/srv/irclogs.ubuntu.com/2014/01/09/#ubuntu-server.txt

=== gary_poster is now known as gary_poster|away
ikoniawindow 1200:40
ikoniaoops00:40
* jkitchen throws ikonia a /00:42
ikonianoted00:43
Nautilushi, setting up a vps I haven't touched for a couple weeks... trying to upgrade core but getting "Failed to fetch" errors. Don't think I'm doing it wrong (apt-get update, from root). Is there a server that's down? or?01:28
sarnoldNautilus: which server?01:28
Nautilus"precise"01:29
Nautilusif that's what you meant?01:30
NautilusUbuntu 12.04.3 LTS01:30
sarnoldNautilus: oh, sorry :) I meant "which update server", sorry01:30
Nautilusthis?01:31
NautilusWaVeR: Failed to fetch http://ca.archive.ubuntu.com/ubuntu/dists/precise-updates/multiverse/binary-i386/Packages  404  Not Found [IP: 91.189.91.13 80]01:31
Nautilusoops, it nick expanded to Waver01:31
sarnoldNautilus: interesting, there's a .gz and .bz2 version there, but no uncompressed version01:33
sarnold.. same with the us.archive.ubuntu.com mirror01:33
sarnold.. same with the mirror.anl.gov mirror01:34
Nautilusoh I see the page you're looking at01:34
sarnoldNautilus: did apt try to download a .gz or .bz2 version and have those fail?01:34
sarnold.. or did it only try the one, uncompresed, version?01:34
Nautilusseems ilke just the one01:35
Nautilusmaybe I should just try tomorrow, heh01:35
mojtabaHi, Does anybody know how can I change the current sent print job's pritner? I want to change it from a real printer to 'print to a file'02:05
Nautilusanyone know a channel about SSL(/TLS)?02:23
dcosnetNautilus: yassl02:34
dcosnetguessing02:34
Nautilusok thanks02:34
sarnoldNautilus: there's ##crypto, nice chaps in there, but it's more about theory than implementation... if you've got a question about configuration, this is probably your best bet02:34
Nautilusi might have someone in another channel, lets see how this goes02:35
=== airtonix_ is now known as airtonix
MavKencan someone point me towards a good article about proper permissions for /var/www and sub folders?  I keep having issues every time I try to install drupal or vanilla forums, this is my first VPS... Never had an issue installing on shared hosting.03:07
sarnoldMavKen: if you see 'chmod 777' in a guide, please find a different guide :)03:09
MavKenyeah, that is what I keep running into and I know better03:09
sarnoldwoot03:10
sarnoldI know I wrote something a few years back but stackoverflow is making it hard to find. bah.03:10
sarnoldMavKen: well, okay, some guidelines: the webserver should have write access to only its log files and a database socket, so avoid setting files to www-data03:11
MavKenthe install scripts are not able to write to php files... I used chmod 775 and www-data as the owner03:11
MavKenoh03:11
sarnoldyou could create a new owner just for them, or you could use your user account..03:11
MavKenso far I have done everything as root, have not created a user yet03:12
sarnoldaha, that's probably the next thing to address :) hehe03:12
MavKenyeah03:13
MavKenI've never had to worry about permissions before... this is a pain03:16
sarnoldlearning the unix permissions and the theory behind them can take a while. but they are so much simpler than so many other permissions systems that have been tried over the years, and they can still accomplish so much, it's worth the time to get it right03:25
Nautilustrying to work through the SSL stuff. I'm generating a cert and have 4 choices, the most applicable seem to be "S/MIME and Authentication Certificate" and "Web Serve SSL/TLS Certificate". I don't understand the distinction03:28
sarnoldNautilus: aha, the certificates have an "allowed use" field03:28
sarnoldNautilus: s/mime is for email03:29
Nautilusright. dont need the Jabber or Object types03:29
sarnoldNautilus: ssl/tls is what you're after, for a web server03:29
Nautilusactually the idea here is to use it with postfix/dovecot so eg: my pop password isn't sent in plain-text. Don't plan on https at this time.03:29
