/srv/irclogs.ubuntu.com/2014/11/04/#ubuntu-server.txt

=== zz_DenBeiren is now known as DenBeiren
jeremy_carrollQuestion. I was looking at performance of a program communicating with itself via localhost (TCP). I'm seeing some retransmissions, and an rto of 200ms when speaking between both the programs. Wondering where I should start debugging since local communications should not see a rexmit if it's healthy00:50
jeremy_carrollExample: ESTAB      0      65              127.0.0.1:41690            127.0.0.1:22144    timer:(on,212ms,0) uid:1000 ino:380496980 sk:ffff8801ca16360000:50
sarnoldjeremy_carroll: 200ms sounds suspiciously like the TCP_CORK entry in the tcp(7) manpage00:53
jeremy_carrollsarnold: Yeah. Everything right around 200ms. Which I thought was RTO. Checking man entry00:54
jeremy_carrollsarnold: No shit. This looks exactly right. I do not think the program is setting TCP_NODELAY. So it's most likely waiting for CORK00:55
=== markthomas|away is now known as markthomas
=== markthomas is now known as markthomas|away
jeremy_carrollsarnold: I looked at the C code for the program. It's not setting TCP_CORK specifically. I'll look for setsockopts on startup to see if it's doing so. This is not a default option, correct?01:02
sarnoldjeremy_carroll: well, I don't know that TCP_CORK is the right option to set, since you'd need to unset TCP_CORK when you want the data to fly on the wire; setting TCP_NODELAY is more likely the solution01:02
jeremy_carrollsarnold: Yeah. Thanks for the tip. I think you are right that this has 'something' to do with Nagels. NO_DELAY, CORK, etc.. Very helpful. timer being set made me think it was rexmit / rto. Though now I know the timer can be for other options, such as CORK.01:03
sarnoldjeremy_carroll: I hope that's it; if so, it'd be simple enough fix. I'd be curious to know the results when you've got something sorted out :)01:04
=== Siebjeee is now known as Siebjee
=== furkan_ is now known as furkan
abhishekI mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes05:33
abhishekI mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes05:42
=== suigeneris is now known as Kartagis
=== maxb_ is now known as maxb
lordievaderGood morning.08:21
=== liam_ is now known as Guest79610
gambolHey anyone is using pxe for ubuntu server? Looks I am hitting the same thing with:  https://bugs.launchpad.net/ubuntu/+source/net-retriever/+bug/106793408:28
uvirtbotLaunchpad bug 1067934 in net-retriever "spends 10+ minutes deduplicating Package lists" [High,Fix released]08:28
gambolboth precise and trusty tested.08:28
gambolevery pxe installation will hang me 10 more mins at the stage.08:29
yossarianuk hi - I am looking for a way to be able to sync 'parts' of various config files in multiple linux servers - they are different distros, I also am looking for a way to update all servers on amss - should I be looking at something like puppet ?09:44
yossarianuk or can anyone suggest a simple alternative ? I do not really care about deployment (yet) - just syncing 'parts' of config files and updating multiple servers09:45
yossarianuki.e does landscape have the tools to sync parts of config files or is that a tool to update multiple servers ?09:45
ikoniayossarianuk: ERB09:46
lordievaderyossarianuk: Puppet is great for that ;)09:46
yossarianuklordievader: cheers that is what I thought....09:47
yossarianukikonia: what does ERB mean ?09:47
ikoniaruby templates09:48
yossarianukikonia: ah - thanks09:48
lordievaderPuppet is written in Ruby, and can use templates.09:49
ikoniapuppet could be a huge overkill though for a few config files09:50
ikoniait really depends on what's needed09:50
lordievaderTrue, true.09:50
yossarianuklordievader: ikonia: that was a fear....09:53
yossarianuki.e overkill...09:53
yossarianukif you have any suggestions of lighter alternatives .....09:54
ikoniayou can use ERB templates without puppet09:54
yossarianukand that can also update servers of different os types ?09:54
ikoniatotrally09:54
