=== CreativeEmbassy is now known as Judy
=== Judy is now known as CreativeEmbassy
[04:28] <samba35> this is very stange problem i come across i have a utm /firewall as a gateway (another system ) ,i have configure web server ,ssh server and ftp server on that but i am only able to acess ftp server ,not ssh and web server but i change hardisk with oracle linux i am able to access all 3 thing (web ,ssh,ftp )
[04:33] <thesheff17> running iptables or ufw
[04:34] <thesheff17> use nmap to scan the machine
[04:35] <samba35> check with that also
[04:35] <samba35> ufw uninstalled
[04:36] <samba35> this is very stange problem i come across i have a utm /firewall as a gateway (another system ) ,i have configure web server ,ssh server and ftp server on that but i am only able to acess ftp server ,not ssh and web server but i change hardisk with oracle linux i am able to access all 3 thing (web ,ssh,ftp )
[04:36] <samba35> sorry
[04:40] <thesheff17> check iptables: sudo iptables -L
[04:42] <samba35> yes ,check that also
[04:43] <samba35> disabled
[04:43] <samba35> and i even change the ports also of web and ssh
[04:44] <thesheff17> try to put ssh on the ftp port and see if it works
[04:44] <samba35> ok
[04:44] <thesheff17> it still sounds like some firewall rules between the box you are trying to connect to and the client box
[04:45] <thesheff17> don't forget to shutdown ftp service before binding ssh to the ftp port
[04:45] <samba35> yes
[04:49] <thesheff17> also make sure the serivces are starting correctly and listening: sudo netstat --tcp --udp --listening --program --numeric-ports | grep sshd
[04:49] <samba35> no its not working
[04:50] <thesheff17> sounds like a service issue if ftp worked and ssh didn't on the same port
[04:51] <samba35> never face this kind of problem
[04:51] <samba35> and hight is if i change hardisk to oracle linux all things works fine
[04:53] <thesheff17> I would put ssh back to port 22 and run sudo netstat --tcp --udp --listening --program --numeric-ports | grep sshd
[04:54] <samba35> yes check
[04:54] <samba35> i even chage ssh port 5123
[04:56] <thesheff17> I would use nmap to see if it is listening....I bet from the remote machine it doesn't find ssh running
[04:56] <thesheff17> and something is blocking it in between
[04:56] <samba35> www.utmxtm.com
[04:56] <samba35> can yo pls try
[04:57] <samba35> any result
[04:57] <thesheff17> its running now
[04:58] <thesheff17> I wonder if your ISP just blocks certain things.
[04:58] <samba35> rdp and vnc not configure
[04:58] <samba35> tryed ?
[04:59] <samba35> no i dont think
[04:59] <samba35> just change hard disk
[04:59] <samba35> it all work with oracle linux
[05:00] <thesheff17> do you have the the default route ?
[05:00] <thesheff17> correct
[05:00] <samba35> yes i am hopeing that or metric is wrong but dont know how to check that
[05:01] <thesheff17> sudo route
[05:01] <thesheff17> the default value will point at your router usually like mine is 192.168.1.1
[05:01] <samba35> default route is my utm box
[05:01] <samba35> yes that is route
[05:02] <thesheff17> nmap is slow...it will be done in a second
[05:02] <twb> thesheff17: nmap -F
[05:02] <thesheff17> thx
[05:02] <samba35> thx ?
[05:03] <twb> !thx
[05:03] <ubottu> You're welcome! But keep in mind I'm just a bot ;-)
[05:03] <thesheff17> lol
[05:03] <thesheff17> says ftp and https is open nothing else
[05:03] <twb> thesheff17: putting SSH on a nonstandard port will affect QoS attempts by your ISP et al.
[05:03] <thesheff17> port 21 and 443
[05:04] <twb> If you are concerned with brute-force attacks an IPS would IMO be better than relying on obscurity
[05:04] <thesheff17> this works
[05:04] <thesheff17> https://www.utmxtm.com
[05:05] <twb> The page is empty though
[05:05] <thesheff17> what is this user portal? is that what you are using?
[05:05] <samba35> hmm that is my utm portal
[05:06] <twb> http://cyber.com.au/~twb/doc/iptab.ips
[05:07] <thesheff17> if https://www.utmxtm.com/ is not your linux box you have to do port forwarding.....
[05:07] <samba35> can you try now https://www.utmxtm.com
[05:08] <samba35> yes i did that
[05:08] <samba35> utm box has DNAT rules for all servicess
[05:08] <samba35> can you try now https://www.utmxtm.com
[05:09] <twb> samba35: just get a second box and test it yourself
[05:09] <thesheff17> yea you have bad port forwarding or firewalls rules.
[05:10] <twb> Probably just triangle routing
[05:10] <samba35> ok
[05:11] <samba35> all things are same just change hard disk to oracle linux all works !
[05:11] <thesheff17> linux on oracle and ubuntu are almost identical
[05:11] <samba35> dhcp assing ip to linux
[05:11] <thesheff17> dhcp should never be used for a server
[05:12] <samba35> ic
[05:12] <samba35> i dont know that
[05:12] <twb> thesheff17: I disagree.
[05:12] <samba35> thank i will try to put staic ip and chaeck yes we have that options open
[05:12] <twb> Using fixed DHCP allocations to non-core servers allows them to be configured on one end, rather than both ends.
[05:13] <twb> It *does* mean the LAN they're on must be ultimately trusted, of course.
[05:15] <thesheff17> well it sounds like a firewall iptables port forwarding mess....when I hit his portal I knew that wasn't his ubuntu box....him setting up fixed DHCP sounds like another layer of complexity :)
[05:16] <twb> Granted
[05:16] <twb> It is certainly useful to switch to manual configuration during testing.
[06:53] <pehden> does freenode allow dcc
[06:55] <twb> Dunno, ask #freenode
[06:55] <onre> irc network does not need to support it
[06:55] <twb> onre: it's just CTCP
[06:55] <twb> onre: right?
[06:55] <onre> it works so that clients send CTCP-style messages to each other and initiate a tcp connection between each other
[06:55] <onre> yes
[06:56] <onre> via CTCP they communicate IP addresses and port numbers
[08:28] <Vivek> Hi
=== himcesjf1 is now known as himcesjf
[08:31] <Vivek> I am using Ubuntu orchestra and I would like to get a pointer to configuring rsyslog.
[08:31] <Vivek> I am referring this URL http://wiki.rsyslog.com/index.php/Very_simple_config_--_starting_point_for_modifications
[08:31] <Vivek> Will this be ok ?
[08:31] <Vivek> I am using  Ubuntu Oneiric and basically want to log remotely to the Ubuntu Orchestration server from a node or nodes.
[08:32] <Vivek> Thanks in advance.
[08:32] <Vivek> The rsyslog is not configured by default in orchestra.
[08:37] <SpamapS> Vivek: did you install 'ubuntu-orchestra-logging-server' ?
[08:39] <SpamapS> Vivek: orchestra doesn't do much of the configuration for you.. its mostly just a collection of packages... to configure the resulting servers you need something like juju or puppet.
[08:39] <AlecTaylor> Open-source or closed-source for SaaS? - http://programmers.stackexchange.com/q/130341
[08:49] <SpamapS> AlecTaylor: great question.. answered and +1'd
[08:49] <eagles0513875_> hey guys anyone here workign with virt-manager im having some really annoying issues connecting to a remote machine with it
[08:49] <eagles0513875_> btw morning AlecTaylor Vivek and SpamapS
[08:50] <AlecTaylor> Thanks SpamapS
[08:51] <SpamapS> if you can call 01:00 morning. :)
[08:52] <AlecTaylor> If you call 7:51PM morning :P
[08:52] <Vivek> SpamapS: yES
[08:53] <Vivek> SpamapS: I am well aware of the fact that it is a collection of packages with not centralized configuration.
[08:55] <Vivek> eagles0513875_: Hello.
[08:55] <SpamapS> Vivek: in that case you really just need to point other machines' rsyslogd at the logging server, and make sure the logging server is configured to accept remote messages.
[08:55] <Vivek> SpamapS: Do you have any documentation I can refer to ?
[08:59] <yann__> hello... just had to reboot a server this morning (10.10) http://waste.mandragor.org/linux-memleak.png  if anyone got a clue for next time it'be much appreciated :(
[09:09] <SpamapS> Vivek: just the rsyslogd man pages
[09:10] <SpamapS> yann__: what makes you think there is a memory leak?
[09:11] <yann__> SpamapS, I have no software running, killed all running software and restarted what I could
[09:11] <yann__> and without any software running, using 5GB+ ram
[09:11] <AlecTaylor> !paste
[09:11] <ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
[09:12] <_godhelpme> hi
[09:13] <Vivek> ok
[09:14] <Vivek> SpamapS: Thanks
[09:15] <eagles0513875_> SpamapS:  you ever worked with virt-manager before?
[09:18]  * AlecTaylor opened up the discussion over whether I should open-source my SaaS: http://openclosedsource.wikia.com
[09:29] <SpamapS> eagles0513875_: I use it quite often
[09:30] <SpamapS> yann__: but what do you mean "using" ?
