[00:10] Daviey: so sendfile is not really needed so i dropped it for f1, but python-jsonschema is at https://bugs.launchpad.net/ubuntu/+source/python-jsonschema/+bug/1003729 [00:10] Launchpad bug 1003729 in python-jsonschema "[MIR] python-jsonschema" [High,New] [00:11] Daviey: can you also get them to look at dwarves-dfsg, its blocking a new libvirt [00:12] Daviey: after that we are all set [00:12] zul: do you have MIR's open for all of them? [00:13] Daviey: yeah [00:13] zul: ~ubuntu-server as subscriber to the package? [00:13] damn it give me a sec [00:13] http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html .. missing a bunch [00:15] Daviey: how do i get it on that list [00:16] Daviey: python-repoze.lru, dwarves, python-jsonschema are on the list [00:18] zul: ~ubuntu-server as bug subscriber, and ~ubuntu-mir subscribed to the actual MIR bug [00:19] and != Fix Released [00:19] Daviey: ack === iggi_ is now known as iggi [01:14] Does anyone have a good suggestion for hosting PDF files on a server, like SubSonic does for audio/video? === jtv1 is now known as jtv [03:26] I'd like real-time file sync between two servers. I could use Rsync to run every minute or something, but I want closer to real-time than that. [03:26] Does anyone have any practical experience setting something like that up? [03:26] drbd [03:26] But it's a pain, don't bother [03:26] NFS is no good for you? [03:26] Yeah or a simple NFS [03:26] Except of course then the content actually only lives on one host [03:27] never worked with NFS, and if that data only lives on 1 host, not interested. If server 1 kicks the bucket I want server 2 to essentially be a mirror of that. [03:27] I don't need to sync the entire filesystem either [03:27] just a few directories [03:28] tash: so put those dirs on their own filesystem [03:29] how does that accomplish anything? Not being sarcastic here, maybe ignorant... ? [03:41] sounds like you want drbd. [03:42] its not trivial though [03:42] drbd is a pain in the arse [03:42] FWIW I just do a nightly rsync and if you lose a day of data that's just tough [03:43] oh theres also glusterfs [03:43] For something fancier you need to pay me 10 or 100 times more and in the end it'll probably still be flaky [03:45] that kind of uptime requires serious infrastructure, too [03:46] you _can_ set it up on regular old servers, but it won't work as intended unless you've got the hardware to back it up [04:00] qman__: and a NOC monkey to babysit it [04:03] twb, I thought noc monkeys normally caused the issues [04:06] They cause DIFFERENT issues [04:07] well, maybe, normally same solutions [04:13] Always mount a scratch monkey [04:51] hi. i was timeout from the session. (i was yust installing one problem and went timeout in the midle of setup) how to log in to session again? is there any way? the process is still running [05:00] sponzor, [05:15] Has anyone ran into issues with encryptfs's private file storage size not reflecting original files size? [05:18] "reflecting" how [05:18] encryption will obviously increase the flie size [05:19] It probably can't show the decrypted size without decrypting it, which would be a linear or superlinear operation -- not appropriate for a simple ls -l [05:20] I think it caches it [05:20] encryptfs uses backing files [05:20] but each backing file will be a rounded size (rounded to the size of the cypher block [05:20] vadi2: ^ [05:20] gotcha [05:21] lifeless: my issue is that my home folder is 10gb, my encryptfs for my home folder is 80%, and available space on disk is 0. [05:21] The situation is critical at this point with 'out of disk space [05:21] errors coming up every half an hour. [05:22] er, 80gb, not %. So something is awfully really broken without my touching it on a clean 12.04 install and I'm hoping there's someone who knows this thing. [05:22] pastebin df -h and df -i output [05:22] Make that df -m not df -h [05:22] also mount [05:23] cat /proc/mounts [05:23] mount output is full of lies [05:23] heh [05:23] It says the following: http://pastebin.com/raw.php?i=LSKJqxVP [05:25] Well you've managed to fill both of them apparently [05:25] "tune2fs -l /dev/sda1" please [05:25] I want to know what percentage is reserved for root; it should be at least 5% [05:25] I did not. Observe this screenshot: http://i.imgur.com/EQuKp.png [05:26] My home partition