/srv/irclogs.ubuntu.com/2012/11/20/#ubuntu-server.txt

keithzg	sarnold: no, there's a separate, unmanaged network for the iscsi host and clients.	00:00
keithzg	all the normal addresses are 10.1.x.x, and the iscsi ones are 10.0.x.x	00:01
sarnold	keithzg: ah :) good, that should be far easier to do.	00:01
sarnold	.. to the point of making me wonder why it doesn't just do that already?	00:01
keithzg	...yeah that's what's confusing me. Suddenly when I want to ping any host, for example, it's trying to ping from the unmanaged iscsi network.	00:02
=== cpg\|away is now known as cpg
sarnold	keithzg: 'ip route list' will show you the routing table, perhaps all you need to do is move the 'default' route to a different gateway?	00:05
keithzg	sarnold: yeah, that makes sense, right now it's showing "default via 10.0.0.1 dev br1 metric 100" and should be 10.1.etc dev br0	00:06
* keithzg can't seem to find in the documentation for "ip route" how to change that		00:06
lvmer	I've been reading a bunch of security tutorials, but what is the best way to shield my LAN ubuntu server from internet traffic / etc.	00:07
sarnold	keithzg: that's the anoying thing; back in the day when you wrote all your own ifconfig and route commands fixin these things was easy. now you've got to find the right incantation in /etc/network/interfaces to get done what you want.	00:07
lvmer	do I have to like go to a library with a laptop & nmap my server's IP address?	00:07
sarnold	lvmer: step 1: netstat -anp will show you what is open and which programs have those sockets open	00:08
sarnold	lvmer: step 2: install ufw, it'll make configuring firewall really easy	00:08
lvmer	sarnold: I have shorewall. Should I use ufw too?	00:09
sarnold	lvmer: step 3: configure applications to only listen on interfaces you want them to -- sometimes you only want them to listen on 10.x or 192.168.x and sometimes you want them on *	00:09
sarnold	lvmer: nah, one firewall thingy is enough.	00:09
sarnold	ufw is just easy enough that people'll use it. :)	00:09
sarnold	lvmer: I also like to make sure tha every program that listens on a network socket is confined by apparmor; the apparmor-utils package tool 'aa-unconfined' makes it easy to see which programs are listening but not confined.	00:10
sarnold	keithzg: that almost sounds like incorrect network masks ..	00:10
lvmer	sarnold: aaaah all I've done with apparmor is $ sudo apt-get install apparmor-profiles lol	00:11
keithzg	sarnold: could be, I'm fairly dumb in regards to those specifics; I have both interfaces set for netmask 255.255.0.0	00:12
sarnold	keithzg: hrm. that sounds like it fits what you wanted in the first place. :/	00:13
keithzg	sarnold: so I got it right? I guess this is one of those perverse debugging moments where finding out one hasn't made a mistake is disappointing!	00:14
sarnold	keithzg: well, obviously osmething is slightly wrong somwhere :) you've got the wrong results. I'm surprised though that it sounds to me like you should be fine.	00:16
keithzg	sarnold: yeah, it's quite the conundrum	00:20
sarnold	keithzg: can you pastebin the whole interfaces file? It might be overkill to the right person, but I'm not sure what specificxally to ask for. :)	00:21
keithzg	sarnold: http://pastebin.com/dagKBUEw	00:22
keithzg	there's probably some weird interactions with whatever systems the historical sysadmin of this infrastructure has set up over the years	00:23
sarnold	keithzg: okay, I know nothing of the bridge stuff :) SO, with that caveat out of the way, the 'broadcast' addresses look incorrect; they should probably be 10.1.255.255 and .... hrm.	00:24
sarnold	keithzg: is the 10.1.* a hole punched out of the middle of the 10.* range?	00:24
sarnold	.. or are there two ranges, 10.1.* and 10.0.* ?	00:24
keithzg	sarnold: in theory it should be two ranges, 10.1.* and 10.0.*	00:25
keithzg	I'm tempted to just change the iSCSI addresses all to an entirely different range, though, see what that accomplishes	00:25
sarnold	keithzg: okay; then the 10.255.255.255 ought to change to 10.2.255.255, the 10.255.255.255 ought to change to 10.0.255.255, and I think you need to remove the 'gateway 10.0.0.1' line completely; two gateways configured in one file is probably just asking for trouble.	00:26
keithzg	sarnold: yeah I actually commented out the second gateway line recently, but it didn't seem to make a change so I figured I'd just paste the file as it had been for longer.	00:27
sarnold	hehe	00:27
sarnold	good debugging instinct. :)	00:28
shti	hi everyone. does anyone know what the maximum amount of IPv6 addresses I can allocate on one system are? is it limited by memory?	00:28
sarnold	shti: as far as I know, limited by memory; thousands ought to be doable on nearly anything; I'm not too sure about millions, but one hopes you could find out overnight :)	00:30
shti	i figured as much, thank you	00:31
keithzg	sarnold: thanks! that, along with a few other pieces of fiddling with other things that were wrong or conflictingly configured, seems to have solved nearly everything. Now I just need to tackle the actual iSCSI part . . . gulp.	01:00
sarnold	keithzg: woot! :)	01:01
sarnold	good luck there. that thing seems _huge_...	01:01
=== fenris is now known as Guest34244
=== Gallomimia_ is now known as Gallomimia
