free blog   apache   shopping directory   php powered
harryg'night
Chlorekhm
ChlorekBertl sleeping now
Chlorekanyone alive?
Chloreki have an error
Chlorekhttp203://c.sed.pl/err
Chlorekanybody knows what is wrong?
daniel_hozacwhat's the actual URL?
Chlorekhttp203://c.sed.pl/err
Chlorekhm
Chlorekhm hm
Chloreksomething recode :: to 203:
daniel_hozacyou can't strace across context switches.
daniel_hozacwhat's your problem exactly?
Chlorekvcontext: execvp("/usr/sbin/vspace"): Permission denied
Chlorekwhen i starting all my vservers
daniel_hozacand /usr/sbin/vspace has exec permission?
Chlorekyes
daniel_hozacdo you have grsec or similar?
Chlorekyes, i have grsecurity
Chlorekbut it works early
daniel_hozaci guess you have something in dmesg then?
ChlorekvxW: [ývcontextý,6325:#3|3|3] did hit the barrier.
daniel_hozacdo you have a barrier on / or something?
Chlorekbut i set barrier for /
Chlorekok, i'll ask Bertl tomorrow
Chlorekbye ;)
cehtehhmpf setting up an network card which should acquire its ip from a dhcp (openvpn) inside a vserver is a bit pain ..
incdHmm, I made a new vserver guest, it doesn't want to change its netmask/broadcast to right ones
incdIt has the same values that the first vserver has, except IP
daniel_hozachow did you make it?
incdhttp://linux-vserver.org/Building_Guest_Systems#Building_guests_using_the_clone_build_method
incdChanged IP's after cloning.
daniel_hozacso your command was what?
incddaniel_hozac: yea :)
Bertlmorning folks!
daniel_hozacthat was not a yes/no question :-)
Bertlwho is maintaining 'yea' :)
petzschsounds like a new web2.0 tool noone needs ;-)
petzschmorning folks
incddaniel_hozac: sorry :) vserver mail build -m clone --hostname mail.xxx.fi --interface eth0:81.175.xxx.xxx/24 --initstyle gentoo -- --source /vservers/www1
incdwas the command
incdBertl: Now with "vserver-info" version 0.30.216-pre2880 with 2.6.32 doesn't hang up the server :)
incdIt just says "Killed"
incd*vserver-stat
Bertlwhat util-vserver version?
incdKernel: 2.6.32.8-vs2.3.0.36.29.1 and util-vserver: 0.30.216-pre2880; Feb 22 2010, 09:30:12
Bertllooks good, probably the guest (gentoo) is confused
incdYea
Bertlthere was a magic line to fix that, IIRC it should be on the wiki, if not, I think daniel_hozac will remember
incdAnyways, can't get correct netmask/broadcast for my new guest. :/
Bertlmaybe the ip is already configured on the host?
Bertl(after the guest 'died', with the wron mask)
Bertlin this case, remove it manually on the host with 'ip a del ...'
incdor datacenter has bad routing yet again, I'll try the IP with a host that is known working, etc :p
marcinHi, can someone help me? I'm using Debian Lenny with default package linux-image-vserver. Take a look: http://pastebin.org/95734
marcinI'm using:  2.6.26-1-vserver-amd64
ghislainmarcin: debian packages are toot old for using cgroup
ghislainyou should use beng packages for that
ghislainor compile from source
marcinghislain: too old? So in this way, I should do kernel upgrade to newer version? What are beng packages?
ghislainyes cgroup is vserver 2.3, you want to use cgroup isn't it ?
ghislainvserver 2.3 requires newest kernels and latest util-vserver tools not available in the debian repository.
ghislainhttp://linux-vserver.org/util-vserver:Devdebianpackage
bobnormali have to have a DNS server running on my VServer host, but i want to run one in a guest as well.  will a combination of certain nflags and 127.x.y.z-binding in one or both of the host and guest allow for this?  otherwise how can i achieve it?
Bertlwhat's the problem?
bobnormalbasically when i try to bind UDP port 53 in the guest on 127.0.0.2 for example it fails with 'port in use' since the host is using it .. so im playing with various nflags etc. and 127.0.0.<something-not-1> binding to see if its possible to work around
bobnormali know with some configs i've previously seen 127.something.not.001 in guests
bobnormalperhaps if i disable the right flags i can bind to that specifically within the guest to solve?
Bertlwhy would you want to bind 127.0.0.2?
