/srv/irclogs.ubuntu.com/2017/03/30/#ubuntu-server.txt

drabon a diff topic, anybody around running zfs root on ubuntu-server?00:02
drabit seemed not recommended/experimental, but I'm seeing more articles/ppl saying it works, just can't tell how stable/trustworthy it is00:03
sarnoldone of our users put this together https://github.com/zfsonlinux/zfs/wiki/Ubuntu-16.04-Root-on-ZFS00:03
drabsarnold: yeah I had seen that one and that was my definition of "experimental" :)00:05
sarnold:)00:05
undriedseaAny iptables gurus out there?00:21
undriedseaI am trying to figure out what I am doing wrong...00:21
undriedseaiptables -t raw -A PREROUTING -i $IFACE -p tcp --dport 80 -m tcp -j CT --notrack00:21
undriedseaiptables -A INPUT -i $IFACE -p tcp --dport 80 -m tcp -j ACCEPT00:21
undriedseaiptables -t raw -A OUTPUT -o $IFACE -p tcp --sport 80 -m tcp -j CT --notrack00:21
undriedsea^ This rule set doesn't seem to be opening up TCP:30 (stateless fw)00:22
drabundriedsea: you mean tcp:80?00:53
undriedseayea, long day :)00:53
drabk, just checking, been there myself :)00:53
drabis the pkt supposed to be destinated for the box the rule is on?00:53
drabundriedsea: and I assume you tcpdump'ed and can see the pkt making it there, yes?00:56
drabdoes it get dropped?00:56
undriedseacorrect, I see it come in00:58
undriedsea17:58:15.347645 IP XXXXX > YYYYYY.http: Flags [S], seq 1806319247, win 27320, options [mss 1366,sackOK,TS val 9381349 ecr 0,nop,wscale 7], length 000:58
drabundriedsea: and do you see that getting dropped?00:59
drabare you using any LOG staments anywhere by any chance?00:59
undriedseaNo00:59
undriedseaLet me google how to do that01:00
drabalso what's in CT? maybe it gets dropped there?01:00
drabalso why are you messing with raw and NOTRACK? are you trying to optimize a fw in front of a hosting web server?01:00
drabundriedsea: also fwiw I don't recall a --notrack, are you use that's working01:08
drabundriedsea: I don't use it so can't claim any experience with it, but from memory/some reading iirc you use it with -t raw -j NOTRACK01:08
undriedseayeah, I think I just figured it out, the accept in prerouting wasn't enough, I needed a normal accept too01:08
drab-j CT --notrack looks odd to me01:09
draboh ok, fair enough01:09
undriedsea -j NOTRACK is deprecated01:09
undriedsea-j CT --notrack is the new syntax01:09
drabah, well, like I said, been a while :)01:09
undriedseano worries01:09
drabgood to know, thank you, always learn something01:09
undriedseaindeed01:09
drabso is CT some new built in table? it doesn't exist in my list of tables in man iptables (on a latest ubuntu xenial)01:10
azidhaka__hi! when using canonical's kernel livepatch service, do i still need to do apt-get dist-upgrade to update the kernel a new one is released?05:56
cpaelzerazidhaka__: the livepatch helps you to get over the most critical issues without a unplanned outage06:03
cpaelzerazidhaka__: but you'll still have planned outages to update06:03
cpaelzerazidhaka__: by the way live patchign works in general not all issues are fixable by it, so an update/restart according to your policy is still required06:04
cpaelzerazidhaka__: but maintaining a good SLA with less unplanned outages is a huge win for security and uptime06:04
azidhaka__cpaelzer: so, i should run the typical update, upgrade, dist-upgrade and still reboot on my terms?06:05
cpaelzerazidhaka__: yes06:06
azidhaka__cpaelzer: thank you06:06
lordievaderGood morning.06:09
cpaelzerhi lordievader06:09
cpaelzerlordievader: how are you today?06:09
lordievaderDoing good. How are you, cpaelzer06:10
cpaelzerfighting the bug flood :-)06:11
lordievaderGood luck ;)06:11
lordievaderThey never stop coming...06:11
cpaelzerby design, since by applying iteration every software can be written as one broken line of code06:12
cpaelzer1. every software can be shrinked by a line06:13
cpaelzer2. every software has a bug06:13
cpaelzer3. iterate06:13
