Re: Best practices for updating systems over extremely slow links
Hi On Thu, Oct 27, 2016 at 03:45:21PM +, rbraun204 . wrote: > I have a couple of debian boxes in very remote areas that are connected back > to > our wan via a 56kbps satellite link. Most of the time we have a constant > stream of data coming/going to that machine so the link is saturated quite a > bit. Ouch. I guess that the data isn't for looking at cat videos then! > I'm having all sorts of trouble getting apt to play nicely with the extremely > slow link. When I try to do an apt-get update, it seems to work for a while, > then will start to download whichever list it's currently on all over > again. > I tried running apt-get update for about 24h and it would never completely > download the amd64 main Packages.gz (around 7.5M). It would just keep trying > to start over and over again. Maybe sometimes it will work, but +50% of the > time it will crap out. Apt is configured to use a proxy server, aswell as > http::timeout is set to 300 via apt.conf > > FWIW, I can reliably rsync files over the sat link without issue. It takes a > while for sure, getting about .75 - 1.5KB/s. So the files do get there. So > it seems like whatever magic is baked into the rsync protocol to handle these > slow links is working alot more reliably for me then the http gets that apt is > using. Running rsync with bwlimit will work all day I've found. That's very odd. So TCP connections stay alive then. > I'm currently trying to build a list of debs that the system wants using > something like > > apt-get dist-upgrade --allow-unauthenticated -y --print-uris | grep -o '\ > 'http.*\' | tr "\'" " " > downloads > > then wget'ing them locally and rsyncing them up the remote. Seems to be > working so far, but the last failed apt-get update seemed to blow away the > lists on the remote and I can no longer see any pending package upgrades on > the > system. > > I've also tried tarring up /var/lib/apt/lists/* from a known working system > and > rsyncing that up to the remote, to try and update the lists manually I > guess. > But that didn't seem to work either. After dropping the list files in > /var/lib > /apt/lists and running apt-get dist-upgrade, still showed no pending > updates. > So not sure why that would be. > > So after all that, here are my questions :) > > 1. Is there some crappy link tweaks I can use in apt to help apt with > transferring data over a 1.5KB link? > > 2. In theory, if I wanted to transfer the apt-get update data via rsync, > should I be able to tar up /var/lib/apt/lists/* and send that manually? It > didn't seem to work, but I would imagine there's more going on behind the > scenes. if the sources.list are identical, yes: I believe that should work. > 3. Generally just curious what others have done when trying to keep systems > up > to date in very remote places with limited pipes. > > > Worst case scenario, If we had to burn a cd full of debs monthly and ship it > out to the remote I guess that would work. We also have our own custom repos > with software that gets updated aswell. But sometimes we would need to push > those updates out asap. Also, there is only 1 machine at each remote, so > it's not an issue of running approx to save X machines all updating over the > network at once. Normally, I'd suggest looking into running a private mirror and rsyncing it, but with only one machine at each location, that's overkill. I think you may want to look into apt-zip: This will decouple the download from apt, allowing you to get the data xferred by whatever method works (rsync?), and picking up the xferred file on the remote location with apt... Unfortunately, apt-zip has been discontinued - last appears in wheezy, but it may still work or be made to work? It seems aimed at your exact use case... Failing that I can imagine other (hand-crafted) solutions with these components: - make sure /etc/sources.list (and /etc/sources.list.d) are identical - rsync /var/lib/apt/* across - on the remote end: run: apt-get upgrade --print-uris # or similar - grab the URLs - download the *.debs and rsync them into /var/cache/apt/archives/ - on the remote end: apt-get upgrade This is entirely off the top of my head, but with a bit more thought and scripting, it _should_ work... Hope this helps -- Karl
Re: systemd - how to run system service by user target
Hi On Mon, Oct 17, 2016 at 10:01:58AM +0200, Kamil Jońca wrote: > > Assume we have openvpn.service. > This service neccessary only when I want to connect to my work from > home. > > Is it possible to make user target which will be automatically run this > service? > KJ > It probably is. I had the same problem - a "vpn to home" that doesn't need to run when at home. My solution: Firewalling rules on the server-side endpoint, that rejects VPN connections from inside the network. Thus, my openvpn service on my laptop can run constantly, but the VPN will only actually connect when I'm _not_ at home. Hope this helps -- Karl E. Jorgensen (also KJ)
Re: networking
On Fri, Aug 26, 2016 at 12:43:30PM +0200, Pol Hallen wrote: > Hi all, I'm helping a friend to create a small network on his office (4 > floors) > > I suggests him to separate each networks: > > floor1 - 192.168.1.0/24 > floor2 - 192.168.2.0/24 > floor3 - 192.168.3.0/24 > floor4 - 192.168.4.0/24 > > DSL <--> SERVER <--> WAN - 192.168.10.0/24 >NIC1 - 192.168.1.0/24 <--> switch >NIC2 - 192.168.2.0/24 <--> switch >NIC3 - 192.168.3.0/24 <--> switch >NIC4 - 192.168.4.0/24 <--> switch > > what is better? A linux server with 5 NICS (for all floors) or a dedicated > and cheapest router with 5 NICS? (DSL <--> SERVER <--> ROUTER) As others have noted, there is not enough information here to decide what is best... However... You may want to for different networks to allow for future expansion. Your current scheme will only allow for max ~ 250 clients per floor. And you have the IP ranges rubbing against each other without gaps... It is usually a good idea to leave "space" between the IP ranges to allow them to expand without too much trouble. And avoid making the IP range too narrow - running out of IP addresses is nasty. For example: floor1 - 192.168.128.0/20 [ 192.168.128.0 ... 192.168.143.255 ] floor2 - 192.168.160.0/20 [ 192.168.160.0 ... 192.168.175.255 ] floor3 - 192.168.192.0/20 [ 192.168.192.0 ... 192.168.207.255 ] floor4 - 192.168.224.0/20 [ 192.168.224.0 ... 192.168.239.255 ] With /20 it allows for ~4000 devices per floor. And there are "gaps" in the IP ranges to allow for expansion, so if the population of a floor grows, it can grow to a /19 without clashing with the next floor. In each IP range you need to allow IP addresses for: default gateway (traditionally the first IP in the range. Or the last. Convention differs.) broadcast address network address (not sure this is needed nowadays, but I tend do...) and you may also want to reserve a block (16 or 32 IPs) at the beginning/end of each network range for devices with fixed IP addresses - e.g. your dhcp server (unless you let the router forward DHCP/BOOTP), DNS server (which may or may not be on the same network) and other stuff that crops up. Of course, here we seem to be talking about wired access. Wireless access probably should have its own IP range (and allow for a sizeable number of devices) as it will probably not be specific to a floor... You could treat this as a different (less trusted) floor Hope this helps -- Karl
Re: jessie-kvm-qemu: Win7 guest fails to update
Hi On Wed, Jul 13, 2016 at 04:06:43PM -, Frank Miles wrote: > I have two jessie systems with kvm-qemu virtualized Windows7 guest OSs. > These are mostly working well (including guest inter-networking) to > the extent that I use Windows, with one glaring exception: when I try > to do a Windows Update - the process never finds anything to do, nor does > it ever terminate. Ordinary Windows systems (belonging to other users) > are finding lots of updates and fairly quickly. > > One of these is my home computer (Win7Pro); the other is my work computer > (Win7Enterprise). Both were afflicted approx the same time (not sure exactly > when, I use the Win7 guests less than once/wk). Are they on the same network? > > I've talked to our network/user-systems techs/admins, and they haven't a > clue. They recommend their usual solution - full reinstall of Windows. > A hideous amount of time (ISTM) especially for my home system on a slow > internet feed. Since this is a problem in a windows VM (probably in a Debian host?), this is barely applicable to the list, but I'll bite... Sounds like general network gremlins... A couple of things that spring to mind: (1) Can the windows boxes ping e.g. 8.8.8.8 ? If not, then network connectivity is likely broken... (2) Can the windows boxes resolve names? E.g. ping www.google.com ? If not, then DNS resolution is borked... (3) IP address collisions: If two systems on the same network have the same IP address, then you will get inconsistent results... To see whether a box suffers from this, obtain it's IP address and disconnect it from the network. If the IP address is still pingable (or just arping'able), then this is a red flag... Hope this helps -- Karl E. Jorgensen
Re: apache and clients
On Sun, Jun 19, 2016 at 02:49:42PM +0200, Pol Hallen wrote: > Hi folks! > > Inside a small lan (less 10 pc) I've a server with apache. > > I've to install bind/dnsmasq to automatically resolve IP of apache or can I > use clients's host file? > > What's the easy/fast way to resolve IP of this server? It depends on what the clients support... If they support mDNS, then installing something like avahi-daemon on the server will make it broadcast it's presence via mDNS, and (assuming that clients understand mDNS) it can then be reach as "servername.local" (where "servername" is your host name). -- Hope this helps
Re: Konqueror - security hole or bug?
On Wed, Jun 15, 2016 at 09:32:18AM +0200, Hans wrote: > Dear community, > > I found a strange behaviour with konqueror (does anyone use it?) and I > believe > it is either a bug or a security problem. > > the problem is the following: > > I discovered, that my network card is doing a lot of traffic, although I did > nothing with my computer (heavy blinking of my traffic led). Using etherape > and > wireshark, I could prove, that there is really a lot of traffic from my > computer > into the internet. However, I could not see, what content it was. > > At last I found out, that a process called "konqueror" (which is of course > the > browser) caused this heavy traffic. BUT konqueror was already safely ended by > me! I don't run KDE... Perhaps it is staying around for quick launch later? > Further testings prove, that this behaviour appears from time to time. It > also > appears, that this behaviour only happens on certain websites. These are > www.heise.de and youtube.com, but maybe others not. By looking at the DNS requests, you should be able to gather clues about that... I'd recommend using tcpdump to gather traffic into a file, which you can then later examine with e.g. wireshark. > As I do not know, if it is just broadcast traffic or real content, we should > have an eye on it. Maybe somebody else can confirm this or saw this in the > past. By looking at the IP addresses, you should be able to see whether it is broadcast, multicast or point-to-point traffic... Hope this helps -- Karl
Re: chroot setup problem
On Thu, Apr 21, 2016 at 07:17:14PM -0400, Haines Brown wrote: > I attempt to chroot from /dev/sdb on /dev/sda. > > # mount /dev/sda1 /mnt/debinst > > I verify it is mounted and then do: > > # LANG=C.UTF8 /usr/sbin/chroot /mnt/debinst /bin/bash > /usr/sbin/chroot: failed to run command `/bin/bash': No such file or > directory > > /usr/bin/chroot exists. So does /mnt/debinst. So does /bin/bash. /bin/bash is irrelevant in this context - the filename will be looked up _inside_ the chroot, so you need to check that /mnt/debinst/bin/bash exists (and the shared libraries it uses...) Hope this helps -- Karl
Re: Systemd bybasses fstab mounting root partition(?)
Hi On Mon, 2015-10-19 at 18:24 +0300, Ivan Boro wrote: > Looks like subj. > Have a KVM machine with jessie assembled via debootstrap. Fstab states > > /dev/vda2 / ext4rw 0 0 > > The partition labeled vda2 is listed in grub.cfg as the root partition > by its uuid.(via update-grub) > > Added a disk to have swap on it. Booted normally, despite the fact, that > the new swap-disk was automatically labeled as vda and the disk with > root is as vdb: > > # mount | grep ' / ' > /dev/vdb2 on / type ext4 (rw,relatime,data=ordered) > > No errors or warnings in dmesg. > > So, systemd mounted root partition, whitout looking into fstab. > > I don't have much experience in systemd, and now wonder how this "smart" > mount works. Well - I doubt this is systemd specific. /etc/fstab is in the root file system. Thus, the system can only examine /etc/fstab _after_ the root file system has been mounted... Instead you may want to examine the kernel command line (e.g. in grub or /proc/cmdline) - it should have "root=" in it. Nowadays that is often specified via a UUID - and the UUID stays the same if if you move disks about. Hope this helps -- Karl E. Jorgensen
Re: How come i wrote a NO-BREAK SPACE in xterm+bash ?
Hi On Sun, 2015-08-02 at 10:54 +0200, Thomas Schmitt wrote: Hi, i just had some interesting minutes with this riddle in bash on xterm: $ ls -l .. | wc ls: cannot access .. : No such file or directory The refusal sticks to the command in libreadline's history buffer and to copy+paste, but not to a manually retyped command: $ ls -l .. | wc 70 6234159 Finally i found out that the refusing command line does not have an ASCII Blank (decimal 32) before the pipe symbol but rather UTF-8 code (194,160) which means U+00A0 NO-BREAK SPACE. Obviously this does not count as whitespace in bash (vanilla Debian 8.1 install). The error message had (194,160) between .. and :. Now i riddle how my chair, my US-ASCII keyboard, and the problem inbetween managed to produce such a character in the bash (libreadline) command line of an xterm. Does anybody have an idea how to reproduce this ? (In order to better avoid it.) I can reproduce that with Alt-gr + space space (My Alt-Gr key is my compose key): karl@xps:~$ od -t u1 000 194 160 10 003 I suspect you may be able to do the same, although you may have configured your compose key differently (I cannot remember whether mine is the default). Hope this helps -- Karl E. Jørgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1438543857.27201.5.ca...@jorgensen.org.uk
Re: Cron not working
Hi On Sun, 2015-07-12 at 13:02 -0400, Haines Brown wrote: This may be a FAQ, but it has me stumped. I try to do a weekly backup with this, but nothing happens, and there is nothing in syslog: # crontab -l 0 4 * * 0 /home/haines/scripts/backup I can run the script manually with # /home/haines/scripts/backup. Cron daemon is running: $ ps -ef | grep cron | grep -v grep root 8972 1 0 12:37 ?00:00:00 cron Nothing happens ? odd. There _should_ be entries in /var/log/syslog from cron when it invokes jobs. And if it does, you should have mail in /var/mail/haines ... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1436720833.19469.2.ca...@jorgensen.org.uk
Re: the correct way to read a big directory? Mutt?
Hm... On Wed, May 27, 2015 at 10:56:48AM +0100, Jonathan Dowland wrote: On Fri, Apr 24, 2015 at 04:12:15PM +0200, Nicolas George wrote: Le quintidi 5 floréal, an CCXXIII, Vincent Lefevre a écrit : Now I wonder whether the use of the hash by ext3 is a good idea... Alternatively, I suppose that a SSD disk could improve things. Well, filesystems can not be optimized for every use. Ext3 dates from 2001, and is an incremental update to the ext2 design from 1993. Large-scale storage on flash devices was very uncommon then, and the rise of modern SSDs didn't start until around 2008 iirc. Having myriads of small files has always been a bad idea anyway, it trashes the inode and dentries cache, it costs extra disk bandwidth (because you can not read half a sector at the end of the file) and latency (because of all the seeks, even when reading in order, it will be more fragmented than a single file), etc. Of course, nowadays, huge RAM and SSD will mitigate the issue. Mail storage is a lose-lose situation, really. Maildir improves the performance and reliability of parallel operations on a mailbox versus mbox, but is less space efficient precicely because of the metadata overhead, especially for large mailboxes. One should keep high-read boxes in Mailidir and low-read, large-size archival mailboxes in mbox, potentially compressed. The archivemail tool can assist with moving one to the other. It is a tragedy that a standard, robust and efficient format for mailboxes was never designed and adopted. It's a tragedy that many such standards were invented :) Obligatory XKCD reference: http://xkcd.com/927/ -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150527112621.ga8...@eee.karl.home.jorgensen.org.uk
Re: An inotifywait question
Hi! On Fri, 2015-04-17 at 12:05 -0400, Gene Heskett wrote: Greetings all; I am as you have proably guessed by now, the originator of some bash scripts that greatly simplify the day to day background operations. Two of these scripts make use of inotifywait to hand them the data they need to do the rest of their jobs. One of them watches /var/spool/mail and is dependent on finding the $pidof kmail so it kmail isn't running, it will not send a message to kmail over the dcop or dbus facility and thereby stuffing up the buffers either of these use. However, there are generally two instances of inotifywait running because I also use a session to watch another directory where a .jar file running as drivewire for a legacy computer in the basement, so that I can send a file to a printer it thinks is attached to that machine, but which in reality is actually sent up the usb cable to this machine and dropped into a file here. Simplified, that file, when closed by drivewire, is then sent via an lp command in that script, thru cups which renders it, then sends it back down that same usb cable to a brother BW laser printer on that computers desk, where it gets spit out in a beautiful font, at 19 ppm, which is about 20x faster than any pin pounder printer that was ever connected to it 30 years ago. However, if something goes aglay, my scripts try to kill the inotifywait session, and go silent until the proper $pidof's are present again. But occasionally they will kill each others inotifywait sessions as I am currently doing that kill with killall $name. Not the correct way obviously to kill the session that THAT script started. Because inotifywait is not silent when it launches, I have been forced to do an var=inotifywait $option_string 21 /dev/null to absorb the noise. Am I dumping the PID return? Can I save that launch return and use it to do a specific kill $savedvar? The manpage for inotifywait is silent in this regard, but I suspect I am looking at the wrong manpage. Perhaps, since its a bash script in both cases, its the bash manual I should be studying? Thanks for any clues. The bash manual, at around 500 pages, details aren't that easy to find in that tome. Bash (or sh) is really a programming language :-) You're looking for $! : Special Parameters: ... ! Expands to the process ID of the job most recently placed into the background, whether executed as an asynchronous command or using the bg builtin (see JOB CONTROL below). Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1429288451.22434.17.ca...@jorgensen.org.uk
Re: Authentication breakdown
Hi On Tue, 2015-04-07 at 10:02 -0300, francis picabia wrote: I'm having a perplexing problem around authentication on my home system. It has been running 32 bit Debian for years, and up to date with Debian 7. Nothing new had been installed or configured for months, only aptitude update and aptitude safe-upgrade. This morning, checking email, I found thunderbird could not login to dovecot. Restarted dovecot and no difference. SSH login failed from two different systems. I checked that the firewall on Linux was off. I checked last reports and there was no unusual access. Tested with chkrootkit and nothing came up. This system is normally protected by unusual ssh port plus denyhosts against brute force login. nsswitch.conf had compat for passwd, group and shadow, and I switched it to files, with no difference. Nothing seemed odd under /etc/pam.d with the common-* files. Console login as my user or as root failed. dmesg didn't report anything unusual happened. Tried a passwd refresh to a new password. That required entering my existing password, and entering the existing password worked. However it wouldn't allow ssh or console login with the changed password. I changed it back to the usual password, and again, it accepted the old password when prompted. If logins via both console and ssh failed (as both yourself and root), how did you get in? Once logged in, I would suggest that you study the log files before trying to change things. The log files are usually a much faster route to the underlying cause... Assuming you have a default(ish) syslog config, the first log file I'd look at is /var/log/auth.log. Then /var/log/kern.log and the remaining log files. Eventually I was locked out when the screen save came on after leaving it alone for awhile. I rebooted, and the system still has this wacky behaviour. Ah - a graphical login! I'd recommend staying with the console (text-only) login whilst diagnosing this. It's simpler software, and should thus be simpler to debug. And it is plausible that your gdm greeter is suffering from the same underlying cause... In addition, the gdm screen does not come up - displaying only an hourglass. VT consoles do come up after reboot, but again, console login as myself or root are failing, and ssh login from remote as myself is failing. I've never seen something like this fail before unless I had been messing around with pam configuration files. I'm currently unable to get into the system so I'll be getting a rescue CD set up to use later today. Well - it is theoretically possible that a disk corruption has done something to your pam configuration. Hopefully the log files will contain clues so you don't have to rely on such wild unsubstantiated guesses... Hope this helps -- Karl E. Jorgensen k...@jorgensen.org.uk -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1428443299.4670.13.ca...@jorgensen.org.uk
Re: Jessie regularly loses wifi connection though signal is strong
On Fri, Mar 13, 2015 at 10:58:05AM -0400, Thomas H. George wrote: Very frustrating. Wifi says it is connected though it is not. After reset the connection works for a time, then just stops. Any suggestions? More diagnostics is needed to make sensible suggestions. A couple of things to look at next time you have a network outage: * check the logs - mainly : /var/log/kern.log and /var/log/daemon.log. There might be interesting stuff in /var/log/daemon.log too. Messages with a timestamp immediately you lose the network connection may give clues to what is going on. * Do you lose association with the access point? (iwconfig wlan0 and studying /var/log/kern.log for wlan0-related messages will give the answer to this) * Is the network interface still up? (ifconfig wlan0) Has it got the right IP address? /var/log/daemon.log will show dhcp-related events here... * Can you reach the access point with ping? Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150313210058.ga12...@eee.karl.home.jorgensen.org.uk
Re: Very slow downloads when doing dist-upgrade.
