [06:04] that quite long line... 'chroot...chbind...chbind...whatever' [06:04] i guess thats the final action that script performs... [06:05] Doener_: about which util-vserver branch are you speaking? [06:05] for alpha: yes [06:05] not specific to util-vserver but vserver in general... [06:06] i think about writing a daemon to support starting/stopping vservers using configurations stored in a database... [06:07] so i need to known if the way a vserver is started/stopped differs from one vserver version to another [06:07] Doener_: what do you mean with 'vserver version'? [06:07] the kernel patch [06:08] the concept of a 'vserver' is defined by the userspace utilities... [06:09] the kernel does not know anything about a 'vserver' [06:09] it just sees processes and contexts [06:11] okay, you're right... i even told this once to someone myself... *bangs head against wall* [06:11] then in what way it has changed in the alpha-branch? [06:11] very much ;) [06:11] and it will change more [06:12] hmm... then i may end up with less work by just converting the database stuff to a configuration suitable for util-vserver... [06:13] start/stop commands are either defined by an init-style (sysv/minit/plain currently), or by manual commands [06:13] there are different kinds for start, stop and synchronizing [06:16] guess i'll have a look at it and decide afterwards what way is more suitable... [06:21] Doener_zZz (~doener@pD9E12E6C.dip.t-dialin.net) joined #vserver. [06:21] Nick change: Doener_zZz -> Doener [06:25] Doener_ (~doener@pD9E12F9E.dip.t-dialin.net) left irc: Ping timeout: 480 seconds [06:53] night everyone! [06:54] Nick change: Bertl -> Bertl_zZ [07:41] kestrel (athomas@home.swapoff.org) left irc: Quit: reboot [07:44] Doener (~doener@pD9E12E6C.dip.t-dialin.net) left irc: Ping timeout: 499 seconds [08:34] eyck (~eyck@62.233.189.138) left irc: Ping timeout: 480 seconds [08:40] eyck (~eyck@62.233.189.138) joined #vserver. [08:47] kestrel (athomas@home.swapoff.org) joined #vserver. [08:47] hello there [09:15] hello [09:33] Doener (~doener@pD9588136.dip.t-dialin.net) joined #vserver. [09:33] youam (~youam@ciara.youam.de) got netsplit. [09:36] youam (~youam@ciara.youam.de) returned to #vserver. [10:24] ben_ (ben@bengrimm-host229.dsl.visi.com) left irc: Ping timeout: 499 seconds [11:07] kestrel (athomas@home.swapoff.org) left irc: Quit: ircII EPIC4-1.0.1 -- Are we there yet? [11:21] kestrel (athomas@home.swapoff.org) joined #vserver. [11:56] rs (rs@ice.aspic.com) joined #vserver. [11:56] hey [12:26] chaosle (~yvan@bragi.fh-brandenburg.de) joined #vserver. [12:26] hi all [12:29] etienne (~eroulland@81.80.240.90) joined #vserver. [12:29] hi [12:35] ho [12:45] i'm testing vserver [12:47] i lonnkig for script to install a more recent mdk [12:47] s/lonnkig/looking/ [12:47] as fas as i know there 's only mdk-8.2 install script [12:49] <_Axu_> hi folks [14:14] stubbsd (~stubbsd@217.206.216.194) joined #vserver. [14:14] morning all, [14:59] serving (~serving@213.186.190.121) joined #vserver. [15:25] AHTOH (~Anton@212.1.230.115) joined #vserver. [15:25] hi ppl need help [15:36] man, i need dsl [15:37] i have a question about kernel routing in vserv [15:37] do we have routes for each vserver? [15:38] no [15:38] how it works? [15:38] if i have a route to some net through the if i dont see in my context [15:38] how will it work? [15:38] i believe routes are visible to all vservers [15:39] yeah [15:39] it just works [15:39] but what with packet sending to route which is routed to ETH i dont have [15:39] eg. my vservers are all on dummy0, but default routing out of the server is via eth0 [15:39] and it works [15:40] your case i think all your ifaces are eth0:? [15:40] no, dummy0 [15:40] dummy0:foo [15:40] dummy0:bar [16:00] JonB (~NoSuchUse@129.142.112.33.ip.tele2adsl.dk) joined #vserver. [16:15] AHTOH (~Anton@212.1.230.115) left #vserver (Client exiting). [16:32] ben (~ben@bengrimm-host225.dsl.visi.com) joined #vserver. [16:42] <_Axu_> has anyone a tip on how i can test the ctx kernelpatch works ? [16:43] <_Axu_> is still got unable to switch in context