cpaelzerI wonder if #1 makes it "no line of code" eventually and that is broken by not doing anytihng ... hmm06:13
lordievaderThat would be interesting, I guess the bug 'it doesn't work holds true' if a program is zero lines of code.06:14
maswanis this meant to be missing? https://cloud-images.ubuntu.com/releases/16.04/release  - the link to latest release?07:08
lordievadermaswan: Guess something was forgotten, I guess you want: https://cloud-images.ubuntu.com/releases/16.04/release-20170307/07:19
maswanhm. actually, let me take this to the vanguard of -mirror, that's probably the appropriate place07:29
maswanlordievader: yes, but that's significantly harder to script against. :)07:30
lordievaderTrue...07:38
cpaelzerbeisner: hiho on bug 1664737 are you sure UCA-N has the yakkety binaries?08:02
ubottubug 1664737 in libvirt (Ubuntu) "[ARM] : Unable to use Cinder volumes on ARM " [Undecided,Incomplete] https://launchpad.net/bugs/166473708:02
cpaelzerbeisner: I thought not and a quick check did not bring in libvirt/qemu from Y, see http://paste.ubuntu.com/24279676/08:03
=== TafThorne is now known as TafT
=== TafT is now known as ThoAntFraTho
=== ThoAntFraTho is now known as TafThorne
=== TafThorne is now known as ThoAntFraTho
=== ThoAntFraTho is now known as TafThorne
kol65hi guys, any chance of not needing to boot a server twice a week?11:50
ikonia?11:51
kol65updates, webserver, needing reboot11:51
kol6514.0411:51
ikoniawhat updates need reboots11:52
maswanCanonical's livepatch11:52
ikoniashould really only be libc and the kenel11:52
maswanoh, lots of them11:52
ikoniareally ?11:52
ikoniawhat other than libc and the kernel is needing an update11:52
maswanyeah, libc and kernel11:52
maswanand since kernel is a couple of reboots per month..11:52
kol65*what was todays?11:52
ikoniaI'm sure there are others, but they should be edge cases11:52
blackflowdbus :)11:52
maswanbut since kernels are the the frequent cause, livepatch is the solution11:52
kol65does get a bit much, my centos servers are like once every 3 months11:53
ikoniakol65: what updates are causing you to need reboots so much though ?11:53
kol65thought kern 4 was going to sort this out11:53
kol65ikonia:  kernel  etc etc11:53
ikoniahow would kernel version 4 change the update pattern11:53
kol65regressions11:53
ikoniakol65: etc etc...no sorry11:53
kol65ok11:53
ikoniathe kernel and libc are pretty much it11:53
ikoniaand they are not released weekly as you state11:54
ikoniahence why I'm interested what updates are causing you to require reboots as often11:54
kol65like twice this week, hard to get through a week without a reboot11:54
ikoniayou keep saying that11:54
kol65yeah, miffed :)11:54
ikoniabut yet you don't say what is requiring a reboot11:54
ikoniablackflow: nice additional spot with dbus11:54
kol65read the security updates, usually says at the bottom11:55
ikoniacan you give me an example of one11:55
kol65ok11:55
ikonia(please)11:55
kol65one moment11:55
ikoniasorry forgot my manners there for a moment11:55
blackflowwell, according to our logs, we rebooted our 16.04 servers once every 8-12 days due to kernel updates in the past four months.11:56
kol65https://www.ubuntu.com/usn/ there is the one to start with11:56
maswanyeah, once every 8-12 seems right11:56
kol65lets pick them out now11:56
ikoniablackflow: more than it should be - kernel updates shouldn't be that frequent11:56
OerHeks24th libc and today 30th a kernel, no big deal .. don't you have those updates with centos too?11:57
maswan29th, 15th, 7th in march11:57
kol65https://www.ubuntu.com/usn/usn-3247-1/ another do you really want me to continue?11:57
maswanjust kernel updates11:57
maswanon the up side, we get a much better flow of security patches than centos11:58
ikoniakol65: yes please11:58
kol65yeah, security is great11:58
ikoniakol65: as thats a security system inside the kernel11:58
ikoniaso yes, I'd like another please11:58
ikoniaand you maybe could do that without a reboot with a bit of thought, I'm not %100 sure off the top of my head though11:59
