/srv/irclogs.ubuntu.com/2010/05/19/#ubuntu-server.txt

bcNonpython: look for -t option in /etc/default/bind9. Is it there? e.g. /var/lib/named00:00
Nonpythonno, just "-u bind"00:01
Nonpythonif OPTIONS00:01
Nonpythons/if/in/00:01
bcNonpython: see if user bind has permissions to read/write /var/run/named.pid, for example00:01
Nonpython/var/run/named.pid does not exist.00:02
bcNonpython: see if running named-checkconf spits out any problems00:03
Nonpythonok00:03
Nonpython/etc/bind/named.conf.options:27: unknown option 'zone'00:03
Nonpython/etc/bind/named.conf.options:32: unknown option 'zone'00:03
bcNonpython: can you pastebin /etc/bind/named.conf.options?00:04
Nonpythonhttp://pastebin.com/S02aqCMm00:05
bcNonpython: those errors may be in /var/log/daemon.log or /var/log/messages as well. See if any other hints are in there.00:06
bcNonpython: "Unknown paste ID, it may have expired or been deleted!"00:06
bcNonpython: FYI you might also like `apt-cache show pastebinit`00:07
Nonpythonhttp://www.pastie.org/96671600:08
bcNonpython: move zone blocks outside of options { };00:09
Nonpythonok00:10
Theravadando-release-upgrade claims there are no new releases despite being on 8.04.100:11
mathiazTheravadan: that's normal. LTS to LTS upgrade will only be enable when 10.04.1 is released00:12
Theravadanmathiaz, darnit00:12
mathiazTheravadan: https://wiki.ubuntu.com/MaverickReleaseSchedule <- this is currently scheduled for end of july 201000:13
bcf1yback: Re: that 4" thick thinkpad, I have no idea what I'm going to do with it :P00:14
Theravadanmathiaz, hmm if I change /etc/update-manager/release-upgrades such that Prompt=normal can I go to 8.04?00:15
mathiazTheravadan: I don't know00:15
mathiazSpamapS: o/00:15
Theravadanmathiaz, hmm i'll try it with a non-essential machine00:15
f1ybackbc well don't toss it00:16
f1ybackfirst thing you should do with it though is run dban on it00:16
f1ybacka) to clear the preverious own's data00:16
f1ybackb) also gives the hd a chance to reallocate any sectors going bad00:16
f1ybackprevious owner00:16
f1ybacksorry long day00:16
Theravadancross your fingers - upgrading00:17
bcf1yback: first order of business is to pretend in a Starbucks I think.00:19
f1ybackhahah00:19
f1ybackonly problem with that is if it has someone else's porn on it00:19
f1ybackthat's why I always wipe boxes I am given or find on the street side on trash day00:19
f1ybackalso just because it's none of my damn business what was on there00:19
bcf1yback: that's actually pretty scary now that you brought it up.00:20
f1ybackyeah i'd wipe the hd00:20
f1ybackdo make a backup of the recovery sw and/or partition first if you plan to reuse the os it came with00:21
f1ybackthen just wipe it with dban or mhdd if you can inititalize the "ATA security erase unit" command00:21
f1ybackmhdd has the added bonus of surface testing and smart log checking00:21
enavhi!!!!!!!00:22
f1ybackhi00:22
NonpythonI have a ton of errors from Bind! http://www.pastie.org/96674200:24
KutakizukariUpgraded my Ubuntu 9.10 to Ubuntu 10 and it also upgraded my php 5.2 to php-5.3. How can I downgrade to php version 5.2 again?00:24
bcNonpython: part of that is permissions. make sure user bind can read those files that you're getting permission denied on.00:27
bcNonpython: if possible, pastein one of those zone files00:27
ryoohkidoes anyone have a copy of /etc/apt/sources.list from a fresh U.S.A. install of unbuntu server 10.0400:33
ryoohki????00:33
JanCryoohki: I think people gave you that already...00:34
ryoohkii didn't see it00:34
ryoohkiJanC: USA?00:35
Nonpythonhttp://www.pastie.org/96676000:35
Nonpythonis db.trueblogtales.com00:35
Theravadanoh yeah just upgraded from 8.04.3 LTS to 10.0400:39
bcNonpython: your CNAMEs are a problem. try this, but update your serial first, and maybe clean up my fubar formatting. http://www.pastie.org/96677000:41
bcNonpython: I don't think that should give you any problems, but try loading just that zone, then clear up the error log, then load the other zones00:42
=== chewbranca_ is now known as chewbranca
NonpythonTwo errors: 18-May-2010 23:44:53.537 couldn't add command channel 127.0.0.1#953: address in use00:45
Nonpython18-May-2010 23:44:53.537 couldn't add command channel ::1#953: address in use00:45
NonpythonAnd a third: 18-May-2010 23:44:53.539 zone trueblogtales.com/IN: NS 'ns.trueblogtales.com' has no address records (A or AAAA)00:45
bcNonpython: for the NS, you need: IN    A 69.175.115.1800:46
Nonpythonok.00:46
bcNonpython: sorry: ns  IN  A 69.175.115.1800:47
NonpythonWhat do the first two mean?00:48
bcNonpython: try this (also update serial again, don't use the one in the paste) http://www.pastie.org/96677000:48
bcNonpython: only change is line 1500:49
NonpythonI did exaCTLY that00:49
Nonpython(sorry my kb is borked)00:49
smoserbinBASH, sorry, i don't.00:49
smoserbinBASH, if you're having issues, please do open a bug00:50
bcNonpython: are you saying your file looks exaclty like that, minus the serial, and you are still getting 'NS 'ns.trueblogtales.com' has no address records'?00:50
NonpythonNo, the ...couldn't add command channel... errors.00:51
bcNonpython: stop and start bind00:54
f1ybackquestion, is squash just really sensitive to cdrom read errors or does getting low on ram cause squashfs to shit00:54
Nonpythonthe latter00:54
f1ybackI seen this way too much on a variety of machines and hardware00:54
f1ybackah00:54
NonpythonWhat do I do with the reverse zone if I have two domain names with the same first three octets but have different last octet?00:54
f1ybackand I was running a program designed to fill up the ram00:55
NonpythonSo Yeah.00:55
f1ybackthx00:55
NonpythonI should know, I practically maintain it.00:55
f1ybackhahaha ;)00:56
f1ybackthx I wanted to make sure my hw was stable00:56
f1ybackso using memtest.sh00:56
f1ybackamazing though I can run months on a livecd on my main desktop00:56
f1ybackmy laptop which is actually better hw shit but since I switched it to a usb flash drive works fine00:57
tsimpsonf1yback: please watch the language in here00:57
BrixSathello any one with squid experience?00:57
f1ybackok00:57
f1ybackso squashfs gets *CANUCKED* easily00:58
f1ybackthere00:58
BrixSati need to password protect my proxy but i dont know wich acl to use00:58
bcNonpython: if I understand you correctly, you use the same file. You want PTR records.00:58
NonpythonYay!00:59
bcNonpython: similar to the CNAME.. e.g. 1  $TTL IN PTR foo.00:59
f1ybackoh and you are one too01:00
f1ybackthat explains it01:00
* f1yback bites Nonpython 01:00
f1ybackCANUCK!01:00
Nonpythonflyback: not true, I am from Blane, Washington, also known as Meth Lab Estates.01:01
NonpythonWhich is literally on the border.01:01
NonpythonI moved there in case I had to move to Canadia.01:02
f1ybackoh wavecable01:03
f1ybacknot wave.home.com01:03
NonpythonYeah.01:03
NonpythonSame company.01:04
f1ybackno there's a canuck isp called wave01:04
NonpythonYeah, wavecable operates in canada as just "wave".01:04
MkoolsHi, please help today is my external on major project. I am able to deploy my .war but not able to run servlet and jsp code on it, getting exception error.root cause01:04
Mkoolscom.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failur01:04
=== Edgan__ is now known as Edgan
NonpythonHow can I setup reverse DNS for a second domain on a IP address that is identical except for the least significant octet already has a domain with reverse DNS stuff?01:09
qman__Nonpython, you can set multiple reverse DNS for one IP, but they get served round-robin style01:11
qman__you don't get all of them, just whichever one is up next01:11
NonpythonNot the same IP.01:11
NonpythonSay you have a server with the IP 42.42.42.4201:11
Nonpythonand that has the domain example.com.01:12
Nonpythonbut you also have 42.42.42.43 that hosts example.net.01:12
KutakizukariFound the solution to my problem, if anyone needs to revert back to php version 5.2 from php 5.3 after upgrading Ubuntu then here it is: http://ubuntuforums.org/showthread.php?p=915277801:12
NonpythonHow do you set up reverse IP for the latter?01:12
qman__same way as the first01:13
NonpythonI am a tard. :(01:13
qman__42.42.42.42.in-addr.arpa  IN PTR  example.com01:13
NonpythonYAY!01:13
qman__43.42.42.42.in-addr.arpa  IN PTR  example.net01:13
ScottKKutakizukari: Please don't encourage people to use unsupported PHP versions.  That last thing one should run is a PHP that doesn't have security support.01:13
ScottKIf you need 5.2, don't upgrade to Lucid until your're ready for 5.3.01:14
qman__those should have trailing dots, but you get the idea01:14
NonpythonI know, I am smrt!01:14
KutakizukariScottK, drupal needs 5.2 not 5.3. I was not aware that it would do that.01:15
Kutakizukarimany have the same problem and the solution was difficult to find.01:15
ScottKThat solution isn't a solution.01:15
Kutakizukarifor me and many others it is01:15
ScottKI understand you think it is.01:15
ScottKAre there bugs about Lucid's drupal not working?01:16
Kutakizukarijust the version 5.3 will not run drupal it needs php version 5.201:16
qman__rather than downgrading PHP, this should have been reported as a bug in the drupal package for lucid01:17
qman__so it could be fixed01:17
qman__rather than having people run old, potentially insecure software01:17
Kutakizukarino bugs just an option to not upgrade php version 5.2 to 5.3 would have been nice01:18
qman__not working on 5.3 IS a bug01:18
Kutakizukariok01:18
ScottKSupporting one version of PHP per release is more than enough.01:19
Kutakizukariunderstand you point01:20
Kutakizukarithere is a bug http://drupal.org/node/36060501:41
=== dendrobates is now known as dendro-afk
jetoleHey guys. Does anyone know of a FTP server that will allow me to use active directory to authenticate users?01:57
kirklandSpamapS: howdy02:06
Mkoolshey man can anybody help.02:08
nealmcb!ask | Mkools02:13
ubottuMkools: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)02:13
nealmcbMkools: ahh - I see your earlier question now.  Sorry I can't help....02:15
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
arujI'd like to install a pastebin server for my intranet. Any suggestion?02:36
pmatulisjetole: i know pureftpd can authenticate against ldap so it should work03:00
uvirtbotNew bug: #582627 in openldap (main) "slapd sometimes doesn't start in lucid; can't log in if using nss_ldap" [Undecided,New] https://launchpad.net/bugs/58262703:21
celeborn999has anyone had any luck getting wordpress to work with ssl and apache?03:24
maxagazhi03:27
maxagazI can't see autofs anymore in "ps aux" on lucid, why ?03:29
maxagazhow else should I check running processes ?03:29
enavapparmor can do that03:50
RoAkSoAxkirkland: ping?04:13
NonpythonI looked at my server and there was only 2MB of RAM free, and I looked and found that there were 12 Apache web server processes running! What could cause this?05:02
slacksterhaving apache2 installed, and it being used05:02
slacksterI have 10 spawned05:03
slacksteryou can mess with apache settings to lower the number, but it should be fine as is.05:04
NonpythonShould it be eating up ~300MB of ram on a server with 2 unheard of websites?05:05
slacksterNonpython: no, I don't think so05:07
NonpythonWTF is it wrong?05:07
Nonpython(My english is not good)05:07
slacksterI think I get the picture, but I don't know what is wrong.. maybe #httpd can help\05:08
* slackster is inserted in what is wrong, however05:09
ajmitchwhere are you getting the 300MB number from?05:09
slacksterinterested05:09
ajmitchmerely adding up the memory used by each process won't give you an accurate number05:10
Nonpythonajmitch: top and statistics skills.05:10
NonpythonCombined the percentages and calculated based off of my meager 384MB05:11
ajmitchtaking into account memory used for buffers/cache?05:12
NonpythonHuh?05:12
ajmitchthe point being that free memory is essentially wasted, and the kernel will use it05:13
ajmitchsee the output of 'free -m', specifically the line about buffers/cache05:13
NonpythonIt was a mod_php thread and memory leak.05:13
ajmitchPHP would do it..05:14
NonpythonIt was filling up its memory and spawning a new thread to have more.05:14
deslectorhi, any idea how ubuntu installer treats a home partition which already has an encrypted home folder with the same name as the username you are creating on the installer?05:31
NonpythonNo05:33
deslectorhmm... I will have to test that on a VM first, then :-)05:36
deslectorNonpython, thanks05:36
twbdeslector: encrypted how?05:36
deslectortwb, I have an installation of 9.10 with /home on a separate partition05:37
deslectortwb, on that partition, user foo has his encrypted home folder05:37
deslectoron that partition too, there is a .ecryptfs folder05:37
deslectorI want to do a fresh install with 10.0405:38
NonpythonYou will lose it.05:38
deslectortwb, when I get asked to create a user, i want to create the user foo05:38
twbHuh.05:38
deslectorI am wondering if the installer will overwrite something as to make my old home unreadable or if it will recognize what is happening and simply use what is already there05:39
twbI've never seen per-user file-level encryption like that.  It sounds insane.05:39
deslectorI plan to use the same password as before for user foo05:39
twbI guess ubuntu is using a fuse crypto layer and a loopback mount or something05:39
deslectortwb, this is regular "encrypted home" ubuntu feature05:39
deslectorI didn't tweaked it or anything05:40
twbIt wasn't there in 8.04, so I don't know about it.05:40
apctrhi all i installed ubuntu-desktop package on my ubuntu server edition..but gui doesn't come when i boot my system...plz tell me wht is the next step05:40
deslectortwb, ok, thanks...05:40
twbdeslector: is there a reason you're reinstalling Ubuntu rather than just upgrading?05:40
deslectortwb, just my OCD, I guess... :-)05:41
slacksterdoesn't update installer ask whether to keep config files before replacing.. in this case passwd files?05:42
slacksterI would think it would be ok05:42
slackster*think*05:42
deslectorslackster, I'm not updating, I'm doing a fresh install... that's the thing05:43
apctrhow to take gui option in server 9.10??05:45
slacksterfresh install should overtwrite everything?05:45
slacksterapctr: which GUI..05:45
deslectorslackster, that's what I would think... just wondering if the installer was "smart" enough to recognize this scenario...05:46