security #1 and dont know how to get any further [16:44] did you install the vserver-utils package? [16:44] <_Axu_> JonB: well, i think so :) [16:45] chcontext [16:46] <_Axu_> JonB: hmm, oki [16:47] does it exist ? [16:47] <_Axu_> JonB: jepp, but i dont get the syntax do do something other then printf ing the heltext :) [16:48] what system are you on ? [16:49] <_Axu_> hmm, sparc linux [16:49] <_Axu_> debian [16:49] did you make a filesystem image ? [16:50] <_Axu_> isnt there something like chkifctxisworking.sh ? [16:50] <_Axu_> JonB: what ? no. i have a fresh woody installation, a freshcompiled kernel that is ctx patched and want to check if ctx works. i built one vserver from the root machine [16:51] can that vserver start ? [16:51] <_Axu_> no [16:51] <_Axu_> i cant do anything vserverlike :) [16:51] what happens when you type [16:51] vserver start [16:51] <_Axu_> thats why i am blabbering the same error message into tghis channel for 2 days :) [16:51] or enter ? [16:52] i havent seen that error message [16:52] <_Axu_> JonB: i cant even do a vserver-stat [16:52] <_Axu_> vserver-stat: unable to switch in context security #1 [16:52] what about vps ? [16:52] <_Axu_> so there seems not to be a rootserver.... [16:52] <_Axu_> as far as i can tell [16:53] root server is context 0 [16:53] did you talk with bertl over this ? [16:53] <_Axu_> ok# [16:53] <_Axu_> JonB: hmm, dont think so [16:54] what is your time now ? [16:55] did you email the mailing list ? [16:56] <_Axu_> 14:58 [16:56] kay, come back in the evening, bertl is usualy on by then, and he's the guru [16:56] did you patch the kernel yourself ? [16:56] <_Axu_> JonB: thanks [16:57] <_Axu_> JonB: hehe jepp, but bertl supportet me with a fast patch to the patch. so i didnt patch all bymyself ;) [16:58] okay [16:58] so you did talk to him [16:59] <_Axu_> JonB: yes [17:00] <_Axu_> JonB: sorry, bad memory, no ecc [17:00] haha [17:05] <_Axu_> ensc: is there any plans to not be that redhatdistrospecific [17:05] <_Axu_> ? [17:12] stubbsd (~stubbsd@217.206.216.194) left irc: Ping timeout: 499 seconds [17:14] ensc isnt here, is he ? [17:15] <_Axu_> JonB: doesnt look so [17:19] i don't find a page wich explain which "features" you can't use [17:19] as tcpdump [17:19] tcpdump does'nt work in a virtual box ? [17:19] etienne: depends [17:19] Nick change: unriel -> riel [17:20] depends ? [17:20] etienne: vserver uses the capability system [17:20] so ? [17:20] etienne: meaning you can give a capability to a vserver, and/or to others. [17:20] etienne: to use tcpdump you would need CAP_NET_RAW [17:20] there are others [17:20] k [17:22] thanks [17:25] riel (~riel@riel.netop.oftc.net) left #vserver (Excess food). [17:26] hmmm [17:26] another one [17:26] if a give S_CAPS="CAP_NET_RAW" to a vserver [17:27] it can get all network packet even which destined toi the others vservers [17:27] am i right ? [17:28] yes [17:28] and they can change their network setup ? [17:28] i think [17:40] stubbsd (~stubbsd@217.206.216.194) joined #vserver. [17:54] AHTOH (~Anton@212.1.230.115) joined #vserver. [17:54] ensc? i need little help [18:04] monrad (~monrad@213083190243.sonofon.dk) joined #vserver. [18:15] Nick change: Bertl_zZ -> Bertl [18:29] _Axu_: bertl is here now [18:29] hey Bertl [18:29] hi Jon! [18:40] stubbsd (~stubbsd@217.206.216.194) left irc: Ping timeout: 480 seconds [18:48] [root@vserver:dns /]/etc/init.d/named start [18:48] Starting named: named: capset failed: Operation not permitted [18:48] anyone plz help [18:48] he has a CAP_SYS_ADMIN [18:48] already [18:49] anton: recompile named without the linux caps option [18:50] but what is about that problem? [18:50] http://www.linux-vserver.org/index.php?page=Linux-Vserver+FAQ [18:50] G. Software compatibility [18:51] bind plays with the capability system and tries to raise it's limits before giving up the caps ... [18:51] can i turn off ulimit? [18:52] i m ready to give him all [18:52] you can also post your logon/password on yahoo ... [18:52] i want to run it now in 5 minutes? is that possible? [18:52] later will recompile [18:52] sure, start it with