/srv/irclogs.ubuntu.com/2011/09/05/#ubuntu-server.txt

qman__	then consider this an important lesson in system administration -- before you change something, take note/save a copy of the old setting	00:00
multiHYP	oh its messy	00:00
multiHYP	i didn't know ufw existed even :(	00:00
multiHYP	out of security concerns rushed it	00:01
qman__	a rush job is never secure	00:01
multiHYP	is it harmful to just remove those iptables rule files?	00:01
qman__	save a copy and try it to find out	00:02
multiHYP	this is big responsibility even for my own little things	00:03
multiHYP	:S	00:03
multiHYP	like being a guard at the door of a bank or something	00:03
qman__	as previously mentioned, ubuntu is secure by default, you should take your time when installing packages and pay attention to the changes you make, as that's where most systems' points of failure are	00:05
qman__	unless you use a really poor password, even the default SSH is reasonably secure	00:06
qman__	think about it this way, who do you trust to be better at security	00:07
qman__	random blogger posting guides on the internet, or the package maintainers	00:07
multiHYP	wow, im glad rm * didn't remove the .files	00:12
multiHYP	i was in my ~ directory and wanted to remove those temporary iptables files and used rm *	00:12
multiHYP	no way, i am trying to learn these for myself, so that if something goes wrong i can rectify the situation, i keep things well documented :D	00:13
multiHYP	cannot remove my vm and recreate a brand new one. and keeping backups is expensive. at least for now not worth backing up	00:14
multiHYP	why is my ubuntu not having aptitude and what is interpid…?	00:33
Pici	multiHYP: er, what do you mean?	00:35
multiHYP	sudo aptitude install nginx	00:36
multiHYP	sudo: aptitude: command not found	00:36
multiHYP	am i supposed to install aptitude via apt-get and then use it to install nginx?	00:36
Pici	aptitude is just another apt frontend, you can us either to install nginx.	00:37
multiHYP	no, nginx doesn't work with apt-get at all	00:37
multiHYP	oh wait it did	00:37
multiHYP	then it wasn't working with brew on mac	00:38
multiHYP	im mixing everything up now	00:38
multiHYP	sorry	00:38
Pici	its okay, I'm only slightly confused.	00:38
tiphares	how to benchmark a server through a shell?	00:43
tiphares	like CPU/ram etc	00:43
JRWR	I am having a issue with mod_shared_roster_ldap - It seems to be crashing, here is a related pastebin with all the info that should help, http://pastebin.com/hkZung2p	00:49
multiHYP	ldap on mac lion has a huge bug	00:50
multiHYP	be careful	00:50
JRWR	ubuntu all the way	00:51
multiHYP	is it possible to set nginx to autostart on startup	00:51
multiHYP	?	00:51
multiHYP	JRWR: yep, ubuntu is most solid and hassle free	00:51
JRWR	multiHYP: uing init scripts, yes	00:51
multiHYP	how?	00:52
JRWR	multiHYP: also I am a total ldap newbie	00:52
JRWR	updaterc.d (I think) go google it :)	00:52
multiHYP	i tried using it, but didn't need it really, unless you are in a corporate or something	00:52
JRWR	large project	00:52
JRWR	100 people authing into 40 differnt programs	00:52
multiHYP	wow, yeah ldap might be handy :D	00:58
multiHYP	whats the advantage of running ntp all the time?	01:16
twb	multiHYP: that your clock stays correct.	01:18
multiHYP	why is apt-get remove --purge not cleaning my os from the installed application?	01:27
multiHYP	i used apt-get install to setup it up anyway...	01:27
twb	I don't understand the question.	01:38
twb	multiHYP: what application? That is, what package name?	01:38
multiHYP	i installed nginx with apt-get and tried to uninstall it, but things about nginx are still on my system	01:39
twb	What do you mean "things about nginx" ?	01:39
multiHYP	apart from having only 0.8.54 on apt-get repository where the latest is 1.0.6, it cannot be removed cleanly as expected.	01:39
multiHYP	files and folders	01:39
multiHYP	basically apt-get remove nginx --purge doesn't do what it supposed to on ubuntu 11.04	01:40
multiHYP	:o	01:40
twb	pastebin the output of "dpkg -l 'nginx'"	01:41
pmatulis	multiHYP: what is this ldap lion bug?	01:41
multiHYP	you can login as anybody, as soon as you have the public settings	01:41
multiHYP	i don't know exactly but its a major embarrassment.	01:41
pmatulis	multiHYP: so ldap server on lion then?	01:42
multiHYP	pmatulis: not sure ldap server or just ldap, but yes the bug is related to os x lion implementation.	01:42
twb	multiHYP: uh, you got a CVE reference for that?	01:43
multiHYP	http://pastebin.com/ujMtyDby	01:43
multiHYP	what is CVE?	01:43
twb	!MITRE	01:43
twb	!CVE	01:43
twb	Ugh, why can't ubottu just have all of dpkg bot's info entries.	01:44
twb	multiHYP: MITRE CVEs are a central reference point for vulnerabilities, irrespective of the project they occur in	01:44
multiHYP	are those applications too?	01:44
multiHYP	still unclear	01:45
twb	http://cve.mitre.org	01:45
twb	As to your nginx issue, when you ask for a package to be installed, it pulls in all dependencies. When you ask for a package to be removed, it doesn't (by default) remove obsolete dependencies.	01:45
multiHYP	so --purge supposed to clean though	01:46
twb	multiHYP: what has happened is you asked for nginx, which has pulled in nginx-full (the real program) and nginx-common (the support files), and these have not been removed by your attempt to purge "nginx", which only removed the wrapper package.	01:46
multiHYP	someone tested the same thing on debian	01:46
multiHYP	and it worked!	01:46
multiHYP	oh	01:46
twb	multiHYP: on an older system, nginx was not simply a wrapper for nginx-full.	01:46
twb	You probably want to look into "apt-get autoremove"	01:47
twb	"purge" is the same as "remove", except that it also removes config files. Remove will remove everything but the config files, but only of the packages you explicitly list.	01:47
multiHYP	how can i make sure that its now gone for good?	01:48
