/srv/irclogs.ubuntu.com/2011/07/08/#ubuntu-server.txt

mareshello00:11
mareshello00:12
maresxczxczx00:12
mareshello00:13
maresi have a question about installing ubuntu-server 64bit on vmware00:14
maresis there anyone willing to help me ?00:15
twb!anyone00:21
ubottuA high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.00:21
twbmares: vmware what, esxi?00:21
marestwb: hey, i downloaded ubuntu-server 64bit and try to install it on vmware00:27
marestwb: but wen i restart machine, black screen pop up with no options !?00:28
twbmares: vmware is a company, not a program.00:28
twbmares: what vmware product are you using?00:28
marestwb: sry, vmware workstation00:29
maresi just want to setup lamp server to practice with php,mysql etc.00:30
twbDoes that product normally give you any (emulated) BIOS boot screens?00:30
marestwb: yes00:30
twbDo you see those?00:31
maresyep00:31
twbAnd it goes black immediately after that?  You don't see *anything* from the install CD?00:31
maresi installed it, but when i restart my machine it goes black00:32
maresi installed it from iso image downloaded from ubuntu site00:33
twbOK, so after the install, you reboot, and see the BIOS prompts again?  And immediately after the BIOS part, it goes black?00:33
maresyea00:34
twbThis is 10.0400:34
twb?00:34
mares1100:34
mareslatest version00:34
maresis there any guide that i can follow up on installing virtual ubuntu server00:35
twbI'm not sure what's happening, but I would guess that it's either switching to the wrong VT (in which case, try Ctrl+Alt+F1) or the splash crap is doing the wrong thing, or it's switching to a video mode that confuses vmware-workstation.00:35
twbAlso try hitting Escape once you hit the black screen00:36
maresill try that, thanks00:36
twbTry booting a live CD, and turning off vga/vesa/splash-related stuff in grub's config00:36
twbTry installing 10.04 instead of 11.04.00:36
maresok00:37
twbAlso try using kvm instead of vmware crap :_)00:37
mareshehe, i installed vm virtualbox and same happens00:40
maresi went through installation wizard and all stuff00:40
maresand when i restart , black screen :P00:40
twboracle virtualbox is also proprietary crap00:41
mareslol00:41
maresso u suggest kvm ?00:41
twbYes.00:41
maresok, lets try it, thanks!00:41
MACscrhmm, is php-fpm not available directly from ubuntu?01:05
MACscraka, is a third party ppa required?01:05
twbphp5-fpm01:05
MACscrno diff01:06
MACscrim following a third party tutorial and they never mentioned loading an extra ppa. So thats why im wondering01:08
MACscri loaded the brianmercer ppa, but then noticed that after i got php5-fpm installed and nginx, then tried to install php-apc, it tries to install apache as well, which i obviously dont need01:09
twbMACscr: you are wrong.  php5-fpm is in Ubuntu.01:10
twbEnable the "universe" component.01:10
twbhttp://paste.debian.net/122267/01:11
MACscri dont see lucid mentioned there01:14
twbAh, sorry01:15
MACscrso maybe its not available for LTS?01:15
twbLooks like it was removed for a while, then came back in oneiric01:15
MACscrwhich is what i would think most server users would be using01:15
twbProbably because it had release-critical bugs when lucid was released01:15
twbSo yeah, you will have to do a PPA or something01:15
twbOr maybe PEAR, dunno if that's a good idea on Ubuntu01:16
MACscrok, so how about installing php-apc without it wanting to do apache stuff?01:16
twbMACscr: as in, you "apt-get install php-apc" and it pulls in apache?01:18
twbThat's because php-apc depends on phpapi-20090626, which is a virtual package provided by apache, php5-fpm, php5-cgi and php5-cli01:18
twbAh, php5-fpm is a binary package built from the php5 source package.  So as to why it is absent, you will have to look at the /usr/share/doc/php5-fpm/Debian.changelog.gz01:19
twbLooks like FPM was turned off in 5.3.3-2 and reenabled in http://bugs.debian.org/603174 (5.3.5-1).01:21
