Re: [Server-devel] Ejabberd CPU/RAM Spike -> Crashes
Ok then. Thanks a lot for the assistance. Things seem to be back to normal. I will look closer tomorrow when the kids are here. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Ejabberd CPU/RAM Spike -> Crashes
> - Is there any disk anomaly? (Reboot forcing a fsck?) Not that I've noticed. > > - Is there any problem in the binaries? If you run rpm with the > 'verify' options, it'll check that no binaries have been corrupted > on-disk... It's normal to see some config files changed, but no > binaries should be different from the rpms. Verify checked out on the ejabberd-xs package. There isn't much sense in reposting the results of the script, as the results are essentially the same. As ejabberd is crashing, I cannot kill it to reapply the domain change. I can set you up an ssh account so you can get a look at what is going on. Perhaps you will see something I am overlooking. Let me know and I will send you the info. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Ejabberd CPU/RAM Spike -> Crashes
Changing the domain, I still get the following error when it tries (and
fails to shutdown ejabberd).
___
Crash dump was written to: erl_crash.dump
Kernel pid terminated (application_controller)
({application_start_failure,kernel,{shutdown,{kernel,start,[normal,[]]}}})
{error_logger,{{2009,12,19},{12,19,16}},"Protocol: ~p: register error:
~p~n",["inet_tcp",{{badmatch,{error,duplicate_name}},[{inet_tcp_dist,listen,1},{net_kernel,start_protos,4},{net_kernel,start_protos,3},{net_kernel,init_node,2},{net_kernel,init,1},{gen_server,init_it,6},{proc_lib,init_p_do_apply,3}]}]}
{error_logger,{{2009,12,19},{12,19,16}},crash_report,[[{pid,<0.20.0>},{registered_name,net_kernel},{error_info,{exit,{error,badarg},[{gen_server,init_it,6},{proc_lib,init_p_do_apply,3}]}},{initial_call,{net_kernel,init,['Argument__1']}},{ancestors,[net_sup,kernel_sup,<0.8.0>]},{messages,[]},{links,[#Port<0.84>,<0.17.0>]},{dictionary,[{longnames,false}]},{trap_exit,true},{status,running},{heap_size,610},{stack_size,23},{reductions,505}],[]]}
{error_logger,{{2009,12,19},{12,19,16}},supervisor_report,[{supervisor,{local,net_sup}},{errorContext,start_error},{reason,{'EXIT',nodistribution}},{offender,[{pid,undefined},{name,net_kernel},{mfa,{net_kernel,start_link,[[ejabberdctl,shortnames]]}},{restart_type,permanent},{shutdown,2000},{child_type,worker}]}]}
{error_logger,{{2009,12,19},{12,19,16}},supervisor_report,[{supervisor,{local,kernel_sup}},{errorContext,start_error},{reason,shutdown},{offender,[{pid,undefined},{name,net_sup},{mfa,{erl_distribution,start_link,[]}},{restart_type,permanent},{shutdown,infinity},{child_type,supervisor}]}]}
{error_logger,{{2009,12,19},{12,19,16}},crash_report,[[{pid,<0.7.0>},{registered_name,[]},{error_info,{exit,{shutdown,{kernel,start,[normal,[]]}},[{application_master,init,4},{proc_lib,init_p_do_apply,3}]}},{initial_call,{application_master,init,['Argument__1','Argument__2','Argument__3','Argument__4']}},{ancestors,[<0.6.0>]},{messages,[{'EXIT',<0.8.0>,normal}]},{links,[<0.6.0>,<0.5.0>]},{dictionary,[]},{trap_exit,true},{status,running},{heap_size,233},{stack_size,23},{reductions,123}],[]]}
{error_logger,{{2009,12,19},{12,19,16}},std_info,[{application,kernel},{exited,{shutdown,{kernel,start,[normal,[]]}}},{type,permanent}]}
{"Kernel pid
terminated",application_controller,"{application_start_failure,kernel,{shutdown,{kernel,start,[normal,[]]}}}"}
Crash dump was written to: erl_crash.dump
Kernel pid terminated (application_controller)
({application_start_failure,kernel,{shutdown,{kernel,start,[normal,[]]}}})
__
Beam is still consuming 100% of the cpu after a few minutes. I'm going to
leave that script running to see what it does over the next few hours.
I imagine I now have to re-register all XO's?
