[00:35] <andybalaam> Hi All, I am trying to config postfix+spamassassin to filter incoming mail.  Mail gets filtered when I send, but not when I receive.  Any ideas?
[00:38] <andybalaam> I have -o content_filter=spamassassin in master.cf, and a spamassassin line that pipes through spamc
[00:39] <andybalaam> In the /var/mail.log I see messages being passed on to spamassassin when I send, but just status=sent (delivered to command: procmail -a "$EXTENSION") when I send
[01:31] <ph0x> I have a server I run rutorrent on I also have a screen and speakers hooked up to it, and I run vlc and I use the http interface to interact with it, is ubuntu server for me?
[01:33] <sarnold> if you want to configure your networking with /etc/network/interfaces it'll be fine; if you just want dhcp to work and not think much about networking, ubuntu desktop may be  a better fit. you can make one into the other by adding and removing packages of course..
[01:33] <ph0x> thats what I assumed
[01:33] <ph0x> thanks
[01:34] <ph0x> I just want something stripped down
[01:34] <ph0x> I just wanna boot right into openbox
[01:34] <ph0x> it just downloads torrents then plays them
[01:34] <ph0x> I had it working in debian but i upgraded and it broke init.d
[01:35] <ph0x> and i cant figre it out
[01:35] <ph0x> and i figure if im gonna reinstall might as well go with th ebetter support of ubuntu
[01:53] <kieppie__> hi folks
[01:54] <kieppie__> I've got an issue with a samba4 server randomly throwing off windows clients. full details here: http://ubuntuforums.org/showthread.php?t=2244650
[01:55] <kieppie__> I'm seeing this in the logs around those times, NT_STATUS_NO_SUCH_USER , but also suspecting it could have something to do with routing or resolution, since it tends to switch log files between log.$IP & log.$HOSTNAME around those events
[01:56] <kieppie__> is anyone oble to point me to a good, solid docco for a smb.conf for a fairly liberal samba server config - i.e. allow from LAN without any auth
[01:56] <kieppie__> please?
[01:56] <kieppie__> I'm a run out of ideas
[02:01] <sarnold> kieppie__: it's been more than a decade since I last did samba.. but something feels odd about "obey pam" and "passdb backend = tdbsam" and "passwd program /usr/bin/passwd" and "pam passwd change" ..
[02:01] <sarnold> kieppie__: the tdbsam bit feels like you're trying to use local-to-samba passwords but the pam bits and /usr/bin/passwd feel like trying to use the standard unix authentication bits
[02:02] <sarnold> kieppie__: and moving bad-users to guests, and allowing guests, but still using users (am I right there?) feels like you'll wind up with users unable to edit their own files if they get their passwords wrong (again, am I right? :)
[02:06] <kieppie__> hi sarnold - I got this box back 3 LTS's back. I don't deal with samba very often - kind of thing I set up & leave be - so I've not messed with this box or the config over the years. it's quite possible that a few mis-configs have crept into the setup over years.
[02:07] <sarnold> kieppie__: makes sense
[02:08] <kieppie__> All I need is a vanilla Samba4 host, serving up data to the local LAN - no auth. it sits in an isolated/dandbox environment, so security in this context it now something to be addressed - more stability, accesibility, integrity
[02:09] <kieppie__> got a good guide?
[02:09] <sarnold> the last time I tried doing samba I found "no auth' to be immensely difficult thing to do :(
[02:09] <sarnold> it was complicated by multiple windows versions which had completely different expectations
[02:10] <sarnold> you're "lucky" in that you don't have to deal with both win95 _and_ win2k at once but unlucky in that I think things are even worse now :(
[02:10] <kieppie__> think they screwed the pooch on this one....
[02:10] <kieppie__> pure w7 environ here
[02:10] <sarnold> I think if I were building sometihng from scratch I'd aim for one username / password that's shared by all and known to all
[02:11] <kieppie__> this box is on it's way out eventually & will auth against an AD host, but until then they just need basic & reliable functionality
[02:15] <sarnold> kieppie__: well, this seems a bit simplistic compared to your current config, but might be worth a look: https://help.ubuntu.com/14.04/serverguide/samba-fileserver.html
[05:00] <ph0x> I get hash sum mismatch
[05:00] <ph0x> when running apt-get update
[05:04] <ph0x> i think the servers messing up
[05:04] <ph0x> m speeds drop down to 40 kbps at some point
[06:51] <lordievader> Good morning.
[09:01] <slyboots_> Morning
[09:01] <slyboots_> Im curious, anyone tried adding Enlightment to a standard 14.04 install?  Added a repo but. I think its missing a ton of pre-reqs or something.  cant fiure out how to start the graphical enviro
[09:10] <jamespage> coreycb, zul: I've fixed up all of the angular xstatic packages that where in proposed to a) use embedded assets and b) be the correct version number
[09:17] <slyboots_> Anyone any idea?