all caps enabled ... (remove --secure) [18:52] start whom? [18:53] the apache ... [18:53] sorry bind [18:53] but can tune somehow vserver to enable that? no way? [18:53] please read the FAQ, it's CAP_SYS_RESOURCE [18:54] is not CAP_SYS_ADMIN a full set of caps? [18:55] http://archives.linux-vserver.org/200401/0081.html [18:57] o thanks [18:58] sorry for stupidness -- but i am to tired and in a hurry today :) [18:58] you are apologized ... [19:00] zev (~zev@masya.aviaserv.com.ua) joined #vserver. [19:00] hi zev! [19:00] hi [19:01] Berti i have some questions about networking inside vserver [19:01] Berti have you time? [19:02] ok. will join later... [19:02] Bertl, once more: we have one common routing kernel table or can i have different ones for each vserver? [19:03] AHTOH you speak russian? [19:03] yes [19:03] AHTOH privet [19:03] helo [19:03] AHTOH :) [19:06] anton: there is a feature called routing tables, you can setup one for each vserver ... [19:06] zev: yep, I have time now, go ahead ... [19:06] Berti is that feature in vs1.26 ? [19:07] which feature? [19:07] Berti "routing tables" [19:07] it's in vanilla 2.4.x, not vserver realted at all ... [19:07] does that feature means i can have a default gw for each vserv? [19:07] ah :) [19:07] yes, exactly ... [19:08] http://archives.linux-vserver.org/200311/0470.html [19:08] 8-) [19:08] Berti my question is exactly about Anton asked :) [19:08] good .. [19:12] Action: zev gone home... [19:12] zev (~zev@masya.aviaserv.com.ua) left irc: Quit: Trillian (http://www.ceruleanstudios.com) [19:18] Nick change: cgone -> cdub [19:18] hi cw! [19:19] Bertl: morning [19:19] hmm, chris, should I contact anybody specific at osdl regarding the kernel compile stuff? or should I just forget about doing it with osdl? [19:20] i'm in a conf. call, let me get back with you, ok? [19:20] np [19:35] monako (~monako@ts1-a111.Perm.dial.rol.ru) joined #vserver. [19:35] hi monako! [19:38] _shur1 (~shushushu@vserver.electronicbox.net) joined #vserver. [19:38] hi shuri! [19:39] <_shur1> hi [19:40] <_shur1> Bertl i found how to collect eth0:x data from vserver and put it on mrtg [19:40] <_shur1> ipttables + a littkle script to collect data [19:40] <_shur1> seem to work fine:P [19:41] yeah, that is/was what I'm saying ... (maybe not to you ;) [19:42] <_shur1> yes to me [19:42] <_shur1> i rewrite the script to collect data... [19:44] ah, okay, maybe you could add some How-To to the wiki, with some references to the required pieces ... [19:44] <_shur1> ok [19:44] <_shur1> about the cpu limite patch [19:44] <_shur1> it look fine.. [19:45] yeah, just sent a mail, so if you are interested in testing too, we can get a working version very fast ... [19:45] <_shur1> can you addatpt it to 2.4.25?? [19:46] <_shur1> of 2.4.24 [19:46] <_shur1> or [19:46] <_shur1> i can test it today [19:46] well, I'd prefer to put it in 2.6.3, but a 2.4.25-lck version is also on my todo list ... [19:47] <_shur1> i got problem with 2.6 and vserver [19:47] what issues? [19:47] <_shur1> the util-ttol do not compil [19:47] <_shur1> i past you the error last week [19:47] hmm, ever talked to enrico? [19:47] <_shur1> didnt understand your answer like usaly:P [19:48] sorry, okay, did you tell enrico about your issues with the tools? [19:48] <_shur1> yes [19:48] AHTOH (~Anton@212.1.230.115) left irc: Read error: Connection reset by peer [19:48] and, what did he say? [19:49] <_shur1> didnt understand his answer like usaly:P [19:49] <_shur1> lol [19:49] LOL [19:49] okay, that's a good one ... [19:49] do you ahve his answer somewhere? [19:49] <_shur1> no [19:50] okay, what tool versions did you try yet, and what distro do you use? [19:50] <_shur1> debian [19:50] debian woody? [19:50] <_shur1> yes [19:50] would it be an option for you to update to sarge? [19:50] <_shur1> sarge is unstable ? [19:51] well, I don't know what sarge is, but I know, that many people reported Sarge has no issues, woody has ... [19:51] <_shur1> humm [19:52] 17:11 < ensc> _shur1: call ./configure as 'CPPFLAGS="-D__NR_vserver=273" ./configure ...' [19:52] <_shur1> what is mean! [19:53] call ./configure as 'CPPFLAGS="-D__NR_vserver=273" ./configure ...' [19:53] <_shur1> i did that [19:54] does the same error happen at ./configure? Or at make-time? [19:55] <_shur1> configure [19:55] <_shur1> i'v stop testing after that... [19:56] <_shur1> apt-get dist-upgrade [19:56] <_shur1> upgrading to sarge [19:56] <_shur1> .. [19:56] _shur1: are you using stable or alpha branch? [19:59] mhepp (~mhepp@r72s22p13.home.nbox.cz) joined #vserver. [20:02] hi mhepp! [20:02] <_shur1> alpha [20:03] Bertl: hi! [20:08] _shur1: I do not understand completely why this happens, but 'ensc_cv_value_syscall_vserver=273 ./configure ...' should solve it [20:12] monako (~monako@ts1-a111.Perm.dial.rol.ru) left irc: Ping timeout: 499 seconds [20:18] <_shur1> ok [20:18] <_shur1> will retry [20:28] ben (~ben@bengrimm-host225.dsl.visi.com) left #vserver. [20:31] paul (~irssi@195.202.59.5) joined #vserver. [20:33] Moin! [20:33] hi paul! [20:44] rs (rs@ice.aspic.com) left irc: Quit: leaving [20:51] mhepp (~mhepp@r72s22p13.home.nbox.cz) left irc: Remote host closed the connection [20:54] dazedark (~chris@82-32-130-79.cable.ubr05.hawk.blueyonder.co.uk) joined #vserver. [20:55] hmm. [20:55] hi dazedark! [20:55] I think I have upset my vserver :) [20:55] hey herbert [20:55] better than your stomach! [20:55] root@asite:/# ps aux [20:55] Error: /proc must be mounted [20:55] To mount /proc at boot you need an /etc/fstab line like: [20:55] /proc /proc proc defaults [20:55] In the meantime, mount /proc /proc -t proc [20:55] proc security! [20:55] maybe I have vproc'd something I shouldn't have [20:55] :) [20:55] but ls -l /proc works [20:56] try chcontext --ctx 100 ls -l /proc [20:57] hmm, I don't have chcontext inside the vservers [20:57] on the host of course ... what does it show? [20:57] A normal ls -l of /proc [20:57] nothing odd [20:57] nothing missing? [20:58] ooh hell [20:58] loads of things are missing [20:58] you are with stable (1.26)? [20:58] yep [20:58] okay try with vproc -e /proc/[a-z]* /proc/[a-z]*/* /proc/[a-z]*/*/* [20:58] this will basically disable the proc security, so do it just for a test ... [20:59] (won't work if you did use the hide flag) [20:59] "vproc: ioctl not supported on /proc/self/lotsofthings [20:59] " [21:00] that's okay ... [21:00] can I mail you the two /proc listings? [21:01] it still doesn't work? [21:01] cos running chcontext ... after the vproc -e shows the same things [21:01] oh no, it works now [21:01] hmm [21:01] crazy [21:02] chaosle (~yvan@bragi.fh-brandenburg.de) left irc: Ping timeout: 480 seconds [21:03] ensc: could we add a sane default setup (configurable of course) to the vserver start/stop runlevel script, or did you already do that in alpha? [21:03] (I mean for the proc permissions/visibility) [21:03] Bertl: must be written; but does not happen before the general vserver initscript [21:05] what is your timeframe for this stuff, and alpha becoming stable? [21:06] ben (ben@bengrimm-host229.dsl.visi.com) joined #vserver. [21:06] hi ben! [21:06] hi Bertl! [21:09] Action: _shur1 just adding his first how to in the wiki [21:09] so, I think I'm going to merge the vserver patch for 2.4.25 with the lck patch [21:10] hmm, you are? [21:10] at least the performance patches [21:10] unless someone is already doing it... [21:11] decided I can't wait much longer on the o(1) scheduler - and at least my preliminary patching suggests that it's not going to be terribly difficult [21:11] a few rejects, but nothing crazy [21:12] hmm, you are doing what exactly? [21:12] in my vserver application? or... [21:13] in your patching ;) [21:13] ahh.. just wanting to take a stock 2.4.25, apply the ck patch set and then apply vserver [21:14] which vserver patch? [21:14] 1.3.8 [21:14] hmm, and you probably mean lck, right? [21:14] yeah lck [21:14] (said that above.. typod below) [21:15] won't work, at least the scheduling is broken after that ... [21:15] at the very least the lckbase diff [21:15] badly broken? [21:15] well, yes, that is why there are two branches (or where at least) [21:15] O(1) needs special vserver support ... [21:16] can