Neo4 | why know what is DNS server? I've read about BIND if I install it what I'll get? | 00:17 |
---|---|---|
genii | Headaches | 00:18 |
sarnold | Neo4: there's three types of DNS servers: authoritative, recursive, and forwarding | 00:18 |
sarnold | genii: lol +1 | 00:18 |
Neo4 | what does do DNS server? it return IP of servers | 00:18 |
sarnold | Neo4: an authoritative server knows the IPs and names of specific services and so on | 00:19 |
genii | Neo4: Basically, yes. | 00:19 |
sarnold | Neo4: a recursive server knows how to start from the "root nameservers" and query each hierarchy of name servers to find an eventual answer to a question | 00:19 |
Neo4 | sarnold: ok | 00:19 |
sarnold | Neo4: forwarding nameservers do not know how to query the roots, they just forward the question on "to the next nameserver", which *will* know how to answer the question | 00:19 |
Neo4 | in general what shall I get? | 00:19 |
sarnold | Neo4: so which types of DNS server you need to run depend upon what services you want to offer | 00:20 |
sarnold | Neo4: if you have clients on a LAN that want to look up hostnames like www.yandex.ru, then you would probably want to run a recursive or a forwarding server for your clients | 00:20 |
Neo4 | I will able put any domains to my DNS server? something like ns.my_fqdn | 00:20 |
sarnold | Neo4: if you want to provide services to the world with your own names, you could run an authoritative server | 00:21 |
Neo4 | sarnold: I needn't any ) | 00:21 |
sarnold | yes | 00:21 |
Neo4 | just curious | 00:21 |
sarnold | if you want to run your own name servers, you would register your name servers with your registrar ("glue records") | 00:21 |
sarnold | Neo4: I strongly recommend powerdns instead of bind | 00:22 |
sarnold | Neo4: other popular choices are knot and unbound | 00:22 |
Neo4 | sarnold: I want for test run one on digital ocean and overview all possibilities and settings ) | 00:22 |
sarnold | Neo4: if you set up a recursive server DO NOT MAKE IT PUBLIC | 00:23 |
Neo4 | on digital ocean popular BIND | 00:23 |
sarnold | bind was the first and still very popular | 00:23 |
sarnold | but they mix auth and recursive which has shown to be very dangerous | 00:23 |
sarnold | i've read both bind and powerdns sources and I know which one I'd rather run :) | 00:24 |
genii | unbound is fairly decent | 00:24 |
sdeziel | I concur, unbound is an excellent recursor | 00:24 |
sdeziel | I have yet to try powerdns but I think sarnold just convinced me ;) | 00:25 |
Neo4 | if I have my own DNS somewhere I can bind there domainname and ip address from digitalocean and not use a cname and other from digitalocean panel? | 00:26 |
sarnold | powerdns folks also make a dns proxy, dnsdist -- during a recent round of dns DDOS attacks, folks with bind servers were able to servive by plopping dnsdist services in front | 00:26 |
Neo4 | it might be this functionality is DNS | 00:26 |
Neo4 | badly understand this notions | 00:27 |
sarnold | Neo4: you need to get IPs and IP routing from somewhere.. | 00:27 |
* mason is a staunch BIND fan. Goes with the whole dinosaur thing. BIND and Sendmail forever! | 00:32 | |
sarnold | mason: let me guess, *real* sendmail, no m4 for you? :) | 00:32 |
mason | No, I'm an M4 fan. In fact, I've had two customer issues come up recently where I got to spread the Sendmail love. | 00:32 |
sarnold | hehe, that's greatdnl | 00:33 |
mason | hah | 00:35 |
nacc | rbasak: hrm, did you not see this? https://paste.ubuntu.com/26455183/ | 00:39 |
nacc | rbasak: makes the gpgv stuff ... unclear how to use. The manpage implies 2 is a fatal error | 00:39 |
hashwagon | On 16.04 the man page for unattended-upgrade says /etc/cron.daily/apt initiates the upgrade process. Anyone know why /etc/cron.daily/apt isn't generating for me? Has anyone else seen this? | 00:43 |
rbasak | nacc: I didn't see that in my testing. Perhaps you're using an older series than I di? | 00:53 |
rbasak | nacc: if so it's still a valid problem though. | 00:53 |
rbasak | Might be able to work around by providing the DSA public key too | 00:54 |
sarnold | hashwagon: looks like it's a systemd timer thing now | 00:55 |
sarnold | hashwagon: check out systemctl cat apt-daily-upgrade.service | 00:55 |
genii | sarnold: What's wrong with real sendmail? It's simple and efficient! | 01:13 |