Hi On Fri, Mar 13, 2015 at 11:27:54AM +0100, SL wrote: Hi, I have a number of VPSs which I need to upgrade to Wheezy. During the dist-upgrade step I'm getting very slow download speeds from debian.org (10kB/ s), which is causing the process to take a very long time. Is there anything I can do to speed things up? Could anyone suggest e.g. a mirror I could add to sources.list? (I'm in Europe). If you have more than a few servers, it is really beneficial to use a caching HTTP proxy (e.g. squid configured to cache big files) on your local network ... Then you'll only have to download things once (usually) hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150313104354.ga30...@xps.home.jorgensen.org.uk
Re: recommended ftp clients for Debian
On Tue, 2015-02-24 at 09:32 -0800, Patrick Bartek wrote: On Tue, 24 Feb 2015, Lisi Reisz wrote: Yes, I know I can STFW. I have in fact done so. But I am after personal experience. I want a simple ftp client, for putting not getting, that is easy and pleasant to use. GUI based. For the use of non-geeks as well as myself. FileZilla. Never had a problem with it. Ever. Very configurable. Lots of feature. Easy to use. Initially used gftp, but switched to FZ years ago. [joining this thread late - sorry] If you are using Gnome, then the normal file manager (nautilus) should be able to fit the bill too. Then users do not have to learn a new interface... Just my 2 p -- Karl -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1424801811.11361.12.ca...@jorgensen.org.uk
Re: Some commands is not working in Linux server
Hi On Mon, 2015-02-23 at 21:00 +0530, Justinmp wrote: Greetings to all.. Everything was working normally until last day.From today I am not able to execute few commands like ls in cent os machine.Interesting part is ls -al is working fine. When ever I issued ls , du -sh * ,yum update system got stuck and putty session freezes. Is this because of any hardware issue ?This server is remotely accessed. You do not list many symptoms, so the server could be suffering from anything. Or your network may suffer from anything. Without more details, the best we can do is pure speculation. ... yum update ?? You know: this is a debian list... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1424708419.11587.2.ca...@jorgensen.org.uk
Re: Upgrading Kernel on VPS - Failed?
Hi On Sun, Feb 22, 2015 at 03:14:19PM -0500, Stephen R Guglielmo wrote: Hi list, I have a VPS with a company. The image I initially chose was Debian Wheezy. I immediately upgraded to Jessie. I updated the kernel and rebooted. However, it seems I can't use iptables: $ sudo iptables --list modprobe: ERROR: ../libkmod/libkmod.c:557 kmod_search_moddep() could not open moddep file '/lib/modules/3.2.0-4-amd64/modules.dep.bin' iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. 3.2.0-4-amd64 is from Wheezy. It seems that the system is still looking for the previous kernel. Does anyone have information about this? What does uname -a report? This should tell you what the running kernel version is. It could be a case of your providing implementing your Virtual Private Server using kernel cgroups - e.g. via Linux Containers (LXC). If so, then you do not control what kernel you run - you share the kernel of the host operating system, but have limited access inside it. Tools like grub and lilo do not apply inside Linux Containers either. A VPC is a very close approximation to a real hardware server, but not quite the same. One relatively easy way of detecting whether you're inside a LXC is to run uptime - this will report the uptime of the host kernel. If you recently rebooted your VPS, you will see an uptime which is too long. Tools like the imvirt package can also tell you what virtualisation you're running under. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2015013646.ga24...@eee.karl.home.jorgensen.org.uk
Re: A big Thank You to Debian :-)
On Wed, 2015-02-18 at 22:40 +1300, Richard Hector wrote: On 17/02/15 23:40, Karl E. Jorgensen wrote: I also ended up with systemd - which I was also somewhat sceptical about. But since I could not come up with any technically sound arguments against it (partially caused by my ignorance of systemd), I decided to take the leap - if nothing else, to be able to honestly criticize it and actually know what I was talking about. On 18/02/15 20:29, Andrew McGlashan wrote: You couldn't even bring yourself to say systemd, what's wrong with saying it? He did, actually. And described constructive motives. I did. But in the first paragraph of the email, I *did* have a typo, where I missed out the 'd' in systemd, which is what I assume Andrew is referring to. I'm amazed that a typo can bring such an emotional reaction - my email was really not about systemd, but about the fact that Debian Works - at least for me. I cannot speak for others. I feel it is important to praise (or at least: acknowledge) the things that go right. And my upgrade went smoothly. A lot of work has gone into Debian, and I believe it is very important that we encourage the things that go right - just complaining about the wrong things is insufficient and probably not constructive. The fact that some people dislike what runs on my system[1] is immaterial as far as I am concerned. My system works for me. [1] Yes: system. No d. That's on purpose. There are other things in life. -- Karl E. Jorgensen. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1424254517.4884.12.ca...@jorgensen.org.uk
A big Thank You to Debian :-)
I see that there has been a fair amount of talk on this mailing list about system , Gnome 3 and some general dislike of Debian Jessie as a result. So I thought I'd throw in my 2 p I recently upgraded my main laptop (a fancy new Dell XPS with more SSD than I've ever had before) from Wheezy to Jessie, and I have to say: Brilliant! The upgrade took a while (almost exactly 1 hour) and there were a few NEWS files presented to me, but no problems surfaced. Things just worked. It was a bit of an anticlimax, bordering on boring, followed by a nervous reboot. It took me longer to make sure I had working backups and alternate boot media - just in case. Even though I had opted to install the laptop with a single (big) BTRFS file system, this didn't cause as much as a comment by the upgrade. The scripts just got on with their jobs without grumbling. I was fearing that GRUB might have a hiccup on this, as I realise this is not a commonly-used set-up, and thus probably less tested. I *did* end up with Gnome 3 - which I initially was a bit sceptical about. I was a Gnome (2?) user with a preference for the awesome window manager - this did not seem to be an option with Gnome 3. But with Gnome 3 and the Shellshape extension (could somebody package that? Otherwise I might!) things are back as I like them. With eye candy to boot. This would probably not be suitable for my low-powered Atom netbook, but I'm now confident enough to upgrade that too. Later. When I get time. I also ended up with systemd - which I was also somewhat sceptical about. But since I could not come up with any technically sound arguments against it (partially caused by my ignorance of systemd), I decided to take the leap - if nothing else, to be able to honestly criticize it and actually know what I was talking about. As far as I am concerned, the proof is in the pudding: It *works*, dammit! :-) I'm sure there are some rough edges somewhere - I just haven't encountered them. And until I do, I have nothing to complain about. My system now boots in SECONDS. It nearly boots *too* quick. It seems like the pause in Grub is taking longer than both the POST and Debian boot!? Booting is as quick as resuming from sleep! I'm not used to that!! I'm sure that there is a *lot* of work going on for Debian Jessie that I simply have not paid attention to - simply because it did not cause problems. Which is absolutely excellent - that's the way software *should* be. Keep up the good work! -- Karl E. Jørgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1424169638.4500.25.ca...@jorgensen.org.uk
Re: Writing files with formatted name
Hi
On Mon, Feb 09, 2015 at 03:02:07PM -0500, Roman Gelfand wrote:
would writing synchronized java class using the same algorithm solve the race
problem?
Java is a bit overkill for that :-)
Atomic locking is available in the shell too - man flock ...
Thanks
On Fri, Feb 6, 2015 at 12:12 PM, Roman Gelfand rgelfa...@gmail.com wrote:
I need to write files with name format {5 digit sequential number}.
{extension I will supply}.
Is there a utility which would allow me to copy/move/put a file with the
above name format incrementing the sequence for each subsequent file.
Something similar to what logrotate is doing.
Tlhanks in advance
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/20150210071924.ga24...@eee.karl.home.jorgensen.org.uk
Re: Was: Ric Moore
Hi On Mon, Jan 19, 2015 at 09:13:20AM -0600, Richard Owlett wrote: Gene Heskett wrote: On Sunday 18 January 2015 18:21:02 Mart van de Wege did opine [SNIP] apt-get remove network-manager seems to work just fine for me. Mart I have attempted that, several times in the past 5 or 6 years. The list of stuff it will also remove is usually several printed pages, IF you could actually get a printout. Unfortunately, you can't even copy/paste for a record from that screen by any method but a screen snapshot series. [snip] I had a similar problem some time back. Someone pointed me to a utility that saved everything sent to a console window. It was not redirection nor a pipe as the console retained all its functionality. The procedure was: start the utility in the console specifying a destination file run arbitrary number of commands [the utility recording input keystrokes and resulting output] terminate the utility close console if desired I understand the typical use of the utility is in a classroom situation where instructor needs to see exactly what the student did. I know I saved the message but I can't come up with keywords to retrieve it. That sounds like the script command - it's in the bsdutils package which should be installed by default. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150119152335.ga3...@eee.karl.home.jorgensen.org.uk
Re: shell script removing log files.
On Mon, Dec 22, 2014 at 10:51:26AM -0800, pe...@easthope.ca wrote: This command in a shell script removes unwanted log files. for i in $( echo *.Log ); do /bin/rm $i; echo Removed $i. done In the edge case of no matching files, rm complains. /bin/rm: cannot remove `*.Log': No such file or directory If echo is replaced with ls, it complains when there is no match. Does anyone have a tidy solution for this task? First of all, you have an unnecessary use of echo. Although seemingly innocuous, if you have file names with spaces, the spaces will mess things up as things will be going through the shell twice. Which is once too many. Second, remember that when the shell performs pathname expansion, it will leave the original pattern in there if nothing matches. Hence the error message you see. This should do the trick: for i in *.Log ; do if test -f $i; then rm $i echo Removed $i. fi done or if you want to make things *really* simple: rm --force --verbose *.Log :-) -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2014101542.GB5035@hawking
Re: USB drive mounted Read-only; what to do ?
Hi On Fri, Dec 19, 2014 at 05:45:33AM -0300, Renaud OLGIATI wrote: I plug in a USB pen drive, and launch dd to copy an iso image. # dd bs=4M if=debian-live-7.6.0-amd64-rescue.iso of=/dev/sdi sync dd: opening `/dev/sdi': Read-only file system Read-only file system on /dev/sdi?? This is very out of the usual: This seems to indicate that your /dev filesystem is read-only, and dd cannot create /dev/sdi ... What does: ls -l /dev/sdi report? I suspect it will say the file does not exist. If /dev/sdi does not exist, dd will attempt to create it. As a normal file. Which is probably not what you want... Similarly, can /dev actually be written to? The output of a command like this would be instructive: touch /dev/somefile-which-doesnt-exist Is there a way to force it to mount read-write ? Probably. But it depends on why it was read-only to start with... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141219120135.GB25008@hawking
Re: user permission inconsistency
Hi On Mon, Dec 08, 2014 at 06:16:37PM +0100, alex wrote: Hi everybody, I observe a strange inconsistency in user permissions (jessie up to date; xfce4). Id est: user@rheya:~$ ls -la /dev/ttyACM0 crw-rw 1 root dialout 166, 0 Dec 8 17:25 /dev/ttyACM0 user@rheya:~$ id alex uid=1000(user) gid=1000(user) groups=1000(user),20(dialout) This will show the group memberships of the alex user, if he was to log in now. user@rheya:~$ echo \0 /dev/ttyACM0 bash: /dev/ttyACM0: Permission denied Well - you do not appear to be logged in as alex. You are user ?? although root@rheya:~# echo \0 /dev/ttyACM0 echo ok ok running the id command without any parameters should show you the group memberships of your shell. I *suspect* this is somehow related to systemd-logind (while systemd is not running as pid 1) I just added user to group dialout (and astonished not to have to logout in order to have updated user groups list) Well - if you run id username, this will update immediately. But what matters is the group memberships of your *shell* - which it will get at login-time... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141208172633.GA24709@hawking
Re: Debian by default / Debian jessie
Hi On Fri, Dec 05, 2014 at 10:47:16AM +, Frederic Robert wrote: Hello, How are you? Pulseaudio is used by default. I'm using debian jessie. I'd like to use Alsa by default. I removed pulseaudio (apt-get remove pulseaudio) and installed alsa-base. When i reboot the computer, i don't have sound :( Which application did you expect to emit sound? some more information would be helpful here... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141205111348.GC4406@hawking
Re: bind9 needs sometimes a restart after resume from suspend
Hi On Sun, Nov 30, 2014 at 03:26:29PM +0100, Rainer Dorsch wrote: On Sunday 30 November 2014 11:59:16 Karl E. Jorgensen wrote: Hi On Sun, Nov 30, 2014 at 12:26:36PM +0100, Rainer Dorsch wrote: Hi Pascal, On Sunday 30 November 2014 11:15:41 Pascal Hambourg wrote: Hello, Rainer Dorsch a écrit : I run bind9 locally and noticed that bind9 sometimes needs a restart after suspend. Why ? Not running, not resolving, errors... ? bind9 does not respond. See e.g. the dig command from my previous post blackbox:~# dig heise.de ^Cblackbox:~# That was well hidden :-) Any related messages in /var/log/daemon.log ? Indeed there are a number of entries in there, these are the entries right after restart: Nov 30 10:10:49 blackbox named[24198]: clients-per-query decreased to 12 Nov 30 10:10:50 blackbox console-kit-daemon[2055]: WARNING: Error waiting for native console 56 activation: Resource temporarily unavailable Nov 30 10:10:50 blackbox named[24198]: validating @0xb3f5c0d0: . NS: got insecure response; parent indicates it should be secure Nov 30 10:10:50 blackbox named[24198]: error (insecurity proof failed) resolving './NS/IN': 192.168.178.1#53 Nov 30 10:10:50 blackbox named[24198]: error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53 Nov 30 10:10:50 blackbox named[24198]: managed-keys-zone: No DNSKEY RRSIGs found for '.': success Nov 30 10:10:50 blackbox named[24198]: validating @0xb3a00018: . NS: no valid signature found [snipped more of the same] These messages dont look abnormal - in fact they seem to indicate proper operation. But after restart when bind9 is working, I still see similar entries: Nov 30 15:19:40 blackbox named[2322]: validating @0xb4072230: . NS: got insecure response; parent indicates it should be secure Nov 30 15:19:40 blackbox named[2322]: error (insecurity proof failed) resolving './NS/IN': 192.168.178.1#53 [similar messages snipped] Going back to your original symptom: bind not responding... It looks like bind is at least *alive*. I wonder... What exactly does bind not responding mean? any command that reproduces that would be handy. As this is happening in relation to suspend/resume, this would imply that network interfaces go down and up too. So perhaps bind is failing to detect the re-arrival of network interfaces? The output of a command like sudo netstat -nlp | grep bind while bind is not responding would be instructive. And then compare/contrast with the scenario of a working bind... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141202130714.GA32322@hawking
Re: bind9 needs sometimes a restart after resume from suspend
Hi On Sun, Nov 30, 2014 at 12:26:36PM +0100, Rainer Dorsch wrote: Hi Pascal, On Sunday 30 November 2014 11:15:41 Pascal Hambourg wrote: Hello, Rainer Dorsch a écrit : I run bind9 locally and noticed that bind9 sometimes needs a restart after suspend. Why ? Not running, not resolving, errors... ? bind9 does not respond. See e.g. the dig command from my previous post blackbox:~# dig heise.de ^Cblackbox:~# That was well hidden :-) Any related messages in /var/log/daemon.log ? -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141130115916.GA22567@hawking
Re: Image cloning software
Hi On Sat, Nov 29, 2014 at 06:39:32PM +0100, Miroslav Skoric wrote: Is there a good software for Debian 7.7 as well as for Debian 6.10 that is capable to produce a multi DVD/CD image of a working system, in a way that such image can be used later as a DVD/CD installation media for 'cloning' on the other comps (or on itself, in case of an irreparable failure of a working machine)? Thanks. You may want to look at the bootcd package - looks like it will do what you ask... Or at least similar enough to get you most of the way there. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141130121538.GB22567@hawking
Re: EXT4-fr error, ext4_find_entry: reading directory...
