[00:03] craigslist is giving me some trouble [00:03] http://www.craigslist.org/about/help/generic_DNS [00:04] with my emails [00:04] I put the correct resolver in my mx records [00:04] you can't send or receive emails from them? [00:05] i can recieve just not send [00:05] cause you just said stuff about both [00:05] and what ip are you sending from? [00:06] 173.12.190.242 [00:06] heh, no wonder [00:06] that will never ever work to send to most people [00:06] you need to fix your reverse dns [00:07] perferably it should match your email server name forward address [00:07] it should match the email servers domain name? [00:08] no [00:08] perferably it should match what you used in your mx entry, and helo name [00:09] something like mine [00:09] dig mx patrickdk.com [00:09] dig -x 38.96.163.135 [00:09] they both match [00:09] hmm ok [00:09] mx for patrickdk.com is kishi.patrickdk.com [00:09] i suppose i need to contact my isp then [00:10] well, I have a few extra in there cause of ipv6 workarounds :) [00:10] i dont think they give control of that to me [00:10] no, but normally they will change it if you ask [00:10] if not, well, don't attempt to host your email there [00:10] haha [00:11] what if i have multiple domains on one server [00:11] I have yet to day anything about domains [00:11] does your email server have multible names? [00:11] just a few [00:11] no more then 3 [00:11] heh? [00:11] how the hell does your email server id itself as so many names? [00:13] currently, it id's itself as server2.kinggoddard.com [00:13] so hopefully that is what you used in your mx entry [00:13] ok what about the TXT entry they suggest they use [00:13] http://pastebin.com/UtJPX4sb [00:13] there is no law that says you must, but the more things don't match, the less likely other stricter email server will take email from you [00:14] that is my records [00:14] Patrickdk: the reverse should match? [00:14] I always thought it was only necessary to HAVE a PTR configured [00:14] not that it matches the forward entry referenced in the MX entry [00:14] i thought i had a TXT ptr setup [00:14] alamar, depends on how big of a bofh the email admin is [00:15] personally I configure email servers both ways, you just have a ptr, and ptr must match [00:15] no no makes sense [00:15] TXT != PTR [00:15] your TXT entries are spf, read up on spf, lots of info on google [00:16] ahh i see [00:16] so i should just put a ptr record in [00:23] I have 4 ubuntu desktops and a desktop/server at a church, I'm running apt-cacher-ng but having varying results - the cache seems to be out of date, or I get an Apt error on the desktops. Is there a better solution for caching repositories, saving bandwidth? [00:36] fluvvell: maybe provide the errors you're seeing [00:37] pmatulis, mostly apt-authentication errors on the desktops. there is a general feeling of clunkyness, or of updates not happening. [00:37] I'll mouse around to see if I can find a server log error [00:38] fluvvell: that would be best. also provide what releases are involved (desktop & server) [00:58] hggdh, the root cause is bug 784937 [00:58] Launchpad bug 784937 in cloud-init "/mnt not mounted, swap not used, disk is xvde" [Medium,Confirmed] https://launchpad.net/bugs/784937 [01:12] hggdh, thank you for your help today. [01:31] hmm, I have good results with apt-cacher-ng, bad with squid === alamar is now known as foobar123 === foobar123 is now known as alamar [02:46] smoser: yes, I concluded it should be this bug, and marked it in the results [02:46] smoser: thank you for confirming it [04:25] what do professionals use to test for server security? [04:32] New bug: #806782 in php5 (main) "package php5-fpm 5.3.5-1ubuntu7.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/806782 [04:40] How do I install mod_gzip on apache 64bit? [04:57] rallias: sure you don't mean mod_deflate? === medberry is now known as med_out [07:07] greetings [07:13] hello everybody.. [07:14] just want to ask about apache2 on 11.04 [07:15] is it safe to chown /var/www/*.php to administrator rather than root? [07:16] acklee: no. [07:18] so how could I edit or modify php files inside /var/www using Text Editor / gedit? [07:19] You don't. [07:20] Firstly, your server should not have a GUI. Secondly, /var/www is not FHS-compliant and you should not use it. [07:21] Thirdly, best practice is to version control your code, and to only package and upload versions that pass self-tests to the server. [07:22] If you aren't packaging your web app as a proper .deb, this could be achieved using rsync and ssh, with rrsync to restrict the uplaoders' privileges. [07:24] Finally, since a quarter to a third of ALL security issues are PHP-related, you should never use it under any circumstances, since clearly there are systematic problems with the PHP community's ability to