On Sat, Dec 19, 2009 at 10:59 AM, Devon Connolly wrote:
>
> Here is another example after it has been running all night.
>
> http://pastebin.com/m11537281
>
> As you can see, these runaway beam processes vary greatly in there RAM
> usage. Also, they are always using 100% of the cpu.
>
> I will try to clear the DB now and see what happens.
>
>
>
> On Fri, Dec 18, 2009 at 12:51 PM, Martin Langhoff <
> martin.langh...@gmail.com> wrote:
>
>> On Fri, Dec 18, 2009 at 1:37 PM, Devon Connolly wrote:
>> > Anyway, back on topic... Here is that script slightly modified running
>> on
>> > a fresh boot. I'm going to leave this looping and post the file to
>> > pastebin. Here is an initial output after only like 10 minutes. It
>> will
>> > get more interesting over time. I'll paste another later this
>> afternoon.
>>
>> outrageous. beam should have only ~40MB in use, total.
>>
>> if you 'clear' the mnesia db as i suggested (keep a copy for
>> forensics!), does it get better?
>>
>>
>>
>> m
>> --
>> martin.langh...@gmail.com
>> mar...@laptop.org -- School Server Architect
>> - ask interesting questions
>> - don't get distracted with shiny stuff - working code first
>> - http://wiki.laptop.org/go/User:Martinlanghoff
>>
>
>
>
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
[Server-devel] Ejabberd CPU/RAM Spike -> Crashes
Here is another example after it has been running all night. http://pastebin.com/m11537281 As you can see, these runaway beam processes vary greatly in there RAM usage. Also, they are always using 100% of the cpu. I will try to clear the DB now and see what happens. On Fri, Dec 18, 2009 at 12:51 PM, Martin Langhoff wrote: > On Fri, Dec 18, 2009 at 1:37 PM, Devon Connolly wrote: > > Anyway, back on topic... Here is that script slightly modified running > on > > a fresh boot. I'm going to leave this looping and post the file to > > pastebin. Here is an initial output after only like 10 minutes. It will > > get more interesting over time. I'll paste another later this afternoon. > > outrageous. beam should have only ~40MB in use, total. > > if you 'clear' the mnesia db as i suggested (keep a copy for > forensics!), does it get better? > > > > m > -- > martin.langh...@gmail.com > mar...@laptop.org -- School Server Architect > - ask interesting questions > - don't get distracted with shiny stuff - working code first > - http://wiki.laptop.org/go/User:Martinlanghoff > ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Ejabberd CPU/RAM Spike -> Crashes
> Don't reinstall. If possible, let's try to debug this. If you're going > to give up, just > > 1 - Backup /var/lib/ejabberd -- just tar it up > 2 - Use the 'domain_config' script to change the domain -- this will > re-generate the ejabberd mnesia database. What I'd do: change it to > 'foo.com' and then back to the right domain. > I'd like to debug but I only have about a week left here so I need the server to be stable before I leave. I can debug for awhile, but as we approach the holidays, I may need to throw in the table. > I assume you have the different APs in different channels, and > generally avoid channel 1 (as that's where XOs engage in 'mesh' by > default...)... > What we really need is an RF site survey. Unfortunately, there is nobody around that can. They are on different channels but I am forced to use all 3 channels in such a small space. We also have some rude neighbors that decided to amplify their WIFI on channel 6 essentially blanketing the school with interference on that channel. So I have 1 AP on 6, 2 on channel 1, and 2 on channel 11. Anyway, back on topic... Here is that script slightly modified running on a fresh boot. I'm going to leave this looping and post the file to pastebin. Here is an initial output after only like 10 minutes. It will get more interesting over time. I'll paste another later this afternoon. http://pastebin.com/m3426a094 ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Ejabberd CPU/RAM Spike -> Crashes
The server had an uptime of about 50 days before this occurred. There were
no problems and nothing has changed in the 2 or so days since this problem
began. Like had said previously, it seems to have occurred since reflashing
and re-registering a student's XO, but I believe that to be a coincidence.
> - Are you perhaps using an AP that does its own DHCP? One way to
> check for certain is to connect an XO, and then grep /var/lib/dhcpd/
> (or is it /var/spool/dhcpd/ ?) for the MAC address of the XO
We are using 5 wireless AP's. 4 of which are Linksys WRT54G's running
DD-WRT and one is a D-Link modem/AP combo. DHCP is deactivated on all of
the above.
