[00:00] <keithzg> sarnold: no, there's a separate, unmanaged network for the iscsi host and clients.
[00:01] <keithzg> all the normal addresses are 10.1.x.x, and the iscsi ones are 10.0.x.x
[00:01] <sarnold> keithzg: ah :) good, that should be far easier to do.
[00:01] <sarnold> .. to the point of making me wonder why it doesn't just do that already?
[00:02] <keithzg> ...yeah that's what's confusing me. Suddenly when I want to ping any host, for example, it's trying to ping from the unmanaged iscsi network.
=== cpg|away is now known as cpg
[00:05] <sarnold> keithzg: 'ip route list' will show you the routing table, perhaps all you need to do is move the 'default' route to a different gateway?
[00:06] <keithzg> sarnold: yeah, that makes sense, right now it's showing "default via 10.0.0.1 dev br1  metric 100" and should be 10.1.etc dev br0
[00:06]  * keithzg can't seem to find in the documentation for "ip route" how to change that
[00:07] <lvmer> I've been reading a bunch of security tutorials, but what is the best way to shield my LAN ubuntu server from internet traffic / etc.
[00:07] <sarnold> keithzg: that's the anoying thing; back in the day when you wrote all your own ifconfig and route commands fixin these things was easy. now you've got to find the right incantation in /etc/network/interfaces to get done what you want.
[00:07] <lvmer> do I have to like go to a library with a laptop & nmap my server's IP address?
[00:08] <sarnold> lvmer: step 1: netstat -anp   will show you what is open and which programs have those sockets open
[00:08] <sarnold> lvmer: step 2: install ufw, it'll make configuring firewall really easy
[00:09] <lvmer> sarnold: I have shorewall. Should I use ufw too?
[00:09] <sarnold> lvmer: step 3: configure applications to only listen on interfaces you want them to -- sometimes you only want them to listen on 10.x or 192.168.x and sometimes you want them on *
[00:09] <sarnold> lvmer: nah, one firewall thingy is enough.
[00:09] <sarnold> ufw is just easy enough that people'll use it. :)
[00:10] <sarnold> lvmer: I also like to make sure tha every program that listens on a network socket is confined by apparmor; the apparmor-utils package tool 'aa-unconfined' makes it easy to see which programs are listening but not confined.
[00:10] <sarnold> keithzg: that almost sounds like incorrect network masks ..
[00:11] <lvmer> sarnold:  aaaah all I've done with apparmor  is $ sudo apt-get install apparmor-profiles   lol
[00:12] <keithzg> sarnold: could be, I'm fairly dumb in regards to those specifics; I have both interfaces set for netmask 255.255.0.0
[00:13] <sarnold> keithzg: hrm. that sounds like it fits what you wanted in the first place. :/
[00:14] <keithzg> sarnold: so I got it right? I guess this is one of those perverse debugging moments where finding out one *hasn't* made a mistake is disappointing!
[00:16] <sarnold> keithzg: well, obviously osmething is slightly wrong somwhere :) you've got the wrong results. I'm surprised though that it sounds to me like you should be fine.
[00:20] <keithzg> sarnold: yeah, it's quite the conundrum
[00:21] <sarnold> keithzg: can you pastebin the whole interfaces file? It might be overkill to the right person, but I'm not sure what specificxally to ask for. :)
[00:22] <keithzg> sarnold: http://pastebin.com/dagKBUEw
[00:23] <keithzg> there's probably some weird interactions with whatever systems the historical sysadmin of this infrastructure has set up over the years
[00:24] <sarnold> keithzg: okay, I know nothing of the bridge stuff :) SO, with that caveat out of the way, the 'broadcast' addresses look incorrect; they should probably be 10.1.255.255 and .... hrm.
[00:24] <sarnold> keithzg: is the 10.1.* a hole punched out of the middle of the 10.* range?
[00:24] <sarnold> .. or are there two ranges, 10.1.* and 10.0.* ?
[00:25] <keithzg> sarnold: in *theory* it should be two ranges, 10.1.* and 10.0.*
[00:25] <keithzg> I'm tempted to just change the iSCSI addresses all to an entirely different range, though, see what that accomplishes
[00:26] <sarnold> keithzg: okay; then the 10.255.255.255 ought to change to 10.2.255.255, the 10.255.255.255 ought to change to 10.0.255.255, and I think you need to remove the 'gateway 10.0.0.1' line completely; two gateways configured in one file is probably just asking for trouble.
[00:27] <keithzg> sarnold: yeah I actually commented out the second gateway line recently, but it didn't seem to make a change so I figured I'd just paste the file as it had been for longer.
[00:27] <sarnold> hehe
[00:28] <sarnold> good debugging instinct. :)
[00:28] <shti> hi everyone. does anyone know what the maximum amount of IPv6 addresses I can allocate on one system are? is it limited by memory?
[00:30] <sarnold> shti: as far as I know, limited by memory; thousands ought to be doable on nearly anything; I'm not too sure about millions, but one hopes you could find out overnight :)
[00:31] <shti> i figured as much, thank you
[01:00] <keithzg> sarnold: thanks! that, along with a few other pieces of fiddling with other things that were wrong or conflictingly configured, seems to have solved nearly everything. Now I just need to tackle the actual iSCSI part . . . gulp.
[01:01] <sarnold> keithzg: woot! :)
[01:01] <sarnold> good luck there. that thing seems _huge_...
=== fenris is now known as Guest34244
=== Gallomimia_ is now known as Gallomimia
=== fenris is now known as Guest9079
=== micahg_ is now known as micahg
[03:25] <lvmer> sarnold: I don't think apparmor even runs on startup. But I didn't find anything 'unconfined.'  I only found 'enforce' and 'complain.'
[03:26] <sarnold> lvmer: aa-status will give you details on what's running..
[03:26] <lvmer> sarnold: ops. I made a mistake. sshd & apache2 are 'not confined'
[03:26] <sarnold> yeah, confining sshd requires administrator decisions
[03:27] <lvmer> sarnold: hum.
[03:27] <sarnold> and apache2 is so wide open that it is nearly impossible to provide a pre-written profile for it.
[03:27] <lvmer> sarnold: hum.
