/srv/irclogs.ubuntu.com/2017/02/06/#ubuntu-server.txt

rizonztomreyn: ok00:05
ChmEarlwhen using ubuntu-server ISO, ubiquity is not used, only d-i?01:03
rfkrocktkHello! We are running ami-9e158c89 in us-east-1, which is an Ubuntu 14.04 image. We had a very strange issue where three servers running RabbitMQ in a VPC simultaneously started freaking out, claiming they could not write to disk until the kernel killed the processes. When we reviewed this with our Amazon account managers and an actual EC2 developer, we were01:19
rfkrocktktold to reach out to Canonical and that there was a known bug in the enhanced networking drivers for Ubuntu 14.04. Is there a known bug?01:19
pmatulisrfkrocktk, maybe pastebin some logs02:43
rfkrocktkI'll try to do that, but I honestly think it was just AWS lying to us about some underlying problem 😈02:45
rfkrocktkIt was more of a general query regarding the enhanced networking driver in 14.04, are you aware of any significant (or otherwise) bug reports concerning it in 14.04 EC2 AMIs?02:46
patdk-laprfkrocktk, if you didn't manually update the driver, yes02:50
patdk-lapI have a newer driver in my ppa02:50
patdk-lapit's documented from intel02:51
rfkrocktkcan you link to the bug? how long ago was it?02:51
patdk-lapthe bug is linked to right on aws ec2 page, where it documents the enhanced network option02:51
rfkrocktktrying to find02:51
rfkrocktkit's not on here: https://help.ubuntu.com/community/EC2StartersGuide02:52
patdk-laphttp://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sriov-networking.html02:52
rfkrocktkthank you patdk-lap02:54
patdk-lapthat ubuntu page doesn't talk about enhanced networking at all02:54
patdk-laphttps://launchpad.net/~patrickdk/+archive/ubuntu/production/+sourcepub/4863517/+listing-archive-extra02:54
patdk-lapI made it a dkms, unlike the aws page, you won't have to screw with it again on each kernel update02:54
patdk-lapnever had any issues, ran some very large and high traffic mongo servers on it02:55
patdk-lapI should probably update my package02:58
rfkrocktkI can't seem to find the actual bug03:12
patdk-lapwhat?03:12
rfkrocktklike they mention that there is a bug but they don't clarify what it is03:13
rfkrocktkunfortunately03:13
patdk-lapyes, it's MANY bugs03:13
rfkrocktk😬03:13
patdk-lapsvio support wasn't very good in versions < 2.1403:14
patdk-lapif you are expecting aws to file a bug against ubuntu, your mistaken03:16
patdk-lapyou would have to file that bug, aws couldn't care less03:16
patdk-lapaws already went and did the work and found that you need >= 2.14 to be stable03:16
patdk-lapthe version in ubuntu 14.04 is 2.11.3-k03:17
rfkrocktkI'm just wondering why Canonical hasn't published an updated version of the driver in their EC2 AMI images.03:20
rfkrocktkIf this is a known issue, then it would make sense for canonical to address it by publishing a fix.03:21
patdk-lapask them03:21
patdk-lapI wouldn't assume they know about it though03:22
patdk-laphttps://bugs.launchpad.net/cloud-images/+bug/125493003:23
ubottuLaunchpad bug 1254930 in cloud-images "AMIs do not have EC2 Enhanced Networking flag set" [Undecided,Confirmed]03:23
rfkrocktkthank you, this is the bug03:25
lordievaderGood morning09:00
=== disposable3 is now known as disposable2
=== jamespag` is now known as jamespage
Genk1Hello all12:13
lordievadero/12:14
Genk1What is the best strategy for a mail server High avaibility ?12:14
Genk1I have postfix and devecot running on the same server and I want to create a backup (slave) for taking control in case of the master faillure12:15
bhuddahhaving more than one, i guess.12:15
refeaimeHi chat12:16
bhuddahGenk1: what level of HA are you aiming for?12:16
Genk1bhuddah, I didn't get the point ? can you explain more please ? thanks12:17
bhuddahGenk1: it's not necessarily a fail-over setup you want. you can also have active-active setups. it all depends on what your goal is. and your budget.12:18
Genk1bhuddah, I have a distant cloud environment of 3 VM12:18
Genk1bhuddah, my goal is to always have the service UP and I guess an active-active setup is not necessary in my case12:19