=== fenris is now known as Guest9079
=== micahg_ is now known as micahg
lvmer	sarnold: I don't think apparmor even runs on startup. But I didn't find anything 'unconfined.' I only found 'enforce' and 'complain.'	03:25
sarnold	lvmer: aa-status will give you details on what's running..	03:26
lvmer	sarnold: ops. I made a mistake. sshd & apache2 are 'not confined'	03:26
sarnold	yeah, confining sshd requires administrator decisions	03:26
lvmer	sarnold: hum.	03:27
sarnold	and apache2 is so wide open that it is nearly impossible to provide a pre-written profile for it.	03:27
lvmer	sarnold: hum.	03:27
lvmer	sarnold: I installed both my servers the same way, but I'm thinking now... I only want samba on (1) of them. & I'll keep the other with everything to just fool around	03:27
lvmer	sarnold: should I just remove apache2? and php5?	03:28
sarnold	lvmer: I would; I try to keep what's running on my systems to just the minimum	03:28
=== n0ts_off is now known as n0ts
lvmer	hey	03:28
lvmer	for dpkg -l how can I output it to a file? lol	03:29
sarnold	lvmer: dpkg -l > filename	03:29
lvmer	sarnold: omg the paste doc is 500 long	03:31
sarnold	yes, there are a lot of packages on a standard system. :)	03:32
lvmer	sarnold: I have no idea what to remove & what not do lol :/	03:32
lvmer	sarnold: oooohhhh the horror: http://paste.kde.org/611126/	03:32
lvmer	am I allowed to remove vim? as I really just stick to nano.	03:33
lvmer	$ apt-get remove vim vim-common vim-runetime vim-tiny ? xD	03:34
sarnold	heh, funny, removing nano is the first thing I normally do. :)	03:34
lvmer	sarnold: I kind of always understood programing, and setting up this server was frustrating, but it only took about a week. And now.... seeing this list of 500 things long.... I litterally have no idea what they are. I feel like a teenage girl looking at the task manager processor list.	03:35
sarnold	the names will grow on you -- before long they'll be old friends. :)	03:36
lvmer	lol	03:38
sarnold	the 'deborphan' tool can help you clean up packages you're not using any more	03:38
sarnold	though it probably makes less sense on a brand-new install than one that's been running for a few years	03:39
lvmer	sarnold: so install to uninstall? I like it. :)	03:39
lvmer	bind9 bind9-host bind9utils ??	03:39
sarnold	lvmer: yes, that does seem strange :) "apt-get install deborphan ; deborphan" --> _fewer_ packages installed...	03:39
sarnold	at least bind9-host is nice to have, you can run 'host foo' and get IPs, reverse lookups, MX entries, etc. awesome little tool.	03:40
lvmer	I just don't want to mess up my samba on this bad boy	03:40
lvmer	aaahh ok. good to know. I shall keep it then.	03:40
lvmer	ftp?	03:41
sarnold	sure, it's just the client program	03:41
sarnold	and sometimes wget or curl are annoying compared to an interactive ftp client.	03:42
lvmer	so many libs	03:42
lvmer	wait so uninstall ftp? or keep?	03:43
sarnold	keep ftp	03:43
lvmer	I do have 2 servers & this one is pretty much only samba	03:43
lvmer	ok	03:43
sarnold	you may never use it :) but it's nice to have when you do need it	03:43
lvmer	mysql ? xd?	03:44
lvmer	easy way to type all those bad names?	03:44
lvmer	mysql-client .... client-core common server... etc. lol	03:44
sarnold	just apt-get remove mysql-common will probably get all the rest of them -- they'll need the -common package to satisfy dependencies.	03:45
lvmer	oh... so that happens automatically?	03:46
sarnold	it'll prompt :)	03:46
lvmer	if I remove bind9 ... it says dnsutils & ubuntu-standard also remove	03:50
lvmer	bad?	03:50
lvmer	sarnold: look how much progress I've made: http://paste.kde.org/611150/	03:52
lvmer	sarnold: lol xD	03:52
sarnold	lvmer: 'nsupdate' from 'dnsutils' might be very nice to hold on to.. I don't know if it is used by default, but it -might- be...	03:53
lvmer	yah I held on to them	03:53
lvmer	sarnold: I can't seem to remove apache2.2-common is the file special? it shows up as 'rc'	03:54
sarnold	lvmer: woo. :) that's pretty good. run deborphan and see if there are any libraries you don't need any more... that's probably enough, though. my development workstation has 1807 packages installed. :)	03:54
sarnold	lvmer: 'rc' means 'remove configured' -- the configuratoin files are still there, in case you re-install, but the package isn't currently installed	03:54
sarnold	lvmer: you can use dpkg --purge or apt-get purge to _also_ remove the configuration files	03:54
lvmer	oh how do I get rid of those?	03:55
lvmer	ah	03:55
lvmer	could I type sudo apt-get remove vim-* ??	03:59
sarnold	try it with 'vim-*' -- with the quotes	04:00
sarnold	if there is something in your current working directory that matches vim-<something>, the shell will expand the * and not give the right results to apt-get	04:01
lvmer	double or single?	04:01
sarnold	either	04:01
sarnold	(that tip goes for way more than just apt-get -- if you want to find all files ending with .orig, you should also use quotes here: find . -name '*.orig' )	04:02
lvmer	sarnold: :) k	04:02
lvmer	installed deborphan	04:03
lvmer	ah. -a	04:03
lvmer	http://paste.kde.org/611180/	04:04
lvmer	anything weird?	04:05
sarnold	maybe mysql-client-core-5.5	04:05
sarnold	if you don't care about mysql or mysql clients on this machine, you can remove that	04:06