apctrslackster: i installed ubuntu-desktop package but it will satrt only in terminal mode...05:46
slacksterapctr: try "startx"05:46
apctrslackster: i tried but it fails05:47
slacksterdeslector: sorry, I don't know it well enough05:47
slacksterapctr: what about "sudo /etc/init.d/gdm start"05:47
KenjiPopsapctr: you may need to configure X first05:47
deslectorslackster, don't worry... I'll just try it on a VM first :-)05:47
deslector(plus, I always back up my data when doing dangerous stuff :-)05:48
NonpythonWhat package is mpm_netware in?05:48
apctrKenjiPops: how to configure it?05:49
KenjiPopsapctr: sudo dpkg-reconfigure xserver-xorg05:49
apctrslackster: it is showing some error :upstat job05:51
deslectorok, found the answer05:57
deslectorhttp://ubuntuforums.org/showthread.php?t=146339205:57
deslectorlast post05:57
deslector:-)05:57
slacksterdeslector: glad you figured it out. :)05:59
slacksterhopefully it works as planned06:00
twbThe installer is probably dumb, because you aren't expected to *re*install, you're expected to upgrade06:00
deslectortwb, yep, that's what I thought too... but the post I linked before says otherwise...06:05
twbI trust forum users about as far as I can throw them06:06
deslectortwb, "throw them" ?06:06
twbAn idiom.06:07
twbI mean: "I do not trust forum users"06:07
deslectortwb, oh, ok... well, I wouldn't trust my /home either... that's why god invented backups ;-)06:07
deslectortwb, anyway, thanks for your time :-)06:08
NonpythonHow do I install mpm_netware on ubuntu 8.04?06:12
twbNonpython: never heard of it.  What is it?06:12
Nonpythonapache module.06:12
twbAh, apt-file indicates it's part of the apache2 package.06:13
NonpythonExcept for the fact that I have that package and it is not there.06:13
twbPerhaps it is not a DFSG-compliant component?06:14
NonpythonDFSG?06:15
twbDebian Free Software Guidelines; an early definition of "open source".06:15
NonpythonAhh, old baggage from epicfailbian.06:16
twbHere's the apt-file results as a web page: http://packages.ubuntu.com/search?searchon=contents&keywords=mpm_netware&mode=filename&suite=lucid&arch=any06:17
f1ybackyeah06:17
f1ybackI think I know what I need to do06:17
NonpythonOnly the documentation is there!06:18
f1ybackyou reach a point where you get defeated enough times you decide that you have had enough06:19
twbThe documentation seems to indicate that mpm-netware is only useful if you're running netware, which sounds like a separate OS (i.e. not ubuntu).06:19
Nonpythonyeah.06:19
NonpythonI'm going CentOS.06:20
Nonpythontwb: it is.06:20
twbSo why do you want *Ubuntu's* apache2 to have mpm_netware?06:20
NonpythonI need to limit apache's number of threads because it is raeping my memory in the butt,06:21
Nonpython.06:21
twbI don't think switching to netware is the right way to achieve that.06:21
slacksterNonpython: I was going to recommend freebsd..06:21
slacksterseems very light to me06:22
twbNonpython: have you asked #httpd (the Apache channel) about it?06:22
Nonpython8 times, no responce.06:22
twbDid you ask about limiting memory usage, or about installing mpm-netware on Ubuntu?06:22
twbDid you wait several hours for a response?06:23
NonpythonI found out about mpm-netware through them, then I asked about ubuntu installs 8 times.06:23
NonpythonThey won the useless award for uselessness.06:23
twbYou should be telling them the symptoms (i.e. "I'm running out of memory"), not trying to diagnose it yourself (i.e. "how do I install mpm-netware?").06:24
NonpythonI have.06:26
twbOK, then there's not much more I can do.06:26
SpamapSNonpython: is this a purely static server?06:27
NonpythonNo, it runs PHP scripts out the ass.06:28
SpamapSPHP in threaded apache?06:28
NonpythonYes.06:28
SpamapSor PHP in fastcgi mode w/ threaded apache?06:28
SpamapSok threaded PHP is *a waste of time*06:28
NonpythonI do not know06:28
SpamapSeach thread must use its own pool of memory..06:29
NonpythonWhat is this "fastcgi" thing?06:29
SpamapSit gains *no benefit* by being thread safe.. but does cost because of the mutexes.06:29
NonpythonI assume that it is faster CGI.06:29
SpamapSfastcgi runs php on the backend independent of the webserver06:29
SpamapSIn cases where you want to serve static and php or mixed languages, its a good choice.06:29
SpamapSIn cases where you just have PHP, mod_php in prefork mode is by far the most stable and highest performing configuration06:30
slacksterNonpython: where are you getting these memory readins from?06:31
SpamapSNonpython: but let me make this very clear. *threaded MPM + PHP is a waste of time*06:31
NonpythonOk.06:31
slacksterNonpython: run "free -m" and subtract cached06:31
SpamapSHave spent extensive time trying to make that work well. The issue is that Zend's memory allocator is not stable enough to share one pool of RAM.06:31
slacksterand buffers06:32
SpamapSyeah its just a big damn joke06:32
SpamapSthat they even suppor threading.. totally stupid06:32
Nonpython212 used MB.06:32
slacksterNonpython: so you have more than 2MB free now... ;)06:32
slacksterNonpython: you should be ok06:33
NonpythonNo, this is without apache.06:33
* Nonpython is stupid06:33
slacksteryou've stopped apache?06:33
NonpythonYes.06:33
twbI didn't think you could even HAVE threaded PHP06:33
SpamapSThe only time where a pure PHP workload makes sense w/ fastcgi is when you are going to have a ridiculously high number of clients running PHP scripts ... but then you should be using lighttpd or nginx for your fastcgi frontend.06:33
twbDoesn't apache-php5 force you to use apache2-mpm-stinky ?06:33
SpamapStwb: look up "ZTS" aka "Zend Thread Safety"06:34
twbSpamapS: heh, I don't care THAT much :-)06:34
Nonpython381 MB of 384 MB including cache.06:34
SpamapStwb: ^5. :)06:34
twbIMO anyone running PHP is already lost06:34
Nonpythonnot including cache.06:34
SpamapSPHP has its moments. :)06:34
Nonpythontwp: I need mah schweet wordpress.06:35
slacksterNonpython: don't worry about the cache06:35
twbEh, it's moment was being perl for people who didn't already know perl.06:35
slacksteror not..06:35
NonpythonI know perl.06:35
twbNonpython: yes, well, wordpress doesn't exactly have a hot security record.06:35
Nonpythonand I hate PHP.06:35
twbNonpython: this was back in the 90s when all web code ran on perl.06:35
NonpythonIt stole mah throne!06:36
SpamapStwb: php was to perl as Windows 1.0 was to Mac OS06:37
SpamapSdumb it down, make it cheap and people will buy it.06:37
NonpythonChoosey programmers choose Perl.06:38
NonpythonTo referance weird peanut butter.06:38
NonpythonHow do I set up FastCGI?06:39
SpamapSNonpython: I run wordpress on a Xen instance w/ 384MB of RAM .. it works fine06:39
twbSpamapS: yeah06:39
SpamapSapache    2233  0.4  4.9  34120 18848 ?        S    22:02   0:10 /usr/sbin/httpd06:39
SpamapSapache   18689  0.5  5.2  34884 20180 ?        S    21:41   0:17 /usr/sbin/httpd06:39
SpamapSjust use prefork. :)06:39
twb*prefork*, that's what I was trying to remember (re. "stinky" above)06:40
SpamapStwb: I was hoping somebody had called it stinky. :)06:40
twbSpamapS: presumably that 384 MB is a xen instance that *just* runs wordpress?06:40
SpamapSand courier-imapd06:40
SpamapSand postfix06:41
SpamapSand irssi :)06:41
SpamapSoh and mysqld for wordpress06:41
twbAh, OK, so you're not taking a one-jail-per-service approach.06:41
SpamapSno, you're pretty much pwning me on the next wordpress vuln06:41
twb:-)06:42
NonpythonMy VPS runs Bind 9, Apache 2, Mod_PHP, MySQLd, Courier, and Postfix.06:42
SpamapSoh I have BIND too06:42
SpamapSanother one with a great record06:42
twbI wouldn't know; the systems I've set up (as opposed to adopting) run dnsmasq for DNS caching, and have their DNS records hosted elsewhere.06:43
twbI don't think hosting your own DNS records is best practice anymore...06:43
SpamapSyeah I have moved away from it more and more06:44
SpamapSlast few domains I registered I just let the registrar do it.06:44
SpamapSincluded for free and works quite well06:44
twbNot that I know much about dnsmasq's security record, but it's only internal-facing, so less of an issue.06:44
twbAnd getting three services from a single easily-configured daemon is a pretty nice win :-)06:45
NonpythonI tried fastcgi, it made things worse. I lost 1MB.06:54
NonpythonBrave Brave Sir Nonpython, Bravely installed CentOS, Bravely thought Ubuntu kinda sucks for servers!06:58
Nonpythonbtw, I love Ubuntu on the desktop and lappy, but if falls on its face as a server.07:00
twbPlease take your advocacy elsewhere.07:04
twb(Unless you want to rant about something specific, in which case we can either try to fix it, or commiserate.)07:05
NonpythonI do Kent...07:10
* ajmitch wonders if he'll come back when he finds that centos will probably suck just as hard at php07:12
twbOK, NTP question time.07:28
twbWhich strata will ntpd (and/or ntpdate) accept as "good enough" to take time from?07:28
billybigriggercan i setup a raid with 3 disks, 1x1TB and 2x500GB?07:30
twbSome of my netboot farm is out-of-step by an offset matching the timezone, and I'm trying to isolate the fault.07:30
Callum__billybigrigger: The 1TB will only use 500GB of its total space07:47
billybigriggerCallum__, so im better off running the 2x500's in raid 507:48
Callum__billybigrigger: you need at least three drives for RAID 507:48
Callum__with just two drives you can use RAID 1 or RAID 007:49
billybigrigger0 it is then :)07:49
Callum__just remember that with RAID 0 you get no redundancy whatsoever =P07:49
billybigriggeryup07:50
twbRAID0 will HALVE your integrity07:51
twbbecause if either drive fails, you have lost everything07:51
billybigriggerwill have to have the 1tb sit and do nightly backups for the raid0 then07:51
jpdsWell, RAID0 isn't even RAID.07:51
Callum__yeah, technically07:52
Callum__although a RAID 0 is probably faster than a single drive heh07:52
Callum__can't remember07:52
Callum__my server has three hardware RAID 1s working together using LVM2... its quite fast despite the performance penalties from the RAID setups07:53
Callum__2x 250GB SATA, 2x 80GB SATA and 2x 73GB SCSI, because I have no money07:54
owhSalutations, going a little nuts. Getting /dev/null permission denied on boot which causes fetchmail to fail to start. I've updated rc.local to set the permissions correctly after the fact and if I manually start fetchmail after logging in it works. I've found some references to bugs regarding this, but no obvious fix.Running hardy. Suggestions?08:11
owhgrep -sr null /etc/udev/* returns:08:13
owh/etc/udev/rules.d/40-basic-permissions.rules:KERNEL=="null",MODE="0666"08:13
twbThat mode is correct.08:14
owhYeah, but something is setting it incorrectly during boot.08:15
twbWhen I've seen "/dev/null not writable!" errors from bash in the past, it is usually because the root filesystem is corrupted and the kernel has remounted it read-only.08:15
* owh checks, but I doubt it.08:15
twbSuggest forcefscking08:15
owhIt's a reiserfs filesystem on a VM.08:16
owhAnd it's mounted rw.08:16
twbUrk08:17
twbFor furture reference: don't use reiserfs without a damn good reason.08:17
owhhuh?08:17
owhI had no choice in the matter.08:17
* owh likes ext*08:17
owhNone of this would be an issue if this container wasn't being rebooted irregularly by the host. Another thing I have no control over. 'nuf said about that :)08:19
twbStupid VPS vendors08:19
* owh nods08:19
twbI still say forcefsck08:19
owhIf I wasn't in a place where I cannot move right this month or the next, I'd have tossed them aside. Right now I don't have that luxury. The force fsck might be fun, if I do that and it doesn't come back I'm fsckd.08:20
twbIf your filesystem is corrupt, you're already fucked -- you just don't know it yet08:21
owhThat's very true, but at least the users don't yet know it either. However if I forcefsck it and reboot and it doesn't come back I can't actually do anything about it either.08:21
twbFortunately you have diligently taken backups every day since you got this host.08:22
twbOr: you have learnt the value of good backups :-)08:22
owhI have, but this is live and losing live data right at this moment is a real PITA.08:22
twbWell, you don't have to forcefsck RIGHT NOW, but doing it in the next day or so is definitely a good idea.08:23
owhI have to say, I don't actually think the fs is corrupt. I don't see any other evidence of this. The permissions are reset every boot and have been doing that for at least 18 months, but the node has been up for most of that time without issues. The VPS provider has been "fixing" things which seems to necesitate rebooting my containers.08:24
owhThat's why this is an issue right atm.08:24
twbI can't remember how badly reiserfs takes fsck of a corrupt fs, but I imagine that in the worst case you'll end up with data loss of the inodes that are already lost, and it'll continue to boot (unless the OS bootstrap files are themselves hosed).08:24
* owh still suspects an actual bug in hardy somewhere :)08:24
twbowh: I'm not saying it's definitely corrupt, I'm saying that you should eliminate that possibility FIRST before investing your time (i.e. customers' money) investigating other possibilities.08:25
owhThat's fair comment.08:25
owhcrap08:25
* owh takes a deep breath, investigates load and does another backup.08:25
owhHold on, doesn't reiser allow an fsck on a running system?08:26
ajmitchdo you trust it enough to do that?08:26
owhHmm, fair point.08:27
twbI don't trust *reiser* that much, even if I trusted t'so08:27
owhI suppose I can get it to do an integrity check at least.08:28
twbMeh.  shutdown -r -F 6008:28
owhWhat's the -F 6008:29
twb-F means forcefsck.  60 means to wait sixty minutes before rebooting, warning users beforehand.08:29
twb(As rtfm will tell you, unless you're stuck with retarded shutdown(8upstart).)08:30
owhI did rtfm, but intrepid had no idea what you were talking about and I don't have manpages installed on my server :)08:31
twbUnfortunately upstart is not enthusiastic about preserving backwards-compaibility in APIs like inittab(5) and shutdown(8).08:31
owhHmm, not sure if the fsck will actually work. This is an OpenVZ container and I just got permission denied when running reiserfsck --check /dev/simfs08:34
twbOh, OpenVZ.08:34
twbThen you don't have a filesystem in the first place, because you're in a jail, not a VM.08:35
owhDon't ask :|08:35
twbudev probably shouldn't even be installed in a VZ jail08:35
twbIIRC ubuntu-minimal pulls it in, which pissed me off when I was building hardy VEs08:36
