sergeantwhile connecting to the mongo shell on an ubuntu server. I am getting this error http://paste.ubuntu.com/p/SS7VBxFdck/. Please help!!!!!!!06:08
lotuspsychjesergeant: please idle a bit here, volunteers might be still waking up ok06:10
sergeantyeah sorry06:12
igordcor going to sleep :(06:17
igordcsergeant, I haven't particularly dealt with mongo much but it looks like it isn't running on that specified port06:18
igordcsergeant, double check the server06:18
sergeanthow do i check that ?06:19
=== cpaelzer__ is now known as cpaelzer
eject_ckAfter installing packages updates on 5 Ubuntu 16.04 servers one wont start (just stuck during kernel boot), https://imgur.com/a/Nukuvk908:20
eject_ckAnybody had such an issue ?08:20
eject_ckhow can I collect details for such probelm?08:22
lotuspsychje!info linux-image-generic xenial08:31
ubottulinux-image-generic (source: linux-meta): Generic Linux kernel image. In component main, is optional. Version (xenial), package size 2 kB, installed size 14 kB08:31
lotuspsychjeeject_ck: did you try booting a previous kernel yet?08:31
eject_ckyes, no luck08:32
eject_ckI tried to boot with dis_ucode_ldr   [X86] Disable the microcode loader. and it worked08:33
eject_ckinteresting now why it caused problems08:33
lotuspsychjeeject_ck: maybe provide us some dpkg logs from the installed updates recently, maybe volunteers can find a link08:34
lordievaderGood morning08:36
eject_cklotuspsychje: where to send ?08:55
lotuspsychje!paste | eject_ck08:55
ubottueject_ck: For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.08:55
lotuspsychjeeject_ck: that seems like a big dpkg list, is that a normal update or did you upgrade or wait long?08:59
eject_cknormal update09:01
eject_ckafter long break09:01
lordievaderYou want the apt history log 😉09:01
lotuspsychjelordievader: he got 5 xenial servers not booting anymore09:02
eject_ckno no09:02
lordievader`/var/log/apt/history.log` to be precise.09:02
eject_ckI got 1 server out of 5 not bootable09:02
lordievader`dpkg -l` just shows what is installed. The apt history log shows what it did, what it updated, installed, etc.09:03
eject_ckadding dis_ucode_ldr to boot options helped to start server09:03
eject_ckthen I ran apt update && initramfs -u09:03
MudchainsGood morning all. I have a old 8.04 ubuntu server with mysql databases on it. I want to setup a new 18.04 server and migrate the databases. Is there any guide lines about scsci controllers and disk design ? I am running VMware Vcenter/ESX 6.509:03
Mudchainshi lotuspsychje ;)09:04
eject_ckthen I downloaded latest microcode from Intel and put it into /var/firmware and restarted09:04
eject_ckit started with no problems09:04
lordievaderMudchains: What you could do is boot a live-usb/iso of 18.04 and check if everything works.09:10
Mudchainslordievader: I am running 18.04 on multiple VM's and they are working fine. They have only a 'old' disk design and scsci controller attached.09:12
MudchainsFor the next VM's I want to make a template :)09:13
lordievaderIf you only have databases on there, wouldn't it be a better idea to setup a new VM with 18.04 install maria-db and transfer the databases to the new VM?09:13
Mudchainslordievader: thats my idea also09:14
Mudchainslordievader : do you have experience with the vmware paravirtual scsci controller and performance?09:17
lordievaderNo, I use kvm/qemu.09:17
Mudchainsah ok :)09:17
lordievaderI try to stay away from vmware 😉09:17
Mudchainswe are running 310+ machines on vmware atm :)09:18
Mudchainsgoogle doesnt say anything about optimized ubuntu templates for vmware unfortunally09:19
=== jelly-home is now known as jelly
=== lotuspsychje_ is now known as lotuspsychje
Mudchainslordievader: the new server is up and running, now the most time taking job..mysql, optimalisation and db migration.. :)09:59
Mudchainslordievader: why choosing maria-db btw?10:17
lordievaderBecause mysql is Oracle now.10:18
lordievaderMaria-db is drop-in replacement.10:18