lvmer	sarnold: my computer is a dell 4500 from 2001... it is impossible for it to use wireless should I uninstall wireless stuff?	04:06
lvmer	I did remove most mysql	04:06
sarnold	lvmer: you could remove the wireless stuff if you want, but that might threaten to remove things you want to keep	04:06
lvmer	ah	04:07
sarnold	how much memory is in this system? if four gigabytes of RAM or less, you can probably also ditch the linux-generic-pae kernel	04:07
lvmer	1gb lol...	04:07
lvmer	if that	04:07
ScottK	sarnold: For recent releases it's all PAE	04:07
lvmer	I'll check	04:07
sarnold	ScottK: oh??	04:07
sarnold	lvmer: don't touch linux-generic-pae :)	04:08
sarnold	ScottK: thanks :D	04:08
ScottK	amd64 has been all PAE for awhile and i386 as of 12.10.	04:08
lvmer	sarnold: I actually surprisingly have 2gb.... wow.	04:08
sarnold	ooh	04:08
sarnold	speed demon from 2001 :)	04:08
lvmer	Now that I think about it... I think I threw away the 2 computers from 2000 & 2001... this bad boy might be an 03 xD	04:09
sarnold	makes sense to drop plain old x86 kernels. they're definitely the minority these days and the pae kernels probably boot pre-pae machines just fine.	04:09
lvmer	what is whoopsie and getty?	04:10
lvmer	gam_server? winbindd?	04:10
sarnold	lvmer: whoopsie handles the "this program has crashed, send a report?" crash reporting service; getty provides the login: prompt on your consoles.	04:10
lvmer	sarnold: um.... I have a lot of 'getty -8 38400 tty'	04:11
lvmer	sarnold: in 'htop'	04:11
sarnold	lvmer: probably seven? :)	04:11
sarnold	.. or six?	04:11
lvmer	sarnold: .... lol	04:11
lvmer	sarnold: ok you win	04:12
sarnold	one for each virtual console, alt+f1, alt+f2, alt+f3, .. , alt+f6	04:12
sarnold	X runs on alt+f7	04:12
lvmer	sarnold: o	04:12
lvmer	sarnold: never used alt+ any f	04:12
sarnold	you probably have to use control+alt+f1 to swap to the virtual consoles from within x	04:12
lvmer	sarnold: I'm on putty too btw.	04:13
lvmer	landscape-common ?	04:13
sarnold	landscape.ubuntu.com -- a management framework	04:13
lvmer	The following packages will be REMOVED:	04:17
lvmer	crda* linux-generic-pae* linux-image-3.2.0-29-generic-pae* linux-image-3.2.0-33-generic-pae*	04:17
lvmer	linux-image-generic-pae* wireless-regdb* wireless-tools*	04:17
lvmer	good or bad? lol	04:17
sarnold	bad :)	04:18
* ScottK has a computer from 2001 running precise.		04:20
lvmer	scottk: lol how you do that?	04:20
sarnold	ScottK: you haven't replaced it with a pandaboard? :)	04:20
lvmer	sarnold: oooo bad? dang. lol	04:20
* ScottK doesn't usually replace working hardware.		04:20
ScottK	Also it's my test server.	04:20
lvmer	........ lol	04:20
lvmer	I must know how to ***	04:21
lvmer	lol	04:21
lvmer	* test	04:21
lvmer	lol	04:21
* ScottK also has one from 1999/2000 running Hardy (it missed the ACPI cutoff date in the BIOS, so that's the latest it can run) doing file storage.		04:21
* lvmer test		04:22
lvmer	lmao	04:22
sarnold	ScottK: yeah, I can definitely understand that urge. but man, a few watts, no heat, no fan... granted, storage speed on panda is s s l l o o w w	04:22
lvmer	test	04:23
sarnold	lvmer: /me test	04:23
sarnold	oh I see you already found it	04:23
lvmer	sarnold I know I did it up there xD	04:23
lvmer	sarnold: what is umode?	04:23
ScottK	They help keep the basement warm.	04:23
sarnold	lvmer: time to learn a new tool :) "apt-cache show umode"	04:23
lvmer	? lol	04:23
sarnold	ScottK: hehe	04:24
lvmer	unknown command	04:24
sarnold	ohhh, umode, that must be from your irc client -- user modes	04:24
sarnold	lvmer: still, it's time ot learn a new command :) try "apt-cache show ureadahead"	04:25
lvmer	no way	04:25
lvmer	I'm not cache'ing anything	04:26
lvmer	lol	04:26
lvmer	what does it do?	04:26
* lvmer lvmer is not so gullible		04:26
sarnold	lvmer: apt-cache will show you data from the packages visible to apt-get	04:27
lvmer	oh lol	04:27
sarnold	apt-cache search and apt-cache show are two immensely useful little commands on debian / ubuntu systems	04:27
* lvmer has just realized		04:28
lvmer	ok I'm going to stop that before I get banned. lol. I appriciate it. I'm checking it out. btw: I couldn't find 'umode' lolz :p	04:28
=== kInOzAwA is now known as Guest45163
sarnold	lvmer: about umodes: http://freenode.net/using_the_network.shtml	04:30
lvmer	sarnold: yup. :) thanks again. :)	04:31
sarnold	'night lvmer :)	04:33
lvmer	sarnold: good night	04:33
lvmer	I have no swap space.... is this bad? I'm running lvm2. & I just noticed in htop: swp 0/0MB	04:48
greppy	lvmer: how much RAM do you have?	05:22
lvmer	greppy: 2GB.... I sware I thought I had swap when I installed. I don't see it anymore though... in df -h or fstab or htop.	05:35
ScottK	Depends on what you're doing with the box.	05:49
qman__	it's only bad if you require more memory to perform the tasks you're attempting	05:51
=== Gallomimia_ is now known as Gallomimia
ranjan	Hi all, is there an official channel for Ubuntu Cloud?	07:19
ranjan	have some doubt related to Ubuntu Cloud Live CD	07:19
lifeless	ranjan: here is fine to ask	07:49
Kartagis	can you help me with roundcube? #roundcube is kind of dead	07:54
ranjan	lifeless, how can i use nova-volume in ubuntu cloud live?	07:58
blkperl	Kartagis: what kind of help?	08:01
