/srv/irclogs.ubuntu.com/2012/07/11/#ubuntu-server.txt

jasonmsphey all.  I have several websites hosting on my server (running apache) is there something  I can use to monitor network traffic and cap the total network traffic over a specified period of time?00:01
ping__jasonmsp what u use for monitoring00:01
jasonmspnothing at the moment. I'm looking for a solution to monitor the traffic and cap it if they hit a certain threshold00:02
jasonmspbut I'm looking to do that on a vhost basis.00:03
zulhallyn: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/102320500:03
uvirtbotLaunchpad bug 1023205 in libvirt "libvirt_lxc crashed with SIGSEGV in random_r()" [Undecided,New]00:03
=== Pupeno_W_ is now known as Pupeno_W
=== txwikinger2 is now known as txwikinger
=== wylde_ is now known as wylde
=== n0ts_off is now known as n0ts
kyle__pxe installing, I keep getting an error about a corrupt Packages file.  I read some posts suggesting just gunzip it, but it didn't help.00:40
adam_gww/away gone00:50
=== kermit1 is now known as kermit
=== cpg is now known as cpg|away
=== n0ts is now known as n0ts_off
=== th0mz_ is now known as th0mz
=== cpg|away is now known as cpg
=== cpg is now known as cpg|away
=== MoleMan is now known as MoleMan_
=== cpg|away is now known as cpg
=== cpg is now known as cpg|away
BankAdminHello, can multiple virtual instances of Ubuntu Server access the same physical RAID array directly, or can this only be done by mounting samba shares of the physical host locally within each VM instance?03:10
BankAdminI can't stick around but if you have any info on this please let me know at public AT duvrazh (dot) net03:11
=== Guest36151 is now known as exocaesar
=== cpg|away is now known as cpg
RamJettAny know any link on beefing up dhcpclient for a server. I run a private cloud with openstack and the instances sometime have a glitch and do not get a dhcp response. It then destroys the interface and I loose IP.04:18
=== Aaton is now known as Aaton_off
=== n0ts_off is now known as n0ts
=== n0ts is now known as n0ts_off
Super_DogAny fstab wizards out there?05:38
LordJebeHello, I would need a little help with an autoupdate script05:47
LordJebeAny helping hands?05:47
=== n0ts_off is now known as n0ts
RoyKresno: looks to me unraid is some file-level raid aka raid-3. it' also proprietary, or little used, full of buzzwords etc, so i think i'll stick to linux ;-)05:57
_AndrewHi guys, need some help, I'm following the answers posted about getting DNS working here.. http://askubuntu.com/questions/140688/upgraded-server-to-12-04-dns-no-longer-working05:59
_AndrewBut none of the answers are working06:00
_AndrewThis is for 12.0406:00
_AndrewClean install06:00
=== almaisan-away is now known as al-maisan
=== n0ts is now known as n0ts_off
=== n0ts_off is now known as n0ts
RoyK_Andrew: check /etc/resolv.conf06:43
RoyK_Andrew: static ip or dhcp?06:44
ubuntuNathan_S07:06
=== ubuntu is now known as Nathan_S
Super_Dogfstab wizards....  remember "\040"= a directory space in fstab...07:46
Super_DogThat had me stumped...07:46
_AndrewRoyK, I have a static IP set and I have added nameservers to resolve.conf08:03
_Andrewbut still can't ping google.com or anything08:04
_AndrewIn fact the resolv.conf just gets wiped regardless of the config I changed in the link I gave eariler08:05
jamespagezul, I think we should drop the openvswitch-datapath packages based on what upstream have suggested for quantal08:09
=== n0ts is now known as n0ts_off
=== n0ts_off is now known as n0ts
=== n0ts is now known as n0ts_off
=== ubuntu is now known as Nathan_S
RoyK_Andrew: with static ip, you need to add the nameservers to /etc/network/interfaces - at the end of the eth0 block, add 'dns-nameservers x.x.x.x' and 'dns-search your.tld'09:17
Pupeno_Wis there a way to run bash instead of sh in upstart scripts?09:18
=== ninjak_ is now known as ninjak
=== Pupeno_W_ is now known as Pupeno_W
=== cpg is now known as cpg|away
=== al-maisan is now known as almaisan-away
=== matsubara is now known as matsubara-afk
jamespagezul, thoughts on openvswitch then? drop the datapath packages?11:41
zuljamespage:  still waking up but yes...i agree11:42
=== almaisan-away is now known as al-maisan
=== al-maisan is now known as almaisan-away
feisarcould someone tell me why scponly has been removed from the repos and what I'm supposed to use instead?11:50
jpdsfeisar: "(From Debian) RoQA; RC buggy, unmaintained, replacement exists; Debian bug #650590"11:51
