[00:29] kestrel_ (~athomas@192.65.90.92) left irc: Ping timeout: 485 seconds [00:57] Hest (~jon@kg103.kollegiegaarden.dk) joined #vserver. [01:05] JonB (~jon@129.142.112.33) left irc: Ping timeout: 493 seconds [01:05] Hest (~jon@kg103.kollegiegaarden.dk) left irc: Quit: Client exiting [01:05] Simon (~sgarner@210.54.177.190) joined #vserver. [01:26] Nick change: riel -> unriel [02:21] kestrel_ (~athomas@dialup28.optus.net.au) joined #vserver. [02:28] morning! [02:28] agoe: yes, i force the s_context on all my vservers and it works fine [04:29] MrBawb (abob@sparky.dok.org) got netsplit. [04:29] mcp (~hightower@81.17.110.148) got netsplit. [04:29] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) got netsplit. [04:29] Simon (~sgarner@210.54.177.190) got netsplit. [04:29] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [04:29] ace (~ace@213.225.74.103) got netsplit. [04:29] Medivh (ck@server1.shell-express.de) got netsplit. [04:29] vinsci (~vinsci@dsl-jklgw3if1.dial.inet.fi) got netsplit. [04:29] jks (~jks@0x503e4c12.arcnxx4.adsl-dhcp.tele.dk) got netsplit. [04:29] surriel (~riel@riel.netop.oftc.net) got netsplit. [04:29] kestrel_ (~athomas@dialup28.optus.net.au) got netsplit. [04:29] matta (matta@tektonic.net) got netsplit. [04:29] cliu (~icechat5@pcd345014.netvigator.com) got netsplit. [04:29] serving (~serving@213.186.191.119) got netsplit. [04:29] gaertner (~gaertner@212.68.83.129) got netsplit. [04:30] kestrel_ (~athomas@dialup28.optus.net.au) returned to #vserver. [04:30] matta (matta@tektonic.net) returned to #vserver. [04:30] cliu (~icechat5@pcd345014.netvigator.com) returned to #vserver. [04:30] serving (~serving@213.186.191.119) returned to #vserver. [04:30] gaertner (~gaertner@212.68.83.129) returned to #vserver. [04:30] mcp (~hightower@81.17.110.148) returned to #vserver. [04:30] #vserver: mode change '+o mcp ' by quark.oftc.net [04:30] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) returned to #vserver. [04:30] MrBawb (abob@sparky.dok.org) returned to #vserver. [04:30] Simon (~sgarner@210.54.177.190) returned to #vserver. [04:30] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [04:30] ace (~ace@213.225.74.103) returned to #vserver. [04:30] Medivh (ck@server1.shell-express.de) returned to #vserver. [04:30] Topic changed on #vserver by !quark.oftc.net: http://www.linux-vserver.org/ || vserver-1.0 released! [04:31] surriel (~riel@riel.netop.oftc.net) returned to #vserver. [04:31] jks (~jks@0x503e4c12.arcnxx4.adsl-dhcp.tele.dk) returned to #vserver. [04:31] vinsci (~vinsci@dsl-jklgw3if1.dial.inet.fi) returned to #vserver. [04:35] jks (~jks@0x503e4c12.arcnxx4.adsl-dhcp.tele.dk) left irc: Quit: Client exiting [05:37] vinsci (~vinsci@dsl-jklgw3if1.dial.inet.fi) got netsplit. [05:37] surriel (~riel@riel.netop.oftc.net) got netsplit. [05:37] Medivh (ck@server1.shell-express.de) got netsplit. [05:37] ace (~ace@213.225.74.103) got netsplit. [05:37] Bertl_zZ (~herbert@MAIL.13thfloor.at) got netsplit. [05:37] Simon (~sgarner@210.54.177.190) got netsplit. [05:37] MrBawb (abob@sparky.dok.org) got netsplit. [05:37] mcp (~hightower@81.17.110.148) got netsplit. [05:37] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) got netsplit. [05:37] gaertner (~gaertner@212.68.83.129) got netsplit. [05:37] serving (~serving@213.186.191.119) got netsplit. [05:37] cliu (~icechat5@pcd345014.netvigator.com) got netsplit. [05:37] matta (matta@tektonic.net) got netsplit. [05:37] kestrel_ (~athomas@dialup28.optus.net.au) got netsplit. [05:38] mcp (~hightower@81.17.110.148) returned to #vserver. [05:38] #vserver: mode change '+o mcp ' by quark.oftc.net [05:38] vinsci (~vinsci@dsl-jklgw3if1.dial.inet.fi) returned to #vserver. [05:38] surriel (~riel@riel.netop.oftc.net) returned to #vserver. [05:38] Medivh (ck@server1.shell-express.de) returned to #vserver. [05:38] ace (~ace@213.225.74.103) returned to #vserver. [05:38] Bertl_zZ (~herbert@MAIL.13thfloor.at) returned to #vserver. [05:38] Simon (~sgarner@210.54.177.190) returned to #vserver. [05:38] MrBawb (abob@sparky.dok.org) returned to #vserver. [05:38] shuri (~ipv6@CroCrodile.HuNter.blacktaboovideo.com) returned to #vserver. [05:38] kestrel_ (~athomas@dialup28.optus.net.au) returned to #vserver. [05:38] matta (matta@tektonic.net) returned to #vserver. [05:38] cliu (~icechat5@pcd345014.netvigator.com) returned to #vserver. [05:38] serving (~serving@213.186.191.119) returned to #vserver. [05:38] gaertner (~gaertner@212.68.83.129) returned to #vserver. [06:19] sladen (paul@80.1.73.116) left irc: Ping timeout: 485 seconds [06:20] sladen (paul@80.1.73.116) joined #vserver. [07:53] kestrel_ (~athomas@dialup28.optus.net.au) left irc: Ping timeout: 493 seconds [07:57] cliu (~icechat5@pcd345014.netvigator.com) left irc: Quit: Remember, you're unique, like everyone else [08:19] tetsuoni (~chatzilla@24.186.32.250) joined #vserver. [08:19] hi [08:20] anybody on? [08:20] tetsuoni (~chatzilla@24.186.32.250) left irc: Client Quit [09:53] kestrel_ (~athomas@192.65.90.92) joined #vserver. [10:46] Simon (~sgarner@210.54.177.190) left irc: Ping timeout: 492 seconds [10:50] Simon (~sgarner@210.54.177.190) joined #vserver. [11:27] #vserver: mode change '+o unriel' by ChanServ!services@services.oftc.net [11:27] #vserver: mode change '+o Bertl_zZ' by ChanServ!services@services.oftc.net [11:27] #vserver: mode change '+o surriel' by ChanServ!services@services.oftc.net [12:59] AGoe (~agoeres@80.184.194.87) joined #vserver. [13:27] Action: AGoe is away: laborandum est [13:58] serving (~serving@213.186.191.119) left irc: Ping timeout: 493 seconds [14:30] serving (~serving@213.186.190.47) joined #vserver. [15:06] alekibango (~john@62.245.97.59) left irc: Ping timeout: 485 seconds [15:09] alekibango (~john@62.245.97.59) joined #vserver. [15:15] Action: AGoe is back (gone 01:48:34) [16:22] Simon (~sgarner@210.54.177.190) left irc: Quit: so long, and thanks for all the fish [16:40] mdaur (mdaur@80.145.126.150) joined #vserver. [17:08] Nick change: unriel -> riel [17:13] mugwump (~sv@stc.surreytech.co.uk) joined #vserver. [17:13] Booyakasha! [17:35] what is the util-vserver for ? [17:38] is it ok to install util-vserver-0.24.tar.bz2 along with vserver-0.26 ? [17:38] I am totaly confused with all the different version numbers. [17:38] please advice [17:38] serving: they are mutual exclusive; but util-vserver should have everything, which is in vserver [17:38] :) [17:39] so . I installed vserver and vserver-admin and that is all I need. [17:58] you need util-vserver for patch 1.1.0 (or c17g+) [18:03] hi [18:27] what is the difference between patch-2.4.22-vs1.00.diff and split-2.4.22-vs1.00.tar.bz2 [18:28] I see the split has a dir with 5 patchs in it. [18:28] is the first path "split" into 5 ? [18:28] is the same patch but split [18:29] yes [18:29] hi shuri :) [18:29] more simple to see the change when split... [18:29] what is the idea behind a split ? [18:29] stop answeing b4 I ask :)) [18:30] hehe [18:32] has anybody here ever tried to start a vserver with a predefined context nr in the conf file? [18:37] nobody? [18:37] too bad.. [18:43] JonB (~jon@129.142.112.33) joined #vserver. [18:46] AGoe (~agoeres@80.184.194.87) left irc: Quit: de cetero censeo aliquem necesse dormire [18:46] Nick change: Bertl_zZ -> Bertl [18:46] hi all! [18:48] hey Bertl [18:48] hi jon! [18:51] hi Bertl [18:52] hey Bertl what are you thinking about limiting ifconfig output in vserver... [18:52] hi shuri! [18:53] what about having one mac for each vserver ? [18:53] hopefully we have a 'virtualized' network soon ... [18:53] cause i to much output.. [18:53] @jon that should be already possible, just change the MAC of the alias ;) [18:54] all ipv6 adress are show in VS [18:54] Bertl: my maskine has no aliases [18:54] eth1 Link encap:Ethernet HWaddr 00:00:21:66:5D:3D [18:54] inet6 addr: fe80::200:21ff:fe66:5d3d/64 Scope:Link [18:54] inet6 addr: 3ffe:bc0:189:1::1/64 Scope:Global [18:54] UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 [18:55] why i see eth1 when i use eth0 for vserver [18:55] @jon hmm, vserver actually _works_ by adding aliases for the IPs ... 8-) [18:55] Bertl: well, i use the same ip [18:56] well then different MACs would be a BadThing, right? [18:56] Bertl: i suppose [18:58] @shuri we are currently in the brainstorming phase, regarding the virtual network, because we want to find a really good and useable solution ... [18:59] ok [18:59] brainwash me [18:59] :) [18:59] but you can do the following, if you like: add a check for ipv6 if ctx>1, just don't return anything .. [19:00] what do you mean? [19:00] have a look at the kernel source, add a check regarding ipv6 and ctx>1, if this is true, don't return interface info ... [19:01] ok [19:01] but even with ipv4 [19:01] you see eth0 eth0:1 eth0:2 [19:02] you not see the adress but to much output ... [19:02] yeah, in that case, you would have to do a more detailed check, to find the interfaces ... [19:03] experiment a little, if you ahve something that is working, I'll gladly have a look at it ... [19:04] i dont know how to do this.. [19:05] + // We do not show other IP devices to vservers [19:05] + if (devinet_notiproot(ifa)) [19:05] + continue; [19:06] should be we do not show other interface device to vserver [19:06] careful ... interface = link, ip = addr [19:07] yes [19:07] fconfig [19:07] eth0 Link encap:Ethernet HWaddr 00:0C:29:74:10:D3 [19:07] UP BROADCAST RUNNING MULTICAST MTU:1400 Metric:1 [19:07] RX packets:170029 errors:0 dropped:0 overruns:0 frame:0 [19:07] etc etc etc [19:08] eth0:redh Link encap:Ethernet HWaddr 00:0C:29:74:10:D3 [19:08] inet addr:65.39.171.169 Bcast:65.39.171.189 Mask:255.255.255.0 [19:08] UP BROADCAST RUNNING MULTICAST MTU:1400 Metric:1 [19:08] why we see eth0 ... [19:08] and other interface in root server [19:09] we do not see addr but when you got 10 alias in root server you got 11 interface output in a vserver with one ip [19:09] understand? [19:09] I understand ;) [19:09] is it not sane:) [19:10] have a look how ifconfig -a works (best using strace or the source code ;) [19:13] well even if i strace or look at the source i dontknow what to do :P [19:13] i can give my opinion but cannot devel it [19:13] but you might understand (better), why it is done the way it currently is ;) [19:14] ok [19:14] AGoe (~agoeres@80.184.194.87) joined #vserver. [19:14] don't get me wrong, I totally agree that this isn't the best solution, and we are trying to find a better one ... [19:14] ok [19:16] i got other opinion today:P [19:16] for exemple runner snmpd / mrtg in vserver [19:16] or ipfm [19:17] yes? [19:17] is not possible [19:17] we need virtual network solution for that [19:18] hmm, why is that for snmpd? [19:18] hi alexander! [19:19] @agoe still no luck with fixed context IDs? [19:19] hi herbert.. none [19:19] what tools are you currently using? [19:20] when i remove fakeinit the vserver starts, but i can see the startupmsgs form outside tools: util-vserver0.26 [19:21] Nov 6 02:19:47 redhat snmpd: snmpd startup succeeded [19:21] Nov 6 02:19:47 redhat net-snmp[4092]: Error opening specified endpoint "udp:161" [19:21] Nov 6 02:19:47 redhat net-snmp[4092]: Server Exiting with code 1 [19:21] @agoe hrm, util-vserver0.26, sure? because they are not yet released ... [19:22] Bertl: utils-vserver [19:22] no, not sure: 0.24.. [19:22] herbert, can the limits be set after the vserver started? [19:23] depends on the limit ... memory, process: not yet, disk limit yes ... [19:24] herbert, so it might work, when i let the vserver choose its context on startup and then set the disk-limit to the relvant context..? [19:24] @shuri, could you do an strace -fF on