Kartagis	blkperl: I'm getting "Make sure that the configured database exists and that the user has write privileges DSN: " but the database is there	08:02
rbasak	ScottK: what do you think of https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1027061/comments/14 ?	08:03
uvirtbot	Launchpad bug 1027061 in postfix "Postfix upgrade to 2.9.3-2~12.04.1 changes configuration files" [Wishlist,Invalid]	08:03
blkperl	Kartagis: what do the database logs say? do they show failed connection attempts	08:08
Kartagis	blkperl: nothing in roundcube logs. do you mean imap server logs?	08:09
blkperl	Kartagis: what database are you using? mysql, postgres?	08:12
blkperl	sqlite?	08:12
Kartagis	mysql	08:12
blkperl	go look at those logs	08:12
blkperl	also check that the user has write privs in mysql	08:12
Kartagis	create database db;grant all on db.* to user@localhost identified by 'pass'; <--- this was my line	08:14
blkperl	can you connect to the database from the roundcube server?	08:16
Kartagis	yes	08:17
Kartagis	I've also imported the databasr schema. that must mean I have at least INSERT access, no?	08:19
stiv2k	hi	08:20
stiv2k	how can i see which program on my server is causing 2.79 load average.... but cpu usage is low	08:20
Kartagis	htop	08:21
stiv2k	why htop	08:21
stiv2k	over regular top	08:21
Kartagis	it is more detailed	08:21
stiv2k	oh	08:21
stiv2k	well	08:27
stiv2k	transmission daemon is using like 10% cpu and 11% mem	08:27
stiv2k	its the most active process i have... yet my load average is very high	08:28
=== ranjan is now known as Guest90825
=== n0ts is now known as n0ts_off
=== acidflash_ is now known as acidflash
freakynl	Hi, I'm using automatic updates on some servers. Now it mails me that a reboot is required, but only the make package has been updated. I'm not used to linux requiring reboots for anything but kernel (services are usually just restarted when updated). This however is neither a service nor a kernel and make isn't actively used either :/	10:12
vezq	check are you running the latest kernel	10:26
vezq	uname -a and compare to files in /boot	10:27
freakynl	vezq: heh thx, my spamfilter ate that e-mail :/	10:40
freakynl	it was consistent tho', it ate all of the auto update messages from that day. Must not like some package	10:43
=== n0ts_off is now known as n0ts
=== Akendo_ is now known as Akendo
=== Akendo_ is now known as Akendo
=== kInOzAwA is now known as Guest33607
Cuacrzz	Does anyone know how to change metric settings on my l2tp vpn settings like that checkbox on Windows, because i'm connected and it works but all pages are blocked right know	12:13
=== mdeslaur_ is now known as mdeslaur
=== mcclurmc_ is now known as mcclurmc
nopz	When one rsync a directory to another, does it just send the changed bytes or the whole file is transfered for each modification ?	13:06
qman__	changes only	13:11
qman__	well, there's some caveats to that	13:11
qman__	but yes, it only transfers changed bytes by default	13:13
nopz	cool thank you	13:18
Cuacrzz	Does anyone know how to change metric settings on my l2tp vpn settings like that checkbox on Windows, because i'm connected and it works but all pages are blocked right know	13:18
nopz	Regarding inotify, if i lookup a folder by registering to its events, does it watch automatically every child folders in it ?	13:20
Kartagis	qman__: how about if there are some deleted files from source?	13:21
RoyK	nopz: from the manual: Inotify monitoring of directories is not recursive: to monitor subdirectories under a directory, additional watches must be created.	13:23
nopz	Ho thank you RoyK, do you have a link pointing to that?	13:24
nopz	Ok it's at the bottom of the man page	13:25
ScottK	rbasak: I think the package is designed to use debconf and since they didn't, they are on their own. That said, I think it would be a useful improvement.	13:31
rbasak	ScottK: I think puppet is probably doing DEBIAN_FRONTEND=noninteractive apt-get install postfix, and then the postinst is clobbering main.cf	13:33
rbasak	ScottK: is that your understanding when you say they're on their own?	13:33
rbasak	(I haven't verified this though)	13:34
rbasak	ScottK: need to go offline but I'll check the logs to see if you've responded.	13:40
=== cpg is now known as cpg\|away
lamont	ScottK: I decided to add a comment there. (1027061)	13:50
ScottK	lamont: Thanks.	13:50
=== rnbrady_ is now known as rnbrady
caribou	quick question : what is the best way to upgrade the kernel in an Openstack/canonistack instance ?	14:11
caribou	without using a different cloud image, just need to test a new kernel	14:11
Akendo	hi	14:25
Akendo	Hey jamespage, My Cinder + Ceph is working. But without authentication	14:26
jamespage	Akendo, libvirt uuid still proving problematic?	14:27
Akendo	Just a question out of my mind, can it be that you have to create a extra client instead of using client.admin for this?	14:27
Akendo	Yes	14:27
Akendo	I'll solve it late, I just wanted to ensure that the connection is working.	14:27
jamespage	Akendo, I do that yes; client.admin is like 'root' whereas cinder only needs access to pools/rbd's	14:28
Akendo	But shouldn't it be possible to use this "root" for everthing in the beginning? This is justa proof of concept for me, it shound't have to much complexbility	14:29
jamespage	Akendo, what rbd_user did you specify?	14:31