uvirtbotDebian bug 650590 in ftp.debian.org "RM: scponly -- RoQA; RC buggy, unmaintained, replacement exists" [Important,Open] http://bugs.debian.org/65059011:51
jpdshttps://launchpad.net/ubuntu/+source/scponly/+publishinghistory11:52
zulgood morning11:52
feisarjpds: thanks11:53
jamespagezul, I'll stuff that in now then11:56
zuljamespage: cool....i have to go figure out how to unbreak libvirt11:57
=== almaisan-away is now known as al-maisan
samba35how do i change openstack dashboard passwd  ..password is lost by me12:04
samba35usign 12.0412:04
Davieyzul: does bug 1011627 need some love?12:09
uvirtbotLaunchpad bug 1011627 in six "[MIR] python-requests" [Undecided,Fix released] https://launchpad.net/bugs/101162712:09
zulDaviey: yes i just havent gotten to it yet12:09
Davieycool12:10
Davieyroaksoax: python-mailer needs dh2 transition ?12:10
jamespagezul: I'm just going to disable the package in control for the time being12:19
jamespageupstream might make it work again at some point in time12:19
jamespagei.e. its a hack12:19
zuljamespage:  yeah i think 1.4.2 might be getting long in the tooth as well12:20
jamespagezul, I think an update to 1.6.x with current snapshot from branch-1.6 might be a good idea12:20
jamespagezul, I can do that at the same time if you like - have a test setup here already12:20
zuljamespage: stick it in a ppa first before uploading it :)12:21
=== th0mz_ is now known as th0mz
hallynzul: hm, for some reason tftpd-hpa is not starting right here on boot.  upstart thinks its running, but ps -ef | grep tftp shows nothing, and clients aren't connecting13:03
hallynwhen i sudo restart tftpd-hpa, then clients can connect and ps -ef | grep tftp shows it running13:04
zulrunning what?13:04
hallynroot     18298     1  0 08:02 ?        00:00:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure /var/lib/tftpboot13:04
hallyni see nothing in the upstart job that should cause that...13:06
roaksoaxDaviey: checking...13:12
roaksoaxDaviey: that'13:12
roaksoaxDaviey: that's wird I thjought I had uploaded it already13:12
Davieyroaksoax: heh13:22
roaksoaxDaviey: done!13:23
Daviey\o/13:23
roaksoaxDaviey: if you are doing AA work, could you also take care of python-tx-tftp please?13:23
roaksoaxit's in the new queue13:24
Davieyroaksoax: i accepted it earlier :)13:24
roaksoaxDaviey: awesome then, thanks1`13:24
roaksoaxDaviey: awesome then, thanks113:24
roaksoaxerr13:24
roaksoax!13:24
Davieyoh what13:25
DavieyI reviewed it, but didn't accept it.13:25
Davieyroaksoax: I wanted to question why you didn't use github?13:25
Davieyroaksoax: There isn't a debian/watch file which will probably be needed for MIR btw13:26
Davieybut happy to accept it.13:26
roaksoaxDaviey: I didn't use github because I wanted to use the same approach as we did with cobbler on having it imported over launchpad, and for ease of packaging13:27
Davieyroaksoax: ok, cool13:27
roaksoaxDaviey: and can't really have a watch file when upstream doesn't provide tarballs, can we?13:27
Davieyroaksoax: well.. you can.. it's just less fun.13:28
Davieyprobably not required for this example TBH13:28
Davieyanyway, accepted :)13:29
roaksoaxDaviey: I see, cause I couldn't find any examples of importing from a branch in debian/watch. But I agree it is pretty stationary code either way.13:29
roaksoaxDaviey: and thanks!13:29
resnoRoyK: no unraid for you lol13:35
zuljamespage: im sitting on libvirt 0.9.13 btw13:35
jamespagezul, coolio - I think that gives us ceph authenticated block access13:36
smbzul, breeding?13:44
zulsmb: ?13:44
zulsmb: exactly13:44
smbJust imagined you sitting on the package keeping it warm. ;)13:45
* smb wonders how zul speaks without being present...13:45
JanCI suggest you turn join/leave messages on  ;)13:47
ahs3well, duh, zul's a demi-god.  of course he can speak without being present.13:48
=== zyga is now known as zyga-food
=== zyga-food is now known as zyga
=== al-maisan is now known as almaisan-away
zulhallyn: i applied the random libvirt-lxc segfaulting patch to libvirt and still get the same thing14:40
hallynzul: drat.  (i'm still waiting for mine to finish building)14:41
=== Lcawte|Away is now known as Lcawte
zulhallyn: http://paste.ubuntu.com/1086274/14:42
* hallyn shakes his head - traffic to archives is painfully slow right now for me14:42
zulhallyn: it just cant find veth14:45
hallynzul: are you sure you quilt push'd the patch?  bc it's fixed here14:45
hallynmind you in ppa i had a test case failure for i386, something to do with initrd, but i'm going to have to hope that's a ppa-only problem bc nothing i changed should have caused that.14:46