owhWhat's the impact of purging udev?08:38
twbI don't remember08:39
twbI just remember the dependencies annoyingly assumed ubuntu-minimal was for physical hardware08:39
owhEven if udev shouldn't be installed on this container, something is setting the permissions incorrectly at some stage during boot. When does rc.local run, can I make fetchmail run after that?08:40
owhIn fact, can I just add /etc/init.d/fetchmail start to rc.local?08:40
owhI realise that this is pretty evil, and I'd like to avoid it if I can, but beggars cannot be ...08:41
twbHow do you know that it's not just set incorrectly in the os template?08:42
owhI don't, but I also have no control over that.08:42
twbFor that matter, after attempting to access it, have any beancounters increased?08:42
owhHuh?08:42
owhWTF is a beancounter :)08:43
owhI doubt that the VPS provider could tell me if their template was incorrect or that they'd change it just for me.08:43
owhHmm. rc.local runs last - lovely.08:44
twbowh: /proc/user_beancounters08:44
twbowh: I guess you aren't too familiar with OpenVZ08:44
owhThat would be correct.08:44
maxagazphp code is not interpreted anymore since I upgraded to lucid, is there a bug in php on lucid ?08:45
twbNormally I'd go check /vz/root/<VEID>/ as root on the hardware node, but I guess you don't have those privileges.08:45
owhtwb: That is true, no privs.08:45
ajmitchmaxagaz: are you trying to run php scripts from your home directory?08:45
maxagazajmitch, no, it's in my /var/www08:46
ajmitchthen no, there's nothing changed in that regard08:46
owhajmitch: Sometimes I found that the module starts off as being commented out. Also restarting apache was required IIRC.08:47
owhUh, maxagaz that was for you.08:47
owhtwb: Which number should increase when?08:47
twbowh: with nothing else running, try cat /proc/user_beancounters >/tmp/x; echo fuck >/dev/null; diff -u /tmp/x /proc/user_beancounters08:48
twbWhere the second command is whatever isn't working.08:48
owhtwb: What should that tell me?08:49
twbThat's just checking if the issue is exogenic (i.e. you're being futzed by VZ, not the posix DAC)08:49
twbowh: from memory there's a "naughtiness attempts" column08:50
maxagazowh, restarting apache2 didn't help08:50
twb"failcnt"08:50
owhtwb: Presumably with the permissions not set correctly right?08:50
twbowh: shrug.08:51
owhtwb: Well, there's no failcnt at all.08:51
owhThe column is there, just all 008:51
owhmaxagaz: What modules are enabled in /etc/apache2/mods-enabled/08:52
alkisgHi, I'm looking at a security problem, how can one take advantage of a suid root bash?08:52
alkisg-rwsr-sr-x  1 root   root   800K 2010-05-19 10:47 bash08:52
maxagazowh, php5.load, php5.conf among others08:53
owhmaxagaz: And the apache php module is installed?08:54
owhtwb, I think the simplest is to change the run order for rc.local from 99 to 98, which makes fetchmail run afterwards. That won't actually fix it, but it will work around it.08:55
alvinWhen will the upgrade to lucid become available for hardy users?09:00
owhalkisg: AFIK it would mean that any code run in that shell could use root permissions.09:01
alvindo-release-upgrade still says 'no release found'09:02
alkisgowh, but I cannot reproduce this... e.g. if I run that bash as "alkisg" and then run `whoami`, I get "alkisg", not "root"...09:02
alkisgAh, got it in #bash, "(11:03:40 πμ) koala_man: alkisg: bash drops suid if it detects it"09:04
alkisgThat's why I couldn't reproduce it09:04
maxagazowh: libapache2-mod-php5 is installed09:04
owhmaxagaz: Does the apache header show php5 installed?09:05
maxagazowh, how to check it ?09:05
maxagazhttp://localhost i guess...09:06
owhmaxagaz: wget -S url09:06
maxagazowh, The web server software is running but no content has been added, yet.09:06
owhmaxagaz: All we're doing is seeing if apache is reporting that php exists.09:06
owhmaxagaz: It should show PHP/5.x in the Server: header.09:07
maxagazowh, I tried "wget -S localhost" but how should it help ?09:07
owhwget -S http://localhost09:07
maxagazowh, no PHP/5.x is shown09:09
maxagazowh, http://pastebin.com/MsUpd31X09:09
owhRight, no PHP.09:11
* owh is trying to remember. Was this a fresh install?09:11
maxagazowh, no, it was an upgrade09:12
owhcd /etc/apache2 ; find | grep php09:13
twbowh: shrug09:14
twbowh: I've lost interest in the issue09:14
owhtwb: Thanks for your help. I've updated the rc* directories to make rc.local run earlier.09:14
owhIf I have some spare cycles, I'll have a proper look.09:15
owhmaxagaz: What does that command output?09:15
twbThat always happens to me09:15
owhtwb: The spare cycles bit :)09:15
twbI die a little inside every time I roll out a bodge instead of doing it properly on my own time09:15
owhYeah.09:15
twbIt's why our servers run fucking webmin and gnome09:16
owhtwb: And then you get to the situation I'm in with maxagaz where I know I've seen this before but I'm stuffed if I can remember how I fixed it.09:16
maxagazowh, ./mods-available/php5.load, ./mods-available/php5.conf, ./mods-enabled/php5.load, ./mods-enabled/php5.conf09:16
owhtwb: The funniest was when I knew I'd seen something before, did a search and found my own bug report on the matter :)09:16
twbowh: I can beat that09:17
owhmaxagaz: What does ls -l ./mods-enabled/php5.load return.09:17
owhtwb: Bring it on.09:17
twbowh: I needed the correct modeline timings for an LCD monitor, because it wasn't reporting EDID information correctly on its VGA port, and I didn't have an LCD GPU anymore.09:17
maxagazowh, ./mods-enabled/php5.load -> ../mods-available/php5.load09:18
twbI found a pastebin of one of my old Xorg.0.logs from five years before, when I had a DVI port.09:18
maxagazowh, lrwxrwxrwx 1 root root 27 2009-12-03 19:50 ./mods-enabled/php5.load -> ../mods-available/php5.load09:18
owhmaxagaz: What does cat ./mods-enabled/php5.load say09:18
owhtwb: That's pretty good, since it implies that you even ticked the "keep this thingo" box on pastebin :)09:18
twbSome pastebins default to that09:19
owhROTFL09:19
twbI don't ever paste using a browser, man.09:19
maxagazowh, LoadModule php5_module /usr/lib/apache2/modules/libphp5.so09:19
twbI use lisppaste.el or hpaste.el or pastebinit(1)09:19
maxagazowh, -rw-r--r-- 1 root root 7618736 2010-05-04 15:11 /usr/lib/apache2/modules/libphp5.so09:19
owhmaxagaz: Have you got multiple vhosts on this apache server?09:20
maxagazowh, no, it's a very basic install09:21
owhOne mo, phone.09:21
owhmaxagaz: grep -r php *09:22
owhmaxagaz: You'll need to pastebin that.09:22
maxagazowh, http://pastebin.com/uTdjwKKb09:23
owhmaxagaz: Did you modify any of those files? I'm looking at a hardy server and it looks nothing like that.09:25
maxagazno, I didn't09:25
owhgrep -r mods-enabled *09:26
twbowh: it wouldn't surprise me if your crack-whore VPS vendor had messed with apache09:26
maxagazowh, apache2.conf:Include /etc/apache2/mods-enabled/*.load09:26
maxagazapache2.conf:Include /etc/apache2/mods-enabled/*.conf09:26
twbowh: do an "aptitude download apache2" or so, and examine the defaults09:26
alvinomg! I've been waiting to upgrade to Lucid over semantics! (bug 223741). Does the papercut project for server still exists?09:26
uvirtbotLaunchpad bug 223741 in update-manager-core "'do-release-upgrade' requires the '-d' flag to upgrade from dapper to hardy, and from hardy to lucid" [Undecided,Confirmed] https://launchpad.net/bugs/22374109:26
alvin-d = --devel-release. Never thought about Lucid as a devel-release since the official release09:27
owhtwb: I'm pretty familiar with what it's supposed to look like and what maxagaz showed us had wildcards in it, I suspect a later version of OS :)09:27
twbowh: oh, sorry.  I assumed maxagaz had already mentioned he was on hardy.09:27
maxagaztwb, no, I'm on 10.0409:28
owhtwb: Hmm, no I think maxagaz had said lucid.09:28
twbowh: ignore me.09:28
* owh is on hardy atm :)09:28
owhHmm, I'd rather not / ignore :)09:28
owhmaxagaz: Just to humour me, did you stop apache and start it again?09:29
twbalvin: to be honest, I trust do-release-upgrade less than a supervised aptitude safe-upgrade.09:29
alvintwb: do you mean changing the sources then? Because safe-upgrade doesn't touch the kernel (of I'm not mistaken)09:29
twbalvin: I do.  do-release-upgrade does that internally, AND if it dies for any reason, it doesn't roll them back :-/09:30
maxagazowh, yes I did09:30
alvinI can do that manually.09:30
alvinDoesn't it do more?09:31
twbd-r-u also appears to download a tarball of... stuff.  I think it's rules about how to unbreak various things.09:31
owhtwb: Yeah, known issues are dealt with AFAIK.09:31
owhmaxagaz: Where there any warnings in the apache logs?09:31
twbIf/when I get enough money to upgrade to lucid, I'll probably read through that tarball by hand and then use my own judgement.09:32
twbI'd rather just have a Debian-style release document that tells me in human terms how to handle those things, rather than trying to automate them.09:32
alvinWell, i'd prefer do-release-upgrade then, but I haven't used it because of the --devel-release flag. Didn't expect that. --help doesn't mention a next LTS counts as devel-release09:32
alvintwb: Well, if you put it that way: me too09:32
maxagazowh, [Wed May 19 16:33:20 2010] [notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.1 with Suhosin-Patch configured -- resuming normal operations09:33
owhWhoah.09:33
twbalvin: either way, you should be doing normal paranoid things like backups, test runs on non-production or at least non-critical hosts, scheduling downtime to deal with breakages, etc.09:33
owhThat does show php maxagaz09:33
maxagazowh, but before it...09:34
maxagazowh, PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/mcrypt.ini on line 1 in Unknown on line 009:34
alvintwb: I did loads of those during the last 2 weeks of Lucid development. The result wasn't pretty. I have come to hate plymouth/mountall.09:34
owhCreate a file in /var/www/ called bob.php and put into it <?phpinfo();?>09:34
twbalvin: righto, carry on.09:34
alvinTesting time is over09:34
twb(I thought your nick sounded familiar)09:34
alvinYeah, I subscribed to a lot of bugs. I have to say most servers aren't working worse than before. A lot of bugs are fixed. I only hate the lack of error messages for the exceptions09:36
maxagazowh, it works...09:36
owhmaxagaz: Magic.09:36
alvinAnd kvm needs some 'best practices' documentation. Maybe I'll try to write that one day.09:36
maxagazowh, sorry for that09:36
owhmaxagaz: Don't worry about it.09:36
maxagazowh, thanks a lot09:36
owhPEBCAK errors happen all the time :)09:36
owhPleasure.09:36
maxagazowh, PEBCAK ?09:37
owhProblem Exists Between Chair And Keyboard09:38
owh:)09:38
maxagazowh, :)09:38
owhOr: "User error, replace user and press any key to continue..."09:38
owhAnyone know of a dynamic way to block idiot guests who search for vulnerabilities on my apache server? Whole hordes of errors looking for /var/www/horde etc.09:39
twbowh: that's like swapping in a freshly broken lightbulb09:40
owhWhich comment were you responding to twb?09:40
twbTake the users away entirely; see how few problems are reportered thereafter09:40
owhRiight.09:40
owhYes :)09:40
twb*reported09:40
owhEven, turn the server off, even less issues.09:41
owhBOFH rules again :)09:41
twbowh: that was gonna be my solution to your attack question09:41
owhtwb: Shame about the other guests who are legitimately using the site :)09:41
owhtwb: It's but a mere trifle, but those other guests are the paying ones :)09:42
twbYou could use netfilter's hashlimit module09:42
twbThat'd encourage everybody to adopt HTTP/1.1 pipelining, which is awesome ;-P09:43
owhtwb: All that will do is slow 'm down. I just want to block those fwits who ask for a select list of files.09:44
owhtwb: You ask for one of those files, you get blocked for the next 48 hours or so...09:44
twbowh: you combine it with the recent module09:47
twband -j TARPIT or -j CHAOS09:47
owhtwb: So am I understanding that you are proposing to throttle those users, rather than block them?09:48
twbowh: well, sure.09:48
owhtwb: So, is there an issue I'm not aware of if I block them?09:48
twbOne successful connection per host per day sounds pretty reasonable.09:48
alvinowh: Just curious. Is this slowing down your server?09:49
owhtwb: I missed something there I think.09:49
twbAnd if they stop attacking for a whole day, they're automatically allowed to try again.09:49
owhalvin: Well, I really don't have a handle on that, but I do know that there are hordes of them. I also know that my real users should get all available cpu cycles, since they come to collect something they paid for.09:50
twbowh: first you have a "trip" condition that detects an attacker and puts them in a "dunce list".  A second condition keeps them there until they stop attacking for some extended period.  And -j TARPIT means that instead of *dropping* those connections, you are tying up resources on the attacker's machine.09:51
alvinThos poor chinese companies that don't know their servers are compromised!09:51
alvin(for unknown reason, most attacks on my network originate from Asia)09:53
owhalvin: More computers per sqm perhaps?09:54
alvinowh: Maybe. The attacks aren't bothering me much, but foor ssh, there is existing software for what you want to do. It does what twb describes, but I forgot the name. There's probably something like that for webservers too.09:56
alvinI looked it up: http://www.fail2ban.org Apparently works for webservers too09:57
* owh was just reading that :)09:58
owhalvin: vnice !10:00
owhLater all, thanks for your assistance and insights.10:01
RoyKalvin: fail2ban works for most stuff - it just parses logs after all10:13
=== RoyK^ is now known as RoyK
uvirtbotNew bug: #582755 in bacula (main) "package bacula-director-pgsql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed pre-removal script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/58275511:27
uvirtbotNew bug: #582376 in samba "Samba (nmbd) fails to start at boot" [Undecided,New] https://launchpad.net/bugs/58237611:41
ryoohkidoes anyone have a copy of /etc/apt/sources.list from a fresh U.S.A. install of unbuntu server 10.04 ?????12:08
twbThe install media is not nationalized.12:10
twbYou probably want to use us.archive.ubuntu.com or archive.ubuntu.com.12:10
twbUnfortunately AFAIK Ubuntu doesn't maintain a machine-readable database of primary, secondary and tertiary mirrors, the way Debian does, so you can't just tell a script to go off and work out which mirror is fastest for you.12:11
