[00:02] hmm..ok. Maybe you are right [00:02] thanks burgundavia, I'll give this a try [00:03] dthacker: its definately possible [00:03] i have seen it and its a nice idea really [00:04] spiekey: 5 minutes of googling has only shown me how to make eth1 into eth0. [00:05] So I'll stick with conventional names. Good luck. === chuck__ is now known as zul [02:45] just noticed vim highlights chmod but not chown === stickystyle is now known as away === paul____ is now known as pschulz01 [05:05] Hey guys, I am looking for a software I can setup on a server that allows me to measure throughput speeds, it's not actually, technically a server as much as a routing firewall and I want to use it to measure 95th percentile [05:05] basically anything that can tell me how fast the data travelling in one direction through a nic is at any moment would be great if anyone can recommend something [07:19] i'm trying to setup routing on a dial-out connection [07:20] i'm running ubuntu-server on a powerpc mac with 7.04 [07:20] it'll dialout using pon, but none of the PCs on my home network can connect [07:44] <_ruben> jetole: mrtg with the 95 percentile patch would be the easiest way, a more advanced option would be to use cacti. and then there's probably also a ton of apps dedicated to the sole purpose of providing 95 percentile numbers [07:46] _ruben: sounds like a nice patch to incl. in Ubuntu ;-) [07:49] <_ruben> its a rather trivial one as well .. it adds a script to calculate the 95 percentile on a daily basis .. and a small modification to the html templates to include the 95 percentile [07:51] <_ruben> i doubt if its still actively maintained, and i think i added my own few modifications as well back in the day (been using cacti and several custom scripts for quite some time now) [07:51] ah [07:52] shouldn't be to hard to write though, I guess. [07:52] <_ruben> if i had been using it still i'd most likely volunteer to maintain a package for ubuntu of it [07:53] wouldn't it be easier to patch the existing package and add an option for 95th enabled? [07:53] <_ruben> indeed, the basics of the script are very simple .. its actually how i learned perl in the first place (followed by patching qmail-scanner.pl) [07:54] <_ruben> depends a bit on what the mrtg package exactly entails currently .. and since it includes a patch of a static html template (afaik), its a bit tricky to make it optional [07:55] <_ruben> the details have faded out over time a bit ;) [07:55] anyway, I need to head for work [07:55] laters [07:55] <_ruben> ok, cya (i arrived at work 1hr ago :P) [08:07] i'm trying to setup routing on a dial-out connection [08:07] i'm running ubuntu-server on a powerpc mac with 7.04 [08:07] it'll dialout using pon, but none of the PCs on my home network can connect [10:09] heya! can you guys check out bug 68818, bug bug 160176, bug 149641, bug 130836, bug 134068? [10:09] Launchpad bug 68818 in squid "squid transparent proxy is broken" [High,Fix committed] https://launchpad.net/bugs/68818 [10:09] Launchpad bug 149641 in logcheck "logcheck fails when auth.log.1.gz missing" [Undecided,Fix committed] https://launchpad.net/bugs/149641 [10:09] Launchpad bug 130836 in apache2 "Specify OpenDocument icon(s) in Apache2 configuration" [Wishlist,Triaged] https://launchpad.net/bugs/130836 [10:09] Launchpad bug 134068 in ubuntu "[needs-packaging] libapache2-mod-bwshare" [Wishlist,Fix committed] https://launchpad.net/bugs/134068 [10:10] bug 160176 too [10:10] Launchpad bug 160176 in bind9 "L.ROOT-SERVERS.NET record needs an update" [Low,Fix committed] https://launchpad.net/bugs/160176 [10:44] let's take a look. [10:48] i like the idea of mod-bwshare [10:48] i used mod_evasive untill now [10:48] that guy is waiting for a review for quite a while :-/ [10:49] but... we have a tool like that already :/ [10:50] we have an editor already... oh wait :-) [10:50] :) [10:50] i'm thinking about main... [10:50] editor/mp3-player/cd-burning-appliaction/... :-) [10:50] ok, i'll take a look at it [10:51] let's get