[00:00] <bc> Nonpython: look for -t option in /etc/default/bind9. Is it there? e.g. /var/lib/named
[00:01] <Nonpython> no, just "-u bind"
[00:01] <Nonpython> if OPTIONS
[00:01] <Nonpython> s/if/in/
[00:01] <bc> Nonpython: see if user bind has permissions to read/write /var/run/named.pid, for example
[00:02] <Nonpython> /var/run/named.pid does not exist.
[00:03] <bc> Nonpython: see if running named-checkconf spits out any problems
[00:03] <Nonpython> ok
[00:03] <Nonpython> /etc/bind/named.conf.options:27: unknown option 'zone'
[00:03] <Nonpython> /etc/bind/named.conf.options:32: unknown option 'zone'
[00:04] <bc> Nonpython: can you pastebin /etc/bind/named.conf.options?
[00:05] <Nonpython> http://pastebin.com/S02aqCMm
[00:06] <bc> Nonpython: those errors may be in /var/log/daemon.log or /var/log/messages as well. See if any other hints are in there.
[00:06] <bc> Nonpython: "Unknown paste ID, it may have expired or been deleted!"
[00:07] <bc> Nonpython: FYI you might also like `apt-cache show pastebinit`
[00:08] <Nonpython> http://www.pastie.org/966716
[00:09] <bc> Nonpython: move zone blocks outside of options { };
[00:10] <Nonpython> ok
[00:11] <Theravadan> do-release-upgrade claims there are no new releases despite being on 8.04.1
[00:12] <mathiaz> Theravadan: that's normal. LTS to LTS upgrade will only be enable when 10.04.1 is released
[00:12] <Theravadan> mathiaz, darnit
[00:13] <mathiaz> Theravadan: https://wiki.ubuntu.com/MaverickReleaseSchedule <- this is currently scheduled for end of july 2010
[00:14] <bc> f1yback: Re: that 4" thick thinkpad, I have no idea what I'm going to do with it :P
[00:15] <Theravadan> mathiaz, hmm if I change /etc/update-manager/release-upgrades such that Prompt=normal can I go to 8.04?
[00:15] <mathiaz> Theravadan: I don't know
[00:15] <mathiaz> SpamapS: o/
[00:15] <Theravadan> mathiaz, hmm i'll try it with a non-essential machine
[00:16] <f1yback> bc well don't toss it
[00:16] <f1yback> first thing you should do with it though is run dban on it
[00:16] <f1yback> a) to clear the preverious own's data
[00:16] <f1yback> b) also gives the hd a chance to reallocate any sectors going bad
[00:16] <f1yback> previous owner
[00:16] <f1yback> sorry long day
[00:17] <Theravadan> cross your fingers - upgrading
[00:19] <bc> f1yback: first order of business is to pretend in a Starbucks I think.
[00:19] <f1yback> hahah
[00:19] <f1yback> only problem with that is if it has someone else's porn on it
[00:19] <f1yback> that's why I always wipe boxes I am given or find on the street side on trash day
[00:19] <f1yback> also just because it's none of my damn business what was on there
[00:20] <bc> f1yback: that's actually pretty scary now that you brought it up.
[00:20] <f1yback> yeah i'd wipe the hd
[00:21] <f1yback> do make a backup of the recovery sw and/or partition first if you plan to reuse the os it came with
[00:21] <f1yback> then just wipe it with dban or mhdd if you can inititalize the "ATA security erase unit" command
[00:21] <f1yback> mhdd has the added bonus of surface testing and smart log checking
[00:22] <enav> hi!!!!!!!
[00:22] <f1yback> hi
[00:24] <Nonpython> I have a ton of errors from Bind! http://www.pastie.org/966742
[00:24] <Kutakizukari> Upgraded my Ubuntu 9.10 to Ubuntu 10 and it also upgraded my php 5.2 to php-5.3. How can I downgrade to php version 5.2 again?
[00:27] <bc> Nonpython: part of that is permissions. make sure user bind can read those files that you're getting permission denied on.
[00:27] <bc> Nonpython: if possible, pastein one of those zone files
[00:33] <ryoohki> does anyone have a copy of /etc/apt/sources.list from a fresh U.S.A. install of unbuntu server 10.04
[00:33] <ryoohki> ????
[00:34] <JanC> ryoohki: I think people gave you that already...
[00:34] <ryoohki> i didn't see it
[00:35] <ryoohki> JanC: USA?
[00:35] <Nonpython> http://www.pastie.org/966760
[00:35] <Nonpython> is db.trueblogtales.com
[00:39] <Theravadan> oh yeah just upgraded from 8.04.3 LTS to 10.04
[00:41] <bc> Nonpython: your CNAMEs are a problem. try this, but update your serial first, and maybe clean up my fubar formatting. http://www.pastie.org/966770
[00:42] <bc> Nonpython: I don't think that should give you any problems, but try loading just that zone, then clear up the error log, then load the other zones
[00:45] <Nonpython> Two errors: 18-May-2010 23:44:53.537 couldn't add command channel 127.0.0.1#953: address in use
[00:45] <Nonpython> 18-May-2010 23:44:53.537 couldn't add command channel ::1#953: address in use
[00:45] <Nonpython> And a third: 18-May-2010 23:44:53.539 zone trueblogtales.com/IN: NS 'ns.trueblogtales.com' has no address records (A or AAAA)
[00:46] <bc> Nonpython: for the NS, you need: IN    A 69.175.115.18
[00:46] <Nonpython> ok.
[00:47] <bc> Nonpython: sorry: ns  IN  A 69.175.115.18
[00:48] <Nonpython> What do the first two mean?
[00:48] <bc> Nonpython: try this (also update serial again, don't use the one in the paste) http://www.pastie.org/966770
[00:49] <bc> Nonpython: only change is line 15
[00:49] <Nonpython> I did exaCTLY that
[00:49] <Nonpython> (sorry my kb is borked)
[00:49] <smoser> binBASH, sorry, i don't.
[00:50] <smoser> binBASH, if you're having issues, please do open a bug
[00:50] <bc> Nonpython: are you saying your file looks exaclty like that, minus the serial, and you are still getting 'NS 'ns.trueblogtales.com' has no address records'?
[00:51] <Nonpython> No, the ...couldn't add command channel... errors.
[00:54] <bc> Nonpython: stop and start bind
[00:54] <f1yback> question, is squash just really sensitive to cdrom read errors or does getting low on ram cause squashfs to shit
[00:54] <Nonpython> the latter
[00:54] <f1yback> I seen this way too much on a variety of machines and hardware
[00:54] <f1yback> ah
[00:54] <Nonpython> What do I do with the reverse zone if I have two domain names with the same first three octets but have different last octet?
[00:55] <f1yback> and I was running a program designed to fill up the ram
[00:55] <Nonpython> So Yeah.
[00:55] <f1yback> thx
[00:55] <Nonpython> I should know, I practically maintain it.
[00:56] <f1yback> hahaha ;)
[00:56] <f1yback> thx I wanted to make sure my hw was stable
[00:56] <f1yback> so using memtest.sh
[00:56] <f1yback> amazing though I can run months on a livecd on my main desktop
[00:57] <f1yback> my laptop which is actually better hw shit but since I switched it to a usb flash drive works fine
[00:57] <tsimpson> f1yback: please watch the language in here
[00:57] <BrixSat> hello any one with squid experience?
[00:57] <f1yback> ok
[00:58] <f1yback> so squashfs gets *CANUCKED* easily
[00:58] <f1yback> there
[00:58] <BrixSat> i need to password protect my proxy but i dont know wich acl to use
[00:58] <bc> Nonpython: if I understand you correctly, you use the same file. You want PTR records.
[00:59] <Nonpython> Yay!
[00:59] <bc> Nonpython: similar to the CNAME.. e.g. 1  $TTL IN PTR foo.
[01:00] <f1yback> oh and you are one too
[01:00] <f1yback> that explains it
[01:00]  * f1yback bites Nonpython 
[01:00] <f1yback> CANUCK!
[01:01] <Nonpython> flyback: not true, I am from Blane, Washington, also known as Meth Lab Estates.
[01:01] <Nonpython> Which is literally on the border.
[01:02] <Nonpython> I moved there in case I had to move to Canadia.
[01:03] <f1yback> oh wavecable
[01:03] <f1yback> not wave.home.com
[01:03] <Nonpython> Yeah.
[01:04] <Nonpython> Same company.
[01:04] <f1yback> no there's a canuck isp called wave
[01:04] <Nonpython> Yeah, wavecable operates in canada as just "wave".
[01:04] <Mkools> Hi, please help today is my external on major project. I am able to deploy my .war but not able to run servlet and jsp code on it, getting exception error.root cause
[01:04] <Mkools> com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failur
[01:09] <Nonpython> How can I setup reverse DNS for a second domain on a IP address that is identical except for the least significant octet already has a domain with reverse DNS stuff?
[01:11] <qman__> Nonpython, you can set multiple reverse DNS for one IP, but they get served round-robin style
[01:11] <qman__> you don't get all of them, just whichever one is up next
[01:11] <Nonpython> Not the same IP.
[01:11] <Nonpython> Say you have a server with the IP 42.42.42.42
[01:12] <Nonpython> and that has the domain example.com.
[01:12] <Nonpython> but you also have 42.42.42.43 that hosts example.net.
[01:12] <Kutakizukari> Found the solution to my problem, if anyone needs to revert back to php version 5.2 from php 5.3 after upgrading Ubuntu then here it is: http://ubuntuforums.org/showthread.php?p=9152778
[01:12] <Nonpython> How do you set up reverse IP for the latter?
[01:13] <qman__> same way as the first
[01:13] <Nonpython> I am a tard. :(
[01:13] <qman__> 42.42.42.42.in-addr.arpa  IN PTR  example.com
[01:13] <Nonpython> YAY!
[01:13] <qman__> 43.42.42.42.in-addr.arpa  IN PTR  example.net
[01:13] <ScottK> Kutakizukari: Please don't encourage people to use unsupported PHP versions.  That last thing one should run is a PHP that doesn't have security support.
[01:14] <ScottK> If you need 5.2, don't upgrade to Lucid until your're ready for 5.3.
[01:14] <qman__> those should have trailing dots, but you get the idea
[01:14] <Nonpython> I know, I am smrt!
[01:15] <Kutakizukari> ScottK, drupal needs 5.2 not 5.3. I was not aware that it would do that.
[01:15] <Kutakizukari> many have the same problem and the solution was difficult to find.
[01:15] <ScottK> That solution isn't a solution.
[01:15] <Kutakizukari> for me and many others it is
[01:15] <ScottK> I understand you think it is.
[01:16] <ScottK> Are there bugs about Lucid's drupal not working?
[01:16] <Kutakizukari> just the version 5.3 will not run drupal it needs php version 5.2
[01:17] <qman__> rather than downgrading PHP, this should have been reported as a bug in the drupal package for lucid
[01:17] <qman__> so it could be fixed
[01:17] <qman__> rather than having people run old, potentially insecure software
[01:18] <Kutakizukari> no bugs just an option to not upgrade php version 5.2 to 5.3 would have been nice
[01:18] <qman__> not working on 5.3 IS a bug
[01:18] <Kutakizukari> ok
[01:19] <ScottK> Supporting one version of PHP per release is more than enough.
[01:20] <Kutakizukari> understand you point
[01:41] <Kutakizukari> there is a bug http://drupal.org/node/360605
[01:57] <jetole> Hey guys. Does anyone know of a FTP server that will allow me to use active directory to authenticate users?
[02:06] <kirkland> SpamapS: howdy
[02:08] <Mkools> hey man can anybody help.
[02:13] <nealmcb> !ask | Mkools
[02:15] <nealmcb> Mkools: ahh - I see your earlier question now.  Sorry I can't help....
[02:36] <aruj> I'd like to install a pastebin server for my intranet. Any suggestion?
[03:00] <pmatulis> jetole: i know pureftpd can authenticate against ldap so it should work
[03:24] <celeborn999> has anyone had any luck getting wordpress to work with ssl and apache?
[03:27] <maxagaz> hi
[03:29] <maxagaz> I can't see autofs anymore in "ps aux" on lucid, why ?
[03:29] <maxagaz> how else should I check running processes ?
[03:50] <enav> apparmor can do that
[04:13] <RoAkSoAx> kirkland: ping?
[05:02] <Nonpython> I looked at my server and there was only 2MB of RAM free, and I looked and found that there were 12 Apache web server processes running! What could cause this?
[05:02] <slackster> having apache2 installed, and it being used
[05:03] <slackster> I have 10 spawned
[05:04] <slackster> you can mess with apache settings to lower the number, but it should be fine as is.
[05:05] <Nonpython> Should it be eating up ~300MB of ram on a server with 2 unheard of websites?
[05:07] <slackster> Nonpython: no, I don't think so
[05:07] <Nonpython> WTF is it wrong?
[05:07] <Nonpython> (My english is not good)
[05:08] <slackster> I think I get the picture, but I don't know what is wrong.. maybe #httpd can help\
[05:09]  * slackster is inserted in what is wrong, however
[05:09] <ajmitch> where are you getting the 300MB number from?
[05:09] <slackster> interested
[05:10] <ajmitch> merely adding up the memory used by each process won't give you an accurate number
[05:10] <Nonpython> ajmitch: top and statistics skills.
[05:11] <Nonpython> Combined the percentages and calculated based off of my meager 384MB
[05:12] <ajmitch> taking into account memory used for buffers/cache?
[05:12] <Nonpython> Huh?
[05:13] <ajmitch> the point being that free memory is essentially wasted, and the kernel will use it
[05:13] <ajmitch> see the output of 'free -m', specifically the line about buffers/cache
[05:13] <Nonpython> It was a mod_php thread and memory leak.
[05:14] <ajmitch> PHP would do it..
[05:14] <Nonpython> It was filling up its memory and spawning a new thread to have more.
[05:31] <deslector> hi, any idea how ubuntu installer treats a home partition which already has an encrypted home folder with the same name as the username you are creating on the installer?
[05:33] <Nonpython> No
[05:36] <deslector> hmm... I will have to test that on a VM first, then :-)
[05:36] <deslector> Nonpython, thanks
[05:36] <twb> deslector: encrypted how?
[05:37] <deslector> twb, I have an installation of 9.10 with /home on a separate partition
[05:37] <deslector> twb, on that partition, user foo has his encrypted home folder
[05:37] <deslector> on that partition too, there is a .ecryptfs folder
[05:38] <deslector> I want to do a fresh install with 10.04
[05:38] <Nonpython> You will lose it.
[05:38] <deslector> twb, when I get asked to create a user, i want to create the user foo
[05:38] <twb> Huh.
[05:39] <deslector> I am wondering if the installer will overwrite something as to make my old home unreadable or if it will recognize what is happening and simply use what is already there
[05:39] <twb> I've never seen per-user file-level encryption like that.  It sounds insane.
[05:39] <deslector> I plan to use the same password as before for user foo
[05:39] <twb> I guess ubuntu is using a fuse crypto layer and a loopback mount or something
[05:39] <deslector> twb, this is regular "encrypted home" ubuntu feature
[05:40] <deslector> I didn't tweaked it or anything
[05:40] <twb> It wasn't there in 8.04, so I don't know about it.
[05:40] <apctr> hi all i installed ubuntu-desktop package on my ubuntu server edition..but gui doesn't come when i boot my system...plz tell me wht is the next step
[05:40] <deslector> twb, ok, thanks...
[05:40] <twb> deslector: is there a reason you're reinstalling Ubuntu rather than just upgrading?
[05:41] <deslector> twb, just my OCD, I guess... :-)
[05:42] <slackster> doesn't update installer ask whether to keep config files before replacing.. in this case passwd files?
[05:42] <slackster> I would think it would be ok
[05:42] <slackster> *think*
[05:43] <deslector> slackster, I'm not updating, I'm doing a fresh install... that's the thing
[05:45] <apctr> how to take gui option in server 9.10??
