/srv/irclogs.ubuntu.com/2013/09/05/#ubuntu-server.txt

NickyPi have a LAMP/apache2 server. The web page part works great. I also have file that I need for an application on the server that is 5 dirs down from the web server root. I get Forbidden response when I try to wget the file. What should the permissions / user00:49
NickyP;groups be to get this to behave?00:49
sarnoldNickyP: you need to make sure that the file can be read by the web server, and all directories above it can be read and traversed by the web server00:50
NickyPIf is try to wget the index.html off the top I get the same thing00:51
NickyPForbidden00:51
sarnoldNickyP: ah, nice. that gives you some good evidence to look for in the logs.00:52
NickyPshould the user:group be www-data for both00:53
sarnoldIt would be better if the webserver didn't own the data.00:54
NickyPk00:54
NickyPwhat is the common log location. there seems some indirection in the docs about  it00:56
sarnoldNickyP: check /var/log/apache2/ for a first shot (this is me guessing :)00:57
NickyPk. ty00:57
qman__www-data should not own any files, but those files should be readable by www-data00:59
qman__meaning, either grant world-read or use acls00:59
=== freeflying_away is now known as freeflying
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
=== jtv1 is now known as jtv
=== thumper is now known as thumper-afk
=== freeflying is now known as freeflying_away
=== Jikan is now known as Jikai
=== smb` is now known as smb
=== Jikai is now known as Jikan
=== Jikan is now known as Jikai
=== freeflying_away is now known as freeflying
=== Jikai is now known as Jikan
=== Jikan is now known as Jikai
=== dosaboy_ is now known as dosaboy
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
=== thumper-afk is now known as thumper
=== Jikai is now known as Jikan
BullSharkwhat's the way to disable a service from auto starting on boot in ubuntu?10:59
geserBullShark: does the service get started through an upstart job?11:18
=== freeflying is now known as freeflying_away
BullSharkgeser -> the service is postfix11:20
BullSharkit's in /etc/init.d/postfix11:21
gesersudo update-rc.d postfix disable11:22
BullSharkgeser -> that is disabling for all runlevels?11:23
geseryes11:23
gesersee the manpage for update-rc.d if you want to disable it for specific runlevels11:24
BullSharkyep, i was looking11:25
BullShark       update-rc.d [-n] <basename> disable|enable [S|2|3|4|5]11:25
BullSharkthis update-rc.d command doesn't do similar to chkconfig --list11:26
BullShark=/11:26
=== freeflying_away is now known as freeflying
GeorgeJHello folks!11:45
GeorgeJIs there any reason I should not use 13.04 on a production server?11:45
=== deegee is now known as drussell
hxmhi11:58
hxmi just added a new hard disk to my machine11:58
hxmi use frisk -l and it appears11:58
hxmwithout partition table11:58
hxmhow can I add it and format it?11:58
hxmcfdisk11:59
hxmwhy this http://pastebin.com/tmcrygK412:19
RoyKhxm: erm - why ntfs?12:24
zulrbasak:  ping http://paste.ubuntu.com/6066380/ (i just wanted to get a second pair of eyes before uploading this)13:00
zetheroo1what does "allow-hotplug" do in the /etc/network/interfaces file?13:21
=== HeartNew is now known as NewHeart
ogra_zetheroo1, man interfaces ?13:23
rbasakzul: should the pocket be precise on that changelog? I'm not familiar with uploading to the cloud archive.13:27
zulrbasak:  nah needs to go to saucy first then its backported to precise13:28
rbasakzul: dropping 0007-Use-TIME_UTC_-macro.patch lgtm assuming that you're only going to build that with an older version of boost. If you're building for saucy too, won't that FTBFS in saucy then?13:28
zulrbasak:  nope built it on saucy as well13:28
rbasakzul: it looks like the patch was supposed to handle both cases, but I guess that's not working. Is something defining MONGO_BOOST_TIME_UTC_HACK when it shouldn't?13:28
zulrbasak:  yeah basically it removed the boost detection version when using MONGO_BOOST_TIME_UTC_HACK13:29
rbasakDid that patch come from Debian?13:30
zuli think so13:30
rbasakI'm just confused as to why it's there otherwise. If Debian put it there because Debian are ahead of us on boost, then will we FTBFS again when we transition?13:30
zulit shouldnt13:30
=== wickedpuppy2 is now known as wickedpuppy
=== freeflying is now known as freeflying_away
collectekHello all, How do I set a service to run at start? *using server 12.0414:50
collectekand are there any heartbeat resident experts around ;-)14:51
=== caribou_ is now known as Caribou
andrewhi all15:06
=== andrew is now known as Guest17413
=== Guest17413 is now known as lequtix
lequtixthere we go15:06
lequtixhi everone15:06
rbasakhallyn_: ping. Do you know of any libvirt issues on precise wrt. ownership and permissions of directory-based volume image files? It works on saucy, but in precise when I try to start an instance libvirt changes the permissions of disk images to root.root, and then can't open them.15:11
rbasak(this is despite me explicitly telling it what uid/gid to use. libvirt seems to ignore that when it creates the volume, and vol-dumpxml returns -1 for uid and gid.15:11
rbasak)15:11
lequtixdid u try using sticky bit?15:11
lequtixor setguid15:11
lequtixon the parent directory15:12
lequtixdoes libvirt have a config files somewhere you can change the createmask15:12
rbasaklequtix: thanks for the thought. But the mode it uses is 0600, so manipulating group ownership on its own won't help15:12
lequtixyea but it has to be the parent directory15:13
rbasakTHe problem here seems to be that the default means that it just won't work.15:13
lequtixi find messing with individual files is useless..  try setting the mask on the parent dir15:13
lequtixi was running minecraft once..  i wanted to make it so the OP's couldn't op anyone else..  so i set the permissions on the file to 555 ..  it wouldn't work..  the only time i could secure the file was by securing the parent dir15:14
rbasaklequtix: the sgid bit didn't help. It seems that libvirt is overwriting the permissions after it creates the file15:15
lequtixi  had to make a dir.. put the ops.txt file in the dir.. and put a symlink to it15:15
lequtixset permissions of dir to 55515:15
rbasaklibvirt should be doing the right thing by default.15:15
lequtixthats just my experience15:15
hallyn_rbasak: yeah i think historically the ownership handling wasn't done very well.  There were some patches relating to DAC gong by recently so maybe that's why it's fixed in saucy15:15
hallyn_rbasak: but the question is: why can't libvirtd open them, it runs as root15:15
lequtixlinux file permissions is somewhat of a mystery15:16
rbasakhallyn_: it's qemu that can't open them.15:16
rbasakhallyn_: I presume qemu is running as libvirt-qemu.kvm or something.15:16
lequtixwhat about running the virtualization daemon as another user15:16
hallyn_rbasak: yeah and libvirtd def should chown them for it.15:16
hallyn_rbasak: are you doing anything custom?15:16
rbasakhallyn_: yes, to some extent. I'm creating my own volume pool.15:16
hallyn_rbasak: what sort of pool?  is apparmor perhaps not allowing qemu to read there?15:17
lequtixits as if it can't read the file, so it's recreating it with bad permissions15:17
rbasakhallyn_: aha. Yes!15:17
rbasakhallyn_: thanks.15:17
hallyn_np15:17
* rbasak wonders what's different with apparmor in saucy15:18
hallyn_we may have added something...  are you using ceph?15:19
rbasakNo. Just libvirt + ubuntu cloud images.15:19
rbasakIt might be that the newer libvirt-specific apparmor wrapper thing parses the definition and makes the images readable?15:19
rbasakIt looks like the generated profile is correctly adding the file entries for my different pool location15:20
Arrickgood morning all, I am attempting to get a cron task to run every 5 minutes, but for some reason I cant seem to get it to run... I can run it fine manually though...15:20
rbasakI guess something's just going wrong with that.15:20
lequtixjust disable apparmor and see if it magically works15:21
lequtixis that possible15:21
lequtix?15:21
lequtixif it works you've found your issue.. then u know what to work on15:21
rbasakYes, I'm looking into that.15:21
rbasakUnfortunately libvirt apparmor profiles are dynamic so I'm not sure it's trivial.15:21
Arrickthis should work for every 5 minutes, correct?15:21
Arrick*/5 * * * * /usr/bin/php /www/mwtraining/admin/cli/cron.php /www/mwtraining/cron-log.txt15:21
lequtixwell.. if they are dynamic then there must be a config file that outlines it's behavior15:22
lequtixArrick, if it's a 5 minute interval it's easy to test right?15:22
lequtix:O15:23
Arricklequtix, thats why i am asking... is that setup right, because I cant find any proof that it's running.15:23
lequtixmake another job identical except have it write some random data to a text file...15:23
lequtixecho "it works!!!" >/opt/fart.txt15:24
lequtixthen in 5 minutes check fart.txt15:24
Arrickthe last time it ran was august 20... and I am not understainding why.15:25
RoyKArrick: is cron running?15:25
lequtix# Minute   Hour   Day of Month       Month          Day of Week        Command15:26
Arrickdont know how to tel.15:26
RoyKArrick: ps axf| grep -i cron15:26
RoyKArrick: pastebin the output of that15:26
RoyK!pastebin | Arrick15:26
ubottuArrick: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.15:26
Arrickhttp://paste.ubuntu.com/6066899/15:27
ArrickI think that means its stopped right?15:27
lequtix*/5 * * * * /home/ramesh/backup.sh will execute every 5 minutes15:28
lequtixprovided that cron is running15:28
ArrickRoyK, ^15:28
lequtixyou have a crontab editor open?15:30
lequtixbut yea other than that it doesn't look like u have cron running15:30
ArrickI did have it open.15:30
ArrickHow do I get it running?15:31
lequtixhttp://paste.ubuntu.com/6066912/15:31
lequtixthats what mine looks like15:31
RoyKArrick: cron runs as pid 1152 according to that15:31
Arrickis it running then?15:31
RoyKyes15:31
lequtixok.. then put in a job that does something you can monitor15:32
RoyKArrick: cron usually generates email on error15:32
lequtixmake a bash script to write random data to a file15:32
Arricknow to figure out why it isnt working... where in that line to I add the echo "it works!!!" >/opt/fart.txt for testing?15:32
RoyKArrick: it will also log its stuff to /var/log/syslog15:32
lequtixthen run it on a cron schedule15:32
RoyKArrick: * * * * * date >> /tmp/crontest.txt15:33
RoyKArrick: try that15:33
lequtixyea that will work15:33
RoyKArrick: it should run that job ever minute and log the time it was run15:33
Arrickok, will check in a minute, it is added15:34
RoyKArrick: running this as root?15:34
Arricksudo, yeah15:34
lequtixi don't think arrick's cron daemon is running... his pastebin indicates that he has only the crontab editor open15:34
RoyKArrick: and are you adding the jobs with crontab -e, or editing stuff under /etc/cron(something)?15:35
lequtixnvm15:35
lequtix115215:35
Arrickcrontab -e15:35
RoyKk15:35
lequtixdon't use sudo in a crontab tho right?15:35
Arrickits been a couple minutes now, an nojoy15:35
lequtixit might ask for password and hang the job15:36
lequtixmaybe restart cron15:36
lequtixsudo service cron restart15:36
Arrickdate: invalid date `/tmp/crontest.txt'15:37
RoyKArrick: sudo -i15:37
RoyKArrick: then pastebin crontab -l15:37
Arrickjust got a failure when I setup the crontext as me.15:37
RoyKArrick: ok - pastebin "tail -50 /var/log/syslog"15:38
Arrickoutput seperated by >>>>>>>>>>>>>>>>>>>>>>>>>>>>> http://paste.ubuntu.com/6066933/15:40
ArrickI removed my username from the paste though.15:40
RoyKArrick: ah - try to create a script - /tmp/crontest.sh with something like http://paste.ubuntu.com/6066938/ and chmod +x that file, and call that file in cron instead of the command15:41
RoyKArrick: I've seen cron having problems with redirects15:43
Arrickwe'll know in a minute15:45
lequtixat least you know it's firing now15:45
lequtixif it's erroring, it's trying15:45
Arrickit wasnt firing under root, it was firing under my user account though... I tested crontab -e from both accounts to make sure.15:45
RoyKArrick: to the same output file?15:46
Arrickyeah15:46
RoyKdid you pastebin that "tail -50 /var/log/syslog" command?15:47
lequtixmake the root crontab output to a different file15:47
RoyKor rather, its output :P15:47
Arrickits on the bottom of the first one.15:47
lequtixif they fire at the same  time,, only one can write to the fiel15:47
lequtixother will error15:47
RoyKlequtix: no, linux doesn't work that way15:47
RoyKlequtix: it queues up writes15:48
Arrickhttp://paste.ubuntu.com/6066963/15:48
lequtixhow can two processes write to the file at the same time?15:48
lequtixoh ok15:48
ArrickI ran the cmd again15:48
RoyKSep  5 11:45:02 training sSMTP[26161]: Sent mail for root@miworksmo.org (221 2.0.0 Service closing transmission channel) uid=0 username=root outbytes=50815:48
RoyKArrick: check the root mail15:48
Arricklol, how?15:48
RoyKArrick: install mutt or something15:48
Arrickno, I mean where...15:48
RoyKor even better - forward the root mail to your personal email account15:48
RoyKapt-get install mutt15:49
RoyKrun mutt15:49
RoyKas root15:49
RoyKmake sure you run an mta like postfix15:49
RoyK(anything, really, but postfix is really easy to setup)15:49
lequtixexim4 has a nice wizard to set it up...  dpkg-reconfigure15:50
Arricklast message april 2215:50
* RoyK only uses postfix and can only speak of what he likes :P15:50
* lequtix totally understands15:51
lequtix:D15:51
lequtixyou should try the exim on a test vm15:51
lequtixand run the reconfigure package15:51
lequtixmaybe it's not as easy as postfix15:51
lequtixits too bad we have to complicate his issue by configuring mail servers15:52
lequtixlol15:52
Arrickit already has a mail server setup, thats how I'm getting the emailed errors15:52
lequtixok..15:52
RoyKlequtix: can't really be bothered - I know postfix - I know how to configure it by hand - no point of learning exim, then ;)15:52
Arricknothing is showing up in the mail15:52
lequtixso just install mutt then ..15:52
Arrickyeah, I did15:52
Arricklast email in was april 2215:53
RoyKArrick: anyting in /var/log/mail.log ?15:53
Arricknope15:53
Arrickwait15:53
Arricktypo15:54
RoyKare postfix or exim installed?15:54
Arrickyep.15:54
RoyKok15:54
RoyKpastebin?15:54
Arricklast post >>>> Sep  5 11:53:03 training sSMTP[26455]: Sent mail for root@miworksmo.org (221 2.0.0 Service closing transmission channel) uid=0 username=root outbytes=50815:56
lequtixI wonder if the daily crontab is running15:57
lequtixcus i think that runs as root15:57
just-a-visitorCollected tips/pointers on why crontab possibly does not work: http://askubuntu.com/questions/23009/reasons-why-crontab-does-not-work15:59
RoyKArrick: have you forwarded root's email to somewhere?16:01
Arricknot that I know of16:01
ArrickI did install mutt, but as I mentioned the last mail was april 22 to the root acct there.16:02
Arrickbah... typo in the crontest.sh nam... I named it crontext.txt16:03
RoyKArrick: what happens if you 'echo test | mail -s test root' ?16:07
RoyKArrick: does that arrive in root's mailbox?16:07
Arricklol, mail is not currently installed.16:07
RoyKapt-get install -y mailutils16:07
RoyKor mailx16:08
Arrickim testing it as my user account right quick.16:11
Arrickok... RoyK I just got Cron is not running. reported to me when I tried that cron job (first one) after modding permissions on the log file.16:15
RoyKArrick: the email sent from the local machine should arrive immedately16:16
Arrickit does.16:16
RoyKto root as wel?16:16
RoyKs/wel/well/16:16
Arrickwhen it errors, yes16:16
Arricknot sure why it isnt putting the messages in for root...16:17
RoyKso you can't send email to root?16:17
Arrickif I run the echo test | mail -s test root it doesnt error, but when i run mutt I cant see the msg.16:17
RoyKperhaps try to nuke root's mailbox16:18
RoyKnever seen that happen, though16:18
RoyKperhaps the mbox is corrupt somehow16:18
Arrickhow would I do that?16:19
RoyKsudo -i16:20
RoyKrm $MAIL16:20
RoyKthat'll remove the mailbox16:20
RoyK(beyond easy recovery)16:21
Arrickpermission denied....16:21
RoyKperhaps it's sticky, then16:21
RoyK> $MAIL16:21
RoyKthat should truncate it16:21
Arrickok, did that, ran mutt, no messages... ran the echo cmd again, no messages showed up.16:22
RoyKcheck /var/log/mail.log again16:23
RoyKpastebin the last 50 lines or so (tail -50 ...)16:23
Arrickhttp://paste.ubuntu.com/6067100/16:24
RoyKpastebin ~root/.forward and /etc/aliases, please16:25
RoyKand perhaps output of 'mailq'16:26
ArrickI just checked the cron-log.txt file it is pointing too, and it ran a minute ago16:27
lequtixi feel bad for Arrick..  his issue went from cron to figuring out why the fuk he's not getting emaisl16:29
lequtix:S16:29
lequtixthere must be a way of troubleshooting cron without a mail daemon16:29
RoyKlequtix: well, we might even find out ;)16:29
Arrickcron is working under my user account, but not under the root account.16:29
RoyKArrick: that's why you need email working16:30
lequtixok.. so we need to figure out under which circumstances cron would not run root jobs16:30
lequtixi'm sure it's documented16:30
Arrickcron is working, im happy... if i do too much more to this server, it will probably break the software on it, lol.16:32
lequtixyea but there is probably a documented circumstance under which cron will NOT execute ANY root crontabs16:32
RoyKArrick: nothing you have done yet today (afaik) could have broken much - can you pastebin those I asked for?16:32
lequtixits probably just a config16:32
RoyKlequtix: famous last words ;)16:32
lequtixlol16:33
lequtixwell if NO root jobs are firing (daily monthly etc..)16:33
lequtixthen that tells me the system is explicitly telling cron not to run those jobs16:33
Arrick ~root/.forward says no such file or directory16:33
RoyKthat's good16:33
RoyKwhat about /etc/aliases ?16:33
Arrickpostmaster: root16:34
Arrickmailq is empty16:34
RoyKnothing like root: something?16:34
Arricknope16:34
RoyKpostfix or exim?16:34
RoyKor sendmail :P16:34
Arrickneither is installed16:34
RoyKapt-get install postfix16:35
Arrickbrb, dealing with a small fire here.16:36
RoyKouch16:37
lequtixi'll bet his /etc/cron.d/anacron config doesn't have any root jobs16:37
lequtixsomewhere along the line there are no definitions for the root crontab16:37
RoyKlequtix: why shouldn't it?16:37
lequtixi dunno.. perhaps someone else modified it on him16:37
lequtixsince it runs everyone elses' jobs16:38
lequtixand only root is excluded16:38
lequtixthat points to some kinda config16:38
lequtixadmitedly tho i'm no expert16:38
lequtixbut it's suspicious to me that only root is excluded from cron16:38
* RoyK curses under his breath and takes a closer look at his home server16:38
lequtixhaha.. i know how u feel man16:39
just-a-visitorArrick: Burning cron.16:40
lequtixhttp://pastebin.ubuntu.com/6067149/16:41
lequtixthis is what my /etc/cron.d/anacron file looks like16:41
lequtixalot of pages on the web point to the root users' PATH variable when it comes to cron16:43
lequtixi guess if it can't find sh or bash then it can't execute the scripts16:47
lequtixbut if that were the case i suppose there would be some kind of error in system.log16:48
lequtixhttp://serverfault.com/questions/72237/user-cron-jobs-are-not-running-but-system-jobs-are16:49
lequtixthis is interesting.. it basically says crontab lines need to end in a newline char16:50
lequtixmaybe root's crontab was edited manually without a newline at one point16:51
lequtixso it stopped firing16:51
lequtixi'd rename it and create a new root crontab exactly like the old one .. but using crontab -e16:52
lequtixRoyK ..  you think there's any validity to that?16:55
lequtixRoyK .. http://serverfault.com/questions/72237/user-cron-jobs-are-not-running-but-system-jobs-are16:56
lequtixRoyK ..  If someone edited the root crontab directly and didn't put a newline on the end perhaps it's preventing all root jobs from running..?16:56
RoyKnot sure16:58
lequtixi guess it would help to have access to his box16:58
lequtixi mean we have established that cron is definately working16:58
lequtixwe just need reasons why root jobs would fail to execute16:58
RoyKArrick: ping16:58
lequtixso far i've read that the root's PATH variable16:59
lequtixand editing the crontab manually cause issues16:59
* RoyK is on the edge of beating his home server to death16:59
sarnoldlequtix: I'd strongly suggest using '-u root' to crontab -e when edting root's crontab, just to be on the safe side and ensure you're getting the one desired17:00
sarnoldRoyK: man what's up with your machine?17:00
lequtixsarnold .. its actually Arrick that's having the issues17:01
lequtixhe's afk dealing with small fire17:01
lequtixmetaphorically i'm hoping17:01
sarnoldlequtix: aha, I figured it wasn't you, but you're doing themost helping :) hehe17:02
sarnoldlets hope so..17:02
lequtixhis root cron jobs aren't firing but regular user cron jobs ARE17:02
RoyKsarnold: zfs issues, or so it looks17:02
sarnoldRoyK: eeeek17:02
lequtixi know it's irrelavent to your problem, but why did you choose zfs?17:02
lequtixyou doing some kinda cluster FS?17:03
sarnoldlequtix: I've seen people try to shove the m h dom mon dow  fields into the /etc/cron.{daily,hourly,weekly}/ things before, without success...17:03
lequtixyea that's good good poing sarnold17:06
lequtixpoint17:06
zulhallyn_:  ping17:10
RoyKsarnold: indeed - no big chance for me to bother to debug that shite tonight17:19
RoyK[  730.156529] Out of memory: Kill process 20146 (php) score 940 or sacrifice child17:19
RoyK[  730.157654] Killed process 20146 (php) total-vm:19335892kB, anon-rss:15531616kB, file-rss:808kB17:19
Arrickim back17:19
RoyKthat's out of memory just after I tried to rebuild zfs, on a system with 16 gigs of RAM17:19
RoyKArrick: wb17:19
sarnoldRoyK: daaaamn. I heard the de-dup requires a lot of memory, but I'd have thought 16 gigs would be plenty for that.17:20
sarnoldRoyK: amd64 or pae 32 bit?17:20
RoyKamd6417:21
sarnoldokay17:21
RoyKsarnold: not using dedup17:21
sarnoldRoyK: woah hey, how'd php get 16 terabytes of address space?17:22
RoyKsarnold: I've been testing dedup in a controlled environment and found it didn't work too well without half a terabyte of RAM or so (for the data I was managing back then)17:22
sarnoldRoyK: oh, that's only 18 gigs. nevermind. hey wait how'd php get 18 gigs of address space? :)17:22
RoyKno idea17:22
RoyKI shut the box down - will look into it later17:23
sarnoldmakes sense17:23
sarnoldgood luck :)17:23
Arrickis kinda funny that my cron job IS running, but that my cronwatcher is reporting that cron ISNT running?17:23
RoyKthanks17:23
RoyKArrick: try to restart cron17:23
Arrickrestarted17:23
RoyKArrick: and - mail to root now works?17:24
sarnoldRoyK: (maybe get a memtest86 run going while the machine is down?)17:24
RoyKsarnold: have tried17:24
sarnoldokay17:24
RoyKsarnold: also, if the memory was the problem, I'd be seeing lots of random segfaults, which I'm not17:24
Arricknegative17:24
RoyKArrick: that's not positive17:25
Arrickof course, the cron jobs are set to a log file, would it still email as well?17:25
RoyKArrick: focus on one thing at a time17:26
RoyKArrick: first - make sure email works17:26
smoserhallyn_, you should fix lxc template for cirros to do --user-data on clone17:26
smoserlike i did for '-t ubuntu-cloud'17:26
RoyKArrick: as root (or any user), try to email root to see if it works. if it doesn't, check the logs. local email is just files, so it should be trivial indeed17:28
Arrickit doesnt throw any errors when I send it..17:28
RoyKArrick: not in the mail logs either?17:29
Arrickit shows as sent in the logs17:30
RoyKpastebin?17:30
Arrick!pastebin17:30
ubottuFor posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.17:30
Arrickhttp://paste.ubuntu.com/6067312/17:31
RoyKhm - miworksmo.org doesn't haven an MX17:31
Arricklol17:31
RoyKdo you try to email root alone or root@miworksmo.org?17:32
Arrickits internal on our exchange server17:32
Arrickroot alone17:32
RoyKtry root@localhost17:32
hallyn_smoser: uh, i'll takea  look17:32
hallyn_zul: .17:32
zulhallyn_:  i totally forgot now17:32
smoserhallyn_, just something i wanted to do , but wouldn't get to. but would like for general demonstration purposes in lxc in ubuntu.17:33
hallyn_zul: ok17:33
Arricknope... Im not going to worry about it rightnow RoyK, I'll have to come back to it, i have a LOT of other issues, as long as cron is running I'm not worried right now... thanks for all the help17:34
hallyn_smoser: yeah but you're donig it using a clone hook, so presumably i'll need to write a new hook for cirros (maybe i can reuse the one - needto look)17:34
smoserhallyn_, probably have to write a new one, yes.17:34
smoserbut same as ubuntu, just move the code that *did* that from the create to the clone.17:35
hallyn_right17:35
lequtixhi all17:43
RoyKevening17:44
RoyKgood localtime();17:44
lequtixwhere are you roy/17:44
lequtix?17:44
RoyK.no17:44
RoyKlequtix: what about you?17:51
lequtixBC, Canada17:51
RoyKk17:51
lequtixi don't see where u said you live17:52
RoyK.no == norway ;)17:52
lequtixOH ok17:52
lequtix:D17:52
lequtixwhat's the weather like there right now17:54
lequtixits' cloudy here today..  about 18 degrees celcius17:54
lequtixlooks about the same as here in oslo17:55
RoyKabout the same here ;)17:55
lequtixsucks summer is ending17:55
RoyKhttp://www.yr.no/place/Norway/Oslo/Oslo/Oslo/hour_by_hour_detailed.html17:55
RoyKyr.no is nice ;)17:55
RoyKyr means drizzle...17:56
lequtixcool17:56
RoyK:)17:56
lequtixwhat are you working on?  i'm bored at work17:56
lequtixlol17:56
RoyKcheck out the forecasts on yr.no in your hometown - it's not bad17:56
sarnoldRoyK: nice website..17:57
RoyKI'm at home, but at work, I work with scientists requesting interesting things for research projects17:57
lequtixinteresting job?17:57
lequtixyou enjoy it?17:57
RoyKyep17:57
RoyKI work for hioa.no17:57
lequtixwhat kind of things do they request?17:57
RoyKlarge focus on secure storage now17:58
RoyKsince we don't have a good thing for that atm17:58
lequtixso that's why u are working with zfs?17:58
RoyKthat's private17:58
RoyKI've been working with zfs for some time17:58
lequtixencrypted FS isn't good for secure storage?17:58
RoyKzfs encryption only exists in solaris 11, not the open version17:59
lequtixuse ext417:59
lequtixlol17:59
RoyKand by security, I mean access17:59
lequtixah17:59
RoyKthe datacentre is easy to secure17:59
sarnoldtahoe-lafs? :)17:59
RoyKaccess is worse17:59
lequtixrequire vpn17:59
lequtixto access fiels17:59
lequtixmaybe17:59
lequtix:O18:00
RoyKinteresting18:00
RoyKdidn't know that18:00
lequtixor WebDAV18:00
lequtixshares18:00
lequtixyou can choose networks and users18:00
RoyKwell, the issue is you have to allow several users to share a set of data, and not allow them to download anything18:00
RoyKso some sort of remote desktop system18:00
rdw200169RoyK: yeah, this is definitely not a problem solved by zfs18:01
RoyKwith two-factor authentication and no internet access from the box18:01
lequtiximpossible18:01
lequtixif they can read they can download18:01
RoyKlequtix: you can photograph the monitor, sure, but if you stop them from downloading masses of data, it makes security better18:01
RoyKlequtix: you can't make it 100% secure, but you can possibly make it 95% secure, which is what the authorities say is sufficient18:02
rdw200169RoyK: assuming you let them access with SSH, its all but impossible18:02
RoyKrdw200169: not ssh18:02
RoyKsome remote desktop thing like rdp or preferably SPICE18:02
RoyKrdp sucks at security on audio18:03
RoyKand some projects need to use video (and the corresponding audio)18:03
lequtixyea.. if you only enable RDP or FreeNX18:04
lequtixand disable email to outside domains18:04
RoyKlequtix: not only email - the system must be totally offline to the outside world18:04
RoyKa way in, no way out18:05
sarnoldRoyK: wouldn't it be bloody annoying to be doing all the analsys over a remote link like that? the few times I've been forced to use citrix thingy I detested every second of it18:06
RoyKsarnold: doesn't matter much - sensitive data like patient information can't be made available18:07
hallyn_except to third parties who pay for it <scoff> so long as they claim they'll honor hipaa.18:09
sarnoldhallyn_: .no, probably no hipaa :)18:09
lequtixthat's gonna require some pretty creative firewall rules18:09
* hallyn_ is disgusted with the state of data privacy today18:09
* hallyn_ goeselsewhere to hide his disgust18:09
sarnoldhallyn_: it's probably better in norway. they put RoyK in charge of it, afterall :)18:10
lequtixso the datacenter itself has to be segregated from the outside world... then have a terminal server that's on the datacenter's VLAN AND an exposed VLAN18:10
sarnoldlequtix: brutal is easier than nuanced, in my experience..18:10
hallyn_sarnold: maybe sanity elsewhere will be contageousandcatch on here18:10
lequtixthen use policy on the terminal server to disable all outside activity18:10
lequtixexcept 3389 tcp18:11
lequtixor firewall rules18:11
sarnoldhallyn_: we can hope :)18:11
lequtixi guess it's not so hard18:11
lequtixjust have  a terminal server on two networks..  one only allows 3389tcp and one that allows only the terminal server18:12
lequtixthat would be about as good as it's possible to get..18:12
hallyn_sarnold: ican't figure out how no one has asked how snowden bypassed rbac+mls+te to get to all that data.  being an admin should not mean you get all the data.  (my feelings on whether it was good or bad that he got it aside)18:12
hallyn_but anyway, i get touchy bc that's why i left my last employer :)18:13
hallyn_all right, back to work :)18:13
lequtixwhere are you guys located?  i'm in canada18:13
lequtixBC..18:13
hallyn_US.  up and down the middle at variosu points18:13
sarnoldhallyn_: I have a feeling rbac+mls+te were designed to give him the entirety of the information on purpose. I fully expect no policies were violated..18:14
hallyn_sarnold: every person in any way in charge of policies and implementations should be undergoing a job review right now18:14
RoyKsarnold: hipaa?18:14
RoyKlequtix: rdp will open an unsecured tunnel back to the system if audio is used18:15
lequtixyou can disable the audio etc with policy18:15
lequtixgroup policy18:15
RoyKsure18:15
RoyKbut part of the thing was to *allow* audio18:16
lequtixugh18:16
lequtixwhy would u wanna stream audio over the rdp connection18:16
lequtixlol18:16
RoyKwhich makes it a bit harder18:16
lequtixpoor performance18:16
RoyKlequtix: not necessarily over rdp, but over a remote connection.18:16
RoyKlequtix: we have this project where kids in kindergarden are interviewed for research of how they will become according to how they act as kids (not sure how to explain that in English)18:17
RoyKlequtix: and that sort of data is rather sensitive18:17
sarnoldhallyn_: completely agreed there. they ought to buy a giant FAIL stamp to save some effort.. :)18:17
lequtixi understand18:17
lequtixso the interviews are audio?18:17
RoyKand video18:17
hallyn_heh and lots of ink18:17
lequtixand they upload the data via the RDP connection (or whatever type of connection you decide to use)18:18
hallyn_RoyK: do the parents get to opt the kids out?18:18
sarnoldRoyK: hipaa is the .us "effort" at patient privacy -- it might actually be an improvement over earlier legislation, but it limits spread of data to people, contractors, who signed contracts -- i.e., very little actual containment of data.18:18
lequtixwith RDP Record is different function than playback18:18
RoyKhallyn_: of course18:18
lequtixyou can get the data in but disallow playback18:18
hallyn_RoyK: "of course" - that's not that obvious :)  glad it is where you are though.18:18
hallyn_like i said, hoping sanity is contagious18:18
RoyKhallyn_: http://datatilsynet.no/English/ are rather strict18:19
RoyKwhich is good imho18:20
lequtixi suppose they could connect to the datacenter with managed workstations with policies in effect to disable any external storage devices..18:20
lequtixlike usb or cdr18:20
lequtixor email18:20
RoyKlequtix: if that datacentre is secure, indeed, but very few are18:20
lequtixIAAS infrastructure could make it a bit easier to secure things18:21
lequtixeach VM server has it's own sandboxed environment and network18:21
RoyKlequtix: it needs to be certified by datatilsynet.no18:22
lequtixlike Amazon EC218:22
RoyKlequtix: very few are18:22
lequtixbut private18:22
RoyKamazon will probably never be certified - the US govt have access there18:22
lequtixRoyK .. i mean to implement your own virtualized infrastructure18:22
lequtixLIKE amazon18:22
lequtixeasier to secure everything becuase everything is sandboxed18:23
lequtixyou have to explicitly create links between the environments18:23
RoyKwe have a couple of vmware clusters, thinking of using one of them or creating a new one18:23
lequtixyes ESX is nice18:23
lequtixyou can do the same with HyperV18:23
lequtixor ProxMox18:23
RoyKlequtix: uio.no has been working on a very good solution for ages - https://www.usit.uio.no/prosjekter/tsd20/ (apparently only in norwegian)18:23
RoyKbut they're almost a year late18:24
RoyKlequtix: I don't like hyperv18:24
lequtixyea it's very heavy18:24
RoyKlequtix: had some really bad issues with ubuntu on hyperv18:24
lequtixI'm a proxmox user personally18:24
lequtixi like the OpenVZ/KVM integration18:24
RoyKheavy network traffic and the vm just lost networking - nothing in the logs18:24
lequtixProxMox or VMware18:25
lequtixHyperV is still in it's infancy.. microsoft is years behind with their Virtualization product18:25
lequtixi think too late18:26
RoyKkvm is getting some18:27
RoyKstill low on the admin bit, but the tech bits are good18:27
lequtixhave you tried the ProxMox product?18:27
lequtixits free18:27
RoyKnever heard of it18:27
lequtixyou must try it18:27
lequtixhttp://pve.proxmox.com/wiki/Main_Page18:27
lequtixits a distro to mimic esx18:28
RoyKnice18:28
lequtixit has kvm and openvz18:28
lequtixand really nice html5 web interface18:28
RoyKany idea what it's based on?18:28
lequtixdebian18:28
RoyKand does it support clustering?18:28
lequtixwheezy18:28
lequtixyes18:28
sarnoldand rhel kernel for openvz, apparnetly18:28
RoyKtried to setup clustering with that?18:28
lequtixno it's custom for them i think18:28
lequtixit supports GFS18:29
lequtixglusterfs18:29
lequtixgive it a try... the iso is small.. 400k18:29
RoyKglusterfs isn't a clustering filesystem18:29
RoyKwell, it is, but the other way around18:29
lequtixlol18:29
RoyKspread data, not make it redundant as with OCFS2 or GFS218:29
lequtixit also supports live migration18:29
lequtixwithin the cluster18:30
RoyKso does standard redhat/centos/ubuntu18:30
RoyK*/*18:30
lequtixwell.. it is just basically KVM with a nice interface18:30
lequtixgive it a try18:30
lequtixworks well from install18:30
RoyKI setup a kvm cluster on two nodes with centos - it was a PITA18:30
RoyKlequtix: have you setup a *cluster* from install?18:30
lequtixi never had a SAN18:31
RoyKwell, you could use DRBD18:31
lequtixso i haven't tried the cluster.. but it works nice stand alone from install18:31
lequtixthats what it uses18:31
lequtixDRBD18:31
lequtixnow that you mention it18:31
lequtixit only works on the local subnet cus it's broadcast right?18:31
lequtixthat was the limitation.. proxmox clusters have to exist on the same subnet18:32
lequtixjust give it atry18:32
sarnoldI hope they move to multicast, ipv6 has no broadcast.18:32
lequtixyou will like it18:32
lequtixyou can use /etc/network/interfaces to setup as many bridges and private lans you need to use with the VM's18:33
lequtixthat's kinda nice18:33
lequtixits basically just a minimal linux install18:34
lequtixwith a web interface18:34
lequtixu can do with it what you do with regular linux installs18:34
RoyKsarnold: heh - hioa.no, where I work, are the best in the class on ipv6 - we do *everything* we can on ipv6, and only the rest on ipv418:34
lequtixbut proxmox rocks.. i love it18:34
RoyKsarnold: in norway, that is18:35
smoserrbasak, http://paste.ubuntu.com/6067241/18:35
smoseryour thoughts on that data would be appreciated.18:35
sarnoldRoyK: nice :) my ISP recently rolled out ipv6 support, it's been on my todo list for three weeks now.. :)18:35
RoyKlequtix: does it have an option for clustering on a SAN with GFS2 or OCFS2?18:35
lequtixyes.. goes glusterfs18:35
lequtixdoes18:35
lequtixGFS218:36
RoyKglusterfs != cluster fs18:36
RoyKyou can't mount a glusterfs partition on two machines18:36
RoyKyou can with GFS2 or OCFS218:36
lequtixhttp://www.proxmox.com/proxmox-ve/features18:36
* RoyK likes AGPL18:37
lequtixthis might tell u more18:37
lequtixhttp://www.proxmox.com/proxmox-ve/comparison18:37
RoyKgotta try that - got a pair of pizzaboxes for testing18:37
zuladam_g: ping http://people.canonical.com/~chucks/ca/18:37
RoyKdual quad core something with 24GB RAM18:38
RoyKshould do well for testing a wee cluster18:38
lequtixat the end of the day RoyK it's a debian linux install so u can install/configure whatever storage you want18:38
RoyKif it automates some of the headaches I've had with clustering, it's good18:38
lequtixto kvm it's all just mountpoints18:38
lequtixit has special tools for setting up the cluster18:39
RoyKwell, sure, but cluster synchronization isn't very easy18:39
lequtixbut they are command line18:39
lequtixthis takes care of the sync18:39
* RoyK is quite used to the commandline18:39
RoyKa year from now, I'll celebrate 20 years of running linux ;)18:39
sarnold:)18:40
sarnold"celebrate" in a "where did time go?" sort of way? :)18:40
lequtixi think you will like proxmox18:40
RoyKsomething like that ;)18:40
RoyKI'll look into it18:41
RoyKwe have a lot of old machines that aren't used anymore, machines taken offline or virtualised18:41
lequtixi have it running on a machine with amd 6 core cpu and 16 gigs ram18:41
lequtixworks nice .. have 3 openvz containers and 3 windows vms18:41
lequtixmore than enuf to test18:41
RoyKwindows on kvm?18:41
lequtixyea18:42
lequtixwin7 pro and server 201218:42
RoyKI've been using kvm for some time, but never got the hang of failover in clusters18:42
lequtixi haven't experimented much with clusters18:42
lequtixi don't have the hardware18:42
RoyKyou need to allow a machine to die18:42
RoyKwith ESXi, it just works18:42
RoyKI'd been working in this job for 3 months or so, when I was installing this blade server that was hanging and didn't take a reboot from the blade centre18:43
lequtixhow does it work??  you have two servers up at the same time?  when one dies the DNS moves the pointer?18:43
RoyKso I walked over to the datacentre and pulled it out18:43
RoyKwrong bladcentre18:43
RoyKwrong blade18:43
lequtixor the vm loads on another host18:43
RoyK30 VMs died, and came up on other blades18:44
lequtixoh ok.. i understand18:44
sarnoldRoyK: wow, that's a good one! :)18:44
RoyKdidn't feel so touch back then ;)18:44
lequtixhaha18:44
lequtixhow long were they down...  1 minute?18:44
sarnoldRoyK: no, I bet it didn't. but that story will win most bar bets. :) hehe18:44
RoyK1-2 minutes18:44
lequtixthe proxmox site boasts that it will do that18:45
RoyKsarnold: we have a thing at the IT dept18:45
lequtixi've never tried it.. you will have to let me know18:45
RoyKsarnold: if someone messes up, he needs to bake a cake to the rest18:45
sarnoldRoyK: how many cakes did this one require? :)18:45
RoyKsarnold: I called boss and asked "is this cake?" and was assured "no, not really"18:45
=== atpa8a_ is now known as atpa8a
RoyKsarnold: we have a software rollout system where windows users can choose between applications to install18:46
RoyKsarnold: so not to allow them admin access, but still allow them a predefined set of applications18:46
lequtixusually thats done via group policy isn't it royk?18:47
RoyKsarnold: the admin scripting this did a slight change one thursday and was home sick the day after, when *all* PCs at hioa.no, about 10k of them, started to install *all* applications in the repository18:47
lequtixdifferent OU's can be assigned different software bundles18:47
RoyKhe made a nice cake18:47
lequtixHAHAHAHA18:47
sarnoldRoyK: hahaha, wow. :D18:48
sarnoldRoyK: okay, so killing 30 vms won't win against his story. :)18:48
RoyKthe motto for the department is "we do as good we can" ;)18:48
RoyKbut there's a lot of good nerds here18:49
lequtixeveryone makes mistakes18:49
lequtixlol18:49
RoyKyep18:49
lequtixif not.. no one would eat cake18:49
lequtix:D18:49
RoyKhaha18:49
lequtixand that is unacceptable18:49
lequtixhahahaha18:49
RoyKquite so18:49
lequtixProxmox Cluster File System18:50
lequtixProxmox VE uses the unique Proxmox Cluster file system (pmxcfs), a database-driven file system for storing configuration files. This enables you to store the configuration of thousands of virtual machines by configuring them only once. By using corosync, these files are replicated in real time on all cluster nodes. The file system stores all data inside a persistent database on disk, nonetheless, a copy of the data resides in RAM which provides a max18:50
lequtiximum storage size is 30MB - more than enough for thousands of VMs.18:50
lequtixhere u go royk18:50
lequtixhow it does cluster18:50
RoyKlequtix: interesting18:51
lequtixi think it has the broadcast limitation tho18:51
lequtixrequires all hosts be on the same subnet18:51
RoyKgotta try to setup a test on that with 3-4 nodes18:51
lequtixmaybe they changed it recently18:51
RoyKjust need to setup a freebsd-based zfs storage first18:51
RoyKthen some old pizzaboxes18:52
lequtixso if i were to make an iSCSI target you would recommend freebsd and zfs?18:52
RoyKwe have a new datacentre with a dedicated rack for test stuff18:52
lequtixfor testing this stuff?18:52
RoyKyep18:52
RoyKsome 10TiB+ of storage and some machines to run the good stuff18:53
lequtixwhat are the alternatives18:53
RoyKwe have 150+TB on EqualLogic with vmware18:53
lequtixi'm a noob when it comes to san and iscsi.. although i know a few things18:53
RoyKiscsi isn't too hard18:54
RoyKI've not used ZFS professionally on fbsd, only on solarises18:54
lequtixmy question comes when multiple devices mount one iscsi target18:54
RoyKlike openindiana18:54
lequtixhow does it not corrupt18:54
RoyKyou need a filesystem like GFS2 or OCFS2 with corosync or similar18:54
lequtixdo they use a special file system18:54
lequtixAH ok18:54
RoyKnot many filesystems support sharing18:55
RoyKand clusterd to kick out nodes that don't reply18:55
lequtixso you only need corosync with ocfs2?18:55
lequtixyou can use gfs2 alone?18:56
RoyKno18:56
lequtixallways need corosync?18:56
RoyKgfs2 needs a daemon to control who can write18:56
RoyKand clusterd to kick out nodes that don't reply18:56
lequtixand all that is installed only on the san18:56
RoyKas with hard reset18:56
lequtixits transparent to the hosts right?18:56
lequtixthe hypervisor hosts18:57
RoyKyou can do it easier with nfs18:57
lequtixok... now i have a question about NFS18:57
lequtixlol18:57
lequtixsorry18:57
RoyKdon't be sorry ;)18:57
lequtixits relating to permissions ..  does nfs support filesystem level security?  or is it just host based (network) secutirt18:57
lequtixsecurity18:57
lequtixlike how does an nfs share map who accesses what?18:58
RoyKNFS1-3 supports posix ACLs18:58
RoyKNFS4 supports the new ACL regime, compatible with NTFS etc18:58
lequtixok... so who controls that18:58
RoyKin which?18:59
lequtixthe san?  or the hypervisor hosts18:59
lequtixok.. i have a san using GSFS2 and Corosync18:59
RoyKa SAN device is just a blockdevice18:59
lequtixit hosts a share18:59
lequtixnfs18:59
lequtixwhich box controls file access18:59
RoyKyour SAN isn't using a filesystem18:59
RoyKall the boxes in the cluster19:00
lequtixok..  so the san only presents a block device (unformatted drive)19:00
RoyKthat's where corosync comes in19:00
RoyKlequtix: the san is usually as dumb as a disk19:00
lequtixso the hypervisor hosts have to manage the file system19:00
RoyKthe hypervisor manages processes19:00
RoyKcorosync manages sync writes19:01
lequtixi'm speaking in terms of low level disk activity19:01
lequtixnot necessisarly the virtualization19:01
RoyKclusterd manages write coherency19:01
RoyKyou don't use shared storage unless you do virtualisation19:01
lequtixand clusterd is corosync?19:01
RoyKno, corosync makes sure GFS2 or OCFS2 are in sync19:02
RoyKclusterd makes sure the processes of virtualization are running and are not crashing and kicks out those who make trouble19:02
lequtixi'm more interested in what happens with the shared file systems before the vm's even load19:03
lequtixthe hosts mount the NFS share (which is an unformatted disk)19:03
lequtixhow do you format it19:03
RoyKlequtix: this one is long19:04
RoyKhttps://alteeve.ca/w/2-Node_Red_Hat_KVM_Cluster_Tutorial19:04
RoyKbut it's good19:04
lequtixok hahah19:04
RoyKan nfs share is not an unformatted disk, it's a shared drive19:04
RoyKlequtix: read that one if you want to setup a cluster19:04
RoyKfirst: read "a note of patience"19:05
lequtixok.. so it's better then to use iscsi because then the vm hosts do the formatting19:05
RoyKyou'll still have to use GFS2 and corosync and clusterd19:06
RoyKthere's no easy way out, I'm afraid19:06
RoyKif you haven't setup the sync correctly, you suddenly have two VMs writing to the same filesystem19:07
RoyKwhich is somewhat troublesome19:07
RoyKfilesystems don't like that19:07
RoyKfilesystems like ext419:07
RoyKwhich are run on top of GFS219:07
lequtixno no i don't want a fast way out19:07
lequtixi'm just trying to get my head around the process19:08
lequtixi'll read that page19:08
RoyKthen bide your time and read that tutorial19:08
RoyKit's not your average 10 minute tutorial - it's the other sort19:08
lequtixyes i see that19:08
RoyKand it's thorough19:08
* RoyK guesses lequtix will surface some time on sunday asking new questions ;)19:09
lequtixhahah19:09
lequtixi know enuf to understand broadly19:09
lequtixi just want the nuonce19:10
RoyKlequtix: enough?19:11
RoyKand what does nuouch mean?19:11
PiciI think they meant nuance19:12
adam_gzul, do we plan on keeping that mongodb delta in the future?19:12
zuladam_g:  i believe so19:13
adam_gzul, can we push it to ~ubuntu-cloud-archive as a bzr branch with the included changes?19:13
zuladam_g:  sure19:14
adam_gzul, id like to start keeping anything with deltas under VCS19:14
zuladam_g:  wait there is no delta here its a straight backport19:14
adam_gzul, oh! my bad, i read that .changes wrong and thought the patches were only applied for the CA19:15
adam_gzul, in that case +119:15
zulthx19:16
lequtixRoyK i meant Nuance ..  http://www.merriam-webster.com/dictionary/nuance19:18
RoyKk19:19
lequtixthis document is very detailed19:41
RoyKit certainly is19:42
lequtixhardware i will use to learn does not have 6 NIC's19:42
lequtixlol19:42
lequtixits almost too verbose for starting out19:42
RoyKyou don't need to use that hardware19:42
lequtixi'm less interested in the securty portion and more interested in how it works19:42
RoyKthen scroll down19:42
lequtixbut i suppose network failover is just as important as anything else19:43
RoyKit is19:43
RoyKbut then, if you have enough nodes, it shouldn't matter much19:43
RoyKunless the switch dies19:44
RoyKwhich they tend to do now or then19:44
lequtix2/3 of the document focuses on network tolerance..  failover for switch failure19:45
lequtixand seperating netoworks for storage and internet and cluster traffic19:45
RoyKkeep focus on what's on kvm etc19:45
lequtixgood policy but overkill for my needs19:45
lequtixlol19:45
lequtixdo most computers support IPMI?19:49
lequtixso i can't do fencing either19:49
RoyKfencing is rather important19:49
RoyKwithout it and with a network outage, you can end up with two VMs on the same disk19:50
lequtixso to even test HA you need to have real server hardware that supports IPMI19:50
RoyKcooperatingly corrupting data19:50
lequtixyea i understand the implications.. but i don't have expensive hardware19:50
RoyKyou can test it easily, but if the shit hits the fan, no19:50
RoyKif they're on the same network, iscsi and networking together, it's easier19:51
RoyKbut usually you don't use the same network for data and generaly traffic19:51
lequtixi would probably have to use a crossover cable for the cluster traffic19:52
