NickyP | i have a LAMP/apache2 server. The web page part works great. I also have file that I need for an application on the server that is 5 dirs down from the web server root. I get Forbidden response when I try to wget the file. What should the permissions / user | 00:49 |
---|---|---|
NickyP | ;groups be to get this to behave? | 00:49 |
sarnold | NickyP: you need to make sure that the file can be read by the web server, and all directories above it can be read and traversed by the web server | 00:50 |
NickyP | If is try to wget the index.html off the top I get the same thing | 00:51 |
NickyP | Forbidden | 00:51 |
sarnold | NickyP: ah, nice. that gives you some good evidence to look for in the logs. | 00:52 |
NickyP | should the user:group be www-data for both | 00:53 |
sarnold | It would be better if the webserver didn't own the data. | 00:54 |
NickyP | k | 00:54 |
NickyP | what is the common log location. there seems some indirection in the docs about it | 00:56 |
sarnold | NickyP: check /var/log/apache2/ for a first shot (this is me guessing :) | 00:57 |
NickyP | k. ty | 00:57 |
qman__ | www-data should not own any files, but those files should be readable by www-data | 00:59 |
qman__ | meaning, either grant world-read or use acls | 00:59 |
=== freeflying_away is now known as freeflying | ||
=== freeflying is now known as freeflying_away | ||
=== freeflying_away is now known as freeflying | ||
=== jtv1 is now known as jtv | ||
=== thumper is now known as thumper-afk | ||
=== freeflying is now known as freeflying_away | ||
=== Jikan is now known as Jikai | ||
=== smb` is now known as smb | ||
=== Jikai is now known as Jikan | ||
=== Jikan is now known as Jikai | ||
=== freeflying_away is now known as freeflying | ||
=== Jikai is now known as Jikan | ||
=== Jikan is now known as Jikai | ||
=== dosaboy_ is now known as dosaboy | ||
=== freeflying is now known as freeflying_away | ||
=== freeflying_away is now known as freeflying | ||
=== thumper-afk is now known as thumper | ||
=== Jikai is now known as Jikan | ||
BullShark | what's the way to disable a service from auto starting on boot in ubuntu? | 10:59 |
geser | BullShark: does the service get started through an upstart job? | 11:18 |
=== freeflying is now known as freeflying_away | ||
BullShark | geser -> the service is postfix | 11:20 |
BullShark | it's in /etc/init.d/postfix | 11:21 |
geser | sudo update-rc.d postfix disable | 11:22 |
BullShark | geser -> that is disabling for all runlevels? | 11:23 |
geser | yes | 11:23 |
geser | see the manpage for update-rc.d if you want to disable it for specific runlevels | 11:24 |
BullShark | yep, i was looking | 11:25 |
BullShark | update-rc.d [-n] <basename> disable|enable [S|2|3|4|5] | 11:25 |
BullShark | this update-rc.d command doesn't do similar to chkconfig --list | 11:26 |
BullShark | =/ | 11:26 |
=== freeflying_away is now known as freeflying | ||
GeorgeJ | Hello folks! | 11:45 |
GeorgeJ | Is there any reason I should not use 13.04 on a production server? | 11:45 |
=== deegee is now known as drussell | ||
hxm | hi | 11:58 |
hxm | i just added a new hard disk to my machine | 11:58 |
hxm | i use frisk -l and it appears | 11:58 |
hxm | without partition table | 11:58 |
hxm | how can I add it and format it? | 11:58 |
hxm | cfdisk | 11:59 |
hxm | why this http://pastebin.com/tmcrygK4 | 12:19 |
RoyK | hxm: erm - why ntfs? | 12:24 |
zul | rbasak: ping http://paste.ubuntu.com/6066380/ (i just wanted to get a second pair of eyes before uploading this) | 13:00 |
zetheroo1 | what does "allow-hotplug" do in the /etc/network/interfaces file? | 13:21 |
=== HeartNew is now known as NewHeart | ||
ogra_ | zetheroo1, man interfaces ? | 13:23 |
rbasak | zul: should the pocket be precise on that changelog? I'm not familiar with uploading to the cloud archive. | 13:27 |
zul | rbasak: nah needs to go to saucy first then its backported to precise | 13:28 |
rbasak | zul: dropping 0007-Use-TIME_UTC_-macro.patch lgtm assuming that you're only going to build that with an older version of boost. If you're building for saucy too, won't that FTBFS in saucy then? | 13:28 |
zul | rbasak: nope built it on saucy as well | 13:28 |
rbasak | zul: it looks like the patch was supposed to handle both cases, but I guess that's not working. Is something defining MONGO_BOOST_TIME_UTC_HACK when it shouldn't? | 13:28 |
zul | rbasak: yeah basically it removed the boost detection version when using MONGO_BOOST_TIME_UTC_HACK | 13:29 |
rbasak | Did that patch come from Debian? | 13:30 |
zul | i think so | 13:30 |
rbasak | I'm just confused as to why it's there otherwise. If Debian put it there because Debian are ahead of us on boost, then will we FTBFS again when we transition? | 13:30 |
zul | it shouldnt | 13:30 |
=== wickedpuppy2 is now known as wickedpuppy | ||
=== freeflying is now known as freeflying_away | ||
collectek | Hello all, How do I set a service to run at start? *using server 12.04 | 14:50 |
collectek | and are there any heartbeat resident experts around ;-) | 14:51 |
=== caribou_ is now known as Caribou | ||
andrew | hi all | 15:06 |
=== andrew is now known as Guest17413 | ||
=== Guest17413 is now known as lequtix | ||
lequtix | there we go | 15:06 |
lequtix | hi everone | 15:06 |
rbasak | hallyn_: ping. Do you know of any libvirt issues on precise wrt. ownership and permissions of directory-based volume image files? It works on saucy, but in precise when I try to start an instance libvirt changes the permissions of disk images to root.root, and then can't open them. | 15:11 |
rbasak | (this is despite me explicitly telling it what uid/gid to use. libvirt seems to ignore that when it creates the volume, and vol-dumpxml returns -1 for uid and gid. | 15:11 |
rbasak | ) | 15:11 |
lequtix | did u try using sticky bit? | 15:11 |
lequtix | or setguid | 15:11 |
lequtix | on the parent directory | 15:12 |
lequtix | does libvirt have a config files somewhere you can change the createmask | 15:12 |
rbasak | lequtix: thanks for the thought. But the mode it uses is 0600, so manipulating group ownership on its own won't help | 15:12 |
lequtix | yea but it has to be the parent directory | 15:13 |
rbasak | THe problem here seems to be that the default means that it just won't work. | 15:13 |
lequtix | i find messing with individual files is useless.. try setting the mask on the parent dir | 15:13 |
lequtix | i was running minecraft once.. i wanted to make it so the OP's couldn't op anyone else.. so i set the permissions on the file to 555 .. it wouldn't work.. the only time i could secure the file was by securing the parent dir | 15:14 |
rbasak | lequtix: the sgid bit didn't help. It seems that libvirt is overwriting the permissions after it creates the file | 15:15 |
lequtix | i had to make a dir.. put the ops.txt file in the dir.. and put a symlink to it | 15:15 |
lequtix | set permissions of dir to 555 | 15:15 |
rbasak | libvirt should be doing the right thing by default. | 15:15 |
lequtix | thats just my experience | 15:15 |
hallyn_ | rbasak: yeah i think historically the ownership handling wasn't done very well. There were some patches relating to DAC gong by recently so maybe that's why it's fixed in saucy | 15:15 |
hallyn_ | rbasak: but the question is: why can't libvirtd open them, it runs as root | 15:15 |
lequtix | linux file permissions is somewhat of a mystery | 15:16 |
rbasak | hallyn_: it's qemu that can't open them. | 15:16 |
rbasak | hallyn_: I presume qemu is running as libvirt-qemu.kvm or something. | 15:16 |
lequtix | what about running the virtualization daemon as another user | 15:16 |
hallyn_ | rbasak: yeah and libvirtd def should chown them for it. | 15:16 |
hallyn_ | rbasak: are you doing anything custom? | 15:16 |
rbasak | hallyn_: yes, to some extent. I'm creating my own volume pool. | 15:16 |
