--- Log opened czw maj 06 00:00:05 2004 --- Day changed czw maj 06 2004 00:00:05< Doener> you're welcome 00:00:18< Napalm> that started fine now 00:00:30< Napalm> what service is "atd"? 00:00:51< Napalm> i've its on this redhat 8 image i got from JVDS 00:01:38< Napalm> found it: atd â run jobs queued for later execution 00:01:43>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 00:02:50< Napalm> Doener: do you know how to search for RPMs that contain a specific term like "atd" 00:03:16< Napalm> i must seem dumb, its just ive been using BSD for so long 00:03:29< Napalm> you use make scripts for everything BSD 00:04:06< Doener> no, i've started using linux just a year ago and only used debian longer than an hour ;) 00:05:05< Napalm> i think im going to try installing a debian vds, have a look around and a play 00:06:29< Doener> but i'm pretty sure Bertl_OnAir will know how to do that search 00:07:39< Doener> Napalm: the ulimit stuff is defined in the newvserver script itself, line 263 in the version i've got, just search for '1000' and you should find it 00:09:03< Napalm> Doener: did a search, found it, same line, thx again 00:09:12< Doener> no problem 00:09:26< Napalm> heres a funny for the channel 00:09:51< Napalm> how many of us in the room smoke? percentage wise? what does everyone think. 00:10:43< Bertl_OnAir> 42% 00:11:03< Napalm> i was thinking about 60% 00:11:20< Doener> 53% 00:11:48< Napalm> Bert: do you know how to search for rpms that contain a frase like "dta" 00:12:02< taxcollector> Why do Europeans smoke so much? :) 00:12:02< Bertl_OnAir> pbone is nice ... 00:12:28< Napalm> i mean installed rpms, i need to remove one but i dont know the exact version id? 00:12:30< Bertl_OnAir> here in the room (in europe) 0% smoke ... 00:12:43< Napalm> i smoke and im UK? 00:12:49< albeiro> Bertl_OnAir: onAir ? radio ? 00:12:56< ensc> Napalm: rpm -qa | grep dta ? 00:13:13< Bertl_OnAir> hi enrico! 00:13:16< Doener> over here: 100% (right, i'm alone in the room ;)) 00:13:30< Napalm> thanks ensc, i guess -qa is 'query all' 00:13:52< ensc> Napalm: newer versions understand 'rpm -qa dta*' also 00:13:53>> virtuoso [~s0t0na@113ppp11.telegraph.spb.ru] has quit [Read error: Connection reset by peer] 00:14:11< Napalm> that also worked 00:16:57< Napalm> you know when someone SSH's in to a vserver do they get root@vserver:vds01 prompt or is that because im entering from the host server? 00:19:59< Doener> what hostname is entered in the configuration? even when entering through the host, i get a 'normal' prompt 00:27:13>> hiaslboy is now known as hiaslboy_zZ 00:28:33< infowolfe> what's onair? 00:29:13< Bertl_OnAir> radio ... 00:32:47< Napalm> sorry doener went to check my emails 00:33:00< Doener> no problem 00:33:04< Napalm> Doener: vds01 is the name of the VDS unit 00:33:25< Napalm> Doener: its the fact that its prefixed with vserver 00:33:53< Doener> not the one you use with vserver XXX enter but the one in /path/to/xxx.conf on the S_HOSTNAME line 00:34:53< Napalm> Doener: its a domain name blah1.blah.com 00:35:22>> axu [gl@81-223-242-7.dynamic.xdsl-line.inode.at] has joined #vserver 00:35:26< axu> hi folks 00:35:28< Napalm> hi 00:35:51< Bertl_OnAir> hi axu! 00:35:51< Doener> hi axu 00:36:10< axu> hihi Bertl_OnAir, Doener 00:36:50< Napalm> is it possible to keep the vds clients not knowing what software runs there vserver? 00:36:51< Doener> Napalm: for S_HOSTNAME? 00:37:29< Napalm> Doener: S_HOSTNAME=blah1.blah.com 00:38:53< Doener> that line should contain the hostname that you see in the prompt... 00:39:17< Doener> random example: S_HOSTNAME="skillers" results in skillers:/# 00:40:07< Napalm> Doener: right again ;) 00:40:34< Napalm> Doener: you know the SSH fail error, logs on the vserver read this 00:40:34< Napalm> sshd[29363]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use. 00:40:39< Doener> maybe the script recognizes the blah1.blah.com as illegal and generates the vserver:vds01 automatically 00:41:12< Doener> then the message indicating that sshd has been successfully started is plain wrong ;) 00:41:18< Doener> same solution as for the httpd 00:41:34< Napalm> hmm 00:41:45< Bertl_OnAir> is your host sshd wrapped or configured properly? 00:41:58< Doener> #ListenAddress 0.0.0.0 00:42:15< Doener> uncomment that line in sshd_config and insert the proper ip address 00:42:40< Doener> oh well, the wrappers are also a solution 00:43:30< Napalm> Doener: host or vserver? 00:43:33< Doener> host 00:43:46< Doener> same issue as for the httpd 00:57:33< Napalm> Doener: seems to have fixed it all 00:57:43< Doener> great! 01:32:22< Napalm> right you guys, i've been chatting to a fellow developer about a front-end control system for vserver and it seems to be a gohead, we are writing everything up over this weekend and i'll try making some papers about the subject 01:32:58< Napalm> i'll try and keep the vserver mailing list informed about the progress and once the paper is written i will post it on the vserver wiki 01:33:51< Napalm> once the whole idea is down on paper and all bugs worked out we will start the actual development process 01:34:08< Napalm> any comments? Bert I know you want your say? 01:34:32< Doener> what kind of front-end? 01:36:13< Napalm> the whole idea is based on a command queing system, the will be the main management handler passing commands between a php web frontend and a backend function library 01:37:05< Napalm> function library <---> que manager <---> php frontend 01:37:35< Napalm> theres a overlaying mysql database storing the que 01:38:11< Doener> http://vserver.wireless-winds.de/ those guys are working on something like that 01:38:15< Napalm> and there might be a overlaying function library for filtering and validation 01:38:54< Napalm> Doener: the URL is'nt resolving 01:39:51< Doener> i've written one sometime ago, will probably be gpl'd once i get the time to rewrite some parts and add translation support... 01:40:08< Napalm> where are you from Doener? 01:40:35< Doener> Germany 01:41:05< Napalm> kühl 01:41:09< Napalm> :D 01:41:13< Bertl_OnAir> chilly! 01:41:18< Napalm> babelfish you have to love to hate it 01:41:58< Napalm> this control system we are going to work on will not only be for vserver 01:42:11< Bertl_OnAir> also for virtuozzo? 01:42:14< Napalm> so i am in talks with the other developer about GPL'ing it 01:42:42< Bertl_OnAir> ah I thought you said (last time) that it will be open source ... 01:42:57< Doener> me? or Napalm? 01:43:03< Napalm> me 01:43:11< Bertl_OnAir> so GPL would be a good choice then ;) 01:43:25< Napalm> yes im thinking a seperate vserver version 01:43:29< Napalm> GPL'ed 01:43:57< Doener> ok, cause i've been talking about making mine GPL for a long time now ;) guess i need to pull it upwards on my priority list 01:44:12< Napalm> :) would be nice to see 01:44:41< Napalm> i will start a domain and site for it, with the Wiki system that Bert runs 01:44:54< Napalm> i've tested it and im starting to like it alot 01:45:22< Napalm> so GPL'ed with Wiki and contributions welcome seem's to be the way to go 01:45:53< Napalm> any thoughts/comments Bert? 01:45:58< Bertl_OnAir> sec 01:46:09< Doener> he's currently talking on air ;) 01:46:23< mids> what is the license now? 01:46:54< Napalm> mids: license for what? 01:47:08< mids> the stuff you want to gpl 01:47:16< Napalm> its not been created yet 01:47:18< mids> ah 01:47:27 * mids crawls back into his cave 01:47:36< Napalm> its still just talk at the moment 01:47:38< Napalm> lol 01:47:48< Napalm> * lol@mids 01:48:01< Napalm> mids: where you from? 01:48:12< mids> the netherlands 01:48:17< Napalm> cool 01:48:27< Napalm> ive got a server in belgium 01:48:30< Doener> no babelfish this time? ;( 01:48:37< Napalm> ive erlernte Deutsches in 10 Sekunden mit Hilfe des babelfish 01:48:41< mids> nice. I have one in german 01:48:43< mids> y 01:48:47< mids> germanny 01:49:05< mids> hm, with 1 'n' it looks better 01:49:18< Napalm> ;) 01:49:22< Doener> Napalm: better don't tell anyone ;) 01:49:51< Napalm> heheheheh its now been saved into the logs, doh ;) 01:50:58>> serving [~serving@213.186.189.95] has joined #vserver 01:51:57< Napalm> Bert: is it ok if if you can modify the link title for the Fedora 1 vserver setup on the wiki to say Fedora1 and RH9 because it states inside the installation tutorial that its compatible with RH9 01:52:16>> Bertl_OnAir is now known as Bertl 01:52:26< Bertl> so I'm OffAir again ... 