[03:49] <orion> Hi. My ubuntu server is currently experiencing extremely high load. ksoftirqd/0 is using a lot of CPU time. I am running nginx + php-fpm on 14.04.
[03:49] <orion> What things can I do to better diagnose the issue?
[07:17] <lordievader> Good morning.
[08:23] <tmontney> I'm having trouble booting ubuntu 14.04 server.
[08:23] <tmontney> It is using a resolution none of my monitors can display.
[08:23] <tmontney> I just did an install, rebooted, and gets stuck immediately after POST.
[08:25] <lordievader> tmontney: Does it actually get stuck, or does it continue but you cannot see it continue?
[08:26] <tmontney> I see HDD activity, so I assume it's loading.
[08:26] <tmontney> However I cannot see anything due to incorrect/out of range resolution.
[08:27] <lordievader> tmontney: Do you set a resolution in grub?
[08:27] <tmontney> I didn't set any resolution. I cannot see anything past POST.
[08:28] <tmontney> I pretty much did a standard installation, rebooted, and got the out of range display error from my monitor.
[08:28] <tmontney> I tried a few monitors capable of 1024x768 to 1920x1080.
[08:28] <lordievader> Hmm, what resolutions does your monitor support?
[08:28] <tmontney> None of them could display.
[08:29] <lordievader> That is odd...
[08:29] <lordievader> How are they connected?
[08:29] <tmontney> VGA
[08:29] <tmontney> integrated graphics
[08:29] <tmontney> pc is from 2003
[08:30] <lordievader> Very odd indeed. The live-cd/install-cd/usb worked without trouble?
[08:30] <tmontney> Yeah, no problem there.
[08:30] <tmontney> did it from usb, used the latest 14.04 LTS server install
[08:30] <tmontney> Is there a config file I can edit?
[08:30] <tmontney> I can pull the HDD out, connect it via an IDE NAS I have.
[08:31] <tmontney> connect it to another PC I mean*
[08:31] <tmontney> unless the problem runs deeper than simply trying the wrong resolution
[08:32] <lordievader> You'd think that if it fails detecting the resolution it would take a resolution ~any monitor can display.
[08:32] <tmontney> Yeah, that's what I was expecting.
[08:33] <tmontney> I was hoping there was a key combination that would force a resolution safe mode.
[08:33] <tmontney> A common resolution almost any monitor can support, like 640x480 or 800x600.
[08:33] <lordievader> Can you ssh into the box?
[08:33] <tmontney> Sadly I didn't add anything to the install.
[08:34] <tmontney> It's going to be for diskless workstations.
[08:34] <tmontney> All I needed was DHCP and TFTP according to a howto.
[08:34] <lordievader> tmontney: So you have an image somewhere?
[08:34] <tmontney> Perhaps I should install a lower server version considering the age of the pc?
[08:34] <tmontney> an image of what
[08:35] <tmontney> the server install?
[08:35] <lordievader> chroot into there, set up ssh, reboot client.
[08:35] <tmontney> How do I chroot?
[08:35] <lordievader> You are doing a netboot right?
[08:35] <tmontney> Yeah, diskless workstations will get the image from my server.
[08:36] <lordievader> Ah wait, this is going to be the server providing the image? *is not awake*
[08:36] <tmontney> Correct.
[08:36] <tmontney> Perhaps the best thing would be to reinstall but with ssh?
[08:36] <lordievader> And it doesn't do ssh?
[08:36] <lordievader> It probably does ssh, have you tried?
[08:37] <tmontney> Only because I didn't add anything to the install. I was going to do it later.
[08:37] <tmontney> But it seems now ssh is always a good idea in case of local access issues.
[08:37] <tmontney> Oh
[08:37] <tmontney> I haven't actually tried it.
[08:37] <tmontney> I assumed you had to specify it on install.
[08:38] <lordievader> Perhaps you have to, but I wouldn't be surprised if it is there by default.