twb	multiHYP: purge the relevant packages	01:52
multiHYP	i did, i did autoremove evne	01:52
multiHYP	these are the main ones remaining: http://pastebin.com/sGUwrXMW	01:53
multiHYP	removed them manually	01:56
multiHYP	what a pain, is apache as bad as nginx?	01:56
warning123	hi all i have connected to my server through ssh , i started a game server and it had terminal showing me the live processing... but then after ssh disconnected when i relogged in , im back to root , how can i check that live processing again , i dont want to open the same process i want to go back to that window	01:58
blsh0p	what is ubuntu server?	01:59
KoolaidJunkie	Its used to run web server, game server, etc	02:00
warning123	blsh0p, http://en.wikipedia.org/wiki/Server_(computing)	02:00
KoolaidJunkie	Or click that. lol	02:00
KoolaidJunkie	I need some help with DDCLIENT. Im trying to update my IP with DynamicDNS service. But its sending my local ip (the one behind the router) instead of my external ip	02:01
twb	KoolaidJunkie: you need to run ddclient on the host that has the public IP address, i.e. the one doing PPPoE or PPPoA.	02:02
twb	KoolaidJunkie: if this is not possible, you need to find some what for ddclient to learn that address	02:02
twb	multiHYP: what depends what you mean by "bad".	02:04
KoolaidJunkie	twb: how can I make DDCLIENT learn that address. Ubuntu Server is running on a Desktop PC hardwired to the router.	02:04
twb	I don't know.	02:05
multiHYP	well, hard to remove things and reverse to a previous (before installation) state.	02:05
warning123	KoolaidJunkie, < are u connected > to a < router > then < another router > = then > internet < ? , or 1 router to the internet? if 1 router then activate DMZ on the computer with DDCLIENT to allow it to be the DHCP -CEO which is like connecting from you to the WAN ( internet ) .	02:05
* twb thinks: I should stop being so helpful, this channel is getting to be as bad as #ubuntu...		02:06
KoolaidJunkie	warning123, there is only 1 router. and the computer running Ubuntu Server is hardwired to the LAN1 port	02:06
twb	KoolaidJunkie: I usually address it by putting Ubuntu on the router	02:07
KoolaidJunkie	I don't think ubuntu will run the router. if it can I have no clue how to flash it to it	02:08
twb	KoolaidJunkie: right; you would probably need a new router and a new ADSL modem or ATM card.	02:09
twb	KoolaidJunkie: the other approach, of course, is to get a static IP from your ISP.	02:09
KoolaidJunkie	Yeah, thats a little extreme when all I want to do is run a Teamspeak Server	02:09
twb	Shrug.	02:10
warning123	KoolaidJunkie, does ur router have Dyndns functionality ? if not try editing DDCLIENT to be able to read ur WAN ip and not local , im guessing u will need it to check online and not locally	02:13
twb	!u	02:13
ubottu	U is the 21st letter of the modern latin alphabet. Neither 'U' nor 'Ur' are words in the English language. Neither are 'R', 'Y', 'l8', 'Ne1' nor 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information.	02:13
warning123	ubottu, thanks	02:15
ubottu	You're welcome! But keep in mind I'm just a bot ;-)	02:15
KoolaidJunkie	warning123, I set DMZ in router. How should I config DDCLIENT now?	02:16
JRWR	I am having a issue with mod_shared_roster_ldap - It seems to be crashing, here is a related pastebin with all the info that should help, http://pastebin.com/yMVVKN5W	02:20
warning123	KoolaidJunkie, /etc/ddclient.conf file	02:23
KoolaidJunkie	warning123, thanx. i got it now. by changing to use=web, web=dyndns its pulls the external ip	02:25
warning123	KoolaidJunkie, np	02:26
Dravekx	hi	03:16
Dravekx	anyone good with LAMP and ssl certs on ubuntu server?	03:16
twb	!anyone	03:27
ubottu	A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.	03:27
Dravekx	I have LAMP installed on Ubuntu Server 11 and Im trying to install an SSL cert, but not sure exactly where it goes?	03:28
delerium_	might help: https://help.ubuntu.com/8.04/serverguide/C/httpd.html	03:32
Dravekx	yeah reading that.	03:40
delerium_	Also depends if you want to use a self sign or a certificate signed by a vendor (verisign, entrust, etc,etc)	03:41
Dravekx	vendor. already have the cert. need to install it.	03:42
delerium_	and I guess it's for Apache. right^	03:42
Dravekx	yeah. I just did the request.	03:42
Dravekx	one page says to keep them together in /etc/ssl and the other says to put them in the /certs and /private directory. I'm not sure what is correct.	03:43
Dravekx	I guess it doesnt matter as long as the links are correct.	03:43
delerium_	I think they can be in wathever path you put in your .conf file (honestly, I never install cert on Apache, only on Netscape / IHS / WAS). But it should be pretty similar	03:44
twb	Dravekx: read the version appropriate to your install verison -- not necessarily 8.04	03:45
delerium_	twb: yeah. my bad on this	03:45
=== idleman is now known as bicranial
Dravekx	here's two directories: sites-enabled and sites-available. one has default and default-ssl, and the other has 000-default. Everything is running from 000-default. how do I enable both the default and the default-ssl?	04:21
Dravekx	I need the default for port 80 /var/www and the ssl for port 443 /var/www-ssl	04:22
qman__	Dravekx, sudo a2ensite sitename	04:23
Dravekx	qman__ ahh right.	04:24
qman__	then reload or restart apache	04:24
twb	The reason it's 000-default is simply because apache has no concept of "default" -- the vhost it defaults to is the first one in the config file	04:25
Dravekx	twb if I need default and default-ssl running, would I made one configuration file for both, or keep them separate?	04:26
multiHYP	where is the standard place to install stuff in ubuntu? i have admin privileges but as a normal user where should i install my stuff such as webserver and other applications…?	04:27
twb	everything in -enabled is considered part of "the" config file	04:27