is only 9.7gb. I've been cleaning and cleaning it of things without realizing where the issue is. It's 10% of the drive. [05:26] Sure, moment. [05:26] I don't trust baobab. Try "du -hx / | sort -hr | head -20" [05:26] vadi2: your / is full; the question is what has filled it [05:27] One must imagine that it should be trustable... tune says this: http://pastebin.com/c2vryzJP [05:27] lifeless: is it not encryptfs private files that filled it? [05:27] baobab is probably reporting --apparent-size [05:27] OK at least you have a reserved %, that's good [05:27] Here is that du command: http://pastebin.com/pGvLqNEv [05:28] vadi2: you need to be root when you run it [05:28] sudo du ... [05:28] vadi2: quite possibly [05:28] But it's indicating your /home is using all the space [05:28] vadi2: twb is, sensibly, assuming that there may be a lot of confusion going on. [05:28] So do it on /home as well as / [05:28] vadi2: due to the encryption layering and so forth. [05:28] Here is du: http://pastebin.com/7dsLvhYW [05:29] lifeless: not to mention there is more than one way to count files [05:29] That was on / ? I will try /home [05:29] vadi2: good. [05:29] tash: re your earlier issue — I just came across ceph — fairly complex as well, though [05:29] vadi2: er, you might need to run it on /home/vadi not /home [05:29] Here is /home : http://pastebin.com/q12fK4cJ [05:29] I only really have 1 user. [05:30] vadi2: run it on /home/vadi [05:30] Okay [05:31] It's different: http://pastebin.com/xXLCy0pW [05:42] Guess that works it out, baobab was wrong! Thanks, I'll stick with this command until it's fixed. Crisis averted... [05:42] If you want GUI, xdu can take the output of du and render it graphically [05:42] It is much faster than baobab [05:43] I do, thanks. Baobabs speed is OK on this SSD that sits at the top of the benchmarks I've seen... just need something reliable [08:11] Hi guys [08:11] Anyone know if snapshot functions have been removed from virsh? on Ubuntu-10.04 [08:11] and how do I get them back? [08:23] Removed as compared to what? [08:23] libvirt-bin is not in 8.04 [08:25] twb, 8.04? I'm talking about 10.04 [08:26] qbitza: to be removed, they must have existed in an earlier release. [08:26] this page says it exists: http://manpages.ubuntu.com/manpages/maverick/man1/virsh.1.html [08:26] maverick post-dates lucid. [08:26] i.e. it is newer [08:26] *sigh* [08:27] twb, thanks so I need to upgrade the entire server to get snapshots :( [08:27] <_ruben> heh [08:27] It would not be surprising if maverick's virsh had featurse that were not present in lucid; I cannot vouch for this specific case. [08:28] qbitza: or you could perhaps do it by hand and bypass libvirt-bin. Depends on what you want, precisely. [08:28] It is worth noting that maverick is not a LTS release and will EOL much sooner than precise [08:28] I just need to create and rollback snapshots - for testing [08:29] For KVM? [08:29] twb, yeah if I upgrade, I'd go to 12.04 [08:29] Yes [08:29] qcow2? [08:29] Yes [08:30] That functionality is present in KVM, if you can work out how to connect to KVM's control pty (or stream, depending on how libvirt-bin invoked it) you can simply tell it to make/delete snapshots as necessary [08:30] In kvm -curses, it's Alt+3 to switch to the relevant control console. I don't remember how you'd do it via libvirt-bin [08:30] It's probably using a fifo in which case you can't do it while libvirt-bin is running that VM [08:31] Any chance of just upgrading libvirt? cause once I manage that, testers (read newbees that like to break things) will be using the functionality [08:32] probably not without grief, but you can check backports and so on [08:32] twb, Okay thanks - gives me some new places to go dig around in [08:32] Especially not if you have newbies [08:32] Oh and note that virt-manager is utterly terrible as at lucid, and it is also dangerous to hook up a newer virt-manager to an old lucid libvirt-bin [08:33] morning o/ [08:33] To the point where I have basically given my users instructions "do not EVER click this, this this or this" re their newer mavericks and my old lucid libvirt-bin [08:33] Oh... so, an upgrade might not be such a bad idea? [08:33] If I could get away with it I'd just ban virt-manager entirely since it's clearly still alpha quality software [08:33] IIRC even the virt people