it into universe first before we think about main [10:51] ivoks: you ROCK [10:51] i'm already preparing some stuff for apache [10:51] * dholbach hugs ivoks [10:51] everybody hug ivoks :) [10:51] please, we, at #ubuntu-server, don't hug :) [10:51] soren, mathiaz and keescook hug too [10:51] oh no... :D [10:52] and I'm sure I saw dendro-away hugging too :) [10:52] i'll move to redhat :D [10:52] ivoks: Aw, come one. [10:52] * soren hugs ivoks [10:52] dholbach: best thing i can promise is comparions of this and mod_evasive [10:52] :-) [10:52] a review of the packaging would be a good start [10:53] and that :) [10:53] * dholbach cleaned up a lot of other bits on http://people.ubuntu.com/~dholbach/sponsoring already [10:55] dholbach: i hate custom licenses [10:55] http://www.topology.org/src/bwshare/LICENCE [10:56] nghnghngh [10:56] now, is this one compatibile with apache license? :) [10:57] poor archive-admins [10:58] oh ok... [10:58] * ivoks hugs back [11:00] lamont: Could you be pursuaded to do the SRU's for bug 160176 ? [11:00] Launchpad bug 160176 in bind9 "L.ROOT-SERVERS.NET record needs an update" [Low,Fix committed] https://launchpad.net/bugs/160176 === EiSiJu is now known as ICU [12:30] morning [12:53] Good morning zul [12:57] hey ScottK [12:58] hello [12:58] problem with apache2 ssl support [12:59] a2enmod ssl [12:59] then reloaded apache [12:59] and got unexpected error code -12263 [13:00] from apache log: Invalid method in request \x16\x03\x01 [13:06] hi all. how long until hte meeting? [13:06] another 3 hourish [13:06] gah. thats 2.30 am here. i think my commitment isnt going to last out [13:07] svschwartz, you have https running over http port (or visa versa) [13:09] Kamping_Kaiser: sorry 2 hours [13:10] much better - just before 2am :P [13:10] * Kamping_Kaiser has work tomorrow :( [13:19] i'm going to crash - pass on my apoligies to the meeting. [13:19] later all. [13:23] _ruben: does mrtg not take the data from another router? isn't that what mrtg stands for? [13:23] soren: I fail to see the urgency [13:24] lamont: Well, it's not exactly urgent for another 6 months, but there's not exactly much to gain from procrastinating it a whole lot, is there? [13:25] 6 months, 2 years, it's so hard to tell.... [13:25] lamont: Hm? [13:25] it becomes an issue when there are 2 root nameservers that are wrong. and then only for startup. [13:25] those IP's tend not to be given to people that the ones who had the root server there don't trust [13:26] and then it's a perf issue at startup === dendro-away is now known as dendrobates [13:30] lamont: I can't say I'm entirely comfortable putting a lot of security into the fact that the ip's *tend* to not be given to evil h4x0rs. [13:31] Er.. s/security/trust/ [13:38] soren: true. it's more of a historical thing [13:39] and it's not like they're totally hijackable and such [13:43] lamont: While I can see that it MIGHT not be completely unreasonable to not SRU it, I belive The Right Thing[tm] to do is update it. No worries, I'll do it. You're just "the bind guy" so I thought I'd see if I could weasel out of it. :) [13:43] It's kind of when we constantly patch security holes in all sorts of stuff that we're not even sure is exploitable, but just to be sure, we fix it. [13:45] * soren forgot all about lunch [13:45] soren: yeah. it's more motivation than anything else.. [13:45] I figure there'll be some other update to bind before I get to that :-) [13:45] :) [13:46] Yeah, if we're really lucky, there'll be some vulnerability in it, so that the security team will have to do it. Muhaha. [13:47] Not patching a security hole because of doubts of how exploitable it may or may not be is, IMHO, a catastrophic mistake. [13:48] Well trusting the root is kind of how DNS works. DNSSEC is the solution, but until the root is signed ... [13:48] akincer: Just be clear: We don't avoid doing security patches even in those cases. [13:49] I understand. It's the reason I use Ubuntu from the top to the bottom of the stack everywhere I cn [13:49] can === MenZano is now known as MenZa [13:49] akincer: I was just comparing the two situations and saying that we should apply the same logic to the two. [13:49] * soren really, really, *really* goes to lunch now [13:49] Sadly, we humans must eat. Go :) [13:50] Well, not so sadly if the food is good :) [13:51] DNS is a tree of trust that some would argue is potentially a house of cards. But oddly enough, even the "bad guys" rely on that trust for their everyday internet uses. It isn't in their interest to destroy it [13:56] Have any of you played with the latest versions of bacula and the bat admin tool? I'm digging it [14:13] akincer: Which version is that? [14:20] akincer: Looks shiny. [14:52] soren, http://waste.mandragor.org/dongo.png newest server from ubuntu-eu.org ;) running ubuntu;) [14:52] * soren drools uncontrollably [14:53] juliux: Where did it come from? [14:53] soren, from transtec [14:53] soren, we only paid the second cpu and 4gb ram [14:54] Nice. [14:54] Oh, quad-core things? [14:54] the server has two quad-core cpus;) [14:54] so 8 cores 8gb ram on 1he;) [14:55] and ubuntu on it [14:58] but its idle ;) [14:58] hi coffeedude! (it's Jamie) [14:59] (from Ubuntu) [14:59] Meeting in #ubuntu-meeting in one minute and 22 seconds. [15:02] jdstrand: morning [15:21] nealmcb: Around? [15:21] nealmcb: -> #ubuntu-meeting [15:22] nealmcb: your presence is requested in #ubuntu-meeting [15:23] (JeOS discussion) [15:27] soren: I've been playing with 2.2.5. The bat tool has all appearances that it can be compiled and run on a desktop pointing to a bacula server [15:40] soren: howdy [15:40] nealmcb: -> #ubuntu-meeting === georgy is now known as codingmaster [16:18] soren: and yeah, SRU certainly makes sense, it's not at the top of my list of projects though... [16:19] lamont: Alright. I'll look into it in a few days then. [16:22] soren: re default-mta package... you want to go ahead and create the default mta package, and I'll upload it to debian (depends: exim4) and we can start the discussion there, so as to separate the two discussions better? [16:23] lamont: It's worth a try :) [16:24] given that I'm the postfix maintainer for debian, me uploading an exim4-depending default-mail-transport-agent package should help migrate the discussion towards having the meta package. [16:24] Is there a more agressive way to kill processes other than kill -9 PID [16:24] ? [16:25] Gargoyle: well, there's /sbin/reboot. But that's kinda overkill. [16:25] I can't think of anything in between, though [16:27] soren: what's the meeting in #u-m, btw? [16:27] * lamont kinda bets "server team" [16:27] Good guess. [16:28] lamont: Good point about you uploading the package, by the way. [16:29] he he DRBD > /sbin/reboot!!! :-) [16:30] Gargoyle: No, kill -9 is the most agressive there is. [16:31] Gargoyle: Why do you ask? [16:31] Testing my DRBD cluster, and it seems to have gotten itself in a mess [16:32] The system was working ok, but trying to to anything with the drbd volume caused that process to lock up (tar, ls, etc) [16:35] Gargoyle: Yeah, they're stuck in I/O-wait. You need them to let go somehow. [16:35] * Gargoyle yanked the power cable out! [16:39] Um.. [16:39] Well, yes, that's on option. [16:40] he he [16:43] hmmm... it was working so well last week! [16:45] Gargoyle: if kill -9 won't kill the pid, then it's blocked in the kernel at an uninterruptable priority. once it wakes up from that (assuming you can arrange it), then it should be killable. until then, reboot or air-gap is the only answer [16:46] And it's not picked itself up properly after the reboot. :( [16:51] lamont: Well, not only killable, it'll die a swift death automagically, right? [17:00] Is there a way to find out what process is holding a device open? [17:02] lsof [17:03] or fuser [17:03] fuser -m might also be interesting. [17:07] soren: if you previously did kill -9, and it finishes it's uninteruptible wait, then yes. quick death [17:07] lamont: Right, thought so. [17:08] the signal is pending, it's just not