Nautilusand I thought postfix+dovecot uses SSL/TLS03:30
Nautilusah, ubuntu server docs say "next, generate or obtain a digital certificate for TLS"03:32
Nautilus(for smtpd). So I want SSL/TLS, right?03:33
Nautilussounds like that's for web and email both03:33
Nautilussarnold: ^ perhaps you prefer I use your nick always03:35
=== i3luefire__ is now known as i3luefire
MavKenin 13.10, when I add a new user I have a public_html folder in /etc/skel/... is there an easy way for a file to be generated in the sites-available folder with the path each time a new user is added?03:54
MavKenI on;y have 9 hosting clients right now, but would like to streamline the process03:54
NautilusI went with SSL/TLS04:16
=== lickalott_ is now known as lickalott
eagles0513875hey guys if i add my user to the www-data group can i leave a website which is in development in my home directory and still be able to modify files in it without the need to change the user and group back to my system user and group08:33
StathisAhello all, i'm looking for a webmin alternative - i just want somekind of monitoring and mail notifications on service failures, package updates etc...i havent heard good things about webmin...09:04
eagles0513875StathisA: nagios is good for monitoring of network failures hardware monitoring and much more09:18
eagles0513875you can be emailed about it or smsed but that is something to ask in the nagios channel09:18
StathisAeagles0513875 thanks for the suggestion, i was looking for something not that centralized. as to avoid certain single point of failure scenarios..afaik nagios is located somewhere centrally and works with agents.09:22
StathisAi could get away with some manual cron jobs with checking space & if the service i need is running, i guess09:24
StathisAbut i'd like to have a tool for that09:24
eagles0513875StathisA: there is cacti potentially09:25
StathisAi'll have a look, thanks09:31
iclebyte2are there any release candidates for ubuntu 14.04LTS out yet?09:32
=== _thumper_ is now known as thumper
ogra_iclebyte2, https://wiki.ubuntu.com/TrustyTahr/ReleaseSchedule09:33
iclebyte2ogra_, I see here the feature definition freeze on november 21st. Is there anywhere I can actually find that list?09:38
ogra_http://status.ubuntu.com/ubuntu-t/09:40
=== Mez_ is now known as Mez
eagles0513875hey guys is anyone alive in here? If i add the user i use to login to my server to the www-data group and leave the group for a website im running as the user can i still edit the files etc in the directory which is currently in my home directory wiht out needing to change user and group?10:28
ikoniaeagles0513875: this is basic permissions10:47
ikoniaeagles0513875: does the user you create have permissions to access your home drive ?10:48
eagles0513875the user is my user my home dir10:48
eagles0513875the only other person accessing it would be the www-data dir to access the website10:48
smbzul, hallyn, Whoever gets there first: chinstrap:~smb/4review has an updated libvirt package for Trusty to fix some xen related bugs.10:52
=== olegb_ is now known as olegb
ikoniaeagles0513875: can the user you have created access the data in your home dir11:03
ikoniaeagles0513875: just "yes/no"11:03
eagles0513875yes11:04
eagles0513875the user owns that home directory yes11:04
ikoniaeagles0513875: then that user can edit / maintain the website11:04
eagles0513875ikonia: but dont the user and group need to be set to www-data so apache can work with the website?11:04
ikoniaeagles0513875: is apache working currently ?11:05
eagles0513875ikonia: yes because i have the sites set to www-data:www-data11:05
ikoniaeagles0513875: ok, so as long as the user/group www-data OR world access can read the files that's all you need11:05
ikoniayou don't have to change the ownership if you don't want to, it's up to you11:05
eagles0513875ok. will test things out :)11:06
eagles0513875thanks ikonia :)11:06
koolhead17zul: ping11:57
