/srv/irclogs.ubuntu.com/2016/02/08/#ubuntu-server.txt

KimseAnybody here ever tried to use automount inside a NAT'd LXC container to mount home directories shared via NFS? Can't get it to work on a NATd container00:01
twbWaaaay back in 10.04, if you installed screen, it would pull in update-notifier-common, which would change the MOTD to remind you if there was a newer kernel to reboot into.00:01
twbCan anyone tell me offhand if that's still the case?00:02
twbThat is: if I install update-notifier-common, will MOTD start warning about pending kernel updates00:02
twb(I suspect this used to happen via byobu, and I have no idea what's happened in byobu.)00:02
tarpmantwb: yeah, update-notifier-common still does the motd updating stuff00:12
twbCool, so I can install just that and get that feature00:12
tarpmanhttp://packages.ubuntu.com/xenial/all/update-notifier-common/filelist00:13
twbThanks00:13
tarpmantwb: I think you might also need update-motd installed, if you don't already have it (looks like it's recommended by libpam-modules)00:14
twbI'll find out if this change request gets approved :-)00:15
capitanocrunchhello00:37
capitanocrunchim newbie playing with ubuntu server 12.0400:39
capitanocrunchi want to setup dns server but /etc/init.d/bind9 start fail00:40
twbUnless you need to stick with 12.04, it is a good idea to install a newer release --- 14.04 will be supported for longer than 12.04.  And I guess 16.04 is due out next month.00:41
=== mikal is now known as chair_occupier_t
=== chair_occupier_t is now known as chair_occupier_3
capitanocrunchthe issue with bind9 is: bridge.grumpy-troll.org/2012/05/pangolin-update/00:43
capitanocrunchso if i upgrade the distro, it will work without no fix/workaround needed?00:44
twbDon't know :-)00:57
twbI use nsd3 rather than bind.00:57
twb(But I'm weird, and I'm not a regular here.)00:57
twbFrom the URL you gave, it's not clear to me what the issue is00:58
=== Lcawte|Away is now known as Lcawte
=== Lcawte is now known as Lcawte|Away
karstensragehow do you guys deal with updating distros01:57
karstensragefor many many servers01:57
twbif $boss has his way, we just don't :/01:57
karstensrageare LTS -> LTS updates reliable?01:58
twbAssuming you use do-release-upgrade, they should be.01:58
twbI've blown my foot off once or twice by doing something it didn't expect, like writing "auto lo eth0" in interfaces(5), which the upgrade script didn't understand.01:59
karstensrageits seems like there could me a lot of stuff that has to manually updated if you change anything02:00
inteusyeah, mmight be a bit more difficult if you have a lot of customization02:01
twbIn Debian, weird things are just documented.  In Ubuntu, do-release-upgrade tries to automate it with scripts.02:01
twbThe weirder you are, the more likely the scripts are to fall over.02:01
twbBecause I'm very weird, I prefer the Debian approach :-)02:01
twbI also had problems where if do-release-upgrade crashed halfway, it didn't make any attempt to roll back02:02
twbSince most of my gear is stuck of 10.04, I can't comment on recent upgrades02:03
karstensrageseriously?02:05
twbya: 12:57 <twb> if $boss has his way, we just don't :/02:05
=== Lcawte|Away is now known as Lcawte
karstensragei get so much shit from the packaging community about wanting to put my packages on natty and saucy02:06
karstensragei keep telling them its not realistic to expect everyone to be on the latest02:07
karstensragei really dont like packaging02:07
=== Lcawte is now known as Lcawte|Away
twb"it's behind a firewall so it doesn't matter if it's EOLd"02:16
=== chair_occupier_3 is now known as mikal
=== n0Str3s5-AW is now known as n0Str3s5
nocontrolcan anyone please help http://stackoverflow.com/questions/35221886/export-foreman-workers-from-rails-app-to-systemd ?07:14
twb"foreman" is some kind of software?07:15
nocontrolyes, it's awesome07:16
twbWhat version of systemd do you have?  systemctl --version07:17
twbUnfortunately systemd's "No such file or directory" doesn't tell you *which* file it failed to access.  It could be seriapp.target, or some underlying file.07:18
twbThe fact that "systemctl start seriapp" reports seriapp.target instead of seriapp.service is suspicious.07:18
=== Algorithm is now known as ^King
twbWhat systemd units are you using / have you written?07:19
nocontroltwb: systemd 21507:19
twbAlso you wrote "export systemd /etc/init", which seems wrong to me -- /etc/init is for upstart, not systemd07:20
twbsystemd jobs typically go into /etc/systemd/system/07:20
nocontroltwb: I've done it wrong but now rvmsudo foreman export systemd -a seriapp -u deploy says I must specify a location07:20
nocontroltwb: yes I removed that07:20
nocontrolhmmm should I try with /etc/systemd/system ?07:20
twbI don't know.  It is not clear to me what your setup currently looks like.07:21
twbIt sounds like you made several mistakes at once, fixed some, and some are still there07:21
twbCan you pastebin a summary of what your system looks like right now?  e.g. "systemctl", "systemctl cat seriapp.service" "systemctl cat seriapp.target", &c07:21
nocontroltwb: I 've looked for a log file but it seems there isn't any in /var/log07:22