I get that special vserver support from the previous patch? [21:16] or do you think I'd be getting in over my head ;-) [21:17] not sure ... you could have a look at the 2.6 implementation [21:17] or... how stable is the vserver patch for 2.6? [21:17] well it is probably as stable as the 1.3.x [21:18] ah, well that's probably good enough [21:18] hmm.. 2.6 something new every day [21:22] hi Bertl! [21:22] it looks like 0.29.3 compiles for me now! [21:23] great! [21:24] you had mentioned several days ago, when I was originally trying to compile it, some features that .29 has over .28 [21:24] I just read the Changelog and the News file, but none of them ring a bell [21:24] someone mentioned that the +t on /vservers is not heredetary in .29, but I think that this would be in the kernel, not in the utils [21:25] hmm, might it be that I suggested the alpha branch? [21:25] yes, you did [21:26] 0.29.3 is pre to stable, not alpha ... [21:27] Action: micah is looking at the logs [21:28] you suggested .29.2 [21:28] might be, I do not remember what the discussion was about ;) [21:28] it might be easier to tell me what you are up to ;) [21:28] hehe [21:29] I just have it on my list to resolve this :) [21:29] I can't remember why [21:29] you had asked me to send the error from the compile to enrico and the list [21:29] I am trying to remember why you were telling me to try .29.2 [21:30] ah, I was confused [21:30] okay, it's about the +t heredity issue ... [21:30] I thought .29.2 was the alpha util branch [21:30] that was what I meant with 19:28 < Bertl> 0.29.3 is pre to stable, not alpha ... [21:30] right, I've resolved the +t heredtary with scripts :) [21:31] yeah, I understand it now :) [21:31] well ok, I will probably stay with .28 until it becomes stable, and look forward to when alpha is stable for the nice things it has :) [21:31] I thought about doing a vs1.27 with the heredity issue fixed on the kernel side ... [21:31] jcollins (~jcollins@12.37.36.141) joined #vserver. [21:32] Bertl: yeah, the heredity is easily fixed with scripts so it isn't a big deal [21:32] bertl, oh well can't do 2.6 yet - no stable drbd support guess I'll have to muddle through for a couple more months [21:32] I think that I thought the .29 stuff would have the unify things that alpha has [21:32] because I thought .29 was the alpha branch [21:32] that was my opinion too, and neither 1.3.8 nor the 2.6 versions have this problem [21:33] etienne (~eroulland@81.80.240.90) left irc: Quit: Client exiting [21:33] ben, you'd test a lck version extensively? [21:33] Can anybody point me in the right direction regarding UDP issues in the host server? I've read the mailing list about fixing sshd and still no go. [21:33] so i wont need to worry about flags when 1.4 comes out then? [21:33] Basically things like 'host ' don't work. [21:34] jcollins: which kernel patches? [21:34] talon: no! [21:34] bertl, I'd make sure it works at least, put it under high load on both up and smp systems [21:34] Bertl: vs1.24 [21:34] Bertl: on a 2.4.24 kernel [21:34] hum hum, no security issues? [21:35] Bertl: same kernel on a different box works fine. [21:35] then it must be a user configuration issue, right? [21:35] Bertl: hm, the LVM guy doesn't seem to have a solution to my VGDA problem [21:36] that sounds bad, Heinz usually knows a solution to any LVM issue :( [21:37] well, he hasn't replied [21:37] Bertl: on one server /proc/self/status says "ipv4root: 0" and on the other its "ipv4root: 0100007f/00ffffff 9f064b0a/00ffffff" [21:37] I jsut assume that means he doesn't know [21:38] jcollins: that means, that one server doesn't specify IPs and the other does specify 127.0.0.1 and 10.75.6.159 ... [21:39] Bertl: You mean in calls to chbind and such for v_*? [21:39] Bertl: and the one with "ipv4root: 0" is the working server [21:39] and we are talking about vserver and not host bindings? [21:40] jcollins: give me some details about your vserver configs, maybe in private ... [21:41] the problem is not with the vservers but the vserver host [21:45] ah okay, so you are talking about ssh to the