ikoniatotally09:55
yossarianukcool09:55
ikoniait's just a cross-platform template09:55
ikonia(it's used with puppet hence the cross platform)09:55
ikoniathe only think you need to work out is the distribution method but that can be as easy as a shell script09:55
yossarianukwell cheers !  (going for a meeting now - back in several hrs.)09:55
yossarianukERB sounds like a good solution to be fair...09:56
ikoniasetting it up outside of puppet will require a little thought, but once you've worked it out, you'll fly09:56
ikoniaeg: heira is a common use for populating the data, you won't be using that, so you'll need to do something different, but it won't be too hard09:57
=== liam_ is now known as Guest73903
klanderhey guys. I'm having a bit of a dependency issue while trying to install php5-memcached. I was hoping I could get some advice on what to do next? Here's the bash output: http://pastebin.com/nZcn1YTx10:21
lordievaderklander: gconf2 fails to setup, and everything seems to depend on that. What happens when you manually run dpkg on that package?10:25
klanderlordievader: I haven't tried..10:25
klanderdpkg -i gconf2 ?10:25
opstackHi guys, does any one have experience with Ubuntu Landscape ?10:27
lordievaderklander: Using the full path to the package, should be somewhere in /var/cache/apt/archives10:27
klanderok i have gconf2-common_2.28.1-0ubuntu1_all.deb , gconf2_2.28.1-0ubuntu1_amd64.deb, libgconf2-4_2.28.1-0ubuntu1_amd64.deb10:29
lordievaderklander: Try gconf2_2.28.1-0ubuntu1_amd64.deb10:30
klanderhttps://gist.github.com/anonymous/9fc2c90355ba15c47ff810:31
lordievaderPff that is informative.. sudo apt-get autoclean&&sudo apt-get update&&sudo apt-get install gconf210:34
klanderhttps://gist.github.com/anonymous/0f165f657de5695761b710:36
klander(after autoclean and update)10:36
lordievaderklander: sudo apt-get purge gconf2&&sudo apt-get install gconf210:38
klanderhttps://gist.github.com/anonymous/248fc2618d89d653201910:39
lordievaderklander: Does "dpkg -l|grep gconf" show it as installed?10:42
klanderhttps://gist.github.com/anonymous/bd756c995e76e5f2fdfe10:43
klanderI guess not ^10:43
lordievaderklander: sudo apt-get install gconf210:45
=== nath|off is now known as nathema
klanderhttps://gist.github.com/anonymous/3b66871ca41988c67c9710:46
klander:/10:46
klandershared-mime-info, libgtk2-perl and libgnome2-canvas-perl10:46
lordievaderklander: Well gconf2 seems to be installed correctly: sudo apt-get install -f10:47
klandersame output10:47
lordievaderklander: "sudo dpkg --configure shared-mime-info" Errors I suppose?10:49
klanderhttps://gist.github.com/anonymous/1671f16cbb349310bf8410:51
klanderSegmentation fault?10:51
lordievaderIt ain't supposed to do that...10:53
lordievaderklander: What you could try, might be risky, is removing the package temporarely cleaning the cache and reinstalling it.10:56
klanderokay..11:00
lordievaderklander: shared-mime-info likely has dependencies to remove it without removing the dependencies see http://ubuntuforums.org/showthread.php?t=151382111:01
=== Lcawte|Away is now known as Lcawte
=== liam_ is now known as Guest35660
=== zz_DenBeiren is now known as DenBeiren
=== Lcawte is now known as Lcawte|Away
=== unreal_ is now known as unreal
=== liam_ is now known as Guest73986
anomalyI have been getting this email regularly now.  'panic action' script /usr/share/samba/panic-action.  nothing esoteric.  just local samba for file sharing with windows machines.  I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory14:32
donaldduckkMy home server, mainly media and backups, has been turning off at some point in the night. I have to power it up in the morning. This has happened maybe 3 days in a row. Things ran fine for months. Is there a log i can look at? I looked at dmesg but didn't see anything there.14:50
patdk-wk_look at whatever log your ups software logs to14:51
=== bilde2910|away is now known as bilde2910
donaldduckkok, didn't know there was an ups log. Thanks.15:06
hallynsmb: hi, are you around?15:59