koolhead17jamespage: hi there11:57
jamespagehey koolhead1711:57
jamespagehows swift?11:57
koolhead17jamespage: swift is rock solid :)11:58
koolhead17jamespage:  how have you been. i need help from zul seems like am not able to find him all these while cos of timezone11:58
jamespagekoolhead17, all good11:58
jamespagekoolhead17, wassup?11:59
koolhead17jamespage: learning learning and more learning :)11:59
yolandajamespage, do you know if there are some more reqs on rabbit for active/active? i copy all the passwd files with unison, but i still get the AMQPLAIN invalid credentials error12:06
jamespageyolanda, I'm not 100% sure tbh12:07
yolandai'm checking and cinder.passwd in slave machine matches with the one in cinder.conf, so i should be missing something12:09
yolandajamespage, seems it's missing the users, rabbitmqctl list_users only show guest user12:11
jamespageyolanda, are you relating other services before or after forming the rabbitmq cluster?12:12
yolandajamespage, before12:13
yolandabut i'm copying the passwd files when a node is joined, so looks that i need to sync something more12:13
jamespageyolanda, try it the other way around - I suspect that when the cluster is created, all the data get dropped12:13
jamespageyolanda, if that works then we know that after a cluster creation operation, we have to re-create the usernames and passwords for access.12:14
jamespageyolanda, oh - while you are working on the rabbitmq charm - please can you add a source: config12:14
jamespagewe have rabbitmq-server 3.x in the icehouse cloud archive and no way to actually use it right now :-)12:14
yolandaok12:15
=== highvolt1ge is now known as highvoltage
yolandajamespage, seems as we aren't doing something right with clustering, i'll take a look at the doc again, users aren't replicated in any case12:30
=== gary_poster|away is now known as gary_poster
shwaiilHi13:49
shwaiilQ: How can I expand my partition /dev/sda1 on 12.04 LTS ? Thank you! Is it safe ?13:49
shwaiil* found http://blog.chapus.net/ubuntu-server-increase-disk-space/13:49
cfhowlettshwaiil, properly done it's safe, but, of course, backup ^313:51
shwaiilcfhowlett: thanks for looking! Where can I find a good manual ? that I can follow ?13:52
shwaiilin case you know..13:52
cfhowlettshwaiil, a server manual?13:52
cfhowlett!manual13:52
ubottuThe Ubuntu Manual will help you become familiar with everyday tasks such as surfing the web, listening to music and scanning documents. With an emphasis on easy to follow instructions, it is suitable for all levels of experience. http://ubuntu-manual.org/13:52
shwaiilcfhowlett: Sorry, I mean a tutorial on how to resize the partition would be awesome. But I'm now looking into the link I found13:53
cfhowlettshwaiil, ah, good.13:53
shwaiilnot sure if it's going ok or not as it's already failing and not absolutely sure why.13:54
cfhowlettshwaiil, perhaps an immediate data backup and then pinpoint the cause of the failure before you start repart'ing?13:54
caribouwho's hacking at the cinder charm these days ? is it still adam_g ?14:07
rbasaksmoser: for bug 1188610, AIUI, making *any* changes to sshd_config is still a policy violation. I think the one sensible exception might be cloud-init.14:36
rbasakBut even in that case, we should have a /etc/ssh/sshd_config.d/ or something, as a wishlist item.14:38
smoserrbasak, i dont know. i dont' know that i really believe that.14:40
smoservi changes config files all the time for me.14:40
smosershall i file a bug ?14:40
smosersometimes sed does it too.14:40
smosermy snarky comments aside, i dont' really understand such a policy.14:41
smoserpuppet does this to, thats basically its purpose in life.14:41
rbasakIf it does it because a user directly requested it, then that's different.14:46
rbasakIf it's indirect (say you installed another package that needs it), then that's a violation.14:46
rbasakHere, it's similiarly indirect. The correct solution is clearly a .d/ directory.14:46