that daemon, with strace 4.5? [19:25] @agoe, nope, static context IDs are a must for disk limits, at the moment ... [19:25] but I guess you are searching at the wrong end ... [19:26] I have thought a lot about your issues, and I'm pretty sure it has nothing to do with the vserver kernel ... [19:26] it could be a badly working vserver script, or some differences in the startup/fake init stuff your system doesn't cope with ... [19:27] is there any way for me to access your server? [19:27] no server or kernel issue? I installed a copy of an existing vserver, tried to make one with "build".. and no changes.. [19:27] AGoe: can you try to replace 'STARTCMD=/sbin/init' with 'STARTCMD="/sbin/init 3"' in the vserver-script at line 492? [19:28] hi enrico! [19:28] hello [19:28] hi enrico .. [19:28] hello [19:28] Bertl: .. [19:29] so my server went AWOL again because of kswapd so i upgraded to 2.4.23pre8+rmap+O(1)+etc.. [19:29] hi matt! [19:29] turned off all services except sshd on bootup [19:29] booted into SMP [19:29] and it worked! [19:29] but... [19:29] after about 2 minutes it locked cold [19:29] so it's running with 1 CPU right now [19:30] hmm, so much about testing with me, right? ;) [19:30] enrico.. i'll try..:-) [19:30] yeah [19:30] cd /mnt [19:30] well, i think i'm just gonna have to order a new server and hookup a serial cable between them [19:30] as only having 1 CPU definitely produces some lag [19:30] max processes is up to 2200 now [19:30] if you do that, please add some reset device, as proposed on the webpages ... [19:31] well, i should be able to reboot via sysrq, right? [19:31] in many cases yes, but not always ... [19:31] Bertl snmpd cannot run in the root server and a vserver at the same time even if start with v_start scripts [19:31] shuri: that's correct [19:32] ? [19:32] yeah, but it will run in a vserver only, right? [19:32] shuri: do you use the same ip adress for the root server and a vserver ? [19:32] run in 2 verver.. [19:32] not the same ip.. [19:32] Action: AGoe is away: laborandum est [19:33] shuri: hmm, then i think that it should run, if you limit the one in the root server to only use one ip [19:33] i try it [19:33] and it not working.. [19:34] shuri: alpha util-vserver are using the 'ip' tool to create interfaces; when the interfaces are unnamed, they are invisible in other vservers [19:35] alpha run only on redhat ? [19:35] is your release? [19:36] nope, enricos tools are not redhat only ... [19:36] io use utli-vserver 0.24 [19:36] with vserver 1.1 [19:37] http://savannah.nongnu.org/download/util-vserver/alpha.pkg/0.24.191/util-vserver-0.24.191.tar.bz2 [19:37] shuri: they are developed on RH but they are not exclusive for it [19:37] but they will need a recent gcc, right? [19:37] Bertl: yes; gcc-3.3 [19:37] i got it work now [19:37] with exec /usr/local/sbin/chbind --ip $IP /etc/init.d/snmpd $* [19:38] that is, what the v_ scripts will do, if you config the /etc/vservices/.conf right ... [19:38] yaw [19:42] shadow (~umka@212.86.233.226) joined #vserver. [19:42] evening [19:42] humm i cannot compile util-vserver-0.24.191.tar.bz2 [19:42] hi alex! [19:42] :( [19:42] on debian 3.0 [19:42] which gcc? [19:42] Hi Herbert [19:42] shuri: which compiler is on debian 3 [19:42] ? [19:43] @shadow have you assigned your syscalls to our matrix yet? [19:43] by default [19:43] gcc-2.95 [19:43] but i can get gcc-3.0 [19:43] gcc-3.2 - The GNU C compiler [19:43] 3,2 is ok? [19:44] perhaps ;) [19:44] basically you need C99 ... [19:44] gcc-3.2 is not completely C99 compliant, but most things should work [19:44] binutils cpp-3.2 gcc-3.2-base libgcc1 [19:44] The following packages will be REMOVED: [19:44] modconf modutils [19:44] The following NEW packages will be installed: [19:44] cpp-3.2 gcc-3.2 gcc-3.2-base libgcc1 [19:44] sounds like a bad deal to me ;) [19:44] ... this is Debian ... ;) [19:44] Bertl> not. i treed to fix problem with ext3.. but.. not be able [19:45] @shadow, ahh okay, no problem with that ... Honza fixed the quota accounting stuff .. [19:45] making it compilable with gcc 2.95 is on my todo list, but not at a top position [19:46] :) [19:46] Bertl> i see. but my fix more easy and me discus about it. [19:47] quota accounting stuff? [19:48] @matt only statistical info/data ... [19:48] matta> and deadlocks on ext3... [19:49] alex discovered an imbalance in the statistical accounting ... and we reported it to Jan Kara ... who denied it first, but fixed it yesterday ;) [19:50] @shadow tell me about the deadlock issue in more detail please ... [19:50] is ok with gcc3.2 [19:50] Bertl> see my mail in linux-kernel@ [19:50] okay, will do so ... [19:51] > at one console do start/stop some programs. [19:51] > at second console start script [19:51] > === [19:51] > while [ 1 ]; do [19:51] > mount -o remount,usrquota,grpquota / [19:51] > sleep 5 [19:51] > done; [19:51] > === [19:51] > for test how work fs sync. [19:51] > After small time (less 10 min) i tred logon on third console and system been [19:51] > locked. [19:51] maybe a cc to linux-fsdevel@vger.kernel.org would be apropriate ;) [19:51] start/stop some programs - it start/stop all vps on host. [19:51] hmm, the remount does a sync? [19:52] yes it is. [19:52] is this only on SMP or on UP too? [19:52] on UP [19:52] at SMP i don`t test. [19:52] hrm [19:53] sounds like a problem I had.. [19:53] I had the feeling that ext3 has some issues ... [19:53] and it is definitely quota related? [19:53] ensc [19:53] vserver redhat start [19:53] Can not find vserver-setup [19:54] shuri: do you have installed it with 'make install'? [19:54] yes [19:54] Bertl> see tasks state [19:54] vpn:~/util-vserver-0.24.191# make install [19:54] make install-recursive [19:56] matta> send you tasks states log ? [19:56] shuri: util-vserver expects configuration in $prefix/etc/vservers, and $prefix is probably /usr/local in your installation [19:56] shuri: look at the 'sh -x `which vserver` redhat start' output to see which paths are expected [19:58] ok got it [19:59] AGoe (~agoeres@80.184.194.87) left irc: Remote host closed the connection [19:59] vpn:~/util-vserver-0.24.191# vserver redhat enter [19:59] WARNING: can not find configuration, assuming legacy method [19:59] conf = /usr/local/etc/vservers/redhat.conf [19:59] shuri: yes, you are not using the new configuration scheme [20:00] ok [20:00] shuri: to use it, create /usr/local/etc/vservers/redhat/ directory [20:00] create a symlink /vservers/redhat -> vdir [20:01] create an 'fstab' file there with /proc and /dev/pts entries (at least) [20:01] create file 'hostname' with hostname [20:01] @alex, @enrico I would like to talk about an syscall/kernel/user interface to change per context limits in a generalized way ... [20:01] shuri: create a (dead) symlink from /var/run/vservers/ to run [20:02] shuri: create symlink from /var/run/vservers/rev to run.rev [20:02] hmf [20:02] redhat9 doesn't have a windowmaker RPM [20:02] matta: look at fedora.us [20:02] shuri: for you, the interfaces/ directory might be interesting: [20:03] i was wondering something actually.. [20:03] would upgrading from redhat9 to fedora be as simple as pointing my apt sources to fedora and doing a dist-upgrade ? [20:03] create file 'dev' with eth0 there, and file 'bcast' with broadcast address [20:03] matta: try it ;) [20:04] also, why did RedHat bypass the chance of having RedHat X [20:04] :) [20:04] shuri: for each interface, you need now a separate directory in interfaces/ (e.g. '0', '1', ...). There, you need 'ip' file with the ip and 'prefix' or 'mask' with the prefix/mask [20:07] shuri: 'vserver ... build' does this automatically for you, but supports apt-rpm only at the moment [20:07] ok [20:07] server redhat start [20:07] readlink(): No such file or directory [20:09] shuri: ah, /var/run should be probably /usr/local/var/run in your case [20:10] (for the run.rev link) [20:10] okay, brb ... [20:10] (and run also) [20:10] Action: Bertl is getting something to eat [20:16] ; [20:16] Action: shadow drink coffe [20:18] Nick change: shuri -> shu_off [20:26] AGoe (~agoeres@80.184.194.87) joined #vserver. [20:27] hi everybody! [20:27] enrico .. [20:28] AGoe: hello [20:29] oki, I'm back ... [20:29] @alex, @enrico I would like to talk about an syscall/kernel/user interface to change per context limits in a generalized way ... [20:29] i changed the startcmd to "/sbin/init 2" and it seems to start but then stops with "timeout opening/writing control channel /dev/initctl"..:-( [20:30] currently I think that a min, max, current would be sufficient ... where min is a guarantee and max a limit ... [20:30] shouldnt I once I stop the ldap service running on a vserver get access back on 127.0.0.1 port 389 (ldap) ? I dont have access to ldap on localhost but I can from another box. [20:30] or this has nothing to do with vserver ? :) [20:30] Bertl: which context limits do you mean? CORE, DATA, VSS? [20:30] @serving I guess not, but check with lsof ... [20:31] @enrico all present and future limits ;) [20:31] Bertl: 'current' is part of statistic interface; min and max are those of ulimit [20:31] basically, but ulimit isn't sufficient for every purpose I have in mind ... [20:31] but lets make some examples ... [20:32] first disk-limit: [20:32] I would like to set a minimum (guarantee) and a maximum (hard limit) ... [20:32] what should happen if the minimum isn't available on a shared disk? [20:33] I do not understand the 'min' semantic completely [20:33] are ctx-quota patches supporting it already? [20:33] why not using the current soft/hard limits? [20:33] nope, not yet ... [20:34] this is something I want to discuss ... [20:34] maybe min/max isn't sufficient so min/soft/hard would be required ... [20:34] back to the min (or guarantee) ... [20:34] what is in the resource-management solution of 2.6 which was prefered by riel? [20:34] I would like to check those values agains overbooking attempts ... [20:35] and I would like to issue a warning if such a minimum cannot be guaranteed ... [20:35] Bertl: issue a warning = ?? [20:35] a signal? [20:35] hmm, maybe just a flag in /proc somewhere ... [20:36] this can be handled like the sensors stuff, for example ... [20:36] why not (re)use SIGXFSZ? [20:37] hmm, how would I do that? [20:37] ok, would be wrong for your 'min' case [20:38] when limit is exceeded -> kernel sends this signal to the process which invoked write(),... [20:38] anyway, one of the biggest issues in limit/quota administration is overbooking, and this would hopefully address that in a generic way ... [20:39] hmm okay could work ... I'm also interested in using resource-management stuff, if it is present in 2.4 and 2.6 ... [20:40] Bertl: when this stuff exists, it should be used. But I do not know its interfaces [20:41] I would like to have something like the rlimits (extended by min, and maybe soft) which is extensible and could be used on both branches (alex and mine) alex? [20:41] (and per context of course ;) [20:41] this is going too deep into the kernel and I do not have an overview about existing solutions; sorry... [20:42] no problem, you should think about an userspace solution and an interface to the kernel which can handle those ... [20:42] Action: shadow returned [20:43] by the way, using the iproute2 stuff was a really good idea ... [20:44] Bertl: yes, when understanding the 'help' output, these tools are great ;) [20:45] I think the real advantage is, that they are working at a low level with the kernel interface, in the way the kernel interprets the data ... [20:45] yes; e.g. setting up ppp-interfaces with 'ifconfig' in a vserver fails, while 'ip' works fine [20:47] Bertl: when I do not know, which is possible in the kernel, I can not design an interface [20:47] jacks vserver not have checks in rtnetlink [20:47] i write about it half-one year ago.. [20:49] @enrico okay let us start with an interface to set/get/verify thos limits ... [20:50] @alex rtnetlink, this is regarding what? [20:50] ensc> yes; e.g. setting up ppp-interfaces with 'ifconfig' in a vserver fails, while 'ip' works fine [20:51] Bertl: On first glance: struct { int resource; lim_t min; lim_t soft; lim_t hard; }; [20:51] ip tools send messages to kernel.. but ifconfig use ioctl.. [20:51] shadow: ah, then this is a security leak? [20:52] good start, but a little problematic, maybe, just remember the ulimit issues ... [20:53] Bertl> but can be stop use ulimit for set limit to vserver ? [20:53] I would suggest to separate the limits from the ulimit settings ... where possible ... [20:53] ulimit - per process. but we need per vserver [20:54] exactly! [20:54] ensc> not only security... [20:55] ensc> on rh it can be problem with stop vserver if "network" services set on. [20:57] shadow: no; without CAP_NET_ADMIN, 'ip addr add' fails [20:58] ensc> ip addr get - how i remeber not check permisions.. [20:59] ensc> and for me need CAP_NET_ADMIN - for work virtual network devices. [21:00] Bertl: why not: when setting vserver-ulimits, iterate through alll processes of this ctx and adjust ulimits? [21:00] that isn't the same ... just think about memory limits ... [21:01] how would you have a 1GB memory limit for ctx 100?, 100Meg for each of the ten process won't work ;) [21:01] ok; would the resource-management stuff help there? [21:01] this stuff has to be per context, which isn't a problem, the ulimit stuff will stay, but per process as usual ... [21:02] problem is CKRM doesn't exist (and isn't planned) for 2.4 for example [21:02] do we really want to have any feature in 2.4? [21:03] yes, because I'm sure that 2.6 will take some time till production ... [21:04] just think about it, the vserver community uses 2.4.20/21 kernel which is really old ... [21:04] Bertl: will the signal-from-ctx-1 patch become mainstream anytime? [21:05] I wrote a vserverkillall in perl that seems work good, it finds all processes in a context via proc and sends the signals from ctx 1 [21:05] nope, but be will get something better into stable ... the send signal to context syscall ... [21:05] ah, something like alex's would be better [21:05] which i believe is a syscall [21:05] Bertl: new features -> new kernel. The old featureset works with 2.4. [21:06] matta> it kill forkbombs ? :) [21:06] matta: finding processes via /proc is not reliable [21:06] @enrico, new features = (2.6 features + general features) [21:06] ensc: i know this... [21:06] but it's better than nothing [21:07] general features -> 2.4 & 2.6 kernels ;) [21:07] with me running the ml patch, if a vserver runs out of memory you can't stop it since it tries to enter the context to kill the procs [21:07] so it needs to kill from context 1 [21:07] Bertl: limits-per-context would be a new feature ;) [21:07] i interate over proc a few times to find any stragglers [21:08] not really, we have nproc, the memory limits and the disk limits already ... [21:10] @alex do you think we could agree on such limit settings min/soft/max? [21:10] Bertl: ok; but why would my ' struct { int resource; lim_t min; lim_t soft; lim_t hard; };' based interface be wrong? [21:10] @enrico do you think we can create an interface which would allow to set the resource that can be limited ... [21:11] @enrico no not wrong ... [21:11] but maybe not as handy as it could be ... [21:11] how would you change the maximum only, for example? [21:11] Bertl> hm.. i don`t know how you relalize min/max/soft for memory [21:12] min would be your guarantee ... for example [21:12] but soft ? [21:12] max would be some hard limit for VM for example ... [21:12] hrm hard and soft mem limits? [21:12] Bertl: like with *rusage: call getlimit() first, assign values and call set* then [21:12] that would interesting.. [21:12] and soft could be a hint to swap out, or ignored for resources where it doesn't make any sense ... [21:13] @enrico, how to protect agains races in userspace? [21:13] Bertl: isn't that the purpose of atomic variables? [21:13] get/set inconsistencies ... [21:13] Bertl: only ctx-0 (or CAP_SYS_ADMIN) can increase limits [21:14] only ctx-0 can set/change those limits, period. [21:14] i don`t have use ulimit calls for set limits in context.. [21:14] @alex that is why I would suggest to create a common interface for this ... [21:14] Bertl: other races in userspace are not interesting [21:15] Bertl: personally, I liked Alex's interface more than the ulimit as it can be set without restarting a vserver [21:15] @enrico tool xy makes get .. then set ... xy vs xy could produce errors easily ... [21:16] Bertl: usually, not very much tools need to modify limits of foreign contexts [21:16] @matt don't worry it is going to be something you can change while the server is running ... but we have to do some check for that to work ... [21:16] Bertl> because task->rlim = used for task limit. [21:17] @enrico assume you have a tool like ulimit for those limits, let's call it ctxlimit, right? [21:17] ok [21:18] this tool has an interface to change a single value ... ctxlimit -m [21:18] or ctxlimit -S, -H ... okay? [21:18] ok [21:18] now it accomplishes this by first getting all three values, then setting all three values ... right? [21:18] ctxlimit -c context_id -P num [21:18] ... etc [21:19] yes this way ... [21:19] Bertl: yes [21:20] what if you start this tool twice, shortly after each other ... with different values for -S, -m for example [21:20] they could easily result in: [21:20] A: get limits [21:20] Bertl: why should I start this tool in