[08:39] <tmontney> Odd, it's not even showing up on the network.
[08:39] <lordievader> Hmm, the installation did complete sucessfuly?
[08:40] <tmontney> Never mind, it's there but says connection refused.
[08:40] <lordievader> Hmm, too bad...
[08:41] <tmontney> I'll reinstall.
[08:41] <lordievader> tmontney: You'd want to read this: http://askubuntu.com/questions/299975/proper-way-to-change-terminal-resolution-in-ubuntu-server-13-04
[08:43] <tmontney> So I could connect the HDD to another PC, edit the file, and we're good?
[08:47] <lordievader> tmontney: If you then also chroot and run 'sudo update-grub2', yes.
[09:19] <tmontney> still nothing
[09:20] <tmontney> edited /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT="splash vga=768"
[09:20] <tmontney> originally it was set to "quiet splash" no vga tag presnet
[09:20] <tmontney> present*
[09:30] <tmontney> I'm tired. I'm just gonna reinstall with SSH.
[09:30] <tmontney> Thanks for your help anyway.
[09:30] <tmontney> I appreciate it.
[11:11] <zermanno> Hi, i am trying to build a router with ubuntu server. Do you know where can i buy a pci express adsl modem that is supported by ubuntu?
[11:17] <RoyK> zermanno: I guess I'd rather use a standard DSL modem in bridge mode
[11:17] <RoyK> less hassle when you need to upgrade
[11:18] <rbasak> Yeah. Also the first thing you'll want to do when you have ADSL issues is to try a different modem. Much pain with PCI.
[11:20] <zermanno> Ok thanks all
[11:21] <zermanno> Do you know of any resources for this kind of job apart from lartc.org?
[11:21] <zermanno> I mean docs, guides ecc
[11:21] <RoyK> zermanno: imho lartc.org is for the rather advanced stuff - what do you need?
[11:23] <zermanno> RoyK, Yes its more a hobby project for home, i'd like to try stuff, i have a phd in tlc eng i can handle advanced stuff. I am looking for hints of what people to in real life to take ideas.
[11:24] <RoyK> well, start out at http://www.kintona.com/ip-forwarding-and-masquerading-in-linux/ and add the fun stuff later ;)
[11:24] <zermanno> RoyK, thanks!
[12:10] <rbasak> melmoth: thank you!
[12:10] <melmoth> no problemo :)
[14:33] <samba35> is it possible to use cpu passthrouth with kvm like pci ethernet card passthrougth using 14.04.2
[14:44] <lordievader> Cpu passthrough sounds like a bad idea, even if it was possible.
[14:58] <patdk-wk> hmm, if your using kvm, is it basically cpu passthough
[14:58] <patdk-wk> if you need something like a dedicated cpu per kvm
[14:58] <patdk-wk> then you use cpu pinning
[15:00] <lordievader> It is still shared with the host, I'd say.
[15:00] <patdk-wk> heh?
[15:00] <patdk-wk> if it's pinned? no
[15:00] <patdk-wk> if it is still shared, you didn't pin the host
[15:01] <lordievader> So it is not really passthrough.
[15:01] <patdk-wk> heh?
[15:01] <patdk-wk> kvm always runs in passthough cpu mode
[15:01] <lordievader> Am I seeing things wrong?
[15:01] <patdk-wk> it's just not sticky
[15:01] <patdk-wk> pinning makes it sticky
[15:02] <patdk-wk> if you mean, you want to use a raw un-initialized cpu, no that won't work
[15:02] <lordievader> I see passthrough as the vm has exclusive rights to the device. The host cannot use it anymore.
[15:02] <patdk-wk> but the way kvm has always, and only works, is by using the virtualization features of the cpu, to do it's form of passthough mode
[15:03] <lordievader> Ah, in that sense.