ryoohkitwb: i just want the 25 - 30 line file /etc/apt/sources.list that's on a U.S.A. install of ubuntu server 10.04 which ought to be an easy request to fulfil.  i have the bulgarian one which i am nearly 100% certain, is the same file but with bg. instead of us., however, i am persnickety12:18
ryoohkitwb: it's the archive.ubuntu.com vs us.archive.ubuntu.com that i have in mind12:19
twbryoohki: just test both12:19
twbdig and whois, if you really care12:19
ryoohkitwb: i don't want to run tests, i just the file12:19
ryoohkitwb: is it so hard to paste bin /etc/apt/sources.list?!12:19
twbWell, there's no way in hell I'm going to go to .us.12:20
ryoohkitwb: what all this dig, whois, machine readable database...12:20
ryoohkitwb: ?????12:20
AmokPauleHello, i just upgraded my vserver to lucid, after the reboot it seems my server can't conceckt to the internet anymore.12:39
mwdIn Ubuntu Server 10.04, I can not get the resolution (console, no GUI) higher than 640x480. When I try to change GRUB_GFXPAYLOAD_LINUX, the system crashes when booting.12:44
twbFor grub, the fbcon, or both?12:46
mwdGrub12:46
twbI can't help12:46
twbI don't believe that the bootloader should be reprogramming the GPU in the first place, so I disable that shit on mine12:47
mwdIn 8.04 I used the defoptions in menu.lst by adding vga=0x36c to get my resoltion (1440x900). In 10.04 this isn't working12:49
mwdSorry I ment fbcon, not grub12:50
mwdBut I can get grub up to 1440x900 when adding GRUB_GFXMODE=1440x90012:51
mwdHow can I see if fbcon is activated?13:01
kirklandRoAkSoAx: pong13:11
mwdWhat is the preferred method to get the resolution of the console higher then 640x480?13:12
=== JanC_ is now known as JanC
mwdI think the kernel uses vesafb13:13
mwdwhen providinh no further information, 640x480 is used13:13
twbmwd: you can't use a non-VESA mode like 1440x900 with the vesafb driver.13:13
twbWhat GPU are you using?13:13
mwdUbuntu is running vmware13:14
twbOh, sigh.13:14
twbWhy don't you just use a serial line, then?13:14
twbThen you can define an arbitrary size console13:14
mwdIn 8.04 1440x900 was no problem bei adding vga=0x36c13:15
twbUh, no, that is an obsolete shorthand for video=vesafb:1024x760-1613:16
RoAkSoAxkirkland: morning :)13:16
kirklandRoAkSoAx: howdy ;-)13:16
twbI still think it's utterly UTTERLY stupid the way some of these VM solutions will turn a text console into a raster13:17
* SpamapS stretches and yawns13:18
twbHmm, http://communities.vmware.com/thread/2850813:18
SpamapSmwd: for vmware vesa modes work fine13:18
twbSpamapS: but he wants a non-VESA mode.13:19
mwdEverything higher than 640x480 would be fine13:19
twbmwd: then video=vesafb:1024x760-16, as you've been using, should be fine.13:20
RoAkSoAxSpamapS: I was reading HAProxy architecture and for what I can see, if we don't implement a layer4 loadbalancer before HAProxy, loadbalancers wont scale13:20
twbIf that's not working, it might be that stupid vga16fb crap that I was in 10.04 and couldn't get rid of.13:20
uvirtbotNew bug: #582803 in samba (main) "samba doesn't work" [Undecided,New] https://launchpad.net/bugs/58280313:21
mwdWhere do I set video=vesafb:1024x760-16 ?13:21
twbYou pass it to the kernel from the bootloader13:21
mwdok, i try it13:21
twbvga=876, as you were typing, should be identical13:21
SpamapSRoAkSoAx: right, I think that may be something I put in the Unresolved Issues portion of the spec, with a suggestion to mention in the documentation that IPVS+Cluster will suffice in that case.13:23
* SpamapS is being paged by baby again.. doh13:23
mwdI passed vga=876 to the kernel from Grub, resolution is 640x48013:24
twbI blame vga16fb, lacking anything better to do13:24
twbgunzip and cpio -t your ramdisk, and confirm that it contains vesafb.ko (or that it's compiled-in in /boot/config-*).13:25
twbThen, yell at canonical for playing silly buggers with the ramdisk13:25
RoAkSoAxSpamapS: Ok. Anyways I do think that at a certain point of time, might be necessary to be able to scale HAProxy itself. Anyways, will wait for your spec then :)13:27
ryoohkii need a prisitine copy of /etc/apt/sources.list from a fresh U.S.A. install of 10.0413:27
RoAkSoAxSpamapS: oh and btw... it seems that all webservers and loadbalancers have to be in the same subnet13:30
jpdsryoohki: Again?13:33
ryoohkijpds: not again, "still not"13:34
pmatulisryoohki: what's with this "pristine" stuff?  what jpds gave you yesterday was fine13:36
uvirtbotNew bug: #582812 in openldap (main) "ldapsearch -y option does not work" [Undecided,New] https://launchpad.net/bugs/58281213:36
ryoohkipmatulis: no it was not13:37
pmatulisryoohki: why?13:37
jpdsryoohki: http://pastebin.ubuntu.com/436127/13:37
ryoohkipmatulis: it was edited - why do i need to explain this to you? why not provide the 25 or so line file?13:37
jpdsryoohki: You should still be using a local mirror FWIW.13:38
pmatulisryoohki: i asked you why you insist on pristine13:39
ryoohkipmatulis: do i answer to you?!   what business is it of yours anyway?!13:40
ryoohkipmatulis: why are you even asking me this?????13:41
pmatulisryoohki: goodness me.  you are asking for help aren't you?13:41
ryoohkipmatulis: if you can't help, then it doesn't concern you13:41
=== Russ is now known as Russ|Out
ryoohkipmatulis: let me restate this: if you don't have the file, do ask me to explain why i want it13:42
ryoohkipmatulis: i need a fubaz part n-22 ; why? ; huh?13:42
SpamapSRoAkSoAx: when you say "all webservers and loadbalancers have to be in the same subnet" do you mean by haproxy's design or some other requirement?13:46
sorenryoohki: Calm down, man.13:46
SpamapSRoAkSoAx: because haproxy makes a full TCP/IP connection, so it can connect to a web server anywhere13:46
=== mathiaz_ is now known as mathiaz
sorenryoohki: It's a perfectly reasonable question. I too am curious why you need this pristine sources.list so badly.13:47
SpamapSgranted, it won't be very efficient to have LB's in Texas connecting to Servers in Taipei for clients in Sydney .. but it would work. ;)13:47
mwdtwb: vesafb is blacklisted in blacklist-frambuffer.conf13:47
ryoohkisoren: i need number 22; here's 21; no 22; 23 is close, no 22, why 22? ; what the hell?!13:48
ryoohkisoren: 21 != 22 && 23 != 2213:48
ryoohkisoren: i did not ask for anything hard to produce or all that uncommon but recieve may other things13:49
SpamapSryoohki: 10.04 US server install?13:49
ryoohkisoren: but not what i asked for13:49
twbmwd: ugh!13:49
sorenryoohki: You also haven't (a) calmed down nor (b) explained why what jpds gave you isn't good enough.13:49
twbmwd: see what I mean about ubuntu being "clever"?13:49
ryoohkiSpamapS: 10.04 US server install /etc/apt/sources.list13:50
BrixSatHello :)13:50
SpamapSryoohki: amd64?13:50
BrixSatany one with squid experience?13:50
twbmwd: if you want to reverse that, you can edit the file in /etc and then run "update-initramfs -u -k all" to push the changes to the ramdisk.13:50
ryoohkisoren: why do you think i am not clam and why do you continue to think i should explain why i want something?????13:50
SpamapSBrixSat: I've got a fair amount .. sup?13:50
twbmwd: can you do me a favour and run "dpkg -S" on blacklist-framebuffer.conf, and tell me which package it's from?13:51
sorenryoohki: You are asking for help. You are asking other people to spend time servicing you. You could at the least have the decency to address them courteously.13:51
SpamapSryoohki: more than 1 punctuation mark in a row == not calm13:51
ryoohkisoren: escpially, why do i need to tell you why i want that??????13:51
BrixSatSpamapS:  I need to enable ssl on squid :)13:51
SpamapS(... is, btw, one punctuation mark)13:51
mwdtwb: Removing vesafb from the blacklist and providing vga parameter to the kernel had no effect13:51
SpamapSBrixSat: SSL sites, or SSL for clients?13:51
ryoohkisoren: i did ask for help courteously13:52
SpamapSryoohki: I have this file that you want, but yes, you need to chill out.13:52
twb22:51 <twb> mwd: can you do me a favour and run "dpkg -S" on blacklist-framebuffer.conf, and tell me which package it's from?13:52
BrixSatSpamapS: when i type www.gmail.com it tryes to open https://gmail.com and gives an error on the browser13:52
_ruben!info haproxy13:52
ubottuhaproxy (source: haproxy): fast and reliable load balancing reverse proxy. In component universe, is optional. Version 1.3.22-1 (lucid), package size 414 kB, installed size 956 kB13:52
SpamapSBrixSat: you need to allow users access to the CONNECT method13:52
ryoohkiSpamapS: i have the file i believe but i'd take a second copy to compare to what i have13:52
ryoohkiSpamapS: thanks13:52
BrixSatSpamapS:  how?13:53
SpamapSclint@ubuntu:~$ md5sum /etc/apt/sources.list13:53
SpamapS47385d833ed5281a59c53d3337415785  /etc/apt/sources.list13:53
leniosgreat, you have it13:53
RoAkSoAxSpamapS: by HAProxy examples, it seems that all webserver are under the same subnet13:53
SpamapSRoAkSoAx: thats just a best practice. :)13:54
SpamapSRoAkSoAx: I will confirm that its not a requirement, but by its design, it should not be13:54
RoAkSoAxSpamapS: but it's always better to have the same loadbalanced servers under the same subnet :)13:54
SpamapSRoAkSoAx: not necessarily13:54
SpamapSRoAkSoAx: for instance.. maybe you're balancing squid proxies and the end points rate limit based on source subet. ;)13:55
SpamapSsubnet even13:55
SpamapSBrixSat: I don't have the exact acl line in my head...13:55
BrixSatSpamapS:  another thing and how do i password protec it?13:56
RoAkSoAxSpamapS: yeah but if they are gonna run as instances in the cloud, I'd rather have them under the same subnet (VLAN) because its on the same cloud.13:56
BrixSatit is enabling exterior access and i want to password protect all access13:56
SpamapSBrixSat: do you have the default squid.conf from the package? they have acl's setup for this already very nicely in there13:57
mwdtwb: "dpkg -S blacklist-framebuffer.conf" says: module-init-tools: /etc/modprobe.d/blacklist-framebuffer.conf13:57
SpamapSRoAkSoAx: should produce a better response time that way anyway. :)13:57
BrixSatSpamapS:  im using webmin to configure it13:57
SpamapSRoAkSoAx: looking at ELB btw.. you know.. its ridiculously cheap... even if you're shoving 1TB/month through it.. probably cheaper than running an instance just for load balancing. ;)13:58
SpamapSBrixSat: *ugh*13:58
RoAkSoAxSpamapS: indeed, but not only that.. under terms of networking it would be better to have a separate vlan for each loadbalance domain13:58
twbmwd: thank you.13:58
SpamapSBrixSat: You need to add something like http_access allow CONNECT localnet13:59
BrixSatSpamapS: i have that14:00
SpamapSBrixSat: the order matters.. where do you have that? (and is your localnet one of the 10.x.x.x, 192.168.100.x or 172.16-31.x.x nets?)14:02
RoAkSoAxSpamapS: i've actually never used it, but as I can read some of its features can be implemented with clusterstack+ipvsadm. The new features would be autoscaling of actual loadbalancers and launching of running instances given certain rules. scaling of loadbalancers can be resolvede in 2 ways, 1 layer4+layer7 loadbalancing, or using DNS for rr between loadbalancers. Then how many running instances given the rules, i.e always have two at least, ca14:02
BrixSatmy localnet is disabled i want to allow every body in and out the network14:03
SpamapSBrixSat: needs to be before the 'http_access deny all'14:03
mwdtwb: lsmod says that vesafb is not loaded (vga16fb is loaded)14:04
twbIt boggles me that they blacklist vesafb for "being buggy", but insist that vga16fb be forcibly loaded *even when you don't want a framebuffer at all*14:04
SpamapSRoAkSoAx: DNS+RR only works if you have very short ttl's, and DNS servers all over the world that do geo-location specific responding14:05
twb"Blacklist viafb; the only framebuffer drivers we want loaded by default on x86 are the drm framebuffers and vga16fb.  LP: #558569."14:05
SpamapSRoAkSoAx: and even that doesn't work great with some mobile clients who end up routing their forwarding DNS requests to somewhere very far from where they are14:05
SpamapSRoAkSoAx: layer4 + layer7 is actually the simplest way to scale.14:06
RoAkSoAxSpamapS: correct, but for scaling loadbalancers when load is too high... (and that might be only for a certain period of time) it might not be worth set up bopth layer4+layer7 loadbalancing14:06
twbI could understand if they blacklisted vga16fb as well14:06
RoAkSoAxSpamapS: Ok if we do layer4+layer7 at the same time, this means two things. Either launch both at the same time even though there's only 1 layer7 lb, and run a second/third/etc one when needed. Second choice, first have only layer7 lb, and then, when need to scale, launch another layer7lb, launach a layer4 lb, and reconfigure everything14:08
SpamapSRoAkSoAx: I believe haproxy is touted as scaling to about 20,000 new connections / second on older hardware (HP DL145 dual opterons)... concurrency is unclear, but they seem to suggest 60,000 / 1GB of RAM14:09
ryoohkiSpamapS: may i have your copy of the file if you don't mind?14:09
SpamapSRoAkSoAx: it may be worth firing up a bunch of EC2 nodes to test this.14:09
SpamapSryoohki: most certainly, I think I gave the md5sum while you were kicked..14:10
BrixSatbrb14:10
SpamapS47385d833ed5281a59c53d3337415785  /etc/apt/sources.list14:10
mwdtwb: viafb is already blacklisted14:11
twbmwd: that wasn't the point14:11
sorenryoohki: I don't understand why it's so hard to explain why you absolutely need this pristine file? You are asking people to spend time servicing you. If all they ask in return is getting their curiosity satisfied, that seems like a good deal to me.14:11
ryoohkiSpamapS: i have sources.list.bg: e52dbbc2b2cb9a63a940a428032d7853 ; sources.list.us 826281ebbf83343107d6a1cb19e40c7114:11
RoAkSoAxSpamapS: testing is needed too see how much load a regular instance can hold off course. However, as I can read in Amaazon ELB they provide the feature to scale loadbalacing power14:11
SpamapSRoAkSoAx: the trouble with the layer4 stuff is that it *must* take over the return traffic by layer 4 means.. DR might work *if* we can guarantee that the layer4 nodes share layer2 with the layer7 nodes (mmmm 8 layer burrito)14:12
ryoohkiSpamapS: .bg is a source.list from a bulgarian system i ran "sed -i -e 's#/bg.#/us.#g' sources.list"14:12
