jasonmsp | hey all. I have several websites hosting on my server (running apache) is there something I can use to monitor network traffic and cap the total network traffic over a specified period of time? | 00:01 |
---|---|---|
ping__ | jasonmsp what u use for monitoring | 00:01 |
jasonmsp | nothing at the moment. I'm looking for a solution to monitor the traffic and cap it if they hit a certain threshold | 00:02 |
jasonmsp | but I'm looking to do that on a vhost basis. | 00:03 |
zul | hallyn: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1023205 | 00:03 |
uvirtbot | Launchpad bug 1023205 in libvirt "libvirt_lxc crashed with SIGSEGV in random_r()" [Undecided,New] | 00:03 |
=== Pupeno_W_ is now known as Pupeno_W | ||
=== txwikinger2 is now known as txwikinger | ||
=== wylde_ is now known as wylde | ||
=== n0ts_off is now known as n0ts | ||
kyle__ | pxe installing, I keep getting an error about a corrupt Packages file. I read some posts suggesting just gunzip it, but it didn't help. | 00:40 |
adam_g | ww/away gone | 00:50 |
=== kermit1 is now known as kermit | ||
=== cpg is now known as cpg|away | ||
=== n0ts is now known as n0ts_off | ||
=== th0mz_ is now known as th0mz | ||
=== cpg|away is now known as cpg | ||
=== cpg is now known as cpg|away | ||
=== MoleMan is now known as MoleMan_ | ||
=== cpg|away is now known as cpg | ||
=== cpg is now known as cpg|away | ||
BankAdmin | Hello, can multiple virtual instances of Ubuntu Server access the same physical RAID array directly, or can this only be done by mounting samba shares of the physical host locally within each VM instance? | 03:10 |
BankAdmin | I can't stick around but if you have any info on this please let me know at public AT duvrazh (dot) net | 03:11 |
=== Guest36151 is now known as exocaesar | ||
=== cpg|away is now known as cpg | ||
RamJett | Any know any link on beefing up dhcpclient for a server. I run a private cloud with openstack and the instances sometime have a glitch and do not get a dhcp response. It then destroys the interface and I loose IP. | 04:18 |
=== Aaton is now known as Aaton_off | ||
=== n0ts_off is now known as n0ts | ||
=== n0ts is now known as n0ts_off | ||
Super_Dog | Any fstab wizards out there? | 05:38 |
LordJebe | Hello, I would need a little help with an autoupdate script | 05:47 |
LordJebe | Any helping hands? | 05:47 |
=== n0ts_off is now known as n0ts | ||
RoyK | resno: looks to me unraid is some file-level raid aka raid-3. it' also proprietary, or little used, full of buzzwords etc, so i think i'll stick to linux ;-) | 05:57 |
_Andrew | Hi guys, need some help, I'm following the answers posted about getting DNS working here.. http://askubuntu.com/questions/140688/upgraded-server-to-12-04-dns-no-longer-working | 05:59 |
_Andrew | But none of the answers are working | 06:00 |
_Andrew | This is for 12.04 | 06:00 |
_Andrew | Clean install | 06:00 |
=== almaisan-away is now known as al-maisan | ||
=== n0ts is now known as n0ts_off | ||
=== n0ts_off is now known as n0ts | ||
RoyK | _Andrew: check /etc/resolv.conf | 06:43 |
RoyK | _Andrew: static ip or dhcp? | 06:44 |
ubuntu | Nathan_S | 07:06 |
=== ubuntu is now known as Nathan_S | ||
Super_Dog | fstab wizards.... remember "\040"= a directory space in fstab... | 07:46 |
Super_Dog | That had me stumped... | 07:46 |
_Andrew | RoyK, I have a static IP set and I have added nameservers to resolve.conf | 08:03 |
_Andrew | but still can't ping google.com or anything | 08:04 |
_Andrew | In fact the resolv.conf just gets wiped regardless of the config I changed in the link I gave eariler | 08:05 |
jamespage | zul, I think we should drop the openvswitch-datapath packages based on what upstream have suggested for quantal | 08:09 |
=== n0ts is now known as n0ts_off | ||
=== n0ts_off is now known as n0ts | ||
=== n0ts is now known as n0ts_off | ||
=== ubuntu is now known as Nathan_S | ||
RoyK | _Andrew: with static ip, you need to add the nameservers to /etc/network/interfaces - at the end of the eth0 block, add 'dns-nameservers x.x.x.x' and 'dns-search your.tld' | 09:17 |
Pupeno_W | is there a way to run bash instead of sh in upstart scripts? | 09:18 |
=== ninjak_ is now known as ninjak | ||
=== Pupeno_W_ is now known as Pupeno_W | ||
=== cpg is now known as cpg|away | ||
=== al-maisan is now known as almaisan-away | ||
=== matsubara is now known as matsubara-afk | ||
jamespage | zul, thoughts on openvswitch then? drop the datapath packages? | 11:41 |
zul | jamespage: still waking up but yes...i agree | 11:42 |
=== almaisan-away is now known as al-maisan | ||
=== al-maisan is now known as almaisan-away | ||
feisar | could someone tell me why scponly has been removed from the repos and what I'm supposed to use instead? | 11:50 |
jpds | feisar: "(From Debian) RoQA; RC buggy, unmaintained, replacement exists; Debian bug #650590" | 11:51 |
uvirtbot | Debian bug 650590 in ftp.debian.org "RM: scponly -- RoQA; RC buggy, unmaintained, replacement exists" [Important,Open] http://bugs.debian.org/650590 | 11:51 |
