[00:06] I didn't get chance to install my gui [00:06] I was wondering what is a good light weight gui [00:06] I was debating between openbox or fluxbox [00:16] SpamapS: thanks! === GhostFreeman_ is now known as GhostFreeman === pjdc_ is now known as pjdc [00:32] hi all.. can someone offer any solution to this problem for me please: http://ubuntuforums.org/showthread.php?t=1990842 [02:18] someone told me two good sites for maas [02:18] what was it [02:18] !log [02:18] Official channel logs can be found at http://irclogs.ubuntu.com/ . LoCo channels are now logged there too; for older LoCo channel logs, see http://logs.ubuntu-eu.org/freenode/ [02:18] !maas [02:19] maas.ubuntu.com === ea1het is now known as ea1het_sleep [02:53] Hello. I'm having a serious problem here on my server. My USB drive is not appearing, and dmesg has this: usb 3-1: new full speed USB device number 5 using ohci_hcd [02:53] Then: usb 3-1: device descriptor read/8, error -110 [02:53] Can someone, PLEASE, help me fix this? I tried to reboot the server twice. One with "init 6" and another one with shutdown -r now [02:54] does the drive work on a different machine? [02:54] lifeless, I don't know. I can't try it in another machine, it's all remote [02:55] the symtpoms you are reporting make me thing 'hardware failure' [02:57] lifeless, you mean, physical damage? [02:57] It was working normally before [02:58] Then I was rsync'ing over 1TB of files, and in 60% it suddenly stopped [03:03] yes, physical issue [03:03] its failing to read from the drive, I believe [03:04] Try plugging it back in? [03:04] twb, and how do I do that? [03:04] I have no physical access to it [03:05] Call the NOC monkey [03:11] I'm using openssl as part of an installation script, but I can't find a way to make it unattended. [03:12] in generating X.509 certs, it always asks me for country, city, etc. [03:12] JoeCoder: because you need to mash your head on the keyboard to generate entropy? [03:12] Oh that. Just use certtool, it's much easier to get the hang of [03:12] nope; Im actually not sure where it's getting entropy from [03:12] oh, thanks. I'll take a look [03:12] JoeCoder: it gets it from headdesking [03:13] in 12.04, it doesn't ask me for any entropy. [03:13] Seriously I built some live PXE images of ubuntu, and they would hang during boot until you mashed the keyboard spastically [03:13] because something during boot was generating keys (maybe SSH) and there was no entropy on the freshly booted system [03:13] EPIC symptoms [03:15] I don't really know what I'm doing or what the various crt, .pem, etc. files do (but I understand the concepts of private key cryptography), and openssl is already working well, so I'm nervous about switching. [03:15] the tutorial I'm using has me making about 7 different files. [03:15] The file extension doesn't really matter [03:16] Are you familiar with how key-based auth works in SSH, or in GPG? [03:16] I understand that the client is given a public key, it encrypts the message, and the server uses the private key to decrypt it. [03:16] http://paste.debian.net/172286/ are some notes I made early on when learning TLS [03:16] I'm using startssl as an authority [03:19] ok, I follow your notes, but I don't understand why I need 7 different key files [03:19] http://lowtek.ca/roo/2012/ubuntu-apache2-trusted-ssl-certificate-from-startssl/ is the tutorial I used. [03:19] openssl gives me 2 files, I give one to startssl, and it gives me back 3 in return. [03:19] then 2 more files are created by concatenating those first 5 together in various ways. [03:20] startssl gives me ssl.crt, sub.class1.server.ca.pem, and ca.pem [03:20] oh well, this is a side-rant and isn't as important. [03:21] I'll take a look at certtool [03:21] if that fails, is there a general tool I can use to provide input to programs that ask questions? [03:22] since I don't know what I'm doing, and openssl is already worknig well, that would be a faster route for me. [03:23] Well there is always a private key and a public key. [03:24] In TLS the public key is usually embedded in the cert [03:24] A CA cert is a key signed by itself. verisign et al keys are special only because people include them in their default trust list. [03:25] that's part of the browser. [03:25] When you want someone to sign your key, you give them a Certificate Signing Request (CSR). That is basically your public key plus a note that says "please sign this" [03:26] yep, I give the .csr file from