[05:45] <slackster> fresh install should overtwrite everything?
[05:45] <slackster> apctr: which GUI..
[05:46] <deslector> slackster, that's what I would think... just wondering if the installer was "smart" enough to recognize this scenario...
[05:46] <apctr> slackster: i installed ubuntu-desktop package but it will satrt only in terminal mode...
[05:46] <slackster> apctr: try "startx"
[05:47] <apctr> slackster: i tried but it fails
[05:47] <slackster> deslector: sorry, I don't know it well enough
[05:47] <slackster> apctr: what about "sudo /etc/init.d/gdm start"
[05:47] <KenjiPops> apctr: you may need to configure X first
[05:47] <deslector> slackster, don't worry... I'll just try it on a VM first :-)
[05:48] <deslector> (plus, I always back up my data when doing dangerous stuff :-)
[05:48] <Nonpython> What package is mpm_netware in?
[05:49] <apctr> KenjiPops: how to configure it?
[05:49] <KenjiPops> apctr: sudo dpkg-reconfigure xserver-xorg
[05:51] <apctr> slackster: it is showing some error :upstat job
[05:57] <deslector> ok, found the answer
[05:57] <deslector> http://ubuntuforums.org/showthread.php?t=1463392
[05:57] <deslector> last post
[05:57] <deslector> :-)
[05:59] <slackster> deslector: glad you figured it out. :)
[06:00] <slackster> hopefully it works as planned
[06:00] <twb> The installer is probably dumb, because you aren't expected to *re*install, you're expected to upgrade
[06:05] <deslector> twb, yep, that's what I thought too... but the post I linked before says otherwise...
[06:06] <twb> I trust forum users about as far as I can throw them
[06:06] <deslector> twb, "throw them" ?
[06:07] <twb> An idiom.
[06:07] <twb> I mean: "I do not trust forum users"
[06:07] <deslector> twb, oh, ok... well, I wouldn't trust my /home either... that's why god invented backups ;-)
[06:08] <deslector> twb, anyway, thanks for your time :-)
[06:12] <Nonpython> How do I install mpm_netware on ubuntu 8.04?
[06:12] <twb> Nonpython: never heard of it.  What is it?
[06:12] <Nonpython> apache module.
[06:13] <twb> Ah, apt-file indicates it's part of the apache2 package.
[06:13] <Nonpython> Except for the fact that I have that package and it is not there.
[06:14] <twb> Perhaps it is not a DFSG-compliant component?
[06:15] <Nonpython> DFSG?
[06:15] <twb> Debian Free Software Guidelines; an early definition of "open source".
[06:16] <Nonpython> Ahh, old baggage from epicfailbian.
[06:17] <twb> Here's the apt-file results as a web page: http://packages.ubuntu.com/search?searchon=contents&keywords=mpm_netware&mode=filename&suite=lucid&arch=any
[06:17] <f1yback> yeah
[06:17] <f1yback> I think I know what I need to do
[06:18] <Nonpython> Only the documentation is there!
[06:19] <f1yback> you reach a point where you get defeated enough times you decide that you have had enough
[06:19] <twb> The documentation seems to indicate that mpm-netware is only useful if you're running netware, which sounds like a separate OS (i.e. not ubuntu).
[06:19] <Nonpython> yeah.
[06:20] <Nonpython> I'm going CentOS.
[06:20] <Nonpython> twb: it is.
[06:20] <twb> So why do you want *Ubuntu's* apache2 to have mpm_netware?
[06:21] <Nonpython> I need to limit apache's number of threads because it is raeping my memory in the butt,
[06:21] <Nonpython> .
[06:21] <twb> I don't think switching to netware is the right way to achieve that.
[06:21] <slackster> Nonpython: I was going to recommend freebsd..
[06:22] <slackster> seems very light to me
[06:22] <twb> Nonpython: have you asked #httpd (the Apache channel) about it?
[06:22] <Nonpython> 8 times, no responce.
[06:22] <twb> Did you ask about limiting memory usage, or about installing mpm-netware on Ubuntu?
[06:23] <twb> Did you wait several hours for a response?
[06:23] <Nonpython> I found out about mpm-netware through them, then I asked about ubuntu installs 8 times.
[06:23] <Nonpython> They won the useless award for uselessness.
[06:24] <twb> You should be telling them the symptoms (i.e. "I'm running out of memory"), not trying to diagnose it yourself (i.e. "how do I install mpm-netware?").
[06:26] <Nonpython> I have.
[06:26] <twb> OK, then there's not much more I can do.
[06:27] <SpamapS> Nonpython: is this a purely static server?
[06:28] <Nonpython> No, it runs PHP scripts out the ass.
[06:28] <SpamapS> PHP in threaded apache?
[06:28] <Nonpython> Yes.
[06:28] <SpamapS> or PHP in fastcgi mode w/ threaded apache?
[06:28] <SpamapS> ok threaded PHP is *a waste of time*
[06:28] <Nonpython> I do not know
[06:29] <SpamapS> each thread must use its own pool of memory..
[06:29] <Nonpython> What is this "fastcgi" thing?
[06:29] <SpamapS> it gains *no benefit* by being thread safe.. but does cost because of the mutexes.
[06:29] <Nonpython> I assume that it is faster CGI.
[06:29] <SpamapS> fastcgi runs php on the backend independent of the webserver
[06:29] <SpamapS> In cases where you want to serve static and php or mixed languages, its a good choice.
[06:30] <SpamapS> In cases where you just have PHP, mod_php in prefork mode is by far the most stable and highest performing configuration
[06:31] <slackster> Nonpython: where are you getting these memory readins from?
[06:31] <SpamapS> Nonpython: but let me make this very clear. *threaded MPM + PHP is a waste of time*
[06:31] <Nonpython> Ok.
[06:31] <slackster> Nonpython: run "free -m" and subtract cached
[06:31] <SpamapS> Have spent extensive time trying to make that work well. The issue is that Zend's memory allocator is not stable enough to share one pool of RAM.
[06:32] <slackster> and buffers
[06:32] <SpamapS> yeah its just a big damn joke
[06:32] <SpamapS> that they even suppor threading.. totally stupid
[06:32] <Nonpython> 212 used MB.
[06:32] <slackster> Nonpython: so you have more than 2MB free now... ;)
[06:33] <slackster> Nonpython: you should be ok
[06:33] <Nonpython> No, this is without apache.
[06:33]  * Nonpython is stupid
[06:33] <slackster> you've stopped apache?
[06:33] <Nonpython> Yes.
[06:33] <twb> I didn't think you could even HAVE threaded PHP
[06:33] <SpamapS> The only time where a pure PHP workload makes sense w/ fastcgi is when you are going to have a ridiculously high number of clients running PHP scripts ... but then you should be using lighttpd or nginx for your fastcgi frontend.
[06:33] <twb> Doesn't apache-php5 force you to use apache2-mpm-stinky ?
[06:34] <SpamapS> twb: look up "ZTS" aka "Zend Thread Safety"
[06:34] <twb> SpamapS: heh, I don't care THAT much :-)
[06:34] <Nonpython> 381 MB of 384 MB including cache.
[06:34] <SpamapS> twb: ^5. :)
[06:34] <twb> IMO anyone running PHP is already lost
[06:34] <Nonpython> not including cache.
[06:34] <SpamapS> PHP has its moments. :)
[06:35] <Nonpython> twp: I need mah schweet wordpress.
[06:35] <slackster> Nonpython: don't worry about the cache
[06:35] <twb> Eh, it's moment was being perl for people who didn't already know perl.
[06:35] <slackster> or not..
[06:35] <Nonpython> I know perl.
[06:35] <twb> Nonpython: yes, well, wordpress doesn't exactly have a hot security record.
[06:35] <Nonpython> and I hate PHP.
[06:35] <twb> Nonpython: this was back in the 90s when all web code ran on perl.
[06:36] <Nonpython> It stole mah throne!
[06:37] <SpamapS> twb: php was to perl as Windows 1.0 was to Mac OS
[06:37] <SpamapS> dumb it down, make it cheap and people will buy it.
[06:38] <Nonpython> Choosey programmers choose Perl.
[06:38] <Nonpython> To referance weird peanut butter.
[06:39] <Nonpython> How do I set up FastCGI?
[06:39] <SpamapS> Nonpython: I run wordpress on a Xen instance w/ 384MB of RAM .. it works fine
[06:39] <twb> SpamapS: yeah
[06:39] <SpamapS> apache    2233  0.4  4.9  34120 18848 ?        S    22:02   0:10 /usr/sbin/httpd
[06:39] <SpamapS> apache   18689  0.5  5.2  34884 20180 ?        S    21:41   0:17 /usr/sbin/httpd
[06:39] <SpamapS> just use prefork. :)
[06:40] <twb> *prefork*, that's what I was trying to remember (re. "stinky" above)
[06:40] <SpamapS> twb: I was hoping somebody had called it stinky. :)
[06:40] <twb> SpamapS: presumably that 384 MB is a xen instance that *just* runs wordpress?
[06:40] <SpamapS> and courier-imapd
[06:41] <SpamapS> and postfix
[06:41] <SpamapS> and irssi :)
[06:41] <SpamapS> oh and mysqld for wordpress
[06:41] <twb> Ah, OK, so you're not taking a one-jail-per-service approach.
[06:41] <SpamapS> no, you're pretty much pwning me on the next wordpress vuln
[06:42] <twb> :-)
[06:42] <Nonpython> My VPS runs Bind 9, Apache 2, Mod_PHP, MySQLd, Courier, and Postfix.
[06:42] <SpamapS> oh I have BIND too
[06:42] <SpamapS> another one with a great record
[06:43] <twb> I wouldn't know; the systems I've set up (as opposed to adopting) run dnsmasq for DNS caching, and have their DNS records hosted elsewhere.
[06:43] <twb> I don't think hosting your own DNS records is best practice anymore...
[06:44] <SpamapS> yeah I have moved away from it more and more
[06:44] <SpamapS> last few domains I registered I just let the registrar do it.
[06:44] <SpamapS> included for free and works quite well
[06:44] <twb> Not that I know much about dnsmasq's security record, but it's only internal-facing, so less of an issue.
[06:45] <twb> And getting three services from a single easily-configured daemon is a pretty nice win :-)
[06:54] <Nonpython> I tried fastcgi, it made things worse. I lost 1MB.
[06:58] <Nonpython> Brave Brave Sir Nonpython, Bravely installed CentOS, Bravely thought Ubuntu kinda sucks for servers!
[07:00] <Nonpython> btw, I love Ubuntu on the desktop and lappy, but if falls on its face as a server.
[07:04] <twb> Please take your advocacy elsewhere.
[07:05] <twb> (Unless you want to rant about something specific, in which case we can either try to fix it, or commiserate.)
[07:10] <Nonpython> I do Kent...
[07:12]  * ajmitch wonders if he'll come back when he finds that centos will probably suck just as hard at php
[07:28] <twb> OK, NTP question time.
[07:28] <twb> Which strata will ntpd (and/or ntpdate) accept as "good enough" to take time from?
[07:30] <billybigrigger> can i setup a raid with 3 disks, 1x1TB and 2x500GB?
[07:30] <twb> Some of my netboot farm is out-of-step by an offset matching the timezone, and I'm trying to isolate the fault.
[07:47] <Callum__> billybigrigger: The 1TB will only use 500GB of its total space
[07:48] <billybigrigger> Callum__, so im better off running the 2x500's in raid 5
[07:48] <Callum__> billybigrigger: you need at least three drives for RAID 5
[07:49] <Callum__> with just two drives you can use RAID 1 or RAID 0
[07:49] <billybigrigger> 0 it is then :)
[07:49] <Callum__> just remember that with RAID 0 you get no redundancy whatsoever =P
[07:50] <billybigrigger> yup
[07:51] <twb> RAID0 will HALVE your integrity
[07:51] <twb> because if either drive fails, you have lost everything
[07:51] <billybigrigger> will have to have the 1tb sit and do nightly backups for the raid0 then
[07:51] <jpds> Well, RAID0 isn't even RAID.
[07:52] <Callum__> yeah, technically
[07:52] <Callum__> although a RAID 0 is probably faster than a single drive heh
[07:52] <Callum__> can't remember
[07:53] <Callum__> my server has three hardware RAID 1s working together using LVM2... its quite fast despite the performance penalties from the RAID setups
[07:54] <Callum__> 2x 250GB SATA, 2x 80GB SATA and 2x 73GB SCSI, because I have no money
[08:11] <owh> Salutations, going a little nuts. Getting /dev/null permission denied on boot which causes fetchmail to fail to start. I've updated rc.local to set the permissions correctly after the fact and if I manually start fetchmail after logging in it works. I've found some references to bugs regarding this, but no obvious fix.Running hardy. Suggestions?
[08:13] <owh> grep -sr null /etc/udev/* returns:
[08:13] <owh> /etc/udev/rules.d/40-basic-permissions.rules:KERNEL=="null",				MODE="0666"
[08:14] <twb> That mode is correct.
[08:15] <owh> Yeah, but something is setting it incorrectly during boot.
[08:15] <twb> When I've seen "/dev/null not writable!" errors from bash in the past, it is usually because the root filesystem is corrupted and the kernel has remounted it read-only.
[08:15]  * owh checks, but I doubt it.
[08:15] <twb> Suggest forcefscking
[08:16] <owh> It's a reiserfs filesystem on a VM.
[08:16] <owh> And it's mounted rw.
[08:17] <twb> Urk
[08:17] <twb> For furture reference: don't use reiserfs without a damn good reason.
[08:17] <owh> huh?
[08:17] <owh> I had no choice in the matter.
[08:17]  * owh likes ext*
[08:19] <owh> None of this would be an issue if this container wasn't being rebooted irregularly by the host. Another thing I have no control over. 'nuf said about that :)
[08:19] <twb> Stupid VPS vendors
[08:19]  * owh nods
[08:19] <twb> I still say forcefsck
[08:20] <owh> If I wasn't in a place where I cannot move right this month or the next, I'd have tossed them aside. Right now I don't have that luxury. The force fsck might be fun, if I do that and it doesn't come back I'm fsckd.
[08:21] <twb> If your filesystem is corrupt, you're already fucked -- you just don't know it yet
[08:21] <owh> That's very true, but at least the users don't yet know it either. However if I forcefsck it and reboot and it doesn't come back I can't actually do anything about it either.
[08:22] <twb> Fortunately you have diligently taken backups every day since you got this host.
[08:22] <twb> Or: you have learnt the value of good backups :-)
[08:22] <owh> I have, but this is live and losing live data right at this moment is a real PITA.
[08:23] <twb> Well, you don't have to forcefsck RIGHT NOW, but doing it in the next day or so is definitely a good idea.
[08:24] <owh> I have to say, I don't actually think the fs is corrupt. I don't see any other evidence of this. The permissions are reset every boot and have been doing that for at least 18 months, but the node has been up for most of that time without issues. The VPS provider has been "fixing" things which seems to necesitate rebooting my containers.
[08:24] <owh> That's why this is an issue right atm.
[08:24] <twb> I can't remember how badly reiserfs takes fsck of a corrupt fs, but I imagine that in the worst case you'll end up with data loss of the inodes that are already lost, and it'll continue to boot (unless the OS bootstrap files are themselves hosed).
[08:24]  * owh still suspects an actual bug in hardy somewhere :)
[08:25] <twb> owh: I'm not saying it's definitely corrupt, I'm saying that you should eliminate that possibility FIRST before investing your time (i.e. customers' money) investigating other possibilities.
[08:25] <owh> That's fair comment.
[08:25] <owh> crap
[08:25]  * owh takes a deep breath, investigates load and does another backup.
[08:26] <owh> Hold on, doesn't reiser allow an fsck on a running system?
[08:26] <ajmitch> do you trust it enough to do that?
[08:27] <owh> Hmm, fair point.