qman__	multiHYP, normal users don't install web servers or applications	04:28
qman__	normal users use the applications	04:28
multiHYP	ok so this is an admin thing, then i need to know for both, admin as well as normal user application ilocations.	04:28
qman__	the standard process is to use apt-get, or at the very least, dpkg to install software	04:29
qman__	compiling from source and manually installing is not recommended	04:29
multiHYP	but some packages aren't available or as up to date as one hopes via those methods.	04:29
twb	The way normal users get packages installed, is to call the sysadmin and beg him to install it	04:29
qman__	if you must compile from source, you should build a .deb package and install it	04:29
multiHYP	how is that done? i thought .deb was for debian only.	04:30
qman__	ubuntu is built from debian, and uses debian's package management system	04:30
qman__	don't take that to mean you can install debian packages on ubuntu, the dependency tree is different	04:30
multiHYP	oh so why use ubuntu instead of debian anyway?	04:30
twb	Because Debian is less forgiving of idiots.	04:31
multiHYP	i thought ubuntu would make things easier than so many other kinds of linux distros	04:31
qman__	it's a matter of user preference	04:31
qman__	as is almost any choice of distribution	04:31
multiHYP	so okay this seems like a solid idea actually, i get the .tar.gz and make a .deb package out of it for install/deinstall and remove the .tar.gz	04:32
multiHYP	so later i can reuse the .deb package	04:32
qman__	the point of packaging a manual compile is so that it can be easily removed from the system later	04:32
multiHYP	yes, its exactly what i need too. had a hard time manually removing a bad pkg with different dependencies...	04:33
qman__	again, compiling manually should be a last resort	04:34
qman__	you lose a lot of benefits	04:34
multiHYP	i know, there is no .deb package for this application	04:34
twb	multiHYP: you should be asking yourself "do I really need this package?"	04:35
multiHYP	at least this version of the application, also the one i got through apt-get was a bad package, because it wasn't removed cleanly afterwards	04:35
qman__	incorrect	04:35
qman__	you simply did not remove all the packages it depended on	04:35
multiHYP	well i didn't know that was possible	04:36
multiHYP	i didn't know it was depending on anything actually	04:36
qman__	when you install software it informs you of everything which is being installed	04:36
qman__	this includes dependencies and recommends by default	04:36
multiHYP	hence, i thought by removing it would know that by itself. kind of counter intuitive, don't you think?	04:36
qman__	you installed a meta package	04:37
qman__	meta packages don't actually contain software, they're just there to make it easy to install a set of packages	04:37
qman__	for example, linux-image	04:37
multiHYP	how to identify meta packages?	04:37
qman__	this is a meta package which gets you the latest kernel packages	04:37
qman__	look at the dependencies of a package	04:37
qman__	it will tell you what it installs to do what you told it	04:37
multiHYP	i didn't even have apt-rdepends :D	04:41
multiHYP	they might as well give the kernel.h file and let me figure out the rest of it...	04:42
multiHYP	i guess im better off using the older 0.8.54 version that is available via apt-get. its at least the standard way of doing things...	04:43
multiHYP	i mean there is no nginx-1.0.6.deb or something like that.	04:44
multiHYP	which brings me to what i was going to do, either make a .deb out of source or install the old version.	04:45
multiHYP	why is not a single user creating a .deb for that if that is the way things should work? nginx is very popular.	04:46
qman__	for security and maintenance reasons	04:46
qman__	each release of ubuntu sticks with a certain major version of a package	04:47
twb	multiHYP: 1.0.5 is packaged as a .deb, but it is not in your release, because new versions = new bugs. Ref. http://paste.debian.net/128442/	04:47
qman__	the version you have released when 0.8 was considered stable and production ready	04:47
qman__	so only updates to 0.8 are available in the normal channels for that release	04:47
multiHYP	so it is even encouraged that i should stick to that because its best for my os	04:48
qman__	bugfixes and features can also be backported to older versions, and the packages look like software1.2-ubuntu3 in those cases	04:48
multiHYP	how is the removal of such meta packages possible without accidentally removing a common dependency that i don't want to remove?	04:49
multiHYP	do i have to manually keep a list on paper that checks for packages and their corresponding dependencies?	04:49
qman__	unless there is a very compelling reason to use a different version, such as a dealbreaking feature or fix, you should stick with the version available in the repositories	04:49
qman__	that's what apt-get autoremove is for	04:49
qman__	it removes packages which were installed only as dependencies, but the packages that depended on them are gone	04:50
qman__	however, if you manually install a package that was installed as a dependency later, it will be marked as one you wanted and won't be removed by this	04:50
multiHYP	ok	04:51
qman__	example, if you install nginx, then later install nginx-common, then uninstall nginx, then autoremove	04:51
qman__	nginx-common would stick around, as would its dependencies	04:52
qman__	because you marked it as one you want	04:52
multiHYP	because i installed it separately?	04:52
multiHYP	ok i see	04:52
multiHYP	so is this correct if i follow the standard procedure: sudo apt-get autoremove nginx :to remove nginx and all its dependencies?	04:53
qman__	no	04:53
qman__	just 'sudo apt-get autoremove'	04:53
qman__	removes all orphaned dependencies from the system	04:53
multiHYP	ok, see i saw that line on a website and was about to try it out, there are so much mis-information online ...	04:54