openssl to startssl [03:26] but I didn't know what csr stood for [03:26] They take that and their the CA private key, and sign your public key and send you back a cert [03:27] So in total, you should have a private key, a CSR and a cert, and they should have a private key and a CA cert. Note sure how you get to 7 files. [03:27] startssl gives me ssl.crt. But they also give me sub.class1.server.ca.pem and ca.pem [03:27] so what are those .pem files? [03:27] well, the csr is really just a temp file [03:27] yeah [03:27] you need all those [03:27] you have your certificate, but you also need that certificate chain [03:28] without that chain, a user can't trace back the trust path, back to the root certificate they trust [03:28] those two pem files are concatenated together into the chain file. [03:29] and that's given to apache as part of the SSLCertificateChainFile configuration setting. [03:29] yep [03:29] the ca.pem and sub*.pem [03:30] you can check it's all good using: http://www.networking4all.com/en/support/tools/site+check/ [03:30] oh good. I had just been loading it up in chrome. [03:30] yes, it likes it! [03:30] ya, using a webbrowser isn't good to check the chain [03:30] cause the browsers cache it [03:30] PEM is the encoding format, more or less like base64 or gzip [03:31] well, pem is base64 der [03:31] openssl s_client -CApath /etc/ssl/certs/ -connect epoxy:443 << gnutls-cli -s --crlf -p # Raw SSL connection using GNUTLS [03:31] openssl s_client -crlf -quiet -connect : # Raw SSL connection using OpenSSL [03:31] ...those might help re testing [03:32] ya, if you understand the ssl specs :) [03:32] any advantage to those over networking4all ? [03:32] you can look at more info [03:32] oscp stapling, and other fun things :) [03:32] ssl session resume [03:33] I have no idea what "networking4all" is [03:33] the url I posted [03:33] yes [03:33] Oh [03:33] Sorry it had scrolle doffscreen :-) [03:34] https://www.ssllabs.com/ssltest/index.html [03:34] is an interesting one [03:34] patdk-lap: I guess I never ran into the chain thing because I operate my own CA [03:34] though I don't agree much with it's *scoring* [03:34] twb, you run a very flat CA then [03:34] you don't use sub-ca's? [03:35] Yes, one CA and then all the per-host keys [03:35] ya, that is plain evil, but no chain needed [03:35] Why is it evil? [03:35] cause your CA is basically online all the time to sign stuff, and always exposed [03:35] your should make your CA cert, and sign sub-CA's with it [03:36] then you only have to invalidate one sub if it's compromised [03:36] Why would it have to be online? [03:36] what does PEM stand for? [03:36] I could be doing it on an airgapped host [03:36] JoeCoder: portable encoding message or something. Ask wikipedia [03:36] twb, airgapped in a vault? [03:36] airgapped isn't secure [03:36] it's just internet secure :) [03:36] http://acronyms.thefreedictionary.com/PEM [03:36] wasn't sure which one :) [03:37] patdk-lap: you said "basically online all the time" [03:37] I don't see how my hierarchy implies that [03:37] online == installed on a computer [03:37] offline it, stored in a vault [03:37] I could be doing that now [03:38] As it happens I'm not, but I *could* do it [03:38] Just take it out once every twelve months or so when I provision a new host [03:38] Or rather, when the old certs expire :-) [03:38] I'm just stuck to this, based on all security principles, and DOD rules [03:38] hm, certtool asks a lot more questions when generating a certificate request. [03:39] AFAICT in practice x509 is screwed /a priori/ in its common usage in browsers [03:39] and it would only accept empty string for the domain name question [03:39] But sure I would probably do what you suggest if I could be arsed. [03:40] JoeCoder: you can supply those answers in a pre-written answer file, as described in certtool's info manual [03:40] I had expected so; I'm still at the point of figuring out how to answer them [03:41] twb, ya, it's a pain after the fact, not hard if you think about it when you do it [03:41] I feel like I waste 2gb microsd cards [03:41] Well in practice I could probably do it in half an hour. I only have about 20 certs [03:41] have hundreds of them [03:41] many of them with just one cert on them [03:42] patdk-lap: Or use an old laptop that doesn't get turned on except for this and fits in the safe. [03:42] https://gist.github.com/2848539 [03:42] ScottK: until one day it doesn't turn on anymore :P [03:42] the