/srv/irclogs.ubuntu.com/2016/07/13/#ubuntu-server.txt

b-yeezikantlivelong, with what?00:02
=== goddard_ is now known as goddard
goddardi have a problem where my wordpress site isn't able to connect to the mysql server02:52
goddardi can login to the server from phpmyadmin02:52
=== goddard_ is now known as goddard
codepython777where can i download all the current .deb files for 14.04.4?03:33
patdk-lapubuntu package servers03:40
patdk-laparchive.ubuntu.com and security.ubuntu.com03:40
=== IdleOne is now known as Guest19155
codepython777patdk-lap: which directory do i clone for getting to 14.04.4 packages?03:44
codepython777patdk-lap: http://archive.ubuntu.com/ubuntu/pool/main/ - are these files shared between multiple versions of ubuntu?03:44
patdk-lapyes03:46
patdk-lapuse something like apt-mirror03:46
codepython777patdk-lap: looks like one needs apache + apt-mirror?03:47
codepython777patdk-lap: is there a script somewhere that will mirror all .deb files for a given version (like 14.04.4)?03:47
patdk-lapya, apt-mirror03:48
codepython777patdk-lap: is there a one line command using apt-mirror to do what i need?03:48
patdk-lapsure, service apt-mirror start03:49
patdk-lapthough, I think it normally goes into cron03:49
codepython777patdk-lap: where does it write the .deb files?03:50
patdk-laphttp://manpages.ubuntu.com/manpages/trusty/man1/apt-mirror.1.html03:50
=== JanC_ is now known as JanC
=== Guest19155 is now known as IdleOne
jamespageddellav, coreycb: lots of experimental uploads from zigo over the last 24hr - which way do we need to catchup?08:14
=== _degorenko|afk is now known as degorenko
=== admcleod_ is now known as admcleod
YanickAny one have any good guides/books for high performance network tuning for ubuntu?10:28
Xinyanick; er, what in particular were you trying to tune..10:40
XinIt comes in a fairly '10:40
Xin'best for everyone' configuration10:41
YanickIDS, so IRQ cpu stuff etc.10:41
Yanickand kernel stuff to boost its performance10:41
Xinsee, none of that really means anything10:43
Xinlol10:43
Yanick?10:44
Xinfor most network adapters the driver already comes compiled into the core, irq's are utterly meaningless to do with anything 'optimization', 'cpu stuff' = ???10:45
Yanickmy plan was to split the traffic with 4 rss queues, and then have 4 suricata workers pinned to each CPU, not done or tested this before so thats why I asking, pretty much looking for a best practice guide / tutorial for high performance networking stuff10:48
cpaelzerYanick: in my personal experience in like 99.9% eventually it turns out that the tuning made it worse10:51
cpaelzerYanick: the reason is that you have to know a lot of your workload (sizes, timings, ...) to make good tunings10:52
cpaelzerYanick: especially since most really critical things are auto-tuning these days10:52
cpaelzerYanick: IRQs are local to the card you can set up rps (if your card can HW assist even more effectively) and the workers will migrate to the IRQ arriving cpu anyway10:53
Yanickcpaelzer: what about C and P states? should i just set it to max all the time or let the auto tuning do that too?10:53
cpaelzerYanick: as I said "in my experience" tuning rarely helps in the long term - people do it on a POC state and nobody realizes the workload changes later on10:54
cpaelzerYanick: you surely can do it, but it is not a one shot task - IMHO it has to be rechecked and reevaluated continuously10:54
cpaelzerYanick: that means you can do all of https://www.kernel.org/doc/Documentation/networking/scaling.txt but then it is "you" who have to take care it still applies over time10:56
cpaelzerand that is why I mean, I too often have seen environments where years ago someone tuned something and it is making it worse today10:56
Yanickcpaelzer: Tnx alot! :)10:57
Yanickcpaelzer: Got any experience with dpdk or any other kernel bypass methods? good? bad? hard?10:58
cpaelzerYanick: I'm the Ubuntu dpdk maintainer :-)11:02
cpaelzerYanick: it works, but it is a) not generally  helping but for special purposes and b) only maturing the last 12 months11:03
cpaelzerYanick: with b) I mean you see it getting more stable day by day which is great, but up until recently it was all too easy to hit severe bugs11:03