jpds | https://launchpad.net/ubuntu/+source/scponly/+publishinghistory | 11:52 |
zul | good morning | 11:52 |
feisar | jpds: thanks | 11:53 |
jamespage | zul, I'll stuff that in now then | 11:56 |
zul | jamespage: cool....i have to go figure out how to unbreak libvirt | 11:57 |
=== almaisan-away is now known as al-maisan | ||
samba35 | how do i change openstack dashboard passwd ..password is lost by me | 12:04 |
samba35 | usign 12.04 | 12:04 |
Daviey | zul: does bug 1011627 need some love? | 12:09 |
uvirtbot | Launchpad bug 1011627 in six "[MIR] python-requests" [Undecided,Fix released] https://launchpad.net/bugs/1011627 | 12:09 |
zul | Daviey: yes i just havent gotten to it yet | 12:09 |
Daviey | cool | 12:10 |
Daviey | roaksoax: python-mailer needs dh2 transition ? | 12:10 |
jamespage | zul: I'm just going to disable the package in control for the time being | 12:19 |
jamespage | upstream might make it work again at some point in time | 12:19 |
jamespage | i.e. its a hack | 12:19 |
zul | jamespage: yeah i think 1.4.2 might be getting long in the tooth as well | 12:20 |
jamespage | zul, I think an update to 1.6.x with current snapshot from branch-1.6 might be a good idea | 12:20 |
jamespage | zul, I can do that at the same time if you like - have a test setup here already | 12:20 |
zul | jamespage: stick it in a ppa first before uploading it :) | 12:21 |
=== th0mz_ is now known as th0mz | ||
hallyn | zul: hm, for some reason tftpd-hpa is not starting right here on boot. upstart thinks its running, but ps -ef | grep tftp shows nothing, and clients aren't connecting | 13:03 |
hallyn | when i sudo restart tftpd-hpa, then clients can connect and ps -ef | grep tftp shows it running | 13:04 |
zul | running what? | 13:04 |
hallyn | root 18298 1 0 08:02 ? 00:00:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure /var/lib/tftpboot | 13:04 |
hallyn | i see nothing in the upstart job that should cause that... | 13:06 |
roaksoax | Daviey: checking... | 13:12 |
roaksoax | Daviey: that' | 13:12 |
roaksoax | Daviey: that's wird I thjought I had uploaded it already | 13:12 |
Daviey | roaksoax: heh | 13:22 |
roaksoax | Daviey: done! | 13:23 |
Daviey | \o/ | 13:23 |
roaksoax | Daviey: if you are doing AA work, could you also take care of python-tx-tftp please? | 13:23 |
roaksoax | it's in the new queue | 13:24 |
Daviey | roaksoax: i accepted it earlier :) | 13:24 |
roaksoax | Daviey: awesome then, thanks1` | 13:24 |
roaksoax | Daviey: awesome then, thanks1 | 13:24 |
roaksoax | err | 13:24 |
roaksoax | ! | 13:24 |
Daviey | oh what | 13:25 |
Daviey | I reviewed it, but didn't accept it. | 13:25 |
Daviey | roaksoax: I wanted to question why you didn't use github? | 13:25 |
Daviey | roaksoax: There isn't a debian/watch file which will probably be needed for MIR btw | 13:26 |
Daviey | but happy to accept it. | 13:26 |
roaksoax | Daviey: I didn't use github because I wanted to use the same approach as we did with cobbler on having it imported over launchpad, and for ease of packaging | 13:27 |
Daviey | roaksoax: ok, cool | 13:27 |
roaksoax | Daviey: and can't really have a watch file when upstream doesn't provide tarballs, can we? | 13:27 |
Daviey | roaksoax: well.. you can.. it's just less fun. | 13:28 |
Daviey | probably not required for this example TBH | 13:28 |
Daviey | anyway, accepted :) | 13:29 |
roaksoax | Daviey: I see, cause I couldn't find any examples of importing from a branch in debian/watch. But I agree it is pretty stationary code either way. | 13:29 |
roaksoax | Daviey: and thanks! | 13:29 |
resno | RoyK: no unraid for you lol | 13:35 |
zul | jamespage: im sitting on libvirt 0.9.13 btw | 13:35 |
jamespage | zul, coolio - I think that gives us ceph authenticated block access | 13:36 |
smb | zul, breeding? | 13:44 |
zul | smb: ? | 13:44 |
zul | smb: exactly | 13:44 |
smb | Just imagined you sitting on the package keeping it warm. ;) | 13:45 |
* smb wonders how zul speaks without being present... | 13:45 | |
JanC | I suggest you turn join/leave messages on ;) | 13:47 |
ahs3 | well, duh, zul's a demi-god. of course he can speak without being present. | 13:48 |
=== zyga is now known as zyga-food | ||
=== zyga-food is now known as zyga | ||
=== al-maisan is now known as almaisan-away | ||
zul | hallyn: i applied the random libvirt-lxc segfaulting patch to libvirt and still get the same thing | 14:40 |
hallyn | zul: drat. (i'm still waiting for mine to finish building) | 14:41 |
=== Lcawte|Away is now known as Lcawte | ||
zul | hallyn: http://paste.ubuntu.com/1086274/ | 14:42 |
* hallyn shakes his head - traffic to archives is painfully slow right now for me | 14:42 | |
zul | hallyn: it just cant find veth | 14:45 |
hallyn | zul: are you sure you quilt push'd the patch? bc it's fixed here | 14:45 |
hallyn | mind you in ppa i had a test case failure for i386, something to do with initrd, but i'm going to have to hope that's a ppa-only problem bc nothing i changed should have caused that. | 14:46 |