[09:38] <matty1234> Is it wise to install: iptables, psad, tripwire, mod_security, and artillery on one server? or does it overlap one another?
[09:43] <jamespage> beisner, coreycb bug for ceph partition table problem - https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1371526
[09:50] <matty1234> ?
[09:58] <ikonia> matty1234: same advice as #ubuntu
[10:42] <fish_> hi!
[10:43] <fish_> I'm trying to upgrade from precise to trusty and ran into issues with the new interface names: my 2nd interface is sometimes called em2 but sometimes eth1
[10:44] <fish_> system is a dell poweredge r710
[10:44] <fish_> looks like there were several issues with biosdevname but the should be all fixed by now.
[10:45] <fish_> right now my 2nd interface is called eth1 but when I run `biosdevname -i eth1` it returns em2
[10:47] <fish_> maybe I should just disable that renaming
[11:15] <jamespage> smb, can you give me any pointer on bug 1371526
[11:15] <jamespage> ?
[11:16] <smb> jamespage, Give me a sec to read
[11:17] <jamespage> smb, ta
[11:25] <smb> jamespage, It really seems like its somehow mounted and as if the unmount either fails or is not enough. Would you be able to give me access to the vm inn the just-after-boot state?
[11:25] <jamespage> smb, I can
[11:26] <zul> jamespage: sweet ill upload horizon this morning then
[11:29] <jamespage> zul, most of the syncs are not done yet
[11:37] <coreycb> jamespage, thanks!
[11:37] <jamespage> coreycb, smb is looking something wonky is going on with re-using the ephemeral block storage after first boot
[11:37] <jamespage> post reboot its all OK again
[11:42] <coreycb> jamespage, ok, yeah that's odd
[11:44] <smb> Really not sure why this happens. Odd is that according to dmesg vdb was mounted but at least /proc/partition shows vdb1/2 ... oh wait, jamespage is that the state after trying some of the ceph setup?
[11:45] <jamespage> smb, I can give you a fresh on
[11:45] <jamespage> e
[11:45] <smb> jamespage, that would be good
[12:05] <jamespage> smoser, not sure whether you might have any insight onto bug 1371526 that smb and I are looking at
[12:06] <jamespage> smoser, the cloud-init formatted and mounted ephemeral device is being awkward on utopic
[12:20] <RoyK> any idea how I can make cpu frequency monitoring work on an opteron (or xeon for that) with 12.04?
[12:21] <RoyK> can't find any useful modules, and the cpufreq dir simply doesn't exist
[12:26] <smb> RoyK, In theory it should just work. Might be disabled in the BIOS, though.
[12:28] <RoyK> smb: well, it doesn't. these are all dell servers in production, so it really should be enabled and at the moment I can't take them down to see what's in bios
[12:28] <dasjoe> RoyK: seems to work fine for me, this is a cat /proc/cpuinfo; cpufreq-info: http://paste.ubuntu.com/8379520/
[12:29] <dasjoe> RoyK: Dell is known for doing some stuff with their BIOSes, like ignoring manually set speed settings
[12:35] <RoyK> dasjoe: looks like that http://tech.tomgoren.com/archives/231
[12:36] <RoyK> perhaps that should be rewritten to something like 'we don't know how to make powersaving systems, so we just disable that part'
[12:36] <smoser> jamespage, "awkward" ?
[12:39] <jamespage> smoser, unmounting the device results in the jbd2 process kicking around, so its impossible to update the partition table
[12:54] <smoser> jamespage, i think unrelated to cloud-init. i'd need more information. where are you running this ?
[12:55] <jamespage> smoser, serverstack
[12:55] <smoser> and that would certainly seem like a kernel bug if unmounting a device does not release it.
[12:55] <smoser> that should block
[12:56] <jamespage> smoser, smb, so beta1 does not have this problem
[12:57] <smb> jamespage, remind me where beta1 is on the time scale compared to the instance I looked at
[12:58] <jamespage> smb, the image you are looking at was yesterdays daily
[12:59] <smb> ok.the kernel certainly changed since then. smoser can you say whether cloud-init changed or not since then (like was it only the kernel or both)?
[13:01] <slyboots_> So... am I correct in saying that vnc4server does not spport "Composit" extensions
[13:01] <slyboots_> Composite even
[13:01] <jamespage> smb, beta1 was on 3.16.0.10.11
[13:02] <slyboots_> Im just wondering if Im just utterly wasting my time even trying to get this to work and it never will
[13:03] <jamespage> smb, smoser: cloud-init was back one revision as well
[13:03] <jamespage> 0.7.6~bzr992
[13:06] <jamespage> smb, smoser: syncing more dailing history into ss so we can bisect this a bit
[13:09] <smoser> jamespage, fwiw, i'm almost certain that cloud-init does not format /dev/vdb on serverstack
[13:09] <smoser> it could ... it has the smarts to, but it would be a bug if it did. as the disk *should* come from openstack as already formated.