unindented questions are the ones I'm not sure about [03:42] never liked that idea much [03:42] twb: Sure. Make a backup. [03:42] I'm not even bothering to make a CSR, I just exploit the fact that the provisioning host can see inside all the containers [03:42] but ya, we do one onsite and one offsite [03:43] the dnsName question on line 8 would only accept an empty string. I specified the domain name for Common name. [03:43] Realistically I'm using TLS for wire encryption, not for x509 trust hierarchy [03:43] twb, that is fine, if you don't bother to trust two you connect to :) [03:43] or you setup static trust [03:44] Well sadly some of it is built on DNS and I'm not doing dnssec yet [03:44] Is there a tool I can use to supply arguments to a command line program that asks questions? This would be much faster than figuring out certtool. [03:44] For the hierarchy to work you have to assume the entire CA chain is secure and that's sadly often not the case. [03:44] and it would be useful in the future [03:44] And e.g. for wifi my attempts to use EAP-TLS fell down because hostapd doesn't implement a working CRL [03:45] It would be nice to have all that stuff working but there are lower-hanging fruit IME re security, like "stop using PPTP" or "stop using PHP" [03:46] never attempted eap-tls [03:46] it was too imature back last I played with eap [03:47] patdk-lap: what's REALLY stupid is that EAP-TLS is the only WPA Enterprise that's required for WiFi Alliance certification... but x360 and printers don't support it, and n900 doesn't support it without replacing its wifi manager, and iphones don't support it without deploying a configuration management server, and .... [03:47] Not to mention all the users whinging because you force them to generate a key and a CSR [03:47] yep [03:48] So what I am doing at the moment, which sucks, is to use WPA2 PSK with a per-MAC PSK list [03:48] i.e. if you want wifi you tell me your MAC, I generate it a PSK and I add that pair to hostapd. [03:48] Your client side just sees ordinary PSK and so everything Just Works [03:48] But I can still, at least theoretically, revoke individual users' access [03:50] JoeCoder: FYI here is an answer file I used with certtool: http://paste.debian.net/172288/ [03:51] those don't match the questions I'm asked: https://gist.github.com/2848539 [03:51] such as the uid, and it won't let me specify anything besides empty string for the domain name. [03:53] is there a way to make openssl unattended? a generic command line tool that will let me provide answers to programs that ask questions? It seems like I've used something like that before, but I can't remember the name. [03:54] JoeCoder: they do correspond, it's just not obvious from the long question vs. answer string [03:55] e.g. signing_key = Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? [03:55] ah, ok [03:55] and it's ok to leave the dnsName blank? [03:56] That depends on the client [03:56] well, it won't let me specify one. [03:56] IME all clients will believe you're you if DNS matches the dn, but some will also allow it if your DNS matches the dnsName [03:56] no matter what I type, it keeps asking the same question until I enter empty string. [03:56] JoeCoder: that's because you can have >1 dnsname [03:56] ah, ok [03:57] What that is for is, suppose you have a webserver called www.example.net but it also serves webmail.example.net and arthur.example.net [03:57] cn? [03:57] common name is the default [03:57] So you have a dn of www.exampl.net, but also a dnsName for the other two [03:57] unless you enable subjectalt, then dnsname overrides [03:57] how do I pass a config file to certtools? [03:57] Er, sorry, I think I mean cn not dn [03:57] Too much LDAP :-/ [03:58] ya, and funny certificates use ldap type syntax too [03:58] I'm primarily a developer, which is why I'm so confused about system administration. [03:59] --template= [04:01] patdk-lap: do not talk to me about zimbra === shauno_ is now known as shauno === Morpheus is now known as Guest5531 === wylde_ is now known as wylde [06:19] Hey - I'm trying to get a local ubuntu mirror onto a machine that's behind a proxy, and download limits prevent it from mirroring the archive itself; I was thinking that I could mirror the archive with rsync or apt-mirror from home and transfer it via a portable hard drive, and use apt-mirror to update it after it's on the target machine. [06:20] Is this possible? And is there a bettter way to do