hallyn | zul: (back in a bit, lemme know... it'd be very weird if it worked for me but not for you) | 15:00 |
jsnapp | smoser, if i have a multi-part cloud-init user-data can i specify the order things get run? | 15:07 |
smoser | what things? | 15:07 |
jsnapp | smoser, for example can i have a couple scripts run , then cloud-config, then another script? | 15:08 |
smoser | hm.. | 15:09 |
smoser | you can accomplish what you want, yes. | 15:09 |
smoser | depending on what you want, bootcmd may be sufficient | 15:11 |
smoser | http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt | 15:11 |
smoser | also see Cloud Boothook at https://help.ubuntu.com/community/CloudInit | 15:11 |
jsnapp | smoser, ok, thanks ... what about multiple user-data scripts running at rc.local-like time? do they run in any particular order? such as alphabetical? | 15:18 |
smoser | if you provide filenames, they run in run-parts order | 15:21 |
smoser | C locale sorted order. | 15:21 |
jsnapp | ok, thanks very much | 15:22 |
=== n0ts_off is now known as n0ts | ||
=== zyga_ is now known as zyga | ||
S0ME1 | hello, I am facing issue with ubuntu image desktop via PXE installation | 15:44 |
S0ME1 | I am using version 12.04 LTS | 15:45 |
S0ME1 | I am using DNSMASQ & atftpd for booting PXE | 15:46 |
RoyK | resno: no, I prefer the real stuff, either linux md or zfs, depending on application ;) | 15:48 |
S0ME1 | but once the system booting over the network, they read the preseed.cfg but issues with Packages file missed, I created that file, the 2nd issue say, continue without installing kernel ? .... really strange stuff ! | 15:49 |
S0ME1 | what is the best way to install ubuntu desktop 12.04 LTS over the LAN? | 15:50 |
S0ME1 | any suggestion ? | 15:50 |
hallyn | zul: exaclty what do you mean by 'missing veth'? can you show 'ls /sys/class/net'; 'ip link add type veth'; 'ls /sys/class/net' output? | 16:00 |
=== matsubara-afk is now known as matsubara | ||
=== n0ts is now known as n0ts_off | ||
zul | hallyn: gimme a sec rebooting | 16:02 |
zul | hallyn: well manually it works: http://paste.ubuntu.com/1086402/ | 16:04 |
hallyn | zul: can edit that domain, get rid of the 'target dev=veth0' and 'mac address=' lines, and see if that helps? | 16:06 |
zul | hallyn: sure | 16:06 |
hallyn | the 'target dev=veth0' *should* only be there while it's running, hopefully | 16:06 |
hallyn | note, i don't expect that to help, just want to verify | 16:06 |
RoyK | looks like the next few servers I'll be setting up at work, will be on centos, because ubuntu doesn't have ovirt :( | 16:09 |
Daviey | RoyK: if you do try oVirt on Ubuntu, i'd like to know how it goes. | 16:10 |
hasdf | is there any control panel which supports lighttpd? | 16:10 |
Daviey | hasdf: gnome-terminal is one, putty is another.. there are a few. | 16:10 |
RoyK | bug 337976 | 16:10 |
uvirtbot | Launchpad bug 337976 in ubuntu "[needs-packaging] Package Redhat's oVirt for use on Ubuntu" [Wishlist,Confirmed] https://launchpad.net/bugs/337976 | 16:10 |
zul | hallyn: no dice | 16:11 |
hallyn | now that's unrelated to the new 'ovirt' effort right? | 16:11 |
RoyK | Daviey: after browsing this http://www.ovirt.org/wiki/Ovirt_build_on_debian/ubuntu I don't think I can give my boss a good reason for choosing ubuntu for this system | 16:11 |
RoyK | hallyn: why? | 16:12 |
RoyK | hallyn: are there any new ovirt efforts ongoing in debuntu land? | 16:13 |
hallyn | RoyK: http://www.theregister.co.uk/2011/09/23/ovirt_red_hat/ | 16:13 |
hallyn | dannf: were you the one who knows a bit more about (the new) ovirt? | 16:13 |
Daviey | RoyK: we were more involved initially, but really decided to consecrate our effort on IaaS | 16:13 |
hasdf | Daviey, I mean control panels like webmin, cpanel etc | 16:13 |
RoyK | hallyn: both link to ovirt.org | 16:14 |
hallyn | hmm | 16:14 |
RoyK | hallyn: the fancy windows frontend isn't interesting | 16:14 |
hallyn | ok, i thought it had a new code base for some reason. parently not | 16:14 |
RoyK | the failover parts in ovirt *is* interesting | 16:14 |
RoyK | but then - perhaps I'll just setup KVM with shared storage on GFS2 and do some hacking - possibly more fun :D | 16:15 |
hallyn | zul: looks like 0.9.12-0ubuntu5 has built but not yet been published... come on... come on... | 16:17 |
zul | hallyn: im going to finish what im doing here then i can grab the source and build it myself :) | 16:19 |
hallyn | zul: the advantage of the archive is the -dbg packages :) | 16:22 |
zul | right nm then :) | 16:22 |
* RoyK wonders if vbox can handle sharing disks.... | 16:22 | |
Pupeno_W | How do you disable upstart services? | 16:24 |
RoyK | !upstart | 16:25 |
ubottu | Upstart is meant to replace the old Sys V Init system with an event-driven init model. For more information please see: http://upstart.ubuntu.com/ | 16:25 |