[09:30] <SpamapS> yann__: htop is somewhat imprecise, try 'free -m'
[09:30] <eagles0513875_> SpamapS: im having nothing but issues with it getting it to connect to remote server http://pastebin.com/BV50Gf7S
[09:31] <SpamapS> yann__: memory used in buffers and cache is memory used to opportunistically speed up the system. There is no memory leak, its just in use for better purposes when your programs haven't explicitly requested it.
[09:31] <SpamapS> eagles0513875_: I don't use it like that
[09:31] <eagles0513875_> and my friend and i have tested on 10.04 10.10 11.04 and same issue
[09:31] <eagles0513875_> how do you use it
[09:32] <eagles0513875_> even connecting to my localhost to test i have saame issue
[09:32] <eagles0513875_> SpamapS:  you using xen as the virt technology of choice?
[09:37] <smb> eagles0513875_, If it is xen you want to connect, you need to enable the unix server in xend. Unfortunately there are other issues which I have not found solutions for
[09:38] <eagles0513875_> that didnt do it
[09:38] <eagles0513875_> any ideas as to these errors smb http://pastebin.com/BV50Gf7S
[09:40] <smb> It looks like when I had tried to connect to xen without the change in xend (one has to restart too)... Need to start the machine to remember what exactly I changed.
[09:40] <eagles0513875_> restart what the local hos t
[09:40] <eagles0513875_> host
[09:40] <eagles0513875_> or the remote server
[09:43] <smb> remote server
[09:44] <yann__> SpamapS, disk cache is yellow in htop :) and no, it's not "faster", i discovered that because I had 5GB swap
[09:44] <yann__> so I killed everything I could to see what was using so much, and was left with that
[09:45] <eagles0513875_> smb: giv eme a moment to reboot
[09:45] <smb> eagles0513875_, no reboot of server needed
[09:45] <smb> just restart of xend
[09:46] <eagles0513875_> that is done
[09:47] <eagles0513875_> smb: now what
[09:49] <yann__> http://waste.mandragor.org/memory-day.png   mmmh.
[09:49]  * smb needs a bit trying to type, search and talk at the same time does not work that well
[09:50] <eagles0513875_> no worries smb im here for another 40 min
[09:52] <smb> eagles0513875_, Ok. :) Well so I think you need to have libvirt-bin installed on the remote xen host, then have /etc/xen/xend-config.sxp have a line like "(xend-unix-server yes)", then sudo service xend restart
[09:52] <eagles0513875_> libvirt-bin is started already
[09:52] <eagles0513875_> let me check the xend-config
[09:54] <eagles0513875_> that didnt work :(
[09:55] <smb> Hm...
[09:55] <eagles0513875_> smb: it seems like the remote server is trying to close the connection before i am successfully logged in is the impression im getting from the msg
[09:55] <SpamapS> eagles0513875_: no I use kvm
[09:56] <eagles0513875_> ok SpamapS
[09:56] <SpamapS> yann__: what does free -m show?
[09:56] <smb> It looks like that, but I had the exact same one because there was no service running...
[09:56] <yann__> SpamapS, I ll give it a try next time, had to reboot it
[09:56] <eagles0513875_> smb: let me try it on my local host first
[09:57] <SpamapS> yann__: I also usually run 'ps auxw O r' which shows the biggest process last..
[09:57] <SpamapS> clint     3859  4.6  5.9 970108 236588 ?       Sl   Jan15  13:38 /usr/lib/firefox-9.0.1/firefox
[09:57] <SpamapS> anyway, time to try and sleep
[09:57] <yann__> SpamapS, I usually use htop with sorting by memory :) have a good night, thanks for helping
[09:57] <smb> eagles0513875_, I would assume if you can ssh ok, the virtmanager connect should work
[09:58] <eagles0513875_> im on the localhost already doesnt work cant seem to establish a connection to the local host
[09:58] <eagles0513875_> also its seems the remote host is terminating the connection after specifying my password
[09:58] <eagles0513875_> smb: you using ssh keys or passwords only
[09:58] <smb> eagles0513875_, ssh keys
[09:59] <eagles0513875_> smb: is it possible to only use passwords or with virt-manager you must have ssh keys
[09:59] <smb> eagles0513875_, Should be possible to use both. But let me make sure...
[10:00] <eagles0513875_> smb: the virt-manager documentation shows remote connectiosn using ssh keys not passwords at least from what i understood
[10:00] <SpamapS> yann__: also one thing that has gotten me before is if you are using something configured to use HugePages like mysql or postgres.. that memory will show up as "used" by the kernel as soon as you configure the huge pages region.
[10:00] <smb> eagles0513875_, works both. just without ssh keys there is a local pw dialoque
[10:00] <yann__> I ll have a look, but I don't think I'm using huge pages :)
[10:01] <eagles0513875_> smb: im getting the dialogue
[10:01] <Vivek> SpamapS: FYI rsyslog is automatically configured on Orchestra.
[10:01] <eagles0513875_> but i cant fathom what is causing me to fail to connect
[10:02] <smb> eagles0513875_, Just for completeness, you checked that on the remote host libvirtd is running?
[10:03] <SpamapS> Vivek: oh, cool. :)
[10:06] <smb> eagles0513875_, And one other thing to check is whether "netstat -a|grep unix|grep xend-sock" has some output
=== gondoi_ is now known as gondoi
=== Myrtti_ is now known as Guest79446
[10:08] <eagles0513875> bk smb :)
=== Vivek is now known as Guest88234
[10:09] <smb> eagles0513875, Mind that  I could then connect, but instance creation still fails because bug 914788 and bug 914792
[10:09] <uvirtbot> Launchpad bug 914788 in libvirt "libvirt expexts qemu-dm in wrong path for xen" [Undecided,New] https://launchpad.net/bugs/914788
[10:09] <uvirtbot> Launchpad bug 914792 in libvirt "libvirt: Unable to complete install: ''b454ca30-add4-8f72-8093-99c938e87b46''" [Undecided,New] https://launchpad.net/bugs/914792
[10:09] <eagles0513875> smb: im guessing im experiencing the first bug
=== Guest79446 is now known as Myrtti
[10:10] <eagles0513875> actually first one isnt
[10:10] <smb> eagles0513875, No that only was _after_ being able to connect. :)
[10:10] <eagles0513875> ahh ok
[10:11] <eagles0513875> guess its time for a bug to be filed
[10:11] <eagles0513875> 2 bugs
[10:11] <eagles0513875> virt-manger should automatically pull ssh-askpass
[10:11] <ikonia> no
[10:11] <ikonia> I dont think it is a bug
[10:11] <ikonia> I think it is your setup
=== Adri2000_ is now known as Adri2000
[10:12] <eagles0513875> ikonia: has to be a bug
[10:12] <ikonia> why ?
[10:12] <eagles0513875> tried it on a vm of 10.04 10.10 11.04
[10:12] <eagles0513875> i have everything there libvirt is installed and running
[10:12] <ikonia> but didn't smb say he was connecting fine ?
[10:13] <eagles0513875> ikonia: hes using ssh keys not simple passwords
[10:13] <ikonia> right - so why ssh-askpass then, as that's normally for keys
[10:13] <ikonia> eagles0513875: how are you trying to open the virutal manager ?
[10:13] <eagles0513875> from the kmenu
[10:13] <eagles0513875> should it be run with sudo from the command line
[10:14] <ikonia> eagles0513875: have you looked at what the kmenu launcher is doing ?
[10:14] <eagles0513875> no i havent
[10:14] <ikonia> eagles0513875: ok - so again, checking this stuff out before logging a bug
[10:14] <ikonia> eagles0513875: have you tried launching it manually to get some more verbose output ?
[10:14] <ikonia> check the basics, get info,
=== schmidtm_ is now known as schmidtm
[10:15] <smb> eagles0513875, I had changed away the authorized_keys to get a pw prompt and that worked, too
[10:16] <eagles0513875> ahh
[10:16] <ikonia> I didn't have a problem when I was using it on ubuntu (I'm not any more but it worked fine when I did)
[10:16] <eagles0513875> ikonia: how can i get verbose output to commandline
[10:16] <eagles0513875> ikonia: it worked fine when i tested it out with kvm
[10:17] <smb> eagles0513875, I think I am a bit confused reading. Did you try the netstat line on the remote host?
[10:17] <ikonia> eagles0513875: just launch it by the command line first, see what it does
[10:18] <eagles0513875> ikonia: not doing anything
[10:18] <eagles0513875> smb: no i havent
[10:18] <ikonia> eagles0513875: what are you typing on the command line ?
[10:18] <smb> eagles0513875, Ok, could you try? Then we would know whether the socket interface is up
[10:18] <eagles0513875> smb: what socket interface should i be looking for
[10:19] <eagles0513875> ikonia: virt-manager
[10:19] <smb> netstat -a|grep unix|grep xend-sock
[10:19] <smb> unix  2      [ ACC ]     STREAM     LISTENING     20492    /var/lib/xend/xend-socket
[10:19] <koolhead11> hi all
[10:21] <eagles0513875> its there and listening smb
[10:22] <smb> eagles0513875, Ok, so at least can take that from the list...
