/srv/irclogs.ubuntu.com/2013/09/11/#ubuntu-server.txt

smoser adam_g nice.00:30
adam_gsmoser, hoping that is the source of my problems. the cinder issues i was hitting do not seem to happen if that bug is not affecting (precise)00:31
smoserhm..00:31
=== Gnubie is now known as Guest74935
=== Guest74935 is now known as Gnubie_
zulScottK:  ping01:19
ScottKzul: pong01:32
zulScottK:  https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/122334201:32
uvirtbotLaunchpad bug 1223342 in neutron "[FFE] neutron-vpn-agent and neutron-metering-agent" [Undecided,New]01:32
=== unreal_ is now known as unreal
=== medberry is now known as med_
ScottKzul: I'm unlikely to have time for New before the weekend.02:03
crassare the mount points in fstab mounted in parallel?02:31
crassif so, is there a way to specify dependencies?02:32
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
rostamHi what is alternate Ubuntu CD? is this a different than for example Ubuntu server? thx06:55
smbjamespage, Morning, when you are around, can you help me to figure out whether recent jenkins fails in nova-compute are related to xen and if yes, why?07:34
=== BlackDex_ is now known as BlackDex
gartralhello all, i'm in a conundrum, I have a fairly nice server for what it is, and it's been spending a good deal of time at about 8-13 load.. I can't figure out why, the CPUs aren't bogged... the Ram is hardly swapping meaning the disk isn't thrashing, and even the dual-gigabit net link isn't saturated.. can someone give me some pointers here?08:30
=== freeflying is now known as freeflying_away
njuergensgartral, you could use 'ps ax' and look for processes that are permanently in R or D state09:01
=== freeflying_away is now known as freeflying
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
rbasakhallyn_, jdstrand: can you help me with libvirt apparmor and backing store support in Precise? If I create an instance that uses a backing store, then apparmor denies me. I think I@ve tracked it down to this commit, which isn't in Precise (Saucy works fine). What do you think about an SRU? http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2aca94bfd3691c492ce4b6e7f1dd73342774fefd12:00
rbasakOr is there something else I can do instead?12:01
jdstrandrbasak: I'll let hallyn_ comment on the SRU. that patch should be fine but might have to be adjusted for precise's libvirt12:27
jdstrandrbasak: that said, I'll mention that is more of a feature than a bug fix12:28
jdstrandrbasak: at least imo12:28
rbasakjdstrand: thanks. Yeah I agree that the bug/feature thing is a bit dubious.12:35
rbasakFrom virt-aa-helper's view it's clearly a feature. From a holistic view I'm not sure, since libvirt has the functionality which the apparmor support "breaks"12:37
rbasakThe problem for me is that I want backing stores to work for the cloud tooling that we want functional on Precise.12:38
rbasaksmoser: ^^12:38
rbasakA workaround is to disable apparmor for libvirt altogether, which isn't great.12:39
rbasakOr perhaps a replacement virt-aa-helper under another name, and reconfigure libvirt to use that.12:39
smoserrbasak, i'm kind of confused.12:40
smoserwhatdoes openstaack do on presee.12:40
rbasaksmoser: good question. No idea!12:41
smoserand how is a patch sent upstream by an ubuntu developer in 2010 not in 12.04?12:41
rbasakNot use backing stores, I guess?12:41
jdstrandrbasak: disabling apparmor is not a viable workaround. it is critical to our security story for fully virtualized cloud guests12:41
smoseropenstack definitely does use qcow2 , or at least can be configured to do so. i think it is actually even default.12:41
smoserrbasak, are you sure its not jut that you're calling it raw and it is actually a qcow ?12:42
rbasakjdstrand: right, agreed. I meant on a per-user basis who wants to use this specific tooling on precise for development or something. I wouldn't want to recommend doing that in production.12:42