rbasakIt's not really about the package that did it (sed, puppet, whatever). It's that the *distro* doesn't do it; the user does.14:47
rbasak /etc is the user's (well, sysadmin's) realm.14:47
rbasaksmoser: ^^14:47
rbasakFor example: if I install logrotate, clearly I'm asking for a crontab entry. But the logrotate postinst doesn't edit /etc/crontab for me. That's why /etc/cron.d/ was invented.14:49
smoseryeah. thats reasonable.14:49
rbasak(and daily.d, weekly.d, etc)14:49
smoseras i said in the bug, i dont understand that the change is actually  needed.14:49
smoserdo you understand it ?14:49
rbasakIf I had a server that was always port forwarded ssh through a NAT gateway, then I'd need it. So I get that in such an infrastructure, it makes sense to have it, and a package should be able to turn it on.14:51
smoseras to why 'ClientAliveInterval 180' would do some traffic that 'TCPKeepAlive' would not.14:51
rbasakTCPKeepAlive is by default pretty slow, isn't it?14:51
rbasakDays14:51
=== kirkland` is now known as kirkland
smoserrbasak, do you see that documented anywhere?14:54
rbasaksmoser: you mean the defaults?14:55
rbasakIt's a sysctl thing I thin.14:56
rbasakk14:56
* rbasak looks14:56
smoserrbasak, its a setting in sshd_config. (boolean).14:57
rbasaksmoser: http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-trusty.git;a=blob;f=Documentation/networking/ip-sysctl.txt;h=8a984e994e61616a9dba0a4f425a5b4371b3ae99;hb=HEAD#l24015:00
rbasaksmoser: kernel default is two hours.15:00
smoserthanks rbasak15:00
thelamestis it safe in general to edit files on a live guest virtual machine filesystem from the basesystem? (xen, lvm)15:08
xnoxthelamest: if said virtual machine is not booted, sure do as I like =) but make sure you unmount it cleanly, etc.15:09
xnoxthelamest: and as usual if you break things, you get to keep both pieces =)15:09
rbasakHe said "live".15:09
rbasakSo: no.15:09
thelamestit's a missing security/limits.conf, that's kind of preventing me to ssh into the guest15:09
rbasakShut down the VM first.15:10
xnoxrbasak: ok, i understood "live" differently =) (as in squashfs based / overlay system)15:10
rbasakThen edit it.15:10
rbasakIt's even worse if it's a file the VM has actually hit, because then it'll be cached. Changing the file on disk will not change the cache of the file in memory. I hope that demonstrates why it's bad.15:11
thelamestok, thanks15:11
thelamestgood enough it's a demo system15:11
hallynsmb: (still getting my morning going) could you also toss a debdiff in there so i can just look locally?15:16
smbhallyn, sure. and good morning then :)15:17
smbhallyn, done15:18
hallynsmb: The first part of the changelog - I don't see where that's in the debdiff15:28
smbhallyn, That is the debian/patches/ubuntu-xend-probe.patch that changes15:29
hallynas for cherrypicking of two patches from upstream, if you need that to fix xen and it comes from upstream then as far as i'm concerned you should have upload rights to just push that :)15:29
hallynsmb: ah - ideally that would be made explicit in the changelog15:29
hallynsmb: but that patch was already in series prior to the debdiff15:30
smbhallyn, I thought to be explicit enough. But apparently not. :)15:30
hallynlook at the debian/patches/series diff hunk15:30
smbhallyn, Right that was broken when someone modified it for newer libvirt versions15:30
smbhallyn, Hence "refresh/fix"15:31
=== chmurifree is now known as chmuri
hallynnm, i see.  sorry15:33
hallynsmb: so /usr/lib/xen-common/bin/xen-toolstack will return some path. you're looking for '..../xm'.  If it's not xm, what else can it be?15:33
smosersmb, https://bugs.launchpad.net/cloud-init/+bug/123653115:34
smoserlook at that comment and see if you can explain it.15:34
hallynsmb: debdiff looks good to me.15:34
smbhallyn, It could be xl (or xapi) I'd have to check the latter but for now this would put the patch back into the state it was before moving to the newer libvirt version15:36
hallynsmb: +1 from me, thanks.15:39
