=== zz_DenBeiren is now known as DenBeiren | ||
jeremy_carroll | Question. I was looking at performance of a program communicating with itself via localhost (TCP). I'm seeing some retransmissions, and an rto of 200ms when speaking between both the programs. Wondering where I should start debugging since local communications should not see a rexmit if it's healthy | 00:50 |
---|---|---|
jeremy_carroll | Example: ESTAB 0 65 127.0.0.1:41690 127.0.0.1:22144 timer:(on,212ms,0) uid:1000 ino:380496980 sk:ffff8801ca163600 | 00:50 |
sarnold | jeremy_carroll: 200ms sounds suspiciously like the TCP_CORK entry in the tcp(7) manpage | 00:53 |
jeremy_carroll | sarnold: Yeah. Everything right around 200ms. Which I thought was RTO. Checking man entry | 00:54 |
jeremy_carroll | sarnold: No shit. This looks exactly right. I do not think the program is setting TCP_NODELAY. So it's most likely waiting for CORK | 00:55 |
=== markthomas|away is now known as markthomas | ||
=== markthomas is now known as markthomas|away | ||
jeremy_carroll | sarnold: I looked at the C code for the program. It's not setting TCP_CORK specifically. I'll look for setsockopts on startup to see if it's doing so. This is not a default option, correct? | 01:02 |
sarnold | jeremy_carroll: well, I don't know that TCP_CORK is the right option to set, since you'd need to unset TCP_CORK when you want the data to fly on the wire; setting TCP_NODELAY is more likely the solution | 01:02 |
jeremy_carroll | sarnold: Yeah. Thanks for the tip. I think you are right that this has 'something' to do with Nagels. NO_DELAY, CORK, etc.. Very helpful. timer being set made me think it was rexmit / rto. Though now I know the timer can be for other options, such as CORK. | 01:03 |
sarnold | jeremy_carroll: I hope that's it; if so, it'd be simple enough fix. I'd be curious to know the results when you've got something sorted out :) | 01:04 |
=== Siebjeee is now known as Siebjee | ||
=== furkan_ is now known as furkan | ||
abhishek | I mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes | 05:33 |
abhishek | I mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes | 05:42 |
=== suigeneris is now known as Kartagis | ||
=== maxb_ is now known as maxb | ||
lordievader | Good morning. | 08:21 |
=== liam_ is now known as Guest79610 | ||
gambol | Hey anyone is using pxe for ubuntu server? Looks I am hitting the same thing with: https://bugs.launchpad.net/ubuntu/+source/net-retriever/+bug/1067934 | 08:28 |
uvirtbot | Launchpad bug 1067934 in net-retriever "spends 10+ minutes deduplicating Package lists" [High,Fix released] | 08:28 |
gambol | both precise and trusty tested. | 08:28 |
gambol | every pxe installation will hang me 10 more mins at the stage. | 08:29 |
yossarianuk | hi - I am looking for a way to be able to sync 'parts' of various config files in multiple linux servers - they are different distros, I also am looking for a way to update all servers on amss - should I be looking at something like puppet ? | 09:44 |
yossarianuk | or can anyone suggest a simple alternative ? I do not really care about deployment (yet) - just syncing 'parts' of config files and updating multiple servers | 09:45 |
yossarianuk | i.e does landscape have the tools to sync parts of config files or is that a tool to update multiple servers ? | 09:45 |
ikonia | yossarianuk: ERB | 09:46 |
lordievader | yossarianuk: Puppet is great for that ;) | 09:46 |
yossarianuk | lordievader: cheers that is what I thought.... | 09:47 |
yossarianuk | ikonia: what does ERB mean ? | 09:47 |
ikonia | ruby templates | 09:48 |
yossarianuk | ikonia: ah - thanks | 09:48 |
lordievader | Puppet is written in Ruby, and can use templates. | 09:49 |
ikonia | puppet could be a huge overkill though for a few config files | 09:50 |
ikonia | it really depends on what's needed | 09:50 |
lordievader | True, true. | 09:50 |
yossarianuk | lordievader: ikonia: that was a fear.... | 09:53 |
yossarianuk | i.e overkill... | 09:53 |
yossarianuk | if you have any suggestions of lighter alternatives ..... | 09:54 |
ikonia | you can use ERB templates without puppet | 09:54 |
yossarianuk | and that can also update servers of different os types ? | 09:54 |
ikonia | totrally | 09:54 |
ikonia | totally | 09:55 |
yossarianuk | cool | 09:55 |
ikonia | it's just a cross-platform template | 09:55 |