said it was not production ready as at the versino lucid shipped [08:34] Phew that's harsh - so you use KVM straight? [08:34] qbitza: I use kvm straight when I'm in charge, when I have some users I use libvirt-bin and as little virt-manager as possible [08:34] And try to get them to use virsh instead [08:34] :) Gotcha [08:35] Unfortunately virsh consoel doesn't work at all over libvirt's inbuilt ssh magic &c &C [08:35] it's all quite griefful when you are used to kvm -curses and kvm -stdio [08:35] Er, kvm -nographics? Whatever the one is that connects stdio to the guest's serial port [08:36] I should point out that my VMs are all servers, not GUI desktop things. So graphics is either unnecessary or pointless [08:36] That's our setup here too [08:37] although we *might* need to do one or two Windoze boxes [08:37] I have one, to talk to the stupid goverment tax people who are in bed with MS [08:38] I find the lack of console access to my VMs a pain, but I manage... [08:38] kvm -somat/nographics/curses should conenct me? [08:40] qbitza: well something like kvm -hda /dev/mapper/VG0-Guest17 -curses [08:41] Except that since the guest is probably expecting whatever environment libvirt-bin provides, you might need to pass extra args. Look at /var/log/libvirt-bin/guest.log IIRC to see how it was started [08:41] It's pretty hairy IIRC [08:42] Sweet === koolhead17 is now known as koolhead17_afk === pdtpatrick_ is now known as pdtpatrick [11:21] adam_g, does bug 1003854 link into the stuff you where doing for openldap? sounds similar [11:21] Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Undecided,New] https://launchpad.net/bugs/1003854 [11:47] Daviey: Hi! [11:48] hi Syria [11:50] Daviey: Lost the connection yesterday sorry about that, is this correct please? ssh -D my-ip-address:4000 user@VPS-address [11:50] Syria: no. [11:51] Daviey: I did not what should I use instead of 0.0.0.0:4000 ! [11:51] did not what? === matsubara-afk is now known as matsubara [11:52] Daviey: Do I have to do this exactly? ssh -D 0.0.0.0:4000 user@VPS-address ?? [11:52] that is what i would do. [11:56] Daviey: Okay, Then you told me to set the socks proxy as the ip of the laptop and port will be 4000, but my ipad doesn't have a feild for socks proxy? is that okay? it is just a normal proxt field. [11:56] * Daviey has to go [11:57] <_ruben> proxy != socks proxy in 99% of the time [11:57] <_ruben> so if the ipad doesn't do socks, you'll need to use squid for instance instead [11:58] Daviey: Thank you for your help. It was useful. [11:58] _ruben: Good news, I will test it later. [12:10] Whats the recommended method for setting up MAAS server, dnsmasq seem buggy? [12:10] should I use my normal dhcp network server and just use "next server" ? [12:46] stgraber: I'm about to test http://people.canonical.com/~serge/lxc-always-close-fds.debdiff for bug 1003583 [12:46] Launchpad bug 1003583 in lxc "make the "--close-all-fds" option in lxc-start on by default" [Low,Confirmed] https://launchpad.net/bugs/1003583 [13:00] did someone repackage and check xen-hypervisor for precise? [13:02] Could not read keymap file: '/usr/share/qemu/keymaps/en-us' [13:02] because the path for some reason is /usr/share/qemu-linaro/keymaps/en-us [13:03] gave a good headache [13:04] zul: could you give me an opinion on bug 993355 [13:04] Launchpad bug 993355 in keystone "package keystone 2012.1-0ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/993355 [13:04] jamespage: yeah lemme try to figure out whats going on here [13:05] jamespage: havent seen that one before [13:08] in a situation where more than one user needs to update a website directory, is it customary just ato add them to the www-data group [13:08] zul, I'm going to fix that nmbd upstart configuration to not fail when testparm returns a non-zero error code [13:09] its not the intent of the check anyway and generates lots of cruft. [13:09] jamespage: ack [13:11] * jamespage -> lunch [13:11] and then those last 21 bugs a in my target for today.... === beerbro is now known as juudi === juudi is now known as beerbro [13:32] I installed ltsp with Ubuntu 12.04, I have to connect to Active directory, so I installed pbis (Likewise-open's replacement), I am connected to the AD domain, I can run the commands from command line to verify AD (find-user, find-dc, etc) and can ssh into the