hallyn | RoyK: it sounds like you're doing something interesting. might be fun to post goals to ubuntu-server and get some more ideas. For instance i think SpamapS has some experience with all the cluster/cloud-fs's | 16:26 |
RoyK | hallyn: will do - just need to discuss it a bit at work first | 16:27 |
hallyn | cool | 16:27 |
RoyK | but I guess we'll start off with two pizzaboxes and a shared piece of disk on the SAN | 16:27 |
SpamapS | Pupeno_W: natty and later, do 'echo manual >> /etc/init/$jobname.override' | 16:30 |
Pupeno_W | SpamapS: interesting. Thanks :) | 16:30 |
RoyK | SpamapS: do you have much experience with shared filesystems like GFS or OCFS? | 16:31 |
SpamapS | RoyK: yes, my experience with both was to give up and buy a NetApp | 16:37 |
RoyK | how did that make things better? | 16:38 |
SpamapS | RoyK: they are very old-world.. very fussy, and IMO, SAN shared FS's are a money and time sink | 16:38 |
RoyK | tried v2 of them as well? | 16:38 |
SpamapS | RoyK: the NetApp always worked.. even tho we had to find all the flock()'s and turn them into fcntl locks.. that was nothing compared to trying to tune GFS | 16:39 |
SpamapS | no this was maybe 8 years ago | 16:39 |
RoyK | a few things have happened since then ;) | 16:39 |
SpamapS | RoyK: in fact the netapp was eventually replaced by a couple of commodity servers running Linux NFS once we made our code behave and realized we didn't even need the netapp. | 16:40 |
SpamapS | RoyK: this was with *billions* of file operations per hour | 16:40 |
RoyK | SpamapS: so a mere million IOPS? pretty fancy hardware, then ;) | 16:41 |
SpamapS | RoyK: 20 disks in RAID5+0 on a nice external HP RAID (I forget the number.. something-1000) | 16:42 |
RoyK | but probably not a million IOPS | 16:43 |
SpamapS | RoyK: the key was to have 1GB of battery backed cache | 16:43 |
SpamapS | RoyK: I did not say IOPS too.. file operations... not everything made it to disk :) | 16:43 |
RoyK | well, I'll do some testing with vbox to see what happens :D | 16:44 |
RoyK | and tomorrow with some 1U machines struggling to use the same SAN LUN | 16:44 |
* RoyK likes that sort of fun | 16:44 | |
hallyn | zul: looking one more time at http://paste.ubuntu.com/1086274/, the missing eth0 looks to still be because the libvirt-lxc driver segfaulted before it created the veth pair. then the libvirt monitor which is supposed to do brctl addif br100 veth0 fails | 16:45 |
hallyn | zul: what does /var/log/libvirt/lxc/instance-00000001.log show? | 16:45 |
SpamapS | RoyK: Anyway, I've never had a workload which wanted a real SAN.. so perhaps your use case is different. I prefer to encapsulate everything in its own cost pool rather than have a big storage monster. ;) | 16:45 |
RoyK | funny thing is, we already have an ESX setup, but it's drawing too much from the budget, so I've been asked to help setup something with KVM to offload whatever not needing that redundancy ESX can give us | 16:45 |
zul | hallyn: i turned on more verbose debugging: http://paste.ubuntu.com/1086475/ | 16:47 |
patdk-wk | royk, ya, esx is nice, but alittle overkill unless you want some kind of ha | 16:48 |
RoyK | I *do* want to do some kind of HA | 16:50 |
RoyK | for instance, I want to move VMs around if they're in the way | 16:50 |
RoyK | that's not HA, but perhaps poor-man's-HA | 16:50 |
zul | hallyn: doesnt seem to be published yet :*( | 16:54 |
hallyn | zul: all right fine build locally ((*&%(*$&%) | 16:54 |
zul | dont worry ill build the debug packages as well | 16:55 |
RoyK | patdk-wk: I misread that - we need HA for pretty much, but we don't need ESX-grade HA for everything, and ESX is rather expensive, so we want a small KVM setup to offload the ESX with the not-so-important-VMs, but even there, we want shared storage, I recommended NFS, but he didn't listen, so we'll try GFS2 | 17:06 |
patdk-wk | basically, you just want normal esx HA, but not FT | 17:09 |
patdk-wk | vmotion, restart on host failure, but not 100% uptime requirement | 17:10 |
RoyK | I don't know if we use FT | 17:10 |
RoyK | I just started in this job :) | 17:10 |
patdk-wk | heh | 17:10 |
RoyK | and for what I can understand, there's no current plan of abandoning ESX altogether, but to offload it with KVM for the less important stuff | 17:11 |
patdk-wk | heh, I hope they are using other good features of esx for something then | 17:12 |
RoyK | so do I | 17:13 |
patdk-wk | but then, those features only really come into play with really demanding vm's | 17:13 |
patdk-wk | so maybe that is the goal | 17:13 |
zul | hallyn: well it seems to work, but the domain seems to crash http://paste.ubuntu.com/1086519/ (note: that this is with a precise image) | 17:13 |
RoyK | IIRC FT VMs are rather heavy, so perhaps they want to offload the cluster with taking out the smaller, less important ones to KVM | 17:14 |
patdk-wk | I'm getting ready to setup my first few FT vm's here | 17:14 |
RoyK | what sort of network are you using? 10G or IB? | 17:14 |
patdk-wk | right now, 1g :( | 17:15 |
