Since some ages we are deploying IPv6 in our network and also for some selected services. Some days ago we discovered, that anybody has enabled accidentally a router advertisement daemon in a network where this shouldn’t happen. As result of this, IPv6 enabled systems got (additional) IPv6 adresses and some services where using this new learned addresses as source address when sending out replies.

Maybe this doesn’t sound so harmful on the first view. But some services rely on a correct source address when getting a reply for a request (for example dns resolver library).

To be aware of the issue, that a service maybe available via IPv4 but not via IPv6 or vica versa, a dualstacked monitoring needs to be in place for dualstacked services. Looking into the issue, I stumbled upon Michael Friedrichs HowTo about Dualstacked monitoring with Icinga.

Luckily we have the full software stack in place on Squeeze (with squeeze-backport). As icinga and nagios-plugins was in installed already, I just needed to fetch check_multi.

# aptitude install -t squeeze-backports nagios-plugin-check-multi

Now a new check command is needed, I created the following:

define command {
    command_name                    check_multi_icinga
    command_line            /usr/lib/nagios/plugins/check_multi \
    -f /etc/check_multi/$ARG1$ $ARG2$ $ARG3$ $ARG4$ \
    -s objects_cache=/var/cache/icinga/objects.cache \
    -s status_dat=/var/cache/icinga/status.dat \
    -s HOSTADDRESS=$HOSTADDRESS$ -s HOSTADDRESS6=$HOSTADDRESS6$
}

For monitoring connectivity I created check_host_alive_dualstack.cmd

command[ IPv4 ]         = check_ping -4 -H "$HOSTADDRESS$" -w 5000.0,100% -c 5000.0,100% -p 5
command[ IPv6 ]         = check_ping -6 -H "$HOSTADDRESS6$" -w 5000.0,100% -c 5000.0,100% -p 5
state   [ CRITICAL   ] = COUNT(CRITICAL) > 1
state   [ WARNING    ] = COUNT(WARNING) > 0 || COUNT(CRITICAL) > 0
state   [ UNKNOWN    ] = COUNT(UNKNOWN) > 1

Now we just need to replace the check-host-alive command and add a value for  ”address6” on the host as the following

define host{
    use                     generic-host            ; Name of host template to use
    host_name               localhost
    alias                   localhost
    address                 127.0.0.1
    address6                ::1
    check_command           check_multi_icinga!'check_host_alive_dualstack.cmd'!'-r 1+2+4+8'
}

Reloading icinga should you show something like this:

Now we have general connectivity of our dualstacked systems monitored.

Also this year the Debian Project is running a booth at Chemnitzer Linux-Tage.

Unfortunately this year we are lacking a bit manpower compared to the last years. Actually we have 6 persons at our wiki without knowing how much time everybody will be present at the booth. It would be really cool, if we can prevent us from having a Déjà vu.
So if you want to visit one of the best community focused OpenSource events in germany and can invest some time helping to run our booth, have a look into the report from last year and the organization wiki.

If you feel you want to be part of this enjoyable event, please get in touch with me. As the registration for the booth is closing on 28th February, don’t wait too long! ;)

Today I was wondering that I had almost no new mail in my inbox in the morning. After a while I decided to have a look into the server logfiles …. so I learned that postfix wasn’t able to deliver mails via lmtp cause of:

Oct  7 07:45:56 post cyrus/lmtpunix[307]: DBERROR db4: Logging region out of memory; you may need to increase its size
Oct  7 07:45:56 post cyrus/lmtpunix[307]: DBERROR: opening /var/lib/cyrus/deliver.db: Cannot allocate memory
Oct  7 07:45:56 post cyrus/lmtpunix[307]: DBERROR: opening /var/lib/cyrus/deliver.db: cyrusdb error
Oct  7 07:45:56 post cyrus/lmtpunix[307]: FATAL: lmtpd: unable to init duplicate delivery database
Oct  7 07:45:56 post cyrus/master[754]: service lmtpunix pid 307 in READY state: terminated abnormally

Seems like this can be fixed with:

# /etc/init.d/cyrus2.2 stop
# cat< /var/lib/cyrus/db/DB_CONFIG
set_cachesize 0 2097152 1
set_lg_regionmax 1048576
EOM
# /etc/init.d/cyrus2.2 start

Looking more closer into the logs, it turned out that this trouble started last night when I connected with a client running the soon to be released Ubuntu Oneiric Ocelot using the new kmail2.