hallynzul: (back in a bit, lemme know...  it'd be very weird if it worked for me but not for you)15:00
jsnappsmoser, if i have a multi-part cloud-init user-data can i specify the order things get run?15:07
smoserwhat things?15:07
jsnappsmoser, for example can i have a couple scripts run , then cloud-config, then another script?15:08
smoserhm..15:09
smoseryou can accomplish what you want, yes.15:09
smoserdepending on what you want, bootcmd may be sufficient15:11
smoserhttp://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt15:11
smoseralso see Cloud Boothook at https://help.ubuntu.com/community/CloudInit15:11
jsnappsmoser, ok, thanks ... what about multiple user-data scripts running at rc.local-like time? do they run in any particular order? such as alphabetical?15:18
smoserif you provide filenames, they run in run-parts order15:21
smoserC locale sorted order.15:21
jsnappok, thanks very much15:22
=== n0ts_off is now known as n0ts
=== zyga_ is now known as zyga
S0ME1hello, I am facing issue with ubuntu image desktop via PXE installation15:44
S0ME1I am using version 12.04 LTS15:45
S0ME1I am using DNSMASQ & atftpd for booting PXE15:46
RoyKresno: no, I prefer the real stuff, either linux md or zfs, depending on application ;)15:48
S0ME1but once the system booting over the network, they read the preseed.cfg but issues with Packages file missed, I created that file, the 2nd issue say, continue without installing kernel ? .... really strange stuff !15:49
S0ME1what is the best way to install ubuntu desktop 12.04 LTS over the LAN?15:50
S0ME1any suggestion ?15:50
hallynzul: exaclty what do you mean by 'missing veth'?  can you show 'ls /sys/class/net'; 'ip link add type veth'; 'ls /sys/class/net' output?16:00
=== matsubara-afk is now known as matsubara
=== n0ts is now known as n0ts_off
zulhallyn: gimme a sec rebooting16:02
zulhallyn: well manually it works: http://paste.ubuntu.com/1086402/16:04
hallynzul: can edit that domain, get rid of the 'target dev=veth0' and 'mac address=' lines, and see if that helps?16:06
zulhallyn: sure16:06
hallynthe 'target dev=veth0' *should* only be there while it's running, hopefully16:06
hallynnote, i don't expect that to help, just want to verify16:06
RoyKlooks like the next few servers I'll be setting up at work, will be on centos, because ubuntu doesn't have ovirt :(16:09
DavieyRoyK: if you do try oVirt on Ubuntu, i'd like to know how it goes.16:10
hasdfis there any control panel which supports lighttpd?16:10
Davieyhasdf: gnome-terminal is one, putty is another.. there are a few.16:10
RoyKbug 33797616:10
uvirtbotLaunchpad bug 337976 in ubuntu "[needs-packaging] Package Redhat's oVirt for use on Ubuntu" [Wishlist,Confirmed] https://launchpad.net/bugs/33797616:10
zulhallyn: no dice16:11
hallynnow that's unrelated to the new 'ovirt' effort right?16:11
RoyKDaviey: after browsing this http://www.ovirt.org/wiki/Ovirt_build_on_debian/ubuntu I don't think I can give my boss a good reason for choosing ubuntu for this system16:11
RoyKhallyn: why?16:12
RoyKhallyn: are there any new ovirt efforts ongoing in debuntu land?16:13
hallynRoyK: http://www.theregister.co.uk/2011/09/23/ovirt_red_hat/16:13
hallyndannf: were you the one who knows a bit more about (the new) ovirt?16:13
DavieyRoyK: we were more involved initially, but really decided to consecrate our effort on IaaS16:13
hasdfDaviey, I mean control panels like webmin, cpanel etc16:13
RoyKhallyn: both link to ovirt.org16:14
hallynhmm16:14
RoyKhallyn: the fancy windows frontend isn't interesting16:14
hallynok, i thought it had a new code base for some reason.  parently not16:14
RoyKthe failover parts in ovirt *is* interesting16:14
RoyKbut then - perhaps I'll just setup KVM with shared storage on GFS2 and do some hacking - possibly more fun :D16:15
hallynzul: looks like 0.9.12-0ubuntu5 has built but not yet been published...  come on...  come on...16:17
zulhallyn: im going to finish what im doing here then i can grab the source and build it myself :)16:19
hallynzul: the advantage of the archive is the -dbg packages :)16:22
zulright nm then :)16:22
* RoyK wonders if vbox can handle sharing disks....16:22
Pupeno_WHow do you disable upstart services?16:24
RoyK!upstart16:25
ubottuUpstart is meant to replace the old Sys V Init system with an event-driven init model.  For more information please see: http://upstart.ubuntu.com/16:25