01:52:33< Napalm> if i'd seen this when i first came to vserver it would have saved alot of time 01:52:41< Napalm> wb Bert 01:52:43< Napalm> ;) 01:52:57< Bertl> okay, what's up, short info for me please ... 01:53:24< Napalm> Bert: just a link title for a page on the wiki 01:54:08< Napalm> Bert: http://www.linux-vserver.org/index.php?page=FedoraHowTo < states that its also RH9 compatible 01:56:23< Bertl> hmm, and it isn't? 01:56:34< Napalm> Bert: is'nt it? 01:56:57< Napalm> Bert: maybe that comment should be removed then? 01:57:31< Bertl> well that was my question, you think it is not 9.0 or general RH compatible? 01:58:19< Napalm> Bert: i think its RH9 compatible, with a few modifications to state that this bit is different for RH9 02:00:17< Napalm> Bert: Question for you, will cq-tools and vr-tools work with kernel mod vs1.27? if so what version of them? 02:04:03< Bertl> ad comp RH 9 02:04:16< Bertl> well go ahead add the comments where appropriate ... 02:04:16< Napalm> ?? 02:04:27< Napalm> oh ok 02:04:30< Napalm> will do 02:04:36< Bertl> ad cq/vr: latest tools should work for vs1.27 02:04:48< Bertl> if not, please let me know ... 02:05:26< Napalm> Bert: this looks very interesting, im going to try and follow it for my RH9 Kernel 2.4.26-vs1.27 setup 02:05:28< Napalm> http://vserver.strahlungsfrei.de/tiki-download_wiki_attachment.php?attId=9 02:10:34< Napalm> Bert: have you seen this patch? http://vserver.strahlungsfrei.de/tiki-index.php?page=NoAliasPatch 02:10:51< Napalm> Bert: do you think its worth applying it to my setup? 02:12:32< Bertl> well using tun/tap is just for fun ... it buys you nothing ... 02:12:44< Bertl> you could as well use dummy devices for that ... 02:12:52< Bertl> but if you like, why not ... 02:13:23< Napalm> im just wondering if there is anyway to name all the devices eth0 02:13:56< Bertl> no, not at the moment ... 02:14:09< Napalm> Bert: surely the kernel can pickup what context the network function requests are coming from and act apon it as a per context base 02:14:23< Napalm> so that way it would'nt matter what the device was called 02:14:37< Bertl> sure, but it brings a bunch of different issues ... 02:14:40< shuri> Bertl i got no more problem with exp14 02:14:46< shuri> 1 days uptime 02:14:49< Bertl> shuri: good to hear ... 02:14:59< Bertl> Napalm: 02:15:00< shuri> no more kernel crash 02:15:23< Bertl> - for example the fact that you can't see the interfaces on the host 02:15:42< Bertl> - or the fact that if you need more than one interface, you have to handle this special 02:16:25< Bertl> - and last but not least, how to stop one context from taking down the interface for all others 02:16:47< Napalm> i see now 02:16:54< Napalm> gets quite complex 02:17:13< Bertl> atm, the concept is simple, if you _need_ eth0 for whatever reason, you have to trade speed and use UML for example ... 02:17:13< Napalm> well lets see what the future holds 02:17:47< Napalm> ive found another vds provider that does this, but they use BSD 02:18:30< Napalm> and its not open source 02:18:31< Bertl> my opinion is, that it would be way better to explain to the customer that they have a better performance and lower latency with this system, and therefor they have to live with eth0:xyz for example ... 02:18:55< Napalm> true 02:19:05< Napalm> i will do that 02:19:10< Bertl> so IMHO the complete 'virtualization' stuff can be reduced to providing the 'essential' information ... 02:19:37< Doener> and if he wants to see eth0, write an ifconfig wrapper ;) 02:19:53< Bertl> for example a web page which shows the actual traffic is 100 times more useful than a virtualized eth0 which shows those values ... 02:19:53< broo> Bertl: in pre13 should you see the network interface on the host if its something that you brought up in the vserver 02:20:27< Bertl> broo: you can not bring up interfaces in a vserver .. well not with the default caps/settings 02:20:44< broo> yeah I have CAP_NET_RAW in this particular vserver 02:20:48< Bertl> but the host should see all interfaces ... 02:20:57< broo> cause it doesn't show up in the host 02:21:08< Bertl> probably because you use namespaces ... 02:21:24< broo> dunno 02:21:33< broo> how do you set up namespaces 02:21:45< Napalm> *cowers* whats all this namespaces? as im using the old utils 02:21:45< Bertl> you have to ask ensc about that ... 02:22:23< broo> hmm wonder if I set it up accidentally when converting from a config file to the new directory layout style 02:22:24< Bertl> basically the namespace extension allows to have a separate namespace for each context, so that mounts and such stuff do not show up on the host ... 02:22:24>> flock [~restless@l192-115-29-147.broadband.actcom.net.il] has joined #vserver 02:22:25< ensc> namespaces should not influence interfaces... 02:22:42< Bertl> hi restless flock! 02:22:50< ensc> interfaces are created *without* aliases by default 02:22:51< flock> hehe, hi Bertl:) 02:23:07< Napalm> thx Bert 02:23:08< flock> its 3:22 local time, and im still working out quota on that vserver 02:23:09< flock> :) 02:23:23< ensc> use 'ip addr' to show them within a vserver 02:23:36< ensc> (or in the host) 02:23:47< broo> its interesting in the vserver I see eth0 with no ip and in the host I see eth0 and the aliases but not the vserver one 02:23:51< Bertl> flock: well, what do you need? 02:24:09< broo> ip addr shows it in both, interesting, wonder why ifconfig doesn't 02:24:25< ensc> to assign aliases, create a file 'name' in the corresponding /etc/vservers/.../interfaces/.../ directory 02:24:29< Bertl> broo: might be my 'fault' ... 02:24:44< ensc> ('name' should contain the name) 02:24:48< Bertl> ehh, I mean 'it's a feature ;)' 02:24:56< broo> :) 02:25:16< flock> Bertl: if i knew id ask, rtfm-ing for now. wont waste your time. I dont know how quota works at all in the vserver environment, found some howto from 2002. Roaming around the site in the topic right now:) 02:25:53< Napalm> flock i found this ealier it might help http://vserver.strahlungsfrei.de/tiki-download_wiki_attachment.php?attId=9 02:25:53< Bertl> broo: but sounds interesting ... could you (try to) do a testcase with chbind and chcontext? 02:26:23< Bertl> flock: what patches do you use atm? 02:27:14< flock> Bertl: no clue, i dont have access to outside the vserver yet. thus, reading for now:) 02:27:21< flock> thanks Napalm, ill bookmark! 02:27:23< Doener> bye guys, i'm off to bed... g'night everyone! 02:27:28< Bertl> night Doener! 02:27:29< flock> night Doener 02:27:39< Bertl> flock: hmm, so you are trapped inside a vserver? 02:27:45< Napalm> np flock 02:28:09< Napalm> night Doener 02:28:12< flock> Bertl: kinda... i cant figure out what is my root device, i dont have /dev/hdv? atm 02:28:33< Bertl> well, who is administrating the host? 02:28:57< flock> Bertl: i am, i dont have the passwords yet 02:29:16< Napalm> am i right in thinking that vroot maps the real hd/sd device to a virtual device in the vserver so quota can then be set? 02:29:18< flock> only access to that vserver to configure cpanel, which i did 02:29:22< Bertl> hmm, okay, sounds a little weird to me ... 