jdstrandit is. I don't think it uses backing stores by default12:42
smoserhttps://bugs.launchpad.net/nova/+bug/83710212:42
uvirtbotLaunchpad bug 837102 in nova "nova writes libvirt xml 'driver_type' based only on FLAGS.use_cow_images" [Low,Fix released]12:43
smoserhttps://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/47063612:43
uvirtbotLaunchpad bug 470636 in libvirt "AppArmor security driver does not support backingstore" [Medium,Fix released]12:43
rbasaksmoser: there is no mention of "backing" in src/security/* in 0.9.8-2ubuntu17.1012:44
jdstrandoh, actually, I can't say if precise uses qcow212:44
* rbasak looks at the bug12:44
rbasaksmoser, jdstrand: it does look like the patch made it into Lucid, but I'm not clear on what happened after that. In Lucid, it looks like a lot of the code was reverted/replaced by 9900-CVE-2010-2237-2238-2239.patch.12:52
uvirtbotrbasak: Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2237)12:52
smoserrbasak, your libvirt xml12:53
smoserare you specifying that the disk is qcow ?12:53
smoserif you're not, AA will (correctly) not allow it.12:53
* rbasak checks12:53
smoserif you do specify it as qcow, then it will.12:53
rbasaksmoser: I'm specifying qcow12:55
rbasaksmoser: volume: http://paste.ubuntu.com/6092363/; instance: http://paste.ubuntu.com/6092366/12:56
rbasaksmoser: note that I think this works in Saucy12:57
smoserrbasak, hm.. i'm not really sure. i'm 98% certain that on precise with libvirt and app armor you can use a qcow disk.13:00
smoserbut i dont know what 'volume' is in that respect.13:00
rbasaksmoser: use a qcow disk specifically with a backing store?13:00
smoseri dont know what "backing store" is.13:01
smoserbut yes, specifically this works:13:01
smoserqemu-img create -f qcow2 -b original-disk.img my-delta.img13:01
rbasakThat's slightly different to what I'm doing.13:01
smoserlibvirt.... with 'my-delta.img' specified as a disk.13:01
smoserright.13:01
smoseryou're (i thikn) asking libvirt to do that for you?13:01
rbasakRight.13:01
smosermaybe just dont do that and do it yourself.13:01
smoserwhich is what openstack does.13:02
smoserit creates the qemu disk backed by a another13:02
smoserand then tells libvirt to use that created disk.13:02
rbasakThat would be pretty messy and involve a pretty big refactoring. libvirt provides a tidy API that works on Saucy :-(13:03
rbasakThe metadata about the connections between volumes can be held in the libvirt XML then, too. THat makes deleting volumes easier.13:04
rbasakI don't like it although I accept that is one solution.13:04
smoserrbasak, well, sru seems the only other option.13:07
* rbasak is investigating a third idea13:07
smoserwhich would seem to me to be low regression likelyhood, as its just (securely) allowing somethign that awasn't allowed before.13:07
rbasakjdstrand: echo '/var/lib/ubuntu-cloud/libvirt/images/* r,' >> /etc/apparmor.d/abstractions fixes the issue for me, and will work for all my use cases. Would you consider this secure, and is there a way my package could drop this in in a pluggable way?13:09
rbasak(my package manages that directory)13:09
smoserrbasak, are you able to add stuff into /etc/apparmor.d/libvirt ?13:10
smoserah. or local/usr.sbin.libvirtd13:11
rbasaksmoser: those are generated though. Only TEMPLATE is not.13:11
rbasakPutting something in local/ might violate policy I think13:11
rbasakHence the question13:11
rbasakI'll also need to ensure that the directory only contains official images, and put the rw instance disk images elsewhere.13:11
rbasakI'm bundling both in the same place right now, and then instances could read each others' disks (with some kind of qemu exploit), which would be bad.13:12
smoser rbasak /etc/apparmor.d/abstractions is a file, no?13:12