MACscrhmm, so i need to be running maverick or newer?01:28
twbSorry, I have work to do01:40
=== medberry is now known as med_out
uvirtbotNew bug: #807324 in bind9 (main) "BIND 9.7.0 (ie., lucid) is overly strict on authoritative responses missing the "aa" flag" [Undecided,New] https://launchpad.net/bugs/80732402:51
MACscrhow can i change the name of my partitions from xvda to sda, etc? Its a xen guest, but im using a premade image and i want to change it so that its using the same naming scheme as the rest of my guests04:21
MACscrits a xen guest btw. I know how to change it within grub and fstab, and with the guest.cfg, but im not 100% sure where else it needs to be changed04:22
twbMACscr: well the bootloader/initrd is probably going by UUID, so you only need to edit /etc/fstab04:25
MACscri dont think it is, because it didnt boot when i tried that. Got to busy box and i did: cat /proc/partitions and it still showed xvda04:26
twbWell, grub is exceptionally stupid04:29
twbMACscr: OK, what *is* in partitions?04:29
MACscrtwb: http://pastebin.com/ahY0MEQQ04:34
twbGuess you want xvda1 then04:34
MACscrright, but im trying to change it to sda1 and so on =P04:35
twbUh, what?04:35
cjsWhat channel would be good to ask questions about SATA vs. e-SATA connectors? (I have an allegedly-e-SATA cardbus card that has SATA conectors, and the same for a drive. I also have cables that have a SATA connector on one end and e-SATA on the other.)05:08
lifelessuhm05:11
lifelesshere, or perhaps google around for FAQs about sata?05:12
lifelessserge_: lxc-start looks like C; I'll just do the shell script for now ;)05:16
cjsWell, my question's above. WTF is up with an external SATA card and external SATA drive both using internal connectors?05:21
twbcjs: the main reason esata has different connectors is because the cable needs to work outside the case's shielding05:21
twbcjs: there's no real reason internal sata cabling won't work externally, although I admit it's weird and dumb to ship gear that way05:22
cjsI understand that. The cables are driven at higher voltage, better shielded, and have stronger connectors that are rated for more insertions/removals.05:23
cjsWell, I'd wonder about RF issues if using internal cables externally.05:23
cjsBut this silly PC-Card says "e-SATA" right on it.05:23
cjsPerhaps they're using SATA connectors due to space issues (the limited height on the edge of the card) but it's otherwise an e-SATA interface?05:24
rurufufussahem, how do you get bash to run a command for you?05:26
rurufufusse.g "bash -e ls", but that seems to spit out some weird error05:26
cjsDid you want "bash -c ls"?05:26
cjsOh, I see: "bash -e -c ls".05:27
rurufufussthanks05:27
twbcjs: I think he expected bash -e to be like perl/sed -e05:32
cjsrurufufuss: -e means exist on any untested error. E.g., "false" will exit, but "if false; then true; fi" will not.05:37
rurufufussah, I see05:38
rurufufussyeah I thought -e is execute05:38
twbrurufufuss: that's called -c in bash05:38
twbcjs: technically both will EXIT05:38
twbBut cf. bash -xec 'false;pwd' vs. bash -xec ':;pwd'05:39
cjsOf course I meant, "exit immediately after executing the failing command."05:40
lifelessserge_: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/80735107:08
uvirtbotLaunchpad bug 807351 in lxc "it would be cool to be able to clone an lxc container onto aufs for test runs - ephemeral containers" [Undecided,New]07:08
MACscrwhy would ipv6 ip addresses be showing in ifconfig if they arent listed in /etc/network/interfaces?07:35
MACscri definitely dont have any type of dhcp going either07:35
ayambityou should disable iv6 on ur system07:45
MACscrgrr, i had a system running, installed linux-server (so i could switch from generic to server for the kernel), ran grub-update, rebooted. Now it says the disk im trying to load doesnt exist. Its trying it using whatever UUID it created. So in grub, i tried doing root=/dev/xvda instead, but same error08:07