Genk1I don't have a huge traffic12:19
bhuddahGenk1: "always" is impossible.12:19
Genk1bhuddah, Ok let's say a 99.99 % avaibility then :)12:19
bhuddahGenk1: it sounds like a simple backup will be enough.12:20
bhuddahGenk1: depending on the size of the mail store you might need some time to restore though.12:21
Genk1bhuddah, you mean a secondary MX server ?12:21
bhuddahGenk1: i just mean a traditional data backup. regular and tested.12:21
Genk1bhuddah, OK, what's about the cost in system faillure ? do I have to operate manually ?12:21
Genk1bhuddah, hmm12:22
bhuddahas long as your downtime is shorter than a couple of days you won't lose any mail. so you just gotta make sure that you can restore quick enough. (in a couple of hours)12:22
Genk1bhuddah, you mean to simply backup files and be able to mount a server quickly ?12:22
bhuddahGenk1: you can get quite quick with that if you train it regularly.12:23
Genk1bhuddah, I see, but the problem is that the operators need to answer mails as fast as possible12:23
Genk1bhuddah, the corporate activity is depending heavily on emailing system12:24
bhuddahthe system will fail. sooner or later.12:25
bhuddaha good single system will last years and years before you have unscheduled downtime.12:26
Genk1bhuddah, OK I see12:27
Genk1what if I want to go with an MX backup ?12:27
Genk1having 2 servers operating if the master fail the secondary server takes control ?12:27
bhuddahof course you can grow your system to multiple mx servers12:28
bhuddahcluster operation is necessarily a lot more complex than single server systems.12:28
Genk1bhuddah, you're absolutly right12:29
Genk1but what can you suggest me for a multiple mx setup ?12:29
bhuddahit's a trade off where you might gain little and have a lot more risk to handle.12:29
bhuddahi'd run with multiple active MX's then.12:30
Genk1especially if I have 2 systems to put in HA (Postfix and devecot)12:30
bhuddahthey can throw mails in a centralized backend storage pool.12:30
Genk1hmm12:30
bhuddahand users access that storage pool via the dovecot server(s)12:31
Genk1bhuddah, perfect thank you al ot12:39
bhuddahGenk1: good luck.12:40
Genk1bhuddah, Ah! one last question please. how about the storage pool ? what can you suggest me for a clouding environement ? using Gluster, NFS.. for example ?12:41
bhuddahusually whatever you already have for storage.12:41
Genk1bhuddah, hmm I don't think that our hoster has a lot of things to offer in that area12:42
bhuddahsome might just use a NAS. others might have a larger SAN storage.12:42
Genk1bhuddah, what's about rsync ?12:42
bhuddahno. it must be real-time. in that case.12:43
Genk1bhuddah, wow OK that's the difficult point then12:44
bhuddahHA systems are complicated.12:45
Genk1bhuddah, true, and cost a lot12:45
bhuddahyou can calculate how much a day or two downtime cost.12:45
Genk1bhuddah, but I don't see the need for a real-time stuff ? I think that 1 min and more is tolerable in our case12:46
bhuddahand then you know what you can invest to mitigate that.12:46
Genk1bhuddah, yes true12:46
bhuddahGenk1: the point isn't the speed but the shared locking because there are multiple paths through the system.12:46
Genk1bhuddah, you're right12:47
patdk-lapbhuddah? your cheap vps provider will last years and years before you have any kind of outage? not true12:48
patdk-lapI don't know why you want to get all fancy attempting to make this HA12:49
cpaelzercoreycb: zul: hi, the qemu triggered nova test opn ppc64el failed again - did you happen to find what it really is?12:49
patdk-lapjust use simple dovecot built in HA12:49
zulcpaelzer: no i wasnt able to reproduce it12:49
patdk-laphttp://wiki.dovecot.org/Replication12:49
bhuddahpatdk-lap: you get what you pay for. certainly. so the cheapo vps provider will fail earlier :)12:49
coreycbcpaelzer, zul: well for our failing deployment which hit a similar issue, it was due to needing a newer version of seabios backported to the cloud archive12:50
zulcpaelzer: i was thinking of getting back on a ppc64el and running autopkgtest12:52