delivered because we slept saying 'leave me alone. lalalalalala' [17:08] (those are all supposed to be _very_quick_ waits) [17:08] e.g., disk i/o [17:08] never terminal i/o [17:09] Sure. [17:09] does anyone have problems using /etc/init.d/apache restart out of interest? it doesnt 'actually kill the running apache for me [17:10] pookey: it doesn't need to [17:10] and yes, I use it from time to time [17:11] lamont: it doesn't? I end up with more and more apache processes every time I use it - chewing up more and more memory [17:14] ps aux | grep apache | grep ^root | wc -l == 5, restart apache a few times via the init script, and it's gone up to 7... [17:14] pookey: then fix your configuration [17:15] oh, running as root... [17:15] hm... [17:15] that should be one [17:16] indeed it should [17:16] can anyone help me forcefully stop drbd? I am trying to send a node into secondary and am getting this: drbd0: State change failed: Device is held open by someone [17:16] Gargoyle: is it mounted? [17:16] nope [17:16] "restart" is required to get one to a state similar to stop/start. if the daemon can do that without stopping and starting, then restart is allowed to do that. [17:17] pookey: it sounds like what you really want to do is: /etc/init.d/apache stop; /etc/init.d/apache start [17:17] lamont: I just tested that action too - that doesnt' work either [17:17] apache2ctl start && apache2ctl stop does however [17:17] I'll investigate futher, was just wondering if it was a known issue [17:17] sounds like a borken init script then [17:18] apache2ctl stop sends a SIGTERM, the init script sends a SIGWINCH [17:18] ivoks: Just removed drbd and heartbeat from init and trying a reboot. [17:18] which doenst' quite seem rihgt to me :) [17:19] The odd thing is that the console does the shutdown all the way to [* Will now restart] and then hangs [17:19] could be a hardware issue I suppose. [17:20] Gargoyle: i droped heartbeat [17:20] whenever i stoped it, it kept hanging [17:20] that and lots of other problems made me think about what soren said [17:20] what do you use instead? rcs? [17:20] 'duh, we already have redhat cluster for that' [17:20] yes,,, rcs [17:21] but nothing is trivial to set up [17:21] what FS do you use on that drbd? [17:22] ivoks: might have to revisit the docs. heartbeat seemed a bit easier to setup [17:22] ivoks: ext3 [17:22] ahh... it's apache2ctl graceful-stop that seems to be failing [17:23] then you won't have problems [17:23] i'm using GFS, so i have to start drbd before rechat cluster [17:25] ivoks: Sounds a bit similar, at the moment drbd starts up before heartbeat. [17:25] heartbeat just handles the promotion to Pri/Sec and mounting the filesystem [17:28] ahh... it's apache2ctl graceful-stop that seems to be left doing an epoll fd 29, which is '/anon_inode:[eventpoll]';, [17:30] ah no, that's not always the case... meh [17:30] this looks like an apache bug anyway, not ubuntu [17:33] ivoks: If you have used drbd before on the same disk, is there anything other than drbdadm create-md all that needs doing? [17:33] ivoks: It said meta data was updated, but bitmap was not. [17:34] trying reiserfs this time! [17:34] ug, I maed that mistake once [17:34] after loosing my entire file system, i've not bothered again [17:35] is ext3 still the best? [17:35] ivoks: did soren say something about heartbeat that I missed [17:35] Gargoyle: I hear lots of good things about XFS [17:36] actually , Iuse XFS on 2 of my server - but generally stick with ext3 [17:36] and reiserfs is in a state of limbo as I recall [17:36] well, he's in prison? ;) [17:36] hmmm [17:37] On a 4 disk raid5, how long do you expect it would take to format ext3? [17:37] each disk is 140Gig, SCSI [17:38] I couldn't really guess ... 'not long' though I'd have thought [17:38] I remember seeing a fantastic notice in windows however, which might apply... 