[13:10] <jamespage> smoser, oh - I'd not realized that
[13:21] <iclebyte> i need to set a static route to via a gateway on a different subnet, but I get the 'SIOCADDRT: No such process' error. I can reach the gateway via my default gateway however. Is there another way?
[13:47] <jamespage> smoser, I think I'm misunderstanding --max and --keep in simplestreams sync
[13:47] <jamespage> smoser, I expected --max=30 to sync in 30 dailies worth of history?
[13:49] <smoser> max is the maximum number of product/versions it will keep for any product.
[13:50] <smoser> ie, it only pays attention to the newest MAX versions in 14.04:amd64
[13:50] <smoser> 'keep' is boolean
[13:50] <smoser> whether it should keep things after they've fallen off the other end.
[13:50] <jamespage> smoser, oh - so retain older data
[13:50] <jamespage> smoser, that's nice
[13:50] <smoser> so max=30, keep=false: keep up to 30 things, but if something disappears from the remote end dont keep it here.
[13:50] <jamespage> smoser, but --max should sync down into an empty mirror 30 images for each stream right?
[13:51] <smoser> max=30 keep=true: keep 30 of these things, i dont care what the other end does!
[13:51] <jamespage> smoser, OK
[13:51] <smoser> well, there are not 30 images to mirror.
[13:51] <smoser> it can't magically create them :)
[13:51] <jamespage> smoser, really?
[13:51] <jamespage> oh
[13:51] <smoser> we only keep probably 5 dailies.
[13:52] <jamespage> smoser, OK - so by using --keep I'll ensure older dailies don't get deleted
[13:52] <jamespage> locally that is
[13:52] <jamespage> gotcha
[13:52] <smoser> right. you'll have a uber mirror
[13:55] <fish_> I'm upgrading from 12.04 to 14.04 right now and I'm stuck setting up bonding. I used this config (actually it's a template, but so imaging real values where {{ }} is: https://gist.github.com/discordianfish/b2f14bc2bf4231586062 <- is there any reason that doesn't work like that? on boot it waits but can't bring up the bonding but the individual interfaces look healthy
[13:56] <ikonia> fish_: why are you setting up bonding as part of the upgrade
[13:56] <ikonia> fish_: upgrade from as simple a point as possible (eg: no bonding) then configure how you want it
[13:56] <fish_> ikonia: it's upgraded, now I want to setup bonding
[13:56] <fish_> or rather reinstalled
[13:56] <ikonia> ok, so then it has nothing to do with an upgrade
[13:56] <ikonia> you just want to configure bonding on 14.04, correct ?
[13:57] <smoser> jamespage, http://paste.ubuntu.com/8380029/
[13:57] <smoser> just for reference
[13:57] <fish_> right, I should have been more specific: I've upgraded from 12.04 to 14.04 and now my /etc/network/interfaces setting up bonding doesn't work anymore
[13:58] <fish_> I used that bonding config on a different 12.04 system and it worked fine
[13:58] <ikonia> what part of the process is failing
[13:59] <fish_> ikonia: that would be the next question: can't find a way to restart networking to debug that. 'restart networking' doesn't touch the bonding interface
[14:00] <ikonia> fish_: restart networking isn't a command
[14:00] <fish_> on boot I see it trying to setup the interface and waits for 60s, then times out
[14:00] <ikonia> fish_: is the bonding module loaded, that's a good start
[14:00] <fish_> ikonia: sure it is /sbin/restart
[14:00] <ikonia> fish_: yeah, no
[14:00] <fish_> but it's super confusing to have all those ways to restart jobs
[14:01] <fish_> restart <x>, service x restart, /etc/init.d/x restart, invoke-rc.d restart networking
[14:01] <ikonia> fish_: service and init are the same thing, calling upstart
[14:01] <fish_> ikonia: and yes the module is loaded
[14:01] <ikonia> fish_: is the device created ?
[14:02] <fish_> ikonia: so what is the right way to restart networking?
[14:02] <ikonia> fish_: any method of interfacing with upstart is fine
[14:03] <ikonia> fish_: is the device created ?
[14:03] <fish_> /etc/init.d/networking restart just returns without setting anything up it seems
[14:03] <fish_> ikonia: no
[14:04] <ikonia> fish_: what is your bonded device called
[14:04] <fish_> ikonia: int
[14:04] <fish_> see the config
[14:04] <ikonia> int ?