cpaelzerzul: ok, the seabios in zesty is pretty new (4 weeks)12:56
cpaelzerzul: your access on the machine of last week should still be good12:57
cpaelzerzul: please let me know if I can help to resolve12:57
zulk12:58
zulcoreycb: im going to start on the rc1 candidates but not upload them13:40
coreycbzul, ok13:41
jdstrandtomreyn: fyi, 'ufw disable' is good enough13:52
jemooHelp! i can not send mail from one pc to another which are in the same network!14:38
jemooi only see the mail in side the sender pc /var/mail....lab114:39
jemoothe sender pc is using exim4 and the receiver pc is using postfix14:42
jemoohelpp!!!!14:42
jemooany one in here and help!14:44
jemooHelp! i can not send mail from one pc to another which are in the same network!14:48
jemooi only see the mail in side the sender pc /var/mail....lab114:48
jemooHelppp!14:48
jemooHelp! i can not send mail from one pc to another which are in the same network!15:22
jemooi only see the mail in side the sender pc /var/mail....lab115:23
lordievader!patience | jemoo15:37
ubottujemoo: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/15:37
sonu_nki am installing webmin on ubutnu server.. but when i tried  lsb_release -a it is showing me  " No LSB modules are available. | Distributor ID: Debian  | Description: Debian GNU/Linux 8.6 (jessie) | Release: 8.6"16:16
UssatFYI:  https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html16:17
pmatulis!webmin16:23
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.16:23
Picialso that16:24
blueking I have a firewall on ubuntu...   have set policy rules and zones... app on ubuntu itself   does it use loc or fw  ?18:12
patdk-wkwhat firewall software are you using?18:13
patdk-wkbut normally anything on the machine itself is fw18:13
bluekingok18:13
bluekingso what are 'loc' for ?18:13
patdk-wkno idea, what did you configure loc as?18:14
bluekingloc = local ?18:14
patdk-wkif I make a very broad guess, loc might mean local, and stand for anything coming from the local network18:14
bluekingah ofc  'facepalm'18:15
bluekingwas thinking local = machine itself18:15
patdk-wkI don't use local in any of my firewall configs18:16
drabhi, trying to preseed some boxes where the OS disk already has some stuff on it. No matter what I try I keep being prompted about what to do with my disk18:39
drabI would like to simply tell the install to nuke whatever is there and install as if it was a blank drive, ignoring all partitions18:39
drabanybody that has had that problem and has a working config?18:40
geniidrab: Use the partitioning recipe section in the sample preseed file to go by. It has the other options given as well to automatically proceed and so on. https://help.ubuntu.com/lts/installation-guide/example-preseed.txt18:45
geniidrab: The relevant section says "# This makes partman automatically partition without confirmation, provided18:47
genii# that you told it what to do using one of the methods above." with the d-i options to use below18:47
drabgenii: yeah I already have all of that, and it works on blank drive, but not on a drive on which for example windows had been installed on18:53
drabor another version of ubuntu for that matter18:53
drabI've seen some people having similar problems if the drive in question had lvm on it and the autodetect would find the volumes and try to reuse them despite the options in the preseed18:56
drabsome of those folks seem to have sort of abused the d-i early_command to delete the VGs and delete the MBR18:57
geniidrab: I had before an automatic install system with preseed. Unfortunately I do not currently have access to the preseed options that were used. But when for instance it stalled I would examine the output of console 4 for what kind of input it was expecting then alter the preseed accordingly18:58
drabgenii: how do you check? I guess I'll test that later, I thought I cycled through all the terminals and don't remember a way to see what questions exactly it was asking19:11
drabif that was possible that'd be great19:11