'This may take some time, or considerably longer' :D [17:38] LOL [17:39] I might run some dell hardware tests tomorrow. losing confidence in these servers - DVD drive failed this morning. [17:39] which server? [17:39] I thought it was cheap ass CD-R's until I had burnt 3 copies of 7.10 [17:40] PowerEdge 1850 [17:40] 18 months old, maybe 2 years. [17:40] we have a fwe of those, good mahcines.... as far as we've expreienced anyway [17:40] (we being both current, and former employer) [17:40] but.. I've only managed about 10 in my time, so.... YMMV [17:40] yeah, they seem ok. But a "firend of the boss" shipped them up from london in his car. [17:41] oh, where are you? [17:41] and one of the front plates is bent where it sticks out for the rack screws. [17:41] Manchester [17:41] didn't spot you were a fellow UKer :) [17:41] * Gargoyle is idling in ubuntu-uk [17:41] :) [17:41] I noticed just a moment ago :) [17:42] The two machines and drbd worked fine last week [17:42] using it for email? [17:42] I was yanking power cables out and all sorts, and the cluster was working ok. [17:43] I did a clean install yesterday to write/check my docs and it all went wrong with my first test (nic failure of slave!) [17:43] Nahh, MySQL database [17:43] Gargoyle: i'm using drbd only on primary/primary setups [17:44] Gargoyle: with network file system, so both machines could write at the same time [17:44] any chance of getting a copy of your docs? I've neve rplayed with DRDB... all I know is that when I was working for an ISP, they considered the idea and then binned it for some erason - but that was 3 years ago,perhaps it's better now [17:44] no real need for that with MySQL [17:44] Gargoyle: why DRDB, and not replication? [17:45] this is for mysql? [17:45] I've not looked at how mysql's clustering support is for a year or so... [17:45] mysql-cluster is great, but slow and NDB [17:45] mysql replication is great, but no buts... [17:45] sure pookey. They are a mix up of other sources, and stuff I have gathered from here and #linux-ha [17:45] ivoks: Replication is not syncronous [17:45] Gargoyle: I'd appreciate it if yo ucoudl throw it at pookey at pookey co uk [17:46] right, it's not... [17:46] Gargoyle: I thought you could somehow do multi-master with MySQL ? or does that need cluster ... [17:47] pookey: Not sure. It was the case that it was not supported, but I think I saw a white paper on it on a MySQL news feed a few weeks ago. [17:47] I'm just curious as to why, I'm not suggseting you're doing it all wrong BTW :) [17:48] I wsa googling... http://capttofu.livejournal.com/1752.html that looks quite interesting [17:48] We can't really use cluster because our database is HUGE! [17:49] 300Gig + last time we checked. [17:49] Gargoyle: may I ask who you work for or what it's for ? [17:49] pookey: Telemetry data. [17:49] * Gargoyle knows where you drive your car!! mu-ha ha ha ha.... :D [17:49] I honestly don't think you do :) [17:50] * pookey doens't drive ;) [17:50] although.. you might know that I guess... [17:50] * Gargoyle knows where you ride your bike!! mu-ha ha haaa.a.. forget it.. moment has passed! ;) [17:51] pookey: Word doc (uhhh) or PDF? [17:51] for your 300gig DB? definatly PDF ;) [17:51] or PDF if yo umean the document [17:51] he he === dendrobates is now known as dendro-away [18:00] on its way pookey [18:00] thanks :) [18:01] hmmm when did I ask that filesystem question.... [18:02] which one? [18:02] 17:36 < Gargoyle> trying reiserfs this time! [18:02] pookey: Yup, half an hour seems a while to initialise reiserfs on a 400GB volume! [18:03] I think it's locked up again. [18:03] still goin' eh? [18:04] pookey: where abouts you from? [18:05] Oxfordshire currently [18:06] Well, I am all fed up with drbd and mysql for today, going home... [18:06] * Gargoyle hates his drive home. [18:27] so what is up with CONFIG_IPC_NS=y, CONFIG_UTS_NS=y in the server kernel but not the desktop kernel? http://www.enterprisenetworkingplanet.com/netos/article.php/3712031 === mdz__ is now known as mdz_ [20:12] zul: can you link the blue print to the wiki page for the xen spec (https://blueprints.launchpad.net/ubuntu/+spec/xen-hardy) ? [20:12] zul: the