Akendo	For now admin	14:32
Akendo	But late I think it will be one use per tenant	14:32
Akendo	So that this tenant have it's own access credentails	14:32
jamespage	Akendo, I think thats right	14:32
Akendo	First I have to get a feeling for Ceph with OpenStack ;-)	14:33
Akendo	One Question, that keeps going torugh my mind is: How does the single pool per tenant will behavior with this placement groups? It's a "hard" limit for my Pool?	14:34
pmatulis	hallyn: hey. looks like bug #1057024 is still not done. i just posted	14:49
uvirtbot	Launchpad bug 1057024 in qemu-kvm "kvm kernel module always loaded, without setting /dev/kvm permissions" [High,In progress] https://launchpad.net/bugs/1057024	14:49
zul	jamespage: ping	14:51
jamespage	zul, pong	14:51
zul	jamespage: fyi the quantum proxy ip stuff got merged into the stable/folsom tree	14:51
jamespage	zul, yeah - I've been watching gerrit mp's	14:52
jamespage	w00t!	14:52
zul	jamespage: ok cool	14:52
jamespage	zul, thanks for pushing on that btw	14:52
jamespage	Akendo, not sure single pool per tenant makes sense?	14:52
zul	jamespage: no worries all a part of the days work..	14:52
Akendo	Why not?	14:53
jamespage	Akendo, well the pool in ceph is completely abstracted from the users of Openstack	14:53
Akendo	Sure	14:54
jamespage	Akendo, and you can only configure it once in cinder, and not on a per tenant basis	14:54
Akendo	Ah	14:55
Akendo	Really?	14:55
Akendo	hm...	14:55
Akendo	That indeed a problem then I didn't think of yet	14:55
hallyn	pmatulis: the p11-kit thing is separate and was supposed to be fixed long ago. but yes, there is also the new bug 1080912 i'm trying to reproduce right now	14:57
uvirtbot	Launchpad bug 1080912 in qemu-kvm "package qemu-kvm 1.0+noroms-0ubuntu14.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,New] https://launchpad.net/bugs/1080912	14:57
hallyn	slangasek had wanted me to change the fix for that bug, and the new way doesn't seem to be as robust as doing it by hand	14:57
hallyn	pmatulis: do you still have access to that box?	14:57
hallyn	well lemme see how my box does after a 11.10->12.04 upgrade	14:58
pmatulis	hallyn: indeed i do	15:00
hallyn	pmatulis: great - what does /dev/kvm look like? (ls -l and getfacl)	15:02
pmatulis	hallyn: not good at all i'm afraid	15:03
pmatulis	sudo ls -l /dev/kvm	15:03
pmatulis	ls: cannot access /dev/kvm: No such file or directory	15:03
Akendo	pmatulis, modprobe kvm is working?	15:06
pmatulis	Akendo: yes it does, that looks like the beginning of a workaround	15:08
Akendo	What is lsmod \|grep kvm displaying?	15:08
pmatulis	Akendo, hallyn: indeed, after loading the module i can start my guests	15:09
hallyn	pmatulis: do you ahve the ugprade logs? did 'start qemu-kvm' fail?	15:09
Akendo	;-)	15:09
hallyn	bc that should have loaded the module	15:09
pmatulis	hallyn: let me take a look for the logs	15:09
pmatulis	hallyn: note that i rebooted twice. once after the upgrade, and once again after upgrading qemu-kvm	15:10
pmatulis	(-proposed)	15:10
hallyn	hm.	15:10
hallyn	so it wasn't loaded at all after reboot. that's bad. and weird	15:11
pmatulis	hallyn: agreed	15:11
pmatulis	hallyn: i'll update the bug	15:11
hallyn	pmatulis: to be sure, did all work well under oneiric on that box?	15:11
ninjix	anyone running a 12.04 based OpenStack with Quantum + Open vSwitch?	15:13
Akendo	That can happend from time to time, then you should add kvm to the /etc/modules.conf	15:13
Akendo	Can you past me via pastbin the dmesg output?	15:14
pmatulis	hallyn: yes, all worked very well on 11.10	15:14
Akendo	ah	15:14
=== matsubara is now known as matsubara-lunch
Akendo	btw: /etc/modules for Ubuntu	15:14
fleish	can someone help me translate this EDAC info into a which DIMM is actually reporting errors? EDAC MC1: CE row 1, channel 0, label "CPU#1Channel#0_DIMM#1": Corrected error (Socket=1 channel=0 dimm=1) ... my manual/board labels the DIMMs P1_DIMM{1,2,3}{A,B,C} & P0_DIMM{1,2,3}{A,B,C}	15:17
hallyn	pmatulis: odd, my test box had /dev/kvm just fine :(	15:19
hallyn	pmatulis: i suspect yours deserves a new bug	15:19
pmatulis	wonderful	15:19
Akendo	jamespage, Do you know of any bug in glance that can't list the uploaded image to ceph?	15:24
ninjix	I see there are what look like tokens in the Ubuntu Openstack supplied configuration files. Things like %SERVER_USER%. Most of the tutorials call for you to replace these but is there a better Canonical way for configuring the services?	15:27
Akendo	Hey ninjix	15:30
Akendo	Checkout the nimbis-keystone-init on github	15:30
ninjix	Akendo: hi	15:30
Akendo	Maybe not whay you mean, but it can help you to setup all important stuff for you	15:31
Akendo	Then your using a tenant called service	15:31
Akendo	I hope this can you help	15:32
ninjix	thanks. I've been holding off with the helper scripts while I familiarize with the Folsom release	15:33
Akendo	Great ;-)	15:33
ninjix	then wants I understand how to better use Quantum and Open vSwitch, I'm going to look into a MaaS+Juju rollout	15:34
ninjix	wants ?? -> once :)	15:35
ninjix	Akendo: are you running Openstack?	15:37
jamespage	Akendo, not that I know of - I have not seen that issue	15:38
jamespage	Akendo, just out of interest can you see it with nova image-list ?	15:40
ninjix	Akendo: sorry, better question is are you running it in production?	15:42