> - Did you also leave XOs running connected to it, or were XOs
> completely disconnected?
I believe all XO's were disconnected. It is possible some were left
connected while in their charging cabinets, but doubtful.
>Is there anything else that could be odd or non-standard in your
>setup? Are you in a VM? Is eth0 on the XS configured via dhcp with a
>short lease? Is there anything in the network between the XOs and the
>XS?
Nothing non-standard really. eth0 is fixed. Although, this server came
pre-installed from the folks involved with the Give One Get One program in
Rwanda. I'm not sure what was modified from the stock server install. I am
debating reinstalling the server from scratch.
I haven't been paying as much attention to the server lately as I should.
As it had been running for about 50 days, I only checked in with the school
periodically. There were problems but mainly in relation to the presence
service and reliably connecting 30 - 100 laptops to the network at one
time. I attribute this behavior to the Linksys AP's as they only seem to
handle about 20 connections per AP reliably. There is also a good amount of
wireless interference to contend with; however, the server was working
well. As it is a bit under-powered, load averages generally stay within the
1.2-1.5 range.
As I write this, the server has an uptime of about 9 hours. Load averages
have reached 25 across the board. The dump files have consumed over a gig
of space filling up the root partition.
>while true; do (echo `date -u `; vmstat; ps_mem.py | grep ejabberd;
>ejabberdctl connected-users | wc-l) >> mylog ; sleep 60 ; done;
Tried the script at night with the high load, and it cannot complete as the
ejabberd node has since crashed. ejabberdctl yields the following error:
_
RPC failed on the node ejabb...@schoolserver: {'EXIT',
{badarg,
[{ets,lookup,
[hooks,
{ejabberd_ctl_process,
global}]},
{ejabberd_hooks,run_fold,4},
{ejabberd_ctl,process,1},
{rpc,
'-handle_call/3-fun-0-',
5}]}}
__
Individually issuing the commands:
# vmstat
Thu Dec 17 20:07:19 UTC 2009
procs ---memory-- ---swap-- -io --system--
-cpu--
r b swpd free buff cache si sobibo in cs us sy id
wa st
25 0 705768 63912 123132 239040 53 92 153 711 1089 539 61 38 0
1 0
# ps_mem.py | grep ejabberd
No output
I've included a screenshot of htop for your viewing pleasure.
http://omploader.org/vMzBvZQ/htop_screen.jpg
I'll give you more relevant info tomorrow.
On Thu, Dec 17, 2009 at 12:16 PM, Martin Langhoff wrote:
> On Thu, Dec 17, 2009 at 1:12 PM, Martin Langhoff
> wrote
> > On Thu, Dec 17, 2009 at 11:35 AM, Devon Connolly
> wrote:
> >> XS Version: 0.6
> >> 1 GB Physical Ram, 2GB Swap
> >
> > Ok - the RAM is on the low side for an XS but should handle 150 ok.
> >
> >> # ejabberdctl connected-users
> > ...
> > I counted 12 lines in the output of connected-users. That should not
> > cause trouble.
>
> Also - can you get your hands on ps_mem.py, and run it when the
> machine is getting into trouble? I want to correlate the output of
> ps_mem.py for ejabberd vs the number of connected users, run something
> like this on a console
>
> while true; do (echo `date -u `; vmstat; ps_mem.py | grep ejabberd;
> ejabberdctl connected-users | wc-l) >> mylog ; sleep 60 ; done;
>
> untested, may need tweaking to work properly. If you run it during the
> day and also during the night, will be most interesting.
>
> cheers,
>
>
Re: [Server-devel] Ejabberd CPU/RAM Spike -> Crashes
XS Version: 0.6
1 GB Physical Ram, 2GB Swap
154 XO's Registered, Any number connected when the problem happens, 0-XX
The XS is controlling dhcp but nothing out of the ordinary as far as
leases are concerned.