[14:05] <fish_> that was working fine with 12.04, it set up a bonding interface called like that
[14:05] <ikonia> fish_: you have no IP information in that config
[14:05] <ikonia> fish_: what bond mode is this as you have no slaves defined ?
[14:06] <fish_> ikonia: yes, it's a template. just assume ip info there
[14:06] <rbasak> jpds: are you working on bug 1330504?
[14:06] <fish_> ikonia: it's based on https://help.ubuntu.com/community/UbuntuBonding
[14:06] <jpds> rbasak: Yep.
[14:06] <rbasak> jpds: OK just checking it's not lost. Thanks.
[14:07] <ikonia> fish_: and you've checked the dependencies, such as ifenslave ?
[14:07] <jpds> rbasak: Part of my TODO for next week.
[14:07] <fish_> ikonia: I tried several different ways to configure that. assining the interfaces not via bond-slaves on the bond section but in the section of the interfaces worked
[14:07] <fish_> oh...
[14:07] <fish_> looks like ifenslave is missing
[14:07] <fish_> :)
[14:08] <fish_> hrm, odd. my preseed file includes it
[14:09] <fish_> well, lets reboot and see if it already fixed it
[14:09] <fish_> (restarting networking in the current state didn't work. but well, can forgive that ;))
[14:22] <fish_> ikonia: that fixed it.. shame on me for not checking that earlier
[14:22] <fish_> thanks!
[14:22] <fish_> but tbh, it pretty sucks that the networking scripts didn't tell me about that
[14:23] <fish_> no error when restarting networking and no error on boot..
[14:24] <fish_> and I need to figure out why it wasn't installed. I'm using 'd-i pkgsel/include string ... ifenslave' and that didn't install it
[14:24] <jamespage> zul, coreycb: pyscss replaces lesscpy which allows us to move to online compression with a MIR
[14:26] <zul> nifty
[14:52] <brontosaurusrex> should apache break when upgrading to trusty?
[14:53] <brontosaurusrex> and its configs
[14:54] <lordievader> brontosaurusrex: If you go from 2.2 to 2.4 it might.
[14:55] <brontosaurusrex> well, i have no clue what previous version was
[14:55] <brontosaurusrex> now is 2.4.7
[14:56] <lordievader> !info apache2 precise
[14:57] <lordievader> brontosaurusrex: http://httpd.apache.org/docs/2.4/upgrading.html
[14:57] <brontosaurusrex> right, so there is absosmurfly no help from ubuntu-server on that uprade?
[14:57] <brontosaurusrex> upgrade*
[14:58] <zul> jamespage: you should be able to run a usermod in the debian postinst right? (thinking subuid stuff)
[15:33] <Guest9588> hi all, is anyone able to help me debug a networking issue?
[15:33] <lordievader> !ask | Guest9588
[15:35] <Guest9588> I am able to resolve IP address and ping externally(google), but I can not ping or otherwise see any local machines from my ubuntu server
[15:36] <lordievader> Guest9588: How have you setup your network interface?
[15:37] <stinkycheesedude> Can anyone point me to resource that could help me understand how to set up DNS/Hostname on a server acting as a subdomain?  It was already set up as a development server so has a Hostname entry already.  I'd also need to set up sendmail to send through the main domain name... I'm just confused.  Usually do this on a single server...
[15:37] <Guest9588> # The primary network interface
[15:37] <Guest9588> auto eth0
[15:37] <Guest9588> iface eth0 inet dhcp
[15:37] <Guest9588> mtu 1492
[15:37] <lordievader> !paste | Guest9588
[15:41] <Guest9588> http://paste.ubuntu.com/8380646/
[15:42] <dasjoe> Why did you manually set the MTU?
[15:42] <Guest9588> I have tried with no mtu entry, and static as well
[15:42] <lordievader> Guest9588: Could you pastebin the output of "ifconfig".
[15:42] <Guest9588> Should i remove it now?
[15:43] <Guest9588> Sure can, do you want all or just that interface?
[15:43] <lordievader> Guest9588: All if possible.
[15:44] <Guest9588> http://paste.ubuntu.com/8380668/
[15:45] <lordievader> Guest9588: Looks good, what is the output of "ip route"?
[15:47] <Guest9588> http://paste.ubuntu.com/8380680/
[15:52] <RoyK> Guest9588: looks good as well. can you ping the gateway? (192.168.10.1)
[15:53] <Guest9588> http://paste.ubuntu.com/8380734/
[15:54] <Guest9588> That's the part that doesn't make sense to me, can ping the gateway, and i get the correct ip/dns resolution to the target box
[15:54] <Guest9588> but no ping response (confirmed i do get a ping response from a windows box on the same network)
[15:55] <lordievader> Guest9588: Do you run a firewall that prohibits connections to other machines on your network?
