b-yeezi | kantlivelong, with what? | 00:02 |
---|---|---|
=== goddard_ is now known as goddard | ||
goddard | i have a problem where my wordpress site isn't able to connect to the mysql server | 02:52 |
goddard | i can login to the server from phpmyadmin | 02:52 |
=== goddard_ is now known as goddard | ||
codepython777 | where can i download all the current .deb files for 14.04.4? | 03:33 |
patdk-lap | ubuntu package servers | 03:40 |
patdk-lap | archive.ubuntu.com and security.ubuntu.com | 03:40 |
=== IdleOne is now known as Guest19155 | ||
codepython777 | patdk-lap: which directory do i clone for getting to 14.04.4 packages? | 03:44 |
codepython777 | patdk-lap: http://archive.ubuntu.com/ubuntu/pool/main/ - are these files shared between multiple versions of ubuntu? | 03:44 |
patdk-lap | yes | 03:46 |
patdk-lap | use something like apt-mirror | 03:46 |
codepython777 | patdk-lap: looks like one needs apache + apt-mirror? | 03:47 |
codepython777 | patdk-lap: is there a script somewhere that will mirror all .deb files for a given version (like 14.04.4)? | 03:47 |
patdk-lap | ya, apt-mirror | 03:48 |
codepython777 | patdk-lap: is there a one line command using apt-mirror to do what i need? | 03:48 |
patdk-lap | sure, service apt-mirror start | 03:49 |
patdk-lap | though, I think it normally goes into cron | 03:49 |
codepython777 | patdk-lap: where does it write the .deb files? | 03:50 |
patdk-lap | http://manpages.ubuntu.com/manpages/trusty/man1/apt-mirror.1.html | 03:50 |
=== JanC_ is now known as JanC | ||
=== Guest19155 is now known as IdleOne | ||
jamespage | ddellav, coreycb: lots of experimental uploads from zigo over the last 24hr - which way do we need to catchup? | 08:14 |
=== _degorenko|afk is now known as degorenko | ||
=== admcleod_ is now known as admcleod | ||
Yanick | Any one have any good guides/books for high performance network tuning for ubuntu? | 10:28 |
Xin | yanick; er, what in particular were you trying to tune.. | 10:40 |
Xin | It comes in a fairly ' | 10:40 |
Xin | 'best for everyone' configuration | 10:41 |
Yanick | IDS, so IRQ cpu stuff etc. | 10:41 |
Yanick | and kernel stuff to boost its performance | 10:41 |
Xin | see, none of that really means anything | 10:43 |
Xin | lol | 10:43 |
Yanick | ? | 10:44 |
Xin | for most network adapters the driver already comes compiled into the core, irq's are utterly meaningless to do with anything 'optimization', 'cpu stuff' = ??? | 10:45 |
Yanick | my plan was to split the traffic with 4 rss queues, and then have 4 suricata workers pinned to each CPU, not done or tested this before so thats why I asking, pretty much looking for a best practice guide / tutorial for high performance networking stuff | 10:48 |
cpaelzer | Yanick: in my personal experience in like 99.9% eventually it turns out that the tuning made it worse | 10:51 |
cpaelzer | Yanick: the reason is that you have to know a lot of your workload (sizes, timings, ...) to make good tunings | 10:52 |
cpaelzer | Yanick: especially since most really critical things are auto-tuning these days | 10:52 |
cpaelzer | Yanick: IRQs are local to the card you can set up rps (if your card can HW assist even more effectively) and the workers will migrate to the IRQ arriving cpu anyway | 10:53 |
Yanick | cpaelzer: what about C and P states? should i just set it to max all the time or let the auto tuning do that too? | 10:53 |
cpaelzer | Yanick: as I said "in my experience" tuning rarely helps in the long term - people do it on a POC state and nobody realizes the workload changes later on | 10:54 |
cpaelzer | Yanick: you surely can do it, but it is not a one shot task - IMHO it has to be rechecked and reevaluated continuously | 10:54 |
cpaelzer | Yanick: that means you can do all of https://www.kernel.org/doc/Documentation/networking/scaling.txt but then it is "you" who have to take care it still applies over time | 10:56 |
cpaelzer | and that is why I mean, I too often have seen environments where years ago someone tuned something and it is making it worse today | 10:56 |
Yanick | cpaelzer: Tnx alot! :) | 10:57 |
Yanick | cpaelzer: Got any experience with dpdk or any other kernel bypass methods? good? bad? hard? | 10:58 |
cpaelzer | Yanick: I'm the Ubuntu dpdk maintainer :-) | 11:02 |
cpaelzer | Yanick: it works, but it is a) not generally helping but for special purposes and b) only maturing the last 12 months | 11:03 |
cpaelzer | Yanick: with b) I mean you see it getting more stable day by day which is great, but up until recently it was all too easy to hit severe bugs | 11:03 |