Hi On Mon, Nov 24, 2014 at 01:17:29PM +0100, linuxmasterj...@free.fr wrote: Hi, Since a couple of days, I have a bunch of EXT4-fr error device ... ext4_find_entry: reading directory errors. Sounds like stuff in the kernel log? For me, that's only a disk issue, I booted on a sysresccd and did a e2fsck. Everything was OK. Then, I rebooted and I still had those errors. I bought another hard drive and copied all data from the old HD to the new one, re-install grub and booted on it. Worked like a charme but I still have those awful errors. I did another e2fsck with check blocks : nothing abnormal... How was the data copied? dd of the underlying device or copied at the file level... The errors in the kernel log sound like file-system level inconsistencies. Copying the data by using dd of the underlying device would also preserve the filesystem level inconsistencies... Any ideas ? Could be a SATA cable / SATA controller / motherboard issue? How to identify the right problem? Possibly. If so, I'd expect other clues in the kernel log complaining about hardware issues It could even be a power issue - lack of sufficient voltage can have all sorts of weird and counter-intuitive results. And inconsistently so. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141124122313.GA12505@hawking
Re: Block size confusion.
Hi On Fri, Nov 21, 2014 at 04:20:07PM +0500, Muhammad Yousuf Khan wrote: Dear experts, i know its frustrating because i always ask theoretical question. i hope and believe you guyz will not mind and i really learn alot from this list. So, coming to the point, I want to clear my confusion on block size. theoretically i know what block size is but practically i dont know that what are the reasons that one might want to change the block size and how it effects the IO performance. Well.. Block sizes exist at multiple levels... The physical disk will have blocks - i.e. all physical reads and writes happen in multiple of blocks. To change one byte, the whole block has to be read into memory, the byte change in memory, the whole block written out again. Nowadays disks may hide this in their interface, but on the physical media (I'm thinking of spinning rusty platters), we still have to obey the laws of physics. Changing the magnetisation of a single spot is on neigh-impossible without distorting the surrounding magnetic fields, so blocks have gaps between them to allow for this. Obviously things are different on SSDs. A different block concept also exists at the file system level for the purposes of allocation - disk space can be allocated in units of blocks. For file systems with a few big files, bigger block sizes are good - means fewer total blocks to keep track of and probably less fragmentation. For file systems with lots of little files, smaller block sizes will tend to waste less space. And then there is the massive grey area in between If you are using LVM, this also has extents which is the unit of allocation here. i have heard that people would want to use bigger block size if they are hosting or storing big files like videos, or other big size data. on the other hand people recommends to use small size when we have many small files. Yes - this is the block size concept for allocation. actually i know the science behind that if i create a bigger block size and file size is small it will create the same size file as block size which end up eating space when we have large database of small file. Usually, yes. It really depends on the filesystem you use. I believe it to be true for ext3, and (probably) also for ext4. But reiserfs, btrfs and others have some optimisations in this area, where small files are stored in the directory. But here we're talking about file system internals. so in context of above. my questions are. why to change the block size? and what are the basic reasons that make some one to think about that? Usually, there are two desires pulling in different directions: Performance and disk usage efficiency. And what is best for one use case may be unacceptable for a different use case. When we throw other concepts like resilience and backups into the mix, things get murkier still. did it really help in increasing the performance by changing the block size? can it effect the RAID (mdadm) or hardware RAID performance if we change the block size? Yes :-) what is the deference b/w block size and cylinder. ? http://en.wikipedia.org/wiki/Cylinder-head-sector why it is recommended that we should use same size of block in both VG and LV as the size of PV? This could possible be due to alignment -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141121124135.GD26871@hawking
Re: LVM: shrinking a logical volume (moving LVM logical volumes to new disks)
Hi
On Wed, Nov 19, 2014 at 12:24:27AM +0100, lee wrote:
Hi,
so far, I managed to pvmove a LV to my USB stick and from there to a
backup disk in another machine. Doing so, I found that I can split off
LVs from a volume group and that this inevitably creates a new VG. That
leaves you stuck because it's impossible to move a LV from one VG to
another, and it's also impossible to merge multiple VGs into one VG :(
How stupid is that??
Well - you can merge VGs. and You and split VGs. so you could:
- pvcreate /dev/${usbdevice}
- use pvmove to move your LV of choice onto the USB stick.
- use vgsplit to split /dev/${usbdevice} into its on VG
- Sneakernet the USB stick to a new box
- Use vgmerge to join the USB stick to the box's VG
- Use pvmove to move the LV onto a local disk
- Use vgsplit to make the USB its own VG again
- Sneakernet the USB stick back to the original box
- Rinse and repeat.
But that's a fair number of steps... You could also just:
- Create a file system on the USB device. and mount it.
- dd if=/dev/oldvg/vgname | gzip --best /media/usbstick/somefile.gz
- Unmount and sneakernet to the new box
etc.. I'm sure you get the idea. No need to make it more complicated
than absolutely necessary.
This means that I must move the remaining LVs from the server to the USB
stick all at once because otherwise I'd end up with a number of VGs,
each representing one LV, rather than a number of LVs within one VG.
Not quite...
[snipped lots of stuff that my tired braincells cannot cope with]
(Note to self: Do not partition LVs but create LVs for swap partitions
instead.)
Sounds like a sensible note. Unfortunately, if you use virtualisation,
you will often end up slicing off LVs to be presented to the virtual
machines as disks. And the VMs then partition them and/or create PVs
on them. Nested stuff galore.
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141119003752.GB25922@hawking
Re: Unable to start kvm virtual machines after re-install of testing
Hi On Tue, Nov 11, 2014 at 11:31:30AM +0200, Jarle Aase wrote: Hi, After a fresh reinstall of Debian testing today, I am unable to start my virtual machines. I lost the configuration during the reinstall, but have the disk images. I'm not sure if it is a bug or something wrong on my machine. The images worked on Debian testing after an upgrade two days ago). Trying to import any of the VM's with virt-manager, I get the the error below. Please advice it I should file a bug-report or steps to resolve the problem. From Virtual Machine Manager: Unable to complete install: 'internal error: Cannot find suitable CPU model for given data' Strange - does your VM require any special CPU settings? If so, they should be visible in the XML for the VM... If your VM is linux, then I see little reason for the VM to require certain CPU features - just going with the defaults would normally suffice, as Linux runs happily on the hypervisor host already... What is the relevant part of the output of virsh dump for the VM in question ? # cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 42 model name : Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz stepping: 7 microcode : 0x28 cpu MHz : 809.789 cache size : 6144 KB physical id : 0 siblings: 8 core id : 0 cpu cores : 4 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid bogomips: 4385.36 clflush size: 64 cache_alignment : 64 address sizes : 36 bits physical, 48 bits virtual power management: Not the greatest CPU for virtualisation, but I see no reason it should not work... I wonder: It sounds like the contents of /proc/cpuinfo changed between the two kernel versions... Is the contents the same if you boot the old kernel? The differences could be instructive... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141113093507.GA27667@hawking
Re: A Synaptic question
Hi On Wed, Nov 12, 2014 at 06:27:16AM -0300, Renaud OLGIATI wrote: In my recently installed Debian 7.7 in notice in Synaptic Settings = Repositories = Updates that I can choose to be notified of being notified of a new Ubuntu version. Ubuntu ? Sounds like a bug... And from perusing http://bugs.debian.org/synaptic it appears to be new I recommend that you report this bug - tools like reportbug should help you :-) -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141112101033.GB31362@hawking
Re: moving LVM logical volumes to new disks
Hi On Wed, Nov 12, 2014 at 10:09:43PM +0100, lee wrote: Hi, what's the best way to move existing logical volumes or a whole volume group to new disks? The target disks cannot be installed at the same time as the source disks. I will have to make some sort of copy over the network to another machine, remove the old disks, install the new disks and put the copy in place. Having to do this over the network makes it slightly complicated But not impossible. Using dd doesn't seem to be a good option because extend sizes in the old VG can be different from the extend sizes used in the new VG. The LVs contain VMs. The VMs can be shut down during the migration. It's not possible to make snapshots because the VG is full. Ok. New disks will be 6x1TB RAID-5, old ones are 2x74GB RAID-1 on a ServeRaid 8k. No more than 6 discs can be installed at the same time. Assuming that: * both machines can be online at the same time * there is a good network connection between them. The fatter the pipe the better * both run Debian. Obviously * The VMs are happy to (eventually) migrate to the new hardware box Then there is a sneaky way, which can help minimize the downtime: LVM and network block devices (or iSCSI. Either can work). Chunky, slightly hacky, but worth considering. The basic idea is: * On the receiving machine, prepare the disks. Export the *whole* disks (or rather: the RAID device(s)) using nbd, xnbd or iSCSI. * On the sending machine: attach the disks over the network, using nbd client, xndb client or iSCSI. * On the sending machine: 'pvcreate' the disks, and 'vgextend' them into your volume group. So you end up with a volume group that spans *both* machines. Some of the PVs will be accessed over the network, but LVM doesn't care. Obviously, the I/O characteristics of the remote disks will be a lot worse. * Avoid running any LVM commands on the receiving machine just yet - if you did, it would see a partial volume group and probably complain like mad. It may even update the metadata on the PVs it *can* see to say that the other PVs are unavailable, which is tricky to fix. * On the sending machine, use 'pvmove' to move each LV to the new disks of your choice. This will send them over the network. This doesn't *require* any downtime on the VMs, but be prepared for slow I/O on them, as they will now (increasingly) be accessing stuff over the network. * Once all your LVs have been moved, shut down the VMs on the sending machine and quiesce everything. You want to 'deactivate' the LVs with: lvchange -an vgname/lvname This will (amongst other things) remove the entries in /dev for the LVs, and make them unavailable. * On the sending machine, use 'vgsplit' to split the volume group into two volume groups. The remote disks should be moved into a new volume group. * On the sending machine: sync;sync;sync. Just for paranoia's sake. Paranoia is good, and not a vice. * On the receiving machine, run 'pvscan', 'vgscan' and similar: This should now see a complete VG. * shut down the nbd client/xnbd client/iscsi client on the sending machine. You don't want the two machines accessing the same disks. Therein lies madness. * Activate the LVs on the receiving machine (lvchange -ay), copy the VM definitions across (exactly how depends on your virtualisation) * Start up the VMs. Pray that they have network etc as before. * Profit. I'm sure that there are (hopefully minor) details here that I've forgotten (backups?), but it should give you the general idea. Bottom line: Accessing disks over the network is perfectly possible, if you are willing to live with the added latency. Not a good idea for database servers or other IO intensive VMs. It may be a better alternative than extended downtime. As an administrator, you get to make that trade-off. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141112225744.GA9128@hawking
Re: exim4 panic log issue
Hi On Mon, Nov 10, 2014 at 09:42:03AM -0600, John Foster wrote: exim paniclog /var/log/exim4/paniclog on mail.myserver.net has non-zero size, mail system might be broken. the error above is popping up. I did the removal of the log file as suggested in several solutions that I found. However I see that they are all related to an issue with the kernel and IPV6 handling. What is the proper way to solve this permanrently whilst leaving IPV6 functional. Thanks! What is the actual error reported in /var/log/exim4/paniclog ? -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141110154841.GA27900@hawking
Re: alsa-utils save / restore not working http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768665
Hi On Sun, Nov 09, 2014 at 06:12:32PM +1030, Arthur Marsh wrote: Pardon me, but I'm a bit frustrated on how to debug http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768665 does /var/run get saved across reboots? I would not expect so. http://www.pathname.com/fhs/2.2/fhs-5.13.html Where are the state of the sound card(s) saved / restored? I don't use alsa-utils, but based on my understanding of the FHS, I'd expect somewhere under /var/lib/alsa-utils. But from reading the bug report, I'm led to believe it is /var/lib/alsa/asound.state Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141109093452.GA20873@hawking
Re: network card bridging failing on wheezy
Hi On Sat, Nov 08, 2014 at 05:57:41PM -0500, Gary Dale wrote: For some reason my network card bridging has failed after working properly for many years. My /etc/network/interfaces is: auto lo iface lo inet loopback iface eth0 inet manual auto br0 iface br0 inet static address 192.168.1.14 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.1 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 From a fresh boot, I get nothing running. If I bring up br0 (ifconfig br0 up), it comes up with 192.168.122.1 whether I do it with eth0 up or down. Bringing up eth0 seems to produce the correct results - a network interface with no IP, same as it always did. Bringing up br0 with the 192.168.1.14 address leaves me with a machine that can't connect or be connected to. However, if I drop br0 and bring up eth0 with the address, things work, apart from the lack of a gateway. I can manually add a default gateway to the route. While this works, running the route command takes a long time to come back with the results. However my computer now connects and can be connected to. Hm.. I don't see auto eth0 anywhere -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141109100954.GB20873@hawking
Re: Re: umask has no man page?
Hi On Mon, Nov 03, 2014 at 01:56:36PM +1100, Alexis wrote: Iain M Conochie writes: However: $: which umask $: So umask is _not_ a program (in the sense that there is no binary called umask on the system) zsh, however, is more helpful: $ which umask umask: shell built-in command Well, it *appears* that zsh is more helpful. But only because the which command itself is a built-in for zsh :-) (it isn't for bash) So you have the opposite problem: man which gives you the wrong manual page :-) (but presumably very similar) -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141103092351.GA13473@hawking
Re: Preventing the computer from shutting down.
Hi On Thu, Oct 30, 2014 at 11:07:27PM -0700, Don Armstrong wrote: On Thu, 30 Oct 2014, Joey Hess wrote: Don Armstrong wrote: systemd-inhibit --who='backup script' --why='backup is running currently' \ --mode=block yourbackupscript; This doesn't currently prevent either /sbin/shutdown or eg, the lightdm menu item from shutting the system down. It does inhibit systemctl reboot/halt. Huh. That seems kind of unfortunate (and weird, because /sbin/shutdown is symlinked to systemctl here; I would have expected /sbin/shutdown to be a special case of systemctl halt.) molly-guard doesn't really mess with /sbin/shutdown and family. Instead it implements, e.g. /usr/sbin/shutdown. Since /usr/sbin precedes /sbin in $PATH this allows them to be overridden. A bit clumsy, I agree, but sufficient to prevent administrator mistakes. Personally, I would have preferred molly-guard to use dpkg-divert, but it works as it is. This is probably at least a documentation bug, and possibly a real bug. In the case of molly-guard, I belive that is up for debate. It only intentds to be a safety net, not a security feature. After all, attempting to protect a system against the root user is nonsensical. Regards -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141031082118.GA22377@hawking
Re: WLAN router doesn't provide fix IP addresses
Hi
On Fri, Oct 31, 2014 at 09:28:33AM +0100, B. M. wrote:
Hi list,
I have a problem with my (w)lan setup. We use telephone and
internet over the cable network and the company gives us a wlan
modem for free. Unfortunately this modem doesn't allow me to specify
fix IPs in the internal network for all of our machines.
Well - even if it doesn't, surely it allows you to specify which
*range* of IP addresses should be used for DHCP?
There is nothing wrong with configuring a server with a fixed IP
address (=not use DHCP client), as long as you use the correct
network, netmask and default gateway.
Nevertheless I setup an owncloud server on one machine (which is
somehow our server but not always running), including SSL
encryption with a self-signed certificate for its IP address. That
worked well for a couple of months because the IP addresses didn't
change (although they were not fixed).
Oh. certificates for IP addresses is a new one on me :-)
Now due to a technical problem our modem got replaced all of the IP
addresses changed. (I did expect that for sometime in the
future... but not so early...)
Since it's impossible to manually define the IP addresses, I've a
problem. Of course I could create a new certificate, put it on all
other machines and adjust all settings (owncloud server address...);
but that's quite an hassle.
Do the machines use avahi (or mdns? I'm actually not sure of the name,
but having libnss-mdns installed and mdns4 mentioned in
/etc/nsswitch.conf would indicate so).