produce secure code. [07:25] oh ok.. one more question.. if /var/www is not FHS-compliant so where is the best place to put DocumentRoot? [07:26] It would make sense to separate (immutable) programs from mutable state, so e.g. /usr/share/foo-app/foo.php, reading config from /etc/foo.ini and writing data to /var/lib/foo-app/ [07:27] Guys, who use ubuntu 11.04 and had installed libvirt? [07:27] If it's inherited code from people who don't understand such things, putting it in /srv/foo or /srv/www would be a reasonable short-term workaround. [07:27] lei_: what is your real question? [07:28] acklee: oh, and /usr/share assumes your program is interpreted; if it's compiled (e.g. prayer is a web-app written in C), you would use /usr/lib instead. [07:29] Actually prayer is a poor example; it has a built-in web server, so its binary is in /sbin. [07:29] I updated my system yesterday but i found that my libvirtd can not started [07:29] ok twb that's great, thanks for your suggestions, I really appreciate it.. [07:29] lei_: does it give an error? If so, what? [07:30] No, it just can not start, continue to restart, but when i use "ps -ef | grep libvirtd/(or libvirt-bin)" , i can not find it [07:31] i re-install it, it can not work too... [07:31] Did you check syslog? [07:32] let me check [07:32] tail -fn0 /var/log/syslog /var/log/auth.log & [07:32] Then "restart libvirt" or something [07:32] I just got this error on a new install of 10.04: -bash: php: command not found [07:32] nonotza: PHP is not installed by default. [07:32] I installed php [07:32] and I printed phpinfo [07:32] nonotza: php5-cli? [07:32] ahhh [07:32] that's right [07:32] thanks [07:33] do you know the apt-get package name? [07:33] nonotza: php5-cli? [07:33] that's it [07:33] hehe [07:33] all good now [07:33] (apt-cache search) [07:35] virt-CommandWait:1229:internal error Child process. [07:35] then libivrtd exited. === smb` is now known as smb [07:37] OK, stop the init job, then run it by hand in the foreground [07:37] Wait a minute... are you saying that *libvirt* doesn't start, or that your VM(s) don't start [07:37] Oh, also, IIRC libvirt defaults to writing logs directly instead of using syslog(), because it's bloody stupid [07:38] So you'll have to look around in /var/log, e.g. find /var/log -mtime -1 -ls [07:38] I tried it. I use "libvird -d" or "service libvirt-bin start" ,but both were failed [07:38] "ps -ef|grep libvirt " can see libvirt [07:38] sorry can Not [07:56] How would I go about removing a massively broken package? [07:56] apt-get remove [07:57] Removing hptraidconf ... [07:57] dpkg (subprocess): unable to execute installed pre-removal script: No such file or directory [07:57] this is the problem [07:57] I can't even --purge it... [07:58] hi all, i need help. i've just installed a fresh 10.04, and i can't find eth0 anywhere. ifconfig -a returned only eth1 and lo. after restarting, it changed to eth2 and lo. another restart and it changed to eth3 and lo. i can't make the network running to connect to my router. [07:59] note that i'm still very new in command line interface (just learn a bit from https://help.ubuntu.com/10.04/basic-commands/C/index.html). is there any other good resources for me to learn regarding to cli? [08:00] Alan: pastebin output of "more /var/lib/dpkg/info/hptraidconf.p* | cat" [08:01] Hannz: apparently your network card changes its PCI address every time you reboot [08:01] Hannz: is this a VM or something? [08:01] !RUE [08:01] !RUTE [08:01] documentation is to be found at http://help.ubuntu.com and http://wiki.ubuntu.com - General linux documentation: http://www.tldp.org - http://rute.2038bug.com [08:03] twb: i'm really sorry, is VM = Virtual Machine? i dunno how to answer your question, seriously. i just tried to make a network server for my upstart company's files. [08:03] Hannz: yes, "virtual machine" [08:04] Did you install onto a real computer that you can throw out a window, or is it a virtual computer [08:04] no, i don't think it is a vm. i installed it to a real computer [08:05] Then I dunno, your hardware is really weird [08:05] googled for vm, and now i'm sure it's definitely not a vm [08:07] twb: http://paste2.org/p/1506845 [08:08] i think it's possible that the package failed to install properly [08:08] but even so - nothing in those scripts could error because they're using rm -f, right? [08:08] Alan: there's no reason that should fail [08:09] Unless your root user doesn't have permission to remove files or something... [08:09] If you are feeling ballsy, just rm the prerm script and try again, though this will "void your warranty", as it were [08:10] twb: http://paste2.org/p/1506848 [08:10] that's the full output of attempting to remove --purge [08:11] twb: doesn't that just mean it's going to miss stuff now? :| [08:12] Alan: I don't know what's