kol65when you have loads of servers running Ubuntu and major players as clients is a pain, sry11:59
maswanSometimes I'm a bit miffed on that side when it goes weeks for redhat to make a rhel kernel update for something11:59
blackflowmaswan: yeah, and personally I find it a nice balance between relatively recent kernel and stability updates.11:59
ikoniamore so if you're dealing with major players11:59
ikoniakol65: you should be able to manage that11:59
blackflowmaswan: and then it takes centos even more weeks to merge11:59
maswananyway, for kernel updates, there exists a [non-free] solution12:00
maswanfor rebootless upgrades12:00
blackflowmaswan: it's free for up to few machines12:00
kol65ikonia: you looking for a job, cant go past 25k euro tho ;)12:00
ikoniaI'm not comfortable with live patch as a production ready solution12:00
maswanblackflow: yes, but not Free :)12:00
blackflowand you get to be the beta for paying customers, but hey.... free rebootless upgrades :)12:00
ikoniakol65: not trying to be rude, bu tif it's major players as you say, your infrastructure should be setup to deal with service management12:00
blackflowmaswan: are we talking about the canonical livepatch service? I thought it was free for just a few machines12:01
kol65ikonia: I blagged a bit, but major for me12:01
ikoniasame point12:01
maswanblackflow: Yes, it is12:01
ikoniayou really need to setup your infrastructure and practices to account for updates12:01
kol65rub salt, ty12:02
ikoniasorry, that wasn't the intention12:02
kol65np12:02
ikoniabut it's something you should look at now if this is causing you this level of upset12:02
kol65indeed12:02
ikoniapatching and maintenance is a fact of life and something you should be prepared for12:02
kol65prevention is always better than cure though12:03
blackflowmaswan: oh you meant free as in speech12:04
kol65nah beer12:05
maswanblackflow: yeah. but it is a neat service. been thinking of applying it to some servers at work. but we ended up fixing our applications to the point where we can do downtimeless reboots by means of service migrations instead.12:06
kol65its not the downtime as that is like a minute or so but just having to boot12:07
blackflowmaswan: which also covers for quick recovery in case of failure, so it's a win-win12:07
kol65also you get these fanatics who offer services that crucify you if your server is down at any time12:07
maswanfor our hpc cluster nodes we do it all automatically, the only downside is the draining of jobs until the whole node is free, so we take a hit in throughput12:07
kol65sry anyway but I have this effect on irc12:09
kol65people start to chat12:09
kol65I should charge12:09
kol65and usually around 1 hr I am kicked :)12:10
blackflowlol12:10
kol65its my life12:10
blackflowthe truth is, that kind of industry is very demanding and ungrateful. if you get crucified for any down time, you should then have a setup for that and probably charge it quite a lot. not patronizing, just sharing my own experience in "the industry".12:15
kol65yeah its tough eh12:15
kol65just services like say its bad because you boot a server, its fake news12:16
blackflowfor example our particular use case tolerates such reboots. when it comes to the point that it won't be tolerable, there's always ip based failover, or if you wanna get fancy, virtualization and live migration12:17
kol65nerd :)12:17
maswanhonestly, that was one of our first wins by moving into ganeti for virtualisation of services, VM reboots are much faster than hardware, and hardware reboots done after live migration of all the VMs away from the HW12:17
maswanah, heh. :)12:17
maswanbut 3 seconds of downtime before the webserver starts responding again when you reboot a VM is much nicer than waiting 3 minutes for bios and blaha.12:18
kol65I just do dedicateds, the thought of offering shared hosting fills me with fear12:19