MACscrjust seems odd that the UUID would be wrong if thats obviously what was automatically generated because thats what it had found08:07
MACscrbut either way, the /dev/xvda should have worked08:08
MACscrnow neither kernel will load08:08
jibeljamespage, about bug 791454, you think the test case is wrong ?08:17
uvirtbotLaunchpad bug 791454 in mdadm "RAID1 Test Failed: Device need to be readded manually" [High,Opinion] https://launchpad.net/bugs/79145408:17
jamespagejibel: well it might have been right once - but its not for natty or oneiric08:39
jamespageI have not had time to test maverick/lucid08:39
jamespageits kind of an odd test todo anyway08:40
jamespageif you had an actual drive failure and had to replace then automated recover would not be an option08:40
jamespageas you would have to create the partition table first and then re-assemble the array08:40
Davieyjibel: I was thinking the same as jamespage.08:44
jibelDaviey, jamespage I tend to agree. Could someone from the server team update the test case with the expected behavior then ?08:47
Davieyjibel: is this step 16 or 17?08:49
jibelDaviey, 16.l There should be no need to add any missing devices back to the RAIDs manually. Otherwise, there is a bug!08:51
DavieyAh!08:53
DavieyThis isn't testing inserting a new disk.. but if a disk gets disconnected, reconnected - does mdad rebuild it without requiring input08:54
=== tobias is now known as Guest19514
Guest19514hi, would appreciate help with updating midnight commander08:56
Guest19514i'm running 10.04 LTS, and just installed "sudo apt-get install mc"08:57
Guest19514however, this resulted in version 4.7.0 of mc, while their website says that 4.7.5 is stable08:57
Guest19514how do I get that new version?08:57
=== mendel__ is now known as mendel_
SpamapSGuest19514: looks like the debian maintainer hasn't updated the package yet. You should probably file a bug against it in debian at bugs.debian.org09:02
Davieyhey SpamapS !09:05
SpamapSDaviey: hello!09:39
slhsenhi, we noticed that one of our web servers started to appear in public proxy lists. Previously we received huge amount of traffic and disabled foreign ip blocks via iptables. Obviously these two are related. Any advice for preventing this from happening again?11:56
patdk-wkif that is all you did, you still have the proxy issue11:57
patdk-wkfix the proxy issue?11:57
slhsenpatdk-wk, i suppose so11:57
patdk-wkthat can either be a webserver config issue, or a security hole in an webcgi11:58
slhsenno we haven't fixed it yet. iptables was just a temporary solution.11:58
slhsenand frankly, i have no idea about the solution11:58
patdk-wkI don't blame you there, cause we don't know where the issue is yet, other than there is one11:59
patdk-wkthis is where looking at your log files, during that massive traffic usage normally helps12:00
slhseni think, probably something wrong with our apache mod_proxy configuration but i'm not sure what it is.12:00
slhsenlog files shown outgoing http requests from a lot of different ips12:01
Ursinhagood morning12:10
lynxmanUrsinha: bom dia12:30
jpdsчто?12:31
Ursinhalynxman: buenos dias :)12:31
Ursinhajpds: kak dela12:31
jpdsUrsinha: все мне очень хорошо, и у тебя?12:32
UrsinhaI understand, but don't know how to reply12:36
Ursinhahahahaha12:36
Ursinhajpds: are you fluent in Russian?12:36
lynxmanUrsinha: he is by now12:37
Ursinhahaha12:38
lynxmanzul: hey you think you can get to my package today? :)12:57
zullynxman: yes hopefully but there is other people who can review it as well13:09
lynxmanzul: that's why I'm asking, don't want to stress you ;)13:10
zullynxman: im not stressed...just busy13:10
lynxmanzul: np then :)13:11
orudiewhats a good way to upgrade ubuntu server from 10.04 to 11.04 ?13:19
patdk-wkgoing from 10.04 -> 10.10 -> 11.0413:20
tyrezahello13:31
tyrezaafter an error on /dev/sda1 i reboot my system with a livecd13:31