smbsmoser, was eatmydata only supressing fsyncs or more?15:39
smbhallyn, ok, will you sponsor? Yeah, yeah I should get upload rights for that and some other packages at least...15:40
hallynsmb: yes, please apply asap :)15:40
hallynsmb: I'll push the 1.2.0... what about the other .dsc you have in there?  that goes into ppa?15:41
hallyn(which I assume you can do?  if not, which ppa, i'll try)15:41
smbhallyn, No that was prepared as kind of one-shot mre for precise.15:42
hallynok15:42
smosersmb, eatmydata just ldpreloads fsync and sync15:42
thelamestdid the shutdown, edit, create, and still got fsck on boot15:42
smoser(to my knowledge that is all it does)15:42
hallynyeah i use eatmydata to make btrfs useful...15:42
smbsmoser, Hm, so things were actually quicker without eatmydata if I read those numbers right15:43
smosersmb, correct.15:43
smoserwhich doesn't make any ssense15:44
smoserobviously '2' is not statistically useful.15:44
smoserbut the only way i could explain it is if the fsync was reducing memory taken by the filesystem cache15:44
smoserand without that, stuff was just interacting poorly.15:44
smosernote, there is only 670M on those system.s15:45
smbsmoser, or in some way the background writeback stealing more process time from the apt-get that one expects15:47
smbsmoser, Did you do those tests with the very latest 3.13 or a bit ago when we still had 3.1215:48
=== Mikaela_ is now known as Mikaela
smosersmb, let me check that.15:57
smoserit was a build from yesterday (0108)15:57
smosersmb,16:01
smoser$ uname -r16:01
smoser3.12.0-7-generic16:01
smbsmoser, Ah ok, then it is not related in any way to slowdowns we / Tim was observing16:02
smbsmoser, But yeah, there is more in the cache. On the other hand that should increase the chance of larger sequential writes16:05
=== `petey`_ is now known as `petey`
zuljamespage/roaksoax: https://code.launchpad.net/~zulcss/ceilometer/bug-catchup/+merge/20104116:46
=== medberry is now known as med_
jamespagezul, comments16:52
zuljamespage:  fixed17:03
smbsmoser, So thinking about your eatmydata oddness... I see that with or without it dpkg seems to use --force-unsafe-io, which removes some slow fssyncs. Adding eatmydata to the command stack certainly adds additional context switches. Makes me wonder whether what you see is that remaining sync calls filtered by eatmydata might just be of little difference (probably hidden by caching outside the guest), so in the end17:18
smb you only see time getting stolen by the additional context switches.17:18
smosersmb, nah. my experience is that --force-unsafe-io does very little.17:23
smoserand that eatmydata does a lot.17:24
smosershoot.17:26
smbsmoser, Hm at least it looks like there is always a 1s difference in favour of not using eatmydata between "eatmydata sudo apt-get update" and "sudo apt-get update". Though also only tested that on two (real ones but not the most performant) hosts. One running Precise and the other Trusty...17:31
smosersmb, see my last comment there. my data was bogus.17:31
smoserbut your dat adoesn't make senes either.17:31
smboh ok17:31
* smb reloads the page17:31
smbsmoser, Ah so you basically paid the price for wrapping another layer of eatmydata17:34
smoserbut that doesnt really make sense.17:34
smoserbecause eatmydata is LD_PRELOAD17:34
smoseri suppose its posisble it LD_PRELOAD=mylib1.so:mylib2.so is oddly slow. but i dont think that makes much sense.17:35
smoseralso realize that the download time is part of this, which stinks.17:36
smoserie, that is heavily network limited for a lot of that time.17:36
smoseri'll get better numbers here.17:36
smbsmoser, ok. well my mental model might be wrong but I think of it as having loaded another eatmydata which loaded the apt-get. So I imagine syscall interception to be going through two levels. Anyway, lets see the better data. And yeah that can vary too (if not cached by something local)17:41
smoserbut ld_preload doesn't work like that.17:41