hsot, or something like this? [21:45] Purple vs. Green [21:45] hmm, day of the tentacle? [21:45] nope, B5 [21:50] Bertl: I think what lvscan and vgscan do is read /dev/lvm and compare them to /etc/lvmtab [21:51] well, vgscan is supposed to update this table [21:51] not sure about lvscan ... [21:52] its the same with vgdisplay, it reads /dev/lvm and /etc/lvmtab and then says that they differ :p [21:52] probabaly best would be to make a backup, and scratch the entire pv [21:53] yeah :p [21:53] I wonder if it is because I have /dev/md0 and /dev/md1 which used to be under LVM but aren't anymore [21:54] hmm, 'but aren't anymore' ? [21:55] right, well let me explain [21:55] I've got /dev/sda and /dev/sdb setup as a raid mirror [21:56] Personalities : [raid0] [raid1] [21:56] read_ahead 1024 sectors [21:56] md0 : active raid1 sdb1[0] sda1[1] [21:56] 96256 blocks [2/2] [UU] [21:56] [21:56] md1 : active raid1 sdb2[0] sda2[1] [21:56] 2000000 blocks [2/2] [UU] [21:56] [21:56] md2 : active raid1 sdb4[0] sda4[1] [21:56] 5807424 blocks [2/2] [UU] [21:56] /dev/md1 and /dev/md0 are NOT under LVM: [21:56] /dev/md1 1968528 224340 1644188 13% / [21:56] /dev/md0 93207 15035 73360 18% /boot [21:56] but /dev/md2 is: [21:56] /dev/rootvg/homelv 495844 14983 455261 4% /home [21:57] /dev/rootvg/usrlv 1032088 862296 117364 89% /usr [21:57] /dev/rootvg/varlv 1032088 144224 835436 15% /var [21:57] I think in our transition to this setup, /dev/md0 and /dev/md1 were under LVM at one point in a temporary volumegroup rootvg02 or something [21:58] hmm, you did zero out the volume after that, right? [21:58] I used to have /dev/rootvg2 [21:58] well, I dont think I dd if=/dev/zero of=/dev/sda1 if thats what you mean [21:58] but I wrote over the partition, remade it etc. [21:59] could rootvg2 still be in the uuid or whatever it is callde at the beginning of the disk? [22:00] hm ... try a vgscan -v -d and make the output available somewhere ... [22:01] ok, I am rebootingand breaking my mirrors so I can zero out one disk in the mirror, sync it up, and then zero out the other [22:01] when I did a vgscan -v -d before all it showed were rootvg, no rootvg2 [22:01] but when it comes back up, I'll get it available [22:05] oh interesting [22:05] I rebooted, adding: [22:05] failed-disk 1 [22:05] to /dev/md0 and /dev/md1 in /etc/raidtab [22:06] but /proc/mdstat shows them both now [22:06] and vgscan pulls in rootvg2 [22:06] dazedark (~chris@82-32-130-79.cable.ubr05.hawk.blueyonder.co.uk) left irc: Quit: ..(cyp): BitchX: its not your ordinary stick of gum [22:06] yeah, I'd walk you through zeroing out your raid mirror ;) [22:06] s/d/ll [22:07] now I I am very confused [22:07] change back your raidtab to the 'original' config please ... [22:07] done [22:08] now use raidsetfaulty to specify a failing disk (please use only one physical disc) [22:08] I think I recall doing a vgrename [22:08] well wait, I am not sure if zeroing out the raidset is the right way [22:08] because if you look at this: [22:08] pvscan ~ [22:08] pvscan -- reading all physical volumes (this may take a while...) [22:08] pvscan -- ACTIVE PV "/dev/md2" of VG "rootvg2" [5.53 GB / 3.04 GB free] [22:08] pvscan -- total: 1 [5.54 GB] / in use: 1 [5.54 GB] / in no VG: 0 [0] [22:09] it only shows /dev/md2, which is good [22:09] what does dmesg show? [22:09] although my fstab has /dev/rootvg/homelv lvscan lists them as /dev/rootvg2/homelv [22:10] looking at dmesg [22:10] nothing out of the ordinary [22:10] har har ... [22:11] creates the raid setup, runs lvm... [22:11] ? [22:11] well, mine doesn't show anything out of the ordinary too, and it works ... [22:11] this makes no sense to me, I only changed /dev/md0 and /dev/md1 in the raidttab, but /dev/md2 seemed to be affected [22:11] well, mine is working now [22:11] although it is strange [22:12] I wonder if it is because I did the vgrename and it only renamed on one of the mirrors of /dev/md2 [22:14] do you still want to see vgscan -d -v [22:14] ? [22:14] vgscan -d -v only references rootvg2 now [22:15] do you still have an issue, and want it fixed? [22:15] ExpiryJames (~james@h24-71-63-164.ok.shawcable.net) joined #vserver. [22:16] heh [22:16] hi james! [22:16] well, I am concerned that if I reboot again the other vgname will show up again [22:16] I am suspicious that rootvg is on /dev/sda4 of /dev/md2 and rootvg2 is on /dev/sdb4 of /dev/md2 [22:17] in the uuid or whatever that small beginning partition is called [22:17] on the actual physical disk [22:17] might be, that's why I liked the idear of zeroing out the raid ... [22:17] maybe we should do that just to be safe [22:17] go ahead! [22:19] ok, what is the proper procedure? [22:19] 1. raidsetfaulty /dev/md2 /dev/sda4 [22:19] 2. dd if=/dev/zero of=/dev/sda4 [22:19] 3. raidhotadd /dev/md2 /dev/sda4, wait for resync [22:19] 4. repeat with other physical device in /dev/md2 [22:19] ? [22:20] you have to hotremove/add the disk [22:21] ah so put hotremove after #1 [22:22] yep [22:22] wont this destroy my LVM setup though? [22:23] hum, why should it? did I miss anything? [22:23] you ahve a lvm on a mirror raid right? [22:23] well because I zero out the disks, that will destroy the LVM information right? [22:24] what is the purpose of a mirror raid? [22:24] also, I shouldn't I put something like a count=512 or something on that dd so it doesn't take forever [22:24] the raid mirror is beneath the LVM [22:25] yeah, so 'what is the purpose of a mirror raid?' [22:26] it is so if one disk fails, the system will still be usable [22:26] maybe I dont understand your question? [22:26] okay, the upper layer of a mirror raid, should not be able to detect, that the lower layer has only one disc, right? [22:27] (if one disk fails/is zeroed out/etc ) [22:28] right [22:28] so it should not confuse lvm if you do so, right? [22:28] right, for the one disk [22:29] but if I do it for the second, one it confuse it [22:29] ? [22:29] s/one/wont [22:29] if you do it for the second one, you lost your raid pal ... [22:29] heh [22:29] no, I mean following that procedure above [22:29] you have to reconstruct the one zeroed out ... [22:29] I re-sync the zero'd disk [22:29] after that, the game is where you started ... [22:29] right, but does the reconstructing of the zero'd disk bring in the LVM metadata? [22:30] because I thought a raid reconstruction would only bring in filesystem [22:30] the raid is block level partition [22:30] ah! [22:30] ok [22:30] this I didn't know [22:31] ok, going to do dd if=/dev/zero of=/dev/sda4 bs=512 count=2 [22:31] should be enough, no? [22:31] I'd use bs=1M (no count) [22:31] ok [22:31] can't hurt to get rid of the entire partition contents [22:32] IIRC the lvm metadata is stored at the end of a partition ... [22:32] (or at least the raid metadata is) [22:32] ok [22:32] good to know, I think the veritas VM has it at the beginning [22:33] Action: micah dd's [22:35] takes some time :) [22:35] it is only 6gigs too [22:35] I get nervous doing this heh [22:36] dd: writing `/dev/sda4': No space left on device [22:36] that must mean I reached the end [22:37] now resyncing [22:55] dont think that means what you think it means. might want to see if you just filled up one of your filesystems and that sda4 isnt just one big file now. [22:59] no space is okay ... [23:00] probably returned some xxx+y [23:00] if the partition isn't at 1M boundary it will run into the no space issue [23:07] Bertl: is there some place on the wiki where I can put my HOWTO I'm constructing? [23:07] I dont want to contribute to the general disorganized state of the wiki and just put it anywhere, I want to put it in the right spot [23:09] hmm, good point, try to describe the contents in a short sentence ... [23:09] <_shur1> lol [23:09] Goal: Setup a secured chroot/jailed hosting environment using a [23:09] minimal debootstrapped testing vserver as a reference server to [23:09] unify against and a host machine with grsecurity resulting in a [23:09] completely isolated virtual hosting environment. [23:09] thats the Goal of the HOWTO :) [23:10] okay, so I read debian, and hosting, and setup, right? [23:10] we are creating a template system that will create vservers based on their