hallyn_ | rbasak: what sort of pool? is apparmor perhaps not allowing qemu to read there? | 15:17 |
lequtix | its as if it can't read the file, so it's recreating it with bad permissions | 15:17 |
rbasak | hallyn_: aha. Yes! | 15:17 |
rbasak | hallyn_: thanks. | 15:17 |
hallyn_ | np | 15:17 |
* rbasak wonders what's different with apparmor in saucy | 15:18 | |
hallyn_ | we may have added something... are you using ceph? | 15:19 |
rbasak | No. Just libvirt + ubuntu cloud images. | 15:19 |
rbasak | It might be that the newer libvirt-specific apparmor wrapper thing parses the definition and makes the images readable? | 15:19 |
rbasak | It looks like the generated profile is correctly adding the file entries for my different pool location | 15:20 |
Arrick | good morning all, I am attempting to get a cron task to run every 5 minutes, but for some reason I cant seem to get it to run... I can run it fine manually though... | 15:20 |
rbasak | I guess something's just going wrong with that. | 15:20 |
lequtix | just disable apparmor and see if it magically works | 15:21 |
lequtix | is that possible | 15:21 |
lequtix | ? | 15:21 |
lequtix | if it works you've found your issue.. then u know what to work on | 15:21 |
rbasak | Yes, I'm looking into that. | 15:21 |
rbasak | Unfortunately libvirt apparmor profiles are dynamic so I'm not sure it's trivial. | 15:21 |
Arrick | this should work for every 5 minutes, correct? | 15:21 |
Arrick | */5 * * * * /usr/bin/php /www/mwtraining/admin/cli/cron.php /www/mwtraining/cron-log.txt | 15:21 |
lequtix | well.. if they are dynamic then there must be a config file that outlines it's behavior | 15:22 |
lequtix | Arrick, if it's a 5 minute interval it's easy to test right? | 15:22 |
lequtix | :O | 15:23 |
Arrick | lequtix, thats why i am asking... is that setup right, because I cant find any proof that it's running. | 15:23 |
lequtix | make another job identical except have it write some random data to a text file... | 15:23 |
lequtix | echo "it works!!!" >/opt/fart.txt | 15:24 |
lequtix | then in 5 minutes check fart.txt | 15:24 |
Arrick | the last time it ran was august 20... and I am not understainding why. | 15:25 |
RoyK | Arrick: is cron running? | 15:25 |
lequtix | # Minute Hour Day of Month Month Day of Week Command | 15:26 |
Arrick | dont know how to tel. | 15:26 |
RoyK | Arrick: ps axf| grep -i cron | 15:26 |
RoyK | Arrick: pastebin the output of that | 15:26 |
RoyK | !pastebin | Arrick | 15:26 |
ubottu | Arrick: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. | 15:26 |
Arrick | http://paste.ubuntu.com/6066899/ | 15:27 |
Arrick | I think that means its stopped right? | 15:27 |
lequtix | */5 * * * * /home/ramesh/backup.sh will execute every 5 minutes | 15:28 |
lequtix | provided that cron is running | 15:28 |
Arrick | RoyK, ^ | 15:28 |
lequtix | you have a crontab editor open? | 15:30 |
lequtix | but yea other than that it doesn't look like u have cron running | 15:30 |
Arrick | I did have it open. | 15:30 |
Arrick | How do I get it running? | 15:31 |
lequtix | http://paste.ubuntu.com/6066912/ | 15:31 |
lequtix | thats what mine looks like | 15:31 |
RoyK | Arrick: cron runs as pid 1152 according to that | 15:31 |
Arrick | is it running then? | 15:31 |
RoyK | yes | 15:31 |
lequtix | ok.. then put in a job that does something you can monitor | 15:32 |
RoyK | Arrick: cron usually generates email on error | 15:32 |
lequtix | make a bash script to write random data to a file | 15:32 |
Arrick | now to figure out why it isnt working... where in that line to I add the echo "it works!!!" >/opt/fart.txt for testing? | 15:32 |
RoyK | Arrick: it will also log its stuff to /var/log/syslog | 15:32 |
lequtix | then run it on a cron schedule | 15:32 |
RoyK | Arrick: * * * * * date >> /tmp/crontest.txt | 15:33 |
RoyK | Arrick: try that | 15:33 |
lequtix | yea that will work | 15:33 |
RoyK | Arrick: it should run that job ever minute and log the time it was run | 15:33 |
Arrick | ok, will check in a minute, it is added | 15:34 |
RoyK | Arrick: running this as root? | 15:34 |
Arrick | sudo, yeah | 15:34 |
lequtix | i don't think arrick's cron daemon is running... his pastebin indicates that he has only the crontab editor open | 15:34 |
RoyK | Arrick: and are you adding the jobs with crontab -e, or editing stuff under /etc/cron(something)? | 15:35 |
lequtix | nvm | 15:35 |
lequtix | 1152 | 15:35 |
Arrick | crontab -e | 15:35 |
RoyK | k | 15:35 |
lequtix | don't use sudo in a crontab tho right? | 15:35 |
Arrick | its been a couple minutes now, an nojoy | 15:35 |
lequtix | it might ask for password and hang the job | 15:36 |
lequtix | maybe restart cron | 15:36 |
lequtix | sudo service cron restart | 15:36 |
Arrick | date: invalid date `/tmp/crontest.txt' | 15:37 |
RoyK | Arrick: sudo -i | 15:37 |
RoyK | Arrick: then pastebin crontab -l | 15:37 |
Arrick | just got a failure when I setup the crontext as me. | 15:37 |
RoyK | Arrick: ok - pastebin "tail -50 /var/log/syslog" | 15:38 |
Arrick | output seperated by >>>>>>>>>>>>>>>>>>>>>>>>>>>>> http://paste.ubuntu.com/6066933/ | 15:40 |
Arrick | I removed my username from the paste though. | 15:40 |
RoyK | Arrick: ah - try to create a script - /tmp/crontest.sh with something like http://paste.ubuntu.com/6066938/ and chmod +x that file, and call that file in cron instead of the command | 15:41 |
RoyK | Arrick: I've seen cron having problems with redirects | 15:43 |
Arrick | we'll know in a minute | 15:45 |
lequtix | at least you know it's firing now | 15:45 |
lequtix | if it's erroring, it's trying | 15:45 |
Arrick | it wasnt firing under root, it was firing under my user account though... I tested crontab -e from both accounts to make sure. | 15:45 |
RoyK | Arrick: to the same output file? | 15:46 |
Arrick | yeah | 15:46 |
RoyK | did you pastebin that "tail -50 /var/log/syslog" command? | 15:47 |
lequtix | make the root crontab output to a different file | 15:47 |
RoyK | or rather, its output :P | 15:47 |
Arrick | its on the bottom of the first one. | 15:47 |
lequtix | if they fire at the same time,, only one can write to the fiel | 15:47 |
lequtix | other will error | 15:47 |
RoyK | lequtix: no, linux doesn't work that way | 15:47 |
RoyK | lequtix: it queues up writes | 15:48 |
Arrick | http://paste.ubuntu.com/6066963/ | 15:48 |
lequtix | how can two processes write to the file at the same time? | 15:48 |
lequtix | oh ok | 15:48 |
Arrick | I ran the cmd again | 15:48 |
RoyK | Sep 5 11:45:02 training sSMTP[26161]: Sent mail for root@miworksmo.org (221 2.0.0 Service closing transmission channel) uid=0 username=root outbytes=508 | 15:48 |
RoyK | Arrick: check the root mail | 15:48 |
Arrick | lol, how? | 15:48 |
RoyK | Arrick: install mutt or something | 15:48 |
Arrick | no, I mean where... | 15:48 |
RoyK | or even better - forward the root mail to your personal email account | 15:48 |
RoyK | apt-get install mutt | 15:49 |
RoyK | run mutt | 15:49 |
RoyK | as root | 15:49 |
RoyK | make sure you run an mta like postfix | 15:49 |
RoyK | (anything, really, but postfix is really easy to setup) | 15:49 |
lequtix | exim4 has a nice wizard to set it up... dpkg-reconfigure | 15:50 |
Arrick | last message april 22 | 15:50 |
* RoyK only uses postfix and can only speak of what he likes :P | 15:50 | |
* lequtix totally understands | 15:51 | |
lequtix | :D | 15:51 |
lequtix | you should try the exim on a test vm | 15:51 |
lequtix | and run the reconfigure package | 15:51 |
lequtix | maybe it's not as easy as postfix | 15:51 |
lequtix | its too bad we have to complicate his issue by configuring mail servers | 15:52 |
lequtix | lol | 15:52 |
Arrick | it already has a mail server setup, thats how I'm getting the emailed errors | 15:52 |
lequtix | ok.. | 15:52 |
RoyK | lequtix: can't really be bothered - I know postfix - I know how to configure it by hand - no point of learning exim, then ;) | 15:52 |
Arrick | nothing is showing up in the mail | 15:52 |