patdk-wk | the FT vm's might have to wait till the 10g upgrade | 17:15 |
RoyK | not good for FT, or so I've heard | 17:15 |
patdk-wk | ya | 17:15 |
hallyn | zul: ok lemme try a precise container. (gonna take awhile to create, archives NOT treating me well) | 17:15 |
zul | hallyn: ok lemme try with a quantal container | 17:15 |
RoyK | patdk-wk: perhaps better use IB, might even be cheaper, and for the memory transfer, probably better than 10GE | 17:15 |
patdk-wk | really wish I could use my 8g fc's for it | 17:16 |
patdk-wk | they can't use IB though :( | 17:16 |
patdk-wk | their systems can't handle it | 17:16 |
RoyK | ok | 17:16 |
hallyn | zul: that's libvirtd.log right? do you have a instance-00000x.log you can pb? | 17:16 |
zul | hallyn: thats the instance-00000x.log | 17:16 |
hallyn | hm | 17:16 |
RoyK | just use a dedicated FC setup, then - the memory traffic is *heavy* | 17:16 |
hallyn | zul: in what way does it crash? does the whole domain disappear? or does it hang and you can't login? | 17:17 |
zul | whole domain disapears | 17:17 |
hallyn | plausible | 17:17 |
hallyn | sigh, i hope i dno't have to weed through the other libvirt-lxc commits t o pick the 'important' ones | 17:18 |
RoyK | patdk-wk: but - why is it their systems can't handle IB? | 17:18 |
patdk-wk | their blades/chassis can't | 17:18 |
patdk-wk | it could do IB or FC | 17:18 |
RoyK | ah | 17:18 |
RoyK | ic | 17:18 |
patdk-wk | but they build everything on fc | 17:18 |
RoyK | but they can do 10Ge? | 17:19 |
hallyn | zul: might be worth switching to 0.9.13 + the init_random patch | 17:19 |
zul | hallyn: agreed | 17:19 |
patdk-wk | ya, the blades already support 10g, just the blade switch needs to be swapped | 17:20 |
zul | i thought the init_random patch already made it in | 17:20 |
RoyK | patdk-wk: if they have dual port, use a dedicated network for the memory part | 17:20 |
RoyK | and thus, a dedicated switch | 17:20 |
patdk-wk | they currently have 2 10g and 2 1g nic's per blade | 17:20 |
patdk-wk | 4 switchs | 17:20 |
RoyK | or at least a vlan if the switch can handle that | 17:20 |
patdk-wk | could do 4 10g ports | 17:20 |
hallyn | zul: can't have, you said yo uhad the same failure with 0.9.13 right? | 17:21 |
zul | hallyn: yeah but i might be on crack now...anyways ill double check, play around with it and upload it on friday | 17:21 |
patdk-wk | ya, if they give me 4x 10g, I'll be dedicated 1 or 2 of those ports for bulk data moves | 17:21 |
RoyK | that is - any switch can handle vlans, but I meant "if the switch can handle both the ordinary traffic and that memory traffic" | 17:21 |
hallyn | zul: wait, what, upload what on friday? | 17:21 |
zul | libvirt 0.9.13 | 17:22 |
hallyn | my container should be half debootstrapped... | 17:22 |
hallyn | ok | 17:22 |
zul | i have it already packaged, just need to add one more patch other than the init-random patch | 17:22 |
stgraber | jamespage, ivoks: merged open-iscsi from Debian, our delta is really quite minimal now so it should help keeping on top of the bugs | 17:41 |
=== fenris_ is now known as Guest10826 | ||
stgraber | (took a couple of days to get it done as it was last merged back in Jaunty) | 17:41 |
=== Guest10826 is now known as ejat | ||
RoyK | stgraber: jaunty?? | 17:45 |
bitmonk | anyone have linux-crashdump / apport working on 10.04? we're trying to gather information on these '200ish days' failures which are affecting our prod infra.. | 17:45 |
bitmonk | when i install linux-crashdump, i see that apport fails to start | 17:45 |
bitmonk | doesn't really say much in log, some boilerplate in daemon.log | 17:45 |
bitmonk | which i can paste bin in a sec :) | 17:45 |
kyle__ | When you're installing via kickstart, which packages can you safely select for installation? I tried vim-nox, but it's failing on it. | 17:47 |
* bitmonk thinks ubu+kickstart makes about as much sense as apt on rhel | 17:48 | |
bitmonk | just an opinion, of course, but you should take a look at fai. | 17:49 |
=== cpg|away is now known as cpg | ||
* bitmonk is an idiot, enabled=0 in /etc/default/apport of course | 17:50 | |
kyle__ | bitmonk: fai is more than I need. and from what I've read, with what I'm doing, kickstart and preseed should be almost identical. Hell, one requires the other. | 17:50 |
stgraber | RoyK: yeah, nobody really looked after open-iscsi for quite a few years :) | 17:51 |
RoyK | strange thing is that it works... | 17:51 |
RoyK | hopefully also after this upgrade ;) | 17:51 |
stgraber | kinda, I had to add pretty ugly hacks back in 11.10 for it to still let you boot | 17:51 |
kyle__ | stgraber: What are people using for iscsi instead then? | 17:56 |
stgraber | kyle__: they are using open-iscsi, that's the scary part ;) | 17:56 |
stgraber | I mean, it works fine as long as you don't use it for your root device | 17:56 |
stgraber | if you use it for your root device, it'll still work but if anything happens on the server, you're pretty much dead | 17:57 |