it? [07:18] obelus: that should work fine. debmirror can help you mirror a subset which might help too. [07:19] rbasak: the idea is to mirror all the packages that we'll need. I'm happy to do the full ~380GB, my only issue would be at the other end, is it enough to move it to the correct folder for apt-mirror and run the update command for it to pick up and use it as a base? [07:22] rbasak: looking up debmirror atm, it seems that it downloads for given architectures and releases, is that correct? Isn't that what apt-mirror does anyway? [07:29] obelus: I'm not familiar enough with the different tools to answer your question, sorry. I'm pretty sure that most tools don't care about where the destination is providing that you move everything across identically - they should be able to resume from that point fine. [07:33] rbasak: Thanks for your help :) I'll be starting mirroring it on Monday afternoon when I get the hard drive. That'll be a long download before I know if it's going to work properly at the other end though ;p [07:38] <_ruben> the stuff you mirror using debmirror is usualy made available through a webserver so your (other) machines can you it is an (alternative) repo [07:41] Or NFS [07:42] Here is a debmirror wrapper script I use: http://paste.debian.net/172318/ [07:42] IIRC ubuntu main, one arch, one release, no sources, is only a few tens of GB === dendro-afk is now known as dendrobates [08:09] _ruben, twb: The plan is to make it available locally through http as the primary repository for all machines in the LAN [08:10] I want to grab amd64 and i386 for both current and lts versions (atm, only 12.04 because it's both) [08:11] All packages, extras, universe, multiverse, etc. And a few other 3rd party package archives. [08:13] obelus: I'm not stopping you [08:13] twb: O.o I know. I just thought I'd mention it. [08:25] <_ruben> I mirror gutsy-precise, i386+amd64, binary+source, main+universe+multiverse+restricted .. only close to 700G ;) [08:28] Holyshit. I don't need that much lol [08:28] easy on the language please. [08:29] Just precise for me. I'm not quite sure at this point how to mirror only amd64 and i386 with apt-mirror, or if I'll have to use debmirror, but I have a bit of time before I need to work that out [08:29] ikonia: Sorry, I forgot that there's strict language rules in here, I'll be good. [08:29] <_ruben> !info apt-mirror [08:29] apt-mirror (source: apt-mirror): APT sources mirroring tool. In component universe, is optional. Version 0.4.8-5 (precise), package size 13 kB, installed size 101 kB [08:29] obelus: not a problem at all [08:30] <_ruben> iirc apt-mirror only downloads what it's clients request and then cache it, unless i'm mixing stuff up [08:30] <_ruben> debmirror mirrors a complete pocket [08:30] I use apt-mirror currently to archive the google-chrome repositories [08:30] <_ruben> been meaning to ditch debmirror in favor of plain rsync, but i dont think old-releases.ubuntu.com offers rsync access [08:31] I'd use rsync completely but I haven't been able to make rsync work through the HTTP auth proxy that the server's behind [08:31] <_ruben> rsync wont let you sync just precise [08:31] Oh, no use then ;p I don't want EVERY release [08:32] I'd be happy with getting 10.04 and 12.04, as some people still like 10.04 there, and one server hasn't been upgraded yet [08:32] But I don't want all of them [08:32] hi there, got a question on bonding and vlans [08:38] obelus: FYI, my metrics (cf. my script posted earlier): http://paste.debian.net/172324/ [08:40] What's included in that ubuntu folder? I mean, is that the one release and arch or more than one? [08:41] 17:42 Here is a debmirror wrapper script I use: http://paste.debian.net/172318/ [08:41] I tried to outline the bonding-vlan problem here: http://pastebin.com/T6cK8xfQ [08:41] anyone up for some help ;) [08:42] lambda_engineer: sorry, I'm too drunk to deal with that right now [08:42] twb: Ah, okay. That's really good that all that fits in 180gb. [08:43] I might make a debmirror script to do the mirror I'm doing. looks easy to customise one. [08:43] twb: bad for me, probably so else here can deal with it?