ikonia | (it's used with puppet hence the cross platform) | 09:55 |
ikonia | the only think you need to work out is the distribution method but that can be as easy as a shell script | 09:55 |
yossarianuk | well cheers ! (going for a meeting now - back in several hrs.) | 09:55 |
yossarianuk | ERB sounds like a good solution to be fair... | 09:56 |
ikonia | setting it up outside of puppet will require a little thought, but once you've worked it out, you'll fly | 09:56 |
ikonia | eg: heira is a common use for populating the data, you won't be using that, so you'll need to do something different, but it won't be too hard | 09:57 |
=== liam_ is now known as Guest73903 | ||
klander | hey guys. I'm having a bit of a dependency issue while trying to install php5-memcached. I was hoping I could get some advice on what to do next? Here's the bash output: http://pastebin.com/nZcn1YTx | 10:21 |
lordievader | klander: gconf2 fails to setup, and everything seems to depend on that. What happens when you manually run dpkg on that package? | 10:25 |
klander | lordievader: I haven't tried.. | 10:25 |
klander | dpkg -i gconf2 ? | 10:25 |
opstack | Hi guys, does any one have experience with Ubuntu Landscape ? | 10:27 |
lordievader | klander: Using the full path to the package, should be somewhere in /var/cache/apt/archives | 10:27 |
klander | ok i have gconf2-common_2.28.1-0ubuntu1_all.deb , gconf2_2.28.1-0ubuntu1_amd64.deb, libgconf2-4_2.28.1-0ubuntu1_amd64.deb | 10:29 |
lordievader | klander: Try gconf2_2.28.1-0ubuntu1_amd64.deb | 10:30 |
klander | https://gist.github.com/anonymous/9fc2c90355ba15c47ff8 | 10:31 |
lordievader | Pff that is informative.. sudo apt-get autoclean&&sudo apt-get update&&sudo apt-get install gconf2 | 10:34 |
klander | https://gist.github.com/anonymous/0f165f657de5695761b7 | 10:36 |
klander | (after autoclean and update) | 10:36 |
lordievader | klander: sudo apt-get purge gconf2&&sudo apt-get install gconf2 | 10:38 |
klander | https://gist.github.com/anonymous/248fc2618d89d6532019 | 10:39 |
lordievader | klander: Does "dpkg -l|grep gconf" show it as installed? | 10:42 |
klander | https://gist.github.com/anonymous/bd756c995e76e5f2fdfe | 10:43 |
klander | I guess not ^ | 10:43 |
lordievader | klander: sudo apt-get install gconf2 | 10:45 |
=== nath|off is now known as nathema | ||
klander | https://gist.github.com/anonymous/3b66871ca41988c67c97 | 10:46 |
klander | :/ | 10:46 |
klander | shared-mime-info, libgtk2-perl and libgnome2-canvas-perl | 10:46 |
lordievader | klander: Well gconf2 seems to be installed correctly: sudo apt-get install -f | 10:47 |
klander | same output | 10:47 |
lordievader | klander: "sudo dpkg --configure shared-mime-info" Errors I suppose? | 10:49 |
klander | https://gist.github.com/anonymous/1671f16cbb349310bf84 | 10:51 |
klander | Segmentation fault? | 10:51 |
lordievader | It ain't supposed to do that... | 10:53 |
lordievader | klander: What you could try, might be risky, is removing the package temporarely cleaning the cache and reinstalling it. | 10:56 |
klander | okay.. | 11:00 |
lordievader | klander: shared-mime-info likely has dependencies to remove it without removing the dependencies see http://ubuntuforums.org/showthread.php?t=1513821 | 11:01 |
=== Lcawte|Away is now known as Lcawte | ||
=== liam_ is now known as Guest35660 | ||
=== zz_DenBeiren is now known as DenBeiren | ||
=== Lcawte is now known as Lcawte|Away | ||
=== unreal_ is now known as unreal | ||
=== liam_ is now known as Guest73986 | ||
anomaly | I have been getting this email regularly now. 'panic action' script /usr/share/samba/panic-action. nothing esoteric. just local samba for file sharing with windows machines. I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory | 14:32 |
donaldduckk | My home server, mainly media and backups, has been turning off at some point in the night. I have to power it up in the morning. This has happened maybe 3 days in a row. Things ran fine for months. Is there a log i can look at? I looked at dmesg but didn't see anything there. | 14:50 |
patdk-wk_ | look at whatever log your ups software logs to | 14:51 |
=== bilde2910|away is now known as bilde2910 | ||
donaldduckk | ok, didn't know there was an ups log. Thanks. | 15:06 |
hallyn | smb: hi, are you around? | 15:59 |
smb | hallyn, I feel tempted to say no, but yes. | 15:59 |