[08:27] <twb> I don't trust *reiser* that much, even if I trusted t'so
[08:28] <owh> I suppose I can get it to do an integrity check at least.
[08:28] <twb> Meh.  shutdown -r -F 60
[08:29] <owh> What's the -F 60
[08:29] <twb> -F means forcefsck.  60 means to wait sixty minutes before rebooting, warning users beforehand.
[08:30] <twb> (As rtfm will tell you, unless you're stuck with retarded shutdown(8upstart).)
[08:31] <owh> I did rtfm, but intrepid had no idea what you were talking about and I don't have manpages installed on my server :)
[08:31] <twb> Unfortunately upstart is not enthusiastic about preserving backwards-compaibility in APIs like inittab(5) and shutdown(8).
[08:34] <owh> Hmm, not sure if the fsck will actually work. This is an OpenVZ container and I just got permission denied when running reiserfsck --check /dev/simfs
[08:34] <twb> Oh, OpenVZ.
[08:35] <twb> Then you don't have a filesystem in the first place, because you're in a jail, not a VM.
[08:35] <owh> Don't ask :|
[08:35] <twb> udev probably shouldn't even be installed in a VZ jail
[08:36] <twb> IIRC ubuntu-minimal pulls it in, which pissed me off when I was building hardy VEs
[08:38] <owh> What's the impact of purging udev?
[08:39] <twb> I don't remember
[08:39] <twb> I just remember the dependencies annoyingly assumed ubuntu-minimal was for physical hardware
[08:40] <owh> Even if udev shouldn't be installed on this container, something is setting the permissions incorrectly at some stage during boot. When does rc.local run, can I make fetchmail run after that?
[08:40] <owh> In fact, can I just add /etc/init.d/fetchmail start to rc.local?
[08:41] <owh> I realise that this is pretty evil, and I'd like to avoid it if I can, but beggars cannot be ...
[08:42] <twb> How do you know that it's not just set incorrectly in the os template?
[08:42] <owh> I don't, but I also have no control over that.
[08:42] <twb> For that matter, after attempting to access it, have any beancounters increased?
[08:42] <owh> Huh?
[08:43] <owh> WTF is a beancounter :)
[08:43] <owh> I doubt that the VPS provider could tell me if their template was incorrect or that they'd change it just for me.
[08:44] <owh> Hmm. rc.local runs last - lovely.
[08:44] <twb> owh: /proc/user_beancounters
[08:44] <twb> owh: I guess you aren't too familiar with OpenVZ
[08:44] <owh> That would be correct.
[08:45] <maxagaz> php code is not interpreted anymore since I upgraded to lucid, is there a bug in php on lucid ?
[08:45] <twb> Normally I'd go check /vz/root/<VEID>/ as root on the hardware node, but I guess you don't have those privileges.
[08:45] <owh> twb: That is true, no privs.
[08:45] <ajmitch> maxagaz: are you trying to run php scripts from your home directory?
[08:46] <maxagaz> ajmitch, no, it's in my /var/www
[08:46] <ajmitch> then no, there's nothing changed in that regard
[08:47] <owh> ajmitch: Sometimes I found that the module starts off as being commented out. Also restarting apache was required IIRC.
[08:47] <owh> Uh, maxagaz that was for you.
[08:47] <owh> twb: Which number should increase when?
[08:48] <twb> owh: with nothing else running, try cat /proc/user_beancounters >/tmp/x; echo fuck >/dev/null; diff -u /tmp/x /proc/user_beancounters
[08:48] <twb> Where the second command is whatever isn't working.
[08:49] <owh> twb: What should that tell me?
[08:49] <twb> That's just checking if the issue is exogenic (i.e. you're being futzed by VZ, not the posix DAC)
[08:50] <twb> owh: from memory there's a "naughtiness attempts" column
[08:50] <maxagaz> owh, restarting apache2 didn't help
[08:50] <twb> "failcnt"
[08:50] <owh> twb: Presumably with the permissions not set correctly right?
[08:51] <twb> owh: shrug.
[08:51] <owh> twb: Well, there's no failcnt at all.
[08:51] <owh> The column is there, just all 0
[08:52] <owh> maxagaz: What modules are enabled in /etc/apache2/mods-enabled/
[08:52] <alkisg> Hi, I'm looking at a security problem, how can one take advantage of a suid root bash?
[08:52] <alkisg> -rwsr-sr-x  1 root   root   800K 2010-05-19 10:47 bash
[08:53] <maxagaz> owh, php5.load, php5.conf among others
[08:54] <owh> maxagaz: And the apache php module is installed?
[08:55] <owh> twb, I think the simplest is to change the run order for rc.local from 99 to 98, which makes fetchmail run afterwards. That won't actually fix it, but it will work around it.
[09:00] <alvin> When will the upgrade to lucid become available for hardy users?
[09:01] <owh> alkisg: AFIK it would mean that any code run in that shell could use root permissions.
[09:02] <alvin> do-release-upgrade still says 'no release found'
[09:02] <alkisg> owh, but I cannot reproduce this... e.g. if I run that bash as "alkisg" and then run `whoami`, I get "alkisg", not "root"...
[09:04] <alkisg> Ah, got it in #bash, "(11:03:40 πμ) koala_man: alkisg: bash drops suid if it detects it"
[09:04] <alkisg> That's why I couldn't reproduce it
[09:04] <maxagaz> owh: libapache2-mod-php5 is installed
[09:05] <owh> maxagaz: Does the apache header show php5 installed?
[09:05] <maxagaz> owh, how to check it ?
[09:06] <maxagaz> http://localhost i guess...
[09:06] <owh> maxagaz: wget -S url
[09:06] <maxagaz> owh, The web server software is running but no content has been added, yet.
[09:06] <owh> maxagaz: All we're doing is seeing if apache is reporting that php exists.
[09:07] <owh> maxagaz: It should show PHP/5.x in the Server: header.
[09:07] <maxagaz> owh, I tried "wget -S localhost" but how should it help ?
[09:07] <owh> wget -S http://localhost
[09:09] <maxagaz> owh, no PHP/5.x is shown
[09:09] <maxagaz> owh, http://pastebin.com/MsUpd31X
[09:11] <owh> Right, no PHP.
[09:11]  * owh is trying to remember. Was this a fresh install?
[09:12] <maxagaz> owh, no, it was an upgrade
[09:13] <owh> cd /etc/apache2 ; find | grep php
[09:14] <twb> owh: shrug
[09:14] <twb> owh: I've lost interest in the issue
[09:14] <owh> twb: Thanks for your help. I've updated the rc* directories to make rc.local run earlier.
[09:15] <owh> If I have some spare cycles, I'll have a proper look.
[09:15] <owh> maxagaz: What does that command output?
[09:15] <twb> That always happens to me
[09:15] <owh> twb: The spare cycles bit :)
[09:15] <twb> I die a little inside every time I roll out a bodge instead of doing it properly on my own time
[09:15] <owh> Yeah.
[09:16] <twb> It's why our servers run fucking webmin and gnome
[09:16] <owh> twb: And then you get to the situation I'm in with maxagaz where I know I've seen this before but I'm stuffed if I can remember how I fixed it.
[09:16] <maxagaz> owh, ./mods-available/php5.load, ./mods-available/php5.conf, ./mods-enabled/php5.load, ./mods-enabled/php5.conf
[09:16] <owh> twb: The funniest was when I knew I'd seen something before, did a search and found my own bug report on the matter :)
[09:17] <twb> owh: I can beat that
[09:17] <owh> maxagaz: What does ls -l ./mods-enabled/php5.load return.
[09:17] <owh> twb: Bring it on.
[09:17] <twb> owh: I needed the correct modeline timings for an LCD monitor, because it wasn't reporting EDID information correctly on its VGA port, and I didn't have an LCD GPU anymore.
[09:18] <maxagaz> owh, ./mods-enabled/php5.load -> ../mods-available/php5.load
[09:18] <twb> I found a pastebin of one of my old Xorg.0.logs from five years before, when I had a DVI port.
[09:18] <maxagaz> owh, lrwxrwxrwx 1 root root 27 2009-12-03 19:50 ./mods-enabled/php5.load -> ../mods-available/php5.load
[09:18] <owh> maxagaz: What does cat ./mods-enabled/php5.load say
[09:18] <owh> twb: That's pretty good, since it implies that you even ticked the "keep this thingo" box on pastebin :)
[09:19] <twb> Some pastebins default to that
[09:19] <owh> ROTFL
[09:19] <twb> I don't ever paste using a browser, man.
[09:19] <maxagaz> owh, LoadModule php5_module /usr/lib/apache2/modules/libphp5.so
[09:19] <twb> I use lisppaste.el or hpaste.el or pastebinit(1)
[09:19] <maxagaz> owh, -rw-r--r-- 1 root root 7618736 2010-05-04 15:11 /usr/lib/apache2/modules/libphp5.so
[09:20] <owh> maxagaz: Have you got multiple vhosts on this apache server?
[09:21] <maxagaz> owh, no, it's a very basic install
[09:21] <owh> One mo, phone.
[09:22] <owh> maxagaz: grep -r php *
[09:22] <owh> maxagaz: You'll need to pastebin that.
[09:23] <maxagaz> owh, http://pastebin.com/uTdjwKKb
[09:25] <owh> maxagaz: Did you modify any of those files? I'm looking at a hardy server and it looks nothing like that.
[09:25] <maxagaz> no, I didn't
[09:26] <owh> grep -r mods-enabled *
[09:26] <twb> owh: it wouldn't surprise me if your crack-whore VPS vendor had messed with apache
[09:26] <maxagaz> owh, apache2.conf:Include /etc/apache2/mods-enabled/*.load
[09:26] <maxagaz> apache2.conf:Include /etc/apache2/mods-enabled/*.conf
[09:26] <twb> owh: do an "aptitude download apache2" or so, and examine the defaults
[09:26] <alvin> omg! I've been waiting to upgrade to Lucid over semantics! (bug 223741). Does the papercut project for server still exists?
[09:27] <alvin> -d = --devel-release. Never thought about Lucid as a devel-release since the official release
[09:27] <owh> twb: I'm pretty familiar with what it's supposed to look like and what maxagaz showed us had wildcards in it, I suspect a later version of OS :)
[09:27] <twb> owh: oh, sorry.  I assumed maxagaz had already mentioned he was on hardy.
[09:28] <maxagaz> twb, no, I'm on 10.04
[09:28] <owh> twb: Hmm, no I think maxagaz had said lucid.
[09:28] <twb> owh: ignore me.
[09:28]  * owh is on hardy atm :)
[09:28] <owh> Hmm, I'd rather not / ignore :)
[09:29] <owh> maxagaz: Just to humour me, did you stop apache and start it again?
[09:29] <twb> alvin: to be honest, I trust do-release-upgrade less than a supervised aptitude safe-upgrade.
[09:29] <alvin> twb: do you mean changing the sources then? Because safe-upgrade doesn't touch the kernel (of I'm not mistaken)
[09:30] <twb> alvin: I do.  do-release-upgrade does that internally, AND if it dies for any reason, it doesn't roll them back :-/
[09:30] <maxagaz> owh, yes I did
[09:30] <alvin> I can do that manually.
[09:31] <alvin> Doesn't it do more?
[09:31] <twb> d-r-u also appears to download a tarball of... stuff.  I think it's rules about how to unbreak various things.
[09:31] <owh> twb: Yeah, known issues are dealt with AFAIK.
[09:31] <owh> maxagaz: Where there any warnings in the apache logs?
[09:32] <twb> If/when I get enough money to upgrade to lucid, I'll probably read through that tarball by hand and then use my own judgement.
[09:32] <twb> I'd rather just have a Debian-style release document that tells me in human terms how to handle those things, rather than trying to automate them.
[09:32] <alvin> Well, i'd prefer do-release-upgrade then, but I haven't used it because of the --devel-release flag. Didn't expect that. --help doesn't mention a next LTS counts as devel-release
[09:32] <alvin> twb: Well, if you put it that way: me too
[09:33] <maxagaz> owh, [Wed May 19 16:33:20 2010] [notice] Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.1 with Suhosin-Patch configured -- resuming normal operations
[09:33] <owh> Whoah.
[09:33] <twb> alvin: either way, you should be doing normal paranoid things like backups, test runs on non-production or at least non-critical hosts, scheduling downtime to deal with breakages, etc.
[09:33] <owh> That does show php maxagaz
[09:34] <maxagaz> owh, but before it...
[09:34] <maxagaz> owh, PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/mcrypt.ini on line 1 in Unknown on line 0
[09:34] <alvin> twb: I did loads of those during the last 2 weeks of Lucid development. The result wasn't pretty. I have come to hate plymouth/mountall.
[09:34] <owh> Create a file in /var/www/ called bob.php and put into it <?phpinfo();?>
[09:34] <twb> alvin: righto, carry on.
[09:34] <alvin> Testing time is over
[09:34] <twb> (I thought your nick sounded familiar)
[09:36] <alvin> Yeah, I subscribed to a lot of bugs. I have to say most servers aren't working worse than before. A lot of bugs are fixed. I only hate the lack of error messages for the exceptions
[09:36] <maxagaz> owh, it works...
[09:36] <owh> maxagaz: Magic.
[09:36] <alvin> And kvm needs some 'best practices' documentation. Maybe I'll try to write that one day.
[09:36] <maxagaz> owh, sorry for that
[09:36] <owh> maxagaz: Don't worry about it.
[09:36] <maxagaz> owh, thanks a lot
[09:36] <owh> PEBCAK errors happen all the time :)
[09:36] <owh> Pleasure.
[09:37] <maxagaz> owh, PEBCAK ?
[09:38] <owh> Problem Exists Between Chair And Keyboard
[09:38] <owh> :)
[09:38] <maxagaz> owh, :)
[09:38] <owh> Or: "User error, replace user and press any key to continue..."
[09:39] <owh> Anyone know of a dynamic way to block idiot guests who search for vulnerabilities on my apache server? Whole hordes of errors looking for /var/www/horde etc.
[09:40] <twb> owh: that's like swapping in a freshly broken lightbulb
[09:40] <owh> Which comment were you responding to twb?
[09:40] <twb> Take the users away entirely; see how few problems are reportered thereafter
[09:40] <owh> Riight.
[09:40] <owh> Yes :)
[09:40] <twb> *reported
[09:41] <owh> Even, turn the server off, even less issues.
[09:41] <owh> BOFH rules again :)
[09:41] <twb> owh: that was gonna be my solution to your attack question
[09:41] <owh> twb: Shame about the other guests who are legitimately using the site :)
[09:42] <owh> twb: It's but a mere trifle, but those other guests are the paying ones :)
[09:42] <twb> You could use netfilter's hashlimit module
[09:43] <twb> That'd encourage everybody to adopt HTTP/1.1 pipelining, which is awesome ;-P
[09:44] <owh> twb: All that will do is slow 'm down. I just want to block those fwits who ask for a select list of files.
[09:44] <owh> twb: You ask for one of those files, you get blocked for the next 48 hours or so...
[09:47] <twb> owh: you combine it with the recent module
[09:47] <twb> and -j TARPIT or -j CHAOS
[09:48] <owh> twb: So am I understanding that you are proposing to throttle those users, rather than block them?
[09:48] <twb> owh: well, sure.
[09:48] <owh> twb: So, is there an issue I'm not aware of if I block them?
[09:48] <twb> One successful connection per host per day sounds pretty reasonable.
[09:49] <alvin> owh: Just curious. Is this slowing down your server?
[09:49] <owh> twb: I missed something there I think.
[09:49] <twb> And if they stop attacking for a whole day, they're automatically allowed to try again.
[09:50] <owh> alvin: Well, I really don't have a handle on that, but I do know that there are hordes of them. I also know that my real users should get all available cpu cycles, since they come to collect something they paid for.
[09:51] <twb> owh: first you have a "trip" condition that detects an attacker and puts them in a "dunce list".  A second condition keeps them there until they stop attacking for some extended period.  And -j TARPIT means that instead of *dropping* those connections, you are tying up resources on the attacker's machine.