lequtix | so just install mutt then .. | 15:52 |
Arrick | yeah, I did | 15:52 |
Arrick | last email in was april 22 | 15:53 |
RoyK | Arrick: anyting in /var/log/mail.log ? | 15:53 |
Arrick | nope | 15:53 |
Arrick | wait | 15:53 |
Arrick | typo | 15:54 |
RoyK | are postfix or exim installed? | 15:54 |
Arrick | yep. | 15:54 |
RoyK | ok | 15:54 |
RoyK | pastebin? | 15:54 |
Arrick | last post >>>> Sep 5 11:53:03 training sSMTP[26455]: Sent mail for root@miworksmo.org (221 2.0.0 Service closing transmission channel) uid=0 username=root outbytes=508 | 15:56 |
lequtix | I wonder if the daily crontab is running | 15:57 |
lequtix | cus i think that runs as root | 15:57 |
just-a-visitor | Collected tips/pointers on why crontab possibly does not work: http://askubuntu.com/questions/23009/reasons-why-crontab-does-not-work | 15:59 |
RoyK | Arrick: have you forwarded root's email to somewhere? | 16:01 |
Arrick | not that I know of | 16:01 |
Arrick | I did install mutt, but as I mentioned the last mail was april 22 to the root acct there. | 16:02 |
Arrick | bah... typo in the crontest.sh nam... I named it crontext.txt | 16:03 |
RoyK | Arrick: what happens if you 'echo test | mail -s test root' ? | 16:07 |
RoyK | Arrick: does that arrive in root's mailbox? | 16:07 |
Arrick | lol, mail is not currently installed. | 16:07 |
RoyK | apt-get install -y mailutils | 16:07 |
RoyK | or mailx | 16:08 |
Arrick | im testing it as my user account right quick. | 16:11 |
Arrick | ok... RoyK I just got Cron is not running. reported to me when I tried that cron job (first one) after modding permissions on the log file. | 16:15 |
RoyK | Arrick: the email sent from the local machine should arrive immedately | 16:16 |
Arrick | it does. | 16:16 |
RoyK | to root as wel? | 16:16 |
RoyK | s/wel/well/ | 16:16 |
Arrick | when it errors, yes | 16:16 |
Arrick | not sure why it isnt putting the messages in for root... | 16:17 |
RoyK | so you can't send email to root? | 16:17 |
Arrick | if I run the echo test | mail -s test root it doesnt error, but when i run mutt I cant see the msg. | 16:17 |
RoyK | perhaps try to nuke root's mailbox | 16:18 |
RoyK | never seen that happen, though | 16:18 |
RoyK | perhaps the mbox is corrupt somehow | 16:18 |
Arrick | how would I do that? | 16:19 |
RoyK | sudo -i | 16:20 |
RoyK | rm $MAIL | 16:20 |
RoyK | that'll remove the mailbox | 16:20 |
RoyK | (beyond easy recovery) | 16:21 |
Arrick | permission denied.... | 16:21 |
RoyK | perhaps it's sticky, then | 16:21 |
RoyK | 16:21 | |
RoyK | that should truncate it | 16:21 |
Arrick | ok, did that, ran mutt, no messages... ran the echo cmd again, no messages showed up. | 16:22 |
RoyK | check /var/log/mail.log again | 16:23 |
RoyK | pastebin the last 50 lines or so (tail -50 ...) | 16:23 |
Arrick | http://paste.ubuntu.com/6067100/ | 16:24 |
RoyK | pastebin ~root/.forward and /etc/aliases, please | 16:25 |
RoyK | and perhaps output of 'mailq' | 16:26 |
Arrick | I just checked the cron-log.txt file it is pointing too, and it ran a minute ago | 16:27 |
lequtix | i feel bad for Arrick.. his issue went from cron to figuring out why the fuk he's not getting emaisl | 16:29 |
lequtix | :S | 16:29 |
lequtix | there must be a way of troubleshooting cron without a mail daemon | 16:29 |
RoyK | lequtix: well, we might even find out ;) | 16:29 |
Arrick | cron is working under my user account, but not under the root account. | 16:29 |
RoyK | Arrick: that's why you need email working | 16:30 |
lequtix | ok.. so we need to figure out under which circumstances cron would not run root jobs | 16:30 |
lequtix | i'm sure it's documented | 16:30 |
Arrick | cron is working, im happy... if i do too much more to this server, it will probably break the software on it, lol. | 16:32 |
lequtix | yea but there is probably a documented circumstance under which cron will NOT execute ANY root crontabs | 16:32 |
RoyK | Arrick: nothing you have done yet today (afaik) could have broken much - can you pastebin those I asked for? | 16:32 |
lequtix | its probably just a config | 16:32 |
RoyK | lequtix: famous last words ;) | 16:32 |
lequtix | lol | 16:33 |
lequtix | well if NO root jobs are firing (daily monthly etc..) | 16:33 |
lequtix | then that tells me the system is explicitly telling cron not to run those jobs | 16:33 |
Arrick | ~root/.forward says no such file or directory | 16:33 |
RoyK | that's good | 16:33 |
RoyK | what about /etc/aliases ? | 16:33 |
Arrick | postmaster: root | 16:34 |
Arrick | mailq is empty | 16:34 |
RoyK | nothing like root: something? | 16:34 |
Arrick | nope | 16:34 |
RoyK | postfix or exim? | 16:34 |
RoyK | or sendmail :P | 16:34 |
Arrick | neither is installed | 16:34 |
RoyK | apt-get install postfix | 16:35 |
Arrick | brb, dealing with a small fire here. | 16:36 |
RoyK | ouch | 16:37 |
lequtix | i'll bet his /etc/cron.d/anacron config doesn't have any root jobs | 16:37 |
lequtix | somewhere along the line there are no definitions for the root crontab | 16:37 |
RoyK | lequtix: why shouldn't it? | 16:37 |
lequtix | i dunno.. perhaps someone else modified it on him | 16:37 |
lequtix | since it runs everyone elses' jobs | 16:38 |
lequtix | and only root is excluded | 16:38 |
lequtix | that points to some kinda config | 16:38 |
lequtix | admitedly tho i'm no expert | 16:38 |
lequtix | but it's suspicious to me that only root is excluded from cron | 16:38 |
* RoyK curses under his breath and takes a closer look at his home server | 16:38 | |
lequtix | haha.. i know how u feel man | 16:39 |
just-a-visitor | Arrick: Burning cron. | 16:40 |
lequtix | http://pastebin.ubuntu.com/6067149/ | 16:41 |
lequtix | this is what my /etc/cron.d/anacron file looks like | 16:41 |
lequtix | alot of pages on the web point to the root users' PATH variable when it comes to cron | 16:43 |
lequtix | i guess if it can't find sh or bash then it can't execute the scripts | 16:47 |
lequtix | but if that were the case i suppose there would be some kind of error in system.log | 16:48 |
lequtix | http://serverfault.com/questions/72237/user-cron-jobs-are-not-running-but-system-jobs-are | 16:49 |
lequtix | this is interesting.. it basically says crontab lines need to end in a newline char | 16:50 |
lequtix | maybe root's crontab was edited manually without a newline at one point | 16:51 |
lequtix | so it stopped firing | 16:51 |
lequtix | i'd rename it and create a new root crontab exactly like the old one .. but using crontab -e | 16:52 |
lequtix | RoyK .. you think there's any validity to that? | 16:55 |
lequtix | RoyK .. http://serverfault.com/questions/72237/user-cron-jobs-are-not-running-but-system-jobs-are | 16:56 |
lequtix | RoyK .. If someone edited the root crontab directly and didn't put a newline on the end perhaps it's preventing all root jobs from running..? | 16:56 |
RoyK | not sure | 16:58 |
lequtix | i guess it would help to have access to his box | 16:58 |
lequtix | i mean we have established that cron is definately working | 16:58 |
lequtix | we just need reasons why root jobs would fail to execute | 16:58 |
RoyK | Arrick: ping | 16:58 |
lequtix | so far i've read that the root's PATH variable | 16:59 |
lequtix | and editing the crontab manually cause issues | 16:59 |
* RoyK is on the edge of beating his home server to death | 16:59 | |
sarnold | lequtix: I'd strongly suggest using '-u root' to crontab -e when edting root's crontab, just to be on the safe side and ensure you're getting the one desired | 17:00 |
sarnold | RoyK: man what's up with your machine? | 17:00 |
lequtix | sarnold .. its actually Arrick that's having the issues | 17:01 |
lequtix | he's afk dealing with small fire | 17:01 |
lequtix | metaphorically i'm hoping | 17:01 |
sarnold | lequtix: aha, I figured it wasn't you, but you're doing themost helping :) hehe | 17:02 |
sarnold | lets hope so.. | 17:02 |