this way? [21:20] B: getlimits [21:20] A: setlimits (works) [21:20] B: setlimits (fails) [21:21] I understand the race, but it is irrelevant IMO [21:21] when you want to prevent it, add another element to the struct which specifies the set-mask [21:22] and it is unnecessary ... [21:22] yes the set-mask would be an option ... [21:22] AGoe (~agoeres@80.184.194.87) left irc: Remote host closed the connection [21:23] okay, but that are not the real issues I see, there is the question how we could address thos limits in a way, that the tools will work, without knowing what limits the kernel supports ... [21:23] s/thos/those/ [21:24] maybe we could prove a list of limits/IDs in the /proc ? [21:24] return -EINVAL for unsupported resources [21:25] or maybe we should do the get/query only via proc? [21:26] no; please no mandatory /proc parsing! [21:28] more ease get array(matrix) supported types from kernel.. [21:29] hmm, not sure if this is a good idea, to pass an array of unknown size from kernel to userspace ... [21:29] why are having userspace programs to know about supported types? [21:29] to display them for example ... [21:30] Bertl> first answer - size; second get array [21:31] ok; for the user this can be done with /proc. Programs do not need it, since they would not know how to deal with unknown types [21:32] hmm, guess 32 or 64 limits would be enough, right? [21:34] *grrr* why does big companies always have to make it IMPOSSIBLE to find specs on their old hardware [21:34] Bertl> we can inform kernel about allocated size and get from kernel to this array [21:34] @jon what are you looking for? [21:35] Bertl: specs on an intel MB [21:35] @alex okay, are you interested in a common interface for this? [21:35] @jon what MB? [21:35] Bertl: that is the problem, i dont know [21:36] Bertl: i have fond an AA number, and intel says that it can be used to distinguish between different boards, but do they have a search function for that number? oh no [21:36] @jon okay, you are seraching for a spec for a MB you don't know? [21:36] Bertl> interested. [21:37] Bertl: yeah, i have the board with me, and i have the number [21:37] @alex oki, the min/soft/max(hard) approach sounds reasonable for all purposes to you? [21:37] @jon okay look at the last PCI slot, it has PCI, yes? .. is there something written on the side? [21:38] @alex remeber you can ignore/leave out each one (min/soft/max) if not required ... [21:38] Bertl: no, but there is a sticker with a barcode and a number somewhere else on the board. But i cant find a search function to type in the numbers [21:38] Bertl: on the intel website [21:39] Bertl: i was wondering if it supported a Via c3, and how much memory [21:39] and what kind [21:39] @jon okay the intel boards (server and workstation) have a two line description printed on the board ... [21:39] this is a desktop board [21:39] look somewhere between the slots or around the chipset ... [21:40] Bertl: i found no description [21:40] Bertl> ok. i agree it. but not find reasonable if many resoces not have one or two limits from it... [21:40] can the via C3 use the 370-pin socket? [21:40] or does it require the FC-PGA? [21:41] maximum memory size is 256 MB [21:41] not much [21:41] @alex well guess some resource won't require/use min and soft but most can be extended, and if only for accounting/overbooking checks ... [21:42] @jon PC-PGA is 370-pin socket ... [21:42] Bertl: hmm [21:42] how compatible is the via C3 with a celeron ? [21:43] @jon I tell you, I don't know [21:43] @jon is there a white area just beside the pci slots on the edge of the print? [21:44] Bertl> for first me can write matrix with resorces and reasonable limits for his. [21:44] Oual (~val@81.56.199.207) joined #vserver. [21:44] @alex okay, go ahead ... [21:44] dakol (~dakol@82.67.179.120) joined #vserver. [21:44] hi Qual! [21:45] Hi :) [21:45] hi dakol! [21:45] hi * [21:45] Bertl: no, but never mind, i managed to find the specs [21:45] Bertl> you create resouce list ? [21:46] Bertl : do you know if there is some problems using CTX patch on SMP host ? [21:46] @alex shall I? [21:47] @Qual there should be none with the stable patch ... why did you encounter any issues? [21:47] ouch [21:47] we're using old ctx17f one [21:47] hmm, should be working too ... what are the issues? [21:47] it can't set ipv4root [21:48] what error/message do you get? [21:48] "Can't set the ipv4 root (Bad address)" when starting first vserver we made [21:48] [pid 6961] SYS_227(0x640aa8c0, 0x1000, 0x90f, 0xbffffd7e, 0x80499f1) = -1 EFAULT (Bad address) [21:48] [pid 6961] write(2, "Can\'t set the ipv4 root (Bad add"..., 38Can't set the ipv4 root (Bad address) [21:49] what tools do you use? [21:49] 0.23-3 [21:49] from debian testing [21:49] could you try one of the released tool-sets? [21:50] http://www.13thfloor.at/vserver/s_release/v1.00/ [21:50] no, as @home [21:50] ...my test box at home work perfectly [21:50] hmm, then maybe tomorrow? [21:50] with ctx17f patch, and vserver 0.23 [21:50] also the debian version? [21:51] yes [21:51] interesting .. [21:51] i'll do v1.00 version of kernel-patch for Debian this night [21:51] ...and test it using new tools [21:51] is there newvserver command on the new tools ? [21:52] hmm, so maybe I should adapt the last 2.4.22-3 deb patch to v1.00, right? [21:52] yep :) [21:53] if you want ;) [21:53] any changes on the debian patches? [21:53] none, same kernel-source version [21:53] no new patches [21:54] okay ... I'll make a patch, check out bot tool-sets (enricos and jacks) and if possible debianize them ... [21:54] ok, thanks [21:54] hmm, maybe the second part could be jour job, right? [21:54] s/jour/your/ [21:55] right [22:03] @Qual are you interested in the development branch too? [22:08] hum in /proc/self/status [22:08] we don't have __NR_set_ipv4root: 