[03:27] <lvmer> sarnold: I installed both my servers the same way, but I'm thinking now... I only want samba on (1) of them. & I'll keep the other with everything to just fool around
[03:28] <lvmer> sarnold: should I just remove apache2? and php5?
[03:28] <sarnold> lvmer: I would; I try to keep what's running on my systems to just the minimum
=== n0ts_off is now known as n0ts
[03:28] <lvmer> hey
[03:29] <lvmer> for dpkg -l   how can I output it to a file? lol
[03:29] <sarnold> lvmer: dpkg -l > filename
[03:31] <lvmer> sarnold: omg the paste doc is 500 long
[03:32] <sarnold> yes, there are a lot of packages on a standard system. :)
[03:32] <lvmer> sarnold: I have no idea what to remove & what not do lol :/
[03:32] <lvmer> sarnold: oooohhhh the horror: http://paste.kde.org/611126/
[03:33] <lvmer> am I allowed to remove vim? as I really just stick to nano.
[03:34] <lvmer> $ apt-get remove vim vim-common vim-runetime vim-tiny    ? xD
[03:34] <sarnold> heh, funny, removing nano is the first thing I normally do. :)
[03:35] <lvmer> sarnold: I kind of always understood programing, and setting up this server was frustrating, but it only took about a week.  And now.... seeing this list of 500 things long.... I litterally have no idea what they are. I feel like a teenage girl looking at the task manager processor list.
[03:36] <sarnold> the names will grow on you -- before long they'll be old friends. :)
[03:38] <lvmer> lol
[03:38] <sarnold> the 'deborphan' tool can help you clean up packages you're not using any more
[03:39] <sarnold> though it probably makes less sense on a brand-new install than one that's been running for a few years
[03:39] <lvmer> sarnold: so install to uninstall? I like it. :)
[03:39] <lvmer> bind9 bind9-host bind9utils  ??
[03:39] <sarnold> lvmer: yes, that does seem strange :) "apt-get install deborphan ; deborphan" --> _fewer_ packages installed...
[03:40] <sarnold> at least bind9-host is nice to have, you can run 'host foo' and get IPs, reverse lookups, MX entries, etc. awesome little tool.
[03:40] <lvmer> I just don't want to mess up my samba on this bad boy
[03:40] <lvmer> aaahh ok. good to know. I shall keep it then.
[03:41] <lvmer> ftp?
[03:41] <sarnold> sure, it's just the client program
[03:42] <sarnold> and sometimes wget or curl are annoying compared to an interactive ftp client.
[03:42] <lvmer> so many libs
[03:43] <lvmer> wait so uninstall ftp? or keep?
[03:43] <sarnold> keep ftp
[03:43] <lvmer> I do have 2 servers & this one is pretty much only samba
[03:43] <lvmer> ok
[03:43] <sarnold> you may never use it :) but it's nice to have when you do need it
[03:44] <lvmer> mysql ? xd?
[03:44] <lvmer> easy way to type all those bad names?
[03:44] <lvmer> mysql-client  .... client-core  common server... etc. lol
[03:45] <sarnold> just apt-get remove mysql-common will probably get all the rest of them -- they'll need the -common package to satisfy dependencies.
[03:46] <lvmer> oh... so that happens automatically?
[03:46] <sarnold> it'll prompt :)
[03:50] <lvmer> if I remove bind9  ... it says dnsutils & ubuntu-standard also remove
[03:50] <lvmer> bad?
[03:52] <lvmer> sarnold: look how much progress I've made:  http://paste.kde.org/611150/
[03:52] <lvmer> sarnold: lol xD
[03:53] <sarnold> lvmer: 'nsupdate' from 'dnsutils' might be very nice to hold on to.. I don't know if it is used by default, but it -might- be...
[03:53] <lvmer> yah I held on to them
[03:54] <lvmer> sarnold: I can't seem to remove apache2.2-common  is the file special?  it shows up as 'rc'
[03:54] <sarnold> lvmer: woo. :) that's pretty good. run deborphan and see if there are any libraries you don't need any more... that's probably enough, though. my development workstation has 1807 packages installed. :)
[03:54] <sarnold> lvmer: 'rc' means 'remove configured' -- the configuratoin files are still there, in case you re-install, but the package isn't currently installed
[03:54] <sarnold> lvmer: you can use dpkg --purge or apt-get purge to _also_ remove the configuration files
[03:55] <lvmer> oh how do I get rid of those?
[03:55] <lvmer> ah
[03:59] <lvmer> could I type sudo apt-get remove vim-*  ??
[04:00] <sarnold> try it with 'vim-*' -- with the quotes
[04:01] <sarnold> if there is something in your current working directory that matches vim-<something>, the shell will expand the * and not give the right results to apt-get
[04:01] <lvmer> double or single?
[04:01] <sarnold> either
[04:02] <sarnold> (that tip goes for way more than just apt-get -- if you want to find all files ending with .orig, you should also use quotes here: find . -name '*.orig'   )
[04:02] <lvmer> sarnold: :) k
[04:03] <lvmer> installed deborphan
[04:03] <lvmer> ah. -a
[04:04] <lvmer> http://paste.kde.org/611180/
[04:05] <lvmer> anything weird?
[04:05] <sarnold> maybe mysql-client-core-5.5
[04:06] <sarnold> if you don't care about mysql or mysql clients on this machine, you can remove that
[04:06] <lvmer> sarnold: my computer is a dell 4500 from 2001... it is impossible for it to use wireless should I uninstall wireless stuff?
[04:06] <lvmer> I did remove most mysql
[04:06] <sarnold> lvmer: you could remove the wireless stuff if you want, but that might threaten to remove things you want to keep
[04:07] <lvmer> ah
[04:07] <sarnold> how much memory is in this system? if four gigabytes of RAM or less, you can probably also ditch the linux-generic-pae kernel
[04:07] <lvmer> 1gb lol...
[04:07] <lvmer> if that
[04:07] <ScottK> sarnold: For recent releases it's all PAE
[04:07] <lvmer> I'll check
[04:07] <sarnold> ScottK: oh??