tyrezawhere i have done13:31
tyrezafsck.ext3 /dev/sda113:32
tyrezais it the correct way ?13:32
tyrezaafter an error on /dev/sda1 i reboot my system with a livecd13:35
orudiehmm, I just tried sudo do-release-upgrade13:36
orudiebut i'm getting - already at the latest version13:37
orudieanyone ?13:42
uvirtbotNew bug: #807534 in exim4 (main) "package exim4-base 4.74-1ubuntu1.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/80753413:42
orudieI have server 10.04 and when I do sudo do-release-upgrade it tells me already at the latest vesrion13:43
orudieany idea what I'm doing wrong here ?13:43
=== med_out is now known as medberry2
patdk-wkorudie, no newer lts release is out yet, 12.0413:59
=== NG_ is now known as ng_
serge_Daviey: hey, in an hour or so, can I get you to sponsor a cgroup package for me?15:05
Davieyserge_: sure thing!15:05
serge_Daviey: thx15:05
stgraberserge_: fixing the init script? :)15:05
serge_stgraber: yeah, rolling that in with one other fix15:06
stgrabercool15:07
serge_it was an idiotic snafu on my part15:07
stgraberI also need to upload a new arkose today as libcgroup broke it :)15:07
serge_now i just want to make sure i didn't accidentally break something :)15:07
serge_how did it do that?15:07
serge_i'm looking for some time to try out arkose15:07
serge_i want to start running everything under it :)15:07
serge_especially once you integrate apparmor (you said you were doing that right?)15:07
stgraberarkose used to mount a cgroup filesystem just before calling lxc-execute. That used to work quite well but now the mount call fails as cgroup is already mounted ;)15:08
serge_ah, so waht really broke it was lxc now recommending cgroup-bin?15:08
stgraberyep, the idea is to get apparmor support into it and just use apparmor or lxc or both depending on what the profile describes15:08
stgraberyeah, arkose depends on lxc which recommends cgroup-bin :)15:08
stgraberanyway I made this specific mount() call optional, so if it fails it'll just continue and use whatever cgroup fs already exists15:09
stgraberjust need to release 1.2.2 with that fix and upload it to the archive15:09
Davieyserge_: Are you able to assist with bug 776103?15:13
uvirtbotLaunchpad bug 776103 in open-vm-tools "package open-vm-dkms 2011.03.28-387002-0ubuntu2 fails to build against 2.6.39 kernels, due to missing linux/smp_lock.h" [High,In progress] https://launchpad.net/bugs/77610315:13
serge_Daviey: i was sort of hoping to get some time on user namespaces after finishing with all this qemu, libvirt, lxc, and cgroup stuff :)15:16
serge_Daviey: this is in multiverse?  or universe?15:16
Davieyserge_: open-vm-tools, is this not main?15:17
serge_Daviey: libcgroup package is at "dget http://people.canonical.com/~serge/libcgroup_0.37.1-1ubuntu3-package/libcgroup_0.37.1-1ubuntu3.dsc15:17
serge_Daviey: no it's not, lemme check15:17
serge_Daviey: multiverse15:17
Davieybah15:17
serge_right, we need to decide whether to move it up to at least universe, bc it's taking up a lot of time15:18
Davieyserge_: The assignee is looking for assistance in solving the ftbfs.  If it's not too time intensive, would you be able to help?15:18
serge_does it not have a maintainer?15:18
serge_sure15:18
Davieyserge_: not urgent for *today*.. but you made yourself the team expert in open-vm-tools :)15:18
serge_who is that guy who has been posting all the patches?  does he care to be its maintainer?15:18
Davieyserge_: shrug.15:19
serge_i know almost nothing about open-vm-tools, i looked at the last one bc  i'm comfortable with kernel stuff15:19
serge_all right, your sponsoring of libcgroup squashes two bugs, i'll go look at open-vm-tools :)15:19
utlemmingDaviey: on Bug 791850, it looks like a dead-lock. I spent two hours yesterday with Amazon taking a look at it. The kernel initializes the CPU's and then just sits and spins with high CPU.15:20