cpaelzer | Yanick: https://insights.ubuntu.com/2016/05/05/the-new-simplicity-to-consume-dpdk/ https://help.ubuntu.com/16.04/serverguide/DPDK.html | 11:04 |
cpaelzer | Yanick: so if you are using Openvswitch you have a good chance to gain some benefit, and I hope that with upcoming OVS 2.6 and DPDK 16.07 things are more stable | 11:05 |
cpaelzer | Yanick: but if you are just runnign some arbitrary service on your server they won't help you until they actually exploit DPDK | 11:05 |
cpaelzer | Yanick: I've seen work on nginx for that and there might be more I haven't seen | 11:05 |
cpaelzer | Yanick: the performance answer always was and probably always will be "it depends" | 11:06 |
Yanick | cpaelzer: haha nice! | 11:12 |
Yanick | cpaelzer: Done any performance test with lxd containers? much overhead/latency? would it be possible to run a 1gbps sensor(suricata) in lxd? | 11:14 |
cpaelzer | TL;DR container (almost) always is as fast as without virtualization | 11:15 |
Yanick | Think I will give that a try :D need to set up a sniffing interface in promisc mode and map it into the container then? | 11:31 |
cpaelzer | Yanick: yeah you should just try and check if the bridge would eat up too much bandwidth | 11:43 |
cpaelzer | Yanick: I only found older LXC howtos, once he is online later on stgraber can point you to something recent for lxd | 11:43 |
Yanick | cpaelzer: Thank you so much for your time :) appreciated! | 12:00 |
coreycb | jamespage, we should be good for oslos and clients but most anything else could possibly need an update | 12:15 |
=== jelly is now known as ^jelly^ | ||
=== ^jelly^ is now known as jelly | ||
jamespage | frickler, finally moving on the 10.2.2 update for ceph | 13:53 |
jamespage | apols for the lag | 13:53 |
jamespage | dropped under a carpet somewhere | 13:53 |
frickler | jamespage: np, thx for the update, most of the openstack stuff seems to have gotten into proposed yesterday already, so that should be fine for now | 14:03 |
jamespage | frickler, ceph accepted - takes some hours to build... | 14:03 |
frickler | jamespage: did you ever look at generating a set of packages with jemalloc enabled instead of tcmalloc? it seems that this is a compile-time-only decision due to the way some libraries are included, the variant using LD_PRELOAD doesn't seem to work anymore | 14:06 |
=== not_phunyguy is now known as phunyguy | ||
CrashTestDummy | Hello. I configured my lxd on ubuntu 16.04 according to this tutorial on the interwebz : https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/ | 16:06 |
CrashTestDummy | The problem is that i do noet get any DHCP address from my opnsense machine to the containers. The opnsense machine also does not seem to get a DHCP request from the containers | 16:07 |
roaksoax | CrashTestDummy: that's probably an issue with the bridge you are using | 16:08 |
CrashTestDummy | log : https://codeshare.io/Ndexm | 16:08 |
CrashTestDummy | I think so too, can you please help me by having a look at the codeshare to see if you find something strange ? | 16:09 |
compdoc | I removed lxd just so I dont have to see boot messages from it anymore | 16:10 |
CrashTestDummy | But i am actually using lxd | 16:11 |
compdoc | CrashTestDummy, how is you networking setup? pastebin.com your /etc/network/interfaces | 16:20 |
stoker | Hi, does anyone have a document which describes how to deploy maas, juju and openstack on xenial? | 16:20 |
stoker | I have 8 HP SLG7 computes where I wish to do a deployment. | 16:21 |
CrashTestDummy | my interfaces file is the last section of the codeshare | 16:21 |
CrashTestDummy | https://codeshare.io/Ndexm | 16:22 |
=== JanC is now known as Guest81961 | ||
=== JanC_ is now known as JanC | ||
=== degorenko is now known as _degorenko|afk | ||
stoker | Is there a way to deploy xenial from an ISO, providing a configuration file and skip all the questions it asks during install? | 16:41 |
nacc | stoker: you are referring to a preseed file | 16:42 |
nacc | stoker: and i think you can put a preseed file on the iso that will get loaded at install time | 16:42 |
stoker | ok, thanks | 16:43 |
stoker | I'll google it | 16:43 |
nacc | stoker: https://help.ubuntu.com/community/Cobbler/Preseed is roughly a no-questions-asked install preseed | 16:43 |
nacc | stoker: https://wiki.debian.org/DebianInstaller/Preseed/EditIso | 16:43 |
stoker | nice | 16:45 |
nacc | stoker: i *think* (not sure, never tried it), but you might be able to pass the preseed as an install-time parameter to the installer kernel and it might also be able to d/l it, not sure if that requires specifically the netinstall kernel/initrd combo, though | 16:45 |
