[00:50] <jeremy_carroll> Question. I was looking at performance of a program communicating with itself via localhost (TCP). I'm seeing some retransmissions, and an rto of 200ms when speaking between both the programs. Wondering where I should start debugging since local communications should not see a rexmit if it's healthy
[00:50] <jeremy_carroll> Example: ESTAB      0      65              127.0.0.1:41690            127.0.0.1:22144    timer:(on,212ms,0) uid:1000 ino:380496980 sk:ffff8801ca163600
[00:53] <sarnold> jeremy_carroll: 200ms sounds suspiciously like the TCP_CORK entry in the tcp(7) manpage
[00:54] <jeremy_carroll> sarnold: Yeah. Everything right around 200ms. Which I thought was RTO. Checking man entry
[00:55] <jeremy_carroll> sarnold: No shit. This looks exactly right. I do not think the program is setting TCP_NODELAY. So it's most likely waiting for CORK
[01:02] <jeremy_carroll> sarnold: I looked at the C code for the program. It's not setting TCP_CORK specifically. I'll look for setsockopts on startup to see if it's doing so. This is not a default option, correct?
[01:02] <sarnold> jeremy_carroll: well, I don't know that TCP_CORK is the right option to set, since you'd need to unset TCP_CORK when you want the data to fly on the wire; setting TCP_NODELAY is more likely the solution
[01:03] <jeremy_carroll> sarnold: Yeah. Thanks for the tip. I think you are right that this has 'something' to do with Nagels. NO_DELAY, CORK, etc.. Very helpful. timer being set made me think it was rexmit / rto. Though now I know the timer can be for other options, such as CORK.
[01:04] <sarnold> jeremy_carroll: I hope that's it; if so, it'd be simple enough fix. I'd be curious to know the results when you've got something sorted out :)
[05:33] <abhishek> I mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes
[05:42] <abhishek> I mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes
[08:21] <lordievader> Good morning.
[08:28] <gambol> Hey anyone is using pxe for ubuntu server? Looks I am hitting the same thing with:  https://bugs.launchpad.net/ubuntu/+source/net-retriever/+bug/1067934
[08:28] <gambol> both precise and trusty tested.
[08:29] <gambol> every pxe installation will hang me 10 more mins at the stage.
[09:44] <yossarianuk>  hi - I am looking for a way to be able to sync 'parts' of various config files in multiple linux servers - they are different distros, I also am looking for a way to update all servers on amss - should I be looking at something like puppet ?
[09:45] <yossarianuk>  or can anyone suggest a simple alternative ? I do not really care about deployment (yet) - just syncing 'parts' of config files and updating multiple servers
[09:45] <yossarianuk> i.e does landscape have the tools to sync parts of config files or is that a tool to update multiple servers ?
[09:46] <ikonia> yossarianuk: ERB
[09:46] <lordievader> yossarianuk: Puppet is great for that ;)
[09:47] <yossarianuk> lordievader: cheers that is what I thought....
[09:47] <yossarianuk> ikonia: what does ERB mean ?
[09:48] <ikonia> ruby templates
[09:48] <yossarianuk> ikonia: ah - thanks
[09:49] <lordievader> Puppet is written in Ruby, and can use templates.
[09:50] <ikonia> puppet could be a huge overkill though for a few config files
[09:50] <ikonia> it really depends on what's needed
[09:50] <lordievader> True, true.
[09:53] <yossarianuk> lordievader: ikonia: that was a fear....
[09:53] <yossarianuk> i.e overkill...
[09:54] <yossarianuk> if you have any suggestions of lighter alternatives .....
[09:54] <ikonia> you can use ERB templates without puppet
[09:54] <yossarianuk> and that can also update servers of different os types ?
[09:54] <ikonia> totrally
[09:55] <ikonia> totally
[09:55] <yossarianuk> cool
[09:55] <ikonia> it's just a cross-platform template
[09:55] <ikonia> (it's used with puppet hence the cross platform)
[09:55] <ikonia> the only think you need to work out is the distribution method but that can be as easy as a shell script
[09:55] <yossarianuk> well cheers !  (going for a meeting now - back in several hrs.)