[10:22] <eagles0513875> ok
[10:24] <smb> eagles0513875, So what is running locally and remotely? I only tested 11.10 and 12.04 combinations currently
[10:25] <eagles0513875> 11.10 on both
[10:25] <smb> ok
[10:25] <eagles0513875> well ill be damned i installed kvm on localhost and that connected just fine
[10:28] <smb> Well, that has always worked. Just that Xen host server came back only with 11.10 and I am not sure how many really tried out with libvirt and xen
[10:28] <smb> It is quite manual at least
[10:28] <eagles0513875> :-/
[10:29]  * smb hopes to improve things until precise release...
[10:29] <eagles0513875> smb: you work with the virtualization stuff?
[10:29] <smb> yes
[10:30] <AlecTaylor> Will open-sourcing my SaaS solution adversely affect my revenue? - Contribute to Discussion and Notes: http://openclosedsource.wikia.com / http://programmers.stackexchange.com/q/130341
[10:30] <ikonia> eagles0513875: don't you have to make a change to tell it to connect to a xen hypervisor instead of kvm
[10:30] <smb> ikonia, Yes, that is done when you create a new connection
[10:30] <eagles0513875> i did i was just testing ikonia to see if i would have the same issues i am having with xen but with kvm
=== Guest88234 is now known as Vivek
[11:20] <lynxman> morning o/
[11:51] <eagles0513875_> smb: hey I'm on from web chat at school lol
[12:05] <koolhead11> ohai lynxman
[12:39] <Psi-Jack> ikonia: Looks like you're around now eh?
[12:39] <ikonia> I am around yes
[12:39] <Psi-Jack> Remember that whole MySQL battle from before? ;)
[12:39] <ikonia> hello
[12:39] <ikonia> I certainly do
[12:39] <eagles0513875_> hi ho :)
[12:39] <Psi-Jack> heheh
[12:39] <Psi-Jack> you'll laugh at the results. ;)
[12:39] <ikonia> one of the more interesting ones
[12:39] <ikonia> Psi-Jack: please share
[12:39] <ikonia> very interested
[12:40] <Psi-Jack> Hehe
[12:40] <Psi-Jack> Well, the updated kernel and mysql solved the memory usage was mostly solved, but there was an underlying issue causing most of it to begin with. ;)
[12:41] <ikonia> go on......
[12:41] <Psi-Jack> We use VMWare vSphere 4.1u2 in our infrastructure for pretty much most every server in our DC, save for a few.
[12:42] <Psi-Jack> This particular VMWare Guest was set to have initially 4GB, then 8GB, then finally 16GB, but no matter how much RAM we gave it at the hypervisor level, someone had set a Memory Limit on it to 2GB.
[12:42] <ikonia> really,
[12:42] <Psi-Jack> So, yeah, the guest was getting 8GB, but only 2GB of it was allowed to be used, and so it was actually swapping out on the HOST OS side to account for it.
[12:43] <ikonia> that makes sense for what we saw that night
[12:43] <ikonia> however was that hypervisor limit in place on any other machiens ?
[12:43] <ikonia> eg: was it effecting any other guests ?
[12:43] <Psi-Jack> No, it was set just for that one that we found.
[12:44] <ikonia> I didn't know you could do that, limit it at the hypervisor for just one vm
[12:44] <Psi-Jack> Yep.
[12:44] <Psi-Jack> VMWare can do that. heh
[12:44] <Psi-Jack> Our DBA of all people found it!
[12:44] <ikonia> I thought the hypervisor settings where global and then everything bellow that was either group policy based, or guest based
[12:44] <ikonia> impressive
[12:44] <ikonia> and a nice little feature to be aware of for future use
[12:44] <ikonia> thanks for sharing Psi-Jack
[12:44] <Psi-Jack> I don't claim at all to be a VMWare expert, I know Xen and KVM much more, but VMWare still is bleh.
[12:44] <ikonia> what an annoying issue that turned out to be
[12:45] <Psi-Jack> Nooooo sh**!
[12:45] <ikonia> Psi-Jack: vm-ware is what you have to use in business, so no point dodging it
[12:45] <ikonia> apart from redhat pushing kvm as their cloud platform now
[12:45] <Psi-Jack> After that, our CPU loads went back to normal, primary use of CPU load is MINIMAL now, and when it is, it's mostly user load, not system load.
[12:45] <Psi-Jack> That's what got me is MOST of the load was system load, which means core processes.
[12:46] <ikonia> at least you are sorted now
[12:46] <Psi-Jack> Yep. :)
[12:46] <ikonia> an interesting one,
[12:46] <Psi-Jack> A lot more useful now, and it's funny to see the load levels during prime hours are practically nothing at all anymore.
[12:46] <Psi-Jack> We have another DB running similarly in another DC, under Xen, and i see a lot of user load, but barely any system load.
[12:47] <Psi-Jack> That database however, has a lot going on. Both our flagship SaaS product, and our CMS hostings. ;)
[12:47] <patdk-lap> oh, did someone specify a resource limit for ram?
[12:47] <Psi-Jack> patdk-lap: Yeah. LOL
[12:47] <patdk-lap> ya, your miss that unless you use that a lot
[12:47] <eagles0513875_> learned something new as well about vmware sphere :D
[12:48] <Psi-Jack> hehe
[12:48] <Psi-Jack> Yeah, me too!
[12:48] <patdk-lap> setting resource limits is very nice though
[12:48] <Psi-Jack> Don't trust VMWAre! hahaha
[12:48] <patdk-lap> expectially for disk access
[12:48] <eagles0513875_> Psi-Jack: how do you guys go about creating the xen guests
[12:48] <Psi-Jack> Well, our disk access is tied to an FC SAN with FC Disks. ;)
[12:48] <Psi-Jack> eagles0513875: We don't. Our Xen stuff is run in Rackspace, they run Xen. heh
[12:49] <eagles0513875_> got it
[12:49] <patdk-lap> I
[12:49] <Psi-Jack> I don't do Xen anymore myself. Has too many annoying issues like easily corruptable vNIC's.
[12:49] <patdk-lap> I'm thinking I should just run xen inside vmware
[12:49] <patdk-lap> for the last legacy things
[12:50] <Psi-Jack> Yikes!
[12:50] <patdk-lap> why yikes?
[12:51] <eagles0513875_> Psi-Jack: how are you creating the vNIC's
[12:51] <patdk-lap> you need vsphere 5.0 though
[12:51] <uvirtbot> New bug: #917134 in drbd8 (main) "dbrd8 kernel module and padlock-sha kernel module in deadlock" [Undecided,New] https://launchpad.net/bugs/917134
[12:51] <eagles0513875_> I'm using a bridged networking setup which is very easy to specify and setup the bridge via the network interfaces file
[12:51] <eagles0513875_> ikonia: i enabled debugging in libvirt smb is helping me go through that to find out the possible cause of my issue
[12:52] <Psi-Jack> eagles0513875: They were fully paravirtualized guests, and just using LVS on them for network directing was causing failures that resulted in mysterious packet loss.
[12:52] <patdk-lap> I'm using my own custom network xen config scripts
[12:52] <Psi-Jack> Any kind of advanced routing or packet mangling caused these issues on Xen for me.
[12:52] <eagles0513875_> ahh
[12:52] <eagles0513875_> well atm libvirt is giving me hell
[12:52] <patdk-lap> Psi-Jack, odd, I didn't have that issue
[12:52] <Psi-Jack> And that was Citrix Xen, specifically.
[12:52] <patdk-lap> I also rarely ran it at high load levels though
[12:52] <Psi-Jack> The "Commercial Grade" stuff.
[12:52] <ikonia> Psi-Jack: it was always one of the drawbacks with xen
[12:53] <ikonia> and why cytrix wrote their own network patches for it
[12:53] <RootChaos> can anyone suggest a good ubuntu load balance app through personal experience ?
[12:53] <RootChaos> i need to load balance two smtp servers
[12:54] <ikonia> lvs
[12:54] <ikonia> ipvsadmin
[12:54] <ikonia> adm sorry
[12:54] <ikonia> simple and easy
[12:56] <RootChaos> * looking
[12:56] <RootChaos> thanks very much
[12:58] <RootChaos> do i need a dedicated server for lvs, or can i run it with other services on a server ?
[12:58] <Psi-Jack> You should do it dedicated.
[12:58] <Psi-Jack> Or run it along side with the mailservers.
[12:59] <ikonia> you can if you are strapped for hardware run the lvs process on the actual service giving servers
[12:59] <ikonia> you need to be a little more tidy/thought out, but you could do it if you where strapped for hardware
[12:59] <RootChaos> i have another server running mysql, doing nothing... i could setup lvs on that server which will balance to the 2 mail servers ?
[13:00] <Psi-Jack> You shouldn't run LVS on a database.
[13:00] <ikonia> yeah, mail = front end, database = backend, balancing a front end service would put the database at the front
[13:00] <Psi-Jack> You would be better off running pacemaker+ldirectord on the two mail servers.
[13:00] <ikonia> plus the performance risk
[13:00] <Psi-Jack> Just do NOT run a firewall on the same host as LVS
[13:01] <Jeeves_> Psi-Jack: Why not?