request, using ldap and the scripts that we are putting together, all of that will be included when we are finished [23:10] yes [23:11] there is a http://www.linux-vserver.org/index.php?page=GettingStarted [23:11] which is very poor ... [23:11] in the end it will end up here: http://deb.riseup.net/ [23:11] for example: http://deb.riseup.net/mail-server/buffy/ [23:11] there is also the http://www.linux-vserver.org/index.php?page=DebianVserver [23:12] which wasn't updated for some time ... [23:12] yeah, although I am not using any of the debian utilities or packages of vserver [23:13] so if you plan to enhance the wiki, I'd suggest taking those, and replacing them with a better version called ... [23:13] 'Getting started with VServer Hosting' or something like this [23:14] if that isn't what you want, just add a link to your page, or make a new entry at the Howtos section in the Documentation ... [23:15] maybe I can put those two DebianVserver and GettingStarted into that "Getting started with Vserver Hosting" and add mine [23:16] that was the idea ;) [23:16] :) [23:16] under the Documentaiton section [23:17] should I put "Getting started with Vserver Hosting" under the HowTo section of Documentation? [23:17] I'd say, use "Getting Started" as a page name, and title it this way ... [23:18] Documentation/Howtos sounds good to me ... [23:19] ok [23:28] bertl, is there a capability I need to turn on to allow vservers to mount nfs exports? [23:28] mount returns permission denied ;-) [23:29] yes, there is ... [23:29] might it be documented somewhere? [23:29] #define CAP_SYS_ADMIN 21 [23:30] yes, it is documented in the /usr/include/linux/capability.h file and on the linux-vserver.org pages [23:30] hmm... looking... [23:31] the most I found was that 'yep you can do it - but you can't have an nfs server in a vserver' [23:31] http://archives.linux-vserver.org/200401/0081.html [23:31] wonderful - thanks [23:32] but I'd suggest mounting the nfs _before_ the vserver is started, as this is also secure, and as we found out, you better use tcp as option [23:33] sure, I was going to just do that otherwise but thought it might be handy to be able to mount them from inside [23:34] well, you should read up on what CAP_SYS_ADMIN allows somebody to do from inside a vserver ... [23:34] why is it better to use tcp? [23:34] yeah, it looks like it does nearly everything [23:34] so I'd prefer to avoid that [23:34] basically it boils down to, if you allow mount inside a vserver, you give vserver root access to your host ... [23:34] makes sense [23:35] any plans to add userspace mounting? [23:36] yes, did you read my posting? [23:36] (actually cross posting ...) [23:36] nope, did not see it! [23:36] micah: before you do another 100 pages, there is a preview!!! [23:37] micah: folks subscribed to the wiki mailing list will hate you! [23:37] found it [23:38] er maybe not.. found mention of it [23:39] Subject: [Vserver] [FWD] [RFC] [PATCH] allowing user mounts [23:39] Bertl: sorry. :P [23:40] ben: Date: Tue, 17 Feb 2004 12:58:10 +0100 [23:40] Bertl: I am using preview now, I didn't realize there was a mailing list :P [23:40] I can't figure out the formatting, wikis can drive me crazy [23:40] bertl, yep that's the one I found [23:40] micah: scroll up to the top, read the second line ... [23:40] sounds good [23:40] Bertl: yeah, I've been reading the "Formatting Rules" section [23:40] but there is nothing on formatting paragraphs [23:41] I'll happily wait for it and just mount the fs from the host server for now [23:41] have a look at the main page ... [23:41] ben: sounds not that bad, right? [23:43] bertl, sounds good [23:45] ExpiryJames (~james@h24-71-63-164.ok.shawcable.net) left irc: Quit: Leaving [23:47] [HvD] (~guess@62.99.252.14) joined #vserver. [23:48] hi [HvD]! [23:51] dilox (~dilox@host204-10.pool8249.interbusiness.it) joined #vserver. [23:51] hi bertl! [23:51] hi dilox! [23:52] how r u? [23:52] fine, thanks, and how r u? [23:52] fine tnx [23:53] when things were well on vserver (tnx to yuo) [23:53] ... [23:53] chief said to leave project for a while [23:53] :(