smbhallyn, I feel tempted to say no, but yes.15:59
hallynsmb: caribou is having an issue with backported libvirt pkgs due to apparmor complications.  I think that a version of your upstream patch to tweak the apprmor rules might be the best fix15:59
smbhallyn, Yeah... Should I fwd him my latest patches for upstream?16:01
smbProbably still have to be tweaked a bit since I only test compiled the upstream variant. Not integrated into Debian packaging16:01
hallynsmb: yeah, it's probably better to do it in debian/rules based on the deb target arch16:02
smbhallyn, btw, something else. is the irc meeting planned to take place or was it cancelled since many would be away16:02
hallynit is cancelled16:03
smbAh ok.16:03
smbIn theory it should work after things are expanded. I am just not sure which steps are used to get there. Maybe repackage after ./bootstrap16:04
=== Lcawte|Away is now known as Lcawte
=== exixt_ is now known as exixt
tgm4883Can I set UFW to allow SSH from all local networks? We've got quite a few 10.x.x.x VLANs at work, and I'd like to lock SSH down to the local VLANs without having to add each one independently18:30
tgm4883maybe just allow from 10.0.0.0/8?18:31
sarnoldtgm4883: try ufw allow in ssh from 10.0.0.0/8  or similar?18:32
tgm4883sarnold: yes that seems to have worked. Thanks18:45
sarnoldtgm4883: nice18:46
=== DenBeiren is now known as zz_DenBeiren
=== exixt is now known as exixt_
bilde2910Hi there! I used smartctl --test=short to scan my server's hard drive for errors. I'm not totally sure how to interpret the results, however. Is there some easy way I can check whether my disk ought to be replaced soon? Anything to look out for in the future? https://puu.sh/cDdv3.png19:01
bilde2910I'm guessing the answer to this is actually a bit too simple.. but I just can't seem to figure itout19:03
fixxxermetWhich syntax would I use to to bond an interface and then bridge it, while using DHCP?19:03
sarnoldbilde2910: that hardware ecc recovered and raw read error rate seem staggeringly high; to the point that I even wonder if they're outright wrong..19:03
bilde2910So... something's up? Should I replace the drive?19:04
sarnoldbilde2910: I'd run the test again tomrrow or something and see if those counts have increase. if they have, plan its replacement soon. if they haven't, you might not have an -immediate- problem but .. it's scary, right? :)19:04
bilde2910Well yeah, I should probably do more frequent backups then19:04
sarnoldnever a wrong answer :)19:04
bilde2910Will run the test again tomorrow, then. Thanks for help19:05
sarnoldgood luck :)19:05
bilde2910Thanks :)19:06
dasjoebilde2910: see the line about SMART Self-test log stuff19:07
dasjoeNum #1 "Completed without error"19:07
bilde2910Well that at least looks promising, at least in its current state.19:08
bilde2910Oh, and another question. Is it possible to be alerted somehow (by email, for instance) when something bad happens or is about to happne?19:09
=== roost_ is now known as roost
dasjoebilde2910: also, ignore the Hardware_ECC_recovered line, usually only the vendor knows what it means19:09
bilde2910Ok, thanks for the tip, dasjoe19:09
=== exixt_ is now known as exixt
dasjoebilde2910: If you can erase the drive you should run a destructive test using badblocks, it overwrites the disk multiple times with patterns and checks them for correctness19:10
sarnolddasjoe: oh, thanks19:11
bilde2910dasjoe, not sure if that is currently an option; not sure how that would impact uptime on the web server I'm running there. I'd like to use it as much as possible and avoid any downtime I can19:11
dasjoebilde2910: also, see "man 5 smartd.conf" for info on how to receive mails from smartd. If you're using mdadm you should check out "man 5 mdadm.conf", too19:12
bilde2910Thanks19:13
dasjoeSure19:13
dasjoesarnold: imho the only interesting lines are the ones where the vendor configured a threshold, where I usually compare VALUE to THRESH and (mostly) ignore the raw value19:15