[13:01] <Psi-Jack> It will eat data for lunch. ;)
[13:02] <Psi-Jack> Heck, patdk-lap and Omache taught me that. ;)
[13:02] <RootChaos> ok, but in essence, just to test, i can use an existing server, load lvs and see how it works - then move it to a dedicated box later
[13:02] <Psi-Jack> RootChaos: You should run it on a front-end facing server. Not a database server.
[13:03] <RootChaos> ok cool
[13:03] <RootChaos> i can do that
[13:03] <Psi-Jack> Often times, people run LVS servers on their webservers.
[13:04] <Psi-Jack> I'm one that runs two dedicated VMs just to LVS and does nothing else, but nginx name-based and ip-based proxying. ;)
=== hito_jp0 is now known as hito_jp
[13:05] <Jeeves_> Psi-Jack: I really don't see the issue of combining those two functions
[13:05] <koolhead11> Daviey: around?
[13:07] <Daviey> koolhead11: briefly
[13:07] <koolhead11> Daviey: was writing u a mail
[13:07] <Daviey> koolhead11: probably better right now
[13:07] <Daviey> kinda swapping tasks.
[13:10] <htdutchy> What do I need to install to host a dhcp server?
[13:10] <Psi-Jack> dhcpd
[13:11] <htdutchy> E: no installation candidate
[13:11] <htdutchy> Is there a packet that I can just install with apt-get install?
[13:12] <Psi-Jack> Here's a tip.
[13:12] <Psi-Jack> aptitude search dhcp
[13:12] <htdutchy> I got it dhcp3-server
[13:12] <htdutchy> thanks
[13:12] <Psi-Jack> That's the older version.
[13:13] <Psi-Jack> isc-dhcp-server is version 4
[13:13] <htdutchy> ah
[13:14] <htdutchy> isc-dhcp-server isn't available :(
[13:15] <Psi-Jack> There's also a chance I could be wrong. I'm looking at a Debian server of mine. :p
[13:15] <htdutchy> ah, well I'm on ubuntu
[13:17] <htdutchy> webmin picked it up, it's working
[13:18] <Psi-Jack> heh.
[13:18] <Psi-Jack> Glad I'm not the only nut job that uses webmin. :)
[13:18] <Psi-Jack> I do it, though, just to be lazy. I actually know how to go in and fix problems by hand, set them up by hand, etc, ;)
[13:19] <htdutchy> Yeah, I like working in console, but for a quick configurations like setting up users it's just better
[13:20] <htdutchy> Primarily I use it for user config, apache, dns and dhcp servers
[13:21] <Psi-Jack> Oh heck, you don't even utilize it for much then.
[13:21] <Psi-Jack> You're just plum lazy. :)
[13:22] <Psi-Jack> I actually use it for the whole cluster effect, change one on one, it replicates that change to the others.
[13:26] <htdutchy> Ah
[13:27] <skorv> hey!
[13:29] <skorv> simple dumb question from a noob.... can i use a ubuntu server as a front end to redirect urls to different web servers within my network?
[13:29] <Psi-Jack> yes
[13:29] <skorv> i know how to do it with apache and virtual hosts in a single machine...
[13:29] <skorv> the question then is... how?
[13:30] <patdk-wk> Jeeves_, the issue with combining what two functions?
[13:31] <ikonia> skorv: look at squid and jesred, or apache
[13:31] <Psi-Jack> skorv: I'd setup nginx with name-based forwards to different transport endpoints as needed for each hostname you need. But that's not the proper way to do what you're asking. The proper way is to have Split-DNS and have internal DNS point to internal server, external DNS point to external IP.
[13:32] <Jeeves_> patdk-wk: Iptables and LVS
[13:32] <skorv> Psi-Jack: the proper way sounds complecated
[13:32] <patdk-wk> iptables and lvs don't mix
[13:32] <Psi-Jack> skorv: It's not.
[13:32] <Psi-Jack> It is more maintenance, but proper.
[13:32] <patdk-wk> lvs injects packets back in, in the middle of netfilter
[13:32] <Psi-Jack> And you don't have a SPF
[13:32] <patdk-wk> lvs packets don't match conntrack ever
[13:33] <Psi-Jack> Nope.
[13:33] <Psi-Jack> LVS magically moves traffic around without ever telling conntrack about it. ;)
[13:33] <skorv> i'm managing virtual servers as well as physical ones...
[13:33] <patdk-wk> well, without telling netfilter about it, and therefor screwing conntrack and some other things
[13:33] <Psi-Jack> skorv: Yeah, so do I.
[13:33] <Psi-Jack> patdk-lap: Heh, yep.
[13:34] <Psi-Jack> Which is partly why running a firewall on an LVS director causes issues.
[13:34] <skorv> ok.... i'll pick you brain in a couple of minutes... gotto go have lunch
[13:34]  * Psi-Jack gets a brain-picking needle ready, and cringes.
[13:34] <patdk-wk> running the firewall in non-stateful mode works, if you don't also need any helper modules, like ftp, irc, sip, ....
[13:34] <Psi-Jack> Heh.
[13:35] <Psi-Jack> I hardly even know what a non-stateful firewall is anymore. :p
[13:41] <Jeeves_> Ok, that kinda makes sense
[13:41] <Jeeves_> But if the firewall is only firewalling the services that are loadbalanced, it shouldnt be a real issue.
[13:46] <Psi-Jack> Wrong. :)
[13:46] <Psi-Jack> That is stateful firewalling.
[13:48] <Jeeves_> Ehm, that depends how you configure it :)
[13:50] <patdk-wk> it can be a real issue
[13:50] <zul> good morning
[13:50]  * Psi-Jack nods.
[13:50] <patdk-wk> the issue is, dealthing with non-stateful firewalls
[13:50] <patdk-wk> in order for that to work, you have to open up much more than you would have to otherwise
[13:51] <Psi-Jack> Exactly.
[13:51] <Psi-Jack> Hence, why I run my LVS directors on dedicated VM's that get proxyarp'd to by the front-end firewall. Thanks to patdk-lap's gracious help here. ;)
[13:52] <patdk-wk> I'm just running two firewalls and two directors, using pacemaker
[13:52] <patdk-wk> I also have a crapload more ip space to work with than you :)
[13:54] <skorv> ok... back
[13:55] <Psi-Jack> patdk-lap: Hehe
[13:55] <Psi-Jack> Yeah, I still use two firewalls, and 2 directors though. :)
[14:06] <skorv> for now i'll setup my servers within proxmox(KVM mode) and attach the physical ones later
[14:08] <Psi-Jack> My LVS directors are all run under KVM, personally.
[14:08] <Psi-Jack> My firewalls too.
[14:10] <Psi-Jack> And I too, now use Proxmox VE, but I use 2.0 beta2 with the HA stuff enabled and functioning. ;)
[14:11] <skorv> i'm still on a old one
[14:11] <skorv> 1.7 i think
[14:12] <Psi-Jack> 1.9 is out, yanno.
[14:12] <skorv> yea...
[14:12] <Psi-Jack> Proxmox VE 2.0 is nice, though. It actually comes with kvm official 1.0.0
[14:13] <skorv> will wait for 2.0 to fully upgrade my server farm
[14:13] <Psi-Jack> hehe
[14:13] <Psi-Jack> I upgraded from a series if pacemaker-run libvirt-managed hypervisor cluster to Proxmox VE 2.0 beta 2 which uses cman for it's cluster glue.
[14:13] <Psi-Jack> I hate cman+rgmanager, but eh.. The system works so far, pretty well.
[14:13] <skorv> you've set your firewalls in there as well?
[14:14] <skorv> what did u use
[14:14] <skorv> ?
[14:14] <Psi-Jack> Yeah, my firewalls are run in kvm guests.
[14:14] <Psi-Jack> And I use shorewall for my management system for it.
[14:14] <skorv> i was planing on terting vyatta distro myself but not sure
[14:14] <Psi-Jack> Don't.
[14:14] <Psi-Jack> It's just not worth it.
[14:15] <skorv> pfsense?
[14:15] <Psi-Jack> Hell no. BSD-based crap.
[14:15] <skorv> self built?
[14:15] <Psi-Jack> Shorewall.
[14:16] <skorv> didnt knew that one
[14:16] <Psi-Jack> Shorewall is a perl script to manage iptables,works on any distro.
[14:16] <skorv> ok... so a base install of ubuntu server and that on top of it :P
[14:16] <Psi-Jack> You edit a few text files to setup the basic concept, it's stateful, and it builds ginormous rulesets that do exactly what you tell it to.
[14:17] <Psi-Jack> Eh, sure. ;)
[14:17] <Psi-Jack> I use openSUSE for my firewalls.
[14:17] <skorv> i tried centos.... but cannot adapt to the dam yum :P
[14:17] <Psi-Jack> Debian for my webservers and directors, though thinking about moving my directors to Ubuntu seeings that Debian's ldirectord is bugged.
[14:17] <Psi-Jack> yum is awesome.
[14:18] <Psi-Jack> Personally I hate the .deb package format. Worst design flaw ever, but it is what it is.
[14:18] <skorv> maybe because i'm a ubuntu freak... the fist and only distro i ever used
[14:18] <Psi-Jack> I started with SLS.
[14:18] <skorv> i tryed debian... fedora... even archlinux....