02:30:03< Bertl> basically the Host administrator has to do some things to allow for per vserver quota ... 02:30:18< Bertl> (like setting up a quota hash, or configuring a vroot device) 02:30:32< Bertl> which in your case probably hasn't been done yet ... 02:30:37< flock> Bertl: im the new admin, and im kinda playing around with vserver atm. Im getting a box to test stuff on and get a proper config, since we are to install a new kernel there 02:31:17>> monrad [~monrad@213083190237.sonofon.dk] has quit [Quit: Leaving] 02:31:25< flock> Bertl: no /dev/vroot either. You say i should recompile the kernel in order to get that? Or is there anywhere i can get insight info on the subject? 02:31:48< flock> for vroot i need to recompile the kernel, just found out... 02:32:03< Napalm> can vserver-copy backup to other host servers? so we can have 2 dedicated boxes, one 1 day behind the other 02:32:04< Bertl> really depends on the current kernel ... 02:32:25< Bertl> Napalm: it's easier to do it with dump/restore or rsync 02:32:43< flock> thanks alot Bertl! 02:32:44< Napalm> rsync sounds good to me 02:33:12< Napalm> will rsync work with unification? 02:33:42< Bertl> probably not, but dump/restore is inode based, and handles it well ... 02:34:04< Napalm> well i guess its dump restore 02:34:30< Bertl> Napalm: I'm going to rename your wiki pages a little, because we do not need a third name for the utils ... 02:34:43< Napalm> np, you know best 02:35:27< Napalm> Bert: does dump archive in bzip? 02:35:28< Bertl> you plan to maintain this stuff for RH9 and friends? 02:35:41< Napalm> yes 02:35:45< flock> Bertl: anyone tryed doing something with vserver + pax(/grsecurity)/owall 02:35:47< Napalm> im the RH9 man now 02:35:48< Napalm> lol 02:35:57< Bertl> so if enrico releases 0.29.5 you will update it? 02:36:07< ensc> 0.29.5 is released ;) 02:36:29< Bertl> ah, thanks enrico for this useful test ;) 02:36:29< ensc> it has some Debian improvements 02:36:54< Napalm> ensc: are they RH 9 compatible? 02:37:13< ensc> they should not influence the RH 9 compatibility 02:37:18< axu> bye folks, good night 02:37:19< Napalm> ensc: if so any URLs? 02:37:22>> axu [gl@81-223-242-7.dynamic.xdsl-line.inode.at] has left #vserver [Leaving] 02:37:26< ensc> usual place... 02:37:33< Napalm> 13th floor? 02:37:34< Bertl> Napalm: RH9 only? 02:37:58< ensc> files link at https://savannah.nongnu.org/projects/util-vserver/ should point to it 02:38:04< Napalm> Bert: can you elaborate on that last one ? 02:38:12< Bertl> (just a question, could be fedora, rh el etc) 02:38:30< Bertl> not sure what you have in mind ... 02:38:49< Napalm> well i will be diving into Fedora without a doubt but i need to get experience with it first so RH9 only for now 02:39:07< Bertl> okay ... good 02:39:14< ensc> Napalm: RH 9 is dead; and FC1 is a good replacement 02:39:58< Napalm> ensc: but people still use RH9 and ofcourse as i am working up from RH9 to Fedora it means i can document my progress to help others 02:40:26< Napalm> sound good ensc? 02:41:11< ensc> Napalm: when you can provide further security updates: np 02:43:41< Bertl> okay Napalm, I relabeled it to Util-VServer for RH9 (for now) 02:44:52< Napalm> ok brilliant 02:44:59< broo> something interesting must happen with the vserver start command, I don't seem to be able to work the combination that brings up a secondary interface (named or unnamed) using chbind chcontext 02:45:05< Bertl> I'd suggest also to dig through the different wiki pages (docus) and see where RH9 is mentioned/documented and revise that .. or reuse/sort/organize it ... 02:45:38< broo> so I'm sure I'm just missing something elementary 02:46:37< Napalm> Bert: sounds good. I'll get to it over this following week 02:47:24< Napalm> Bert: would it be better to use the vserver wiki for this front-end manager 02:47:52< Bertl> broo: try bash -c "ip addr add 192.168.0.1/24 label a dev eth0; ip addr add 192.168.0.2/24 label b dev eth0; ..." 02:48:01< Napalm> Bert: if so i will keep you upto date, on when we have papers and docs to insert 02:48:27< Bertl> well, you can use it for that purpose ... if you like, or setup your own .... 02:48:50< Bertl> it's not that complicated ... 02:51:03< Napalm> most probly our own to keep the two projects seprerate, then just interlink the two sites 02:51:33< Napalm> ensc: am i looking at the right files? http://www-user.tu-chemnitz.de/~ensc/util-vserver/pre/util-vserver-0.29.5.tar.bz2 02:51:49< ensc> Napalm: yep 02:52:13< Napalm> ensc: is that the final? or do these patches also need to be applied? 02:52:15< ensc> Napalm: x.y.z with small, but existing 'z' are prereleases 02:52:32< ensc> Napalm: the tarball is everything which you need 02:52:42< Napalm> ensc: ty 02:52:45< ensc> patches are mainly for information purposes 02:52:58< broo> Bertl: Cannot find device "eth0" 02:53:07< ensc> (you could apply them, but would need 'autoreconf -i -f' also) 02:54:53< Napalm> ensc: what are the feature improvments of the pre .5 release? 02:55:18< ensc> + - 'distrib-info' knows now how to deal with Debian; vunify & 02:55:18< ensc> + related tools should now work there (patch provided by Matthew 02:55:18< ensc> + Lavy) 02:55:18< ensc> + 02:55:18< ensc> + - init-scripts are now a little bit more Debian compliantly 02:55:21< ensc> + (Savannah patch #2633; provided by Noèl Köthe) 02:56:10< Napalm> ensc: noted 02:56:12< Bertl> broo: so you have no eth0? 02:56:30< ensc> Napalm: just look at the top of the patches... 02:56:30< Bertl> btw, it should read: 02:56:36< Bertl> bash -c "ip addr add 192.168.0.1/24 label eth0:a dev eth0; ..." 02:57:04< Napalm> ensc: so you are the guy whos making these utils? 02:57:11< ensc> yep 02:57:36< Napalm> im guessing your working tightly with Bert? 02:57:55< ensc> yep 02:58:27< Bertl> Napalm: ad dump: compression is possible with -z option ... 02:58:28< Napalm> maybe there should be a page on the wiki on who to contact about certain subjects? 02:58:57< Bertl> the mailing list ;) 02:59:00< Napalm> Bert: saw earlier but was'nt sure, thank you for the note. 02:59:15< Napalm> ahh, yes, more centralized 02:59:25< ensc> Napalm: maillist is the best place, or the Savannah bugtracker 02:59:38< broo> Bertl: I can only execute it if I don't set --secure on the chcontext otherwise depending on things I set I get the no eth0 to RTNETLINK answers: Operation not permitted 02:59:39< Bertl> it's a community project, and folks really help each other here ... you might have noticed this ;) 02:59:42< Napalm> im new to mailinglists 03:00:26< Napalm> yep and the community atmosphere is good which is also a bonus 03:00:34< Bertl> broo: well, that reminds me of the short story: "doctor, it hurts when I do that!" doctor: "well, then don't do that!" 03:01:09< Bertl> (or at least add some caps with --cap ... 03:01:11< Bertl> ) 03:01:27< Bertl> like CAP_NET_ADMIN for example ... 03:04:25< broo> but the question kind of remains why does it work for my vserver which doesn't have CAP_NET_ADMIN :) 03:04:38< broo> and CAP_NET_ADMIN with --secure did work 03:09:49< Napalm> does anyone know how to stop rpm from changing filenames when removeing packages 03:10:00< Napalm> ie. warning: /etc/vservers/newvserver.defaults saved as /etc/vservers/newvserver.defaults.rpmsave 03:11:21>> taxcollector [~taxcollec@192.16.167.161] has quit [Remote host closed the connection] 03:11:25< ensc> Napalm: should not happen. newvserver.default is marked as '%config(noreplace)' so the new one should be installed as newvserver.defaults.rpmnew 03:12:10< Napalm> its just when removing the old ones, or is there an update option for rpm? 03:12:27< Bertl> broo: don't know, maybe you have CAP_NET_ADMIN, you just don't know? 03:12:59< Bertl> broo: from inside the vserver, what does "grep Cap /proc/self/status" show? 03:13:16< Bertl> okay, folks, have to go to bed now, I'm really exhausted ... 