lequtix | his root cron jobs aren't firing but regular user cron jobs ARE | 17:02 |
RoyK | sarnold: zfs issues, or so it looks | 17:02 |
sarnold | RoyK: eeeek | 17:02 |
lequtix | i know it's irrelavent to your problem, but why did you choose zfs? | 17:02 |
lequtix | you doing some kinda cluster FS? | 17:03 |
sarnold | lequtix: I've seen people try to shove the m h dom mon dow fields into the /etc/cron.{daily,hourly,weekly}/ things before, without success... | 17:03 |
lequtix | yea that's good good poing sarnold | 17:06 |
lequtix | point | 17:06 |
zul | hallyn_: ping | 17:10 |
RoyK | sarnold: indeed - no big chance for me to bother to debug that shite tonight | 17:19 |
RoyK | [ 730.156529] Out of memory: Kill process 20146 (php) score 940 or sacrifice child | 17:19 |
RoyK | [ 730.157654] Killed process 20146 (php) total-vm:19335892kB, anon-rss:15531616kB, file-rss:808kB | 17:19 |
Arrick | im back | 17:19 |
RoyK | that's out of memory just after I tried to rebuild zfs, on a system with 16 gigs of RAM | 17:19 |
RoyK | Arrick: wb | 17:19 |
sarnold | RoyK: daaaamn. I heard the de-dup requires a lot of memory, but I'd have thought 16 gigs would be plenty for that. | 17:20 |
sarnold | RoyK: amd64 or pae 32 bit? | 17:20 |
RoyK | amd64 | 17:21 |
sarnold | okay | 17:21 |
RoyK | sarnold: not using dedup | 17:21 |
sarnold | RoyK: woah hey, how'd php get 16 terabytes of address space? | 17:22 |
RoyK | sarnold: I've been testing dedup in a controlled environment and found it didn't work too well without half a terabyte of RAM or so (for the data I was managing back then) | 17:22 |
sarnold | RoyK: oh, that's only 18 gigs. nevermind. hey wait how'd php get 18 gigs of address space? :) | 17:22 |
RoyK | no idea | 17:22 |
RoyK | I shut the box down - will look into it later | 17:23 |
sarnold | makes sense | 17:23 |
sarnold | good luck :) | 17:23 |
Arrick | is kinda funny that my cron job IS running, but that my cronwatcher is reporting that cron ISNT running? | 17:23 |
RoyK | thanks | 17:23 |
RoyK | Arrick: try to restart cron | 17:23 |
Arrick | restarted | 17:23 |
RoyK | Arrick: and - mail to root now works? | 17:24 |
sarnold | RoyK: (maybe get a memtest86 run going while the machine is down?) | 17:24 |
RoyK | sarnold: have tried | 17:24 |
sarnold | okay | 17:24 |
RoyK | sarnold: also, if the memory was the problem, I'd be seeing lots of random segfaults, which I'm not | 17:24 |
Arrick | negative | 17:24 |
RoyK | Arrick: that's not positive | 17:25 |
Arrick | of course, the cron jobs are set to a log file, would it still email as well? | 17:25 |
RoyK | Arrick: focus on one thing at a time | 17:26 |
RoyK | Arrick: first - make sure email works | 17:26 |
smoser | hallyn_, you should fix lxc template for cirros to do --user-data on clone | 17:26 |
smoser | like i did for '-t ubuntu-cloud' | 17:26 |
RoyK | Arrick: as root (or any user), try to email root to see if it works. if it doesn't, check the logs. local email is just files, so it should be trivial indeed | 17:28 |
Arrick | it doesnt throw any errors when I send it.. | 17:28 |
RoyK | Arrick: not in the mail logs either? | 17:29 |
Arrick | it shows as sent in the logs | 17:30 |
RoyK | pastebin? | 17:30 |
Arrick | !pastebin | 17:30 |
ubottu | For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. | 17:30 |
Arrick | http://paste.ubuntu.com/6067312/ | 17:31 |
RoyK | hm - miworksmo.org doesn't haven an MX | 17:31 |
Arrick | lol | 17:31 |
RoyK | do you try to email root alone or root@miworksmo.org? | 17:32 |
Arrick | its internal on our exchange server | 17:32 |
Arrick | root alone | 17:32 |
RoyK | try root@localhost | 17:32 |
hallyn_ | smoser: uh, i'll takea look | 17:32 |
hallyn_ | zul: . | 17:32 |
zul | hallyn_: i totally forgot now | 17:32 |
smoser | hallyn_, just something i wanted to do , but wouldn't get to. but would like for general demonstration purposes in lxc in ubuntu. | 17:33 |
hallyn_ | zul: ok | 17:33 |
Arrick | nope... Im not going to worry about it rightnow RoyK, I'll have to come back to it, i have a LOT of other issues, as long as cron is running I'm not worried right now... thanks for all the help | 17:34 |
hallyn_ | smoser: yeah but you're donig it using a clone hook, so presumably i'll need to write a new hook for cirros (maybe i can reuse the one - needto look) | 17:34 |
smoser | hallyn_, probably have to write a new one, yes. | 17:34 |
smoser | but same as ubuntu, just move the code that *did* that from the create to the clone. | 17:35 |
hallyn_ | right | 17:35 |
lequtix | hi all | 17:43 |
RoyK | evening | 17:44 |
RoyK | good localtime(); | 17:44 |
lequtix | where are you roy/ | 17:44 |
lequtix | ? | 17:44 |
RoyK | .no | 17:44 |
RoyK | lequtix: what about you? | 17:51 |
lequtix | BC, Canada | 17:51 |
RoyK | k | 17:51 |
lequtix | i don't see where u said you live | 17:52 |
RoyK | .no == norway ;) | 17:52 |
lequtix | OH ok | 17:52 |
lequtix | :D | 17:52 |
lequtix | what's the weather like there right now | 17:54 |
lequtix | its' cloudy here today.. about 18 degrees celcius | 17:54 |
lequtix | looks about the same as here in oslo | 17:55 |
RoyK | about the same here ;) | 17:55 |
lequtix | sucks summer is ending | 17:55 |
RoyK | http://www.yr.no/place/Norway/Oslo/Oslo/Oslo/hour_by_hour_detailed.html | 17:55 |
RoyK | yr.no is nice ;) | 17:55 |
RoyK | yr means drizzle... | 17:56 |
lequtix | cool | 17:56 |
RoyK | :) | 17:56 |
lequtix | what are you working on? i'm bored at work | 17:56 |
lequtix | lol | 17:56 |
RoyK | check out the forecasts on yr.no in your hometown - it's not bad | 17:56 |
sarnold | RoyK: nice website.. | 17:57 |
RoyK | I'm at home, but at work, I work with scientists requesting interesting things for research projects | 17:57 |
lequtix | interesting job? | 17:57 |
lequtix | you enjoy it? | 17:57 |
RoyK | yep | 17:57 |
RoyK | I work for hioa.no | 17:57 |
lequtix | what kind of things do they request? | 17:57 |
RoyK | large focus on secure storage now | 17:58 |
RoyK | since we don't have a good thing for that atm | 17:58 |
lequtix | so that's why u are working with zfs? | 17:58 |
RoyK | that's private | 17:58 |
RoyK | I've been working with zfs for some time | 17:58 |
lequtix | encrypted FS isn't good for secure storage? | 17:58 |
RoyK | zfs encryption only exists in solaris 11, not the open version | 17:59 |
lequtix | use ext4 | 17:59 |
lequtix | lol | 17:59 |
RoyK | and by security, I mean access | 17:59 |
lequtix | ah | 17:59 |
RoyK | the datacentre is easy to secure | 17:59 |
sarnold | tahoe-lafs? :) | 17:59 |
RoyK | access is worse | 17:59 |
lequtix | require vpn | 17:59 |
lequtix | to access fiels | 17:59 |
lequtix | maybe | 17:59 |
lequtix | :O | 18:00 |
RoyK | interesting | 18:00 |
RoyK | didn't know that | 18:00 |
lequtix | or WebDAV | 18:00 |
lequtix | shares | 18:00 |
lequtix | you can choose networks and users | 18:00 |
RoyK | well, the issue is you have to allow several users to share a set of data, and not allow them to download anything | 18:00 |
RoyK | so some sort of remote desktop system | 18:00 |
rdw200169 | RoyK: yeah, this is definitely not a problem solved by zfs | 18:01 |
RoyK | with two-factor authentication and no internet access from the box | 18:01 |
lequtix | impossible | 18:01 |
lequtix | if they can read they can download | 18:01 |
RoyK | lequtix: you can photograph the monitor, sure, but if you stop them from downloading masses of data, it makes security better | 18:01 |
RoyK | lequtix: you can't make it 100% secure, but you can possibly make it 95% secure, which is what the authorities say is sufficient | 18:02 |
rdw200169 | RoyK: assuming you let them access with SSH, its all but impossible | 18:02 |
RoyK | rdw200169: not ssh | 18:02 |
RoyK | some remote desktop thing like rdp or preferably SPICE | 18:02 |
RoyK | rdp sucks at security on audio | 18:03 |
RoyK | and some projects need to use video (and the corresponding audio) | 18:03 |