[14:19] <skorv> always find my way back to ubuntu
[14:19] <Psi-Jack> In short, I started Linux before it was even 1.0.0. :p
[14:19] <skorv> :P
[14:19] <skorv> me it was in 2008
[14:19] <Psi-Jack> Youngin. :p
[14:19] <skorv> with 8.04
[14:19] <skorv> actually i'm 33 but thats another story
[14:20] <Psi-Jack> heh
[14:20] <skorv> 2 weeks after installing into my laptop... made my 1st server
[14:20] <Psi-Jack> Hmmm. Cool. My age.
[14:20] <skorv> completely brind
[14:20] <skorv> but did it anyway
[14:21] <skorv> portugal is an all consuming windows market
[14:21] <Psi-Jack> I just started young. First computer was a C64, moved up to a CISC, then got into UNIX almost immediately. I was a proud owner of a NeXT cube and Alpha server. ;)
[14:21] <skorv> not many chances for linux in enterprise... only small companies like my own use it internally
[14:21] <Psi-Jack> That's a cop-out, and an excuse. ;)
[14:21] <skorv> for me.... 1985's Spectrum clone Timex 2048
[14:22] <skorv> c64 was an amazing machine
[14:22] <Psi-Jack> Did you know Commodore re-made it into a 64-bit CISC machine styled just like the original keyboard unit?
[14:23] <skorv> nop... thatz amazing
[14:23] <Psi-Jack> http://www.commodoreusa.net/CUSA_C64.aspx
[14:25] <Psi-Jack> Legacy reborn! :D
[14:25] <Psi-Jack> Funny thing is, it's specifically designed for Linux. :)
[14:27] <skorv> :P
[14:27] <skorv> amazing
[14:29] <skorv> so.... how you've set up your network (i'm setting up firewall > server > (webserver 1) (webserver 2)
[14:30] <Psi-Jack> I have 4 hypervisors, attaching disks via multi-pathed iSCSI to two NAS servers (also running Linux) to act as a storage SAN.
[14:31] <Psi-Jack> I have two VM's running firewalls, they proxarp VIPs from the front to the LVS directors which I have 2 of, active and failover.
[14:32] <skorv> 2 firewalls? isnt that too much?
[14:32] <Psi-Jack> From the director, it forwards to the appropriate servers by IP address of two backend webservers. I also run an nginx proxy server for name-based forwarding so that internal servers I don't want normally exposed are masqueraded through the gateway IP.
[14:32] <Psi-Jack> Nope.
[14:32] <Psi-Jack> Active and Failover. My primary firewall can go down and the failover will takover without any traffic loss.
[14:32] <Psi-Jack> I have only 1 SPOF in my network, and that's my cablemodem. ;)
[14:33] <skorv> ok... me is just 2 physical servers in cluster mode (proxmox) its not an enterprise
[14:33] <Psi-Jack> Neither is mine. :p
[14:33] <Psi-Jack> This is just my home setup,.
[14:34] <skorv> i have 8 machines total.... 2 of them are servers
[14:34] <skorv> "and i thought i was nutz.... :P"
[14:35] <skorv> 1 cablemodem... a linksys wrt160nl with ddwrt as router.... the rest is just too much computers
[14:35] <Psi-Jack> 8 and only /2/ are servers?
[14:35] <Psi-Jack> Bleh,. linkcrap.
[14:35] <skorv> 1 is my personal (home) and a laptop
[14:36] <Psi-Jack> I have 6 physical servers, 14 virtualized servers, 1 performance desktop, 1 personal laptop, 1 company laptop, 1 personal netbook, 1 android tablet, 1 smartphone, 1 smart tv
[14:36] <_ruben> and you are your power company's favorite customer ;)
[14:36] <Psi-Jack> Indeed. ;)
[14:37] <skorv> then in my workshop... 2 servers, 1 workstation, 1 data recovery, 1 "experimental", and 1 acer laptop converted into a media station just for listening to music :P
[14:37] <Psi-Jack> Bill's more than most people I know, even at work with expensive houses. LOL
[14:37] <Psi-Jack> Oh, and 1 dedicated NAS storage box, a simple Netgear ReadyNAS Duo.
[14:37] <Psi-Jack> That's my simple backup resource point. ;)
[14:37] <skorv> we're crazy you and IO
[14:37] <skorv> we're crazy you and I
[14:37] <skorv> :P
[14:38] <Psi-Jack> This is just my home setup so I can keep on top of everything in my field of interests. ;)
[14:38] <skorv> ok
[14:38] <Psi-Jack> It's why I'm one hell of a good systems engineer, and not just a simple system admin.
[14:38] <Psi-Jack> Soon, I'm actually picking up server grade managed switches. ;)
[14:38] <Psi-Jack> Because 3 8-port switches just isn't enough.
[14:39] <skorv> i have a asus 24port 10/100 unmanaged
[14:39] <skorv> weak i know
[14:39] <Psi-Jack> Bleh.
[14:39] <Psi-Jack> I'm 100% GbE
[14:39] <skorv> :P
[14:40] <skorv> for a self employed guy here where i live i have more than any other tech i know
[14:40] <skorv> hardware setup for the servers (now you'll blow my mind)
[14:40] <Psi-Jack> I'm getting a rack, hopefully today, to actually shelf all my computers onto and organize it better. ;)
[14:41] <Psi-Jack> Two Dell PowerEdge 830's with dualcore Intel Xeon's and CERC RAID doing RAID-10 on 6-drives. That's my storage cluster.
[14:41] <skorv> ok....
[14:42] <Psi-Jack> 4 hypervisors running AMD Phenom II X4's with 8GB DDR2 RAM
[14:42] <skorv> mine is just 2 home grown E8400 Core 2 Duo with asus p45 motherboards
[14:42] <skorv> 1 has 6gb ram... the other 3
[14:42] <Psi-Jack> Bleh. Intel junk.
[14:43] <skorv> 8400 were good gaming machines
[14:43] <skorv> my dream setup :P
[14:43] <skorv> dell's 815 with 4 opterons
[14:43] <Psi-Jack> At work, we have several Quad-CPU 12-core Opteron's with 256 GB RAM hooked up by FC to an EMC SAN.
[14:43] <skorv> the new 16 core buldozer
[14:43] <Psi-Jack> With FC-Disks. ;)
[14:44] <Psi-Jack> Now, THAT, is a setup. ;)
[14:44] <skorv> 6282SE i think :P
[14:44] <skorv> oh yea
[14:44] <skorv> cant afford it
[14:44] <skorv> so i'll keep on dreaming
[14:44] <Psi-Jack> Yeah, that's several hundred thousand dollars of equipment. ;)
[14:45] <skorv> each of those cpus is 1000$
[14:45] <Psi-Jack> but definitely, AMD is a much better way to go, especially for virtualization.
[14:45] <skorv> true that
[14:46] <Psi-Jack> skorv: Yeah, and we have at least 80 of those CPUs. ;)
[14:46] <skorv> so... i'll probably upgrade my setup latter this year to amd 8150FX
[14:46] <skorv> jeez
=== masACC is now known as maswan
[14:46] <Psi-Jack> hehe
[14:47] <skorv> maybe i can pick up some "old" servers from upgrades. some companies sometimes just "give them away"
[14:48] <Psi-Jack> The only part I hate about my home setup is, my fricken Dell 830's onboard NIC's don't do jumbo frames.
[14:48] <skorv> can pick a couple of dual xeon
[14:48] <Psi-Jack> Pisses me off to no end.
[14:50] <skorv> when i set my servers up i tryed asus NICs... only to find out they only work on windows
[14:50] <skorv> :(
[14:51] <skorv> now i use tp-link's GbE NICs (pci ad pcie)
[14:51] <skorv> on all my machines
[14:53] <patdk-wk> hmm, all my home machines support jumboframes
[14:53] <patdk-wk> running ib at home is really nice too :)
[14:53] <patdk-wk> nothing better than 64k mtu
[14:53] <Psi-Jack> patdk-lap: Yeah, all BUT my fricken server-grade computers, the PowerEdge 830's, have jumbo frames.
[14:54] <patdk-wk> I don't even know what a pe830 is
[14:54] <Psi-Jack> And for some reason, dropping PCI NIC's into it don't work.
[14:54] <patdk-wk> the oldest I have around here is a pe r410
[14:54] <Psi-Jack> Could do PCIe or PCI-X NIC's though.
[14:55] <Psi-Jack> PCI-X ones are painfully expensive though.
[14:55] <patdk-wk> heh?
[14:55] <patdk-wk> you can get intel dual gigabit pcix for like $20
[14:55] <Psi-Jack> Really? Where!
[14:55] <patdk-wk> same thing for pcie is going be atleast 120
[14:55] <patdk-wk> ebay :)
[14:55] <Psi-Jack> Oh. Bleh.
[14:55] <patdk-wk> why waste the money on brand new pcix stuff?
=== caribou_ is now known as Caribou
[14:56] <patdk-wk> expecially with all the companies offloading pcix for pcie
[14:57] <Psi-Jack> Eh, I suppose.
[14:57] <Psi-Jack> I'll look into it, anyway. $20 is not bad at all.