ltsp server with my AD credentials. BUT.. on the server I can not get login as an AD user, there is no option for it, I see the user that I created when installing Ubuntu, and guest session. [13:32] There is no option for domain\username to login.. [13:40] hallyn: cool, let me know if it works fine, if it does I'll start preparing the SRU === matsubara is now known as matsubara-afk [13:47] stgraber: it works fine as far as running with open fds. running lxc-test just to be sure [13:49] k [13:54] added the SRU justification to the bug report [13:55] all right i need to change the lxc-test to only duplicate one, not all tests :) (for testing with empty and primed caches) [14:01] smoser, reckon we can get New/Undecided to 0 today? [14:03] jamespage, apt-get --purge remove samba openldap [14:03] done! [14:03] smoser: +1 [14:04] smoser: see my comment above to zul re samba nmbd failures [14:04] jamespage: no ones uses samba anyways [14:05] stgraber: tests pass [14:05] hallyn: cool [14:06] jamespage: thats old sk00l [14:08] so, a question. when deploying the MaaS + Juju, you have to have the initial MaaS server to orchastrate the rest of the nodes. And, if I understand juju's model, it has to have a provider like MaaS, EC2,OpenStack, etc. to manage a node. [14:09] That leaves the MaaS/admin node unmanaged. so it has to be set up manually. Have a missed a feature/ability of juju or some such? [14:09] s/Have a/Have I/ [14:11] jamespage: o/ [14:11] hey hallyn [14:12] heh, sorry, that wasy supposed to be \o/ [14:12] obnbd [14:12] but one \ gets filtered by my input script :) [14:13] lol [14:13] \o/ [14:15] is there a guide/wiki somewhere for installing xen on 12.04? i cant seem to find much [14:21] ? [14:26] jamespage: filed the python-webob sru btw [14:26] zul: nice one [14:29] jamespage, so https://bugs.launchpad.net/ubuntu/+source/nmap/+bug/1003326 is confirmed? [14:29] Launchpad bug 1003326 in nmap "IPv6 hosts incorrectly reported down" [Undecided,Incomplete] [14:29] you left incomplete. [14:30] smoser: yes it is - I was just looking to see if nmap6 fixes ipv6 stuff [14:30] methinks we might be overlapping [14:30] yeah. i was acutally buildin gnmap6 [14:30] nmap6 [14:31] on a brain-dead-hope-it-works merge. [14:35] any lightdm gurus around? [14:35] jamespage, well, simple merge failed. so that'd be more work to figure that out (i just tried building hte debian package). didn't even bother with building nmap [14:36] building nmap outside of ubuntu package. [14:36] i'm always confused as to what constitutes triage. [14:36] smoser, I think thats probably a step to far TBH [14:37] its about confirming bugs in the current version in the archive - rather than their absence from a future version [14:42] * apw has hit an upgrade bug on a server package (lucid->precise) is there somewhere these get tracked for the .1 point release ? [14:42] bug #1003971 [14:42] Launchpad bug 1003971 in isc-dhcp "on upgrade lucid -> precise /etc/default/isc-dhcp-server is not migrated" [Undecided,New] https://launchpad.net/bugs/1003971 [14:43] Daviey, ^^ [14:48] apw: the bug task is pointed to .1.. so it should be good [14:48] (we need to do some work to create better SRU reports) [14:48] thanks for letting me know [14:49] Daviey: hey, what do you guys use to orchastrate your initial admin node? [14:51] Daviey, heh yeah only cause i pointed there :) [14:55] adam_g, is the no-change rebuild still required for openldap for bug 990742? [14:55] Launchpad bug 990742 in openldap "slapd fails to upgrade: requires libsasl2-2 (>= 2.1.24) installed" [High,Fix released] https://launchpad.net/bugs/990742 [14:58] hallyn: nice to see Christian's patchset on lxc-devel this morning! [14:59] yup [15:03] anyone know anything about how kolab works? [15:04] Is https set up by default on Ubuntu Server 12.04? [15:05] jamespage: it needs php i think [15:05] zul, more wondering what it does with openldap configuration [15:05] bug 994843 [15:05] Launchpad bug 994843 in openldap "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/994843 [15:06] I *think* its failing because it can't access the kolab ldif files... [15:06] jamespage: its a recommend for kolabd [15:07] zul, yeah - I just read the README - it has a kolab_bootstrap step which munges your system [15:07] jamespage: bah [15:07] sorry - that sounded derogatory to kolab - 