[03:30] <twb> the varnish sysvinit script does "ulimit -n ${NFILES:-131072}" and "ulimit -l ${MEMLOCK:-82000}", to increase process limits.
[03:30] <twb> When translating that to an upstart job, would they go in pre-start script, or what?
[03:35] <twb> Never mind, I don't care.  increasing ulimits isn't permitted in my varnish container in any case, because it doesn't have CAP_SYS_ADMIN.
[03:39] <JanC> twb: upstart also has a "limit" stanza
[03:40]  * twb reads upstart(7) manpage
[03:40] <JanC> it's in upstart(5)  ;)
[03:40] <twb> Ah, cool.  I didn't realize that was there
[03:58] <JanC> and I meant init(5) of course  ;)
[03:59] <twb> http://paste.debian.net/106987/
[04:00] <twb> How does that look (for lucid)?
[04:01] <twb> Add a update-rc.d varnish remove in there, too
[06:34] <SpamapS> twb: you have to specify the soft and hard limit
[06:35] <twb> Doesn't matter now; it turns out varnish can't do HTTPS, so I lost interests
[06:35] <SpamapS> bummer
[06:35] <twb> Now I'm trying to learn enough apache to make it authenticate against PAM
[06:36] <twb> It turns out the old server was using mod_perl's "PerlAuthenHandler Apache::AuthenNIS"... yeesh
[06:36] <SpamapS> sounds like a classic
[06:37] <twb> AFAICT I can point apache directly at slapd (which might work), but I can't say "just trust pam like a normal bloody package"
[06:53] <SpamapS> mod_auth_pam has worked for me in the past
[06:54] <twb> Apparently it's unmantained
[08:25] <soren> Stuff that uses pam for authentication also often needs root privs.
[08:26] <soren> Something I'd rather not bestow upon a web server.
[08:31] <twb> granted
[08:32] <twb> FWIW, mod_authnz_ldap worked perfectly (to my immense surprise)
[09:48] <SpamapS> ok, I know its time for bed when I see jhunt signing on
[17:47] <SpamapS> jhunt: given any thought to that ureadahead bug about not having a writable /var/lib/ureadahead ?
[17:55] <jhunt> SpamapS: I like the idea of sending a signal. Maybe we can contrive a nasty test to see how big we can make the packs. keybuk has mentioned that the fix for bug 523484 might work but isn't optimal since by the time /var (separate partition) is mounted, ureadahead will have lost the opportunity to consider reads for libc, etc.
[17:56] <SpamapS> Right...
[17:56]  * jhunt double-takes
[17:56] <jhunt> bed? no. dinner yes :)
[17:57] <SpamapS> I'll post my ideas about the implementation of the signal idea in the bug report. You're off to dinner then?
[17:57] <jhunt> in a few mins. back l8r prolly...