Mudchainslordievader: thats the only reason? :)10:19
lordievaderFor me it is, but I've moved away from mysql alltogether.10:20
lordievaderA more indepth comparison: https://blog.panoply.io/a-comparative-vmariadb-vs-mysql10:21
Mudchainslordievader: I just readed it haha :D10:23
ahasenackgood morning11:03
ahasenackhi rbasak11:05
ahasenackkstenerud: did you see my notes about schleuder?11:07
ahasenackI added a bug to the exim4 card comments11:07
kstenerudYes, so we need to fix schleuder to unblock exim4 right?11:09
ahasenackyep, for a loose definition of "fix"11:10
ahasenackmight need kicking out too, I asked in #ubuntu-release yesterday, didn't get a response11:10
Mudchainslordievader: pff what a job, migrating the databases xD11:18
lordievaderIs it?11:19
lordievaderDump, scp, import. Right?11:19
Mudchainsat least the new ubuntu 18.04 server is up and running :)11:19
Mudchainslordievader: yes thats correct, also found a query to copy the mysql users11:20
Mudchainsthe most annoying part is all the application/odbc connections11:22
awalendeHi there, is it possible to write iptable rules for vlans?14:41
awalendeId like to block all incoming on a vlan interface of mine14:42
sdezielawalende: yes, -i and -o support any interface name14:42
awalendesooo "iptables -P INPUT DROP -i vlan118" should do the trick14:43
sdezielawalende: well, -P doesn't accept -i14:44
sdezielawalende: -P is to set the chain policy (aka default faith of a packet reaching the end of the chain)14:45
sdezielawalende: but any -I/-A rules that you have can use -i vlan11814:45
sdezielawalende: ex: "iptables -A INPUT -i vlan118 -j DROP"14:46
awalendeah okay, I'll try this. Thanks!14:46
awalendemhh weird, "iptables -L" shows me that I have a new DROP rule. However this list does not show my any information on which vlan this rule is enforced.14:51
awalende"DROP       all  --  anywhere             anywhere  "14:52
sdezielawalende: could you pastebin "iptables-save" ?14:52
TJ-awalende: "iptables -nvL"14:52
awalendeah I believe "iptables -nvL" did the trick, I see the rule for vlan118 now14:55
awalende-nvl - > https://pastebin.com/WViuyD5G14:56
awalendethanks for your help folks :)14:57
sdezielawalende: np. FYI, you can use prefix matching for input/output devices like this "-i vlan+"14:59
sdezielI find this quite useful at times so I thought I'd mention it ;)14:59
=== ossurayynot is now known as tonyyarusso
herald85hi, i keep having issues during updates with downloading the required version of linux-headers. When I manually browse to http://security.ubuntu.com/ubuntu/pool/main/l/linux/  and click on linux-headers-4.4.0-141_4.4.0-141.167_all.deb it also fails to download. Anyone know how I can work around this?16:15
ansyebhello. how it that possible? https://pastebin.com/YgJttRpw16:16
ansyebwhat is on 22001?16:16
ansyeb<SerajewelKS> ansyeb: almost certainly a -R forward from one of your users16:16
ansyebcould someone provide a link to the corresponding manual page?16:16
jellyansyeb: man ssh_config, search for RemoteForward16:20
ansyebI found this: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html#fwd16:20
jellyssh has about 4-5 different forwardings and agent forwarding or X11 forwarding is not relevant for -R16:21
jelly-R is a ssh client command line option that opens a listener on the remote side and tunnels tcp connections somewhere visible to the client side16:22
ansyeboh man..16:22
jellyserajewelks suggested you were seeing a remote listener side of such a setup16:23
jellythe* remote listener side16:23
jellyif you want web search keywords: ssh remote forwarding16:24
ansyebщл ен16:24
ansyebok ty16:24
jellyit's a way to enable access to a service that ssh server you connected to can't otherwise reach; somethimes used as a workaround instead of having to punch holes in firewalls16:26
jellyansyeb: what does "ps -fp 1973" say? it might be interesting to see what is its parent process, that might confirm the -R theory.  However,but it is somewhat unusual for a sshd process with a -R listener socket open to be running as root16:32