hallynRoyK: it sounds like you're doing something interesting.  might be fun to post goals to ubuntu-server and get some more ideas.  For instance i think SpamapS has some experience with all the cluster/cloud-fs's16:26
RoyKhallyn: will do - just need to discuss it a bit at work first16:27
hallyncool16:27
RoyKbut I guess we'll start off with two pizzaboxes and a shared piece of disk on the SAN16:27
SpamapSPupeno_W: natty and later, do 'echo manual >> /etc/init/$jobname.override'16:30
Pupeno_WSpamapS: interesting. Thanks :)16:30
RoyKSpamapS: do you have much experience with shared filesystems like GFS or OCFS?16:31
SpamapSRoyK: yes, my experience with both was to give up and buy a NetApp16:37
RoyKhow did that make things better?16:38
SpamapSRoyK: they are very old-world.. very fussy, and IMO, SAN shared FS's are a money and time sink16:38
RoyKtried v2 of them as well?16:38
SpamapSRoyK: the NetApp always worked.. even tho we had to find all the flock()'s and turn them into fcntl locks.. that was nothing compared to trying to tune GFS16:39
SpamapSno this was maybe 8 years ago16:39
RoyKa few things have happened since then ;)16:39
SpamapSRoyK: in fact the netapp was eventually replaced by a couple of commodity servers running Linux NFS once we made our code behave and realized we didn't even need the netapp.16:40
SpamapSRoyK: this was with *billions* of file operations per hour16:40
RoyKSpamapS: so a mere million IOPS? pretty fancy hardware, then ;)16:41
SpamapSRoyK: 20 disks in RAID5+0 on a nice external HP RAID (I forget the number.. something-1000)16:42
RoyKbut probably not a million IOPS16:43
SpamapSRoyK: the key was to have 1GB of battery backed cache16:43
SpamapSRoyK: I did not say IOPS too.. file operations... not everything made it to disk :)16:43
RoyKwell, I'll do some testing with vbox to see what happens :D16:44
RoyKand tomorrow with some 1U machines struggling to use the same SAN LUN16:44
* RoyK likes that sort of fun16:44
hallynzul: looking one more time at http://paste.ubuntu.com/1086274/, the missing eth0 looks to still be because the libvirt-lxc driver segfaulted before it created the veth pair.  then the libvirt monitor which is supposed to do brctl addif br100 veth0 fails16:45
hallynzul: what does /var/log/libvirt/lxc/instance-00000001.log show?16:45
SpamapSRoyK: Anyway, I've never had a workload which wanted a real SAN.. so perhaps your use case is different. I prefer to encapsulate everything in its own cost pool rather than have a big storage monster. ;)16:45
RoyKfunny thing is, we already have an ESX setup, but it's drawing too much from the budget, so I've been asked to help setup something with KVM to offload whatever not needing that redundancy ESX can give us16:45
zulhallyn: i turned on more verbose debugging: http://paste.ubuntu.com/1086475/16:47
patdk-wkroyk, ya, esx is nice, but alittle overkill unless you want some kind of ha16:48
RoyKI *do* want to do some kind of HA16:50
RoyKfor instance, I want to move VMs around if they're in the way16:50
RoyKthat's not HA, but perhaps poor-man's-HA16:50
zulhallyn: doesnt seem to be published yet :*(16:54
hallynzul: all right fine build locally ((*&%(*$&%)16:54
zuldont worry ill build the debug packages as well16:55
RoyKpatdk-wk: I misread that - we need HA for pretty much, but we don't need ESX-grade HA for everything, and ESX is rather expensive, so we want a small KVM setup to offload the ESX with the not-so-important-VMs, but even there, we want shared storage, I recommended NFS, but he didn't listen, so we'll try GFS217:06
patdk-wkbasically, you just want normal esx HA, but not FT17:09
patdk-wkvmotion, restart on host failure, but not 100% uptime requirement17:10
RoyKI don't know if we use FT17:10
RoyKI just started in this job :)17:10
patdk-wkheh17:10
RoyKand for what I can understand, there's no current plan of abandoning ESX altogether, but to offload it with KVM for the less important stuff17:11
patdk-wkheh, I hope they are using other good features of esx for something then17:12
RoyKso do I17:13
patdk-wkbut then, those features only really come into play with really demanding vm's17:13
patdk-wkso maybe that is the goal17:13
zulhallyn: well it seems to work, but the domain seems to crash http://paste.ubuntu.com/1086519/ (note: that this is with a precise image)17:13
RoyKIIRC FT VMs are rather heavy, so perhaps they want to offload the cluster with taking out the smaller, less important ones to KVM17:14
patdk-wkI'm getting ready to setup my first few FT vm's here17:14
RoyKwhat sort of network are you using? 10G or IB?17:14