'configures' would be a better work [15:07] word === koolhead17_afk is now known as koolhead17 [15:29] I setup software raid on my server that has 2 drives in it. It is RAID1. If I lose a drive, do I have to do anything to rebuild the array? [15:29] Or does it rebuild on its own when I put a new drive in? [15:31] hallyn: wrt close-fds, I'm wondering if it doesn't make sense to actually completely drop the option but just keep it in the SRU [15:31] hallyn: IIRC upstream LXC never actually released a version with that change so I don't see any reason to keep backward compatibility with something that was never released [15:37] stgraber: but we want the option to keep working for precise [15:38] hallyn: correct. Your debdiff looks good for the SRU, I just don't think we want to use that one for quantal and upstream [15:40] stgraber: quantal and upstream already automatically close them, so there's nothing to do [15:41] hallyn: ah, ok, I missed that sorry. [15:41] oh, maybe not. what on earth [15:41] stgraber: upstream does seem to have -C --close-all-fds option [15:42] but, apparently, when that isn't specified, it simply warns but doesn't fail nor close the fds [15:42] if im' reading this right [15:42] and I just confirmed that quantal still lists --close-all-fds in --help, I think this should go away [15:42] do you have a precise lxc handy? [15:42] yep, I have precise lxc pretty much everywhere [15:43] sorry i meant a quantal lxc [15:43] I have that too [15:43] so you could run the testcase from the bug description [15:43] and see if it starts the container [15:44] except the kernel in quantal is still buggy and tends to oops/panic on container startup :) [15:44] jinkeys [15:44] let's try, maybe I'll be lucky and will just get an oops ;) [15:45] stgraber: as for remving the close-all-fds, i think maybe we should just suggest it upstream but let them do it [15:46] hallyn: ./execme works fine on qunatal [15:46] *quantal [15:47] and 'works' means the container starts up? :) [15:47] right [15:47] cool [15:47] thanks [15:48] hallyn: I'll send an e-mail to lxc-devel with a proposed patch to drop --close-all-fds (making it clear it's just a suggestion :)) [15:49] k [15:51] * jamespage high 5's smoser [15:51] http://reports.qa.ubuntu.com/reports/ubuntu-server/triage-report.html - New/Undecided bugs == 0 [15:51] hooray! [15:51] 1 bucket empty. [15:51] now noone open any new bugs! [15:52] only 252 in the next bucket! [15:53] jamespage: "only" :) [15:53] testing one two [15:55] hallyn: I'm not sure I see why --close-all-fds isn't needed on quantal. Looking at the code, it's only set to 1 if -d is specified. [15:55] RoyK: three [15:56] thanks ;) [15:57] just doing some testing to see if irssi is logging while on an encrypted fs, which is automatically closed when I log out, and it seems at least it's buffering sufficiently to flush it when I get back in... [16:01] Ubuntu 12.04 LTSP.. connecting to Active Directory with Likewise, to get the other user option back, one must disable the user list and guest account in lightdm or use the gtk greeter... is it as simple as going into lightdm.conf and change the line greeter-session=unity-greeter to "gtk-greeter" or is there more to it? [16:02] bieb: http://paste.ubuntu.com/1004958/ [16:02] bieb: for /etc/lightdm/lightdm.conf [16:02] stgraber: no, case 'C': args->close_all_fds = 1; break [16:03] stgraber: awesome! will try it now [16:05] hallyn: right, but that should only apply when called with -C no? [16:05] hallyn: I don't see why close_all_fds would be set to 1 if I don't start with -C or -d [16:05] my_longopts has {"close-all-fds", no_argument, 0, 'C'}, [16:06] so if you pass --close-all-fds, it'll send 'C' tothat fn === zooko` is now known as zooko [16:06] so, the argument is there. But it's quite useless to have not passing the arg as an option :) [16:07] Hey folks! Does anyone have strong juju fu and you value privacy and security for end users, and you want to collaborate on writing a charm for Tahoe-LAFS? [16:07] I think it should be pretty easy. [16:07] hallyn: right, let me rephrase that then ;) I don't see why close_all_fds would be to set to 1 if I don't start with one of -C, -d, --daemon or --close-all-fds [16:07] For one thing, Tahoe-LAFS servers do not need to do anything in response to other servers or clients coming or going. [16:07] So