[09:56] <yossarianuk> ERB sounds like a good solution to be fair...
[09:56] <ikonia> setting it up outside of puppet will require a little thought, but once you've worked it out, you'll fly
[09:57] <ikonia> eg: heira is a common use for populating the data, you won't be using that, so you'll need to do something different, but it won't be too hard
[10:21] <klander> hey guys. I'm having a bit of a dependency issue while trying to install php5-memcached. I was hoping I could get some advice on what to do next? Here's the bash output: http://pastebin.com/nZcn1YTx
[10:25] <lordievader> klander: gconf2 fails to setup, and everything seems to depend on that. What happens when you manually run dpkg on that package?
[10:25] <klander> lordievader: I haven't tried..
[10:25] <klander> dpkg -i gconf2 ?
[10:27] <opstack> Hi guys, does any one have experience with Ubuntu Landscape ?
[10:27] <lordievader> klander: Using the full path to the package, should be somewhere in /var/cache/apt/archives
[10:29] <klander> ok i have gconf2-common_2.28.1-0ubuntu1_all.deb , gconf2_2.28.1-0ubuntu1_amd64.deb, libgconf2-4_2.28.1-0ubuntu1_amd64.deb
[10:30] <lordievader> klander: Try gconf2_2.28.1-0ubuntu1_amd64.deb
[10:31] <klander> https://gist.github.com/anonymous/9fc2c90355ba15c47ff8
[10:34] <lordievader> Pff that is informative.. sudo apt-get autoclean&&sudo apt-get update&&sudo apt-get install gconf2
[10:36] <klander> https://gist.github.com/anonymous/0f165f657de5695761b7
[10:36] <klander> (after autoclean and update)
[10:38] <lordievader> klander: sudo apt-get purge gconf2&&sudo apt-get install gconf2
[10:39] <klander> https://gist.github.com/anonymous/248fc2618d89d6532019
[10:42] <lordievader> klander: Does "dpkg -l|grep gconf" show it as installed?
[10:43] <klander> https://gist.github.com/anonymous/bd756c995e76e5f2fdfe
[10:43] <klander> I guess not ^
[10:45] <lordievader> klander: sudo apt-get install gconf2
[10:46] <klander> https://gist.github.com/anonymous/3b66871ca41988c67c97
[10:46] <klander> :/
[10:46] <klander> shared-mime-info, libgtk2-perl and libgnome2-canvas-perl
[10:47] <lordievader> klander: Well gconf2 seems to be installed correctly: sudo apt-get install -f
[10:47] <klander> same output
[10:49] <lordievader> klander: "sudo dpkg --configure shared-mime-info" Errors I suppose?
[10:51] <klander> https://gist.github.com/anonymous/1671f16cbb349310bf84
[10:51] <klander> Segmentation fault?
[10:53] <lordievader> It ain't supposed to do that...
[10:56] <lordievader> klander: What you could try, might be risky, is removing the package temporarely cleaning the cache and reinstalling it.
[11:00] <klander> okay..
[11:01] <lordievader> klander: shared-mime-info likely has dependencies to remove it without removing the dependencies see http://ubuntuforums.org/showthread.php?t=1513821
[14:32] <anomaly> I have been getting this email regularly now.  'panic action' script /usr/share/samba/panic-action.  nothing esoteric.  just local samba for file sharing with windows machines.  I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
[14:50] <donaldduckk> My home server, mainly media and backups, has been turning off at some point in the night. I have to power it up in the morning. This has happened maybe 3 days in a row. Things ran fine for months. Is there a log i can look at? I looked at dmesg but didn't see anything there.
[14:51] <patdk-wk_> look at whatever log your ups software logs to
[15:06] <donaldduckk> ok, didn't know there was an ups log. Thanks.
[15:59] <hallyn> smb: hi, are you around?
[15:59] <smb> hallyn, I feel tempted to say no, but yes.
[15:59] <hallyn> smb: caribou is having an issue with backported libvirt pkgs due to apparmor complications.  I think that a version of your upstream patch to tweak the apprmor rules might be the best fix
[16:01] <smb> hallyn, Yeah... Should I fwd him my latest patches for upstream?