patdk-wkright now, 1g :(17:15
patdk-wkthe FT vm's might have to wait till the 10g upgrade17:15
RoyKnot good for FT, or so I've heard17:15
patdk-wkya17:15
hallynzul: ok lemme try a precise container.  (gonna take awhile to create, archives NOT treating me well)17:15
zulhallyn: ok lemme try with a quantal container17:15
RoyKpatdk-wk: perhaps better use IB, might even be cheaper, and for the memory transfer, probably better than 10GE17:15
patdk-wkreally wish I could use my 8g fc's for it17:16
patdk-wkthey can't use IB though :(17:16
patdk-wktheir systems can't handle it17:16
RoyKok17:16
hallynzul: that's libvirtd.log right?  do you have a instance-00000x.log you can pb?17:16
zulhallyn:  thats the instance-00000x.log17:16
hallynhm17:16
RoyKjust use a dedicated FC setup, then - the memory traffic is *heavy*17:16
hallynzul: in what way does it crash?  does the whole domain disappear?  or does it hang and you can't login?17:17
zulwhole domain disapears17:17
hallynplausible17:17
hallynsigh, i hope i dno't have to weed through the other libvirt-lxc commits t o pick the 'important' ones17:18
RoyKpatdk-wk: but - why is it their systems can't handle IB?17:18
patdk-wktheir blades/chassis can't17:18
patdk-wkit could do IB or FC17:18
RoyKah17:18
RoyKic17:18
patdk-wkbut they build everything on fc17:18
RoyKbut they can do 10Ge?17:19
hallynzul: might be worth switching to 0.9.13 + the init_random patch17:19
zulhallyn: agreed17:19
patdk-wkya, the blades already support 10g, just the blade switch needs to be swapped17:20
zuli thought the init_random patch already made it in17:20
RoyKpatdk-wk: if they have dual port, use a dedicated network for the memory part17:20
RoyKand thus, a dedicated switch17:20
patdk-wkthey currently have 2 10g and 2 1g nic's per blade17:20
patdk-wk4 switchs17:20
RoyKor at least a vlan if the switch can handle that17:20
patdk-wkcould do 4 10g ports17:20
hallynzul: can't have, you said yo uhad the same failure with 0.9.13 right?17:21
zulhallyn: yeah but i might be on crack now...anyways ill double check, play around with it and upload it on friday17:21
patdk-wkya, if they give me 4x 10g, I'll be dedicated 1 or 2 of those ports for bulk data moves17:21
RoyKthat is - any switch can handle vlans, but I meant "if the switch can handle both the ordinary traffic and that memory traffic"17:21
hallynzul: wait, what, upload what on friday?17:21
zullibvirt 0.9.1317:22
hallynmy container should be half debootstrapped...17:22
hallynok17:22
zuli have it already packaged, just need to add one more patch other than the init-random patch17:22
stgraberjamespage, ivoks: merged open-iscsi from Debian, our delta is really quite minimal now so it should help keeping on top of the bugs17:41
=== fenris_ is now known as Guest10826
stgraber(took a couple of days to get it done as it was last merged back in Jaunty)17:41
=== Guest10826 is now known as ejat
RoyKstgraber: jaunty??17:45
bitmonkanyone have linux-crashdump / apport working on 10.04? we're trying to gather information on these '200ish days' failures which are affecting our prod infra..17:45
bitmonkwhen i install linux-crashdump, i see that apport fails to start17:45
bitmonkdoesn't really say much in log, some boilerplate in daemon.log17:45
bitmonkwhich i can paste bin in a sec :)17:45
kyle__When you're installing via kickstart, which packages can you safely select for installation?  I tried vim-nox, but it's failing on it.17:47
* bitmonk thinks ubu+kickstart makes about as much sense as apt on rhel17:48
bitmonkjust an opinion, of course, but you should take a look at fai.17:49
=== cpg|away is now known as cpg
* bitmonk is an idiot, enabled=0 in /etc/default/apport of course17:50
kyle__bitmonk: fai is more than I need.  and from what I've read, with what I'm doing, kickstart and preseed should be almost identical.  Hell, one requires the other.17:50
stgraberRoyK: yeah, nobody really looked after open-iscsi for quite a few years :)17:51
RoyKstrange thing is that it works...17:51
RoyKhopefully also after this upgrade ;)17:51
stgraberkinda, I had to add pretty ugly hacks back in 11.10 for it to still let you boot17:51
kyle__stgraber: What are people using for iscsi instead then?17:56
stgraberkyle__: they are using open-iscsi, that's the scary part ;)17:56
stgraberI mean, it works fine as long as you don't use it for your root device17:56
stgraberif you use it for your root device, it'll still work but if anything happens on the server, you're pretty much dead17:57