03:14:02< Bertl> broo: compare that to a chcontext --secure grep Cap /proc/self/status 03:14:15< Napalm> i bet, with all of us taxing your mind, escpecially me :D ;) 03:14:23< Bertl> okay, cya all tomorrow ... 03:14:28< Napalm> cya 03:14:34>> Bertl is now known as Bertl_zZ 03:14:46< ensc> Napalm: renaming happens when a %config file in the filesystem differs from the packaged one, *and* when the new packaged file differs from the old packaged file 03:15:20< ensc> when %config(noreplace) is used, the new config-file will be saved as .rpmnew; when only %config, the old file renamed to .rpmsave 03:15:57< ensc> when file exists without packagemanagemnt information and a new %config file will be installed, the old file is renamed to .rpmorig 03:16:11< ensc> there is no way to prevent this renaming 03:16:28< Napalm> ty ensc 03:16:38< ensc> differs == you get an output at 'rpm -V' 03:16:49< Napalm> ive just moved back to RH from BSD so its all coming back now 03:17:12< broo> Bertl_zZ: I did a reducecap --show and it shows the CAP_NET_ADMIN isn't set 03:19:34< Napalm> ensc: Ive got a idea for a modification to newvserver 03:20:03< broo> Bertl_zZ: the grep on /proc/self/status shows that my vserver matches chcontext --secure --cap CAP_NET_RAW,CAP_SYS_RAWIO 03:20:17< ensc> Napalm: sorry, newvserver is unsupported 03:20:40< ensc> I do neither know, nor use linuxconf 03:21:04< ensc> and changes in alpha would require a complete reimplementation probably 03:22:13< Napalm> ensc: it was just that the clone option only picks up other vservers but how about an option in the newvserver config so that you can specfiy a imagefile directory with several saved image files of vservers 03:22:48< Napalm> ensc: do you see where i am coming from? 03:23:02< Napalm> i might modify the scripts and create a patch 03:23:13< ensc> Napalm: provide the patches and promise that they were tested carefully 03:23:34< Napalm> of course, 03:45:08>> click [click@gonnamakeyou.com] has quit [Ping timeout: 480 seconds] 03:46:45< Napalm> ensc: I've just been looking at your shell scripts and they are absolutly excellent 03:47:17< Napalm> ensc: 9.9 out of 10 03:47:28< ensc> where is the 0.1 point missing? ;) 03:47:32>> click [click@80.64.207.240] has joined #vserver 03:48:13< Napalm> this is because some external apps used have not go their standard error outputs going to the log but to the screen 03:48:14< Napalm> ;) 03:49:59< Napalm> ensc: that was with .4 but have not tested for that in .5 03:50:08< Napalm> ensc: want me to have a go? 03:50:51< ensc> oh... the stable branch... that is ugly and insecure code. I thought you spoke about the alpha branch 03:51:12< Napalm> nope 03:51:33< Napalm> yes was the stable branch 03:52:39< Napalm> just add in the 2>& piping symbols where you are logging 03:53:02< Napalm> the errors i got was with the RH9 minimal install from .4 release 03:53:22< Napalm> hope that helps 03:53:22< ensc> stable is frozen; I do not have time to make changes there 03:53:52< Napalm> so is the alpha branch for the new config system? 03:54:14< ensc> it would be too make work to replace insecure statements like 'mount -t proc none $1/proc' 03:54:43< Napalm> its just a thought 03:54:46< Napalm> ;) 03:54:48< ensc> I do not know if 'is ... for' is the right relationship, but: yes 03:55:07< Napalm> ok, i get you 03:55:10< Napalm> i have to go now 03:55:22< Napalm> its 3:01am and i have to be up at 9am 03:55:35< Napalm> so i might chat with you later 03:55:35< ensc> n8 03:56:19< Napalm> i am thinking along the lines of implementing your clone with unify to form the new clone from image 03:56:34< Napalm> but i will have to read more of your code tomoz 03:56:42< Napalm> my eyes are starting to ake 03:56:48< Napalm> ;) im sure you know the feeling 03:57:45< Napalm> If im completly unsucessful with the mod i will drop it so dont keep your hopes up 03:57:58< Napalm> im off, n8 everyone, n8 ensc 03:58:04< Napalm> have phun 03:58:19>> Napalm [~napalm@host81-7-22-112.adsl.v21.co.uk] has quit [Quit: byeeee] 05:21:17>> ensc [~ircensc@ultra.csn.tu-chemnitz.de] has quit [Ping timeout: 480 seconds] 05:22:17>> ensc [~ircensc@ultra.csn.tu-chemnitz.de] has joined #vserver 05:42:00>> gilbert [gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has quit [Quit: ] 06:18:54>> yarihm [~yarihm@217-162-205-7.dclient.hispeed.ch] has quit [Ping timeout: 480 seconds] 07:20:02>> virtuoso [~s0t0na@155ppp10.telegraph.spb.ru] has joined #vserver 09:03:56>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has quit [Quit: the world is full of apathy, but I don't care] 09:20:02>> _id_m12 [~id@pD9519040.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 09:29:30>> _id_m12 [~id@pD9E61626.dip.t-dialin.net] has joined #vserver 09:39:12>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has joined #vserver 10:12:27>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has joined #vserver 10:14:12>> rs [rs@ice.aspic.com] has joined #vserver 10:14:13>> virtuoso [~s0t0na@155ppp10.telegraph.spb.ru] has quit [Read error: Connection reset by peer] 10:14:15< rs> hi 10:28:06< infowolfe> hi rs 11:10:58>> Doener` [~doener@p5082DB41.dip.t-dialin.net] has joined #vserver 11:15:11>> virtuoso [~s0t0na@213.158.7.160] has joined #vserver 11:18:09>> Doener [~doener@pD9588E7C.dip.t-dialin.net] has quit [Ping timeout: 480 seconds] 11:18:18>> Bertl_zZ is now known as Bertl 11:18:24< Bertl> morning ... 11:18:53 * Bertl is going to translocate again ... 11:20:27< Bertl> okay, cya later ... 11:20:32>> Bertl is now known as Bertl_oO 11:23:22>> virtuoso [~s0t0na@213.158.7.160] has quit [Ping timeout: 480 seconds] 11:49:31< nalfein> hi i have a quota problem in the main server same failure message like the failure in mailinglist within vservers 11:49:33< nalfein> quotaon: using /var/www/quota.user on /dev/sda9 [/var/www]: No such device or address 11:50:20< nalfein> i read about in the mailing list, but there is only the failure within the vservers, nothing about the main server 11:52:33< kestrel> did you mount the volume with quota support enabled? 11:55:23< nalfein> the kernel is patched with quota support enabled, but the volume is in the main server 11:56:09< kestrel> okay, but did you modify your /etc/fstab to enable quota support? 11:56:44< nalfein> yes /dev/sda9 /var/www ext2 defaults,usrquota 0 2 11:57:13< kestrel> hmm, did you run quotacheck? 11:57:32< nalfein> server01:/etc/init.d# quotacheck -avugm 11:57:32< nalfein> quotacheck: Scanning /dev/sda9 [/var/www] done 11:57:32< nalfein> quotacheck: Checked 37 directories and 928 files 11:57:32< nalfein> quotacheck: Scanning /dev/sda10 [/var/log] done 11:57:34< nalfein> quotacheck: Checked 25 directories and 461 files 11:57:34< nalfein> quotacheck: Scanning /dev/sda12 [/home] done 11:57:36< nalfein> quotacheck: Checked 594 directories and 5273 files 11:57:36< nalfein> server01:/etc/init.d# 11:58:10< kestrel> and quotaon still does not work eh? :\ 11:58:31< nalfein> yes 11:58:32< nalfein> server01:/etc/init.d# quotaon -avug 11:58:32< nalfein> quotaon: using /var/www/quota.user on /dev/sda9 [/var/www]: No such device or address 11:58:32< nalfein> quotaon: using /var/log/quota.user on /dev/sda10 [/var/log]: No such device or address 11:58:32< nalfein> quotaon: using /home/quota.group on /dev/sda12 [/home]: No such device or address 11:58:34< nalfein> quotaon: using /home/quota.user on /dev/sda12 [/home]: No such device or address 11:58:34< nalfein> server01:/etc/init.d# 11:58:51< nalfein> strange 11:58:59< kestrel> very strange 11:59:04< kestrel> what fs are you using? 11:59:28< nalfein> ext2 /ext3 12:00:28< kestrel> try an strace of quotaon, perhaps? 12:00:35< kestrel> maybe it is doing something abnormal 12:01:57< nalfein> open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) 12:02:08< nalfein> wahts that ? 