If so, you should be able to use ${hostname}.local instead of an IP
address, and the multicast DNS resolution would sort things out.
So I wanted to ask if there are other possibilities? I can define
one or two DNS server in the modem's config. Would it work to setup
my main machine (which is not always running) as an internal DNS
server and use the hostnames instead of the IP addresses?
That is also a possibility. But if it is only for facilitating a
single server, then it's overkill. And it adds a single point of
failure too: you would not be able to resolve IP addresses while the
machine is down.
If you already own/run a domain, you can also add a A record in the
DNS for this to point to it - e.g. owncloud.example.com IN A
192.168.0.45.
Using an entry in /etc/hosts is also an option.
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20141031084541.GB22377@hawking
Re: LVM on two disks - spin down?
Hi On Thu, Oct 30, 2014 at 08:15:47PM +0100, b-m...@gmx.ch wrote: Hi all, If I have a LVM which uses two partitions on two different disks and at least one of its subvolumes is always in use, can the second disk spin down? Depends on where that subvolume is mapped to. It will probably be instructive if you run e.g.: # pvdisplay --maps /dev/sda1 which will give the answer to Which LVs occupy chunks of /dev/sda1?. Or # lvdisplay --maps /dev/vgname/lvname which will give the answer to Where is vgname/lvname actually stored? (alternatively, run vgcfgbackup vgname and peruse /etc/lvm/backup/vgname) An example showing what I mean: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |/dev/sda1 ||/dev/sdb1 | |_ _ _ _ _ _ _ _||_ _ _ _ _ _ _ _| lvmGrp = /dev/sda1 + /dev/sdb1 _ _ _ _ _ _ _ _ _ _ _ _ _ |lvm1 | |lvm2 ||lvm3 | |_ _ _ _| |_ _ _||_ _ _ _ _ _| So since sdb is new, if I add lvm3 it will be on sdb1 and not sda1, correct?; Assuming that /dev/sda1 is full, yes. Even so, you can force the issue when creating the LV. Or by moving it afterwards. if I don't mount lvm3 automatically, can sdb spin down although lvm1 and lvm2 are used? I haven't actually tried that, but I believe so. As long as none of the LVs which reside (even partially) on /dev/sdb1 are in use, yes. Note that most LVM operations (lvcreate, pvdisplay etc) will wake up *all* of the PVs. The reason for this setup is the possibility to extend e.g. lvm2 later with space on sdb1 if it is really required without any re-formatting. (Of course I will loose the spin down then, but for the time being I'd take care of my new disk.) Remember that you can move portions of LVs around to suit you if you like (without downtime) - courtesy of the (somewhat misnamed) pvmove command. So even if you start off with the wrong layout, it's relatively easy to fix. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141030223059.GA24198@hawking
Re: Preventing the computer from shutting down.
Hi On Thu, Oct 30, 2014 at 02:02:49PM -0600, Mario Castelán Castro wrote: Thanks you Doug, Don and Laurent. Is there a less hacky way to do this using the default init system in wheezy? I think that you can get *some* of the way by installing the molly-guard package. Although molly-guard is primarily aimed towards preventing system administrators from blowing their feet off, it does allow the system adminstrator to add in scripts in /etc/molly-guard/run.d which can prevent shutdown or poweroff from working. It's a safety net - not a guarantee. And it is reasonably simple to bypass by a half-competent admin. I doubt this affects the LXDE power off button though. (I do not use LXDE). Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141030224748.GB24198@hawking
Re: debian-installer grub install problem
Hi On Sun, Oct 26, 2014 at 09:06:26PM -0700, Ric Marques wrote: I need to install wheezy via pxe boot to many (hundreds) of systems. The problem I am currently running into in my testing is that my boot drive is enumerated by udev as /dev/sdat in many of those systems, and the grub-install routine inside debian-installer will not install to that device... I already have worked out how to select the proper device with a script in preseed. FAI apepars to have no problem with such things - perhaps the code for FAI (mostly just scripts) can be used as inspiration? Is there a way to manipulate udev rules so that I can force my boot drive to always enumerate as sda, or is there a way to get grub-install to work with more than the first 16 devices (that is where I found it to stop working /dev/sdp). Alternatively, if all of your systems have identical(ish) hardware, you may be able to use /dev/disk/by-path/X instead? Any suggestions, besides the painfully obvious (and nearly impossible) removal of the extra 45 drives in each of the systems? Personally, I find it much easier to install using FAI than basic pre-seeding - FAI is much more customizable, and allows you to set up the resulting system exactly as you want (e.g. including kicking off puppet, cfgengine and similar), without needing any manual intervention. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141027094917.GA9371@hawking
Running awesome with Gnome - want gnome-panel too!
Hi I have been using awesome as my window manager of choice for about a year now - it's great, and has increased my productivity (or at least: stopped the annoying routine of move-resize windows constantly). But now I desire to use the gnome3 panel too - and the thing won't start at login!? I log into a (customised) gnome session, and have thus done I have awesome configured in my gnome session and thus did this in the past to set things up: gconftool-2 --type bool --set /apps/nautilus/preferences/show_desktop False gconftool-2 --type string --set /desktop/gnome/session/required_components/windowmanager awesome which works fine. I also have (in gconf): /desktop/gnome/session/required_components/panel set to gnome-panel and yet there is no sign of the panel starting at login time. Not even complaints in ~/.xsession-errors ... I also tried copying /usr/share/applications/gnome-panel.desktop to ~/.config/autostart - still no luck... Other apps from ~/.config/autostart get started OK Annoyingly enough, if I run gnome-panel from within awesome, it starts up OK and things look OK !? But I want it to start automagically!! Any ideas on how I can diagnose this and/or narrow it down? FWIIW I'm running an up-to-date wheezy install - gnome-panel version 3.4.2.1-4 ... Any help would be appreciated... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141022095028.GA27257@hawking
Re: lvm: creating a snapshot
Hi On Fri, Oct 03, 2014 at 08:43:06PM +0200, lee wrote: Hi, how can I create a LVM snapshot of a VM? root@heimdall:~# lvcreate -L 4G -s /dev/mapper/vg_guests-lv_jarl -n lv_snap_jarl /dev/mapper/vg_mydata Physical Volume /dev/mapper/vg_mydata not found in Volume Group vg_guests root@heimdall:~# There is no free space in 'vg_guests'. The only free space is in 'vg_mydata'. That's a problem. Snapshots must be in the same volume group - they are essentially copy-on-write (sort-of). Can I create a snapshot over the network on disks an another machine? No Can I extend 'vg_guests', using the free space of 'vg_mydata'? Not directly. But you *can* merge the two volume groups - but that requires all of the logical volumes in the old volume group are inactive (i.e. unmounted and closed): E.g. to merge oldvg and newvg and end up with a new (larger) newvg: lvchange -an oldvg vgmerge newvg oldvg Or would I have to shrink 'vg_mydata' to have free space to be able to extend 'vg_guests' to be able to create a snapshot? This is probably possible - depends on whether you can completely free up a PV. Note that a PV (physical volume) can only belong to *one* volume group. So if you can shave off a PV from one volume group, then you can attach it to a different volume group instead. You can also resize PVs, but since this usually requires messing with partition tables and such things may require a reboot, this may not be suitable for your situation. I want to back up the VM without shutting it down. If it can't avoided, I could shut it down to take the backup. In that case, how would I copy the volume to get a useful backup file? I think I wish I had used btrfs ... btrfs is good - if you are working with files. When working with block devices, LVM rules. But... if you had set things up the analogous way with btrfs, you would still have the same problem, and you would be asking Can I snapshot from one BTRFS file system into another BTRFS file system? It sounds you have a strange concept of volume groups here though: one set of PVs for data and another set for guests ? Once you segregate things like that, then you have to live with them being separate. The volume group concept is for grouping the *disks*, so you can treat a group of disks with similar properties as a interchangeable. So it makes more sense to have volume groups for e.g. 15krpm and SSD. Or you can just have one big volume group, which makes disk upgrades seamless. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141003212402.GB27564@hawking
Re: cron in UTC?
Hi On Thu, Oct 02, 2014 at 09:20:26PM +0100, Jonathan Dowland wrote: On Thu, Oct 02, 2014 at 02:16:06PM -0400, Steve Litt wrote: Thanks Jonathan. I use Docker from time to time, but never knew about LXC. If I use LXC experimentally, what's a good, simple, proof of concept use case? Doesn't docker use LXC internally ? Well it isn't doing anything useful but I created a generic linux guest using lxc-create and had a guest in a matter of a minute or so, SUITE=jessie lxc-create -n guest2 -t debian -B lvm --vgname qusp_vg Another minute to do bridge configuration in the host and set up networking. I haven't used it for much but it starts up and shuts down very rapidly. There's a general impression of speed vs. real VMs. Agreed. Just like the good olde linux-vserver. You don't have the overhead of multiple kernels running - just user-space processes. At work, we do high-density VM hosting for practicals (every UG student gets a VM on some modules). We've used KVM for the last few years but I'd like to try LXC if possible this year, to see if we can get better host utilisation (we usually avoid putting more than 100 VMs on each host machine). For this use case, I'd expect LXC to excel, although I'm not sure how migration of VMs between hardware hosts work. In my experience, combining LXC with btrfs (i.e. put /var/lib/lxc on a btrfs file system) makes things *very* quick - creating a new VM is (literally) a few seconds: # lxc-clone -o template -n newbox # lxc-start -n newbox -d Using DHCP combined with dynamic DNS helps too. Once bored: # lxc-stop -n newbox ; lxc-destroy -n newbox I would find it useful to have a sid container (or containers) knocking around for building debian packages rather than either run sid on my real machine or use pbuilder, schroot etc. - which work, but are rather hacky. Also very useful for testing deployments... I'm also considering using an lxc container to run a cupsd with some nasty samsung drivers, to keep that stuff out of my main system. If I consider running the dropbox client on my backup system (to backup my wife's dropbox) I would want to isolate that too. Here you hit upon a very central concept: I find that most people who talk about the benefits of virtualisation, really are talking about the benefits of *isolation*. And isoation of apps does not require the full overhead of a new root file system, new kernel etc. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141002204518.GA25081@hawking
Re: Racoon
Hi
On Mon, Sep 29, 2014 at 08:30:31PM +0300, Gokan Atmaca wrote:
Hello
I want to make using racoon IPSEC connection. My configuration is as
follows. B site RouterOS (Mikrotik) are available. A kind of
connection can not be established.
What do you get in the logs?
For a connection (by which I assume you mean an established tunnel)
to be established, racoon needs to the the handshakes with the other
side - if these fail, there should be traces of it in the
logs.
Usually, there will be logging even if it is successfull. Racoon
should log via syslog, hence (depending on your syslog configuration)
/var/log/daemon.log would be the place to look.
Note: IP addresses are shown as examples.
WAN sites: 1.1.1.1
LAN sites: 2.2.2.2
B's: 3.3.3.3
B's: 4.4.4.4
- A site config;
pre_shared_key path /etc/racoon/psk.txt;
path certificate / etc / racoon / certs;
This looks like a bad copy/paste?? You have spaces in it? Really??
remote 3.3.3.3 {
exchange_mo in the main;
This does not look like valid syntax. More bad copy/paste? Looks like
it was an attempt at exchange_mode ...
initial_contact one;
proposal_check obey;
proposal {
encryption_algorithm 3DES;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
You may want to avoid 3DES...
Sainfoin any address 2.2.2.2/24 4.4.4.4/24 address any {
Sainfoin .. hm...
Which version of racoon is this?
lifetime time 24 hour;
encryption_algorithm 3DES;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
pfs_group modp1024;
}
I'd recommend looking in the logs to start with, and getting rid of
the syntax errors in the config before going further...
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140929183443.GA17498@hawking
Re: Let's have a vote!
On Sun, Sep 28, 2014 at 11:50:45PM +1300, Chris Bannister wrote: On Sat, Sep 27, 2014 at 09:49:10PM -0400, Steve Litt wrote: On Sat, 27 Sep 2014 18:32:38 -0400 Ric Moore wayward4...@gmail.com wrote: On 09/27/2014 02:49 PM, lee wrote: Just ask yourself: Why would someone choose to download an ISO for Debian? For me, it's the safest way to install/upgrade. I have had too many problems with interrupted live major migration to the next release level via an upgrade, or a live network total install. Owell, I'm not huge fan of cloud based services either. :) Ric Yes. I'm a huge believer in wiping and reinstalling major versions. It's like spring cleaning, and I eliminate ghosts of operating systems past. And then there's the rest of us who run Debian precisely because you don't have to reinstall. It's great because you only ever need to install once. +1 On my main workhorse machine [1], I have only ever installed debian from scratch twice. Initially it was debian potato, which was upgrade eventually to squeeze. And at some point in the squeeze days it was re-installed to migrate from 32 to 64 bit. And now wheezy. No serious problems. The install has survived changing motherboards, disks, houses, video cards, cpu failures, and living in 3 different laptops. It is great to have a linux distribution you can trust to just work. I find the quality of the packaging to be a an important factor in the reliability of the distribution: upgrades generally work without a hitch. The few times they'd broken on me turned out to be me doing things I shouldn't have been doing to start with. In the old days, when moving the disk to different hardware, xorg.conf changes may have been needed, but that was about it. No re-licensing or having-to-convince-the-software-i'm-not-a-pirate. The trick to this appears to have several key elements: * choice of distribution. Debian, Obviously. Rock stable. May not be the newest, but the most reliable. * not doing crazy things, like running backports or testing/unstable [2], and no grabbing *.debs from weird places. * Backups. So in conclusion: A big thank you to the Debian Developers. The stability of the distribution is a direct result of their work. [1] Yes, I run a fair number of virtual machines which are always re-built from scratch. Gotta test deployment scripts somewhere. [2] I have no reservations about running testing/unstable inside a virtual machine. Those can be thrown away and re-built with a few keystrokes. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140928111449.GA32280@hawking
Re: DNS Resolution and Short Names with Dots
Hi On Tue, Sep 23, 2014 at 05:46:29PM -0400, Mark Kamichoff wrote: Hi - I've been running into somewhat inconsistent behavior with DNS short name resolution in Debian across a few systems. Here's the behavior that I've occasionally relied on over the years: % cat /etc/resolv.conf search example.com nameserver 192.0.2.10 % host foo.bar.baz.example.com. foo.bar.baz.example.com has address 192.0.2.1 foo.bar.baz.example.com has IPv6 address 2001:db8::1 % host foo.bar.baz foo.bar.baz.example.com has address 192.0.2.1 foo.bar.baz.example.com has IPv6 address 2001:db8::1 Basically, I expect the search suffix to always be appended to the label unless a trailing . (ie, fully-qualified) is the last character. I don't know if it was a glibc upgrade or something else but on a few of my Debian systems (combination of i386 and x86_64) I now cannot resolve any short names that have a dot in them. So, the above example now returns: % cat /etc/resolv.conf search example.com nameserver 192.0.2.10 % host foo.bar.baz.example.com. foo.bar.baz.example.com has address 192.0.2.1 foo.bar.baz.example.com has IPv6 address 2001:db8::1 % host foo.bar.baz Host foo.bar.baz not found: 3(NXDOMAIN) However, something this will still succeed: % host www www.example.com has address 192.0.2.2 www.example.com has IPv6 address 2001:db8::2 So... it looks like the number of dots in the query matter Perhaps one of the recent libc upgrades have changed the default for 'ndots' ? If so, according to a quick scan of the resolv.conf(5) manual page you should be able add this to /etc/resolv.conf to get your old behaviour back: options ndots:3 Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140924075551.GB14490@hawking
Re: Problem with SSH host keys
On Tue, Sep 23, 2014 at 03:59:56PM -0700, Don Armstrong wrote: On Tue, 23 Sep 2014, Keith Lawson wrote: On Tue, Sep 23, 2014 at 01:26:36PM -0700, Don Armstrong wrote: Do you all of the ip addresses and hostnames listed for those keys in known_hosts? These are all servers I've been connecting to for years so I should have their IP and host keys. Because the entries in known_hosts are hashed by default, it's not trivial to determine this. If you've changed DNS resolution slightly, or if they now reverse to different names, or you now can connect via IPv6, or the IP addresses have changed, you will see this warning. This is one of the reasons why I (and Debian itself) don't use hashed known hosts for machines. Another good reason not to hash the known_hosts file: bash command completion - after ssh or scp the bash command completion will use ~/.ssh/known_hosts to suggest/complete hosts. Brilliant stuff. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140924074126.GA14490@hawking
Re: excessive CPU usage
Hi On Sun, Sep 21, 2014 at 11:54:01AM -0700, Gary Roach wrote: Hi all For the last few months I have been plagued by very slow response from my system. As an example, it takes 2 1/2 minutes to drag and drop 80 files from my email inbox to the trash bin in icedove. It has taken as high as 5 minutes for iceweasel to load. This problem is not just these packages but also applies to all of the rest of my programs. I am using Debian Wheezy with a i5750 4 core processor on a fast Intel board. I run a kde desktop. All the software is up to date. I have checked all of the log files and can't find any anomalies. Rebooting doesn't help. Using the KDE System Monitor (ksysguard) I have noticed that at least one of the processors goes to 100% and stays there for long periods even though there is no noticeable activity in the process tables. The only other thing I have noticed (the printing just hung up while I am writing this) is that the hard drive indicator comes on and stays on during the processor activity. I ran some checks on the hard drive but found no indication of any hard drive problems. First step is probably to collect more data to find out whether the bottleneck is cpu, memory, io or network (although we can probably eliminate network here). Try running e.g. vmstat 10 (its in the procps package which you probably have installed anyway) - this will emit a line every 10 seconds with interesting system information. (As a rule of thumb: ignore the first sample). Analyzing this can be a bit of a dark art - it requires a decent understanding of how the kernel works, but not too bad. Lots of people on this list should be able to help if they have that output. It's also worth having a glance in /var/log/kern.log (usually where syslog puts the kernel messages) for anything amiss: Misbehaving hardware can really mess things up. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140921194434.GA21232@hawking
Re: No localhost - I'm stumped
Hi On Tue, Aug 26, 2014 at 03:50:25PM -0400, John wrote: On 25/08/14, Reco (recovery...@gmail.com) wrote: Date: Mon, 25 Aug 2014 22:13:41 +0400 From: Reco recovery...@gmail.com To: debian-user@lists.debian.org Subject: Re: No localhost - I'm stumped X-Spam-Status: No, score=-11.2 required=4.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VERIFIED,FREEMAIL_FROM,LDOSUBSCRIBER,LDO_WHITELIST, T_TO_NO_BRKTS_FREEMAIL autolearn=unavailable version=3.3.2 Hi. On Mon, 25 Aug 2014 12:09:59 -0400 John johnrchamp...@wowway.com wrote: ... But alas, nothing from it solved my problem. ... Probably won't do you any good, since you have a basic kernel facility (ip routing) in a broken state. Can you please post the output of (run it all as root): I've separated the various items with -- to make them easier to find. 1) iptables-save iptables-save # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014 *mangle :PREROUTING ACCEPT [19424:11674255] :INPUT ACCEPT [18400:11319703] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [17345:4202761] :POSTROUTING ACCEPT [17393:4208427] COMMIT # Completed on Tue Aug 26 15:41:11 2014 # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014 *nat :PREROUTING ACCEPT [1166:401489] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [2108:130276] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -j MASQUERADE COMMIT # Completed on Tue Aug 26 15:41:11 2014 # Generated by iptables-save v1.4.21 on Tue Aug 26 15:41:11 2014 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [17315:4187744] -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT -A INPUT -m state --state INVALID,NEW -j DROP -A FORWARD -j REJECT --reject-with icmp-port-unreachable COMMIT iptables look OK to me - although I find it cleaner to have: -A INPUT -i lo -j ACCEPT but I guess it doesn't make any difference. 2) strace ping -c2 localhost snipped output - it looks OK to my cursory glances.. 4) sysctl --system sysctl --system * Applying /etc/sysctl.d/99-sysctl.conf ... net.ipv4.icmp_echo_ignore_all = 0 net.ipv4.icmp_echo_ignore_broadcasts = 0 These caught my eye: Ignore all ICMP ? That would stop ping (a.k.a. ICMP echo) from working, wouldn't it? -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140826221205.GA18500@hawking
Re: dropbox install break apt-get
Hi On Sat, Aug 23, 2014 at 09:53:58PM -0700, tom arnall wrote: I tried to install dropbox and the result is that apt-get is broken. (I do not by the way want dropbox on my system and want to purge it completely.) Here is the output which demonstrates the current state of the system: --- root@debian:/home/tom# apt-get purge dropbox E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem. root@debian:/home/tom# dpkg --configure -a Setting up nautilus-dropbox (1.4.0-3) ... Dropbox is the easiest way to share and store your files online. Want to learn more? Head to http://www.dropbox.com/ Downloading Dropbox... 100% --- With Downloading Dropbox... 100% the system hangs until I do a ctl-c. I believe that dpkg (which is used by apt anyway) is running the config (or post-inst) script of the package. Do you get the same result out of running (as root): /var/lib/dpkg/info/dropbox.config or /var/lib/dpkg/info/dropbox.postinst configure ? I guess if you just want top purge dropbox, then adding an exit 0 at a strategic place in the script would be sufficient to stop it from breaking dpkg and apt. i find btw reports of this problem going back to 2012. why is debian allowing the thing in the repository? It does?? At the very least, I hope it is relegated to non-free ... If you can reproduce it, I recommend that you raise a bug on it. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140824090758.GA8651@hawking
Re: writing to /dev/stdout fails in cron script
Hi
On Fri, Aug 22, 2014 at 11:23:37AM +0200, Tony van der Hoff wrote:
Hi,
Running up-to-date Wheezy.