[16:01] <smb> Probably still have to be tweaked a bit since I only test compiled the upstream variant. Not integrated into Debian packaging
[16:02] <hallyn> smb: yeah, it's probably better to do it in debian/rules based on the deb target arch
[16:02] <smb> hallyn, btw, something else. is the irc meeting planned to take place or was it cancelled since many would be away
[16:03] <hallyn> it is cancelled
[16:03] <smb> Ah ok.
[16:04] <smb> In theory it should work after things are expanded. I am just not sure which steps are used to get there. Maybe repackage after ./bootstrap
[18:30] <tgm4883> Can I set UFW to allow SSH from all local networks? We've got quite a few 10.x.x.x VLANs at work, and I'd like to lock SSH down to the local VLANs without having to add each one independently
[18:31] <tgm4883> maybe just allow from 10.0.0.0/8?
[18:32] <sarnold> tgm4883: try ufw allow in ssh from 10.0.0.0/8  or similar?
[18:45] <tgm4883> sarnold: yes that seems to have worked. Thanks
[18:46] <sarnold> tgm4883: nice
[19:01] <bilde2910> Hi there! I used smartctl --test=short to scan my server's hard drive for errors. I'm not totally sure how to interpret the results, however. Is there some easy way I can check whether my disk ought to be replaced soon? Anything to look out for in the future? https://puu.sh/cDdv3.png
[19:03] <bilde2910> I'm guessing the answer to this is actually a bit too simple.. but I just can't seem to figure itout
[19:03] <fixxxermet> Which syntax would I use to to bond an interface and then bridge it, while using DHCP?
[19:03] <sarnold> bilde2910: that hardware ecc recovered and raw read error rate seem staggeringly high; to the point that I even wonder if they're outright wrong..
[19:04] <bilde2910> So... something's up? Should I replace the drive?
[19:04] <sarnold> bilde2910: I'd run the test again tomrrow or something and see if those counts have increase. if they have, plan its replacement soon. if they haven't, you might not have an -immediate- problem but .. it's scary, right? :)
[19:04] <bilde2910> Well yeah, I should probably do more frequent backups then
[19:04] <sarnold> never a wrong answer :)
[19:05] <bilde2910> Will run the test again tomorrow, then. Thanks for help
[19:05] <sarnold> good luck :)
[19:06] <bilde2910> Thanks :)
[19:07] <dasjoe> bilde2910: see the line about SMART Self-test log stuff
[19:07] <dasjoe> Num #1 "Completed without error"
[19:08] <bilde2910> Well that at least looks promising, at least in its current state.
[19:09] <bilde2910> Oh, and another question. Is it possible to be alerted somehow (by email, for instance) when something bad happens or is about to happne?
[19:09] <dasjoe> bilde2910: also, ignore the Hardware_ECC_recovered line, usually only the vendor knows what it means
[19:09] <bilde2910> Ok, thanks for the tip, dasjoe
[19:10] <dasjoe> bilde2910: If you can erase the drive you should run a destructive test using badblocks, it overwrites the disk multiple times with patterns and checks them for correctness
[19:11] <sarnold> dasjoe: oh, thanks
[19:11] <bilde2910> dasjoe, not sure if that is currently an option; not sure how that would impact uptime on the web server I'm running there. I'd like to use it as much as possible and avoid any downtime I can
[19:12] <dasjoe> bilde2910: also, see "man 5 smartd.conf" for info on how to receive mails from smartd. If you're using mdadm you should check out "man 5 mdadm.conf", too
[19:13] <bilde2910> Thanks
[19:13] <dasjoe> Sure
[19:15] <dasjoe> sarnold: imho the only interesting lines are the ones where the vendor configured a threshold, where I usually compare VALUE to THRESH and (mostly) ignore the raw value
[19:17] <bilde2910> One last question - how long could I hope my disk would last if I read/write about one file per second? I'm not sure if there are any good estimates on this, but if there is, it would be good to know
[19:17] <sarnold> dasjoe: ah, the middle columns that I've mostly ignored; those look scary too :)
[19:19] <anomaly> I have been getting this email regularly now.  'panic action' script /usr/share/samba/panic-action.  nothing esoteric.  just local samba for file sharing with windows machines.  I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
[19:20] <qman__> bilde2910: nobody can say, disk life is a guessing game at best; I replace when errors show up in the log, sometimes that's two months in, and sometimes it never happens
[19:20] <qman__> 10 years down the line
[19:22] <bilde2910> Ok, thanks!