[14:58] <Psi-Jack> Heh, Intel Pro 1000 MT Dual Port NIC GbE PCI-X, $8.94
[14:58] <Psi-Jack> (+$6.95 shipping)
[15:01] <Psi-Jack> patdk-lap: ebay's usually the LAST place I look, but this looks promising.
[15:01] <Psi-Jack> At least for the now solution. :)
[15:01] <patdk-wk> well, pcix is what I call, expired
[15:01] <patdk-wk> so ebay is my goto for that
[15:02] <Psi-Jack> Jumbo frames would definitely improve my throughput to the disks for the SAN of mine, and 2-ports would allow me to keep the DRBD replication going on one isolated network, and expose the volumes via the other port.
[15:02] <Psi-Jack> Double-Win there. :)
[15:02] <patdk-wk> I'm using 4 gigabit nics for iscsi round robin
[15:03] <patdk-wk> atleast till everything is upgraded for infiniband
[15:03]  * Psi-Jack nods.
[15:03] <Psi-Jack> Oh yeah.
[15:03] <Psi-Jack> My ISP FINALLY is "working on" IPv6 support.
[15:04] <Psi-Jack> Hmmm
[15:04] <Psi-Jack> They even have PXI-X 2GB FC for like $9.95
[15:04] <Psi-Jack> PCI-X
[15:04] <Psi-Jack> I might go that route. Get two of those, and two PCI-X NIC 2-port GbE's.
[15:05] <Psi-Jack> No need for an HBA-SW with direct connect.
[15:08] <patdk-wk> I have some of those
[15:08] <arrrghhh> hey guys.  is there any difference between "service <svc> start" and "/etc/init.d/<svc> start"?
[15:08] <patdk-wk> and a 8 port fc switch
[15:08] <patdk-wk> mainly got that 2gb fc stuff, cause I have a 24 lto3 tape system, that uses 2gb fc
[15:08] <Psi-Jack> patdk-lap: Yeah, but direct HBA to HBA should work, too, no?
[15:09] <patdk-wk> but now I'm getting two netapp shelfs that are 2gb fc also, would like to put them on a 4 port pcie card though
[15:09] <patdk-wk> yes, direct works with fc
[15:09] <patdk-wk> I have never run ip over fc though
[15:09] <Psi-Jack> Thought so. I only have the 3.
[15:09] <Psi-Jack> With DRBD, it can run over FC without an IP.
[15:10] <patdk-wk> I think the pcix ib cards are like $40
[15:12] <skorv> Psi-Jack: i have to admit... you are a better tech than i am
[15:12] <skorv> Psi-Jack: so... challange accepted :P
[15:12] <Psi-Jack> heh
[15:12] <Psi-Jack> Don't worry, I get that a lot.
[15:13] <Psi-Jack> I literally tested out of many certs without even studying. I even CORRECTED their errors on their own test and proved it.
[15:13] <Psi-Jack> CompTIA was pretty bad about having little errors on their tests. ;)
[15:14] <eagles0513875> ikonia: fixed the problem with virt-manager
[15:17] <eagles0513875> ikonia: turned out virt-manager didnt like the way i had the networking setup in regards to the bridge
[15:19] <ikonia> as I said, it would be your configuration not a bug
[15:21] <Psi-Jack> heh
[15:23] <eagles0513875> ikonia: turns out using the xend config scripts work better then setting up the bridge in the network interfaces file
[15:24] <ikonia> shouldn't really matter
[15:24] <Psi-Jack> Yeah, doesn't matter, actually.
[15:24] <ikonia> I suspect you just set the bridge up wrong
[15:24] <ikonia> but the scripts set it up correctly
[15:24] <eagles0513875> ikonia: copied whats on the xen documentation
[15:24] <ikonia> copying = not good, thought = good
[15:27] <eagles0513875> http://wiki.xen.org/xenwiki/HostConfiguration/Networking.html
[15:27] <eagles0513875> ikonia: ^ that is what i followed
[15:28] <ikonia> showing me the link isn't going to help
[15:31] <Psi-Jack> Hmmm
[15:31] <Psi-Jack> I've been considering dropping iSCSI GFS2 in favor of NFSv3.
[15:38] <soren> zul: Where does the packaging branch for horizon live?
[15:38] <zul> on Ubuntu or trunk?
[15:38] <zul> lp:~ubuntu-server-dev/horizon/essex
[15:39] <soren> I see.
[15:39] <soren> Thanks.
[15:39] <zul> problems?
[15:42] <soren> zul: Only that those packaging branches seem to move around a lot.
[15:42] <zul> soren: yeah
[15:43] <soren> Er....
[15:43] <soren> do you not use bzr builddeb?
[15:43] <zul> yeah we do
[15:43] <soren> Uh.. how?
[15:44] <zul> bzr bd -S
[15:44] <soren> zul: Well, sure, but how do you actually work on the packages?
[15:45] <zul> soren: what do you mean?
[15:45] <soren> How do you make changes to the packaging?
=== alamar_ is now known as alamar
[15:45] <soren> How do you test them?
[15:45] <soren> How..
[15:46] <soren> There's no .bzr-builddeb?
[15:46] <zul> soren: we use merge proposals etc and we use our openstack-ci to test the packages
[15:46] <zul> eh?
[15:46] <arrrghhh> hey guys.  is there any difference between "service <svc> start" and "/etc/init.d/<svc> start"?
[15:47] <arrrghhh> because the latter just worked when the former did not.
[15:47] <soren> zul: I just don't see what your are using bzr builddeb for?
[15:47] <zul> soren: fuck i need to add it apparently sorry about that
[15:47] <soren> zul: Other than a wrapper around dpkg-buildpackage
[15:47] <soren> zul: Don't apologise. Explain :)
[15:47] <soren> zul: How are you using this stuff without it?
[15:47] <zul> soren: i didnt know about the .bzr-builddeb directory
[15:48] <soren> but..
[15:48] <soren> How..
[15:48] <soren> Ok, say you find a bug.
[15:48] <soren> You want to fix it.
[15:48] <soren> What do you do?
[15:48] <soren> Let's say nova/utils.py needs a patch applied.
[15:49] <soren> Sorry, no, not nova, because I set Nova up to make this work properly.
[15:49] <soren> Horizon.
[15:49] <zul> open up a bug in launchpad, propose a branch to be merged send a merge request, i usually merge them
[15:49] <soren> No no.
[15:49] <soren> Between "open a bug" and "propose a branch" there's some actual work going on.
[15:49] <soren> How do you accomplish that?
[15:50] <zul> soren: right standard procedures apply
[15:50] <soren> Clearly... They do not.
[15:50] <soren> That's why I'm asking.
[15:50] <zul> yes they do
[15:50] <soren> ...
[15:51] <soren> Well, the tools we've been using for years don't work on that branch.
[15:51] <zul> yes they do, open a bug, propose a fix and then it usually gets merged whats not standard about that
[15:51] <soren> Look.
[15:51] <soren> That's not the part 'm asking about.
[15:52] <zul> what part are you asking then?
[15:52] <soren> I'm asking about the part between opeining a bug and propsing a fix.
[15:52] <soren> The part where you actually fix. the. bug.
[15:52] <soren> Write code. Apply changed. Edit files.
[15:52] <soren> *changes
[15:53] <zul> obviously im missing something
[15:54] <Daviey> Does this not work, vim debian/control ; "edit something" ; dch -e/-i ; debcommit ; bzr bd -S
[15:54] <zul> it does
[15:55] <Daviey> soren: Can you outline issues with that workflow?
[15:55] <Daviey> .. so packaging changes works?
[15:55] <Daviey> (zul, we should probably have VCS fields in debian/control)
[15:55] <zul> Daviey: we do
[15:56] <Daviey> are you sure
[15:56] <Daviey> ?
[15:56] <zul> yeah
[15:56] <zul> Vcs-Browser: http://bazaar.launchpad.net/~ubuntu-server-dev/nova/essex/debian/files
[15:56] <zul> Vcs-Bzr: http://bazaar.launchpad.net/~ubuntu-server-dev/nova/essex
[15:56] <Daviey> Hmm, i did just look - but did not see, /me re-checks
[15:57] <zul> it might not be in the horizon package
[15:58] <soren> Daviey: Yes, changing debian/control obviously works fine.
[15:58] <soren> Daviey: bzr bd-do, doesn't work at all, for instance.
[15:58] <Daviey> Ahh, i see soren's point..  it's an 'upstream only branch'... so you need to run "debian/rules get-orig-source" first, right
[15:58] <Daviey> ?
[15:59] <Daviey> i thought bzr bd -S, auto ran get-orig-source as pristine-tar's last option?
[15:59] <soren> I mean, of course there's nothing magical about what bzr bd-do does, but having to do something like that manually?  Sheesh.
[15:59] <soren> This isn't 2007 :)
[15:59] <zul> oooooh...
[15:59] <zul> DOH!
[16:00] <soren> So:
[16:00] <Daviey> soren: i thought pristine-tar did that automagically?
[16:00] <soren> How do you make a change now?
[16:00] <soren> Daviey: Did what?
[16:00] <Daviey> debian/rules get-orig-source
[16:00] <zul> soren: i bump the changelog and then do a bzr bd -S
[16:00] <soren> zul: Ngh...
[16:00] <soren> zul: I sure hope you actually make changes.