hallyn | smb: caribou is having an issue with backported libvirt pkgs due to apparmor complications. I think that a version of your upstream patch to tweak the apprmor rules might be the best fix | 15:59 |
smb | hallyn, Yeah... Should I fwd him my latest patches for upstream? | 16:01 |
smb | Probably still have to be tweaked a bit since I only test compiled the upstream variant. Not integrated into Debian packaging | 16:01 |
hallyn | smb: yeah, it's probably better to do it in debian/rules based on the deb target arch | 16:02 |
smb | hallyn, btw, something else. is the irc meeting planned to take place or was it cancelled since many would be away | 16:02 |
hallyn | it is cancelled | 16:03 |
smb | Ah ok. | 16:03 |
smb | In theory it should work after things are expanded. I am just not sure which steps are used to get there. Maybe repackage after ./bootstrap | 16:04 |
=== Lcawte|Away is now known as Lcawte | ||
=== exixt_ is now known as exixt | ||
tgm4883 | Can I set UFW to allow SSH from all local networks? We've got quite a few 10.x.x.x VLANs at work, and I'd like to lock SSH down to the local VLANs without having to add each one independently | 18:30 |
tgm4883 | maybe just allow from 10.0.0.0/8? | 18:31 |
sarnold | tgm4883: try ufw allow in ssh from 10.0.0.0/8 or similar? | 18:32 |
tgm4883 | sarnold: yes that seems to have worked. Thanks | 18:45 |
sarnold | tgm4883: nice | 18:46 |
=== DenBeiren is now known as zz_DenBeiren | ||
=== exixt is now known as exixt_ | ||
bilde2910 | Hi there! I used smartctl --test=short to scan my server's hard drive for errors. I'm not totally sure how to interpret the results, however. Is there some easy way I can check whether my disk ought to be replaced soon? Anything to look out for in the future? https://puu.sh/cDdv3.png | 19:01 |
bilde2910 | I'm guessing the answer to this is actually a bit too simple.. but I just can't seem to figure itout | 19:03 |
fixxxermet | Which syntax would I use to to bond an interface and then bridge it, while using DHCP? | 19:03 |
sarnold | bilde2910: that hardware ecc recovered and raw read error rate seem staggeringly high; to the point that I even wonder if they're outright wrong.. | 19:03 |
bilde2910 | So... something's up? Should I replace the drive? | 19:04 |
sarnold | bilde2910: I'd run the test again tomrrow or something and see if those counts have increase. if they have, plan its replacement soon. if they haven't, you might not have an -immediate- problem but .. it's scary, right? :) | 19:04 |
bilde2910 | Well yeah, I should probably do more frequent backups then | 19:04 |
sarnold | never a wrong answer :) | 19:04 |
bilde2910 | Will run the test again tomorrow, then. Thanks for help | 19:05 |
sarnold | good luck :) | 19:05 |
bilde2910 | Thanks :) | 19:06 |
dasjoe | bilde2910: see the line about SMART Self-test log stuff | 19:07 |
dasjoe | Num #1 "Completed without error" | 19:07 |
bilde2910 | Well that at least looks promising, at least in its current state. | 19:08 |
bilde2910 | Oh, and another question. Is it possible to be alerted somehow (by email, for instance) when something bad happens or is about to happne? | 19:09 |
=== roost_ is now known as roost | ||
dasjoe | bilde2910: also, ignore the Hardware_ECC_recovered line, usually only the vendor knows what it means | 19:09 |
bilde2910 | Ok, thanks for the tip, dasjoe | 19:09 |
=== exixt_ is now known as exixt | ||
dasjoe | bilde2910: If you can erase the drive you should run a destructive test using badblocks, it overwrites the disk multiple times with patterns and checks them for correctness | 19:10 |
sarnold | dasjoe: oh, thanks | 19:11 |
bilde2910 | dasjoe, not sure if that is currently an option; not sure how that would impact uptime on the web server I'm running there. I'd like to use it as much as possible and avoid any downtime I can | 19:11 |
dasjoe | bilde2910: also, see "man 5 smartd.conf" for info on how to receive mails from smartd. If you're using mdadm you should check out "man 5 mdadm.conf", too | 19:12 |
bilde2910 | Thanks | 19:13 |
dasjoe | Sure | 19:13 |
dasjoe | sarnold: imho the only interesting lines are the ones where the vendor configured a threshold, where I usually compare VALUE to THRESH and (mostly) ignore the raw value | 19:15 |
=== exixt is now known as exixt_ | ||