smosererr. is a directory13:13
rbasaksmoser: sorry. I meant /etc/apparmor.d/abstractions/libvirt-qemu.13:13
rbasakTEMPLATE includes that file.13:13
smoseri'd just violate policy on the 12.04 backport.13:14
smoserif in fact that violates policy.13:14
rbasakI'm not sure it'll work though13:15
smoseroh. i thought you said it would.13:15
rbasakusr.sbin.libvirtd is the wrong file.13:15
smoserreally?13:15
smoserwhat file is it ?13:15
rbasakThe generated ones in /etc/apparmor.d/libvirt/13:15
rbasakI think.13:16
rbasakThose are per-instance (ie. per-qemu-process)13:16
hallyn_rbasak: well /var/lib/ubuntu-cloud/libvirt/images/* r,' >> /etc/apparmor.d/abstractions/libvirt-qemu will mean that all instances,13:16
hallyn_if escaped, will be able to read all other isntances' data,13:16
smoserwell, no.13:16
smoserbecause he'd only put raw images there.13:16
smoserso they'd be able to read their backing store or other stuff they could have just downloaded from http://cloud-images.ubuntu..com13:17
rbasakhallyn_: right now, that's true. However, I can arrange for instances to have their main disk images in a different directory, and for that directory to contain only official Ubuntu cloud images, which are public.13:17
hallyn_assuming you mean raw vs qcow, what diff does that maek?13:17
hallyn_ah13:17
rbasak(since in my case the backing stores only need to be read-only public cloud images)13:17
hallyn_then that sounds good.13:17
hallyn_but, does http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2aca94bfd3691c492ce4b6e7f1dd73342774fefd also fix the issue for you?13:18
smoserrbasak, you could put your files in a subdirectory of that if you wanted.13:18
smoserif you dont wildcard '**' then subdirs are restricted.13:18
rbasakI'm not sure if that patch fixes it. I've not tried yet - wanted to discuss first.13:18
rbasaksmoser: I'm not sure that libvirt's API supports volume pool subdirectores like that, but I'll check - thanks.13:19
rbasakhallyn_: in particular I'm now concerned to understand why a security update seems to have reverted most of that patch in Lucid. And it doesn't appear present in Precise, but is in Saucy. So I'm quite confused about that patch now.13:19
smbzul, If you are around. There seems to be something wrong with the nova-compute jenkins tests, not sure this is related to the xen upload. I am not bright enough to make any sense of the output13:40
zulsmb: yeah i saw that its on the list today13:40
smbzul, Ok, let me know it it is related.13:41
jdstrandrbasak: re /var/lib/ubuntu-cloud/libvirt/images/* r> no that is not secure because right now we have vm isolation. anything that was in /var/lib/ubuntu-cloud/libvirt/images/ would be available to all VMs, which would break that isolation13:44
rbasakjdstrand: right, but I'm suggesting that I limit that directory to published Ubuntu cloud images only, which are the only things I need as backing stores.13:45
rbasakI might rename the directory to make it clearer I guess. "public" perhaps.13:46
rbasakOr images/public13:46
jdstrandrbasak: I don't understand what isn't working. the security update didn't revert this-- the xml just has to has to to specify the type. eg <driver name='qemu' type='qcow2'/>13:47
jdstrandrbasak: and I wrote a tool that would migrate people automatically13:48
jdstrandas part of the security update13:48
rbasakjdstrand: I'm doing that. See http://paste.ubuntu.com/6092366/ for my instance definition.13:49
rbasakjdstrand: the volume definition is: http://paste.ubuntu.com/6092363/13:49
rbasakjdstrand: it might be that I'm doing this a little differently from openstack and what direct qemu users might do. I'm doing everything through the libvirt API.13:49
jdstrandrbasak: what is the apparmor denial?13:50