baffleI have a server with 2*L3 uplinks; The uplinks has a /31 for basic connectivity, and the same /32 on both interfaces+loopback. is routed via the /31 on both interfaces, and src set to the /32. Packets gets sent randomly out via both interfaces, but there is asymmetrical routing so replies might come to the other interfaces; If this happens, the package seems to just disappear. I have17:29
bafflerp_filter set to 0, what else have I forgotten? Iptables INPUT/FORWARD is set to ACCEPT...17:29
baffleAnyone have any ideas what it could be?17:29
sarnoldbaffle: rp_filter on *all* interfaces? or just the global config?19:32
bafflesarnold: It's set to 2 on all interfaces..19:50
sarnoldbaffle: this guide suggests assymetric routing uses would benefit from '1' https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html19:52
bafflesarnold: That's weird, this does not match documentation in https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt <- 1 is strict, 2 is loose. 0 is disabled.19:58
baffle(I have it set to 2, not 0, so that was wrong on my part)19:58
baffleSet to 0 on all/default/<interfaces> now, same behaviour.20:00
baffleAnd I have enabled log_martians too, and there are no entries in any logs. :-/20:00
sarnoldbaffle: huhn. that is more or less exactly opposite of the what the guide said :(20:02
bafflesarnold: Any tips on how to debug further?20:14
sarnoldbaffle: nothing good, I'm insanely rusty on router kinds of things :/ .. maybe firewall packet counts? perhaps they're being blocked by rules?20:15
TJ-baffle: I may be confused but your original question seems to be talking about *replies* coming into this server on a different interface - rp_filter is about sending replies *out* from this system20:17
sdezielrp_filter is a source validation mechanism so should apply to inbound traffic I think20:19
bafflesdeziel: But maybe in the forwarding path?20:19
baffleI.e. for packets passing.20:19
baffle(Typically a router)20:19
sdezielbaffle: AFAIK, rp_filter is applied on traffic reception even in the forwarding case20:20
sdezielbaffle: I don't have the time to look myself but surely sharing "ip a; ip ro" would help folks have a better idea of your setup20:21
bafflesdeziel: Oh. I forgot the paste-link I prepared... https://paste2.org/FLH32Z5F20:22
baffle(rp_filter is now set to 0, not 2 as in the paste)20:22
sdezielbaffle: is supposed to be some kind of HA IP or Virtual IP?20:22
bafflesdeziel: Yes, it is supposed to be a HA IP.20:23
sdezielbaffle: then I wouldn't expect to see it configured on the 2 NICs at the same time.20:23
bafflesdeziel: Well, I only had it on loopback before, then packets could be sent to it from an external host.. I.e. to reach a service bound to that IP. But for the host to source packets to that IP, and not the /31 linknets, one both needs to set the src in ip route + set IP on the interfaces. If IP is not set on the interfaces, packets will not be sent out by the kernel..20:25
sdezielbaffle: looks like you are running bgp which is unexplored territory for me, sorry ;)20:25
sdezielbaffle: I would have think that you could set just an ip route with source specification without needing to actually have the IP configured on the real outbound NIC (just lo0)20:26
sarnoldbtw how does a /31 work? there's two addresses, and the all-ones-equiv would be broadcast.. leaving the all-zeros for the one host?20:27
bafflesdeziel: Yes, it's BGP, but all it does it populate the routing table, and announce the /32 to the switches.20:28
bafflesdeziel: If I remove the IP from the outbound NICs, and just put it in lo0, and have src set to the IP, no packets go out..20:29
sdezielbaffle: your default route with 2 nexthops looks good to me. Have you confirmed with tcpdump what's going on?20:30
sdezielsarnold: I'm suspecting some kind of p2p setup20:31
sdezielipcalc says there are no broadcasts for /31: https://paste.ubuntu.com/p/yhR2dkxS8B/20:32