12:03:38< kestrel> it has the same functionality as the LD_PRELOAD variable; it lets you forcibly insert shared libraries into executing binaries 12:03:49< kestrel> often used to implement sandboxes 12:07:24< nalfein> i have no experience with strace output ... 12:08:21< nalfein> but the quota patch dosnt affect the main server, right ? 12:08:45< nalfein> the question is if the patch could be the porblem within mainserver 12:09:07< kestrel> anything is possible, bertl will know for sure 12:09:51< nalfein> hmm then i have to wait till he returns ^^ thx for your help 12:59:38< infowolfe> which major daemons (xinetd, proftpd?) does vserver have issues with? 13:01:46< kestrel> bind is the most troublesome, afaik 13:02:20< infowolfe> (as you can probably imagine, i don't usually use xinetd or proftpd :-p) 13:03:56< kestrel> i use proftpd and have had no problems 13:04:36< infowolfe> i'm asking because i'm wanting to test something based on redhat 9 in a vserver :-D 13:04:37>> Medivh [ck@62.93.217.192] has quit [Quit: changing servers] 13:04:41 * infowolfe is a gentoo guy 13:04:56>> Medivh [ck@paradise.by.the.dashboardlight.de] has joined #vserver 13:04:59< kestrel> ah 13:13:13>> Netsplit uranium.oftc.net <-> kinetic.oftc.net quits: infowolfe, Bertl_oO, ensc, lilo, sladen, Zoiah, nalfein, broo, mhepp, click, (+2 more, use /NETSPLIT to show all of them) 13:14:18>> Netsplit uranium.oftc.net <-> neutron.oftc.net quits: _id_m12, Khahan 13:14:49>> Netsplit over, joins: mhepp, ensc, click, nalfein, hiaslboy_zZ, infowolfe, lilo, Bertl_oO, broo, rmoriz (+2 more) 13:15:23>> Netsplit over, joins: Khahan, _id_m12 13:18:24>> hiaslboy_zZ is now known as hiaslboy 13:19:06>> nalfein [~gaertner@212.68.83.129] has quit [Quit: Serverwechsel] 14:26:35>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 14:28:38>> Bertl_oO is now known as Bertl 14:28:45< Bertl> hi everybody! 14:29:06< rs> hi Bertl! 14:31:10< kestrel> hey herbert 14:32:04< Bertl> the radio broadcast yesterday was fun ... 14:34:05< Bertl> any new issues with pre14? 14:34:21 * kestrel does not know 14:34:27< kestrel> some guy was in here earlier with quota problems 14:34:34< kestrel> nalfein 14:34:39< Bertl> yep, I read it ... wrong answer btw ... 14:34:47< kestrel> i had no answer :) 14:34:54< kestrel> well, no answer that worked 14:34:58< Bertl> not you ... 14:35:30< Bertl> the host requires the same setup for quota than the Guests 14:37:13< Bertl> kestrel: you are still with 2.4, not interested in 2.6 vserver? 14:37:44< kestrel> i am, but the only hosts i run vserver on are my firewall and a server that i manage for 6 other people... 14:38:17< kestrel> bit of a catch 22 there :\...i like the feature ideas, but don't have the guts to try 2.6 on my systems :) 14:38:20< maharaja> radio broadcast? 14:38:45< Bertl> kestrel: well, 2.6 isn't that bad ... it's getting quite stable now ... 14:39:15< Bertl> maharaja: c-radar invited me to speak about linux-vserver 14:40:23< maharaja> has it been recorded? 14:40:51< Bertl> well, it was broadcasted locally and via net stream, and they make an ogg available after 2-3 days ... 14:41:42< Bertl> originally they planned to have a discussion about UML vs vserver - but the UML guy had no time ... so I had to explain UML too ;) 14:43:43>> nalfein [~gaertner@212.68.83.129] has joined #vserver 14:43:54< Bertl> hi nalfein! 14:44:27< flock> Bertl: did you have any benchmarks done? UML is alot slower:) 14:45:04< Bertl> well, yes but better was the argument about vserver being invasive (compared to UML) 14:45:31< Bertl> I did some comparison for that ... 14:45:50< Bertl> uml-patch-2.4.24-2 445 35893 49 14:45:50< Bertl> patch-2.4.26-vs1.27.diff 252 2166 201 14:46:05< Bertl> patch hunks lines-added lines-rmoved 14:51:28< maharaja> so im waiting for the ogg to appear 14:51:28< maharaja> :) 14:51:47< Bertl> yep ... was really chaotic the whole thing ;) 14:53:54< flock> Bertl: yestarday i just broke out of the vserver and made myself an account, i was mailed the passwords just now 14:54:28< Bertl> hmm, broke out? badly administered vserver host? 14:55:14< flock> Bertl: no, just an old patch. the chdir()/chroot() combo (the old chroot()-breaker trick) 15:42:06>> mhepp [~mhepp@r72s22p13.home.nbox.cz] has quit [Remote host closed the connection] 15:45:50< kestrel> man, gentoo is a pain in the arse to get working as a virtual server 15:47:57< nalfein> bertl ? 15:55:28< Bertl> yep 15:55:41< Bertl> ad your issues: 15:56:09< Bertl> you need to setup the quota hashes for the host in a similar way than for the vservers (when the quota patch is used) 16:15:29< nalfein> hmm ist there an doku ? 16:21:00< Bertl> well, talon was writing on some quota docu, but I guess he stopped somewhere on the road ... 16:21:45< Bertl> currently the 'old' test/quick setup docu is probably the most recent ... 16:22:17< Bertl> but it's quite simple, you just have to add a quota hash for every context and device 16:22:35< nalfein> http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits <- this ? 16:22:37< Bertl> and for security, to setup a vroot device for each device (if used inside a vserver) 16:23:05< Bertl> if you just want quota on the host, there is no need to use the patches at all .. 16:23:44< nalfein> no not only host, its ok to patch 16:24:14< Bertl> okay ... 16:27:16< Bertl> kestrel: btw, why is that so? 16:31:44< kestrel> the init system has a cache in /var/run/init.d, telling it what services are "active" 16:32:04< kestrel> when you shut the vserver down with /sbin/rc shutdown, it cleans out this cache 16:32:22< kestrel> but when you start it with /sbin/rc default, the cache is not recreated and all the services die horribly 16:32:45< Bertl> hmm, and how is this working anyway? 16:32:50< kestrel> i had to create an /etc/vservers/.sh with a pre-start to re-create the cache 16:33:03< kestrel> quite annoying 16:33:14< Bertl> maybe there is some rc.sysinit which is executed? 16:33:28< Bertl> 'usually' executed I mean ... 16:33:31< kestrel> yeah, /sbin/rc sysinit 16:33:41< kestrel> but it does lots of other very nasty stuff which hangs 16:33:42< Bertl> so why not just calling this one? 16:33:46< kestrel> it loops on mounts :\ 16:34:01< Bertl> well, of course you have to clean it up somewhat ... 16:34:22< kestrel> i didn't want to modify it, because when you upgrade the package inside the vserver you would have to re-patch it 16:34:24< kestrel> not a good option 16:34:47< kestrel> all in all, not very vserver friendly 16:34:54< kestrel> the halt script also loops infinitely on a umount 16:35:05< kestrel> i didn't have much choice but to modify that one 16:35:16< kestrel> bbiab 16:39:22< Apollo> Hi Bertl 16:40:17< Apollo> Can you unify vservers across seperate partitions/mount points, or can it only be done when vservers sit on teh same partition? 16:40:46< kestrel> i believe they need to be on the same partition 16:41:06< Apollo> ok, thx. 16:41:30< Bertl> yep, that's right, but this isn't a vserver issue ... 16:41:47< Bertl> hard links are only allowed on the _same_ filesystem 16:42:01< Bertl> that's how it works in unix ... 16:42:14< Apollo> ok, tried it on seperate partitions... that was a bit of a disater. :) 16:43:15< broo> you could use mount --bind to bring the directory in, not sure how well it'd work with unification 16:43:29< Bertl> not at all ... 16:43:44< Bertl> the thing is, hard links are done at the inode level ... 16:44:19< Bertl> basically an unix fs only has inodes, some of them are dir inodes which contain references to other inodes 16:44:50< kestrel> the read only bind mounts are very cool herbert, thanks for that 16:44:53< Bertl> a hard link is nothing special in this context, it's just that two dir inodes have the same data inode referenced 16:45:08< Bertl> kestrel: thank you for using it ;) 16:46:00< Bertl> the --bind mounts work at the vfs/dentry layer ... 