twbsystemd writes to a "journal", this starts out in /run and moves into /var/log/ later.  You read it with "journalctl" rather than by catting files in /var/log/.07:22
twbIf you are using rsyslog (or similar), you might ALSO have logs copied back out of journald into traditional logfiles07:22
nocontroltwb: systemctl cat seriapp.target doesn't return anything07:23
nocontroljournalctl -> No journal files were found.07:23
twbThat is interesting.07:24
tiblockHi. Is there software to automaticaly restart script that exit. I know you can use bash for this, but is there some package for that?07:24
twbnocontrol: what environment is this?  e.g. a regular Ubuntu 14.04 install, or what07:24
twbtiblock: there are many ways to achieve that, which to use depends on your specific case07:24
nocontroltwb: tbh it's a raspbian07:24
twbnocontrol: for raspbian, this is the wrong place07:25
twb!raspbian07:25
tiblocktwb, i just need to start binary file again when he crashes.07:25
nocontroltwb: does it have any difference ?07:25
twbOn #debian it says: 18:25 <dpkg> Raspbian is a distribution <based on Debian> made specifically for the <Raspberry Pi>.  Raspbian is not Debian and it is not supported in #debian.  Please use #raspbian on irc.freenode.net for support.   http://www.raspbian.org/07:25
twbnocontrol: I don't actually know!  That makes it hard to support :-)07:26
twbtiblock: if it is a daemon, you can tell upstart or systemd to restart it07:26
twbtiblock: if it is something like rtorrent, then the best way is different07:26
twbnocontrol: you could also try asking the foreman or ruby communities, or #systemd.07:27
tiblocktwb, its not daemon, its handmade thing. I mean if i do "./prog" then when it chashes nothing happens. I want "relaunch ./prog" so it will restart on crash. Is there such "relaunch" software?07:27
twbtiblock: hrm... I don't know of a good one07:28
twbtiblock: here is one I wrote years ago: http://cyber.com.au/~twb/.bin/twb-loop07:28
tiblocktwb, okay, will use .sh scripts. Thank you07:28
twbThe simplest is: while ! ./prog; do sleep 1; done07:28
twbBut that does not do exponential backoff, logging &c07:29
twbtiblock: you can ask #bash for help with writing scripts like this, but be aware they can be grumpy and rude :-)07:30
=== Algorithm is now known as ^King
=== jelly-home is now known as jelly
lordievaderGood morning.08:33
=== Lcawte|Away is now known as Lcawte
KimseAnybody here who can help me with an autofs/lxc issue: http://askubuntu.com/questions/729950/automouting-nfs-share-inside-natd-lxc-container-fails ?11:15
sb_9hi folks13:12
sb_9http://pastebin.com/UEyE83Ak13:19
tewardsb_9: iptables and ip6tables need to be configured individually13:25
tewardsb_9: so for permitted v6 addresses, you have to add ACCEPT rules for those sources going to that port13:25
=== Lcawte is now known as Lcawte|Away
tewardsb_9: i.e. ip6tables -I INPUT 1 -s ipv6-address -p tcp --dport 2070 -j ACCEPT13:26
tewardit looks like you already have one such rule in place though13:26
sb_9teward: configured ipv6 tables to allow the known ipv6 address. But DROP Rule from Ipv4 fireall configuration is rejecting the connection.13:26
tewardsb_9: no, because v6 goes through ip6tables rules13:27
tewardNOT iptables13:27
tewardtrust me, assuming iptables handled both v4 and v6 is how I got breached through the v6 IP on one of my VPSes13:27
tewardsb_9: are you getting timeouts or just "connection refused"?13:27
tewardconnection refused could mean it's not listening on v613:28
sb_9teward: it allowed to make a connection when i removed the DROP rule from iptables.13:28
tewardsb_9: that's likely because you're not using v6 as expected13:28
tewardsb_9: if the iptables rule is blocking, then you're going over v4, apparently13:28
sb_9teward: did i configured ipv6 wrongly.13:28
tewardip6tables is the one that would be handling v613:28
tewardsb_9: i can't say, i'm not at your location to do diagnostics - you have to make absolutely certain that the computer initiating the connection to the system is in fact using IPv613:29
tewardfor that connection attempt13:29
sb_9teward: i have configured ipv6, but it is not working as i expected.13:29
tewardsb_9: configured on the server, or the system you're using to reach to port 2070 on the target server?13:30
sb_9teward: configured on the server.13:31
tewardi'm not talking about the server13:31
tewardi'm talking about the client you're on13:31
tewardI.E.13:31
tewardwhich system is connecting to the server at port 207013:31
tewardsb_9: telnet -6 SERVERIPV6ADDRESS 207013:32
tewardafter putting that iptables rule back in place13:32
tewardif it works, then you know it's not an issue with the v6 on the server13:32
teward(yes it may not be telnet, it's just one way to see if there's a connection that can get through)13:33
sb_9teward: then what should be the issue. do you mean client system is trying with ipv4 connection?13:33
tewardyes that's exactly what i'm saying13:33
tewardsb_9: if the client system doesn't have proper v6 it may be falling back to v413:33
sb_9teward: i am testing with telnet only. but didn't tried  option   -6 .13:34
tewardin which case ip6tables wouldn't see it and iptables would13:34
tewardsb_9: use -6 - it forces IPv613:34