lequtix | yea.. if you only enable RDP or FreeNX | 18:04 |
lequtix | and disable email to outside domains | 18:04 |
RoyK | lequtix: not only email - the system must be totally offline to the outside world | 18:04 |
RoyK | a way in, no way out | 18:05 |
sarnold | RoyK: wouldn't it be bloody annoying to be doing all the analsys over a remote link like that? the few times I've been forced to use citrix thingy I detested every second of it | 18:06 |
RoyK | sarnold: doesn't matter much - sensitive data like patient information can't be made available | 18:07 |
hallyn_ | except to third parties who pay for it <scoff> so long as they claim they'll honor hipaa. | 18:09 |
sarnold | hallyn_: .no, probably no hipaa :) | 18:09 |
lequtix | that's gonna require some pretty creative firewall rules | 18:09 |
* hallyn_ is disgusted with the state of data privacy today | 18:09 | |
* hallyn_ goeselsewhere to hide his disgust | 18:09 | |
sarnold | hallyn_: it's probably better in norway. they put RoyK in charge of it, afterall :) | 18:10 |
lequtix | so the datacenter itself has to be segregated from the outside world... then have a terminal server that's on the datacenter's VLAN AND an exposed VLAN | 18:10 |
sarnold | lequtix: brutal is easier than nuanced, in my experience.. | 18:10 |
hallyn_ | sarnold: maybe sanity elsewhere will be contageousandcatch on here | 18:10 |
lequtix | then use policy on the terminal server to disable all outside activity | 18:10 |
lequtix | except 3389 tcp | 18:11 |
lequtix | or firewall rules | 18:11 |
sarnold | hallyn_: we can hope :) | 18:11 |
lequtix | i guess it's not so hard | 18:11 |
lequtix | just have a terminal server on two networks.. one only allows 3389tcp and one that allows only the terminal server | 18:12 |
lequtix | that would be about as good as it's possible to get.. | 18:12 |
hallyn_ | sarnold: ican't figure out how no one has asked how snowden bypassed rbac+mls+te to get to all that data. being an admin should not mean you get all the data. (my feelings on whether it was good or bad that he got it aside) | 18:12 |
hallyn_ | but anyway, i get touchy bc that's why i left my last employer :) | 18:13 |
hallyn_ | all right, back to work :) | 18:13 |
lequtix | where are you guys located? i'm in canada | 18:13 |
lequtix | BC.. | 18:13 |
hallyn_ | US. up and down the middle at variosu points | 18:13 |
sarnold | hallyn_: I have a feeling rbac+mls+te were designed to give him the entirety of the information on purpose. I fully expect no policies were violated.. | 18:14 |
hallyn_ | sarnold: every person in any way in charge of policies and implementations should be undergoing a job review right now | 18:14 |
RoyK | sarnold: hipaa? | 18:14 |
RoyK | lequtix: rdp will open an unsecured tunnel back to the system if audio is used | 18:15 |
lequtix | you can disable the audio etc with policy | 18:15 |
lequtix | group policy | 18:15 |
RoyK | sure | 18:15 |
RoyK | but part of the thing was to *allow* audio | 18:16 |
lequtix | ugh | 18:16 |
lequtix | why would u wanna stream audio over the rdp connection | 18:16 |
lequtix | lol | 18:16 |
RoyK | which makes it a bit harder | 18:16 |
lequtix | poor performance | 18:16 |
RoyK | lequtix: not necessarily over rdp, but over a remote connection. | 18:16 |
RoyK | lequtix: we have this project where kids in kindergarden are interviewed for research of how they will become according to how they act as kids (not sure how to explain that in English) | 18:17 |
RoyK | lequtix: and that sort of data is rather sensitive | 18:17 |
sarnold | hallyn_: completely agreed there. they ought to buy a giant FAIL stamp to save some effort.. :) | 18:17 |
lequtix | i understand | 18:17 |
lequtix | so the interviews are audio? | 18:17 |
RoyK | and video | 18:17 |
hallyn_ | heh and lots of ink | 18:17 |
lequtix | and they upload the data via the RDP connection (or whatever type of connection you decide to use) | 18:18 |
hallyn_ | RoyK: do the parents get to opt the kids out? | 18:18 |
sarnold | RoyK: hipaa is the .us "effort" at patient privacy -- it might actually be an improvement over earlier legislation, but it limits spread of data to people, contractors, who signed contracts -- i.e., very little actual containment of data. | 18:18 |
lequtix | with RDP Record is different function than playback | 18:18 |
RoyK | hallyn_: of course | 18:18 |
lequtix | you can get the data in but disallow playback | 18:18 |
hallyn_ | RoyK: "of course" - that's not that obvious :) glad it is where you are though. | 18:18 |
hallyn_ | like i said, hoping sanity is contagious | 18:18 |
RoyK | hallyn_: http://datatilsynet.no/English/ are rather strict | 18:19 |
RoyK | which is good imho | 18:20 |
lequtix | i suppose they could connect to the datacenter with managed workstations with policies in effect to disable any external storage devices.. | 18:20 |
lequtix | like usb or cdr | 18:20 |
lequtix | or email | 18:20 |
RoyK | lequtix: if that datacentre is secure, indeed, but very few are | 18:20 |
lequtix | IAAS infrastructure could make it a bit easier to secure things | 18:21 |
lequtix | each VM server has it's own sandboxed environment and network | 18:21 |
RoyK | lequtix: it needs to be certified by datatilsynet.no | 18:22 |
lequtix | like Amazon EC2 | 18:22 |
RoyK | lequtix: very few are | 18:22 |
lequtix | but private | 18:22 |
RoyK | amazon will probably never be certified - the US govt have access there | 18:22 |
lequtix | RoyK .. i mean to implement your own virtualized infrastructure | 18:22 |
lequtix | LIKE amazon | 18:22 |
lequtix | easier to secure everything becuase everything is sandboxed | 18:23 |
lequtix | you have to explicitly create links between the environments | 18:23 |
RoyK | we have a couple of vmware clusters, thinking of using one of them or creating a new one | 18:23 |
lequtix | yes ESX is nice | 18:23 |
lequtix | you can do the same with HyperV | 18:23 |
lequtix | or ProxMox | 18:23 |
RoyK | lequtix: uio.no has been working on a very good solution for ages - https://www.usit.uio.no/prosjekter/tsd20/ (apparently only in norwegian) | 18:23 |
RoyK | but they're almost a year late | 18:24 |
RoyK | lequtix: I don't like hyperv | 18:24 |
lequtix | yea it's very heavy | 18:24 |
RoyK | lequtix: had some really bad issues with ubuntu on hyperv | 18:24 |
lequtix | I'm a proxmox user personally | 18:24 |
lequtix | i like the OpenVZ/KVM integration | 18:24 |
RoyK | heavy network traffic and the vm just lost networking - nothing in the logs | 18:24 |
lequtix | ProxMox or VMware | 18:25 |
lequtix | HyperV is still in it's infancy.. microsoft is years behind with their Virtualization product | 18:25 |
lequtix | i think too late | 18:26 |
RoyK | kvm is getting some | 18:27 |
RoyK | still low on the admin bit, but the tech bits are good | 18:27 |
lequtix | have you tried the ProxMox product? | 18:27 |
lequtix | its free | 18:27 |
RoyK | never heard of it | 18:27 |
lequtix | you must try it | 18:27 |
lequtix | http://pve.proxmox.com/wiki/Main_Page | 18:27 |
lequtix | its a distro to mimic esx | 18:28 |
RoyK | nice | 18:28 |
lequtix | it has kvm and openvz | 18:28 |
lequtix | and really nice html5 web interface | 18:28 |
RoyK | any idea what it's based on? | 18:28 |
lequtix | debian | 18:28 |
RoyK | and does it support clustering? | 18:28 |
lequtix | wheezy | 18:28 |
lequtix | yes | 18:28 |
sarnold | and rhel kernel for openvz, apparnetly | 18:28 |
RoyK | tried to setup clustering with that? | 18:28 |
lequtix | no it's custom for them i think | 18:28 |
lequtix | it supports GFS | 18:29 |
lequtix | glusterfs | 18:29 |
lequtix | give it a try... the iso is small.. 400k | 18:29 |
RoyK | glusterfs isn't a clustering filesystem | 18:29 |
RoyK | well, it is, but the other way around | 18:29 |
lequtix | lol | 18:29 |
RoyK | spread data, not make it redundant as with OCFS2 or GFS2 | 18:29 |
lequtix | it also supports live migration | 18:29 |