16:47:14< Bertl> btw, have to update them for 2.6.x ... 16:56:34>> click [click@80.64.207.240] has quit [Ping timeout: 480 seconds] 16:56:42>> thh [~hreich@ipsio339.ipsi.fraunhofer.de] has joined #vserver 16:56:51< Bertl> hi thh! 16:56:54< thh> HI everyone 16:57:32< thh> yet another problem setting up networking :) 16:57:34< thh> bash -x /etc/init.d/v_sshd start 16:57:35< thh> + USR_LIB_VSERVER=/usr/lib/vserver 16:57:37< thh> + exec /usr/lib/vserver/vsysvwrapper sshd start 16:57:38< thh> exec /usr/sbin/chbind --ip 141.12.26.57 /etc/init.d/sshd start 16:57:40< thh> ipv4root is now 141.12.26.57 16:57:41< thh> Starting SSH daemon failed 16:58:02< Bertl> hmm, and why did it fail? 16:58:29< thh> That´s why Im here - no clue :( 16:58:43< Bertl> /etc/init.d/sshd start doesn't fail? 16:58:45< thh> btw.: "Linux 2.4.25-vs1.26 i686/0.29.209/0.29.209 [Ea]" 16:59:13< thh> that fails also 16:59:22< Bertl> so it's not even vserver related ;) 16:59:42< Bertl> but have a look at the log file ... 17:00:01< thh> ? er on the root server it works - I am connected via ssh 17:00:04< Bertl> it will probably tell you where the sshd failed 17:00:15< thh> I am doing this inside the server 17:00:34< Bertl> you are using the wrapper scripts inside a vserver? 17:00:56< thh> I am trying to... 17:01:06< Bertl> hmm, what should be the sense in that? 17:01:44< thh> if that makes no sense then I misunderstood something ?-/ 17:01:46< Bertl> the v_* wrappers are for the Host, to allow the same services but in a restricted way, so that vserver services can still bind the ports ... 17:02:10< Bertl> for example, sshd usually binds to 0.0.0.0, which means any ip 17:02:15< kestrel> which would certainly explain why they're not working :) 17:02:36< Bertl> if you want to run a sshd inside a vserver, you ahve to restrict the host's sshd to a single ip (or a subset) 17:03:00< Bertl> so if the host has 192.168.0.1 and the vserver 192.168.0.2 for example 17:03:17< thh> I´ve got an extra ip for the vserver which is bound to eth1:foo 17:03:32< Bertl> then you would have to restrict the Host's sshd to 192.168.0.1, so that the vservers sshd can still bind to 192.168.0.2 ... 17:04:29< thh> and where do I start the vserver´s sshd? via v_sshd or within a conig file? 17:05:04< Bertl> the vservers sshd is started with the normal startup scripts ... (inside the vserver) it doesn't need a special handling 17:06:28< thh> with a script in /usr/local/etc/vservers/foo/scripts 17:06:54< Bertl> hmm, no, the vserver has it's own scripts, from the installed distro ... 17:07:26< Bertl> so for example a Mandrake guest would provide ..../etc/rc.d/init.d/sshd 17:07:47< Bertl> this runlevel script is executed when the sshd service is enabled ... 17:07:55< thh> ok - I'll try that, Thanks!! 17:08:01< Bertl> np 17:14:08< Doener`> re 17:14:17< Bertl> hi Doener`! 17:15:34< Doener`> Ola seems to be more active at maintaining the debian vserver packages :) even files bug reports for related packages etc. (although the one he did actually is a dup ;) 17:16:29< Bertl> well, if he starts caring about it .. there should be no problem in maintaining them ... 17:16:44< Bertl> everybody is interested in _working_ packages ;) 17:17:34< Doener`> yepp 17:22:46< kestrel> herbert, why is it that in context 1 i can not do a df of anything under /vservers, as if i was a non-privileged user? 17:22:55< kestrel> is ctx 1 only for viewing processes? 17:23:20>> gilbert [~gilbert@208-186-222-203.nrp4.brv.mn.frontiernet.net] has joined #vserver 17:23:21< Bertl> really depends on the aptch version ... 17:23:27< Bertl> hi gilbert! 17:23:32< kestrel> i am on 1.27 17:23:37< gilbert> hola 17:23:50< kestrel> hmm, actually, perhaps i need to increase the caps in ctx 1? 17:24:04< Bertl> how do you enter xid=1 ? 17:24:23< kestrel> chcontext --ctx 1 df -k 17:24:34< Bertl> that should give all caps anyway ... 17:24:46< Bertl> are there any xid taggign patches active? 17:25:04< kestrel> no 17:25:19< Bertl> then you are probably hitting the barrier 17:25:29< kestrel> i am using 2.4.26+vs1.27+bme0.04 17:25:31< Bertl> try to chdir into the vserver dir first 17:25:37< kestrel> righto 17:25:51< Bertl> hmm, you do df -k , not du ... 17:26:14< Bertl> which might mean that you actually hit the procfs security ... 17:26:26< kestrel> check this out: 17:26:27< kestrel> # chcontext --ctx 1 ls /vservers/ 17:26:28< kestrel> New security context is 1 17:26:28< kestrel> ls: /vservers/: Permission denied 17:26:45< Bertl> give me a second ... 17:26:50< kestrel> i have permissions of 000 on /vservers though 17:27:53< Bertl> hmm df in xid=1 works here with vs1.26 17:28:51< Bertl> # chcontext --ctx 1 df -k 17:28:51< Bertl> New security context is 1 17:28:51< Bertl> Filesystem 1K-blocks Used Available Use% Mounted on 17:28:51< Bertl> /dev/root 31698 25593 6105 81% / 17:28:58< Bertl> and with vs1.27 17:29:06< kestrel> wowhmmm, it works on my other server too 17:29:14< kestrel> how odd 17:29:33< Bertl> try to strace the df 17:30:33< kestrel> getuid32() = 0 17:30:34< kestrel> getgid32() = 0 17:30:34< kestrel> geteuid32() = 0 17:30:34< kestrel> getegid32() = 0 17:30:34< kestrel> access("/vservers", R_OK) = -1 EACCES (Permission denied) 17:30:49< kestrel> that was from this: chcontext --ctx 1 strace test -r /vservers 17:31:08< Bertl> well, that's okay ... 17:31:21< kestrel> this is on reiserfs, if that makes any difference 17:31:29< Bertl> what about the df? 17:31:38< kestrel> but on my other system i get this: 17:31:38< kestrel> getuid32() = 0 17:31:38< kestrel> getgid32() = 0 17:31:38< kestrel> geteuid32() = 0 17:31:38< kestrel> getegid32() = 0 17:31:38< kestrel> access("/vservers", R_OK) = 0 17:31:45< kestrel> exact same command 17:31:51< Bertl> no reiserfs? 17:32:00< kestrel> no, xfs 17:32:09< kestrel> what fs are you using? 17:32:14< Bertl> ext2 17:32:27< kestrel> very weird herbert :) 17:32:36< Bertl> what, that I use ext2? 17:32:50< kestrel> no, this problem 17:32:56< Bertl> 8-) 17:33:19< Bertl> I'd say it's that every filesystem handles permissions a little different 17:33:19< kestrel> hehe, weird!! 17:33:34< kestrel> yeah, you could be right 17:33:49< kestrel> i wish i had another box with reiser and ctx 17:34:03< Bertl> asking Hans why this is so, would probably result in the question "why not?" 17:34:15< kestrel> hehe :) 17:34:37< Bertl> but I'm sure this can be fixed relatively easily ... 17:35:01< kestrel> is there a command line utility to show your capability set? 17:35:15< Bertl> yes, there are some, one is lcap 17:35:27< Bertl> but it's simpler to use: 17:35:36< Bertl> grep Cap /proc/self/status 17:35:43< kestrel> ah, righto 17:36:08< Bertl> you'll see, you'll probably have the same caps as on the host ... 17:36:23< kestrel> yep, you're right 17:36:49< kestrel> the reason i came across this is that i was running snmpd in context 1 17:36:59< kestrel> and noticed that most of the volumes weren't showing up 17:37:25< Bertl> hmm .. yes interesting detail ... 17:38:06< Bertl> do you feed the snmp data into some rrd/mrtg or do you just use this for observation/monitoring? 17:38:53< kestrel> yep, i graph all my data using rrdtool and some custom perl scripts 17:39:29< Bertl> that might be interesting to do for all new (2.6) stats, any interest in that? (not now, but in the future maybe) 17:40:21< kestrel> yeah, surely...stats are good 17:40:28< kestrel> what sort of new stuff is in 2.6? 17:40:37< Bertl> for example the socket accounting ... 17:40:51< Bertl> and of course all the limits like VM/RSS/FILES etc ... 17:41:06< Bertl> and the scheduler data ... 17:41:45< kestrel> yeah, that would be cool 17:41:47< Bertl> and we probably can add a lot more, if there is something graphing them ... 