wiki page correctly links to the blueprint, but the blueprint doesn't link to the wiki page. [20:14] mathiaz: done [20:17] zul: thanks :) [21:58] dendro-away: you've assigned the virtualization spec to me - as a drafter. Is this correct ? [22:01] awesome, next meeting is only 5AM [22:01] (for me) [22:02] ajmitch: just drink coffee :-) [22:02] I think I'd need a direct injection [22:02] heh... I know people with IV starting skillz [22:06] * ajmitch doesn't see the web app frameworks listed as a task on the roadmap page [22:13] ajmitch: the roadmap is not updated yet. [22:13] I thought that was an item from a few weeks ago? [22:13] ajmitch: I've just edited the spec tough: https://wiki.ubuntu.com/WebAppsPackaging [22:14] ajmitch: it boils down to two points: [22:14] ajmitch: make some improvement on the apache configuration by including mod-fcgid in main [22:15] ajmitch: and evaluate wwwconfig-common and dbconfig-common to see if they can be used as the official way to package web application in ubuntu. [22:15] ajmitch: which means moving them into main, writing some documentation and making sure that webapps in main uses the framework. [22:16] right, and wwwconfig-common has certainly been 'rejected' - even moodle's packaging had to be rewritten [22:17] gettign either of those into main would be a challenge [22:18] * ajmitch is more interested in the python & php web app side of things at this stage, using django, zope/plone & working on a php web app as a job [22:18] I already have one largish php web app in debian that desperately needs fixed up to avoid wwwconfig-common [22:18] ajmitch: do you know the reasons for the rejection ? [22:19] it was basically unmaintained, and that people were told to use something else, iirc [22:21] eg http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=293141 [22:21] Debian bug 293141 in wwwconfig-common "wwwconfig-common should suggest apache2" [Wishlist,Open] [22:21] "wwwconfig-common will probably be depricated. And actually it should [22:21] not be used for apache configuration, especially on apache2 as [22:21] there are a conf.d directory instead." [22:25] projects like grok are generally installed from python eggs at the moment, which drops things into /usr/lib/python2.X/site-packages [22:26] so I'd rather see them in debian (and ubuntu) [22:30] fwiw, there's a reasonably urgent security fix needed for zope-cmfplone [23:07] hmmm - odd that "apt-cache --installed rdepends libpcre3 " prints out libpcrecpp0 6 times.... [23:11] keescook: (repeat since this is useful for your bug): hmmm - odd that "apt-cache --installed rdepends libpcre3 " prints out libpcrecpp0 6 times.... [23:12] I doubt it is related to your bug, just seems odd.... [23:18] nealmcb: that is kind of funny. which release? [23:18] gutsy [23:19] yeah, same for me. must be something in apt-cache. There are multiple apps that depend on libpcrecpp0, so maybe they're each causing a hit? Dunno. :) [23:20] nealmcb: mostly I just want to know it's all still working. I'm starting to think I'm being overly cautious, but full-version updates creep me out, even when upstream is ABI-compat :) [23:20] I looked at that a bit and it didn't seem quite that way.... [23:21] keescook: yeah - I'd be cautious too with 183 dependencies.... [23:21] :) [23:21] how long has this version been out, and how much use has it had? [23:22] the version itself has seen tons of use. And even the transition from 6.7 to 7.4 I'm comfortable with, based on Debian Etch's total lack of bug reports about it. [23:23] 6.4 to 7.4 weirded me out a little due to the need for a few more ABI fix-ups. It tested out fine for me, but I've only got so many configs I can try when testing. I start to run out of ideas. ;) === soren_ is now known as soren [23:52] is thre some way to add a user into a mysql database usingn bash? i have a line to select, but it seems i dont have a user - echo "select Host, User from user;" |mysql -u root --password=root mysql [23:59] if it's mysql users, then you could use mysqladmin