[15:03] <patdk-wk> that is true
[15:03] <patdk-wk> till but even in passthough mode, the host can interrupt it
[15:03] <patdk-wk> and reassign it
[15:03] <patdk-wk> or evne use it if it wants
[15:03] <patdk-wk> it just has to *interrupt* the current user
[15:03] <lordievader> Ah, check.
[15:04] <patdk-wk> for cpu, that means the vm sleeps
[15:04] <patdk-wk> for pci, that normally means the vm is shutdown
[15:04] <patdk-wk> unless your using sr-iov
[15:04] <patdk-wk> since then pci passthough using sr-iov is *virtualization* friendly
[15:04] <patdk-wk> more like cpu's
[15:05] <patdk-wk> if pci devices supported a saved state, like cpu, it would be much more clean
[15:05] <patdk-wk> and you could even support live migration
[15:05] <lordievader> Whoo, fancy.
[15:09] <samba35> ok thanks , i will be right back make some chanes
[15:09] <Sling> how does iptables-persistent and fail2ban cooperate? should I stop fail2ban before I save my iptables-persistent rules?
[15:10] <Sling> to avoid getting multiple fail2ban chains
[15:14] <jpds> Do you even need fail2ban?
[15:15] <samba35> sorry , i just rebooted to check wheter it work but ot seems still i see vcpu /qemu
[15:15] <samba35> i tryed to used pinning form vrt-manger
[15:15] <Sling> jpds: well, need, I like to have it on all public facing ssh boxes
[15:15] <Sling> even though they don't allow password auth etc
[15:15] <jpds> Sling: I just enabled SSH keys, and have iptables rate-limit new connections.
[15:15] <Sling> saves some log pollution and annoyances
[15:16] <Sling> well this is effectively also a rate-limit :)
[15:16] <lordievader> samba35: What is the output of 'virsh vcpuinfo <domain>'?
[15:16] <samba35> pls wait
[15:17] <jpds> Sling: Built-into iptables itself. :)
[15:17] <samba35> vcpu 0 1 and running
[15:18] <samba35> cpu affinity  is yyyy
[15:18] <lordievader> samba35: Could you pastebin the full output?
[15:18] <lordievader> samba35: You are not pinning them.
[15:18] <samba35> sorry i have internt on guest that is centos7
[15:19] <samba35> host is 14.04.2
[15:19] <lordievader> samba35: 'virsh vcpupin <domain>' shows the pinning in more detail.
[15:19] <samba35> ok pls wait let me see i can use ssh
[15:20] <samba35> 0 is 0-3 and 1 is 0-3
[15:20] <lordievader> Yeah, that means the vcpu's can run anywhere.
[15:20] <samba35> can you pls telll me what  i should use to configure cpu /virt-manger ?
[15:21] <samba35> while makeing changes do i have to turn off guest ?
[15:21] <samba35> or i can reboot guest after makeing changes
[15:22] <lordievader> samba35: Issue 'virsh vcpupin --help' ;)
[15:22] <lordievader> samba35: You can make changes live, but they will not be saved in the config.
[15:22] <lordievader> So next shutdown -> boot they will be gone.
[15:23] <samba35> ic then what i suppose to do
[15:23] <samba35> in face i make changes with virsh edit domain
[15:25] <samba35> can you pls tel me persistent solution
[15:26] <lordievader> samba35: I have a '<vcpu placement='static' cpuset='1,3' current='1'>2</vcpu>' in my xml definitions. This specifies that there may be a max of 2 vcpu's, at boot 1 is enabled. And the vcpu threads may run on cpu 1 and 3.
[15:28] <samba35> so you mean to say i have to edit with virsh and add cpuset=1,3
[15:29] <samba35> did you configure it by hand or by any tool
[15:30] <lordievader> samba35: Depends on my mood, usually by hand.