= [08:45] lambda_engineer: Never tried using vlans on Ubuntu, so sorry, not really sure. I've only done vlans on cisco hardware. [08:45] obelus: given I'm tracking 3×LTS releases and 2×arches, it's probably reasonable to expect to fit one release into, say, a bit over one sixth of that. Say about 40G. [08:45] lambda_engineer: https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/352384 [08:46] Launchpad bug 352384 in ifupdown "can not add vlans to a bond network device" [Undecided,Fix released] [08:46] lambda_engineer: there is a a similar issue raised on Fedora 8 instances. [08:46] lambda_engineer: it appears to be a limitation of how the bond is formed. [08:46] I'm planning for 1 or 2 releases with 2 arches. Would it be okay if I use your script and modify it to limit it down a lot? [08:46] IIRC there are several kinds of bonding, does it affect all of them? [08:46] obelus: I don't care, go nuts [08:46] twb: thans :) [08:47] thanks* [08:47] lambda_engineer: the suggestion in the ubuntu bug report should resolve your issue, although RedHat seem to be phasing in over a LONG period of time a more technical solution [08:47] obelus: talk to #bash re scripting if necessary [08:48] twb: Thanks, but I should be fine to modify this. I'm pretty used to bash scripting [08:49] Is main/debian-installer for network installs? [08:49] Yes [08:49] It's for PXE installing [08:49] If you have a CD installer that's >>20MB in size, you can ignore it [08:50] Awesome, thanks. My plan is to mirror releases too, so I can have a set of CDs (desktop, alternate, server) for i386 and amd64 and update from there. [08:51] You can just build the CDs from the mirror using jigdo [08:51] Well, maybe not the desktop one === dendrobates is now known as dendro-afk [08:52] twb: ... I should have thought of that, I've used it before. But yeah, I'll need to take copies of the desktop ones. Server/alternate will be good with jigdo though. One problem is, does debmirror only get the latest version of the packages? Because I think the jigdo templates need the same version that was available at their release [08:55] When a release is released, it's contents doesn't change [08:55] New versions go into the -updates or so repo [08:56] twb: Ah, right. Thanks. [08:56] (There are a few exceptions, e.g. IIUC sun-java was actively removed from releases because Oracle are so douche-y) [08:56] But yeah I just use PXE installs and don't bother with a CD at all. [08:57] ikonia: thx a lot [08:57] You can build the desktop versions in theory using live-build but I wouldn't want to guarantee it'll behave the same as the ones ubuntu orll [08:57] *roll [08:58] twb: I can't really use network boot because I don't control the DHCP server, and the server that's going to hold the mirror is going to be moving to a different subnet soon anyway. Ubuntu also doesn't provide the tiny netinstall images anymore do they? [08:59] Yes they do. [08:59] http://cyber.com.au/~twb/.bin/twb-d-i has links [09:00] If you grovel around near those links, there are USB-HDD and CD versions as well as the PXE versions I am wgetting [09:00] Also re DHCP server, you only really need the DHCP server to send the filename and next-server options, and you can host the TFTP server on another IP [09:01] twb: I know, but the person that administers the DHCP server isn't going to set that. I'm pretty sure he'd rather that not every computer tries to boot into an ubuntu installer [09:02] Fair enough [09:02] Also obviously PXE can present a menu and timeout to booting off the local media... [09:03] Yep, but that's not going to be agreeable, I don't think. Although I'd like that idea very much. [09:03] I'll ask, but I think the answer will be no. [09:06] ikonia: seems like this is not my problem, this problem is only on top of bonding with LACP/802.3ad [09:06] ikonia: even when i do all the settings they supplied and worked for them... they don't in my case... still the error in /var/log/syslog [09:06] You can also tell pxelinux to skip the menu based on MAC or IP address or IP network [09:07] sooo still a problem with vlans on bonded interface: http://pastebin.com/T6cK8xfQ [09:07] morning o/ [09:08] obelus: http://cyber.com.au/~twb/tmp/tmp.png [09:08] For extra sexiness, that's a serial port on a headless router. [09:10] twb: Looks great, but the problem is that the area that we'll be using the server in is a network lab, things are reinstalled constantly, and the person that runs the network lab rathers booting via ghost CDs to do network installs, and really doesn't like ubuntu. From experience, he's not going to change the settings to set our ubuntu server as the primary boot device for the entire netlab. [09:10] Though, I will set it up so it's possible and propose it, just in case he does. [09:11] I