=== matsubara-lunch is now known as matsubara
=== rnbrady_ is now known as rnbrady
=== paskal is now known as tarzxvf
tonyyarusso	I'm getting millions of lines like this in my syslog: "Nov 20 10:30:14 ntop ntop[1180]: WARNING Packet # 37334012 too long (len = 2546)!" What's that mean?	16:31
lvmer	I've got a LAN server with just samba on it. Is there a good way to maximize the computer solely for samba? aka: like dedicate lots of ram to caching files that are typically requested, etc.	16:55
=== n0ts is now known as n0ts_off
rbasak	That'll happen automatically for you	17:00
lvmer	rbasak: really?	17:01
rbasak	The kernel uses available memory to cache what it can	17:01
lvmer	in [global] I setup: socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536	17:01
lvmer	I was thinking about doubling it to 131k or so	17:01
lvmer	rbasak cause right now my server is only using 62mb of ram.... lolzzzzzzz	17:02
=== yofel_ is now known as yofel
lvmer	ops I thought I was in the samba channel. -_-	17:03
lvmer	sshd is 'not confined' by apparmor, how shall I change this?	17:10
hallyn	gah	17:14
hallyn	bad changelog	17:14
jdstrand	lvmer: that is acually a particularly challenging application to confine because it is designed to spawn shells	17:14
jdstrand	lvmer: I recommend looking at http://wiki.apparmor.net/index.php/Pam_apparmor_example	17:14
jdstrand	lvmer: you might also want to join #apparmor on OFTC and discuss it there	17:15
lvmer	jdstrand: ah. :/ yes I did #apparmor. I was guessing it would be easy with only 1 sshd allowable computer / ip.	17:15
lvmer	jdstrand: ty for the starting place. I am looking through it now.	17:16
jdstrand	lvmer: the experts in #apparmor usually don't come online until around now	17:16
RoyK	lvmer: it's little point adding IPTOS... and the SO_ stuff - the default values are ok	17:16
=== Akendo is now known as Akendo_
RoyK	lvmer: that is, unless you're on a 10Gbps network and really want full throughput, all the default values should be ok. It'll be either your network or the I/O on the server being the bottleneck	17:17
lvmer	royk: yup you seem right on that. noticed no difference.	17:18
lvmer	royk: definitely server I/O	17:18
lvmer	royk: 12 year old computer ftw... lolz.	17:18
RoyK	lvmer: what sort of disksystem?	17:18
RoyK	single IDE drive? ;)	17:18
lvmer	royk: IDE lol	17:18
lvmer	royk: 3 stripe raid	17:18
RoyK	raid-5?	17:18
lvmer	royk: but the dell motherboard is attrocious	17:19
lvmer	royk: raid 0	17:19
lvmer	royk: lol trust me, it doesn't help much with the bus speed of this Dell.	17:19
RoyK	raid-0 is a bit like BASE jumping with an umbrella...	17:19
lvmer	royk: all information has 2 other separate backups & is non-essential. I know the risks.	17:20
* RoyK uses RAID-6 for most stuff these days		17:20
lvmer	royk: I'm actually hoping these hd's fail so I can buy a $300 computer this christmas	17:20
RoyK	well, obviously, if you handle the downtime and restore, no problem	17:20
lvmer	royk: lol that will def. be the hard part.	17:20
* RoyK wants uptime... http://xkcd.com/705/		17:20
lvmer	royK: but the server is only 1 week old.... & I've re-installed 2x already from stupid mistakes. so I don't think it'll take more than 1 day.	17:21
lvmer	royk: trying to configure rsync for configs, but right now I just copy/paste them to NAS	17:21
RoyK	if you can do with the space on two drives, use raid-5 and change later or add more drives later	17:21
RoyK	that is, if you have a NAS, why do you want a fileserver?	17:22
lvmer	royk: ide drives? no freaking way	17:22
lvmer	royk: cause it's a windows temp. nas lol	17:22
lvmer	royk: and it sucks	17:22
lvmer	royk: also this was mostly just supposed to be a fun project to get my feet wet.... into linux which is clearly much faster.	17:23
RoyK	you can get a mobo + cpu + memory for almost nothing, probably $150 will go a long way	17:23
lvmer	royk: ok last question.... here I'm done explaining my logic lol. idc if it is flawed.	17:23
RoyK	or at least $200	17:23
lvmer	royk: yes... that is why I est. $300....	17:23
lvmer	royk: 3TB HD... xD	17:23
lvmer	royk: which will be sata	17:24
RoyK	lvmer: install sysstat and start it, and it'll collect performance data for you	17:24
RoyK	or perhaps munin	17:24
lvmer	royk: why?	17:24
RoyK	you'll see quickly where the bottleneck is	17:24
lvmer	royk: k	17:24
RoyK	sysstat / sar is basically terminal stuff, munin makes nice graphs	17:24
lvmer	royk: ok how do I use this? never used sysstat	17:25
lvmer	nvm I got a tut	17:26
RoyK	apt-get install sysstat - vi /etc/default/sysstat - enable it - /etc/init.d/sysstat start	17:26
RoyK	run 'sar'	17:26
RoyK	!uupdate	17:27
lvmer	royk: ?	17:28
RoyK	just tried to ask the bot about uupdate	17:28
lvmer	o	17:28
lvmer	!uupdate	17:28
RoyK	!mail server	17:28
ubottu	Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/12.04/serverguide/C/email-services.html	17:28
lvmer	royk: ok I ran sar.... I don't get it	17:29
lvmer	royk: shows cpu	17:29
lvmer	royk: that's it.	17:29
lvmer	royk: and a restart	17:29
RoyK	no need to restart	17:29
RoyK	and man sar	17:29
RoyK	it'll show a lot more	17:29
RoyK	sar 1 12	17:29
RoyK	and it'll check status every second for 12 seconds	17:30
RoyK	what you get in the %iowait column is the time the system spends waiting for i/o, eg slow drives	17:30