going on [08:12] Alan: maybe those scripts aren't executable? [08:13] Alan: or could be a biarch issue, that gives funny errors. [08:13] well it seems to have gotten everything plus what's listed in the prerm script... [08:13] Like it says "file not found" instead of "I can't execute 64-bit binary in 32-bit kernel" [08:14] twb: there's no chance of that kind of error [08:14] I'm not sure what screwed up there - removing the script "fixed" it... [08:14] i do know that the package never installed properly in the first place... [08:15] yay, now i can do updates again [08:15] every time i went to do updates it was trying to complete the installation of that broken package... [08:16] well thanks for your help twb :) [08:22] twb: i tried to reboot (sudo shutdown -r now) again, and it changed to eth4 now -.- [08:22] 18:01 Hannz: apparently your network card changes its PCI address every time you reboot [08:22] i guess i'll just try to re-install it from scratch [08:22] Hannz: as a workaround you can remove the persistent-net-GENERATOR script from /etc/udev/rules.d/ [08:23] Though this can cause problems if you ever have >1 NIC [08:23] heh, i remember the days before persistent network device names... [08:23] you update your kernel and BAM no network [08:24] i do have 2 nic, but i disabled 1 of them from bios settings. could it be the problem? [08:24] "What do you mean eth0 is now my firewire port?" [08:24] Hannz: the problem is almost certainly SOMETHING in the BIOS [08:24] twb: would reset the defaults in the bios fix that something? [08:25] *resetting [08:25] That depends on what the BIOS defaults to. [08:27] hmm.. i'll just try something.. thanks for your help :) [08:34] Hi all, I have a dual-boot issue on an EFI system (Lenovo S205): win installs and boots, but grub in the Server install messes up the boot sequence. [08:35] twb: i'm currenty reinstalling, is it okay to have the network configured with dhcp? or should i go back and configure manually? [08:35] lodott: are you installing both windows & ubuntu on the same harddrive? [08:35] Hannz: DHCP is fine, as long as you are on a trusted network and the DHCP server is well-behaved [08:36] EricJ: yes, windows has sda1/2, Ubuntu sda3 [08:37] It probably has to do with the EFI thing, which have not really yet a handle on [08:37] In theory, as long as you install win first and linux second, it should Just Work [08:38] But I haven't dealt with such a system in a looong time [08:38] yeah, I hoped so too. [08:38] I followed instructions in the help page "RecoveringUbuntuAfterInstallingWindows" but after "overwriting the MBR" the system does not boot up [08:38] I've had some problems setting up dual-boot, but that was splitting win & ubuntu onto different disks. [08:39] lodott: you don't even boot into grub? [08:39] nope, I get into a reboot loop and have to switch off/boot from CD [08:39] meh [08:40] I can get windows back to work by fixing the mbr with the install disk [08:41] what's the easiest and most secure way to set up a user with root priviledges? [08:41] I just set up a ubuntu server, probably not a good idea to run around as root eh? [08:42] rurufufuss: I'd add him to the sudoers. [08:42] the user's not set up yet, IIRC there was a command to set up the user, including his home page etc [08:42] I was wondering if that's correct? [08:43] Another attempt was to use EasyBCD to boot Ubuntu via Windows, but no luck [08:47] About the EFI: in the windows install it apparently made a difference if I let the system find the CD or if I manually selected the CD. I am not sure why that should be but could that have an effect on where Ubuntu puts the MBR data? [08:49] With system finding the CD, windows creates a boot entry on the BIOS level, otherwise installs to the MBR normally [08:51] With this specific Lenovo the MBR install is needed, otherwise the installed system has problems with shutdown (lenovo bug) === koolhead11|Afk is now known as koolhead11 [09:12] lodott: afaik, you can sacrifice the powers of Grub and shift to Windows Boot Loader to boot you into Linux.. [09:14] On Oneiric Alpha2 ISO testing, RAID1 and UEC install are untested [09:15] http://iso.qa.ubuntu.com/qatracker/test/5890 [09:15] http://iso.qa.ubuntu.com/qatracker/test/5889 [09:15] Anyone to give them a try ? [09:15] acklee: how would I do that? I tried the EasyBCD tool which is supposed to do just that, but maybe you have a better alternative. [09:18] acklee: the EasyBCD tool actually located the GRUB2 partition on its own, so my fear is that it has to do with installing the MBR somehow. [09:31] lodott: http://www.supergrubdisk.org/ provides a specialized rescue disk to restore Windows/Linux.. I haven’t used it anytime though.. [09:34] hello, i have a problem with ethernet settings. it seems that my ethx keeps changing its name (eth1 