sarnold | genii: "simple"? :) this is the first I've ever heard that word used with sendmail :) | 01:15 |
mason | Monolithic, single binary, single process. Few moving parts. | 01:15 |
mason | That it's self-aware is incidental. | 01:15 |
sarnold | hehe | 01:17 |
rbasak | sendmail.cf contains enough moving parts to make up for that. | 01:49 |
MJCD | hey y'all, I want to set up bind or dnsmasq or some such thing | 04:16 |
MJCD | and I want it to act as a dns cache | 04:16 |
MJCD | which just looks up non-cached or out of TTL type thing | 04:17 |
mason | MJCD: I like unbound for that sort of role. | 04:20 |
nacc | rbasak: i was checking xenial-updates as a random test on bionic | 04:23 |
nacc | rbasak: is the DSA public key available via a different keyring? | 04:24 |
MJCD | mason, oooh | 04:24 |
MJCD | let me google that | 04:24 |
MJCD | ohhhh | 04:25 |
MJCD | this looks great | 04:25 |
MJCD | and its recursive | 04:25 |
MJCD | yeah mason this is exactly perfect | 04:29 |
MJCD | I can set upto 4 forward-addr | 04:29 |
MJCD | which by default is already google dns | 04:30 |
MJCD | brilliant | 04:30 |
mason | MJCD: Good, glad you like it! | 04:30 |
MJCD | thanks so much | 04:30 |
MJCD | see y'all soon | 04:30 |
mason | o/ | 04:30 |
nacc | rbasak: oh i see what i was doing wrong, i need to pass all the keyrings | 04:32 |
gibking | hi guys | 06:09 |
gibking | i'm struggling with dhclient/ipv6 and wonder if i hit a bug or not | 06:09 |
gibking | DHCP Client System: trusty server, 4.4.0-111-generic, isc-dhcp-client 4.2.4-7ubuntu12.10 | 06:10 |
gibking | host gets ip6 addr normally: "ip a s" inet6 2003:.../128 scope global valid_lft forever preferred_lft forever | 06:10 |
gibking | but after some time (probably has something to do with lease-time?) the ip becommed depreffered | 06:10 |
gibking | preferred_lft is set to zero and in syslog i can see: dhclient: PRC: Address 2003:... depreferred | 06:10 |
gibking | but this does also happen on 16.04 server | 06:10 |
gibking | this is why i am not sure if its a bug or "working as designed" | 06:11 |
gibking | does anybody know whats happening there? | 06:11 |
gibking | RAs are beeing sent from the firewall and routes are refreshed normally. | 06:12 |
Shmam | Hi, I'm trying to get crontab to work. I have the following: `@reboot and inside of run, there is a bash script with `#!/bin/bash and then it cds into a dir and starts a nodejs script. But it doesnt work for some reason. If I try to do `/home/sam/Documents/repo/run` as a regular user, it works fine. | 06:22 |
cpaelzer | thanks nacc for the importer reset, AFAIK the missing versions were much older but I'll report next time I see something | 06:46 |
lordievader | Good morning | 07:21 |
cpaelzer | good morning | 07:39 |
lordievader | Hey cpaelzer | 08:12 |
lordievader | How are you doing? | 08:12 |
cpaelzer | hi lordievader, doing good for now | 08:22 |
cpaelzer | as soon as all I work on is built I'll face the wall of errors that I expect :-) | 08:22 |
disposable2 | i have a LXD profile that had limits.memory.swap set to false. I've changed that to true. do i need to restart my containers for that setting to have any effect? | 08:53 |
cpaelzer | you can check if it directly applied via lxc config get <container> limits.memory.swap | 09:03 |
cpaelzer | I pinged a few friends who should know the answer about the restart | 09:04 |
cpaelzer | hopefully one shows up in a bit | 09:04 |
cpaelzer | disposable2: ^^ | 09:04 |
disposable2 | cpaelzer: thank you. i had tried the lxc config get before i asked but it doesn't return anything | 09:05 |
disposable2 | only an empty line | 09:05 |
cpaelzer | for me as well, as soon as I set something it obviously retruns what I set | 09:05 |
cpaelzer | I wonder what it tweaks in cgroups - is it only per continaer swappiness? | 09:07 |
cpaelzer | if so that would eb easy to check | 09:07 |
cpaelzer | disposable2: yes that is it | 09:08 |
cpaelzer | what is your /sys/fs/cgroup/memory/lxc/<container>/memory.swappiness | 09:08 |
cpaelzer | switching this off/on seems to swicth that between 0 and 50 | 09:09 |
cpaelzer | so once you edited your profile from false to true, check if the value changed from 0 to 50 | 09:09 |
cpaelzer | disposable2: ^^ | 09:09 |