[09:51] <alvin> Thos poor chinese companies that don't know their servers are compromised!
[09:53] <alvin> (for unknown reason, most attacks on my network originate from Asia)
[09:54] <owh> alvin: More computers per sqm perhaps?
[09:56] <alvin> owh: Maybe. The attacks aren't bothering me much, but foor ssh, there is existing software for what you want to do. It does what twb describes, but I forgot the name. There's probably something like that for webservers too.
[09:57] <alvin> I looked it up: http://www.fail2ban.org Apparently works for webservers too
[09:58]  * owh was just reading that :)
[10:00] <owh> alvin: vnice !
[10:01] <owh> Later all, thanks for your assistance and insights.
[10:13] <RoyK> alvin: fail2ban works for most stuff - it just parses logs after all
[12:08] <ryoohki> does anyone have a copy of /etc/apt/sources.list from a fresh U.S.A. install of unbuntu server 10.04 ?????
[12:10] <twb> The install media is not nationalized.
[12:10] <twb> You probably want to use us.archive.ubuntu.com or archive.ubuntu.com.
[12:11] <twb> Unfortunately AFAIK Ubuntu doesn't maintain a machine-readable database of primary, secondary and tertiary mirrors, the way Debian does, so you can't just tell a script to go off and work out which mirror is fastest for you.
[12:18] <ryoohki> twb: i just want the 25 - 30 line file /etc/apt/sources.list that's on a U.S.A. install of ubuntu server 10.04 which ought to be an easy request to fulfil.  i have the bulgarian one which i am nearly 100% certain, is the same file but with bg. instead of us., however, i am persnickety
[12:19] <ryoohki> twb: it's the archive.ubuntu.com vs us.archive.ubuntu.com that i have in mind
[12:19] <twb> ryoohki: just test both
[12:19] <twb> dig and whois, if you really care
[12:19] <ryoohki> twb: i don't want to run tests, i just the file
[12:19] <ryoohki> twb: is it so hard to paste bin /etc/apt/sources.list?!
[12:20] <twb> Well, there's no way in hell I'm going to go to .us.
[12:20] <ryoohki> twb: what all this dig, whois, machine readable database...
[12:20] <ryoohki> twb: ?????
[12:39] <AmokPaule> Hello, i just upgraded my vserver to lucid, after the reboot it seems my server can't conceckt to the internet anymore.
[12:44] <mwd> In Ubuntu Server 10.04, I can not get the resolution (console, no GUI) higher than 640x480. When I try to change GRUB_GFXPAYLOAD_LINUX, the system crashes when booting.
[12:46] <twb> For grub, the fbcon, or both?
[12:46] <mwd> Grub
[12:46] <twb> I can't help
[12:47] <twb> I don't believe that the bootloader should be reprogramming the GPU in the first place, so I disable that shit on mine
[12:49] <mwd> In 8.04 I used the defoptions in menu.lst by adding vga=0x36c to get my resoltion (1440x900). In 10.04 this isn't working
[12:50] <mwd> Sorry I ment fbcon, not grub
[12:51] <mwd> But I can get grub up to 1440x900 when adding GRUB_GFXMODE=1440x900
[13:01] <mwd> How can I see if fbcon is activated?
[13:11] <kirkland> RoAkSoAx: pong
[13:12] <mwd> What is the preferred method to get the resolution of the console higher then 640x480?
[13:13] <mwd> I think the kernel uses vesafb
[13:13] <mwd> when providinh no further information, 640x480 is used
[13:13] <twb> mwd: you can't use a non-VESA mode like 1440x900 with the vesafb driver.
[13:13] <twb> What GPU are you using?
[13:14] <mwd> Ubuntu is running vmware
[13:14] <twb> Oh, sigh.
[13:14] <twb> Why don't you just use a serial line, then?
[13:14] <twb> Then you can define an arbitrary size console
[13:15] <mwd> In 8.04 1440x900 was no problem bei adding vga=0x36c
[13:16] <twb> Uh, no, that is an obsolete shorthand for video=vesafb:1024x760-16
[13:16] <RoAkSoAx> kirkland: morning :)
[13:16] <kirkland> RoAkSoAx: howdy ;-)
[13:17] <twb> I still think it's utterly UTTERLY stupid the way some of these VM solutions will turn a text console into a raster
[13:18]  * SpamapS stretches and yawns
[13:18] <twb> Hmm, http://communities.vmware.com/thread/28508
[13:18] <SpamapS> mwd: for vmware vesa modes work fine
[13:19] <twb> SpamapS: but he wants a non-VESA mode.
[13:19] <mwd> Everything higher than 640x480 would be fine
[13:20] <twb> mwd: then video=vesafb:1024x760-16, as you've been using, should be fine.
[13:20] <RoAkSoAx> SpamapS: I was reading HAProxy architecture and for what I can see, if we don't implement a layer4 loadbalancer before HAProxy, loadbalancers wont scale
[13:20] <twb> If that's not working, it might be that stupid vga16fb crap that I was in 10.04 and couldn't get rid of.
[13:21] <mwd> Where do I set video=vesafb:1024x760-16 ?
[13:21] <twb> You pass it to the kernel from the bootloader
[13:21] <mwd> ok, i try it
[13:21] <twb> vga=876, as you were typing, should be identical
[13:23] <SpamapS> RoAkSoAx: right, I think that may be something I put in the Unresolved Issues portion of the spec, with a suggestion to mention in the documentation that IPVS+Cluster will suffice in that case.
[13:23]  * SpamapS is being paged by baby again.. doh
[13:24] <mwd> I passed vga=876 to the kernel from Grub, resolution is 640x480
[13:24] <twb> I blame vga16fb, lacking anything better to do
[13:25] <twb> gunzip and cpio -t your ramdisk, and confirm that it contains vesafb.ko (or that it's compiled-in in /boot/config-*).
[13:25] <twb> Then, yell at canonical for playing silly buggers with the ramdisk
[13:27] <RoAkSoAx> SpamapS: Ok. Anyways I do think that at a certain point of time, might be necessary to be able to scale HAProxy itself. Anyways, will wait for your spec then :)
[13:27] <ryoohki> i need a prisitine copy of /etc/apt/sources.list from a fresh U.S.A. install of 10.04
[13:30] <RoAkSoAx> SpamapS: oh and btw... it seems that all webservers and loadbalancers have to be in the same subnet
[13:33] <jpds> ryoohki: Again?
[13:34] <ryoohki> jpds: not again, "still not"
[13:36] <pmatulis> ryoohki: what's with this "pristine" stuff?  what jpds gave you yesterday was fine
[13:37] <ryoohki> pmatulis: no it was not
[13:37] <pmatulis> ryoohki: why?
[13:37] <jpds> ryoohki: http://pastebin.ubuntu.com/436127/
[13:37] <ryoohki> pmatulis: it was edited - why do i need to explain this to you? why not provide the 25 or so line file?
[13:38] <jpds> ryoohki: You should still be using a local mirror FWIW.
[13:39] <pmatulis> ryoohki: i asked you why you insist on pristine
[13:40] <ryoohki> pmatulis: do i answer to you?!   what business is it of yours anyway?!
[13:41] <ryoohki> pmatulis: why are you even asking me this?????
[13:41] <pmatulis> ryoohki: goodness me.  you are asking for help aren't you?
[13:41] <ryoohki> pmatulis: if you can't help, then it doesn't concern you
[13:42] <ryoohki> pmatulis: let me restate this: if you don't have the file, do ask me to explain why i want it
[13:42] <ryoohki> pmatulis: i need a fubaz part n-22 ; why? ; huh?
[13:46] <SpamapS> RoAkSoAx: when you say "all webservers and loadbalancers have to be in the same subnet" do you mean by haproxy's design or some other requirement?
[13:46] <soren> ryoohki: Calm down, man.
[13:46] <SpamapS> RoAkSoAx: because haproxy makes a full TCP/IP connection, so it can connect to a web server anywhere
[13:47] <soren> ryoohki: It's a perfectly reasonable question. I too am curious why you need this pristine sources.list so badly.
[13:47] <SpamapS> granted, it won't be very efficient to have LB's in Texas connecting to Servers in Taipei for clients in Sydney .. but it would work. ;)
[13:47] <mwd> twb: vesafb is blacklisted in blacklist-frambuffer.conf
[13:48] <ryoohki> soren: i need number 22; here's 21; no 22; 23 is close, no 22, why 22? ; what the hell?!
[13:48] <ryoohki> soren: 21 != 22 && 23 != 22
[13:49] <ryoohki> soren: i did not ask for anything hard to produce or all that uncommon but recieve may other things
[13:49] <SpamapS> ryoohki: 10.04 US server install?
[13:49] <ryoohki> soren: but not what i asked for
[13:49] <twb> mwd: ugh!
[13:49] <soren> ryoohki: You also haven't (a) calmed down nor (b) explained why what jpds gave you isn't good enough.
[13:49] <twb> mwd: see what I mean about ubuntu being "clever"?
[13:50] <ryoohki> SpamapS: 10.04 US server install /etc/apt/sources.list
[13:50] <BrixSat> Hello :)
[13:50] <SpamapS> ryoohki: amd64?
[13:50] <BrixSat> any one with squid experience?
[13:50] <twb> mwd: if you want to reverse that, you can edit the file in /etc and then run "update-initramfs -u -k all" to push the changes to the ramdisk.
[13:50] <ryoohki> soren: why do you think i am not clam and why do you continue to think i should explain why i want something?????
[13:50] <SpamapS> BrixSat: I've got a fair amount .. sup?
[13:51] <twb> mwd: can you do me a favour and run "dpkg -S" on blacklist-framebuffer.conf, and tell me which package it's from?
[13:51] <soren> ryoohki: You are asking for help. You are asking other people to spend time servicing you. You could at the least have the decency to address them courteously.
[13:51] <SpamapS> ryoohki: more than 1 punctuation mark in a row == not calm
[13:51] <ryoohki> soren: escpially, why do i need to tell you why i want that??????
[13:51] <BrixSat> SpamapS:  I need to enable ssl on squid :)
[13:51] <SpamapS> (... is, btw, one punctuation mark)
[13:51] <mwd> twb: Removing vesafb from the blacklist and providing vga parameter to the kernel had no effect
[13:51] <SpamapS> BrixSat: SSL sites, or SSL for clients?
[13:52] <ryoohki> soren: i did ask for help courteously
[13:52] <SpamapS> ryoohki: I have this file that you want, but yes, you need to chill out.
[13:52] <twb> 22:51 <twb> mwd: can you do me a favour and run "dpkg -S" on blacklist-framebuffer.conf, and tell me which package it's from?
[13:52] <BrixSat> SpamapS: when i type www.gmail.com it tryes to open https://gmail.com and gives an error on the browser
[13:52] <_ruben> !info haproxy
[13:52] <SpamapS> BrixSat: you need to allow users access to the CONNECT method
[13:52] <ryoohki> SpamapS: i have the file i believe but i'd take a second copy to compare to what i have
[13:52] <ryoohki> SpamapS: thanks
[13:53] <BrixSat> SpamapS:  how?
[13:53] <SpamapS> clint@ubuntu:~$ md5sum /etc/apt/sources.list
[13:53] <SpamapS> 47385d833ed5281a59c53d3337415785  /etc/apt/sources.list
[13:53] <lenios> great, you have it
[13:53] <RoAkSoAx> SpamapS: by HAProxy examples, it seems that all webserver are under the same subnet
[13:54] <SpamapS> RoAkSoAx: thats just a best practice. :)
[13:54] <SpamapS> RoAkSoAx: I will confirm that its not a requirement, but by its design, it should not be
[13:54] <RoAkSoAx> SpamapS: but it's always better to have the same loadbalanced servers under the same subnet :)
[13:54] <SpamapS> RoAkSoAx: not necessarily
[13:55] <SpamapS> RoAkSoAx: for instance.. maybe you're balancing squid proxies and the end points rate limit based on source subet. ;)
[13:55] <SpamapS> subnet even
[13:55] <SpamapS> BrixSat: I don't have the exact acl line in my head...
[13:56] <BrixSat> SpamapS:  another thing and how do i password protec it?
[13:56] <RoAkSoAx> SpamapS: yeah but if they are gonna run as instances in the cloud, I'd rather have them under the same subnet (VLAN) because its on the same cloud.
[13:56] <BrixSat> it is enabling exterior access and i want to password protect all access
[13:57] <SpamapS> BrixSat: do you have the default squid.conf from the package? they have acl's setup for this already very nicely in there
[13:57] <mwd> twb: "dpkg -S blacklist-framebuffer.conf" says: module-init-tools: /etc/modprobe.d/blacklist-framebuffer.conf
[13:57] <SpamapS> RoAkSoAx: should produce a better response time that way anyway. :)
[13:57] <BrixSat> SpamapS:  im using webmin to configure it
[13:58] <SpamapS> RoAkSoAx: looking at ELB btw.. you know.. its ridiculously cheap... even if you're shoving 1TB/month through it.. probably cheaper than running an instance just for load balancing. ;)
[13:58] <SpamapS> BrixSat: *ugh*
[13:58] <RoAkSoAx> SpamapS: indeed, but not only that.. under terms of networking it would be better to have a separate vlan for each loadbalance domain
[13:58] <twb> mwd: thank you.
[13:59] <SpamapS> BrixSat: You need to add something like http_access allow CONNECT localnet
[14:00] <BrixSat> SpamapS: i have that
[14:02] <SpamapS> BrixSat: the order matters.. where do you have that? (and is your localnet one of the 10.x.x.x, 192.168.100.x or 172.16-31.x.x nets?)
[14:02] <RoAkSoAx> SpamapS: i've actually never used it, but as I can read some of its features can be implemented with clusterstack+ipvsadm. The new features would be autoscaling of actual loadbalancers and launching of running instances given certain rules. scaling of loadbalancers can be resolvede in 2 ways, 1 layer4+layer7 loadbalancing, or using DNS for rr between loadbalancers. Then how many running instances given the rules, i.e always have two at least, ca
[14:03] <BrixSat> my localnet is disabled i want to allow every body in and out the network
[14:03] <SpamapS> BrixSat: needs to be before the 'http_access deny all'
[14:04] <mwd> twb: lsmod says that vesafb is not loaded (vga16fb is loaded)
[14:04] <twb> It boggles me that they blacklist vesafb for "being buggy", but insist that vga16fb be forcibly loaded *even when you don't want a framebuffer at all*
[14:05] <SpamapS> RoAkSoAx: DNS+RR only works if you have very short ttl's, and DNS servers all over the world that do geo-location specific responding
[14:05] <twb> "Blacklist viafb; the only framebuffer drivers we want loaded by default on x86 are the drm framebuffers and vga16fb.  LP: #558569."
[14:05] <SpamapS> RoAkSoAx: and even that doesn't work great with some mobile clients who end up routing their forwarding DNS requests to somewhere very far from where they are
[14:06] <SpamapS> RoAkSoAx: layer4 + layer7 is actually the simplest way to scale.
[14:06] <RoAkSoAx> SpamapS: correct, but for scaling loadbalancers when load is too high... (and that might be only for a certain period of time) it might not be worth set up bopth layer4+layer7 loadbalancing
[14:06] <twb> I could understand if they blacklisted vga16fb as well
[14:08] <RoAkSoAx> SpamapS: Ok if we do layer4+layer7 at the same time, this means two things. Either launch both at the same time even though there's only 1 layer7 lb, and run a second/third/etc one when needed. Second choice, first have only layer7 lb, and then, when need to scale, launch another layer7lb, launach a layer4 lb, and reconfigure everything
[14:09] <SpamapS> RoAkSoAx: I believe haproxy is touted as scaling to about 20,000 new connections / second on older hardware (HP DL145 dual opterons)... concurrency is unclear, but they seem to suggest 60,000 / 1GB of RAM
[14:09] <ryoohki> SpamapS: may i have your copy of the file if you don't mind?