bilde2910 | One last question - how long could I hope my disk would last if I read/write about one file per second? I'm not sure if there are any good estimates on this, but if there is, it would be good to know | 19:17 |
sarnold | dasjoe: ah, the middle columns that I've mostly ignored; those look scary too :) | 19:17 |
anomaly | I have been getting this email regularly now. 'panic action' script /usr/share/samba/panic-action. nothing esoteric. just local samba for file sharing with windows machines. I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory | 19:19 |
qman__ | bilde2910: nobody can say, disk life is a guessing game at best; I replace when errors show up in the log, sometimes that's two months in, and sometimes it never happens | 19:20 |
qman__ | 10 years down the line | 19:20 |
bilde2910 | Ok, thanks! | 19:22 |
qman__ | SMART errors give you reasonable warning prior to a failure about 98% of the time in my experience, and they're evidence enough for an RMA, so that's what I use | 19:24 |
dasjoe | bilde2910: your disk has "used" 6% of its target hard power-cycles (being switched off and on) and 11% of its load cycles (its head getting parked). So you can probably use it for about 9x as long as you've used it for now | 19:24 |
bilde2910 | Interesting | 19:25 |
dasjoe | Just keep in mind SMART is not perfect, a large study (iirc done by Google) found SMART didn't give any warnings for 50% of failed disks | 19:25 |
qman__ | Must have been some crap disks | 19:27 |
qman__ | Failures without smart errors are pretty rare IME and normally that only happens with a drop dead failure situation | 19:27 |
dasjoe | Yeah, because that's what Google would be using. They're known for taking the worst possible hardware ;) | 19:28 |
dasjoe | "Figure 14 shows that even when we add all remaining SMART parameters (except temperature) we still find that over 36% of all failed drives had zero counts on all variables." | 19:28 |
qman__ | I don't check the parameters, just the error log | 19:28 |
dasjoe | http://static.googleusercontent.com/media/research.google.com/en//archive/disk_failures.pdf | 19:29 |
qman__ | The parameters are largely useless | 19:29 |
qman__ | Most failures don't happen all at once, so there's a window of opportunity to replace it | 19:29 |
dasjoe | Right. I ignore the error log, but check the parameters, I also trust my senses of smell, hearing and temperature ;) | 19:30 |
qman__ | I've never had any success with tools that monitor the parameters to predict failure, but I have had great success by monitoring the error count | 19:33 |
qman__ | Soon as that error pops up, prepare to replace | 19:34 |
kevindf_ | I've set up a OpenVPN server (just with the regular tun interface, not tap) and everything connects smoothly with firewall disabled, but once I turn on my firewall again I can connect perfectly but it seems to refuse the routing with as result I have no internet access. I'(ve tried adding rules to iptables such as "-A POSTROUTING -o eth0 -j MASQUERADE" & "-t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE" but with | 19:59 |
kevindf_ | I have iptables-persistent installed also | 20:00 |
kevindf_ | Anyone has any idea what's going wrong with the iptables I added? | 20:00 |
lordievader | kevindf_: Let iptables log the dropped packets and look at what it is dropping. | 20:02 |
kevindf_ | How can I log that exactly? As i'm not that familiar yet with iptables | 20:02 |
lordievader | kevindf_: http://www.thegeekstuff.com/2012/08/iptables-log-packets/ | 20:03 |
kevindf_ | I'll take a look at that, and come back with the results in a few minutes | 20:04 |
kevindf_ | thank you | 20:04 |
kevindf_ | lordievader I logged the data, I think this is the output http://pastebin.com/i0WU96GD | 20:12 |
lordievader | kevindf_: Lots of DNS is being dropped. Can you ping your vpn network with the firewall on? | 20:14 |
kevindf_ | will try to ping on my laptop with the vpn connection, as I tested the vpn quick trough my phone for the log | 20:16 |
kevindf_ | hang on | 20:16 |
LinStatSDR | Got my server running under 40c finally | 20:19 |
LinStatSDR | at 100% load <3 | 20:21 |
kevindf_ | lordievader I can ping 10.8.0.1 perfectly when firewall is enabled and when connected to the vpn | 20:21 |
kevindf_ | but no internet access ofcourse | 20:22 |