cpaelzerYanick: https://insights.ubuntu.com/2016/05/05/the-new-simplicity-to-consume-dpdk/ https://help.ubuntu.com/16.04/serverguide/DPDK.html11:04
cpaelzerYanick: so if you are using Openvswitch you have a good chance to gain some benefit, and I hope that with upcoming OVS 2.6 and DPDK 16.07 things are more stable11:05
cpaelzerYanick: but if you are just runnign some arbitrary service on your server they won't help you until they actually exploit DPDK11:05
cpaelzerYanick: I've seen work on nginx for that and there might be more I haven't seen11:05
cpaelzerYanick: the performance answer always was and probably always will be "it depends"11:06
Yanickcpaelzer: haha nice!11:12
Yanickcpaelzer: Done any performance test with lxd containers? much overhead/latency? would it be possible to run a 1gbps sensor(suricata) in lxd?11:14
cpaelzerTL;DR container (almost) always is as fast as without virtualization11:15
YanickThink I will give that a try :D need to set up a sniffing interface in promisc mode and map it into the container then?11:31
cpaelzerYanick: yeah you should just try and check if the bridge would eat up too much bandwidth11:43
cpaelzerYanick: I only found older LXC howtos, once he is online later on stgraber can point you to something recent for lxd11:43
Yanickcpaelzer: Thank you so much for your time :) appreciated!12:00
coreycbjamespage, we should be good for oslos and clients but most anything else could possibly need an update12:15
=== jelly is now known as ^jelly^
=== ^jelly^ is now known as jelly
jamespagefrickler, finally moving on the 10.2.2 update for ceph13:53
jamespageapols for the lag13:53
jamespagedropped under a carpet somewhere13:53
fricklerjamespage: np, thx for the update, most of the openstack stuff seems to have gotten into proposed yesterday already, so that should be fine for now14:03
jamespagefrickler, ceph accepted - takes some hours to build...14:03
fricklerjamespage: did you ever look at generating a set of packages with jemalloc enabled instead of tcmalloc? it seems that this is a compile-time-only decision due to the way some libraries are included, the variant using LD_PRELOAD doesn't seem to work anymore14:06
=== not_phunyguy is now known as phunyguy
CrashTestDummyHello. I configured my lxd on ubuntu 16.04 according to this tutorial on the interwebz : https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/16:06
CrashTestDummyThe problem is that i do noet get any DHCP address from my opnsense machine to the containers. The opnsense machine also does not seem to get a DHCP request from the containers16:07
roaksoaxCrashTestDummy: that's probably an issue with the bridge you are using16:08
CrashTestDummylog : https://codeshare.io/Ndexm16:08
CrashTestDummyI think so too, can you please help me by having a look at the codeshare to see if you find something strange ?16:09
compdocI removed lxd just so I dont have to see boot messages from it anymore16:10
CrashTestDummyBut i am actually using lxd16:11
compdocCrashTestDummy, how is you networking setup? pastebin.com your /etc/network/interfaces16:20
stokerHi, does anyone have a document which describes how to deploy maas, juju and openstack on xenial?16:20
stokerI have 8 HP SLG7 computes where I wish to do a deployment.16:21
CrashTestDummymy interfaces file is the last section of the codeshare16:21
CrashTestDummyhttps://codeshare.io/Ndexm16:22
=== JanC is now known as Guest81961
=== JanC_ is now known as JanC
=== degorenko is now known as _degorenko|afk
stokerIs there a way to deploy xenial from an ISO, providing a configuration file and skip all the questions it asks during install?16:41
naccstoker: you are referring to a preseed file16:42
naccstoker: and i think you can put a preseed file on the iso that will get loaded at install time16:42
stokerok, thanks16:43
stokerI'll google it16:43
naccstoker: https://help.ubuntu.com/community/Cobbler/Preseed is roughly a no-questions-asked install preseed16:43
naccstoker: https://wiki.debian.org/DebianInstaller/Preseed/EditIso16:43
stokernice16:45
naccstoker: i *think* (not sure, never tried it), but you might be able to pass the preseed as an install-time parameter to the installer kernel and it might also be able to d/l it, not sure if that requires specifically the netinstall kernel/initrd combo, though16:45
stokerI can remaster the ISO if necessary but DL would be real easy16:45
naccstoker: yeah, should be easy to test, at least16:46
naccstoker: note that depending on how you install, you might also need to pass things like the network configuration to the installer so that it can download the preseed16:46
naccstoker: at that point, you might as well pxe install :)16:46
stokerinception16:48
=== PaulW2U_ is now known as PaulW2U
cpaelzerrbasak: when you consider merge review priorities you might have a look at the last two comments in bug 156754017:33
ubottubug 1567540 in ntp (Ubuntu) "ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)" [High,Triaged] https://launchpad.net/bugs/156754017:33
cpaelzerrbasak: it seems it starts to get uncomfortable :-)17:33
tewardis there a known issue where landscape-client will eat up all the RAM and swap on small-sized servers?17:55
tewardand then not clean up after itself thereby nomming all the data?17:55
tewardXenial, by the way17:55
deadnullso I created a custom bind9 package from the deb-src, and I want to host on my mirror (using aptly) is there a way to fix the duplicate package (Writing more data than expected) error?17:57
sarnolddeadnull: what error is that? I don't think I've ever seen it..18:19
sarnolddeadnull: can you pastebin the error  and surrounding context?18:19
sarnoldteward: news to me, it might be news to them too :) maybe grab some ps output on the process every hour for a few days and paste the log to a bug?18:20
deadnullsarnold so the deal is I am running an aptly server. I am mirroring xenial, xenial-updates, and xenial-security. The issue is i build bind9 from source with mysql-dlz, which has different content then the distribution package in the xenial repo, so when I do an install, there is a conflict because the packages are different.18:24
deadnullI think I have found a way to remove the upstream bind9 package from my mirror so there is no conflict. the reason I am doing this is because I dont want to have deb-src enabled on my servers and compiling custom packages on servers.18:25
sarnolddeadnull: hmm, if you give your bind package a unique-to-you version number I think that ought to just work18:28
deadnullsarnold yea, looking into that as an option now, forgive my ignorance with dpkgs, how would I set a custom version/name - my google-fu is apparently failing me18:32
sarnolddeadnull: in the debian/changelog change the top-most version number -- adding -deadnull to the end would probably be sufficient18:32
sarnold(better yet, make your own new entry in the file, so you can see what you did to it the next time you have to rebuild :)18:33
deadnullwoot, thanks man, I really appreciate it!18:33
deadnulli was in the rules file18:33
sarnoldyeah, you can look and look and look and never spot it :)18:33
tewardsarnold: going to spin up a dns3 on my net and try and replicate18:50
tewardcan't have the only two DNS resolvers for my net having zero space for bind9 to use ;P18:50
sarnoldteward: are those auths or recursors?18:51
tewardsarnold: half-and-half.  internal recursors for my network, with authoritative on some of the domains (overriding public IP for private IP ranges and such necessary for proper internal network routing)18:52
sarnoldaha18:53
tewardsarnold: since the entire network runs DNS through there, I have to make sure those are 'up'18:54
teward100% swap and 98% RAM means it can't operate18:54
tewardwas able to get in and stop landscape-client and subprocesses with a kill -918:54
tewardfreed up all the swap and all but 100MB of RAM (in use by the rest of the system)18:55
tewardunclean approach, I know, but...18:55
tewardwith both DNS servers having 512MB RAM, and 512MB swap...18:55
tewardand landscape-client trying to nom almost a full gig...18:56
tewardsounds to me there's a memleak somewhere18:56
sarnoldit's quite possible :) hehe18:56
sarnoldI suspect most of the machines running landscape client have a bit more headroom18:56
tewardtrue18:57
tewardbut i noticed it eating 512 RAM and 48 MB on a 1024MB VPS so...18:57
tewardand fun fact: this doesn't happen with 14.0418:57
tewardit uses about half that.18:57
coreycbddellav, I synced saharaclient 0.15.018:58
Xinhey guys and girls I want to set up a proxy ring of sorts, and have it so that at a random given node, I siphon data out at random, but only my static ip is allowed.. any other traffic is put into an endless loop lol19:04
Slingwhat19:04
Xinso like 4 nodes of routing, mainly http but other stuff too, a full vpn19:06
XinI connect to one of these at random and make requests19:06
XinOnly that node should have the request, and should only perform it for my ip address19:07
Xinfor all other addresses, it should just infinitely loop 1,2,3,4,1,2,3,4 etc, or similar19:07
sarnoldand why should it do that?19:08
XinWell mainly for lols19:08
sarnolddo the owners of those machines pay you for bandwidth used? :)19:08
Xinthey're all my vps's19:09
Xingeologically sparse19:09
XinI also need to set up the full vpn thingy lol :/19:10
Xinnever done that before19:10
XinI was supposed to have a partner in all this but they bailed because they are a flake19:10
Xinmy mistake.19:10
Xinwhat id love is some kind of time sensitive token for everything over the vpn19:12
Xinso even if it were logged, at a later date, it would be irrecoverable essentially19:12
Xinim not doing anything dodgy, I just want to be as secure as possible19:14
Xinsecurity isnt really my thing though19:14
sarnoldI think the DHE ciphersuites will provide that19:14
Xinoh yeah?19:14
Xinwhat vpn server would you recommend?19:14
Xinor how do I configure such a thing haha19:15
sarnoldthe best VPN i've ever used was an IPSec configuration; but that doesn't always work through e.g. terrible hotels.19:15
sarnoldopenvpn seems to have a lot of fans, it seems to be able to work through a lot of terrible misconfigured networks19:16
Xinyeah that seems to be the go19:18
=== Guest2189 is now known as yebyen
Xinso I basically just want to steal its network stack19:24
Xinum19:24
Xinis that what a vpn inherently does?19:24
Xinor do I need other software for each specific protocol19:24
sarnolddepends on the VPN software, most can provide generic IP support so they can route any IP-based protocol, usually icmp, udp, and tcp19:26
sarnoldbut e.g. tor is limited to just tcp, drastically reducing what it can be used for19:26
Xinyeah, I was thinking about using an anonymous vpn that then routes through tor19:28
Xinis that overkill lol19:28
skylitebtw any working ideas to block tor traffic?19:28
Xincut your network cables19:29
sarnoldskylite: the list of exit nodes is published, just drop packets from them19:29
Xinworks 100%19:29
skylitesarnold wow. all of them?19:29
sarnoldskylite: yeah19:30
skylitecool19:31
Xinso is it overkill? is it even a good idea at all?19:32
Xinitd be nice to have a tor address too19:32
Xinim not sure how all that works19:32
XinI also need to be able to coordinate one task between all the nodes if I so choose19:55
Xineg I might install a new package19:55
XinI dont want to do that on every vps19:55
Xinnor do I want an apt-get specific solution. I want to essentially batch bash lol19:55
=== m1dnight1 is now known as m1dnight_
Xinok so I have openvpn20:44
=== tanuki_ is now known as tanuki
kzaitsev_wsI have a possible very dumb question, but can't really find the answer anywhere =)21:54
kzaitsev_wsdo SRU bugs go to https://launchpad.net/ubuntu/ ?21:55
kzaitsev_wsI'm in the process of understanding how to propose an update to my openstack project's package to cloud-archive21:56
rbasakSRU bugs go to the usual place for the package - https://bugs.launchpad.net/ubuntu/+source/<source package name>22:04
rbasakThen they need to have a series added for the SRU target.22:04
rbasakI don't remember what we do to track bugfixes in the cloud archive specifically. coreycb may be able to help you with that.22:05
Xinif I told you my name was Todd Aspen22:13
Xinwould that seem legit to you22:13
kzaitsev_wsrbasak: yep, I've been pinging him for a day or two =) I think he's somewhere in Europe and is asleep now =)22:24
kzaitsev_wsXin: now that's a really weird thing to stumble into =)22:25
terjewhen enrolling machines in maas, is it possible to specify a naming schema?22:28

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!