RoAkSoAxSpamapS: and since ppl want something similar for UEC... that's just options that i can think of14:12
SpamapSryoohki: ok I'll pastebin the content14:13
RoAkSoAxSpamapS: yep we'd have to use DR. And that's how HAProxy describes it too for their architecture14:13
sorenAlso, if people understand the "why" they are likely to give much more useful answers. But apparantly that is uninteresting.14:13
SpamapSryoohki: please continue to be calm and nice and we'll be even more helpful. :)14:13
RoAkSoAxSpamapS: i mean, launching l4 + l7 haproxy at the same time, they use the same subnet14:14
ryoohkisoren: i don't understand why you have the athority to ban people if you use to ban people who answer your questions in a form of their own dchoosing and thieir own choice punctuation... but i'll tellm you this, i no longer will chat with you14:14
SpamapSryoohki: http://pastebin.com/bJLKeHV414:14
ryoohkismoser: thanks14:14
sorenryoohki: I think I can live with that.14:14
SpamapSryoohki: why is a perfectly valid question to ask. Often times people try to mask their true intentions because they are worried people will think them stupid or are doing something bad. We don't want people to do either of those things here.. :)14:15
sorenI happen to have this authority  because I've been giving useful answers in here for 4-5 years now.14:15
sorenThis also happens to be the first time anyone has so violently refused to explain why they need a particular answer.14:15
SpamapSRoAkSoAx: help me with something.. availability zone == layer 2 shared? I think not.. is there a lower level consideration that can force shared layer 2?14:16
=== unreal_ is now known as unreal
ScottKryoohki: Also it's quite common for people to ask for information in the belief that it will help them solve a problem, but to experienced people here there is reason to believe they are solving the wrong problem.14:17
RoAkSoAxSpamapS: Nope i dont think so. Layer 2 would mean addressing using MAC addresses... and to re-route traffic between them, we need layer 314:19
RoAkSoAxSpamapS: routing is done at layer 314:19
SpamapSScottK: yes, and then you get this http://bit.ly/4BzLI214:19
* soren facepalms14:19
SpamapSRoAkSoAx: right, so DR (direct routing) is out14:19
* ScottK always has trouble remembering all the layers. He mostly recalls layer 8 is the prime source of problems.14:20
SpamapSRoAkSoAx: and NAT is definitely out, as we can't have nodes in another layer 2 as the default route14:20
SpamapSRoAkSoAx: so we come back to IPTUN and all of its evil/glory ;)14:20
RoAkSoAxSpamapS: layer 2 means addressing using MAC Addresses... I don't think you can achieve loadbalancing using only MAC addresses14:21
SpamapSScottK: sad part is, IP != OSI model14:21
RoAkSoAxSpamapS: for this use case14:21
SpamapSRoAkSoAx: yes.. for this use case.. reddit type scale should be fine:  http://stackoverflow.com/questions/260413/load-balancing-in-amazon-ec214:23
SpamapSRoAkSoAx: if you haven't read this yet, it should help you understand why I'm concerned with defaulting to using IPTUN : http://www.linuxvirtualserver.org/VS-IPTunneling.html14:25
ccheneygood morning guys, just finished reading email :)14:26
ryoohkiSpamapS: i'm glad i asked you as i think it is indeed the file i wanted14:26
RoAkSoAxSpamapS: i do also think that IPTUn is out of the question14:26
RoAkSoAxSpamapS: However, I've never used Amazon ELB, have you tried loadbalancing with for servers in different networks?14:27
sorenSpamapS: I don't see a "this is why you don't want to use it" section on that page?14:27
SpamapSRoAkSoAx: no, I'm not sure how it works, but given its feature set and configuration, I wouldn't be surprised if it is just haproxy. :)14:27
binBASHHi14:28
SpamapSsoren: overly complicated and instructions from 1998 ... :-P14:28
binBASHDoes everyone know what the ec2 metaservice is in the uec images?14:28
mwdtwb: Added vesafb to /etc/modules, it's loaded now, but vga16fb ist still active14:29
binBASHwhen I run the images in my cloud they always hang there during startup14:29
RoAkSoAxSpamapS: Neither do I :). But as far as my networking knownledge goes... loadbalancing should be done in same subnet for obvios reasons (the same cloud is used, so instances in the same network should be used)14:29
binBASHcloud-init running: Wed, 19 May 2010 13:14:13 +0000. up 11.31 seconds14:29
binBASHwaiting for metadata service at http://169.254.169.254/2009-04-04/meta-data/instance-id14:29
sorenSpamapS: Ah, that :)14:29
binBASHdunno what ip this should be ;)14:29
sorenbinBASH: It's part of UEC.14:30
SpamapSsoren: I admit, its a weak objection.. I can already feel it crumbling a bit in my mind as I understand it better.14:30
binBASHsoren: Hmm, strange it's no eucalyptus service I think?14:30
mathiazccheney: o/14:30
binBASHI didn't configure that ip somewhere14:30
sorenbinBASH: It is.14:31
twbmwd: no no, if it's going to go anywhere, it needs to go in /etc/initramfs-tools/modules14:31
SpamapSipchains -A input -j REDIRECT 23 -d 172.26.20.110 23 -p tcp14:31
sorenbinBASH: It's not something you configure. It's a static ip.14:31
SpamapS*old* school14:31
twbmwd: vga16fb is loaded before your root filesystem is mounted :-/14:31
RoAkSoAxSpamapS: loadbalance servers in different VLAN's (from my point of view) is out of the question. THat's why VLAN's where created in the first place. To keep *common* traffic separated from other trafficm, and in this case, loadbalancing traffic should go through the same vlan for each loadbalancing domain14:32
ryoohkiSpamapS: thanks, that was aactually the file i wanted.14:32
binBASHsoren: Ok, does this run on the cloud controller server?14:32
sorenbinBASH: I'm not sure, to be honest. Probably.14:32
* SpamapS is once again being paged by the baby.. :-P14:33
binBASHthe problem here I have cloud with servers not on the same switch14:33
binBASH:)14:33
coffeedudepassword14:41
coffeedudeOoops.14:41
* coffeedude blushes....14:41
sorencoffeedude: Hey, "password" is my password too!14:44
sorenDon't be ashamed.14:44
raphinkhi there14:46
raphinkhas anyone seen processes freeze in D state in Lucid ?14:46
raphinkI've seen that with rsync and tar as xen domU domains14:47
mwdtwb: moved to /etc/initramfs-tools/modules, no effect14:47
raphinkat some point, the process freezes, stays in "D" state and won't leave14:47
RoyKnot recently, but they usually do that on all linuces if they lose their blockdevices14:47
twbmwd: did you update-initramfs -u -k all?14:47
coffeedudesoren, :-D14:47
raphinkroyK: was that for me?14:47
RoyKraphink: yes14:49
raphinkthanks for your suggestion royK, however I can still access the hard drive14:49
raphinkand it happens in the middle of the copy14:49
raphinklsof on the frozen process doesn't show any file other than special devices and libraries14:50
mwdtwb: yes14:50
twbmwd: did you blacklist vga16fb and un-blacklist vesafb beforehand?14:50
mwdtwb: After Blacklisting vga16fb it works !15:01
mwdThank you :)15:01
=== Russ|Out is now known as Russ
uvirtbotNew bug: #582847 in mysql-dfsg-5.1 (main) "package libmysqlclient16 (not installed) failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 0:7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/58284715:11
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
smoserkirkland, ping16:04
smoseror anyone.16:04
smoserhow would i hibernate a server ?16:04
jpdssmoser: pm-hibernate ?16:06
smoseryeah, just found that and tried16:06
smoserbut no effect16:06
smoserpm-is-supported --hibernate && echo yes || echo no16:07
smoseryes16:07
kirklandsmoser: yeah, what jpds said16:08
smoserso what is amuck then ?16:08
kirklandsmoser: can you try sudo pm-suspend16:08
smoseri can, but thats not the goal. i need to yank power.16:09
binBASHkirkland: do you know what this could be, I create volume for uec. It is created. If I try to attach it to the running instance it fails.16:10
binBASHin logfiles I get a weird Java Exception16:11
binBASHhttp://www.pastie.org/96774016:13
binBASHthis is log output with errors btw.16:13
binBASHand another thing I have question about16:19
binBASHwhat is this?16:19
binBASHcloud-init running: Wed, 19 May 2010 13:14:13 +0000. up 11.31 seconds16:19
binBASHwaiting for metadata service at http://169.254.169.254/2009-04-04/meta-data/instance-id16:19
ttxhggdh: around ?16:23
hggdhttx: yes16:23
ttxhggdh: I propose that you draft what we should do as part of the QA workflow spec16:23
ttxhggdh: do you agree with that ?16:23
hggdhttx: yes, no prob16:24
ttxhggdh: ok, thx16:24
uvirtbotNew bug: #582887 in net-snmp (main) "package snmpd 5.4.2.1~dfsg0ubuntu1-0ubuntu2 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/58288716:26
ttxzul, kirkland, mathiaz, smoser, SpamapS: just had a discussion with jib and reset the "drafters" for a few specs. That's what you should be working on... if you have any question, please let me know16:27
smoserttx, marching orders accepted16:28
ttxhe confirmed the deadlines16:28
smosercan i eat lunch first ?16:28
ttxsmoser: I didn't change anything for you16:28
ttxsmoser: that video was very bad, btw16:28
smoseryeah it was16:28
ttxfor some reason, the other Scott posted better audio16:29
smoserdidn't see that.16:29
ttxit's on youtube somewhere.16:30
smoseri can't locate the quote, but if you're complaining about the quality of the recording, thats understandable.16:30
smoserbut if you are complaining about the quality of the performance, i can't help16:30
smoser:)16:30
ttxheh16:30
smoseri agree that in both cases it was bad16:30
smosercan't find it on youtube16:32
smosermy youtube skills are not practiced16:32
=== pgraner is now known as pgraner-afk
* SpamapS returns16:32
SpamapSttx: got the blueprint updates, thanks.16:34
kirklandjdstrand: ping16:36
kirklandjdstrand: what's your plans for libvirt merging?16:36
ttxsmoser: http://www.youtube.com/watch?v=ag7AlHy0lB416:36
jdstrandkirkland: either this week or next I plan to merge unstable16:37
kirklandjdstrand: sounds good, thanks16:38
kirklandjdstrand: 0.8.1 right now, looks like16:38
* jdstrand nods16:39
smoserkirkland, for the record, it wouldn't suspend because kernel update had occurred, but it would have been nice to indicate that to me somewhere.16:41
kirklandsmoser: ah, right16:41
kirklandsmoser: if you were running byobu, it would have told you (R) that a reboot was required16:41
kirklandsmoser: your MOTD should have said so as well16:42
smoserbut the command would have still given me nothing16:42
binBASHsomeone knows if it's possible to use a flatfile as iscsi target?16:42
kirklandsmoser: pm-is-supported, though should tell you that though, i agree16:42
mcasbinBASH: should possible16:42
kirklandsmoser: file a wishlist bug against pm-utils on that one;  should be trivial to do16:42
binBASHmcas: Ok, sounds like an alternative. Because my UEC network is only 100 MBit.16:43
binBASHSo having an iscsi target for each vm local on the node is faster I think16:44
=== Russ is now known as Russ|Out
SpamapShrm.. I think I need some home servers16:46
=== Russ|Out is now known as Russ
SpamapSRoAkSoAx: we were interrupted before and I was confused about something you were saying.16:49
cybrocopHi All16:50
ilaggoodlyHi, I recently ugraded from 8.10 to 10.04, and might lighttpd webserver stopped working because "can't bind to port 80, already in use"... port 80 is however not in use...16:51
cybrocopDoes anyone know of a problem with creating a Raid0 (stripe) out of 6 disks? Is that not recommended for some reason?16:51
cybrocopI've done 2 and 4 in the past, but I don't know if there is some overwhelming disadvantage with a higher number of disks.16:52
cybrocopilaggoodly: Have you verified with lsof?16:53
ilaggoodlyYes "lsof -i | grep :80" and netstat16:53
ilaggoodlyno results16:53
ilaggoodlyI also installed an apache server quickly to test, and that seemed to work... apart from being apache16:54
cybrocopilaggoodly:  Lsof by default shows port names (see /etc/services) and not numbers16:54
ilaggoodlyah16:54
cybrocopilaggoodly:  So you'd have to do "grep :www"16:55
ilaggoodlyright, still no luck :/16:56
cybrocopilaggoodly: Sorry, thats where my expertise ends on the topic. I've never used lighttpd. :(16:56
ilaggoodlyah  well, learned something16:57
smoserttx, http://www.buy.com/prod/american-idol-singer-s-advantage-male-version/q/loc/20269/204714744.html?adid=1800716:59
ttx"Literally erases cracking and straining"17:00
ttxsounds good17:00
billybigriggerany raid/mdadm gurus around?17:02
ccheneysmoser: so is EBS like a direct access disk and S3 nearline storage for putting things into EBS when you actually need to work with it?17:02
kirklandDaviey: if you start looking at qemu-kvm bugs, perhaps start with the ones that are in the "New" state17:02
kirklandDaviey: try to get as many of those pushed into the right state as possible17:02
smoserccheney, s3 has other uses, but yeah, that would be one. and yes, EBS is direct block level access.17:02
smoserbut to get to EBS you have to attach an instance. s3 provides http access17:03
ccheneysmoser: ok, great i think i understand how this works at a high level anyway :)17:03
smoser(and https actually)17:03
ccheneysmoser: ok17:03
* ccheney doesn't have the hardware to play with yet so is reading through all the docs17:03
smoserare you typing irc on your phone ?17:04
smoseryou should set up an amazon aws account if you dont have one17:04
smoserand you can play there.17:04
smoseryou can expense $100 / month, which is quite enough unless you forget to turn off that m2.4xlarge system17:04
ccheneysmoser: oh, well kirkland is giving me a couple machines next tuesday to play with, but if i get done reading the docs early enough i might try playing on the amazon bit17:05
Davieykirkland: yeah, i there are a couple of New ones i started looking at17:06
Davieysmoser: As a community member, I did some EC2 testing a few cycles ago that i could expense.. 1) i forgot to expense, 2) i left the damn instance running for a couple of months17:08
hggdhDaviey: you should ask AWS for some shares, you invested nicely on them ;-)17:10
ccheneyanyone happen to know if it would be a problem to enable 'nobrl' by default for mount.cifs ?17:10
Davieyhggdh: "whoops" :)17:11
ccheneyit mentions using this option if your applications don't support mandatory locking which cifs seems to require, it doesn't appear to work properly with advisory locking17:11