[04:08] <sarnold> lvmer: don't touch linux-generic-pae :)
[04:08] <sarnold> ScottK: thanks :D
[04:08] <ScottK> amd64 has been all PAE for awhile and i386 as of 12.10.
[04:08] <lvmer> sarnold: I actually surprisingly have 2gb.... wow.
[04:08] <sarnold> ooh
[04:08] <sarnold> speed demon from 2001 :)
[04:09] <lvmer> Now that I think about it... I think I threw away the 2 computers from 2000 & 2001... this bad boy might be an 03 xD
[04:09] <sarnold> makes sense to drop plain old x86 kernels. they're definitely the minority these days and the pae kernels probably boot pre-pae machines just fine.
[04:10] <lvmer> what is whoopsie and getty?
[04:10] <lvmer> gam_server? winbindd?
[04:10] <sarnold> lvmer: whoopsie handles the "this program has crashed, send a report?" crash reporting service; getty provides the login: prompt on your consoles.
[04:11] <lvmer> sarnold: um.... I have a lot of 'getty -8 38400 tty'
[04:11] <lvmer> sarnold: in 'htop'
[04:11] <sarnold> lvmer: probably seven? :)
[04:11] <sarnold> .. or six?
[04:11] <lvmer> sarnold: .... lol
[04:12] <lvmer> sarnold: ok you win
[04:12] <sarnold> one for each virtual console, alt+f1, alt+f2, alt+f3, .. , alt+f6
[04:12] <sarnold> X runs on alt+f7
[04:12] <lvmer> sarnold: o
[04:12] <lvmer> sarnold: never used alt+ any f
[04:12] <sarnold> you probably have to use control+alt+f1 to swap to the virtual consoles from within x
[04:13] <lvmer> sarnold: I'm on putty too btw.
[04:13] <lvmer> landscape-common ?
[04:13] <sarnold> landscape.ubuntu.com -- a management framework
[04:17] <lvmer> The following packages will be REMOVED:
[04:17] <lvmer>   crda* linux-generic-pae* linux-image-3.2.0-29-generic-pae* linux-image-3.2.0-33-generic-pae*
[04:17] <lvmer>   linux-image-generic-pae* wireless-regdb* wireless-tools*
[04:17] <lvmer> good or bad? lol
[04:18] <sarnold> bad :)
[04:20]  * ScottK has a computer from 2001 running precise.
[04:20] <lvmer> scottk: lol how you do that?
[04:20] <sarnold> ScottK: you haven't replaced it with a pandaboard? :)
[04:20] <lvmer> sarnold: oooo bad? dang. lol
[04:20]  * ScottK doesn't usually replace working hardware.
[04:20] <ScottK> Also it's my test server.
[04:20] <lvmer> ........ lol
[04:21] <lvmer> I must know how to ***
[04:21] <lvmer> lol
[04:21] <lvmer> * test
[04:21] <lvmer> lol
[04:21]  * ScottK also has one from 1999/2000 running Hardy (it missed the ACPI cutoff date in the BIOS, so that's the latest it can run) doing file storage.
[04:22]  * lvmer test
[04:22] <lvmer> lmao
[04:22] <sarnold> ScottK: yeah, I can definitely understand that urge. but man, a few watts, no heat, no fan... granted, storage speed on panda is s s l l o o w w
[04:23] <lvmer> test
[04:23] <sarnold> lvmer: /me test
[04:23] <sarnold> oh I see you already found it
[04:23] <lvmer> sarnold I know I did it up there xD
[04:23] <lvmer> sarnold: what is umode?
[04:23] <ScottK> They help keep the basement warm.
[04:23] <sarnold> lvmer: time to learn a new tool :) "apt-cache show umode"
[04:23] <lvmer> ? lol
[04:24] <sarnold> ScottK: hehe
[04:24] <lvmer> unknown command
[04:24] <sarnold> ohhh, umode, that must be from your irc client -- user modes
[04:25] <sarnold> lvmer: still, it's time ot learn a new command :) try "apt-cache show ureadahead"
[04:25] <lvmer> no way
[04:26] <lvmer> I'm not cache'ing anything
[04:26] <lvmer> lol
[04:26] <lvmer> what does it do?
[04:26]  * lvmer lvmer is not so gullible
[04:27] <sarnold> lvmer: apt-cache will show you data from the packages visible to apt-get
[04:27] <lvmer> oh lol
[04:27] <sarnold> apt-cache search and apt-cache show are two immensely useful little commands on debian / ubuntu systems
[04:28]  * lvmer has just realized
[04:28] <lvmer> ok I'm going to stop that before I get banned. lol. I appriciate it. I'm checking it out.  btw: I couldn't find 'umode' lolz :p
=== kInOzAwA is now known as Guest45163
[04:30] <sarnold> lvmer: about umodes: http://freenode.net/using_the_network.shtml
[04:31] <lvmer> sarnold: yup. :) thanks again. :)
[04:33] <sarnold> 'night lvmer :)
[04:33] <lvmer> sarnold: good night
[04:48] <lvmer> I have no swap space.... is this bad? I'm running lvm2. & I just noticed in htop: swp 0/0MB
[05:22] <greppy> lvmer: how much RAM do you have?
[05:35] <lvmer> greppy: 2GB.... I sware I thought I had swap when I installed. I don't see it anymore though... in df -h or fstab or htop.
[05:49] <ScottK> Depends on what you're doing with the box.
[05:51] <qman__> it's only bad if you require more memory to perform the tasks you're attempting
=== Gallomimia_ is now known as Gallomimia
[07:19] <ranjan> Hi all, is there an  official channel for Ubuntu Cloud?
[07:19] <ranjan> have some doubt related to Ubuntu Cloud Live CD
[07:49] <lifeless> ranjan: here is fine to ask
[07:54] <Kartagis> can you help me with roundcube? #roundcube is kind of dead
[07:58] <ranjan> lifeless, how can i use nova-volume in ubuntu cloud live?
[08:01] <blkperl> Kartagis: what kind of help?
[08:02] <Kartagis> blkperl: I'm getting "Make sure that the configured database exists and that the user has write privileges DSN: " but the database is there
[08:03] <rbasak> ScottK: what do you think of https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/1027061/comments/14 ?