lvmer	should it be sar -i 12	17:31
RoyK	just 'sar <secs> <number of polls>' will do	17:31
RoyK	like	17:32
RoyK	http://paste.ubuntu.com/1372914/	17:32
RoyK	this system is running a crashplan backup where the client spends a lot of cpu time and waits for i/o a bit	17:33
lvmer	http://paste.kde.org/611492/	17:33
RoyK	guess this wasn't during a copy?	17:34
RoyK	your system's mostly idle	17:34
lvmer	royk: this lan is small & barely gets accessed	17:34
RoyK	start a large copy operation and try again	17:34
lvmer	royk: if I did a copy the disk I/o bottle neck would be obvious...	17:34
lvmer	royk: k	17:34
RoyK	also, you can use	17:35
RoyK	!pastebinit	17:36
ubottu	pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the « pastebinit » package from a package manager - Simple usage: command \| pastebinit -b http://paste.ubuntu.com	17:36
lvmer	royk: ah that is helpful.	17:36
lvmer	royk: wait I blocked all 80 ports... only 137, 139, & 445 work. xD	17:36
RoyK	also outgoing?	17:37
RoyK	if you just used ufw to only allow those ports, all outgoing access should work	17:37
lvmer	shorewall	17:37
lvmer	ufw sucks	17:37
RoyK	well, ufw works	17:38
lvmer	http://paste.kde.org/611498/	17:38
lvmer	royk: outgoing works now. I shall use that command it is grand.	17:38
lvmer	12:36:52 PM all 0.00 0.00 0.00 100.00 0.00 0.00	17:39
lvmer	100 I/o wait	17:39
RoyK	system isn't under heavy load...	17:39
lvmer	royk: nope not at all	17:39
RoyK	well, you get such hichups from time to time	17:39
lvmer	royk: it only runs smbd	17:39
RoyK	you may want to check your drives with smartctl	17:39
lvmer	royk: uninstalled nearly everything except shorewall, denyhosts, fail2ban, etc.	17:40
lvmer	royk: are you trolling me?	17:40
RoyK	no	17:40
RoyK	old drives have a tendency to fail	17:40
lvmer	royk: ..... I already know my hd's are bad	17:40
lvmer	royk: they are 12 year old IDE HDDs.... lol	17:40
RoyK	and smartctl asks the drives if they have known errors	17:40
RoyK	if they have, they'll slow things down	17:40
RoyK	old drives != bad drives	17:40
lvmer	smartctl notfound	17:41
lvmer	john@UBUNTUSERVER2:~$ sudo apt-get install smartctl	17:41
lvmer	Reading package lists... Done	17:41
lvmer	Building dependency tree	17:41
lvmer	Reading state information... Done	17:41
lvmer	E: Unable to locate package smartctl	17:41
lvmer	john@UBUNTUSERVER2:~$	17:41
RoyK	apt-get install smartmontools	17:42
lvmer	is libsensors4 important?	17:43
RoyK	lvmer: don't remember the dependencies or smartmontools, but another set of libraries won't hurt	17:43
lvmer	john@UBUNTUSERVER2:~$ smartctl --scan	17:47
lvmer	/dev/sda -d scsi # /dev/sda, SCSI device	17:47
lvmer	/dev/sdb -d scsi # /dev/sdb, SCSI device	17:47
lvmer	/dev/sdc -d scsi # /dev/sdc, SCSI device	17:47
lvmer	what next?	17:47
RoyK	smartctl -H ...	17:48
lvmer	meh.	17:48
RoyK	or smartctl -t short /dev/blah to start a short test or -t long to start a long test	17:48
lvmer	permission denied	17:49
RoyK	-t long shouldn't be needed very often, but if you haven't run any tests yet, it might be worth it	17:49
lvmer	oh ops.. sudo lol	17:49
lvmer	no fails, but errors :/	17:49
RoyK	pastebin?	17:50
lvmer	http://paste.ubuntu.com/1372945/	17:51
lvmer	what do you think?	17:52
RoyK	I think the drive has bad sectors	17:52
RoyK	dmesg will probably give you some error messages	17:52
RoyK	I/O sort of thing	17:53
lvmer	.... too manyz	17:53
lvmer	http://paste.ubuntu.com/1372956/	17:53
RoyK	nothing there about I/O errors	17:54
lvmer	ah good	17:54
lvmer	yah I couldn't see until I checked the url	17:54
lvmer	too squished	17:54
RoyK	bunch of apparmor messages, but no I/O stuff	17:54
lvmer	still thinking bad sectors?	17:55
lvmer	or what?	17:55
RoyK	snartctk says si	17:55
RoyK	so	17:55
RoyK	ops	17:55
RoyK	smartctl says so	17:55
RoyK	# 1 Short offline Completed: read failure 90% 25545 6298162	17:55
lvmer	:/	17:55
RoyK	try -H on the other drives	17:55
lvmer	fix attempt worth it?	17:55
RoyK	you can't fix sectors	17:55
lvmer	http://paste.ubuntu.com/1372961/	17:56
RoyK	what you can do, is use redundancy to avoid data loss	17:56
RoyK	seems you've started a long test on that one and it's still running	17:56
RoyK	Total time to complete Offline	17:57
RoyK	data collection: ( 430) seconds.	17:57
lvmer	possibly a long time ago	17:57
lvmer	before installing ubuntu	17:57
RoyK	you can stop the test and run a short test	17:57
RoyK	or just try to initiate a short test	17:59
RoyK	might do it	17:59
RoyK	lvmer: really, finding a 120GB drive unused somewhere shouldn't be much of a problem, I guess people are throwing those away regularly these days.... better get a new one (or three), convert to raid-5 and sleep well at night	18:08
RoyK	or even better, get a new box and setup raid-5 on sata drives from the start	18:09
lvmer	...................................... the information stored here is superfluous. I'm done this troll storm.	18:11
RoyK	?	18:12
RoyK	troll storm???	18:12
lvmer	I told you from the start the information stored on the hdd's is redundant and useless.... why would I care if they fail?	18:13
RoyK	well, ok, just saying that at least one of your drives are dying	18:13
lvmer	eta?	18:13
RoyK	and it's less hassle to just use raid-5 in the first place to avoid recreating everything	18:13
RoyK	ETA is not possible for drives	18:14