to eth2 to eth3 and so on), and apparently the hwaddr is also changing its mac address everytime i reboot the server. [09:41] I don't know the answer to your question, but one way to search for text in files is this: "sudo find /etc|xargs grep eth20" could you pastebin the output of that? [09:42] Hannz: pastebin for sudo find /etc|xargs grep eth20 [09:45] jhunt: thanks for taking a look at my upstart query yesterday - turns out I was being a dunce :-) [09:45] i'm currently on another notebook so i can't pastebin it. but it returned 20+ lines, all ended with 'Permission denied'. [09:46] jamespage: np. If there is some way we can improve the man pages/cookbook to avoid confusion though, let me know. [09:47] I discovered that others had experienced similar problems with ASUS boards with nVidia NICs, changing their MAC addresses.. [09:47] Hi all. is there a way to "unencrypt" an ecryptfs-encrypted homedir other than copying everything and restoring afterwards? [09:47] Hannz: Looks like Gigabyte and ASUS have been shipping invalid MAC addresses on some of their boards.. [09:48] i'm using gigabyte board and its onboard nic [09:48] Hannz: it just generates a new (valid yet) random MAC address.. [09:49] acklee: so i have to switch my mainboard? [09:49] Hannz: cat /etc/udev/rules.d/70-persistent-net.rules [09:50] or can we find a way to stop it from generating new mac addresses? [09:51] Hannz: it would be nice if you can show me the output.. [09:51] Hannz: no, last option is disable your obloard nic in the BIOS.. [09:52] acklee: i think the 70-persistent-net.rules is making new lines of rules everytime i reboot the box. i checked it before boot and after boot, it just adds a new # PCI device [09:52] Hannz: and put your new nic to PCI slot.. [10:02] New bug: #806887 in drbd8 (main) "package drbd8-source 2:8.3.7-1ubuntu2.1 failed to install/upgrade: drbd8 kernel module failed to build" [Undecided,New] https://launchpad.net/bugs/806887 [10:39] what is the proper way to start a persistent process on a server? [10:40] assuming that " ./someprocess &" is actually not the right way [10:41] that process being one of my binaries made from gcc that is [10:43] acklee: thanks, I will have a look later [11:37] rurufufuss: ./someprocess & will start it well, but unless the process traps SIGHUP, a logout will then stop it [11:38] rurufufuss: nohup ./someprocess & will trap SIGHUP [11:38] the best way would be to trap SIGHUP from the process itself and perhaps fork in the background also from the process [11:42] I cant seem to be able to call g++ using the exec() function in php, any ideas? [11:55] RoyK: thanks, I suppose if you trap sighup the process will then have to be killed manually huh [12:02] New bug: #806930 in mysql-5.1 (main) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 100" [Undecided,New] https://launchpad.net/bugs/806930 [12:06] New bug: #806911 in nova "Split nova-compute into nova-compute-{kvm,xen,etc.}" [Undecided,New] https://launchpad.net/bugs/806911 [12:08] good morning teammates [12:11] morning Ursinha [12:19] Ursinha: o/ [12:19] jamespage: o/ [12:20] yo [12:20] zul: o/ [12:20] hey lynxman [12:24] ls [12:24] bah [12:24] hello Ursinha ! [12:25] $ ls [12:25] porn [12:25] Daviey: :) [12:25] lynxman: :o [12:25] SpamapS: around? [12:25] serge_: he's away this week. [12:25] Daviey: hehe, still need to send you the pics! [12:25] Daviey: and the video [12:26] Daviey: yeah, but i thought he said he might be on and off around :) [12:26] Daviey: i gather jameshunt is out too [12:27] lynxman: oh dear! [12:27] serge_: hmm, i spoke with jhunt yesterday. [12:27] Daviey: there's some very scary ones [12:28] * koolhead11 looks at lynxman [12:29] * lynxman feels stared at [12:29] Daviey: yeah, i'm pinging him on #upstart, thx [12:30] groovy [12:36] lynxman, i thought i joined some other channel :D [12:36] hey Daviey [12:36] koolhead11: heh :) [12:45] zul: I have a new version of mcollective (1.2.1) ready for you if you fancy :) [12:46] lynxman: sure ill take a look this afternoon [12:46] zul: cool, thx [13:19] jamespage, do you know what's the status of Ubuntu Server EC2 HVM testing ? There's no result on the tracker. [13:44] hggdh: lemme know when i can use the test rig [13:45] zul: as soon as UEC testing ends [13:47] * Daviey imagines it'll end abrubtly [13:48] wouldnt have it any other way ;) [13:51] zul: i want to sync the latest (non-release) lxc for oneiric. Do you have any reason for me to wait? [13:51] serge_: nope [13:51] k [13:51] it'll be a kick-ass update :) [13:52] although /dev/pts doesnt seem to get mounted in the container under libvirt [13:52] serge_: I guess with everything that went in git recently it's probably worth trying to convince Daniel to just release ;) [13:52] stgraber: i've asked him, can you also ask him? [13:52] serge_: sure [13:52] i agree, 0.7.5 seems worth yagginh [13:52] tagging, even [13:52] thx [14:21] rurufufuss: not really - read up about unix and signals [14:22] RoyK: so you mean if I have a C program, do signal(SIGHUP, whatverfunction) [14:22] and whatever function just does nothing [14:22] you mean that's actually not enough? [15:07] rurufufuss: basically, yes [15:08] rurufufuss: and the signals have different meanings, different use etc [15:09] for instance, HUP is sent when a terminal is closed, TERM is the basic signal sent by kill(1), some signals shouldn't be trapped (for example SIGSEGV) and others can't be trapped (SIGKILL) [15:10] advanced programming in the unix environment is a good lecture fo stuff like this (if a library of yours has it you should take a look) [15:11] lecture? I mean reference Ithink [15:11] hmm ic [15:11] I mean, I just want a program of mine to not terminate [15:11] like, I want to log in to a remote box, run it, and log off [15:11] (it's a fastcgi application) [15:11] I suppose using nohup suffices huh [15:11] you could run it in screen, with nohup or disown [15:11] or do signal handling yourself. if you want it to act like a daemon there is a good entry in the unix programming faq for that [15:12] http://www.unixguide.net/unix/programming/1.7.shtml if you're interested [15:12] thanks [15:12] when you said with screen, nohup or disown [15:13] that's "either screen, nohup, or disown", not "with screen AND either nohup or disown" right? [15:13] rurufufuss: man screen etc [15:13] either one will do [15:13] cool, thanks! [15:13] there's usually some 10+ ways to do things :) [15:13] what's the chances handling a signal to SIGHUP and doing nothing on the handler will also work? [15:14] I would test this myself if I could, but its not compiled yet :/ [15:14] that'll trap SIGHUP, yes [15:14] sweet [15:14] and ignore it [15:14] but if something sends it a SIGTERM, it'll die [15:14] unless that's trapped as well [15:14] but if I run it with & it wont get sigterm would it? [15:15] well, I suppose I could just test when I get the chance to [15:15] nohup is the only wrapper I know that traps signals - & is only to background it, and that one doesn't trap anything [15:16] you could write a trapeverything wrapper, but normally you want software to stop when it's told to [15:16] or if it crashes [15:16] trapping SIGSEGV could lead you into interesting times indeed [15:16] New bug: #807038 in dbconfig-common (main) "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Undecided,New] https://launchpad.net/bugs/807038 === Ursinha is now known as Ursinha-lunch === NG_ is now known as ng_ === JanC_ is now known as JanC [16:01] adam_g: ping [16:11] everyhting seems oddly quiet... has disaster hit? [16:18]   [16:20] zul: oh, silly me. we're in soft freeze [16:21] serge_: not anymore. Got lifted this morning (european time) [16:22] ah, cool, thx [16:23] this channel is always quieter than some of the other ubuntu channels :P [16:23] question. any idea why Server won't install correctly on a Dell POweredge 2600 in hardware RAID5? [16:23] i end up with an infinite boot loop [16:30] TheEvilPhoenix: Did you set up the raid array in the hardware before installing? [16:31] yeah [16:35] TheEvilPhoenix: Is grub entry using the uuid of the array, or sdaX type entry for loading the kernel from? [16:36] i'll have to check, i'm not at the system atm. [16:36] New bug: #807091 in nova (universe) "error: internal error character device (null) is not using a PTY" [Undecided,New] https://launchpad.net/bugs/807091 [16:36] i'll come back once i got that info [16:39] RoAkSoAx: hey === Ursinha-lunch is now known as Ursinha [17:02] adam_g: hey, never mind :) [17:06] New bug: #807110 in nmap (main) "Sync nmap 5.21-1.1 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/807110 [17:57] Daviey, around ? [17:58] Ben is still utlemming? he's not here. [17:58] smoser: ack [17:58] http://uec-images.ubuntu.com/releases/oneiric/ has 'alpha-2' and 'alpha-2a' [17:58] on nectarine 2a has been deleted. [17:59] i'm going to run 'trigger-sync' there, which will delete from uec-images also [17:59] they seem to have identical content, but didn't know what 2a was and wanted to check before i cleaned there. [17:59] utlemmin [18:00] smoser: I just pinged him on another irc network, think he should be here soon. [18:00] ] [18:02] * Daviey spots utlemming's irc failure. [18:07] * utlemming was on other irc channels [18:08] * utlemming but is now in the right spot [18:23] soren: ping [18:46] zul: 'sup? [18:46] soren: why do you want to break up nova-compute? [18:46] New bug: #807153 in bind9 (main) "named does not shut down after "service bind9 stop"" [Undecided,New] https://launchpad.net/bugs/807153 [18:47] zul: I thought I explained in the bug? [18:48] soren: right it looks overly complicated