[08:03] <uvirtbot> Launchpad bug 1027061 in postfix "Postfix upgrade to 2.9.3-2~12.04.1 changes configuration files" [Wishlist,Invalid]
[08:08] <blkperl> Kartagis: what do the database logs say? do they show failed connection attempts
[08:09] <Kartagis> blkperl: nothing in roundcube logs. do you mean imap server logs?
[08:12] <blkperl> Kartagis: what database are you using? mysql, postgres?
[08:12] <blkperl> sqlite?
[08:12] <Kartagis> mysql
[08:12] <blkperl> go look at those logs
[08:12] <blkperl> also check that the user has write privs in mysql
[08:14] <Kartagis> create database db;grant all on db.* to user@localhost identified by 'pass'; <--- this was my line
[08:16] <blkperl> can you connect to the database from the roundcube server?
[08:17] <Kartagis> yes
[08:19] <Kartagis> I've also imported the databasr schema. that must mean I have at least INSERT access, no?
[08:20] <stiv2k> hi
[08:20] <stiv2k> how can i see which program on my server is causing 2.79 load average.... but cpu usage is low
[08:21] <Kartagis> htop
[08:21] <stiv2k> why htop
[08:21] <stiv2k> over regular top
[08:21] <Kartagis> it is more detailed
[08:21] <stiv2k> oh
[08:27] <stiv2k> well
[08:27] <stiv2k> transmission daemon is using like 10% cpu and 11% mem
[08:28] <stiv2k> its the most active process i have... yet my load average is very high
=== ranjan is now known as Guest90825
=== n0ts is now known as n0ts_off
=== acidflash_ is now known as acidflash
[10:12] <freakynl> Hi, I'm using automatic updates on some servers. Now it mails me that a reboot is required, but only the make package has been updated. I'm not used to linux requiring reboots for anything but kernel (services are usually just restarted when updated). This however is neither a service nor a kernel and make isn't actively used either :/
[10:26] <vezq> check are you running the latest kernel
[10:27] <vezq> uname -a and compare to files in /boot
[10:40] <freakynl> vezq: heh thx, my spamfilter ate that e-mail :/
[10:43] <freakynl> it was consistent tho', it ate all of the auto update messages from that day. Must not like some package
=== n0ts_off is now known as n0ts
=== Akendo_ is now known as Akendo
=== Akendo_ is now known as Akendo
=== kInOzAwA is now known as Guest33607
[12:13] <Cuacrzz> Does anyone know how to change metric settings on my l2tp vpn settings like that checkbox on Windows, because i'm connected and it works but all pages are blocked right know
=== mdeslaur_ is now known as mdeslaur
=== mcclurmc_ is now known as mcclurmc
[13:06] <nopz> When one rsync a directory to another, does it just send the changed bytes or the whole file is transfered for each modification ?
[13:11] <qman__> changes only
[13:11] <qman__> well, there's some caveats to that
[13:13] <qman__> but yes, it only transfers changed bytes by default
[13:18] <nopz> cool thank you
[13:18] <Cuacrzz> Does anyone know how to change metric settings on my l2tp vpn settings like that checkbox on Windows, because i'm connected and it works but all pages are blocked right know
[13:20] <nopz> Regarding inotify, if i lookup a folder by registering to its events, does it watch automatically every child folders in it ?
[13:21] <Kartagis> qman__: how about if there are some deleted files from source?
[13:23] <RoyK> nopz: from the manual:  Inotify monitoring of directories is not recursive: to monitor subdirectories under a directory, additional watches must be created.
[13:24] <nopz> Ho thank you RoyK, do you have a link pointing to that?
[13:25] <nopz> Ok it's at the bottom of the man page
[13:31] <ScottK> rbasak: I think the package is designed to use debconf and since they didn't, they are on their own.  That said, I think it would be a useful improvement.
[13:33] <rbasak> ScottK: I think puppet is probably doing DEBIAN_FRONTEND=noninteractive apt-get install postfix, and then the postinst is clobbering main.cf
[13:33] <rbasak> ScottK: is that your understanding when you say they're on their own?
[13:34] <rbasak> (I haven't verified this though)
[13:40] <rbasak> ScottK: need to go offline but I'll check the logs to see if you've responded.
=== cpg is now known as cpg|away
[13:50] <lamont> ScottK: I decided to add a comment there. (1027061)
[13:50] <ScottK> lamont: Thanks.
=== rnbrady_ is now known as rnbrady
[14:11] <caribou> quick question : what is the best way to upgrade the kernel in an Openstack/canonistack instance ?
[14:11] <caribou> without using a different cloud image, just need to test a new kernel
[14:25] <Akendo> hi
[14:26] <Akendo> Hey jamespage, My Cinder + Ceph is working. But without authentication
[14:27] <jamespage> Akendo, libvirt uuid still proving problematic?
[14:27] <Akendo> Just a question out of my mind, can it be that you have to create a extra client instead of using client.admin for this?
[14:27] <Akendo> Yes
[14:27] <Akendo> I'll solve it late, I just wanted to ensure that the connection is working.
[14:28] <jamespage> Akendo, I do that yes; client.admin is like 'root' whereas cinder only needs access to pools/rbd's
[14:29] <Akendo> But shouldn't it be possible to use this "root" for everthing in the beginning? This is justa proof of concept for me, it shound't have to much complexbility
[14:31] <jamespage> Akendo, what rbd_user did you specify?
[14:32] <Akendo> For now admin
[14:32] <Akendo> But late I think it will be one use per tenant
[14:32] <Akendo> So that this tenant have it's own access credentails
[14:32] <jamespage> Akendo, I think thats right
[14:33] <Akendo> First I have to get a feeling for Ceph with OpenStack ;-)
[14:34] <Akendo> One Question, that keeps going torugh my mind is: How does the single pool per tenant will behavior with this placement groups? It's a "hard" limit for my Pool?
[14:49] <pmatulis> hallyn: hey.  looks like bug #1057024 is still not done.  i just posted
[14:49] <uvirtbot> Launchpad bug 1057024 in qemu-kvm "kvm kernel module always loaded, without setting /dev/kvm permissions" [High,In progress] https://launchpad.net/bugs/1057024
[14:51] <zul> jamespage: ping
[14:51] <jamespage> zul, pong
[14:51] <zul> jamespage: fyi the quantum proxy ip stuff got merged into the stable/folsom tree
[14:52] <jamespage> zul, yeah - I've been watching gerrit mp's
[14:52] <jamespage> w00t!