I have a script, simplified like this:
-
#!/bin/bash
DEBUG=1
OUT=/dev/null
if [ $DEBUG -ne 0 ]; then
OUT=/dev/stdout
fi
echo hello $OUT
-
This works fine when invoked from the command line, but when called as a
cron task, same user, it fails with
/home/tony/scripts/test: line 10: /dev/stdout: Permission denied
Any suggestions on how to fix this, please?
Short version: Don't do it. At least not this way.
I suspect that the crontab entry is your own - or alternatively an
/etc/cron.d/* file which specifies a non-root user - is that correct?
If so, the error message makes sense - you have to take into account
how cron works: cron will create an empty temporary file to capture
the stdout/stderr or whatever it runs (because it will be emailed to
you). And stderr/stdout will be redirected to this file *before* it
drops its privileges. So this temporary file will be owned by root.
And the permissions on the file ensure it is only writeable by root
(and probably only readable by root, as somebody might expect the
output to be private).
So when your script starts, its stdout has already been opened for
it. Remember that file permissions are only checked at the time the
file is opened - not subsequently.
But when you come along and do a :
echo SomeDebug /dev/stdout
that has to open the file again. Which then fails, because your script
is not root, and the file is only writeable by root.
Try this as an experiment to illustrate the point. Imagine this shell script:
#!/bin/sh
# contents of /tmp/somescript
echo normal echo
echo bad echo /tmp/somefile
echo final echo
and then (as root! - I assume you have sudo installed):
# umask 077
# rm /tmp/somefile
# sudo -u SomeNonRootUser sh /tmp/somescript /tmp/somefile
and you'll end up with:
/tmp/somescript: 4: /tmp/somescript: cannot create /tmp/somefile: Permission
denied
But the file will contain:
# cat /tmp/somefile
normal echo
final echo
In your case, he solution for switching debugging on/off is probably
changing the way you do things: Instead of writing to /dev/null when
debugging is off, simply do not perform debugging if it is off!
(writing to /dev/null is a waste of resources anyway)
A little shell function like this will do the trick:
debug()
{
if [ $DEBUG -ne 0 ]; then
echo $@
fi
}
so you script can use debug the same way it uses echo.
Hope this helps.
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140822205336.GA6480@hawking
Re: Where to put start-up and shutdown code from `man 4 random`?
Hi On Fri, Jul 11, 2014 at 06:41:49AM -0400, Kynn Jones wrote: The documentation in `man 4 random` (**Configuration** section) gives a couple of shell-script snippets that it recommends should be added, respectively, to an appropriate script which is run during the Linux start-up sequence and to an appropriate script which is run during the Linux system shutdown. (It is silent on what those appropriate scripts should be.) What should these scripts be for a Debian system? I believe that the initscripts package (which you almost certainly have got installed already) handles this already - if you cast your eyes over /etc/init.d/urandom you should see similar code. Are there standard scripts in which to put such start-up and shutdown code? Or is one supposed to put those snippets in standalone scripts in special designated directories (which will ensure that they will be run at the startup or shutdown)? Or something else altogether? (In case it matters, I'm using wheezy.) For wheezy[1], the normal place for startup/shutdown is in /etc/init.d/ - symlinks will be created from /etc/rcX.d/ as appropriate for each runlevel (X is a run level in this context). For simple hacks by the system admin, tweaking /etc/rc.local is also acceptable - packages are not allowed to interfere with that. There is a plethora of information available about this - https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit may be a good starting point. [1] Let's not get into the whole systemd saga here Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140711105605.GG1336@hawking
Re: building .debs with +b1 on the end
Hi On Mon, Jul 07, 2014 at 01:37:17AM -0400, Brian Sammon wrote: I want to re-build a package for personal use, and have a special version number for my custom build. Since I'm not planning on customizing the source or the debian control files, I think the ideal choice is to build a binary package with a suffix like +b1 or +local on the end. If you make no changes to the source, nor the debian control files, shouldn't you end up with the same package? Or perhaps, you want to backport a package? Or compile for some esoteric architecture? If so, there should be no need to change the version number - this would introduce unnecessary confusion... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140707084715.GA7545@hawking
Re: bridges with multiple static IPs or DHPC - how to configure?
Hi On Wed, Jun 04, 2014 at 08:00:49PM +0200, Steffen Dettmer wrote: Hi, how to configure a bridge with multiple static IPs and/or DHPC via /etc/network/interfaces? I tried many combinations, but I didn't find any working one. Of course everything works as expected when configuring manually with ip, brctl etc. Any working example would be great! The rest of the mail discusses what I tried so far. Yes, I read man bridge-utils-interfaces(5), but it has simple examples only (single static IP or no IP). The man page tells, interfaces used as bridge_ports are the interfaces that are part of the bridge, and they shouldn't have any stanzas defining them on the interfaces file -- man bridge-utils-interfaces(5) but this is wrong. There must be a stanza like auto eth3.14 iface eth3.14 inet manual Hm... this is VLAN 14 on eth3 otherwise no bridge can use it any only gives an error message like interface eth3.14 does not exist!. Hm. have you got the vlan package installed? But anyway: When you bridge interfaces together, the IP addresses should be assigned to the *bridge*, not the interfaces that join the bridge. At least that's what I've been told. For an ordinary ethernet interface, the following works: auto eth3.10 iface eth3.10 inet static address 10.72.9.17 netmask 255.255.255.248 iface eth3.10 inet static address 10.72.9.25 netmask 255.255.255.248 For bridges, it is not clear how to use multiple stanzas for multiple IPs; it seems, the options to create the bridge and to add IPs to it are somehow mixed. Hm.. it doesn't complain about having multiple stanzas with the name iface !? (I'm surprised here, so I may well learn something) There are options like bridge_ports. They have to be in each iface br0 stanza? (Experiments show that bridge_ports are accumulated (probably simply because each stanza brctl addif each, in total producing the desired result), but other options such as bridge_maxwait are not.) Good. The same approach as for Ethernet does not work for Bridges: iface br1 inet static address 10.1.1.1 netmask 255.255.255.248 bridge_ports eth3.10 bridge_maxwait 0 iface br1 inet static address 10.1.1.9 netmask 255.255.255.248 bridge_ports eth3.11 bridge_ports eth3.12 bridge_maxwait 0 This adds all interfaces to br1, but only the IP address from the last block. And you're bridging VLANs 10,11 and 12. Very unusual. If the VLANs should be bridged, this is usually done on the switch... It is similar when it comes to DHCP. Using a DHCP address on a bridge interface is .. unusual. But I guess there must be use cases where it is valid. E.g. a laptop which runs virtual machines (which are connected to the bridge), because the virtual machines need to be in the same network? I almost do this, but I decided to let the bridge interface be unattached - i.e. the laptop *routes* traffic from the virtual machines to the outside world via normal routing (and NAT where appropriate). This way, the virtual machines don't need to know about me moving from one LAN to another. I'd suggest something like this: # ---8-- cut here ---8--- auto br0 iface br0 inet dhcp bridge-ports eth3 post-up ip address add 10.1.1.1/24 dev br0 post-up ip address add 10.1.1.9/24 dev br0 # ---8-- cut here ---8--- or alternatively: # ---8-- cut here ---8--- auto br0: iface br0 inet dhcp bridge-ports eth3 auto br0:1 iface br0:1 address 10.1.1.1 netmask 255.255.255.0 auto br0:2 iface br0:2 address 10.1.1.9 netmask 255.255.255.0 # ---8-- cut here ---8--- which should give the bridge 3 IP addresses: One assigned by DHCP as well as 10.1.1.1 and 10.1.1.9. I assume you only want ONE IP address from DHCP :-) If you want more than that, we're really wandering into unknown territory. In general, I suspect that you are confusing VLANs with IP aliasing: - VLANs is a way of creating multiple (virtual and independent) networks on the same underlying network. This is accomplished by VLAN tagging - there are 10 bits reserved in the IP headers for this, allowing up to 4096 VLANs). Linux represents each VLAN on the hardware interface as a separate network device using the dot-notation, e.g. eth0.1, eth0.2 etc. Other notations are possible, but us poor puny humans are easily confused. - IP Aliasing is a way of allowing a device to have multiple IP addresses on the same VLAN. This is usually done via the colon notation - e.g. eth0:1, eth0:2 etc. VLANs usually do not apply in a residential setting. But if you're a geek (and your switch supports it), feel free to play away on it. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140604202558
Re: High %wa, irregular blocking
Hi On Wed, Jun 04, 2014 at 08:49:44AM +0200, b-m...@gmx.ch wrote: Hi, Some weeks ago I installed Testing on my wife's iMac [1] from 2008. Unfortunately it has one issue: There are irregular periods of very high %wa, maybe 3-5 times per hour, not directly related to a certain user action. They last for some seconds up to even a minute or so and render the machine unusable for that time. top shows %wa of 80 or 90%, load can go up to 9 on this dual core machine, iotop shows only a few KB/s. High wait-for-IO combined with very little disk throughput usually points towards disk problems... Anything interesting from e.g. iostat -kNx ? That should tell you which disk and partition is suffering. (Or if you already think you know, this should confirm it) I already added pcie_aspm=off to the boot options which seems to help, but I still see this I/O hangs (without, I had about 10+ hangs per hour). Any idea what could cause these blockings? How can I find out more? I use Linux for 15+ years but I never saw such things... and I want to show my wife, that Linux is the better OS, of course... ;-) My first call would be the kernel logs. IIRC in the default syslog config this goes to /var/log/kern.log, but you can see the most recent output with e.g. dmesg or dmesg -T Combine this with the disk-related snippets from /var/log/dmesg (which has the kernel output from boot) and you may see further clues... Which kernel are you using? Stock kernel, or self-compiled? 32bit? 64bit? The firmware version may also be relevant here. Aside from that issue everything runs quite nicely. Thanks best regards, Bernd [1] iMac 8,1: 2008, Core 2 Duo 2.8 GHz, GB RAM, 500 GB WD HDD, ATI Radeon HD 2600 PRO (PCIe) Looks similar to this one? http://www.odi.ch/prog/macbookpro/#3 Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140604205400.GB9871@hawking
Re: GNOME-Terminal is blank or inactive in Awesome WM on Debian 7
Hi On Sun, May 25, 2014 at 03:56:47PM +0600, Muntasim Ul Haque wrote: Hi, GNOME-Terminal is blank in Awesome WM. It just opens but doesn't show anything. Not even by username and hostname. Absolutely nothing. But Xfce terminal was working great. Even Terminator is working properly. So what's wrong with GNOME-Terminal? I once had a similar problem - when pulseaudio had hung for some reason. Turned out that because the audio path was blocked, GNOME apps (mainly gnome-terminal) would hang when doing the sound effects (which I thought I had turned off). Other tool like xterm, rxvt etc worked fine... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140526083502.GA24055@hawking
Re: Recommends for hard dependency?
Hi FYI: I'm not a Debian developer; just a mere user with an opinion... On Tue, May 13, 2014 at 12:05:48PM +0530, Shriramana Sharma wrote: Hello people. This is about: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747716 Currently libqt5sql5-sqlite is given as a recommends and not a depends for qttools5-dev-tools (https://packages.debian.org/sid/qttools5-dev-tools) whereas /usr/lib/x86_64-linux-gnu/qt5/bin/assistant, one of the programs installed by the latter package, cannot even start up without libqt5sql5-sqlite being installed. I hence requested to change it to depends. The developers say no, recommends is right in this case since only assistant requires it and the other tools in the package do not -- you should have recommends installed by default in your system in most cases -- if you don't, that's not a problem of the packaging. Hm... I do not agree with that. The binaries in the package *should* work (in their default configuration if at all possible) with only hard dependencies present, without relying on Recommends... I pointed out that the specification at https://www.debian.org/doc/manuals/maint-guide/dreq.en.html#control says to use depends if your program absolutely will not run ... unless a particular package is present. Yes. And the verbiage for Recommends is (amongst other things): Use this for packages that are not strictly necessary but are typically used with your program I have to admit that I can sort-of see the developer's point there. I guess the developer(s) can have a (somewhat weak) argument here if there is some combination of command line options or configuration file settings (e.g. to use a different database driver?) which then allows the program to run. Perhaps even one installed outside the packaging system. If this is the case, I'd hope to see a meta package (e.g. qt5-sql-driver) which is implemented by the requisite packages - and thus a dependency in the style of: Package: qttools5-dev-tools Depends: qt5-sql-driver | libqt5sql5-sqlite (or perhaps libqt5sql5-sqlite | qt5-sql-driver - I'm doing this from memory. There's a mention of meta packages dependencies somewhere in the policy manual IIRC). There may be such a meta package already. I haven't checked. IMO something that a program can't even start without should be a hard dependency and not just a recommends. A user may disable installation of recommends for whatever reason. This should not prevent the user from even starting up the program! I'd agree with that sentiment :-) Another way to resolve this could be to relegate the assistant into it's own package (which would have hard dependencies on libqt5sql5-sqlite and qtttools5-dev-toos), and let the main package recommend the assistant package? -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140513073219.GC5817@hawking
Re: Spacewalk or similar for Debian?