No Active Antenna
# /home/idmgr/list_registration
http://pastebin.com/m762076bb
# ejabberdctl stats registeredusers
154
# ejabberdctl connected-users
032a8890f8a9731cfc611580524176a1f8f6c...@schoolserver.notredame.sn/Telepathy
0a0c7fd971cdd25851ba34c9df66ef1845900...@schoolserver.notredame.sn/Telepathy
1c058ff553b654a3d808a3ffe95aadf4de841...@schoolserver.notredame.sn/Telepathy
26b8669a3e9387ac726296de07deced5aaf49...@schoolserver.notredame.sn/Telepathy
2f596cc8d6977519411f5c8fcc65e751e8bd3...@schoolserver.notredame.sn/Telepathy
909785500a4fc5e14fe9f1cd7657e7ac34440...@schoolserver.notredame.sn/Telepathy
9b2102f9af673393c9faa1f3565bd28773f48...@schoolserver.notredame.sn/Telepathy
b4e5426593e58970c1b5dafa2adb39e4c3e59...@schoolserver.notredame.sn/Telepathy
b7b58f3b01f49c8c652ddaedffd6faeef555b...@schoolserver.notredame.sn/Telepathy
efb20aece0870421fc0f3facc58653bdac922...@schoolserver.notredame.sn/Telepathy
f9b21026d27589b02b894e221e5531cd1edd1...@schoolserver.notredame.sn/Telepathy
# olpc-netstatus
//The XO's are using gabble
After leaving it on all night, load averages hit 30 It was
unresponsive and any calls to ejabberdctl yielded the following error:
#ejabberdctl --node ejabb...@schoolserver connected-users
__
{error_logger,{{2009,12,17},{10,0,25}},"Protocol: ~p: register error:
~p~n",["inet_tcp",{{badmatch,{error,duplicate_name}},[{inet_tcp_dist,listen,1},{net_kernel,start_protos,4},{net_kernel,start_protos,3},{net_kernel,init_node,2},{net_kernel,init,1},{gen_server,init_it,6},{proc_lib,init_p_do_apply,3}]}]}
{error_logger,{{2009,12,17},{10,0,25}},crash_report,[[{pid,<0.20.0>},{registered_name,net_kernel},{error_info,{exit,{error,badarg},[{gen_server,init_it,6},{proc_lib,init_p_do_apply,3}]}},{initial_call,{net_kernel,init,['Argument__1']}},{ancestors,[net_sup,kernel_sup,<0.8.0>]},{messages,[]},{links,[#Port<0.84>,<0.17.0>]},{dictionary,[{longnames,false}]},{trap_exit,true},{status,running},{heap_size,610},{stack_size,23},{reductions,506}],[]]}
{error_logger,{{2009,12,17},{10,0,25}},supervisor_report,[{supervisor,{local,net_sup}},{errorContext,start_error},{reason,{'EXIT',nodistribution}},{offender,[{pid,undefined},{name,net_kernel},{mfa,{net_kernel,start_link,[[ejabberdctl,shortnames]]}},{restart_type,permanent},{shutdown,2000},{child_type,worker}]}]}
{error_logger,{{2009,12,17},{10,0,25}},supervisor_report,[{supervisor,{local,kernel_sup}},{errorContext,start_error},{reason,shutdown},{offender,[{pid,undefined},{name,net_sup},{mfa,{erl_distribution,start_link,[]}},{restart_type,permanent},{shutdown,infinity},{child_type,supervisor}]}]}
{error_logger,{{2009,12,17},{10,0,25}},crash_report,[[{pid,<0.7.0>},{registered_name,[]},{error_info,{exit,{shutdown,{kernel,start,[normal,[]]}},[{application_master,init,4},{proc_lib,init_p_do_apply,3}]}},{initial_call,{application_master,init,['Argument__1','Argument__2','Argument__3','Argument__4']}},{ancestors,[<0.6.0>]},{messages,[{'EXIT',<0.8.0>,normal}]},{links,[<0.6.0>,<0.5.0>]},{dictionary,[]},{trap_exit,true},{status,running},{heap_size,233},{stack_size,23},{reductions,123}],[]]}
{error_logger,{{2009,12,17},{10,0,26}},std_info,[{application,kernel},{exited,{shutdown,{kernel,start,[normal,[]]}}},{type,permanent}]}
{"Kernel pid
terminated",application_controller,"{application_start_failure,kernel,{shutdown,{kernel,start,[normal,[]]}}}"}
Crash dump was written to: erl_crash.dump
Kernel pid terminated (application_controller)
({application_start_failure,kernel,{shutdown,{kernel,start,[normal,[]]}}})
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
[Server-devel] Ejabberd CPU/RAM Spike -> Crashes
I'm having some issues with ejabbered after re-flashing and re-registering a
student's XO. No other changes were made to the server; however, the beam
process has begun to constantly use 100% cpu while the ram usage swells to
over 1GB and then proceeds to eat the 2GB swap. This continues until the
load average of the server reaches ~14,14,14 at which time the server
becomes unresponsive.