smoserbut anyway.17:42
cariboujamespage: FYI, I just pushed an MP on the cinder charm with the config-flags functionality17:53
cariboujamespage: do I need to add someone explicitely to the reviewer list ?17:54
cariboujamespage: hmm, old on a bit, I'll create a public bug to track it17:55
cariboujamespage: ok, that should be better : LP: #126755418:06
cariboujamespage: bug 126755418:06
pdavisonHello, everyone.  I have a question.  I have reason to believe my software RAID is experiencing problems under high load.  I wanted to put them under some load to test, and I was looking at using the stress utility.  The problem is, I have SSDs in the system I do not want to stress.  Is there a way to put IO load on only some drives and not others?18:13
dcosnetpdavison: if they are part of the software raid. no not really.18:22
pdavisondcosnet: No.  They're not part of the RAID.  They're separate.18:23
dcosnetthen whats the problem?18:23
pdavisonI don't see a way to specify which "device" to use when running stress.  Am I missing something, or is there another utility that will work better?18:25
dcosnetwell you could just use a different tool all together like dd18:26
pdavisonHmm...18:26
dcosnetdd if=/dev/zero of=/some/virtual-partition-here/some-big-ass-file.dd18:26
dcosnetthen rm some-big-ass-file.dd after18:26
pdavisonThat's going to consume a lot of space, but not really add the io load I'm looking for, I think.18:26
dcosneto18:27
dcosnetwell it would measure a basic MB/s imo18:27
dcosnetmaybe not good enough though since it adds possible bottleneck i guess18:27
dcosnetif your looking for any statistics beyound MB/s its not ideal18:28
dcosnetbeyond^18:28
pdavisondcosnet: I don't need stats.  I need to stress the controller.18:29
pdavisonI expect it to fail, but I don't want to redeploy it back to production to see.18:29
dcosnetah18:30
dcosnethttp://unix.stackexchange.com/questions/72563/is-there-a-good-drive-torture-test-tool18:32
dcosnethas some good responses18:33
pdavisonLooking...18:34
dcosneti actually just learned of a tool because of that link: HDAT218:34
* dcosnet bookmarks18:34
dcosnetyou probably should just look into bonnie++18:35
dcosnetwhich that url mentions18:35
pdavisonI was looking at bonnie++.  It looks like more of a benchmark tool.  Not sure if that will do what I need.18:36
dcosnethttp://sourceforge.net/projects/bonnie/18:37
dcosnetwell, good luck18:37
pdavisonThanks.18:38
dcosnetwell alternatively you could write a script that does a bunch of concurrent dd if/of commands at once to stress it out18:43
dcosnetautodeleting its child files as it finishes one18:44
dcosnetwould take what 10 minutes to code?18:44
pdavisonThat's an option.18:48
sarnoldpdavison: a lot of these are designed to stress the filesystems, if not the block layer, but it might be worth a look: http://nfsv4.bullopensource.org/doc/testing_tools.php18:48
pdavisonsarnold: Thanks.  I'll iterate through them.  If I can find one that will let me only stress the RAID volume, I can run my test.18:49
pdavisonThe one other criteria is that I need to do this locally, not over NFS.18:50
pdavisonor anything network-centric.18:50
sarnoldpdavison: since those stress filesystems, I have an idea most would take a directory name as argument somewhere..18:50
sarnold.. so you could stress an e.g. /mnt/btrfs but leave / and /home alone :)18:50
pdavisonThat's a good point.  That's the problem I had with "stress"18:51
sarnoldpdavison: yeah, I just got lucky to find the whole list of things on one page :) hehe18:52
sarnoldfstress was the one I went searching for, hooray for google for getting past my poor memory of how to spell it.18:53
dcosneti would recommend a makefile18:53
dcosnetfor true concurrency18:53
pdavisonThat one looks NFS-related.  Can it stress things locally.18:53
sarnoldpdavison: aw crap. then my memory is more broken than I thought.18:54