kyle__ | Ooh I see. I don't know why you'd use iscsi for your root device without an HBA to be honest. | 17:57 |
stgraber | as there's a bug preventing iscsid from starting | 17:57 |
stgraber | some people apparently are doing that ;) | 17:57 |
kyle__ | I suppose it would be pretty easy to setup a pxeboot to do it... Ugh. | 17:57 |
stgraber | the new version I just uploaded fixes that bug on top of a lot of others and reduces the delta so much that merging changes from Debian should just be a matter of minutes | 17:58 |
kyle__ | stgraber: Most of the root device is really file-level stuff, so NFS would probably outpreform iscsi (software not hba) anyway. | 17:58 |
stgraber | yeah, that's how I've been testing it, PXE setup + iscsi server | 17:58 |
* kyle__ nods | 17:58 | |
stgraber | I never liked iscsi to be honnest, if you're into serious storage, just go with a SAN+fiber-channel, sure it's more expensive but it's MUCH faster and usually more reliable | 17:59 |
grendal | has anyone buit dns servers with content filtering? | 18:00 |
patdk-wk | I'm doing iscsi for diskless workstations | 18:00 |
patdk-wk | like it over other models | 18:00 |
grendal | i need something similar to opendns but..well not opendns | 18:00 |
kyle__ | grendal: I'm sure lots of people do, but I tend to do filtering at a proxy level. What are you trying to do? | 18:00 |
kyle__ | Ahh. | 18:00 |
kyle__ | patdk-wk: Which OS? How's it preforming? | 18:01 |
patdk-wk | for me? no one has complained, or even noticed | 18:01 |
patdk-wk | right now, the iscsi server has 4 1g nic's, and workstations just have 1g nic | 18:01 |
grendal | got a situation where i have a lot of individual boxes..over 6000 actually. cant send all their traffic to one server or a cluster even.. need to just block dns requests | 18:01 |
kyle__ | stgraber: I can see it's advantages for some things, especially if you need lots of connectivity, and speed isn't the aim. But for anything I've ever done a well tuned NFS server beats it. Just what I've done though. | 18:01 |
patdk-wk | using OI comstar for iscsi target | 18:02 |
kyle__ | patdk-wk: What OS is on the clients? Linux? BSD? windos? | 18:02 |
patdk-wk | mixture | 18:02 |
patdk-wk | mythbuntu at home :) | 18:02 |
kyle__ | patdk-wk: And they're all fine with it? Neat. | 18:03 |
patdk-wk | here at work, win7 | 18:03 |
patdk-wk | have 8 of those win7 machines here | 18:03 |
patdk-wk | well, doing iscsi boot | 18:03 |
patdk-wk | the idea is, these machines are more for temp employee/workstations | 18:04 |
kyle__ | grendal:Ah ok. If you want to do it in DNS, I'm pretty sure there are howtos. Or you could make a firewall rule on the server in question, and deny all traffic that not from where you want. | 18:04 |
patdk-wk | so iscsi makes it easy to snapback changes to redeploy | 18:04 |
kyle__ | patdk-wk: cool. | 18:04 |
patdk-wk | also, having the whole disk image able to fit in ram, on the iscsi server, helps make it pretty snappy | 18:05 |
kyle__ | Heh. That's almost cheating. | 18:05 |
zul | hallyn: new libvirt at http://people.canonical.com/~chucks | 18:05 |
=== Aaton_off is now known as Aaton | ||
punjab | Hi. How to get ubuntu 12.04 settings when installed from minimal netinstall? Things like visible boot process, motd? | 18:54 |
patdk-wk | punjab? heh? | 19:00 |
punjab | patdk-wk: When you install from server iso, there are this little differences | 19:01 |
patdk-wk | yes | 19:01 |
patdk-wk | I just don't see the point | 19:01 |
patdk-wk | the graphical stuff just gets in the way if you have issues | 19:01 |
patdk-wk | or even to let you know what is slowing down the boot | 19:02 |
punjab | Yes a want this, but i install from minimal netinstall | 19:02 |
=== fenris is now known as Guest42115 | ||
patdk-wk | I only install from minimal | 19:02 |
hallyn | that's what i most often do | 19:03 |
hallyn | now in taskel you can then select 'ubuntu server image' iirc. not sure if that ends up same. | 19:03 |
* patdk-wk did his first redhat minimal instal this week, that was a total pain, been too long since I last did one | 19:05 | |
punjab | When you login on clean minimal install, then login motd is different. In server minimal install have info about running procesess and system load | 19:06 |
patdk-wk | clean minimal install? | 19:08 |
punjab | yes. Only ssh selected | 19:08 |
patdk-wk | I'm confused by your two different minimal installs | 19:09 |
patdk-wk | I only know of one | 19:09 |
punjab | One from oficiall ubuntu server iso another from minimal iso: https://help.ubuntu.com/community/Installation/MinimalCD/ | 19:10 |
patdk-wk | ya, would have to compare the preseed files on those two different images | 19:12 |
patdk-wk | I always use the server iso these days, since it's easy to mount iso in vm | 19:12 |
patdk-wk | used to pxe boot install everything | 19:12 |
punjab | I dont expect difference, so i install from minimal.iso... Now i must configure this things manually | 19:14 |