[15:30] <samba35> ok
[15:30] <samba35> let me try
[15:31] <samba35> if you dont mind can you pls post some line from you xml file for the guest
[15:32] <lordievader> samba35: http://paste.ubuntu.com/10615859/
[15:32] <samba35> this command from redhat will this work virsh vcpupin rhel6u4 1 2
[15:33] <samba35> ok
[15:33] <samba35> thanks
[15:36] <samba35> i will be back after reboot
[15:36] <samba35> thanks
[15:36] <samba35> lordievader: thanks
[15:53] <samba35> lordievader: that worked
[15:53] <samba35> thanks ,but i think i should use the how it was becase it was constantly using 2 cpu and it might matter to other guest
[15:57] <samba35> lordievader: btw how many phyiscal core cpu youi are using and which cpu you are using ,this is just to understand my knowlege ,i am using core 2 quard cpu
[15:58] <lordievader> An AMD Opteron something, something.
[15:59] <samba35> ok
[15:59] <samba35> cat /proc/cpuinfo
[16:13] <caribou> hallyn_: looks like you are chairing the meeting today : I will not be able to attend
[16:26] <lordievader> samba35: I know, but I was being lazy.
[16:26] <samba35> :)
[16:29] <lordievader> samba35: I also run KVM on an i7 but without pinning as it doesn't have multiple NUMA cells (it's a laptop ;) )
[16:30] <samba35> ok
[17:04] <RoyK> A laptop with NUMA would have been cool :)
[17:15] <lordievader> Jup :)
[17:16] <patdk-wk> cool?
[17:16] <patdk-wk> that sounds like a royal pain
[17:27] <JediMaster> hi all, is it possible to get logrotate to only delete files older than a certain age? I know it can be done easily with find, but I have a lot of requirements for rotating logs so would like to keep it all together
[17:31] <jpds> JediMaster: Don't you just change the 'rotate' integer?
[17:35] <JediMaster> jpds, I don't want to rotate the files, the logs in this directory are one-off logs each time a program is run
[17:35] <JediMaster> so I just want to delete the old ones
[17:35] <jpds> JediMaster: Then just use find with -mtime.
[17:36] <JediMaster> so I've got a really simple config: /path/to/files/* { daily maxage 7 }
[17:36] <JediMaster> jpds, read the above =)
[17:36] <JediMaster> I want to keep all log management within logrotate config files so they're not splintered into cron scripts etc.
[17:37] <jpds> For one off logs, I don't bother with logrotate personally.
[17:37] <jpds> Well, not quite, I use the 'savelog' command.
[17:37] <JediMaster> sure, but there just so many different requirements for different logs I've been given it'll be a headache putting it in different places
[17:38] <JediMaster> when I run logrotate with the above config file (split over several lines) it just returns back to the command line with no output and no effect
[17:39] <JediMaster> ahhh
[17:39] <JediMaster> in the man page for maxage "The age is only checked if the logfile is to be rotated"
[18:41] <rostam> hi how would i know my ubuntu 14.04 box is at which update release, i.e. 1 or 2? thx
[18:42] <RoyK> lsb_release -a
[18:43] <rostam> RoyK, thanks it says 14.04 there is no update 1 or 2 beside it, I thought apt-get -u upgrade will upgrade it to the latest 14.04 update 2 ?