disposable2 | cpaelzer: well, now that i've set it manually for all my containers, it says 50 for all the containers | 09:10 |
cpaelzer | which is the value for "true" | 09:10 |
disposable2 | cpaelzer: yet, the ram is almost completely full and no swapping is happening. the host machine has vm.swappiness=60. hmmmmmm | 09:11 |
cpaelzer | that is the global default value | 09:11 |
cpaelzer | disposable2: and it will still swap only what it considers rather inactive | 09:11 |
cpaelzer | if you e.g. have cold page cache that will be dropped first | 09:11 |
cpaelzer | disposable2: if this is not your prod machine you can check if/when it would swap by using a mem eater keeping his memory hot and slowly increasing its size | 09:12 |
disposable2 | cpaelzer: thank you for taking the time | 09:13 |
cpaelzer | stress-ng --vm-keep --vm 1 --vm-bytes can do that for you | 09:13 |
cpaelzer | I had my share of fun with swap in the past and experience sharing is part of the open source spriti right :-) | 09:14 |
soahccc | What would be the most sensible way to permanently change CPU scale governor? I found multiple ways: udev rule, sysfsutils (can't I use sysctl?) or just dump it into rc.local? | 11:23 |
ahasenack | xnox: hi, about my ping yesterday about ocfs2-tools on s390x | 11:30 |
ahasenack | xnox: I have an ocfs2-tools ftbfs upload stuck in excuses because the s390x tests fail. You filed https://github.com/markfasheh/ocfs2-tools/issues/22 | 11:32 |
ahasenack | I mean, my upload fixes the ftbfs :) | 11:35 |
soahccc | I fixed my problem, turns out it was supposed to be on "ondemand" but system only has performance/powersave and it choose powersave as fallback | 11:35 |
soahccc | But on the topic of that: who defines these scaling governors? system or cpu? | 11:43 |
ahasenack | soahccc: have you tried cpufrequtils? (Sorry, didn't get the whole context) | 11:46 |
ahasenack | and/or cpufreqd | 11:46 |
soahccc | ahasenack: yea it's cpufrequtils (included in the image from the hoster) but they have ondemand in there but the new CPUs in our new servers don't have that | 11:47 |
ahasenack | and cpufreqd? Can't you chose a governor there and it will set it every time it starts, i.e., at every reboot? | 11:48 |
ahasenack | that being said, my artful system has this: | 11:49 |
ahasenack | /lib/systemd/system/ondemand.service:ExecStart=/lib/systemd/set-cpufreq | 11:49 |
soahccc | there is no cpufreqd but I edited (and found it) in /etc/default/cpufrequtils | 11:49 |
ahasenack | which runs /lib/systemd/set-cpufreq | 11:50 |
soahccc | curiously there is a service "ondemand" which I guess should set governor to ondemand, no idea if I need that service for anything now | 11:50 |
ahasenack | do you have that systemd file above? | 11:50 |
ahasenack | maybe debug it, because it looks like it tries to do the right thing | 11:50 |
ahasenack | FIRSTCPU=`cut -f1 -d- /sys/devices/system/cpu/online` | 11:51 |
ahasenack | AVAILABLE="/sys/devices/system/cpu/cpu$FIRSTCPU/cpufreq/scaling_available_governors" | 11:51 |
ahasenack | check what you get for $AVAILABLE | 11:51 |
ahasenack | I have: | 11:51 |
ahasenack | $ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors | 11:51 |
ahasenack | performance powersave | 11:51 |
ahasenack | in a laptop, of course | 11:51 |
soahccc | I don't have both of these files | 11:52 |
ahasenack | not even the /sys/devices/system/cpu/..... one? | 11:52 |
soahccc | and sys reports only two governors | 11:52 |
ahasenack | is this xenial or what? | 11:53 |
soahccc | performance and powersave (same as cpufreq-info says), xenial yes | 11:53 |
soahccc | https://gist.github.com/2called-chaos/03263073f6d3ab83a9b9f72ee4a244f1 | 11:53 |
ahasenack | in xenial you have /etc/init.d/ondemand? | 11:53 |
soahccc | yes, that's there | 11:54 |
ahasenack | it's similar code | 11:54 |
ahasenack | that is what is setting your governor | 11:54 |
ahasenack | you need it to be set to performance? | 11:55 |
soahccc | ahasenack: I assume it uses /etc/default/cpufreqinfo no? Because it was set to ondemand there and I guess it defaulted to powersave? | 11:55 |
ahasenack | it does not | 11:55 |
ahasenack | look at the script, it does not read /etc/default/cpufreqinfo | 11:56 |
ahasenack | /etc/default/cpufreqinfo must come from another package | 11:56 |