punjab | Something like ubuntu-server package with server settings will be fine | 19:15 |
zul | hallyn: so i almost have libvirt-lxc working again on quantal, i supect i need to backport one more patch | 19:18 |
hallyn | which? | 19:19 |
zul | http://libvirt.org/git/?p=libvirt.git;a=commit;h=60687546705bab38bd5245713601b717b9b16c9d | 19:19 |
hallyn | oh, yeah | 19:20 |
hallyn | though i still maintain they start all right for me <shrug> | 19:20 |
zul | on 0.9.13? | 19:21 |
=== jdstrand_ is now known as jdstrand | ||
hallyn | zul: no on 0.9.12-0ubuntu5 | 19:42 |
S0ME1 | anyone can help me plz? | 20:02 |
genii-around | !ask | 20:02 |
ubottu | Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience | 20:02 |
S0ME1 | I am working on PXE installation for Ubuntu 12.04 | 20:03 |
S0ME1 | and I faced this error "The installer cannot find a suitable kernel package to install" | 20:03 |
S0ME1 | any advices ? | 20:03 |
S0ME1 | hellp! | 20:04 |
S0ME1 | hello! | 20:04 |
genii-around | S0ME1: Where is your installer getting it's deb files from? | 20:04 |
S0ME1 | genii-around: from my own mirror | 20:05 |
S0ME1 | I just rsync the CD file under my web server | 20:05 |
S0ME1 | file=files | 20:05 |
genii-around | S0ME1: So you've added some option to your dhcpd.conf like next-server <IP-of-your-mirror-here> ? | 20:06 |
S0ME1 | genii-around: I am using DNSMASQ | 20:06 |
genii-around | Hm | 20:06 |
S0ME1 | managing TFTP & DNS & DHCP | 20:06 |
genii-around | S0ME1: What is the tftp line on your server which is loading the kernel? | 20:07 |
S0ME1 | genii-around: if install the ubuntu server using CD manual, it is working well but over the network I got this error ""The installer cannot find a suitable kernel package to install"" | 20:07 |
S0ME1 | genii-around: what do you mean please ? | 20:08 |
genii-around | Hm | 20:08 |
genii-around | S0ME1: So right now when you boot the remote machine, it starts to load it's first part but then stalls during boot? | 20:09 |
S0ME1 | it is working | 20:10 |
genii-around | S0ME1: What do you have in /var/lib/tftpboot/ ? | 20:10 |
genii-around | eg: What are the contents of your pxelinux.cfg file | 20:12 |
genii-around | work requires me, returning shortly | 20:14 |
S0ME1 | genii-around: juts to boot via my pressed and | 20:14 |
genii-around | S0ME1: In your /etc/dnsmasq.conf what do you have for tftp-root value? And then, wherever that directory is, do you have a netboot kernel in there? | 20:23 |
kyle__ | What's the rational for putting ntpdate as the default on ubuntu server instead of ntpd? | 20:50 |
smoser | hallyn, qemu-kvm installation fails if you dont have a kernel module for kvm available. | 21:23 |
smoser | (as the service tries to modprobe and fails) | 21:23 |
smoser | FATAL: Module kvm_amd not found. | 21:23 |
smoser | i do not believe that was the case recently | 21:24 |
hallyn | in q? | 21:24 |
hallyn | smoser: you get that in quantal, not precise, right? | 21:26 |
smoser | quantal | 21:26 |
hallyn | i dunno, debian maintainer wasn't happy with my q package anyway, perhaps i should redo all of it | 21:26 |
hallyn | smoser: thanks i'll fix it | 21:27 |
hallyn | smoser: tbh i don't understand why it sometimes isn't available. don't all our kernels ship it? | 21:27 |
smoser | -virtual kernel does not have it. | 21:28 |
smoser | and someone's custom kernel might not have had it | 21:28 |
hallyn | smoser: in precise it will also fail if not installed, fwiw | 21:28 |
smoser | hallyn, for some reason i dont think tha tis the case | 21:28 |
hallyn | smoser: i agree i've never seen it happen, but looking at the upstart job, it *should* | 21:28 |
smoser | i'm basically walking through some notes i had done on p | 21:28 |
hallyn | my point being i worry something else may be wrong | 21:29 |
smoser | and i dont have any recollection of it failing ther | 21:29 |
smoser | but it is possible my notes are just bad | 21:29 |
smoser | clearly easy enough to test by launching an instance | 21:29 |
hallyn | no, i don't recall it ever failing in a cloud image in p | 21:29 |
hallyn | smoser: what would you suggest, do 'modprobe || true' or just 'modprobe || {stop; exit 0'}' ? | 21:30 |
smoser | hallyn, i guess || true | 21:31 |
smoser | modprobe -b kvm_intel "$KVM_NESTED" | 21:32 |
smoser | that seems evil | 21:32 |
smoser | the right way to do that i would think would be to modify modprobe.d | 21:32 |
hallyn | smoser: fwiw the reason i ignored this before is that we have an upstart job for loading the kernel module, so if loading kernel module fails, it seemed the upstart job should fail | 21:33 |
hallyn | smoser: 'options kvm_intel nested=1', and invite the user to change that if they like? | 21:36 |
smoser | well, yeah, thats what i was saying. doesn't that seem like the more common place to do that? | 21:37 |
smoser | ie, if something else modprobed this, they wouldnt get your settings | 21:37 |
hallyn | sure | 21:39 |
hallyn | just need to learn the debian packaging way to install a modprobe.d file | 21:39 |