ccheneyand appears to cause problems with OOo not being able to save properly to cifs shares in some cases, haven't nailed down the exact cause other than apparently nobrl fixes it for the users having the problem17:11
cybrocopsmoser: Do you know if in Eucalyptus, when you create a Volume (analogous to EBS), if that volume is copied over to the node or shared via network?17:11
Davieyccheney: I'm not aware of any issues, but google seems to suggest it's a good thing to do.. Use NFS :)17:12
smosercybrocop, it uses aoe17:13
smoserwait17:13
smosersomethign over ethernet17:13
smoserso  no, its not copied to the node17:13
smoserthe node is throwaway. ebs is supposed to be reliable17:13
ccheneyi've also let upstream OOo know that without nobrl their software falls over, maybe they can fix that issue themselves long term17:13
smoserin maverick Eucalyptus should support using iscsi for ebs volumes17:14
cybrocopthanks smoser17:14
smoserit is AOE, i'm fairly sure17:15
smoseri couldn't remember what the A was for so i thoguht i made it up17:15
cybrocop:)17:15
cybrocopATA over Ethernet seems to be logical at least. :)17:16
binBASHok17:16
binBASHthen I will use the flatfiles iscsi17:16
binBASHbecause ATA over Ethernet makes no sense with 100 MBit17:16
binBASH;)17:16
binBASHwill try this17:17
binBASHhttp://www.aspdeveloper.net/tiki-index.php?page=LinuxiSCSITargetOnUbuntu17:17
=== f1yback is now known as flyback
bluethundr_for some reason I can't SCP to one of my AWS servers: http://paste.ubuntu.com/436227/ yet I can scp to my other AWS server: http://paste.ubuntu.com/436232/17:31
bluethundr_what gives?17:31
bluethundr_it is a difference of literally scp foo bluethundr@$AWS1:~ vs scp foo bluethundr@$AWS2:~17:33
=== shiny_ is now known as sh1ny
sh1nyraid10 from flatfiles + iscsi from that raid = ownage, binBASH :D17:36
SpamapSbluethundr_: your key is in an odd format17:36
bluethundr_hmmm... yeah it seems to be trying to pull ~/.ssh/id_rsa. vs ~/.ssh/id_rsa.pub17:38
bluethundr_but on the second (AWS2) it at least attempts a password authorization, but on AWS1 it just gives up entirely and prevents the transfer17:38
SpamapSbluethundr_: no id_rsa is the private part17:38
bluethundr_oh ok17:38
SpamapSbluethundr_: but its in the SSH, not OpenSSH, format17:38
SpamapSmeaning old school commercial ssh17:38
bluethundr_interesting. that key was generated with ssh-keygen17:39
SpamapSbluethundr_: the one that works fails on the id_rsa, but succeeds on the id_dsa17:39
bluethundr_oh ok.... think it's worth trying to regenerate the key?17:39
RoAkSoAxSpamapS: what about?17:40
SpamapSbluethundr_: actually no.. wait...17:40
SpamapSbluethundr_: the one that worked used a password17:40
SpamapSdebug1: Authentication succeeded (password).17:40
* RoAkSoAx fall asleep :/17:40
SpamapSRoAkSoAx: ahh ok17:40
bluethundr_right17:40
SpamapSRoAkSoAx: well I was just confused because in one discussion we said that they would not share layer 2, but then you were saying that they would share a VLAN, which is, in fact, a shared layer 2.17:41
SpamapSand by they I mean servers and load balancer17:41
SpamapSbluethundr_: ah, well your EC2 node doesn't have password auth17:41
SpamapSbluethundr_: you have to have the key that you set it up with17:42
RoAkSoAxSpamapS: no no I mean that for this use case, loadbalancing should be only done in one vlan per case. I mean, all instances under a loadbalancing domain should be in the same vlan17:42
SpamapSRoAkSoAx: That makes perfect sense. :) Ok... sleep well. :)17:42
RoAkSoAxSpamapS: So, that means DR (same network) loadbalancing17:43
bluethundr_this is my /etc/ssh/ssh_config17:43
bluethundr_http://pastebin.com/hPV2tqU517:43
ccheneyi filed the cifs bug as bug 582925 for anyone who wants to weigh in on it in either direction, i'm not sure if it is likely to cause any problems by enabling it17:44
uvirtbotLaunchpad bug 582925 in samba "OOo needs mount.cifs to default to nobrl if possible" [High,New] https://launchpad.net/bugs/58292517:44
SpamapSRoAkSoAx: right, makes it much, much simpler.17:44
uvirtbotNew bug: #582925 in samba (main) "OOo needs mount.cifs to default to nobrl if possible" [High,New] https://launchpad.net/bugs/58292517:46
RoAkSoAxSpamapS: Now, in any case, either layer4 or layer7 (or both) loadbalancing can be used without worrying about network issues. Now, since UEC is a private cloud, each company can allocate an subnet that will match for their needs (current and future growth)17:48
=== dendrobates is now known as dendro-afk
RoAkSoAxSpamapS: and we'll need to compare Amazon's ELB and actually determine what is best here. Both l4+l7 loadbalancing, only l7, or l4.17:51
RoAkSoAxSpamapS: do you hhave the wiki page for the spec yet?17:52
SpamapSRoAkSoAx: I'm setting up an ELB right now to load test against haproxy. :)17:52
SpamapSRoAkSoAx: I started writing the spec yesterday but wanted to figure out a couple of things to put in the assumptions section rather than work items. :)17:53
SpamapSTwo things I want to answer before I put up the spec:  1) will puppet work to manage this (I think yes), 2) is haproxy as scalable as ELB17:54
RoAkSoAxSpamapS: ok let me know if there's anything I can do to help17:54
RoAkSoAxSpamapS: If puppet will manage it for deployment, no autoregistration will be needed since all is done through puppet. 2. HAProxy, AFAIK only scales in webservers not in loadbalancers. Either use a single LB, 2 LB in HA (master/slave) using keepalived, or 3. use layer4 loadbalancing on top of HAProxy, to provide scalability of HAProxy loadbalancers, and Layer4 can be set up for HA to reduce the single point of failure17:57
therianhow do i create a link that can be used over a remote file system? i mounted my server to this install with sshfs, but when i try to cd to the links i made with ln it tells me no such file or directory, i think its because its trying to cd to that directory on my box, anyway to fix this in ln?18:02
SpamapSRoAkSoAx: there are 3 concerns to cover.. load balancing on backend (haproxy is exceptional at this because of its HTTP inspection capabilityes), high availability of IP's (heartbeat handles this nicely), and scalability of load balancers themselves (ipvs does this). My goal is that you can start with just load balancing, add HA if needed, and add scalability when needed, all relatively easily.18:02
bluethundr_that's IT!!! :) password auth was off in my ssh_config on my AWS image.. guess it's a RightScale thing. ty!18:03
SpamapStherian: symlinks are notoriously difficult on remote filesystems, whether nfs or sshfs18:03
therianSpamapS: ah i figured it was my symlink, have anything for me to read?18:04
ccheneygrr stat can't properly identify a cifs mount :(18:04
therian!g ln on remote file system18:04
ubottuError: I am only a bot, please don't think I'm intelligent :)18:04
therian!google ln on remote file system18:04
ubottuError: I am only a bot, please don't think I'm intelligent :)18:04
RoyK!kick ubottu18:05
smoserhggdh,18:09
smoser+                '-o-', 'Batchmode=yes',18:09
smoserwhy the second -18:09
RoAkSoAxSpamapS: First concern. agreed. 2nd either heartbeat/pacemaker, or keepavlied, or corosync/pacemaker. 3rd this is an issue because on top of loadbalancers, if you wante them to be "active/active", you need a mechanism to loadbalance load to the loadbalancers themselves18:09
RoAkSoAxSpamapS: if you dont have that mechanism, you can only dop HA (master/slave)18:10
RoAkSoAxSpamapS: now if you want to scale the loadbalancers to all loadbalance at the same time (active/active clusters). You need either on fo this 3 things18:11
smoserhggdh, can i kill the instances that are running there18:12
RoAkSoAxSpamapS: 1. DNS loadbalancing, 2. Hardware loadbalancers (Though for UEC it is not the case). or 3. On top of the HAProxy loadbalancers, put layer4 loadbalancers.18:12
hggdhsmoser: certainly, they are not mine :-)18:13
SpamapSugh.. 33 community AMI's with '10.04' in the name.. we need to get ourselves on that "Amazon AMI's" list18:13
hggdhsmoser: what gives with batchmode?18:13
SpamapStherian: make your symlinks relative, and they might work. ;)18:13
smoserthat was from your last commit18:13
smoserwhy did you put the second -18:13
smoserin uec-testing-scripts18:13
therianthanks SpamapS i'll look into that18:13
hggdhsmoser: typo18:14
cybrocopI am not able to get a Win2K3 image to run in Eucalyptus. The image is in "running" state according to Eucalyptus, but it seems to be hung in the boot-up stage. I can run the image fine in KVM on my desktop computer. (Sorry for cross-posting. I posted this is #ubuntu-virt and #eucalyptus, but no response yet.)18:14
RoAkSoAxSpamapS: if you use DNS loadbalancing, there's no healthchecking. HW loadbalancers are out of the question for UEC. And layer4 loadbalancing seems the only way possible18:14
hggdhsmoser: corrected, will check the branch18:15
SpamapSRoAkSoAx: I guess my point is lets make sure concern 1, which is what 90% of people want, is done, and concern 2 is handled easily (99% of users will be served well enough by this). The 1% of people who have load that haproxy can't handle will be happy if we just have a prescribed method, it probably need not be automatic to setup IPVS, though it might be cool18:15
smosercybrocop, i have no idea how to debug windows boot.18:15
smoseri would suggest hacking in vnc console18:15
SpamapSRoAkSoAx: and yes, DNS and HW are out. ;)18:16
cybrocopI've tried.18:16
cybrocopHere is the KVM command I found running on the NC:18:16
hggdhsmoser: the last branch (34) had it already corrected18:16
smoserhmm... i just pulled a couple minutes ago18:17
smoserhttp://bazaar.launchpad.net/~uec-testing-scripts-dev/uec-testing-scripts/trunk/18:17
hggdhweird18:17
RoAkSoAxSpamapS: btw.. I've done something similar in my undergrad thesis using ipvsadm+heartbeat+ldirectord, I also saw keepavlied and HAProxy but I wanted layer4 loadbalancing with failover and in my case heartbeat was better: If you are interested, you can read it on: http://www.roaksoax.com/2008/07/ubuntu-in-my-thesis-part-218:17
cybrocopsmoser: http://slexy.org/raw/s2kA3o47jR  This was the command running on NC.18:18
SpamapS:) cool!18:18
cybrocopsmoser: So I copied the disk/ramdisk/kernel images to my local machine and tried to run this:18:18
cybrocopsudo kvm -m 1024 -smp 1  -nographic -boot c -kernel ./kernel -initrd ./ramdisk  -append root=/dev/sda1  -drive file=./disk,if=scsi,index=0,boot=on -net nic,vlan=0,model=e1000,name=e1000.0  -parallel none -usb -vnc :118:18
cybrocopI'm hoping my "abridgement" of the KVM command didn't change the results in any way.18:19
hggdhsmoser: http://pastebin.com/FADaN53m18:19
cybrocopI got a "Selected disk does not exist" on the Grub interface. Here is the screenshot: http://img541.imageshack.us/img541/8413/grub.png18:19
RoAkSoAxSpamapS: which was called: "Design of a model to implement HA Web Servers", and the goal was use both IPVS+heartbeat to make it scalable and Hihghly available18:19
RoAkSoAxSpamapS: oh and other conern is "Will UEC allow us to have a shared VIP between loadbalancers?"18:21
SpamapSRight. I'm only avoiding IPVS because the layer 7 capabilities are limited, and the IPTUN requirement makes it a bit weird. In the past I've setup quite a few IPVS based load balancers.. but always in DR or NAT setup.18:21
SpamapSBut for balancing to haproxies..18:21
SpamapSit seems perfect18:21
hggdhsmoser: indeed it was not there. I have no idea why. I justy pushed it18:21
cybrocopsmoster: Unfortunately, I don't know where to go from there. The original image which I uploaded to eucalyptus, boots fine with the following command:18:24
RoAkSoAxSpamapS: yep, but as i mentioned before, since I do believe loadbalancing for this case should be done in same VLAN, that means using same network. WHich rules out IPVS TUN.... adn even for HAProxy we need a VIP in case we want to have more than 1 loadbalancer18:24
cybrocopsmoser: sudo kvm -m 1024 -boot a -fda ./win-grub.img -initrd ./memdisk -drive file=win2k3.img,if=scsi,boot=on -nographic -vnc :118:24
RoAkSoAxSpamapS: though it will be for failover purposes18:24
smosercybrocop, just fyi, when you upload an image, it is turned from an image into a partition before eucalyptus runs it18:24
smoserie, they shove a partition table at the front, put your data in first partition, then stuff swap and ephemeral data partitions18:25
cybrocopthat is why I created 2 partitions.. which I learned is a hack to disable this feature18:25
cybrocopsmoser: Here is my partition table before upload: http://img710.imageshack.us/img710/629/qtparted.png18:26
cybrocopAnything else I can do to debug/troubleshoot this?18:30
cybrocopfor instance, can I make eucalyptus run my image with a vnc console temporarily, so that I can vnc to it?18:30
cybrocopI suspect I'd get the same thing... but I don't know what else to do.18:31
uvirtbotNew bug: #582963 in apache2 (main) "SSL pass phrase dialog can't read input" [Undecided,New] https://launchpad.net/bugs/58296318:36
RoyKthis new swapping to compressed memory is a rather nice feature :)18:38
smosercybrocop, yes, you can hack that.18:39
smoseron the node controller there is a file.. that generates the libvirt xml18:39
uvirtbotNew bug: #582970 in mysql-dfsg-5.1 (main) "mysql-server won't start after update" [Undecided,New] https://launchpad.net/bugs/58297018:46
cybrocopsmoser: ok, found it: /usr/share/eucalyptus/gen_kvm_libvirt_xml. Will try to hack but other than that (assuming it shows the same error as in GRUB), where else can I turn to for help?18:47
SpamapSmathiaz: is puppet auto-registration already in lucid, or is that something we're doing for mavrick?18:47
mathiazSpamapS: hm - well - it depends what you refer to as auto-registration18:48
mathiazSpamapS: http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/18:48
mathiazSpamapS: I wrote a serie of blog post about using puppet with UEC/EC218:48
mathiazSpamapS: and outlined how to automate the signing process with Lucid18:49
mathiazSpamapS: it requires some external scripts though18:49
SpamapSmathiaz: Right, I am just remembering a session where you were talking about it, but don't remember if it was "this works now" or "this is what we're doing"18:49
mathiazSpamapS: so you probably refer to the puppet-bootstrap session18:49
mathiazon monday afternoon18:50
mathiazSpamapS: This is work to be done in maverick18:50
smosercybrocop, i really dont have a lot of suggestions.18:50
SpamapSmathiaz: right ok. :)18:50
smoserbut i think it is going to be a problem with the partition tabble being busted18:50
mathiazSpamapS: for testing purposes you can just turn on autosigning on the puppetmaster18:50
SpamapSmathiaz: btw I think we can do this very easily with puppet, and maybe even provide a way for people to override puppet with their own "run this to add node to load balancing"18:51
mathiazSpamapS: right18:51
mathiazSpamapS: we'd have to narrow down the use case18:52
mathiazSpamapS: I'd like to talk to nijaba as he is the one who initially brought up the BP18:52
mathiazSpamapS: one use case is to assume that there is a puppet infrastructure running18:53
mathiazSpamapS: and then we should outline how it can be leveraged to implement load balancing18:53
mathiazSpamapS: the other case is when you don't have a puppet infrastructure18:53
mathiazSpamapS: and we'd focus on providing an end user experience similar to the elasctic load balancing18:54
SpamapSUse case (not sure if its specific enough): Users want to deploy web servers rapidly, especially in cloud environments.. specifically they want to deploy heavy web apps that require multiple servers to sustain rapid response time...18:54
mathiazSpamapS: with just a command to run to register to the LB18:54
RoAkSoAxthat's the idea18:55
RoAkSoAxone command to register a webserver to the LB as well as considering adding more LB's18:55
SpamapSYeah the package name I was thinking was 'cloud-loadbalancer' and it would depend on puppet, and recommend cloud-loadbalancer-puppetconfig that would have a default set of modules setup to start haproxy on LB, and export configs from a class given in a debconf question18:55
SpamapSthen the single registration command just uses ralsh to add the node to the class18:56
SpamapSunregister removes it from class18:56
RoAkSoAxSpamapS: what if instance fails and never come backs again, but another does (wiuth different IP). The case of auto de-registering a webserver should be also considered18:57
SpamapSif you already have puppet.. should make things easier.18:57
mathiazSpamapS: hm - I wouldn't depend cloud-loadbalancer on puppet18:57
SpamapSmathiaz: then we have to write our own registration protocol/database.18:57
mathiazSpamapS: as setting up a complete puppet infrastructure seems a bit heavy-weighted18:57
SpamapSNot 100% against that at all18:57
mathiazSpamapS: right - that's the downside18:58
SpamapSbut it seems like puppet already does this.18:58
SpamapSwhich is what I'm testing right now on my little 5 node EC2 cluster I just fired up18:58
RoAkSoAxfrom my point of view, autoregistration of webserver to a LB can be easily down without having to use puppet18:58
RoAkSoAxs/down/done18:58
SpamapSRoAkSoAx: agreed, but will it be compatible and scalable at the organizational level.. we don't want to build another puppet if people already use puppet...18:59
RoAkSoAxSpamapS: we can use a similar implementation of autoregistration of UEC18:59
SpamapSI'm more concerned actually with just the 'add node' 'remove node' semantics.. the auto-reg part would be doable in init scripts or health check at that point.19:00
=== dendro-afk is now known as dendrobates
RoAkSoAxSpamapS: i.e. LB has a listener. Webserver is fired up and says "This is my IP, register me". Then LB registeres it and handles everything as it regularly does. This is what I've been thinking yesterday and investigating with UEC autoregistration features19:01
mathiazRoAkSoAx: how do you make sure that you don't register rogue machines?19:01
RoAkSoAxmathiaz: define rogue?19:02
SpamapSRoAkSoAx: yeah, I can do that. Is it a good idea to write that if puppet does that already though?19:02
cloakableRoAkSoAx: machines the administrator does not control19:02
mathiazRoAkSoAx: the LB needs to be sure that it's going to include a legitimate webserver19:02
mathiazRoAkSoAx: and not a random server showing up and knocking on its door19:03
RoAkSoAxmathiaz: can be done with certificates19:04
RoAkSoAxmathiaz: Is that the way it's done in UEC?19:04
mathiazRoAkSoAx: yeah - that's starts to look like puppet19:04
mathiazRoAkSoAx: well - UEC uses certificates to handle images uploaded to the cloud19:04
mathiazRoAkSoAx: however running instances don't have any credentials19:05
RoAkSoAxmathiaz: right. but I mean, in the UEC autoregistration feature that is implemented, that doesn't make use of any authentication mechanism?19:06
mathiazRoAkSoAx: nope19:06
mathiazRoAkSoAx: UEC auto-registration is used for *installing* a cloud19:06
mathiazRoAkSoAx: it uses avahi to detect the different components19:06
mathiazRoAkSoAx: auto-registration doesn't have anything to do with *running* instances19:06
RoAkSoAxmathiaz: I know. :). But I thought that for *installing* loadbalancing clusters and though, this can be also done in running instances19:07
mathiazRoAkSoAx: UEC uses ssh keys to talk between its various components19:07
SpamapSthere's a lot of *asterisks* in here19:08
RoAkSoAxmathiaz: I see... anyways that's just an Idea I had. To just start the webserver instance, broadcast itself to the loadbalancer for registration, and use something like a shared key for authentication19:09
RoAkSoAxmathiaz: as in the way heartbeat used to authenticate other nodes of the cluster when there were in autojoin method19:09
SpamapSRoAkSoAx: back in the day, thats how mod_backhand worked. ;)19:10
mathiazRoAkSoAx: that's an option19:10
mathiazRoAkSoAx: I wouldn't broadcast as instances may be in different availibity zones19:11
mathiazRoAkSoAx: *webserver* instances19:11
mathiazwhen a webserver instance is started pass in the IP/dns name of the load balancer plus the shared secret19:11
mathiaz(that's actually step 2.)19:12
RoAkSoAxmathiaz: indeed but instead of broadcast I'd say multicast :)19:12
mathiaz1. start a new LB instance (specifying a shared secret if needed)19:12
mathiazRoAkSoAx: not sure if multicast is working withing EC219:12
SpamapSyou guys are all having the same ideas I had yesterday, which is encouraging....19:13
RoAkSoAxmathiaz: enlight me in something, are availability zones view as VLANs?19:13
SpamapSdon't count on multicast even working on most private LAN's19:13
mathiazSpamapS: yeah - there aren't so many ways to solve the problem ;)19:13
mathiazsmoser: ^^19:14
RoAkSoAxSpamapS: I had similar ideas since I did my thesis with autoregistration and stuff but never tried to implement them :)19:14
RoAkSoAxSpamapS: in fact, advisors wanted me to do that as part as my thesis. Anways waht matters now is that we can resolve the issue together :D19:14
smoseri wouldn't think that multicast would work on ec219:15
smoserbut thats not definitve19:15
RoAkSoAxmathiaz: are availability zones viewed as different vlans? or broadcasts domains?19:15
mathiazsmoser: ^^?19:16
smoseravailability zones are basically labs. generally i dont think they share any sort of "local" networking19:16
smoserin ec2.19:16
RoAkSoAxsmoser: by local network you mean each availability zone has its own vlan for example?19:17
SpamapSyeah I doubt you can guarantee shared vlan19:18
SpamapSjust forget broadcast19:18
SpamapSsingle shared resource manager works better anyway19:18
RoAkSoAxSpamapS: well 1 vlan is 1 broadcast domain, that means network traffic is isolated from other vlans, so If i broadcast something in that vlan, the broadcast message will stay in that vlan19:18
RoAkSoAxnot even with intervlan routing the broadcast message will be braodcasted to other vlans19:19
SpamapSI see the attraction to braodcast..19:19
smoserok.  so i doubt that you can expect any broadcast to work.19:19
smosereven inside a availability zone19:19
SpamapSbut its just as easy to say "do a DNS request for 'puppet', find it, tell it you're here"19:20
smoserand almost certainliy not between them19:20
RoAkSoAxsmoser: is there any documentation on availability zones out there?19:20
smoseravailability zones are basically labs19:20
smoserphisical buildings separate from another19:20
RoAkSoAxsmoser: right but you can have Building 1 with VLAN 1, VLAN2 and Building 2 with VLAN 1 and VLAN2. And there'd be communication between hosts in the same vlan even if they are not in the same building19:22
SpamapSSo puppet needs to store configs for exported configs to work..19:23
RoAkSoAxsmoser: in a switched network that is19:23
SpamapSturning that on gets me Could not parse configuration file: StoreConfigs not supported without ActiveRecord 2.1 or higher19:23
SpamapSnot having much luck finding the package for that19:23
SpamapSor is it a bad errmsg and instead I need to setup a dsn of some sorts19:23
smoserok. so i dont think so.  i would expect for different az to be different networks.19:23
SpamapS? (10.248.246.1) at fe:ff:ff:ff:ff:ff [ether] on eth019:25
SpamapSthats my default gateway19:25
RoAkSoAxsmoser: do you know of any whitepaper/website that explains that?19:25
SpamapSsomething tells me..19:25
SpamapSthats not any sort of VLAN, but internal to the box. ;)19:25
SpamapSso I say again, broadcast has become useless unfortunately19:25
smoseri think that SpamapS has to be considered correct here.19:25
SpamapSBut, a little centralized service in a predetermined location *is* useful. :)19:25
smoserRoAkSoAx, i could only google19:26
RoAkSoAxsommer: yeah I already found documentation but there's no in-depth specification that's why I was asking19:27
RoyKRoAkSoAx: 802.1Q is your friend19:28
SpamapSif puppet, for whatever reason, doesn't work out for this..19:28
RoAkSoAxRoyK: I already know  802.1Q :)19:28
SpamapSI was already thinking of just providing a simple REST service for adding/removing nodes, and using client ssl certs for auth19:28
RoAkSoAxSpamapS: well now, in case broadcast wont work, we can just tell webserver to unicast "Hey I'm here, my IP is XX, add me" to the LB19:29
RoyKRoAkSoAx: then I don't get it - won't just a tagged vlan do the job?19:29
RoyKbroadcasts should work well over 802.1q19:30
RoAkSoAxRoyK: that's the same thing that i'm trying to say here :)19:30
RoyKdo you have a L3 switch or a router between the buildings?19:30
SpamapSRoAkSoAx: precisely. And this will be repeated whenever httpd is started..19:30
SpamapSRoAkSoAx: or whatever service is started.... meanwhile the LB will remove unreachable nodes after X number of minutes19:31
RoAkSoAxSpamapS: for example we can say. "Start WebServer instance for LB1 (which has XX.YY.ZZ.WW)" and tell the IP to the WebServer. When ever it is up it can just say "hey I'm up and running. Im ready to receive load, add me!!"19:31
RoAkSoAxRoyK: Well I don't have anything, we are discussing this on AmazonEC219:32
RoyKwon't you be using SLP or something for that these days?19:32
RoAkSoAxSpamapS: or whatever service we are starting. it'd be the same process19:33
SpamapSThis is, again, where puppet just rocks this space.. because puppet would be saying "on class web_backend, install the packages, start the services, and then load balance to them" .. the only piece then is to just have this puppet bootstrap tell the puppet master about the nodes19:33
RoyKRoAkSoAx: I don't get it - what are you trying to figure out?19:34
zorzarhey i just tried to upgrade a server from 8.04 to 10.04, now i can't connect to it via ssh, it hung on "Updating fontconfig cache for /usr/share/fonts/truetype/ttf-bitstream-vera" after removing unneeded packages and than the server reset the connection19:34
RoyKRoAkSoAx: summarise, please19:34
RoAkSoAxRoyK: I;m trying to figure out AmazonEC2 Availability zones. And if they share VLANs between them19:35
zuli doubt that information is anywhere19:36
RoAkSoAxSpamapS: Ok then :)19:36
zulknowing amazon19:36
RoAkSoAxzul: me too but at least they should give an idea if wether loadbalancing between availability zones consits on doing it in one single network (vlan) or not19:37
RoyKRoAkSoAx: I thought you were talking about different buildings and a local network19:37
SpamapSHeh.. they'll tell you to never rely on shared physical LAN19:37
RoAkSoAxRoyK: nope I was just trying to explain how vlan works19:37
RoyKk19:38
RoyKI thought that was common knowledge :)19:38
RoyKanyway - with today's hardware pricing, I wouldn't use a leased VM for anything, really19:38
RoyKjust my two cents19:38
erichammondThere is no broadcast in EC2.19:39
RoAkSoAxRoyK: well from my point of view, Companies would rather pay X amount of money to have their services hsoted in the cloud than Y amount of money on having hardware, losing space, and so on19:39
erichammondWhat other aspects of VLAN are you interested in for EC2?19:40
SpamapSheh.. working with EC2 sure does crap all over your known_hosts file. :-P19:40
SpamapSRoyK: we're also considering people who want to run a load balanced app in UEC easily19:40
SpamapSRoyK: and for that matter, just people who might want to load balance in a regular server farm19:41
RoyKRoAkSoAx: depends on the company - if you have hardware yourself and something goes wrong, fix it - if you have it all somewhere else and something goes wrong, pray to the nearest god that someone might fix it some day, AND that they have a nice backup. I'm not very religious, so I like keeping hardware19:41
smoserSpamapS, http://paste.ubuntu.com/436321/19:41
SpamapSsmoser: god bless you19:41
SpamapSI might have spent months doing it wrong without that. ;)19:42
RoAkSoAxRoyK: depends on the company :). Even the goverment has hardware running in third party dattacenters19:42
RoyKRoAkSoAx: we're just a small research institute (200 or so people, half of them researchers), and we still keep our own stuff19:42
SpamapShttp://www.doingitwrong.com/wrong/2924_IMG_0039.JPG19:42
RoAkSoAxRoyK: well in that case you *have* to have your own hardware19:43
RoyKwe do19:43
RoyKjust got this nice 16 core thing with 64 gigs of ram just to chew volcanic ash19:43
RoyK19:43
* SpamapS suggests Volcanic Ash as a new Jelly Belly flavor19:44
RoyKEyjafjallajökull Jelly Belly? :)19:45
RoAkSoAxerichammond: Availability zones share VLANs?19:47
=== bladernr_ is now known as bladernr-afk
SpamapSRoyK: maybe have the swedish chef promot it.. "nnn de fire going in to de mountain, yumy yumy BORK BORK BORK!"19:47
RoyKhehe19:48
erichammondRoAkSoAx: I don't think that is a valid question in EC2.  What aspect of a VLAN are you interested in?  I.e., what specific behavior or result are you looking for?19:48
RoyKthese eight-core amd processors perform rather well, btw :D19:49