that's some charm code that we don't need to write right there. :-) [16:08] stgraber: correct, it would not. [16:08] so WTH is execme working on quantal? it should surely fail :) [16:09] no, it is giving you a warning message and then not failing, bc the code to make it fail was taken out :) [16:10] oh right, it'll print a warning "inherited fd %d" but won't actually close the fd... [16:10] Also, Tahoe-LAFS is already in Ubuntu, so we don't even need to configure a PPA. [16:10] right. IMO a worse behavior than failing :) [16:11] agreed... I'll send a patch dropping all the close_all_fds stuff and making the close() stuff the default (instead of printing a warning) [16:11] now things make sense ;) [16:11] excellent :) [16:14] hallyn: looking at the code, I'm not sure to understand the reason for the "goto restart" in the loop iterating all the fds, was there an actual problem with just calling close(fd) and continuing? [16:14] stgraber: yes, because originally that was then where we returned an error [16:14] (look at the precise package's code) [16:14] so you can get rid of that now [16:15] oh, right, yeah, makes sense :) whoever moved it to a warning probably could have removed the goto though... [16:16] yeah i don't know when that happened. it may have been a merge of two patches. (it's possible i did it, but i don't think so) [16:18] yeah that was a commit by Greg Kurz (92c7f6295518decd3989b2790d758888551e7d9a) [16:20] ok..this is sort of irratating [16:21] I have a bit of a "involved" network configuration (vlans..and openvpn bridging to them ..stuff of that nature right) [16:21] well for whatever reason on system boot i get this....prolonged networking start up. [16:22] waiting for network configureation. then Waiting 60 more seconds for network configuration... [16:22] then "booting system without full network configuration" [16:23] everything seams to work right. but i dont understand what it does not like and more importantly i dont like the 2 min prolonged boot time. [16:25] grendal-prime: server? if so, pastebin output of ifconfig -a and pastebin /etc/network/interfaces [16:26] ya its server.. [16:29] http://pastebin.com/PgffR0r3 [16:33] grendal-prime: only thing I can think of is that using eth0:x is somewhat outdated, but then, using the iproute2 way with 'up ip addr add ...' probably won't let you specify the vlan [16:41] should i set up the vlan using a raw device === matsubara-afk is now known as matsubara [16:42] i thought that the eth0.1 was the way to do it now? [16:44] hallyn: I really need to spend a couple of hours playing with git send-email... every time I have to use it I end up spending 30min trying to figure out the right way of calling it and it never sends exactly what I want ;) [16:46] I think I always just do : git format-patch -o subdir -n HEAD~n; cat > intro_msg << EOF ... EOF; then git-format-patch --no-chain-reply-to --to thelist --compose subdir (:r intro_msg in editor) [16:48] hallyn: yeah, I guess I should switch back to doing format-patch and send-email separately, being able to do it in a single call is nice until you want to change anything ;) [16:48] jamespage: bug 1003854 looks to be something different than what i had fixed via SRU [16:48] Launchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] https://launchpad.net/bugs/1003854 [16:48] I just git format-patch and then just cat and :r in mutt when writing my email [16:49] cringe - yeah i like to stage everything ahead of time :) [17:00] hallyn: ill fix dwarves [17:02] it's broken? [17:04] hallyn: ftfbs due to some multi-arch issue (mterry is doing the mir) [17:04] zul: thanks [17:04] grendal-prime: seems ip(8) has vlan support these days [17:04] grendal-prime: but I don't get it - you have an ip address on that interface and then a tagged vlan virtual interface on the same? [17:06] grendal-prime: is eth0 connected to a tagged vlan port on the switch, or an untagged one, or are you using a mix? a mix would probably be quite messy IMHO [17:07] grendal-prime: or, on what vlan does 204.94.93.3 belong? [17:08] grendal-prime: if it's a tagged vlan interface, the address set on eth0 won't get any connection... [17:11] i always get confused about this. [17:12] ok, is eth0 connected to a tagged port? [17:12] the vlan is physically attached to the eth0 (aparetnly) I then bridge my vpn