blackflowmaswan: try 5-10 when your setup has to check pxe to see what it should boot into :)12:19
kol65lol this laptop throws up a pxe error, what is it :)12:20
kol65on boot12:20
kol65seems to think its connect by wire by the looks or at least looks for it12:21
blackflowkol65: well, I had a client once who complained I wanted to reboot his machine once or twice a month. I did managed dedicated hosting. Sure, no problem I said, you'll need redundancy and blah blah and oh yeah, your cost would go 10x just on infra, plus additional maintenance costs. he quickly accepted reboots were just fine :)12:21
kol65I dont like to fleece people though12:22
blackflowwasn't fleecing. real cost of setting up failover pairs, additional DNS, monitoring, testing, ...12:22
kol65ty, noted12:23
blackflowI mean, we're talking about going from "here's a baremetal machine and I'll take care of software and updates" to a complete fault tolerant infrastructure12:23
kol65yeah, I do it at too low a rate12:24
blackflowit becomes significant when all these "public clouds" that promise redundancy and what not, start failling because they're not as redundant as advertised. a 5€ VPS at Leaseweb, advertised as fault tolerant, live migration in case of failure etc... was down two weeks because their storage layer failed including its redundancy. it "filled up" and fixing it required datacenter expansion, new12:27
kol65I think its good to under estimate yourself and suddenly realise that your not as thick as you thought12:27
blackflowhardware, experts brought in.  the funny part is it happened TWICE in two year period. one would think they learned the first time it happened.12:27
kol65blackflow: yeah there have been some major fkups etc with the biggest12:28
=== RoyK^ is now known as RoyK_Heime
maswanblackflow: our pxe is fast, but I was optimistic about 3 minutes, we have HP servers, so that's more like 6-7 minutes before they ping13:23
blackflowmaswan: yeah HP machines were what I had in mind :)13:24
=== RoyK^ is now known as RoyK_Heime
=== jjohansen1 is now known as jj-cloaked
beisnercpaelzer, ack you're right13:42
cpaelzerbeisner: thank you a lot - you just scared the hell out of my last SRU activity :-13:43
cpaelzer)13:43
cpaelzerbeisner: might I ask if you have arm boxes in the openstack lab or are those things driven by the HWE Team usually?13:44
beisnercpaelzer, i've got some.  :)  all in use atm but could arrange access next wk if necessary.13:44
cpaelzerbeisner: this was more a generic question than the request to test this particular bug13:45
cpaelzerbeisner: although over time I'd expect some of your Team might end up being the only one with the ressources to track that down13:45
beisnercpaelzer, ah, right.  yep generally-speaking we can work out short-term access to a machine for these type of bugs.13:46
=== jj-cloaked is now known as jjohansen
lucidguyShould I use intel rapid storage fake raid on a linux server, or disable it and manually create my md volumes etc?13:56
lunaphytehi.  i've increased the size of a virtual disk, but the os still sees the old size.  how can i make it see the new size, without rebooting?14:03
lunaphyteah.  echo 1 > /sys/block/sdd/device/rescan14:09
lunaphyteit seems that rescan-scsi-bus doesn't quite rescan as thoroughly as one might expect14:10
nacclunaphyte: i think you wanted the --forcerescan option14:24
nacclunaphyte: ah maybe because rescan-scsi-bus is for rescanning busses  not disks?14:26
lunaphytenacc: yeah, i guess15:00
jbicharbasak: hi, I'm pinging again about LP: #1667195, Sweet5hark is out this week but I believe he was fine with it15:09
ubottuLaunchpad bug 1667195 in mdbtools (Ubuntu) "Drop mdbtools-gmdb from main" [Undecided,New] https://launchpad.net/bugs/166719515:09
jbichahttps://irclogs.ubuntu.com/2017/03/07/%23ubuntu-desktop.html#t16:0415:09
rbasakjbicha: thanks. OK, I'll drop it from the server seed.15:12
* rbasak wonders if that needs an FFe.15:13