i think [18:48] How so? [18:49] zul: I thought you of all people would be happy with an easy way to use Xen or LXC with nova without mucking around with config files. [18:50] nm...im not thinking today [18:55] how can ubuntu render php files instead of downloading them, latest ubuntu with tasksel lamp installed [19:00] is anyone here today? I'm getting "rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=199, length=20" and I'm trying to figure out why === jeeves__ is now known as jeeves_moss [20:07] jibel: I believe the HVM AMI's are broken ATM - utlemming or smoser would be able to confirm [20:07] Yes the HVM AMI's are broken. We are working with Amazon to address the problem [20:08] thanks utlemming - I thought that was the case [20:08] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/791850 [20:08] Launchpad bug 791850 in linux "oneiric cluster compute instances do not boot" [Undecided,Confirmed] [20:08] ta [20:19] do I have to make a new entry into the client.conf file for each access point I need access to my FreeRadius server for? === med_out is now known as medberry [20:26] serge_: hi :) [20:31] lifeless, hey [20:32] hi? [20:40] lifeless: hey [20:40] serge_: would you like a new lxc script that takes a shutdown container, makes an aufs overlay and starts it up [20:41] lifeless: yeah [20:41] ok, ew have one, I'll see about generalising [20:41] *we* [20:41] on the cgroup-bin thing [20:41] lifeless: cool, thanks. should we integrate that into lxc-start you think? [20:41] lxc-start -a for aufs? [20:41] making everyone that wants to use lxc manually mount the filesystem seems ugly [20:41] I replied to the bug [20:41] lifeless: we don't make everyone [20:41] but as its closed you might not see it ;) [20:42] what's the bug# again? [20:42] hello, i have a site and it has a lot of users and it makes the machine not respond to all with all the accesses (overloaded) how can i make with a second machine reduce the overload of the first one? [20:42] serge_: bug 800456 [20:42] Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,Invalid] https://launchpad.net/bugs/800456 [20:42] BrixSat: what sort of site? [20:43] it is a radio network site [20:43] I mean, is it a website? static content or dynamic? [20:43] dynamic [20:43] lifeless: what exactly does a 'Suggests' entry do then? pop up a msg while installing? [20:44] serge_: nothing, but its one of the first places people look when something doesn't work. [20:44] lifeless: dynamic website [20:44] I'm fine adding a suggests now that cgroup-bin plays nice :) [20:44] serge_: recommends or stronger would be better [20:44] lifeless: ok [20:44] wonder how i can gauge whether users would be annoyed by that [20:45] serge_: http://www.debian.org/doc/debian-policy/ch-relationships.html#s-binarydeps [20:45] th [20:45] serge_: if cgroups-bin can be disabled [20:45] x [20:45] serge_: then users who want to do it manually could disable [20:45] well i suppose a .override file should work, if those are in upstart now [20:45] though recommends is the usual place to put 'you should have this but can decide not to if you want' [20:46] 'The Recommends field should list packages that would be found together with this one in all but unusual installations.' [20:46] lifeless: any ideia? [20:46] right but we treat Recommends as stronger than debian does right [20:46] ? [20:46] New bug: #807222 in tomcat6 (main) "Sync tomcat6 6.0.32-5 (main) from Debian unstable (main)" [Wishlist,New] https://launchpad.net/bugs/807222 [20:47] serge_: nope, we, like debian, install recommends by default but allow it to be removed (or not installed if the user toggles the option) [20:47] BrixSat: if its a dynamic site, do you know if the database is overloaded, or your (php|perl|python) code, or the memory use on the machine? [20:47] lifeless: and if existing users do an upgrade, will it auto-install a new recommends? [20:48] BrixSat: the solutions are different based on the actual problem :) [20:48] stgraber: if you still ahve that source tree handy, [20:48] serge_: yes; but we're going to have more users eventually than we have today, so upgrades are a consideration not an overriding rule :) [20:48] lifeless: well the machine just can hang thousands of connections per seconds [20:48] serge_: yep, it's still there [20:49] serge_: oh, let me rephrase - if you dist-upgrade I think it installs new recommends, a daily upgrade won't. [20:49] do you mind adding cgroup-bin to the Recommends? :) [20:49] stgraber: for bug 800456 [20:49] Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,Invalid] https://launchpad.net/bugs/800456 [20:49] BrixSat: for that, I suggest rate limiting in your front end [20:50] rate limiting? humm [20:50] lifeless: whtat would that consist? [20:50] BrixSat: determine what concurrent request count your server can serve