stoker | I can remaster the ISO if necessary but DL would be real easy | 16:45 |
nacc | stoker: yeah, should be easy to test, at least | 16:46 |
nacc | stoker: note that depending on how you install, you might also need to pass things like the network configuration to the installer so that it can download the preseed | 16:46 |
nacc | stoker: at that point, you might as well pxe install :) | 16:46 |
stoker | inception | 16:48 |
=== PaulW2U_ is now known as PaulW2U | ||
cpaelzer | rbasak: when you consider merge review priorities you might have a look at the last two comments in bug 1567540 | 17:33 |
ubottu | bug 1567540 in ntp (Ubuntu) "ntpd crashed with SIGABRT (was: ntp crashes everytime the network goes up or down.)" [High,Triaged] https://launchpad.net/bugs/1567540 | 17:33 |
cpaelzer | rbasak: it seems it starts to get uncomfortable :-) | 17:33 |
teward | is there a known issue where landscape-client will eat up all the RAM and swap on small-sized servers? | 17:55 |
teward | and then not clean up after itself thereby nomming all the data? | 17:55 |
teward | Xenial, by the way | 17:55 |
deadnull | so I created a custom bind9 package from the deb-src, and I want to host on my mirror (using aptly) is there a way to fix the duplicate package (Writing more data than expected) error? | 17:57 |
sarnold | deadnull: what error is that? I don't think I've ever seen it.. | 18:19 |
sarnold | deadnull: can you pastebin the error and surrounding context? | 18:19 |
sarnold | teward: news to me, it might be news to them too :) maybe grab some ps output on the process every hour for a few days and paste the log to a bug? | 18:20 |
deadnull | sarnold so the deal is I am running an aptly server. I am mirroring xenial, xenial-updates, and xenial-security. The issue is i build bind9 from source with mysql-dlz, which has different content then the distribution package in the xenial repo, so when I do an install, there is a conflict because the packages are different. | 18:24 |
deadnull | I think I have found a way to remove the upstream bind9 package from my mirror so there is no conflict. the reason I am doing this is because I dont want to have deb-src enabled on my servers and compiling custom packages on servers. | 18:25 |
sarnold | deadnull: hmm, if you give your bind package a unique-to-you version number I think that ought to just work | 18:28 |
deadnull | sarnold yea, looking into that as an option now, forgive my ignorance with dpkgs, how would I set a custom version/name - my google-fu is apparently failing me | 18:32 |
sarnold | deadnull: in the debian/changelog change the top-most version number -- adding -deadnull to the end would probably be sufficient | 18:32 |
sarnold | (better yet, make your own new entry in the file, so you can see what you did to it the next time you have to rebuild :) | 18:33 |
deadnull | woot, thanks man, I really appreciate it! | 18:33 |
deadnull | i was in the rules file | 18:33 |
sarnold | yeah, you can look and look and look and never spot it :) | 18:33 |
teward | sarnold: going to spin up a dns3 on my net and try and replicate | 18:50 |
teward | can't have the only two DNS resolvers for my net having zero space for bind9 to use ;P | 18:50 |
sarnold | teward: are those auths or recursors? | 18:51 |
teward | sarnold: half-and-half. internal recursors for my network, with authoritative on some of the domains (overriding public IP for private IP ranges and such necessary for proper internal network routing) | 18:52 |
sarnold | aha | 18:53 |
teward | sarnold: since the entire network runs DNS through there, I have to make sure those are 'up' | 18:54 |
teward | 100% swap and 98% RAM means it can't operate | 18:54 |
teward | was able to get in and stop landscape-client and subprocesses with a kill -9 | 18:54 |
teward | freed up all the swap and all but 100MB of RAM (in use by the rest of the system) | 18:55 |
teward | unclean approach, I know, but... | 18:55 |
teward | with both DNS servers having 512MB RAM, and 512MB swap... | 18:55 |
teward | and landscape-client trying to nom almost a full gig... | 18:56 |
teward | sounds to me there's a memleak somewhere | 18:56 |
sarnold | it's quite possible :) hehe | 18:56 |
sarnold | I suspect most of the machines running landscape client have a bit more headroom | 18:56 |
teward | true | 18:57 |
teward | but i noticed it eating 512 RAM and 48 MB on a 1024MB VPS so... | 18:57 |
teward | and fun fact: this doesn't happen with 14.04 | 18:57 |
teward | it uses about half that. | 18:57 |
coreycb | ddellav, I synced saharaclient 0.15.0 | 18:58 |