[14:09] <SpamapS> RoAkSoAx: it may be worth firing up a bunch of EC2 nodes to test this.
[14:10] <SpamapS> ryoohki: most certainly, I think I gave the md5sum while you were kicked..
[14:10] <BrixSat> brb
[14:10] <SpamapS> 47385d833ed5281a59c53d3337415785  /etc/apt/sources.list
[14:11] <mwd> twb: viafb is already blacklisted
[14:11] <twb> mwd: that wasn't the point
[14:11] <soren> ryoohki: I don't understand why it's so hard to explain why you absolutely need this pristine file? You are asking people to spend time servicing you. If all they ask in return is getting their curiosity satisfied, that seems like a good deal to me.
[14:11] <ryoohki> SpamapS: i have sources.list.bg: e52dbbc2b2cb9a63a940a428032d7853 ; sources.list.us 826281ebbf83343107d6a1cb19e40c71
[14:11] <RoAkSoAx> SpamapS: testing is needed too see how much load a regular instance can hold off course. However, as I can read in Amaazon ELB they provide the feature to scale loadbalacing power
[14:12] <SpamapS> RoAkSoAx: the trouble with the layer4 stuff is that it *must* take over the return traffic by layer 4 means.. DR might work *if* we can guarantee that the layer4 nodes share layer2 with the layer7 nodes (mmmm 8 layer burrito)
[14:12] <ryoohki> SpamapS: .bg is a source.list from a bulgarian system i ran "sed -i -e 's#/bg.#/us.#g' sources.list"
[14:12] <RoAkSoAx> SpamapS: and since ppl want something similar for UEC... that's just options that i can think of
[14:13] <SpamapS> ryoohki: ok I'll pastebin the content
[14:13] <RoAkSoAx> SpamapS: yep we'd have to use DR. And that's how HAProxy describes it too for their architecture
[14:13] <soren> Also, if people understand the "why" they are likely to give much more useful answers. But apparantly that is uninteresting.
[14:13] <SpamapS> ryoohki: please continue to be calm and nice and we'll be even more helpful. :)
[14:14] <RoAkSoAx> SpamapS: i mean, launching l4 + l7 haproxy at the same time, they use the same subnet
[14:14] <ryoohki> soren: i don't understand why you have the athority to ban people if you use to ban people who answer your questions in a form of their own dchoosing and thieir own choice punctuation... but i'll tellm you this, i no longer will chat with you
[14:14] <SpamapS> ryoohki: http://pastebin.com/bJLKeHV4
[14:14] <ryoohki> smoser: thanks
[14:14] <soren> ryoohki: I think I can live with that.
[14:15] <SpamapS> ryoohki: why is a perfectly valid question to ask. Often times people try to mask their true intentions because they are worried people will think them stupid or are doing something bad. We don't want people to do either of those things here.. :)
[14:15] <soren> I happen to have this authority  because I've been giving useful answers in here for 4-5 years now.
[14:15] <soren> This also happens to be the first time anyone has so violently refused to explain why they need a particular answer.
[14:16] <SpamapS> RoAkSoAx: help me with something.. availability zone == layer 2 shared? I think not.. is there a lower level consideration that can force shared layer 2?
[14:17] <ScottK> ryoohki: Also it's quite common for people to ask for information in the belief that it will help them solve a problem, but to experienced people here there is reason to believe they are solving the wrong problem.
[14:19] <RoAkSoAx> SpamapS: Nope i dont think so. Layer 2 would mean addressing using MAC addresses... and to re-route traffic between them, we need layer 3
[14:19] <RoAkSoAx> SpamapS: routing is done at layer 3
[14:19] <SpamapS> ScottK: yes, and then you get this http://bit.ly/4BzLI2
[14:19]  * soren facepalms
[14:19] <SpamapS> RoAkSoAx: right, so DR (direct routing) is out
[14:20]  * ScottK always has trouble remembering all the layers.  He mostly recalls layer 8 is the prime source of problems.
[14:20] <SpamapS> RoAkSoAx: and NAT is definitely out, as we can't have nodes in another layer 2 as the default route
[14:20] <SpamapS> RoAkSoAx: so we come back to IPTUN and all of its evil/glory ;)
[14:21] <RoAkSoAx> SpamapS: layer 2 means addressing using MAC Addresses... I don't think you can achieve loadbalancing using only MAC addresses
[14:21] <SpamapS> ScottK: sad part is, IP != OSI model
[14:21] <RoAkSoAx> SpamapS: for this use case
[14:23] <SpamapS> RoAkSoAx: yes.. for this use case.. reddit type scale should be fine:  http://stackoverflow.com/questions/260413/load-balancing-in-amazon-ec2
[14:25] <SpamapS> RoAkSoAx: if you haven't read this yet, it should help you understand why I'm concerned with defaulting to using IPTUN : http://www.linuxvirtualserver.org/VS-IPTunneling.html
[14:26] <ccheney> good morning guys, just finished reading email :)
[14:26] <ryoohki> SpamapS: i'm glad i asked you as i think it is indeed the file i wanted
[14:26] <RoAkSoAx> SpamapS: i do also think that IPTUn is out of the question
[14:27] <RoAkSoAx> SpamapS: However, I've never used Amazon ELB, have you tried loadbalancing with for servers in different networks?
[14:27] <soren> SpamapS: I don't see a "this is why you don't want to use it" section on that page?
[14:27] <SpamapS> RoAkSoAx: no, I'm not sure how it works, but given its feature set and configuration, I wouldn't be surprised if it is just haproxy. :)
[14:28] <binBASH> Hi
[14:28] <SpamapS> soren: overly complicated and instructions from 1998 ... :-P
[14:28] <binBASH> Does everyone know what the ec2 metaservice is in the uec images?
[14:29] <mwd> twb: Added vesafb to /etc/modules, it's loaded now, but vga16fb ist still active
[14:29] <binBASH> when I run the images in my cloud they always hang there during startup
[14:29] <RoAkSoAx> SpamapS: Neither do I :). But as far as my networking knownledge goes... loadbalancing should be done in same subnet for obvios reasons (the same cloud is used, so instances in the same network should be used)
[14:29] <binBASH> cloud-init running: Wed, 19 May 2010 13:14:13 +0000. up 11.31 seconds
[14:29] <binBASH> waiting for metadata service at http://169.254.169.254/2009-04-04/meta-data/instance-id
[14:29] <soren> SpamapS: Ah, that :)
[14:29] <binBASH> dunno what ip this should be ;)
[14:30] <soren> binBASH: It's part of UEC.
[14:30] <SpamapS> soren: I admit, its a weak objection.. I can already feel it crumbling a bit in my mind as I understand it better.
[14:30] <binBASH> soren: Hmm, strange it's no eucalyptus service I think?
[14:30] <mathiaz> ccheney: o/
[14:30] <binBASH> I didn't configure that ip somewhere
[14:31] <soren> binBASH: It is.
[14:31] <twb> mwd: no no, if it's going to go anywhere, it needs to go in /etc/initramfs-tools/modules
[14:31] <SpamapS> ipchains -A input -j REDIRECT 23 -d 172.26.20.110 23 -p tcp
[14:31] <soren> binBASH: It's not something you configure. It's a static ip.
[14:31] <SpamapS> *old* school
[14:31] <twb> mwd: vga16fb is loaded before your root filesystem is mounted :-/
[14:32] <RoAkSoAx> SpamapS: loadbalance servers in different VLAN's (from my point of view) is out of the question. THat's why VLAN's where created in the first place. To keep *common* traffic separated from other trafficm, and in this case, loadbalancing traffic should go through the same vlan for each loadbalancing domain
[14:32] <ryoohki> SpamapS: thanks, that was aactually the file i wanted.
[14:32] <binBASH> soren: Ok, does this run on the cloud controller server?
[14:32] <soren> binBASH: I'm not sure, to be honest. Probably.
[14:33]  * SpamapS is once again being paged by the baby.. :-P
[14:33] <binBASH> the problem here I have cloud with servers not on the same switch
[14:33] <binBASH> :)
[14:41] <coffeedude> password
[14:41] <coffeedude> Ooops.
[14:41]  * coffeedude blushes....
[14:44] <soren> coffeedude: Hey, "password" is my password too!
[14:44] <soren> Don't be ashamed.
[14:46] <raphink> hi there
[14:46] <raphink> has anyone seen processes freeze in D state in Lucid ?
[14:47] <raphink> I've seen that with rsync and tar as xen domU domains
[14:47] <mwd> twb: moved to /etc/initramfs-tools/modules, no effect
[14:47] <raphink> at some point, the process freezes, stays in "D" state and won't leave
[14:47] <RoyK> not recently, but they usually do that on all linuces if they lose their blockdevices
[14:47] <twb> mwd: did you update-initramfs -u -k all?
[14:47] <coffeedude> soren, :-D
[14:47] <raphink> royK: was that for me?
[14:49] <RoyK> raphink: yes
[14:49] <raphink> thanks for your suggestion royK, however I can still access the hard drive
[14:49] <raphink> and it happens in the middle of the copy
[14:50] <raphink> lsof on the frozen process doesn't show any file other than special devices and libraries
[14:50] <mwd> twb: yes
[14:50] <twb> mwd: did you blacklist vga16fb and un-blacklist vesafb beforehand?
[15:01] <mwd> twb: After Blacklisting vga16fb it works !
[15:01] <mwd> Thank you :)
[16:04] <smoser> kirkland, ping
[16:04] <smoser> or anyone.
[16:04] <smoser> how would i hibernate a server ?
[16:06] <jpds> smoser: pm-hibernate ?
[16:06] <smoser> yeah, just found that and tried
[16:06] <smoser> but no effect
[16:07] <smoser> pm-is-supported --hibernate && echo yes || echo no
[16:07] <smoser> yes
[16:08] <kirkland> smoser: yeah, what jpds said
[16:08] <smoser> so what is amuck then ?
[16:08] <kirkland> smoser: can you try sudo pm-suspend
[16:09] <smoser> i can, but thats not the goal. i need to yank power.
[16:10] <binBASH> kirkland: do you know what this could be, I create volume for uec. It is created. If I try to attach it to the running instance it fails.
[16:11] <binBASH> in logfiles I get a weird Java Exception
[16:13] <binBASH> http://www.pastie.org/967740
[16:13] <binBASH> this is log output with errors btw.
[16:19] <binBASH> and another thing I have question about
[16:19] <binBASH> what is this?
[16:19] <binBASH> cloud-init running: Wed, 19 May 2010 13:14:13 +0000. up 11.31 seconds
[16:19] <binBASH> waiting for metadata service at http://169.254.169.254/2009-04-04/meta-data/instance-id
[16:23] <ttx> hggdh: around ?
[16:23] <hggdh> ttx: yes
[16:23] <ttx> hggdh: I propose that you draft what we should do as part of the QA workflow spec
[16:23] <ttx> hggdh: do you agree with that ?
[16:24] <hggdh> ttx: yes, no prob
[16:24] <ttx> hggdh: ok, thx
[16:27] <ttx> zul, kirkland, mathiaz, smoser, SpamapS: just had a discussion with jib and reset the "drafters" for a few specs. That's what you should be working on... if you have any question, please let me know
[16:28] <smoser> ttx, marching orders accepted
[16:28] <ttx> he confirmed the deadlines
[16:28] <smoser> can i eat lunch first ?
[16:28] <ttx> smoser: I didn't change anything for you
[16:28] <ttx> smoser: that video was very bad, btw
[16:28] <smoser> yeah it was
[16:29] <ttx> for some reason, the other Scott posted better audio
[16:29] <smoser> didn't see that.
[16:30] <ttx> it's on youtube somewhere.
[16:30] <smoser> i can't locate the quote, but if you're complaining about the quality of the recording, thats understandable.
[16:30] <smoser> but if you are complaining about the quality of the performance, i can't help
[16:30] <smoser> :)
[16:30] <ttx> heh
[16:30] <smoser> i agree that in both cases it was bad
[16:32] <smoser> can't find it on youtube
[16:32] <smoser> my youtube skills are not practiced
[16:32]  * SpamapS returns
[16:34] <SpamapS> ttx: got the blueprint updates, thanks.
[16:36] <kirkland> jdstrand: ping
[16:36] <kirkland> jdstrand: what's your plans for libvirt merging?
[16:36] <ttx> smoser: http://www.youtube.com/watch?v=ag7AlHy0lB4
[16:37] <jdstrand> kirkland: either this week or next I plan to merge unstable
[16:38] <kirkland> jdstrand: sounds good, thanks
[16:38] <kirkland> jdstrand: 0.8.1 right now, looks like
[16:39]  * jdstrand nods
[16:41] <smoser> kirkland, for the record, it wouldn't suspend because kernel update had occurred, but it would have been nice to indicate that to me somewhere.
[16:41] <kirkland> smoser: ah, right
[16:41] <kirkland> smoser: if you were running byobu, it would have told you (R) that a reboot was required
[16:42] <kirkland> smoser: your MOTD should have said so as well
[16:42] <smoser> but the command would have still given me nothing
[16:42] <binBASH> someone knows if it's possible to use a flatfile as iscsi target?
[16:42] <kirkland> smoser: pm-is-supported, though should tell you that though, i agree
[16:42] <mcas> binBASH: should possible
[16:42] <kirkland> smoser: file a wishlist bug against pm-utils on that one;  should be trivial to do
[16:43] <binBASH> mcas: Ok, sounds like an alternative. Because my UEC network is only 100 MBit.
[16:44] <binBASH> So having an iscsi target for each vm local on the node is faster I think
[16:46] <SpamapS> hrm.. I think I need some home servers
[16:49] <SpamapS> RoAkSoAx: we were interrupted before and I was confused about something you were saying.
[16:50] <cybrocop> Hi All
[16:51] <ilaggoodly> Hi, I recently ugraded from 8.10 to 10.04, and might lighttpd webserver stopped working because "can't bind to port 80, already in use"... port 80 is however not in use...
[16:51] <cybrocop> Does anyone know of a problem with creating a Raid0 (stripe) out of 6 disks? Is that not recommended for some reason?
[16:52] <cybrocop> I've done 2 and 4 in the past, but I don't know if there is some overwhelming disadvantage with a higher number of disks.
[16:53] <cybrocop> ilaggoodly: Have you verified with lsof?
[16:53] <ilaggoodly> Yes "lsof -i | grep :80" and netstat
[16:53] <ilaggoodly> no results
[16:54] <ilaggoodly> I also installed an apache server quickly to test, and that seemed to work... apart from being apache
[16:54] <cybrocop> ilaggoodly:  Lsof by default shows port names (see /etc/services) and not numbers
[16:54] <ilaggoodly> ah
[16:55] <cybrocop> ilaggoodly:  So you'd have to do "grep :www"
[16:56] <ilaggoodly> right, still no luck :/
[16:56] <cybrocop> ilaggoodly: Sorry, thats where my expertise ends on the topic. I've never used lighttpd. :(
[16:57] <ilaggoodly> ah  well, learned something
[16:59] <smoser> ttx, http://www.buy.com/prod/american-idol-singer-s-advantage-male-version/q/loc/20269/204714744.html?adid=18007
[17:00] <ttx> "Literally erases cracking and straining"
[17:00] <ttx> sounds good
[17:02] <billybigrigger> any raid/mdadm gurus around?
[17:02] <ccheney> smoser: so is EBS like a direct access disk and S3 nearline storage for putting things into EBS when you actually need to work with it?
[17:02] <kirkland> Daviey: if you start looking at qemu-kvm bugs, perhaps start with the ones that are in the "New" state
[17:02] <kirkland> Daviey: try to get as many of those pushed into the right state as possible
[17:02] <smoser> ccheney, s3 has other uses, but yeah, that would be one. and yes, EBS is direct block level access.