geniiWith server install it gives you 4 terminals, tty0 is the default you see, tty1 and tty2 you can use to gain a commandline, tty4 is where you can see output like what commands are currently being executed to produce whats on the first terminal19:13
geniitty3, rather19:13
drabgenii: ok,thanks, I'll try to look at that output and see if I can recognize a question. Is there an obvious link between what shows on screen and a preseed option?19:23
geniidrab: It should actually be showing you something like the actual d-i command which is currently running19:24
zulcoreycb: updating openstack cruft in universe19:48
rharperdannf: hey,  testing out the smbios paramters in qemu-system-aarch64;  can you test passing in '-smbios type=1,manufacturer="Foobar"` and then in the booted image see if this shows up in /sys/class/dmi/id/*  ?20:02
dannfrharper: checking..20:09
dannfrharper: $ sudo grep -ir Foobar /sys/class/dmi20:13
dannf$20:13
rharpermodprobe sysfs_dmi ?20:14
rharperalso, dmidecode20:14
rharperI was on an arm64 cloud (beisner had one) which had /sys/class/dmi/* populated, Xenial image IIRC20:15
dannfrharper: it is populated20:15
dannfrharper: there just isn't any file that contains that string20:15
rharperok, that was what I saw as well20:15
rharperso smbios on qemu aarch64 isn't working20:15
rharper=(20:15
rharperbut it should be =)20:15
dannfrharper: however, iirc, ARM may rely on a newer version of the spec20:15
rharperwas going to file a bug and have someone look at fixing qemu20:15
dannfmaybe type needs to be updated?20:15
rharpernot sure20:15
rharperbut it's been in qemu for almost 2 years20:16
dannflemme dig up a bug...20:16
rharpercool20:16
rharperdannf: the goal here is to have openstack nova pass the OpenStack Nova product name into the guest so cloud-init can know it's on an OpenStack cloud and do the right thing with datasources20:16
dannfrharper: i don't think the bug i was looking at is relevant. yeah, doesn't seem to work.20:20
rharperok20:20
rharperit's likely regressed; I suspect that some thigns work20:20
rharperfor example, -uuid still works20:20
dannf1:2.6.1+dfsg-0ubuntu820:20
rharperbut other stuff doesn't20:20
rharperdannf: if you file a new bug, can you add me to it?  or do you want me to file one right now?20:48
dannfrharper: i'd say go for it, but feel free to subscribe me in case upstream needs a quick test20:51
rharperdannf: ok20:52
=== Grapes is now known as Guest63940
bluekinganyone into lacp/bonding ?21:32
bluekingjust wonder what mode I should choose21:32
=== Guest63940 is now known as Gr8pes
rharperdannf: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/166234522:06
ubottuLaunchpad bug 1662345 in qemu (Ubuntu) "smbios parameter settings not visible in guest" [Undecided,New]22:06
dannfrharper: cool22:08
drabblueking: fwiw I've just put in a quad port nic into my machine and will get to that question shortly22:14
sarnolddoesn't it boil down to the question, why do you want it? redundancy or throughput?22:15
bluekingthroughput...22:33
drabstill afail it's not as easy as x $num_of_nics22:41
drabthat's not how LCAP works22:41
drabI've been reading around and to achieve that sort of multiplier ppl seem to have done weird shenanigans with vlans etc22:41
sarnoldreally? I haven't seen any vlan shenanigans22:45
sarnoldbut if you've only got two computers involved and use only say two tcp connections between them, there's a 50% chance both connections will be sent over the same NIC..22:45
patdk-wklacp doesn't give you throughput, only redundency22:46
patdk-wkto get throughput with lacp requires a LOT of clients22:47
patdk-wkif you want throughput, you need to use roundrobin, not lacp, and switches don't like roundrobin22:47
sarnoldthey don't? oh :/22:47
sarnoldI've always been under the impression there were three types available: active/passive, hash-based, and round-robin, and I've always had the impression that round robin was more expensive than hash, so no one used RR...22:50
drabI was aware that switches didn't like RR tho, but yeah, that was my impression too, lcap in the end doesn't really give you tput22:52