soahccc | ahasenack: yeah and it has a comment in the file that it's from the hoster's installimage | 11:56 |
soahccc | I haven't restarted the machine yet (I set it to performance manually) but here's where I changed it to performance: https://gist.github.com/2called-chaos/457ee50f08df3a1b25059bedb80ba234 | 11:57 |
ahasenack | I don't see a way in that /etc/init.d/ondemand script for it to set the governor to performance | 11:57 |
ahasenack | it's either interactive, ondemand, or powersave. If your system supports neither, it exits without touching the governor | 11:57 |
soahccc | I restarted ondemand service and it didn't change back | 11:58 |
ahasenack | which package profides that file? dpkg -S /etc/default/cpufrequtils | 11:58 |
ahasenack | provides* | 11:58 |
ahasenack | and then check if the package has an initscript or something like that, with dpkg -L <name> | 11:58 |
soahccc | no path found matching pattern /etc/default/cpufrequtils | 11:59 |
soahccc | but I guess it's from cpufrequtils (same name) | 11:59 |
ahasenack | makes sense | 11:59 |
soahccc | i cpufrequtils - utilities to deal with the cpufreq Linux kernel feature | 11:59 |
ahasenack | look for an initscript in it | 11:59 |
ahasenack | and then check if it reads /etc/default/cpufreqinfo | 11:59 |
ahasenack | or just do grep /etc/default/cpufreqinfo /etc/init.d/* | 11:59 |
ahasenack | could also be an upstart job. Then do grep /etc/default/cpufreqinfo /etc/init/* | 12:00 |
ahasenack | and /lib/systemd/system/* for systemd | 12:00 |
soahccc | yeah there is and it does :) mystery solved (no idea why ondemand is there though) | 12:00 |
ahasenack | then that initscript should set it | 12:00 |
ahasenack | the only other possible problem is if it comes before the ondemand initscript, as the ondemand one could override the changes | 12:01 |
soahccc | I think the ondemand service is broken, the script reads AVAILABLE and DOWN_FACTOR variables, the latter doesn't exist | 12:03 |
soahccc | But do I even need that service if there is apparently a different service doing the same thing? | 12:04 |
ahasenack | it's part of the initscripts package, so you can't just remove it | 12:05 |
ahasenack | you can disable it | 12:05 |
ahasenack | if your cpufrequtils one comes after, though, there is no harm in keeping both | 12:05 |
soahccc | ahasenack: haha these fools, they misspelled "govenor" variable, their script wouldn't do shit even if I had ondemand | 12:22 |
ahasenack | which script? From ubuntu, or from your provider? | 12:22 |
soahccc | from the provider :D | 12:22 |
ahasenack | heh | 12:22 |
ahasenack | well, mistakes happen | 12:23 |
ahasenack | I'm glad you found out :) | 12:23 |
soahccc | took us 2 weeks actually. we ordered new servers and our page got slower. we were like "okay, microcode update, PTI and slightly worse single core performance"... yesterday I imported 500 million records and the page was faster and we were like ._. | 12:24 |
ahasenack | rbasak: hi, could you please (re)import gvfs into git? It's stale: bionic has 1.34.1-1ubuntu4, ubuntu/devel is at 1.32.1-0ubuntu1, and there is no bionic branch | 12:41 |
rbasak | ahasenack: running | 12:46 |
rbasak | We concluded that the importer had been stuck a while. | 12:46 |
ahasenack | rbasak: when it breaks like that, it's really stuck, or crashed? | 12:47 |
rbasak | I think Nish restarted it yesterday, but that's why it's behind on so many packages. | 12:47 |
ahasenack | a crashing importer is easier to handle than a stuck one | 12:47 |
rbasak | It hangs on talking to Launchpad | 12:47 |
ahasenack | mh | 12:47 |
rbasak | I think Nish also filed a bug to investigate where we need to fix the timeouts | 12:47 |
ahasenack | yes | 12:47 |
rbasak | I think it's within launchpadlib somewhere | 12:47 |
ahasenack | https://bugs.launchpad.net/usd-importer/+bug/1745211 | 12:47 |
ubottu | Launchpad bug 1745211 in usd-importer "launchpad outages hang the importer and scripts calling into launchpadlib" [Undecided,New] | 12:47 |
ahasenack | cpaelzer just pointed me at it | 12:48 |
cpaelzer | at least our answers are in sync | 12:48 |
eoli3n | any help on this would be very appreciated -> https://unix.stackexchange.com/questions/419104/what-is-partuuid-from-blkid-when-using-msdos-partition-table/419116#419116 | 13:02 |