hallyn | (will have to wait until next week) | 21:39 |
kyle__ | dpkg-reconfigure mdadm offers you the choice of booting with a degraded raid, or not. But it doesn't seem to be putting bootdegraded=true into the grub config. Where's the "right" place to put that manually? /boot/grub/grub.cfg is auto-generated durring updates, right? | 21:50 |
guntbert | kyle__: /etc/default/grub | 21:51 |
kyle__ | Thank you. | 21:55 |
guntbert | kyle__: you're welcome :) and dont't forget to run sudo update-grub afterwards | 21:56 |
kyle__ | guntbert: This was getting really frustrating I'll tell ya. | 21:56 |
kyle__ | Now to check to see if that's a known bug. | 21:57 |
=== Lcawte is now known as Lcawte|Away | ||
kyle__ | Yea, new bug. | 22:19 |
=== n0ts_off is now known as n0ts | ||
hilarie | Hello! | 22:39 |
hilarie | I have a ubuntu server (12.04) with 2 nics, 1 nic is wan, the other is lan, how can i turn ssh off for the wan? (eth0) | 22:40 |
genii-around | hilarie: You mean have the ssh server only running on the lan for people to ssh in, or you mean to prevent people from ssh-ing out to the internet at large? | 22:44 |
hilarie | Prevent inbound SSH traffic, I.E. I think I want to close port 22 on the wan? I am not sure, I don't want anyone to be able to SSH the server from wan | 22:44 |
genii-around | hilarie: You can set in sshd_config to only listen on whatever IP only ( so the lan one only ) ... i think is the ListenAddress variable | 22:49 |
hilarie | genii-around, Thank you! | 22:49 |
genii-around | If traffic is going through a router already, probably not really a concern unless that machine has an IP directly on the internet, or is in the DMZ, or port 22 is forwarded | 22:50 |
genii-around | hilarie: np | 22:50 |
hilarie | genii-around, it isn't protected by a NAT | 22:51 |
hilarie | its Modem----->server----->wifi router-----> other stuff | 22:51 |
genii-around | hilarie: Ah, then yeah | 22:52 |
hilarie | would rather block the WAN then have to play around with disabling the p/w | 22:53 |
genii-around | ( if server is doing the ISP auth ) | 22:53 |
hilarie | The ISP multicast for IPTV destroys the wifi router | 22:53 |
hilarie | genii-around, this looks like the command | 22:57 |
hilarie | ListenAddress host|IPv4_addr:port | 22:57 |
hallyn | stgraber: bzr+ssh://bazaar.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-api-getconfig/ is working for me | 22:57 |
hallyn | stgraber: give it a spin | 22:57 |
hilarie | do I include the | ? | 22:57 |
genii-around | hilarie: Yes. So you can also put there some non-standard port too if you liked on the same line | 22:58 |
hilarie | so ListenAddress host|LANIP:22 ? | 22:58 |
genii-around | hilarie: If no port specified then 22 is assumed | 22:58 |
hilarie | genii-around, Your a gentleman and a scholar, thank you! | 22:58 |
genii-around | hilarie: Well, one of those two anyhow! ... don't forget to restart sshd after of course... | 22:59 |
hilarie | thats the sudo /etc/init.d/ssh restart | 22:59 |
hilarie | right? | 22:59 |
hallyn | stgraber: all right, never mind. i have some fine-tuning to do | 22:59 |
genii-around | hilarie: I can't remember if upstart job or no for that yet | 22:59 |
genii-around | ( might be sudo start sshd ...instead) | 23:00 |
hilarie | Yeah, everytime I do /etc/init.d/ stuff, it yells at me about an upstart job, what is that? | 23:00 |
genii-around | hilarie: init.d/contents are linear-loading type startup scripts... init/scripts are those for upstart which loads what it can in parallel | 23:01 |
genii-around | hilarie: The old way is being migrated, etc | 23:02 |
hilarie | I think I get it... if it yells at me about it, you can just go sudo start *stuff* | 23:02 |
genii-around | hilarie: Well, /etc/init.d/name stop first.... but yeah | 23:02 |
hilarie | without the /etc/init.d/*stuff* *start/restart/stop* | 23:02 |
genii-around | hilarie: If the app only has old one in /etc/init.d/ you can still go through upstart with sudo service old-name start | 23:03 |
hilarie | Port 22 is closed on MyIP :) | 23:03 |
hilarie | From a security standpoint, its not a big deal that the BIND9 has port 53 open on my WAN port right? | 23:07 |
genii-around | hilarie: Not sure there, but every closed port helps | 23:08 |
hilarie | It's the only open one on WAN :) | 23:09 |
genii-around | hilarie: If you're extremely worried about attacks there, you could even compartmentalize port 53 into a virtual machine that can't compromise anything else | 23:10 |
hilarie | I was just reading about bind9, and its so simple, and well devoloped, there are no known vulnerabilities | 23:10 |
genii-around | hilarie: If you search for bind9 and exploits I'm sure there's probably a few | 23:12 |
hilarie | Bleh, your right! | 23:12 |
hilarie | All ports closed or Stealth! | 23:25 |
=== n0ts is now known as n0ts_off | ||
=== n0ts_off is now known as n0ts | ||
=== cpg is now known as cpg|away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!