understand. The point was to make you go "wow cool" so you can show him and have him go "hmph, maybe it is worth a demo" [09:11] ghost is pretty sucky by comparison [09:12] ;p I'm convinced it's awesome. And yeah, but the reason he uses it is that he deploys windows, freebsd and other stuff through it, with preinstalled apps and customisations. [09:12] And the multicast is helpful when we're doing it to several PCs at once. [09:12] <_ruben> twb: what do you use for the menu stuff ? [09:12] multicast doesn't actually save any bandwidth if you're on a flat switched network [09:13] I checked because I am deploying IPTV to a 600 seat prison in the next 18 months [09:13] (Over, btw, netbooting lucid desktops) [09:13] _ruben: that's just pxelinux 4.xx menu.c32 [09:13] _ruben: there is vesamenu.c32 but it 1) requires vesa; and 2) is fugly [09:14] <_ruben> twb: ah .. the stuff i never to got around to dive into [09:14] <_ruben> (as with many things) [09:14] <_ruben> syntax seemed rather odd to me [09:14] <_ruben> been ages since i looked into it tho [09:14] The syntax used in the boot CDs is the ugly old way [09:14] <_ruben> care to share yours? :) [09:15] http://paste.debian.net/172326/ [09:16] Multicast does help though with the disk i/o on the server when it's sending 7gb images ;o [09:16] The 01-* stuff is a custom PXE-booting OS for extra extra sexy. [09:16] obelus: hm, good point [09:16] obelus: but if your OS needs 7 flipping GB it is about 36 times too big [09:16] He has custom builds of FreeBSD on there that are pretty big. [09:17] That and the Windows images. Those are only about 4gb for the Win7 ones with compression though. [09:18] obelus: http://paste.debian.net/172327/ [09:19] obelus: he clearly sucks at saving space [09:19] Hah, yes. Compared to that, most people do. We do need stuff on it that's a bit bigger than 71mb though. But 7gb is excessive. [09:21] <_ruben> twb: that looks way cleaner than i seem to recall [09:21] The host that OS is for, has "only" 512MB RAM and since I'm copying the entire OS into RAM over TFTP I riced the size down a bit [09:21] lambda_engineer: my understanding of the newest docs is that you should no longer define bond_slaves or auto on bond0 [09:21] <_ruben> auto generating stuff like this does make sense, given the numerous repetitions [09:22] <_ruben> twb: the "live" menu entries are dummies right? failing to see where it'd actually boot into a live os [09:22] rbasak: hmm, http://paste.debian.net/172329/ is a bond I'm using, but no tagging [09:22] _ruben: they worked until I deleted the backend files [09:22] twb: it has changed: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/ifenslave-2.6/precise/view/head:/debian/README.Debian [09:23] rbasak: OK. My paste is from lucid [09:23] <_ruben> twb: ok, then i'm not misinterpreting things :) [09:23] Oh yes the live *menus* are autobuilt and they can't find any files to add to them [09:24] I was thinking of the two "awesome" entries in default file [09:24] <_ruben> ah [09:27] rbasak: which documentation are you talking about? this one: https://help.ubuntu.com/12.04/index.html ?? [09:28] lambda_engineer: /usr/share/doc/ifenslave I think. You can see it online here: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/ifenslave-2.6/precise/view/head:/debian/README.Debian [09:39] rbasak: arghtzzpftsss...problem solved... actually i missed the line "auto bond0", just retyped it because i'm on the machine with video redirection, so no copy-paste [09:40] rbasak: thx [09:40] np [09:49] hi all, how can I add ssl on my ubuntu server? [09:51] bau-: For what daemon/service? [09:52] andol, I need to run a fb app on my server === Utente1 is now known as bau- [11:42] Hi all. I'm tearing my hair out trying to work out why my Ubuntu 10.04 i386 install isn't showing libvirt-bin as available in the repo, when I know it's there. Anybody got any ideas? I suspect it's user error, but have no idea where to look. === Patrickdk_ is now known as PatrickDK [11:49] Nevermind. Looks like my package cache was corrupt... or something :S. All good now [12:27] morning === ea1het_sleep is now known as ea1het [12:28] i need help in terms of filesystems [12:28] anyone can help [12:28] ea1het: in what respect [12:28] the doubt: best filesystem to hold virtual machines [12:28] ea1het: apologies for missing you last night [12:28] no worries ;) [12:28] ea1het: well, it depends on a lot of things, but there ins't really a "best" [12:28] ea1het: just use