=== exixt is now known as exixt_
bilde2910One last question - how long could I hope my disk would last if I read/write about one file per second? I'm not sure if there are any good estimates on this, but if there is, it would be good to know19:17
sarnolddasjoe: ah, the middle columns that I've mostly ignored; those look scary too :)19:17
anomalyI have been getting this email regularly now.  'panic action' script /usr/share/samba/panic-action.  nothing esoteric.  just local samba for file sharing with windows machines.  I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory19:19
qman__bilde2910: nobody can say, disk life is a guessing game at best; I replace when errors show up in the log, sometimes that's two months in, and sometimes it never happens19:20
qman__10 years down the line19:20
bilde2910Ok, thanks!19:22
qman__SMART errors give you reasonable warning prior to a failure about 98% of the time in my experience, and they're evidence enough for an RMA, so that's what I use19:24
dasjoebilde2910: your disk has "used" 6% of its target hard power-cycles (being switched off and on) and 11% of its load cycles (its head getting parked). So you can probably use it for about 9x as long as you've used it for now19:24
bilde2910Interesting19:25
dasjoeJust keep in mind SMART is not perfect, a large study (iirc done by Google) found SMART didn't give any warnings for 50% of failed disks19:25
qman__Must have been some crap disks19:27
qman__Failures without smart errors are pretty rare IME and normally that only happens with a drop dead failure situation19:27
dasjoeYeah, because that's what Google would be using. They're known for taking the worst possible hardware ;)19:28
dasjoe"Figure 14 shows that even when we add all remaining SMART parameters (except temperature) we still find that over 36% of all failed drives had zero counts on all variables."19:28
qman__I don't check the parameters, just the error log19:28
dasjoehttp://static.googleusercontent.com/media/research.google.com/en//archive/disk_failures.pdf19:29
qman__The parameters are largely useless19:29
qman__Most failures don't happen all at once, so there's a window of opportunity to replace it19:29
dasjoeRight. I ignore the error log, but check the parameters, I also trust my senses of smell, hearing and temperature ;)19:30
qman__I've never had any success with tools that monitor the parameters to predict failure, but I have had great success by monitoring the error count19:33
qman__Soon as that error pops up, prepare to replace19:34
kevindf_I've set up a OpenVPN server (just with the regular tun interface, not tap) and everything connects smoothly with firewall disabled, but once I turn on my firewall again I can connect perfectly but it seems to refuse the routing with as result I have no internet access. I'(ve tried adding rules to iptables such as "-A POSTROUTING -o eth0 -j MASQUERADE" & "-t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE"  but with 19:59
kevindf_I have iptables-persistent installed also20:00
kevindf_Anyone has any idea what's going wrong with the iptables I added?20:00
lordievaderkevindf_: Let iptables log the dropped packets and look at what it is dropping.20:02
kevindf_How can I log that exactly? As i'm not that familiar yet with iptables20:02
lordievaderkevindf_: http://www.thegeekstuff.com/2012/08/iptables-log-packets/20:03
kevindf_I'll take a look at that, and come back with the results in a few minutes20:04
kevindf_thank you20:04
kevindf_lordievader I logged the data, I think this is the output http://pastebin.com/i0WU96GD20:12
lordievaderkevindf_: Lots of DNS is being dropped. Can you ping your vpn network with the firewall on?20:14
kevindf_will try to ping on my laptop with the vpn connection, as I tested the vpn quick trough my phone for the log20:16
kevindf_hang on20:16
LinStatSDRGot my server running under 40c finally20:19
LinStatSDRat 100% load <320:21
kevindf_lordievader I can ping 10.8.0.1 perfectly when firewall is enabled and when connected to the vpn20:21