[18:44] <sarnold> rostam: the only difference is which kernel and x11 is installed, see https://wiki.ubuntu.com/TrustyTahr/ReleaseNotes#LTS_Hardware_Enablement_Stack
[18:45] <RoyK> rostam: http://paste.ubuntu.com/10616821/
[18:45] <rostam> sarnold,  where do I get security upgrade, there has been some changes to bash. Thanks
[18:45] <RoyK> gues you get those from a normal apt-get upgrade
[18:45] <RoyK> s/gues/guess/
[18:45] <sarnold> rostam: apt-get update && apt-get -u dist-upgrade
[18:46] <RoyK> I usually just do a dist-upgrade
[18:46] <rostam> sarnold, RoyK  I do not want to  upgrade the kernel. would dist-upgrade upgrade the kernel ? thx
[18:47] <RoyK> rostam: IIRC the kernel won't be upgraded by dist-upgrade, and that shouldn't be needed either unless you need some bleeding edge drivers or new stuff
[18:48] <sarnold> rostam: you won't get the new kernel unless you go to some effort to install it
[18:49] <RoyK> 'some effort' being an apt-get install :P
[18:49] <RoyK> but if you don't know which part of the new stuff you need, well, you don't need a new kernel
[18:49] <rostam> sarnold, RoyK it seems it tries to install the kernel: http://paste.ubuntu.com/10616853/
[18:50] <RoyK> ok
[18:50] <RoyK> go on
[18:51] <rostam> RoyK I do not want to install new kernel, since it will break some of the kernel modules we have developed. The kernel modules have kernel version stamped in them and that will break with new kernel.
[18:51] <patdk-wk> rostam, heh?
[18:52] <patdk-wk> how did you deploy them?
[18:52] <patdk-wk> you didn't use dkms?
[18:53] <rostam> patdk-wk,  we use insmod command.
[18:53] <sarnold> rostam: those are standard security updates. you want those. note the version 3.13.0-46.79 here: https://launchpad.net/ubuntu/+source/linux
[18:53] <RoyK> what sort of modules?
[18:53] <patdk-wk> insmod doesn't make kernel modules
[18:53] <patdk-wk> it loads them
[18:54] <sarnold> rostam: whatever mechanism you have in place really needs to be able to handle security updates.
[18:54] <rostam> patdk-wk,  we create .ko files and install them during system boot. They are image capture and audio devices.
[18:54] <patdk-wk> yes, how do you make the .ko files?
[18:54] <patdk-wk> you should be using dkms to create your .ko files
[18:56] <rostam> patch-wk in our build infrastrucrure we have a custom build, it points to a kernel and header version installed on the host system.
[18:56] <rostam> sarnold, thanks I will see how to include those security patches.
[18:57] <RoyK> that's what dkms is for
[18:57] <patdk-wk> dkms does all of that for you
[18:58] <rostam> patdk-wk, RoyK  my understanding from dkms is the kernel gets compiled on installed system, not sure, if there are any references I greatly appreciate. thanks
[18:58] <patdk-wk> yes it will
[18:59] <patdk-wk> it will build against the kernel installed on that system
[18:59] <patdk-wk> the only other way you could do it, it would be kindof evil
[18:59] <patdk-wk> build a binary package for it
[18:59] <rostam> patdk-wk, does this means I have to have the kernel source on that system also?
[18:59] <patdk-wk> and *depend* on specific kernel versions
[18:59] <patdk-wk> then update it as new security patched kernels come out
[19:00] <patdk-wk> no, kernel headers only
[19:01] <rostam> patdk-wk,  are there any document please, I just did some googling did not find much on dkms Thanks
[19:03] <patdk-wk> https://help.ubuntu.com/community/Kernel/DkmsDriverPackage
[19:03] <rostam> patdk-wk,  thank you so much.
[19:03] <RoyK> https://en.wikipedia.org/wiki/Dynamic_Kernel_Module_Support
[19:03] <patdk-wk> I know it works, done several
[19:06] <rostam> patdk-wk, RoyK thanks I start reading about it. My only concern is we can not have the source code on the system, and it would be interested to find out how dmks will compile the kernel module without source code.
[19:09] <RoyK> rostam: obviously, it can't
[19:09] <RoyK> rostam: out of interest, why can't you have the source code on the system?
[19:18] <RoyK> rostam: ?
[19:23] <rostam> RoyK, sorry took a while I have to be in the lab. Well we do not want anyone to access the source code it reveal some of our internal intellectual property.
[19:23] <RoyK> rostam: what sort of servers do you use this on?
[19:24] <rostam> RoyK the servers are PCIe off the self product. We buy them from various vendors.