Multiple erl crash logs are being created (about 5-10 per minute) in
/var/log/ejabberd. A brief excerpt:
erl_crash_20091216-124645.dump
_
=erl_crash_dump:0.1
Wed Dec 16 12:46:47 2009
Slogan: Kernel pid terminated (application_controller)
({application_start_failure, kernel, {shutdown, {kernel, start, [normal,
[]]}}})
System version: Erlang (BEAM) emulator version 5.6.5 [source]
[async-threads:0] [hipe][kernel-poll:false]
--
Anyway, each of these crash dump files are thousands of lines. Any ideas
for debugging this?
Thanks
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] unregister soas
Save the following script to /home/idmgr as something like
remove_all_users:
__
#!/bin/sh
##LIST ALL SERIAL NUMBERS##
sqlite3 /home/idmgr/identity.db "SELECT serial FROM laptops" > dellist.txt
##DELETE ALL ACCOUNTS IN LIST##
for serial in $(< dellist.txt); do
echo "$serial" | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' || exit 1
sqlite3 /home/idmgr/identity.db "DELETE FROM laptops WHERE serial =
'$serial'" || exit 1
/usr/sbin/userdel -r $serial
done
__
Don't forget to make it executable... Again, remove the '-r' option if you
don't want to delete the users files.
# chmod +x /home/idmgr/remove_all_users
Cleaning up the moodle database should be similarly simple.
> # su - postgres
> # psql
> # \connect moodle-xs
> # DELETE FROM mdl_user;
If you use the admin account, be careful not to delete it. You can always
just make another one after though.
On Sat, 17 Oct 2009 19:37:12 -, David Leeming
wrote:
> Is there a way to delete all users from the XS? I.e. I have upgraded from
> 0.5.2 and wish to start afresh with a "clean" upgrade.
>
>
>
> David Leeming
> Solomon Islands Rural Link
> http://www.leeming-consulting.com
>
> -Original Message-
> From: server-devel-boun...@lists.laptop.org
> [mailto:server-devel-boun...@lists.laptop.org] On Behalf Of Devon
> Connolly
> Sent: Sunday, 18 October 2009 5:13 a.m.
> To: server-devel@lists.laptop.org
> Subject: Re: [Server-devel] unregister soas
>
> With the latest XO build you need to:
>
> # rm .sugar/default/config
>
> Then press CTL+ALT+ERASE. You will need to re-enter the students name
> and
> the register option will have returned.
>
> From what I've experienced "sugar-control-panel -c registration" only
> seems to allow laptops that were having trouble registering register. If
> they are already registered, I don't think it does anything.
>
> To clear the server of all history of the registration:
>
> # /home/idmgr/remove_user "SERIAL#"
>
> This will delete the user from the registration sqlite database. It also
> deletes the user account fromt he server. I modified the script so it
> also deletes the users backup files...
>
> /home/idmgr/remove_user
> ___
>
> #!/bin/sh
>
> for serial; do
> echo "$serial" | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' || exit 1
> sqlite3 /home/idmgr/identity.db "DELETE FROM laptops WHERE serial =
> '$serial'" || exit 1
> /usr/sbin/userdel -r $serial
> done
> ___
>
> Take away the '-r' option from userdel to refrain from deleting the users
> files.
>
> When deleting the users from Moodle, they should be just marked deleted
> but are not removed from the Moodle database. To get rid of them you
> need
> to:
>
> __
> # su - postgres
> # psql
> # \connect moodle-xs
> # DELETE FROM mdl_user WHERE mdl_user.deleted = 1; //To delete all
> users
> that were deleted from the moodle interface.
> # DELETE FROM mdl_user WHERE mdl_user.username = 'USERSNAME'; //To
> delete
> a specific user
> # \quit
> ___
>
> I believe the above removes all traces from the server.
>
> On Sat, 17 Oct 2009 15:41:30 -, Tim Moody
> wrote:
>
>> Is there a way to unregister a client with the xs?
>>
>> sugar-control-panel -c register didn't seem to do anything.