[19:24] <qman__> SMART errors give you reasonable warning prior to a failure about 98% of the time in my experience, and they're evidence enough for an RMA, so that's what I use
[19:24] <dasjoe> bilde2910: your disk has "used" 6% of its target hard power-cycles (being switched off and on) and 11% of its load cycles (its head getting parked). So you can probably use it for about 9x as long as you've used it for now
[19:25] <bilde2910> Interesting
[19:25] <dasjoe> Just keep in mind SMART is not perfect, a large study (iirc done by Google) found SMART didn't give any warnings for 50% of failed disks
[19:27] <qman__> Must have been some crap disks
[19:27] <qman__> Failures without smart errors are pretty rare IME and normally that only happens with a drop dead failure situation
[19:28] <dasjoe> Yeah, because that's what Google would be using. They're known for taking the worst possible hardware ;)
[19:28] <dasjoe> "Figure 14 shows that even when we add all remaining SMART parameters (except temperature) we still find that over 36% of all failed drives had zero counts on all variables."
[19:28] <qman__> I don't check the parameters, just the error log
[19:29] <dasjoe> http://static.googleusercontent.com/media/research.google.com/en//archive/disk_failures.pdf
[19:29] <qman__> The parameters are largely useless
[19:29] <qman__> Most failures don't happen all at once, so there's a window of opportunity to replace it
[19:30] <dasjoe> Right. I ignore the error log, but check the parameters, I also trust my senses of smell, hearing and temperature ;)
[19:33] <qman__> I've never had any success with tools that monitor the parameters to predict failure, but I have had great success by monitoring the error count
[19:34] <qman__> Soon as that error pops up, prepare to replace
[19:59] <kevindf_> I've set up a OpenVPN server (just with the regular tun interface, not tap) and everything connects smoothly with firewall disabled, but once I turn on my firewall again I can connect perfectly but it seems to refuse the routing with as result I have no internet access. I'(ve tried adding rules to iptables such as "-A POSTROUTING -o eth0 -j MASQUERADE" & "-t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE"  but with 
[20:00] <kevindf_> I have iptables-persistent installed also
[20:00] <kevindf_> Anyone has any idea what's going wrong with the iptables I added?
[20:02] <lordievader> kevindf_: Let iptables log the dropped packets and look at what it is dropping.
[20:02] <kevindf_> How can I log that exactly? As i'm not that familiar yet with iptables
[20:03] <lordievader> kevindf_: http://www.thegeekstuff.com/2012/08/iptables-log-packets/
[20:04] <kevindf_> I'll take a look at that, and come back with the results in a few minutes
[20:04] <kevindf_> thank you
[20:12] <kevindf_> lordievader I logged the data, I think this is the output http://pastebin.com/i0WU96GD
[20:14] <lordievader> kevindf_: Lots of DNS is being dropped. Can you ping your vpn network with the firewall on?
[20:16] <kevindf_> will try to ping on my laptop with the vpn connection, as I tested the vpn quick trough my phone for the log
[20:16] <kevindf_> hang on
[20:19] <LinStatSDR> Got my server running under 40c finally
[20:21] <LinStatSDR> at 100% load <3
[20:21] <kevindf_> lordievader I can ping 10.8.0.1 perfectly when firewall is enabled and when connected to the vpn
[20:22] <kevindf_> but no internet access ofcourse
[20:22] <lordievader> kevindf_: I think you'll find you have internet access but your DNS is broken.
[20:23] <LinStatSDR> ^
[20:23] <lordievader> LinStatSDR: Whoo neat. Is it an airplane now?
[20:23] <LinStatSDR> Nope, just ram air. Not too too loud but... servers are loud anyway.