254 rev3 [22:08] might be ... [22:08] @dakol what do you have there? [22:08] Bertl: like Oual [22:08] Bertl: we are on the same server [22:09] yeah, I got that ;) I meant what is in /proc/self/status ... [22:09] chbind seem to fopen("/proc/self/status") and look something like __NR_set_ipv4root: [22:09] then set rev_ipv4root according to the value of __NR_set_ipv4root: [22:10] okay, what does chcontext --ctx 100 cat /proc/self/status return? [22:10] Can't set the new security context [22:10] : Function not implemented [22:10] hmm, so the ipv4root isn't your only issue, right? [22:10] at this point :) [22:10] how about cat /proc/self/status [22:11] and cat /proc/version ? [22:11] Oual (~val@81.56.199.207) left irc: Ping timeout: 492 seconds [22:11] 2s [22:12] http://fabien.seisen.org/tmp/version [22:12] http://fabien.seisen.org/tmp/status [22:14] if I had to guess, I would say this is the c17h patch, and this won't work with the old tools ... ;) [22:14] AGoe (~agoeres@80.184.194.87) joined #vserver. [22:14] ok [22:14] (could be c17g2 too ;) [22:14] don't know [22:15] hell.. i#m back.. [22:15] could someone explain me waht this message means? [22:16] on ftp://ftp.solucorp.qc.ca/pub/vserver/ ? [22:16] init: timeout opening/writing control channel /dev/initctl [22:16] @dakol nope ...http://savannah.nongnu.org/files/?group=util-vserver [22:17] @alexander that means that init tried to open the control device /dev/initctl and failed ... [22:18] AGoe: can you trace it down with 'sh -x' which command is responsible for this message? [22:18] @enrico I guess it is telinit (just an educated guess) [22:18] who calls telinit? [22:18] probably the runlevel scripts somewhere ... [22:19] but I might be totally wrong ... so don't rely on it ... [22:19] enrico.. thats the error i get, when i add the runleve 2 to the startcmd in your script.. [22:19] and start a vserver of course.. [22:20] AGoe: you are using Debian, right? For where is /sbin/init coming? SysVinit? [22:20] herbert, why can it open the control channle, when it takes its own context, but not when i set the context? [22:21] enrico .. good question.. don't know.. [22:21] @agoe try the following [22:22] somehow the vservers are not only miraculous but also a complete miracle to me [22:22] chcontext ls -la /vservers//dev/initctl [22:22] enrico.. yes it's a debian system [22:22] and then chcontext --ctx 100 ls -la /vservers//dev/initctl [22:23] Oual (~val@81.56.199.207) joined #vserver. [22:25] herbert.. i'll try that tomorrow.. thanx to all for the help.. bye [22:26] bye ... [22:26] AGoe (~agoeres@80.184.194.87) left irc: Quit: de cetero censeo aliquem necesse dormire [22:41] Herbert - continue talk about resource list ? [22:41] yes, what is your status on that? [22:41] @Oual http://vserver.13thfloor.at/Stuff/patch-2.4.22-3-vs1.00.diff.bz2 http://vserver.13thfloor.at/Stuff/patch-2.4.22-3-vs1.1.0.diff.bz2 [22:44] explain please... [22:44] I meant, do you ahve a list of your resources already? [22:45] yes. [22:45] 1) cpu [22:45] 2) total memory [22:45] 3) resident memory [22:45] 4) disk usage [22:46] 5) network baundwith [22:46] you have additionals ? [22:46] 1a) cpu time [22:46] 1b) nr processes [22:46] 2a) virtual memory [22:46] 2b) locked memory [22:47] 6) file handles [22:47] 4a) disk space [22:47] 4b) inodes on disk [22:47] 5a) bandwidth [22:47] 5b) nr connections [22:48] maybe we should divide the bandwith in in/outbound? [22:48] nr connections == nr sockets in established state ? [22:48] I know inbound is hard to limit ... [22:48] yes, maybe (bound state too) [22:49] hm.. only inbound baundwith very diffucult.. [22:49] yeah, but we could drop packages exceeding the inbound limit ... this does work ... [22:50] but can be drop outbound packets ? [22:50] in the outbound case, the best solution would be to block the transmission (send) ... [22:51] we save total baundwith but resend outbounds packets more easy.. [22:51] this is already done by the queues (and queing disciplines) [22:52] hmm 7) terminals (pty/tty) does this make sense? [22:55] mugwump (~sv@stc.surreytech.co.uk) left irc: Quit: down to the pub [22:55] hm.. kernel have limit for total terminals count... [22:55] i aggree if me add it to resource list.. [22:56] another resource: count of child contexts [22:56] hm.. it need ? [22:57] i think block create child context from context other context 0 [22:58] shadow: no, this vserver-in-vserver feature is required here [22:58] hm.. what reason for it ? [22:58] fedora build-system [22:59] explain.. i not see fedora. [22:59] mdaur (mdaur@80.145.126.150) left irc: Quit: cya [23:01] You have the physical host an the vservers for the different build-masters (e.g. fedora extras projects, or for build-master people). Each build-vserver compilers untrusted SRPMS which must happen in a separate context/chroot [23:02] (fedora = the Fedora Project) [23:05] Hurga (ident@217.231.171.196) joined #vserver. [23:05] but what need create vserver-in-vserver ? [23:05] each build-vserver is child from root.. [23:06] shadow: I have: host (ctx 0) -> build-master -> build-slave [23:06] quick question... is it just me, or are the rpms of the 1.00 release broken? [23:06] error: vserver-0.26-1.i386.rpm: rpmReadSignature failed: region trailer: BAD, tag 61 type 7 offset 48 count 16 [23:08] we had this on the list, somebody already compiled new ones .. you should be ablte to do the same with the src.rpm, I didn't check them, jack released them this way ... [23:09] ensc> build-slave inherit all resouces from build-master ? [23:09] shadow: yes (but it runs in own chroot with own context) [23:09] Bertl: Installing vserver-0.26-1.src.rpm [23:09] error: InstallSourcePackage: rpmReadSignature failed: region trailer: BAD, tag 61 type 7 offset 48 count 16 [23:09] error: vserver-0.26-1.src.rpm cannot