>> ___
>> Server-devel mailing list
>> Server-devel@lists.laptop.org
>> http://lists.laptop.org/listinfo/server-devel
>
>
>
> ___
> Server-devel mailing list
> Server-devel@lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
>
>
>
--
Devon Connolly
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] unregister soas
With the latest XO build you need to:
# rm .sugar/default/config
Then press CTL+ALT+ERASE. You will need to re-enter the students name and
the register option will have returned.
From what I've experienced "sugar-control-panel -c registration" only
seems to allow laptops that were having trouble registering register. If
they are already registered, I don't think it does anything.
To clear the server of all history of the registration:
# /home/idmgr/remove_user "SERIAL#"
This will delete the user from the registration sqlite database. It also
deletes the user account fromt he server. I modified the script so it
also deletes the users backup files...
/home/idmgr/remove_user
___
#!/bin/sh
for serial; do
echo "$serial" | grep -s -E '^[A-Z]{3}[A-F0-9]{8}$' || exit 1
sqlite3 /home/idmgr/identity.db "DELETE FROM laptops WHERE serial =
'$serial'" || exit 1
/usr/sbin/userdel -r $serial
done
___
Take away the '-r' option from userdel to refrain from deleting the users
files.
When deleting the users from Moodle, they should be just marked deleted
but are not removed from the Moodle database. To get rid of them you need
to:
__
# su - postgres
# psql
# \connect moodle-xs
# DELETE FROM mdl_user WHERE mdl_user.deleted = 1; //To delete all users
that were deleted from the moodle interface.
# DELETE FROM mdl_user WHERE mdl_user.username = 'USERSNAME'; //To delete
a specific user
# \quit
___
I believe the above removes all traces from the server.
On Sat, 17 Oct 2009 15:41:30 -, Tim Moody
wrote:
> Is there a way to unregister a client with the xs?
>
> sugar-control-panel -c register didn't seem to do anything.
> ___
> Server-devel mailing list
> Server-devel@lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] .6 release and Dansguardian
> What is the output of "iptables -t nat -L -v" > I can't cite any explicit benefits as this is my first XS install and my first time using Dansguardian. I'm still getting used to iptables and the wonderful science of redirecting packets. Google led me to believe this is the best way to do it so folks have no chance of circumventing DG. # sudo iptables -t nat -L -v Chain PREROUTING (policy ACCEPT 1643 packets, 150K bytes) pkts bytes target prot opt in out source destination 2562 138K REDIRECT tcp -- lanbond0 any anywhere anywheretcp dpt:http redir ports 3128 0 0 REDIRECT tcp -- mshbond0 any anywhere anywheretcp dpt:http redir ports 3128 0 0 REDIRECT tcp -- mshbond1 any anywhere anywheretcp dpt:http redir ports 3128 0 0 REDIRECT tcp -- mshbond2 any anywhere anywheretcp dpt:http redir ports 3128 Chain POSTROUTING (policy ACCEPT 10613 packets, 544K bytes) pkts bytes target prot opt in out source destination 4233 282K MASQUERADE all -- anyeth0anywhere anywhere Chain OUTPUT (policy ACCEPT 12189 packets, 670K bytes) pkts bytes target prot opt in out source destination 2037 122K ACCEPT tcp -- anyany anywhere anywheretcp dpt:http owner UID match squid 119 7140 ACCEPT tcp -- anyany anywhere anywheretcp dpt:squid owner UID match squid 96 5688 REDIRECT tcp -- anyany anywhere anywheretcp dpt:http redir ports 8887 17 940 REDIRECT tcp -- anyany anywhere anywheretcp dpt:squid redir ports 8887 === As you can see, everything 'should' be being redirected from squid to dansguardian. Before the upgrade, this worked flawlessly, so something got mixed up with the new configs. It seems to be ignoring the last rule in the OUTPUT chain. Again, squid access.log reports normal activity, but dansguardian access.log isn't touched. This is why I love gentoo cause you know everything that goes into your build, so troubleshooting is a snap. These highly customized builds that run off an array of scripts can be tough to navigate unless you are very familiar how everything works. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] .6 release and Dansguardian
Ok. So I'll give you guys an overview of applicable config files to see if we can't spot the problem. I will only list applicable entries. First, the basic setup: 2 NICS, onboard and USB. USB nic is eth0 with fixed IP 192.168.1.1. eth1 is bonded to create lanbond0 on 172.168.0.1 I still don't see why all traffic passing through lanbond0 is using squid and then bypassing dansguardian. iptables-xs.in: ___ *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] @@SQUID@@ -A POSTROUTING -o @@WAN@@ -j MASQUERADE -A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8887 -A OUTPUT -p tcp -m tcp --dport 3128 -j REDIRECT --to-ports 8887 COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT dansguardian.conf filterip = filterport = 8887 proxyip = 172.18.0.1 proxyport = 3128 daemonuser = 'squid' daemongroup = 'squid' ___ squid-xs.conf ___ cache_effective_user squid cache_effective_group squid ___ # nmap -T4 172.18.0.1 ___ Not shown: 1703 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.1 (protocol 2.0) 53/tcp open domain | zone-transfer: | notredame.sn.SOA localhost. root.notredame.sn. | notredame.sn.NS localhost. | escuela.notredame.sn.CNAME | library.notredame.sn.A172.18.0.1 | ntp.notredame.sn.A172.18.0.1 | presence.notredame.sn. A172.18.0.1 | school.notredame.sn. A172.18.0.1 | schoolserver.notredame.sn. A172.18.0.1 | conference.schoolserver.notredame.sn.A172.18.0.1 | schoolserver1.notredame.sn. A172.18.1.1 | schoolserver2.notredame.sn. A172.18.1.2 | schoolserver3.notredame.sn. A172.18.1.3 | schoolserver4.notredame.sn. A172.18.1.4 | schoolserver5.notredame.sn. A172.18.1.5 | schoolserver6.notredame.sn. A172.18.1.6 | schoolserver7.notredame.sn. A172.18.1.7 | schoolserver8.notredame.sn. A172.18.1.8 | schule.notredame.sn. CNAME | time.notredame.sn. A172.18.0.1 | www.notredame.sn.A172.18.0.1 | xs.notredame.sn. A172.18.0.1 |_ notredame.sn.SOA localhost. root.notredame.sn. 80/tcp open http-proxy DansGuardian HTTP proxy 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: NOTREDAME) 191/tcp open prospero? 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: NOTREDAME) 873/tcp open rsync(protocol version 30) 3128/tcp open http-proxy DansGuardian HTTP proxy 3306/tcp open mysql MySQL (unauthorized) 8080/tcp open httpPython SimpleXMLRPCServer (BaseHTTP 0.3; Python 2.5.1) 8887/tcp open http-proxy DansGuardian HTTP proxy _ What else is applicable? On Sat, 17 Oct 2009 08:08:47 -, Martin Langhoff wrote: > On Sat, Oct 17, 2009 at 2:15 AM, Devon Connolly wrote: >> Right, I appended the aforementioned entries to "iptables-xs.in" so that >> the resulting iptables-xs file reflected the modifications, but the >> rules >> still did not take affect. > > And you did "/etc/init.d/iptables restart" to make it take effect... > right? I notice I forgot to mention that key step :-) > > (And Jerry's suggested change is also needed.) > > cheers, > > > > m -- Devon Connolly ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] .6 release and Dansguardian
Check on both the suggestions above. I had already added the entries to that portion of the file and I restarted iptables. The result is a working dansguardian when sshing into the server and opening lynx in a term. However none of the traffic coming from computers on the LAN is being directed to Dansguardian. Today, I will try to retrace my steps more carefully and post a more detailed summary. On Sat, 17 Oct 2009 08:08:47 -, Martin Langhoff wrote: > On Sat, Oct 17, 2009 at 2:15 AM, Devon Connolly wrote: >> Right, I appended the aforementioned entries to "iptables-xs.in" so that >> the resulting iptables-xs file reflected the modifications, but the >> rules >> still did not take affect. > > And you did "/etc/init.d/iptables restart" to make it take effect... > right? I notice I forgot to mention that key step :-) > > (And Jerry's suggested change is also needed.) > > cheers, > > > > m -- Devon Connolly ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] .6 release and Dansguardian
Right, I appended the aforementioned entries to "iptables-xs.in" so that the resulting iptables-xs file reflected the modifications, but the rules still did not take affect. Dansguardian only seems to be working locally (on the server) but not on any computers in the LAN. If said entries are not appended to iptables-xs.in, Dansguardian does not work on the server or lan. I am yet to figure out why the port forwarding rules are not working LAN-side. So why are requests passing through port 3128 not being redirected to port 8887? Something else seems to be amiss as the rules have been applied to iptables. On Fri, 16 Oct 2009 18:01:25 -, Martin Langhoff wrote: > On Fri, Oct 16, 2009 at 4:08 PM, Devon Connolly wrote: >> >> I'm not sure what I am overlooking but was anything changed in .6 that >> could be breaking my Dansguardian install? My iptables are set up as >> before adding the following entries: > > Hi! Yes, there has been a change in iptables, to better support use of > other devices as the WAN port (wlan0, ppp0, etc). > > You now want to look at /etc/sysconfig/olpc-scripts/iptables-xs.in -- > note the trailing '.in' -- this gets processed by > /etc/syscofnig/olpc-scripts/gen-iptables to generate > /etc/sysconfig/olpc-scripts/iptables-xs > > hth, > > > > m -- Devon Connolly ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] .6 release and Dansguardian
I'm not sure what I am overlooking but was anything changed in .6 that could be breaking my Dansguardian install? My iptables are set up as before adding the following entries: iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner squid -j ACCEPT iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8887 iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8887 It seems everything coming in on the LAN interface is running through squid but then not redirected to dansguardian. Dansguardian is functioning normally on the server via lynx. Dansguardian access log isn't picking up anything when accessing the net from the LAN. Squid access log is also not reporting anything unusual. Thanks for any insight ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] another distro?