BertlI mean, don't get me wrong, you can do that, but I'm not sure what you want to accomplish?
bobnormali want to host a DNS server within a vserver, however my annoying CTO has mandated all environments must have their own recursive DNS server running to prohibit interdependencies in case of dns server failure
bobnormalwihch therefore includes the vserver host
Bertlokay?
bobnormalhavent got it working yet, perhaps bind options for host-environment DNS != specific ip
bobnormalaha, possibly nameserver 127.0.0.1:1234 might work
bobnormalin /etc/resolv.conf
bobnormalnope seems unsupported in linux, OSX supports it though
Bertlwell, you certainly have a host IP, and your guest will have a public? IP too, yes?
bobnormalno, host will forward the port
Bertlbut to a guest IP, no?
bobnormalyes.
Bertlso, the only thing you need 127.x for dns then is the control prot (to start and stop it)
Bertli.e. you make sure the guest has single_ip disabled, and the lback stuff enabled, then you can simply start bind inside the guest including the control port
Bertlit will then be available on <guest-ip>:DNS
bobnormalok i will try that now, thanks.
Bertlon the host, all you need to do is to restrict bind to the public? IP you want to use (host wise)
bobnormalahh no
bobnormalthe host needs to localhost bind only
bobnormalits a service for itself only
Bertleven better then
bobnormalok let me try :)
bobnormalwith single_ip disabled, the guest will have to bind specifically to its allocated guest IP, correct? ie: 0.0.0.0 bind will not remap
Bertl0.0.0.0 will be mapped to the guest IP(s)
bobnormalok
bobnormalwill try before asking any more questions :)
bobnormalhost is running unbound dns daemon lsof verifies localhost:domain bind.  guest nflags from nattribute --get are 'lock.lback_remap,lback_allow,hide_netif,hide_lback,state_admin'.  guest starts pdns (powerdns) daemon and reports "binding UDP socket to '0.0.0.0' port 53: Address already in use"
bobnormalargh my bad.  unfamiliar with pdns syntax. sorry. :) looks like it's working.
Bertlgood :)
bobnormalyep! :)  next stop, globally distributed vserver-lockdown pdns nameserver with dynamic geoip+dynamic backend-failure-detecting resolution style! :P
bobnormalor at least, 2x continents within the year
bobnormalnow just gotta sort that horrid mysql replication out ...
Bertlnap attack .. bbl
_Shiva_OT: is there a source for recommended hardware to be used in high throughput storage systems..? i.e SAS-controllers other than LSI/mega_sas based..? i think that PERC/6e can't handle my current iops..
Psy0rzis it true that normally the userspace tools and config doesnt change with a new vserver update? i went from 2.2 to 2.3.
harryyesh
Psy0rzoki :)
Psy0rzeverything SEEMS to be ok for now :0
Psy0rzwhen will 2.3 be renamed to stable? its more stable than "stable" already,right?
jpichi, what does that mean please? http://dpaste.com/163548/
Psy0rzwhen something listens on a tcpport, on 0.0.0.0, is it true it wont listen on 127.0.0.1 automaticly?
harryjpic: do you have a vserver guest running with the same context id already?
bobnormal_shiva_: storage is a world unto itself :) very complex once you pass a certain point .. we do video .. much hassle. vserver > * for iops
jpicharry: i think not
jpicharry: there are two vservers with no names running actually: http://dpaste.com/163551/ the second one has the same context ... is it fixable without reboot?
harrysure
harryvkill
harryvps to see what processes are running in that context
harrythen vkill to kill those
Psy0rzi want a virtual loopback device for my vserver? do i use LBACK_REMAP to get that?
Psy0rzor is that unsafe
jpicwhat version of vps allows to list the processes of a context?
harryPsy0rz: it's safe afaik
harryjpic: man vps ?
jpici figured with vps -A | grep, thanks! i think we should upgrade vserver-utils because our man vps is not really helpful
harrywhat version are you running?
harryjust run the latest one... 216 something :)
jpic      Latest version available: 0.30.216_pre2864
jpic      Latest version installed: 0.30.216_pre2849
bobnormaljpic: i use htop .. if you just want pids, if you have cgroups you can cat /dev/cgroup/<vserver-name>/tasks
harryjpic: that would be "late enough" :)
Psy0rzwhy does util-vserver has a crypto api?
Bertlback now ...
