| twb | the varnish sysvinit script does "ulimit -n ${NFILES:-131072}" and "ulimit -l ${MEMLOCK:-82000}", to increase process limits. | 03:30 |
|---|---|---|
| twb | When translating that to an upstart job, would they go in pre-start script, or what? | 03:30 |
| twb | Never mind, I don't care. increasing ulimits isn't permitted in my varnish container in any case, because it doesn't have CAP_SYS_ADMIN. | 03:35 |
| JanC | twb: upstart also has a "limit" stanza | 03:39 |
| * twb reads upstart(7) manpage | 03:40 | |
| JanC | it's in upstart(5) ;) | 03:40 |
| twb | Ah, cool. I didn't realize that was there | 03:40 |
| JanC | and I meant init(5) of course ;) | 03:58 |
| twb | http://paste.debian.net/106987/ | 03:59 |
| twb | How does that look (for lucid)? | 04:00 |
| twb | Add a update-rc.d varnish remove in there, too | 04:01 |
| SpamapS | twb: you have to specify the soft and hard limit | 06:34 |
| twb | Doesn't matter now; it turns out varnish can't do HTTPS, so I lost interests | 06:35 |
| SpamapS | bummer | 06:35 |
| twb | Now I'm trying to learn enough apache to make it authenticate against PAM | 06:35 |
| twb | It turns out the old server was using mod_perl's "PerlAuthenHandler Apache::AuthenNIS"... yeesh | 06:36 |
| SpamapS | sounds like a classic | 06:36 |
| twb | AFAICT I can point apache directly at slapd (which might work), but I can't say "just trust pam like a normal bloody package" | 06:37 |
| SpamapS | mod_auth_pam has worked for me in the past | 06:53 |
| twb | Apparently it's unmantained | 06:54 |
| soren | Stuff that uses pam for authentication also often needs root privs. | 08:25 |
| soren | Something I'd rather not bestow upon a web server. | 08:26 |
| twb | granted | 08:31 |
| twb | FWIW, mod_authnz_ldap worked perfectly (to my immense surprise) | 08:32 |
| SpamapS | ok, I know its time for bed when I see jhunt signing on | 09:48 |
| SpamapS | jhunt: given any thought to that ureadahead bug about not having a writable /var/lib/ureadahead ? | 17:47 |
| jhunt | SpamapS: I like the idea of sending a signal. Maybe we can contrive a nasty test to see how big we can make the packs. keybuk has mentioned that the fix for bug 523484 might work but isn't optimal since by the time /var (separate partition) is mounted, ureadahead will have lost the opportunity to consider reads for libc, etc. | 17:55 |
| SpamapS | Right... | 17:56 |
| * jhunt double-takes | 17:56 | |
| jhunt | bed? no. dinner yes :) | 17:56 |
| SpamapS | I'll post my ideas about the implementation of the signal idea in the bug report. You're off to dinner then? | 17:57 |
| jhunt | in a few mins. back l8r prolly... | 17:57 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!