[17:03] <smoser> but to get to EBS you have to attach an instance. s3 provides http access
[17:03] <ccheney> smoser: ok, great i think i understand how this works at a high level anyway :)
[17:03] <smoser> (and https actually)
[17:03] <ccheney> smoser: ok
[17:03]  * ccheney doesn't have the hardware to play with yet so is reading through all the docs
[17:04] <smoser> are you typing irc on your phone ?
[17:04] <smoser> you should set up an amazon aws account if you dont have one
[17:04] <smoser> and you can play there.
[17:04] <smoser> you can expense $100 / month, which is quite enough unless you forget to turn off that m2.4xlarge system
[17:05] <ccheney> smoser: oh, well kirkland is giving me a couple machines next tuesday to play with, but if i get done reading the docs early enough i might try playing on the amazon bit
[17:06] <Daviey> kirkland: yeah, i there are a couple of New ones i started looking at
[17:08] <Daviey> smoser: As a community member, I did some EC2 testing a few cycles ago that i could expense.. 1) i forgot to expense, 2) i left the damn instance running for a couple of months
[17:10] <hggdh> Daviey: you should ask AWS for some shares, you invested nicely on them ;-)
[17:10] <ccheney> anyone happen to know if it would be a problem to enable 'nobrl' by default for mount.cifs ?
[17:11] <Daviey> hggdh: "whoops" :)
[17:11] <ccheney> it mentions using this option if your applications don't support mandatory locking which cifs seems to require, it doesn't appear to work properly with advisory locking
[17:11] <ccheney> and appears to cause problems with OOo not being able to save properly to cifs shares in some cases, haven't nailed down the exact cause other than apparently nobrl fixes it for the users having the problem
[17:11] <cybrocop> smoser: Do you know if in Eucalyptus, when you create a Volume (analogous to EBS), if that volume is copied over to the node or shared via network?
[17:12] <Daviey> ccheney: I'm not aware of any issues, but google seems to suggest it's a good thing to do.. Use NFS :)
[17:13] <smoser> cybrocop, it uses aoe
[17:13] <smoser> wait
[17:13] <smoser> somethign over ethernet
[17:13] <smoser> so  no, its not copied to the node
[17:13] <smoser> the node is throwaway. ebs is supposed to be reliable
[17:13] <ccheney> i've also let upstream OOo know that without nobrl their software falls over, maybe they can fix that issue themselves long term
[17:14] <smoser> in maverick Eucalyptus should support using iscsi for ebs volumes
[17:14] <cybrocop> thanks smoser
[17:15] <smoser> it is AOE, i'm fairly sure
[17:15] <smoser> i couldn't remember what the A was for so i thoguht i made it up
[17:15] <cybrocop> :)
[17:16] <cybrocop> ATA over Ethernet seems to be logical at least. :)
[17:16] <binBASH> ok
[17:16] <binBASH> then I will use the flatfiles iscsi
[17:16] <binBASH> because ATA over Ethernet makes no sense with 100 MBit
[17:16] <binBASH> ;)
[17:17] <binBASH> will try this
[17:17] <binBASH> http://www.aspdeveloper.net/tiki-index.php?page=LinuxiSCSITargetOnUbuntu
[17:31] <bluethundr_> for some reason I can't SCP to one of my AWS servers: http://paste.ubuntu.com/436227/ yet I can scp to my other AWS server: http://paste.ubuntu.com/436232/
[17:31] <bluethundr_> what gives?
[17:33] <bluethundr_> it is a difference of literally scp foo bluethundr@$AWS1:~ vs scp foo bluethundr@$AWS2:~
[17:36] <sh1ny> raid10 from flatfiles + iscsi from that raid = ownage, binBASH :D
[17:36] <SpamapS> bluethundr_: your key is in an odd format
[17:38] <bluethundr_> hmmm... yeah it seems to be trying to pull ~/.ssh/id_rsa. vs ~/.ssh/id_rsa.pub
[17:38] <bluethundr_> but on the second (AWS2) it at least attempts a password authorization, but on AWS1 it just gives up entirely and prevents the transfer
[17:38] <SpamapS> bluethundr_: no id_rsa is the private part
[17:38] <bluethundr_> oh ok
[17:38] <SpamapS> bluethundr_: but its in the SSH, not OpenSSH, format
[17:38] <SpamapS> meaning old school commercial ssh
[17:39] <bluethundr_> interesting. that key was generated with ssh-keygen
[17:39] <SpamapS> bluethundr_: the one that works fails on the id_rsa, but succeeds on the id_dsa
[17:39] <bluethundr_> oh ok.... think it's worth trying to regenerate the key?
[17:40] <RoAkSoAx> SpamapS: what about?
[17:40] <SpamapS> bluethundr_: actually no.. wait...
[17:40] <SpamapS> bluethundr_: the one that worked used a password
[17:40] <SpamapS> debug1: Authentication succeeded (password).
[17:40]  * RoAkSoAx fall asleep :/
[17:40] <SpamapS> RoAkSoAx: ahh ok
[17:40] <bluethundr_> right
[17:41] <SpamapS> RoAkSoAx: well I was just confused because in one discussion we said that they would not share layer 2, but then you were saying that they would share a VLAN, which is, in fact, a shared layer 2.
[17:41] <SpamapS> and by they I mean servers and load balancer
[17:41] <SpamapS> bluethundr_: ah, well your EC2 node doesn't have password auth
[17:42] <SpamapS> bluethundr_: you have to have the key that you set it up with
[17:42] <RoAkSoAx> SpamapS: no no I mean that for this use case, loadbalancing should be only done in one vlan per case. I mean, all instances under a loadbalancing domain should be in the same vlan
[17:42] <SpamapS> RoAkSoAx: That makes perfect sense. :) Ok... sleep well. :)
[17:43] <RoAkSoAx> SpamapS: So, that means DR (same network) loadbalancing
[17:43] <bluethundr_> this is my /etc/ssh/ssh_config
[17:43] <bluethundr_> http://pastebin.com/hPV2tqU5
[17:44] <ccheney> i filed the cifs bug as bug 582925 for anyone who wants to weigh in on it in either direction, i'm not sure if it is likely to cause any problems by enabling it
[17:44] <SpamapS> RoAkSoAx: right, makes it much, much simpler.
[17:48] <RoAkSoAx> SpamapS: Now, in any case, either layer4 or layer7 (or both) loadbalancing can be used without worrying about network issues. Now, since UEC is a private cloud, each company can allocate an subnet that will match for their needs (current and future growth)
[17:51] <RoAkSoAx> SpamapS: and we'll need to compare Amazon's ELB and actually determine what is best here. Both l4+l7 loadbalancing, only l7, or l4.
[17:52] <RoAkSoAx> SpamapS: do you hhave the wiki page for the spec yet?
[17:52] <SpamapS> RoAkSoAx: I'm setting up an ELB right now to load test against haproxy. :)
[17:53] <SpamapS> RoAkSoAx: I started writing the spec yesterday but wanted to figure out a couple of things to put in the assumptions section rather than work items. :)
[17:54] <SpamapS> Two things I want to answer before I put up the spec:  1) will puppet work to manage this (I think yes), 2) is haproxy as scalable as ELB
[17:54] <RoAkSoAx> SpamapS: ok let me know if there's anything I can do to help
[17:57] <RoAkSoAx> SpamapS: If puppet will manage it for deployment, no autoregistration will be needed since all is done through puppet. 2. HAProxy, AFAIK only scales in webservers not in loadbalancers. Either use a single LB, 2 LB in HA (master/slave) using keepalived, or 3. use layer4 loadbalancing on top of HAProxy, to provide scalability of HAProxy loadbalancers, and Layer4 can be set up for HA to reduce the single point of failure
[18:02] <therian> how do i create a link that can be used over a remote file system? i mounted my server to this install with sshfs, but when i try to cd to the links i made with ln it tells me no such file or directory, i think its because its trying to cd to that directory on my box, anyway to fix this in ln?
[18:02] <SpamapS> RoAkSoAx: there are 3 concerns to cover.. load balancing on backend (haproxy is exceptional at this because of its HTTP inspection capabilityes), high availability of IP's (heartbeat handles this nicely), and scalability of load balancers themselves (ipvs does this). My goal is that you can start with just load balancing, add HA if needed, and add scalability when needed, all relatively easily.
[18:03] <bluethundr_> that's IT!!! :) password auth was off in my ssh_config on my AWS image.. guess it's a RightScale thing. ty!
[18:03] <SpamapS> therian: symlinks are notoriously difficult on remote filesystems, whether nfs or sshfs
[18:04] <therian> SpamapS: ah i figured it was my symlink, have anything for me to read?
[18:04] <ccheney> grr stat can't properly identify a cifs mount :(
[18:04] <therian> !g ln on remote file system
[18:04] <therian> !google ln on remote file system
[18:05] <RoyK> !kick ubottu
[18:09] <smoser> hggdh,
[18:09] <smoser> +                '-o-', 'Batchmode=yes',
[18:09] <smoser> why the second -
[18:09] <RoAkSoAx> SpamapS: First concern. agreed. 2nd either heartbeat/pacemaker, or keepavlied, or corosync/pacemaker. 3rd this is an issue because on top of loadbalancers, if you wante them to be "active/active", you need a mechanism to loadbalance load to the loadbalancers themselves
[18:10] <RoAkSoAx> SpamapS: if you dont have that mechanism, you can only dop HA (master/slave)
[18:11] <RoAkSoAx> SpamapS: now if you want to scale the loadbalancers to all loadbalance at the same time (active/active clusters). You need either on fo this 3 things
[18:12] <smoser> hggdh, can i kill the instances that are running there
[18:12] <RoAkSoAx> SpamapS: 1. DNS loadbalancing, 2. Hardware loadbalancers (Though for UEC it is not the case). or 3. On top of the HAProxy loadbalancers, put layer4 loadbalancers.
[18:13] <hggdh> smoser: certainly, they are not mine :-)
[18:13] <SpamapS> ugh.. 33 community AMI's with '10.04' in the name.. we need to get ourselves on that "Amazon AMI's" list
[18:13] <hggdh> smoser: what gives with batchmode?
[18:13] <SpamapS> therian: make your symlinks relative, and they might work. ;)
[18:13] <smoser> that was from your last commit
[18:13] <smoser> why did you put the second -
[18:13] <smoser> in uec-testing-scripts
[18:13] <therian> thanks SpamapS i'll look into that
[18:14] <hggdh> smoser: typo
[18:14] <cybrocop> I am not able to get a Win2K3 image to run in Eucalyptus. The image is in "running" state according to Eucalyptus, but it seems to be hung in the boot-up stage. I can run the image fine in KVM on my desktop computer. (Sorry for cross-posting. I posted this is #ubuntu-virt and #eucalyptus, but no response yet.)
[18:14] <RoAkSoAx> SpamapS: if you use DNS loadbalancing, there's no healthchecking. HW loadbalancers are out of the question for UEC. And layer4 loadbalancing seems the only way possible
[18:15] <hggdh> smoser: corrected, will check the branch
[18:15] <SpamapS> RoAkSoAx: I guess my point is lets make sure concern 1, which is what 90% of people want, is done, and concern 2 is handled easily (99% of users will be served well enough by this). The 1% of people who have load that haproxy can't handle will be happy if we just have a prescribed method, it probably need not be automatic to setup IPVS, though it might be cool
[18:15] <smoser> cybrocop, i have no idea how to debug windows boot.
[18:15] <smoser> i would suggest hacking in vnc console
[18:16] <SpamapS> RoAkSoAx: and yes, DNS and HW are out. ;)
[18:16] <cybrocop> I've tried.
[18:16] <cybrocop> Here is the KVM command I found running on the NC:
[18:16] <hggdh> smoser: the last branch (34) had it already corrected
[18:17] <smoser> hmm... i just pulled a couple minutes ago
[18:17] <smoser> http://bazaar.launchpad.net/~uec-testing-scripts-dev/uec-testing-scripts/trunk/
[18:17] <hggdh> weird
[18:17] <RoAkSoAx> SpamapS: btw.. I've done something similar in my undergrad thesis using ipvsadm+heartbeat+ldirectord, I also saw keepavlied and HAProxy but I wanted layer4 loadbalancing with failover and in my case heartbeat was better: If you are interested, you can read it on: http://www.roaksoax.com/2008/07/ubuntu-in-my-thesis-part-2
[18:18] <cybrocop> smoser: http://slexy.org/raw/s2kA3o47jR  This was the command running on NC.
[18:18] <SpamapS> :) cool!
[18:18] <cybrocop> smoser: So I copied the disk/ramdisk/kernel images to my local machine and tried to run this:
[18:18] <cybrocop> sudo kvm -m 1024 -smp 1  -nographic -boot c -kernel ./kernel -initrd ./ramdisk  -append root=/dev/sda1  -drive file=./disk,if=scsi,index=0,boot=on -net nic,vlan=0,model=e1000,name=e1000.0  -parallel none -usb -vnc :1
[18:19] <cybrocop> I'm hoping my "abridgement" of the KVM command didn't change the results in any way.
[18:19] <hggdh> smoser: http://pastebin.com/FADaN53m
[18:19] <cybrocop> I got a "Selected disk does not exist" on the Grub interface. Here is the screenshot: http://img541.imageshack.us/img541/8413/grub.png
[18:19] <RoAkSoAx> SpamapS: which was called: "Design of a model to implement HA Web Servers", and the goal was use both IPVS+heartbeat to make it scalable and Hihghly available
[18:21] <RoAkSoAx> SpamapS: oh and other conern is "Will UEC allow us to have a shared VIP between loadbalancers?"
[18:21] <SpamapS> Right. I'm only avoiding IPVS because the layer 7 capabilities are limited, and the IPTUN requirement makes it a bit weird. In the past I've setup quite a few IPVS based load balancers.. but always in DR or NAT setup.
[18:21] <SpamapS> But for balancing to haproxies..
[18:21] <SpamapS> it seems perfect
[18:21] <hggdh> smoser: indeed it was not there. I have no idea why. I justy pushed it
[18:24] <cybrocop> smoster: Unfortunately, I don't know where to go from there. The original image which I uploaded to eucalyptus, boots fine with the following command:
[18:24] <RoAkSoAx> SpamapS: yep, but as i mentioned before, since I do believe loadbalancing for this case should be done in same VLAN, that means using same network. WHich rules out IPVS TUN.... adn even for HAProxy we need a VIP in case we want to have more than 1 loadbalancer
[18:24] <cybrocop> smoser: sudo kvm -m 1024 -boot a -fda ./win-grub.img -initrd ./memdisk -drive file=win2k3.img,if=scsi,boot=on -nographic -vnc :1
[18:24] <RoAkSoAx> SpamapS: though it will be for failover purposes
[18:24] <smoser> cybrocop, just fyi, when you upload an image, it is turned from an image into a partition before eucalyptus runs it
[18:25] <smoser> ie, they shove a partition table at the front, put your data in first partition, then stuff swap and ephemeral data partitions
[18:25] <cybrocop> that is why I created 2 partitions.. which I learned is a hack to disable this feature
[18:26] <cybrocop> smoser: Here is my partition table before upload: http://img710.imageshack.us/img710/629/qtparted.png
[18:30] <cybrocop> Anything else I can do to debug/troubleshoot this?
[18:30] <cybrocop> for instance, can I make eucalyptus run my image with a vnc console temporarily, so that I can vnc to it?
[18:31] <cybrocop> I suspect I'd get the same thing... but I don't know what else to do.
[18:38] <RoyK> this new swapping to compressed memory is a rather nice feature :)
[18:39] <smoser> cybrocop, yes, you can hack that.
[18:39] <smoser> on the node controller there is a file.. that generates the libvirt xml
[18:47] <cybrocop> smoser: ok, found it: /usr/share/eucalyptus/gen_kvm_libvirt_xml. Will try to hack but other than that (assuming it shows the same error as in GRUB), where else can I turn to for help?
[18:47] <SpamapS> mathiaz: is puppet auto-registration already in lucid, or is that something we're doing for mavrick?