uvirtbotLaunchpad bug 791850 in linux "oneiric cluster compute instances do not boot" [Undecided,Confirmed] https://launchpad.net/bugs/79185015:20
serge_Daviey: oh, ok - at least it's on oneiric.  i was afraid this was against natty with a newer kernel or something bogus15:20
serge_wonder if nmuench ever hangs out on irc15:20
=== medberry2 is now known as medberry
UrsinhaDaviey: what's the role of the person that attends the release meeting for each team?15:25
DavieyUrsinha: tradionally it's been the tech lead, but there is no reason it has to be that.15:26
Davieyzul has also taken the burden of driving it previously aswell.15:26
Ursinharight15:26
Ursinhatrying to understand the teams and who is who15:26
zulright i did..15:27
Ursinha615:27
Ursinhaargh15:27
=== mconigliaro_ is now known as mconigliaro
kim0Hey o/, Got something interesting to talk about in Ubuntu cloud days? → Please add a session to https://wiki.ubuntu.com/UbuntuCloudDays/Timetable .. Thanks16:36
=== ng_ is now known as NG_
=== micahg_ is now known as micahg
ColoBillFolks, I asked some USB 3.0 questions on my local lug mailing list but got only one response saying I should ask here.  I've purchased a few 3 Tb external USB 3.0 hard drives to use as backup devices on ubuntu server 10.04 x86_64.  I am currently using them as USB 2.0 because I have no hardware with 3.0 ports.  I'd sure like to speed this up.  This brings me to a couple questions before a...18:02
ColoBill...purchase any cards.  Is this a good place to ask?18:02
pmatulisColoBill: for where to get hardware?18:11
RoyKColoBill: what do you need to know? if there are drivers available or not?18:13
RoyKbtw, personally I'd recommend setting up a backup server instead of using USB-connected drives, but that's up to you18:14
uvirtbotNew bug: #807649 in nagios3 (main) "package nagios3-common 3.2.3-1ubuntu1.2 failed to install/upgrade: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1" [Undecided,New] https://launchpad.net/bugs/80764918:16
ColoBillRoy, the drives are to be put on the backup server to take another copy offsite18:29
ColoBillQ1: I believe USB 3.0 is supported in recent kernels.  I am going to put the card in a box running Ubuntu Server 10.04 x86_64.  It should be fine right?18:30
ColoBillQ2: I just found one 2-port card on newegg.com for $30 and then went to the manufacturer's website to read the specs.  Although USB 3.0 speeds can be up to 10x USB 2.0 speeds, they are honest enough to say with their card you will only get up to 2x USB 2.0.  Is this a function of the card, PCI or both?  Can I find better that will work?18:31
ColoBillQ3: Has anybody out there done this and do you have card suggestions?18:31
RoyKColoBill: 10.04 drivers haven't been updated in a while, so you may need to backport drivers or use a newer distro - try first or get the PCI ID of the card to verify18:37
ColoBillRoyK, good idea.  I didn't even think of that.18:42
adam_gzul: ping19:03
zuladam_g: whats up?19:03
adam_gzul: are those lio-utils packages available anywhere?19:04
zuladam_g: they are still sitting in binary new i can upload them to a ppa19:04
adam_gzul: if you could that'd be sweet, i'd like to test. i haven't touched lio in a while and looked at the utils earlier this week but couldnt get them to work with recent kernel19:05
zuladam_g: what went wrong?19:07
adam_gzul: it wasn't working with whatevers changed in lio's use of sysfs.19:08
zuladam_g: interesting19:08
adam_gzul: what version of the utils did you package?19:09
zulthey should be in ppa:zulcss/ppa in a bit19:09
adam_gcool19:10
adam_gthanks19:10
uvirtbotNew bug: #807675 in augeas (main) "please port 0.8.1 for Natty" [Undecided,New] https://launchpad.net/bugs/80767519:26
=== dannf is now known as dannf-lunch
=== utlemming is now known as utlemming_lunch
=== erichammond1 is now known as erichammond
serge_Daviey: did you ever push libcgroup?21:17
serge_(not seeing it in rmadison)21:17
RoAkSoAxsmoser: ping21:20