[14:52] <zul> jamespage:  ok cool
[14:52] <jamespage> zul, thanks for pushing on that btw
[14:52] <jamespage> Akendo, not sure single pool per tenant makes sense?
[14:52] <zul> jamespage: no worries all a part of the days work..
[14:53] <Akendo> Why not?
[14:53] <jamespage> Akendo, well the pool in ceph is completely abstracted from the users of Openstack
[14:54] <Akendo> Sure
[14:54] <jamespage> Akendo, and you can only configure it once in cinder, and not on a per tenant basis
[14:55] <Akendo> Ah
[14:55] <Akendo> Really?
[14:55] <Akendo> hm...
[14:55] <Akendo> That indeed a problem then I didn't think of yet
[14:57] <hallyn> pmatulis: the p11-kit thing is separate and was supposed to be fixed long ago.  but yes, there is also the new bug 1080912 i'm trying to reproduce right now
[14:57] <uvirtbot> Launchpad bug 1080912 in qemu-kvm "package qemu-kvm 1.0+noroms-0ubuntu14.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,New] https://launchpad.net/bugs/1080912
[14:57] <hallyn> slangasek had wanted me to change the fix for that bug, and the new way doesn't seem to be as robust as doing it by hand
[14:57] <hallyn> pmatulis: do you still have access to that box?
[14:58] <hallyn> well lemme see how my box does after a 11.10->12.04 upgrade
[15:00] <pmatulis> hallyn: indeed i do
[15:02] <hallyn> pmatulis: great - what does /dev/kvm look like?  (ls -l and getfacl)
[15:03] <pmatulis> hallyn: not good at all i'm afraid
[15:03] <pmatulis> sudo ls -l /dev/kvm
[15:03] <pmatulis> ls: cannot access /dev/kvm: No such file or directory
[15:06] <Akendo> pmatulis,  modprobe kvm is working?
[15:08] <pmatulis> Akendo: yes it does, that looks like the beginning of a workaround
[15:08] <Akendo> What is lsmod |grep kvm displaying?
[15:09] <pmatulis> Akendo, hallyn: indeed, after loading the module i can start my guests
[15:09] <hallyn> pmatulis: do you ahve the ugprade logs?  did 'start qemu-kvm' fail?
[15:09] <Akendo> ;-)
[15:09] <hallyn> bc that should have loaded the module
[15:09] <pmatulis> hallyn: let me take a look for the logs
[15:10] <pmatulis> hallyn: note that i rebooted twice.  once after the upgrade, and once again after upgrading qemu-kvm
[15:10] <pmatulis> (-proposed)
[15:10] <hallyn> hm.
[15:11] <hallyn> so it wasn't loaded at all after reboot.  that's bad.  and weird
[15:11] <pmatulis> hallyn: agreed
[15:11] <pmatulis> hallyn: i'll update the bug
[15:11] <hallyn> pmatulis: to be sure, did all work well under oneiric on that box?
[15:13] <ninjix> anyone running a 12.04 based OpenStack with Quantum + Open vSwitch?
[15:13] <Akendo> That can happend from time to time, then you should add kvm to the /etc/modules.conf
[15:14] <Akendo> Can you past me via pastbin the dmesg output?
[15:14] <pmatulis> hallyn: yes, all worked very well on 11.10
[15:14] <Akendo> ah
=== matsubara is now known as matsubara-lunch
[15:14] <Akendo> btw: /etc/modules for Ubuntu
[15:17] <fleish> can someone help me translate this EDAC info into a which DIMM is actually reporting errors? EDAC MC1: CE row 1, channel 0, label "CPU#1Channel#0_DIMM#1": Corrected error (Socket=1 channel=0 dimm=1) ... my manual/board labels the  DIMMs P1_DIMM{1,2,3}{A,B,C} & P0_DIMM{1,2,3}{A,B,C}
[15:19] <hallyn> pmatulis: odd, my test box had /dev/kvm just fine :(
[15:19] <hallyn> pmatulis: i  suspect yours deserves a new bug
[15:19] <pmatulis> wonderful
[15:24] <Akendo> jamespage, Do you know of any bug in glance that can't list the uploaded image to ceph?
[15:27] <ninjix> I see there are what look like tokens in the Ubuntu Openstack supplied configuration files. Things like %SERVER_USER%. Most of the tutorials call for you to replace these but is there a better Canonical way for configuring the services?
[15:30] <Akendo> Hey ninjix
[15:30] <Akendo> Checkout the nimbis-keystone-init on github
[15:30] <ninjix> Akendo: hi
[15:31] <Akendo> Maybe not whay you mean, but it can help you to setup all important stuff  for you
[15:31] <Akendo> Then your using a tenant called service
[15:32] <Akendo> I hope this can you help
[15:33] <ninjix> thanks. I've been holding off with the helper scripts while I familiarize with the Folsom release
[15:33] <Akendo> Great ;-)
[15:34] <ninjix> then wants I understand how to better use Quantum and Open vSwitch, I'm going to look into a MaaS+Juju rollout
[15:35] <ninjix> wants ?? -> once :)
[15:37] <ninjix> Akendo: are you running Openstack?
[15:38] <jamespage> Akendo, not that I know of - I have not seen that issue
[15:40] <jamespage> Akendo, just out of interest can you see it with nova image-list ?
[15:42] <ninjix> Akendo: sorry, better question is are you running it in production?
=== matsubara-lunch is now known as matsubara
=== rnbrady_ is now known as rnbrady
=== paskal is now known as tarzxvf
[16:31] <tonyyarusso> I'm getting millions of lines like this in my syslog:  "Nov 20 10:30:14 ntop ntop[1180]:   **WARNING** Packet # 37334012 too long (len = 2546)!"  What's that mean?
[16:55] <lvmer> I've got a LAN server with just samba on it. Is there a good way to maximize the computer solely for samba? aka: like dedicate lots of ram to caching files that are typically requested, etc.