Hi On Wed, Apr 30, 2014 at 07:30:42AM -0400, Henning Follmann wrote: On Wed, Apr 30, 2014 at 10:15:43AM +0100, Karl E. Jorgensen wrote: Hi Consider this scenario: - 1000+ servers (lenny, squeeze and wheezy) at varying degrees of up-to-datedness with respect to security updates and general bug fixes. - Demand for getting servers up-to-date. (They heard of heartbleed, but chose to ignore all my previous notifications of security problems. Go figure) - Risk-adverse non-technical upper management (spreadsheet mania) - Every update must be vetted and tested out first on development servers, then QA servers, staging servers and live servers. No exceptions. My current line manager knows only RedHat, and thus wants spacewalk. (Because this is he used before. In a proper enterprise. And Thus proper enterprises use spacewalk). Spacewalk looks sort of nice, but not quite the Debian way of doing things. And I cannot imagine that I am the first person with this problem... How have others solved this? My main concern here is the security updates and point releases: I'm pushing for getting all the servers upgraded to wheezy anyway, and as part of the upgrade they'll pick up any pending (at that point in time) security updates. There are a number of configuration management packages available. A nice comparison is available on wikipedia: http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software May I suggest Puppet. I think it is mature and has a active community around it. Yes - we make extensive use of Puppet (and to some degree: ansible) already. However, the main demand appears to have a web interface, where updates can be selected. Because that's what spacewalk has. And I don't see puppet filling that gap :-( -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140502062701.GE8743@hawking
Re: Laptop pads: was Weird random reboot -- thinkpad x220
Hi Jumping in late in the thread... On Fri, May 02, 2014 at 11:23:42AM -0400, Steve Litt wrote: [snip] Also, in every carrying case for every laptop, I carry a trusty Logitech M310 wireless led mouse. These mice are shaped well, have enough sensitivity to be fast enough even with LXDE, and the scroll wheel is stiff enough and its rotational clicks are discrete enough that middle clicking can be done without fear of turning. So, unless I'm trying to work where there's no table, I just use a regular mouse. Have you ever tried the xxxterm browser? It might be called xombrero on your Debian version. It's a browser made to be used with keystrokes reminiscent of Vim: No mouse required. For the emacs users out there: Obviously w3m ! But for a graphical browser: conkeror. If you're used to emacs, it should be natural. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140502180500.GA18737@hawking
Spacewalk or similar for Debian?
Hi Consider this scenario: - 1000+ servers (lenny, squeeze and wheezy) at varying degrees of up-to-datedness with respect to security updates and general bug fixes. - Demand for getting servers up-to-date. (They heard of heartbleed, but chose to ignore all my previous notifications of security problems. Go figure) - Risk-adverse non-technical upper management (spreadsheet mania) - Every update must be vetted and tested out first on development servers, then QA servers, staging servers and live servers. No exceptions. My current line manager knows only RedHat, and thus wants spacewalk. (Because this is he used before. In a proper enterprise. And Thus proper enterprises use spacewalk). Spacewalk looks sort of nice, but not quite the Debian way of doing things. And I cannot imagine that I am the first person with this problem... How have others solved this? My main concern here is the security updates and point releases: I'm pushing for getting all the servers upgraded to wheezy anyway, and as part of the upgrade they'll pick up any pending (at that point in time) security updates. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140430091543.GA12773@hawking
Re: Network Performance Degrading over random amount of time
Hi On Sat, Apr 26, 2014 at 01:01:25PM +0200, h...@xx0r.eu wrote: Am 2014-04-26 12:44, schrieb h...@xx0r.eu: Am 2014-04-22 10:38, schrieb h...@xx0r.eu: Am 2014-04-20 23:49, schrieb Karl E. Jorgensen: Hi On Sun, Apr 20, 2014 at 01:01:53PM +0200, h...@xx0r.eu wrote: Hi List, maybe you have a clue about the issues im having since several months. My Homeserver is running Debian Jessy right now, the network issues where there with wheezy aswell. after a fresh boot my network behaves like it should archiving near gbit speeds which is nice, after a random amount of uptime though my throughput degrades below 100mbit network speeds (about ~3.5MB/s) i measured using iperf. You don't explicitly say... Does a reboot cure the problem (temporarily?) Yep thats exactly what a reboot does for me, i tenad to reboot about once every 2-3 days because of this issue, not something you would expect from a unix OS :D If so, does a ifdown eth0[1] + ifup eth0 have the same effect? (if necessary: Unplug and re-plug the cable between ifdown and ifup...) [A full reboot is a bit like a sledge hammer... very crude] I have yet to try this, will report back when i have the performance problem again and try it Just got the chance to try, and yes, an ifdown eth0 - Cable replug - ifup eth0 also cures this problem Sounds good. Is a cable replug _necessary_ to cure it? If it can be cured (or at least worked around) with ifdown/ifup on it's own, (possibly with rmmod/modprobe of relevant kernel modules in between), then you at least have a scriptable workaround. Anything in the kernel message log? (e.g. output of dmesg or /var/log/kern.log) It would be interesting if the kernel spat out some messages around the time of the degradation... E.g. link-level renegotiation or similar. Also: Anything interesting in the output of ifconfig eth0 ? I'm particularly interested in the counters for errors, dropped, overruns, frame/carrier counts: These counters may show interesting changes around the time of the degradation... I will write this down for next performance degration aswell Output of dmesg looks a bit suspicious: [40886.039833] irq 16: nobody cared (try booting with the irqpoll option) ooh. Interesting. If you're on wheezy, use dmesg --ctime or dmesg -T to get human-readable timestamps. (or just check /var/log/kern.log) [snipped most of kernel output] .. [40886.040506] Disabling IRQ #16 IRQ16 is related to eth0 according to /proc/interrupts: 16:31649923462922 0 0 IO-APIC-fasteoi pata_via, eth0 Yes - it would be an amazing coincidence if it is not related. Output of ifconfig looks unsuspicious, a few dropped packets but nothing major: eth0 Link encap:Ethernet Hardware Adresse 00:0e:0c:b9:5e:1d inet Adresse:192.168.1.20 Bcast:192.168.1.255 Maske:255.255.255.0 inet6-Adresse: fda3:32bd:abab:0:20e:cff:feb9:5e1d/64 Gültigkeitsbereich:Global inet6-Adresse: fe80::20e:cff:feb9:5e1d/64 Gültigkeitsbereich:Verbindung UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 RX packets:11881446 errors:0 dropped:882 overruns:0 frame:0 TX packets:29392900 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:1000 RX bytes:7149517599 (6.6 GiB) TX bytes:69090488843 (64.3 GiB) Oh - German :-) Interesting that it is only partly i18n'd. I don't think errors is correct German? Not fehler? (I guess you would know for sure, I'm only a Dane with rusty German skills...) I wouldn't be surprised if the dropped packets are a result of the cable un-plug/re-plug (assuming the output is from after the cable play). Conclusion: With all this information i was able to track the root case of my issue down on my own, i guess im screwed since my asus board uses PCI bridge: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge (rev 01) which is commonly known to have a BUG regarding the handling of Interupts on the PCI bus.. ouch. I'm no PCI expert... If the bug only affects *some* interrupt numbers, it may be possible to force the card/kernel module to use a different IRQ? I'm thinking kernel module options and/or BIOS settings? 2 options for me now: Switch to a much more expensive pcie gbit card, or buy an even more expensive new mainbord... Perhaps a BIOS/firmware upgrade is possible? Well... Fuck Surely there are more suitable German expletives here? But I get the sentiment :-) Regards -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140426140718.GA461@hawking
Re: Network Performance Degrading over random amount of time
Hi On Sun, Apr 20, 2014 at 01:01:53PM +0200, h...@xx0r.eu wrote: Hi List, maybe you have a clue about the issues im having since several months. My Homeserver is running Debian Jessy right now, the network issues where there with wheezy aswell. after a fresh boot my network behaves like it should archiving near gbit speeds which is nice, after a random amount of uptime though my throughput degrades below 100mbit network speeds (about ~3.5MB/s) i measured using iperf. You don't explicitly say... Does a reboot cure the problem (temporarily?) If so, does a ifdown eth0[1] + ifup eth0 have the same effect? (if necessary: Unplug and re-plug the cable between ifdown and ifup...) [A full reboot is a bit like a sledge hammer... very crude] From the point-of-view of the switch, this should be almost indistinguishable from a full reboot... Anything in the kernel message log? (e.g. output of dmesg or /var/log/kern.log) It would be interesting if the kernel spat out some messages around the time of the degradation... E.g. link-level renegotiation or similar. Also: Anything interesting in the output of ifconfig eth0 ? I'm particularly interested in the counters for errors, dropped, overruns, frame/carrier counts: These counters may show interesting changes around the time of the degradation... Current Hardware: - Asus P8H67-M PRO - Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz - 16 GB DDR3 Ram (2*8GB Kingston ram) - Intel Corporation 82541PI Gigabit Ethernet Controller - TP-Link 8-Port gbit switches (2 of em between home-server and clients) *two* switches between server and clients? Sounds a bit unusual - at least for a home set-up... Ive tried diffrent things so far: - Switched from a switched cabling setup to Crosslink. Hm... AFAIK modern network cards tend to adjust themselves to both normal and cross-over cables (which I believe that crosslink means). - Swapped out the cheap asrock motherboard with asus - Changed from onboard realtek network chip to PCI Intel Gbit card Hm.. That would likely rule out any network card issues. - Reinstalled OS several times .. which would most likely rule out any OS bugs. But not administrator configuration mistakes... - Testing from diffrent clients (Win 7, Linux Mint, Debian, Ubuntu) ... which would then most likely rule out administrator mistakes: Win7 is sufficient differently from anything else to make it difficult to make the same mistake across platforms. - Downloading vendor drivers and using them instead of the kernel inbuild ones Nothing so far had worked to get my gbit speeds stable over a few days. When you measure the speed, between which two points do you measure the speed? I'm concerned about the TWO TP-Link switches: The diagnostics you have done so far does not appear to rule them out Does your traffic have to pass through both of them? If so, how are they switches connected? Based on what you have written, my main suspects would be the two switches - with a focus on the nearest switch... im open to ANY suggestions here even if they involve building a custom kernel or other magical hakkery ;D Well - it looks like you have put a fair amount of effort into solving this But until the problem is narrowed down, this would probably be as likely to resolve the problem as a goat sacrifice ... You haven't got a spare goat[2], have you? :-) Hope this helps [1] I'm assuming eth0 here [2] A live one would constitute a hot spare, right? Yeah. Tangent. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140420214924.GA11030@hawking
Re: Heartbleed
Hi This thread is going terribly off-topic, but I could not resist... On Thu, Apr 17, 2014 at 07:45:38PM +0100, Joe wrote: Today, not only governments but private companies vacuum up every bit of data they can find, presumably just because they can. There is almost certainly a certain amount of 'we don't know what to do with it now, but we're sure it will come in handy one day'. Look at Google, 'accidentally' harvesting private wifi information while their StreetView cameras were doing a job totally unrelated to wifi. There was no possible legitimate reason for doing that, nor any reasonable expectation that something good but unanticipated might result from it later. And wireless sniffing hardware and software doesn't just fall into camera cars while they are parked overnight, connect itself up and turn itself on. Actually, IIRC they were quite open about that: Knowing the locations of wifi access points helps with determining the location when GPS is unavailable. Although not as accurate as GPS, it is probably faster to determine an approximate location this way. Obviously, they had no need to save the actual *traffic*, merely the access point MAC address, signal strength and streetview car location to do this. Just my 2p -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140418115607.GB6307@hawking
Re: Voice control
Hi On Sun, Apr 13, 2014 at 05:21:09AM -0400, brian wrote: My wife has contracted RSD (otherwise known as CRPS) affecting her hands, and it's become very painful for her to use her PC. She can cope with a mouse, just, but typing is a major problem for her. Does anyone have any recommendations for (better yet, personal experience with) voice-to-text software? We're using Debian 7 64-bit. Sorry to hear that :-( I have no experience with voice-to-text software - I assume you're already enabled the accessibility features - e.g. Orca and the like? Other interesting text input methodologies like Dasher may be useful too.. Not for typing, but in my past interweb wanderings I came across this one: http://eviacam.sourceforge.net/ Perhaps that will be helpful? I gave up playing with it when I switched to a laptop without a built-in webcam... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140413100150.GA12889@hawking
Re: Question about firmware in Debian packaging system
Hi On Thu, Apr 03, 2014 at 07:30:48PM +0200, Sven Joachim wrote: On 2014-04-02 15:54 +0200, Klaus wrote: On 02/04/14 14:30, Paul E Condon wrote: [snip] Have you had a look in /var/log/syslog whether any firmware is loaded, or whether any firmware is reported missing? grep firmware /var/log/syslog That's the wrong place since this file might already have been rotated since the last boot, better grep in dmesg instead: Probably works 99.9% of the time. But dmesg will only output the last 16K (or so [1]) of kernel output. And it can be cleared with e.g. dmesg -c. Unless there are a lot of kernel messages (e.g. iptables logging rejected packets), this is fine. By default, the Debian installation of (r)syslog will copy this to /var/log/dmesg. This file is also subject to log rotation. [1] I may have gotten the size wrong. Although limited, it only serves as a buffer in case syslog is slow picking it up. Configurable with the log-buf-len kernel parameter if you want to nitpick. But I'm sure you don't :-) Regards -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140404104508.GC30381@hawking
Re: getting emails from cron despite redirecting output to a log file
Hi On Mon, Mar 31, 2014 at 01:22:31PM -0500, David Nelson wrote: Hello, I have configured mrtg to log network traffic for our organization. This is working nicely except at some point while I was fiddling with the scripts under /etc/cron.d, which run every 5 minutes to collect snmp data I started getting emails to root from cron. I have stared at this and googled a bit... yes even the man page, but I don't see what I have messed up here: if [ -x /usr/bin/mrtg ] [ -r /etc/mrtg/rm_127_switch-mrtg.cfg ] ; then env LANG=C /usr/bin/mrtg /etc/mrtg/rm_127_switch-mrtg.cfg 21 | tee -a /var/log/ mrtg/mrtg.log ; fi well... if mrtg produces any output, it *will* be e-mailed as per normal cron output. AND it will be appended to /var/log/mrtg/mrtg.log... PS: If you want to take advantage of syslog here (and the standard log rotation) it is relatively simple: use logger - e.g.: something | something | logger --tag davids-mrtg To clarify the above is not the whole line from the file under /etc/cron.d/. I don't have access to that system right now so I am just posting the command part that I keep getting in my email. Seeing the output might help too - more eyes and all that. Also, I have jobs for a few different switches setup like this. Is there any reason I can't let the output all go into the same log file? Hmmm... Wonder if it's a problem that all these jobs are trying to write to the same log file at once? Probably not. But it's easy to send stuff via syslog as noted above. Then you don't have to bother about maintaining the log files, and can also log to a centralised server etc etc. All the normal syslog stuff. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140331204430.GA18866@hawking
Re: Unable to execute a script without asking for sudo password, even after editing sudoers file.
Hi
On Sun, Mar 30, 2014 at 04:44:13PM +0530, Anubhav Yadav wrote:
Hi I have created a script called i3exit that allows me to suspend or
hibernate my laptop without having to exit my i3wm thus allowing me to
save my work.
Here are the contents of my script:
#!/bin/sh
lock() {
i3lock
}
case $1 in
lock)
i3lock -d -i /home/neo1691/.i3/i3lock_screen.png -n
;;
logout)
i3-msg exit
;;
suspend)
sudo pm-suspend
;;
hibernate)
sudo pm-hibernate
;;
reboot)
sudo reboot
;;
shutdown)
sudo halt
;;
*)
echo Usage: $0 {lock|logout|suspend|hibernate|reboot|shutdown}
exit 2
esac
exit 0
This script is stored in home/neo1691/bin/ directory and the directory
is added in the PATH variable by adding 'export
PATH=${PATH}:/home/neo1691/bin' in my .~/.bashrc file
I used sudo visudo to edit the /etc/sudoers file and added this line at the
end:
neo1691 ALL=(ALL) ALL, NOPASSWD: /home/neo1691/bin/i3exit
After a restart when I run 'i3exit suspend' from my terminal, I am
still asked for my password.
That is your problem: You have configured sudo to allow you to run
i3exit as root.
But you don't. You run i3exit as yourself (without sudo), and IT then
uses sudo pm-suspend (and others).
Two possible ways forward:
- Call it using sudo i3exit and remove the calls to sudo from inside
the script
- Call it as yourself (= just i3exit) and give yourself the
privileges to run reboot, halt and others as sudo.
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140330120508.GI26574@hawking
Re: List installed packages sorted by size.
Hi
On Wed, Mar 26, 2014 at 03:07:58PM +1300, Chris Bannister wrote:
Hi,
Could be useful to someone:
dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -n | less
Nice. But
dpigs -20
(from the debian-goodies package) is still shorter :-)
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140326082619.GA19438@hawking
Re: questions about password safes
Hi On Fri, Mar 07, 2014 at 12:05:00PM -0500, Dave Woyciesjes wrote: On 03/07/2014 11:56 AM, Paul E Condon wrote: I run Wheezy, desktop Xfce. I want to start using a password safe. I've done some searching on the Web and would like to use Bruce Schneier's Password Safe. There is a package in Sid by the name mypasswordsafe.deb. I hope that this is a version of Schneier's software suitable modified to word with Debian. But ... I have never installed anything from Sid before and I want some help/guidance. There doesn't seem to be a back-port, but I may not have the right backport line. Is deb http://mirrors.geeks.org/debian/ wheezy-updates main what I need? If, yes, I can conclude that a backport is not yet available. If it is not yet available, is there some other password safe software that someone will suggest for use while I wait for what I really want. TIA Speaking of password safes, keychains, etc... What I would like to know is: is there an option that will work on Windows, OSX, and Linux? Something where I can keep it on a USB flash drive? keepassx ? Combined with dropbox (only keep the encrypted version in dropbox). This seems to work across windows, osx and linux Enjoy -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140307183012.GA9146@hawking
Re: DHCP quickie
Hi
On Tue, Mar 04, 2014 at 07:32:57PM +0200, Danny wrote:
Hi Guys,
Is it possible to only give leases at a certain time of day for a certain IP
or
MAC?
Say from 06:00 till 10:00 and then from 18:00 till 22:00?
Ah. Let's assume this is a residential evironment. And that you want
to help a teenager get some sleep? :-)
( Oh well. Don't tell the victim about downloading movies to watch
later :-D Or play offline games (do teenagers know they exist?).
If so, there are several possibilites:
- Some (many) home routers can enforce MAC access control based on
times. Obviously such stuff is hidden down in the advanced menus.
The net effect is that internet access breaks when the curfew
kicks in. Very effective.
This can be F***NG ANNOYING TO DEBUG ... if you forget about it.
- If you route all traffic through the debian box, iptables can
enforce this. Search for --time on iptables's man page.
Similar caveat as above applies.
- Switching DHCP configuration back and forth. It can be defeated by
manually reconfiguring the victim device(s) to not use DHCP. This
is less accurate - it only affects the device next time it
renews/obtains a lease. So you want to make sure the lease time
isn't e.g. 8 hours, as this would effectively defeat the purpose
of this... Keep the lease times short - at least for this device.
Instead of messing about with the main dhcpd.conf, use an include
file. But make dhcpd.conf refer to a *symlink* that you re-point at
strategic times, combined with DHCP server restarts. Much less error
prone than moving files about or editing them via scripts.
To do this, I could imagine:
* tweak to /etc/dhcpd.conf to say
include /etc/dhcp/curfew-host.conf
* A new file: /etc/dhcp/curfew-host.conf.deny :
host limited {
hardware ethernet 08:00:27:87:ee:5b; # Insert correct MAC address
here
option routers 192.168.0.254; # Insert unused local IP here. Must be
on the same subnet as your victim.
}
* To cron jobs to manipulate the symlink named
curfew-host.conf. We assume that the DHCP server default would
be to grant a working lease, so re-pointing to the symlink would
make the victim host nothing special.
* @ 06:00 and 18:00:
cd /etc/dhcp rm curfew-host.conf ln -s /dev/null
curfew-host.conf service dhcpd restart
* @ 10:00 and 20:00:
cd /etc/dhcp rm curfew-host.conf ln -s curfew-host.conf.deny
curfew-host.conf service dhcpd restart
Hope this helps.
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140305005628.GA3606@hawking
Re: Four people decided the fate of debian with systemd. Bad faith likely
On Sun, Mar 02, 2014 at 06:09:46PM -0700, ghaverla wrote: [BIG snip] With Respect To boot times, I would think moving to a specialised shell that had no interactive capability (such as Gnu Readline) might be a place to start. That the shell often had to invoke subshells to do things, to me might be a reason to try Perl to boot a system. Just as a trial, Perl is big. But once you get it up and running, it doesn't need to invoke inferior processes for many tasks, and is capable of starting binaries with calculated arguments. This has (at least partly) been achieved by making the default shell dash, rather than bash. dash is significantly faster, and (as far as I can see) a drop-in replacement. This is not an attempt to claim that no futher improvements are wanted - but the difference dash made was significant. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140303085729.GA12793@hawking
Re: Issue importing a large MYSQL database.
Hi On Sat, Mar 01, 2014 at 01:33:44PM -0600, John W. Foster wrote: Yep this is Debian specific. I have a system running Debian Wheezy; up to date; AMD 6 core processor; 4GB ram. Terabytes of disk space. This computer is in my office, not a remote. I am trying to use command line instructions to restore/import a database that I exported a few weeks back from a remote server. I was able to do this on the remote server using command lines, but after finishing the import the server admins decided I was using too much of the VPS servers resources and shut it down with no notice.I decided to bring it in house again.The Database is 2.28 Gb is from a Mediawiki site. I'm not using any GUI such as PhpMyAdmin, though I have those available. The php limitations will not allow it to finish using PhpMyAdmin or Mediawiki's import structures. Since I did this on a Debian remote host I figured no prob here. Not so. I logged in as root, not connected to the internet, to do the import. issued this command; mysql -v -u root -p MyDBName MyDump.sql Looks pretty vanilla. No compression? Usually worth the trouble, but this is obviously not causing the problem you're seeing. put in root password, watched some screen output that resembled the Matrix for 2 days. System was accidentally interrupted quit. I restarted it and waited 2 more days, server just quit. If the server just quit (I assume without any error messages as you do not list any) then there should be clues in mysql's log (usually routed via syslog to /var/log/daemon.log). I have been batting something similar with the mysql client - also suffering under long-running import jobs: Re-sizing the terminal window seems to cause the mysql client to die. Just like that. REALLY annoying. I suspect that is http://bugs.mysql.com/bug.php?id=62578 Now for the differences; On my remote server I created a completely empty database then did the import. Then reinstalled the upgraded Mediawiki and managed it as a mediawiki upgrade. Here I tried to use the existing installation which was new and do the restore as an upgrade. Now this is my question; Any one know why this doesn't work. Which errors/symptoms do you see? I'm now trying the new empty db here to see if I can get it to work. However even if I do, i want tosolve this issue so I don't repeat it. There are some serious benefits to restoring to a populated database that I want to preserve. Also I have successfully used PhpMyAdmin to do that with much smaller databases. There are faster ways of copying MySQL databases about - if /var/lib/mysql is on a LVM logical volume, you can create a snapshot and copy *that* across (the resulting instance will do crash recovery upon startup). Similiar things can probably be achieved with btrfs subvolume snapshots or zfs - although those file systems would probably not be your first choice to store a database on. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140301234138.GA23603@hawking
Re: Am I paranoid?
Hi On Tue, Feb 25, 2014 at 11:17:12AM +0100, ha wrote: Please note the difference between *are/is* installed, and *were* installed. I would expect dpkg -S to fail if those packages had been wrongly removed (corrupting dpkg database) but the pam and man files are extremely unlikely to be the result of malware. The OP never responded to my query about the other files that would have been installed - or checked the installation history with dpkg --get-selections (it won't show if purge was run, but then, those files would likely not be left). Sorry I didn't follow up on this one... What info did you requested? How can I check if the package was installed (but is there no more)? I believe that dpkg --get-selections shows only available packages. If the package was *purged* I don't think it should be different that never-installed-in-the-first-place. (If I'm wrong, somebody shout!) However, if it was installed and then removed, then the configuration files should remain, and dpkg --status $packagename would report: Status: deinstall ok config-files For the uninitiated: Removing a debian package will not remove the configuration files. Which is a brilliant if you subsequently re-install the package. To also remove configuration files, you need to *purge* the package. Since configuration files are usually very small, most people are not too bothered about the difference. However Neither seems to match the situation of the original poster - (s?)he seems to have both a binary *and* a configuration file... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140225102726.GB13544@hawking
Re: Am I paranoid?
Hi On Mon, Feb 24, 2014 at 01:14:10PM +0100, ha wrote: I have a relatively new installation (2 months) of Debian Wheezy, and not many additionaly packages installed. I *never* installed any virtual machine on this computer, however, after some problems (that I first though were hardware related) I found that vmtoolsd is installed on this computer. I cannot see a package named vmtoolsd in the debian archives. But I can see a package named open-vm-tools, which has files named like that: https://packages.debian.org/search?suite=defaultsection=allarch=anysearchon=contentskeywords=vmtoolsd This package seems to be the VMware Tools bit intended to be installed on a guest VM - i.e. it does not provide virtualisation, but does stuff guests... Is your box a VMWare guest? If not, then you should not need open-vm-tools. Synaptic does not show any installed VM package, same as my shell history. I'm aware that virtualization theoretically could be used to gain backdoor (or at least processing power) and I wonder if I'm the lucky one. I'm willing to explore this if anybody is interested to lead me. I would not suspect this to be the case here. If you have the open-vm-tools package from the Debian repository, you should be safe. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140224122513.GA4691@hawking
Re: Am I paranoid?
Hi
On Mon, Feb 24, 2014 at 09:43:39AM -0600, y...@marupa.net wrote:
On Monday, February 24, 2014 04:40:39 PM ha wrote:
On 02/24/14 16:24, ha wrote:
Hi!
Try to find that file. ( run something like find / -name vmtoolsd )
I did. It only shows that files are there:
/etc/pam.d/vmtoolsd
/usr/bin/vmtoolsd
By the way, there is also /etc/vmware-tools folder
This rather highlights why I like Arch's package manager (Pacman.) more than
APT. Pacman features a command (pacman -Qo file) that explicitly checks a
file
you specify for package ownership.
dpkg --search ${filename}
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140224154804.GB4691@hawking
Re: reboot/halt/shutdown does nothing
Hi On Tue, Feb 18, 2014 at 11:31:49AM +0800, Zhang Weiwu wrote: On Mon, 17 Feb 2014, Karl E. Jorgensen wrote: So init knows that you want to shut down/reboot.. My guess is that one of the early init scripts are hanging. Thank you for the hint. I followed your test method and the test result show this problem has nothing to do with a hanging service. The first in asciibetic order is 'apache2'. Is it? I may be misreading you - and if so I apologize beforehand. But I mean ascibetically to mean the order of the symlink names, including the K bit - e.g. K02alsa-utils. Basically the order of ls -1 /etc/rc6.d/* In my past years I came across many services that refuses to die, and they were killed after timed out, so normally init daemon knows how to kill without grace. Hm. Fair point. Unfortunately, in my experience, a hanging init script has halted shutdown many times for me - perhaps there's a setting somewhere I can tweak. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140218094659.GA21417@hawking
Re: Disk heads won't park
Hi On Mon, Feb 17, 2014 at 01:09:35PM +, Nuno Magalhães wrote: Greetings, One of my 4 SATA HDDs is constantly making write noise, as if it was under heavy load. However, the system is idle (and recently installed). I can't see any activity on iotop and this starts immediately when i turn on the box. The HDD activiy LED doesn't blink on this activity. All drives seem functional, smartctl -t short device only shows errors for sdd, the oldest drive, but by the noise it makes when running said test that's not the culprit and it doesn't even have filesystems yet (it's one big LVM VG with no LVs). That leaves me with 2 new drives (sda and sdc) that are part of a RAID1 array where / is an xfs in an LV; and sdb which has /boot (256MB ext2) and /stuff (50GB ext4 which is 1% full, also in an LV). I believe sdb may be the culprit. Also booting has become slow (from about 3sec to over 10, stopping on loading linux, loading ramdisk, mounting filesystems, etc). (Also GRUB delays on error: unknown lvm metadata header for /dev/sdb1, but that's because /boot is not on LVM - i've edited all 4 simlinks to it from /etc/lvm/lvm.conf but it still looks at it; GRUB proceeds normally after that). Short of unplugging the drives one by one, is there a way i can a) discover/confirm which one is thrashing about? and b) make it stop? I've seen hdparm -s is not recommended, and i'm not sure if whichever drive it is it supports the required power management feature (they all support Power Management feature set, but other power-related features vary). You may be able to get clues from sysstat - it can tell you how many blocks have been transferred to each device. However, it is not very granular in the default configuration: I believe it is every 10 minutes by default. But if you make the box idle for 30 minutes, and you still see IO to a drive, then that would be a good clue. Note that even read activity may cause writes - if the atime mount option is set (not sure whether this applies for XFS though). Thus reads from cache may still result in writes. Another possibility is cron jobs - but e.g. stopping cron for a period could be a useful diagnostic: if it still happens even with cron stopped, then cron is unlikely to be the culprit. Or at least: unlikely to be the *only* culprit. Same goes for logging - e.g. (r)syslogd activity. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140217172017.GA9715@hawking
Re: Determine IP Adrress from MAC Address
Hi
On Tue, Feb 18, 2014 at 12:36:08AM +0600, Muntasim-Ul-Haque wrote:
Hi,
How can I determine the IP address if I already have the MAC address
or Hardware Address? What is the most convenient way?
I know of no easy way - but there *are* two ways I can think
of. Both assume that you have access to another box on the same
network.
(1) Passively listen on the network and wait for the MAC address to
speak. Since you are most likely connected via a switch, you will
only see broadcast/multicast traffic (unless the target MAC address
talks directly to you).
Something like:
# tcpdump -i eth0 -n -l -c 1 ether host ${mac_address} and arp
Then you can see ARP requests issued by the mac address in question,
in the style of:
19:03:02.281737 ARP, Request who-has 192.168.0.130 (ff:ff:ff:ff:ff:ff) tell
192.168.0.3, length 28
which tells us which IP address ${mac_address} is associated with
(192.168.0.3 in my example)
(2) Another way is to actively scan the whole network, and check your arp cache
afterwards, e.g.:
# nmap -sP 192.168.0.0/24
(lots of nmap output - can be ignored)
# arp -an
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140217190704.GB9715@hawking
Re: reboot/halt/shutdown does nothing
Hi On Mon, Feb 17, 2014 at 04:29:17PM +0800, Zhang Weiwu wrote: Using Debian 6.0. reboot/halt/shutdown does nothing except announcing the shutdown and halt the ssh session that issued the command. But beyond that it really did nothing. Among the things it did not do are: - no process are killed or terminated. None of mysql, apache, cron daemons are shut down, and the website it serves keeps online just fine. - although the ssh session whence the command issued is halted, I can still login with a new ssh session. - last(1) and uptime(1) doesn't remember having any shutdown. The only thing I can find that prooves I issued shutdown is a one-line messages like this in /var/log/messages: Feb 17 07:55:30 localhost shutdown[11212]: shutting down for system halt Or this: Feb 17 07:54:24 localhost shutdown[11084]: shutting down for system reboot The problem is reproducible: if I unplug the power, and start again, it predictablly fail to shutdown / reboot. So init knows that you want to shut down/reboot.. My guess is that one of the early init scripts are hanging. To verify that this is the case, you could try to execute each of the scripts in /etc/rc6.d/* scripts in asciibetical sequence. I suspect something like this would do the trick: for file in /etc/rc6.d/K*; do echo == Running $file ...; $file stop; done If my suspicion is correct, then one of the scripts will hang... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140217200412.GC9715@hawking
Re: rdesktop
Hi On Thu, Feb 13, 2014 at 11:03:07PM +0800, lina wrote: Hi, When I tried to use rdesktop, it showed me ERROR: getaddrinfo: No address associated with hostname As others have already mentioned: This is a DNS Name - IP address resolution problem. Not rdesktop. It could be as simple as needing to use the fully qualified domain name, if your /etc/resolv.conf has a different search path that the equivalent on windows. I was advised by our admin that It is something to do with the RDP version on Linux. It has some compatibility issues with the more recent version of MS-RDP. Yeah right. Not. Whoever claimed that: Make a mental note to avoid letting this person solve problems in the future. It will probably save you both time and frustration. Or that person didn't understand your problem in the first place. Both is bad news. But there is *some* truth to this: I have found that servers with NLA (Network Level Authentication) enabled, rdesktop doesn't work. But the symptoms for this are very different: it will exit with some error code, essentially saying booh-hooh: The other end closed the connection on me!!. Further, I was told to try use windows to connect to that window machine in order to access some software. Well - I suspect that the person you talked to prefers/advocates windows? Or (in)corporate policy or somesuch arguments. I checked the debian package, seems currently the one I use is the latest version, any suggestion about how to resolve it without resorting to the Windows. Depending on your local network and the hostname you're using: It may actually work from a windows machine. If [1] you were given a windows server NETBIOS name, it may not be resolvable unless you have libnss-winbind installed[2]. Such names are usually recognizable by: - No more than 8 characters - Usually specified in ALL UPPER CASE - Sometimes specified with leading '\\' The litmus test for this is to try to ping the name from a windows box. (Whether it actually *responds* to pings is irrelevant - what matters is whether ping can resolve the name to an IP address). If it works there, but not from linux, then lack of libnss-winbind *may* be your problem. [1] ... and this is a BIG if on my part. I'm at the limits of my knowledge and experience here. [2] I'm not even 100% sure of the package name. But bear with me. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140213202046.GD2934@hawking
Re: ssh host ip/id management for dynamic dns servers
Hi
On Tue, Feb 11, 2014 at 09:53:32AM +1100, Zenaan Harkness wrote:
With a dyndns type server, each time a new ip address happens, ssh
login adds a new entry to .known_hosts
Is there a recommended way to handle this?
Turn off CheckHostIP ?
For the uninitiated, in your ~/.ssh/config file:
Host {{dns-name-of-host}}
CheckHostIP no
See ssh_config(5) for details - the relevant part is:
CheckHostIP
If this flag is set to “yes”, ssh(1) will additionally check the
host IP
address in the known_hosts file. This allows ssh to detect if a
host key
changed due to DNS spoofing. If the option is set to “no”, the
check
will not be executed. The default is “yes”.
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2014020423.GB13514@hawking
Re: images that play nicely with revision control?