Xin | hey guys and girls I want to set up a proxy ring of sorts, and have it so that at a random given node, I siphon data out at random, but only my static ip is allowed.. any other traffic is put into an endless loop lol | 19:04 |
Sling | what | 19:04 |
Xin | so like 4 nodes of routing, mainly http but other stuff too, a full vpn | 19:06 |
Xin | I connect to one of these at random and make requests | 19:06 |
Xin | Only that node should have the request, and should only perform it for my ip address | 19:07 |
Xin | for all other addresses, it should just infinitely loop 1,2,3,4,1,2,3,4 etc, or similar | 19:07 |
sarnold | and why should it do that? | 19:08 |
Xin | Well mainly for lols | 19:08 |
sarnold | do the owners of those machines pay you for bandwidth used? :) | 19:08 |
Xin | they're all my vps's | 19:09 |
Xin | geologically sparse | 19:09 |
Xin | I also need to set up the full vpn thingy lol :/ | 19:10 |
Xin | never done that before | 19:10 |
Xin | I was supposed to have a partner in all this but they bailed because they are a flake | 19:10 |
Xin | my mistake. | 19:10 |
Xin | what id love is some kind of time sensitive token for everything over the vpn | 19:12 |
Xin | so even if it were logged, at a later date, it would be irrecoverable essentially | 19:12 |
Xin | im not doing anything dodgy, I just want to be as secure as possible | 19:14 |
Xin | security isnt really my thing though | 19:14 |
sarnold | I think the DHE ciphersuites will provide that | 19:14 |
Xin | oh yeah? | 19:14 |
Xin | what vpn server would you recommend? | 19:14 |
Xin | or how do I configure such a thing haha | 19:15 |
sarnold | the best VPN i've ever used was an IPSec configuration; but that doesn't always work through e.g. terrible hotels. | 19:15 |
sarnold | openvpn seems to have a lot of fans, it seems to be able to work through a lot of terrible misconfigured networks | 19:16 |
Xin | yeah that seems to be the go | 19:18 |
=== Guest2189 is now known as yebyen | ||
Xin | so I basically just want to steal its network stack | 19:24 |
Xin | um | 19:24 |
Xin | is that what a vpn inherently does? | 19:24 |
Xin | or do I need other software for each specific protocol | 19:24 |
sarnold | depends on the VPN software, most can provide generic IP support so they can route any IP-based protocol, usually icmp, udp, and tcp | 19:26 |
sarnold | but e.g. tor is limited to just tcp, drastically reducing what it can be used for | 19:26 |
Xin | yeah, I was thinking about using an anonymous vpn that then routes through tor | 19:28 |
Xin | is that overkill lol | 19:28 |
skylite | btw any working ideas to block tor traffic? | 19:28 |
Xin | cut your network cables | 19:29 |
sarnold | skylite: the list of exit nodes is published, just drop packets from them | 19:29 |
Xin | works 100% | 19:29 |
skylite | sarnold wow. all of them? | 19:29 |
sarnold | skylite: yeah | 19:30 |
skylite | cool | 19:31 |
Xin | so is it overkill? is it even a good idea at all? | 19:32 |
Xin | itd be nice to have a tor address too | 19:32 |
Xin | im not sure how all that works | 19:32 |
Xin | I also need to be able to coordinate one task between all the nodes if I so choose | 19:55 |
Xin | eg I might install a new package | 19:55 |
Xin | I dont want to do that on every vps | 19:55 |
Xin | nor do I want an apt-get specific solution. I want to essentially batch bash lol | 19:55 |
=== m1dnight1 is now known as m1dnight_ | ||
Xin | ok so I have openvpn | 20:44 |
=== tanuki_ is now known as tanuki | ||
kzaitsev_ws | I have a possible very dumb question, but can't really find the answer anywhere =) | 21:54 |
kzaitsev_ws | do SRU bugs go to https://launchpad.net/ubuntu/ ? | 21:55 |
kzaitsev_ws | I'm in the process of understanding how to propose an update to my openstack project's package to cloud-archive | 21:56 |
rbasak | SRU bugs go to the usual place for the package - https://bugs.launchpad.net/ubuntu/+source/<source package name> | 22:04 |
rbasak | Then they need to have a series added for the SRU target. | 22:04 |
rbasak | I don't remember what we do to track bugfixes in the cloud archive specifically. coreycb may be able to help you with that. | 22:05 |
Xin | if I told you my name was Todd Aspen | 22:13 |
Xin | would that seem legit to you | 22:13 |
kzaitsev_ws | rbasak: yep, I've been pinging him for a day or two =) I think he's somewhere in Europe and is asleep now =) | 22:24 |
kzaitsev_ws | Xin: now that's a really weird thing to stumble into =) | 22:25 |
terje | when enrolling machines in maas, is it possible to specify a naming schema? | 22:28 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!