_Shiva_bobnormal: i think i've found the problem on the Perc that causes controller resets on heavy I/O .. ;-) the queue w/i the controller seems to be limited to 1008 cmds.. but it's configured to be a JBOD for 15 disks which all have nr_requests 128 from the Kernel.. which may cause a queue overflow on heavy I/O - doh!
Bertlnice controller :)
_Shiva_Bertl: that's why i asked about alternatives ;-)
Bertldepends on the usage pattern, in many cases software raid is superior to hardware raid setups
_Shiva_Bertl: ..that's why it's configured as JBOD ;-)
Bertlin some cases a hardware raid setup is better suited
_Shiva_Bertl: actually, it has each disk configured as a single RAID-0.. as the controller does not know anything about jbos..
_Shiva_jbod
Bertlhehe, yeah, probably this controller is one of those better used as HW raid if at all
Psy0rzhow can i make a process that does listens on 0.0.0.0, also make listening on 127.0.0.1?
Psy0rzwithout changing anything inside the guest
Bertlby actually having a 127.0.0.1 inside the guest
Bertli.e. most likely your guest has the single_ip special casing enabled
Bertland a single IP assigned, try to put ~single_ip in nflags and restart the guest
Psy0rzah that disables it
Psy0rzi do actually have a lo with 127.0.01
Psy0rzsomehow :D
Bertlfor this particular guest, yes
Psy0rzis it safe?
Bertlit is fine, just a little more overhead
Psy0rzjust like my manager ;)
Psy0rzso with:
Psy0rzLBACK_REMAP
Psy0rz~single_ip
Psy0rzit almost feels like a native linux box? :)
Psy0rzwith everything working like expected, being secure, and not influencing the host when listening on a port etc?
Psy0rzso if i ping to 127.0.0.1, will it go through the iptables input chain and how will it look?
Bertlit will be shown as 127.x.y.1 (according to the lback setup)
Bertlit will go over 'lo' and will get the reply over 'lo' too
Psy0rzikk
Psy0rzk
Psy0rzthanks
Psy0rzvery nice :)
Psy0rzso why is 2.3 still experimental?
Psy0rzi read somewhere its better in some ways the 2.2
Bertlit has more features, but they are not stabilized yet
Bertlwe planned to get that done till end of the month, but I doubt I'll find the time, but there is some progress
Bertlfeel free to join and help
Psy0rzah k
Psy0rzi'm helping by putting it in production now :D
Psy0rzwith a 2.6.27 kernel
Bertllet us know how it goes and report back any issues you encounter
Bertlmake sure to test them against a recent kernel though :)
Psy0rzoffcourse i will :)
Psy0rzwell we use 2.6.27 because its long time supported
Psy0rzwith patches
Bertlsure, np, I guess 2.6.31 will get long-term support too
Psy0rzhope so
Psy0rzthe normal kernels are impossible to track for a distro maintainer :)
Psy0rzwith all the 3rd party modules and stuff
_Shiva_Bertl: hum? thought kregkh said 2.6.32 would be LTS?
Psy0rzany version would do :)
Psy0rzlast we used was 2.6.16
Psy0rzand now we went to 2.6.27
Psy0rzhope it still stays a while
_Shiva_http://www.kroah.com/log/linux/stable-status-01-2010.html
_Shiva_explicitly: "Today the last 2.6.31-stable kernel was released, all users of this kernel series are strongly encouraged to switch to the 2.6.32 kernel series, as there will not be any more updates for this branch in the future."
Psy0rzso if i use iptables -IINPUT -i lo -jACCEPT in the mainserver, i'm still safe with 2.3?
Bertl_Shiva_: well, if the performance regressions and stability issues I saw with 2.6.32  remain an the recent kernel patches, there will be a long term maintained 2.6.31 :)
_Shiva_Bertl: maybe it more like: "we aim at 2.6.32 to be LTS and ditch 2.6.31... all of you, please switch to 2.6.32 to help fixing regression and stability issues on a much broader userbase" ;-)
_Shiva_alas, it's a pity that they do not aim at 2.6.33.. to have i.e. DRBD in mainline support..
Bertlis drbd finally stable?
Psy0rzdrbd8?
morfohmoin moin
_Shiva_Bertl: drbd is/will be in 2.6.33 mainline
geb<Bertl> is drbd finally stable?
gebespcialy on debian :p
Popular searches: unknown option   joomla 1   

Generated by irclog2html.pl 2.1mg by Jeff Waugh - return