jbichathe other last thing that kept gconf and friends in main was emacs25 which finally migrated to zesty (without that dependency)15:14
jbichamy opinion is that since it wasn't shipped but only listed as "supported" that it wouldn't need a FFe15:15
rbasakGood point. It wouldn't make any changes to an image.15:15
rbasakjbicha: there's also supported-sysadmin-desktop: * mdbtools-gmdb15:16
rbasakDoes that impede progress for you?15:16
jbichayes, I think it needs to be unseeded there too to allow gconf, etc. to drop to universe15:18
rbasakI'm less willing to touch a desktop seed :-/15:19
rbasakServer seed changed15:19
* rbasak asks in #ubuntu-desktop15:19
jbichathanks15:20
powersjnacc, I used the server team package list and tried doing a pull-lp-source. Those packages that do not have source in zesty are in that 3rd list15:30
=== cmagina_ is now known as cmagina
faekjarzHey there! How do i set a specific order, in which modules are loaded / probed on boot?15:54
kol65Hi can someone tell me what minimal install means plz?15:58
cpaelzerrbasak: nacc: on sponsoring if one could look at bug 1671767 that would be great15:58
ubottubug 1671767 in asterisk (Ubuntu) "asterisk crashes dialing h264 video sip device" [High,Triaged] https://launchpad.net/bugs/167176715:58
cpaelzerrbasak: nacc: the reporter is very active and I want to encourage by getting that moving, yet I can't upload asterisk on my own16:00
nacccpaelzer: ack, will review today16:00
cpaelzerthanks16:00
kol65bugs eh16:00
kol65errors16:00
rbasakcpaelzer: thank you for following up on that. Add it to your "why I should be MOTU" list please :-)16:01
nacckol65: you don't know what a minimal install is?16:01
kol65nacc:  minimal for what?16:01
ograeverything ?16:01
=== JanC is now known as Guest23500
=== JanC_ is now known as JanC
kol65?16:02
ograit is enough of a system to boot and run the package manager16:02
nacckol65: you asked a question about what minimal install means16:02
nacckol65: i was clarifying if you were literally asking for the definition16:03
kol65ogra:  thanks dude16:03
kol65ogra:  perfect explanation16:03
ogra:)16:03
kol65hehe16:04
kol65just noting that down16:04
kol65so its the basic platform16:04
kol65foundation to build on16:05
kol65are minimal installs strictly regulated?16:07
kol65what is actually in a minimal install?16:08
cpaelzerrbasak: I have already last week16:14
rbasak:)16:14
naccworktoner: echo 1 > /sys/block/<sdwhatever>/device/rescan ?16:53
=== nitemare is now known as trobotham
=== soren_ is now known as soren
ayush1706Hey18:18
ayush1706Anyone used or using kernelcare here?18:18
=== dames is now known as thedac
jgehey all, trying to get a LAMP stack going with PHP 7 and PHP-FPM but for some reason this box is not cooperating and not showing FPM/FastCGI as the API when I do a quick php()info test.18:54
jgeMy steps were pretty much get PHP set up as: sudo apt-get install php php-mysql php-fpm libapache2-mod-fastcgi18:55
jgeenabled the following modules actions fastcgi alias, added a config inside /etc/apache2/conf-available/php7.0-fpm.conf18:55
jgeenabled it with a2enconf restarted apache and fpm and nothing..18:56
jgewhat did I miss!? :(18:56
naccjge: any errors in the logs?19:07
naccjge: and i assume you meant phpinfo(); ?19:09
jgenacc: yes sorry, phpinfo();19:10
naccjge: np, just making sure it wasn't something easy :)19:11
jgeI found it, forgot to disable mod_php :(19:11
naccjge: ah :)19:11
jgeyikes19:11
jgeall good now, thanks19:11
jgeanyone here ever deployed VTiger (CRM) on Ubuntu Server?20:54
bekksjge: whats your actual question besides that poll?20:54
jgebekks: getting an HTTP Error 500, really frustrating as I've already enabled debug logging on apache (which doesn't show anything relevant), PHP is blank (CRM is a php app) and VTiger's internal logging doesn't show anything20:56
naccjge: if you get a 500, apache2's logs will tell you why, typically21:13

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!