kyle__Ooh I see.  I don't know why you'd use iscsi for your root device without an HBA to be honest.17:57
stgraberas there's a bug preventing iscsid from starting17:57
stgrabersome people apparently are doing that ;)17:57
kyle__I suppose it would be pretty easy to setup a pxeboot to do it... Ugh.17:57
stgraberthe new version I just uploaded fixes that bug on top of a lot of others and reduces the delta so much that merging changes from Debian should just be a matter of minutes17:58
kyle__stgraber: Most of the root device is really file-level stuff, so NFS would probably outpreform iscsi (software not hba) anyway.17:58
stgraberyeah, that's how I've been testing it, PXE setup + iscsi server17:58
* kyle__ nods17:58
stgraberI never liked iscsi to be honnest, if you're into serious storage, just go with a SAN+fiber-channel, sure it's more expensive but it's MUCH faster and usually more reliable17:59
grendalhas anyone buit dns servers with content filtering?18:00
patdk-wkI'm doing iscsi for diskless workstations18:00
patdk-wklike it over other models18:00
grendali need something similar to opendns but..well not opendns18:00
kyle__grendal: I'm sure lots of people do, but I tend to do filtering at a proxy level.  What are you trying to do?18:00
kyle__Ahh.18:00
kyle__patdk-wk: Which OS?  How's it preforming?18:01
patdk-wkfor me? no one has complained, or even noticed18:01
patdk-wkright now, the iscsi server has 4 1g nic's, and workstations just have 1g nic18:01
grendalgot a situation where i have a lot of individual boxes..over 6000 actually.  cant send all their traffic to one server or a cluster even.. need to just block dns requests18:01
kyle__stgraber: I can see it's advantages for some things, especially if you need lots of connectivity, and speed isn't the aim.  But for anything I've ever done a well tuned NFS server beats it.  Just what I've done though.18:01
patdk-wkusing OI comstar for iscsi target18:02
kyle__patdk-wk: What OS is on the clients?  Linux? BSD?  windos?18:02
patdk-wkmixture18:02
patdk-wkmythbuntu at home :)18:02
kyle__patdk-wk: And they're all fine with it?  Neat.18:03
patdk-wkhere at work, win718:03
patdk-wkhave 8 of those win7 machines here18:03
patdk-wkwell, doing iscsi boot18:03
patdk-wkthe idea is, these machines are more for temp employee/workstations18:04
kyle__grendal:Ah ok.  If you want to do it in DNS, I'm pretty sure there are howtos.  Or you could make a firewall rule on the server in question, and deny all traffic that not from where you want.18:04
patdk-wkso iscsi makes it easy to snapback changes to redeploy18:04
kyle__patdk-wk: cool.18:04
patdk-wkalso, having the whole disk image able to fit in ram, on the iscsi server, helps make it pretty snappy18:05
kyle__Heh.  That's almost cheating.18:05
zulhallyn: new libvirt at http://people.canonical.com/~chucks18:05
=== Aaton_off is now known as Aaton
punjabHi. How to get ubuntu 12.04 settings when installed from minimal netinstall? Things like visible boot process, motd?18:54
patdk-wkpunjab? heh?19:00
punjabpatdk-wk: When you install from server iso, there are this little differences19:01
patdk-wkyes19:01
patdk-wkI just don't see the point19:01
patdk-wkthe graphical stuff just gets in the way if you have issues19:01
patdk-wkor even to let you know what is slowing down the boot19:02
punjabYes a want this, but i install from minimal netinstall19:02
=== fenris is now known as Guest42115
patdk-wkI only install from minimal19:02
hallynthat's what i most often do19:03
hallynnow in taskel you can then select 'ubuntu server image' iirc.  not sure if that ends up same.19:03
* patdk-wk did his first redhat minimal instal this week, that was a total pain, been too long since I last did one19:05
punjabWhen you login on clean minimal install, then login motd is different. In server minimal install have info about running procesess and system load19:06
patdk-wkclean minimal install?19:08
punjabyes. Only ssh selected19:08
patdk-wkI'm confused by your two different minimal installs19:09
patdk-wkI only know of one19:09
punjabOne from oficiall ubuntu server iso another from minimal iso: https://help.ubuntu.com/community/Installation/MinimalCD/19:10
patdk-wkya, would have to compare the preseed files on those two different images19:12
patdk-wkI always use the server iso these days, since it's easy to mount iso in vm19:12
patdk-wkused to pxe boot install everything19:12
punjabI dont expect difference, so i install from minimal.iso... Now i must configure this things manually19:14