what meets your needs [12:28] ea1het: what do you want to use ? [12:29] KVM to hold 5 VM.... aprox. size per VM 10Gb each [12:30] and another filesystem to hold ISO images [12:30] ok, what file system do you want to use ? [12:30] <_ruben> give each vm its own lvm lv .. no need to deal with stacking fs's [12:30] is there a reason you're doubting just using ext4 or something like that ? [12:30] yes... the doubt is about the posibility to use or not LVM [12:30] ok, lvm is not a file system [12:31] yes...a volume manager [12:31] on top of that... i thought XFS.... or EXT4 [12:31] so you are not asking about file systems, you're asking if you should use a volume manager ? [12:31] ea1het: do you have a need for lvm ? [12:31] ikonia: in fact... i want to ask for both :) [12:31] i'm a big doubt myself :) [12:31] ea1het: why do you think you'll need/want lvm ? [12:31] i think my VM will not raise over 10Gb [12:32] the size of the VM is not really relevent [12:32] i think.... i mean... sure 100% i'm not [12:32] the size of the file system that holds your VM's is [12:32] ea1het: where are you storing your VM's eg: /mnt ? [12:32] ok ,let me explain my idea... very quick [12:32] yes [12:32] ea1het: do you have a disk you're going to mount ? [12:32] or a partition ? [12:32] a dedicated /mount-point for VM, yes [12:32] a partition [12:33] it's better to have a disk itself? [12:33] just one partition ? [12:33] it doesn't matter a disk or a partition [12:33] ea1het: why not keep it simple, put a partition /mnt [12:33] then just put two directories under it "images" and "media" [12:33] then store virtual machines in "images" and install/data media in medai [12:34] right now this is the situation: /vm --> the VM store && /images --> the ISO images to install from [12:34] each one is a partition [12:34] ea1het: ok, so they are hanging off your root file system partition correct ? [12:34] ah, so each one has a partition that's mount correct ? [12:34] yes [12:35] yes [12:35] ok, so what's the current problem ? what do you want to change and why ? [12:36] Q1: The introduction of LVM will allow me to be more flexible in terms of filesystems and/or volumes ? [12:36] ea1het: yes and no [12:36] it will allow you to resize volumes based on how much storage is in the volume group [12:37] ea1het: keep in mind if you put a 100G partition on /vm (for example) and you only use 5 machines at 10GB each, do you need to dynamically resize the /vm volume ? [12:37] or are you very tight on space ? [12:38] nice situation... close to reality... i'm asking because my current server has 2 HDD but, but, it can admit up to 8. I thought using LVM below the FS i can add and resize my /vm partition and increase its size.... [12:39] just in case my VM store raise... [12:39] and... not... by now... not 250Gb on /vm and 5 x 10GB VM's [12:39] not so tight === Lcawte|Away is now known as Lcawte [12:40] you can use lvm in that way sure, but it's up to you if you want to [12:40] i never used before LVM. What is the administration learning curve for someone it never used LVM ? [12:40] to do what you want, not much to be honest [12:41] but I wouldn't say do it unless you have a genuine need for it (in your opinion) [12:42] To be honest i just want to have the whole picture in mind. My expected raise ratio is 1:7 (Hypervisor : VM's) [12:42] More than that... i'm not sure... so right now... with my actual VM's i'm plenty of free space.... [12:42] but want to be ready to dimensionate if necessary [12:43] Q2: My actual FS probably is not the best for large files. What is the best FS in terms of large files like VM's ? [12:45] ea1het: unless you've got a problem why not just use ext4 [12:45] hi all [12:45] hi koolhead11 [12:45] hi ea1het [12:45] ikonia: is it the best? have support for large files? [12:46] I heard about XFS but i'm not sure... i don't know it [12:46] ea1het: define larger files ? [12:46] large files las virtual machines [12:46] sorry [12:46] ea1het: that's not a file size [12:46] large files like virtual machines [12:46] ea1het: have you actually tried ext4 ? [12:47] ea1het: virtual machines is not a size, how big are you defining as "big" [12:47] various GB [12:47] ea1het: various GB......come on [12:47] how big do you call big [12:47] in general terms probably some TB but i'm only focussing on VM's [12:47] ea1het: what ???? [12:48] ea1het: in your example - what is the size that you consider a big size [12:48] this is not a hard question [12:48]