Hi On Sun, Feb 09, 2014 at 08:07:57AM -0500, Henning Follmann wrote: On Sun, Feb 09, 2014 at 12:28:45PM +, Hendrik Boom wrote: I'm looking for a file format for images that plays nicely with revision control. Ideally I'd like to edit them while seeing what I'm editing, whether it's a line drawing (like inkscape) or a pixel map. I think that doesn't exist. At least not for all kind of images. SVG is basically an XML file. There you can at least compare the xml content. But that however is also very tricky, you might need something which converts it first into canonical xml and the compare/store it. But that is only efficient for vector images. For bitmap images that wouldn't work. For bitmap images, you *could* resort to storing them in PBM format - which happens to be pure text and easy to parse[1]. The netpbm package contains tools for converting to/from a plethora of formats. And to do basic command-line manipulation of images. For viewing the image, the normal Gnome tools understand PBM - e.g. eog will happily show them, and nautilus will show you thumbnails. Not sure about other file managers... [1] http://en.wikipedia.org/wiki/Netpbm_format -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140209175855.GA30686@hawking
Re: Build binary package from debian sources.New format 3.Errors.
Hi
On Thu, Feb 06, 2014 at 12:07:16AM +, Luis Suzuki wrote:
When I needed to build a package from debian sources I used to:
bzcat ../debianpackage.diff.gz | patch -p1 from within the original
source.Then:
debuild.And everything went smoothly.
Now I do (and does not work):
From within the original package sources directory tree:
tar xfz ../debianpackage.debian.tar.gz (the patch tree)
A debian directory appears within the original sources top level directory
and I do:
debuild or
dpkg-buildpackage -us -uc
And does not work.What am I doing wrong?
An error message would be helpful here...
Why not just:
apt-get source ${packagename}
? I find it does *everything* anyway..
Hope this helps
--
Karl E. Jorgensen
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20140206124440.GA25770@hawking
Re: Strange networking behavior
Hi On Mon, Feb 03, 2014 at 09:56:24AM +0100, Florian Götz wrote: Hi Debian-Users, I got a network problem with one of my Debian VMs. The VM runs on an ESX Host (5.1) with several other VMs (SLES11). It´s a Debian 6 (can´t upgrade due to errors with the other running software at the moment) which hosts a Network Management System (Opsview) based on nagios. Oh well. For this problem I suspect that the debian version is irrelevant. If I disconnect a network switch in another building several other hosts get unavailable (are not pingable anymore). So the other hosts I assume are on a remote subnet (from the debian box's point-of-view). If I try to ping these hosts from one of the SLES machines on the same ESX host they are reachable. The SLES hosts: are they on the same subnet as the debian box? Try traceroute - two runs from the other hosts: - one towards one of the SLES machines - one towards the debian box and check for differences in the output. Assuming that the SLES machines are on the same subnet as the debian box, the route should be the same. The interesting point is where they differ... So it isn´t a failure in ESX Network Configuration etc. Possibly. If the debian box is on the same subnet (same vlan ip range), then yes: This would most likely exclude the esx network side of things. If the debian box is on a different subnet, then this is still an open question. It takes about an hour before the hosts get back to state pingable on the Debian machine. a whole hour!? That is way too long for spanning tree to settle down. So spanning tree/routing can probably be eliminated as suspects. A hunch: Do you have a duplicate IP address on subnet where the debian box lives? These can be hairy to debug... (but 1 hour is a lot even for this type of problem). The only reliable way I have found is to take the suspect box down, and see whether the IP address still responds to ARP requests (obviously from the same local subnet). If it does, then you can use the MAC address to track down the other box with that IP address. Alternatively, try ping/arping it from neighbouring hosts (=same subnet) and check they all get the same MAC address for the debian box? (this is pretty much pot luck and probably depends on the switch behaviour). So for any reason the debian host can´t get to these hosts, but after a sort of random amount of time everything is fine again. Randomness points towards cache of some sort... Somewhere. Hopefully traceroute can point in the right direction. Anyone got a hint where to search for a solution to that? Best regards Florian Götz -- Mit freundlichen Grüßen Florian Götz - Dipl.-Inf. (FH) Florian Götz Rechenzentrum Hochschule Mannheim Paul-Wittsack-Straße 10 68163 Mannheim Tel: 0621/292-6232 EMail: f.go...@hs-mannheim.de Internet: http://www.rz.hs-mannheim.de - -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140203131626.GA23592@hawking
Re: making my Wheezy beep. How?
Hi On Thu, Jan 30, 2014 at 10:40:22PM -0700, Paul E Condon wrote: I want my Wheezy desktop (windowing with xfce) to issue a beep after a adjustable amount of time. I expected that I could do this with a tiny bash script using sleep and echo, but I cannot get echo to make the computer issue a beep as it should according to the man page. What special knowledge is needed? Why don't I get a beep with: echo -e \a apt-get install beep ? Description-en: advanced pc-speaker beeper beep does what you'd expect: it beeps. But unlike printf \a beep allows you to control pitch, duration, and repetitions. Its job is to live inside shell/perl scripts and allow more granularity than one has otherwise. It is controlled completely through command line options. It's not supposed to be complex, and it isn't - but it makes system monitoring (or whatever else it gets hacked into) much more informative. Sounds like it does what you want. I believe this will use the built-in PC speaker (the same one the BIOS uses to complain about stuff) and not the sound card. In the past I used a package which I cannot find at the moment. I *think* it was called ditty but my apt-fu is not working for me today. Had lots of fun getting a whole rack playing Fur Elise ... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140131110750.GA340@hawking
Re: Port 123 and ipv6
Hi On Tue, Jan 28, 2014 at 03:00:43PM +0800, lina wrote: I read something online, and wonder: 1] shall I close the port 123 Probably you should, unless you're providing ntp to some other hosts.s I have disabled the ntp. Here is other two things: 1] about port 631, can I turn it off? since I only print very occasionally, I don't know the real purpose of cupsd; 2] I don't know why the dhclient occupy several ports to listen, and what's a little annoying is that seems my IP address barely changed even I reboot after one night. # netstat -nltup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3288/cupsd tcp0 0 127.0.0.1:250.0.0.0:* LISTEN 3776/exim4 tcp0 0 127.0.0.1:2628 0.0.0.0:* LISTEN 3268/0 tcp6 0 0 ::1:631 :::* LISTEN 3288/cupsd cups is only listening on port 631 on localhost (=127.0.0.1 in ipv4 and ::1 in ipv6) - it is not open to the outside world. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2014012853.GA12055@hawking
Re: notify if a process take more than X time
Hi On Mon, Jan 27, 2014 at 06:43:20PM +0100, Pol Hallen wrote: Hi all, I need add to my script a notify if a process take more than X time, so using ps I can see what time take a process: ps -ao cmd,etime|grep backup /bin/sh ./backup03:44:55 what's the easy way to do a notify by email? redirect output of ps to file and use sed for analize the past time, next verify with if/then or there's a better way? any idea? Hm.. I don't know how to do the notify bit, but you *can* send a signal to the offending process if it takes more than a certain time - the command you need for this is timeout (part of GNU coreutils). This is handy for killing off processes that get stuck... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140127183000.GA27891@hawking
Re: Changing Hostname?
Hi On Sat, Dec 21, 2013 at 01:45:11PM -0500, Jon N wrote: I recently installed Jessie on a new computer. Now that I have the system up and running I decided that I would like to have a different hostname than the rather unimaginative 'localhost-01' I picked during install. I used the mate-network-admin utility to change it, and checked /etc/hostname and saw that the change was reflected there also. Then I rebooted. The display manager wouldn't load, leaving me with an almost blank screen (there was a blinking cursor in the upper left corner). I switched to another virtual terminal, edited /etc/hostname back and was able to boot normally. Although when I just opened mate-network-admin again it still had the new name in there. Apparently mate-network-manager changes /etc/hostname, but changing /etc/hostname doesn't reverse it completely??? (I'm thinking I must have done something wrong, because that doesn't make sense). Anyway, the main question is, how do i change the hostname for my system? I did do some searching online, and so far I found that I have to change: /etc/hostname /etc/hosts then run the command sysctl kernel hostname=NEW_HOSTNAME. There were also directions on how to change config files for some specific packages. Am I missing anything? In general, if you're changing host name, *ALL* references to the old name should be tweaked. I would recommend: # sed --in-place=.bak -e 's/localhost-01/yournewname/g' $(grep -lr localhost-01 /etc) (followed by a reboot to completely eradicate all memory of the old name). Some packages, e.g. require additional attention here. Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131221193715.GA31023@hawking
Re: Shutdown computer after a specific command has been executed
Hi On Mon, Dec 09, 2013 at 05:42:17PM +0600, Muntasim-Ul-Haque wrote: Hi, I need a tool that would make sure that, my computer would shutdown after a specific command has been executed. This tool would just wait for the Terminal for executing a command, like 'sudo apt-get upgrade' and then after the command has been executed, my computer would shutdown. Is that possible? Is there a tool or anything out there that can do this for me? Let me know. It would be of great help. Thanks in advance. Others have given useful advice on how to achieve this, but I'm curious: WHY ? It appears non-sensical to upgrade a box and then switch it off? Not even reboot!? I may be a purist, but I find the whole notion of shutdown or reboot abhorrent. That's something you'd do before physically moving a desktop (perhaps: suspend-to-disk seems better here), or after a kernel upgrade (but then it is reboot, not shutdown). -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131209131139.GA23207@hawking
Re: HA Active/Active Cluster
Hi On Wed, Nov 27, 2013 at 11:19:15AM +0100, basti wrote: Hello, I plan to setup an Active/Active HA Webserver with 2 VPS. I read something about Heartbeat/Pacemaker and HAProxy but what do I need? What is overkilled? heartbeat/pacemaker are good for making an IP address float between servers: if one server goes down, the IP address will migrate to another server. This avoids a single point of failure here. [1]. HAProxy is good too, but solves the problem differently: Instead of letting your servers accept connections directly, you force everything to connect to haproxy, which will then proxy the connection to whichever server is up. This gives you some simple load balancing too. But it gives you a single point of failure on the proxy. Either way, TCP connections will break if a back-end server fails - it will be up to the clients to re-establish connections. For browsers, this should not be a problem, but if you run a web application which relies on long-lived connections, this may be a concern. Which one is best for you? It depends... How much complexity are you willing to suffer? Which failures are you trying to guard against? Depends on your situation... Whichever solution you choose, make sure you get well aquainted with it and know the limitations of it; if the requirements change, this may change the tradeoff between load balancing, high availability, performance, recovery time, complexity etc. And is it possible to setup this with only 1 public IP per Server? Is there an Tutorial somewhere? I'm sure there is - google searches for haproxy debian tutorial and pacemaker debian tutorial both give sensible results :-) [1] Well: it avoids *this* single point of failure. You may well have single points of failures elsewhere, both in front of and behind the web servers... -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131127111422.GA7486@hawking
Re: No Video
On Wed, Nov 27, 2013 at 02:35:57PM -0500, erosenb...@hygeiabiomedical.com wrote: Dear List - I was having problems with the video on my Linux box; ie no video, only terminal after an update. I am running jessy/sid 32 bit. The question was whether the hard drive and/or the Intel video chip on the board were bad. A disk test showed no errors, and a clean boot from a live CD showed that the video chip was good. What makes you think the hard drive is bad? If you only get text mode, then it sounds more like your X server is having a problem. And since it happened as a result of an update, I'd suspect the software, rather than the hardware. A dive into the X logs might help here.. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131127220049.GB7486@hawking
Re: Debugging segfaults in commercial software on Jessie
Hi On Tue, Nov 19, 2013 at 10:14:22AM +, Bernhard Schmidt wrote: Hi, I'm a bit at a loss here, maybe someone has an idea how to look. We run a commercial software called IBM Tivoli Storage Manager (TSM) for Backup purposes. It is quite an ugly beast, but it works just fine on Wheezy. Oh. You have my condolences. Anything starting with IBM Tivoli is... bad. When upgrading to Jessie, it produces a segfault on most systems root@lxmhs70:~# dsmc q fi IBM Tivoli Storage Manager Command Line Backup-Archive Client Interface Client Version 6, Release 4, Level 0.7 Client date/time: 11/19/2013 10:57:01 (c) Copyright by IBM Corporation and other(s) 1990, 2013. All Rights Reserved. Node Name: LXMHS70 Aborted You may be able to make some headway by using strace, to see which systems calls it uses: root@lxmhs70:~# strace dsmc q fi But it is bound to be a long slog (nice hostname by the way...) The weird thing is, my colleague running sid on his desktop has the same problem. My desktop, running Jessie, does _not_ have the same problem. The VM in question, also running Jessie, does have this problem. Interesting... Perhaps there are differences in the package versions? Subtle ones? I'd say run a dpkg -l | grep '^ii' on both (or all 3) systems and diff the output... It's bound to flag *something* up, unfortunately most of it is probably insignificant. But there could be a gold nugget in there. I compared strace on both sides and there is no notable difference (more filesystems on my desktop, but nothing extraordinary). Library versions are the same. I adjusted environment variables to be the same, no difference. Ah. You've been there already. My colleague fixed it by using an older libc, using this method (http://www.debian-administration.org/users/lee/weblog/30) and the following packages libc6_2.13-38_amd64.deb libgcc1_4.7.2-5_amd64.deb libstdc++6_4.7.2-5_amd64.deb libtinfo5_5.9-10_amd64.deb but as I said, it works for me just fine. When running such software, I find it handy to relegate it to a chroot environment: commercial software tends to be very fickle with dependencies - many of which are undeclared. So to avoid too many distracting discussions, I'd be sorely tempted to set up a debian stable chroot to do stuff in. Or go the whole hog and use a LxC instance... Does anyone have an idea how to debug this? I don't want to open a bug report right now on either side because its commercial software on a non-stable distribution version. Well - if the developers are worth their salt, they probably *want* to know about this not working on the next version of Debian. I know that I would Best bet would probably be to look at migrating away from it... But I suspect that the golden rule[1] applies and you're stuck with it because that's what the PHB wanted... [1] The golden rule: Those with the gold make the rules. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131119133329.GA2041@hawking
Re: New laptop...........
Hi On Fri, Nov 15, 2013 at 06:35:50AM +1100, Charlie wrote: Had to get a new laptop, my 7 year old Acer needs replacing bought a Toshiba C50D Satellite. But can't get into the BIOS by the way that is posted on the net. Press F2 before powering up. *before* ? According to http://support.toshiba.com/support/viewContentDetail?contentId=4001695 it should be pressed *while* powering it on. And I guess: keep the button pressed too...? Tried Esc and Del and a combination of all three. Anyone have any ideas how it might be done? I might be stuck with having to use Windows. [sad] Oh the horror! We cannot allow that to happen! -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131114194023.GG23016@hawking
Re: apache2 + munin configuration
Hi On Tue, Nov 12, 2013 at 05:55:13PM +0100, rudu wrote: Hi, Well, I wouldn't have thought having so many difficulties setting up a simple monitoring system on my Jessie amd64 desktop, but after a few hours wandering the net, I guess I could use some guidance ... What I've done so far : aptitude install apache2 munin munin-node ii apache2 2.4.6-3 amd64 Apache HTTP Server ii munin2.0.17-3 all network-wide graphing framework (grapher/gatherer) ii munin-node 2.0.17-3 all network-wide graphing framework (node) Then I tried to connect to http://localhost/munin only to get : Forbidden You don't have permission to access /munin on this server. Apache/2.4.6 (Debian) Server at localhost Port 80 At this point, your first stop should be the apache error log... I found some threads here and there via google which lead me to try several things. First in /etc/munin/apache.conf : replace Directory /var/cache/munin/www Order allow,deny Allow from localhost 127.0.0.0/8 ::1 Options None [...] /Directory by Directory /var/cache/munin/www Order allow,deny Allow from all Options None [...] /Directory Hm.. Either should work. If it had no effect, then I suggest you revert that out before doing other changes. Then I did : chown -R www-data:munin /var/cache/munin/www chmod -R 775 /var/cache/munin/www I even added my user to the munin group This would have no effect... I suggest you tidy up again by undoing that. But I still get this error 403 from apache. FWIW I got this in /var/log/apache2/error.log : [Tue Nov 12 17:53:03.987560 2013] [authz_core:error] [pid 2758:tid 139900372383488] [client ::1:53049] AH01630: client denied by server configuration: /var/cache/munin/www Hm.. That is reasonably conclusive... But there is a clue: authz_core ... Isn't that the apache module that is used for user authentication? Makes me wonder what the rest of your apache configuration is like - there must be some interaction between munin and other things in apache... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131113104910.GI11883@hawking
Re: disk cloning ?
Hi On Mon, Nov 11, 2013 at 04:46:07AM -0800, hadi motamedi wrote: Dear All I needed to clone my disk to another hard drive . I did it as the following : #dd if=/dev/sdb of=/dev/sdc But after a while, the procedure ended with the writing to /dev/sdc input/output error message. In general, that is what you would do with two disks of identical size. If the disks are NOT of identical size, then you will probably need to copy each partition: copying the whole disk will also copy the partition table. And the partition table for a smaller disk will not be suitable for a bigger disk I.e. first run fdisk -l /dev/sdb to list your existing partitions and create similar partitions on the new disk. (You have to chance to re-order them here if you want). Then copy each partition separately: dd if=/dev/sdb1 of=/dev/sdc1 etc. (copying multiple partitions in parallel will actually take longer..) Can you please let me know how can I overcome this as the fdisk now returns as #fdisk /dev/sdc I do not know how to handle files with mode 81a4 must set cylinders That error message is new on me... Hope this helps -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2013132333.GA31587@hawking
Re: disk cloning ?
On Mon, Nov 11, 2013 at 05:31:07AM -0800, hadi motamedi wrote: dd if=/dev/sdb1 of=/dev/sdc1 Sorry, I tried for this but getting no space left on device What can I do next? Sounds like you didn't partition the destination drive? -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2013134248.GB31587@hawking