pdavisondcosnet: That's a good test, but this is an 8-drive SATA array, and I'd have to run quite a few of them concurrently to get enough load.18:54
dcosnetya maybe 32 instances18:54
dcosnetor more18:54
dcosnetdo 2gb files at a time18:54
dcosnetor well, you know its throughput more then me so pick a relivant size18:55
dcosnetthis is only going to stress the write though not the read, or read/write18:56
sarnoldpdavison: hey, I finally found the thing I really -was- looking for, and now I'm not so sure it'll be helpful: http://codemonkey.org.uk/projects/fsx/  oh bother. back to bonnie* and the like :)18:59
pdavisonRight.  Well, maybe I just throw everything and the kitchen sink at it until I either give up or it does.19:00
sarnoldpdavison: lol, I like that19:06
smosersmb, better looking data19:30
smoserhttp://paste.ubuntu.com/6722546/19:30
smoserthose are "hostname" (which implies eatmydata and size) and then 'total time', 'download time', and 'total - download' (ie, the install time)19:31
smoserutlemming, ^19:31
hushnowquietnowHi, can someone help me with a mysql issue I'm running into?19:39
hushnowquietnowEvery couple of minutes this shows up in my syslog:  kernel: [1790217.415429] init: mysql main process (29718) terminated with status 119:39
hushnowquietnowFollowed by a handful of lines about /etc/mysql/debian-start running checks.  Every time those checks run it maxes out the CPU and causes issues with the websites hosted on the server19:40
hushnowquietnowWhere an I look to find why mysql keeps getting terminated?19:42
sarnoldhushnowquietnow: is there anything interesting i the mysql logs?19:43
hushnowquietnowThe mysql logs are all empty19:43
hushnowquietnow /var/log/mysql.log, /var/log/mysql.err, /var/log/mysql/error.log, and /var/log/mysql/mysql.log have nothing in them at all.19:44
smoserhushnowquietnow, dmesg have anything ?19:48
smosercould also have stuff in syslog . could be OOM killer.19:48
hushnowquietnowNothing about memory in syslog19:49
hushnowquietnowdmesg has the same lines about mysql being terminated with status 1, interspersed with: [1790718.914174] type=1400 audit(1389296799.109:14528): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=2536 comm="apparmor_parser"19:50
markthomashushnowquietnow: Are you running apparmor in complain mode or enforce?19:50
hushnowquietnowHow do I check that?19:51
markthomashushnowquietnow: https://help.ubuntu.com/community/AppArmor19:51
markthomasThose may be unrelated, but it'd be nice to rule that out.19:51
markthomashushnowquietnow: Then, make sure you have all possible logging enabled: http://www.pontikis.net/blog/how-and-when-to-enable-mysql-logs19:52
hushnowquietnowWhen I run apparmor_status it tells me that there are 2 processes in enforce mode, both /usr/sbin/mysqld19:52
jdstrandhushnowquietnow: that apparmor message is just loading the profile19:58
hushnowquietnowSo it doesn't have anything to do with what's killling my mysql process20:01
hushnowquietnowSomething else interesting: When I run ps aux | grep mysql, I see what I think is the mysql service started 3 or 4 times20:05
hushnowquietnowI have logging enabled now, and mysqld has been restarted a few times but nothing new or informative is showing up in the logs20:13
hushnowquietnowCuriouser and curiouser20:33
hushnowquietnowThe server rebooted (I think I fat-fingered something) and now the problem isn't happening any more20:33
hushnowquietnowsarnold, smoser, markthomas, jdstrand: thanks for your help in trying to figure this out20:35
=== chmurifree is now known as chmuri
adam_ghallyn, heya22:24
hallynstgraber: hey do you know offhand how i create a new 'parent' for nih allcoations?22:25
hallynadam_g: hey22:25
hallynoh, nih_new?22:26
adam_ghallyn, so i just hit bug #1244694 while verifying an openstack SRU.  the fix you proposed on the bug resolves it for me.22:26
adam_ghttps://bugs.launchpad.net/nova/+bug/1244694'22:26
hallynbug 124469422:26
adam_ghallyn, any chance that update to the apparmor profile is queued for upload to trusty anytime soon?22:26