17:42:00< kestrel> it would be very cool to be able to graph per-vserver stats cleanly 17:42:09< kestrel> http://home.swapoff.org/cgi-bin/rrdcgi?/var/www/htdocs/pollute/Servers/vsrouter/index.html 17:42:17< kestrel> that's the vserver host 17:42:59< Bertl> The connection was refused ... 17:43:05< kestrel> hmm, or maybe not 17:43:56< kestrel> ah, firewall magic 17:44:52< kestrel> okay, try again 17:46:35< Bertl> hmm, yes ... looks good ... 17:47:44< kestrel> if i could graph interface/cpu/memory stats per vserver, that would be very special 17:48:35< Bertl> memory stats should work, interface is replaced by socket stats, and cpu can be made available very easily ;) 17:50:01< kestrel> memory stats...by using /proc/*/statm? 17:50:42< Bertl> no, by reading /proc/virtual//limits 17:51:34< kestrel> that is in the 2.6 version, or experimental? 17:51:45< Bertl> yep, 2.6 is experimental ;) 17:51:52< kestrel> hehe, you know what i mean :P 17:52:13< Bertl> yes, that's in 1.9.0preX and also in 1.3.x (to some extend) 17:52:28< kestrel> mmm, interesting 17:53:20>> petermag [tthtlc@bb220-255-174-40.singnet.com.sg] has joined #vserver 17:53:46 * kestrel might try 1.3.x 17:53:52< Bertl> hi petermag! 17:53:58< kestrel> maybe i should just try 1.9.0 17:54:18< Bertl> IMHO that would be better, because there is the development atm ... 17:54:50< kestrel> i would have to do it on my desktop, meaning ... pain 17:54:54 * kestrel will think on it 17:55:11< Bertl> you can test it with QEMU, for example ;) 17:56:00< kestrel> heh, yes indeed i can 18:00:22>> petermag [tthtlc@bb220-255-174-40.singnet.com.sg] has left #vserver [] 18:11:30< kestrel> what does this feature mean: Advanced IP Selection - - - YES YES YES 18:11:30< kestrel> ? 18:11:55< Bertl> this means that the source ip is selected a little smarter than before ... 18:12:01< kestrel> ah 18:12:34< kestrel> that is a good page 18:12:48< kestrel> nice overview 18:13:00< Bertl> yeah, thought so ... that's why I did it ... to keep track of the features ;) 18:13:32< kestrel> hehe, yeah 18:31:32< kestrel> hmmm, where is vs0.09.28? 18:31:47< Bertl> hmm, lost in space? 18:32:10< Bertl> what do you need it for? 18:32:52< kestrel> i have the vnet patch you sent me, but no corresponding vs patch 18:33:04< Bertl> ah okay ... let's see ... 18:33:25< kestrel> i need the mm patch too right? 18:34:19< rs> re 18:34:34< Bertl> http://vserver.13thfloor.at/Experimental/patch-2.6.5-rc2-bk7-vs0.09.28.diff 18:34:36< rs> one more damn meeting day :( 18:35:07< Bertl> feeling lonesome? go to a meeting! 8-) 18:35:15< rs> :) 18:35:15< kestrel> cool, thanks herbert 18:35:41< kestrel> did you apply that against 2.6.5-mm6? 18:35:57< Bertl> no, against 2.6.5-rc2-bk7 I'd say ;) 18:36:26< kestrel> hmkay 18:37:08< kestrel> what is bk7? 18:37:21< Bertl> bit keeper snapshot ... 18:37:37 * kestrel suspected it might be 18:37:44< Bertl> should be _very_ similar to 2.6.5-rc3 btw ... 18:38:33>> SwatCT [~fswat@pc-68-118-199-9.will.ct.charter.com] has joined #vserver 18:42:16>> flock [~restless@l192-115-29-147.broadband.actcom.net.il] has quit [Quit: Leaving] 19:03:10>> hvd [~Miranda@62.99.252.14] has joined #vserver 19:05:16< Bertl> okay, folks, I'm translocating ... will be back in an hour ... 19:05:17>> SwatCT [~fswat@pc-68-118-199-9.will.ct.charter.com] has left #vserver [] 19:05:25>> Bertl is now known as Bertl_oO 19:14:30>> rs [rs@ice.aspic.com] has quit [Quit: come back home] 19:14:38>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 19:26:11>> thh [~hreich@ipsio339.ipsi.fraunhofer.de] has quit [Quit: ChatZilla 0.9.61 [Mozilla rv:1.7b/20040316]] 19:36:16>> Napalm [~napalm@host81-7-22-112.adsl.v21.co.uk] has joined #vserver 19:36:30< Napalm> hello all 19:41:52< Napalm> no one on yet? 19:57:59< mids> hi Napalm 19:58:27< Napalm> hiya mids 19:58:39< Napalm> im just got our new dedicated box 19:58:51< Napalm> im just doing the kernel recompilation 19:59:07< mids> nice 19:59:15< mids> I got a VPS account yesterday 19:59:29< mids> but it turned out that it had the ssh server keys from the image that they did use 19:59:45< mids> took me a while to figure out how to recreate them 19:59:58< Napalm> just wipe the . files 20:00:15< Napalm> ahh now i cant remembe 20:00:17< Napalm> lol 20:00:22< mids> for the server 20:00:28< mids> not the personal ones in your homedir 20:00:31< Napalm> oh 20:00:33< Napalm> doh 20:00:36< Napalm> ;) 20:00:47< mids> also my problem was getting disconnected from the server once I did delete them 20:01:01< mids> but that did turn out to go okay 20:01:10< Napalm> well thats a relief 20:01:21< Napalm> i cant remember if make bzImage is needed when compiling on RH9 20:01:23< mids> but I better check the full system for other such problems 20:01:34< mids> I always do bzImage 20:01:47< Napalm> its just it can take ages 20:01:48< Napalm> lol 20:02:16< mids> well, it just bzips the vmlinux file isnt it? 20:02:36< Napalm> yer but im sure you can just grab the old ones or somthing 20:02:45< Napalm> anyways im recompiling them now 20:03:08< mids> doing any special kernel patches? 20:03:19< Napalm> nope this is a production server 20:03:29< mids> maybe grsecurity or something 20:03:40< Napalm> grsecurity? 20:04:22< Napalm> http://www.grsecurity.net/ ? 20:04:25< mids> yes, that one 20:04:35< mids> was just about to paste their oneline description :) 20:05:08< Napalm> '/proc//ipaddr gives the remote address of the person who started a given process ' 20:05:13< Napalm> hmm sounds nice 20:05:41< mids> you use vserver on the server ? 20:06:03< Napalm> well its a new install 20:06:15< mids> ah 20:06:23< mids> somehow I did think that it did involve vservers 20:06:29< mids> must be the channel name :) 20:06:51< Napalm> so i have to choose now if i want to include things to save headaches later 20:06:58< Napalm> :) 20:07:19< Napalm> will grsecurity work with vserver patch? 20:07:32< mids> I did see some info about it on the wiki 20:07:35< mids> but didnt try it myself 20:07:40< Napalm> i'll leave it i think 20:07:48< Napalm> my test server at home here has'nt got it 20:08:02< Napalm> 'warning: kernel is too big for standalone boot from floppy' lol 20:08:04< mids> http://www.linux-vserver.org/index.php?page=grsecurityHowto 20:09:17< Napalm> i think im going to leave it for now 20:09:31< mids> buy buy 20:09:34< Napalm> bookmarks for now 20:09:37< mids> oh 20:09:39< mids> it, not here 20:09:40< mids> :) 20:09:46< Napalm> buy? 20:10:10< Napalm> ohh 20:10:11< Napalm> lol 20:10:13< Napalm> :D 20:10:15< Napalm> ;) 20:16:59>> click [click@gonnamakeyou.com] has joined #vserver 20:26:29< Napalm> anyone online? 20:30:25>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has quit [Ping timeout: 480 seconds] 20:33:31< sladen> no 20:33:36< Napalm> lol 20:34:22>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has quit [Quit: http://base2091.com] 20:34:47>> Khahan [~Filbert@D5E0628B.kabel.telenet.be] has joined #vserver 20:36:36>> serving [~serving@213.186.189.95] has quit [Read error: Connection reset by peer] 20:47:30>> broo [~broo@host30-5.btbx.net] has left #vserver [Client exiting] 20:50:19>> Bertl_oO is now known as Bertl 20:50:42< Bertl> ok, I'm back ... 20:51:10< Bertl> Napalm: you are going to sell linux-vserver based vps? 20:51:44< Napalm> Bert: Yes, is this a problem? 20:51:52< Bertl> no, not at all ;) 20:52:21< Napalm> Bert: i know this is going to sound awful after all ive done so far but recompiling this kernel has got me 20:52:32< Napalm> heres what ive done 20:52:39< Bertl> just wanted to ask you if you know our http://www.linux-vserver.org/index.php?page=VServer+Hosting page ... 20:53:03< Bertl> let's hear ... 