[20:24] <kevindf_> I will try comment out  push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 4.4.4.4"
[20:24] <kevindf_> in my openvpn server.conf file
[20:24] <kevindf_> and then try again
[20:27] <kevindf_> lordievader I've tried commenting out the DNS in my server conf so it doesn't push the client the dns servers but that didn't work out either unfortantly
[20:28] <lordievader> kevindf_: That's not what I meant with 'your DNS is broken', look at the iptables log paste you posted.
[20:28] <lordievader> kevindf_: What is it mainly dropping? What destination port?
[20:29] <kevindf_> It's set on port 1194 UDP
[20:29] <kevindf_> maybe i should try use port 443 or something?
[20:30] <lordievader> kevindf_: Try to answer my questions...
[20:35] <lordievader> kevindf_: Look at the paste you gave me, what destination port is being dropped?
[20:37] <kevindf_> 54010?
[20:38] <lordievader> kevindf_: That is likely a source port.., no traffic with destination port (DPT) 53 is being dropped.
[20:39] <lordievader> kevindf_: What uses UDP port 53?
[20:39] <kevindf_> dns?
[20:39] <LinStatSDR> I know I know
[20:39] <LinStatSDR> aww he beat me to it
[20:39] <genii> Yes, DNS
[20:41] <kevindf_> i'm still pretty new to networking but trying to learn as much as i can everyday
[20:41] <lordievader> kevindf_: Exactly, in other words: any host lookup you do from your vpn client is not able to resolve it to an ip address.
[20:42] <lordievader> kevindf_: Allow outgoing udp connections to 8.8.8:53 and 4.4.4.4:53 (wasn't it 8.8.4.4?) and you are good to go.
[20:43] <sarnold> allow tcp too
[20:43] <lordievader> (Unless there are other ports your firewall blocks ;)
[20:44] <kevindf_> Ok, thank you. I will try adding those rules to my firewall and see how it turns out
[20:44] <kevindf_> Sorry for some stupid answers, but everyone starts somewhere :)
[20:45] <LinStatSDR> No worries. We don't mean to come off as being rude. Just text has no emotions or tones.
[20:46] <lordievader> kevindf_: Exactly, that is why I tried to teach you something rather than just provide answers ;)
[20:47] <kevindf_> no problem :) and yes lordie i appreciate that alot, helps me understanding things more easily
[20:57] <bilde2910> dasjoe, just curious, where did you see those cycle use percentages you mentioned
[21:00] <kevindf_> I allowed the outgoing UDP connections to 8.8.8.8:53 and 8.8.4.4:53 tcp & udp, the log is gving me UFW blocks now for proto 80 TCP & proto 443 TCP
[21:02] <LinStatSDR> so http
[21:06] <kevindf_> LinStatSDR If i'm correct I should allow 80 & 443 now also but for 10.8.0.0/24?
[21:06] <kevindf_> TCP
[21:06] <LinStatSDR> Sounds good to me.
[21:11] <lordievader> kevindf_: I'd allow those in general. Whitelisting of web servers is a drag.
[21:12] <kevindf_> lordievader I just checked and these are both configured for IPV4 aswell as IPV6 to allow from anywhere
[21:14] <kevindf_> I don't see why UFW is blocking the packets on those ports now as they are both allowed
[21:14] <LinStatSDR> lordievader: I agree, whitelisting is very time consuming.
[21:58] <dasjoe> bilde2910: check the table, ID 9 Power_On_Hours and ID 193 Load_Cycle_Count
[21:59] <dasjoe> POH's VALUE is "094", which is in %. So it was on for 6% of the time it was designed for
[22:10] <kevindf_> lordievader: Finally got it working, took me some time but added some new iptables rules and it works fine now
[22:11] <kevindf_> lordievader: Thanks for helping me out and teaching some new stuff :)
[22:14] <lordievader> kevindf_: Sure, no problem. Glad to hear it is working now :)
[22:14] <kevindf_> :)
[23:44] <tafa2> could not find module name cc_ubuntu_init_switch
[23:44] <tafa2> anyone seen this?
[23:44] <tafa2> server failing to boot