rbasakjdstrand: type=1400 audit(1378904893.099:36): apparmor="DENIED" operation="open" parent=1 profile="libvirt-a9ffce69-5593-9a1a-4f8d-60995f9dad8d" name="/var/lib/ubuntu-cloud/libvirt/images/Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTIuMDQ6YW1kNjQgMjAxMzA5MDk=" pid=18276 comm="kvm" requested_mask="r" denied_mask="r" fsuid=106 ouid=10613:51
rostamHI is the toolchain version has changed from LTS 12.04 to LTS 12.03 update 3?thx13:53
rbasakThe code that creates the volume is: http://pastebin.ubuntu.com/6092576/13:56
jdstrandrbasak: can you paste the output of: qemu-img info /var/lib/ubuntu-cloud/libvirt/images/foo ; qemu-img info /var/lib/ubuntu-cloud/libvirt/images/Y29tLnVidW50dS5jbG91ZDpzZXJ2ZXI6MTIuMDQ6YW1kNjQgMjAxMzA5MDk=14:04
jdstrandrbasak: I have to go to a meeting14:04
rbasakjdstrand: will do, and I'll leave you a message here. THanks.14:05
jdstrandrbasak: actually, I'm back14:07
rbasakjdstrand: http://pastebin.ubuntu.com/6092619/14:07
rbasakThat was a quick meeting :)14:07
rbasakjdstrand: a thought. smoser pointed out that I'm not decompressing the downloaded backing image, and that I should because it hurts performance. That's in my backlog. But everything works transparently. That isn't going to influence the code that looks at the backing volume, is it?14:10
rbasak(everything apart from this apparmor issue, that is!)14:10
jdstrandI wouldn't think so, but all that is abstracted away from the apparmor driver14:11
rbasakOK14:11
rbasakThis issue didn't affect me in more recent releases, btw.14:11
smoserrbasak, no.14:11
jdstrandrbasak: oh, which was the first release it worked on?14:13
rbasakjdstrand: currently unknown :-(14:13
rbasakThere are many moving bits to the code I've written, so it's a bit awkward to test. If you need to know I can reduce everything to a much smaller test ase.14:14
jdstrandI would like to know. I am trying a reduced test case now14:15
halvorsHi! I'm trying to setup bind to override the domain "infected.no", I have to add a few local records. But i still need to be able to resolve the actual website. Can i do this in bind?14:19
* rbasak uses the tool we're trying to fix to quickly fire up some test instances14:20
rbasakhalvors: look up bind "views". You can maintain a separate local copy of some particular zone. A warning though: it can lead to considerable confusion to run things that way.14:21
jdstrandrbasak: ok, precise works with a simple qcow2 with backing store: http://paste.ubuntu.com/6092737/14:35
jdstrandrbasak: ie, just using qemu-img and not the volume xml14:35
* jdstrand now tries with volume xml14:36
=== freeflying is now known as freeflying_away
mibofrahi, I'm a vps running ubuntu. Initially it ran ubuntu 12.10; after I've upgraded it to the 13.04. Anyway the image of the vps by default mount a 2.6 version of linux. I've tried to update it to the latest on raring (3.8) but I get this error: http://paste.ubuntu.com/6092777/ . I think that I can't upgrade the kernel for the particular setup of grub on a vps... so are there any other way to upgrade the kernel?14:50
rbasakjdstrand: I did http://pastebin.ubuntu.com/6092801/ by hand. I see: "2013-09-11 14:50:43.236+0000: 11812: warning : virDomainDiskDefForeachPath:13244 : Ignoring open failure on /var/lib/libvirt/images/foo: Permission denied"14:52
rbasakjdstrand: virt-aa-helper with sudo works. So is the problem that libvirt-aa-helper can't read that file so doesn't find out about the backing volume?14:53
rbasakmibofra: are you running an official Ubuntu image, or something that's modified by your VPS provider that isn't really Ubuntu? I see no reason why /usr/share/initramfs-tools/hooks/fixrtc should fail except perhaps if something like /sbin/hwclock has been removed on your system.14:56
mibofrano the executable is under /sbin/ as usual14:57
rbasakIs your disk full?14:58
mibofraon line 1010 (of the script) there is this: system ("run-parts --verbose --exit-on-error --arg=$version " . No the disk isn't full14:58