multiHYP	i believe i messed things up during my manual removal process, can i force reinstall something with apt-get again?	04:59
qman__	you can apt-get install --reinstall	05:02
qman__	but you need to make sure you get the right package	05:02
qman__	reinstalling one package won't affect the dependencies	05:03
multiHYP	something doesn't work anymore, i did that yeah. the installation appears to be successful after that but the binary is missing...	05:04
multiHYP	:(	05:04
Dravekx	how do I get bash aliases to work for a specific user? I set with alias command="" but it's not working.	05:22
Dravekx	oh wait. maybe I need to load screen first.	05:22
=== himcesjf2 is now known as himcesjf
KoolaidJunkie	Could someone help with a External IP issue? I'm unable to access the server from outside the network, through the External IP	06:36
multiHYP	hi, is there a command i could use as root to set the sshd_config parameter to allow login via passowrd?	08:31
ersi	Yeah, vim /etc/sshd/sshd_config >_>	08:42
jamespage	Daviey: I've not actually managed to get a successful PPA build of the new version of jenkins as yet - not due to the issue you found - but due to some other dep changes I had in the PPA	09:15
jamespage	however I did successfully sbuild it on a headless server - so I really don't understand why your pbuild failed...	09:16
Daviey	jamespage: So it failed to build in a PPA?	09:17
Daviey	I didn't check back after the 2 hours*	09:17
Daviey	* where 2 hours was probably 10.	09:17
jamespage	it was more like 10	09:17
jamespage	The PPA I did the test build in contained the new version of jtidy (waiting for ack on FFE for that)	09:17
jamespage	which broke the build in a different way	09:17
Daviey	jamespage: Did you push to a different PPA /OR? did it at least get past the issue i thought i saw?	09:18
jamespage	Daviey: so I'm happy to hold this update back to fix that issue as well	09:18
jamespage	I have now pushed it to a different PPA	09:18
Daviey	Does it need to build against a newer jtidy?	09:18
jamespage	https://launchpad.net/~james-page/+archive/oneiric/+build/2766025	09:19
Daviey	Not that i can even pretend to know WTF jtidy is :)	09:19
Daviey	Start in 12 hours, seriously?	09:19
jamespage	:-)	09:19
jamespage	;-(	09:19
jamespage	:-/	09:19
Daviey	... and people wonder why we push untested stuff to the archive.	09:20
jamespage	yeah	09:20
jamespage	I should fix the jtidy upgrade issue as well - its not a code incompatibility - its just that the maven artifact moves so the build does not pick it up and fails	09:21
Daviey	ah	09:21
Daviey	well failing to build because of a dep, i'm less concerned about.	09:22
koolhead11	hi all	09:22
koolhead11	RoAkSoAx: hey there.	09:22
jamespage	Daviey: yes - but I still don't understand the test failure you saw	09:22
jamespage	I might repro you pbuilder environment to see if I can reproduce	09:23
jamespage	hi koolhead11	09:23
koolhead11	jamespage: hey there. need little help	09:23
koolhead11	the preseed example file is not providing much info to me for manual partitioning	09:24
koolhead11	https://help.ubuntu.com/8.04/installation-guide/example-preseed.txt	09:25
koolhead11	d-i partman-auto/expert_recipe string	09:25
koolhead11	http://paste.ubuntu.com/682443/	09:27
koolhead11	what is 64 512 300% linux-swap ??	09:27
koolhead11	what is this 300%	09:27
koolhead11	?	09:27
* jamespage looking		09:28
koolhead11	Daviey: hello sir	09:28
koolhead11	kim0: hey. :)	09:29
just-a-visitor	http://edwardpku.com/cun/2008/05/05/partman-auto-recipe-files/	09:32
koolhead11	just-a-visitor: awesome. thanks a lot. jamespage lemme read on the url. #awesome :D	09:35
Daviey	koolhead11: hello!	09:35
jamespage	thats one to bookmark	09:35
* jamespage struggling with ADSL upload killing my Internet performance today		09:36
koolhead11	Daviey: how have you been? :)	09:36
koolhead11	jamespage: just going to bookmark it now. :P	09:36
Daviey	just-a-visitor: that is a good example!	09:36
Daviey	koolhead11: Pretty gooooood!	09:37
just-a-visitor	I'd check the actual source code, since it seems to be quite dated. :-)	09:38
uvirtbot	New bug: #841672 in openssh (main) "ssh-add does not unlock ssh keys" [Undecided,New] https://launchpad.net/bugs/841672	09:46
Daviey	rbasak: hello sir!	09:48
Daviey	How did you get on with qemu-system-arm, and the cloud image?	09:48
rbasak	Daviey: waiting to sync with utlemming!	09:50
rbasak	He found another option and went off to work on it	09:51
Daviey	rbasak: ah! nice.	09:51
Daviey	Sadly, he won't be around today	09:51
rbasak	hmm	09:52
Daviey	rbasak: I remember you sniffed bug 832507	09:53
uvirtbot	Launchpad bug 832507 in nova "console.log grows indefinitely" [High,In progress] https://launchpad.net/bugs/832507	09:53
Daviey	did you get an idea for a cleaner fix, than my non-ideal one?	09:53
rbasak	I haven't managed to figure out where exactly the console.log gets written out from	09:55
rbasak	I think it's in libvirt rather than qemu	09:55
rbasak	In which case I think libvirt should be enhanced to provide a ringbuffer option	09:56
soren	Daviey: I thought you said you found a solution for that one?	09:56
rbasak	Would you like me to carry on looking down this route?	09:57
Daviey	soren: Well my solution cannot be default, as it uses a non-mainline (or -dkms packaged) kernel module.	09:58
soren	Daviey: Oh, I thought you went down a different path. Ok.	09:59
Daviey	soren: I'm hessitant to maintain code i'm not familar with.	09:59
Daviey	soren: well rbasak seemed to think he'd be able to find a proper fix :)	09:59
Daviey	soren: The solution in the branch attached, 'works' - but i've not yet decided if to merge propose it.	10:00
Daviey	if all else fails, at least it's /something/.	10:00
rbasak	Daviey: OK I'll carry on then :)	10:01
Daviey	rbasak: That might be useful.. it's a pretty serious bug. :/	10:01
soren	Daviey: I think I have a much simpler solution.	10:16