How about Gentoo? Can't beat portage. On Fri, 09 Oct 2009 16:01:35 -, Sameer Verma wrote: > Now that we have XS 0.6 in the "Stable", I'll raise the issue once > more. Are we at a point in development where we can reassess the issue > of basing the XS on other distros such as Debian stable or Ubuntu LTS? > > Sameer -- Devon Connolly ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Allowing Auto-Login to Moodle from 2 Domains
Let me explain my setup in a little more detail. The server DNS is currently set to the standard schoolserver.notredame.sn. I grabbed a host redirect at no-ip.com pointing to my WAN router and subsequently the server at http://notredamemboro.no-ip.info (have a look). My intention is to allow the kids to access server services such as Moodle if they are sick or during the weekends. Believe it or not, a number of the kids have access to wifi outside of school. My other primary reason is to allow the kids in each class to make weekly blog posts to document their experiences. Making the host redirect resolve properly on the LAN is a piece of cake just appending the address to the hosts file. As you can see right now, everything works except moodle on the WAN. I can make it work on the WAN by modifying the code in /config.php by simply modifying $CFG->wwwroot. This allows for everything to resolve correctly on the LAN & WAN but breaks auth/olpcxs. To test, I redefined XS_FQDN and replaced 'schoolserver' with the WAN host name. Again, everything resolves correctly, but auth doesn't work correctly. If I were to register an XO with the domain no-ip.info, I imagine it would work, but wouldn't that require patching a good deal of the ejabberd config also? Would it be terribly complicated to rework auth to base authentication simply on UUID and serial number on any domain? If you think this is more work than it is worth, it isn't necessary by any means. I just think it would be convenient. Thanks for the info On Mon, 28 Sep 2009 08:16:19 -, Martin Langhoff wrote: > On Sun, Sep 27, 2009 at 2:32 PM, Devon Connolly wrote: >> logging in to moodle. As auth_olpc only accepts connections using the >> standard schoolser...@domain.com, I would like it to additionally >> accept a >> no-ip.info host redirect domain. > > Sounds like you may want to patch auth/olpcxs :-) > >> Second, I know this is a bit more complicated, but what do I need to >> hack >> to allow firefox/opera to benefit from auto login? > > During the startup of Browse, we add a cookie to the cookies.sqlite > file. The cookie is for the domain of the XS, and the value of it is > based on the laptop's serial number & uuid. Have a look at the moodle > code > > Of course, it depedns on the XS knowing about the SN and uuid in > advance - and that happens with registration. Registration across 2 > networks is not going to be easy :-/ > > cheers, > > > m -- -- -- Devon Connolly ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Allowing Auto-Login to Moodle from 2 Domains
Rather than digging around the config files myself, I thought it'd be quicker to ask people that actually know what they are doing. I know the server assumes LAN access to moodle only, but I was looking to allow students and teachers to access the server remotely. I set up a host redirect to access apache over the WAN. Everything works well, aside from logging in to moodle. As auth_olpc only accepts connections using the standard schoolser...@domain.com, I would like it to additionally accept a no-ip.info host redirect domain. Second, I know this is a bit more complicated, but what do I need to hack to allow firefox/opera to benefit from auto login? Thanks in advance ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
