[03:30] the varnish sysvinit script does "ulimit -n ${NFILES:-131072}" and "ulimit -l ${MEMLOCK:-82000}", to increase process limits. [03:30] When translating that to an upstart job, would they go in pre-start script, or what? [03:35] Never mind, I don't care. increasing ulimits isn't permitted in my varnish container in any case, because it doesn't have CAP_SYS_ADMIN. [03:39] twb: upstart also has a "limit" stanza [03:40] * twb reads upstart(7) manpage [03:40] it's in upstart(5) ;) [03:40] Ah, cool. I didn't realize that was there [03:58] and I meant init(5) of course ;) [03:59] http://paste.debian.net/106987/ [04:00] How does that look (for lucid)? [04:01] Add a update-rc.d varnish remove in there, too [06:34] twb: you have to specify the soft and hard limit [06:35] Doesn't matter now; it turns out varnish can't do HTTPS, so I lost interests [06:35] bummer [06:35] Now I'm trying to learn enough apache to make it authenticate against PAM [06:36] It turns out the old server was using mod_perl's "PerlAuthenHandler Apache::AuthenNIS"... yeesh [06:36] sounds like a classic [06:37] AFAICT I can point apache directly at slapd (which might work), but I can't say "just trust pam like a normal bloody package" [06:53] mod_auth_pam has worked for me in the past [06:54] Apparently it's unmantained [08:25] Stuff that uses pam for authentication also often needs root privs. [08:26] Something I'd rather not bestow upon a web server. [08:31] granted [08:32] FWIW, mod_authnz_ldap worked perfectly (to my immense surprise) [09:48] ok, I know its time for bed when I see jhunt signing on [17:47] jhunt: given any thought to that ureadahead bug about not having a writable /var/lib/ureadahead ? [17:55] SpamapS: I like the idea of sending a signal. Maybe we can contrive a nasty test to see how big we can make the packs. keybuk has mentioned that the fix for bug 523484 might work but isn't optimal since by the time /var (separate partition) is mounted, ureadahead will have lost the opportunity to consider reads for libc, etc. [17:56] Right... [17:56] * jhunt double-takes [17:56] bed? no. dinner yes :) [17:57] I'll post my ideas about the implementation of the signal idea in the bug report. You're off to dinner then? [17:57] in a few mins. back l8r prolly...