eoli3n | please look at my comment of the answer | 13:02 |
eoli3n | i'm trying to kickstart install without breaking existing win7 install | 13:03 |
eoli3n | i'm not a end user, i need it as deploy tool | 13:03 |
eoli3n | without any manual intervention | 13:03 |
boxrick | I have had a few minor situations where 'atftp' package dies. Normally I would just use systemd and make sure the mode is restarted, or in the past used something like monit / runit to make sure the service stays up. So in the case of atftp it has an init.d script which is absorbed by systemd and ran. I would normally replace this, but is there a way of extending the option. So I can add a parameter like restart | 13:05 |
boxrick | always ? | 13:05 |
boxrick | Like a systemd extends for example | 13:05 |
Odd_Bloke | boxrick: Is https://askubuntu.com/questions/659267/how-do-i-override-or-configure-systemd-services what you're looking for? | 14:04 |
coreycb | jamespage: i got started on b3 deps for queens. here's the list of what remains: https://paste.ubuntu.com/26459041/ . i still have a few i'm wrapping up that aren't in that list. | 15:40 |
ahasenack | Nivex: hi, autofs uploaded to bionic :) | 16:09 |
Nivex | rock on! | 16:09 |
Nivex | You want another easy one? :) | 16:10 |
ahasenack | sure | 16:12 |
Nivex | https://bugs.launchpad.net/ubuntu/+source/partman-iscsi/+bug/1641656 | 16:12 |
ubottu | Launchpad bug 1641656 in partman-iscsi (Ubuntu) "initramfs parameters invalid for IPv6 portal" [Undecided,New] | 16:12 |
nacc | rbasak: sorry, i've been afk on nhouse stuff; did you want to sync today still? | 18:41 |
rbasak | nacc: I'm tied up this evening now, sorry (not you - the team meeting running over and then hit my EOD) | 18:49 |
nacc | rbasak: totally fine; i did get one test written that ensures we are using the right URL for the Release -> Sources lookup | 18:50 |
nacc | rbasak: i'll see if the scripts are dtrt, and i'll put up a MP for you to look at and we can discuss further tests from there | 18:50 |
=== devil is now known as Guest81887 | ||
sdeziel | is there a way to ask systemd to sanity check a given unit? | 22:45 |
nacc | sdeziel: systemd-analyze verify <FILE> ? | 22:46 |
nacc | sdeziel: per https://github.com/systemd/systemd/issues/3677 | 22:46 |
nacc | sdeziel: not sure how far you want the sanity checked :) | 22:47 |
sdeziel | nacc: I'm looking for a tool that will sanity check a unit and any override snippets it may have | 22:47 |
nacc | sdeziel: the above will only check the syntax, afaik | 22:47 |
sdeziel | nacc: indeed and it doesn't check the $foo.service.d directories either | 22:49 |
sdeziel | thanks anyway, I'll keep digging the various man pages | 22:49 |
sarnold | ship it all to another system and try? | 22:49 |
sdeziel | sarnold: I'm cooking a puppet module to let one drop some override snippets then trigger a service restart. The sanity check is to avoid the foot gun ;) | 22:50 |
sarnold | puppet step number one .. spin up a new server somewhere .. | 22:51 |
sarnold | hehe | 22:51 |
sdeziel | https://memegenerator.net/instance/55819969/chuck-norris-meme-testing-is-for-wimps-real-men-test-in-production | 22:52 |
sarnold | :) | 22:53 |
Nivex | http://i1.wp.com/agilescout.com/wp-content/uploads/2012/05/i-dont-test-my-code.jpg | 22:54 |
sdeziel | wow, someone loved it enough to create this https://www.idontalwaystestmycode.com/ | 22:56 |
patdk-lap | I didn't know there was another way to test code | 23:04 |
sdeziel | "systemctl daemon-reload" will catch any typo in the unit but it's then too late and the bad file will be deployed | 23:06 |
ahasenack | nacc: I submitted https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888463 to debian | 23:19 |
ubottu | Debian bug 888463 in bind9utils "bind9utils: missing python3-ply dependency for python scripts" [Normal,Open] | 23:19 |
ahasenack | tomorrow I might check what's really going on: why debhelper didn't catch that | 23:20 |
nacc | ahasenack: what fille specifies ot upstream (e.g. requirements.txt) that ply should be used? | 23:23 |
nacc | ahasenack: it should be generated by python3:depends, aiui | 23:26 |
ahasenack | yeah, but it's not working. Not in ubuntu, nor in debian sid | 23:27 |
ahasenack | something with bind's build system probably | 23:27 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!