punjabSomething like ubuntu-server package with server settings will be fine19:15
zulhallyn: so i almost have libvirt-lxc working again on quantal, i supect i need to backport one more patch19:18
hallynwhich?19:19
zulhttp://libvirt.org/git/?p=libvirt.git;a=commit;h=60687546705bab38bd5245713601b717b9b16c9d19:19
hallynoh, yeah19:20
hallynthough i still maintain they start all right for me <shrug>19:20
zulon 0.9.13?19:21
=== jdstrand_ is now known as jdstrand
hallynzul: no on 0.9.12-0ubuntu519:42
S0ME1anyone can help me plz?20:02
genii-around!ask20:02
ubottuPlease don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience20:02
S0ME1I am working on PXE installation for Ubuntu 12.0420:03
S0ME1and I faced this error "The installer cannot find a suitable kernel package to install"20:03
S0ME1any advices ?20:03
S0ME1hellp!20:04
S0ME1hello!20:04
genii-aroundS0ME1: Where is your installer getting it's deb files from?20:04
S0ME1genii-around: from my own mirror20:05
S0ME1I just rsync the CD file under my web server20:05
S0ME1file=files20:05
genii-aroundS0ME1: So you've added some option to your dhcpd.conf like next-server <IP-of-your-mirror-here>  ?20:06
S0ME1genii-around: I am using DNSMASQ20:06
genii-aroundHm20:06
S0ME1managing TFTP & DNS & DHCP20:06
genii-aroundS0ME1: What is the tftp line on your server which is loading the kernel?20:07
S0ME1genii-around: if install the ubuntu server using CD manual, it is working well but over the network I got this error ""The installer cannot find a suitable kernel package to install""20:07
S0ME1genii-around: what do you mean please ?20:08
genii-aroundHm20:08
genii-aroundS0ME1: So right now when you boot the remote machine, it starts to load it's first part but then stalls during boot?20:09
S0ME1it is working20:10
genii-aroundS0ME1: What do you have in /var/lib/tftpboot/   ?20:10
genii-aroundeg: What are the contents of your pxelinux.cfg file20:12
genii-aroundwork requires me, returning shortly20:14
S0ME1genii-around: juts to boot via my pressed and20:14
genii-aroundS0ME1: In your /etc/dnsmasq.conf what do you have for tftp-root value? And then, wherever that directory is, do you have a netboot kernel in there?20:23
kyle__What's the rational for putting ntpdate as the default on ubuntu server instead of ntpd?20:50
smoserhallyn, qemu-kvm installation fails if you dont have a kernel module for kvm available.21:23
smoser(as the service tries to modprobe and fails)21:23
smoserFATAL: Module kvm_amd not found.21:23
smoseri do not believe that was the case recently21:24
hallynin q?21:24
hallynsmoser: you get that in quantal, not precise, right?21:26
smoserquantal21:26
hallyni dunno, debian maintainer wasn't happy with my q package anyway, perhaps i should redo all of it21:26
hallynsmoser: thanks i'll fix it21:27
hallynsmoser: tbh i don't understand why it sometimes isn't available.  don't all our kernels ship it?21:27
smoser-virtual kernel does not have it.21:28
smoserand someone's custom kernel might not have had it21:28
hallynsmoser: in precise it will also fail if not installed, fwiw21:28
smoserhallyn, for some reason i dont think tha tis the case21:28
hallynsmoser: i agree i've never seen it happen, but looking at the upstart job, it *should*21:28
smoseri'm basically walking through some notes i had done on p21:28
hallynmy point being i worry something else may be wrong21:29
smoserand i dont have any recollection of it failing ther21:29
smoserbut it is possible my notes are just bad21:29
smoserclearly easy enough to test by launching an instance21:29
hallynno, i don't recall it ever failing in a cloud image in p21:29
hallynsmoser: what would you suggest, do 'modprobe || true' or just 'modprobe || {stop; exit 0'}' ?21:30
smoserhallyn, i guess || true21:31
smoser                modprobe -b kvm_intel "$KVM_NESTED"21:32
smoserthat seems evil21:32
smoserthe right way to do that i would think would be to modify modprobe.d21:32
hallynsmoser: fwiw the reason i ignored this before is that we have an upstart job for loading the kernel module, so if loading kernel module fails, it seemed the upstart job should fail21:33
hallynsmoser: 'options kvm_intel nested=1', and invite the user to change that if they like?21:36
smoserwell, yeah, thats what i was saying. doesn't that seem like the more common place to do that?21:37
smoserie, if something else modprobed this, they wouldnt get your settings21:37
hallynsure21:39
hallynjust need to learn the debian packaging way to install a modprobe.d file21:39