[16:00] <soren> zul: ..and don't just lie about them in the changelog :)
[16:01] <zul> soren: obviously thats not kosher
[16:01] <zul> soren: oh i do
[16:01] <Daviey> soren: we find it gets bugs closed faster.
[16:01] <soren> Daviey: Cool :)
[16:02] <Daviey> soren: so i just checked it out and pristine-tar grabbed the tarball from the archive
[16:02] <Daviey> when i did bzr bd -S
[16:02] <soren> bzr bd -S works fine.
[16:02] <soren> That's not the issue.
[16:02] <soren> That's boring.
[16:02] <soren> I'm not asking how you manage to build the packages.
[16:02] <Daviey> i find it exciting :/
[16:03] <soren> I'm asking how you work on them? I'm genuinely curious what the workflow looks like when you're not using the likes of "bzr bd-do".
[16:04] <soren> E.g.:
[16:04] <soren> For evey other package in Openstack, I can:
[16:04] <soren> bzr branch lp:~openstack-ubuntu-packagers/nova/ubuntu
[16:04] <soren> cd ubuntu
[16:04] <soren> bzr bd-do
[16:04] <soren> and start hacking away.
[16:04] <zul> so what we do is
[16:04] <zul> bzr branch lp:~ubuntu-server-dev/nova/essex
[16:05] <zul> cd ubuntu
[16:05] <zul> start hacking way
[16:05] <soren> No.
[16:05] <soren> There's only packaing there.
[16:05] <zul> er...cd essex
[16:05] <zul> right
[16:05] <zul> if i want to get a new tarball i bump the changelog and then bzr bd -S
[16:06] <soren> I've lost faith in this conversation ever going anywhere.
[16:07]  * soren goes to look at dinner stuff
[16:29] <smb> zul, Ok, I subsribed you and smoser to the libvirt bugs I openen. Found a funny way to make it work somewhat by stopping and starting libvirt-bin after boot of the host is done...
[16:29] <zul> smb: k
[16:29] <arrrghhh> meep
[16:30] <arrrghhh> anyone?  difference between service <svc> start and /etc/init.d/<svc> start?
[16:31] <smb> arrrghhh, I'd suppose the former only works if there is a upstart job (something in /etc/init)
[16:32] <arrrghhh> smb, interesting.  i didn't realize i had to create that in addition to the file in init.d...
[16:32] <arrrghhh> i'll take a look
[16:32] <arrrghhh> thx
[16:32] <smb> Usually after conversion the thing in /etc/init.d whines about you should be using the other
[16:33] <arrrghhh> well it's a homemade script
[16:33] <arrrghhh> ;)
[16:33] <smb> Oh well. So after having the upstart job apparently you make /etc/init.d/foo a link to /lib/init/upstart-job
[16:34] <smb> arrrghhh, So no you do not need necessarily create an upstart job but in that case service x does not work
[16:35] <smb> ;)
[16:38] <arrrghhh> i just want it to run on boot
[16:52] <eagles0513875> smb: ping
[16:53] <smb> eagles0513875, hmm?
[16:53] <Daviey> smb: the restarting of libvirt-bin after restart is a dnsmasq + libvirt fight.. jamespage encountered it aswell on the distributed automated testing
[16:54] <smb> Daviey, Ah ok. It clearly was a race somewhere, just that I did not understand exactly where
[16:54] <jamespage> smb: ah - thats a nice one that - worked around it by configuring options in the libvirt dnsmasq instances rather than using a system one
[16:55] <jamespage> you can tell dnsmasq not to listen on certain interfaces which is manual but works
[16:55] <Bogdaniel> can someone help with this error i'm getting from smartmontools ?
[16:55] <Bogdaniel> Jan 16 18:49:30 Jupiter smartd[6208]: Device: /dev/sda5 [SAT], offline data coll                                                                             ection was suspended by an interrupting command from host (auto:on)
[16:58] <smb> jamespage, Hm, do you have the runes lying magically around?
[16:58] <jamespage> smb: lemme see
[17:01] <jamespage> smb: either use except-interface=virbrXXX or only listen on listen-address=XXXX  - you can specify multiple times in /etc/dnsmasq.conf
[17:03] <smb> jamespage, Hm, looking at ps ax, it seems using a mix of both. But thanks, at least then I know where look.
[17:03]  * smb adds another knob to the table...
[17:04] <Daviey> There are enough knobs at the table, i feel.
[17:04] <smb> Yeah
[17:04] <smb> Funny, don't seem to have /etc/dnsmasq.conf at all
[17:05] <smb> jamespage, Could it be that in your case the machine also has a public dhcp service running?
[17:27] <jamespage> smb: yes - we use dnsmasq standalone alongside the dnsmasq-common package used by libvirt
[17:30] <smb> jamespage, Ah ok. So maybe my need of restart is slightly different that the already found one. bah!
[17:33] <rbasak> jamespage: can I see your late_command for booting the panda please? I'm trying to ssh-import-id myself and base64-in the script to rewrite the sd card, but neither are working. Thought I'd save the hassle of debugging it if I could have yours :)
[17:34] <jamespage> rbasak, hmm - looking at it it appears I don't actually do that
[17:34] <rbasak> lol
[17:34] <jamespage> I pull in the script to re-image for re-boot
[17:34] <jamespage> but not my keys
[17:34]  * jamespage sighs
[17:34] <jamespage> rbasak, sorry - not much help there!
[17:35] <rbasak> np, I'll figure it out
=== dax_roc_ is now known as dax_roc
[18:10] <princej88> hey guys, anyone here have experience installed forked-daapd on ubuntu server?
[18:10] <Cybercoke> hi guys, i need some help on CACTI , just a few questions...
[18:11] <princej88> I haven't been able to find a good tutorial..the new iTunes won't connect to firefly :(
[18:12] <princej88> anyone?
[18:13] <arrrghhh> princej88, i gave up on daapd, t'was too slow even on a LAN.... sorry.  i found mpd to be a much better experience.
[18:13] <princej88> what is mod?
[18:13] <princej88> mpd*
[18:13] <arrrghhh> music player daemon
[18:14] <roaksoax> kirkland: ping
[18:14] <arrrghhh> plays music locally or streams it
[18:14] <arrrghhh> many different interfaces to control it remotely
[18:14] <arrrghhh> including webui's
[18:14] <princej88> oh..i am currently using subsonic. will mpd come up in itunes?
[18:14] <arrrghhh> subsonic is pretty sweet too.
[18:14] <arrrghhh> mpd come up in itunes?  i don't use itunes dude.
[18:14] <arrrghhh> if itunes can stream http streams, then it'll work.
[18:14] <princej88> that is the only thing i don't like about subsonic..no native iTunes integration..or any player integration. YOu have to use subsonic player
[18:15] <arrrghhh> i thought subsonic would stream
[18:15] <princej88> Okay, ill take a look at mpd.
[18:15] <princej88> it does..but you have to use a subsonic player
[18:15] <arrrghhh> i never went all-in on subsonic since they wanted me to pay for the app
[18:15] <arrrghhh> and i never could get it to work right on the trial, so why would i pay for it...
[18:15] <princej88> http://www.subsonic.org/pages/apps.jsp
[18:16] <princej88> you have to use one of those..I wish it would just play though iTunes like firefly used to.
[18:16] <princej88> anyone tutorials u recommend for setting up mod?
[18:16] <princej88> mpd*
[18:16] <arrrghhh> their website is quite good
[18:16] <arrrghhh> i also made one a long time ago
[18:16] <princej88> ok cool. i'll check it out. thanks guys for the help
[18:17] <arrrghhh> not sure if it's still relevant or not, i had issues with aac encoded files with the version of mpd in the repo's
[18:17] <arrrghhh> np, good luck.
[18:22] <akhil> hi
[18:22] <akhil> i have a problem with dell
=== dendrobates is now known as dendro-afk
[18:23] <akhil> i installed ubuntu 11.04 and ow i am not able to change my brightness.
[18:23] <akhil> can anybody help?
[18:24] <arrrghhh> akhil, brightness...?  this is a server installation?
[18:26] <akhil> sorry
[18:27] <akhil> where should i ask for help regarding this problem
[18:27] <akhil> plz
[18:27] <akhil> anr irc client
[18:27] <akhil> *any
[18:28] <arrrghhh> akhil, if you're running Ubuntu Desktop, there's simply #ubuntu
[18:28] <arrrghhh> #ubuntu-server is geared towards the server edition - which comes gui-less.  no UI.
=== dendro-afk is now known as dendrobates
[18:40] <j3d3> my ubuntu 10.10 server has clients logging in to use software. when they print off a report locally is only giving then 1 ot 5 of their pages. anyone have any idea why?
=== Ng_ is now known as Ng
=== pdtpatrick_ is now known as pdtpatrick
[18:51] <kirkland> roaksoax: pong!
[18:56] <uvirtbot> New bug: #917309 in openvswitch (universe) "brcompatd works with brctl delif but doesn't with addif" [Undecided,New] https://launchpad.net/bugs/917309
[19:03] <cr3> hi folks, if I build an ubuntu image in a kvm automatically with a preseed, might there be a simple way to kickoff a command automatically once the system reboots into the installed image?