=== n0ts is now known as n0ts_off
[17:00] <rbasak> That'll happen automatically for you
[17:01] <lvmer> rbasak: really?
[17:01] <rbasak> The kernel uses available memory to cache what it can
[17:01] <lvmer> in [global] I setup: socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
[17:01] <lvmer> I was thinking about doubling it to 131k or so
[17:02] <lvmer> rbasak cause right now my server is only using 62mb of ram.... lolzzzzzzz
=== yofel_ is now known as yofel
[17:03] <lvmer> ops I thought I was in the samba channel. -_-
[17:10] <lvmer> sshd is 'not confined' by apparmor, how shall I change this?
[17:14] <hallyn> gah
[17:14] <hallyn> bad changelog
[17:14] <jdstrand> lvmer: that is acually a particularly challenging application to confine because it is designed to spawn shells
[17:14] <jdstrand> lvmer: I recommend looking at http://wiki.apparmor.net/index.php/Pam_apparmor_example
[17:15] <jdstrand> lvmer: you might also want to join #apparmor on OFTC and discuss it there
[17:15] <lvmer> jdstrand: ah. :/  yes I did #apparmor.  I was guessing it would be easy with only 1  sshd allowable computer / ip.
[17:16] <lvmer> jdstrand: ty for the starting place. I am looking through it now.
[17:16] <jdstrand> lvmer: the experts in #apparmor usually don't come online until around now
[17:16] <RoyK> lvmer: it's little point adding IPTOS... and the SO_ stuff - the default values are ok
=== Akendo is now known as Akendo_
[17:17] <RoyK> lvmer: that is, unless you're on a 10Gbps network and really want full throughput, all the default values should be ok. It'll be either your network or the I/O on the server being the bottleneck
[17:18] <lvmer> royk: yup you seem right on that. noticed no difference.
[17:18] <lvmer> royk: definitely server I/O
[17:18] <lvmer> royk: 12 year old computer ftw... lolz.
[17:18] <RoyK> lvmer: what sort of disksystem?
[17:18] <RoyK> single IDE drive? ;)
[17:18] <lvmer> royk: IDE lol
[17:18] <lvmer> royk: 3 stripe raid
[17:18] <RoyK> raid-5?
[17:19] <lvmer> royk: but the dell motherboard is attrocious
[17:19] <lvmer> royk: raid 0
[17:19] <lvmer> royk: lol trust me, it doesn't help much with the bus speed of this Dell.
[17:19] <RoyK> raid-0 is a bit like BASE jumping with an umbrella...
[17:20] <lvmer> royk:  all information has 2 other separate backups & is non-essential. I know the risks.
[17:20]  * RoyK uses RAID-6 for most stuff these days
[17:20] <lvmer> royk: I'm actually hoping these hd's fail so I can buy a $300 computer this christmas
[17:20] <RoyK> well, obviously, if you handle the downtime and restore, no problem
[17:20] <lvmer> royk: lol that will def. be the hard part.
[17:20]  * RoyK wants uptime... http://xkcd.com/705/
[17:21] <lvmer> royK: but the server is only 1 week old.... & I've re-installed 2x already from stupid mistakes. so I don't think it'll take more than 1 day.
[17:21] <lvmer> royk: trying to configure rsync for configs, but right now I just copy/paste them to NAS
[17:21] <RoyK> if you can do with the space on two drives, use raid-5 and change later or add more drives later
[17:22] <RoyK> that is, if you have a NAS, why do you want a fileserver?
[17:22] <lvmer> royk: ide drives? no freaking way
[17:22] <lvmer> royk: cause it's a windows temp. nas lol
[17:22] <lvmer> royk: and it sucks
[17:23] <lvmer> royk: also this was mostly just supposed to be a fun project to get my feet wet.... into linux which is clearly much faster.
[17:23] <RoyK> you can get a mobo + cpu + memory for almost nothing, probably $150 will go a long way
[17:23] <lvmer> royk: ok last question.... here I'm done explaining my logic lol. idc if it is flawed.
[17:23] <RoyK> or at least $200
[17:23] <lvmer> royk: yes... that is why I est. $300....
[17:23] <lvmer> royk: 3TB HD... xD
[17:24] <lvmer> royk: which will be sata
[17:24] <RoyK> lvmer: install sysstat and start it, and it'll collect performance data for you
[17:24] <RoyK> or perhaps munin
[17:24] <lvmer> royk: why?
[17:24] <RoyK> you'll see quickly where the bottleneck is
[17:24] <lvmer> royk: k
[17:24] <RoyK> sysstat / sar is basically terminal stuff, munin makes nice graphs
[17:25] <lvmer> royk: ok how do I use this? never used sysstat
[17:26] <lvmer> nvm I got a tut
[17:26] <RoyK> apt-get install sysstat - vi /etc/default/sysstat - enable it - /etc/init.d/sysstat start
[17:26] <RoyK> run 'sar'
[17:27] <RoyK> !uupdate
[17:28] <lvmer> royk: ?
[17:28] <RoyK> just tried to ask the bot about uupdate
[17:28] <lvmer> o
[17:28] <lvmer> !uupdate
[17:28] <RoyK> !mail server
[17:28] <ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/12.04/serverguide/C/email-services.html
[17:29] <lvmer> royk: ok I ran sar.... I don't get it
[17:29] <lvmer> royk: shows cpu
[17:29] <lvmer> royk: that's it.
[17:29] <lvmer> royk: and a restart
[17:29] <RoyK> no need to restart
[17:29] <RoyK> and man sar
[17:29] <RoyK> it'll show a lot more
[17:29] <RoyK> sar 1 12
[17:30] <RoyK> and it'll check status every second for 12 seconds
[17:30] <RoyK> what you get in the %iowait column is the time the system spends waiting for i/o, eg slow drives
[17:31] <lvmer> should it be  sar -i 12
[17:31] <RoyK> just 'sar <secs> <number of polls>' will do
[17:32] <RoyK> like
[17:32] <RoyK> http://paste.ubuntu.com/1372914/
[17:33] <RoyK> this system is running a crashplan backup where the client spends a lot of cpu time and waits for i/o a bit
[17:33] <lvmer> http://paste.kde.org/611492/
[17:34] <RoyK> guess this wasn't during a copy?