soren	Daviey: Give me a couple of minutes to validate it.	10:16
Daviey	soren: You can't just say that.... need detail man!	10:17
Daviey	i'm sat on the edge of my chair awaiting detail.	10:17
* soren whistles innocently		10:18
soren	Yup.	10:18
soren	it works.	10:18
soren	If we tell kvm to talk to a named pipe, it'll buffer the output if we're not listening.	10:19
soren	..and if we stop listening, it starts buffering again, and will flush the cache when we start listening again.	10:20
soren	So we can just use the code that I wrote to support Xen.	10:20
soren	...and add some expiry stuff to it.	10:20
soren	The point is, not listening doesn't block kvm.	10:21
soren	I'm not sure how or why it works. When I looked at the source code, it didn't seem to have a buffer mechanism or reconnect handling or anything like that.	10:22
soren	...but I can see it working.	10:22
* soren wonders if Daviey fell off that chair		10:22
Daviey	i sure did	10:23
Daviey	soren: Does kvm action the SIG* to terminate if the sink goes away?	10:23
soren	I'll let you reread what I just said.	10:23
soren	:)	10:23
soren	Ah.	10:24
* soren spots the ambiguity		10:24
soren	No, it does not.	10:24
soren	When I said "if we stop listening" I meant: If I kill the "cat pipe.out" that's been running...	10:24
Daviey	as in, if you are thinking to just connect to the pipe when i run euca-get-console-output, does kvm die following that command?	10:25
soren	10:24 < soren> No, it does not.	10:25
soren	10:24 < soren> When I said "if we stop listening" I meant: If I kill the "cat pipe.out" that's been running...	10:25
soren	:)	10:25
Daviey	soren: Okay.. and you can limit the size of the fifo?	10:26
soren	We could connect to the pipe on GetConsoleOutput as well as once a minute (to avoid kvm's buffer for this growing out of hand).	10:26
soren	Daviey: I don't think so, no. I don't see the size of the buffer mentioned anywhere much less documented how you can change it.	10:26
Daviey	It actually sounds easier to add ringbuffer support to kvm IMO :)	10:26
soren	Using this approach, I can hack this together in an hour or so.	10:27
Daviey	Note, that in order to be compariable to AWS - it should output the last 64K.	10:28
soren	We can get the EC2 API to chop it off at 64k.	10:28
Daviey	I don't know what the behaviour is if i push 10TB to the console, sure the instance will hurt; but what does it do when flushed?	10:29
soren	I don't want to impose that particular limitation further down the stack. Keeping an MB or even a couple per VM shoulnd't be a problem at all.	10:29
soren	...but sure, we should have a limit.	10:29
soren	I just believe that when you decide to impose arbitrary limits, they should be really high.	10:29
Daviey	But does that limit mean that it is chopped in nova-compute?	10:29
Daviey	Possibly expensive?	10:30
soren	Hardly.	10:30
soren	In the grand scheme of things, it's miniscule.	10:30
Daviey	nice overcomplicated tail, http://stackoverflow.com/questions/136168/get-last-n-lines-of-a-file-with-python-similar-to-tail	10:31
rbasak	If we did use a ringbuffer, we'd want that CPU of chugging through 10TB to be accounted for in the guest properly, ie. the host shouldn't struggle to complete other tasks	10:31
* rbasak is still struggling through entirely undocumented code		10:31
soren	You're talking over the internet to an API server that looks things up in a database, sends an AMQP message to a compute server that probably also looks stuff up in a database and then sends a response all the way back. Reading a megabyte from the filesystem and truncating it down to the last 64k isn't a big deal.	10:31
Daviey	"the code is the documentation" etc	10:32
Daviey	:/	10:32
rbasak	Are we talking about the same thing?	10:32
rbasak	I always assumed that the issue is that the guest can DoS the host by filling up its disk	10:32
soren	right	10:32
Daviey	rbasak: Soren is thinking of using a fifo, which should hurt the instance - not the host.	10:33
Daviey	as in, the yet-to-be-discovered bugger in kvm filling up and killing the instance.	10:33
Daviey	err, buffer.	10:33
rbasak	what would be reading the fifo?	10:34
soren	Daviey: Actually, it might just be that kvm does this in a separate thread.	10:34
Daviey	I always thought fifo's were fragile for this sort of usecase tbh.. but i am happy to be proved wrong.	10:34
soren	Daviey: ...so it doesn't block all of kvm, only the thread that is waiting to write to the fifo.	10:34
Daviey	soren: Stop getting distracted, we can sniff your diff :)	10:35
soren	Daviey: Well, they're only fragile if either end thinks it's talking to something else.	10:35
Daviey	rbasak: Either, when making a request - flush the pipe and/or have a 60s flush process.	10:35
rbasak	so the thread has an internal buffer of some form that it writes to the fifo from, and other threads in kvm are writing to it?	10:35
rbasak	what happens when that buffer fills?	10:35
soren	Daviey: If everyone knows they're taling to a fifo, the semantics are well understood and pretty easy to deal with.	10:35
Daviey	rbasak: *every 60s flush.	10:35
Daviey	rbasak: NFI.	10:35
soren	Attempts to write to it will err.	10:36
Daviey	suck it and see.. i'm expecting a blocker, but i'll be more than pleased if not. :)	10:37
soren	According to pipe(7), the size of the buffer is 65536.	10:38
soren	Daviey: Sniff my diff? I'm not writing anything right now. I've got a couple of other pressing matters I need to attend to first, but I'd be happy to answer questions along the way if someone wants to take a stab at this.	10:40
Daviey	soren: ok	10:40
soren	One thing that would probably be helpful to know from the start: Each server in Nova has a periodic_tasks method that gets called every minute or so.	10:40
soren	So no need to worry about inventing something for that.	10:41
Daviey	soren: how do you register an event with that?	10:41
Daviey	just something to grep for. :)	10:41