[15:55] <Guest9588> ufw is currently disabled
[15:57] <lordievader> Guest9588: Can those other machines see your machine?
[15:57] <Guest9588> negative
[15:58] <lordievader> Other machines can see other machines?
[16:00] <Guest9588> http://paste.ubuntu.com/8380770/
[16:01] <Guest9588> yes, other machines work as expected
[16:01] <lordievader> Guest9588: How did you setup the virtual networking? I've seen implementations where the vm could not see the host and vice versa. Perhaps you have a similar problem.
[16:02] <Guest9588> Are there any other firewalls besides ufw that need to get disabled?
[16:05] <Guest9588> the problem box isn't the host vmserver though
[16:06] <Guest9588> the problem box is "just" another physical box on the "real" network
[16:06] <Guest9588> and the other real boxes can interact with the vms, and vice versa
[16:07] <Guest9588> (just think its this box that has an issue :D )
[16:07] <lordievader> Guest9588: Is the problem that the other physical boxes cannot contact the vm host, right?
[16:07] <Guest9588> I unfortunatly don't have access to the windows box right now to double check the vmware vm network bridge setup
[16:08] <Guest9588> negative
[16:08] <lordievader> Guest9588: Then I fail to understand your explanation.
[16:08] <Guest9588> The problem is all machines on the network can not interact with this problem box
[16:09] <Guest9588> the problem box can interact with the gateway, and even resolves dns correctly
[16:09] <RoyK> Guest9588: sounds like there's a firewall/filter somewhere
[16:09] <Guest9588> but gets 100% packet loss when trying to "do anything"
[16:10] <Guest9588> sudo iptables -L -n
[16:10] <Guest9588> opps sorry :)
[16:11] <Guest9588> http://paste.ubuntu.com/8380832/
[16:12] <Guest9588> do i need to execute anything other than sudo ufw disable?
[16:16] <elliotd123> arp must be working if you can interact with the gateway - are the arp tables populating correctly?
[16:16] <Guest9588> I am not familiar with how to check, please
[16:19] <RoyK> Guest9588: arp -an
[16:20] <Guest9588> http://paste.ubuntu.com/8380890/
[16:20] <elliotd123> check on both the problem host and the other hosts after a ping attempt to see if the arp table is updating.
[16:21] <Guest9588> pinging .11 from that arp is successful from the problem box
[16:21] <Guest9588> but how do i get the <incomplete>'s to update?
[16:21] <elliotd123> well incomplete means that it sent an arp request and didn't get a reply
[16:22] <tarpman> hi server folks. on a trusty web server, I'm seeing apache workers crashing several times an hour, apport reports being generated. stacktracetop varies but is always under zend_execute_scripts. any hints on figuring out what the requests causing it look like? nothing obvious in apache's error.log
[16:24] <blkperl> tarpman: did you check /var/log/syslog or the dmesg command
[16:24] <tarpman> blkperl: nothing interesting in either
[16:29] <blkperl> tarpman: application logs?
[16:32] <tarpman> blkperl: no app-specific logging; stderr is just going to apache's error.log, and there's nothing interesting there either outside of apache's notes about the workers segfaulting
[16:32] <tarpman> blkperl: I have a couple of the coredumps open in gdb, wondering if I can dig request details out of the apache part of that... red herring?
[16:33] <blkperl> theres probably a way to do that, I've never had to do it before
[17:02] <RoyK> tarpman: anything in dmesg?
[17:03] <tarpman> RoyK: nothing
[17:03] <RoyK> tarpman: what sort of pages is it serving? php? static?
[17:04] <tarpman> RoyK: a few things, mostly drupal and moodle. the stack traces all seem to refer to a couple of moodle scripts, mainly pluginfile.php
[17:04] <tarpman> we have a bunch of moodle vhosts though, haven't figured out whether it's a particular one or all of them
[17:05] <tarpman> moodle 2.2.10, fwiw
[17:06] <smoser> jamespage, on that bug.
[17:06] <smoser> you woudl think that i could reproduce the issue jsut by this:
[17:06] <smoser>  sudo umount /dev/vdb; sudo mkfs.ext3 -F /dev/vdb
[17:06] <smoser> right ?
[17:07] <smoser> well, and now reading that bug, what i said might not be completely right.  if the /dev/vdb is an ephemeral device, then it shoudl already havea a filesystem on it.
[17:07] <smoser> if its a cinder device, then on first attach it shoudl be zeros.
[17:08] <smoser> cloud-init should not, i dont thikn create a filesystem on /dev/vdb just because it exists.
[17:08] <smoser> you could post a cloud-init.log of that instance though to see if it did
[17:09] <utlemming> smoser, jamespage: cloud-init should not create a file system on /dev/vdb unless either the datasource or the user requested it.