sdezielipcalc also mentions https://tools.ietf.org/html/rfc3021 for /31 ranges :)20:33
sarnoldha! of course there's an rfc to answer my exact question :)20:34
sarnoldthanks sdeziel20:34
bafflesarnold: It works great for linknets between routers, and there is no network/broadcast address.20:37
bafflesdeziel: Yeah, if I source icmp packets from interface ens1f0 I get echo+reply back on ens1f0. If I source icmp packets from interface ens1f1 the echo is sent out from ens1f1, but the reply comes back on ens1f0 (due to what I ping being a few hops away, and having a best path via the switch ens1f0 is connected to)20:40
sdezielbaffle: have you tried "ping -I" ?20:43
sdezielbaffle: I'd expect it to work and load balance the echo requests evenly between the 2 NICs since they have the same weight20:44
sdezielbaffle: the echo replies might all come via ens1f0 though if the switch behaves that way20:45
sdezielbaffle: out of curiosity, why deal with this at L3 instead of L2 (LACP, bonds, etc)?20:46
bafflesdeziel: Uh, that worked. One minute, I'll check something....20:51
bafflesdeziel: Whaddayaknow. Facepalm time. It works fine, and probaly has been all along, I think I was looking the wrong place all along. All day.20:54
sdezielbaffle: hehe20:54
sarnoldwhatr exactly was the wrong thing in question? :)20:56
bafflesdeziel: The reason for going with L3 instead of L2 is to avoid having MLAG on the switches, I've seen that (and stacking) fail too many times..20:59
blackflowsarnold: oh hey, you're a ZFS fan amirite?20:59
sdezielbaffle: OK20:59
sarnoldblackflow: yeah20:59
blackflowsarnold: is the ZFS wiki page editable only by ubuntu devs, or community? because the uses cases are blatantly lying :)  https://wiki.ubuntu.com/ZFS21:00
bafflesdeziel: So, instead of using L2 that we all know and love, I'm introducing more complexity with routing instead.. It is probably a bad idea.. But at least it is standardized, and you can use whatever vendor..21:00
blackflowthat really needs some correction, because it's very much false.21:00
sarnoldblackflow: I'd expect anyone in the right launchpad group would be able to edit it21:00
blackflowshould I open a bug report then?21:01
blackfloweg. Jack's use case is fiction. ZFS does no such thing.21:01
sdezielbaffle: I've heard good things about L3 redundant setups so I guess it's just a matter of fully understanding this new paradigm21:01
sarnoldblackflow: hah yeah that looks way wrong21:01
blackflowso is Ari's use case, ZFS does not do that :)21:01
bafflesarnold: I think what I originally observed, but failed to catch, was that outgoing connections from a container got masqueraded (randomly) to linknet IPs on interfaces + the "HA" IP.21:02
lordcirth_Yeah, Jack's is handled by btrfs, I'm not aware of any filesystem that just grabs storage devices lol21:03
sarnoldblackflow: if you want to edit the wiki, this is the group to join https://launchpad.net/~ubuntu-wiki-editors -- many other groups are already included on the thing, so maybe it'd make sense to join one of the other groups instead of this one21:04
sarnoldblackflow: I've got to run for lunch.. if you'd rather not bother, just let me know and I'll happily delete those usecases :)21:04
blackflowsarnold: thanks, I'll see what I can do first.21:04
sdezielbaffle: the masquerading shouldn't be random since your default route says to go out with, no?21:05
sarnoldblackflow: thanks21:05
blackflowsarnold: bon apetit!21:05
bafflesdeziel: Yes, but it is still very hard to know what is the correct way to design a spine/leaf design with full redundancy on hosts.. Some designs seems to think that spine/leaf should be core, with ToR switches connected to the leafs, and host using L2 to one ToR switch. Or LACP/MLAG to two ToR switchces. Some designs use ToR switches as leafs (as I do).. But that both in a rack should use iBGP and21:05
bafflebgp and be in the same AS.. Some have the same AS on spines.. It's very confusing..21:05
bafflesdeziel: That's what I tought...21:05