soren	Daviey: You don't. You just override that method and add more calls to it.	10:42
soren	We don't really have an (internal) events system like that where you can subscribe to particular events or whatnot.	10:42
rbasak	one thing I find really annoying about ec2 is that it takes ages for it to update console output	10:42
rbasak	it'd be nice if it was instant :)	10:43
soren	openstack's impl is instantaneous	10:43
soren	That's a particular place where I explicitly don't want feature parity with EC2 :)	10:44
soren	i	10:44
soren	whoops	10:44
Daviey	rbasak: Yeah.. would be easier to do post run-instance magic based on console output.	10:44
Daviey	For example, smosers ssh fingerprint magic.	10:44
* rbasak does something like that on EC2		10:45
rbasak	I patched python-boto years ago	10:45
soren	I'm guessing Amazon must store that off of their "compute nodes". Otherwise I don't see why they'd want to limit the number and frequence of console output updates so drastically.	10:45
rbasak	but it's too slow due to the console update delay :-/	10:45
soren	q	10:46
soren	whoops	10:46
rbasak	it looks to me like libvirt has some kind of stream abstraction. Is this what it's using to get the console output from kvm?	10:49
soren	Are you trying a different approach? Or why are you looking at libvirt code?	10:51
rbasak	I'm still thinking about a ringbuffer approach, but mainly I'm still trying to find my way round so that I can understand whichever approach better. I don't yet have a full picture of where console output goes currently	10:52
soren	At the moment, the serial port of the virtual machine is configured to go to a file.	10:52
soren	This is done in the XML defining the VM.	10:53
soren	rbasak: http://libvirt.org/formatdomain.html#elementsConsole	10:53
rbasak	yep I'm looking at that thanks	10:53
rbasak	So that's read by libvirt - how does it arrange that to happen?	10:53
rbasak	does libvirt open a file and pass kvm the fd, or does it give kvm a pts and read it through to a file, or something else?	10:54
soren	For qemu, I believe all those things are done by passing the relevant arguments to qemu on the command line.	10:54
rbasak	so it passes the filename directly?	10:55
rbasak	(and qemu opens it?)	10:55
soren	Yes.	10:56
soren	rbasak: You should be able to just specify a named pipe in the XML and have everything work out.	10:57
rbasak	<soren> Daviey: If everyone knows they're taling to a fifo, the semantics are well understood and pretty easy to deal with.	10:58
rbasak	does that apply to qemu?	10:58
soren	yes	10:58
rbasak	what will qemu do on a SIGPIPE/EPIPE?	10:58
soren	It ignores it, AFAICT.	10:59
soren	Er..	10:59
soren	sorry, no.	10:59
rbasak	and loses the write?	10:59
soren	It ignores SIGPIPE.	10:59
rbasak	and is that well defined or might the behaviour change in future?	10:59
soren	This is free software. There are no guarantees :)	10:59
rbasak	:-)	11:00
soren	If we want it to not change, we just use it and complain if it breaks at some point.	11:00
rbasak	soren, what do you think about this named pipe approach vs. modifying something to write out a ringbuffer?	11:00
rbasak	or even, giving qemu a fifo but reading the fifo and writing out a ringbuffer	11:01
soren	ringbuffers are kinda hard to "write out" :), but having a ring buffer implementation in kvm would be sort of neat. It's much more work than just using a named pipe, though.	11:01
soren	...and I think using a named pipe (now that we know it behaves well) is perfectly fine.	11:01
rbasak	the bit of ringbuffering into a file that I see as untidy would be the head/tail pointers	11:01
rbasak	I suppose a couple of integers at the start of the file would do, but then it's suddenly a binary format	11:02
soren	That's why ringbuffers aren't written to files.	11:02
* rbasak was thinking about mmapping a file		11:02
soren	Truncating files by chopping stuff off of the end of them is easy. Moving their starting point forward isn't.	11:02
rbasak	then another process could read out the current state quite easily	11:02
rbasak	struct { int head, int tail, char data[] }	11:03
rbasak	assuming ints are atomic on writes	11:03
rbasak	then a writer would just need to order changes carefully	11:03
soren	You'd only need a start ptr, really.	11:04
soren	Well, and perhaps a max_length.	11:04
rbasak	then the first write run through would have to be a special case	11:04
rbasak	anyway, that's just the detail	11:04
rbasak	it's still ugly I admit :)	11:05
rbasak	I'm thinking of something like <console type='pty'><source path='/tmp/console.log' ringbuffer='16384' /><target type='virtio' port='0'/></console>	11:06
rbasak	Hence looking at libvirt, and if libvirt could manage taking input from qemu and dealing with the ringbuffer, then it would fit in really well	11:06
rbasak	If the ringbuffer isn't a file then maybe memory but then it'd need some kind of API to get it out again	11:07
rbasak	are we allowed to use pthread mutexes in libvirt?	11:07
uvirtbot	New bug: #841726 in cobbler (universe) "Unable to netboot with dhcpd managed by cobbler" [Undecided,New] https://launchpad.net/bugs/841726	11:11
Daviey	jamespage: stop finding issues :)	11:13
jamespage	Daviey: sorry	11:13
jamespage	my preseed seem to be broken now as well - gah!	11:13
Daviey	rbasak: it has case history, so i assume yes - http://www.redhat.com/archives/libvir-list/2011-January/msg00965.html	11:17
Daviey	rbasak: Note, that this would probably have to be accepted upstream before we could carry it.	11:18
eagles0513875	any people well versed with dovecot and postfix running on 10.04	11:20
Daviey	eagles0513875: many people are probably well versed in this.	11:20
soren	rbasak: libvirt has e.g. virMutexLock, which I believe is a thin wrapper around pthread mutexes.	11:23
soren	rbasak: Remember, though, that libvirt supports stopping libvirt while letting the VM's keep running.	11:24