[19:06] <zul> cr3: yeah there is the late_command
[19:07] <cr3> zul: so I'd create an upstart or xdg/autostart script in the late_command which would get executed after the system reboots into the installed system?
[19:08] <zul> cr3: it should
[19:08] <cr3> zul: I was hoping for something "simple", but that's not out of my reach. will do, thanks!
[19:10] <cr3> another question: might there be a convenient way for the kvm system to easily drop files onto the host system, ie the output of the command that'll get run. I guess I could mount a directory on the host filesystem in the libvirt.xml, right?
[19:11] <zul> cr3: yep
[19:17] <RootChaos> anyone have a good howto for ubuntu + lvs ?
=== guntbert_ is now known as guntbert
[19:53] <skorv> Psi-Jack: how do you setup the redundancy?
[20:17] <cr3> I'm trying to mount a directory on a kvm host from a kvm guest, so I have this in my libvirt.xml: se noai
[20:17] <cr3> a<filesystem type='mount' accessmode='squash'><source dir='/export'/><target dir='/export'/></filesystem>:se ai
[20:17] <cr3> not quite, this is what I really have:
[20:17] <cr3> <filesystem type='mount' accessmode='squash'><source dir='/export'/><target dir='/export'/></filesystem>
[20:18] <cr3> however, I have no clue how to mount that from the guest or whether that even makes sense
[20:46] <Bogdaniel> umm can someone help uninstall mysql-server ? i'm having a strange error even if i removed it using apt-get remove mysql-server..
[20:47] <arrrghhh> did you try purge?
[20:48] <Bogdaniel> yes
[20:48] <Bogdaniel> i tried
[20:48] <Bogdaniel> but umm when i do from terminal mysql i still get
[20:48] <Bogdaniel> ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
[20:48] <Bogdaniel> and that was the error why i tried a reinstall ..
[20:49] <arrrghhh> was mysqld running?
[20:49] <Bogdaniel> umm no i don't think so .. i didn't checked .. a little tired here .. :(
[20:49] <Bogdaniel> i think it was running ..
[20:56] <JDeagle> Hey can someone help me out with a network issue
[20:58] <guntbert> !ask | JDeagle
[20:58] <ubottu> JDeagle: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
[20:59] <JDeagle> ok, so i have this server with a virtual network interface, but everyone outside of the domain cannot access the webserver or vpn. I am not sure I have set up the virtual interface right, and I need to do a little ip masquerading
[20:59] <JDeagle> !patience
[20:59] <ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
[21:00] <arrrghhh> lol
[21:01] <guntbert> JDeagle: to be honest I cannot understand what you did/what you want
[21:02] <JDeagle> lemme go into more detail
[21:07] <JDeagle> I need to setup a virtual interface, i need to route certain packets to the virtual interface. And I also need people to connect to the website that is setup. right now now one can connect to the server and thats what I need help with currently.
[21:13] <kerframil> JDeagle: that's a very long way from being detailed
[21:18] <JDeagle> ok lets start with this, how do I allow incomming connections on a specific network interface?
[21:19] <kerframil> JDeagle: you don't need to, unless you have gone out of you to filter traffic using netfilter/iptables
[21:19] <kerframil> out of you way, I mean
[21:20] <JDeagle> ok cause right now my server is not allowing incomming connections, what can i do to fix this
[21:21] <kerframil> JDeagle: how are you expecting your server to be reached? from where are you connecting, and to what? some information about your network topology would be beneficial.
[21:22] <kerframil> JDeagle: for example, you mentioned a 'virtual' inteface earlier but that could be taken to mean several things in practice. what's the device name and how was it brought up? what is its address and how does that fit in with your mode of connectivity and the manner in which you are currently trying to reach it?
[21:27] <JDeagle> lemme look for some documentation, the guy before me did not leave me with a good idea of what is going on. I do know that I need people to hit the web sever from a browser on eth1, the virutal device is setup as eth1:1. I am not quite sure what you mean by how it is brought up.  I do know that eth1:1 is beneficial in someform but I am trying to find what it does exactly
[21:28] <zul> ls
[21:28] <kerframil> JDeagle: can you convey the address of eth1? (note: there's no security risk in wriing it here as long if it's a 'private' RFC 1918 mandated address as used in a LAN)
[21:28] <kerframil> writing*
[21:29] <kerframil> JDeagle: or, to put it another way, does it begin with "10." or "192."?
[21:29] <JDeagle> its not a lan adderss. but it ends in .5, and teh virtual device is .11
[21:29] <Rafael> can i place a picture of my screen on pastebin so i can show what my screen shows at boot?
[21:30] <kerframil> JDeagle: can you just put the output of "ip addr show" in a pastebin? it woudl clarify a great deal.
[21:30] <JDeagle> yeah gimmie a min
[21:30] <guntbert> Rafael:  Upload an image to http://imagebin.org/?page=add and post a link to it.
[21:31] <kerframil> JDeagle: also, you can check what netfilter is doing by running: iptables -S -t filter
[21:31] <JDeagle> want me to put both of those on there?
[21:31] <kerframil> JDeagle: sure
[21:33] <JDeagle> http://pastebin.com/RHRpGP7Y
[21:36] <Rafael> ok ..maybe somebody can help me..i have ubuntu 9.10 on sofware raid md0-boot (raid1) , md1-swap (raid1), md2-system (raid 5), md3-home (raid 5), i have a crash and even though system appears to be working well i get the following screen at boot: http://imageshack.us/photo/my-images/215/20120116104650458.jpg/
[21:39] <kerframil> JDeagle: indeed, it doesn't appear to be reachable but there's no packet filtering occuring on this particular server. run this also: ss -ltn | grep :80
[21:40] <JDeagle> 3 connections come up. on .11 .5 and .7
=== TomasBrincil is now known as snouman
[21:42] <kerframil> JDeagle: is the server behind a firewall? what happens beyond the ethernet port?
[21:42] <Glitchd> is it cool to ask a question about filezilla in here?
[21:42] <Glitchd> i mean is it ok..
[21:43] <JDeagle> It goes to the universities firewall, and they are suppose to allow the connection out.
[21:44] <Glitchd> anyone know if i need a seperate program for other to download from me if i use filezilla, or with filezilla take care of the downloading and uploading?
[21:44] <Psi-Jack> Glitchd: FileZilla is just a client, not a server.
[21:45] <Psi-Jack> And this is by far not related to server stuff.
[21:45] <Glitchd> so i would need "filezilla server" to make it a complete server then..
[21:45] <Glitchd> i know but i didnt know where else to ask
[21:45] <kerframil> JDeagle: tcpdump -i eth0 dst port 80
[21:45] <Pici> Glitchd: There is no filezilla server for Linux.
[21:45] <Glitchd> Psi-Jack, ^
[21:45] <Rafael> can somebody help me with my question
[21:45] <Glitchd> whats your question?
[21:46] <Pici> !ftpd | Glitchd
[21:46] <ubottu> Glitchd: FTP servers: ftpd, proftpd, pure-ftpd, twoftpd, vsftpd, MuddleFTPd, wzdftpd - Graphical front-ends: PureAdmin, GProftpd (for GNOME), KcmPureftpd (for !KDE) - See also !FTP
[21:46] <JDeagle> kerframil: its sitting here listening.
[21:46] <kerframil> JDeagle: I'll attempt to make contact
[21:46] <Glitchd> Pici, i know, but i couldnt find any other room that sounded like it would help me..
[21:47] <JDeagle> kerframil: Stuff is coming up
[21:47] <kerframil> JDeagle: ok
[21:47] <Psi-Jack> Hmmm...
[21:47] <kerframil> JDeagle: from virginmedia?
[21:47] <JDeagle> yeah
[21:47] <kerframil> JDeagle: well, that's a start
[21:47] <Pici> Glitchd: like #filezilla?
[21:47] <JDeagle> kerframil: is that a good thing?
[21:48] <kerframil> JDeagle: yes. it proves that the firewall is not impeding inbound traffic
[21:48] <Psi-Jack> GFS2 over iSCSI, with the headache of GFS2 and growing at the main server whenever the time is needed.... Or NFS to XFS and allow for real live upscaling? ;)
[21:48] <kerframil> JDeagle: route -n
[21:48] <kerframil> JDeagle: is a 0.0.0.0 destination shown?
[21:49] <JDeagle> yeah twice
[21:49] <kerframil> JDeagle: twice? paste?
[21:49] <JDeagle> 0.0.0.0         128.196.147.1   0.0.0.0         UG    100    0        0 eth1
[21:49] <JDeagle> 0.0.0.0         128.196.147.1   0.0.0.0         UG    100    0        0 eth0
[21:51] <kerframil> JDeagle: check your outband path. can you ping something external?
[21:52] <JDeagle> like googles dns?
[21:52] <kerframil> JDeagle: yep
[21:52] <JDeagle> yeah i can ping it
[21:56] <kerframil> JDeagle: are you able to access the webserver from where you are?
[21:56] <JDeagle> yeah everyone on the domain can get to it
[21:57] <kerframil> JDeagle: it could be that the outbound traffic is thwarted by the university firewall
[21:58] <JDeagle> what would i need to tell them to fix it?
=== Madkiss_ is now known as Madkiss
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates