/srv/irclogs.ubuntu.com/2013/09/11/#ubuntu-server.txt

smoser	adam_g nice.	00:30
adam_g	smoser, hoping that is the source of my problems. the cinder issues i was hitting do not seem to happen if that bug is not affecting (precise)	00:31
smoser	hm..	00:31
=== Gnubie is now known as Guest74935
=== Guest74935 is now known as Gnubie_
zul	ScottK: ping	01:19
ScottK	zul: pong	01:32
zul	ScottK: https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1223342	01:32
uvirtbot	Launchpad bug 1223342 in neutron "[FFE] neutron-vpn-agent and neutron-metering-agent" [Undecided,New]	01:32
=== unreal_ is now known as unreal
=== medberry is now known as med_
ScottK	zul: I'm unlikely to have time for New before the weekend.	02:03
crass	are the mount points in fstab mounted in parallel?	02:31
crass	if so, is there a way to specify dependencies?	02:32
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
rostam	Hi what is alternate Ubuntu CD? is this a different than for example Ubuntu server? thx	06:55
smb	jamespage, Morning, when you are around, can you help me to figure out whether recent jenkins fails in nova-compute are related to xen and if yes, why?	07:34
=== BlackDex_ is now known as BlackDex
gartral	hello all, i'm in a conundrum, I have a fairly nice server for what it is, and it's been spending a good deal of time at about 8-13 load.. I can't figure out why, the CPUs aren't bogged... the Ram is hardly swapping meaning the disk isn't thrashing, and even the dual-gigabit net link isn't saturated.. can someone give me some pointers here?	08:30
=== freeflying is now known as freeflying_away
njuergens	gartral, you could use 'ps ax' and look for processes that are permanently in R or D state	09:01
=== freeflying_away is now known as freeflying
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
rbasak	hallyn_, jdstrand: can you help me with libvirt apparmor and backing store support in Precise? If I create an instance that uses a backing store, then apparmor denies me. I think I@ve tracked it down to this commit, which isn't in Precise (Saucy works fine). What do you think about an SRU? http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2aca94bfd3691c492ce4b6e7f1dd73342774fefd	12:00
rbasak	Or is there something else I can do instead?	12:01
jdstrand	rbasak: I'll let hallyn_ comment on the SRU. that patch should be fine but might have to be adjusted for precise's libvirt	12:27
jdstrand	rbasak: that said, I'll mention that is more of a feature than a bug fix	12:28
jdstrand	rbasak: at least imo	12:28
rbasak	jdstrand: thanks. Yeah I agree that the bug/feature thing is a bit dubious.	12:35
rbasak	From virt-aa-helper's view it's clearly a feature. From a holistic view I'm not sure, since libvirt has the functionality which the apparmor support "breaks"	12:37
rbasak	The problem for me is that I want backing stores to work for the cloud tooling that we want functional on Precise.	12:38
rbasak	smoser: ^^	12:38
rbasak	A workaround is to disable apparmor for libvirt altogether, which isn't great.	12:39
rbasak	Or perhaps a replacement virt-aa-helper under another name, and reconfigure libvirt to use that.	12:39
smoser	rbasak, i'm kind of confused.	12:40
smoser	whatdoes openstaack do on presee.	12:40
rbasak	smoser: good question. No idea!	12:41
smoser	and how is a patch sent upstream by an ubuntu developer in 2010 not in 12.04?	12:41
rbasak	Not use backing stores, I guess?	12:41
jdstrand	rbasak: disabling apparmor is not a viable workaround. it is critical to our security story for fully virtualized cloud guests	12:41
smoser	openstack definitely does use qcow2 , or at least can be configured to do so. i think it is actually even default.	12:41
smoser	rbasak, are you sure its not jut that you're calling it raw and it is actually a qcow ?	12:42
rbasak	jdstrand: right, agreed. I meant on a per-user basis who wants to use this specific tooling on precise for development or something. I wouldn't want to recommend doing that in production.	12:42
jdstrand	it is. I don't think it uses backing stores by default	12:42
smoser	https://bugs.launchpad.net/nova/+bug/837102	12:42
uvirtbot	Launchpad bug 837102 in nova "nova writes libvirt xml 'driver_type' based only on FLAGS.use_cow_images" [Low,Fix released]	12:43
smoser	https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/470636	12:43
uvirtbot	Launchpad bug 470636 in libvirt "AppArmor security driver does not support backingstore" [Medium,Fix released]	12:43
rbasak	smoser: there is no mention of "backing" in src/security/* in 0.9.8-2ubuntu17.10	12:44
jdstrand	oh, actually, I can't say if precise uses qcow2	12:44
* rbasak looks at the bug		12:44
rbasak	smoser, jdstrand: it does look like the patch made it into Lucid, but I'm not clear on what happened after that. In Lucid, it looks like a lot of the code was reverted/replaced by 9900-CVE-2010-2237-2238-2239.patch.	12:52
uvirtbot	rbasak: Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237)	12:52
smoser	rbasak, your libvirt xml	12:53
smoser	are you specifying that the disk is qcow ?	12:53
smoser	if you're not, AA will (correctly) not allow it.	12:53
* rbasak checks		12:53
smoser	if you do specify it as qcow, then it will.	12:53
rbasak	smoser: I'm specifying qcow	12:55
rbasak	smoser: volume: http://paste.ubuntu.com/6092363/; instance: http://paste.ubuntu.com/6092366/	12:56
rbasak	smoser: note that I think this works in Saucy	12:57
smoser	rbasak, hm.. i'm not really sure. i'm 98% certain that on precise with libvirt and app armor you can use a qcow disk.	13:00
smoser	but i dont know what 'volume' is in that respect.	13:00
rbasak	smoser: use a qcow disk specifically with a backing store?	13:00
smoser	i dont know what "backing store" is.	13:01
smoser	but yes, specifically this works:	13:01
smoser	qemu-img create -f qcow2 -b original-disk.img my-delta.img	13:01
rbasak	That's slightly different to what I'm doing.	13:01
smoser	libvirt.... with 'my-delta.img' specified as a disk.	13:01
smoser	right.	13:01
smoser	you're (i thikn) asking libvirt to do that for you?	13:01
rbasak	Right.	13:01
smoser	maybe just dont do that and do it yourself.	13:01
smoser	which is what openstack does.	13:02
smoser	it creates the qemu disk backed by a another	13:02
smoser	and then tells libvirt to use that created disk.	13:02
rbasak	That would be pretty messy and involve a pretty big refactoring. libvirt provides a tidy API that works on Saucy :-(	13:03
rbasak	The metadata about the connections between volumes can be held in the libvirt XML then, too. THat makes deleting volumes easier.	13:04
rbasak	I don't like it although I accept that is one solution.	13:04
smoser	rbasak, well, sru seems the only other option.	13:07
* rbasak is investigating a third idea		13:07
smoser	which would seem to me to be low regression likelyhood, as its just (securely) allowing somethign that awasn't allowed before.	13:07
rbasak	jdstrand: echo '/var/lib/ubuntu-cloud/libvirt/images/* r,' >> /etc/apparmor.d/abstractions fixes the issue for me, and will work for all my use cases. Would you consider this secure, and is there a way my package could drop this in in a pluggable way?	13:09
rbasak	(my package manages that directory)	13:09
smoser	rbasak, are you able to add stuff into /etc/apparmor.d/libvirt ?	13:10
smoser	ah. or local/usr.sbin.libvirtd	13:11
rbasak	smoser: those are generated though. Only TEMPLATE is not.	13:11
rbasak	Putting something in local/ might violate policy I think	13:11
rbasak	Hence the question	13:11
rbasak	I'll also need to ensure that the directory only contains official images, and put the rw instance disk images elsewhere.	13:11
rbasak	I'm bundling both in the same place right now, and then instances could read each others' disks (with some kind of qemu exploit), which would be bad.	13:12
smoser	rbasak /etc/apparmor.d/abstractions is a file, no?	13:12
smoser	err. is a directory	13:13
rbasak	smoser: sorry. I meant /etc/apparmor.d/abstractions/libvirt-qemu.	13:13
rbasak	TEMPLATE includes that file.	13:13
smoser	i'd just violate policy on the 12.04 backport.	13:14
smoser	if in fact that violates policy.	13:14
rbasak	I'm not sure it'll work though	13:15
smoser	oh. i thought you said it would.	13:15
rbasak	usr.sbin.libvirtd is the wrong file.	13:15
smoser	really?	13:15
smoser	what file is it ?	13:15
rbasak	The generated ones in /etc/apparmor.d/libvirt/	13:15
rbasak	I think.	13:16
rbasak	Those are per-instance (ie. per-qemu-process)	13:16
hallyn_	rbasak: well /var/lib/ubuntu-cloud/libvirt/images/* r,' >> /etc/apparmor.d/abstractions/libvirt-qemu will mean that all instances,	13:16
hallyn_	if escaped, will be able to read all other isntances' data,	13:16
smoser	well, no.	13:16
smoser	because he'd only put raw images there.	13:16
smoser	so they'd be able to read their backing store or other stuff they could have just downloaded from http://cloud-images.ubuntu..com	13:17
rbasak	hallyn_: right now, that's true. However, I can arrange for instances to have their main disk images in a different directory, and for that directory to contain only official Ubuntu cloud images, which are public.	13:17
hallyn_	assuming you mean raw vs qcow, what diff does that maek?	13:17
hallyn_	ah	13:17
rbasak	(since in my case the backing stores only need to be read-only public cloud images)	13:17
hallyn_	then that sounds good.	13:17
hallyn_	but, does http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2aca94bfd3691c492ce4b6e7f1dd73342774fefd also fix the issue for you?	13:18
smoser	rbasak, you could put your files in a subdirectory of that if you wanted.	13:18
smoser	if you dont wildcard '**' then subdirs are restricted.	13:18
rbasak	I'm not sure if that patch fixes it. I've not tried yet - wanted to discuss first.	13:18
rbasak	smoser: I'm not sure that libvirt's API supports volume pool subdirectores like that, but I'll check - thanks.	13:19
rbasak	hallyn_: in particular I'm now concerned to understand why a security update seems to have reverted most of that patch in Lucid. And it doesn't appear present in Precise, but is in Saucy. So I'm quite confused about that patch now.	13:19
smb	zul, If you are around. There seems to be something wrong with the nova-compute jenkins tests, not sure this is related to the xen upload. I am not bright enough to make any sense of the output	13:40
zul	smb: yeah i saw that its on the list today	13:40
smb	zul, Ok, let me know it it is related.	13:41
jdstrand	rbasak: re /var/lib/ubuntu-cloud/libvirt/images/* r> no that is not secure because right now we have vm isolation. anything that was in /var/lib/ubuntu-cloud/libvirt/images/ would be available to all VMs, which would break that isolation	13:44
rbasak	jdstrand: right, but I'm suggesting that I limit that directory to published Ubuntu cloud images only, which are the only things I need as backing stores.	13:45
rbasak	I might rename the directory to make it clearer I guess. "public" perhaps.	13:46
rbasak	Or images/public	13:46
jdstrand	rbasak: I don't understand what isn't working. the security update didn't revert this-- the xml just has to has to to specify the type. eg <driver name='qemu' type='qcow2'/>	13:47
jdstrand	rbasak: and I wrote a tool that would migrate people automatically	13:48
jdstrand	as part of the security update	13:48
rbasak	jdstrand: I'm doing that. See http://paste.ubuntu.com/6092366/ for my instance definition.	13:49
rbasak	jdstrand: the volume definition is: http://paste.ubuntu.com/6092363/	13:49
rbasak	jdstrand: it might be that I'm doing this a little differently from openstack and what direct qemu users might do. I'm doing everything through the libvirt API.	13:49
jdstrand	rbasak: what is the apparmor denial?	13:50
rbasak	jdstrand: type=1400 audit(1378904893.099:36): apparmor="DENIED" operation="open" parent=1 profile="libvirt-a9ffce69-5593-9a1a-4f8d-60995f9dad8d" name="/var/lib/ubuntu-cloud/libvirt/images/Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTIuMDQ6YW1kNjQgMjAxMzA5MDk=" pid=18276 comm="kvm" requested_mask="r" denied_mask="r" fsuid=106 ouid=106	13:51
rostam	HI is the toolchain version has changed from LTS 12.04 to LTS 12.03 update 3?thx	13:53
rbasak	The code that creates the volume is: http://pastebin.ubuntu.com/6092576/	13:56
jdstrand	rbasak: can you paste the output of: qemu-img info /var/lib/ubuntu-cloud/libvirt/images/foo ; qemu-img info /var/lib/ubuntu-cloud/libvirt/images/Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTIuMDQ6YW1kNjQgMjAxMzA5MDk=	14:04
jdstrand	rbasak: I have to go to a meeting	14:04
rbasak	jdstrand: will do, and I'll leave you a message here. THanks.	14:05
jdstrand	rbasak: actually, I'm back	14:07
rbasak	jdstrand: http://pastebin.ubuntu.com/6092619/	14:07
rbasak	That was a quick meeting :)	14:07
rbasak	jdstrand: a thought. smoser pointed out that I'm not decompressing the downloaded backing image, and that I should because it hurts performance. That's in my backlog. But everything works transparently. That isn't going to influence the code that looks at the backing volume, is it?	14:10
rbasak	(everything apart from this apparmor issue, that is!)	14:10
jdstrand	I wouldn't think so, but all that is abstracted away from the apparmor driver	14:11
rbasak	OK	14:11
rbasak	This issue didn't affect me in more recent releases, btw.	14:11
smoser	rbasak, no.	14:11
jdstrand	rbasak: oh, which was the first release it worked on?	14:13
rbasak	jdstrand: currently unknown :-(	14:13
rbasak	There are many moving bits to the code I've written, so it's a bit awkward to test. If you need to know I can reduce everything to a much smaller test ase.	14:14
jdstrand	I would like to know. I am trying a reduced test case now	14:15
halvors	Hi! I'm trying to setup bind to override the domain "infected.no", I have to add a few local records. But i still need to be able to resolve the actual website. Can i do this in bind?	14:19
* rbasak uses the tool we're trying to fix to quickly fire up some test instances		14:20
rbasak	halvors: look up bind "views". You can maintain a separate local copy of some particular zone. A warning though: it can lead to considerable confusion to run things that way.	14:21
jdstrand	rbasak: ok, precise works with a simple qcow2 with backing store: http://paste.ubuntu.com/6092737/	14:35
jdstrand	rbasak: ie, just using qemu-img and not the volume xml	14:35
* jdstrand now tries with volume xml		14:36
=== freeflying is now known as freeflying_away
mibofra	hi, I'm a vps running ubuntu. Initially it ran ubuntu 12.10; after I've upgraded it to the 13.04. Anyway the image of the vps by default mount a 2.6 version of linux. I've tried to update it to the latest on raring (3.8) but I get this error: http://paste.ubuntu.com/6092777/ . I think that I can't upgrade the kernel for the particular setup of grub on a vps... so are there any other way to upgrade the kernel?	14:50
rbasak	jdstrand: I did http://pastebin.ubuntu.com/6092801/ by hand. I see: "2013-09-11 14:50:43.236+0000: 11812: warning : virDomainDiskDefForeachPath:13244 : Ignoring open failure on /var/lib/libvirt/images/foo: Permission denied"	14:52
rbasak	jdstrand: virt-aa-helper with sudo works. So is the problem that libvirt-aa-helper can't read that file so doesn't find out about the backing volume?	14:53
rbasak	mibofra: are you running an official Ubuntu image, or something that's modified by your VPS provider that isn't really Ubuntu? I see no reason why /usr/share/initramfs-tools/hooks/fixrtc should fail except perhaps if something like /sbin/hwclock has been removed on your system.	14:56
mibofra	no the executable is under /sbin/ as usual	14:57
rbasak	Is your disk full?	14:58
mibofra	on line 1010 (of the script) there is this: system ("run-parts --verbose --exit-on-error --arg=$version " . No the disk isn't full	14:58
mibofra	I've all the necessary space	14:59
rbasak	Are you sure? HOw much space is that?	14:59
mibofra	rbasak, Filesystem 1K-blocks Used Available Use% Mounted on	15:00
mibofra	/dev/ploop13128p1 10319140 2094284 7700672 22% /	15:00
rbasak	OK I agree that sounds OK	15:01
jdstrand	rbasak: aha!	15:01
mibofra	Linux spf-virtualserver 2.6.32-042stab079.5 #1 SMP Fri Aug 2 17:16:15 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux the actual kernel	15:01
jdstrand	rbasak: actually, no. that is a harmless error	15:02
jdstrand	rbasak: the output from virt-aa-helper should be the same there	15:03
rbasak	jdstrand: it's not. When I run without sudo, I don't see the backing file. When I run with sudo, I do.	15:03
jdstrand	rbasak: oh, right, cause it can't inspect the qcow2	15:04
rbasak	Right	15:04
jdstrand	rbasak: but virt-aa-helper runs as root, so that shouldn't be the case	15:04
jdstrand	rbasak: s/case/problem/	15:04
rbasak	jdstrand: it has its own apparmor profile though, doesn't it?	15:05
jdstrand	rbasak: it does, but sudo wouldn't make it suddenly work	15:05
rbasak	THis time I used a standard location (/var/lib/libvirt/images/) for the volume image, too.	15:06
rbasak	Perhaps it doesn't work in the non-standard location for that reason?	15:07
jdstrand	rbasak: are there any apparmor denials?	15:08
zul	adam_g: http://people.canonical.com/~chucks/ca/ (a newer webtest is needed for ceilometer)	15:09
rbasak	jdstrand: yes. I think that's it. I apologise for not spotting this earlier - I was only pasting the most recent denial without checking timestamps, assuming that was the only one. It looks like there are denials for virt-aa-helper preceding them.	15:10
jdstrand	rbasak: can you paste the apparmor denial?	15:12
rbasak	jdstrand: eg: Sep 11 13:08:12 ubuntu-cloud2 kernel: [504847.014007] type=1400 audit(1378904892	15:12
rbasak	.811:31): apparmor="DENIED" operation="open" parent=18180 profile="/usr/lib/libv	15:12
rbasak	irt/virt-aa-helper" name="/var/lib/ubuntu-cloud/libvirt/images/foo" pid=18263 co	15:12
rbasak	mm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0	15:12
rbasak	But I want to check that it's the correct case.	15:13
jdstrand	rbasak: ok, add to /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:	15:13
jdstrand	/var/lib/ubuntu-cloud/libvirt/images/* r,	15:13
jdstrand	then do: sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper	15:13
jdstrand	and try again	15:14
rbasak	Right, will do.	15:14
jdstrand	rbasak: that change is totally appropriate	15:14
rbasak	(I just want to catch up with my test instance first, since I think I need to destroy that)	15:14
jdstrand	you can see we have accesses for libvirt, nova, eucalyptus, etc	15:14
* rbasak removes his previous workarounds		15:14
jdstrand	rbasak: interestingly, if you used /var/lib/ubuntu-cloud/libvirt/images/foo.qcow2, it also would have worked	15:15
jdstrand	/**.qcow{,2} r,	15:15
mibofra	guys where is normally located dumpe2fs ?	15:16
rbasak	jdstrand: success! Thank you!	15:17
jdstrand	rbasak: so, you should be able to change the virt-aa-helper profile back to the original and generate your filenames to use .qcow2 and it should also work	15:18
rbasak	jdstrand: sorry I didn't spot the previous apparmor denial. That would have saved much wasted time. There were some other messages about qemu network bridges starting up in the middle, and I had assumed that the earlier denials were from a previous attempt rather than reading them through more carefully.	15:18
jdstrand	ok	15:18
jdstrand	no worries	15:18
mibofra	guys :D ?	15:18
rbasak	jdstrand: yeah. I think I'll do that to save having to modify stuff in precise	15:18
rbasak	jdstrand: many thanks for your help. I owe you much beer.	15:18
mibofra	ok rbasak there is something mad	15:19
mibofra	there isn't dumpe2fs on the system	15:19
mibofra	fixrtc use both dumpe2fs and hwclock	15:20
rbasak	mibofra: e2fsprogs provides dumpe2fs. Try installing that. It should be installed already because it's marked "essential".	15:21
mibofra	thanks	15:21
toabctl	hi	15:22
toabctl	there's a getenv call in the postinst of python-cinder (see http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/saucy/cinder/saucy/view/head:/debian/cinder-common.postinst#L4)	15:22
toabctl	where does this command come from?	15:23
rbasak	toabctl: that looks like a bug to me. I think it should be "getent".	15:24
rbasak	zul: ^^	15:24
mibofra	ok rbasak now the kernel was upgraded successfully... I wonder why the tool wasn't installed in the image yet...	15:25
rbasak	mibofra: sounds like a broken image. Where did it come from?	15:25
zul	toabctl: crap please open up a bug in launchpad please	15:25
mibofra	rbasak, I think form the provider of the vps	15:27
adam_g	zul, +1	15:28
rbasak	mibofra: please could you take it up with them? I don't mean to just fob you off - I'm concerned that others will have the same problem.	15:28
rbasak	mibofra: they should not be calling their own constructed image "Ubuntu" either.	15:29
rbasak	mibofra: exactly because of quality problems like this.	15:29
mibofra	omg	15:30
mibofra	rbasak, I've rebooted the vps	15:30
mibofra	but it rebooted with the same kernel version	15:30
mibofra	Linux spf-virtualserver 2.6.32-042stab079.5 #1 SMP Fri Aug 2 17:16:15 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux	15:30
rbasak	mibofra: sounds like they're booting their own kernel from outside your VM.	15:31
utlemming	mibofra: on vps that use their own kernel, we've see issues where apparmor is not compatabile	15:32
rbasak	utlemming: also they're not shipping e2fsprogs, which is an essential package that should be installed on all Ubuntu systems, and thus breaks initramfs-tools, which causes kernel updates to fail.	15:33
utlemming	yikes...what is the vps?	15:33
rbasak	(regardless of whether the kenrel updates work or not)	15:33
mibofra	so I've to re-make the image more or less xD	15:33
mibofra	upgrading and adding software	15:33
mibofra	really nice	15:34
utlemming	rbasak: its an openvz setup	15:40
=== marcoceppi_ is now known as marcoceppi
crass	anyone know if dm devices can be used for a uswsusp resume device?	16:26
zul	sarnold: ping	16:45
cekimogloy	Hello. I have an ubuntu 10.04 server with a 300 mb boot partition and it is using 90% of space. how do I get rid of the old kernels in it without messing somethign up?	16:53
cekimogloy	currently I have from 2.6.32-21 to 2.6.32-51 in there	16:55
cekimogloy	I tried to use dpkg --list \| grep kernel-image but it doesn't list anything	16:59
sarnold	cekimogloy: \| linux- instead	17:03
cekimogloy	thanks	17:04
cekimogloy	clear	17:04
genii	If you're using drivers which use dkms might want to remove the linux-headers for the old ones as well	17:07
crass	cekimogloy: you could try (more) compression on your initrds also	17:11
=== rap424_ is now known as rap424
=== Jordan_U_ is now known as Jordan_U
gholms	smoser: You around?	20:16
smoser	hey.	20:18
smoser	long time.	20:18
gholms	Yeah! Sorry for the long silence; I've been buried in euca2ools 3 work. :-\	20:18
gholms	I'm looking into using simplestreams as a new back end for eustore stuff, but I'm having trouble finding what actually generates the data it uses.	20:19
gholms	What generates the data for stuff like cloud-images.u.c?	20:19
utlemming	gholms: which data?	20:20
gholms	http://cloud-images.ubuntu.com/releases/streams/v1/	20:20
utlemming	gholms: look at lp:simplestreams	20:20
gholms	Yes, I have been looking through that code.	20:20
utlemming	gholms: the AWS and download code is public, the Azure has NDA bits	20:21
gholms	Is that in the source tree and I'm just missing it or something?	20:21
gholms	There's plenty of code that uses extant data, but precious little that actually writes it.	20:22
gholms	tools/make-test-data does a little of that, but it looks like it's pretty much generating it all from the ground up.	20:22
utlemming	gholms: for some, yes it is	20:23
utlemming	gholms: give me a minute to look at the code...	20:23
smoser	gholms, make exdata	20:24
smoser	it scrapes / combines data from /query into simplestreams format.	20:25
smoser	to create the aws and the download data.	20:25
smoser	the other content_sources come from elsewhere.	20:25
smoser	(liek azure and hp)	20:25
gholms	Okay, so the process really does involve that.	20:28
gholms	That's useful.	20:28
smoser	gholms...	20:32
smoser	thats one of those things that you think... well, this wont last long.	20:32
smoser	but it lasted long	20:32
gholms	Oh?	20:32
smoser	oh. not simplestreams. the generation bit	20:33
smoser	there that kind of scrapes other data.	20:33
gholms	Ideally I just want to be able to have people dump a bunch of images and some metadata for each one into $dir using $layout and have things Just Work, so that seems similar in spirit.	20:38
gartral	alright, I'm in a pickle, I have a headless server that was working fine earlier today, now when I try too SSH into it i get "ssh_exchange_identification: Connection closed by remote host	21:31
gartral	"	21:31
gartral	this is even happening when I try to bounce the connection off a machine from a friends house, not attached to my network x.x	21:33
maxb	Time to power cycle it if you have no remote KVM or console capabilities	21:33
gartral	maxb: I can't. the BMC isn't responding either and the power button lock is engaged, I'm locked out	21:34
maxb	Time to phone someone up and get them to yank the power cable then	21:35
gartral	maxb: short of tracing which of the 10 freaking power cables running through the cabinent I'm stuck	21:35
gartral	nah, It's a server in my possesion and crontrol	21:35
maxb	This is why it's important to use managed PDUs	21:35
gartral	control*	21:35
* gholms recommends labeling wires and managed PDUs		21:36
gartral	gholms maxb I don't have a few hundred dollars for a managed PDU	21:36
gholms	Do you have a few dollars for a roll of masking tape and a marker? :)	21:37
gartral	gholms: do, cat keeps chewing the tape off, not chewing the wire, just the tape	21:37
gholms	Ouch.	21:37
maxb	Servers and cats should not be mixed :-)	21:38
gartral	I think she gets high off the adhesive	21:38
gartral	oh she's a good kitty, I can have a comp open doing diagnostics, she looks at it, then walks away	21:38
gholms	Sounds like what you need is a mini-rack with doors.	21:39
sarnold	gartral: can you hook up a keyboard and blindly login, reboot?	21:39
gartral	she made the mistake of sniffing a cpu fan once when she was a kitten, gave her a nice bloody nose, never wanted to put her face too close to a comp after that	21:39
sarnold	aww poor kitty	21:39
gartral	sarnold: tried that, just beeps when i hit keys	21:40
gholms	Heh	21:40
gartral	here's the screwed up part, my ZNC server is on this machine, which is connected to freenode, in turn whichi s how I'm talking to all of you, so I know it's not a kernel panic	21:41
sarnold	gartral: oh, it beeps on keypresses? that feels like a seriously wedged machine, I'm used to seeing that when the keyboard buffer is stuffed full and nothing is handling keyboard presses..	21:41
sarnold	gartral: Whaa?? wow.	21:42
sarnold	gartral: does znc give you any command execute abilities?	21:42
gartral	sarnold: only for ZNC, not the machine	21:42
sarnold	gartral: normally that'd be a good thing.. hehe	21:43
gartral	most of the websites and services are running, except for appearent SSH, ipmi, snmp, and webmin	21:43
sarnold	ergh. webmin. I wonder if it is someone else's computer now.	21:44
gartral	so yea, I'm stuck between a rock and a hard place here	21:44
gartral	sarnold: there's no outside connection too webmin, it's completely in network on an out-of-band line	21:44
sarnold	disabling sshd, impi, and snmp would probably draw undue attention pretty quickly, but someone might just do that to defend their new machine	21:44