mibofraI've all the necessary space14:59
rbasakAre you sure? HOw much space is that?14:59
mibofrarbasak, Filesystem        1K-blocks    Used Available Use% Mounted on15:00
mibofra/dev/ploop13128p1  10319140 2094284   7700672  22% /15:00
rbasakOK I agree that sounds OK15:01
jdstrandrbasak: aha!15:01
mibofraLinux spf-virtualserver 2.6.32-042stab079.5 #1 SMP Fri Aug 2 17:16:15 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux the actual kernel15:01
jdstrandrbasak: actually, no. that is a harmless error15:02
jdstrandrbasak: the output from virt-aa-helper should be the same there15:03
rbasakjdstrand: it's not. When I run without sudo, I don't see the backing file. When I run with sudo, I do.15:03
jdstrandrbasak: oh, right, cause it can't inspect the qcow215:04
rbasakRight15:04
jdstrandrbasak: but virt-aa-helper runs as root, so that shouldn't be the case15:04
jdstrandrbasak: s/case/problem/15:04
rbasakjdstrand: it has its own apparmor profile though, doesn't it?15:05
jdstrandrbasak: it does, but sudo wouldn't make it suddenly work15:05
rbasakTHis time I used a standard location (/var/lib/libvirt/images/) for the volume image, too.15:06
rbasakPerhaps it doesn't work in the non-standard location for that reason?15:07
jdstrandrbasak: are there any apparmor denials?15:08
zuladam_g: http://people.canonical.com/~chucks/ca/ (a newer webtest is needed for ceilometer)15:09
rbasakjdstrand: yes. I think that's it. I apologise for not spotting this earlier - I was only pasting the most recent denial without checking timestamps, assuming that was the only one. It looks like there are denials for virt-aa-helper preceding them.15:10
jdstrandrbasak: can you paste the apparmor denial?15:12
rbasakjdstrand: eg: Sep 11 13:08:12 ubuntu-cloud2 kernel: [504847.014007] type=1400 audit(137890489215:12
rbasak.811:31): apparmor="DENIED" operation="open" parent=18180 profile="/usr/lib/libv15:12
rbasakirt/virt-aa-helper" name="/var/lib/ubuntu-cloud/libvirt/images/foo" pid=18263 co15:12
rbasakmm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=015:12
rbasakBut I want to check that it's the correct case.15:13
jdstrandrbasak: ok, add to /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:15:13
jdstrand/var/lib/ubuntu-cloud/libvirt/images/* r,15:13
jdstrandthen do: sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper15:13
jdstrandand try again15:14
rbasakRight, will do.15:14
jdstrandrbasak: that change is totally appropriate15:14
rbasak(I just want to catch up with my test instance first, since I think I need to destroy that)15:14
jdstrandyou can see we have accesses for libvirt, nova, eucalyptus, etc15:14
* rbasak removes his previous workarounds15:14
jdstrandrbasak: interestingly, if you used /var/lib/ubuntu-cloud/libvirt/images/foo.qcow2, it also would have worked15:15
jdstrand  /**.qcow{,2} r,15:15
mibofraguys where is normally located dumpe2fs ?15:16
rbasakjdstrand: success! Thank you!15:17
jdstrandrbasak: so, you should be able to change the virt-aa-helper profile back to the original and generate your filenames to use .qcow2 and it should also work15:18
rbasakjdstrand: sorry I didn't spot the previous apparmor denial. That would have saved much wasted time. There were some other messages about qemu network bridges starting up in the middle, and I had assumed that the earlier denials were from a previous attempt rather than reading them through more carefully.15:18
jdstrandok15:18
jdstrandno worries15:18
mibofraguys :D ?15:18
rbasakjdstrand: yeah. I think I'll do that to save having to modify stuff in precise15:18
rbasakjdstrand: many thanks for your help. I owe you much beer.15:18
mibofraok rbasak there is something mad15:19
mibofrathere isn't dumpe2fs on the system15:19
mibofrafixrtc use both dumpe2fs and hwclock15:20