lequtixand a switch for the main network19:52
lequtix2 nics in each box19:52
RoyKno need for a crossovercable with gigabit19:52
RoyKit's autosense by definition19:52
lequtixright19:52
lequtixi'm old .. what can i say19:52
lequtixlol19:52
RoyKheh19:52
RoyKhow old?19:52
lequtix4119:53
RoyKdamn - I'm almost 40 ;)19:53
RoyK2 months to go19:53
lequtixhehe19:53
lequtixi'll be 42 in november19:53
RoyKwhen?19:53
lequtix1919:53
ejvguess you're old too RoyK19:54
ejv;)19:54
RoyKok, I'll be 40 the 32th19:54
RoyKnovember19:54
lequtixthis isn't so hard to understand but my questions from before were more related to how the shared file systems worked.. and which node controlled what and who created the filesystems19:55
lequtixlol19:55
lequtixin a scenario where there are 2 nodes and 1 san...19:56
lequtixwho controls the filesystem on the shared storage19:56
lequtixthe nodes?  or the SAN19:56
RoyKlequtix: the san is dumb19:56
lequtixin the case of a san u use iSCSI19:57
RoyKlequtix: the nodes must coordinate access19:57
lequtixdump19:57
lequtixdumb19:57
lequtixright?19:57
lequtixwith an NFS share the device HOSTING the storage looks after it correct?19:57
RoyKlequtix: were it nfs or iscsi or direct access - the nodes need things like corosync19:57
RoyKlequtix: otherwise they may start the same vm and mess up19:58
lequtixok.. so i guess i'm asking whats the difference between iScsi targets and nfs shares19:58
lequtixwith iscsi target the storage is presented as a blank block device19:58
lequtixwhat about nfs?19:58
lequtixits presented differently right?19:59
RoyKlequtix: it's still shared storage19:59
RoyKlequtix: just easier to handle on the server side19:59
lequtixwhich is easier19:59
lequtixiscsi or nfs19:59
RoyKstart out with nfs19:59
RoyKno need for a shared filesystem like GFS220:00
RoyKbut still the same needs for synch20:00
lequtixi dont think you understand what i'm asking20:00
lequtixi'm not concerned about sync20:00
lequtixi just want to know the difference between and NFS share and iSCSI target in terms of where the filesystem is managed20:01
RoyKlequtix: if you setup a cluster without sync, it'll die20:01
lequtixremove cluster from the equasion at this point20:01
RoyKlequtix: with iscsi, you need a shared filesystem like GFS2 or OCFS220:01
RoyKwith more sync there20:01
RoyKif you use NFS you only need to sync the cluster, not the storage20:01
lequtixwith iscsi the nodes manage the filesystem correct?20:02
lequtixwith ntfs the machine hosting the filesystem manages it20:02
lequtixis that correct?20:02
lequtixi mean NFS20:02
lequtixnot ntfs20:02
RoyKwith nfs, the host is doing the management, with iscsi, you need a shared filesystem like GFS2 or OCFS220:03
RoyKbut still, you need sync between the nodes20:03
lequtixok.20:03
lequtixright20:03
RoyKotherwise they'll overwrite oneanother's sectors20:03
RoyKthere's no easy way to clustering20:04
lequtixso.. when you make an NFS share for the purposes of clustering.. which filesystem do you have to use?20:04
lequtixcan u just use ext4?20:04
RoyKdoesn't matter what you use underneath20:04
lequtixok because the nfs daemon manages the locks20:04
RoyKxfs, ext4, jfs, even btrfs if you dare20:04
RoyKnfs is a network filesystem, so it doesn't care about what's underneath20:05
lequtixok.. i understand now.20:05
lequtixwith NFS you don't have to worry about filesystem because there is a single host nfs daemon controlling locks for all nodes.20:06
lequtixwith iscsi, each node has to manage it's own locks therefore you need a sync protocol in there somewhere to make sure everyone's in sync20:06
RoyKnot quite20:06
RoyKwith nfs, I/O is sent to a central server which handles everything20:06
lequtixso it's impossible for two machines to write to the same locations20:07
lequtixwith nfs20:07
RoyKwith shared iSCSI, each host writes individually, so they have to synch up their I/O not to corrupt everything20:07
lequtixok..  you said it better but that's what i meant20:07
lequtixthats all i wanted to know this whole time.. hahaha20:07
RoyKwith NFS two clients (nodes) can still corrupt data if not in sync, but not on the filesystem level20:08
RoyKwith shared filesystems, things can go a bit worse20:08
RoyKshared filesystems as in where devices are shared20:09
lequtixand there's no central service to sort things out20:09
lequtixthe nodes can do whatever they want20:09
RoyKin essence, yes20:09
lequtixso will NFS allow two nodes to load the same VM?20:10
lequtixor will it deny read to one node because it's open already on another?20:10
lequtixthats probably what the sync is for20:11
lequtixto avoid that20:11
RoyKlequtix: no, they will be able to read and write simultanously, but you need corosync to stop them from writing to the same file20:11
lequtixok20:12
RoyKlequtix: did you read that document?20:13
lequtixstill reading20:13
RoyKlequtix: then ask afterwards20:13
lequtixsay i'm not going to cluster..  i want an nfs share to have roaming profiles20:13
lequtixbasically i want an nfs share for the /home dir20:14
lequtixnow...  if i login two different computers as the same user.. it will blow up?20:14
RoyKjust read20:15
RoyKit's about the same thing20:16
RoyKit takes some understanding to get through this20:16
t_dot_zillaim going crazy trying to get a tftp server running on ubuntu20:42
adam_gzul, https://code.launchpad.net/~gandelman-a/ubuntu/saucy/horizon/fixes/+merge/18418621:19
jefgyI'm using an intel e1000 and while I don't see any issues in syslog or dmesg I seem to be dropping connections regularly on the machines with the e1000(the machines with broadcom nics are fine).    I did a quick search for e1000 issues on 12.04 and didn't immediately see anything.  Does anyone know if there is an issue with the e1000 that I may have overlooked?21:24
geniijefgy: If: lspci -vnn | grep '82574'      shows the controller as 82574L maybe try: sudo setpci -s <ID-of-device> CAP_EXP+10.b=40       ...where ID is the first number in the line produced by the previous command. There is a particular bug on the 82574L21:39
jefgygenii:Thank you!  I do seem to have the 82574L21:48
jefgyI ran sudo setpci -s 02:00.0 CAP_EXP+10.b=40 as you said21:49
geniijefgy: Now to keep an eye on traffic and see if connections stay up! I must leave soon but will will be back again tomorrow.21:53
jefgythanks again!21:53
geniijefgy: No problem. If this works for you, need to make it run for subsequent boots.21:55
jefgygenii: would you recommend adding a line to rc.local?21:56
geniijefgy: Or, possibly adding it just before "end script" in /etc/init/network-manager.conf22:00
jefgygood plan, I the network traffic has already stabilized and appears to be running similar speeds to the servers running the broadcom nics so I would that does did the trick22:02
jefgyI seem to have - a couple of words there22:03
geniijefgy: I got the gist :)22:04
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!