20:53:11< Napalm> yep, i saw that, and once ive the the new servers up i'll add myself to the page 20:53:21< Napalm> ok here goes 20:55:19< Napalm> 'cd /usr/src' 'wget ... kernel-2.4.26.tar.gz' 'wget ... patch-2.4.26-vs1.27.diff' 'tar -zxvf kernel-2.4.26.tar.gz' 'cd ./kernel-2.4.26/' 'patch -p1 < ../patch-2.4.26-vs1.27.diff' 20:56:05< Napalm> 'make oldconfig' 'make bzimage' 'cp ./arch/i386/boot/bzImage /boot/' 'make modules' 'make modules_install' 20:56:26< Napalm> everything look ok so far? 20:57:02< Bertl> hmm, well, not really ... 20:57:10< Napalm> oh ooo 20:57:19< Napalm> go on .. hit me with it? 20:57:39< Bertl> oldconfig only makes sense if you have an old .config file ... 20:57:58< Bertl> btw, I'd suggest the following procedure ... 20:58:13< Napalm> i could'nt find the procedure doc that i used before 20:59:28< Bertl> tar xjf kernel-2.4.26.tar.bz2 20:59:46< Bertl> cp -la kernel-2.4.26 kernel-2.4.26-vs1.27 20:59:52< Bertl> cd kernel-2.4.26-vs1.27 21:00:01< Bertl> patch -p1 <../patch-2.4.26-vs1.27.diff 21:00:03< Bertl> cd .. 21:00:07< Bertl> okay? 21:02:10< Napalm> is this the right file linux-2.4.26.tar.gz? 21:02:39< Napalm> its ok i got it 21:02:42< Napalm> carry on 21:02:51< Bertl> well, yes, I just download the bz2 version 21:03:17< Napalm> done all that, everything ok 21:03:18< Bertl> then copy the old .config (for your current kernel) 21:03:47< Bertl> into the new tree 21:04:02< Bertl> then do make oldconfig and answer the questions 21:04:03< Napalm> where is the old one located usually because this setup is wierd 21:04:30< Bertl> what kernel are you using atm? 21:04:45< Napalm> there is no old kernel src directory 21:04:48< Napalm> 2.4.20-8 21:05:03< Bertl> hmm, where does it come from? 21:05:25< Napalm> its a dedicated server i have just purchased 21:05:44< Bertl> okay, so you have to figure out the configuration for that server ... 21:06:01< Napalm> :'( 21:06:06< Bertl> look in /boot and in /proc/config* if there is something which looks like a kernel config 21:06:27< Napalm> got it 21:06:40< Napalm> stored as /boot/config-2.4.20-8 21:06:54< Napalm> 44Kb 21:07:04< Bertl> looks good ... 21:08:31< Napalm> im noting all of this down, for the future and for the wiki 21:08:46< Bertl> good ;) 21:09:20< Napalm> so whats next? 21:09:31< Bertl> copy it over, name it .config 21:09:44< Bertl> then run make oldconfig, and answer the questions ... 21:09:54< Napalm> into /usr/src dir? 21:10:05< Bertl> into the kernel source tree 21:10:15< Bertl> so in this case kernel-2.4.26-vs1.27 21:11:04< Napalm> im answering questions now 21:11:20< Napalm> Select task to kill on out of memory condition (CONFIG_OOM_KILLER) [N/y/?] 21:11:25< Napalm> whats this? 21:12:59< Napalm> any ideas Bert? 21:13:18< Bertl> there is a help associated with most options, read that one ... 21:15:04< Bertl> you can get the help with '?' 21:15:39< Napalm> uep 21:15:41< Napalm> yep 21:15:44< Napalm> its all good 21:16:20< Bertl> okay, next step is to compile kernel and modules ... 21:16:25< Bertl> this is done with: 21:16:35< Bertl> make bzImage modules 21:16:59< Bertl> if you have a fast box, maybe a dual cpu machine .. then add -j 4 or -j 6 to that ... 21:17:29>> serving [~serving@213.186.189.95] has joined #vserver 21:20:21< Napalm> Bert: its a P4 2Ghz 256Mb what do you think i should do? 21:22:13< Napalm> N 21:22:21< Bertl> use something between -j 1 and -j 4 (-j 1 is the default) 21:25:31< Napalm> i'll use -j 2 21:26:17< Napalm> Bert: do you think CONFIG_IP_NF_ARP_MANGLE would be handy to have? 21:27:25< Napalm> btw, thanks for following this process with me 21:29:44< Napalm> Bert: are you there? 21:33:02< Bertl> yep, there but busy ... 21:34:25< Napalm> ive answered most kernel questions but this one im really unsure of 21:34:38< Bertl> well, then take the default ... 21:34:59< Napalm> CONFIG_NET_SCH_DELAY: Say Y if you want to delay packets by a fixed amount of time. This is often useful to simulate network delay when testing applications or protocols 21:35:18< Napalm> would this be handy with testing Vserver speeds 21:35:46< Napalm> i can compile as a module? 21:35:57< Bertl> probably not, because a) it delays packages, and b) you use something like this in a routing scenarion 21:36:05< Bertl> yes you can compile it as module ;) 21:36:27< Bertl> (at least if there is an 'm' option) 21:38:01< Bertl> Napalm: btw, didn't you want to update the RH9 page to 0.29.5? 21:38:24< Napalm> yes i've compiled the RPMs and uploaded them, just need to edit the Wiki 21:38:34< Bertl> ah okay ... just wondered ... 21:40:41>> lexo_ [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has joined #vserver 21:42:00< Bertl> ... nap attack ... 21:42:17< Napalm> ??? 21:42:19< Napalm> lol 21:42:30< Bertl> will probably be back online in a few hours ... 21:42:38>> Bertl is now known as Bertl_zZ 21:47:44>> franck [~LeXo@lns-th2-4f-81-56-252-185.adsl.proxad.net] has quit [Ping timeout: 480 seconds] 22:01:15>> taxcollector [~taxcollec@192.16.167.161] has joined #vserver 22:24:57>> Apollo [~throwaway@caracal.norcomcable.ca] has joined #vserver 22:29:45< gilbert> hey everyone theres some funny game at http://www.supersizeme.com/burgerman.htm like pac man but this one invloves burgers....hope this isnt something old on the net we've all seen 22:44:56>> monrad [~monrad@213083190243.sonofon.dk] has joined #vserver 22:47:17>> shuri [~shushushu@cpu183.adsl.qc.bellglobal.com] has joined #vserver 22:53:59< taxcollector> ensc: I have a couple of questions about the alpha util-vserver if you have a moment... 22:54:09>> Apollo [~throwaway@caracal.norcomcable.ca] has quit [Quit: ] 22:54:13< ensc> taxcollector: ok, ask... 22:54:56< taxcollector> If you maintain packages externally from the vserver, won't you run into problems if the vserver users install rpms themselves? 22:55:15< taxcollector> Also, why does the utility maintain a separate apt cache for each vserver? 22:55:50< ensc> taxcollector: external rpm is better for bootstrapping and you can switch to an internal one 22:56:09< taxcollector> Right -- so is the general principle bootstrape external, then switch to internal immediately 22:56:10< taxcollector> ? 22:56:12< ensc> sharing apt-cache does not really work since it is locked 22:56:56< ensc> it depends; for minimal vservers the external method can/should be used since you will not need rpm + apt inside the vserver 22:57:21< taxcollector> Finally, is I'd like to assist you in writing some better documentation of the utilities, flush it out a bit more. Is the .211 failry representative of what you envision the final release to be? 22:57:33< taxcollector> OK 22:58:22< ensc> cool... help in writing documentation is always welcome. .211 should have features of final; perhaps some options will be renamed (but not very much) 22:58:46< ensc> e.g. I am not happy with 'bcapabilities' and 'ccapabilities' names 22:59:00< taxcollector> OK; I will plug through them and direct any questions as they come along 23:07:57< Napalm> lo everyone 23:08:08< taxcollector> yo 23:08:46< Napalm> taxcollector: i cant remember what to do after you do make modules_install when recompiling the kernel 23:08:56< taxcollector> make install 23:09:16< taxcollector> You install the modules, then the kernel 23:09:49< Napalm> doh, of course 23:20:40< taxcollector> ensc: One thing about alpha util-vserver I thought was unusual was the way configuration is stored on disk. Was there a particular reason you decided to store each setting in its own file, rather than the more "traditional" way of maintaining configuration in one or more .conf files? 23:20:58< ensc> taxcollector: yes: cfengine 23:21:16< ensc> and .conf files are difficultly to parse 23:21:34< ensc> and some things can not expressed there 23:21:49< taxcollector> OK; thanks. 23:52:40>> serving [~serving@213.186.189.95] has quit [Read error: Connection reset by peer] --- Log closed pi± maj 07 00:00:32 2004