hallyn(will have to wait until next week)21:39
kyle__dpkg-reconfigure mdadm offers you the choice of booting with a degraded raid, or not.  But it doesn't seem to be putting bootdegraded=true into the grub config.  Where's the "right" place to put that manually?  /boot/grub/grub.cfg is auto-generated durring updates, right?21:50
guntbertkyle__: /etc/default/grub21:51
kyle__Thank you.21:55
guntbertkyle__: you're welcome :) and dont't forget to run sudo update-grub afterwards21:56
kyle__guntbert: This was getting really frustrating I'll tell ya.21:56
kyle__Now to check to see if that's a known bug.21:57
=== Lcawte is now known as Lcawte|Away
kyle__Yea, new bug.22:19
=== n0ts_off is now known as n0ts
hilarieHello!22:39
hilarieI have a ubuntu server (12.04) with 2 nics, 1 nic is wan, the other is lan, how can i turn ssh off for the wan? (eth0)22:40
genii-aroundhilarie: You mean have the ssh server only running on the lan for people to ssh in, or you mean to prevent people from ssh-ing out to the internet at large?22:44
hilariePrevent inbound SSH traffic, I.E. I think I want to close port 22 on the wan? I am not sure, I don't want anyone to be able to SSH the server from wan22:44
genii-aroundhilarie: You can set in sshd_config to only listen on whatever IP only ( so the lan one only ) ... i think is the ListenAddress variable22:49
hilariegenii-around, Thank you!22:49
genii-aroundIf traffic is going through a router already, probably not really a concern unless that machine has an IP directly on the internet, or is in the DMZ, or port 22 is forwarded22:50
genii-aroundhilarie: np22:50
hilariegenii-around, it isn't protected by a NAT22:51
hilarieits Modem----->server----->wifi router-----> other stuff22:51
genii-aroundhilarie: Ah, then yeah22:52
hilariewould rather block the WAN then have to play around with disabling the p/w22:53
genii-around( if server is doing the ISP auth )22:53
hilarieThe ISP multicast for IPTV destroys the wifi router22:53
hilariegenii-around, this looks like the command22:57
hilarie   ListenAddress host|IPv4_addr:port22:57
hallynstgraber: bzr+ssh://bazaar.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-api-getconfig/ is working for me22:57
hallynstgraber: give it a spin22:57
hilariedo I include the |  ?22:57
genii-aroundhilarie: Yes. So you can also put there some non-standard port too if you liked on the same line22:58
hilarieso ListenAddress host|LANIP:22    ?22:58
genii-aroundhilarie: If no port specified then 22 is assumed22:58
hilariegenii-around, Your a gentleman and a scholar, thank you!22:58
genii-aroundhilarie: Well, one of those two anyhow! ... don't forget to restart sshd after of course...22:59
hilariethats the sudo /etc/init.d/ssh restart22:59
hilarieright?22:59
hallynstgraber: all right, never mind.  i have some fine-tuning to do22:59
genii-aroundhilarie: I can't remember if upstart job or no for that yet22:59
genii-around( might be sudo start sshd ...instead)23:00
hilarieYeah, everytime I do /etc/init.d/ stuff, it yells at me about an upstart job, what is that?23:00
genii-aroundhilarie: init.d/contents are linear-loading type startup scripts... init/scripts are those for upstart which loads what it can in parallel23:01
genii-aroundhilarie: The old way is being migrated, etc23:02
hilarieI think I get it... if it yells at me about it, you can just go sudo start *stuff*23:02
genii-aroundhilarie: Well, /etc/init.d/name stop first.... but yeah23:02
hilariewithout the /etc/init.d/*stuff* *start/restart/stop*23:02
genii-aroundhilarie: If the app only has old one in /etc/init.d/    you can still go through upstart with sudo service old-name start23:03
hilariePort 22 is closed on MyIP :)23:03
hilarieFrom a security standpoint, its not a big deal that the BIND9 has port 53 open on my WAN port right?23:07
genii-aroundhilarie: Not sure there, but every closed port helps23:08
hilarieIt's the only open one on WAN :)23:09
genii-aroundhilarie: If you're extremely worried about attacks there, you could even compartmentalize port 53 into a virtual machine that can't compromise anything else23:10
hilarieI was just reading about bind9, and its so simple, and well devoloped, there are no known vulnerabilities23:10
genii-aroundhilarie: If you search for bind9 and exploits I'm sure there's probably a few23:12
hilarieBleh, your right!23:12
hilarieAll ports closed or Stealth!23:25
=== n0ts is now known as n0ts_off
=== n0ts_off is now known as n0ts
=== cpg is now known as cpg|away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!