tewardsb_9: the client system you're using - does it have proper working v6?13:34
sb_9teward: since my client is trying to connect it. i just asked to send him the ip address shown by Google. "my ip address".13:35
tewardmake sure it's showing an ipv6 address13:36
tewardand if it is, then use `telnet -6` to *force* Ipv613:36
tewardif it's still not working, then it could be a client-side configuratin13:36
tewardbut if you don't *know* that you have properly-working IPv6, then that may be the issue13:37
sb_9teward: it is showing ipv6 address only.13:37
tewardsb_9: with -6 does it try and connect?13:37
teward(you never answered that heh)13:37
sb_9teward: not yet. need to do. But if it fails?13:38
tewardthen remove the ip6tables DROP rule and try again13:38
sb_9teward: to test that I need to connect my client system13:38
tewardif it still fails, it may be your client system that's not doing v6 right, through whatever connection is in place13:38
sb_9teward: okay. let me try it.13:39
sb_9teward: thanks for your suggestion.13:39
tewardwhee, power outage >.>13:42
m1dnight_I have a server here at my lab which keeps getting zombie processes.14:09
m1dnight_How can a process become a zombie process and not be collected by init?14:10
m1dnight_Can the application itself cause that?14:10
=== my-name is now known as kulyzu
=== catalase is now known as puppymonkeybaby
necrophcodr alright, i have a huge issue with postfix and virtualmin. I've got a virtual and canonical mapping going, and I want to restrict sending email to ONLY be allowed from addresses in virtual/canonical db15:41
necrophcodr currently i've used smtpd_sender_restrictions = reject_unauth_pipelining permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unlisted_sender reject_rbl_client cbl.abuseat.org reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net15:41
necrophcodri know a bit about how postfix works, but this one has me tied15:41
necrophcodri've read the ubuntu docs, and the postfix manuals including postconf(5)15:41
sdezielnecrophcodr: you could probably add a check_sender_access (http://www.postfix.org/postconf.5.html#check_sender_access) to your smtpd_sender_restrictions15:45
=== Lcawte|Away is now known as Lcawte
necrophcodralright, so having a canonical and virtual db setup with postfix, how do you use that to reject emails being sent from the server, not listed in those db?17:10
necrophcodrit can be as restrictive as possible or not, as long as only those in canonical/virtual maps are allowed to send17:11
sdezielnecrophcodr: make the DB lookup via the check_sender_access restriction17:14
necrophcodrsdeziel: is that really absolutely the only way? i mean if it is, it's what i'm gonna have to do, although that requires a different db17:15
sdezielnecrophcodr: maybe this would be better suited: http://www.postfix.org/postconf.5.html#reject_unlisted_sender17:19
necrophcodrsdeziel: the following is what i've been using17:22
necrophcodrsmtpd_sender_restrictions = reject_unlisted_sender, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject17:22
necrophcodrit wasn't enough17:22
sdezielnecrophcodr: odd. Maybe you could try debugging this with debug_peer_list. I'd also recommend checking postfix own IRC channel (if any) and/or the mailing list as I'm not familiar with postfix DB integration17:28
necrophcodrsdeziel: thanks, i'll give both a shot.17:29
kuly-zuwhen i run netstat i saw some PID/program-name has a -, even if it's run with sudo, why?18:01
teward!crosspost | kuly-zu18:02
ubottukuly-zu: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support.18:02
sdezielkuly-zu: connections opened by the kernel shows has having a prog name of "-"18:04
daum_hey guys - is there a good guide for the tuning of a server for high network activity.  We have a micro http service that is getting around 150k req/sec then makes at least one db request per to our db cluster over a second nic.18:13
ikoniawhat is your current network through put18:14
ikoniahow big is each request18:14
ikoniawhat does the processing of that request18:14
daum_looks like 38MiB RX, 31MiB tx on the http bound interface, then 15MiB rx and 26MiB txt on the DB facing interface18:15
daum_ikonia, the http requests are simple get requests18:15
ikoniayes but what do they do18:15
daum_processed by a netty app18:15
ikoniawhats serving them18:15
ikoniawhat is load thats creating18:16
ikoniahow many requests are those stats for18:16
daum_load right now is about 33% of capacity18:16
daum_150 req/sec  is the stats above18:16
ikoniawhat makes you think it won't scale up ?18:16
daum_just trying to look into tuning the network side same point we're tuning our app more18:16
ikoniaI think you'd need to look at a problem to "fix" rather than "generic" tuning18:17
ikoniaas what you change for A impacts B18:17
daum_true makes sense18:18
daum_i guess one question would be what to look for that points to network issues vs app level18:19
ikoniait will really depend on the behaviour18:20
ikoniadepending on what's happening you'll get a few tell tail signs18:20
ikoniabut it depends on the situation,18:20
=== Luke_ is now known as Luke

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!