[19:25] <RoyK> rostam: just wondering - if they're for use inhouse, why are you scared about the code?
[19:25] <patdk-wk> well, you have to rethink how you do it
[19:25] <patdk-wk> have to make a lib that has your code in it
[19:25] <patdk-wk> then *compile* the kernel wrapper around it
[19:26] <rostam> RoyK, They are sold to Enterprise customers. We can update the images but we do not want the customer access our source code.
[19:26] <RoyK> rostam: that's a breach of GPLv2
[19:26] <rostam> patdk-wk, I agree we need to rethink on this, kernel wrapper ??
[19:27] <RoyK> rostam: if you sell a system with custom kernel code to a customer, that customer must have access to the code
[19:27] <rostam> RoyK, our legal department has advise as long as we are not GPLv3 we do not have to release the source code.
[19:28] <sarnold> nvidia has something similar but since they derived their linux drivers from their windows drivers they are (begrgudguingly?) allowed to not be a derivative work of the kernel..
[19:29] <RoyK> rostam: they are wrong. Cisco lost a case to FSF about the exact same thing
[19:29] <RoyK> rostam: and Linux is GPLv2, so you won't get around that
[19:29] <rostam> RoyK I will defintely recheck this.
[19:30] <RoyK> do that
[19:30] <rostam> sarnold, RoyK, patdk-wk  thank you so much for all your advise.
[19:30] <RoyK> cisco isn't a small company, but they lost this https://en.wikipedia.org/wiki/Free_Software_Foundation,_Inc._v._Cisco_Systems,_Inc.
[19:31] <rostam> RoyK thanks for link I will forward it to our legal department
[19:31] <RoyK> rostam: do that - I don't like people breaking GPL
[19:32] <rostam> RoyK sure
[19:32] <patdk-wk> I forget where the legal bouneries lie, and won't go there
[19:33] <RoyK> patdk-wk: well, in GPLv2 it's quite simple, if you distribute a compiled driver or something else that links to GPL, you have to distribute the code
[19:36] <patdk-wk> ah, then you just need to use userspace callbacks to get around the issue
[19:39] <RoyK> patdk-wk: indeed, if you can do that
[19:40] <RoyK> patdk-wk: or do as graphics cards makers do - create a blob and distribute it with the source doing the linking
[19:41] <RoyK> patdk-wk: but most normal drivers are just easy things that should be open
[19:42] <RoyK> patdk-wk: do you remember the Intel driver by Becker? It sucked at some things and Intel did the only right thing - they opensourced their drivers
[19:42] <patdk-wk> don't remember
[19:43] <RoyK> well, Intel was one of the first to write drivers for Linux directly, in OSS
[19:43] <RoyK> and to start talking to the kernel guys
[19:44] <RoyK> instead of keeping the cards close at hand and refusing access to any docs without a mile long NDA
[19:45] <patdk-wk> video? or other?
[19:45] <patdk-wk> my experience with intel linux drivers hasn't been good
[19:45] <RoyK> not sure about video - think they're open on that too
[19:45] <patdk-wk> from endless intel graphics and wifi problems
[19:45] <RoyK> but it all started with that e100 card
[19:45] <patdk-wk> issues too with network, but those are more rare atleast
[19:45] <RoyK> broadcom didn't learn from that :P
[19:46] <patdk-wk> broadcom is horrible
[19:46] <RoyK> AFAIK their hardware is ok
[19:46] <RoyK> but reverse-engineered drivers aren't
[19:46] <patdk-wk> not so sure of that :)
[20:11] <zkvvoob> Hi all. I'm getting some strange ERROR 500 when I activate a Wordpress plugin called BuddyPress. However, the error does not appear in Apache's error.log. Could anyone help me troubleshoot this issue?
[20:13] <thumpba_> im getting an error when rebooting an instance in openstack "error: unknown filesystem entering rescue mode, grub rescue" im using a uefi image