[17:09] <smoser> right. https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1371526
[17:09] <utlemming> smoser, jamespage: only the smartdc and Azure DS auto-create file systems.
[17:09] <smoser> but it could have been going wrong there.
[17:10] <smoser> the ceph-disk-prepare output there suggests that there was a GPT header on the disk.
[17:10] <smoser> which there would not be on a ephemeral disk as given to it by openstack.
[17:10] <smoser> as those are unpartitioned (mkfs.ext3 backing-file-for-vdb.img)
[19:00] <RoyK> sergey___: bad internet connection?
[19:01] <sergey___> RoyK: I have fiber channel, PC slept and woke
[19:02] <RoyK> erm
[19:02] <RoyK> fiberchannel for networking, not SAN?
[19:03] <RoyK> fibrechannel, that is
[19:08] <Jeeves_Moss> when setting up a SSL, do I specify the external IP or the internal IP (behind a NAT) in the config file?
[19:11] <sergey___> RoyK: fiber channel internet connection(cable) directly to my PC
[19:19] <RoyK> sergey___: probably not fibrechannel - probably just ethernet over fiber
[19:19] <RoyK> sergey___: fibrechannel isn't ethernet - it's made for storage
[19:23] <sergey___> Its not ethernet, I also have media converter that converts fiber to ethernet
[19:31] <patdk-wk> if it's a media converter, it is DEFENTLY ethernet :)
[19:31] <patdk-wk> ethernet != copper/cat(3567)/coax/...
[19:32] <patdk-wk> ethernet is layer2, not layer1
[19:33] <patdk-wk> Jeeves_Moss, what config file? for what purpose?
[19:35] <Jeeves_Moss> patdk-wk, I have 4 sites that I would like to set up with SSL.  I have 4 global static IPs, and 4 internal IPs.  they are 1:1 NAT mapped.  So, I need to know in the SSL config file, do I specify the internal IP or the external IP
[19:35] <patdk-wk> internal
[19:36] <patdk-wk> that is the *binding* ip your are configuring
[19:36] <patdk-wk> not an ssl thing
[19:38] <Jeeves_Moss> patdk-wk, thanks.  that answers my question
[19:43] <zeroNones> is there a standard average latency time for an ubuntu server serving static html files?
[19:43] <zeroNones> I'm seeing 143MS seems high to me
[19:43] <patdk-wk> heh?
[19:43] <patdk-wk> zeroNones, define latency?
[19:44] <patdk-wk> and what is a MS? million seconds?
[19:44] <zeroNones> hi patdk-wk Im looking via safari and chrome tools and whats defined in there as latency in the timeline
[19:44] <zeroNones> yap Milli seconds
[19:45] <patdk-wk> you mean, milliseconds, NOT UPPERCASE
[19:45] <zeroNones> :)
[19:45] <zeroNones> correct
[19:45] <sarnold> in a handful of "time wget http://localhost/debs/" requests using nginx I get 0.005 seconds as a usual response
[19:45] <patdk-wk> how large is this *document*?
[19:45] <sarnold> granted that's a directory listing rathre than loading static content, but it's not a huge directory.
[19:45] <patdk-wk> wget hardly does any of the processing chrome does
[19:45] <zeroNones> wow 0.005 thats awesome
[19:46] <zeroNones> patdk-wk the doc is about 561kb
[19:46] <patdk-wk> that is huge :)
[19:46] <zeroNones> lol
[19:46] <sarnold> patdk-wk: that's why I picked it :) he asked about the response time for serving static content. this isn't exactly static but not too bad as dynamic content goes :)
[19:46] <zeroNones> big dreams
[19:46] <patdk-wk> you do realize every single tcp packet takes like .130ms :)
[19:46] <patdk-wk> atleast using gigabit
[19:46] <patdk-wk> making a connection uses like 3 trips
[19:46] <patdk-wk> sending headers, getting body, more trips
[19:46] <patdk-wk> it adds up fast
[19:47] <patdk-wk> and that assumes the document was CACHED in memory
[19:47] <patdk-wk> normally the *best* I can get, from my house, to my servers a few hundred miles away, is 74ms
[19:47] <sarnold> not bad :)
[19:47] <zeroNones> thats still great
[19:48] <patdk-wk> and assuming you tuned off ALL sleep/idle/cstate/pstates
[19:48] <patdk-wk> and you disk doesn't idle/sleep
[19:48] <zeroNones> patdk-wk can you tell me what you get from where you are?