RoyK	sometimes they die without notice	18:14
RoyK	sometimes they give you a warning with S.M.A.R.T.	18:14
RoyK	that warning usually means something is bad, but the drive may live another month or even a year after that	18:14
lvmer	have you ever rebuilt a raid 5 array? the build time is ridiculous	18:15
lvmer	I'd rather use 1	18:15
RoyK	no, it's ok	18:15
RoyK	I've rebuilt RAIDs of all known levels ;)	18:15
lvmer	how long did the 5 take / size?	18:15
RoyK	for a 5x2TB RAID, about a day, perhaps a bit more	18:16
RoyK	far less than restoring the lot	18:16
lvmer	definitely more	18:16
RoyK	with 120GB drives, a few hours	18:16
lvmer	lucky you had 5x drives though	18:16
lvmer	imagine 10tb with 3 drives	18:16
lvmer	you'd be building forever	18:16
RoyK	I wouldn't use RAID-5 with such amounts of data	18:17
RoyK	I'd use RAID-6 so that it can take a second failure during rebuild	18:17
lvmer	5x2tb = 10tb............. * .8 = 8tb....	18:17
lvmer	your not far off	18:17
RoyK	currently 6 drives in RAID-6 in my home server ;)	18:17
lvmer	that's a good setup	18:17
RoyK	plus a spare	18:17
lvmer	hard with without a raid controller though?	18:18
lvmer	what mb?	18:18
RoyK	just linux md	18:18
RoyK	software raid	18:18
RoyK	some cheap - sec	18:18
RoyK	ASrock M3A UCC	18:18
RoyK	with some PCIex SATA controllers I got off ebay cheaply	18:18
RoyK	I've been working with storage long enough not to trust 'hardware raid' more than what can be done in software	18:19
RoyK	it's software after all, even the 'hardware raid', the only difference is it's running on another chip	18:19
RoyK	usually with less cpu power and with a narrow memory bus, meaning usually slower	18:20
RoyK	I'd guess 90% of enterprise storage have 'software raid', only they hide it	18:20
lvmer	good to know	18:21
RoyK	A Dell EqualLogic controller take up to a minute to reboot - that's not hardware - it's its OS booting	18:21
RoyK	and probably linux at the base, since Dell uses linux for most stuff these days	18:22
RoyK	lvmer: even if you can restore quickly, using RAID-5 for this setup can probably teach you a few things about storage ;)	18:25
SpaceBass	I'm trying to do an apt-get upgrade and keep getting an error that the MD hash for base-files is invalid … or smiler, will paste bin… this is the 3rd time this has happened and always results in needing a fresh install.	18:55
SpaceBass	error: http://pastebin.ca/2253510	18:55
sarnold	SpaceBass: check dmesg. I expect your hard drive is dying.	18:56
SpaceBass	sarnold, thought that was the problem the first two times, so I've replaced it each time. This is new, fresh SSD (as were the others)	18:56
sarnold	SpaceBass: oohhhhhhhhh.	18:57
SpaceBass	although perhaps you are right sarnold, the drive doesn't look heathy http://pastebin.ca/2253514	18:59
sarnold	SpaceBass: can you test the drive in a different machine or usb enclosure or something?	19:00
SpaceBass	sarnold, in theory, but since this is the 3rd error on the same box, all with SSDs (different make/models), I'm not more suspicious of the motherboard or controller	19:00
sarnold	SpaceBass: yes, I suspect your motherboard or controller are the problem instead of the harddrive, but putting the drive into something else may be easier than putting a new motherboard in :)	19:01
SpaceBass	which sucks… b/c I'm starting to loath this kind of hardware support…. might be time to replace with a mac mini (data is on external raid anyway)	19:01
SpaceBass	putting the ultimate solution aside, any tips on resurrecting this install and getting apt-get upgrade functioning?	19:02
sarnold	SpaceBass: agreed, I spent a few weeks trying to track down data corruption problems and eventually found MCE events :/ horrible few weeks...	19:02
SpaceBass	sarnold, there was a time I like that kind of troubleshooting….but I'm with you, horrible	19:02
sarnold	_maybe_ you can fiddle wit hthe BIOS and change the way it uses the sata ports; change from 'legacy' to 'ahci' or the other way around.	19:03
SpaceBass	sarnold, good idea, I'll test	19:04
SpaceBass	it's on ahci now, I'll try legacy	19:04
SpaceBass	(when i get home tonight, using SSH into that box currently)	19:04
RoyK	SpaceBass: a friend of mine had two SSDs dying on her rather rapidly, the third still works after half a year...	19:04
RoyK	SpaceBass: try smartctl -H	19:06
RoyK	check if the drive think it's bad	19:06
SpaceBass	command not found :(	19:07
RoyK	apt-get install smartmontools	19:07
SpaceBass	can't… apt-get fails	19:07
SpaceBass	looks like another fresh install in my future… not the end of the world, but not happy about it	19:12
RoyK	SpaceBass: never good to see a drive failing - that's why I mirror things or use RAID-6 ;)	19:29
=== glebihan_ is now known as glebihan
=== cpg\|away is now known as cpg
=== cpg is now known as cpg\|away
=== The_Pugilist is now known as DaveR
=== gary_poster\|away is now known as gary_poster
koolhead17	thanks for all! happy appreciation day :)	21:19
koolhead17	*2	21:19
=== Gallomimia_ is now known as Gallomimia
=== pcarrier_ is now known as pcarrier
=== lordieva1er is now known as lordievader
=== NomadJim_ is now known as NomadJim
=== acidflash_ is now known as acidflash
=== matsubara is now known as matsubara-afk
=== negronjl` is now known as negronjl

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!