rbasakmibofra: e2fsprogs provides dumpe2fs. Try installing that. It should be installed already because it's marked "essential".15:21
mibofrathanks15:21
toabctlhi15:22
toabctlthere's a getenv call in the postinst of python-cinder (see http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/saucy/cinder/saucy/view/head:/debian/cinder-common.postinst#L4)15:22
toabctlwhere does this command come from?15:23
rbasaktoabctl: that looks like a bug to me. I think it should be "getent".15:24
rbasakzul: ^^15:24
mibofraok rbasak now the kernel was upgraded successfully... I wonder why the tool wasn't installed in the image yet...15:25
rbasakmibofra: sounds like a broken image. Where did it come from?15:25
zultoabctl:  crap please open up a bug in launchpad please15:25
mibofrarbasak, I think form the provider of the vps15:27
adam_gzul, +115:28
rbasakmibofra: please could you take it up with them? I don't mean to just fob you off - I'm concerned that others will have the same problem.15:28
rbasakmibofra: they should not be calling their own constructed image "Ubuntu" either.15:29
rbasakmibofra: exactly because of quality problems like this.15:29
mibofraomg15:30
mibofrarbasak, I've rebooted the vps15:30
mibofrabut it rebooted with the same kernel version15:30
mibofraLinux spf-virtualserver 2.6.32-042stab079.5 #1 SMP Fri Aug 2 17:16:15 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux15:30
rbasakmibofra: sounds like they're booting their own kernel from outside your VM.15:31
utlemmingmibofra: on vps that use their own kernel, we've see issues where apparmor is not compatabile15:32
rbasakutlemming: also they're not shipping e2fsprogs, which is an essential package that should be installed on all Ubuntu systems, and thus breaks initramfs-tools, which causes kernel updates to fail.15:33
utlemmingyikes...what is the vps?15:33
rbasak(regardless of whether the kenrel updates work or not)15:33
mibofraso I've to re-make the image more or less xD15:33
mibofraupgrading and adding software15:33
mibofrareally nice15:34
utlemmingrbasak: its an openvz setup15:40
=== marcoceppi_ is now known as marcoceppi
crassanyone know if dm devices can be used for a uswsusp resume device?16:26
zulsarnold: ping16:45
cekimogloyHello. I have an ubuntu 10.04 server with a 300 mb boot partition and it is using 90% of space. how do I get rid of the old kernels in it without messing somethign up?16:53
cekimogloycurrently I have from 2.6.32-21 to 2.6.32-51 in there16:55
cekimogloyI tried to use dpkg --list | grep kernel-image but it doesn't list anything16:59
sarnoldcekimogloy: | linux-  instead17:03
cekimogloythanks17:04
cekimogloyclear17:04
geniiIf you're using drivers which use dkms might want to remove the linux-headers for the old ones as well17:07
crasscekimogloy: you could try (more) compression on your initrds also17:11
=== rap424_ is now known as rap424
=== Jordan_U_ is now known as Jordan_U
gholmssmoser: You around?20:16
smoserhey.20:18
smoserlong time.20:18
gholmsYeah!  Sorry for the long silence; I've been buried in euca2ools 3 work.  :-\20:18
gholmsI'm looking into using simplestreams as a new back end for eustore stuff, but I'm having trouble finding what actually generates the data it uses.20:19
gholmsWhat generates the data for stuff like cloud-images.u.c?20:19
utlemminggholms: which data?20:20
gholmshttp://cloud-images.ubuntu.com/releases/streams/v1/20:20
utlemminggholms: look at lp:simplestreams20:20
gholmsYes, I have been looking through that code.20:20
utlemminggholms: the AWS and download code is public, the Azure has NDA bits20:21
gholmsIs that in the source tree and I'm just missing it or something?20:21
gholmsThere's plenty of code that uses extant data, but precious little that actually writes it.20:22
gholmstools/make-test-data does a little of that, but it looks like it's pretty much generating it all from the ground up.20:22
utlemminggholms: for some, yes it is20:23