lequtix | within the cluster | 18:30 |
RoyK | so does standard redhat/centos/ubuntu | 18:30 |
RoyK | */* | 18:30 |
lequtix | well.. it is just basically KVM with a nice interface | 18:30 |
lequtix | give it a try | 18:30 |
lequtix | works well from install | 18:30 |
RoyK | I setup a kvm cluster on two nodes with centos - it was a PITA | 18:30 |
RoyK | lequtix: have you setup a *cluster* from install? | 18:30 |
lequtix | i never had a SAN | 18:31 |
RoyK | well, you could use DRBD | 18:31 |
lequtix | so i haven't tried the cluster.. but it works nice stand alone from install | 18:31 |
lequtix | thats what it uses | 18:31 |
lequtix | DRBD | 18:31 |
lequtix | now that you mention it | 18:31 |
lequtix | it only works on the local subnet cus it's broadcast right? | 18:31 |
lequtix | that was the limitation.. proxmox clusters have to exist on the same subnet | 18:32 |
lequtix | just give it atry | 18:32 |
sarnold | I hope they move to multicast, ipv6 has no broadcast. | 18:32 |
lequtix | you will like it | 18:32 |
lequtix | you can use /etc/network/interfaces to setup as many bridges and private lans you need to use with the VM's | 18:33 |
lequtix | that's kinda nice | 18:33 |
lequtix | its basically just a minimal linux install | 18:34 |
lequtix | with a web interface | 18:34 |
lequtix | u can do with it what you do with regular linux installs | 18:34 |
RoyK | sarnold: heh - hioa.no, where I work, are the best in the class on ipv6 - we do *everything* we can on ipv6, and only the rest on ipv4 | 18:34 |
lequtix | but proxmox rocks.. i love it | 18:34 |
RoyK | sarnold: in norway, that is | 18:35 |
smoser | rbasak, http://paste.ubuntu.com/6067241/ | 18:35 |
smoser | your thoughts on that data would be appreciated. | 18:35 |
sarnold | RoyK: nice :) my ISP recently rolled out ipv6 support, it's been on my todo list for three weeks now.. :) | 18:35 |
RoyK | lequtix: does it have an option for clustering on a SAN with GFS2 or OCFS2? | 18:35 |
lequtix | yes.. goes glusterfs | 18:35 |
lequtix | does | 18:35 |
lequtix | GFS2 | 18:36 |
RoyK | glusterfs != cluster fs | 18:36 |
RoyK | you can't mount a glusterfs partition on two machines | 18:36 |
RoyK | you can with GFS2 or OCFS2 | 18:36 |
lequtix | http://www.proxmox.com/proxmox-ve/features | 18:36 |
* RoyK likes AGPL | 18:37 | |
lequtix | this might tell u more | 18:37 |
lequtix | http://www.proxmox.com/proxmox-ve/comparison | 18:37 |
RoyK | gotta try that - got a pair of pizzaboxes for testing | 18:37 |
zul | adam_g: ping http://people.canonical.com/~chucks/ca/ | 18:37 |
RoyK | dual quad core something with 24GB RAM | 18:38 |
RoyK | should do well for testing a wee cluster | 18:38 |
lequtix | at the end of the day RoyK it's a debian linux install so u can install/configure whatever storage you want | 18:38 |
RoyK | if it automates some of the headaches I've had with clustering, it's good | 18:38 |
lequtix | to kvm it's all just mountpoints | 18:38 |
lequtix | it has special tools for setting up the cluster | 18:39 |
RoyK | well, sure, but cluster synchronization isn't very easy | 18:39 |
lequtix | but they are command line | 18:39 |
lequtix | this takes care of the sync | 18:39 |
* RoyK is quite used to the commandline | 18:39 | |
RoyK | a year from now, I'll celebrate 20 years of running linux ;) | 18:39 |
sarnold | :) | 18:40 |
sarnold | "celebrate" in a "where did time go?" sort of way? :) | 18:40 |
lequtix | i think you will like proxmox | 18:40 |
RoyK | something like that ;) | 18:40 |
RoyK | I'll look into it | 18:41 |
RoyK | we have a lot of old machines that aren't used anymore, machines taken offline or virtualised | 18:41 |
lequtix | i have it running on a machine with amd 6 core cpu and 16 gigs ram | 18:41 |
lequtix | works nice .. have 3 openvz containers and 3 windows vms | 18:41 |
lequtix | more than enuf to test | 18:41 |
RoyK | windows on kvm? | 18:41 |
lequtix | yea | 18:42 |
lequtix | win7 pro and server 2012 | 18:42 |
RoyK | I've been using kvm for some time, but never got the hang of failover in clusters | 18:42 |
lequtix | i haven't experimented much with clusters | 18:42 |
lequtix | i don't have the hardware | 18:42 |
RoyK | you need to allow a machine to die | 18:42 |
RoyK | with ESXi, it just works | 18:42 |
RoyK | I'd been working in this job for 3 months or so, when I was installing this blade server that was hanging and didn't take a reboot from the blade centre | 18:43 |
lequtix | how does it work?? you have two servers up at the same time? when one dies the DNS moves the pointer? | 18:43 |
RoyK | so I walked over to the datacentre and pulled it out | 18:43 |
RoyK | wrong bladcentre | 18:43 |
RoyK | wrong blade | 18:43 |
lequtix | or the vm loads on another host | 18:43 |
RoyK | 30 VMs died, and came up on other blades | 18:44 |
lequtix | oh ok.. i understand | 18:44 |
sarnold | RoyK: wow, that's a good one! :) | 18:44 |
RoyK | didn't feel so touch back then ;) | 18:44 |
lequtix | haha | 18:44 |
lequtix | how long were they down... 1 minute? | 18:44 |
sarnold | RoyK: no, I bet it didn't. but that story will win most bar bets. :) hehe | 18:44 |
RoyK | 1-2 minutes | 18:44 |
lequtix | the proxmox site boasts that it will do that | 18:45 |
RoyK | sarnold: we have a thing at the IT dept | 18:45 |
lequtix | i've never tried it.. you will have to let me know | 18:45 |
RoyK | sarnold: if someone messes up, he needs to bake a cake to the rest | 18:45 |
sarnold | RoyK: how many cakes did this one require? :) | 18:45 |
RoyK | sarnold: I called boss and asked "is this cake?" and was assured "no, not really" | 18:45 |
=== atpa8a_ is now known as atpa8a | ||
RoyK | sarnold: we have a software rollout system where windows users can choose between applications to install | 18:46 |
RoyK | sarnold: so not to allow them admin access, but still allow them a predefined set of applications | 18:46 |
lequtix | usually thats done via group policy isn't it royk? | 18:47 |
RoyK | sarnold: the admin scripting this did a slight change one thursday and was home sick the day after, when *all* PCs at hioa.no, about 10k of them, started to install *all* applications in the repository | 18:47 |
lequtix | different OU's can be assigned different software bundles | 18:47 |
RoyK | he made a nice cake | 18:47 |
lequtix | HAHAHAHA | 18:47 |
sarnold | RoyK: hahaha, wow. :D | 18:48 |
sarnold | RoyK: okay, so killing 30 vms won't win against his story. :) | 18:48 |
RoyK | the motto for the department is "we do as good we can" ;) | 18:48 |
RoyK | but there's a lot of good nerds here | 18:49 |
lequtix | everyone makes mistakes | 18:49 |
lequtix | lol | 18:49 |
RoyK | yep | 18:49 |
lequtix | if not.. no one would eat cake | 18:49 |
lequtix | :D | 18:49 |
RoyK | haha | 18:49 |
lequtix | and that is unacceptable | 18:49 |
lequtix | hahahaha | 18:49 |
RoyK | quite so | 18:49 |
lequtix | Proxmox Cluster File System | 18:50 |
lequtix | Proxmox VE uses the unique Proxmox Cluster file system (pmxcfs), a database-driven file system for storing configuration files. This enables you to store the configuration of thousands of virtual machines by configuring them only once. By using corosync, these files are replicated in real time on all cluster nodes. The file system stores all data inside a persistent database on disk, nonetheless, a copy of the data resides in RAM which provides a max | 18:50 |
lequtix | imum storage size is 30MB - more than enough for thousands of VMs. | 18:50 |
lequtix | here u go royk | 18:50 |
lequtix | how it does cluster | 18:50 |
RoyK | lequtix: interesting | 18:51 |
lequtix | i think it has the broadcast limitation tho | 18:51 |
lequtix | requires all hosts be on the same subnet | 18:51 |
RoyK | gotta try to setup a test on that with 3-4 nodes | 18:51 |
lequtix | maybe they changed it recently | 18:51 |
RoyK | just need to setup a freebsd-based zfs storage first | 18:51 |