[19:48] <zeroNones> www.dikaio.com
[19:48] <zeroNones> no disk is always
[19:48] <zeroNones> this is on a hard refresh
[19:48] <zeroNones> Im in Mexico right now
[19:48] <zeroNones> the server is in SF
[19:49] <patdk-wk> 185ms, it took 90ms for me to connect to the server
[19:49] <patdk-wk> and 90ms to download the page
[19:49] <zeroNones> the connection is what I would like to improve, is there tweaking on the server level I can do to help this?
[19:49] <sarnold> real0m0.074s
[19:50] <patdk-wk> yes, make your *internet* close to your users
[19:50] <zeroNones> lol
[19:50] <zeroNones> great
[19:50] <zeroNones> thanks sarnold
[19:50] <zeroNones> thanks patdk-wk
[19:50] <zeroNones> you're talking load balancers :)
[19:50] <patdk-wk> looks like the issue is, it's in ca :)
[19:50] <patdk-wk> no
[19:50] <patdk-wk> I'm talking physical location
[19:51] <patdk-wk> it takes 60ms for me, on the east cost, to get to the west coast
[19:51] <patdk-wk> nothing will EVER make that faster, except a wormhole
[19:51] <patdk-wk> so if you move it to the east coast, it will be faster for me :)
[19:51] <patdk-wk> but it will be slower for westcoast people
[19:51] <zeroNones> load balancers would wouldnt they patdk-wk
[19:51] <patdk-wk> no
[19:51] <zeroNones> if a server is closer to you
[19:51] <patdk-wk> cause I still have to GET to the loadbalancer
[19:51] <patdk-wk> a CDN would be faster
[19:52] <patdk-wk> cause I should go straight to the cdn, that is closest to me
[19:52] <zeroNones> Im connected with a cdn but thats not the initial lookup
[19:52] <zeroNones> ahh you're talking about serving the whole site via cdn
[19:52] <sarnold> ip anycast may help
[19:52] <zeroNones> would be nice
[19:52] <patdk-wk> I dunno, that cdn is horrible slow, compared to direct to the site
[19:52] <zeroNones> on it sarnold :)
[19:53] <patdk-wk> well, ip anycast and/or dns geoip, all help you create a CDN :)
[19:53] <patdk-wk> bad thing about anycasting, while it's great, you have to chew up 256 ip's on it
[19:53] <zeroNones> you think my cdn is slow patdk-wk ?
[19:54] <sarnold> patdk-wk: oh? I thought a pal of mine was pulling it off with something like 8 IPs...
[19:54] <patdk-wk> yes, it's takes 400ms for me to get anything form it
[19:54] <sarnold> patdk-wk: (which seemed too good to be true)
[19:54] <patdk-wk> maybe using 8 ip's out of 256 :)
[19:55] <sarnold> :)
[19:55] <patdk-wk> you can only route a /24, so you have to *use ip* atleast 256 to do anycasting
[19:55] <patdk-wk> use up :)
[19:55] <patdk-wk> so hopefully you have lots of things you need to anycast, at the same locations :)
[19:56] <jsonperl> Hello there! Who wants to play a game of "help jason look at strace output" => http://pastie.org/9576749
[19:56] <patdk-wk> now, what he might do, is anycast his block, then forward all his *non-anycasted* ip back to one centeral location
[19:56] <patdk-wk> ok, I looked
[19:57] <jsonperl> that's a lot of clock_gettime
[19:57] <patdk-wk> next problem
[19:57] <zeroNones> had high hopes for maxcdn... feeling :(
[19:57] <patdk-wk> why would one call gettime?
[19:57] <zeroNones> :)
[19:58] <jsonperl> that's a great question
[19:58] <jsonperl> a better one is why call it 147726 times
[19:58] <patdk-wk> zeroNones, well, it probably will help a lot, outside the usa
[19:58] <patdk-wk> but inside, and your server is inside, heh, it's *fast enough* :)
[19:58] <patdk-wk> jsonperl, no
[19:58] <patdk-wk> first you need to know WHY you are calling it at all
[19:58] <zeroNones> yeah no out-of-country clients to that site lol
[19:59] <patdk-wk> then you can figure out WHY you don't need to call it so often :)
[19:59] <jsonperl> lots and lots of timers involved... gameserver, generally driven by a "tick" every 1/8 of a second
[20:00] <jsonperl> I'm guessing the timer functionality uses it internally
[20:00] <patdk-wk> yes, but there are other solutions to that :)
[20:00] <patdk-wk> like say, your in a loop
[20:00] <jsonperl> It's eventmachine based, so we're relying on the framework internals
[20:00] <patdk-wk> you get a request from a client
[20:00] <patdk-wk> you process that request
[20:01] <patdk-wk> you need to check the time 8 times to process it
[20:01] <patdk-wk> you could have done the time check once, and reused it
[20:01] <patdk-wk> or you could do it once, per loop check
[20:01] <patdk-wk> instead of everytime in the code you wanted the time
[20:02] <patdk-wk> you just need to find the ones that don't need 100% perfect time
[20:02] <patdk-wk> or how much time is perfect enough
[20:02] <patdk-wk> I would think in your case, likely, once per event, or even less
[20:03] <jsonperl> a lot of things are driven based on time though
[20:03] <jsonperl> like, persist the world every 1 minute (or whatever)
[20:03] <patdk-wk> so?