utlemminggholms: give me a minute to look at the code...20:23
smosergholms, make exdata20:24
smoserit scrapes / combines data from /query into simplestreams format.20:25
smoserto create the aws and the download data.20:25
smoserthe other content_sources come from elsewhere.20:25
smoser(liek azure and hp)20:25
gholmsOkay, so the process really does involve that.20:28
gholmsThat's useful.20:28
smosergholms...20:32
smoserthats one of those things that you think... well, this wont last long.20:32
smoserbut it lasted long20:32
gholmsOh?20:32
smoseroh. not simplestreams. the generation bit20:33
smoserthere that kind of scrapes other data.20:33
gholmsIdeally I just want to be able to have people dump a bunch of images and some metadata for each one into $dir using $layout and have things Just Work, so that seems similar in spirit.20:38
gartralalright, I'm in a pickle, I have a headless server that was working fine earlier today, now when I try too SSH into it i get "ssh_exchange_identification: Connection closed by remote host21:31
gartral"21:31
gartralthis is even happening when I try to bounce the connection off a machine from a friends house, not attached to my network x.x21:33
maxbTime to power cycle it if you have no remote KVM or console capabilities21:33
gartralmaxb: I can't. the BMC isn't responding either and the power button lock is engaged, I'm locked out21:34
maxbTime to phone someone up and get them to yank the power cable then21:35
gartralmaxb: short of tracing which of the 10 freaking power cables running through the cabinent I'm stuck21:35
gartralnah, It's a server in my possesion and crontrol21:35
maxbThis is why it's important to use managed PDUs21:35
gartralcontrol*21:35
* gholms recommends labeling wires and managed PDUs21:36
gartralgholms maxb I don't have a few hundred dollars for a managed PDU21:36
gholmsDo you have a few dollars for a roll of masking tape and a marker?  :)21:37
gartralgholms: do, cat keeps chewing the tape off, not chewing the wire, just the tape21:37
gholmsOuch.21:37
maxbServers and cats should not be mixed :-)21:38
gartralI think she gets high off the adhesive21:38
gartraloh she's a good kitty, I can have a comp open doing diagnostics, she looks at it, then walks away21:38
gholmsSounds like what you need is a mini-rack with doors.21:39
sarnoldgartral: can you hook up a keyboard and blindly login, reboot?21:39
gartralshe made the mistake of sniffing a cpu fan once when she was a kitten, gave her a nice bloody nose, never wanted to put her face too close to a comp after that21:39
sarnoldaww poor kitty21:39
gartralsarnold: tried that, just beeps when i hit keys21:40
gholmsHeh21:40
gartralhere's the screwed up part, my ZNC server is on this machine, which is connected to freenode, in turn whichi s how I'm talking to all of you, so I know it's not a kernel panic21:41
sarnoldgartral: oh, it beeps on keypresses? that feels like a seriously wedged machine, I'm used to seeing that when the keyboard buffer is stuffed full and nothing is handling keyboard presses..21:41
sarnoldgartral: Whaa?? wow.21:42
sarnoldgartral: does znc give you any command execute abilities?21:42
gartralsarnold: only for ZNC, not the machine21:42
sarnoldgartral: normally that'd be a good thing.. hehe21:43
gartralmost of the websites and services are running, except for appearent SSH, ipmi, snmp, and webmin21:43
sarnoldergh. webmin. I wonder if it is someone else's computer now.21:44
gartralso yea, I'm stuck between a rock and a hard place here21:44
gartralsarnold: there's no outside connection too webmin, it's completely in network on an out-of-band line21:44
sarnolddisabling sshd, impi, and snmp would probably draw undue attention pretty quickly, but someone might just do that to defend their new machine21:44
sarnoldgartral: ah, good, that's encouraging. :)21:45