sdezielbaffle: the only semi-random (round robin I think) portion would be the outbound NIC the kernel picks21:06
bafflesdeziel: But I'll modify the rule to have --to-source..21:06
sdezielbaffle: out of curiosity, if you run this multiple time, do you see the kernel alternating the outbound NIC: ip ro get
bafflesdeziel: No, that returns same IP consistently. And I've set sys/net/ipv4/fib_multipath_hash_policy to 1 (L4).. But 1 sec, I'll see what happens.21:11
sdezielbaffle: yeah, same source IP but what about the dev?21:11
bafflesdeziel: Same device, same link IP, same source IP. I.e. -> via dev ens1f0 src uid 100021:12
bafflesdeziel: But I assume that is just cached. If I actually generate TCP traffic to the same host now, the flows round-robin.21:13
bafflesdeziel: I'll modify the masquerade rule and test now..21:13
sdezielbaffle: probably but I would have appreciate the kernel telling you about the round robin thing21:13
sdeziel"ip route get fibmatch" maybe?21:15
bafflesdeziel: That works, returns both path.21:20
bafflesdeziel: Also, manually replacing MASQUERADE with -J SNAT --to-source works a treat.21:21
sdezielbaffle: thanks good to know21:21
sdezielbaffle: I don't understand why MASQUERADE would do the wrong thing though21:22
tewardmasquerade uses the primary IP address on the system, if I'm not mistaken21:23
tewardand not "alternative IPs" (secondary, tertiary, extra, etc.)21:23
sdezielteward: it should make a decision based on the info from routing table, or at least that would be a logical (to me) way of doing it21:25
tewardwhile I agree with you, i'm also coming in late.21:25
tewardso I'm not up to speed :P21:25
baffleteward: What is the "primary" IP anyway?21:27
sdezielthat's what the routing table tells you it is21:27
tewardunless your routing tables are screwed, the 'default route' according to the routing table typically21:28
tewardusually the first IP address on an interface if you don't have any custom routing tables in play21:28
baffleHmm, wonder what happens if I reorder IP addresses in netplan.21:29
tewardjust as an FYI I came in late, did you share your configuration?  Do you have custom policy-based route rules set up?21:30
teward(which would therefore alter the 'default routes')21:30
sdezielteward: 2 nexthops with same weight as default gw21:30
tewardhah BGP is at play I see21:31
tewardsdeziel: I usually consider in a Multi IP scenario SNAT/DNAT is better than the MASQUERADE functionality in iptables21:32
tewardjust from experience21:32
bafflesdeziel: I totally agree.21:32
sdezielteward: agreed but I would still expect MASQUERADE to do the right thing in such scenario21:32
tewardsdeziel: my two cents is I call masquerade a 'hackish' way to SNAT/DNAT automagically.21:33
tewardjust my thoughts on it :P21:33
sdezielthis automagic should be reliable ;)21:34
tewardsdeziel: when is anything networking related EVER reliable :p21:34
sdezielteward: lo is pretty reliable but that's the exception21:36
baffleNow the /32 is the first IP on both interfaces, but MASQUERADE still chooses the link-net as NAT source. ¯\_(ツ)_/¯21:37
baffleGuess I'll have to disable the automatic creation of NAT rules in Docker. Maybe it's time to check if they've added more functionality..21:38
tewardsdeziel: well other than that lol21:38
sdezielbaffle: oh well, I was wrong (again) :P21:39
tewardbaffle: to be fair in my containerized environments (EXCEPT for this laptop, because it has only 1 IP lol), i never trust MASQUERADE to do what I want lol21:39
tewardalways SNAT everything :P21:39
tewardmy two cents.21:39
baffleteward: I don't think I have a choice.21:42
Mudchainsi love it when a old optimized my.cnf of mysql5.0 fixes the new slow installed mysql5.7 server21:42
Mudchainsfirst i changed the scsi controllers, but then ubuntu didnt start up anymore haha21:43
bafflesdeziel/sarnold/teward++: Thanks for all the help!21:44
sdezielbaffle: yw21:46
=== lifeless_ is now known as lifeless

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!