sarnold	gartral: ah, good, that's encouraging. :)	21:45
gartral	and by out of band, I mean it's only accessably from a single network port, running from an un-bridged connection between my workstation and the server	21:45
gartral	(I'm not dumb)	21:45
gartral	i guess I'll pull power, see if that helps	21:46
gartral	well I don't know what the hell happened, but I can log in now >.<	21:55
sarnold	gartral: check the logs, it'll be worth finding out what happened..	21:56
sarnold	my guess is OOM killer went nuts. but that's just a guess.	21:56
gartral	sarnold: on a server with 8 gigs of ram? <.<	21:57
gartral	err.. this is odd, now it's saying I have a read-only FS	21:58
gholms	I've had that happen on servers with 32G of RAM when people weren't being careful. ;)	21:58
gartral	i gotta wonder if the HDD is dying	21:59
gartral	sudo: unable to open /var/lib/sudo/name/6: Read-only file system; sudo: unable to execute /sbin/reboot: Input/output error	22:00
gartral	brb again	22:00
sarnold	gartral: yikes, good luck	22:01
=== freeflying_away is now known as freeflying
MoleMan2	I just ran a sudo apt-get upgrade and have just looked back, and have a screen full of various errors, all relating to read-only filesystems	23:39
MoleMan2	I know this information is very vague and a bit useless, but any idea where to start troubleshooting aand fixing?	23:39
gholms	Your stuff is all backed up, right?	23:39
MoleMan2	Linux Ubuntu-Server 3.8.0-26-generic #38~precise2-Ubuntu	23:40
MoleMan2	most of my important stuff yeah	23:40
MoleMan2	its just a home server so most of it is more or less disposable anyway	23:40
MoleMan2	(yes I am aware the first rule of everything is backups, but I currently can't even afford enough storage to keep my actual stuff, never mind full backups	23:41
sarnold	MoleMan2: check dmesg, it might specify why the filesystem is read-only...	23:42
MoleMan2	sarnold: http://pastebin.com/FeFKrvjb is the last chunk of info, I just had to guess at what is recent/useful though :/	23:44
sarnold	MoleMan2: those numbers in square brackets are timestmps since boot, measured in seconds	23:51
sarnold	MoleMan2: that paste covers less than a second of time, though it's hard to know exactly how far in the past it is.	23:52
MoleMan2	yeah, comparing with syslog, that entire chunk was around Sep 12 00:26:45 which was presumably when everything froze	23:53
sarnold	MoleMan2: "medium error" and "media error" look like bad news. it might be a dying drive, might just be a fussy controller / drive / driver that could be 'fixed' by a reboot.	23:53
MoleMan2	as the last entry in syslog was Sep 12 00:26:46 Ubuntu-Server kernel: [975496.222453] type=1400 audit(1378942006.370:42): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/tcpdump" pid=24281 comm="apparmor_parser", presumably due to read only	23:53
MoleMan2	yeah, I just don't want to reboot if I don't have to as I won't be home for quite a while, so if it just fails to boot I'm stuck for a few weeks and won't be able to do anything :/	23:55
MoleMan2	might I be able to just manually remount / change the mount to wr without a reboot, or is a reboot probably the best way to go?	23:55
sarnold	MoleMan2: oh man. :/ it'd be best if it could run a fsck before coming back online. I wouldn't force to wr.	23:56
MoleMan2	but yeah, I'd picked up on those bits as a read fail, possibly linked to a drive death,	23:56
MoleMan2	hmm	23:56
sarnold	MoleMan2: .. but with the data, i'd be worried about a fsck removing something you care about, too. not a great situation. :(	23:57
gartral	arrgh! >.< I can't figure out why this server is barfing like this! 13.04 0:- 1:* 2: 3: 4: 5: ▸904kB/s 53‼ 1h53m 50C 8.18 2x2.4GHz 3.9G39% s1.9G0% 292G67% gareth@kitsunet 192.168.1.4 2013-09-11 19:56:13	23:58
gartral	load shouldn't be this high, I have NOTHING running	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!