RoyK | then some old pizzaboxes | 18:52 |
lequtix | so if i were to make an iSCSI target you would recommend freebsd and zfs? | 18:52 |
RoyK | we have a new datacentre with a dedicated rack for test stuff | 18:52 |
lequtix | for testing this stuff? | 18:52 |
RoyK | yep | 18:52 |
RoyK | some 10TiB+ of storage and some machines to run the good stuff | 18:53 |
lequtix | what are the alternatives | 18:53 |
RoyK | we have 150+TB on EqualLogic with vmware | 18:53 |
lequtix | i'm a noob when it comes to san and iscsi.. although i know a few things | 18:53 |
RoyK | iscsi isn't too hard | 18:54 |
RoyK | I've not used ZFS professionally on fbsd, only on solarises | 18:54 |
lequtix | my question comes when multiple devices mount one iscsi target | 18:54 |
RoyK | like openindiana | 18:54 |
lequtix | how does it not corrupt | 18:54 |
RoyK | you need a filesystem like GFS2 or OCFS2 with corosync or similar | 18:54 |
lequtix | do they use a special file system | 18:54 |
lequtix | AH ok | 18:54 |
RoyK | not many filesystems support sharing | 18:55 |
RoyK | and clusterd to kick out nodes that don't reply | 18:55 |
lequtix | so you only need corosync with ocfs2? | 18:55 |
lequtix | you can use gfs2 alone? | 18:56 |
RoyK | no | 18:56 |
lequtix | allways need corosync? | 18:56 |
RoyK | gfs2 needs a daemon to control who can write | 18:56 |
RoyK | and clusterd to kick out nodes that don't reply | 18:56 |
lequtix | and all that is installed only on the san | 18:56 |
RoyK | as with hard reset | 18:56 |
lequtix | its transparent to the hosts right? | 18:56 |
lequtix | the hypervisor hosts | 18:57 |
RoyK | you can do it easier with nfs | 18:57 |
lequtix | ok... now i have a question about NFS | 18:57 |
lequtix | lol | 18:57 |
lequtix | sorry | 18:57 |
RoyK | don't be sorry ;) | 18:57 |
lequtix | its relating to permissions .. does nfs support filesystem level security? or is it just host based (network) secutirt | 18:57 |
lequtix | security | 18:57 |
lequtix | like how does an nfs share map who accesses what? | 18:58 |
RoyK | NFS1-3 supports posix ACLs | 18:58 |
RoyK | NFS4 supports the new ACL regime, compatible with NTFS etc | 18:58 |
lequtix | ok... so who controls that | 18:58 |
RoyK | in which? | 18:59 |
lequtix | the san? or the hypervisor hosts | 18:59 |
lequtix | ok.. i have a san using GSFS2 and Corosync | 18:59 |
RoyK | a SAN device is just a blockdevice | 18:59 |
lequtix | it hosts a share | 18:59 |
lequtix | nfs | 18:59 |
lequtix | which box controls file access | 18:59 |
RoyK | your SAN isn't using a filesystem | 18:59 |
RoyK | all the boxes in the cluster | 19:00 |
lequtix | ok.. so the san only presents a block device (unformatted drive) | 19:00 |
RoyK | that's where corosync comes in | 19:00 |
RoyK | lequtix: the san is usually as dumb as a disk | 19:00 |
lequtix | so the hypervisor hosts have to manage the file system | 19:00 |
RoyK | the hypervisor manages processes | 19:00 |
RoyK | corosync manages sync writes | 19:01 |
lequtix | i'm speaking in terms of low level disk activity | 19:01 |
lequtix | not necessisarly the virtualization | 19:01 |
RoyK | clusterd manages write coherency | 19:01 |
RoyK | you don't use shared storage unless you do virtualisation | 19:01 |
lequtix | and clusterd is corosync? | 19:01 |
RoyK | no, corosync makes sure GFS2 or OCFS2 are in sync | 19:02 |
RoyK | clusterd makes sure the processes of virtualization are running and are not crashing and kicks out those who make trouble | 19:02 |
lequtix | i'm more interested in what happens with the shared file systems before the vm's even load | 19:03 |
lequtix | the hosts mount the NFS share (which is an unformatted disk) | 19:03 |
lequtix | how do you format it | 19:03 |
RoyK | lequtix: this one is long | 19:04 |
RoyK | https://alteeve.ca/w/2-Node_Red_Hat_KVM_Cluster_Tutorial | 19:04 |
RoyK | but it's good | 19:04 |
lequtix | ok hahah | 19:04 |
RoyK | an nfs share is not an unformatted disk, it's a shared drive | 19:04 |
RoyK | lequtix: read that one if you want to setup a cluster | 19:04 |
RoyK | first: read "a note of patience" | 19:05 |
lequtix | ok.. so it's better then to use iscsi because then the vm hosts do the formatting | 19:05 |
RoyK | you'll still have to use GFS2 and corosync and clusterd | 19:06 |
RoyK | there's no easy way out, I'm afraid | 19:06 |
RoyK | if you haven't setup the sync correctly, you suddenly have two VMs writing to the same filesystem | 19:07 |
RoyK | which is somewhat troublesome | 19:07 |
RoyK | filesystems don't like that | 19:07 |
RoyK | filesystems like ext4 | 19:07 |
RoyK | which are run on top of GFS2 | 19:07 |
lequtix | no no i don't want a fast way out | 19:07 |
lequtix | i'm just trying to get my head around the process | 19:08 |
lequtix | i'll read that page | 19:08 |
RoyK | then bide your time and read that tutorial | 19:08 |
RoyK | it's not your average 10 minute tutorial - it's the other sort | 19:08 |
lequtix | yes i see that | 19:08 |
RoyK | and it's thorough | 19:08 |
* RoyK guesses lequtix will surface some time on sunday asking new questions ;) | 19:09 | |
lequtix | hahah | 19:09 |
lequtix | i know enuf to understand broadly | 19:09 |
lequtix | i just want the nuonce | 19:10 |
RoyK | lequtix: enough? | 19:11 |
RoyK | and what does nuouch mean? | 19:11 |
Pici | I think they meant nuance | 19:12 |
adam_g | zul, do we plan on keeping that mongodb delta in the future? | 19:12 |
zul | adam_g: i believe so | 19:13 |
adam_g | zul, can we push it to ~ubuntu-cloud-archive as a bzr branch with the included changes? | 19:13 |
zul | adam_g: sure | 19:14 |
adam_g | zul, id like to start keeping anything with deltas under VCS | 19:14 |
zul | adam_g: wait there is no delta here its a straight backport | 19:14 |
adam_g | zul, oh! my bad, i read that .changes wrong and thought the patches were only applied for the CA | 19:15 |
adam_g | zul, in that case +1 | 19:15 |
zul | thx | 19:16 |
lequtix | RoyK i meant Nuance .. http://www.merriam-webster.com/dictionary/nuance | 19:18 |
RoyK | k | 19:19 |
lequtix | this document is very detailed | 19:41 |
RoyK | it certainly is | 19:42 |
lequtix | hardware i will use to learn does not have 6 NIC's | 19:42 |
lequtix | lol | 19:42 |
lequtix | its almost too verbose for starting out | 19:42 |
RoyK | you don't need to use that hardware | 19:42 |
lequtix | i'm less interested in the securty portion and more interested in how it works | 19:42 |
RoyK | then scroll down | 19:42 |
lequtix | but i suppose network failover is just as important as anything else | 19:43 |
RoyK | it is | 19:43 |
RoyK | but then, if you have enough nodes, it shouldn't matter much | 19:43 |
RoyK | unless the switch dies | 19:44 |
RoyK | which they tend to do now or then | 19:44 |
lequtix | 2/3 of the document focuses on network tolerance.. failover for switch failure | 19:45 |
lequtix | and seperating netoworks for storage and internet and cluster traffic | 19:45 |
RoyK | keep focus on what's on kvm etc | 19:45 |
lequtix | good policy but overkill for my needs | 19:45 |
lequtix | lol | 19:45 |
lequtix | do most computers support IPMI? | 19:49 |
lequtix | so i can't do fencing either | 19:49 |
RoyK | fencing is rather important | 19:49 |
RoyK | without it and with a network outage, you can end up with two VMs on the same disk | 19:50 |
lequtix | so to even test HA you need to have real server hardware that supports IPMI | 19:50 |
RoyK | cooperatingly corrupting data | 19:50 |
lequtix | yea i understand the implications.. but i don't have expensive hardware | 19:50 |
RoyK | you can test it easily, but if the shit hits the fan, no | 19:50 |
RoyK | if they're on the same network, iscsi and networking together, it's easier | 19:51 |
RoyK | but usually you don't use the same network for data and generaly traffic | 19:51 |
lequtix | i would probably have to use a crossover cable for the cluster traffic | 19:52 |