[20:03] <patdk-wk> why would you look up the time AT ALL for that
[20:04] <jsonperl> I can definitely dig into how it works
[20:04] <patdk-wk> everything I just said went completely over your head :)
[20:04] <jsonperl> But from my end I just say "every minute, do a thing"
[20:04] <jsonperl> basically yes (to over my head)
[20:04] <patdk-wk> heh?
[20:04] <patdk-wk> really, that is how it's coded?
[20:04] <patdk-wk> what is the *actual* code for that look like?
[20:04] <jsonperl> a good bit of it yes
[20:05] <jsonperl> for the kinda automatic stuff
[20:05] <jsonperl> i'll get you a line, hangon
[20:05] <patdk-wk> normally it's sometime like, if(lasttime+60 < time()) { do thing; lasttime=time() }
[20:05] <jsonperl> EM.add_periodic_timer(1.0)   { report_server_stats }
[20:05] <patdk-wk> but if you change that do like, mytime=time();  if(lasttime+60<mytime) { do thing; lasttime=mytime; }
[20:05] <patdk-wk> you just cut out 50% :)
[20:06] <patdk-wk> so maybe it's not your code, your just using an EVIL class :)
[20:06] <patdk-wk> check into why the EM class does this
[20:06] <patdk-wk> fix it, or switch to something else :)
[20:07] <jsonperl> ha, ok
[20:07] <jsonperl> that seems awfully heavy on that call right?
[20:07] <patdk-wk> from what you showed? dunno
[20:07] <patdk-wk> it might be, it might be normal
[20:08] <patdk-wk> it might be, that call, while high, is not using enough resources to care about :)
[20:09] <jsonperl> So yea... just starting to profile this heavily
[20:09] <jsonperl> rather than blindly fixing things that don't help
[20:10] <patdk-wk> ya, that only shows system calls though
[20:10] <patdk-wk> you need to also show internal calls
[20:10] <patdk-wk> so you can see if the system calls are enough overhead vs your internal stuff
[20:10] <jsonperl> right, starting high, movin low
[20:10] <patdk-wk> to worry about
[20:11] <jsonperl> also i've no idea what i'm doing
[20:11] <jsonperl> (yet)
[20:13] <jsonperl> what profiling tools would you use?
[20:13] <jsonperl> was gonna head to gdb next
[20:23] <openwrtnoob> Hello.
[20:24] <openwrtnoob> I changed the file limits in /etc/security/limits.conf and enabled pam_limits.so in /etc/pam.d/su
[20:25] <openwrtnoob> Do I need to reboot the server to enact the new open file limits for all users?
[21:06] <RoyK> sergey___: firbrechannel is used to transport storage stuff
[21:09] <sergey___> RoyK: https://en.wikipedia.org/wiki/Fibre_Channel and media converter like this http://www.nitek.net/images/1000icon.png
[21:14] <patdk-wk> sergey, that *media* converter does not support fiberchannel, only ethernet
[21:15] <patdk-wk> http://en.wikipedia.org/wiki/Gigabit_Ethernet#1000BASE-SX
[21:16] <patdk-wk> or it might be 1000BASE-LX
[21:17] <patdk-wk> "All converters are fully compliant with the IEEE 802.3 and 802.3u Fast Ethernet standards" != fiberchannel
[21:17] <patdk-wk> http://www.nitek.net/products/fiber-media-converters/multi-mode-gigabit.html
[21:24] <sergey___> Dont really get what is the difference. Its optic cable not usual ethernet cable
[23:46] <Patrickdk> the difference is, ethernet is NOT a cable, it's a protocol
[23:46] <Patrickdk> it doesn't matter if it is on copper, twisted pair, optical, wireless, or whatever else
[23:47] <Patrickdk> it's like saying, My harddrive is ext4, it's not, that is just how your using it
[23:47] <Patrickdk> it could be *formatted* however you wish
[23:47] <Patrickdk> your *formatted* your fiber opticals to ethernet, not to fiberchannel protocol
[23:48] <Patrickdk> if you really did have fiberchannel gear, you would know, caus it just wouldn't work :)
[23:49] <ph0x> I need serious help with wpa_supplicant
[23:49] <ph0x> anyone where?
[23:55] <Patrickdk> likely get better help in #ubuntu
[23:55] <Patrickdk> not sure exactly how many people run wireless on their servers