kevindf_but no internet access ofcourse20:22
lordievaderkevindf_: I think you'll find you have internet access but your DNS is broken.20:22
LinStatSDR^20:23
lordievaderLinStatSDR: Whoo neat. Is it an airplane now?20:23
LinStatSDRNope, just ram air. Not too too loud but... servers are loud anyway.20:23
kevindf_I will try comment out  push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 4.4.4.4"20:24
kevindf_in my openvpn server.conf file20:24
kevindf_and then try again20:24
kevindf_lordievader I've tried commenting out the DNS in my server conf so it doesn't push the client the dns servers but that didn't work out either unfortantly20:27
lordievaderkevindf_: That's not what I meant with 'your DNS is broken', look at the iptables log paste you posted.20:28
lordievaderkevindf_: What is it mainly dropping? What destination port?20:28
kevindf_It's set on port 1194 UDP20:29
kevindf_maybe i should try use port 443 or something?20:29
lordievaderkevindf_: Try to answer my questions...20:30
lordievaderkevindf_: Look at the paste you gave me, what destination port is being dropped?20:35
kevindf_54010?20:37
lordievaderkevindf_: That is likely a source port.., no traffic with destination port (DPT) 53 is being dropped.20:38
lordievaderkevindf_: What uses UDP port 53?20:39
kevindf_dns?20:39
LinStatSDRI know I know20:39
LinStatSDRaww he beat me to it20:39
geniiYes, DNS20:39
kevindf_i'm still pretty new to networking but trying to learn as much as i can everyday20:41
lordievaderkevindf_: Exactly, in other words: any host lookup you do from your vpn client is not able to resolve it to an ip address.20:41
lordievaderkevindf_: Allow outgoing udp connections to 8.8.8:53 and 4.4.4.4:53 (wasn't it 8.8.4.4?) and you are good to go.20:42
sarnoldallow tcp too20:43
lordievader(Unless there are other ports your firewall blocks ;)20:43
kevindf_Ok, thank you. I will try adding those rules to my firewall and see how it turns out20:44
kevindf_Sorry for some stupid answers, but everyone starts somewhere :)20:44
LinStatSDRNo worries. We don't mean to come off as being rude. Just text has no emotions or tones.20:45
lordievaderkevindf_: Exactly, that is why I tried to teach you something rather than just provide answers ;)20:46
kevindf_no problem :) and yes lordie i appreciate that alot, helps me understanding things more easily20:47
bilde2910dasjoe, just curious, where did you see those cycle use percentages you mentioned20:57
kevindf_I allowed the outgoing UDP connections to 8.8.8.8:53 and 8.8.4.4:53 tcp & udp, the log is gving me UFW blocks now for proto 80 TCP & proto 443 TCP21:00
LinStatSDRso http21:02
kevindf_LinStatSDR If i'm correct I should allow 80 & 443 now also but for 10.8.0.0/24?21:06
kevindf_TCP21:06
LinStatSDRSounds good to me.21:06
lordievaderkevindf_: I'd allow those in general. Whitelisting of web servers is a drag.21:11
kevindf_lordievader I just checked and these are both configured for IPV4 aswell as IPV6 to allow from anywhere21:12
kevindf_I don't see why UFW is blocking the packets on those ports now as they are both allowed21:14
LinStatSDRlordievader: I agree, whitelisting is very time consuming.21:14
=== bilde2910 is now known as bilde2910|away
=== bilde2910|away is now known as bilde2910
dasjoebilde2910: check the table, ID 9 Power_On_Hours and ID 193 Load_Cycle_Count21:58
dasjoePOH's VALUE is "094", which is in %. So it was on for 6% of the time it was designed for21:59
kevindf_lordievader: Finally got it working, took me some time but added some new iptables rules and it works fine now22:10
kevindf_lordievader: Thanks for helping me out and teaching some new stuff :)22:11
lordievaderkevindf_: Sure, no problem. Glad to hear it is working now :)22:14
kevindf_:)22:14
=== Corey_ is now known as Corey
tafa2could not find module name cc_ubuntu_init_switch23:44
tafa2anyone seen this?23:44
tafa2server failing to boot23:44
=== Lcawte is now known as Lcawte|Away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!