drabespecially not for a single connection, which is what most people think of when wanting to use bonding22:53
drabie cp a large file over nfs or something22:53
drabs/was aware/wasn't aware/22:53
sarnoldyeah, "but it could do two of those at once" is often little solace when you're waiting forever for a file copy to finish :)22:54
patdk-wksarnold, there are like 6 or 7 types22:58
patdk-wkrr is the best, but it only works on DIRECT links, server to server22:58
patdk-wkI use it for my HA links22:58
patdk-wkactive/backup is fine if you just need simple failover and have simple switches or something22:59
patdk-wklacp (hash) works good if you have a switch that does lacp also, but getting > single port speed is not a goal of lacp22:59
patdk-wknow, the other two tlb and alb where made to get >single port speeds, but they require the switch and the client machines to behave with it23:00
patdk-wktlb normally works, and does so by sending packets out multible links in a round-robin type way, but receiving only on a single link23:00
sarnoldo_O23:01
sarnoldthat sounds crazy23:01
patdk-wkthe issue is, it uses multible mac addresses to send, and some clients that gets confusing (mac based auth checks)23:01
sarnoldheh23:01
patdk-wkso while it worked great for *normal* things23:01
patdk-wkI could not login to my network switch using that link23:01
patdk-wkcause it would verify the source mac was the same as the user logged in on23:01
sarnoldhah23:02
sarnoldthat even sounds like a good idea on the face of it..23:02
patdk-wkalb takes it a step more, and spoofs the arp to the clients to balance incoming traffic23:02
sarnoldall this sounds like compelling reasons to just buy nicer hardware23:02
patdk-wklacp can load balance from the hash sure23:03
patdk-wkbut it's VERY hard to maintain that balance and to balance it, unless you have a LOT of clients23:03
patdk-wkso for a home, lacp won't do crap for you23:03
patdk-wkunless you just want a more advanced active/backup23:03
sarnoldhow does it help with backup?23:03
sarnolddoes it automatically re-do the hashing alg if a link goes down?23:04
patdk-wkyes23:04
sarnoldalright that's friendly enough23:05
patdk-wkas long as you don't setup a static lacp, static lacp uses any active port, if it's plugged into a lacp configured thing or not23:05
patdk-wkdynamic lacp will use what is configured on the other side for lacp only23:05
patdk-wkso if you plug in your laptop into a server lacp configed port by accident, everything doesn't go nuts23:05
sarnoldbut then you're trusting lacp to dtrt -- does it? :)23:06
patdk-wkit should, it's simple23:06
patdk-wkif not, your switch has issues23:06
sarnoldyay23:06
sarnoldhehe23:06
patdk-wkreminds me of my netgear switch, that send broadcast packets across every vlan23:06
sarnoldwhich returns to "buy nicer hardware"23:07
sarnold"you asked for broadcast"23:07
patdk-wkbut I marked a vlan tag on it, not ALL vlans23:07
patdk-wkthat caused some fun tcpdumps23:07
Pinkamena_DI just closed a server image but I want it to appear mostly unused, is there any semi automated way to remove all of the log files?23:14
Pinkamena_Dcloned*23:14
sarnoldPinkamena_D: try this on something unimportant first: for f in /var/log/* ; do > $f ; done23:15
Pinkamena_Dso that looks like it would just truncate all of the files under /var/log ... does it do subdirectories too?23:17
sarnoldno, just those files23:17
sarnoldyou could add /var/log/*/* if you wanted files in the subdirs23:17
Pinkamena_DI guess that should be good enough23:18
Pinkamena_Dthanks!23:18
=== jerrcs- is now known as jerrcs
=== lfrlucas_ is now known as lfrlucas
=== magicalChicken_ is now known as magicalChicken
=== v12aml_ is now known as v12aml
=== not_phunyguy is now known as phunyguy
=== arlen_ is now known as arlen
=== Dmitrii-Sh_ is now known as Dmitrii-Sh
=== petevg_ is now known as petevg
=== fyxim_ is now known as fyxim
=== wolsen_ is now known as wolsen
=== cargonza_ is now known as cargonza
=== AndyWojo_ is now known as AndyWojo
=== DalekSec_ is now known as DalekSec

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!