serge_RoAkSoAx: do you mind sponsoring http://people.canonical.com/~serge/libcgroup_0.37.1-1ubuntu3-package/libcgroup_0.37.1-1ubuntu3.dsc ?21:22
RoAkSoAxsure thing21:23
xamanuHello, I'm having problems with my ubuntu dedicated server: The IPs of my VPSs are not visible from outside only nmap x.x.x.x -PN shows me that the server is up. So, i guess there is a firewall in between, I removed ufw, bastille and only iptables is running,but seems to be open: http://pastebin.com/szVgpb5P21:28
xamanuHow can I find another firewall that is blocking my IP?21:29
xamanuI'd appreciate your help so much21:29
RoyKask the provider21:29
xamanuRoyK Would the provider block all ports of my IP subnet?21:29
RoyKgive me the IP/subnet and I'll run a scan if you like ;)21:30
xamanuRoyK thanks! but I'd like to learn. Is there a command to scan at which state the firewall is active?21:31
RoAkSoAxserge_: I get this patch : debian-changes-0.37.1-1ubuntu1 http://paste.ubuntu.com/640383/21:32
RoyKxamanu: what happens if you nmap -sT -O x.x.x.1-254 ?21:32
RoyKsubstitute 1-254 with your range21:33
RoAkSoAxserge_: which comes from an upload to natty21:34
xamanuRoyK Nmap done: 14 IP addresses (0 hosts up) scanned in 12.28 seconds21:34
RoAkSoAxserge_: is that intented or something created by quilt :)21:35
RoyKxamanu: ask the provider - if you haven't setup a firewall yourself, and ufw is set to allow ICMP, the machine(s) should be visible21:35
=== utlemming_lunch is now known as utlemming
xamanuRoyK ok thank you. I'll do that. I have set up firewall myself but now opened up everything for testing and couldn't find anything else21:36
RoyKxamanu: most providers have a firewall protecting things - I have asked my provider to allow everything through so that I can use ufw to control it myself21:37
serge_RoAkSoAx: i'm not sure.  i don't remember why that showed up21:38
serge_RoAkSoAx: jbernard may remember.  as i recall he did push it21:39
serge_(that is, he applied a debdiff from me)21:39
RoAkSoAxserge_:k other than that it looks good but I think we'd need to figure out why's that been created and if we really want it21:39
RoAkSoAxif not we could just drop it21:39
RoAkSoAxserge_: im building now and will upload after21:40
xamanuRoyK ok.but wierd that they activate this from one day to another. anyway I'll just ask them. Thanks!21:40
serge_RoAkSoAx: i think i'll open a bug for it, bc none of it rings any bells for me21:41
RoAkSoAxserge_: k, uploaded21:41
serge_RoAkSoAx: plus, it changes things (like /etc/init.d/cgred.in) which we don't use.  it's weird21:42
serge_RoAkSoAx: thanks!21:42
RoAkSoAxserge_: yeah that must be a left over from some changes that are not reflected in a patch, or changes that are not really necessary21:43
=== medberry is now known as med_out
serge_accidental git update maybe21:46
=== Ursinha is now known as Ursinha-afk
DeathrayIs it possible to somehow limit/throttle the percentage of CPU my Ubuntu (or a specific user) is allowed to use? The reason I ask is if my virtual server reaches 100% cpu for several seconds, Amazon starts throttling it down to extreme slow speeds. So I want to make sure no process can reach higher than 80%, or if thats not possible that any process can not reach above 50%. Or if thats not possible EITHER, than any user21:51
Deathraycan not go above X percentage.21:51
utlemmingDeathray: are you using a t1.micro?21:52
DeathrayYes, exactly.21:52
DeathrayI tried cpulimit which works great, but it will not work with apache2 since it has several workers, and cpulimit will just bind itself tio the first PID it finds named apache2 and neglect the others21:53
utlemmingDeathray: the t1.micro, well cheap, is prone to that due to the severe resource starvation.21:53
utlemmingHave you tried cgroups?21:53
jMCgHow do I list all packages that depend on a certain package -- installed or not?21:54
DeathrayYeah exactly which is why I'm trying to work around that by throttling myself. But never heard of it, quite new to Linux so I'll read up on it and see if it can help :)21:54