[17:34] <RoyK> your system's mostly idle
[17:34] <lvmer> royk: this lan is small & barely gets accessed
[17:34] <RoyK> start a large copy operation and try again
[17:34] <lvmer> royk: if I did a copy the disk I/o bottle neck would be obvious...
[17:34] <lvmer> royk: k
[17:35] <RoyK> also, you can use
[17:36] <RoyK> !pastebinit
[17:36] <ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the « pastebinit » package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
[17:36] <lvmer> royk: ah that is helpful.
[17:36] <lvmer> royk: wait I blocked all 80 ports... only 137, 139, & 445 work. xD
[17:37] <RoyK> also outgoing?
[17:37] <RoyK> if you just used ufw to only allow those ports, all outgoing access should work
[17:37] <lvmer> shorewall
[17:37] <lvmer> ufw sucks
[17:38] <RoyK> well, ufw works
[17:38] <lvmer> http://paste.kde.org/611498/
[17:38] <lvmer> royk: outgoing works now. I shall use that command it is grand.
[17:39] <lvmer> 12:36:52 PM     all      0.00      0.00      0.00    100.00      0.00      0.00
[17:39] <lvmer> 100 I/o wait
[17:39] <RoyK> system isn't under heavy load...
[17:39] <lvmer> royk: nope not at all
[17:39] <RoyK> well, you get such hichups from time to time
[17:39] <lvmer> royk: it only runs smbd
[17:39] <RoyK> you may want to check your drives with smartctl
[17:40] <lvmer> royk: uninstalled nearly everything except shorewall, denyhosts, fail2ban, etc.
[17:40] <lvmer> royk: are you trolling me?
[17:40] <RoyK> no
[17:40] <RoyK> old drives have a tendency to fail
[17:40] <lvmer> royk: ..... I already know my hd's are bad
[17:40] <lvmer> royk: they are 12 year old IDE HDDs.... lol
[17:40] <RoyK> and smartctl asks the drives if they have known errors
[17:40] <RoyK> if they have, they'll slow things down
[17:40] <RoyK> old drives != bad drives
[17:41] <lvmer> smartctl notfound
[17:41] <lvmer> john@UBUNTUSERVER2:~$ sudo apt-get install smartctl
[17:41] <lvmer> Reading package lists... Done
[17:41] <lvmer> Building dependency tree
[17:41] <lvmer> Reading state information... Done
[17:41] <lvmer> E: Unable to locate package smartctl
[17:41] <lvmer> john@UBUNTUSERVER2:~$
[17:42] <RoyK> apt-get install smartmontools
[17:43] <lvmer> is libsensors4 important?
[17:43] <RoyK> lvmer: don't remember the dependencies or smartmontools, but another set of libraries won't hurt
[17:47] <lvmer> john@UBUNTUSERVER2:~$ smartctl --scan
[17:47] <lvmer> /dev/sda -d scsi # /dev/sda, SCSI device
[17:47] <lvmer> /dev/sdb -d scsi # /dev/sdb, SCSI device
[17:47] <lvmer> /dev/sdc -d scsi # /dev/sdc, SCSI device
[17:47] <lvmer> what next?
[17:48] <RoyK> smartctl -H ...
[17:48] <lvmer> meh.
[17:48] <RoyK> or smartctl -t short /dev/blah to start a short test or -t long to start a long test
[17:49] <lvmer> permission denied
[17:49] <RoyK> -t long shouldn't be needed very often, but if you haven't run any tests yet, it might be worth it
[17:49] <lvmer> oh ops.. sudo lol
[17:49] <lvmer> no fails, but errors :/
[17:50] <RoyK> pastebin?
[17:51] <lvmer> http://paste.ubuntu.com/1372945/
[17:52] <lvmer> what do you think?
[17:52] <RoyK> I think the drive has bad sectors
[17:52] <RoyK> dmesg will probably give you some error messages
[17:53] <RoyK> I/O sort of thing
[17:53] <lvmer> .... too manyz
[17:53] <lvmer> http://paste.ubuntu.com/1372956/
[17:54] <RoyK> nothing there about I/O errors
[17:54] <lvmer> ah good
[17:54] <lvmer> yah I couldn't see until I checked the url
[17:54] <lvmer> too squished
[17:54] <RoyK> bunch of apparmor messages, but no I/O stuff
[17:55] <lvmer> still thinking bad sectors?
[17:55] <lvmer> or what?
[17:55] <RoyK> snartctk says si
[17:55] <RoyK> so
[17:55] <RoyK> ops
[17:55] <RoyK> smartctl says so
[17:55] <RoyK> # 1  Short offline       Completed: read failure       90%     25545         6298162
[17:55] <lvmer> :/
[17:55] <RoyK> try -H on the other drives
[17:55] <lvmer> fix attempt worth it?
[17:55] <RoyK> you can't fix sectors
[17:56] <lvmer> http://paste.ubuntu.com/1372961/
[17:56] <RoyK> what you can do, is use redundancy to avoid data loss
[17:56] <RoyK> seems you've started a long test on that one and it's still running
[17:57] <RoyK> Total time to complete Offline
[17:57] <RoyK> data collection: 		(  430) seconds.
[17:57] <lvmer> possibly a long time ago
[17:57] <lvmer> before installing ubuntu
[17:57] <RoyK> you can stop the test and run a short test
[17:59] <RoyK> or just try to initiate a short test
[17:59] <RoyK> might do it
[18:08] <RoyK> lvmer: really, finding a 120GB drive unused somewhere shouldn't be much of a problem, I guess people are throwing those away regularly these days.... better get a new one (or three), convert to raid-5 and sleep well at night
[18:09] <RoyK> or even better, get a new box and setup raid-5 on sata drives from the start
[18:11] <lvmer> ...................................... the information stored here is superfluous. I'm done this troll storm.
[18:12] <RoyK> ?
[18:12] <RoyK> troll storm???
[18:13] <lvmer> I told you from the start the information stored on the hdd's is redundant and useless.... why would I care if they fail?
[18:13] <RoyK> well, ok, just saying that at least one of your drives are dying
[18:13] <lvmer> eta?