be installed [23:10] @alex, @enrico guess we should have a talk on vserver in vserver soon (maybe tomorrow?) [23:10] ensc> run with same context id ? [23:10] @Hurga okay ... let me have a look at it, (1-2min) [23:10] shadow: no, slave is spawned with 'chcontext /..../init.build' [23:10] Bertl: Didn't see anything about rpms in the list archives... if there are new ones, I'd like to know where. :) [23:10] Bertl: Thanks! [23:11] Bertl: ok; only weekend is bad for me [23:11] tomorrow != weekend, right? [23:11] Bertl: it depends on the timezone ;) [23:12] @Hurga they recompile/work on Mandrake without any issues ... [23:12] Bertl: gah. This is RH 9, never had this before. [23:13] okay, let's check the following ... [23:13] get the .tar.gz and the following spec file ... [23:13] Bertl: gimee md5sum of it, plz? [23:13] http://vserver.13thfloor.at/Stuff/vserver-0.26.spec [23:14] okie... [23:14] a4e1927461f0105352ecee106e855dc6 vserver-0.26-1.i386.rpm [23:14] a91e72553c804a56f85c6634ad1b7fbd vserver-0.26-1.src.rpm [23:14] but it seems this is an RH issue ... [23:14] checksums are correct. [23:14] weird. [23:14] expected that ;) [23:14] OK, building from spec, thanks. [23:15] probably RH added some mandatory/custom tags ... [23:15] your spec build might fail ... if so, please report ... [23:15] Bertl: Mandrake is the 'enhanced RedHat' ;) [23:18] built went fine. [23:19] okay ... we will rebuild them for RH9 ... [23:19] From: Lucian Daniel Kafka [23:19] Date: Thu, 06 Nov 2003 16:45:53 +1100 [23:19] this is the start of the thread, if you want to follow ... [23:20] Bertl: The archive starts yesterday, I'm not (yet) on the list. [23:20] ahh, okay ... [23:20] but thanks... [23:21] Did anyone try to build the 1.00 release with vroot and secure quota on LVM? [23:22] vroot ? [23:22] Hurga: i'm using LVM, but no quota [23:22] alekibango (~john@62.245.97.59) left irc: Quit: Client killed by consultant [23:22] vroot is not an issue for 2.4.21/22 on v1.00 [23:22] CAP_QUOTACTL is already in ... [23:22] you shouldn't have any problems with that ... [23:23] Bertl: Not an issue? how do you mean? [23:24] What do I need for the vroot? [23:24] okay, sorry, I'm working on the vroot patches for 1.00 [23:24] Action: Hurga noticed that CAP_QUOTACTL is in, great... [23:24] and 2.4.20 has the old quota system, so I ran into some issues ... [23:25] hmm. [23:26] Action: Hurga thought that patch-2.4.22-ctx17a-vr0.13.diff might be for vroot, it applied cleanly, at least. [23:27] yeah, should work ... [23:27] good :) [23:27] but it won't apply on 2.4.20-vs1.00 for example ;) [23:28] nope, I used stock 2.4.22, patch-2.4.22-vs1.00.diff and then patch-2.4.22-ctx17a-vr0.13.diff [23:29] Bertl : your patch is debianized (http://debian.linuxfr.org/pool/kernel-patch-ctx-v1.00/), i'm making new kernel to test it [23:29] okay ... [23:30] @Hurga could you test the RPMs on RH9 for me? [23:30] http://vserver.13thfloor.at/Stuff/vserver-0.26-1.src.rpm [23:30] http://vserver.13thfloor.at/Stuff/vserver-0.26-1.i586.rpm [23:30] http://vserver.13thfloor.at/Stuff/vserver-admin-0.26-1.i586.rpm [23:30] sure. [23:33] Bertl continue talk about resouces and resoure managament tomorrow ? [23:33] @alex okay looks like we have about 16 limits yet, right? [23:33] the idea with the changemask sounds good to me ... [23:34] we'll probably need two syscalls (get/set) and a structure similar to that proposed by enrico ... [23:34] Bertl: Can't check vserver-admin-0.26-1.i586.rpm, got no linuxconf installed. The rest works fine. [23:34] @Hurga okay, thanks ... will replace them on my site ... [23:36] @alex and we could use a 32/64 bit (field) to return the active/supported limits ... [23:36] Bertl> i think it 10 limits in 7 categories... [23:37] JonB (~jon@129.142.112.33) left irc: Quit: Client exiting [23:37] hm.. can be first return size of bitmask array and at second fill it ? [23:39] hmm, not sure if this is required, if we only have 10 limits, a 32 bit int would be more than sufficient ... [23:40] Bertl: vrsetup from vquota-tools-0.12, or is there some newer package? [23:41] http://vserver.13thfloor.at/Experimental/vr-tools-0.14.tar.bz2 [23:43] ah, name change, ok... [23:43] separate package ;) [23:43] @alex okay, let's sleep over it ... and talk about it tomorrow ... [23:44] Bertl> what time for meeting ? [23:45] I will be available from 17:00 CET until midnight, or later ... [23:45] it's currently 21:44 CET ... [23:45] hm.. for my 22:46. [23:46] ok. i try connect at this time. [23:47] good night Herbert [23:48] night alex ... [23:48] @Oual hmm, and what about the vs1.1.0 and why this modified naming schema? [23:50] because i don't know how official maintainer will name the new stable version [23:51] hmm, okay, do you know how cares about the vserver stuff, is this Olaf? [23:51] so i name it v1.00 (using your naming schema) and discard all old patches from packages (ctx16-17...) [23:51] Bertl: Seems to work great with all the recent tools. Just one thing, I get ulimit errors. Any idea what's wrong? [23:51] /usr/sbin/vserver: line 628: ulimit: max user processes: cannot modify limit: Invalid argument [23:51] les this is a kernel issue, has nothing to do with vservers ... [23:51] s/les/yes/ [23:52] you can work around, if you change your config from -H to -HS in the ULIMIT variable ... [23:52] Bertl : it's Ola Lundqvist the official kernel-patch-ctx for Debian [23:52] +maintainer [23:52] oki, could you contact him, and look after it? [23:53] yes i can [23:53] Bertl: Great! :) [23:53] okay, I rembeber I wrote him some time ago, that I would like to keep the debian packages in sync with development ... [23:54] Cc to you ? [23:54] whatever you prefer ... [23:54] ok [23:57] Bertl: This stuff is great, very exciting. Thanks a lot! :) [23:57] you are welcome .. [00:00] --- Fri Nov 7 2003