utlemmingDeathray: cgroups will likely do what you want. But if you are taking any sort of consistent load, then upgrading to a m1.small might make your life easier.21:57
jMCgapt-cache rdepends foo21:58
utlemmingDeathray: I have lost more sleep over the t1.micro than I care to admit. While it is a useful instance type for prototyping, using as a shell account, etc., any production usage should probably move to an m1.small or bigger.21:58
DeathrayYeah that is true, but the thing is im just running a personal blog & teamspeak3 for the small gaming community im in, So the price difference is big for this small project when cheap alternatives are available. but since I'm a nerd i want THIS to work :)21:59
Deathrayfree tier first year/15 usd a month after vs. 70 a month I think it is, is too much :(22:00
fosterdvclear22:01
utlemmingDeathray: Give cgroups a look. The other thing I would watch is memory usage with Apache or even switch to Lighttd to reduce your memory footprint. A common problem with the micro is that they are very memory starved, so swapping is easy. Once you get into a swapping situation, that can push your CPU usage up and lead to hitting the scheduler.22:01
utlemmingDeathray: Another idea would be to limit the inbound traffic to keep Apache from doing to much, i.e. setup security groups22:04
fosterdvHello everyone... is anyone here pretty familiar with setting up web servers?22:05
fosterdvThat can help me understand how to set up  virtual hosts, and not need permissions higher than 755?22:06
DeathrayInteresting, I'll have to look into that. I already implemented CloudFlare to filter out botnets and other bad stuff which has saved my server lots of bandwidth which translates to resources which helps a bit. But sometimes when google crawls my website or some other random linux process decides to do something which spikes at 100% for a couple of seconds, Amazon's incapacitating throttle kicks in and my server dies to t22:06
Deathrayhe point of not even accepting SSH.22:06
utlemmingDeathray: Google robots.txt and how to opt out of Google indexing -- unless you want the indexing.22:08
utlemmingDeathray: The not accepting SSH is the scheduler, and is not surprising if your instance is working hard.22:09
DeathrayAllthough I don't believe Amazon's incapacitating throttling kicks in if I use too much memory, I think it's soley based off of CPU utlization (i even mounted a few gigs of EBS for swap). Based off of Amazon's own documentation I can actually confirm that: http://bit.ly/cGwR3o22:09
DeathrayAha, cool22:10
utlemmingDeathray: the other thing you might want to look at is fail2ban. It is a script that setups iptables for you and looks for patterns in logs and then blocks on it.22:10
DeathrayThat sounds like some cool stuff I would like looking into. But I think a better solution would be to find something more global for the entire OS and all processes, since it would just be a matter of time before some cron task or other Linux task uses enough cpu % to induce the Amazon throttle.22:12
DeathrayWhich is where cgroups that you mentioned may be the solution, I'll have work on it :)22:12
utlemmingDeathray: One problem that you'll with it your performance may go out the window with cgroups because you'll have to figure out what the max CPU utilization is and then limit the spikes.22:13
utlemmingDeathray: If you figure it out, blog it. It would be immensely useful to the community22:14
=== erichammond1 is now known as erichammond
Deathrayutlemming, Hah this is turning into an interesting project :D You can bet i will! Do you have any tools you can suggest for benchmarking the cpu for testing purposes, so I dont have to open 30 tabs of my blog to cause the throttle to accure?22:30
=== dannf-lunch is now known as dannf