traffic to it [17:13] the vlan isn't physical ;) [17:13] should i just add another interface for the vlan? [17:13] ok soo let me explain what i am trying to do.. [17:13] you might be able to explain a better path. [17:14] grendal-prime: no, what I'm saying is that the port in the switch to which your server is connected, is usually configured as either a static port or a tagged port, static being a member of one (or sometimes more) VLANs [17:14] or, can be a "tagged" port, accepting VLAN-tagged packages [17:14] not packages [17:14] frames [17:14] a tagged frame is like any ethernet frame, but with a VLAN tag attached [17:15] i have alot of vpn clients that all connect with a tap and bridge to a huge network space. (ya i understand the traffic is taged.) [17:15] it can also be a "mixed" port, allowing both untagged frames and tagged ones, but personally I find that messy [17:15] ok well the eth0 is a public interface [17:16] I'm talking about the switch port [17:16] erm... [17:16] not sure here - vpn clients attach to tap and it's *bridged* to the inside? [17:17] wouldn't it be easier to route it, to stop unwanted broadcasts and whatnot to pass through? [17:17] ya but that would require changes to clients wich we do not have the ability to do [17:18] i want to bridge the traffic to a vlan. (this has to do alot with the fact that the appliances that are connected point to a specific ip address) [17:18] ok, so apparently, the port in the switch is in mixed mode, meaning untagged traffic goes to port N as decided by the switch, and it allows some other (or all) VLANs set by the OS [17:19] the machine is a vm [17:19] by the way it does work...the way it is configured. [17:19] adam_g: after f1 is uploading we can start thinking about SRU [17:19] and the host handles the different VLANs? [17:20] * RoyK wouldn't setup a system like that, not like that, or perhaps, at gunpoint [17:21] RoyK, the info i pastedbined is all from the openvpn server (ubuntu12.04) [17:21] it is a vm on vmware [17:21] ya well i dont have much choice [17:21] hence the gunpoint? ;) [17:21] exactly [17:21] ok, so it works, but takes a while to boot up? [17:21] as far as the vlan. what is the best way to set that up. [17:22] ya it works great..but like i say..the error bothers me [17:22] and slows down the boot...but back to the vlan.. [17:22] is thats what it dows not like..what would make it..well..cleaner? [17:23] grendal-prime: AFAICS, iproute (or ip(8)) doesn't support that flexibility with VLANs(yet?) [17:23] should i add another interface and associate the vlan with that ? [17:24] no, an interface belongs to its hardware (or virtware if you want) [17:25] I was just a bit confused with both eth0 and eth0.1 having connections with eth0.1 being the only one tagging frames [17:26] well i have to have a physical device for the vlan. [17:26] i always thought of it as...a container for the lan [17:26] sorry a container for the vlan. [17:27] so would it help if i just make another interface that is just for vlans? [17:27] im a little confused why a vlan has to have a physical interface at all honestly [17:28] if vmware could give that vm a "physical" interface for that vlan, that would probably be the easiest [17:28] i was under the impression that a vlan is like a ...virtual box that you can put networkable connections onto..like a software switch... [17:29] http://en.wikipedia.org/wiki/VLAN [17:31] my short version: If you want to separate two LANs on a switch, use two VLANs, say, ports 1-12 for VLAN1 and ports 13-24 for VLAN2. Then someone says "let's connect another switch", and you use port 25 for VLAN trunking, meaning "tagged VLAN" in which the ethernet frames are prefixed with a small tag saying "I belong to VLAN X" [17:31] that way, you can configure a firewall with, say, four networks on the same NIC, given a switch supporting VLAN tagging like 802.1Q [17:32] hallyn: will you have some time later this afternoon to review the lxc SRU? it looks like it's going to be a pretty big one [17:33] are you mixing subinterface type traffic with vlan..because my understanding was subinterface traffic is just thrown around with everthing else on the interface were vlan tagging is taged and the phisical interface traffic does not see it [17:33] is subinterface traffic what you mean when you say untaged traffic? [17:34]