erichammondRoAkSoAx: In the security sense, you can build your own VLANS across availability zones where only instances of a particular account and security group are in it (i.e., no other instances can see your traffic).19:49
RoAkSoAxerichammond: For i.e. AZ1 has VLAN 99 and AZ2 has VLAN 99. So, if host under vlan 99 in AZ1 would be able to community with host in VLAN 99 on AZ2 as if there were in the same network19:50
RoAkSoAxerichammond: s/commuynity/communicate19:50
erichammondRoAkSoAx: What do you mean by "community"?19:51
erichammondah19:51
erichammondRoAkSoAx: Communication between EC2 instances is controlled by EC2's concept of "security groups".  Availability zones are transparent to security groups.19:51
RoAkSoAxerichammond: Right but for example if I wanted to have 2 nodes in the same network, in different availability zones, would that be possible? I guess it would for what you explained above19:52
erichammondRoAkSoAx: You might be better off if you start with the idea that EC2 has no VLANs and then just learn about security groups.19:52
erichammondRoAkSoAx: There is no "same network" or "different network"19:53
erichammondRoAkSoAx: Yes, instances in different availability zones of the same region can communicate privately.19:53
erichammondRegions are groups of availability zones and nothing is shared between regions except for your basic AWS account authorization.19:54
RoAkSoAxerichammond: yes I saw that. I was just wondering about availability zones :) Thanks :)19:55
RoyKwhat would you guys recommend for virtualisation with automated failover between two hosts?19:55
RoyKkvm and nfs? xen?19:55
npopeRoyK: kvm with NFS19:55
smoserhggdh, ping19:55
pmatulisfor network installs (PXE), how do i point to installation media available by HTTP?  i'm looking at the pxelinux.cfg/default file19:55
erichammondRoAkSoAx: EC2 availability zones place no restrictions on networking except that it costs more for traffic between them and it generally is higher in terms of router hops.19:56
RoyKnpope: got a url with a description of how to do that best?19:56
cybrocopquick question on kvm syntax.  If I include -kernel or -initrd options, will -boot be ignored?19:59
npopeRoyK: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Virtualization_Guide/chap-Virtualization-KVM_live_migration.html its for RHEL based systems but the same basic steps apply19:59
RoyKnpope: thanks20:00
=== jjohansen is now known as jj-lunch
RoyKwas thinking of getting a couple of those 16-core (or 24-core) boxes and see how it works out20:01
npopeRoyK: we have had some luck with HP 380 G6 dual cpu quad core boxes.  pretty click if you ask me20:02
RoyKI guess we'll be using supermicro20:02
binBASHDid someone of you brake twitter btw.? http://www.picpaste.de/pics/Bildschirmfoto-Twitter_-_Over_capacity_-_Mozilla_Firefox.1274295427.png20:02
RoyKworks well with both linux and osol20:03
binBASHI'm getting this20:03
RoyKand doesn't cost a whole lot (16-core with 64gigs of ram for NOK 43k is not very expensive)20:03
hggdhsmoser, pong20:06
smoserhm... what was i going to ask you20:06
hggdhheh20:06
RoyK"how many road must a man walk down" is classic20:06
ne7workhello all20:13
ne7workplease someone help me with proftpd20:13
cybrocopsmoser: & all    In Eucalyptus, does the partition table get changed during the upload of bundle itself or when an instance is run?20:13
smosercybrocop, run20:14
cybrocopthx smoser20:14
smoserlook at partition2image20:14
smoseror some such on the node20:14
smoseri think its the same place you found the kvm  libvirt script20:14
=== pgraner-afk is now known as pgraner
SpamapShrm I'm stuck w/ puppet20:25
SpamapSmy nodes sent their cert reqs to the server..20:25
=== bladernr-afk is now known as bladernr_
SpamapSI signed them..20:25
SpamapSnow nothing works20:25
SpamapS:(20:25
SpamapSgetting some odd errors on the nodes20:25
* SpamapS decides to think it over at lunch20:26
RoyKne7work: ask a question about something you want to know - don't ask for a lecture20:31
ne7workRoyK, I don't know how to select directory for ftp user20:34
ne7workand how to set permissions on this directory20:34
RoyKafaik it's run under its own user, ftp20:35
RoyKlike vsftpd does it20:35
RoyKand probably all the rest20:35
hggdhzul: do you remember the name of the gobby for the server-qa-workflow?20:49
sommer_hggdh: I do it's: server-m-qa-workflow20:50
hggdhzul, thank you20:51
hggdhzul, do you have a copy? It seems it vanished from Gobby20:53
hggdhor I bloody cannot find it20:53
=== jj-lunch is now known as jjohansen
uvirtbotNew bug: #583044 in bacula (main) "package bacula-director-mysql (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/58304421:21
zulhggdh: sorry im busy with a sick kid here21:22
zulhggdh: ill try to find it in a bit21:22
hggdhzul: thank you21:22
Andre_francyshello21:34
Andre_francysneed help´me21:34
Andre_francyshow to configure ldap in the ubuntu 9.10 with file slapd.conf21:37
cybrocopsmoser: after investigation it looks like there is a bug in partition2disk that makes it ignore my image completely. https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/49480321:37
uvirtbotLaunchpad bug 494803 in eucalyptus "NTFS partitions aren't properly detected in partition2disk" [High,In progress]21:37
cybrocopbut that doesn't seem to be the cause of my problem.21:38
cybrocopsince it ignores my image anyway21:38
sommer_Andre_francys: slapd uses the cn=config backend in 9.1021:42
sommer_Andre_francys: the serverguide for lucid has instructions that work for 9.1021:43
sommer_https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html21:43
Andre_francysok i try21:44
lifelesskirkland: hey21:44
lifelesskirkland: you said something about being able to power off vms from virt-manager21:45
MTecknologyThis runs every three days in cron, right?  0 6 * * */3 /usr/local/sbin/config-branch-email > /dev/null21:45
=== dendrobates is now known as dendro-afk
ScottKMTecknology: man 5 crontab21:47
MTecknologyScottK: thanks - looks liek I got it right :)21:48
ccheneyi think it would be 0 6 */3 * *  but i might be wrong21:48
MTecknologywrong*21:48
MTecknologyccheney: I suppose that would make more sense21:49
ccheneyMTecknology: what you did might work but i am not sure, it might only run on tue/fri21:50
ccheneyor something like that, maybe more like sun,wed,sat21:51
MTecknologyccheney: I'm interested in finding out :P - I'll test it21:51
ccheneylooks like it would be 0,3,6 whatever that maps to21:51
MTecknologySo.. do you guys know of any way to manage passwords between groups of users?21:52
=== dendro-afk is now known as dendrobates
zulhggdh: i dont have it...maybe mathiaz22:04
MTecknologyzul: hey.....22:04
zulMTecknology: hi22:05
MTecknologyzul: how's it going?22:05
hggdhzul, thanks anyway. mathiaz -- do you have a copy of the gobbydoc server-m-qa-workflow?22:05
zulMTecknology: good dealing with a sick kid22:05
* SpamapS just ate a ridiculous amount at the indian buffet22:05
MTecknologyzul: tell 'em i said they better get better :) ... I was thinking.. since you're brilliant...22:06
MTecknologyzul: Any chance you could make a repo with php-fpm available for lucid?22:06
zulMTecknology: maybe if i had time22:06
MTecknologyzul: I tried and failed miserably22:09
uvirtbotNew bug: #494803 in eucalyptus "NTFS partitions aren't properly detected in partition2disk" [High,In progress] https://launchpad.net/bugs/49480322:12
mathiazhggdh: http://people.canonical.com/~mathiaz/server-m-qa-workflow22:20
=== dendrobates is now known as dendro-afk
hggdhmathiaz: thank you22:24
kirklandlifeless: yeah, you should be able to22:42
kirklandlifeless: if your guest is totally up to date22:42
kirklandlifeless: there's an update for acpid you need in your guest22:42
kirklandlifeless: (and you might have to install acpid in your guest, if you don't have it already22:43
lifelesskirkland: ah, it wasn't installed22:56
lifelesskirkland: thanks.22:56
kirklandlifeless: sure22:56
kirklandlifeless: i've toyed with the idea of adding that to the server seed22:56
kirklandlifeless: file a bug, if you think it makes sense22:56
lifeless\o/ success22:56
DrUnKnMuNkYhey, i upgraded ubuntu server 8.04 to 10.04 and now i'm stuck in an initramfs prompt. anything i can do from there? it's a server i don't have physical access to :/22:56
lifeless+122:56
kirklandlifeless: how bad were the dependencies?22:57
breakd0wnhello, I am having trouble installing 10.4. Basically the cd boots, I partition, format, looks like it installs base, then get a prompt22:57
breakd0wnPlease insert the disk labeled 'Ubuntu Server 10.04 LTS amd64 20100427 in the drive /cdrom and press enter22:57
breakd0wnI did a disk check and it checked out ok22:58
lifelesskirkland: none grabbed22:58
lifelesskirkland: but I have apache, postgresql and an lp dev environment in the vm already22:58
lifelesskirkland: what would actually be awesome22:58
lifelesskirkland: would be virt-manager adding acpid automatically when you make a new ubuntu vm22:59
lifelessregardless of server/desktop/etc22:59
kirklandlifeless: well, virt-manager tries to be ignorant of what's running the guest22:59
lifelesskirkland: sure, but doing an install is different23:00
lifelessI'm not saying 'do magic to existing vms'23:00
kirklandlifeless: well, same applies, but i haven't thought too hard about it23:02
JanCDrUnKnMuNkY: try to find out why it stops in initramfs?23:02
DrUnKnMuNkYJanC: this is all I can see: http://pastebin.com/wZdpWpeT , it's a VPS and I don't have access to a real console and this is all I can see after it boots and I'm stuck in the initramfs prompt23:04
JanCDrUnKnMuNkY: looks lik it doesn't find the disk with UUID da7aeb45-568f-4677-8f23-286d10a3d673 and judging from the errors above it, that's probably your /23:07
JanCtry to mount / manually23:08
DrUnKnMuNkYthere's nothing in /dev23:09
DrUnKnMuNkYwell not nothing but no disks, there's console, null, pts, and tty1-623:10
uvirtbotNew bug: #582740 in openssh (main) "Forwarded ports not closed to remote ssh2 server in FIN_WAIT_2" [Undecided,New] https://launchpad.net/bugs/58274023:21
=== dendro-afk is now known as dendrobates
meglioHi guys. I'm feel like I got something wrong with my difficult scheme of ubuntu installation with raid & non-raid partitions. And now it does not boot at all, hovewer I have successfully finished installation in expert mode. Can anyone help  me to figure out what is the problem?23:22
megliois this is right place to ask a help like this?23:23
flybackI don't see why it's not a good place to ask :)23:23
flybackbut I am too rusty to help23:23
flybackwith bootloaders23:23
megliothanks flyback. anyone else here can help?23:24
flybacki'm sure if anyone is around so idle here23:25
meglioflyback, are you familiar with GRUB at all?23:27
flybacknot really23:27
flybackI never quite learned it vs lilo23:27
flybackand was away from linux for many yrs23:27
flybackdue to various reasons23:28
* flyback bbl23:30
RoAk,/quit23:31
=== unreal_ is now known as unreal
JanCmeglio: there are some tutorials around about fixing grub; e.g. maybe devices got enumerated differently while booting from the installer medium23:32
JanCor maybe grub doesn't really support your raid setup23:33
meglioJanC, I have reall all the devices but I cannot figure out the problem. I'm newbie with ubuntu at all, and I'm working latest 30 hours non-stop with hope to alive this server.23:33
meglioIf you can help, here is my situation....23:34
meglioI have 4 HDD drives. On first drive I have bootable partition outside raid, with mountpoint=/boot23:34
meglioeverything else I have in RAID10, and then partioned by LVM. first logical partition has moutpoint= / (root).   This all I have done in server expert mode installation, in manual partitioning.23:35
meglioone of installation steps was to select what bootloader to install. I selected GRUB and then /dev/sda1 as the destination path for installation. After this it just does not bootup at all...23:37
meglioeg, /dev/sda1 is bootable partition (mountpoint = /boot and with *bootable flag).23:38
JanCgrub should go into /dev/sda, not /dev/sda123:38
meglioI tried both variants in last 2 hours, neither works.23:38
megliowell, ubuntu tells itself that it can be installed on sda1 too - it even shows this as an example before INPUT.23:39
meglioI have IPMI (KVM over lan) if you would like to try to look at what I have not remotely in console. just in the case you will want to try to help.23:40
megliotyping eror, *not remotely - I wanted to say remotely, without NOT23:40
SpamapSok so I seem to have discovered a fairly heinous bug in libruby1.8's net/http.rb file in which real error messages are lost because of an undefined method exception..23:42
SpamapSshould I report it to ruby.. or against the ubuntu package and let it float up stream from the maintainer?23:42
meglioJanC, any idea?23:43
JanCSpamapS: both, and link the upstream bug to the LP/ubuntu bug if possible  ;)23:44
=== unreal_ is now known as unreal
SpamapShttps://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/56143223:46
uvirtbotLaunchpad bug 561432 in ruby "Improper undefined method error" [Undecided,Fix released]23:46
SpamapSlooks like it has been reported23:47
megliowhy do not I see sda, sdb etc when typing ls /dev  ?23:48
JanCmeglio: you're inside a rescue console?23:49
meglioI'm loaded from Ubuntu Live CD23:49
meglio.... still trying to fix my server bad installation problem.23:49
megliowant to try to install GRUB manually23:50
JanCis this hardware raid or fake raid or such?23:50
megliosoftware raid. adjusted in manual mode in expert installation mode23:50
megliobut /boot is outside raid23:51
JanCeh, but not seeing anythin in /dev is really weird23:51
JanCyou sure there is no hardware problem?  :-/23:51
megliohere is what I see http://i49.tinypic.com/169rf5t.png23:52
JanCyou might also want to look into /dev/mapper & /dev/disk (but it's really weird)23:53
megliobut if I'll start installation process again it will show me all 4 drives and I'll be able to partion everything again - did it 2 times today already.23:54
meglioJanC, here it is (mapper and disk) http://i46.tinypic.com/13zynq.png23:55
JanCthe stuff in /dev/mapper looks like fake raid23:56
JanCdmraid stuff23:57
meglio??23:57
meglioJanC, my motherboard supports only e rade (not true hardware rade), so I turned off my controller in bios at all. How can it be fake raid then? hm.....23:59
meglio*only fake rade23:59
flybackwhat chip is the raid23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!