gartraland by out of band, I mean it's only accessably from a single network port, running from an un-bridged connection between my workstation and the server21:45
gartral(I'm not dumb)21:45
gartrali guess I'll pull power, see if that helps21:46
gartralwell I don't know what the hell happened, but I can log in now >.<21:55
sarnoldgartral: check the logs, it'll be worth finding out what happened..21:56
sarnoldmy guess is OOM killer went nuts. but that's just a guess.21:56
gartralsarnold: on a server with 8 gigs of ram? <.<21:57
gartralerr.. this is odd, now it's saying I have a read-only FS21:58
gholmsI've had that happen on servers with 32G of RAM when people weren't being careful.  ;)21:58
gartrali gotta wonder if the HDD is dying21:59
gartralsudo: unable to open /var/lib/sudo/name/6: Read-only file system; sudo: unable to execute /sbin/reboot: Input/output error22:00
gartralbrb again22:00
sarnoldgartral: yikes, good luck22:01
=== freeflying_away is now known as freeflying
MoleMan2I just ran a sudo apt-get upgrade and have just looked back, and have a screen full of various errors, all relating to read-only filesystems23:39
MoleMan2I know this information is very vague and a bit useless, but any idea where to start troubleshooting aand fixing?23:39
gholmsYour stuff is all backed up, right?23:39
MoleMan2Linux Ubuntu-Server 3.8.0-26-generic #38~precise2-Ubuntu23:40
MoleMan2most of my important stuff yeah23:40
MoleMan2its just a home server so most of it is more or less disposable anyway23:40
MoleMan2(yes I am aware the first rule of everything is backups, but I currently can't even afford enough storage to keep my actual stuff, never mind full backups23:41
sarnoldMoleMan2: check dmesg, it might specify why the filesystem is read-only...23:42
MoleMan2sarnold: http://pastebin.com/FeFKrvjb is the last chunk of info, I just had to guess at what is recent/useful though :/23:44
sarnoldMoleMan2: those numbers in square brackets are timestmps since boot, measured in seconds23:51
sarnoldMoleMan2: that paste covers less than a second of time, though it's hard to know exactly how far in the past it is.23:52
MoleMan2yeah, comparing with syslog, that entire chunk was around Sep 12 00:26:45 which was presumably when everything froze23:53
sarnoldMoleMan2: "medium error" and "media error" look like bad news. it might be a dying drive, might just be a fussy controller / drive / driver that could be 'fixed' by a reboot.23:53
MoleMan2as the last entry in syslog was Sep 12 00:26:46 Ubuntu-Server kernel: [975496.222453] type=1400 audit(1378942006.370:42): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/tcpdump" pid=24281 comm="apparmor_parser", presumably due to read only23:53
MoleMan2yeah, I just don't want to reboot if I don't have to as I won't be home for quite a while, so if it just fails to boot I'm stuck for a few weeks and won't be able to do anything :/23:55
MoleMan2might I be able to just manually remount / change the mount to wr without a reboot, or is a reboot probably the best way to go?23:55
sarnoldMoleMan2: oh man. :/ it'd be best if it could run a fsck before coming back online. I wouldn't force to wr.23:56
MoleMan2but yeah, I'd picked up on those bits as a read fail, possibly linked to a drive death,23:56
MoleMan2hmm23:56
sarnoldMoleMan2: .. but with the data, i'd be worried about a fsck removing something you care about, too. not a great situation. :(23:57
gartralarrgh! >.< I can't figure out why this server is barfing like this! 13.04  0:- 1:* 2:  3:  4:  5:                                                                                                    ▸904kB/s 53‼ 1h53m 50C 8.18 2x2.4GHz 3.9G39% s1.9G0% 292G67% gareth@kitsunet 192.168.1.4 2013-09-11 19:56:1323:58
gartralload shouldn't be this high, I have NOTHING running23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!