hallynno bot eh22:27
adam_gbotfail22:27
hallynadam_g: which release is that on22:27
adam_ghallyn, im hitting it on saucy22:27
hallynadam_g: just a sec,22:27
jjohansenhallyn: I know we have an update with some fixes coming let me check22:27
hallynjjohansen: what is that in reference to?22:28
hallynadam_g: ok, i can push that to trusty right now.  are you in the mood to write a SRU justification for it for saucy?22:29
jjohansenhallyn: oh sorry wrong nick that was meant for adam_g22:29
hallynjjohansen: ok22:29
hallynjjohansen: so you mean a security update to saucy libvirt?22:30
jjohansenhallyn: I actually haven't been tracking it closely, I know there are updates to several profiles, and some misc other bug fixes22:30
jjohansenthere was a ftbfs fix for the library for example22:31
jjohansenanyways I am guess this bug isn't in that change set so feel free to push it separately22:33
hallynok - thanks22:34
hallynadam_g: libvirt_1.2.0-0ubuntu3_source.changes pushed22:40
adam_ghallyn, to trusty?22:41
hallynyeah.  working on the saucy one now.  i don't see anything in -proposed, so we should be good22:41
regredditi picked up what i thought was a quick elance job helping a guy move to a new server - both ubuntu 10.422:42
regreddithe took the server over from a previous admin - it collects data from a bunch of devices that are behind nat.22:43
hallynadam_g: ok, libvirt_1.1.1-0ubuntu8.3_source.changes pushed to saucy.22:43
=== NomadJim_ is now known as NomadJim
regredditthe natted devices to a reverse ssh tunnel like "ssh -R1234:localhost:22 sshuser@server.com"22:43
hallynthat is, to -proposed, so awaiting a SRU justification from you :)22:43
adam_ghallyn, cool.22:44
regredditthen the server ssh's to localhost:1234 and poof, he's connected to the natted device22:44
regredditthe problem is on the old server, sshuser has no shell, and no .ssh directory22:44
adam_ghallyn, i can test as soon as its accepted22:45
regreddithow can sshuser setup a tunnel on server as a user that has no login shell, authorized_keys, etc?22:45
hallynadam_g: that's always nice :)22:45
regredditthe natted device runs the ssh command as root, but as sshuser@server22:45
regredditand server then ssh's to localhost:1234 as root22:46
regredditwhat on the server is allowing sshuser to setup a remote tunnel on the server, if his account is basically disabled? we are having a tough time figuring this out22:49
sarnoldregreddit: I'd look for a Match block in the sshd configuration file first..22:51
regreddithmm, we called ourselves looking at the old server's sshd_config to see if that's where it was happenig22:52
regredditand it looked pretty stock22:52
regredditi'll have the client check again22:55
sarnoldhrm.22:58
=== freeflying is now known as freeflying_away
regreddithe claims no match block, or includes of other files23:01
regredditbut if you do the ssh tunnel interactively, it works as expected from a user that has no shell23:02
regreddityou dont get a shell, but from the server you can now ssh to the remote client over the tunnel23:02
regredditso the previoud admin setup some voodoo we can't find23:02
regredditthis is the exact command that the remote natted devices run: autossh -f -nNT -R 28012:127.0.0.1:22 tunneluser@remotehost & > /dev/null23:14
regredditand when we look at that user, he has /usr/bin/nologin as his shell, and /home/tunneluser is 100% empty23:15
regredditnot even an .ssh folder23:15
sarnoldregreddit: is there a home directory listed in /etc/passwd?23:16
regredditand i'll be dangd if we can get that to work on the ner server by creating the same user account with same configuration on his user account23:16
regreddityes, /home/tunneluser23:16
regredditand tunneluser is in no other groups in etc/group23:17
regreddits/ner/new/23:17
SysTomhttp://www.amazon.co.uk/Official-Ubuntu-Server-Book-Edition-ebook/dp/B00DW7PLHA <- any opinions on that book? :)23:33

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!