utlemmingDeathray: :) I'm an OS and Cloud Guy. I don't have much experience with benchmarking application stacks.22:33
uvirtbotNew bug: #807770 in backuppc (main) "package backuppc 3.2.0-3ubuntu4 failed to install/upgrade: ErrorMessage: le sous-processus script post-installation installé a retourné une erreur de sortie d'état 1" [Undecided,New] https://launchpad.net/bugs/80777022:42
RinsmasterIs it bad to have postfix running publicly, won't spammers abuse it for sending bulk emails? It seems many sites and ISPs have public SMTP servers, doesn't this get abused?23:03
alamarRinsmaster: define public23:05
alamarpublic as in open relay23:05
alamaryes this will get abused23:05
alamarand any serious business shouldnt run an open relay as they will get blacklisted very soon(and can no longer serve their customers an appropriate mail service)23:06
patdk-lapisn't this why usernames and passwords where invented?23:06
alamarthis is why all kinds of authentication mechanisms in the smtp field were invented23:07
RinsmasterAh okay, I understand. Thanks guys :)23:09
cloakablevirgin runs a semi-restricted smtp server; you can only use it from the virgin network.23:17
cloakablebut no auth needed23:17
rewtwhat good is that for spammers outside the virgin network? :/23:20
alamarif they get a drone inside the virgin network they also get an open relay ;)23:21
=== erichammond1 is now known as erichammond
Deathrayutlemming, I've done some tests which seem to prove that limiting the CPU % will not help. They don't throttle you based off of the percentrage of CPU your instance is currently using, but the average over time. I ran sysbench to calculate prime as many times possible for 10 seconds, repeating itself for a minute. And despite throttling 10-20-50%, the total amount of calculations is close to the same at the end, although23:28
Deathray the results dont fluctuate as much on the one's where the benchmark was limited to low amounts such as 10%23:28
DeathraySo even though sysbench was staying at 50% for the one minute duration, the results every 10 seconds were sometimes very high, but sometimes dropped immensely which is where the amazon throttle kicks in.23:29
DeathrayBut the total amount compared to the test results from the test i made capped to 10%, were the same, just the independent results every 10 seconds were more "stable" and not sometimes dropping to ridiculous amounts.23:30
utlemmingDeathray: What is your out of cgroup CPU utilization?23:31
DeathrayI don't know :/ I used cpulimit to limit the benchmark. How would I find that out?23:31
DeathrayAs a conclusion though, I guess I was stupid assuming the amazon throttle was unintellegint enough to never touch my server if i just didnt reach the cap, but it seems it works in a mory dynamic way, balancing your server.. Actually looking at this graph: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/images/Micro_Bad_Fit_Background_Throttled.png also proves that (which eric hammond actually pointed out)23:33
DeathrayThe interesting thing I found out though, was looking at "top" when the results severely dropped indicating where the amazon throttle occurs, the small "st" inccreases to 95-100%, but the cpu total % would stay the same. What does the "st" in top exactly mean?23:35
Deathrayand when the test  results go back to normal the st goes back to 0%23:35
utlemmingDeathray: "st" is more or less "stolen time", which indicates that the guest is blocked on the hypervisor23:36
DeathrayAha!23:36
DeathrayHmm, so I guess throttling my ubuntu server on my own won't really benifit in any way, I'll have to live with amazon's throttle and find other ways to optimize my server so it uses less CPU, such as the fail2ban you mentioned23:40
adam_gare there any UEC images for oneiric server that contain all kernel modules that typically come with -server?23:40
=== erichammond1 is now known as erichammond

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!