eagles0513875	Daviey: well my issue is this. on 10.04.2 i got everythign working etc and now reconfiguring dovecot and postfix configured the exact same way	11:24
eagles0513875	Daviey: yet all emails get delivered to /var/mail instead of my maildir	11:25
soren	rbasak: So anything you do should either not require libvirt to run for kvm to also keep running.	11:25
rbasak	soren: ah, I was wondering about that, thanks. So with your named pipe system, nova would give libvirt a path to a named pipe, and take care of reading it itself? Would that include a persistent process/thread to read, or would you be relying on qemu not breaking when it tries to write to the pipe with no reader?	11:50
soren	rbasak: I'd rely on qemu not to break.	11:51
rbasak	ok thanks	11:51
soren	We trust Qemu to do everything else properly. If qemu breaks, we're so utterly screwed anyway :)	11:52
Daviey	soren: talking of which.. pondering a new upstream version.. 0.15 was released a while ago.	11:53
Daviey	very late in the cycle. :/	11:53
rbasak	yeah I understand but it's kind of broken to expect a random application to know what to do when faced with EPIPE :)	11:55
rbasak	(but if it works atm then fair enough I guess)	11:55
soren	rbasak: Why?	11:56
kvarley	I get "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)" when I try and login to mysql on my machine. what am I doing wrong?	11:56
soren	rbasak: qemu isn't exactly a random application. It's the application.	11:57
koolhead11	kvarley: is this server not on same system	11:58
kvarley	koolhead11: I'm running a LAMP server setup on localhost.	11:58
koolhead11	kvarley: what does mysql -uroot -p <yourpassword> does ?	11:59
kvarley	koolhead11: Produces that error	11:59
rbasak	soren: because by default applications won't watch SIGPIPE, and it's a special case to have to deal with it. If qemu deals with it by definition because someone considered writing to FIFOs, then fair enough. If we're lucky that it works, then also fair enough but we're still lucky that it works :)	12:01
rbasak	s/watch/catch	12:01
koolhead11	kvarley: https://help.ubuntu.com/community/MysqlPasswordReset see if it helps!! :D	12:02
kvarley	koolhead11: I got in :) Thanks for the help tho! :)	12:03
uvirtbot	New bug: #813317 in asterisk (universe) "package asterisk-config 1:1.6.2.5-0ubuntu1.4 failed to install/upgrade: EOF on stdin at conffile prompt" [Low,New] https://launchpad.net/bugs/813317	12:04
koolhead11	kvarley: its great the community documentation and take googles help :D cheers!!	12:06
=== _ruben_ is now known as _ruben
Ursinha	good morning people	13:09
Daviey	Ursinha: Hello!	13:36
tdn	I have installed mysql server using apt-get. Now there is set a password for user debian-sys-maint. How do I get this password?	13:40
just-a-visitor	Try looking into /etc/mysql/debian.cnf.	13:52
aveng3r	Hi, I'm using ubuntu 11.4 server, is there a way to install xorg?	14:32
just-a-visitor	https://help.ubuntu.com/community/ServerGUI	14:35
aveng3r	thanks	14:38
eagles0513875	hey guys i need some help with postfix	14:44
Ursinha	bug 833499	14:50
uvirtbot	Launchpad bug 833499 in nova "virt/disk.py unconditionally inserts public_keys into /root/.ssh/authorized_keys" [High,New] https://launchpad.net/bugs/833499	14:50
eagles0513875	hey guys im setting up post fix what should the postmaster and root email be set to the system users email address?	14:53
=== Ursinha is now known as Ursinha-lunch
eagles0513875	any postfix experts in here i need some help	15:30
eagles0513875	i changed a line in saslauthd and for some reason it doesnt like said line	15:31
eagles0513875	its failing to start saslauthd	15:31
memoryleak	and why does it this?	15:33
eagles0513875	memoryleak: ??	15:38
yaboo	trying to setup a telnet server on my box, can telnet localhost, but am unable to telnet from another machine	15:40
yaboo	do I need to activate something?	15:40
memoryleak	eagles0513875: I can't do some voodoo and guesss what the problem might be. Paste changed lines, and the Error message(s).	15:41
eagles0513875	memoryleak: i pasted a line from the ubuntu wiki on how to set this up	15:42
eagles0513875	yaboo: if your trying to telnet to another machine it woudl be telnet IP PORT	15:42
memoryleak	eagles0513875: Still not enugh info to help you.	15:43
yaboo	eagles0513875, getting connection refused, switched off firewall believe, but still no dice	15:43
eagles0513875	memoryleak: what info do you need	15:43
eagles0513875	yaboo: can you ssh into the remote machien and try telnet ip port	15:44
memoryleak	Error message? What you changed?	15:44
eagles0513875	telnet localhost ip port	15:44
eagles0513875	memoryleak: in the saslauthd file i changed the very last line to OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"	15:44
eagles0513875	when it comes to starting it	15:44
yaboo	eagles0513875, can ssh into the machine, from other machine, I get connection refused	15:44
eagles0513875	yaboo: are you the admin of the remote machine	15:45
eagles0513875	memoryleak: i get this error when i try to start it /etc/default/saslauthd: 59: Syntax error: Unterminated quoted string	15:45
yaboo	eagles0513875, yes	15:45
eagles0513875	yaboo: can you login to the machine and do sudo iptables -L and check that port 22 is open	15:45
yaboo	eagles0513875, iptables -L returns blank	15:45
eagles0513875	yaboo: then sudo apt-get install openssh-server	15:46
yaboo	eagles0513875, defeats the purpose of telnet	15:46
eagles0513875	yaboo: what do you need telnet for anyway	15:46
eagles0513875	its hardly used and not very secure	15:46
yaboo	eagles0513875, a inhouse app using wyse60 emulation	15:47
eagles0513875	yaboo: you have any routers along the way between you and ur server?	15:48
eagles0513875	it could be the router is blocking the port	15:48
memoryleak	eagles0513875: Look for qoute chars that are not enclosing	15:48
eagles0513875	or the whole network firewall	15:48