lordievader | kevindf_: I think you'll find you have internet access but your DNS is broken. | 20:22 |
LinStatSDR | ^ | 20:23 |
lordievader | LinStatSDR: Whoo neat. Is it an airplane now? | 20:23 |
LinStatSDR | Nope, just ram air. Not too too loud but... servers are loud anyway. | 20:23 |
kevindf_ | I will try comment out push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 4.4.4.4" | 20:24 |
kevindf_ | in my openvpn server.conf file | 20:24 |
kevindf_ | and then try again | 20:24 |
kevindf_ | lordievader I've tried commenting out the DNS in my server conf so it doesn't push the client the dns servers but that didn't work out either unfortantly | 20:27 |
lordievader | kevindf_: That's not what I meant with 'your DNS is broken', look at the iptables log paste you posted. | 20:28 |
lordievader | kevindf_: What is it mainly dropping? What destination port? | 20:28 |
kevindf_ | It's set on port 1194 UDP | 20:29 |
kevindf_ | maybe i should try use port 443 or something? | 20:29 |
lordievader | kevindf_: Try to answer my questions... | 20:30 |
lordievader | kevindf_: Look at the paste you gave me, what destination port is being dropped? | 20:35 |
kevindf_ | 54010? | 20:37 |
lordievader | kevindf_: That is likely a source port.., no traffic with destination port (DPT) 53 is being dropped. | 20:38 |
lordievader | kevindf_: What uses UDP port 53? | 20:39 |
kevindf_ | dns? | 20:39 |
LinStatSDR | I know I know | 20:39 |
LinStatSDR | aww he beat me to it | 20:39 |
genii | Yes, DNS | 20:39 |
kevindf_ | i'm still pretty new to networking but trying to learn as much as i can everyday | 20:41 |
lordievader | kevindf_: Exactly, in other words: any host lookup you do from your vpn client is not able to resolve it to an ip address. | 20:41 |
lordievader | kevindf_: Allow outgoing udp connections to 8.8.8:53 and 4.4.4.4:53 (wasn't it 8.8.4.4?) and you are good to go. | 20:42 |
sarnold | allow tcp too | 20:43 |
lordievader | (Unless there are other ports your firewall blocks ;) | 20:43 |
kevindf_ | Ok, thank you. I will try adding those rules to my firewall and see how it turns out | 20:44 |
kevindf_ | Sorry for some stupid answers, but everyone starts somewhere :) | 20:44 |
LinStatSDR | No worries. We don't mean to come off as being rude. Just text has no emotions or tones. | 20:45 |
lordievader | kevindf_: Exactly, that is why I tried to teach you something rather than just provide answers ;) | 20:46 |
kevindf_ | no problem :) and yes lordie i appreciate that alot, helps me understanding things more easily | 20:47 |
bilde2910 | dasjoe, just curious, where did you see those cycle use percentages you mentioned | 20:57 |
kevindf_ | I allowed the outgoing UDP connections to 8.8.8.8:53 and 8.8.4.4:53 tcp & udp, the log is gving me UFW blocks now for proto 80 TCP & proto 443 TCP | 21:00 |
LinStatSDR | so http | 21:02 |
kevindf_ | LinStatSDR If i'm correct I should allow 80 & 443 now also but for 10.8.0.0/24? | 21:06 |
kevindf_ | TCP | 21:06 |
LinStatSDR | Sounds good to me. | 21:06 |
lordievader | kevindf_: I'd allow those in general. Whitelisting of web servers is a drag. | 21:11 |
kevindf_ | lordievader I just checked and these are both configured for IPV4 aswell as IPV6 to allow from anywhere | 21:12 |
kevindf_ | I don't see why UFW is blocking the packets on those ports now as they are both allowed | 21:14 |
LinStatSDR | lordievader: I agree, whitelisting is very time consuming. | 21:14 |
=== bilde2910 is now known as bilde2910|away | ||
=== bilde2910|away is now known as bilde2910 | ||
dasjoe | bilde2910: check the table, ID 9 Power_On_Hours and ID 193 Load_Cycle_Count | 21:58 |
dasjoe | POH's VALUE is "094", which is in %. So it was on for 6% of the time it was designed for | 21:59 |
kevindf_ | lordievader: Finally got it working, took me some time but added some new iptables rules and it works fine now | 22:10 |
kevindf_ | lordievader: Thanks for helping me out and teaching some new stuff :) | 22:11 |
lordievader | kevindf_: Sure, no problem. Glad to hear it is working now :) | 22:14 |
kevindf_ | :) | 22:14 |
=== Corey_ is now known as Corey | ||
tafa2 | could not find module name cc_ubuntu_init_switch | 23:44 |
tafa2 | anyone seen this? | 23:44 |
tafa2 | server failing to boot | 23:44 |
=== Lcawte is now known as Lcawte|Away |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!