[18:48] <mathiaz> SpamapS: hm - well - it depends what you refer to as auto-registration
[18:48] <mathiaz> SpamapS: http://ubuntumathiaz.wordpress.com/2010/03/25/using-puppet-in-uecec2-automating-the-signing-process/
[18:48] <mathiaz> SpamapS: I wrote a serie of blog post about using puppet with UEC/EC2
[18:49] <mathiaz> SpamapS: and outlined how to automate the signing process with Lucid
[18:49] <mathiaz> SpamapS: it requires some external scripts though
[18:49] <SpamapS> mathiaz: Right, I am just remembering a session where you were talking about it, but don't remember if it was "this works now" or "this is what we're doing"
[18:49] <mathiaz> SpamapS: so you probably refer to the puppet-bootstrap session
[18:50] <mathiaz> on monday afternoon
[18:50] <mathiaz> SpamapS: This is work to be done in maverick
[18:50] <smoser> cybrocop, i really dont have a lot of suggestions.
[18:50] <SpamapS> mathiaz: right ok. :)
[18:50] <smoser> but i think it is going to be a problem with the partition tabble being busted
[18:50] <mathiaz> SpamapS: for testing purposes you can just turn on autosigning on the puppetmaster
[18:51] <SpamapS> mathiaz: btw I think we can do this very easily with puppet, and maybe even provide a way for people to override puppet with their own "run this to add node to load balancing"
[18:51] <mathiaz> SpamapS: right
[18:52] <mathiaz> SpamapS: we'd have to narrow down the use case
[18:52] <mathiaz> SpamapS: I'd like to talk to nijaba as he is the one who initially brought up the BP
[18:53] <mathiaz> SpamapS: one use case is to assume that there is a puppet infrastructure running
[18:53] <mathiaz> SpamapS: and then we should outline how it can be leveraged to implement load balancing
[18:53] <mathiaz> SpamapS: the other case is when you don't have a puppet infrastructure
[18:54] <mathiaz> SpamapS: and we'd focus on providing an end user experience similar to the elasctic load balancing
[18:54] <SpamapS> Use case (not sure if its specific enough): Users want to deploy web servers rapidly, especially in cloud environments.. specifically they want to deploy heavy web apps that require multiple servers to sustain rapid response time...
[18:54] <mathiaz> SpamapS: with just a command to run to register to the LB
[18:55] <RoAkSoAx> that's the idea
[18:55] <RoAkSoAx> one command to register a webserver to the LB as well as considering adding more LB's
[18:55] <SpamapS> Yeah the package name I was thinking was 'cloud-loadbalancer' and it would depend on puppet, and recommend cloud-loadbalancer-puppetconfig that would have a default set of modules setup to start haproxy on LB, and export configs from a class given in a debconf question
[18:56] <SpamapS> then the single registration command just uses ralsh to add the node to the class
[18:56] <SpamapS> unregister removes it from class
[18:57] <RoAkSoAx> SpamapS: what if instance fails and never come backs again, but another does (wiuth different IP). The case of auto de-registering a webserver should be also considered
[18:57] <SpamapS> if you already have puppet.. should make things easier.
[18:57] <mathiaz> SpamapS: hm - I wouldn't depend cloud-loadbalancer on puppet
[18:57] <SpamapS> mathiaz: then we have to write our own registration protocol/database.
[18:57] <mathiaz> SpamapS: as setting up a complete puppet infrastructure seems a bit heavy-weighted
[18:57] <SpamapS> Not 100% against that at all
[18:58] <mathiaz> SpamapS: right - that's the downside
[18:58] <SpamapS> but it seems like puppet already does this.
[18:58] <SpamapS> which is what I'm testing right now on my little 5 node EC2 cluster I just fired up
[18:58] <RoAkSoAx> from my point of view, autoregistration of webserver to a LB can be easily down without having to use puppet
[18:58] <RoAkSoAx> s/down/done
[18:59] <SpamapS> RoAkSoAx: agreed, but will it be compatible and scalable at the organizational level.. we don't want to build another puppet if people already use puppet...
[18:59] <RoAkSoAx> SpamapS: we can use a similar implementation of autoregistration of UEC
[19:00] <SpamapS> I'm more concerned actually with just the 'add node' 'remove node' semantics.. the auto-reg part would be doable in init scripts or health check at that point.
[19:01] <RoAkSoAx> SpamapS: i.e. LB has a listener. Webserver is fired up and says "This is my IP, register me". Then LB registeres it and handles everything as it regularly does. This is what I've been thinking yesterday and investigating with UEC autoregistration features
[19:01] <mathiaz> RoAkSoAx: how do you make sure that you don't register rogue machines?
[19:02] <RoAkSoAx> mathiaz: define rogue?
[19:02] <SpamapS> RoAkSoAx: yeah, I can do that. Is it a good idea to write that if puppet does that already though?
[19:02] <cloakable> RoAkSoAx: machines the administrator does not control
[19:02] <mathiaz> RoAkSoAx: the LB needs to be sure that it's going to include a legitimate webserver
[19:03] <mathiaz> RoAkSoAx: and not a random server showing up and knocking on its door
[19:04] <RoAkSoAx> mathiaz: can be done with certificates
[19:04] <RoAkSoAx> mathiaz: Is that the way it's done in UEC?
[19:04] <mathiaz> RoAkSoAx: yeah - that's starts to look like puppet
[19:04] <mathiaz> RoAkSoAx: well - UEC uses certificates to handle images uploaded to the cloud
[19:05] <mathiaz> RoAkSoAx: however running instances don't have any credentials
[19:06] <RoAkSoAx> mathiaz: right. but I mean, in the UEC autoregistration feature that is implemented, that doesn't make use of any authentication mechanism?
[19:06] <mathiaz> RoAkSoAx: nope
[19:06] <mathiaz> RoAkSoAx: UEC auto-registration is used for *installing* a cloud
[19:06] <mathiaz> RoAkSoAx: it uses avahi to detect the different components
[19:06] <mathiaz> RoAkSoAx: auto-registration doesn't have anything to do with *running* instances
[19:07] <RoAkSoAx> mathiaz: I know. :). But I thought that for *installing* loadbalancing clusters and though, this can be also done in running instances
[19:07] <mathiaz> RoAkSoAx: UEC uses ssh keys to talk between its various components
[19:08] <SpamapS> there's a lot of *asterisks* in here
[19:09] <RoAkSoAx> mathiaz: I see... anyways that's just an Idea I had. To just start the webserver instance, broadcast itself to the loadbalancer for registration, and use something like a shared key for authentication
[19:09] <RoAkSoAx> mathiaz: as in the way heartbeat used to authenticate other nodes of the cluster when there were in autojoin method
[19:10] <SpamapS> RoAkSoAx: back in the day, thats how mod_backhand worked. ;)
[19:10] <mathiaz> RoAkSoAx: that's an option
[19:11] <mathiaz> RoAkSoAx: I wouldn't broadcast as instances may be in different availibity zones
[19:11] <mathiaz> RoAkSoAx: *webserver* instances
[19:11] <mathiaz> when a webserver instance is started pass in the IP/dns name of the load balancer plus the shared secret
[19:12] <mathiaz> (that's actually step 2.)
[19:12] <RoAkSoAx> mathiaz: indeed but instead of broadcast I'd say multicast :)
[19:12] <mathiaz> 1. start a new LB instance (specifying a shared secret if needed)
[19:12] <mathiaz> RoAkSoAx: not sure if multicast is working withing EC2
[19:13] <SpamapS> you guys are all having the same ideas I had yesterday, which is encouraging....
[19:13] <RoAkSoAx> mathiaz: enlight me in something, are availability zones view as VLANs?
[19:13] <SpamapS> don't count on multicast even working on most private LAN's
[19:13] <mathiaz> SpamapS: yeah - there aren't so many ways to solve the problem ;)
[19:14] <mathiaz> smoser: ^^
[19:14] <RoAkSoAx> SpamapS: I had similar ideas since I did my thesis with autoregistration and stuff but never tried to implement them :)
[19:14] <RoAkSoAx> SpamapS: in fact, advisors wanted me to do that as part as my thesis. Anways waht matters now is that we can resolve the issue together :D
[19:15] <smoser> i wouldn't think that multicast would work on ec2
[19:15] <smoser> but thats not definitve
[19:15] <RoAkSoAx> mathiaz: are availability zones viewed as different vlans? or broadcasts domains?
[19:16] <mathiaz> smoser: ^^?
[19:16] <smoser> availability zones are basically labs. generally i dont think they share any sort of "local" networking
[19:16] <smoser> in ec2.
[19:17] <RoAkSoAx> smoser: by local network you mean each availability zone has its own vlan for example?
[19:18] <SpamapS> yeah I doubt you can guarantee shared vlan
[19:18] <SpamapS> just forget broadcast
[19:18] <SpamapS> single shared resource manager works better anyway
[19:18] <RoAkSoAx> SpamapS: well 1 vlan is 1 broadcast domain, that means network traffic is isolated from other vlans, so If i broadcast something in that vlan, the broadcast message will stay in that vlan
[19:19] <RoAkSoAx> not even with intervlan routing the broadcast message will be braodcasted to other vlans
[19:19] <SpamapS> I see the attraction to braodcast..
[19:19] <smoser> ok.  so i doubt that you can expect any broadcast to work.
[19:19] <smoser> even inside a availability zone
[19:20] <SpamapS> but its just as easy to say "do a DNS request for 'puppet', find it, tell it you're here"
[19:20] <smoser> and almost certainliy not between them
[19:20] <RoAkSoAx> smoser: is there any documentation on availability zones out there?
[19:20] <smoser> availability zones are basically labs
[19:20] <smoser> phisical buildings separate from another
[19:22] <RoAkSoAx> smoser: right but you can have Building 1 with VLAN 1, VLAN2 and Building 2 with VLAN 1 and VLAN2. And there'd be communication between hosts in the same vlan even if they are not in the same building
[19:23] <SpamapS> So puppet needs to store configs for exported configs to work..
[19:23] <RoAkSoAx> smoser: in a switched network that is
[19:23] <SpamapS> turning that on gets me Could not parse configuration file: StoreConfigs not supported without ActiveRecord 2.1 or higher
[19:23] <SpamapS> not having much luck finding the package for that
[19:23] <SpamapS> or is it a bad errmsg and instead I need to setup a dsn of some sorts
[19:23] <smoser> ok. so i dont think so.  i would expect for different az to be different networks.
[19:25] <SpamapS> ? (10.248.246.1) at fe:ff:ff:ff:ff:ff [ether] on eth0
[19:25] <SpamapS> thats my default gateway
[19:25] <RoAkSoAx> smoser: do you know of any whitepaper/website that explains that?
[19:25] <SpamapS> something tells me..
[19:25] <SpamapS> thats not any sort of VLAN, but internal to the box. ;)
[19:25] <SpamapS> so I say again, broadcast has become useless unfortunately
[19:25] <smoser> i think that SpamapS has to be considered correct here.
[19:25] <SpamapS> But, a little centralized service in a predetermined location *is* useful. :)
[19:26] <smoser> RoAkSoAx, i could only google
[19:27] <RoAkSoAx> sommer: yeah I already found documentation but there's no in-depth specification that's why I was asking
[19:28] <RoyK> RoAkSoAx: 802.1Q is your friend
[19:28] <SpamapS> if puppet, for whatever reason, doesn't work out for this..
[19:28] <RoAkSoAx> RoyK: I already know  802.1Q :)
[19:28] <SpamapS> I was already thinking of just providing a simple REST service for adding/removing nodes, and using client ssl certs for auth
[19:29] <RoAkSoAx> SpamapS: well now, in case broadcast wont work, we can just tell webserver to unicast "Hey I'm here, my IP is XX, add me" to the LB
[19:29] <RoyK> RoAkSoAx: then I don't get it - won't just a tagged vlan do the job?
[19:30] <RoyK> broadcasts should work well over 802.1q
[19:30] <RoAkSoAx> RoyK: that's the same thing that i'm trying to say here :)
[19:30] <RoyK> do you have a L3 switch or a router between the buildings?
[19:30] <SpamapS> RoAkSoAx: precisely. And this will be repeated whenever httpd is started..
[19:31] <SpamapS> RoAkSoAx: or whatever service is started.... meanwhile the LB will remove unreachable nodes after X number of minutes
[19:31] <RoAkSoAx> SpamapS: for example we can say. "Start WebServer instance for LB1 (which has XX.YY.ZZ.WW)" and tell the IP to the WebServer. When ever it is up it can just say "hey I'm up and running. Im ready to receive load, add me!!"
[19:32] <RoAkSoAx> RoyK: Well I don't have anything, we are discussing this on AmazonEC2
[19:32] <RoyK> won't you be using SLP or something for that these days?
[19:33] <RoAkSoAx> SpamapS: or whatever service we are starting. it'd be the same process
[19:33] <SpamapS> This is, again, where puppet just rocks this space.. because puppet would be saying "on class web_backend, install the packages, start the services, and then load balance to them" .. the only piece then is to just have this puppet bootstrap tell the puppet master about the nodes
[19:34] <RoyK> RoAkSoAx: I don't get it - what are you trying to figure out?
[19:34] <zorzar> hey i just tried to upgrade a server from 8.04 to 10.04, now i can't connect to it via ssh, it hung on "Updating fontconfig cache for /usr/share/fonts/truetype/ttf-bitstream-vera" after removing unneeded packages and than the server reset the connection
[19:34] <RoyK> RoAkSoAx: summarise, please
[19:35] <RoAkSoAx> RoyK: I;m trying to figure out AmazonEC2 Availability zones. And if they share VLANs between them
[19:36] <zul> i doubt that information is anywhere
[19:36] <RoAkSoAx> SpamapS: Ok then :)
[19:36] <zul> knowing amazon
[19:37] <RoAkSoAx> zul: me too but at least they should give an idea if wether loadbalancing between availability zones consits on doing it in one single network (vlan) or not
[19:37] <RoyK> RoAkSoAx: I thought you were talking about different buildings and a local network
[19:37] <SpamapS> Heh.. they'll tell you to never rely on shared physical LAN
[19:37] <RoAkSoAx> RoyK: nope I was just trying to explain how vlan works
[19:38] <RoyK> k
[19:38] <RoyK> I thought that was common knowledge :)
[19:38] <RoyK> anyway - with today's hardware pricing, I wouldn't use a leased VM for anything, really
[19:38] <RoyK> just my two cents
[19:39] <erichammond> There is no broadcast in EC2.
[19:39] <RoAkSoAx> RoyK: well from my point of view, Companies would rather pay X amount of money to have their services hsoted in the cloud than Y amount of money on having hardware, losing space, and so on
[19:40] <erichammond> What other aspects of VLAN are you interested in for EC2?
[19:40] <SpamapS> heh.. working with EC2 sure does crap all over your known_hosts file. :-P
[19:40] <SpamapS> RoyK: we're also considering people who want to run a load balanced app in UEC easily
[19:41] <SpamapS> RoyK: and for that matter, just people who might want to load balance in a regular server farm
[19:41] <RoyK> RoAkSoAx: depends on the company - if you have hardware yourself and something goes wrong, fix it - if you have it all somewhere else and something goes wrong, pray to the nearest god that someone might fix it some day, AND that they have a nice backup. I'm not very religious, so I like keeping hardware
[19:41] <smoser> SpamapS, http://paste.ubuntu.com/436321/
[19:41] <SpamapS> smoser: god bless you
[19:42] <SpamapS> I might have spent months doing it wrong without that. ;)
[19:42] <RoAkSoAx> RoyK: depends on the company :). Even the goverment has hardware running in third party dattacenters
[19:42] <RoyK> RoAkSoAx: we're just a small research institute (200 or so people, half of them researchers), and we still keep our own stuff
[19:42] <SpamapS> http://www.doingitwrong.com/wrong/2924_IMG_0039.JPG
[19:43] <RoAkSoAx> RoyK: well in that case you *have* to have your own hardware
[19:43] <RoyK> we do
[19:43] <RoyK> just got this nice 16 core thing with 64 gigs of ram just to chew volcanic ash
[19:43] <RoyK> :þ
[19:44]  * SpamapS suggests Volcanic Ash as a new Jelly Belly flavor
[19:45] <RoyK> Eyjafjallajökull Jelly Belly? :)
[19:47] <RoAkSoAx> erichammond: Availability zones share VLANs?