without bogging down,and then configure apache|haproxy|squid|varnish - whatever you have as your entry point - to only forward that many connections to your dynamic code at once [20:50] serge_: uploaded [20:51] it will stop the machine hanging, though it won't add capacity. [20:51] stgraber: remind me to buy you a beer at the sprint [20:51] thanks, gnight [20:51] lifeless: cant i have a second host able to do the same as the first host? [20:51] separately, if you need more capacity, you need to determine what you need more capacity of - database, frontend, bandwidth - and cluster-or-increase that somehow [20:52] BrixSat: yes, but if you don't manage the concurrent work, it will still overload and fail and then that will cascade across your whole cluster. [20:52] BrixSat: the very first thing you need is a concurrent work limiter, it makes everything else -much- easier to tackle [20:52] we use haproxy for launchpad.net, for instance. [20:53] haproxy does that? [20:53] * patdk-wk is just using ipvs these days [20:53] serge_: thanks! [20:53] the linux firewall can do that :) [20:53] BrixSat: yes, [20:54] patdk-wk: not as nicely (for users that exceed the limits) [20:54] if server1 fails will the second one be able to reply? [20:54] ya, defently doesn't give you a nice error though :) [20:54] patdk-wk: also things like persistent connections aren't handled by iptables solutions, it can't tell 'possible work' vs 'actual work'. haproxy can be configured to do that. [20:54] BrixSat: not for the failed request. For subsequent requests, yes. [20:55] nice :) [20:55] thanks [20:55] heh? possible vs actual? [20:55] any request that hits the server is actual work === utlemming is now known as utlemming_lunch [21:06] New bug: #807233 in mcollective (universe) "mcollective not working with rabbitmq" [Undecided,New] https://launchpad.net/bugs/807233 [21:16] New bug: #807240 in rrdtool (main) "Please merge rrdtool 1.4.3-3.1 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/807240 [21:17] patdk-wk: yes, but tcp connection != http request [21:18] patdk-wk: so http persistent connections will sit idle for (usually) up to 30 seconds [21:19] patdk-wk: if you say 'machinehas 4 cores, can handle 4 requests concurrently, and then limit to 4 http connections, you'd lost 30 seconds of processing per core per connection [21:20] patdk-wk: if you fudge it and multiply out to get a guesstimate, then a bunch of near-simultaneous requests coming in can flood the server and bog things down === ng_ is now known as NG_ [21:48] why does my server keep trying to use "::1..." (the local ipv6 address) and NOT 127.0.0.1? [21:50] check /etc/hosts [21:51] hello [21:52] how to build package with my, modyfited kernel? === utlemming_lunch is now known as utlemming [22:01] which is the name of the kernel that i should be running for 10.4 LTS. Is it kernel 2.6.32-32-server? [22:02] this is a xen guest. The xen kernels i guess arent used anymore [22:02] that is not a xen kernel [22:02] 2.6.32-316-ec2 is [22:04] that doesnt seem right. why the -ec2? [22:04] i thought the paravirt drivers were included after 2.6.27 [22:07] whats the difference between -server and -generic [22:08] server have other kernel timing [22:08] depends [22:08] generic is to desktop [22:08] tz clock rate, pae enable, ... [22:08] yes [22:09] server is to server ;) [22:09] hmm, well i upgraded a xen guest (whihc is being used as a web server) which was Ubuntu 8.04.3 LTS, kernel 2.6.24-25-xen to 10.4 LTS, but it only seemed to install the generic kernel [22:10] and it didnt even touch menu.1st. So luckily i caught that before rebooting or else it wouldnt have even booted since the xen kernel isnt compatible with 10.4 [22:10] last time I did that, the guest was trashed [22:10] this a 64bit system mind you [22:10] so was mine [22:11] so I use the -ec2 kernel now [22:11] looks like kernels since 2.6.23 have included xen stuff [22:11] well i have another system that is runnng 10.4 LTS with 2.6.32-32-server #62-Ubuntu SMP Wed Apr 20 22:07:43 UTC 2011 x86_64 GNU/Linux [22:11] and its fine, but wasnt sure if that was still the correct way to go [22:12] is there a good logging program for ubuntu-server? all my users are logging in via ssh. [22:14] grr, my timing is off again though on that working system. [22:14] serge_: where should I get the source for your current lxc package? [22:20] hmm, looks like the kernel should work [22:21] guess my issue was the xen blkdev is a module and wasn't in initrd correctly [22:21] it was today [22:25] lifeless: it's in the oneiric archive [22:25] (i dont' have my own lp branch for the latest) [22:25] kk [22:27] smoser: W: Failed to fetch bzip2:/var/lib/apt/lists/partial/us-east-1.ec2.archive.ubuntu.com_ubuntu_dists_natty-updates_universe_binary-i386_Packages Hash Sum mismatch , any idea? [22:38] hey [22:39] i have a questioni have a site wich is often confronted with high bandwidth and cpu, will ubuntu cloud and 2 servers make a kind of load balance? [22:39] anybody know how to in make-kpkg make tiny and nice kernel name? [22:39] patdk-lap: i still wonder though if the ec2 kernel is a bit more optimized and might be a little faster/leaner than the -server kernel [22:40] update-grub still doesnt work on a xen guest either =/ [22:40] BrixSat: hmmm, maybe nginx? but nginx havent loadbalancing per bandtwitch [22:41] WMP: is it diferent having ubuntu-server or ubuntu-cloud? will i notice diferent performances? [22:41] i don't know ubuntu-cloud [22:41] all servers i make in ubuntu-server [22:42] WMP: the problem is one of my servers get a lot of ddos [22:42] there is no thing as ubuntu-cloud [22:42] unless you mean ubuntu-uec [22:43] and yes, you will see a difference [22:43] patdk-lap: also, are you doing anything special to get your ubuntu guests to keep the correct date/time? [22:43] patdk-lap: if a server get a ddos atack will all the cloud stop? [22:43] macscr, nope [22:44] BrixSat: you shoud invest in hardware firewall [22:44] patdk-lap: are you by chance using pvgrub or pygrub though? [22:44] brixsat, depends on the ddos [22:44] WMP: cant afford it [22:44] macscr, nope [22:44] patdk-lap: ddos (udp flood= [22:44] ddos can be hundreds of thousands of things [22:44] all it means is you have too much from too many places at once [22:45] patdk-lap: usualy from 3 or 4 ip's [22:45] what udp services do you provide? [22:45] that is hardly a ddos, that is much more a dos [22:45] and easy to block using simple firewall rules [22:45] patdk-lap: none, i have no udp [22:46] then how the hell could a udp flood take you down? [22:46] cause thousands of connections per second [22:46] udp doesn't make connections [22:46] therefor that isn't the issue [22:46] the machine was goind up and down no network availiable [22:46] do you have stats on incoming/outgoing packet counts? [22:47] sim [22:47] yes [22:47] how many packets in and out? [22:47] hmm, actually might of been icmp replies, so probably wouldn't help [22:47] you need to configure a firewall desperately [22:48] be it soft, hard, or other [22:48] patdk-lap: i was having 11mpbs of network load [22:48] but a crapload of udp shouldn't be able to take down a server [22:48] expecually at 11mbit [22:49] I have handled that much ntp traffic without an issue [22:49] but in my case the server stops reacting and crashes [22:49] or i shutit down first [22:50] so you say [22:50] therefor I don't believe it was udp traffic that did this [22:50] my datacenter said it was [22:51] well, you have two solutions [22:51] what kind of udp traffic? ntp? icmp? dns? there are all sorts of dns attacks in the wild [22:51] get a firewall to reject stuff, and hopefully ban ip's that do that [22:52] or get your datacenter to do it for you [22:52] he said he wasn't running a udp server, so it shouldn't matter what type [22:52] ahs3: it was icmp, and ntp [22:52] what ip address? [22:53] the source? [22:53] or my machine? [22:53] the ip address on your machine they where *attacking* [22:54] 79.143.184.210 [22:54] hmm, that seems good atleast [22:55] there are craploads of really bad ntp stuff, that when it doesn't get a reply, it hammers the server harder [22:55] patdk-lap: yes now it is i had to replace the ip [22:55] heh? [22:55] it was before .209 [22:55] I asked what ip they attacked [22:55] not what you have now [22:56] no difference [22:56] hoo it is a 79.143.184.209 [22:56] that is not assigned to anything now (only dns resolution) [22:58] ya, you badly need to fix your firewall [22:58] install a firewall on that box, and set it to DROP everything [22:58] that will kill the icmp stuff [22:58] and should kill the load you had [22:59] I also see all kinds of fun stuff open, like dns, you said you where not running udp services [22:59] BrixSat: you get a "ddos" from 3 or 4 ips? [22:59] also your x11 ports are exposed [22:59] yes [22:59] american ips [22:59] x11 ports? [23:00] http://pastebin.com/AQN6GLKj [23:00] those closed ports, should say stealth instead [23:00] well if they are static you could just block them using netfilter. (or even ask upstream to do it for you) [23:00] alamar, and if he just didn't produce icmp replies to every packet, he probably wouldn't have to block them [23:01] patdk-lap: having icmp work is not a bad thing per se [23:01] I didn't say break icmp [23:01] but have icmp not reply with port closed [23:01] but you should probably rate limit it if it causes problems [23:02] alamar: how can i do it? [23:05] there is an iptables module for that. google icmp rate limiting. but it's probably the easiest way to just nullroute or filter the source addresses that cause your problems in general [23:07] thks