lequtix | and a switch for the main network | 19:52 |
lequtix | 2 nics in each box | 19:52 |
RoyK | no need for a crossovercable with gigabit | 19:52 |
RoyK | it's autosense by definition | 19:52 |
lequtix | right | 19:52 |
lequtix | i'm old .. what can i say | 19:52 |
lequtix | lol | 19:52 |
RoyK | heh | 19:52 |
RoyK | how old? | 19:52 |
lequtix | 41 | 19:53 |
RoyK | damn - I'm almost 40 ;) | 19:53 |
RoyK | 2 months to go | 19:53 |
lequtix | hehe | 19:53 |
lequtix | i'll be 42 in november | 19:53 |
RoyK | when? | 19:53 |
lequtix | 19 | 19:53 |
ejv | guess you're old too RoyK | 19:54 |
ejv | ;) | 19:54 |
RoyK | ok, I'll be 40 the 32th | 19:54 |
RoyK | november | 19:54 |
lequtix | this isn't so hard to understand but my questions from before were more related to how the shared file systems worked.. and which node controlled what and who created the filesystems | 19:55 |
lequtix | lol | 19:55 |
lequtix | in a scenario where there are 2 nodes and 1 san... | 19:56 |
lequtix | who controls the filesystem on the shared storage | 19:56 |
lequtix | the nodes? or the SAN | 19:56 |
RoyK | lequtix: the san is dumb | 19:56 |
lequtix | in the case of a san u use iSCSI | 19:57 |
RoyK | lequtix: the nodes must coordinate access | 19:57 |
lequtix | dump | 19:57 |
lequtix | dumb | 19:57 |
lequtix | right? | 19:57 |
lequtix | with an NFS share the device HOSTING the storage looks after it correct? | 19:57 |
RoyK | lequtix: were it nfs or iscsi or direct access - the nodes need things like corosync | 19:57 |
RoyK | lequtix: otherwise they may start the same vm and mess up | 19:58 |
lequtix | ok.. so i guess i'm asking whats the difference between iScsi targets and nfs shares | 19:58 |
lequtix | with iscsi target the storage is presented as a blank block device | 19:58 |
lequtix | what about nfs? | 19:58 |
lequtix | its presented differently right? | 19:59 |
RoyK | lequtix: it's still shared storage | 19:59 |
RoyK | lequtix: just easier to handle on the server side | 19:59 |
lequtix | which is easier | 19:59 |
lequtix | iscsi or nfs | 19:59 |
RoyK | start out with nfs | 19:59 |
RoyK | no need for a shared filesystem like GFS2 | 20:00 |
RoyK | but still the same needs for synch | 20:00 |
lequtix | i dont think you understand what i'm asking | 20:00 |
lequtix | i'm not concerned about sync | 20:00 |
lequtix | i just want to know the difference between and NFS share and iSCSI target in terms of where the filesystem is managed | 20:01 |
RoyK | lequtix: if you setup a cluster without sync, it'll die | 20:01 |
lequtix | remove cluster from the equasion at this point | 20:01 |
RoyK | lequtix: with iscsi, you need a shared filesystem like GFS2 or OCFS2 | 20:01 |
RoyK | with more sync there | 20:01 |
RoyK | if you use NFS you only need to sync the cluster, not the storage | 20:01 |
lequtix | with iscsi the nodes manage the filesystem correct? | 20:02 |
lequtix | with ntfs the machine hosting the filesystem manages it | 20:02 |
lequtix | is that correct? | 20:02 |
lequtix | i mean NFS | 20:02 |
lequtix | not ntfs | 20:02 |
RoyK | with nfs, the host is doing the management, with iscsi, you need a shared filesystem like GFS2 or OCFS2 | 20:03 |
RoyK | but still, you need sync between the nodes | 20:03 |
lequtix | ok. | 20:03 |
lequtix | right | 20:03 |
RoyK | otherwise they'll overwrite oneanother's sectors | 20:03 |
RoyK | there's no easy way to clustering | 20:04 |
lequtix | so.. when you make an NFS share for the purposes of clustering.. which filesystem do you have to use? | 20:04 |
lequtix | can u just use ext4? | 20:04 |
RoyK | doesn't matter what you use underneath | 20:04 |
lequtix | ok because the nfs daemon manages the locks | 20:04 |
RoyK | xfs, ext4, jfs, even btrfs if you dare | 20:04 |
RoyK | nfs is a network filesystem, so it doesn't care about what's underneath | 20:05 |
lequtix | ok.. i understand now. | 20:05 |
lequtix | with NFS you don't have to worry about filesystem because there is a single host nfs daemon controlling locks for all nodes. | 20:06 |
lequtix | with iscsi, each node has to manage it's own locks therefore you need a sync protocol in there somewhere to make sure everyone's in sync | 20:06 |
RoyK | not quite | 20:06 |
RoyK | with nfs, I/O is sent to a central server which handles everything | 20:06 |
lequtix | so it's impossible for two machines to write to the same locations | 20:07 |
lequtix | with nfs | 20:07 |
RoyK | with shared iSCSI, each host writes individually, so they have to synch up their I/O not to corrupt everything | 20:07 |
lequtix | ok.. you said it better but that's what i meant | 20:07 |
lequtix | thats all i wanted to know this whole time.. hahaha | 20:07 |
RoyK | with NFS two clients (nodes) can still corrupt data if not in sync, but not on the filesystem level | 20:08 |
RoyK | with shared filesystems, things can go a bit worse | 20:08 |
RoyK | shared filesystems as in where devices are shared | 20:09 |
lequtix | and there's no central service to sort things out | 20:09 |
lequtix | the nodes can do whatever they want | 20:09 |
RoyK | in essence, yes | 20:09 |
lequtix | so will NFS allow two nodes to load the same VM? | 20:10 |
lequtix | or will it deny read to one node because it's open already on another? | 20:10 |
lequtix | thats probably what the sync is for | 20:11 |
lequtix | to avoid that | 20:11 |
RoyK | lequtix: no, they will be able to read and write simultanously, but you need corosync to stop them from writing to the same file | 20:11 |
lequtix | ok | 20:12 |
RoyK | lequtix: did you read that document? | 20:13 |
lequtix | still reading | 20:13 |
RoyK | lequtix: then ask afterwards | 20:13 |
lequtix | say i'm not going to cluster.. i want an nfs share to have roaming profiles | 20:13 |
lequtix | basically i want an nfs share for the /home dir | 20:14 |
lequtix | now... if i login two different computers as the same user.. it will blow up? | 20:14 |
RoyK | just read | 20:15 |
RoyK | it's about the same thing | 20:16 |
RoyK | it takes some understanding to get through this | 20:16 |
t_dot_zilla | im going crazy trying to get a tftp server running on ubuntu | 20:42 |
adam_g | zul, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/horizon/fixes/+merge/184186 | 21:19 |
jefgy | I'm using an intel e1000 and while I don't see any issues in syslog or dmesg I seem to be dropping connections regularly on the machines with the e1000(the machines with broadcom nics are fine). I did a quick search for e1000 issues on 12.04 and didn't immediately see anything. Does anyone know if there is an issue with the e1000 that I may have overlooked? | 21:24 |
genii | jefgy: If: lspci -vnn | grep '82574' shows the controller as 82574L maybe try: sudo setpci -s <ID-of-device> CAP_EXP+10.b=40 ...where ID is the first number in the line produced by the previous command. There is a particular bug on the 82574L | 21:39 |
jefgy | genii:Thank you! I do seem to have the 82574L | 21:48 |
jefgy | I ran sudo setpci -s 02:00.0 CAP_EXP+10.b=40 as you said | 21:49 |
genii | jefgy: Now to keep an eye on traffic and see if connections stay up! I must leave soon but will will be back again tomorrow. | 21:53 |
jefgy | thanks again! | 21:53 |
genii | jefgy: No problem. If this works for you, need to make it run for subsequent boots. | 21:55 |
jefgy | genii: would you recommend adding a line to rc.local? | 21:56 |
genii | jefgy: Or, possibly adding it just before "end script" in /etc/init/network-manager.conf | 22:00 |
jefgy | good plan, I the network traffic has already stabilized and appears to be running similar speeds to the servers running the broadcom nics so I would that does did the trick | 22:02 |
jefgy | I seem to have - a couple of words there | 22:03 |
genii | jefgy: I got the gist :) | 22:04 |
=== Ursinha is now known as Ursinha-afk | ||
=== Ursinha-afk is now known as Ursinha |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!