So it looks like the KDE/Ubuntu folks broke again kmail (or any KDE subsystem), as it also has troubles when migrating over from kmail(1) and it looks like it’s not able to access most of the imap subfolders. Well done!

After visiting the great Deadmau5 concert of his Europe Tour in Berlin 7 weeks ago, I’m involved into a traditional cultural event on the technical side on the next weekend.

We are running the plattform for the online streaming of Lohengrin live from the Bayreuth Festival Theatre on Sunday, 14th August 2011. Usually we are coming together around noon and having a BBQ while keeping all the stuff up and running.

To get back into this millenium, we (yes, my girl and me) are at the Highfield festival the weekend afterwards. I guess you can find me at the “white stage” or at camp site. Keep on rocking!

Sometime it happens, that there are school holidays. As my lovely girl used to be a teacher, she has some time off at that period. So she left me with our kids yesterday to visit the grandparents.
It was two hours after leaving, when I was really surprized that I was sitting around and thinking about what to do next, as normaly the weekend is family time.
So I decided to take my bike and a paper map to get of for a trip. Since some years, I usually use my bike to escort the girls or when going to work, which is just a 5 minutes ride, so I thought that would be a great opportunitiy.

I took a backpack with raining clothes, mounted the bike helmet on it, in case I needed to go cross country, some water and my music player.
It was a great ride, beside that I realized I’m not in the same condition as some years ago. Unfortunately this will likely not change in the next 12 mounth, as we have some projects in the queue we need to deal with. Hopefully we will solve that satisfactorily and have a bit more spare time afterwards.

Anyways .. 27,65km in 1h40 is not so bad, as it was hot and humid.
Ride summary:

• nagios-plugins

  • stable: uploaded 1.4.15-3squeeze1 fixing #623702

  • testing: entered 1.4.15-4, this basically reduced the dependency footprint of nagios-plugins-standard (#569028)

  • squeeze-backports: uploaded 1.4.15-4~bpo60+1

• icinga

  • unstable: Alexander Wirt uploaded 1.4.0-2

  • squeeze-backports: uploaded 1.4.0-2~bpo60+1

  • lenny-backports-sloppy: uploaded 1.4.0-2~bpo50+1

• nagstamon

  • squeeze-backports: uploaded 0.9.6.1-2~bpo60+1, which works with icinga 1.4

• nagios3

  • unstable: Alexander Wirt uploaded 3.2.3-2

• check-mk

  • unstable: Alexander Wirt uploaded 1.1.10-1

• icli

  • unstable: Uli Martens uploaded 0.4-2, this fixes #623325

• nagircbot

  • testing: John Morrissey uploaded initially some weeks ago 0.0.32-1

• mod-gearman

  • testing: Stig Sandbeck Mathisen uploaded initially some weeks ago 1.0.3-1

• pnp4nagios

  • testing: Sebastian Harl uploaded some weeks ago 0.6.12-1

  • squeeze-backports: Sebastian Harl uploaded 0.6.12-1~bpo60+1

Some more about packaging nagios and icinga related packages can be found at our team site.

In case you are using HP ProLiant G6-series or G7-series with Intel-based hardware and you are thinking about virtualistion (e.g. booting the hypervisor), you should have a look into this customer advisory. To make it short, the following should work:

# grep GRUB_CMDLINE_XEN /etc/default/grub
GRUB_CMDLINE_XEN="pci=use_crs"
# update-grub

It took me two workdays to discover this solution for a DL180G6. Anyways … I’m still having trouble on a DL160G6 when booting the hypervisor, suggestions are welcome.

This weekend we did run a booth at Chemnitzer Linuxtage. As always, it was a joy to be at this event. We had great discussions and talks with guests and exhibitors, I also enjoyed a small number of lectures. The booth did run well, beside some quirks. Some pictures can be found here.

After Debian Squeeze was released last weekend, development will speed up again.

Today I uploaded a new postfwd package which ships also the postfwd2 script, a prefork server version.
I also started to orphan packages I’m not using anymore or having dead upstream. The first candidate was policyd-weight, fortunately Chris Butler took the package over.
I’m happy to be the first uploader into squeeze-backports with …. icinga.

Our baby was release just some moments ago. Many thanks to all who made this happen, I’m very proud! Also many thanks to the release team, ftpmaster, cd people, www-team, press folks and all who worked so hard today instead of having release party, to make it real.