[18:13] <RoyK> and it's less hassle to just use raid-5 in the first place to avoid recreating everything
[18:14] <RoyK> ETA is not possible for drives
[18:14] <RoyK> sometimes they die without notice
[18:14] <RoyK> sometimes they give you a warning with S.M.A.R.T.
[18:14] <RoyK> that warning usually means something is bad, but the drive may live another month or even a year after that
[18:15] <lvmer> have you ever rebuilt a raid 5 array? the build time is ridiculous
[18:15] <lvmer> I'd rather use 1
[18:15] <RoyK> no, it's ok
[18:15] <RoyK> I've rebuilt RAIDs of all known levels ;)
[18:15] <lvmer> how long did the 5 take  / size?
[18:16] <RoyK> for a 5x2TB RAID, about a day, perhaps a bit more
[18:16] <RoyK> far less than restoring the lot
[18:16] <lvmer> definitely more
[18:16] <RoyK> with 120GB drives, a few hours
[18:16] <lvmer> lucky you had 5x drives though
[18:16] <lvmer> imagine 10tb with 3 drives
[18:16] <lvmer> you'd be building forever
[18:17] <RoyK> I wouldn't use RAID-5 with such amounts of data
[18:17] <RoyK> I'd use RAID-6 so that it can take a second failure during rebuild
[18:17] <lvmer> 5x2tb = 10tb............. * .8 = 8tb....
[18:17] <lvmer> your not far off
[18:17] <RoyK> currently 6 drives in RAID-6 in my home server ;)
[18:17] <lvmer> that's a good setup
[18:17] <RoyK> plus a spare
[18:18] <lvmer> hard with without a raid controller though?
[18:18] <lvmer> what mb?
[18:18] <RoyK> just linux md
[18:18] <RoyK> software raid
[18:18] <RoyK> some cheap - sec
[18:18] <RoyK> ASrock M3A UCC
[18:18] <RoyK> with some PCIex SATA controllers I got off ebay cheaply
[18:19] <RoyK> I've been working with storage long enough not to trust 'hardware raid' more than what can be done in software
[18:19] <RoyK> it's software after all, even the 'hardware raid', the only difference is it's running on another chip
[18:20] <RoyK> usually with less cpu power and with a narrow memory bus, meaning usually slower
[18:20] <RoyK> I'd guess 90% of enterprise storage have 'software raid', only they hide it
[18:21] <lvmer> good to know
[18:21] <RoyK> A Dell EqualLogic controller take up to a minute to reboot - that's not hardware - it's its OS booting
[18:22] <RoyK> and probably linux at the base, since Dell uses linux for most stuff these days
[18:25] <RoyK> lvmer: even if you can restore quickly, using RAID-5 for this setup can probably teach you a few things about storage ;)
[18:55] <SpaceBass> I'm trying to do an apt-get upgrade and keep getting an error that the MD hash for base-files is invalid … or smiler, will paste bin… this is the 3rd time this has happened and always results in needing a fresh install.
[18:55] <SpaceBass> error: http://pastebin.ca/2253510
[18:56] <sarnold> SpaceBass: check dmesg. I expect your hard drive is dying.
[18:56] <SpaceBass> sarnold, thought that was the problem the first two times, so I've replaced it each time. This is new, fresh SSD (as were the others)
[18:57] <sarnold> SpaceBass: oohhhhhhhhh.
[18:59] <SpaceBass> although perhaps you are right sarnold, the drive doesn't look heathy http://pastebin.ca/2253514
[19:00] <sarnold> SpaceBass: can you test the drive in a different machine or usb enclosure or something?
[19:00] <SpaceBass> sarnold, in theory, but since this is the 3rd error on the same box, all with SSDs (different make/models), I'm not more suspicious of the motherboard or controller
[19:01] <sarnold> SpaceBass: yes, I suspect your motherboard or controller are the problem instead of the harddrive, but putting the drive into something else may be easier than putting a new motherboard in :)
[19:01] <SpaceBass> which sucks… b/c I'm starting to loath this kind of hardware support…. might be time to replace with a mac mini (data is on external raid anyway)
[19:02] <SpaceBass> putting the ultimate solution aside, any tips on resurrecting this install and getting apt-get upgrade functioning?
[19:02] <sarnold> SpaceBass: agreed, I spent a few weeks trying to track down data corruption problems and eventually found MCE events :/ horrible few weeks...
[19:02] <SpaceBass> sarnold, there was a time I like that kind of troubleshooting….but I'm with you, horrible
[19:03] <sarnold> _maybe_ you can fiddle wit hthe BIOS and change the way it uses the sata ports; change from 'legacy' to 'ahci' or the other way around.
[19:04] <SpaceBass> sarnold, good idea, I'll test
[19:04] <SpaceBass> it's on ahci now, I'll try legacy
[19:04] <SpaceBass> (when i get home tonight, using SSH into that box  currently)
[19:04] <RoyK> SpaceBass: a friend of mine had two SSDs dying on her rather rapidly, the third still works after half a year...
[19:06] <RoyK> SpaceBass: try smartctl -H
[19:06] <RoyK> check if the drive think it's bad
[19:07] <SpaceBass> command not found :(
[19:07] <RoyK> apt-get install smartmontools
[19:07] <SpaceBass> can't… apt-get fails
[19:12] <SpaceBass> looks like another fresh install in my future… not the end of the world, but not happy about it
[19:29] <RoyK> SpaceBass: never good to see a drive failing - that's why I mirror things or use RAID-6 ;)
=== glebihan_ is now known as glebihan
=== cpg|away is now known as cpg
=== cpg is now known as cpg|away
=== The_Pugilist is now known as DaveR
=== gary_poster|away is now known as gary_poster
[21:19] <koolhead17> thanks for all! happy appreciation day :)
[21:19] <koolhead17> *2
=== Gallomimia_ is now known as Gallomimia
=== pcarrier_ is now known as pcarrier
=== lordieva1er is now known as lordievader
=== NomadJim_ is now known as NomadJim
=== acidflash_ is now known as acidflash
=== matsubara is now known as matsubara-afk
=== negronjl` is now known as negronjl