eagles0513875	memoryleak: it specifically says line 59	15:48
yaboo	eagles0513875, no, same network, netmask	15:48
memoryleak	eagles0513875: Post the whole file on pastebin.com	15:49
eagles0513875	memoryleak: found it	15:49
eagles0513875	yaboo: doesnt matter same subnet or not	15:49
yaboo	ok eagles0513875	15:49
eagles0513875	if the entire network firewall doesnt have it opened you wont have access via telnet	15:49
memoryleak	eagles0513875: Basically, it told you allready what was wrong. You just didn't look.	15:49
eagles0513875	memoryleak: the way i interpreted it it said line 59	15:49
eagles0513875	yet the error was further up then line 59	15:50
eagles0513875	near the top	15:50
memoryleak	Your'e not the first that thid this mistake in the config :D	15:50
yaboo	eagles0513875, got it working, seems inetd only allowed tcp6, installed xinetd and works in tcp4 and able to telnet into the machine	15:59
eagles0513875	yaboo: ahh	16:02
eagles0513875	memoryleak: you did same mistake as me	16:02
koolhead17	hi all	16:30
KoolaidJunkie	Could someone help me get a script to start on boot up?	17:18
=== Ursinha-lunch is now known as Ursinha
fedup	so I have a fresh install of 10.4.3 server, I want it to be a dhcp server and file and LAMP. for dhcp where sould I start? dhcp3-server, dnsmasq, or dhcpd	17:58
zoopster	fedup: I'm using dhcp3-server	18:08
qman__	I also use dhcp3-server, but if you're looking for dynamic DNS on your LAN, dnsmasq is going to be the better option	18:20
qman__	it can be done with other servers and BIND, but dnsmasq is tailored for that kind of setup	18:21
erty	hi	18:27
erty	i got pc with pc with 2 disk	18:30
erty	with 2 disk 76 GB	18:31
erty	i got raid 1 on it	18:32
erty	what it will be the volume of my disk ?	18:32
fedup	hmmm ok	18:34
pmatulis	sounds like homework	18:42
erty	yeah anyone can tell ?	18:45
fedup	dnsmasq will do dhcp ip's and be able to support a wirelss access point?	18:45
qman__	your chosen DHCP server really doesn't have anything to do with using a wireless access point	18:46
erty	anyione there	18:48
erty	.?????	18:48
fedup	k	18:49
fedup	wasn't sure, I guess not with it just being a static ip	18:49
lickalott	erty you have a question?	18:56
erty	yes of course	18:57
erty	2 disk of 76 GB with raid how much the total volume ?	18:57
erty	raid 1	18:58
jmarsden	erty: 76GB. Is this a trick question? :)	18:58
erty	well with raid 10 how much it gives ?	18:59
jmarsden	With RAID 10 you ned 4 disks. so that one is a trick question!	19:00
erty	well if you create raid 1 on 76 GB	19:01
erty	as OS if you got ubuntu	19:01
erty	from the OS is it possible to check the type of raid created before ?	19:02
jmarsden	erty: Software RAID: read /etc/mdadm/mdadm.conf. Hardware RAID: see how the RAID controller is configured using whatever tool or utility it uses.	19:03
erty	if i understand correctl, if it is an hardware raid, from the OS we can't access to type of raid	19:05
erty	am i correct ?	19:05
jmarsden	You can get a utility that knows about the hardware RAID controller and use that to look at how the controller is set up.	19:06
erty	lets take an example of HP SERVER	19:07
erty	what utility knows about the hardware RAID controller and use that to look at how the controller is set up ?	19:08
jmarsden	It is not the server that matters, it is the controller.	19:08
jmarsden	Which controller card do you have?	19:08
erty	smart array controller	19:09
jmarsden	Maybe, this is relevant to you: http://h18000.www1.hp.com/products/servers/proliantstorage/software-management/acumatrix/index.html	19:09
jmarsden	No, that is not a specific controller name :)	19:10
jmarsden	HP makes a bunch of "smart array controllers", I think...	19:10
jmarsden	The Ubuntu package cciss-vol-status may also be relevant?	19:11
erty	well can you give me a clue ?	19:12
jmarsden	I just gave you a bunch of clues. Use them.	19:12
erty	well, always with the same disk with raid 1	19:14
erty	2 disk of 76 GB raid 1	19:14
KoolaidJunkie	Hey everyone.	19:14
KoolaidJunkie	How can I get a script to run on server boot?	19:14
erty	when you booting to the OS, if you do fdisk -l how many disk it will detect ?	19:15
jmarsden	erty: try it and see :)	19:15
erty	don't have any hardware	19:16
erty	to try that's why i m asking you here ? pppl :)	19:16
erty	just want to understand the concept before buying	19:18
=== smb` is now known as smb
jmarsden	<pmatulis> sounds like homework <erty> yeah anyone can tell ?	19:20
jmarsden	That does not look like pre-sales evaluation to me...	19:20
erty	homework for myself	19:20
erty	don't worry ; There is no ambiguity	19:21
erty	so how much it gives with fdisk -l ?	19:33
=== nxvl_ is now known as nxvl
=== shennyg__ is now known as shennyg
=== andreas__ is now known as ahasenack
jeeves_moss	is there an easy way to send an e-mail from a predefined e-mail account (on the local server), but to have the body of the e-mail pulled from a txt file?	21:17
jmarsden	jeeves_moss: mail -f predefined@example.com -s "some subject" recipient@example.com <somefile.txt	21:19
jeeves_moss	jmarsden, thank you. that's the simplest	21:20
jmarsden	Well, you can leave out the -s "some subject" to simplify it further :)	21:20
jeeves_moss	thanks. my ISP's tech support is refusing to fix an issue that's been going on for 6+ months, so I figure an e-mail every 15 mins should get their attention	21:21
jeeves_moss	sorry, connection issues	21:25
jeeves_moss	it dosn't like the "-f" command for the "from" user	21:25
jeeves_moss	jmarsden, are you stil here?	21:39
jeeves_moss	is there an easy way to send an e-mail from a predefined e-mail account (on the local server), but to have the body of the e-mail pulled from a txt file?	21:42
lickalott	redirectors i would assume	22:24
bcessa	hi, what software do you recommend to monitor a ubuntu server with: nginx, php5-fpm, mysql ?	22:40
=== smb` is now known as smb

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!