[19:47] <SpamapS> RoyK: maybe have the swedish chef promot it.. "nnn de fire going in to de mountain, yumy yumy BORK BORK BORK!"
[19:48] <RoyK> hehe
[19:48] <erichammond> RoAkSoAx: I don't think that is a valid question in EC2.  What aspect of a VLAN are you interested in?  I.e., what specific behavior or result are you looking for?
[19:49] <RoyK> these eight-core amd processors perform rather well, btw :D
[19:49] <erichammond> RoAkSoAx: In the security sense, you can build your own VLANS across availability zones where only instances of a particular account and security group are in it (i.e., no other instances can see your traffic).
[19:50] <RoAkSoAx> erichammond: For i.e. AZ1 has VLAN 99 and AZ2 has VLAN 99. So, if host under vlan 99 in AZ1 would be able to community with host in VLAN 99 on AZ2 as if there were in the same network
[19:50] <RoAkSoAx> erichammond: s/commuynity/communicate
[19:51] <erichammond> RoAkSoAx: What do you mean by "community"?
[19:51] <erichammond> ah
[19:51] <erichammond> RoAkSoAx: Communication between EC2 instances is controlled by EC2's concept of "security groups".  Availability zones are transparent to security groups.
[19:52] <RoAkSoAx> erichammond: Right but for example if I wanted to have 2 nodes in the same network, in different availability zones, would that be possible? I guess it would for what you explained above
[19:52] <erichammond> RoAkSoAx: You might be better off if you start with the idea that EC2 has no VLANs and then just learn about security groups.
[19:53] <erichammond> RoAkSoAx: There is no "same network" or "different network"
[19:53] <erichammond> RoAkSoAx: Yes, instances in different availability zones of the same region can communicate privately.
[19:54] <erichammond> Regions are groups of availability zones and nothing is shared between regions except for your basic AWS account authorization.
[19:55] <RoAkSoAx> erichammond: yes I saw that. I was just wondering about availability zones :) Thanks :)
[19:55] <RoyK> what would you guys recommend for virtualisation with automated failover between two hosts?
[19:55] <RoyK> kvm and nfs? xen?
[19:55] <npope> RoyK: kvm with NFS
[19:55] <smoser> hggdh, ping
[19:55] <pmatulis> for network installs (PXE), how do i point to installation media available by HTTP?  i'm looking at the pxelinux.cfg/default file
[19:56] <erichammond> RoAkSoAx: EC2 availability zones place no restrictions on networking except that it costs more for traffic between them and it generally is higher in terms of router hops.
[19:56] <RoyK> npope: got a url with a description of how to do that best?
[19:59] <cybrocop> quick question on kvm syntax.  If I include -kernel or -initrd options, will -boot be ignored?
[19:59] <npope> RoyK: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Virtualization_Guide/chap-Virtualization-KVM_live_migration.html its for RHEL based systems but the same basic steps apply
[20:00] <RoyK> npope: thanks
[20:01] <RoyK> was thinking of getting a couple of those 16-core (or 24-core) boxes and see how it works out
[20:02] <npope> RoyK: we have had some luck with HP 380 G6 dual cpu quad core boxes.  pretty click if you ask me
[20:02] <RoyK> I guess we'll be using supermicro
[20:02] <binBASH> Did someone of you brake twitter btw.? http://www.picpaste.de/pics/Bildschirmfoto-Twitter_-_Over_capacity_-_Mozilla_Firefox.1274295427.png
[20:03] <RoyK> works well with both linux and osol
[20:03] <binBASH> I'm getting this
[20:03] <RoyK> and doesn't cost a whole lot (16-core with 64gigs of ram for NOK 43k is not very expensive)
[20:06] <hggdh> smoser, pong
[20:06] <smoser> hm... what was i going to ask you
[20:06] <hggdh> heh
[20:06] <RoyK> "how many road must a man walk down" is classic
[20:13] <ne7work> hello all
[20:13] <ne7work> please someone help me with proftpd
[20:13] <cybrocop> smoser: & all    In Eucalyptus, does the partition table get changed during the upload of bundle itself or when an instance is run?
[20:14] <smoser> cybrocop, run
[20:14] <cybrocop> thx smoser
[20:14] <smoser> look at partition2image
[20:14] <smoser> or some such on the node
[20:14] <smoser> i think its the same place you found the kvm  libvirt script
[20:25] <SpamapS> hrm I'm stuck w/ puppet
[20:25] <SpamapS> my nodes sent their cert reqs to the server..
[20:25] <SpamapS> I signed them..
[20:25] <SpamapS> now nothing works
[20:25] <SpamapS> :(
[20:25] <SpamapS> getting some odd errors on the nodes
[20:26]  * SpamapS decides to think it over at lunch
[20:31] <RoyK> ne7work: ask a question about something you want to know - don't ask for a lecture
[20:34] <ne7work> RoyK, I don't know how to select directory for ftp user
[20:34] <ne7work> and how to set permissions on this directory
[20:35] <RoyK> afaik it's run under its own user, ftp
[20:35] <RoyK> like vsftpd does it
[20:35] <RoyK> and probably all the rest
[20:49] <hggdh> zul: do you remember the name of the gobby for the server-qa-workflow?
[20:50] <sommer_> hggdh: I do it's: server-m-qa-workflow
[20:51] <hggdh> zul, thank you
[20:53] <hggdh> zul, do you have a copy? It seems it vanished from Gobby
[20:53] <hggdh> or I bloody cannot find it
[21:22] <zul> hggdh: sorry im busy with a sick kid here
[21:22] <zul> hggdh: ill try to find it in a bit
[21:22] <hggdh> zul: thank you
[21:34] <Andre_francys> hello
[21:34] <Andre_francys> need help´me
[21:37] <Andre_francys> how to configure ldap in the ubuntu 9.10 with file slapd.conf
[21:37] <cybrocop> smoser: after investigation it looks like there is a bug in partition2disk that makes it ignore my image completely. https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/494803
[21:38] <cybrocop> but that doesn't seem to be the cause of my problem.
[21:38] <cybrocop> since it ignores my image anyway
[21:42] <sommer_> Andre_francys: slapd uses the cn=config backend in 9.10
[21:43] <sommer_> Andre_francys: the serverguide for lucid has instructions that work for 9.10
[21:43] <sommer_> https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
[21:44] <Andre_francys> ok i try
[21:44] <lifeless> kirkland: hey
[21:45] <lifeless> kirkland: you said something about being able to power off vms from virt-manager
[21:45] <MTecknology> This runs every three days in cron, right?  0 6 * * */3 /usr/local/sbin/config-branch-email > /dev/null
[21:47] <ScottK> MTecknology: man 5 crontab
[21:48] <MTecknology> ScottK: thanks - looks liek I got it right :)
[21:48] <ccheney> i think it would be 0 6 */3 * *  but i might be wrong
[21:48] <MTecknology> wrong*
[21:49] <MTecknology> ccheney: I suppose that would make more sense
[21:50] <ccheney> MTecknology: what you did might work but i am not sure, it might only run on tue/fri
[21:51] <ccheney> or something like that, maybe more like sun,wed,sat
[21:51] <MTecknology> ccheney: I'm interested in finding out :P - I'll test it
[21:51] <ccheney> looks like it would be 0,3,6 whatever that maps to
[21:52] <MTecknology> So.. do you guys know of any way to manage passwords between groups of users?
[22:04] <zul> hggdh: i dont have it...maybe mathiaz
[22:04] <MTecknology> zul: hey.....
[22:05] <zul> MTecknology: hi
[22:05] <MTecknology> zul: how's it going?
[22:05] <hggdh> zul, thanks anyway. mathiaz -- do you have a copy of the gobbydoc server-m-qa-workflow?
[22:05] <zul> MTecknology: good dealing with a sick kid
[22:05]  * SpamapS just ate a ridiculous amount at the indian buffet
[22:06] <MTecknology> zul: tell 'em i said they better get better :) ... I was thinking.. since you're brilliant...
[22:06] <MTecknology> zul: Any chance you could make a repo with php-fpm available for lucid?
[22:06] <zul> MTecknology: maybe if i had time
[22:09] <MTecknology> zul: I tried and failed miserably
[22:20] <mathiaz> hggdh: http://people.canonical.com/~mathiaz/server-m-qa-workflow
[22:24] <hggdh> mathiaz: thank you
[22:42] <kirkland> lifeless: yeah, you should be able to
[22:42] <kirkland> lifeless: if your guest is totally up to date
[22:42] <kirkland> lifeless: there's an update for acpid you need in your guest
[22:43] <kirkland> lifeless: (and you might have to install acpid in your guest, if you don't have it already
[22:56] <lifeless> kirkland: ah, it wasn't installed
[22:56] <lifeless> kirkland: thanks.
[22:56] <kirkland> lifeless: sure
[22:56] <kirkland> lifeless: i've toyed with the idea of adding that to the server seed
[22:56] <kirkland> lifeless: file a bug, if you think it makes sense
[22:56] <lifeless> \o/ success
[22:56] <DrUnKnMuNkY> hey, i upgraded ubuntu server 8.04 to 10.04 and now i'm stuck in an initramfs prompt. anything i can do from there? it's a server i don't have physical access to :/
[22:56] <lifeless> +1
[22:57] <kirkland> lifeless: how bad were the dependencies?
[22:57] <breakd0wn> hello, I am having trouble installing 10.4. Basically the cd boots, I partition, format, looks like it installs base, then get a prompt
[22:57] <breakd0wn> Please insert the disk labeled 'Ubuntu Server 10.04 LTS amd64 20100427 in the drive /cdrom and press enter
[22:58] <breakd0wn> I did a disk check and it checked out ok
[22:58] <lifeless> kirkland: none grabbed
[22:58] <lifeless> kirkland: but I have apache, postgresql and an lp dev environment in the vm already
[22:58] <lifeless> kirkland: what would actually be awesome
[22:59] <lifeless> kirkland: would be virt-manager adding acpid automatically when you make a new ubuntu vm
[22:59] <lifeless> regardless of server/desktop/etc
[22:59] <kirkland> lifeless: well, virt-manager tries to be ignorant of what's running the guest
[23:00] <lifeless> kirkland: sure, but doing an install is different
[23:00] <lifeless> I'm not saying 'do magic to existing vms'
[23:02] <kirkland> lifeless: well, same applies, but i haven't thought too hard about it
[23:02] <JanC> DrUnKnMuNkY: try to find out why it stops in initramfs?
[23:04] <DrUnKnMuNkY> JanC: this is all I can see: http://pastebin.com/wZdpWpeT , it's a VPS and I don't have access to a real console and this is all I can see after it boots and I'm stuck in the initramfs prompt
[23:07] <JanC> DrUnKnMuNkY: looks lik it doesn't find the disk with UUID da7aeb45-568f-4677-8f23-286d10a3d673 and judging from the errors above it, that's probably your /
[23:08] <JanC> try to mount / manually
[23:09] <DrUnKnMuNkY> there's nothing in /dev
[23:10] <DrUnKnMuNkY> well not nothing but no disks, there's console, null, pts, and tty1-6
[23:22] <meglio> Hi guys. I'm feel like I got something wrong with my difficult scheme of ubuntu installation with raid & non-raid partitions. And now it does not boot at all, hovewer I have successfully finished installation in expert mode. Can anyone help  me to figure out what is the problem?
[23:23] <meglio> is this is right place to ask a help like this?
[23:23] <flyback> I don't see why it's not a good place to ask :)
[23:23] <flyback> but I am too rusty to help
[23:23] <flyback> with bootloaders
[23:24] <meglio> thanks flyback. anyone else here can help?
[23:25] <flyback> i'm sure if anyone is around so idle here
[23:27] <meglio> flyback, are you familiar with GRUB at all?
[23:27] <flyback> not really
[23:27] <flyback> I never quite learned it vs lilo
[23:27] <flyback> and was away from linux for many yrs
[23:28] <flyback> due to various reasons
[23:30]  * flyback bbl
[23:31] <RoAk> ,/quit
[23:32] <JanC> meglio: there are some tutorials around about fixing grub; e.g. maybe devices got enumerated differently while booting from the installer medium
[23:33] <JanC> or maybe grub doesn't really support your raid setup
[23:33] <meglio> JanC, I have reall all the devices but I cannot figure out the problem. I'm newbie with ubuntu at all, and I'm working latest 30 hours non-stop with hope to alive this server.
[23:34] <meglio> If you can help, here is my situation....
[23:34] <meglio> I have 4 HDD drives. On first drive I have bootable partition outside raid, with mountpoint=/boot
[23:35] <meglio> everything else I have in RAID10, and then partioned by LVM. first logical partition has moutpoint= / (root).   This all I have done in server expert mode installation, in manual partitioning.
[23:37] <meglio> one of installation steps was to select what bootloader to install. I selected GRUB and then /dev/sda1 as the destination path for installation. After this it just does not bootup at all...
[23:38] <meglio> eg, /dev/sda1 is bootable partition (mountpoint = /boot and with *bootable flag).
[23:38] <JanC> grub should go into /dev/sda, not /dev/sda1
[23:38] <meglio> I tried both variants in last 2 hours, neither works.
[23:39] <meglio> well, ubuntu tells itself that it can be installed on sda1 too - it even shows this as an example before INPUT.
[23:40] <meglio> I have IPMI (KVM over lan) if you would like to try to look at what I have not remotely in console. just in the case you will want to try to help.
[23:40] <meglio> typing eror, *not remotely - I wanted to say remotely, without NOT
[23:42] <SpamapS> ok so I seem to have discovered a fairly heinous bug in libruby1.8's net/http.rb file in which real error messages are lost because of an undefined method exception..
[23:42] <SpamapS> should I report it to ruby.. or against the ubuntu package and let it float up stream from the maintainer?
[23:43] <meglio> JanC, any idea?
[23:44] <JanC> SpamapS: both, and link the upstream bug to the LP/ubuntu bug if possible  ;)
[23:46] <SpamapS> https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/561432
[23:47] <SpamapS> looks like it has been reported
[23:48] <meglio> why do not I see sda, sdb etc when typing ls /dev  ?
[23:49] <JanC> meglio: you're inside a rescue console?
[23:49] <meglio> I'm loaded from Ubuntu Live CD
[23:49] <meglio> .... still trying to fix my server bad installation problem.
[23:50] <meglio> want to try to install GRUB manually
[23:50] <JanC> is this hardware raid or fake raid or such?
[23:50] <meglio> software raid. adjusted in manual mode in expert installation mode
[23:51] <meglio> but /boot is outside raid
[23:51] <JanC> eh, but not seeing anythin in /dev is really weird
[23:51] <JanC> you sure there is no hardware problem?  :-/
[23:52] <meglio> here is what I see http://i49.tinypic.com/169rf5t.png
[23:53] <JanC> you might also want to look into /dev/mapper & /dev/disk (but it's really weird)
[23:54] <meglio> but if I'll start installation process again it will show me all 4 drives and I'll be able to partion everything again - did it 2 times today already.
[23:55] <meglio> JanC, here it is (mapper and disk) http://i46.tinypic.com/13zynq.png
[23:56] <JanC> the stuff in /dev/mapper looks like fake raid
[23:57] <JanC> dmraid stuff
[23:57] <meglio> ??
[23:59] <meglio> JanC, my motherboard supports only e rade (not true hardware rade), so I turned off my controller in bios at all. How can it be fake raid then? hm.....
[23:59] <meglio> *only fake rade
[23:59] <flyback> what chip is the raid